[Swan-commit] Changes to ref refs/heads/master
New commits: commit 1f42ad3c982b985f6301fd2619985b9bc0787e67 Author: Andrew Cagney Date: Mon Jun 22 14:02:20 2020 -0400 kernel: cleanup true/*kernel_ops->inbound_eroute*/ commit 4d016043eff3173aafcc47146ed9e1ec10f8224f Author: Andrew Cagney Date: Mon Jun 22 13:53:38 2020 -0400 kernel: inline kernel_ops->inbound_eroute as always true (code needs cleanup) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit f2af21af7530a809ece565b5575fd8faf9466dc2 Author: Paul Wouters Date: Tue Jun 23 13:03:31 2020 -0400 building: NETKEY_SUPPORT -> XFRM_SUPPORT ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6d51502afeb60d514c94ba0d743df6fe37079ad7 Author: Paul Wouters Date: Tue Jun 23 12:59:27 2020 -0400 building: USE_NSS_PRF -> USE_NSS_KDF ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e7b282ce2e23c7f52199b41001b1c145cc66a20d Author: Paul Wouters Date: Mon Jun 22 21:50:18 2020 -0400 testing: ikev2-ikeport-01-rw-nat-global add final.sh to fixup namespace prompt also add a leftikeport=666 which shouldn't cause anything to happen (on east, where remote clients are left) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 33cba37db9595d2636dcd39f8ab37b06844b5695 Author: Andrew Cagney Date: Sun Jun 21 12:14:39 2020 -0400 testing: more kernel sanitizing ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 47b0c8758a36b12634925f884e2d42376a469ceb Author: Andrew Cagney Date: Sat Jun 20 10:51:25 2020 -0400 kernel: print the priority using unsigned, not hex So that the value matches 'ip xfrm policy'. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 3ab37ec087fc59e4100ab6b25519ce3da121ce01 Author: Paul Wouters Date: Fri Jun 19 18:17:04 2020 -0400 testing: libvirtd f32 blacklist NetworkManager This can otherwise get dragged in by a dnf update, and it causes eth1 to fail in a race condition with eth0 in systemd-networkd. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b7aa1cdd94651719270deb196936edb61bbf97af Author: Andrew Cagney Date: Fri Jun 19 15:26:18 2020 -0400 testing: don't update the kernel and xl2tpd Upgrading xl2tpd upgrades the kernel, even when not asked. Better workaround to kernel problem. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit f1cc1bb4be2ebc2ee5ad8ed685823b60863ba3c2 Author: Andrew Cagney Date: Fri Jun 19 14:19:51 2020 -0400 Revert "testing: disable f32's updates; Kernel 5.6.18-300.fc32.x86_64 is proving problematic" Need an old kernel but new strongswan :-/ This reverts commit 4994c31d7c68a4c4a5aa68603a4eae4eddc80cf7. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit a3c30a0a3b4384950761beda752611d81f4177ea Author: D. Hugh Redelmeier Date: Fri Jun 19 13:50:41 2020 -0400 pluto: kernel_xfrm.c: use SA, not Sa, for Security Association ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4994c31d7c68a4c4a5aa68603a4eae4eddc80cf7 Author: Andrew Cagney Date: Fri Jun 19 10:58:36 2020 -0400 testing: disable f32's updates; Kernel 5.6.18-300.fc32.x86_64 is proving problematic ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 8170353cd09a6734e1c851c5e710cd9c1df2c662 Author: Paul Wouters Date: Thu Jun 18 22:52:07 2020 -0400 testing: dist_certs.py allow running from cwd It would try to go os.chdir() to '' and fail ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9d0b91214677fd5efbef07f1175a7f34b960f3f0 Author: Paul Wouters Date: Thu Jun 18 17:21:18 2020 -0400 testing: small batch of testing updates ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit 0e3ea57751f1dad7523f2971d1c971094db2b75b
Merge: 5e4995c 5b28e5c
Author: Andrew Cagney
Date: Thu Jun 18 08:19:29 2020 -0400
logging: eliminate DBG_* macros that just wrapped DBG_BASE, tidy
This eliminates the following:
DBG_RAW
DBG_PARSING
DBG_EMITTING
DBG_CONTROL
DBG_LIFECYCLE
DBG_KERNEL
DBG_DNS
DBG_OPPO
DBG_CONTROLMORE
DBG_NATT
DBG_X509
DBG_DPD
DBG_XAUTH
DBG_RETRANSMITS
DBG_OPPOINFO
For modified dbg lines:
- change the boiler plate:
DBG(DBG_*, ...; DBG_log("messsage"));
DBGF(DBG_*, "message");
to:
...
dbg("message");
- consistently use PRI_CONNECTION to print connection (fix code with
things in wrong order or wrong format).
