New commits:
commit 695b248d151fd3dddd4aadd27e0c937840ca46a4
Author: Andrew Cagney <[email protected]>
Date: Thu Jul 11 13:15:50 2019 -0400
ikev2 nat: make floating the initiator's endpoints to :4500 explicit
Extract a quirky interaction where ikev2_natd_lookup() (if
NAT_T_DETECTED and initiator) calls nat_traversal_change_port_lookup()
(MD==NULL) and only local interface is updated. Move code to
v2_nat_initiator_endpoints() and only calling when the initiator.
pexpect .st_local{addr,port} == .st_interface's .local_endpoint.
pexpect local port :54500 exists.
(Better terminology needed: the RFC describes this as "MUST tunnel all
future IKE and ESP packets [...] over UDP port 4500" - overloading
"tunnel"; and older code describes this as "floating" - yet the port
isn't "floating around" as it must be :4500)
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
