[Swan-dev] pluto --help through the ages

D. Hugh Redelmeier hugh at mimosa.com
Sun May 18 01:06:41 EEST 2014


An 11 year old version of FreeS/WAN:

Usage: pluto [--help] [--version] [--optionsfrom <filename>] \
        [--nofork] [--stderrlog] [--noklips] [--uniqueids] \
        [--interface <ifname>] [--ikeport <port-number>] \
        [--ctlbase <path>] \
        [--secretsfile <secrets-file>] [--policygroupsdir <policygroups-dir>] \
        [--adns <pathname>] \
        [--debug-none] [--debug-all] \
        [--debug-raw] [--debug-crypt] [--debug-parsing] [--debug-emitting] \
        [--debug-control] [--debug-klips] [--debug-dns] [ --debug-private]
FreeS/WAN 2.02-pre1


Libreswan from Fedora 20's updates repo.  Notice how wide it is.

Usage: pluto [--help] [--version] \
        [--config <filename>][--vendorid <vendorid>] [--nofork] [--stderrlog] [--logfile <filename>] [--plutostderrlogtime] [--force_busy] [--nocrsend] [--strictcrlpolicy] [--crlcheckinterval] [--uniqueids] [--use-klips] [--use-netkey] [--use-mast] [--use-bsdkame] [--use-nostack] \
        [--interface <ifname|ifaddr>] [--ikeport <port-number>] [--natikeport <port-number>][--listen <ifaddr>] \
        [--ctlbase <path>] \
        [--perpeerlogbase <path>] [--perpeerlog] \
        [--coredir <dirname>] [--noretransmits][--statsbin <filename>] \
        [--secretsfile <secrets-file>] [--ipsecdir <ipsec-dir>] \
        [--adns <pathname>][--nhelpers <number>] \
        [--secctx_attr_value <number>] \
        [--debug-none] [--debug-all] \
        [--debug-raw] [--debug-crypt] [--debug-crypto] [--debug-parsing] [--debug-emitting] \
        [--debug-control][--debug-lifecycle] [--debug-kernel] [--debug-x509] [--debug-dns] [--debug-oppo] [--debug-oppoinfo] [--debug-dpd] [ --debug-private] [ --debug-pfkey] [ --debug-nat-t] \
        [--nat_traversal] [--keep_alive <delay_sec>] \
        [--disable_port_floating] \
        [--virtual_private <network_list>]
Libreswan 3.8

Libreswan's current git head:

Usage: pluto [--help] [--version] \
        [--leak-detective] [--config <filename>] [--vendorid <vendorid>] [--nofork] [--stderrlog] [--logfile <filename>] [--plutostderrlogtime] [--force-busy] [--nocrsend] [--strictcrlpolicy] [--crlcheckinterval] [--uniqueids] [--use-klips] [--use-netkey] [--use-mast] [--use-bsdkame] [--use-nostack] \
        [--interface <ifname|ifaddr>] [--ikeport <port-number>] [--natikeport <port-number>][--listen <ifaddr>] \
        [--ctlbase <path>] \
        [--perpeerlogbase <path>] [--perpeerlog] \
        [--coredir <dirname>] [--noretransmits][--statsbin <filename>] \
        [--secretsfile <secrets-file>] [--ipsecdir <ipsec-dir>] \
        [--adns <pathname>][--nhelpers <number>] \
        [--debug-none] [--debug-all] \
        [--debug-raw] [--debug-crypt] [--debug-crypto] [--debug-parsing] [--debug-emitting] \
        [--debug-control][--debug-lifecycle] [--debug-kernel] [--debug-x509] [--debug-dns] [--debug-oppo] [--debug-oppoinfo] [--debug-dpd] [ --debug-private] [ --debug-pfkey] [ --debug-nat-t] \
        [--keep-alive <delay_secs>] \
        [--virtual-private <network_list>]
Libreswan v3.8-842-g03cfc1b-master


My work-in-progress version:

Usage: OBJ.linux.x86_64/programs/pluto/pluto [--help] [--version]
        [--config <filename>] [--nofork] [--stderrlog] [--logfile <filename>]
        [--plutostderrlogtime] [--force-busy] [--strictcrlpolicy]
        [--crlcheckinterval <seconds>] [--uniqueids] [--use-nostack]
        [--use-klips] [--use-netkey] [--use-mast] [--use-mastklips]
        [--use-bsdkame] [--interface <ifname|ifaddr>] [--listen <ifaddr>]
        [--ikeport <port-number>] [--natikeport <port-number>]
        [--ctlbase <path>] [--secretsfile <secrets-file>]
        [--perpeerlogbase <path>] [--perpeerlog] [--noretransmits]
        [--dumpdir <dirname>] [--statsbin <filename>]
        [--ipsecdir <ipsec-dir>] [--adns <pathname>]
        [--keep-alive <delay_secs>] [--virtual-private <network_list>]
        [--nhelpers <number>] [--vendorid <vendorid>] [--leak-detective]
        [--debug-nattraversal]
        [--debug-none] [--debug-all] [--debug-raw] [--debug-crypt]
        [--debug-parsing] [--debug-emitting] [--debug-control]
        [--debug-lifecycle] [--debug-kernel] [--debug-dns] [--debug-oppo]
        [--debug-oppoinfo] [--debug-controlmore] [--debug-dpd] [--debug-x509]
        [--debug-private] [--debug-pfkey]
        [--impair-delay-adns-key-answer] [--impair-delay-adns-txt-answer]
        [--impair-bust-mi2] [--impair-bust-mr2] [--impair-sa-creation]
        [--impair-die-oninfo] [--impair-jacob-two-two]
        [--impair-major-version-bump] [--impair-minor-version-bump]
        [--impair-retransmits] [--impair-send-bogus-isakmp-flag]
        [--impair-send-ikev2-ke]
Libreswan v3.8-840-g7facd26-dirty-master

This last version is longer because the code automatically wraps at
character 72 (the initial tab is one character).

There are actually fewer options in this list.  That's because I
ditched some synonyms and some ignored options.

There may be a few additions.  Since (for the first time) help is
generated from the actual table used to parse options, only and all
real options are presented.

There is a facility for marking an option that should start a line in
the --help output.  I used it on the --debug-none and
--impair-delay-adns-key-answer options.

I ditched the end-of-line \.  Accidental, but seems like a good idea.
I wonder about the [ ].

It would be good to group and separate options to make the --help
output easier to understand.  Suggestions are welcome.


More information about the Swan-dev mailing list