summaryrefslogtreecommitdiffstats
path: root/freebsd/lib
diff options
context:
space:
mode:
authorChristian Mauderer <christian.mauderer@embedded-brains.de>2018-05-03 14:15:11 +0200
committerChristian Mauderer <christian.mauderer@embedded-brains.de>2018-08-02 10:25:37 +0200
commitb376ae131d9e99a90ddbee2015a2e19d67244ba1 (patch)
treed8a5fd2c217baae5ab62579f02fb8401fef8f22a /freebsd/lib
parentipsec-tools: Apply patches from FreeBSD ports. (diff)
downloadrtems-libbsd-b376ae131d9e99a90ddbee2015a2e19d67244ba1.tar.bz2
ipsec-tools: Port libipsec, setkey and racoon.
Note that this replaces the libipsec from FreeBSD with the one provided by ipsec-tools.
Diffstat (limited to 'freebsd/lib')
-rw-r--r--freebsd/lib/libipsec/ipsec_dump_policy.c310
-rw-r--r--freebsd/lib/libipsec/ipsec_get_policylen.c51
-rw-r--r--freebsd/lib/libipsec/ipsec_strerror.c92
-rw-r--r--freebsd/lib/libipsec/ipsec_strerror.h63
-rw-r--r--freebsd/lib/libipsec/libpfkey.h86
-rw-r--r--freebsd/lib/libipsec/pfkey.c2136
-rw-r--r--freebsd/lib/libipsec/pfkey_dump.c682
-rw-r--r--freebsd/lib/libipsec/policy_parse.c966
-rw-r--r--freebsd/lib/libipsec/policy_parse.y438
-rw-r--r--freebsd/lib/libipsec/policy_token.c2005
-rw-r--r--freebsd/lib/libipsec/policy_token.l156
-rw-r--r--freebsd/lib/libipsec/y.tab.h114
12 files changed, 0 insertions, 7099 deletions
diff --git a/freebsd/lib/libipsec/ipsec_dump_policy.c b/freebsd/lib/libipsec/ipsec_dump_policy.c
deleted file mode 100644
index d1844bf4..00000000
--- a/freebsd/lib/libipsec/ipsec_dump_policy.c
+++ /dev/null
@@ -1,310 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* $KAME: ipsec_dump_policy.c,v 1.13 2002/06/27 14:35:11 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netipsec/key_var.h>
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <arpa/inet.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netdb.h>
-
-#include "ipsec_strerror.h"
-
-static const char *ipsp_dir_strs[] = {
- "any", "in", "out",
-};
-
-static const char *ipsp_policy_strs[] = {
- "discard", "none", "ipsec", "entrust", "bypass",
-};
-
-static char *ipsec_dump_ipsecrequest(char *, size_t,
- struct sadb_x_ipsecrequest *, size_t);
-static int set_addresses(char *, size_t, struct sockaddr *, struct sockaddr *);
-static char *set_address(char *, size_t, struct sockaddr *);
-
-/*
- * policy is sadb_x_policy buffer.
- * Must call free() later.
- * When delimiter == NULL, alternatively ' '(space) is applied.
- */
-char *
-ipsec_dump_policy(policy, delimiter)
- caddr_t policy;
- char *delimiter;
-{
- struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy;
- struct sadb_x_ipsecrequest *xisr;
- size_t off, buflen;
- char *buf;
- char isrbuf[1024];
- char *newbuf;
-
- /* sanity check */
- if (policy == NULL)
- return NULL;
- if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
- __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
- return NULL;
- }
-
- /* set delimiter */
- if (delimiter == NULL)
- delimiter = " ";
-
- switch (xpl->sadb_x_policy_dir) {
- case IPSEC_DIR_ANY:
- case IPSEC_DIR_INBOUND:
- case IPSEC_DIR_OUTBOUND:
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_DIR;
- return NULL;
- }
-
- switch (xpl->sadb_x_policy_type) {
- case IPSEC_POLICY_DISCARD:
- case IPSEC_POLICY_NONE:
- case IPSEC_POLICY_IPSEC:
- case IPSEC_POLICY_BYPASS:
- case IPSEC_POLICY_ENTRUST:
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_POLICY;
- return NULL;
- }
-
- buflen = strlen(ipsp_dir_strs[xpl->sadb_x_policy_dir])
- + 1 /* space */
- + strlen(ipsp_policy_strs[xpl->sadb_x_policy_type])
- + 1; /* NUL */
-
- if ((buf = malloc(buflen)) == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- return NULL;
- }
- snprintf(buf, buflen, "%s %s", ipsp_dir_strs[xpl->sadb_x_policy_dir],
- ipsp_policy_strs[xpl->sadb_x_policy_type]);
-
- if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return buf;
- }
-
- /* count length of buffer for use */
- off = sizeof(*xpl);
- while (off < PFKEY_EXTLEN(xpl)) {
- xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
- off += xisr->sadb_x_ipsecrequest_len;
- }
-
- /* validity check */
- if (off != PFKEY_EXTLEN(xpl)) {
- __ipsec_errcode = EIPSEC_INVAL_SADBMSG;
- free(buf);
- return NULL;
- }
-
- off = sizeof(*xpl);
- while (off < PFKEY_EXTLEN(xpl)) {
- xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
-
- if (ipsec_dump_ipsecrequest(isrbuf, sizeof(isrbuf), xisr,
- PFKEY_EXTLEN(xpl) - off) == NULL) {
- free(buf);
- return NULL;
- }
-
- buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
- newbuf = (char *)realloc(buf, buflen);
- if (newbuf == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- free(buf);
- return NULL;
- }
- buf = newbuf;
- snprintf(buf + strlen(buf), buflen - strlen(buf),
- "%s%s", delimiter, isrbuf);
-
- off += xisr->sadb_x_ipsecrequest_len;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return buf;
-}
-
-static char *
-ipsec_dump_ipsecrequest(buf, len, xisr, bound)
- char *buf;
- size_t len;
- struct sadb_x_ipsecrequest *xisr;
- size_t bound; /* boundary */
-{
- const char *proto, *mode, *level;
- char abuf[NI_MAXHOST * 2 + 2];
-
- if (xisr->sadb_x_ipsecrequest_len > bound) {
- __ipsec_errcode = EIPSEC_INVAL_PROTO;
- return NULL;
- }
-
- switch (xisr->sadb_x_ipsecrequest_proto) {
- case IPPROTO_ESP:
- proto = "esp";
- break;
- case IPPROTO_AH:
- proto = "ah";
- break;
- case IPPROTO_IPCOMP:
- proto = "ipcomp";
- break;
- case IPPROTO_TCP:
- proto = "tcp";
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_PROTO;
- return NULL;
- }
-
- switch (xisr->sadb_x_ipsecrequest_mode) {
- case IPSEC_MODE_ANY:
- mode = "any";
- break;
- case IPSEC_MODE_TRANSPORT:
- mode = "transport";
- break;
- case IPSEC_MODE_TUNNEL:
- mode = "tunnel";
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_MODE;
- return NULL;
- }
-
- abuf[0] = '\0';
- if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
- struct sockaddr *sa1, *sa2;
- caddr_t p;
-
- p = (caddr_t)(xisr + 1);
- sa1 = (struct sockaddr *)p;
- sa2 = (struct sockaddr *)(p + sa1->sa_len);
- if (sizeof(*xisr) + sa1->sa_len + sa2->sa_len !=
- xisr->sadb_x_ipsecrequest_len) {
- __ipsec_errcode = EIPSEC_INVAL_ADDRESS;
- return NULL;
- }
- if (set_addresses(abuf, sizeof(abuf), sa1, sa2) != 0) {
- __ipsec_errcode = EIPSEC_INVAL_ADDRESS;
- return NULL;
- }
- }
-
- switch (xisr->sadb_x_ipsecrequest_level) {
- case IPSEC_LEVEL_DEFAULT:
- level = "default";
- break;
- case IPSEC_LEVEL_USE:
- level = "use";
- break;
- case IPSEC_LEVEL_REQUIRE:
- level = "require";
- break;
- case IPSEC_LEVEL_UNIQUE:
- level = "unique";
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_LEVEL;
- return NULL;
- }
-
- if (xisr->sadb_x_ipsecrequest_reqid == 0)
- snprintf(buf, len, "%s/%s/%s/%s", proto, mode, abuf, level);
- else {
- int ch;
-
- if (xisr->sadb_x_ipsecrequest_reqid > IPSEC_MANUAL_REQID_MAX)
- ch = '#';
- else
- ch = ':';
- snprintf(buf, len, "%s/%s/%s/%s%c%u", proto, mode, abuf, level,
- ch, xisr->sadb_x_ipsecrequest_reqid);
- }
-
- return buf;
-}
-
-static int
-set_addresses(buf, len, sa1, sa2)
- char *buf;
- size_t len;
- struct sockaddr *sa1;
- struct sockaddr *sa2;
-{
- char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST];
-
- if (set_address(tmp1, sizeof(tmp1), sa1) == NULL ||
- set_address(tmp2, sizeof(tmp2), sa2) == NULL)
- return -1;
- if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len)
- return -1;
- snprintf(buf, len, "%s-%s", tmp1, tmp2);
- return 0;
-}
-
-static char *
-set_address(buf, len, sa)
- char *buf;
- size_t len;
- struct sockaddr *sa;
-{
- const int niflags = NI_NUMERICHOST;
-
- if (len < 1)
- return NULL;
- buf[0] = '\0';
- if (getnameinfo(sa, sa->sa_len, buf, len, NULL, 0, niflags) != 0)
- return NULL;
- return buf;
-}
diff --git a/freebsd/lib/libipsec/ipsec_get_policylen.c b/freebsd/lib/libipsec/ipsec_get_policylen.c
deleted file mode 100644
index 43950ee2..00000000
--- a/freebsd/lib/libipsec/ipsec_get_policylen.c
+++ /dev/null
@@ -1,51 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* $KAME: ipsec_get_policylen.c,v 1.5 2000/05/07 05:25:03 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <netipsec/ipsec.h>
-
-#include <net/pfkeyv2.h>
-
-#include "ipsec_strerror.h"
-
-int
-ipsec_get_policylen(policy)
- caddr_t policy;
-{
- return policy ? PFKEY_EXTLEN(policy) : -1;
-}
diff --git a/freebsd/lib/libipsec/ipsec_strerror.c b/freebsd/lib/libipsec/ipsec_strerror.c
deleted file mode 100644
index a9eeb511..00000000
--- a/freebsd/lib/libipsec/ipsec_strerror.c
+++ /dev/null
@@ -1,92 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* $KAME: ipsec_strerror.c,v 1.7 2000/07/30 00:45:12 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <string.h>
-#include <netipsec/ipsec.h>
-
-#include "ipsec_strerror.h"
-
-int __ipsec_errcode;
-
-static const char *ipsec_errlist[] = {
-"Success", /*EIPSEC_NO_ERROR*/
-"Not supported", /*EIPSEC_NOT_SUPPORTED*/
-"Invalid argument", /*EIPSEC_INVAL_ARGUMENT*/
-"Invalid sadb message", /*EIPSEC_INVAL_SADBMSG*/
-"Invalid version", /*EIPSEC_INVAL_VERSION*/
-"Invalid security policy", /*EIPSEC_INVAL_POLICY*/
-"Invalid address specification", /*EIPSEC_INVAL_ADDRESS*/
-"Invalid ipsec protocol", /*EIPSEC_INVAL_PROTO*/
-"Invalid ipsec mode", /*EIPSEC_INVAL_MODE*/
-"Invalid ipsec level", /*EIPSEC_INVAL_LEVEL*/
-"Invalid SA type", /*EIPSEC_INVAL_SATYPE*/
-"Invalid message type", /*EIPSEC_INVAL_MSGTYPE*/
-"Invalid extension type", /*EIPSEC_INVAL_EXTTYPE*/
-"Invalid algorithm type", /*EIPSEC_INVAL_ALGS*/
-"Invalid key length", /*EIPSEC_INVAL_KEYLEN*/
-"Invalid address family", /*EIPSEC_INVAL_FAMILY*/
-"Invalid prefix length", /*EIPSEC_INVAL_PREFIXLEN*/
-"Invalid direciton", /*EIPSEC_INVAL_DIR*/
-"SPI range violation", /*EIPSEC_INVAL_SPI*/
-"No protocol specified", /*EIPSEC_NO_PROTO*/
-"No algorithm specified", /*EIPSEC_NO_ALGS*/
-"No buffers available", /*EIPSEC_NO_BUFS*/
-"Must get supported algorithms list first", /*EIPSEC_DO_GET_SUPP_LIST*/
-"Protocol mismatch", /*EIPSEC_PROTO_MISMATCH*/
-"Family mismatch", /*EIPSEC_FAMILY_MISMATCH*/
-"Too few arguments", /*EIPSEC_FEW_ARGUMENTS*/
-NULL, /*EIPSEC_SYSTEM_ERROR*/
-"Unknown error", /*EIPSEC_MAX*/
-};
-
-const char *ipsec_strerror(void)
-{
- if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX)
- __ipsec_errcode = EIPSEC_MAX;
-
- return ipsec_errlist[__ipsec_errcode];
-}
-
-void __ipsec_set_strerror(const char *str)
-{
- __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
- ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str;
-
- return;
-}
diff --git a/freebsd/lib/libipsec/ipsec_strerror.h b/freebsd/lib/libipsec/ipsec_strerror.h
deleted file mode 100644
index d9a1f0de..00000000
--- a/freebsd/lib/libipsec/ipsec_strerror.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* $FreeBSD$ */
-/* $KAME: ipsec_strerror.h,v 1.8 2000/07/30 00:45:12 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-extern int __ipsec_errcode;
-extern void __ipsec_set_strerror(const char *);
-
-#define EIPSEC_NO_ERROR 0 /*success*/
-#define EIPSEC_NOT_SUPPORTED 1 /*not supported*/
-#define EIPSEC_INVAL_ARGUMENT 2 /*invalid argument*/
-#define EIPSEC_INVAL_SADBMSG 3 /*invalid sadb message*/
-#define EIPSEC_INVAL_VERSION 4 /*invalid version*/
-#define EIPSEC_INVAL_POLICY 5 /*invalid security policy*/
-#define EIPSEC_INVAL_ADDRESS 6 /*invalid address specification*/
-#define EIPSEC_INVAL_PROTO 7 /*invalid ipsec protocol*/
-#define EIPSEC_INVAL_MODE 8 /*Invalid ipsec mode*/
-#define EIPSEC_INVAL_LEVEL 9 /*invalid ipsec level*/
-#define EIPSEC_INVAL_SATYPE 10 /*invalid SA type*/
-#define EIPSEC_INVAL_MSGTYPE 11 /*invalid message type*/
-#define EIPSEC_INVAL_EXTTYPE 12 /*invalid extension type*/
-#define EIPSEC_INVAL_ALGS 13 /*Invalid algorithm type*/
-#define EIPSEC_INVAL_KEYLEN 14 /*invalid key length*/
-#define EIPSEC_INVAL_FAMILY 15 /*invalid address family*/
-#define EIPSEC_INVAL_PREFIXLEN 16 /*SPI range violation*/
-#define EIPSEC_INVAL_DIR 17 /*Invalid direciton*/
-#define EIPSEC_INVAL_SPI 18 /*invalid prefixlen*/
-#define EIPSEC_NO_PROTO 19 /*no protocol specified*/
-#define EIPSEC_NO_ALGS 20 /*No algorithm specified*/
-#define EIPSEC_NO_BUFS 21 /*no buffers available*/
-#define EIPSEC_DO_GET_SUPP_LIST 22 /*must get supported algorithm first*/
-#define EIPSEC_PROTO_MISMATCH 23 /*protocol mismatch*/
-#define EIPSEC_FAMILY_MISMATCH 24 /*family mismatch*/
-#define EIPSEC_FEW_ARGUMENTS 25 /*Too few arguments*/
-#define EIPSEC_SYSTEM_ERROR 26 /*system error*/
-#define EIPSEC_MAX 27 /*unknown error*/
diff --git a/freebsd/lib/libipsec/libpfkey.h b/freebsd/lib/libipsec/libpfkey.h
deleted file mode 100644
index 07ff582e..00000000
--- a/freebsd/lib/libipsec/libpfkey.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/* $FreeBSD$ */
-/* $KAME: libpfkey.h,v 1.6 2001/03/05 18:22:17 thorpej Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-struct sadb_msg;
-extern void pfkey_sadump(struct sadb_msg *);
-extern void pfkey_spdump(struct sadb_msg *);
-
-struct sockaddr;
-struct sadb_alg;
-int ipsec_check_keylen(u_int, u_int, u_int);
-int ipsec_check_keylen2(u_int, u_int, u_int);
-int ipsec_get_keylen(u_int, u_int, struct sadb_alg *);
-u_int pfkey_set_softrate(u_int, u_int);
-u_int pfkey_get_softrate(u_int);
-int pfkey_send_getspi(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
- u_int32_t, u_int32_t, u_int32_t, u_int32_t);
-int pfkey_send_update(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
- u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int,
- u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t);
-int pfkey_send_add(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
- u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int,
- u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t);
-int pfkey_send_delete(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
- u_int32_t);
-int pfkey_send_delete_all(int, u_int, u_int, struct sockaddr *,
- struct sockaddr *);
-int pfkey_send_get(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
- u_int32_t);
-int pfkey_send_register(int, u_int);
-int pfkey_recv_register(int);
-int pfkey_set_supported(struct sadb_msg *, int);
-int pfkey_send_flush(int, u_int);
-int pfkey_send_dump(int, u_int);
-int pfkey_send_promisc_toggle(int, int);
-int pfkey_send_spdadd(int, struct sockaddr *, u_int, struct sockaddr *, u_int,
- u_int, caddr_t, int, u_int32_t);
-int pfkey_send_spdadd2(int, struct sockaddr *, u_int, struct sockaddr *, u_int,
- u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t);
-int pfkey_send_spdupdate(int, struct sockaddr *, u_int, struct sockaddr *,
- u_int, u_int, caddr_t, int, u_int32_t);
-int pfkey_send_spdupdate2(int, struct sockaddr *, u_int, struct sockaddr *,
- u_int, u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t);
-int pfkey_send_spddelete(int, struct sockaddr *, u_int, struct sockaddr *,
- u_int, u_int, caddr_t, int, u_int32_t);
-int pfkey_send_spddelete2(int, u_int32_t);
-int pfkey_send_spdget(int, u_int32_t);
-int pfkey_send_spdsetidx(int, struct sockaddr *, u_int, struct sockaddr *,
- u_int, u_int, caddr_t, int, u_int32_t);
-int pfkey_send_spdflush(int);
-int pfkey_send_spddump(int);
-
-int pfkey_open(void);
-void pfkey_close(int);
-struct sadb_msg *pfkey_recv(int);
-int pfkey_send(int, struct sadb_msg *, int);
-int pfkey_align(struct sadb_msg *, caddr_t *);
-int pfkey_check(caddr_t *);
diff --git a/freebsd/lib/libipsec/pfkey.c b/freebsd/lib/libipsec/pfkey.c
deleted file mode 100644
index 87ef4113..00000000
--- a/freebsd/lib/libipsec/pfkey.c
+++ /dev/null
@@ -1,2136 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* $KAME: pfkey.c,v 1.46 2003/08/26 03:37:06 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <net/pfkeyv2.h>
-#include <netipsec/key_var.h>
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-
-#include "ipsec_strerror.h"
-#include "libpfkey.h"
-
-#define CALLOC(size, cast) (cast)calloc(1, (size))
-
-static int findsupportedmap(int);
-static int setsupportedmap(struct sadb_supported *);
-static struct sadb_alg *findsupportedalg(u_int, u_int);
-static int pfkey_send_x1(int, u_int, u_int, u_int, struct sockaddr *,
- struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t,
- u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t,
- u_int32_t, u_int32_t, u_int32_t);
-static int pfkey_send_x2(int, u_int, u_int, u_int,
- struct sockaddr *, struct sockaddr *, u_int32_t);
-static int pfkey_send_x3(int, u_int, u_int);
-static int pfkey_send_x4(int, u_int, struct sockaddr *, u_int,
- struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
- char *, int, u_int32_t);
-static int pfkey_send_x5(int, u_int, u_int32_t);
-
-static caddr_t pfkey_setsadbmsg(caddr_t, caddr_t, u_int, u_int,
- u_int, u_int32_t, pid_t);
-static caddr_t pfkey_setsadbsa(caddr_t, caddr_t, u_int32_t, u_int,
- u_int, u_int, u_int32_t);
-static caddr_t pfkey_setsadbaddr(caddr_t, caddr_t, u_int,
- struct sockaddr *, u_int, u_int);
-static caddr_t pfkey_setsadbkey(caddr_t, caddr_t, u_int, caddr_t, u_int);
-static caddr_t pfkey_setsadblifetime(caddr_t, caddr_t, u_int, u_int32_t,
- u_int32_t, u_int32_t, u_int32_t);
-static caddr_t pfkey_setsadbxsa2(caddr_t, caddr_t, u_int32_t, u_int32_t);
-
-/*
- * make and search supported algorithm structure.
