On Wed, 26 Aug 2020, Antony Antony wrote:
Isn't it still true that you cannot use if_id set to 0 because that
means the same as not using if_id. I mean within the kernel, not
no, I know if_id 0 works in some situations. now iproute allow if_id 0 and
strongswan allow if_id 0. I think now, 5.4 or later,xfrmi does not need
physcial dev ethX associated with it.
So in that case, perhaps we should just map the number configured to the
kernel and for the userland parser set the default to maxint and treat
that one as "dont send if_id to kernel" ?
Then the "yes" option can remain the equivalent to "1".
In general I am not in favor of configurable xfrmi device name, ipsecX is
simple:)
I agree it would be nice to keep it like that - at least for now.
so please, based on this, go and push one or the other version of
your patch into main.
ok.
My plan is first the output mark patch. Then later on ipsec0 patch. This
will need many smaller test updates, both script and output.
I will have to rebase my branch. Recent logger changes broke my branch.
Sorry about the big churn there from Andrew. It is to add support for
minimal logging where each connection at most logs 1 success or 1
failure.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
