On Thu, 2 Mar 2023, Brady Johnson wrote: (CC:ing dev list, because why not)
I have started looking into how to ref count the IP addresses. It looks like currently the IP addresses are set on the interfaces in the updown shell script with the "up-client" verb. Currently the addresses are never deleted from the interfaces. I verified this when manually testing my previous patch. To refcount when addresses are added, I could just add code to the do_updown() function in programs/pluto/updown.c. But for deleting, I could also control that in the do_updown() function, but I guess I would also need to modify the updown script to actually remove the IP from the interface. This is all on Linux with xfrmi/vti interfaces.
It should not be too tightly coupled with "updown", because we are thinking of trying to make leftupdown= optional with a default to no, and move all the "standard" things into pluto. Most of the things we do in "updown" are related to IP addresses, routing and DNS settings. When we split DNS into its own helper, it avoids all those calls/checks when there is no need. Similarly, when no IP addresses are being removed / added or routes changed (or MTUs set via route changes), we hope to avoid calling updown (which is very expensive to call) Note also that updown as a "verb", giving it different meanings. It can be: up/down host, up/down client, up/down route. The route mostly stems from KLIPS that triggered the IPsec kernel code by routing into "ipsecX" interfaces. KLIPS was removed and usually those route calls are no longer needed. So while the locations where updown is called by pluto might be good spots to add your refcounting call, I wouldn't couple it too tightly to updown itself. Paul _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
