[Openswan Users] 2.6.25 kernel released - has openswan fix, plus new features
Paul Wouters
paul at xelerance.com
Thu Apr 17 12:13:01 EDT 2008
>From the 2.6.25 changelog:
commit bcf0dda8d2408fe1c1040cdec5a98e5fcad2ac72
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Apr 9 15:08:24 2008 -0700
[XFRM]: xfrm_user: fix selector family initialization
Commit df9dcb45 ([IPSEC]: Fix inter address family IPsec tunnel handling)
broke openswan by removing the selector initialization for tunnel mode
in case it is uninitialized.
This patch restores the initialization, fixing openswan, but probably
breaking inter-family tunnels again (unknown since the patch author
disappeared). The correct thing for inter-family tunnels is probably
to simply initialize the selector family explicitly.
Signed-off-by: Patrick McHardy <kaber at trash.net>
Signed-off-by: David S. Miller <davem at davemloft.net>
commit b318e0e4ef4e85812c25afa19f75addccc834cd4
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Tue Feb 12 22:50:35 2008 -0800
[IPSEC]: Fix bogus usage of u64 on input sequence number
Al Viro spotted a bogus use of u64 on the input sequence number which
is big-endian. This patch fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
and a new feature not yet supported by the openswan userland:
commit 1a6509d991225ad210de54c63314fd9542922095
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Mon Jan 28 19:37:29 2008 -0800
[IPSEC]: Add support for combined mode algorithms
This patch adds support for combined mode algorithms with GCM being
the first algorithm supported.
Combined mode algorithms can be added through the xfrm_user interface
using the new algorithm payload type XFRMA_ALG_AEAD. Each algorithms
is identified by its name and the ICV length.
There are many small fixes to XFRM as well.
Paul
More information about the Users
mailing list