[Swan-dev] protoport=0/1234

Andrew Cagney andrew.cagney at gmail.com
Wed May 20 14:40:08 UTC 2020


I added code to reject it, it didn't go well.  In figuring out why I
found the existing code emits:
https://testing.libreswan.org/v3.30-722-g0c6a4c557f-master/ikev2-allow-narrow-03/OUTPUT/west.pluto.log.gz

| *****emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
|    IP Protocol ID: 0 (00)
|    start port: 1234 (04 d2)
|    end port: 1234 (04 d2)

but for the ports:

   o  Start Port (2 octets, unsigned integer) - Value specifying the
      smallest port number allowed by this Traffic Selector.  For
      protocols for which port is undefined (including protocol 0), or
      if all ports are allowed, this field MUST be zero.

   o  End Port (2 octets, unsigned integer) - Value specifying the
      largest port number allowed by this Traffic Selector.  For
      protocols for which port is undefined (including protocol 0), or
      if all ports are allowed, this field MUST be 65535.

so what's the intent?


More information about the Swan-dev mailing list