[Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?

Paul Wouters paul at nohats.ca
Sun Jan 3 16:54:30 UTC 2021


On Sun, 3 Jan 2021, Andrew Cagney wrote:

> Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?

> I suspect it has something to do with XFRMI.  As best I can, in the
> current code, it is simply being passed to up-down scripts as
> INTERFACE_IP=...?

Yes. It is the value of interface-ip= passed to updown. It can be used
to configure an IP address. It should really do this action in the
default updown script when passed.

The name interface-ip= was chosen after a long discussion. We wanted to
make it implementation agnostic (so not call it anything xfrm) and it
couldn't clash with the existing VTI code that uses VTI_IP.

I think the code that uses VTI_IP in updown should also check for
INTERFACE_IP and documentation should be added to _updown.xfrm.in about
these options.

> While the name ifaceip leads me to think it's got something to do with
> the host interfaces, I suspect it is connected to the XFRMI client
> interface IP (if this is true I'll rename the field to
> client_interface_ip)?

Please do not rename it. Especially not anything "client" as our pluto
code uses "client" to refer to left/rightsubnets and non-developers
think of client-interface-ip as something at the remote vpn clients.

Paul


More information about the Swan-dev mailing list