--batch mode has shown to be buggy in very obscure ways in the first real
life tests. For example a batch file
--del pool1
--replace pool2 --addresses file1
returned the error "/usr/libexec/ipsec/pool: unrecognized option '--lace'"
which was gone after moving the --del behind --replace. With the patch
from below applied everything works like a charm. From the info on the
man page it seem to be unrelated to this problem, though:
A program that scans multiple argument vectors, or
rescans the same vector more than once, and wants to
make use of GNU extensions such as '+' and '-' at the
start of optstring, or changes the value of
POSIXLY_CORRECT between scans, must reinitialize
getopt() by resetting optind to 0, rather than the
traditional value of 1. (Resetting to 0 forces the
invocation of an internal initialization routine that
rechecks POSIXLY_CORRECT and checks for GNU exten-
sions in optstring.)
Signed-off-by: Heiko Hund <hhund@astaro.com>
The default behaviour for ld allows users to 'indirectly' link to required
objects/libraries through intermediate objects/libraries. While this is
convenient, it can also be dangerous because it makes your program's
dependencies tied to the dependencies of other objects.
Beginning with Fedora 13 this will be changed and you need to explicitly
link all dependent libraries.
More details can be found here:
http://fedoraproject.org/wiki/UnderstandingDSOLinkChange
This patch fixes all such cases in strongSwan.
Introduce the --batch command which reads several ipsec pool commands
and their arguments from a file or STDIN. Useful if you need to run
serveral commands atomically from a configuration daemon or likewise.
Signed-off-by: Heiko Hund <hhund@astaro.com>
Fix the error return status of the ipsec pool command. Also make --del for
attributes succeed if no --server option was given.
Signed-off-by: Heiko Hund <hhund@astaro.com>
Introduce the pool --replace command as an alternative to --add. Also change
the current behavior of allowing duplicate pool names so that, --add with
an existing name fails and --replace removes the existing pool before
adding the new one.
Signed-off-by: Heiko Hund <hhund@astaro.com>
Introduce the --addresses option for --add that can be used to add a pool
containing non-contiguous addresses. Additionally it allows to preclaim
certain addresses for certain roadwarrior IDs. See the second chunk of
the patch for a more detailed description.
Signed-off-by: Heiko Hund <hhund@astaro.com>
The main reason for this change is that Android's libcrypto does not
include the get_rfcX_prime_Y functions by default. Therefore we would
have had to replicate the primes a third time.
Tobias Brunner