path: root/ipsec-tools/src/racoon/cfparse.c

/* original parser id follows */
/* yysccsid[] = "@(#)yaccpar	1.9 (Berkeley) 02/21/93" */
/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */

#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
#define YYPATCH 20170201

#define YYEMPTY        (-1)
#define yyclearin      (yychar = YYEMPTY)
#define yyerrok        (yyerrflag = 0)
#define YYRECOVERING() (yyerrflag != 0)
#define YYENOMEM       (-2)
#define YYEOF          0

#ifndef yyparse
#define yyparse    racoonyyparse
#endif /* yyparse */

#ifndef yylex
#define yylex      racoonyylex
#endif /* yylex */

#ifndef yyerror
#define yyerror    racoonyyerror
#endif /* yyerror */

#ifndef yychar
#define yychar     racoonyychar
#endif /* yychar */

#ifndef yyval
#define yyval      racoonyyval
#endif /* yyval */

#ifndef yylval
#define yylval     racoonyylval
#endif /* yylval */

#ifndef yydebug
#define yydebug    racoonyydebug
#endif /* yydebug */

#ifndef yynerrs
#define yynerrs    racoonyynerrs
#endif /* yynerrs */

#ifndef yyerrflag
#define yyerrflag  racoonyyerrflag
#endif /* yyerrflag */

#ifndef yylhs
#define yylhs      racoonyylhs
#endif /* yylhs */

#ifndef yylen
#define yylen      racoonyylen
#endif /* yylen */

#ifndef yydefred
#define yydefred   racoonyydefred
#endif /* yydefred */

#ifndef yydgoto
#define yydgoto    racoonyydgoto
#endif /* yydgoto */

#ifndef yysindex
#define yysindex   racoonyysindex
#endif /* yysindex */

#ifndef yyrindex
#define yyrindex   racoonyyrindex
#endif /* yyrindex */

#ifndef yygindex
#define yygindex   racoonyygindex
#endif /* yygindex */

#ifndef yytable
#define yytable    racoonyytable
#endif /* yytable */

#ifndef yycheck
#define yycheck    racoonyycheck
#endif /* yycheck */

#ifndef yyname
#define yyname     racoonyyname
#endif /* yyname */

#ifndef yyrule
#define yyrule     racoonyyrule
#endif /* yyrule */
#define YYPREFIX "racoonyy"

#define YYPURE 0

#line 6 "../../ipsec-tools/src/racoon/cfparse.y"
/*
 * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <sys/types.h>
#include <sys/param.h>
#include <sys/queue.h>
#include <sys/socket.h>

#include <netinet/in.h>
#include PATH_IPSEC_H

#ifdef ENABLE_HYBRID
#include <arpa/inet.h>
#endif

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <netdb.h>
#include <pwd.h>
#include <grp.h>

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "sockmisc.h"
#include "str2val.h"
#include "genlist.h"
#include "debug.h"

#include "admin.h"
#include "privsep.h"
#include "cfparse_proto.h"
#include "cftoken_proto.h"
#include "algorithm.h"
#include "localconf.h"
#include "policy.h"
#include "sainfo.h"
#include "oakley.h"
#include "pfkey.h"
#include "remoteconf.h"
#include "grabmyaddr.h"
#include "isakmp_var.h"
#include "handler.h"
#include "isakmp.h"
#include "nattraversal.h"
#include "isakmp_frag.h"
#ifdef ENABLE_HYBRID
#include "resolv.h"
#include "isakmp_unity.h"
#include "isakmp_xauth.h"
#include "isakmp_cfg.h"
#endif
#include "ipsec_doi.h"
#include "strnames.h"
#include "gcmalloc.h"
#ifdef HAVE_GSSAPI
#include "gssapi.h"
#endif
#include "vendorid.h"
#include "rsalist.h"
#include "crypto_openssl.h"

struct secprotospec {
	int prop_no;
	int trns_no;
	int strength;		/* for isakmp/ipsec */
	int encklen;		/* for isakmp/ipsec */
	time_t lifetime;	/* for isakmp */
	int lifebyte;		/* for isakmp */
	int proto_id;		/* for ipsec (isakmp?) */
	int ipsec_level;	/* for ipsec */
	int encmode;		/* for ipsec */
	int vendorid;		/* for isakmp */
	char *gssid;
	struct sockaddr *remote;
	int algclass[MAXALGCLASS];

	struct secprotospec *next;	/* the tail is the most prefiered. */
	struct secprotospec *prev;
};

static int num2dhgroup[] = {
	0,
	OAKLEY_ATTR_GRP_DESC_MODP768,
	OAKLEY_ATTR_GRP_DESC_MODP1024,
	OAKLEY_ATTR_GRP_DESC_EC2N155,
	OAKLEY_ATTR_GRP_DESC_EC2N185,
	OAKLEY_ATTR_GRP_DESC_MODP1536,
	0,
	0,
	0,
	0,
	0,
	0,
	0,
	0,
	OAKLEY_ATTR_GRP_DESC_MODP2048,
	OAKLEY_ATTR_GRP_DESC_MODP3072,
	OAKLEY_ATTR_GRP_DESC_MODP4096,
	OAKLEY_ATTR_GRP_DESC_MODP6144,
	OAKLEY_ATTR_GRP_DESC_MODP8192
};

static struct remoteconf *cur_rmconf;
static int tmpalgtype[MAXALGCLASS];
static struct sainfo *cur_sainfo;
static int cur_algclass;
static int oldloglevel = LLV_BASE;

static struct secprotospec *newspspec __P((void));
static void insspspec __P((struct remoteconf *, struct secprotospec *));
void dupspspec_list __P((struct remoteconf *dst, struct remoteconf *src));
void flushspspec __P((struct remoteconf *));
static void adminsock_conf __P((vchar_t *, vchar_t *, vchar_t *, int));

static int set_isakmp_proposal __P((struct remoteconf *));
static void clean_tmpalgtype __P((void));
static int expand_isakmpspec __P((int, int, int *,
	int, int, time_t, int, int, int, char *, struct remoteconf *));

void freeetypes (struct etypes **etypes);

static int load_x509(const char *file, char **filenameptr,
		     vchar_t **certptr)
{
	char path[PATH_MAX];

	getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file);
	*certptr = eay_get_x509cert(path);
	if (*certptr == NULL)
		return -1;

	*filenameptr = racoon_strdup(file);
	STRDUP_FATAL(*filenameptr);

	return 0;
}

static int process_rmconf()
{

	/* check a exchange mode */
	if (cur_rmconf->etypes == NULL) {
		yyerror("no exchange mode specified.\n");
		return -1;
	}

	if (cur_rmconf->idvtype == IDTYPE_UNDEFINED)
		cur_rmconf->idvtype = IDTYPE_ADDRESS;

	if (cur_rmconf->idvtype == IDTYPE_ASN1DN) {
		if (cur_rmconf->mycertfile) {
			if (cur_rmconf->idv)
				yywarn("Both CERT and ASN1 ID "
				       "are set. Hope this is OK.\n");
			/* TODO: Preparse the DN here */
		} else if (cur_rmconf->idv) {
			/* OK, using asn1dn without X.509. */
		} else {
			yyerror("ASN1 ID not specified "
				"and no CERT defined!\n");
			return -1;
		}
	}

	if (duprmconf_finish(cur_rmconf))
		return -1;

	if (set_isakmp_proposal(cur_rmconf) != 0)
		return -1;

	/* DH group settting if aggressive mode is there. */
	if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) {
		struct isakmpsa *p;
		int b = 0;

		/* DH group */
		for (p = cur_rmconf->proposal; p; p = p->next) {
			if (b == 0 || (b && b == p->dh_group)) {
				b = p->dh_group;
				continue;
			}
			yyerror("DH group must be equal "
				"in all proposals "
				"when aggressive mode is "
				"used.\n");
			return -1;
		}
		cur_rmconf->dh_group = b;

		if (cur_rmconf->dh_group == 0) {
			yyerror("DH group must be set in the proposal.\n");
			return -1;
		}

		/* DH group settting if PFS is required. */
		if (oakley_setdhgroup(cur_rmconf->dh_group,
				&cur_rmconf->dhgrp) < 0) {
			yyerror("failed to set DH value.\n");
			return -1;
		}
	}

	insrmconf(cur_rmconf);

	return 0;
}

#ifdef YYSTYPE
#undef  YYSTYPE_IS_DECLARED
#define YYSTYPE_IS_DECLARED 1
#endif
#ifndef YYSTYPE_IS_DECLARED
#define YYSTYPE_IS_DECLARED 1
#line 247 "../../ipsec-tools/src/racoon/cfparse.y"
typedef union {
	unsigned long num;
	vchar_t *val;
	struct remoteconf *rmconf;
	struct sockaddr *saddr;
	struct sainfoalg *alg;
} YYSTYPE;
#endif /* !YYSTYPE_IS_DECLARED */
#line 356 "racoonyy.tab.c"

/* compatibility with bison */
#ifdef YYPARSE_PARAM
/* compatibility with FreeBSD */
# ifdef YYPARSE_PARAM_TYPE
#  define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
# else
#  define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
# endif
#else
# define YYPARSE_DECL() yyparse(void)
#endif

/* Parameters sent to lex. */
#ifdef YYLEX_PARAM
# define YYLEX_DECL() yylex(void *YYLEX_PARAM)
# define YYLEX yylex(YYLEX_PARAM)
#else
# define YYLEX_DECL() yylex(void)
# define YYLEX yylex()
#endif

/* Parameters sent to yyerror. */
#ifndef YYERROR_DECL
#define YYERROR_DECL() yyerror(const char *s)
#endif
#ifndef YYERROR_CALL
#define YYERROR_CALL(msg) yyerror(msg)
#endif

extern int YYPARSE_DECL();

