[strongSwan-dev] WI: Support for custom ports
Martin Willi
martin at strongswan.org
Fri Feb 26 12:18:09 CET 2010
Work-Item: Support for custom ports
Branch: dynamic-ports, merged to master
Schedule: 4.4.0
Rationale:
In some scenarios, it might be useful to use custom source and
destination ports for IKE packets. This is not specified in IKEv2, but
should be compatible to existing implementations. IKEv2 uses non-ESP
markers in packets sent on port 4500; we apply this rule to any packet
which is not sent or received on port 500. Port floating is done only if
a port of 500 is used.
A new socket implementation is required that dynamically binds the
required ports.
API changes:
The ike_cfg_create() constructor gained two new parameters, local and
remote ports. Pass IKEV2_UDP_PORT to retain the existing behavior.
The existing socket and raw-socket implementations have been migrated to
separated plugins: socket-default and socket-raw. The dynamically
binding socket implementation is provided via the socket-dynamic plugin.
The socket-raw plugin is the only one compatible to pluto and is
enforced if pluto is built.
More information about the Dev
mailing list