- */
-static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, NULL };
-
-static int supported_map[] = {
- SADB_SATYPE_AH,
- SADB_SATYPE_ESP,
- SADB_X_SATYPE_IPCOMP,
- SADB_X_SATYPE_TCPSIGNATURE
-};
-
-static int
-findsupportedmap(satype)
- int satype;
-{
- int i;
-
- for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++)
- if (supported_map[i] == satype)
- return i;
- return -1;
-}
-
-static struct sadb_alg *
-findsupportedalg(satype, alg_id)
- u_int satype, alg_id;
-{
- int algno;
- int tlen;
- caddr_t p;
-
- /* validity check */
- algno = findsupportedmap(satype);
- if (algno == -1) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return NULL;
- }
- if (ipsec_supported[algno] == NULL) {
- __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
- return NULL;
- }
-
- tlen = ipsec_supported[algno]->sadb_supported_len
- - sizeof(struct sadb_supported);
- p = (caddr_t)(ipsec_supported[algno] + 1);
- while (tlen > 0) {
- if (tlen < sizeof(struct sadb_alg)) {
- /* invalid format */
- break;
- }
- if (((struct sadb_alg *)p)->sadb_alg_id == alg_id)
- return (struct sadb_alg *)p;
-
- tlen -= sizeof(struct sadb_alg);
- p += sizeof(struct sadb_alg);
- }
-
- __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
- return NULL;
-}
-
-static int
-setsupportedmap(sup)
- struct sadb_supported *sup;
-{
- struct sadb_supported **ipsup;
-
- switch (sup->sadb_supported_exttype) {
- case SADB_EXT_SUPPORTED_AUTH:
- ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)];
- break;
- case SADB_EXT_SUPPORTED_ENCRYPT:
- ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)];
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
-
- if (*ipsup)
- free(*ipsup);
-
- *ipsup = malloc(sup->sadb_supported_len);
- if (!*ipsup) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- memcpy(*ipsup, sup, sup->sadb_supported_len);
-
- return 0;
-}
-
-/*
- * check key length against algorithm specified.
- * This function is called with SADB_EXT_SUPPORTED_{AUTH,ENCRYPT} as the
- * augument, and only calls to ipsec_check_keylen2();
- * keylen is the unit of bit.
- * OUT:
- * -1: invalid.
- * 0: valid.
- */
-int
-ipsec_check_keylen(supported, alg_id, keylen)
- u_int supported;
- u_int alg_id;
- u_int keylen;
-{
- int satype;
-
- /* validity check */
- switch (supported) {
- case SADB_EXT_SUPPORTED_AUTH:
- satype = SADB_SATYPE_AH;
- break;
- case SADB_EXT_SUPPORTED_ENCRYPT:
- satype = SADB_SATYPE_ESP;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- return ipsec_check_keylen2(satype, alg_id, keylen);
-}
-
-/*
- * check key length against algorithm specified.
- * satype is one of satype defined at pfkeyv2.h.
- * keylen is the unit of bit.
- * OUT:
- * -1: invalid.
- * 0: valid.
- */
-int
-ipsec_check_keylen2(satype, alg_id, keylen)
- u_int satype;
- u_int alg_id;
- u_int keylen;
-{
- struct sadb_alg *alg;
-
- alg = findsupportedalg(satype, alg_id);
- if (!alg)
- return -1;
-
- if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) {
- __ipsec_errcode = EIPSEC_INVAL_KEYLEN;
- return -1;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-/*
- * get max/min key length against algorithm specified.
- * satype is one of satype defined at pfkeyv2.h.
- * keylen is the unit of bit.
- * OUT:
- * -1: invalid.
- * 0: valid.
- */
-int
-ipsec_get_keylen(supported, alg_id, alg0)
- u_int supported, alg_id;
- struct sadb_alg *alg0;
-{
- struct sadb_alg *alg;
- u_int satype;
-
- /* validity check */
- if (!alg0) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- switch (supported) {
- case SADB_EXT_SUPPORTED_AUTH:
- satype = SADB_SATYPE_AH;
- break;
- case SADB_EXT_SUPPORTED_ENCRYPT:
- satype = SADB_SATYPE_ESP;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- alg = findsupportedalg(satype, alg_id);
- if (!alg)
- return -1;
-
- memcpy(alg0, alg, sizeof(*alg0));
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-/*
- * set the rate for SOFT lifetime against HARD one.
- * If rate is more than 100 or equal to zero, then set to 100.
- */
-static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE;
-
-u_int
-pfkey_set_softrate(type, rate)
- u_int type, rate;
-{
- __ipsec_errcode = EIPSEC_NO_ERROR;
-
- if (rate > 100 || rate == 0)
- rate = 100;
-
- switch (type) {
- case SADB_X_LIFETIME_ALLOCATIONS:
- soft_lifetime_allocations_rate = rate;
- return 0;
- case SADB_X_LIFETIME_BYTES:
- soft_lifetime_bytes_rate = rate;
- return 0;
- case SADB_X_LIFETIME_ADDTIME:
- soft_lifetime_addtime_rate = rate;
- return 0;
- case SADB_X_LIFETIME_USETIME:
- soft_lifetime_usetime_rate = rate;
- return 0;
- }
-
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return 1;
-}
-
-/*
- * get current rate for SOFT lifetime against HARD one.
- * ATTENTION: ~0 is returned if invalid type was passed.
- */
-u_int
-pfkey_get_softrate(type)
- u_int type;
-{
- switch (type) {
- case SADB_X_LIFETIME_ALLOCATIONS:
- return soft_lifetime_allocations_rate;
- case SADB_X_LIFETIME_BYTES:
- return soft_lifetime_bytes_rate;
- case SADB_X_LIFETIME_ADDTIME:
- return soft_lifetime_addtime_rate;
- case SADB_X_LIFETIME_USETIME:
- return soft_lifetime_usetime_rate;
- }
-
- return ~0;
-}
-
-/*
- * sending SADB_GETSPI message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
- int so;
- u_int satype, mode;
- struct sockaddr *src, *dst;
- u_int32_t min, max, reqid, seq;
-{
- struct sadb_msg *newmsg;
- caddr_t ep;
- int len;
- int need_spirange = 0;
- caddr_t p;
- int plen;
-
- /* validity check */
- if (src == NULL || dst == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
- if (src->sa_family != dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- if (min > max || (min > 0 && min <= 255)) {
- __ipsec_errcode = EIPSEC_INVAL_SPI;
- return -1;
- }
- switch (src->sa_family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
-
- /* create new sadb_msg to send. */
- len = sizeof(struct sadb_msg)
- + sizeof(struct sadb_x_sa2)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(dst->sa_len);
-
- if (min > 255 && max < ~0) {
- need_spirange++;
- len += sizeof(struct sadb_spirange);
- }
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_GETSPI,
- len, satype, seq, getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- p = pfkey_setsadbxsa2(p, ep, mode, reqid);
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- /* set sadb_address for source */
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- /* set sadb_address for destination */
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- /* proccessing spi range */
- if (need_spirange) {
- struct sadb_spirange spirange;
-
- if (p + sizeof(spirange) > ep) {
- free(newmsg);
- return -1;
- }
-
- memset(&spirange, 0, sizeof(spirange));
- spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(spirange));
- spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
- spirange.sadb_spirange_min = min;
- spirange.sadb_spirange_max = max;
-
- memcpy(p, &spirange, sizeof(spirange));
-
- p += sizeof(spirange);
- }
- if (p != ep) {
- free(newmsg);
- return -1;
- }
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/*
- * sending SADB_UPDATE message to the kernel.
- * The length of key material is a_keylen + e_keylen.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
- keymat, e_type, e_keylen, a_type, a_keylen, flags,
- l_alloc, l_bytes, l_addtime, l_usetime, seq)
- int so;
- u_int satype, mode, wsize;
- struct sockaddr *src, *dst;
- u_int32_t spi, reqid;
- caddr_t keymat;
- u_int e_type, e_keylen, a_type, a_keylen, flags;
- u_int32_t l_alloc;
- u_int64_t l_bytes, l_addtime, l_usetime;
- u_int32_t seq;
-{
- int len;
- if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,
- reqid, wsize,
- keymat, e_type, e_keylen, a_type, a_keylen, flags,
- l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_ADD message to the kernel.
- * The length of key material is a_keylen + e_keylen.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
- keymat, e_type, e_keylen, a_type, a_keylen, flags,
- l_alloc, l_bytes, l_addtime, l_usetime, seq)
- int so;
- u_int satype, mode, wsize;
- struct sockaddr *src, *dst;
- u_int32_t spi, reqid;
- caddr_t keymat;
- u_int e_type, e_keylen, a_type, a_keylen, flags;
- u_int32_t l_alloc;
- u_int64_t l_bytes, l_addtime, l_usetime;
- u_int32_t seq;
-{
- int len;
- if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,
- reqid, wsize,
- keymat, e_type, e_keylen, a_type, a_keylen, flags,
- l_alloc, l_bytes, l_addtime, l_usetime, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_DELETE message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_delete(so, satype, mode, src, dst, spi)
- int so;
- u_int satype, mode;
- struct sockaddr *src, *dst;
- u_int32_t spi;
-{
- int len;
- if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_DELETE without spi to the kernel. This is
- * the "delete all" request (an extension also present in
- * Solaris).
- *
- * OUT:
- * positive: success and return length sent
- * -1 : error occured, and set errno
- */
-int
-pfkey_send_delete_all(so, satype, mode, src, dst)
- int so;
- u_int satype, mode;
- struct sockaddr *src, *dst;
-{
- struct sadb_msg *newmsg;
- int len;
- caddr_t p;
- int plen;
- caddr_t ep;
-
- /* validity check */
- if (src == NULL || dst == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
- if (src->sa_family != dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- switch (src->sa_family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
-
- /* create new sadb_msg to reply. */
- len = sizeof(struct sadb_msg)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(dst->sa_len);
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_DELETE, len, satype, 0,
- getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
- IPSEC_ULPROTO_ANY);
- if (!p || p != ep) {
- free(newmsg);
- return -1;
- }
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/*
- * sending SADB_GET message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_get(so, satype, mode, src, dst, spi)
- int so;
- u_int satype, mode;
- struct sockaddr *src, *dst;
- u_int32_t spi;
-{
- int len;
- if ((len = pfkey_send_x2(so, SADB_GET, satype, mode, src, dst, spi)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_REGISTER message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_register(so, satype)
- int so;
- u_int satype;
-{
- int len, algno;
-
- if (satype == SADB_SATYPE_UNSPEC) {
- for (algno = 0;
- algno < sizeof(supported_map)/sizeof(supported_map[0]);
- algno++) {
- if (ipsec_supported[algno]) {
- free(ipsec_supported[algno]);
- ipsec_supported[algno] = NULL;
- }
- }
- } else {
- algno = findsupportedmap(satype);
- if (algno == -1) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- if (ipsec_supported[algno]) {
- free(ipsec_supported[algno]);
- ipsec_supported[algno] = NULL;
- }
- }
-
- if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * receiving SADB_REGISTER message from the kernel, and copy buffer for
- * sadb_supported returned into ipsec_supported.
- * OUT:
- * 0: success and return length sent.
- * -1: error occured, and set errno.
- */
-int
-pfkey_recv_register(so)
- int so;
-{
- pid_t pid = getpid();
- struct sadb_msg *newmsg;
- int error = -1;
-
- /* receive message */
- for (;;) {
- if ((newmsg = pfkey_recv(so)) == NULL)
- return -1;
- if (newmsg->sadb_msg_type == SADB_REGISTER &&
- newmsg->sadb_msg_pid == pid)
- break;
- free(newmsg);
- }
-
- /* check and fix */
- newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len);
-
- error = pfkey_set_supported(newmsg, newmsg->sadb_msg_len);
- free(newmsg);
-
- if (error == 0)
- __ipsec_errcode = EIPSEC_NO_ERROR;
-
- return error;
-}
-
-/*
- * receiving SADB_REGISTER message from the kernel, and copy buffer for
- * sadb_supported returned into ipsec_supported.
- * NOTE: sadb_msg_len must be host order.
- * IN:
- * tlen: msg length, it's to makeing sure.
- * OUT:
- * 0: success and return length sent.
- * -1: error occured, and set errno.
- */
-int
-pfkey_set_supported(msg, tlen)
- struct sadb_msg *msg;
- int tlen;
-{
- struct sadb_supported *sup;
- caddr_t p;
- caddr_t ep;
-
- /* validity */
- if (msg->sadb_msg_len != tlen) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- p = (caddr_t)msg;
- ep = p + tlen;
-
- p += sizeof(struct sadb_msg);
-
- while (p < ep) {
- sup = (struct sadb_supported *)p;
- if (ep < p + sizeof(*sup) ||
- PFKEY_EXTLEN(sup) < sizeof(*sup) ||
- ep < p + sup->sadb_supported_len) {
- /* invalid format */
- break;
- }
-
- switch (sup->sadb_supported_exttype) {
- case SADB_EXT_SUPPORTED_AUTH:
- case SADB_EXT_SUPPORTED_ENCRYPT:
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
-
- /* fixed length */
- sup->sadb_supported_len = PFKEY_EXTLEN(sup);
-
- /* set supported map */
- if (setsupportedmap(sup) != 0)
- return -1;
-
- p += sup->sadb_supported_len;
- }
-
- if (p != ep) {
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
-
- return 0;
-}
-
-/*
- * sending SADB_FLUSH message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_flush(so, satype)
- int so;
- u_int satype;
-{
- int len;
-
- if ((len = pfkey_send_x3(so, SADB_FLUSH, satype)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_DUMP message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_dump(so, satype)
- int so;
- u_int satype;
-{
- int len;
-
- if ((len = pfkey_send_x3(so, SADB_DUMP, satype)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_PROMISC message to the kernel.
- * NOTE that this function handles promisc mode toggle only.
- * IN:
- * flag: set promisc off if zero, set promisc on if non-zero.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- * 0 : error occured, and set errno.
- * others: a pointer to new allocated buffer in which supported
- * algorithms is.
- */
-int
-pfkey_send_promisc_toggle(so, flag)
- int so;
- int flag;
-{
- int len;
-
- if ((len = pfkey_send_x3(so, SADB_X_PROMISC, (flag ? 1 : 0))) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDADD message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
- src, prefs, dst, prefd, proto,
- 0, 0,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDADD message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdadd2(so, src, prefs, dst, prefd, proto, ltime, vtime,
- policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- u_int64_t ltime, vtime;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
- src, prefs, dst, prefd, proto,
- ltime, vtime,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDUPDATE message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
- src, prefs, dst, prefd, proto,
- 0, 0,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDUPDATE message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdupdate2(so, src, prefs, dst, prefd, proto, ltime, vtime,
- policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- u_int64_t ltime, vtime;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
- src, prefs, dst, prefd, proto,
- ltime, vtime,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDDELETE message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if (policylen != sizeof(struct sadb_x_policy)) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE,
- src, prefs, dst, prefd, proto,
- 0, 0,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDDELETE message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spddelete2(so, spid)
- int so;
- u_int32_t spid;
-{
- int len;
-
- if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDGET message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdget(so, spid)
- int so;
- u_int32_t spid;
-{
- int len;
-
- if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_X_SPDSETIDX message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int prefs, prefd, proto;
- caddr_t policy;
- int policylen;
- u_int32_t seq;
-{
- int len;
-
- if (policylen != sizeof(struct sadb_x_policy)) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX,
- src, prefs, dst, prefd, proto,
- 0, 0,
- policy, policylen, seq)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_SPDFLUSH message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spdflush(so)
- int so;
-{
- int len;
-
- if ((len = pfkey_send_x3(so, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC)) < 0)
- return -1;
-
- return len;
-}
-
-/*
- * sending SADB_SPDDUMP message to the kernel.
