[Openswan dev] Error building klips-ipv6 (missing include?)
Harald Jenny
harald at a-little-linux-box.at
Mon Oct 11 16:09:58 EDT 2010
On Mon, Oct 11, 2010 at 03:58:19PM -0400, D. Hugh Redelmeier wrote:
> | From: Harald Jenny <harald at a-little-linux-box.at>
>
> | On Mon, Oct 11, 2010 at 02:42:28PM -0400, D. Hugh Redelmeier wrote:
>
> | > Off the top of my head, I can vaguely recollect two issues:
>
>
>
> | > - we want control of which interfaces are used. The only way was to
> | > control the IP addresses
> |
> | Hmmmm you mean for NETKEY? Because the interfaces= lines for KLIPS do work?
>
> No, my comment was all about IKE messages: strictly Pluto.
Ok thanks for making this clear.
>
> That does not mean that there are no Pluto/kernel issues, just that I
> didn't mention them (and don't remember any).
I see
>
> | > - we want to know the inbound IP address on each packet. recvfrom
> | > doesn't give you that, so we nail down which IP by only accepting
> | > a specified IP address on each socket. So we have to know the IP
> | > address.
> |
> | Well if we specify an IP which is not bound yet wouldn't we be able to check
> | in the main loop of pluto if/when this IP "arrives"?
>
> I don't know what that means.
That it wouldn't be necessary to listen on ANY IP but rather detect if a new IP
gets assigned to an interface?
>
> If a UDP packet comes in on an ANY, we don't know its source address.
> That would seem to be a problem.
Yes for sure.
>
> Another arcane fact: because Pluto only listens to what it is told to
> listen to, it is actually possible to run more than one Pluto on a
> system. I used to do that for regression testing.
Sounds like changing this might break some setups...
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
More information about the Dev
mailing list