re: linux-ipsec: address-range syntax (was apps/utils/libs that parse...)

> shell scripters should already know when to "quote" or 'quote'
> their arguments. i wouldn't require that all shell-conflicting
> syntax be avoided.

Note that I didn't say it was required, only that there was a large bonus for it. Remember that scripts are programs -- often arguments are being substituted in from elsewhere, so you may not know exactly which form a particular argument is going to take -- and that cut-and-paste is also quite common with smart user interfaces. None of these things is *impossible* with a shell-hostile syntax, but a shell-friendly syntax makes them easier and less error-prone. Eliminating the problem, if we can, is better than making everyone cope with it.

A related issue is that it's generally good design to have parsing work hierarchically. That is, it's good if the input can be broken into phrases (to use an arbitrary term) before the phrases themselves are examined in detail. This tends to be more flexible, and less troublesome in the long run, than a syntax in which you can't tell where the third phrase ends and the fourth begins except by parsing the third in detail.

> xxx.xxx.xxx.xxx[/29] where xxx.xxx.xxx.xxx is anywhere within the 4 bit sub
> xxx.xxx.xxx.xxx[/28] where xxx.xxx.xxx.xxx is anywhere within the 5 bit sub
> xxx.xxx.xxx.xxx[/28] where xxx.xxx.xxx.xxx is the 5bit sub network address

This is all reasonably traditional, and we already have it (I'm not sure of the difference between the first two, and the bit counts don't seem to quite add up, but that may just be typos...).

> xxx.xxx.xxx.xxx [(mask|netmask) yyy.yyy.yyy.yyy] traditional syntax

xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy is also reasonably traditional here, and again, the support for that is already done.

> xxx.xxx.xxx.xxx to yyy.yyy.yyy.yyy a literal range, no sensibility checks

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

I see problems here, among them the fact that "to" can be a legitimate DNS name. (So can "mask" and "netmask", by the way -- a DNS query on "mask" on my system yields "255.255.255.240".) I think it would still be better to have a single-argument syntax that doesn't need quoting.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)