1 2%{ 3/* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * $Id$ 9 */ 10#include <stdio.h> 11#include <string.h> 12#include <sys/param.h> 13#if defined(__SVR4) || defined(__sysv__) 14#include <sys/stream.h> 15#endif 16#include <sys/types.h> 17#include <netinet/in_systm.h> 18#include <netinet/in.h> 19#include "iplang_y.h" 20#include "ipf.h" 21 22#ifndef __P 23# define __P(x) x 24#endif 25 26extern int opts; 27 28int lineNum = 0, ipproto = 0, oldipproto = 0, next = -1, laststate = 0; 29int *prstack = NULL, numpr = 0, state = 0, token = 0; 30 31void yyerror(char *); 32void push_proto(void); 33void pop_proto(void); 34int next_state(int, int); 35int next_item(int); 36int save_token(void); 37void swallow(void); 38int yylex(void); 39 40struct lwordtab { 41 char *word; 42 int state; 43 int next; 44}; 45 46struct lwordtab words[] = { 47 { "interface", IL_INTERFACE, -1 }, 48 { "iface", IL_INTERFACE, -1 }, 49 { "name", IL_IFNAME, IL_TOKEN }, 50 { "ifname", IL_IFNAME, IL_TOKEN }, 51 { "router", IL_DEFROUTER, IL_TOKEN }, 52 { "mtu", IL_MTU, IL_NUMBER }, 53 { "eaddr", IL_EADDR, IL_TOKEN }, 54 { "v4addr", IL_V4ADDR, IL_TOKEN }, 55 { "ipv4", IL_IPV4, -1 }, 56 { "v", IL_V4V, IL_TOKEN }, 57 { "proto", IL_V4PROTO, IL_TOKEN }, 58 { "hl", IL_V4HL, IL_TOKEN }, 59 { "id", IL_V4ID, IL_TOKEN }, 60 { "ttl", IL_V4TTL, IL_TOKEN }, 61 { "tos", IL_V4TOS, IL_TOKEN }, 62 { "src", IL_V4SRC, IL_TOKEN }, 63 { "dst", IL_V4DST, IL_TOKEN }, 64 { "opt", IL_OPT, -1 }, 65 { "len", IL_LEN, IL_TOKEN }, 66 { "off", IL_OFF, IL_TOKEN }, 67 { "sum", IL_SUM, IL_TOKEN }, 68 { "tcp", IL_TCP, -1 }, 69 { "sport", IL_SPORT, IL_TOKEN }, 70 { "dport", IL_DPORT, IL_TOKEN }, 71 { "seq", IL_TCPSEQ, IL_TOKEN }, 72 { "ack", IL_TCPACK, IL_TOKEN }, 73 { "flags", IL_TCPFL, IL_TOKEN }, 74 { "urp", IL_TCPURP, IL_TOKEN }, 75 { "win", IL_TCPWIN, IL_TOKEN }, 76 { "udp", IL_UDP, -1 }, 77 { "send", IL_SEND, -1 }, 78 { "via", IL_VIA, IL_TOKEN }, 79 { "arp", IL_ARP, -1 }, 80 { "data", IL_DATA, -1 }, 81 { "value", IL_DVALUE, IL_TOKEN }, 82 { "file", IL_DFILE, IL_TOKEN }, 83 { "nop", IL_IPO_NOP, -1 }, 84 { "eol", IL_IPO_EOL, -1 }, 85 { "rr", IL_IPO_RR, -1 }, 86 { "zsu", IL_IPO_ZSU, -1 }, 87 { "mtup", IL_IPO_MTUP, -1 }, 88 { "mtur", IL_IPO_MTUR, -1 }, 89 { "encode", IL_IPO_ENCODE, -1 }, 90 { "ts", IL_IPO_TS, -1 }, 91 { "tr", IL_IPO_TR, -1 }, 92 { "sec", IL_IPO_SEC, -1 }, 93 { "secclass", IL_IPO_SECCLASS, IL_TOKEN }, 94 { "lsrr", IL_IPO_LSRR, -1 }, 95 { "esec", IL_IPO_ESEC, -1 }, 96 { "cipso", IL_IPO_CIPSO, -1 }, 97 { "satid", IL_IPO_SATID, -1 }, 98 { "ssrr", IL_IPO_SSRR, -1 }, 99 { "addext", IL_IPO_ADDEXT, -1 }, 100 { "visa", IL_IPO_VISA, -1 }, 101 { "imitd", IL_IPO_IMITD, -1 }, 102 { "eip", IL_IPO_EIP, -1 }, 103 { "finn", IL_IPO_FINN, -1 }, 104 { "mss", IL_TCPO_MSS, IL_TOKEN }, 105 { "wscale", IL_TCPO_WSCALE, IL_TOKEN }, 106 { "reserv-4", IL_IPS_RESERV4, -1 }, 107 { "topsecret", IL_IPS_TOPSECRET, -1 }, 108 { "secret", IL_IPS_SECRET, -1 }, 109 { "reserv-3", IL_IPS_RESERV3, -1 }, 110 { "confid", IL_IPS_CONFID, -1 }, 111 { "unclass", IL_IPS_UNCLASS, -1 }, 112 { "reserv-2", IL_IPS_RESERV2, -1 }, 113 { "reserv-1", IL_IPS_RESERV1, -1 }, 114 { "icmp", IL_ICMP, -1 }, 115 { "type", IL_ICMPTYPE, -1 }, 116 { "code", IL_ICMPCODE, -1 }, 117 { "echorep", IL_ICMP_ECHOREPLY, -1 }, 118 { "unreach", IL_ICMP_UNREACH, -1 }, 119 { "squench", IL_ICMP_SOURCEQUENCH, -1 }, 120 { "redir", IL_ICMP_REDIRECT, -1 }, 121 { "echo", IL_ICMP_ECHO, -1 }, 122 { "routerad", IL_ICMP_ROUTERADVERT, -1 }, 123 { "routersol", IL_ICMP_ROUTERSOLICIT, -1 }, 124 { "timex", IL_ICMP_TIMXCEED, -1 }, 125 { "paramprob", IL_ICMP_PARAMPROB, -1 }, 126 { "timest", IL_ICMP_TSTAMP, -1 }, 127 { "timestrep", IL_ICMP_TSTAMPREPLY, -1 }, 128 { "inforeq", IL_ICMP_IREQ, -1 }, 129 { "inforep", IL_ICMP_IREQREPLY, -1 }, 130 { "maskreq", IL_ICMP_MASKREQ, -1 }, 131 { "maskrep", IL_ICMP_MASKREPLY, -1 }, 132 { "net-unr", IL_ICMP_UNREACH_NET, -1 }, 133 { "host-unr", IL_ICMP_UNREACH_HOST, -1 }, 134 { "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 }, 135 { "port-unr", IL_ICMP_UNREACH_PORT, -1 }, 136 { "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 }, 137 { "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 }, 138 { "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 }, 139 { "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 }, 140 { "isolate", IL_ICMP_UNREACH_ISOLATED, -1 }, 141 { "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 }, 142 { "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 }, 143 { "net-tos", IL_ICMP_UNREACH_TOSNET, -1 }, 144 { "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 }, 145 { "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 }, 146 { "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 }, 147 { "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 }, 148 { "net-redir", IL_ICMP_REDIRECT_NET, -1 }, 149 { "host-redir", IL_ICMP_REDIRECT_HOST, -1 }, 150 { "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 }, 151 { "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 }, 152 { "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 }, 153 { "reass", IL_ICMP_TIMXCEED_REASS, -1 }, 154 { "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 }, 155 { "otime", IL_ICMP_OTIME, -1 }, 156 { "rtime", IL_ICMP_RTIME, -1 }, 157 { "ttime", IL_ICMP_TTIME, -1 }, 158 { "icmpseq", IL_ICMP_SEQ, -1 }, 159 { "icmpid", IL_ICMP_SEQ, -1 }, 160 { ".", IL_DOT, -1 }, 161 { NULL, 0, 0 } 162}; 163%} 164white [ \t\r]+ 165%% 166{white} ; 167\n { lineNum++; swallow(); } 168\{ {( push_proto(); return next_item('{'); }); 169\} {( pop_proto(); return next_item('}'); }); 170; {( return next_item(';'); }); 171[0-9]+ {( return next_item(IL_NUMBER); }); 172[0-9a-fA-F] {( return next_item(IL_HEXDIGIT); }); 173: {( return next_item(IL_COLON); }); 174#[^\n]* {( return next_item(IL_COMMENT); }); 175[^( \{\}\n\t;:{}]* { return next_item(IL_TOKEN); }); 176\"[^\"]*\" {( return next_item(IL_TOKEN); }); 177%% 178void yyerror(msg) 179char *msg; 180{ 181 fprintf(stderr, "%s error at \"%s\", line %d\n", msg, yytext, 182 lineNum + 1); 183 exit(1); 184} 185 186 187void push_proto(void) 188{ 189 numpr++; 190 if (!prstack) 191 prstack = (int *)malloc(sizeof(int)); 192 else 193 prstack = (int *)reallocarray((char *)prstack, numpr, 194 sizeof(int)); 195 prstack[numpr - 1] = oldipproto; 196} 197 198 199void pop_proto(void) 200{ 201 numpr--; 202 ipproto = prstack[numpr]; 203 if (!numpr) { 204 free(prstack); 205 prstack = NULL; 206 return; 207 } 208 prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); 209} 210 211 212int save_token(void) 213{ 214 215 yylval.str = strdup((char *)yytext); 216 return(IL_TOKEN); 217} 218 219 220int next_item(int nstate) 221{ 222 struct lwordtab *wt; 223 224 if (opts & OPT_DEBUG) 225 printf("text=[%s] id=%d next=%d\n", yytext, nstate, next); 226 if (next == IL_TOKEN) { 227 next = -1; 228 return(save_token()); 229 } 230 token++; 231 232 for (wt = words; wt->word; wt++) 233 if (!strcasecmp(wt->word, (char *)yytext)) 234 return(next_state(wt->state, wt->next)); 235 if (opts & OPT_DEBUG) 236 printf("unknown keyword=[%s]\n", yytext); 237 next = -1; 238 if (nstate == IL_NUMBER) 239 yylval.num = atoi((char *)yytext); 240 token++; 241 return(nstate); 242} 243 244 245int next_state(int nstate, int fornext) 246{ 247 next = fornext; 248 249 switch (nstate) 250 { 251 case IL_IPV4 : 252 case IL_TCP : 253 case IL_UDP : 254 case IL_ICMP : 255 case IL_DATA : 256 case IL_INTERFACE : 257 case IL_ARP : 258 oldipproto = ipproto; 259 ipproto = nstate; 260 break; 261 case IL_SUM : 262 if (ipproto == IL_IPV4) 263 nstate = IL_V4SUM; 264 else if (ipproto == IL_TCP) 265 nstate = IL_TCPSUM; 266 else if (ipproto == IL_UDP) 267 nstate = IL_UDPSUM; 268 break; 269 case IL_OPT : 270 if (ipproto == IL_IPV4) 271 nstate = IL_V4OPT; 272 else if (ipproto == IL_TCP) 273 nstate = IL_TCPOPT; 274 break; 275 case IL_IPO_NOP : 276 if (ipproto == IL_TCP) 277 nstate = IL_TCPO_NOP; 278 break; 279 case IL_IPO_EOL : 280 if (ipproto == IL_TCP) 281 nstate = IL_TCPO_EOL; 282 break; 283 case IL_IPO_TS : 284 if (ipproto == IL_TCP) 285 nstate = IL_TCPO_TS; 286 break; 287 case IL_OFF : 288 if (ipproto == IL_IPV4) 289 nstate = IL_V4OFF; 290 else if (ipproto == IL_TCP) 291 nstate = IL_TCPOFF; 292 break; 293 case IL_LEN : 294 if (ipproto == IL_IPV4) 295 nstate = IL_V4LEN; 296 else if (ipproto == IL_UDP) 297 nstate = IL_UDPLEN; 298 break; 299 } 300 return(nstate); 301} 302 303 304void swallow(void) 305{ 306 int c; 307 308 c = input(); 309 310 if (c == '#') { 311 while ((c != '\n') && (c != EOF)) 312 c = input(); 313 } 314 if (c != EOF) 315 unput(c); 316} 317