[Swan-dev] when is ttosubnet(addr/mask:port) valid?
Paul Wouters
paul at nohats.ca
Sun Jan 3 17:34:36 UTC 2021
On Thu, 31 Dec 2020, Andrew Cagney wrote:
> One of the quirks of ttosubnet() is that it will parse:
>
> 1.2.3.0/24:10
I do not know of any place where this is considered a valid value?
> {left,right}subnet=... as ttosubnet() and one_subnet_from_string()
> --client <subnet>
> if anything these are selectors and could allow a port; but
> perhaps only protoport= is ever used?
I don't think it should be allows there.
> virtual-private= aka virtual_ip.c:read_subnet()
> maybe?
That was only to limit CIDR's from being allowed/disallowed, nothing
more granular.
> read_foodgroup() (the policies files)
> perhaps
OE uses this syntax for protoport specific selectors in /etc/ipsec.d/policies:
192.1.2.0/24 tcp 0 22
So I don't think there is any reason for ttosubnet() to allow CIDR:num
Paul
More information about the Swan-dev
mailing list