On Wed, 20 May 2020, Andrew Cagney wrote:
Subject: [Swan-dev] protoport=0/1234
I added code to reject it, it didn't go well. In figuring out why I
found the existing code emits:
https://testing.libreswan.org/v3.30-722-g0c6a4c557f-master/ikev2-allow-narrow-03/OUTPUT/west.pluto.log.gz
| *****emit IKEv2 Traffic Selector:
| TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
| IP Protocol ID: 0 (00)
| start port: 1234 (04 d2)
| end port: 1234 (04 d2)
It went well actually. The test case used a bogus configuration. I fixed
up the test case. I guess we should add code in add_connection() to
reject connections with protoport=0/non-zero
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
