[Swan-dev] protostack "noklips" broken with libevent
Paul Wouters
paul at nohats.ca
Thu Sep 17 20:56:13 EEST 2015
On Thu, 17 Sep 2015, D. Hugh Redelmeier wrote:
> Back in the FreeS/WAN days, I did a lot of testing with no kernel
> involvement. It was efficient and effective.
>
> We don't do that any longer, but it it is easy to keep this feature, I
> would like that.
Keeping it is easy although it has been untested for years.
> I t would be a mistake to let it get used by accident.
agreed, which is why I made the change yesterday.
> We really should be doing unit testing, and this could enable some
> kinds of unit testing.
It's not entirely clear to me how that works in a way that we could not
do using containers.
> It allows testing without serious priviledges (root).
That assumes IKE on non-500 works well, and with NAT-T on port 4500
things got a lot more complicated. Things like SElinux would also
have to be disabled for non-standard ports.
> Is there any reason that this has to be hard?
It's more that using containers/namespaces seems easier then working
around not needing root. In the end, I don't think it matters that
much that we need root. These are no longer the university terminal
times :)
Paul
More information about the Swan-dev
mailing list