| From: Antony Antony <[email protected]> | It would be nice to have an options to assign unique address. When there | is an overlap, the new pool mark the unused overlapping addresses in the | old pool as used. If an address already in use in an old pool mark it | used in the new pool.
That's the kind of logic that I tried to portray as theoretically useful but probably used rarely enough that it isn't worth the considerable effort of coding, testing, and documenting. What's the use-case? I also am suspicious of anything that isn't symmetric when the problem seems more-or-less symmetric. And you've got to make sure that the solution is transitive (i.e. what happens when a third inexactly overlapping pool comes along, and a fourth, ... all with complicated overlaps). | In libreswan, as far I know, there is no overlap check for a subnet. An | address pool is very similar to a subnet, imagine it as a /32 subnet. | You could even replace it with a subnet. If subnet overlaps with another | subnet there is no warning. Then I am wondering why treat an addresspool | overlap as an error? When two subnets overlap, one contains the other (they can be the same, in which case they contain each other). That's simpler than IP-address ranges that are used for addresspools. Especially when considering more than two. Libreswan assigns from the addresspool. Subnet assignment isn't our business. In the old days, FreeS/WAN installed eroutes and routes, and the rules of routing dictated what would happen. Something well-defined: the smaller subnet wins. I think that FreeS/WAN generated an error if the subnets were identical but the routing was different. I don't know what happens now. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
