1 | /* original parser id follows */ |
---|
2 | /* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ |
---|
3 | /* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ |
---|
4 | |
---|
5 | #define YYBYACC 1 |
---|
6 | #define YYMAJOR 1 |
---|
7 | #define YYMINOR 9 |
---|
8 | #define YYPATCH 20170201 |
---|
9 | |
---|
10 | #define YYEMPTY (-1) |
---|
11 | #define yyclearin (yychar = YYEMPTY) |
---|
12 | #define yyerrok (yyerrflag = 0) |
---|
13 | #define YYRECOVERING() (yyerrflag != 0) |
---|
14 | #define YYENOMEM (-2) |
---|
15 | #define YYEOF 0 |
---|
16 | |
---|
17 | #ifndef yyparse |
---|
18 | #define yyparse setkeyyyparse |
---|
19 | #endif /* yyparse */ |
---|
20 | |
---|
21 | #ifndef yylex |
---|
22 | #define yylex setkeyyylex |
---|
23 | #endif /* yylex */ |
---|
24 | |
---|
25 | #ifndef yyerror |
---|
26 | #define yyerror setkeyyyerror |
---|
27 | #endif /* yyerror */ |
---|
28 | |
---|
29 | #ifndef yychar |
---|
30 | #define yychar setkeyyychar |
---|
31 | #endif /* yychar */ |
---|
32 | |
---|
33 | #ifndef yyval |
---|
34 | #define yyval setkeyyyval |
---|
35 | #endif /* yyval */ |
---|
36 | |
---|
37 | #ifndef yylval |
---|
38 | #define yylval setkeyyylval |
---|
39 | #endif /* yylval */ |
---|
40 | |
---|
41 | #ifndef yydebug |
---|
42 | #define yydebug setkeyyydebug |
---|
43 | #endif /* yydebug */ |
---|
44 | |
---|
45 | #ifndef yynerrs |
---|
46 | #define yynerrs setkeyyynerrs |
---|
47 | #endif /* yynerrs */ |
---|
48 | |
---|
49 | #ifndef yyerrflag |
---|
50 | #define yyerrflag setkeyyyerrflag |
---|
51 | #endif /* yyerrflag */ |
---|
52 | |
---|
53 | #ifndef yylhs |
---|
54 | #define yylhs setkeyyylhs |
---|
55 | #endif /* yylhs */ |
---|
56 | |
---|
57 | #ifndef yylen |
---|
58 | #define yylen setkeyyylen |
---|
59 | #endif /* yylen */ |
---|
60 | |
---|
61 | #ifndef yydefred |
---|
62 | #define yydefred setkeyyydefred |
---|
63 | #endif /* yydefred */ |
---|
64 | |
---|
65 | #ifndef yydgoto |
---|
66 | #define yydgoto setkeyyydgoto |
---|
67 | #endif /* yydgoto */ |
---|
68 | |
---|
69 | #ifndef yysindex |
---|
70 | #define yysindex setkeyyysindex |
---|
71 | #endif /* yysindex */ |
---|
72 | |
---|
73 | #ifndef yyrindex |
---|
74 | #define yyrindex setkeyyyrindex |
---|
75 | #endif /* yyrindex */ |
---|
76 | |
---|
77 | #ifndef yygindex |
---|
78 | #define yygindex setkeyyygindex |
---|
79 | #endif /* yygindex */ |
---|
80 | |
---|
81 | #ifndef yytable |
---|
82 | #define yytable setkeyyytable |
---|
83 | #endif /* yytable */ |
---|
84 | |
---|
85 | #ifndef yycheck |
---|
86 | #define yycheck setkeyyycheck |
---|
87 | #endif /* yycheck */ |
---|
88 | |
---|
89 | #ifndef yyname |
---|
90 | #define yyname setkeyyyname |
---|
91 | #endif /* yyname */ |
---|
92 | |
---|
93 | #ifndef yyrule |
---|
94 | #define yyrule setkeyyyrule |
---|
95 | #endif /* yyrule */ |
---|
96 | #define YYPREFIX "setkeyyy" |
---|
97 | |
---|
98 | #define YYPURE 0 |
---|
99 | |
---|
100 | #line 35 "../../ipsec-tools/src/setkey/parse.y" |
---|
101 | #ifdef HAVE_CONFIG_H |
---|
102 | #include "config.h" |
---|
103 | #endif |
---|
104 | |
---|
105 | #include <sys/types.h> |
---|
106 | #include <sys/param.h> |
---|
107 | #include <sys/socket.h> |
---|
108 | |
---|
109 | #include <netinet/in.h> |
---|
110 | #include <net/pfkeyv2.h> |
---|
111 | #include PATH_IPSEC_H |
---|
112 | #include <arpa/inet.h> |
---|
113 | |
---|
114 | #include <string.h> |
---|
115 | #include <unistd.h> |
---|
116 | #include <stdio.h> |
---|
117 | #include <netdb.h> |
---|
118 | #include <ctype.h> |
---|
119 | #include <errno.h> |
---|
120 | #include <stdlib.h> |
---|
121 | |
---|
122 | #include "libpfkey.h" |
---|
123 | #include "vchar.h" |
---|
124 | #include "extern.h" |
---|
125 | |
---|
126 | #define DEFAULT_NATT_PORT 4500 |
---|
127 | |
---|
128 | #ifndef UDP_ENCAP_ESPINUDP |
---|
129 | #define UDP_ENCAP_ESPINUDP 2 |
---|
130 | #endif |
---|
131 | |
---|
132 | #define ATOX(c) \ |
---|
133 | (isdigit((int)c) ? (c - '0') : \ |
---|
134 | (isupper((int)c) ? (c - 'A' + 10) : (c - 'a' + 10))) |
---|
135 | |
---|
136 | #ifndef __rtems__ |
---|
137 | u_int32_t p_spi; |
---|
138 | u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; |
---|
139 | u_int32_t p_reqid; |
---|
140 | u_int p_key_enc_len, p_key_auth_len; |
---|
141 | const char *p_key_enc; |
---|
142 | const char *p_key_auth; |
---|
143 | time_t p_lt_hard, p_lt_soft; |
---|
144 | size_t p_lb_hard, p_lb_soft; |
---|
145 | #else /* __rtems__ */ |
---|
146 | static u_int32_t p_spi; |
---|
147 | static u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; |
---|
148 | static u_int32_t p_reqid; |
---|
149 | static u_int p_key_enc_len, p_key_auth_len; |
---|
150 | static const char *p_key_enc; |
---|
151 | static const char *p_key_auth; |
---|
152 | static time_t p_lt_hard, p_lt_soft; |
---|
153 | static size_t p_lb_hard, p_lb_soft; |
---|
154 | #endif /* __rtems__ */ |
---|
155 | |
---|
156 | struct security_ctx { |
---|
157 | u_int8_t doi; |
---|
158 | u_int8_t alg; |
---|
159 | u_int16_t len; |
---|
160 | char *buf; |
---|
161 | }; |
---|
162 | |
---|
163 | static struct security_ctx sec_ctx; |
---|
164 | |
---|
165 | static u_int p_natt_type; |
---|
166 | static struct addrinfo * p_natt_oa = NULL; |
---|
167 | |
---|
168 | static int p_aiflags = 0, p_aifamily = PF_UNSPEC; |
---|
169 | |
---|
170 | static struct addrinfo *parse_addr __P((char *, char *)); |
---|
171 | static int fix_portstr __P((int, vchar_t *, vchar_t *, vchar_t *)); |
---|
172 | static int setvarbuf __P((char *, int *, struct sadb_ext *, int, |
---|
173 | const void *, int)); |
---|
174 | void parse_init __P((void)); |
---|
175 | void free_buffer __P((void)); |
---|
176 | |
---|
177 | int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t)); |
---|
178 | static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *, |
---|
179 | struct addrinfo *, int, struct addrinfo *, int)); |
---|
180 | static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *)); |
---|
181 | static int setkeymsg_addr __P((unsigned int, unsigned int, |
---|
182 | struct addrinfo *, struct addrinfo *, int)); |
---|
183 | static int setkeymsg_add __P((unsigned int, unsigned int, |
---|
184 | struct addrinfo *, struct addrinfo *)); |
---|
185 | #ifdef YYSTYPE |
---|
186 | #undef YYSTYPE_IS_DECLARED |
---|
187 | #define YYSTYPE_IS_DECLARED 1 |
---|
188 | #endif |
---|
189 | #ifndef YYSTYPE_IS_DECLARED |
---|
190 | #define YYSTYPE_IS_DECLARED 1 |
---|
191 | #line 121 "../../ipsec-tools/src/setkey/parse.y" |
---|
192 | typedef union { |
---|
193 | int num; |
---|
194 | unsigned long ulnum; |
---|
195 | vchar_t val; |
---|
196 | struct addrinfo *res; |
---|
197 | } YYSTYPE; |
---|
198 | #endif /* !YYSTYPE_IS_DECLARED */ |
---|
199 | #line 200 "setkeyyy.tab.c" |
---|
200 | |
---|
201 | /* compatibility with bison */ |
---|
202 | #ifdef YYPARSE_PARAM |
---|
203 | /* compatibility with FreeBSD */ |
---|
204 | # ifdef YYPARSE_PARAM_TYPE |
---|
205 | # define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) |
---|
206 | # else |
---|
207 | # define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) |
---|
208 | # endif |
---|
209 | #else |
---|
210 | # define YYPARSE_DECL() yyparse(void) |
---|
211 | #endif |
---|
212 | |
---|
213 | /* Parameters sent to lex. */ |
---|
214 | #ifdef YYLEX_PARAM |
---|
215 | # define YYLEX_DECL() yylex(void *YYLEX_PARAM) |
---|
216 | # define YYLEX yylex(YYLEX_PARAM) |
---|
217 | #else |
---|
218 | # define YYLEX_DECL() yylex(void) |
---|
219 | # define YYLEX yylex() |
---|
220 | #endif |
---|
221 | |
---|
222 | /* Parameters sent to yyerror. */ |
---|
223 | #ifndef YYERROR_DECL |
---|
224 | #define YYERROR_DECL() yyerror(const char *s) |
---|
225 | #endif |
---|
226 | #ifndef YYERROR_CALL |
---|
227 | #define YYERROR_CALL(msg) yyerror(msg) |
---|
228 | #endif |
---|
229 | |
---|
230 | extern int YYPARSE_DECL(); |
---|
231 | |
---|
232 | #define EOT 257 |
---|
233 | #define SLASH 258 |
---|
234 | #define BLCL 259 |
---|
235 | #define ELCL 260 |
---|
236 | #define ADD 261 |
---|
237 | #define GET 262 |
---|
238 | #define DELETE 263 |
---|
239 | #define DELETEALL 264 |
---|
240 | #define FLUSH 265 |
---|
241 | #define DUMP 266 |
---|
242 | #define EXIT 267 |
---|
243 | #define PR_ESP 268 |
---|
244 | #define PR_AH 269 |
---|
245 | #define PR_IPCOMP 270 |
---|
246 | #define PR_ESPUDP 271 |
---|
247 | #define PR_TCP 272 |
---|
248 | #define F_PROTOCOL 273 |
---|
249 | #define F_AUTH 274 |
---|
250 | #define F_ENC 275 |
---|
251 | #define F_REPLAY 276 |
---|
252 | #define F_COMP 277 |
---|
253 | #define F_RAWCPI 278 |
---|
254 | #define F_MODE 279 |
---|
255 | #define MODE 280 |
---|
256 | #define F_REQID 281 |
---|
257 | #define F_EXT 282 |
---|
258 | #define EXTENSION 283 |
---|
259 | #define NOCYCLICSEQ 284 |
---|
260 | #define ALG_AUTH 285 |
---|
261 | #define ALG_AUTH_NOKEY 286 |
---|
262 | #define ALG_ENC 287 |
---|
263 | #define ALG_ENC_NOKEY 288 |
---|
264 | #define ALG_ENC_DESDERIV 289 |
---|
265 | #define ALG_ENC_DES32IV 290 |
---|
266 | #define ALG_ENC_OLD 291 |
---|
267 | #define ALG_COMP 292 |
---|
268 | #define F_LIFETIME_HARD 293 |
---|
269 | #define F_LIFETIME_SOFT 294 |
---|
270 | #define F_LIFEBYTE_HARD 295 |
---|
271 | #define F_LIFEBYTE_SOFT 296 |
---|
272 | #define DECSTRING 297 |
---|
273 | #define QUOTEDSTRING 298 |
---|
274 | #define HEXSTRING 299 |
---|
275 | #define STRING 300 |
---|
276 | #define ANY 301 |
---|
277 | #define SPDADD 302 |
---|
278 | #define SPDUPDATE 303 |
---|
279 | #define SPDDELETE 304 |
---|
280 | #define SPDDUMP 305 |
---|
281 | #define SPDFLUSH 306 |
---|
282 | #define F_POLICY 307 |
---|
283 | #define PL_REQUESTS 308 |
---|
284 | #define F_AIFLAGS 309 |
---|
285 | #define TAGGED 310 |
---|
286 | #define SECURITY_CTX 311 |
---|
287 | #define YYERRCODE 256 |
---|
288 | typedef int YYINT; |
---|
289 | static const YYINT setkeyyylhs[] = { -1, |
---|
290 | 0, 0, 11, 11, 11, 11, 11, 11, 11, 11, |
---|
291 | 11, 11, 11, 11, 12, 14, 15, 13, 16, 17, |
---|
292 | 2, 2, 2, 2, 2, 2, 2, 25, 25, 27, |
---|
293 | 27, 27, 28, 28, 29, 30, 30, 31, 31, 31, |
---|
294 | 31, 31, 32, 32, 5, 5, 26, 26, 33, 33, |
---|
295 | 33, 33, 33, 33, 33, 33, 33, 33, 33, 19, |
---|
296 | 19, 20, 20, 21, 22, 23, 24, 24, 35, 9, |
---|
297 | 10, 10, 1, 1, 4, 4, 4, 4, 3, 3, |
---|
298 | 3, 3, 7, 7, 34, 34, 8, 6, 18, |
---|
299 | }; |
---|
300 | static const YYINT setkeyyylen[] = { 2, |
---|
301 | 0, 2, 1, 1, 1, 1, 1, 1, 1, 1, |
---|
302 | 1, 1, 1, 1, 9, 8, 6, 8, 3, 3, |
---|
303 | 0, 1, 1, 1, 1, 2, 1, 1, 1, 1, |
---|
304 | 1, 1, 4, 2, 2, 2, 3, 1, 2, 1, |
---|
305 | 2, 2, 2, 1, 1, 1, 0, 2, 2, 2, |
---|
306 | 2, 2, 2, 2, 2, 2, 2, 2, 4, 13, |
---|
307 | 5, 13, 5, 13, 2, 2, 0, 2, 1, 1, |
---|
308 | 1, 2, 0, 2, 0, 3, 3, 3, 1, 1, |
---|
309 | 1, 1, 0, 1, 0, 4, 2, 1, 2, |
---|
310 | }; |
---|
311 | static const YYINT setkeyyydefred[] = { 1, |
---|
312 | 0, 67, 67, 67, 67, 0, 0, 0, 0, 0, |
---|
313 | 67, 0, 0, 2, 3, 4, 5, 6, 7, 8, |
---|
314 | 9, 10, 11, 12, 13, 14, 0, 0, 0, 0, |
---|
315 | 22, 23, 24, 0, 27, 0, 0, 89, 0, 0, |
---|
316 | 0, 0, 0, 65, 66, 0, 69, 0, 68, 0, |
---|
317 | 0, 70, 0, 26, 19, 20, 0, 0, 0, 0, |
---|
318 | 0, 0, 72, 0, 0, 0, 0, 0, 0, 0, |
---|
319 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
320 | 0, 88, 87, 61, 74, 0, 63, 0, 0, 77, |
---|
321 | 78, 76, 28, 29, 47, 47, 47, 17, 0, 0, |
---|
322 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
323 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
324 | 30, 31, 32, 48, 18, 16, 0, 0, 0, 0, |
---|
325 | 44, 35, 0, 38, 0, 0, 40, 0, 54, 0, |
---|
326 | 51, 52, 53, 49, 50, 55, 56, 57, 58, 0, |
---|
327 | 15, 81, 79, 82, 80, 0, 0, 0, 45, 46, |
---|
328 | 43, 39, 41, 42, 0, 37, 0, 84, 0, 0, |
---|
329 | 0, 33, 59, 0, 0, 0, 0, 0, 0, 0, |
---|
330 | 0, 0, 60, 62, 64, 86, |
---|
331 | }; |
---|
332 | static const YYINT setkeyyydgoto[] = { 1, |
---|
333 | 71, 36, 156, 63, 161, 83, 169, 69, 53, 48, |
---|
334 | 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, |
---|
335 | 24, 25, 26, 27, 95, 102, 120, 121, 122, 123, |
---|
336 | 138, 132, 124, 175, 49, |
---|
337 | }; |
---|
338 | static const YYINT setkeyyysindex[] = { 0, |
---|
339 | -251, 0, 0, 0, 0, -128, -128, -250, -267, -253, |
---|
340 | 0, -227, -169, 0, 0, 0, 0, 0, 0, 0, |
---|
341 | 0, 0, 0, 0, 0, 0, -292, -292, -292, -277, |
---|
342 | 0, 0, 0, -187, 0, -129, -122, 0, -233, -214, |
---|
343 | -133, -185, -180, 0, 0, -103, 0, -134, 0, -134, |
---|
344 | -134, 0, -187, 0, 0, 0, -140, -90, -140, -90, |
---|
345 | -90, -147, 0, -128, -128, -128, -128, -139, -87, -126, |
---|
346 | -103, -85, -103, -103, -86, -84, -83, -210, -210, -210, |
---|
347 | -82, 0, 0, 0, 0, -127, 0, -121, -120, 0, |
---|
348 | 0, 0, 0, 0, 0, 0, 0, 0, -90, -90, |
---|
349 | -90, -197, -255, -248, -103, -103, -103, -280, -142, -119, |
---|
350 | -111, -276, -115, -264, -114, -113, -112, -110, -109, -71, |
---|
351 | 0, 0, 0, 0, 0, 0, -191, -191, -191, -249, |
---|
352 | 0, 0, -249, 0, -249, -249, 0, -81, 0, -89, |
---|
353 | 0, 0, 0, 0, 0, 0, 0, 0, 0, -107, |
---|
354 | 0, 0, 0, 0, 0, -108, -108, -108, 0, 0, |
---|
355 | 0, 0, 0, 0, -280, 0, -104, 0, -116, -116, |
---|
356 | -116, 0, 0, -106, -140, -140, -140, -101, -60, -58, |
---|
357 | -57, -100, 0, 0, 0, 0, |
---|
358 | }; |
---|
359 | static const YYINT setkeyyyrindex[] = { 0, |
---|
360 | 0, 0, 0, 0, 0, -55, -55, 0, -173, -173, |
---|
361 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
362 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
363 | 0, 0, 0, -235, 0, 0, 0, 0, 0, 0, |
---|
364 | 0, 0, 0, 0, 0, -178, 0, 0, 0, 0, |
---|
365 | 0, 0, 0, 0, 0, 0, 0, -256, 0, -256, |
---|
366 | -256, 0, 0, -192, -192, -192, -55, 0, 0, 0, |
---|
367 | -99, 0, -99, -99, 0, 0, 0, 0, 0, 0, |
---|
368 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
369 | 0, 0, 0, 0, 0, 0, 0, 0, -230, -230, |
---|
370 | -230, 0, 0, 0, -189, -189, -189, 0, 0, 0, |
---|
371 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
372 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
373 | 0, 0, 0, 0, 0, 0, 0, -54, 0, -53, |
---|
374 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
375 | 0, 0, 0, 0, 0, -177, -177, -177, 0, 0, |
---|
376 | 0, 0, 0, 0, 0, 0, 0, 0, -102, -102, |
---|
377 | -102, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
378 | 0, 0, 0, 0, 0, 0, |
---|
379 | }; |
---|
380 | static const YYINT setkeyyygindex[] = { 0, |
---|
381 | -25, -6, -56, -5, 22, 0, 2, -59, -16, 75, |
---|
382 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
383 | 0, 0, 0, 128, 72, 65, 0, 0, 0, 0, |
---|
384 | 0, 41, 0, -7, 0, |
---|
385 | }; |
---|
386 | #define YYTABLESIZE 206 |
---|
387 | static const YYINT setkeyyytable[] = { 72, |
---|
388 | 37, 125, 73, 141, 130, 131, 38, 46, 126, 2, |
---|
389 | 3, 4, 5, 6, 7, 8, 47, 54, 144, 145, |
---|
390 | 110, 25, 52, 112, 142, 113, 114, 110, 73, 44, |
---|
391 | 112, 47, 113, 114, 73, 74, 67, 115, 116, 117, |
---|
392 | 118, 73, 39, 73, 115, 116, 117, 118, 159, 160, |
---|
393 | 9, 10, 11, 12, 13, 119, 41, 78, 79, 80, |
---|
394 | 81, 25, 119, 25, 57, 86, 73, 88, 89, 73, |
---|
395 | 73, 157, 158, 105, 106, 107, 108, 109, 110, 111, |
---|
396 | 152, 112, 75, 113, 114, 58, 93, 45, 94, 71, |
---|
397 | 71, 71, 71, 71, 47, 115, 116, 117, 118, 127, |
---|
398 | 128, 129, 50, 51, 21, 153, 21, 75, 154, 155, |
---|
399 | 75, 75, 52, 119, 60, 179, 180, 181, 71, 61, |
---|
400 | 71, 71, 64, 47, 65, 66, 67, 55, 47, 83, |
---|
401 | 28, 29, 30, 83, 56, 67, 40, 42, 43, 31, |
---|
402 | 32, 33, 34, 35, 133, 134, 135, 136, 137, 75, |
---|
403 | 96, 97, 76, 77, 162, 62, 163, 164, 170, 171, |
---|
404 | 103, 104, 176, 177, 59, 46, 68, 70, 82, 84, |
---|
405 | 85, 87, 99, 90, 98, 91, 92, 139, 100, 101, |
---|
406 | 140, 143, 146, 147, 148, 151, 149, 150, 166, 167, |
---|
407 | 178, 168, 165, 173, 174, 182, 183, 186, 184, 185, |
---|
408 | 75, 21, 34, 36, 85, 172, |
---|
409 | }; |
---|
410 | static const YYINT setkeyyycheck[] = { 59, |
---|
411 | 7, 257, 259, 280, 285, 286, 257, 300, 257, 261, |
---|
412 | 262, 263, 264, 265, 266, 267, 309, 34, 283, 284, |
---|
413 | 276, 257, 300, 279, 301, 281, 282, 276, 259, 257, |
---|
414 | 279, 309, 281, 282, 60, 61, 53, 293, 294, 295, |
---|
415 | 296, 272, 310, 300, 293, 294, 295, 296, 298, 299, |
---|
416 | 302, 303, 304, 305, 306, 311, 310, 64, 65, 66, |
---|
417 | 67, 297, 311, 299, 298, 71, 297, 73, 74, 300, |
---|
418 | 301, 128, 129, 99, 100, 101, 274, 275, 276, 277, |
---|
419 | 272, 279, 272, 281, 282, 300, 297, 257, 299, 268, |
---|
420 | 269, 270, 271, 272, 309, 293, 294, 295, 296, 105, |
---|
421 | 106, 107, 28, 29, 297, 297, 299, 297, 300, 301, |
---|
422 | 300, 301, 300, 311, 300, 175, 176, 177, 297, 300, |
---|
423 | 299, 300, 48, 309, 50, 51, 300, 257, 309, 307, |
---|
424 | 3, 4, 5, 311, 257, 309, 9, 10, 11, 268, |
---|
425 | 269, 270, 271, 272, 287, 288, 289, 290, 291, 297, |
---|
426 | 79, 80, 300, 301, 133, 259, 135, 136, 157, 158, |
---|
427 | 96, 97, 170, 171, 298, 300, 307, 258, 308, 257, |
---|
428 | 297, 257, 300, 260, 257, 260, 260, 297, 300, 300, |
---|
429 | 292, 297, 297, 297, 297, 257, 297, 297, 278, 297, |
---|
430 | 297, 300, 274, 298, 311, 297, 257, 298, 257, 257, |
---|
431 | 300, 257, 257, 257, 307, 165, |
---|
432 | }; |
---|
433 | #define YYFINAL 1 |
---|
434 | #ifndef YYDEBUG |
---|
435 | #define YYDEBUG 0 |
---|
436 | #endif |
---|
437 | #define YYMAXTOKEN 311 |
---|
438 | #define YYUNDFTOKEN 349 |
---|
439 | #define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) |
---|
440 | #if YYDEBUG |
---|
441 | static const char *const setkeyyyname[] = { |
---|
442 | |
---|
443 | "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
444 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
445 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
446 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
447 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
448 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
449 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"EOT","SLASH","BLCL","ELCL","ADD", |
---|
450 | "GET","DELETE","DELETEALL","FLUSH","DUMP","EXIT","PR_ESP","PR_AH","PR_IPCOMP", |
---|
451 | "PR_ESPUDP","PR_TCP","F_PROTOCOL","F_AUTH","F_ENC","F_REPLAY","F_COMP", |
---|
452 | "F_RAWCPI","F_MODE","MODE","F_REQID","F_EXT","EXTENSION","NOCYCLICSEQ", |
---|
453 | "ALG_AUTH","ALG_AUTH_NOKEY","ALG_ENC","ALG_ENC_NOKEY","ALG_ENC_DESDERIV", |
---|
454 | "ALG_ENC_DES32IV","ALG_ENC_OLD","ALG_COMP","F_LIFETIME_HARD","F_LIFETIME_SOFT", |
---|
455 | "F_LIFEBYTE_HARD","F_LIFEBYTE_SOFT","DECSTRING","QUOTEDSTRING","HEXSTRING", |
---|
456 | "STRING","ANY","SPDADD","SPDUPDATE","SPDDELETE","SPDDUMP","SPDFLUSH","F_POLICY", |
---|
457 | "PL_REQUESTS","F_AIFLAGS","TAGGED","SECURITY_CTX",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
458 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol", |
---|
459 | }; |
---|
460 | static const char *const setkeyyyrule[] = { |
---|
461 | "$accept : commands", |
---|
462 | "commands :", |
---|
463 | "commands : commands command", |
---|
464 | "command : add_command", |
---|
465 | "command : get_command", |
---|
466 | "command : delete_command", |
---|
467 | "command : deleteall_command", |
---|
468 | "command : flush_command", |
---|
469 | "command : dump_command", |
---|
470 | "command : exit_command", |
---|
471 | "command : spdadd_command", |
---|
472 | "command : spdupdate_command", |
---|
473 | "command : spddelete_command", |
---|
474 | "command : spddump_command", |
---|
475 | "command : spdflush_command", |
---|
476 | "add_command : ADD ipaddropts ipandport ipandport protocol_spec spi extension_spec algorithm_spec EOT", |
---|
477 | "delete_command : DELETE ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT", |
---|
478 | "deleteall_command : DELETEALL ipaddropts ipaddr ipaddr protocol_spec EOT", |
---|
479 | "get_command : GET ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT", |
---|
480 | "flush_command : FLUSH protocol_spec EOT", |
---|
481 | "dump_command : DUMP protocol_spec EOT", |
---|
482 | "protocol_spec :", |
---|
483 | "protocol_spec : PR_ESP", |
---|
484 | "protocol_spec : PR_AH", |
---|
485 | "protocol_spec : PR_IPCOMP", |
---|
486 | "protocol_spec : PR_ESPUDP", |
---|
487 | "protocol_spec : PR_ESPUDP ipaddr", |
---|
488 | "protocol_spec : PR_TCP", |
---|
489 | "spi : DECSTRING", |
---|
490 | "spi : HEXSTRING", |
---|
491 | "algorithm_spec : esp_spec", |
---|
492 | "algorithm_spec : ah_spec", |
---|
493 | "algorithm_spec : ipcomp_spec", |
---|
494 | "esp_spec : F_ENC enc_alg F_AUTH auth_alg", |
---|
495 | "esp_spec : F_ENC enc_alg", |
---|
496 | "ah_spec : F_AUTH auth_alg", |
---|
497 | "ipcomp_spec : F_COMP ALG_COMP", |
---|
498 | "ipcomp_spec : F_COMP ALG_COMP F_RAWCPI", |
---|
499 | "enc_alg : ALG_ENC_NOKEY", |
---|
500 | "enc_alg : ALG_ENC key_string", |
---|
501 | "enc_alg : ALG_ENC_OLD", |
---|
502 | "enc_alg : ALG_ENC_DESDERIV key_string", |
---|
503 | "enc_alg : ALG_ENC_DES32IV key_string", |
---|
504 | "auth_alg : ALG_AUTH key_string", |
---|
505 | "auth_alg : ALG_AUTH_NOKEY", |
---|
506 | "key_string : QUOTEDSTRING", |
---|
507 | "key_string : HEXSTRING", |
---|
508 | "extension_spec :", |
---|
509 | "extension_spec : extension_spec extension", |
---|
510 | "extension : F_EXT EXTENSION", |
---|
511 | "extension : F_EXT NOCYCLICSEQ", |
---|
512 | "extension : F_MODE MODE", |
---|
513 | "extension : F_MODE ANY", |
---|
514 | "extension : F_REQID DECSTRING", |
---|
515 | "extension : F_REPLAY DECSTRING", |
---|
516 | "extension : F_LIFETIME_HARD DECSTRING", |
---|
517 | "extension : F_LIFETIME_SOFT DECSTRING", |
---|
518 | "extension : F_LIFEBYTE_HARD DECSTRING", |
---|
519 | "extension : F_LIFEBYTE_SOFT DECSTRING", |
---|
