Am Tuesday, den 03.07.2018, 13:42 +0200 schrieb Stefan Sperling: > Would you be able to send a patch for the iked man page which > explicitly mentions VPN traffic leakage and RFC 7359 (in the > STANDARDS section, perhaps)?
No problem; VPN leakage is already mentioned. As you mentioned, it is slightly ambiguous. Yet in my case the problem was more that I did not expect something there. Would I have read about the "-6" option, I would have understood the significance. My problem was that I silently expected native OpenBSD daemons not have a lot of startup options (appart from the usual "-dnv"). Indeed, I even scanned iked(8) to find the "-ST" flags to reduce the noise. So I was expecting to find rather something in iked.conf(5) or maybe a sysctl or something with "man -k any=flow" or "any=policy". I am not this much of an expert of mdoc(7), but other man pages declare flows with ".Ic". "Internal or interactive command" does not sound really correct though. A "preview" of the patch follows. A file without the mangled line breaks is available here: https://cloud.dahlberg.cologne/index.php/s/55HzfcHcrosC6CD Index: sbin/iked/iked.8 =================================================================== RCS file: /cvs/src/sbin/iked/iked.8,v retrieving revision 1.20 diff -u -p -u -r1.20 iked.8 --- sbin/iked/iked.8 27 Mar 2017 10:06:41 -0000 1.20 +++ sbin/iked/iked.8 3 Jul 2018 12:30:44 -0000 @@ -59,9 +59,11 @@ The options are as follows: Disable automatic blocking of IPv6 traffic. By default, .Nm -blocks any IPv6 traffic unless a flow for this address family has been -negotiated. -This option is used to prevent VPN traffic leakages on dual stack hosts. +blocks any IPv6 traffic unless a +.Ic flow +for this address family has been negotiated. +This option disables VPN traffic leakages prevention on dual stack hosts +(RFC 7359). .It Fl D Ar macro Ns = Ns Ar value Define .Ar macro
