Re: linux-ipsec: args from files

> We should not make arguments be either literal or filenames depending

Is there a specific reason not to do this, apart from the general issues discussed below? Note that the leading-slash convention was your idea!

> Ditto the DOS-inspired "@" syntax.

I can't speak for any others involved, but I'm not familiar enough with DOS for its syntax to inspire (?) me. It was just an obvious choice of metacharacter. But your / suggestion looked better... The addition of "./" was to provide a way to do relative pathnames without excessive inconvenience.

> If there is a need in particular places for the option to take a

The problem with this is that it doesn't generalize. Grep is an easy case: it has *one* argument that needs this treatment, and it's helpfully the first argument. We've got multiple arguments that might want it, at semi-random places in the command line.

A positional syntax (which is what we have now) where arguments pop in and out depending on options is a hopeless mess. Putting the options in the positions where the arguments normally go is a headache for parsing, and is not really any more consistent with normal Unix practice (which does not usually intermix options and positional arguments, and certainly doesn't routinely allow one to substitute for the other).

I see two half-decent ways to deal with this.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

The first is to abandon the positional syntax completely, in favor of a syntax that is 100% options:

ipsec spi --dest 10.1.2.3 --spi 65 --proto ah --transform md5 --key 0x... or
ipsec spi --sa ah65@10.1.2.3 --md5 0x...

This needs some work for things like spigrp which now are fundamentally positional, but it could be done. Then we just need two different flavors of every option, one for literal and one for file; I don't find this particularly attractive.

The second is to have some way to distinguish a literal argument from a filename syntactically. The leading slash seems much the simplest. There is no exact Unix precedent for this that I know of, but there is general precedent for programs that assign types to positional arguments based on their syntax -- awk, make, all the compilers...

Sort of a third way is to just say that there is one magic option (as RGB suggested) which means that *all* the positional arguments come from a file, and maybe some extra options too. This too seems workable, but I fear it's going to require a lot of little dynamically-built temporary files to mix and match stable information like prearranged keys with transient stuff like SPI numbers.

Leading slash still seems to me like the least painful of the bunch.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)