520 | "extension : SECURITY_CTX DECSTRING DECSTRING QUOTEDSTRING", |
---|
521 | "spdadd_command : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT", |
---|
522 | "spdadd_command : SPDADD TAGGED QUOTEDSTRING policy_spec EOT", |
---|
523 | "spdupdate_command : SPDUPDATE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT", |
---|
524 | "spdupdate_command : SPDUPDATE TAGGED QUOTEDSTRING policy_spec EOT", |
---|
525 | "spddelete_command : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec context_spec policy_spec EOT", |
---|
526 | "spddump_command : SPDDUMP EOT", |
---|
527 | "spdflush_command : SPDFLUSH EOT", |
---|
528 | "ipaddropts :", |
---|
529 | "ipaddropts : ipaddropts ipaddropt", |
---|
530 | "ipaddropt : F_AIFLAGS", |
---|
531 | "ipaddr : STRING", |
---|
532 | "ipandport : STRING", |
---|
533 | "ipandport : STRING portstr", |
---|
534 | "prefix :", |
---|
535 | "prefix : SLASH DECSTRING", |
---|
536 | "portstr :", |
---|
537 | "portstr : BLCL ANY ELCL", |
---|
538 | "portstr : BLCL DECSTRING ELCL", |
---|
539 | "portstr : BLCL STRING ELCL", |
---|
540 | "upper_spec : DECSTRING", |
---|
541 | "upper_spec : ANY", |
---|
542 | "upper_spec : PR_TCP", |
---|
543 | "upper_spec : STRING", |
---|
544 | "upper_misc_spec :", |
---|
545 | "upper_misc_spec : STRING", |
---|
546 | "context_spec :", |
---|
547 | "context_spec : SECURITY_CTX DECSTRING DECSTRING QUOTEDSTRING", |
---|
548 | "policy_spec : F_POLICY policy_requests", |
---|
549 | "policy_requests : PL_REQUESTS", |
---|
550 | "exit_command : EXIT EOT", |
---|
551 | |
---|
552 | }; |
---|
553 | #endif |
---|
554 | |
---|
555 | int yydebug; |
---|
556 | int yynerrs; |
---|
557 | |
---|
558 | int yyerrflag; |
---|
559 | int yychar; |
---|
560 | YYSTYPE yyval; |
---|
561 | YYSTYPE yylval; |
---|
562 | |
---|
563 | /* define the initial stack-sizes */ |
---|
564 | #ifdef YYSTACKSIZE |
---|
565 | #undef YYMAXDEPTH |
---|
566 | #define YYMAXDEPTH YYSTACKSIZE |
---|
567 | #else |
---|
568 | #ifdef YYMAXDEPTH |
---|
569 | #define YYSTACKSIZE YYMAXDEPTH |
---|
570 | #else |
---|
571 | #define YYSTACKSIZE 10000 |
---|
572 | #define YYMAXDEPTH 10000 |
---|
573 | #endif |
---|
574 | #endif |
---|
575 | |
---|
576 | #define YYINITSTACKSIZE 200 |
---|
577 | |
---|
578 | typedef struct { |
---|
579 | unsigned stacksize; |
---|
580 | YYINT *s_base; |
---|
581 | YYINT *s_mark; |
---|
582 | YYINT *s_last; |
---|
583 | YYSTYPE *l_base; |
---|
584 | YYSTYPE *l_mark; |
---|
585 | } YYSTACKDATA; |
---|
586 | /* variables for the parser stack */ |
---|
587 | static YYSTACKDATA yystack; |
---|
588 | #line 919 "../../ipsec-tools/src/setkey/parse.y" |
---|
589 | |
---|
590 | int |
---|
591 | setkeymsg0(msg, type, satype, l) |
---|
592 | struct sadb_msg *msg; |
---|
593 | unsigned int type; |
---|
594 | unsigned int satype; |
---|
595 | size_t l; |
---|
596 | { |
---|
597 | |
---|
598 | msg->sadb_msg_version = PF_KEY_V2; |
---|
599 | msg->sadb_msg_type = type; |
---|
600 | msg->sadb_msg_errno = 0; |
---|
601 | msg->sadb_msg_satype = satype; |
---|
602 | msg->sadb_msg_reserved = 0; |
---|
603 | msg->sadb_msg_seq = 0; |
---|
604 | msg->sadb_msg_pid = getpid(); |
---|
605 | msg->sadb_msg_len = PFKEY_UNIT64(l); |
---|
606 | return 0; |
---|
607 | } |
---|
608 | |
---|
609 | /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ |
---|
610 | static int |
---|
611 | setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen) |
---|
612 | unsigned int type; |
---|
613 | unsigned int upper; |
---|
614 | vchar_t *policy; |
---|
615 | struct addrinfo *srcs; |
---|
616 | int splen; |
---|
617 | struct addrinfo *dsts; |
---|
618 | int dplen; |
---|
619 | { |
---|
620 | struct sadb_msg *msg; |
---|
621 | char buf[BUFSIZ]; |
---|
622 | int l, l0; |
---|
623 | struct sadb_address m_addr; |
---|
624 | struct addrinfo *s, *d; |
---|
625 | int n; |
---|
626 | int plen; |
---|
627 | struct sockaddr *sa; |
---|
628 | int salen; |
---|
629 | struct sadb_x_policy *sp; |
---|
630 | #ifdef HAVE_POLICY_FWD |
---|
631 | struct sadb_x_ipsecrequest *ps = NULL; |
---|
632 | int saved_level, saved_id = 0; |
---|
633 | #endif |
---|
634 | |
---|
635 | msg = (struct sadb_msg *)buf; |
---|
636 | |
---|
637 | if (!srcs || !dsts) |
---|
638 | return -1; |
---|
639 | |
---|
640 | /* fix up length afterwards */ |
---|
641 | setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0); |
---|
642 | l = sizeof(struct sadb_msg); |
---|
643 | |
---|
644 | sp = (struct sadb_x_policy*) (buf + l); |
---|
645 | memcpy(buf + l, policy->buf, policy->len); |
---|
646 | l += policy->len; |
---|
647 | |
---|
648 | l0 = l; |
---|
649 | n = 0; |
---|
650 | |
---|
651 | /* do it for all src/dst pairs */ |
---|
652 | for (s = srcs; s; s = s->ai_next) { |
---|
653 | for (d = dsts; d; d = d->ai_next) { |
---|
654 | /* rewind pointer */ |
---|
655 | l = l0; |
---|
656 | |
---|
657 | if (s->ai_addr->sa_family != d->ai_addr->sa_family) |
---|
658 | continue; |
---|
659 | switch (s->ai_addr->sa_family) { |
---|
660 | case AF_INET: |
---|
661 | plen = sizeof(struct in_addr) << 3; |
---|
662 | break; |
---|
663 | #ifdef INET6 |
---|
664 | case AF_INET6: |
---|
665 | plen = sizeof(struct in6_addr) << 3; |
---|
666 | break; |
---|
667 | #endif |
---|
668 | default: |
---|
669 | continue; |
---|
670 | } |
---|
671 | |
---|
672 | /* set src */ |
---|
673 | sa = s->ai_addr; |
---|
674 | salen = sysdep_sa_len(s->ai_addr); |
---|
675 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
676 | PFKEY_ALIGN8(salen)); |
---|
677 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
---|
678 | m_addr.sadb_address_proto = upper; |
---|
679 | m_addr.sadb_address_prefixlen = |
---|
680 | (splen >= 0 ? splen : plen); |
---|
681 | m_addr.sadb_address_reserved = 0; |
---|
682 | |
---|
683 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
684 | sizeof(m_addr), (caddr_t)sa, salen); |
---|
685 | |
---|
686 | /* set dst */ |
---|
687 | sa = d->ai_addr; |
---|
688 | salen = sysdep_sa_len(d->ai_addr); |
---|
689 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
690 | PFKEY_ALIGN8(salen)); |
---|
691 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
---|
692 | m_addr.sadb_address_proto = upper; |
---|
693 | m_addr.sadb_address_prefixlen = |
---|
694 | (dplen >= 0 ? dplen : plen); |
---|
695 | m_addr.sadb_address_reserved = 0; |
---|
696 | |
---|
697 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
698 | sizeof(m_addr), sa, salen); |
---|
699 | #ifdef SADB_X_EXT_SEC_CTX |
---|
700 | /* Add security context label */ |
---|
701 | if (sec_ctx.doi) { |
---|
702 | struct sadb_x_sec_ctx m_sec_ctx; |
---|
703 | u_int slen = sizeof(struct sadb_x_sec_ctx); |
---|
704 | |
---|
705 | memset(&m_sec_ctx, 0, slen); |
---|
706 | |
---|
707 | m_sec_ctx.sadb_x_sec_len = |
---|
708 | PFKEY_UNIT64(slen + PFKEY_ALIGN8(sec_ctx.len)); |
---|
709 | |
---|
710 | m_sec_ctx.sadb_x_sec_exttype = |
---|
711 | SADB_X_EXT_SEC_CTX; |
---|
712 | m_sec_ctx.sadb_x_ctx_len = sec_ctx.len;/*bytes*/ |
---|
713 | m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi; |
---|
714 | m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg; |
---|
715 | setvarbuf(buf, &l, |
---|
716 | (struct sadb_ext *)&m_sec_ctx, slen, |
---|
717 | (caddr_t)sec_ctx.buf, sec_ctx.len); |
---|
718 | } |
---|
719 | #endif |
---|
720 | msg->sadb_msg_len = PFKEY_UNIT64(l); |
---|
721 | |
---|
722 | sendkeymsg(buf, l); |
---|
723 | |
---|
724 | #ifdef HAVE_POLICY_FWD |
---|
725 | /* create extra call for FWD policy */ |
---|
726 | if (f_rfcmode && sp->sadb_x_policy_dir == IPSEC_DIR_INBOUND) { |
---|
727 | sp->sadb_x_policy_dir = IPSEC_DIR_FWD; |
---|
728 | ps = (struct sadb_x_ipsecrequest*) (sp+1); |
---|
729 | |
---|
730 | /* if request level is unique, change it to |
---|
731 | * require for fwd policy */ |
---|
732 | /* XXX: currently, only first policy is updated |
---|
733 | * only. Update following too... */ |
---|
734 | saved_level = ps->sadb_x_ipsecrequest_level; |
---|
735 | if (saved_level == IPSEC_LEVEL_UNIQUE) { |
---|
736 | saved_id = ps->sadb_x_ipsecrequest_reqid; |
---|
737 | ps->sadb_x_ipsecrequest_reqid=0; |
---|
738 | ps->sadb_x_ipsecrequest_level=IPSEC_LEVEL_REQUIRE; |
---|
739 | } |
---|
740 | |
---|
741 | sendkeymsg(buf, l); |
---|
742 | /* restoring for next message */ |
---|
743 | sp->sadb_x_policy_dir = IPSEC_DIR_INBOUND; |
---|
744 | if (saved_level == IPSEC_LEVEL_UNIQUE) { |
---|
745 | ps->sadb_x_ipsecrequest_reqid = saved_id; |
---|
746 | ps->sadb_x_ipsecrequest_level = saved_level; |
---|
747 | } |
---|
748 | } |
---|
749 | #endif |
---|
750 | |
---|
751 | n++; |
---|
752 | } |
---|
753 | } |
---|
754 | |
---|
755 | if (n == 0) |
---|
756 | return -1; |
---|
757 | else |
---|
758 | return 0; |
---|
759 | } |
---|
760 | |
---|
761 | static int |
---|
762 | setkeymsg_spdaddr_tag(type, tag, policy) |
---|
763 | unsigned int type; |
---|
764 | char *tag; |
---|
765 | vchar_t *policy; |
---|
766 | { |
---|
767 | struct sadb_msg *msg; |
---|
768 | char buf[BUFSIZ]; |
---|
769 | int l, l0; |
---|
770 | #ifdef SADB_X_EXT_TAG |
---|
771 | struct sadb_x_tag m_tag; |
---|
772 | #endif |
---|
773 | int n; |
---|
774 | |
---|
775 | msg = (struct sadb_msg *)buf; |
---|
776 | |
---|
777 | /* fix up length afterwards */ |
---|
778 | setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0); |
---|
779 | l = sizeof(struct sadb_msg); |
---|
780 | |
---|
781 | memcpy(buf + l, policy->buf, policy->len); |
---|
782 | l += policy->len; |
---|
783 | |
---|
784 | l0 = l; |
---|
785 | n = 0; |
---|
786 | |
---|
787 | #ifdef SADB_X_EXT_TAG |
---|
788 | memset(&m_tag, 0, sizeof(m_tag)); |
---|
789 | m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag)); |
---|
790 | m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG; |
---|
791 | if (strlcpy(m_tag.sadb_x_tag_name, tag, |
---|
792 | sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name)) |
---|
793 | return -1; |
---|
794 | memcpy(buf + l, &m_tag, sizeof(m_tag)); |
---|
795 | l += sizeof(m_tag); |
---|
796 | #endif |
---|
797 | |
---|
798 | msg->sadb_msg_len = PFKEY_UNIT64(l); |
---|
799 | |
---|
800 | sendkeymsg(buf, l); |
---|
801 | |
---|
802 | return 0; |
---|
803 | } |
---|
804 | |
---|
805 | /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ |
---|
806 | static int |
---|
807 | setkeymsg_addr(type, satype, srcs, dsts, no_spi) |
---|
808 | unsigned int type; |
---|
809 | unsigned int satype; |
---|
810 | struct addrinfo *srcs; |
---|
811 | struct addrinfo *dsts; |
---|
812 | int no_spi; |
---|
813 | { |
---|
814 | struct sadb_msg *msg; |
---|
815 | char buf[BUFSIZ]; |
---|
816 | int l, l0, len; |
---|
817 | struct sadb_sa m_sa; |
---|
818 | struct sadb_x_sa2 m_sa2; |
---|
819 | struct sadb_address m_addr; |
---|
820 | struct addrinfo *s, *d; |
---|
821 | int n; |
---|
822 | int plen; |
---|
823 | struct sockaddr *sa; |
---|
824 | int salen; |
---|
825 | |
---|
