Feature #560

Does ipsec.conf syntax really need to remain so finicky?

Added by c b almost 8 years ago. Updated over 7 years ago.

Target version:
Start date:
Due date:
Estimated time:


Periodically we have really strange issues which result because of a splattering of lines with just 1 space, throwing ipsec into a mass confusion if it comes after a commented connection section. Or if a comment within a section is not indented as the lines before of after.

It seems that continuing this strict formatting is not necessary these days. Can the logic be changed to just ignore whitespaces? Connection sections have to be clearly marked with a line of "conn", and it should probably just end at the next line with nothing but whitespace.

Whatever the rule.. it just seems like this archaic rule has no business remaining in the year 2014.

Associated revisions

Revision 63642192
Added by Tobias Brunner over 7 years ago

Merge branch 'ipsec.conf-parser'

Replaces the ipsec.conf parser in starter. The new parser is also based
on flex/bison but it simply returns key/value collections of all sections.
It already resolves also= and allows overriding options in all included
sections (not only %default), options set in included section can also
be cleared again (key=). It provides other improvements too, like quoted
strings (with escape sequences), unlimited includes and better
whitespace/comment handling.

Fixes #423.
Fixes #560.


#1 Updated by Tobias Brunner almost 8 years ago

  • Status changed from New to Feedback
  • Assignee set to Tobias Brunner
  • Target version set to 5.2.0

To answer the question in the subject: No it does not. In fact, an updated parser has already been written and is intended to be released with 5.2.0.

#2 Updated by c b almost 8 years ago


#3 Updated by Tobias Brunner over 7 years ago

  • Category set to starter
  • Status changed from Feedback to Closed
  • Resolution set to Fixed

Fixed with the associated merge.

Also available in: Atom PDF