Cross Reference: /freebsd-10.2-release/sbin/setkey/parse.y

Deleted Added

sdiff udiff text old ( 55505 ) new ( 62583 )

full compact

parse.y (55505)	parse.y (62583)
	1/* $FreeBSD: head/sbin/setkey/parse.y 62583 2000-07-04 16:22:05Z itojun $ / 2/ $KAME: parse.y,v 1.29 2000/06/10 14:17:44 sakane Exp $ */ 3
1/* 2 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 3 * All rights reserved.	4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved.
4 *	7 *
5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission.	8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission.
16 *	19 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE.	20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE.
28 * 29 * $FreeBSD: head/sbin/setkey/parse.y 55505 2000-01-06 12:40:54Z shin $
30 */	31 */
31/* KAME $Id: parse.y,v 1.7 1999/10/27 17:08:57 sakane Exp $ */
32 33%{ 34#include <sys/types.h> 35#include <sys/param.h> 36#include <sys/socket.h> 37 38#include <net/route.h> 39#include <netinet/in.h> 40#include <net/pfkeyv2.h> 41#include <netkey/key_var.h> 42#include <netinet6/ipsec.h> 43#include <arpa/inet.h> 44 45#include <string.h> 46#include <unistd.h> 47#include <stdio.h>	32 33%{ 34#include <sys/types.h> 35#include <sys/param.h> 36#include <sys/socket.h> 37 38#include <net/route.h> 39#include <netinet/in.h> 40#include <net/pfkeyv2.h> 41#include <netkey/key_var.h> 42#include <netinet6/ipsec.h> 43#include <arpa/inet.h> 44 45#include <string.h> 46#include <unistd.h> 47#include <stdio.h>
	48#include <netdb.h>
48#include <ctype.h> 49#include <errno.h>	49#include <ctype.h> 50#include <errno.h>
50#include <netdb.h>
51	51
	52#include "libpfkey.h"
52#include "vchar.h" 53 54#define ATOX(c) \ 55 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) 56	53#include "vchar.h" 54 55#define ATOX(c) \ 56 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) 57
57u_int p_type; 58u_int32_t p_spi; 59struct sockaddr p_src, p_dst; 60u_int p_prefs, p_prefd, p_upper; 61u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; 62u_int p_key_enc_len, p_key_auth_len; 63caddr_t p_key_enc, p_key_auth; 64time_t p_lt_hard, p_lt_soft;	58u_int p_type; 59u_int32_t p_spi; 60struct sockaddr p_src, p_dst; 61u_int p_prefs, p_prefd, p_upper; 62u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; 63u_int32_t p_reqid; 64u_int p_key_enc_len, p_key_auth_len; 65caddr_t p_key_enc, p_key_auth; 66time_t p_lt_hard, p_lt_soft;
65	67
66u_int p_policy_len; 67char *p_policy;	68u_int p_policy_len; 69char *p_policy;
68 69/* temporary buffer */	70 71/* temporary buffer */
70static struct sockaddr *pp_addr; 71static u_int pp_prefix; 72static u_int pp_port; 73static caddr_t pp_key;	72static struct sockaddr *pp_addr; 73static u_int pp_prefix; 74static u_int pp_port; 75static caddr_t pp_key;
74	76
75extern u_char m_buf[BUFSIZ]; 76extern int m_len; 77extern char cmdarg[8192]; 78extern int f_debug;	77extern u_char m_buf[BUFSIZ]; 78extern int m_len; 79extern char cmdarg[8192]; 80extern int f_debug;
79	81
80int setkeymsg __P((void)); 81static int setvarbuf __P((int , struct sadb_ext , int, caddr_t, int)); 82void parse_init __P((void)); 83void free_buffer __P((void));	82int setkeymsg __P((void)); 83static struct addrinfo parse_addr __P((char , char , int)); 84static int setvarbuf __P((int , struct sadb_ext *, int, caddr_t, int)); 85void parse_init __P((void)); 86void free_buffer __P((void));
84	87
85extern int setkeymsg __P((void)); 86extern int sendkeymsg __P((void));	88extern int setkeymsg __P((void)); 89extern int sendkeymsg __P((void));
87	90
88extern int yylex __P((void)); 89extern void yyerror __P((char *));	91extern int yylex __P((void)); 92extern void yyfatal __P((const char )); 93extern void yyerror __P((const char ));
90%} 91 92%union { 93 unsigned long num; 94 vchar_t val; 95} 96 97%token EOT 98%token ADD GET DELETE FLUSH DUMP	94%} 95 96%union { 97 unsigned long num; 98 vchar_t val; 99} 100 101%token EOT 102%token ADD GET DELETE FLUSH DUMP
99%token IP4_ADDRESS IP6_ADDRESS PREFIX PORT PORTANY	103%token ADDRESS PREFIX PORT PORTANY
100%token UP_PROTO PR_ESP PR_AH PR_IPCOMP 101%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI	104%token UP_PROTO PR_ESP PR_AH PR_IPCOMP 105%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
102%token F_MODE MODE 103%token F_EXT EXTENSION	106%token F_MODE MODE F_REQID 107%token F_EXT EXTENSION NOCYCLICSEQ
104%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 105%token F_LIFETIME_HARD F_LIFETIME_SOFT 106%token DECSTRING QUOTEDSTRING HEXSTRING ANY 107 /* SPD management / 108%token SPDADD SPDDELETE SPDDUMP SPDFLUSH 109%token F_POLICY PL_REQUESTS 110*	108%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 109%token F_LIFETIME_HARD F_LIFETIME_SOFT 110%token DECSTRING QUOTEDSTRING HEXSTRING ANY 111 /* SPD management / 112%token SPDADD SPDDELETE SPDDUMP SPDFLUSH 113%token F_POLICY PL_REQUESTS 114*
	115%type <num> PORT PREFIX EXTENSION MODE 116%type <num> UP_PROTO PR_ESP PR_AH PR_IPCOMP 117%type <num> ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 118%type <num> DECSTRING 119%type <val> ADDRESS PL_REQUESTS 120%type <val> key_string policy_requests 121%type <val> QUOTEDSTRING HEXSTRING 122
111%% 112commands 113 : /NOTHING/ 114 \| commands command 115 { 116 if (f_debug) { 117 printf("cmdarg:\n%s\n", cmdarg); 118 } else { --- 22 unchanged lines hidden (view full) --- 141add_command 142 : ADD { p_type = SADB_ADD; } 143 sa_selector_spec extension_spec algorithm_spec EOT 144 ; 145 146 /* delete / 147delete_command 148* : DELETE { p_type = SADB_DELETE; }	123%% 124commands 125 : /NOTHING/ 126 \| commands command 127 { 128 if (f_debug) { 129 printf("cmdarg:\n%s\n", cmdarg); 130 } else { --- 22 unchanged lines hidden (view full) --- 153add_command 154 : ADD { p_type = SADB_ADD; } 155 sa_selector_spec extension_spec algorithm_spec EOT 156 ; 157 158 /* delete / 159delete_command 160* : DELETE { p_type = SADB_DELETE; }
149 sa_selector_spec extension_spec EOT	161 sa_selector_spec extension_spec 162 { 163 if (p_mode != IPSEC_MODE_ANY) 164 yyerror("WARNING: mode is obsoleted."); 165 } 166 EOT
150 ; 151 152 /* get command / 153get_command 154* : GET { p_type = SADB_GET; }	167 ; 168 169 /* get command / 170get_command 171* : GET { p_type = SADB_GET; }
155 sa_selector_spec extension_spec EOT	172 sa_selector_spec extension_spec 173 { 174 if (p_mode != IPSEC_MODE_ANY) 175 yyerror("WARNING: mode is obsoleted."); 176 } 177 EOT
156 ; 157 158 /* flush / 159flush_command 160* : FLUSH { p_type = SADB_FLUSH; } 161 protocol_spec EOT 162 ; 163 --- 10 unchanged lines hidden (view full) --- 174 protocol_spec spi 175 ; 176 177protocol_spec 178 : /NOTHING/ { p_satype = SADB_SATYPE_UNSPEC; } 179 \| PR_ESP 180 { 181 p_satype = SADB_SATYPE_ESP;	178 ; 179 180 /* flush / 181flush_command 182* : FLUSH { p_type = SADB_FLUSH; } 183 protocol_spec EOT 184 ; 185 --- 10 unchanged lines hidden (view full) --- 196 protocol_spec spi 197 ; 198 199protocol_spec 200 : /NOTHING/ { p_satype = SADB_SATYPE_UNSPEC; } 201 \| PR_ESP 202 { 203 p_satype = SADB_SATYPE_ESP;
182 if ($1.num == 1)	204 if ($1 == 1)
183 p_ext \|= SADB_X_EXT_OLD; 184 else 185 p_ext &= ~SADB_X_EXT_OLD; 186 } 187 \| PR_AH 188 { 189 p_satype = SADB_SATYPE_AH;	205 p_ext \|= SADB_X_EXT_OLD; 206 else 207 p_ext &= ~SADB_X_EXT_OLD; 208 } 209 \| PR_AH 210 { 211 p_satype = SADB_SATYPE_AH;
190 if ($1.num == 1)	212 if ($1 == 1)
191 p_ext \|= SADB_X_EXT_OLD; 192 else 193 p_ext &= ~SADB_X_EXT_OLD; 194 } 195 \| PR_IPCOMP 196 { 197 p_satype = SADB_X_SATYPE_IPCOMP; 198 } 199 ; 200 201spi	213 p_ext \|= SADB_X_EXT_OLD; 214 else 215 p_ext &= ~SADB_X_EXT_OLD; 216 } 217 \| PR_IPCOMP 218 { 219 p_satype = SADB_X_SATYPE_IPCOMP; 220 } 221 ; 222 223spi
202 : DECSTRING { p_spi = $1.num; }	224 : DECSTRING { p_spi = $1; }
203 \| HEXSTRING 204 { 205 caddr_t bp;	225 \| HEXSTRING 226 { 227 caddr_t bp;
206 caddr_t yp = $1.val.buf;	228 caddr_t yp = $1.buf;
