2008/9/8 Otto Moerbeek <[EMAIL PROTECTED]> > On Mon, Sep 08, 2008 at 12:57:09PM +0200, Reyk Floeter wrote: > > > hi! > > > > On Mon, Sep 08, 2008 at 12:33:20PM +0200, Frans Haarman wrote: > > > If you use an unqouted string as psk (pre-shared key) it can't start > with a > > > number so: > > > > > > fails: ike from any to any psk 123 > > > works: ike from any to any psk "123" > > > > > > > it can start with a number, but it cannot be a number. so 123foo > > would be ok but not just 123. > > > > > Same goes for the tag-strings. For most this is probably obvious, > because > > > it has to > > > be a string right ? But not for me :P > > > > > > > is there any problem with quoting the string? i think the normal > > approach is that quoting should be the default unless you have a > > string that also works without quotes. > > > > i mean we could fix this in ipsecctl (see diff below) but is it really > > required? and there is a problem with the attached diff that it > > "normalizes" the number, so a key 0123 would become 123. any other > > "fix" would require changes in the parser that is shared with many > > other tools and daemons in openbsd - it is probably just easier to use > > the quotes and to add a note in the manpage suggesting it. > > yes, i think it's just a manpage thing. Ambiguous stuff in the grammer > oftemn leads to confusion and/or disaster. >
Yes I expected some mention of it in the manpage. I notice the same behaviour with pf.conf also (labels, tags). Gr. FH > > -Otto > > > > > reyk > > > > Index: parse.y > > =================================================================== > > RCS file: /cvs/src/sbin/ipsecctl/parse.y,v > > retrieving revision 1.138 > > diff -u -p -r1.138 parse.y > > --- parse.y 1 Jul 2008 14:31:37 -0000 1.138 > > +++ parse.y 8 Sep 2008 10:51:00 -0000 > > @@ -275,7 +275,7 @@ typedef struct { > > %type <v.type> type > > %type <v.life> life > > %type <v.mode> phase1mode phase2mode > > -%type <v.string> tag > > +%type <v.string> tag numstr > > %% > > > > grammar : /* empty */ > > @@ -806,7 +806,7 @@ ikeauth : /* empty */ { > > $$.type = IKE_AUTH_RSA; > > $$.string = NULL; > > } > > - | PSK STRING { > > + | PSK numstr { > > $$.type = IKE_AUTH_PSK; > > if (($$.string = strdup($2)) == NULL) > > err(1, "ikeauth: strdup"); > > @@ -817,9 +817,20 @@ tag : /* empty */ > > { > > $$ = NULL; > > } > > - | TAG STRING > > + | TAG numstr > > { > > $$ = $2; > > + } > > + ; > > + > > +numstr : STRING > > + { > > + $$ = $1; > > + } > > + | NUMBER > > + { > > + if (asprintf(&$$, "%lld", $1) == -1) > > + err(1, "string: asprintf"); > > } > > ;