[Swan-dev] puzzled by addcon's use of resolve_defaultroute
Paul Wouters
paul at nohats.ca
Sun Jul 22 18:31:37 UTC 2018
On Sun, 22 Jul 2018, D. Hugh Redelmeier wrote:
> 1) after the commit resolve_defaultroute does nothing if HAVE_NETKEY is
> undefined.
> (Before the commit it wasn't defined if HAVE_NETKEY were undefined.)
It should really be an #ifdef LINUX as this function does not need what
we call NETKEY (aka XFRM) but it just needs the Linux NETLINK interface.
Which is technically RFC 3549 https://tools.ietf.org/html/rfc3549 but
in reality just documents Linux native behaviour
> But wait! Even before this patch, there were two calls to
> resolve_defaultroute that were not wrapped in #ifdef HAVE_NETKEY. How
> did that even compile if HAVE_NETKEY were undefined?
>
> Perhaps HAVE_NETKEY has always been defined and we should just presume
> it everywhere?
No. Ideally anything HAVE_NETKEY / USE_NETKEY should be split into
HAVE_NETLINK / USE_NETLINK and HAVE_XFRM.
> 1) Does the code work without HAVE_NETKEY?
Yes. It just requires netlink.
> 2) how can we rename resolve_defaultroute so as not to be misleading?
> Alternatively we could put the ifdefs around each call.
The name isn't misleading, but we are missing code to accomplish the
same on *BSD and others.
Paul
More information about the Swan-dev
mailing list