On Sun, Dec 24, 2023 at 05:17:12PM -0500, Paul Wouters wrote:
>
> Hi,
>
> Antony added the following code:
>
> +#if defined(HAVE_NFTABLES)
> + if (spd->local->child->has_cat) {
> + ip_selector client =
> selector_from_address(spd->local->host->addr);
> +
> +
New commits:
commit f2dd972f8a8571b061151e7705ce2086577001d6
Author: Antony Antony
Date: Wed Oct 4 22:49:46 2023 +0200
packaging: debian replace iptables with nftables and bsdmainutils
bsdmainutils is not used
___
Swan-commit mailing
New commits:
commit abe1c84f96147a6cfa04422be6a07a377a740088
Merge: 28caab9a84 76dd70eedf
Author: Antony Antony
Date: Wed Oct 4 20:20:03 2023 +
Merge branch 'nftables-20231004'
on linux builds nftable will be default.
Ref #116
commit
New commits:
commit 38f1dff4936bdac6afc64d14d54d94017a0891e2
Author: Antony Antony
Date: Mon Oct 2 06:02:52 2023 +
testing: nftables fliter clear text westnet-eastnet northnet-eastnet
e.g. replace nflog-02-conn
-iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
do not use it.
Is there any information in the documentation on how to build packages without
iptables dependencies?
>From 10f22a36f94bb7a4c19868f453bac11eb3995246 Mon Sep 17 00:00:00 2001
From: Antony Antony
Date: Sat, 25 Feb 2023 10:34:14 +
Subject: [PATCH] enable nftable
upstream added nftable
On Thu, Jul 20, 2023 at 07:07:31PM +0200, Antony Antony wrote:
> Hi Brady,
>
> See some feedback from testing your latest branch, from an hour ago.
>
> On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> > Hello,
> >
> > I submit several patch sets
Hi Brady,
See some feedback from testing your latest branch, from an hour ago.
On Thu, Jul 20, 2023 at 05:07:10PM +0200, Brady Johnson wrote:
> Hello,
>
> I submit several patch sets to my XFRM IP ref-counting PR [0] in the past
> few days. I fixed the assert/segfault that Antony reported on
New commits:
commit 7f01fb1be42a38330fcb31fefe97c5bb3e2f7dc3
Author: Antony Antony
Date: Thu Jul 20 16:46:16 2023 +
testing: more fixes due to xfrmi and tcpdump.sh changes
commit 184375767cf73384df0553a50b5dae453ef3c295
Author: Antony Antony
Date: Thu Jul 20 16:44:41 2023 +
New commits:
commit 70612043a9c7df5aee539f8b811d8125a337d1d0
Author: Antony Antony
Date: Wed Jul 19 22:18:51 2023 +
testing: more outptut fixes due chage in tcpdump.sh
update output from testing.libreswwan.org
commit d22a7b948b2d853bdaf5d73aca929d448a86abd5
Author: Antony
New commits:
commit 27a050ae6fc8b1bb8ab67cc01965df4c14e88c96
Author: Antony Antony
Date: Wed Jul 19 18:13:18 2023 +0200
testing: more testing/guestbin/tcpdump.sh cleanup
commit d4dd9bac6ae2de37728a0c04109ccd534ac63b33
Author: Antony Antony
Date: Sat Sep 26 09:06:59 2020 +
New commits:
commit 21bbf320737983d8e293729e9aea75c8a452e766
Author: Antony Antony
Date: Tue Jul 18 21:15:00 2023 +
testing: guestbin/tcpdump.sh ignore output of kill command
commit 42f3040bbf630ed5735bc2318ffb9043f403e683
Author: Antony Antony
Date: Tue Jul 18 18:04:45 2023 +
New commits:
commit 9c311071f8669d00fe106be44e8aa4962e5d030d
Author: Antony Antony
Date: Fri Jul 14 11:00:21 2023 +
testing: add ikev2-xfrmi-15-interface-ip
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
try AES GCM?
