tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec: duplicate sysctls



On Mon, Mar 05, 2018 at 08:44:32AM +0100, Maxime Villard wrote:
> As Ryota Ozaki noted a week ago, there are several duplicate sysctls
> 
> 	net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev
> 	net.inet.esp.net_deflev   = net.inet.ipsec.esp_net_deflev
> 	net.inet.ah.cleartos      = net.inet.ipsec.ah_cleartos
> 	net.inet.ah.offsetmask    = net.inet.ipsec.ah_offsetmask
> 	net.inet.ah.trans_deflev  = net.inet.ipsec.ah_trans_deflev
> 	net.inet.ah.net_deflev    = net.inet.ipsec.ah_net_deflev
> 
> Under net.inet6 there are no duplicates, we use the convention on the
> right here.
> 
> But I believe the one on the left is the best one. I guess it is fine to
> switch everything to the left one and remove the duplicates?

I do prefer the convention on the right, "esp" or "ah" by itself is not
necessary a direct assocation with IPsec.

Joerg


Home | Main Index | Thread Index | Old Index