rtems/rtems-libbsd
1
0
Fork 0
mirror of https://git.rtems.org/rtems-libbsd/ synced 2025-10-14 00:13:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

ipsec-tools: Port libipsec, setkey and racoon.

Browse Source 
Note that this replaces the libipsec from FreeBSD with the one provided
by ipsec-tools.
This commit is contained in:
Christian Mauderer
2018-05-03 14:15:11 +02:00
parent 8645c9d720
commit b376ae131d
170 changed files with 10964 additions and 20808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

310
freebsd/lib/libipsec/ipsec_dump_policy.c
View File

@@ -1,310 +0,0 @@
#include <machine/rtems-bsd-user-space.h>
/* $KAME: ipsec_dump_policy.c,v 1.13 2002/06/27 14:35:11 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netipsec/key_var.h>
#include <netinet/in.h>
#include <netipsec/ipsec.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include "ipsec_strerror.h"
static const char *ipsp_dir_strs[] = {
"any", "in", "out",
};
static const char *ipsp_policy_strs[] = {
"discard", "none", "ipsec", "entrust", "bypass",
};
static char *ipsec_dump_ipsecrequest(char *, size_t,
struct sadb_x_ipsecrequest *, size_t);
static int set_addresses(char *, size_t, struct sockaddr *, struct sockaddr *);
static char *set_address(char *, size_t, struct sockaddr *);
/*
* policy is sadb_x_policy buffer.
* Must call free() later.
* When delimiter == NULL, alternatively ' '(space) is applied.
*/
char *
ipsec_dump_policy(policy, delimiter)
caddr_t policy;
char *delimiter;
{
struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy;
struct sadb_x_ipsecrequest *xisr;
size_t off, buflen;
char *buf;
char isrbuf[1024];
char *newbuf;
/* sanity check */
if (policy == NULL)
return NULL;
if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return NULL;
}
/* set delimiter */
if (delimiter == NULL)
delimiter = " ";
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_ANY:
case IPSEC_DIR_INBOUND:
case IPSEC_DIR_OUTBOUND:
break;
default:
__ipsec_errcode = EIPSEC_INVAL_DIR;
return NULL;
}
switch (xpl->sadb_x_policy_type) {
case IPSEC_POLICY_DISCARD:
case IPSEC_POLICY_NONE:
case IPSEC_POLICY_IPSEC:
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_ENTRUST:
break;
default:
__ipsec_errcode = EIPSEC_INVAL_POLICY;
return NULL;
}
buflen = strlen(ipsp_dir_strs[xpl->sadb_x_policy_dir])
+ 1 /* space */
+ strlen(ipsp_policy_strs[xpl->sadb_x_policy_type])
+ 1; /* NUL */
if ((buf = malloc(buflen)) == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
return NULL;
}
snprintf(buf, buflen, "%s %s", ipsp_dir_strs[xpl->sadb_x_policy_dir],
ipsp_policy_strs[xpl->sadb_x_policy_type]);
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
__ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}
/* count length of buffer for use */
off = sizeof(*xpl);
while (off < PFKEY_EXTLEN(xpl)) {
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
off += xisr->sadb_x_ipsecrequest_len;
}
/* validity check */
if (off != PFKEY_EXTLEN(xpl)) {
__ipsec_errcode = EIPSEC_INVAL_SADBMSG;
free(buf);
return NULL;
}
off = sizeof(*xpl);
while (off < PFKEY_EXTLEN(xpl)) {
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
if (ipsec_dump_ipsecrequest(isrbuf, sizeof(isrbuf), xisr,
PFKEY_EXTLEN(xpl) - off) == NULL) {
free(buf);
return NULL;
}
buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
newbuf = (char *)realloc(buf, buflen);
if (newbuf == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
free(buf);
return NULL;
}
buf = newbuf;
snprintf(buf + strlen(buf), buflen - strlen(buf),
"%s%s", delimiter, isrbuf);
off += xisr->sadb_x_ipsecrequest_len;
}
__ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}
static char *
ipsec_dump_ipsecrequest(buf, len, xisr, bound)
char *buf;
size_t len;
struct sadb_x_ipsecrequest *xisr;
size_t bound; /* boundary */
{
const char *proto, *mode, *level;
char abuf[NI_MAXHOST * 2 + 2];
if (xisr->sadb_x_ipsecrequest_len > bound) {
__ipsec_errcode = EIPSEC_INVAL_PROTO;
return NULL;
}
switch (xisr->sadb_x_ipsecrequest_proto) {
case IPPROTO_ESP:
proto = "esp";
break;
case IPPROTO_AH:
proto = "ah";
break;
case IPPROTO_IPCOMP:
proto = "ipcomp";
break;
case IPPROTO_TCP:
proto = "tcp";
break;
default:
__ipsec_errcode = EIPSEC_INVAL_PROTO;
return NULL;
}
switch (xisr->sadb_x_ipsecrequest_mode) {
case IPSEC_MODE_ANY:
mode = "any";
break;
case IPSEC_MODE_TRANSPORT:
mode = "transport";
break;
case IPSEC_MODE_TUNNEL:
mode = "tunnel";
break;
default:
__ipsec_errcode = EIPSEC_INVAL_MODE;
return NULL;
}
abuf[0] = '\0';
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
struct sockaddr *sa1, *sa2;
caddr_t p;
p = (caddr_t)(xisr + 1);
sa1 = (struct sockaddr *)p;
sa2 = (struct sockaddr *)(p + sa1->sa_len);
if (sizeof(*xisr) + sa1->sa_len + sa2->sa_len !=
xisr->sadb_x_ipsecrequest_len) {
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return NULL;
}
if (set_addresses(abuf, sizeof(abuf), sa1, sa2) != 0) {
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return NULL;
}
}
switch (xisr->sadb_x_ipsecrequest_level) {
case IPSEC_LEVEL_DEFAULT:
level = "default";
break;
case IPSEC_LEVEL_USE:
level = "use";
break;
case IPSEC_LEVEL_REQUIRE:
level = "require";
break;
case IPSEC_LEVEL_UNIQUE:
level = "unique";
break;
default:
__ipsec_errcode = EIPSEC_INVAL_LEVEL;
return NULL;
}
if (xisr->sadb_x_ipsecrequest_reqid == 0)
snprintf(buf, len, "%s/%s/%s/%s", proto, mode, abuf, level);
else {
int ch;
if (xisr->sadb_x_ipsecrequest_reqid > IPSEC_MANUAL_REQID_MAX)
ch = '#';
else
ch = ':';
snprintf(buf, len, "%s/%s/%s/%s%c%u", proto, mode, abuf, level,
ch, xisr->sadb_x_ipsecrequest_reqid);
}
return buf;
}
static int
set_addresses(buf, len, sa1, sa2)
char *buf;
size_t len;
struct sockaddr *sa1;
struct sockaddr *sa2;
{
char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST];
if (set_address(tmp1, sizeof(tmp1), sa1) == NULL ||
set_address(tmp2, sizeof(tmp2), sa2) == NULL)
return -1;
if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len)
return -1;
snprintf(buf, len, "%s-%s", tmp1, tmp2);
return 0;
}
static char *
set_address(buf, len, sa)
char *buf;
size_t len;
struct sockaddr *sa;
{
const int niflags = NI_NUMERICHOST;
if (len < 1)
return NULL;
buf[0] = '\0';
if (getnameinfo(sa, sa->sa_len, buf, len, NULL, 0, niflags) != 0)
return NULL;
return buf;
}

