New commits: commit 4c441f17004a7fba94991c6f156a6805330777b7 Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 13:33:27 2018 -0500
testing: add/update newoe-18-poc-cop-port22-both* commit c691f4bce236a95ff615ff7ffe837731536b05ba Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 13:09:26 2018 -0500 pluto: oppo_instantiate() can be made static. This commit only moves the code block so no declaration is needed at the top. commit 10bab7dde1bb2e7b7b9d531af4fab8eff4ca27c3 Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 13:02:57 2018 -0500 pluto: recalculate default SPD priority using calculate_sa_prio(c) Once we instantiate and fill in the details, we need to have a longer prefix match priority for the instance compared to the template, so packets hit the instance SPD and not the template SPD rule. The replaced priority creation also could not make a difference between static conns, OE conns and OE anon conns. This is now differentiated so that SPDs (trap or tunnel!) for static tunnels always wins over OE. Note for bare shunts where we havent determined a connection yet, we use prio 0 (the highest). This is not a change from previous behaviour. commit 7324356946e282a0c0421d39a0e6560ff499b421 Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 12:55:27 2018 -0500 pluto: add protoport support to build_outgoing_opportunistic_connection() It did not take protoports into consideration, so an OE instance for 1.2.3.0/24 tcp 0 22 could become confused with 1.2.3.0/24 tcp 22 0 and cause a mismatch later on. note this addition only rejects finding dport mismatches. It is not guaranteed to find the most narrow match (eg udp 1234 1234) commit e4b88ae198c6961fea22a1a0d322500b61b73586 Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 12:53:06 2018 -0500 pluto: use braces around OE name of conn that includes protoports commit 2af1e2b814b472eaf4ab21cfcc7846b192884098 Author: Paul Wouters <pwout...@redhat.com> Date: Sun Mar 4 12:51:36 2018 -0500 pluto: define SPD groups for SPD priority, eg PLUTO_SPD_* in pluto_constants _______________________________________________ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit