changes

This a good VPN source

Changes to Pluto
================

RCSID $Id: CHANGES,v 1.198 2003/06/14 18:51:01 dhr Exp $

- [MCR] changes to support co-terminal connections of the near kind.

- --dontrekey is now a misnomer: the IPsec SA will be rekeyed if we
  are the Initiator and there is outbound traffic in the period
  leading up to the rekeying decision point.  This is a heuristic: a
  mistake doesn't matter much since the connection, once deleted, will
  be rekeyed on demand.

- accept a proposal with compression even if the connection does not
  have the POLICY_COMPRESSION flag.  This is a reversal of a policy
  introduced in 1.6.

- fixed load-triggered deadlock between asynch DNS process and pluto

- add %myid to indirectly refer to current id.  Set from $IPSECmyid on
  startup and via whack --myid

- make whack/pluto version matching less stringent for --status and
  --shutdown.

- remove all code for DODGE_DH_MISSING_ZERO_BUG

- when attempting outbound Opportunism, check our side's DNS
  entries, not just the other side's.  If we don't have them,
  fail: not worth attempting.


Change since 2.00 release by MCR and DHR

- "KEY Restrict": in each place where Pluto used the DNS KEY Resource
  Record, it now uses one of our special TXT Resource Records.  For
  now, we continue to accept KEY records if the TXT record is not
  found.

Changes since 1.99 release by D. Hugh Redelmeier <hugh@mimosa.com

- when Responding with an Opportunistic connection, check our side's
  DNS for proper delegation.  This avoids the promiscuous
  "packetdefault" conn from licensing unexpected access to our clients.

- many changes for "Policy Groups":
  + host=%group and host=%opportunisticgroup signals that
    contents of group files should be substituted
  + an opportunistic connection can be constrained to only
    apply to peers and their clients within a specified subnet
  + Pluto can manage pure shunt connections (involving no IKE).
  + failure-case shunts can now be specified.

- add a listing of pending Phase 2 negotiations to status output

- reorganize impairment mechanism.  Now controlled by unadvertised
  runtime flags.

- [MCR] tolerate Certificate Request Payloads any time

- [MCR] generate Vendor ID Payloads (sent if PLUTO_SENDS_VENDORID defined)

- [MCR] print some of content of Vendor ID Payloads received.

- Corrected design bug in --dontrekey.  If IPsec SA lifetime chosen by
  us is smaller than what other side specified in negotiation, we will
  renegotiate when the shorter lifetime dictates.  This is the only
  sane way to communicate the shorter lifetime.  For ISAKMP SA lifetime,
  we accept the other side's choice.


Changes since 1.98 release by D. Hugh Redelmeier <hugh@mimosa.com>

- Fixed assertion failure in quick_inI1_outR1_continue.  Can happen
  when the result of a DNS TXT query is not needed by the time it
  arrives (due to another negotiation providing the information).
  Can be demonstrated by the test "ipsec-oppo-race-iinr-net".


Changes since 1.97 release by D. Hugh Redelmeier <hugh@mimosa.com>

- added --dnskeyondemand option for connection ends.

- Fixed a bug that provoked PF_KEY errors.  If an updown script fails
  and it was invoked as part of a step that involved installing an
  eroute, any previous eroute should be restored as part of undoing
  that step.  The bug was that any old eroute was lost.

- When representing a long string in a DNS TXT resource record,
  it must be broken up into chunks less than 256.  When reconstitute
  the original string, Pluto now just concatenates them.  It used to
  add a space after a chunk if it was shorter than 255 characters.
  This should make it easier (not easy!) to edit the TXT record
  source by hand.

- [mlafon@arkoon.net] fixed protocol numbers used in delete payload.

- took -DDODGE_DH_MISSING_ZERO_BUG out of Makefile.  Anyone planning
  on talking to FreeS/WAN 1.0 systems should put it back.  And
  check into the Smithsonian Institution.

- in --status and logging output, references to connection instances
  now contain a sequence number for the instance and details of the
  instantiation (i.e. more IP addresses).  Perhaps too bulky.