The output from the 'ip xfrm state' indicates that libreswan negotiated AES
CBC tunnel mode? However, does your NIC supports AES CBC offloading?
Notably, the more commonly supported offloads are AES GCM 128 and 256 bits.
In theory, CBC SHA1 offloading is possible using Intel
New commits:
commit fb03d218e7859470137ff400ec203b1615a5eb5a
Author: Antony Antony
Date: Thu Apr 6 19:00:13 2023 +
kernel: apply fixes to when nft is enabled.
/source/rpmbuild/BUILD/libreswan-4.9_1226_gd2e4c04454ed_main/programs/pluto/kernel_policy.c:531:33:
error: 'st
On Fri, Mar 03, 2023 at 12:48:32PM +0100, Brady Johnson wrote:
> Ok, agreed it should be decoupled from updown.
>
> I'm trying to determine where to store the ref counted IP addresses
> (v4/v6). I could add it to the pluto_xfrmi struct
> (kernel_xfrm_interface.c/h) but then that would not include
New commits:
commit 085907fa9786d6afdb0b612565d0b9b0b7a0db0c
Author: Antony Antony
Date: Sun Feb 19 14:55:50 2023 +
testging: nftable test update
commit 7f2a0e40189aab291c73d9b8674c1f4784b82408
Author: Antony Antony
Date: Sat Feb 18 13:27:17 2023 +
pluto: fix
.
- This was encountered on a Fedora 36 cloud-based VM,
running the testsuite with Namespaces in the VM.
The version of Python on the VM is 3.10.9.
Signed-off-by: Brady Johnson
Signed-off-by: Antony Antony
___
Swan-commit mailing
New commits:
commit 4cf1bc716d0ec6d1f495a6b74d1d776a437348cc
Merge: e73fda7e9d 5865942115
Author: Antony Antony
Date: Sun Feb 12 15:17:12 2023 +
Merge branch 'nftables-20230212'
more nftable support for Linux.
- add per connection nflog support
- add CAT support
On Fri, Feb 03, 2023 at 10:25:47AM -0500, Paul Wouters wrote:
> On Fri, 3 Feb 2023, Antony Antony wrote:
> Ofcourse, a side effect of doing this was that we _did_ update the
> byte counters so every time the dpddelay period was reached, or a whack
> status or delete was issued, we
New commits:
commit 9a6e1d0335ccfd31a26dbf19e6eea716b9e27d1c
Author: Antony Antony
Date: Mon Jun 27 05:19:34 2022 +
linux: pluto use kernel SA attribute XFRMA_LASTUSED
Linux kernel, since 6.2, updates lastused for all traffic, in and out.
Use lastused when available. Older
Hi,
cagney
antony, check the pexpect in
https://testing.libreswan.org/v4.7-492-g6fcffb2868-main/ikev2-expire-02-packets/OUTPUT/west.pluto.log.gz
kernel: kernel_process_msg_cb() process xfrm message
kernel: netlink_get: XFRM_MSG_EXPIRE message with legth 248
netlink_kernel_sa_expire spi
New commits:
commit 4ced117c6fa271be3537210eb554e3bc44452d2a
Author: Antony Antony
Date: Fri Aug 19 20:44:56 2022 +
ipsecconf: change error to #error
cagney advised to cheange to #error
___
Swan-commit mailing list
Swan-commit
New commits:
commit 14d6da578ca947ae9c6bcb472debacb6a723391e
Author: Antony Antony
Date: Fri Aug 19 14:40:32 2022 +
building: linux building HAVE_NFTABLES=true
6897745f20b7 ("building: set HAVE_IPTABLES?=true in linux.mk")
broke building with
HAVE_NFT
For last couple of years I have been using an extended version of the
FreSWAN diagram and added "duo" and "float"
My motivation was more clear hosts, routing FLOAT with dual uplink.
