Annotation of embedaddon/ipsec-tools/src/setkey/parse.c, revision 1.1.1.1
1.1 misho 1:
2: /* A Bison parser, made by GNU Bison 2.4.1. */
3:
4: /* Skeleton implementation for Bison's Yacc-like parsers in C
5:
6: Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
7: Free Software Foundation, Inc.
8:
9: This program is free software: you can redistribute it and/or modify
10: it under the terms of the GNU General Public License as published by
11: the Free Software Foundation, either version 3 of the License, or
12: (at your option) any later version.
13:
14: This program is distributed in the hope that it will be useful,
15: but WITHOUT ANY WARRANTY; without even the implied warranty of
16: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17: GNU General Public License for more details.
18:
19: You should have received a copy of the GNU General Public License
20: along with this program. If not, see <http://www.gnu.org/licenses/>. */
21:
22: /* As a special exception, you may create a larger work that contains
23: part or all of the Bison parser skeleton and distribute that work
24: under terms of your choice, so long as that work isn't itself a
25: parser generator using the skeleton or a modified version thereof
26: as a parser skeleton. Alternatively, if you modify or redistribute
27: the parser skeleton itself, you may (at your option) remove this
28: special exception, which will cause the skeleton and the resulting
29: Bison output files to be licensed under the GNU General Public
30: License without this special exception.
31:
32: This special exception was added by the Free Software Foundation in
33: version 2.2 of Bison. */
34:
35: /* C LALR(1) parser skeleton written by Richard Stallman, by
36: simplifying the original so-called "semantic" parser. */
37:
38: /* All symbols defined below should begin with yy or YY, to avoid
39: infringing on user name space. This should be done even for local
40: variables, as they might otherwise be expanded by user macros.
41: There are some unavoidable exceptions within include files to
42: define necessary library symbols; they are noted "INFRINGES ON
43: USER NAME SPACE" below. */
44:
45: /* Identify Bison output. */
46: #define YYBISON 1
47:
48: /* Bison version. */
49: #define YYBISON_VERSION "2.4.1"
50:
51: /* Skeleton name. */
52: #define YYSKELETON_NAME "yacc.c"
53:
54: /* Pure parsers. */
55: #define YYPURE 0
56:
57: /* Push parsers. */
58: #define YYPUSH 0
59:
60: /* Pull parsers. */
61: #define YYPULL 1
62:
63: /* Using locations. */
64: #define YYLSP_NEEDED 0
65:
66:
67:
68: /* Copy the first part of user declarations. */
69:
70: /* Line 189 of yacc.c */
71: #line 34 "parse.y"
72:
73: #ifdef HAVE_CONFIG_H
74: #include "config.h"
75: #endif
76:
77: #include <sys/types.h>
78: #include <sys/param.h>
79: #include <sys/socket.h>
80:
81: #include <netinet/in.h>
82: #include <net/pfkeyv2.h>
83: #include PATH_IPSEC_H
84: #include <arpa/inet.h>
85:
86: #include <string.h>
87: #include <unistd.h>
88: #include <stdio.h>
89: #include <netdb.h>
90: #include <ctype.h>
91: #include <errno.h>
92: #include <stdlib.h>
93:
94: #include "libpfkey.h"
95: #include "vchar.h"
96: #include "extern.h"
97:
98: #define DEFAULT_NATT_PORT 4500
99:
100: #ifndef UDP_ENCAP_ESPINUDP
101: #define UDP_ENCAP_ESPINUDP 2
102: #endif
103:
104: #define ATOX(c) \
105: (isdigit((int)c) ? (c - '0') : \
106: (isupper((int)c) ? (c - 'A' + 10) : (c - 'a' + 10)))
107:
108: u_int32_t p_spi;
109: u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
110: u_int32_t p_reqid;
111: u_int p_key_enc_len, p_key_auth_len;
112: const char *p_key_enc;
113: const char *p_key_auth;
114: time_t p_lt_hard, p_lt_soft;
115: size_t p_lb_hard, p_lb_soft;
116:
117: struct security_ctx {
118: u_int8_t doi;
119: u_int8_t alg;
120: u_int16_t len;
121: char *buf;
122: };
123:
124: struct security_ctx sec_ctx;
125:
126: static u_int p_natt_type;
127: static struct addrinfo * p_natt_oa = NULL;
128:
129: static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
130:
131: static struct addrinfo *parse_addr __P((char *, char *));
132: static int fix_portstr __P((int, vchar_t *, vchar_t *, vchar_t *));
133: static int setvarbuf __P((char *, int *, struct sadb_ext *, int,
134: const void *, int));
135: void parse_init __P((void));
136: void free_buffer __P((void));
137:
138: int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
139: static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
140: struct addrinfo *, int, struct addrinfo *, int));
141: static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
142: static int setkeymsg_addr __P((unsigned int, unsigned int,
143: struct addrinfo *, struct addrinfo *, int));
144: static int setkeymsg_add __P((unsigned int, unsigned int,
145: struct addrinfo *, struct addrinfo *));
146:
147:
148: /* Line 189 of yacc.c */
149: #line 150 "parse.c"
150:
151: /* Enabling traces. */
152: #ifndef YYDEBUG
153: # define YYDEBUG 0
154: #endif
155:
156: /* Enabling verbose error messages. */
157: #ifdef YYERROR_VERBOSE
158: # undef YYERROR_VERBOSE
159: # define YYERROR_VERBOSE 1
160: #else
161: # define YYERROR_VERBOSE 0
162: #endif
163:
164: /* Enabling the token table. */
165: #ifndef YYTOKEN_TABLE
166: # define YYTOKEN_TABLE 0
167: #endif
168:
169:
170: /* Tokens. */
171: #ifndef YYTOKENTYPE
172: # define YYTOKENTYPE
173: /* Put the tokens into the symbol table, so that GDB and other debuggers
174: know about them. */
175: enum yytokentype {
176: EOT = 258,
177: SLASH = 259,
178: BLCL = 260,
179: ELCL = 261,
180: ADD = 262,
181: GET = 263,
182: DELETE = 264,
183: DELETEALL = 265,
184: FLUSH = 266,
185: DUMP = 267,
186: EXIT = 268,
187: PR_ESP = 269,
188: PR_AH = 270,
189: PR_IPCOMP = 271,
190: PR_ESPUDP = 272,
191: PR_TCP = 273,
192: F_PROTOCOL = 274,
193: F_AUTH = 275,
194: F_ENC = 276,
195: F_REPLAY = 277,
196: F_COMP = 278,
197: F_RAWCPI = 279,
198: F_MODE = 280,
199: MODE = 281,
200: F_REQID = 282,
201: F_EXT = 283,
202: EXTENSION = 284,
203: NOCYCLICSEQ = 285,
204: ALG_AUTH = 286,
205: ALG_AUTH_NOKEY = 287,
206: ALG_ENC = 288,
207: ALG_ENC_NOKEY = 289,
208: ALG_ENC_DESDERIV = 290,
209: ALG_ENC_DES32IV = 291,
210: ALG_ENC_OLD = 292,
211: ALG_COMP = 293,
212: F_LIFETIME_HARD = 294,
213: F_LIFETIME_SOFT = 295,
214: F_LIFEBYTE_HARD = 296,
215: F_LIFEBYTE_SOFT = 297,
216: DECSTRING = 298,
217: QUOTEDSTRING = 299,
218: HEXSTRING = 300,
219: STRING = 301,
220: ANY = 302,
221: SPDADD = 303,
222: SPDUPDATE = 304,
223: SPDDELETE = 305,
224: SPDDUMP = 306,
225: SPDFLUSH = 307,
226: F_POLICY = 308,
227: PL_REQUESTS = 309,
228: F_AIFLAGS = 310,
229: TAGGED = 311,
230: SECURITY_CTX = 312
231: };
232: #endif
233: /* Tokens. */
234: #define EOT 258
235: #define SLASH 259
236: #define BLCL 260
237: #define ELCL 261
238: #define ADD 262
239: #define GET 263
240: #define DELETE 264
241: #define DELETEALL 265
242: #define FLUSH 266
243: #define DUMP 267
244: #define EXIT 268
245: #define PR_ESP 269
246: #define PR_AH 270
247: #define PR_IPCOMP 271
248: #define PR_ESPUDP 272
249: #define PR_TCP 273
250: #define F_PROTOCOL 274
251: #define F_AUTH 275
252: #define F_ENC 276
253: #define F_REPLAY 277
254: #define F_COMP 278
255: #define F_RAWCPI 279
256: #define F_MODE 280
257: #define MODE 281
258: #define F_REQID 282
259: #define F_EXT 283
260: #define EXTENSION 284
261: #define NOCYCLICSEQ 285
262: #define ALG_AUTH 286
263: #define ALG_AUTH_NOKEY 287
264: #define ALG_ENC 288
265: #define ALG_ENC_NOKEY 289
266: #define ALG_ENC_DESDERIV 290
267: #define ALG_ENC_DES32IV 291
268: #define ALG_ENC_OLD 292
269: #define ALG_COMP 293
270: #define F_LIFETIME_HARD 294
271: #define F_LIFETIME_SOFT 295
272: #define F_LIFEBYTE_HARD 296
273: #define F_LIFEBYTE_SOFT 297
274: #define DECSTRING 298
275: #define QUOTEDSTRING 299
276: #define HEXSTRING 300
277: #define STRING 301
278: #define ANY 302
279: #define SPDADD 303
280: #define SPDUPDATE 304
281: #define SPDDELETE 305
282: #define SPDDUMP 306
283: #define SPDFLUSH 307
284: #define F_POLICY 308
285: #define PL_REQUESTS 309
286: #define F_AIFLAGS 310
287: #define TAGGED 311
288: #define SECURITY_CTX 312
289:
290:
291:
292:
293: #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
294: typedef union YYSTYPE
295: {
296:
297: /* Line 214 of yacc.c */
298: #line 110 "parse.y"
299:
300: int num;
301: unsigned long ulnum;
302: vchar_t val;
303: struct addrinfo *res;
304:
305:
306:
307: /* Line 214 of yacc.c */
308: #line 309 "parse.c"
309: } YYSTYPE;
310: # define YYSTYPE_IS_TRIVIAL 1
311: # define yystype YYSTYPE /* obsolescent; will be withdrawn */
312: # define YYSTYPE_IS_DECLARED 1
313: #endif
314:
315:
316: /* Copy the second part of user declarations. */
317:
318:
319: /* Line 264 of yacc.c */
320: #line 321 "parse.c"
321:
322: #ifdef short
323: # undef short
324: #endif
325:
326: #ifdef YYTYPE_UINT8
327: typedef YYTYPE_UINT8 yytype_uint8;
328: #else
329: typedef unsigned char yytype_uint8;
330: #endif
331:
332: #ifdef YYTYPE_INT8
333: typedef YYTYPE_INT8 yytype_int8;
334: #elif (defined __STDC__ || defined __C99__FUNC__ \
335: || defined __cplusplus || defined _MSC_VER)
336: typedef signed char yytype_int8;
337: #else
338: typedef short int yytype_int8;
339: #endif
340:
341: #ifdef YYTYPE_UINT16
342: typedef YYTYPE_UINT16 yytype_uint16;
343: #else
344: typedef unsigned short int yytype_uint16;
345: #endif
346:
347: #ifdef YYTYPE_INT16
348: typedef YYTYPE_INT16 yytype_int16;
349: #else
350: typedef short int yytype_int16;
351: #endif
352:
353: #ifndef YYSIZE_T
354: # ifdef __SIZE_TYPE__
355: # define YYSIZE_T __SIZE_TYPE__
356: # elif defined size_t
357: # define YYSIZE_T size_t
358: # elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
359: || defined __cplusplus || defined _MSC_VER)
360: # include <stddef.h> /* INFRINGES ON USER NAME SPACE */
361: # define YYSIZE_T size_t
362: # else
363: # define YYSIZE_T unsigned int
364: # endif
365: #endif
366:
367: #define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
368:
369: #ifndef YY_
370: # if YYENABLE_NLS
371: # if ENABLE_NLS
372: # include <libintl.h> /* INFRINGES ON USER NAME SPACE */
373: # define YY_(msgid) dgettext ("bison-runtime", msgid)
374: # endif
375: # endif
376: # ifndef YY_
377: # define YY_(msgid) msgid
378: # endif
379: #endif
380:
381: /* Suppress unused-variable warnings by "using" E. */
382: #if ! defined lint || defined __GNUC__
383: # define YYUSE(e) ((void) (e))
384: #else
385: # define YYUSE(e) /* empty */
386: #endif
387:
388: /* Identity function, used to suppress warnings about constant conditions. */
389: #ifndef lint
390: # define YYID(n) (n)
391: #else
392: #if (defined __STDC__ || defined __C99__FUNC__ \
393: || defined __cplusplus || defined _MSC_VER)
394: static int
395: YYID (int yyi)
396: #else
397: static int
398: YYID (yyi)
399: int yyi;
400: #endif
401: {
402: return yyi;
403: }
404: #endif
405:
406: #if ! defined yyoverflow || YYERROR_VERBOSE
407:
408: /* The parser invokes alloca or malloc; define the necessary symbols. */
409:
410: # ifdef YYSTACK_USE_ALLOCA
411: # if YYSTACK_USE_ALLOCA
412: # ifdef __GNUC__
413: # define YYSTACK_ALLOC __builtin_alloca
414: # elif defined __BUILTIN_VA_ARG_INCR
415: # include <alloca.h> /* INFRINGES ON USER NAME SPACE */
416: # elif defined _AIX
417: # define YYSTACK_ALLOC __alloca
418: # elif defined _MSC_VER
419: # include <malloc.h> /* INFRINGES ON USER NAME SPACE */
420: # define alloca _alloca
421: # else
422: # define YYSTACK_ALLOC alloca
423: # if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
424: || defined __cplusplus || defined _MSC_VER)
425: # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
426: # ifndef _STDLIB_H
427: # define _STDLIB_H 1
428: # endif
429: # endif
430: # endif
431: # endif
432: # endif
433:
434: # ifdef YYSTACK_ALLOC
435: /* Pacify GCC's `empty if-body' warning. */
436: # define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
437: # ifndef YYSTACK_ALLOC_MAXIMUM
438: /* The OS might guarantee only one guard page at the bottom of the stack,
439: and a page size can be as small as 4096 bytes. So we cannot safely
440: invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
441: to allow for a few compiler-allocated temporary stack slots. */
442: # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
443: # endif
444: # else
445: # define YYSTACK_ALLOC YYMALLOC
446: # define YYSTACK_FREE YYFREE
447: # ifndef YYSTACK_ALLOC_MAXIMUM
448: # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
449: # endif
450: # if (defined __cplusplus && ! defined _STDLIB_H \
451: && ! ((defined YYMALLOC || defined malloc) \
452: && (defined YYFREE || defined free)))
453: # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
454: # ifndef _STDLIB_H
455: # define _STDLIB_H 1
456: # endif
457: # endif
458: # ifndef YYMALLOC
459: # define YYMALLOC malloc
460: # if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
461: || defined __cplusplus || defined _MSC_VER)
462: void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
463: # endif
464: # endif
465: # ifndef YYFREE
466: # define YYFREE free
467: # if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
468: || defined __cplusplus || defined _MSC_VER)
469: void free (void *); /* INFRINGES ON USER NAME SPACE */
470: # endif
471: # endif
472: # endif
