[Swan-dev] how do you spell NAT Traversal options?

D. Hugh Redelmeier hugh at mimosa.com
Thu Apr 17 01:09:47 EEST 2014 

I'm working at making the user-visible options more consistent.

There should only be one spelling of something.

I'm going to replace all underscores _ in names with minus -.  (Old
names will quietly work until we decide to pull the plug.)

NAT Traversal seems to have the most confusing proliferation of
spellings.  What should it be named?  These currently occur within
names and I want to pick ONE:
    nat
    natt
    nat-t
    nattraversal
    nat-traversal
I lean towards "natt" as being concise and distinct.  "nat" also has
merit.

==> which word would you choose?  Why?


libipsecconf/keywords.c uses "nat_ikeport" and everything else uses
"natikeport".  I imagine that this cannot work (but I don't really
understand the plumbing). It seems to me that "nat-ikeport" is a
better name.  But maybe the feature should just go away.

The documentation suggests that if you use this, you might confuse the
kernel.  This should be explained.

If it is only for testing, that should be said in the first sentence
of the description, saving readers time.

==> is natikeport being used?  Why?  Can I delete it?

==> Which spelling would you choose?  Why?


keep_alive SEEMS to be the way to specify a global "delay for NAT-T
keep-alive packets".  A HORRIBLE name.  Can we rename it?  I don't
even understand the description in ipsec.conf(5).  Is it how long we
will wait for an incoming keep-alive, or how long we'll wait before
sending one?  Or something else?

==> what would be a good name for this "delay"?


==== Survey ====

Here's a quick survey.  Some things might be left out.  This is
part-way into my switch from _ to -.

IPSEC_PLUTO(8):
--nat_traversal	<== obsolete: documentation should be removed
--natikeport
--debug-nat-t
--debug-natt
--disable_port_floating	<== obsolete: documentation should be removed

IPSEC.CONF(5)
nat_traversal	<== obsolete: documentation should be removed
nat_keepalive [yes/no]
force_keepalive	<== obsolete: documentation should be removed
disable_port_floating	<== obsolete: documentation should be removed
nat_ikeport
keep_alive

programs/pluto/plutomain.c usage message:
--natikeport
--debug-nat-t
--keep_alive

programs/pluto/plutomain.c optargs:
natikeport
nat_traversal	obsoleted, ignored
keep_alive
force_keepalive	obsoleted, ignored
disable_port_floating	obsoleted, ignored
debug-nat_t
debug-nattraversal
debug-nat-t

lib/libipsecconf/keywords.c
plutodebug=natt
plutodebug=nattraversal
klipsdebug=nat-traversal
klipsdebug=nattraversal
klipsdebug=natt
nat_ikeport
keep_alive
nat_traversal	obsolete
disable_port_floating	obsolete
force_keepalive	obsolete
nat_keepalive
ikev1_natt

programs/pluto/whack.c usage:
--no-nat_keepalive
--ikev1natt
--debug-natt
--ikeport (twice!)

programs/pluto/whack.c optargs:
no-nat_keepalive
ikev1_natt
debug-nattraversal
debug-natt
debug-nat_t
debug-nat-t

More information about the Swan-dev mailing list