- * OUT:
- * positive: success and return length sent.
- * -1 : error occured, and set errno.
- */
-int
-pfkey_send_spddump(so)
- int so;
-{
- int len;
-
- if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0)
- return -1;
-
- return len;
-}
-
-/* sending SADB_ADD or SADB_UPDATE message to the kernel */
-static int
-pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
- keymat, e_type, e_keylen, a_type, a_keylen, flags,
- l_alloc, l_bytes, l_addtime, l_usetime, seq)
- int so;
- u_int type, satype, mode;
- struct sockaddr *src, *dst;
- u_int32_t spi, reqid;
- u_int wsize;
- caddr_t keymat;
- u_int e_type, e_keylen, a_type, a_keylen, flags;
- u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq;
-{
- struct sadb_msg *newmsg;
- int len;
- caddr_t p;
- int plen;
- caddr_t ep;
-
- /* validity check */
- if (src == NULL || dst == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
- if (src->sa_family != dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- switch (src->sa_family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
-
- switch (satype) {
- case SADB_SATYPE_ESP:
- if (e_type == SADB_EALG_NONE) {
- __ipsec_errcode = EIPSEC_NO_ALGS;
- return -1;
- }
- break;
- case SADB_SATYPE_AH:
- if (e_type != SADB_EALG_NONE) {
- __ipsec_errcode = EIPSEC_INVAL_ALGS;
- return -1;
- }
- if (a_type == SADB_AALG_NONE) {
- __ipsec_errcode = EIPSEC_NO_ALGS;
- return -1;
- }
- break;
- case SADB_X_SATYPE_IPCOMP:
- if (e_type == SADB_X_CALG_NONE) {
- __ipsec_errcode = EIPSEC_INVAL_ALGS;
- return -1;
- }
- if (a_type != SADB_AALG_NONE) {
- __ipsec_errcode = EIPSEC_NO_ALGS;
- return -1;
- }
- break;
- case SADB_X_SATYPE_TCPSIGNATURE:
- if (e_type != SADB_EALG_NONE) {
- __ipsec_errcode = EIPSEC_INVAL_ALGS;
- return -1;
- }
- if (a_type != SADB_X_AALG_TCP_MD5) {
- __ipsec_errcode = EIPSEC_INVAL_ALGS;
- return -1;
- }
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
-
- /* create new sadb_msg to reply. */
- len = sizeof(struct sadb_msg)
- + sizeof(struct sadb_sa)
- + sizeof(struct sadb_x_sa2)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(dst->sa_len)
- + sizeof(struct sadb_lifetime)
- + sizeof(struct sadb_lifetime);
-
- if (e_type != SADB_EALG_NONE)
- len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen));
- if (a_type != SADB_AALG_NONE)
- len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen));
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
- satype, seq, getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbsa(p, ep, spi, wsize, a_type, e_type, flags);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbxsa2(p, ep, mode, reqid);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- if (e_type != SADB_EALG_NONE) {
- p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT,
- keymat, e_keylen);
- if (!p) {
- free(newmsg);
- return -1;
- }
- }
- if (a_type != SADB_AALG_NONE) {
- p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH,
- keymat + e_keylen, a_keylen);
- if (!p) {
- free(newmsg);
- return -1;
- }
- }
-
- /* set sadb_lifetime for destination */
- p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
- l_alloc, l_bytes, l_addtime, l_usetime);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT,
- l_alloc, l_bytes, l_addtime, l_usetime);
- if (!p || p != ep) {
- free(newmsg);
- return -1;
- }
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/* sending SADB_DELETE or SADB_GET message to the kernel */
-static int
-pfkey_send_x2(so, type, satype, mode, src, dst, spi)
- int so;
- u_int type, satype, mode;
- struct sockaddr *src, *dst;
- u_int32_t spi;
-{
- struct sadb_msg *newmsg;
- int len;
- caddr_t p;
- int plen;
- caddr_t ep;
-
- /* validity check */
- if (src == NULL || dst == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
- if (src->sa_family != dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- switch (src->sa_family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
-
- /* create new sadb_msg to reply. */
- len = sizeof(struct sadb_msg)
- + sizeof(struct sadb_sa)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(dst->sa_len);
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0,
- getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, plen,
- IPSEC_ULPROTO_ANY);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, plen,
- IPSEC_ULPROTO_ANY);
- if (!p || p != ep) {
- free(newmsg);
- return -1;
- }
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/*
- * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message
- * to the kernel
- */
-static int
-pfkey_send_x3(so, type, satype)
- int so;
- u_int type, satype;
-{
- struct sadb_msg *newmsg;
- int len;
- caddr_t p;
- caddr_t ep;
-
- /* validity check */
- switch (type) {
- case SADB_X_PROMISC:
- if (satype != 0 && satype != 1) {
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
- break;
- default:
- switch (satype) {
- case SADB_SATYPE_UNSPEC:
- case SADB_SATYPE_AH:
- case SADB_SATYPE_ESP:
- case SADB_X_SATYPE_IPCOMP:
- case SADB_X_SATYPE_TCPSIGNATURE:
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
- }
-
- /* create new sadb_msg to send. */
- len = sizeof(struct sadb_msg);
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len, satype, 0,
- getpid());
- if (!p || p != ep) {
- free(newmsg);
- return -1;
- }
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/* sending SADB_X_SPDADD message to the kernel */
-static int
-pfkey_send_x4(so, type, src, prefs, dst, prefd, proto,
- ltime, vtime, policy, policylen, seq)
- int so;
- struct sockaddr *src, *dst;
- u_int type, prefs, prefd, proto;
- u_int64_t ltime, vtime;
- char *policy;
- int policylen;
- u_int32_t seq;
-{
- struct sadb_msg *newmsg;
- int len;
- caddr_t p;
- int plen;
- caddr_t ep;
-
- /* validity check */
- if (src == NULL || dst == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
- if (src->sa_family != dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
-
- switch (src->sa_family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
- if (prefs > plen || prefd > plen) {
- __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
- return -1;
- }
-
- /* create new sadb_msg to reply. */
- len = sizeof(struct sadb_msg)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_address)
- + PFKEY_ALIGN8(src->sa_len)
- + sizeof(struct sadb_lifetime)
- + policylen;
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
- SADB_SATYPE_UNSPEC, seq, getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
- if (!p) {
- free(newmsg);
- return -1;
- }
- p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
- 0, 0, ltime, vtime);
- if (!p || p + policylen != ep) {
- free(newmsg);
- return -1;
- }
- memcpy(p, policy, policylen);
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel */
-static int
-pfkey_send_x5(so, type, spid)
- int so;
- u_int type;
- u_int32_t spid;
-{
- struct sadb_msg *newmsg;
- struct sadb_x_policy xpl;
- int len;
- caddr_t p;
- caddr_t ep;
-
- /* create new sadb_msg to reply. */
- len = sizeof(struct sadb_msg)
- + sizeof(xpl);
-
- if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
- ep = ((caddr_t)newmsg) + len;
-
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, len,
- SADB_SATYPE_UNSPEC, 0, getpid());
- if (!p) {
- free(newmsg);
- return -1;
- }
-
- if (p + sizeof(xpl) != ep) {
- free(newmsg);
- return -1;
- }
- memset(&xpl, 0, sizeof(xpl));
- xpl.sadb_x_policy_len = PFKEY_UNIT64(sizeof(xpl));
- xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
- xpl.sadb_x_policy_id = spid;
- memcpy(p, &xpl, sizeof(xpl));
-
- /* send message */
- len = pfkey_send(so, newmsg, len);
- free(newmsg);
-
- if (len < 0)
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/*
- * open a socket.
- * OUT:
- * -1: fail.
- * others : success and return value of socket.
- */
-int
-pfkey_open()
-{
- int so;
- const int bufsiz = 128 * 1024; /*is 128K enough?*/
-
- if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
-
- /*
- * This is a temporary workaround for KAME PR 154.
- * Don't really care even if it fails.
- */
- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return so;
-}
-
-/*
- * close a socket.
- * OUT:
- * 0: success.
- * -1: fail.
- */
-void
-pfkey_close(so)
- int so;
-{
- (void)close(so);
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return;
-}
-
-/*
- * receive sadb_msg data, and return pointer to new buffer allocated.
- * Must free this buffer later.
- * OUT:
- * NULL : error occured.
- * others : a pointer to sadb_msg structure.
- *
- * XXX should be rewritten to pass length explicitly
- */
-struct sadb_msg *
-pfkey_recv(so)
- int so;
-{
- struct sadb_msg buf, *newmsg;
- int len, reallen;
-
- while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) {
- if (errno == EINTR)
- continue;
- __ipsec_set_strerror(strerror(errno));
- return NULL;
- }
-
- if (len < sizeof(buf)) {
- recv(so, (caddr_t)&buf, sizeof(buf), 0);
- __ipsec_errcode = EIPSEC_MAX;
- return NULL;
- }
-
- /* read real message */
- reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
- if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == NULL) {
- __ipsec_set_strerror(strerror(errno));
- return NULL;
- }
-
- while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) {
- if (errno == EINTR)
- continue;
- __ipsec_set_strerror(strerror(errno));
- free(newmsg);
- return NULL;
- }
-
- if (len != reallen) {
- __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
- free(newmsg);
- return NULL;
- }
-
- /* don't trust what the kernel says, validate! */
- if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) {
- __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
- free(newmsg);
- return NULL;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return newmsg;
-}
-
-/*
- * send message to a socket.
- * OUT:
- * others: success and return length sent.
- * -1 : fail.
- */
-int
-pfkey_send(so, msg, len)
- int so;
- struct sadb_msg *msg;
- int len;
-{
- if ((len = send(so, (caddr_t)msg, len, 0)) < 0) {
- __ipsec_set_strerror(strerror(errno));
- return -1;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return len;
-}
-
-/*
- * %%% Utilities
- * NOTE: These functions are derived from netkey/key.c in KAME.
- */
-/*
- * set the pointer to each header in this message buffer.
- * IN: msg: pointer to message buffer.
- * mhp: pointer to the buffer initialized like below:
- * caddr_t mhp[SADB_EXT_MAX + 1];
- * OUT: -1: invalid.
- * 0: valid.
- *
- * XXX should be rewritten to obtain length explicitly
- */
-int
-pfkey_align(msg, mhp)
- struct sadb_msg *msg;
- caddr_t *mhp;
-{
- struct sadb_ext *ext;
- int i;
- caddr_t p;
- caddr_t ep; /* XXX should be passed from upper layer */
-
- /* validity check */
- if (msg == NULL || mhp == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- /* initialize */
- for (i = 0; i < SADB_EXT_MAX + 1; i++)
- mhp[i] = NULL;
-
- mhp[0] = (caddr_t)msg;
-
- /* initialize */
- p = (caddr_t) msg;
- ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len);
-
- /* skip base header */
- p += sizeof(struct sadb_msg);
-
- while (p < ep) {
- ext = (struct sadb_ext *)p;
- if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) ||
- ep < p + PFKEY_EXTLEN(ext)) {
- /* invalid format */
- break;
- }
-
- /* duplicate check */
- /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
- if (mhp[ext->sadb_ext_type] != NULL) {
- __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
- return -1;
- }
-
- /* set pointer */
- switch (ext->sadb_ext_type) {
- case SADB_EXT_SA:
- case SADB_EXT_LIFETIME_CURRENT:
- case SADB_EXT_LIFETIME_HARD:
- case SADB_EXT_LIFETIME_SOFT:
- case SADB_EXT_ADDRESS_SRC:
- case SADB_EXT_ADDRESS_DST:
- case SADB_EXT_ADDRESS_PROXY:
- case SADB_EXT_KEY_AUTH:
- /* XXX should to be check weak keys. */
- case SADB_EXT_KEY_ENCRYPT:
- /* XXX should to be check weak keys. */
- case SADB_EXT_IDENTITY_SRC:
- case SADB_EXT_IDENTITY_DST:
- case SADB_EXT_SENSITIVITY:
- case SADB_EXT_PROPOSAL:
- case SADB_EXT_SUPPORTED_AUTH:
- case SADB_EXT_SUPPORTED_ENCRYPT:
- case SADB_EXT_SPIRANGE:
- case SADB_X_EXT_POLICY:
- case SADB_X_EXT_SA2:
- case SADB_X_EXT_NAT_T_TYPE:
- case SADB_X_EXT_NAT_T_SPORT:
- case SADB_X_EXT_NAT_T_DPORT:
- case SADB_X_EXT_NAT_T_OAI:
- case SADB_X_EXT_NAT_T_OAR:
- case SADB_X_EXT_NAT_T_FRAG:
- case SADB_X_EXT_SA_REPLAY:
- case SADB_X_EXT_NEW_ADDRESS_SRC:
- case SADB_X_EXT_NEW_ADDRESS_DST:
- mhp[ext->sadb_ext_type] = (caddr_t)ext;
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
- return -1;
- }
-
- p += PFKEY_EXTLEN(ext);
- }
-
- if (p != ep) {
- __ipsec_errcode = EIPSEC_INVAL_SADBMSG;
- return -1;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-/*
- * check basic usage for sadb_msg,
- * NOTE: This routine is derived from netkey/key.c in KAME.
- * IN: msg: pointer to message buffer.
- * mhp: pointer to the buffer initialized like below:
- *
- * caddr_t mhp[SADB_EXT_MAX + 1];
- *
- * OUT: -1: invalid.
- * 0: valid.
- */
-int
-pfkey_check(mhp)
- caddr_t *mhp;
-{
- struct sadb_msg *msg;
-
- /* validity check */
- if (mhp == NULL || mhp[0] == NULL) {
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return -1;
- }
-
- msg = (struct sadb_msg *)mhp[0];
-
- /* check version */
- if (msg->sadb_msg_version != PF_KEY_V2) {
- __ipsec_errcode = EIPSEC_INVAL_VERSION;
- return -1;
- }
-
- /* check type */
- if (msg->sadb_msg_type > SADB_MAX) {
- __ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
- return -1;
- }
-
- /* check SA type */
- switch (msg->sadb_msg_satype) {
- case SADB_SATYPE_UNSPEC:
- switch (msg->sadb_msg_type) {
- case SADB_GETSPI:
- case SADB_UPDATE:
- case SADB_ADD:
- case SADB_DELETE:
- case SADB_GET:
- case SADB_ACQUIRE:
- case SADB_EXPIRE:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
- break;
- case SADB_SATYPE_ESP:
- case SADB_SATYPE_AH:
- case SADB_X_SATYPE_IPCOMP:
- case SADB_X_SATYPE_TCPSIGNATURE:
- switch (msg->sadb_msg_type) {
- case SADB_X_SPDADD:
- case SADB_X_SPDDELETE:
- case SADB_X_SPDGET:
- case SADB_X_SPDDUMP:
- case SADB_X_SPDFLUSH:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
- break;
- case SADB_SATYPE_RSVP:
- case SADB_SATYPE_OSPFV2:
- case SADB_SATYPE_RIPV2:
- case SADB_SATYPE_MIP:
- __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
- return -1;
- case 1: /* XXX: What does it do ? */
- if (msg->sadb_msg_type == SADB_X_PROMISC)
- break;
- /*FALLTHROUGH*/
- default:
- __ipsec_errcode = EIPSEC_INVAL_SATYPE;
- return -1;
- }
-
- /* check field of upper layer protocol and address family */
- if (mhp[SADB_EXT_ADDRESS_SRC] != NULL
- && mhp[SADB_EXT_ADDRESS_DST] != NULL) {
- struct sadb_address *src0, *dst0;
-
- src0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_SRC]);
- dst0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_DST]);
-
- if (src0->sadb_address_proto != dst0->sadb_address_proto) {
- __ipsec_errcode = EIPSEC_PROTO_MISMATCH;
- return -1;
- }
-
- if (PFKEY_ADDR_SADDR(src0)->sa_family
- != PFKEY_ADDR_SADDR(dst0)->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
-
- switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
- case AF_INET:
- case AF_INET6:
- break;
- default:
- __ipsec_errcode = EIPSEC_INVAL_FAMILY;
- return -1;
- }
-
- /*
- * prefixlen == 0 is valid because there must be the case
- * all addresses are matched.
- */
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-/*
- * set data into sadb_msg.
- * `buf' must has been allocated sufficiently.
- */
-static caddr_t
-pfkey_setsadbmsg(buf, lim, type, tlen, satype, seq, pid)
- caddr_t buf;
- caddr_t lim;
- u_int type, satype;
- u_int tlen;
- u_int32_t seq;
- pid_t pid;
-{
- struct sadb_msg *p;
- u_int len;
-
- p = (struct sadb_msg *)buf;
- len = sizeof(struct sadb_msg);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_msg_version = PF_KEY_V2;
- p->sadb_msg_type = type;
- p->sadb_msg_errno = 0;
- p->sadb_msg_satype = satype;
- p->sadb_msg_len = PFKEY_UNIT64(tlen);
- p->sadb_msg_reserved = 0;
- p->sadb_msg_seq = seq;
- p->sadb_msg_pid = (u_int32_t)pid;
-
- return(buf + len);
-}
-
-/*
- * copy secasvar data into sadb_address.
- * `buf' must has been allocated sufficiently.
- */
-static caddr_t
-pfkey_setsadbsa(buf, lim, spi, wsize, auth, enc, flags)
- caddr_t buf;
- caddr_t lim;
- u_int32_t spi, flags;
- u_int wsize, auth, enc;
-{
- struct sadb_sa *p;
- u_int len;
-
- p = (struct sadb_sa *)buf;
- len = sizeof(struct sadb_sa);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_sa_len = PFKEY_UNIT64(len);
- p->sadb_sa_exttype = SADB_EXT_SA;
- p->sadb_sa_spi = spi;
- p->sadb_sa_replay = wsize;
- p->sadb_sa_state = SADB_SASTATE_LARVAL;
- p->sadb_sa_auth = auth;
- p->sadb_sa_encrypt = enc;
- p->sadb_sa_flags = flags;
-
- return(buf + len);
-}
-
-/*
- * set data into sadb_address.
- * `buf' must has been allocated sufficiently.
- * prefixlen is in bits.
