[Swan-dev] What happened to "ipsec show" ?
Paul Wouters
paul at nohats.ca
Thu Nov 2 13:59:17 EET 2023
On Thu, 2 Nov 2023, Brady Johnson wrote:
> Here is the PR for this change [0]. I'm not sure why, but the PR is getting a semgrep failure in github.
The semgrep issue is unrelated, a fix should be there shortly.
> The output is the following:
>
> $ ipsec --briefconnectionstatus
> 000 Connection list:
> 000
> 000 172.16.20.0/24 @ 172.22.18.102 (2KiB in) <==> 172.16.10.0/24 @ 172.22.18.101 (1KiB in)
> vpnclient.gwn02.xyz.com, reqid=16388
Personally, I strongly prefer the first two things are source/mask <=> dest/mask,
as that is the core info people usually want to see/confirm. Having this
split in two makes this much harder to read. If you want to avoid adding
up the counters, perhaps this format could be considered:
000 172.16.20.0/24 <=> 172.16.10.0/24 from 172.22.18.102 to 172.22.18.101 (2KiB/1KiB) vpnclient.gwn02.xyz.com, reqid=16388
> Notice I added the reqid to the output of the "ipsec connectionstatus" command.
That's good, thanks.
> Can I get a review of this PR, please.
>
> [0] https://github.com/libreswan/libreswan/pull/1350
Left the comments there too.
Paul
More information about the Swan-dev
mailing list