* Remove by default forced -DLEAK_DETECTIVE [Tuomo]
* Makefile.inc now uses USE_LEAK_DETECTIVE?=false [Paul]
* NOMMU: Add -DCOMPILER_HAS_NO_PRINTF_LIKE to support arm-elf-gcc [Paul]
* NOMMU: If pluto is started with --nofork, then also disable nhelpers [Paul]
* NOMMU: Added HAVE_NO_FORK?= option to Makefile.inc (default false) [Paul]
* INTEROP: Ignore IKEv1 notification type 40001 (Netscreen private use)
[Andreas/Daniel]
* IKEv2: Fix crash on receiving retransmited STATE_PARENT_I2 on bad AUTH [Paul]
* IKEv2: Check for USE_TRANSPORT_MODE in all received notification payloads,
not just the first notify payload. This is Red Hat bugzilla 646718 [Avesh]
* MAST: The mastX interface no longer gets/needs an IP address [Paul]
* MAST: avoid routes towards virtual ipsecN interface [Bart/Roel]
* Support for Isomorphic Algorithms and Identity Disks [Olivia Wilde]
* SAREF: set sareftrack=yes as the default policy [Paul]
* Fix printf format arguments [Simon]
* Added ipsec addconn --checkconfig and initscript support [Harald]
* Fix for: either "local" is duplicate, or "secondary" is garbage [Simon]
* KLIPS: Better interface handling in _startklips [Paul]
* fix interface parsing in getinterfaceinfo() [Bart/Roel]
* KLIPS: Support more then 9 ipsec/mast interfaces in parser [Simon]
* OCF: Change some hardcoded variables to module paramters [David]
-ipsec_ocf_batch(1): Make OCF queue packets rather than process immediately
-ipsec_ocf_cbimm(1): Does OCF immediately (ie., at irq time) run callbacks
or queue and call later"
-ipsec_ixs_cache_allocated_max(1000):
* OCF: Fix up usage of crp_olen as returned from ocf [David]
* OCF: Order algs correctly for processing when mixing AUTH/CIPHER algs [David]
* OCF: Update to OCF for SMP systems to allow using multiple CPU's [David]
* OCF: Added /proc/net/ipsec/ocf to indicate if we support OCF or not [Paul]
* OCF: move netif_wake_queue inside the lock in ipsec_xmit_state_delete [David]
* OCF: OCF: Attempt to load OCF kernel HW module on startup [Paul]
* SMP/OCF: Fix up queue stop/start on SMP systems [David]
* OCF: Fix OCF deadlock (do not call schedule with a lock) [David]
* Fix bad memory read with full debugging enabled (pbs_room vs pbs_left) [Dhr]
* Fix bad memory read with -lefence in osw_alias_cmp() [Dhr]
* Fix for STF_INLINE case in quick_inI1_outR1_cryptocontinue1() [Dhr]
* KLIPS: make kpatch is more robust, less manual patching [Paul]
* UML: Various minor fixes to get uml system back online [Paul]
* SPEC: Add "development" define in spec file to build devel version [Tuomo]
* RSA: Fix generation of ipsec.secrets when missing on first startup [Paul]
* DPD: DPD_ACTION_RESTART would always execute DPD_ACTION_RESTART_BY_PEER [dhr]
* DPD: DPD_ACTION_CLEAR crash on CK_INSTANCE with -lefence [Tuomo]
* DPD: flush_pending_by_connection() when doing a %clear on DPD timeout [dhr]
* NAT: Put old/new style chatter into DBG_NATT [Paul]
* NETKEY: Reduce bogus noise about Old/New NAT-T support [Paul]
* Bugtracker bugs fixed:
#1095 Local packets are dropped on ipsec device when marking packets in
OUTPUT chain [Wolfgang Nothdurft]
#1160 init.d script not reporting correct exit status on config parse
error [James Mead]
#1162 IKEv2 transport mode interop with racoon [PATCH] [Avesh]
#1170 pluto option --impair-shared-phase1 causes segfaults on --down'ing
a connection