#define PRIVSEP 257
#define USER 258
#define GROUP 259
#define CHROOT 260
#define PATH 261
#define PATHTYPE 262
#define INCLUDE 263
#define PFKEY_BUFFER 264
#define LOGGING 265
#define LOGLEV 266
#define PADDING 267
#define PAD_RANDOMIZE 268
#define PAD_RANDOMIZELEN 269
#define PAD_MAXLEN 270
#define PAD_STRICT 271
#define PAD_EXCLTAIL 272
#define LISTEN 273
#define X_ISAKMP 274
#define X_ISAKMP_NATT 275
#define X_ADMIN 276
#define STRICT_ADDRESS 277
#define ADMINSOCK 278
#define DISABLED 279
#define LDAPCFG 280
#define LDAP_HOST 281
#define LDAP_PORT 282
#define LDAP_PVER 283
#define LDAP_BASE 284
#define LDAP_BIND_DN 285
#define LDAP_BIND_PW 286
#define LDAP_SUBTREE 287
#define LDAP_ATTR_USER 288
#define LDAP_ATTR_ADDR 289
#define LDAP_ATTR_MASK 290
#define LDAP_ATTR_GROUP 291
#define LDAP_ATTR_MEMBER 292
#define RADCFG 293
#define RAD_AUTH 294
#define RAD_ACCT 295
#define RAD_TIMEOUT 296
#define RAD_RETRIES 297
#define MODECFG 298
#define CFG_NET4 299
#define CFG_MASK4 300
#define CFG_DNS4 301
#define CFG_NBNS4 302
#define CFG_DEFAULT_DOMAIN 303
#define CFG_AUTH_SOURCE 304
#define CFG_AUTH_GROUPS 305
#define CFG_SYSTEM 306
#define CFG_RADIUS 307
#define CFG_PAM 308
#define CFG_LDAP 309
#define CFG_LOCAL 310
#define CFG_NONE 311
#define CFG_GROUP_SOURCE 312
#define CFG_ACCOUNTING 313
#define CFG_CONF_SOURCE 314
#define CFG_MOTD 315
#define CFG_POOL_SIZE 316
#define CFG_AUTH_THROTTLE 317
#define CFG_SPLIT_NETWORK 318
#define CFG_SPLIT_LOCAL 319
#define CFG_SPLIT_INCLUDE 320
#define CFG_SPLIT_DNS 321
#define CFG_PFS_GROUP 322
#define CFG_SAVE_PASSWD 323
#define RETRY 324
#define RETRY_COUNTER 325
#define RETRY_INTERVAL 326
#define RETRY_PERSEND 327
#define RETRY_PHASE1 328
#define RETRY_PHASE2 329
#define NATT_KA 330
#define ALGORITHM_CLASS 331
#define ALGORITHMTYPE 332
#define STRENGTHTYPE 333
#define SAINFO 334
#define FROM 335
#define REMOTE 336
#define ANONYMOUS 337
#define CLIENTADDR 338
#define INHERIT 339
#define REMOTE_ADDRESS 340
#define EXCHANGE_MODE 341
#define EXCHANGETYPE 342
#define DOI 343
#define DOITYPE 344
#define SITUATION 345
#define SITUATIONTYPE 346
#define CERTIFICATE_TYPE 347
#define CERTTYPE 348
#define PEERS_CERTFILE 349
#define CA_TYPE 350
#define VERIFY_CERT 351
#define SEND_CERT 352
#define SEND_CR 353
#define MATCH_EMPTY_CR 354
#define IDENTIFIERTYPE 355
#define IDENTIFIERQUAL 356
#define MY_IDENTIFIER 357
#define PEERS_IDENTIFIER 358
#define VERIFY_IDENTIFIER 359
#define DNSSEC 360
#define CERT_X509 361
#define CERT_PLAINRSA 362
#define NONCE_SIZE 363
#define DH_GROUP 364
#define KEEPALIVE 365
#define PASSIVE 366
#define INITIAL_CONTACT 367
#define NAT_TRAVERSAL 368
#define REMOTE_FORCE_LEVEL 369
#define PROPOSAL_CHECK 370
#define PROPOSAL_CHECK_LEVEL 371
#define GENERATE_POLICY 372
#define GENERATE_LEVEL 373
#define SUPPORT_PROXY 374
#define PROPOSAL 375
#define EXEC_PATH 376
#define EXEC_COMMAND 377
#define EXEC_SUCCESS 378
#define EXEC_FAILURE 379
#define GSS_ID 380
#define GSS_ID_ENC 381
#define GSS_ID_ENCTYPE 382
#define COMPLEX_BUNDLE 383
#define DPD 384
#define DPD_DELAY 385
#define DPD_RETRY 386
#define DPD_MAXFAIL 387
#define PH1ID 388
#define XAUTH_LOGIN 389
#define WEAK_PHASE1_CHECK 390
#define REKEY 391
#define PREFIX 392
#define PORT 393
#define PORTANY 394
#define UL_PROTO 395
#define ANY 396
#define IKE_FRAG 397
#define ESP_FRAG 398
#define MODE_CFG 399
#define PFS_GROUP 400
#define LIFETIME 401
#define LIFETYPE_TIME 402
#define LIFETYPE_BYTE 403
#define STRENGTH 404
#define REMOTEID 405
#define SCRIPT 406
#define PHASE1_UP 407
#define PHASE1_DOWN 408
#define PHASE1_DEAD 409
#define NUMBER 410
#define SWITCH 411
#define BOOLEAN 412
#define HEXSTRING 413
#define QUOTEDSTRING 414
#define ADDRSTRING 415
#define ADDRRANGE 416
#define UNITTYPE_BYTE 417
#define UNITTYPE_KBYTES 418
#define UNITTYPE_MBYTES 419
#define UNITTYPE_TBYTES 420
#define UNITTYPE_SEC 421
#define UNITTYPE_MIN 422
#define UNITTYPE_HOUR 423
#define EOS 424
#define BOC 425
#define EOC 426
#define COMMA 427
#define YYERRCODE 256
typedef int YYINT;
static const YYINT racoonyylhs[] = {                     -1,
    0,    0,   14,   14,   14,   14,   14,   14,   14,   14,
   14,   14,   14,   14,   14,   14,   14,   15,   30,   30,
   32,   31,   33,   31,   34,   31,   35,   31,   36,   31,
   37,   16,   38,   29,   17,   18,   19,   20,   39,   21,
   40,   40,   42,   41,   43,   41,   44,   41,   45,   41,
   46,   41,   22,   47,   47,   49,   48,   50,   48,   51,
   48,   52,   48,   53,   48,   54,   48,   12,    5,    5,
   55,   24,   56,   56,   58,   57,   59,   57,   60,   57,
   61,   57,   62,   57,   63,   57,   64,   23,   65,   65,
   67,   66,   68,   66,   69,   66,   70,   66,   71,   66,
   72,   66,   73,   66,   74,   66,   75,   66,   76,   66,
   77,   66,   78,   66,   25,   79,   79,   81,   80,   82,
   80,   80,   80,   86,   80,   87,   80,   89,   80,   90,
   80,   91,   80,   92,   80,   93,   80,   94,   80,   96,
   80,   97,   80,   98,   80,   99,   80,  100,   80,  101,
   80,  102,   80,  103,   80,  104,   80,  105,   80,  106,
   80,  107,   80,  108,   80,  109,   80,  110,   80,   83,
   83,  111,   84,   84,  112,   85,   85,  113,   95,   95,
  114,   88,   88,  115,   26,  116,  116,  118,  117,  119,
  117,  120,  117,  121,  117,  122,  117,  123,  117,  125,
  128,   27,  124,  124,  124,  124,  124,  124,    9,    9,
    9,  126,  126,  126,  127,  127,  130,  129,  131,  129,
  132,  129,  133,  129,  135,  129,  134,  136,  134,   13,
    3,    3,    4,    4,    4,    6,    6,    6,    1,    1,
  138,   28,  140,   28,  141,   28,  142,   28,  137,  137,
  139,   11,   11,  143,  143,  145,  144,  147,  144,  148,
  144,  149,  144,  144,  151,  144,  152,  144,  153,  144,
  154,  144,  155,  144,  156,  144,  157,  144,  158,  144,
  159,  144,  160,  144,  161,  144,  162,  144,  163,  144,
  164,  144,  165,  144,  166,  144,  167,  144,  168,  144,
  169,  144,  170,  144,  171,  144,  172,  144,  173,  144,
  174,  144,  175,  144,  176,  144,  177,  144,  178,  144,
  179,  144,  180,  144,  181,  144,  182,  144,  183,  144,
  184,  144,  185,  144,  186,  144,  187,  144,  188,  144,
  189,  144,  190,  144,  191,  144,  192,  144,  193,  144,
  146,  146,  195,  150,  196,  150,    2,    2,   10,   10,
   10,  194,  194,  198,  197,  199,  197,  200,  197,  201,
  197,  202,  197,    7,    7,    7,    8,    8,    8,    8,
};
static const YYINT racoonyylen[] = {                      2,
    0,    2,    1,    1,    1,    1,    1,    1,    1,    1,
    1,    1,    1,    1,    1,    1,    1,    4,    0,    2,
    0,    4,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    5,    0,    4,    3,    3,    3,    3,    1,    4,
    0,    2,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    4,    0,    2,    0,    4,    0,    4,    0,
    7,    0,    4,    0,    4,    0,    3,    2,    0,    1,
    0,    5,    0,    2,    0,    5,    0,    6,    0,    5,
    0,    6,    0,    4,    0,    4,    0,    5,    0,    2,
    0,    4,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    4,    4,    0,    2,    0,    4,    0,
    4,    3,    3,    0,    5,    0,    5,    0,    4,    0,
    4,    0,    4,    0,    4,    0,    4,    0,    4,    0,
    4,    0,    4,    0,    4,    0,    4,    0,    4,    0,
    4,    0,    4,    0,    4,    0,    4,    0,    4,    0,
    4,    0,    4,    0,    4,    0,    4,    0,    4,    1,
    3,    1,    1,    3,    1,    1,    3,    2,    1,    3,
    1,    1,    3,    1,    4,    0,    2,    0,    4,    0,
    5,    0,    4,    0,    5,    0,    5,    0,    5,    0,
    0,    8,    1,    2,    2,    2,    2,    2,    5,    6,
    2,    0,    3,    2,    0,    2,    0,    4,    0,    4,
    0,    6,    0,    6,    0,    4,    1,    0,    4,    2,
    0,    1,    0,    1,    1,    1,    1,    1,    0,    1,
    0,    6,    0,    4,    0,    6,    0,    4,    1,    1,
    3,    2,    1,    0,    2,    0,    4,    0,    4,    0,
    4,    0,    4,    2,    0,    4,    0,    5,    0,    5,
    0,    4,    0,    5,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    5,    0,    6,    0,    4,    0,    5,
    0,    6,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    4,    0,    4,    0,    5,    0,    5,
    0,    5,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    4,    0,    4,    0,    4,    0,    4,
    0,    4,    0,    6,    0,    4,    0,    6,    0,    5,
    0,    2,    0,    5,    0,    4,    1,    1,    0,    1,
    1,    0,    2,    0,    6,    0,    6,    0,    4,    0,
    4,    0,    5,    1,    1,    1,    1,    1,    1,    1,
};
static const YYINT racoonyydefred[] = {                   1,
    0,    0,    0,    0,    0,    0,    0,    0,   87,   71,
    0,    0,  200,    0,    0,    0,    2,    3,    4,    5,
    6,    7,    8,    9,   10,   11,   12,   13,   14,   15,
   16,   17,   19,    0,    0,    0,   39,    0,   41,   54,
    0,    0,  116,  186,    0,    0,    0,    0,    0,  253,
    0,   33,    0,   31,   35,   36,   38,    0,    0,   89,
   73,    0,    0,    0,    0,    0,    0,   70,  252,    0,
    0,   68,    0,    0,   37,    0,    0,    0,    0,   18,
   20,    0,    0,    0,    0,    0,    0,   40,   42,    0,
    0,   66,    0,   53,   55,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,  115,  117,    0,    0,    0,    0,
    0,    0,  185,  187,  204,  205,  211,    0,  206,  207,
  208,    0,    0,    0,  241,  254,  244,  245,  248,   34,
   23,   21,   27,   25,   29,   32,   43,   45,   47,   49,
   51,   56,   58,    0,   64,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,   88,   90,
    0,    0,    0,    0,   72,   74,  118,  120,  172,    0,
    0,  175,    0,    0,  130,  132,  134,  136,  138,  181,
  140,    0,  142,  144,  148,  150,  152,  146,  164,  166,
  162,  168,  154,  160,    0,    0,  184,  128,    0,  156,
  158,  188,    0,  192,    0,    0,    0,  232,    0,    0,
  214,    0,  215,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,   67,    0,
    0,    0,   93,   95,   91,   97,  101,  103,   99,  105,
  107,  109,  111,  113,    0,    0,   83,   85,    0,    0,
  122,    0,  123,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,  176,    0,    0,    0,    0,
    0,    0,  374,  375,  376,  190,    0,  194,  196,  198,
    0,  234,  235,    0,  361,  360,  213,    0,  250,  242,
  249,    0,  258,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,  297,    0,    0,    0,
    0,    0,    0,  349,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,  251,  255,  246,
   24,   22,   28,   26,   30,   44,   46,   48,   50,   52,
   57,   59,   65,    0,   63,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,   75,    0,
   79,    0,    0,  119,  121,  171,  174,  131,  133,  135,
  137,  139,  141,  180,  143,  145,  149,  151,  153,  147,
  165,  167,  163,  169,  155,  161,  178,    0,    0,    0,
  129,  183,  157,  159,  189,    0,  193,    0,    0,    0,
    0,  237,  238,  236,  209,  225,    0,    0,    0,    0,
  216,  256,  351,  260,  262,    0,    0,  264,  271,    0,
    0,  265,    0,  275,  277,  279,  281,    0,    0,  293,
  295,    0,  299,  323,  327,  325,  345,  319,  317,  321,
    0,  329,  331,  333,  335,  341,  287,  315,  339,  337,
  303,  301,  305,  313,    0,    0,    0,   60,   94,   96,
   92,   98,  102,  104,  100,  106,  108,  110,  112,  114,
   77,    0,   81,    0,   84,   86,  177,  125,  127,  191,
  195,  197,  199,  210,    0,  357,  358,  217,    0,    0,
  219,  202,    0,    0,    0,    0,    0,  355,    0,  267,
  269,    0,  273,    0,    0,    0,    0,    0,  283,    0,
  289,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,  362,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,  307,  309,
  311,    0,    0,   76,    0,   80,    0,    0,    0,    0,
    0,    0,    0,  257,  352,  259,  261,  263,  353,    0,
  272,    0,    0,  266,    0,  276,  278,  280,  282,  285,
    0,  291,    0,  294,  296,  298,  300,  324,  328,  326,
  346,  320,  318,  322,    0,  330,  332,  334,  336,  342,
  288,  316,  340,  338,  304,  302,  306,  314,  343,  377,
  378,  379,  380,  347,    0,    0,    0,   61,   78,   82,
  240,  230,    0,  226,  218,  221,  223,  220,    0,  356,
  268,  270,  274,    0,  284,    0,  290,    0,    0,    0,
    0,  350,  363,    0,    0,  308,  310,  312,    0,    0,
    0,  354,  286,  292,    0,  368,  370,    0,    0,  344,
  348,  229,  222,  224,  372,    0,    0,    0,    0,    0,
  369,  371,  364,  366,  373,    0,    0,  365,  367,
};
static const YYINT racoonyydgoto[] = {                    1,
  632,  508,  220,  304,   69,  425,  296,  624,   66,  307,
   49,   50,  568,   17,   18,   19,   20,   21,   22,   23,
   24,   25,   26,   27,   28,   29,   30,   31,   32,   53,
   81,  228,  227,  230,  229,  231,   82,   76,   38,   58,
   89,  232,  233,  234,  235,  236,   59,   95,  237,  238,
  562,  242,  240,  154,   42,   97,  176,  492,  563,  494,
  565,  382,  383,   41,   96,  170,  368,  366,  367,  369,
  372,  370,  371,  373,  374,  375,  376,  377,   62,  116,
  259,  260,  180,  183,  285,  409,  410,  208,  288,  265,
  266,  267,  268,  269,  191,  270,  272,  273,  277,  274,
  275,  276,  282,  290,  291,  283,  280,  278,  279,  281,
  181,  184,  286,  192,  209,   63,  124,  292,  416,  297,
  418,  419,  420,   67,   45,  134,  308,  430,  431,  570,
  573,  660,  661,  569,  505,  633,  310,  224,  311,   71,
  226,   74,  225,  349,  513,  514,  433,  515,  516,  438,
  522,  582,  583,  519,  585,  524,  525,  526,  527,  591,
  644,  549,  593,  646,  532,  533,  452,  535,  554,  553,
  555,  625,  626,  627,  556,  550,  541,  540,  542,  536,
  538,  537,  544,  545,  546,  547,  552,  551,  548,  654,
  539,  655,  461,  605,  639,  580,  653,  686,  687,  676,
  677,  680,
};
static const YYINT racoonyysindex[] = {                   0,
 -193, -348, -174, -292, -306, -130, -266, -246,    0,    0,
 -244, -234,    0, -268, -217, -216,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0, -264, -220, -191,    0, -168,    0,    0,
 -219, -196,    0,    0, -252, -185, -146, -185, -108,    0,
 -164,    0, -251,    0,    0,    0,    0, -257, -258,    0,
    0, -256, -275, -231, -321, -242, -218,    0,    0, -171,
 -163,    0, -255, -163,    0, -159, -284, -282, -143,    0,
    0, -152, -138, -137, -134, -132, -131,    0,    0, -128,
 -128,    0, -261,    0,    0, -260, -259, -127, -126, -125,
 -124, -129, -122, -121, -200, -209, -136, -120, -118, -115,
 -165, -117, -114, -113,    0,    0, -111, -110, -109, -106,
 -105, -104,    0,    0,    0,    0,    0, -308,    0,    0,
    0, -112,  -80, -148,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0, -142,    0, -103, -102, -101, -100,  -99,
  -98,  -97,  -93,  -95,  -94,  -92,  -91,  -90,    0,    0,
  -89,  -88,  -96,  -83,    0,    0,    0,    0,    0, -141,
 -149,    0, -116,  -86,    0,    0,    0,    0,    0,    0,
    0,  -84,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,  -85,  -85,    0,    0,  -82,    0,
    0,    0, -201,    0, -201, -201, -201,    0,  -79, -195,
    0, -199,    0, -172, -140, -172,  -78,  -77,  -76,  -75,
  -74,  -73,  -72,  -71,  -70,  -69,  -67,  -66,    0,  -65,
  -81,  -64,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0, -265, -262,    0,    0,  -63,  -62,
    0, -125,    0, -124,  -61,  -60,  -59,  -58,  -57,  -56,
 -121,  -55,  -54,  -53,  -52,  -51,  -50,  -49,  -48,  -47,
  -46,  -45,  -44,  -11,  -43,    0,  -43,  -42, -117,  -41,
  -39,  -38,    0,    0,    0,    0,  -37,    0,    0,    0,
 -195,    0,    0, -238,    0,    0,    0, -289,    0,    0,
    0, -128,    0,  -23,  -18, -107, -270,  -32,  -22,  -21,
  -20,  -19,  -24,  -17,  -16,  -14,    0,  -13,  -12, -293,
  -68, -310,  -10,    0,   -9,   -7,   -6,   -5,   -4, -199,
   -3, -288, -286,   -1,    1, -139,  -26,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    3,    0,  -31,  -30,  -27,   -8,   -2,
    2,    4,    5,    6,    7,    8,    9,   10,    0,   11,
    0,   12,   13,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,  -85,   14,   15,
    0,    0,    0,    0,    0,   16,    0,   17,   18,   19,
 -238,    0,    0,    0,    0,    0, -254, -135,   24, -145,
    0,    0,    0,    0,    0,   21,   30,    0,    0,   31,
   32,    0,   33,    0,    0,    0,    0, -281, -277,    0,
    0, -254,    0,    0,    0,    0,    0,    0,    0,    0,
  -25,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,   38,   39, -167,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,   26,    0,   27,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,   75,    0,    0,    0,   42,   43,
    0,    0,   34, -303,   35,   36,   40,    0,   37,    0,
    0,   41,    0,   44,   45,   46,   47, -199,    0, -199,
    0,   48,   49,   50,   51,   52,   53,   54,   55,   56,
   57,   58,    0,   59,   60,   61,   62,   64,   65,   66,
   67,   68,   69,   70,   71,   72, -201, -181,    0,    0,
    0,   73,   74,    0,   76,    0,   77,    0,   78,   79,
 -201, -181,   80,    0,    0,    0,    0,    0,    0,   81,
    0,   82,   83,    0,   84,    0,    0,    0,    0,    0,
   85,    0,   86,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0, -291,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,   87,   88,   89,    0,    0,    0,
    0,    0,   28,    0,    0,    0,    0,    0,   90,    0,
    0,    0,    0,   91,    0,   92,    0,   95, -254,  103,
 -133,    0,    0,   94,   96,    0,    0,    0,   75,   97,
   98,    0,    0,    0,   77,    0,    0,  109,  113,    0,
    0,    0,    0,    0,    0,  100,  101, -201, -181,  102,
    0,    0,    0,    0,    0,  104,  105,    0,    0,
};
static const YYINT racoonyyrindex[] = {                   0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0, -305,  -15, -305,  106,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0, -249,    0,    0,  107,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0, -232,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,  110,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
  111,    0,    0,  112,    0,    0,    0,    0,    0,    0,
    0,  114,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,  115,    0,
    0,    0,    0,    0,    0,    0,    0,    0, -232, -213,
    0,  108,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,  116,    0,  117,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
 -213,    0,    0,    0,    0,    0,    0, -119,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,  -70,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,  -70,  -70,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,  -70,    0,  -70,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0, -285, -247,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0, -142,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,
};
static const YYINT racoonyygindex[] = {                   0,
 -381, -447,  120,  119,  284,  121, -215, -539,   63, -334,
  261,  -87,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,  149,  150,  129,    0,    0,  126,    0,    0,
    0,    0,    0,    0,  146,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,   93,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0, -323,    0,    0,  192,    0,  118,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
    0,    0,
};
#define YYTABLESIZE 542
static const YYINT racoonyytable[] = {                  298,
  299,  300,  152,  153,  534,  467,   77,   78,   79,  203,
   83,   84,   85,   86,   87,   90,   91,  155,   92,   93,
  157,  158,  159,  160,  161,  162,  163,  164,  165,  166,
  167,  168,  637,   69,  171,  172,  173,  174,  575,  648,
  132,  426,   98,   99,  100,  101,  102,  103,  104,  117,
  118,  119,  120,  121,  122,  105,  106,  107,  108,  109,
  110,  111,  458,    2,  112,  113,  114,    3,   46,    4,
    5,    6,  649,    7,  528,  455,   33,  506,  530,    8,
  469,   46,  471,  218,   64,  203,    9,   34,  650,  439,
  440,  441,  127,  128,  129,  130,  195,  196,  197,   10,
  459,  198,   65,   36,   11,  193,  125,  219,  194,  651,
  427,  428,   65,  529,  531,  429,  133,  456,   69,   69,
  576,   35,  470,   65,  472,  141,  126,  143,  131,  142,
   12,  144,  305,  306,  652,   37,  305,  306,  239,  684,
   13,  239,   14,  442,  378,   47,   48,  380,  379,   54,
  123,  381,  156,  205,  206,  507,  422,  423,   39,   48,
  231,  231,  231,  231,   51,  169,  175,   94,   88,  115,
  199,  424,  200,  201,   80,  203,  227,  231,   40,  228,
   43,  233,  233,  186,  187,  188,  189,   15,  137,   16,
   44,  139,   70,  590,   52,  592,  233,  302,  303,  312,
  313,  666,  314,   55,  315,   60,  316,   68,  317,  318,
  319,  320,  321,  322,  305,  306,  323,  324,  325,  293,
  294,  295,  326,  327,  432,  328,  329,  330,   61,  331,
   73,  332,   56,  333,  334,  620,  621,  622,  623,  559,
  560,  561,  135,  335,  336,  337,  338,  339,  340,  341,
  342,  309,  136,  436,  437,   57,  343,  344,  345,   75,
  346,  136,  475,  476,  140,  347,  509,  510,  668,  669,
  145,  146,  147,  148,  222,  149,  223,  262,  150,  151,
  512,  239,  261,  675,  185,  348,   48,  177,  178,  179,
  182,  203,  190,  202,  204,  210,  207,  211,  212,  213,
  214,  221,  457,  215,  216,  217,  201,  263,  244,  245,
  241,  243,  218,  257,  246,  247,  248,  249,  250,  251,
  434,  252,  253,  254,  255,  256,  258,  435,  443,  284,
  448,   72,  364,  138,  287,  672,    0,  449,  301,    0,
  264,  619,  271,    0,  289,  351,  352,  353,  354,  355,
  356,  357,  358,  359,  360,  636,  361,  362,  363,  365,
  384,  385,  388,  389,  390,  391,  392,  393,  395,  396,
  397,  398,  399,  400,  401,  402,  403,  404,  405,  406,
  407,  411,  413,  408,  414,  415,  417,  477,  444,  445,
  446,  447,  479,  480,  450,  451,  481,  453,  454,  543,
  460,  462,  463,  464,  465,  466,  567,  468,  473,  243,
  386,  474,  478,  387,  412,  482,  394,  350,    0,  421,
    0,  483,    0,  491,  493,  484,  665,  485,  486,  487,
  488,  489,  490,  511,  517,  495,  496,  498,  499,  500,
  501,  502,  503,  518,  520,  521,  523,  557,  558,  564,
  566,  571,  572,  579,  659,    0,    0,  574,  577,  578,
  581,    0,  683,    0,  584,    0,    0,  586,  587,  588,
  589,  594,  595,  596,  597,  598,  599,  600,  601,  602,
  603,  604,  606,  607,  608,  609,  631,  610,  611,  612,
  613,  614,  615,  616,  617,  618,  628,  629,    0,  630,
  497,  634,  635,  638,  640,  641,  642,  643,  645,  647,
  656,  657,  658,  662,  663,  664,  667,  670,  678,  671,
  673,  674,  679,  681,  682,  685,    0,  688,  689,    0,
  247,  212,  359,   62,  170,  173,    0,  179,  182,  124,
  126,  504,
};
static const YYINT racoonyycheck[] = {                  215,
  216,  217,   90,   91,  452,  340,  258,  259,  260,  259,
  268,  269,  270,  271,  272,  274,  275,  279,  277,  278,
  281,  282,  283,  284,  285,  286,  287,  288,  289,  290,
  291,  292,  572,  339,  294,  295,  296,  297,  342,  331,
  259,  331,  299,  300,  301,  302,  303,  304,  305,  325,
  326,  327,  328,  329,  330,  312,  313,  314,  315,  316,
  317,  318,  373,  257,  321,  322,  323,  261,  337,  263,
  264,  265,  364,  267,  356,  369,  425,  332,  356,  273,
  369,  337,  369,  392,  337,  335,  280,  262,  380,  360,
  361,  362,  414,  415,  337,  338,  306,  307,  308,  293,
  411,  311,  355,  410,  298,  306,  338,  416,  309,  401,
  400,  401,  355,  448,  449,  405,  335,  411,  424,  425,
  424,  414,  411,  355,  411,  410,   64,  410,   66,  414,
  324,  414,  414,  415,  426,  266,  414,  415,  424,  679,
  334,  427,  336,  414,  410,  414,  415,  410,  414,  414,
  426,  414,  414,  319,  320,  410,  395,  396,  425,  415,
  393,  394,  395,  396,  382,  426,  426,  426,  426,  426,
  307,  410,  309,  310,  426,  425,  424,  410,  425,  427,
  425,  395,  396,  306,  307,  308,  309,  381,   71,  383,
  425,   74,  339,  528,  411,  530,  410,  393,  394,  340,
  341,  649,  343,  424,  345,  425,  347,  393,  349,  350,
  351,  352,  353,  354,  414,  415,  357,  358,  359,  421,
  422,  423,  363,  364,  312,  366,  367,  368,  425,  370,
  339,  372,  424,  374,  375,  417,  418,  419,  420,  407,
  408,  409,  414,  384,  385,  386,  387,  388,  389,  390,
  391,  424,  425,  361,  362,  424,  397,  398,  399,  424,
  401,  425,  402,  403,  424,  406,  402,  403,  402,  403,
  414,  424,  411,  411,  355,  410,  425,  427,  411,  411,
  426,  424,  424,  665,  414,  426,  415,  415,  415,  415,
  415,  410,  414,  414,  410,  410,  414,  411,  410,  410,
  410,  414,  371,  410,  410,  410,  426,  424,  410,  410,
  414,  414,  392,  410,  414,  414,  414,  411,  414,  414,
  344,  414,  414,  414,  414,  414,  410,  346,  361,  415,
  355,   48,  414,   73,  206,  659,   -1,  355,  219,   -1,
  427,  557,  427,   -1,  427,  424,  424,  424,  424,  424,
  424,  424,  424,  424,  424,  571,  424,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  424,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  424,  424,  424,  424,
  392,  424,  424,  427,  424,  424,  424,  414,  411,  411,
  411,  411,  424,  424,  411,  410,  424,  411,  411,  425,
  411,  411,  410,  410,  410,  410,  332,  411,  410,  425,
  262,  411,  410,  264,  289,  424,  271,  226,   -1,  301,
   -1,  424,   -1,  414,  414,  424,  332,  424,  424,  424,
  424,  424,  424,  410,  414,  424,  424,  424,  424,  424,
  424,  424,  424,  414,  414,  414,  414,  410,  410,  424,
  424,  410,  410,  414,  427,   -1,   -1,  424,  424,  424,
  424,   -1,  678,   -1,  424,   -1,   -1,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  424,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  410,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  424,  424,   -1,  424,
  408,  424,  424,  424,  424,  424,  424,  424,  424,  424,
  424,  424,  424,  424,  424,  424,  414,  424,  410,  424,
  424,  424,  410,  424,  424,  424,   -1,  424,  424,   -1,
  425,  425,  425,  424,  424,  424,   -1,  424,  424,  424,
  424,  421,
};
#define YYFINAL 1
#ifndef YYDEBUG
#define YYDEBUG 0
#endif
#define YYMAXTOKEN 427
#define YYUNDFTOKEN 632
#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))
#if YYDEBUG
static const char *const racoonyyname[] = {

