[Swan-dev] protoport=0/1234
Paul Wouters
paul at nohats.ca
Wed May 20 15:03:57 UTC 2020
On Wed, 20 May 2020, Andrew Cagney wrote:
> Subject: [Swan-dev] protoport=0/1234
>
> I added code to reject it, it didn't go well. In figuring out why I
> found the existing code emits:
> https://testing.libreswan.org/v3.30-722-g0c6a4c557f-master/ikev2-allow-narrow-03/OUTPUT/west.pluto.log.gz
>
> | *****emit IKEv2 Traffic Selector:
> | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
> | IP Protocol ID: 0 (00)
> | start port: 1234 (04 d2)
> | end port: 1234 (04 d2)
It went well actually. The test case used a bogus configuration. I fixed
up the test case. I guess we should add code in add_connection() to
reject connections with protoport=0/non-zero
Paul
More information about the Swan-dev
mailing list