826 | msg = (struct sadb_msg *)buf; |
---|
827 | |
---|
828 | if (!srcs || !dsts) |
---|
829 | return -1; |
---|
830 | |
---|
831 | /* fix up length afterwards */ |
---|
832 | setkeymsg0(msg, type, satype, 0); |
---|
833 | l = sizeof(struct sadb_msg); |
---|
834 | |
---|
835 | if (!no_spi) { |
---|
836 | len = sizeof(struct sadb_sa); |
---|
837 | m_sa.sadb_sa_len = PFKEY_UNIT64(len); |
---|
838 | m_sa.sadb_sa_exttype = SADB_EXT_SA; |
---|
839 | m_sa.sadb_sa_spi = htonl(p_spi); |
---|
840 | m_sa.sadb_sa_replay = p_replay; |
---|
841 | m_sa.sadb_sa_state = 0; |
---|
842 | m_sa.sadb_sa_auth = p_alg_auth; |
---|
843 | m_sa.sadb_sa_encrypt = p_alg_enc; |
---|
844 | m_sa.sadb_sa_flags = p_ext; |
---|
845 | |
---|
846 | memcpy(buf + l, &m_sa, len); |
---|
847 | l += len; |
---|
848 | |
---|
849 | len = sizeof(struct sadb_x_sa2); |
---|
850 | m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len); |
---|
851 | m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2; |
---|
852 | m_sa2.sadb_x_sa2_mode = p_mode; |
---|
853 | m_sa2.sadb_x_sa2_reqid = p_reqid; |
---|
854 | |
---|
855 | memcpy(buf + l, &m_sa2, len); |
---|
856 | l += len; |
---|
857 | } |
---|
858 | |
---|
859 | l0 = l; |
---|
860 | n = 0; |
---|
861 | |
---|
862 | /* do it for all src/dst pairs */ |
---|
863 | for (s = srcs; s; s = s->ai_next) { |
---|
864 | for (d = dsts; d; d = d->ai_next) { |
---|
865 | /* rewind pointer */ |
---|
866 | l = l0; |
---|
867 | |
---|
868 | if (s->ai_addr->sa_family != d->ai_addr->sa_family) |
---|
869 | continue; |
---|
870 | switch (s->ai_addr->sa_family) { |
---|
871 | case AF_INET: |
---|
872 | plen = sizeof(struct in_addr) << 3; |
---|
873 | break; |
---|
874 | #ifdef INET6 |
---|
875 | case AF_INET6: |
---|
876 | plen = sizeof(struct in6_addr) << 3; |
---|
877 | break; |
---|
878 | #endif |
---|
879 | default: |
---|
880 | continue; |
---|
881 | } |
---|
882 | |
---|
883 | /* set src */ |
---|
884 | sa = s->ai_addr; |
---|
885 | salen = sysdep_sa_len(s->ai_addr); |
---|
886 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
887 | PFKEY_ALIGN8(salen)); |
---|
888 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
---|
889 | m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
---|
890 | m_addr.sadb_address_prefixlen = plen; |
---|
891 | m_addr.sadb_address_reserved = 0; |
---|
892 | |
---|
893 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
894 | sizeof(m_addr), sa, salen); |
---|
895 | |
---|
896 | /* set dst */ |
---|
897 | sa = d->ai_addr; |
---|
898 | salen = sysdep_sa_len(d->ai_addr); |
---|
899 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
900 | PFKEY_ALIGN8(salen)); |
---|
901 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
---|
902 | m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
---|
903 | m_addr.sadb_address_prefixlen = plen; |
---|
904 | m_addr.sadb_address_reserved = 0; |
---|
905 | |
---|
906 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
907 | sizeof(m_addr), sa, salen); |
---|
908 | |
---|
909 | msg->sadb_msg_len = PFKEY_UNIT64(l); |
---|
910 | |
---|
911 | sendkeymsg(buf, l); |
---|
912 | |
---|
913 | n++; |
---|
914 | } |
---|
915 | } |
---|
916 | |
---|
917 | if (n == 0) |
---|
918 | return -1; |
---|
919 | else |
---|
920 | return 0; |
---|
921 | } |
---|
922 | |
---|
923 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
924 | static u_int16_t get_port (struct addrinfo *addr) |
---|
925 | { |
---|
926 | struct sockaddr *s = addr->ai_addr; |
---|
927 | u_int16_t port = 0; |
---|
928 | |
---|
929 | switch (s->sa_family) { |
---|
930 | case AF_INET: |
---|
931 | { |
---|
932 | struct sockaddr_in *sin4 = (struct sockaddr_in *)s; |
---|
933 | port = ntohs(sin4->sin_port); |
---|
934 | break; |
---|
935 | } |
---|
936 | case AF_INET6: |
---|
937 | { |
---|
938 | struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)s; |
---|
939 | port = ntohs(sin6->sin6_port); |
---|
940 | break; |
---|
941 | } |
---|
942 | } |
---|
943 | |
---|
944 | if (port == 0) |
---|
945 | port = DEFAULT_NATT_PORT; |
---|
946 | |
---|
947 | return port; |
---|
948 | } |
---|
949 | #endif |
---|
950 | |
---|
951 | /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */ |
---|
952 | static int |
---|
953 | setkeymsg_add(type, satype, srcs, dsts) |
---|
954 | unsigned int type; |
---|
955 | unsigned int satype; |
---|
956 | struct addrinfo *srcs; |
---|
957 | struct addrinfo *dsts; |
---|
958 | { |
---|
959 | struct sadb_msg *msg; |
---|
960 | char buf[BUFSIZ]; |
---|
961 | int l, l0, len; |
---|
962 | struct sadb_sa m_sa; |
---|
963 | struct sadb_x_sa2 m_sa2; |
---|
964 | struct sadb_address m_addr; |
---|
965 | struct addrinfo *s, *d; |
---|
966 | int n; |
---|
967 | int plen; |
---|
968 | struct sockaddr *sa; |
---|
969 | int salen; |
---|
970 | |
---|
971 | msg = (struct sadb_msg *)buf; |
---|
972 | |
---|
973 | if (!srcs || !dsts) |
---|
974 | return -1; |
---|
975 | |
---|
976 | /* fix up length afterwards */ |
---|
977 | setkeymsg0(msg, type, satype, 0); |
---|
978 | l = sizeof(struct sadb_msg); |
---|
979 | |
---|
980 | /* set encryption algorithm, if present. */ |
---|
981 | if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) { |
---|
982 | union { |
---|
983 | struct sadb_key key; |
---|
984 | struct sadb_ext ext; |
---|
985 | } m; |
---|
986 | |
---|
987 | m.key.sadb_key_len = |
---|
988 | PFKEY_UNIT64(sizeof(m.key) |
---|
989 | + PFKEY_ALIGN8(p_key_enc_len)); |
---|
990 | m.key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; |
---|
991 | m.key.sadb_key_bits = p_key_enc_len * 8; |
---|
992 | m.key.sadb_key_reserved = 0; |
---|
993 | |
---|
994 | setvarbuf(buf, &l, &m.ext, sizeof(m.key), |
---|
995 | p_key_enc, p_key_enc_len); |
---|
996 | } |
---|
997 | |
---|
998 | /* set authentication algorithm, if present. */ |
---|
999 | if (p_key_auth) { |
---|
1000 | union { |
---|
1001 | struct sadb_key key; |
---|
1002 | struct sadb_ext ext; |
---|
1003 | } m; |
---|
1004 | |
---|
1005 | m.key.sadb_key_len = |
---|
1006 | PFKEY_UNIT64(sizeof(m.key) |
---|
1007 | + PFKEY_ALIGN8(p_key_auth_len)); |
---|
1008 | m.key.sadb_key_exttype = SADB_EXT_KEY_AUTH; |
---|
1009 | m.key.sadb_key_bits = p_key_auth_len * 8; |
---|
1010 | m.key.sadb_key_reserved = 0; |
---|
1011 | |
---|
1012 | setvarbuf(buf, &l, &m.ext, sizeof(m.key), |
---|
1013 | p_key_auth, p_key_auth_len); |
---|
1014 | } |
---|
1015 | |
---|
1016 | /* set lifetime for HARD */ |
---|
1017 | if (p_lt_hard != 0 || p_lb_hard != 0) { |
---|
1018 | struct sadb_lifetime m_lt; |
---|
1019 | u_int slen = sizeof(struct sadb_lifetime); |
---|
1020 | |
---|
1021 | m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen); |
---|
1022 | m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; |
---|
1023 | m_lt.sadb_lifetime_allocations = 0; |
---|
1024 | m_lt.sadb_lifetime_bytes = p_lb_hard; |
---|
1025 | m_lt.sadb_lifetime_addtime = p_lt_hard; |
---|
1026 | m_lt.sadb_lifetime_usetime = 0; |
---|
1027 | |
---|
1028 | memcpy(buf + l, &m_lt, slen); |
---|
1029 | l += slen; |
---|
1030 | } |
---|
1031 | |
---|
1032 | /* set lifetime for SOFT */ |
---|
1033 | if (p_lt_soft != 0 || p_lb_soft != 0) { |
---|
1034 | struct sadb_lifetime m_lt; |
---|
1035 | u_int slen = sizeof(struct sadb_lifetime); |
---|
1036 | |
---|
1037 | m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen); |
---|
1038 | m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; |
---|
1039 | m_lt.sadb_lifetime_allocations = 0; |
---|
1040 | m_lt.sadb_lifetime_bytes = p_lb_soft; |
---|
1041 | m_lt.sadb_lifetime_addtime = p_lt_soft; |
---|
1042 | m_lt.sadb_lifetime_usetime = 0; |
---|
1043 | |
---|
1044 | memcpy(buf + l, &m_lt, slen); |
---|
1045 | l += slen; |
---|
1046 | } |
---|
1047 | |
---|
1048 | #ifdef SADB_X_EXT_SEC_CTX |
---|
1049 | /* Add security context label */ |
---|
1050 | if (sec_ctx.doi) { |
---|
1051 | struct sadb_x_sec_ctx m_sec_ctx; |
---|
1052 | u_int slen = sizeof(struct sadb_x_sec_ctx); |
---|
1053 | |
---|
1054 | memset(&m_sec_ctx, 0, slen); |
---|
1055 | |
---|
1056 | m_sec_ctx.sadb_x_sec_len = PFKEY_UNIT64(slen + |
---|
1057 | PFKEY_ALIGN8(sec_ctx.len)); |
---|
1058 | m_sec_ctx.sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX; |
---|
1059 | m_sec_ctx.sadb_x_ctx_len = sec_ctx.len; /* bytes */ |
---|
1060 | m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi; |
---|
1061 | m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg; |
---|
1062 | setvarbuf(buf, &l, (struct sadb_ext *)&m_sec_ctx, slen, |
---|
1063 | (caddr_t)sec_ctx.buf, sec_ctx.len); |
---|
1064 | } |
---|
1065 | #endif |
---|
1066 | |
---|
1067 | len = sizeof(struct sadb_sa); |
---|
1068 | m_sa.sadb_sa_len = PFKEY_UNIT64(len); |
---|
1069 | m_sa.sadb_sa_exttype = SADB_EXT_SA; |
---|
1070 | m_sa.sadb_sa_spi = htonl(p_spi); |
---|
1071 | m_sa.sadb_sa_replay = p_replay; |
---|
1072 | m_sa.sadb_sa_state = 0; |
---|
1073 | m_sa.sadb_sa_auth = p_alg_auth; |
---|
1074 | m_sa.sadb_sa_encrypt = p_alg_enc; |
---|
1075 | m_sa.sadb_sa_flags = p_ext; |
---|
1076 | |
---|
1077 | memcpy(buf + l, &m_sa, len); |
---|
1078 | l += len; |
---|
1079 | |
---|
1080 | len = sizeof(struct sadb_x_sa2); |
---|
1081 | m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len); |
---|
1082 | m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2; |
---|
1083 | m_sa2.sadb_x_sa2_mode = p_mode; |
---|
1084 | m_sa2.sadb_x_sa2_reqid = p_reqid; |
---|
1085 | |
---|
1086 | memcpy(buf + l, &m_sa2, len); |
---|
1087 | l += len; |
---|
1088 | |
---|
1089 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
1090 | if (p_natt_type) { |
---|
1091 | struct sadb_x_nat_t_type natt_type; |
---|
1092 | |
---|
1093 | len = sizeof(struct sadb_x_nat_t_type); |
---|
1094 | memset(&natt_type, 0, len); |
---|
1095 | natt_type.sadb_x_nat_t_type_len = PFKEY_UNIT64(len); |
---|
1096 | natt_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; |
---|
1097 | natt_type.sadb_x_nat_t_type_type = p_natt_type; |
---|
1098 | |
---|
1099 | memcpy(buf + l, &natt_type, len); |
---|
1100 | l += len; |
---|
1101 | |
---|
1102 | if (p_natt_oa) { |
---|
1103 | sa = p_natt_oa->ai_addr; |
---|
1104 | switch (sa->sa_family) { |
---|
1105 | case AF_INET: |
---|
1106 | plen = sizeof(struct in_addr) << 3; |
---|
1107 | break; |
---|
1108 | #ifdef INET6 |
---|
1109 | case AF_INET6: |
---|
1110 | plen = sizeof(struct in6_addr) << 3; |
---|
1111 | break; |
---|
1112 | #endif |
---|
1113 | default: |
---|
1114 | return -1; |
---|
1115 | } |
---|
1116 | salen = sysdep_sa_len(sa); |
---|
1117 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
1118 | PFKEY_ALIGN8(salen)); |
---|
1119 | m_addr.sadb_address_exttype = SADB_X_EXT_NAT_T_OA; |
---|
1120 | m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
---|
1121 | m_addr.sadb_address_prefixlen = plen; |
---|
1122 | m_addr.sadb_address_reserved = 0; |
---|
1123 | |
---|
1124 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
