On Thu, 9 May 2019, D. Hugh Redelmeier wrote:
| pluto: Allow overlapping route as all stacks but obsolete KLIPS stack
supports these
|
| This is required for test case certoe-15-poc-east-west
I don't understand this.
A grep through our code shows that overlap_supported is still used,
and sometimes (always?) initialized to FALSE. That seems to
contradict the commit message.
Yes. The code is incorrect, but I did not want to change it at this
point all over the code. KLIPS is the only stack not supporting it AFAIK.
XFRM/NETKEY and its BSDKAME version do, and "nostack" should support it
it. MAST has been removed. Windows stack is dead until revived to the
Win8+ platform.
And some other code tests overlap_supported.
Removing part of a mechanism seems odd.
I would like to remove everything related to overlapip= but not now. Perhaps
for 3.30?
For now, this code change allows OE to work with /32 groups without
needing to specify overlapip=yes (which would in itself be wrong, as
this is the group template vs the group instance, as so it should not
need the overlapip= keyword? It was introduced initially to support
multiple transport mode connections behind the same NAT (hence some
really weird check for POLICY_TUNNEL within the code as well, making
the code even more wrong)
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