51
freebsd/lib/libipsec/ipsec_get_policylen.c
View File

@@ -1,51 +0,0 @@
#include <machine/rtems-bsd-user-space.h>
/* $KAME: ipsec_get_policylen.c,v 1.5 2000/05/07 05:25:03 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <netipsec/ipsec.h>
#include <net/pfkeyv2.h>
#include "ipsec_strerror.h"
int
ipsec_get_policylen(policy)
caddr_t policy;
{
return policy ? PFKEY_EXTLEN(policy) : -1;
}

92
freebsd/lib/libipsec/ipsec_strerror.c
View File

@@ -1,92 +0,0 @@
#include <machine/rtems-bsd-user-space.h>
/* $KAME: ipsec_strerror.c,v 1.7 2000/07/30 00:45:12 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <string.h>
#include <netipsec/ipsec.h>
#include "ipsec_strerror.h"
int __ipsec_errcode;
static const char *ipsec_errlist[] = {
"Success", /*EIPSEC_NO_ERROR*/
"Not supported", /*EIPSEC_NOT_SUPPORTED*/
"Invalid argument", /*EIPSEC_INVAL_ARGUMENT*/
"Invalid sadb message", /*EIPSEC_INVAL_SADBMSG*/
"Invalid version", /*EIPSEC_INVAL_VERSION*/
"Invalid security policy", /*EIPSEC_INVAL_POLICY*/
"Invalid address specification", /*EIPSEC_INVAL_ADDRESS*/
"Invalid ipsec protocol", /*EIPSEC_INVAL_PROTO*/
"Invalid ipsec mode", /*EIPSEC_INVAL_MODE*/
"Invalid ipsec level", /*EIPSEC_INVAL_LEVEL*/
"Invalid SA type", /*EIPSEC_INVAL_SATYPE*/
"Invalid message type", /*EIPSEC_INVAL_MSGTYPE*/
"Invalid extension type", /*EIPSEC_INVAL_EXTTYPE*/
"Invalid algorithm type", /*EIPSEC_INVAL_ALGS*/
"Invalid key length", /*EIPSEC_INVAL_KEYLEN*/
"Invalid address family", /*EIPSEC_INVAL_FAMILY*/
"Invalid prefix length", /*EIPSEC_INVAL_PREFIXLEN*/
"Invalid direciton", /*EIPSEC_INVAL_DIR*/
"SPI range violation", /*EIPSEC_INVAL_SPI*/
"No protocol specified", /*EIPSEC_NO_PROTO*/
"No algorithm specified", /*EIPSEC_NO_ALGS*/
"No buffers available", /*EIPSEC_NO_BUFS*/
"Must get supported algorithms list first", /*EIPSEC_DO_GET_SUPP_LIST*/
"Protocol mismatch", /*EIPSEC_PROTO_MISMATCH*/
"Family mismatch", /*EIPSEC_FAMILY_MISMATCH*/
"Too few arguments", /*EIPSEC_FEW_ARGUMENTS*/
NULL, /*EIPSEC_SYSTEM_ERROR*/
"Unknown error", /*EIPSEC_MAX*/
};
const char *ipsec_strerror(void)
{
if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX)
__ipsec_errcode = EIPSEC_MAX;
return ipsec_errlist[__ipsec_errcode];
}
void __ipsec_set_strerror(const char *str)
{
__ipsec_errcode = EIPSEC_SYSTEM_ERROR;
ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str;
return;
}

63
freebsd/lib/libipsec/ipsec_strerror.h
View File

@@ -1,63 +0,0 @@
/* $FreeBSD$ */
/* $KAME: ipsec_strerror.h,v 1.8 2000/07/30 00:45:12 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
extern int __ipsec_errcode;
extern void __ipsec_set_strerror(const char *);
#define EIPSEC_NO_ERROR 0 /*success*/
#define EIPSEC_NOT_SUPPORTED 1 /*not supported*/
#define EIPSEC_INVAL_ARGUMENT 2 /*invalid argument*/
#define EIPSEC_INVAL_SADBMSG 3 /*invalid sadb message*/
#define EIPSEC_INVAL_VERSION 4 /*invalid version*/
#define EIPSEC_INVAL_POLICY 5 /*invalid security policy*/
#define EIPSEC_INVAL_ADDRESS 6 /*invalid address specification*/
#define EIPSEC_INVAL_PROTO 7 /*invalid ipsec protocol*/
#define EIPSEC_INVAL_MODE 8 /*Invalid ipsec mode*/
#define EIPSEC_INVAL_LEVEL 9 /*invalid ipsec level*/
#define EIPSEC_INVAL_SATYPE 10 /*invalid SA type*/
#define EIPSEC_INVAL_MSGTYPE 11 /*invalid message type*/
#define EIPSEC_INVAL_EXTTYPE 12 /*invalid extension type*/
#define EIPSEC_INVAL_ALGS 13 /*Invalid algorithm type*/
#define EIPSEC_INVAL_KEYLEN 14 /*invalid key length*/
#define EIPSEC_INVAL_FAMILY 15 /*invalid address family*/
#define EIPSEC_INVAL_PREFIXLEN 16 /*SPI range violation*/
#define EIPSEC_INVAL_DIR 17 /*Invalid direciton*/
#define EIPSEC_INVAL_SPI 18 /*invalid prefixlen*/
#define EIPSEC_NO_PROTO 19 /*no protocol specified*/
#define EIPSEC_NO_ALGS 20 /*No algorithm specified*/
#define EIPSEC_NO_BUFS 21 /*no buffers available*/
#define EIPSEC_DO_GET_SUPP_LIST 22 /*must get supported algorithm first*/
#define EIPSEC_PROTO_MISMATCH 23 /*protocol mismatch*/
#define EIPSEC_FAMILY_MISMATCH 24 /*family mismatch*/
#define EIPSEC_FEW_ARGUMENTS 25 /*Too few arguments*/
#define EIPSEC_SYSTEM_ERROR 26 /*system error*/
#define EIPSEC_MAX 27 /*unknown error*/

