[Swan-dev] What should PLUTO_MY_CLIENT_NET contain?
Andrew Cagney
andrew.cagney at gmail.com
Wed Aug 7 16:27:10 UTC 2019
On Tue, 6 Aug 2019 at 10:16, Paul Wouters <paul at nohats.ca> wrote:
>
> On Tue, 6 Aug 2019, Andrew Cagney wrote:
>
> Examples filled in for my vpn.nohats.ca connection:
>
Yea, 193.111.228.70/32 is the easy case since PREFIX+HOST ==
193.111.228.70; same with subnets like 193.111.228.0/24.
But then there's :PORT:
193.111.228.70/32:555
Both pfkey_raw_eroute() and eroute contain code that checks for a
non-zero :PORT so it can happen. The code below does not include it
(neither jam_subnet() / subnettot() nor jam_address() / addrtot()
include the port, even when it is non-zero).
Finally there's:
193.111.228.70/24:555
the subnet parser seems to allow it but I don't know if it is rejected
later on. If it is, then ..._NET=193.111.228.70 is added.
> > I'm looking at this code: jam(buf, "PLUTO_MY_CLIENT='");
> > jam_subnet(buf, &sr->this.client);
> > jam(buf, "' ");
>
> PLUTO_MY_CLIENT='193.111.228.70/32'
>
> > jam(buf, "PLUTO_MY_CLIENT_NET='");
> > ta = subnet_endpoint(&sr->this.client);
> > jam_address(buf, &ta);
> > jam(buf, "' ");
>
> PLUTO_MY_CLIENT_NET='193.111.228.70'
>
> > jam(buf, "PLUTO_MY_CLIENT_MASK='");
> > ta = subnet_mask(&sr->this.client);
> > jam_address(buf, &ta);
> > jam(buf, "' ");
>
> PLUTO_MY_CLIENT_MASK='255.255.255.255'
>
> > If you go by the names you'd think that an ip_subnet contained network-prefix + mask-bits, but based on how it is used, it can contain
> >
> > NETWORK_PREFIX+HOST_IDENTIFIER : PORT / MASK-BITS
> >
> > which means in the above, PLUTO_MY_CLIENT_NET= is set to NETWORK_PREFIX+HOST_IDENTIFIER.
>
> That's not what seems to happen. Anyway, we should have named
> PLUTO_MY_CLIENT PLUTO_MY_CLIENT_CIDR or something, but we cannot
> rename anything or put different content in any of these without
> breaking every single custom updown script out there.
>
> Paul
More information about the Swan-dev
mailing list