"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"PRIVSEP","USER","GROUP","CHROOT",
"PATH","PATHTYPE","INCLUDE","PFKEY_BUFFER","LOGGING","LOGLEV","PADDING",
"PAD_RANDOMIZE","PAD_RANDOMIZELEN","PAD_MAXLEN","PAD_STRICT","PAD_EXCLTAIL",
"LISTEN","X_ISAKMP","X_ISAKMP_NATT","X_ADMIN","STRICT_ADDRESS","ADMINSOCK",
"DISABLED","LDAPCFG","LDAP_HOST","LDAP_PORT","LDAP_PVER","LDAP_BASE",
"LDAP_BIND_DN","LDAP_BIND_PW","LDAP_SUBTREE","LDAP_ATTR_USER","LDAP_ATTR_ADDR",
"LDAP_ATTR_MASK","LDAP_ATTR_GROUP","LDAP_ATTR_MEMBER","RADCFG","RAD_AUTH",
"RAD_ACCT","RAD_TIMEOUT","RAD_RETRIES","MODECFG","CFG_NET4","CFG_MASK4",
"CFG_DNS4","CFG_NBNS4","CFG_DEFAULT_DOMAIN","CFG_AUTH_SOURCE","CFG_AUTH_GROUPS",
"CFG_SYSTEM","CFG_RADIUS","CFG_PAM","CFG_LDAP","CFG_LOCAL","CFG_NONE",
"CFG_GROUP_SOURCE","CFG_ACCOUNTING","CFG_CONF_SOURCE","CFG_MOTD",
"CFG_POOL_SIZE","CFG_AUTH_THROTTLE","CFG_SPLIT_NETWORK","CFG_SPLIT_LOCAL",
"CFG_SPLIT_INCLUDE","CFG_SPLIT_DNS","CFG_PFS_GROUP","CFG_SAVE_PASSWD","RETRY",
"RETRY_COUNTER","RETRY_INTERVAL","RETRY_PERSEND","RETRY_PHASE1","RETRY_PHASE2",
"NATT_KA","ALGORITHM_CLASS","ALGORITHMTYPE","STRENGTHTYPE","SAINFO","FROM",
"REMOTE","ANONYMOUS","CLIENTADDR","INHERIT","REMOTE_ADDRESS","EXCHANGE_MODE",
"EXCHANGETYPE","DOI","DOITYPE","SITUATION","SITUATIONTYPE","CERTIFICATE_TYPE",
"CERTTYPE","PEERS_CERTFILE","CA_TYPE","VERIFY_CERT","SEND_CERT","SEND_CR",
"MATCH_EMPTY_CR","IDENTIFIERTYPE","IDENTIFIERQUAL","MY_IDENTIFIER",
"PEERS_IDENTIFIER","VERIFY_IDENTIFIER","DNSSEC","CERT_X509","CERT_PLAINRSA",
"NONCE_SIZE","DH_GROUP","KEEPALIVE","PASSIVE","INITIAL_CONTACT","NAT_TRAVERSAL",
"REMOTE_FORCE_LEVEL","PROPOSAL_CHECK","PROPOSAL_CHECK_LEVEL","GENERATE_POLICY",
"GENERATE_LEVEL","SUPPORT_PROXY","PROPOSAL","EXEC_PATH","EXEC_COMMAND",
"EXEC_SUCCESS","EXEC_FAILURE","GSS_ID","GSS_ID_ENC","GSS_ID_ENCTYPE",
"COMPLEX_BUNDLE","DPD","DPD_DELAY","DPD_RETRY","DPD_MAXFAIL","PH1ID",
"XAUTH_LOGIN","WEAK_PHASE1_CHECK","REKEY","PREFIX","PORT","PORTANY","UL_PROTO",
"ANY","IKE_FRAG","ESP_FRAG","MODE_CFG","PFS_GROUP","LIFETIME","LIFETYPE_TIME",
"LIFETYPE_BYTE","STRENGTH","REMOTEID","SCRIPT","PHASE1_UP","PHASE1_DOWN",
"PHASE1_DEAD","NUMBER","SWITCH","BOOLEAN","HEXSTRING","QUOTEDSTRING",
"ADDRSTRING","ADDRRANGE","UNITTYPE_BYTE","UNITTYPE_KBYTES","UNITTYPE_MBYTES",
"UNITTYPE_TBYTES","UNITTYPE_SEC","UNITTYPE_MIN","UNITTYPE_HOUR","EOS","BOC",
"EOC","COMMA",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol",
};
static const char *const racoonyyrule[] = {
"$accept : statements",
"statements :",
"statements : statements statement",
"statement : privsep_statement",
"statement : path_statement",
"statement : include_statement",
"statement : pfkey_statement",
"statement : gssenc_statement",
"statement : logging_statement",
"statement : padding_statement",
"statement : listen_statement",
"statement : ldapcfg_statement",
"statement : radcfg_statement",
"statement : modecfg_statement",
"statement : timer_statement",
"statement : sainfo_statement",
"statement : remote_statement",
"statement : special_statement",
"privsep_statement : PRIVSEP BOC privsep_stmts EOC",
"privsep_stmts :",
"privsep_stmts : privsep_stmts privsep_stmt",
"$$1 :",
"privsep_stmt : USER QUOTEDSTRING $$1 EOS",
"$$2 :",
"privsep_stmt : USER NUMBER $$2 EOS",
"$$3 :",
"privsep_stmt : GROUP QUOTEDSTRING $$3 EOS",
"$$4 :",
"privsep_stmt : GROUP NUMBER $$4 EOS",
"$$5 :",
"privsep_stmt : CHROOT QUOTEDSTRING $$5 EOS",
"$$6 :",
"path_statement : PATH PATHTYPE QUOTEDSTRING $$6 EOS",
"$$7 :",
"special_statement : COMPLEX_BUNDLE SWITCH $$7 EOS",
"include_statement : INCLUDE QUOTEDSTRING EOS",
"pfkey_statement : PFKEY_BUFFER NUMBER EOS",
"gssenc_statement : GSS_ID_ENC GSS_ID_ENCTYPE EOS",
"logging_statement : LOGGING log_level EOS",
"log_level : LOGLEV",
"padding_statement : PADDING BOC padding_stmts EOC",
"padding_stmts :",
"padding_stmts : padding_stmts padding_stmt",
"$$8 :",
"padding_stmt : PAD_RANDOMIZE SWITCH $$8 EOS",
"$$9 :",
"padding_stmt : PAD_RANDOMIZELEN SWITCH $$9 EOS",
"$$10 :",
"padding_stmt : PAD_MAXLEN NUMBER $$10 EOS",
"$$11 :",
"padding_stmt : PAD_STRICT SWITCH $$11 EOS",
"$$12 :",
"padding_stmt : PAD_EXCLTAIL SWITCH $$12 EOS",
"listen_statement : LISTEN BOC listen_stmts EOC",
"listen_stmts :",
"listen_stmts : listen_stmts listen_stmt",
"$$13 :",
"listen_stmt : X_ISAKMP ike_addrinfo_port $$13 EOS",
"$$14 :",
"listen_stmt : X_ISAKMP_NATT ike_addrinfo_port $$14 EOS",
"$$15 :",
"listen_stmt : ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER $$15 EOS",
"$$16 :",
"listen_stmt : ADMINSOCK QUOTEDSTRING $$16 EOS",
"$$17 :",
"listen_stmt : ADMINSOCK DISABLED $$17 EOS",
"$$18 :",
"listen_stmt : STRICT_ADDRESS $$18 EOS",
"ike_addrinfo_port : ADDRSTRING ike_port",
"ike_port :",
"ike_port : PORT",
"$$19 :",
"radcfg_statement : RADCFG $$19 BOC radcfg_stmts EOC",
"radcfg_stmts :",
"radcfg_stmts : radcfg_stmts radcfg_stmt",
"$$20 :",
"radcfg_stmt : RAD_AUTH QUOTEDSTRING QUOTEDSTRING $$20 EOS",
"$$21 :",
"radcfg_stmt : RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING $$21 EOS",
"$$22 :",
"radcfg_stmt : RAD_ACCT QUOTEDSTRING QUOTEDSTRING $$22 EOS",
"$$23 :",
"radcfg_stmt : RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING $$23 EOS",
"$$24 :",
"radcfg_stmt : RAD_TIMEOUT NUMBER $$24 EOS",
"$$25 :",
"radcfg_stmt : RAD_RETRIES NUMBER $$25 EOS",
"$$26 :",
"ldapcfg_statement : LDAPCFG $$26 BOC ldapcfg_stmts EOC",
"ldapcfg_stmts :",
"ldapcfg_stmts : ldapcfg_stmts ldapcfg_stmt",
"$$27 :",
"ldapcfg_stmt : LDAP_PVER NUMBER $$27 EOS",
"$$28 :",
"ldapcfg_stmt : LDAP_HOST QUOTEDSTRING $$28 EOS",
"$$29 :",
"ldapcfg_stmt : LDAP_PORT NUMBER $$29 EOS",
"$$30 :",
"ldapcfg_stmt : LDAP_BASE QUOTEDSTRING $$30 EOS",
"$$31 :",
"ldapcfg_stmt : LDAP_SUBTREE SWITCH $$31 EOS",
"$$32 :",
"ldapcfg_stmt : LDAP_BIND_DN QUOTEDSTRING $$32 EOS",
"$$33 :",
"ldapcfg_stmt : LDAP_BIND_PW QUOTEDSTRING $$33 EOS",
"$$34 :",
"ldapcfg_stmt : LDAP_ATTR_USER QUOTEDSTRING $$34 EOS",
"$$35 :",
"ldapcfg_stmt : LDAP_ATTR_ADDR QUOTEDSTRING $$35 EOS",
"$$36 :",
"ldapcfg_stmt : LDAP_ATTR_MASK QUOTEDSTRING $$36 EOS",
"$$37 :",
"ldapcfg_stmt : LDAP_ATTR_GROUP QUOTEDSTRING $$37 EOS",
"$$38 :",
"ldapcfg_stmt : LDAP_ATTR_MEMBER QUOTEDSTRING $$38 EOS",
"modecfg_statement : MODECFG BOC modecfg_stmts EOC",
"modecfg_stmts :",
"modecfg_stmts : modecfg_stmts modecfg_stmt",
"$$39 :",
"modecfg_stmt : CFG_NET4 ADDRSTRING $$39 EOS",
"$$40 :",
"modecfg_stmt : CFG_MASK4 ADDRSTRING $$40 EOS",
"modecfg_stmt : CFG_DNS4 addrdnslist EOS",
"modecfg_stmt : CFG_NBNS4 addrwinslist EOS",
"$$41 :",
"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL splitnetlist $$41 EOS",
"$$42 :",
"modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_INCLUDE splitnetlist $$42 EOS",
"$$43 :",
"modecfg_stmt : CFG_SPLIT_DNS splitdnslist $$43 EOS",
"$$44 :",
"modecfg_stmt : CFG_DEFAULT_DOMAIN QUOTEDSTRING $$44 EOS",
"$$45 :",
"modecfg_stmt : CFG_AUTH_SOURCE CFG_SYSTEM $$45 EOS",
"$$46 :",
"modecfg_stmt : CFG_AUTH_SOURCE CFG_RADIUS $$46 EOS",
"$$47 :",
"modecfg_stmt : CFG_AUTH_SOURCE CFG_PAM $$47 EOS",
"$$48 :",
"modecfg_stmt : CFG_AUTH_SOURCE CFG_LDAP $$48 EOS",
"$$49 :",
"modecfg_stmt : CFG_AUTH_GROUPS authgrouplist $$49 EOS",
"$$50 :",
"modecfg_stmt : CFG_GROUP_SOURCE CFG_SYSTEM $$50 EOS",
"$$51 :",
"modecfg_stmt : CFG_GROUP_SOURCE CFG_LDAP $$51 EOS",
"$$52 :",
"modecfg_stmt : CFG_ACCOUNTING CFG_NONE $$52 EOS",
"$$53 :",
"modecfg_stmt : CFG_ACCOUNTING CFG_SYSTEM $$53 EOS",
"$$54 :",
"modecfg_stmt : CFG_ACCOUNTING CFG_RADIUS $$54 EOS",
"$$55 :",
"modecfg_stmt : CFG_ACCOUNTING CFG_PAM $$55 EOS",
"$$56 :",
"modecfg_stmt : CFG_POOL_SIZE NUMBER $$56 EOS",
"$$57 :",
"modecfg_stmt : CFG_PFS_GROUP NUMBER $$57 EOS",
"$$58 :",
"modecfg_stmt : CFG_SAVE_PASSWD SWITCH $$58 EOS",
"$$59 :",
"modecfg_stmt : CFG_AUTH_THROTTLE NUMBER $$59 EOS",
"$$60 :",
"modecfg_stmt : CFG_CONF_SOURCE CFG_LOCAL $$60 EOS",
"$$61 :",
"modecfg_stmt : CFG_CONF_SOURCE CFG_RADIUS $$61 EOS",
"$$62 :",
"modecfg_stmt : CFG_CONF_SOURCE CFG_LDAP $$62 EOS",
"$$63 :",
"modecfg_stmt : CFG_MOTD QUOTEDSTRING $$63 EOS",
"addrdnslist : addrdns",
"addrdnslist : addrdns COMMA addrdnslist",
"addrdns : ADDRSTRING",
"addrwinslist : addrwins",
"addrwinslist : addrwins COMMA addrwinslist",
"addrwins : ADDRSTRING",
"splitnetlist : splitnet",
"splitnetlist : splitnetlist COMMA splitnet",
"splitnet : ADDRSTRING PREFIX",
"authgrouplist : authgroup",
"authgrouplist : authgroup COMMA authgrouplist",
"authgroup : QUOTEDSTRING",
"splitdnslist : splitdns",
"splitdnslist : splitdns COMMA splitdnslist",
"splitdns : QUOTEDSTRING",
"timer_statement : RETRY BOC timer_stmts EOC",
"timer_stmts :",
"timer_stmts : timer_stmts timer_stmt",
"$$64 :",
"timer_stmt : RETRY_COUNTER NUMBER $$64 EOS",
"$$65 :",
"timer_stmt : RETRY_INTERVAL NUMBER unittype_time $$65 EOS",
"$$66 :",
"timer_stmt : RETRY_PERSEND NUMBER $$66 EOS",
"$$67 :",
"timer_stmt : RETRY_PHASE1 NUMBER unittype_time $$67 EOS",
"$$68 :",
"timer_stmt : RETRY_PHASE2 NUMBER unittype_time $$68 EOS",
"$$69 :",
"timer_stmt : NATT_KA NUMBER unittype_time $$69 EOS",
"$$70 :",
"$$71 :",
"sainfo_statement : SAINFO $$70 sainfo_name sainfo_param BOC sainfo_specs $$71 EOC",
"sainfo_name : ANONYMOUS",
"sainfo_name : ANONYMOUS CLIENTADDR",
"sainfo_name : ANONYMOUS sainfo_id",
"sainfo_name : sainfo_id ANONYMOUS",
"sainfo_name : sainfo_id CLIENTADDR",
"sainfo_name : sainfo_id sainfo_id",
"sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto",
"sainfo_id : IDENTIFIERTYPE ADDRSTRING ADDRRANGE prefix port ul_proto",
"sainfo_id : IDENTIFIERTYPE QUOTEDSTRING",
"sainfo_param :",
"sainfo_param : FROM IDENTIFIERTYPE identifierstring",
"sainfo_param : GROUP QUOTEDSTRING",
"sainfo_specs :",
"sainfo_specs : sainfo_specs sainfo_spec",
"$$72 :",
"sainfo_spec : PFS_GROUP dh_group_num $$72 EOS",
"$$73 :",
"sainfo_spec : REMOTEID NUMBER $$73 EOS",
"$$74 :",
"sainfo_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$74 EOS",
"$$75 :",
"sainfo_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$75 EOS",
"$$76 :",
"sainfo_spec : ALGORITHM_CLASS $$76 algorithms EOS",
"algorithms : algorithm",
"$$77 :",
"algorithms : algorithm $$77 COMMA algorithms",
"algorithm : ALGORITHMTYPE keylength",
"prefix :",
"prefix : PREFIX",
"port :",
"port : PORT",
"port : PORTANY",
"ul_proto : NUMBER",
"ul_proto : UL_PROTO",
"ul_proto : ANY",
"keylength :",
"keylength : NUMBER",
"$$78 :",
"remote_statement : REMOTE QUOTEDSTRING INHERIT QUOTEDSTRING $$78 remote_specs_inherit_block",
"$$79 :",
"remote_statement : REMOTE QUOTEDSTRING $$79 remote_specs_block",
"$$80 :",
"remote_statement : REMOTE remote_index INHERIT remote_index $$80 remote_specs_inherit_block",
"$$81 :",
"remote_statement : REMOTE remote_index $$81 remote_specs_block",
"remote_specs_inherit_block : remote_specs_block",
"remote_specs_inherit_block : EOS",
"remote_specs_block : BOC remote_specs EOC",
"remote_index : ANONYMOUS ike_port",
"remote_index : ike_addrinfo_port",
"remote_specs :",
"remote_specs : remote_specs remote_spec",
"$$82 :",
"remote_spec : REMOTE_ADDRESS ike_addrinfo_port $$82 EOS",
"$$83 :",
"remote_spec : EXCHANGE_MODE $$83 exchange_types EOS",
"$$84 :",
"remote_spec : DOI DOITYPE $$84 EOS",
"$$85 :",
"remote_spec : SITUATION SITUATIONTYPE $$85 EOS",
"remote_spec : CERTIFICATE_TYPE cert_spec",
"$$86 :",
"remote_spec : PEERS_CERTFILE QUOTEDSTRING $$86 EOS",
"$$87 :",
"remote_spec : PEERS_CERTFILE CERT_X509 QUOTEDSTRING $$87 EOS",
"$$88 :",
"remote_spec : PEERS_CERTFILE CERT_PLAINRSA QUOTEDSTRING $$88 EOS",
"$$89 :",
"remote_spec : PEERS_CERTFILE DNSSEC $$89 EOS",
"$$90 :",
"remote_spec : CA_TYPE CERT_X509 QUOTEDSTRING $$90 EOS",
"$$91 :",
"remote_spec : VERIFY_CERT SWITCH $$91 EOS",
"$$92 :",
"remote_spec : SEND_CERT SWITCH $$92 EOS",
"$$93 :",
"remote_spec : SEND_CR SWITCH $$93 EOS",
"$$94 :",
"remote_spec : MATCH_EMPTY_CR SWITCH $$94 EOS",
"$$95 :",
"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE identifierstring $$95 EOS",
"$$96 :",
"remote_spec : MY_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$96 EOS",
"$$97 :",
"remote_spec : XAUTH_LOGIN identifierstring $$97 EOS",
"$$98 :",
"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring $$98 EOS",
"$$99 :",
"remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$99 EOS",
"$$100 :",
"remote_spec : VERIFY_IDENTIFIER SWITCH $$100 EOS",
"$$101 :",
"remote_spec : NONCE_SIZE NUMBER $$101 EOS",
"$$102 :",
"remote_spec : DH_GROUP $$102 dh_group_num EOS",
"$$103 :",
"remote_spec : PASSIVE SWITCH $$103 EOS",
"$$104 :",
"remote_spec : IKE_FRAG SWITCH $$104 EOS",
"$$105 :",
"remote_spec : IKE_FRAG REMOTE_FORCE_LEVEL $$105 EOS",
"$$106 :",
"remote_spec : ESP_FRAG NUMBER $$106 EOS",
"$$107 :",
"remote_spec : SCRIPT QUOTEDSTRING PHASE1_UP $$107 EOS",
"$$108 :",
"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DOWN $$108 EOS",
"$$109 :",
"remote_spec : SCRIPT QUOTEDSTRING PHASE1_DEAD $$109 EOS",
"$$110 :",
"remote_spec : MODE_CFG SWITCH $$110 EOS",
"$$111 :",
"remote_spec : WEAK_PHASE1_CHECK SWITCH $$111 EOS",
"$$112 :",
"remote_spec : GENERATE_POLICY SWITCH $$112 EOS",
"$$113 :",
"remote_spec : GENERATE_POLICY GENERATE_LEVEL $$113 EOS",
"$$114 :",
"remote_spec : SUPPORT_PROXY SWITCH $$114 EOS",
"$$115 :",
"remote_spec : INITIAL_CONTACT SWITCH $$115 EOS",
"$$116 :",
"remote_spec : NAT_TRAVERSAL SWITCH $$116 EOS",
"$$117 :",
"remote_spec : NAT_TRAVERSAL REMOTE_FORCE_LEVEL $$117 EOS",
"$$118 :",
"remote_spec : DPD SWITCH $$118 EOS",
"$$119 :",
"remote_spec : DPD_DELAY NUMBER $$119 EOS",
"$$120 :",
"remote_spec : DPD_RETRY NUMBER $$120 EOS",
"$$121 :",
"remote_spec : DPD_MAXFAIL NUMBER $$121 EOS",
"$$122 :",
"remote_spec : REKEY SWITCH $$122 EOS",
"$$123 :",
"remote_spec : REKEY REMOTE_FORCE_LEVEL $$123 EOS",
"$$124 :",
"remote_spec : PH1ID NUMBER $$124 EOS",
"$$125 :",
"remote_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$125 EOS",
"$$126 :",
"remote_spec : PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL $$126 EOS",
"$$127 :",
"remote_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$127 EOS",
"$$128 :",
"remote_spec : PROPOSAL $$128 BOC isakmpproposal_specs EOC",
"exchange_types :",
"exchange_types : exchange_types EXCHANGETYPE",
"$$129 :",
"cert_spec : CERT_X509 QUOTEDSTRING QUOTEDSTRING $$129 EOS",
"$$130 :",
"cert_spec : CERT_PLAINRSA QUOTEDSTRING $$130 EOS",
"dh_group_num : ALGORITHMTYPE",
"dh_group_num : NUMBER",
"identifierstring :",
"identifierstring : ADDRSTRING",
"identifierstring : QUOTEDSTRING",
"isakmpproposal_specs :",
"isakmpproposal_specs : isakmpproposal_specs isakmpproposal_spec",
"$$131 :",
"isakmpproposal_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$131 EOS",
"$$132 :",
"isakmpproposal_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$132 EOS",
"$$133 :",
"isakmpproposal_spec : DH_GROUP dh_group_num $$133 EOS",
"$$134 :",
"isakmpproposal_spec : GSS_ID QUOTEDSTRING $$134 EOS",
"$$135 :",
"isakmpproposal_spec : ALGORITHM_CLASS ALGORITHMTYPE keylength $$135 EOS",
"unittype_time : UNITTYPE_SEC",
"unittype_time : UNITTYPE_MIN",
"unittype_time : UNITTYPE_HOUR",
"unittype_byte : UNITTYPE_BYTE",
"unittype_byte : UNITTYPE_KBYTES",
"unittype_byte : UNITTYPE_MBYTES",
"unittype_byte : UNITTYPE_TBYTES",

};
#endif

int      yydebug;
int      yynerrs;

int      yyerrflag;
int      yychar;
YYSTYPE  yyval;
YYSTYPE  yylval;

/* define the initial stack-sizes */
#ifdef YYSTACKSIZE
#undef YYMAXDEPTH
#define YYMAXDEPTH  YYSTACKSIZE
#else
#ifdef YYMAXDEPTH
#define YYSTACKSIZE YYMAXDEPTH
#else
#define YYSTACKSIZE 10000
#define YYMAXDEPTH  10000
#endif
#endif

#define YYINITSTACKSIZE 200

typedef struct {
    unsigned stacksize;
    YYINT    *s_base;
    YYINT    *s_mark;
    YYINT    *s_last;
    YYSTYPE  *l_base;
    YYSTYPE  *l_mark;
} YYSTACKDATA;
/* variables for the parser stack */
static YYSTACKDATA yystack;
#line 2399 "../../ipsec-tools/src/racoon/cfparse.y"

static struct secprotospec *
newspspec()
{
	struct secprotospec *new;

	new = racoon_calloc(1, sizeof(*new));
	if (new == NULL) {
		yyerror("failed to allocate spproto");
		return NULL;
	}

	new->encklen = 0;	/*XXX*/

	/*
	 * Default to "uknown" vendor -- we will override this
	 * as necessary.  When we send a Vendor ID payload, an
	 * "unknown" will be translated to a KAME/racoon ID.
	 */
	new->vendorid = VENDORID_UNKNOWN;

	return new;
}

/*
 * insert into head of list.
 */
static void
insspspec(rmconf, spspec)
	struct remoteconf *rmconf;
	struct secprotospec *spspec;
{
	if (rmconf->spspec != NULL)
		rmconf->spspec->prev = spspec;
	spspec->next = rmconf->spspec;
	rmconf->spspec = spspec;
}

static struct secprotospec *
dupspspec(spspec)
	struct secprotospec *spspec;
{
	struct secprotospec *new;

	new = newspspec();
	if (new == NULL) {
		plog(LLV_ERROR, LOCATION, NULL, 
		    "dupspspec: malloc failed\n");
		return NULL;
	}
	memcpy(new, spspec, sizeof(*new));

	if (spspec->gssid) {
		new->gssid = racoon_strdup(spspec->gssid);
		STRDUP_FATAL(new->gssid);
	}
	if (spspec->remote) {
		new->remote = racoon_malloc(sizeof(*new->remote));
		if (new->remote == NULL) {
			plog(LLV_ERROR, LOCATION, NULL, 
			    "dupspspec: malloc failed (remote)\n");
			return NULL;
		}
		memcpy(new->remote, spspec->remote, sizeof(*new->remote));
	}

	return new;
}

/*
 * copy the whole list
 */
void
dupspspec_list(dst, src)
	struct remoteconf *dst, *src;
{
	struct secprotospec *p, *new, *last;

	for(p = src->spspec, last = NULL; p; p = p->next, last = new) {
		new = dupspspec(p);
		if (new == NULL)
			exit(1);

		new->prev = last;
		new->next = NULL; /* not necessary but clean */

		if (last)
			last->next = new;
		else /* first element */
			dst->spspec = new;

	}
}

/*
 * delete the whole list
 */
void
flushspspec(rmconf)
	struct remoteconf *rmconf;
{
	struct secprotospec *p;

	while(rmconf->spspec != NULL) {
		p = rmconf->spspec;
		rmconf->spspec = p->next;
		if (p->next != NULL)
			p->next->prev = NULL; /* not necessary but clean */

		if (p->gssid)
			racoon_free(p->gssid);
		if (p->remote)
			racoon_free(p->remote);
		racoon_free(p);
	}
	rmconf->spspec = NULL;
}

/* set final acceptable proposal */
static int
set_isakmp_proposal(rmconf)
	struct remoteconf *rmconf;
{
	struct secprotospec *s;
	int prop_no = 1; 
	int trns_no = 1;
	int32_t types[MAXALGCLASS];

	/* mandatory check */
	if (rmconf->spspec == NULL) {
		yyerror("no remote specification found: %s.\n",
			saddr2str(rmconf->remote));
		return -1;
	}
	for (s = rmconf->spspec; s != NULL; s = s->next) {
		/* XXX need more to check */
		if (s->algclass[algclass_isakmp_enc] == 0) {
			yyerror("encryption algorithm required.");
			return -1;
		}
		if (s->algclass[algclass_isakmp_hash] == 0) {
			yyerror("hash algorithm required.");
			return -1;
		}
		if (s->algclass[algclass_isakmp_dh] == 0) {
			yyerror("DH group required.");
			return -1;
		}
		if (s->algclass[algclass_isakmp_ameth] == 0) {
			yyerror("authentication method required.");
			return -1;
		}
	}

	/* skip to last part */
	for (s = rmconf->spspec; s->next != NULL; s = s->next)
		;

	while (s != NULL) {
		plog(LLV_DEBUG2, LOCATION, NULL,
			"lifetime = %ld\n", (long)
			(s->lifetime ? s->lifetime : rmconf->lifetime));
		plog(LLV_DEBUG2, LOCATION, NULL,
			"lifebyte = %d\n",
			s->lifebyte ? s->lifebyte : rmconf->lifebyte);
		plog(LLV_DEBUG2, LOCATION, NULL,
			"encklen=%d\n", s->encklen);

		memset(types, 0, ARRAYLEN(types));
		types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
		types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
		types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
		types[algclass_isakmp_ameth] =
		    s->algclass[algclass_isakmp_ameth];

		/* expanding spspec */
		clean_tmpalgtype();
		trns_no = expand_isakmpspec(prop_no, trns_no, types,
				algclass_isakmp_enc, algclass_isakmp_ameth + 1,
				s->lifetime ? s->lifetime : rmconf->lifetime,
				s->lifebyte ? s->lifebyte : rmconf->lifebyte,
				s->encklen, s->vendorid, s->gssid,
				rmconf);
		if (trns_no == -1) {
			plog(LLV_ERROR, LOCATION, NULL,
				"failed to expand isakmp proposal.\n");
			return -1;
		}

		s = s->prev;
	}

	if (rmconf->proposal == NULL) {
		plog(LLV_ERROR, LOCATION, NULL,
			"no proposal found.\n");
		return -1;
	}

	return 0;
}

static void
clean_tmpalgtype()
{
	int i;
	for (i = 0; i < MAXALGCLASS; i++)
		tmpalgtype[i] = 0;	/* means algorithm undefined. */
}

static int
expand_isakmpspec(prop_no, trns_no, types,
		class, last, lifetime, lifebyte, encklen, vendorid, gssid,
		rmconf)
	int prop_no, trns_no;
	int *types, class, last;
	time_t lifetime;
	int lifebyte;
	int encklen;
	int vendorid;
	char *gssid;
	struct remoteconf *rmconf;
{
	struct isakmpsa *new;

	/* debugging */
    {
	int j;
	char tb[10];
	plog(LLV_DEBUG2, LOCATION, NULL,
		"p:%d t:%d\n", prop_no, trns_no);
	for (j = class; j < MAXALGCLASS; j++) {
		snprintf(tb, sizeof(tb), "%d", types[j]);
		plog(LLV_DEBUG2, LOCATION, NULL,
			"%s%s%s%s\n",
			s_algtype(j, types[j]),
			types[j] ? "(" : "",
			tb[0] == '0' ? "" : tb,
			types[j] ? ")" : "");
	}
	plog(LLV_DEBUG2, LOCATION, NULL, "\n");
    }

#define TMPALGTYPE2STR(n) \
	s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n])
		/* check mandatory values */
		if (types[algclass_isakmp_enc] == 0
		 || types[algclass_isakmp_ameth] == 0
		 || types[algclass_isakmp_hash] == 0
		 || types[algclass_isakmp_dh] == 0) {
			yyerror("few definition of algorithm "
				"enc=%s ameth=%s hash=%s dhgroup=%s.\n",
				TMPALGTYPE2STR(enc),
				TMPALGTYPE2STR(ameth),
				TMPALGTYPE2STR(hash),
				TMPALGTYPE2STR(dh));
			return -1;
		}
#undef TMPALGTYPE2STR

	/* set new sa */
	new = newisakmpsa();
	if (new == NULL) {
		yyerror("failed to allocate isakmp sa");
		return -1;
	}
	new->prop_no = prop_no;
	new->trns_no = trns_no++;
	new->lifetime = lifetime;
	new->lifebyte = lifebyte;
	new->enctype = types[algclass_isakmp_enc];
	new->encklen = encklen;
	new->authmethod = types[algclass_isakmp_ameth];
	new->hashtype = types[algclass_isakmp_hash];
	new->dh_group = types[algclass_isakmp_dh];
	new->vendorid = vendorid;
#ifdef HAVE_GSSAPI
	if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
		if (gssid != NULL) {
			if ((new->gssid = vmalloc(strlen(gssid))) == NULL) {
				racoon_free(new);
				yyerror("failed to allocate gssid");
				return -1;
			}
			memcpy(new->gssid->v, gssid, new->gssid->l);
			racoon_free(gssid);
		} else {
			/*
			 * Allocate the default ID so that it gets put
			 * into a GSS ID attribute during the Phase 1
			 * exchange.
			 */
			new->gssid = gssapi_get_default_gss_id();
		}
	}
#endif
	insisakmpsa(new, rmconf);

	return trns_no;
}

#if 0
/*
 * fix lifebyte.
 * Must be more than 1024B because its unit is kilobytes.
 * That is defined RFC2407.
 */
static int
fix_lifebyte(t)
	unsigned long t;
{
	if (t < 1024) {
		yyerror("byte size should be more than 1024B.");
		return 0;
	}

	return(t / 1024);
}
#endif

int
cfparse()
{
	int error;

	yyerrorcount = 0;
	yycf_init_buffer();

	if (yycf_switch_buffer(lcconf->racoon_conf) != 0) {
		plog(LLV_ERROR, LOCATION, NULL, 
		    "could not read configuration file \"%s\"\n", 
		    lcconf->racoon_conf);
		return -1;
	}

	error = yyparse();
	if (error != 0) {
		if (yyerrorcount) {
			plog(LLV_ERROR, LOCATION, NULL,
				"fatal parse failure (%d errors)\n",
				yyerrorcount);
		} else {
			plog(LLV_ERROR, LOCATION, NULL,
				"fatal parse failure.\n");
		}
		return -1;
	}

	if (error == 0 && yyerrorcount) {
		plog(LLV_ERROR, LOCATION, NULL,
			"parse error is nothing, but yyerrorcount is %d.\n",
				yyerrorcount);
		exit(1);
	}

	yycf_clean_buffer();

	plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n");

	return 0;
}

int
cfreparse()
{
	flushph2();
	flushph1();
	flushrmconf();
	flushsainfo();
	clean_tmpalgtype();
	return(cfparse());
}

#ifdef ENABLE_ADMINPORT
static void
adminsock_conf(path, owner, group, mode_dec)
	vchar_t *path;
	vchar_t *owner;
	vchar_t *group;
	int mode_dec;
{
	struct passwd *pw = NULL;
	struct group *gr = NULL;
	mode_t mode = 0;
	uid_t uid;
	gid_t gid;
	int isnum;

	adminsock_path = path->v;

	if (owner == NULL)
		return;

	errno = 0;
	uid = atoi(owner->v);
	isnum = !errno;
	if (((pw = getpwnam(owner->v)) == NULL) && !isnum)
		yyerror("User \"%s\" does not exist", owner->v);

	if (pw)
		adminsock_owner = pw->pw_uid;
	else
		adminsock_owner = uid;

	if (group == NULL)
		return;

	errno = 0;
	gid = atoi(group->v);
	isnum = !errno;
	if (((gr = getgrnam(group->v)) == NULL) && !isnum)
		yyerror("Group \"%s\" does not exist", group->v);

	if (gr)
		adminsock_group = gr->gr_gid;
	else
		adminsock_group = gid;

	if (mode_dec == -1)
		return;

	if (mode_dec > 777)
		yyerror("Mode 0%03o is invalid", mode_dec);
	if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; }
	if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; }
	if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; }

	if (mode_dec > 77)
		yyerror("Mode 0%03o is invalid", mode_dec);
	if (mode_dec >= 40) { mode += 040; mode_dec -= 40; }
	if (mode_dec >= 20) { mode += 020; mode_dec -= 20; }
	if (mode_dec >= 10) { mode += 020; mode_dec -= 10; }

	if (mode_dec > 7)
		yyerror("Mode 0%03o is invalid", mode_dec);
	if (mode_dec >= 4) { mode += 04; mode_dec -= 4; }
	if (mode_dec >= 2) { mode += 02; mode_dec -= 2; }
	if (mode_dec >= 1) { mode += 02; mode_dec -= 1; }
	
	adminsock_mode = mode;

	return;
}
#endif
#line 1933 "racoonyy.tab.c"

#if YYDEBUG
#include <stdio.h>	/* needed for printf */
#endif

#include <stdlib.h>	/* needed for malloc, etc */
#include <string.h>	/* needed for memset */

/* allocate initial stack or double stack size, up to YYMAXDEPTH */
static int yygrowstack(YYSTACKDATA *data)
{
    int i;
    unsigned newsize;
    YYINT *newss;
    YYSTYPE *newvs;

    if ((newsize = data->stacksize) == 0)
        newsize = YYINITSTACKSIZE;
    else if (newsize >= YYMAXDEPTH)
        return YYENOMEM;
    else if ((newsize *= 2) > YYMAXDEPTH)
        newsize = YYMAXDEPTH;

    i = (int) (data->s_mark - data->s_base);
    newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss));
    if (newss == 0)
        return YYENOMEM;

    data->s_base = newss;
    data->s_mark = newss + i;

    newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs));
    if (newvs == 0)
        return YYENOMEM;

    data->l_base = newvs;
    data->l_mark = newvs + i;

    data->stacksize = newsize;
    data->s_last = data->s_base + newsize - 1;
    return 0;
}

#if YYPURE || defined(YY_NO_LEAKS)
static void yyfreestack(YYSTACKDATA *data)
{
    free(data->s_base);
    free(data->l_base);
    memset(data, 0, sizeof(*data));
}
#else
#define yyfreestack(data) /* nothing */
#endif

#define YYABORT  goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
#define YYERROR  goto yyerrlab

int
YYPARSE_DECL()
{
    int yym, yyn, yystate;
#if YYDEBUG
    const char *yys;

    if ((yys = getenv("YYDEBUG")) != 0)
    {
        yyn = *yys;
        if (yyn >= '0' && yyn <= '9')
            yydebug = yyn - '0';
    }
#endif

    yym = 0;
    yyn = 0;
    yynerrs = 0;
    yyerrflag = 0;
    yychar = YYEMPTY;
    yystate = 0;

#if YYPURE
    memset(&yystack, 0, sizeof(yystack));
#endif

    if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
    yystack.s_mark = yystack.s_base;
    yystack.l_mark = yystack.l_base;
    yystate = 0;
    *yystack.s_mark = 0;

yyloop:
    if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
    if (yychar < 0)
    {
        yychar = YYLEX;
        if (yychar < 0) yychar = YYEOF;
#if YYDEBUG
        if (yydebug)
        {
            if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
            printf("%sdebug: state %d, reading %d (%s)\n",
                    YYPREFIX, yystate, yychar, yys);
        }
#endif
    }
    if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
            yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
    {
#if YYDEBUG
        if (yydebug)
            printf("%sdebug: state %d, shifting to state %d\n",
                    YYPREFIX, yystate, yytable[yyn]);
#endif
        if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
        yystate = yytable[yyn];
        *++yystack.s_mark = yytable[yyn];
        *++yystack.l_mark = yylval;
        yychar = YYEMPTY;
        if (yyerrflag > 0)  --yyerrflag;
        goto yyloop;
    }
    if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 &&
            yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar)
    {
        yyn = yytable[yyn];
        goto yyreduce;
    }
    if (yyerrflag != 0) goto yyinrecovery;

    YYERROR_CALL("syntax error");

    goto yyerrlab; /* redundant goto avoids 'unused label' warning */
yyerrlab:
    ++yynerrs;

yyinrecovery:
    if (yyerrflag < 3)
    {
        yyerrflag = 3;
        for (;;)
        {
            if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 &&
                    yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE)
            {
#if YYDEBUG
                if (yydebug)
                    printf("%sdebug: state %d, error recovery shifting\
 to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
                if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
                yystate = yytable[yyn];
                *++yystack.s_mark = yytable[yyn];
                *++yystack.l_mark = yylval;
                goto yyloop;
            }
            else
            {
#if YYDEBUG
                if (yydebug)
                    printf("%sdebug: error recovery discarding state %d\n",
                            YYPREFIX, *yystack.s_mark);
#endif
                if (yystack.s_mark <= yystack.s_base) goto yyabort;
                --yystack.s_mark;
                --yystack.l_mark;
            }
        }
    }
    else
    {
        if (yychar == YYEOF) goto yyabort;
#if YYDEBUG
        if (yydebug)
        {
            if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
            printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
                    YYPREFIX, yystate, yychar, yys);
        }
#endif
        yychar = YYEMPTY;
        goto yyloop;
    }

yyreduce:
#if YYDEBUG
    if (yydebug)
        printf("%sdebug: state %d, reducing by rule %d (%s)\n",
                YYPREFIX, yystate, yyn, yyrule[yyn]);
#endif
    yym = yylen[yyn];
    if (yym > 0)
        yyval = yystack.l_mark[1-yym];
    else
        memset(&yyval, 0, sizeof yyval);

    switch (yyn)
    {
case 21:
#line 368 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct passwd *pw;

			if ((pw = getpwnam(yystack.l_mark[0].val->v)) == NULL) {
				yyerror("unknown user \"%s\"", yystack.l_mark[0].val->v);
				return -1;
			}
			lcconf->uid = pw->pw_uid;
		}
break;
case 23:
#line 378 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->uid = yystack.l_mark[0].num; }
break;
case 25:
#line 380 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct group *gr;

			if ((gr = getgrnam(yystack.l_mark[0].val->v)) == NULL) {
				yyerror("unknown group \"%s\"", yystack.l_mark[0].val->v);
				return -1;
			}
			lcconf->gid = gr->gr_gid;
		}
break;
case 27:
#line 390 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->gid = yystack.l_mark[0].num; }
break;
case 29:
#line 391 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->chroot = yystack.l_mark[0].val->v; }
break;
case 31:
#line 397 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (yystack.l_mark[-1].num >= LC_PATHTYPE_MAX) {
				yyerror("invalid path type %d", yystack.l_mark[-1].num);
				return -1;
			}

