diff options
author | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-05-03 14:15:11 +0200 |
---|---|---|
committer | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-08-02 10:25:37 +0200 |
commit | b376ae131d9e99a90ddbee2015a2e19d67244ba1 (patch) | |
tree | d8a5fd2c217baae5ab62579f02fb8401fef8f22a /freebsd/lib | |
parent | ipsec-tools: Apply patches from FreeBSD ports. (diff) | |
download | rtems-libbsd-b376ae131d9e99a90ddbee2015a2e19d67244ba1.tar.bz2 |
ipsec-tools: Port libipsec, setkey and racoon.
Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.
Diffstat (limited to 'freebsd/lib')
-rw-r--r-- | freebsd/lib/libipsec/ipsec_dump_policy.c | 310 | ||||
-rw-r--r-- | freebsd/lib/libipsec/ipsec_get_policylen.c | 51 | ||||
-rw-r--r-- | freebsd/lib/libipsec/ipsec_strerror.c | 92 | ||||
-rw-r--r-- | freebsd/lib/libipsec/ipsec_strerror.h | 63 | ||||
-rw-r--r-- | freebsd/lib/libipsec/libpfkey.h | 86 | ||||
-rw-r--r-- | freebsd/lib/libipsec/pfkey.c | 2136 | ||||
-rw-r--r-- | freebsd/lib/libipsec/pfkey_dump.c | 682 | ||||
-rw-r--r-- | freebsd/lib/libipsec/policy_parse.c | 966 | ||||
-rw-r--r-- | freebsd/lib/libipsec/policy_parse.y | 438 | ||||
-rw-r--r-- | freebsd/lib/libipsec/policy_token.c | 2005 | ||||
-rw-r--r-- | freebsd/lib/libipsec/policy_token.l | 156 | ||||
-rw-r--r-- | freebsd/lib/libipsec/y.tab.h | 114 |
12 files changed, 0 insertions, 7099 deletions
diff --git a/freebsd/lib/libipsec/ipsec_dump_policy.c b/freebsd/lib/libipsec/ipsec_dump_policy.c deleted file mode 100644 index d1844bf4..00000000 --- a/freebsd/lib/libipsec/ipsec_dump_policy.c +++ /dev/null @@ -1,310 +0,0 @@ -#include <machine/rtems-bsd-user-space.h> - -/* $KAME: ipsec_dump_policy.c,v 1.13 2002/06/27 14:35:11 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> - -#include <netipsec/key_var.h> -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <arpa/inet.h> - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <netdb.h> - -#include "ipsec_strerror.h" - -static const char *ipsp_dir_strs[] = { - "any", "in", "out", -}; - -static const char *ipsp_policy_strs[] = { - "discard", "none", "ipsec", "entrust", "bypass", -}; - -static char *ipsec_dump_ipsecrequest(char *, size_t, - struct sadb_x_ipsecrequest *, size_t); -static int set_addresses(char *, size_t, struct sockaddr *, struct sockaddr *); -static char *set_address(char *, size_t, struct sockaddr *); - -/* - * policy is sadb_x_policy buffer. - * Must call free() later. - * When delimiter == NULL, alternatively ' '(space) is applied. - */ -char * -ipsec_dump_policy(policy, delimiter) - caddr_t policy; - char *delimiter; -{ - struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy; - struct sadb_x_ipsecrequest *xisr; - size_t off, buflen; - char *buf; - char isrbuf[1024]; - char *newbuf; - - /* sanity check */ - if (policy == NULL) - return NULL; - if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { - __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; - return NULL; - } - - /* set delimiter */ - if (delimiter == NULL) - delimiter = " "; - - switch (xpl->sadb_x_policy_dir) { - case IPSEC_DIR_ANY: - case IPSEC_DIR_INBOUND: - case IPSEC_DIR_OUTBOUND: - break; - default: - __ipsec_errcode = EIPSEC_INVAL_DIR; - return NULL; - } - - switch (xpl->sadb_x_policy_type) { - case IPSEC_POLICY_DISCARD: - case IPSEC_POLICY_NONE: - case IPSEC_POLICY_IPSEC: - case IPSEC_POLICY_BYPASS: - case IPSEC_POLICY_ENTRUST: - break; - default: - __ipsec_errcode = EIPSEC_INVAL_POLICY; - return NULL; - } - - buflen = strlen(ipsp_dir_strs[xpl->sadb_x_policy_dir]) - + 1 /* space */ - + strlen(ipsp_policy_strs[xpl->sadb_x_policy_type]) - + 1; /* NUL */ - - if ((buf = malloc(buflen)) == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - return NULL; - } - snprintf(buf, buflen, "%s %s", ipsp_dir_strs[xpl->sadb_x_policy_dir], - ipsp_policy_strs[xpl->sadb_x_policy_type]); - - if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { - __ipsec_errcode = EIPSEC_NO_ERROR; - return buf; - } - - /* count length of buffer for use */ - off = sizeof(*xpl); - while (off < PFKEY_EXTLEN(xpl)) { - xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off); - off += xisr->sadb_x_ipsecrequest_len; - } - - /* validity check */ - if (off != PFKEY_EXTLEN(xpl)) { - __ipsec_errcode = EIPSEC_INVAL_SADBMSG; - free(buf); - return NULL; - } - - off = sizeof(*xpl); - while (off < PFKEY_EXTLEN(xpl)) { - xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off); - - if (ipsec_dump_ipsecrequest(isrbuf, sizeof(isrbuf), xisr, - PFKEY_EXTLEN(xpl) - off) == NULL) { - free(buf); - return NULL; - } - - buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1; - newbuf = (char *)realloc(buf, buflen); - if (newbuf == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - free(buf); - return NULL; - } - buf = newbuf; - snprintf(buf + strlen(buf), buflen - strlen(buf), - "%s%s", delimiter, isrbuf); - - off += xisr->sadb_x_ipsecrequest_len; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return buf; -} - -static char * -ipsec_dump_ipsecrequest(buf, len, xisr, bound) - char *buf; - size_t len; - struct sadb_x_ipsecrequest *xisr; - size_t bound; /* boundary */ -{ - const char *proto, *mode, *level; - char abuf[NI_MAXHOST * 2 + 2]; - - if (xisr->sadb_x_ipsecrequest_len > bound) { - __ipsec_errcode = EIPSEC_INVAL_PROTO; - return NULL; - } - - switch (xisr->sadb_x_ipsecrequest_proto) { - case IPPROTO_ESP: - proto = "esp"; - break; - case IPPROTO_AH: - proto = "ah"; - break; - case IPPROTO_IPCOMP: - proto = "ipcomp"; - break; - case IPPROTO_TCP: - proto = "tcp"; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_PROTO; - return NULL; - } - - switch (xisr->sadb_x_ipsecrequest_mode) { - case IPSEC_MODE_ANY: - mode = "any"; - break; - case IPSEC_MODE_TRANSPORT: - mode = "transport"; - break; - case IPSEC_MODE_TUNNEL: - mode = "tunnel"; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_MODE; - return NULL; - } - - abuf[0] = '\0'; - if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { - struct sockaddr *sa1, *sa2; - caddr_t p; - - p = (caddr_t)(xisr + 1); - sa1 = (struct sockaddr *)p; - sa2 = (struct sockaddr *)(p + sa1->sa_len); - if (sizeof(*xisr) + sa1->sa_len + sa2->sa_len != - xisr->sadb_x_ipsecrequest_len) { - __ipsec_errcode = EIPSEC_INVAL_ADDRESS; - return NULL; - } - if (set_addresses(abuf, sizeof(abuf), sa1, sa2) != 0) { - __ipsec_errcode = EIPSEC_INVAL_ADDRESS; - return NULL; - } - } - - switch (xisr->sadb_x_ipsecrequest_level) { - case IPSEC_LEVEL_DEFAULT: - level = "default"; - break; - case IPSEC_LEVEL_USE: - level = "use"; - break; - case IPSEC_LEVEL_REQUIRE: - level = "require"; - break; - case IPSEC_LEVEL_UNIQUE: - level = "unique"; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_LEVEL; - return NULL; - } - - if (xisr->sadb_x_ipsecrequest_reqid == 0) - snprintf(buf, len, "%s/%s/%s/%s", proto, mode, abuf, level); - else { - int ch; - - if (xisr->sadb_x_ipsecrequest_reqid > IPSEC_MANUAL_REQID_MAX) - ch = '#'; - else - ch = ':'; - snprintf(buf, len, "%s/%s/%s/%s%c%u", proto, mode, abuf, level, - ch, xisr->sadb_x_ipsecrequest_reqid); - } - - return buf; -} - -static int -set_addresses(buf, len, sa1, sa2) - char *buf; - size_t len; - struct sockaddr *sa1; - struct sockaddr *sa2; -{ - char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST]; - - if (set_address(tmp1, sizeof(tmp1), sa1) == NULL || - set_address(tmp2, sizeof(tmp2), sa2) == NULL) - return -1; - if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len) - return -1; - snprintf(buf, len, "%s-%s", tmp1, tmp2); - return 0; -} - -static char * -set_address(buf, len, sa) - char *buf; - size_t len; - struct sockaddr *sa; -{ - const int niflags = NI_NUMERICHOST; - - if (len < 1) - return NULL; - buf[0] = '\0'; - if (getnameinfo(sa, sa->sa_len, buf, len, NULL, 0, niflags) != 0) - return NULL; - return buf; -} diff --git a/freebsd/lib/libipsec/ipsec_get_policylen.c b/freebsd/lib/libipsec/ipsec_get_policylen.c deleted file mode 100644 index 43950ee2..00000000 --- a/freebsd/lib/libipsec/ipsec_get_policylen.c +++ /dev/null @@ -1,51 +0,0 @@ -#include <machine/rtems-bsd-user-space.h> - -/* $KAME: ipsec_get_policylen.c,v 1.5 2000/05/07 05:25:03 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> - -#include <netipsec/ipsec.h> - -#include <net/pfkeyv2.h> - -#include "ipsec_strerror.h" - -int -ipsec_get_policylen(policy) - caddr_t policy; -{ - return policy ? PFKEY_EXTLEN(policy) : -1; -} diff --git a/freebsd/lib/libipsec/ipsec_strerror.c b/freebsd/lib/libipsec/ipsec_strerror.c deleted file mode 100644 index a9eeb511..00000000 --- a/freebsd/lib/libipsec/ipsec_strerror.c +++ /dev/null @@ -1,92 +0,0 @@ -#include <machine/rtems-bsd-user-space.h> - -/* $KAME: ipsec_strerror.c,v 1.7 2000/07/30 00:45:12 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> - -#include <string.h> -#include <netipsec/ipsec.h> - -#include "ipsec_strerror.h" - -int __ipsec_errcode; - -static const char *ipsec_errlist[] = { -"Success", /*EIPSEC_NO_ERROR*/ -"Not supported", /*EIPSEC_NOT_SUPPORTED*/ -"Invalid argument", /*EIPSEC_INVAL_ARGUMENT*/ -"Invalid sadb message", /*EIPSEC_INVAL_SADBMSG*/ -"Invalid version", /*EIPSEC_INVAL_VERSION*/ -"Invalid security policy", /*EIPSEC_INVAL_POLICY*/ -"Invalid address specification", /*EIPSEC_INVAL_ADDRESS*/ -"Invalid ipsec protocol", /*EIPSEC_INVAL_PROTO*/ -"Invalid ipsec mode", /*EIPSEC_INVAL_MODE*/ -"Invalid ipsec level", /*EIPSEC_INVAL_LEVEL*/ -"Invalid SA type", /*EIPSEC_INVAL_SATYPE*/ -"Invalid message type", /*EIPSEC_INVAL_MSGTYPE*/ -"Invalid extension type", /*EIPSEC_INVAL_EXTTYPE*/ -"Invalid algorithm type", /*EIPSEC_INVAL_ALGS*/ -"Invalid key length", /*EIPSEC_INVAL_KEYLEN*/ -"Invalid address family", /*EIPSEC_INVAL_FAMILY*/ -"Invalid prefix length", /*EIPSEC_INVAL_PREFIXLEN*/ -"Invalid direciton", /*EIPSEC_INVAL_DIR*/ -"SPI range violation", /*EIPSEC_INVAL_SPI*/ -"No protocol specified", /*EIPSEC_NO_PROTO*/ -"No algorithm specified", /*EIPSEC_NO_ALGS*/ -"No buffers available", /*EIPSEC_NO_BUFS*/ -"Must get supported algorithms list first", /*EIPSEC_DO_GET_SUPP_LIST*/ -"Protocol mismatch", /*EIPSEC_PROTO_MISMATCH*/ -"Family mismatch", /*EIPSEC_FAMILY_MISMATCH*/ -"Too few arguments", /*EIPSEC_FEW_ARGUMENTS*/ -NULL, /*EIPSEC_SYSTEM_ERROR*/ -"Unknown error", /*EIPSEC_MAX*/ -}; - -const char *ipsec_strerror(void) -{ - if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX) - __ipsec_errcode = EIPSEC_MAX; - - return ipsec_errlist[__ipsec_errcode]; -} - -void __ipsec_set_strerror(const char *str) -{ - __ipsec_errcode = EIPSEC_SYSTEM_ERROR; - ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str; - - return; -} diff --git a/freebsd/lib/libipsec/ipsec_strerror.h b/freebsd/lib/libipsec/ipsec_strerror.h deleted file mode 100644 index d9a1f0de..00000000 --- a/freebsd/lib/libipsec/ipsec_strerror.h +++ /dev/null @@ -1,63 +0,0 @@ -/* $FreeBSD$ */ -/* $KAME: ipsec_strerror.h,v 1.8 2000/07/30 00:45:12 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -extern int __ipsec_errcode; -extern void __ipsec_set_strerror(const char *); - -#define EIPSEC_NO_ERROR 0 /*success*/ -#define EIPSEC_NOT_SUPPORTED 1 /*not supported*/ -#define EIPSEC_INVAL_ARGUMENT 2 /*invalid argument*/ -#define EIPSEC_INVAL_SADBMSG 3 /*invalid sadb message*/ -#define EIPSEC_INVAL_VERSION 4 /*invalid version*/ -#define EIPSEC_INVAL_POLICY 5 /*invalid security policy*/ -#define EIPSEC_INVAL_ADDRESS 6 /*invalid address specification*/ -#define EIPSEC_INVAL_PROTO 7 /*invalid ipsec protocol*/ -#define EIPSEC_INVAL_MODE 8 /*Invalid ipsec mode*/ -#define EIPSEC_INVAL_LEVEL 9 /*invalid ipsec level*/ -#define EIPSEC_INVAL_SATYPE 10 /*invalid SA type*/ -#define EIPSEC_INVAL_MSGTYPE 11 /*invalid message type*/ -#define EIPSEC_INVAL_EXTTYPE 12 /*invalid extension type*/ -#define EIPSEC_INVAL_ALGS 13 /*Invalid algorithm type*/ -#define EIPSEC_INVAL_KEYLEN 14 /*invalid key length*/ -#define EIPSEC_INVAL_FAMILY 15 /*invalid address family*/ -#define EIPSEC_INVAL_PREFIXLEN 16 /*SPI range violation*/ -#define EIPSEC_INVAL_DIR 17 /*Invalid direciton*/ -#define EIPSEC_INVAL_SPI 18 /*invalid prefixlen*/ -#define EIPSEC_NO_PROTO 19 /*no protocol specified*/ -#define EIPSEC_NO_ALGS 20 /*No algorithm specified*/ -#define EIPSEC_NO_BUFS 21 /*no buffers available*/ -#define EIPSEC_DO_GET_SUPP_LIST 22 /*must get supported algorithm first*/ -#define EIPSEC_PROTO_MISMATCH 23 /*protocol mismatch*/ -#define EIPSEC_FAMILY_MISMATCH 24 /*family mismatch*/ -#define EIPSEC_FEW_ARGUMENTS 25 /*Too few arguments*/ -#define EIPSEC_SYSTEM_ERROR 26 /*system error*/ -#define EIPSEC_MAX 27 /*unknown error*/ diff --git a/freebsd/lib/libipsec/libpfkey.h b/freebsd/lib/libipsec/libpfkey.h deleted file mode 100644 index 07ff582e..00000000 --- a/freebsd/lib/libipsec/libpfkey.h +++ /dev/null @@ -1,86 +0,0 @@ -/* $FreeBSD$ */ -/* $KAME: libpfkey.h,v 1.6 2001/03/05 18:22:17 thorpej Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -struct sadb_msg; -extern void pfkey_sadump(struct sadb_msg *); -extern void pfkey_spdump(struct sadb_msg *); - -struct sockaddr; -struct sadb_alg; -int ipsec_check_keylen(u_int, u_int, u_int); -int ipsec_check_keylen2(u_int, u_int, u_int); -int ipsec_get_keylen(u_int, u_int, struct sadb_alg *); -u_int pfkey_set_softrate(u_int, u_int); -u_int pfkey_get_softrate(u_int); -int pfkey_send_getspi(int, u_int, u_int, struct sockaddr *, struct sockaddr *, - u_int32_t, u_int32_t, u_int32_t, u_int32_t); -int pfkey_send_update(int, u_int, u_int, struct sockaddr *, struct sockaddr *, - u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int, - u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t); -int pfkey_send_add(int, u_int, u_int, struct sockaddr *, struct sockaddr *, - u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int, - u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t); -int pfkey_send_delete(int, u_int, u_int, struct sockaddr *, struct sockaddr *, - u_int32_t); -int pfkey_send_delete_all(int, u_int, u_int, struct sockaddr *, - struct sockaddr *); -int pfkey_send_get(int, u_int, u_int, struct sockaddr *, struct sockaddr *, - u_int32_t); -int pfkey_send_register(int, u_int); -int pfkey_recv_register(int); -int pfkey_set_supported(struct sadb_msg *, int); -int pfkey_send_flush(int, u_int); -int pfkey_send_dump(int, u_int); -int pfkey_send_promisc_toggle(int, int); -int pfkey_send_spdadd(int, struct sockaddr *, u_int, struct sockaddr *, u_int, - u_int, caddr_t, int, u_int32_t); -int pfkey_send_spdadd2(int, struct sockaddr *, u_int, struct sockaddr *, u_int, - u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t); -int pfkey_send_spdupdate(int, struct sockaddr *, u_int, struct sockaddr *, - u_int, u_int, caddr_t, int, u_int32_t); -int pfkey_send_spdupdate2(int, struct sockaddr *, u_int, struct sockaddr *, - u_int, u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t); -int pfkey_send_spddelete(int, struct sockaddr *, u_int, struct sockaddr *, - u_int, u_int, caddr_t, int, u_int32_t); -int pfkey_send_spddelete2(int, u_int32_t); -int pfkey_send_spdget(int, u_int32_t); -int pfkey_send_spdsetidx(int, struct sockaddr *, u_int, struct sockaddr *, - u_int, u_int, caddr_t, int, u_int32_t); -int pfkey_send_spdflush(int); -int pfkey_send_spddump(int); - -int pfkey_open(void); -void pfkey_close(int); -struct sadb_msg *pfkey_recv(int); -int pfkey_send(int, struct sadb_msg *, int); -int pfkey_align(struct sadb_msg *, caddr_t *); -int pfkey_check(caddr_t *); diff --git a/freebsd/lib/libipsec/pfkey.c b/freebsd/lib/libipsec/pfkey.c deleted file mode 100644 index 87ef4113..00000000 --- a/freebsd/lib/libipsec/pfkey.c +++ /dev/null @@ -1,2136 +0,0 @@ -#include <machine/rtems-bsd-user-space.h> - -/* $KAME: pfkey.c,v 1.46 2003/08/26 03:37:06 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <net/pfkeyv2.h> -#include <netipsec/key_var.h> -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <errno.h> - -#include "ipsec_strerror.h" -#include "libpfkey.h" - -#define CALLOC(size, cast) (cast)calloc(1, (size)) - -static int findsupportedmap(int); -static int setsupportedmap(struct sadb_supported *); -static struct sadb_alg *findsupportedalg(u_int, u_int); -static int