[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Thu Jul 11 18:10:49 UTC 2019
New commits:
commit 695b248d151fd3dddd4aadd27e0c937840ca46a4
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jul 11 13:15:50 2019 -0400
ikev2 nat: make floating the initiator's endpoints to :4500 explicit
Extract a quirky interaction where ikev2_natd_lookup() (if
NAT_T_DETECTED and initiator) calls nat_traversal_change_port_lookup()
(MD==NULL) and only local interface is updated. Move code to
v2_nat_initiator_endpoints() and only calling when the initiator.
pexpect .st_local{addr,port} == .st_interface's .local_endpoint.
pexpect local port :54500 exists.
(Better terminology needed: the RFC describes this as "MUST tunnel all
future IKE and ESP packets [...] over UDP port 4500" - overloading
"tunnel"; and older code describes this as "floating" - yet the port
isn't "floating around" as it must be :4500)
More information about the Swan-commit
mailing list