parse.y (55505) | parse.y (62583) |
---|---|
1/* $FreeBSD: head/sbin/setkey/parse.y 62583 2000-07-04 16:22:05Z itojun $ */ 2/* $KAME: parse.y,v 1.29 2000/06/10 14:17:44 sakane Exp $ */ 3 |
|
1/* 2 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 3 * All rights reserved. | 4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. |
4 * | 7 * |
5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. | 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. |
16 * | 19 * |
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. | 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. |
28 * 29 * $FreeBSD: head/sbin/setkey/parse.y 55505 2000-01-06 12:40:54Z shin $ | |
30 */ | 31 */ |
31/* KAME $Id: parse.y,v 1.7 1999/10/27 17:08:57 sakane Exp $ */ | |
32 33%{ 34#include <sys/types.h> 35#include <sys/param.h> 36#include <sys/socket.h> 37 38#include <net/route.h> 39#include <netinet/in.h> 40#include <net/pfkeyv2.h> 41#include <netkey/key_var.h> 42#include <netinet6/ipsec.h> 43#include <arpa/inet.h> 44 45#include <string.h> 46#include <unistd.h> 47#include <stdio.h> | 32 33%{ 34#include <sys/types.h> 35#include <sys/param.h> 36#include <sys/socket.h> 37 38#include <net/route.h> 39#include <netinet/in.h> 40#include <net/pfkeyv2.h> 41#include <netkey/key_var.h> 42#include <netinet6/ipsec.h> 43#include <arpa/inet.h> 44 45#include <string.h> 46#include <unistd.h> 47#include <stdio.h> |
48#include <netdb.h> |
|
48#include <ctype.h> 49#include <errno.h> | 49#include <ctype.h> 50#include <errno.h> |
50#include <netdb.h> | |
51 | 51 |
52#include "libpfkey.h" |
|
52#include "vchar.h" 53 54#define ATOX(c) \ 55 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) 56 | 53#include "vchar.h" 54 55#define ATOX(c) \ 56 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) )) 57 |
57u_int p_type; 58u_int32_t p_spi; 59struct sockaddr *p_src, *p_dst; 60u_int p_prefs, p_prefd, p_upper; 61u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; 62u_int p_key_enc_len, p_key_auth_len; 63caddr_t p_key_enc, p_key_auth; 64time_t p_lt_hard, p_lt_soft; | 58u_int p_type; 59u_int32_t p_spi; 60struct sockaddr *p_src, *p_dst; 61u_int p_prefs, p_prefd, p_upper; 62u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode; 63u_int32_t p_reqid; 64u_int p_key_enc_len, p_key_auth_len; 65caddr_t p_key_enc, p_key_auth; 66time_t p_lt_hard, p_lt_soft; |
65 | 67 |
66u_int p_policy_len; 67char *p_policy; | 68u_int p_policy_len; 69char *p_policy; |
68 69/* temporary buffer */ | 70 71/* temporary buffer */ |
70static struct sockaddr *pp_addr; 71static u_int pp_prefix; 72static u_int pp_port; 73static caddr_t pp_key; | 72static struct sockaddr *pp_addr; 73static u_int pp_prefix; 74static u_int pp_port; 75static caddr_t pp_key; |
74 | 76 |
75extern u_char m_buf[BUFSIZ]; 76extern int m_len; 77extern char cmdarg[8192]; 78extern int f_debug; | 77extern u_char m_buf[BUFSIZ]; 78extern int m_len; 79extern char cmdarg[8192]; 80extern int f_debug; |
79 | 81 |
80int setkeymsg __P((void)); 81static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int)); 82void parse_init __P((void)); 83void free_buffer __P((void)); | 82int setkeymsg __P((void)); 83static struct addrinfo *parse_addr __P((char *, char *, int)); 84static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int)); 85void parse_init __P((void)); 86void free_buffer __P((void)); |
84 | 87 |
85extern int setkeymsg __P((void)); 86extern int sendkeymsg __P((void)); | 88extern int setkeymsg __P((void)); 89extern int sendkeymsg __P((void)); |
87 | 90 |
88extern int yylex __P((void)); 89extern void yyerror __P((char *)); | 91extern int yylex __P((void)); 92extern void yyfatal __P((const char *)); 93extern void yyerror __P((const char *)); |
90%} 91 92%union { 93 unsigned long num; 94 vchar_t val; 95} 96 97%token EOT 98%token ADD GET DELETE FLUSH DUMP | 94%} 95 96%union { 97 unsigned long num; 98 vchar_t val; 99} 100 101%token EOT 102%token ADD GET DELETE FLUSH DUMP |
99%token IP4_ADDRESS IP6_ADDRESS PREFIX PORT PORTANY | 103%token ADDRESS PREFIX PORT PORTANY |