1125 | sizeof(m_addr), sa, salen); |
---|
1126 | } |
---|
1127 | } |
---|
1128 | #endif |
---|
1129 | |
---|
1130 | l0 = l; |
---|
1131 | n = 0; |
---|
1132 | |
---|
1133 | /* do it for all src/dst pairs */ |
---|
1134 | for (s = srcs; s; s = s->ai_next) { |
---|
1135 | for (d = dsts; d; d = d->ai_next) { |
---|
1136 | /* rewind pointer */ |
---|
1137 | l = l0; |
---|
1138 | |
---|
1139 | if (s->ai_addr->sa_family != d->ai_addr->sa_family) |
---|
1140 | continue; |
---|
1141 | switch (s->ai_addr->sa_family) { |
---|
1142 | case AF_INET: |
---|
1143 | plen = sizeof(struct in_addr) << 3; |
---|
1144 | break; |
---|
1145 | #ifdef INET6 |
---|
1146 | case AF_INET6: |
---|
1147 | plen = sizeof(struct in6_addr) << 3; |
---|
1148 | break; |
---|
1149 | #endif |
---|
1150 | default: |
---|
1151 | continue; |
---|
1152 | } |
---|
1153 | |
---|
1154 | /* set src */ |
---|
1155 | sa = s->ai_addr; |
---|
1156 | salen = sysdep_sa_len(s->ai_addr); |
---|
1157 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
1158 | PFKEY_ALIGN8(salen)); |
---|
1159 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; |
---|
1160 | m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
---|
1161 | m_addr.sadb_address_prefixlen = plen; |
---|
1162 | m_addr.sadb_address_reserved = 0; |
---|
1163 | |
---|
1164 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
1165 | sizeof(m_addr), sa, salen); |
---|
1166 | |
---|
1167 | /* set dst */ |
---|
1168 | sa = d->ai_addr; |
---|
1169 | salen = sysdep_sa_len(d->ai_addr); |
---|
1170 | m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) + |
---|
1171 | PFKEY_ALIGN8(salen)); |
---|
1172 | m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; |
---|
1173 | m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
---|
1174 | m_addr.sadb_address_prefixlen = plen; |
---|
1175 | m_addr.sadb_address_reserved = 0; |
---|
1176 | |
---|
1177 | setvarbuf(buf, &l, (struct sadb_ext *)&m_addr, |
---|
1178 | sizeof(m_addr), sa, salen); |
---|
1179 | |
---|
1180 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
1181 | if (p_natt_type) { |
---|
1182 | struct sadb_x_nat_t_port natt_port; |
---|
1183 | |
---|
1184 | /* NATT_SPORT */ |
---|
1185 | len = sizeof(struct sadb_x_nat_t_port); |
---|
1186 | memset(&natt_port, 0, len); |
---|
1187 | natt_port.sadb_x_nat_t_port_len = PFKEY_UNIT64(len); |
---|
1188 | natt_port.sadb_x_nat_t_port_exttype = |
---|
1189 | SADB_X_EXT_NAT_T_SPORT; |
---|
1190 | natt_port.sadb_x_nat_t_port_port = htons(get_port(s)); |
---|
1191 | |
---|
1192 | memcpy(buf + l, &natt_port, len); |
---|
1193 | l += len; |
---|
1194 | |
---|
1195 | /* NATT_DPORT */ |
---|
1196 | natt_port.sadb_x_nat_t_port_exttype = |
---|
1197 | SADB_X_EXT_NAT_T_DPORT; |
---|
1198 | natt_port.sadb_x_nat_t_port_port = htons(get_port(d)); |
---|
1199 | |
---|
1200 | memcpy(buf + l, &natt_port, len); |
---|
1201 | l += len; |
---|
1202 | } |
---|
1203 | #endif |
---|
1204 | msg->sadb_msg_len = PFKEY_UNIT64(l); |
---|
1205 | |
---|
1206 | sendkeymsg(buf, l); |
---|
1207 | |
---|
1208 | n++; |
---|
1209 | } |
---|
1210 | } |
---|
1211 | |
---|
1212 | if (n == 0) |
---|
1213 | return -1; |
---|
1214 | else |
---|
1215 | return 0; |
---|
1216 | } |
---|
1217 | |
---|
1218 | static struct addrinfo * |
---|
1219 | parse_addr(host, port) |
---|
1220 | char *host; |
---|
1221 | char *port; |
---|
1222 | { |
---|
1223 | struct addrinfo hints, *res = NULL; |
---|
1224 | int error; |
---|
1225 | |
---|
1226 | memset(&hints, 0, sizeof(hints)); |
---|
1227 | hints.ai_family = p_aifamily; |
---|
1228 | hints.ai_socktype = SOCK_DGRAM; /*dummy*/ |
---|
1229 | hints.ai_protocol = IPPROTO_UDP; /*dummy*/ |
---|
1230 | hints.ai_flags = p_aiflags; |
---|
1231 | error = getaddrinfo(host, port, &hints, &res); |
---|
1232 | if (error != 0) { |
---|
1233 | yyerror(gai_strerror(error)); |
---|
1234 | return NULL; |
---|
1235 | } |
---|
1236 | return res; |
---|
1237 | } |
---|
1238 | |
---|
1239 | static int |
---|
1240 | fix_portstr(ulproto, spec, sport, dport) |
---|
1241 | int ulproto; |
---|
1242 | vchar_t *spec, *sport, *dport; |
---|
1243 | { |
---|
1244 | char sp[16], dp[16]; |
---|
1245 | int a, b, c, d; |
---|
1246 | unsigned long u; |
---|
1247 | |
---|
1248 | if (spec->buf == NULL) |
---|
1249 | return 0; |
---|
1250 | |
---|
1251 | switch (ulproto) { |
---|
1252 | case IPPROTO_ICMP: |
---|
1253 | case IPPROTO_ICMPV6: |
---|
1254 | case IPPROTO_MH: |
---|
1255 | if (sscanf(spec->buf, "%d,%d", &a, &b) == 2) { |
---|
1256 | sprintf(sp, "%d", a); |
---|
1257 | sprintf(dp, "%d", b); |
---|
1258 | } else if (sscanf(spec->buf, "%d", &a) == 1) { |
---|
1259 | sprintf(sp, "%d", a); |
---|
1260 | } else { |
---|
1261 | yyerror("invalid an upper layer protocol spec"); |
---|
1262 | return -1; |
---|
1263 | } |
---|
1264 | break; |
---|
1265 | case IPPROTO_GRE: |
---|
1266 | if (sscanf(spec->buf, "%d.%d.%d.%d", &a, &b, &c, &d) == 4) { |
---|
1267 | sprintf(sp, "%d", (a << 8) + b); |
---|
1268 | sprintf(dp, "%d", (c << 8) + d); |
---|
1269 | } else if (sscanf(spec->buf, "%lu", &u) == 1) { |
---|
1270 | sprintf(sp, "%d", (int) (u >> 16)); |
---|
1271 | sprintf(dp, "%d", (int) (u & 0xffff)); |
---|
1272 | } else { |
---|
1273 | yyerror("invalid an upper layer protocol spec"); |
---|
1274 | return -1; |
---|
1275 | } |
---|
1276 | break; |
---|
1277 | } |
---|
1278 | |
---|
1279 | free(sport->buf); |
---|
1280 | sport->buf = strdup(sp); |
---|
1281 | if (!sport->buf) { |
---|
1282 | yyerror("insufficient memory"); |
---|
1283 | return -1; |
---|
1284 | } |
---|
1285 | sport->len = strlen(sport->buf); |
---|
1286 | |
---|
1287 | free(dport->buf); |
---|
1288 | dport->buf = strdup(dp); |
---|
1289 | if (!dport->buf) { |
---|
1290 | yyerror("insufficient memory"); |
---|
1291 | return -1; |
---|
1292 | } |
---|
1293 | dport->len = strlen(dport->buf); |
---|
1294 | |
---|
1295 | return 0; |
---|
1296 | } |
---|
1297 | |
---|
1298 | static int |
---|
1299 | setvarbuf(buf, off, ebuf, elen, vbuf, vlen) |
---|
1300 | char *buf; |
---|
1301 | int *off; |
---|
1302 | struct sadb_ext *ebuf; |
---|
1303 | int elen; |
---|
1304 | const void *vbuf; |
---|
1305 | int vlen; |
---|
1306 | { |
---|
1307 | memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); |
---|
1308 | memcpy(buf + *off, (caddr_t)ebuf, elen); |
---|
1309 | memcpy(buf + *off + elen, vbuf, vlen); |
---|
1310 | (*off) += PFKEY_ALIGN8(elen + vlen); |
---|
1311 | |
---|
1312 | return 0; |
---|
1313 | } |
---|
1314 | |
---|
1315 | void |
---|
1316 | parse_init() |
---|
1317 | { |
---|
1318 | p_spi = 0; |
---|
1319 | |
---|
1320 | p_ext = SADB_X_EXT_CYCSEQ; |
---|
1321 | p_alg_enc = SADB_EALG_NONE; |
---|
1322 | p_alg_auth = SADB_AALG_NONE; |
---|
1323 | p_mode = IPSEC_MODE_ANY; |
---|
1324 | p_reqid = 0; |
---|
1325 | p_replay = 0; |
---|
1326 | p_key_enc_len = p_key_auth_len = 0; |
---|
1327 | p_key_enc = p_key_auth = 0; |
---|
1328 | p_lt_hard = p_lt_soft = 0; |
---|
1329 | p_lb_hard = p_lb_soft = 0; |
---|
1330 | |
---|
1331 | memset(&sec_ctx, 0, sizeof(struct security_ctx)); |
---|
1332 | |
---|
1333 | p_aiflags = 0; |
---|
1334 | p_aifamily = PF_UNSPEC; |
---|
1335 | |
---|
1336 | /* Clear out any natt OA information */ |
---|
1337 | if (p_natt_oa) |
---|
1338 | freeaddrinfo (p_natt_oa); |
---|
1339 | p_natt_oa = NULL; |
---|
1340 | p_natt_type = 0; |
---|
1341 | |
---|
1342 | return; |
---|
1343 | } |
---|
1344 | |
---|
1345 | void |
---|
1346 | free_buffer() |
---|
1347 | { |
---|
1348 | /* we got tons of memory leaks in the parser anyways, leave them */ |
---|
1349 | |
---|
1350 | return; |
---|
1351 | } |
---|
1352 | #line 1353 "setkeyyy.tab.c" |
---|
1353 | |
---|
1354 | #if YYDEBUG |
---|
1355 | #include <stdio.h> /* needed for printf */ |
---|
1356 | #endif |
---|
1357 | |
---|
1358 | #include <stdlib.h> /* needed for malloc, etc */ |
---|
1359 | #include <string.h> /* needed for memset */ |
---|
1360 | |
---|
1361 | /* allocate initial stack or double stack size, up to YYMAXDEPTH */ |
---|
1362 | static int yygrowstack(YYSTACKDATA *data) |
---|
1363 | { |
---|
1364 | int i; |
---|
1365 | unsigned newsize; |
---|
1366 | YYINT *newss; |
---|
1367 | YYSTYPE *newvs; |
---|
1368 | |
---|
1369 | if ((newsize = data->stacksize) == 0) |
---|
1370 | newsize = YYINITSTACKSIZE; |
---|
1371 | else if (newsize >= YYMAXDEPTH) |
---|
1372 | return YYENOMEM; |
---|
1373 | else if ((newsize *= 2) > YYMAXDEPTH) |
---|
1374 | newsize = YYMAXDEPTH; |
---|
1375 | |
---|
1376 | i = (int) (data->s_mark - data->s_base); |
---|
1377 | newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); |
---|
1378 | if (newss == 0) |
---|
1379 | return YYENOMEM; |
---|
1380 | |
---|
1381 | data->s_base = newss; |
---|
1382 | data->s_mark = newss + i; |
---|
1383 | |
---|
1384 | newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); |
---|
1385 | if (newvs == 0) |
---|
1386 | return YYENOMEM; |
---|
1387 | |
---|
1388 | data->l_base = newvs; |
---|
1389 | data->l_mark = newvs + i; |
---|
1390 | |
---|
1391 | data->stacksize = newsize; |
---|
1392 | data->s_last = data->s_base + newsize - 1; |
---|
1393 | return 0; |
---|
1394 | } |
---|
1395 | |
---|
1396 | #if YYPURE || defined(YY_NO_LEAKS) |
---|
1397 | static void yyfreestack(YYSTACKDATA *data) |
---|
1398 | { |
---|
1399 | free(data->s_base); |
---|
1400 | free(data->l_base); |
---|
1401 | memset(data, 0, sizeof(*data)); |
---|
1402 | } |
---|
1403 | #else |
---|
1404 | #define yyfreestack(data) /* nothing */ |
---|
1405 | #endif |
---|
1406 | |
---|
1407 | #define YYABORT goto yyabort |
---|
1408 | #define YYREJECT goto yyabort |
---|
1409 | #define YYACCEPT goto yyaccept |
---|
1410 | #define YYERROR goto yyerrlab |
---|
1411 | |
---|
1412 | int |
---|
1413 | YYPARSE_DECL() |
---|
1414 | { |
---|
1415 | int yym, yyn, yystate; |
---|
1416 | #if YYDEBUG |
---|
1417 | const char *yys; |
---|
1418 | |
---|
1419 | if ((yys = getenv("YYDEBUG")) != 0) |
---|
1420 | { |
---|
1421 | yyn = *yys; |
---|
1422 | if (yyn >= '0' && yyn <= '9') |
---|
1423 | yydebug = yyn - '0'; |
---|
1424 | } |
---|
1425 | #endif |
---|
1426 | |
---|
1427 | yym = 0; |
---|
1428 | yyn = 0; |
---|
1429 | yynerrs = 0; |
---|
1430 | yyerrflag = 0; |
---|
1431 | yychar = YYEMPTY; |
---|
1432 | yystate = 0; |
---|
1433 | |
---|
1434 | #if YYPURE |
---|
1435 | memset(&yystack, 0, sizeof(yystack)); |
---|
1436 | #endif |
---|
1437 | |
---|
1438 | if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
1439 | yystack.s_mark = yystack.s_base; |
---|
1440 | yystack.l_mark = yystack.l_base; |
---|
1441 | yystate = 0; |
---|
1442 | *yystack.s_mark = 0; |
---|
1443 | |
---|
1444 | yyloop: |
---|
1445 | if ((yyn = yydefred[yystate]) != 0) goto yyreduce; |
---|
1446 | if (yychar < 0) |
---|
1447 | { |
---|
1448 | yychar = YYLEX; |
---|
1449 | if (yychar < 0) yychar = YYEOF; |
---|
1450 | #if YYDEBUG |
