[Swan-dev] kernel_ops

Andrew Cagney andrew.cagney at gmail.com
Tue Feb 25 15:04:22 UTC 2020

The libreswan's code base has reached an interesting point.  We
support (or are at least trying to support :-) two network interfaces:

- XFRM (does xfrmi qualify as a separate stack?)

(ok, there's a third - nokernel but I'm struggling to see its value -
on linux the network stack is prewired to xfrmi etc) and the kernels:

- BSD*
- Linux

however currently only one combination is valid:

- xfrm + linux
- kame + bsd

So, notionally, kernel_ops is no longer required.  While I'm assuming
that we're not about to delete it I do think its worth asking its
purpose - like for any portable kernel dependent software the we
struggle with the questions:

- does this go in kernel_ops - "kernel" for network interface ops
- does this go in kernel_{bsd,linux} - how we have "kernel" for os? ops, hmm,
- does this get wrapped in in #ifdef

So, what is a "kernel" - we've got two - and as a rule, what should live where?


To help things, here are two examples, I don't see either as bad just
illustrations of the compromise:

- (pre-my recent changes, I should probably rename process_... to merge_...):


find_raw_ifaces[46]() is presumably os specific (and should be
merged); however, is process_raw_ifaces() really part of the network
interface or part of the os?  While BSD uses all the parameters passed
in, linux does some extra filtering, and I'm not sure why it can't
simply be done in find_raw_ifaces().  With my recent changes, that's
become very obvious - the BSD code base has been reduced to a simple
for loop.

 - iface_udp.c:

- #ifdef SOL_UDP - "The SOL (aka socket level) is really the the
protocol number which, for UDP, is always 17.  Linux provides a SOL_*
macro, the others don't." - since  IPPROTO_UDP is defined, why bother?
- #ifdef SO_PRIORITY - arguably this should live in kernel_linux(?)
but honestly there's only one use and anyone reading code like this
expects this stuff
- its got #ifdef linux - it should probably test for the feature
- its got kernel_ops. - to poke holes in the NETKEY stack so looks reasonable

and then of course there's the MSG_ERRQUEUE stuff - again it could
live in *_linux, but to what benefit - at least it is currently local

More information about the Swan-dev mailing list