100%token UP_PROTO PR_ESP PR_AH PR_IPCOMP 101%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI | 104%token UP_PROTO PR_ESP PR_AH PR_IPCOMP 105%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI |
102%token F_MODE MODE 103%token F_EXT EXTENSION | 106%token F_MODE MODE F_REQID 107%token F_EXT EXTENSION NOCYCLICSEQ |
104%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 105%token F_LIFETIME_HARD F_LIFETIME_SOFT 106%token DECSTRING QUOTEDSTRING HEXSTRING ANY 107 /* SPD management */ 108%token SPDADD SPDDELETE SPDDUMP SPDFLUSH 109%token F_POLICY PL_REQUESTS 110 | 108%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 109%token F_LIFETIME_HARD F_LIFETIME_SOFT 110%token DECSTRING QUOTEDSTRING HEXSTRING ANY 111 /* SPD management */ 112%token SPDADD SPDDELETE SPDDUMP SPDFLUSH 113%token F_POLICY PL_REQUESTS 114 |
115%type <num> PORT PREFIX EXTENSION MODE 116%type <num> UP_PROTO PR_ESP PR_AH PR_IPCOMP 117%type <num> ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP 118%type <num> DECSTRING 119%type <val> ADDRESS PL_REQUESTS 120%type <val> key_string policy_requests 121%type <val> QUOTEDSTRING HEXSTRING 122 |
|
111%% 112commands 113 : /*NOTHING*/ 114 | commands command 115 { 116 if (f_debug) { 117 printf("cmdarg:\n%s\n", cmdarg); 118 } else { --- 22 unchanged lines hidden (view full) --- 141add_command 142 : ADD { p_type = SADB_ADD; } 143 sa_selector_spec extension_spec algorithm_spec EOT 144 ; 145 146 /* delete */ 147delete_command 148 : DELETE { p_type = SADB_DELETE; } | 123%% 124commands 125 : /*NOTHING*/ 126 | commands command 127 { 128 if (f_debug) { 129 printf("cmdarg:\n%s\n", cmdarg); 130 } else { --- 22 unchanged lines hidden (view full) --- 153add_command 154 : ADD { p_type = SADB_ADD; } 155 sa_selector_spec extension_spec algorithm_spec EOT 156 ; 157 158 /* delete */ 159delete_command 160 : DELETE { p_type = SADB_DELETE; } |
149 sa_selector_spec extension_spec EOT | 161 sa_selector_spec extension_spec 162 { 163 if (p_mode != IPSEC_MODE_ANY) 164 yyerror("WARNING: mode is obsoleted."); 165 } 166 EOT |
150 ; 151 152 /* get command */ 153get_command 154 : GET { p_type = SADB_GET; } | 167 ; 168 169 /* get command */ 170get_command 171 : GET { p_type = SADB_GET; } |
155 sa_selector_spec extension_spec EOT | 172 sa_selector_spec extension_spec 173 { 174 if (p_mode != IPSEC_MODE_ANY) 175 yyerror("WARNING: mode is obsoleted."); 176 } 177 EOT |
156 ; 157 158 /* flush */ 159flush_command 160 : FLUSH { p_type = SADB_FLUSH; } 161 protocol_spec EOT 162 ; 163 --- 10 unchanged lines hidden (view full) --- 174 protocol_spec spi 175 ; 176 177protocol_spec 178 : /*NOTHING*/ { p_satype = SADB_SATYPE_UNSPEC; } 179 | PR_ESP 180 { 181 p_satype = SADB_SATYPE_ESP; | 178 ; 179 180 /* flush */ 181flush_command 182 : FLUSH { p_type = SADB_FLUSH; } 183 protocol_spec EOT 184 ; 185 --- 10 unchanged lines hidden (view full) --- 196 protocol_spec spi 197 ; 198 199protocol_spec 200 : /*NOTHING*/ { p_satype = SADB_SATYPE_UNSPEC; } 201 | PR_ESP 202 { 203 p_satype = SADB_SATYPE_ESP; |
182 if ($1.num == 1) | 204 if ($1 == 1) |
183 p_ext |= SADB_X_EXT_OLD; 184 else 185 p_ext &= ~SADB_X_EXT_OLD; 186 } 187 | PR_AH 188 { 189 p_satype = SADB_SATYPE_AH; | 205 p_ext |= SADB_X_EXT_OLD; 206 else 207 p_ext &= ~SADB_X_EXT_OLD; 208 } 209 | PR_AH 210 { 211 p_satype = SADB_SATYPE_AH; |
190 if ($1.num == 1) | 212 if ($1 == 1) |
191 p_ext |= SADB_X_EXT_OLD; 192 else 193 p_ext &= ~SADB_X_EXT_OLD; 194 } 195 | PR_IPCOMP 196 { 197 p_satype = SADB_X_SATYPE_IPCOMP; 198 } 199 ; 200 201spi | 213 p_ext |= SADB_X_EXT_OLD; 214 else 215 p_ext &= ~SADB_X_EXT_OLD; 216 } 217 | PR_IPCOMP 218 { 219 p_satype = SADB_X_SATYPE_IPCOMP; 220 } 221 ; 222 223spi |
202 : DECSTRING { p_spi = $1.num; } | 224 : DECSTRING { p_spi = $1; } |
203 | HEXSTRING 204 { 205 caddr_t bp; | 225 | HEXSTRING 226 { 227 caddr_t bp; |
206 caddr_t yp = $1.val.buf; | 228 caddr_t yp = $1.buf; |
207 char buf0[4], buf[4]; 208 int i, j; 209 210 /* sanity check */ | 229 char buf0[4], buf[4]; 230 int i, j; 231 232 /* sanity check */ |