			/* free old pathinfo */
			if (lcconf->pathinfo[yystack.l_mark[-1].num])
				racoon_free(lcconf->pathinfo[yystack.l_mark[-1].num]);

			/* set new pathinfo */
			lcconf->pathinfo[yystack.l_mark[-1].num] = racoon_strdup(yystack.l_mark[0].val->v);
			STRDUP_FATAL(lcconf->pathinfo[yystack.l_mark[-1].num]);
			vfree(yystack.l_mark[0].val);
		}
break;
case 33:
#line 417 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->complex_bundle = yystack.l_mark[0].num; }
break;
case 35:
#line 423 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char path[MAXPATHLEN];

			getpathname(path, sizeof(path),
				LC_PATHTYPE_INCLUDE, yystack.l_mark[-1].val->v);
			vfree(yystack.l_mark[-1].val);
			if (yycf_switch_buffer(path) != 0)
				return -1;
		}
break;
case 36:
#line 437 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->pfkey_buffer_size = yystack.l_mark[-1].num;
        }
break;
case 37:
#line 444 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (yystack.l_mark[-1].num >= LC_GSSENC_MAX) {
				yyerror("invalid GSS ID encoding %d", yystack.l_mark[-1].num);
				return -1;
			}
			lcconf->gss_id_enc = yystack.l_mark[-1].num;
		}
break;
case 39:
#line 459 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			/*
			 * set the loglevel to the value specified
			 * in the configuration file plus the number
			 * of -d options specified on the command line
			 */
			loglevel += yystack.l_mark[0].num - oldloglevel;
			oldloglevel = yystack.l_mark[0].num;
		}
break;
case 43:
#line 479 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->pad_random = yystack.l_mark[0].num; }
break;
case 45:
#line 480 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->pad_randomlen = yystack.l_mark[0].num; }
break;
case 47:
#line 481 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->pad_maxsize = yystack.l_mark[0].num; }
break;
case 49:
#line 482 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->pad_strict = yystack.l_mark[0].num; }
break;
case 51:
#line 483 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->pad_excltail = yystack.l_mark[0].num; }
break;
case 56:
#line 496 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			myaddr_listen(yystack.l_mark[0].saddr, FALSE);
			racoon_free(yystack.l_mark[0].saddr);
		}
break;
case 58:
#line 502 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_NATT
			myaddr_listen(yystack.l_mark[0].saddr, TRUE);
			racoon_free(yystack.l_mark[0].saddr);
#else
			racoon_free(yystack.l_mark[0].saddr);
			yyerror("NAT-T support not compiled in.");
#endif
		}
break;
case 60:
#line 513 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_ADMINPORT
			adminsock_conf(yystack.l_mark[-3].val, yystack.l_mark[-2].val, yystack.l_mark[-1].val, yystack.l_mark[0].num);
#else
			yywarn("admin port support not compiled in");
#endif
		}
break;
case 62:
#line 522 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_ADMINPORT
			adminsock_conf(yystack.l_mark[0].val, NULL, NULL, -1);
#else
			yywarn("admin port support not compiled in");
#endif
		}
break;
case 64:
#line 531 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_ADMINPORT
			adminsock_path = NULL;
#else
			yywarn("admin port support not compiled in");
#endif
		}
break;
case 66:
#line 539 "../../ipsec-tools/src/racoon/cfparse.y"
	{ lcconf->strict_address = TRUE; }
break;
case 68:
#line 543 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char portbuf[10];

			snprintf(portbuf, sizeof(portbuf), "%ld", yystack.l_mark[0].num);
			yyval.saddr = str2saddr(yystack.l_mark[-1].val->v, portbuf);
			vfree(yystack.l_mark[-1].val);
			if (!yyval.saddr)
				return -1;
		}
break;
case 69:
#line 554 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = PORT_ISAKMP; }
break;
case 70:
#line 555 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 71:
#line 560 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifndef ENABLE_HYBRID
			yyerror("racoon not configured with --enable-hybrid");
			return -1;
#endif
#ifndef HAVE_LIBRADIUS
			yyerror("racoon not configured with --with-libradius");
			return -1;
#endif
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			xauth_rad_config.timeout = 3;
			xauth_rad_config.retries = 3;
#endif
#endif
		}
break;
case 75:
#line 583 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			int i = xauth_rad_config.auth_server_count;
			if (i == RADIUS_MAX_SERVERS) {
				yyerror("maximum radius auth servers exceeded");
				return -1;
			}

			xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-1].val);
			xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val);
			xauth_rad_config.auth_server_list[i].port = 0; /* default port*/
			xauth_rad_config.auth_server_count++;
#endif
#endif
		}
break;
case 77:
#line 601 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			int i = xauth_rad_config.auth_server_count;
			if (i == RADIUS_MAX_SERVERS) {
				yyerror("maximum radius auth servers exceeded");
				return -1;
			}

			xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-2].val);
			xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val);
			xauth_rad_config.auth_server_list[i].port = yystack.l_mark[-1].num;
			xauth_rad_config.auth_server_count++;
#endif
#endif
		}
break;
case 79:
#line 619 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			int i = xauth_rad_config.acct_server_count;
			if (i == RADIUS_MAX_SERVERS) {
				yyerror("maximum radius account servers exceeded");
				return -1;
			}

			xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-1].val);
			xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val);
			xauth_rad_config.acct_server_list[i].port = 0; /* default port*/
			xauth_rad_config.acct_server_count++;
#endif
#endif
		}
break;
case 81:
#line 637 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			int i = xauth_rad_config.acct_server_count;
			if (i == RADIUS_MAX_SERVERS) {
				yyerror("maximum radius account servers exceeded");
				return -1;
			}

			xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-2].val);
			xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val);
			xauth_rad_config.acct_server_list[i].port = yystack.l_mark[-1].num;
			xauth_rad_config.acct_server_count++;
#endif
#endif
		}
break;
case 83:
#line 655 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			xauth_rad_config.timeout = yystack.l_mark[0].num;
#endif
#endif
		}
break;
case 85:
#line 664 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			xauth_rad_config.retries = yystack.l_mark[0].num;
#endif
#endif
		}
break;
case 87:
#line 676 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifndef ENABLE_HYBRID
			yyerror("racoon not configured with --enable-hybrid");
			return -1;
#endif
#ifndef HAVE_LIBLDAP
			yyerror("racoon not configured with --with-libldap");
			return -1;
#endif
		}
break;
case 91:
#line 693 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if ((yystack.l_mark[0].num<2)||(yystack.l_mark[0].num>3))
				yyerror("invalid ldap protocol version (2|3)");
			xauth_ldap_config.pver = yystack.l_mark[0].num;
#endif
#endif
		}
break;
case 93:
#line 704 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.host != NULL)
				vfree(xauth_ldap_config.host);
			xauth_ldap_config.host = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 95:
#line 715 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			xauth_ldap_config.port = yystack.l_mark[0].num;
#endif
#endif
		}
break;
case 97:
#line 724 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.base != NULL)
				vfree(xauth_ldap_config.base);
			xauth_ldap_config.base = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 99:
#line 735 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			xauth_ldap_config.subtree = yystack.l_mark[0].num;
#endif
#endif
		}
break;
case 101:
#line 744 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.bind_dn != NULL)
				vfree(xauth_ldap_config.bind_dn);
			xauth_ldap_config.bind_dn = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 103:
#line 755 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.bind_pw != NULL)
				vfree(xauth_ldap_config.bind_pw);
			xauth_ldap_config.bind_pw = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 105:
#line 766 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.attr_user != NULL)
				vfree(xauth_ldap_config.attr_user);
			xauth_ldap_config.attr_user = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 107:
#line 777 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.attr_addr != NULL)
				vfree(xauth_ldap_config.attr_addr);
			xauth_ldap_config.attr_addr = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 109:
#line 788 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.attr_mask != NULL)
				vfree(xauth_ldap_config.attr_mask);
			xauth_ldap_config.attr_mask = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 111:
#line 799 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.attr_group != NULL)
				vfree(xauth_ldap_config.attr_group);
			xauth_ldap_config.attr_group = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 113:
#line 810 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			if (xauth_ldap_config.attr_member != NULL)
				vfree(xauth_ldap_config.attr_member);
			xauth_ldap_config.attr_member = vdup(yystack.l_mark[0].val);
#endif
#endif
		}
break;
case 118:
#line 832 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
			     &isakmp_cfg_config.network4) != 1)
				yyerror("bad IPv4 network address.");
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 120:
#line 843 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
			    &isakmp_cfg_config.netmask4) != 1)
				yyerror("bad IPv4 netmask address.");
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 124:
#line 858 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 126:
#line 867 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 128:
#line 876 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifndef ENABLE_HYBRID
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 130:
#line 883 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			strncpy(&isakmp_cfg_config.default_domain[0], 
			    yystack.l_mark[0].val->v, MAXPATHLEN);
			isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0';
			vfree(yystack.l_mark[0].val);
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 132:
#line 895 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 134:
#line 904 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS;
#else /* HAVE_LIBRADIUS */
			yyerror("racoon not configured with --with-libradius");
#endif /* HAVE_LIBRADIUS */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 136:
#line 917 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBPAM
			isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM;
#else /* HAVE_LIBPAM */
			yyerror("racoon not configured with --with-libpam");
#endif /* HAVE_LIBPAM */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 138:
#line 930 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP;
#else /* HAVE_LIBLDAP */
			yyerror("racoon not configured with --with-libldap");
#endif /* HAVE_LIBLDAP */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 140:
#line 943 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifndef ENABLE_HYBRID
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 142:
#line 950 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 144:
#line 959 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP;
#else /* HAVE_LIBLDAP */
			yyerror("racoon not configured with --with-libldap");
#endif /* HAVE_LIBLDAP */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 146:
#line 972 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 148:
#line 981 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM;
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 150:
#line 990 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS;
#else /* HAVE_LIBRADIUS */
			yyerror("racoon not configured with --with-libradius");
#endif /* HAVE_LIBRADIUS */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 152:
#line 1003 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBPAM
			isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM;
#else /* HAVE_LIBPAM */
			yyerror("racoon not configured with --with-libpam");
#endif /* HAVE_LIBPAM */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 154:
#line 1016 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			if (isakmp_cfg_resize_pool(yystack.l_mark[0].num) != 0)
				yyerror("cannot allocate memory for pool");
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 156:
#line 1026 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.pfs_group = yystack.l_mark[0].num;
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 158:
#line 1035 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.save_passwd = yystack.l_mark[0].num;
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 160:
#line 1044 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.auth_throttle = yystack.l_mark[0].num;
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 162:
#line 1053 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL;
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 164:
#line 1062 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBRADIUS
			isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS;
#else /* HAVE_LIBRADIUS */
			yyerror("racoon not configured with --with-libradius");
#endif /* HAVE_LIBRADIUS */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 166:
#line 1075 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
#ifdef HAVE_LIBLDAP
			isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP;
#else /* HAVE_LIBLDAP */
			yyerror("racoon not configured with --with-libldap");
#endif /* HAVE_LIBLDAP */
#else /* ENABLE_HYBRID */
			yyerror("racoon not configured with --enable-hybrid");
#endif /* ENABLE_HYBRID */
		}
break;
case 168:
#line 1088 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			strncpy(&isakmp_cfg_config.motd[0], yystack.l_mark[0].val->v, MAXPATHLEN);
			isakmp_cfg_config.motd[MAXPATHLEN] = '\0';
			vfree(yystack.l_mark[0].val);
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 172:
#line 1106 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			struct isakmp_cfg_config *icc = &isakmp_cfg_config;

			if (icc->dns4_index > MAXNS)
				yyerror("No more than %d DNS", MAXNS);
			if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
			    &icc->dns4[icc->dns4_index++]) != 1)
				yyerror("bad IPv4 DNS address.");
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 175:
#line 1127 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			struct isakmp_cfg_config *icc = &isakmp_cfg_config;

			if (icc->nbns4_index > MAXWINS)
				yyerror("No more than %d WINS", MAXWINS);
			if (inet_pton(AF_INET, yystack.l_mark[0].val->v,
			    &icc->nbns4[icc->nbns4_index++]) != 1)
				yyerror("bad IPv4 WINS address.");
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 178:
#line 1148 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			struct isakmp_cfg_config *icc = &isakmp_cfg_config;
			struct unity_network network;
			memset(&network,0,sizeof(network));

			if (inet_pton(AF_INET, yystack.l_mark[-1].val->v, &network.addr4) != 1)
				yyerror("bad IPv4 SPLIT address.");

			/* Turn $2 (the prefix) into a subnet mask */
			network.mask4.s_addr = (yystack.l_mark[0].num) ? htonl(~((1 << (32 - yystack.l_mark[0].num)) - 1)) : 0;

			/* add the network to our list */ 
			if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count))
				yyerror("Unable to allocate split network");
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 181:
#line 1175 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			char * groupname = NULL;
			char ** grouplist = NULL;
			struct isakmp_cfg_config *icc = &isakmp_cfg_config;

			grouplist = racoon_realloc(icc->grouplist,
					sizeof(char**)*(icc->groupcount+1));
			if (grouplist == NULL) {
				yyerror("unable to allocate auth group list");
				return -1;
			}

			groupname = racoon_malloc(yystack.l_mark[0].val->l+1);
			if (groupname == NULL) {
				yyerror("unable to allocate auth group name");
				return -1;
			}

			memcpy(groupname,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l);
			groupname[yystack.l_mark[0].val->l]=0;
			grouplist[icc->groupcount]=groupname;
			icc->grouplist = grouplist;
			icc->groupcount++;

			vfree(yystack.l_mark[0].val);
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 184:
#line 1213 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			struct isakmp_cfg_config *icc = &isakmp_cfg_config;

			if (!icc->splitdns_len)
			{
				icc->splitdns_list = racoon_malloc(yystack.l_mark[0].val->l);
				if(icc->splitdns_list == NULL) {
					yyerror("error allocating splitdns list buffer");
					return -1;
				}
				memcpy(icc->splitdns_list,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l);
				icc->splitdns_len = yystack.l_mark[0].val->l;
			}
			else
			{
				int len = icc->splitdns_len + yystack.l_mark[0].val->l + 1;
				icc->splitdns_list = racoon_realloc(icc->splitdns_list,len);
				if(icc->splitdns_list == NULL) {
					yyerror("error allocating splitdns list buffer");
					return -1;
				}
				icc->splitdns_list[icc->splitdns_len] = ',';
				memcpy(icc->splitdns_list + icc->splitdns_len + 1, yystack.l_mark[0].val->v, yystack.l_mark[0].val->l);
				icc->splitdns_len = len;
			}
			vfree(yystack.l_mark[0].val);
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 188:
#line 1257 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->retry_counter = yystack.l_mark[0].num;
		}
break;
case 190:
#line 1262 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->retry_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 192:
#line 1267 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->count_persend = yystack.l_mark[0].num;
		}
break;
case 194:
#line 1272 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->retry_checkph1 = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 196:
#line 1277 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			lcconf->wait_ph2complete = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 198:
#line 1282 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_NATT
        		if (libipsec_opt & LIBIPSEC_OPT_NATT)
				lcconf->natt_ka_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num;
			else
                		yyerror("libipsec lacks NAT-T support");
#else
			yyerror("NAT-T support not compiled in.");
#endif
		}
break;
case 200:
#line 1298 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo = newsainfo();
			if (cur_sainfo == NULL) {
				yyerror("failed to allocate sainfo");
				return -1;
			}
		}
break;
case 201:
#line 1306 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct sainfo *check;

			/* default */
			if (cur_sainfo->algs[algclass_ipsec_enc] == 0) {
				yyerror("no encryption algorithm at %s",
					sainfo2str(cur_sainfo));
				return -1;
			}
			if (cur_sainfo->algs[algclass_ipsec_auth] == 0) {
				yyerror("no authentication algorithm at %s",
					sainfo2str(cur_sainfo));
				return -1;
			}
			if (cur_sainfo->algs[algclass_ipsec_comp] == 0) {
				yyerror("no compression algorithm at %s",
					sainfo2str(cur_sainfo));
				return -1;
			}

			/* duplicate check */
			check = getsainfo(cur_sainfo->idsrc,
					  cur_sainfo->iddst,
					  cur_sainfo->id_i,
					  NULL,
					  cur_sainfo->remoteid);

			if (check && ((check->idsrc != SAINFO_ANONYMOUS) &&
				      (cur_sainfo->idsrc != SAINFO_ANONYMOUS))) {
				yyerror("duplicated sainfo: %s",
					sainfo2str(cur_sainfo));
				return -1;
			}

			inssainfo(cur_sainfo);
		}
break;
case 203:
#line 1346 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = SAINFO_ANONYMOUS;
			cur_sainfo->iddst = SAINFO_ANONYMOUS;
		}
break;
case 204:
#line 1351 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = SAINFO_ANONYMOUS;
			cur_sainfo->iddst = SAINFO_CLIENTADDR;
		}
break;
case 205:
#line 1356 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = SAINFO_ANONYMOUS;
			cur_sainfo->iddst = yystack.l_mark[0].val;
		}
break;
case 206:
#line 1361 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = yystack.l_mark[-1].val;
			cur_sainfo->iddst = SAINFO_ANONYMOUS;
		}
break;
case 207:
#line 1366 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = yystack.l_mark[-1].val;
			cur_sainfo->iddst = SAINFO_CLIENTADDR;
		}
break;
case 208:
#line 1371 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->idsrc = yystack.l_mark[-1].val;
			cur_sainfo->iddst = yystack.l_mark[0].val;
		}
break;
case 209:
#line 1378 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char portbuf[10];
			struct sockaddr *saddr;

			if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6)
			 && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) {
				yyerror("port number must be \"any\".");
				return -1;
			}

			snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num);
			saddr = str2saddr(yystack.l_mark[-3].val->v, portbuf);
			vfree(yystack.l_mark[-3].val);
			if (saddr == NULL)
				return -1;

			switch (saddr->sa_family) {
			case AF_INET:
				if (yystack.l_mark[0].num == IPPROTO_ICMPV6) {
					yyerror("upper layer protocol mismatched.\n");
					racoon_free(saddr);
					return -1;
				}
				yyval.val = ipsecdoi_sockaddr2id(saddr,
										  yystack.l_mark[-2].num == ~0 ? (sizeof(struct in_addr) << 3): yystack.l_mark[-2].num,
										  yystack.l_mark[0].num);
				break;
#ifdef INET6
			case AF_INET6:
				if (yystack.l_mark[0].num == IPPROTO_ICMP) {
					yyerror("upper layer protocol mismatched.\n");
					racoon_free(saddr);
					return -1;
				}
				yyval.val = ipsecdoi_sockaddr2id(saddr, 
										  yystack.l_mark[-2].num == ~0 ? (sizeof(struct in6_addr) << 3): yystack.l_mark[-2].num,
										  yystack.l_mark[0].num);
				break;
#endif
			default:
				yyerror("invalid family: %d", saddr->sa_family);
				yyval.val = NULL;
				break;
			}
			racoon_free(saddr);
			if (yyval.val == NULL)
				return -1;
		}
break;
case 210:
#line 1427 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char portbuf[10];
			struct sockaddr *laddr = NULL, *haddr = NULL;
			char *cur = NULL;

			if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6)
			 && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) {
				yyerror("port number must be \"any\".");
				return -1;
			}

			snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num);
			
			laddr = str2saddr(yystack.l_mark[-4].val->v, portbuf);
			if (laddr == NULL) {
			    return -1;
			}
			vfree(yystack.l_mark[-4].val);
			haddr = str2saddr(yystack.l_mark[-3].val->v, portbuf);
			if (haddr == NULL) {
			    racoon_free(laddr);
			    return -1;
			}
			vfree(yystack.l_mark[-3].val);

			switch (laddr->sa_family) {
			case AF_INET:
				if (yystack.l_mark[0].num == IPPROTO_ICMPV6) {
				    yyerror("upper layer protocol mismatched.\n");
				    if (laddr)
					racoon_free(laddr);
				    if (haddr)
					racoon_free(haddr);
				    return -1;
				}
                                yyval.val = ipsecdoi_sockrange2id(laddr, haddr, 
							   yystack.l_mark[0].num);
				break;
#ifdef INET6
			case AF_INET6:
				if (yystack.l_mark[0].num == IPPROTO_ICMP) {
					yyerror("upper layer protocol mismatched.\n");
					if (laddr)
					    racoon_free(laddr);
					if (haddr)
					    racoon_free(haddr);
					return -1;
				}
				yyval.val = ipsecdoi_sockrange2id(laddr, haddr, 
							       yystack.l_mark[0].num);
				break;
#endif
			default:
				yyerror("invalid family: %d", laddr->sa_family);
				yyval.val = NULL;
				break;
			}
			if (laddr)
			    racoon_free(laddr);
			if (haddr)
			    racoon_free(haddr);
			if (yyval.val == NULL)
				return -1;
		}
break;
case 211:
#line 1492 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct ipsecdoi_id_b *id_b;

			if (yystack.l_mark[-1].num == IDTYPE_ASN1DN) {
				yyerror("id type forbidden: %d", yystack.l_mark[-1].num);
				yyval.val = NULL;
				return -1;
			}

			yystack.l_mark[0].val->l--;

			yyval.val = vmalloc(sizeof(*id_b) + yystack.l_mark[0].val->l);
			if (yyval.val == NULL) {
				yyerror("failed to allocate identifier");
				return -1;
			}

			id_b = (struct ipsecdoi_id_b *)yyval.val->v;
			id_b->type = idtype2doi(yystack.l_mark[-1].num);

			id_b->proto_id = 0;
			id_b->port = 0;

			memcpy(yyval.val->v + sizeof(*id_b), yystack.l_mark[0].val->v, yystack.l_mark[0].val->l);
		}
break;
case 212:
#line 1520 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->id_i = NULL;
		}
break;
case 213:
#line 1524 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct ipsecdoi_id_b *id_b;
			vchar_t *idv;

			if (set_identifier(&idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
				yyerror("failed to set identifer.\n");
				return -1;
			}
			cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l);
			if (cur_sainfo->id_i == NULL) {
				yyerror("failed to allocate identifier");
				return -1;
			}

			id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
			id_b->type = idtype2doi(yystack.l_mark[-1].num);

			id_b->proto_id = 0;
			id_b->port = 0;

			memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
			       idv->v, idv->l);
			vfree(idv);
		}
break;
case 214:
#line 1549 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			if ((cur_sainfo->group = vdup(yystack.l_mark[0].val)) == NULL) {
				yyerror("failed to set sainfo xauth group.\n");
				return -1;
			}
#else
			yyerror("racoon not configured with --enable-hybrid");
			return -1;
#endif
 		}
break;
case 217:
#line 1567 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->pfs_group = yystack.l_mark[0].num;
		}
break;
case 219:
#line 1572 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->remoteid = yystack.l_mark[0].num;
		}
break;
case 221:
#line 1577 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_sainfo->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 223:
#line 1582 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#if 1
			yyerror("byte lifetime support is deprecated");
			return -1;
#else
			cur_sainfo->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
			if (cur_sainfo->lifebyte == 0)
				return -1;
#endif
		}
break;
case 225:
#line 1593 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_algclass = yystack.l_mark[0].num;
		}
break;
case 227:
#line 1601 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg);
		}
break;
case 228:
#line 1605 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg);
		}
break;
case 230:
#line 1612 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			int defklen;

			yyval.alg = newsainfoalg();
			if (yyval.alg == NULL) {
				yyerror("failed to get algorithm allocation");
				return -1;
			}

			yyval.alg->alg = algtype2doi(cur_algclass, yystack.l_mark[-1].num);
			if (yyval.alg->alg == -1) {
				yyerror("algorithm mismatched");
				racoon_free(yyval.alg);
				yyval.alg = NULL;
				return -1;
			}

			defklen = default_keylen(cur_algclass, yystack.l_mark[-1].num);
			if (defklen == 0) {
				if (yystack.l_mark[0].num) {
					yyerror("keylen not allowed");
					racoon_free(yyval.alg);
					yyval.alg = NULL;
					return -1;
				}
			} else {
				if (yystack.l_mark[0].num && check_keylen(cur_algclass, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) {
					yyerror("invalid keylen %d", yystack.l_mark[0].num);
					racoon_free(yyval.alg);
					yyval.alg = NULL;
					return -1;
				}
			}

			if (yystack.l_mark[0].num)
				yyval.alg->encklen = yystack.l_mark[0].num;
			else
				yyval.alg->encklen = defklen;

			/* check if it's supported algorithm by kernel */
			if (!(cur_algclass == algclass_ipsec_auth && yystack.l_mark[-1].num == algtype_non_auth)
			 && pk_checkalg(cur_algclass, yystack.l_mark[-1].num, yyval.alg->encklen)) {
				int a = algclass2doi(cur_algclass);
				int b = algtype2doi(cur_algclass, yystack.l_mark[-1].num);
				if (a == IPSECDOI_ATTR_AUTH)
					a = IPSECDOI_PROTO_IPSEC_AH;
				yyerror("algorithm %s not supported by the kernel (missing module?)",
					s_ipsecdoi_trns(a, b));
				racoon_free(yyval.alg);
				yyval.alg = NULL;
				return -1;
			}
		}
break;
case 231:
#line 1667 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = ~0; }
break;
case 232:
#line 1668 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 233:
#line 1671 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = IPSEC_PORT_ANY; }
break;
case 234:
#line 1672 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 235:
#line 1673 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = IPSEC_PORT_ANY; }
break;
case 236:
#line 1676 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 237:
#line 1677 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 238:
#line 1678 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = IPSEC_ULPROTO_ANY; }
break;
case 239:
#line 1681 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = 0; }
break;
case 240:
#line 1682 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = yystack.l_mark[0].num; }
break;
case 241:
#line 1688 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct remoteconf *from, *new;

			if (getrmconf_by_name(yystack.l_mark[-2].val->v) != NULL) {
				yyerror("named remoteconf \"%s\" already exists.");
				return -1;
			}

			from = getrmconf_by_name(yystack.l_mark[0].val->v);
			if (from == NULL) {
				yyerror("named parent remoteconf \"%s\" does not exist.",
					yystack.l_mark[0].val->v);
				return -1;
			}

			new = duprmconf_shallow(from);
			if (new == NULL) {
				yyerror("failed to duplicate remoteconf from \"%s\".",
					yystack.l_mark[0].val->v);
				return -1;
			}

			new->name = racoon_strdup(yystack.l_mark[-2].val->v);
			cur_rmconf = new;

			vfree(yystack.l_mark[-2].val);
			vfree(yystack.l_mark[0].val);
		}
break;
case 243:
#line 1718 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct remoteconf *new;

			if (getrmconf_by_name(yystack.l_mark[0].val->v) != NULL) {
				yyerror("Named remoteconf \"%s\" already exists.");
				return -1;
			}

			new = newrmconf();
			if (new == NULL) {
				yyerror("failed to get new remoteconf.");
				return -1;
			}
			new->name = racoon_strdup(yystack.l_mark[0].val->v);
			cur_rmconf = new;

			vfree(yystack.l_mark[0].val);
		}
break;
case 245:
#line 1738 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct remoteconf *from, *new;

			from = getrmconf(yystack.l_mark[0].saddr, GETRMCONF_F_NO_ANONYMOUS);
			if (from == NULL) {
				yyerror("failed to get remoteconf for %s.",
					saddr2str(yystack.l_mark[0].saddr));
				return -1;
			}

			new = duprmconf_shallow(from);
			if (new == NULL) {
				yyerror("failed to duplicate remoteconf from %s.",
					saddr2str(yystack.l_mark[0].saddr));
				return -1;
			}

			racoon_free(yystack.l_mark[0].saddr);
			new->remote = yystack.l_mark[-2].saddr;
			cur_rmconf = new;
		}
break;
case 247:
#line 1761 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct remoteconf *new;

			new = newrmconf();
			if (new == NULL) {
				yyerror("failed to get new remoteconf.");
				return -1;
			}

			new->remote = yystack.l_mark[0].saddr;
			cur_rmconf = new;
		}
break;
case 250:
#line 1779 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (process_rmconf() != 0)
				return -1;
		}
break;
case 251:
#line 1787 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (process_rmconf() != 0)
				return -1;
		}
break;
case 252:
#line 1794 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			yyval.saddr = newsaddr(sizeof(struct sockaddr));
			yyval.saddr->sa_family = AF_UNSPEC;
			((struct sockaddr_in *)yyval.saddr)->sin_port = htons(yystack.l_mark[0].num);
		}
break;
case 253:
#line 1800 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			yyval.saddr = yystack.l_mark[0].saddr;
			if (yyval.saddr == NULL) {
				yyerror("failed to allocate sockaddr");
				return -1;
			}
		}
break;
case 256:
#line 1814 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->remote != NULL) {
				yyerror("remote_address already specified");
				return -1;
			}
			cur_rmconf->remote = yystack.l_mark[0].saddr;
		}
break;
case 258:
#line 1823 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->etypes = NULL;
		}
break;
case 260:
#line 1827 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->doitype = yystack.l_mark[0].num; }
break;
case 262:
#line 1828 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->sittype = yystack.l_mark[0].num; }
break;
case 265:
#line 1831 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			yywarn("This directive without certtype will be removed!\n");
			yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", yystack.l_mark[0].val->v);

			if (cur_rmconf->peerscert != NULL) {
				yyerror("peers_certfile already defined\n");
				return -1;
			}

			if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile,
				      &cur_rmconf->peerscert)) {
				yyerror("failed to load certificate \"%s\"\n",
					yystack.l_mark[0].val->v);
				return -1;
			}

			vfree(yystack.l_mark[0].val);
		}
break;
case 267:
#line 1851 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->peerscert != NULL) {
				yyerror("peers_certfile already defined\n");
				return -1;
			}

			if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile,
				      &cur_rmconf->peerscert)) {
				yyerror("failed to load certificate \"%s\"\n",
					yystack.l_mark[0].val->v);
				return -1;
			}

			vfree(yystack.l_mark[0].val);
		}
break;
case 269:
#line 1868 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char path[MAXPATHLEN];
			int ret = 0;

			if (cur_rmconf->peerscert != NULL) {
				yyerror("peers_certfile already defined\n");
				return -1;
			}

			cur_rmconf->peerscert = vmalloc(1);
			if (cur_rmconf->peerscert == NULL) {
				yyerror("failed to allocate peerscert");
				return -1;
			}
			cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA;

			getpathname(path, sizeof(path),
				    LC_PATHTYPE_CERT, yystack.l_mark[0].val->v);
			if (rsa_parse_file(cur_rmconf->rsa_public, path,
					   RSA_TYPE_PUBLIC)) {
				yyerror("Couldn't parse keyfile.\n", path);
				return -1;
			}
			plog(LLV_DEBUG, LOCATION, NULL,
			     "Public PlainRSA keyfile parsed: %s\n", path);

			vfree(yystack.l_mark[0].val);
		}
break;
case 271:
#line 1898 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->peerscert != NULL) {
				yyerror("peers_certfile already defined\n");
				return -1;
			}
			cur_rmconf->peerscert = vmalloc(1);
			if (cur_rmconf->peerscert == NULL) {
				yyerror("failed to allocate peerscert");
				return -1;
			}
			cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS;
		}
break;
case 273:
#line 1912 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->cacert != NULL) {
				yyerror("ca_type already defined\n");
				return -1;
			}

