[Swan-dev] [PATCH] fix status of "invertpool" keywords
Bernhard Held
berny156 at gmx.de
Wed Jul 23 23:32:02 EEST 2014
Hi,
the keywords `aggrmode`, `modecfgpull` and `disablearrivalcheck` have
the type `kt_invertbool`. This type swaps the statuses yes/no when
printed by `ipsec readwriteconf`. Consequently the output shows the
opposite of the input (see attached kt_invertbool.conf and the output
bad-writeconf). This looks plain wrong to me.
As I didn't understand the purpose of `kt_invertbool` I created the
attached patch `libreswan-rm-invertbool.patch` to get rid of it.
The resulting output `good-writeconf` shows what I would expect.
The patch in
`contrib/checkpoint-hybrid/libreswan-2.6.25-SecureClient.diff` still
uses `kt_invertbool`, however it doesn't apply any more to current git
anyway,
Have fun!
Bernhard
-------------- next part --------------
# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup
# begin conn allunset
conn allunset
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allunset
# begin conn allno
conn allno
modecfgpull=yes
disablearrivalcheck=yes
aggrmode=yes
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allno
# begin conn allyes
conn allyes
modecfgpull=no
disablearrivalcheck=no
aggrmode=no
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allyes
# end of config
-------------- next part --------------
# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup
# begin conn allunset
conn allunset
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allunset
# begin conn allno
conn allno
modecfgpull=no
disablearrivalcheck=no
aggrmode=no
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allno
# begin conn allyes
conn allyes
modecfgpull=yes
disablearrivalcheck=yes
aggrmode=yes
auto=add
type=tunnel
compress=no
pfs=yes
ikepad=yes
rekey=yes
overlapip=yes
authby=rsasig
phase2=esp
# end conn allyes
# end of config
-------------- next part --------------
conn allunset
auto=add
#modecfgpull=
#disablearrivalcheck=
#aggrmode=
conn allno
auto=add
modecfgpull=no
disablearrivalcheck=no
aggrmode=no
conn allyes
auto=add
modecfgpull=yes
disablearrivalcheck=yes
aggrmode=yes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libreswan-rm-invertbool.patch
Type: text/x-patch
Size: 4293 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20140723/5c52ed11/attachment.bin>
More information about the Swan-dev
mailing list