[Openswan dev] RFC: Changes to whack's --status output

Michael Richardson mcr at xelerance.com
Wed Dec 8 10:16:51 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Ludwig" == Ludwig Nussel <ludwig.nussel at suse.de> writes:
    >> so, we wanted to create a program "initiate", which basically
    >> does "ipsec whack --name FOO --initiate", and only that. It would
    >> be small enough to be easily reviewed, and therefore able to be
    >> setuid.  (ipsec auto --up FOO translates to the above)
    >> 
    >> This is necessary for someone to do a nice GUI for XAUTH mode.
    >> (does smpppd handle prompting users for username/password
    >> already?)

    Ludwig> Yes.

    >> progress indicators already come out of whack, and can be
    >> processed by "initiate" if you like to give feedback. Tell us
    >> what format to provide the feedback if the current output is not
    >> okay. (Alas the numbers that come out are actually internal
    >> states, and change slowly over time)

    Ludwig> When I talked to the smpppd maintainer last time he was not
    Ludwig> very fond of parsing any command output at all. The best

  How about at the level of SMTP-like replies?

  I.e. always one line, starts with a number, and we can add an
indicator if this is something that requires interaction, or if should
simply display text.

    Ludwig> thing would probably be a C library that handles the socket
    Ludwig> communication to pluto. This way at least some errors can be

  Well, he can replace the main() function in whackinit.c.
  But, he will become Openswan version *SPECIFIC*, since we do not wish
to export the interface in such a way that we guarantee it will not
change.
  The unchanging interface is the command-line interface to whack.

    Ludwig> catched at build time already, like e.g. new value for an
    Ludwig> enum -> warning in switch().  Ideally such a library
    Ludwig> interface would be high level enough so it can be used for
    Ludwig> other isakmp implementations as well :-)

  You ask for a lot.
  Write something, and I'll see if we can meet you halfway.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQbc3AYqHRg3pndX9AQHZxQQA7RVu4OSxLWn1gzl8Lj3NALhbSpvJcOTy
p86WqJ0qNSzTlXnjc2t1u+38WYpkk7gTc3u6MteCLRMYRWvmLrWKX3LfEtA3bm8w
b2wY2JvMWWcGgVC5/C3jTv9PHGq1ETBI1zOl48hgFZ/yTRzgsH8jXtWxvBEU71Q5
+ur5qpx7Zrg=
=RXN8
-----END PGP SIGNATURE-----

More information about the Dev mailing list