On Thu, Jul 15, 2004 at 03:02:19PM +0900, Masahide NAKAMURA wrote:
>
> This patch is for iproute2.
> Please check comment in a ChangeSet below.
Thanks for the patches. It's much better.
I think some simplifications can still be made:
Policies:
* sel/upsec are redundant. You can disambiguate src/dst/proto
by whether they're preceded by tmpl or not.
* proto/sport/dport should be omitted if they're zero.
* level should be omitted if it's required.
* spi should be omitted if it's zero.
* index should be omitted in the default output. It's not a part of
the policy specification.
* action should be omitted if it's allow.
States:
* spi should be shown in hex by default. Related tools like tcpdump show
hex so this makes debugging easier.
* flag should be omitted if it's zero.
* Please use auth/enc instead of A/E. The latter looks out-of-place in ip(8).
* You can also skip algo and use auth/enc to detect the start of an
algorithm.
* replay_window is not a statistic so it should shown in the main output.
* The selector should be shown in the main output if it is not zero.
The above changes can be summarised by these two principles:
1. By cut-n-pasting the output of ip x p/s, I should be able to recreate
the exact same policies/states.
2. The output of ip x p/s should be minimal so that it is easy to
understand and type in.
Please also fix ip -o x so that the output can be on one line.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|