New commits:
commit 3874edd978cddfc0e773e15bb057b7108f9a5b0b
Author: Andrew Cagney
Date: Tue Aug 6 09:09:08 2024 -0400
testing: update ikev2-redirect-06-roadwarriors
When an active redirect, expect updown/down to have removed
ipsec.conf
New commits:
commit 37915c36fdc87cd0f3bfb0be12beb3d71164b31b
Author: Andrew Cagney
Date: Tue Aug 6 09:10:14 2024 -0400
routing: run "down" when starting revival
as in ROUTED_TUNNEL -> ROUTED_ONDEMAND
Analysis and Fix from Wolfgang @wofferl
ref #1778 Failover VPN (AWS)
New commits:
commit 33dcab25411c63829174e7ac80eb2f4795470407
Author: Andrew Cagney
Date: Tue Aug 6 20:32:25 2024 -0400
crypto: add USE_IKEv1_IV to enum cipher_iv_source
Also rename USE_IV->USE_WIRE_IV; FILL_IV->FILL_WIRE_IV
___
Swan-comm
New commits:
commit 95cef7937958a109e74e364f9944e8f51be37191
Author: Andrew Cagney
Date: Tue Aug 6 21:37:25 2024 -0400
crypto: pass struct crypt_mac into cipher_*_normal() as ikev1_iv
replacing chunk_t iv
ref #1743 IKEv2 in CTR mode uses PK11_Encrypt(), should it use
PK11
New commits:
commit 5f0e94128393a0e6a32f1efc394bc9cdca769b77
Author: Andrew Cagney
Date: Wed Aug 7 22:35:07 2024 -0400
crypto: in cipher_op_ctr_nss() fill in wire_iv
should make code filling in wire IV in ikev2_message.c redundant
___
Sw
New commits:
commit cad96910cc115dbebec37cb203af6f9247b44116
Author: Andrew Cagney
Date: Thu Aug 8 12:59:47 2024 -0400
ikev2: drop construct_enc_iv(), let crypto generate IV
(which it is already doing)
ref #1743 IKEv2 in CTR mode uses PK11_Encrypt(), should it use
PK11_Ci
New commits:
commit 4d5cde8227c6a639c7d15d67fb7be702ff63f086
Author: Andrew Cagney
Date: Thu Aug 8 17:44:32 2024 -0400
FIPS: use once^count++ for IKEv2 CTR wire_iv
like AEAD (except for AEAD this is hidden by NSS)
ref #1743 IKEv2 in CTR mode uses PK11_Encrypt(), should it
New commits:
commit 4d8d6aa718ec59520158faac2dbba0bc98bc446e
Author: Andrew Cagney
Date: Fri Aug 9 22:42:12 2024 -0400
ikev1: dump more details in quick_inI1_outR1_tail()
notably, the lease status and remote client address
___
Swan-commi
New commits:
commit b2beebf9e01a4ca5410155cc5f899b663ef0391b
Author: Andrew Cagney
Date: Sun Aug 11 11:51:45 2024 -0400
ikev1: in quick_inI1_outR1() assert IDci implies IDcr
ref #1783 test malformed Quick Mode message: ...