207 char buf0[4], buf[4]; 208 int i, j; 209 210 /* sanity check */	229 char buf0[4], buf[4]; 230 int i, j; 231 232 /* sanity check */
211 if ($1.val.len > 4) {	233 if ($1.len > 4) {
212 yyerror("SPI too big.");	234 yyerror("SPI too big.");
213 free($1.val.buf);	235 free($1.buf);
214 return -1; 215 } 216 217 bp = buf0; 218 while (yp) { 219* bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]); 220* yp += 2, bp++; 221 } 222 223 /* initialize / 224* for (i = 0; i < 4; i++) buf[i] = 0; 225	236 return -1; 237 } 238 239 bp = buf0; 240 while (yp) { 241* bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]); 242* yp += 2, bp++; 243 } 244 245 /* initialize / 246* for (i = 0; i < 4; i++) buf[i] = 0; 247
226 for (j = $1.val.len - 1, i = 3; j >= 0; j--, i--)	248 for (j = $1.len - 1, i = 3; j >= 0; j--, i--)
227 buf[i] = buf0[j]; 228 229 /* XXX: endian / 230* p_spi = ntohl((u_int32_t )buf); 231	249 buf[i] = buf0[j]; 250 251 /* XXX: endian / 252* p_spi = ntohl((u_int32_t )buf); 253
232 free($1.val.buf);	254 free($1.buf);
233 } 234 ; 235 236algorithm_spec 237 : esp_spec 238 \| ah_spec 239 \| ipcomp_spec 240 ; 241 242esp_spec 243 : F_ENC enc_alg enc_key F_AUTH auth_alg auth_key 244 \| F_ENC enc_alg enc_key 245 ; 246 247ah_spec 248 : F_AUTH auth_alg auth_key 249 ; 250 251ipcomp_spec	255 } 256 ; 257 258algorithm_spec 259 : esp_spec 260 \| ah_spec 261 \| ipcomp_spec 262 ; 263 264esp_spec 265 : F_ENC enc_alg enc_key F_AUTH auth_alg auth_key 266 \| F_ENC enc_alg enc_key 267 ; 268 269ah_spec 270 : F_AUTH auth_alg auth_key 271 ; 272 273ipcomp_spec
252 : F_COMP ALG_COMP { p_alg_enc = $2.num; } 253 \| F_COMP ALG_COMP { p_alg_enc = $2.num; }	274 : F_COMP ALG_COMP { p_alg_enc = $2; } 275 \| F_COMP ALG_COMP { p_alg_enc = $2; }
254 F_RAWCPI { p_ext \|= SADB_X_EXT_RAWCPI; } 255 ; 256 257enc_alg	276 F_RAWCPI { p_ext \|= SADB_X_EXT_RAWCPI; } 277 ; 278 279enc_alg
258 : ALG_ENC { p_alg_enc = $1.num; }	280 : ALG_ENC { p_alg_enc = $1; }
259 \| ALG_ENC_DESDERIV 260 {	281 \| ALG_ENC_DESDERIV 282 {
261 p_alg_enc = $1.num;	283 p_alg_enc = $1;
262 if (p_ext & SADB_X_EXT_OLD) { 263 yyerror("algorithm mismatched."); 264 return -1; 265 } 266 p_ext \|= SADB_X_EXT_DERIV; 267 } 268 \| ALG_ENC_DES32IV 269 {	284 if (p_ext & SADB_X_EXT_OLD) { 285 yyerror("algorithm mismatched."); 286 return -1; 287 } 288 p_ext \|= SADB_X_EXT_DERIV; 289 } 290 \| ALG_ENC_DES32IV 291 {
270 p_alg_enc = $1.num;	292 p_alg_enc = $1;
271 if (!(p_ext & SADB_X_EXT_OLD)) { 272 yyerror("algorithm mismatched."); 273 return -1; 274 } 275 p_ext \|= SADB_X_EXT_IV4B; 276 } 277 ; 278 279enc_key 280 : /NOTHING/ 281 { 282 if (p_alg_enc != SADB_EALG_NULL) { 283 yyerror("no key found."); 284 return -1; 285 } 286 } 287 \| key_string 288 {	293 if (!(p_ext & SADB_X_EXT_OLD)) { 294 yyerror("algorithm mismatched."); 295 return -1; 296 } 297 p_ext \|= SADB_X_EXT_IV4B; 298 } 299 ; 300 301enc_key 302 : /NOTHING/ 303 { 304 if (p_alg_enc != SADB_EALG_NULL) { 305 yyerror("no key found."); 306 return -1; 307 } 308 } 309 \| key_string 310 {
289 p_key_enc_len = $1.val.len;	311 p_key_enc_len = $1.len;
290 p_key_enc = pp_key; 291 292 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, 293 p_alg_enc, 294 PFKEY_UNUNIT64(p_key_enc_len)) < 0) { 295 yyerror(ipsec_strerror()); 296 return -1; 297 } 298 } 299 ; 300 301auth_alg	312 p_key_enc = pp_key; 313 314 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, 315 p_alg_enc, 316 PFKEY_UNUNIT64(p_key_enc_len)) < 0) { 317 yyerror(ipsec_strerror()); 318 return -1; 319 } 320 } 321 ; 322 323auth_alg
302 : ALG_AUTH { p_alg_auth = $1.num; }	324 : ALG_AUTH { p_alg_auth = $1; }
303 ; 304 305auth_key 306 : /NOTHING/ 307 { 308 if (p_alg_auth != SADB_AALG_NULL) { 309 yyerror("no key found."); 310 return -1; 311 } 312 } 313 \| key_string 314 {	325 ; 326 327auth_key 328 : /NOTHING/ 329 { 330 if (p_alg_auth != SADB_AALG_NULL) { 331 yyerror("no key found."); 332 return -1; 333 } 334 } 335 \| key_string 336 {
315 p_key_auth_len = $1.val.len;	337 p_key_auth_len = $1.len;
316 p_key_auth = pp_key; 317 318 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, 319 p_alg_auth, 320 PFKEY_UNUNIT64(p_key_auth_len)) < 0) { 321 yyerror(ipsec_strerror()); 322 return -1; 323 } 324 } 325 ; 326 327key_string 328 : QUOTEDSTRING 329 {	338 p_key_auth = pp_key; 339 340 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, 341 p_alg_auth, 342 PFKEY_UNUNIT64(p_key_auth_len)) < 0) { 343 yyerror(ipsec_strerror()); 344 return -1; 345 } 346 } 347 ; 348 349key_string 350 : QUOTEDSTRING 351 {
330 pp_key = $1.val.buf;	352 pp_key = $1.buf;
331 /* free pp_key later / 332* } 333 \| HEXSTRING 334 { 335 caddr_t bp;	353 /* free pp_key later / 354* } 355 \| HEXSTRING 356 { 357 caddr_t bp;
336 caddr_t yp = $1.val.buf;	358 caddr_t yp = $1.buf;
337	359
338 if ((pp_key = malloc($1.val.len)) == 0) { 339 free($1.val.buf); 340 yyerror(strerror(errno));	360 if ((pp_key = malloc($1.len)) == 0) { 361 free($1.buf); 362 yyerror("not enough core");
341 return -1; 342 }	363 return -1; 364 }
343 memset(pp_key, 0, $1.val.len);	365 memset(pp_key, 0, $1.len);
344 345 bp = pp_key; 346 while (yp) { 347* bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]); 348* yp += 2, bp++; 349 } 350	366 367 bp = pp_key; 368 while (yp) { 369* bp = (ATOX(yp[0]) << 4) \| ATOX(yp[1]); 370* yp += 2, bp++; 371 } 372
351 free($1.val.buf);	373 free($1.buf);
352 } 353 ; 354 355extension_spec 356 : /NOTHING/ 357 \| extension_spec extension 358 ; 359 360extension	374 } 375 ; 376 377extension_spec 378 : /NOTHING/ 379 \| extension_spec extension 380 ; 381 382extension
361 : F_EXT EXTENSION { p_ext \|= $1.num; } 362 \| F_MODE MODE { p_mode = $2.num; }	383 : F_EXT EXTENSION { p_ext \|= $2; } 384 \| F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; } 385 \| F_MODE MODE { p_mode = $2; }
363 \| F_MODE ANY { p_mode = IPSEC_MODE_ANY; }	386 \| F_MODE ANY { p_mode = IPSEC_MODE_ANY; }
	387 \| F_REQID DECSTRING { p_reqid = $2; }
364 \| F_REPLAY DECSTRING 365 { 366 if (p_ext & SADB_X_EXT_OLD) { 367 yyerror("replay prevention " 368 "only use on new spec."); 369 return -1; 370 }	388 \| F_REPLAY DECSTRING 389 { 390 if (p_ext & SADB_X_EXT_OLD) { 391 yyerror("replay prevention " 392 "only use on new spec."); 393 return -1; 394 }
371 p_replay = $2.num;	395 p_replay = $2;
372 }	396 }
373 \| F_LIFETIME_HARD DECSTRING { p_lt_hard = $2.num; } 374 \| F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2.num; }	397 \| F_LIFETIME_HARD DECSTRING { p_lt_hard = $2; } 398 \| F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2; }
375 ; 376 377 /* definition about command for SPD management / 378* /* spdadd / 379spdadd_command 380* : SPDADD 381 { 382 p_type = SADB_X_SPDADD; 383 p_satype = SADB_SATYPE_UNSPEC; 384 } 385 sp_selector_spec policy_spec EOT 386 ; 387 388spddelete_command: 389 SPDDELETE 390 { 391 p_type = SADB_X_SPDDELETE; 392 p_satype = SADB_SATYPE_UNSPEC; 393 }	399 ; 400 401 /* definition about command for SPD management / 402* /* spdadd / 403spdadd_command 404* : SPDADD 405 { 406 p_type = SADB_X_SPDADD; 407 p_satype = SADB_SATYPE_UNSPEC; 408 } 409 sp_selector_spec policy_spec EOT 410 ; 411 412spddelete_command: 413 SPDDELETE 414 { 415 p_type = SADB_X_SPDDELETE; 416 p_satype = SADB_SATYPE_UNSPEC; 417 }
394 sp_selector_spec EOT	418 sp_selector_spec policy_spec EOT
395 ; 396 397spddump_command: 398 SPDDUMP 399 { 400 p_type = SADB_X_SPDDUMP; 401 p_satype = SADB_SATYPE_UNSPEC; 402 } --- 8 unchanged lines hidden (view full) --- 411 } 412 EOT 413 ; 414 415 /* sp_selector_spec / 416sp_selector_spec 417* : ipaddress { p_src = pp_addr; } 418 prefix { p_prefs = pp_prefix; }	419 ; 420 421spddump_command: 422 SPDDUMP 423 { 424 p_type = SADB_X_SPDDUMP; 425 p_satype = SADB_SATYPE_UNSPEC; 426 } --- 8 unchanged lines hidden (view full) --- 435 } 436 EOT 437 ; 438 439 /* sp_selector_spec / 440sp_selector_spec 441* : ipaddress { p_src = pp_addr; } 442 prefix { p_prefs = pp_prefix; }
