Re: Recent IPSEC changes

To: Robert Swindells <rjs%fdy2.co.uk@localhost>
Subject: Re: Recent IPSEC changes
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Fri, 13 Oct 2017 11:01:18 +0900

On Fri, Oct 13, 2017 at 5:49 AM, Robert Swindells <rjs%fdy2.co.uk@localhost> wrote:
>
> I think something in the recent IPSEC changes is setting the ipsec_used
> flag to be always true.

Not really on my machine. I guess it depends on environments.

There is a change that affects the ipsec_used flag:
  http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netipsec/key.c#rev1.199

It turns on the flag when a socket is enabled the IP_IPSEC_POLICY option.
There was a bug that having such a socket didn't turn on the flag; the
above commit fixed the bug.

Do you have any processes having a socket with IP_IPSEC_POLICY on your
machine in mind?

Thanks,
  ozaki-r

Follow-Ups:
- Re: Recent IPSEC changes
  - From: Robert Swindells

References:
- Recent IPSEC changes
  - From: Robert Swindells

Prev by Date: Recent IPSEC changes
Next by Date: Re: Recent IPSEC changes
Previous by Thread: Recent IPSEC changes
Next by Thread: Re: Recent IPSEC changes
Indexes:

Home | Main Index | Thread Index | Old Index