[Swan-dev] subnetwithin and protoport anomalies
Paul Wouters
paul at nohats.ca
Sat May 28 21:50:29 UTC 2016
I think those were only used for manual keying parameters like spi= and spigroup=
I believe it can be removed along with kv_auto because everything is auto now.
Sent from my iPhone
> On May 28, 2016, at 03:07, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>
> In lib/libipsecconf/keywords.c, these are the only keywords that have
> kv_conn but neither kv_auto nor kv_manual. (I'm not counting the ""
> keyword because I think that it is special.)
>
> I would guess that they should be kv_auto. Is this correct?
>
> Note: kv_manual NEVER seems to actually be used except in the table
> initialization. In other words, either it is accessed surreptitious or it
> is pointless.
>
> kv_auto is used in confwrite. It is used as part of the argument
> "keying_context" in calls to two functions. Each function then uses that
> argument in a test:
> if (keying_context != 0 && (k->validity & keying_context) == 0)
> continue;
> This might be where a surreptitions use would creep in, but I don't
> see it.
>
> SUMMARY:
>
> - it seems like the two keywords should be kv_auto
>
> - is there a real use for kv_manual?
> If so: implement that use.
> If not: remove the attribute.
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list