commit 68a3df8f767a188a4f33ba660503825827c05bd9
Author: An
New commits:
commit 99afbb3a9a813f9c5d2000422c27c385bc59564b
Author: Andrew Cagney
Date: Mon Aug 12 19:16:38 2024 -0400
logging: add PDBGP_JAMBUF() to pair with LDBGP_JAMBUF()
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To uns
New commits:
commit c88be966b8f193e5674a3d1b9b64b956f9d1b9be
Author: Andrew Cagney
Date: Tue Aug 13 12:22:46 2024 -0400
ikev1: on responder send IPSEC_INITIAL_CONTACT when lacking a lease
On responder, when:
- initial-contact=yes
- main mode
- final exchange (i.e., post
New commits:
commit 5771068321089beeb1fd07b0fd207f3c8c78a045
Author: Andrew Cagney
Date: Tue Aug 13 15:39:13 2024 -0400
ikev1: fail when Quick Mode conn.'s spd.remote.client is unset
ditto local.client; ditto when lease is missing
see #1785 IKEv1 re-connect ends up with wr
New commits:
commit 7e82ade3b90f5db636d550b2bb04ddd66686f8de
Author: Andrew Cagney
Date: Wed Aug 14 10:30:24 2024 -0400
ikev1: replace !(st->st_policy & POLICY_TUNNEL) test in Quick Mode
with:
c->config->child_sa.encap_mode == ENCAP_MODE_TRANSPORT
.st_policy was wrong - t
New commits:
commit 7a05800456c597ab7045d1ca064794e1a7236470
Author: Andrew Cagney
Date: Wed Aug 14 11:51:15 2024 -0400
testing: update OUTPUT.enumcheck.txt
commit 0a631a7b912e05220a0d825df8776d864b180a47
Author: Andrew Cagney
Date: Wed Aug 14 10:59:35 2024 -0400
ikev1: drop POLICY
New commits:
commit f6fb4928414b0fb3816f0521d4879a4ba25b3d9b
Author: Andrew Cagney
Date: Wed Aug 14 12:59:20 2024 -0400
testing: expand nat-expire to mobike={no,yes} liveness={east,west}
ref #1774 need way for ikev2-mobike-08-{no,yes}-nat-expire to really flush
NAT
ref #1759 c
New commits:
commit ac6d4890da367f63782e5100d6a17afe56b7788e
Author: Andrew Cagney
Date: Wed Aug 14 17:30:14 2024 -0400
ikev1: when child sa has no lease during quick, delete IKE SA
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
New commits:
commit 8333eccffeff7579573ceff0763a2efa2dc131b3
Author: Andrew Cagney
Date: Wed Aug 14 17:21:46 2024 -0400
crypto: passert that FILL_WIRE_IV keeps changing the IV
see #1782 demonstrate AEAD and CTR are using RANDOM ^ COUNTER++ for IV
__
New commits:
commit 35a0dec718421ba8aa85197ea34d0763031e02bb
Author: Andrew Cagney
Date: Thu Aug 15 07:48:46 2024 -0400
crypto: skip wire_iv check when it has 0 length
For instance null encryption.
___
Swan-commit mailing list -- swan-co
New commits:
commit b4b722fcbf675b6557c35ab48f52b502abf9f30f
Author: Andrew Cagney
Date: Mon Aug 19 09:42:49 2024 -0400
host_pair: clone find_host_pair_connection_on_responder() wrapper into
ikev{1,2}_host_pair.c
and delete host_pair.[hc]
This way IKEv2 host-pair code can
New commits:
commit cd7ffb907823709befaf28ef834fa8477a37e6dd
Author: Andrew Cagney
Date: Tue Aug 20 11:21:39 2024 -0400
testing: robustify ikev1-impair-05-send-zero-ike-ke
add impair revival
___
Swan-commit mailing list -- swan-commit@li
New commits:
commit 00e217e13905b961eb6f00737fd7d65d4ef25c89
Author: Andrew Cagney
Date: Tue Aug 20 11:25:14 2024 -0400
testing: expect ikev2-rw-multiple-subnets-4-mismatch initiate in order
___
Swan-commit mailing list -- swan-commit@lists.libre
New commits:
commit d81433cd9ba41001632e7f21dcf87a14054e8c9a