https://libreswan.org/wiki/images/f/f1/Testnet-202102.png
I have nsrun that support sunset,sunrise, Tokyo. I
New commits:
commit fee9e621e21ecc54003561142cbc6dbaf6cda997
Author: Antony Antony
Date: Thu Jul 7 07:20:15 2022 +0200
pluto: 32bit fixes for binary keyword
Fixes: b79030c16674 ("lib: parser add binary prefix support")
Fixes: 1045691b8da5 ("pluto: add supp
New commits:
commit bca051b598f87813653d1abeb25aa4c05405fc2f
Author: Antony Antony
Date: Wed Jun 29 14:36:54 2022 +
ikev2: use refactored fuzz_margin to calculate margin
use refactored code to calculate fuzzed margin for IKEv2, IKEv1 and IPsec
bytes and packets
ore stable.
Are there any other feedback? I have will start a testrun and there are no
other issues I plan to merge sa-expire branch to the main in next 12 hours
or so.
Thanks Paul for the review.
-antony
On Sun, Jun 26, 2022 at 06:51:56PM -0400, Paul Wouters wrote:
> On Jun 26, 2022, at 18:35, Antony
New commits:
commit e50ba0a115cdbf0eead4e8653e9482076a83923b
Author: Antony Antony
Date: Mon Jul 4 17:06:24 2022 +
testing: fping-short.sh ipsec-trafficstatus.sh bash syntax fixes
Thanks to Tuomo Soini for his feedback
___
Swan
New commits:
commit f1a6fa9b0d931b9b3802e231f2b2b5585edec2d6
Author: Antony Antony
Date: Mon Jul 4 15:17:56 2022 +
testing: dpd-01 output more console fixes
commit 4200474e8bdd2cb379765fd078632c49dd5a2209
Author: Antony Antony
Date: Mon Jul 4 15:14:58 2022 +
testing
New commits:
commit 332f3cc47d5d16461fc171f98129c6a6d4f2601d
Author: Antony Antony
Date: Fri Jul 1 04:56:18 2022 +
testing: sanitized fping script
a wrapper around fping. The wrapper support some loss. However, 100%
loss is error. In many situations some packet loss
New commits:
commit 9d4f6e3482c9a5292f13571df950f3604a94d84e
Author: Max-Julian Pogner
Date: Mon Jun 20 22:41:35 2022 +0200
documentation: Fix typo
Signed-off-by: Antony Antony
___
Swan-commit mailing list
Swan-commit
On Fri, Jun 24, 2022 at 02:22:14PM -0400, Paul Wouters wrote:
> On Tue, 21 Jun 2022, Antony Antony wrote:
>
> > Hi Paul,
> > Here is a new iteration sa-expire branch. I cherry picked changes from
> > https://github.com/paulwouters/libreswan/tree/sa-expire-2022-01-06
> &
21, 2022 at 04:59:01PM +0200, Antony Antony wrote:
> Hi Paul,
> Here is a new iteration sa-expire branch. I cherry picked changes from
> https://github.com/paulwouters/libreswan/tree/sa-expire-2022-01-06
>
> and rebased to origin/main.
>
> I have created a PR to make it eas
regards,
-antony
On Thu, Jan 06, 2022 at 10:34:36PM -0500, Paul Wouters wrote:
> On Tue, 7 Dec 2021, Antony Antony wrote:
>
> > I have rebased the branches a couple days ago. minor fixes to ignore
> > acquire SA expire. GiB...EiB support.
>
> I've reviewed and rebased, ad
New commits:
commit d3340f015fe1e163f33ef78c705bc8436fcd568e
Merge: 88bee62b82 31d2a748d2
Author: Antony Antony
Date: Sun Jun 19 12:34:20 2022 +0200
Merge branch 'nftable-fixes' into main
rework nftable suport using boolean options.
use iptables and nft from the path $PATH
New commits:
commit 88bee62b82316afa2c096a4c16c5fb4d7bafb807
Author: Antony Antony
Date: Sun Jun 19 07:22:29 2022 +0200
testing: xauth-pluto-20-pam-timeout fix accidental regression
the output is not stable. on my run state number is different.
