On Wed, Jan 06, 2021 at 09:33:12AM -0500, Andrew Cagney wrote: > On Mon, 4 Jan 2021 at 11:06, Antony Antony <ant...@phenome.org> wrote: > > > > On Sun, Jan 03, 2021 at 11:54:30AM -0500, Paul Wouters wrote: > > > On Sun, 3 Jan 2021, Andrew Cagney wrote: > > > > > > > Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for? > > > > > > > I suspect it has something to do with XFRMI. As best I can, in the > > > > current code, it is simply being passed to up-down scripts as > > > > INTERFACE_IP=...? > > > > Yes the idea was to add that IP address/prefix to the xfrm interface. > > The unfinished feature is inherited from VTI model(possibly hack?). In VTI > > the IP address was added in updwon script. In xfrmi, I would like to add the > > IP from pluto using netlink calls, c functions, instead of calling external > > command "ip". This way the pluto can ref count how many connections share > > interface or IP address. In the VTI model two connections with same > > interface-ip address could be an issue. Bringing up two two connections > > could work, we need a bit shell script to ignore the error from "ip" address > > exist. > > However, when one connection goes down, the shell script would delete the ip > > address. Then the remaining connection would loose the ip address. > > So it's an address/mask so the CIDR's host-identifer can be non zero > vis: ::1/127. > > What restrictions are there on the address? The parser accepts: > ::/0 ::/1 ::/2 ... > but then later, INTERFACE_IP is only exported when the address isn't > ::/0. If ::/0 isn't allowed then it should probably be rejected when > parsing the config file.
similar rule for v4 too? or are you only fixing v6 parsing rules? 0/0 is not allowed. It is better to reject while parsing. 0.0.0.0/32 is another odd one. It should be rejected by the parser. I am guessing we allow this at the moment. 0/32 should also rejected by our TS parser. I guess it is easy to test with unit tests. Thanks for those tests. > I'm guessing vti ip is the same. +1 _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev