124 lines
8.7 KiB
Diff
124 lines
8.7 KiB
Diff
diff -Naur libreswan-4.2-orig/lib/libipsecconf/keywords.c libreswan-4.2/lib/libipsecconf/keywords.c
|
|
--- libreswan-4.2-orig/lib/libipsecconf/keywords.c 2021-02-02 20:36:01.000000000 -0500
|
|
+++ libreswan-4.2/lib/libipsecconf/keywords.c 2021-02-04 19:22:05.880228930 -0500
|
|
@@ -374,6 +374,8 @@
|
|
{ "interfaces", kv_config, kt_string, KSF_INTERFACES, NULL, NULL, },
|
|
{ "curl-iface", kv_config, kt_string, KSF_CURLIFACE, NULL, NULL, },
|
|
{ "curl-timeout", kv_config, kt_time, KBF_CURLTIMEOUT, NULL, NULL, },
|
|
+ { "curl_iface", kv_config | kv_alias, kt_string, KSF_CURLIFACE, NULL, NULL, }, /* obsolete _ */
|
|
+ { "curl_timeout", kv_config | kv_alias, kt_time, KBF_CURLTIMEOUT, NULL, NULL, }, /* obsolete _ */
|
|
|
|
{ "myvendorid", kv_config, kt_string, KSF_MYVENDORID, NULL, NULL, },
|
|
{ "syslog", kv_config, kt_string, KSF_SYSLOG, NULL, NULL, },
|
|
@@ -381,6 +383,7 @@
|
|
{ "logfile", kv_config, kt_filename, KSF_LOGFILE, NULL, NULL, },
|
|
{ "plutostderrlog", kv_config, kt_filename, KSF_LOGFILE, NULL, NULL, }, /* obsolete name, but very common :/ */
|
|
{ "logtime", kv_config, kt_bool, KBF_LOGTIME, NULL, NULL, },
|
|
+ { "plutostderrlogtime", kv_config | kv_alias, kt_bool, KBF_LOGTIME, NULL, NULL, }, /* obsolete */
|
|
{ "logappend", kv_config, kt_bool, KBF_LOGAPPEND, NULL, NULL, },
|
|
{ "logip", kv_config, kt_bool, KBF_LOGIP, NULL, NULL, },
|
|
{ "audit-log", kv_config, kt_bool, KBF_AUDIT_LOG, NULL, NULL, },
|
|
@@ -400,13 +403,20 @@
|
|
{ "global-redirect-to", kv_config, kt_string, KSF_GLOBAL_REDIRECT_TO, NULL, NULL, },
|
|
|
|
{ "crl-strict", kv_config, kt_bool, KBF_CRL_STRICT, NULL, NULL, },
|
|
+ { "crl_strict", kv_config | kv_alias, kt_bool, KBF_CRL_STRICT, NULL, NULL, }, /* obsolete _ */
|
|
{ "crlcheckinterval", kv_config, kt_time, KBF_CRL_CHECKINTERVAL, NULL, NULL, },
|
|
+ { "strictcrlpolicy", kv_config | kv_alias, kt_bool, KBF_CRL_STRICT, NULL, NULL, }, /* obsolete; used on openswan */
|
|
|
|
{ "ocsp-strict", kv_config, kt_bool, KBF_OCSP_STRICT, NULL, NULL, },
|
|
+ { "ocsp_strict", kv_config | kv_alias, kt_bool, KBF_OCSP_STRICT, NULL, NULL, }, /* obsolete _ */
|
|
{ "ocsp-enable", kv_config, kt_bool, KBF_OCSP_ENABLE, NULL, NULL, },
|
|
+ { "ocsp_enable", kv_config | kv_alias, kt_bool, KBF_OCSP_ENABLE, NULL, NULL, }, /* obsolete _ */
|
|
{ "ocsp-uri", kv_config, kt_string, KSF_OCSP_URI, NULL, NULL, },
|
|
+ { "ocsp_uri", kv_config | kv_alias, kt_string, KSF_OCSP_URI, NULL, NULL, }, /* obsolete _ */
|
|
{ "ocsp-timeout", kv_config, kt_number, KBF_OCSP_TIMEOUT, NULL, NULL, },
|
|
+ { "ocsp_timeout", kv_config | kv_alias, kt_number, KBF_OCSP_TIMEOUT, NULL, NULL, }, /* obsolete _ */
|
|
{ "ocsp-trustname", kv_config, kt_string, KSF_OCSP_TRUSTNAME, NULL, NULL, },
|
|
+ { "ocsp_trust_name", kv_config | kv_alias, kt_string, KSF_OCSP_TRUSTNAME, NULL, NULL, }, /* obsolete _ */
|
|
{ "ocsp-cache-size", kv_config, kt_number, KBF_OCSP_CACHE_SIZE, NULL, NULL, },
|
|
{ "ocsp-cache-min-age", kv_config, kt_time, KBF_OCSP_CACHE_MIN, NULL, NULL, },
|
|
{ "ocsp-cache-max-age", kv_config, kt_time, KBF_OCSP_CACHE_MAX, NULL, NULL, },
|
|
@@ -426,6 +436,7 @@
|
|
{ "virtual_private", kv_config, kt_string, KSF_VIRTUALPRIVATE, NULL, NULL, }, /* obsolete variant, very common */
|
|
{ "seedbits", kv_config, kt_number, KBF_SEEDBITS, NULL, NULL, },
|
|
{ "keep-alive", kv_config, kt_number, KBF_KEEPALIVE, NULL, NULL, },
|
|
+ { "keep_alive", kv_config | kv_alias, kt_number, KBF_KEEPALIVE, NULL, NULL, }, /* obsolete _ */
|
|
|
|
{ "listen-tcp", kv_config, kt_bool, KBF_LISTEN_TCP, NULL, NULL },
|
|
{ "listen-udp", kv_config, kt_bool, KBF_LISTEN_UDP, NULL, NULL },
|
|
@@ -437,6 +448,8 @@
|
|
#ifdef HAVE_LABELED_IPSEC
|
|
{ "ikev1-secctx-attr-type", kv_config, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete: not a value, a type */
|
|
{ "secctx-attr-type", kv_config | kv_alias, kt_number, KBF_SECCTX, NULL, NULL, },
|
|
+ { "secctx_attr_value", kv_config | kv_alias, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete _ */
|
|
+ { "secctx-attr-value", kv_config, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete: not a value, a type */
|
|
#endif
|
|
|
|
/* these options are obsoleted (and not old aliases) */
|
|
@@ -467,6 +480,7 @@
|
|
{ "username", kv_conn | kv_leftright, kt_string, KSCF_USERNAME, NULL, NULL, },
|
|
/* xauthusername is still used in NetworkManager-libreswan :/ */
|
|
{ "xauthusername", kv_conn | kv_leftright, kt_string, KSCF_USERNAME, NULL, NULL, }, /* old alias */
|
|
+ { "xauthname", kv_conn | kv_leftright, kt_string, KSCF_USERNAME, NULL, NULL, }, /* old alias */
|
|
{ "addresspool", kv_conn | kv_leftright, kt_range, KSCF_ADDRESSPOOL, NULL, NULL, },
|
|
{ "auth", kv_conn | kv_leftright, kt_enum, KNCF_AUTH, &kw_authby_lr_list, NULL, },
|
|
{ "cat", kv_conn | kv_leftright, kt_bool, KNCF_CAT, NULL, NULL, },
|
|
@@ -489,6 +503,8 @@
|
|
{ "esn", kv_conn | kv_processed, kt_enum, KNCF_ESN, &kw_esn_list, NULL, },
|
|
{ "decap-dscp", kv_conn | kv_processed, kt_bool, KNCF_DECAP_DSCP, NULL, NULL, },
|
|
{ "nopmtudisc", kv_conn | kv_processed, kt_bool, KNCF_NOPMTUDISC, NULL, NULL, },
|
|
+ { "ike_frag", kv_conn | kv_processed | kv_alias, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, }, /* obsolete _ */
|
|
+ { "ike-frag", kv_conn | kv_processed | kv_alias, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, }, /* obsolete name */
|
|
{ "fragmentation", kv_conn | kv_processed, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, },
|
|
{ "mobike", kv_conn, kt_bool, KNCF_MOBIKE, NULL, NULL, },
|
|
{ "narrowing", kv_conn, kt_bool, KNCF_IKEv2_ALLOW_NARROWING, NULL, NULL, },
|
|
@@ -499,13 +515,18 @@
|
|
{ "accept-redirect-to", kv_conn, kt_string, KSCF_ACCEPT_REDIRECT_TO, NULL, NULL, },
|
|
{ "pfs", kv_conn, kt_bool, KNCF_PFS, NULL, NULL, },
|
|
|
|
+ { "nat_keepalive", kv_conn | kv_alias, kt_bool, KNCF_NAT_KEEPALIVE, NULL, NULL, }, /* obsolete _ */
|
|
{ "nat-keepalive", kv_conn, kt_bool, KNCF_NAT_KEEPALIVE, NULL, NULL, },
|
|
|
|
+ { "initial_contact", kv_conn | kv_alias, kt_bool, KNCF_INITIAL_CONTACT, NULL, NULL, }, /* obsolete _ */
|
|
{ "initial-contact", kv_conn, kt_bool, KNCF_INITIAL_CONTACT, NULL, NULL, },
|
|
+ { "cisco_unity", kv_conn | kv_alias, kt_bool, KNCF_CISCO_UNITY, NULL, NULL, }, /* obsolete _ */
|
|
{ "cisco-unity", kv_conn, kt_bool, KNCF_CISCO_UNITY, NULL, NULL, },
|
|
{ "send-no-esp-tfc", kv_conn, kt_bool, KNCF_NO_ESP_TFC, NULL, NULL, },
|
|
{ "fake-strongswan", kv_conn, kt_bool, KNCF_VID_STRONGSWAN, NULL, NULL, },
|
|
+ { "send_vendorid", kv_conn | kv_alias, kt_bool, KNCF_SEND_VENDORID, NULL, NULL, }, /* obsolete _ */
|
|
{ "send-vendorid", kv_conn, kt_bool, KNCF_SEND_VENDORID, NULL, NULL, },
|
|
+ { "sha2_truncbug", kv_conn | kv_alias, kt_bool, KNCF_SHA2_TRUNCBUG, NULL, NULL, }, /* obsolete _ */
|
|
{ "sha2-truncbug", kv_conn, kt_bool, KNCF_SHA2_TRUNCBUG, NULL, NULL, },
|
|
{ "ms-dh-downgrade", kv_conn, kt_bool, KNCF_MSDH_DOWNGRADE, NULL, NULL, },
|
|
{ "require-id-on-certificate", kv_conn, kt_bool, KNCF_SAN_ON_CERT, NULL, NULL, },
|
|
@@ -520,7 +541,10 @@
|
|
{"ikepad", kv_conn, kt_bool, KNCF_IKEPAD, NULL, NULL, },
|
|
{ "nat-ikev1-method", kv_conn | kv_processed, kt_enum, KNCF_IKEV1_NATT, &kw_ikev1natt_list, NULL, },
|
|
|
|
+ { "labeled_ipsec", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */
|
|
+ { "labeled-ipsec", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */
|
|
{ "policy-label", kv_conn, kt_string, KSCF_SA_SEC_LABEL, NULL, NULL, }, /* obsolete variant */
|
|
+ { "policy_label", kv_conn, kt_string, KSCF_SA_SEC_LABEL, NULL, NULL, }, /* obsolete variant */
|
|
{ "sec-label", kv_conn, kt_string, KSCF_SA_SEC_LABEL, NULL, NULL, }, /* really stored into struct end */
|
|
|
|
/* Cisco interop: remote peer type */
|
|
@@ -531,13 +555,17 @@
|
|
/* Network Manager support */
|
|
#ifdef HAVE_NM
|
|
{ "nm-configured", kv_conn, kt_bool, KNCF_NMCONFIGURED, NULL, NULL, },
|
|
+ { "nm_configured", kv_conn, kt_bool, KNCF_NMCONFIGURED, NULL, NULL, }, /* obsolete _ */
|
|
#endif
|
|
|
|
{ "xauthby", kv_conn, kt_enum, KNCF_XAUTHBY, &kw_xauthby, NULL, },
|
|
{ "xauthfail", kv_conn, kt_enum, KNCF_XAUTHFAIL, &kw_xauthfail, NULL, },
|
|
{ "modecfgpull", kv_conn, kt_invertbool, KNCF_MODECONFIGPULL, NULL, NULL, },
|
|
{ "modecfgdns", kv_conn, kt_string, KSCF_MODECFGDNS, NULL, NULL, },
|
|
+ { "modecfgdns1", kv_conn | kv_alias, kt_string, KSCF_MODECFGDNS, NULL, NULL, }, /* obsolete */
|
|
+ { "modecfgdns2", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */
|
|
{ "modecfgdomains", kv_conn, kt_string, KSCF_MODECFGDOMAINS, NULL, NULL, },
|
|
+ { "modecfgdomain", kv_conn | kv_alias, kt_string, KSCF_MODECFGDOMAINS, NULL, NULL, }, /* obsolete */
|
|
{ "modecfgbanner", kv_conn, kt_string, KSCF_MODECFGBANNER, NULL, NULL, },
|
|
{ "ignore-peer-dns", kv_conn, kt_bool, KNCF_IGNORE_PEER_DNS, NULL, NULL, },
|
|
{ "mark", kv_conn, kt_string, KSCF_CONN_MARK_BOTH, NULL, NULL, },
|