Lets use the one from
New commits:
commit b7c25d61bcadae0d4b30b4bc6705b6c1480dfdf6
Author: Antony Antony
Date: Sun Jun 19 07:13:55 2022 +0200
testing: nflog-01-global update output
iptables filter shows the nflog output
___
Swan-commit mailing list
Swan
New commits:
commit 706ffce30e8a4b5f46f33796f313b6dfe67874c1
Author: Antony Antony
Date: Sun Jun 19 01:04:53 2022 +0200
build: fix HAVE_IPTABLES using findstring
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 7e58294f13382190b6ad5ad97a0a6481ae7cba43
Author: Antony Antony
Date: Sat Jun 18 12:56:05 2022 +0200
linux: add nftables nflog-all support
initial support for nflog. only support nflog-all
TBD per connection support
IPTABLES_BINARY=nft make base
New commits:
commit ed0a5e8501696832cfeab67cb54cd101f6e8c8a7
Author: Antony Antony
Date: Sat Jun 18 15:05:00 2022 +0200
testing: update console output add iptables filter
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit ce7387a0a18d6d3b7f7b4f0639938ad11b84ad85
Author: Antony Antony
Date: Fri Jun 17 23:15:02 2022 +0200
testing: update for ipsec look adding filter
commit 84039d79bc7f5e8a58bd1f08c5e6d0b11735f5ab
Author: Antony Antony
Date: Fri Jun 17 06:05:25 2022 +
New commits:
commit 0640209e3c36674db9a5d323b8dc6c0904eb5694
Author: Antony Antony
Date: Fri Jun 17 05:19:03 2022 +
testing: fix output
-NEW_IPSEC_CONN mangle TABLES
commit 1936cb659c1403499a9efb7f274478e295268dc5
Author: Antony Antony
Date: Thu Jun 16 15:02:26 2022 +
New commits:
commit 0f7d4216c3235032499f2f761d3bcb23010f9f09
Author: Antony Antony
Date: Thu Jun 16 12:28:36 2022 +
_updown.xfrm.in: fix more typos and do not use [ around if
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 0b0dfd06f8726a2b195907d545030bb643dceb33
Author: Antony Antony
Date: Thu Jun 16 10:26:03 2022 +
programs: use IPTABLES_BINARY config variable
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
ant from KLIPS
mast?
the one barf could be replaced next.
ipsec: --checknflog would only work if the libreswan was built with
iptables.
On Wed, Jun 08, 2022 at 08:39:20PM +0200, Antony Antony wrote:
> Breaking down task of adding nft support.
>
> On Wed, Jun 08, 2022 at 10:38:16
New commits:
commit 44d4044af06ff40e0e8897039b126a6956b11a54
Author: Antony Antony
Date: Thu Jun 16 09:40:29 2022 +
programs/verify/verify.in: iptables is optional and use build variable
remove the hard coded path of iptables. Use optional build time variable
New commits:
commit 03c95a7fc5b8141b08f46a57bd87c47ffcded4a7
Author: Antony Antony
Date: Thu Jun 16 08:42:24 2022 +
_updown.xfrm.in: fix bash check
Fixes: 0b3937d667bd ("_updown.xfrm.in: iptables is optional")
commit bfd5e38b5c9c0598eca28993778f0450033ced8d
Auth
New commits:
commit 0f39735b6edf539553374be962e458a7afa082ce
Author: Antony Antony
Date: Wed Jun 15 21:58:14 2022 +
_updown.xfrm.in: fix typo in previous commit
Fixes: 0b3937d667bd ("_updown.xfrm.in: iptables is optional")
__
New commits:
commit 0b3937d667bd9f321eed04e14998def7b05726c3
Author: Antony Antony
Date: Wed Jun 15 20:28:14 2022 +
_updown.xfrm.in: iptables is optional
if there is iptable support add nflog.
