Re: [Swan-dev] testing/pluto/netkey-audit-01 fails for me

On Sun, 1 Oct 2017, Paul Wouters wrote: On Sun, 1 Oct 2017, D. Hugh Redelmeier wrote: In the reference output, ksize=128 In the actual output, ksize=0 This is for a bunch of lines. Here's one: type=CRYPTO_IPSEC_SA msg=audit(XXX): pid=PID uid=0 auid=AUID ses=SES subj=system_u:system_r:unco

Re: [Swan-dev] Converting all test cases to not use ipsec.conf.common

On Mon, 2 Oct 2017, D. Hugh Redelmeier wrote: | We have talked about this in the past, but before I go ahead, I wanted | to ask if anyone objects to the test cases being converted to standalone | configuration files that no longer use or need ipsec.conf.common. | The disadvantage is that any ch

Re: [Swan-dev] Converting all test cases to not use ipsec.conf.common

| From: Paul Wouters | Date: Tue, 26 Sep 2017 20:36:03 -0400 (EDT) | We have talked about this in the past, but before I go ahead, I wanted | to ask if anyone objects to the test cases being converted to standalone | configuration files that no longer use or need ipsec.conf.common. | The disadva

[Swan-dev] flush_pending_ipsec() question

Hey, I was looking through my stashing and found one that was addressing the flush_pending_ipsec() issue we found. I verified the current state and I see we have a different fix in place now. I am wondering about this code from commit 7097a65bfd + if (IS_IPSEC_SA_ESTABLISHED(st->

Re: [Swan-dev] xauth_send_request has a comment that confuses me

> I don't think this is happening in a thread? Only alwaysok/file/pam > authentication is happening inside a thread. All the rest of xauth > happens in the main process. (I thought Andrew had pulled out > alwaysok/file from threads but I guess he didn't end up doing that) > > It does the following:

Re: [Swan-dev] xauth_send_request has a comment that confuses me

On Mon, 2 Oct 2017, Antony Antony wrote: well if the comment was true I could avoid double sending in server.c I don't understand that part. We still have the issue of sending some kind of Main or Aggressive Mode message, immediately following by an XAUTH request message. I'm not sure why it m

Re: [Swan-dev] xauth_send_request has a comment that confuses me

On Mon, Oct 02, 2017 at 12:43:51PM -0400, Paul Wouters wrote: > On Sun, 1 Oct 2017, D. Hugh Redelmeier wrote: > > > At the end of xauth_send_request: > > > >/* RETRANSMIT if Main, SA_REPLACE if Aggressive */ > > /* ??? the actual code seems to force EVENT_v1_RETRANSMIT */ > > if (

Re: [Swan-dev] crash during testing xauth (2) when processing dpd event

On Mon, 2 Oct 2017, Antony Antony wrote: The pointer hp points at a bunch of 0xef bytes. This cannot have been the case when it was initialized at the start of the function: it is dereferenced to initialize d in the first for loop. c_kind is CK_INSTANCE. So the preceding if-body was not execu

Re: [Swan-dev] google is marking libreswan e-mail as spam

On 2 October 2017 at 11:44, Paul Wouters wrote: > On Mon, 2 Oct 2017, Andrew Cagney wrote: > > Subject: [Swan-dev] google is marking libreswan e-mail as spam >> >> I suspect it started about two weeks ago. >> >> To quote: Why is this message in Spam? We've found that lots of messages >> from lis

Re: [Swan-dev] crash during testing xauth (2) when processing dpd event

On Sat, Sep 30, 2017 at 08:18:11PM -0400, D. Hugh Redelmeier wrote: > Same context as (1). > > testing/pluto/xauth-pluto-17 failed east:CORE,output-different > road:output-different > > Core was generated by `/usr/local/libexec/ipsec/pluto --leak-detective > --config /etc/ipsec.conf --nofo'. >

Re: [Swan-dev] xauth_send_request has a comment that confuses me

On Sun, 1 Oct 2017, D. Hugh Redelmeier wrote: At the end of xauth_send_request: /* RETRANSMIT if Main, SA_REPLACE if Aggressive */ /* ??? the actual code seems to force EVENT_v1_RETRANSMIT */ if (st->st_event->ev_type != EVENT_v1_RETRANSMIT) { delete_event

Re: [Swan-dev] // considered a warning sign

On Sun, 1 Oct 2017, D. Hugh Redelmeier wrote: I'm exploring the use of // in libreswan code. It seems to get used for temporary edits, some of which are scary. Yes. Our coding style doesn't allow it, so people tend to use it for temp markers to find things back while working. Usually not mean

Re: [Swan-dev] crash after pluto: Fix addresspool reference count

On Mon, 2 Oct 2017, Antony Antony wrote: A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16 pointing to addresspool.c. The crash happens with ipsec stop I couldn't repoduce lsw#299 yet. Did you manage to reproduce before bd3a5f0 patch? No, I had not attempted to reprod

[Swan-dev] test message, please ignore

testing DKIM Paul ___ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] google is marking libreswan e-mail as spam

On Mon, 2 Oct 2017, Andrew Cagney wrote: Subject: [Swan-dev] google is marking libreswan e-mail as spam I suspect it started about two weeks ago. To quote:  Why is this message in Spam? We've found that lots of messages from lists.libreswan.org are spam.  Learn more Can you check your gmail

Re: [Swan-dev] google is marking libreswan e-mail as spam

I don't know if this is the cause, but lots of mailing lists have been forced to rewrite some addresses address. It seems that Google and perhaps Microsoft and other big guys have decided that forwarded mail is suspect. DMARC or DKIM or SPF or something like it gets broken by forwarding. I've no

Re: [Swan-dev] enumcheck-01 fails

Yea, My mistake; I'll push a fix. Andrew On 17 September 2017 at 17:59, D. Hugh Redelmeier wrote: > It looks to be due to changes to the impair bits. It is kind of hard to > decode the output of the test. > > Here's a massaged version: > > impair-send-zero-gx > impair-send-bogus-dcookie >

[Swan-dev] google is marking libreswan e-mail as spam

I suspect it started about two weeks ago. To quote: *Why is this message in Spam?* We've found that lots of messages from lists.libreswan.org are spam. Learn more ___ Swan-dev mailing l

[Swan-dev] make kvm... is a changing

Remember, there's a 'base' base domain shared between build trees, and 'local' domains dedicated to a build tree. If KVM_PREFIXES is used, multiple local domains are possible. The following changes are in place: - the base domain (swanfedorabase, swanfedora22base, swanfedora26base) is only requi

[Swan-dev] crash after pluto: Fix addresspool reference count

Hi Paul A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16 pointing to addresspool.c. The crash happens with ipsec stop I couldn't repoduce lsw#299 yet. Did you manage to reproduce before bd3a5f0 patch? (gdb) bt #0 0x55a3e7f6830b in unreference_addresspool (c=0x7f