- consistently use address_buf/str_address()
- use if(DBGP(DBG_BASE)) when all else fails
Merge commit '5b28e5c98db445f858688effe7dc84b4e1a734b2'
commit 5b28e5c98db445f858688effe7dc84b4e1a734b2
Author: Andrew Cagney
Date: Thu Jun 18 08:13:22 2020 -0400
logging: elimnate DBG_CONTROL+DBG_CONTROLMORE
commit 6f283348da37cdffd1d00786a6d9abaf9544bea7
Author: Andrew Cagney
Date: Wed Jun 17 21:41:23 2020 -0400
logging: eliminate DBG_KERNEL
commit 755e53aed74e3b92550660eb167bedf0ae1e9166
Author: Andrew Cagney
Date: Wed Jun 17 18:14:24 2020 -0400
logging: eliminate DBG_PARSING
commit 68934e587d5f539700f425e5ce32cfb099c60fba
Author: Andrew Cagney
Date: Wed Jun 17 18:02:49 2020 -0400
logging: eliminate DBG_NATT
commit 1ff9af7b480ed15f0063d8ce9d6553290804fcc7
Author: Andrew Cagney
Date: Wed Jun 17 17:53:26 2020 -0400
logging: deliminate DBG_X509
commit 2f562a57f1cbfa2c0153fb82cbfc2d55e1627e6d
Author: Andrew Cagney
Date: Wed Jun 17 17:29:24 2020 -0400
logging: eliminate DBG_DPD
commit a1a46818ab21d561fe4558e8a72c40ff26cae14c
Author: Andrew Cagney
Date: Wed Jun 17 17:17:24 2020 -0400
logging: eliminate DBG_DNS
commit 7a2627dd368676e5430c215e91cdad9c6d1b753c
Author: Andrew Cagney
Date: Wed Jun 17 15:56:36 2020 -0400
logging: eliminate DBG_EMITTING
commit a6733b68b0cf547bac9178a829737a8aea7ce345
Author: Andrew Cagney
Date: Wed Jun 17 15:37:24 2020 -0400
logging: eliminate DBG_XAUTH
commit 8d08e0d4a8e4fe9fd680fcf7c4e8a851967efb64
Author: Andrew Cagney
Date: Wed Jun 17 15:31:38 2020 -0400
logging: eliminate DBG_RETRANSMITS
commit cc132f0074b9595e64384e5db9c58f1f9422df9a
Author: Andrew Cagney
Date: Wed Jun 17 14:49:35 2020 -0400
logging: eliminate DBG_OPPO
commit 2de30e5065608c56a4089a97ccec56b2c0e18460
Author: Andrew Cagney
Date: Wed Jun 17 14:40:30 2020 -0400
logging: eliminate DBG_RAW
commit bd8b89295e4ff1a9ca06da8e940bced3136bd573
Author: Andrew Cagney
Date: Wed Jun 17 15:02:17 2020 -0400
logging: delete DBG_LIFETIME, unused
commit 0821d5cb1d57f06190b44a23be481f004c2bc0a8
Author: Andrew Cagney
Date: Wed Jun 17 14:38:29 2020 -0400
logging: delete DBG_OPPOINFO, never used
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 5e4995c608688bb7ecb94a1f1753c84cfb05f951 Author: Paul Wouters Date: Wed Jun 17 18:49:58 2020 -0400 testing: libipsecconf-07 add final.sh to ensure kvm/namespaces produce identical result Otherwise, one would show an extra prompt commit 4bd4d18c0f154ff9ba247357bf8306ff46521ce8 Author: Paul Wouters Date: Wed Jun 17 17:08:39 2020 -0400 testing: fixup ikev2-x509-02-smoketest The one case where in theory we should fail X.509 verification, NSS ignores the bogus EKU without rejectin it. So just make a note this is technically wrong, but let the test case that tests lots of other things pass. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 50a1f63083476404cd501c48f1afd27f5af59189 Author: Paul Wouters Date: Wed Jun 17 14:05:49 2020 -0400 libswan: die on realloc() failure commit 8f3e0b77196a01c6334bd5197883a0ca64d12df2 Merge: 5c6ba3e 9a679d0 Author: Paul Wouters Date: Wed Jun 17 11:21:02 2020 -0400 Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan commit 5c6ba3e7e8a8f587c6876d25622ef26ed1d536fd Author: Paul Wouters Date: Tue Jun 16 21:23:55 2020 -0400 pluto: address some Uninitialized struct member's for redirect ip ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9a679d0c1173afee9f95ec491b60c66bf4503cb7 Author: Andrew Cagney Date: Wed Jun 17 08:49:59 2020 -0400 testing: don't expect peer_ref=/hisref= ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 92573f21265a63fb91ad4723de95f9b450ceb6c6 Author: Andrew Cagney Date: Wed Jun 17 08:37:05 2020 -0400 kernel: don't bother logging ref= and ref_peer= ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit d099055949bb36cf609ba9cdcf0e95b3df2175e0 Author: Andrew Cagney Date: Wed Jun 17 08:18:54 2020 -0400 testing: output tweeks for ...peer=... ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9544031de712ae24ff2d328e809d675c265a0f5f Author: Paul Wouters Date: Tue Jun 16 21:16:13 2020 -0400 pluto: fixup 1107a79b9a6ad0 commit 8479e631202be6bfafb01fb6b229fa3d7e52cc28 Author: Paul Wouters Date: Tue Jun 16 21:02:17 2020 -0400 pluto: fixup argument for a debug log line using username in lease_that_address() commit 790a79ba9f8f16532040d9c8a51a27c20e13c154 Author: Paul Wouters Date: Tue Jun 16 20:57:01 2020 -0400 pluto: find_pluto_xfrmi_interface() would only check first interface commit 1107a79b9a6ad001ac34f080be3359b0219c2a36 Author: Paul Wouters Date: Tue Jun 16 20:28:46 2020 -0400 pluto: prevent a theoretical null pointer dereference. old_addr can be NULL, the functions that take it as argument all handle NULL as address argument. commit fa21f47e93156cfeb9fce2dfd9df69fa7449f5f3 Author: Paul Wouters Date: Tue Jun 16 20:24:00 2020 -0400 pluto: jambuf_to_whack() in theory can fail and failure isn't handled. There isn't much we can do if we cannot write to the whack socket. We can try and log it, but we want to avoid causing another whack socket write, so use stdlog_raw() instead to avoid that. This will hopefully satisfy coverity. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9f8d3f4346c59aaa522834b29509a3d2ac1d6bda Author: Andrew Cagney Date: Tue Jun 16 20:00:38 2020 -0400 coverity: add missing va_end() ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b6a0082a579e03150ff519d66f5d9dd99e748c51 Author: Andrew Cagney Date: Tue Jun 16 19:05:45 2020 -0400 pluto: talk of the main thread and configuration ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9f1e96b2dd6bc27db0cdb93aaa8dc79cd83fcdbe Author: Andrew Cagney Date: Tue Jun 16 18:58:21 2020 -0400 iface: use find_raw_ifaces4() from linux (delete bsd's clone) Tidy result. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit dd1f7a98b0a2cbcce681f22720ac48906d401a7b Author: Andrew Cagney Date: Tue Jun 16 18:08:23 2020 -0400 building: fix typo in 6ee94949b4f51237042638e1de74d8cecf4d8951 :-( ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6ee94949b4f51237042638e1de74d8cecf4d8951 Author: Andrew Cagney Date: Tue Jun 16 17:54:49 2020 -0400 connection: use instance to refer to instance ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e854a337aa47336e829e03f90bfbb2acf4e2d9d6 Author: Andrew Cagney Date: Tue Jun 16 17:28:30 2020 -0400 ikev2: define payload_emitter_fn ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 095d2eaca1c02e4da11e423175f96907316f5909 Author: Andrew Cagney Date: Tue Jun 16 16:52:38 2020 -0400 pervasive: his/him -> peer ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 075ce83f7e8c96a90799014039fc36b7ee2aa832 Author: Andrew Cagney Date: Tue Jun 16 16:02:16 2020 -0400 web: cleanup documentation on setting up a test web site ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 7dd8224fa312b4f5bc4ee5167fd0eb3a035f854d Author: Andrew Cagney Date: Sun Jun 14 12:13:40 2020 -0400 ip: add text_cidr_to_subnet(), test, use replace the hack: diagq(ttosubnet(optarg, 0, msg.tunnel_addr_family, '0' /* ip/mask host bits on allowed */, &msg.right.host_vtiip), optarg); /* ttosubnet() sets to lowest subnet address, fixup needed */ diagq(tnatoaddr(optarg, strchr(optarg, '/') - optarg, AF_UNSPEC, &msg.right.host_vtiip.addr), optarg); update ip_subnet's description pointing out that it is used as a: subnet: ROUTING_PREFIX|0..0 CIDR: ROUTING_PREFIX|HOST_IDENTIFIER ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 345bccc353771b575adcbb719f7e6b0054a85feb Author: Andrew Cagney Date: Tue Jun 16 15:22:18 2020 -0400 testing: tweak ikev2-36-transport-protoport-01's expected output ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 50ae591be6ece2db0ee34868b34a5ae038eec70c Author: Andrew Cagney Date: Tue Jun 16 15:20:06 2020 -0400 testing: add new tests to TESTLIST Follow-up fd9d47da5994e91f750509a51dd6145c8b1116de ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit 59e543cbffb459826cc90eca66fba2b11cf3fda7
Author: Andrew Cagney
Date: Tue Jun 16 15:06:31 2020 -0400
iface: don't flag {left,right}ikeport as needing IKE encapsulation prefix
This is so that outgoing packets will interop with port 500.
Like for port 4500, incomming packets to {left,right}ikeport
are allowed to have an IKE encapsulation prefix.
There's a bigger problem here - code is looking at the local
interface's .add_ike_encapsulation_prefix when deciding if the ESP=0
prefix is allowed/required but what determines this is some combination
of the protocol, remote port number, and havnig espin* enabled.
Later.
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit fd9d47da5994e91f750509a51dd6145c8b1116de Author: Andrew Cagney Date: Tue Jun 16 15:04:50 2020 -0400 testing: add ikev2-ikeport-03-responder, rename ikev2-ikeport-02-west ...-initiator ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit abe4b5c16a1c06b2345791b49a342b016e32078c
Author: Andrew Cagney
Date: Tue Jun 16 14:28:35 2020 -0400
iface: add iface_port .float_nat_initiator, only float IKEv2 when true
For instance UDP ports 500 and 4500 can float to port 4500, but not
UDP {left,right}ikeport and not TCP ports.
Follow-up a56f5b6c1ad2b7fe65e9dbe0798476a7f7378735 which only
stopped TCP ports floating away.
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 257e4f694cb272ffa257dcb915a9f01267cf4db6 Author: Andrew Cagney Date: Tue Jun 16 11:05:43 2020 -0400 iface: struct iface_port .ike_float -> .add_ike_encapsulation_prefix The UDP NAT can "float" from one interface to another. This flag isn't that (both UDP and TCP encapsulation add an ESP encapsulation prefix of zero). Follow-up a56f5b6c1ad2b7fe65e9dbe0798476a7f7378735 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0c38ffe8be1faec2ac6c9cbf2bc0538529cfa3ba Author: Andrew Cagney Date: Mon Jun 15 23:59:10 2020 -0400 building: tweak BSD - use unset_port ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit a56f5b6c1ad2b7fe65e9dbe0798476a7f7378735 Author: Andrew Cagney Date: Mon Jun 15 23:34:51 2020 -0400 tcp: only update initiator NAT ports when UDP This needs more checking - likely other code assuming it can always nat. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 33038ece6c3bb15ecacb1c5fc3cbb2f1c7798325 Author: Andrew Cagney Date: Mon Jun 15 22:35:51 2020 -0400 tcp: if any TCP read fails, close the connection ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit 1de8c31fd07e9a48929867d89e54cad3d46883cd
Author: Andrew Cagney
Date: Mon Jun 15 21:25:18 2020 -0400
testing: note that kev2-tcp-03-basic-rawrsa-{non,}blocking test for a
kernel bug
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit dbae10eb25825ae7fec9d803d5dfae26db0cb5e5 Author: Andrew Cagney Date: Mon Jun 15 21:18:11 2020 -0400 testing: update ikev2-tcp-17-rekey-ipsec ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e51d3f14d67b805d259de3433bbf8af0c76a18e9 Author: Andrew Cagney Date: Mon Jun 15 21:01:53 2020 -0400 testing: update ikev2-tcp-02-timeout - expect east to log timeouts ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e301c4d2486bf4ddbdf55fd50ef06fd43ef26ebc Author: Andrew Cagney Date: Mon Jun 15 20:08:37 2020 -0400 testing: update ikev2-tcp-01-eof - mention kernel problem ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4a69bee309bbc5a449b1943c946d600916ffd722 Author: Andrew Cagney Date: Thu Jun 11 21:00:22 2020 -0400 shunts: use selector_in_selector() and selector_eq() ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 198c26d0d3b384d06871d6d5bc9950ee7dff46b0 Author: Andrew Cagney Date: Sat Jun 13 22:13:29 2020 -0400 testing: expect 'ddos-cookies-threshold=25000, ddos-max-halfopen=5, ddos-mode=auto' Follow-up bd460db522f68a5387b6e9194c58c30a7d04f479 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0d0451a852bca4360c8c544ca226e18dd9723cf9 Author: Andrew Cagney Date: Sat Jun 13 10:09:09 2020 -0400 shunts: cleanup - the ongoing his -> peer - merge some logging / debugging code - make struct bare_shunt opaque ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit fc915cb41513dc89851a33f9e835074fac9ced3c Author: Andrew Cagney Date: Sat Jun 13 19:47:58 2020 -0400 ip: delete stray ip_bytes.[hc] files Accidently included in 0133513e48b1d1371d5d508d22c4655d279fd4bd ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ed667b061398231444810ee261c8d03a93ce32e3 Author: D. Hugh Redelmeier Date: Sat Jun 13 18:36:30 2020 -0400 library: initsubnet: make second parameter name consistent Function prototype calls it "maskbits" lib/libswan/initsubnet.3.xml agrees. Definition called it "count". Changed to "maskbits" ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0133513e48b1d1371d5d508d22c4655d279fd4bd Author: Andrew Cagney Date: Sat Jun 13 14:52:37 2020 -0400 ip: add address_mask_to_subnet(), use, test ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit bd460db522f68a5387b6e9194c58c30a7d04f479 Author: John Mah Date: Sat Jun 13 14:41:43 2020 -0400 pluto: status output for ddos-cookies-threshold and ddos-max-halfopen parameters are swapped Signed-off-by: Paul Wouters ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 448ccddd82f915926f4c96255805cb2b3c4fef28 Author: Andrew Cagney Date: Fri Jun 12 18:12:20 2020 -0400 testing: expect state machine packet reject not custom state transition commit df02a5b033ca2a913c64ebfab613461fd8a607c9 Author: Andrew Cagney Date: Mon Apr 27 12:16:12 2020 -0400 ikev2: delete generic ikev2_IKE_SA_process_SA_INIT_response_notification() processor handled by notify specific processors ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ce2e80a3bb698cbc53c08c97c76ec6844cc90ffe Author: Andrew Cagney Date: Wed Jun 10 16:20:51 2020 -0400 addresspool: assume lease is 1:1 connection instance, simplify Drop the lease reference counter. Change lease .assigned_to to a co_serial_t so lease can be tied to a connection (not state). ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e2e9b61b1fd68af347dd82b50b0ed2ea5b0fe3ac Author: Andrew Cagney Date: Thu Jun 11 15:55:35 2020 -0400 ip: delete subnet_contains_endpoint(), test subnet_in_subnet() et.al. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit cb9df03f36d31e9f7be0cde29322bd36c748f141 Author: Andrew Cagney Date: Thu Jun 11 11:31:16 2020 -0400 kernel: inline has_bare_hold(), simplify Drop code repacking the acquire selectors before the search. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 308a3d027672569005b88cd18a86a278efcfabda Author: Paul Wouters Date: Fri Jun 12 00:02:34 2020 -0400 documentation: updated CHANGES commit 24b507b381d0b97f0686353fea78518137fbc3dd Author: Paul Wouters Date: Thu Jun 11 23:51:04 2020 -0400 pluto: update seamless nss cert rotation for existing tunnels Don't do this on a per connection basis (hard to get it to update all roadwarriors) but just go over all connections. Rename from rotate_cert to rereadcerts, eg: ipsec whack --rereadcerts commit ce2a33e6d897e5065d71030b78bc63922161a093 Author: Myungjin Lee Date: Thu Jun 11 16:50:12 2020 -0400 pluto: seamless nss cert rotation for existing tunnels Libreswan does not support seamless cert rotation. Therefore, when a new cert is issued and inserted into NSS DB, a tunnel should be torn down and set up again or pluto needs to be restarted in order to pick up the new cert. This causes temporary disruption for an existing tunnel. This patch enables a new feature that allows rotation of cert without bringing down any active tunnel by replacing an old cert with a new one in pluto. Signed-off-by: Paul Wouters ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 998c2e22b5f88d8b26c5ea4d8855cae46497a6f6 Author: Andrew Cagney Date: Thu Jun 11 21:58:48 2020 -0400 testing: more strongswan tweaks ... expect a quick delete when initiator doesn't like response ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4ff308d1bc60ccd68f195e652debd51c408eb925 Author: Andrew Cagney Date: Thu Jun 11 12:19:37 2020 -0400 ikev1: fix lease leak - only request a lease address when there isn't already one ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit cdc860fad64e74504c238825f8d466e9bb1bc6c3 Author: Andrew Cagney Date: Wed Jun 10 21:50:18 2020 -0400 ip: eliminate subnet_from_endpoint() ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 43feda3b08edfb62ad8a34a7f93e4d5f63723808 Author: Andrew Cagney Date: Thu Jun 11 12:16:15 2020 -0400 testing: cleanup ikev1-psk-dual-behind-nat-01 Drop unnecessary s/EPHEM/, use ping-once.sh ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit 9bf645afabc9449656d787fad8a314d6132bf015
Author: Andrew Cagney
Date: Wed Jun 10 21:39:54 2020 -0400
ip: pass ip_port instead of {int,unsigned}
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 1cc15da516be1ecd698e63644807a9280949bd96 Author: Andrew Cagney Date: Thu Jun 11 10:57:13 2020 -0400 testing: don't expect strongswan cert payloads when there isn't one ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ac4eb13c526c4c5393fb0354007505845de411c1 Author: Andrew Cagney Date: Wed Jun 10 21:21:20 2020 -0400 testing: skip ikev2-tcp-03-basic-rawrsa-nonblocking for now ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 03b033173c0d055e73e8d997a54b7b129a1dec27 Author: Andrew Cagney Date: Wed Jun 10 20:48:35 2020 -0400 testing: re-create more of the strongswan directory tree ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6998c7afab37fbc2535b2ce153310fe3d7d8f1df Author: Andrew Cagney Date: Wed Jun 10 17:56:00 2020 -0400 testing: clean out strongswan config directory ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 7123226b7c3410295a025db945ffb07c779b4d0d Author: Andrew Cagney Date: Wed Jun 10 12:56:56 2020 -0400 ip: delete unused subnet*port() functions ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit fa385b15414969ccbe7459f0f86661d8faf18219 Author: Andrew Cagney Date: Tue Jun 9 21:45:16 2020 -0400 testing: l2tp-* -> ikev1-l2tp-* ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 2e7cb74c1c72d86245c15d232a92d1ca9bb39288 Author: Andrew Cagney Date: Tue Jun 9 21:39:55 2020 -0400 testing: expect more "deleting IKE SA but connection is supposed to remain up" lines ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit d03dae78584ffe9b4c3dad584280b716facb3fc6 Author: Andrew Cagney Date: Tue Jun 9 21:30:10 2020 -0400 ip: pass ip_port into protport2() Instead of an unsigned. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit f4dadb72bb26c575f008e5fe57ca4b24e1035364 Author: Andrew Cagney Date: Tue Jun 9 21:13:32 2020 -0400 xfrm: in netlink_add_sa(), add the child's port to the host_address Follow-up 520fdb0bddb49b4d7065d1e01b0562e40ba2 which lost the port. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 439961b420875ba4861a017914625bee2aee2ca2 Author: Andrew Cagney Date: Tue Jun 9 15:57:37 2020 -0400 packets: provide a few names for IKEv2's "IP Protocol ID" (and IKEv1 equivalent) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 01ed35e80fdeea395553cd58001b823180819193 Merge: 1008cf6 a2b3e84 Author: Andrew Cagney Date: Tue Jun 9 15:01:55 2020 -0400 state: log 'deleting IKE SA but connection is supposed to remain up' to whack Merge commit 'a2b3e84954dcf8811af8b92e027ab46cb51802cc' commit a2b3e84954dcf8811af8b92e027ab46cb51802cc Author: Andrew Cagney Date: Mon Jun 8 21:02:35 2020 -0400 state: log "deleting IKE SA but connection is supposed to remain up" to whack (delete_state()'s logging could do with a cleanup: the magic dealing with 'other state' just has to compare st or .st_logger; and use log_state(), and clone_logger() can be used so the logger works after parts of the state have been deleted). commit 7ba0e00ed9d83ccd267e783e51fea9e76b18def5 Author: Andrew Cagney Date: Tue Jun 9 14:58:14 2020 -0400 testing: expect: deleting IKE SA but connection is supposed to remain up ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit 1008cf6acae84ff58347468accb7ac086a740af8
Author: Andrew Cagney
Date: Sun May 24 15:19:40 2020 -0400
ip: add .is_{address,endpoint,subnet,selector} fields and runtime p*()
expectations
For debugging code doing things like stuffing a port into an address.
