fastd/fastd
1
0
Fork 0
mirror of https://github.com/neocturne/fastd.git synced 2025-05-15 04:35:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add `secure handshakes' option (without effect for now)

Browse source 
Not setting the option produces a warning (so not having it set is deprecated
now), so we can change the default from no to yes in a few release cycles.
This commit is contained in:
Matthias Schiffer 2013-10-16 20:37:16 +02:00
parent 118ebb9d65
commit 8ff7026b0e
4 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/config.c
View file

@ -645,6 +645,9 @@ void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char
exit_error(ctx, "config error: setting pmtu is not supported on this system"); exit_error(ctx, "config error: setting pmtu is not supported on this system");
#endif #endif
if (!conf->secure_handshakes_set)
pr_warn(ctx, "`secure handshakes' not set, please read the documentation about this option; defaulting to no");
configure_user(ctx, conf); configure_user(ctx, conf);
configure_method_parameters(ctx, conf); configure_method_parameters(ctx, conf);
} }

10
src/config.y
View file

@ -117,6 +117,8 @@
%token TOK_MAC %token TOK_MAC
%token TOK_ADDRESSES %token TOK_ADDRESSES
%token TOK_AUTO %token TOK_AUTO
%token TOK_SECURE
%token TOK_HANDSHAKES
%token <addr4> TOK_ADDR4 %token <addr4> TOK_ADDR4
%token <addr6> TOK_ADDR6 %token <addr6> TOK_ADDR6
@ -167,6 +169,7 @@ statement: peer_group_statement
| TOK_USER user ';' | TOK_USER user ';'
| TOK_GROUP group ';' | TOK_GROUP group ';'
| TOK_DROP TOK_CAPABILITIES drop_capabilities ';' | TOK_DROP TOK_CAPABILITIES drop_capabilities ';'
| TOK_SECURE TOK_HANDSHAKES secure_handshakes ';'
| TOK_LOG log ';' | TOK_LOG log ';'
| TOK_HIDE hide ';' | TOK_HIDE hide ';'
| TOK_INTERFACE interface ';' | TOK_INTERFACE interface ';'
@ -218,6 +221,13 @@ drop_capabilities_enabled:
$$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF; $$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF;
} }
secure_handshakes:
boolean {
conf->secure_handshakes_set = true;
conf->secure_handshakes = $1;
}
;
log: TOK_LEVEL log_level { log: TOK_LEVEL log_level {
conf->log_stderr_level = $2; conf->log_stderr_level = $2;
} }

2
src/fastd.h
View file

@ -198,6 +198,8 @@ struct fastd_config {
bool forward; bool forward;
fastd_tristate_t pmtu; fastd_tristate_t pmtu;
bool secure_handshakes_set;
bool secure_handshakes;
fastd_drop_caps_t drop_caps; fastd_drop_caps_t drop_caps;

2
src/lex.c
View file

@ -69,6 +69,7 @@ static const keyword_t keywords[] = {
{ "forward", TOK_FORWARD }, { "forward", TOK_FORWARD },
{ "from", TOK_FROM }, { "from", TOK_FROM },
{ "group", TOK_GROUP }, { "group", TOK_GROUP },
{ "handshakes", TOK_HANDSHAKES },
{ "hide", TOK_HIDE }, { "hide", TOK_HIDE },
{ "include", TOK_INCLUDE }, { "include", TOK_INCLUDE },
{ "info", TOK_INFO }, { "info", TOK_INFO },
@ -95,6 +96,7 @@ static const keyword_t keywords[] = {
{ "protocol", TOK_PROTOCOL }, { "protocol", TOK_PROTOCOL },
{ "remote", TOK_REMOTE }, { "remote", TOK_REMOTE },
{ "secret", TOK_SECRET }, { "secret", TOK_SECRET },
{ "secure", TOK_SECURE },
{ "stderr", TOK_STDERR }, { "stderr", TOK_STDERR },
{ "syslog", TOK_SYSLOG }, { "syslog", TOK_SYSLOG },
{ "tap", TOK_TAP }, { "tap", TOK_TAP },