[Swan-dev] pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these
paul at nohats.ca
Fri May 10 15:49:49 UTC 2019
On Thu, 9 May 2019, D. Hugh Redelmeier wrote:
> | pluto: Allow overlapping route as all stacks but obsolete KLIPS stack supports these
> | This is required for test case certoe-15-poc-east-west
> I don't understand this.
> A grep through our code shows that overlap_supported is still used,
> and sometimes (always?) initialized to FALSE. That seems to
> contradict the commit message.
Yes. The code is incorrect, but I did not want to change it at this
point all over the code. KLIPS is the only stack not supporting it AFAIK.
XFRM/NETKEY and its BSDKAME version do, and "nostack" should support it
it. MAST has been removed. Windows stack is dead until revived to the
> And some other code tests overlap_supported.
> Removing part of a mechanism seems odd.
I would like to remove everything related to overlapip= but not now. Perhaps for 3.30?
For now, this code change allows OE to work with /32 groups without
needing to specify overlapip=yes (which would in itself be wrong, as
this is the group template vs the group instance, as so it should not
need the overlapip= keyword? It was introduced initially to support
multiple transport mode connections behind the same NAT (hence some
really weird check for POLICY_TUNNEL within the code as well, making
the code even more wrong)
More information about the Swan-dev