---|
1451 | if (yydebug) |
---|
1452 | { |
---|
1453 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
1454 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
1455 | YYPREFIX, yystate, yychar, yys); |
---|
1456 | } |
---|
1457 | #endif |
---|
1458 | } |
---|
1459 | if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
1460 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
1461 | { |
---|
1462 | #if YYDEBUG |
---|
1463 | if (yydebug) |
---|
1464 | printf("%sdebug: state %d, shifting to state %d\n", |
---|
1465 | YYPREFIX, yystate, yytable[yyn]); |
---|
1466 | #endif |
---|
1467 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
1468 | yystate = yytable[yyn]; |
---|
1469 | *++yystack.s_mark = yytable[yyn]; |
---|
1470 | *++yystack.l_mark = yylval; |
---|
1471 | yychar = YYEMPTY; |
---|
1472 | if (yyerrflag > 0) --yyerrflag; |
---|
1473 | goto yyloop; |
---|
1474 | } |
---|
1475 | if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
1476 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
1477 | { |
---|
1478 | yyn = yytable[yyn]; |
---|
1479 | goto yyreduce; |
---|
1480 | } |
---|
1481 | if (yyerrflag != 0) goto yyinrecovery; |
---|
1482 | |
---|
1483 | YYERROR_CALL("syntax error"); |
---|
1484 | |
---|
1485 | goto yyerrlab; /* redundant goto avoids 'unused label' warning */ |
---|
1486 | yyerrlab: |
---|
1487 | ++yynerrs; |
---|
1488 | |
---|
1489 | yyinrecovery: |
---|
1490 | if (yyerrflag < 3) |
---|
1491 | { |
---|
1492 | yyerrflag = 3; |
---|
1493 | for (;;) |
---|
1494 | { |
---|
1495 | if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 && |
---|
1496 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE) |
---|
1497 | { |
---|
1498 | #if YYDEBUG |
---|
1499 | if (yydebug) |
---|
1500 | printf("%sdebug: state %d, error recovery shifting\ |
---|
1501 | to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); |
---|
1502 | #endif |
---|
1503 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
1504 | yystate = yytable[yyn]; |
---|
1505 | *++yystack.s_mark = yytable[yyn]; |
---|
1506 | *++yystack.l_mark = yylval; |
---|
1507 | goto yyloop; |
---|
1508 | } |
---|
1509 | else |
---|
1510 | { |
---|
1511 | #if YYDEBUG |
---|
1512 | if (yydebug) |
---|
1513 | printf("%sdebug: error recovery discarding state %d\n", |
---|
1514 | YYPREFIX, *yystack.s_mark); |
---|
1515 | #endif |
---|
1516 | if (yystack.s_mark <= yystack.s_base) goto yyabort; |
---|
1517 | --yystack.s_mark; |
---|
1518 | --yystack.l_mark; |
---|
1519 | } |
---|
1520 | } |
---|
1521 | } |
---|
1522 | else |
---|
1523 | { |
---|
1524 | if (yychar == YYEOF) goto yyabort; |
---|
1525 | #if YYDEBUG |
---|
1526 | if (yydebug) |
---|
1527 | { |
---|
1528 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
1529 | printf("%sdebug: state %d, error recovery discards token %d (%s)\n", |
---|
1530 | YYPREFIX, yystate, yychar, yys); |
---|
1531 | } |
---|
1532 | #endif |
---|
1533 | yychar = YYEMPTY; |
---|
1534 | goto yyloop; |
---|
1535 | } |
---|
1536 | |
---|
1537 | yyreduce: |
---|
1538 | #if YYDEBUG |
---|
1539 | if (yydebug) |
---|
1540 | printf("%sdebug: state %d, reducing by rule %d (%s)\n", |
---|
1541 | YYPREFIX, yystate, yyn, yyrule[yyn]); |
---|
1542 | #endif |
---|
1543 | yym = yylen[yyn]; |
---|
1544 | if (yym > 0) |
---|
1545 | yyval = yystack.l_mark[1-yym]; |
---|
1546 | else |
---|
1547 | memset(&yyval, 0, sizeof yyval); |
---|
1548 | |
---|
1549 | switch (yyn) |
---|
1550 | { |
---|
1551 | case 2: |
---|
1552 | #line 165 "../../ipsec-tools/src/setkey/parse.y" |
---|
1553 | { |
---|
1554 | free_buffer(); |
---|
1555 | parse_init(); |
---|
1556 | } |
---|
1557 | break; |
---|
1558 | case 15: |
---|
1559 | #line 190 "../../ipsec-tools/src/setkey/parse.y" |
---|
1560 | { |
---|
1561 | int status; |
---|
1562 | |
---|
1563 | status = setkeymsg_add(SADB_ADD, yystack.l_mark[-4].num, yystack.l_mark[-6].res, yystack.l_mark[-5].res); |
---|
1564 | if (status < 0) |
---|
1565 | return -1; |
---|
1566 | } |
---|
1567 | break; |
---|
1568 | case 16: |
---|
1569 | #line 202 "../../ipsec-tools/src/setkey/parse.y" |
---|
1570 | { |
---|
1571 | int status; |
---|
1572 | |
---|
1573 | if (yystack.l_mark[-5].res->ai_next || yystack.l_mark[-4].res->ai_next) { |
---|
1574 | yyerror("multiple address specified"); |
---|
1575 | return -1; |
---|
1576 | } |
---|
1577 | if (p_mode != IPSEC_MODE_ANY) |
---|
1578 | yyerror("WARNING: mode is obsolete"); |
---|
1579 | |
---|
1580 | status = setkeymsg_addr(SADB_DELETE, yystack.l_mark[-3].num, yystack.l_mark[-5].res, yystack.l_mark[-4].res, 0); |
---|
1581 | if (status < 0) |
---|
1582 | return -1; |
---|
1583 | } |
---|
1584 | break; |
---|
1585 | case 17: |
---|
1586 | #line 221 "../../ipsec-tools/src/setkey/parse.y" |
---|
1587 | { |
---|
1588 | #ifndef __linux__ |
---|
1589 | if (setkeymsg_addr(SADB_DELETE, yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, 1) < 0) |
---|
1590 | return -1; |
---|
1591 | #else /* __linux__ */ |
---|
1592 | /* linux strictly adheres to RFC2367, and returns |
---|
1593 | * an error if we send an SADB_DELETE request without |
---|
1594 | * an SPI. Therefore, we must first retrieve a list |
---|
1595 | * of SPIs for all matching SADB entries, and then |
---|
1596 | * delete each one separately. */ |
---|
1597 | u_int32_t *spi; |
---|
1598 | int i, n; |
---|
1599 | |
---|
1600 | spi = sendkeymsg_spigrep(yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, &n); |
---|
1601 | for (i = 0; i < n; i++) { |
---|
1602 | p_spi = spi[i]; |
---|
1603 | if (setkeymsg_addr(SADB_DELETE, |
---|
1604 | yystack.l_mark[-1].num, yystack.l_mark[-3].res, yystack.l_mark[-2].res, 0) < 0) |
---|
1605 | return -1; |
---|
1606 | } |
---|
1607 | free(spi); |
---|
1608 | #endif /* __linux__ */ |
---|
1609 | } |
---|
1610 | break; |
---|
1611 | case 18: |
---|
1612 | #line 249 "../../ipsec-tools/src/setkey/parse.y" |
---|
1613 | { |
---|
1614 | int status; |
---|
1615 | |
---|
1616 | if (p_mode != IPSEC_MODE_ANY) |
---|
1617 | yyerror("WARNING: mode is obsolete"); |
---|
1618 | |
---|
1619 | status = setkeymsg_addr(SADB_GET, yystack.l_mark[-3].num, yystack.l_mark[-5].res, yystack.l_mark[-4].res, 0); |
---|
1620 | if (status < 0) |
---|
1621 | return -1; |
---|
1622 | } |
---|
1623 | break; |
---|
1624 | case 19: |
---|
1625 | #line 264 "../../ipsec-tools/src/setkey/parse.y" |
---|
1626 | { |
---|
1627 | struct sadb_msg msg; |
---|
1628 | setkeymsg0(&msg, SADB_FLUSH, yystack.l_mark[-1].num, sizeof(msg)); |
---|
1629 | sendkeymsg((char *)&msg, sizeof(msg)); |
---|
1630 | } |
---|
1631 | break; |
---|
1632 | case 20: |
---|
1633 | #line 274 "../../ipsec-tools/src/setkey/parse.y" |
---|
1634 | { |
---|
1635 | struct sadb_msg msg; |
---|
1636 | setkeymsg0(&msg, SADB_DUMP, yystack.l_mark[-1].num, sizeof(msg)); |
---|
1637 | sendkeymsg((char *)&msg, sizeof(msg)); |
---|
1638 | } |
---|
1639 | break; |
---|
1640 | case 21: |
---|
1641 | #line 283 "../../ipsec-tools/src/setkey/parse.y" |
---|
1642 | { |
---|
1643 | yyval.num = SADB_SATYPE_UNSPEC; |
---|
1644 | } |
---|
1645 | break; |
---|
1646 | case 22: |
---|
1647 | #line 287 "../../ipsec-tools/src/setkey/parse.y" |
---|
1648 | { |
---|
1649 | yyval.num = SADB_SATYPE_ESP; |
---|
1650 | if (yystack.l_mark[0].num == 1) |
---|
1651 | p_ext |= SADB_X_EXT_OLD; |
---|
1652 | else |
---|
1653 | p_ext &= ~SADB_X_EXT_OLD; |
---|
1654 | } |
---|
1655 | break; |
---|
1656 | case 23: |
---|
1657 | #line 295 "../../ipsec-tools/src/setkey/parse.y" |
---|
1658 | { |
---|
1659 | yyval.num = SADB_SATYPE_AH; |
---|
1660 | if (yystack.l_mark[0].num == 1) |
---|
1661 | p_ext |= SADB_X_EXT_OLD; |
---|
1662 | else |
---|
1663 | p_ext &= ~SADB_X_EXT_OLD; |
---|
1664 | } |
---|
1665 | break; |
---|
1666 | case 24: |
---|
1667 | #line 303 "../../ipsec-tools/src/setkey/parse.y" |
---|
1668 | { |
---|
1669 | yyval.num = SADB_X_SATYPE_IPCOMP; |
---|
1670 | } |
---|
1671 | break; |
---|
1672 | case 25: |
---|
1673 | #line 307 "../../ipsec-tools/src/setkey/parse.y" |
---|
1674 | { |
---|
1675 | yyval.num = SADB_SATYPE_ESP; |
---|
1676 | p_ext &= ~SADB_X_EXT_OLD; |
---|
1677 | p_natt_oa = 0; |
---|
1678 | p_natt_type = UDP_ENCAP_ESPINUDP; |
---|
1679 | } |
---|
1680 | break; |
---|
1681 | case 26: |
---|
1682 | #line 314 "../../ipsec-tools/src/setkey/parse.y" |
---|
1683 | { |
---|
1684 | yyval.num = SADB_SATYPE_ESP; |
---|
1685 | p_ext &= ~SADB_X_EXT_OLD; |
---|
1686 | p_natt_oa = yystack.l_mark[0].res; |
---|
1687 | p_natt_type = UDP_ENCAP_ESPINUDP; |
---|
1688 | } |
---|
1689 | break; |
---|
1690 | case 27: |
---|
1691 | #line 321 "../../ipsec-tools/src/setkey/parse.y" |
---|
1692 | { |
---|
1693 | #ifdef SADB_X_SATYPE_TCPSIGNATURE |
---|
1694 | yyval.num = SADB_X_SATYPE_TCPSIGNATURE; |
---|
1695 | #endif |
---|
1696 | } |
---|
1697 | break; |
---|
1698 | case 28: |
---|
1699 | #line 329 "../../ipsec-tools/src/setkey/parse.y" |
---|
1700 | { p_spi = yystack.l_mark[0].ulnum; } |
---|
1701 | break; |
---|
1702 | case 29: |
---|
1703 | #line 331 "../../ipsec-tools/src/setkey/parse.y" |
---|
1704 | { |
---|
1705 | char *ep; |
---|
1706 | unsigned long v; |
---|
1707 | |
---|
1708 | ep = NULL; |
---|
1709 | v = strtoul(yystack.l_mark[0].val.buf, &ep, 16); |
---|
1710 | if (!ep || *ep) { |
---|
1711 | yyerror("invalid SPI"); |
---|
1712 | return -1; |
---|
1713 | } |
---|
1714 | if (v & ~0xffffffff) { |
---|
1715 | yyerror("SPI too big."); |
---|
1716 | return -1; |
---|
1717 | } |
---|
1718 | |
---|
1719 | p_spi = v; |
---|
1720 | } |
---|
1721 | break; |
---|
1722 | case 36: |
---|
1723 | #line 367 "../../ipsec-tools/src/setkey/parse.y" |
---|
1724 | { |
---|
1725 | if (yystack.l_mark[0].num < 0) { |
---|
1726 | yyerror("unsupported algorithm"); |
---|
1727 | return -1; |
---|
1728 | } |
---|
1729 | p_alg_enc = yystack.l_mark[0].num; |
---|
1730 | } |
---|
1731 | break; |
---|
1732 | case 37: |
---|
1733 | #line 375 "../../ipsec-tools/src/setkey/parse.y" |
---|
1734 | { |
---|
1735 | if (yystack.l_mark[-1].num < 0) { |
---|
1736 | yyerror("unsupported algorithm"); |
---|
1737 | return -1; |
---|
1738 | } |
---|
1739 | p_alg_enc = yystack.l_mark[-1].num; |
---|
1740 | p_ext |= SADB_X_EXT_RAWCPI; |
---|
1741 | } |
---|
1742 | break; |
---|
1743 | case 38: |
---|
1744 | #line 386 "../../ipsec-tools/src/setkey/parse.y" |
---|
1745 | { |
---|
1746 | if (yystack.l_mark[0].num < 0) { |
---|
1747 | yyerror("unsupported algorithm"); |
---|
1748 | return -1; |
---|
1749 | } |
---|
1750 | p_alg_enc = yystack.l_mark[0].num; |
---|
1751 | |
---|
1752 | p_key_enc_len = 0; |
---|
1753 | p_key_enc = ""; |
---|
1754 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, |
---|
1755 | p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { |
---|
1756 | yyerror(ipsec_strerror()); |
---|
1757 | return -1; |
---|
1758 | } |
---|
1759 | } |
---|
1760 | break; |
---|
1761 | case 39: |
---|