473: #endif /* ! defined yyoverflow || YYERROR_VERBOSE */
474:
475:
476: #if (! defined yyoverflow \
477: && (! defined __cplusplus \
478: || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
479:
480: /* A type that is properly aligned for any stack member. */
481: union yyalloc
482: {
483: yytype_int16 yyss_alloc;
484: YYSTYPE yyvs_alloc;
485: };
486:
487: /* The size of the maximum gap between one aligned stack and the next. */
488: # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
489:
490: /* The size of an array large to enough to hold all stacks, each with
491: N elements. */
492: # define YYSTACK_BYTES(N) \
493: ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
494: + YYSTACK_GAP_MAXIMUM)
495:
496: /* Copy COUNT objects from FROM to TO. The source and destination do
497: not overlap. */
498: # ifndef YYCOPY
499: # if defined __GNUC__ && 1 < __GNUC__
500: # define YYCOPY(To, From, Count) \
501: __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
502: # else
503: # define YYCOPY(To, From, Count) \
504: do \
505: { \
506: YYSIZE_T yyi; \
507: for (yyi = 0; yyi < (Count); yyi++) \
508: (To)[yyi] = (From)[yyi]; \
509: } \
510: while (YYID (0))
511: # endif
512: # endif
513:
514: /* Relocate STACK from its old location to the new one. The
515: local variables YYSIZE and YYSTACKSIZE give the old and new number of
516: elements in the stack, and YYPTR gives the new location of the
517: stack. Advance YYPTR to a properly aligned location for the next
518: stack. */
519: # define YYSTACK_RELOCATE(Stack_alloc, Stack) \
520: do \
521: { \
522: YYSIZE_T yynewbytes; \
523: YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
524: Stack = &yyptr->Stack_alloc; \
525: yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
526: yyptr += yynewbytes / sizeof (*yyptr); \
527: } \
528: while (YYID (0))
529:
530: #endif
531:
532: /* YYFINAL -- State number of the termination state. */
533: #define YYFINAL 2
534: /* YYLAST -- Last index in YYTABLE. */
535: #define YYLAST 174
536:
537: /* YYNTOKENS -- Number of terminals. */
538: #define YYNTOKENS 58
539: /* YYNNTS -- Number of nonterminals. */
540: #define YYNNTS 37
541: /* YYNRULES -- Number of rules. */
542: #define YYNRULES 90
543: /* YYNRULES -- Number of states. */
544: #define YYNSTATES 188
545:
546: /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
547: #define YYUNDEFTOK 2
548: #define YYMAXUTOK 312
549:
550: #define YYTRANSLATE(YYX) \
551: ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
552:
553: /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
554: static const yytype_uint8 yytranslate[] =
555: {
556: 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
557: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
558: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
559: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
560: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
561: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
562: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
563: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
564: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
565: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
566: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
567: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
568: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
569: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
570: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
571: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
572: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
573: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
574: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
575: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
576: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
577: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
578: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
579: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
580: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
581: 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
582: 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
583: 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
584: 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
585: 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
586: 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
587: 55, 56, 57
588: };
589:
590: #if YYDEBUG
591: /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
592: YYRHS. */
593: static const yytype_uint16 yyprhs[] =
594: {
595: 0, 0, 3, 4, 7, 9, 11, 13, 15, 17,
596: 19, 21, 23, 25, 27, 29, 31, 41, 50, 57,
597: 66, 70, 74, 75, 77, 79, 81, 83, 86, 88,
598: 90, 92, 94, 96, 98, 103, 106, 109, 112, 116,
599: 118, 121, 123, 126, 129, 132, 134, 136, 138, 139,
600: 142, 145, 148, 151, 154, 157, 160, 163, 166, 169,
601: 172, 177, 191, 197, 211, 217, 231, 234, 237, 238,
602: 241, 243, 245, 247, 250, 251, 254, 255, 259, 263,
603: 267, 269, 271, 273, 275, 276, 278, 279, 284, 287,
604: 289
605: };
606:
607: /* YYRHS -- A `-1'-separated list of the rules' RHS. */
608: static const yytype_int8 yyrhs[] =
609: {
610: 59, 0, -1, -1, 59, 60, -1, 61, -1, 64,
611: -1, 62, -1, 63, -1, 65, -1, 66, -1, 94,
612: -1, 78, -1, 79, -1, 80, -1, 81, -1, 82,
613: -1, 7, 83, 86, 86, 67, 68, 76, 69, 3,
614: -1, 9, 83, 86, 86, 67, 68, 76, 3, -1,
615: 10, 83, 85, 85, 67, 3, -1, 8, 83, 86,
616: 86, 67, 68, 76, 3, -1, 11, 67, 3, -1,
617: 12, 67, 3, -1, -1, 14, -1, 15, -1, 16,
618: -1, 17, -1, 17, 85, -1, 18, -1, 43, -1,
619: 45, -1, 70, -1, 71, -1, 72, -1, 21, 73,
620: 20, 74, -1, 21, 73, -1, 20, 74, -1, 23,
621: 38, -1, 23, 38, 24, -1, 34, -1, 33, 75,
622: -1, 37, -1, 35, 75, -1, 36, 75, -1, 31,
623: 75, -1, 32, -1, 44, -1, 45, -1, -1, 76,
624: 77, -1, 28, 29, -1, 28, 30, -1, 25, 26,
625: -1, 25, 47, -1, 27, 43, -1, 22, 43, -1,
626: 39, 43, -1, 40, 43, -1, 41, 43, -1, 42,
627: 43, -1, 57, 43, 43, 44, -1, 48, 83, 46,
628: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
629: -1, 48, 56, 44, 92, 3, -1, 49, 83, 46,
630: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
631: -1, 49, 56, 44, 92, 3, -1, 50, 83, 46,
632: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
633: -1, 51, 3, -1, 52, 3, -1, -1, 83, 84,
634: -1, 55, -1, 46, -1, 46, -1, 46, 88, -1,
635: -1, 4, 43, -1, -1, 5, 47, 6, -1, 5,
636: 43, 6, -1, 5, 46, 6, -1, 43, -1, 47,
637: -1, 18, -1, 46, -1, -1, 46, -1, -1, 57,
638: 43, 43, 44, -1, 53, 93, -1, 54, -1, 13,
639: 3, -1
640: };
641:
642: /* YYRLINE[YYN] -- source line where rule number YYN was defined. */
643: static const yytype_uint16 yyrline[] =
644: {
645: 0, 151, 151, 153, 161, 162, 163, 164, 165, 166,
646: 167, 168, 169, 170, 171, 172, 178, 190, 209, 237,
647: 252, 262, 272, 275, 283, 291, 295, 302, 309, 318,
648: 319, 340, 341, 342, 346, 347, 351, 355, 363, 375,
649: 390, 405, 421, 442, 466, 491, 504, 508, 537, 539,
650: 543, 544, 545, 546, 547, 548, 557, 558, 559, 560,
651: 561, 573, 606, 619, 652, 664, 696, 707, 716, 718,
652: 722, 747, 758, 766, 777, 778, 783, 791, 800, 811,
653: 818, 819, 820, 823, 846, 850, 861, 863, 872, 896,
654: 901
655: };
656: #endif
657:
658: #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
659: /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
660: First, the terminals, then, starting at YYNTOKENS, nonterminals. */
661: static const char *const yytname[] =
662: {
663: "$end", "error", "$undefined", "EOT", "SLASH", "BLCL", "ELCL", "ADD",
664: "GET", "DELETE", "DELETEALL", "FLUSH", "DUMP", "EXIT", "PR_ESP", "PR_AH",
665: "PR_IPCOMP", "PR_ESPUDP", "PR_TCP", "F_PROTOCOL", "F_AUTH", "F_ENC",
666: "F_REPLAY", "F_COMP", "F_RAWCPI", "F_MODE", "MODE", "F_REQID", "F_EXT",
667: "EXTENSION", "NOCYCLICSEQ", "ALG_AUTH", "ALG_AUTH_NOKEY", "ALG_ENC",
668: "ALG_ENC_NOKEY", "ALG_ENC_DESDERIV", "ALG_ENC_DES32IV", "ALG_ENC_OLD",
669: "ALG_COMP", "F_LIFETIME_HARD", "F_LIFETIME_SOFT", "F_LIFEBYTE_HARD",
670: "F_LIFEBYTE_SOFT", "DECSTRING", "QUOTEDSTRING", "HEXSTRING", "STRING",
671: "ANY", "SPDADD", "SPDUPDATE", "SPDDELETE", "SPDDUMP", "SPDFLUSH",
672: "F_POLICY", "PL_REQUESTS", "F_AIFLAGS", "TAGGED", "SECURITY_CTX",
673: "$accept", "commands", "command", "add_command", "delete_command",
674: "deleteall_command", "get_command", "flush_command", "dump_command",
675: "protocol_spec", "spi", "algorithm_spec", "esp_spec", "ah_spec",
676: "ipcomp_spec", "enc_alg", "auth_alg", "key_string", "extension_spec",
677: "extension", "spdadd_command", "spdupdate_command", "spddelete_command",
678: "spddump_command", "spdflush_command", "ipaddropts", "ipaddropt",
679: "ipaddr", "ipandport", "prefix", "portstr", "upper_spec",
680: "upper_misc_spec", "context_spec", "policy_spec", "policy_requests",
681: "exit_command", 0
682: };
683: #endif
684:
685: # ifdef YYPRINT
686: /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
687: token YYLEX-NUM. */
688: static const yytype_uint16 yytoknum[] =
689: {
690: 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
691: 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
692: 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
693: 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
694: 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
695: 305, 306, 307, 308, 309, 310, 311, 312
696: };
697: # endif
698:
699: /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
700: static const yytype_uint8 yyr1[] =
701: {
702: 0, 58, 59, 59, 60, 60, 60, 60, 60, 60,
703: 60, 60, 60, 60, 60, 60, 61, 62, 63, 64,
704: 65, 66, 67, 67, 67, 67, 67, 67, 67, 68,
705: 68, 69, 69, 69, 70, 70, 71, 72, 72, 73,
706: 73, 73, 73, 73, 74, 74, 75, 75, 76, 76,
707: 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
708: 77, 78, 78, 79, 79, 80, 81, 82, 83, 83,
709: 84, 85, 86, 86, 87, 87, 88, 88, 88, 88,
710: 89, 89, 89, 89, 90, 90, 91, 91, 92, 93,
711: 94
712: };
713:
714: /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
715: static const yytype_uint8 yyr2[] =
716: {
717: 0, 2, 0, 2, 1, 1, 1, 1, 1, 1,
718: 1, 1, 1, 1, 1, 1, 9, 8, 6, 8,
719: 3, 3, 0, 1, 1, 1, 1, 2, 1, 1,
720: 1, 1, 1, 1, 4, 2, 2, 2, 3, 1,
721: 2, 1, 2, 2, 2, 1, 1, 1, 0, 2,
722: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
723: 4, 13, 5, 13, 5, 13, 2, 2, 0, 2,
724: 1, 1, 1, 2, 0, 2, 0, 3, 3, 3,
725: 1, 1, 1, 1, 0, 1, 0, 4, 2, 1,
726: 2
727: };
728:
729: /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
730: STATE-NUM when YYTABLE doesn't specify something else to do. Zero
731: means the default is an error. */
732: static const yytype_uint8 yydefact[] =
733: {
734: 2, 0, 1, 68, 68, 68, 68, 22, 22, 0,
735: 68, 68, 68, 0, 0, 3, 4, 6, 7, 5,
736: 8, 9, 11, 12, 13, 14, 15, 10, 0, 0,
737: 0, 0, 23, 24, 25, 26, 28, 0, 0, 90,
738: 0, 0, 0, 0, 0, 66, 67, 72, 70, 69,
739: 0, 0, 0, 71, 0, 27, 20, 21, 0, 74,
740: 0, 74, 74, 0, 73, 22, 22, 22, 22, 0,
741: 0, 0, 76, 0, 76, 76, 0, 0, 0, 0,
742: 0, 0, 0, 89, 88, 62, 75, 0, 64, 0,
743: 0, 78, 79, 77, 29, 30, 48, 48, 48, 18,
744: 74, 74, 74, 0, 0, 0, 76, 76, 76, 0,
745: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
746: 0, 0, 31, 32, 33, 49, 19, 17, 0, 0,
747: 0, 0, 45, 36, 0, 39, 0, 0, 41, 35,
748: 55, 37, 52, 53, 54, 50, 51, 56, 57, 58,
749: 59, 0, 16, 82, 80, 83, 81, 84, 84, 84,
750: 46, 47, 44, 40, 42, 43, 0, 38, 0, 85,
751: 86, 86, 86, 34, 60, 0, 0, 0, 0, 0,
752: 0, 0, 0, 0, 61, 63, 65, 87
753: };
754:
755: /* YYDEFGOTO[NTERM-NUM]. */
756: static const yytype_int16 yydefgoto[] =
757: {
758: -1, 1, 15, 16, 17, 18, 19, 20, 21, 37,
759: 96, 121, 122, 123, 124, 139, 133, 162, 103, 125,
760: 22, 23, 24, 25, 26, 28, 49, 54, 50, 72,
761: 64, 157, 170, 176, 70, 84, 27
762: };
763:
764: /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
765: STATE-NUM. */
766: #define YYPACT_NINF -61
767: static const yytype_int16 yypact[] =
768: {
769: -61, 3, -61, -61, -61, -61, -61, 96, 96, 17,
770: -12, 1, -61, 78, 106, -61, -61, -61, -61, -61,
771: -61, -61, -61, -61, -61, -61, -61, -61, -38, -38,
772: -38, 29, -61, -61, -61, 69, -61, 122, 130, -61,
773: 92, 31, 93, 39, 49, -61, -61, 133, -61, -61,
774: 94, 94, 94, -61, 69, -61, -61, -61, 88, 135,
775: 88, 135, 135, -24, -61, 96, 96, 96, 96, 89,
776: 139, 101, 133, 142, 133, 133, 140, 141, 143, 81,
777: 81, 81, 145, -61, -61, -61, -61, 104, -61, 105,
778: 107, -61, -61, -61, -61, -61, -61, -61, -61, -61,
779: 135, 135, 135, 51, -1, 6, 133, 133, 133, -26,
780: 86, 109, 116, -22, 112, 13, 113, 114, 115, 117,
781: 118, 156, -61, -61, -61, -61, -61, -61, -11, -11,
782: -11, 5, -61, -61, 5, -61, 5, 5, -61, 144,
783: -61, 138, -61, -61, -61, -61, -61, -61, -61, -61,
784: -61, 120, -61, -61, -61, -61, -61, 119, 119, 119,
785: -61, -61, -61, -61, -61, -61, -26, -61, 123, -61,
786: 111, 111, 111, -61, -61, 126, 88, 88, 88, 127,
787: 163, 168, 169, 129, -61, -61, -61, -61
788: };
789:
790: /* YYPGOTO[NTERM-NUM]. */
791: static const yytype_int8 yypgoto[] =
792: {
793: -61, -61, -61, -61, -61, -61, -61, -61, -61, -7,
794: 22, -61, -61, -61, -61, -61, 8, -54, 30, -61,
795: -61, -61, -61, -61, -61, 95, -61, -17, 37, -32,
796: -10, 0, -27, -37, -60, -61, -61
797: };
798:
799: /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
800: positive, shift that token. If negative, reduce the rule which
801: number is the opposite. If zero, do what YYDEFACT says.