- */
-static caddr_t
-pfkey_setsadbaddr(buf, lim, exttype, saddr, prefixlen, ul_proto)
- caddr_t buf;
- caddr_t lim;
- u_int exttype;
- struct sockaddr *saddr;
- u_int prefixlen;
- u_int ul_proto;
-{
- struct sadb_address *p;
- u_int len;
-
- p = (struct sadb_address *)buf;
- len = sizeof(struct sadb_address) + PFKEY_ALIGN8(saddr->sa_len);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_address_len = PFKEY_UNIT64(len);
- p->sadb_address_exttype = exttype & 0xffff;
- p->sadb_address_proto = ul_proto & 0xff;
- p->sadb_address_prefixlen = prefixlen;
- p->sadb_address_reserved = 0;
-
- memcpy(p + 1, saddr, saddr->sa_len);
-
- return(buf + len);
-}
-
-/*
- * set sadb_key structure after clearing buffer with zero.
- * OUT: the pointer of buf + len.
- */
-static caddr_t
-pfkey_setsadbkey(buf, lim, type, key, keylen)
- caddr_t buf;
- caddr_t lim;
- caddr_t key;
- u_int type, keylen;
-{
- struct sadb_key *p;
- u_int len;
-
- p = (struct sadb_key *)buf;
- len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_key_len = PFKEY_UNIT64(len);
- p->sadb_key_exttype = type;
- p->sadb_key_bits = keylen << 3;
- p->sadb_key_reserved = 0;
-
- memcpy(p + 1, key, keylen);
-
- return buf + len;
-}
-
-/*
- * set sadb_lifetime structure after clearing buffer with zero.
- * OUT: the pointer of buf + len.
- */
-static caddr_t
-pfkey_setsadblifetime(buf, lim, type, l_alloc, l_bytes, l_addtime, l_usetime)
- caddr_t buf;
- caddr_t lim;
- u_int type;
- u_int32_t l_alloc, l_bytes, l_addtime, l_usetime;
-{
- struct sadb_lifetime *p;
- u_int len;
-
- p = (struct sadb_lifetime *)buf;
- len = sizeof(struct sadb_lifetime);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_lifetime_len = PFKEY_UNIT64(len);
- p->sadb_lifetime_exttype = type;
-
- switch (type) {
- case SADB_EXT_LIFETIME_SOFT:
- p->sadb_lifetime_allocations
- = (l_alloc * soft_lifetime_allocations_rate) /100;
- p->sadb_lifetime_bytes
- = (l_bytes * soft_lifetime_bytes_rate) /100;
- p->sadb_lifetime_addtime
- = (l_addtime * soft_lifetime_addtime_rate) /100;
- p->sadb_lifetime_usetime
- = (l_usetime * soft_lifetime_usetime_rate) /100;
- break;
- case SADB_EXT_LIFETIME_HARD:
- p->sadb_lifetime_allocations = l_alloc;
- p->sadb_lifetime_bytes = l_bytes;
- p->sadb_lifetime_addtime = l_addtime;
- p->sadb_lifetime_usetime = l_usetime;
- break;
- }
-
- return buf + len;
-}
-
-/*
- * copy secasvar data into sadb_address.
- * `buf' must has been allocated sufficiently.
- */
-static caddr_t
-pfkey_setsadbxsa2(buf, lim, mode0, reqid)
- caddr_t buf;
- caddr_t lim;
- u_int32_t mode0;
- u_int32_t reqid;
-{
- struct sadb_x_sa2 *p;
- u_int8_t mode = mode0 & 0xff;
- u_int len;
-
- p = (struct sadb_x_sa2 *)buf;
- len = sizeof(struct sadb_x_sa2);
-
- if (buf + len > lim)
- return NULL;
-
- memset(p, 0, len);
- p->sadb_x_sa2_len = PFKEY_UNIT64(len);
- p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
- p->sadb_x_sa2_mode = mode;
- p->sadb_x_sa2_reqid = reqid;
-
- return(buf + len);
-}
diff --git a/freebsd/lib/libipsec/pfkey_dump.c b/freebsd/lib/libipsec/pfkey_dump.c
deleted file mode 100644
index e8d4b9b8..00000000
--- a/freebsd/lib/libipsec/pfkey_dump.c
+++ /dev/null
@@ -1,682 +0,0 @@
-#include <machine/rtems-bsd-user-space.h>
-
-/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <net/pfkeyv2.h>
-#include <netipsec/ipsec.h>
-#include <netipsec/key_var.h>
-#include <netipsec/key_debug.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <netdb.h>
-
-#include "ipsec_strerror.h"
-#include "libpfkey.h"
-
-/* cope with old kame headers - ugly */
-#ifndef SADB_X_AALG_MD5
-#define SADB_X_AALG_MD5 SADB_AALG_MD5
-#endif
-#ifndef SADB_X_AALG_SHA
-#define SADB_X_AALG_SHA SADB_AALG_SHA
-#endif
-#ifndef SADB_X_AALG_NULL
-#define SADB_X_AALG_NULL SADB_AALG_NULL
-#endif
-
-#ifndef SADB_X_EALG_BLOWFISHCBC
-#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC
-#endif
-#ifndef SADB_X_EALG_CAST128CBC
-#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC
-#endif
-#ifndef SADB_X_EALG_RC5CBC
-#ifdef SADB_EALG_RC5CBC
-#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
-#endif
-#endif
-
-#define GETMSGSTR(str, num) \
-do { \
- if (sizeof((str)[0]) == 0 \
- || num >= sizeof(str)/sizeof((str)[0])) \
- printf("%u ", (num)); \
- else if (strlen((str)[(num)]) == 0) \
- printf("%u ", (num)); \
- else \
- printf("%s ", (str)[(num)]); \
-} while (0)
-
-#define GETMSGV2S(v2s, num) \
-do { \
- struct val2str *p; \
- for (p = (v2s); p && p->str; p++) { \
- if (p->val == (num)) \
- break; \
- } \
- if (p && p->str) \
- printf("%s ", p->str); \
- else \
- printf("%u ", (num)); \
-} while (0)
-
-static char *str_ipaddr(struct sockaddr *);
-static char *str_prefport(u_int, u_int, u_int, u_int);
-static void str_upperspec(u_int, u_int, u_int);
-static char *str_time(time_t);
-static void str_lifetime_byte(struct sadb_lifetime *, char *);
-
-struct val2str {
- int val;
- const char *str;
-};
-
-/*
- * Must to be re-written about following strings.
- */
-static char *str_satype[] = {
- "unspec",
- "unknown",
- "ah",
- "esp",
- "unknown",
- "rsvp",
- "ospfv2",
- "ripv2",
- "mip",
- "ipcomp",
- "policy",
- "tcp"
-};
-
-static char *str_mode[] = {
- "any",
- "transport",
- "tunnel",
-};
-
-static char *str_state[] = {
- "larval",
- "mature",
- "dying",
- "dead",
-};
-
-static struct val2str str_alg_auth[] = {
- { SADB_AALG_NONE, "none", },
- { SADB_AALG_MD5HMAC, "hmac-md5", },
- { SADB_AALG_SHA1HMAC, "hmac-sha1", },
- { SADB_X_AALG_MD5, "md5", },
- { SADB_X_AALG_SHA, "sha", },
- { SADB_X_AALG_NULL, "null", },
- { SADB_X_AALG_TCP_MD5, "tcp-md5", },
-#ifdef SADB_X_AALG_SHA2_256
- { SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
-#endif
-#ifdef SADB_X_AALG_SHA2_384
- { SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
-#endif
-#ifdef SADB_X_AALG_SHA2_512
- { SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
-#endif
-#ifdef SADB_X_AALG_RIPEMD160HMAC
- { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
-#endif
-#ifdef SADB_X_AALG_AES_XCBC_MAC
- { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
-#endif
- { -1, NULL, },
-};
-
-static struct val2str str_alg_enc[] = {
- { SADB_EALG_NONE, "none", },
- { SADB_EALG_DESCBC, "des-cbc", },
- { SADB_EALG_3DESCBC, "3des-cbc", },
- { SADB_EALG_NULL, "null", },
-#ifdef SADB_X_EALG_RC5CBC
- { SADB_X_EALG_RC5CBC, "rc5-cbc", },
-#endif
- { SADB_X_EALG_CAST128CBC, "cast128-cbc", },
- { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
-#ifdef SADB_X_EALG_RIJNDAELCBC
- { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
-#endif
-#ifdef SADB_X_EALG_TWOFISHCBC
- { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
-#endif
-#ifdef SADB_X_EALG_AESCTR
- { SADB_X_EALG_AESCTR, "aes-ctr", },
-#endif
-#ifdef SADB_X_EALG_AESGCM16
- { SADB_X_EALG_AESGCM16, "aes-gcm-16", },
-#endif
-#ifdef SADB_X_EALG_CAMELLIACBC
- { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
-#endif
- { -1, NULL, },
-};
-
-static struct val2str str_alg_comp[] = {
- { SADB_X_CALG_NONE, "none", },
- { SADB_X_CALG_OUI, "oui", },
- { SADB_X_CALG_DEFLATE, "deflate", },
- { SADB_X_CALG_LZS, "lzs", },
- { -1, NULL, },
-};
-
-static struct val2str str_sp_scope[] = {
- { IPSEC_POLICYSCOPE_GLOBAL, "global" },
- { IPSEC_POLICYSCOPE_IFNET, "ifnet" },
- { IPSEC_POLICYSCOPE_PCB, "pcb"},
- { -1, NULL },
-};
-
-/*
- * dump SADB_MSG formated. For debugging, you should use kdebug_sadb().
- */
-void
-pfkey_sadump(m)
- struct sadb_msg *m;
-{
- caddr_t mhp[SADB_EXT_MAX + 1];
- struct sadb_sa *m_sa;
- struct sadb_x_sa2 *m_sa2;
- struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
- struct sadb_address *m_saddr, *m_daddr, *m_paddr;
- struct sadb_key *m_auth, *m_enc;
- struct sadb_ident *m_sid, *m_did;
- struct sadb_sens *m_sens;
- struct sadb_x_sa_replay *m_sa_replay;
- struct sadb_x_nat_t_type *natt_type;
- struct sadb_x_nat_t_port *natt_sport, *natt_dport;
- struct sadb_address *natt_oai, *natt_oar;
-
- /* check pfkey message. */
- if (pfkey_align(m, mhp)) {
- printf("%s\n", ipsec_strerror());
- return;
- }
- if (pfkey_check(mhp)) {
- printf("%s\n", ipsec_strerror());
- return;
- }
-
- m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
- m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
- m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
- m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
- m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
- m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
- m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
- m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY];
- m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH];
- m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT];
- m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC];
- m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
- m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
- m_sa_replay = (struct sadb_x_sa_replay *)mhp[SADB_X_EXT_SA_REPLAY];
- natt_type = (struct sadb_x_nat_t_type *)mhp[SADB_X_EXT_NAT_T_TYPE];
- natt_sport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_SPORT];
- natt_dport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_DPORT];
- natt_oai = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAI];
- natt_oar = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAR];
-
-
- /* source address */
- if (m_saddr == NULL) {
- printf("no ADDRESS_SRC extension.\n");
- return;
- }
- printf("%s", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
- if (natt_type != NULL && natt_sport != NULL)
- printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port));
-
- /* destination address */
- if (m_daddr == NULL) {
- printf("\nno ADDRESS_DST extension.\n");
- return;
- }
- printf(" %s", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
- if (natt_type != NULL && natt_dport != NULL)
- printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port));
-
- /* SA type */
- if (m_sa == NULL) {
- printf("\nno SA extension.\n");
- return;
- }
- if (m_sa2 == NULL) {
- printf("\nno SA2 extension.\n");
- return;
- }
- printf("\n\t");
-
- if (m->sadb_msg_satype == SADB_SATYPE_ESP && natt_type != NULL)
- printf("esp-udp ");
- else
- GETMSGSTR(str_satype, m->sadb_msg_satype);
-
- printf("mode=");
- GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
-
- printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
- (u_int32_t)ntohl(m_sa->sadb_sa_spi),
- (u_int32_t)ntohl(m_sa->sadb_sa_spi),
- (u_int32_t)m_sa2->sadb_x_sa2_reqid,
- (u_int32_t)m_sa2->sadb_x_sa2_reqid);
-
- /* other NAT-T information */
- if (natt_type != NULL && (natt_oai != NULL || natt_oar != NULL)) {
- printf("\tNAT:");
- if (natt_oai != NULL)
- printf(" OAI=%s",
- str_ipaddr((struct sockaddr *)(natt_oai + 1)));
- if (natt_oar != NULL)
- printf(" OAR=%s",
- str_ipaddr((struct sockaddr *)(natt_oar + 1)));
- printf("\n");
- }
-
- /* encryption key */
- if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
- printf("\tC: ");
- GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
- } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
- if (m_enc != NULL) {
- printf("\tE: ");
- GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
- ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc),
- m_enc->sadb_key_bits / 8);
- printf("\n");
- }
- }
-
- /* authentication key */
- if (m_auth != NULL) {
- printf("\tA: ");
- GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
- ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth),
- m_auth->sadb_key_bits / 8);
- printf("\n");
- }
-
- /* replay windoe size & flags */
- printf("\tseq=0x%08x replay=%u flags=0x%08x ",
- m_sa2->sadb_x_sa2_sequence,
- m_sa_replay ? (m_sa_replay->sadb_x_sa_replay_replay >> 3) :
- m_sa->sadb_sa_replay,
- m_sa->sadb_sa_flags);
-
- /* state */
- printf("state=");
- GETMSGSTR(str_state, m_sa->sadb_sa_state);
- printf("\n");
-
- /* lifetime */
- if (m_lftc != NULL) {
- time_t tmp_time = time(0);
-
- printf("\tcreated: %s",
- str_time(m_lftc->sadb_lifetime_addtime));
- printf("\tcurrent: %s\n", str_time(tmp_time));
- printf("\tdiff: %lu(s)",
- (u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
- 0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
-
- printf("\thard: %lu(s)",
- (u_long)(m_lfth == NULL ?
- 0 : m_lfth->sadb_lifetime_addtime));
- printf("\tsoft: %lu(s)\n",
- (u_long)(m_lfts == NULL ?
- 0 : m_lfts->sadb_lifetime_addtime));
-
- printf("\tlast: %s",
- str_time(m_lftc->sadb_lifetime_usetime));
- printf("\thard: %lu(s)",
- (u_long)(m_lfth == NULL ?
- 0 : m_lfth->sadb_lifetime_usetime));
- printf("\tsoft: %lu(s)\n",
- (u_long)(m_lfts == NULL ?
- 0 : m_lfts->sadb_lifetime_usetime));
-
- str_lifetime_byte(m_lftc, "current");
- str_lifetime_byte(m_lfth, "hard");
- str_lifetime_byte(m_lfts, "soft");
- printf("\n");
-
- printf("\tallocated: %lu",
- (unsigned long)m_lftc->sadb_lifetime_allocations);
- printf("\thard: %lu",
- (u_long)(m_lfth == NULL ?
- 0 : m_lfth->sadb_lifetime_allocations));
- printf("\tsoft: %lu\n",
- (u_long)(m_lfts == NULL ?
- 0 : m_lfts->sadb_lifetime_allocations));
- }
-
- printf("\tsadb_seq=%lu pid=%lu ",
- (u_long)m->sadb_msg_seq,
- (u_long)m->sadb_msg_pid);
-
- /* XXX DEBUG */
- printf("refcnt=%u\n", m->sadb_msg_reserved);
-
- return;
-}
-
-void
-pfkey_spdump(struct sadb_msg *m)
-{
- char pbuf[NI_MAXSERV];
- caddr_t mhp[SADB_EXT_MAX + 1];
- struct sadb_address *m_saddr, *m_daddr;
- struct sadb_x_policy *m_xpl;
- struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
- struct sockaddr *sa;
- u_int16_t sport = 0, dport = 0;
-
- /* check pfkey message. */
- if (pfkey_align(m, mhp)) {
- printf("%s\n", ipsec_strerror());
- return;
- }
- if (pfkey_check(mhp)) {
- printf("%s\n", ipsec_strerror());
- return;
- }
-
- m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
- m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
- m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
- m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
- m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
-
- if (m_saddr && m_daddr) {
- /* source address */
- sa = (struct sockaddr *)(m_saddr + 1);
- switch (sa->sa_family) {
- case AF_INET:
- case AF_INET6:
- if (getnameinfo(sa, sa->sa_len, NULL, 0,
- pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
- sport = 0; /*XXX*/
- else
- sport = atoi(pbuf);
- printf("%s%s ", str_ipaddr(sa),
- str_prefport(sa->sa_family,
- m_saddr->sadb_address_prefixlen, sport,
- m_saddr->sadb_address_proto));
- break;
- default:
- printf("unknown-af ");
- break;
- }
-
- /* destination address */
- sa = (struct sockaddr *)(m_daddr + 1);
- switch (sa->sa_family) {
- case AF_INET:
- case AF_INET6:
- if (getnameinfo(sa, sa->sa_len, NULL, 0,
- pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
- dport = 0; /*XXX*/
- else
- dport = atoi(pbuf);
- printf("%s%s ", str_ipaddr(sa),
- str_prefport(sa->sa_family,
- m_daddr->sadb_address_prefixlen, dport,
- m_saddr->sadb_address_proto));
- break;
- default:
- printf("unknown-af ");
- break;
- }
-
- /* upper layer protocol */
- if (m_saddr->sadb_address_proto !=
- m_daddr->sadb_address_proto) {
- printf("upper layer protocol mismatched.\n");
- return;
- }
- str_upperspec(m_saddr->sadb_address_proto, sport, dport);
- }
- else
- printf("(no selector, probably per-socket policy) ");
-
- /* policy */
- {
- char *d_xpl;
-
- if (m_xpl == NULL) {
- printf("no X_POLICY extension.\n");
- return;
- }
- d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t");
-
- /* dump SPD */
- printf("\n\t%s\n", d_xpl);
- free(d_xpl);
- }
-
- /* lifetime */
- if (m_lftc) {
- printf("\tcreated: %s ",
- str_time(m_lftc->sadb_lifetime_addtime));
- printf("lastused: %s\n",
- str_time(m_lftc->sadb_lifetime_usetime));
- }
- if (m_lfth) {
- printf("\tlifetime: %lu(s) ",
- (u_long)m_lfth->sadb_lifetime_addtime);
- printf("validtime: %lu(s)\n",
- (u_long)m_lfth->sadb_lifetime_usetime);
- }
-
-
- printf("\tspid=%ld seq=%ld pid=%ld scope=",
- (u_long)m_xpl->sadb_x_policy_id,
- (u_long)m->sadb_msg_seq,
- (u_long)m->sadb_msg_pid);
- GETMSGV2S(str_sp_scope, m_xpl->sadb_x_policy_scope);
- if (m_xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET &&
- if_indextoname(m_xpl->sadb_x_policy_ifindex, pbuf) != NULL)
- printf("ifname=%s", pbuf);
- printf("\n");
-
- /* XXX TEST */
- printf("\trefcnt=%u\n", m->sadb_msg_reserved);
-
- return;
-}
-
-/*
- * set "ipaddress" to buffer.
- */
-static char *
-str_ipaddr(sa)
- struct sockaddr *sa;
-{
- static char buf[NI_MAXHOST];
- const int niflag = NI_NUMERICHOST;
-
- if (sa == NULL)
- return "";
-
- if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
- return buf;
- return NULL;
-}
-
-/*
- * set "/prefix[port number]" to buffer.
- */
-static char *
-str_prefport(family, pref, port, ulp)
- u_int family, pref, port, ulp;
-{
- static char buf[128];
- char prefbuf[128];
- char portbuf[128];
- int plen;
-
- switch (family) {
- case AF_INET:
- plen = sizeof(struct in_addr) << 3;
- break;
- case AF_INET6:
- plen = sizeof(struct in6_addr) << 3;
- break;
- default:
- return "?";
- }
-
- if (pref == plen)
- prefbuf[0] = '\0';
- else
- snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
-
- if (ulp == IPPROTO_ICMPV6)
- memset(portbuf, 0, sizeof(portbuf));
- else {
- if (port == IPSEC_PORT_ANY)
- snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
- else
- snprintf(portbuf, sizeof(portbuf), "[%u]", port);
- }
-
- snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
-
- return buf;
-}
-
-static void
-str_upperspec(ulp, p1, p2)
- u_int ulp, p1, p2;
-{
- if (ulp == IPSEC_ULPROTO_ANY)
- printf("any");
- else if (ulp == IPPROTO_ICMPV6) {
- printf("icmp6");
- if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
- printf(" %u,%u", p1, p2);
- } else {
- struct protoent *ent;
-
- switch (ulp) {
- case IPPROTO_IPV4:
- printf("ip4");
- break;
- default:
- ent = getprotobynumber(ulp);
- if (ent)
- printf("%s", ent->p_name);
- else
- printf("%u", ulp);
-
- endprotoent();
- break;
- }
- }
-}
-
-/*
- * set "Mon Day Time Year" to buffer
- */
-static char *
-str_time(t)
- time_t t;
-{
- static char buf[128];
-
- if (t == 0) {
- int i = 0;
- for (;i < 20;) buf[i++] = ' ';
- } else {
- char *t0;
- t0 = ctime(&t);
- memcpy(buf, t0 + 4, 20);
- }
-
- buf[20] = '\0';
-
- return(buf);
-}
-
-static void
-str_lifetime_byte(x, str)
- struct sadb_lifetime *x;
- char *str;
-{
- double y;
- char *unit;
- int w;
-
- if (x == NULL) {
- printf("\t%s: 0(bytes)", str);
- return;
- }
-
-#if 0
- if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
- y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
- unit = "M";
- w = 1;
- } else if ((x->sadb_lifetime_bytes) / 1024) {
- y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
- unit = "K";
- w = 1;
- } else {
- y = (x->sadb_lifetime_bytes) * 1.0;
- unit = "";
- w = 0;
- }
-#else
- y = (x->sadb_lifetime_bytes) * 1.0;
- unit = "";
- w = 0;
-#endif
- printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
-}
diff --git a/freebsd/lib/libipsec/policy_parse.c b/freebsd/lib/libipsec/policy_parse.c
deleted file mode 100644
index 04aae36b..00000000
--- a/freebsd/lib/libipsec/policy_parse.c
+++ /dev/null
@@ -1,966 +0,0 @@
-/* original parser id follows */
-/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */
-/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */
-
-#define YYBYACC 1
-#define YYMAJOR 1
-#define YYMINOR 9
-#define YYPATCH 20160324
-
-#define YYEMPTY (-1)
-#define yyclearin (yychar = YYEMPTY)
-#define yyerrok (yyerrflag = 0)
-#define YYRECOVERING() (yyerrflag != 0)
-#define YYENOMEM (-2)
-#define YYEOF 0
-
-#ifndef yyparse
-#define yyparse __libipsecyyparse
-#endif /* yyparse */
-
-#ifndef yylex
-#define yylex __libipsecyylex
-#endif /* yylex */
-
-#ifndef yyerror
-#define yyerror __libipsecyyerror
-#endif /* yyerror */
-
-#ifndef yychar
-#define yychar __libipsecyychar
-#endif /* yychar */
-
-#ifndef yyval
-#define yyval __libipsecyyval
-#endif /* yyval */
-
-#ifndef yylval
-#define yylval __libipsecyylval
-#endif /* yylval */
-
-#ifndef yydebug
-#define yydebug __libipsecyydebug
-#endif /* yydebug */
-
-#ifndef yynerrs
-#define yynerrs __libipsecyynerrs
-#endif /* yynerrs */
-
-#ifndef yyerrflag
-#define yyerrflag __libipsecyyerrflag
-#endif /* yyerrflag */
-
-#ifndef yylhs
-#define yylhs __libipsecyylhs
-#endif /* yylhs */
-
-#ifndef yylen
-#define yylen __libipsecyylen
-#endif /* yylen */
-
-#ifndef yydefred
-#define yydefred __libipsecyydefred
-#endif /* yydefred */
-
-#ifndef yydgoto
-#define yydgoto __libipsecyydgoto
-#endif /* yydgoto */
-
-#ifndef yysindex
-#define yysindex __libipsecyysindex
-#endif /* yysindex */
-
-#ifndef yyrindex
-#define yyrindex __libipsecyyrindex
-#endif /* yyrindex */
-
-#ifndef yygindex
-#define yygindex __libipsecyygindex
-#endif /* yygindex */
-
-#ifndef yytable
-#define yytable __libipsecyytable
-#endif /* yytable */
-
-#ifndef yycheck
-#define yycheck __libipsecyycheck
-#endif /* yycheck */
-
-#ifndef yyname
-#define yyname __libipsecyyname
-#endif /* yyname */
-
-#ifndef yyrule
-#define yyrule __libipsecyyrule
-#endif /* yyrule */
-#define YYPREFIX "__libipsecyy"
-
-#define YYPURE 0
-
-#line 52 "../../freebsd/lib/libipsec/policy_parse.y"
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <netdb.h>
-
-#include "ipsec_strerror.h"
-
-#define ATOX(c) \
- (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
-
-static caddr_t pbuf = NULL; /* sadb_x_policy buffer */
-static int tlen = 0; /* total length of pbuf */
-static int offset = 0; /* offset of pbuf */
-static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid;
-static struct sockaddr *p_src = NULL;
-static struct sockaddr *p_dst = NULL;
-
-struct _val;
-extern void yyerror(char *msg);
-static struct sockaddr *parse_sockaddr(struct _val *buf);
-static int rule_check(void);
-static int init_x_policy(void);
-static int set_x_request(struct sockaddr *src, struct sockaddr *dst);
-static int set_sockaddr(struct sockaddr *addr);
-static void policy_parse_request_init(void);
-static caddr_t policy_parse(char *msg, int msglen);
-
-extern void __policy__strbuffer__init__(char *msg);
-extern void __policy__strbuffer__free__(void);
-extern int yylex(void);
-
-extern char *__libipsecyytext; /*XXX*/
-
-#line 97 "../../freebsd/lib/libipsec/policy_parse.y"
-#ifdef YYSTYPE
-#undef YYSTYPE_IS_DECLARED
-#define YYSTYPE_IS_DECLARED 1
-#endif
-#ifndef YYSTYPE_IS_DECLARED
-#define YYSTYPE_IS_DECLARED 1
-typedef union {
- u_int num;
- struct _val {
- int len;
- char *buf;
- } val;
-} YYSTYPE;
-#endif /* !YYSTYPE_IS_DECLARED */
-#line 160 "__libipsecyy.tab.c"
-
-/* compatibility with bison */
-#ifdef YYPARSE_PARAM
-/* compatibility with FreeBSD */
-# ifdef YYPARSE_PARAM_TYPE
-# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
-# else
-# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
-# endif
-#else
-# define YYPARSE_DECL() yyparse(void)
-#endif
-
-/* Parameters sent to lex. */
-#ifdef YYLEX_PARAM
-# define YYLEX_DECL() yylex(void *YYLEX_PARAM)
-# define YYLEX yylex(YYLEX_PARAM)
-#else
-# define YYLEX_DECL() yylex(void)
-# define YYLEX yylex()
-#endif
-
-/* Parameters sent to yyerror. */
-#ifndef YYERROR_DECL
-#define YYERROR_DECL() yyerror(const char *s)
-#endif
-#ifndef YYERROR_CALL
-#define YYERROR_CALL(msg) yyerror(msg)
-#endif
-
-extern int YYPARSE_DECL();
-
-#define DIR 257
-#define ACTION 258
-#define PROTOCOL 259
-#define MODE 260
-#define LEVEL 261
-#define LEVEL_SPECIFY 262
-#define IPADDRESS 263
-#define ME 264
-#define ANY 265
-#define SLASH 266
-#define HYPHEN 267
-#define YYERRCODE 256
-typedef int YYINT;
-static const YYINT __libipsecyylhs[] = { -1,
- 2, 0, 0, 1, 1, 3, 3, 3, 3, 3,
- 3, 3, 3, 4, 5, 7, 7, 8, 6, 6,
- 6,
-};
-static const YYINT __libipsecyylen[] = { 2,
- 0, 4, 1, 0, 2, 7, 6, 5, 4, 6,
- 3, 2, 1, 1, 1, 1, 1, 0, 4, 3,
- 3,
-};
-static const YYINT __libipsecyydefred[] = { 0,
- 0, 0, 1, 4, 0, 14, 5, 0, 0, 15,
- 0, 0, 18, 0, 0, 0, 0, 0, 0, 0,
- 16, 17, 10, 0, 0, 20, 21, 6, 19,
-};
-static const YYINT __libipsecyydgoto[] = { 2,
- 5, 4, 7, 8, 11, 17, 23, 18,
-};
-static const YYINT __libipsecyysindex[] = { -257,
- -245, 0, 0, 0, -244, 0, 0, -252, -243, 0,
- -248, -256, 0, -251, -247, -250, -242, -246, -240, -241,
- 0, 0, 0, -250, -237, 0, 0, 0, 0,
-};
-static const YYINT __libipsecyyrindex[] = { 0,
- 19, 0, 0, 0, 22, 0, 0, 1, 2, 0,
- 3, 4, 0, 0, 0, 0, 5, 0, 0, 0,
- 0, 0, 0, 6, 0, 0, 0, 0, 0,
-};
-static const YYINT __libipsecyygindex[] = { 0,
- 0, 0, 0, 0, 0, 0, 7, 0,
-};
-#define YYTABLESIZE 265
-static const YYINT __libipsecyytable[] = { 1,
- 13, 12, 11, 9, 8, 7, 13, 14, 15, 16,
- 21, 22, 3, 9, 6, 19, 10, 12, 3, 20,
- 25, 2, 27, 24, 26, 29, 0, 0, 0, 0,
- 28, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 13,
- 12, 11, 9, 8, 7,
-};
-static const YYINT __libipsecyycheck[] = { 257,
- 0, 0, 0, 0, 0, 0, 263, 264, 265, 266,
- 261, 262, 258, 266, 259, 267, 260, 266, 0, 267,
- 267, 0, 264, 266, 265, 263, -1, -1, -1, -1,
- 24, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, 259,
- 259, 259, 259, 259, 259,
-};
-#define YYFINAL 2
-#ifndef YYDEBUG
-#define YYDEBUG 0
-#endif
-#define YYMAXTOKEN 267
-#define YYUNDFTOKEN 278
-#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))
-#if YYDEBUG
-static const char *const __libipsecyyname[] = {
-
-"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"DIR","ACTION","PROTOCOL","MODE",
-"LEVEL","LEVEL_SPECIFY","IPADDRESS","ME","ANY","SLASH","HYPHEN",0,0,0,0,0,0,0,0,
-0,0,"illegal-symbol",
-};
-static const char *const __libipsecyyrule[] = {
-"$accept : policy_spec",
-"$$1 :",
-"policy_spec : DIR ACTION $$1 rules",
-"policy_spec : DIR",
-"rules :",
-"rules : rules rule",
-"rule : protocol SLASH mode SLASH addresses SLASH level",
-"rule : protocol SLASH mode SLASH addresses SLASH",
-"rule : protocol SLASH mode SLASH addresses",
-"rule : protocol SLASH mode SLASH",
-"rule : protocol SLASH mode SLASH SLASH level",
-"rule : protocol SLASH mode",
-"rule : protocol SLASH",
-"rule : protocol",
-"protocol : PROTOCOL",
-"mode : MODE",
-"level : LEVEL",
-"level : LEVEL_SPECIFY",
-"$$2 :",
-"addresses : IPADDRESS $$2 HYPHEN IPADDRESS",
-"addresses : ME HYPHEN ANY",
-"addresses : ANY HYPHEN ME",
-
-};
-#endif
-
-int yydebug;
-int yynerrs;
-
-int yyerrflag;
-int yychar;
-YYSTYPE yyval;
-YYSTYPE yylval;
-
-/* define the initial stack-sizes */
-#ifdef YYSTACKSIZE
-#undef YYMAXDEPTH
-#define YYMAXDEPTH YYSTACKSIZE
-#else
-#ifdef YYMAXDEPTH
-#define YYSTACKSIZE YYMAXDEPTH
-#else
-#define YYSTACKSIZE 10000
-#define YYMAXDEPTH 10000
-#endif
-#endif
-
-#define YYINITSTACKSIZE 200
-
-typedef struct {
- unsigned stacksize;
- YYINT *s_base;
- YYINT *s_mark;
- YYINT *s_last;
- YYSTYPE *l_base;
- YYSTYPE *l_mark;
-} YYSTACKDATA;
-/* variables for the parser stack */
-static YYSTACKDATA yystack;
-#line 212 "../../freebsd/lib/libipsec/policy_parse.y"
-
-void
-yyerror(msg)
- char *msg;
-{
- fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
- msg, __libipsecyytext);
-
- return;
-}
-
-static struct sockaddr *
-parse_sockaddr(buf)
- struct _val *buf;
-{
- struct addrinfo hints, *res;
- char *serv = NULL;
- int error;
- struct sockaddr *newaddr = NULL;
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_flags = AI_NUMERICHOST;
- error = getaddrinfo(buf->buf, serv, &hints, &res);
- if (error != 0) {
- yyerror("invalid IP address");
- __ipsec_set_strerror(gai_strerror(error));
- return NULL;
- }
-
- if (res->ai_addr == NULL) {
- yyerror("invalid IP address");
- __ipsec_set_strerror(gai_strerror(error));
- return NULL;
- }
-
- newaddr = malloc(res->ai_addr->sa_len);
- if (newaddr == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- freeaddrinfo(res);
- return NULL;
- }
- memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len);
-
- freeaddrinfo(res);
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return newaddr;
-}
-
-static int
-rule_check()
-{
- if (p_type == IPSEC_POLICY_IPSEC) {
- if (p_protocol == IPPROTO_IP) {
- __ipsec_errcode = EIPSEC_NO_PROTO;
- return -1;
- }
-
- if (p_mode != IPSEC_MODE_TRANSPORT
- && p_mode != IPSEC_MODE_TUNNEL) {
- __ipsec_errcode = EIPSEC_INVAL_MODE;
- return -1;
- }
-
- if (p_src == NULL && p_dst == NULL) {
- if (p_mode != IPSEC_MODE_TRANSPORT) {
- __ipsec_errcode = EIPSEC_INVAL_ADDRESS;
- return -1;
- }
- }
- else if (p_src->sa_family != p_dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-init_x_policy()
-{
- struct sadb_x_policy *p;
-
- tlen = sizeof(struct sadb_x_policy);
-
- pbuf = malloc(tlen);
- if (pbuf == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- return -1;
- }
- memset(pbuf, 0, tlen);
- p = (struct sadb_x_policy *)pbuf;
- p->sadb_x_policy_len = 0; /* must update later */
- p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
- p->sadb_x_policy_type = p_type;
- p->sadb_x_policy_dir = p_dir;
- p->sadb_x_policy_id = 0;
-
- offset = tlen;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-set_x_request(src, dst)
- struct sockaddr *src, *dst;
-{
- struct sadb_x_ipsecrequest *p;
- int reqlen;
-
- reqlen = sizeof(*p)
- + (src ? src->sa_len : 0)
- + (dst ? dst->sa_len : 0);
- tlen += reqlen; /* increment to total length */
-
- pbuf = realloc(pbuf, tlen);
- if (pbuf == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- return -1;
- }
- p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
- p->sadb_x_ipsecrequest_len = reqlen;
- p->sadb_x_ipsecrequest_proto = p_protocol;
- p->sadb_x_ipsecrequest_mode = p_mode;
- p->sadb_x_ipsecrequest_level = p_level;
- p->sadb_x_ipsecrequest_reqid = p_reqid;
- offset += sizeof(*p);
-
- if (set_sockaddr(src) || set_sockaddr(dst))
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-set_sockaddr(addr)
- struct sockaddr *addr;
-{
- if (addr == NULL) {
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
- }
-
- /* tlen has already incremented */
-
- memcpy(&pbuf[offset], addr, addr->sa_len);
-
- offset += addr->sa_len;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static void
-policy_parse_request_init()
-{
- p_protocol = IPPROTO_IP;
- p_mode = IPSEC_MODE_ANY;
- p_level = IPSEC_LEVEL_DEFAULT;
- p_reqid = 0;
- if (p_src != NULL) {
- free(p_src);
- p_src = NULL;
- }
- if (p_dst != NULL) {
- free(p_dst);
- p_dst = NULL;
- }
-
- return;
-}
-
-static caddr_t
-policy_parse(msg, msglen)
- char *msg;
- int msglen;
-{
- int error;
- pbuf = NULL;
- tlen = 0;
-
- /* initialize */
- p_dir = IPSEC_DIR_INVALID;
- p_type = IPSEC_POLICY_DISCARD;
- policy_parse_request_init();
- __policy__strbuffer__init__(msg);
-
- error = yyparse(); /* it must be set errcode. */
- __policy__strbuffer__free__();
-
- if (error) {
- if (pbuf != NULL)
- free(pbuf);
- return NULL;
- }
-
- /* update total length */
- ((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
-
- return pbuf;
-}
-
-caddr_t
-ipsec_set_policy(msg, msglen)
- char *msg;
- int msglen;
-{
- caddr_t policy;
-
- policy = policy_parse(msg, msglen);
- if (policy == NULL) {
- if (__ipsec_errcode == EIPSEC_NO_ERROR)
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return NULL;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return policy;
-}
-
-#line 604 "__libipsecyy.tab.c"
-
-#if YYDEBUG
-#include <stdio.h> /* needed for printf */
-#endif
-
-#include <stdlib.h> /* needed for malloc, etc */
-#include <string.h> /* needed for memset */
-
-/* allocate initial stack or double stack size, up to YYMAXDEPTH */
-static int yygrowstack(YYSTACKDATA *data)
-{
- int i;
- unsigned newsize;
- YYINT *newss;
- YYSTYPE *newvs;
-
- if ((newsize = data->stacksize) == 0)
- newsize = YYINITSTACKSIZE;
- else if (newsize >= YYMAXDEPTH)
- return YYENOMEM;
- else if ((newsize *= 2) > YYMAXDEPTH)
- newsize = YYMAXDEPTH;
-
- i = (int) (data->s_mark - data->s_base);
- newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss));
- if (newss == 0)
- return YYENOMEM;
-
- data->s_base = newss;
- data->s_mark = newss + i;
-
- newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs));
- if (newvs == 0)
- return YYENOMEM;
-
- data->l_base = newvs;
- data->l_mark = newvs + i;
-
- data->stacksize = newsize;
- data->s_last = data->s_base + newsize - 1;
- return 0;
-}
-
-#if YYPURE || defined(YY_NO_LEAKS)
-static void yyfreestack(YYSTACKDATA *data)
-{
- free(data->s_base);
- free(data->l_base);
- memset(data, 0, sizeof(*data));
-}
-#else
-#define yyfreestack(data) /* nothing */
-#endif
-
-#define YYABORT goto yyabort
-#define YYREJECT goto yyabort
-#define YYACCEPT goto yyaccept
-#define YYERROR goto yyerrlab
-
-int
-YYPARSE_DECL()
-{
- int yym, yyn, yystate;
-#if YYDEBUG
- const char *yys;
-
- if ((yys = getenv("YYDEBUG")) != 0)
- {
- yyn = *yys;
- if (yyn >= '0' && yyn <= '9')
- yydebug = yyn - '0';
- }
-#endif
-
- yynerrs = 0;
- yyerrflag = 0;
- yychar = YYEMPTY;
- yystate = 0;
-
-#if YYPURE
- memset(&yystack, 0, sizeof(yystack));
-#endif
-
- if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
- yystack.s_mark = yystack.s_base;
- yystack.l_mark = yystack.l_base;
- yystate = 0;
- *yystack.s_mark = 0;
-
-yyloop:
- if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
- if (yychar < 0)
- {
- if ((yychar = YYLEX) < 0) yychar = YYEOF;
-#if YYDEBUG
- if (yydebug)
- {
- yys = yyname[YYTRANSLATE(yychar)];
- printf("%sdebug: state %d, reading %d (%s)\n",
- YYPREFIX, yystate, yychar, yys);
- }
-#endif
- }
- if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
- {
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: state %d, shifting to state %d\n",
- YYPREFIX, yystate, yytable[yyn]);
-#endif
- if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
- {
- goto yyoverflow;
- }
- yystate = yytable[yyn];
- *++yystack.s_mark = yytable[yyn];
- *++yystack.l_mark = yylval;
- yychar = YYEMPTY;
- if (yyerrflag > 0) --yyerrflag;
- goto yyloop;
- }
- if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
- {
- yyn = yytable[yyn];
- goto yyreduce;
- }
- if (yyerrflag) goto yyinrecovery;
-
- YYERROR_CALL("syntax error");
-
- goto yyerrlab;
-
-yyerrlab:
- ++yynerrs;
-
-yyinrecovery:
- if (yyerrflag < 3)
- {
- yyerrflag = 3;
- for (;;)
- {
- if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
- {
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: state %d, error recovery shifting\
- to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
-#endif
- if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
- {
- goto yyoverflow;
- }
- yystate = yytable[yyn];
- *++yystack.s_mark = yytable[yyn];
- *++yystack.l_mark = yylval;
- goto yyloop;
- }
- else
- {
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: error recovery discarding state %d\n",
- YYPREFIX, *yystack.s_mark);
-#endif
- if (yystack.s_mark <= yystack.s_base) goto yyabort;
- --yystack.s_mark;
- --yystack.l_mark;
- }
- }
- }
- else
- {
- if (yychar == YYEOF) goto yyabort;
-#if YYDEBUG
- if (yydebug)
- {
- yys = yyname[YYTRANSLATE(yychar)];
- printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
- YYPREFIX, yystate, yychar, yys);
- }
-#endif
- yychar = YYEMPTY;
- goto yyloop;
- }
-
-yyreduce:
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: state %d, reducing by rule %d (%s)\n",
- YYPREFIX, yystate, yyn, yyrule[yyn]);
-#endif
- yym = yylen[yyn];
- if (yym)
- yyval = yystack.l_mark[1-yym];
- else
- memset(&yyval, 0, sizeof yyval);
- switch (yyn)
- {
-case 1:
-#line 115 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_dir = yystack.l_mark[-1].num;
- p_type = yystack.l_mark[0].num;
-
- if (init_x_policy())
- return -1;
- }
-break;
-case 3:
-#line 124 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_dir = yystack.l_mark[0].num;
- p_type = 0; /* ignored it by kernel */
-
- if (init_x_policy())
- return -1;
- }
-break;
-case 5:
-#line 135 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- if (rule_check() < 0)
- return -1;
-
- if (set_x_request(p_src, p_dst) < 0)
- return -1;
-
- policy_parse_request_init();
- }
-break;
-case 12:
-#line 153 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- __ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
- return -1;
- }
-break;
-case 13:
-#line 157 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- __ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
- return -1;
- }
-break;
-case 14:
-#line 164 "../../freebsd/lib/libipsec/policy_parse.y"
- { p_protocol = yystack.l_mark[0].num; }
-break;
-case 15:
-#line 168 "../../freebsd/lib/libipsec/policy_parse.y"
- { p_mode = yystack.l_mark[0].num; }
-break;
-case 16:
-#line 172 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_level = yystack.l_mark[0].num;
- p_reqid = 0;
- }
-break;
-case 17:
-#line 176 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_level = IPSEC_LEVEL_UNIQUE;
- p_reqid = atol(yystack.l_mark[0].val.buf); /* atol() is good. */
- }
-break;
-case 18:
-#line 183 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_src = parse_sockaddr(&yystack.l_mark[0].val);
- if (p_src == NULL)
- return -1;
- }
-break;
-case 19:
-#line 189 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- p_dst = parse_sockaddr(&yystack.l_mark[0].val);
- if (p_dst == NULL)
- return -1;
- }
-break;
-case 20:
-#line 194 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- if (p_dir != IPSEC_DIR_OUTBOUND) {
- __ipsec_errcode = EIPSEC_INVAL_DIR;
- return -1;
- }
- }
-break;
-case 21:
-#line 200 "../../freebsd/lib/libipsec/policy_parse.y"
- {
- if (p_dir != IPSEC_DIR_INBOUND) {
- __ipsec_errcode = EIPSEC_INVAL_DIR;
- return -1;
- }
- }
-break;
-#line 908 "__libipsecyy.tab.c"
- }
- yystack.s_mark -= yym;
- yystate = *yystack.s_mark;
- yystack.l_mark -= yym;
- yym = yylhs[yyn];
- if (yystate == 0 && yym == 0)
- {
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: after reduction, shifting from state 0 to\
- state %d\n", YYPREFIX, YYFINAL);
-#endif
- yystate = YYFINAL;
- *++yystack.s_mark = YYFINAL;
- *++yystack.l_mark = yyval;
- if (yychar < 0)
- {
- if ((yychar = YYLEX) < 0) yychar = YYEOF;
-#if YYDEBUG
- if (yydebug)
- {
- yys = yyname[YYTRANSLATE(yychar)];
- printf("%sdebug: state %d, reading %d (%s)\n",
- YYPREFIX, YYFINAL, yychar, yys);
- }
-#endif
- }
- if (yychar == YYEOF) goto yyaccept;
- goto yyloop;
- }
- if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
- yystate = yytable[yyn];
- else
- yystate = yydgoto[yym];
-#if YYDEBUG
- if (yydebug)
- printf("%sdebug: after reduction, shifting from state %d \
-to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
-#endif
- if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
- {
- goto yyoverflow;
- }
- *++yystack.s_mark = (YYINT) yystate;
- *++yystack.l_mark = yyval;
- goto yyloop;
-
-yyoverflow:
- YYERROR_CALL("yacc stack overflow");
-
-yyabort:
- yyfreestack(&yystack);
- return (1);
-
-yyaccept:
- yyfreestack(&yystack);
- return (0);
-}
diff --git a/freebsd/lib/libipsec/policy_parse.y b/freebsd/lib/libipsec/policy_parse.y
deleted file mode 100644
index 46e54e55..00000000
--- a/freebsd/lib/libipsec/policy_parse.y
+++ /dev/null
@@ -1,438 +0,0 @@
-/* $KAME: policy_parse.y,v 1.14 2003/06/27 03:39:20 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * IN/OUT bound policy configuration take place such below:
- * in <policy>
- * out <policy>
- *
- * <policy> is one of following:
- * "discard", "none", "ipsec <requests>", "entrust", "bypass",
- *
- * The following requests are accepted as <requests>:
- *
- * protocol/mode/src-dst/level
- * protocol/mode/src-dst parsed as protocol/mode/src-dst/default
- * protocol/mode/src-dst/ parsed as protocol/mode/src-dst/default
- * protocol/transport parsed as protocol/mode/any-any/default
- * protocol/transport//level parsed as protocol/mode/any-any/level
- *
- * You can concatenate these requests with either ' '(single space) or '\n'.
- */
-
-%{
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <netdb.h>
-
-#include "ipsec_strerror.h"
-
-#define ATOX(c) \
- (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
-
-static caddr_t pbuf = NULL; /* sadb_x_policy buffer */
-static int tlen = 0; /* total length of pbuf */
-static int offset = 0; /* offset of pbuf */
-static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid;
-static struct sockaddr *p_src = NULL;
-static struct sockaddr *p_dst = NULL;
-
-struct _val;
-extern void yyerror(char *msg);
-static struct sockaddr *parse_sockaddr(struct _val *buf);
-static int rule_check(void);
-static int init_x_policy(void);
-static int set_x_request(struct sockaddr *src, struct sockaddr *dst);
-static int set_sockaddr(struct sockaddr *addr);
-static void policy_parse_request_init(void);
-static caddr_t policy_parse(char *msg, int msglen);
-
-extern void __policy__strbuffer__init__(char *msg);
-extern void __policy__strbuffer__free__(void);
-extern int yylex(void);
-
-extern char *__libipsecyytext; /*XXX*/
-
-%}
-
-%union {
- u_int num;
- struct _val {
- int len;
- char *buf;
- } val;
-}
-
-%token DIR ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY
-%token IPADDRESS
-%token ME ANY
-%token SLASH HYPHEN
-%type <num> DIR ACTION PROTOCOL MODE LEVEL
-%type <val> IPADDRESS LEVEL_SPECIFY
-
-%%
-policy_spec
- : DIR ACTION
- {
- p_dir = $1;
- p_type = $2;
-
- if (init_x_policy())
- return -1;
- }
- rules
- | DIR
- {
- p_dir = $1;
- p_type = 0; /* ignored it by kernel */
-
- if (init_x_policy())
- return -1;
- }
- ;
-
-rules
- : /*NOTHING*/
- | rules rule {
- if (rule_check() < 0)
- return -1;
-
- if (set_x_request(p_src, p_dst) < 0)
- return -1;
-
- policy_parse_request_init();
- }
- ;
-
-rule
- : protocol SLASH mode SLASH addresses SLASH level
- | protocol SLASH mode SLASH addresses SLASH
- | protocol SLASH mode SLASH addresses
- | protocol SLASH mode SLASH
- | protocol SLASH mode SLASH SLASH level
- | protocol SLASH mode
- | protocol SLASH {
- __ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
- return -1;
- }
- | protocol {
- __ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
- return -1;
- }
- ;
-
-protocol
- : PROTOCOL { p_protocol = $1; }
- ;
-
-mode
- : MODE { p_mode = $1; }
- ;
-
-level
- : LEVEL {
- p_level = $1;
- p_reqid = 0;
- }
- | LEVEL_SPECIFY {
- p_level = IPSEC_LEVEL_UNIQUE;
- p_reqid = atol($1.buf); /* atol() is good. */
- }
- ;
-
-addresses
- : IPADDRESS {
- p_src = parse_sockaddr(&$1);
- if (p_src == NULL)
- return -1;
- }
- HYPHEN
- IPADDRESS {
- p_dst = parse_sockaddr(&$4);
- if (p_dst == NULL)
- return -1;
- }
- | ME HYPHEN ANY {
- if (p_dir != IPSEC_DIR_OUTBOUND) {
- __ipsec_errcode = EIPSEC_INVAL_DIR;
- return -1;
- }
- }
- | ANY HYPHEN ME {
- if (p_dir != IPSEC_DIR_INBOUND) {
- __ipsec_errcode = EIPSEC_INVAL_DIR;
- return -1;
- }
- }
- /*
- | ME HYPHEN ME
- */
- ;
-
-%%
-
-void
-yyerror(msg)
- char *msg;
-{
- fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
- msg, __libipsecyytext);
-
- return;
-}
-
-static struct sockaddr *
-parse_sockaddr(buf)
- struct _val *buf;
-{
- struct addrinfo hints, *res;
- char *serv = NULL;
- int error;
- struct sockaddr *newaddr = NULL;
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_flags = AI_NUMERICHOST;
- error = getaddrinfo(buf->buf, serv, &hints, &res);
- if (error != 0) {
- yyerror("invalid IP address");
- __ipsec_set_strerror(gai_strerror(error));
- return NULL;
- }
-
- if (res->ai_addr == NULL) {
- yyerror("invalid IP address");
- __ipsec_set_strerror(gai_strerror(error));
- return NULL;
- }
-
- newaddr = malloc(res->ai_addr->sa_len);
- if (newaddr == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- freeaddrinfo(res);
- return NULL;
- }
- memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len);
-
- freeaddrinfo(res);
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return newaddr;
-}
-
-static int
-rule_check()
-{
- if (p_type == IPSEC_POLICY_IPSEC) {
- if (p_protocol == IPPROTO_IP) {
- __ipsec_errcode = EIPSEC_NO_PROTO;
- return -1;
- }
-
- if (p_mode != IPSEC_MODE_TRANSPORT
- && p_mode != IPSEC_MODE_TUNNEL) {
- __ipsec_errcode = EIPSEC_INVAL_MODE;
- return -1;
- }
-
- if (p_src == NULL && p_dst == NULL) {
- if (p_mode != IPSEC_MODE_TRANSPORT) {
- __ipsec_errcode = EIPSEC_INVAL_ADDRESS;
- return -1;
- }
- }
- else if (p_src->sa_family != p_dst->sa_family) {
- __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
- return -1;
- }
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-init_x_policy()
-{
- struct sadb_x_policy *p;
-
- tlen = sizeof(struct sadb_x_policy);
-
- pbuf = malloc(tlen);
- if (pbuf == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- return -1;
- }
- memset(pbuf, 0, tlen);
- p = (struct sadb_x_policy *)pbuf;
- p->sadb_x_policy_len = 0; /* must update later */
- p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
- p->sadb_x_policy_type = p_type;
- p->sadb_x_policy_dir = p_dir;
- p->sadb_x_policy_id = 0;
-
- offset = tlen;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-set_x_request(src, dst)
- struct sockaddr *src, *dst;
-{
- struct sadb_x_ipsecrequest *p;
- int reqlen;
-
- reqlen = sizeof(*p)
- + (src ? src->sa_len : 0)
- + (dst ? dst->sa_len : 0);
- tlen += reqlen; /* increment to total length */
-
- pbuf = realloc(pbuf, tlen);
- if (pbuf == NULL) {
- __ipsec_errcode = EIPSEC_NO_BUFS;
- return -1;
- }
- p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
- p->sadb_x_ipsecrequest_len = reqlen;
- p->sadb_x_ipsecrequest_proto = p_protocol;
- p->sadb_x_ipsecrequest_mode = p_mode;
- p->sadb_x_ipsecrequest_level = p_level;
- p->sadb_x_ipsecrequest_reqid = p_reqid;
- offset += sizeof(*p);
-
- if (set_sockaddr(src) || set_sockaddr(dst))
- return -1;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static int
-set_sockaddr(addr)
- struct sockaddr *addr;
-{
- if (addr == NULL) {
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
- }
-
- /* tlen has already incremented */
-
- memcpy(&pbuf[offset], addr, addr->sa_len);
-
- offset += addr->sa_len;
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return 0;
-}
-
-static void
-policy_parse_request_init()
-{
- p_protocol = IPPROTO_IP;
- p_mode = IPSEC_MODE_ANY;
- p_level = IPSEC_LEVEL_DEFAULT;
- p_reqid = 0;
- if (p_src != NULL) {
- free(p_src);
- p_src = NULL;
- }
- if (p_dst != NULL) {
- free(p_dst);
- p_dst = NULL;
- }
-
- return;
-}
-
-static caddr_t
-policy_parse(msg, msglen)
- char *msg;
- int msglen;
-{
- int error;
- pbuf = NULL;
- tlen = 0;
-
- /* initialize */
- p_dir = IPSEC_DIR_INVALID;
- p_type = IPSEC_POLICY_DISCARD;
- policy_parse_request_init();
- __policy__strbuffer__init__(msg);
-
- error = yyparse(); /* it must be set errcode. */
- __policy__strbuffer__free__();
-
- if (error) {
- if (pbuf != NULL)
- free(pbuf);
- return NULL;
- }
-
- /* update total length */
- ((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
-
- return pbuf;
-}
-
-caddr_t
-ipsec_set_policy(msg, msglen)
- char *msg;
- int msglen;
-{
- caddr_t policy;
-
- policy = policy_parse(msg, msglen);
- if (policy == NULL) {
- if (__ipsec_errcode == EIPSEC_NO_ERROR)
- __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
- return NULL;
- }
-
- __ipsec_errcode = EIPSEC_NO_ERROR;
- return policy;
-}
-
diff --git a/freebsd/lib/libipsec/policy_token.c b/freebsd/lib/libipsec/policy_token.c
deleted file mode 100644
index f5b798ea..00000000
--- a/freebsd/lib/libipsec/policy_token.c
+++ /dev/null
@@ -1,2005 +0,0 @@
-
-#line 3 "<stdout>"
-
-#define YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define yy_create_buffer __libipsecyy_create_buffer
-#define yy_delete_buffer __libipsecyy_delete_buffer
-#define yy_flex_debug __libipsecyy_flex_debug
-#define yy_init_buffer __libipsecyy_init_buffer
-#define yy_flush_buffer __libipsecyy_flush_buffer
-#define yy_load_buffer_state __libipsecyy_load_buffer_state
-#define yy_switch_to_buffer __libipsecyy_switch_to_buffer
-#define yyin __libipsecyyin
-#define yyleng __libipsecyyleng
-#define yylex __libipsecyylex
-#define yylineno __libipsecyylineno
-#define yyout __libipsecyyout
-#define yyrestart __libipsecyyrestart
-#define yytext __libipsecyytext
-#define yywrap __libipsecyywrap
-#define yyalloc __libipsecyyalloc
-#define yyrealloc __libipsecyyrealloc
-#define yyfree __libipsecyyfree
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 37
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with platform-specific or compiler-specific issues. */
-
-#if defined(__FreeBSD__)
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS
-#endif
-#include <sys/cdefs.h>
-#include <stdint.h>
-#else
-#define __dead2
-#endif
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if defined(__FreeBSD__) || \
- (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L)
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types.
