On 6/12/18 9:14 PM, Lorenzo Colitti wrote:
> On Wed, Jun 13, 2018 at 3:48 AM Subash Abhinov Kasiviswanathan
> <subas...@codeaurora.org> wrote:
>>
>> src 192.168.1.1 dst 192.168.1.2
>> proto esp spi 0x00004321 reqid 0 mode tunnel
>> replay-window 0 flag af-unspec
>> mark 0x10000/0x3ffff
>> output-mark 0x20000
>
> Nit: I don't know what guarantees we provide (if any) that the output
> format of "ip xfrm state" does not change except to add new lines at
> the end. Personally, I feel that an app or script that depends on
> "auth-trunc" (or anything else, really) being on the line immediately
> after "mark" is brittle and should be fixed. This is particularly true
> since in general between the mark and the encryption there might be an
> auth-trunc line, or an auth line, or neither. As such, adding this
> line here seems OK to me.
any reason to put output-mark on its own line? Why not
mark 0x10000/0x3ffff output-mark 0x20000
is the documentation clear on the difference between mark and output-mark?
>
>> @@ -61,6 +61,7 @@ static void usage(void)
>> fprintf(stderr, " [ flag FLAG-LIST ] [ sel SELECTOR ] [
>> LIMIT-LIST ] [ encap ENCAP ]\n");
>> fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [
>> extra-flag EXTRA-FLAG-LIST ]\n");
>> fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n");
>> + fprintf(stderr, " [ output-mark OUTPUT-MARK]\n");
>
> Nit: I think you want a space between OUTPUT-MARK and ].
yes.
>
> Other than that,
>
> Acked-by: Lorenzo Colitti <lore...@google.com>
>
