[Swan-dev] [PATCH] fix status of "invertpool" keywords

Wed, 23 Jul 2014 13:57:06 -0700 

Hi,
the keywords `aggrmode`, `modecfgpull` and `disablearrivalcheck` have the type `kt_invertbool`. This type swaps the statuses yes/no when printed by `ipsec readwriteconf`. Consequently the output shows the opposite of the input (see attached kt_invertbool.conf and the output bad-writeconf). This looks plain wrong to me. 


As I didn't understand the purpose of `kt_invertbool` I created the 
attached patch `libreswan-rm-invertbool.patch` to get rid of it.


The resulting output `good-writeconf` shows what I would expect.

The patch in

`contrib/checkpoint-hybrid/libreswan-2.6.25-SecureClient.diff` still 
uses `kt_invertbool`, however it doesn't apply any more to current git 
anyway,


Have fun!

Bernhard

# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf 
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup


# begin conn allunset
conn allunset
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allunset

# begin conn allno
conn allno
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allno

# begin conn allyes
conn allyes
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allyes

# end of config


# ipsec readwriteconf --config /etc/ipsec.d/kt_invertbool.conf 
#conn allunset loaded
#conn allno loaded
#conn allyes loaded
config setup


# begin conn allunset
conn allunset
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allunset

# begin conn allno
conn allno
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allno

# begin conn allyes
conn allyes
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes
        auto=add
        type=tunnel
        compress=no
        pfs=yes
        ikepad=yes
        rekey=yes
        overlapip=yes
        authby=rsasig
        phase2=esp
# end conn allyes

# end of config


conn allunset
        auto=add
        #modecfgpull=
        #disablearrivalcheck=
        #aggrmode=

conn allno
        auto=add
        modecfgpull=no
        disablearrivalcheck=no
        aggrmode=no

conn allyes
        auto=add
        modecfgpull=yes
        disablearrivalcheck=yes
        aggrmode=yes


        

 include/ipsecconf/keywords.h | 1 -
 lib/libipsecconf/confread.c  | 2 --
 lib/libipsecconf/confwrite.c | 5 -----
 lib/libipsecconf/keywords.c  | 7 +++----
 lib/libipsecconf/parser.y    | 2 --
 5 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/include/ipsecconf/keywords.h b/include/ipsecconf/keywords.h
index b67aa1b..1803936 100644
--- a/include/ipsecconf/keywords.h
+++ b/include/ipsecconf/keywords.h
@@ -233,7 +233,6 @@ enum keyword_type {
 	kt_filename,            /* value is a filename string */
 	kt_dirname,             /* value is a dir name string */
 	kt_bool,                /* value is an on/off type */
-	kt_invertbool,          /* value is an off/on type ("disable") */
 	kt_enum,                /* value is from a set of key words */
 	kt_list,                /* a set of values from a set of key words */
 	kt_loose_enum,          /* either a string, or a %-prefixed enum */
diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
index 412692a..e98162b 100644
--- a/lib/libipsecconf/confread.c
+++ b/lib/libipsecconf/confread.c
@@ -314,7 +314,6 @@ static bool load_setup(struct starter_config *cfg,
 
 		case kt_list:
 		case kt_bool:
-		case kt_invertbool:
 		case kt_enum:
 		case kt_number:
 		case kt_time:
@@ -853,7 +852,6 @@ static bool translate_conn(struct starter_conn *conn,
 
 		case kt_list:
 		case kt_bool:
-		case kt_invertbool:
 		case kt_enum:
 		case kt_number:
 		case kt_time:
diff --git a/lib/libipsecconf/confwrite.c b/lib/libipsecconf/confwrite.c
index f29e6ae..1f14f06 100644
--- a/lib/libipsecconf/confwrite.c
+++ b/lib/libipsecconf/confwrite.c
@@ -104,13 +104,9 @@ static void confwrite_int(FILE *out,
 			break;
 
 		case kt_bool:
-		case kt_invertbool:
 			/* special enumeration */
 			if (options_set[k->field]) {
 				int val = options[k->field];
-				if (k->type == kt_invertbool)
-					val = !val;
-
 				fprintf(out, "\t%s%s=%s\n", side,
 					k->keyname, val ? "yes" : "no");
 			}
@@ -228,7 +224,6 @@ static void confwrite_str(FILE *out,
 			continue;
 
 		case kt_bool:
-		case kt_invertbool:
 		case kt_enum:
 		case kt_list:
 		case kt_loose_enum:
diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c
index f6235f2..68ec85c 100644
--- a/lib/libipsecconf/keywords.c
+++ b/lib/libipsecconf/keywords.c
@@ -514,7 +514,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = {
 	  KNCF_MODECONFIGCLIENT, NOT_ENUM },
 	{ "xauthusername", kv_conn | kv_auto | kv_leftright, kt_string,
 	  KSCF_XAUTHUSERNAME, NOT_ENUM },
-	{ "modecfgpull", kv_conn | kv_auto, kt_invertbool, KBF_MODECONFIGPULL,
+	{ "modecfgpull", kv_conn | kv_auto, kt_bool, KBF_MODECONFIGPULL,
 	  NOT_ENUM },
 	/* these are really kt_ipaddr, but we handle them as string until we load them into a whack message */
 	{ "modecfgdns1", kv_conn | kv_auto, kt_string, KSF_MODECFGDNS1,
@@ -548,7 +548,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = {
 	  NOT_ENUM },
 	{ "ikelifetime",    kv_conn | kv_auto, kt_time,   KBF_IKELIFETIME,
 	  NOT_ENUM },
-	{ "disablearrivalcheck", kv_conn | kv_auto, kt_invertbool,
+	{ "disablearrivalcheck", kv_conn | kv_auto, kt_bool,
 	  KBF_ARRIVALCHECK, NOT_ENUM },
 	{ "failureshunt",   kv_conn | kv_auto, kt_enum,   KBF_FAILURESHUNT,
 	  &kw_failureshunt_list },
@@ -592,7 +592,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = {
 	{ "reqid",          kv_conn | kv_auto, kt_number, KBF_REQID,
 	  NOT_ENUM },
 
-	{ "aggrmode",    kv_conn | kv_auto, kt_invertbool,      KBF_AGGRMODE,
+	{ "aggrmode",    kv_conn | kv_auto, kt_bool,      KBF_AGGRMODE,
 	  NOT_ENUM },
 
 	{ NULL, 0, 0, 0, NOT_ENUM }
@@ -664,7 +664,6 @@ int parser_find_keyword(const char *s, YYSTYPE *lval)
 		keywordtype = COMMENT;
 		break;
 	case kt_bool:
-	case kt_invertbool:
 		keywordtype = BOOLWORD;
 		break;
 	default:
diff --git a/lib/libipsecconf/parser.y b/lib/libipsecconf/parser.y
index 1b34b75..14ea62f 100644
--- a/lib/libipsecconf/parser.y
+++ b/lib/libipsecconf/parser.y
@@ -188,7 +188,6 @@ statement_kw:
 			break;
 
 		    case kt_bool:
-		    case kt_invertbool:
 		    case kt_number:
 		    case kt_time:
 		    case kt_percent:
@@ -262,7 +261,6 @@ statement_kw:
 			break;
 
 		    case kt_bool:
-		    case kt_invertbool:
 		    case kt_number:
 		    case kt_time:
 		    case kt_percent:

_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev






















					Reply via email to