[Announce] openswan-2.6.28 released

Paul Wouters paul at xelerance.com
Thu Jul 29 14:57:11 EDT 2010

Xelerance has released openswan 2.6.28


This release contains a few important fixes. With NETKEY it fixes the "cannot
reconnect" issue some people were seeing. The MAST stack has been updated. Anyone
using the MAST stack should also upgrade the corresponding SAref patch, as the
API changed slightly.

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

v2.6.28 (July 29, 2010)
* MAST: Fix SAref vmalloc() call that could cause a kernel panic [Bart]
* SAREF: rework exported interface to avoid might_sleep() during rcu lock [Bart]
* SAREF: Use the correct mask when updating nfmark in rcv path [Bart]
* MAST: Cleanup updown.mast iptables rule management [Bart]
* MAST: Rework mast init scripts to use conntrack [Bart]
* MAST: Remove iptables rules after SA is deleted [Bart]
* SAREF: Fix bug in stream-socket saref mode [Bart]
* SAREF: Ported to apply on Linux 2.6.34 [Harald]
* MAST: Fix for NAT-T mode (set ixs->outgoing_said in mast mode) [Bart]
* MAST: Fix module unload with mast [Bart]
* Allow rightsubnet=vnet:%priv rightprotoport=17/%any w/o right=%any [Paul]
* SAREF: Log SAref and SAbind capabilities on pluto startup [Paul]
* Log tunnel down with HAVE_STATSD as "down", not "unknown" [Paul]
* Changes to _realsetup.in for making the init script LSB compliant [Avesh]
   rhbz #594767
* _startnetkey update for DNS and NetworkManager [Avesh]
* SAREF: fix bug in stream-socket saref mode [Bart]
* Added TCP header flags to ipsec_print_ip() output [Bart]
* KLIPS: Don't fail non-existant header_ops (breaks ppp) [David]
* KLIPS: ip_select_ident hashing fix in AH xmit path [Kirill Berezin]
* HAVE_STATSD: Fix phase1/phase2 logging through HAVE_STATSD interface [David]
* HAVE_STATSD: log output fix when two connections share a phase1 [David]
* HAVE_STATSD: Slightly clarified and changed log messages [Paul]
* SAREF: Clarified defines and fixed nfmark printing in HAVE_STATSD [dhr/Paul]
* MAST: Temp workaround in _updown.mast for martians problem [Bart/Paul]
* Cleanup source code to use C-style comments [Tuomo]
* Bugtracker bugs fixed:
    # 1120: [PATCH] netlink receive buffer size too small for linux 2.6.32
            [Roman Hoog Antink]

More information about the Announce mailing list