On Mon, 21 Mar 2022 at 10:40, Paul Wouters <[email protected]> wrote: > > > > > On Mar 21, 2022, at 13:46, Andrew Cagney <[email protected]> wrote: > > > > CHANGES: config: end keywords with no left/right prefix are applied to both > > ends > > I am not ready to commit us to this. We also did not discuss this. > I don’t think this is a good idea, eg: > > subnet=1.2.3.0/24 > > modecfgserver=yes
None of the semantic checks change (this is syntactic sugar). For instance, assuming this: leftmodecfgserver=yes rightmodecfgserver=yes is rejected then so to is: modecfgserver=yes (if leftsubnet=1.2.3.0/24 rightsubnet=1.2.3.0/24 isn't reasonable then, regardless of this change, it too should be rejected). There is a change we do need to consider. It turns out that every release up to and including 4.6 accepted: subnet=1.2.3.0/24 modecfgserver=yes protoport=tcp/22 it just didn't do what I think anyone would reasonably expect (this is why I split the changes, perhaps we should spin a release with code rejecting this, and then follow with a release with the new behaviour). In the past, when I brought this up, the only reason I was given for not doing this was that add addconn's parser was too broken. > These make no sense if they are set for both ends. > > It also makes auth/authby even more confusing than it already is. This change lets us make authby optionally left/right. Which means auth is obsolete. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
