On Sun, 24 Sep 2023, Pidda wrote:
find_raw_ifaces6() skips IPv6 addresses in tentative state when read from
/proc/net/if_inet6, whenever whack listens.
This is actually a concern because my IPv6 configuration did not get loaded on
interface restart.
The IPv6 address assignment happens post DAD (Duplicate Address Detection).
During this process the IPv6 addresses if present in /proc/net/if_inet6
will be marked as tentative. Since libreswan's find_raw_ifaces6() relies on
/proc/net/if_inet6 file to read, it will skip the addresses in
tentative state.
For now, as a workaround, I am polling the /proc/net/if_inet6 file to have IPv6
address for DAD completion. If not done, then the delay imposed by
DAD will affect libreswan reading the IPv6 addresses.
Let me know if this behavior from libreswan will remain as it is or you have
some plans to handle it efficiently?
This behaviour should be changed. The pluto deamon should look for IPv6
updates via netlink and then rerun the connection orienting code.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
