Re: IPsec: duplicate sysctls

To: "tech-net%NetBSD.org@localhost" <tech-net%netbsd.org@localhost>
Subject: Re: IPsec: duplicate sysctls
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Tue, 6 Mar 2018 20:40:47 +0100

Le 05/03/2018 à 22:06, Joerg Sonnenberger a écrit :

On Mon, Mar 05, 2018 at 08:44:32AM +0100, Maxime Villard wrote:

As Ryota Ozaki noted a week ago, there are several duplicate sysctls

	net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev
	net.inet.esp.net_deflev   = net.inet.ipsec.esp_net_deflev
	net.inet.ah.cleartos      = net.inet.ipsec.ah_cleartos
	net.inet.ah.offsetmask    = net.inet.ipsec.ah_offsetmask
	net.inet.ah.trans_deflev  = net.inet.ipsec.ah_trans_deflev
	net.inet.ah.net_deflev    = net.inet.ipsec.ah_net_deflev

Under net.inet6 there are no duplicates, we use the convention on the
right here.

But I believe the one on the left is the best one. I guess it is fine to
switch everything to the left one and remove the duplicates?


I do prefer the convention on the right, "esp" or "ah" by itself is not
necessary a direct assocation with IPsec.


These sysctls are to be used when IPsec is enabled; so if someone is using
IPsec but has no idea what "ah" or "esp" means, this someone has a problem
in the first place.

Follow-Ups:
- Re: IPsec: duplicate sysctls
  - From: Joerg Sonnenberger

References:
- IPsec: duplicate sysctls
  - From: Maxime Villard
- Re: IPsec: duplicate sysctls
  - From: Joerg Sonnenberger

Prev by Date: Re: IPsec: duplicate sysctls
Next by Date: Re: IPv6 NS looback avoidance - RFC7527 support
Previous by Thread: Re: IPsec: duplicate sysctls
Next by Thread: Re: IPsec: duplicate sysctls
Indexes:

Home | Main Index | Thread Index | Old Index