[Openswan dev] openswan 2.6.18rc1 available

Michael H. Warfield mhw at WittsEnd.com
Thu Oct 2 10:19:00 EDT 2008

On Wed, 2008-10-01 at 18:57 -0400, Paul Wouters wrote:

> A release candidate was just made. The one important bugfix we want to put
> in before a final release is the KLIPS error (Unknown socket write error 96).

> But for NETKEY there should not be a difference between this prerelease
> and the final openswan 2.6.18 release, unless one of you finds a regression
> compared to openswan 2.6.16.

> Changes follow below,

> Paul
> (ps. note that there is no openswan 2.6.17 release)
> v2.6.18
> * Fix for compiling KLIPS on RHEL/Centos 2.6.18-92.1.10.el5 [dhr/paul]
> * Fix in deleting connections that might have caused some of our Delete
>    Notifies to have gotten lost. Introduced in openswan 2.5.01 [paul]
> * Rekey= inverted yes/no, causing rekey=no to be rekey=yes [Shingo Yamawaki]
> * Some memory leaks / refcount fixes [Shingo Yamawaki]
> * Removed most of #ifdef CONFIG_KLIPS_DEBUG conditionals. We now always
>    compile in DEBUG support. [paul]
> * No longer use the assembly version of des_encrypt (dx86unix.S). It
>    is i386-i686 specific, requires framepointers and does not work with
>    CONFIG_REGPARM=y, which is the unconditional default for 2.6.17+ [paul]
> * Fix memory leak when we run out of descriptors [David McCullough]
> * Various memory leak fixes for pluto (from #macosx) [Ilia Sotnikov]
> * LEAK_DETECTIVE should report better now [Ilia Sotnikov]
> * Add support for USE_DMALLOC [Ilia Sotnikov]
> * Update stats to show dropped packets [David McCullough]
> * Allow session migration of OCF devices [Brad Vrabete]
> * DNS/WINS ModeConfig fixes [David McCullough]
> * refineconnection bug fix. This might cover various problems where
>    the right conn was not picked (eg rightca="%any" workaround, but
>    perhaps also some rekey issues) [paul]

	This is a very significant improvement for me.  Not only has it fixed
the refineconnection problem Paul and I were discussing and debugging
over the last couple of days, it has definitely made an improvement in
the rekeying issues that were resulting in "no suitable connections for"
errors that were occurring when rekeying.  One link in particular was
plagued by this requiring frequent manual restarting.  That link stayed
up overnight and was operational this morning for the first time since I
had updated the initiator end to 2.6.14 several months ago.

	Looking forward to the final release.

> * unregister_netdevice: waiting for ppp2 to become free. Usage
>    count = -1 on kernels < 2.6.24 [Martin Schiller]
> * Bugtracker bugs fixed:
>    #989: Patch for fixing type-punned compiler warnings [Alin Nastac]
>    #979: Two errors in debian/ packaging files (fix included) [ruben]
>    #978: ipsec.conf man page has typo in virtual_private sample line [tuomo]
>    #231: In Aggressive Mode with NAT-T,initiator should switch port [hiren joshi]
>    #228: Problems with %any matching in ipsec.secrets? [David McCullough]
>    #984: OpenSwan 2.4.13: Wrong ipsec_dev_get(x) function for Kernels < 2.6.24
> v2.6.17 [will be skipped due to bad tag]
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20081002/cd3dde1c/attachment.bin 

More information about the Dev mailing list