1: /* A Bison parser, made by GNU Bison 2.6.2. */
2:
3: /* Bison implementation for Yacc-like parsers in C
4:
5: Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
6:
7: This program is free software: you can redistribute it and/or modify
8: it under the terms of the GNU General Public License as published by
9: the Free Software Foundation, either version 3 of the License, or
10: (at your option) any later version.
11:
12: This program is distributed in the hope that it will be useful,
13: but WITHOUT ANY WARRANTY; without even the implied warranty of
14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: GNU General Public License for more details.
16:
17: You should have received a copy of the GNU General Public License
18: along with this program. If not, see <http://www.gnu.org/licenses/>. */
19:
20: /* As a special exception, you may create a larger work that contains
21: part or all of the Bison parser skeleton and distribute that work
22: under terms of your choice, so long as that work isn't itself a
23: parser generator using the skeleton or a modified version thereof
24: as a parser skeleton. Alternatively, if you modify or redistribute
25: the parser skeleton itself, you may (at your option) remove this
26: special exception, which will cause the skeleton and the resulting
27: Bison output files to be licensed under the GNU General Public
28: License without this special exception.
29:
30: This special exception was added by the Free Software Foundation in
31: version 2.2 of Bison. */
32:
33: /* C LALR(1) parser skeleton written by Richard Stallman, by
34: simplifying the original so-called "semantic" parser. */
35:
36: /* All symbols defined below should begin with yy or YY, to avoid
37: infringing on user name space. This should be done even for local
38: variables, as they might otherwise be expanded by user macros.
39: There are some unavoidable exceptions within include files to
40: define necessary library symbols; they are noted "INFRINGES ON
41: USER NAME SPACE" below. */
42:
43: /* Identify Bison output. */
44: #define YYBISON 1
45:
46: /* Bison version. */
47: #define YYBISON_VERSION "2.6.2"
48:
49: /* Skeleton name. */
50: #define YYSKELETON_NAME "yacc.c"
51:
52: /* Pure parsers. */
53: #define YYPURE 0
54:
55: /* Push parsers. */
56: #define YYPUSH 0
57:
58: /* Pull parsers. */
59: #define YYPULL 1
60:
61:
62:
63:
64: /* Copy the first part of user declarations. */
65: /* Line 336 of yacc.c */
66: #line 34 "parse.y"
67:
68: #ifdef HAVE_CONFIG_H
69: #include "config.h"
70: #endif
71:
72: #include <sys/types.h>
73: #include <sys/param.h>
74: #include <sys/socket.h>
75:
76: #include <netinet/in.h>
77: #include <net/pfkeyv2.h>
78: #include PATH_IPSEC_H
79: #include <arpa/inet.h>
80:
81: #include <string.h>
82: #include <unistd.h>
83: #include <stdio.h>
84: #include <netdb.h>
85: #include <ctype.h>
86: #include <errno.h>
87: #include <stdlib.h>
88:
89: #include "libpfkey.h"
90: #include "vchar.h"
91: #include "extern.h"
92:
93: #define DEFAULT_NATT_PORT 4500
94:
95: #ifndef UDP_ENCAP_ESPINUDP
96: #define UDP_ENCAP_ESPINUDP 2
97: #endif
98:
99: #define ATOX(c) \
100: (isdigit((int)c) ? (c - '0') : \
101: (isupper((int)c) ? (c - 'A' + 10) : (c - 'a' + 10)))
102:
103: u_int32_t p_spi;
104: u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
105: u_int32_t p_reqid;
106: u_int p_key_enc_len, p_key_auth_len;
107: const char *p_key_enc;
108: const char *p_key_auth;
109: time_t p_lt_hard, p_lt_soft;
110: size_t p_lb_hard, p_lb_soft;
111:
112: struct security_ctx {
113: u_int8_t doi;
114: u_int8_t alg;
115: u_int16_t len;
116: char *buf;
117: };
118:
119: struct security_ctx sec_ctx;
120:
121: static u_int p_natt_type;
122: static struct addrinfo * p_natt_oa = NULL;
123:
124: static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
125:
126: static struct addrinfo *parse_addr __P((char *, char *));
127: static int fix_portstr __P((int, vchar_t *, vchar_t *, vchar_t *));
128: static int setvarbuf __P((char *, int *, struct sadb_ext *, int,
129: const void *, int));
130: void parse_init __P((void));
131: void free_buffer __P((void));
132:
133: int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
134: static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
135: struct addrinfo *, int, struct addrinfo *, int));
136: static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
137: static int setkeymsg_addr __P((unsigned int, unsigned int,
138: struct addrinfo *, struct addrinfo *, int));
139: static int setkeymsg_add __P((unsigned int, unsigned int,
140: struct addrinfo *, struct addrinfo *));
141:
142: /* Line 336 of yacc.c */
143: #line 144 "parse.c"
144:
145: # ifndef YY_NULL
146: # if defined __cplusplus && 201103L <= __cplusplus
147: # define YY_NULL nullptr
148: # else
149: # define YY_NULL 0
150: # endif
151: # endif
152:
153: /* Enabling verbose error messages. */
154: #ifdef YYERROR_VERBOSE
155: # undef YYERROR_VERBOSE
156: # define YYERROR_VERBOSE 1
157: #else
158: # define YYERROR_VERBOSE 0
159: #endif
160:
161: /* In a future release of Bison, this section will be replaced
162: by #include "y.tab.h". */
163: #ifndef YY_Y_TAB_H
164: # define YY_Y_TAB_H
165: /* Enabling traces. */
166: #ifndef YYDEBUG
167: # define YYDEBUG 0
168: #endif
169: #if YYDEBUG
170: extern int yydebug;
171: #endif
172:
173: /* Tokens. */
174: #ifndef YYTOKENTYPE
175: # define YYTOKENTYPE
176: /* Put the tokens into the symbol table, so that GDB and other debuggers
177: know about them. */
178: enum yytokentype {
179: EOT = 258,
180: SLASH = 259,
181: BLCL = 260,
182: ELCL = 261,
183: ADD = 262,
184: GET = 263,
185: DELETE = 264,
186: DELETEALL = 265,
187: FLUSH = 266,
188: DUMP = 267,
189: EXIT = 268,
190: PR_ESP = 269,
191: PR_AH = 270,
192: PR_IPCOMP = 271,
193: PR_ESPUDP = 272,
194: PR_TCP = 273,
195: F_PROTOCOL = 274,
196: F_AUTH = 275,
197: F_ENC = 276,
198: F_REPLAY = 277,
199: F_COMP = 278,
200: F_RAWCPI = 279,
201: F_MODE = 280,
202: MODE = 281,
203: F_REQID = 282,
204: F_EXT = 283,
205: EXTENSION = 284,
206: NOCYCLICSEQ = 285,
207: ALG_AUTH = 286,
208: ALG_AUTH_NOKEY = 287,
209: ALG_ENC = 288,
210: ALG_ENC_NOKEY = 289,
211: ALG_ENC_DESDERIV = 290,
212: ALG_ENC_DES32IV = 291,
213: ALG_ENC_OLD = 292,
214: ALG_COMP = 293,
215: F_LIFETIME_HARD = 294,
216: F_LIFETIME_SOFT = 295,
217: F_LIFEBYTE_HARD = 296,
218: F_LIFEBYTE_SOFT = 297,
219: DECSTRING = 298,
220: QUOTEDSTRING = 299,
221: HEXSTRING = 300,
222: STRING = 301,
223: ANY = 302,
224: SPDADD = 303,
225: SPDUPDATE = 304,
226: SPDDELETE = 305,
227: SPDDUMP = 306,
228: SPDFLUSH = 307,
229: F_POLICY = 308,
230: PL_REQUESTS = 309,
231: F_AIFLAGS = 310,
232: TAGGED = 311,
233: SECURITY_CTX = 312
234: };
235: #endif
236: /* Tokens. */
237: #define EOT 258
238: #define SLASH 259
239: #define BLCL 260
240: #define ELCL 261
241: #define ADD 262
242: #define GET 263
243: #define DELETE 264
244: #define DELETEALL 265
245: #define FLUSH 266
246: #define DUMP 267
247: #define EXIT 268
248: #define PR_ESP 269
249: #define PR_AH 270
250: #define PR_IPCOMP 271
251: #define PR_ESPUDP 272
252: #define PR_TCP 273
253: #define F_PROTOCOL 274
254: #define F_AUTH 275
255: #define F_ENC 276
256: #define F_REPLAY 277
257: #define F_COMP 278
258: #define F_RAWCPI 279
259: #define F_MODE 280
260: #define MODE 281
261: #define F_REQID 282
262: #define F_EXT 283
263: #define EXTENSION 284
264: #define NOCYCLICSEQ 285
265: #define ALG_AUTH 286
266: #define ALG_AUTH_NOKEY 287
267: #define ALG_ENC 288
268: #define ALG_ENC_NOKEY 289
269: #define ALG_ENC_DESDERIV 290
270: #define ALG_ENC_DES32IV 291
271: #define ALG_ENC_OLD 292
272: #define ALG_COMP 293
273: #define F_LIFETIME_HARD 294
274: #define F_LIFETIME_SOFT 295
275: #define F_LIFEBYTE_HARD 296
276: #define F_LIFEBYTE_SOFT 297
277: #define DECSTRING 298
278: #define QUOTEDSTRING 299
279: #define HEXSTRING 300
280: #define STRING 301
281: #define ANY 302
282: #define SPDADD 303
283: #define SPDUPDATE 304
284: #define SPDDELETE 305
285: #define SPDDUMP 306
286: #define SPDFLUSH 307
287: #define F_POLICY 308
288: #define PL_REQUESTS 309
289: #define F_AIFLAGS 310
290: #define TAGGED 311
291: #define SECURITY_CTX 312
292:
293:
294:
295: #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
296: typedef union YYSTYPE
297: {
298: /* Line 350 of yacc.c */
299: #line 110 "parse.y"
300:
301: int num;
302: unsigned long ulnum;
303: vchar_t val;
304: struct addrinfo *res;
305:
306:
307: /* Line 350 of yacc.c */
308: #line 309 "parse.c"
309: } YYSTYPE;
310: # define YYSTYPE_IS_TRIVIAL 1
311: # define yystype YYSTYPE /* obsolescent; will be withdrawn */
312: # define YYSTYPE_IS_DECLARED 1
313: #endif
314:
315: extern YYSTYPE yylval;
316:
317: #ifdef YYPARSE_PARAM
318: #if defined __STDC__ || defined __cplusplus
319: int yyparse (void *YYPARSE_PARAM);
320: #else
321: int yyparse ();
322: #endif
323: #else /* ! YYPARSE_PARAM */
324: #if defined __STDC__ || defined __cplusplus
325: int yyparse (void);
326: #else
327: int yyparse ();
328: #endif
329: #endif /* ! YYPARSE_PARAM */
330:
331: #endif /* !YY_Y_TAB_H */
332:
333: /* Copy the second part of user declarations. */
334:
335: /* Line 353 of yacc.c */
336: #line 337 "parse.c"
337:
338: #ifdef short
339: # undef short
340: #endif
341:
342: #ifdef YYTYPE_UINT8
343: typedef YYTYPE_UINT8 yytype_uint8;
344: #else
345: typedef unsigned char yytype_uint8;
346: #endif
347:
348: #ifdef YYTYPE_INT8
349: typedef YYTYPE_INT8 yytype_int8;
350: #elif (defined __STDC__ || defined __C99__FUNC__ \
351: || defined __cplusplus || defined _MSC_VER)
352: typedef signed char yytype_int8;
353: #else
354: typedef short int yytype_int8;
355: #endif
356:
357: #ifdef YYTYPE_UINT16
358: typedef YYTYPE_UINT16 yytype_uint16;
359: #else
360: typedef unsigned short int yytype_uint16;
361: #endif
362:
363: #ifdef YYTYPE_INT16
364: typedef YYTYPE_INT16 yytype_int16;
365: #else
366: typedef short int yytype_int16;
367: #endif
368:
369: #ifndef YYSIZE_T
370: # ifdef __SIZE_TYPE__
371: # define YYSIZE_T __SIZE_TYPE__
372: # elif defined size_t
373: # define YYSIZE_T size_t
374: # elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
375: || defined __cplusplus || defined _MSC_VER)
376: # include <stddef.h> /* INFRINGES ON USER NAME SPACE */
377: # define YYSIZE_T size_t
378: # else
379: # define YYSIZE_T unsigned int
380: # endif
381: #endif
382:
383: #define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
384:
385: #ifndef YY_
386: # if defined YYENABLE_NLS && YYENABLE_NLS
387: # if ENABLE_NLS
388: # include <libintl.h> /* INFRINGES ON USER NAME SPACE */
389: # define YY_(msgid) dgettext ("bison-runtime", msgid)
390: # endif
391: # endif
392: # ifndef YY_
393: # define YY_(msgid) msgid
394: # endif
395: #endif
396:
397: /* Suppress unused-variable warnings by "using" E. */
398: #if ! defined lint || defined __GNUC__
399: # define YYUSE(e) ((void) (e))
400: #else
401: # define YYUSE(e) /* empty */
402: #endif
403:
404: /* Identity function, used to suppress warnings about constant conditions. */
405: #ifndef lint
406: # define YYID(n) (n)
407: #else
408: #if (defined __STDC__ || defined __C99__FUNC__ \
409: || defined __cplusplus || defined _MSC_VER)
410: static int
411: YYID (int yyi)
412: #else
413: static int
414: YYID (yyi)
415: int yyi;
416: #endif
417: {
418: return yyi;
419: }
420: #endif
421:
422: #if ! defined yyoverflow || YYERROR_VERBOSE
423:
424: /* The parser invokes alloca or malloc; define the necessary symbols. */
425:
426: # ifdef YYSTACK_USE_ALLOCA
427: # if YYSTACK_USE_ALLOCA
428: # ifdef __GNUC__
429: # define YYSTACK_ALLOC __builtin_alloca
430: # elif defined __BUILTIN_VA_ARG_INCR
431: # include <alloca.h> /* INFRINGES ON USER NAME SPACE */
432: # elif defined _AIX
433: # define YYSTACK_ALLOC __alloca
434: # elif defined _MSC_VER
435: # include <malloc.h> /* INFRINGES ON USER NAME SPACE */
436: # define alloca _alloca
437: # else
438: # define YYSTACK_ALLOC alloca
439: # if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
440: || defined __cplusplus || defined _MSC_VER)
441: # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
442: /* Use EXIT_SUCCESS as a witness for stdlib.h. */