1762 | #line 401 "../../ipsec-tools/src/setkey/parse.y" |
---|
1763 | { |
---|
1764 | if (yystack.l_mark[-1].num < 0) { |
---|
1765 | yyerror("unsupported algorithm"); |
---|
1766 | return -1; |
---|
1767 | } |
---|
1768 | p_alg_enc = yystack.l_mark[-1].num; |
---|
1769 | |
---|
1770 | p_key_enc_len = yystack.l_mark[0].val.len; |
---|
1771 | p_key_enc = yystack.l_mark[0].val.buf; |
---|
1772 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, |
---|
1773 | p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { |
---|
1774 | yyerror(ipsec_strerror()); |
---|
1775 | return -1; |
---|
1776 | } |
---|
1777 | } |
---|
1778 | break; |
---|
1779 | case 40: |
---|
1780 | #line 416 "../../ipsec-tools/src/setkey/parse.y" |
---|
1781 | { |
---|
1782 | if (yystack.l_mark[0].num < 0) { |
---|
1783 | yyerror("unsupported algorithm"); |
---|
1784 | return -1; |
---|
1785 | } |
---|
1786 | yyerror("WARNING: obsolete algorithm"); |
---|
1787 | p_alg_enc = yystack.l_mark[0].num; |
---|
1788 | |
---|
1789 | p_key_enc_len = 0; |
---|
1790 | p_key_enc = ""; |
---|
1791 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, |
---|
1792 | p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { |
---|
1793 | yyerror(ipsec_strerror()); |
---|
1794 | return -1; |
---|
1795 | } |
---|
1796 | } |
---|
1797 | break; |
---|
1798 | case 41: |
---|
1799 | #line 433 "../../ipsec-tools/src/setkey/parse.y" |
---|
1800 | { |
---|
1801 | if (yystack.l_mark[-1].num < 0) { |
---|
1802 | yyerror("unsupported algorithm"); |
---|
1803 | return -1; |
---|
1804 | } |
---|
1805 | p_alg_enc = yystack.l_mark[-1].num; |
---|
1806 | if (p_ext & SADB_X_EXT_OLD) { |
---|
1807 | yyerror("algorithm mismatched"); |
---|
1808 | return -1; |
---|
1809 | } |
---|
1810 | p_ext |= SADB_X_EXT_DERIV; |
---|
1811 | |
---|
1812 | p_key_enc_len = yystack.l_mark[0].val.len; |
---|
1813 | p_key_enc = yystack.l_mark[0].val.buf; |
---|
1814 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, |
---|
1815 | p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { |
---|
1816 | yyerror(ipsec_strerror()); |
---|
1817 | return -1; |
---|
1818 | } |
---|
1819 | } |
---|
1820 | break; |
---|
1821 | case 42: |
---|
1822 | #line 454 "../../ipsec-tools/src/setkey/parse.y" |
---|
1823 | { |
---|
1824 | if (yystack.l_mark[-1].num < 0) { |
---|
1825 | yyerror("unsupported algorithm"); |
---|
1826 | return -1; |
---|
1827 | } |
---|
1828 | p_alg_enc = yystack.l_mark[-1].num; |
---|
1829 | if (!(p_ext & SADB_X_EXT_OLD)) { |
---|
1830 | yyerror("algorithm mismatched"); |
---|
1831 | return -1; |
---|
1832 | } |
---|
1833 | p_ext |= SADB_X_EXT_IV4B; |
---|
1834 | |
---|
1835 | p_key_enc_len = yystack.l_mark[0].val.len; |
---|
1836 | p_key_enc = yystack.l_mark[0].val.buf; |
---|
1837 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, |
---|
1838 | p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { |
---|
1839 | yyerror(ipsec_strerror()); |
---|
1840 | return -1; |
---|
1841 | } |
---|
1842 | } |
---|
1843 | break; |
---|
1844 | case 43: |
---|
1845 | #line 477 "../../ipsec-tools/src/setkey/parse.y" |
---|
1846 | { |
---|
1847 | if (yystack.l_mark[-1].num < 0) { |
---|
1848 | yyerror("unsupported algorithm"); |
---|
1849 | return -1; |
---|
1850 | } |
---|
1851 | p_alg_auth = yystack.l_mark[-1].num; |
---|
1852 | |
---|
1853 | p_key_auth_len = yystack.l_mark[0].val.len; |
---|
1854 | p_key_auth = yystack.l_mark[0].val.buf; |
---|
1855 | #ifdef SADB_X_AALG_TCP_MD5 |
---|
1856 | if (p_alg_auth == SADB_X_AALG_TCP_MD5) { |
---|
1857 | if ((p_key_auth_len < 1) || |
---|
1858 | (p_key_auth_len > 80)) |
---|
1859 | return -1; |
---|
1860 | } else |
---|
1861 | #endif |
---|
1862 | { |
---|
1863 | if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, |
---|
1864 | p_alg_auth, |
---|
1865 | PFKEY_UNUNIT64(p_key_auth_len)) < 0) { |
---|
1866 | yyerror(ipsec_strerror()); |
---|
1867 | return -1; |
---|
1868 | } |
---|
1869 | } |
---|
1870 | } |
---|
1871 | break; |
---|
1872 | case 44: |
---|
1873 | #line 502 "../../ipsec-tools/src/setkey/parse.y" |
---|
1874 | { |
---|
1875 | if (yystack.l_mark[0].num < 0) { |
---|
1876 | yyerror("unsupported algorithm"); |
---|
1877 | return -1; |
---|
1878 | } |
---|
1879 | p_alg_auth = yystack.l_mark[0].num; |
---|
1880 | |
---|
1881 | p_key_auth_len = 0; |
---|
1882 | p_key_auth = NULL; |
---|
1883 | } |
---|
1884 | break; |
---|
1885 | case 45: |
---|
1886 | #line 516 "../../ipsec-tools/src/setkey/parse.y" |
---|
1887 | { |
---|
1888 | yyval.val = yystack.l_mark[0].val; |
---|
1889 | } |
---|
1890 | break; |
---|
1891 | case 46: |
---|
1892 | #line 520 "../../ipsec-tools/src/setkey/parse.y" |
---|
1893 | { |
---|
1894 | caddr_t pp_key; |
---|
1895 | caddr_t bp; |
---|
1896 | caddr_t yp = yystack.l_mark[0].val.buf; |
---|
1897 | int l; |
---|
1898 | |
---|
1899 | l = strlen(yp) % 2 + strlen(yp) / 2; |
---|
1900 | if ((pp_key = malloc(l)) == 0) { |
---|
1901 | yyerror("not enough core"); |
---|
1902 | return -1; |
---|
1903 | } |
---|
1904 | memset(pp_key, 0, l); |
---|
1905 | |
---|
1906 | bp = pp_key; |
---|
1907 | if (strlen(yp) % 2) { |
---|
1908 | *bp = ATOX(yp[0]); |
---|
1909 | yp++, bp++; |
---|
1910 | } |
---|
1911 | while (*yp) { |
---|
1912 | *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]); |
---|
1913 | yp += 2, bp++; |
---|
1914 | } |
---|
1915 | |
---|
1916 | yyval.val.len = l; |
---|
1917 | yyval.val.buf = pp_key; |
---|
1918 | } |
---|
1919 | break; |
---|
1920 | case 49: |
---|
1921 | #line 554 "../../ipsec-tools/src/setkey/parse.y" |
---|
1922 | { p_ext |= yystack.l_mark[0].num; } |
---|
1923 | break; |
---|
1924 | case 50: |
---|
1925 | #line 555 "../../ipsec-tools/src/setkey/parse.y" |
---|
1926 | { p_ext &= ~SADB_X_EXT_CYCSEQ; } |
---|
1927 | break; |
---|
1928 | case 51: |
---|
1929 | #line 556 "../../ipsec-tools/src/setkey/parse.y" |
---|
1930 | { p_mode = yystack.l_mark[0].num; } |
---|
1931 | break; |
---|
1932 | case 52: |
---|
1933 | #line 557 "../../ipsec-tools/src/setkey/parse.y" |
---|
1934 | { p_mode = IPSEC_MODE_ANY; } |
---|
1935 | break; |
---|
1936 | case 53: |
---|
1937 | #line 558 "../../ipsec-tools/src/setkey/parse.y" |
---|
1938 | { p_reqid = yystack.l_mark[0].ulnum; } |
---|
1939 | break; |
---|
1940 | case 54: |
---|
1941 | #line 560 "../../ipsec-tools/src/setkey/parse.y" |
---|
1942 | { |
---|
1943 | if ((p_ext & SADB_X_EXT_OLD) != 0) { |
---|
1944 | yyerror("replay prevention cannot be used with " |
---|
1945 | "ah/esp-old"); |
---|
1946 | return -1; |
---|
1947 | } |
---|
1948 | p_replay = yystack.l_mark[0].ulnum; |
---|
1949 | } |
---|
1950 | break; |
---|
1951 | case 55: |
---|
1952 | #line 568 "../../ipsec-tools/src/setkey/parse.y" |
---|
1953 | { p_lt_hard = yystack.l_mark[0].ulnum; } |
---|
1954 | break; |
---|
1955 | case 56: |
---|
1956 | #line 569 "../../ipsec-tools/src/setkey/parse.y" |
---|
1957 | { p_lt_soft = yystack.l_mark[0].ulnum; } |
---|
1958 | break; |
---|
1959 | case 57: |
---|
1960 | #line 570 "../../ipsec-tools/src/setkey/parse.y" |
---|
1961 | { p_lb_hard = yystack.l_mark[0].ulnum; } |
---|
1962 | break; |
---|
1963 | case 58: |
---|
1964 | #line 571 "../../ipsec-tools/src/setkey/parse.y" |
---|
1965 | { p_lb_soft = yystack.l_mark[0].ulnum; } |
---|
1966 | break; |
---|
1967 | case 59: |
---|
1968 | #line 572 "../../ipsec-tools/src/setkey/parse.y" |
---|
1969 | { |
---|
1970 | sec_ctx.doi = yystack.l_mark[-2].ulnum; |
---|
1971 | sec_ctx.alg = yystack.l_mark[-1].ulnum; |
---|
1972 | sec_ctx.len = yystack.l_mark[0].val.len+1; |
---|
1973 | sec_ctx.buf = yystack.l_mark[0].val.buf; |
---|
1974 | } |
---|
1975 | break; |
---|
1976 | case 60: |
---|
1977 | #line 585 "../../ipsec-tools/src/setkey/parse.y" |
---|
1978 | { |
---|
1979 | int status; |
---|
1980 | struct addrinfo *src, *dst; |
---|
1981 | |
---|
1982 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
1983 | last_msg_type = SADB_X_SPDADD; |
---|
1984 | #endif |
---|
1985 | |
---|
1986 | /* fixed port fields if ulp is icmp */ |
---|
1987 | if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val)) |
---|
1988 | return -1; |
---|
1989 | |
---|
1990 | src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf); |
---|
1991 | dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf); |
---|
1992 | if (!src || !dst) { |
---|
1993 | /* yyerror is already called */ |
---|
1994 | return -1; |
---|
1995 | } |
---|
1996 | if (src->ai_next || dst->ai_next) { |
---|
1997 | yyerror("multiple address specified"); |
---|
1998 | freeaddrinfo(src); |
---|
1999 | freeaddrinfo(dst); |
---|
2000 | return -1; |
---|
2001 | } |
---|
2002 | |
---|
2003 | status = setkeymsg_spdaddr(SADB_X_SPDADD, yystack.l_mark[-4].num, &yystack.l_mark[-1].val, |
---|
2004 | src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num); |
---|
2005 | freeaddrinfo(src); |
---|
2006 | freeaddrinfo(dst); |
---|
2007 | if (status < 0) |
---|
2008 | return -1; |
---|
2009 | } |
---|
2010 | break; |
---|
2011 | case 61: |
---|
2012 | #line 618 "../../ipsec-tools/src/setkey/parse.y" |
---|
2013 | { |
---|
2014 | int status; |
---|
2015 | |
---|
2016 | status = setkeymsg_spdaddr_tag(SADB_X_SPDADD, |
---|
2017 | yystack.l_mark[-2].val.buf, &yystack.l_mark[-1].val); |
---|
2018 | if (status < 0) |
---|
2019 | return -1; |
---|
2020 | } |
---|
2021 | break; |
---|
2022 | case 62: |
---|
2023 | #line 631 "../../ipsec-tools/src/setkey/parse.y" |
---|
2024 | { |
---|
2025 | int status; |
---|
2026 | struct addrinfo *src, *dst; |
---|
2027 | |
---|
2028 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
2029 | last_msg_type = SADB_X_SPDUPDATE; |
---|
2030 | #endif |
---|
2031 | |
---|
2032 | /* fixed port fields if ulp is icmp */ |
---|
2033 | if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val)) |
---|
2034 | return -1; |
---|
2035 | |
---|
2036 | src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf); |
---|
2037 | dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf); |
---|
2038 | if (!src || !dst) { |
---|
2039 | /* yyerror is already called */ |
---|
2040 | return -1; |
---|
2041 | } |
---|
2042 | if (src->ai_next || dst->ai_next) { |
---|
2043 | yyerror("multiple address specified"); |
---|
2044 | freeaddrinfo(src); |
---|
2045 | freeaddrinfo(dst); |
---|
2046 | return -1; |
---|
2047 | } |
---|
2048 | |
---|
2049 | status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, yystack.l_mark[-4].num, &yystack.l_mark[-1].val, |
---|
2050 | src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num); |
---|
2051 | freeaddrinfo(src); |
---|
2052 | freeaddrinfo(dst); |
---|
2053 | if (status < 0) |
---|
2054 | return -1; |
---|
2055 | } |
---|
2056 | break; |
---|
2057 | case 63: |
---|
2058 | #line 664 "../../ipsec-tools/src/setkey/parse.y" |
---|
2059 | { |
---|
2060 | int status; |
---|
2061 | |
---|
2062 | status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE, |
---|
