[Swan-dev] mark / mark-in / mark-out

Paul Wouters paul at nohats.ca
Sun Nov 12 15:12:06 UTC 2017

On Fri, 3 Nov 2017, D. Hugh Redelmeier wrote:

> According to ipsec.conf(5), mark-in and mark-out override mark.
> Why allow mark and mark-* at the same time?  That seems like an mistake
> and would be better diagnosed.

Yes we should. But to prevent doing these checks repeatedly in different
code points (parser, whack, dbus, yang?) it would be best to do this in
add_connection() once. Although that's a bit late and harder to give
feedback for.


More information about the Swan-dev mailing list