On Wed, Jun 13, 2018 at 3:48 AM Subash Abhinov Kasiviswanathan <subas...@codeaurora.org> wrote: > > src 192.168.1.1 dst 192.168.1.2 > proto esp spi 0x00004321 reqid 0 mode tunnel > replay-window 0 flag af-unspec > mark 0x10000/0x3ffff > output-mark 0x20000
Nit: I don't know what guarantees we provide (if any) that the output format of "ip xfrm state" does not change except to add new lines at the end. Personally, I feel that an app or script that depends on "auth-trunc" (or anything else, really) being on the line immediately after "mark" is brittle and should be fixed. This is particularly true since in general between the mark and the encryption there might be an auth-trunc line, or an auth line, or neither. As such, adding this line here seems OK to me. > @@ -61,6 +61,7 @@ static void usage(void) > fprintf(stderr, " [ flag FLAG-LIST ] [ sel SELECTOR ] [ > LIMIT-LIST ] [ encap ENCAP ]\n"); > fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag > EXTRA-FLAG-LIST ]\n"); > fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n"); > + fprintf(stderr, " [ output-mark OUTPUT-MARK]\n"); Nit: I think you want a space between OUTPUT-MARK and ]. Other than that, Acked-by: Lorenzo Colitti <lore...@google.com>