On Wed, Feb 10, 2016 at 1:43 PM, Woodhouse, David <david.woodhouse at intel.com> wrote: > On Sun, 2016-02-07 at 20:26 -0800, Kevin Cernekee wrote: >> NaCl needs to whitelist (split-exclude) the gateway's IP address, >> because it doesn't have the option of whitelisting individual file >> descriptors. Use vpninfo->ip_info.gateway_addr to track the >> numeric representation of vpn->peer_addr. >> >> This is just an RFC, so the standard API change procedure hasn't been >> completed yet. Also, this field winds up being NULL on CrOS anyway, >> probably because getnameinfo() isn't implemented yet. > > Elsewhere (at least in openssl.c) we use inet_ntop() instead. Since we > only use getnameinfo() in NI_NUMERICHOST mode, perhaps we could use > inet_ntop() for this too? I wound up fixing libnacl_io, so getnameinfo() works now. > I think that adding the new field to struct oc_ip_info is OK, because > the memory is owned by the library. But stick a bloody great comment on > its definition in openconnect.h which *warns* that it's not present in > API 5.2 or below. In patch V2, the API changelog mentions that gateway_addr is new in 5.3. Is that sufficient or should I add it in both places?