pfkey_send_x1(int, u_int, u_int, u_int, struct sockaddr *, - struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t, - u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t, - u_int32_t, u_int32_t, u_int32_t); -static int pfkey_send_x2(int, u_int, u_int, u_int, - struct sockaddr *, struct sockaddr *, u_int32_t); -static int pfkey_send_x3(int, u_int, u_int); -static int pfkey_send_x4(int, u_int, struct sockaddr *, u_int, - struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, - char *, int, u_int32_t); -static int pfkey_send_x5(int, u_int, u_int32_t); - -static caddr_t pfkey_setsadbmsg(caddr_t, caddr_t, u_int, u_int, - u_int, u_int32_t, pid_t); -static caddr_t pfkey_setsadbsa(caddr_t, caddr_t, u_int32_t, u_int, - u_int, u_int, u_int32_t); -static caddr_t pfkey_setsadbaddr(caddr_t, caddr_t, u_int, - struct sockaddr *, u_int, u_int); -static caddr_t pfkey_setsadbkey(caddr_t, caddr_t, u_int, caddr_t, u_int); -static caddr_t pfkey_setsadblifetime(caddr_t, caddr_t, u_int, u_int32_t, - u_int32_t, u_int32_t, u_int32_t); -static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t); - -/* - * make and search supported algorithm structure. - */ -static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL }; - -static int supported_map[] = { - SADB_SATYPE_AH, - SADB_SATYPE_ESP, - SADB_X_SATYPE_IPCOMP, - SADB_X_SATYPE_TCPSIGNATURE -}; - -static int -findsupportedmap(satype) - int satype; -{ - int i; - - for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++) - if (supported_map[i] == satype) - return i; - return -1; -} - -static struct sadb_alg * -findsupportedalg(satype, alg_id) - u_int satype, alg_id; -{ - int algno; - int tlen; - caddr_t p; - - /* validity check */ - algno = findsupportedmap(satype); - if (algno == -1) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return NULL; - } - if (ipsec_supported[algno] == NULL) { - __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST; - return NULL; - } - - tlen = ipsec_supported[algno]->sadb_supported_len - - sizeof(struct sadb_supported); - p = (caddr_t)(ipsec_supported[algno] + 1); - while (tlen > 0) { - if (tlen < sizeof(struct sadb_alg)) { - /* invalid format */ - break; - } - if (((struct sadb_alg *)p)->sadb_alg_id == alg_id) - return (struct sadb_alg *)p; - - tlen -= sizeof(struct sadb_alg); - p += sizeof(struct sadb_alg); - } - - __ipsec_errcode = EIPSEC_NOT_SUPPORTED; - return NULL; -} - -static int -setsupportedmap(sup) - struct sadb_supported *sup; -{ - struct sadb_supported **ipsup; - - switch (sup->sadb_supported_exttype) { - case SADB_EXT_SUPPORTED_AUTH: - ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)]; - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)]; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - - if (*ipsup) - free(*ipsup); - - *ipsup = malloc(sup->sadb_supported_len); - if (!*ipsup) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - memcpy(*ipsup, sup, sup->sadb_supported_len); - - return 0; -} - -/* - * check key length against algorithm specified. - * This function is called with SADB_EXT_SUPPORTED_{AUTH,ENCRYPT} as the - * augument, and only calls to ipsec_check_keylen2(); - * keylen is the unit of bit. - * OUT: - * -1: invalid. - * 0: valid. - */ -int -ipsec_check_keylen(supported, alg_id, keylen) - u_int supported; - u_int alg_id; - u_int keylen; -{ - int satype; - - /* validity check */ - switch (supported) { - case SADB_EXT_SUPPORTED_AUTH: - satype = SADB_SATYPE_AH; - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - satype = SADB_SATYPE_ESP; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - return ipsec_check_keylen2(satype, alg_id, keylen); -} - -/* - * check key length against algorithm specified. - * satype is one of satype defined at pfkeyv2.h. - * keylen is the unit of bit. - * OUT: - * -1: invalid. - * 0: valid. - */ -int -ipsec_check_keylen2(satype, alg_id, keylen) - u_int satype; - u_int alg_id; - u_int keylen; -{ - struct sadb_alg *alg; - - alg = findsupportedalg(satype, alg_id); - if (!alg) - return -1; - - if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) { - __ipsec_errcode = EIPSEC_INVAL_KEYLEN; - return -1; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -/* - * get max/min key length against algorithm specified. - * satype is one of satype defined at pfkeyv2.h. - * keylen is the unit of bit. - * OUT: - * -1: invalid. - * 0: valid. - */ -int -ipsec_get_keylen(supported, alg_id, alg0) - u_int supported, alg_id; - struct sadb_alg *alg0; -{ - struct sadb_alg *alg; - u_int satype; - - /* validity check */ - if (!alg0) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - switch (supported) { - case SADB_EXT_SUPPORTED_AUTH: - satype = SADB_SATYPE_AH; - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - satype = SADB_SATYPE_ESP; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - alg = findsupportedalg(satype, alg_id); - if (!alg) - return -1; - - memcpy(alg0, alg, sizeof(*alg0)); - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -/* - * set the rate for SOFT lifetime against HARD one. - * If rate is more than 100 or equal to zero, then set to 100. - */ -static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE; -static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE; -static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE; -static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE; - -u_int -pfkey_set_softrate(type, rate) - u_int type, rate; -{ - __ipsec_errcode = EIPSEC_NO_ERROR; - - if (rate > 100 || rate == 0) - rate = 100; - - switch (type) { - case SADB_X_LIFETIME_ALLOCATIONS: - soft_lifetime_allocations_rate = rate; - return 0; - case SADB_X_LIFETIME_BYTES: - soft_lifetime_bytes_rate = rate; - return 0; - case SADB_X_LIFETIME_ADDTIME: - soft_lifetime_addtime_rate = rate; - return 0; - case SADB_X_LIFETIME_USETIME: - soft_lifetime_usetime_rate = rate; - return 0; - } - - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return 1; -} - -/* - * get current rate for SOFT lifetime against HARD one. - * ATTENTION: ~0 is returned if invalid type was passed. - */ -u_int -pfkey_get_softrate(type) - u_int type; -{ - switch (type) { - case SADB_X_LIFETIME_ALLOCATIONS: - return soft_lifetime_allocations_rate; - case SADB_X_LIFETIME_BYTES: - return soft_lifetime_bytes_rate; - case SADB_X_LIFETIME_ADDTIME: - return soft_lifetime_addtime_rate; - case SADB_X_LIFETIME_USETIME: - return soft_lifetime_usetime_rate; - } - - return ~0; -} - -/* - * sending SADB_GETSPI message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq) - int so; - u_int satype, mode; - struct sockaddr *src, *dst; - u_int32_t min, max, reqid, seq; -{ - struct sadb_msg *newmsg; - caddr_t ep; - int len; - int need_spirange = 0; - caddr_t p; - int plen; - - /* validity check */ - if (src == NULL || dst == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - if (src->sa_family != dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - if (min > max || (min > 0 && min <= 255)) { - __ipsec_errcode = EIPSEC_INVAL_SPI; - return -1; - } - switch (src->sa_family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - - /* create new sadb_msg to send. */ - len = sizeof(struct sadb_msg) - + sizeof(struct sadb_x_sa2) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(dst->sa_len); - - if (min > 255 && max < ~0) { - need_spirange++; - len += sizeof(struct sadb_spirange); - } - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_GETSPI, - len, satype, seq, getpid()); - if (!p) { - free(newmsg); - return -1; - } - - p = pfkey_setsadbxsa2(p, ep, mode, reqid); - if (!p) { - free(newmsg); - return -1; - } - - /* set sadb_address for source */ - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - - /* set sadb_address for destination */ - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - - /* proccessing spi range */ - if (need_spirange) { - struct sadb_spirange spirange; - - if (p + sizeof(spirange) > ep) { - free(newmsg); - return -1; - } - - memset(&spirange, 0, sizeof(spirange)); - spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(spirange)); - spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE; - spirange.sadb_spirange_min = min; - spirange.sadb_spirange_max = max; - - memcpy(p, &spirange, sizeof(spirange)); - - p += sizeof(spirange); - } - if (p != ep) { - free(newmsg); - return -1; - } - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* - * sending SADB_UPDATE message to the kernel. - * The length of key material is a_keylen + e_keylen. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize, - keymat, e_type, e_keylen, a_type, a_keylen, flags, - l_alloc, l_bytes, l_addtime, l_usetime, seq) - int so; - u_int satype, mode, wsize; - struct sockaddr *src, *dst; - u_int32_t spi, reqid; - caddr_t keymat; - u_int e_type, e_keylen, a_type, a_keylen, flags; - u_int32_t l_alloc; - u_int64_t l_bytes, l_addtime, l_usetime; - u_int32_t seq; -{ - int len; - if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi, - reqid, wsize, - keymat, e_type, e_keylen, a_type, a_keylen, flags, - l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_ADD message to the kernel. - * The length of key material is a_keylen + e_keylen. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize, - keymat, e_type, e_keylen, a_type, a_keylen, flags, - l_alloc, l_bytes, l_addtime, l_usetime, seq) - int so; - u_int satype, mode, wsize; - struct sockaddr *src, *dst; - u_int32_t spi, reqid; - caddr_t keymat; - u_int e_type, e_keylen, a_type, a_keylen, flags; - u_int32_t l_alloc; - u_int64_t l_bytes, l_addtime, l_usetime; - u_int32_t seq; -{ - int len; - if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi, - reqid, wsize, - keymat, e_type, e_keylen, a_type, a_keylen, flags, - l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_DELETE message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_delete(so, satype, mode, src, dst, spi) - int so; - u_int satype, mode; - struct sockaddr *src, *dst; - u_int32_t spi; -{ - int len; - if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_DELETE without spi to the kernel. This is - * the "delete all" request (an extension also present in - * Solaris). - * - * OUT: - * positive: success and return length sent - * -1 : error occured, and set errno - */ -int -pfkey_send_delete_all(so, satype, mode, src, dst) - int so; - u_int satype, mode; - struct sockaddr *src, *dst; -{ - struct sadb_msg *newmsg; - int len; - caddr_t p; - int plen; - caddr_t ep; - - /* validity check */ - if (src == NULL || dst == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - if (src->sa_family != dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - switch (src->sa_family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - - /* create new sadb_msg to reply. */ - len = sizeof(struct sadb_msg) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(dst->sa_len); - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_DELETE, len, satype, 0, - getpid()); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, - IPSEC_ULPROTO_ANY); - if (!p || p != ep) { - free(newmsg); - return -1; - } - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* - * sending SADB_GET message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_get(so, satype, mode, src, dst, spi) - int so; - u_int satype, mode; - struct sockaddr *src, *dst; - u_int32_t spi; -{ - int len; - if ((len = pfkey_send_x2(so, SADB_GET, satype, mode, src, dst, spi)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_REGISTER message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_register(so, satype) - int so; - u_int satype; -{ - int len, algno; - - if (satype == SADB_SATYPE_UNSPEC) { - for (algno = 0; - algno < sizeof(supported_map)/sizeof(supported_map[0]); - algno++) { - if (ipsec_supported[algno]) { - free(ipsec_supported[algno]); - ipsec_supported[algno] = NULL; - } - } - } else { - algno = findsupportedmap(satype); - if (algno == -1) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - if (ipsec_supported[algno]) { - free(ipsec_supported[algno]); - ipsec_supported[algno] = NULL; - } - } - - if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0) - return -1; - - return len; -} - -/* - * receiving SADB_REGISTER message from the kernel, and copy buffer for - * sadb_supported returned into ipsec_supported. - * OUT: - * 0: success and return length sent. - * -1: error occured, and set errno. - */ -int -pfkey_recv_register(so) - int so; -{ - pid_t pid = getpid(); - struct sadb_msg *newmsg; - int error = -1; - - /* receive message */ - for (;;) { - if ((newmsg = pfkey_recv(so)) == NULL) - return -1; - if (newmsg->sadb_msg_type == SADB_REGISTER && - newmsg->sadb_msg_pid == pid) - break; - free(newmsg); - } - - /* check and fix */ - newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len); - - error = pfkey_set_supported(newmsg, newmsg->sadb_msg_len); - free(newmsg); - - if (error == 0) - __ipsec_errcode = EIPSEC_NO_ERROR; - - return error; -} - -/* - * receiving SADB_REGISTER message from the kernel, and copy buffer for - * sadb_supported returned into ipsec_supported. - * NOTE: sadb_msg_len must be host order. - * IN: - * tlen: msg length, it's to makeing sure. - * OUT: - * 0: success and return length sent. - * -1: error occured, and set errno. - */ -int -pfkey_set_supported(msg, tlen) - struct sadb_msg *msg; - int tlen; -{ - struct sadb_supported *sup; - caddr_t p; - caddr_t ep; - - /* validity */ - if (msg->sadb_msg_len != tlen) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - p = (caddr_t)msg; - ep = p + tlen; - - p += sizeof(struct sadb_msg); - - while (p < ep) { - sup = (struct sadb_supported *)p; - if (ep < p + sizeof(*sup) || - PFKEY_EXTLEN(sup) < sizeof(*sup) || - ep < p + sup->sadb_supported_len) { - /* invalid format */ - break; - } - - switch (sup->sadb_supported_exttype) { - case SADB_EXT_SUPPORTED_AUTH: - case SADB_EXT_SUPPORTED_ENCRYPT: - break; - default: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - - /* fixed length */ - sup->sadb_supported_len = PFKEY_EXTLEN(sup); - - /* set supported map */ - if (setsupportedmap(sup) != 0) - return -1; - - p += sup->sadb_supported_len; - } - - if (p != ep) { - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - - return 0; -} - -/* - * sending SADB_FLUSH message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_flush(so, satype) - int so; - u_int satype; -{ - int len; - - if ((len = pfkey_send_x3(so, SADB_FLUSH, satype)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_DUMP message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_dump(so, satype) - int so; - u_int satype; -{ - int len; - - if ((len = pfkey_send_x3(so, SADB_DUMP, satype)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_PROMISC message to the kernel. - * NOTE that this function handles promisc mode toggle only. - * IN: - * flag: set promisc off if zero, set promisc on if non-zero. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - * 0 : error occured, and set errno. - * others: a pointer to new allocated buffer in which supported - * algorithms is. - */ -int -pfkey_send_promisc_toggle(so, flag) - int so; - int flag; -{ - int len; - - if ((len = pfkey_send_x3(so, SADB_X_PROMISC, (flag ? 1 : 0))) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDADD message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if ((len = pfkey_send_x4(so, SADB_X_SPDADD, - src, prefs, dst, prefd, proto, - 0, 0, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDADD message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdadd2(so, src, prefs, dst, prefd, proto, ltime, vtime, - policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - u_int64_t ltime, vtime; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if ((len = pfkey_send_x4(so, SADB_X_SPDADD, - src, prefs, dst, prefd, proto, - ltime, vtime, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDUPDATE message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, - src, prefs, dst, prefd, proto, - 0, 0, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDUPDATE message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdupdate2(so, src, prefs, dst, prefd, proto, ltime, vtime, - policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - u_int64_t ltime, vtime; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE, - src, prefs, dst, prefd, proto, - ltime, vtime, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDDELETE message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if (policylen != sizeof(struct sadb_x_policy)) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE, - src, prefs, dst, prefd, proto, - 0, 0, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDDELETE message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spddelete2(so, spid) - int so; - u_int32_t spid; -{ - int len; - - if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDGET message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdget(so, spid) - int so; - u_int32_t spid; -{ - int len; - - if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_X_SPDSETIDX message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int prefs, prefd, proto; - caddr_t policy; - int policylen; - u_int32_t seq; -{ - int len; - - if (policylen != sizeof(struct sadb_x_policy)) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX, - src, prefs, dst, prefd, proto, - 0, 0, - policy, policylen, seq)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_SPDFLUSH message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spdflush(so) - int so; -{ - int len; - - if ((len = pfkey_send_x3(so, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC)) < 0) - return -1; - - return len; -} - -/* - * sending SADB_SPDDUMP message to the kernel. - * OUT: - * positive: success and return length sent. - * -1 : error occured, and set errno. - */ -int -pfkey_send_spddump(so) - int so; -{ - int len; - - if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0) - return -1; - - return len; -} - -/* sending SADB_ADD or SADB_UPDATE message to the kernel */ -static int -pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize, - keymat, e_type, e_keylen, a_type, a_keylen, flags, - l_alloc, l_bytes, l_addtime, l_usetime, seq) - int so; - u_int type, satype, mode; - struct sockaddr *src, *dst; - u_int32_t spi, reqid; - u_int wsize; - caddr_t keymat; - u_int e_type, e_keylen, a_type, a_keylen, flags; - u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq; -{ - struct sadb_msg *newmsg; - int len; - caddr_t p; - int plen; - caddr_t ep; - - /* validity check */ - if (src == NULL || dst == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - if (src->sa_family != dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - switch (src->sa_family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - - switch (satype) { - case SADB_SATYPE_ESP: - if (e_type == SADB_EALG_NONE) { - __ipsec_errcode = EIPSEC_NO_ALGS; - return -1; - } - break; - case SADB_SATYPE_AH: - if (e_type != SADB_EALG_NONE) { - __ipsec_errcode = EIPSEC_INVAL_ALGS; - return -1; - } - if (a_type == SADB_AALG_NONE) { - __ipsec_errcode = EIPSEC_NO_ALGS; - return -1; - } - break; - case SADB_X_SATYPE_IPCOMP: - if (e_type == SADB_X_CALG_NONE) { - __ipsec_errcode = EIPSEC_INVAL_ALGS; - return -1; - } - if (a_type != SADB_AALG_NONE) { - __ipsec_errcode = EIPSEC_NO_ALGS; - return -1; - } - break; - case SADB_X_SATYPE_TCPSIGNATURE: - if (e_type != SADB_EALG_NONE) { - __ipsec_errcode = EIPSEC_INVAL_ALGS; - return -1; - } - if (a_type != SADB_X_AALG_TCP_MD5) { - __ipsec_errcode = EIPSEC_INVAL_ALGS; - return -1; - } - break; - default: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - - /* create new sadb_msg to reply. */ - len = sizeof(struct sadb_msg) - + sizeof(struct sadb_sa) - + sizeof(struct sadb_x_sa2) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(dst->sa_len) - + sizeof(struct sadb_lifetime) - + sizeof(struct sadb_lifetime); - - if (e_type != SADB_EALG_NONE) - len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen)); - if (a_type != SADB_AALG_NONE) - len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen)); - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, - satype, seq, getpid()); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbsa(p, ep, spi, wsize, a_type, e_type, flags); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbxsa2(p, ep, mode, reqid); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - - if (e_type != SADB_EALG_NONE) { - p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT, - keymat, e_keylen); - if (!p) { - free(newmsg); - return -1; - } - } - if (a_type != SADB_AALG_NONE) { - p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH, - keymat + e_keylen, a_keylen); - if (!p) { - free(newmsg); - return -1; - } - } - - /* set sadb_lifetime for destination */ - p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD, - l_alloc, l_bytes, l_addtime, l_usetime); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT, - l_alloc, l_bytes, l_addtime, l_usetime); - if (!p || p != ep) { - free(newmsg); - return -1; - } - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* sending SADB_DELETE or SADB_GET message to the kernel */ -static int -pfkey_send_x2(so, type, satype, mode, src, dst, spi) - int so; - u_int type, satype, mode; - struct sockaddr *src, *dst; - u_int32_t spi; -{ - struct sadb_msg *newmsg; - int len; - caddr_t p; - int plen; - caddr_t ep; - - /* validity check */ - if (src == NULL || dst == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - if (src->sa_family != dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - switch (src->sa_family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - - /* create new sadb_msg to reply. */ - len = sizeof(struct sadb_msg) - + sizeof(struct sadb_sa) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(dst->sa_len); - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0, - getpid()); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen, - IPSEC_ULPROTO_ANY); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen, - IPSEC_ULPROTO_ANY); - if (!p || p != ep) { - free(newmsg); - return -1; - } - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* - * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message - * to the kernel - */ -static int -pfkey_send_x3(so, type, satype) - int so; - u_int type, satype; -{ - struct sadb_msg *newmsg; - int len; - caddr_t p; - caddr_t ep; - - /* validity check */ - switch (type) { - case SADB_X_PROMISC: - if (satype != 0 && satype != 1) { - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - break; - default: - switch (satype) { - case SADB_SATYPE_UNSPEC: - case SADB_SATYPE_AH: - case SADB_SATYPE_ESP: - case SADB_X_SATYPE_IPCOMP: - case SADB_X_SATYPE_TCPSIGNATURE: - break; - default: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - } - - /* create new sadb_msg to send. */ - len = sizeof(struct sadb_msg); - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0, - getpid()); - if (!p || p != ep) { - free(newmsg); - return -1; - } - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* sending SADB_X_SPDADD message to the kernel */ -static int -pfkey_send_x4(so, type, src, prefs, dst, prefd, proto, - ltime, vtime, policy, policylen, seq) - int so; - struct sockaddr *src, *dst; - u_int type, prefs, prefd, proto; - u_int64_t ltime, vtime; - char *policy; - int policylen; - u_int32_t seq; -{ - struct sadb_msg *newmsg; - int len; - caddr_t p; - int plen; - caddr_t ep; - - /* validity check */ - if (src == NULL || dst == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - if (src->sa_family != dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - - switch (src->sa_family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - if (prefs > plen || prefd > plen) { - __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN; - return -1; - } - - /* create new sadb_msg to reply. */ - len = sizeof(struct sadb_msg) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_address) - + PFKEY_ALIGN8(src->sa_len) - + sizeof(struct sadb_lifetime) - + policylen; - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, - SADB_SATYPE_UNSPEC, seq, getpid()); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto); - if (!p) { - free(newmsg); - return -1; - } - p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD, - 0, 0, ltime, vtime); - if (!p || p + policylen != ep) { - free(newmsg); - return -1; - } - memcpy(p, policy, policylen); - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel */ -static int -pfkey_send_x5(so, type, spid) - int so; - u_int type; - u_int32_t spid; -{ - struct sadb_msg *newmsg; - struct sadb_x_policy xpl; - int len; - caddr_t p; - caddr_t ep; - - /* create new sadb_msg to reply. */ - len = sizeof(struct sadb_msg) - + sizeof(xpl); - - if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - ep = ((caddr_t)newmsg) + len; - - p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, - SADB_SATYPE_UNSPEC, 0, getpid()); - if (!p) { - free(newmsg); - return -1; - } - - if (p + sizeof(xpl) != ep) { - free(newmsg); - return -1; - } - memset(&xpl, 0, sizeof(xpl)); - xpl.sadb_x_policy_len = PFKEY_UNIT64(sizeof(xpl)); - xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY; - xpl.sadb_x_policy_id = spid; - memcpy(p, &xpl, sizeof(xpl)); - - /* send message */ - len = pfkey_send(so, newmsg, len); - free(newmsg); - - if (len < 0) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* - * open a socket. - * OUT: - * -1: fail. - * others : success and return value of socket. - */ -int -pfkey_open() -{ - int so; - const int bufsiz = 128 * 1024; /*is 128K enough?*/ - - if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - - /* - * This is a temporary workaround for KAME PR 154. - * Don't really care even if it fails. - */ - (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); - - __ipsec_errcode = EIPSEC_NO_ERROR; - return so; -} - -/* - * close a socket. - * OUT: - * 0: success. - * -1: fail. - */ -void -pfkey_close(so) - int so; -{ - (void)close(so); - - __ipsec_errcode = EIPSEC_NO_ERROR; - return; -} - -/* - * receive sadb_msg data, and return pointer to new buffer allocated. - * Must free this buffer later. - * OUT: - * NULL : error occured. - * others : a pointer to sadb_msg structure. - * - * XXX should be rewritten to pass length explicitly - */ -struct sadb_msg * -pfkey_recv(so) - int so; -{ - struct sadb_msg buf, *newmsg; - int len, reallen; - - while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) { - if (errno == EINTR) - continue; - __ipsec_set_strerror(strerror(errno)); - return NULL; - } - - if (len < sizeof(buf)) { - recv(so, (caddr_t)&buf, sizeof(buf), 0); - __ipsec_errcode = EIPSEC_MAX; - return NULL; - } - - /* read real message */ - reallen = PFKEY_UNUNIT64(buf.sadb_msg_len); - if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == NULL) { - __ipsec_set_strerror(strerror(errno)); - return NULL; - } - - while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) { - if (errno == EINTR) - continue; - __ipsec_set_strerror(strerror(errno)); - free(newmsg); - return NULL; - } - - if (len != reallen) { - __ipsec_errcode = EIPSEC_SYSTEM_ERROR; - free(newmsg); - return NULL; - } - - /* don't trust what the kernel says, validate! */ - if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) { - __ipsec_errcode = EIPSEC_SYSTEM_ERROR; - free(newmsg); - return NULL; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return newmsg; -} - -/* - * send message to a socket. - * OUT: - * others: success and return length sent. - * -1 : fail. - */ -int -pfkey_send(so, msg, len) - int so; - struct sadb_msg *msg; - int len; -{ - if ((len = send(so, (caddr_t)msg, len, 0)) < 0) { - __ipsec_set_strerror(strerror(errno)); - return -1; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return len; -} - -/* - * %%% Utilities - * NOTE: These functions are derived from netkey/key.c in KAME. - */ -/* - * set the pointer to each header in this message buffer. - * IN: msg: pointer to message buffer. - * mhp: pointer to the buffer initialized like below: - * caddr_t mhp[SADB_EXT_MAX + 1]; - * OUT: -1: invalid. - * 0: valid. - * - * XXX should be rewritten to obtain length explicitly - */ -int -pfkey_align(msg, mhp) - struct sadb_msg *msg; - caddr_t *mhp; -{ - struct sadb_ext *ext; - int i; - caddr_t p; - caddr_t ep; /* XXX should be passed from upper layer */ - - /* validity check */ - if (msg == NULL || mhp == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - /* initialize */ - for (i = 0; i < SADB_EXT_MAX + 1; i++) - mhp[i] = NULL; - - mhp[0] = (caddr_t)msg; - - /* initialize */ - p = (caddr_t) msg; - ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len); - - /* skip base header */ - p += sizeof(struct sadb_msg); - - while (p < ep) { - ext = (struct sadb_ext *)p; - if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) || - ep < p + PFKEY_EXTLEN(ext)) { - /* invalid format */ - break; - } - - /* duplicate check */ - /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/ - if (mhp[ext->sadb_ext_type] != NULL) { - __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; - return -1; - } - - /* set pointer */ - switch (ext->sadb_ext_type) { - case SADB_EXT_SA: - case SADB_EXT_LIFETIME_CURRENT: - case SADB_EXT_LIFETIME_HARD: - case SADB_EXT_LIFETIME_SOFT: - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_EXT_KEY_AUTH: - /* XXX should to be check weak keys. */ - case SADB_EXT_KEY_ENCRYPT: - /* XXX should to be check weak keys. */ - case SADB_EXT_IDENTITY_SRC: - case SADB_EXT_IDENTITY_DST: - case SADB_EXT_SENSITIVITY: - case SADB_EXT_PROPOSAL: - case SADB_EXT_SUPPORTED_AUTH: - case SADB_EXT_SUPPORTED_ENCRYPT: - case SADB_EXT_SPIRANGE: - case SADB_X_EXT_POLICY: - case SADB_X_EXT_SA2: - case SADB_X_EXT_NAT_T_TYPE: - case SADB_X_EXT_NAT_T_SPORT: - case SADB_X_EXT_NAT_T_DPORT: - case SADB_X_EXT_NAT_T_OAI: - case SADB_X_EXT_NAT_T_OAR: - case SADB_X_EXT_NAT_T_FRAG: - case SADB_X_EXT_SA_REPLAY: - case SADB_X_EXT_NEW_ADDRESS_SRC: - case SADB_X_EXT_NEW_ADDRESS_DST: - mhp[ext->sadb_ext_type] = (caddr_t)ext; - break; - default: - __ipsec_errcode = EIPSEC_INVAL_EXTTYPE; - return -1; - } - - p += PFKEY_EXTLEN(ext); - } - - if (p != ep) { - __ipsec_errcode = EIPSEC_INVAL_SADBMSG; - return -1; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -/* - * check basic usage for sadb_msg, - * NOTE: This routine is derived from netkey/key.c in KAME. - * IN: msg: pointer to message buffer. - * mhp: pointer to the buffer initialized like below: - * - * caddr_t mhp[SADB_EXT_MAX + 1]; - * - * OUT: -1: invalid. - * 0: valid. - */ -int -pfkey_check(mhp) - caddr_t *mhp; -{ - struct sadb_msg *msg; - - /* validity check */ - if (mhp == NULL || mhp[0] == NULL) { - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return -1; - } - - msg = (struct sadb_msg *)mhp[0]; - - /* check version */ - if (msg->sadb_msg_version != PF_KEY_V2) { - __ipsec_errcode = EIPSEC_INVAL_VERSION; - return -1; - } - - /* check type */ - if (msg->sadb_msg_type > SADB_MAX) { - __ipsec_errcode = EIPSEC_INVAL_MSGTYPE; - return -1; - } - - /* check SA type */ - switch (msg->sadb_msg_satype) { - case SADB_SATYPE_UNSPEC: - switch (msg->sadb_msg_type) { - case SADB_GETSPI: - case SADB_UPDATE: - case SADB_ADD: - case SADB_DELETE: - case SADB_GET: - case SADB_ACQUIRE: - case SADB_EXPIRE: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - break; - case SADB_SATYPE_ESP: - case SADB_SATYPE_AH: - case SADB_X_SATYPE_IPCOMP: - case SADB_X_SATYPE_TCPSIGNATURE: - switch (msg->sadb_msg_type) { - case SADB_X_SPDADD: - case SADB_X_SPDDELETE: - case SADB_X_SPDGET: - case SADB_X_SPDDUMP: - case SADB_X_SPDFLUSH: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - break; - case SADB_SATYPE_RSVP: - case SADB_SATYPE_OSPFV2: - case SADB_SATYPE_RIPV2: - case SADB_SATYPE_MIP: - __ipsec_errcode = EIPSEC_NOT_SUPPORTED; - return -1; - case 1: /* XXX: What does it do ? */ - if (msg->sadb_msg_type == SADB_X_PROMISC) - break; - /*FALLTHROUGH*/ - default: - __ipsec_errcode = EIPSEC_INVAL_SATYPE; - return -1; - } - - /* check field of upper layer protocol and address family */ - if (mhp[SADB_EXT_ADDRESS_SRC] != NULL - && mhp[SADB_EXT_ADDRESS_DST] != NULL) { - struct sadb_address *src0, *dst0; - - src0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_SRC]); - dst0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_DST]); - - if (src0->sadb_address_proto != dst0->sadb_address_proto) { - __ipsec_errcode = EIPSEC_PROTO_MISMATCH; - return -1; - } - - if (PFKEY_ADDR_SADDR(src0)->sa_family - != PFKEY_ADDR_SADDR(dst0)->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - - switch (PFKEY_ADDR_SADDR(src0)->sa_family) { - case AF_INET: - case AF_INET6: - break; - default: - __ipsec_errcode = EIPSEC_INVAL_FAMILY; - return -1; - } - - /* - * prefixlen == 0 is valid because there must be the case - * all addresses are matched. - */ - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -/* - * set data into sadb_msg. - * `buf' must has been allocated sufficiently. - */ -static caddr_t -pfkey_setsadbmsg(buf, lim, type, tlen, satype, seq, pid) - caddr_t buf; - caddr_t lim; - u_int type, satype; - u_int tlen; - u_int32_t seq; - pid_t pid; -{ - struct sadb_msg *p; - u_int len; - - p = (struct sadb_msg *)buf; - len = sizeof(struct sadb_msg); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_msg_version = PF_KEY_V2; - p->sadb_msg_type = type; - p->sadb_msg_errno = 0; - p->sadb_msg_satype = satype; - p->sadb_msg_len = PFKEY_UNIT64(tlen); - p->sadb_msg_reserved = 0; - p->sadb_msg_seq = seq; - p->sadb_msg_pid = (u_int32_t)pid; - - return(buf + len); -} - -/* - * copy secasvar data into sadb_address. - * `buf' must has been allocated sufficiently. - */ -static caddr_t -pfkey_setsadbsa(buf, lim, spi, wsize, auth, enc, flags) - caddr_t buf; - caddr_t lim; - u_int32_t spi, flags; - u_int wsize, auth, enc; -{ - struct sadb_sa *p; - u_int len; - - p = (struct sadb_sa *)buf; - len = sizeof(struct sadb_sa); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_sa_len = PFKEY_UNIT64(len); - p->sadb_sa_exttype = SADB_EXT_SA; - p->sadb_sa_spi = spi; - p->sadb_sa_replay = wsize; - p->sadb_sa_state = SADB_SASTATE_LARVAL; - p->sadb_sa_auth = auth; - p->sadb_sa_encrypt = enc; - p->sadb_sa_flags = flags; - - return(buf + len); -} - -/* - * set data into sadb_address. - * `buf' must has been allocated sufficiently. - * prefixlen is in bits. - */ -static caddr_t -pfkey_setsadbaddr(buf, lim, exttype, saddr, prefixlen, ul_proto) - caddr_t buf; - caddr_t lim; - u_int exttype; - struct sockaddr *saddr; - u_int prefixlen; - u_int ul_proto; -{ - struct sadb_address *p; - u_int len; - - p = (struct sadb_address *)buf; - len = sizeof(struct sadb_address) + PFKEY_ALIGN8(saddr->sa_len); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_address_len = PFKEY_UNIT64(len); - p->sadb_address_exttype = exttype & 0xffff; - p->sadb_address_proto = ul_proto & 0xff; - p->sadb_address_prefixlen = prefixlen; - p->sadb_address_reserved = 0; - - memcpy(p + 1, saddr, saddr->sa_len); - - return(buf + len); -} - -/* - * set sadb_key structure after clearing buffer with zero. - * OUT: the pointer of buf + len. - */ -static caddr_t -pfkey_setsadbkey(buf, lim, type, key, keylen) - caddr_t buf; - caddr_t lim; - caddr_t key; - u_int type, keylen; -{ - struct sadb_key *p; - u_int len; - - p = (struct sadb_key *)buf; - len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_key_len = PFKEY_UNIT64(len); - p->sadb_key_exttype = type; - p->sadb_key_bits = keylen << 3; - p->sadb_key_reserved = 0; - - memcpy(p + 1, key, keylen); - - return buf + len; -} - -/* - * set sadb_lifetime structure after clearing buffer with zero. - * OUT: the pointer of buf + len. - */ -static caddr_t -pfkey_setsadblifetime(buf, lim, type, l_alloc, l_bytes, l_addtime, l_usetime) - caddr_t buf; - caddr_t lim; - u_int type; - u_int32_t l_alloc, l_bytes, l_addtime, l_usetime; -{ - struct sadb_lifetime *p; - u_int len; - - p = (struct sadb_lifetime *)buf; - len = sizeof(struct sadb_lifetime); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_lifetime_len = PFKEY_UNIT64(len); - p->sadb_lifetime_exttype = type; - - switch (type) { - case SADB_EXT_LIFETIME_SOFT: - p->sadb_lifetime_allocations - = (l_alloc * soft_lifetime_allocations_rate) /100; - p->sadb_lifetime_bytes - = (l_bytes * soft_lifetime_bytes_rate) /100; - p->sadb_lifetime_addtime - = (l_addtime * soft_lifetime_addtime_rate) /100; - p->sadb_lifetime_usetime - = (l_usetime * soft_lifetime_usetime_rate) /100; - break; - case SADB_EXT_LIFETIME_HARD: - p->sadb_lifetime_allocations = l_alloc; - p->sadb_lifetime_bytes = l_bytes; - p->sadb_lifetime_addtime = l_addtime; - p->sadb_lifetime_usetime = l_usetime; - break; - } - - return buf + len; -} - -/* - * copy secasvar data into sadb_address. - * `buf' must has been allocated sufficiently. - */ -static caddr_t -pfkey_setsadbxsa2(buf, lim, mode0, reqid) - caddr_t buf; - caddr_t lim; - u_int32_t mode0; - u_int32_t reqid; -{ - struct sadb_x_sa2 *p; - u_int8_t mode = mode0 & 0xff; - u_int len; - - p = (struct sadb_x_sa2 *)buf; - len = sizeof(struct sadb_x_sa2); - - if (buf + len > lim) - return NULL; - - memset(p, 0, len); - p->sadb_x_sa2_len = PFKEY_UNIT64(len); - p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; - p->sadb_x_sa2_mode = mode; - p->sadb_x_sa2_reqid = reqid; - - return(buf + len); -} diff --git a/freebsd/lib/libipsec/pfkey_dump.c b/freebsd/lib/libipsec/pfkey_dump.c deleted file mode 100644 index e8d4b9b8..00000000 --- a/freebsd/lib/libipsec/pfkey_dump.c +++ /dev/null @@ -1,682 +0,0 @@ -#include <machine/rtems-bsd-user-space.h> - -/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <net/if.h> -#include <net/pfkeyv2.h> -#include <netipsec/ipsec.h> -#include <netipsec/key_var.h> -#include <netipsec/key_debug.h> - -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <stdlib.h> -#include <unistd.h> -#include <stdio.h> -#include <string.h> -#include <time.h> -#include <netdb.h> - -#include "ipsec_strerror.h" -#include "libpfkey.h" - -/* cope with old kame headers - ugly */ -#ifndef SADB_X_AALG_MD5 -#define SADB_X_AALG_MD5 SADB_AALG_MD5 -#endif -#ifndef SADB_X_AALG_SHA -#define SADB_X_AALG_SHA SADB_AALG_SHA -#endif -#ifndef SADB_X_AALG_NULL -#define SADB_X_AALG_NULL SADB_AALG_NULL -#endif - -#ifndef SADB_X_EALG_BLOWFISHCBC -#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC -#endif -#ifndef SADB_X_EALG_CAST128CBC -#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC -#endif -#ifndef SADB_X_EALG_RC5CBC -#ifdef SADB_EALG_RC5CBC -#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC -#endif -#endif - -#define GETMSGSTR(str, num) \ -do { \ - if (sizeof((str)[0]) == 0 \ - || num >= sizeof(str)/sizeof((str)[0])) \ - printf("%u ", (num)); \ - else if (strlen((str)[(num)]) == 0) \ - printf("%u ", (num)); \ - else \ - printf("%s ", (str)[(num)]); \ -} while (0) - -#define GETMSGV2S(v2s, num) \ -do { \ - struct val2str *p; \ - for (p = (v2s); p && p->str; p++) { \ - if (p->val == (num)) \ - break; \ - } \ - if (p && p->str) \ - printf("%s ", p->str); \ - else \ - printf("%u ", (num)); \ -} while (0) - -static char *str_ipaddr(struct sockaddr *); -static char *str_prefport(u_int, u_int, u_int, u_int); -static void str_upperspec(u_int, u_int, u_int); -static char *str_time(time_t); -static void str_lifetime_byte(struct sadb_lifetime *, char *); - -struct val2str { - int val; - const char *str; -}; - -/* - * Must to be re-written about following strings. - */ -static char *str_satype[] = { - "unspec", - "unknown", - "ah", - "esp", - "unknown", - "rsvp", - "ospfv2", - "ripv2", - "mip", - "ipcomp", - "policy", - "tcp" -}; - -static char *str_mode[] = { - "any", - "transport", - "tunnel", -}; - -static char *str_state[] = { - "larval", - "mature", - "dying", - "dead", -}; - -static struct val2str str_alg_auth[] = { - { SADB_AALG_NONE, "none", }, - { SADB_AALG_MD5HMAC, "hmac-md5", }, - { SADB_AALG_SHA1HMAC, "hmac-sha1", }, - { SADB_X_AALG_MD5, "md5", }, - { SADB_X_AALG_SHA, "sha", }, - { SADB_X_AALG_NULL, "null", }, - { SADB_X_AALG_TCP_MD5, "tcp-md5", }, -#ifdef SADB_X_AALG_SHA2_256 - { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, -#endif -#ifdef SADB_X_AALG_SHA2_384 - { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, -#endif -#ifdef SADB_X_AALG_SHA2_512 - { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, -#endif -#ifdef SADB_X_AALG_RIPEMD160HMAC - { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, -#endif -#ifdef SADB_X_AALG_AES_XCBC_MAC - { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, -#endif - { -1, NULL, }, -}; - -static struct val2str str_alg_enc[] = { - { SADB_EALG_NONE, "none", }, - { SADB_EALG_DESCBC, "des-cbc", }, - { SADB_EALG_3DESCBC, "3des-cbc", }, - { SADB_EALG_NULL, "null", }, -#ifdef SADB_X_EALG_RC5CBC - { SADB_X_EALG_RC5CBC, "rc5-cbc", }, -#endif - { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, - { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, -#ifdef SADB_X_EALG_RIJNDAELCBC - { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, -#endif -#ifdef SADB_X_EALG_TWOFISHCBC - { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", }, -#endif -#ifdef SADB_X_EALG_AESCTR - { SADB_X_EALG_AESCTR, "aes-ctr", }, -#endif -#ifdef SADB_X_EALG_AESGCM16 - { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, -#endif -#ifdef SADB_X_EALG_CAMELLIACBC - { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, -#endif - { -1, NULL, }, -}; - -static struct val2str str_alg_comp[] = { - { SADB_X_CALG_NONE, "none", }, - { SADB_X_CALG_OUI, "oui", }, - { SADB_X_CALG_DEFLATE, "deflate", }, - { SADB_X_CALG_LZS, "lzs", }, - { -1, NULL, }, -}; - -static struct val2str str_sp_scope[] = { - { IPSEC_POLICYSCOPE_GLOBAL, "global" }, - { IPSEC_POLICYSCOPE_IFNET, "ifnet" }, - { IPSEC_POLICYSCOPE_PCB, "pcb"}, - { -1, NULL }, -}; - -/* - * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). - */ -void -pfkey_sadump(m) - struct sadb_msg *m; -{ - caddr_t mhp[SADB_EXT_MAX + 1]; - struct sadb_sa *m_sa; - struct sadb_x_sa2 *m_sa2; - struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts; - struct sadb_address *m_saddr, *m_daddr, *m_paddr; - struct sadb_key *m_auth, *m_enc; - struct sadb_ident *m_sid, *m_did; - struct sadb_sens *m_sens; - struct sadb_x_sa_replay *m_sa_replay; - struct sadb_x_nat_t_type *natt_type; - struct sadb_x_nat_t_port *natt_sport, *natt_dport; - struct sadb_address *natt_oai, *natt_oar; - - /* check pfkey message. */ - if (pfkey_align(m, mhp)) { - printf("%s\n", ipsec_strerror()); - return; - } - if (pfkey_check(mhp)) { - printf("%s\n", ipsec_strerror()); - return; - } - - m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA]; - m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2]; - m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; - m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; - m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT]; - m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; - m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; - m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY]; - m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH]; - m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT]; - m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC]; - m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST]; - m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY]; - m_sa_replay = (struct sadb_x_sa_replay *)mhp[SADB_X_EXT_SA_REPLAY]; - natt_type = (struct sadb_x_nat_t_type *)mhp[SADB_X_EXT_NAT_T_TYPE]; - natt_sport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_SPORT]; - natt_dport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_DPORT]; - natt_oai = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAI]; - natt_oar = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAR]; - - - /* source address */ - if (m_saddr == NULL) { - printf("no ADDRESS_SRC extension.\n"); - return; - } - printf("%s", str_ipaddr((struct sockaddr *)(m_saddr + 1))); - if (natt_type != NULL && natt_sport != NULL) - printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port)); - - /* destination address */ - if (m_daddr == NULL) { - printf("\nno ADDRESS_DST extension.\n"); - return; - } - printf(" %s", str_ipaddr((struct sockaddr *)(m_daddr + 1))); - if (natt_type != NULL && natt_dport != NULL) - printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port)); - - /* SA type */ - if (m_sa == NULL) { - printf("\nno SA extension.\n"); - return; - } - if (m_sa2 == NULL) { - printf("\nno SA2 extension.\n"); - return; - } - printf("\n\t"); - - if (m->sadb_msg_satype == SADB_SATYPE_ESP && natt_type != NULL) - printf("esp-udp "); - else - GETMSGSTR(str_satype, m->sadb_msg_satype); - - printf("mode="); - GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode); - - printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", - (u_int32_t)ntohl(m_sa->sadb_sa_spi), - (u_int32_t)ntohl(m_sa->sadb_sa_spi), - (u_int32_t)m_sa2->sadb_x_sa2_reqid, - (u_int32_t)m_sa2->sadb_x_sa2_reqid); - - /* other NAT-T information */ - if (natt_type != NULL && (natt_oai != NULL || natt_oar != NULL)) { - printf("\tNAT:"); - if (natt_oai != NULL) - printf(" OAI=%s", - str_ipaddr((struct sockaddr *)(natt_oai + 1))); - if (natt_oar != NULL) - printf(" OAR=%s", - str_ipaddr((struct sockaddr *)(natt_oar + 1))); - printf("\n"); - } - - /* encryption key */ - if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { - printf("\tC: "); - GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt); - } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { - if (m_enc != NULL) { - printf("\tE: "); - GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt); - ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc), - m_enc->sadb_key_bits / 8); - printf("\n"); - } - } - - /* authentication key */ - if (m_auth != NULL) { - printf("\tA: "); - GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth); - ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth), - m_auth->sadb_key_bits / 8); - printf("\n"); - } - - /* replay windoe size & flags */ - printf("\tseq=0x%08x replay=%u flags=0x%08x ", - m_sa2->sadb_x_sa2_sequence, - m_sa_replay ? (m_sa_replay->sadb_x_sa_replay_replay >> 3) : - m_sa->sadb_sa_replay, - m_sa->sadb_sa_flags); - - /* state */ - printf("state="); - GETMSGSTR(str_state, m_sa->sadb_sa_state); - printf("\n"); - - /* lifetime */ - if (m_lftc != NULL) { - time_t tmp_time = time(0); - - printf("\tcreated: %s", - str_time(m_lftc->sadb_lifetime_addtime)); - printf("\tcurrent: %s\n", str_time(tmp_time)); - printf("\tdiff: %lu(s)", - (u_long)(m_lftc->sadb_lifetime_addtime == 0 ? - 0 : (tmp_time - m_lftc->sadb_lifetime_addtime))); - - printf("\thard: %lu(s)", - (u_long)(m_lfth == NULL ? - 0 : m_lfth->sadb_lifetime_addtime)); - printf("\tsoft: %lu(s)\n", - (u_long)(m_lfts == NULL ? - 0 : m_lfts->sadb_lifetime_addtime)); - - printf("\tlast: %s", - str_time(m_lftc->sadb_lifetime_usetime)); - printf("\thard: %lu(s)", - (u_long)(m_lfth == NULL ? - 0 : m_lfth->sadb_lifetime_usetime)); - printf("\tsoft: %lu(s)\n", - (u_long)(m_lfts == NULL ? - 0 : m_lfts->sadb_lifetime_usetime)); - - str_lifetime_byte(m_lftc, "current"); - str_lifetime_byte(m_lfth, "hard"); - str_lifetime_byte(m_lfts, "soft"); - printf("\n"); - - printf("\tallocated: %lu", - (unsigned long)m_lftc->sadb_lifetime_allocations); - printf("\thard: %lu", - (u_long)(m_lfth == NULL ? - 0 : m_lfth->sadb_lifetime_allocations)); - printf("\tsoft: %lu\n", - (u_long)(m_lfts == NULL ? - 0 : m_lfts->sadb_lifetime_allocations)); - } - - printf("\tsadb_seq=%lu pid=%lu ", - (u_long)m->sadb_msg_seq, - (u_long)m->sadb_msg_pid); - - /* XXX DEBUG */ - printf("refcnt=%u\n", m->sadb_msg_reserved); - - return; -} - -void -pfkey_spdump(struct sadb_msg *m) -{ - char pbuf[NI_MAXSERV]; - caddr_t mhp[SADB_EXT_MAX + 1]; - struct sadb_address *m_saddr, *m_daddr; - struct sadb_x_policy *m_xpl; - struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL; - struct sockaddr *sa; - u_int16_t sport = 0, dport = 0; - - /* check pfkey message. */ - if (pfkey_align(m, mhp)) { - printf("%s\n", ipsec_strerror()); - return; - } - if (pfkey_check(mhp)) { - printf("%s\n", ipsec_strerror()); - return; - } - - m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; - m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; - m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY]; - m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; - m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; - - if (m_saddr && m_daddr) { - /* source address */ - sa = (struct sockaddr *)(m_saddr + 1); - switch (sa->sa_family) { - case AF_INET: - case AF_INET6: - if (getnameinfo(sa, sa->sa_len, NULL, 0, - pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) - sport = 0; /*XXX*/ - else - sport = atoi(pbuf); - printf("%s%s ", str_ipaddr(sa), - str_prefport(sa->sa_family, - m_saddr->sadb_address_prefixlen, sport, - m_saddr->sadb_address_proto)); - break; - default: - printf("unknown-af "); - break; - } - - /* destination address */ - sa = (struct sockaddr *)(m_daddr + 1); - switch (sa->sa_family) { - case AF_INET: - case AF_INET6: - if (getnameinfo(sa, sa->sa_len, NULL, 0, - pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) - dport = 0; /*XXX*/ - else - dport = atoi(pbuf); - printf("%s%s ", str_ipaddr(sa), - str_prefport(sa->sa_family, - m_daddr->sadb_address_prefixlen, dport, - m_saddr->sadb_address_proto)); - break; - default: - printf("unknown-af "); - break; - } - - /* upper layer protocol */ - if (m_saddr->sadb_address_proto != - m_daddr->sadb_address_proto) { - printf("upper layer protocol mismatched.\n"); - return; - } - str_upperspec(m_saddr->sadb_address_proto, sport, dport); - } - else - printf("(no selector, probably per-socket policy) "); - - /* policy */ - { - char *d_xpl; - - if (m_xpl == NULL) { - printf("no X_POLICY extension.\n"); - return; - } - d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t"); - - /* dump SPD */ - printf("\n\t%s\n", d_xpl); - free(d_xpl); - } - - /* lifetime */ - if (m_lftc) { - printf("\tcreated: %s ", - str_time(m_lftc->sadb_lifetime_addtime)); - printf("lastused: %s\n", - str_time(m_lftc->sadb_lifetime_usetime)); - } - if (m_lfth) { - printf("\tlifetime: %lu(s) ", - (u_long)m_lfth->sadb_lifetime_addtime); - printf("validtime: %lu(s)\n", - (u_long)m_lfth->sadb_lifetime_usetime); - } - - - printf("\tspid=%ld seq=%ld pid=%ld scope=", - (u_long)m_xpl->sadb_x_policy_id, - (u_long)m->sadb_msg_seq, - (u_long)m->sadb_msg_pid); - GETMSGV2S(str_sp_scope, m_xpl->sadb_x_policy_scope); - if (m_xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET && - if_indextoname(m_xpl->sadb_x_policy_ifindex, pbuf) != NULL) - printf("ifname=%s", pbuf); - printf("\n"); - - /* XXX TEST */ - printf("\trefcnt=%u\n", m->sadb_msg_reserved); - - return; -} - -/* - * set "ipaddress" to buffer. - */ -static char * -str_ipaddr(sa) - struct sockaddr *sa; -{ - static char buf[NI_MAXHOST]; - const int niflag = NI_NUMERICHOST; - - if (sa == NULL) - return ""; - - if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0) - return buf; - return NULL; -} - -/* - * set "/prefix[port number]" to buffer. - */ -static char * -str_prefport(family, pref, port, ulp) - u_int family, pref, port, ulp; -{ - static char buf[128]; - char prefbuf[128]; - char portbuf[128]; - int plen; - - switch (family) { - case AF_INET: - plen = sizeof(struct in_addr) << 3; - break; - case AF_INET6: - plen = sizeof(struct in6_addr) << 3; - break; - default: - return "?"; - } - - if (pref == plen) - prefbuf[0] = '\0'; - else - snprintf(prefbuf, sizeof(prefbuf), "/%u", pref); - - if (ulp == IPPROTO_ICMPV6) - memset(portbuf, 0, sizeof(portbuf)); - else { - if (port == IPSEC_PORT_ANY) - snprintf(portbuf, sizeof(portbuf), "[%s]", "any"); - else - snprintf(portbuf, sizeof(portbuf), "[%u]", port); - } - - snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf); - - return buf; -} - -static void -str_upperspec(ulp, p1, p2) - u_int ulp, p1, p2; -{ - if (ulp == IPSEC_ULPROTO_ANY) - printf("any"); - else if (ulp == IPPROTO_ICMPV6) { - printf("icmp6"); - if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY)) - printf(" %u,%u", p1, p2); - } else { - struct protoent *ent; - - switch (ulp) { - case IPPROTO_IPV4: - printf("ip4"); - break; - default: - ent = getprotobynumber(ulp); - if (ent) - printf("%s", ent->p_name); - else - printf("%u", ulp); - - endprotoent(); - break; - } - } -} - -/* - * set "Mon Day Time Year" to buffer - */ -static char * -str_time(t) - time_t t; -{ - static char buf[128]; - - if (t == 0) { - int i = 0; - for (;i < 20;) buf[i++] = ' '; - } else { - char *t0; - t0 = ctime(&t); - memcpy(buf, t0 + 4, 20); - } - - buf[20] = '\0'; - - return(buf); -} - -static void -str_lifetime_byte(x, str) - struct sadb_lifetime *x; - char *str; -{ - double y; - char *unit; - int w; - - if (x == NULL) { - printf("\t%s: 0(bytes)", str); - return; - } - -#if 0 - if ((x->sadb_lifetime_bytes) / 1024 / 1024) { - y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024; - unit = "M"; - w = 1; - } else if ((x->sadb_lifetime_bytes) / 1024) { - y = (x->sadb_lifetime_bytes) * 1.0 / 1024; - unit = "K"; - w = 1; - } else { - y = (x->sadb_lifetime_bytes) * 1.0; - unit = ""; - w = 0; - } -#else - y = (x->sadb_lifetime_bytes) * 1.0; - unit = ""; - w = 0; -#endif - printf("\t%s: %.*f(%sbytes)", str, w, y, unit); -} diff --git a/freebsd/lib/libipsec/policy_parse.c b/freebsd/lib/libipsec/policy_parse.c deleted file mode 100644 index 04aae36b..00000000 --- a/freebsd/lib/libipsec/policy_parse.c +++ /dev/null @@ -1,966 +0,0 @@ -/* original parser id follows */ -/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ -/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ - -#define YYBYACC 1 -#define YYMAJOR 1 -#define YYMINOR 9 -#define YYPATCH 20160324 - -#define YYEMPTY (-1) -#define yyclearin (yychar = YYEMPTY) -#define yyerrok (yyerrflag = 0) -#define YYRECOVERING() (yyerrflag != 0) -#define YYENOMEM (-2) -#define YYEOF 0 - -#ifndef yyparse -#define yyparse __libipsecyyparse -#endif /* yyparse */ - -#ifndef yylex -#define yylex __libipsecyylex -#endif /* yylex */ - -#ifndef yyerror -#define yyerror __libipsecyyerror -#endif /* yyerror */ - -#ifndef yychar -#define yychar __libipsecyychar -#endif /* yychar */ - -#ifndef yyval -#define yyval __libipsecyyval -#endif /* yyval */ - -#ifndef yylval -#define yylval __libipsecyylval -#endif /* yylval */ - -#ifndef yydebug -#define yydebug __libipsecyydebug -#endif /* yydebug */ - -#ifndef yynerrs -#define yynerrs __libipsecyynerrs -#endif /* yynerrs */ - -#ifndef yyerrflag -#define yyerrflag __libipsecyyerrflag -#endif /* yyerrflag */ - -#ifndef yylhs -#define yylhs __libipsecyylhs -#endif /* yylhs */ - -#ifndef yylen -#define yylen __libipsecyylen -#endif /* yylen */ - -#ifndef yydefred -#define yydefred __libipsecyydefred -#endif /* yydefred */ - -#ifndef yydgoto -#define yydgoto __libipsecyydgoto -#endif /* yydgoto */ - -#ifndef yysindex -#define yysindex __libipsecyysindex -#endif /* yysindex */ - -#ifndef yyrindex -#define yyrindex __libipsecyyrindex -#endif /* yyrindex */ - -#ifndef yygindex -#define yygindex __libipsecyygindex -#endif /* yygindex */ - -#ifndef yytable -#define yytable __libipsecyytable -#endif /* yytable */ - -#ifndef yycheck -#define yycheck __libipsecyycheck -#endif /* yycheck */ - -#ifndef yyname -#define yyname __libipsecyyname -#endif /* yyname */ - -#ifndef yyrule -#define yyrule __libipsecyyrule -#endif /* yyrule */ -#define YYPREFIX "__libipsecyy" - -#define YYPURE 0 - -#line 52 "../../freebsd/lib/libipsec/policy_parse.y" -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <netdb.h> - -#include "ipsec_strerror.h" - -#define ATOX(c) \ - (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) - -static caddr_t pbuf = NULL; /* sadb_x_policy buffer */ -static int tlen = 0; /* total length of pbuf */ -static int offset = 0; /* offset of pbuf */ -static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid; -static struct sockaddr *p_src = NULL; -static struct sockaddr *p_dst = NULL; - -struct _val; -extern void yyerror(char *msg); -static struct sockaddr *parse_sockaddr(struct _val *buf); -static int rule_check(void); -static int init_x_policy(void); -static int set_x_request(struct sockaddr *src, struct sockaddr *dst); -static int set_sockaddr(struct sockaddr *addr); -static void policy_parse_request_init(void); -static caddr_t policy_parse(char *msg, int msglen); - -extern void __policy__strbuffer__init__(char *msg); -extern void __policy__strbuffer__free__(void); -extern int yylex(void); - -extern char *__libipsecyytext; /*XXX*/ - -#line 97 "../../freebsd/lib/libipsec/policy_parse.y" -#ifdef YYSTYPE -#undef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 -#endif -#ifndef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 -typedef union { - u_int num; - struct _val { - int len; - char *buf; - } val; -} YYSTYPE; -#endif /* !YYSTYPE_IS_DECLARED */ -#line 160 "__libipsecyy.tab.c" - -/* compatibility with bison */ -#ifdef YYPARSE_PARAM -/* compatibility with FreeBSD */ -# ifdef YYPARSE_PARAM_TYPE -# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) -# else -# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) -# endif -#else -# define YYPARSE_DECL() yyparse(void) -#endif - -/* Parameters sent to lex. */ -#ifdef YYLEX_PARAM -# define YYLEX_DECL() yylex(void *YYLEX_PARAM) -# define YYLEX yylex(YYLEX_PARAM) -#else -# define YYLEX_DECL() yylex(void) -# define YYLEX yylex() -#endif - -/* Parameters sent to yyerror. */ -#ifndef YYERROR_DECL -#define YYERROR_DECL() yyerror(const char *s) -#endif -#ifndef YYERROR_CALL -#define YYERROR_CALL(msg) yyerror(msg) -#endif - -extern int YYPARSE_DECL(); - -#define DIR 257 -#define ACTION 258 -#define PROTOCOL 259 -#define MODE 260 -#define LEVEL 261 -#define LEVEL_SPECIFY 262 -#define IPADDRESS 263 -#define ME 264 -#define ANY 265 -#define SLASH 266 -#define HYPHEN 267 -#define YYERRCODE 256 -typedef int YYINT; -static const YYINT __libipsecyylhs[] = { -1, - 2, 0, 0, 1, 1, 3, 3, 3, 3, 3, - 3, 3, 3, 4, 5, 7, 7, 8, 6, 6, - 6, -}; -static const YYINT __libipsecyylen[] = { 2, - 0, 4, 1, 0, 2, 7, 6, 5, 4, 6, - 3, 2, 1, 1, 1, 1, 1, 0, 4, 3, - 3, -}; -static const YYINT __libipsecyydefred[] = { 0, - 0, 0, 1, 4, 0, 14, 5, 0, 0, 15, - 0, 0, 18, 0, 0, 0, 0, 0, 0, 0, - 16, 17, 10, 0, 0, 20, 21, 6, 19, -}; -static const YYINT __libipsecyydgoto[] = { 2, - 5, 4, 7, 8, 11, 17, 23, 18, -}; -static const YYINT __libipsecyysindex[] = { -257, - -245, 0, 0, 0, -244, 0, 0, -252, -243, 0, - -248, -256, 0, -251, -247, -250, -242, -246, -240, -241, - 0, 0, 0, -250, -237, 0, 0, 0, 0, -}; -static const YYINT __libipsecyyrindex[] = { 0, - 19, 0, 0, 0, 22, 0, 0, 1, 2, 0, - 3, 4, 0, 0, 0, 0, 5, 0, 0, 0, - 0, 0, 0, 6, 0, 0, 0, 0, 0, -}; -static const YYINT __libipsecyygindex[] = { 0, - 0, 0, 0, 0, 0, 0, 7, 0, -}; -#define YYTABLESIZE 265 -static const YYINT __libipsecyytable[] = { 1, - 13, 12, 11, 9, 8, 7, 13, 14, 15, 16, - 21, 22, 3, 9, 6, 19, 10, 12, 3, 20, - 25, 2, 27, 24, 26, 29, 0, 0, 0, 0, - 28, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, - 12, 11, 9, 8, 7, -}; -static const YYINT __libipsecyycheck[] = { 257, - 0, 0, 0, 0, 0, 0, 263, 264, 265, 266, - 261, 262, 258, 266, 259, 267, 260, 266, 0, 267, - 267, 0, 264, 266, 265, 263, -1, -1, -1, -1, - 24, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 259, - 259, 259, 259, 259, 259, -}; -#define YYFINAL 2 -#ifndef YYDEBUG -#define YYDEBUG 0 -#endif -#define YYMAXTOKEN 267 -#define YYUNDFTOKEN 278 -#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) -#if YYDEBUG -static const char *const __libipsecyyname[] = { - -"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"DIR","ACTION","PROTOCOL","MODE", -"LEVEL","LEVEL_SPECIFY","IPADDRESS","ME","ANY","SLASH","HYPHEN",0,0,0,0,0,0,0,0, -0,0,"illegal-symbol", -}; -static const char *const __libipsecyyrule[] = { -"$accept : policy_spec", -"$$1 :", -"policy_spec : DIR ACTION $$1 rules", -"policy_spec : DIR", -"rules :", -"rules : rules rule", -"rule : protocol SLASH mode SLASH addresses SLASH level", -"rule : protocol SLASH mode SLASH addresses SLASH", -"rule : protocol SLASH mode SLASH addresses", -"rule : protocol SLASH mode SLASH", -"rule : protocol SLASH mode SLASH SLASH level", -"rule : protocol SLASH mode", -"rule : protocol SLASH", -"rule : protocol", -"protocol : PROTOCOL", -"mode : MODE", -"level : LEVEL", -"level : LEVEL_SPECIFY", -"$$2 :", -"addresses : IPADDRESS $$2 HYPHEN IPADDRESS", -"addresses : ME HYPHEN ANY", -"addresses : ANY HYPHEN ME", - -}; -#endif - -int yydebug; -int yynerrs; - -int yyerrflag; -int yychar; -YYSTYPE yyval; -YYSTYPE yylval; - -/* define the initial stack-sizes */ -#ifdef YYSTACKSIZE -#undef YYMAXDEPTH -#define YYMAXDEPTH YYSTACKSIZE -#else -#ifdef YYMAXDEPTH -#define YYSTACKSIZE YYMAXDEPTH -#else -#define YYSTACKSIZE 10000 -#define YYMAXDEPTH 10000 -#endif -#endif - -#define YYINITSTACKSIZE 200 - -typedef struct { - unsigned stacksize; - YYINT *s_base; - YYINT *s_mark; - YYINT *s_last; - YYSTYPE *l_base; - YYSTYPE *l_mark; -} YYSTACKDATA; -/* variables for the parser stack */ -static YYSTACKDATA yystack; -#line 212 "../../freebsd/lib/libipsec/policy_parse.y" - -void -yyerror(msg) - char *msg; -{ - fprintf(stderr, "libipsec: %s while parsing \"%s\"\n", - msg, __libipsecyytext); - - return; -} - -static struct sockaddr * -parse_sockaddr(buf) - struct _val *buf; -{ - struct addrinfo hints, *res; - char *serv = NULL; - int error; - struct sockaddr *newaddr = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_flags = AI_NUMERICHOST; - error = getaddrinfo(buf->buf, serv, &hints, &res); - if (error != 0) { - yyerror("invalid IP address"); - __ipsec_set_strerror(gai_strerror(error)); - return NULL; - } - - if (res->ai_addr == NULL) { - yyerror("invalid IP address"); - __ipsec_set_strerror(gai_strerror(error)); - return NULL; - } - - newaddr = malloc(res->ai_addr->sa_len); - if (newaddr == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - freeaddrinfo(res); - return NULL; - } - memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len); - - freeaddrinfo(res); - - __ipsec_errcode = EIPSEC_NO_ERROR; - return newaddr; -} - -static int -rule_check() -{ - if (p_type == IPSEC_POLICY_IPSEC) { - if (p_protocol == IPPROTO_IP) { - __ipsec_errcode = EIPSEC_NO_PROTO; - return -1; - } - - if (p_mode != IPSEC_MODE_TRANSPORT - && p_mode != IPSEC_MODE_TUNNEL) { - __ipsec_errcode = EIPSEC_INVAL_MODE; - return -1; - } - - if (p_src == NULL && p_dst == NULL) { - if (p_mode != IPSEC_MODE_TRANSPORT) { - __ipsec_errcode = EIPSEC_INVAL_ADDRESS; - return -1; - } - } - else if (p_src->sa_family != p_dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -init_x_policy() -{ - struct sadb_x_policy *p; - - tlen = sizeof(struct sadb_x_policy); - - pbuf = malloc(tlen); - if (pbuf == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - return -1; - } - memset(pbuf, 0, tlen); - p = (struct sadb_x_policy *)pbuf; - p->sadb_x_policy_len = 0; /* must update later */ - p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; - p->sadb_x_policy_type = p_type; - p->sadb_x_policy_dir = p_dir; - p->sadb_x_policy_id = 0; - - offset = tlen; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -set_x_request(src, dst) - struct sockaddr *src, *dst; -{ - struct sadb_x_ipsecrequest *p; - int reqlen; - - reqlen = sizeof(*p) - + (src ? src->sa_len : 0) - + (dst ? dst->sa_len : 0); - tlen += reqlen; /* increment to total length */ - - pbuf = realloc(pbuf, tlen); - if (pbuf == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - return -1; - } - p = (struct sadb_x_ipsecrequest *)&pbuf[offset]; - p->sadb_x_ipsecrequest_len = reqlen; - p->sadb_x_ipsecrequest_proto = p_protocol; - p->sadb_x_ipsecrequest_mode = p_mode; - p->sadb_x_ipsecrequest_level = p_level; - p->sadb_x_ipsecrequest_reqid = p_reqid; - offset += sizeof(*p); - - if (set_sockaddr(src) || set_sockaddr(dst)) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -set_sockaddr(addr) - struct sockaddr *addr; -{ - if (addr == NULL) { - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; - } - - /* tlen has already incremented */ - - memcpy(&pbuf[offset], addr, addr->sa_len); - - offset += addr->sa_len; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static void -policy_parse_request_init() -{ - p_protocol = IPPROTO_IP; - p_mode = IPSEC_MODE_ANY; - p_level = IPSEC_LEVEL_DEFAULT; - p_reqid = 0; - if (p_src != NULL) { - free(p_src); - p_src = NULL; - } - if (p_dst != NULL) { - free(p_dst); - p_dst = NULL; - } - - return; -} - -static caddr_t -policy_parse(msg, msglen) - char *msg; - int msglen; -{ - int error; - pbuf = NULL; - tlen = 0; - - /* initialize */ - p_dir = IPSEC_DIR_INVALID; - p_type = IPSEC_POLICY_DISCARD; - policy_parse_request_init(); - __policy__strbuffer__init__(msg); - - error = yyparse(); /* it must be set errcode. */ - __policy__strbuffer__free__(); - - if (error) { - if (pbuf != NULL) - free(pbuf); - return NULL; - } - - /* update total length */ - ((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen); - - __ipsec_errcode = EIPSEC_NO_ERROR; - - return pbuf; -} - -caddr_t -ipsec_set_policy(msg, msglen) - char *msg; - int msglen; -{ - caddr_t policy; - - policy = policy_parse(msg, msglen); - if (policy == NULL) { - if (__ipsec_errcode == EIPSEC_NO_ERROR) - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return NULL; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return policy; -} - -#line 604 "__libipsecyy.tab.c" - -#if YYDEBUG -#include <stdio.h> /* needed for printf */ -#endif - -#include <stdlib.h> /* needed for malloc, etc */ -#include <string.h> /* needed for memset */ - -/* allocate initial stack or double stack size, up to YYMAXDEPTH */ -static int yygrowstack(YYSTACKDATA *data) -{ - int i; - unsigned newsize; - YYINT *newss; - YYSTYPE *newvs; - - if ((newsize = data->stacksize) == 0) - newsize = YYINITSTACKSIZE; - else if (newsize >= YYMAXDEPTH) - return YYENOMEM; - else if ((newsize *= 2) > YYMAXDEPTH) - newsize = YYMAXDEPTH; - - i = (int) (data->s_mark - data->s_base); - newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); - if (newss == 0) - return YYENOMEM; - - data->s_base = newss; - data->s_mark = newss + i; - - newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); - if (newvs == 0) - return YYENOMEM; - - data->l_base = newvs; - data->l_mark = newvs + i; - - data->stacksize = newsize; - data->s_last = data->s_base + newsize - 1; - return 0; -} - -#if YYPURE || defined(YY_NO_LEAKS) -static void yyfreestack(YYSTACKDATA *data) -{ - free(data->s_base); - free(data->l_base); - memset(data, 0, sizeof(*data)); -} -#else -#define yyfreestack(data) /* nothing */ -#endif - -#define YYABORT goto yyabort -#define YYREJECT goto yyabort -#define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab - -int -YYPARSE_DECL() -{ - int yym, yyn, yystate; -#if YYDEBUG - const char *yys; - - if ((yys = getenv("YYDEBUG")) != 0) - { - yyn = *yys; - if (yyn >= '0' && yyn <= '9') - yydebug = yyn - '0'; - } -#endif - - yynerrs = 0; - yyerrflag = 0; - yychar = YYEMPTY; - yystate = 0; - -#if YYPURE - memset(&yystack, 0, sizeof(yystack)); -#endif - - if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; - yystack.s_mark = yystack.s_base; - yystack.l_mark = yystack.l_base; - yystate = 0; - *yystack.s_mark = 0; - -yyloop: - if ((yyn = yydefred[yystate]) != 0) goto yyreduce; - if (yychar < 0) - { - if ((yychar = YYLEX) < 0) yychar = YYEOF; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - } - if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, shifting to state %d\n", - YYPREFIX, yystate, yytable[yyn]); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - yystate = yytable[yyn]; - *++yystack.s_mark = yytable[yyn]; - *++yystack.l_mark = yylval; - yychar = YYEMPTY; - if (yyerrflag > 0) --yyerrflag; - goto yyloop; - } - if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { - yyn = yytable[yyn]; - goto yyreduce; - } - if (yyerrflag) goto yyinrecovery; - - YYERROR_CALL("syntax error"); - - goto yyerrlab; - -yyerrlab: - ++yynerrs; - -yyinrecovery: - if (yyerrflag < 3) - { - yyerrflag = 3; - for (;;) - { - if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - yystate = yytable[yyn]; - *++yystack.s_mark = yytable[yyn]; - *++yystack.l_mark = yylval; - goto yyloop; - } - else - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yystack.s_mark); -#endif - if (yystack.s_mark <= yystack.s_base) goto yyabort; - --yystack.s_mark; - --yystack.l_mark; - } - } - } - else - { - if (yychar == YYEOF) goto yyabort; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, error recovery discards token %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - yychar = YYEMPTY; - goto yyloop; - } - -yyreduce: -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, reducing by rule %d (%s)\n", - YYPREFIX, yystate, yyn, yyrule[yyn]); -#endif - yym = yylen[yyn]; - if (yym) - yyval = yystack.l_mark[1-yym]; - else - memset(&yyval, 0, sizeof yyval); - switch (yyn) - { -case 1: -#line 115 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_dir = yystack.l_mark[-1].num; - p_type = yystack.l_mark[0].num; - - if (init_x_policy()) - return -1; - } -break; -case 3: -#line 124 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_dir = yystack.l_mark[0].num; - p_type = 0; /* ignored it by kernel */ - - if (init_x_policy()) - return -1; - } -break; -case 5: -#line 135 "../../freebsd/lib/libipsec/policy_parse.y" - { - if (rule_check() < 0) - return -1; - - if (set_x_request(p_src, p_dst) < 0) - return -1; - - policy_parse_request_init(); - } -break; -case 12: -#line 153 "../../freebsd/lib/libipsec/policy_parse.y" - { - __ipsec_errcode = EIPSEC_FEW_ARGUMENTS; - return -1; - } -break; -case 13: -#line 157 "../../freebsd/lib/libipsec/policy_parse.y" - { - __ipsec_errcode = EIPSEC_FEW_ARGUMENTS; - return -1; - } -break; -case 14: -#line 164 "../../freebsd/lib/libipsec/policy_parse.y" - { p_protocol = yystack.l_mark[0].num; } -break; -case 15: -#line 168 "../../freebsd/lib/libipsec/policy_parse.y" - { p_mode = yystack.l_mark[0].num; } -break; -case 16: -#line 172 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_level = yystack.l_mark[0].num; - p_reqid = 0; - } -break; -case 17: -#line 176 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_level = IPSEC_LEVEL_UNIQUE; - p_reqid = atol(yystack.l_mark[0].val.buf); /* atol() is good. */ - } -break; -case 18: -#line 183 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_src = parse_sockaddr(&yystack.l_mark[0].val); - if (p_src == NULL) - return -1; - } -break; -case 19: -#line 189 "../../freebsd/lib/libipsec/policy_parse.y" - { - p_dst = parse_sockaddr(&yystack.l_mark[0].val); - if (p_dst == NULL) - return -1; - } -break; -case 20: -#line 194 "../../freebsd/lib/libipsec/policy_parse.y" - { - if (p_dir != IPSEC_DIR_OUTBOUND) { - __ipsec_errcode = EIPSEC_INVAL_DIR; - return -1; - } - } -break; -case 21: -#line 200 "../../freebsd/lib/libipsec/policy_parse.y" - { - if (p_dir != IPSEC_DIR_INBOUND) { - __ipsec_errcode = EIPSEC_INVAL_DIR; - return -1; - } - } -break; -#line 908 "__libipsecyy.tab.c" - } - yystack.s_mark -= yym; - yystate = *yystack.s_mark; - yystack.l_mark -= yym; - yym = yylhs[yyn]; - if (yystate == 0 && yym == 0) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state 0 to\ - state %d\n", YYPREFIX, YYFINAL); -#endif - yystate = YYFINAL; - *++yystack.s_mark = YYFINAL; - *++yystack.l_mark = yyval; - if (yychar < 0) - { - if ((yychar = YYLEX) < 0) yychar = YYEOF; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, YYFINAL, yychar, yys); - } -#endif - } - if (yychar == YYEOF) goto yyaccept; - goto yyloop; - } - if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yystate) - yystate = yytable[yyn]; - else - yystate = yydgoto[yym]; -#if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yystack.s_mark, yystate); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - *++yystack.s_mark = (YYINT) yystate; - *++yystack.l_mark = yyval; - goto yyloop; - -yyoverflow: - YYERROR_CALL("yacc stack overflow"); - -yyabort: - yyfreestack(&yystack); - return (1); - -yyaccept: - yyfreestack(&yystack); - return (0); -} diff --git a/freebsd/lib/libipsec/policy_parse.y b/freebsd/lib/libipsec/policy_parse.y deleted file mode 100644 index 46e54e55..00000000 --- a/freebsd/lib/libipsec/policy_parse.y +++ /dev/null @@ -1,438 +0,0 @@ -/* $KAME: policy_parse.y,v 1.14 2003/06/27 03:39:20 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * IN/OUT bound policy configuration take place such below: - * in <policy> - * out <policy> - * - * <policy> is one of following: - * "discard", "none", "ipsec <requests>", "entrust", "bypass", - * - * The following requests are accepted as <requests>: - * - * protocol/mode/src-dst/level - * protocol/mode/src-dst parsed as protocol/mode/src-dst/default - * protocol/mode/src-dst/ parsed as protocol/mode/src-dst/default - * protocol/transport parsed as protocol/mode/any-any/default - * protocol/transport//level parsed as protocol/mode/any-any/level - * - * You can concatenate these requests with either ' '(single space) or '\n'. - */ - -%{ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <netdb.h> - -#include "ipsec_strerror.h" - -#define ATOX(c) \ - (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) - -static caddr_t pbuf = NULL; /* sadb_x_policy buffer */ -static int tlen = 0; /* total length of pbuf */ -static int offset = 0; /* offset of pbuf */ -static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid; -static struct sockaddr *p_src = NULL; -static struct sockaddr *p_dst = NULL; - -struct _val; -extern void yyerror(char *msg); -static struct sockaddr *parse_sockaddr(struct _val *buf); -static int rule_check(void); -static int init_x_policy(void); -static int set_x_request(struct sockaddr *src, struct sockaddr *dst); -static int set_sockaddr(struct sockaddr *addr); -static void policy_parse_request_init(void); -static caddr_t policy_parse(char *msg, int msglen); - -extern void __policy__strbuffer__init__(char *msg); -extern void __policy__strbuffer__free__(void); -extern int yylex(void); - -extern char *__libipsecyytext; /*XXX*/ - -%} - -%union { - u_int num; - struct _val { - int len; - char *buf; - } val; -} - -%token DIR ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY -%token IPADDRESS -%token ME ANY -%token SLASH HYPHEN -%type <num> DIR ACTION PROTOCOL MODE LEVEL -%type <val> IPADDRESS LEVEL_SPECIFY - -%% -policy_spec - : DIR ACTION - { - p_dir = $1; - p_type = $2; - - if (init_x_policy()) - return -1; - } - rules - | DIR - { - p_dir = $1; - p_type = 0; /* ignored it by kernel */ - - if (init_x_policy()) - return -1; - } - ; - -rules - : /*NOTHING*/ - | rules rule { - if (rule_check() < 0) - return -1; - - if (set_x_request(p_src, p_dst) < 0) - return -1; - - policy_parse_request_init(); - } - ; - -rule - : protocol SLASH mode SLASH addresses SLASH level - | protocol SLASH mode SLASH addresses SLASH - | protocol SLASH mode SLASH addresses - | protocol SLASH mode SLASH - | protocol SLASH mode SLASH SLASH level - | protocol SLASH mode - | protocol SLASH { - __ipsec_errcode = EIPSEC_FEW_ARGUMENTS; - return -1; - } - | protocol { - __ipsec_errcode = EIPSEC_FEW_ARGUMENTS; - return -1; - } - ; - -protocol - : PROTOCOL { p_protocol = $1; } - ; - -mode - : MODE { p_mode = $1; } - ; - -level - : LEVEL { - p_level = $1; - p_reqid = 0; - } - | LEVEL_SPECIFY { - p_level = IPSEC_LEVEL_UNIQUE; - p_reqid = atol($1.buf); /* atol() is good. */ - } - ; - -addresses - : IPADDRESS { - p_src = parse_sockaddr(&$1); - if (p_src == NULL) - return -1; - } - HYPHEN - IPADDRESS { - p_dst = parse_sockaddr(&$4); - if (p_dst == NULL) - return -1; - } - | ME HYPHEN ANY { - if (p_dir != IPSEC_DIR_OUTBOUND) { - __ipsec_errcode = EIPSEC_INVAL_DIR; - return -1; - } - } - | ANY HYPHEN ME { - if (p_dir != IPSEC_DIR_INBOUND) { - __ipsec_errcode = EIPSEC_INVAL_DIR; - return -1; - } - } - /* - | ME HYPHEN ME - */ - ; - -%% - -void -yyerror(msg) - char *msg; -{ - fprintf(stderr, "libipsec: %s while parsing \"%s\"\n", - msg, __libipsecyytext); - - return; -} - -static struct sockaddr * -parse_sockaddr(buf) - struct _val *buf; -{ - struct addrinfo hints, *res; - char *serv = NULL; - int error; - struct sockaddr *newaddr = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_flags = AI_NUMERICHOST; - error = getaddrinfo(buf->buf, serv, &hints, &res); - if (error != 0) { - yyerror("invalid IP address"); - __ipsec_set_strerror(gai_strerror(error)); - return NULL; - } - - if (res->ai_addr == NULL) { - yyerror("invalid IP address"); - __ipsec_set_strerror(gai_strerror(error)); - return NULL; - } - - newaddr = malloc(res->ai_addr->sa_len); - if (newaddr == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - freeaddrinfo(res); - return NULL; - } - memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len); - - freeaddrinfo(res); - - __ipsec_errcode = EIPSEC_NO_ERROR; - return newaddr; -} - -static int -rule_check() -{ - if (p_type == IPSEC_POLICY_IPSEC) { - if (p_protocol == IPPROTO_IP) { - __ipsec_errcode = EIPSEC_NO_PROTO; - return -1; - } - - if (p_mode != IPSEC_MODE_TRANSPORT - && p_mode != IPSEC_MODE_TUNNEL) { - __ipsec_errcode = EIPSEC_INVAL_MODE; - return -1; - } - - if (p_src == NULL && p_dst == NULL) { - if (p_mode != IPSEC_MODE_TRANSPORT) { - __ipsec_errcode = EIPSEC_INVAL_ADDRESS; - return -1; - } - } - else if (p_src->sa_family != p_dst->sa_family) { - __ipsec_errcode = EIPSEC_FAMILY_MISMATCH; - return -1; - } - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -init_x_policy() -{ - struct sadb_x_policy *p; - - tlen = sizeof(struct sadb_x_policy); - - pbuf = malloc(tlen); - if (pbuf == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - return -1; - } - memset(pbuf, 0, tlen); - p = (struct sadb_x_policy *)pbuf; - p->sadb_x_policy_len = 0; /* must update later */ - p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; - p->sadb_x_policy_type = p_type; - p->sadb_x_policy_dir = p_dir; - p->sadb_x_policy_id = 0; - - offset = tlen; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -set_x_request(src, dst) - struct sockaddr *src, *dst; -{ - struct sadb_x_ipsecrequest *p; - int reqlen; - - reqlen = sizeof(*p) - + (src ? src->sa_len : 0) - + (dst ? dst->sa_len : 0); - tlen += reqlen; /* increment to total length */ - - pbuf = realloc(pbuf, tlen); - if (pbuf == NULL) { - __ipsec_errcode = EIPSEC_NO_BUFS; - return -1; - } - p = (struct sadb_x_ipsecrequest *)&pbuf[offset]; - p->sadb_x_ipsecrequest_len = reqlen; - p->sadb_x_ipsecrequest_proto = p_protocol; - p->sadb_x_ipsecrequest_mode = p_mode; - p->sadb_x_ipsecrequest_level = p_level; - p->sadb_x_ipsecrequest_reqid = p_reqid; - offset += sizeof(*p); - - if (set_sockaddr(src) || set_sockaddr(dst)) - return -1; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static int -set_sockaddr(addr) - struct sockaddr *addr; -{ - if (addr == NULL) { - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; - } - - /* tlen has already incremented */ - - memcpy(&pbuf[offset], addr, addr->sa_len); - - offset += addr->sa_len; - - __ipsec_errcode = EIPSEC_NO_ERROR; - return 0; -} - -static void -policy_parse_request_init() -{ - p_protocol = IPPROTO_IP; - p_mode = IPSEC_MODE_ANY; - p_level = IPSEC_LEVEL_DEFAULT; - p_reqid = 0; - if (p_src != NULL) { - free(p_src); - p_src = NULL; - } - if (p_dst != NULL) { - free(p_dst); - p_dst = NULL; - } - - return; -} - -static caddr_t -policy_parse(msg, msglen) - char *msg; - int msglen; -{ - int error; - pbuf = NULL; - tlen = 0; - - /* initialize */ - p_dir = IPSEC_DIR_INVALID; - p_type = IPSEC_POLICY_DISCARD; - policy_parse_request_init(); - __policy__strbuffer__init__(msg); - - error = yyparse(); /* it must be set errcode. */ - __policy__strbuffer__free__(); - - if (error) { - if (pbuf != NULL) - free(pbuf); - return NULL; - } - - /* update total length */ - ((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen); - - __ipsec_errcode = EIPSEC_NO_ERROR; - - return pbuf; -} - -caddr_t -ipsec_set_policy(msg, msglen) - char *msg; - int msglen; -{ - caddr_t policy; - - policy = policy_parse(msg, msglen); - if (policy == NULL) { - if (__ipsec_errcode == EIPSEC_NO_ERROR) - __ipsec_errcode = EIPSEC_INVAL_ARGUMENT; - return NULL; - } - - __ipsec_errcode = EIPSEC_NO_ERROR; - return policy; -} - diff --git a/freebsd/lib/libipsec/policy_token.c b/freebsd/lib/libipsec/policy_token.c deleted file mode 100644 index f5b798ea..00000000 --- a/freebsd/lib/libipsec/policy_token.c +++ /dev/null @@ -1,2005 +0,0 @@ - -#line 3 "<stdout>" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ - -#define yy_create_buffer __libipsecyy_create_buffer -#define yy_delete_buffer __libipsecyy_delete_buffer -#define yy_flex_debug __libipsecyy_flex_debug -#define yy_init_buffer __libipsecyy_init_buffer -#define yy_flush_buffer __libipsecyy_flush_buffer -#define yy_load_buffer_state __libipsecyy_load_buffer_state -#define yy_switch_to_buffer __libipsecyy_switch_to_buffer -#define yyin __libipsecyyin -#define yyleng __libipsecyyleng -#define yylex __libipsecyylex -#define yylineno __libipsecyylineno -#define yyout __libipsecyyout -#define yyrestart __libipsecyyrestart -#define yytext __libipsecyytext -#define yywrap __libipsecyywrap -#define yyalloc __libipsecyyalloc -#define yyrealloc __libipsecyyrealloc -#define yyfree __libipsecyyfree - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 37 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ - -#if defined(__FreeBSD__) -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS -#endif -#include <sys/cdefs.h> -#include <stdint.h> -#else -#define __dead2 -#endif - -/* begin standard C headers. */ -#include <stdio.h> -#include <string.h> -#include <errno.h> -#include <stdlib.h> - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */ - -#if defined(__FreeBSD__) || \ - (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include <inttypes.h> -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) -#endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) -#endif - -#endif /* ! C99 */ - -#endif /* ! FLEXINT_H */ - -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -/* C99 requires __STDC__ to be defined as 1. */ -#if defined (__STDC__) - -#define YY_USE_CONST - -#endif /* defined (__STDC__) */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN (yy_start) = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START (((yy_start) - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE __libipsecyyrestart(__libipsecyyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#ifndef YY_BUF_SIZE -#define YY_BUF_SIZE 1024 -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE -typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - -extern yy_size_t __libipsecyyleng; - -extern FILE *__libipsecyyin, *__libipsecyyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up __libipsecyytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ - YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up __libipsecyytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, (yytext_ptr) ) - -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - yy_size_t yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; - -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via __libipsecyyrestart()), so that the user can continue scanning by - * just pointing __libipsecyyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ - -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - * - * Returns the top of the stack, or NULL. - */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) -#define yy_current_buffer YY_CURRENT_BUFFER - -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] - -/* yy_hold_char holds the character lost when __libipsecyytext is formed. */ -static char yy_hold_char; -static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ -yy_size_t __libipsecyyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow __libipsecyywrap()'s to do buffer switches - * instead of setting up a fresh __libipsecyyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void __libipsecyyrestart (FILE *input_file ); -void __libipsecyy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE __libipsecyy_create_buffer (FILE *file,int size ); -void __libipsecyy_delete_buffer (YY_BUFFER_STATE b ); -void __libipsecyy_flush_buffer (YY_BUFFER_STATE b ); -void __libipsecyypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void __libipsecyypop_buffer_state (void ); - -static void __libipsecyyensure_buffer_stack (void ); -static void __libipsecyy_load_buffer_state (void ); -static void __libipsecyy_init_buffer (YY_BUFFER_STATE b,FILE *file ); - -#define YY_FLUSH_BUFFER __libipsecyy_flush_buffer(YY_CURRENT_BUFFER ) - -YY_BUFFER_STATE __libipsecyy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE __libipsecyy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE __libipsecyy_scan_bytes (yyconst char *bytes,yy_size_t len ); - -void *__libipsecyyalloc (yy_size_t ); -void *__libipsecyyrealloc (void *,yy_size_t ); -void __libipsecyyfree (void * ); - -#define yy_new_buffer __libipsecyy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! YY_CURRENT_BUFFER ){ \ - __libipsecyyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! YY_CURRENT_BUFFER ){\ - __libipsecyyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ - -#define __libipsecyywrap() 1 -#define YY_SKIP_YYWRAP - -typedef unsigned char YY_CHAR; - -FILE *__libipsecyyin = (FILE *) 0, *__libipsecyyout = (FILE *) 0; - -typedef int yy_state_type; - -extern int __libipsecyylineno; - -int __libipsecyylineno = 1; - -extern char *__libipsecyytext; -#define yytext_ptr __libipsecyytext - -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ) __dead2; - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up __libipsecyytext. - */ -#define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - __libipsecyyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ - *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; - -#define YY_NUM_RULES 26 -#define YY_END_OF_BUFFER 27 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[99] = - { 0, - 0, 0, 27, 26, 24, 25, 23, 22, 21, 22, - 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, - 24, 0, 22, 9, 22, 22, 22, 22, 22, 22, - 1, 22, 14, 22, 22, 22, 22, 22, 22, 22, - 22, 22, 15, 22, 22, 22, 22, 8, 22, 22, - 22, 2, 22, 11, 22, 22, 22, 17, 22, 22, - 22, 22, 22, 22, 4, 22, 22, 22, 22, 22, - 22, 22, 22, 22, 5, 22, 22, 22, 22, 6, - 22, 22, 22, 10, 22, 22, 13, 20, 16, 3, - 7, 18, 22, 22, 22, 19, 12, 0 - - } ; - -static yyconst flex_int32_t yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 1, 1, 1, 4, 1, 1, 1, - 1, 1, 1, 1, 5, 6, 7, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 9, 1, 1, - 1, 1, 1, 1, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 1, 1, 1, 1, 6, 1, 11, 12, 13, 14, - - 15, 16, 10, 17, 18, 10, 10, 19, 20, 21, - 22, 23, 24, 25, 26, 27, 28, 10, 10, 10, - 29, 10, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst flex_int32_t yy_meta[30] = - { 0, - 1, 1, 1, 2, 1, 2, 1, 3, 2, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3 - } ; - -static yyconst flex_int16_t yy_base[101] = - { 0, - 0, 0, 195, 196, 192, 196, 196, 189, 196, 26, - 27, 30, 28, 29, 31, 33, 32, 36, 40, 37, - 190, 0, 187, 186, 35, 34, 55, 57, 58, 63, - 185, 62, 184, 66, 65, 69, 68, 70, 73, 72, - 74, 0, 183, 91, 92, 93, 75, 179, 76, 95, - 97, 178, 80, 177, 100, 101, 103, 176, 105, 107, - 109, 110, 112, 111, 175, 115, 113, 114, 119, 122, - 121, 124, 126, 130, 174, 132, 133, 139, 140, 173, - 137, 146, 138, 172, 147, 141, 171, 150, 170, 169, - 167, 165, 142, 162, 157, 164, 78, 196, 183, 39 - - } ; - -static yyconst flex_int16_t yy_def[101] = - { 0, - 98, 1, 98, 98, 98, 98, 98, 99, 98, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 98, 100, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 100, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, - 99, 99, 99, 99, 99, 99, 99, 0, 98, 98 - - } ; - -static yyconst flex_int16_t yy_nxt[226] = - { 0, - 4, 5, 6, 4, 7, 8, 9, 8, 8, 8, - 10, 11, 8, 12, 13, 8, 8, 14, 8, 15, - 16, 17, 8, 8, 18, 8, 19, 20, 8, 22, - 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, - 22, 42, 24, 22, 27, 33, 25, 28, 29, 31, - 36, 32, 37, 30, 34, 26, 44, 40, 22, 35, - 22, 22, 41, 43, 38, 22, 22, 39, 22, 22, - 45, 22, 22, 22, 49, 22, 22, 22, 22, 22, - 55, 22, 46, 22, 47, 48, 51, 50, 58, 57, - 54, 52, 53, 56, 22, 22, 22, 63, 22, 62, - - 22, 59, 60, 22, 22, 61, 22, 66, 22, 64, - 22, 65, 22, 22, 22, 22, 22, 22, 22, 72, - 67, 68, 22, 75, 22, 22, 69, 22, 78, 22, - 70, 74, 76, 22, 71, 22, 22, 73, 77, 81, - 22, 22, 22, 22, 22, 22, 79, 80, 82, 22, - 22, 83, 84, 22, 88, 86, 85, 87, 94, 90, - 22, 92, 93, 89, 91, 22, 95, 22, 22, 96, - 22, 96, 22, 22, 22, 22, 22, 22, 22, 22, - 22, 22, 22, 97, 23, 23, 22, 22, 22, 22, - 22, 21, 22, 21, 98, 3, 98, 98, 98, 98, - - 98, 98, 98, 98, 98, 98, 98, 98, 98, 98, - 98, 98, 98, 98, 98, 98, 98, 98, 98, 98, - 98, 98, 98, 98, 98 - } ; - -static yyconst flex_int16_t yy_chk[226] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 10, - 11, 13, 14, 12, 15, 17, 16, 26, 25, 18, - 20, 100, 10, 19, 12, 15, 10, 12, 13, 14, - 18, 14, 19, 13, 16, 11, 26, 20, 27, 17, - 28, 29, 20, 25, 19, 32, 30, 19, 35, 34, - 27, 37, 36, 38, 32, 40, 39, 41, 47, 49, - 38, 97, 28, 53, 29, 30, 34, 32, 41, 40, - 37, 35, 36, 39, 44, 45, 46, 49, 50, 47, - - 51, 44, 45, 55, 56, 46, 57, 53, 59, 50, - 60, 51, 61, 62, 64, 63, 67, 68, 66, 61, - 55, 56, 69, 64, 71, 70, 57, 72, 68, 73, - 59, 63, 66, 74, 60, 76, 77, 62, 67, 71, - 81, 83, 78, 79, 86, 93, 69, 70, 72, 82, - 85, 73, 74, 88, 79, 77, 76, 78, 88, 82, - 95, 85, 86, 81, 83, 94, 93, 96, 92, 94, - 91, 96, 90, 89, 87, 84, 80, 75, 65, 58, - 54, 52, 48, 95, 99, 99, 43, 33, 31, 24, - 23, 21, 8, 5, 3, 98, 98, 98, 98, 98, - - 98, 98, 98, 98, 98, 98, 98, 98, 98, 98, - 98, 98, 98, 98, 98, 98, 98, 98, 98, 98, - 98, 98, 98, 98, 98 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -extern int __libipsecyy_flex_debug; -int __libipsecyy_flex_debug = 0; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *__libipsecyytext; -#line 1 "../../freebsd/lib/libipsec/policy_token.l" -/* $FreeBSD$ */ -/* $KAME: policy_token.l,v 1.13 2003/05/09 05:19:55 sakane Exp $ */ -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -#line 34 "../../freebsd/lib/libipsec/policy_token.l" -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <net/route.h> -#include <net/pfkeyv2.h> -#include <netipsec/keydb.h> -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <stdlib.h> -#include <limits.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> - -#include "y.tab.h" -#define yylval __libipsecyylval /* XXX */ - -int __libipsecyylex(void); -#define YY_NO_INPUT 1 -/* common section */ -#line 616 "<stdout>" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include <unistd.h> -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); - -/* Accessor methods to globals. - These are made visible to non-reentrant scanners for convenience. */ - -int __libipsecyylex_destroy (void ); - -int __libipsecyyget_debug (void ); - -void __libipsecyyset_debug (int debug_flag ); - -YY_EXTRA_TYPE __libipsecyyget_extra (void ); - -void __libipsecyyset_extra (YY_EXTRA_TYPE user_defined ); - -FILE *__libipsecyyget_in (void ); - -void __libipsecyyset_in (FILE * in_str ); - -FILE *__libipsecyyget_out (void ); - -void __libipsecyyset_out (FILE * out_str ); - -yy_size_t __libipsecyyget_leng (void ); - -char *__libipsecyyget_text (void ); - -int __libipsecyyget_lineno (void ); - -void __libipsecyyset_lineno (int line_number ); - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int __libipsecyywrap (void ); -#else -extern int __libipsecyywrap (void ); -#endif -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); -#endif - -#ifndef YY_NO_INPUT - -#ifdef __cplusplus -static int yyinput (void ); -#else -static int input (void ); -#endif - -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO do { if (fwrite( __libipsecyytext, __libipsecyyleng, 1, __libipsecyyout )) {} } while (0) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ - size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( __libipsecyyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( __libipsecyyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, __libipsecyyin))==0 && ferror(__libipsecyyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(__libipsecyyin); \ - } \ - }\ -\ - -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* end tables serialization structures and prototypes */ - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int __libipsecyylex (void); - -#define YY_DECL int __libipsecyylex (void) -#endif /* !YY_DECL */ - -/* Code executed at the beginning of each rule, after __libipsecyytext and __libipsecyyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -/** The main scanner function which does all the work. - */ -YY_DECL -{ - yy_state_type yy_current_state; - char *yy_cp, *yy_bp; - int yy_act; - -#line 87 "../../freebsd/lib/libipsec/policy_token.l" - - -#line 799 "<stdout>" - - if ( !(yy_init) ) - { - (yy_init) = 1; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ - - if ( ! __libipsecyyin ) - __libipsecyyin = stdin; - - if ( ! __libipsecyyout ) - __libipsecyyout = stdout; - - if ( ! YY_CURRENT_BUFFER ) { - __libipsecyyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); - } - - __libipsecyy_load_buffer_state( ); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = (yy_c_buf_p); - - /* Support of __libipsecyytext. */ - *yy_cp = (yy_hold_char); - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = (yy_start); -yy_match: - do - { - YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 99 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 196 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - -do_action: /* This label is used only to access EOF actions. */ - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 89 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_DIR_INBOUND; return(DIR); } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 90 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 92 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 93 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_POLICY_NONE; return(ACTION); } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 94 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 95 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 96 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 98 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPPROTO_ESP; return(PROTOCOL); } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 99 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPPROTO_AH; return(PROTOCOL); } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 100 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 101 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPPROTO_TCP; return(PROTOCOL); } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 103 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 104 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 106 "../../freebsd/lib/libipsec/policy_token.l" -{ return(ME); } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 107 "../../freebsd/lib/libipsec/policy_token.l" -{ return(ANY); } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 109 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); } - YY_BREAK -case 17: -YY_RULE_SETUP -#line 110 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_LEVEL_USE; return(LEVEL); } - YY_BREAK -case 18: -YY_RULE_SETUP -#line 111 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); } - YY_BREAK -case 19: -YY_RULE_SETUP -#line 112 "../../freebsd/lib/libipsec/policy_token.l" -{ - yylval.val.len = strlen(__libipsecyytext + 7); - yylval.val.buf = __libipsecyytext + 7; - return(LEVEL_SPECIFY); - } - YY_BREAK -case 20: -YY_RULE_SETUP -#line 117 "../../freebsd/lib/libipsec/policy_token.l" -{ yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); } - YY_BREAK -case 21: -YY_RULE_SETUP -#line 118 "../../freebsd/lib/libipsec/policy_token.l" -{ return(SLASH); } - YY_BREAK -case 22: -YY_RULE_SETUP -#line 120 "../../freebsd/lib/libipsec/policy_token.l" -{ - yylval.val.len = strlen(__libipsecyytext); - yylval.val.buf = __libipsecyytext; - return(IPADDRESS); - } - YY_BREAK -case 23: -YY_RULE_SETUP -#line 126 "../../freebsd/lib/libipsec/policy_token.l" -{ return(HYPHEN); } - YY_BREAK -case 24: -YY_RULE_SETUP -#line 128 "../../freebsd/lib/libipsec/policy_token.l" -{ ; } - YY_BREAK -case 25: -/* rule 25 can match eol */ -YY_RULE_SETUP -#line 129 "../../freebsd/lib/libipsec/policy_token.l" -{ ; } - YY_BREAK -case 26: -YY_RULE_SETUP -#line 131 "../../freebsd/lib/libipsec/policy_token.l" -ECHO; - YY_BREAK -#line 1021 "<stdout>" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed __libipsecyyin at a new source and called - * __libipsecyylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = __libipsecyyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = (yy_c_buf_p); - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_END_OF_FILE: - { - (yy_did_buffer_switch_on_eof) = 0; - - if ( __libipsecyywrap( ) ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * __libipsecyytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ -} /* end of __libipsecyylex */ - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ -static int yy_get_next_buffer (void) -{ - char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - char *source = (yytext_ptr); - int number_to_move, i; - int ret_val; - - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; - - else - { - yy_size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - yy_size_t new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - __libipsecyyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - - number_to_move - 1; - - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - if ( (yy_n_chars) == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - __libipsecyyrestart(__libipsecyyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { - /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) __libipsecyyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); - if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); - } - - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; - - return ret_val; -} - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - - static yy_state_type yy_get_previous_state (void) -{ - yy_state_type yy_current_state; - char *yy_cp; - - yy_current_state = (yy_start); - - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) - { - YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 99 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; -} - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ - int yy_is_jam; - char *yy_cp = (yy_c_buf_p); - - YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 99 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 98); - - return yy_is_jam ? 0 : yy_current_state; -} - -#ifndef YY_NO_INPUT -#ifdef __cplusplus - static int yyinput (void) -#else - static int input (void) -#endif - -{ - int c; - - *(yy_c_buf_p) = (yy_hold_char); - - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; - - else - { /* need more input */ - yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - __libipsecyyrestart(__libipsecyyin ); - - /*FALLTHROUGH*/ - - case EOB_ACT_END_OF_FILE: - { - if ( __libipsecyywrap( ) ) - return EOF; - - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; - break; - } - } - } - - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve __libipsecyytext */ - (yy_hold_char) = *++(yy_c_buf_p); - - return c; -} -#endif /* ifndef YY_NO_INPUT */ - -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void __libipsecyyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - __libipsecyyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); - } - - __libipsecyy_init_buffer(YY_CURRENT_BUFFER,input_file ); - __libipsecyy_load_buffer_state( ); -} - -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void __libipsecyy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * __libipsecyypop_buffer_state(); - * __libipsecyypush_buffer_state(new_buffer); - */ - __libipsecyyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) - return; - - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - YY_CURRENT_BUFFER_LVALUE = new_buffer; - __libipsecyy_load_buffer_state( ); - - /* We don't actually know whether we did this switch during - * EOF (__libipsecyywrap()) processing, but the only time this flag - * is looked at is after __libipsecyywrap() is called, so it's safe - * to go ahead and always set it. - */ - (yy_did_buffer_switch_on_eof) = 1; -} - -static void __libipsecyy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - __libipsecyyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} - -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE __libipsecyy_create_buffer (FILE * file, int size ) -{ - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) __libipsecyyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) __libipsecyyalloc(b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - __libipsecyy_init_buffer(b,file ); - - return b; -} - -/** Destroy the buffer. - * @param b a buffer created with __libipsecyy_create_buffer() - * - */ - void __libipsecyy_delete_buffer (YY_BUFFER_STATE b ) -{ - - if ( ! b ) - return; - - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - __libipsecyyfree((void *) b->yy_ch_buf ); - - __libipsecyyfree((void *) b ); -} - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a __libipsecyyrestart() or at EOF. - */ - static void __libipsecyy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - -{ - int oerrno = errno; - - __libipsecyy_flush_buffer(b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - - /* If b is the current buffer, then __libipsecyy_init_buffer was _probably_ - * called from __libipsecyyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} - -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void __libipsecyy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == YY_CURRENT_BUFFER ) - __libipsecyy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void __libipsecyypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - __libipsecyyensure_buffer_stack(); - - /* This block is copied from __libipsecyy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from __libipsecyy_switch_to_buffer. */ - __libipsecyy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void __libipsecyypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - __libipsecyy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - __libipsecyy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void __libipsecyyensure_buffer_stack (void) -{ - yy_size_t num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)__libipsecyyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyyensure_buffer_stack()" ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)__libipsecyyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - if ( ! (yy_buffer_stack) ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyyensure_buffer_stack()" ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE __libipsecyy_scan_buffer (char * base, yy_size_t size ) -{ - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) __libipsecyyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - __libipsecyy_switch_to_buffer(b ); - - return b; -} - -/** Setup the input buffer state to scan a string. The next call to __libipsecyylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * __libipsecyy_scan_bytes() instead. - */ -YY_BUFFER_STATE __libipsecyy_scan_string (yyconst char * yystr ) -{ - - return __libipsecyy_scan_bytes(yystr,strlen(yystr) ); -} - -/** Setup the input buffer state to scan the given bytes. The next call to __libipsecyylex() will - * scan from a @e copy of @a bytes. - * @param yybytes the byte buffer to scan - * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE __libipsecyy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) -{ - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - yy_size_t i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) __libipsecyyalloc(n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_scan_bytes()" ); - - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; - - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - - b = __libipsecyy_scan_buffer(buf,n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in __libipsecyy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up __libipsecyytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - __libipsecyytext[__libipsecyyleng] = (yy_hold_char); \ - (yy_c_buf_p) = __libipsecyytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - __libipsecyyleng = yyless_macro_arg; \ - } \ - while ( 0 ) - -/* Accessor methods (get/set functions) to struct members. */ - -/** Get the current line number. - * - */ -int __libipsecyyget_lineno (void) -{ - - return __libipsecyylineno; -} - -/** Get the input stream. - * - */ -FILE *__libipsecyyget_in (void) -{ - return __libipsecyyin; -} - -/** Get the output stream. - * - */ -FILE *__libipsecyyget_out (void) -{ - return __libipsecyyout; -} - -/** Get the length of the current token. - * - */ -yy_size_t __libipsecyyget_leng (void) -{ - return __libipsecyyleng; -} - -/** Get the current token. - * - */ - -char *__libipsecyyget_text (void) -{ - return __libipsecyytext; -} - -/** Set the current line number. - * @param line_number - * - */ -void __libipsecyyset_lineno (int line_number ) -{ - - __libipsecyylineno = line_number; -} - -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see __libipsecyy_switch_to_buffer - */ -void __libipsecyyset_in (FILE * in_str ) -{ - __libipsecyyin = in_str ; -} - -void __libipsecyyset_out (FILE * out_str ) -{ - __libipsecyyout = out_str ; -} - -int __libipsecyyget_debug (void) -{ - return __libipsecyy_flex_debug; -} - -void __libipsecyyset_debug (int bdebug ) -{ - __libipsecyy_flex_debug = bdebug ; -} - -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from __libipsecyylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - __libipsecyyin = stdin; - __libipsecyyout = stdout; -#else - __libipsecyyin = (FILE *) 0; - __libipsecyyout = (FILE *) 0; -#endif - - /* For future reference: Set errno on error, since we are called by - * __libipsecyylex_init() - */ - return 0; -} - -/* __libipsecyylex_destroy is for both reentrant and non-reentrant scanners. */ -int __libipsecyylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - __libipsecyy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - __libipsecyypop_buffer_state(); - } - - /* Destroy the stack itself. */ - __libipsecyyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; - - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * __libipsecyylex() is called, initialization will occur. */ - yy_init_globals( ); - - return 0; -} - -/* - * Internal utility routines. - */ - -#ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ - int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; -} -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ - int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; -} -#endif - -void *__libipsecyyalloc (yy_size_t size ) -{ - return (void *) malloc( size ); -} - -void *__libipsecyyrealloc (void * ptr, yy_size_t size ) -{ - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); -} - -void __libipsecyyfree (void * ptr ) -{ - free( (char *) ptr ); /* see __libipsecyyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#line 131 "../../freebsd/lib/libipsec/policy_token.l" - - - -void __policy__strbuffer__init__(char *); -void __policy__strbuffer__free__(void); - -static YY_BUFFER_STATE strbuffer; - -void -__policy__strbuffer__init__(msg) - char *msg; -{ - if (YY_CURRENT_BUFFER) - __libipsecyy_delete_buffer(YY_CURRENT_BUFFER); - strbuffer = (YY_BUFFER_STATE)__libipsecyy_scan_string(msg); - __libipsecyy_switch_to_buffer(strbuffer); - - return; -} - -void -__policy__strbuffer__free__() -{ - __libipsecyy_delete_buffer(strbuffer); - - return; -} - diff --git a/freebsd/lib/libipsec/policy_token.l b/freebsd/lib/libipsec/policy_token.l deleted file mode 100644 index 219cce44..00000000 --- a/freebsd/lib/libipsec/policy_token.l +++ /dev/null @@ -1,156 +0,0 @@ -/* $FreeBSD$ */ -/* $KAME: policy_token.l,v 1.13 2003/05/09 05:19:55 sakane Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -%{ -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <net/route.h> -#include <net/pfkeyv2.h> -#include <netipsec/keydb.h> -#include <netinet/in.h> -#include <netipsec/ipsec.h> - -#include <stdlib.h> -#include <limits.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> - -#include "y.tab.h" -#define yylval __libipsecyylval /* XXX */ - -int yylex(void); -%} - -%option noyywrap -%option nounput -%option noinput - -/* common section */ -nl \n -ws [ \t]+ -digit [0-9] -hexdigit [0-9A-Fa-f] -special [()+\|\?\*,] -dot \. -comma \, -hyphen \- -colon \: -slash \/ -bcl \{ -ecl \} -blcl \[ -elcl \] -percent \% -semi \; -usec {dot}{digit}{1,6} -comment \#.* -ccomment "/*" -bracketstring \<[^>]*\> -quotedstring \"[^"]*\" -decstring {digit}+ -hexpair {hexdigit}{hexdigit} -hexstring 0[xX]{hexdigit}+ -octetstring {octet}({dot}{octet})+ -ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*(%[a-zA-Z0-9]+)? - -%% - -in { yylval.num = IPSEC_DIR_INBOUND; return(DIR); } -out { yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); } - -discard { yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); } -none { yylval.num = IPSEC_POLICY_NONE; return(ACTION); } -ipsec { yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); } -bypass { yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); } -entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); } - -esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); } -ah { yylval.num = IPPROTO_AH; return(PROTOCOL); } -ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); } -tcp { yylval.num = IPPROTO_TCP; return(PROTOCOL); } - -transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } -tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } - -me { return(ME); } -any { return(ANY); } - -default { yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); } -use { yylval.num = IPSEC_LEVEL_USE; return(LEVEL); } -require { yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); } -unique{colon}{decstring} { - yylval.val.len = strlen(yytext + 7); - yylval.val.buf = yytext + 7; - return(LEVEL_SPECIFY); - } -unique { yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); } -{slash} { return(SLASH); } - -{ipaddress} { - yylval.val.len = strlen(yytext); - yylval.val.buf = yytext; - return(IPADDRESS); - } - -{hyphen} { return(HYPHEN); } - -{ws} { ; } -{nl} { ; } - -%% - -void __policy__strbuffer__init__(char *); -void __policy__strbuffer__free__(void); - -static YY_BUFFER_STATE strbuffer; - -void -__policy__strbuffer__init__(msg) - char *msg; -{ - if (YY_CURRENT_BUFFER) - yy_delete_buffer(YY_CURRENT_BUFFER); - strbuffer = (YY_BUFFER_STATE)yy_scan_string(msg); - yy_switch_to_buffer(strbuffer); - - return; -} - -void -__policy__strbuffer__free__() -{ - yy_delete_buffer(strbuffer); - - return; -} diff --git a/freebsd/lib/libipsec/y.tab.h b/freebsd/lib/libipsec/y.tab.h deleted file mode 100644 index 98b2785f..00000000 --- a/freebsd/lib/libipsec/y.tab.h +++ /dev/null @@ -1,114 +0,0 @@ -/* A Bison parser, made by GNU Bison 2.7. */ - -/* Bison interface for Yacc-like parsers in C - - Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -#ifndef YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED -# define YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif -#if YYDEBUG -extern int __libipsecyydebug; -#endif - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - DIR = 258, - ACTION = 259, - PROTOCOL = 260, - MODE = 261, - LEVEL = 262, - LEVEL_SPECIFY = 263, - IPADDRESS = 264, - ME = 265, - ANY = 266, - SLASH = 267, - HYPHEN = 268 - }; -#endif -/* Tokens. */ -#define DIR 258 -#define ACTION 259 -#define PROTOCOL 260 -#define MODE 261 -#define LEVEL 262 -#define LEVEL_SPECIFY 263 -#define IPADDRESS 264 -#define ME 265 -#define ANY 266 -#define SLASH 267 -#define HYPHEN 268 - - - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -{ -/* Line 2058 of yacc.c */ -#line 98 "freebsd/lib/libipsec/policy_parse.y" - - u_int num; - struct _val { - int len; - char *buf; - } val; - - -/* Line 2058 of yacc.c */ -#line 92 "__libipsecyy.tab.h" -} YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -#endif - -extern YYSTYPE __libipsecyylval; - -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int __libipsecyyparse (void *YYPARSE_PARAM); -#else -int __libipsecyyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int __libipsecyyparse (void); -#else -int __libipsecyyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - -#endif /* !YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED */ |