On 3/19/14 6:22 AM, Zé Loff wrote: > As far as I can tell, if a commented line on ipsec.conf ends with "\" > then the following line will also be considered a comment (if the next > line also ends with "\" the commenting is propagated). For example > > #ike esp from A.A.A.A to C.C.C.C \ > ike esp from A.A.A.A to B.B.B.B \ > srcid foo.example.com dstid bar.example.com > > is treated as a commented block, instead of setting up a tunnel from > A.A.A.A to B.B.B.B. I find this a bit surprising... > > What should be fixed: the parser, ipsec.conf.5 or my expectations? > > All the best > Zé >
In my totally-not-in-depth analysis (I don't have much time before I need to run to class), it seems to be because lgetc (src/sbin/pfctl/parse.y line 5556) pastes \\\n together, which happens before "lines" are evaluated for comments in yylex on line 5655, which calls the not-comment-aware lgetc which just blindly joins lines ending with \ making it appear to the comment-evaluating code that the whole thing is indeed one line that begins with a comment. I'm not sure if that's the desired behavior. fparseln(3) behaves in the way you probably expected, so I'm inclined to say that it isn't.
