build from HEAD yields "fwknop: fko_set_spa_message: Error 100 - Invalid allow IP address in the SPA message data"

[e40]

and the knocking does not happen.

I reset by to the HEAD before the activity today and fwknop works for me. This is my config, in case it's now invalid:

[default]
ALLOW_IP            source

[gremlin]
SPA_SERVER          gremlinssh.foo.com
ACCESS              tcp/64208
NAT_ACCESS          XX.YY.ZZ.77,22
SPOOF_USER          foobar

[damienstuart]

Found the the commit that introduced the regression and reverted it. What I thought was an innocuous change broke the decode/dcrypt processing of the SPA packet.

-Damien

On 1/27/24 4:30 PM, e40 @.***> wrote:

and the knocking does not happen.

I reset by to the HEAD before the activity today and |fwknop| works for me. This is my config, in case it's now invalid:

|[default] ALLOW_IP source [gremlin] SPA_SERVER gremlinssh.foo.com ACCESS tcp/64208 NAT_ACCESS XX.YY.ZZ.77,22 SPOOF_USER foobar |

— Reply to this email directly, view it on GitHub https://github.com/mrash/fwknop/issues/363, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGRNJD5HSLFLENHHZZUHLTYQVWYVAVCNFSM6AAAAABCNUKLG6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGEYDGOBRHE4DANI. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[e40]

Sorry about that. I guess I didn't test it fully. My bad.

It is curious how the seemingly dead code impacted things.