[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Fri Jun 26 00:52:52 UTC 2020
New commits:
commit 0c2048bac4a9aaf59b61a476bc63c83701fb3b11
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jun 25 20:13:04 2020 -0400
ikev3: fix ikeport <=> NAT <=> port`
On initiator, when NAT is detected, and not already, switch to an
interface that supports ESPINUDP.
On responder, just detect NAT (should it return a fatal when it sees
things are doomed?).
Also:
- replace ikev2_nat_lookup() with v2_nat_detected()
Use md->pbs[PBS_v2N_NAT_DETECTION_*_IP], delete for-each notify
payload loop. Use IKE SPIs from MD (since they always match what is
used to hash). Use pbs_in_left_as_hunk(). Use struct hash_desc
.hash_digest_size (delete IKEV2_NATD_HASH_SIZE).
- add v2_natify_initiator_endpoints()
Check things like .esp_encapsulation_enabled, .float_nat_initiator,
and .that.raw.host.ikeport. Fail when it isn't possible to switch
to an ESPIN* interface.
commit 5c2587ab9af62a26fc3b10c365d1a8851197dd93
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jun 25 11:19:44 2020 -0400
testing: test ikeport with NAT detection
More information about the Swan-commit
mailing list