New commits:
commit 2b99eda962886889189cbbcc05ff094b318f91b7
Author: Paul Wouters <[email protected]>
Date: Thu Sep 3 18:54:34 2015 -0400
pluto: IKEv2 don't log bogus RC_SERIOUS log message
Due to the redesign in how ikev2parent_inI1outR1() called
ikev2_find_host_connection() we had a logging artifact that for AUTH_NULL
would log the following RC_LOG_SERIOUS messages before successfully
establishing a tunnel:
Sep 3 15:55:48: packet from 10.236.54.80:500: initial parent SA message
received on 10.236.54.8:500 but no connection has
been authorized with policy RSASIG+IKEV2_ALLOW
Sep 3 15:55:48: packet from 10.236.54.80:500: initial parent SA message
received on 10.236.54.8:500 but no connection has
been authorized with policy PSK+IKEV2_ALLOW
Sep 3 15:55:48: "private-or-clear#10.0.0.0/8"[2] ...10.236.54.80 #5:
negotiated tunnel [10.236.54.8,10.236.54.8:0-65535 0
] -> [10.236.54.80,10.236.54.80:0-65535 0]
This commit changes those RC_LOG_SERIOUS messages into DBG messages,
and adds a more generic RC_LOG_SERIOUS log message in the caller:
"initial parent SA message received on %s:%u but no suitable connection
found with IKEv2 policy of RSASIG, PSK or AUTH_NULL",
I'm not sure if we should even keep this as a RC_LOG_SERIOUS message
though, as it is a denial of service on the logs, and we have turned
most of these into DBG messages. But turning this into DBG might result
in a complete lack of understanding when run without debugging.
commit 8d6aa89c6288030de8661145492f573976f48ef9
Author: Paul Wouters <[email protected]>
Date: Thu Sep 3 18:25:43 2015 -0400
updated CHANGES
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
