Context Navigation

parse.c

6-freebsd-12

Last change on this file was b376ae1, checked in by Christian Mauderer <christian.mauderer@…>, on 05/03/18 at 12:15:11

ipsec-tools: Port libipsec, setkey and racoon.

Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.

Property mode set to 100644

File size: 60.9 KB

Line
1	/* original parser id follows */
2	/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */
3	/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */
4
5	#define YYBYACC 1
6	#define YYMAJOR 1
7	#define YYMINOR 9
8	#define YYPATCH 20170201
9
10	#define YYEMPTY (-1)
11	#define yyclearin (yychar = YYEMPTY)
12	#define yyerrok (yyerrflag = 0)
13	#define YYRECOVERING() (yyerrflag != 0)
14	#define YYENOMEM (-2)
15	#define YYEOF 0
16
17	#ifndef yyparse
18	#define yyparse setkeyyyparse
19	#endif /* yyparse */
20
21	#ifndef yylex
22	#define yylex setkeyyylex
23	#endif /* yylex */
24
25	#ifndef yyerror
26	#define yyerror setkeyyyerror
27	#endif /* yyerror */
28
29	#ifndef yychar
30	#define yychar setkeyyychar
31	#endif /* yychar */
32
33	#ifndef yyval
34	#define yyval setkeyyyval
35	#endif /* yyval */
36
37	#ifndef yylval
38	#define yylval setkeyyylval
39	#endif /* yylval */
40
41	#ifndef yydebug
42	#define yydebug setkeyyydebug
43	#endif /* yydebug */
44
45	#ifndef yynerrs
46	#define yynerrs setkeyyynerrs
47	#endif /* yynerrs */
48
49	#ifndef yyerrflag
50	#define yyerrflag setkeyyyerrflag
51	#endif /* yyerrflag */
52
53	#ifndef yylhs
54	#define yylhs setkeyyylhs
55	#endif /* yylhs */
56
57	#ifndef yylen
58	#define yylen setkeyyylen
59	#endif /* yylen */
60
61	#ifndef yydefred
62	#define yydefred setkeyyydefred
63	#endif /* yydefred */
64
65	#ifndef yydgoto
66	#define yydgoto setkeyyydgoto
67	#endif /* yydgoto */
68
69	#ifndef yysindex
70	#define yysindex setkeyyysindex
71	#endif /* yysindex */
72
73	#ifndef yyrindex
74	#define yyrindex setkeyyyrindex
75	#endif /* yyrindex */
76
77	#ifndef yygindex
78	#define yygindex setkeyyygindex
79	#endif /* yygindex */
80
81	#ifndef yytable
82	#define yytable setkeyyytable
83	#endif /* yytable */
84
85	#ifndef yycheck
86	#define yycheck setkeyyycheck
87	#endif /* yycheck */
88
89	#ifndef yyname
90	#define yyname setkeyyyname
91	#endif /* yyname */
92
93	#ifndef yyrule
94	#define yyrule setkeyyyrule
95	#endif /* yyrule */
96	#define YYPREFIX "setkeyyy"
97
98	#define YYPURE 0
99
100	#line 35 "../../ipsec-tools/src/setkey/parse.y"
101	#ifdef HAVE_CONFIG_H
102	#include "config.h"
103	#endif
104
105	#include <sys/types.h>
106	#include <sys/param.h>
107	#include <sys/socket.h>
108
109	#include <netinet/in.h>
110	#include <net/pfkeyv2.h>
111	#include PATH_IPSEC_H
112	#include <arpa/inet.h>
113
114	#include <string.h>
115	#include <unistd.h>
116	#include <stdio.h>
117	#include <netdb.h>
118	#include <ctype.h>
119	#include <errno.h>
120	#include <stdlib.h>
121
122	#include "libpfkey.h"
123	#include "vchar.h"
124	#include "extern.h"
125
126	#define DEFAULT_NATT_PORT 4500
127
128	#ifndef UDP_ENCAP_ESPINUDP
129	#define UDP_ENCAP_ESPINUDP 2
130	#endif
131
132	#define ATOX(c) \
133	(isdigit((int)c) ? (c - '0') : \
134	(isupper((int)c) ? (c - 'A' + 10) : (c - 'a' + 10)))
135
136	#ifndef __rtems__
137	u_int32_t p_spi;
138	u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
139	u_int32_t p_reqid;
140	u_int p_key_enc_len, p_key_auth_len;
141	const char *p_key_enc;
142	const char *p_key_auth;
143	time_t p_lt_hard, p_lt_soft;
144	size_t p_lb_hard, p_lb_soft;
145	#else /* __rtems__ */
146	static u_int32_t p_spi;
147	static u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
148	static u_int32_t p_reqid;
149	static u_int p_key_enc_len, p_key_auth_len;
150	static const char *p_key_enc;
151	static const char *p_key_auth;
152	static time_t p_lt_hard, p_lt_soft;
153	static size_t p_lb_hard, p_lb_soft;
154	#endif /* __rtems__ */
155
156	struct security_ctx {
157	u_int8_t doi;
158	u_int8_t alg;
159	u_int16_t len;
160	char *buf;
161	};
162
163	static struct security_ctx sec_ctx;
164
165	static u_int p_natt_type;
166	static struct addrinfo * p_natt_oa = NULL;
167
168	static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
169
170	static struct addrinfo parse_addr __P((char , char *));
171	static int fix_portstr __P((int, vchar_t , vchar_t , vchar_t *));
172	static int setvarbuf __P((char , int , struct sadb_ext *, int,
173	const void *, int));
174	void parse_init __P((void));
175	void free_buffer __P((void));
176
177	int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
178	static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
179	struct addrinfo , int, struct addrinfo , int));
180	static int setkeymsg_spdaddr_tag __P((unsigned int, char , vchar_t ));
181	static int setkeymsg_addr __P((unsigned int, unsigned int,
182	struct addrinfo , struct addrinfo , int));
183	static int setkeymsg_add __P((unsigned int, unsigned int,
184	struct addrinfo , struct addrinfo ));
185	#ifdef YYSTYPE
186	#undef YYSTYPE_IS_DECLARED
187	#define YYSTYPE_IS_DECLARED 1
188	#endif
189	#ifndef YYSTYPE_IS_DECLARED
190	#define YYSTYPE_IS_DECLARED 1
191	#line 121 "../../ipsec-tools/src/setkey/parse.y"
192	typedef union {
193	int num;
194	unsigned long ulnum;
195	vchar_t val;
196	struct addrinfo *res;
197	} YYSTYPE;
198	#endif /* !YYSTYPE_IS_DECLARED */
199	#line 200 "setkeyyy.tab.c"
200
201	/* compatibility with bison */
202	#ifdef YYPARSE_PARAM
203	/* compatibility with FreeBSD */
204	# ifdef YYPARSE_PARAM_TYPE
205	# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
206	# else
207	# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
208	# endif
209	#else
210	# define YYPARSE_DECL() yyparse(void)
211	#endif
212
213	/* Parameters sent to lex. */
214	#ifdef YYLEX_PARAM
215	# define YYLEX_DECL() yylex(void *YYLEX_PARAM)
216	# define YYLEX yylex(YYLEX_PARAM)
217	#else
218	# define YYLEX_DECL() yylex(void)
219	# define YYLEX yylex()
220	#endif
221
222	/* Parameters sent to yyerror. */
223	#ifndef YYERROR_DECL
224	#define YYERROR_DECL() yyerror(const char *s)
225	#endif
226	#ifndef YYERROR_CALL
227	#define YYERROR_CALL(msg) yyerror(msg)
228	#endif
229
230	extern int YYPARSE_DECL();
231
232	#define EOT 257
233	#define SLASH 258
234	#define BLCL 259
235	#define ELCL 260
236	#define ADD 261
237	#define GET 262
238	#define DELETE 263
239	#define DELETEALL 264
240	#define FLUSH 265
241	#define DUMP 266
242	#define EXIT 267
243	#define PR_ESP 268
244	#define PR_AH 269
245	#define PR_IPCOMP 270
246	#define PR_ESPUDP 271
247	#define PR_TCP 272
248	#define F_PROTOCOL 273
249	#define F_AUTH 274
250	#define F_ENC 275
251	#define F_REPLAY 276
252	#define F_COMP 277
253	#define F_RAWCPI 278
254	#define F_MODE 279
255	#define MODE 280
256	#define F_REQID 281
257	#define F_EXT 282
258	#define EXTENSION 283
259	#define NOCYCLICSEQ 284
260	#define ALG_AUTH 285
261	#define ALG_AUTH_NOKEY 286
262	#define ALG_ENC 287
263	#define ALG_ENC_NOKEY 288
264	#define ALG_ENC_DESDERIV 289
265	#define ALG_ENC_DES32IV 290
266	#define ALG_ENC_OLD 291
267	#define ALG_COMP 292
268	#define F_LIFETIME_HARD 293
269	#define F_LIFETIME_SOFT 294
270	#define F_LIFEBYTE_HARD 295
271	#define F_LIFEBYTE_SOFT 296
272	#define DECSTRING 297
273	#define QUOTEDSTRING 298
274	#define HEXSTRING 299
275	#define STRING 300
276	#define ANY 301
277	#define SPDADD 302
278	#define SPDUPDATE 303
279	#define SPDDELETE 304
280	#define SPDDUMP 305
281	#define SPDFLUSH 306
282	#define F_POLICY 307
283	#define PL_REQUESTS 308
284	#define F_AIFLAGS 309
285	#define TAGGED 310
286	#define SECURITY_CTX 311
287	#define YYERRCODE 256
288	typedef int YYINT;
289	static const YYINT setkeyyylhs[] = { -1,
290	0, 0, 11, 11, 11, 11, 11, 11, 11, 11,
291	11, 11, 11, 11, 12, 14, 15, 13, 16, 17,
292	2, 2, 2, 2, 2, 2, 2, 25, 25, 27,
293	27, 27, 28, 28, 29, 30, 30, 31, 31, 31,
294	31, 31, 32, 32, 5, 5, 26, 26, 33, 33,
295	33, 33, 33, 33, 33, 33, 33, 33, 33, 19,
296	19, 20, 20, 21, 22, 23, 24, 24, 35, 9,
297	10, 10, 1, 1, 4, 4, 4, 4, 3, 3,
298	3, 3, 7, 7, 34, 34, 8, 6, 18,
299	};
300	static const YYINT setkeyyylen[] = { 2,
301	0, 2, 1, 1, 1, 1, 1, 1, 1, 1,
302	1, 1, 1, 1, 9, 8, 6, 8, 3, 3,
303	0, 1, 1, 1, 1, 2, 1, 1, 1, 1,
304	1, 1, 4, 2, 2, 2, 3, 1, 2, 1,
305	2, 2, 2, 1, 1, 1, 0, 2, 2, 2,
306	2, 2, 2, 2, 2, 2, 2, 2, 4, 13,
307	5, 13, 5, 13, 2, 2, 0, 2, 1, 1,