- reworked initiate_opportunistic to avoid race conditions
  introduced with Asynch DNS.

- added impairment to aid testing: IMPAIR_DELAY_ADNS_ANSWER

- whack --status now displays the bare shunt table.

- Changed Main Mode hash calculation to use the ID Payload as sent
  by peer, rather than reconstituting it from our tables.  This matters
  if we use different case than peer did (eg @example.com vs @Example.Com).

- renamed source files:
  + kernel_comm.[hc] => rcv_whack.[hc]
  + preshared.[hc] => keys.[hc]
  + main.c => plutomain.c

- added POLICY_UP to track whether our admin has requested that this
  connection be up.


Changes since 1.96 release by D. Hugh Redelmeier <hugh@mimosa.com>

- fixed a bug that would make the following (pointless) sequence to
  trigger a failure of Pluto assertion "c->routing == RT_ROUTED_TUNNEL":
	ipsec auto --add conn
	ipsec auto --up conn
	ipsec auto --route conn
	ipsec auto --down conn

- send Delete Notifications when deleting IPSEC SAs.  We don't yet
  understand ones we receive.

- added "keyid" (see ipsec_keyblobtoid(3)) to appropriate messages so
  that RSA key being used is manifest.

- track whether information (security gateway, public key) came from
  DNSsec or unauthenticated DNS.  Untested since normal resolver calls
  can no longer return DNSsec results.  The information isn't used.

- use asynchronous DNS mechanism for all lookups during keying.

- added --interface flag to Pluto to constrain interfaces considered.
  One use of this option is to specify which interface should be used
  when two or more share the same IP address.  Another is to assist
  with test setups.

- small cleanups:
  + fix compile without no -DKLIPS
  + use ttodatav in place of atobytes and ttodata
  + use hosttosubnet
  + define and use close_any
  + define and use USED_BY_KLIPS and USED_BY_DEBUG
  + define and use happy, a kind of assertion macro
  + define and use impossible, a kind of assertion macro
  + when an unknown attribute value is seen in an ISAKMP transform,
    reject only that transform, not the whole proposal.
  + add Hybrid auth methods to table to improve diagnostics

Changes since 1.95 release by D. Hugh Redelmeier <hugh@mimosa.com>

- fixed bug in ipsec_doi.c:main_inR3 with unknown consequences.
  When the Initiator finds out the peer's Phase 1 ID, it might
  change which connection it thinks is being used.  If so,
  this routine used to perform an operation on the old connection
  data structure -- a mistake now corrected.  There are few cases
  where the Responder surprises the Initiator about Phase 1 IDs.

- fixed an error in network error handling that caused a segfault if
  there was a MSG_ERRQUEUE report on the last message of a Quick Mode
  exchange.

- fix leak (detected by assertion failure) triggered by missing
  private key.


Changes since 1.94 release by D. Hugh Redelmeier <hugh@mimosa.com>

- added "whack --deletestate <state_object_number>" as a crude
  tool for deleting instances of connections.

- fix assertion in quick_inI1_outR1 introduced with key rollover
  support in 1.92.  Assertion failed in Responder when Source
  was not the same as Initiator.

- reduce level of routine logging.  Add --debug-lifecycle,
  a temporary hack: it controls some logging, not debugging.

- Reorganize code to prepare for asynchronous DNS.

- Arrange for our file descriptors to be close-on-exec so that
  the updown script won't inherit them.  Some library facilities
  (syslog?) may not be as careful.

- Fix assertion failure in DNS record handling.  Provoked by a
  malformed key in a TXT record.  Introduced in 1.93.

- Change Responder cookie generation algorithm so that a particular
  peer no longer gets the same cookie each time.

- Tidy and correct setting and resetting cur_* variables.  A per-connection
  debug setting could provoke a GLOBALS_ARE_RESET assertion failure.

- Fix handing of pending list in release_dead_interfaces:
  connection must be released before it is removed from host_pair list.

- Ignore IPv6 interface addresses that are of link-local scope.
  We think that they are never relevant.  Trying to bind to these
  addresses without a scope-id causes bind to balk.


Changes since 1.93 release by D. Hugh Redelmeier <hugh@mimosa.com>

- Only run the up-* updown script for tunnel eroutes, not shunt
  eroutes.

- Now only --routed connections may be initiated on demand
  (i.e. triggered by SADB_ACQUIRE triggered by trapped outbound packet).
  Among other things, this eliminates a bug whereby an ACQUIRE
  could be ascribed by Pluto to a Road Warrior template connection.
  Pluto will now refuse to --route a Road Warrior template.

- Correct bug that lost track of a bare shunt table entry.
  Add debugging logging for changes to that table.


Changes since 1.92 release by D. Hugh Redelmeier <hugh@mimosa.com>

- [andreas.steffen@strongsec.com] Bug fix: carrying Phase 1 ID
  over when instantiating a different RW connection due to
  revelation of Phase 2 IDs.  This bug should only have affected
  X509-authenticated negotiations.

- add more context to log and status lines.  If the connection or
  state is an instance, show the peer involved; if Opportunistic, also
  show the client subnet.

- seed rand(3) with bytes from /dev/urandom.

- propose 1536 MODP Group before 1024 MODP Group.  This generates
  more entropy, so should be a little safer.  And slower.

- add --debug-dns flag

- During Phase 1, when an RSA Public Key is require, only query DNS
  for a KEY record for an Opportunistic connection.  (This does not
  change the whack --keyid way of querying for a KEY record during
  preconfiguration.)

- Multiple RSA public keys, if available, will be tried when
  authenticating a signature.  This facilitates key rollover.
  New whack flag --addkey.
  Multiple DNS TXT and KEY records are used if they are found
  (but only one Responder is tried).

- no longer try to figure out --rsasig or --psk if neither specified.
  This would require an extra DNS lookup for a KEY record.

Changes since 1.91 release by D. Hugh Redelmeier <hugh@mimosa.com>

- got rid of caching of DNS results.  They might become stale.

- Added --dontrekey option for a connection.  Crudely useful
  for Road Warrior and Opportunistic connections.

- Ignore the Commit Flag.  This should let us interoperate with
  implementations that insist on it.  The damage should be minor.

- Don't split the topology line of --status output.  The output is now
  more consistent (if wider).

- Improve diagnosis when ipsec.secrets has a non-indented "}"
  at the end of an RSA private key.

- Savatier S閎astien <SebastienSavatier@lyon.msi-sa.fr>:
  fix bug in emitting explicit IP address ID payload.

- Support inbound policy check of source and destination inner
  addresses of tunneled packets.  This will make it possible to
  prevent one peer from successfully spoofing packets from another.

- Use poll(2) to check for MSG_ERRQUEUE messages before recvfrom:
  even though select(2) says that there is a message, a plain
  recvfrom(2) can block if the only message is on MSG_ERRQUEUE.  I
  think that this blocking is a kernel bug, or at least a
  documentation bug.  Also check for MSG_ERRQUEUE messages before
  sendto(2): their presence can cause sendto to fail confusingly (i.e.
  the failure has nothing to do with the actual sendto).


Changes since 1.9 release by D. Hugh Redelmeier <hugh@mimosa.com>

- SIGTERM now causes Pluto to exit cleanly.

- if --nofork is used, Pluto prints the line "Pluto initialized" to
  standard out after creating the lock file and the control socket.

- the startup script relies on the property that whack can be
  used immediately after the pluto command finishes (i.e.
  right after the parent process of the daemon exits).
  In the past, the control socket used by whack was created
  after the fork: not necessarily before the parent exits.
  This race condition has been eliminated.

- refined the code for DODGE_DH_MISSING_ZERO_BUG to ensure
  Responder never drops a negotiation.

- added and exploited builddiag(), a routine make it easier to add
  intermediate context to diagnostics.

- For purposes of IPv4, Pluto will now only consider interfaces that
  are "up".  It has always ignored those configured with address
  0.0.0.0, thus ignoring "down" interfaces in most cases.