commit b554d3f237e99da28b8e4c8c5362ed3564c9df99
Author: Antony Antony
Date: Wed
New commits:
commit f99fda3a83400909506bcc76b51b65065d2d7246
Author: Antony Antony
Date: Thu Jun 9 17:50:58 2022 +
packaging: debian control update
now that lowest supported debian is buster use more recent values
libunbound-dev (>= 1.6.5~)
Rules-Requires-R
New commits:
commit b6a227530c18bbb14be1a8cfa9d4cbac7f8a0f3e
Author: Antony Antony
Date: Thu Jun 9 17:16:31 2022 +
building: removed default build and packaging for older linux releases
___
Swan-commit mailing list
Swan-commit
New commits:
commit fd9a3406d1cb4a6065c81317661f2caf0521e8b4
Author: Antony Antony
Date: Thu Jun 9 17:00:37 2022 +
building: more consistant variable name LINUX_VERSION_CODENAME
s/VERSION_CODENAME/LINUX_VERSION_CODENAME/
Fixes: 6a0440d4e6d7 ("building: fix d
New commits:
commit ccff929feca9ae8d8d4cddaffca2bd2b1cd5fb44
Author: Antony Antony
Date: Thu Jun 9 05:11:57 2022 +
packaging: debian drop jessie support
commit 20fe3adb398eaafb8dc62df06cf32461aaa817d7
Author: Antony Antony
Date: Thu Jun 9 06:11:57 2022 +
building: deb
Breaking down task of adding nft support.
On Wed, Jun 08, 2022 at 10:38:16AM -0400, Andrew Cagney wrote:
> this week it is https://github.com/libreswan/libreswan/issues/116
I am in favor of adding nft support along with iptable support. Add build
variable? Any thoughts on how to add nft
New commits:
commit 255482436e59e3786b95c55da8f01565b97b9346
Author: Antony Antony
Date: Sat Jun 4 23:15:55 2022 +0200
testing: coverity-cron.sh
shell script used to create coverity scan build, submit the build to
coverity scan
Hi,
On Fri, May 20, 2022 at 05:52:02PM -0400, Balaji Thoguluva wrote:
> Hi All,
>
> I have a couple of basic questions.
>
> 1) Is there any way (any parameter) so we can disable the IPsec processing
> in Libreswan and just use the IKE functionality in Libreswan?
There was an option no-kernel
New commits:
commit b08e7bb11c740388b45c318b394f425454d6dbfc
Author: Antony Antony
Date: Mon May 23 13:30:29 2022 +
testing: fix nusrn change in shell.Remote
change due to broke nsrun
1fd5be97047a ("Revert "Revert "kvm: switch to pexpect.spawn
New commits:
commit b33136d103a15cdcf744f00cea07b926593d045f
Author: Antony Antony
Date: Fri May 20 10:51:29 2022 +
testing: timeparsing wip tests
add hex number in config. This connection should fail to load?
I wonder if pervious parser code allowed hex numbers?
Now
New commits:
commit c8cbe1b2b58ddf2e20e41a7bb50e88d27fa3202d
Author: Antony Antony
Date: Thu Jul 2 22:16:10 2020 +
testing: ikev2 IKE_INIT fuzzer test
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org
Hi,
While working on xfrm sa expire messages and extending the parser with
binary prefixes I noticed a bug in our parser, libipsecconf code?
May be it is something for parser experts! Hugh, would you please take a look?
test cases: libipsecconf-09-time-prefix and
New commits:
commit 0165923a7405e9126249e9c7b6cd88f3e8aeb6cb
Author: Antony Antony
Date: Wed Dec 8 06:53:48 2021 +
testing: libipsecconf-09-time-prefix wip
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
I have rebased the branches a couple days ago. minor fixes to ignore
acquire SA expire. GiB...EiB support.
On Sun, Nov 28, 2021 at 05:21:36PM -0500, Paul Wouters wrote:
> On Nov 27, 2021, at 14:03, Antony Antony wrote:
> >
> > Hi,
> > I rebased this branch and imp
On Sat, Nov 27, 2021 at 07:23:00PM -0500, Andrew Cagney wrote:
>
>
> One thing decide as group is how to represent big number (2^64) bytes
> and
> packets, especially the default 2^64 will appear in "ipsec status:
> output.