308	1, 2, 0, 2, 0, 3, 3, 3, 1, 1,
309	1, 1, 0, 1, 0, 4, 2, 1, 2,
310	};
311	static const YYINT setkeyyydefred[] = { 1,
312	0, 67, 67, 67, 67, 0, 0, 0, 0, 0,
313	67, 0, 0, 2, 3, 4, 5, 6, 7, 8,
314	9, 10, 11, 12, 13, 14, 0, 0, 0, 0,
315	22, 23, 24, 0, 27, 0, 0, 89, 0, 0,
316	0, 0, 0, 65, 66, 0, 69, 0, 68, 0,
317	0, 70, 0, 26, 19, 20, 0, 0, 0, 0,
318	0, 0, 72, 0, 0, 0, 0, 0, 0, 0,
319	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
320	0, 88, 87, 61, 74, 0, 63, 0, 0, 77,
321	78, 76, 28, 29, 47, 47, 47, 17, 0, 0,
322	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
323	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
324	30, 31, 32, 48, 18, 16, 0, 0, 0, 0,
325	44, 35, 0, 38, 0, 0, 40, 0, 54, 0,
326	51, 52, 53, 49, 50, 55, 56, 57, 58, 0,
327	15, 81, 79, 82, 80, 0, 0, 0, 45, 46,
328	43, 39, 41, 42, 0, 37, 0, 84, 0, 0,
329	0, 33, 59, 0, 0, 0, 0, 0, 0, 0,
330	0, 0, 60, 62, 64, 86,
331	};
332	static const YYINT setkeyyydgoto[] = { 1,
333	71, 36, 156, 63, 161, 83, 169, 69, 53, 48,
334	14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
335	24, 25, 26, 27, 95, 102, 120, 121, 122, 123,
336	138, 132, 124, 175, 49,
337	};
338	static const YYINT setkeyyysindex[] = { 0,
339	-251, 0, 0, 0, 0, -128, -128, -250, -267, -253,
340	0, -227, -169, 0, 0, 0, 0, 0, 0, 0,
341	0, 0, 0, 0, 0, 0, -292, -292, -292, -277,
342	0, 0, 0, -187, 0, -129, -122, 0, -233, -214,
343	-133, -185, -180, 0, 0, -103, 0, -134, 0, -134,
344	-134, 0, -187, 0, 0, 0, -140, -90, -140, -90,
345	-90, -147, 0, -128, -128, -128, -128, -139, -87, -126,
346	-103, -85, -103, -103, -86, -84, -83, -210, -210, -210,
347	-82, 0, 0, 0, 0, -127, 0, -121, -120, 0,
348	0, 0, 0, 0, 0, 0, 0, 0, -90, -90,
349	-90, -197, -255, -248, -103, -103, -103, -280, -142, -119,
350	-111, -276, -115, -264, -114, -113, -112, -110, -109, -71,
351	0, 0, 0, 0, 0, 0, -191, -191, -191, -249,
352	0, 0, -249, 0, -249, -249, 0, -81, 0, -89,
353	0, 0, 0, 0, 0, 0, 0, 0, 0, -107,
354	0, 0, 0, 0, 0, -108, -108, -108, 0, 0,
355	0, 0, 0, 0, -280, 0, -104, 0, -116, -116,
356	-116, 0, 0, -106, -140, -140, -140, -101, -60, -58,
357	-57, -100, 0, 0, 0, 0,
358	};
359	static const YYINT setkeyyyrindex[] = { 0,
360	0, 0, 0, 0, 0, -55, -55, 0, -173, -173,
361	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
362	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
363	0, 0, 0, -235, 0, 0, 0, 0, 0, 0,
364	0, 0, 0, 0, 0, -178, 0, 0, 0, 0,
365	0, 0, 0, 0, 0, 0, 0, -256, 0, -256,
366	-256, 0, 0, -192, -192, -192, -55, 0, 0, 0,
367	-99, 0, -99, -99, 0, 0, 0, 0, 0, 0,
368	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
369	0, 0, 0, 0, 0, 0, 0, 0, -230, -230,
370	-230, 0, 0, 0, -189, -189, -189, 0, 0, 0,
371	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
372	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
373	0, 0, 0, 0, 0, 0, 0, -54, 0, -53,
374	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
375	0, 0, 0, 0, 0, -177, -177, -177, 0, 0,
376	0, 0, 0, 0, 0, 0, 0, 0, -102, -102,
377	-102, 0, 0, 0, 0, 0, 0, 0, 0, 0,
378	0, 0, 0, 0, 0, 0,
379	};
380	static const YYINT setkeyyygindex[] = { 0,
381	-25, -6, -56, -5, 22, 0, 2, -59, -16, 75,
382	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
383	0, 0, 0, 128, 72, 65, 0, 0, 0, 0,
384	0, 41, 0, -7, 0,
385	};
386	#define YYTABLESIZE 206
387	static const YYINT setkeyyytable[] = { 72,
388	37, 125, 73, 141, 130, 131, 38, 46, 126, 2,
389	3, 4, 5, 6, 7, 8, 47, 54, 144, 145,
390	110, 25, 52, 112, 142, 113, 114, 110, 73, 44,
391	112, 47, 113, 114, 73, 74, 67, 115, 116, 117,
392	118, 73, 39, 73, 115, 116, 117, 118, 159, 160,
393	9, 10, 11, 12, 13, 119, 41, 78, 79, 80,
394	81, 25, 119, 25, 57, 86, 73, 88, 89, 73,
395	73, 157, 158, 105, 106, 107, 108, 109, 110, 111,
396	152, 112, 75, 113, 114, 58, 93, 45, 94, 71,
397	71, 71, 71, 71, 47, 115, 116, 117, 118, 127,
398	128, 129, 50, 51, 21, 153, 21, 75, 154, 155,
399	75, 75, 52, 119, 60, 179, 180, 181, 71, 61,
400	71, 71, 64, 47, 65, 66, 67, 55, 47, 83,
401	28, 29, 30, 83, 56, 67, 40, 42, 43, 31,
402	32, 33, 34, 35, 133, 134, 135, 136, 137, 75,
403	96, 97, 76, 77, 162, 62, 163, 164, 170, 171,
404	103, 104, 176, 177, 59, 46, 68, 70, 82, 84,
405	85, 87, 99, 90, 98, 91, 92, 139, 100, 101,
406	140, 143, 146, 147, 148, 151, 149, 150, 166, 167,
407	178, 168, 165, 173, 174, 182, 183, 186, 184, 185,
408	75, 21, 34, 36, 85, 172,
409	};
410	static const YYINT setkeyyycheck[] = { 59,
411	7, 257, 259, 280, 285, 286, 257, 300, 257, 261,
412	262, 263, 264, 265, 266, 267, 309, 34, 283, 284,
413	276, 257, 300, 279, 301, 281, 282, 276, 259, 257,
414	279, 309, 281, 282, 60, 61, 53, 293, 294, 295,
415	296, 272, 310, 300, 293, 294, 295, 296, 298, 299,
416	302, 303, 304, 305, 306, 311, 310, 64, 65, 66,
417	67, 297, 311, 299, 298, 71, 297, 73, 74, 300,
418	301, 128, 129, 99, 100, 101, 274, 275, 276, 277,
419	272, 279, 272, 281, 282, 300, 297, 257, 299, 268,
420	269, 270, 271, 272, 309, 293, 294, 295, 296, 105,
421	106, 107, 28, 29, 297, 297, 299, 297, 300, 301,
422	300, 301, 300, 311, 300, 175, 176, 177, 297, 300,
423	299, 300, 48, 309, 50, 51, 300, 257, 309, 307,
424	3, 4, 5, 311, 257, 309, 9, 10, 11, 268,
425	269, 270, 271, 272, 287, 288, 289, 290, 291, 297,
426	79, 80, 300, 301, 133, 259, 135, 136, 157, 158,
427	96, 97, 170, 171, 298, 300, 307, 258, 308, 257,
428	297, 257, 300, 260, 257, 260, 260, 297, 300, 300,
429	292, 297, 297, 297, 297, 257, 297, 297, 278, 297,
430	297, 300, 274, 298, 311, 297, 257, 298, 257, 257,
431	300, 257, 257, 257, 307, 165,
432	};
433	#define YYFINAL 1
434	#ifndef YYDEBUG
435	#define YYDEBUG 0
436	#endif
437	#define YYMAXTOKEN 311
438	#define YYUNDFTOKEN 349
439	#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))
440	#if YYDEBUG
441	static const char *const setkeyyyname[] = {
442
443	"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
444	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
445	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
446	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
447	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
448	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
449	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"EOT","SLASH","BLCL","ELCL","ADD",
450	"GET","DELETE","DELETEALL","FLUSH","DUMP","EXIT","PR_ESP","PR_AH","PR_IPCOMP",
451	"PR_ESPUDP","PR_TCP","F_PROTOCOL","F_AUTH","F_ENC","F_REPLAY","F_COMP",
452	"F_RAWCPI","F_MODE","MODE","F_REQID","F_EXT","EXTENSION","NOCYCLICSEQ",
453	"ALG_AUTH","ALG_AUTH_NOKEY","ALG_ENC","ALG_ENC_NOKEY","ALG_ENC_DESDERIV",
454	"ALG_ENC_DES32IV","ALG_ENC_OLD","ALG_COMP","F_LIFETIME_HARD","F_LIFETIME_SOFT",
455	"F_LIFEBYTE_HARD","F_LIFEBYTE_SOFT","DECSTRING","QUOTEDSTRING","HEXSTRING",
456	"STRING","ANY","SPDADD","SPDUPDATE","SPDDELETE","SPDDUMP","SPDFLUSH","F_POLICY",
457	"PL_REQUESTS","F_AIFLAGS","TAGGED","SECURITY_CTX",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
458	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol",
459	};
460	static const char *const setkeyyyrule[] = {
461	"$accept : commands",
462	"commands :",
463	"commands : commands command",
464	"command : add_command",
465	"command : get_command",
466	"command : delete_command",
467	"command : deleteall_command",
468	"command : flush_command",
469	"command : dump_command",
470	"command : exit_command",
471	"command : spdadd_command",
472	"command : spdupdate_command",
473	"command : spddelete_command",
474	"command : spddump_command",
475	"command : spdflush_command",
476	"add_command : ADD ipaddropts ipandport ipandport protocol_spec spi extension_spec algorithm_spec EOT",
477	"delete_command : DELETE ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT",
478	"deleteall_command : DELETEALL ipaddropts ipaddr ipaddr protocol_spec EOT",
479	"get_command : GET ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT",
480	"flush_command : FLUSH protocol_spec EOT",
481	"dump_command : DUMP protocol_spec EOT",
482	"protocol_spec :",
483	"protocol_spec : PR_ESP",
484	"protocol_spec : PR_AH",
485	"protocol_spec : PR_IPCOMP",
486	"protocol_spec : PR_ESPUDP",
487	"protocol_spec : PR_ESPUDP ipaddr",
488	"protocol_spec : PR_TCP",
489	"spi : DECSTRING",
490	"spi : HEXSTRING",
491	"algorithm_spec : esp_spec",
492	"algorithm_spec : ah_spec",
493	"algorithm_spec : ipcomp_spec",
494	"esp_spec : F_ENC enc_alg F_AUTH auth_alg",
495	"esp_spec : F_ENC enc_alg",
496	"ah_spec : F_AUTH auth_alg",
497	"ipcomp_spec : F_COMP ALG_COMP",
498	"ipcomp_spec : F_COMP ALG_COMP F_RAWCPI",
499	"enc_alg : ALG_ENC_NOKEY",
500	"enc_alg : ALG_ENC key_string",
501	"enc_alg : ALG_ENC_OLD",
502	"enc_alg : ALG_ENC_DESDERIV key_string",
503	"enc_alg : ALG_ENC_DES32IV key_string",
504	"auth_alg : ALG_AUTH key_string",
505	"auth_alg : ALG_AUTH_NOKEY",
506	"key_string : QUOTEDSTRING",
507	"key_string : HEXSTRING",
508	"extension_spec :",
509	"extension_spec : extension_spec extension",
510	"extension : F_EXT EXTENSION",
511	"extension : F_EXT NOCYCLICSEQ",
512	"extension : F_MODE MODE",
513	"extension : F_MODE ANY",
514	"extension : F_REQID DECSTRING",
515	"extension : F_REPLAY DECSTRING",
516	"extension : F_LIFETIME_HARD DECSTRING",
517	"extension : F_LIFETIME_SOFT DECSTRING",
518	"extension : F_LIFEBYTE_HARD DECSTRING",
519	"extension : F_LIFEBYTE_SOFT DECSTRING",
520	"extension : SECURITY_CTX DECSTRING DECSTRING QUOTEDSTRING",
521	"spdadd_command : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT",
522	"spdadd_command : SPDADD TAGGED QUOTEDSTRING policy_spec EOT",
523	"spdupdate_command : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT",
524	"spdupdate_command : SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT",
525	"spddelete_command : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT",
526	"spddump_command : SPDDUMP EOT",
527	"spdflush_command : SPDFLUSH EOT",
528	"ipaddropts :",
529	"ipaddropts : ipaddropts ipaddropt",
530	"ipaddropt : F_AIFLAGS",
531	"ipaddr : STRING",
532	"ipandport : STRING",
533	"ipandport : STRING portstr",
534	"prefix :",
535	"prefix : SLASH DECSTRING",
536	"portstr :",
537	"portstr : BLCL ANY ELCL",
538	"portstr : BLCL DECSTRING ELCL",
539	"portstr : BLCL STRING ELCL",
540	"upper_spec : DECSTRING",
541	"upper_spec : ANY",
542	"upper_spec : PR_TCP",
543	"upper_spec : STRING",
544	"upper_misc_spec :",
545	"upper_misc_spec : STRING",
546	"context_spec :",
547	"context_spec : SECURITY_CTX DECSTRING DECSTRING QUOTEDSTRING",
548	"policy_spec : F_POLICY policy_requests",
549	"policy_requests : PL_REQUESTS",
550	"exit_command : EXIT EOT",
551
552	};
553	#endif
554
555	int yydebug;
556	int yynerrs;
557
558	int yyerrflag;
559	int yychar;
560	YYSTYPE yyval;
561	YYSTYPE yylval;
562
563	/* define the initial stack-sizes */
564	#ifdef YYSTACKSIZE
565	#undef YYMAXDEPTH
566	#define YYMAXDEPTH YYSTACKSIZE
567	#else
568	#ifdef YYMAXDEPTH
569	#define YYSTACKSIZE YYMAXDEPTH
570	#else
571	#define YYSTACKSIZE 10000
572	#define YYMAXDEPTH 10000
573	#endif
574	#endif
575
576	#define YYINITSTACKSIZE 200
577
578	typedef struct {
579	unsigned stacksize;
580	YYINT *s_base;
581	YYINT *s_mark;
582	YYINT *s_last;
583	YYSTYPE *l_base;
584	YYSTYPE *l_mark;
585	} YYSTACKDATA;
586	/* variables for the parser stack */
587	static YYSTACKDATA yystack;
588	#line 919 "../../ipsec-tools/src/setkey/parse.y"
589
590	int
591	setkeymsg0(msg, type, satype, l)
592	struct sadb_msg *msg;
593	unsigned int type;
594	unsigned int satype;
595	size_t l;
596	{
597
598	msg->sadb_msg_version = PF_KEY_V2;
599	msg->sadb_msg_type = type;
600	msg->sadb_msg_errno = 0;
601	msg->sadb_msg_satype = satype;
602	msg->sadb_msg_reserved = 0;
603	msg->sadb_msg_seq = 0;
604	msg->sadb_msg_pid = getpid();
605	msg->sadb_msg_len = PFKEY_UNIT64(l);
606	return 0;
607	}
608
609	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
610	static int
611	setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
612	unsigned int type;
613	unsigned int upper;
614	vchar_t *policy;
615	struct addrinfo *srcs;
616	int splen;
617	struct addrinfo *dsts;
618	int dplen;
619	{
620	struct sadb_msg *msg;
621	char buf[BUFSIZ];
622	int l, l0;
623	struct sadb_address m_addr;
624	struct addrinfo s, d;
625	int n;
626	int plen;
627	struct sockaddr *sa;
628	int salen;
629	struct sadb_x_policy *sp;
630	#ifdef HAVE_POLICY_FWD
631	struct sadb_x_ipsecrequest *ps = NULL;
632	int saved_level, saved_id = 0;
633	#endif
634
635	msg = (struct sadb_msg *)buf;
636
637	if (!srcs \|\| !dsts)
638	return -1;
639
640	/* fix up length afterwards */
641	setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
642	l = sizeof(struct sadb_msg);
643
644	sp = (struct sadb_x_policy*) (buf + l);
645	memcpy(buf + l, policy->buf, policy->len);
646	l += policy->len;
647
648	l0 = l;
649	n = 0;
650
651	/* do it for all src/dst pairs */
652	for (s = srcs; s; s = s->ai_next) {
653	for (d = dsts; d; d = d->ai_next) {
654	/* rewind pointer */
655	l = l0;
656
657	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
658	continue;
659	switch (s->ai_addr->sa_family) {
660	case AF_INET:
661	plen = sizeof(struct in_addr) << 3;
662	break;
663	#ifdef INET6
664	case AF_INET6:
665	plen = sizeof(struct in6_addr) << 3;
666	break;
667	#endif
668	default:
669	continue;
670	}
671
672	/* set src */
673	sa = s->ai_addr;
674	salen = sysdep_sa_len(s->ai_addr);
675	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
676	PFKEY_ALIGN8(salen));
677	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
678	m_addr.sadb_address_proto = upper;
679	m_addr.sadb_address_prefixlen =
680	(splen >= 0 ? splen : plen);
681	m_addr.sadb_address_reserved = 0;
682
683	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
684	sizeof(m_addr), (caddr_t)sa, salen);
685
686	/* set dst */
687	sa = d->ai_addr;
688	salen = sysdep_sa_len(d->ai_addr);
689	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
690	PFKEY_ALIGN8(salen));
691	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
692	m_addr.sadb_address_proto = upper;
693	m_addr.sadb_address_prefixlen =
694	(dplen >= 0 ? dplen : plen);
695	m_addr.sadb_address_reserved = 0;
696
697	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
698	sizeof(m_addr), sa, salen);
699	#ifdef SADB_X_EXT_SEC_CTX
700	/* Add security context label */
701	if (sec_ctx.doi) {
702	struct sadb_x_sec_ctx m_sec_ctx;
703	u_int slen = sizeof(struct sadb_x_sec_ctx);
704
705	memset(&m_sec_ctx, 0, slen);
706
707	m_sec_ctx.sadb_x_sec_len =
708	PFKEY_UNIT64(slen + PFKEY_ALIGN8(sec_ctx.len));
709
710	m_sec_ctx.sadb_x_sec_exttype =
711	SADB_X_EXT_SEC_CTX;
712	m_sec_ctx.sadb_x_ctx_len = sec_ctx.len;/bytes/
713	m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
714	m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
715	setvarbuf(buf, &l,
716	(struct sadb_ext *)&m_sec_ctx, slen,
717	(caddr_t)sec_ctx.buf, sec_ctx.len);
718	}
719	#endif
720	msg->sadb_msg_len = PFKEY_UNIT64(l);
721
722	sendkeymsg(buf, l);
723
724	#ifdef HAVE_POLICY_FWD
725	/* create extra call for FWD policy */
726	if (f_rfcmode && sp->sadb_x_policy_dir == IPSEC_DIR_INBOUND) {
727	sp->sadb_x_policy_dir = IPSEC_DIR_FWD;
728	ps = (struct sadb_x_ipsecrequest*) (sp+1);
729
730	/* if request level is unique, change it to
731	* require for fwd policy */
732	/* XXX: currently, only first policy is updated
733	* only. Update following too... */
734	saved_level = ps->sadb_x_ipsecrequest_level;
735	if (saved_level == IPSEC_LEVEL_UNIQUE) {
736	saved_id = ps->sadb_x_ipsecrequest_reqid;
737	ps->sadb_x_ipsecrequest_reqid=0;
738	ps->sadb_x_ipsecrequest_level=IPSEC_LEVEL_REQUIRE;
739	}
740
741	sendkeymsg(buf, l);
742	/* restoring for next message */
743	sp->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
744	if (saved_level == IPSEC_LEVEL_UNIQUE) {
745	ps->sadb_x_ipsecrequest_reqid = saved_id;
746	ps->sadb_x_ipsecrequest_level = saved_level;
747	}
748	}
749	#endif
750
751	n++;
752	}
753	}
754
755	if (n == 0)
756	return -1;
757	else
758	return 0;
759	}
760
761	static int
762	setkeymsg_spdaddr_tag(type, tag, policy)
763	unsigned int type;
764	char *tag;
765	vchar_t *policy;
766	{
767	struct sadb_msg *msg;
768	char buf[BUFSIZ];
769	int l, l0;
770	#ifdef SADB_X_EXT_TAG
771	struct sadb_x_tag m_tag;
772	#endif
773	int n;
774
775	msg = (struct sadb_msg *)buf;
776
777	/* fix up length afterwards */
778	setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
779	l = sizeof(struct sadb_msg);
780
781	memcpy(buf + l, policy->buf, policy->len);
782	l += policy->len;
783
784	l0 = l;
785	n = 0;
786
787	#ifdef SADB_X_EXT_TAG
788	memset(&m_tag, 0, sizeof(m_tag));
789	m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
790	m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
