[Swan-dev] puzzled by addcon's use of resolve_defaultroute

Paul Wouters paul at nohats.ca
Sun Jul 22 18:31:37 UTC 2018

On Sun, 22 Jul 2018, D. Hugh Redelmeier wrote:

> 1) after the commit resolve_defaultroute does nothing if HAVE_NETKEY is
>   undefined.
>   (Before the commit it wasn't defined if HAVE_NETKEY were undefined.)

It should really be an #ifdef LINUX as this function does not need what
we call NETKEY (aka XFRM) but it just needs the Linux NETLINK interface.
Which is technically RFC 3549 https://tools.ietf.org/html/rfc3549 but
in reality just documents Linux native behaviour

> But wait!  Even before this patch, there were two calls to
> resolve_defaultroute that were not wrapped in #ifdef HAVE_NETKEY.  How
> did that even compile if HAVE_NETKEY were undefined?
> Perhaps HAVE_NETKEY has always been defined and we should just presume
> it everywhere?

No. Ideally anything HAVE_NETKEY / USE_NETKEY should be split into

> 1) Does the code work without HAVE_NETKEY?

Yes. It just requires netlink.

> 2) how can we rename resolve_defaultroute so as not to be misleading?
>   Alternatively we could put the ifdefs around each call.

The name isn't misleading, but we are missing code to accomplish the
same on *BSD and others.


More information about the Swan-dev mailing list