[Swan-dev] ref-counting xfrmi interfaces

Paul Wouters paul at nohats.ca
Fri Mar 3 15:14:48 EET 2023


On Mar 3, 2023, at 06:48, Brady Johnson <bradyallenjohnson at gmail.com> wrote:
> 
> I'm trying to determine where to store the ref counted IP addresses (v4/v6). I could add it to the pluto_xfrmi struct (kernel_xfrm_interface.c/h) but then that would not include VTI interfaces. Everything related to creating VTI interfaces is performed in the updown script. If we want to also refcount IPs for VTI interfaces, then perhaps the best place to store it would be in connections.c/h?

While we want to discourage VTI for XFRMi, I think we might as well refcount both.
> There is still the issue of how/where to remove the IP from the interface. Currently this never happens, so should we do this in the updown script or from Pluto?

Adding and removing should move to pluto, so we don’t incur the overhead of needing to run updown.

> Considering the IP addresses are added to the interfaces in the updown script, it seems logical to also remove them in the updown script.

We want to move that into pluto as well.

Paul


More information about the Swan-dev mailing list