791	if (strlcpy(m_tag.sadb_x_tag_name, tag,
792	sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
793	return -1;
794	memcpy(buf + l, &m_tag, sizeof(m_tag));
795	l += sizeof(m_tag);
796	#endif
797
798	msg->sadb_msg_len = PFKEY_UNIT64(l);
799
800	sendkeymsg(buf, l);
801
802	return 0;
803	}
804
805	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
806	static int
807	setkeymsg_addr(type, satype, srcs, dsts, no_spi)
808	unsigned int type;
809	unsigned int satype;
810	struct addrinfo *srcs;
811	struct addrinfo *dsts;
812	int no_spi;
813	{
814	struct sadb_msg *msg;
815	char buf[BUFSIZ];
816	int l, l0, len;
817	struct sadb_sa m_sa;
818	struct sadb_x_sa2 m_sa2;
819	struct sadb_address m_addr;
820	struct addrinfo s, d;
821	int n;
822	int plen;
823	struct sockaddr *sa;
824	int salen;
825
826	msg = (struct sadb_msg *)buf;
827
828	if (!srcs \|\| !dsts)
829	return -1;
830
831	/* fix up length afterwards */
832	setkeymsg0(msg, type, satype, 0);
833	l = sizeof(struct sadb_msg);
834
835	if (!no_spi) {
836	len = sizeof(struct sadb_sa);
837	m_sa.sadb_sa_len = PFKEY_UNIT64(len);
838	m_sa.sadb_sa_exttype = SADB_EXT_SA;
839	m_sa.sadb_sa_spi = htonl(p_spi);
840	m_sa.sadb_sa_replay = p_replay;
841	m_sa.sadb_sa_state = 0;
842	m_sa.sadb_sa_auth = p_alg_auth;
843	m_sa.sadb_sa_encrypt = p_alg_enc;
844	m_sa.sadb_sa_flags = p_ext;
845
846	memcpy(buf + l, &m_sa, len);
847	l += len;
848
849	len = sizeof(struct sadb_x_sa2);
850	m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
851	m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
852	m_sa2.sadb_x_sa2_mode = p_mode;
853	m_sa2.sadb_x_sa2_reqid = p_reqid;
854
855	memcpy(buf + l, &m_sa2, len);
856	l += len;
857	}
858
859	l0 = l;
860	n = 0;
861
862	/* do it for all src/dst pairs */
863	for (s = srcs; s; s = s->ai_next) {
864	for (d = dsts; d; d = d->ai_next) {
865	/* rewind pointer */
866	l = l0;
867
868	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
869	continue;
870	switch (s->ai_addr->sa_family) {
871	case AF_INET:
872	plen = sizeof(struct in_addr) << 3;
873	break;
874	#ifdef INET6
875	case AF_INET6:
876	plen = sizeof(struct in6_addr) << 3;
877	break;
878	#endif
879	default:
880	continue;
881	}
882
883	/* set src */
884	sa = s->ai_addr;
885	salen = sysdep_sa_len(s->ai_addr);
886	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
887	PFKEY_ALIGN8(salen));
888	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
889	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
890	m_addr.sadb_address_prefixlen = plen;
891	m_addr.sadb_address_reserved = 0;
892
893	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
894	sizeof(m_addr), sa, salen);
895
896	/* set dst */
897	sa = d->ai_addr;
898	salen = sysdep_sa_len(d->ai_addr);
899	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
900	PFKEY_ALIGN8(salen));
901	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
902	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
903	m_addr.sadb_address_prefixlen = plen;
904	m_addr.sadb_address_reserved = 0;
905
906	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
907	sizeof(m_addr), sa, salen);
908
909	msg->sadb_msg_len = PFKEY_UNIT64(l);
910
911	sendkeymsg(buf, l);
912
913	n++;
914	}
915	}
916
917	if (n == 0)
918	return -1;
919	else
920	return 0;
921	}
922
923	#ifdef SADB_X_EXT_NAT_T_TYPE
924	static u_int16_t get_port (struct addrinfo *addr)
925	{
926	struct sockaddr *s = addr->ai_addr;
927	u_int16_t port = 0;
928
929	switch (s->sa_family) {
930	case AF_INET:
931	{
932	struct sockaddr_in sin4 = (struct sockaddr_in )s;
933	port = ntohs(sin4->sin_port);
934	break;
935	}
936	case AF_INET6:
937	{
938	struct sockaddr_in6 sin6 = (struct sockaddr_in6 )s;
939	port = ntohs(sin6->sin6_port);
940	break;
941	}
942	}
943
944	if (port == 0)
945	port = DEFAULT_NATT_PORT;
946
947	return port;
948	}
949	#endif
950
951	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
952	static int
953	setkeymsg_add(type, satype, srcs, dsts)
954	unsigned int type;
955	unsigned int satype;
956	struct addrinfo *srcs;
957	struct addrinfo *dsts;
958	{
959	struct sadb_msg *msg;
960	char buf[BUFSIZ];
961	int l, l0, len;
962	struct sadb_sa m_sa;
963	struct sadb_x_sa2 m_sa2;
964	struct sadb_address m_addr;
965	struct addrinfo s, d;
966	int n;
967	int plen;
968	struct sockaddr *sa;
969	int salen;
970
971	msg = (struct sadb_msg *)buf;
972
973	if (!srcs \|\| !dsts)
974	return -1;
975
976	/* fix up length afterwards */
977	setkeymsg0(msg, type, satype, 0);
978	l = sizeof(struct sadb_msg);
979
980	/* set encryption algorithm, if present. */
981	if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
982	union {
983	struct sadb_key key;
984	struct sadb_ext ext;
985	} m;
986
987	m.key.sadb_key_len =
988	PFKEY_UNIT64(sizeof(m.key)
989	+ PFKEY_ALIGN8(p_key_enc_len));
990	m.key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
991	m.key.sadb_key_bits = p_key_enc_len * 8;
992	m.key.sadb_key_reserved = 0;
993
994	setvarbuf(buf, &l, &m.ext, sizeof(m.key),
995	p_key_enc, p_key_enc_len);
996	}
997
998	/* set authentication algorithm, if present. */
999	if (p_key_auth) {
1000	union {
1001	struct sadb_key key;
1002	struct sadb_ext ext;
1003	} m;
1004
1005	m.key.sadb_key_len =
1006	PFKEY_UNIT64(sizeof(m.key)
1007	+ PFKEY_ALIGN8(p_key_auth_len));
1008	m.key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
1009	m.key.sadb_key_bits = p_key_auth_len * 8;
1010	m.key.sadb_key_reserved = 0;
1011
1012	setvarbuf(buf, &l, &m.ext, sizeof(m.key),
1013	p_key_auth, p_key_auth_len);
1014	}
1015
1016	/* set lifetime for HARD */
1017	if (p_lt_hard != 0 \|\| p_lb_hard != 0) {
1018	struct sadb_lifetime m_lt;
1019	u_int slen = sizeof(struct sadb_lifetime);
1020
1021	m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1022	m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
1023	m_lt.sadb_lifetime_allocations = 0;
1024	m_lt.sadb_lifetime_bytes = p_lb_hard;
1025	m_lt.sadb_lifetime_addtime = p_lt_hard;
1026	m_lt.sadb_lifetime_usetime = 0;
1027
1028	memcpy(buf + l, &m_lt, slen);
1029	l += slen;
1030	}
1031
1032	/* set lifetime for SOFT */
1033	if (p_lt_soft != 0 \|\| p_lb_soft != 0) {
1034	struct sadb_lifetime m_lt;
1035	u_int slen = sizeof(struct sadb_lifetime);
1036
1037	m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1038	m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
1039	m_lt.sadb_lifetime_allocations = 0;
1040	m_lt.sadb_lifetime_bytes = p_lb_soft;
1041	m_lt.sadb_lifetime_addtime = p_lt_soft;
1042	m_lt.sadb_lifetime_usetime = 0;
1043
1044	memcpy(buf + l, &m_lt, slen);
1045	l += slen;
1046	}
1047
1048	#ifdef SADB_X_EXT_SEC_CTX
1049	/* Add security context label */
1050	if (sec_ctx.doi) {
1051	struct sadb_x_sec_ctx m_sec_ctx;
1052	u_int slen = sizeof(struct sadb_x_sec_ctx);
1053
1054	memset(&m_sec_ctx, 0, slen);
1055
1056	m_sec_ctx.sadb_x_sec_len = PFKEY_UNIT64(slen +
1057	PFKEY_ALIGN8(sec_ctx.len));
1058	m_sec_ctx.sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
1059	m_sec_ctx.sadb_x_ctx_len = sec_ctx.len; /* bytes */
1060	m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
1061	m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
1062	setvarbuf(buf, &l, (struct sadb_ext *)&m_sec_ctx, slen,
1063	(caddr_t)sec_ctx.buf, sec_ctx.len);
1064	}
1065	#endif
1066
1067	len = sizeof(struct sadb_sa);
1068	m_sa.sadb_sa_len = PFKEY_UNIT64(len);
1069	m_sa.sadb_sa_exttype = SADB_EXT_SA;
1070	m_sa.sadb_sa_spi = htonl(p_spi);
1071	m_sa.sadb_sa_replay = p_replay;
1072	m_sa.sadb_sa_state = 0;
1073	m_sa.sadb_sa_auth = p_alg_auth;
1074	m_sa.sadb_sa_encrypt = p_alg_enc;
1075	m_sa.sadb_sa_flags = p_ext;
1076
1077	memcpy(buf + l, &m_sa, len);
1078	l += len;
1079
1080	len = sizeof(struct sadb_x_sa2);
1081	m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
1082	m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
1083	m_sa2.sadb_x_sa2_mode = p_mode;
1084	m_sa2.sadb_x_sa2_reqid = p_reqid;
1085
1086	memcpy(buf + l, &m_sa2, len);
1087	l += len;
1088
1089	#ifdef SADB_X_EXT_NAT_T_TYPE
1090	if (p_natt_type) {
1091	struct sadb_x_nat_t_type natt_type;
1092
1093	len = sizeof(struct sadb_x_nat_t_type);
1094	memset(&natt_type, 0, len);
1095	natt_type.sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
1096	natt_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
1097	natt_type.sadb_x_nat_t_type_type = p_natt_type;
1098
1099	memcpy(buf + l, &natt_type, len);
1100	l += len;
1101
1102	if (p_natt_oa) {
1103	sa = p_natt_oa->ai_addr;
1104	switch (sa->sa_family) {
1105	case AF_INET:
1106	plen = sizeof(struct in_addr) << 3;
1107	break;
1108	#ifdef INET6
1109	case AF_INET6:
1110	plen = sizeof(struct in6_addr) << 3;
1111	break;
1112	#endif
1113	default:
1114	return -1;
1115	}
1116	salen = sysdep_sa_len(sa);
1117	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1118	PFKEY_ALIGN8(salen));
1119	m_addr.sadb_address_exttype = SADB_X_EXT_NAT_T_OA;
1120	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1121	m_addr.sadb_address_prefixlen = plen;
1122	m_addr.sadb_address_reserved = 0;
1123
1124	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1125	sizeof(m_addr), sa, salen);
1126	}
1127	}
1128	#endif
1129
1130	l0 = l;
1131	n = 0;
1132
1133	/* do it for all src/dst pairs */
1134	for (s = srcs; s; s = s->ai_next) {
1135	for (d = dsts; d; d = d->ai_next) {
1136	/* rewind pointer */
1137	l = l0;
1138
1139	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
1140	continue;
1141	switch (s->ai_addr->sa_family) {
1142	case AF_INET:
1143	plen = sizeof(struct in_addr) << 3;
1144	break;
1145	#ifdef INET6
1146	case AF_INET6:
1147	plen = sizeof(struct in6_addr) << 3;
1148	break;
1149	#endif
1150	default:
1151	continue;
1152	}
1153
1154	/* set src */
1155	sa = s->ai_addr;
1156	salen = sysdep_sa_len(s->ai_addr);
1157	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1158	PFKEY_ALIGN8(salen));
1159	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
1160	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1161	m_addr.sadb_address_prefixlen = plen;
1162	m_addr.sadb_address_reserved = 0;
1163
1164	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1165	sizeof(m_addr), sa, salen);
1166
1167	/* set dst */
1168	sa = d->ai_addr;
1169	salen = sysdep_sa_len(d->ai_addr);
1170	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1171	PFKEY_ALIGN8(salen));
1172	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
1173	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1174	m_addr.sadb_address_prefixlen = plen;
1175	m_addr.sadb_address_reserved = 0;
1176
1177	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1178	sizeof(m_addr), sa, salen);
1179
1180	#ifdef SADB_X_EXT_NAT_T_TYPE
1181	if (p_natt_type) {
1182	struct sadb_x_nat_t_port natt_port;
1183
1184	/* NATT_SPORT */
1185	len = sizeof(struct sadb_x_nat_t_port);
1186	memset(&natt_port, 0, len);
1187	natt_port.sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
1188	natt_port.sadb_x_nat_t_port_exttype =
1189	SADB_X_EXT_NAT_T_SPORT;
1190	natt_port.sadb_x_nat_t_port_port = htons(get_port(s));
1191
1192	memcpy(buf + l, &natt_port, len);
1193	l += len;
1194
1195	/* NATT_DPORT */
1196	natt_port.sadb_x_nat_t_port_exttype =
1197	SADB_X_EXT_NAT_T_DPORT;
1198	natt_port.sadb_x_nat_t_port_port = htons(get_port(d));
1199
1200	memcpy(buf + l, &natt_port, len);
1201	l += len;
1202	}
1203	#endif
1204	msg->sadb_msg_len = PFKEY_UNIT64(l);
1205
1206	sendkeymsg(buf, l);
1207
1208	n++;
1209	}
1210	}
1211
1212	if (n == 0)
1213	return -1;
1214	else
1215	return 0;
1216	}
1217
1218	static struct addrinfo *
1219	parse_addr(host, port)
1220	char *host;
1221	char *port;
1222	{
1223	struct addrinfo hints, *res = NULL;
1224	int error;
1225
1226	memset(&hints, 0, sizeof(hints));
1227	hints.ai_family = p_aifamily;
1228	hints.ai_socktype = SOCK_DGRAM; /dummy/
1229	hints.ai_protocol = IPPROTO_UDP; /dummy/
1230	hints.ai_flags = p_aiflags;
1231	error = getaddrinfo(host, port, &hints, &res);
1232	if (error != 0) {
1233	yyerror(gai_strerror(error));
1234	return NULL;
1235	}
1236	return res;
1237	}
1238
1239	static int
1240	fix_portstr(ulproto, spec, sport, dport)
1241	int ulproto;
1242	vchar_t spec, sport, *dport;
1243	{
1244	char sp[16], dp[16];
1245	int a, b, c, d;
1246	unsigned long u;
1247
1248	if (spec->buf == NULL)
1249	return 0;
1250
1251	switch (ulproto) {
1252	case IPPROTO_ICMP:
1253	case IPPROTO_ICMPV6:
1254	case IPPROTO_MH:
1255	if (sscanf(spec->buf, "%d,%d", &a, &b) == 2) {
1256	sprintf(sp, "%d", a);
1257	sprintf(dp, "%d", b);
1258	} else if (sscanf(spec->buf, "%d", &a) == 1) {
1259	sprintf(sp, "%d", a);
1260	} else {
1261	yyerror("invalid an upper layer protocol spec");
1262	return -1;
1263	}
1264	break;
1265	case IPPROTO_GRE:
1266	if (sscanf(spec->buf, "%d.%d.%d.%d", &a, &b, &c, &d) == 4) {
1267	sprintf(sp, "%d", (a << 8) + b);
1268	sprintf(dp, "%d", (c << 8) + d);
1269	} else if (sscanf(spec->buf, "%lu", &u) == 1) {
1270	sprintf(sp, "%d", (int) (u >> 16));
1271	sprintf(dp, "%d", (int) (u & 0xffff));
1272	} else {
1273	yyerror("invalid an upper layer protocol spec");
1274	return -1;
1275	}
1276	break;
1277	}
1278
1279	free(sport->buf);
1280	sport->buf = strdup(sp);
1281	if (!sport->buf) {
1282	yyerror("insufficient memory");
1283	return -1;
1284	}
1285	sport->len = strlen(sport->buf);
1286
1287	free(dport->buf);
1288	dport->buf = strdup(dp);
1289	if (!dport->buf) {
1290	yyerror("insufficient memory");
1291	return -1;
1292	}
1293	dport->len = strlen(dport->buf);
1294
1295	return 0;
1296	}
1297
1298	static int
1299	setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
1300	char *buf;
1301	int *off;
1302	struct sadb_ext *ebuf;
1303	int elen;
1304	const void *vbuf;
1305	int vlen;
1306	{
1307	memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
1308	memcpy(buf + *off, (caddr_t)ebuf, elen);
1309	memcpy(buf + *off + elen, vbuf, vlen);
1310	(*off) += PFKEY_ALIGN8(elen + vlen);
1311
1312	return 0;
1313	}
1314
1315	void
1316	parse_init()
1317	{
1318	p_spi = 0;
1319
1320	p_ext = SADB_X_EXT_CYCSEQ;
1321	p_alg_enc = SADB_EALG_NONE;
1322	p_alg_auth = SADB_AALG_NONE;
1323	p_mode = IPSEC_MODE_ANY;
1324	p_reqid = 0;
1325	p_replay = 0;
1326	p_key_enc_len = p_key_auth_len = 0;
1327	p_key_enc = p_key_auth = 0;
1328	p_lt_hard = p_lt_soft = 0;
1329	p_lb_hard = p_lb_soft = 0;
1330
1331	memset(&sec_ctx, 0, sizeof(struct security_ctx));
1332
1333	p_aiflags = 0;
1334	p_aifamily = PF_UNSPEC;
1335
1336	/* Clear out any natt OA information */
1337	if (p_natt_oa)
1338	freeaddrinfo (p_natt_oa);
1339	p_natt_oa = NULL;
1340	p_natt_type = 0;
1341
1342	return;
1343	}
1344
1345	void
1346	free_buffer()
1347	{
1348	/* we got tons of memory leaks in the parser anyways, leave them */
1349
1350	return;
1351	}
1352	#line 1353 "setkeyyy.tab.c"
1353
1354	#if YYDEBUG
1355	#include <stdio.h> /* needed for printf */
1356	#endif
1357
1358	#include <stdlib.h> /* needed for malloc, etc */
1359	#include <string.h> /* needed for memset */
1360
1361	/* allocate initial stack or double stack size, up to YYMAXDEPTH */
1362	static int yygrowstack(YYSTACKDATA *data)
1363	{
1364	int i;
1365	unsigned newsize;
1366	YYINT *newss;
1367	YYSTYPE *newvs;
1368
1369	if ((newsize = data->stacksize) == 0)
1370	newsize = YYINITSTACKSIZE;
1371	else if (newsize >= YYMAXDEPTH)
1372	return YYENOMEM;
1373	else if ((newsize *= 2) > YYMAXDEPTH)
1374	newsize = YYMAXDEPTH;
1375
1376	i = (int) (data->s_mark - data->s_base);
1377	newss = (YYINT )realloc(data->s_base, newsize sizeof(*newss));
1378	if (newss == 0)
1379	return YYENOMEM;
1380
1381	data->s_base = newss;
1382	data->s_mark = newss + i;
1383
1384	newvs = (YYSTYPE )realloc(data->l_base, newsize sizeof(*newvs));
1385	if (newvs == 0)
1386	return YYENOMEM;
1387
1388	data->l_base = newvs;
1389	data->l_mark = newvs + i;
1390
1391	data->stacksize = newsize;
1392	data->s_last = data->s_base + newsize - 1;
1393	return 0;
1394	}
1395
1396	#if YYPURE \|\| defined(YY_NO_LEAKS)
1397	static void yyfreestack(YYSTACKDATA *data)
1398	{
1399	free(data->s_base);
1400	free(data->l_base);
1401	memset(data, 0, sizeof(*data));
1402	}
1403	#else
1404	#define yyfreestack(data) /* nothing */
1405	#endif
1406
1407	#define YYABORT goto yyabort
1408	#define YYREJECT goto yyabort
1409	#define YYACCEPT goto yyaccept
1410	#define YYERROR goto yyerrlab
1411
1412	int
1413	YYPARSE_DECL()
1414	{
1415	int yym, yyn, yystate;
1416	#if YYDEBUG
1417	const char *yys;
1418
1419	if ((yys = getenv("YYDEBUG")) != 0)
1420	{
1421	yyn = *yys;
1422	if (yyn >= '0' && yyn <= '9')
1423	yydebug = yyn - '0';
1424	}
1425	#endif
1426
1427	yym = 0;
1428	yyn = 0;
1429	yynerrs = 0;
1430	yyerrflag = 0;
1431	yychar = YYEMPTY;
1432	yystate = 0;
1433
1434	#if YYPURE
1435	memset(&yystack, 0, sizeof(yystack));
1436	#endif
1437
1438	if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
1439	yystack.s_mark = yystack.s_base;
1440	yystack.l_mark = yystack.l_base;
1441	yystate = 0;
1442	*yystack.s_mark = 0;
1443
1444	yyloop:
1445	if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
1446	if (yychar < 0)
1447	{
1448	yychar = YYLEX;
1449	if (yychar < 0) yychar = YYEOF;
1450	#if YYDEBUG
1451	if (yydebug)
1452	{
1453	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
1454	printf("%sdebug: state %d, reading %d (%s)\n",
1455	YYPREFIX, yystate, yychar, yys);
1456	}
1457	#endif
1458	}
1459	if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
1460	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
1461	{
1462	#if YYDEBUG
1463	if (yydebug)
1464	printf("%sdebug: state %d, shifting to state %d\n",
1465	YYPREFIX, yystate, yytable[yyn]);
1466	#endif
1467	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
1468	yystate = yytable[yyn];
1469	*++yystack.s_mark = yytable[yyn];
1470	*++yystack.l_mark = yylval;
1471	yychar = YYEMPTY;
1472	if (yyerrflag > 0) --yyerrflag;
1473	goto yyloop;
1474	}
1475	if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
1476	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
1477	{
1478	yyn = yytable[yyn];
1479	goto yyreduce;
1480	}
1481	if (yyerrflag != 0) goto yyinrecovery;
1482
1483	YYERROR_CALL("syntax error");
1484
1485	goto yyerrlab; /* redundant goto avoids 'unused label' warning */
1486	yyerrlab:
1487	++yynerrs;
1488
1489	yyinrecovery:
1490	if (yyerrflag < 3)
1491	{
1492	yyerrflag = 3;
1493	for (;;)
1494	{
1495	if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 &&
1496	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE)
1497	{
1498	#if YYDEBUG
1499	if (yydebug)
1500	printf("%sdebug: state %d, error recovery shifting\
1501	to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
1502	#endif
1503	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
1504	yystate = yytable[yyn];
1505	*++yystack.s_mark = yytable[yyn];
1506	*++yystack.l_mark = yylval;
1507	goto yyloop;
1508	}
1509	else
1510	{
1511	#if YYDEBUG
1512	if (yydebug)
1513	printf("%sdebug: error recovery discarding state %d\n",
1514	YYPREFIX, *yystack.s_mark);
1515	#endif
1516	if (yystack.s_mark <= yystack.s_base) goto yyabort;
1517	--yystack.s_mark;
1518	--yystack.l_mark;
1519	}
1520	}
1521	}
1522	else
1523	{
1524	if (yychar == YYEOF) goto yyabort;
1525	#if YYDEBUG
1526	if (yydebug)
1527	{
1528	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
1529	printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1530	YYPREFIX, yystate, yychar, yys);
1531	}
1532	#endif
1533	yychar = YYEMPTY;
1534	goto yyloop;
1535	}
1536
1537	yyreduce:
1538	#if YYDEBUG
1539	if (yydebug)
1540	printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1541	YYPREFIX, yystate, yyn, yyrule[yyn]);
1542	#endif
1543	yym = yylen[yyn];
1544	if (yym > 0)
1545	yyval = yystack.l_mark[1-yym];
1546	else
1547	memset(&yyval, 0, sizeof yyval);
1548
1549	switch (yyn)
1550	{
1551	case 2:
1552	#line 165 "../../ipsec-tools/src/setkey/parse.y"
1553	{
1554	free_buffer();
1555	parse_init();
1556	}
1557	break;
1558	case 15:
1559	#line 190 "../../ipsec-tools/src/setkey/parse.y"
1560	{
1561	int status;
1562
1563	status = setkeymsg_add(SADB_ADD, yystack.l_mark[-4].num, yystack.l_mark[-6].res, yystack.l_mark[-5].res);
1564	if (status < 0)
1565	return -1;
1566	}
1567	break;
1568	case 16:
1569	#line 202 "../../ipsec-tools/src/setkey/parse.y"
1570	{
1571	int status;
1572
1573	if (yystack.l_mark[-5].res->ai_next \|\| yystack.l_mark[-4].res->ai_next) {
1574	yyerror("multiple address specified");
1575	return -1;
1576	}
1577	if (p_mode != IPSEC_MODE_ANY)
1578	yyerror("WARNING: mode is obsolete");
1579
1580	status = setkeymsg_addr(SADB_DELETE, yystack.l_mark[-3].num, yystack.l_mark[-5].res, yystack.l_mark[-4].res, 0);
1581	if (status < 0)
1582	return -1;
1583	}
1584	break;
1585	case 17:
1586	#line 221 "../../ipsec-tools/src/setkey/parse.y"
1587	{
1588	#ifndef __linux__
1589	if (setkeymsg_addr(SADB_DELETE, yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, 1) < 0)
1590	return -1;
1591	#else /* __linux__ */
1592	/* linux strictly adheres to RFC2367, and returns
1593	* an error if we send an SADB_DELETE request without
1594	* an SPI. Therefore, we must first retrieve a list
1595	* of SPIs for all matching SADB entries, and then
1596	* delete each one separately. */
1597	u_int32_t *spi;
1598	int i, n;
1599
1600	spi = sendkeymsg_spigrep(yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, &n);
1601	for (i = 0; i < n; i++) {
1602	p_spi = spi[i];
1603	if (setkeymsg_addr(SADB_DELETE,
1604	yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, 0) < 0)
1605	return -1;
1606	}
1607	free(spi);
1608	#endif /* __linux__ */
1609	}
1610	break;
1611	case 18:
1612	#line 249 "../../ipsec-tools/src/setkey/parse.y"
1613	{
1614	int status;
1615
1616	if (p_mode != IPSEC_MODE_ANY)
1617	yyerror("WARNING: mode is obsolete");
1618
1619	status = setkeymsg_addr(SADB_GET, yystack.l_mark[-3].num, yystack.l_mark[-5].res, yystack.l_mark[-4].res, 0);
1620	if (status < 0)
1621	return -1;
1622	}
1623	break;
1624	case 19:
1625	#line 264 "../../ipsec-tools/src/setkey/parse.y"
1626	{
1627	struct sadb_msg msg;
1628	setkeymsg0(&msg, SADB_FLUSH, yystack.l_mark[-1].num, sizeof(msg));
1629	sendkeymsg((char *)&msg, sizeof(msg));
1630	}
1631	break;
1632	case 20:
1633	#line 274 "../../ipsec-tools/src/setkey/parse.y"
1634	{
1635	struct sadb_msg msg;
1636	setkeymsg0(&msg, SADB_DUMP, yystack.l_mark[-1].num, sizeof(msg));
1637	sendkeymsg((char *)&msg, sizeof(msg));
1638	}
1639	break;
1640	case 21:
1641	#line 283 "../../ipsec-tools/src/setkey/parse.y"
1642	{
1643	yyval.num = SADB_SATYPE_UNSPEC;
1644	}
1645	break;
1646	case 22:
1647	#line 287 "../../ipsec-tools/src/setkey/parse.y"
1648	{
1649	yyval.num = SADB_SATYPE_ESP;
1650	if (yystack.l_mark[0].num == 1)
1651	p_ext \|= SADB_X_EXT_OLD;
1652	else
1653	p_ext &= ~SADB_X_EXT_OLD;
1654	}
1655	break;
1656	case 23:
1657	#line 295 "../../ipsec-tools/src/setkey/parse.y"
1658	{
1659	yyval.num = SADB_SATYPE_AH;
1660	if (yystack.l_mark[0].num == 1)
1661	p_ext \|= SADB_X_EXT_OLD;
1662	else
1663	p_ext &= ~SADB_X_EXT_OLD;
1664	}
1665	break;
1666	case 24:
1667	#line 303 "../../ipsec-tools/src/setkey/parse.y"
1668	{
1669	yyval.num = SADB_X_SATYPE_IPCOMP;
1670	}
1671	break;
1672	case 25:
1673	#line 307 "../../ipsec-tools/src/setkey/parse.y"
1674	{
1675	yyval.num = SADB_SATYPE_ESP;
1676	p_ext &= ~SADB_X_EXT_OLD;
1677	p_natt_oa = 0;
1678	p_natt_type = UDP_ENCAP_ESPINUDP;
1679	}
1680	break;
1681	case 26:
1682	#line 314 "../../ipsec-tools/src/setkey/parse.y"
1683	{
1684	yyval.num = SADB_SATYPE_ESP;
1685	p_ext &= ~SADB_X_EXT_OLD;
1686	p_natt_oa = yystack.l_mark[0].res;
1687	p_natt_type = UDP_ENCAP_ESPINUDP;
1688	}
1689	break;
1690	case 27:
1691	#line 321 "../../ipsec-tools/src/setkey/parse.y"
1692	{
1693	#ifdef SADB_X_SATYPE_TCPSIGNATURE
1694	yyval.num = SADB_X_SATYPE_TCPSIGNATURE;
1695	#endif
1696	}
1697	break;
1698	case 28:
1699	#line 329 "../../ipsec-tools/src/setkey/parse.y"
1700	{ p_spi = yystack.l_mark[0].ulnum; }
1701	break;
1702	case 29:
1703	#line 331 "../../ipsec-tools/src/setkey/parse.y"
1704	{
1705	char *ep;
1706	unsigned long v;
1707
1708	ep = NULL;
1709	v = strtoul(yystack.l_mark[0].val.buf, &ep, 16);
1710	if (!ep \|\| *ep) {
1711	yyerror("invalid SPI");
1712	return -1;
1713	}
1714	if (v & ~0xffffffff) {
1715	yyerror("SPI too big.");
1716	return -1;
1717	}
1718
1719	p_spi = v;
1720	}
1721	break;
1722	case 36:
1723	#line 367 "../../ipsec-tools/src/setkey/parse.y"
1724	{
1725	if (yystack.l_mark[0].num < 0) {
1726	yyerror("unsupported algorithm");
1727	return -1;
1728	}
1729	p_alg_enc = yystack.l_mark[0].num;
1730	}
1731	break;
1732	case 37:
1733	#line 375 "../../ipsec-tools/src/setkey/parse.y"
1734	{
1735	if (yystack.l_mark[-1].num < 0) {
1736	yyerror("unsupported algorithm");
1737	return -1;
1738	}
1739	p_alg_enc = yystack.l_mark[-1].num;
1740	p_ext \|= SADB_X_EXT_RAWCPI;
1741	}
1742	break;
1743	case 38:
1744	#line 386 "../../ipsec-tools/src/setkey/parse.y"
1745	{
1746	if (yystack.l_mark[0].num < 0) {
1747	yyerror("unsupported algorithm");
1748	return -1;
1749	}
1750	p_alg_enc = yystack.l_mark[0].num;
1751
1752	p_key_enc_len = 0;
1753	p_key_enc = "";
1754	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1755	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1756	yyerror(ipsec_strerror());
1757	return -1;
1758	}
1759	}
1760	break;
1761	case 39:
1762	#line 401 "../../ipsec-tools/src/setkey/parse.y"
1763	{
1764	if (yystack.l_mark[-1].num < 0) {
1765	yyerror("unsupported algorithm");
1766	return -1;
1767	}
1768	p_alg_enc = yystack.l_mark[-1].num;
1769
1770	p_key_enc_len = yystack.l_mark[0].val.len;
1771	p_key_enc = yystack.l_mark[0].val.buf;
1772	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1773	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1774	yyerror(ipsec_strerror());
1775	return -1;
1776	}
1777	}
1778	break;
1779	case 40:
1780	#line 416 "../../ipsec-tools/src/setkey/parse.y"
1781	{
1782	if (yystack.l_mark[0].num < 0) {
1783	yyerror("unsupported algorithm");
1784	return -1;
1785	}
1786	yyerror("WARNING: obsolete algorithm");
1787	p_alg_enc = yystack.l_mark[0].num;
1788
1789	p_key_enc_len = 0;
1790	p_key_enc = "";
1791	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1792	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1793	yyerror(ipsec_strerror());
1794	return -1;
1795	}
1796	}
1797	break;
1798	case 41:
1799	#line 433 "../../ipsec-tools/src/setkey/parse.y"
1800	{
1801	if (yystack.l_mark[-1].num < 0) {
1802	yyerror("unsupported algorithm");
1803	return -1;
1804	}
1805	p_alg_enc = yystack.l_mark[-1].num;
1806	if (p_ext & SADB_X_EXT_OLD) {
1807	yyerror("algorithm mismatched");
1808	return -1;
1809	}
1810	p_ext \|= SADB_X_EXT_DERIV;
1811
1812	p_key_enc_len = yystack.l_mark[0].val.len;
1813	p_key_enc = yystack.l_mark[0].val.buf;
1814	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1815	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1816	yyerror(ipsec_strerror());
1817	return -1;
1818	}
1819	}
1820	break;
1821	case 42:
1822	#line 454 "../../ipsec-tools/src/setkey/parse.y"
1823	{
1824	if (yystack.l_mark[-1].num < 0) {
1825	yyerror("unsupported algorithm");
1826	return -1;
1827	}
1828	p_alg_enc = yystack.l_mark[-1].num;
1829	if (!(p_ext & SADB_X_EXT_OLD)) {
1830	yyerror("algorithm mismatched");
1831	return -1;
1832	}
1833	p_ext \|= SADB_X_EXT_IV4B;
1834
1835	p_key_enc_len = yystack.l_mark[0].val.len;
1836	p_key_enc = yystack.l_mark[0].val.buf;
1837	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
1838	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
1839	yyerror(ipsec_strerror());
1840	return -1;
1841	}
1842	}
1843	break;
1844	case 43:
1845	#line 477 "../../ipsec-tools/src/setkey/parse.y"
1846	{
1847	if (yystack.l_mark[-1].num < 0) {
1848	yyerror("unsupported algorithm");
1849	return -1;
1850	}
1851	p_alg_auth = yystack.l_mark[-1].num;
1852
1853	p_key_auth_len = yystack.l_mark[0].val.len;
1854	p_key_auth = yystack.l_mark[0].val.buf;
1855	#ifdef SADB_X_AALG_TCP_MD5
1856	if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
1857	if ((p_key_auth_len < 1) \|\|
1858	(p_key_auth_len > 80))
1859	return -1;
1860	} else
1861	#endif
1862	{
1863	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
1864	p_alg_auth,
1865	PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
1866	yyerror(ipsec_strerror());
1867	return -1;
1868	}
1869	}
1870	}
1871	break;
1872	case 44:
1873	#line 502 "../../ipsec-tools/src/setkey/parse.y"
1874	{
1875	if (yystack.l_mark[0].num < 0) {
1876	yyerror("unsupported algorithm");
1877	return -1;
1878	}
1879	p_alg_auth = yystack.l_mark[0].num;
1880
1881	p_key_auth_len = 0;
1882	p_key_auth = NULL;
1883	}
1884	break;
1885	case 45:
1886	#line 516 "../../ipsec-tools/src/setkey/parse.y"
1887	{
1888	yyval.val = yystack.l_mark[0].val;
1889	}
1890	break;
1891	case 46:
1892	#line 520 "../../ipsec-tools/src/setkey/parse.y"
1893	{
1894	caddr_t pp_key;
1895	caddr_t bp;
1896	caddr_t yp = yystack.l_mark[0].val.buf;
1897	int l;
1898
1899	l = strlen(yp) % 2 + strlen(yp) / 2;
1900	if ((pp_key = malloc(l)) == 0) {
1901	yyerror("not enough core");
1902	return -1;
1903	}
1904	memset(pp_key, 0, l);
1905
1906	bp = pp_key;
1907	if (strlen(yp) % 2) {
1908	*bp = ATOX(yp[0]);
1909	yp++, bp++;
1910	}
1911	while (*yp) {
1912	*bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]);
1913	yp += 2, bp++;
1914	}
1915
1916	yyval.val.len = l;
1917	yyval.val.buf = pp_key;
1918	}
1919	break;
1920	case 49:
1921	#line 554 "../../ipsec-tools/src/setkey/parse.y"
1922	{ p_ext \|= yystack.l_mark[0].num; }
1923	break;
1924	case 50:
1925	#line 555 "../../ipsec-tools/src/setkey/parse.y"
1926	{ p_ext &= ~SADB_X_EXT_CYCSEQ; }
1927	break;
1928	case 51:
1929	#line 556 "../../ipsec-tools/src/setkey/parse.y"
1930	{ p_mode = yystack.l_mark[0].num; }
1931	break;
1932	case 52:
1933	#line 557 "../../ipsec-tools/src/setkey/parse.y"
1934	{ p_mode = IPSEC_MODE_ANY; }
1935	break;
1936	case 53:
1937	#line 558 "../../ipsec-tools/src/setkey/parse.y"
1938	{ p_reqid = yystack.l_mark[0].ulnum; }
1939	break;
1940	case 54:
1941	#line 560 "../../ipsec-tools/src/setkey/parse.y"
1942	{
1943	if ((p_ext & SADB_X_EXT_OLD) != 0) {
1944	yyerror("replay prevention cannot be used with "
1945	"ah/esp-old");
1946	return -1;
1947	}
1948	p_replay = yystack.l_mark[0].ulnum;
1949	}
1950	break;
1951	case 55:
1952	#line 568 "../../ipsec-tools/src/setkey/parse.y"
1953	{ p_lt_hard = yystack.l_mark[0].ulnum; }
1954	break;
1955	case 56:
1956	#line 569 "../../ipsec-tools/src/setkey/parse.y"
1957	{ p_lt_soft = yystack.l_mark[0].ulnum; }
1958	break;
1959	case 57:
1960	#line 570 "../../ipsec-tools/src/setkey/parse.y"
1961	{ p_lb_hard = yystack.l_mark[0].ulnum; }
1962	break;
1963	case 58:
1964	#line 571 "../../ipsec-tools/src/setkey/parse.y"
1965	{ p_lb_soft = yystack.l_mark[0].ulnum; }
1966	break;
1967	case 59:
1968	#line 572 "../../ipsec-tools/src/setkey/parse.y"
1969	{
1970	sec_ctx.doi = yystack.l_mark[-2].ulnum;
1971	sec_ctx.alg = yystack.l_mark[-1].ulnum;
1972	sec_ctx.len = yystack.l_mark[0].val.len+1;
1973	sec_ctx.buf = yystack.l_mark[0].val.buf;
1974	}
1975	break;
1976	case 60:
1977	#line 585 "../../ipsec-tools/src/setkey/parse.y"
1978	{
1979	int status;
1980	struct addrinfo src, dst;
1981
1982	#ifdef HAVE_PFKEY_POLICY_PRIORITY
1983	last_msg_type = SADB_X_SPDADD;
1984	#endif
1985
1986	/* fixed port fields if ulp is icmp */
1987	if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val))
1988	return -1;
1989
1990	src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf);
1991	dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf);
1992	if (!src \|\| !dst) {
1993	/* yyerror is already called */
1994	return -1;
1995	}
1996	if (src->ai_next \|\| dst->ai_next) {
1997	yyerror("multiple address specified");
1998	freeaddrinfo(src);
1999	freeaddrinfo(dst);
2000	return -1;
2001	}
2002
2003	status = setkeymsg_spdaddr(SADB_X_SPDADD, yystack.l_mark[-4].num, &yystack.l_mark[-1].val,
2004	src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num);
2005	freeaddrinfo(src);
2006	freeaddrinfo(dst);
2007	if (status < 0)
2008	return -1;
2009	}
2010	break;
2011	case 61:
2012	#line 618 "../../ipsec-tools/src/setkey/parse.y"
2013	{
2014	int status;
2015
2016	status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
2017	yystack.l_mark[-2].val.buf, &yystack.l_mark[-1].val);
2018	if (status < 0)
2019	return -1;
2020	}
2021	break;
2022	case 62:
2023	#line 631 "../../ipsec-tools/src/setkey/parse.y"
2024	{
2025	int status;
2026	struct addrinfo src, dst;
2027
2028	#ifdef HAVE_PFKEY_POLICY_PRIORITY
2029	last_msg_type = SADB_X_SPDUPDATE;
2030	#endif
2031
2032	/* fixed port fields if ulp is icmp */
2033	if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val))
2034	return -1;
2035
2036	src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf);
2037	dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf);
2038	if (!src \|\| !dst) {
2039	/* yyerror is already called */
2040	return -1;
2041	}
2042	if (src->ai_next \|\| dst->ai_next) {
2043	yyerror("multiple address specified");
2044	freeaddrinfo(src);
2045	freeaddrinfo(dst);
2046	return -1;
2047	}
2048
2049	status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, yystack.l_mark[-4].num, &yystack.l_mark[-1].val,
2050	src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num);
2051	freeaddrinfo(src);
2052	freeaddrinfo(dst);
2053	if (status < 0)
2054	return -1;
2055	}
2056	break;