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX (4294967295U)
-#endif
-
-#endif /* ! C99 */
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else /* ! __cplusplus */
-
-/* C99 requires __STDC__ to be defined as 1. */
-#if defined (__STDC__)
-
-#define YY_USE_CONST
-
-#endif /* defined (__STDC__) */
-#endif /* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index. If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition. This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state. The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE __libipsecyyrestart(__libipsecyyin )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 1024
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef size_t yy_size_t;
-#endif
-
-extern yy_size_t __libipsecyyleng;
-
-extern FILE *__libipsecyyin, *__libipsecyyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
- #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up __libipsecyytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- *yy_cp = (yy_hold_char); \
- YY_RESTORE_YY_MORE_OFFSET \
- (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up __libipsecyytext again */ \
- } \
- while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr) )
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- yy_size_t yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- int yy_bs_lineno; /**< The line count. */
- int yy_bs_column; /**< The column count. */
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via __libipsecyyrestart()), so that the user can continue scanning by
- * just pointing __libipsecyyin at a new input file.
- */
-#define YY_BUFFER_EOF_PENDING 2
-
- };
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
- ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
- : NULL)
-#define yy_current_buffer YY_CURRENT_BUFFER
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when __libipsecyytext is formed. */
-static char yy_hold_char;
-static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */
-yy_size_t __libipsecyyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
-
-/* Flag which is used to allow __libipsecyywrap()'s to do buffer switches
- * instead of setting up a fresh __libipsecyyin. A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void __libipsecyyrestart (FILE *input_file );
-void __libipsecyy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
-YY_BUFFER_STATE __libipsecyy_create_buffer (FILE *file,int size );
-void __libipsecyy_delete_buffer (YY_BUFFER_STATE b );
-void __libipsecyy_flush_buffer (YY_BUFFER_STATE b );
-void __libipsecyypush_buffer_state (YY_BUFFER_STATE new_buffer );
-void __libipsecyypop_buffer_state (void );
-
-static void __libipsecyyensure_buffer_stack (void );
-static void __libipsecyy_load_buffer_state (void );
-static void __libipsecyy_init_buffer (YY_BUFFER_STATE b,FILE *file );
-
-#define YY_FLUSH_BUFFER __libipsecyy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE __libipsecyy_scan_buffer (char *base,yy_size_t size );
-YY_BUFFER_STATE __libipsecyy_scan_string (yyconst char *yy_str );
-YY_BUFFER_STATE __libipsecyy_scan_bytes (yyconst char *bytes,yy_size_t len );
-
-void *__libipsecyyalloc (yy_size_t );
-void *__libipsecyyrealloc (void *,yy_size_t );
-void __libipsecyyfree (void * );
-
-#define yy_new_buffer __libipsecyy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! YY_CURRENT_BUFFER ){ \
- __libipsecyyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
- }
-
-#define yy_set_bol(at_bol) \
- { \
- if ( ! YY_CURRENT_BUFFER ){\
- __libipsecyyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
- }
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-#define __libipsecyywrap() 1
-#define YY_SKIP_YYWRAP
-
-typedef unsigned char YY_CHAR;
-
-FILE *__libipsecyyin = (FILE *) 0, *__libipsecyyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int __libipsecyylineno;
-
-int __libipsecyylineno = 1;
-
-extern char *__libipsecyytext;
-#define yytext_ptr __libipsecyytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[] ) __dead2;
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up __libipsecyytext.
- */
-#define YY_DO_BEFORE_ACTION \
- (yytext_ptr) = yy_bp; \
- __libipsecyyleng = (size_t) (yy_cp - yy_bp); \
- (yy_hold_char) = *yy_cp; \
- *yy_cp = '\0'; \
- (yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 26
-#define YY_END_OF_BUFFER 27
-/* This struct is not used in this scanner,
- but its presence is necessary. */
-struct yy_trans_info
- {
- flex_int32_t yy_verify;
- flex_int32_t yy_nxt;
- };
-static yyconst flex_int16_t yy_accept[99] =
- { 0,
- 0, 0, 27, 26, 24, 25, 23, 22, 21, 22,
- 22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
- 24, 0, 22, 9, 22, 22, 22, 22, 22, 22,
- 1, 22, 14, 22, 22, 22, 22, 22, 22, 22,
- 22, 22, 15, 22, 22, 22, 22, 8, 22, 22,
- 22, 2, 22, 11, 22, 22, 22, 17, 22, 22,
- 22, 22, 22, 22, 4, 22, 22, 22, 22, 22,
- 22, 22, 22, 22, 5, 22, 22, 22, 22, 6,
- 22, 22, 22, 10, 22, 22, 13, 20, 16, 3,
- 7, 18, 22, 22, 22, 19, 12, 0
-
- } ;
-
-static yyconst flex_int32_t yy_ec[256] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 2, 1, 1, 1, 1, 4, 1, 1, 1,
- 1, 1, 1, 1, 5, 6, 7, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 9, 1, 1,
- 1, 1, 1, 1, 10, 10, 10, 10, 10, 10,
- 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
- 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
- 1, 1, 1, 1, 6, 1, 11, 12, 13, 14,
-
- 15, 16, 10, 17, 18, 10, 10, 19, 20, 21,
- 22, 23, 24, 25, 26, 27, 28, 10, 10, 10,
- 29, 10, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1
- } ;
-
-static yyconst flex_int32_t yy_meta[30] =
- { 0,
- 1, 1, 1, 2, 1, 2, 1, 3, 2, 3,
- 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
- 3, 3, 3, 3, 3, 3, 3, 3, 3
- } ;
-
-static yyconst flex_int16_t yy_base[101] =
- { 0,
- 0, 0, 195, 196, 192, 196, 196, 189, 196, 26,
- 27, 30, 28, 29, 31, 33, 32, 36, 40, 37,
- 190, 0, 187, 186, 35, 34, 55, 57, 58, 63,
- 185, 62, 184, 66, 65, 69, 68, 70, 73, 72,
- 74, 0, 183, 91, 92, 93, 75, 179, 76, 95,
- 97, 178, 80, 177, 100, 101, 103, 176, 105, 107,
- 109, 110, 112, 111, 175, 115, 113, 114, 119, 122,
- 121, 124, 126, 130, 174, 132, 133, 139, 140, 173,
- 137, 146, 138, 172, 147, 141, 171, 150, 170, 169,
- 167, 165, 142, 162, 157, 164, 78, 196, 183, 39
-
- } ;
-
-static yyconst flex_int16_t yy_def[101] =
- { 0,
- 98, 1, 98, 98, 98, 98, 98, 99, 98, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 98, 100, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 100, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 99, 99, 99,
- 99, 99, 99, 99, 99, 99, 99, 0, 98, 98
-
- } ;
-
-static yyconst flex_int16_t yy_nxt[226] =
- { 0,
- 4, 5, 6, 4, 7, 8, 9, 8, 8, 8,
- 10, 11, 8, 12, 13, 8, 8, 14, 8, 15,
- 16, 17, 8, 8, 18, 8, 19, 20, 8, 22,
- 22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
- 22, 42, 24, 22, 27, 33, 25, 28, 29, 31,
- 36, 32, 37, 30, 34, 26, 44, 40, 22, 35,
- 22, 22, 41, 43, 38, 22, 22, 39, 22, 22,
- 45, 22, 22, 22, 49, 22, 22, 22, 22, 22,
- 55, 22, 46, 22, 47, 48, 51, 50, 58, 57,
- 54, 52, 53, 56, 22, 22, 22, 63, 22, 62,
-
- 22, 59, 60, 22, 22, 61, 22, 66, 22, 64,
- 22, 65, 22, 22, 22, 22, 22, 22, 22, 72,
- 67, 68, 22, 75, 22, 22, 69, 22, 78, 22,
- 70, 74, 76, 22, 71, 22, 22, 73, 77, 81,
- 22, 22, 22, 22, 22, 22, 79, 80, 82, 22,
- 22, 83, 84, 22, 88, 86, 85, 87, 94, 90,
- 22, 92, 93, 89, 91, 22, 95, 22, 22, 96,
- 22, 96, 22, 22, 22, 22, 22, 22, 22, 22,
- 22, 22, 22, 97, 23, 23, 22, 22, 22, 22,
- 22, 21, 22, 21, 98, 3, 98, 98, 98, 98,
-
- 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
- 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
- 98, 98, 98, 98, 98
- } ;
-
-static yyconst flex_int16_t yy_chk[226] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 10,
- 11, 13, 14, 12, 15, 17, 16, 26, 25, 18,
- 20, 100, 10, 19, 12, 15, 10, 12, 13, 14,
- 18, 14, 19, 13, 16, 11, 26, 20, 27, 17,
- 28, 29, 20, 25, 19, 32, 30, 19, 35, 34,
- 27, 37, 36, 38, 32, 40, 39, 41, 47, 49,
- 38, 97, 28, 53, 29, 30, 34, 32, 41, 40,
- 37, 35, 36, 39, 44, 45, 46, 49, 50, 47,
-
- 51, 44, 45, 55, 56, 46, 57, 53, 59, 50,
- 60, 51, 61, 62, 64, 63, 67, 68, 66, 61,
- 55, 56, 69, 64, 71, 70, 57, 72, 68, 73,
- 59, 63, 66, 74, 60, 76, 77, 62, 67, 71,
- 81, 83, 78, 79, 86, 93, 69, 70, 72, 82,
- 85, 73, 74, 88, 79, 77, 76, 78, 88, 82,
- 95, 85, 86, 81, 83, 94, 93, 96, 92, 94,
- 91, 96, 90, 89, 87, 84, 80, 75, 65, 58,
- 54, 52, 48, 95, 99, 99, 43, 33, 31, 24,
- 23, 21, 8, 5, 3, 98, 98, 98, 98, 98,
-
- 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
- 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
- 98, 98, 98, 98, 98
- } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int __libipsecyy_flex_debug;
-int __libipsecyy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *__libipsecyytext;
-#line 1 "../../freebsd/lib/libipsec/policy_token.l"
-/* $FreeBSD$ */
-/* $KAME: policy_token.l,v 1.13 2003/05/09 05:19:55 sakane Exp $ */
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-#line 34 "../../freebsd/lib/libipsec/policy_token.l"
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <net/route.h>
-#include <net/pfkeyv2.h>
-#include <netipsec/keydb.h>
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "y.tab.h"
-#define yylval __libipsecyylval /* XXX */
-
-int __libipsecyylex(void);
-#define YY_NO_INPUT 1
-/* common section */
-#line 616 "<stdout>"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Accessor methods to globals.
- These are made visible to non-reentrant scanners for convenience. */
-
-int __libipsecyylex_destroy (void );
-
-int __libipsecyyget_debug (void );
-
-void __libipsecyyset_debug (int debug_flag );
-
-YY_EXTRA_TYPE __libipsecyyget_extra (void );
-
-void __libipsecyyset_extra (YY_EXTRA_TYPE user_defined );
-
-FILE *__libipsecyyget_in (void );
-
-void __libipsecyyset_in (FILE * in_str );
-
-FILE *__libipsecyyget_out (void );
-
-void __libipsecyyset_out (FILE * out_str );
-
-yy_size_t __libipsecyyget_leng (void );
-
-char *__libipsecyyget_text (void );
-
-int __libipsecyyget_lineno (void );
-
-void __libipsecyyset_lineno (int line_number );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int __libipsecyywrap (void );
-#else
-extern int __libipsecyywrap (void );
-#endif
-#endif
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO do { if (fwrite( __libipsecyytext, __libipsecyyleng, 1, __libipsecyyout )) {} } while (0)
-#endif
-
-/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
- { \
- int c = '*'; \
- size_t n; \
- for ( n = 0; n < max_size && \
- (c = getc( __libipsecyyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( __libipsecyyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else \
- { \
- errno=0; \
- while ( (result = fread(buf, 1, max_size, __libipsecyyin))==0 && ferror(__libipsecyyin)) \
- { \
- if( errno != EINTR) \
- { \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- break; \
- } \
- errno=0; \
- clearerr(__libipsecyyin); \
- } \
- }\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int __libipsecyylex (void);
-
-#define YY_DECL int __libipsecyylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after __libipsecyytext and __libipsecyyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
- YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
- yy_state_type yy_current_state;
- char *yy_cp, *yy_bp;
- int yy_act;
-
-#line 87 "../../freebsd/lib/libipsec/policy_token.l"
-
-
-#line 799 "<stdout>"
-
- if ( !(yy_init) )
- {
- (yy_init) = 1;
-
-#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! (yy_start) )
- (yy_start) = 1; /* first start state */
-
- if ( ! __libipsecyyin )
- __libipsecyyin = stdin;
-
- if ( ! __libipsecyyout )
- __libipsecyyout = stdout;
-
- if ( ! YY_CURRENT_BUFFER ) {
- __libipsecyyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE );
- }
-
- __libipsecyy_load_buffer_state( );
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_cp = (yy_c_buf_p);
-
- /* Support of __libipsecyytext. */
- *yy_cp = (yy_hold_char);
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = (yy_start);
-yy_match:
- do
- {
- YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ;
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 99 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_base[yy_current_state] != 196 );
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
- if ( yy_act == 0 )
- { /* have to back up */
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
- yy_act = yy_accept[yy_current_state];
- }
-
- YY_DO_BEFORE_ACTION;
-
-do_action: /* This label is used only to access EOF actions. */
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = (yy_hold_char);
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
- goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 89 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_DIR_INBOUND; return(DIR); }
- YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 90 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); }
- YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 92 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); }
- YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 93 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_POLICY_NONE; return(ACTION); }
- YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 94 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); }
- YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 95 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); }
- YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 96 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
- YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 98 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPPROTO_ESP; return(PROTOCOL); }
- YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 99 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPPROTO_AH; return(PROTOCOL); }
- YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 100 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
- YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 101 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPPROTO_TCP; return(PROTOCOL); }
- YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 103 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
- YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 104 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
- YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 106 "../../freebsd/lib/libipsec/policy_token.l"
-{ return(ME); }
- YY_BREAK
-case 15:
-YY_RULE_SETUP
-#line 107 "../../freebsd/lib/libipsec/policy_token.l"
-{ return(ANY); }
- YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 109 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); }
- YY_BREAK
-case 17:
-YY_RULE_SETUP
-#line 110 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_LEVEL_USE; return(LEVEL); }
- YY_BREAK
-case 18:
-YY_RULE_SETUP
-#line 111 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); }
- YY_BREAK
-case 19:
-YY_RULE_SETUP
-#line 112 "../../freebsd/lib/libipsec/policy_token.l"
-{
- yylval.val.len = strlen(__libipsecyytext + 7);
- yylval.val.buf = __libipsecyytext + 7;
- return(LEVEL_SPECIFY);
- }
- YY_BREAK
-case 20:
-YY_RULE_SETUP
-#line 117 "../../freebsd/lib/libipsec/policy_token.l"
-{ yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); }
- YY_BREAK
-case 21:
-YY_RULE_SETUP
-#line 118 "../../freebsd/lib/libipsec/policy_token.l"
-{ return(SLASH); }
- YY_BREAK
-case 22:
-YY_RULE_SETUP
-#line 120 "../../freebsd/lib/libipsec/policy_token.l"
-{
- yylval.val.len = strlen(__libipsecyytext);
- yylval.val.buf = __libipsecyytext;
- return(IPADDRESS);
- }
- YY_BREAK
-case 23:
-YY_RULE_SETUP
-#line 126 "../../freebsd/lib/libipsec/policy_token.l"
-{ return(HYPHEN); }
- YY_BREAK
-case 24:
-YY_RULE_SETUP
-#line 128 "../../freebsd/lib/libipsec/policy_token.l"
-{ ; }
- YY_BREAK
-case 25:
-/* rule 25 can match eol */
-YY_RULE_SETUP
-#line 129 "../../freebsd/lib/libipsec/policy_token.l"
-{ ; }
- YY_BREAK
-case 26:
-YY_RULE_SETUP
-#line 131 "../../freebsd/lib/libipsec/policy_token.l"
-ECHO;
- YY_BREAK
-#line 1021 "<stdout>"
-case YY_STATE_EOF(INITIAL):
- yyterminate();
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = (yy_hold_char);
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed __libipsecyyin at a new source and called
- * __libipsecyylex(). If so, then we have to assure
- * consistency between YY_CURRENT_BUFFER and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- YY_CURRENT_BUFFER_LVALUE->yy_input_file = __libipsecyyin;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state( );
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++(yy_c_buf_p);
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = (yy_c_buf_p);
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer( ) )
- {
- case EOB_ACT_END_OF_FILE:
- {
- (yy_did_buffer_switch_on_eof) = 0;
-
- if ( __libipsecyywrap( ) )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * __libipsecyytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! (yy_did_buffer_switch_on_eof) )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) =
- (yytext_ptr) + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state( );
-
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- (yy_c_buf_p) =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
- yy_current_state = yy_get_previous_state( );
-
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
-} /* end of __libipsecyylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
- char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- char *source = (yytext_ptr);
- int number_to_move, i;
- int ret_val;
-
- if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
- else
- {
- yy_size_t num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
-
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
-
- int yy_c_buf_p_offset =
- (int) ((yy_c_buf_p) - b->yy_ch_buf);
-
- if ( b->yy_is_our_buffer )
- {
- yy_size_t new_size = b->yy_buf_size * 2;
-
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
-
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- __libipsecyyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
-
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
-
- (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
- num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
- number_to_move - 1;
-
- }
-
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
-
- /* Read in more data. */
- YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- (yy_n_chars), num_to_read );
-
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- if ( (yy_n_chars) == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- __libipsecyyrestart(__libipsecyyin );
- }
-
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
-
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
-
- if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
- /* Extend the array by 50%, plus the number we really need. */
- yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) __libipsecyyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size );
- if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
- }
-
- (yy_n_chars) += number_to_move;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
- (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
- return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
- static yy_state_type yy_get_previous_state (void)
-{
- yy_state_type yy_current_state;
- char *yy_cp;
-
- yy_current_state = (yy_start);
-
- for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
- {
- YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 99 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- * next_state = yy_try_NUL_trans( current_state );
- */
- static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
-{
- int yy_is_jam;
- char *yy_cp = (yy_c_buf_p);
-
- YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 99 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 98);
-
- return yy_is_jam ? 0 : yy_current_state;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
- static int yyinput (void)
-#else
- static int input (void)
-#endif
-
-{
- int c;
-
- *(yy_c_buf_p) = (yy_hold_char);
-
- if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
- /* This was really a NUL. */
- *(yy_c_buf_p) = '\0';
-
- else
- { /* need more input */
- yy_size_t offset = (yy_c_buf_p) - (yytext_ptr);
- ++(yy_c_buf_p);
-
- switch ( yy_get_next_buffer( ) )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- __libipsecyyrestart(__libipsecyyin );
-
- /*FALLTHROUGH*/
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( __libipsecyywrap( ) )
- return EOF;
-
- if ( ! (yy_did_buffer_switch_on_eof) )
- YY_NEW_FILE;
-#ifdef __cplusplus
- return yyinput();
-#else
- return input();
-#endif
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) = (yytext_ptr) + offset;
- break;
- }
- }
- }
-
- c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
- *(yy_c_buf_p) = '\0'; /* preserve __libipsecyytext */
- (yy_hold_char) = *++(yy_c_buf_p);
-
- return c;
-}
-#endif /* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
- void __libipsecyyrestart (FILE * input_file )
-{
-
- if ( ! YY_CURRENT_BUFFER ){
- __libipsecyyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- __libipsecyy_create_buffer(__libipsecyyin,YY_BUF_SIZE );
- }
-
- __libipsecyy_init_buffer(YY_CURRENT_BUFFER,input_file );
- __libipsecyy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
- void __libipsecyy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
-{
-
- /* TODO. We should be able to replace this entire function body
- * with
- * __libipsecyypop_buffer_state();
- * __libipsecyypush_buffer_state(new_buffer);
- */
- __libipsecyyensure_buffer_stack ();
- if ( YY_CURRENT_BUFFER == new_buffer )
- return;
-
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
- __libipsecyy_load_buffer_state( );
-
- /* We don't actually know whether we did this switch during
- * EOF (__libipsecyywrap()) processing, but the only time this flag
- * is looked at is after __libipsecyywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void __libipsecyy_load_buffer_state (void)
-{
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
- __libipsecyyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
- (yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
- YY_BUFFER_STATE __libipsecyy_create_buffer (FILE * file, int size )
-{
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) __libipsecyyalloc(sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_create_buffer()" );
-
- b->yy_buf_size = size;
-
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) __libipsecyyalloc(b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_create_buffer()" );
-
- b->yy_is_our_buffer = 1;
-
- __libipsecyy_init_buffer(b,file );
-
- return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with __libipsecyy_create_buffer()
- *
- */
- void __libipsecyy_delete_buffer (YY_BUFFER_STATE b )
-{
-
- if ( ! b )
- return;
-
- if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
- YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
- if ( b->yy_is_our_buffer )
- __libipsecyyfree((void *) b->yy_ch_buf );
-
- __libipsecyyfree((void *) b );
-}
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a __libipsecyyrestart() or at EOF.
