[Swan-dev] expirimental : ipsec device/interface aka XFRMi
Andrew Cagney
andrew.cagney at gmail.com
Fri Jan 24 14:10:40 UTC 2020
On Fri, 24 Jan 2020 at 07:49, Paul Wouters <paul at nohats.ca> wrote:
>
>
>
> > On Jan 24, 2020, at 13:44, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> >
> >>
> >> They do. no = 0, yes = 1 and the man page does not explain this.
> >
> > So if I specify:
> > ipsec-interface=no
> > I get interface 0, and:
>
> No, you get no interface because 0 means no. This is because the current Linux implementation uses IF_ID which does not see 0 as a valid ID.
Should it be =%no - since reserved tokens mostly start with %; then =0
can be an error?
> > ipsec-interface=1
> > I get a random interface?
>
> You get ipsec1, same as when specifying “yes”.
I think that's confusing. Especially if we've reserved %random or
%unique or something as a future enhancement.
> In the future, %unique will mean get a (pseudo)random interface name.
>
> I’m not sure what happens when you pick “10”, as I was confused about the numbers maybe being in hex ?
If I use =10, do I see xfrmi10 (or what ever) when listing interfaces?
> Paul
>
More information about the Swan-dev
mailing list