211 if ($1.val.len > 4) { | 233 if ($1.len > 4) { |
212 yyerror("SPI too big."); | 234 yyerror("SPI too big."); |
213 free($1.val.buf); | 235 free($1.buf); |
214 return -1; 215 } 216 217 bp = buf0; 218 while (*yp) { 219 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]); 220 yp += 2, bp++; 221 } 222 223 /* initialize */ 224 for (i = 0; i < 4; i++) buf[i] = 0; 225 | 236 return -1; 237 } 238 239 bp = buf0; 240 while (*yp) { 241 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]); 242 yp += 2, bp++; 243 } 244 245 /* initialize */ 246 for (i = 0; i < 4; i++) buf[i] = 0; 247 |
226 for (j = $1.val.len - 1, i = 3; j >= 0; j--, i--) | 248 for (j = $1.len - 1, i = 3; j >= 0; j--, i--) |
227 buf[i] = buf0[j]; 228 229 /* XXX: endian */ 230 p_spi = ntohl(*(u_int32_t *)buf); 231 | 249 buf[i] = buf0[j]; 250 251 /* XXX: endian */ 252 p_spi = ntohl(*(u_int32_t *)buf); 253 |
232 free($1.val.buf); | 254 free($1.buf); |
233 } 234 ; 235 236algorithm_spec 237 : esp_spec 238 | ah_spec 239 | ipcomp_spec 240 ; 241 242esp_spec 243 : F_ENC enc_alg enc_key F_AUTH auth_alg auth_key 244 | F_ENC enc_alg enc_key 245 ; 246 247ah_spec 248 : F_AUTH auth_alg auth_key 249 ; 250 251ipcomp_spec | 255 } 256 ; 257 258algorithm_spec 259 : esp_spec 260 | ah_spec 261 | ipcomp_spec 262 ; 263 264esp_spec 265 : F_ENC enc_alg enc_key F_AUTH auth_alg auth_key 266 | F_ENC enc_alg enc_key 267 ; 268 269ah_spec 270 : F_AUTH auth_alg auth_key 271 ; 272 273ipcomp_spec |
252 : F_COMP ALG_COMP { p_alg_enc = $2.num; } 253 | F_COMP ALG_COMP { p_alg_enc = $2.num; } | 274 : F_COMP ALG_COMP { p_alg_enc = $2; } 275 | F_COMP ALG_COMP { p_alg_enc = $2; } |
254 F_RAWCPI { p_ext |= SADB_X_EXT_RAWCPI; } 255 ; 256 257enc_alg | 276 F_RAWCPI { p_ext |= SADB_X_EXT_RAWCPI; } 277 ; 278 279enc_alg |
258 : ALG_ENC { p_alg_enc = $1.num; } | 280 : ALG_ENC { p_alg_enc = $1; } |
259 | ALG_ENC_DESDERIV 260 { | 281 | ALG_ENC_DESDERIV 282 { |
261 p_alg_enc = $1.num; | 283 p_alg_enc = $1; |
262 if (p_ext & SADB_X_EXT_OLD) { 263 yyerror("algorithm mismatched."); 264 return -1; 265 } 266 p_ext |= SADB_X_EXT_DERIV; 267 } 268 | ALG_ENC_DES32IV 269 { | 284 if (p_ext & SADB_X_EXT_OLD) { 285 yyerror("algorithm mismatched."); 286 return -1; 287 } 288 p_ext |= SADB_X_EXT_DERIV; 289 } 290 | ALG_ENC_DES32IV 291 { |
270 p_alg_enc = $1.num; | 292 p_alg_enc = $1; |
271 if (!(p_ext & SADB_X_EXT_OLD)) { 272 yyerror("algorithm mismatched."); 273 return -1; 274 } 275 p_ext |= SADB_X_EXT_IV4B; 276 } 277 ; 278 279enc_key 280 : /*NOTHING*/ 281 { 282 if (p_alg_enc != SADB_EALG_NULL) { 283 yyerror("no key found."); 284 return -1; 285 } 286 } 287 | key_string 288 { | 293 if (!(p_ext & SADB_X_EXT_OLD)) { 294 yyerror("algorithm mismatched."); 295 return -1; 296 } 297 p_ext |= SADB_X_EXT_IV4B; 298 } 299 ; 300 301enc_key 302 : /*NOTHING*/ 303 { 304 if (p_alg_enc != SADB_EALG_NULL) { 305 yyerror("no key found."); 306 return -1; 307 } 308 } 309 | key_string 310 { |
289 p_key_enc_len = $1.val.len; | 311 p_key_enc_len = $1.len; |
290 p_key_enc = pp_key; 291 292 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, 293 p_alg_enc, 294 PFKEY_UNUNIT64(p_key_enc_len)) < 0) { 295 yyerror(ipsec_strerror()); 296 return -1; 297 } 298 } 299 ; 300 301auth_alg | 312 p_key_enc = pp_key; 313 314 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, 315 p_alg_enc, 316 PFKEY_UNUNIT64(p_key_enc_len)) < 0) { 317 yyerror(ipsec_strerror()); 318 return -1; 319 } 320 } 321 ; 322 323auth_alg |
302 : ALG_AUTH { p_alg_auth = $1.num; } | 324 : ALG_AUTH { p_alg_auth = $1; } |
303 ; 304 305auth_key 306 : /*NOTHING*/ 307 { 308 if (p_alg_auth != SADB_AALG_NULL) { 309 yyerror("no key found."); 310 return -1; 311 } 312 } 313 | key_string 314 { | 325 ; 326 327auth_key 328 : /*NOTHING*/ 329 { 330 if (p_alg_auth != SADB_AALG_NULL) { 331 yyerror("no key found."); 332 return -1; 333 } 334 } 335 | key_string 336 { |
315 p_key_auth_len = $1.val.len; | 337 p_key_auth_len = $1.len; |
316 p_key_auth = pp_key; 317 318 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, 319 p_alg_auth, 320 PFKEY_UNUNIT64(p_key_auth_len)) < 0) { 321 yyerror(ipsec_strerror()); 322 return -1; 323 } 324 } 325 ; 326 327key_string 328 : QUOTEDSTRING 329 { | 338 p_key_auth = pp_key; 339 340 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH, 341 p_alg_auth, 342 PFKEY_UNUNIT64(p_key_auth_len)) < 0) { 343 yyerror(ipsec_strerror()); 344 return -1; 345 } 346 } 347 ; 348 349key_string 350 : QUOTEDSTRING 351 { |
330 pp_key = $1.val.buf; | 352 pp_key = $1.buf; |
331 /* free pp_key later */ 332 } 333 | HEXSTRING 334 { 335 caddr_t bp; | 353 /* free pp_key later */ 354 } 355 | HEXSTRING 356 { 357 caddr_t bp; |
336 caddr_t yp = $1.val.buf; | 358 caddr_t yp = $1.buf; |
337 | 359 |
338 if ((pp_key = malloc($1.val.len)) == 0) { 339 free($1.val.buf); 340 yyerror(strerror(errno)); | 360 if ((pp_key = malloc($1.len)) == 0) { 361 free($1.buf); 362 yyerror("not enough core"); |
341 return -1; 342 } | 363 return -1; 364 } |
343 memset(pp_key, 0, $1.val.len); | 365 memset(pp_key, 0, $1.len); |
344 345 bp = pp_key; 346 while (*yp) { 347 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]); 348 yp += 2, bp++; 349 } 350 | 366 367 bp = pp_key; 368 while (*yp) { 369 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]); 370 yp += 2, bp++; 371 } 372 |
351 free($1.val.buf); | 373 free($1.buf); |
352 } 353 ; 354 355extension_spec 356 : /*NOTHING*/ 357 | extension_spec extension 358 ; 359 360extension | 374 } 375 ; 376 377extension_spec 378 : /*NOTHING*/ 379 | extension_spec extension 380 ; 381 382extension |
361 : F_EXT EXTENSION { p_ext |= $1.num; } 362 | F_MODE MODE { p_mode = $2.num; } | 383 : F_EXT EXTENSION { p_ext |= $2; } 384 | F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; } 385 | F_MODE MODE { p_mode = $2; } |
363 | F_MODE ANY { p_mode = IPSEC_MODE_ANY; } | 386 | F_MODE ANY { p_mode = IPSEC_MODE_ANY; } |
387 | F_REQID DECSTRING { p_reqid = $2; } |
|
364 | F_REPLAY DECSTRING 365 { 366 if (p_ext & SADB_X_EXT_OLD) { 367 yyerror("replay prevention " 368 "only use on new spec."); 369 return -1; 370 } | 388 | F_REPLAY DECSTRING 389 { 390 if (p_ext & SADB_X_EXT_OLD) { 391 yyerror("replay prevention " 392 "only use on new spec."); 393 return -1; 394 } |
371 p_replay = $2.num; | 395 p_replay = $2; |
372 } | 396 } |
373 | F_LIFETIME_HARD DECSTRING { p_lt_hard = $2.num; } 374 | F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2.num; } | 397 | F_LIFETIME_HARD DECSTRING { p_lt_hard = $2; } 398 | F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2; } |
375 ; 376 377 /* definition about command for SPD management */ 378 /* spdadd */ 379spdadd_command 380 : SPDADD 381 { 382 p_type = SADB_X_SPDADD; 383 p_satype = SADB_SATYPE_UNSPEC; 384 } 385 sp_selector_spec policy_spec EOT 386 ; 387 388spddelete_command: 389 SPDDELETE 390 { 391 p_type = SADB_X_SPDDELETE; 392 p_satype = SADB_SATYPE_UNSPEC; 393 } | 399 ; 400 401 /* definition about command for SPD management */ 402 /* spdadd */ 403spdadd_command 404 : SPDADD 405 { 406 p_type = SADB_X_SPDADD; 407 p_satype = SADB_SATYPE_UNSPEC; 408 } 409 sp_selector_spec policy_spec EOT 410 ; 411 412spddelete_command: 413 SPDDELETE 414 { 415 p_type = SADB_X_SPDDELETE; 416 p_satype = SADB_SATYPE_UNSPEC; 417 } |
394 sp_selector_spec EOT | 418 sp_selector_spec policy_spec EOT |
395 ; 396 397spddump_command: 398 SPDDUMP 399 { 400 p_type = SADB_X_SPDDUMP; 401 p_satype = SADB_SATYPE_UNSPEC; 402 } --- 8 unchanged lines hidden (view full) --- 411 } 412 EOT 413 ; 414 415 /* sp_selector_spec */ 416sp_selector_spec 417 : ipaddress { p_src = pp_addr; } 418 prefix { p_prefs = pp_prefix; } | 419 ; 420 421spddump_command: 422 SPDDUMP 423 { 424 p_type = SADB_X_SPDDUMP; 425 p_satype = SADB_SATYPE_UNSPEC; 426 } --- 8 unchanged lines hidden (view full) --- 435 } 436 EOT 437 ; 438 439 /* sp_selector_spec */ 440sp_selector_spec 441 : ipaddress { p_src = pp_addr; } 442 prefix { p_prefs = pp_prefix; } |