Author: Andrew Cagney
Date: Mon Aug 19 11:19:57 2024 -0400
ikev2: sprinkle verbose over host_pair code
commit c1c280f2e8071a205019083502b1d1c50ca42cb5
Author: Andrew Cagney
Date: Mon Aug 19 10:21:12 2024 -0400
ikev2: spli
New commits:
commit 644bc01c632ba450fcebe32d3e872e3509a95441
Author: Andrew Cagney
Date: Tue Aug 20 14:30:59 2024 -0400
crypto: in crypt_prf_init_bytes() use the logger
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscrib
New commits:
commit 30aacd77b7bea5299f59e8609fa35605e9a4b850
Author: Andrew Cagney
Date: Tue Aug 20 15:35:27 2024 -0400
testing: update ikev2-xfrmi-15-interface-ip-blocked
IPv6 SA ID is being sanitized
commit 60e03e1fe7b5352ff6c37e8130afbaafa68d4eec
Author: Andrew Cagney
Date:
New commits:
commit 73d3715b3d56aefaaa3e649a57929c02c108690f
Author: Andrew Cagney
Date: Tue Aug 20 16:14:22 2024 -0400
documentation: update pam-authorize
move notes about IKEv1 to end; EAP is supported
___
Swan-commit mailing list -- s
New commits:
commit 66cf0380b5878d87b4858d98c9b45439e878b4d3
Author: Andrew Cagney
Date: Tue Aug 20 16:15:58 2024 -0400
whack: drop never-enabled option --ikev2-pam-authorize
was wrapped in #ifdef AUTH_HAVE_PAM but that is never defined
also the config option is called pam-auth
New commits:
commit 54263e5e272b8a105f398d7820098ecc57eb9a92
Author: Andrew Cagney
Date: Tue Aug 20 16:22:51 2024 -0400
connections: log pam-authorize= as same
not ikev2-pam-authorize=
___
Swan-commit mailing list -- swan-commit@lists.li
New commits:
commit af1a8876e56cc979ab601838ad89cd558da4a97e
Author: Andrew Cagney
Date: Tue Aug 20 20:22:21 2024 -0400
CHANGES: whack: add --narrowing {yes,no}, retain undocumented
--allow-narrowing
commit b56bd1ef3e3f2431e61f010f5af7cb20aefb48b0
Author: Andrew Cagney
Date: Tue Aug 20
New commits:
commit 55f4bb8e096853befcde2a05087b7b7032f451c4
Author: Andrew Cagney
Date: Wed Aug 21 12:07:02 2024 -0400
addresspool: sprinkle logger over code
Make it an explict parameter. Eliminate use of global_logger.
For lease_that_address() ST parameter is replaced b
New commits:
commit 2375fb986ddb403daa9261985d67745e2ddf9199
Author: Andrew Cagney
Date: Thu Aug 22 08:37:46 2024 -0400
ikev1: in quick mode, on mode-config server, try to recover existing lease
For instance:
- client initiates connection and is assigned mode-config lease
New commits:
commit b717a2f8c0a0f0793213752dff8cde718d6ca903
Author: Andrew Cagney
Date: Thu Aug 22 12:52:43 2024 -0400
ikev1: clearly log Quick Mode recovering lease
commit 4bea938cc2ee563f36e867b73e35f4c76a3ad940
Author: Andrew Cagney
Date: Thu Aug 22 12:19:44 2024 -0400
testing:
New commits:
commit 6ef192c8d81ab2730367a79d824dd59ab1c408d3
Author: Andrew Cagney
Date: Sun Aug 25 11:43:29 2024 -0400
testing: add initial-contact=yes to ikev1-xauth-32-lost-mode-cfg
fix: test IKEv1 initial-contact=yes #1784
___
Swan-c
New commits:
commit c0aabef4c3f3432207ce11133143f5bdec950792
Author: Andrew Cagney
Date: Thu Aug 22 09:40:11 2024 -0400
ikev1: in parse_ipsec_sa_body() check ESP/AH against config
and not .st_policy; unlike compression say, it isn't negotiable
commit c9585dbd17fdf4760c6ec5e1274e70
New commits:
commit c81d6c144864a2919afe885b5b8d0628e78c433e
