<feed xmlns='http://www.w3.org/2005/Atom'>
<title>tteras/strongswan/src/libhydra/plugins/kernel_pfkey, branch master</title>
<subtitle>tteras' strongSwan tree
</subtitle>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/'/>
<entry>
<title>libhydra: Move all kernel plugins to libcharon</title>
<updated>2016-03-03T16:36:11+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2016-02-12T14:21:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=dec9e1957feb56c854bc24a657a6a378d74317f6'/>
<id>dec9e1957feb56c854bc24a657a6a378d74317f6</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Enable ENCR_CAMELLIA_CBC when it's available</title>
<updated>2015-11-23T10:20:30+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-11-23T10:17:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=b675909662c20bd5c3eb28707e44f42d4ba60b89'/>
<id>b675909662c20bd5c3eb28707e44f42d4ba60b89</id>
<content type='text'>
Fixes #1214.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixes #1214.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Make absolutely sure we always delete the right policy cache entry</title>
<updated>2015-11-10T15:42:53+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-09-16T15:04:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=baff14d049717ffa950e2d46415aa4daf40caa09'/>
<id>baff14d049717ffa950e2d46415aa4daf40caa09</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-interface: Pass the same data to del_policy() that was passed to add_policy()</title>
<updated>2015-11-10T15:42:52+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-09-16T14:44:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=a6e0f14fd2bf8b23fbfd808acc595e97d5e23a49'/>
<id>a6e0f14fd2bf8b23fbfd808acc595e97d5e23a49</id>
<content type='text'>
The additional data can be helpful to identify the exact policy to
delete.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The additional data can be helpful to identify the exact policy to
delete.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Enable ENCR_AES_CTR when it's available</title>
<updated>2015-11-09T11:01:18+00:00</updated>
<author>
<name>Renato Botelho</name>
<email>garga@FreeBSD.org</email>
</author>
<published>2015-11-06T19:07:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=dff2d05bb9bec684b3b2efdafc9a47219550bbe1'/>
<id>dff2d05bb9bec684b3b2efdafc9a47219550bbe1</id>
<content type='text'>
Obtained-from:	pfSense
Sponsored-by:	Rubicon Communications (Netgate)
Closes strongswan/strongswan#17.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Obtained-from:	pfSense
Sponsored-by:	Rubicon Communications (Netgate)
Closes strongswan/strongswan#17.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Properly encode ICMP type/code if only set on one side</title>
<updated>2015-08-31T13:30:51+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-08-26T14:16:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=d34a82dd57f11025f0b39537d414e2eb5fc6ad8b'/>
<id>d34a82dd57f11025f0b39537d414e2eb5fc6ad8b</id>
<content type='text'>
References #595.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
References #595.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Only flush SAs of types we actually manage</title>
<updated>2015-08-21T16:27:05+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-08-13T09:01:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=603e3b489bb8a448f0dbcad9406fbfb64523abe1'/>
<id>603e3b489bb8a448f0dbcad9406fbfb64523abe1</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: Add support for AES-GCM</title>
<updated>2015-08-20T16:55:45+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-07-29T09:23:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=e2a252a86f5f65b6f6a5ff80fa7f97f5b8470817'/>
<id>e2a252a86f5f65b6f6a5ff80fa7f97f5b8470817</id>
<content type='text'>
The next release of FreeBSD will support this.

While Linux defines constants for AES-GCM in pfkeyv2.h since 2.6.25 it
does not actually support it.  When SAs are installed via PF_KEY only a
lookup in XFRM's list of encryption algorithms is done, but AES-GCM is in
a different table for AEAD algorithms (there is currently no lookup
function to find algorithms in that table via PF_KEY identifier).
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The next release of FreeBSD will support this.

While Linux defines constants for AES-GCM in pfkeyv2.h since 2.6.25 it
does not actually support it.  When SAs are installed via PF_KEY only a
lookup in XFRM's list of encryption algorithms is done, but AES-GCM is in
a different table for AEAD algorithms (there is currently no lookup
function to find algorithms in that table via PF_KEY identifier).
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-pfkey: When adding policies do an update if they already exist</title>
<updated>2015-08-13T08:49:16+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-06-03T15:17:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=695112d7b8ea96f1c38f255cf404dfd661671e8d'/>
<id>695112d7b8ea96f1c38f255cf404dfd661671e8d</id>
<content type='text'>
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-interface: Add a separate "update" flag to add_sa()</title>
<updated>2015-03-09T17:18:20+00:00</updated>
<author>
<name>Martin Willi</name>
<email>martin@revosec.ch</email>
</author>
<published>2015-03-09T17:04:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=942797a5b5176c43670232ffb8686bc347b8cda9'/>
<id>942797a5b5176c43670232ffb8686bc347b8cda9</id>
<content type='text'>
The current "inbound" flag is used for two purposes: To define the actual
direction of the SA, but also to determine the operation used for SA
installation. If an SPI has been allocated, an update operation is required
instead of an add.

While the inbound flag normally defines the kind of operation required, this
is not necessarily true in all cases. On the HA passive node, we install inbound
SAs without prior SPI allocation.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current "inbound" flag is used for two purposes: To define the actual
direction of the SA, but also to determine the operation used for SA
installation. If an SPI has been allocated, an update operation is required
instead of an add.

While the inbound flag normally defines the kind of operation required, this
is not necessarily true in all cases. On the HA passive node, we install inbound
SAs without prior SPI allocation.
</pre>
</div>
</content>
</entry>
</feed>