419 port { _INPORTBYSA(p_src) = htons(pp_port); } | 443 port 444 { 445 switch (p_src->sa_family) { 446 case AF_INET: 447 ((struct sockaddr_in *)p_src)->sin_port = 448 htons(pp_port); 449 break; 450#ifdef INET6 451 case AF_INET6: 452 ((struct sockaddr_in6 *)p_src)->sin6_port = 453 htons(pp_port); 454 break; 455#endif 456 default: 457 exit(1); /*XXX*/ 458 } 459 } |
420 ipaddress { p_dst = pp_addr; } 421 prefix { p_prefd = pp_prefix; } | 460 ipaddress { p_dst = pp_addr; } 461 prefix { p_prefd = pp_prefix; } |
422 port { _INPORTBYSA(p_dst) = htons(pp_port); } | 462 port 463 { 464 switch (p_dst->sa_family) { 465 case AF_INET: 466 ((struct sockaddr_in *)p_dst)->sin_port = 467 htons(pp_port); 468 break; 469#ifdef INET6 470 case AF_INET6: 471 ((struct sockaddr_in6 *)p_dst)->sin6_port = 472 htons(pp_port); 473 break; 474#endif 475 default: 476 exit(1); /*XXX*/ 477 } 478 } |
423 upper_spec | 479 upper_spec |
480 { 481 /* XXX is it something userland should check? */ 482#if 0 483 switch (p_upper) { 484 case IPPROTO_ICMP: 485 case IPPROTO_ICMPV6: 486 if (_INPORTBYSA(p_src) != IPSEC_PORT_ANY 487 || _INPORTBYSA(p_dst) != IPSEC_PORT_ANY) { 488 yyerror("port number must be \"any\"."); 489 return -1; 490 } 491 if ((pp_addr->sa_family == AF_INET6 492 && p_upper == IPPROTO_ICMP) 493 || (pp_addr->sa_family == AF_INET 494 && p_upper == IPPROTO_ICMPV6)) { 495 yyerror("upper layer protocol " 496 "mismatched.\n"); 497 return -1; 498 } 499 break; 500 default: 501 break; 502 } 503#endif 504 } |
|
424 ; 425 426ipaddress | 505 ; 506 507ipaddress |
427 : IP4_ADDRESS | 508 : ADDRESS |
428 { | 509 { |
429 struct sockaddr_in *in; 430 u_int sa_len = $1.val.len; | 510 struct addrinfo *res; |
431 | 511 |
432 if ((in = (struct sockaddr_in *)malloc(sa_len)) == 0) { 433 yyerror(strerror(errno)); 434 free($1.val.buf); | 512 res = parse_addr($1.buf, NULL, AI_NUMERICHOST); 513 if (res == NULL) { 514 free($1.buf); |
435 return -1; 436 } | 515 return -1; 516 } |
437 memset((caddr_t)in, 0, sa_len); 438 439 in->sin_family = PF_INET; 440 in->sin_len = sa_len; 441 in->sin_port = IPSEC_PORT_ANY; 442 (void)inet_pton(PF_INET, $1.val.buf, &in->sin_addr); 443 444 pp_addr = (struct sockaddr *)in; 445 free($1.val.buf); 446 } 447 | IP6_ADDRESS 448 { 449#ifdef INET6 450 struct sockaddr_in6 *in6; 451 u_int sa_len = $1.val.len; 452 struct addrinfo hints, *res; 453 int ret_gai; 454 455 if ((in6 = (struct sockaddr_in6 *)malloc(sa_len)) == 0) { 456 free($1.val.buf); 457 yyerror(strerror(errno)); 458 return -1; | 517 pp_addr = (struct sockaddr *)malloc(res->ai_addrlen); 518 if (!pp_addr) { 519 yyerror("not enough core"); 520 goto end; |
459 } | 521 } |
460 memset((caddr_t)in6, 0, sa_len); | |
461 | 522 |
462 bzero(&hints, sizeof(struct addrinfo)); 463 hints.ai_flags = AI_NUMERICHOST; 464 hints.ai_family = AF_INET6; 465 ret_gai = getaddrinfo($1.val.buf, NULL, &hints, &res); 466 if (ret_gai) { 467 free($1.val.buf); 468 free(in6); 469 yyerror(gai_strerror(ret_gai)); 470 if (ret_gai == EAI_SYSTEM) 471 yyerror(strerror(errno)); 472 return -1; 473 } 474 (void)memcpy(in6, res->ai_addr, res->ai_addrlen); 475 476 /* 477 * XXX: If the scope of the destination is link-local, 478 * embed the scope-id(in this case, interface index) 479 * into the address. 480 */ 481 if (IN6_IS_ADDR_LINKLOCAL(&in6->sin6_addr) && 482 in6->sin6_scope_id != 0) 483 *(u_short *)&in6->sin6_addr.s6_addr[2] = 484 htons(in6->sin6_scope_id & 0xffff); 485 | 523 memcpy(pp_addr, res->ai_addr, res->ai_addrlen); 524 end: |
486 freeaddrinfo(res); | 525 freeaddrinfo(res); |
487 488 pp_addr = (struct sockaddr *)in6; 489#else 490 yyerror("IPv6 address not supported"); 491#endif 492 free($1.val.buf); | 526 free($1.buf); |
493 } 494 ; 495 496prefix 497 : /*NOTHING*/ { pp_prefix = ~0; } | 527 } 528 ; 529 530prefix 531 : /*NOTHING*/ { pp_prefix = ~0; } |
498 | PREFIX { pp_prefix = $1.num; } | 532 | PREFIX { pp_prefix = $1; } |
499 ; 500 501port 502 : /*NOTHING*/ { pp_port = IPSEC_PORT_ANY; } | 533 ; 534 535port 536 : /*NOTHING*/ { pp_port = IPSEC_PORT_ANY; } |
503 | PORT { pp_port = $1.num; } | 537 | PORT { pp_port = $1; } |
504 | PORTANY { pp_port = IPSEC_PORT_ANY; } 505 ; 506 507upper_spec | 538 | PORTANY { pp_port = IPSEC_PORT_ANY; } 539 ; 540 541upper_spec |
508 : DECSTRING { p_upper = $1.num; } 509 | UP_PROTO { p_upper = $1.num; } | 542 : DECSTRING { p_upper = $1; } 543 | UP_PROTO { p_upper = $1; } |
510 | PR_ESP { p_upper = IPPROTO_ESP; }; 511 | PR_AH { p_upper = IPPROTO_AH; }; 512 | PR_IPCOMP { p_upper = IPPROTO_IPCOMP; }; 513 | ANY { p_upper = IPSEC_ULPROTO_ANY; } 514 ; 515 516policy_spec 517 : F_POLICY policy_requests 518 { | 544 | PR_ESP { p_upper = IPPROTO_ESP; }; 545 | PR_AH { p_upper = IPPROTO_AH; }; 546 | PR_IPCOMP { p_upper = IPPROTO_IPCOMP; }; 547 | ANY { p_upper = IPSEC_ULPROTO_ANY; } 548 ; 549 550policy_spec 551 : F_POLICY policy_requests 552 { |
519 p_policy = ipsec_set_policy($2.val.buf, $2.val.len); | 553 p_policy = ipsec_set_policy($2.buf, $2.len); |
520 if (p_policy == NULL) { | 554 if (p_policy == NULL) { |
521 free($2.val.buf); | 555 free($2.buf); |
522 p_policy = NULL; 523 yyerror(ipsec_strerror()); 524 return -1; 525 } 526 527 p_policy_len = ipsec_get_policylen(p_policy); 528 | 556 p_policy = NULL; 557 yyerror(ipsec_strerror()); 558 return -1; 559 } 560 561 p_policy_len = ipsec_get_policylen(p_policy); 562 |
529 free($2.val.buf); | 563 free($2.buf); |
530 } 531 ; 532 | 564 } 565 ; 566 |
533policy_requests: 534 /*NOTHING*/ 535 | PL_REQUESTS { $$ = $1; } | 567policy_requests 568 : PL_REQUESTS { $$ = $1; } |
536 ; 537 538%% 539 540int 541setkeymsg() 542{ 543 struct sadb_msg m_msg; 544 545 m_msg.sadb_msg_version = PF_KEY_V2; 546 m_msg.sadb_msg_type = p_type; 547 m_msg.sadb_msg_errno = 0; 548 m_msg.sadb_msg_satype = p_satype; | 569 ; 570 571%% 572 573int 574setkeymsg() 575{ 576 struct sadb_msg m_msg; 577 578 m_msg.sadb_msg_version = PF_KEY_V2; 579 m_msg.sadb_msg_type = p_type; 580 m_msg.sadb_msg_errno = 0; 581 m_msg.sadb_msg_satype = p_satype; |
549 m_msg.sadb_msg_mode = p_mode; | |
550 m_msg.sadb_msg_reserved = 0; 551 m_msg.sadb_msg_seq = 0; 552 m_msg.sadb_msg_pid = getpid(); 553 554 m_len = sizeof(struct sadb_msg); 555 memcpy(m_buf, &m_msg, m_len); 556 557 switch (p_type) { --- 66 unchanged lines hidden (view full) --- 624 m_len += len; 625 } 626 /* FALLTHROUGH */ 627 628 case SADB_DELETE: 629 case SADB_GET: 630 { 631 struct sadb_sa m_sa; | 582 m_msg.sadb_msg_reserved = 0; 583 m_msg.sadb_msg_seq = 0; 584 m_msg.sadb_msg_pid = getpid(); 585 586 m_len = sizeof(struct sadb_msg); 587 memcpy(m_buf, &m_msg, m_len); 588 589 switch (p_type) { --- 66 unchanged lines hidden (view full) --- 656 m_len += len; 657 } 658 /* FALLTHROUGH */ 659 660 case SADB_DELETE: 661 case SADB_GET: 662 { 663 struct sadb_sa m_sa; |
664 struct sadb_x_sa2 m_sa2; |
|
632 struct sadb_address m_addr; 633 u_int len; 634 635 len = sizeof(struct sadb_sa); 636 m_sa.sadb_sa_len = PFKEY_UNIT64(len); 637 m_sa.sadb_sa_exttype = SADB_EXT_SA; 638 m_sa.sadb_sa_spi = htonl(p_spi); 639 m_sa.sadb_sa_replay = p_replay; 640 m_sa.sadb_sa_state = 0; 641 m_sa.sadb_sa_auth = p_alg_auth; 642 m_sa.sadb_sa_encrypt = p_alg_enc; 643 m_sa.sadb_sa_flags = p_ext; 644 645 memcpy(m_buf + m_len, &m_sa, len); 646 m_len += len; 647 | 665 struct sadb_address m_addr; 666 u_int len; 667 668 len = sizeof(struct sadb_sa); 669 m_sa.sadb_sa_len = PFKEY_UNIT64(len); 670 m_sa.sadb_sa_exttype = SADB_EXT_SA; 671 m_sa.sadb_sa_spi = htonl(p_spi); 672 m_sa.sadb_sa_replay = p_replay; 673 m_sa.sadb_sa_state = 0; 674 m_sa.sadb_sa_auth = p_alg_auth; 675 m_sa.sadb_sa_encrypt = p_alg_enc; 676 m_sa.sadb_sa_flags = p_ext; 677 678 memcpy(m_buf + m_len, &m_sa, len); 679 m_len += len; 680 |
681 len = sizeof(struct sadb_x_sa2); 682 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len); 683 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2; 684 m_sa2.sadb_x_sa2_mode = p_mode; 685 m_sa2.sadb_x_sa2_reqid = p_reqid; 686 687 memcpy(m_buf + m_len, &m_sa2, len); 688 m_len += len; 689 |
|