802: If YYTABLE_NINF, syntax error. */
803: #define YYTABLE_NINF -1
804: static const yytype_uint8 yytable[] =
805: {
806: 73, 38, 126, 2, 142, 131, 132, 153, 47, 127,
807: 3, 4, 5, 6, 7, 8, 9, 48, 55, 76,
808: 39, 111, 77, 78, 113, 143, 114, 115, 111, 74,
809: 75, 113, 154, 114, 115, 155, 156, 68, 116, 117,
810: 118, 119, 145, 146, 40, 116, 117, 118, 119, 160,
811: 161, 10, 11, 12, 13, 14, 120, 42, 79, 80,
812: 81, 82, 87, 120, 89, 90, 51, 52, 106, 107,
813: 108, 109, 110, 111, 112, 53, 113, 59, 114, 115,
814: 163, 45, 164, 165, 48, 61, 48, 65, 66, 67,
815: 116, 117, 118, 119, 48, 62, 128, 129, 130, 29,
816: 30, 31, 97, 98, 48, 41, 43, 44, 120, 46,
817: 32, 33, 34, 35, 36, 53, 180, 181, 182, 134,
818: 135, 136, 137, 138, 94, 56, 95, 104, 105, 158,
819: 159, 171, 172, 57, 177, 178, 58, 60, 63, 71,
820: 47, 69, 85, 83, 86, 88, 91, 92, 99, 93,
821: 100, 101, 140, 102, 141, 144, 147, 148, 149, 152,
822: 150, 151, 167, 168, 166, 169, 184, 174, 175, 179,
823: 183, 185, 186, 187, 173
824: };
825:
826: static const yytype_uint8 yycheck[] =
827: {
828: 60, 8, 3, 0, 26, 31, 32, 18, 46, 3,
829: 7, 8, 9, 10, 11, 12, 13, 55, 35, 43,
830: 3, 22, 46, 47, 25, 47, 27, 28, 22, 61,
831: 62, 25, 43, 27, 28, 46, 47, 54, 39, 40,
832: 41, 42, 29, 30, 56, 39, 40, 41, 42, 44,
833: 45, 48, 49, 50, 51, 52, 57, 56, 65, 66,
834: 67, 68, 72, 57, 74, 75, 29, 30, 100, 101,
835: 102, 20, 21, 22, 23, 46, 25, 46, 27, 28,
836: 134, 3, 136, 137, 55, 46, 55, 50, 51, 52,
837: 39, 40, 41, 42, 55, 46, 106, 107, 108, 4,
838: 5, 6, 80, 81, 55, 10, 11, 12, 57, 3,
839: 14, 15, 16, 17, 18, 46, 176, 177, 178, 33,
840: 34, 35, 36, 37, 43, 3, 45, 97, 98, 129,
841: 130, 158, 159, 3, 171, 172, 44, 44, 5, 4,
842: 46, 53, 3, 54, 43, 3, 6, 6, 3, 6,
843: 46, 46, 43, 46, 38, 43, 43, 43, 43, 3,
844: 43, 43, 24, 43, 20, 46, 3, 44, 57, 43,
845: 43, 3, 3, 44, 166
846: };
847:
848: /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
849: symbol of state STATE-NUM. */
850: static const yytype_uint8 yystos[] =
851: {
852: 0, 59, 0, 7, 8, 9, 10, 11, 12, 13,
853: 48, 49, 50, 51, 52, 60, 61, 62, 63, 64,
854: 65, 66, 78, 79, 80, 81, 82, 94, 83, 83,
855: 83, 83, 14, 15, 16, 17, 18, 67, 67, 3,
856: 56, 83, 56, 83, 83, 3, 3, 46, 55, 84,
857: 86, 86, 86, 46, 85, 85, 3, 3, 44, 46,
858: 44, 46, 46, 5, 88, 86, 86, 86, 85, 53,
859: 92, 4, 87, 92, 87, 87, 43, 46, 47, 67,
860: 67, 67, 67, 54, 93, 3, 43, 88, 3, 88,
861: 88, 6, 6, 6, 43, 45, 68, 68, 68, 3,
862: 46, 46, 46, 76, 76, 76, 87, 87, 87, 20,
863: 21, 22, 23, 25, 27, 28, 39, 40, 41, 42,
864: 57, 69, 70, 71, 72, 77, 3, 3, 88, 88,
865: 88, 31, 32, 74, 33, 34, 35, 36, 37, 73,
866: 43, 38, 26, 47, 43, 29, 30, 43, 43, 43,
867: 43, 43, 3, 18, 43, 46, 47, 89, 89, 89,
868: 44, 45, 75, 75, 75, 75, 20, 24, 43, 46,
869: 90, 90, 90, 74, 44, 57, 91, 91, 91, 43,
870: 92, 92, 92, 43, 3, 3, 3, 44
871: };
872:
873: #define yyerrok (yyerrstatus = 0)
874: #define yyclearin (yychar = YYEMPTY)
875: #define YYEMPTY (-2)
876: #define YYEOF 0
877:
878: #define YYACCEPT goto yyacceptlab
879: #define YYABORT goto yyabortlab
880: #define YYERROR goto yyerrorlab
881:
882:
883: /* Like YYERROR except do call yyerror. This remains here temporarily
884: to ease the transition to the new meaning of YYERROR, for GCC.
885: Once GCC version 2 has supplanted version 1, this can go. */
886:
887: #define YYFAIL goto yyerrlab
888:
889: #define YYRECOVERING() (!!yyerrstatus)
890:
891: #define YYBACKUP(Token, Value) \
892: do \
893: if (yychar == YYEMPTY && yylen == 1) \
894: { \
895: yychar = (Token); \
896: yylval = (Value); \
897: yytoken = YYTRANSLATE (yychar); \
898: YYPOPSTACK (1); \
899: goto yybackup; \
900: } \
901: else \
902: { \
903: yyerror (YY_("syntax error: cannot back up")); \
904: YYERROR; \
905: } \
906: while (YYID (0))
907:
908:
909: #define YYTERROR 1
910: #define YYERRCODE 256
911:
912:
913: /* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
914: If N is 0, then set CURRENT to the empty location which ends
915: the previous symbol: RHS[0] (always defined). */
916:
917: #define YYRHSLOC(Rhs, K) ((Rhs)[K])
918: #ifndef YYLLOC_DEFAULT
919: # define YYLLOC_DEFAULT(Current, Rhs, N) \
920: do \
921: if (YYID (N)) \
922: { \
923: (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
924: (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
925: (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
926: (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
927: } \
928: else \
929: { \
930: (Current).first_line = (Current).last_line = \
931: YYRHSLOC (Rhs, 0).last_line; \
932: (Current).first_column = (Current).last_column = \
933: YYRHSLOC (Rhs, 0).last_column; \
934: } \
935: while (YYID (0))
936: #endif
937:
938:
939: /* YY_LOCATION_PRINT -- Print the location on the stream.
940: This macro was not mandated originally: define only if we know
941: we won't break user code: when these are the locations we know. */
942:
943: #ifndef YY_LOCATION_PRINT
944: # if YYLTYPE_IS_TRIVIAL
945: # define YY_LOCATION_PRINT(File, Loc) \
946: fprintf (File, "%d.%d-%d.%d", \
947: (Loc).first_line, (Loc).first_column, \
948: (Loc).last_line, (Loc).last_column)
949: # else
950: # define YY_LOCATION_PRINT(File, Loc) ((void) 0)
951: # endif
952: #endif
953:
954:
955: /* YYLEX -- calling `yylex' with the right arguments. */
956:
957: #ifdef YYLEX_PARAM
958: # define YYLEX yylex (YYLEX_PARAM)
959: #else
960: # define YYLEX yylex ()
961: #endif
962:
963: /* Enable debugging if requested. */
964: #if YYDEBUG
965:
966: # ifndef YYFPRINTF
967: # include <stdio.h> /* INFRINGES ON USER NAME SPACE */
968: # define YYFPRINTF fprintf
969: # endif
970:
971: # define YYDPRINTF(Args) \
972: do { \
973: if (yydebug) \
974: YYFPRINTF Args; \
975: } while (YYID (0))
976:
977: # define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
978: do { \
979: if (yydebug) \
980: { \
981: YYFPRINTF (stderr, "%s ", Title); \
982: yy_symbol_print (stderr, \
983: Type, Value); \
984: YYFPRINTF (stderr, "\n"); \
985: } \
986: } while (YYID (0))
987:
988:
989: /*--------------------------------.
990: | Print this symbol on YYOUTPUT. |
991: `--------------------------------*/
992:
993: /*ARGSUSED*/
994: #if (defined __STDC__ || defined __C99__FUNC__ \
995: || defined __cplusplus || defined _MSC_VER)
996: static void
997: yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
998: #else
999: static void
1000: yy_symbol_value_print (yyoutput, yytype, yyvaluep)
1001: FILE *yyoutput;
1002: int yytype;
1003: YYSTYPE const * const yyvaluep;
1004: #endif
1005: {
1006: if (!yyvaluep)
1007: return;
1008: # ifdef YYPRINT
1009: if (yytype < YYNTOKENS)
1010: YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
1011: # else
1012: YYUSE (yyoutput);
1013: # endif
1014: switch (yytype)
1015: {
1016: default:
1017: break;
1018: }
1019: }
1020:
1021:
1022: /*--------------------------------.
1023: | Print this symbol on YYOUTPUT. |
1024: `--------------------------------*/
1025:
1026: #if (defined __STDC__ || defined __C99__FUNC__ \
1027: || defined __cplusplus || defined _MSC_VER)
1028: static void
1029: yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
1030: #else
1031: static void
1032: yy_symbol_print (yyoutput, yytype, yyvaluep)
1033: FILE *yyoutput;
1034: int yytype;
1035: YYSTYPE const * const yyvaluep;
1036: #endif
1037: {
1038: if (yytype < YYNTOKENS)
1039: YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
1040: else
1041: YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
1042:
1043: yy_symbol_value_print (yyoutput, yytype, yyvaluep);
1044: YYFPRINTF (yyoutput, ")");
1045: }
1046:
1047: /*------------------------------------------------------------------.
1048: | yy_stack_print -- Print the state stack from its BOTTOM up to its |
1049: | TOP (included). |
1050: `------------------------------------------------------------------*/
1051:
1052: #if (defined __STDC__ || defined __C99__FUNC__ \
1053: || defined __cplusplus || defined _MSC_VER)
1054: static void
1055: yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
1056: #else
1057: static void
1058: yy_stack_print (yybottom, yytop)
1059: yytype_int16 *yybottom;
1060: yytype_int16 *yytop;
1061: #endif
1062: {
1063: YYFPRINTF (stderr, "Stack now");
1064: for (; yybottom <= yytop; yybottom++)
1065: {
1066: int yybot = *yybottom;
1067: YYFPRINTF (stderr, " %d", yybot);
1068: }
1069: YYFPRINTF (stderr, "\n");
1070: }
1071:
1072: # define YY_STACK_PRINT(Bottom, Top) \
1073: do { \
1074: if (yydebug) \
1075: yy_stack_print ((Bottom), (Top)); \
1076: } while (YYID (0))
1077:
1078:
1079: /*------------------------------------------------.
1080: | Report that the YYRULE is going to be reduced. |
1081: `------------------------------------------------*/
1082:
1083: #if (defined __STDC__ || defined __C99__FUNC__ \
1084: || defined __cplusplus || defined _MSC_VER)
1085: static void
1086: yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
1087: #else
1088: static void
1089: yy_reduce_print (yyvsp, yyrule)
1090: YYSTYPE *yyvsp;
1091: int yyrule;
1092: #endif
1093: {
1094: int yynrhs = yyr2[yyrule];
1095: int yyi;
1096: unsigned long int yylno = yyrline[yyrule];
1097: YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
1098: yyrule - 1, yylno);
1099: /* The symbols being reduced. */
1100: for (yyi = 0; yyi < yynrhs; yyi++)
1101: {
1102: YYFPRINTF (stderr, " $%d = ", yyi + 1);
1103: yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
1104: &(yyvsp[(yyi + 1) - (yynrhs)])
1105: );
1106: YYFPRINTF (stderr, "\n");
1107: }
1108: }
1109:
1110: # define YY_REDUCE_PRINT(Rule) \
1111: do { \
1112: if (yydebug) \
1113: yy_reduce_print (yyvsp, Rule); \
1114: } while (YYID (0))
1115:
1116: /* Nonzero means print parse trace. It is left uninitialized so that
1117: multiple parsers can coexist. */
1118: int yydebug;
1119: #else /* !YYDEBUG */
1120: # define YYDPRINTF(Args)
1121: # define YY_SYMBOL_PRINT(Title, Type, Value, Location)
1122: # define YY_STACK_PRINT(Bottom, Top)
1123: # define YY_REDUCE_PRINT(Rule)
1124: #endif /* !YYDEBUG */
1125:
1126:
1127: /* YYINITDEPTH -- initial size of the parser's stacks. */
1128: #ifndef YYINITDEPTH
1129: # define YYINITDEPTH 200
1130: #endif
1131:
1132: /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
1133: if the built-in stack extension method is used).
