On Sun, 2016-02-07 at 20:26 -0800, Kevin Cernekee wrote: > NaCl needs to whitelist (split-exclude) the gateway's IP address, > because it doesn't have the option of whitelisting individual file > descriptors. Use vpninfo->ip_info.gateway_addr to track the > numeric representation of vpn->peer_addr. > > This is just an RFC, so the standard API change procedure hasn't been > completed yet. Also, this field winds up being NULL on CrOS anyway, > probably because getnameinfo() isn't implemented yet. Elsewhere (at least in openssl.c) we use inet_ntop() instead. Since we only use getnameinfo() in NI_NUMERICHOST mode, perhaps we could use inet_ntop() for this too? I think that adding the new field to struct oc_ip_info is OK, because the memory is owned by the library. But stick a bloody great comment on its definition in openconnect.h which *warns* that it's not present in API 5.2 or below. I think it's allowed to lack backward compatibility so that apps built against libopenconnect.so.5.3 don't work correctly against libopenconnect.so.5.2, yes? -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3437 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160210/8c3054c4/attachment.bin>
