diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:15:54 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:15:54 +0000 |
| commit | c7f1b0530b85bc7654e68992f25ed8ced5d0a80d (patch) | |
| tree | 861798cd7da646014ed6919766b053099646710d /NEWS | |
| parent | 8b80ab5a6950ce6515f477624794defd7531642a (diff) | |
| download | vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.tar.gz vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.9)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -1,3 +1,42 @@ +strongswan-4.2.9 +---------------- + +- Flexible configuration of logging subsystem allowing to log to multiple + syslog facilities or to files using fine-grained log levels for each target. + +- Load testing plugin to do stress testing of the IKEv2 daemon against self + or another host. Found and fixed issues during tests in the multi-threaded + use of the OpenSSL plugin. + +- Added profiling code to synchronization primitives to find bottlenecks if + running on multiple cores. Found and fixed an issue where parts of the + Diffie-Hellman calculation acquired an exclusive lock. This greatly improves + parallelization to multiple cores. + +- updown script invocation has been separated into a plugin of its own to + further slim down the daemon core. + +- Separated IKE_SA/CHILD_SA key derivation process into a closed system, + allowing future implementations to use a secured environment in e.g. kernel + memory or hardware. + +- The kernel interface of charon has been modularized. XFRM NETLINK (default) + and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec + stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS + IPsec stack (--enable-kernel-klips) are provided. + +- Basic Mobile IPv6 support has been introduced, securing Binding Update + messages as well as tunneled traffic between Mobile Node and Home Agent. + The installpolicy=no option allows peaceful cooperation with a dominant + mip6d daemon and the new type=transport_proxy implements the special MIPv6 + IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address + but the IPsec SA is set up for the Home Adress. + +- Implemented migration of Mobile IPv6 connections using the KMADDRESS + field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon + via the Linux 2.6.28 (or appropriately patched) kernel. + + strongswan-4.2.8 ---------------- |