[Swan-dev] [Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
andrew.cagney at gmail.com
Tue Jun 18 12:02:38 UTC 2019
On Tue, 18 Jun 2019 at 00:47, Paul Wouters <paul at vault.libreswan.fi> wrote:
>
> New commits:
> commit c43abee11ba2fa7be7f33a68fea5b91b2f7609de
> Author: Paul Wouters <pwouters at redhat.com>
> Date: Tue Jun 18 00:47:15 2019 -0400
>
> documentation: update CHANGES
>
> commit 4724862e437c972c64f1ca24677dfb8e5f8d6979
> Author: Paul Wouters <pwouters at redhat.com>
> Date: Tue Jun 18 00:44:58 2019 -0400
>
> testing: update linux-audit-01 to include IKE SA and IPsec SA failure test
>
> Output also slightly changed due to selinux message log changes.
>
> commit 0e9380e8979e519ded6b17848a701d757b908295
> Author: Paul Wouters <pwouters at redhat.com>
> Date: Tue Jun 18 00:42:36 2019 -0400
>
> pluto: audit log IKE SA and IPsec SA failures for Common Criteria (CC)
>
> - Change compiling linux_audit.c to reduce the numnber of #ifdef's required.
> - Add failure audit logs
> - Remove non-exported but not-static linux_audit() call. Merge code inline.
> - Log remote address as raddr= and keep local address as addr=
> (cannot use laddr, as this is how it is defined in libaudit, and if we pass
> laddr= ourselves we still need to pull in addr and get a duplicate)
Would it be better to call this from complete_v2_state_transition() -
it knows the state that is failing, it just needs to know what the
audit log is.
I don't think littering the code with audit calls will work long term.
Andrew
PS: Are the 40 core dump yours or mine?
> commit 1f0f57825bbabe61ceba07ffb1f82e9cb312185f
> Author: Paul Wouters <pwouters at redhat.com>
> Date: Tue Jun 18 00:09:46 2019 -0400
>
> testing: ikev1-cryptoload-01 should not use hardcoded /usr/local path
>
> _______________________________________________
> Swan-commit mailing list
> Swan-commit at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-commit
More information about the Swan-dev
mailing list