1134:
1135: Do not make this value too large; the results are undefined if
1136: YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
1137: evaluated with infinite-precision integer arithmetic. */
1138:
1139: #ifndef YYMAXDEPTH
1140: # define YYMAXDEPTH 10000
1141: #endif
1142:
1143:
1144:
1145: #if YYERROR_VERBOSE
1146:
1147: # ifndef yystrlen
1148: # if defined __GLIBC__ && defined _STRING_H
1149: # define yystrlen strlen
1150: # else
1151: /* Return the length of YYSTR. */
1152: #if (defined __STDC__ || defined __C99__FUNC__ \
1153: || defined __cplusplus || defined _MSC_VER)
1154: static YYSIZE_T
1155: yystrlen (const char *yystr)
1156: #else
1157: static YYSIZE_T
1158: yystrlen (yystr)
1159: const char *yystr;
1160: #endif
1161: {
1162: YYSIZE_T yylen;
1163: for (yylen = 0; yystr[yylen]; yylen++)
1164: continue;
1165: return yylen;
1166: }
1167: # endif
1168: # endif
1169:
1170: # ifndef yystpcpy
1171: # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
1172: # define yystpcpy stpcpy
1173: # else
1174: /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
1175: YYDEST. */
1176: #if (defined __STDC__ || defined __C99__FUNC__ \
1177: || defined __cplusplus || defined _MSC_VER)
1178: static char *
1179: yystpcpy (char *yydest, const char *yysrc)
1180: #else
1181: static char *
1182: yystpcpy (yydest, yysrc)
1183: char *yydest;
1184: const char *yysrc;
1185: #endif
1186: {
1187: char *yyd = yydest;
1188: const char *yys = yysrc;
1189:
1190: while ((*yyd++ = *yys++) != '\0')
1191: continue;
1192:
1193: return yyd - 1;
1194: }
1195: # endif
1196: # endif
1197:
1198: # ifndef yytnamerr
1199: /* Copy to YYRES the contents of YYSTR after stripping away unnecessary
1200: quotes and backslashes, so that it's suitable for yyerror. The
1201: heuristic is that double-quoting is unnecessary unless the string
1202: contains an apostrophe, a comma, or backslash (other than
1203: backslash-backslash). YYSTR is taken from yytname. If YYRES is
1204: null, do not copy; instead, return the length of what the result
1205: would have been. */
1206: static YYSIZE_T
1207: yytnamerr (char *yyres, const char *yystr)
1208: {
1209: if (*yystr == '"')
1210: {
1211: YYSIZE_T yyn = 0;
1212: char const *yyp = yystr;
1213:
1214: for (;;)
1215: switch (*++yyp)
1216: {
1217: case '\'':
1218: case ',':
1219: goto do_not_strip_quotes;
1220:
1221: case '\\':
1222: if (*++yyp != '\\')
1223: goto do_not_strip_quotes;
1224: /* Fall through. */
1225: default:
1226: if (yyres)
1227: yyres[yyn] = *yyp;
1228: yyn++;
1229: break;
1230:
1231: case '"':
1232: if (yyres)
1233: yyres[yyn] = '\0';
1234: return yyn;
1235: }
1236: do_not_strip_quotes: ;
1237: }
1238:
1239: if (! yyres)
1240: return yystrlen (yystr);
1241:
1242: return yystpcpy (yyres, yystr) - yyres;
1243: }
1244: # endif
1245:
1246: /* Copy into YYRESULT an error message about the unexpected token
1247: YYCHAR while in state YYSTATE. Return the number of bytes copied,
1248: including the terminating null byte. If YYRESULT is null, do not
1249: copy anything; just return the number of bytes that would be
1250: copied. As a special case, return 0 if an ordinary "syntax error"
1251: message will do. Return YYSIZE_MAXIMUM if overflow occurs during
1252: size calculation. */
1253: static YYSIZE_T
1254: yysyntax_error (char *yyresult, int yystate, int yychar)
1255: {
1256: int yyn = yypact[yystate];
1257:
1258: if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
1259: return 0;
1260: else
1261: {
1262: int yytype = YYTRANSLATE (yychar);
1263: YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
1264: YYSIZE_T yysize = yysize0;
1265: YYSIZE_T yysize1;
1266: int yysize_overflow = 0;
1267: enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
1268: char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
1269: int yyx;
1270:
1271: # if 0
1272: /* This is so xgettext sees the translatable formats that are
1273: constructed on the fly. */
1274: YY_("syntax error, unexpected %s");
1275: YY_("syntax error, unexpected %s, expecting %s");
1276: YY_("syntax error, unexpected %s, expecting %s or %s");
1277: YY_("syntax error, unexpected %s, expecting %s or %s or %s");
1278: YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
1279: # endif
1280: char *yyfmt;
1281: char const *yyf;
1282: static char const yyunexpected[] = "syntax error, unexpected %s";
1283: static char const yyexpecting[] = ", expecting %s";
1284: static char const yyor[] = " or %s";
1285: char yyformat[sizeof yyunexpected
1286: + sizeof yyexpecting - 1
1287: + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
1288: * (sizeof yyor - 1))];
1289: char const *yyprefix = yyexpecting;
1290:
1291: /* Start YYX at -YYN if negative to avoid negative indexes in
1292: YYCHECK. */
1293: int yyxbegin = yyn < 0 ? -yyn : 0;
1294:
1295: /* Stay within bounds of both yycheck and yytname. */
1296: int yychecklim = YYLAST - yyn + 1;
1297: int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
1298: int yycount = 1;
1299:
1300: yyarg[0] = yytname[yytype];
1301: yyfmt = yystpcpy (yyformat, yyunexpected);
1302:
1303: for (yyx = yyxbegin; yyx < yyxend; ++yyx)
1304: if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
1305: {
1306: if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
1307: {
1308: yycount = 1;
1309: yysize = yysize0;
1310: yyformat[sizeof yyunexpected - 1] = '\0';
1311: break;
1312: }
1313: yyarg[yycount++] = yytname[yyx];
1314: yysize1 = yysize + yytnamerr (0, yytname[yyx]);
1315: yysize_overflow |= (yysize1 < yysize);
1316: yysize = yysize1;
1317: yyfmt = yystpcpy (yyfmt, yyprefix);
1318: yyprefix = yyor;
1319: }
1320:
1321: yyf = YY_(yyformat);
1322: yysize1 = yysize + yystrlen (yyf);
1323: yysize_overflow |= (yysize1 < yysize);
1324: yysize = yysize1;
1325:
1326: if (yysize_overflow)
1327: return YYSIZE_MAXIMUM;
1328:
1329: if (yyresult)
1330: {
1331: /* Avoid sprintf, as that infringes on the user's name space.
1332: Don't have undefined behavior even if the translation
1333: produced a string with the wrong number of "%s"s. */
1334: char *yyp = yyresult;
1335: int yyi = 0;
1336: while ((*yyp = *yyf) != '\0')
1337: {
1338: if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
1339: {
1340: yyp += yytnamerr (yyp, yyarg[yyi++]);
1341: yyf += 2;
1342: }
1343: else
1344: {
1345: yyp++;
1346: yyf++;
1347: }
1348: }
1349: }
1350: return yysize;
1351: }
1352: }
1353: #endif /* YYERROR_VERBOSE */
1354:
1355:
1356: /*-----------------------------------------------.
1357: | Release the memory associated to this symbol. |
1358: `-----------------------------------------------*/
1359:
1360: /*ARGSUSED*/
1361: #if (defined __STDC__ || defined __C99__FUNC__ \
1362: || defined __cplusplus || defined _MSC_VER)
1363: static void
1364: yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
1365: #else
1366: static void
1367: yydestruct (yymsg, yytype, yyvaluep)
1368: const char *yymsg;
1369: int yytype;
1370: YYSTYPE *yyvaluep;
1371: #endif
1372: {
1373: YYUSE (yyvaluep);
1374:
1375: if (!yymsg)
1376: yymsg = "Deleting";
1377: YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
1378:
1379: switch (yytype)
1380: {
1381:
1382: default:
1383: break;
1384: }
1385: }
1386:
1387: /* Prevent warnings from -Wmissing-prototypes. */
1388: #ifdef YYPARSE_PARAM
1389: #if defined __STDC__ || defined __cplusplus
1390: int yyparse (void *YYPARSE_PARAM);
1391: #else
1392: int yyparse ();
1393: #endif
1394: #else /* ! YYPARSE_PARAM */
1395: #if defined __STDC__ || defined __cplusplus
1396: int yyparse (void);
1397: #else
1398: int yyparse ();
1399: #endif
1400: #endif /* ! YYPARSE_PARAM */
1401:
1402:
1403: /* The lookahead symbol. */
1404: int yychar;
1405:
1406: /* The semantic value of the lookahead symbol. */
1407: YYSTYPE yylval;
1408:
1409: /* Number of syntax errors so far. */
1410: int yynerrs;
1411:
1412:
1413:
1414: /*-------------------------.
1415: | yyparse or yypush_parse. |
1416: `-------------------------*/
1417:
1418: #ifdef YYPARSE_PARAM
1419: #if (defined __STDC__ || defined __C99__FUNC__ \
1420: || defined __cplusplus || defined _MSC_VER)
1421: int
1422: yyparse (void *YYPARSE_PARAM)
1423: #else
1424: int
1425: yyparse (YYPARSE_PARAM)
1426: void *YYPARSE_PARAM;
1427: #endif
1428: #else /* ! YYPARSE_PARAM */
1429: #if (defined __STDC__ || defined __C99__FUNC__ \
1430: || defined __cplusplus || defined _MSC_VER)
1431: int
1432: yyparse (void)
1433: #else
1434: int
1435: yyparse ()
1436:
1437: #endif
1438: #endif
1439: {
1440:
1441:
1442: int yystate;
1443: /* Number of tokens to shift before error messages enabled. */
1444: int yyerrstatus;
1445:
1446: /* The stacks and their tools:
1447: `yyss': related to states.
1448: `yyvs': related to semantic values.
1449:
1450: Refer to the stacks thru separate pointers, to allow yyoverflow
1451: to reallocate them elsewhere. */
1452:
1453: /* The state stack. */
1454: yytype_int16 yyssa[YYINITDEPTH];
1455: yytype_int16 *yyss;
1456: yytype_int16 *yyssp;
1457:
1458: /* The semantic value stack. */
1459: YYSTYPE yyvsa[YYINITDEPTH];
1460: YYSTYPE *yyvs;
1461: YYSTYPE *yyvsp;
1462:
1463: YYSIZE_T yystacksize;
1464:
1465: int yyn;
1466: int yyresult;
1467: /* Lookahead token as an internal (translated) token number. */
1468: int yytoken;
1469: /* The variables used to return semantic value and location from the
1470: action routines. */
1471: YYSTYPE yyval;
1472:
1473: #if YYERROR_VERBOSE
1474: /* Buffer for error messages, and its allocated size. */
1475: char yymsgbuf[128];
1476: char *yymsg = yymsgbuf;
1477: YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
1478: #endif
1479:
1480: #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
1481:
1482: /* The number of symbols on the RHS of the reduced rule.
1483: Keep to zero when no symbol should be popped. */
1484: int yylen = 0;
1485:
1486: yytoken = 0;
1487: yyss = yyssa;
1488: yyvs = yyvsa;
1489: yystacksize = YYINITDEPTH;
1490:
1491: YYDPRINTF ((stderr, "Starting parse\n"));
1492:
1493: yystate = 0;
1494: yyerrstatus = 0;
1495: yynerrs = 0;
1496: yychar = YYEMPTY; /* Cause a token to be read. */
1497:
1498: /* Initialize stack pointers.
1499: Waste one element of value and location stack
1500: so that they stay on the same level as the state stack.
1501: The wasted elements are never initialized. */
1502: yyssp = yyss;
1503: yyvsp = yyvs;
1504:
1505: goto yysetstate;
1506:
1507: /*------------------------------------------------------------.
1508: | yynewstate -- Push a new state, which is found in yystate. |
1509: `------------------------------------------------------------*/
1510: yynewstate:
1511: /* In all cases, when you get here, the value and location stacks
1512: have just been pushed. So pushing a state here evens the stacks. */
1513: yyssp++;
1514:
1515: yysetstate:
1516: *yyssp = yystate;
1517:
1518: if (yyss + yystacksize - 1 <= yyssp)
1519: {
1520: /* Get the current used size of the three stacks, in elements. */
1521: YYSIZE_T yysize = yyssp - yyss + 1;
1522:
1523: #ifdef yyoverflow
1524: {
1525: /* Give user a chance to reallocate the stack. Use copies of
1526: these so that the &'s don't force the real ones into
1527: memory. */
1528: YYSTYPE *yyvs1 = yyvs;
1529: yytype_int16 *yyss1 = yyss;
1530:
1531: /* Each stack pointer address is followed by the size of the
1532: data in use in that stack, in bytes. This used to be a
1533: conditional around just the two extra args, but that might
1534: be undefined if yyoverflow is a macro. */
1535: yyoverflow (YY_("memory exhausted"),
1536: &yyss1, yysize * sizeof (*yyssp),
1537: &yyvs1, yysize * sizeof (*yyvsp),
1538: &yystacksize);
1539:
1540: yyss = yyss1;
1541: yyvs = yyvs1;
1542: }
1543: #else /* no yyoverflow */
1544: # ifndef YYSTACK_RELOCATE
1545: goto yyexhaustedlab;
1546: # else
1547: /* Extend the stack our own way. */
1548: if (YYMAXDEPTH <= yystacksize)
1549: goto yyexhaustedlab;
1550: yystacksize *= 2;
1551: if (YYMAXDEPTH < yystacksize)
1552: yystacksize = YYMAXDEPTH;
1553:
1554: {
1555: yytype_int16 *yyss1 = yyss;
1556: union yyalloc *yyptr =
1557: (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
1558: if (! yyptr)
1559: goto yyexhaustedlab;
1560: YYSTACK_RELOCATE (yyss_alloc, yyss);
1561: YYSTACK_RELOCATE (yyvs_alloc, yyvs);
1562: # undef YYSTACK_RELOCATE
1563: if (yyss1 != yyssa)
1564: YYSTACK_FREE (yyss1);
1565: }
1566: # endif
1567: #endif /* no yyoverflow */
1568:
1569: yyssp = yyss + yysize - 1;
1570: yyvsp = yyvs + yysize - 1;
1571:
1572: YYDPRINTF ((stderr, "Stack size increased to %lu\n",
1573: (unsigned long int) yystacksize));
1574:
1575: if (yyss + yystacksize - 1 <= yyssp)
1576: YYABORT;
1577: }
1578:
1579: YYDPRINTF ((stderr, "Entering state %d\n", yystate));
1580:
1581: if (yystate == YYFINAL)
1582: YYACCEPT;
1583:
1584: goto yybackup;
1585:
1586: /*-----------.
1587: | yybackup. |
1588: `-----------*/
1589: yybackup:
1590:
1591: /* Do appropriate processing given the current state. Read a
1592: lookahead token if we need one and don't already have one. */
1593:
1594: /* First try to decide what to do without reference to lookahead token. */
1595: yyn = yypact[yystate];
1596: if (yyn == YYPACT_NINF)
1597: goto yydefault;
1598:
1599: /* Not known => get a lookahead token if don't already have one. */
1600:
1601: /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
1602: if (yychar == YYEMPTY)
1603: {
1604: YYDPRINTF ((stderr, "Reading a token: "));
1605: yychar = YYLEX;
1606: }
1607:
1608: if (yychar <= YYEOF)
1609: {
1610: yychar = yytoken = YYEOF;
1611: YYDPRINTF ((stderr, "Now at end of input.\n"));
1612: }
1613: else
1614: {
1615: yytoken = YYTRANSLATE (yychar);
1616: YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
1617: }
1618:
1619: /* If the proper action on seeing token YYTOKEN is to reduce or to
1620: detect an error, take that action. */
1621: yyn += yytoken;
1622: if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
1623: goto yydefault;
1624: yyn = yytable[yyn];
1625: if (yyn <= 0)
1626: {
1627: if (yyn == 0 || yyn == YYTABLE_NINF)
1628: goto yyerrlab;
1629: yyn = -yyn;
1630: goto yyreduce;
1631: }
1632:
1633: /* Count tokens shifted since error; after three, turn off error
1634: status. */
1635: if (yyerrstatus)
1636: yyerrstatus--;
1637:
1638: /* Shift the lookahead token. */
1639: YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
1640:
1641: /* Discard the shifted token. */
1642: yychar = YYEMPTY;
1643:
1644: yystate = yyn;
1645: *++yyvsp = yylval;
1646:
1647: goto yynewstate;
1648:
1649:
1650: /*-----------------------------------------------------------.