Author: yuncang123 <135211779+yuncang...@users.noreply.github.com>
Date: Sat Aug 31 03:18:47 2024 +0800
building: Update ckaid.c, fix incorrectly using comma to end
merge #1791
Signed-off-by: Andrew Cagney
_
New commits:
commit 219050589f512428d0907802ea2c320962c7cd45
Author: Andrew Cagney
Date: Mon Sep 2 11:21:32 2024 -0400
testing: group whack delete child tests
as
whack-delete-01-child-{1then2,2then1}-{ikev1,ikev2}
___
Swan-commit m
New commits:
commit 2f1909750b0f4aae530c58ef806ee2b50dad8da7
Author: Andrew Cagney
Date: Mon Sep 2 11:32:26 2024 -0400
testing: group whack down child tests
as:
whack-down-01-child-{1then2,2then1}-{ikev1,ikev2}
___
Swan-commit mail
New commits:
commit 0ecabf2cea47d031d0586b5f355c86c73f422209
Author: Andrew Cagney
Date: Mon Sep 2 17:30:56 2024 -0400
documentation: <> has no default
<> passes --config to pluto; not pluto reads
a config file by default
fix #1592 fix documentation; pluto --config has
New commits:
commit b79a8973720de83cc34b791b0be00ea679c7f4ca
Author: Andrew Cagney
Date: Mon Sep 2 11:03:42 2024 -0400
testing: sprinkle swan-prep --hostkeys over tests
commit f37dcac47dcedcfd40d3c33cd063c0b076047d8c
Author: Andrew Cagney
Date: Sun Sep 1 12:09:16 2024 -0400
testing
New commits:
commit 0b6a15beb825b275f9092183ab50c3c9b5db9e39
Author: Andrew Cagney
Date: Mon Sep 2 12:03:22 2024 -0400
testing: update description of whack-delete-01-child-{2then1,1then2}-ikev1
see #1704 whack-delete-01-ikev1-child-1then2 leaves an SA behind on east
__
New commits:
commit 22575985f1b4eacd3decfafd0761b826783270a0
Author: Andrew Cagney
Date: Mon Sep 2 21:06:38 2024 -0400
testing: in ikev2-mobike-06 don't expect OE kernel policies
commit 072e20dbbd4053ad938ad134ca4bbbcb2605ba0b
Author: Andrew Cagney
Date: Mon Sep 2 19:08:00 2024 -0400
New commits:
commit 962e632c8818d93537384a99dc52d30fc4a8f938
Author: Andrew Cagney
Date: Mon Sep 2 21:12:52 2024 -0400
testing: delete baseconfifs/*/etc.ipsec.d/certs/
looks like a hangover from uml and freeswan days
___
Swan-commit mail
New commits:
commit 0228ee284b844a91b970f7fa2118d68bb5abbfd6
Author: Andrew Cagney
Date: Tue Sep 3 08:18:32 2024 -0400
testing: delete the old baseconfigs/all/etc/ipsec.d/private keys
beat.key, really!
___
Swan-commit mailing list -- swa
New commits:
commit 7eab7af5c25dd20aef8a94e0865d80145d5c6fba
Author: Andrew Cagney
Date: Tue Sep 3 13:08:08 2024 -0400
testing: delete baseconfigs/road/etc/ipsec.d/pkcs11.txt
stray
___
Swan-commit mailing list -- swan-commit@lists.libres
New commits:
commit 117860250d512626350ceb4af6051ec41c71e06d
Author: Andrew Cagney
Date: Tue Sep 3 14:57:36 2024 -0400
ipsecconf: fatally log the unrecognized keyword (instead of "syntax error")
fix #1786 unhelpful ipsec addconn: /etc/ipsec.conf:29: syntax error during
start up
c
New commits:
commit b7e44ed73e41400e945341b544ef03aa3a33f5b4
Author: Andrew Cagney
Date: Tue Sep 3 15:05:18 2024 -0400
Revert "ipsecconf: fatally log the unrecognized keyword (instead of "syntax
error")"
causes:
ipsec addconn: /etc/ipsec.conf:33: unrecognized keyword
'/test
New commits:
commit b1361c033f3d483ed59c7d0a782349349ec23783
Author: Andrew Cagney
Date: Tue Sep 3 12:40:12 2024 -0400
testing: sprinkle swan-prep --nokeys ...
... over the ~400 tests that get host keys installed yet ignore them
___
Swan
New commits:
commit 2f40fa9936fe78b449c2328db0a76d472c64143d
Author: Andrew Cagney
Date: Tue Sep 3 16:03:02 2024 -0400
testing: in ikev1-xauth-32-lost-mode-cfg expect initial contact
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
New commits:
commit c8a3cca449e0116a884c6b0b0e5fdef1edaf3fe7
Author: Andrew Cagney
Date: Tue Sep 3 16:05:47 2024 -0400
ipsecconf: add parser_fatal()
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an email to s
New commits:
commit 0e42129bd6d0389b364cc0b53214c3d807a526a4
Author: Andrew Cagney
Date: Tue Sep 3 18:46:42 2024 -0400
libipsecconf: simplify parser_find_keyword(), unknown keywords are fatal
re fix #1786 unhelpful ipsec addconn: /etc/ipsec.conf:29: syntax error
during start up
c
New commits:
commit 0e742d5a4c17092b382c75a04d8ee10d65894b43
Author: Andrew Cagney
Date: Tue Sep 3 20:09:43 2024 -0400
testing: when --hostkeys only copy over NSS's .db files
not all files and directories
___
Swan-commit mailing list --
New commits:
commit b0a7e0f380e651a072b9e49cf820a2115415d945
Author: Andrew Cagney
Date: Wed Sep 4 13:42:59 2024 -0400
testing: drop _ prefix on test program directories
(not programs, they are installed with the _ prefix)
While consistent (_asn1check in testing/programs/_
New commits:
commit c5c7ae078b948b19e18039b962b8dfd5a3de2764
Author: Andrew Cagney
Date: Wed Sep 4 15:39:34 2024 -0400
testing: move enumcheck to check-02-enumcheck
Drop diff of OUTPUT.enumcheck.txt.
Instead let enumcheck write to stdout where test framework
will compa
New commits:
commit d6b4a25d888a8e43fdd86dbc2ce84d23e0b6d596
Author: Andrew Cagney
Date: Wed Sep 4 22:17:24 2024 -0400
testing: make XAUTH's baseconfigs/east/etc/ipsec.d/passwd per-test
i.e., TEST/east.passwd
___
Swan-commit mailing list
New commits:
commit 499a2d7a71bcb63cb93bac6c6ebf1d29ae9e8082
Author: Andrew Cagney
Date: Wed Sep 4 16:19:55 2024 -0400
testing: sprinkle swan-prep --*keys
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an emai
New commits:
commit e520f4d7172aad588421cbe6d6e1cd0c88c3f9db
Author: Andrew Cagney
Date: Thu Sep 5 13:13:39 2024 -0400
testing: delete baseconfigs/east-{freebsd,openbsd}/
scripts use testing/kvm/{freebsd,openbsd}/*.sh instead
___
Swan-co
New commits:
commit 9b5bd05add2bdbf734dae7bdf0acaef928deea95
Author: Andrew Cagney
Date: Thu Sep 5 13:23:50 2024 -0400
building: fix OpenBSD #ifdef wrapped bitrot
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send
New commits:
commit e09c2c14efca477d84343e1157e1f240133064fa
Author: Andrew Cagney
Date: Thu Sep 5 14:01:03 2024 -0400
testing: call ipsec-interface= tests ipsec-interface-NN-*
well at least some of them
fix #1772 rename ikev2-xfrmi-NN-ip-interface tests to
ipsec-interfac
New commits:
commit b816a6c624f508c8ff80fc68e4a698a97a48948f
Author: Antony Antony
Date: Thu Sep 5 20:59:01 2024 +0200
testing: nsrun fix python escape F39 complains
../../utils/nsrun --ns --shutdown
/home/a/git/libreswan/testing/pluto/ikev2-74-iptfs-01/../../utils/nsrun:262:
New commits:
commit a968089d9bac5f312e6af239b84459dcb8e8c3c8
Author: Andrew Cagney
Date: Thu Sep 5 15:36:41 2024 -0400
testing: in ikev2-mobike-08-nat-expire-liveness-east show lost pings
After the NAT has been updated try sending a ping from ROAD to
EAST. It fails:
-
New commits:
commit 2a9c9024d37335137f5523de11b0fa5ba3bf2912
Author: Andrew Cagney
Date: Thu Sep 5 17:19:09 2024 -0400
constants: move/rename init_constants() to init_enum_names()
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To
New commits:
commit 619bb4de703f6dc2f5e947f355272ad34c675882
Author: Andrew Cagney
Date: Fri Sep 6 07:47:27 2024 -0400
testing: add missing east.passwd
ikev1-xauth-30-retransmit-xchg-mode-cfg-request
whack-deleteuser-01
commit 76453c377c56bc626d4cea3de050d1035e5cc40a
Author:
New commits:
commit 3d24c54ffef976b79ec4510d327f965803974edf
Author: Andrew Cagney
Date: Fri Sep 6 10:36:29 2024 -0400
enumcheck: look for really empty enum_name tables
where really empty is defined as <10% full
fix #1792 check for huge holes in enum_name tables
_
New commits:
commit cc25a0be8606b21cbb9f2f9ec48c7593a6e5ffb5
Author: Andrew Cagney
Date: Fri Sep 6 12:56:37 2024 -0400
crypto: update NSS initialization and shutdown
- replace lsw_nss_setup() with init_nss()
- never returns when NSS fails to initialize
- passes con
New commits:
commit d71c67696668418c2e35f7bf3729fe3a82c44ab3
Author: Andrew Cagney
Date: Fri Sep 6 13:10:06 2024 -0400
testing: in swan-prep, only create NSS database when specified
This means tests explicitly specify the needed keys as part of the
swan-prep line
fix #
New commits:
commit 296a3d3c3805811ab3193669979c1f844b1a0d35
Author: Andrew Cagney
Date: Fri Sep 6 14:38:18 2024 -0400
ikev1: add --impair v1_emit_quick_id:N
Where N (0, 1, 2, 3) is the number of ID payloads to emit.
