New commits:
commit 9db404b146b0ee131232af170773302a6e4a90cc
Author: Paul Wouters <[email protected]>
Date: Mon Oct 14 21:42:23 2024 -0400
documentation: update CHANGES
commit 77d6e79185205c009d23e57a7bf256c5be4c0dce
Author: Paul Wouters <[email protected]>
Date: Mon Oct 14 21:41:23 2024 -0400
linux: kernel >= 6.10 need replay-window 0 on OUTBOUND SA.
commit 58a089aed65cdfa2a67c2e951ce1fb127d06aca7
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:41:28 2024 -0400
documentation: updated CHANGES
commit b54c7fd54a80c2b5733779e530b0d11fc50da2c3
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:32:02 2024 -0400
testing: Add 3 IPTFS test cases
commit 2a90c45b463afc06e43150faa3f4dda04461d6ce
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:30:54 2024 -0400
pluto: Pull in netlink_add_sa_ bmp_size and encap_dscp direction support.
Fixes come from Antony Antony
commit 82d54e69a368ecf1cfb8bba9e190ca8711795fcc
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:30:04 2024 -0400
IKEv2: Add support for negotiating IPTFS
commit 2e7cb769b8813a2e36eec9282a4c48bdd6ce714c
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:27:21 2024 -0400
kernel: Add IPTFS kernel state and IPTFS probe support
commit cdc01985f1d8d5ddfb2a9429d16eed303ec82c4e
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:08:59 2024 -0400
Linux: fix typo "mirgrate" and confusing "sa" use.
Fix the typo and call struct kernel_migrate migrate and not sa.
commit aa84191cde12b4ff00c79b99c64e05297bb8578b
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 23:01:29 2024 -0400
documentation: Add IPTFS options to man page for ipsec.conf
commit 1225ec3e6df350504e8c91fbfe93dd1842e7b4a1
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 22:54:54 2024 -0400
libswan/whack: add IPTFS support
This commit adds the following keywords:
iptfs=yes|no
iptfs-dont-frag=yes|no
iptfs-packet-size= 0 for pmtu
iptfs-max-queue-size=
iptfs-init-delay=
iptfs-reorder-window=
iptfs-drop-time=
And the whack options:
[--iptfs] [--iptfs-dont-fragment] [--iptfs-packet-size <size>]
[--iptfs-max-queue-size <size>] [--iptfs-init-delay <ms>]
--iptfs-drop-time <ms>
[--iptfs-reorder-window <window>]
commit 697d23b0a11189324267cae0432891736a0a0a65
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 22:47:12 2024 -0400
linux: Update the copy of xfrm.h
It adds the headers to support XFRM SA Direction and XFRM IPTFS
commit 9d9b3cb18a48e99a7d01ab1ca0e4473c9ac73a79
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 22:41:21 2024 -0400
linux: Do not set replay-window for outbound SA
This code needs fixing for krenels < 6.10 as per comment by Antony:
Linux kernel >= 6.10 need replay-window 0 on OUTBOUND SA
0. Older kernels does not support replay-window for
OUTBOUND SA with ESN. It support 1.
1. Do BSD varients support 0 on OUTBOUND? If not move next
line to kernel_xfrm.c
Tracked via https://github.com/libreswan/libreswan/issues/1797
commit d9b2309c100668aa2993198c6f4b1cff13dc703f
Author: Paul Wouters <[email protected]>
Date: Fri Sep 6 22:37:32 2024 -0400
Linux: add nl_addattr16() and nl_addattr8()
Taken from Antony Antony's branch https://github.com/antonyantony/libreswan/
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
