>Synopsis: The iked cli arg parser accepts the -I and -P options with no
>documentation in iked(8) or in the src itself as to what these flags do.
>Category: bin
>Description:
iked supports two undocumented flags, -I and -P, that appear to be
testing/development flags.
What the code shows:
The -P flag:
- Takes a process name argument (ca, control, or ikev2)
- Allows running iked as a specific child process type
- Used with process separation model
The -I flag:
- Takes a numeric instance argument
- Appears to allow multiple instances of a process
- Interacts with -P flag
These characteristics suggest test flags because:
1. They expose low-level process separation internals
2. They allow running components in isolation
3. They're excluded from both usage() and man page documentation
4. Multiple instance support seems oriented toward testing
>Fix:
If these are test flags:
1. Adding a comment in the code marking them as test/debug flags
2. Adding DEVELOPMENT or TEST notations if they appear in usage()
3. Potentially guarding them with #ifdef DEBUG
Alternatively, if they are intended for production use, they would need
documentation covering:
- Purpose of each flag
- Valid arguments
- How the flags interact
- Typical use cases
- Any warnings or requirements
- Examples of proper usage
