I am using multiple ai assistants but ChatGPT is not one of them. Also I do not understand your statement
> I think most people with privileges to commit fixes generally understand > the risks and benefits of updating a man page. This section of documentation has wasted days of my time due to its inaccuracies, so please do double check my changes; especially not including the dhcp option because I have found online articles that use the dhcp-server option but I have not found in the source where this is option (besides sending the configuration payload) actually utilizes it if received. > On Jan 4, 2025, at 4:52 PM, Tobias Heider <tobias.hei...@stusta.de> wrote: > > On Sat, Jan 04, 2025 at 04:40:50PM GMT, William Rusnack wrote: >> Synopsis: iked.conf(5) needs clearer documentation about which configuration >> payload options are supported when receiving configurations and their system >> effects. >> Description: >> The documentation of configuration payloads in iked.conf(5) has two >> issues: >> >> 1. Missing Implementation Details for Receiving Configuration: >> - ikev2_pld_cp() only processes INTERNAL_IP4_ADDRESS and >> INTERNAL_IP4_DNS >> - However, ikev2_add_cp() shows code exists to send many more >> options: >> * INTERNAL_IP4_NETMASK >> * INTERNAL_IP4_NBNS (NetBIOS/WINS) >> * INTERNAL_IP4_DHCP >> * INTERNAL_IP4_SERVER >> - This creates an asymmetric implementation where iked can send >> configurations it cannot process when received >> >> 2. Man Page Documentation Issues: >> - No distinction made between sendable and receivable configurations >> - System effects of supported configurations not documented >> - No details about address configuration using host routes >> - No description of DNS configuration via routing socket >> - No mention of cleanup behavior >> >> 3. Real-world Impact: >> - Users waste time configuring options that won't work >> - Admins may not understand the network configuration effects >> - Interoperability problems when peers send configurations that iked >> ignores >> - Log messages show iked receives but ignores valid configuration >> data from peers >> Fix: >> Update man page to: >> 1. Split and clarify config vs request directives: >> - Document which features only work when sending >> - Document receive limitations >> 2. Document system effects of supported configurations: >> - Explain host route address configuration >> - Detail DNS configuration via routing socket >> - Describe automatic cleanup behavior > > Thanks for the patch. > > Out of pure interest: Are you using chatgpt to generate those reports? > > I think most people with privileges to commit fixes generally understand > the risks and benefits of updating a man page. > >> >> Index: iked.conf.5 >> =================================================================== >> RCS file: /cvs/src/sbin/iked/iked.conf.5,v >> diff -u -p -u -r1.98 iked.conf.5 >> --- iked.conf.5 13 Jul 2024 12:58:51 -0000 1.98 >> +++ iked.conf.5 4 Jan 2025 21:31:18 -0000 >> @@ -683,9 +683,9 @@ Use RSA public key authentication with S >> .Pp >> The default is to allow any signature authentication. >> .Pp >> + >> .It Cm config Ar option address >> -.It Cm request Ar option address >> -Request or serve one or more optional configuration payloads (CP). >> +Configure one or more configuration payloads (CP) to be sent to peers. >> The configuration >> .Ar option >> can be one of the following with the expected address format: >> @@ -716,6 +716,44 @@ included. >> .It Ic access-server Ar address >> The address of an internal remote access server. >> .El >> +.Pp >> +.It Cm request Ar option address >> +Request one or more configuration payloads (CP) from peers. >> +Currently only the following options are supported when receiving >> configuration: >> +.Pp >> +.Bl -tag -width Ds -compact -offset indent >> +.It Ic address Ar address >> +Request an IPv4 or IPv6 address on the internal network. >> +Only the first received address will be used. >> +When applied to an interface, addresses are configured as host routes >> +(/32 for IPv4, /128 for IPv6) since netmasks are not negotiated >> +in the IKEv2 configuration payload. >> +.It Ic name-server Ar address >> +Request the DNS server address (IPv4 or IPv6). >> +Only the first received DNS server will be used. >> +DNS configuration is applied system-wide via routing socket proposals >> +which update the system resolver configuration. >> +.El >> +.Pp >> +Other configuration requests may be sent but their values will be ignored >> if received. >> +Received configurations can be applied to an interface using the >> +.Ic iface >> +directive. >> +When applied, the following changes occur: >> +.Bl -dash -offset indent -compact >> +.It >> +Interface is configured with received address as a host route >> +.It >> +Routes are added for negotiated subnets using the virtual IP as gateway >> +.It >> +A direct route to the peer is established >> +.It >> +DNS configuration is applied via routing socket >> +.El >> +.Pp >> +All configuration changes are automatically cleaned up when the SA is >> terminated. >> +The cleanup process removes configured addresses, routes, and DNS settings, >> +restoring the original network configuration. >> .Pp >> .It Ic iface Ar interface >> Enable automatic network configuration as initiator. >>
