New commits:
commit 19af1f3022019306dc909a555ecd63d3cdfe621b
Author: Paul Wouters <[email protected]>
Date: Tue Feb 10 10:23:22 2015 +0800
testing: added ikev2-ddos-01
commit 7ea539844e2344f6852f5edca967ee764b6d5e44
Author: Paul Wouters <[email protected]>
Date: Tue Feb 10 10:17:42 2015 +0800
pluto: anti-DDOS support
This adds the keywords:
ddos-ike-treshold : number of IKE SAs before sending DCOOKIES in IKEv2
(we should prob refuse new conn for IKEv1 when we hit
this)
max-halfopen-ike : number of half-open IKE SAs before we start refusing
new IKE_INIT
(we should prob refuse new conn for IKEv1 when we hit
this)
New status output in ipsec status:
000 State Information: DDoS cookies REQUIRED, Accepting new IKE connections
000 IKE SAs: total(100), half-open(100), authenticated(0), anonymous(100)
000 IPsec SAs: total(0), anonymous(<todo>)
New command: ipsec whack --globalstatus (format will change) will show an
enumered
list of states and count. The idea is to move most of the "config setup
items from
"ipsec status" to "ipsec globalstatus"
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
