Tobias Heider(tobias.hei...@stusta.de) on 2021.09.04 12:39:26 +0200:
> Here's an updated diff including the man page bits.
I don't want to bikeshed the manpage. The code is ok benno@ :)
> Looking at pf.conf(5)
> and ipsec.conf(5), there does not really seem to be a standard way to document
>
Here's an updated diff including the man page bits. Looking at pf.conf(5)
and ipsec.conf(5), there does not really seem to be a standard way to document
which parameters accept lists.
Index: iked.conf.5
===
RCS file:
Florian Obser(flor...@openbsd.org) on 2021.09.03 11:32:42 +0200:
> On 2021-09-03 10:38 +02, Claudio Jeker wrote:
> > On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
> >> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> >> > +;
> >> > +
> >>
On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> > The diff below makes iked accept a list of protocols for the "proto" config
> > option in iked.conf(5).
> > This would allow us to have a single policy with
On 2021-09-03 10:38 +02, Claudio Jeker wrote:
> On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
>> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
>> > + ;
>> > +
>> > +proto_list: protoval { $$ = $1; }
>> > + |
On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
> Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> > The diff below makes iked accept a list of protocols for the "proto" config
> > option in iked.conf(5).
> > This would allow us to have a single policy with
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> The diff below makes iked accept a list of protocols for the "proto" config
> option in iked.conf(5).
> This would allow us to have a single policy with "proto { ipencap, ipv6 }"
> to secure a gif(4) tunnel, instead of
The diff below makes iked accept a list of protocols for the "proto" config
option in iked.conf(5).
This would allow us to have a single policy with "proto { ipencap, ipv6 }"
to secure a gif(4) tunnel, instead of requiring one policy for each protocol.
ok?
Index: iked.h