443: # ifndef EXIT_SUCCESS
444: # define EXIT_SUCCESS 0
445: # endif
446: # endif
447: # endif
448: # endif
449: # endif
450:
451: # ifdef YYSTACK_ALLOC
452: /* Pacify GCC's `empty if-body' warning. */
453: # define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
454: # ifndef YYSTACK_ALLOC_MAXIMUM
455: /* The OS might guarantee only one guard page at the bottom of the stack,
456: and a page size can be as small as 4096 bytes. So we cannot safely
457: invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
458: to allow for a few compiler-allocated temporary stack slots. */
459: # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
460: # endif
461: # else
462: # define YYSTACK_ALLOC YYMALLOC
463: # define YYSTACK_FREE YYFREE
464: # ifndef YYSTACK_ALLOC_MAXIMUM
465: # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
466: # endif
467: # if (defined __cplusplus && ! defined EXIT_SUCCESS \
468: && ! ((defined YYMALLOC || defined malloc) \
469: && (defined YYFREE || defined free)))
470: # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
471: # ifndef EXIT_SUCCESS
472: # define EXIT_SUCCESS 0
473: # endif
474: # endif
475: # ifndef YYMALLOC
476: # define YYMALLOC malloc
477: # if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
478: || defined __cplusplus || defined _MSC_VER)
479: void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
480: # endif
481: # endif
482: # ifndef YYFREE
483: # define YYFREE free
484: # if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
485: || defined __cplusplus || defined _MSC_VER)
486: void free (void *); /* INFRINGES ON USER NAME SPACE */
487: # endif
488: # endif
489: # endif
490: #endif /* ! defined yyoverflow || YYERROR_VERBOSE */
491:
492:
493: #if (! defined yyoverflow \
494: && (! defined __cplusplus \
495: || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
496:
497: /* A type that is properly aligned for any stack member. */
498: union yyalloc
499: {
500: yytype_int16 yyss_alloc;
501: YYSTYPE yyvs_alloc;
502: };
503:
504: /* The size of the maximum gap between one aligned stack and the next. */
505: # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
506:
507: /* The size of an array large to enough to hold all stacks, each with
508: N elements. */
509: # define YYSTACK_BYTES(N) \
510: ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
511: + YYSTACK_GAP_MAXIMUM)
512:
513: # define YYCOPY_NEEDED 1
514:
515: /* Relocate STACK from its old location to the new one. The
516: local variables YYSIZE and YYSTACKSIZE give the old and new number of
517: elements in the stack, and YYPTR gives the new location of the
518: stack. Advance YYPTR to a properly aligned location for the next
519: stack. */
520: # define YYSTACK_RELOCATE(Stack_alloc, Stack) \
521: do \
522: { \
523: YYSIZE_T yynewbytes; \
524: YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
525: Stack = &yyptr->Stack_alloc; \
526: yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
527: yyptr += yynewbytes / sizeof (*yyptr); \
528: } \
529: while (YYID (0))
530:
531: #endif
532:
533: #if defined YYCOPY_NEEDED && YYCOPY_NEEDED
534: /* Copy COUNT objects from SRC to DST. The source and destination do
535: not overlap. */
536: # ifndef YYCOPY
537: # if defined __GNUC__ && 1 < __GNUC__
538: # define YYCOPY(Dst, Src, Count) \
539: __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
540: # else
541: # define YYCOPY(Dst, Src, Count) \
542: do \
543: { \
544: YYSIZE_T yyi; \
545: for (yyi = 0; yyi < (Count); yyi++) \
546: (Dst)[yyi] = (Src)[yyi]; \
547: } \
548: while (YYID (0))
549: # endif
550: # endif
551: #endif /* !YYCOPY_NEEDED */
552:
553: /* YYFINAL -- State number of the termination state. */
554: #define YYFINAL 2
555: /* YYLAST -- Last index in YYTABLE. */
556: #define YYLAST 174
557:
558: /* YYNTOKENS -- Number of terminals. */
559: #define YYNTOKENS 58
560: /* YYNNTS -- Number of nonterminals. */
561: #define YYNNTS 37
562: /* YYNRULES -- Number of rules. */
563: #define YYNRULES 90
564: /* YYNRULES -- Number of states. */
565: #define YYNSTATES 188
566:
567: /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
568: #define YYUNDEFTOK 2
569: #define YYMAXUTOK 312
570:
571: #define YYTRANSLATE(YYX) \
572: ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
573:
574: /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
575: static const yytype_uint8 yytranslate[] =
576: {
577: 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
578: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
579: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
580: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
581: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
582: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
583: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
584: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
585: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
586: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
587: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
588: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
589: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
590: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
591: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
592: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
593: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
594: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
595: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
596: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
597: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
598: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
599: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
600: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
601: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
602: 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
603: 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
604: 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
605: 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
606: 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
607: 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
608: 55, 56, 57
609: };
610:
611: #if YYDEBUG
612: /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
613: YYRHS. */
614: static const yytype_uint16 yyprhs[] =
615: {
616: 0, 0, 3, 4, 7, 9, 11, 13, 15, 17,
617: 19, 21, 23, 25, 27, 29, 31, 41, 50, 57,
618: 66, 70, 74, 75, 77, 79, 81, 83, 86, 88,
619: 90, 92, 94, 96, 98, 103, 106, 109, 112, 116,
620: 118, 121, 123, 126, 129, 132, 134, 136, 138, 139,
621: 142, 145, 148, 151, 154, 157, 160, 163, 166, 169,
622: 172, 177, 191, 197, 211, 217, 231, 234, 237, 238,
623: 241, 243, 245, 247, 250, 251, 254, 255, 259, 263,
624: 267, 269, 271, 273, 275, 276, 278, 279, 284, 287,
625: 289
626: };
627:
628: /* YYRHS -- A `-1'-separated list of the rules' RHS. */
629: static const yytype_int8 yyrhs[] =
630: {
631: 59, 0, -1, -1, 59, 60, -1, 61, -1, 64,
632: -1, 62, -1, 63, -1, 65, -1, 66, -1, 94,
633: -1, 78, -1, 79, -1, 80, -1, 81, -1, 82,
634: -1, 7, 83, 86, 86, 67, 68, 76, 69, 3,
635: -1, 9, 83, 86, 86, 67, 68, 76, 3, -1,
636: 10, 83, 85, 85, 67, 3, -1, 8, 83, 86,
637: 86, 67, 68, 76, 3, -1, 11, 67, 3, -1,
638: 12, 67, 3, -1, -1, 14, -1, 15, -1, 16,
639: -1, 17, -1, 17, 85, -1, 18, -1, 43, -1,
640: 45, -1, 70, -1, 71, -1, 72, -1, 21, 73,
641: 20, 74, -1, 21, 73, -1, 20, 74, -1, 23,
642: 38, -1, 23, 38, 24, -1, 34, -1, 33, 75,
643: -1, 37, -1, 35, 75, -1, 36, 75, -1, 31,
644: 75, -1, 32, -1, 44, -1, 45, -1, -1, 76,
645: 77, -1, 28, 29, -1, 28, 30, -1, 25, 26,
646: -1, 25, 47, -1, 27, 43, -1, 22, 43, -1,
647: 39, 43, -1, 40, 43, -1, 41, 43, -1, 42,
648: 43, -1, 57, 43, 43, 44, -1, 48, 83, 46,
649: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
650: -1, 48, 56, 44, 92, 3, -1, 49, 83, 46,
651: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
652: -1, 49, 56, 44, 92, 3, -1, 50, 83, 46,
653: 87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
654: -1, 51, 3, -1, 52, 3, -1, -1, 83, 84,
655: -1, 55, -1, 46, -1, 46, -1, 46, 88, -1,
656: -1, 4, 43, -1, -1, 5, 47, 6, -1, 5,
657: 43, 6, -1, 5, 46, 6, -1, 43, -1, 47,
658: -1, 18, -1, 46, -1, -1, 46, -1, -1, 57,
659: 43, 43, 44, -1, 53, 93, -1, 54, -1, 13,
660: 3, -1
661: };
662:
663: /* YYRLINE[YYN] -- source line where rule number YYN was defined. */
664: static const yytype_uint16 yyrline[] =
665: {
666: 0, 151, 151, 153, 161, 162, 163, 164, 165, 166,
667: 167, 168, 169, 170, 171, 172, 178, 190, 209, 237,
668: 252, 262, 272, 275, 283, 291, 295, 302, 309, 318,
669: 319, 340, 341, 342, 346, 347, 351, 355, 363, 375,
670: 390, 405, 421, 442, 466, 491, 504, 508, 537, 539,
671: 543, 544, 545, 546, 547, 548, 557, 558, 559, 560,
672: 561, 573, 606, 619, 652, 664, 696, 707, 716, 718,
673: 722, 747, 758, 766, 777, 778, 783, 791, 800, 811,
674: 818, 819, 820, 823, 846, 850, 861, 863, 872, 896,
675: 901
676: };
677: #endif
678:
679: #if YYDEBUG || YYERROR_VERBOSE || 0
680: /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
681: First, the terminals, then, starting at YYNTOKENS, nonterminals. */
682: static const char *const yytname[] =
683: {
684: "$end", "error", "$undefined", "EOT", "SLASH", "BLCL", "ELCL", "ADD",
685: "GET", "DELETE", "DELETEALL", "FLUSH", "DUMP", "EXIT", "PR_ESP", "PR_AH",
686: "PR_IPCOMP", "PR_ESPUDP", "PR_TCP", "F_PROTOCOL", "F_AUTH", "F_ENC",
687: "F_REPLAY", "F_COMP", "F_RAWCPI", "F_MODE", "MODE", "F_REQID", "F_EXT",
688: "EXTENSION", "NOCYCLICSEQ", "ALG_AUTH", "ALG_AUTH_NOKEY", "ALG_ENC",
689: "ALG_ENC_NOKEY", "ALG_ENC_DESDERIV", "ALG_ENC_DES32IV", "ALG_ENC_OLD",
690: "ALG_COMP", "F_LIFETIME_HARD", "F_LIFETIME_SOFT", "F_LIFEBYTE_HARD",
691: "F_LIFEBYTE_SOFT", "DECSTRING", "QUOTEDSTRING", "HEXSTRING", "STRING",
692: "ANY", "SPDADD", "SPDUPDATE", "SPDDELETE", "SPDDUMP", "SPDFLUSH",
693: "F_POLICY", "PL_REQUESTS", "F_AIFLAGS", "TAGGED", "SECURITY_CTX",
694: "$accept", "commands", "command", "add_command", "delete_command",
695: "deleteall_command", "get_command", "flush_command", "dump_command",
696: "protocol_spec", "spi", "algorithm_spec", "esp_spec", "ah_spec",
697: "ipcomp_spec", "enc_alg", "auth_alg", "key_string", "extension_spec",
698: "extension", "spdadd_command", "spdupdate_command", "spddelete_command",
699: "spddump_command", "spdflush_command", "ipaddropts", "ipaddropt",
700: "ipaddr", "ipandport", "prefix", "portstr", "upper_spec",
701: "upper_misc_spec", "context_spec", "policy_spec", "policy_requests",
702: "exit_command", YY_NULL
703: };
704: #endif
705:
706: # ifdef YYPRINT
707: /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
708: token YYLEX-NUM. */
709: static const yytype_uint16 yytoknum[] =
710: {
711: 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
712: 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
713: 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
714: 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
715: 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
716: 305, 306, 307, 308, 309, 310, 311, 312
717: };
718: # endif
719:
720: /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
721: static const yytype_uint8 yyr1[] =
722: {
723: 0, 58, 59, 59, 60, 60, 60, 60, 60, 60,
724: 60, 60, 60, 60, 60, 60, 61, 62, 63, 64,
725: 65, 66, 67, 67, 67, 67, 67, 67, 67, 68,
726: 68, 69, 69, 69, 70, 70, 71, 72, 72, 73,
727: 73, 73, 73, 73, 74, 74, 75, 75, 76, 76,
728: 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
729: 77, 78, 78, 79, 79, 80, 81, 82, 83, 83,
730: 84, 85, 86, 86, 87, 87, 88, 88, 88, 88,
731: 89, 89, 89, 89, 90, 90, 91, 91, 92, 93,
732: 94
733: };
734:
735: /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
736: static const yytype_uint8 yyr2[] =
737: {
738: 0, 2, 0, 2, 1, 1, 1, 1, 1, 1,
739: 1, 1, 1, 1, 1, 1, 9, 8, 6, 8,
740: 3, 3, 0, 1, 1, 1, 1, 2, 1, 1,
741: 1, 1, 1, 1, 4, 2, 2, 2, 3, 1,
742: 2, 1, 2, 2, 2, 1, 1, 1, 0, 2,
743: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
744: 4, 13, 5, 13, 5, 13, 2, 2, 0, 2,
745: 1, 1, 1, 2, 0, 2, 0, 3, 3, 3,
746: 1, 1, 1, 1, 0, 1, 0, 4, 2, 1,
747: 2
748: };
749:
750: /* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM.
