Hosting Provided By

Re: linux-ipsec: consistent command syntax

From: Angelos D. Keromytis <angelos(at)dsl.cis.upenn.edu>
Date: Sun Jul 12 1998 - 15:30:55 EDT

-----BEGIN PGP SIGNED MESSAGE----- To: linux-ipsec@clinet.fi
Subject: Re: linux-ipsec: consistent command syntax Cc:
Date: 07/12/98, 15:30:53

> Which unix tradition is that? Abtruse, obscure, undocumented folkloric

The ipsecadm interface is very well documented. Furthermore, I don't see why your proposed changes make any difference at all, other than being gratuitously different from what we have.

As for the very weird argument on permutations; yes, that's why the flags are not called "positional". And that's the intended and desirable effect.

> The -tunnel modifier also has multiple (different and unpredictable)

They are not currently well specified ? They're two IP addresses, and the man page says so. What more do you want to be said ? -tunnel always takes two of them, not one, not one and a half, not three. Yes, they can be different between different invocations of ipsecadm, but that's the whole point of arguments. So I don't see what you mean by "different and unpredictable".

> Also, I'm only guessing that the -spi and -key values are hex, since

You're right in that; I'll fix the man page.

Do you need help?

> Therefore, ipsecadm has 1 or 2 positional parameters instead of my 3;

It has exactly one positional parameter ("new esp" is one parameter).

> but has an inconsistent syntax, is horribly convoluted and subject to

The syntax is very consistent; you use the same set of flags for all the operations. It may be inconsistent with what you have in mind.

Furthermore, you've presented an alternative that makes gratuitous changes (convert three or four of the parameters to positional, change the names of some of the others, change the name of the command); if the current ipsecadm is horribly convoluted, how do your changes make any difference whatsoever ?

> Interesting. What's the user count? Of course, I was told that I'm the

You *are* the first one to complain about installation (go check the archives, or take my word for it); you'll also notice all the other people in the list complaining about the FreeBSD/Linux/BSDOS installation procedures and how they've begged us not to substantially change ours, and all the comments on how easy the installation was.

The problem in your case is twofold: you've depended too much on dumb-installation tools in the past, and you haven't actually administered a system by yourself so you know enough to be dangerous. Furthermore, in at least half the cases you've complained about, you haven't followed the documentation to the letter. Finally, your system is old; trash it and get a new one.

Do you need more help?

> As I keep saying, if this is not easy to use, then few folks are going

If end users end up having to use ipsecadm or some similar tool to protect their data with IPsec, we've done something wrong. ipsecadm (and friends) are supposed to be an administrator's tool. - -Angelos

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNakO7b0pBjh2h1kFAQFLFQP/fR69KX7mZ1IhDaffBEeFbc5VXSVmdM+f 54PbP7JFBxLKcK9wssAMhGlyOGc/B+Zv/6sUqoe+DDlJRV58QI60HgwiD+/wEC93 HkowcPRDeg0FIjMWjRw5fqw8QOHIScb/Hy8haJMjd4oR+tY7x/9CtedcEt5PmnqI 6utqKOkeMF0=
=IfsU
-----END PGP SIGNATURE----- Received on Sun Jul 12 18:10:38 1998

This message: [ Message body ]
Next message: William Allen Simpson: "Re: linux-ipsec: consistent command syntax"
Maybe in reply to: William Allen Simpson: "linux-ipsec: consistent command syntax"
In reply to William Allen Simpson: "Re: linux-ipsec: consistent command syntax"
Reply: William Allen Simpson: "Re: linux-ipsec: consistent command syntax"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:24 EDT