diff options
-rw-r--r-- | src/config.c | 3 | ||||
-rw-r--r-- | src/config.y | 10 | ||||
-rw-r--r-- | src/fastd.h | 2 | ||||
-rw-r--r-- | src/lex.c | 2 |
4 files changed, 17 insertions, 0 deletions
diff --git a/src/config.c b/src/config.c index 1be93b0..62cfaef 100644 --- a/src/config.c +++ b/src/config.c @@ -645,6 +645,9 @@ void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char exit_error(ctx, "config error: setting pmtu is not supported on this system"); #endif + if (!conf->secure_handshakes_set) + pr_warn(ctx, "`secure handshakes' not set, please read the documentation about this option; defaulting to no"); + configure_user(ctx, conf); configure_method_parameters(ctx, conf); } diff --git a/src/config.y b/src/config.y index 95ceaa2..bb9884e 100644 --- a/src/config.y +++ b/src/config.y @@ -117,6 +117,8 @@ %token TOK_MAC %token TOK_ADDRESSES %token TOK_AUTO +%token TOK_SECURE +%token TOK_HANDSHAKES %token <addr4> TOK_ADDR4 %token <addr6> TOK_ADDR6 @@ -167,6 +169,7 @@ statement: peer_group_statement | TOK_USER user ';' | TOK_GROUP group ';' | TOK_DROP TOK_CAPABILITIES drop_capabilities ';' + | TOK_SECURE TOK_HANDSHAKES secure_handshakes ';' | TOK_LOG log ';' | TOK_HIDE hide ';' | TOK_INTERFACE interface ';' @@ -218,6 +221,13 @@ drop_capabilities_enabled: $$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF; } +secure_handshakes: + boolean { + conf->secure_handshakes_set = true; + conf->secure_handshakes = $1; + } + ; + log: TOK_LEVEL log_level { conf->log_stderr_level = $2; } diff --git a/src/fastd.h b/src/fastd.h index 17ae0fa..4c8dcae 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -198,6 +198,8 @@ struct fastd_config { bool forward; fastd_tristate_t pmtu; + bool secure_handshakes_set; + bool secure_handshakes; fastd_drop_caps_t drop_caps; @@ -69,6 +69,7 @@ static const keyword_t keywords[] = { { "forward", TOK_FORWARD }, { "from", TOK_FROM }, { "group", TOK_GROUP }, + { "handshakes", TOK_HANDSHAKES }, { "hide", TOK_HIDE }, { "include", TOK_INCLUDE }, { "info", TOK_INFO }, @@ -95,6 +96,7 @@ static const keyword_t keywords[] = { { "protocol", TOK_PROTOCOL }, { "remote", TOK_REMOTE }, { "secret", TOK_SECRET }, + { "secure", TOK_SECURE }, { "stderr", TOK_STDERR }, { "syslog", TOK_SYSLOG }, { "tap", TOK_TAP }, |