[Swan-commit] Changes to ref refs/heads/master

Wed, 28 Oct 2015 04:44:51 -0700 

New commits:
commit 47e956bd75f170b5c8299e76df4b9aa55d1334c2
Author: Lubomir Rintel <[email protected]>
Date:   Wed Oct 28 12:42:13 2015 +0100

    XAUTH: Don't attempt to read attributes when there's just padding
    
    Libreswan, unlike cisco, likes to add padding when transform payload 
attributes
    don't line up to 4-octet boundaries while it doesn't seem to be too happy 
about
    padding, being non-interoperable with itself (unless "ikepad" is turned 
off):
    
    002 "conn" #4: modecfg: Sending IP request (MODECFG_I1)
    005 "conn" #4: Received IPv4 address: 10.0.0.10/32
    005 "conn" #4: Received IP4 NETMASK 255.255.255.255
    005 "conn" #4: Received DNS server 8.8.8.8
    005 "conn" #4: Received Domain: yolo
    005 "conn" #4: Received Banner: swag
    005 "conn" #4: Received subnet 192.168.100.156/32, maskbits 32
    003 "conn" #4: not enough room in input packet for ISAKMP ModeCfg attribute 
(remain=2, sd->size=4)
    
    RFC 2408 3.6 seems to be a bit unclear about how to pad the attributes
    referring to "any padding." Let's just assume anything shorter than four 
octets
    (minimal attribute size) at the end is padding and don't attempt to read
    through it.
    
    Signed-off-by: Paul Wouters <[email protected]>

commit 97a165013e67527efbd06d93b0b4993db4820070
Author: Lubomir Rintel <[email protected]>
Date:   Wed Oct 28 12:40:04 2015 +0100

    selinux: support dynamic class/perm discovery
    
    The older API has been deprecated which breaks Werror builds.
    
    Signed-off-by: Paul Wouters <[email protected]>

commit d4230d050afaee7f988c0e9a8fd50c1190c90127
Author: Lubomir Rintel <[email protected]>
Date:   Wed Oct 28 12:28:20 2015 +0100

    systemd: add socket activation
    
    This fixes a startup race where the tools don't know whether it's safe to 
use
    the managemenet socket after launching the service.
    
    Signed-off-by: Paul Wouters <[email protected]>

commit 97544cdfdb3caa7dd088c0064782a2626a99fad9
Author: Lubomir Rintel <[email protected]>
Date:   Wed Oct 28 12:22:33 2015 +0100

    _updown.*: Fix NetworkManager callback
    
    Letting NM know is not just specific to resolver configuration management, 
NM
    always needs to know if setting up the connection succeeded or timed out.
    
    Moreover, it's probably not a good idea to unset the variables upon 
disconnect
    as it would be nice if NetworkManager could identify the connection that 
goes
    down.
    
    Signed-off-by: Paul Wouters <[email protected]>

_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit

Reply via email to