On Thu, 31 Dec 2020, Andrew Cagney wrote:
One of the quirks of ttosubnet() is that it will parse:
1.2.3.0/24:10
I do not know of any place where this is considered a valid value?
{left,right}subnet=... as ttosubnet() and one_subnet_from_string()
--client <subnet>
if anything these are selectors and could allow a port; but
perhaps only protoport= is ever used?
I don't think it should be allows there.
virtual-private= aka virtual_ip.c:read_subnet()
maybe?
That was only to limit CIDR's from being allowed/disallowed, nothing
more granular.
read_foodgroup() (the policies files)
perhaps
OE uses this syntax for protoport specific selectors in /etc/ipsec.d/policies:
192.1.2.0/24 tcp 0 22
So I don't think there is any reason for ttosubnet() to allow CIDR:num
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