751: Performed when YYTABLE doesn't specify something else to do. Zero
752: means the default is an error. */
753: static const yytype_uint8 yydefact[] =
754: {
755: 2, 0, 1, 68, 68, 68, 68, 22, 22, 0,
756: 68, 68, 68, 0, 0, 3, 4, 6, 7, 5,
757: 8, 9, 11, 12, 13, 14, 15, 10, 0, 0,
758: 0, 0, 23, 24, 25, 26, 28, 0, 0, 90,
759: 0, 0, 0, 0, 0, 66, 67, 72, 70, 69,
760: 0, 0, 0, 71, 0, 27, 20, 21, 0, 74,
761: 0, 74, 74, 0, 73, 22, 22, 22, 22, 0,
762: 0, 0, 76, 0, 76, 76, 0, 0, 0, 0,
763: 0, 0, 0, 89, 88, 62, 75, 0, 64, 0,
764: 0, 78, 79, 77, 29, 30, 48, 48, 48, 18,
765: 74, 74, 74, 0, 0, 0, 76, 76, 76, 0,
766: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
767: 0, 0, 31, 32, 33, 49, 19, 17, 0, 0,
768: 0, 0, 45, 36, 0, 39, 0, 0, 41, 35,
769: 55, 37, 52, 53, 54, 50, 51, 56, 57, 58,
770: 59, 0, 16, 82, 80, 83, 81, 84, 84, 84,
771: 46, 47, 44, 40, 42, 43, 0, 38, 0, 85,
772: 86, 86, 86, 34, 60, 0, 0, 0, 0, 0,
773: 0, 0, 0, 0, 61, 63, 65, 87
774: };
775:
776: /* YYDEFGOTO[NTERM-NUM]. */
777: static const yytype_int16 yydefgoto[] =
778: {
779: -1, 1, 15, 16, 17, 18, 19, 20, 21, 37,
780: 96, 121, 122, 123, 124, 139, 133, 162, 103, 125,
781: 22, 23, 24, 25, 26, 28, 49, 54, 50, 72,
782: 64, 157, 170, 176, 70, 84, 27
783: };
784:
785: /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
786: STATE-NUM. */
787: #define YYPACT_NINF -61
788: static const yytype_int16 yypact[] =
789: {
790: -61, 3, -61, -61, -61, -61, -61, 96, 96, 17,
791: -12, 1, -61, 78, 106, -61, -61, -61, -61, -61,
792: -61, -61, -61, -61, -61, -61, -61, -61, -38, -38,
793: -38, 29, -61, -61, -61, 69, -61, 122, 130, -61,
794: 92, 31, 93, 39, 49, -61, -61, 133, -61, -61,
795: 94, 94, 94, -61, 69, -61, -61, -61, 88, 135,
796: 88, 135, 135, -24, -61, 96, 96, 96, 96, 89,
797: 139, 101, 133, 142, 133, 133, 140, 141, 143, 81,
798: 81, 81, 145, -61, -61, -61, -61, 104, -61, 105,
799: 107, -61, -61, -61, -61, -61, -61, -61, -61, -61,
800: 135, 135, 135, 51, -1, 6, 133, 133, 133, -26,
801: 86, 109, 116, -22, 112, 13, 113, 114, 115, 117,
802: 118, 156, -61, -61, -61, -61, -61, -61, -11, -11,
803: -11, 5, -61, -61, 5, -61, 5, 5, -61, 144,
804: -61, 138, -61, -61, -61, -61, -61, -61, -61, -61,
805: -61, 120, -61, -61, -61, -61, -61, 119, 119, 119,
806: -61, -61, -61, -61, -61, -61, -26, -61, 123, -61,
807: 111, 111, 111, -61, -61, 126, 88, 88, 88, 127,
808: 163, 168, 169, 129, -61, -61, -61, -61
809: };
810:
811: /* YYPGOTO[NTERM-NUM]. */
812: static const yytype_int8 yypgoto[] =
813: {
814: -61, -61, -61, -61, -61, -61, -61, -61, -61, -7,
815: 22, -61, -61, -61, -61, -61, 8, -54, 30, -61,
816: -61, -61, -61, -61, -61, 95, -61, -17, 37, -32,
817: -10, 0, -27, -37, -60, -61, -61
818: };
819:
820: /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
821: positive, shift that token. If negative, reduce the rule which
822: number is the opposite. If YYTABLE_NINF, syntax error. */
823: #define YYTABLE_NINF -1
824: static const yytype_uint8 yytable[] =
825: {
826: 73, 38, 126, 2, 142, 131, 132, 153, 47, 127,
827: 3, 4, 5, 6, 7, 8, 9, 48, 55, 76,
828: 39, 111, 77, 78, 113, 143, 114, 115, 111, 74,
829: 75, 113, 154, 114, 115, 155, 156, 68, 116, 117,
830: 118, 119, 145, 146, 40, 116, 117, 118, 119, 160,
831: 161, 10, 11, 12, 13, 14, 120, 42, 79, 80,
832: 81, 82, 87, 120, 89, 90, 51, 52, 106, 107,
833: 108, 109, 110, 111, 112, 53, 113, 59, 114, 115,
834: 163, 45, 164, 165, 48, 61, 48, 65, 66, 67,
835: 116, 117, 118, 119, 48, 62, 128, 129, 130, 29,
836: 30, 31, 97, 98, 48, 41, 43, 44, 120, 46,
837: 32, 33, 34, 35, 36, 53, 180, 181, 182, 134,
838: 135, 136, 137, 138, 94, 56, 95, 104, 105, 158,
839: 159, 171, 172, 57, 177, 178, 58, 60, 63, 71,
840: 47, 69, 85, 83, 86, 88, 91, 92, 99, 93,
841: 100, 101, 140, 102, 141, 144, 147, 148, 149, 152,
842: 150, 151, 167, 168, 166, 169, 184, 174, 175, 179,
843: 183, 185, 186, 187, 173
844: };
845:
846: #define yypact_value_is_default(yystate) \
847: ((yystate) == (-61))
848:
849: #define yytable_value_is_error(yytable_value) \
850: YYID (0)
851:
852: static const yytype_uint8 yycheck[] =
853: {
854: 60, 8, 3, 0, 26, 31, 32, 18, 46, 3,
855: 7, 8, 9, 10, 11, 12, 13, 55, 35, 43,
856: 3, 22, 46, 47, 25, 47, 27, 28, 22, 61,
857: 62, 25, 43, 27, 28, 46, 47, 54, 39, 40,
858: 41, 42, 29, 30, 56, 39, 40, 41, 42, 44,
859: 45, 48, 49, 50, 51, 52, 57, 56, 65, 66,
860: 67, 68, 72, 57, 74, 75, 29, 30, 100, 101,
861: 102, 20, 21, 22, 23, 46, 25, 46, 27, 28,
862: 134, 3, 136, 137, 55, 46, 55, 50, 51, 52,
863: 39, 40, 41, 42, 55, 46, 106, 107, 108, 4,
864: 5, 6, 80, 81, 55, 10, 11, 12, 57, 3,
865: 14, 15, 16, 17, 18, 46, 176, 177, 178, 33,
866: 34, 35, 36, 37, 43, 3, 45, 97, 98, 129,
867: 130, 158, 159, 3, 171, 172, 44, 44, 5, 4,
868: 46, 53, 3, 54, 43, 3, 6, 6, 3, 6,
869: 46, 46, 43, 46, 38, 43, 43, 43, 43, 3,
870: 43, 43, 24, 43, 20, 46, 3, 44, 57, 43,
871: 43, 3, 3, 44, 166
872: };
873:
874: /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
875: symbol of state STATE-NUM. */
876: static const yytype_uint8 yystos[] =
877: {
878: 0, 59, 0, 7, 8, 9, 10, 11, 12, 13,
879: 48, 49, 50, 51, 52, 60, 61, 62, 63, 64,
880: 65, 66, 78, 79, 80, 81, 82, 94, 83, 83,
881: 83, 83, 14, 15, 16, 17, 18, 67, 67, 3,
882: 56, 83, 56, 83, 83, 3, 3, 46, 55, 84,
883: 86, 86, 86, 46, 85, 85, 3, 3, 44, 46,
884: 44, 46, 46, 5, 88, 86, 86, 86, 85, 53,
885: 92, 4, 87, 92, 87, 87, 43, 46, 47, 67,
886: 67, 67, 67, 54, 93, 3, 43, 88, 3, 88,
887: 88, 6, 6, 6, 43, 45, 68, 68, 68, 3,
888: 46, 46, 46, 76, 76, 76, 87, 87, 87, 20,
889: 21, 22, 23, 25, 27, 28, 39, 40, 41, 42,
890: 57, 69, 70, 71, 72, 77, 3, 3, 88, 88,
891: 88, 31, 32, 74, 33, 34, 35, 36, 37, 73,
892: 43, 38, 26, 47, 43, 29, 30, 43, 43, 43,
893: 43, 43, 3, 18, 43, 46, 47, 89, 89, 89,
894: 44, 45, 75, 75, 75, 75, 20, 24, 43, 46,
895: 90, 90, 90, 74, 44, 57, 91, 91, 91, 43,
896: 92, 92, 92, 43, 3, 3, 3, 44
897: };
898:
899: #define yyerrok (yyerrstatus = 0)
900: #define yyclearin (yychar = YYEMPTY)
901: #define YYEMPTY (-2)
902: #define YYEOF 0
903:
904: #define YYACCEPT goto yyacceptlab
905: #define YYABORT goto yyabortlab
906: #define YYERROR goto yyerrorlab
907:
908:
909: /* Like YYERROR except do call yyerror. This remains here temporarily
910: to ease the transition to the new meaning of YYERROR, for GCC.
911: Once GCC version 2 has supplanted version 1, this can go. However,
912: YYFAIL appears to be in use. Nevertheless, it is formally deprecated
913: in Bison 2.4.2's NEWS entry, where a plan to phase it out is
914: discussed. */
915:
916: #define YYFAIL goto yyerrlab
917: #if defined YYFAIL
918: /* This is here to suppress warnings from the GCC cpp's
919: -Wunused-macros. Normally we don't worry about that warning, but
920: some users do, and we want to make it easy for users to remove
921: YYFAIL uses, which will produce warnings from Bison 2.5. */
922: #endif
923:
924: #define YYRECOVERING() (!!yyerrstatus)
925:
926: #define YYBACKUP(Token, Value) \
927: do \
928: if (yychar == YYEMPTY) \
929: { \
930: yychar = (Token); \
931: yylval = (Value); \
932: YYPOPSTACK (yylen); \
933: yystate = *yyssp; \
934: goto yybackup; \
935: } \
936: else \
937: { \
938: yyerror (YY_("syntax error: cannot back up")); \
939: YYERROR; \
940: } \
941: while (YYID (0))
942:
943:
944: #define YYTERROR 1
945: #define YYERRCODE 256
946:
947: /* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
948: If N is 0, then set CURRENT to the empty location which ends
949: the previous symbol: RHS[0] (always defined). */
950:
951: #ifndef YYLLOC_DEFAULT
952: # define YYLLOC_DEFAULT(Current, Rhs, N) \
953: do \
954: if (YYID (N)) \
955: { \
956: (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
957: (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
958: (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
959: (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
960: } \
961: else \
962: { \
963: (Current).first_line = (Current).last_line = \
964: YYRHSLOC (Rhs, 0).last_line; \
965: (Current).first_column = (Current).last_column = \
966: YYRHSLOC (Rhs, 0).last_column; \
967: } \
968: while (YYID (0))
969: #endif
970:
971: #define YYRHSLOC(Rhs, K) ((Rhs)[K])
972:
973:
974:
975: /* This macro is provided for backward compatibility. */
976:
977: #ifndef YY_LOCATION_PRINT
978: # define YY_LOCATION_PRINT(File, Loc) ((void) 0)
979: #endif
980:
981:
982: /* YYLEX -- calling `yylex' with the right arguments. */
983:
984: #ifdef YYLEX_PARAM
985: # define YYLEX yylex (YYLEX_PARAM)
986: #else
987: # define YYLEX yylex ()
988: #endif
989:
990: /* Enable debugging if requested. */
991: #if YYDEBUG
992:
993: # ifndef YYFPRINTF
994: # include <stdio.h> /* INFRINGES ON USER NAME SPACE */
995: # define YYFPRINTF fprintf
996: # endif
997:
998: # define YYDPRINTF(Args) \
999: do { \
1000: if (yydebug) \
1001: YYFPRINTF Args; \
1002: } while (YYID (0))
1003:
1004: # define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
1005: do { \
1006: if (yydebug) \
1007: { \
1008: YYFPRINTF (stderr, "%s ", Title); \
1009: yy_symbol_print (stderr, \
1010: Type, Value); \
1011: YYFPRINTF (stderr, "\n"); \
1012: } \
1013: } while (YYID (0))
1014:
1015:
1016: /*--------------------------------.
1017: | Print this symbol on YYOUTPUT. |
1018: `--------------------------------*/
1019:
1020: /*ARGSUSED*/
1021: #if (defined __STDC__ || defined __C99__FUNC__ \
1022: || defined __cplusplus || defined _MSC_VER)
1023: static void
1024: yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
1025: #else
1026: static void
1027: yy_symbol_value_print (yyoutput, yytype, yyvaluep)
1028: FILE *yyoutput;
1029: int yytype;
1030: YYSTYPE const * const yyvaluep;
1031: #endif
1032: {
1033: FILE *yyo = yyoutput;
1034: YYUSE (yyo);
1035: if (!yyvaluep)
1036: return;
1037: # ifdef YYPRINT
1038: if (yytype < YYNTOKENS)
1039: YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
1040: # else
1041: YYUSE (yyoutput);
1042: # endif
1043: switch (yytype)
1044: {
1045: default:
1046: break;
1047: }
1048: }
1049:
1050:
1051: /*--------------------------------.
1052: | Print this symbol on YYOUTPUT. |
1053: `--------------------------------*/
1054:
1055: #if (defined __STDC__ || defined __C99__FUNC__ \
1056: || defined __cplusplus || defined _MSC_VER)
1057: static void
1058: yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
1059: #else
1060: static void
1061: yy_symbol_print (yyoutput, yytype, yyvaluep)
1062: FILE *yyoutput;
1063: int yytype;
1064: YYSTYPE const * const yyvaluep;
1065: #endif
1066: {
1067: if (yytype < YYNTOKENS)
1068: YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
1069: else
1070: YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
1071:
1072: yy_symbol_value_print (yyoutput, yytype, yyvaluep);
1073: YYFPRINTF (yyoutput, ")");
1074: }
1075:
1076: /*------------------------------------------------------------------.
1077: | yy_stack_print -- Print the state stack from its BOTTOM up to its |
1078: | TOP (included). |
1079: `------------------------------------------------------------------*/
1080:
1081: #if (defined __STDC__ || defined __C99__FUNC__ \
1082: || defined __cplusplus || defined _MSC_VER)
1083: static void
1084: yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
1085: #else
1086: static void
1087: yy_stack_print (yybottom, yytop)
1088: yytype_int16 *yybottom;
1089: yytype_int16 *yytop;
1090: #endif
1091: {
1092: YYFPRINTF (stderr, "Stack now");
1093: for (; yybottom <= yytop; yybottom++)
1094: {
1095: int yybot = *yybottom;
1096: YYFPRINTF (stderr, " %d", yybot);
1097: }
1098: YYFPRINTF (stderr, "\n");
1099: }
1100:
1101: # define YY_STACK_PRINT(Bottom, Top) \
1102: do { \
1103: if (yydebug) \
1104: yy_stack_print ((Bottom), (Top)); \
1105: } while (YYID (0))
1106:
1107:
1108: /*------------------------------------------------.
1109: | Report that the YYRULE is going to be reduced. |
1110: `------------------------------------------------*/
1111:
1112: #if (defined __STDC__ || defined __C99__FUNC__ \
1113: || defined __cplusplus || defined _MSC_VER)
1114: static void
1115: yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
1116: #else
1117: static void
1118: yy_reduce_print (yyvsp, yyrule)
1119: YYSTYPE *yyvsp;
1120: int yyrule;
1121: #endif
1122: {
1123: int yynrhs = yyr2[yyrule];
1124: int yyi;
1125: unsigned long int yylno = yyrline[yyrule];
1126: YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
1127: yyrule - 1, yylno);
1128: /* The symbols being reduced. */
1129: for (yyi = 0; yyi < yynrhs; yyi++)
1130: {
1131: YYFPRINTF (stderr, " $%d = ", yyi + 1);
1132: yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
1133: &(yyvsp[(yyi + 1) - (yynrhs)])
1134: );
1135: YYFPRINTF (stderr, "\n");
1136: }
1137: }
1138:
1139: # define YY_REDUCE_PRINT(Rule) \
1140: do { \
1141: if (yydebug) \
1142: yy_reduce_print (yyvsp, Rule); \
1143: } while (YYID (0))
1144:
1145: /* Nonzero means print parse trace. It is left uninitialized so that
1146: multiple parsers can coexist. */
1147: int yydebug;
1148: #else /* !YYDEBUG */
1149: # define YYDPRINTF(Args)
1150: # define YY_SYMBOL_PRINT(Title, Type, Value, Location)
1151: # define YY_STACK_PRINT(Bottom, Top)
1152: # define YY_REDUCE_PRINT(Rule)
1153: #endif /* !YYDEBUG */
1154:
1155:
1156: /* YYINITDEPTH -- initial size of the parser's stacks. */
1157: #ifndef YYINITDEPTH
1158: # define YYINITDEPTH 200
1159: #endif
1160:
1161: /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
1162: if the built-in stack extension method is used).
1163:
1164: Do not make this value too large; the results are undefined if
1165: YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
1166: evaluated with infinite-precision integer arithmetic. */
1167:
1168: #ifndef YYMAXDEPTH
1169: # define YYMAXDEPTH 10000
1170: #endif
1171:
1172:
1173: #if YYERROR_VERBOSE
1174:
1175: # ifndef yystrlen
1176: # if defined __GLIBC__ && defined _STRING_H
1177: # define yystrlen strlen
1178: # else
1179: /* Return the length of YYSTR. */
1180: #if (defined __STDC__ || defined __C99__FUNC__ \
1181: || defined __cplusplus || defined _MSC_VER)
1182: static YYSIZE_T
1183: yystrlen (const char *yystr)
1184: #else
1185: static YYSIZE_T
1186: yystrlen (yystr)
1187: const char *yystr;
1188: #endif
1189: {
1190: YYSIZE_T yylen;
1191: for (yylen = 0; yystr[yylen]; yylen++)
1192: continue;
1193: return yylen;
1194: }
1195: # endif
1196: # endif
1197:
1198: # ifndef yystpcpy
1199: # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
1200: # define yystpcpy stpcpy
1201: # else
1202: /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
1203: YYDEST. */
1204: #if (defined __STDC__ || defined __C99__FUNC__ \
1205: || defined __cplusplus || defined _MSC_VER)
1206: static char *
1207: yystpcpy (char *yydest, const char *yysrc)
1208: #else
1209: static char *
1210: yystpcpy (yydest, yysrc)
1211: char *yydest;
1212: const char *yysrc;
1213: #endif
1214: {
1215: char *yyd = yydest;
1216: const char *yys = yysrc;
1217:
1218: while ((*yyd++ = *yys++) != '\0')
1219: continue;
1220:
1221: return yyd - 1;
1222: }
1223: # endif
1224: # endif
1225:
1226: # ifndef yytnamerr
1227: /* Copy to YYRES the contents of YYSTR after stripping away unnecessary
1228: quotes and backslashes, so that it's suitable for yyerror. The
1229: heuristic is that double-quoting is unnecessary unless the string
1230: contains an apostrophe, a comma, or backslash (other than
1231: backslash-backslash). YYSTR is taken from yytname. If YYRES is
1232: null, do not copy; instead, return the length of what the result
1233: would have been. */
1234: static YYSIZE_T
1235: yytnamerr (char *yyres, const char *yystr)
1236: {
1237: if (*yystr == '"')
1238: {
1239: YYSIZE_T yyn = 0;
1240: char const *yyp = yystr;
1241:
1242: for (;;)
1243: switch (*++yyp)
1244: {
1245: case '\'':
1246: case ',':
1247: goto do_not_strip_quotes;
1248:
1249: case '\\':
1250: if (*++yyp != '\\')
1251: goto do_not_strip_quotes;
1252: /* Fall through. */
1253: default:
1254: if (yyres)
1255: yyres[yyn] = *yyp;
1256: yyn++;
1257: break;
1258:
1259: case '"':
1260: if (yyres)
1261: yyres[yyn] = '\0';
1262: return yyn;
1263: }
1264: do_not_strip_quotes: ;
1265: }
1266:
1267: if (! yyres)
1268: return yystrlen (yystr);
1269:
1270: return yystpcpy (yyres, yystr) - yyres;
1271: }
1272: # endif
1273:
1274: /* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message
1275: about the unexpected token YYTOKEN for the state stack whose top is
1276: YYSSP.
1277:
1278: Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is
1279: not large enough to hold the message. In that case, also set
1280: *YYMSG_ALLOC to the required number of bytes. Return 2 if the
1281: required number of bytes is too large to store. */
1282: static int
1283: yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
1284: yytype_int16 *yyssp, int yytoken)
1285: {
1286: YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
1287: YYSIZE_T yysize = yysize0;
1288: YYSIZE_T yysize1;
1289: enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
1290: /* Internationalized format string. */
1291: const char *yyformat = YY_NULL;
1292: /* Arguments of yyformat. */
1293: char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
1294: /* Number of reported tokens (one for the "unexpected", one per
1295: "expected"). */
1296: int yycount = 0;
1297:
1298: /* There are many possibilities here to consider:
1299: - Assume YYFAIL is not used. It's too flawed to consider. See
1300: <http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html>
1301: for details. YYERROR is fine as it does not invoke this
1302: function.
1303: - If this state is a consistent state with a default action, then
1304: the only way this function was invoked is if the default action
1305: is an error action. In that case, don't check for expected
1306: tokens because there are none.
1307: - The only way there can be no lookahead present (in yychar) is if
1308: this state is a consistent state with a default action. Thus,
1309: detecting the absence of a lookahead is sufficient to determine
1310: that there is no unexpected or expected token to report. In that
1311: case, just report a simple "syntax error".
1312: - Don't assume there isn't a lookahead just because this state is a
1313: consistent state with a default action. There might have been a
1314: previous inconsistent state, consistent state with a non-default
1315: action, or user semantic action that manipulated yychar.
1316: - Of course, the expected token list depends on states to have
1317: correct lookahead information, and it depends on the parser not
1318: to perform extra reductions after fetching a lookahead from the
1319: scanner and before detecting a syntax error. Thus, state merging
1320: (from LALR or IELR) and default reductions corrupt the expected
1321: token list. However, the list is correct for canonical LR with
1322: one exception: it will still contain any token that will not be
1323: accepted due to an error action in a later state.
1324: */
1325: if (yytoken != YYEMPTY)
1326: {
1327: int yyn = yypact[*yyssp];
1328: yyarg[yycount++] = yytname[yytoken];
1329: if (!yypact_value_is_default (yyn))
1330: {
1331: /* Start YYX at -YYN if negative to avoid negative indexes in
1332: YYCHECK. In other words, skip the first -YYN actions for
1333: this state because they are default actions. */
1334: int yyxbegin = yyn < 0 ? -yyn : 0;
1335: /* Stay within bounds of both yycheck and yytname. */
1336: int yychecklim = YYLAST - yyn + 1;
1337: int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
1338: int yyx;
1339:
1340: for (yyx = yyxbegin; yyx < yyxend; ++yyx)
1341: if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR
1342: && !yytable_value_is_error (yytable[yyx + yyn]))
1343: {
1344: if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
1345: {
1346: yycount = 1;
1347: yysize = yysize0;
1348: break;
1349: }
1350: yyarg[yycount++] = yytname[yyx];
1351: yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
1352: if (! (yysize <= yysize1
1353: && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
1354: return 2;
1355: yysize = yysize1;
1356: }
1357: }
1358: }
1359:
1360: switch (yycount)
1361: {
1362: # define YYCASE_(N, S) \
1363: case N: \
1364: yyformat = S; \
1365: break
1366: YYCASE_(0, YY_("syntax error"));
1367: YYCASE_(1, YY_("syntax error, unexpected %s"));
1368: YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s"));
1369: YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s"));
1370: YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s"));
1371: YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"));
1372: # undef YYCASE_
1373: }
1374:
1375: yysize1 = yysize + yystrlen (yyformat);
1376: if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
1377: return 2;
1378: yysize = yysize1;
1379:
1380: if (*yymsg_alloc < yysize)
1381: {
1382: *yymsg_alloc = 2 * yysize;
1383: if (! (yysize <= *yymsg_alloc
1384: && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
1385: *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
1386: return 1;
1387: }
1388:
1389: /* Avoid sprintf, as that infringes on the user's name space.
1390: Don't have undefined behavior even if the translation
1391: produced a string with the wrong number of "%s"s. */
1392: {
1393: char *yyp = *yymsg;
1394: int yyi = 0;
1395: while ((*yyp = *yyformat) != '\0')
1396: if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount)
1397: {
1398: yyp += yytnamerr (yyp, yyarg[yyi++]);
1399: yyformat += 2;
1400: }
1401: else
1402: {
1403: yyp++;
1404: yyformat++;
1405: }
1406: }
1407: return 0;
1408: }
1409: #endif /* YYERROR_VERBOSE */
1410:
1411: /*-----------------------------------------------.
1412: | Release the memory associated to this symbol. |
1413: `-----------------------------------------------*/
1414:
1415: /*ARGSUSED*/
1416: #if (defined __STDC__ || defined __C99__FUNC__ \
1417: || defined __cplusplus || defined _MSC_VER)
1418: static void
1419: yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
1420: #else
1421: static void
1422: yydestruct (yymsg, yytype, yyvaluep)
1423: const char *yymsg;
1424: int yytype;
1425: YYSTYPE *yyvaluep;
1426: #endif
1427: {
1428: YYUSE (yyvaluep);
1429:
1430: if (!yymsg)
1431: yymsg = "Deleting";
1432: YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
1433:
1434: switch (yytype)
1435: {
1436:
1437: default:
1438: break;
1439: }
1440: }
1441:
1442:
1443:
1444:
1445: /* The lookahead symbol. */
1446: int yychar;
1447:
1448: /* The semantic value of the lookahead symbol. */
1449: YYSTYPE yylval;
1450:
1451: /* Number of syntax errors so far. */
1452: int yynerrs;
1453:
1454:
1455: /*----------.
1456: | yyparse. |
1457: `----------*/
1458:
1459: #ifdef YYPARSE_PARAM
1460: #if (defined __STDC__ || defined __C99__FUNC__ \
1461: || defined __cplusplus || defined _MSC_VER)
1462: int
1463: yyparse (void *YYPARSE_PARAM)
1464: #else
1465: int
1466: yyparse (YYPARSE_PARAM)
1467: void *YYPARSE_PARAM;
1468: #endif
1469: #else /* ! YYPARSE_PARAM */
1470: #if (defined __STDC__ || defined __C99__FUNC__ \
1471: || defined __cplusplus || defined _MSC_VER)
1472: int
1473: yyparse (void)
1474: #else
1475: int
1476: yyparse ()
1477:
1478: #endif
1479: #endif
1480: {
1481: int yystate;
1482: /* Number of tokens to shift before error messages enabled. */
1483: int yyerrstatus;
1484:
1485: /* The stacks and their tools:
1486: `yyss': related to states.
1487: `yyvs': related to semantic values.
1488:
1489: Refer to the stacks through separate pointers, to allow yyoverflow
1490: to reallocate them elsewhere. */
1491:
1492: /* The state stack. */
1493: yytype_int16 yyssa[YYINITDEPTH];
1494: yytype_int16 *yyss;
1495: yytype_int16 *yyssp;
1496:
1497: /* The semantic value stack. */
1498: YYSTYPE yyvsa[YYINITDEPTH];
1499: YYSTYPE *yyvs;
1500: YYSTYPE *yyvsp;
1501:
1502: YYSIZE_T yystacksize;
1503:
1504: int yyn;
1505: int yyresult;
1506: /* Lookahead token as an internal (translated) token number. */
1507: int yytoken;
1508: /* The variables used to return semantic value and location from the
1509: action routines. */
1510: YYSTYPE yyval;
1511:
1512: #if YYERROR_VERBOSE
1513: /* Buffer for error messages, and its allocated size. */
1514: char yymsgbuf[128];
1515: char *yymsg = yymsgbuf;
1516: YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
1517: #endif
1518:
1519: #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
1520:
1521: /* The number of symbols on the RHS of the reduced rule.
1522: Keep to zero when no symbol should be popped. */
1523: int yylen = 0;
1524:
1525: yytoken = 0;
1526: yyss = yyssa;
1527: yyvs = yyvsa;
1528: yystacksize = YYINITDEPTH;
1529:
1530: YYDPRINTF ((stderr, "Starting parse\n"));
1531:
1532: yystate = 0;
1533: yyerrstatus = 0;
1534: yynerrs = 0;
1535: yychar = YYEMPTY; /* Cause a token to be read. */
1536:
1537: /* Initialize stack pointers.
1538: Waste one element of value and location stack
1539: so that they stay on the same level as the state stack.
1540: The wasted elements are never initialized. */
1541: yyssp = yyss;
1542: yyvsp = yyvs;
1543: goto yysetstate;
1544:
1545: /*------------------------------------------------------------.
1546: | yynewstate -- Push a new state, which is found in yystate. |
1547: `------------------------------------------------------------*/
1548: yynewstate:
1549: /* In all cases, when you get here, the value and location stacks
1550: have just been pushed. So pushing a state here evens the stacks. */
1551: yyssp++;
1552:
1553: yysetstate:
1554: *yyssp = yystate;
1555:
1556: if (yyss + yystacksize - 1 <= yyssp)
1557: {
1558: /* Get the current used size of the three stacks, in elements. */
1559: YYSIZE_T yysize = yyssp - yyss + 1;
1560:
1561: #ifdef yyoverflow
1562: {
1563: /* Give user a chance to reallocate the stack. Use copies of
1564: these so that the &'s don't force the real ones into
1565: memory. */
1566: YYSTYPE *yyvs1 = yyvs;
1567: yytype_int16 *yyss1 = yyss;
1568:
1569: /* Each stack pointer address is followed by the size of the
1570: data in use in that stack, in bytes. This used to be a
1571: conditional around just the two extra args, but that might
1572: be undefined if yyoverflow is a macro. */
1573: yyoverflow (YY_("memory exhausted"),
1574: &yyss1, yysize * sizeof (*yyssp),
1575: &yyvs1, yysize * sizeof (*yyvsp),
1576: &yystacksize);
1577:
1578: yyss = yyss1;
1579: yyvs = yyvs1;
1580: }
1581: #else /* no yyoverflow */
1582: # ifndef YYSTACK_RELOCATE
1583: goto yyexhaustedlab;
1584: # else
1585: /* Extend the stack our own way. */
1586: if (YYMAXDEPTH <= yystacksize)
1587: goto yyexhaustedlab;
1588: yystacksize *= 2;
1589: if (YYMAXDEPTH < yystacksize)
1590: yystacksize = YYMAXDEPTH;
1591:
1592: {
1593: yytype_int16 *yyss1 = yyss;
1594: union yyalloc *yyptr =
1595: (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
1596: if (! yyptr)
1597: goto yyexhaustedlab;
1598: YYSTACK_RELOCATE (yyss_alloc, yyss);
1599: YYSTACK_RELOCATE (yyvs_alloc, yyvs);
1600: # undef YYSTACK_RELOCATE
1601: if (yyss1 != yyssa)
1602: YYSTACK_FREE (yyss1);
1603: }
1604: # endif
1605: #endif /* no yyoverflow */
1606:
1607: yyssp = yyss + yysize - 1;
1608: yyvsp = yyvs + yysize - 1;
1609:
1610: YYDPRINTF ((stderr, "Stack size increased to %lu\n",
1611: (unsigned long int) yystacksize));
1612:
1613: if (yyss + yystacksize - 1 <= yyssp)
1614: YYABORT;
1615: }
1616:
1617: YYDPRINTF ((stderr, "Entering state %d\n", yystate));
1618:
1619: if (yystate == YYFINAL)
1620: YYACCEPT;
1621:
1622: goto yybackup;
1623:
1624: /*-----------.
1625: | yybackup. |
1626: `-----------*/
1627: yybackup:
1628:
1629: /* Do appropriate processing given the current state. Read a
1630: lookahead token if we need one and don't already have one. */
1631:
1632: /* First try to decide what to do without reference to lookahead token. */
1633: yyn = yypact[yystate];
1634: if (yypact_value_is_default (yyn))
1635: goto yydefault;
1636:
1637: /* Not known => get a lookahead token if don't already have one. */
1638:
1639: /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
1640: if (yychar == YYEMPTY)
1641: {
1642: YYDPRINTF ((stderr, "Reading a token: "));
1643: yychar = YYLEX;
1644: }
1645:
1646: if (yychar <= YYEOF)
1647: {
1648: yychar = yytoken = YYEOF;
1649: YYDPRINTF ((stderr, "Now at end of input.\n"));
1650: }
1651: else
1652: {
1653: yytoken = YYTRANSLATE (yychar);
1654: YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
1655: }
1656:
1657: /* If the proper action on seeing token YYTOKEN is to reduce or to
1658: detect an error, take that action. */
1659: yyn += yytoken;
1660: if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
1661: goto yydefault;
1662: yyn = yytable[yyn];
1663: if (yyn <= 0)
1664: {
1665: if (yytable_value_is_error (yyn))
1666: goto yyerrlab;
1667: yyn = -yyn;
1668: goto yyreduce;
1669: }
1670:
1671: /* Count tokens shifted since error; after three, turn off error
1672: status. */
1673: if (yyerrstatus)
1674: yyerrstatus--;
1675:
1676: /* Shift the lookahead token. */
1677: YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
1678:
1679: /* Discard the shifted token. */
1680: yychar = YYEMPTY;
1681:
1682: yystate = yyn;
1683: *++yyvsp = yylval;
1684:
1685: goto yynewstate;
1686:
1687:
1688: /*-----------------------------------------------------------.
1689: | yydefault -- do the default action for the current state. |
1690: `-----------------------------------------------------------*/
1691: yydefault:
1692: yyn = yydefact[yystate];
1693: if (yyn == 0)
1694: goto yyerrlab;
1695: goto yyreduce;
1696:
1697:
1698: /*-----------------------------.
1699: | yyreduce -- Do a reduction. |
1700: `-----------------------------*/
1701: yyreduce:
1702: /* yyn is the number of a rule to reduce with. */
1703: yylen = yyr2[yyn];
1704:
1705: /* If YYLEN is nonzero, implement the default value of the action:
1706: `$$ = $1'.
1707:
1708: Otherwise, the following line sets YYVAL to garbage.
1709: This behavior is undocumented and Bison
1710: users should not rely upon it. Assigning to YYVAL
1711: unconditionally makes the parser a bit smaller, and it avoids a
1712: GCC warning that YYVAL may be used uninitialized. */
1713: yyval = yyvsp[1-yylen];
1714:
1715:
1716: YY_REDUCE_PRINT (yyn);
1717: switch (yyn)
1718: {
1719: case 3:
1720: /* Line 1787 of yacc.c */
1721: #line 154 "parse.y"
1722: {
1723: free_buffer();
1724: parse_init();
1725: }
1726: break;
1727:
1728: case 16:
1729: /* Line 1787 of yacc.c */
1730: #line 179 "parse.y"
1731: {
1732: int status;
1733:
1734: status = setkeymsg_add(SADB_ADD, (yyvsp[(5) - (9)].num), (yyvsp[(3) - (9)].res), (yyvsp[(4) - (9)].res));
1735: if (status < 0)
1736: return -1;
1737: }
1738: break;
1739:
1740: case 17:
1741: /* Line 1787 of yacc.c */
1742: #line 191 "parse.y"
1743: {
1744: int status;
1745:
1746: if ((yyvsp[(3) - (8)].res)->ai_next || (yyvsp[(4) - (8)].res)->ai_next) {
1747: yyerror("multiple address specified");
1748: return -1;
1749: }
1750: if (p_mode != IPSEC_MODE_ANY)
1751: yyerror("WARNING: mode is obsolete");
1752:
1753: status = setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
1754: if (status < 0)
1755: return -1;
1756: }
1757: break;
1758:
1759: case 18:
1760: /* Line 1787 of yacc.c */
1761: #line 210 "parse.y"
1762: {
1763: #ifndef __linux__
1764: if (setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 1) < 0)
1765: return -1;
1766: #else /* __linux__ */
1767: /* linux strictly adheres to RFC2367, and returns
1768: * an error if we send an SADB_DELETE request without
1769: * an SPI. Therefore, we must first retrieve a list
1770: * of SPIs for all matching SADB entries, and then
1771: * delete each one separately. */
1772: u_int32_t *spi;
1773: int i, n;
1774:
1775: spi = sendkeymsg_spigrep((yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), &n);
1776: for (i = 0; i < n; i++) {
1777: p_spi = spi[i];
1778: if (setkeymsg_addr(SADB_DELETE,
1779: (yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 0) < 0)
1780: return -1;
1781: }
1782: free(spi);
1783: #endif /* __linux__ */
1784: }
1785: break;
1786:
1787: case 19:
1788: /* Line 1787 of yacc.c */
1789: #line 238 "parse.y"
1790: {
1791: int status;
1792:
1793: if (p_mode != IPSEC_MODE_ANY)
1794: yyerror("WARNING: mode is obsolete");
1795:
1796: status = setkeymsg_addr(SADB_GET, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
1797: if (status < 0)
1798: return -1;
1799: }
1800: break;
1801:
1802: case 20:
1803: /* Line 1787 of yacc.c */
1804: #line 253 "parse.y"
1805: {
1806: struct sadb_msg msg;
1807: setkeymsg0(&msg, SADB_FLUSH, (yyvsp[(2) - (3)].num), sizeof(msg));
1808: sendkeymsg((char *)&msg, sizeof(msg));
1809: }
1810: break;
1811:
1812: case 21:
1813: /* Line 1787 of yacc.c */
1814: #line 263 "parse.y"
1815: {
1816: struct sadb_msg msg;
1817: setkeymsg0(&msg, SADB_DUMP, (yyvsp[(2) - (3)].num), sizeof(msg));
1818: sendkeymsg((char *)&msg, sizeof(msg));
1819: }
1820: break;
1821:
1822: case 22:
1823: /* Line 1787 of yacc.c */
1824: #line 272 "parse.y"
1825: {
1826: (yyval.num) = SADB_SATYPE_UNSPEC;
1827: }
1828: break;
1829:
1830: case 23:
1831: /* Line 1787 of yacc.c */
1832: #line 276 "parse.y"
1833: {
1834: (yyval.num) = SADB_SATYPE_ESP;
1835: if ((yyvsp[(1) - (1)].num) == 1)
1836: p_ext |= SADB_X_EXT_OLD;
1837: else
1838: p_ext &= ~SADB_X_EXT_OLD;
1839: }
1840: break;
1841:
1842: case 24:
1843: /* Line 1787 of yacc.c */
1844: #line 284 "parse.y"
1845: {
1846: (yyval.num) = SADB_SATYPE_AH;
1847: if ((yyvsp[(1) - (1)].num) == 1)
1848: p_ext |= SADB_X_EXT_OLD;
1849: else
1850: p_ext &= ~SADB_X_EXT_OLD;
1851: }
1852: break;
1853:
1854: case 25:
1855: /* Line 1787 of yacc.c */
1856: #line 292 "parse.y"
1857: {
1858: (yyval.num) = SADB_X_SATYPE_IPCOMP;
1859: }
1860: break;
1861:
1862: case 26:
1863: /* Line 1787 of yacc.c */
1864: #line 296 "parse.y"
1865: {
1866: (yyval.num) = SADB_SATYPE_ESP;
1867: p_ext &= ~SADB_X_EXT_OLD;
1868: p_natt_oa = 0;
1869: p_natt_type = UDP_ENCAP_ESPINUDP;
1870: }
1871: break;
1872:
1873: case 27:
1874: /* Line 1787 of yacc.c */
1875: #line 303 "parse.y"
1876: {
1877: (yyval.num) = SADB_SATYPE_ESP;
1878: p_ext &= ~SADB_X_EXT_OLD;
1879: p_natt_oa = (yyvsp[(2) - (2)].res);
1880: p_natt_type = UDP_ENCAP_ESPINUDP;
1881: }
1882: break;
1883:
1884: case 28:
1885: /* Line 1787 of yacc.c */
1886: #line 310 "parse.y"
1887: {
1888: #ifdef SADB_X_SATYPE_TCPSIGNATURE
1889: (yyval.num) = SADB_X_SATYPE_TCPSIGNATURE;
1890: #endif
1891: }
1892: break;
1893:
1894: case 29:
1895: /* Line 1787 of yacc.c */
1896: #line 318 "parse.y"
1897: { p_spi = (yyvsp[(1) - (1)].ulnum); }
1898: break;
1899:
1900: case 30:
1901: /* Line 1787 of yacc.c */
1902: #line 320 "parse.y"
1903: {
1904: char *ep;
1905: unsigned long v;
1906:
1907: ep = NULL;
1908: v = strtoul((yyvsp[(1) - (1)].val).buf, &ep, 16);
1909: if (!ep || *ep) {
1910: yyerror("invalid SPI");
1911: return -1;
1912: }
1913: if (v & ~0xffffffff) {
1914: yyerror("SPI too big.");
1915: return -1;
1916: }
1917:
1918: p_spi = v;
1919: }
1920: break;
1921:
1922: case 37:
1923: /* Line 1787 of yacc.c */
1924: #line 356 "parse.y"
1925: {
1926: if ((yyvsp[(2) - (2)].num) < 0) {
1927: yyerror("unsupported algorithm");
1928: return -1;
1929: }
1930: p_alg_enc = (yyvsp[(2) - (2)].num);
1931: }
1932: break;
1933:
1934: case 38:
1935: /* Line 1787 of yacc.c */
1936: #line 364 "parse.y"
1937: {
1938: if ((yyvsp[(2) - (3)].num) < 0) {
1939: yyerror("unsupported algorithm");
1940: return -1;
1941: }
1942: p_alg_enc = (yyvsp[(2) - (3)].num);
1943: p_ext |= SADB_X_EXT_RAWCPI;
1944: }
1945: break;
1946:
1947: case 39:
1948: /* Line 1787 of yacc.c */
1949: #line 375 "parse.y"
1950: {
1951: if ((yyvsp[(1) - (1)].num) < 0) {
1952: yyerror("unsupported algorithm");
1953: return -1;
1954: }
1955: p_alg_enc = (yyvsp[(1) - (1)].num);
1956:
1957: p_key_enc_len = 0;
1958: p_key_enc = "";
1959: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1960: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1961: yyerror(ipsec_strerror());
1962: return -1;
1963: }
1964: }
1965: break;
1966:
1967: case 40:
1968: /* Line 1787 of yacc.c */
1969: #line 390 "parse.y"
1970: {
1971: if ((yyvsp[(1) - (2)].num) < 0) {
1972: yyerror("unsupported algorithm");
1973: return -1;
1974: }
1975: p_alg_enc = (yyvsp[(1) - (2)].num);
1976:
1977: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
1978: p_key_enc = (yyvsp[(2) - (2)].val).buf;
1979: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1980: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1981: yyerror(ipsec_strerror());
1982: return -1;
1983: }
1984: }
1985: break;
1986:
1987: case 41:
1988: /* Line 1787 of yacc.c */
1989: #line 405 "parse.y"
1990: {
1991: if ((yyvsp[(1) - (1)].num) < 0) {
1992: yyerror("unsupported algorithm");
1993: return -1;
1994: }
1995: yyerror("WARNING: obsolete algorithm");
1996: p_alg_enc = (yyvsp[(1) - (1)].num);
1997:
1998: p_key_enc_len = 0;
1999: p_key_enc = "";
2000: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
2001: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
2002: yyerror(ipsec_strerror());
2003: return -1;
2004: }
2005: }
2006: break;
2007:
2008: case 42:
2009: /* Line 1787 of yacc.c */
2010: #line 422 "parse.y"
2011: {
2012: if ((yyvsp[(1) - (2)].num) < 0) {
2013: yyerror("unsupported algorithm");
2014: return -1;
2015: }
2016: p_alg_enc = (yyvsp[(1) - (2)].num);
2017: if (p_ext & SADB_X_EXT_OLD) {
2018: yyerror("algorithm mismatched");
2019: return -1;
2020: }
2021: p_ext |= SADB_X_EXT_DERIV;
2022:
2023: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
2024: p_key_enc = (yyvsp[(2) - (2)].val).buf;
2025: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
2026: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
2027: yyerror(ipsec_strerror());
2028: return -1;
2029: }
2030: }
2031: break;
2032:
2033: case 43:
2034: /* Line 1787 of yacc.c */
2035: #line 443 "parse.y"
2036: {
2037: if ((yyvsp[(1) - (2)].num) < 0) {
2038: yyerror("unsupported algorithm");
2039: return -1;
2040: }
2041: p_alg_enc = (yyvsp[(1) - (2)].num);
2042: if (!(p_ext & SADB_X_EXT_OLD)) {
2043: yyerror("algorithm mismatched");
2044: return -1;
2045: }
2046: p_ext |= SADB_X_EXT_IV4B;
2047:
2048: p_key_enc_len = (yyvsp[(2) - (2)].val).len;
2049: p_key_enc = (yyvsp[(2) - (2)].val).buf;
2050: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
2051: p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
2052: yyerror(ipsec_strerror());
2053: return -1;
2054: }
2055: }
2056: break;
2057:
2058: case 44:
2059: /* Line 1787 of yacc.c */
2060: #line 466 "parse.y"
2061: {
2062: if ((yyvsp[(1) - (2)].num) < 0) {
2063: yyerror("unsupported algorithm");
2064: return -1;
2065: }
2066: p_alg_auth = (yyvsp[(1) - (2)].num);
2067:
2068: p_key_auth_len = (yyvsp[(2) - (2)].val).len;
2069: p_key_auth = (yyvsp[(2) - (2)].val).buf;
2070: #ifdef SADB_X_AALG_TCP_MD5
2071: if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
2072: if ((p_key_auth_len < 1) ||
2073: (p_key_auth_len > 80))
2074: return -1;
2075: } else
2076: #endif
2077: {
2078: if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
2079: p_alg_auth,
2080: PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
2081: yyerror(ipsec_strerror());
2082: return -1;
2083: }
2084: }
2085: }
2086: break;
2087:
2088: case 45:
2089: /* Line 1787 of yacc.c */
2090: #line 491 "parse.y"
2091: {
2092: if ((yyvsp[(1) - (1)].num) < 0) {
2093: yyerror("unsupported algorithm");
2094: return -1;
2095: }
2096: p_alg_auth = (yyvsp[(1) - (1)].num);
2097:
2098: p_key_auth_len = 0;
2099: p_key_auth = NULL;
2100: }
2101: break;
2102:
2103: case 46:
2104: /* Line 1787 of yacc.c */
2105: #line 505 "parse.y"
2106: {
2107: (yyval.val) = (yyvsp[(1) - (1)].val);
2108: }
2109: break;
2110:
2111: case 47:
2112: /* Line 1787 of yacc.c */
2113: #line 509 "parse.y"
2114: {
2115: caddr_t pp_key;
2116: caddr_t bp;
2117: caddr_t yp = (yyvsp[(1) - (1)].val).buf;
2118: int l;
2119:
2120: l = strlen(yp) % 2 + strlen(yp) / 2;
2121: if ((pp_key = malloc(l)) == 0) {
2122: yyerror("not enough core");
2123: return -1;
2124: }
2125: memset(pp_key, 0, l);
2126:
2127: bp = pp_key;
2128: if (strlen(yp) % 2) {
2129: *bp = ATOX(yp[0]);
2130: yp++, bp++;
2131: }
2132: while (*yp) {
2133: *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
2134: yp += 2, bp++;
2135: }
2136:
2137: (yyval.val).len = l;
2138: (yyval.val).buf = pp_key;
2139: }
2140: break;
2141:
2142: case 50:
2143: /* Line 1787 of yacc.c */
2144: #line 543 "parse.y"
2145: { p_ext |= (yyvsp[(2) - (2)].num); }
2146: break;
2147:
2148: case 51:
2149: /* Line 1787 of yacc.c */
2150: #line 544 "parse.y"
2151: { p_ext &= ~SADB_X_EXT_CYCSEQ; }
2152: break;
2153:
2154: case 52:
2155: /* Line 1787 of yacc.c */
2156: #line 545 "parse.y"
2157: { p_mode = (yyvsp[(2) - (2)].num); }
2158: break;
2159:
2160: case 53:
2161: /* Line 1787 of yacc.c */
2162: #line 546 "parse.y"
2163: { p_mode = IPSEC_MODE_ANY; }
2164: break;
2165:
2166: case 54:
2167: /* Line 1787 of yacc.c */
2168: #line 547 "parse.y"
2169: { p_reqid = (yyvsp[(2) - (2)].ulnum); }
2170: break;
2171:
2172: case 55:
2173: /* Line 1787 of yacc.c */
2174: #line 549 "parse.y"
2175: {
2176: if ((p_ext & SADB_X_EXT_OLD) != 0) {
2177: yyerror("replay prevention cannot be used with "
2178: "ah/esp-old");
2179: return -1;
2180: }
2181: p_replay = (yyvsp[(2) - (2)].ulnum);
2182: }
2183: break;
2184:
2185: case 56:
2186: /* Line 1787 of yacc.c */
2187: #line 557 "parse.y"
2188: { p_lt_hard = (yyvsp[(2) - (2)].ulnum); }
2189: break;
2190:
2191: case 57:
2192: /* Line 1787 of yacc.c */
2193: #line 558 "parse.y"
2194: { p_lt_soft = (yyvsp[(2) - (2)].ulnum); }
2195: break;
2196:
2197: case 58:
2198: /* Line 1787 of yacc.c */
2199: #line 559 "parse.y"
2200: { p_lb_hard = (yyvsp[(2) - (2)].ulnum); }
2201: break;
2202:
2203: case 59:
2204: /* Line 1787 of yacc.c */
2205: #line 560 "parse.y"
2206: { p_lb_soft = (yyvsp[(2) - (2)].ulnum); }
2207: break;
2208:
2209: case 60:
2210: /* Line 1787 of yacc.c */
2211: #line 561 "parse.y"
2212: {
2213: sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
2214: sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
2215: sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
2216: sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
2217: }
2218: break;
2219:
2220: case 61:
2221: /* Line 1787 of yacc.c */