2063 | yystack.l_mark[-2].val.buf, &yystack.l_mark[-1].val); |
---|
2064 | if (status < 0) |
---|
2065 | return -1; |
---|
2066 | } |
---|
2067 | break; |
---|
2068 | case 64: |
---|
2069 | #line 676 "../../ipsec-tools/src/setkey/parse.y" |
---|
2070 | { |
---|
2071 | int status; |
---|
2072 | struct addrinfo *src, *dst; |
---|
2073 | |
---|
2074 | /* fixed port fields if ulp is icmp */ |
---|
2075 | if (fix_portstr(yystack.l_mark[-4].num, &yystack.l_mark[-3].val, &yystack.l_mark[-8].val, &yystack.l_mark[-5].val)) |
---|
2076 | return -1; |
---|
2077 | |
---|
2078 | src = parse_addr(yystack.l_mark[-10].val.buf, yystack.l_mark[-8].val.buf); |
---|
2079 | dst = parse_addr(yystack.l_mark[-7].val.buf, yystack.l_mark[-5].val.buf); |
---|
2080 | if (!src || !dst) { |
---|
2081 | /* yyerror is already called */ |
---|
2082 | return -1; |
---|
2083 | } |
---|
2084 | if (src->ai_next || dst->ai_next) { |
---|
2085 | yyerror("multiple address specified"); |
---|
2086 | freeaddrinfo(src); |
---|
2087 | freeaddrinfo(dst); |
---|
2088 | return -1; |
---|
2089 | } |
---|
2090 | |
---|
2091 | status = setkeymsg_spdaddr(SADB_X_SPDDELETE, yystack.l_mark[-4].num, &yystack.l_mark[-1].val, |
---|
2092 | src, yystack.l_mark[-9].num, dst, yystack.l_mark[-6].num); |
---|
2093 | freeaddrinfo(src); |
---|
2094 | freeaddrinfo(dst); |
---|
2095 | if (status < 0) |
---|
2096 | return -1; |
---|
2097 | } |
---|
2098 | break; |
---|
2099 | case 65: |
---|
2100 | #line 708 "../../ipsec-tools/src/setkey/parse.y" |
---|
2101 | { |
---|
2102 | struct sadb_msg msg; |
---|
2103 | setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC, |
---|
2104 | sizeof(msg)); |
---|
2105 | sendkeymsg((char *)&msg, sizeof(msg)); |
---|
2106 | } |
---|
2107 | break; |
---|
2108 | case 66: |
---|
2109 | #line 719 "../../ipsec-tools/src/setkey/parse.y" |
---|
2110 | { |
---|
2111 | struct sadb_msg msg; |
---|
2112 | setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC, |
---|
2113 | sizeof(msg)); |
---|
2114 | sendkeymsg((char *)&msg, sizeof(msg)); |
---|
2115 | } |
---|
2116 | break; |
---|
2117 | case 69: |
---|
2118 | #line 734 "../../ipsec-tools/src/setkey/parse.y" |
---|
2119 | { |
---|
2120 | char *p; |
---|
2121 | |
---|
2122 | for (p = yystack.l_mark[0].val.buf + 1; *p; p++) |
---|
2123 | switch (*p) { |
---|
2124 | case '4': |
---|
2125 | p_aifamily = AF_INET; |
---|
2126 | break; |
---|
2127 | #ifdef INET6 |
---|
2128 | case '6': |
---|
2129 | p_aifamily = AF_INET6; |
---|
2130 | break; |
---|
2131 | #endif |
---|
2132 | case 'n': |
---|
2133 | p_aiflags = AI_NUMERICHOST; |
---|
2134 | break; |
---|
2135 | default: |
---|
2136 | yyerror("invalid flag"); |
---|
2137 | return -1; |
---|
2138 | } |
---|
2139 | } |
---|
2140 | break; |
---|
2141 | case 70: |
---|
2142 | #line 759 "../../ipsec-tools/src/setkey/parse.y" |
---|
2143 | { |
---|
2144 | yyval.res = parse_addr(yystack.l_mark[0].val.buf, NULL); |
---|
2145 | if (yyval.res == NULL) { |
---|
2146 | /* yyerror already called by parse_addr */ |
---|
2147 | return -1; |
---|
2148 | } |
---|
2149 | } |
---|
2150 | break; |
---|
2151 | case 71: |
---|
2152 | #line 770 "../../ipsec-tools/src/setkey/parse.y" |
---|
2153 | { |
---|
2154 | yyval.res = parse_addr(yystack.l_mark[0].val.buf, NULL); |
---|
2155 | if (yyval.res == NULL) { |
---|
2156 | /* yyerror already called by parse_addr */ |
---|
2157 | return -1; |
---|
2158 | } |
---|
2159 | } |
---|
2160 | break; |
---|
2161 | case 72: |
---|
2162 | #line 778 "../../ipsec-tools/src/setkey/parse.y" |
---|
2163 | { |
---|
2164 | yyval.res = parse_addr(yystack.l_mark[-1].val.buf, yystack.l_mark[0].val.buf); |
---|
2165 | if (yyval.res == NULL) { |
---|
2166 | /* yyerror already called by parse_addr */ |
---|
2167 | return -1; |
---|
2168 | } |
---|
2169 | } |
---|
2170 | break; |
---|
2171 | case 73: |
---|
2172 | #line 788 "../../ipsec-tools/src/setkey/parse.y" |
---|
2173 | { yyval.num = -1; } |
---|
2174 | break; |
---|
2175 | case 74: |
---|
2176 | #line 789 "../../ipsec-tools/src/setkey/parse.y" |
---|
2177 | { yyval.num = yystack.l_mark[0].ulnum; } |
---|
2178 | break; |
---|
2179 | case 75: |
---|
2180 | #line 794 "../../ipsec-tools/src/setkey/parse.y" |
---|
2181 | { |
---|
2182 | yyval.val.buf = strdup("0"); |
---|
2183 | if (!yyval.val.buf) { |
---|
2184 | yyerror("insufficient memory"); |
---|
2185 | return -1; |
---|
2186 | } |
---|
2187 | yyval.val.len = strlen(yyval.val.buf); |
---|
2188 | } |
---|
2189 | break; |
---|
2190 | case 76: |
---|
2191 | #line 803 "../../ipsec-tools/src/setkey/parse.y" |
---|
2192 | { |
---|
2193 | yyval.val.buf = strdup("0"); |
---|
2194 | if (!yyval.val.buf) { |
---|
2195 | yyerror("insufficient memory"); |
---|
2196 | return -1; |
---|
2197 | } |
---|
2198 | yyval.val.len = strlen(yyval.val.buf); |
---|
2199 | } |
---|
2200 | break; |
---|
2201 | case 77: |
---|
2202 | #line 812 "../../ipsec-tools/src/setkey/parse.y" |
---|
2203 | { |
---|
2204 | char buf[20]; |
---|
2205 | snprintf(buf, sizeof(buf), "%lu", yystack.l_mark[-1].ulnum); |
---|
2206 | yyval.val.buf = strdup(buf); |
---|
2207 | if (!yyval.val.buf) { |
---|
2208 | yyerror("insufficient memory"); |
---|
2209 | return -1; |
---|
2210 | } |
---|
2211 | yyval.val.len = strlen(yyval.val.buf); |
---|
2212 | } |
---|
2213 | break; |
---|
2214 | case 78: |
---|
2215 | #line 823 "../../ipsec-tools/src/setkey/parse.y" |
---|
2216 | { |
---|
2217 | yyval.val = yystack.l_mark[-1].val; |
---|
2218 | } |
---|
2219 | break; |
---|
2220 | case 79: |
---|
2221 | #line 829 "../../ipsec-tools/src/setkey/parse.y" |
---|
2222 | { yyval.num = yystack.l_mark[0].ulnum; } |
---|
2223 | break; |
---|
2224 | case 80: |
---|
2225 | #line 830 "../../ipsec-tools/src/setkey/parse.y" |
---|
2226 | { yyval.num = IPSEC_ULPROTO_ANY; } |
---|
2227 | break; |
---|
2228 | case 81: |
---|
2229 | #line 831 "../../ipsec-tools/src/setkey/parse.y" |
---|
2230 | { |
---|
2231 | yyval.num = IPPROTO_TCP; |
---|
2232 | } |
---|
2233 | break; |
---|
2234 | case 82: |
---|
2235 | #line 835 "../../ipsec-tools/src/setkey/parse.y" |
---|
2236 | { |
---|
2237 | struct protoent *ent; |
---|
2238 | |
---|
2239 | ent = getprotobyname(yystack.l_mark[0].val.buf); |
---|
2240 | if (ent) |
---|
2241 | yyval.num = ent->p_proto; |
---|
2242 | else { |
---|
2243 | if (strcmp("icmp6", yystack.l_mark[0].val.buf) == 0) { |
---|
2244 | yyval.num = IPPROTO_ICMPV6; |
---|
2245 | } else if(strcmp("ip4", yystack.l_mark[0].val.buf) == 0) { |
---|
2246 | yyval.num = IPPROTO_IPV4; |
---|
2247 | } else { |
---|
2248 | yyerror("invalid upper layer protocol"); |
---|
2249 | return -1; |
---|
2250 | } |
---|
2251 | } |
---|
2252 | endprotoent(); |
---|
2253 | } |
---|
2254 | break; |
---|
2255 | case 83: |
---|
2256 | #line 857 "../../ipsec-tools/src/setkey/parse.y" |
---|
2257 | { |
---|
2258 | yyval.val.buf = NULL; |
---|
2259 | yyval.val.len = 0; |
---|
2260 | } |
---|
2261 | break; |
---|
2262 | case 84: |
---|
2263 | #line 862 "../../ipsec-tools/src/setkey/parse.y" |
---|
2264 | { |
---|
2265 | yyval.val.buf = strdup(yystack.l_mark[0].val.buf); |
---|
2266 | if (!yyval.val.buf) { |
---|
2267 | yyerror("insufficient memory"); |
---|
2268 | return -1; |
---|
2269 | } |
---|
2270 | yyval.val.len = strlen(yyval.val.buf); |
---|
2271 | } |
---|
2272 | break; |
---|
2273 | case 86: |
---|
2274 | #line 874 "../../ipsec-tools/src/setkey/parse.y" |
---|
2275 | { |
---|
2276 | sec_ctx.doi = yystack.l_mark[-2].ulnum; |
---|
2277 | sec_ctx.alg = yystack.l_mark[-1].ulnum; |
---|
2278 | sec_ctx.len = yystack.l_mark[0].val.len+1; |
---|
2279 | sec_ctx.buf = yystack.l_mark[0].val.buf; |
---|
2280 | } |
---|
2281 | break; |
---|
2282 | case 87: |
---|
2283 | #line 884 "../../ipsec-tools/src/setkey/parse.y" |
---|
2284 | { |
---|
2285 | char *policy; |
---|
2286 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
2287 | struct sadb_x_policy *xpl; |
---|
2288 | #endif |
---|
2289 | |
---|
2290 | policy = ipsec_set_policy(yystack.l_mark[0].val.buf, yystack.l_mark[0].val.len); |
---|
2291 | if (policy == NULL) { |
---|
2292 | yyerror(ipsec_strerror()); |
---|
2293 | return -1; |
---|
2294 | } |
---|
2295 | |
---|
2296 | yyval.val.buf = policy; |
---|
2297 | yyval.val.len = ipsec_get_policylen(policy); |
---|
2298 | |
---|
2299 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
2300 | xpl = (struct sadb_x_policy *) yyval.val.buf; |
---|
2301 | last_priority = xpl->sadb_x_policy_priority; |
---|
2302 | #endif |
---|
2303 | } |
---|
2304 | break; |
---|
2305 | case 88: |
---|
2306 | #line 907 "../../ipsec-tools/src/setkey/parse.y" |
---|
2307 | { yyval.val = yystack.l_mark[0].val; } |
---|
2308 | break; |
---|
2309 | case 89: |
---|
2310 | #line 913 "../../ipsec-tools/src/setkey/parse.y" |
---|
2311 | { |
---|
2312 | exit_now = 1; |
---|
2313 | YYACCEPT; |
---|
2314 | } |
---|
2315 | break; |
---|
2316 | #line 2317 "setkeyyy.tab.c" |
---|
2317 | } |
---|
2318 | yystack.s_mark -= yym; |
---|
2319 | yystate = *yystack.s_mark; |
---|
2320 | yystack.l_mark -= yym; |
---|
2321 | yym = yylhs[yyn]; |
---|
2322 | if (yystate == 0 && yym == 0) |
---|
2323 | { |
---|
2324 | #if YYDEBUG |
---|
2325 | if (yydebug) |
---|
2326 | printf("%sdebug: after reduction, shifting from state 0 to\ |
---|
2327 | state %d\n", YYPREFIX, YYFINAL); |
---|
2328 | #endif |
---|
2329 | yystate = YYFINAL; |
---|
2330 | *++yystack.s_mark = YYFINAL; |
---|
2331 | *++yystack.l_mark = yyval; |
---|
2332 | if (yychar < 0) |
---|
2333 | { |
---|
2334 | yychar = YYLEX; |
---|
2335 | if (yychar < 0) yychar = YYEOF; |
---|
2336 | #if YYDEBUG |
---|
2337 | if (yydebug) |
---|
2338 | { |
---|
2339 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
2340 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
2341 | YYPREFIX, YYFINAL, yychar, yys); |
---|
2342 | } |
---|
2343 | #endif |
---|
2344 | } |
---|
2345 | if (yychar == YYEOF) goto yyaccept; |
---|
2346 | goto yyloop; |
---|
2347 | } |
---|
2348 | if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 && |
---|
2349 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate) |
---|
2350 | yystate = yytable[yyn]; |
---|
2351 | else |
---|
2352 | yystate = yydgoto[yym]; |
---|
2353 | #if YYDEBUG |
---|
2354 | if (yydebug) |
---|
2355 | printf("%sdebug: after reduction, shifting from state %d \ |
---|
2356 | to state %d\n", YYPREFIX, *yystack.s_mark, yystate); |
---|
2357 | #endif |
---|
2358 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
2359 | *++yystack.s_mark = (YYINT) yystate; |
---|
2360 | *++yystack.l_mark = yyval; |
---|
2361 | goto yyloop; |
---|
2362 | |
---|
2363 | yyoverflow: |
---|
2364 | YYERROR_CALL("yacc stack overflow"); |
---|
2365 | |
---|
2366 | yyabort: |
---|
2367 | yyfreestack(&yystack); |
---|
2368 | return (1); |
---|
2369 | |
---|
2370 | yyaccept: |
---|
2371 | yyfreestack(&yystack); |
---|
2372 | return (0); |
---|
2373 | } |
---|