[Swan-dev] Parser commitment
Andrew Cagney
andrew.cagney at gmail.com
Mon Mar 21 17:44:17 EET 2022
On Mon, 21 Mar 2022 at 10:40, Paul Wouters <paul at nohats.ca> wrote:
>
>
>
> > On Mar 21, 2022, at 13:46, Andrew Cagney <cagney at vault.libreswan.fi> wrote:
> >
> > CHANGES: config: end keywords with no left/right prefix are applied to both ends
>
> I am not ready to commit us to this. We also did not discuss this.
> I don’t think this is a good idea, eg:
>
> subnet=1.2.3.0/24
>
> modecfgserver=yes
None of the semantic checks change (this is syntactic sugar). For
instance, assuming this:
leftmodecfgserver=yes
rightmodecfgserver=yes
is rejected then so to is:
modecfgserver=yes
(if leftsubnet=1.2.3.0/24 rightsubnet=1.2.3.0/24 isn't reasonable
then, regardless of this change, it too should be rejected).
There is a change we do need to consider. It turns out that every
release up to and including 4.6 accepted:
subnet=1.2.3.0/24
modecfgserver=yes
protoport=tcp/22
it just didn't do what I think anyone would reasonably expect (this is
why I split the changes, perhaps we should spin a release with code
rejecting this, and then follow with a release with the new
behaviour).
In the past, when I brought this up, the only reason I was given for
not doing this was that add addconn's parser was too broken.
> These make no sense if they are set for both ends.
>
> It also makes auth/authby even more confusing than it already is.
This change lets us make authby optionally left/right. Which means
auth is obsolete.
More information about the Swan-dev
mailing list