[Swan-dev] What happened to "ipsec show" ?

Andrew Cagney andrew.cagney at gmail.com
Mon Nov 20 16:08:36 EET 2023 

On Mon, 20 Nov 2023 at 05:14, Brady Johnson <bradyjoh at redhat.com> wrote:
>
> Andrew pointed out a use case that is not covered yet, which is "transport mode when host==client". This is caused by the following check in the jam_end_client() function:
>
> if (selector_eq_address(this->client, this->host->addr)) {
>     return;
> }
>
> This is not only an issue in transport mode, but also in tunnel mode with either host-to-subnet or subnet-to-host.
>
> I will perform this check in the whack_briefconnectionstatus.c code and I wanted to propose one of the following options:

Yes, cut your losses on the existing function :-)

> OPTION 1:
> ---------------
> transport mode when host == client for both the local and remote:
> 000 from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388
>
> tunnel mode with host-to-subnet:
> 000 172.22.18.102 <==> 172.16.10.0/24  from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388
>
> tunnel mode with subnet-to-host:
> 000 172.16.20.0/24 <==> 172.22.18.101  from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388

fields come and go depending on the mode making output confusing and
parsing harder?

> OPTION 2:
> ---------------
> transport mode when host == client for both the local and remote:
> 000 host <==> host from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388
>
> tunnel mode with host-to-subnet:
> 000 host <==> 172.16.10.0/24  from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388
>
> tunnel mode with subnet-to-host:
> 000 172.16.20.0/24 <==> host  from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388
>
>
> I prefer OPTION 2. Does anybody have any preferences?

I hadn't thought of that.  Interesting

Another one is:

000 172.22.18.102 <==> 172.22.18.101 from 172.22.18.102 to
172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388, transport

the bike shed is getting too many layers of paint

More information about the Swan-dev mailing list