- */
- static void __libipsecyy_init_buffer (YY_BUFFER_STATE b, FILE * file )
-
-{
- int oerrno = errno;
-
- __libipsecyy_flush_buffer(b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
-
- /* If b is the current buffer, then __libipsecyy_init_buffer was _probably_
- * called from __libipsecyyrestart() or through yy_get_next_buffer.
- * In that case, we don't want to reset the lineno or column.
- */
- if (b != YY_CURRENT_BUFFER){
- b->yy_bs_lineno = 1;
- b->yy_bs_column = 0;
- }
-
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-
- errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
- void __libipsecyy_flush_buffer (YY_BUFFER_STATE b )
-{
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
-
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
- b->yy_buf_pos = &b->yy_ch_buf[0];
-
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- if ( b == YY_CURRENT_BUFFER )
- __libipsecyy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- * the current state. This function will allocate the stack
- * if necessary.
- * @param new_buffer The new state.
- *
- */
-void __libipsecyypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
- if (new_buffer == NULL)
- return;
-
- __libipsecyyensure_buffer_stack();
-
- /* This block is copied from __libipsecyy_switch_to_buffer. */
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- /* Only push if top exists. Otherwise, replace top. */
- if (YY_CURRENT_BUFFER)
- (yy_buffer_stack_top)++;
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
- /* copied from __libipsecyy_switch_to_buffer. */
- __libipsecyy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- * The next element becomes the new top.
- *
- */
-void __libipsecyypop_buffer_state (void)
-{
- if (!YY_CURRENT_BUFFER)
- return;
-
- __libipsecyy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- if ((yy_buffer_stack_top) > 0)
- --(yy_buffer_stack_top);
-
- if (YY_CURRENT_BUFFER) {
- __libipsecyy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
- }
-}
-
-/* Allocates the stack if it does not exist.
- * Guarantees space for at least one push.
- */
-static void __libipsecyyensure_buffer_stack (void)
-{
- yy_size_t num_to_alloc;
-
- if (!(yy_buffer_stack)) {
-
- /* First allocation is just for 2 elements, since we don't know if this
- * scanner will even need a stack. We use 2 instead of 1 to avoid an
- * immediate realloc on the next call.
- */
- num_to_alloc = 1;
- (yy_buffer_stack) = (struct yy_buffer_state**)__libipsecyyalloc
- (num_to_alloc * sizeof(struct yy_buffer_state*)
- );
- if ( ! (yy_buffer_stack) )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyyensure_buffer_stack()" );
-
- memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
- (yy_buffer_stack_max) = num_to_alloc;
- (yy_buffer_stack_top) = 0;
- return;
- }
-
- if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
- /* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
-
- num_to_alloc = (yy_buffer_stack_max) + grow_size;
- (yy_buffer_stack) = (struct yy_buffer_state**)__libipsecyyrealloc
- ((yy_buffer_stack),
- num_to_alloc * sizeof(struct yy_buffer_state*)
- );
- if ( ! (yy_buffer_stack) )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyyensure_buffer_stack()" );
-
- /* zero only the new slots.*/
- memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
- (yy_buffer_stack_max) = num_to_alloc;
- }
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE __libipsecyy_scan_buffer (char * base, yy_size_t size )
-{
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) __libipsecyyalloc(sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- __libipsecyy_switch_to_buffer(b );
-
- return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to __libipsecyylex() will
- * scan from a @e copy of @a str.
- * @param yystr a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- * __libipsecyy_scan_bytes() instead.
- */
-YY_BUFFER_STATE __libipsecyy_scan_string (yyconst char * yystr )
-{
-
- return __libipsecyy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to __libipsecyylex() will
- * scan from a @e copy of @a bytes.
- * @param yybytes the byte buffer to scan
- * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE __libipsecyy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len )
-{
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- yy_size_t i;
-
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = _yybytes_len + 2;
- buf = (char *) __libipsecyyalloc(n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in __libipsecyy_scan_bytes()" );
-
- for ( i = 0; i < _yybytes_len; ++i )
- buf[i] = yybytes[i];
-
- buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
- b = __libipsecyy_scan_buffer(buf,n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in __libipsecyy_scan_bytes()" );
-
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
-
- return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up __libipsecyytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- __libipsecyytext[__libipsecyyleng] = (yy_hold_char); \
- (yy_c_buf_p) = __libipsecyytext + yyless_macro_arg; \
- (yy_hold_char) = *(yy_c_buf_p); \
- *(yy_c_buf_p) = '\0'; \
- __libipsecyyleng = yyless_macro_arg; \
- } \
- while ( 0 )
-
-/* Accessor methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- *
- */
-int __libipsecyyget_lineno (void)
-{
-
- return __libipsecyylineno;
-}
-
-/** Get the input stream.
- *
- */
-FILE *__libipsecyyget_in (void)
-{
- return __libipsecyyin;
-}
-
-/** Get the output stream.
- *
- */
-FILE *__libipsecyyget_out (void)
-{
- return __libipsecyyout;
-}
-
-/** Get the length of the current token.
- *
- */
-yy_size_t __libipsecyyget_leng (void)
-{
- return __libipsecyyleng;
-}
-
-/** Get the current token.
- *
- */
-
-char *__libipsecyyget_text (void)
-{
- return __libipsecyytext;
-}
-
-/** Set the current line number.
- * @param line_number
- *
- */
-void __libipsecyyset_lineno (int line_number )
-{
-
- __libipsecyylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see __libipsecyy_switch_to_buffer
- */
-void __libipsecyyset_in (FILE * in_str )
-{
- __libipsecyyin = in_str ;
-}
-
-void __libipsecyyset_out (FILE * out_str )
-{
- __libipsecyyout = out_str ;
-}
-
-int __libipsecyyget_debug (void)
-{
- return __libipsecyy_flex_debug;
-}
-
-void __libipsecyyset_debug (int bdebug )
-{
- __libipsecyy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
- /* Initialization is the same as for the non-reentrant scanner.
- * This function is called from __libipsecyylex_destroy(), so don't allocate here.
- */
-
- (yy_buffer_stack) = 0;
- (yy_buffer_stack_top) = 0;
- (yy_buffer_stack_max) = 0;
- (yy_c_buf_p) = (char *) 0;
- (yy_init) = 0;
- (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
- __libipsecyyin = stdin;
- __libipsecyyout = stdout;
-#else
- __libipsecyyin = (FILE *) 0;
- __libipsecyyout = (FILE *) 0;
-#endif
-
- /* For future reference: Set errno on error, since we are called by
- * __libipsecyylex_init()
- */
- return 0;
-}
-
-/* __libipsecyylex_destroy is for both reentrant and non-reentrant scanners. */
-int __libipsecyylex_destroy (void)
-{
-
- /* Pop the buffer stack, destroying each element. */
- while(YY_CURRENT_BUFFER){
- __libipsecyy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- __libipsecyypop_buffer_state();
- }
-
- /* Destroy the stack itself. */
- __libipsecyyfree((yy_buffer_stack) );
- (yy_buffer_stack) = NULL;
-
- /* Reset the globals. This is important in a non-reentrant scanner so the next time
- * __libipsecyylex() is called, initialization will occur. */
- yy_init_globals( );
-
- return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
- int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
- int n;
- for ( n = 0; s[n]; ++n )
- ;
-
- return n;
-}
-#endif
-
-void *__libipsecyyalloc (yy_size_t size )
-{
- return (void *) malloc( size );
-}
-
-void *__libipsecyyrealloc (void * ptr, yy_size_t size )
-{
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
-}
-
-void __libipsecyyfree (void * ptr )
-{
- free( (char *) ptr ); /* see __libipsecyyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 131 "../../freebsd/lib/libipsec/policy_token.l"
-
-
-
-void __policy__strbuffer__init__(char *);
-void __policy__strbuffer__free__(void);
-
-static YY_BUFFER_STATE strbuffer;
-
-void
-__policy__strbuffer__init__(msg)
- char *msg;
-{
- if (YY_CURRENT_BUFFER)
- __libipsecyy_delete_buffer(YY_CURRENT_BUFFER);
- strbuffer = (YY_BUFFER_STATE)__libipsecyy_scan_string(msg);
- __libipsecyy_switch_to_buffer(strbuffer);
-
- return;
-}
-
-void
-__policy__strbuffer__free__()
-{
- __libipsecyy_delete_buffer(strbuffer);
-
- return;
-}
-
diff --git a/freebsd/lib/libipsec/policy_token.l b/freebsd/lib/libipsec/policy_token.l
deleted file mode 100644
index 219cce44..00000000
--- a/freebsd/lib/libipsec/policy_token.l
+++ /dev/null
@@ -1,156 +0,0 @@
-/* $FreeBSD$ */
-/* $KAME: policy_token.l,v 1.13 2003/05/09 05:19:55 sakane Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-%{
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <net/route.h>
-#include <net/pfkeyv2.h>
-#include <netipsec/keydb.h>
-#include <netinet/in.h>
-#include <netipsec/ipsec.h>
-
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "y.tab.h"
-#define yylval __libipsecyylval /* XXX */
-
-int yylex(void);
-%}
-
-%option noyywrap
-%option nounput
-%option noinput
-
-/* common section */
-nl \n
-ws [ \t]+
-digit [0-9]
-hexdigit [0-9A-Fa-f]
-special [()+\|\?\*,]
-dot \.
-comma \,
-hyphen \-
-colon \:
-slash \/
-bcl \{
-ecl \}
-blcl \[
-elcl \]
-percent \%
-semi \;
-usec {dot}{digit}{1,6}
-comment \#.*
-ccomment "/*"
-bracketstring \<[^>]*\>
-quotedstring \"[^"]*\"
-decstring {digit}+
-hexpair {hexdigit}{hexdigit}
-hexstring 0[xX]{hexdigit}+
-octetstring {octet}({dot}{octet})+
-ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*(%[a-zA-Z0-9]+)?
-
-%%
-
-in { yylval.num = IPSEC_DIR_INBOUND; return(DIR); }
-out { yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); }
-
-discard { yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); }
-none { yylval.num = IPSEC_POLICY_NONE; return(ACTION); }
-ipsec { yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); }
-bypass { yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); }
-entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
-
-esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); }
-ah { yylval.num = IPPROTO_AH; return(PROTOCOL); }
-ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
-tcp { yylval.num = IPPROTO_TCP; return(PROTOCOL); }
-
-transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
-tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
-
-me { return(ME); }
-any { return(ANY); }
-
-default { yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); }
-use { yylval.num = IPSEC_LEVEL_USE; return(LEVEL); }
-require { yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); }
-unique{colon}{decstring} {
- yylval.val.len = strlen(yytext + 7);
- yylval.val.buf = yytext + 7;
- return(LEVEL_SPECIFY);
- }
-unique { yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); }
-{slash} { return(SLASH); }
-
-{ipaddress} {
- yylval.val.len = strlen(yytext);
- yylval.val.buf = yytext;
- return(IPADDRESS);
- }
-
-{hyphen} { return(HYPHEN); }
-
-{ws} { ; }
-{nl} { ; }
-
-%%
-
-void __policy__strbuffer__init__(char *);
-void __policy__strbuffer__free__(void);
-
-static YY_BUFFER_STATE strbuffer;
-
-void
-__policy__strbuffer__init__(msg)
- char *msg;
-{
- if (YY_CURRENT_BUFFER)
- yy_delete_buffer(YY_CURRENT_BUFFER);
- strbuffer = (YY_BUFFER_STATE)yy_scan_string(msg);
- yy_switch_to_buffer(strbuffer);
-
- return;
-}
-
-void
-__policy__strbuffer__free__()
-{
- yy_delete_buffer(strbuffer);
-
- return;
-}
diff --git a/freebsd/lib/libipsec/y.tab.h b/freebsd/lib/libipsec/y.tab.h
deleted file mode 100644
index 98b2785f..00000000
--- a/freebsd/lib/libipsec/y.tab.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.7. */
-
-/* Bison interface for Yacc-like parsers in C
-
- Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
-/* As a special exception, you may create a larger work that contains
- part or all of the Bison parser skeleton and distribute that work
- under terms of your choice, so long as that work isn't itself a
- parser generator using the skeleton or a modified version thereof
- as a parser skeleton. Alternatively, if you modify or redistribute
- the parser skeleton itself, you may (at your option) remove this
- special exception, which will cause the skeleton and the resulting
- Bison output files to be licensed under the GNU General Public
- License without this special exception.
-
- This special exception was added by the Free Software Foundation in
- version 2.2 of Bison. */
-
-#ifndef YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED
-# define YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED
-/* Enabling traces. */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-#if YYDEBUG
-extern int __libipsecyydebug;
-#endif
-
-/* Tokens. */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
- /* Put the tokens into the symbol table, so that GDB and other debuggers
- know about them. */
- enum yytokentype {
- DIR = 258,
- ACTION = 259,
- PROTOCOL = 260,
- MODE = 261,
- LEVEL = 262,
- LEVEL_SPECIFY = 263,
- IPADDRESS = 264,
- ME = 265,
- ANY = 266,
- SLASH = 267,
- HYPHEN = 268
- };
-#endif
-/* Tokens. */
-#define DIR 258
-#define ACTION 259
-#define PROTOCOL 260
-#define MODE 261
-#define LEVEL 262
-#define LEVEL_SPECIFY 263
-#define IPADDRESS 264
-#define ME 265
-#define ANY 266
-#define SLASH 267
-#define HYPHEN 268
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-{
-/* Line 2058 of yacc.c */
-#line 98 "freebsd/lib/libipsec/policy_parse.y"
-
- u_int num;
- struct _val {
- int len;
- char *buf;
- } val;
-
-
-/* Line 2058 of yacc.c */
-#line 92 "__libipsecyy.tab.h"
-} YYSTYPE;
-# define YYSTYPE_IS_TRIVIAL 1
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-#endif
-
-extern YYSTYPE __libipsecyylval;
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int __libipsecyyparse (void *YYPARSE_PARAM);
-#else
-int __libipsecyyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int __libipsecyyparse (void);
-#else
-int __libipsecyyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-#endif /* !YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED */
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 18:15:12 +0000