[PATCH 8/9] [RFC] Add gateway_addr field to ip_info
cernekee at gmail.com
Wed Feb 10 14:37:55 PST 2016
On Wed, Feb 10, 2016 at 1:43 PM, Woodhouse, David
<david.woodhouse at intel.com> wrote:
> On Sun, 2016-02-07 at 20:26 -0800, Kevin Cernekee wrote:
>> NaCl needs to whitelist (split-exclude) the gateway's IP address,
>> because it doesn't have the option of whitelisting individual file
>> descriptors. Use vpninfo->ip_info.gateway_addr to track the
>> numeric representation of vpn->peer_addr.
>> This is just an RFC, so the standard API change procedure hasn't been
>> completed yet. Also, this field winds up being NULL on CrOS anyway,
>> probably because getnameinfo() isn't implemented yet.
> Elsewhere (at least in openssl.c) we use inet_ntop() instead. Since we
> only use getnameinfo() in NI_NUMERICHOST mode, perhaps we could use
> inet_ntop() for this too?
I wound up fixing libnacl_io, so getnameinfo() works now.
> I think that adding the new field to struct oc_ip_info is OK, because
> the memory is owned by the library. But stick a bloody great comment on
> its definition in openconnect.h which *warns* that it's not present in
> API 5.2 or below.
In patch V2, the API changelog mentions that gateway_addr is new in
5.3. Is that sufficient or should I add it in both places?
More information about the openconnect-devel