[Design] Re: _updown custom arguments

I will respond only briefly, since I don't work for FreeS/WAN any more and somebody else (probably DHR) is responsible for this nowadays... Also, caveat: I have not tracked recent developments and my knowledge of the code may be slightly out of date.

> 0) Pre-background: I think it is a good design to
> have an _updown script. It makes freeswan more
> extensible. Thanks!

It worked out nicely in a lot of ways, if not always quite as originally intended. Its biggest flaw, I would say, is that the script itself has become big enough and complicated enough (and important enough to correct functioning of the software) that it is no longer simple for people to customize. I occasionally considered adding another level of abstraction (the standard response of software people to a problem!), trying to move only the parts likely to see real changes out into a separate script, but I never found time to experiment with this.

> 2) Suggestion: It should be a _documented_ feature that
> calling _updown (or copy_of_updown, before modifications)
> with the arguments "custom blah blah foo bar" is
> exactly equivalent to calling it with no arguments at
> all, no matter what arguments follow the word "custom".

There are lots of things about _updown that ought to be better documented! This being one of them.

> ...Things used to be nice and orthogonal
> like that, but the introduction of the ipfwadm
> argument de-orthogonalized things.

Yes, in hindsight that was a mistake. That decision, among others, was due to be revisited in an overhaul of the script to use the more modern firewalling facilities... another thing I never got done.

                                                          Henry Spencer
                                                       henry@spsystems.net

_______________________________________________