[Openswan dev] Error building klips-ipv6 (missing include?)
D. Hugh Redelmeier
hugh at mimosa.com
Mon Oct 11 15:58:19 EDT 2010
| From: Harald Jenny <harald at a-little-linux-box.at>
| On Mon, Oct 11, 2010 at 02:42:28PM -0400, D. Hugh Redelmeier wrote:
| > Off the top of my head, I can vaguely recollect two issues:
| > - we want control of which interfaces are used. The only way was to
| > control the IP addresses
|
| Hmmmm you mean for NETKEY? Because the interfaces= lines for KLIPS do work?
No, my comment was all about IKE messages: strictly Pluto.
That does not mean that there are no Pluto/kernel issues, just that I
didn't mention them (and don't remember any).
| > - we want to know the inbound IP address on each packet. recvfrom
| > doesn't give you that, so we nail down which IP by only accepting
| > a specified IP address on each socket. So we have to know the IP
| > address.
|
| Well if we specify an IP which is not bound yet wouldn't we be able to check
| in the main loop of pluto if/when this IP "arrives"?
I don't know what that means.
If a UDP packet comes in on an ANY, we don't know its source address.
That would seem to be a problem.
Another arcane fact: because Pluto only listens to what it is told to
listen to, it is actually possible to run more than one Pluto on a
system. I used to do that for regression testing.
More information about the Dev
mailing list