[Swan-dev] pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these

Paul Wouters paul at nohats.ca
Fri May 10 15:49:49 UTC 2019


On Thu, 9 May 2019, D. Hugh Redelmeier wrote:

> |     pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these
> |
> |     This is required for test case certoe-15-poc-east-west
>
> I don't understand this.
>
> A grep through our code shows that overlap_supported is still used,
> and sometimes (always?) initialized to FALSE.  That seems to
> contradict the commit message.

Yes. The code is incorrect, but I did not want to change it at this
point all over the code. KLIPS is the only stack not supporting it AFAIK.
XFRM/NETKEY and its BSDKAME version do, and "nostack" should support it
it. MAST has been removed. Windows stack is dead until revived to the
Win8+ platform.

> And some other code tests overlap_supported.
>
> Removing part of a mechanism seems odd.

I would like to remove everything related to overlapip= but not now. Perhaps for 3.30?
For now, this code change allows OE to work with /32 groups without
needing to specify overlapip=yes (which would in itself be wrong, as
this is the group template vs the group instance, as so it should not
need the overlapip= keyword? It was introduced initially to support
multiple transport mode connections behind the same NAT (hence some
really weird check for POLICY_TUNNEL within the code as well, making
the code even more wrong)

Paul


More information about the Swan-dev mailing list