[Swan-dev] protoport=0/1234
Andrew Cagney
andrew.cagney at gmail.com
Wed May 20 14:40:08 UTC 2020
I added code to reject it, it didn't go well. In figuring out why I
found the existing code emits:
https://testing.libreswan.org/v3.30-722-g0c6a4c557f-master/ikev2-allow-narrow-03/OUTPUT/west.pluto.log.gz
| *****emit IKEv2 Traffic Selector:
| TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
| IP Protocol ID: 0 (00)
| start port: 1234 (04 d2)
| end port: 1234 (04 d2)
but for the ports:
o Start Port (2 octets, unsigned integer) - Value specifying the
smallest port number allowed by this Traffic Selector. For
protocols for which port is undefined (including protocol 0), or
if all ports are allowed, this field MUST be zero.
o End Port (2 octets, unsigned integer) - Value specifying the
largest port number allowed by this Traffic Selector. For
protocols for which port is undefined (including protocol 0), or
if all ports are allowed, this field MUST be 65535.
so what's the intent?
More information about the Swan-dev
mailing list