[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Fri Jul 12 16:49:16 UTC 2019
New commits:
commit 012dd0d9c60a2d55e70b0d063fba1928be4dbef1
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jul 12 12:43:31 2019 -0400
ikev2 nat: simplify if() guarding nat_traversal_change_port_lookup() call; document why it is broken
In IKEv2 when a secured request with a changed sender is received
by a responder that is not behind a NAT then the remote port
should be updated. The code trying to do this is broken:
- state isn't sufficient as either end can initiate an exchange
- can't assume that the very original IKE SA responder isn't behind
a NAT
More information about the Swan-commit
mailing list