> 18446744073709551615 look
, 2021 at 02:38:08PM -0400, Paul Wouters wrote:
> On Tue, 6 Apr 2021, Antony Antony wrote:
>
> > > I noticed you used salifebytes= and salifepackets=. I think it would be
> > > more intuitive to call these maxbytes= and maxpackets. Or limit-bytes=
> > > or bytelimit= and
New commits:
commit 0dbac40700fb1847fa7226312182de23824b32c7
Author: Antony Antony
Date: Tue Nov 23 18:57:55 2021 +
testing: ikev2-algo-esn-09-replay-zero
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
Hugh,
you spotted a bug in debug output.
I think the idea is to log @ reqid=.
either dst or src would change. I also recollect trying to log the ports
when there is encap.
debug output is in:
https://testing.libreswan.org/v4.4-483-g292ec75828-main/ikev2-mobike-05-gcm/OUTPUT/north.pluto.log.gz
New commits:
commit 6f41127d2426f428b56594eee70c441c55dfaee6
Author: Antony Antony
Date: Tue May 4 15:41:06 2021 +
testing: rw-multiple-subnets wip update
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 7ea9d60397c9619247823827bedd7784e400d8f2
Author: Antony Antony
Date: Mon May 3 17:16:37 2021 +
testing: rw-multiple-subnets
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
On Mon, Apr 19, 2021 at 02:02:39PM -0400, Andrew Cagney wrote:
>
>
> On Mon, 19 Apr 2021 at 11:53, Antony Antony wrote:
>
> On Sat, Apr 17, 2021 at 08:33:18PM -0400, Andrew Cagney wrote:
> > BTW, I took a look at swan-prep --dnssec. As best I can the
On Sat, Apr 17, 2021 at 08:33:18PM -0400, Andrew Cagney wrote:
> BTW, I took a look at swan-prep --dnssec. As best I can the big difference
> between namespaces and KVM is when the config files are installed:
>
> - with KVMs the nsd and unbound directories are set up before the test is run
>
On Sat, Apr 17, 2021 at 11:03:15AM -0400, Andrew Cagney wrote:
> Problem is still there :-( Anyone had some inspiration? For instance with
> nsd-4.3.2-1.fc32.x86_64
> https://testing.libreswan.org/v4.3-474-g9267a3fd5d-main/ikev2-55-ipseckey-06/
> OUTPUT/nic.console.diff
>
> On Mon, 29 Mar 2021
New commits:
commit fbd61d8e3ccbc1ecb4841365a19e6eb1c502b611
Author: Antony Antony
Date: Sat Apr 17 18:35:59 2021 +
testing: ikev2-55-ipseckey-06 use swan prep
this should work by now. swan-prep dns tests also run in namesapce
commit ae809cd1db85bb152bd809406b98b1ca4b88506e
On Mon, Apr 05, 2021 at 01:22:39PM -0400, Paul Wouters wrote:
> On Mon, 5 Apr 2021, Antony Antony wrote:
>
> > Here is my sa expire branch rebased to main.
> >
> > #sa-expire
> > https://github.com/antonyantony/libreswan/tree/sa-expire
>
> Thanks! I had a l
Hi Paul,
Here is my sa expire branch rebased to main.
#sa-expire
https://github.com/antonyantony/libreswan/tree/sa-expire
It need a bit more work to merge to main. I look the code again and fix
"FIXME". It also need more tests.
