I rebased the PR 777 again today. The fixes include couple of output bugs. I think this version is ready for merge into main. Any feedback? If there are no feedback or no further comments I would like to merge it around July 1st. That is my goal. Right after the merge Paul please complete renaming s/ikelifetime/ike-max-time/ Would you able to work on it?
I didn't rename the existing keywords because that need renaming of many variables and big changes to test output. It is better do that work in #main otherwise it will create complex merge conflict. regards, -antony On Tue, Jun 21, 2022 at 04:59:01PM +0200, Antony Antony wrote: > Hi Paul, > Here is a new iteration sa-expire branch. I cherry picked changes from > https://github.com/paulwouters/libreswan/tree/sa-expire-2022-01-06 > > and rebased to origin/main. > > I have created a PR to make it easy to review my branch. > https://github.com/libreswan/libreswan/pull/777 > > > I ignored "<unset>" change. > I am not in favor of "<unset>" : for 2^64 or the default. Currently it look > ipsec_max_bytes: 16EiB > ipsec_max_packets: 16Ei > > Also there are ciphers which only allow 2^32 bytes and packets as default. > So it is better to print the default value in abbreviated form than unset > based on values. Also another concern is if a user actually set to 16Ei or > 16EiB in the config, your proposal will show that as "unset"? > We don't print unset when using other defaults! So it feels odd to me. > I undderstand 18446744073709551615 is very confusing, and I feel 16Ei and > 16EiB is better. Would that work for you? > > I am presently surprised at your proposal to rename salifetime -> > ipsec-max-time. I think that is greate, and good for consistency. However, > lot of changes to keep track of on seperate branch before merge, ie. > variable names output. changes whack command .. > So I propose we change the those right after merge of sa-expire-2022*. i > As an atomic operation change config option, whack command and test output. > > s/salifetime/ipsec-max-time/ > s/ikelifetime/ike-max-time/ > > and reserve "ike-max-bytes" and "ike-max-packets" for FIPS complience. > > regards, > -antony > > On Thu, Jan 06, 2022 at 10:34:36PM -0500, Paul Wouters wrote: > > On Tue, 7 Dec 2021, Antony Antony wrote: > > > > > I have rebased the branches a couple days ago. minor fixes to ignore > > > acquire SA expire. GiB...EiB support. > > > > I've reviewed and rebased, added man page entries, and made the > > names more consistent. I've created a PR: > > > > https://github.com/antonyantony/libreswan/pull/2 > > > > A full test run can be found on https://lake.libreswan.org/ > > > > Paul > > ps. (on Jan 7, lake will be down for a few hours due to an eletrical > > panel replacement) _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev