Re: [Swan-dev] What happened to "ipsec show" ?

Mon, 20 Nov 2023 06:09:11 -0800 

On Mon, 20 Nov 2023 at 05:14, Brady Johnson <brady...@redhat.com> wrote:
>
> Andrew pointed out a use case that is not covered yet, which is "transport 
> mode when host==client". This is caused by the following check in the 
> jam_end_client() function:
>
> if (selector_eq_address(this->client, this->host->addr)) {
>     return;
> }
>
> This is not only an issue in transport mode, but also in tunnel mode with 
> either host-to-subnet or subnet-to-host.
>
> I will perform this check in the whack_briefconnectionstatus.c code and I 
> wanted to propose one of the following options:

Yes, cut your losses on the existing function :-)

> OPTION 1:
> ---------------
> transport mode when host == client for both the local and remote:
> 000 from 172.22.18.102 to 172.22.18.101 (0B/0B) "gwn02_transport_tun", 
> reqid=16388
>
> tunnel mode with host-to-subnet:
> 000 172.22.18.102 <==> 172.16.10.0/24  from 172.22.18.102 to 172.22.18.101 
> (0B/0B) "gwn02_transport_tun", reqid=16388
>
> tunnel mode with subnet-to-host:
> 000 172.16.20.0/24 <==> 172.22.18.101  from 172.22.18.102 to 172.22.18.101 
> (0B/0B) "gwn02_transport_tun", reqid=16388

fields come and go depending on the mode making output confusing and
parsing harder?

> OPTION 2:
> ---------------
> transport mode when host == client for both the local and remote:
> 000 host <==> host from 172.22.18.102 to 172.22.18.101 (0B/0B) 
> "gwn02_transport_tun", reqid=16388
>
> tunnel mode with host-to-subnet:
> 000 host <==> 172.16.10.0/24  from 172.22.18.102 to 172.22.18.101 (0B/0B) 
> "gwn02_transport_tun", reqid=16388
>
> tunnel mode with subnet-to-host:
> 000 172.16.20.0/24 <==> host  from 172.22.18.102 to 172.22.18.101 (0B/0B) 
> "gwn02_transport_tun", reqid=16388
>
>
> I prefer OPTION 2. Does anybody have any preferences?

I hadn't thought of that.  Interesting

Another one is:

000 172.22.18.102 <==> 172.22.18.101 from 172.22.18.102 to
172.22.18.101 (0B/0B) "gwn02_transport_tun", reqid=16388, transport

the bike shed is getting too many layers of paint
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to