Context Navigation

parse.c @ ff36f5e

55-freebsd-126-freebsd-12

Last change on this file since ff36f5e was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on 05/30/18 at 12:27:35

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

Property mode set to 100644

File size: 96.8 KB

Rev	Line
[ff36f5e]	1	/* A Bison parser, made by GNU Bison 2.6.2. */
	2
	3	/* Bison implementation for Yacc-like parsers in C
	4
	5	Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
	6
	7	This program is free software: you can redistribute it and/or modify
	8	it under the terms of the GNU General Public License as published by
	9	the Free Software Foundation, either version 3 of the License, or
	10	(at your option) any later version.
	11
	12	This program is distributed in the hope that it will be useful,
	13	but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	GNU General Public License for more details.
	16
	17	You should have received a copy of the GNU General Public License
	18	along with this program. If not, see <http://www.gnu.org/licenses/>. */
	19
	20	/* As a special exception, you may create a larger work that contains
	21	part or all of the Bison parser skeleton and distribute that work
	22	under terms of your choice, so long as that work isn't itself a
	23	parser generator using the skeleton or a modified version thereof
	24	as a parser skeleton. Alternatively, if you modify or redistribute
	25	the parser skeleton itself, you may (at your option) remove this
	26	special exception, which will cause the skeleton and the resulting
	27	Bison output files to be licensed under the GNU General Public
	28	License without this special exception.
	29
	30	This special exception was added by the Free Software Foundation in
	31	version 2.2 of Bison. */
	32
	33	/* C LALR(1) parser skeleton written by Richard Stallman, by
	34	simplifying the original so-called "semantic" parser. */
	35
	36	/* All symbols defined below should begin with yy or YY, to avoid
	37	infringing on user name space. This should be done even for local
	38	variables, as they might otherwise be expanded by user macros.
	39	There are some unavoidable exceptions within include files to
	40	define necessary library symbols; they are noted "INFRINGES ON
	41	USER NAME SPACE" below. */
	42
	43	/* Identify Bison output. */
	44	#define YYBISON 1
	45
	46	/* Bison version. */
	47	#define YYBISON_VERSION "2.6.2"
	48
	49	/* Skeleton name. */
	50	#define YYSKELETON_NAME "yacc.c"
	51
	52	/* Pure parsers. */
	53	#define YYPURE 0
	54
	55	/* Push parsers. */
	56	#define YYPUSH 0
	57
	58	/* Pull parsers. */
	59	#define YYPULL 1
	60
	61
	62
	63
	64	/* Copy the first part of user declarations. */
	65	/* Line 336 of yacc.c */
	66	#line 34 "parse.y"
	67
	68	#ifdef HAVE_CONFIG_H
	69	#include "config.h"
	70	#endif
	71
	72	#include <sys/types.h>
	73	#include <sys/param.h>
	74	#include <sys/socket.h>
	75
	76	#include <netinet/in.h>
	77	#include <net/pfkeyv2.h>
	78	#include PATH_IPSEC_H
	79	#include <arpa/inet.h>
	80
	81	#include <string.h>
	82	#include <unistd.h>
	83	#include <stdio.h>
	84	#include <netdb.h>
	85	#include <ctype.h>
	86	#include <errno.h>
	87	#include <stdlib.h>
	88
	89	#include "libpfkey.h"
	90	#include "vchar.h"
	91	#include "extern.h"
	92
	93	#define DEFAULT_NATT_PORT 4500
	94
	95	#ifndef UDP_ENCAP_ESPINUDP
	96	#define UDP_ENCAP_ESPINUDP 2
	97	#endif
	98
	99	#define ATOX(c) \
	100	(isdigit((int)c) ? (c - '0') : \
	101	(isupper((int)c) ? (c - 'A' + 10) : (c - 'a' + 10)))
	102
	103	u_int32_t p_spi;
	104	u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
	105	u_int32_t p_reqid;
	106	u_int p_key_enc_len, p_key_auth_len;
	107	const char *p_key_enc;
	108	const char *p_key_auth;
	109	time_t p_lt_hard, p_lt_soft;
	110	size_t p_lb_hard, p_lb_soft;
	111
	112	struct security_ctx {
	113	u_int8_t doi;
	114	u_int8_t alg;
	115	u_int16_t len;
	116	char *buf;
	117	};
	118
	119	struct security_ctx sec_ctx;
	120
	121	static u_int p_natt_type;
	122	static struct addrinfo * p_natt_oa = NULL;
	123
	124	static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
	125
	126	static struct addrinfo parse_addr __P((char , char *));
	127	static int fix_portstr __P((int, vchar_t , vchar_t , vchar_t *));
	128	static int setvarbuf __P((char , int , struct sadb_ext *, int,
	129	const void *, int));
	130	void parse_init __P((void));
	131	void free_buffer __P((void));
	132
	133	int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
	134	static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
	135	struct addrinfo , int, struct addrinfo , int));
	136	static int setkeymsg_spdaddr_tag __P((unsigned int, char , vchar_t ));
	137	static int setkeymsg_addr __P((unsigned int, unsigned int,
	138	struct addrinfo , struct addrinfo , int));
	139	static int setkeymsg_add __P((unsigned int, unsigned int,
	140	struct addrinfo , struct addrinfo ));
	141
	142	/* Line 336 of yacc.c */
	143	#line 144 "parse.c"
	144
	145	# ifndef YY_NULL
	146	# if defined __cplusplus && 201103L <= __cplusplus
	147	# define YY_NULL nullptr
	148	# else
	149	# define YY_NULL 0
	150	# endif
	151	# endif
	152
	153	/* Enabling verbose error messages. */
	154	#ifdef YYERROR_VERBOSE
	155	# undef YYERROR_VERBOSE
	156	# define YYERROR_VERBOSE 1
	157	#else
	158	# define YYERROR_VERBOSE 0
	159	#endif
	160
	161	/* In a future release of Bison, this section will be replaced
	162	by #include "y.tab.h". */
	163	#ifndef YY_Y_TAB_H
	164	# define YY_Y_TAB_H
	165	/* Enabling traces. */
	166	#ifndef YYDEBUG
	167	# define YYDEBUG 0
	168	#endif
	169	#if YYDEBUG
	170	extern int yydebug;
	171	#endif
	172
	173	/* Tokens. */
	174	#ifndef YYTOKENTYPE
	175	# define YYTOKENTYPE
	176	/* Put the tokens into the symbol table, so that GDB and other debuggers
	177	know about them. */
	178	enum yytokentype {
	179	EOT = 258,
	180	SLASH = 259,
	181	BLCL = 260,
	182	ELCL = 261,
	183	ADD = 262,
	184	GET = 263,
	185	DELETE = 264,
	186	DELETEALL = 265,
	187	FLUSH = 266,
	188	DUMP = 267,
	189	EXIT = 268,
	190	PR_ESP = 269,
	191	PR_AH = 270,
	192	PR_IPCOMP = 271,
	193	PR_ESPUDP = 272,
	194	PR_TCP = 273,
	195	F_PROTOCOL = 274,
	196	F_AUTH = 275,
	197	F_ENC = 276,
	198	F_REPLAY = 277,
	199	F_COMP = 278,
	200	F_RAWCPI = 279,
	201	F_MODE = 280,
	202	MODE = 281,
	203	F_REQID = 282,
	204	F_EXT = 283,
	205	EXTENSION = 284,
	206	NOCYCLICSEQ = 285,
	207	ALG_AUTH = 286,
	208	ALG_AUTH_NOKEY = 287,
	209	ALG_ENC = 288,
	210	ALG_ENC_NOKEY = 289,
	211	ALG_ENC_DESDERIV = 290,
	212	ALG_ENC_DES32IV = 291,
	213	ALG_ENC_OLD = 292,
	214	ALG_COMP = 293,
	215	F_LIFETIME_HARD = 294,
	216	F_LIFETIME_SOFT = 295,
	217	F_LIFEBYTE_HARD = 296,
	218	F_LIFEBYTE_SOFT = 297,
	219	DECSTRING = 298,
	220	QUOTEDSTRING = 299,
	221	HEXSTRING = 300,
	222	STRING = 301,
	223	ANY = 302,
	224	SPDADD = 303,
	225	SPDUPDATE = 304,
	226	SPDDELETE = 305,
	227	SPDDUMP = 306,
	228	SPDFLUSH = 307,
	229	F_POLICY = 308,
	230	PL_REQUESTS = 309,
	231	F_AIFLAGS = 310,
	232	TAGGED = 311,
	233	SECURITY_CTX = 312
	234	};
	235	#endif
	236	/* Tokens. */
	237	#define EOT 258
	238	#define SLASH 259
	239	#define BLCL 260
	240	#define ELCL 261
	241	#define ADD 262
	242	#define GET 263
	243	#define DELETE 264
	244	#define DELETEALL 265
	245	#define FLUSH 266
	246	#define DUMP 267
	247	#define EXIT 268
	248	#define PR_ESP 269
	249	#define PR_AH 270
	250	#define PR_IPCOMP 271
	251	#define PR_ESPUDP 272
	252	#define PR_TCP 273
	253	#define F_PROTOCOL 274
	254	#define F_AUTH 275
	255	#define F_ENC 276
	256	#define F_REPLAY 277
	257	#define F_COMP 278
	258	#define F_RAWCPI 279
	259	#define F_MODE 280
	260	#define MODE 281
	261	#define F_REQID 282
	262	#define F_EXT 283
	263	#define EXTENSION 284
	264	#define NOCYCLICSEQ 285
	265	#define ALG_AUTH 286
	266	#define ALG_AUTH_NOKEY 287
	267	#define ALG_ENC 288
	268	#define ALG_ENC_NOKEY 289
	269	#define ALG_ENC_DESDERIV 290
	270	#define ALG_ENC_DES32IV 291
	271	#define ALG_ENC_OLD 292
	272	#define ALG_COMP 293
	273	#define F_LIFETIME_HARD 294
	274	#define F_LIFETIME_SOFT 295
	275	#define F_LIFEBYTE_HARD 296
	276	#define F_LIFEBYTE_SOFT 297
	277	#define DECSTRING 298
	278	#define QUOTEDSTRING 299
	279	#define HEXSTRING 300
	280	#define STRING 301
	281	#define ANY 302
	282	#define SPDADD 303
	283	#define SPDUPDATE 304
	284	#define SPDDELETE 305
	285	#define SPDDUMP 306
	286	#define SPDFLUSH 307
	287	#define F_POLICY 308
	288	#define PL_REQUESTS 309
	289	#define F_AIFLAGS 310
	290	#define TAGGED 311
	291	#define SECURITY_CTX 312
	292
	293
	294
	295	#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
	296	typedef union YYSTYPE
	297	{
	298	/* Line 350 of yacc.c */
	299	#line 110 "parse.y"
	300
	301	int num;
	302	unsigned long ulnum;
	303	vchar_t val;
	304	struct addrinfo *res;
	305
	306
	307	/* Line 350 of yacc.c */
	308	#line 309 "parse.c"
	309	} YYSTYPE;
	310	# define YYSTYPE_IS_TRIVIAL 1
	311	# define yystype YYSTYPE /* obsolescent; will be withdrawn */
	312	# define YYSTYPE_IS_DECLARED 1
	313	#endif
	314
	315	extern YYSTYPE yylval;
	316
	317	#ifdef YYPARSE_PARAM
	318	#if defined __STDC__ \|\| defined __cplusplus
	319	int yyparse (void *YYPARSE_PARAM);
	320	#else
	321	int yyparse ();
	322	#endif
	323	#else /* ! YYPARSE_PARAM */
	324	#if defined __STDC__ \|\| defined __cplusplus
	325	int yyparse (void);
	326	#else
	327	int yyparse ();
	328	#endif
	329	#endif /* ! YYPARSE_PARAM */
	330
	331	#endif /* !YY_Y_TAB_H */
	332
	333	/* Copy the second part of user declarations. */
	334
	335	/* Line 353 of yacc.c */
	336	#line 337 "parse.c"
	337
	338	#ifdef short
	339	# undef short
	340	#endif
	341
	342	#ifdef YYTYPE_UINT8
	343	typedef YYTYPE_UINT8 yytype_uint8;
	344	#else
	345	typedef unsigned char yytype_uint8;
	346	#endif
	347
	348	#ifdef YYTYPE_INT8
	349	typedef YYTYPE_INT8 yytype_int8;
	350	#elif (defined __STDC__ \|\| defined __C99__FUNC__ \
	351	\|\| defined __cplusplus \|\| defined _MSC_VER)
	352	typedef signed char yytype_int8;
	353	#else
	354	typedef short int yytype_int8;
	355	#endif
	356
	357	#ifdef YYTYPE_UINT16
	358	typedef YYTYPE_UINT16 yytype_uint16;
	359	#else
	360	typedef unsigned short int yytype_uint16;
	361	#endif
	362
	363	#ifdef YYTYPE_INT16
	364	typedef YYTYPE_INT16 yytype_int16;
	365	#else
	366	typedef short int yytype_int16;
	367	#endif
	368
	369	#ifndef YYSIZE_T
	370	# ifdef __SIZE_TYPE__
	371	# define YYSIZE_T __SIZE_TYPE__
	372	# elif defined size_t
	373	# define YYSIZE_T size_t
	374	# elif ! defined YYSIZE_T && (defined __STDC__ \|\| defined __C99__FUNC__ \
	375	\|\| defined __cplusplus \|\| defined _MSC_VER)
	376	# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
	377	# define YYSIZE_T size_t
	378	# else
	379	# define YYSIZE_T unsigned int
	380	# endif
	381	#endif
	382
	383	#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
	384
	385	#ifndef YY_
	386	# if defined YYENABLE_NLS && YYENABLE_NLS
	387	# if ENABLE_NLS
	388	# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
	389	# define YY_(msgid) dgettext ("bison-runtime", msgid)
	390	# endif
	391	# endif
	392	# ifndef YY_
	393	# define YY_(msgid) msgid
	394	# endif
	395	#endif
	396
	397	/* Suppress unused-variable warnings by "using" E. */
	398	#if ! defined lint \|\| defined __GNUC__
	399	# define YYUSE(e) ((void) (e))
	400	#else
	401	# define YYUSE(e) /* empty */
	402	#endif
	403
	404	/* Identity function, used to suppress warnings about constant conditions. */
	405	#ifndef lint
	406	# define YYID(n) (n)
	407	#else
	408	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	409	\|\| defined __cplusplus \|\| defined _MSC_VER)
	410	static int
	411	YYID (int yyi)
	412	#else
	413	static int
	414	YYID (yyi)
	415	int yyi;
	416	#endif
	417	{
	418	return yyi;
	419	}
	420	#endif
	421
	422	#if ! defined yyoverflow \|\| YYERROR_VERBOSE
	423
	424	/* The parser invokes alloca or malloc; define the necessary symbols. */
	425
	426	# ifdef YYSTACK_USE_ALLOCA
	427	# if YYSTACK_USE_ALLOCA
	428	# ifdef __GNUC__
	429	# define YYSTACK_ALLOC __builtin_alloca
	430	# elif defined __BUILTIN_VA_ARG_INCR
	431	# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
	432	# elif defined _AIX
	433	# define YYSTACK_ALLOC __alloca
	434	# elif defined _MSC_VER
	435	# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
	436	# define alloca _alloca
	437	# else
	438	# define YYSTACK_ALLOC alloca
	439	# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ \|\| defined __C99__FUNC__ \
	440	\|\| defined __cplusplus \|\| defined _MSC_VER)
	441	# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
	442	/* Use EXIT_SUCCESS as a witness for stdlib.h. */
	443	# ifndef EXIT_SUCCESS
	444	# define EXIT_SUCCESS 0
	445	# endif
	446	# endif
	447	# endif
	448	# endif
	449	# endif
	450
	451	# ifdef YYSTACK_ALLOC
	452	/* Pacify GCC's `empty if-body' warning. */
	453	# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
	454	# ifndef YYSTACK_ALLOC_MAXIMUM
	455	/* The OS might guarantee only one guard page at the bottom of the stack,
	456	and a page size can be as small as 4096 bytes. So we cannot safely
	457	invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
	458	to allow for a few compiler-allocated temporary stack slots. */
	459	# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
	460	# endif
	461	# else
	462	# define YYSTACK_ALLOC YYMALLOC
	463	# define YYSTACK_FREE YYFREE
	464	# ifndef YYSTACK_ALLOC_MAXIMUM
	465	# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
	466	# endif
	467	# if (defined __cplusplus && ! defined EXIT_SUCCESS \
	468	&& ! ((defined YYMALLOC \|\| defined malloc) \
	469	&& (defined YYFREE \|\| defined free)))
	470	# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
	471	# ifndef EXIT_SUCCESS
	472	# define EXIT_SUCCESS 0
	473	# endif
	474	# endif
	475	# ifndef YYMALLOC
	476	# define YYMALLOC malloc
	477	# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ \|\| defined __C99__FUNC__ \
	478	\|\| defined __cplusplus \|\| defined _MSC_VER)
	479	void malloc (YYSIZE_T); / INFRINGES ON USER NAME SPACE */
	480	# endif
	481	# endif
	482	# ifndef YYFREE
	483	# define YYFREE free
	484	# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ \|\| defined __C99__FUNC__ \
	485	\|\| defined __cplusplus \|\| defined _MSC_VER)
	486	void free (void ); / INFRINGES ON USER NAME SPACE */
	487	# endif
	488	# endif
	489	# endif
	490	#endif /* ! defined yyoverflow \|\| YYERROR_VERBOSE */
	491
	492
	493	#if (! defined yyoverflow \
	494	&& (! defined __cplusplus \
	495	\|\| (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
	496
	497	/* A type that is properly aligned for any stack member. */
	498	union yyalloc
	499	{
	500	yytype_int16 yyss_alloc;
	501	YYSTYPE yyvs_alloc;
	502	};
	503
	504	/* The size of the maximum gap between one aligned stack and the next. */
	505	# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
	506
	507	/* The size of an array large to enough to hold all stacks, each with
	508	N elements. */
	509	# define YYSTACK_BYTES(N) \
	510	((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
	511	+ YYSTACK_GAP_MAXIMUM)
	512
	513	# define YYCOPY_NEEDED 1
	514
	515	/* Relocate STACK from its old location to the new one. The
	516	local variables YYSIZE and YYSTACKSIZE give the old and new number of
	517	elements in the stack, and YYPTR gives the new location of the
	518	stack. Advance YYPTR to a properly aligned location for the next
	519	stack. */
	520	# define YYSTACK_RELOCATE(Stack_alloc, Stack) \
	521	do \
	522	{ \
	523	YYSIZE_T yynewbytes; \
	524	YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
	525	Stack = &yyptr->Stack_alloc; \
	526	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
	527	yyptr += yynewbytes / sizeof (*yyptr); \
	528	} \
	529	while (YYID (0))
	530
	531	#endif
	532
	533	#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
	534	/* Copy COUNT objects from SRC to DST. The source and destination do
	535	not overlap. */
	536	# ifndef YYCOPY
	537	# if defined __GNUC__ && 1 < __GNUC__
	538	# define YYCOPY(Dst, Src, Count) \
	539	__builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
	540	# else
	541	# define YYCOPY(Dst, Src, Count) \
	542	do \
	543	{ \
	544	YYSIZE_T yyi; \
	545	for (yyi = 0; yyi < (Count); yyi++) \
	546	(Dst)[yyi] = (Src)[yyi]; \
	547	} \
	548	while (YYID (0))
	549	# endif
	550	# endif
	551	#endif /* !YYCOPY_NEEDED */
	552
	553	/* YYFINAL -- State number of the termination state. */
	554	#define YYFINAL 2
	555	/* YYLAST -- Last index in YYTABLE. */
	556	#define YYLAST 174
	557
	558	/* YYNTOKENS -- Number of terminals. */
	559	#define YYNTOKENS 58
	560	/* YYNNTS -- Number of nonterminals. */
	561	#define YYNNTS 37
	562	/* YYNRULES -- Number of rules. */
	563	#define YYNRULES 90
	564	/* YYNRULES -- Number of states. */
	565	#define YYNSTATES 188
	566
	567	/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
	568	#define YYUNDEFTOK 2
	569	#define YYMAXUTOK 312
	570
	571	#define YYTRANSLATE(YYX) \
	572	((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
	573
	574	/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
	575	static const yytype_uint8 yytranslate[] =
	576	{
	577	0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	578	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	579	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	580	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	581	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	582	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	583	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	584	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	585	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	586	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	587	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	588	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	589	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	590	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	591	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	592	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	593	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	594	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	595	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	596	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	597	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	598	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	599	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	600	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	601	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	602	2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
	603	5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
	604	15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
	605	25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
	606	35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
	607	45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
	608	55, 56, 57
	609	};
	610
	611	#if YYDEBUG
	612	/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
	613	YYRHS. */
	614	static const yytype_uint16 yyprhs[] =
	615	{
	616	0, 0, 3, 4, 7, 9, 11, 13, 15, 17,
	617	19, 21, 23, 25, 27, 29, 31, 41, 50, 57,
	618	66, 70, 74, 75, 77, 79, 81, 83, 86, 88,
	619	90, 92, 94, 96, 98, 103, 106, 109, 112, 116,
	620	118, 121, 123, 126, 129, 132, 134, 136, 138, 139,
	621	142, 145, 148, 151, 154, 157, 160, 163, 166, 169,
	622	172, 177, 191, 197, 211, 217, 231, 234, 237, 238,
	623	241, 243, 245, 247, 250, 251, 254, 255, 259, 263,
	624	267, 269, 271, 273, 275, 276, 278, 279, 284, 287,
	625	289
	626	};
	627
	628	/* YYRHS -- A `-1'-separated list of the rules' RHS. */
	629	static const yytype_int8 yyrhs[] =
	630	{
	631	59, 0, -1, -1, 59, 60, -1, 61, -1, 64,
	632	-1, 62, -1, 63, -1, 65, -1, 66, -1, 94,
	633	-1, 78, -1, 79, -1, 80, -1, 81, -1, 82,
	634	-1, 7, 83, 86, 86, 67, 68, 76, 69, 3,
	635	-1, 9, 83, 86, 86, 67, 68, 76, 3, -1,
	636	10, 83, 85, 85, 67, 3, -1, 8, 83, 86,
	637	86, 67, 68, 76, 3, -1, 11, 67, 3, -1,
	638	12, 67, 3, -1, -1, 14, -1, 15, -1, 16,
	639	-1, 17, -1, 17, 85, -1, 18, -1, 43, -1,
	640	45, -1, 70, -1, 71, -1, 72, -1, 21, 73,
	641	20, 74, -1, 21, 73, -1, 20, 74, -1, 23,
	642	38, -1, 23, 38, 24, -1, 34, -1, 33, 75,
	643	-1, 37, -1, 35, 75, -1, 36, 75, -1, 31,
	644	75, -1, 32, -1, 44, -1, 45, -1, -1, 76,
	645	77, -1, 28, 29, -1, 28, 30, -1, 25, 26,
	646	-1, 25, 47, -1, 27, 43, -1, 22, 43, -1,
	647	39, 43, -1, 40, 43, -1, 41, 43, -1, 42,
	648	43, -1, 57, 43, 43, 44, -1, 48, 83, 46,
	649	87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
	650	-1, 48, 56, 44, 92, 3, -1, 49, 83, 46,
	651	87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
	652	-1, 49, 56, 44, 92, 3, -1, 50, 83, 46,
	653	87, 88, 46, 87, 88, 89, 90, 91, 92, 3,
	654	-1, 51, 3, -1, 52, 3, -1, -1, 83, 84,
	655	-1, 55, -1, 46, -1, 46, -1, 46, 88, -1,
	656	-1, 4, 43, -1, -1, 5, 47, 6, -1, 5,
	657	43, 6, -1, 5, 46, 6, -1, 43, -1, 47,
	658	-1, 18, -1, 46, -1, -1, 46, -1, -1, 57,
	659	43, 43, 44, -1, 53, 93, -1, 54, -1, 13,
	660	3, -1
	661	};
	662
	663	/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
	664	static const yytype_uint16 yyrline[] =
	665	{
	666	0, 151, 151, 153, 161, 162, 163, 164, 165, 166,
	667	167, 168, 169, 170, 171, 172, 178, 190, 209, 237,
	668	252, 262, 272, 275, 283, 291, 295, 302, 309, 318,
	669	319, 340, 341, 342, 346, 347, 351, 355, 363, 375,
	670	390, 405, 421, 442, 466, 491, 504, 508, 537, 539,
	671	543, 544, 545, 546, 547, 548, 557, 558, 559, 560,
	672	561, 573, 606, 619, 652, 664, 696, 707, 716, 718,
	673	722, 747, 758, 766, 777, 778, 783, 791, 800, 811,
	674	818, 819, 820, 823, 846, 850, 861, 863, 872, 896,
	675	901
	676	};
	677	#endif
	678
	679	#if YYDEBUG \|\| YYERROR_VERBOSE \|\| 0
	680	/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
	681	First, the terminals, then, starting at YYNTOKENS, nonterminals. */
	682	static const char *const yytname[] =
	683	{
	684	"$end", "error", "$undefined", "EOT", "SLASH", "BLCL", "ELCL", "ADD",
	685	"GET", "DELETE", "DELETEALL", "FLUSH", "DUMP", "EXIT", "PR_ESP", "PR_AH",
	686	"PR_IPCOMP", "PR_ESPUDP", "PR_TCP", "F_PROTOCOL", "F_AUTH", "F_ENC",
	687	"F_REPLAY", "F_COMP", "F_RAWCPI", "F_MODE", "MODE", "F_REQID", "F_EXT",
	688	"EXTENSION", "NOCYCLICSEQ", "ALG_AUTH", "ALG_AUTH_NOKEY", "ALG_ENC",
	689	"ALG_ENC_NOKEY", "ALG_ENC_DESDERIV", "ALG_ENC_DES32IV", "ALG_ENC_OLD",
	690	"ALG_COMP", "F_LIFETIME_HARD", "F_LIFETIME_SOFT", "F_LIFEBYTE_HARD",
	691	"F_LIFEBYTE_SOFT", "DECSTRING", "QUOTEDSTRING", "HEXSTRING", "STRING",
	692	"ANY", "SPDADD", "SPDUPDATE", "SPDDELETE", "SPDDUMP", "SPDFLUSH",
	693	"F_POLICY", "PL_REQUESTS", "F_AIFLAGS", "TAGGED", "SECURITY_CTX",
	694	"$accept", "commands", "command", "add_command", "delete_command",
	695	"deleteall_command", "get_command", "flush_command", "dump_command",
	696	"protocol_spec", "spi", "algorithm_spec", "esp_spec", "ah_spec",
	697	"ipcomp_spec", "enc_alg", "auth_alg", "key_string", "extension_spec",
	698	"extension", "spdadd_command", "spdupdate_command", "spddelete_command",
	699	"spddump_command", "spdflush_command", "ipaddropts", "ipaddropt",
	700	"ipaddr", "ipandport", "prefix", "portstr", "upper_spec",
	701	"upper_misc_spec", "context_spec", "policy_spec", "policy_requests",
	702	"exit_command", YY_NULL
	703	};
	704	#endif
	705
	706	# ifdef YYPRINT
	707	/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
	708	token YYLEX-NUM. */
	709	static const yytype_uint16 yytoknum[] =
	710	{
	711	0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
	712	265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
	713	275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
	714	285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
	715	295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
	716	305, 306, 307, 308, 309, 310, 311, 312
	717	};
	718	# endif
	719
	720	/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
	721	static const yytype_uint8 yyr1[] =
	722	{
	723	0, 58, 59, 59, 60, 60, 60, 60, 60, 60,
	724	60, 60, 60, 60, 60, 60, 61, 62, 63, 64,
	725	65, 66, 67, 67, 67, 67, 67, 67, 67, 68,
	726	68, 69, 69, 69, 70, 70, 71, 72, 72, 73,
	727	73, 73, 73, 73, 74, 74, 75, 75, 76, 76,
	728	77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
	729	77, 78, 78, 79, 79, 80, 81, 82, 83, 83,
	730	84, 85, 86, 86, 87, 87, 88, 88, 88, 88,
	731	89, 89, 89, 89, 90, 90, 91, 91, 92, 93,
	732	94
	733	};
	734
	735	/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
	736	static const yytype_uint8 yyr2[] =
	737	{
	738	0, 2, 0, 2, 1, 1, 1, 1, 1, 1,
	739	1, 1, 1, 1, 1, 1, 9, 8, 6, 8,
	740	3, 3, 0, 1, 1, 1, 1, 2, 1, 1,
	741	1, 1, 1, 1, 4, 2, 2, 2, 3, 1,
	742	2, 1, 2, 2, 2, 1, 1, 1, 0, 2,
	743	2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
	744	4, 13, 5, 13, 5, 13, 2, 2, 0, 2,
	745	1, 1, 1, 2, 0, 2, 0, 3, 3, 3,
	746	1, 1, 1, 1, 0, 1, 0, 4, 2, 1,
	747	2
	748	};
	749
	750	/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM.
	751	Performed when YYTABLE doesn't specify something else to do. Zero
	752	means the default is an error. */
	753	static const yytype_uint8 yydefact[] =
	754	{
	755	2, 0, 1, 68, 68, 68, 68, 22, 22, 0,
	756	68, 68, 68, 0, 0, 3, 4, 6, 7, 5,
	757	8, 9, 11, 12, 13, 14, 15, 10, 0, 0,
	758	0, 0, 23, 24, 25, 26, 28, 0, 0, 90,
	759	0, 0, 0, 0, 0, 66, 67, 72, 70, 69,
	760	0, 0, 0, 71, 0, 27, 20, 21, 0, 74,
	761	0, 74, 74, 0, 73, 22, 22, 22, 22, 0,
	762	0, 0, 76, 0, 76, 76, 0, 0, 0, 0,
	763	0, 0, 0, 89, 88, 62, 75, 0, 64, 0,
	764	0, 78, 79, 77, 29, 30, 48, 48, 48, 18,
	765	74, 74, 74, 0, 0, 0, 76, 76, 76, 0,
	766	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	767	0, 0, 31, 32, 33, 49, 19, 17, 0, 0,
	768	0, 0, 45, 36, 0, 39, 0, 0, 41, 35,
	769	55, 37, 52, 53, 54, 50, 51, 56, 57, 58,
	770	59, 0, 16, 82, 80, 83, 81, 84, 84, 84,
	771	46, 47, 44, 40, 42, 43, 0, 38, 0, 85,
	772	86, 86, 86, 34, 60, 0, 0, 0, 0, 0,
	773	0, 0, 0, 0, 61, 63, 65, 87
	774	};
	775
	776	/* YYDEFGOTO[NTERM-NUM]. */
	777	static const yytype_int16 yydefgoto[] =
	778	{
	779	-1, 1, 15, 16, 17, 18, 19, 20, 21, 37,
	780	96, 121, 122, 123, 124, 139, 133, 162, 103, 125,
	781	22, 23, 24, 25, 26, 28, 49, 54, 50, 72,
	782	64, 157, 170, 176, 70, 84, 27
	783	};
	784
	785	/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
	786	STATE-NUM. */
	787	#define YYPACT_NINF -61
	788	static const yytype_int16 yypact[] =
	789	{
	790	-61, 3, -61, -61, -61, -61, -61, 96, 96, 17,
	791	-12, 1, -61, 78, 106, -61, -61, -61, -61, -61,
	792	-61, -61, -61, -61, -61, -61, -61, -61, -38, -38,
	793	-38, 29, -61, -61, -61, 69, -61, 122, 130, -61,
	794	92, 31, 93, 39, 49, -61, -61, 133, -61, -61,
	795	94, 94, 94, -61, 69, -61, -61, -61, 88, 135,
	796	88, 135, 135, -24, -61, 96, 96, 96, 96, 89,
	797	139, 101, 133, 142, 133, 133, 140, 141, 143, 81,
	798	81, 81, 145, -61, -61, -61, -61, 104, -61, 105,
	799	107, -61, -61, -61, -61, -61, -61, -61, -61, -61,
	800	135, 135, 135, 51, -1, 6, 133, 133, 133, -26,
	801	86, 109, 116, -22, 112, 13, 113, 114, 115, 117,
	802	118, 156, -61, -61, -61, -61, -61, -61, -11, -11,
	803	-11, 5, -61, -61, 5, -61, 5, 5, -61, 144,
	804	-61, 138, -61, -61, -61, -61, -61, -61, -61, -61,
	805	-61, 120, -61, -61, -61, -61, -61, 119, 119, 119,
	806	-61, -61, -61, -61, -61, -61, -26, -61, 123, -61,
	807	111, 111, 111, -61, -61, 126, 88, 88, 88, 127,
	808	163, 168, 169, 129, -61, -61, -61, -61
	809	};
	810
	811	/* YYPGOTO[NTERM-NUM]. */
	812	static const yytype_int8 yypgoto[] =
	813	{
	814	-61, -61, -61, -61, -61, -61, -61, -61, -61, -7,
	815	22, -61, -61, -61, -61, -61, 8, -54, 30, -61,
	816	-61, -61, -61, -61, -61, 95, -61, -17, 37, -32,
	817	-10, 0, -27, -37, -60, -61, -61
	818	};
	819
	820	/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
	821	positive, shift that token. If negative, reduce the rule which
	822	number is the opposite. If YYTABLE_NINF, syntax error. */
	823	#define YYTABLE_NINF -1
	824	static const yytype_uint8 yytable[] =
	825	{
	826	73, 38, 126, 2, 142, 131, 132, 153, 47, 127,
	827	3, 4, 5, 6, 7, 8, 9, 48, 55, 76,
	828	39, 111, 77, 78, 113, 143, 114, 115, 111, 74,
	829	75, 113, 154, 114, 115, 155, 156, 68, 116, 117,
	830	118, 119, 145, 146, 40, 116, 117, 118, 119, 160,
	831	161, 10, 11, 12, 13, 14, 120, 42, 79, 80,
	832	81, 82, 87, 120, 89, 90, 51, 52, 106, 107,
	833	108, 109, 110, 111, 112, 53, 113, 59, 114, 115,
	834	163, 45, 164, 165, 48, 61, 48, 65, 66, 67,
	835	116, 117, 118, 119, 48, 62, 128, 129, 130, 29,
	836	30, 31, 97, 98, 48, 41, 43, 44, 120, 46,
	837	32, 33, 34, 35, 36, 53, 180, 181, 182, 134,
	838	135, 136, 137, 138, 94, 56, 95, 104, 105, 158,
	839	159, 171, 172, 57, 177, 178, 58, 60, 63, 71,
	840	47, 69, 85, 83, 86, 88, 91, 92, 99, 93,
	841	100, 101, 140, 102, 141, 144, 147, 148, 149, 152,
	842	150, 151, 167, 168, 166, 169, 184, 174, 175, 179,
	843	183, 185, 186, 187, 173
	844	};
	845
	846	#define yypact_value_is_default(yystate) \
	847	((yystate) == (-61))
	848
	849	#define yytable_value_is_error(yytable_value) \
	850	YYID (0)
	851
	852	static const yytype_uint8 yycheck[] =
	853	{
	854	60, 8, 3, 0, 26, 31, 32, 18, 46, 3,
	855	7, 8, 9, 10, 11, 12, 13, 55, 35, 43,
	856	3, 22, 46, 47, 25, 47, 27, 28, 22, 61,
	857	62, 25, 43, 27, 28, 46, 47, 54, 39, 40,
	858	41, 42, 29, 30, 56, 39, 40, 41, 42, 44,
	859	45, 48, 49, 50, 51, 52, 57, 56, 65, 66,
	860	67, 68, 72, 57, 74, 75, 29, 30, 100, 101,
	861	102, 20, 21, 22, 23, 46, 25, 46, 27, 28,
	862	134, 3, 136, 137, 55, 46, 55, 50, 51, 52,
	863	39, 40, 41, 42, 55, 46, 106, 107, 108, 4,
	864	5, 6, 80, 81, 55, 10, 11, 12, 57, 3,
	865	14, 15, 16, 17, 18, 46, 176, 177, 178, 33,
	866	34, 35, 36, 37, 43, 3, 45, 97, 98, 129,
	867	130, 158, 159, 3, 171, 172, 44, 44, 5, 4,
	868	46, 53, 3, 54, 43, 3, 6, 6, 3, 6,
	869	46, 46, 43, 46, 38, 43, 43, 43, 43, 3,
	870	43, 43, 24, 43, 20, 46, 3, 44, 57, 43,
	871	43, 3, 3, 44, 166
	872	};
	873
	874	/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
	875	symbol of state STATE-NUM. */
	876	static const yytype_uint8 yystos[] =
	877	{
	878	0, 59, 0, 7, 8, 9, 10, 11, 12, 13,
	879	48, 49, 50, 51, 52, 60, 61, 62, 63, 64,
	880	65, 66, 78, 79, 80, 81, 82, 94, 83, 83,
	881	83, 83, 14, 15, 16, 17, 18, 67, 67, 3,
	882	56, 83, 56, 83, 83, 3, 3, 46, 55, 84,
	883	86, 86, 86, 46, 85, 85, 3, 3, 44, 46,
	884	44, 46, 46, 5, 88, 86, 86, 86, 85, 53,
	885	92, 4, 87, 92, 87, 87, 43, 46, 47, 67,
	886	67, 67, 67, 54, 93, 3, 43, 88, 3, 88,
	887	88, 6, 6, 6, 43, 45, 68, 68, 68, 3,
	888	46, 46, 46, 76, 76, 76, 87, 87, 87, 20,
	889	21, 22, 23, 25, 27, 28, 39, 40, 41, 42,
	890	57, 69, 70, 71, 72, 77, 3, 3, 88, 88,
	891	88, 31, 32, 74, 33, 34, 35, 36, 37, 73,
	892	43, 38, 26, 47, 43, 29, 30, 43, 43, 43,
	893	43, 43, 3, 18, 43, 46, 47, 89, 89, 89,
	894	44, 45, 75, 75, 75, 75, 20, 24, 43, 46,
	895	90, 90, 90, 74, 44, 57, 91, 91, 91, 43,
	896	92, 92, 92, 43, 3, 3, 3, 44
	897	};
	898
	899	#define yyerrok (yyerrstatus = 0)
	900	#define yyclearin (yychar = YYEMPTY)
	901	#define YYEMPTY (-2)
	902	#define YYEOF 0
	903
	904	#define YYACCEPT goto yyacceptlab
	905	#define YYABORT goto yyabortlab
	906	#define YYERROR goto yyerrorlab
	907
	908
	909	/* Like YYERROR except do call yyerror. This remains here temporarily
	910	to ease the transition to the new meaning of YYERROR, for GCC.
	911	Once GCC version 2 has supplanted version 1, this can go. However,
	912	YYFAIL appears to be in use. Nevertheless, it is formally deprecated
	913	in Bison 2.4.2's NEWS entry, where a plan to phase it out is
	914	discussed. */
	915
	916	#define YYFAIL goto yyerrlab
	917	#if defined YYFAIL
	918	/* This is here to suppress warnings from the GCC cpp's
	919	-Wunused-macros. Normally we don't worry about that warning, but
	920	some users do, and we want to make it easy for users to remove
	921	YYFAIL uses, which will produce warnings from Bison 2.5. */
	922	#endif
	923
	924	#define YYRECOVERING() (!!yyerrstatus)
	925
	926	#define YYBACKUP(Token, Value) \
	927	do \
	928	if (yychar == YYEMPTY) \
	929	{ \
	930	yychar = (Token); \
	931	yylval = (Value); \
	932	YYPOPSTACK (yylen); \
	933	yystate = *yyssp; \
	934	goto yybackup; \
	935	} \
	936	else \
	937	{ \
	938	yyerror (YY_("syntax error: cannot back up")); \
	939	YYERROR; \
	940	} \
	941	while (YYID (0))
	942
	943
	944	#define YYTERROR 1
	945	#define YYERRCODE 256
	946
	947	/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
	948	If N is 0, then set CURRENT to the empty location which ends
	949	the previous symbol: RHS[0] (always defined). */
	950
	951	#ifndef YYLLOC_DEFAULT
	952	# define YYLLOC_DEFAULT(Current, Rhs, N) \
	953	do \
	954	if (YYID (N)) \
	955	{ \
	956	(Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
	957	(Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
	958	(Current).last_line = YYRHSLOC (Rhs, N).last_line; \
	959	(Current).last_column = YYRHSLOC (Rhs, N).last_column; \
	960	} \
	961	else \
	962	{ \
	963	(Current).first_line = (Current).last_line = \
	964	YYRHSLOC (Rhs, 0).last_line; \
	965	(Current).first_column = (Current).last_column = \
	966	YYRHSLOC (Rhs, 0).last_column; \
	967	} \
	968	while (YYID (0))
	969	#endif
	970
	971	#define YYRHSLOC(Rhs, K) ((Rhs)[K])
	972
	973
	974
	975	/* This macro is provided for backward compatibility. */
	976
	977	#ifndef YY_LOCATION_PRINT
	978	# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
	979	#endif
	980
	981
	982	/* YYLEX -- calling `yylex' with the right arguments. */
	983
	984	#ifdef YYLEX_PARAM
	985	# define YYLEX yylex (YYLEX_PARAM)
	986	#else
	987	# define YYLEX yylex ()
	988	#endif
	989
	990	/* Enable debugging if requested. */
	991	#if YYDEBUG
	992
	993	# ifndef YYFPRINTF
	994	# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
	995	# define YYFPRINTF fprintf
	996	# endif
	997
	998	# define YYDPRINTF(Args) \
	999	do { \
	1000	if (yydebug) \
	1001	YYFPRINTF Args; \
	1002	} while (YYID (0))
	1003
	1004	# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
	1005	do { \
	1006	if (yydebug) \
	1007	{ \
	1008	YYFPRINTF (stderr, "%s ", Title); \
	1009	yy_symbol_print (stderr, \
	1010	Type, Value); \
	1011	YYFPRINTF (stderr, "\n"); \
	1012	} \
	1013	} while (YYID (0))
	1014
	1015
	1016	/*--------------------------------.
	1017	\| Print this symbol on YYOUTPUT. \|
	1018	`--------------------------------*/
	1019
	1020	/ARGSUSED/
	1021	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1022	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1023	static void
	1024	yy_symbol_value_print (FILE yyoutput, int yytype, YYSTYPE const const yyvaluep)
	1025	#else
	1026	static void
	1027	yy_symbol_value_print (yyoutput, yytype, yyvaluep)
	1028	FILE *yyoutput;
	1029	int yytype;
	1030	YYSTYPE const * const yyvaluep;
	1031	#endif
	1032	{
	1033	FILE *yyo = yyoutput;
	1034	YYUSE (yyo);
	1035	if (!yyvaluep)
	1036	return;
	1037	# ifdef YYPRINT
	1038	if (yytype < YYNTOKENS)
	1039	YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
	1040	# else
	1041	YYUSE (yyoutput);
	1042	# endif
	1043	switch (yytype)
	1044	{
	1045	default:
	1046	break;
	1047	}
	1048	}
	1049
	1050
	1051	/*--------------------------------.
	1052	\| Print this symbol on YYOUTPUT. \|
	1053	`--------------------------------*/
	1054
	1055	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1056	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1057	static void
	1058	yy_symbol_print (FILE yyoutput, int yytype, YYSTYPE const const yyvaluep)
	1059	#else
	1060	static void
	1061	yy_symbol_print (yyoutput, yytype, yyvaluep)
	1062	FILE *yyoutput;
	1063	int yytype;
	1064	YYSTYPE const * const yyvaluep;
	1065	#endif
	1066	{
	1067	if (yytype < YYNTOKENS)
	1068	YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
	1069	else
	1070	YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
	1071
	1072	yy_symbol_value_print (yyoutput, yytype, yyvaluep);
	1073	YYFPRINTF (yyoutput, ")");
	1074	}
	1075
	1076	/*------------------------------------------------------------------.
	1077	\| yy_stack_print -- Print the state stack from its BOTTOM up to its \|
	1078	\| TOP (included). \|
	1079	`------------------------------------------------------------------*/
	1080
	1081	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1082	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1083	static void
	1084	yy_stack_print (yytype_int16 yybottom, yytype_int16 yytop)
	1085	#else
	1086	static void
	1087	yy_stack_print (yybottom, yytop)
	1088	yytype_int16 *yybottom;
	1089	yytype_int16 *yytop;
	1090	#endif
	1091	{
	1092	YYFPRINTF (stderr, "Stack now");
	1093	for (; yybottom <= yytop; yybottom++)
	1094	{
	1095	int yybot = *yybottom;
	1096	YYFPRINTF (stderr, " %d", yybot);
	1097	}
	1098	YYFPRINTF (stderr, "\n");
	1099	}
	1100
	1101	# define YY_STACK_PRINT(Bottom, Top) \
	1102	do { \
	1103	if (yydebug) \
	1104	yy_stack_print ((Bottom), (Top)); \
	1105	} while (YYID (0))
	1106
	1107
	1108	/*------------------------------------------------.
	1109	\| Report that the YYRULE is going to be reduced. \|
	1110	`------------------------------------------------*/
	1111
	1112	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1113	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1114	static void
	1115	yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
	1116	#else
	1117	static void
	1118	yy_reduce_print (yyvsp, yyrule)
	1119	YYSTYPE *yyvsp;
	1120	int yyrule;
	1121	#endif
	1122	{
	1123	int yynrhs = yyr2[yyrule];
	1124	int yyi;
	1125	unsigned long int yylno = yyrline[yyrule];
	1126	YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
	1127	yyrule - 1, yylno);
	1128	/* The symbols being reduced. */
	1129	for (yyi = 0; yyi < yynrhs; yyi++)
	1130	{
	1131	YYFPRINTF (stderr, " $%d = ", yyi + 1);
	1132	yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
	1133	&(yyvsp[(yyi + 1) - (yynrhs)])
	1134	);
	1135	YYFPRINTF (stderr, "\n");
	1136	}
	1137	}
	1138
	1139	# define YY_REDUCE_PRINT(Rule) \
	1140	do { \
	1141	if (yydebug) \
	1142	yy_reduce_print (yyvsp, Rule); \
	1143	} while (YYID (0))
	1144
	1145	/* Nonzero means print parse trace. It is left uninitialized so that
	1146	multiple parsers can coexist. */
	1147	int yydebug;
	1148	#else /* !YYDEBUG */
	1149	# define YYDPRINTF(Args)
	1150	# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
	1151	# define YY_STACK_PRINT(Bottom, Top)
	1152	# define YY_REDUCE_PRINT(Rule)
	1153	#endif /* !YYDEBUG */
	1154
	1155
	1156	/* YYINITDEPTH -- initial size of the parser's stacks. */
	1157	#ifndef YYINITDEPTH
	1158	# define YYINITDEPTH 200
	1159	#endif
	1160
	1161	/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
	1162	if the built-in stack extension method is used).
	1163
	1164	Do not make this value too large; the results are undefined if
	1165	YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
	1166	evaluated with infinite-precision integer arithmetic. */
	1167
	1168	#ifndef YYMAXDEPTH
	1169	# define YYMAXDEPTH 10000
	1170	#endif
	1171
	1172
	1173	#if YYERROR_VERBOSE
	1174
	1175	# ifndef yystrlen
	1176	# if defined __GLIBC__ && defined _STRING_H
	1177	# define yystrlen strlen
	1178	# else
	1179	/* Return the length of YYSTR. */
	1180	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1181	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1182	static YYSIZE_T
	1183	yystrlen (const char *yystr)
	1184	#else
	1185	static YYSIZE_T
	1186	yystrlen (yystr)
	1187	const char *yystr;
	1188	#endif
	1189	{
	1190	YYSIZE_T yylen;
	1191	for (yylen = 0; yystr[yylen]; yylen++)
	1192	continue;
	1193	return yylen;
	1194	}
	1195	# endif
	1196	# endif
	1197
	1198	# ifndef yystpcpy
	1199	# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
	1200	# define yystpcpy stpcpy
	1201	# else
	1202	/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
	1203	YYDEST. */
	1204	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1205	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1206	static char *
	1207	yystpcpy (char yydest, const char yysrc)
	1208	#else
	1209	static char *
	1210	yystpcpy (yydest, yysrc)
	1211	char *yydest;
	1212	const char *yysrc;
	1213	#endif
	1214	{
	1215	char *yyd = yydest;
	1216	const char *yys = yysrc;
	1217
	1218	while ((yyd++ = yys++) != '\0')
	1219	continue;
	1220
	1221	return yyd - 1;
	1222	}
	1223	# endif
	1224	# endif
	1225
	1226	# ifndef yytnamerr
	1227	/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
	1228	quotes and backslashes, so that it's suitable for yyerror. The
	1229	heuristic is that double-quoting is unnecessary unless the string
	1230	contains an apostrophe, a comma, or backslash (other than
	1231	backslash-backslash). YYSTR is taken from yytname. If YYRES is
	1232	null, do not copy; instead, return the length of what the result
	1233	would have been. */
	1234	static YYSIZE_T
	1235	yytnamerr (char yyres, const char yystr)
	1236	{
	1237	if (*yystr == '"')
	1238	{
	1239	YYSIZE_T yyn = 0;
	1240	char const *yyp = yystr;
	1241
	1242	for (;;)
	1243	switch (*++yyp)
	1244	{
	1245	case '\'':
	1246	case ',':
	1247	goto do_not_strip_quotes;
	1248
	1249	case '\\':
	1250	if (*++yyp != '\\')
	1251	goto do_not_strip_quotes;
	1252	/* Fall through. */
	1253	default:
	1254	if (yyres)
	1255	yyres[yyn] = *yyp;
	1256	yyn++;
	1257	break;
	1258
	1259	case '"':
	1260	if (yyres)
	1261	yyres[yyn] = '\0';
	1262	return yyn;
	1263	}
	1264	do_not_strip_quotes: ;
	1265	}
	1266
	1267	if (! yyres)
	1268	return yystrlen (yystr);
	1269
	1270	return yystpcpy (yyres, yystr) - yyres;
	1271	}
	1272	# endif
	1273
	1274	/* Copy into YYMSG, which is of size YYMSG_ALLOC, an error message
	1275	about the unexpected token YYTOKEN for the state stack whose top is
	1276	YYSSP.
	1277
	1278	Return 0 if YYMSG was successfully written. Return 1 if YYMSG is
	1279	not large enough to hold the message. In that case, also set
	1280	*YYMSG_ALLOC to the required number of bytes. Return 2 if the
	1281	required number of bytes is too large to store. */
	1282	static int
	1283	yysyntax_error (YYSIZE_T yymsg_alloc, char *yymsg,
	1284	yytype_int16 *yyssp, int yytoken)
	1285	{
	1286	YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
	1287	YYSIZE_T yysize = yysize0;
	1288	YYSIZE_T yysize1;
	1289	enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
	1290	/* Internationalized format string. */
	1291	const char *yyformat = YY_NULL;
	1292	/* Arguments of yyformat. */
	1293	char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
	1294	/* Number of reported tokens (one for the "unexpected", one per
	1295	"expected"). */
	1296	int yycount = 0;
	1297
	1298	/* There are many possibilities here to consider:
	1299	- Assume YYFAIL is not used. It's too flawed to consider. See
	1300	<http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html>
	1301	for details. YYERROR is fine as it does not invoke this
	1302	function.
	1303	- If this state is a consistent state with a default action, then
	1304	the only way this function was invoked is if the default action
	1305	is an error action. In that case, don't check for expected
	1306	tokens because there are none.
	1307	- The only way there can be no lookahead present (in yychar) is if
	1308	this state is a consistent state with a default action. Thus,
	1309	detecting the absence of a lookahead is sufficient to determine
	1310	that there is no unexpected or expected token to report. In that
	1311	case, just report a simple "syntax error".
	1312	- Don't assume there isn't a lookahead just because this state is a
	1313	consistent state with a default action. There might have been a
	1314	previous inconsistent state, consistent state with a non-default
	1315	action, or user semantic action that manipulated yychar.
	1316	- Of course, the expected token list depends on states to have
	1317	correct lookahead information, and it depends on the parser not
	1318	to perform extra reductions after fetching a lookahead from the
	1319	scanner and before detecting a syntax error. Thus, state merging
	1320	(from LALR or IELR) and default reductions corrupt the expected
	1321	token list. However, the list is correct for canonical LR with
	1322	one exception: it will still contain any token that will not be
	1323	accepted due to an error action in a later state.
	1324	*/
	1325	if (yytoken != YYEMPTY)
	1326	{
	1327	int yyn = yypact[*yyssp];
	1328	yyarg[yycount++] = yytname[yytoken];
	1329	if (!yypact_value_is_default (yyn))
	1330	{
	1331	/* Start YYX at -YYN if negative to avoid negative indexes in
	1332	YYCHECK. In other words, skip the first -YYN actions for
	1333	this state because they are default actions. */
	1334	int yyxbegin = yyn < 0 ? -yyn : 0;
	1335	/* Stay within bounds of both yycheck and yytname. */
	1336	int yychecklim = YYLAST - yyn + 1;
	1337	int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
	1338	int yyx;
	1339
	1340	for (yyx = yyxbegin; yyx < yyxend; ++yyx)
	1341	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR
	1342	&& !yytable_value_is_error (yytable[yyx + yyn]))
	1343	{
	1344	if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
	1345	{
	1346	yycount = 1;
	1347	yysize = yysize0;
	1348	break;
	1349	}
	1350	yyarg[yycount++] = yytname[yyx];
	1351	yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
	1352	if (! (yysize <= yysize1
	1353	&& yysize1 <= YYSTACK_ALLOC_MAXIMUM))
	1354	return 2;
	1355	yysize = yysize1;
	1356	}
	1357	}
	1358	}
	1359
	1360	switch (yycount)
	1361	{
	1362	# define YYCASE_(N, S) \
	1363	case N: \
	1364	yyformat = S; \
	1365	break
	1366	YYCASE_(0, YY_("syntax error"));
	1367	YYCASE_(1, YY_("syntax error, unexpected %s"));
	1368	YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s"));
	1369	YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s"));
	1370	YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s"));
	1371	YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"));
	1372	# undef YYCASE_
	1373	}
	1374
	1375	yysize1 = yysize + yystrlen (yyformat);
	1376	if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
	1377	return 2;
	1378	yysize = yysize1;
	1379
	1380	if (*yymsg_alloc < yysize)
	1381	{
	1382	yymsg_alloc = 2 yysize;
	1383	if (! (yysize <= *yymsg_alloc
	1384	&& *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
	1385	*yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
	1386	return 1;
	1387	}
	1388
	1389	/* Avoid sprintf, as that infringes on the user's name space.
	1390	Don't have undefined behavior even if the translation
	1391	produced a string with the wrong number of "%s"s. */
	1392	{
	1393	char yyp = yymsg;
	1394	int yyi = 0;
	1395	while ((yyp = yyformat) != '\0')
	1396	if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount)
	1397	{
	1398	yyp += yytnamerr (yyp, yyarg[yyi++]);
	1399	yyformat += 2;
	1400	}
	1401	else
	1402	{
	1403	yyp++;
	1404	yyformat++;
	1405	}
	1406	}
	1407	return 0;
	1408	}
	1409	#endif /* YYERROR_VERBOSE */
	1410
	1411	/*-----------------------------------------------.
	1412	\| Release the memory associated to this symbol. \|
	1413	`-----------------------------------------------*/
	1414
	1415	/ARGSUSED/
	1416	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1417	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1418	static void
	1419	yydestruct (const char yymsg, int yytype, YYSTYPE yyvaluep)
	1420	#else
	1421	static void
	1422	yydestruct (yymsg, yytype, yyvaluep)
	1423	const char *yymsg;
	1424	int yytype;
	1425	YYSTYPE *yyvaluep;
	1426	#endif
	1427	{
	1428	YYUSE (yyvaluep);
	1429
	1430	if (!yymsg)
	1431	yymsg = "Deleting";
	1432	YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
	1433
	1434	switch (yytype)
	1435	{
	1436
	1437	default:
	1438	break;
	1439	}
	1440	}
	1441
	1442
	1443
	1444
	1445	/* The lookahead symbol. */
	1446	int yychar;
	1447
	1448	/* The semantic value of the lookahead symbol. */
	1449	YYSTYPE yylval;
	1450
	1451	/* Number of syntax errors so far. */
	1452	int yynerrs;
	1453
	1454
	1455	/*----------.
	1456	\| yyparse. \|
	1457	`----------*/
	1458
	1459	#ifdef YYPARSE_PARAM
	1460	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1461	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1462	int
	1463	yyparse (void *YYPARSE_PARAM)
	1464	#else
	1465	int
	1466	yyparse (YYPARSE_PARAM)
	1467	void *YYPARSE_PARAM;
	1468	#endif
	1469	#else /* ! YYPARSE_PARAM */
	1470	#if (defined __STDC__ \|\| defined __C99__FUNC__ \
	1471	\|\| defined __cplusplus \|\| defined _MSC_VER)
	1472	int
	1473	yyparse (void)
	1474	#else
	1475	int
	1476	yyparse ()
	1477
	1478	#endif
	1479	#endif
	1480	{
	1481	int yystate;
	1482	/* Number of tokens to shift before error messages enabled. */
	1483	int yyerrstatus;
	1484
	1485	/* The stacks and their tools:
	1486	`yyss': related to states.
	1487	`yyvs': related to semantic values.
	1488
	1489	Refer to the stacks through separate pointers, to allow yyoverflow
	1490	to reallocate them elsewhere. */
	1491
	1492	/* The state stack. */
	1493	yytype_int16 yyssa[YYINITDEPTH];
	1494	yytype_int16 *yyss;
	1495	yytype_int16 *yyssp;
	1496
	1497	/* The semantic value stack. */
	1498	YYSTYPE yyvsa[YYINITDEPTH];
	1499	YYSTYPE *yyvs;
	1500	YYSTYPE *yyvsp;
	1501
	1502	YYSIZE_T yystacksize;
	1503
	1504	int yyn;
	1505	int yyresult;
	1506	/* Lookahead token as an internal (translated) token number. */
	1507	int yytoken;
	1508	/* The variables used to return semantic value and location from the
	1509	action routines. */
	1510	YYSTYPE yyval;
	1511
	1512	#if YYERROR_VERBOSE
	1513	/* Buffer for error messages, and its allocated size. */
	1514	char yymsgbuf[128];
	1515	char *yymsg = yymsgbuf;
	1516	YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
	1517	#endif
	1518
	1519	#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
	1520
	1521	/* The number of symbols on the RHS of the reduced rule.
	1522	Keep to zero when no symbol should be popped. */
	1523	int yylen = 0;
	1524
	1525	yytoken = 0;
	1526	yyss = yyssa;
	1527	yyvs = yyvsa;
	1528	yystacksize = YYINITDEPTH;
	1529
	1530	YYDPRINTF ((stderr, "Starting parse\n"));
	1531
	1532	yystate = 0;
	1533	yyerrstatus = 0;
	1534	yynerrs = 0;
	1535	yychar = YYEMPTY; /* Cause a token to be read. */
	1536
	1537	/* Initialize stack pointers.
	1538	Waste one element of value and location stack
	1539	so that they stay on the same level as the state stack.
	1540	The wasted elements are never initialized. */
	1541	yyssp = yyss;
	1542	yyvsp = yyvs;
	1543	goto yysetstate;
	1544
	1545	/*------------------------------------------------------------.
	1546	\| yynewstate -- Push a new state, which is found in yystate. \|
	1547	`------------------------------------------------------------*/
	1548	yynewstate:
	1549	/* In all cases, when you get here, the value and location stacks
	1550	have just been pushed. So pushing a state here evens the stacks. */
	1551	yyssp++;
	1552
	1553	yysetstate:
	1554	*yyssp = yystate;
	1555
	1556	if (yyss + yystacksize - 1 <= yyssp)
	1557	{
	1558	/* Get the current used size of the three stacks, in elements. */
	1559	YYSIZE_T yysize = yyssp - yyss + 1;
	1560
	1561	#ifdef yyoverflow
	1562	{
	1563	/* Give user a chance to reallocate the stack. Use copies of
	1564	these so that the &'s don't force the real ones into
	1565	memory. */
	1566	YYSTYPE *yyvs1 = yyvs;
	1567	yytype_int16 *yyss1 = yyss;
	1568
	1569	/* Each stack pointer address is followed by the size of the
	1570	data in use in that stack, in bytes. This used to be a
	1571	conditional around just the two extra args, but that might
	1572	be undefined if yyoverflow is a macro. */
	1573	yyoverflow (YY_("memory exhausted"),
	1574	&yyss1, yysize * sizeof (*yyssp),
	1575	&yyvs1, yysize * sizeof (*yyvsp),
	1576	&yystacksize);
	1577
	1578	yyss = yyss1;
	1579	yyvs = yyvs1;
	1580	}
	1581	#else /* no yyoverflow */
	1582	# ifndef YYSTACK_RELOCATE
	1583	goto yyexhaustedlab;
	1584	# else
	1585	/* Extend the stack our own way. */
	1586	if (YYMAXDEPTH <= yystacksize)
	1587	goto yyexhaustedlab;
	1588	yystacksize *= 2;
	1589	if (YYMAXDEPTH < yystacksize)
	1590	yystacksize = YYMAXDEPTH;
	1591
	1592	{
	1593	yytype_int16 *yyss1 = yyss;
	1594	union yyalloc *yyptr =
	1595	(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
	1596	if (! yyptr)
	1597	goto yyexhaustedlab;
	1598	YYSTACK_RELOCATE (yyss_alloc, yyss);
	1599	YYSTACK_RELOCATE (yyvs_alloc, yyvs);
	1600	# undef YYSTACK_RELOCATE
	1601	if (yyss1 != yyssa)
	1602	YYSTACK_FREE (yyss1);
	1603	}
	1604	# endif
	1605	#endif /* no yyoverflow */
	1606
	1607	yyssp = yyss + yysize - 1;
	1608	yyvsp = yyvs + yysize - 1;
	1609
	1610	YYDPRINTF ((stderr, "Stack size increased to %lu\n",
	1611	(unsigned long int) yystacksize));
	1612
	1613	if (yyss + yystacksize - 1 <= yyssp)
	1614	YYABORT;
	1615	}
	1616
	1617	YYDPRINTF ((stderr, "Entering state %d\n", yystate));
	1618
	1619	if (yystate == YYFINAL)
	1620	YYACCEPT;
	1621
	1622	goto yybackup;
	1623
	1624	/*-----------.
	1625	\| yybackup. \|
	1626	`-----------*/
	1627	yybackup:
	1628
	1629	/* Do appropriate processing given the current state. Read a
	1630	lookahead token if we need one and don't already have one. */
	1631
	1632	/* First try to decide what to do without reference to lookahead token. */
	1633	yyn = yypact[yystate];
	1634	if (yypact_value_is_default (yyn))
	1635	goto yydefault;
	1636
	1637	/* Not known => get a lookahead token if don't already have one. */
	1638
	1639	/* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
	1640	if (yychar == YYEMPTY)
	1641	{
	1642	YYDPRINTF ((stderr, "Reading a token: "));
	1643	yychar = YYLEX;
	1644	}
	1645
	1646	if (yychar <= YYEOF)
	1647	{
	1648	yychar = yytoken = YYEOF;
	1649	YYDPRINTF ((stderr, "Now at end of input.\n"));
	1650	}
	1651	else
	1652	{
	1653	yytoken = YYTRANSLATE (yychar);
	1654	YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
	1655	}
	1656
	1657	/* If the proper action on seeing token YYTOKEN is to reduce or to
	1658	detect an error, take that action. */
	1659	yyn += yytoken;
	1660	if (yyn < 0 \|\| YYLAST < yyn \|\| yycheck[yyn] != yytoken)
	1661	goto yydefault;
	1662	yyn = yytable[yyn];
	1663	if (yyn <= 0)
	1664	{
	1665	if (yytable_value_is_error (yyn))
	1666	goto yyerrlab;
	1667	yyn = -yyn;
	1668	goto yyreduce;
	1669	}
	1670
	1671	/* Count tokens shifted since error; after three, turn off error
	1672	status. */
	1673	if (yyerrstatus)
	1674	yyerrstatus--;
	1675
	1676	/* Shift the lookahead token. */
	1677	YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
	1678
	1679	/* Discard the shifted token. */
	1680	yychar = YYEMPTY;
	1681
	1682	yystate = yyn;
	1683	*++yyvsp = yylval;
	1684
	1685	goto yynewstate;
	1686
	1687
	1688	/*-----------------------------------------------------------.
	1689	\| yydefault -- do the default action for the current state. \|
	1690	`-----------------------------------------------------------*/
	1691	yydefault:
	1692	yyn = yydefact[yystate];
	1693	if (yyn == 0)
	1694	goto yyerrlab;
	1695	goto yyreduce;
	1696
	1697
	1698	/*-----------------------------.
	1699	\| yyreduce -- Do a reduction. \|
	1700	`-----------------------------*/
	1701	yyreduce:
	1702	/* yyn is the number of a rule to reduce with. */
	1703	yylen = yyr2[yyn];
	1704
	1705	/* If YYLEN is nonzero, implement the default value of the action:
	1706	`$$ = $1'.
	1707
	1708	Otherwise, the following line sets YYVAL to garbage.
	1709	This behavior is undocumented and Bison
	1710	users should not rely upon it. Assigning to YYVAL
	1711	unconditionally makes the parser a bit smaller, and it avoids a
	1712	GCC warning that YYVAL may be used uninitialized. */
	1713	yyval = yyvsp[1-yylen];
	1714
	1715
	1716	YY_REDUCE_PRINT (yyn);
	1717	switch (yyn)
	1718	{
	1719	case 3:
	1720	/* Line 1787 of yacc.c */
	1721	#line 154 "parse.y"
	1722	{
	1723	free_buffer();
	1724	parse_init();
	1725	}
	1726	break;
	1727
	1728	case 16:
	1729	/* Line 1787 of yacc.c */
	1730	#line 179 "parse.y"
	1731	{
	1732	int status;
	1733
	1734	status = setkeymsg_add(SADB_ADD, (yyvsp[(5) - (9)].num), (yyvsp[(3) - (9)].res), (yyvsp[(4) - (9)].res));
	1735	if (status < 0)
	1736	return -1;
	1737	}
	1738	break;
	1739
	1740	case 17:
	1741	/* Line 1787 of yacc.c */
	1742	#line 191 "parse.y"
	1743	{
	1744	int status;
	1745
	1746	if ((yyvsp[(3) - (8)].res)->ai_next \|\| (yyvsp[(4) - (8)].res)->ai_next) {
	1747	yyerror("multiple address specified");
	1748	return -1;
	1749	}
	1750	if (p_mode != IPSEC_MODE_ANY)
	1751	yyerror("WARNING: mode is obsolete");
	1752
	1753	status = setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
	1754	if (status < 0)
	1755	return -1;
	1756	}
	1757	break;
	1758
	1759	case 18:
	1760	/* Line 1787 of yacc.c */
	1761	#line 210 "parse.y"
	1762	{
	1763	#ifndef __linux__
	1764	if (setkeymsg_addr(SADB_DELETE, (yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 1) < 0)
	1765	return -1;
	1766	#else /* __linux__ */
	1767	/* linux strictly adheres to RFC2367, and returns
	1768	* an error if we send an SADB_DELETE request without
	1769	* an SPI. Therefore, we must first retrieve a list
	1770	* of SPIs for all matching SADB entries, and then
	1771	* delete each one separately. */
	1772	u_int32_t *spi;
	1773	int i, n;
	1774
	1775	spi = sendkeymsg_spigrep((yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), &n);
	1776	for (i = 0; i < n; i++) {
	1777	p_spi = spi[i];
	1778	if (setkeymsg_addr(SADB_DELETE,
	1779	(yyvsp[(5) - (6)].num), (yyvsp[(3) - (6)].res), (yyvsp[(4) - (6)].res), 0) < 0)
	1780	return -1;
	1781	}
	1782	free(spi);
	1783	#endif /* __linux__ */
	1784	}
	1785	break;
	1786
	1787	case 19:
	1788	/* Line 1787 of yacc.c */
	1789	#line 238 "parse.y"
	1790	{
	1791	int status;
	1792
	1793	if (p_mode != IPSEC_MODE_ANY)
	1794	yyerror("WARNING: mode is obsolete");
	1795
	1796	status = setkeymsg_addr(SADB_GET, (yyvsp[(5) - (8)].num), (yyvsp[(3) - (8)].res), (yyvsp[(4) - (8)].res), 0);
	1797	if (status < 0)
	1798	return -1;
	1799	}
	1800	break;
	1801
	1802	case 20:
	1803	/* Line 1787 of yacc.c */
	1804	#line 253 "parse.y"
	1805	{
	1806	struct sadb_msg msg;
	1807	setkeymsg0(&msg, SADB_FLUSH, (yyvsp[(2) - (3)].num), sizeof(msg));
	1808	sendkeymsg((char *)&msg, sizeof(msg));
	1809	}
	1810	break;
	1811
	1812	case 21:
	1813	/* Line 1787 of yacc.c */
	1814	#line 263 "parse.y"
	1815	{
	1816	struct sadb_msg msg;
	1817	setkeymsg0(&msg, SADB_DUMP, (yyvsp[(2) - (3)].num), sizeof(msg));
	1818	sendkeymsg((char *)&msg, sizeof(msg));
	1819	}
	1820	break;
	1821
	1822	case 22:
	1823	/* Line 1787 of yacc.c */
	1824	#line 272 "parse.y"
	1825	{
	1826	(yyval.num) = SADB_SATYPE_UNSPEC;
	1827	}
	1828	break;
	1829
	1830	case 23:
	1831	/* Line 1787 of yacc.c */
	1832	#line 276 "parse.y"
	1833	{
	1834	(yyval.num) = SADB_SATYPE_ESP;
	1835	if ((yyvsp[(1) - (1)].num) == 1)
	1836	p_ext \|= SADB_X_EXT_OLD;
	1837	else
	1838	p_ext &= ~SADB_X_EXT_OLD;
	1839	}
	1840	break;
	1841
	1842	case 24:
	1843	/* Line 1787 of yacc.c */
	1844	#line 284 "parse.y"
	1845	{
	1846	(yyval.num) = SADB_SATYPE_AH;
	1847	if ((yyvsp[(1) - (1)].num) == 1)
	1848	p_ext \|= SADB_X_EXT_OLD;
	1849	else
	1850	p_ext &= ~SADB_X_EXT_OLD;
	1851	}
	1852	break;
	1853
	1854	case 25:
	1855	/* Line 1787 of yacc.c */
	1856	#line 292 "parse.y"
	1857	{
	1858	(yyval.num) = SADB_X_SATYPE_IPCOMP;
	1859	}
	1860	break;
	1861
	1862	case 26:
	1863	/* Line 1787 of yacc.c */
	1864	#line 296 "parse.y"
	1865	{
	1866	(yyval.num) = SADB_SATYPE_ESP;
	1867	p_ext &= ~SADB_X_EXT_OLD;
	1868	p_natt_oa = 0;
	1869	p_natt_type = UDP_ENCAP_ESPINUDP;
	1870	}
	1871	break;
	1872
	1873	case 27:
	1874	/* Line 1787 of yacc.c */
	1875	#line 303 "parse.y"
	1876	{
	1877	(yyval.num) = SADB_SATYPE_ESP;
	1878	p_ext &= ~SADB_X_EXT_OLD;
	1879	p_natt_oa = (yyvsp[(2) - (2)].res);
	1880	p_natt_type = UDP_ENCAP_ESPINUDP;
	1881	}
	1882	break;
	1883
	1884	case 28:
	1885	/* Line 1787 of yacc.c */
	1886	#line 310 "parse.y"
	1887	{
	1888	#ifdef SADB_X_SATYPE_TCPSIGNATURE
	1889	(yyval.num) = SADB_X_SATYPE_TCPSIGNATURE;
	1890	#endif
	1891	}
	1892	break;
	1893
	1894	case 29:
	1895	/* Line 1787 of yacc.c */
	1896	#line 318 "parse.y"
	1897	{ p_spi = (yyvsp[(1) - (1)].ulnum); }
	1898	break;
	1899
	1900	case 30:
	1901	/* Line 1787 of yacc.c */
	1902	#line 320 "parse.y"
	1903	{
	1904	char *ep;
	1905	unsigned long v;
	1906
	1907	ep = NULL;
	1908	v = strtoul((yyvsp[(1) - (1)].val).buf, &ep, 16);
	1909	if (!ep \|\| *ep) {
	1910	yyerror("invalid SPI");
	1911	return -1;
	1912	}
	1913	if (v & ~0xffffffff) {
	1914	yyerror("SPI too big.");
	1915	return -1;
	1916	}
	1917
	1918	p_spi = v;
	1919	}
	1920	break;
	1921
	1922	case 37:
	1923	/* Line 1787 of yacc.c */
	1924	#line 356 "parse.y"
	1925	{
	1926	if ((yyvsp[(2) - (2)].num) < 0) {
	1927	yyerror("unsupported algorithm");
	1928	return -1;
	1929	}
	1930	p_alg_enc = (yyvsp[(2) - (2)].num);
	1931	}
	1932	break;
	1933
	1934	case 38:
	1935	/* Line 1787 of yacc.c */
	1936	#line 364 "parse.y"
	1937	{
	1938	if ((yyvsp[(2) - (3)].num) < 0) {
	1939	yyerror("unsupported algorithm");
	1940	return -1;
	1941	}
	1942	p_alg_enc = (yyvsp[(2) - (3)].num);
	1943	p_ext \|= SADB_X_EXT_RAWCPI;
	1944	}
	1945	break;
	1946
	1947	case 39:
	1948	/* Line 1787 of yacc.c */
	1949	#line 375 "parse.y"
	1950	{
	1951	if ((yyvsp[(1) - (1)].num) < 0) {
	1952	yyerror("unsupported algorithm");
	1953	return -1;
	1954	}
	1955	p_alg_enc = (yyvsp[(1) - (1)].num);
	1956
	1957	p_key_enc_len = 0;
	1958	p_key_enc = "";
	1959	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
	1960	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
	1961	yyerror(ipsec_strerror());
	1962	return -1;
	1963	}
	1964	}
	1965	break;
	1966
	1967	case 40:
	1968	/* Line 1787 of yacc.c */
	1969	#line 390 "parse.y"
	1970	{
	1971	if ((yyvsp[(1) - (2)].num) < 0) {
	1972	yyerror("unsupported algorithm");
	1973	return -1;
	1974	}
	1975	p_alg_enc = (yyvsp[(1) - (2)].num);
	1976
	1977	p_key_enc_len = (yyvsp[(2) - (2)].val).len;
	1978	p_key_enc = (yyvsp[(2) - (2)].val).buf;
	1979	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
	1980	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
	1981	yyerror(ipsec_strerror());
	1982	return -1;
	1983	}
	1984	}
	1985	break;
	1986
	1987	case 41:
	1988	/* Line 1787 of yacc.c */
	1989	#line 405 "parse.y"
	1990	{
	1991	if ((yyvsp[(1) - (1)].num) < 0) {
	1992	yyerror("unsupported algorithm");
	1993	return -1;
	1994	}
	1995	yyerror("WARNING: obsolete algorithm");
	1996	p_alg_enc = (yyvsp[(1) - (1)].num);
	1997
	1998	p_key_enc_len = 0;
	1999	p_key_enc = "";
	2000	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
	2001	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
	2002	yyerror(ipsec_strerror());
	2003	return -1;
	2004	}
	2005	}
	2006	break;
	2007
	2008	case 42:
	2009	/* Line 1787 of yacc.c */
	2010	#line 422 "parse.y"
	2011	{
	2012	if ((yyvsp[(1) - (2)].num) < 0) {
	2013	yyerror("unsupported algorithm");
	2014	return -1;
	2015	}
	2016	p_alg_enc = (yyvsp[(1) - (2)].num);
	2017	if (p_ext & SADB_X_EXT_OLD) {
	2018	yyerror("algorithm mismatched");
	2019	return -1;
	2020	}
	2021	p_ext \|= SADB_X_EXT_DERIV;
	2022
	2023	p_key_enc_len = (yyvsp[(2) - (2)].val).len;
	2024	p_key_enc = (yyvsp[(2) - (2)].val).buf;
	2025	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
	2026	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
	2027	yyerror(ipsec_strerror());
	2028	return -1;
	2029	}
	2030	}
	2031	break;
	2032
	2033	case 43:
	2034	/* Line 1787 of yacc.c */
	2035	#line 443 "parse.y"
	2036	{
	2037	if ((yyvsp[(1) - (2)].num) < 0) {
	2038	yyerror("unsupported algorithm");
	2039	return -1;
	2040	}
	2041	p_alg_enc = (yyvsp[(1) - (2)].num);
	2042	if (!(p_ext & SADB_X_EXT_OLD)) {
	2043	yyerror("algorithm mismatched");
	2044	return -1;
	2045	}
	2046	p_ext \|= SADB_X_EXT_IV4B;
	2047
	2048	p_key_enc_len = (yyvsp[(2) - (2)].val).len;
	2049	p_key_enc = (yyvsp[(2) - (2)].val).buf;
	2050	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
	2051	p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
	2052	yyerror(ipsec_strerror());
	2053	return -1;
	2054	}
	2055	}
	2056	break;
	2057
	2058	case 44:
	2059	/* Line 1787 of yacc.c */
	2060	#line 466 "parse.y"
	2061	{
	2062	if ((yyvsp[(1) - (2)].num) < 0) {
	2063	yyerror("unsupported algorithm");
	2064	return -1;
	2065	}
	2066	p_alg_auth = (yyvsp[(1) - (2)].num);
	2067
	2068	p_key_auth_len = (yyvsp[(2) - (2)].val).len;
	2069	p_key_auth = (yyvsp[(2) - (2)].val).buf;
	2070	#ifdef SADB_X_AALG_TCP_MD5
	2071	if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
	2072	if ((p_key_auth_len < 1) \|\|
	2073	(p_key_auth_len > 80))
	2074	return -1;
	2075	} else
	2076	#endif
	2077	{
	2078	if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
	2079	p_alg_auth,
	2080	PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
	2081	yyerror(ipsec_strerror());
	2082	return -1;
	2083	}
	2084	}
	2085	}
	2086	break;
	2087
	2088	case 45:
	2089	/* Line 1787 of yacc.c */
	2090	#line 491 "parse.y"
	2091	{
	2092	if ((yyvsp[(1) - (1)].num) < 0) {
	2093	yyerror("unsupported algorithm");
	2094	return -1;
	2095	}
	2096	p_alg_auth = (yyvsp[(1) - (1)].num);
	2097
	2098	p_key_auth_len = 0;
	2099	p_key_auth = NULL;
	2100	}
	2101	break;
	2102
	2103	case 46:
	2104	/* Line 1787 of yacc.c */
	2105	#line 505 "parse.y"
	2106	{
	2107	(yyval.val) = (yyvsp[(1) - (1)].val);
	2108	}
	2109	break;
	2110
	2111	case 47:
	2112	/* Line 1787 of yacc.c */
	2113	#line 509 "parse.y"
	2114	{
	2115	caddr_t pp_key;
	2116	caddr_t bp;
	2117	caddr_t yp = (yyvsp[(1) - (1)].val).buf;
	2118	int l;
	2119
	2120	l = strlen(yp) % 2 + strlen(yp) / 2;
	2121	if ((pp_key = malloc(l)) == 0) {
	2122	yyerror("not enough core");
	2123	return -1;
	2124	}
	2125	memset(pp_key, 0, l);
	2126
	2127	bp = pp_key;
	2128	if (strlen(yp) % 2) {
	2129	*bp = ATOX(yp[0]);
	2130	yp++, bp++;
	2131	}
	2132	while (*yp) {
	2133	*bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]);
	2134	yp += 2, bp++;
	2135	}
	2136
	2137	(yyval.val).len = l;
	2138	(yyval.val).buf = pp_key;
	2139	}
	2140	break;
	2141
	2142	case 50:
	2143	/* Line 1787 of yacc.c */
	2144	#line 543 "parse.y"
	2145	{ p_ext \|= (yyvsp[(2) - (2)].num); }
	2146	break;
	2147
	2148	case 51:
	2149	/* Line 1787 of yacc.c */
	2150	#line 544 "parse.y"
	2151	{ p_ext &= ~SADB_X_EXT_CYCSEQ; }
	2152	break;
	2153
	2154	case 52:
	2155	/* Line 1787 of yacc.c */
	2156	#line 545 "parse.y"
	2157	{ p_mode = (yyvsp[(2) - (2)].num); }
	2158	break;
	2159
	2160	case 53:
	2161	/* Line 1787 of yacc.c */
	2162	#line 546 "parse.y"
	2163	{ p_mode = IPSEC_MODE_ANY; }
	2164	break;
	2165
	2166	case 54:
	2167	/* Line 1787 of yacc.c */
	2168	#line 547 "parse.y"
	2169	{ p_reqid = (yyvsp[(2) - (2)].ulnum); }
	2170	break;
	2171
	2172	case 55:
	2173	/* Line 1787 of yacc.c */
	2174	#line 549 "parse.y"
	2175	{
	2176	if ((p_ext & SADB_X_EXT_OLD) != 0) {
	2177	yyerror("replay prevention cannot be used with "
	2178	"ah/esp-old");
	2179	return -1;
	2180	}
	2181	p_replay = (yyvsp[(2) - (2)].ulnum);
	2182	}
	2183	break;
	2184
	2185	case 56:
	2186	/* Line 1787 of yacc.c */
	2187	#line 557 "parse.y"
	2188	{ p_lt_hard = (yyvsp[(2) - (2)].ulnum); }
	2189	break;
	2190
	2191	case 57:
	2192	/* Line 1787 of yacc.c */
	2193	#line 558 "parse.y"
	2194	{ p_lt_soft = (yyvsp[(2) - (2)].ulnum); }
	2195	break;
	2196
	2197	case 58:
	2198	/* Line 1787 of yacc.c */
	2199	#line 559 "parse.y"
	2200	{ p_lb_hard = (yyvsp[(2) - (2)].ulnum); }
	2201	break;
	2202
	2203	case 59:
	2204	/* Line 1787 of yacc.c */
	2205	#line 560 "parse.y"
	2206	{ p_lb_soft = (yyvsp[(2) - (2)].ulnum); }
	2207	break;
	2208
	2209	case 60:
	2210	/* Line 1787 of yacc.c */
	2211	#line 561 "parse.y"
	2212	{
	2213	sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
	2214	sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
	2215	sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
	2216	sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
	2217	}
	2218	break;
	2219
	2220	case 61:
	2221	/* Line 1787 of yacc.c */
	2222	#line 574 "parse.y"
	2223	{
	2224	int status;
	2225	struct addrinfo src, dst;
	2226
	2227	#ifdef HAVE_PFKEY_POLICY_PRIORITY
	2228	last_msg_type = SADB_X_SPDADD;
	2229	#endif
	2230
	2231	/* fixed port fields if ulp is icmp */
	2232	if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
	2233	return -1;
	2234
	2235	src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
	2236	dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
	2237	if (!src \|\| !dst) {
	2238	/* yyerror is already called */
	2239	return -1;
	2240	}
	2241	if (src->ai_next \|\| dst->ai_next) {
	2242	yyerror("multiple address specified");
	2243	freeaddrinfo(src);
	2244	freeaddrinfo(dst);
	2245	return -1;
	2246	}
	2247
	2248	status = setkeymsg_spdaddr(SADB_X_SPDADD, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
	2249	src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
	2250	freeaddrinfo(src);
	2251	freeaddrinfo(dst);
	2252	if (status < 0)
	2253	return -1;
	2254	}
	2255	break;
	2256
	2257	case 62:
	2258	/* Line 1787 of yacc.c */
	2259	#line 607 "parse.y"
	2260	{
	2261	int status;
	2262
	2263	status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
	2264	(yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
	2265	if (status < 0)
	2266	return -1;
	2267	}
	2268	break;
	2269
	2270	case 63:
	2271	/* Line 1787 of yacc.c */
	2272	#line 620 "parse.y"
	2273	{
	2274	int status;
	2275	struct addrinfo src, dst;
	2276
	2277	#ifdef HAVE_PFKEY_POLICY_PRIORITY
	2278	last_msg_type = SADB_X_SPDUPDATE;
	2279	#endif
	2280
	2281	/* fixed port fields if ulp is icmp */
	2282	if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
	2283	return -1;
	2284
	2285	src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
	2286	dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
	2287	if (!src \|\| !dst) {
	2288	/* yyerror is already called */
	2289	return -1;
	2290	}
	2291	if (src->ai_next \|\| dst->ai_next) {
	2292	yyerror("multiple address specified");
	2293	freeaddrinfo(src);
	2294	freeaddrinfo(dst);
	2295	return -1;
	2296	}
	2297
	2298	status = setkeymsg_spdaddr(SADB_X_SPDUPDATE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
	2299	src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
	2300	freeaddrinfo(src);
	2301	freeaddrinfo(dst);
	2302	if (status < 0)
	2303	return -1;
	2304	}
	2305	break;
	2306
	2307	case 64:
	2308	/* Line 1787 of yacc.c */
	2309	#line 653 "parse.y"
	2310	{
	2311	int status;
	2312
	2313	status = setkeymsg_spdaddr_tag(SADB_X_SPDUPDATE,
	2314	(yyvsp[(3) - (5)].val).buf, &(yyvsp[(4) - (5)].val));
	2315	if (status < 0)
	2316	return -1;
	2317	}
	2318	break;
	2319
	2320	case 65:
	2321	/* Line 1787 of yacc.c */
	2322	#line 665 "parse.y"
	2323	{
	2324	int status;
	2325	struct addrinfo src, dst;
	2326
	2327	/* fixed port fields if ulp is icmp */
	2328	if (fix_portstr((yyvsp[(9) - (13)].num), &(yyvsp[(10) - (13)].val), &(yyvsp[(5) - (13)].val), &(yyvsp[(8) - (13)].val)))
	2329	return -1;
	2330
	2331	src = parse_addr((yyvsp[(3) - (13)].val).buf, (yyvsp[(5) - (13)].val).buf);
	2332	dst = parse_addr((yyvsp[(6) - (13)].val).buf, (yyvsp[(8) - (13)].val).buf);
	2333	if (!src \|\| !dst) {
	2334	/* yyerror is already called */
	2335	return -1;
	2336	}
	2337	if (src->ai_next \|\| dst->ai_next) {
	2338	yyerror("multiple address specified");
	2339	freeaddrinfo(src);
	2340	freeaddrinfo(dst);
	2341	return -1;
	2342	}
	2343
	2344	status = setkeymsg_spdaddr(SADB_X_SPDDELETE, (yyvsp[(9) - (13)].num), &(yyvsp[(12) - (13)].val),
	2345	src, (yyvsp[(4) - (13)].num), dst, (yyvsp[(7) - (13)].num));
	2346	freeaddrinfo(src);
	2347	freeaddrinfo(dst);
	2348	if (status < 0)
	2349	return -1;
	2350	}
	2351	break;
	2352
	2353	case 66:
	2354	/* Line 1787 of yacc.c */
	2355	#line 697 "parse.y"
	2356	{
	2357	struct sadb_msg msg;
	2358	setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
	2359	sizeof(msg));
	2360	sendkeymsg((char *)&msg, sizeof(msg));
	2361	}
	2362	break;
	2363
	2364	case 67:
	2365	/* Line 1787 of yacc.c */
	2366	#line 708 "parse.y"
	2367	{
	2368	struct sadb_msg msg;
	2369	setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
	2370	sizeof(msg));
	2371	sendkeymsg((char *)&msg, sizeof(msg));
	2372	}
	2373	break;
	2374
	2375	case 70:
	2376	/* Line 1787 of yacc.c */
	2377	#line 723 "parse.y"
	2378	{
	2379	char *p;
	2380
	2381	for (p = (yyvsp[(1) - (1)].val).buf + 1; *p; p++)
	2382	switch (*p) {
	2383	case '4':
	2384	p_aifamily = AF_INET;
	2385	break;
	2386	#ifdef INET6
	2387	case '6':
	2388	p_aifamily = AF_INET6;
	2389	break;
	2390	#endif
	2391	case 'n':
	2392	p_aiflags = AI_NUMERICHOST;
	2393	break;
	2394	default:
	2395	yyerror("invalid flag");
	2396	return -1;
	2397	}
	2398	}
	2399	break;
	2400
	2401	case 71:
	2402	/* Line 1787 of yacc.c */
	2403	#line 748 "parse.y"
	2404	{
	2405	(yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
	2406	if ((yyval.res) == NULL) {
	2407	/* yyerror already called by parse_addr */
	2408	return -1;
	2409	}
	2410	}
	2411	break;
	2412
	2413	case 72:
	2414	/* Line 1787 of yacc.c */
	2415	#line 759 "parse.y"
	2416	{
	2417	(yyval.res) = parse_addr((yyvsp[(1) - (1)].val).buf, NULL);
	2418	if ((yyval.res) == NULL) {
	2419	/* yyerror already called by parse_addr */
	2420	return -1;
	2421	}
	2422	}
	2423	break;
	2424
	2425	case 73:
	2426	/* Line 1787 of yacc.c */
	2427	#line 767 "parse.y"
	2428	{
	2429	(yyval.res) = parse_addr((yyvsp[(1) - (2)].val).buf, (yyvsp[(2) - (2)].val).buf);
	2430	if ((yyval.res) == NULL) {
	2431	/* yyerror already called by parse_addr */
	2432	return -1;
	2433	}
	2434	}
	2435	break;
	2436
	2437	case 74:
	2438	/* Line 1787 of yacc.c */
	2439	#line 777 "parse.y"
	2440	{ (yyval.num) = -1; }
	2441	break;
	2442
	2443	case 75:
	2444	/* Line 1787 of yacc.c */
	2445	#line 778 "parse.y"
	2446	{ (yyval.num) = (yyvsp[(2) - (2)].ulnum); }
	2447	break;
	2448
	2449	case 76:
	2450	/* Line 1787 of yacc.c */
	2451	#line 783 "parse.y"
	2452	{
	2453	(yyval.val).buf = strdup("0");
	2454	if (!(yyval.val).buf) {
	2455	yyerror("insufficient memory");
	2456	return -1;
	2457	}
	2458	(yyval.val).len = strlen((yyval.val).buf);
	2459	}
	2460	break;
	2461
	2462	case 77:
	2463	/* Line 1787 of yacc.c */
	2464	#line 792 "parse.y"
	2465	{
	2466	(yyval.val).buf = strdup("0");
	2467	if (!(yyval.val).buf) {
	2468	yyerror("insufficient memory");
	2469	return -1;
	2470	}
	2471	(yyval.val).len = strlen((yyval.val).buf);
	2472	}
	2473	break;
	2474
	2475	case 78:
	2476	/* Line 1787 of yacc.c */
	2477	#line 801 "parse.y"
	2478	{
	2479	char buf[20];
	2480	snprintf(buf, sizeof(buf), "%lu", (yyvsp[(2) - (3)].ulnum));
	2481	(yyval.val).buf = strdup(buf);
	2482	if (!(yyval.val).buf) {
	2483	yyerror("insufficient memory");
	2484	return -1;
	2485	}
	2486	(yyval.val).len = strlen((yyval.val).buf);
	2487	}
	2488	break;
	2489
	2490	case 79:
	2491	/* Line 1787 of yacc.c */
	2492	#line 812 "parse.y"
	2493	{
	2494	(yyval.val) = (yyvsp[(2) - (3)].val);
	2495	}
	2496	break;
	2497
	2498	case 80:
	2499	/* Line 1787 of yacc.c */
	2500	#line 818 "parse.y"
	2501	{ (yyval.num) = (yyvsp[(1) - (1)].ulnum); }
	2502	break;
	2503
	2504	case 81:
	2505	/* Line 1787 of yacc.c */
	2506	#line 819 "parse.y"
	2507	{ (yyval.num) = IPSEC_ULPROTO_ANY; }
	2508	break;
	2509
	2510	case 82:
	2511	/* Line 1787 of yacc.c */
	2512	#line 820 "parse.y"
	2513	{
	2514	(yyval.num) = IPPROTO_TCP;
	2515	}
	2516	break;
	2517
	2518	case 83:
	2519	/* Line 1787 of yacc.c */
	2520	#line 824 "parse.y"
	2521	{
	2522	struct protoent *ent;
	2523
	2524	ent = getprotobyname((yyvsp[(1) - (1)].val).buf);
	2525	if (ent)
	2526	(yyval.num) = ent->p_proto;
	2527	else {
	2528	if (strcmp("icmp6", (yyvsp[(1) - (1)].val).buf) == 0) {
	2529	(yyval.num) = IPPROTO_ICMPV6;
	2530	} else if(strcmp("ip4", (yyvsp[(1) - (1)].val).buf) == 0) {
	2531	(yyval.num) = IPPROTO_IPV4;
	2532	} else {
	2533	yyerror("invalid upper layer protocol");
	2534	return -1;
	2535	}
	2536	}
	2537	endprotoent();
	2538	}
	2539	break;
	2540
	2541	case 84:
	2542	/* Line 1787 of yacc.c */
	2543	#line 846 "parse.y"
	2544	{
	2545	(yyval.val).buf = NULL;
	2546	(yyval.val).len = 0;
	2547	}
	2548	break;
	2549
	2550	case 85:
	2551	/* Line 1787 of yacc.c */
	2552	#line 851 "parse.y"
	2553	{
	2554	(yyval.val).buf = strdup((yyvsp[(1) - (1)].val).buf);
	2555	if (!(yyval.val).buf) {
	2556	yyerror("insufficient memory");
	2557	return -1;
	2558	}
	2559	(yyval.val).len = strlen((yyval.val).buf);
	2560	}
	2561	break;
	2562
	2563	case 87:
	2564	/* Line 1787 of yacc.c */
	2565	#line 863 "parse.y"
	2566	{
	2567	sec_ctx.doi = (yyvsp[(2) - (4)].ulnum);
	2568	sec_ctx.alg = (yyvsp[(3) - (4)].ulnum);
	2569	sec_ctx.len = (yyvsp[(4) - (4)].val).len+1;
	2570	sec_ctx.buf = (yyvsp[(4) - (4)].val).buf;
	2571	}
	2572	break;
	2573
	2574	case 88:
	2575	/* Line 1787 of yacc.c */
	2576	#line 873 "parse.y"
	2577	{
	2578	char *policy;
	2579	#ifdef HAVE_PFKEY_POLICY_PRIORITY
	2580	struct sadb_x_policy *xpl;
	2581	#endif
	2582
	2583	policy = ipsec_set_policy((yyvsp[(2) - (2)].val).buf, (yyvsp[(2) - (2)].val).len);
	2584	if (policy == NULL) {
	2585	yyerror(ipsec_strerror());
	2586	return -1;
	2587	}
	2588
	2589	(yyval.val).buf = policy;
	2590	(yyval.val).len = ipsec_get_policylen(policy);
	2591
	2592	#ifdef HAVE_PFKEY_POLICY_PRIORITY
	2593	xpl = (struct sadb_x_policy *) (yyval.val).buf;
	2594	last_priority = xpl->sadb_x_policy_priority;
	2595	#endif
	2596	}
	2597	break;
	2598
	2599	case 89:
	2600	/* Line 1787 of yacc.c */
	2601	#line 896 "parse.y"
	2602	{ (yyval.val) = (yyvsp[(1) - (1)].val); }
	2603	break;
	2604
	2605	case 90:
	2606	/* Line 1787 of yacc.c */
	2607	#line 902 "parse.y"
	2608	{
	2609	exit_now = 1;
	2610	YYACCEPT;
	2611	}
	2612	break;
	2613
	2614
	2615	/* Line 1787 of yacc.c */
	2616	#line 2617 "parse.c"
	2617	default: break;
	2618	}
	2619	/* User semantic actions sometimes alter yychar, and that requires
	2620	that yytoken be updated with the new translation. We take the
	2621	approach of translating immediately before every use of yytoken.
	2622	One alternative is translating here after every semantic action,
	2623	but that translation would be missed if the semantic action invokes
	2624	YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
	2625	if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an
	2626	incorrect destructor might then be invoked immediately. In the
	2627	case of YYERROR or YYBACKUP, subsequent parser actions might lead
	2628	to an incorrect destructor call or verbose syntax error message
	2629	before the lookahead is translated. */
	2630	YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
	2631
	2632	YYPOPSTACK (yylen);
	2633	yylen = 0;
	2634	YY_STACK_PRINT (yyss, yyssp);
	2635
	2636	*++yyvsp = yyval;
	2637
	2638	/* Now `shift' the result of the reduction. Determine what state
	2639	that goes to, based on the state we popped back to and the rule
	2640	number reduced by. */
	2641
	2642	yyn = yyr1[yyn];
	2643
	2644	yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
	2645	if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
	2646	yystate = yytable[yystate];
	2647	else
	2648	yystate = yydefgoto[yyn - YYNTOKENS];
	2649
	2650	goto yynewstate;
	2651
	2652
	2653	/*------------------------------------.
	2654	\| yyerrlab -- here on detecting error \|
	2655	`------------------------------------*/
	2656	yyerrlab:
	2657	/* Make sure we have latest lookahead translation. See comments at
	2658	user semantic actions for why this is necessary. */
	2659	yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
	2660
	2661	/* If not already recovering from an error, report this error. */
	2662	if (!yyerrstatus)
	2663	{
	2664	++yynerrs;
	2665	#if ! YYERROR_VERBOSE
	2666	yyerror (YY_("syntax error"));
	2667	#else
	2668	# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \
	2669	yyssp, yytoken)
	2670	{
	2671	char const *yymsgp = YY_("syntax error");
	2672	int yysyntax_error_status;
	2673	yysyntax_error_status = YYSYNTAX_ERROR;
	2674	if (yysyntax_error_status == 0)
	2675	yymsgp = yymsg;
	2676	else if (yysyntax_error_status == 1)
	2677	{
	2678	if (yymsg != yymsgbuf)
	2679	YYSTACK_FREE (yymsg);
	2680	yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc);
	2681	if (!yymsg)
	2682	{
	2683	yymsg = yymsgbuf;
	2684	yymsg_alloc = sizeof yymsgbuf;
	2685	yysyntax_error_status = 2;
	2686	}
	2687	else
	2688	{
	2689	yysyntax_error_status = YYSYNTAX_ERROR;
	2690	yymsgp = yymsg;
	2691	}
	2692	}
	2693	yyerror (yymsgp);
	2694	if (yysyntax_error_status == 2)
	2695	goto yyexhaustedlab;
	2696	}
	2697	# undef YYSYNTAX_ERROR
	2698	#endif
	2699	}
	2700
	2701
	2702
	2703	if (yyerrstatus == 3)
	2704	{
	2705	/* If just tried and failed to reuse lookahead token after an
	2706	error, discard it. */
	2707
	2708	if (yychar <= YYEOF)
	2709	{
	2710	/* Return failure if at end of input. */
	2711	if (yychar == YYEOF)
	2712	YYABORT;
	2713	}
	2714	else
	2715	{
	2716	yydestruct ("Error: discarding",
	2717	yytoken, &yylval);
	2718	yychar = YYEMPTY;
	2719	}
	2720	}
	2721
	2722	/* Else will try to reuse lookahead token after shifting the error
	2723	token. */
	2724	goto yyerrlab1;
	2725
	2726
	2727	/*---------------------------------------------------.
	2728	\| yyerrorlab -- error raised explicitly by YYERROR. \|
	2729	`---------------------------------------------------*/
	2730	yyerrorlab:
	2731
	2732	/* Pacify compilers like GCC when the user code never invokes
	2733	YYERROR and the label yyerrorlab therefore never appears in user
	2734	code. */
	2735	if (/CONSTCOND/ 0)
	2736	goto yyerrorlab;
	2737
	2738	/* Do not reclaim the symbols of the rule which action triggered
	2739	this YYERROR. */
	2740	YYPOPSTACK (yylen);
	2741	yylen = 0;
	2742	YY_STACK_PRINT (yyss, yyssp);
	2743	yystate = *yyssp;
	2744	goto yyerrlab1;
	2745
	2746
	2747	/*-------------------------------------------------------------.
	2748	\| yyerrlab1 -- common code for both syntax error and YYERROR. \|
	2749	`-------------------------------------------------------------*/
	2750	yyerrlab1:
	2751	yyerrstatus = 3; /* Each real token shifted decrements this. */
	2752
	2753	for (;;)
	2754	{
	2755	yyn = yypact[yystate];
	2756	if (!yypact_value_is_default (yyn))
	2757	{
	2758	yyn += YYTERROR;
	2759	if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
	2760	{
	2761	yyn = yytable[yyn];
	2762	if (0 < yyn)
	2763	break;
	2764	}
	2765	}
	2766
	2767	/* Pop the current state because it cannot handle the error token. */
	2768	if (yyssp == yyss)
	2769	YYABORT;
	2770
	2771
	2772	yydestruct ("Error: popping",
	2773	yystos[yystate], yyvsp);
	2774	YYPOPSTACK (1);
	2775	yystate = *yyssp;
	2776	YY_STACK_PRINT (yyss, yyssp);
	2777	}
	2778
	2779	*++yyvsp = yylval;
	2780
	2781
	2782	/* Shift the error token. */
	2783	YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
	2784
	2785	yystate = yyn;
	2786	goto yynewstate;
	2787
	2788
	2789	/*-------------------------------------.
	2790	\| yyacceptlab -- YYACCEPT comes here. \|
	2791	`-------------------------------------*/
	2792	yyacceptlab:
	2793	yyresult = 0;
	2794	goto yyreturn;
	2795
	2796	/*-----------------------------------.
	2797	\| yyabortlab -- YYABORT comes here. \|
	2798	`-----------------------------------*/
	2799	yyabortlab:
	2800	yyresult = 1;
	2801	goto yyreturn;
	2802
	2803	#if !defined yyoverflow \|\| YYERROR_VERBOSE
	2804	/*-------------------------------------------------.
	2805	\| yyexhaustedlab -- memory exhaustion comes here. \|
	2806	`-------------------------------------------------*/
	2807	yyexhaustedlab:
	2808	yyerror (YY_("memory exhausted"));
	2809	yyresult = 2;
	2810	/* Fall through. */
	2811	#endif
	2812
	2813	yyreturn:
	2814	if (yychar != YYEMPTY)
	2815	{
	2816	/* Make sure we have latest lookahead translation. See comments at
	2817	user semantic actions for why this is necessary. */
	2818	yytoken = YYTRANSLATE (yychar);
	2819	yydestruct ("Cleanup: discarding lookahead",
	2820	yytoken, &yylval);
	2821	}
	2822	/* Do not reclaim the symbols of the rule which action triggered
	2823	this YYABORT or YYACCEPT. */
	2824	YYPOPSTACK (yylen);
	2825	YY_STACK_PRINT (yyss, yyssp);
	2826	while (yyssp != yyss)
	2827	{
	2828	yydestruct ("Cleanup: popping",
	2829	yystos[*yyssp], yyvsp);
	2830	YYPOPSTACK (1);
	2831	}
	2832	#ifndef yyoverflow
	2833	if (yyss != yyssa)
	2834	YYSTACK_FREE (yyss);
	2835	#endif
	2836	#if YYERROR_VERBOSE
	2837	if (yymsg != yymsgbuf)
	2838	YYSTACK_FREE (yymsg);
	2839	#endif
	2840	/* Make sure YYID is used. */
	2841	return YYID (yyresult);
	2842	}
	2843
	2844
	2845	/* Line 2048 of yacc.c */
	2846	#line 907 "parse.y"
	2847
	2848
	2849	int
	2850	setkeymsg0(msg, type, satype, l)
	2851	struct sadb_msg *msg;
	2852	unsigned int type;
	2853	unsigned int satype;
	2854	size_t l;
	2855	{
	2856
	2857	msg->sadb_msg_version = PF_KEY_V2;
	2858	msg->sadb_msg_type = type;
	2859	msg->sadb_msg_errno = 0;
	2860	msg->sadb_msg_satype = satype;
	2861	msg->sadb_msg_reserved = 0;
	2862	msg->sadb_msg_seq = 0;
	2863	msg->sadb_msg_pid = getpid();
	2864	msg->sadb_msg_len = PFKEY_UNIT64(l);
	2865	return 0;
	2866	}
	2867
	2868	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
	2869	static int
	2870	setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
	2871	unsigned int type;
	2872	unsigned int upper;
	2873	vchar_t *policy;
	2874	struct addrinfo *srcs;
	2875	int splen;
	2876	struct addrinfo *dsts;
	2877	int dplen;
	2878	{
	2879	struct sadb_msg *msg;
	2880	char buf[BUFSIZ];
	2881	int l, l0;
	2882	struct sadb_address m_addr;
	2883	struct addrinfo s, d;
	2884	int n;
	2885	int plen;
	2886	struct sockaddr *sa;
	2887	int salen;
	2888	struct sadb_x_policy *sp;
	2889	#ifdef HAVE_POLICY_FWD
	2890	struct sadb_x_ipsecrequest *ps = NULL;
	2891	int saved_level, saved_id = 0;
	2892	#endif
	2893
	2894	msg = (struct sadb_msg *)buf;
	2895
	2896	if (!srcs \|\| !dsts)
	2897	return -1;
	2898
	2899	/* fix up length afterwards */
	2900	setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
	2901	l = sizeof(struct sadb_msg);
	2902
	2903	sp = (struct sadb_x_policy*) (buf + l);
	2904	memcpy(buf + l, policy->buf, policy->len);
	2905	l += policy->len;
	2906
	2907	l0 = l;
	2908	n = 0;
	2909
	2910	/* do it for all src/dst pairs */
	2911	for (s = srcs; s; s = s->ai_next) {
	2912	for (d = dsts; d; d = d->ai_next) {
	2913	/* rewind pointer */
	2914	l = l0;
	2915
	2916	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
	2917	continue;
	2918	switch (s->ai_addr->sa_family) {
	2919	case AF_INET:
	2920	plen = sizeof(struct in_addr) << 3;
	2921	break;
	2922	#ifdef INET6
	2923	case AF_INET6:
	2924	plen = sizeof(struct in6_addr) << 3;
	2925	break;
	2926	#endif
	2927	default:
	2928	continue;
	2929	}
	2930
	2931	/* set src */
	2932	sa = s->ai_addr;
	2933	salen = sysdep_sa_len(s->ai_addr);
	2934	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	2935	PFKEY_ALIGN8(salen));
	2936	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
	2937	m_addr.sadb_address_proto = upper;
	2938	m_addr.sadb_address_prefixlen =
	2939	(splen >= 0 ? splen : plen);
	2940	m_addr.sadb_address_reserved = 0;
	2941
	2942	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	2943	sizeof(m_addr), (caddr_t)sa, salen);
	2944
	2945	/* set dst */
	2946	sa = d->ai_addr;
	2947	salen = sysdep_sa_len(d->ai_addr);
	2948	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	2949	PFKEY_ALIGN8(salen));
	2950	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
	2951	m_addr.sadb_address_proto = upper;
	2952	m_addr.sadb_address_prefixlen =
	2953	(dplen >= 0 ? dplen : plen);
	2954	m_addr.sadb_address_reserved = 0;
	2955
	2956	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	2957	sizeof(m_addr), sa, salen);
	2958	#ifdef SADB_X_EXT_SEC_CTX
	2959	/* Add security context label */
	2960	if (sec_ctx.doi) {
	2961	struct sadb_x_sec_ctx m_sec_ctx;
	2962	u_int slen = sizeof(struct sadb_x_sec_ctx);
	2963
	2964	memset(&m_sec_ctx, 0, slen);
	2965
	2966	m_sec_ctx.sadb_x_sec_len =
	2967	PFKEY_UNIT64(slen + PFKEY_ALIGN8(sec_ctx.len));
	2968
	2969	m_sec_ctx.sadb_x_sec_exttype =
	2970	SADB_X_EXT_SEC_CTX;
	2971	m_sec_ctx.sadb_x_ctx_len = sec_ctx.len;/bytes/
	2972	m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
	2973	m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
	2974	setvarbuf(buf, &l,
	2975	(struct sadb_ext *)&m_sec_ctx, slen,
	2976	(caddr_t)sec_ctx.buf, sec_ctx.len);
	2977	}
	2978	#endif
	2979	msg->sadb_msg_len = PFKEY_UNIT64(l);
	2980
	2981	sendkeymsg(buf, l);
	2982
	2983	#ifdef HAVE_POLICY_FWD
	2984	/* create extra call for FWD policy */
	2985	if (f_rfcmode && sp->sadb_x_policy_dir == IPSEC_DIR_INBOUND) {
	2986	sp->sadb_x_policy_dir = IPSEC_DIR_FWD;
	2987	ps = (struct sadb_x_ipsecrequest*) (sp+1);
	2988
	2989	/* if request level is unique, change it to
	2990	* require for fwd policy */
	2991	/* XXX: currently, only first policy is updated
	2992	* only. Update following too... */
	2993	saved_level = ps->sadb_x_ipsecrequest_level;
	2994	if (saved_level == IPSEC_LEVEL_UNIQUE) {
	2995	saved_id = ps->sadb_x_ipsecrequest_reqid;
	2996	ps->sadb_x_ipsecrequest_reqid=0;
	2997	ps->sadb_x_ipsecrequest_level=IPSEC_LEVEL_REQUIRE;
	2998	}
	2999
	3000	sendkeymsg(buf, l);
	3001	/* restoring for next message */
	3002	sp->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
	3003	if (saved_level == IPSEC_LEVEL_UNIQUE) {
	3004	ps->sadb_x_ipsecrequest_reqid = saved_id;
	3005	ps->sadb_x_ipsecrequest_level = saved_level;
	3006	}
	3007	}
	3008	#endif
	3009
	3010	n++;
	3011	}
	3012	}
	3013
	3014	if (n == 0)
	3015	return -1;
	3016	else
	3017	return 0;
	3018	}
	3019
	3020	static int
	3021	setkeymsg_spdaddr_tag(type, tag, policy)
	3022	unsigned int type;
	3023	char *tag;
	3024	vchar_t *policy;
	3025	{
	3026	struct sadb_msg *msg;
	3027	char buf[BUFSIZ];
	3028	int l, l0;
	3029	#ifdef SADB_X_EXT_TAG
	3030	struct sadb_x_tag m_tag;
	3031	#endif
	3032	int n;
	3033
	3034	msg = (struct sadb_msg *)buf;
	3035
	3036	/* fix up length afterwards */
	3037	setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
	3038	l = sizeof(struct sadb_msg);
	3039
	3040	memcpy(buf + l, policy->buf, policy->len);
	3041	l += policy->len;
	3042
	3043	l0 = l;
	3044	n = 0;
	3045
	3046	#ifdef SADB_X_EXT_TAG
	3047	memset(&m_tag, 0, sizeof(m_tag));
	3048	m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
	3049	m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
	3050	if (strlcpy(m_tag.sadb_x_tag_name, tag,
	3051	sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
	3052	return -1;
	3053	memcpy(buf + l, &m_tag, sizeof(m_tag));
	3054	l += sizeof(m_tag);
	3055	#endif
	3056
	3057	msg->sadb_msg_len = PFKEY_UNIT64(l);
	3058
	3059	sendkeymsg(buf, l);
	3060
	3061	return 0;
	3062	}
	3063
	3064	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
	3065	static int
	3066	setkeymsg_addr(type, satype, srcs, dsts, no_spi)
	3067	unsigned int type;
	3068	unsigned int satype;
	3069	struct addrinfo *srcs;
	3070	struct addrinfo *dsts;
	3071	int no_spi;
	3072	{
	3073	struct sadb_msg *msg;
	3074	char buf[BUFSIZ];
	3075	int l, l0, len;
	3076	struct sadb_sa m_sa;
	3077	struct sadb_x_sa2 m_sa2;
	3078	struct sadb_address m_addr;
	3079	struct addrinfo s, d;
	3080	int n;
	3081	int plen;
	3082	struct sockaddr *sa;
	3083	int salen;
	3084
	3085	msg = (struct sadb_msg *)buf;
	3086
	3087	if (!srcs \|\| !dsts)
	3088	return -1;
	3089
	3090	/* fix up length afterwards */
	3091	setkeymsg0(msg, type, satype, 0);
	3092	l = sizeof(struct sadb_msg);
	3093
	3094	if (!no_spi) {
	3095	len = sizeof(struct sadb_sa);
	3096	m_sa.sadb_sa_len = PFKEY_UNIT64(len);
	3097	m_sa.sadb_sa_exttype = SADB_EXT_SA;
	3098	m_sa.sadb_sa_spi = htonl(p_spi);
	3099	m_sa.sadb_sa_replay = p_replay;
	3100	m_sa.sadb_sa_state = 0;
	3101	m_sa.sadb_sa_auth = p_alg_auth;
	3102	m_sa.sadb_sa_encrypt = p_alg_enc;
	3103	m_sa.sadb_sa_flags = p_ext;
	3104
	3105	memcpy(buf + l, &m_sa, len);
	3106	l += len;
	3107
	3108	len = sizeof(struct sadb_x_sa2);
	3109	m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
	3110	m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
	3111	m_sa2.sadb_x_sa2_mode = p_mode;
	3112	m_sa2.sadb_x_sa2_reqid = p_reqid;
	3113
	3114	memcpy(buf + l, &m_sa2, len);
	3115	l += len;
	3116	}
	3117
	3118	l0 = l;
	3119	n = 0;
	3120
	3121	/* do it for all src/dst pairs */
	3122	for (s = srcs; s; s = s->ai_next) {
	3123	for (d = dsts; d; d = d->ai_next) {
	3124	/* rewind pointer */
	3125	l = l0;
	3126
	3127	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
	3128	continue;
	3129	switch (s->ai_addr->sa_family) {
	3130	case AF_INET:
	3131	plen = sizeof(struct in_addr) << 3;
	3132	break;
	3133	#ifdef INET6
	3134	case AF_INET6:
	3135	plen = sizeof(struct in6_addr) << 3;
	3136	break;
	3137	#endif
	3138	default:
	3139	continue;
	3140	}
	3141
	3142	/* set src */
	3143	sa = s->ai_addr;
	3144	salen = sysdep_sa_len(s->ai_addr);
	3145	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	3146	PFKEY_ALIGN8(salen));
	3147	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
	3148	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
	3149	m_addr.sadb_address_prefixlen = plen;
	3150	m_addr.sadb_address_reserved = 0;
	3151
	3152	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	3153	sizeof(m_addr), sa, salen);
	3154
	3155	/* set dst */
	3156	sa = d->ai_addr;
	3157	salen = sysdep_sa_len(d->ai_addr);
	3158	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	3159	PFKEY_ALIGN8(salen));
	3160	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
	3161	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
	3162	m_addr.sadb_address_prefixlen = plen;
	3163	m_addr.sadb_address_reserved = 0;
	3164
	3165	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	3166	sizeof(m_addr), sa, salen);
	3167
	3168	msg->sadb_msg_len = PFKEY_UNIT64(l);
	3169
	3170	sendkeymsg(buf, l);
	3171
	3172	n++;
	3173	}
	3174	}
	3175
	3176	if (n == 0)
	3177	return -1;
	3178	else
	3179	return 0;
	3180	}
	3181
	3182	#ifdef SADB_X_EXT_NAT_T_TYPE
	3183	static u_int16_t get_port (struct addrinfo *addr)
	3184	{
	3185	struct sockaddr *s = addr->ai_addr;
	3186	u_int16_t port = 0;
	3187
	3188	switch (s->sa_family) {
	3189	case AF_INET:
	3190	{
	3191	struct sockaddr_in sin4 = (struct sockaddr_in )s;
	3192	port = ntohs(sin4->sin_port);
	3193	break;
	3194	}
	3195	case AF_INET6:
	3196	{
	3197	struct sockaddr_in6 sin6 = (struct sockaddr_in6 )s;
	3198	port = ntohs(sin6->sin6_port);
	3199	break;
	3200	}
	3201	}
	3202
	3203	if (port == 0)
	3204	port = DEFAULT_NATT_PORT;
	3205
	3206	return port;
	3207	}
	3208	#endif
	3209
	3210	/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
	3211	static int
	3212	setkeymsg_add(type, satype, srcs, dsts)
	3213	unsigned int type;
	3214	unsigned int satype;
	3215	struct addrinfo *srcs;
	3216	struct addrinfo *dsts;
	3217	{
	3218	struct sadb_msg *msg;
	3219	char buf[BUFSIZ];
	3220	int l, l0, len;
	3221	struct sadb_sa m_sa;
	3222	struct sadb_x_sa2 m_sa2;
	3223	struct sadb_address m_addr;
	3224	struct addrinfo s, d;
	3225	int n;
	3226	int plen;
	3227	struct sockaddr *sa;
	3228	int salen;
	3229
	3230	msg = (struct sadb_msg *)buf;
	3231
	3232	if (!srcs \|\| !dsts)
	3233	return -1;
	3234
	3235	/* fix up length afterwards */
	3236	setkeymsg0(msg, type, satype, 0);
	3237	l = sizeof(struct sadb_msg);
	3238
	3239	/* set encryption algorithm, if present. */
	3240	if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
	3241	union {
	3242	struct sadb_key key;
	3243	struct sadb_ext ext;
	3244	} m;
	3245
	3246	m.key.sadb_key_len =
	3247	PFKEY_UNIT64(sizeof(m.key)
	3248	+ PFKEY_ALIGN8(p_key_enc_len));
	3249	m.key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
	3250	m.key.sadb_key_bits = p_key_enc_len * 8;
	3251	m.key.sadb_key_reserved = 0;
	3252
	3253	setvarbuf(buf, &l, &m.ext, sizeof(m.key),
	3254	p_key_enc, p_key_enc_len);
	3255	}
	3256
	3257	/* set authentication algorithm, if present. */
	3258	if (p_key_auth) {
	3259	union {
	3260	struct sadb_key key;
	3261	struct sadb_ext ext;
	3262	} m;
	3263
	3264	m.key.sadb_key_len =
	3265	PFKEY_UNIT64(sizeof(m.key)
	3266	+ PFKEY_ALIGN8(p_key_auth_len));
	3267	m.key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
	3268	m.key.sadb_key_bits = p_key_auth_len * 8;
	3269	m.key.sadb_key_reserved = 0;
	3270
	3271	setvarbuf(buf, &l, &m.ext, sizeof(m.key),
	3272	p_key_auth, p_key_auth_len);
	3273	}
	3274
	3275	/* set lifetime for HARD */
	3276	if (p_lt_hard != 0 \|\| p_lb_hard != 0) {
	3277	struct sadb_lifetime m_lt;
	3278	u_int slen = sizeof(struct sadb_lifetime);
	3279
	3280	m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
	3281	m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
	3282	m_lt.sadb_lifetime_allocations = 0;
	3283	m_lt.sadb_lifetime_bytes = p_lb_hard;
	3284	m_lt.sadb_lifetime_addtime = p_lt_hard;
	3285	m_lt.sadb_lifetime_usetime = 0;
	3286
	3287	memcpy(buf + l, &m_lt, slen);
	3288	l += slen;
	3289	}
	3290
	3291	/* set lifetime for SOFT */
	3292	if (p_lt_soft != 0 \|\| p_lb_soft != 0) {
	3293	struct sadb_lifetime m_lt;
	3294	u_int slen = sizeof(struct sadb_lifetime);
	3295
	3296	m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
	3297	m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
	3298	m_lt.sadb_lifetime_allocations = 0;
	3299	m_lt.sadb_lifetime_bytes = p_lb_soft;
	3300	m_lt.sadb_lifetime_addtime = p_lt_soft;
	3301	m_lt.sadb_lifetime_usetime = 0;
	3302
	3303	memcpy(buf + l, &m_lt, slen);
	3304	l += slen;
	3305	}
	3306
	3307	#ifdef SADB_X_EXT_SEC_CTX
	3308	/* Add security context label */
	3309	if (sec_ctx.doi) {
	3310	struct sadb_x_sec_ctx m_sec_ctx;
	3311	u_int slen = sizeof(struct sadb_x_sec_ctx);
	3312
	3313	memset(&m_sec_ctx, 0, slen);
	3314
	3315	m_sec_ctx.sadb_x_sec_len = PFKEY_UNIT64(slen +
	3316	PFKEY_ALIGN8(sec_ctx.len));
	3317	m_sec_ctx.sadb_x_sec_exttype = SADB_X_EXT_SEC_CTX;
	3318	m_sec_ctx.sadb_x_ctx_len = sec_ctx.len; /* bytes */
	3319	m_sec_ctx.sadb_x_ctx_doi = sec_ctx.doi;
	3320	m_sec_ctx.sadb_x_ctx_alg = sec_ctx.alg;
	3321	setvarbuf(buf, &l, (struct sadb_ext *)&m_sec_ctx, slen,
	3322	(caddr_t)sec_ctx.buf, sec_ctx.len);
	3323	}
	3324	#endif
	3325
	3326	len = sizeof(struct sadb_sa);
	3327	m_sa.sadb_sa_len = PFKEY_UNIT64(len);
	3328	m_sa.sadb_sa_exttype = SADB_EXT_SA;
	3329	m_sa.sadb_sa_spi = htonl(p_spi);
	3330	m_sa.sadb_sa_replay = p_replay;
	3331	m_sa.sadb_sa_state = 0;
	3332	m_sa.sadb_sa_auth = p_alg_auth;
	3333	m_sa.sadb_sa_encrypt = p_alg_enc;
	3334	m_sa.sadb_sa_flags = p_ext;
	3335
	3336	memcpy(buf + l, &m_sa, len);
	3337	l += len;
	3338
	3339	len = sizeof(struct sadb_x_sa2);
	3340	m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
	3341	m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
	3342	m_sa2.sadb_x_sa2_mode = p_mode;
	3343	m_sa2.sadb_x_sa2_reqid = p_reqid;
	3344
	3345	memcpy(buf + l, &m_sa2, len);
	3346	l += len;
	3347
	3348	#ifdef SADB_X_EXT_NAT_T_TYPE
	3349	if (p_natt_type) {
	3350	struct sadb_x_nat_t_type natt_type;
	3351
	3352	len = sizeof(struct sadb_x_nat_t_type);
	3353	memset(&natt_type, 0, len);
	3354	natt_type.sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
	3355	natt_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
	3356	natt_type.sadb_x_nat_t_type_type = p_natt_type;
	3357
	3358	memcpy(buf + l, &natt_type, len);
	3359	l += len;
	3360
	3361	if (p_natt_oa) {
	3362	sa = p_natt_oa->ai_addr;
	3363	switch (sa->sa_family) {
	3364	case AF_INET:
	3365	plen = sizeof(struct in_addr) << 3;
	3366	break;
	3367	#ifdef INET6
	3368	case AF_INET6:
	3369	plen = sizeof(struct in6_addr) << 3;
	3370	break;
	3371	#endif
	3372	default:
	3373	return -1;
	3374	}
	3375	salen = sysdep_sa_len(sa);
	3376	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	3377	PFKEY_ALIGN8(salen));
	3378	m_addr.sadb_address_exttype = SADB_X_EXT_NAT_T_OA;
	3379	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
	3380	m_addr.sadb_address_prefixlen = plen;
	3381	m_addr.sadb_address_reserved = 0;
	3382
	3383	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	3384	sizeof(m_addr), sa, salen);
	3385	}
	3386	}
	3387	#endif
	3388
	3389	l0 = l;
	3390	n = 0;
	3391
	3392	/* do it for all src/dst pairs */
	3393	for (s = srcs; s; s = s->ai_next) {
	3394	for (d = dsts; d; d = d->ai_next) {
	3395	/* rewind pointer */
	3396	l = l0;
	3397
	3398	if (s->ai_addr->sa_family != d->ai_addr->sa_family)
	3399	continue;
	3400	switch (s->ai_addr->sa_family) {
	3401	case AF_INET:
	3402	plen = sizeof(struct in_addr) << 3;
	3403	break;
	3404	#ifdef INET6
	3405	case AF_INET6:
	3406	plen = sizeof(struct in6_addr) << 3;
	3407	break;
	3408	#endif
	3409	default:
	3410	continue;
	3411	}
	3412
	3413	/* set src */
	3414	sa = s->ai_addr;
	3415	salen = sysdep_sa_len(s->ai_addr);
	3416	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	3417	PFKEY_ALIGN8(salen));
	3418	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
	3419	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
	3420	m_addr.sadb_address_prefixlen = plen;
	3421	m_addr.sadb_address_reserved = 0;
	3422
	3423	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	3424	sizeof(m_addr), sa, salen);
	3425
	3426	/* set dst */
	3427	sa = d->ai_addr;
	3428	salen = sysdep_sa_len(d->ai_addr);
	3429	m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
	3430	PFKEY_ALIGN8(salen));
	3431	m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
	3432	m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
	3433	m_addr.sadb_address_prefixlen = plen;
	3434	m_addr.sadb_address_reserved = 0;
	3435
	3436	setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
	3437	sizeof(m_addr), sa, salen);
	3438
	3439	#ifdef SADB_X_EXT_NAT_T_TYPE
	3440	if (p_natt_type) {
	3441	struct sadb_x_nat_t_port natt_port;
	3442
	3443	/* NATT_SPORT */
	3444	len = sizeof(struct sadb_x_nat_t_port);
	3445	memset(&natt_port, 0, len);
	3446	natt_port.sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
	3447	natt_port.sadb_x_nat_t_port_exttype =
	3448	SADB_X_EXT_NAT_T_SPORT;
	3449	natt_port.sadb_x_nat_t_port_port = htons(get_port(s));
	3450
	3451	memcpy(buf + l, &natt_port, len);
	3452	l += len;
	3453
	3454	/* NATT_DPORT */
	3455	natt_port.sadb_x_nat_t_port_exttype =
	3456	SADB_X_EXT_NAT_T_DPORT;
	3457	natt_port.sadb_x_nat_t_port_port = htons(get_port(d));
	3458
	3459	memcpy(buf + l, &natt_port, len);
	3460	l += len;
	3461	}
	3462	#endif
	3463	msg->sadb_msg_len = PFKEY_UNIT64(l);
	3464
	3465	sendkeymsg(buf, l);
	3466
	3467	n++;
	3468	}
	3469	}
	3470
	3471	if (n == 0)
	3472	return -1;
	3473	else
	3474	return 0;
	3475	}
	3476
	3477	static struct addrinfo *
	3478	parse_addr(host, port)
	3479	char *host;
	3480	char *port;
	3481	{
	3482	struct addrinfo hints, *res = NULL;
	3483	int error;
	3484
	3485	memset(&hints, 0, sizeof(hints));
	3486	hints.ai_family = p_aifamily;
	3487	hints.ai_socktype = SOCK_DGRAM; /dummy/
	3488	hints.ai_protocol = IPPROTO_UDP; /dummy/
	3489	hints.ai_flags = p_aiflags;
	3490	error = getaddrinfo(host, port, &hints, &res);
	3491	if (error != 0) {
	3492	yyerror(gai_strerror(error));
	3493	return NULL;
	3494	}
	3495	return res;
	3496	}
	3497
	3498	static int
	3499	fix_portstr(ulproto, spec, sport, dport)
	3500	int ulproto;
	3501	vchar_t spec, sport, *dport;
	3502	{
	3503	char sp[16], dp[16];
	3504	int a, b, c, d;
	3505	unsigned long u;
	3506
	3507	if (spec->buf == NULL)
	3508	return 0;
	3509
	3510	switch (ulproto) {
	3511	case IPPROTO_ICMP:
	3512	case IPPROTO_ICMPV6:
	3513	case IPPROTO_MH:
	3514	if (sscanf(spec->buf, "%d,%d", &a, &b) == 2) {
	3515	sprintf(sp, "%d", a);
	3516	sprintf(dp, "%d", b);
	3517	} else if (sscanf(spec->buf, "%d", &a) == 1) {
	3518	sprintf(sp, "%d", a);
	3519	} else {
	3520	yyerror("invalid an upper layer protocol spec");
	3521	return -1;
	3522	}
	3523	break;
	3524	case IPPROTO_GRE:
	3525	if (sscanf(spec->buf, "%d.%d.%d.%d", &a, &b, &c, &d) == 4) {
	3526	sprintf(sp, "%d", (a << 8) + b);
	3527	sprintf(dp, "%d", (c << 8) + d);
	3528	} else if (sscanf(spec->buf, "%lu", &u) == 1) {
	3529	sprintf(sp, "%d", (int) (u >> 16));
	3530	sprintf(dp, "%d", (int) (u & 0xffff));
	3531	} else {
	3532	yyerror("invalid an upper layer protocol spec");
	3533	return -1;
	3534	}
	3535	break;
	3536	}
	3537
	3538	free(sport->buf);
	3539	sport->buf = strdup(sp);
	3540	if (!sport->buf) {
	3541	yyerror("insufficient memory");
	3542	return -1;
	3543	}
	3544	sport->len = strlen(sport->buf);
	3545
	3546	free(dport->buf);
	3547	dport->buf = strdup(dp);
	3548	if (!dport->buf) {
	3549	yyerror("insufficient memory");
	3550	return -1;
	3551	}
	3552	dport->len = strlen(dport->buf);
	3553
	3554	return 0;
	3555	}
	3556
	3557	static int
	3558	setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
	3559	char *buf;
	3560	int *off;
	3561	struct sadb_ext *ebuf;
	3562	int elen;
	3563	const void *vbuf;
	3564	int vlen;
	3565	{
	3566	memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
	3567	memcpy(buf + *off, (caddr_t)ebuf, elen);
	3568	memcpy(buf + *off + elen, vbuf, vlen);
	3569	(*off) += PFKEY_ALIGN8(elen + vlen);
	3570
	3571	return 0;
	3572	}
	3573
	3574	void
	3575	parse_init()
	3576	{
	3577	p_spi = 0;
	3578
	3579	p_ext = SADB_X_EXT_CYCSEQ;
	3580	p_alg_enc = SADB_EALG_NONE;
	3581	p_alg_auth = SADB_AALG_NONE;
	3582	p_mode = IPSEC_MODE_ANY;
	3583	p_reqid = 0;
	3584	p_replay = 0;
	3585	p_key_enc_len = p_key_auth_len = 0;
	3586	p_key_enc = p_key_auth = 0;
	3587	p_lt_hard = p_lt_soft = 0;
	3588	p_lb_hard = p_lb_soft = 0;
	3589
	3590	memset(&sec_ctx, 0, sizeof(struct security_ctx));
	3591
	3592	p_aiflags = 0;
	3593	p_aifamily = PF_UNSPEC;
	3594
	3595	/* Clear out any natt OA information */
	3596	if (p_natt_oa)
	3597	freeaddrinfo (p_natt_oa);
	3598	p_natt_oa = NULL;
	3599	p_natt_type = 0;
	3600
	3601	return;
	3602	}
	3603
	3604	void
	3605	free_buffer()
	3606	{
	3607	/* we got tons of memory leaks in the parser anyways, leave them */
	3608
	3609	return;
	3610	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/setkey/parse.c @ ff36f5e

Download in other formats: