[Swan-dev] nat: ikeport commit broke DDNS tests
andrew.cagney at gmail.com
Mon Sep 21 18:34:38 UTC 2020
On Mon, 21 Sep 2020 at 13:53, Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 20 Sep 2020, Paul Wouters wrote:
> > Subject: [Swan-dev] nat: ikeport commit broke DDNS tests
> Fixed with commit 82ffa122d2500bb7a4
> That's probably a bandaid and not the best solution, but it can be
> cleaned up later when we cleanup the port variables more.
There's more to this. The original commit moved:
@@ -818,14 +833,6 @@ static int extract_end(struct fd *whackfd,
dst->raw.host.ikeport = 0;
- * XXX: When DST is the peer setting .host_port to PLUTO_PORT
- * (our port) is wrong. IKE_UDP_PORT is the next best thing.
- * But what if DST is THIS? .host_port gets ignored?
- dst->host_port = (dst->raw.host.ikeport ? dst->raw.host.ikeport :
+ * XXX: When DST is the peer setting .host_port to PLUTO_PORT
+ * (our port) is wrong. IKE_UDP_PORT is the next best thing.
+ * But what if DST is THIS? .host_port gets ignored?
+ * If one end has an ikeport, the other must use ikport or nat
+ * port.
+ e->host_port = (e->raw.host.ikeport ? e->raw.host.ikeport :
+ remote_port ? NAT_IKE_UDP_PORT :
+ dbg("%s host_port %d", leftright, e->host_port);
where REMOTE_PORT is the other END's ikeport as specified in the config
Putting back the original assignment means there's code using a wrong value.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan-dev