commit 001ffefbe0dae554f2acb52e5da744032dd0df23
Author: Andrew Cagney
Date: Mon Jun 8 17:19:37 2020 -0400
connection: don't let *instantiate() set .host_addr's port
- strip the port from all calls
- don't set .host_addr's port from within instantiate()
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 156bc32b6222f063c9f6166a90490ed4b4df1bd9 Author: Andrew Cagney Date: Mon Jun 8 18:42:44 2020 -0400 ikev2: add STF_V2_DELETE_EXCHANGE_INITIATOR_IKE_SA, to trigger deleting the IKE_SA When an IKE_AUTH response authenticates but contains an unacceptable child an additional delete notification is required. Returning this will trigger a delete IKE SA notification. (technically, and in theory, since the IKE SA is established it can hang around and just the child needs to be deleted (allowing further CHILD SAs to establish) - later) The current implemention fiddles the Message IDs so that delete_state() can do a record'n'send. It should really trigger a delete transition. While not visible in the whack output (why not?); the code then typically triggers a revive-cons. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e74efb5e91632dcbcb56e42447212cef6fbfaaeb Author: Andrew Cagney Date: Mon Jun 8 22:36:50 2020 -0400 testing: revist ikev2-10-2behind-nat - add additional rule to NAT north/road's UDP port 4500 to / (the existing rule remains so ping traffic et.al. continues to flow) - only send one PING packet - there is no OE so no packet can be dropped ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 44ab2cbfebf604234afd1157f0effe1a37e10cf6 Author: Andrew Cagney Date: Mon Jun 8 21:08:46 2020 -0400 testing: more EPHEMERAL -> EPHEM ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 397887bb2785e72544c23eb4071632f32f74f231 Author: Andrew Cagney Date: Mon Jun 8 20:34:39 2020 -0400 testing: contract EPHEMERAL->EPHEM - so length matches 2 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 48c09e20f6a7e192da92f3d1e4b887b085b52764 Author: Andrew Cagney Date: Mon Jun 8 20:14:46 2020 -0400 testing: more EPHEM tweaks ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 87670d13d7f4d9117fccf2e10f4b8f6697490531 Author: Andrew Cagney Date: Mon Jun 8 20:11:54 2020 -0400 testing: expect IP:EPHEMERAL when >=2 commit 5d8ad87c4fb92402bdf3613fe29944cd4a5fcdf6 Author: Andrew Cagney Date: Mon Jun 8 20:10:49 2020 -0400 testing: tighten IP:EPHEMERAL sed line limit damage to ports >=2 ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 7052d1d77e86347f67124087a889e9a46d4d0728 Author: Antony Antony Date: Mon Jun 8 20:44:16 2020 + testing: nsreinstall target commit 046cc232121e6b84bb33d6abea94b83bdb199446 Author: Antony Antony Date: Mon Jun 8 20:46:52 2020 + testing: fixes to test spec and move into testing directory commit ea39b762ada8e300490316b2dbc8eddca2e67be6 Author: Antony Antony Date: Tue Jun 2 05:53:28 2020 + ipv6: continue when ipv6 is disable in kernel at build based on patch from OpenWRT. Lucian Cristian ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit cc5458a3ac97a420a2ff01e2d117e7f0673c3f03 Author: Paul Wouters Date: Mon Jun 8 16:51:29 2020 -0400 testing: misc updates commit 9fcbf38ee7db730b95cb5926911f1d21b4a5c512 Author: Paul Wouters Date: Mon Jun 8 16:51:00 2020 -0400 testing: basic-pluto-16-services dont display ephemeral status output We are only verifying return code anyway commit 9c68193359155159fd235d5e92e70cbe93bac7ae Author: Paul Wouters Date: Mon Jun 8 16:39:04 2020 -0400 testing: ikev1-03-fuzzer sanitize ports commit 1352f1c50bd706ca1317c102f529abf216698a9e Author: Paul Wouters Date: Mon Jun 8 16:38:50 2020 -0400 testing: add yet another ephemeral port sanitizer for new port logging. commit 4de9c2bdc4a7590aa602db16c8871b4cb2724d81 Author: Paul Wouters Date: Mon Jun 8 16:35:17 2020 -0400 testing: new port sanitized output for ikev1-hostpair-01 commit 6481c0f77f2d44df318537fb0a32422d0de42e22 Author: Paul Wouters Date: Mon Jun 8 16:34:54 2020 -0400 testing: add another ephemeral port sanitizrt for new port logging. commit d61415ab025ac085fc6ea87fbd738d7e90cd02ef Author: Paul Wouters Date: Mon Jun 8 16:20:09 2020 -0400 testing: fixup ikev2-asymmetric-17-auth-mismatch-reverse for new restrictions on %fromcert commit be8ad98e5188911e78845afdbea2e994f95e11fe Author: Paul Wouters Date: Mon Jun 8 14:58:34 2020 -0400 testing: add sanitizer for grepping timestamps in ikev2-child-rekey-07-deadlock ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6278113bebf090cf6f54ebc798fad407c588a05f Author: Andrew Cagney Date: Sun Jun 7 13:35:32 2020 -0400 connections: in extract_end() when converting a domain-name to an address, don't stomp on the non-existant port ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 44e2fe15ceeff517846950429b9dbf6b8b0cf2cc Author: Andrew Cagney Date: Sat Jun 6 20:03:15 2020 -0400 ip: eliminate little used port functions - use nport(...) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 277881a5fe43c2393af8dabb6aef5e83358cd0f8 Author: Andrew Cagney Date: Sat Jun 6 15:28:15 2020 -0400 ip: add ip_port, ip_port_range Tired of getting ntohl() wrong :-^ ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b5caf3f76b6bfb9df638d1ebcf9e560812cb2c60 Author: Paul Wouters Date: Fri Jun 5 18:26:32 2020 -0400 testing: fixup error message ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit cc612838ff3dd2db388a037ebf7ab82fcd651f14 Author: Paul Wouters Date: Fri Jun 5 18:25:53 2020 -0400 testing: update for changes in the last few months commit fb31e2b7cc4de52f4724763446970c7e2af18704 Author: Paul Wouters Date: Fri Jun 5 18:06:21 2020 -0400 testing: update fips-13-ikev2-x509-key2032 for new keysizes commit 413367f5164965802b40c5ebf4045cc208848a77 Author: Paul Wouters Date: Fri Jun 5 18:03:03 2020 -0400 testing: fixup fips-15-ikev2-x509-key2048 to use updated key sizes commit 26e0ff80dc9da5b5f7423515db16d890ca4a6ad7 Author: Paul Wouters Date: Fri Jun 5 15:44:11 2020 -0400 testing: newoe-27-replace-sa-auth-authnull fixup for updated AUTH failure deleting full state commit 2c5336dac1390c61409f869bcccab23b8b6df429 Author: Paul Wouters Date: Fri Jun 5 14:55:01 2020 -0400 testing: nss-cert-badca-01 duplicate error no longer happens commit 00ada98ef5e57a50806c04657e8e410d81dd1301 Author: Paul Wouters Date: Fri Jun 5 14:54:16 2020 -0400 testing: nss-cert-chain-04-ikev2 fixup grep to prevent hitting a new debug line commit 6a2003cef85fbe497012b1e2a5baf791f349dfd5 Author: Paul Wouters Date: Fri Jun 5 14:37:09 2020 -0400 testing: add console output for ikev2-ike-rekey-05 commit e8c05c9f634adb373c9b7f8e2cc96320f64e7a5e Author: Paul Wouters Date: Fri Jun 5 14:17:03 2020 -0400 testing: add console output for interop-ikev2-xfrmi-strongswan-01 Note this test is badly named, as it is strongswan to strongswan and not really an interop ? commit 2c912796a1cfdc850f4b17ac4adaf8c46d04be70 Author: Paul Wouters Date: Fri Jun 5 14:12:59 2020 -0400 testing: add missing console for interop-ikev2-strongswan-aes_xcbc ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit bdee688c85b8d8687e72d77618b82363827df3b5 Author: Paul Wouters Date: Fri Jun 5 14:04:50 2020 -0400 testing: fixup sanitizer again for ephemeral port range Seems Fedora 23 decided not to start at 32768 but at 29xxx now ? ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 1d966fb74d7940d4ba1fe99404c73cc8210d941d Author: Paul Wouters Date: Fri Jun 5 11:50:43 2020 -0400 testing: swan-prep workaround for kernel ICMP Acquire bug This affects KVM/QEMU, not namespace based testing. It sets net.ipv4.ping_group_range to the "old" value of only allowing root the make icmp messages. Newer code allows this setting to allow non-root uids to create ICMP echo packets. But it changes the code path by going no longer going through a RAW socket. But with a RAW socket, raw_probe_proto_opt is calle which sets the type and code. IPv6 apparently does not have a similar issue. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9416a5fc9e1ba7b91031b31404394016bd528ee8 Author: Andrew Cagney Date: Fri Jun 5 10:05:57 2020 -0400 testing: (hopefully) fix sanitizer typo ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e98afeac90deef8270a097e79578bd9a3d52c7f2 Author: Andrew Cagney Date: Wed Jun 3 13:02:07 2020 -0400 testing: update enum check output to match IDs commit 14e07ddcf2f5f25f1602be68d370f988f8f62956 Author: Andrew Cagney Date: Tue Jan 30 20:40:56 2018 -0500 constants: organize Security Protocol ID name tables inline with IETF According to IETF notify, delete, and proposal are all independant (they just happen to use the same numbers). ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 8e3b8516fe30dff132055b25a831000a14c48852 Author: Paul Wouters Date: Thu Jun 4 17:53:43 2020 -0400 testing: update addconn-05 output ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 702e495fb52072c8262d8c3c6c5317546309f6bb Author: Andrew Cagney Date: Thu Jun 4 16:02:21 2020 -0400 bsd: increase an arbitrary limit by an aribitrary amount (the shell command buffer) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit cfa03d95329cb1510f0944ae63bb6298f5f7548c Author: Paul Wouters Date: Thu Jun 4 15:35:25 2020 -0400 testing: extend addconn-05 to test for non-existing interface name (left=%bogus) ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 396ef270237ba3feef4e3b14440271d02c3135d8 Author: Paul Wouters Date: Wed Jun 3 18:40:10 2020 -0400 testing: update for two ipsec status lines that are now sanitized away commit 78d1647ea7d658e0be50b3c02e5914eee428cd9f Author: Paul Wouters Date: Wed Jun 3 18:38:54 2020 -0400 testing: sanitize two ipsec status lines away The nssdir= and dnssec-rootkey-file= lines are different on Ubuntu vs Fedora/RHEL. And we don't really need to see that information. commit 47866f3f45c7edae891c45e0037ac4916e3b8158 Author: Paul Wouters Date: Wed Jun 3 18:32:50 2020 -0400 testing: Add support for Debian/Ubuntu testing using namespaces - Fix some /usr/sbin calls to /sbin as Ubuntu and Fedora/RHEL/CentOS had those commands also available in /sbin (ip, sudo, nsenter, etc) - Add bind mount for ipsec.d onto /var/lib/ipsec/nss for db files - Don't try to copy into /etc/sysconfig/ for FIPS This was to add/remove --impair-force-fips, prob need other method ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit af549cc7ca8c70df67c7e255ce96519a36d0fd1c Author: Andrew Cagney Date: Mon May 25 09:59:24 2020 -0400 ikev2: in TS initiator, don't stomp on .host_addr with the negotiated port ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit ec39b0b36f361238a4fdf645fe3c281deb27e14e
Author: Andrew Cagney
Date: Wed Jun 3 11:05:46 2020 -0400
bsd: add hacks to revive tunnel mode (and hopefully not break tunnel mode)
It looks like tunnel mode did, at some point work. It's just that all
the parts surounding kernel-bsdkame have been shuffled to the point of
confusion.
