[Swan-dev] Finding connections with %any fails due to only searching hostpair
Paul Wouters
paul at nohats.ca
Wed Mar 17 15:21:32 UTC 2021
On Wed, 17 Mar 2021, Andrew Cagney wrote:
> looking around the above there's DHR's comment:
>
> /*
> * ??? the use of hp looks nonsensical.
> * Either the first non-empty host_pair should be used
> * (like the current code) and the following should
> * be broken into two loops: first find the non-empty
> * host_pair list, second look through the host_pair list.
> * OR
> * what's really meant is look at the host_pair for
> * each sra, something that matches the current
> * nested loop structure but not what it actually does.
> */
>
> and this lookup:
>
> hp = find_host_pair(&sra->this.host_addr,
> &sra->that.host_addr);
>
> so I suspect having the code also:
>
> find_host_pair(&sra->this.host_addr, &unset_address)
>
> would do what you want and much faster.
I don't think so, because I don't think hostpair will consider all the
%any connections as belonging to the same host pair.
> However, along the lines of DHR's comment, is this just adding to the problem?
It's concept is really for left/right on the same IP (which is also an
issue, with multiple behind NAT). Which is why I think the concept of
hostpair is not sustainable. This isn't the first time code needed to
be changed to search all connections :/
Paul
More information about the Swan-dev
mailing list