<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 21 Sep 2020 at 13:53, Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, 20 Sep 2020, Paul Wouters wrote:<br>
<br>
> Subject: [Swan-dev] nat: ikeport commit broke DDNS tests<br>
<br>
Fixed with commit 82ffa122d2500bb7a4<br>
<br>
That's probably a bandaid and not the best solution, but it can be<br>
cleaned up later when we cleanup the port variables more.<br>
<br></blockquote><div><br></div><div>There's more to this. The original commit moved:<br></div><div><br></div><div> @@ -818,14 +833,6 @@ static int extract_end(struct fd *whackfd,<br> leftright, src->host_ikeport);<br> dst->raw.host.ikeport = 0;<br> }<br>- /*<br>- * XXX: When DST is the peer setting .host_port to PLUTO_PORT<br>- * (our port) is wrong. IKE_UDP_PORT is the next best thing.<br>- *<br>- * But what if DST is THIS? .host_port gets ignored?<br>- */<br>- dst->host_port = (dst->raw.host.ikeport ? dst->raw.host.ikeport : IKE_UDP_PORT);<br></div><div><br></div><div>to:<br></div><div><br></div><div>+ /*<br>+ * XXX: When DST is the peer setting .host_port to PLUTO_PORT<br>+ * (our port) is wrong. IKE_UDP_PORT is the next best thing.<br>+ *<br>+ * But what if DST is THIS? .host_port gets ignored?<br>+ *<br>+ * If one end has an ikeport, the other must use ikport or nat<br>+ * port.<br>+ */<br>+ e->host_port = (e->raw.host.ikeport ? e->raw.host.ikeport :<br>+ remote_port ? NAT_IKE_UDP_PORT :<br>+ IKE_UDP_PORT);<br>+ dbg("%s host_port %d", leftright, e->host_port);<br></div><div><br></div><div>where REMOTE_PORT is the other END's ikeport as specified in the config file.<br></div></div><div><br></div><div>Putting back the original assignment means there's code using a wrong value.<br></div><div class="gmail_quote"><div><br></div></div></div>