Jan Engelhardt's avatar

Jan Engelhardt

jengelh

Member of the group
Involved Projects and Packages
Maintainer
Maintainer

StrongSwan is an OpenSource IPsec-based VPN Solution for Linux

* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec)
kernels

* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange
protocols

* NEW: Fully tested support of IPv6 IPsec tunnel connections

* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC
4555)

* Fast connection startup and periodic update using ipsec starter

* Automatic insertion and deletion of IPsec policy based firewall
rules

* Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption

* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)

* Static Virtual IPs and IKE Mode Config Pull and Push modes

* XAUTH server and client functionality on top of IKE Main Mode
authentication

* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels

* Authentication based on X.509 certificates or preshared keys

* Generation of a default self-signed certificate during first
strongSwan startup

* Retrieval and local caching of Certificate Revocation Lists via
HTTP or LDAP

* Full support of the Online Certificate Status Protocol (OCSP, RCF
2560).

* CA management (OCSP and CRL URIs, default LDAP server)

* Powerful IPsec policies based on wildcards or intermediate CAs

* Group policies based on X.509 attribute certificates ( RFC 3281)

* Optional storage of RSA private keys and certificates on a
smartcard

* Smartcard access via standardized PKCS #11 interface

* PKCS #11 proxy function offering RSA decryption services via whack

* NEW: strongSwan Manager - a graphical management interface for IKEv2

Coccinelle is a program matching and transformation engine which
provides the language SmPL (Semantic Patch Language) for specifying
desired matches and transformations in C code. Coccinelle was
initially targeted towards performing collateral evolutions in Linux.
Such evolutions comprise the changes that are needed in client code
in response to evolutions in library APIs, and may include
modifications such as renaming a function, adding a function argument
whose value is somehow context-dependent, and reorganizing a data
structure. Beyond collateral evolutions, Coccinelle is successfully
used (by us and others) for finding and fixing bugs in systems code.

The conntrack-tools are a set of tools targeted at system
administrators. They are conntrack, the userspace command line
interface, and conntrackd, the userspace daemon. The tool conntrack
provides a full featured interface that is intended to replace the
old /proc/net/ip_conntrack interface. Using conntrack, you can view
and manage the in-kernel connection tracking state table from
userspace. On the other hand, conntrackd covers the specific aspects
of stateful firewalls to enable highly available scenarios, and can
be used as statistics collector as well.

The elftoaout utility converts a static ELF binary to a static a.out
binary. If you are using an ELF system on a SPARC, you will need to
run elftoaout on the kernel image so that the SPARC PROM can boot the
image.

Bugowner

A collection of various tools. Some of the important ones:

* checkbrack(1) — check parenthesis and bracket count
* cwdiff(1) — run wdiff with color
* declone(1) — break hardlinks
* diff2php(1) — transform patch to self-serving PHP file
* doxygen-kerneldoc-filter(1) — filter for Doxygen to support kerneldoc
* fd0ssh(1) — pipe for password-over-stdin support to ssh
* filenameconv(1) — convert file name encoding
* flv2avi(1) — repackage Flash video into an AVI container with PCM audio
* fnt2bdf(1) — convert VGA raw fonts to X11 BDF
* git-author-stat(1) — show commit author statistics of a git repository
* git-export-patch(1) — produce perfect patch from git comits for mail submission
* git-forest(1) — display the commit history forest
* git-lemon(1) — don't just pick cherries, but take it all (cherry- pick a commit range)
* git-new-root(1) — start a new root in the git history
* git-revert-stats(1) — show reverting statistics of a git repository
* git-track(1) — set up branch for tracking a remote
* man2html(1) — convert nroff manpages to HTML
* newns(8) — clone current filesystem namespace and start a process
* ofl(1) — open file lister (replaces fuser and lsof -m)
* pesubst(1) — perl-regexp stream substitution (replaces sed for sub‐ stitutions)
* pmap_dirty(1) — display amount of RAM a process uses hard
* recursive_lower(1) — recursively lowercase all filenames
* spec-beautifier(1) — program to clean up RPM .spec files
* sysinfo(1) — print IRC-style system information banner
* tailhex(1) — hex dumper with tail-following support
* utmp_register(1) — make entries in the utmp/wtmp database
* vcsaview(8) — display a screen dump in VCSA format
* vfontas(1) — VGA font file assembler
* wktimer(1) — work timer

Bugowner

Iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
2.4.0 or newer.