648 /* set src */ 649 m_addr.sadb_address_len = 650 PFKEY_UNIT64(sizeof(m_addr) 651 + PFKEY_ALIGN8(p_src->sa_len)); 652 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 653 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; | 690 /* set src */ 691 m_addr.sadb_address_len = 692 PFKEY_UNIT64(sizeof(m_addr) 693 + PFKEY_ALIGN8(p_src->sa_len)); 694 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 695 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
654 m_addr.sadb_address_prefixlen = 655 _INALENBYAF(p_src->sa_family) << 3; | 696 switch (p_src->sa_family) { 697 case AF_INET: 698 m_addr.sadb_address_prefixlen = 699 sizeof(struct in_addr) << 3; 700 break; 701#ifdef INET6 702 case AF_INET6: 703 m_addr.sadb_address_prefixlen = 704 sizeof(struct in6_addr) << 3; 705 break; 706#endif 707 default: 708 yyerror("unsupported address family"); 709 exit(1); /*XXX*/ 710 } |
656 m_addr.sadb_address_reserved = 0; 657 658 setvarbuf(&m_len, 659 (struct sadb_ext *)&m_addr, sizeof(m_addr), 660 (caddr_t)p_src, p_src->sa_len); 661 662 /* set dst */ 663 m_addr.sadb_address_len = 664 PFKEY_UNIT64(sizeof(m_addr) 665 + PFKEY_ALIGN8(p_dst->sa_len)); 666 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 667 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; | 711 m_addr.sadb_address_reserved = 0; 712 713 setvarbuf(&m_len, 714 (struct sadb_ext *)&m_addr, sizeof(m_addr), 715 (caddr_t)p_src, p_src->sa_len); 716 717 /* set dst */ 718 m_addr.sadb_address_len = 719 PFKEY_UNIT64(sizeof(m_addr) 720 + PFKEY_ALIGN8(p_dst->sa_len)); 721 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 722 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY; |
668 m_addr.sadb_address_prefixlen = 669 _INALENBYAF(p_dst->sa_family) << 3; | 723 switch (p_dst->sa_family) { 724 case AF_INET: 725 m_addr.sadb_address_prefixlen = 726 sizeof(struct in_addr) << 3; 727 break; 728#ifdef INET6 729 case AF_INET6: 730 m_addr.sadb_address_prefixlen = 731 sizeof(struct in6_addr) << 3; 732 break; 733#endif 734 default: 735 yyerror("unsupported address family"); 736 exit(1); /*XXX*/ 737 } |
670 m_addr.sadb_address_reserved = 0; 671 672 setvarbuf(&m_len, 673 (struct sadb_ext *)&m_addr, sizeof(m_addr), 674 (caddr_t)p_dst, p_dst->sa_len); 675 } 676 break; 677 678 /* for SPD management */ 679 case SADB_X_SPDFLUSH: 680 case SADB_X_SPDDUMP: 681 break; 682 683 case SADB_X_SPDADD: | 738 m_addr.sadb_address_reserved = 0; 739 740 setvarbuf(&m_len, 741 (struct sadb_ext *)&m_addr, sizeof(m_addr), 742 (caddr_t)p_dst, p_dst->sa_len); 743 } 744 break; 745 746 /* for SPD management */ 747 case SADB_X_SPDFLUSH: 748 case SADB_X_SPDDUMP: 749 break; 750 751 case SADB_X_SPDADD: |
752 case SADB_X_SPDDELETE: |
|
684 { | 753 { |
754 struct sadb_address m_addr; 755 u_int8_t plen; 756 |
|
685 memcpy(m_buf + m_len, p_policy, p_policy_len); 686 m_len += p_policy_len; 687 free(p_policy); 688 p_policy = NULL; | 757 memcpy(m_buf + m_len, p_policy, p_policy_len); 758 m_len += p_policy_len; 759 free(p_policy); 760 p_policy = NULL; |
689 } 690 /* FALLTHROUGH */ | |
691 | 761 |
692 case SADB_X_SPDDELETE: 693 { 694 struct sadb_address m_addr; 695 | |
696 /* set src */ 697 m_addr.sadb_address_len = 698 PFKEY_UNIT64(sizeof(m_addr) 699 + PFKEY_ALIGN8(p_src->sa_len)); 700 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 701 m_addr.sadb_address_proto = p_upper; | 762 /* set src */ 763 m_addr.sadb_address_len = 764 PFKEY_UNIT64(sizeof(m_addr) 765 + PFKEY_ALIGN8(p_src->sa_len)); 766 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 767 m_addr.sadb_address_proto = p_upper; |
768 switch (p_src->sa_family) { 769 case AF_INET: 770 plen = sizeof(struct in_addr) << 3; 771 break; 772#ifdef INET6 773 case AF_INET6: 774 plen = sizeof(struct in6_addr) << 3; 775 break; 776#endif 777 default: 778 yyerror("unsupported address family"); 779 exit(1); /*XXX*/ 780 } |
|
702 m_addr.sadb_address_prefixlen = | 781 m_addr.sadb_address_prefixlen = |
703 (p_prefs != ~0 ? p_prefs : 704 _INALENBYAF(p_src->sa_family) << 3); | 782 (p_prefs != ~0 ? p_prefs : plen); |
705 m_addr.sadb_address_reserved = 0; 706 707 setvarbuf(&m_len, 708 (struct sadb_ext *)&m_addr, sizeof(m_addr), 709 (caddr_t)p_src, p_src->sa_len); 710 711 /* set dst */ 712 m_addr.sadb_address_len = 713 PFKEY_UNIT64(sizeof(m_addr) 714 + PFKEY_ALIGN8(p_dst->sa_len)); 715 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 716 m_addr.sadb_address_proto = p_upper; | 783 m_addr.sadb_address_reserved = 0; 784 785 setvarbuf(&m_len, 786 (struct sadb_ext *)&m_addr, sizeof(m_addr), 787 (caddr_t)p_src, p_src->sa_len); 788 789 /* set dst */ 790 m_addr.sadb_address_len = 791 PFKEY_UNIT64(sizeof(m_addr) 792 + PFKEY_ALIGN8(p_dst->sa_len)); 793 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST; 794 m_addr.sadb_address_proto = p_upper; |
795 switch (p_dst->sa_family) { 796 case AF_INET: 797 plen = sizeof(struct in_addr) << 3; 798 break; 799#ifdef INET6 800 case AF_INET6: 801 plen = sizeof(struct in6_addr) << 3; 802 break; 803#endif 804 default: 805 yyerror("unsupported address family"); 806 exit(1); /*XXX*/ 807 } |
|
717 m_addr.sadb_address_prefixlen = | 808 m_addr.sadb_address_prefixlen = |
718 (p_prefd != ~0 ? p_prefd : 719 _INALENBYAF(p_dst->sa_family) << 3); | 809 (p_prefd != ~0 ? p_prefd : plen); |
720 m_addr.sadb_address_reserved = 0; 721 722 setvarbuf(&m_len, 723 (struct sadb_ext *)&m_addr, sizeof(m_addr), 724 (caddr_t)p_dst, p_dst->sa_len); 725 } 726 break; 727 } 728 729 ((struct sadb_msg *)m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len); 730 731 return 0; 732} 733 | 810 m_addr.sadb_address_reserved = 0; 811 812 setvarbuf(&m_len, 813 (struct sadb_ext *)&m_addr, sizeof(m_addr), 814 (caddr_t)p_dst, p_dst->sa_len); 815 } 816 break; 817 } 818 819 ((struct sadb_msg *)m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len); 820 821 return 0; 822} 823 |
824static struct addrinfo * 825parse_addr(host, port, flag) 826 char *host; 827 char *port; 828 int flag; 829{ 830 struct addrinfo hints, *res = NULL; 831 int error; 832 833 memset(&hints, 0, sizeof(hints)); 834 hints.ai_family = PF_UNSPEC; 835 hints.ai_socktype = SOCK_DGRAM; 836 hints.ai_flags = flag; 837 error = getaddrinfo(host, port, &hints, &res); 838 if (error != 0) { 839 yyerror(gai_strerror(error)); 840 return NULL; 841 } 842 if (res->ai_next != NULL) { 843 yyerror(gai_strerror(error)); 844 } 845 return res; 846} 847 |
|
734static int 735setvarbuf(off, ebuf, elen, vbuf, vlen) 736 caddr_t vbuf; 737 struct sadb_ext *ebuf; 738 int *off, elen, vlen; 739{ 740 memset(m_buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); 741 memcpy(m_buf + *off, (caddr_t)ebuf, elen); --- 10 unchanged lines hidden (view full) --- 752 p_spi = 0; 753 754 p_src = 0, p_dst = 0; 755 pp_prefix = p_prefs = p_prefd = ~0; 756 pp_port = IPSEC_PORT_ANY; 757 p_upper = 0; 758 759 p_satype = 0; | 848static int 849setvarbuf(off, ebuf, elen, vbuf, vlen) 850 caddr_t vbuf; 851 struct sadb_ext *ebuf; 852 int *off, elen, vlen; 853{ 854 memset(m_buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len)); 855 memcpy(m_buf + *off, (caddr_t)ebuf, elen); --- 10 unchanged lines hidden (view full) --- 866 p_spi = 0; 867 868 p_src = 0, p_dst = 0; 869 pp_prefix = p_prefs = p_prefd = ~0; 870 pp_port = IPSEC_PORT_ANY; 871 p_upper = 0; 872 873 p_satype = 0; |
760 p_ext = SADB_X_EXT_NONE; | 874 p_ext = SADB_X_EXT_CYCSEQ; |
761 p_alg_enc = SADB_EALG_NONE; 762 p_alg_auth = SADB_AALG_NONE; 763 p_mode = IPSEC_MODE_ANY; | 875 p_alg_enc = SADB_EALG_NONE; 876 p_alg_auth = SADB_AALG_NONE; 877 p_mode = IPSEC_MODE_ANY; |
764 p_replay = 4; | 878 p_reqid = 0; 879 p_replay = 0; |
765 p_key_enc_len = p_key_auth_len = 0; 766 p_key_enc = p_key_auth = 0; 767 p_lt_hard = p_lt_soft = 0; 768 769 p_policy_len = 0; 770 p_policy = NULL; 771 772 memset(cmdarg, 0, sizeof(cmdarg)); --- 15 unchanged lines hidden --- | 880 p_key_enc_len = p_key_auth_len = 0; 881 p_key_enc = p_key_auth = 0; 882 p_lt_hard = p_lt_soft = 0; 883 884 p_policy_len = 0; 885 p_policy = NULL; 886 887 memset(cmdarg, 0, sizeof(cmdarg)); --- 15 unchanged lines hidden --- |