[Swan-commit] Changes to ref refs/heads/main

Antony Antony antony at vault.libreswan.fi
Sun Feb 12 17:22:45 EET 2023


New commits:
commit 4cf1bc716d0ec6d1f495a6b74d1d776a437348cc
Merge: e73fda7e9d 5865942115
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 12 15:17:12 2023 +0000

    Merge branch 'nftables-20230212'
    
    more nftable support for Linux.
     - add per connection nflog support
     - add CAT support
       Pluto adds xtra "in" policies for nftable stateless NAT.
    
    TODO more clean up of nft tables when pluto stop.

commit 5865942115e6e62393cb995b2c638948c4373046
Author: Antony Antony <antony at phenome.org>
Date:   Sat Feb 11 12:25:36 2023 +0000

    testing: a generic nic nat script using nftables
    
    prepare to move away from iptbables. use nftables for snat on nic

commit 5f2ee6e73485e65f09e686ccbb6018946f94a280
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 12 15:15:54 2023 +0000

    testging:  nftable related tests

commit 50befe8fff5b67b03d86e7d8cae34d7ac9ae445b
Author: Antony Antony <antony at phenome.org>
Date:   Sun Feb 12 15:15:01 2023 +0000

    pluto: linux nftables specific in policy
    
    add extra in policy for nftable stateless nat.
    nft stateless NAT is a bit different from iptables and it need an extra
    "in" xfrm policy.

commit bddc2be2a9f3d2d20880defea501adfdc3891747
Author: Antony Antony <antony at phenome.org>
Date:   Sat Feb 4 15:26:50 2023 +0100

    ipsec: startup script allow no firewall, no nftables and no iptables
    
    ipsec start fails when the following command errors out.
    root at west:~# /usr/local/sbin/ipsec --checknflog
    unknown firewall comaand  expect ipables or nft
    
    Don't exit when there is no known firewall configured. Just continue.
    Pluto can mostly work without eiether of them. The sepecic features
    cat or nflog will fail to load. That will be a runtime error.

commit 5f4b51a14e5f2a9317d62f6cc90b81133dafe4fd
Author: Antony Antony <antony at phenome.org>
Date:   Sat Aug 20 13:31:51 2022 +0000

    linux: enable nftables for cat and nflog per connection

commit e64bacac360d180fe581be63304ee24a823a7bd9
Author: Antony Antony <antony at phenome.org>
Date:   Fri Aug 19 15:43:11 2022 +0000

    linux: nft add cat support

commit 50949bff1f1949942374912c036060d6e719d79a
Author: Antony Antony <antony at phenome.org>
Date:   Fri Aug 19 15:26:57 2022 +0000

    linux: nftables global nflog add delete and refactor

commit 76dd61aa71c6a16604daee150f6bb9f2fcf5fccd
Author: Antony Antony <antony at phenome.org>
Date:   Fri Aug 19 14:51:41 2022 +0000

    linux: nftable for per connection nflog



More information about the Swan-commit mailing list