[Swan-dev] mark / mark-in / mark-out

[Paul Wouters]

On Fri, 3 Nov 2017, D. Hugh Redelmeier wrote:

> According to ipsec.conf(5), mark-in and mark-out override mark.
>
> Why allow mark and mark-* at the same time?  That seems like an mistake
> and would be better diagnosed.

Yes we should. But to prevent doing these checks repeatedly in different
code points (parser, whack, dbus, yang?) it would be best to do this in
add_connection() once. Although that's a bit late and harder to give
feedback for.

Paul