diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-10-16 20:37:16 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-10-16 20:37:16 +0200 |
| commit | 8ff7026b0e96234ea364a51f0174ecf49cf8bed3 (patch) | |
| tree | a95f7ffe52ff1fc339f04121a2cf817338b4dd78 | |
| parent | 118ebb9d65b44fb734aee3ebd31ecdaffd38c615 (diff) | |
| download | fastd-8ff7026b0e96234ea364a51f0174ecf49cf8bed3.tar fastd-8ff7026b0e96234ea364a51f0174ecf49cf8bed3.zip | |
Add `secure handshakes' option (without effect for now)
Not setting the option produces a warning (so not having it set is deprecated
now), so we can change the default from no to yes in a few release cycles.
| -rw-r--r-- | src/config.c | 3 | ||||
| -rw-r--r-- | src/config.y | 10 | ||||
| -rw-r--r-- | src/fastd.h | 2 | ||||
| -rw-r--r-- | src/lex.c | 2 |
4 files changed, 17 insertions, 0 deletions
diff --git a/src/config.c b/src/config.c index 1be93b0..62cfaef 100644 --- a/src/config.c +++ b/src/config.c @@ -645,6 +645,9 @@ void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char exit_error(ctx, "config error: setting pmtu is not supported on this system"); #endif + if (!conf->secure_handshakes_set) + pr_warn(ctx, "`secure handshakes' not set, please read the documentation about this option; defaulting to no"); + configure_user(ctx, conf); configure_method_parameters(ctx, conf); } diff --git a/src/config.y b/src/config.y index 95ceaa2..bb9884e 100644 --- a/src/config.y +++ b/src/config.y @@ -117,6 +117,8 @@ %token TOK_MAC %token TOK_ADDRESSES %token TOK_AUTO +%token TOK_SECURE +%token TOK_HANDSHAKES %token <addr4> TOK_ADDR4 %token <addr6> TOK_ADDR6 @@ -167,6 +169,7 @@ statement: peer_group_statement | TOK_USER user ';' | TOK_GROUP group ';' | TOK_DROP TOK_CAPABILITIES drop_capabilities ';' + | TOK_SECURE TOK_HANDSHAKES secure_handshakes ';' | TOK_LOG log ';' | TOK_HIDE hide ';' | TOK_INTERFACE interface ';' @@ -218,6 +221,13 @@ drop_capabilities_enabled: $$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF; } +secure_handshakes: + boolean { + conf->secure_handshakes_set = true; + conf->secure_handshakes = $1; + } + ; + log: TOK_LEVEL log_level { conf->log_stderr_level = $2; } diff --git a/src/fastd.h b/src/fastd.h index 17ae0fa..4c8dcae 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -198,6 +198,8 @@ struct fastd_config { bool forward; fastd_tristate_t pmtu; + bool secure_handshakes_set; + bool secure_handshakes; fastd_drop_caps_t drop_caps; @@ -69,6 +69,7 @@ static const keyword_t keywords[] = { { "forward", TOK_FORWARD }, { "from", TOK_FROM }, { "group", TOK_GROUP }, + { "handshakes", TOK_HANDSHAKES }, { "hide", TOK_HIDE }, { "include", TOK_INCLUDE }, { "info", TOK_INFO }, @@ -95,6 +96,7 @@ static const keyword_t keywords[] = { { "protocol", TOK_PROTOCOL }, { "remote", TOK_REMOTE }, { "secret", TOK_SECRET }, + { "secure", TOK_SECURE }, { "stderr", TOK_STDERR }, { "syslog", TOK_SYSLOG }, { "tap", TOK_TAP }, |