2222: #line 574 "parse.y"
2223: {
2224: int status;
2225: struct addrinfo *src, *dst;
2226:
2227: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2228: last_msg_type = SADB_X_SPDADD;
2229: #endif
2230:
2231: /* fixed port fields if ulp is icmp */
2232: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2233: return -1;
2234:
2235: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2236: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2237: if (!src || !dst) {
2238: /* yyerror is already called */
2239: return -1;
2240: }
2241: if (src->ai_next || dst->ai_next) {
2242: yyerror("multiple address specified");
2243: freeaddrinfo(src);
2244: freeaddrinfo(dst);
2245: return -1;
2246: }
2247:
2248: status = setkeymsg_spdaddr(SADB_X_SPDADD, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2249: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2250: freeaddrinfo(src);
2251: freeaddrinfo(dst);
2252: if (status < 0)
2253: return -1;
2254: }
2255: break;
2256:
2257: case 62:
2258: /* Line 1787 of yacc.c */
2259: #line 607 "parse.y"
2260: {
2261: int status;
2262:
2263: status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
2264: (yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
2265: if (status < 0)
2266: return -1;
2267: }
2268: break;
2269:
2270: case 63:
2271: /* Line 1787 of yacc.c */
2272: #line 620 "parse.y"
2273: {
2274: int status;
2275: struct addrinfo *src, *dst;
2276:
2277: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2278: last_msg_type = SADB_X_SPDUPDATE;
2279: #endif
2280:
2281: /* fixed port fields if ulp is icmp */
2282: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2283: return -1;
2284:
2285: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2286: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2287: if (!src || !dst) {
2288: /* yyerror is already called */
2289: return -1;
2290: }
2291: if (src->ai_next || dst->ai_next) {
2292: yyerror("multiple address specified");
2293: freeaddrinfo(src);
2294: freeaddrinfo(dst);
2295: return -1;
2296: }
2297:
2298: status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2299: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2300: freeaddrinfo(src);
2301: freeaddrinfo(dst);
2302: if (status < 0)
2303: return -1;
2304: }
2305: break;
2306:
2307: case 64:
2308: /* Line 1787 of yacc.c */
2309: #line 653 "parse.y"
2310: {
2311: int status;
2312:
2313: status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
2314: (yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
2315: if (status < 0)
2316: return -1;
2317: }
2318: break;
2319:
2320: case 65:
2321: /* Line 1787 of yacc.c */
2322: #line 665 "parse.y"
2323: {
2324: int status;
2325: struct addrinfo *src, *dst;
2326:
2327: /* fixed port fields if ulp is icmp */
2328: if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
2329: return -1;
2330:
2331: src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
2332: dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
2333: if (!src || !dst) {
2334: /* yyerror is already called */
2335: return -1;
2336: }
2337: if (src->ai_next || dst->ai_next) {
2338: yyerror("multiple address specified");
2339: freeaddrinfo(src);
2340: freeaddrinfo(dst);
2341: return -1;
2342: }
2343:
2344: status = setkeymsg_spdaddr(SADB_X_SPDDELETE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
2345: src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
2346: freeaddrinfo(src);
2347: freeaddrinfo(dst);
2348: if (status < 0)
2349: return -1;
2350: }
2351: break;
2352:
2353: case 66:
2354: /* Line 1787 of yacc.c */
2355: #line 697 "parse.y"
2356: {
2357: struct sadb_msg msg;
2358: setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
2359: sizeof(msg));
2360: sendkeymsg((char *)&msg, sizeof(msg));
2361: }
2362: break;
2363:
2364: case 67:
2365: /* Line 1787 of yacc.c */
2366: #line 708 "parse.y"
2367: {
2368: struct sadb_msg msg;
2369: setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
2370: sizeof(msg));
2371: sendkeymsg((char *)&msg, sizeof(msg));
2372: }
2373: break;
2374:
2375: case 70:
2376: /* Line 1787 of yacc.c */
2377: #line 723 "parse.y"
2378: {
2379: char *p;
2380:
2381: for (p = (yyvsp[(1) - (1)].val).buf + 1; *p; p++)
2382: switch (*p) {
2383: case '4':
2384: p_aifamily = AF_INET;
2385: break;
2386: #ifdef INET6
2387: case '6':
2388: p_aifamily = AF_INET6;
2389: break;
2390: #endif
2391: case 'n':
2392: p_aiflags = AI_NUMERICHOST;
2393: break;
2394: default:
2395: yyerror("invalid flag");
2396: return -1;
2397: }
2398: }
2399: break;
2400:
2401: case 71:
2402: /* Line 1787 of yacc.c */
2403: #line 748 "parse.y"
2404: {
2405: (yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
2406: if ((yyval.res) == NULL) {
2407: /* yyerror already called by parse_addr */
2408: return -1;
2409: }
2410: }
2411: break;
2412:
2413: case 72:
2414: /* Line 1787 of yacc.c */
2415: #line 759 "parse.y"
2416: {
2417: (yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
2418: if ((yyval.res) == NULL) {
2419: /* yyerror already called by parse_addr */
2420: return -1;
2421: }
2422: }
2423: break;
2424:
2425: case 73:
2426: /* Line 1787 of yacc.c */
2427: #line 767 "parse.y"
2428: {
2429: (yyval.res) = parse_addr((yyvsp[(1) - (2)].val).buf, (yyvsp[(2) - (2)].val).buf);
2430: if ((yyval.res) == NULL) {
2431: /* yyerror already called by parse_addr */
2432: return -1;
2433: }
2434: }
2435: break;
2436:
2437: case 74:
2438: /* Line 1787 of yacc.c */
2439: #line 777 "parse.y"
2440: { (yyval.num) = -1; }
2441: break;
2442:
2443: case 75:
2444: /* Line 1787 of yacc.c */
2445: #line 778 "parse.y"
2446: { (yyval.num) = (yyvsp[(2) - (2)].ulnum); }
2447: break;
2448:
2449: case 76:
2450: /* Line 1787 of yacc.c */
2451: #line 783 "parse.y"
2452: {
2453: (yyval.val).buf = strdup("0");
2454: if (!(yyval.val).buf) {
2455: yyerror("insufficient memory");
2456: return -1;
2457: }
2458: (yyval.val).len = strlen((yyval.val).buf);
2459: }
2460: break;
2461:
2462: case 77:
2463: /* Line 1787 of yacc.c */
2464: #line 792 "parse.y"
2465: {
2466: (yyval.val).buf = strdup("0");
2467: if (!(yyval.val).buf) {
2468: yyerror("insufficient memory");
2469: return -1;
2470: }
2471: (yyval.val).len = strlen((yyval.val).buf);
2472: }
2473: break;
2474:
2475: case 78:
2476: /* Line 1787 of yacc.c */
2477: #line 801 "parse.y"
2478: {
2479: char buf[20];
2480: snprintf(buf, sizeof(buf), "%lu", (yyvsp[(2) - (3)].ulnum));
2481: (yyval.val).buf = strdup(buf);
2482: if (!(yyval.val).buf) {
2483: yyerror("insufficient memory");
2484: return -1;
2485: }
2486: (yyval.val).len = strlen((yyval.val).buf);
2487: }
2488: break;
2489:
2490: case 79:
2491: /* Line 1787 of yacc.c */
2492: #line 812 "parse.y"
2493: {
2494: (yyval.val) = (yyvsp[(2) - (3)].val);
2495: }
2496: break;
2497:
2498: case 80:
2499: /* Line 1787 of yacc.c */
2500: #line 818 "parse.y"
2501: { (yyval.num) = (yyvsp[(1) - (1)].ulnum); }
2502: break;
2503:
2504: case 81:
2505: /* Line 1787 of yacc.c */
2506: #line 819 "parse.y"
2507: { (yyval.num) = IPSEC_ULPROTO_ANY; }
2508: break;
2509:
2510: case 82:
2511: /* Line 1787 of yacc.c */
2512: #line 820 "parse.y"
2513: {
2514: (yyval.num) = IPPROTO_TCP;
2515: }
2516: break;
2517:
2518: case 83:
2519: /* Line 1787 of yacc.c */
2520: #line 824 "parse.y"
2521: {
2522: struct protoent *ent;
2523:
2524: ent = getprotobyname((yyvsp[(1) - (1)].val).buf);
2525: if (ent)
2526: (yyval.num) = ent->p_proto;
2527: else {
2528: if (strcmp("icmp6", (yyvsp[(1) - (1)].val).buf) == 0) {
2529: (yyval.num) = IPPROTO_ICMPV6;
2530: } else if(strcmp("ip4", (yyvsp[(1) - (1)].val).buf) == 0) {
2531: (yyval.num) = IPPROTO_IPV4;
2532: } else {
2533: yyerror("invalid upper layer protocol");
2534: return -1;
2535: }
2536: }
2537: endprotoent();
2538: }
2539: break;
2540:
2541: case 84:
2542: /* Line 1787 of yacc.c */
2543: #line 846 "parse.y"
2544: {
2545: (yyval.val).buf = NULL;
2546: (yyval.val).len = 0;
2547: }
2548: break;
2549:
2550: case 85:
2551: /* Line 1787 of yacc.c */
2552: #line 851 "parse.y"
2553: {
2554: (yyval.val).buf = strdup((yyvsp[(1) - (1)].val).buf);
2555: if (!(yyval.val).buf) {
2556: yyerror("insufficient memory");
2557: return -1;
2558: }
2559: (yyval.val).len = strlen((yyval.val).buf);
2560: }
2561: break;
2562:
2563: case 87:
2564: /* Line 1787 of yacc.c */
2565: #line 863 "parse.y"
2566: {
2567: sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
2568: sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
2569: sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
2570: sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
2571: }
2572: break;
2573:
2574: case 88:
2575: /* Line 1787 of yacc.c */
2576: #line 873 "parse.y"
2577: {
2578: char *policy;
2579: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2580: struct sadb_x_policy *xpl;
2581: #endif
2582:
2583: policy = ipsec_set_policy((yyvsp[(2) - (2)].val).buf, (yyvsp[(2) - (2)].val).len);
2584: if (policy == NULL) {
2585: yyerror(ipsec_strerror());
2586: return -1;
2587: }
2588:
2589: (yyval.val).buf = policy;
2590: (yyval.val).len = ipsec_get_policylen(policy);
2591:
2592: #ifdef HAVE_PFKEY_POLICY_PRIORITY
2593: xpl = (struct sadb_x_policy *) (yyval.val).buf;
2594: last_priority = xpl->sadb_x_policy_priority;
2595: #endif
2596: }
2597: break;
2598:
2599: case 89:
2600: /* Line 1787 of yacc.c */
2601: #line 896 "parse.y"
2602: { (yyval.val) = (yyvsp[(1) - (1)].val); }
2603: break;
2604:
2605: case 90:
2606: /* Line 1787 of yacc.c */
2607: #line 902 "parse.y"
2608: {
2609: exit_now = 1;
2610: YYACCEPT;
2611: }
2612: break;
2613:
2614:
2615: /* Line 1787 of yacc.c */
2616: #line 2617 "parse.c"
2617: default: break;
2618: }
2619: /* User semantic actions sometimes alter yychar, and that requires
2620: that yytoken be updated with the new translation. We take the
2621: approach of translating immediately before every use of yytoken.
2622: One alternative is translating here after every semantic action,
2623: but that translation would be missed if the semantic action invokes
2624: YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
2625: if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an
2626: incorrect destructor might then be invoked immediately. In the
2627: case of YYERROR or YYBACKUP, subsequent parser actions might lead
2628: to an incorrect destructor call or verbose syntax error message
2629: before the lookahead is translated. */
2630: YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
2631:
2632: YYPOPSTACK (yylen);
2633: yylen = 0;
2634: YY_STACK_PRINT (yyss, yyssp);
2635:
2636: *++yyvsp = yyval;
2637:
2638: /* Now `shift' the result of the reduction. Determine what state
2639: that goes to, based on the state we popped back to and the rule
2640: number reduced by. */
2641:
2642: yyn = yyr1[yyn];
2643:
2644: yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
2645: if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
2646: yystate = yytable[yystate];
2647: else
2648: yystate = yydefgoto[yyn - YYNTOKENS];
2649:
2650: goto yynewstate;
2651:
2652:
2653: /*------------------------------------.
2654: | yyerrlab -- here on detecting error |
2655: `------------------------------------*/
2656: yyerrlab:
2657: /* Make sure we have latest lookahead translation. See comments at
2658: user semantic actions for why this is necessary. */
2659: yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
2660:
2661: /* If not already recovering from an error, report this error. */
2662: if (!yyerrstatus)
2663: {
2664: ++yynerrs;
2665: #if ! YYERROR_VERBOSE
2666: yyerror (YY_("syntax error"));
2667: #else
2668: # define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \
2669: yyssp, yytoken)
2670: {
2671: char const *yymsgp = YY_("syntax error");
2672: int yysyntax_error_status;
2673: yysyntax_error_status = YYSYNTAX_ERROR;
2674: if (yysyntax_error_status == 0)
2675: yymsgp = yymsg;
2676: else if (yysyntax_error_status == 1)
2677: {
2678: if (yymsg != yymsgbuf)
2679: YYSTACK_FREE (yymsg);
2680: yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc);
2681: if (!yymsg)
2682: {
2683: yymsg = yymsgbuf;
2684: yymsg_alloc = sizeof yymsgbuf;
2685: yysyntax_error_status = 2;
2686: }
2687: else
2688: {
2689: yysyntax_error_status = YYSYNTAX_ERROR;
2690: yymsgp = yymsg;
2691: }
2692: }
2693: yyerror (yymsgp);
2694: if (yysyntax_error_status == 2)
2695: goto yyexhaustedlab;
2696: }
2697: # undef YYSYNTAX_ERROR
2698: #endif
2699: }
2700:
2701:
2702:
2703: if (yyerrstatus == 3)
2704: {
2705: /* If just tried and failed to reuse lookahead token after an
2706: error, discard it. */
2707:
2708: if (yychar <= YYEOF)
2709: {
2710: /* Return failure if at end of input. */
2711: if (yychar == YYEOF)
2712: YYABORT;
2713: }
2714: else
2715: {
2716: yydestruct ("Error: discarding",
2717: yytoken, &yylval);
2718: yychar = YYEMPTY;
2719: }
2720: }
2721:
2722: /* Else will try to reuse lookahead token after shifting the error
2723: token. */
2724: goto yyerrlab1;
2725:
2726:
2727: /*---------------------------------------------------.
