[Swan-dev] "policy" is an overused word

Paul Wouters paul at nohats.ca
Wed Jun 16 21:15:25 UTC 2021

On Jun 16, 2021, at 16:50, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>> On Wed, 16 Jun 2021 at 16:03, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>> I see some functions have been renamed with "policy" replacing "eroute".
> shunt_policy(), raw_policy(), enum kernel_policy to be exact.

Part of this is because an eroute is a concept that sort of died with the removal of KLIPS.
It’s even more unclear to developers at time if it was referring to just SPD policy or also traditional routes.

>  The trouble with "policy" is that it is used to label way too many things 
>> in networking (and the rest of the computer field).  It isn't that the 
>> word is inappropriate, but that the word retains no specificity.
>> I strongly suggest we not add to this problem.
> I think it is better than eroute:
> - I run <<ip xfrm policy>> or <<setkey -DP>> to Dump Policies
> - I can find policy in the RFCs (technically Security Policy Database) and kernel code
> but yes, given connection.policy, it isn't ideal.

Yeah, especially because the non-klips kernel codes all use policy for this.

I think spd policy and connection policy are fairly clearly separated ? Let’s not rename the connection one right now. Maybe later ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210616/36fb3cfa/attachment-0001.html>

More information about the Swan-dev mailing list