[strongSwan-dev] [PATCH 4/4] ipsec pool --batch command

Heiko Hund hhund at astaro.com
Tue Mar 23 22:30:01 CET 2010

--batch mode has shown to be buggy in very obscure ways in the first real
life tests. For example a batch file

       --del pool1
       --replace pool2 --addresses file1

returned the error "/usr/libexec/ipsec/pool: unrecognized option '--lace'"
which was gone after moving the --del behind --replace. With the patch
from below applied everything works like a charm. From the info on the
man page it seem to be unrelated to this problem, though:

       A program that scans multiple  argument  vectors,  or
       rescans  the same vector more than once, and wants to
       make use of GNU extensions such as '+' and '-' at the
       start   of   optstring,   or  changes  the  value  of
       POSIXLY_CORRECT  between  scans,  must   reinitialize
       getopt()  by  resetting  optind to 0, rather than the
       traditional value of 1.  (Resetting to 0  forces  the
       invocation of an internal initialization routine that
       rechecks POSIXLY_CORRECT and checks  for  GNU  exten-
       sions in optstring.)

Signed-off-by: Heiko Hund <hhund at astaro.com>
diff --git a/src/libstrongswan/plugins/attr_sql/pool.c 
index e8a8ce6..9348c7b 100644
--- a/src/libstrongswan/plugins/attr_sql/pool.c
+++ b/src/libstrongswan/plugins/attr_sql/pool.c
@@ -1166,8 +1166,8 @@ static void do_args(int argc, char *argv[])
        } operation = OP_UNDEF;

-       /* set option index to first argument */
-       optind = 1;
+       /* reinit getopt state */
+       optind = 0;

        while (TRUE)

More information about the Dev mailing list