[Swan-dev] pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these
D. Hugh Redelmeier
hugh at mimosa.com
Thu May 9 20:55:12 UTC 2019
| commit 8c6067289bc2215858e14c7faecb75dee5f21bf6
| Author: Paul Wouters <pwouters at redhat.com>
| Date: Wed May 8 13:08:15 2019 -0400
|
| pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these
|
| This is required for test case certoe-15-poc-east-west
I don't understand this.
A grep through our code shows that overlap_supported is still used,
and sometimes (always?) initialized to FALSE. That seems to
contradict the commit message.
And some other code tests overlap_supported.
Removing part of a mechanism seems odd.
Note: I'm not saying that the old code was correct, only that it was
there for some purpose.
programs/pluto/connections.c:3546: if (!kernel_ops->overlap_supported) {
programs/pluto/kernel.c:943: if (kernel_ops->overlap_supported && !LIN(POLICY_TUNNEL, c->policy))
programs/pluto/kernel.c:2809: if (kernel_ops->overlap_supported) {
programs/pluto/kernel.h:180: bool overlap_supported;
programs/pluto/kernel_bsdkame.c:1084: .overlap_supported = FALSE,
programs/pluto/kernel_klips.c:348: .overlap_supported = FALSE,
programs/pluto/kernel_netlink.c:2875: .overlap_supported = FALSE,
programs/pluto/kernel_nokernel.c:130: .overlap_supported = FALSE,
More information about the Swan-dev
mailing list