86
freebsd/lib/libipsec/libpfkey.h
View File

@@ -1,86 +0,0 @@
/* $FreeBSD$ */
/* $KAME: libpfkey.h,v 1.6 2001/03/05 18:22:17 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
struct sadb_msg;
extern void pfkey_sadump(struct sadb_msg *);
extern void pfkey_spdump(struct sadb_msg *);
struct sockaddr;
struct sadb_alg;
int ipsec_check_keylen(u_int, u_int, u_int);
int ipsec_check_keylen2(u_int, u_int, u_int);
int ipsec_get_keylen(u_int, u_int, struct sadb_alg *);
u_int pfkey_set_softrate(u_int, u_int);
u_int pfkey_get_softrate(u_int);
int pfkey_send_getspi(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, u_int32_t, u_int32_t, u_int32_t);
int pfkey_send_update(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int,
u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t);
int pfkey_send_add(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t, u_int32_t, u_int, caddr_t, u_int, u_int, u_int, u_int,
u_int, u_int32_t, u_int64_t, u_int64_t, u_int64_t, u_int32_t);
int pfkey_send_delete(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t);
int pfkey_send_delete_all(int, u_int, u_int, struct sockaddr *,
struct sockaddr *);
int pfkey_send_get(int, u_int, u_int, struct sockaddr *, struct sockaddr *,
u_int32_t);
int pfkey_send_register(int, u_int);
int pfkey_recv_register(int);
int pfkey_set_supported(struct sadb_msg *, int);
int pfkey_send_flush(int, u_int);
int pfkey_send_dump(int, u_int);
int pfkey_send_promisc_toggle(int, int);
int pfkey_send_spdadd(int, struct sockaddr *, u_int, struct sockaddr *, u_int,
u_int, caddr_t, int, u_int32_t);
int pfkey_send_spdadd2(int, struct sockaddr *, u_int, struct sockaddr *, u_int,
u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t);
int pfkey_send_spdupdate(int, struct sockaddr *, u_int, struct sockaddr *,
u_int, u_int, caddr_t, int, u_int32_t);
int pfkey_send_spdupdate2(int, struct sockaddr *, u_int, struct sockaddr *,
u_int, u_int, u_int64_t, u_int64_t, caddr_t, int, u_int32_t);
int pfkey_send_spddelete(int, struct sockaddr *, u_int, struct sockaddr *,
u_int, u_int, caddr_t, int, u_int32_t);
int pfkey_send_spddelete2(int, u_int32_t);
int pfkey_send_spdget(int, u_int32_t);
int pfkey_send_spdsetidx(int, struct sockaddr *, u_int, struct sockaddr *,
u_int, u_int, caddr_t, int, u_int32_t);
int pfkey_send_spdflush(int);
int pfkey_send_spddump(int);
int pfkey_open(void);
void pfkey_close(int);
struct sadb_msg *pfkey_recv(int);
int pfkey_send(int, struct sadb_msg *, int);
int pfkey_align(struct sadb_msg *, caddr_t *);
int pfkey_check(caddr_t *);

2136
freebsd/lib/libipsec/pfkey.c
View File

File diff suppressed because it is too large Load Diff

682
freebsd/lib/libipsec/pfkey_dump.c
View File

@@ -1,682 +0,0 @@
#include <machine/rtems-bsd-user-space.h>
/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <net/pfkeyv2.h>
#include <netipsec/ipsec.h>
#include <netipsec/key_var.h>
#include <netipsec/key_debug.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <netdb.h>
#include "ipsec_strerror.h"
#include "libpfkey.h"
/* cope with old kame headers - ugly */
#ifndef SADB_X_AALG_MD5
#define SADB_X_AALG_MD5 SADB_AALG_MD5
#endif
#ifndef SADB_X_AALG_SHA
#define SADB_X_AALG_SHA SADB_AALG_SHA
#endif
#ifndef SADB_X_AALG_NULL
#define SADB_X_AALG_NULL SADB_AALG_NULL
#endif
#ifndef SADB_X_EALG_BLOWFISHCBC
#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC
#endif
#ifndef SADB_X_EALG_CAST128CBC
#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC
#endif
#ifndef SADB_X_EALG_RC5CBC
#ifdef SADB_EALG_RC5CBC
#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
#endif
#endif
#define GETMSGSTR(str, num) \
do { \
if (sizeof((str)[0]) == 0 \
|| num >= sizeof(str)/sizeof((str)[0])) \
printf("%u ", (num)); \
else if (strlen((str)[(num)]) == 0) \
printf("%u ", (num)); \
else \
printf("%s ", (str)[(num)]); \
} while (0)
#define GETMSGV2S(v2s, num) \
do { \
struct val2str *p; \
for (p = (v2s); p && p->str; p++) { \
if (p->val == (num)) \
break; \
} \
if (p && p->str) \
printf("%s ", p->str); \
else \
printf("%u ", (num)); \
} while (0)
static char *str_ipaddr(struct sockaddr *);
static char *str_prefport(u_int, u_int, u_int, u_int);
static void str_upperspec(u_int, u_int, u_int);
static char *str_time(time_t);
static void str_lifetime_byte(struct sadb_lifetime *, char *);
struct val2str {
int val;
const char *str;
};
/*
* Must to be re-written about following strings.
*/
static char *str_satype[] = {
"unspec",
"unknown",
"ah",
"esp",
"unknown",
"rsvp",
"ospfv2",
"ripv2",
"mip",
"ipcomp",
"policy",
"tcp"
};
static char *str_mode[] = {
"any",
"transport",
"tunnel",
};
static char *str_state[] = {
"larval",
"mature",
"dying",
"dead",
};
static struct val2str str_alg_auth[] = {
{ SADB_AALG_NONE, "none", },
{ SADB_AALG_MD5HMAC, "hmac-md5", },
{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
{ SADB_X_AALG_MD5, "md5", },
{ SADB_X_AALG_SHA, "sha", },
{ SADB_X_AALG_NULL, "null", },
{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
#ifdef SADB_X_AALG_SHA2_256
{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
#endif
#ifdef SADB_X_AALG_SHA2_384
{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
#endif
#ifdef SADB_X_AALG_SHA2_512
{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
#endif
#ifdef SADB_X_AALG_RIPEMD160HMAC
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
#endif
#ifdef SADB_X_AALG_AES_XCBC_MAC
{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
#endif
{ -1, NULL, },
};
static struct val2str str_alg_enc[] = {
{ SADB_EALG_NONE, "none", },
{ SADB_EALG_DESCBC, "des-cbc", },
{ SADB_EALG_3DESCBC, "3des-cbc", },
{ SADB_EALG_NULL, "null", },
#ifdef SADB_X_EALG_RC5CBC
{ SADB_X_EALG_RC5CBC, "rc5-cbc", },
#endif
{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
#ifdef SADB_X_EALG_RIJNDAELCBC
{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
#endif
#ifdef SADB_X_EALG_TWOFISHCBC
{ SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
#endif
#ifdef SADB_X_EALG_AESCTR
{ SADB_X_EALG_AESCTR, "aes-ctr", },
#endif
#ifdef SADB_X_EALG_AESGCM16
{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
#endif
#ifdef SADB_X_EALG_CAMELLIACBC
{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
#endif
{ -1, NULL, },
};
static struct val2str str_alg_comp[] = {
{ SADB_X_CALG_NONE, "none", },
{ SADB_X_CALG_OUI, "oui", },
{ SADB_X_CALG_DEFLATE, "deflate", },
{ SADB_X_CALG_LZS, "lzs", },
{ -1, NULL, },
};
static struct val2str str_sp_scope[] = {
{ IPSEC_POLICYSCOPE_GLOBAL, "global" },
{ IPSEC_POLICYSCOPE_IFNET, "ifnet" },
{ IPSEC_POLICYSCOPE_PCB, "pcb"},
{ -1, NULL },
};
/*
* dump SADB_MSG formated. For debugging, you should use kdebug_sadb().
*/
void
pfkey_sadump(m)
struct sadb_msg *m;
{
caddr_t mhp[SADB_EXT_MAX + 1];
struct sadb_sa *m_sa;
struct sadb_x_sa2 *m_sa2;
struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
struct sadb_address *m_saddr, *m_daddr, *m_paddr;
struct sadb_key *m_auth, *m_enc;
struct sadb_ident *m_sid, *m_did;
struct sadb_sens *m_sens;
struct sadb_x_sa_replay *m_sa_replay;
struct sadb_x_nat_t_type *natt_type;
struct sadb_x_nat_t_port *natt_sport, *natt_dport;
struct sadb_address *natt_oai, *natt_oar;
/* check pfkey message. */
if (pfkey_align(m, mhp)) {
printf("%s\n", ipsec_strerror());
return;
}
if (pfkey_check(mhp)) {
printf("%s\n", ipsec_strerror());
return;
}
m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY];
m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH];
m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT];
m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC];
m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
m_sa_replay = (struct sadb_x_sa_replay *)mhp[SADB_X_EXT_SA_REPLAY];
natt_type = (struct sadb_x_nat_t_type *)mhp[SADB_X_EXT_NAT_T_TYPE];
natt_sport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_SPORT];
natt_dport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_DPORT];
natt_oai = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAI];
natt_oar = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAR];
/* source address */
if (m_saddr == NULL) {
printf("no ADDRESS_SRC extension.\n");
return;
}
printf("%s", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
if (natt_type != NULL && natt_sport != NULL)
printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port));
/* destination address */
if (m_daddr == NULL) {
printf("\nno ADDRESS_DST extension.\n");
return;
}
printf(" %s", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
if (natt_type != NULL && natt_dport != NULL)
printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port));
/* SA type */
if (m_sa == NULL) {
printf("\nno SA extension.\n");
return;
}
if (m_sa2 == NULL) {
printf("\nno SA2 extension.\n");
return;
}
printf("\n\t");
if (m->sadb_msg_satype == SADB_SATYPE_ESP && natt_type != NULL)
printf("esp-udp ");
else
GETMSGSTR(str_satype, m->sadb_msg_satype);
printf("mode=");
GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
(u_int32_t)ntohl(m_sa->sadb_sa_spi),
(u_int32_t)ntohl(m_sa->sadb_sa_spi),
(u_int32_t)m_sa2->sadb_x_sa2_reqid,
(u_int32_t)m_sa2->sadb_x_sa2_reqid);
/* other NAT-T information */
if (natt_type != NULL && (natt_oai != NULL || natt_oar != NULL)) {
printf("\tNAT:");
if (natt_oai != NULL)
printf(" OAI=%s",
str_ipaddr((struct sockaddr *)(natt_oai + 1)));
if (natt_oar != NULL)
printf(" OAR=%s",
str_ipaddr((struct sockaddr *)(natt_oar + 1)));
printf("\n");
}
/* encryption key */
if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
printf("\tC: ");
GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
} else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
if (m_enc != NULL) {
printf("\tE: ");
GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc),
m_enc->sadb_key_bits / 8);
printf("\n");
}
}
/* authentication key */
if (m_auth != NULL) {
printf("\tA: ");
GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth),
m_auth->sadb_key_bits / 8);
printf("\n");
}
/* replay windoe size & flags */
printf("\tseq=0x%08x replay=%u flags=0x%08x ",
m_sa2->sadb_x_sa2_sequence,
m_sa_replay ? (m_sa_replay->sadb_x_sa_replay_replay >> 3) :
m_sa->sadb_sa_replay,
m_sa->sadb_sa_flags);
/* state */
printf("state=");
GETMSGSTR(str_state, m_sa->sadb_sa_state);
printf("\n");
/* lifetime */
if (m_lftc != NULL) {
time_t tmp_time = time(0);
printf("\tcreated: %s",
str_time(m_lftc->sadb_lifetime_addtime));
printf("\tcurrent: %s\n", str_time(tmp_time));
printf("\tdiff: %lu(s)",
(u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
printf("\thard: %lu(s)",
(u_long)(m_lfth == NULL ?
0 : m_lfth->sadb_lifetime_addtime));
printf("\tsoft: %lu(s)\n",
(u_long)(m_lfts == NULL ?
0 : m_lfts->sadb_lifetime_addtime));
printf("\tlast: %s",
str_time(m_lftc->sadb_lifetime_usetime));
printf("\thard: %lu(s)",
(u_long)(m_lfth == NULL ?
0 : m_lfth->sadb_lifetime_usetime));
printf("\tsoft: %lu(s)\n",
(u_long)(m_lfts == NULL ?
0 : m_lfts->sadb_lifetime_usetime));
str_lifetime_byte(m_lftc, "current");
str_lifetime_byte(m_lfth, "hard");
str_lifetime_byte(m_lfts, "soft");
printf("\n");
printf("\tallocated: %lu",
(unsigned long)m_lftc->sadb_lifetime_allocations);
printf("\thard: %lu",
(u_long)(m_lfth == NULL ?
0 : m_lfth->sadb_lifetime_allocations));
printf("\tsoft: %lu\n",
(u_long)(m_lfts == NULL ?
0 : m_lfts->sadb_lifetime_allocations));
}
printf("\tsadb_seq=%lu pid=%lu ",
(u_long)m->sadb_msg_seq,
(u_long)m->sadb_msg_pid);
/* XXX DEBUG */
printf("refcnt=%u\n", m->sadb_msg_reserved);
return;
}
void
pfkey_spdump(struct sadb_msg *m)
{
char pbuf[NI_MAXSERV];
caddr_t mhp[SADB_EXT_MAX + 1];
struct sadb_address *m_saddr, *m_daddr;
struct sadb_x_policy *m_xpl;
struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
struct sockaddr *sa;
u_int16_t sport = 0, dport = 0;
/* check pfkey message. */
if (pfkey_align(m, mhp)) {
printf("%s\n", ipsec_strerror());
return;
}
if (pfkey_check(mhp)) {
printf("%s\n", ipsec_strerror());
return;
}
m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
if (m_saddr && m_daddr) {
/* source address */
sa = (struct sockaddr *)(m_saddr + 1);
switch (sa->sa_family) {
case AF_INET:
case AF_INET6:
if (getnameinfo(sa, sa->sa_len, NULL, 0,
pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
sport = 0; /*XXX*/
else
sport = atoi(pbuf);
printf("%s%s ", str_ipaddr(sa),
str_prefport(sa->sa_family,
m_saddr->sadb_address_prefixlen, sport,
m_saddr->sadb_address_proto));
break;
default:
printf("unknown-af ");
break;
}
/* destination address */
sa = (struct sockaddr *)(m_daddr + 1);
switch (sa->sa_family) {
case AF_INET:
case AF_INET6:
if (getnameinfo(sa, sa->sa_len, NULL, 0,
pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
dport = 0; /*XXX*/
else
dport = atoi(pbuf);
printf("%s%s ", str_ipaddr(sa),
str_prefport(sa->sa_family,
m_daddr->sadb_address_prefixlen, dport,
m_saddr->sadb_address_proto));
break;
default:
printf("unknown-af ");
break;
}
/* upper layer protocol */
if (m_saddr->sadb_address_proto !=
m_daddr->sadb_address_proto) {
printf("upper layer protocol mismatched.\n");
return;
}
str_upperspec(m_saddr->sadb_address_proto, sport, dport);
}
else
printf("(no selector, probably per-socket policy) ");
/* policy */
{
char *d_xpl;
if (m_xpl == NULL) {
printf("no X_POLICY extension.\n");
return;
}
d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t");
/* dump SPD */
printf("\n\t%s\n", d_xpl);
free(d_xpl);
}
/* lifetime */
if (m_lftc) {
printf("\tcreated: %s ",
str_time(m_lftc->sadb_lifetime_addtime));
printf("lastused: %s\n",
str_time(m_lftc->sadb_lifetime_usetime));
}
if (m_lfth) {
printf("\tlifetime: %lu(s) ",
(u_long)m_lfth->sadb_lifetime_addtime);
printf("validtime: %lu(s)\n",
(u_long)m_lfth->sadb_lifetime_usetime);
}
printf("\tspid=%ld seq=%ld pid=%ld scope=",
(u_long)m_xpl->sadb_x_policy_id,
(u_long)m->sadb_msg_seq,
(u_long)m->sadb_msg_pid);
GETMSGV2S(str_sp_scope, m_xpl->sadb_x_policy_scope);
if (m_xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET &&
if_indextoname(m_xpl->sadb_x_policy_ifindex, pbuf) != NULL)
printf("ifname=%s", pbuf);
printf("\n");
/* XXX TEST */
printf("\trefcnt=%u\n", m->sadb_msg_reserved);
return;
}
/*
* set "ipaddress" to buffer.
*/
static char *
str_ipaddr(sa)
struct sockaddr *sa;
{
static char buf[NI_MAXHOST];
const int niflag = NI_NUMERICHOST;
if (sa == NULL)
return "";
if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
return buf;
return NULL;
}
/*
* set "/prefix[port number]" to buffer.
*/
static char *
str_prefport(family, pref, port, ulp)
u_int family, pref, port, ulp;
{
static char buf[128];
char prefbuf[128];
char portbuf[128];
int plen;
switch (family) {
case AF_INET:
plen = sizeof(struct in_addr) << 3;
break;
case AF_INET6:
plen = sizeof(struct in6_addr) << 3;
break;
default:
return "?";
}
if (pref == plen)
prefbuf[0] = '\0';
else
snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
if (ulp == IPPROTO_ICMPV6)
memset(portbuf, 0, sizeof(portbuf));
else {
if (port == IPSEC_PORT_ANY)
snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
else
snprintf(portbuf, sizeof(portbuf), "[%u]", port);
}
snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
return buf;
}
static void
str_upperspec(ulp, p1, p2)
u_int ulp, p1, p2;
{
if (ulp == IPSEC_ULPROTO_ANY)
printf("any");
else if (ulp == IPPROTO_ICMPV6) {
printf("icmp6");
if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
printf(" %u,%u", p1, p2);
} else {
struct protoent *ent;
switch (ulp) {
case IPPROTO_IPV4:
printf("ip4");
break;
default:
ent = getprotobynumber(ulp);
if (ent)
printf("%s", ent->p_name);
else
printf("%u", ulp);
endprotoent();
break;
}
}
}
/*
* set "Mon Day Time Year" to buffer
*/
static char *
str_time(t)
time_t t;
{
static char buf[128];
if (t == 0) {
int i = 0;
for (;i < 20;) buf[i++] = ' ';
} else {
char *t0;
t0 = ctime(&t);
memcpy(buf, t0 + 4, 20);
}
buf[20] = '\0';
return(buf);
}
static void
str_lifetime_byte(x, str)
struct sadb_lifetime *x;
char *str;
{
double y;
char *unit;
int w;
if (x == NULL) {
printf("\t%s: 0(bytes)", str);
return;
}
#if 0
if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
unit = "M";
w = 1;
} else if ((x->sadb_lifetime_bytes) / 1024) {
y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
unit = "K";
w = 1;
} else {
y = (x->sadb_lifetime_bytes) * 1.0;
unit = "";
w = 0;
}
#else
y = (x->sadb_lifetime_bytes) * 1.0;
unit = "";
w = 0;
#endif
printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
}

