[PATCH 8/9] [RFC] Add gateway_addr field to ip_info

Kevin Cernekee cernekee at gmail.com
Wed Feb 10 14:37:55 PST 2016

On Wed, Feb 10, 2016 at 1:43 PM, Woodhouse, David
<david.woodhouse at intel.com> wrote:
> On Sun, 2016-02-07 at 20:26 -0800, Kevin Cernekee wrote:
>> NaCl needs to whitelist (split-exclude) the gateway's IP address,
>> because it doesn't have the option of whitelisting individual file
>> descriptors.  Use vpninfo->ip_info.gateway_addr to track the
>> numeric representation of vpn->peer_addr.
>> This is just an RFC, so the standard API change procedure hasn't been
>> completed yet.  Also, this field winds up being NULL on CrOS anyway,
>> probably because getnameinfo() isn't implemented yet.
> Elsewhere (at least in openssl.c) we use inet_ntop() instead. Since we
> only use getnameinfo() in NI_NUMERICHOST mode, perhaps we could use
> inet_ntop() for this too?

I wound up fixing libnacl_io, so getnameinfo() works now.

> I think that adding the new field to struct oc_ip_info is OK, because
> the memory is owned by the library. But stick a bloody great comment on
> its definition in openconnect.h which *warns* that it's not present in
> API 5.2 or below.

In patch V2, the API changelog mentions that gateway_addr is new in
5.3.  Is that sufficient or should I add it in both places?

More information about the openconnect-devel mailing list