2728: | yyerrorlab -- error raised explicitly by YYERROR. |
2729: `---------------------------------------------------*/
2730: yyerrorlab:
2731:
2732: /* Pacify compilers like GCC when the user code never invokes
2733: YYERROR and the label yyerrorlab therefore never appears in user
2734: code. */
2735: if (/*CONSTCOND*/ 0)
2736: goto yyerrorlab;
2737:
2738: /* Do not reclaim the symbols of the rule which action triggered
2739: this YYERROR. */
2740: YYPOPSTACK (yylen);
2741: yylen = 0;
2742: YY_STACK_PRINT (yyss, yyssp);
2743: yystate = *yyssp;
2744: goto yyerrlab1;
2745:
2746:
2747: /*-------------------------------------------------------------.
2748: | yyerrlab1 -- common code for both syntax error and YYERROR. |
2749: `-------------------------------------------------------------*/
2750: yyerrlab1:
2751: yyerrstatus = 3; /* Each real token shifted decrements this. */
2752:
2753: for (;;)
2754: {
2755: yyn = yypact[yystate];
2756: if (!yypact_value_is_default (yyn))
2757: {
2758: yyn += YYTERROR;
2759: if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
2760: {
2761: yyn = yytable[yyn];
2762: if (0 < yyn)
2763: break;
2764: }
2765: }
2766:
2767: /* Pop the current state because it cannot handle the error token. */
2768: if (yyssp == yyss)
2769: YYABORT;
2770:
2771:
2772: yydestruct ("Error: popping",
2773: yystos[yystate], yyvsp);
2774: YYPOPSTACK (1);
2775: yystate = *yyssp;
2776: YY_STACK_PRINT (yyss, yyssp);
2777: }
2778:
2779: *++yyvsp = yylval;
2780:
2781:
2782: /* Shift the error token. */
2783: YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
2784:
2785: yystate = yyn;
2786: goto yynewstate;
2787:
2788:
2789: /*-------------------------------------.
2790: | yyacceptlab -- YYACCEPT comes here. |
2791: `-------------------------------------*/
2792: yyacceptlab:
2793: yyresult = 0;
2794: goto yyreturn;
2795:
2796: /*-----------------------------------.
2797: | yyabortlab -- YYABORT comes here. |
2798: `-----------------------------------*/
2799: yyabortlab:
2800: yyresult = 1;
2801: goto yyreturn;
2802:
2803: #if !defined yyoverflow || YYERROR_VERBOSE
2804: /*-------------------------------------------------.
2805: | yyexhaustedlab -- memory exhaustion comes here. |
2806: `-------------------------------------------------*/
2807: yyexhaustedlab:
2808: yyerror (YY_("memory exhausted"));
2809: yyresult = 2;
2810: /* Fall through. */
2811: #endif
2812:
2813: yyreturn:
2814: if (yychar != YYEMPTY)
2815: {
2816: /* Make sure we have latest lookahead translation. See comments at
2817: user semantic actions for why this is necessary. */
2818: yytoken = YYTRANSLATE (yychar);
2819: yydestruct ("Cleanup: discarding lookahead",
2820: yytoken, &yylval);
2821: }
2822: /* Do not reclaim the symbols of the rule which action triggered
2823: this YYABORT or YYACCEPT. */
2824: YYPOPSTACK (yylen);
2825: YY_STACK_PRINT (yyss, yyssp);
2826: while (yyssp != yyss)
2827: {
2828: yydestruct ("Cleanup: popping",
2829: yystos[*yyssp], yyvsp);
2830: YYPOPSTACK (1);
2831: }
2832: #ifndef yyoverflow
2833: if (yyss != yyssa)
2834: YYSTACK_FREE (yyss);
2835: #endif
2836: #if YYERROR_VERBOSE
2837: if (yymsg != yymsgbuf)
2838: YYSTACK_FREE (yymsg);
2839: #endif
2840: /* Make sure YYID is used. */
2841: return YYID (yyresult);
2842: }
2843:
2844:
2845: /* Line 2048 of yacc.c */
2846: #line 907 "parse.y"
2847:
2848:
2849: int
2850: setkeymsg0(msg, type, satype, l)
2851: struct sadb_msg *msg;
2852: unsigned int type;
2853: unsigned int satype;
2854: size_t l;
2855: {
2856:
2857: msg->sadb_msg_version = PF_KEY_V2;
2858: msg->sadb_msg_type = type;
2859: msg->sadb_msg_errno = 0;
2860: msg->sadb_msg_satype = satype;
2861: msg->sadb_msg_reserved = 0;
2862: msg->sadb_msg_seq = 0;
2863: msg->sadb_msg_pid = getpid();
2864: msg->sadb_msg_len = PFKEY_UNIT64(l);
2865: return 0;
2866: }
2867:
2868: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
2869: static int
2870: setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
2871: unsigned int type;
2872: unsigned int upper;
2873: vchar_t *policy;
2874: struct addrinfo *srcs;
2875: int splen;
2876: struct addrinfo *dsts;
2877: int dplen;
2878: {
2879: struct sadb_msg *msg;
2880: char buf[BUFSIZ];
2881: int l, l0;
2882: struct sadb_address m_addr;
2883: struct addrinfo *s, *d;
2884: int n;
2885: int plen;
2886: struct sockaddr *sa;
2887: int salen;
2888: struct sadb_x_policy *sp;
2889: #ifdef HAVE_POLICY_FWD
2890: struct sadb_x_ipsecrequest *ps = NULL;
2891: int saved_level, saved_id = 0;
2892: #endif
2893:
2894: msg = (struct sadb_msg *)buf;
2895:
2896: if (!srcs || !dsts)
2897: return -1;
2898:
2899: /* fix up length afterwards */
2900: setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
2901: l = sizeof(struct sadb_msg);
2902:
2903: sp = (struct sadb_x_policy*) (buf + l);
2904: memcpy(buf + l, policy->buf, policy->len);
2905: l += policy->len;
2906:
2907: l0 = l;
2908: n = 0;
2909:
2910: /* do it for all src/dst pairs */
2911: for (s = srcs; s; s = s->ai_next) {
2912: for (d = dsts; d; d = d->ai_next) {
2913: /* rewind pointer */
2914: l = l0;
2915:
2916: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
2917: continue;
2918: switch (s->ai_addr->sa_family) {
2919: case AF_INET:
2920: plen = sizeof(struct in_addr) << 3;
2921: break;
2922: #ifdef INET6
2923: case AF_INET6:
2924: plen = sizeof(struct in6_addr) << 3;
2925: break;
2926: #endif
2927: default:
2928: continue;
2929: }
2930:
2931: /* set src */
2932: sa = s->ai_addr;
2933: salen = sysdep_sa_len(s->ai_addr);
2934: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
2935: PFKEY_ALIGN8(salen));
2936: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
2937: m_addr.sadb_address_proto = upper;
2938: m_addr.sadb_address_prefixlen =
2939: (splen >= 0 ? splen : plen);
2940: m_addr.sadb_address_reserved = 0;
2941:
2942: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
2943: sizeof(m_addr), (caddr_t)sa, salen);
2944:
2945: /* set dst */
2946: sa = d->ai_addr;
2947: salen = sysdep_sa_len(d->ai_addr);
2948: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
2949: PFKEY_ALIGN8(salen));
2950: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
2951: m_addr.sadb_address_proto = upper;
2952: m_addr.sadb_address_prefixlen =
2953: (dplen >= 0 ? dplen : plen);
2954: m_addr.sadb_address_reserved = 0;
2955:
2956: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
2957: sizeof(m_addr), sa, salen);
2958: #ifdef SADB_X_EXT_SEC_CTX
2959: /* Add security context label */
2960: if (sec_ctx.doi) {
2961: struct sadb_x_sec_ctx m_sec_ctx;
2962: u_int slen = sizeof(struct sadb_x_sec_ctx);
2963:
2964: memset(&m_sec_ctx, 0, slen);
2965:
2966: m_sec_ctx.sadb_x_sec_len =
2967: PFKEY_UNIT64(slen + PFKEY_ALIGN8(sec_ctx.len));
2968:
2969: m_sec_ctx.sadb_x_sec_exttype =
2970: SADB_X_EXT_SEC_CTX;
2971: m_sec_ctx.sadb_x_ctx_len = sec_ctx.len;/*bytes*/
2972: m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
2973: m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
2974: setvarbuf(buf, &l,
2975: (struct sadb_ext *)&m_sec_ctx, slen,
2976: (caddr_t)sec_ctx.buf, sec_ctx.len);
2977: }
2978: #endif
2979: msg->sadb_msg_len = PFKEY_UNIT64(l);
2980:
2981: sendkeymsg(buf, l);
2982:
2983: #ifdef HAVE_POLICY_FWD
2984: /* create extra call for FWD policy */
2985: if (f_rfcmode && sp->sadb_x_policy_dir == IPSEC_DIR_INBOUND) {
2986: sp->sadb_x_policy_dir = IPSEC_DIR_FWD;
2987: ps = (struct sadb_x_ipsecrequest*) (sp+1);
2988:
2989: /* if request level is unique, change it to
2990: * require for fwd policy */
2991: /* XXX: currently, only first policy is updated
2992: * only. Update following too... */
2993: saved_level = ps->sadb_x_ipsecrequest_level;
2994: if (saved_level == IPSEC_LEVEL_UNIQUE) {
2995: saved_id = ps->sadb_x_ipsecrequest_reqid;
2996: ps->sadb_x_ipsecrequest_reqid=0;
2997: ps->sadb_x_ipsecrequest_level=IPSEC_LEVEL_REQUIRE;
2998: }
2999:
3000: sendkeymsg(buf, l);
3001: /* restoring for next message */
3002: sp->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
3003: if (saved_level == IPSEC_LEVEL_UNIQUE) {
3004: ps->sadb_x_ipsecrequest_reqid = saved_id;
3005: ps->sadb_x_ipsecrequest_level = saved_level;
3006: }
3007: }
3008: #endif
3009:
3010: n++;
3011: }
3012: }
3013:
3014: if (n == 0)
3015: return -1;
3016: else
3017: return 0;
3018: }
3019:
3020: static int
3021: setkeymsg_spdaddr_tag(type, tag, policy)
3022: unsigned int type;
3023: char *tag;
3024: vchar_t *policy;
3025: {
3026: struct sadb_msg *msg;
3027: char buf[BUFSIZ];
3028: int l, l0;
3029: #ifdef SADB_X_EXT_TAG
3030: struct sadb_x_tag m_tag;
3031: #endif
3032: int n;
3033:
3034: msg = (struct sadb_msg *)buf;
3035:
3036: /* fix up length afterwards */
3037: setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
3038: l = sizeof(struct sadb_msg);
3039:
3040: memcpy(buf + l, policy->buf, policy->len);
3041: l += policy->len;
3042:
3043: l0 = l;
3044: n = 0;
3045:
3046: #ifdef SADB_X_EXT_TAG
3047: memset(&m_tag, 0, sizeof(m_tag));
3048: m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
3049: m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
3050: if (strlcpy(m_tag.sadb_x_tag_name, tag,
3051: sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
3052: return -1;
3053: memcpy(buf + l, &m_tag, sizeof(m_tag));
3054: l += sizeof(m_tag);
3055: #endif
3056:
3057: msg->sadb_msg_len = PFKEY_UNIT64(l);
3058:
3059: sendkeymsg(buf, l);
3060:
3061: return 0;
3062: }
3063:
3064: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
3065: static int
3066: setkeymsg_addr(type, satype, srcs, dsts, no_spi)
3067: unsigned int type;
3068: unsigned int satype;
3069: struct addrinfo *srcs;
3070: struct addrinfo *dsts;
3071: int no_spi;
3072: {
3073: struct sadb_msg *msg;
3074: char buf[BUFSIZ];
3075: int l, l0, len;
3076: struct sadb_sa m_sa;
3077: struct sadb_x_sa2 m_sa2;
3078: struct sadb_address m_addr;
3079: struct addrinfo *s, *d;
3080: int n;
3081: int plen;
3082: struct sockaddr *sa;
3083: int salen;
3084:
3085: msg = (struct sadb_msg *)buf;
3086:
3087: if (!srcs || !dsts)
3088: return -1;
3089:
3090: /* fix up length afterwards */
3091: setkeymsg0(msg, type, satype, 0);
3092: l = sizeof(struct sadb_msg);
3093:
3094: if (!no_spi) {
3095: len = sizeof(struct sadb_sa);
3096: m_sa.sadb_sa_len = PFKEY_UNIT64(len);
3097: m_sa.sadb_sa_exttype = SADB_EXT_SA;
3098: m_sa.sadb_sa_spi = htonl(p_spi);
3099: m_sa.sadb_sa_replay = p_replay;
3100: m_sa.sadb_sa_state = 0;
3101: m_sa.sadb_sa_auth = p_alg_auth;
3102: m_sa.sadb_sa_encrypt = p_alg_enc;
3103: m_sa.sadb_sa_flags = p_ext;
3104:
3105: memcpy(buf + l, &m_sa, len);
3106: l += len;
3107:
3108: len = sizeof(struct sadb_x_sa2);
3109: m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
3110: m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3111: m_sa2.sadb_x_sa2_mode = p_mode;
3112: m_sa2.sadb_x_sa2_reqid = p_reqid;
3113:
3114: memcpy(buf + l, &m_sa2, len);
3115: l += len;
3116: }
3117:
3118: l0 = l;
3119: n = 0;
3120:
3121: /* do it for all src/dst pairs */
3122: for (s = srcs; s; s = s->ai_next) {
3123: for (d = dsts; d; d = d->ai_next) {
3124: /* rewind pointer */
3125: l = l0;
3126:
3127: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
3128: continue;
3129: switch (s->ai_addr->sa_family) {
3130: case AF_INET:
3131: plen = sizeof(struct in_addr) << 3;
3132: break;
3133: #ifdef INET6
3134: case AF_INET6:
3135: plen = sizeof(struct in6_addr) << 3;
3136: break;
3137: #endif
3138: default:
3139: continue;
3140: }
3141:
3142: /* set src */
3143: sa = s->ai_addr;
3144: salen = sysdep_sa_len(s->ai_addr);
3145: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3146: PFKEY_ALIGN8(salen));
3147: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3148: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3149: m_addr.sadb_address_prefixlen = plen;
3150: m_addr.sadb_address_reserved = 0;
3151:
3152: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3153: sizeof(m_addr), sa, salen);
3154:
3155: /* set dst */
3156: sa = d->ai_addr;
3157: salen = sysdep_sa_len(d->ai_addr);
3158: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3159: PFKEY_ALIGN8(salen));
3160: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3161: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3162: m_addr.sadb_address_prefixlen = plen;