If you feel like helping add more tests. This would help to get
New commits:
commit 6729e46087446f6d07c22e9023d496ca55cf4def
Author: Antony Antony
Date: Fri Mar 12 17:38:44 2021 +
testing: remove extra white spce
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org
New commits:
commit 809ce8fb1a3ec20d78f555a0a279ea1177ce8053
Author: Antony Antony
Date: Thu Jan 7 20:04:16 2021 +
ip: address reject 0/ for VTI and xfrm ip address
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
On Wed, Jan 06, 2021 at 09:33:12AM -0500, Andrew Cagney wrote:
> On Mon, 4 Jan 2021 at 11:06, Antony Antony wrote:
> >
> > On Sun, Jan 03, 2021 at 11:54:30AM -0500, Paul Wouters wrote:
> > > On Sun, 3 Jan 2021, Andrew Cagney wrote:
> > >
> > > > Subje
On Sun, Jan 03, 2021 at 11:54:30AM -0500, Paul Wouters wrote:
> On Sun, 3 Jan 2021, Andrew Cagney wrote:
>
> > Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
>
> > I suspect it has something to do with XFRMI. As best I can, in the
> > current code, it is simply being
New commits:
commit f1d1933837efcc84c0deacd732599b122c4ff4da
Author: Antony Antony
Date: Thu Oct 29 15:49:55 2020 +
pluto: fix xfrmi name leak
Reported-by: Andrew Cagney
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit a38c0c0028781257cacdabfc67806b0048d99688
Author: Antony Antony
Date: Fri Oct 23 20:16:06 2020 +
testing: nsrun write >>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<
Date: Fri Oct 23
New commits:
commit c1c66d7fe5e362d25a1fba7566c2f2e73132e3d6
Author: Antony Antony
Date: Sat Oct 17 17:45:41 2020 +
testing: fix libipsecconf-04
Fix west.conf. It accidently got overwritten
Fixes: 19607eeac96c ("testing: swan-prep use addconn configsetup to d
New commits:
commit 46945e1d12af8ef7e5fe6b8b37408a3e24397a7d
Author: Antony Antony
Date: Sat Oct 17 13:31:32 2020 +
ikev2: fix comment related IKEv2_SEC_PROTO_IKE
Fixes: f9fada7234b6 ("ikev2: allow Protocol ID IKE in Notify")
commit 3f1f7c3b6fab7842745774233ced39
revert them?
iPhone send Protocol ID: RESERVED (0). So far Cisco is the only outliever we
know of.
regards,
-antony
On Fri, Oct 16, 2020 at 02:36:20PM +, Antony Antony wrote:
> New commits:
> commit f9fada7234b69d069d00d22163229bfe071ef70e
> Author: Antony Antony
> Date:
New commits:
commit 285d03e6f28bd97e2f1b4247707f51ef7b73db9b
Author: Antony Antony
Date: Sat Oct 17 07:24:32 2020 +
testing: swan-prep fix typo missing comma
commit 83ea2c2f2d5cf702a3a4825d5776fbae2748d3e8
Author: Antony Antony
Date: Fri Oct 16 22:58:08 2020 +
ikev2: fix
New commits:
commit e12546107a136b86b774eeafafef996a9745b223
Author: Antony Antony
Date: Fri Oct 16 21:48:34 2020 +
testing: x509-pluto-04 remove / due to changes to nssdir
commit e302802a9f3e966272e323ecfaab5a7e8a59c74f
Author: Antony Antony
Date: Fri Oct 16 21:29:59 2020 +
New commits:
commit cc368d274a18e35d0fc1cfee9b67999c9688adec
Author: Antony Antony
Date: Fri Oct 16 15:08:57 2020 +
testing:ipv6-addresspool-05-dual-stack final.sh's ' end '
___
Swan-commit mailing list
Swan-commit
New commits:
commit f9fada7234b69d069d00d22163229bfe071ef70e
Author: Antony Antony
Date: Fri Oct 16 14:21:43 2020 +0200
ikev2: allow Protocol ID IKE in Notify
Cisco send Protocol ID IKE(1) in notifications in IKEv2 IKE_INIT.
Commit 14e07ddcf2f5 would not allow &q
On Thu, Oct 15, 2020 at 03:03:35PM -0400, Paul Wouters wrote:
> On Thu, 15 Oct 2020, Antony Antony wrote:
>
> > I am glad to see 4.0 is out.
