[Swan-dev] "policy" is an overused word
Paul Wouters
paul at nohats.ca
Wed Jun 16 21:15:25 UTC 2021
On Jun 16, 2021, at 16:50, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
>
>
>> On Wed, 16 Jun 2021 at 16:03, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>> I see some functions have been renamed with "policy" replacing "eroute".
>
> shunt_policy(), raw_policy(), enum kernel_policy to be exact.
Part of this is because an eroute is a concept that sort of died with the removal of KLIPS.
It’s even more unclear to developers at time if it was referring to just SPD policy or also traditional routes.
> The trouble with "policy" is that it is used to label way too many things
>> in networking (and the rest of the computer field). It isn't that the
>> word is inappropriate, but that the word retains no specificity.
>
>> I strongly suggest we not add to this problem.
>
> I think it is better than eroute:
> - I run <<ip xfrm policy>> or <<setkey -DP>> to Dump Policies
> - I can find policy in the RFCs (technically Security Policy Database) and kernel code
> but yes, given connection.policy, it isn't ideal.
Yeah, especially because the non-klips kernel codes all use policy for this.
I think spd policy and connection policy are fairly clearly separated ? Let’s not rename the connection one right now. Maybe later ?
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210616/36fb3cfa/attachment-0001.html>
More information about the Swan-dev
mailing list