On Fri, 3 Nov 2017, D. Hugh Redelmeier wrote:
According to ipsec.conf(5), mark-in and mark-out override mark.
Why allow mark and mark-* at the same time? That seems like an mistake
and would be better diagnosed.
Yes we should. But to prevent doing these checks repeatedly in different
code points (parser, whack, dbus, yang?) it would be best to do this in
add_connection() once. Although that's a bit late and harder to give
feedback for.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
