[strongSwan] glob/wildcard in include statement
Joe Crayne
oh.hello.joe at gmail.com
Sat Nov 23 03:46:02 CET 2013
On Sun, Feb 17, 2008 at 06:13:41PM +0200, Ivan Mitev wrote:
> Hi,
>
> Sorry for overwhelming the list with yet another topic...
>
> When using wildcards (glob) in an include statement, strongswan won't
> start if there's more than MAX_INCLUDE_DEPTH files found.
>
> Eg. - ipsec.conf
> <--
> include /etc/yo*
> -->
>
> in /etc:
> - yo01
> - yo02
> - ...
> - yoXX (with XX > MAX_INCLUDE_DEPTH, in our case 20)
>
> $ ipsec start
> Starting ipsec: Starting strongSwan 4.1.11 IPsec [starter]...
> /etc/yo19:1: max inclusion depth reached []
> unable to start strongSwan -- fatal errors in config
>
>
> A quick fix is to increase MAX_INCLUDE_DEPTH, but entering a file found
> by glob() shouldn't be considered as entering a nested include.
>
> Andreas, I see that the last (old!) CVS changes to parser.l are from
> you, dealing with the wildcard support. Is the problem described above a
> known limitation ?
>
> (I didn't manage to find a way to fix the parser - I tried to decrease
> __parser_y_private.stack_ptr at some places that looked appropriate, but
> that always resulted in a mess).
>
>
> Ivan
>
I've posted a patch to correct this issue at http://wiki.strongswan.org/issues/423
Joe
More information about the Users
mailing list