Home / Browse / IPsec Tools / Mail / Archive

IPsec Tools

Email Archive: ipsec-tools-devel (read-only)

2003:	_Jan	_Feb	_Mar (3)	_Apr (6)	_May	_Jun (14)	_Jul (4)	_Aug (19)	_Sep (27)	_Oct (7)	_Nov (4)	_Dec (3)
2004:	_Jan (58)	_Feb (20)	_Mar (70)	_Apr (93)	_May (102)	_Jun (130)	_Jul (47)	_Aug (61)	_Sep (149)	_Oct (160)	_Nov (243)	_Dec (94)
2005:	_Jan (199)	_Feb (166)	_Mar (276)	_Apr (422)	_May (289)	_Jun (222)	_Jul (306)	_Aug (154)	_Sep (72)	_Oct (163)	_Nov (113)	_Dec (195)
2006:	_Jan (174)	_Feb (94)	_Mar (130)	_Apr (45)	_May (85)	_Jun (115)	_Jul (120)	_Aug (111)	_Sep (210)	_Oct (56)	_Nov (72)	_Dec (30)
2007:	_Jan (56)	_Feb (49)	_Mar (35)	_Apr (58)	_May (83)	_Jun (101)	_Jul (46)	_Aug (58)	_Sep (47)	_Oct (58)	_Nov (55)	_Dec (54)
2008:	_Jan (52)	_Feb (21)	_Mar (20)	_Apr (49)	_May (20)	_Jun (37)	_Jul (101)	_Aug (49)	_Sep (75)	_Oct (152)	_Nov (34)	_Dec (63)
2009:	_Jan (90)	_Feb (12)	_Mar (88)	_Apr (49)	_May (36)	_Jun (36)	_Jul (52)	_Aug (54)	_Sep (19)	_Oct (45)	_Nov (18)	_Dec (34)
2010:	_Jan (12)	_Feb (28)	_Mar (18)	_Apr (19)	_May (14)	_Jun (15)	_Jul (24)	_Aug (45)	_Sep (6)	_Oct (4)	_Nov (21)	_Dec (23)
2011:	_Jan (24)	_Feb (45)	_Mar (56)	_Apr (18)	_May (4)	_Jun (10)	_Jul (15)	_Aug (38)	_Sep (11)	_Oct (48)	_Nov (55)	_Dec (29)
2012:	_Jan (41)	_Feb (15)	_Mar (24)	_Apr (17)	_May (12)	_Jun (17)	_Jul (18)	_Aug (17)	_Sep (17)	_Oct (4)	_Nov (8)	_Dec (13)
2013:	_Jan (9)	_Feb (1)	_Mar (10)	_Apr (18)	_May (18)	_Jun (10)	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
						1

2	3	4	5	6	7	8
(1)	(1)	(2)		(2)	(1)
9	10	11	12	13	14	15
(4)	(3)	(8)	(2)	(2)	(2)	(2)
16	17	18	19	20	21	22
(1)		(2)	(1)		(11)	(1)
23	24	25	26	27	28	29
	(1)		(2)	(1)
30	31
	(4)

[Ipsec-tools-devel] [PATCH] Pile of patches

From: <timo.teras@ik...> - 2007-12-04 13:07

Attachments: 01-ipsecdoi_prefix_host.diff 02-transport-ids-from-addrs.diff 03-quick_r1recv-memleak.diff 04-transport-natoa.diff 05-admin-establish-ipsec-sa.diff 06-racoonctl-ipproto-gre.diff

Hi again,

I'm resending my patches again. As Emmanuel commented there should be no problem with including the NAT-OA, I'm now hoping some could review these and comment on them. I'm still planning to implement more stuff, so getting some feedback now on needed changes could help me avoid extra work on merging the changes later to multiple patches.

The first three patches are unchanged from previous send (consider committing):
01-ipsecdoi_prefix_host.diff
02-transport-ids-from-addrs.diff
03-quick_r1recv-memleak.diff

The following patches are new/changed and still a bit experimental (for review):
04-transport-natoa.diff
- removed one extra hunk adding empty line within a comment
- modfied checking of IDcr/IDci: when checking ID against NAT-OA check only the address portion against NAT-OA as port is never used in NAT-OA

05-admin-establish-ipsec-sa.diff
- implement establish-sa [esp|ah] in admin.c
- make a new helper function isakmp_get_sainfo(); is the correct place in isakmp.c?
- send phase2 up events
- establish-sa -w option to wait until sa is established or an error happens

06-racoonctl-ipproto-gre.diff
- add GRE protocol number to racoonctl and related manpage

I'm still planning to improve the event reporting to racoonctl. Current event dispatching is based on polling. So each event is seen only by one racoonctl process. And e.g. running multiple establish-sa requests with -w simultaneously (or vpn-connect) is broken. Also I'm planning addition of "do not replace SA" type parameter for establish-sa. These would make integration of ipsec-tools with OpenNHRP [http://sourceforge.net/projects/opennhrp] very straight forward.

Cheers,
Timo

Re: [Ipsec-tools-devel] [PATCH] Pile of patches

From: Matthew Grooms <mgrooms@sh...> - 2007-12-04 20:01

Timo Teräs wrote:
> Hi again,
> 
> I'm resending my patches again. As Emmanuel commented there should be no problem with including the NAT-OA, I'm now hoping some could review these and comment on them. I'm still planning to implement more stuff, so getting some feedback now on needed changes could help me avoid extra work on merging the changes later to multiple patches.
> 
> The first three patches are unchanged from previous send (consider committing):
> 01-ipsecdoi_prefix_host.diff
> 02-transport-ids-from-addrs.diff
> 03-quick_r1recv-memleak.diff

I committed 01-03 to head. If there are no objections I will commit 03 
to the 7 branch as well.

> 
> The following patches are new/changed and still a bit experimental (for review):
> 04-transport-natoa.diff
> - removed one extra hunk adding empty line within a comment
> - modfied checking of IDcr/IDci: when checking ID against NAT-OA check only the address portion against NAT-OA as port is never used in NAT-OA
> 

I will need to take a closer look at 04 but am swamped at the moment. 
Maybe Yvan or Manu will get to this before I do.

> 05-admin-establish-ipsec-sa.diff
> - implement establish-sa [esp|ah] in admin.c
> - make a new helper function isakmp_get_sainfo(); is the correct place in isakmp.c?
> - send phase2 up events
> - establish-sa -w option to wait until sa is established or an error happens
> 
> 06-racoonctl-ipproto-gre.diff
> - add GRE protocol number to racoonctl and related manpage
> 
> I'm still planning to improve the event reporting to racoonctl. Current event dispatching is based on polling. So each event is seen only by one racoonctl process. And e.g. running multiple establish-sa requests with -w simultaneously (or vpn-connect) is broken. Also I'm planning addition of "do not replace SA" type parameter for establish-sa. These would make integration of ipsec-tools with OpenNHRP [http://sourceforge.net/projects/opennhrp] very straight forward.
> 

I believe Yvan was looking at 06 ( maybe 05 as well )?

-Matthew