[Swan] Can you help me in using the correct tool ?
Philippe Vouters
philippe.vouters at laposte.net
Tue Jan 8 21:57:01 EET 2013
Wes,
As per Paul's suggestion, I did:
[root at victor C]# ls /etc/ipsec.d/*.conf
/etc/ipsec.d/ipsec.unmanaged.david.conf
/etc/ipsec.d/ipsec.unmanaged.mumin.conf
/etc/ipsec.d/ipsec.unmanaged.paulin.conf
/etc/ipsec.d/vouters.conf
[root at victor C]# *echo -n " ikelifetime=1h" >>
/etc/ipsec.d/ipsec.unmanaged.paulin.conf*
[root at victor C]# od -a
/etc/ipsec.d/ipsec.unmanaged.paulin.conf 0000000 c o
n n sp p a u l i n nl sp a u t
0000020 o = a d d nl sp t y p e = t u n n
0000040 e l nl sp a u t h b y = s e c r e
0000060 t nl sp r i g h t = % a n y nl sp l
0000100 e f t = % d e f a u l t r o u t
0000120 e nl sp l e f t s u b n e t = 1 9
0000140 2 . 1 6 8 . 1 . 0 / 2 4 nl sp l e
0000160 f t s o u r c e i p = 1 9 2 . 1
0000200 6 8 . 1 . 2 nl sp r i g h t s u b
0000220 n e t = 1 9 2 . 1 6 8 . 3 0 . 0
0000240 / 2 4 nl sp l e f t i d = @ N i c
0000260 k - P a u l nl sp i k e = a e s 2
0000300 5 6 - s h a 1 nl sp p h a s e 2 a
0000320 l g = a e s 2 5 6 nl sp d p d t i
0000340 m e o u t = 1 2 0 nl sp d p d d e
0000360 l a y = 3 0 nl sp d p d a c t i o
0000400 n = r e s t a r t _ b y _ p e e
0000420 r nl sp s a l i f e t i m e = 1 h
0000440 nl sp i k e l i f e t i m e = 1 h
0000460
[root at victor C]# exit
exit
*This parser.l code:*
<<EOF>> {
if(parser_y_eof()) {
yyterminate();
}
if (stacktop->file != NULL) {
yyterminate();
}
}
*generates:*
[philippe at victor C]$ sudo /usr/local/sbin/ipsec addconn --autoall
can not load config '/etc/ipsec.conf': /etc/ipsec.d/vouters.conf:1:
syntax error, unexpected CONN, expecting EOL [conn]
[philippe at victor C]$
[philippe at victor C]$ sudo /usr/local/sbin/ipsec addconn --checkconfig
can not load config '/etc/ipsec.conf': /etc/ipsec.d/vouters.conf:1:
syntax error, unexpected CONN, expecting EOL [conn]
[philippe at victor C]$
[philippe at victor C]$ sudo systemctl restart ipsec.service
Job failed. See system journal and 'systemctl status' for details.
[philippe at victor C]$ sudo systemctl status ipsec.service
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/ipsec.service
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: | crl list
locked by ...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: | crl list
unlocked b...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: shutting down
interfa...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: shutting down
interfa...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: shutting down
interfa...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: shutting down
interfa...
Jan 08 20:26:14 victor.vouters.dyndns.org pluto[26425]: shutting down
interfa...
Jan 08 20:26:14 victor.vouters.dyndns.org ipsec[29528]: 002 shutting down
Jan 08 20:26:16 victor.vouters.dyndns.org ipsec[29557]: can not load
config '...
Jan 08 20:26:16 victor.vouters.dyndns.org ipsec[29561]: can not load
config '...
[philippe at victor C]$
And pluto did NOT crashed because it did not start, addcon --checkconfig
returning an execution error before.
So this fix sounds sane, although the error message can eventually be
made more accurate outputting the correct file name where the EOF at EOL
condition is found.
*Best fix that I shall git commit:*
<<EOF>> {
if(parser_y_eof()) {
yyterminate();
}
if (stacktop->file != NULL) {
fprintf(stderr,"ERROR: EOF at EOL condition found in %s\n",
stacktop->fileglob.gl_pathv[stacktop->fileglobcnt]);
yyterminate();
}
}
*This produces:*
[philippe at victor C]$ sudo /usr/local/sbin/ipsec addconn --checkconfig
ERROR: EOF at EOL condition found in
/etc/ipsec.d/ipsec.unmanaged.paulin.conf
[philippe at victor C]$
*So the very accurate error message.*
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
Le 08/01/2013 20:08, Paul Wouters a écrit :
> On Tue, 8 Jan 2013, Philippe Vouters wrote:
>
>> I have been trying to create an EOF at EOL condition. I can't succeed
>> with /usr/bin/vi, /usr/bin/vim and gedit. All these editors call
>> printf("\n") at the last line and before exiting. Which editor did
>> you use to create such a condition leading to your test case ?
>>
>> I'd like to thoroughly test my code suggestion to parser.l before I
>> git commit.
>
> echo -n "foo" > filename
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130108/57d60e2e/attachment.html>
More information about the Swan
mailing list