Re: Recent IPSEC changes

To: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Subject: Re: Recent IPSEC changes
From: Robert Swindells <rjs%fdy2.co.uk@localhost>
Date: Fri, 13 Oct 2017 08:41:08 +0100

Ryota Ozaki <ozaki-r%netbsd.org@localhost> wrote:
>On Fri, Oct 13, 2017 at 5:49 AM, Robert Swindells <rjs%fdy2.co.uk@localhost> wrote:
>>
>> I think something in the recent IPSEC changes is setting the ipsec_used
>> flag to be always true.
>
>Not really on my machine. I guess it depends on environments.

My environment is INET, INET6 & IPSEC in the kernel config, no modules.

I have taken out any other protocols.

>There is a change that affects the ipsec_used flag:
>  http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netipsec/key.c#rev1.199

Ok.

>It turns on the flag when a socket is enabled the IP_IPSEC_POLICY option.
>There was a bug that having such a socket didn't turn on the flag; the
>above commit fixed the bug.

The flag is on at boot for me.

>Do you have any processes having a socket with IP_IPSEC_POLICY on your
>machine in mind?

No.

Robert Swindells

Follow-Ups:
- Re: Recent IPSEC changes
  - From: Ryota Ozaki

References:
- Re: Recent IPSEC changes
  - From: Ryota Ozaki

Prev by Date: Re: Recent IPSEC changes
Next by Date: Re: Recent IPSEC changes
Previous by Thread: Re: Recent IPSEC changes
Next by Thread: Re: Recent IPSEC changes
Indexes:

Home | Main Index | Thread Index | Old Index