966
freebsd/lib/libipsec/policy_parse.c
View File

@@ -1,966 +0,0 @@
/* original parser id follows */
/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */
/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
#define YYPATCH 20160324
#define YYEMPTY (-1)
#define yyclearin (yychar = YYEMPTY)
#define yyerrok (yyerrflag = 0)
#define YYRECOVERING() (yyerrflag != 0)
#define YYENOMEM (-2)
#define YYEOF 0
#ifndef yyparse
#define yyparse __libipsecyyparse
#endif /* yyparse */
#ifndef yylex
#define yylex __libipsecyylex
#endif /* yylex */
#ifndef yyerror
#define yyerror __libipsecyyerror
#endif /* yyerror */
#ifndef yychar
#define yychar __libipsecyychar
#endif /* yychar */
#ifndef yyval
#define yyval __libipsecyyval
#endif /* yyval */
#ifndef yylval
#define yylval __libipsecyylval
#endif /* yylval */
#ifndef yydebug
#define yydebug __libipsecyydebug
#endif /* yydebug */
#ifndef yynerrs
#define yynerrs __libipsecyynerrs
#endif /* yynerrs */
#ifndef yyerrflag
#define yyerrflag __libipsecyyerrflag
#endif /* yyerrflag */
#ifndef yylhs
#define yylhs __libipsecyylhs
#endif /* yylhs */
#ifndef yylen
#define yylen __libipsecyylen
#endif /* yylen */
#ifndef yydefred
#define yydefred __libipsecyydefred
#endif /* yydefred */
#ifndef yydgoto
#define yydgoto __libipsecyydgoto
#endif /* yydgoto */
#ifndef yysindex
#define yysindex __libipsecyysindex
#endif /* yysindex */
#ifndef yyrindex
#define yyrindex __libipsecyyrindex
#endif /* yyrindex */
#ifndef yygindex
#define yygindex __libipsecyygindex
#endif /* yygindex */
#ifndef yytable
#define yytable __libipsecyytable
#endif /* yytable */
#ifndef yycheck
#define yycheck __libipsecyycheck
#endif /* yycheck */
#ifndef yyname
#define yyname __libipsecyyname
#endif /* yyname */
#ifndef yyrule
#define yyrule __libipsecyyrule
#endif /* yyrule */
#define YYPREFIX "__libipsecyy"
#define YYPURE 0
#line 52 "../../freebsd/lib/libipsec/policy_parse.y"
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netipsec/ipsec.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include "ipsec_strerror.h"
#define ATOX(c) \
(isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
static caddr_t pbuf = NULL; /* sadb_x_policy buffer */
static int tlen = 0; /* total length of pbuf */
static int offset = 0; /* offset of pbuf */
static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid;
static struct sockaddr *p_src = NULL;
static struct sockaddr *p_dst = NULL;
struct _val;
extern void yyerror(char *msg);
static struct sockaddr *parse_sockaddr(struct _val *buf);
static int rule_check(void);
static int init_x_policy(void);
static int set_x_request(struct sockaddr *src, struct sockaddr *dst);
static int set_sockaddr(struct sockaddr *addr);
static void policy_parse_request_init(void);
static caddr_t policy_parse(char *msg, int msglen);
extern void __policy__strbuffer__init__(char *msg);
extern void __policy__strbuffer__free__(void);
extern int yylex(void);
extern char *__libipsecyytext; /*XXX*/
#line 97 "../../freebsd/lib/libipsec/policy_parse.y"
#ifdef YYSTYPE
#undef YYSTYPE_IS_DECLARED
#define YYSTYPE_IS_DECLARED 1
#endif
#ifndef YYSTYPE_IS_DECLARED
#define YYSTYPE_IS_DECLARED 1
typedef union {
u_int num;
struct _val {
int len;
char *buf;
} val;
} YYSTYPE;
#endif /* !YYSTYPE_IS_DECLARED */
#line 160 "__libipsecyy.tab.c"
/* compatibility with bison */
#ifdef YYPARSE_PARAM
/* compatibility with FreeBSD */
# ifdef YYPARSE_PARAM_TYPE
# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
# else
# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
# endif
#else
# define YYPARSE_DECL() yyparse(void)
#endif
/* Parameters sent to lex. */
#ifdef YYLEX_PARAM
# define YYLEX_DECL() yylex(void *YYLEX_PARAM)
# define YYLEX yylex(YYLEX_PARAM)
#else
# define YYLEX_DECL() yylex(void)
# define YYLEX yylex()
#endif
/* Parameters sent to yyerror. */
#ifndef YYERROR_DECL
#define YYERROR_DECL() yyerror(const char *s)
#endif
#ifndef YYERROR_CALL
#define YYERROR_CALL(msg) yyerror(msg)
#endif
extern int YYPARSE_DECL();
#define DIR 257
#define ACTION 258
#define PROTOCOL 259
#define MODE 260
#define LEVEL 261
#define LEVEL_SPECIFY 262
#define IPADDRESS 263
#define ME 264
#define ANY 265
#define SLASH 266
#define HYPHEN 267
#define YYERRCODE 256
typedef int YYINT;
static const YYINT __libipsecyylhs[] = { -1,
2, 0, 0, 1, 1, 3, 3, 3, 3, 3,
3, 3, 3, 4, 5, 7, 7, 8, 6, 6,
6,
};
static const YYINT __libipsecyylen[] = { 2,
0, 4, 1, 0, 2, 7, 6, 5, 4, 6,
3, 2, 1, 1, 1, 1, 1, 0, 4, 3,
3,
};
static const YYINT __libipsecyydefred[] = { 0,
0, 0, 1, 4, 0, 14, 5, 0, 0, 15,
0, 0, 18, 0, 0, 0, 0, 0, 0, 0,
16, 17, 10, 0, 0, 20, 21, 6, 19,
};
static const YYINT __libipsecyydgoto[] = { 2,
5, 4, 7, 8, 11, 17, 23, 18,
};
static const YYINT __libipsecyysindex[] = { -257,
-245, 0, 0, 0, -244, 0, 0, -252, -243, 0,
-248, -256, 0, -251, -247, -250, -242, -246, -240, -241,
0, 0, 0, -250, -237, 0, 0, 0, 0,
};
static const YYINT __libipsecyyrindex[] = { 0,
19, 0, 0, 0, 22, 0, 0, 1, 2, 0,
3, 4, 0, 0, 0, 0, 5, 0, 0, 0,
0, 0, 0, 6, 0, 0, 0, 0, 0,
};
static const YYINT __libipsecyygindex[] = { 0,
0, 0, 0, 0, 0, 0, 7, 0,
};
#define YYTABLESIZE 265
static const YYINT __libipsecyytable[] = { 1,
13, 12, 11, 9, 8, 7, 13, 14, 15, 16,
21, 22, 3, 9, 6, 19, 10, 12, 3, 20,
25, 2, 27, 24, 26, 29, 0, 0, 0, 0,
28, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 13,
12, 11, 9, 8, 7,
};
static const YYINT __libipsecyycheck[] = { 257,
0, 0, 0, 0, 0, 0, 263, 264, 265, 266,
261, 262, 258, 266, 259, 267, 260, 266, 0, 267,
267, 0, 264, 266, 265, 263, -1, -1, -1, -1,
24, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, 259,
259, 259, 259, 259, 259,
};
#define YYFINAL 2
#ifndef YYDEBUG
#define YYDEBUG 0
#endif
#define YYMAXTOKEN 267
#define YYUNDFTOKEN 278
#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))
#if YYDEBUG
static const char *const __libipsecyyname[] = {
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"DIR","ACTION","PROTOCOL","MODE",
"LEVEL","LEVEL_SPECIFY","IPADDRESS","ME","ANY","SLASH","HYPHEN",0,0,0,0,0,0,0,0,
0,0,"illegal-symbol",
};
static const char *const __libipsecyyrule[] = {
"$accept : policy_spec",
"$$1 :",
"policy_spec : DIR ACTION $$1 rules",
"policy_spec : DIR",
"rules :",
"rules : rules rule",
"rule : protocol SLASH mode SLASH addresses SLASH level",
"rule : protocol SLASH mode SLASH addresses SLASH",
"rule : protocol SLASH mode SLASH addresses",
"rule : protocol SLASH mode SLASH",
"rule : protocol SLASH mode SLASH SLASH level",
"rule : protocol SLASH mode",
"rule : protocol SLASH",
"rule : protocol",
"protocol : PROTOCOL",
"mode : MODE",
"level : LEVEL",
"level : LEVEL_SPECIFY",
"$$2 :",
"addresses : IPADDRESS $$2 HYPHEN IPADDRESS",
"addresses : ME HYPHEN ANY",
"addresses : ANY HYPHEN ME",
};
#endif
int yydebug;
int yynerrs;
int yyerrflag;
int yychar;
YYSTYPE yyval;
YYSTYPE yylval;
/* define the initial stack-sizes */
#ifdef YYSTACKSIZE
#undef YYMAXDEPTH
#define YYMAXDEPTH YYSTACKSIZE
#else
#ifdef YYMAXDEPTH
#define YYSTACKSIZE YYMAXDEPTH
#else
#define YYSTACKSIZE 10000
#define YYMAXDEPTH 10000
#endif
#endif
#define YYINITSTACKSIZE 200
typedef struct {
unsigned stacksize;
YYINT *s_base;
YYINT *s_mark;
YYINT *s_last;
YYSTYPE *l_base;
YYSTYPE *l_mark;
} YYSTACKDATA;
/* variables for the parser stack */
static YYSTACKDATA yystack;
#line 212 "../../freebsd/lib/libipsec/policy_parse.y"
void
yyerror(msg)
char *msg;
{
fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
msg, __libipsecyytext);
return;
}
static struct sockaddr *
parse_sockaddr(buf)
struct _val *buf;
{
struct addrinfo hints, *res;
char *serv = NULL;
int error;
struct sockaddr *newaddr = NULL;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
error = getaddrinfo(buf->buf, serv, &hints, &res);
if (error != 0) {
yyerror("invalid IP address");
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
if (res->ai_addr == NULL) {
yyerror("invalid IP address");
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
newaddr = malloc(res->ai_addr->sa_len);
if (newaddr == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
freeaddrinfo(res);
return NULL;
}
memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len);
freeaddrinfo(res);
__ipsec_errcode = EIPSEC_NO_ERROR;
return newaddr;
}
static int
rule_check()
{
if (p_type == IPSEC_POLICY_IPSEC) {
if (p_protocol == IPPROTO_IP) {
__ipsec_errcode = EIPSEC_NO_PROTO;
return -1;
}
if (p_mode != IPSEC_MODE_TRANSPORT
&& p_mode != IPSEC_MODE_TUNNEL) {
__ipsec_errcode = EIPSEC_INVAL_MODE;
return -1;
}
if (p_src == NULL && p_dst == NULL) {
if (p_mode != IPSEC_MODE_TRANSPORT) {
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return -1;
}
}
else if (p_src->sa_family != p_dst->sa_family) {
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
}
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
init_x_policy()
{
struct sadb_x_policy *p;
tlen = sizeof(struct sadb_x_policy);
pbuf = malloc(tlen);
if (pbuf == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
memset(pbuf, 0, tlen);
p = (struct sadb_x_policy *)pbuf;
p->sadb_x_policy_len = 0; /* must update later */
p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
p->sadb_x_policy_type = p_type;
p->sadb_x_policy_dir = p_dir;
p->sadb_x_policy_id = 0;
offset = tlen;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_x_request(src, dst)
struct sockaddr *src, *dst;
{
struct sadb_x_ipsecrequest *p;
int reqlen;
reqlen = sizeof(*p)
+ (src ? src->sa_len : 0)
+ (dst ? dst->sa_len : 0);
tlen += reqlen; /* increment to total length */
pbuf = realloc(pbuf, tlen);
if (pbuf == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
p->sadb_x_ipsecrequest_len = reqlen;
p->sadb_x_ipsecrequest_proto = p_protocol;
p->sadb_x_ipsecrequest_mode = p_mode;
p->sadb_x_ipsecrequest_level = p_level;
p->sadb_x_ipsecrequest_reqid = p_reqid;
offset += sizeof(*p);
if (set_sockaddr(src) || set_sockaddr(dst))
return -1;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_sockaddr(addr)
struct sockaddr *addr;
{
if (addr == NULL) {
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
/* tlen has already incremented */
memcpy(&pbuf[offset], addr, addr->sa_len);
offset += addr->sa_len;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static void
