From 8ff7026b0e96234ea364a51f0174ecf49cf8bed3 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 16 Oct 2013 20:37:16 +0200
Subject: Add `secure handshakes' option (without effect for now)

Not setting the option produces a warning (so not having it set is deprecated
now), so we can change the default from no to yes in a few release cycles.
---
 src/config.c |  3 +++
 src/config.y | 10 ++++++++++
 src/fastd.h  |  2 ++
 src/lex.c    |  2 ++
 4 files changed, 17 insertions(+)

diff --git a/src/config.c b/src/config.c
index 1be93b0..62cfaef 100644
--- a/src/config.c
+++ b/src/config.c
@@ -645,6 +645,9 @@ void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char
 		exit_error(ctx, "config error: setting pmtu is not supported on this system");
 #endif
 
+	if (!conf->secure_handshakes_set)
+		pr_warn(ctx, "`secure handshakes' not set, please read the documentation about this option; defaulting to no");
+
 	configure_user(ctx, conf);
 	configure_method_parameters(ctx, conf);
 }
diff --git a/src/config.y b/src/config.y
index 95ceaa2..bb9884e 100644
--- a/src/config.y
+++ b/src/config.y
@@ -117,6 +117,8 @@
 %token TOK_MAC
 %token TOK_ADDRESSES
 %token TOK_AUTO
+%token TOK_SECURE
+%token TOK_HANDSHAKES
 
 %token <addr4> TOK_ADDR4
 %token <addr6> TOK_ADDR6
@@ -167,6 +169,7 @@ statement:	peer_group_statement
 	|	TOK_USER user ';'
 	|	TOK_GROUP group ';'
 	|	TOK_DROP TOK_CAPABILITIES drop_capabilities ';'
+	|	TOK_SECURE TOK_HANDSHAKES secure_handshakes ';'
 	|	TOK_LOG log ';'
 	|	TOK_HIDE hide ';'
 	|	TOK_INTERFACE interface ';'
@@ -218,6 +221,13 @@ drop_capabilities_enabled:
 			$$ = $1 ? DROP_CAPS_ON : DROP_CAPS_OFF;
 		}
 
+secure_handshakes:
+		boolean {
+			conf->secure_handshakes_set = true;
+			conf->secure_handshakes = $1;
+		}
+	;
+
 log:		TOK_LEVEL log_level {
 			conf->log_stderr_level = $2;
 		}
diff --git a/src/fastd.h b/src/fastd.h
index 17ae0fa..4c8dcae 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -198,6 +198,8 @@ struct fastd_config {
 
 	bool forward;
 	fastd_tristate_t pmtu;
+	bool secure_handshakes_set;
+	bool secure_handshakes;
 
 	fastd_drop_caps_t drop_caps;
 
diff --git a/src/lex.c b/src/lex.c
index b8f6496..8a2109d 100644
--- a/src/lex.c
+++ b/src/lex.c
@@ -69,6 +69,7 @@ static const keyword_t keywords[] = {
 	{ "forward", TOK_FORWARD },
 	{ "from", TOK_FROM },
 	{ "group", TOK_GROUP },
+	{ "handshakes", TOK_HANDSHAKES },
 	{ "hide", TOK_HIDE },
 	{ "include", TOK_INCLUDE },
 	{ "info", TOK_INFO },
@@ -95,6 +96,7 @@ static const keyword_t keywords[] = {
 	{ "protocol", TOK_PROTOCOL },
 	{ "remote", TOK_REMOTE },
 	{ "secret", TOK_SECRET },
+	{ "secure", TOK_SECURE },
 	{ "stderr", TOK_STDERR },
 	{ "syslog", TOK_SYSLOG },
 	{ "tap", TOK_TAP },
-- 
cgit v1.2.3