			if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->cacertfile,
				      &cur_rmconf->cacert)) {
				yyerror("failed to load certificate \"%s\"\n",
					yystack.l_mark[0].val->v);
				return -1;
			}

			vfree(yystack.l_mark[0].val);
		}
break;
case 275:
#line 1928 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->verify_cert = yystack.l_mark[0].num; }
break;
case 277:
#line 1929 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->send_cert = yystack.l_mark[0].num; }
break;
case 279:
#line 1930 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->send_cr = yystack.l_mark[0].num; }
break;
case 281:
#line 1931 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->match_empty_cr = yystack.l_mark[0].num; }
break;
case 283:
#line 1933 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (set_identifier(&cur_rmconf->idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
				yyerror("failed to set identifer.\n");
				return -1;
			}
			cur_rmconf->idvtype = yystack.l_mark[-1].num;
		}
break;
case 285:
#line 1942 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (set_identifier_qual(&cur_rmconf->idv, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) {
				yyerror("failed to set identifer.\n");
				return -1;
			}
			cur_rmconf->idvtype = yystack.l_mark[-2].num;
		}
break;
case 287:
#line 1951 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_HYBRID
			/* formerly identifier type login */
			if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) {
				yyerror("failed to allocate xauth state\n");
				return -1;
			}
			if ((cur_rmconf->xauth->login = vdup(yystack.l_mark[0].val)) == NULL) {
				yyerror("failed to set identifer.\n");
				return -1;
			}
#else
			yyerror("racoon not configured with --enable-hybrid");
#endif
		}
break;
case 289:
#line 1968 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct idspec  *id;
			id = newidspec();
			if (id == NULL) {
				yyerror("failed to allocate idspec");
				return -1;
			}
			if (set_identifier(&id->id, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) {
				yyerror("failed to set identifer.\n");
				racoon_free(id);
				return -1;
			}
			id->idtype = yystack.l_mark[-1].num;
			genlist_append (cur_rmconf->idvl_p, id);
		}
break;
case 291:
#line 1985 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct idspec  *id;
			id = newidspec();
			if (id == NULL) {
				yyerror("failed to allocate idspec");
				return -1;
			}
			if (set_identifier_qual(&id->id, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) {
				yyerror("failed to set identifer.\n");
				racoon_free(id);
				return -1;
			}
			id->idtype = yystack.l_mark[-2].num;
			genlist_append (cur_rmconf->idvl_p, id);
		}
break;
case 293:
#line 2001 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->verify_identifier = yystack.l_mark[0].num; }
break;
case 295:
#line 2002 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->nonce_size = yystack.l_mark[0].num; }
break;
case 297:
#line 2004 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			yyerror("dh_group cannot be defined here.");
			return -1;
		}
break;
case 299:
#line 2009 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->passive = yystack.l_mark[0].num; }
break;
case 301:
#line 2010 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->ike_frag = yystack.l_mark[0].num; }
break;
case 303:
#line 2011 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; }
break;
case 305:
#line 2012 "../../ipsec-tools/src/racoon/cfparse.y"
	{ 
#ifdef SADB_X_EXT_NAT_T_FRAG
        		if (libipsec_opt & LIBIPSEC_OPT_FRAG)
				cur_rmconf->esp_frag = yystack.l_mark[0].num; 
			else
                		yywarn("libipsec lacks IKE frag support");
#else
			yywarn("Your kernel does not support esp_frag");
#endif
		}
break;
case 307:
#line 2022 "../../ipsec-tools/src/racoon/cfparse.y"
	{ 
			if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL)
				vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]);

			cur_rmconf->script[SCRIPT_PHASE1_UP] = 
			    script_path_add(vdup(yystack.l_mark[-1].val));
		}
break;
case 309:
#line 2029 "../../ipsec-tools/src/racoon/cfparse.y"
	{ 
			if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL)
				vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]);

			cur_rmconf->script[SCRIPT_PHASE1_DOWN] = 
			    script_path_add(vdup(yystack.l_mark[-1].val));
		}
break;
case 311:
#line 2036 "../../ipsec-tools/src/racoon/cfparse.y"
	{ 
			if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL)
				vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]);

			cur_rmconf->script[SCRIPT_PHASE1_DEAD] = 
			    script_path_add(vdup(yystack.l_mark[-1].val));
		}
break;
case 313:
#line 2043 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->mode_cfg = yystack.l_mark[0].num; }
break;
case 315:
#line 2044 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->weak_phase1_check = yystack.l_mark[0].num;
		}
break;
case 317:
#line 2047 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->gen_policy = yystack.l_mark[0].num; }
break;
case 319:
#line 2048 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->gen_policy = yystack.l_mark[0].num; }
break;
case 321:
#line 2049 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->support_proxy = yystack.l_mark[0].num; }
break;
case 323:
#line 2050 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->ini_contact = yystack.l_mark[0].num; }
break;
case 325:
#line 2052 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_NATT
        		if (libipsec_opt & LIBIPSEC_OPT_NATT)
				cur_rmconf->nat_traversal = yystack.l_mark[0].num;
			else
                		yyerror("libipsec lacks NAT-T support");
#else
			yyerror("NAT-T support not compiled in.");
#endif
		}
break;
case 327:
#line 2063 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_NATT
			if (libipsec_opt & LIBIPSEC_OPT_NATT)
				cur_rmconf->nat_traversal = NATT_FORCE;
			else
                		yyerror("libipsec lacks NAT-T support");
#else
			yyerror("NAT-T support not compiled in.");
#endif
		}
break;
case 329:
#line 2074 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_DPD
			cur_rmconf->dpd = yystack.l_mark[0].num;
#else
			yyerror("DPD support not compiled in.");
#endif
		}
break;
case 331:
#line 2082 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_DPD
			cur_rmconf->dpd_interval = yystack.l_mark[0].num;
#else
			yyerror("DPD support not compiled in.");
#endif
		}
break;
case 333:
#line 2091 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_DPD
			cur_rmconf->dpd_retry = yystack.l_mark[0].num;
#else
			yyerror("DPD support not compiled in.");
#endif
		}
break;
case 335:
#line 2100 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#ifdef ENABLE_DPD
			cur_rmconf->dpd_maxfails = yystack.l_mark[0].num;
#else
			yyerror("DPD support not compiled in.");
#endif
		}
break;
case 337:
#line 2108 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->rekey = yystack.l_mark[0].num; }
break;
case 339:
#line 2109 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->rekey = REKEY_FORCE; }
break;
case 341:
#line 2111 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->ph1id = yystack.l_mark[0].num;
		}
break;
case 343:
#line 2116 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 345:
#line 2120 "../../ipsec-tools/src/racoon/cfparse.y"
	{ cur_rmconf->pcheck_level = yystack.l_mark[0].num; }
break;
case 347:
#line 2122 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#if 1
			yyerror("byte lifetime support is deprecated in Phase1");
			return -1;
#else
			yywarn("the lifetime of bytes in phase 1 "
				"will be ignored at the moment.");
			cur_rmconf->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
			if (cur_rmconf->lifebyte == 0)
				return -1;
#endif
		}
break;
case 349:
#line 2136 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct secprotospec *spspec;

			spspec = newspspec();
			if (spspec == NULL)
				return -1;
			insspspec(cur_rmconf, spspec);
		}
break;
case 352:
#line 2149 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			struct etypes *new;
			new = racoon_malloc(sizeof(struct etypes));
			if (new == NULL) {
				yyerror("failed to allocate etypes");
				return -1;
			}
			new->type = yystack.l_mark[0].num;
			new->next = NULL;
			if (cur_rmconf->etypes == NULL)
				cur_rmconf->etypes = new;
			else {
				struct etypes *p;
				for (p = cur_rmconf->etypes;
				     p->next != NULL;
				     p = p->next)
					;
				p->next = new;
			}
		}
break;
case 353:
#line 2172 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->mycert != NULL) {
				yyerror("certificate_type already defined\n");
				return -1;
			}

			if (load_x509(yystack.l_mark[-1].val->v, &cur_rmconf->mycertfile,
				      &cur_rmconf->mycert)) {
				yyerror("failed to load certificate \"%s\"\n",
					yystack.l_mark[-1].val->v);
				return -1;
			}

			cur_rmconf->myprivfile = racoon_strdup(yystack.l_mark[0].val->v);
			STRDUP_FATAL(cur_rmconf->myprivfile);

			vfree(yystack.l_mark[-1].val);
			vfree(yystack.l_mark[0].val);
		}
break;
case 355:
#line 2193 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			char path[MAXPATHLEN];
			int ret = 0;

			if (cur_rmconf->mycert != NULL) {
				yyerror("certificate_type already defined\n");
				return -1;
			}

			cur_rmconf->mycert = vmalloc(1);
			if (cur_rmconf->mycert == NULL) {
				yyerror("failed to allocate mycert");
				return -1;
			}
			cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA;

			getpathname(path, sizeof(path),
				    LC_PATHTYPE_CERT, yystack.l_mark[0].val->v);
			cur_rmconf->send_cr = FALSE;
			cur_rmconf->send_cert = FALSE;
			cur_rmconf->verify_cert = FALSE;
			if (rsa_parse_file(cur_rmconf->rsa_private, path,
					   RSA_TYPE_PRIVATE)) {
				yyerror("Couldn't parse keyfile.\n", path);
				return -1;
			}
			plog(LLV_DEBUG, LOCATION, NULL,
			     "Private PlainRSA keyfile parsed: %s\n", path);
			vfree(yystack.l_mark[0].val);
		}
break;
case 357:
#line 2227 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			yyval.num = algtype2doi(algclass_isakmp_dh, yystack.l_mark[0].num);
			if (yyval.num == -1) {
				yyerror("must be DH group");
				return -1;
			}
		}
break;
case 358:
#line 2235 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (ARRAYLEN(num2dhgroup) > yystack.l_mark[0].num && num2dhgroup[yystack.l_mark[0].num] != 0) {
				yyval.num = num2dhgroup[yystack.l_mark[0].num];
			} else {
				yyerror("must be DH group");
				yyval.num = 0;
				return -1;
			}
		}
break;
case 359:
#line 2246 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.val = NULL; }
break;
case 360:
#line 2247 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.val = yystack.l_mark[0].val; }
break;
case 361:
#line 2248 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.val = yystack.l_mark[0].val; }
break;
case 364:
#line 2256 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->spspec->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num;
		}
break;
case 366:
#line 2261 "../../ipsec-tools/src/racoon/cfparse.y"
	{
#if 1
			yyerror("byte lifetime support is deprecated");
			return -1;
#else
			cur_rmconf->spspec->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num);
			if (cur_rmconf->spspec->lifebyte == 0)
				return -1;
#endif
		}
break;
case 368:
#line 2273 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			cur_rmconf->spspec->algclass[algclass_isakmp_dh] = yystack.l_mark[0].num;
		}
break;
case 370:
#line 2278 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) {
				yyerror("wrong Vendor ID for gssapi_id");
				return -1;
			}
			if (cur_rmconf->spspec->gssid != NULL)
				racoon_free(cur_rmconf->spspec->gssid);
			cur_rmconf->spspec->gssid =
			    racoon_strdup(yystack.l_mark[0].val->v);
			STRDUP_FATAL(cur_rmconf->spspec->gssid);
		}
break;
case 372:
#line 2291 "../../ipsec-tools/src/racoon/cfparse.y"
	{
			int doi;
			int defklen;

			doi = algtype2doi(yystack.l_mark[-2].num, yystack.l_mark[-1].num);
			if (doi == -1) {
				yyerror("algorithm mismatched 1");
				return -1;
			}

			switch (yystack.l_mark[-2].num) {
			case algclass_isakmp_enc:
			/* reject suppressed algorithms */
#ifndef HAVE_OPENSSL_RC5_H
				if (yystack.l_mark[-1].num == algtype_rc5) {
					yyerror("algorithm %s not supported",
					    s_attr_isakmp_enc(doi));
					return -1;
				}
#endif
#ifndef HAVE_OPENSSL_IDEA_H
				if (yystack.l_mark[-1].num == algtype_idea) {
					yyerror("algorithm %s not supported",
					    s_attr_isakmp_enc(doi));
					return -1;
				}
#endif

				cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi;
				defklen = default_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num);
				if (defklen == 0) {
					if (yystack.l_mark[0].num) {
						yyerror("keylen not allowed");
						return -1;
					}
				} else {
					if (yystack.l_mark[0].num && check_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) {
						yyerror("invalid keylen %d", yystack.l_mark[0].num);
						return -1;
					}
				}
				if (yystack.l_mark[0].num)
					cur_rmconf->spspec->encklen = yystack.l_mark[0].num;
				else
					cur_rmconf->spspec->encklen = defklen;
				break;
			case algclass_isakmp_hash:
				cur_rmconf->spspec->algclass[algclass_isakmp_hash] = doi;
				break;
			case algclass_isakmp_ameth:
				cur_rmconf->spspec->algclass[algclass_isakmp_ameth] = doi;
				/*
				 * We may have to set the Vendor ID for the
				 * authentication method we're using.
				 */
				switch (yystack.l_mark[-1].num) {
				case algtype_gssapikrb:
					if (cur_rmconf->spspec->vendorid !=
					    VENDORID_UNKNOWN) {
						yyerror("Vendor ID mismatch "
						    "for auth method");
						return -1;
					}
					/*
					 * For interoperability with Win2k,
					 * we set the Vendor ID to "GSSAPI".
					 */
					cur_rmconf->spspec->vendorid =
					    VENDORID_GSSAPI;
					break;
				case algtype_rsasig:
					if (oakley_get_certtype(cur_rmconf->peerscert) == ISAKMP_CERT_PLAINRSA) {
						if (rsa_list_count(cur_rmconf->rsa_private) == 0) {
							yyerror ("Private PlainRSA key not set. "
								 "Use directive 'certificate_type plainrsa ...'\n");
							return -1;
						}
						if (rsa_list_count(cur_rmconf->rsa_public) == 0) {
							yyerror ("Public PlainRSA keys not set. "
								 "Use directive 'peers_certfile plainrsa ...'\n");
							return -1;
						}
					}
					break;
				default:
					break;
				}
				break;
			default:
				yyerror("algorithm mismatched 2");
				return -1;
			}
		}
break;
case 374:
#line 2388 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = 1; }
break;
case 375:
#line 2389 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = 60; }
break;
case 376:
#line 2390 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = (60 * 60); }
break;
case 377:
#line 2393 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = 1; }
break;
case 378:
#line 2394 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = 1024; }
break;
case 379:
#line 2395 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = (1024 * 1024); }
break;
case 380:
#line 2396 "../../ipsec-tools/src/racoon/cfparse.y"
	{ yyval.num = (1024 * 1024 * 1024); }
break;
#line 4299 "racoonyy.tab.c"
    }
    yystack.s_mark -= yym;
    yystate = *yystack.s_mark;
    yystack.l_mark -= yym;
    yym = yylhs[yyn];
    if (yystate == 0 && yym == 0)
    {
#if YYDEBUG
        if (yydebug)
            printf("%sdebug: after reduction, shifting from state 0 to\
 state %d\n", YYPREFIX, YYFINAL);
#endif
        yystate = YYFINAL;
        *++yystack.s_mark = YYFINAL;
        *++yystack.l_mark = yyval;
        if (yychar < 0)
        {
            yychar = YYLEX;
            if (yychar < 0) yychar = YYEOF;
#if YYDEBUG
            if (yydebug)
            {
                if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN];
                printf("%sdebug: state %d, reading %d (%s)\n",
                        YYPREFIX, YYFINAL, yychar, yys);
            }
#endif
        }
        if (yychar == YYEOF) goto yyaccept;
        goto yyloop;
    }
    if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 &&
            yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate)
        yystate = yytable[yyn];
    else
        yystate = yydgoto[yym];
#if YYDEBUG
    if (yydebug)
        printf("%sdebug: after reduction, shifting from state %d \
to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
    if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
    *++yystack.s_mark = (YYINT) yystate;
    *++yystack.l_mark = yyval;
    goto yyloop;

yyoverflow:
    YYERROR_CALL("yacc stack overflow");

yyabort:
    yyfreestack(&yystack);
    return (1);

yyaccept:
    yyfreestack(&yystack);
    return (0);
}