419 port { _INPORTBYSA(p_src) = htons(pp_port); }	443 port 444 { 445 switch (p_src->sa_family) { 446 case AF_INET: 447 ((struct sockaddr_in )p_src)->sin_port = 448* htons(pp_port); 449 break; 450#ifdef INET6 451 case AF_INET6: 452 ((struct sockaddr_in6 )p_src)->sin6_port = 453* htons(pp_port); 454 break; 455#endif 456 default: 457 exit(1); /XXX/ 458 } 459 }
420 ipaddress { p_dst = pp_addr; } 421 prefix { p_prefd = pp_prefix; }	460 ipaddress { p_dst = pp_addr; } 461 prefix { p_prefd = pp_prefix; }
422 port { _INPORTBYSA(p_dst) = htons(pp_port); }	462 port 463 { 464 switch (p_dst->sa_family) { 465 case AF_INET: 466 ((struct sockaddr_in )p_dst)->sin_port = 467* htons(pp_port); 468 break; 469#ifdef INET6 470 case AF_INET6: 471 ((struct sockaddr_in6 )p_dst)->sin6_port = 472* htons(pp_port); 473 break; 474#endif 475 default: 476 exit(1); /XXX/ 477 } 478 }
423 upper_spec	479 upper_spec
	480 { 481 /* XXX is it something userland should check? / 482#if 0 483* switch (p_upper) { 484 case IPPROTO_ICMP: 485 case IPPROTO_ICMPV6: 486 if (_INPORTBYSA(p_src) != IPSEC_PORT_ANY 487 \|\| _INPORTBYSA(p_dst) != IPSEC_PORT_ANY) { 488 yyerror("port number must be \"any\"."); 489 return -1; 490 } 491 if ((pp_addr->sa_family == AF_INET6 492 && p_upper == IPPROTO_ICMP) 493 \|\| (pp_addr->sa_family == AF_INET 494 && p_upper == IPPROTO_ICMPV6)) { 495 yyerror("upper layer protocol " 496 "mismatched.\n"); 497 return -1; 498 } 499 break; 500 default: 501 break; 502 } 503#endif 504 }
424 ; 425 426ipaddress	505 ; 506 507ipaddress
427 : IP4_ADDRESS	508 : ADDRESS
428 {	509 {
429 struct sockaddr_in in; 430* u_int sa_len = $1.val.len;	510 struct addrinfo *res;
431	511
432 if ((in = (struct sockaddr_in )malloc(sa_len)) == 0) { 433* yyerror(strerror(errno)); 434 free($1.val.buf);	512 res = parse_addr($1.buf, NULL, AI_NUMERICHOST); 513 if (res == NULL) { 514 free($1.buf);
435 return -1; 436 }	515 return -1; 516 }
437 memset((caddr_t)in, 0, sa_len); 438 439 in->sin_family = PF_INET; 440 in->sin_len = sa_len; 441 in->sin_port = IPSEC_PORT_ANY; 442 (void)inet_pton(PF_INET, $1.val.buf, &in->sin_addr); 443 444 pp_addr = (struct sockaddr )in; 445* free($1.val.buf); 446 } 447 \| IP6_ADDRESS 448 { 449#ifdef INET6 450 struct sockaddr_in6 in6; 451* u_int sa_len = $1.val.len; 452 struct addrinfo hints, res; 453* int ret_gai; 454 455 if ((in6 = (struct sockaddr_in6 )malloc(sa_len)) == 0) { 456* free($1.val.buf); 457 yyerror(strerror(errno)); 458 return -1;	517 pp_addr = (struct sockaddr )malloc(res->ai_addrlen); 518* if (!pp_addr) { 519 yyerror("not enough core"); 520 goto end;
459 }	521 }
460 memset((caddr_t)in6, 0, sa_len);
461	522
462 bzero(&hints, sizeof(struct addrinfo)); 463 hints.ai_flags = AI_NUMERICHOST; 464 hints.ai_family = AF_INET6; 465 ret_gai = getaddrinfo($1.val.buf, NULL, &hints, &res); 466 if (ret_gai) { 467 free($1.val.buf); 468 free(in6); 469 yyerror(gai_strerror(ret_gai)); 470 if (ret_gai == EAI_SYSTEM) 471 yyerror(strerror(errno)); 472 return -1; 473 } 474 (void)memcpy(in6, res->ai_addr, res->ai_addrlen); 475 476 /* 477 * XXX: If the scope of the destination is link-local, 478 * embed the scope-id(in this case, interface index) 479 * into the address. 480 / 481* if (IN6_IS_ADDR_LINKLOCAL(&in6->sin6_addr) && 482 in6->sin6_scope_id != 0) 483 (u_short )&in6->sin6_addr.s6_addr[2] = 484 htons(in6->sin6_scope_id & 0xffff); 485	523 memcpy(pp_addr, res->ai_addr, res->ai_addrlen); 524 end:
486 freeaddrinfo(res);	525 freeaddrinfo(res);
487 488 pp_addr = (struct sockaddr )in6; 489#else 490* yyerror("IPv6 address not supported"); 491#endif 492 free($1.val.buf);	526 free($1.buf);
493 } 494 ; 495 496prefix 497 : /NOTHING/ { pp_prefix = ~0; }	527 } 528 ; 529 530prefix 531 : /NOTHING/ { pp_prefix = ~0; }
498 \| PREFIX { pp_prefix = $1.num; }	532 \| PREFIX { pp_prefix = $1; }
499 ; 500 501port 502 : /NOTHING/ { pp_port = IPSEC_PORT_ANY; }	533 ; 534 535port 536 : /NOTHING/ { pp_port = IPSEC_PORT_ANY; }
503 \| PORT { pp_port = $1.num; }	537 \| PORT { pp_port = $1; }
504 \| PORTANY { pp_port = IPSEC_PORT_ANY; } 505 ; 506 507upper_spec	538 \| PORTANY { pp_port = IPSEC_PORT_ANY; } 539 ; 540 541upper_spec
508 : DECSTRING { p_upper = $1.num; } 509 \| UP_PROTO { p_upper = $1.num; }	542 : DECSTRING { p_upper = $1; } 543 \| UP_PROTO { p_upper = $1; }
510 \| PR_ESP { p_upper = IPPROTO_ESP; }; 511 \| PR_AH { p_upper = IPPROTO_AH; }; 512 \| PR_IPCOMP { p_upper = IPPROTO_IPCOMP; }; 513 \| ANY { p_upper = IPSEC_ULPROTO_ANY; } 514 ; 515 516policy_spec 517 : F_POLICY policy_requests 518 {	544 \| PR_ESP { p_upper = IPPROTO_ESP; }; 545 \| PR_AH { p_upper = IPPROTO_AH; }; 546 \| PR_IPCOMP { p_upper = IPPROTO_IPCOMP; }; 547 \| ANY { p_upper = IPSEC_ULPROTO_ANY; } 548 ; 549 550policy_spec 551 : F_POLICY policy_requests 552 {
519 p_policy = ipsec_set_policy($2.val.buf, $2.val.len);	553 p_policy = ipsec_set_policy($2.buf, $2.len);
520 if (p_policy == NULL) {	554 if (p_policy == NULL) {
521 free($2.val.buf);	555 free($2.buf);
522 p_policy = NULL; 523 yyerror(ipsec_strerror()); 524 return -1; 525 } 526 527 p_policy_len = ipsec_get_policylen(p_policy); 528	556 p_policy = NULL; 557 yyerror(ipsec_strerror()); 558 return -1; 559 } 560 561 p_policy_len = ipsec_get_policylen(p_policy); 562
529 free($2.val.buf);	563 free($2.buf);
530 } 531 ; 532	564 } 565 ; 566
533policy_requests: 534 /NOTHING/ 535 \| PL_REQUESTS { $$ = $1; }	567policy_requests 568 : PL_REQUESTS { $$ = $1; }
536 ; 537 538%% 539 540int 541setkeymsg() 542{ 543 struct sadb_msg m_msg; 544 545 m_msg.sadb_msg_version = PF_KEY_V2; 546 m_msg.sadb_msg_type = p_type; 547 m_msg.sadb_msg_errno = 0; 548 m_msg.sadb_msg_satype = p_satype;	569 ; 570 571%% 572 573int 574setkeymsg() 575{ 576 struct sadb_msg m_msg; 577 578 m_msg.sadb_msg_version = PF_KEY_V2; 579 m_msg.sadb_msg_type = p_type; 580 m_msg.sadb_msg_errno = 0; 581 m_msg.sadb_msg_satype = p_satype;
549 m_msg.sadb_msg_mode = p_mode;
550 m_msg.sadb_msg_reserved = 0; 551 m_msg.sadb_msg_seq = 0; 552 m_msg.sadb_msg_pid = getpid(); 553 554 m_len = sizeof(struct sadb_msg); 555 memcpy(m_buf, &m_msg, m_len); 556 557 switch (p_type) { --- 66 unchanged lines hidden (view full) --- 624 m_len += len; 625 } 626 /* FALLTHROUGH / 627* 628 case SADB_DELETE: 629 case SADB_GET: 630 { 631 struct sadb_sa m_sa;	582 m_msg.sadb_msg_reserved = 0; 583 m_msg.sadb_msg_seq = 0; 584 m_msg.sadb_msg_pid = getpid(); 585 586 m_len = sizeof(struct sadb_msg); 587 memcpy(m_buf, &m_msg, m_len); 588 589 switch (p_type) { --- 66 unchanged lines hidden (view full) --- 656 m_len += len; 657 } 658 /* FALLTHROUGH / 659* 660 case SADB_DELETE: 661 case SADB_GET: 662 { 663 struct sadb_sa m_sa;
	664 struct sadb_x_sa2 m_sa2;
632 struct sadb_address m_addr; 633 u_int len; 634 635 len = sizeof(struct sadb_sa); 636 m_sa.sadb_sa_len = PFKEY_UNIT64(len); 637 m_sa.sadb_sa_exttype = SADB_EXT_SA; 638 m_sa.sadb_sa_spi = htonl(p_spi); 639 m_sa.sadb_sa_replay = p_replay; 640 m_sa.sadb_sa_state = 0; 641 m_sa.sadb_sa_auth = p_alg_auth; 642 m_sa.sadb_sa_encrypt = p_alg_enc; 643 m_sa.sadb_sa_flags = p_ext; 644 645 memcpy(m_buf + m_len, &m_sa, len); 646 m_len += len; 647	665 struct sadb_address m_addr; 666 u_int len; 667 668 len = sizeof(struct sadb_sa); 669 m_sa.sadb_sa_len = PFKEY_UNIT64(len); 670 m_sa.sadb_sa_exttype = SADB_EXT_SA; 671 m_sa.sadb_sa_spi = htonl(p_spi); 672 m_sa.sadb_sa_replay = p_replay; 673 m_sa.sadb_sa_state = 0; 674 m_sa.sadb_sa_auth = p_alg_auth; 675 m_sa.sadb_sa_encrypt = p_alg_enc; 676 m_sa.sadb_sa_flags = p_ext; 677 678 memcpy(m_buf + m_len, &m_sa, len); 679 m_len += len; 680
	681 len = sizeof(struct sadb_x_sa2); 682 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len); 683 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2; 684 m_sa2.sadb_x_sa2_mode = p_mode; 685 m_sa2.sadb_x_sa2_reqid = p_reqid; 686 687 memcpy(m_buf + m_len, &m_sa2, len); 688 m_len += len; 689
648 /* set src / 649* m_addr.sadb_address_len = 650 PFKEY_UNIT64(sizeof(m_addr) 651 + PFKEY_ALIGN8(p_src->sa_len)); 652 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 653 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;	690 /* set src / 691* m_addr.sadb_address_len = 692 PFKEY_UNIT64(sizeof(m_addr) 693 + PFKEY_ALIGN8(p_src->sa_len)); 694 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 695 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
654 m_addr.sadb_address_prefixlen = 655 _INALENBYAF(p_src->sa_family) << 3;	696 switch (p_src->sa_family) { 697 case AF_INET: 698 m_addr.sadb_address_prefixlen = 699 sizeof(struct in_addr) << 3; 700 break; 701#ifdef INET6 702 case AF_INET6: 703 m_addr.sadb_address_prefixlen = 704 sizeof(struct in6_addr) << 3; 705 break; 706#endif 707 default: 708 yyerror("unsupported address family"); 709 exit(1); /XXX/ 710 }
656 m_addr.sadb_address_reserved = 0; 657 658 setvarbuf(&m_len, 659 (struct sadb_ext )&m_addr, sizeof(m_addr), 660* (caddr_t)p_src, p_src->sa_len); 661 662 /* set dst / 663* m_addr.sadb_address_len = 664 PFKEY_UNIT64(sizeof(m_addr) 665 + PFKEY_ALIGN8(p_dst->sa_len)); 666 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 667 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;	711 m_addr.sadb_address_reserved = 0; 712 713 setvarbuf(&m_len, 714 (struct sadb_ext )&m_addr, sizeof(m_addr), 715* (caddr_t)p_src, p_src->sa_len); 716 717 /* set dst / 718* m_addr.sadb_address_len = 719 PFKEY_UNIT64(sizeof(m_addr) 720 + PFKEY_ALIGN8(p_dst->sa_len)); 721 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 722 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
668 m_addr.sadb_address_prefixlen = 669 _INALENBYAF(p_dst->sa_family) << 3;	723 switch (p_dst->sa_family) { 724 case AF_INET: 725 m_addr.sadb_address_prefixlen = 726 sizeof(struct in_addr) << 3; 727 break; 728#ifdef INET6 729 case AF_INET6: 730 m_addr.sadb_address_prefixlen = 731 sizeof(struct in6_addr) << 3; 732 break; 733#endif 734 default: 735 yyerror("unsupported address family"); 736 exit(1); /XXX/ 737 }
670 m_addr.sadb_address_reserved = 0; 671 672 setvarbuf(&m_len, 673 (struct sadb_ext )&m_addr, sizeof(m_addr), 674* (caddr_t)p_dst, p_dst->sa_len); 675 } 676 break; 677 678 /* for SPD management / 679* case SADB_X_SPDFLUSH: 680 case SADB_X_SPDDUMP: 681 break; 682 683 case SADB_X_SPDADD:	738 m_addr.sadb_address_reserved = 0; 739 740 setvarbuf(&m_len, 741 (struct sadb_ext )&m_addr, sizeof(m_addr), 742* (caddr_t)p_dst, p_dst->sa_len); 743 } 744 break; 745 746 /* for SPD management / 747* case SADB_X_SPDFLUSH: 748 case SADB_X_SPDDUMP: 749 break; 750 751 case SADB_X_SPDADD:
	752 case SADB_X_SPDDELETE:
684 {	753 {
	754 struct sadb_address m_addr; 755 u_int8_t plen; 756
685 memcpy(m_buf + m_len, p_policy, p_policy_len); 686 m_len += p_policy_len; 687 free(p_policy); 688 p_policy = NULL;	757 memcpy(m_buf + m_len, p_policy, p_policy_len); 758 m_len += p_policy_len; 759 free(p_policy); 760 p_policy = NULL;
689 } 690 /* FALLTHROUGH */
691	761
692 case SADB_X_SPDDELETE: 693 { 694 struct sadb_address m_addr; 695
696 /* set src / 697* m_addr.sadb_address_len = 698 PFKEY_UNIT64(sizeof(m_addr) 699 + PFKEY_ALIGN8(p_src->sa_len)); 700 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 701 m_addr.sadb_address_proto = p_upper;	762 /* set src / 763* m_addr.sadb_address_len = 764 PFKEY_UNIT64(sizeof(m_addr) 765 + PFKEY_ALIGN8(p_src->sa_len)); 766 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 767 m_addr.sadb_address_proto = p_upper;
	768 switch (p_src->sa_family) { 769 case AF_INET: 770 plen = sizeof(struct in_addr) << 3; 771 break; 772#ifdef INET6 773 case AF_INET6: 774 plen = sizeof(struct in6_addr) << 3; 775 break; 776#endif 777 default: 778 yyerror("unsupported address family"); 779 exit(1); /XXX/ 780 }
702 m_addr.sadb_address_prefixlen =	781 m_addr.sadb_address_prefixlen =
703 (p_prefs != ~0 ? p_prefs : 704 _INALENBYAF(p_src->sa_family) << 3);	782 (p_prefs != ~0 ? p_prefs : plen);
705 m_addr.sadb_address_reserved = 0; 706 707 setvarbuf(&m_len, 708 (struct sadb_ext )&m_addr, sizeof(m_addr), 709* (caddr_t)p_src, p_src->sa_len); 710 711 /* set dst / 712* m_addr.sadb_address_len = 713 PFKEY_UNIT64(sizeof(m_addr) 714 + PFKEY_ALIGN8(p_dst->sa_len)); 715 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 716 m_addr.sadb_address_proto = p_upper;	783 m_addr.sadb_address_reserved = 0; 784 785 setvarbuf(&m_len, 786 (struct sadb_ext )&m_addr, sizeof(m_addr), 787* (caddr_t)p_src, p_src->sa_len); 788 789 /* set dst / 790* m_addr.sadb_address_len = 791 PFKEY_UNIT64(sizeof(m_addr) 792 + PFKEY_ALIGN8(p_dst->sa_len)); 793 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 794 m_addr.sadb_address_proto = p_upper;
	795 switch (p_dst->sa_family) { 796 case AF_INET: 797 plen = sizeof(struct in_addr) << 3; 798 break; 799#ifdef INET6 800 case AF_INET6: 801 plen = sizeof(struct in6_addr) << 3; 802 break; 803#endif 804 default: 805 yyerror("unsupported address family"); 806 exit(1); /XXX/ 807 }
717 m_addr.sadb_address_prefixlen =	808 m_addr.sadb_address_prefixlen =
718 (p_prefd != ~0 ? p_prefd : 719 _INALENBYAF(p_dst->sa_family) << 3);	809 (p_prefd != ~0 ? p_prefd : plen);
720 m_addr.sadb_address_reserved = 0; 721 722 setvarbuf(&m_len, 723 (struct sadb_ext )&m_addr, sizeof(m_addr), 724* (caddr_t)p_dst, p_dst->sa_len); 725 } 726 break; 727 } 728 729 ((struct sadb_msg )m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len); 730* 731 return 0; 732} 733	810 m_addr.sadb_address_reserved = 0; 811 812 setvarbuf(&m_len, 813 (struct sadb_ext )&m_addr, sizeof(m_addr), 814* (caddr_t)p_dst, p_dst->sa_len); 815 } 816 break; 817 } 818 819 ((struct sadb_msg )m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len); 820* 821 return 0; 822} 823
	824static struct addrinfo * 825parse_addr(host, port, flag) 826 char host; 827* char port; 828* int flag; 829{ 830 struct addrinfo hints, res = NULL; 831* int error; 832 833 memset(&hints, 0, sizeof(hints)); 834 hints.ai_family = PF_UNSPEC; 835 hints.ai_socktype = SOCK_DGRAM; 836 hints.ai_flags = flag; 837 error = getaddrinfo(host, port, &hints, &res); 838 if (error != 0) { 839 yyerror(gai_strerror(error)); 840 return NULL; 841 } 842 if (res->ai_next != NULL) { 843 yyerror(gai_strerror(error)); 844 } 845 return res; 846} 847
734static int 735setvarbuf(off, ebuf, elen, vbuf, vlen) 736 caddr_t vbuf; 737 struct sadb_ext ebuf; 738* int off, elen, vlen; 739{ 740* memset(m_buf + off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); 741* memcpy(m_buf + off, (caddr_t)ebuf, elen); --- 10 unchanged lines hidden* (view full) --- 752 p_spi = 0; 753 754 p_src = 0, p_dst = 0; 755 pp_prefix = p_prefs = p_prefd = ~0; 756 pp_port = IPSEC_PORT_ANY; 757 p_upper = 0; 758 759 p_satype = 0;	848static int 849setvarbuf(off, ebuf, elen, vbuf, vlen) 850 caddr_t vbuf; 851 struct sadb_ext ebuf; 852* int off, elen, vlen; 853{ 854* memset(m_buf + off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); 855* memcpy(m_buf + off, (caddr_t)ebuf, elen); --- 10 unchanged lines hidden* (view full) --- 866 p_spi = 0; 867 868 p_src = 0, p_dst = 0; 869 pp_prefix = p_prefs = p_prefd = ~0; 870 pp_port = IPSEC_PORT_ANY; 871 p_upper = 0; 872 873 p_satype = 0;
760 p_ext = SADB_X_EXT_NONE;	874 p_ext = SADB_X_EXT_CYCSEQ;
761 p_alg_enc = SADB_EALG_NONE; 762 p_alg_auth = SADB_AALG_NONE; 763 p_mode = IPSEC_MODE_ANY;	875 p_alg_enc = SADB_EALG_NONE; 876 p_alg_auth = SADB_AALG_NONE; 877 p_mode = IPSEC_MODE_ANY;
764 p_replay = 4;	878 p_reqid = 0; 879 p_replay = 0;
765 p_key_enc_len = p_key_auth_len = 0; 766 p_key_enc = p_key_auth = 0; 767 p_lt_hard = p_lt_soft = 0; 768 769 p_policy_len = 0; 770 p_policy = NULL; 771 772 memset(cmdarg, 0, sizeof(cmdarg)); --- 15 unchanged lines hidden ---	880 p_key_enc_len = p_key_auth_len = 0; 881 p_key_enc = p_key_auth = 0; 882 p_lt_hard = p_lt_soft = 0; 883 884 p_policy_len = 0; 885 p_policy = NULL; 886 887 memset(cmdarg, 0, sizeof(cmdarg)); --- 15 unchanged lines hidden ---