1651: | yydefault -- do the default action for the current state. |
1652: `-----------------------------------------------------------*/
1653: yydefault:
1654: yyn = yydefact[yystate];
1655: if (yyn == 0)
1656: goto yyerrlab;
1657: goto yyreduce;
1658:
1659:
1660: /*-----------------------------.
1661: | yyreduce -- Do a reduction. |
1662: `-----------------------------*/
1663: yyreduce:
1664: /* yyn is the number of a rule to reduce with. */
1665: yylen = yyr2[yyn];
1666:
1667: /* If YYLEN is nonzero, implement the default value of the action:
1668: `$$ = $1'.
1669:
1670: Otherwise, the following line sets YYVAL to garbage.
1671: This behavior is undocumented and Bison
1672: users should not rely upon it. Assigning to YYVAL
1673: unconditionally makes the parser a bit smaller, and it avoids a
1674: GCC warning that YYVAL may be used uninitialized. */
1675: yyval = yyvsp[1-yylen];
1676:
1677:
1678: YY_REDUCE_PRINT (yyn);
1679: switch (yyn)
1680: {
1681: case 3:
1682:
1683: /* Line 1455 of yacc.c */
1684: #line 154 "parse.y"
1685: {
1686: free_buffer();
1687: parse_init();
1688: }
1689: break;
1690:
1691: case 16:
1692:
1693: /* Line 1455 of yacc.c */
1694: #line 179 "parse.y"
1695: {
1696: int status;
1697:
1698: status = setkeymsg_add(SADB_ADD, (yyvsp[(5) - (9)].num), (yyvsp[(3) - (9)].res), (yyvsp[(4) - (9)].res));
1699: if (status < 0)
1700: return -1;
1701: }
1702: break;
1703:
1704: case 17:
1705:
1706: /* Line 1455 of yacc.c */
1707: #line 191 "parse.y"
1708: {
1709: int status;
1710:
1711: if ((yyvsp[(3) - (8)].res)->ai_next || (yyvsp[(4) - (8)].res)->ai_next) {
1712: yyerror("multiple address specified");
1713: return -1;
1714: }
1715: if (p_mode != IPSEC_MODE_ANY)
1716: yyerror("WARNING: mode is obsolete");
1717:
1718: status = setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
1719: if (status < 0)
1720: return -1;
1721: }
1722: break;
1723:
1724: case 18:
1725:
1726: /* Line 1455 of yacc.c */
1727: #line 210 "parse.y"
1728: {
1729: #ifndef __linux__
1730: if (setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 1) < 0)
1731: return -1;
1732: #else /* __linux__ */
1733: /* linux strictly adheres to RFC2367, and returns
1734: * an error if we send an SADB_DELETE request without
1735: * an SPI. Therefore, we must first retrieve a list
1736: * of SPIs for all matching SADB entries, and then
1737: * delete each one separately. */
1738: u_int32_t *spi;
1739: int i, n;
1740:
1741: spi = sendkeymsg_spigrep((yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), &n);
1742: for (i = 0; i < n; i++) {
1743: p_spi = spi[i];
1744: if (setkeymsg_addr(SADB_DELETE,
1745: (yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 0) < 0)
1746: return -1;
1747: }
1748: free(spi);
1749: #endif /* __linux__ */
1750: }
1751: break;
1752:
1753: case 19:
1754:
1755: /* Line 1455 of yacc.c */
1756: #line 238 "parse.y"
1757: {
1758: int status;
1759:
1760: if (p_mode != IPSEC_MODE_ANY)
1761: yyerror("WARNING: mode is obsolete");
1762:
1763: status = setkeymsg_addr(SADB_GET, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
1764: if (status < 0)
1765: return -1;
1766: }
1767: break;
1768:
1769: case 20:
1770:
1771: /* Line 1455 of yacc.c */
1772: #line 253 "parse.y"
1773: {
1774: struct sadb_msg msg;
1775: setkeymsg0(&msg, SADB_FLUSH, (yyvsp[(2) - (3)].num), sizeof(msg));
1776: sendkeymsg((char *)&msg, sizeof(msg));
1777: }
1778: break;
1779:
1780: case 21:
1781:
1782: /* Line 1455 of yacc.c */
1783: #line 263 "parse.y"
1784: {
1785: struct sadb_msg msg;
1786: setkeymsg0(&msg, SADB_DUMP, (yyvsp[(2) - (3)].num), sizeof(msg));
1787: sendkeymsg((char *)&msg, sizeof(msg));
1788: }
1789: break;
1790:
1791: case 22:
1792:
1793: /* Line 1455 of yacc.c */
1794: #line 272 "parse.y"
1795: {
1796: (yyval.num) = SADB_SATYPE_UNSPEC;
1797: }
1798: break;
1799:
1800: case 23:
1801:
1802: /* Line 1455 of yacc.c */
1803: #line 276 "parse.y"
1804: {
1805: (yyval.num) = SADB_SATYPE_ESP;
1806: if ((yyvsp[(1) - (1)].num) == 1)
1807: p_ext |= SADB_X_EXT_OLD;
1808: else
1809: p_ext &= ~SADB_X_EXT_OLD;
1810: }
1811: break;
1812:
1813: case 24:
1814:
1815: /* Line 1455 of yacc.c */
1816: #line 284 "parse.y"
1817: {
1818: (yyval.num) = SADB_SATYPE_AH;
1819: if ((yyvsp[(1) - (1)].num) == 1)
1820: p_ext |= SADB_X_EXT_OLD;
1821: else
1822: p_ext &= ~SADB_X_EXT_OLD;
1823: }
1824: break;
1825:
1826: case 25:
1827:
1828: /* Line 1455 of yacc.c */
1829: #line 292 "parse.y"
1830: {
1831: (yyval.num) = SADB_X_SATYPE_IPCOMP;
1832: }
1833: break;
1834:
1835: case 26:
1836:
1837: /* Line 1455 of yacc.c */
1838: #line 296 "parse.y"
1839: {
1840: (yyval.num) = SADB_SATYPE_ESP;
1841: p_ext &= ~SADB_X_EXT_OLD;
1842: p_natt_oa = 0;
1843: p_natt_type = UDP_ENCAP_ESPINUDP;
1844: }
1845: break;
1846:
1847: case 27:
1848:
1849: /* Line 1455 of yacc.c */
1850: #line 303 "parse.y"
1851: {
1852: (yyval.num) = SADB_SATYPE_ESP;
1853: p_ext &= ~SADB_X_EXT_OLD;
1854: p_natt_oa = (yyvsp[(2) - (2)].res);
1855: p_natt_type = UDP_ENCAP_ESPINUDP;
1856: }
1857: break;
1858:
1859: case 28:
1860:
1861: /* Line 1455 of yacc.c */
1862: #line 310 "parse.y"
1863: {
1864: #ifdef SADB_X_SATYPE_TCPSIGNATURE
1865: (yyval.num) = SADB_X_SATYPE_TCPSIGNATURE;
1866: #endif
1867: }
1868: break;
1869:
1870: case 29:
1871:
1872: /* Line 1455 of yacc.c */
1873: #line 318 "parse.y"
1874: { p_spi = (yyvsp[(1) - (1)].ulnum); }
1875: break;
1876:
1877: case 30:
1878:
1879: /* Line 1455 of yacc.c */
1880: #line 320 "parse.y"
1881: {
1882: char *ep;
1883: unsigned long v;
1884:
1885: ep = NULL;
1886: v = strtoul((yyvsp[(1) - (1)].val).buf, &ep, 16);
1887: if (!ep || *ep) {
1888: yyerror("invalid SPI");
1889: return -1;
1890: }
1891: if (v & ~0xffffffff) {
1892: yyerror("SPI too big.");
1893: return -1;
1894: }
1895:
1896: p_spi = v;
1897: }
1898: break;
1899:
1900: case 37:
1901:
1902: /* Line 1455 of yacc.c */
1903: #line 356 "parse.y"
1904: {
1905: if ((yyvsp[(2) - (2)].num) < 0) {
1906: yyerror("unsupported algorithm");
1907: return -1;
1908: }
1909: p_alg_enc = (yyvsp[(2) - (2)].num);
1910: }
1911: break;
1912:
1913: case 38:
1914:
1915: /* Line 1455 of yacc.c */
1916: #line 364 "parse.y"
1917: {
1918: if ((yyvsp[(2) - (3)].num) < 0) {
1919: yyerror("unsupported algorithm");
1920: return -1;
1921: }
1922: p_alg_enc = (yyvsp[(2) - (3)].num);
1923: p_ext |= SADB_X_EXT_RAWCPI;
1924: }
1925: break;
1926:
1927: case 39:
1928:
1929: /* Line 1455 of yacc.c */
1930: #line 375 "parse.y"
1931: {
1932: if ((yyvsp[(1) - (1)].num) < 0) {
1933: yyerror("unsupported algorithm");
1934: return -1;
1935: }
1936: p_alg_enc = (yyvsp[(1) - (1)].num);
1937:
1938: p_key_enc_len = 0;
1939: p_key_enc = "";
1940: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1941: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1942: yyerror(ipsec_strerror());
1943: return -1;
1944: }
1945: }
1946: break;
1947:
1948: case 40:
1949:
1950: /* Line 1455 of yacc.c */
1951: #line 390 "parse.y"
1952: {
1953: if ((yyvsp[(1) - (2)].num) < 0) {
1954: yyerror("unsupported algorithm");
1955: return -1;
1956: }
1957: p_alg_enc = (yyvsp[(1) - (2)].num);
1958:
1959: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
1960: p_key_enc = (yyvsp[(2) - (2)].val).buf;
1961: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1962: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1963: yyerror(ipsec_strerror());
1964: return -1;
1965: }
1966: }
1967: break;
1968:
1969: case 41:
1970:
1971: /* Line 1455 of yacc.c */
1972: #line 405 "parse.y"
1973: {
1974: if ((yyvsp[(1) - (1)].num) < 0) {
1975: yyerror("unsupported algorithm");
1976: return -1;
1977: }
1978: yyerror("WARNING: obsolete algorithm");
1979: p_alg_enc = (yyvsp[(1) - (1)].num);
1980:
1981: p_key_enc_len = 0;
1982: p_key_enc = "";
1983: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1984: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1985: yyerror(ipsec_strerror());
1986: return -1;
1987: }
1988: }
1989: break;
1990:
1991: case 42:
1992:
1993: /* Line 1455 of yacc.c */
1994: #line 422 "parse.y"
1995: {
1996: if ((yyvsp[(1) - (2)].num) < 0) {
1997: yyerror("unsupported algorithm");
1998: return -1;
1999: }
2000: p_alg_enc = (yyvsp[(1) - (2)].num);
2001: if (p_ext & SADB_X_EXT_OLD) {
2002: yyerror("algorithm mismatched");
2003: return -1;
2004: }
2005: p_ext |= SADB_X_EXT_DERIV;
2006:
2007: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
2008: p_key_enc = (yyvsp[(2) - (2)].val).buf;
2009: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
2010: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
2011: yyerror(ipsec_strerror());
2012: return -1;
2013: }
2014: }
2015: break;
2016:
2017: case 43:
2018:
2019: /* Line 1455 of yacc.c */
2020: #line 443 "parse.y"
2021: {
2022: if ((yyvsp[(1) - (2)].num) < 0) {
2023: yyerror("unsupported algorithm");
2024: return -1;
2025: }
2026: p_alg_enc = (yyvsp[(1) - (2)].num);
2027: if (!(p_ext & SADB_X_EXT_OLD)) {
2028: yyerror("algorithm mismatched");
2029: return -1;
2030: }
2031: p_ext |= SADB_X_EXT_IV4B;
2032:
2033: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
2034: p_key_enc = (yyvsp[(2) - (2)].val).buf;
2035: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
2036: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
2037: yyerror(ipsec_strerror());
2038: return -1;
2039: }
2040: }
2041: break;
2042:
2043: case 44:
2044:
2045: /* Line 1455 of yacc.c */
2046: #line 466 "parse.y"
2047: {
2048: if ((yyvsp[(1) - (2)].num) < 0) {
2049: yyerror("unsupported algorithm");
2050: return -1;
2051: }
2052: p_alg_auth = (yyvsp[(1) - (2)].num);
2053:
2054: p_key_auth_len = (yyvsp[(2) - (2)].val).len;
2055: p_key_auth = (yyvsp[(2) - (2)].val).buf;
2056: #ifdef SADB_X_AALG_TCP_MD5
2057: if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
2058: if ((p_key_auth_len < 1) ||
2059: (p_key_auth_len > 80))
2060: return -1;
2061: } else
2062: #endif
2063: {
2064: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
2065: p_alg_auth,
2066: PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
2067: yyerror(ipsec_strerror());
2068: return -1;
2069: }
2070: }
2071: }
2072: break;
2073:
2074: case 45:
2075:
2076: /* Line 1455 of yacc.c */
2077: #line 491 "parse.y"
2078: {
2079: if ((yyvsp[(1) - (1)].num) < 0) {
2080: yyerror("unsupported algorithm");
2081: return -1;
2082: }
2083: p_alg_auth = (yyvsp[(1) - (1)].num);
2084:
2085: p_key_auth_len = 0;
2086: p_key_auth = NULL;
2087: }
2088: break;
2089:
2090: case 46:
2091:
2092: /* Line 1455 of yacc.c */
2093: #line 505 "parse.y"
2094: {
2095: (yyval.val) = (yyvsp[(1) - (1)].val);
2096: }
2097: break;
2098:
2099: case 47:
2100:
2101: /* Line 1455 of yacc.c */
2102: #line 509 "parse.y"
2103: {
2104: caddr_t pp_key;
2105: caddr_t bp;
2106: caddr_t yp = (yyvsp[(1) - (1)].val).buf;
2107: int l;
2108:
2109: l = strlen(yp) % 2 + strlen(yp) / 2;
2110: if ((pp_key = malloc(l)) == 0) {
2111: yyerror("not enough core");
2112: return -1;
2113: }
2114: memset(pp_key, 0, l);
2115:
2116: bp = pp_key;
2117: if (strlen(yp) % 2) {
2118: *bp = ATOX(yp[0]);
2119: yp++, bp++;
2120: }
2121: while (*yp) {
2122: *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
2123: yp += 2, bp++;
2124: }
2125:
2126: (yyval.val).len = l;
2127: (yyval.val).buf = pp_key;
2128: }
2129: break;
2130:
2131: case 50:
2132:
2133: /* Line 1455 of yacc.c */
2134: #line 543 "parse.y"
2135: { p_ext |= (yyvsp[(2) - (2)].num); }
2136: break;
2137:
2138: case 51:
2139:
2140: /* Line 1455 of yacc.c */
2141: #line 544 "parse.y"
2142: { p_ext &= ~SADB_X_EXT_CYCSEQ; }
2143: break;
2144:
2145: case 52:
2146:
2147: /* Line 1455 of yacc.c */
2148: #line 545 "parse.y"
2149: { p_mode = (yyvsp[(2) - (2)].num); }
2150: break;
2151:
2152: case 53:
2153:
2154: /* Line 1455 of yacc.c */
2155: #line 546 "parse.y"
2156: { p_mode = IPSEC_MODE_ANY; }
2157: break;
2158:
2159: case 54:
2160:
2161: /* Line 1455 of yacc.c */
2162: #line 547 "parse.y"
2163: { p_reqid = (yyvsp[(2) - (2)].ulnum); }
2164: break;
2165:
2166: case 55:
2167:
2168: /* Line 1455 of yacc.c */
2169: #line 549 "parse.y"
2170: {
2171: if ((p_ext & SADB_X_EXT_OLD) != 0) {
2172: yyerror("replay prevention cannot be used with "
2173: "ah/esp-old");
2174: return -1;
2175: }
2176: p_replay = (yyvsp[(2) - (2)].ulnum);
2177: }
2178: break;
2179:
2180: case 56:
2181:
2182: /* Line 1455 of yacc.c */
2183: #line 557 "parse.y"
2184: { p_lt_hard = (yyvsp[(2) - (2)].ulnum); }
2185: break;
2186:
2187: case 57:
2188:
2189: /* Line 1455 of yacc.c */
2190: #line 558 "parse.y"
2191: { p_lt_soft = (yyvsp[(2) - (2)].ulnum); }
2192: break;
2193:
2194: case 58:
2195:
2196: /* Line 1455 of yacc.c */
2197: #line 559 "parse.y"
2198: { p_lb_hard = (yyvsp[(2) - (2)].ulnum); }
2199: break;
2200:
2201: case 59:
2202:
2203: /* Line 1455 of yacc.c */
2204: #line 560 "parse.y"
2205: { p_lb_soft = (yyvsp[(2) - (2)].ulnum); }
2206: break;
2207:
2208: case 60:
2209:
2210: /* Line 1455 of yacc.c */
2211: #line 561 "parse.y"
2212: {
2213: sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
2214: sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
2215: sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
2216: sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
2217: }
2218: break;
2219:
2220: case 61:
2221:
2222: /* Line 1455 of yacc.c */
2223: #line 574 "parse.y"
2224: {
2225: int status;
2226: struct addrinfo *src, *dst;
2227:
2228: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2229: last_msg_type = SADB_X_SPDADD;
2230: #endif
2231:
2232: /* fixed port fields if ulp is icmp */
2233: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2234: return -1;
2235:
2236: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2237: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2238: if (!src || !dst) {
2239: /* yyerror is already called */
2240: return -1;
2241: }
2242: if (src->ai_next || dst->ai_next) {
2243: yyerror("multiple address specified");
2244: freeaddrinfo(src);
2245: freeaddrinfo(dst);
2246: return -1;
2247: }
2248:
2249: status = setkeymsg_spdaddr(SADB_X_SPDADD, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2250: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2251: freeaddrinfo(src);
2252: freeaddrinfo(dst);
2253: if (status < 0)
2254: return -1;
2255: }
2256: break;
2257:
2258: case 62:
2259:
2260: /* Line 1455 of yacc.c */
2261: #line 607 "parse.y"
2262: {
2263: int status;
2264:
2265: status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
2266: (yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
2267: if (status < 0)
2268: return -1;
2269: }
2270: break;
2271:
2272: case 63:
2273:
2274: /* Line 1455 of yacc.c */
2275: #line 620 "parse.y"
2276: {
2277: int status;
2278: struct addrinfo *src, *dst;
2279:
2280: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2281: last_msg_type = SADB_X_SPDUPDATE;
2282: #endif
2283:
2284: /* fixed port fields if ulp is icmp */
2285: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2286: return -1;
2287:
2288: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2289: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2290: if (!src || !dst) {
2291: /* yyerror is already called */
2292: return -1;
2293: }
2294: if (src->ai_next || dst->ai_next) {
2295: yyerror("multiple address specified");
2296: freeaddrinfo(src);
2297: freeaddrinfo(dst);
2298: return -1;
2299: }
2300:
2301: status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2302: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2303: freeaddrinfo(src);
2304: freeaddrinfo(dst);
2305: if (status < 0)
2306: return -1;
2307: }
2308: break;
2309:
2310: case 64:
2311:
2312: /* Line 1455 of yacc.c */
2313: #line 653 "parse.y"
2314: {
2315: int status;
2316:
2317: status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
2318: (yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
2319: if (status < 0)
2320: return -1;
2321: }
2322: break;
2323:
2324: case 65:
2325:
2326: /* Line 1455 of yacc.c */
2327: #line 665 "parse.y"
2328: {
2329: int status;
2330: struct addrinfo *src, *dst;
2331:
2332: /* fixed port fields if ulp is icmp */
2333: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2334: return -1;
2335:
2336: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2337: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2338: if (!src || !dst) {
2339: /* yyerror is already called */
2340: return -1;
2341: }
2342: if (src->ai_next || dst->ai_next) {
2343: yyerror("multiple address specified");
2344: freeaddrinfo(src);
2345: freeaddrinfo(dst);
2346: return -1;
2347: }
2348:
2349: status = setkeymsg_spdaddr(SADB_X_SPDDELETE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2350: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2351: freeaddrinfo(src);
2352: freeaddrinfo(dst);
2353: if (status < 0)
2354: return -1;
2355: }
2356: break;
2357:
2358: case 66:
2359:
2360: /* Line 1455 of yacc.c */
2361: #line 697 "parse.y"
2362: {
2363: struct sadb_msg msg;
2364: setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
2365: sizeof(msg));
2366: sendkeymsg((char *)&msg, sizeof(msg));
2367: }
2368: break;
2369:
2370: case 67:
2371:
2372: /* Line 1455 of yacc.c */
2373: #line 708 "parse.y"
2374: {
2375: struct sadb_msg msg;
2376: setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
2377: sizeof(msg));
2378: sendkeymsg((char *)&msg, sizeof(msg));
2379: }
2380: break;
2381:
2382: case 70:
2383:
2384: /* Line 1455 of yacc.c */
2385: #line 723 "parse.y"
2386: {
2387: char *p;
2388:
2389: for (p = (yyvsp[(1) - (1)].val).buf + 1; *p; p++)
2390: switch (*p) {
2391: case '4':
2392: p_aifamily = AF_INET;
2393: break;
2394: #ifdef INET6
2395: case '6':
2396: p_aifamily = AF_INET6;
2397: break;
2398: #endif
2399: case 'n':
2400: p_aiflags = AI_NUMERICHOST;
2401: break;
2402: default:
2403: yyerror("invalid flag");
2404: return -1;
2405: }
2406: }
2407: break;
2408:
2409: case 71:
2410:
2411: /* Line 1455 of yacc.c */
2412: #line 748 "parse.y"
2413: {
2414: (yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
2415: if ((yyval.res) == NULL) {
2416: /* yyerror already called by parse_addr */
2417: return -1;
2418: }
2419: }
2420: break;
2421:
2422: case 72:
2423:
2424: /* Line 1455 of yacc.c */
2425: #line 759 "parse.y"
2426: {
2427: (yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
2428: if ((yyval.res) == NULL) {
2429: /* yyerror already called by parse_addr */
2430: return -1;
2431: }
2432: }
2433: break;
2434:
2435: case 73:
2436:
2437: /* Line 1455 of yacc.c */
2438: #line 767 "parse.y"
2439: {
2440: (yyval.res) = parse_addr((yyvsp[(1) - (2)].val).buf, (yyvsp[(2) - (2)].val).buf);
2441: if ((yyval.res) == NULL) {
2442: /* yyerror already called by parse_addr */
2443: return -1;
2444: }
2445: }
2446: break;
2447:
2448: case 74:
2449:
2450: /* Line 1455 of yacc.c */
2451: #line 777 "parse.y"
2452: { (yyval.num) = -1; }
2453: break;
2454:
2455: case 75:
2456:
2457: /* Line 1455 of yacc.c */
2458: #line 778 "parse.y"
2459: { (yyval.num) = (yyvsp[(2) - (2)].ulnum); }
2460: break;
2461:
2462: case 76:
2463:
2464: /* Line 1455 of yacc.c */
2465: #line 783 "parse.y"
2466: {
2467: (yyval.val).buf = strdup("0");
2468: if (!(yyval.val).buf) {
2469: yyerror("insufficient memory");
2470: return -1;
2471: }
2472: (yyval.val).len = strlen((yyval.val).buf);
2473: }
2474: break;
2475:
2476: case 77:
2477:
2478: /* Line 1455 of yacc.c */
2479: #line 792 "parse.y"
2480: {
2481: (yyval.val).buf = strdup("0");
2482: if (!(yyval.val).buf) {
2483: yyerror("insufficient memory");
2484: return -1;
2485: }
2486: (yyval.val).len = strlen((yyval.val).buf);
2487: }
2488: break;
2489:
2490: case 78:
2491:
2492: /* Line 1455 of yacc.c */
2493: #line 801 "parse.y"
2494: {
2495: char buf[20];
2496: snprintf(buf, sizeof(buf), "%lu", (yyvsp[(2) - (3)].ulnum));
2497: (yyval.val).buf = strdup(buf);
2498: if (!(yyval.val).buf) {
2499: yyerror("insufficient memory");
2500: return -1;
2501: }
2502: (yyval.val).len = strlen((yyval.val).buf);
2503: }
2504: break;
2505:
2506: case 79:
2507:
2508: /* Line 1455 of yacc.c */
2509: #line 812 "parse.y"
2510: {
2511: (yyval.val) = (yyvsp[(2) - (3)].val);
2512: }
2513: break;
2514:
2515: case 80:
2516:
2517: /* Line 1455 of yacc.c */
2518: #line 818 "parse.y"
2519: { (yyval.num) = (yyvsp[(1) - (1)].ulnum); }
2520: break;
2521:
2522: case 81:
2523:
2524: /* Line 1455 of yacc.c */
2525: #line 819 "parse.y"
2526: { (yyval.num) = IPSEC_ULPROTO_ANY; }
2527: break;
2528:
2529: case 82:
2530:
2531: /* Line 1455 of yacc.c */
2532: #line 820 "parse.y"
2533: {
2534: (yyval.num) = IPPROTO_TCP;
2535: }
2536: break;
2537:
2538: case 83:
2539:
2540: /* Line 1455 of yacc.c */
2541: #line 824 "parse.y"
2542: {
2543: struct protoent *ent;
2544:
2545: ent = getprotobyname((yyvsp[(1) - (1)].val).buf);
2546: if (ent)
2547: (yyval.num) = ent->p_proto;
2548: else {
2549: if (strcmp("icmp6", (yyvsp[(1) - (1)].val).buf) == 0) {
2550: (yyval.num) = IPPROTO_ICMPV6;
2551: } else if(strcmp("ip4", (yyvsp[(1) - (1)].val).buf) == 0) {
2552: (yyval.num) = IPPROTO_IPV4;
2553: } else {
2554: yyerror("invalid upper layer protocol");
2555: return -1;
2556: }
2557: }
2558: endprotoent();
2559: }
2560: break;
2561:
2562: case 84:
2563:
2564: /* Line 1455 of yacc.c */
2565: #line 846 "parse.y"
2566: {
2567: (yyval.val).buf = NULL;
2568: (yyval.val).len = 0;
2569: }
2570: break;
2571:
2572: case 85:
2573:
2574: /* Line 1455 of yacc.c */
2575: #line 851 "parse.y"
2576: {
2577: (yyval.val).buf = strdup((yyvsp[(1) - (1)].val).buf);
2578: if (!(yyval.val).buf) {
2579: yyerror("insufficient memory");
2580: return -1;
2581: }
2582: (yyval.val).len = strlen((yyval.val).buf);
2583: }
2584: break;
2585:
2586: case 87:
2587:
2588: /* Line 1455 of yacc.c */
2589: #line 863 "parse.y"
2590: {
2591: sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
2592: sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
2593: sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
2594: sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
2595: }
2596: break;
2597:
2598: case 88:
2599:
2600: /* Line 1455 of yacc.c */
2601: #line 873 "parse.y"
2602: {
2603: char *policy;
2604: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2605: struct sadb_x_policy *xpl;
2606: #endif
2607:
2608: policy = ipsec_set_policy((yyvsp[(2) - (2)].val).buf, (yyvsp[(2) - (2)].val).len);
2609: if (policy == NULL) {
2610: yyerror(ipsec_strerror());
2611: return -1;
2612: }
2613:
2614: (yyval.val).buf = policy;
2615: (yyval.val).len = ipsec_get_policylen(policy);
2616:
2617: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2618: xpl = (struct sadb_x_policy *) (yyval.val).buf;
2619: last_priority = xpl->sadb_x_policy_priority;
2620: #endif
2621: }
2622: break;
2623:
2624: case 89:
2625:
2626: /* Line 1455 of yacc.c */
2627: #line 896 "parse.y"
2628: { (yyval.val) = (yyvsp[(1) - (1)].val); }
2629: break;
2630:
2631: case 90:
2632:
2633: /* Line 1455 of yacc.c */
2634: #line 902 "parse.y"
2635: {
2636: exit_now = 1;
2637: YYACCEPT;
2638: }
2639: break;
2640:
2641:
2642:
2643: /* Line 1455 of yacc.c */
2644: #line 2645 "parse.c"
2645: default: break;
2646: }
2647: YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
2648:
2649: YYPOPSTACK (yylen);
2650: yylen = 0;
2651: YY_STACK_PRINT (yyss, yyssp);
2652:
2653: *++yyvsp = yyval;
2654:
2655: /* Now `shift' the result of the reduction. Determine what state
2656: that goes to, based on the state we popped back to and the rule
2657: number reduced by. */
2658:
2659: yyn = yyr1[yyn];
2660:
2661: yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
2662: if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
2663: yystate = yytable[yystate];
2664: else
2665: yystate = yydefgoto[yyn - YYNTOKENS];
2666:
2667: goto yynewstate;
2668:
2669:
2670: /*------------------------------------.
2671: | yyerrlab -- here on detecting error |
2672: `------------------------------------*/
2673: yyerrlab:
2674: /* If not already recovering from an error, report this error. */
2675: if (!yyerrstatus)
2676: {
2677: ++yynerrs;
2678: #if ! YYERROR_VERBOSE
2679: yyerror (YY_("syntax error"));
2680: #else
2681: {
2682: YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
2683: if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
2684: {
2685: YYSIZE_T yyalloc = 2 * yysize;
2686: if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
2687: yyalloc = YYSTACK_ALLOC_MAXIMUM;
2688: if (yymsg != yymsgbuf)
2689: YYSTACK_FREE (yymsg);
2690: yymsg = (char *) YYSTACK_ALLOC (yyalloc);
2691: if (yymsg)
2692: yymsg_alloc = yyalloc;
2693: else
2694: {
2695: yymsg = yymsgbuf;
2696: yymsg_alloc = sizeof yymsgbuf;
2697: }
2698: }
2699:
2700: if (0 < yysize && yysize <= yymsg_alloc)
2701: {
2702: (void) yysyntax_error (yymsg, yystate, yychar);
2703: yyerror (yymsg);
2704: }
2705: else
2706: {
2707: yyerror (YY_("syntax error"));
2708: if (yysize != 0)
2709: goto yyexhaustedlab;
2710: }
2711: }
2712: #endif
2713: }
2714:
2715:
2716:
2717: if (yyerrstatus == 3)
2718: {
2719: /* If just tried and failed to reuse lookahead token after an
2720: error, discard it. */
2721:
2722: if (yychar <= YYEOF)
2723: {
2724: /* Return failure if at end of input. */
2725: if (yychar == YYEOF)
2726: YYABORT;
2727: }
2728: else
2729: {
2730: yydestruct ("Error: discarding",
2731: yytoken, &yylval);
2732: yychar = YYEMPTY;
2733: }
2734: }
2735:
2736: /* Else will try to reuse lookahead token after shifting the error
2737: token. */
2738: goto yyerrlab1;
2739:
2740:
2741: /*---------------------------------------------------.
2742: | yyerrorlab -- error raised explicitly by YYERROR. |
2743: `---------------------------------------------------*/
2744: yyerrorlab:
2745:
2746: /* Pacify compilers like GCC when the user code never invokes
2747: YYERROR and the label yyerrorlab therefore never appears in user
2748: code. */
2749: if (/*CONSTCOND*/ 0)
2750: goto yyerrorlab;
2751:
2752: /* Do not reclaim the symbols of the rule which action triggered
2753: this YYERROR. */
2754: YYPOPSTACK (yylen);
2755: yylen = 0;
2756: YY_STACK_PRINT (yyss, yyssp);
2757: yystate = *yyssp;
2758: goto yyerrlab1;
2759:
2760:
2761: /*-------------------------------------------------------------.
2762: | yyerrlab1 -- common code for both syntax error and YYERROR. |
2763: `-------------------------------------------------------------*/
2764: yyerrlab1:
2765: yyerrstatus = 3; /* Each real token shifted decrements this. */
2766:
2767: for (;;)
2768: {
2769: yyn = yypact[yystate];
2770: if (yyn != YYPACT_NINF)
2771: {
2772: yyn += YYTERROR;
2773: if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
2774: {
2775: yyn = yytable[yyn];
2776: if (0 < yyn)
2777: break;
2778: }
2779: }
2780:
2781: /* Pop the current state because it cannot handle the error token. */
2782: if (yyssp == yyss)
2783: YYABORT;
2784:
2785:
2786: yydestruct ("Error: popping",
2787: yystos[yystate], yyvsp);
2788: YYPOPSTACK (1);
2789: yystate = *yyssp;
2790: YY_STACK_PRINT (yyss, yyssp);
2791: }
2792:
2793: *++yyvsp = yylval;
2794:
2795:
2796: /* Shift the error token. */
2797: YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
2798:
2799: yystate = yyn;
2800: goto yynewstate;
2801:
2802:
2803: /*-------------------------------------.
2804: | yyacceptlab -- YYACCEPT comes here. |
2805: `-------------------------------------*/
2806: yyacceptlab:
2807: yyresult = 0;
2808: goto yyreturn;
2809:
2810: /*-----------------------------------.
2811: | yyabortlab -- YYABORT comes here. |
2812: `-----------------------------------*/
2813: yyabortlab:
2814: yyresult = 1;
2815: goto yyreturn;
2816:
2817: #if !defined(yyoverflow) || YYERROR_VERBOSE
2818: /*-------------------------------------------------.
2819: | yyexhaustedlab -- memory exhaustion comes here. |
2820: `-------------------------------------------------*/
2821: yyexhaustedlab:
2822: yyerror (YY_("memory exhausted"));
2823: yyresult = 2;
2824: /* Fall through. */
2825: #endif
2826:
2827: yyreturn:
2828: if (yychar != YYEMPTY)
2829: yydestruct ("Cleanup: discarding lookahead",
2830: yytoken, &yylval);
2831: /* Do not reclaim the symbols of the rule which action triggered
2832: this YYABORT or YYACCEPT. */
2833: YYPOPSTACK (yylen);
2834: YY_STACK_PRINT (yyss, yyssp);
2835: while (yyssp != yyss)
2836: {
2837: yydestruct ("Cleanup: popping",
2838: yystos[*yyssp], yyvsp);
2839: YYPOPSTACK (1);
2840: }
2841: #ifndef yyoverflow
2842: if (yyss != yyssa)
2843: YYSTACK_FREE (yyss);
2844: #endif
2845: #if YYERROR_VERBOSE
2846: if (yymsg != yymsgbuf)
2847: YYSTACK_FREE (yymsg);
2848: #endif
2849: /* Make sure YYID is used. */
2850: return YYID (yyresult);
2851: }
2852:
2853:
2854:
2855: /* Line 1675 of yacc.c */
2856: #line 907 "parse.y"
2857:
2858:
2859: int
2860: setkeymsg0(msg, type, satype, l)
2861: struct sadb_msg *msg;
2862: unsigned int type;
2863: unsigned int satype;
2864: size_t l;
2865: {
2866:
2867: msg->sadb_msg_version = PF_KEY_V2;
2868: msg->sadb_msg_type = type;
2869: msg->sadb_msg_errno = 0;
2870: msg->sadb_msg_satype = satype;
2871: msg->sadb_msg_reserved = 0;
2872: msg->sadb_msg_seq = 0;
2873: msg->sadb_msg_pid = getpid();
2874: msg->sadb_msg_len = PFKEY_UNIT64(l);
2875: return 0;
2876: }
2877:
2878: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
2879: static int
2880: setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
2881: unsigned int type;
2882: unsigned int upper;
2883: vchar_t *policy;
2884: struct addrinfo *srcs;
2885: int splen;
2886: struct addrinfo *dsts;
2887: int dplen;
2888: {
2889: struct sadb_msg *msg;
2890: char buf[BUFSIZ];
2891: int l, l0;
2892: struct sadb_address m_addr;
2893: struct addrinfo *s, *d;
2894: int n;
2895: int plen;
2896: struct sockaddr *sa;
2897: int salen;
2898: struct sadb_x_policy *sp;
2899: #ifdef HAVE_POLICY_FWD
2900: struct sadb_x_ipsecrequest *ps = NULL;
2901: int saved_level, saved_id = 0;
2902: #endif
2903:
2904: msg = (struct sadb_msg *)buf;
2905:
2906: if (!srcs || !dsts)
2907: return -1;
2908:
2909: /* fix up length afterwards */
2910: setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
2911: l = sizeof(struct sadb_msg);
2912:
2913: sp = (struct sadb_x_policy*) (buf + l);
2914: memcpy(buf + l, policy->buf, policy->len);
2915: l += policy->len;
2916:
2917: l0 = l;
2918: n = 0;
2919:
2920: /* do it for all src/dst pairs */
2921: for (s = srcs; s; s = s->ai_next) {
2922: for (d = dsts; d; d = d->ai_next) {
2923: /* rewind pointer */
2924: l = l0;
2925:
2926: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
2927: continue;
2928: switch (s->ai_addr->sa_family) {
2929: case AF_INET:
2930: plen = sizeof(struct in_addr) << 3;
2931: break;
2932: #ifdef INET6
2933: case AF_INET6:
2934: plen = sizeof(struct in6_addr) << 3;
2935: break;
2936: #endif
2937: default:
2938: continue;
2939: }
2940:
2941: /* set src */
2942: sa = s->ai_addr;
2943: salen = sysdep_sa_len(s->ai_addr);
2944: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
2945: PFKEY_ALIGN8(salen));
2946: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2947: m_addr.sadb_address_proto = upper;
2948: m_addr.sadb_address_prefixlen =
2949: (splen >= 0 ? splen : plen);
2950: m_addr.sadb_address_reserved = 0;
2951:
2952: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
2953: sizeof(m_addr), (caddr_t)sa, salen);
2954:
2955: /* set dst */
2956: sa = d->ai_addr;
2957: salen = sysdep_sa_len(d->ai_addr);
2958: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
2959: PFKEY_ALIGN8(salen));
2960: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2961: m_addr.sadb_address_proto = upper;
2962: m_addr.sadb_address_prefixlen =
2963: (dplen >= 0 ? dplen : plen);
2964: m_addr.sadb_address_reserved = 0;
2965:
2966: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
2967: sizeof(m_addr), sa, salen);
2968: #ifdef SADB_X_EXT_SEC_CTX
2969: /* Add security context label */
2970: if (sec_ctx.doi) {
2971: struct sadb_x_sec_ctx m_sec_ctx;
2972: u_int slen = sizeof(struct sadb_x_sec_ctx);
2973:
2974: memset(&m_sec_ctx, 0, slen);
2975:
2976: m_sec_ctx.sadb_x_sec_len =
2977: PFKEY_UNIT64(slen + PFKEY_ALIGN8(sec_ctx.len));
2978:
2979: m_sec_ctx.sadb_x_sec_exttype =
2980: SADB_X_EXT_SEC_CTX;
2981: m_sec_ctx.sadb_x_ctx_len = sec_ctx.len;/*bytes*/
2982: m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
2983: m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
2984: setvarbuf(buf, &l,
2985: (struct sadb_ext *)&m_sec_ctx, slen,
2986: (caddr_t)sec_ctx.buf, sec_ctx.len);
2987: }
2988: #endif
2989: msg->sadb_msg_len = PFKEY_UNIT64(l);
2990:
2991: sendkeymsg(buf, l);
2992:
2993: #ifdef HAVE_POLICY_FWD
2994: /* create extra call for FWD policy */
2995: if (f_rfcmode && sp->sadb_x_policy_dir == IPSEC_DIR_INBOUND) {
2996: sp->sadb_x_policy_dir = IPSEC_DIR_FWD;
2997: ps = (struct sadb_x_ipsecrequest*) (sp+1);
2998:
2999: /* if request level is unique, change it to
3000: * require for fwd policy */
3001: /* XXX: currently, only first policy is updated
3002: * only. Update following too... */
3003: saved_level = ps->sadb_x_ipsecrequest_level;
3004: if (saved_level == IPSEC_LEVEL_UNIQUE) {
3005: saved_id = ps->sadb_x_ipsecrequest_reqid;
3006: ps->sadb_x_ipsecrequest_reqid=0;
3007: ps->sadb_x_ipsecrequest_level=IPSEC_LEVEL_REQUIRE;
3008: }
3009:
3010: sendkeymsg(buf, l);
3011: /* restoring for next message */
3012: sp->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
3013: if (saved_level == IPSEC_LEVEL_UNIQUE) {
3014: ps->sadb_x_ipsecrequest_reqid = saved_id;
3015: ps->sadb_x_ipsecrequest_level = saved_level;
3016: }
3017: }
3018: #endif
3019:
3020: n++;
3021: }
3022: }
3023:
3024: if (n == 0)
3025: return -1;
3026: else
3027: return 0;
3028: }
3029:
3030: static int
3031: setkeymsg_spdaddr_tag(type, tag, policy)
3032: unsigned int type;
3033: char *tag;
3034: vchar_t *policy;
3035: {
3036: struct sadb_msg *msg;
3037: char buf[BUFSIZ];
3038: int l, l0;
3039: #ifdef SADB_X_EXT_TAG
3040: struct sadb_x_tag m_tag;
3041: #endif
3042: int n;
3043:
3044: msg = (struct sadb_msg *)buf;
3045:
3046: /* fix up length afterwards */
3047: setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
3048: l = sizeof(struct sadb_msg);
3049:
3050: memcpy(buf + l, policy->buf, policy->len);
3051: l += policy->len;
3052:
3053: l0 = l;
3054: n = 0;
3055:
3056: #ifdef SADB_X_EXT_TAG
3057: memset(&m_tag, 0, sizeof(m_tag));
3058: m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
3059: m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
3060: if (strlcpy(m_tag.sadb_x_tag_name, tag,
3061: sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
3062: return -1;
3063: memcpy(buf + l, &m_tag, sizeof(m_tag));
3064: l += sizeof(m_tag);
3065: #endif
3066:
3067: msg->sadb_msg_len = PFKEY_UNIT64(l);
3068:
3069: sendkeymsg(buf, l);
3070:
3071: return 0;
3072: }
3073:
3074: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
3075: static int
3076: setkeymsg_addr(type, satype, srcs, dsts, no_spi)
3077: unsigned int type;
3078: unsigned int satype;
3079: struct addrinfo *srcs;
3080: struct addrinfo *dsts;
3081: int no_spi;
3082: {
3083: struct sadb_msg *msg;
3084: char buf[BUFSIZ];
3085: int l, l0, len;
3086: struct sadb_sa m_sa;
3087: struct sadb_x_sa2 m_sa2;
3088: struct sadb_address m_addr;
3089: struct addrinfo *s, *d;
3090: int n;
3091: int plen;
3092: struct sockaddr *sa;
3093: int salen;
3094:
3095: msg = (struct sadb_msg *)buf;
3096:
3097: if (!srcs || !dsts)
3098: return -1;
3099:
3100: /* fix up length afterwards */
3101: setkeymsg0(msg, type, satype, 0);
3102: l = sizeof(struct sadb_msg);
3103:
3104: if (!no_spi) {
3105: len = sizeof(struct sadb_sa);
3106: m_sa.sadb_sa_len = PFKEY_UNIT64(len);
3107: m_sa.sadb_sa_exttype = SADB_EXT_SA;
3108: m_sa.sadb_sa_spi = htonl(p_spi);
3109: m_sa.sadb_sa_replay = p_replay;
3110: m_sa.sadb_sa_state = 0;
3111: m_sa.sadb_sa_auth = p_alg_auth;
3112: m_sa.sadb_sa_encrypt = p_alg_enc;
3113: m_sa.sadb_sa_flags = p_ext;
3114:
3115: memcpy(buf + l, &m_sa, len);
3116: l += len;
3117:
3118: len = sizeof(struct sadb_x_sa2);
3119: m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
3120: m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3121: m_sa2.sadb_x_sa2_mode = p_mode;
3122: m_sa2.sadb_x_sa2_reqid = p_reqid;
3123:
3124: memcpy(buf + l, &m_sa2, len);
3125: l += len;
3126: }
3127:
3128: l0 = l;
3129: n = 0;
3130:
3131: /* do it for all src/dst pairs */
3132: for (s = srcs; s; s = s->ai_next) {
3133: for (d = dsts; d; d = d->ai_next) {
3134: /* rewind pointer */
3135: l = l0;
3136:
3137: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
3138: continue;
3139: switch (s->ai_addr->sa_family) {
3140: case AF_INET:
3141: plen = sizeof(struct in_addr) << 3;
3142: break;
3143: #ifdef INET6
3144: case AF_INET6:
3145: plen = sizeof(struct in6_addr) << 3;
3146: break;
3147: #endif
3148: default:
3149: continue;
3150: }
3151:
3152: /* set src */
3153: sa = s->ai_addr;
3154: salen = sysdep_sa_len(s->ai_addr);
3155: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3156: PFKEY_ALIGN8(salen));
3157: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3158: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3159: m_addr.sadb_address_prefixlen = plen;
3160: m_addr.sadb_address_reserved = 0;
3161:
3162: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3163: sizeof(m_addr), sa, salen);
3164:
3165: /* set dst */
3166: sa = d->ai_addr;
3167: salen = sysdep_sa_len(d->ai_addr);
3168: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3169: PFKEY_ALIGN8(salen));
3170: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3171: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3172: m_addr.sadb_address_prefixlen = plen;
3173: m_addr.sadb_address_reserved = 0;
3174:
3175: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3176: sizeof(m_addr), sa, salen);
3177:
3178: msg->sadb_msg_len = PFKEY_UNIT64(l);
3179:
3180: sendkeymsg(buf, l);
3181:
3182: n++;
3183: }
3184: }
3185:
3186: if (n == 0)
3187: return -1;
3188: else
3189: return 0;
3190: }
3191:
3192: #ifdef SADB_X_EXT_NAT_T_TYPE
3193: static u_int16_t get_port (struct addrinfo *addr)
3194: {
3195: struct sockaddr *s = addr->ai_addr;
3196: u_int16_t port = 0;
3197:
3198: switch (s->sa_family) {
3199: case AF_INET:
3200: {
3201: struct sockaddr_in *sin4 = (struct sockaddr_in *)s;
3202: port = ntohs(sin4->sin_port);
3203: break;
3204: }
3205: case AF_INET6:
3206: {
3207: struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)s;
3208: port = ntohs(sin6->sin6_port);
3209: break;
3210: }
3211: }
3212:
3213: if (port == 0)
3214: port = DEFAULT_NATT_PORT;
3215:
3216: return port;
3217: }
3218: #endif
3219:
3220: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
3221: static int
3222: setkeymsg_add(type, satype, srcs, dsts)
3223: unsigned int type;
3224: unsigned int satype;
3225: struct addrinfo *srcs;
3226: struct addrinfo *dsts;
3227: {
3228: struct sadb_msg *msg;
3229: char buf[BUFSIZ];
3230: int l, l0, len;
3231: struct sadb_sa m_sa;
3232: struct sadb_x_sa2 m_sa2;
3233: struct sadb_address m_addr;
3234: struct addrinfo *s, *d;
3235: int n;
3236: int plen;
3237: struct sockaddr *sa;
3238: int salen;
3239:
3240: msg = (struct sadb_msg *)buf;
3241:
3242: if (!srcs || !dsts)
3243: return -1;
3244:
3245: /* fix up length afterwards */
3246: setkeymsg0(msg, type, satype, 0);
3247: l = sizeof(struct sadb_msg);
3248:
3249: /* set encryption algorithm, if present. */
3250: if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
3251: union {
3252: struct sadb_key key;
3253: struct sadb_ext ext;
3254: } m;
3255:
3256: m.key.sadb_key_len =
3257: PFKEY_UNIT64(sizeof(m.key)
3258: + PFKEY_ALIGN8(p_key_enc_len));
3259: m.key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
3260: m.key.sadb_key_bits = p_key_enc_len * 8;
3261: m.key.sadb_key_reserved = 0;
3262:
3263: setvarbuf(buf, &l, &m.ext, sizeof(m.key),
3264: p_key_enc, p_key_enc_len);
3265: }
3266:
3267: /* set authentication algorithm, if present. */
3268: if (p_key_auth) {
3269: union {
3270: struct sadb_key key;
3271: struct sadb_ext ext;
3272: } m;
3273:
3274: m.key.sadb_key_len =
3275: PFKEY_UNIT64(sizeof(m.key)
3276: + PFKEY_ALIGN8(p_key_auth_len));
3277: m.key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
3278: m.key.sadb_key_bits = p_key_auth_len * 8;
3279: m.key.sadb_key_reserved = 0;
3280:
3281: setvarbuf(buf, &l, &m.ext, sizeof(m.key),
3282: p_key_auth, p_key_auth_len);
3283: }
3284:
3285: /* set lifetime for HARD */
3286: if (p_lt_hard != 0 || p_lb_hard != 0) {
3287: struct sadb_lifetime m_lt;
3288: u_int slen = sizeof(struct sadb_lifetime);
3289:
3290: m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
3291: m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3292: m_lt.sadb_lifetime_allocations = 0;
3293: m_lt.sadb_lifetime_bytes = p_lb_hard;
3294: m_lt.sadb_lifetime_addtime = p_lt_hard;
3295: m_lt.sadb_lifetime_usetime = 0;
3296:
3297: memcpy(buf + l, &m_lt, slen);
3298: l += slen;
3299: }
3300:
3301: /* set lifetime for SOFT */
3302: if (p_lt_soft != 0 || p_lb_soft != 0) {
3303: struct sadb_lifetime m_lt;
3304: u_int slen = sizeof(struct sadb_lifetime);
3305:
3306: m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
3307: m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
3308: m_lt.sadb_lifetime_allocations = 0;
3309: m_lt.sadb_lifetime_bytes = p_lb_soft;
3310: m_lt.sadb_lifetime_addtime = p_lt_soft;
3311: m_lt.sadb_lifetime_usetime = 0;
3312:
3313: memcpy(buf + l, &m_lt, slen);
3314: l += slen;
3315: }
3316:
3317: #ifdef SADB_X_EXT_SEC_CTX
3318: /* Add security context label */
3319: if (sec_ctx.doi) {
3320: struct sadb_x_sec_ctx m_sec_ctx;
3321: u_int slen = sizeof(struct sadb_x_sec_ctx);
3322:
3323: memset(&m_sec_ctx, 0, slen);
3324:
3325: m_sec_ctx.sadb_x_sec_len = PFKEY_UNIT64(slen +
3326: PFKEY_ALIGN8(sec_ctx.len));
3327: m_sec_ctx.sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3328: m_sec_ctx.sadb_x_ctx_len = sec_ctx.len; /* bytes */
3329: m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
3330: m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
3331: setvarbuf(buf, &l, (struct sadb_ext *)&m_sec_ctx, slen,
3332: (caddr_t)sec_ctx.buf, sec_ctx.len);
3333: }
3334: #endif
3335:
3336: len = sizeof(struct sadb_sa);
3337: m_sa.sadb_sa_len = PFKEY_UNIT64(len);
3338: m_sa.sadb_sa_exttype = SADB_EXT_SA;
3339: m_sa.sadb_sa_spi = htonl(p_spi);
3340: m_sa.sadb_sa_replay = p_replay;
3341: m_sa.sadb_sa_state = 0;
3342: m_sa.sadb_sa_auth = p_alg_auth;
3343: m_sa.sadb_sa_encrypt = p_alg_enc;
3344: m_sa.sadb_sa_flags = p_ext;
3345:
3346: memcpy(buf + l, &m_sa, len);
3347: l += len;
3348:
3349: len = sizeof(struct sadb_x_sa2);
3350: m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
3351: m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3352: m_sa2.sadb_x_sa2_mode = p_mode;
3353: m_sa2.sadb_x_sa2_reqid = p_reqid;
3354:
3355: memcpy(buf + l, &m_sa2, len);
3356: l += len;
3357:
3358: #ifdef SADB_X_EXT_NAT_T_TYPE
3359: if (p_natt_type) {
3360: struct sadb_x_nat_t_type natt_type;
3361:
3362: len = sizeof(struct sadb_x_nat_t_type);
3363: memset(&natt_type, 0, len);
3364: natt_type.sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3365: natt_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3366: natt_type.sadb_x_nat_t_type_type = p_natt_type;
3367:
3368: memcpy(buf + l, &natt_type, len);
3369: l += len;
3370:
3371: if (p_natt_oa) {
3372: sa = p_natt_oa->ai_addr;
3373: switch (sa->sa_family) {
3374: case AF_INET:
3375: plen = sizeof(struct in_addr) << 3;
3376: break;
3377: #ifdef INET6
3378: case AF_INET6:
3379: plen = sizeof(struct in6_addr) << 3;
3380: break;
3381: #endif
3382: default:
3383: return -1;
3384: }
3385: salen = sysdep_sa_len(sa);
3386: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3387: PFKEY_ALIGN8(salen));
3388: m_addr.sadb_address_exttype = SADB_X_EXT_NAT_T_OA;
3389: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3390: m_addr.sadb_address_prefixlen = plen;
3391: m_addr.sadb_address_reserved = 0;
3392:
3393: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3394: sizeof(m_addr), sa, salen);
3395: }
3396: }
3397: #endif
3398:
3399: l0 = l;
3400: n = 0;
3401:
3402: /* do it for all src/dst pairs */
3403: for (s = srcs; s; s = s->ai_next) {
3404: for (d = dsts; d; d = d->ai_next) {
3405: /* rewind pointer */
3406: l = l0;
3407:
3408: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
3409: continue;
3410: switch (s->ai_addr->sa_family) {
3411: case AF_INET:
3412: plen = sizeof(struct in_addr) << 3;
3413: break;
3414: #ifdef INET6
3415: case AF_INET6:
3416: plen = sizeof(struct in6_addr) << 3;
3417: break;
3418: #endif
3419: default:
3420: continue;
3421: }
3422:
3423: /* set src */
3424: sa = s->ai_addr;
3425: salen = sysdep_sa_len(s->ai_addr);
3426: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3427: PFKEY_ALIGN8(salen));
3428: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3429: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3430: m_addr.sadb_address_prefixlen = plen;
3431: m_addr.sadb_address_reserved = 0;
3432:
3433: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3434: sizeof(m_addr), sa, salen);
3435:
3436: /* set dst */
3437: sa = d->ai_addr;
3438: salen = sysdep_sa_len(d->ai_addr);
3439: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3440: PFKEY_ALIGN8(salen));
3441: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3442: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3443: m_addr.sadb_address_prefixlen = plen;
3444: m_addr.sadb_address_reserved = 0;
3445:
3446: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3447: sizeof(m_addr), sa, salen);
3448:
3449: #ifdef SADB_X_EXT_NAT_T_TYPE
3450: if (p_natt_type) {
3451: struct sadb_x_nat_t_port natt_port;
3452:
3453: /* NATT_SPORT */
3454: len = sizeof(struct sadb_x_nat_t_port);
3455: memset(&natt_port, 0, len);
3456: natt_port.sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
3457: natt_port.sadb_x_nat_t_port_exttype =
3458: SADB_X_EXT_NAT_T_SPORT;
3459: natt_port.sadb_x_nat_t_port_port = htons(get_port(s));
3460:
3461: memcpy(buf + l, &natt_port, len);
3462: l += len;
3463:
3464: /* NATT_DPORT */
3465: natt_port.sadb_x_nat_t_port_exttype =
3466: SADB_X_EXT_NAT_T_DPORT;
3467: natt_port.sadb_x_nat_t_port_port = htons(get_port(d));
3468:
3469: memcpy(buf + l, &natt_port, len);
3470: l += len;
3471: }
3472: #endif
3473: msg->sadb_msg_len = PFKEY_UNIT64(l);
3474:
3475: sendkeymsg(buf, l);
3476:
3477: n++;
3478: }
3479: }
3480:
3481: if (n == 0)
3482: return -1;
3483: else
3484: return 0;
3485: }
3486:
3487: static struct addrinfo *
3488: parse_addr(host, port)
3489: char *host;
3490: char *port;
3491: {
3492: struct addrinfo hints, *res = NULL;
3493: int error;
3494:
3495: memset(&hints, 0, sizeof(hints));
3496: hints.ai_family = p_aifamily;
3497: hints.ai_socktype = SOCK_DGRAM; /*dummy*/
3498: hints.ai_protocol = IPPROTO_UDP; /*dummy*/
3499: hints.ai_flags = p_aiflags;
3500: error = getaddrinfo(host, port, &hints, &res);
3501: if (error != 0) {
3502: yyerror(gai_strerror(error));
3503: return NULL;
3504: }
3505: return res;
3506: }
3507:
3508: static int
3509: fix_portstr(ulproto, spec, sport, dport)
3510: int ulproto;
3511: vchar_t *spec, *sport, *dport;
3512: {
3513: char sp[16], dp[16];
3514: int a, b, c, d;
3515: unsigned long u;
3516:
3517: if (spec->buf == NULL)
3518: return 0;
3519:
3520: switch (ulproto) {
3521: case IPPROTO_ICMP:
3522: case IPPROTO_ICMPV6:
3523: case IPPROTO_MH:
3524: if (sscanf(spec->buf, "%d,%d", &a, &b) == 2) {
3525: sprintf(sp, "%d", a);
3526: sprintf(dp, "%d", b);
3527: } else if (sscanf(spec->buf, "%d", &a) == 1) {
3528: sprintf(sp, "%d", a);
3529: } else {
3530: yyerror("invalid an upper layer protocol spec");
3531: return -1;
3532: }
3533: break;
3534: case IPPROTO_GRE:
3535: if (sscanf(spec->buf, "%d.%d.%d.%d", &a, &b, &c, &d) == 4) {
3536: sprintf(sp, "%d", (a << 8) + b);
3537: sprintf(dp, "%d", (c << 8) + d);
3538: } else if (sscanf(spec->buf, "%lu", &u) == 1) {
3539: sprintf(sp, "%d", (int) (u >> 16));
3540: sprintf(dp, "%d", (int) (u & 0xffff));
3541: } else {
3542: yyerror("invalid an upper layer protocol spec");
3543: return -1;
3544: }
3545: break;
3546: }
3547:
3548: free(sport->buf);
3549: sport->buf = strdup(sp);
3550: if (!sport->buf) {
3551: yyerror("insufficient memory");
3552: return -1;
3553: }
3554: sport->len = strlen(sport->buf);
3555:
3556: free(dport->buf);
3557: dport->buf = strdup(dp);
3558: if (!dport->buf) {
3559: yyerror("insufficient memory");
3560: return -1;
3561: }
3562: dport->len = strlen(dport->buf);
3563:
3564: return 0;
3565: }
3566:
3567: static int
3568: setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
3569: char *buf;
3570: int *off;
3571: struct sadb_ext *ebuf;
3572: int elen;
3573: const void *vbuf;
3574: int vlen;
3575: {
3576: memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
3577: memcpy(buf + *off, (caddr_t)ebuf, elen);
3578: memcpy(buf + *off + elen, vbuf, vlen);
3579: (*off) += PFKEY_ALIGN8(elen + vlen);
3580:
3581: return 0;
3582: }
3583:
3584: void
3585: parse_init()
3586: {
3587: p_spi = 0;
3588:
3589: p_ext = SADB_X_EXT_CYCSEQ;
3590: p_alg_enc = SADB_EALG_NONE;
3591: p_alg_auth = SADB_AALG_NONE;
3592: p_mode = IPSEC_MODE_ANY;
3593: p_reqid = 0;
3594: p_replay = 0;
3595: p_key_enc_len = p_key_auth_len = 0;
3596: p_key_enc = p_key_auth = 0;
3597: p_lt_hard = p_lt_soft = 0;
3598: p_lb_hard = p_lb_soft = 0;
3599:
3600: memset(&sec_ctx, 0, sizeof(struct security_ctx));
3601:
3602: p_aiflags = 0;
3603: p_aifamily = PF_UNSPEC;
3604:
3605: /* Clear out any natt OA information */
3606: if (p_natt_oa)
3607: freeaddrinfo (p_natt_oa);
3608: p_natt_oa = NULL;
3609: p_natt_type = 0;
3610:
3611: return;
3612: }
3613:
3614: void
3615: free_buffer()
3616: {
3617: /* we got tons of memory leaks in the parser anyways, leave them */
3618:
3619: return;
3620: }
3621:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>