as in: find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0
perhaps this helps (or confuses)? subnet from endpoint 192.0.3.254:8 (in netlink_acquire() at kernel_netlink.c:1782) add bare shunt 0x7f943c3fdf78 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink since this is happening when an acquire is triggered by a ping packet, 1 is maybe ICMP and 8 is something found in the acquire's .sport field (but what?) Two problems: - the syntax is terrible: :1 isn't a port, /8 isn't a mask - even 192.0.3.254:(1/8) would be better - there's a subnet kicking round with a bogus port 8, does it get scrubbed, or do we get away with this because the IKEv2 TS code is instead looking at end.port and that's zero ... _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
