[Openswan dev] RFC: Changes to whack's --status output

Gessler Gerhard Gessler at iabg.de
Thu Nov 25 08:16:15 CET 2004


Dear Ken,

why not split the information of --status in the following way:

Name: xxx
ID: ID-left ID-right
Gateways: IP-left IP-right
Subnets: Subnet-left Subnet right
Nexthops: Nexthop-left Nexthop-right
Options: Options-left Options-right
AF Connection: inet | inet6
AF Tunnel: inet | inet6
Algorithms: ...
Status: ...
....

I agree that it takes quite a lot of space on the console, but for
output wrappers this is probably quite easy to parse. Those wrappers
could then transform the given information in whatever (compressed)
representation the user likes / needs. Furthermore, new information can
be easily appended at the end, so that wrappers can either ignore it or
just print it as "additional unparsed data".

There is another thing which I noted when looking at the output of
--status. There are connections in which additional information is given
in the form "IP-Address[ID]:0/0" (NAT-T related?). This might be
confusing when IPv6 addresses are used as the ":" is already present
inside the IPv6 address's textual representation. Is it possible to use
here a different notation when IPv6 addresses are involved? Usually IPv6
addresses are enclosed in "[IPv6 Address]" when a ":" can follow to
avoid any ambiguities such as in the case of "[IP-Address]:Port". But
this would anyway mean that when using IDs and IPv6 addresses, we'll
already have "[IPv6 Address][ID]" when using a compressed output format.
It could also be that this comment is just pointless as we will
hopefully never see the need to use NAT-T for IPv6 :-)

Just my 2 cents...

Cheers,

	Gerhard

--------------------------------------------
Gerhard Gessler

Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany

Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845

E-Mail: gessler at iabg dot de 

  > -----Original Message-----
  > From: dev-bounces at openswan.org 
  > [mailto:dev-bounces at openswan.org] On Behalf Of Ken Bantoft
  > Sent: Thursday, November 25, 2004 3:33 AM
  > To: dev at lists.openswan.org
  > Subject: [Openswan dev] RFC: Changes to whack's --status output
  > 
  > 
  > 
  > While debugging the Cisco VPN Client interop stuff, mcr and 
  > I decided we 
  > need update the output of whack's --status output.
  > 
  > Current Examples:
  > 
  > Cisco VPN connection (PSK, Aggresive Mode, Mode Config)
  > "cisco": 
  > 66.203.195.97[@xelerance,MC+XC+S=C]:0/0---66.203.195.1...205
  > .150.200.188[MS+XS+S=C]:0/0===205.150.200.0/24; unrouted; 
  > eroute owner: #0
  > 
  > X.509 
  > "kb-to-bp-10": 10.0.30.125/32===66.203.195.97[C=CA, 
  > ST=Ontario, L=Toronto, Blah 
  > Blah...]:0/0---66.203.195.1...38.112.109.70[C=CA, 
  > ST=Ontario, L=Toronto, Blah Blach ....]:0/0===10.0.0.0/24; 
  > erouted; eroute owner: #5
  > 
  > RSASig 
  > "toronto-net": 
  > 209.112.44.130/32===66.203.195.97[@kbantoft.toronto.xeleranc
  > e.com]:0/0---66.203.195.1...216.191.140.38[@toronto.xeleranc
  > e.com]:0/0===209.112.44.0/24; erouted; eroute owner: #4
  > 
  > 
  > I've come up with a few ideas, so I'm looking for 
  > 'yes/no/what about 
  > this?' comments.
  > 
  > 1) Minor Rearrange
  > 
  > "cisco": 
  > [@xelerance,MC+XC+S=C]66.203.195.97:0/0---66.203.195.1...205
  > .150.200.188:0/0[MS+XS+S=C]===205.150.200.0/24; unrouted; 
  > eroute owner: #0
  > 
  > 2) Split on 2 lines:
  > 
  > "cisco": 66.203.195.97[@xelerance,MC+XC+S=C]:0/0---66.203.195.1
  >          205.150.200.188[MS+XS+S=C]:0/0===205.150.200.0/24; 
  > unrouted; eroute owner: #0
  > 
  > "kb-to-bp-10": 10.0.30.125/32===66.203.195.97[C=CA, 
  > ST=Ontario, L=Toronto, Blah Blah...]:0/0---66.203.195.1
  >          38.112.109.70[C=CA, ST=Ontario, L=Toronto, Blah 
  > Blach ....]:0/0===10.0.0.0/24; erouted; eroute owner: #5
  > 
  > 
  > 3) Start Fresh, multiline
  > 
  > "cisco"
  >   Local ID: @xelerance
  >   Remote ID: 
  >   Local Options: MC+XC+S=C
  >   Remote Options: MS+XS+S=C
  >   Local Addresses: 66.203.195.97:0/0--->66.203.195.1
  >   Remote Addresses: 205.150.200.188===205.150.200.0/24:0/0
  >   Algorithm: 3DES_CBC_192-MD5-MODP1536
  >   Status:  unrouted; eroute owner: #0
  > 
  > "kb-to-bp-10"
  > 
  >   Local ID: C=CA, ST=Ontario, L=Toronto, Blah Blah
  >   Remote ID: C=CA, ST=Ontario, L=Toronto, Blah Blah
  >   Local Options:
  >   Remote Options:
  >   Local IP: 10.0.30.125/32
  >   Remote IP: 
  >   Local Addresses: 66.203.195.97--->66.203.195.1
  >   Remote Addresses: 38.112.109.70===10.0.0.0/24:0/0
  >   Algorithm: 3DES_CBC_192-MD5-MODP1536
  >   Status: erouted; eroute owner: #5
  > 
  > 
  > Other suggestions welcome.  We only want to change this 
  > once, as we have 
  > to update all of the test cases to match the new output.
  > 
  > 
  > 
  > -- 
  > Ken Bantoft			VP Business Development
  > ken at xelerance.com		Xelerance Corporation
  > sip://toronto.xelerance.com	http://www.xelerance.com
  > 
  > The future is here. It's just not evenly distributed yet. 
  >         -- William Gibson
  > 
  > _______________________________________________
  > Dev mailing list
  > Dev at openswan.org
  > http://lists.openswan.org/mailman/listinfo/dev
  > 


More information about the Dev mailing list