ipsec.conf parsing
As far as I can tell, if a commented line on ipsec.conf ends with \ then the following line will also be considered a comment (if the next line also ends with \ the commenting is propagated). For example #ike esp from A.A.A.A to C.C.C.C \ ike esp from A.A.A.A to B.B.B.B \ srcid foo.example.com dstid bar.example.com is treated as a commented block, instead of setting up a tunnel from A.A.A.A to B.B.B.B. I find this a bit surprising... What should be fixed: the parser, ipsec.conf.5 or my expectations? All the best Zé --
Re: ipsec.conf parsing
On Wed, Mar 19, 2014 at 10:22:43AM +, Zé Loff wrote: As far as I can tell, if a commented line on ipsec.conf ends with \ then the following line will also be considered a comment (if the next line also ends with \ the commenting is propagated). For example #ike esp from A.A.A.A to C.C.C.C \ ike esp from A.A.A.A to B.B.B.B \ srcid foo.example.com dstid bar.example.com is treated as a commented block, instead of setting up a tunnel from A.A.A.A to B.B.B.B. I find this a bit surprising... What should be fixed: the parser, ipsec.conf.5 or my expectations? Don't know what should be fixed, but it's exactly the same thing in pf.conf -- mabla
Re: ipsec.conf parsing
On 2014-03-19, Zé Loff zel...@zeloff.org wrote: As far as I can tell, if a commented line on ipsec.conf ends with \ then the following line will also be considered a comment (if the next line also ends with \ the commenting is propagated). For example #ike esp from A.A.A.A to C.C.C.C \ ike esp from A.A.A.A to B.B.B.B \ srcid foo.example.com dstid bar.example.com is treated as a commented block, instead of setting up a tunnel from A.A.A.A to B.B.B.B. I find this a bit surprising... What should be fixed: the parser, ipsec.conf.5 or my expectations? Manpages for all the programs using parse.y were supposed to have unified text about multiline comment handling, but I missed ipsec.conf(5) when I changed the others (back in 2011). ipsec.conf(5) is now fixed, thanks.
Re: ipsec.conf parsing
On 3/19/14 6:22 AM, Zé Loff wrote: As far as I can tell, if a commented line on ipsec.conf ends with \ then the following line will also be considered a comment (if the next line also ends with \ the commenting is propagated). For example #ike esp from A.A.A.A to C.C.C.C \ ike esp from A.A.A.A to B.B.B.B \ srcid foo.example.com dstid bar.example.com is treated as a commented block, instead of setting up a tunnel from A.A.A.A to B.B.B.B. I find this a bit surprising... What should be fixed: the parser, ipsec.conf.5 or my expectations? All the best Zé In my totally-not-in-depth analysis (I don't have much time before I need to run to class), it seems to be because lgetc (src/sbin/pfctl/parse.y line 5556) pastes \\\n together, which happens before lines are evaluated for comments in yylex on line 5655, which calls the not-comment-aware lgetc which just blindly joins lines ending with \ making it appear to the comment-evaluating code that the whole thing is indeed one line that begins with a comment. I'm not sure if that's the desired behavior. fparseln(3) behaves in the way you probably expected, so I'm inclined to say that it isn't.