2057	case 63:
2058	#line 664 "../../ipsec-tools/src/setkey/parse.y"
2059	{
2060	int status;
2061
2062	status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
2063	yystack.l_mark[-2].val.buf, &yystack.l_mark[-1].val);
2064	if (status < 0)
2065	return -1;
2066	}
2067	break;
2068	case 64:
2069	#line 676 "../../ipsec-tools/src/setkey/parse.y"
2070	{
2071	int status;
2072	struct addrinfo src, dst;
2073
2074	/* fixed port fields if ulp is icmp */
2075	if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val))
2076	return -1;
2077
2078	src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf);
2079	dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf);
2080	if (!src \|\| !dst) {
2081	/* yyerror is already called */
2082	return -1;
2083	}
2084	if (src->ai_next \|\| dst->ai_next) {
2085	yyerror("multiple address specified");
2086	freeaddrinfo(src);
2087	freeaddrinfo(dst);
2088	return -1;
2089	}
2090
2091	status = setkeymsg_spdaddr(SADB_X_SPDDELETE, yystack.l_mark[-4].num, &yystack.l_mark[-1].val,
2092	src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num);
2093	freeaddrinfo(src);
2094	freeaddrinfo(dst);
2095	if (status < 0)
2096	return -1;
2097	}
2098	break;
2099	case 65:
2100	#line 708 "../../ipsec-tools/src/setkey/parse.y"
2101	{
2102	struct sadb_msg msg;
2103	setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
2104	sizeof(msg));
2105	sendkeymsg((char *)&msg, sizeof(msg));
2106	}
2107	break;
2108	case 66:
2109	#line 719 "../../ipsec-tools/src/setkey/parse.y"
2110	{
2111	struct sadb_msg msg;
2112	setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
2113	sizeof(msg));
2114	sendkeymsg((char *)&msg, sizeof(msg));
2115	}
2116	break;
2117	case 69:
2118	#line 734 "../../ipsec-tools/src/setkey/parse.y"
2119	{
2120	char *p;
2121
2122	for (p = yystack.l_mark[0].val.buf + 1; *p; p++)
2123	switch (*p) {
2124	case '4':
2125	p_aifamily = AF_INET;
2126	break;
2127	#ifdef INET6
2128	case '6':
2129	p_aifamily = AF_INET6;
2130	break;
2131	#endif
2132	case 'n':
2133	p_aiflags = AI_NUMERICHOST;
2134	break;
2135	default:
2136	yyerror("invalid flag");
2137	return -1;
2138	}
2139	}
2140	break;
2141	case 70:
2142	#line 759 "../../ipsec-tools/src/setkey/parse.y"
2143	{
2144	yyval.res = parse_addr(yystack.l_mark[0].val.buf, NULL);
2145	if (yyval.res == NULL) {
2146	/* yyerror already called by parse_addr */
2147	return -1;
2148	}
2149	}
2150	break;
2151	case 71:
2152	#line 770 "../../ipsec-tools/src/setkey/parse.y"
2153	{
2154	yyval.res = parse_addr(yystack.l_mark[0].val.buf, NULL);
2155	if (yyval.res == NULL) {
2156	/* yyerror already called by parse_addr */
2157	return -1;
2158	}
2159	}
2160	break;
2161	case 72:
2162	#line 778 "../../ipsec-tools/src/setkey/parse.y"
2163	{
2164	yyval.res = parse_addr(yystack.l_mark[-1].val.buf, yystack.l_mark[0].val.buf);
2165	if (yyval.res == NULL) {
2166	/* yyerror already called by parse_addr */
2167	return -1;
2168	}
2169	}
2170	break;
2171	case 73:
2172	#line 788 "../../ipsec-tools/src/setkey/parse.y"
2173	{ yyval.num = -1; }
2174	break;
2175	case 74:
2176	#line 789 "../../ipsec-tools/src/setkey/parse.y"
2177	{ yyval.num = yystack.l_mark[0].ulnum; }
2178	break;
2179	case 75:
2180	#line 794 "../../ipsec-tools/src/setkey/parse.y"
2181	{
2182	yyval.val.buf = strdup("0");
2183	if (!yyval.val.buf) {
2184	yyerror("insufficient memory");
2185	return -1;
2186	}
2187	yyval.val.len = strlen(yyval.val.buf);
2188	}
2189	break;
2190	case 76:
2191	#line 803 "../../ipsec-tools/src/setkey/parse.y"
2192	{
2193	yyval.val.buf = strdup("0");
2194	if (!yyval.val.buf) {
2195	yyerror("insufficient memory");
2196	return -1;
2197	}
2198	yyval.val.len = strlen(yyval.val.buf);
2199	}
2200	break;
2201	case 77:
2202	#line 812 "../../ipsec-tools/src/setkey/parse.y"
2203	{
2204	char buf[20];
2205	snprintf(buf, sizeof(buf), "%lu", yystack.l_mark[-1].ulnum);
2206	yyval.val.buf = strdup(buf);
2207	if (!yyval.val.buf) {
2208	yyerror("insufficient memory");
2209	return -1;
2210	}
2211	yyval.val.len = strlen(yyval.val.buf);
2212	}
2213	break;
2214	case 78:
2215	#line 823 "../../ipsec-tools/src/setkey/parse.y"
2216	{
2217	yyval.val = yystack.l_mark[-1].val;
2218	}
2219	break;
2220	case 79:
2221	#line 829 "../../ipsec-tools/src/setkey/parse.y"
2222	{ yyval.num = yystack.l_mark[0].ulnum; }
2223	break;
2224	case 80:
2225	#line 830 "../../ipsec-tools/src/setkey/parse.y"
2226	{ yyval.num = IPSEC_ULPROTO_ANY; }
2227	break;
2228	case 81:
2229	#line 831 "../../ipsec-tools/src/setkey/parse.y"
2230	{
2231	yyval.num = IPPROTO_TCP;
2232	}
2233	break;
2234	case 82:
2235	#line 835 "../../ipsec-tools/src/setkey/parse.y"
2236	{
2237	struct protoent *ent;
2238
2239	ent = getprotobyname(yystack.l_mark[0].val.buf);
2240	if (ent)
2241	yyval.num = ent->p_proto;
2242	else {
2243	if (strcmp("icmp6", yystack.l_mark[0].val.buf) == 0) {
2244	yyval.num = IPPROTO_ICMPV6;
2245	} else if(strcmp("ip4", yystack.l_mark[0].val.buf) == 0) {
2246	yyval.num = IPPROTO_IPV4;
2247	} else {
2248	yyerror("invalid upper layer protocol");
2249	return -1;
2250	}
2251	}
2252	endprotoent();
2253	}
2254	break;
2255	case 83:
2256	#line 857 "../../ipsec-tools/src/setkey/parse.y"
2257	{
2258	yyval.val.buf = NULL;
2259	yyval.val.len = 0;
2260	}
2261	break;
2262	case 84:
2263	#line 862 "../../ipsec-tools/src/setkey/parse.y"
2264	{
2265	yyval.val.buf = strdup(yystack.l_mark[0].val.buf);
2266	if (!yyval.val.buf) {
2267	yyerror("insufficient memory");
2268	return -1;
2269	}
2270	yyval.val.len = strlen(yyval.val.buf);
2271	}
2272	break;
2273	case 86:
2274	#line 874 "../../ipsec-tools/src/setkey/parse.y"
2275	{
2276	sec_ctx.doi = yystack.l_mark[-2].ulnum;
2277	sec_ctx.alg = yystack.l_mark[-1].ulnum;
2278	sec_ctx.len = yystack.l_mark[0].val.len+1;
2279	sec_ctx.buf = yystack.l_mark[0].val.buf;
2280	}
2281	break;
2282	case 87:
2283	#line 884 "../../ipsec-tools/src/setkey/parse.y"
2284	{
2285	char *policy;
2286	#ifdef HAVE_PFKEY_POLICY_PRIORITY
2287	struct sadb_x_policy *xpl;
2288	#endif
2289
2290	policy = ipsec_set_policy(yystack.l_mark[0].val.buf, yystack.l_mark[0].val.len);
2291	if (policy == NULL) {
2292	yyerror(ipsec_strerror());
2293	return -1;
2294	}
2295
2296	yyval.val.buf = policy;
2297	yyval.val.len = ipsec_get_policylen(policy);
2298
2299	#ifdef HAVE_PFKEY_POLICY_PRIORITY
2300	xpl = (struct sadb_x_policy *) yyval.val.buf;
2301	last_priority = xpl->sadb_x_policy_priority;
2302	#endif
2303	}
2304	break;
2305	case 88:
2306	#line 907 "../../ipsec-tools/src/setkey/parse.y"
2307	{ yyval.val = yystack.l_mark[0].val; }
2308	break;
2309	case 89:
2310	#line 913 "../../ipsec-tools/src/setkey/parse.y"
2311	{
2312	exit_now = 1;
2313	YYACCEPT;
2314	}
2315	break;
2316	#line 2317 "setkeyyy.tab.c"
2317	}
2318	yystack.s_mark -= yym;
2319	yystate = *yystack.s_mark;
2320	yystack.l_mark -= yym;
2321	yym = yylhs[yyn];
2322	if (yystate == 0 && yym == 0)
2323	{
2324	#if YYDEBUG
2325	if (yydebug)
2326	printf("%sdebug: after reduction, shifting from state 0 to\
2327	state %d\n", YYPREFIX, YYFINAL);
2328	#endif
2329	yystate = YYFINAL;
2330	*++yystack.s_mark = YYFINAL;
2331	*++yystack.l_mark = yyval;
2332	if (yychar < 0)
2333	{
2334	yychar = YYLEX;
2335	if (yychar < 0) yychar = YYEOF;
2336	#if YYDEBUG
2337	if (yydebug)
2338	{
2339	if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
2340	printf("%sdebug: state %d, reading %d (%s)\n",
2341	YYPREFIX, YYFINAL, yychar, yys);
2342	}
2343	#endif
2344	}
2345	if (yychar == YYEOF) goto yyaccept;
2346	goto yyloop;
2347	}
2348	if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 &&
2349	yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate)
2350	yystate = yytable[yyn];
2351	else
2352	yystate = yydgoto[yym];
2353	#if YYDEBUG
2354	if (yydebug)
2355	printf("%sdebug: after reduction, shifting from state %d \
2356	to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
2357	#endif
2358	if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
2359	*++yystack.s_mark = (YYINT) yystate;
2360	*++yystack.l_mark = yyval;
2361	goto yyloop;
2362
2363	yyoverflow:
2364	YYERROR_CALL("yacc stack overflow");
2365
2366	yyabort:
2367	yyfreestack(&yystack);
2368	return (1);
2369
2370	yyaccept:
2371	yyfreestack(&yystack);
2372	return (0);
2373	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/setkey/parse.c

Download in other formats: