[Openswan dev] ipsec.conf processing: missing include files

D. Hugh Redelmeier hugh at mimosa.com
Tue Jul 8 13:26:50 EDT 2008

| From: Paul Wouters <paul at xelerance.com>

| That's fine, as long as processing does not eror with an exit for a missing
| includ file (which was the old behaviour that was fixed a few months ago)
| So, if with your change, we can still have: include /no/such/file.conf, and
| it will just get ignored, then I see no problem.

When should a failure to find an include file be fatal?  Is this
documented anywhere?

If it were my choice, I'd have two directives:

	includeany	extras*

would include any file that matches the name but would be willing to
not find any.


	include	stuff

which should complain if "stuff" does not exist.

I don't know what existing expectations are.  ipsec.conf(5) does not
seem to document this issue.

I think that I've changed the behavior.  In the case where I removed 
GLOB_NOMAGIC, the error used to be treated more seriously (and with an 
unclear message).  So if anything, the code has become more permissive.  I 
don't know if that is good.

More information about the Dev mailing list