[Swan] No ipsec0 device with XFRMi
Antony Antony
antony at phenome.org
Tue Jul 28 18:25:11 UTC 2020
ipsec-interface=0 would translate to
ip link add ipsec0 type xfrm dev enp0s5 if_id 0
when I started adding xfrmi I wasn't sure xfrm if_id 0 would work properly.
if_id is a lookup key to find policy and state. I wonder if 0 would mean
also a policy with no xfrmi if_id.
xfrm if_id 0 was confusing to me. I decided ipsec1 to start with. May be
time to review it while xfrmi is still expirimental.
and also to avoid confusion from klips.
regards,
-antony
On Mon, Jul 27, 2020 at 01:05:11PM +0300, Tuomo Soini wrote:
> On Mon, 27 Jul 2020 09:50:44 +0200
> "Wolfgang Nothdurft" <wolfgang at linogate.de> wrote:
>
> > does it have technical reasons that the setting ipsec-interface=0
> > disables xfrmi, instead of generating a ipsec0 device, or was it a
> > design decision, because of the hybrid value yes, no, number?
>
> Yes. XFRMI interface id must be >= 1. That means 0 is not possible
> interface id and keeping interface name in sync with interface id was
> just implementation decision.
>
> --
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <https://foobar.fi/>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list