[Swan-dev] Questions about current patches
Brady Johnson
bradyjoh at redhat.com
Fri Jun 9 13:41:48 EEST 2023
Hello,
I am currently working on several changes with the final goal of enabling
the interface-ip configuration option, which will help improve dual-stack
IPv4/IPv6 support for XFRMi interfaces.
The current change Im working on is to create VTI interfaces in pluto
instead of creating them in the updown script. This will allow us to
refcount both VTI and XFRMi interfaces in pluto.
I have the code working to create the VTI interface in Pluto, but there are
several other things in the updown script that I'm curious about.
For example, after creating the VTI interface (with the ip tunnel command)
in the updown script, it then performs these commands:
sysctl -w net.ipv4.conf.${VTI_IFACE}.disable_policy=1
sysctl -w net.ipv4.conf.${VTI_IFACE}.rp_filter=0
sysctl -w net.ipv4.conf.${VTI_IFACE}.forwarding=1
Do we also want to move this to pluto? I'm thinking yes. This is just a
matter of doing something like this, right?
sprintf(f_str, "/proc/sys/net/ipv4/conf/%s/disable_policy",
vti_if_name);
fd = open(f_str, O_WRONLY);
write(fd, "1", 1);
close(fd);
Also, the updown script creates static routes for the VTI interfaces. Do we
want to leave that there, or should we try to move it to Pluto?
Regards,
*Brady Johnson*
Principal Software Engineer
Telco Solutions & Enablement
brady.johnson at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20230609/9cdc5627/attachment.htm>
More information about the Swan-dev
mailing list