To Peter Hessle, I said that I use (utilize) multiple AIs but I do not solely rely on them for generating the content. I have: - actually been using iked - looked into the sources extensively - found multiple actual issues
Believe me, I do not want to be looking into the iked source code, but multiple sloppy implementation and documentation issues in it have caused me great pain and setbacks. I have not been able to find any stated policy that AI cannot be utilized for assistance in contributions. If you have problems with the actaul submission from my indepth audit on configuration payloads then please be specific. William Rusnack > On Jan 5, 2025, at 1:30 PM, William Rusnack <[email protected]> wrote: > > I am using multiple ai assistants but ChatGPT is not one of them. > > Also I do not understand your statement > >> I think most people with privileges to commit fixes generally understand >> the risks and benefits of updating a man page. > > This section of documentation has wasted days of my time due to its > inaccuracies, so please do double check my changes; especially not > including the dhcp option because I have found online articles that > use the dhcp-server option but I have not found in the source where > this is option (besides sending the configuration payload) actually > utilizes it if received. > >> On Jan 4, 2025, at 4:52 PM, Tobias Heider <[email protected]> wrote: >> >> On Sat, Jan 04, 2025 at 04:40:50PM GMT, William Rusnack wrote: >>> Synopsis: iked.conf(5) needs clearer documentation about which >>> configuration payload options are supported when receiving configurations >>> and their system effects. >>> Description: >>> The documentation of configuration payloads in iked.conf(5) has two >>> issues: >>> >>> 1. Missing Implementation Details for Receiving Configuration: >>> - ikev2_pld_cp() only processes INTERNAL_IP4_ADDRESS and >>> INTERNAL_IP4_DNS >>> - However, ikev2_add_cp() shows code exists to send many more >>> options: >>> * INTERNAL_IP4_NETMASK >>> * INTERNAL_IP4_NBNS (NetBIOS/WINS) >>> * INTERNAL_IP4_DHCP >>> * INTERNAL_IP4_SERVER >>> - This creates an asymmetric implementation where iked can send >>> configurations it cannot process when received >>> >>> 2. Man Page Documentation Issues: >>> - No distinction made between sendable and receivable configurations >>> - System effects of supported configurations not documented >>> - No details about address configuration using host routes >>> - No description of DNS configuration via routing socket >>> - No mention of cleanup behavior >>> >>> 3. Real-world Impact: >>> - Users waste time configuring options that won't work >>> - Admins may not understand the network configuration effects >>> - Interoperability problems when peers send configurations that iked >>> ignores >>> - Log messages show iked receives but ignores valid configuration >>> data from peers >>> Fix: >>> Update man page to: >>> 1. Split and clarify config vs request directives: >>> - Document which features only work when sending >>> - Document receive limitations >>> 2. Document system effects of supported configurations: >>> - Explain host route address configuration >>> - Detail DNS configuration via routing socket >>> - Describe automatic cleanup behavior >> >> Thanks for the patch. >> >> Out of pure interest: Are you using chatgpt to generate those reports? >> >> I think most people with privileges to commit fixes generally understand >> the risks and benefits of updating a man page. >> >>> >>> Index: iked.conf.5 >>> =================================================================== >>> RCS file: /cvs/src/sbin/iked/iked.conf.5,v >>> diff -u -p -u -r1.98 iked.conf.5 >>> --- iked.conf.5 13 Jul 2024 12:58:51 -0000 1.98 >>> +++ iked.conf.5 4 Jan 2025 21:31:18 -0000 >>> @@ -683,9 +683,9 @@ Use RSA public key authentication with S >>> .Pp >>> The default is to allow any signature authentication. >>> .Pp >>> + >>> .It Cm config Ar option address >>> -.It Cm request Ar option address >>> -Request or serve one or more optional configuration payloads (CP). >>> +Configure one or more configuration payloads (CP) to be sent to peers. >>> The configuration >>> .Ar option >>> can be one of the following with the expected address format: >>> @@ -716,6 +716,44 @@ included. >>> .It Ic access-server Ar address >>> The address of an internal remote access server. >>> .El >>> +.Pp >>> +.It Cm request Ar option address >>> +Request one or more configuration payloads (CP) from peers. >>> +Currently only the following options are supported when receiving >>> configuration: >>> +.Pp >>> +.Bl -tag -width Ds -compact -offset indent >>> +.It Ic address Ar address >>> +Request an IPv4 or IPv6 address on the internal network. >>> +Only the first received address will be used. >>> +When applied to an interface, addresses are configured as host routes >>> +(/32 for IPv4, /128 for IPv6) since netmasks are not negotiated >>> +in the IKEv2 configuration payload. >>> +.It Ic name-server Ar address >>> +Request the DNS server address (IPv4 or IPv6). >>> +Only the first received DNS server will be used. >>> +DNS configuration is applied system-wide via routing socket proposals >>> +which update the system resolver configuration. >>> +.El >>> +.Pp >>> +Other configuration requests may be sent but their values will be ignored >>> if received. >>> +Received configurations can be applied to an interface using the >>> +.Ic iface >>> +directive. >>> +When applied, the following changes occur: >>> +.Bl -dash -offset indent -compact >>> +.It >>> +Interface is configured with received address as a host route >>> +.It >>> +Routes are added for negotiated subnets using the virtual IP as gateway >>> +.It >>> +A direct route to the peer is established >>> +.It >>> +DNS configuration is applied via routing socket >>> +.El >>> +.Pp >>> +All configuration changes are automatically cleaned up when the SA is >>> terminated. >>> +The cleanup process removes configured addresses, routes, and DNS settings, >>> +restoring the original network configuration. >>> .Pp >>> .It Ic iface Ar interface >>> Enable automatic network configuration as initiator. >>> >