Bugowner

libmnl is a minimalistic user-space library oriented to Netlink
developers. There are a lot of common tasks in parsing, validating,
constructing of both the Netlink header and TLVs that are repetitive
and easy to get wrong. This library aims to provide simple helpers
that allows you to re-use code and to avoid re-inventing the wheel.

Author(s):
----------
Pablo Neira Ayuso
Netfilter Team

libnetfilter_conntrack is a userspace library providing a programming
interface (API) to the in-kernel connection tracking state table. The
library libnetfilter_conntrack has been previously known as
libnfnetlink_conntrack and libctnetlink. This library is currently
used by conntrack-tools among many other applications.

libnetfilter_log is a userspace library providing interface to
packets that have been logged by the kernel packet filter. It is is
part of a system that deprecates the old syslog/dmesg based packet
logging. This library has been previously known as libnfnetlink_log.

libnetfilter_queue is a userspace library providing an API to packets
that have been queued by the kernel packet filter. It is is part of a
system that deprecates the old ip_queue / libipq mechanism.

libnetfilter_queue has been previously known as libnfnetlink_queue.

libnfnetlink is the low-level library for netfilter related
kernel/userspace communication. It provides a generic messaging
infrastructure for in-kernel netfilter subsystems (such as
nfnetlink_log, nfnetlink_queue, nfnetlink_conntrack) and their
respective users and/or management tools in userspace.

This library is not meant as a public API for application developers.
It is only used by other netfilter.org projects, such as
libnetfilter_log, libnetfilter_queue or libnetfilter_conntrack.

Bugowner

This utility will dump SPARC OpenPROM device tree in the format
similar to Solaris prtconf, that is, in a nicely readable compact
format.

Bugowner

SILO, the Sparc Improved boot LOader, is a booting loader program
that runs from the PROM of SPARC (32-bit) and UltraSPARC (64-bit)
based systems.

Bugowner

sshfp generates DNS SSHFP records from SSH public keys. sshfp can
take public keys from a knownhosts file or from scanning the host's
sshd daemon. The ssh client can use these SSHFP records if you set
"VerifyHostKeyDNS yes" in the file /etc/ssh/ssh_config.

Bugowner

Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse
Proxy) is an application that stores (caches) documents that have been
requested over the HTTP protocol.

Based on certain criteria the next client requesting the document is either
given the cached document, or a "fresh" document requested from a backend
server. The purpose of this is to minimize the requests going to the backend
server(s) by serving the same document to potentially many users.

Bugowner

xindy is an index processor that can be used to generate book-like
indexes for arbitrary document-preparation systems. This includes
systems such as TeX and LaTeX, the roff-family, SGML/XML-based
systems (e.g. HTML) that process some kind of text and generate
indexing information. The kernel system is not fixed to any specific
system, but can be configured to work together with such systems.

In comparison to other index processors xindy has several powerful
features that make it an ideal framework for describing and
generating complex indices, addressing especially international
indexing.

Xtables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel.

Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it
contains extensions that were not, or are not yet, accepted in the
main kernel/iptables packages.

The package contains the GeoIP definition files (which IP addresses
belong to which country) that are needed for Xtables-addons's
xt_geoip module.

This product includes GeoLite data created by MaxMind, available from
http://maxmind.com/.

Author(s):
----------
The GeoIP data is from MaxMind.com.
Please do not contact them for errors with this package.

Official released updates for openSUSE 11.4.

Bugowner

Arping is a util to find out it a specific IP address on the LAN is
"taken" and what MAC address owns it. It is designed to work on
unrouted networks and with ICMP-blocking hosts.

Author(s):
----------
Thomas Habets

arptables is a user space tool used to set up and maintain thetables of
ARP rules in the Linux kernel. These rules inspect the ARPframes.
arptables is similar to the iptables userspace tool, but less
complicated.

Bugowner

bindfs is a FUSE filesystem for mounting a directory to another location,
similarly to mount --bind. The permissions inside the mountpoint can be altered
using various rules.

openSUSE Build Service is sponsored by