On Sat, Feb 15, 2020 at 11:17:36PM +0100, Klemens Nanni wrote:
> On Sat, Feb 15, 2020 at 09:57:51PM +0000, Jason McIntyre wrote:
> > for the reader, it's hard to know if the text ipsec-$domain is
> > quoted because we are emphasising it (as we subsequently do for
> > ipsec-example.com) or because the actual quotes are required.
> >
> > your mail states something that the document doesn't:
> >
> > Otherwise it will be evaluated as macro during config parsing;
> Good point, I stated the quoting requirement and renamed "variable" to
> "macro" in the Macros section for the sake of clarity.
>
> OK?
>
>
> Index: sbin/iked/iked.conf.5
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.61
> diff -u -p -r1.61 iked.conf.5
> --- sbin/iked/iked.conf.5 10 Feb 2020 13:18:20 -0000 1.61
> +++ sbin/iked/iked.conf.5 15 Feb 2020 22:14:15 -0000
> @@ -64,7 +64,7 @@ for more information about manual keying
> is divided into three main sections:
> .Bl -tag -width xxxx
> .It Sy Macros
> -User-defined variables may be defined and used later, simplifying the
> +User-defined macros may be defined and used later, simplifying the
> configuration file.
> .It Sy Global Configuration
> Global settings for
> @@ -644,6 +644,7 @@ expands to
> The variable expansion for the
> .Ar tag
> directive occurs only at runtime, not during configuration file parse time.
> +Strings with variables must be quoted, otherwise they are interpreted as
> macros.
from a practical point of view, is there a reason to say when expansion
happens? by this i mean, what (if any) difference does it have for the
user - they will specify this in the conf file anyway, no?
if it doesn;t have to be said, we could knock out the whole runtime
sentence.
if it does have to be said (i realise i may be overlooking something
obvious here) could we be smarter about making the text shorter?
The variable expansion for the
.Ar tag
directive only occurs at runtime (not when the file is parsed)
and must be quoted, or it will be interpreted as a macro.
jmc
> .It Ic tap Ar interface
> Send the decapsulated IPsec traffic to the specified
> .Xr enc 4
> @@ -766,7 +767,7 @@ configuration and also sets an alternati
> device:
> .Bd -literal -offset indent
> ikev2 esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \e
> - tag ipsec-$domain tap "enc1"
> + tag "ipsec-$domain" tap "enc1"
> .Ed
> .Sh OUTGOING NETWORK ADDRESS TRANSLATION
> In some network topologies it is desirable to perform NAT on traffic leaving
> Index: sbin/ipsecctl/ipsec.conf.5
> ===================================================================
> RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v
> retrieving revision 1.158
> diff -u -p -r1.158 ipsec.conf.5
> --- sbin/ipsecctl/ipsec.conf.5 10 Feb 2020 13:18:20 -0000 1.158
> +++ sbin/ipsecctl/ipsec.conf.5 15 Feb 2020 22:14:14 -0000
> @@ -467,6 +467,7 @@ expands to
> The variable expansion for the
> .Ar tag
> directive occurs only at runtime, not during configuration file parse time.
> +Strings with variables must be quoted, otherwise they are interpreted as
> macros.
> .El
> .Sh PACKET FILTERING
> IPsec traffic appears unencrypted on the
> @@ -575,7 +576,7 @@ The tags will be assigned by the followi
> example:
> .Bd -literal -offset indent
> ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \e
> - tag ipsec-$domain
> + tag "ipsec-$domain"
> .Ed
> .Sh OUTGOING NETWORK ADDRESS TRANSLATION
> In some network topologies it is desirable to perform NAT on traffic leaving
>