3163: m_addr.sadb_address_reserved = 0;
3164:
3165: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3166: sizeof(m_addr), sa, salen);
3167:
3168: msg->sadb_msg_len = PFKEY_UNIT64(l);
3169:
3170: sendkeymsg(buf, l);
3171:
3172: n++;
3173: }
3174: }
3175:
3176: if (n == 0)
3177: return -1;
3178: else
3179: return 0;
3180: }
3181:
3182: #ifdef SADB_X_EXT_NAT_T_TYPE
3183: static u_int16_t get_port (struct addrinfo *addr)
3184: {
3185: struct sockaddr *s = addr->ai_addr;
3186: u_int16_t port = 0;
3187:
3188: switch (s->sa_family) {
3189: case AF_INET:
3190: {
3191: struct sockaddr_in *sin4 = (struct sockaddr_in *)s;
3192: port = ntohs(sin4->sin_port);
3193: break;
3194: }
3195: case AF_INET6:
3196: {
3197: struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)s;
3198: port = ntohs(sin6->sin6_port);
3199: break;
3200: }
3201: }
3202:
3203: if (port == 0)
3204: port = DEFAULT_NATT_PORT;
3205:
3206: return port;
3207: }
3208: #endif
3209:
3210: /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
3211: static int
3212: setkeymsg_add(type, satype, srcs, dsts)
3213: unsigned int type;
3214: unsigned int satype;
3215: struct addrinfo *srcs;
3216: struct addrinfo *dsts;
3217: {
3218: struct sadb_msg *msg;
3219: char buf[BUFSIZ];
3220: int l, l0, len;
3221: struct sadb_sa m_sa;
3222: struct sadb_x_sa2 m_sa2;
3223: struct sadb_address m_addr;
3224: struct addrinfo *s, *d;
3225: int n;
3226: int plen;
3227: struct sockaddr *sa;
3228: int salen;
3229:
3230: msg = (struct sadb_msg *)buf;
3231:
3232: if (!srcs || !dsts)
3233: return -1;
3234:
3235: /* fix up length afterwards */
3236: setkeymsg0(msg, type, satype, 0);
3237: l = sizeof(struct sadb_msg);
3238:
3239: /* set encryption algorithm, if present. */
3240: if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
3241: union {
3242: struct sadb_key key;
3243: struct sadb_ext ext;
3244: } m;
3245:
3246: m.key.sadb_key_len =
3247: PFKEY_UNIT64(sizeof(m.key)
3248: + PFKEY_ALIGN8(p_key_enc_len));
3249: m.key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
3250: m.key.sadb_key_bits = p_key_enc_len * 8;
3251: m.key.sadb_key_reserved = 0;
3252:
3253: setvarbuf(buf, &l, &m.ext, sizeof(m.key),
3254: p_key_enc, p_key_enc_len);
3255: }
3256:
3257: /* set authentication algorithm, if present. */
3258: if (p_key_auth) {
3259: union {
3260: struct sadb_key key;
3261: struct sadb_ext ext;
3262: } m;
3263:
3264: m.key.sadb_key_len =
3265: PFKEY_UNIT64(sizeof(m.key)
3266: + PFKEY_ALIGN8(p_key_auth_len));
3267: m.key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
3268: m.key.sadb_key_bits = p_key_auth_len * 8;
3269: m.key.sadb_key_reserved = 0;
3270:
3271: setvarbuf(buf, &l, &m.ext, sizeof(m.key),
3272: p_key_auth, p_key_auth_len);
3273: }
3274:
3275: /* set lifetime for HARD */
3276: if (p_lt_hard != 0 || p_lb_hard != 0) {
3277: struct sadb_lifetime m_lt;
3278: u_int slen = sizeof(struct sadb_lifetime);
3279:
3280: m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
3281: m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3282: m_lt.sadb_lifetime_allocations = 0;
3283: m_lt.sadb_lifetime_bytes = p_lb_hard;
3284: m_lt.sadb_lifetime_addtime = p_lt_hard;
3285: m_lt.sadb_lifetime_usetime = 0;
3286:
3287: memcpy(buf + l, &m_lt, slen);
3288: l += slen;
3289: }
3290:
3291: /* set lifetime for SOFT */
3292: if (p_lt_soft != 0 || p_lb_soft != 0) {
3293: struct sadb_lifetime m_lt;
3294: u_int slen = sizeof(struct sadb_lifetime);
3295:
3296: m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
3297: m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
3298: m_lt.sadb_lifetime_allocations = 0;
3299: m_lt.sadb_lifetime_bytes = p_lb_soft;
3300: m_lt.sadb_lifetime_addtime = p_lt_soft;
3301: m_lt.sadb_lifetime_usetime = 0;
3302:
3303: memcpy(buf + l, &m_lt, slen);
3304: l += slen;
3305: }
3306:
3307: #ifdef SADB_X_EXT_SEC_CTX
3308: /* Add security context label */
3309: if (sec_ctx.doi) {
3310: struct sadb_x_sec_ctx m_sec_ctx;
3311: u_int slen = sizeof(struct sadb_x_sec_ctx);
3312:
3313: memset(&m_sec_ctx, 0, slen);
3314:
3315: m_sec_ctx.sadb_x_sec_len = PFKEY_UNIT64(slen +
3316: PFKEY_ALIGN8(sec_ctx.len));
3317: m_sec_ctx.sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
3318: m_sec_ctx.sadb_x_ctx_len = sec_ctx.len; /* bytes */
3319: m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
3320: m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
3321: setvarbuf(buf, &l, (struct sadb_ext *)&m_sec_ctx, slen,
3322: (caddr_t)sec_ctx.buf, sec_ctx.len);
3323: }
3324: #endif
3325:
3326: len = sizeof(struct sadb_sa);
3327: m_sa.sadb_sa_len = PFKEY_UNIT64(len);
3328: m_sa.sadb_sa_exttype = SADB_EXT_SA;
3329: m_sa.sadb_sa_spi = htonl(p_spi);
3330: m_sa.sadb_sa_replay = p_replay;
3331: m_sa.sadb_sa_state = 0;
3332: m_sa.sadb_sa_auth = p_alg_auth;
3333: m_sa.sadb_sa_encrypt = p_alg_enc;
3334: m_sa.sadb_sa_flags = p_ext;
3335:
3336: memcpy(buf + l, &m_sa, len);
3337: l += len;
3338:
3339: len = sizeof(struct sadb_x_sa2);
3340: m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
3341: m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3342: m_sa2.sadb_x_sa2_mode = p_mode;
3343: m_sa2.sadb_x_sa2_reqid = p_reqid;
3344:
3345: memcpy(buf + l, &m_sa2, len);
3346: l += len;
3347:
3348: #ifdef SADB_X_EXT_NAT_T_TYPE
3349: if (p_natt_type) {
3350: struct sadb_x_nat_t_type natt_type;
3351:
3352: len = sizeof(struct sadb_x_nat_t_type);
3353: memset(&natt_type, 0, len);
3354: natt_type.sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3355: natt_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3356: natt_type.sadb_x_nat_t_type_type = p_natt_type;
3357:
3358: memcpy(buf + l, &natt_type, len);
3359: l += len;
3360:
3361: if (p_natt_oa) {
3362: sa = p_natt_oa->ai_addr;
3363: switch (sa->sa_family) {
3364: case AF_INET:
3365: plen = sizeof(struct in_addr) << 3;
3366: break;
3367: #ifdef INET6
3368: case AF_INET6:
3369: plen = sizeof(struct in6_addr) << 3;
3370: break;
3371: #endif
3372: default:
3373: return -1;
3374: }
3375: salen = sysdep_sa_len(sa);
3376: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3377: PFKEY_ALIGN8(salen));
3378: m_addr.sadb_address_exttype = SADB_X_EXT_NAT_T_OA;
3379: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3380: m_addr.sadb_address_prefixlen = plen;
3381: m_addr.sadb_address_reserved = 0;
3382:
3383: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3384: sizeof(m_addr), sa, salen);
3385: }
3386: }
3387: #endif
3388:
3389: l0 = l;
3390: n = 0;
3391:
3392: /* do it for all src/dst pairs */
3393: for (s = srcs; s; s = s->ai_next) {
3394: for (d = dsts; d; d = d->ai_next) {
3395: /* rewind pointer */
3396: l = l0;
3397:
3398: if (s->ai_addr->sa_family != d->ai_addr->sa_family)
3399: continue;
3400: switch (s->ai_addr->sa_family) {
3401: case AF_INET:
3402: plen = sizeof(struct in_addr) << 3;
3403: break;
3404: #ifdef INET6
3405: case AF_INET6:
3406: plen = sizeof(struct in6_addr) << 3;
3407: break;
3408: #endif
3409: default:
3410: continue;
3411: }
3412:
3413: /* set src */
3414: sa = s->ai_addr;
3415: salen = sysdep_sa_len(s->ai_addr);
3416: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3417: PFKEY_ALIGN8(salen));
3418: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3419: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3420: m_addr.sadb_address_prefixlen = plen;
3421: m_addr.sadb_address_reserved = 0;
3422:
3423: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3424: sizeof(m_addr), sa, salen);
3425:
3426: /* set dst */
3427: sa = d->ai_addr;
3428: salen = sysdep_sa_len(d->ai_addr);
3429: m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
3430: PFKEY_ALIGN8(salen));
3431: m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3432: m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
3433: m_addr.sadb_address_prefixlen = plen;
3434: m_addr.sadb_address_reserved = 0;
3435:
3436: setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
3437: sizeof(m_addr), sa, salen);
3438:
3439: #ifdef SADB_X_EXT_NAT_T_TYPE
3440: if (p_natt_type) {
3441: struct sadb_x_nat_t_port natt_port;
3442:
3443: /* NATT_SPORT */
3444: len = sizeof(struct sadb_x_nat_t_port);
3445: memset(&natt_port, 0, len);
3446: natt_port.sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
3447: natt_port.sadb_x_nat_t_port_exttype =
3448: SADB_X_EXT_NAT_T_SPORT;
3449: natt_port.sadb_x_nat_t_port_port = htons(get_port(s));
3450:
3451: memcpy(buf + l, &natt_port, len);
3452: l += len;
3453:
3454: /* NATT_DPORT */
3455: natt_port.sadb_x_nat_t_port_exttype =
3456: SADB_X_EXT_NAT_T_DPORT;
3457: natt_port.sadb_x_nat_t_port_port = htons(get_port(d));
3458:
3459: memcpy(buf + l, &natt_port, len);
3460: l += len;
3461: }
3462: #endif
3463: msg->sadb_msg_len = PFKEY_UNIT64(l);
3464:
3465: sendkeymsg(buf, l);
3466:
3467: n++;
3468: }
3469: }
3470:
3471: if (n == 0)
3472: return -1;
3473: else
3474: return 0;
3475: }
3476:
3477: static struct addrinfo *
3478: parse_addr(host, port)
3479: char *host;
3480: char *port;
3481: {
3482: struct addrinfo hints, *res = NULL;
3483: int error;
3484:
3485: memset(&hints, 0, sizeof(hints));
3486: hints.ai_family = p_aifamily;
3487: hints.ai_socktype = SOCK_DGRAM; /*dummy*/
3488: hints.ai_protocol = IPPROTO_UDP; /*dummy*/
3489: hints.ai_flags = p_aiflags;
3490: error = getaddrinfo(host, port, &hints, &res);
3491: if (error != 0) {
3492: yyerror(gai_strerror(error));
3493: return NULL;
3494: }
3495: return res;
3496: }
3497:
3498: static int
3499: fix_portstr(ulproto, spec, sport, dport)
3500: int ulproto;
3501: vchar_t *spec, *sport, *dport;
3502: {
3503: char sp[16], dp[16];
3504: int a, b, c, d;
3505: unsigned long u;
3506:
3507: if (spec->buf == NULL)
3508: return 0;
3509:
3510: switch (ulproto) {
3511: case IPPROTO_ICMP:
3512: case IPPROTO_ICMPV6:
3513: case IPPROTO_MH:
3514: if (sscanf(spec->buf, "%d,%d", &a, &b) == 2) {
3515: sprintf(sp, "%d", a);
3516: sprintf(dp, "%d", b);
3517: } else if (sscanf(spec->buf, "%d", &a) == 1) {
3518: sprintf(sp, "%d", a);
3519: } else {
3520: yyerror("invalid an upper layer protocol spec");
3521: return -1;
3522: }
3523: break;
3524: case IPPROTO_GRE:
3525: if (sscanf(spec->buf, "%d.%d.%d.%d", &a, &b, &c, &d) == 4) {
3526: sprintf(sp, "%d", (a << 8) + b);
3527: sprintf(dp, "%d", (c << 8) + d);
3528: } else if (sscanf(spec->buf, "%lu", &u) == 1) {
3529: sprintf(sp, "%d", (int) (u >> 16));
3530: sprintf(dp, "%d", (int) (u & 0xffff));
3531: } else {
3532: yyerror("invalid an upper layer protocol spec");
3533: return -1;
3534: }
3535: break;
3536: }
3537:
3538: free(sport->buf);
3539: sport->buf = strdup(sp);
3540: if (!sport->buf) {
3541: yyerror("insufficient memory");
3542: return -1;
3543: }
3544: sport->len = strlen(sport->buf);
3545:
3546: free(dport->buf);
3547: dport->buf = strdup(dp);
3548: if (!dport->buf) {
3549: yyerror("insufficient memory");
3550: return -1;
3551: }
3552: dport->len = strlen(dport->buf);
3553:
3554: return 0;
3555: }
3556:
3557: static int
3558: setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
3559: char *buf;
3560: int *off;
3561: struct sadb_ext *ebuf;
3562: int elen;
3563: const void *vbuf;
3564: int vlen;
3565: {
3566: memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
3567: memcpy(buf + *off, (caddr_t)ebuf, elen);
3568: memcpy(buf + *off + elen, vbuf, vlen);
3569: (*off) += PFKEY_ALIGN8(elen + vlen);
3570:
3571: return 0;
3572: }
3573:
3574: void
3575: parse_init()
3576: {
3577: p_spi = 0;
3578:
3579: p_ext = SADB_X_EXT_CYCSEQ;
3580: p_alg_enc = SADB_EALG_NONE;
3581: p_alg_auth = SADB_AALG_NONE;
3582: p_mode = IPSEC_MODE_ANY;
3583: p_reqid = 0;
3584: p_replay = 0;
3585: p_key_enc_len = p_key_auth_len = 0;
3586: p_key_enc = p_key_auth = 0;
3587: p_lt_hard = p_lt_soft = 0;
3588: p_lb_hard = p_lb_soft = 0;
3589:
3590: memset(&sec_ctx, 0, sizeof(struct security_ctx));
3591:
3592: p_aiflags = 0;
3593: p_aifamily = PF_UNSPEC;
3594:
3595: /* Clear out any natt OA information */
3596: if (p_natt_oa)
3597: freeaddrinfo (p_natt_oa);
3598: p_natt_oa = NULL;
3599: p_natt_type = 0;
3600:
3601: return;
3602: }
3603:
3604: void
3605: free_buffer()
3606: {
3607: /* we got tons of memory leaks in the parser anyways, leave them */
3608:
3609: return;
3610: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to parse.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / setkey