It should be 2 - IDci,IDcr.
fix #1783 test malformed
New commits:
commit b949062a45b1feb00f06af59bb13b17e2c9dac94
Author: Andrew Cagney
Date: Sat Sep 7 15:19:08 2024 -0400
routing: log routing SA when there's a conflict
add/use jam_routing_sa() to log the routing SA's story and
sa description.
fix #1780 include state in
New commits:
commit 0e1090bbc9cde31da27d01745733dd165cada63f
Author: Andrew Cagney
Date: Sat Sep 7 17:28:20 2024 -0400
testing: separate out vendoridcheck
like for enumcheck dump to stdout
___
Swan-commit mailing list -- swan-commit@list
New commits:
commit 697f978465ab349719ca6d3b2d3cbc402fa31436
Author: Andrew Cagney
Date: Sat Sep 7 16:54:45 2024 -0400
ipsec-interface: fix positive probe of interface check
fix by @wofferl
fix #1771 after ip link add ipsec1; ipsec add ... connection becomes
unloadable
_
New commits:
commit 1297087ebece04383f38b77aa129fc22bede3c1a
Author: Andrew Cagney
Date: Sun Sep 8 12:35:52 2024 -0400
ikev1: inline/simplify slightly NAT_T_ENCAPSULATION_MODE()
only one call; "Wow" still applies.
___
Swan-commit mailing
New commits:
commit cc0f4253db3bf9f1174d834b6c8e47036739577a
Author: Andrew Cagney
Date: Sun Sep 8 17:13:45 2024 -0400
state: replace 'lset_t policy' with 'struct child_policy policy'
Where the latter contain's a bool field per bit.
This is the bool-set used to capture wha
New commits:
commit edbb978420a6278f26501230fe584bce220181db
Author: Andrew Cagney
Date: Sun Sep 8 21:30:48 2024 -0400
state: add .is_set bit to struct child_policy
Only set when the connection has ESP or AH.
When unset the Child shouldn't be initiated.
ref #1788 IKEv2
New commits:
commit 352ecd786a438b18f567dc7a1f9c619573109094
Author: Andrew Cagney
Date: Mon Sep 9 08:25:17 2024 -0400
state: eliminate .encrypt and .authenticate from struct child_policy
these are not negotiable and hence the config's value are used
(most recently they were us
New commits:
commit abff6e285314d3b2796353025436ac3a9aaa8db3
Author: Andrew Cagney
Date: Mon Sep 9 08:42:02 2024 -0400
testing: update check-02-enumcheck
sa_policy_bit_names deleted
commit 151289505d1c0eb38cc190ec1ea0223dfec66654
Author: Andrew Cagney
Date: Mon Sep 9 08:39:00 2
New commits:
commit 0c4a556525df5ed713acfdbd6e9dc21e7d459007
Author: Andrew Cagney
Date: Mon Sep 9 09:34:44 2024 -0400
state: in struct child_policy .tunnel -> .transport
The default is tunnel mode; transport is an option.