Transport mode needs:
pfkey_send_add(outgoing ESP/AH)
pfkey_send_add(incomming ESP/AH)
pfkey_send_spddb(outgoing transport)
while for tunnel mode:
pfkey_send_add(outgoing ESP/AH)
pfkey_send_add(incomming ESP/AH)
pfkey_send_spddb(outgoing tunnel)
pfkey_send_spddb(incomming tunnel)
Ref: http://www.netbsd.org/docs/network/ipsec/
But what's happening in setup_half_ipsec_sa() is (bsd had
.inbound_eroute=false):
if (!kernel->inbound_eroute)
call add_sa(IPIP)
which makes no sense and caused BSD to abort
call add_sa() for the SA (ESP, AH, ...) aka pfkey_send_add()
if (kernel->inbound_eroute)
call raw_eroute("inbound") aka pfkey_send_spdadd(outbound)
...
the eroute code then calls raw_eroute("outbound") aka
pfkey_send_spdadd(inbound)
So:
- I've no clue as to what the add_sa(IPIP) is trying to do
- the way raw_eroute() is called just seems bizare
This patch changes BSD's .inbound_eroute to TRUE and then adds a hack
so that the inbound eroute isn't installed when transport mode.
(if you're looking for good news, grep for inbound_eroute).
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit fbc7a18f031490b538c2a22b60b461271855745a Author: Andrew Cagney Date: Wed Jun 3 11:04:51 2020 -0400 kernel: sprinkle dbg() calls ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 71e409d6f8a015691bbbaeade3413fb247f043eb Author: Andrew Cagney Date: Wed Jun 3 11:03:53 2020 -0400 bsd: use kdump_spdb() to dump messages output is closer to setkey -v. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits:
commit bc27b541b0d1442a87a44d5d0ac3384f86e4508e
Merge: ef7dc18 ae08cf8
Author: Andrew Cagney
Date: Tue Jun 2 12:44:52 2020 -0400
netbsd: revive transmport mode
still fragile but known to work
Merge commit 'ae08cf8c81f5117f9af36d2a522acbf275744e5e'
commit ae08cf8c81f5117f9af36d2a522acbf275744e5e
Author: Andrew Cagney
Date: Tue Jun 2 12:43:06 2020 -0400
bsd: fix transport mode
- replace casts with sockaddr_from_endpoint()
- use pfkey_send_add()
commit 57fbac77b52c1fbc70cf8dabfbb121aa4a6a4db9
Author: Andrew Cagney
Date: Tue Jun 2 12:39:09 2020 -0400
bsd: patch up libbsdpfkey
- add foreach_supported_alg()
- fix -Wsigned
- fix -Wunused
- printf() -> DBGF(DBG_CRYPT, ...)
hacky as printf("X");printf("Y\n" comes out a mess
- when DBG_CRYPT, dump pfkey messages being sent
commit d3a105e52f7aec6f58aa8b6bcff5f3431ca57394
Author: Andrew Cagney
Date: Tue Jun 2 11:30:26 2020 -0400
bsd: suck in NetBSD's 2014 version of libpfkey
It's less embedded than the FreeBSD version; known to break BSD
builds.
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ef7dc186433430912120d4174e4af5a36931258e Author: Andrew Cagney Date: Tue Jun 2 12:26:55 2020 -0400 kernel: drop .pfkey_register_response() ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 291a02134dee3c336035db69096efb980b3800bb Author: Andrew Cagney Date: Tue Jun 2 11:48:32 2020 -0400 building: add the archive $(BSDPFKEYLIB) to $(OBJS) so it is included in the link dependencies ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit e2a3c8d58bcdd2c33b03934ccd232d6e4ea9de53 Author: Paul Wouters Date: Tue Jun 2 10:25:11 2020 -0400 testing: ikev2-tcp-17-rekey-ipsec do not expect SAREF_TRACKING commit 4ae212c05ef93fc8c96adc3bb3f896e422c78df6 Author: Paul Wouters Date: Tue Jun 2 10:24:29 2020 -0400 testing: ikev2-tcp-02-timeout do not expect SAREF_TRACKING commit 49495c98355438f28aa9e086a25c74a362376ea2 Author: Paul Wouters Date: Tue Jun 2 10:23:52 2020 -0400 testing: ikev1-transport-protoport-01 do not expect SAREF_TRACKING policy commit 46af9da477dee6e2a61a14d534f659e6f19de20c Author: Paul Wouters Date: Tue Jun 2 00:56:12 2020 -0400 testing: sanitizers : ignore Relabeled /testing/ warnings commit 28956eb038be502e0ef22335f9223b3a69a234ac Author: Paul Wouters Date: Tue Jun 2 00:51:32 2020 -0400 testing: ikev2-ike-rekey-04 added reference output ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
