On Sat, Jun 11, 2016 at 12:58 AM, Selva Nair <selva.n...@gmail.com> wrote: >> I suggest to split the "option string" in two separate parts: >> >> Usage: --pull-filter accept|reject "option string" >> >> to >> >> Usage: --pull-filter accept|reject "option" "option-filter" >> >> >> >> where "option" is an exact match (identical string) for the >> corresponding openvpn option and "option-filter" is a partial match. > > [...] > > You can force future-proof exact matching for option names using a space at > the end, but I agree there are potential problems when the filter goes > beyond just the option name. For example, a filter "redirect-gateway def1" > may unintentionally match an ill-named future option "redirect-gateway > def100". The way to avoid such issues would be to cripple it by allowing > exact match only or support an end of string marker like $. > > I'm open to adding support for $, but would avoid using an _optional_ second > option-filter because of how missing quotes will change the meaning. >
I'm probably misunderstanding you, so I'm trying to explain my thoughts with some other words: Usage: --pull-filter accept|reject "openvpn-option-name" "filter-string-for-that-option" - "pull-filter" requires three arguments, exits with error otherwise - 1st option needs to be string "accept" or "reject" - 2nd option needs to be a valid openvpn option name, detected by the same logic openvpn parses the configuration file (I don't exactly know, but I think whitespace are stripped). Exits with error if no valid openvpn option name which is allowed to be filtered (for now: "ifconfig" and "route", more maybe later) is detected - 3rd option defines the filter for that option name (prefix-style filter for now, maybe some regex-style filter sometime later) I think this would be a very clean solution because the system checks if the 2nd option unambiguously describes which option is to be filtered (and also checks if this option is able to be filtered at all). Chris ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