___
Swan-commi
New commits:
commit 0a16706b01a76305dff319b905c8c7623be1b82e
Author: Andrew Cagney
Date: Mon Sep 9 10:35:44 2024 -0400
testing: update ikev2-mobike-08-nat-expire-liveness-east
Document and demonstrate how the configuration is broken:
When ROAD (behind the NAT) sends traf
New commits:
commit 4251671c2528058b09be08060d33b669ddf95cc4
Author: Andrew Cagney
Date: Tue Sep 10 10:43:50 2024 -0400
iface: append NAT when logging interface endpoints that encapsulate
... and, hence, work through NAT
also append "fixed" to non-standard ports as, unlike 500,
New commits:
commit c834c2eeef1a4d7a6dc4661d8af80c7ca4ecd3ab
Author: Andrew Cagney
Date: Tue Sep 10 10:56:31 2024 -0400
virtual-private: always show
was hiding behind "nat_traversal_enabled"; which it always is
fix #1799 virtual-private ... should not hide behind nat_trave
New commits:
commit f95a23f02240f0be9079502b59f926b4acf7fe4c
Author: Andrew Cagney
Date: Tue Sep 10 11:12:49 2024 -0400
testing: update show interface output
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an e
New commits:
commit 6aa08af6062ff8734182a79ef0df6679c8aafd61
Author: Andrew Cagney
Date: Tue Sep 10 13:57:02 2024 -0400
testing: more show interface updates
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an em
New commits:
commit 6197b9ee03ea1a7641e7089db68be95e3e0265b5
Author: Andrew Cagney
Date: Tue Sep 10 13:30:30 2024 -0400
testing: s/nat-traversal=%s /nat-traversal: /
the code is always enabled
commit 72180dc26b518fc9a1f34aee708cd31f1ffd2f4f
Author: Andrew Cagney
Date: Tue Sep 1
New commits:
commit ada61a2d3ad355069dd62f12301d8933e21894dc
Author: Andrew Cagney
Date: Tue Sep 10 14:07:18 2024 -0400
ikev1: delete global nat_traversal_enabled
NAT Traversal is per-interface
(nat_traversal_enabled was disabled when any interface
failed to configure; whic
New commits:
commit 3fb39f7b6d3c91af95fb1c5630c444c1d0dd4ada
Author: Andrew Cagney
Date: Tue Sep 10 19:23:50 2024 -0400
testing kvm linux: install/save kernel in transmogrify
not ./kvm update; hence can run:
./kvm transmogrify install
to install custom kernel; Fedora RPMS
New commits:
commit 03b374708bf96019ab1696702ef072e37dcb65bd
Author: Andrew Cagney
Date: Wed Sep 11 08:10:25 2024 -0400
events: rename .st_event -> .st_v1_event
Should only be used by IKEv1
___
Swan-commit mailing list -- swan-commit@lis
New commits:
commit 34a9b5cd5c15c5445160731c52fa0e67534cc44e
Author: Andrew Cagney
Date: Wed Sep 11 11:55:54 2024 -0400
documentation: update ipsec-interface
hint at possible *BSD support
___
Swan-commit mailing list -- swan-commit@lists
New commits:
commit 2eeafbf8da676a949775c53e35f6cb0b6b63
Author: Andrew Cagney
Date: Tue Sep 10 16:34:28 2024 -0400
events: split state's .st_nat_keepalive_event into
.st_v[12]_nat_keepalive_event
i.e., store IKEv1 and IKEv2 nat keepalive separately
__
New commits:
commit 3abc57d4568679cd0c15bbd241d11057244d2017
Author: Andrew Cagney
Date: Wed Sep 11 23:09:33 2024 -0400
ikev2: explicitly delete the DISCARD event
not via delete_v1_event()
___
Swan-commit mailing list -- swan-commit@list
New commits:
commit 3ebe7ef153bda6122ba1b71b7939af18ae37b1f2
Author: Andrew Cagney
Date: Thu Sep 12 08:32:34 2024 -0400
ikev2: give DISCARD its on field .st_v2_discard_event
Unlike IKEv1, all the IKEv2 state events are unique.
