[Swan-dev] end.host_addr's port

Thu Aug 22 21:06:34 UTC 2019

I'm looking at:

struct end {
       ip_address host_addr;
        ip_subnet client;
        bool has_client;
        bool has_client_wildcard;
        bool has_port_wildcard;
        uint16_t host_port;             /* where the IKE port is */
        uint16_t port;                  /* port number, if per-port keying */
}

and am puzzled by .port vs .host_port and .client vs .host[addr].  My
working theory was that things were paired:

   .client and .port (what IKEv2 calls a traffic selector)
   .host_addr and .host_port (the IKE endpoint)

but, in the case of .host_addr, the code seems to be fighting itself
over what the port should be.  For instance:

- in ikev2_ts.c the .host_addr's port is forced to the negotiated TS
client port:

    c->spd.that.client = tmp_subnet_r;
    c->spd.that.port = st->st_ts_that.startport;
    c->spd.that.protocol = st->st_ts_that.ipprotoid;
    setportof(htons(c->spd.that.port),
          &c->spd.that.host_addr);
    setportof(htons(c->spd.that.port),
          &c->spd.that.client.addr);

- but then in state.c:mobike, it's forced to the sender's port
(.sender has probably always had the port embedded in it).

        /* MOBIKE responder processing request */
        c->spd.that.host_addr = md->sender;
        c->spd.that.host_port = hportof(&md->sender);

A look at *_raw_eroute() shows .host_port is ignored (I thought it was
used, but it turns out that was only for prettying an error).

A look at .has_client shows more promise, the code seems to copy
.host_addr into .client vis:

    /* default client to subnet containing only self
     * XXX This may mean that the client's address family doesn't match
     * tunnel_addr_family.
     */
    if (!c->spd.that.has_client)
        addrtosubnet(&c->spd.that.host_addr, &c->spd.that.client);

and, I I'm guessing, is assuming that /host_addr's port is still set
to .port (the client port).

Andrew