[Swan-dev] [PATCH] fix status of "invertpool" keywords

[Bernhard Held]

Hi,

the keywords `aggrmode`, `modecfgpull` and `disablearrivalcheck` have 
the type `kt_invertbool`. This type swaps the statuses yes/no when 
printed by `ipsec readwriteconf`. Consequently the output shows the 
opposite of the input (see attached kt_invertbool.conf and the output 
bad-writeconf). This looks plain wrong to me.

As I didn't understand the purpose of `kt_invertbool` I created the 
attached patch `libreswan-rm-invertbool.patch` to get rid of it.

The resulting output `good-writeconf` shows what I would expect.

The patch in
`contrib/checkpoint-hybrid/libreswan-2.6.25-SecureClient.diff` still 
uses `kt_invertbool`, however it doesn't apply any more to current git 
anyway,

Have fun!

Bernhard
-------------- next part --------------
# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf 
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup


# begin conn allunset
conn allunset
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allunset

# begin conn allno
conn allno
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allno

# begin conn allyes
conn allyes
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allyes

# end of config

-------------- next part --------------
# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf 
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup


# begin conn allunset
conn allunset
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allunset

# begin conn allno
conn allno
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allno

# begin conn allyes
conn allyes
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allyes

# end of config

-------------- next part --------------
conn allunset
        auto=add
	#modecfgpull=
	#disablearrivalcheck=
	#aggrmode=

conn allno
	auto=add
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no

conn allyes
	auto=add
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes


	
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libreswan-rm-invertbool.patch
Type: text/x-patch
Size: 4293 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20140723/5c52ed11/attachment.bin>