New commits:
commit 012dd0d9c60a2d55e70b0d063fba1928be4dbef1
Author: Andrew Cagney <[email protected]>
Date: Fri Jul 12 12:43:31 2019 -0400
ikev2 nat: simplify if() guarding nat_traversal_change_port_lookup() call;
document why it is broken
In IKEv2 when a secured request with a changed sender is received
by a responder that is not behind a NAT then the remote port
should be updated. The code trying to do this is broken:
- state isn't sufficient as either end can initiate an exchange
- can't assume that the very original IKE SA responder isn't behind
a NAT
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
