[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Fri Sep 18 13:16:08 UTC 2020
New commits:
commit c7fe6e85e81ae541c9d02f0cc5a24eb9b7e93a0e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 18 08:32:29 2020 -0400
pluto: xfrmi used mark-out for XFRMA_SET_MARK
mark-out=<mark>/<mask> is used when configured instead of if_id
Merge from Antony's patch https://github.com/antonyantony/libreswan/commit/7a900da2381dda472033051ba260da2663c0f622
commit 61a85f990df69028568cf85f93a1cfd605594b93
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 18 08:35:11 2020 -0400
documentation: updated CHANGES
commit c6c48610a79f759765e7f2f36c8a3ac5b8b279b9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 18 08:24:45 2020 -0400
testing: add ikev2-xfrmi-14-fwmark to TESTLIST
commit 4b7bff1a25730e8a262567cf62a5d12952804063
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 18 08:24:29 2020 -0400
testing: fixup whitespace in TESTLIST
commit 60557ec2c81580a3982ac0fb106cb858eb2bf8a2
Author: Wolfgang Nothdurft <wolfgang at linogate.de>
Date: Thu Sep 17 17:59:25 2020 -0400
testing: xfrm mask and skb marking
This is a multi-part message in MIME format.
Am 30.07.20 um 07:57 schrieb Antony Antony:
> Can you can help create a testcase with fwmark and xfrmi? you are using
> marks with KLIPS? so it is not really configured in ipsec.conf? I wonder how
> that would translate one-to-one.
> Attached you can find an simplified testcase that corresponds approximately to what we do.
In this case marking http traffic, to route it on an other interface.
iptables -t mangle -I OUTPUT -p tcp --dport 80 -j MARK --set-mark 0x1
ip ru add prio 1 fwmark 0x1 table 1
ip r add default dev eth0 table 1
This case passes with my example patch when mapping the fwmark to 0x1000000.
Wolfgang
commit c5468a72eea2316bf246ba521f17e5f833db9395
Author: Wolfgang <build at localhost.localdomain>
Date: Mon Aug 10 04:29:15 2020 -0400
* prototype testcase for conflicting fwmark with xfrmi
Signed-off-by: Antony Antony <antony at phenome.org>
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 87d85b8b33dd9659f73fcb11ed68033e4229acc6
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 17 17:57:35 2020 -0400
testing: minor xfrmi test update
Based on https://github.com/antonyantony/libreswan/commit/99df0c3e65b82387553e2306227d6c5b57c459c0
commit aa3929a0c5d47c4bcb73a075f33028312962c5ae
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 17 17:56:45 2020 -0400
documentation: update comment and dbg message in kernel_xfrm_interface.c
From: https://github.com/antonyantony/libreswan/commit/99df0c3e65b82387553e2306227d6c5b57c459c0
commit 03ab8675c5514fb4c54b89df2a83dd7a8f44d4c1
Author: Antony Antony <antony at phenome.org>
Date: Thu Sep 17 17:48:04 2020 -0400
testing: minor fixes to test output
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 2875c47a6cb4160bef832dfa25225a245f976e8a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 17 17:42:07 2020 -0400
testing: add comment to description.txt
commit 275694d8f56caaaed770780ec4109daf37f22e2d
Author: Antony Antony <antony at phenome.org>
Date: Thu Sep 17 17:35:30 2020 -0400
testing: systemd xfrmi test fixes ikev2-xfrmi-09-systemd-networkd
Now, F32, systemd include support for xfrm device.
This test will not run in simple namespace. Either kvm or docker/podman.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
More information about the Swan-commit
mailing list