> > Looking at the commit that bump to 4.0 I notice a drift.
> >
> > Use of IPSECBASEVERSION as oppesed to @IPSECBASEVERSION
I am glad to see 4.0 is out.
Looking at the commit that bump to 4.0 I notice a drift.
Use of IPSECBASEVERSION as oppesed to @IPSECBASEVERSION@ are popping up
When changing to 4.x cycle would be a good time to drift towards
@IPSECBASEVERSION@ again.
Here is a previous discusions and concencus
New commits:
commit cd6d74c1376500ec96d427e1131eca75c3fbd09f
Author: Antony Antony
Date: Mon Oct 12 20:04:03 2020 +
addconn: --configsetup print ipsec.conf and whcak socket
commit 06f63fe5d1fef35a065d0dcb357e60b8433154fc
Author: Antony Antony
Date: Mon Oct 12 20:19:51 2020 +
On Wed, Sep 16, 2020 at 09:53:49AM -0400, Paul Wouters wrote:
> On Wed, 16 Sep 2020, Antony Antony wrote:
>
> > I had a quic look. IKEv1 need extra message (3 round trips) as opposed to
> > IKEv2(2 round trips). And initiator is installing policies in different
> > orde
On Mon, Sep 28, 2020 at 12:44:03PM -0400, Andrew Cagney wrote:
> I'm planning on removing the sanitizer ipsec-auto-up.n.sed. It removes what I
> consider to be important contextual information from console.txt. For
> instance, consider this output:
I think it is a usefull swanitizer. May be
New commits:
commit 8b42ce739b02cbfbf547dcec517f7f4d037eaebf
Author: Antony Antony
Date: Sun Sep 27 14:26:22 2020 +
testing: fix tcpdump.sh
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit cb3a5ae7d453c66f67e97c70ada8b7b0f1120be0
Author: Antony Antony
Date: Sun Sep 27 12:51:37 2020 +
testing: fix tcpdump.sh
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit 725719b7483730fa080ec491b3d3b80aa2adef1a
Author: Antony Antony
Date: Sun Sep 27 11:57:55 2020 +
testing: remove priority from xfrm tests
It was an accident. This should not chage output
___
Swan-commit mailing
New commits:
commit 70f9d7e3b0a8151e8cf8a370f5ecac37389d19c2
Author: Antony Antony
Date: Sun Sep 27 11:32:58 2020 +
testing: wrape script to start and stop tcpdump
tcpdump should use unique name(host+testname) inside the namespace
and do not use killall tcpdump.. It could
New commits:
commit 1eb894bb8746c083d0c9b227f97d07ad74345145
Author: Antony Antony
Date: Thu Sep 24 17:05:16 2020 +
testing: namespace sanitizer was too wide narrow it to loop backonly
-2001:db8:0:3:1:: dev lo proto kernel metric 256 pref medium
commit
On Mon, Sep 21, 2020 at 05:07:27PM -0400, Andrew Cagney wrote:
>
>
> On Mon, 21 Sep 2020 at 15:32, Antony Antony wrote:
>
> Andrew,
>
> after a closer look I see l2tp and ppp configuration file could be in the
> form 'hostname + "." +
New commits:
commit 0040d4adbd16402782b89a902cd0129c537b3ef4
Author: Antony Antony
Date: Wed Sep 23 15:59:08 2020 +
testing: swan-prep
commit 8575abeb655e4f6d3ebc32e084e2bef727bedb81
Author: Antony Antony
Date: Wed Sep 23 15:36:49 2020 +
testing: add ipv6-addresspool-05
On Tue, Sep 22, 2020 at 04:14:34PM -0400, Andrew Cagney wrote:
> Regardless of the end, a line like:
> leftrsasigkey=
> leftrsasigkey2=...
> will always add public keys like:
> (generated?) leftid / leftrsasigkey
> (generated?) leftid / leftrsasigkey2
> to the list of raw public keys.
1 - 100 of 928 matches
Mail list logo
