Re: linux-ipsec: apps/utils/libs that parse IP/netbits

This looks useful.

Now -- the comments and suggestions. Quite nit-picky because I'd like this code to be widely used. I have not done any testing or coding to use this facility.

• Pluto needs to deal with IP address ranges in the same places it needs to deal with subnets. Can you support them? Perhaps with another variant?
• When I display the manpage with nroff, the prototypes in the synopsis wrap. This would be easier to read if the wrapped lines were indented.
• The diagnostics could easily be made a little more useful. If the results were of type const char *, success could be indicated by NULL and failure by a message (iff it were always a string literal, storage allocation would not be an issue).
• I'd find the code for atoaddrmask a little clearer if the mask-is-a-bit-count code were an else clause.
• The code for parsing a dotted quad or hostname appears twice. And it might well be useful as a library routine (I'd use it in Pluto). Consider breaking it out.
• Although I'm an old timer, I think that it is about time to give up on old-style function definitions. The new draft C standard almost got rid of them!
• I'd put blank lines between the multi-line declarations in freeswan.h
• The code in subnettoa seems to assume that unsigned long is exactly ABITS long. I think that the only consequence when this assumption is wrong is that the bit count form of mask will not be used. Oh, and the (to me, peculiar) "m = 0; m--;" only works on two's complement machines -- "m = ~0uL;" is more direct. The same problems appear in atosubnet (the consequence is different).
• The paranoid handling of the bit count being larger than 100 will fail because no mod 100 is done for the calculation of the 10s digit.
• I think that the document should more explicitly indicate that atosubnet, when passed a non-zero srclen, does not require a NUL to terminate the string (really, an array of characters, I'd say), and that subnettoa always NUL-terminates its output stream (on success).
• I'm a little uncomfortable the use of "char" instead of "unsigned char" but it is probably the best choice.
• Should this be GPLed?

I'm sure this should join the code base of FreeS/WAN. One advantage is that revisions will automatically appear in the snapshots. How should Pluto and KLIPS get at these routines?

Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253 Received on Sat Jul 18 00:10:55 1998