___
Swan-c
New commits:
commit 8f4478afdff5e85fc42ca5219f347f007673dde9
Author: Andrew Cagney
Date: Thu Sep 12 10:09:54 2024 -0400
ipsec-interface: split ipsec_interface.h off from kernel_xfrm_interface.h
And drop any remaining #ifdef USE_XFRM_INTERFACE wrappers around
the #include.
New commits:
commit 6a65d51531ce93a64dbe93740bea2b4051c960ce
Author: Andrew Cagney
Date: Thu Sep 12 10:45:05 2024 -0400
xfrmi: move XFRMI_{SUCCESS,FAILURE} to kernel_xfrmi_interface.c
since public code all returns bool, err_t, or diag_t
New commits:
commit 1c9f48bed48e80477439a34c1aa5ddbd260e7b0e
Author: Andrew Cagney
Date: Thu Sep 12 14:17:57 2024 -0400
ikev2: split .st_v2_lifetime_event into .st_v2_{replace,expire}_event
commit 241add6642f44916605541a0508fe1d3d4257470
Author: Andrew Cagney
Date: Thu Sep 12 14:17:27 2
New commits:
commit b7ee177f8dc8fdb553d1bc0bf9c54fdf45cecdf7
Author: Paul Wouters
Date: Thu Sep 12 15:09:49 2024 -0400
testing: added ikev2-invalid-ke-09-preference-ecp
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscrib
New commits:
commit e9b84ce56a893ea585120b6597f67032df1befef
Author: Andrew Cagney
Date: Thu Sep 12 14:44:54 2024 -0400
ikev1: in quick mode, when recovering lease, set SPD to obvious value
While:
c->remote->child.selectors.proposed.list[0]
does contain the value, it isn'
New commits:
commit 0d2a311b37365d478a023324be937e607340ed50
Author: Andrew Cagney
Date: Thu Sep 12 14:40:20 2024 -0400
ipsec status: list all state timers
This adds the missing keepalive timer.
see #1766 log timers in ipsec connectionstatus
commit f5d74785d51d6d8ac05444a74a87
New commits:
commit 52296b1f0f6f4fdd5ae70c454726269c990c3e49
Author: Andrew Cagney
Date: Tue Sep 17 13:44:15 2024 -0400
ipsec_interface: add struct kernel_ipsec_interface
containing:
PLUTO_XFRMI_REMAP_IF_ID_ZERO -> .map_if_id_zero
XFRMI_DEV_FORMAT -> .name
Replace f
New commits:
commit 8bf15e55f0be857a87cb93e4b5bea7aa91c49de2
Author: Andrew Cagney
Date: Mon Oct 7 13:01:13 2024 -0400
crypto: support CHACHA on BSD when available
(based on SADB_X_AALG_CHACHA20POLY1305 appearing in the header)
___
Swan-
New commits:
commit c353f153f1496d1fa46cb29f0424fb14333b5263
Author: Andrew Cagney
Date: Sun Oct 13 17:11:36 2024 -0400
testing kvm nohup: empty any existing nohup.out file
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubs
New commits:
commit 50e864b1f0bd3653ba882169776345245ba891d1
Author: Andrew Cagney
Date: Sat Oct 12 20:34:36 2024 -0400
testing kvm check: remove dead code and update comments
___
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To uns
New commits:
commit b226e18549f9d9ef7bb2475866759fcd55fdb296
Author: Andrew Cagney
Date: Sat Oct 12 21:04:36 2024 -0400
testing ./kvm check: drop snapshot code, not used
and for fedora of marginal, if any, benefit
___
Swan-commit mailing
New commits:
commit 90d40f299e3485188ce943df02ebb229429bae73
Author: Andrew Cagney
Date: Sat Oct 12 08:49:49 2024 -0400
testing kvm: add Host and Guest objects
Host.name is east, west, et.al.
Guest.platform is netbsd, fedora, et.al.
Guest.host is above
Use in
New commits:
commit 0425a527f0b8bed218e7f447a6a8185d323ccbc2
Author: Andrew Cagney
Date: Sat Oct 12 18:08:30 2024 -0400
testing kvmrunner: save the verbose.txt file's FD in TestDomain
___
Swan-commit mailing list -- swan-commit@lists.libreswan.or
1 - 100 of 1627 matches
Mail list logo
