[Swan-dev] expirimental : ipsec device/interface aka XFRMi
Paul Wouters
paul at nohats.ca
Wed Jan 22 10:50:27 UTC 2020
On Wed, 22 Jan 2020, Antony Antony wrote:
> this morning in a testrun I noticed a bunch of coredump from addcon
> https://swantest.libreswan.fi/s2/v3.28-1487-g3d33747478-testrun-xfrmi/
> I will investigate addcon crash today.
> current configuration option is
> ipsec-interface=no|yes|<n> where n = 1..UINT32_MAX
I think it might be due to its value being both a number and not. It is
not following our rules about numbers, time based units, etc. Again, I
would recommend we only allow regular numbers > 0. No "yes|no" and no
implied hex (all our parsers treat 0xNNN as hsex, 0sNNN as base64, and
no prefix as decimal. This should not be different)
> Note 0x is necessary.
That is not how our parser works normally.
> IPv6 and xfrmi may not work in all cases. ipv6 up-down script need more
> work.
Sure. I think it is okay to postpone that for after the merge.
> My plan resolve addconn issue is, a new testrun. If there are no major
> issues I will merge.
While you mention looking at the issue I found, you didn't answer about
my provided patch. Is it correct? Is it wrong? Is there a better way?
Will it be okay to use before merge?
Paul
More information about the Swan-dev
mailing list