[Swan-dev] building: do not abuse USE_IPTABLES or USE_NFTABLES

Wed Dec 27 19:45:32 EET 2023

On Tue, 26 Dec 2023, Andrew Cagney wrote:

>> Are you sure about this:
>>
>> @@ -600,7 +601,9 @@ static bool ikev2_set_internal_address(struct
>> pbs_in *cp_a_pbs,
>>       selector_from_address(ip),
>>       "CAT: scribbling on end while ignoring TS");
>>   }
>> - } else if (connection_requires_tss(cc) == NULL) {
>> + } else
>> +#endif
>> + if (connection_requires_tss(cc) == NULL) {
>>   update_end_selector(cc, cc->local->config->index,
>>       selector_from_address(ip),
>>       "CP scribbling on end while ignoring TS");
>
> It changed:
>
>     if (cat)
>         if (...)
>         else scrible on SPDs
>    else if (not tss)
>        scribble on SPDs
>
> to
>
>     if (cat)
>         if (...)
>         else
>            scrible on SPDs
>    if (not TSS)
>        scribble on SPDs
>
> which is wrong.

I don't think it is wrong, because without USE_CAT, the code also
ran the else (non cat) case.

But I've removed the #ifdef around here and only have a single ifdef
at the only place in the code that sets has_client_address_translation,
and so the ifdef on this location is not needed.

Paul