[Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
antony at phenome.org
Wed Jan 6 22:19:28 UTC 2021
On Wed, Jan 06, 2021 at 09:33:12AM -0500, Andrew Cagney wrote:
> On Mon, 4 Jan 2021 at 11:06, Antony Antony <antony at phenome.org> wrote:
> > On Sun, Jan 03, 2021 at 11:54:30AM -0500, Paul Wouters wrote:
> > > On Sun, 3 Jan 2021, Andrew Cagney wrote:
> > >
> > > > Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
> > >
> > > > I suspect it has something to do with XFRMI. As best I can, in the
> > > > current code, it is simply being passed to up-down scripts as
> > > > INTERFACE_IP=...?
> > Yes the idea was to add that IP address/prefix to the xfrm interface.
> > The unfinished feature is inherited from VTI model(possibly hack?). In VTI
> > the IP address was added in updwon script. In xfrmi, I would like to add the
> > IP from pluto using netlink calls, c functions, instead of calling external
> > command "ip". This way the pluto can ref count how many connections share
> > interface or IP address. In the VTI model two connections with same
> > interface-ip address could be an issue. Bringing up two two connections
> > could work, we need a bit shell script to ignore the error from "ip" address
> > exist.
> > However, when one connection goes down, the shell script would delete the ip
> > address. Then the remaining connection would loose the ip address.
> So it's an address/mask so the CIDR's host-identifer can be non zero
> vis: ::1/127.
> What restrictions are there on the address? The parser accepts:
> ::/0 ::/1 ::/2 ...
> but then later, INTERFACE_IP is only exported when the address isn't
> ::/0. If ::/0 isn't allowed then it should probably be rejected when
> parsing the config file.
similar rule for v4 too? or are you only fixing v6 parsing rules?
0/0 is not allowed. It is better to reject while parsing.
0.0.0.0/32 is another odd one. It should be rejected by the parser. I am
guessing we allow this at the moment. 0/32 should also rejected by our TS
parser. I guess it is easy to test with unit tests. Thanks for those tests.
> I'm guessing vti ip is the same.
More information about the Swan-dev