policy_parse_request_init()
{
p_protocol = IPPROTO_IP;
p_mode = IPSEC_MODE_ANY;
p_level = IPSEC_LEVEL_DEFAULT;
p_reqid = 0;
if (p_src != NULL) {
free(p_src);
p_src = NULL;
}
if (p_dst != NULL) {
free(p_dst);
p_dst = NULL;
}
return;
}
static caddr_t
policy_parse(msg, msglen)
char *msg;
int msglen;
{
int error;
pbuf = NULL;
tlen = 0;
/* initialize */
p_dir = IPSEC_DIR_INVALID;
p_type = IPSEC_POLICY_DISCARD;
policy_parse_request_init();
__policy__strbuffer__init__(msg);
error = yyparse(); /* it must be set errcode. */
__policy__strbuffer__free__();
if (error) {
if (pbuf != NULL)
free(pbuf);
return NULL;
}
/* update total length */
((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
__ipsec_errcode = EIPSEC_NO_ERROR;
return pbuf;
}
caddr_t
ipsec_set_policy(msg, msglen)
char *msg;
int msglen;
{
caddr_t policy;
policy = policy_parse(msg, msglen);
if (policy == NULL) {
if (__ipsec_errcode == EIPSEC_NO_ERROR)
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return NULL;
}
__ipsec_errcode = EIPSEC_NO_ERROR;
return policy;
}
#line 604 "__libipsecyy.tab.c"
#if YYDEBUG
#include <stdio.h> /* needed for printf */
#endif
#include <stdlib.h> /* needed for malloc, etc */
#include <string.h> /* needed for memset */
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
static int yygrowstack(YYSTACKDATA *data)
{
int i;
unsigned newsize;
YYINT *newss;
YYSTYPE *newvs;
if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return YYENOMEM;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
i = (int) (data->s_mark - data->s_base);
newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss));
if (newss == 0)
return YYENOMEM;
data->s_base = newss;
data->s_mark = newss + i;
newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs));
if (newvs == 0)
return YYENOMEM;
data->l_base = newvs;
data->l_mark = newvs + i;
data->stacksize = newsize;
data->s_last = data->s_base + newsize - 1;
return 0;
}
#if YYPURE || defined(YY_NO_LEAKS)
static void yyfreestack(YYSTACKDATA *data)
{
free(data->s_base);
free(data->l_base);
memset(data, 0, sizeof(*data));
}
#else
#define yyfreestack(data) /* nothing */
#endif
#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
#define YYERROR goto yyerrlab
int
YYPARSE_DECL()
{
int yym, yyn, yystate;
#if YYDEBUG
const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
yyn = *yys;
if (yyn >= '0' && yyn <= '9')
yydebug = yyn - '0';
}
#endif
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
yystate = 0;
#if YYPURE
memset(&yystack, 0, sizeof(yystack));
#endif
if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow;
yystack.s_mark = yystack.s_base;
yystack.l_mark = yystack.l_base;
yystate = 0;
*yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
if (yychar < 0)
{
if ((yychar = YYLEX) < 0) yychar = YYEOF;
#if YYDEBUG
if (yydebug)
{
yys = yyname[YYTRANSLATE(yychar)];
printf("%sdebug: state %d, reading %d (%s)\n",
YYPREFIX, yystate, yychar, yys);
}
#endif
}
if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
{
goto yyoverflow;
}
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
}
if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
{
yyn = yytable[yyn];
goto yyreduce;
}
if (yyerrflag) goto yyinrecovery;
YYERROR_CALL("syntax error");
goto yyerrlab;
yyerrlab:
++yynerrs;
yyinrecovery:
if (yyerrflag < 3)
{
yyerrflag = 3;
for (;;)
{
if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
{
goto yyoverflow;
}
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
goto yyloop;
}
else
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
YYPREFIX, *yystack.s_mark);
#endif
if (yystack.s_mark <= yystack.s_base) goto yyabort;
--yystack.s_mark;
--yystack.l_mark;
}
}
}
else
{
if (yychar == YYEOF) goto yyabort;
#if YYDEBUG
if (yydebug)
{
yys = yyname[YYTRANSLATE(yychar)];
printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
YYPREFIX, yystate, yychar, yys);
}
#endif
yychar = YYEMPTY;
goto yyloop;
}
yyreduce:
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, reducing by rule %d (%s)\n",
YYPREFIX, yystate, yyn, yyrule[yyn]);
#endif
yym = yylen[yyn];
if (yym)
yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 1:
#line 115 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_dir = yystack.l_mark[-1].num;
p_type = yystack.l_mark[0].num;
if (init_x_policy())
return -1;
}
break;
case 3:
#line 124 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_dir = yystack.l_mark[0].num;
p_type = 0; /* ignored it by kernel */
if (init_x_policy())
return -1;
}
break;
case 5:
#line 135 "../../freebsd/lib/libipsec/policy_parse.y"
{
if (rule_check() < 0)
return -1;
if (set_x_request(p_src, p_dst) < 0)
return -1;
policy_parse_request_init();
}
break;
case 12:
#line 153 "../../freebsd/lib/libipsec/policy_parse.y"
{
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
break;
case 13:
#line 157 "../../freebsd/lib/libipsec/policy_parse.y"
{
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
break;
case 14:
#line 164 "../../freebsd/lib/libipsec/policy_parse.y"
{ p_protocol = yystack.l_mark[0].num; }
break;
case 15:
#line 168 "../../freebsd/lib/libipsec/policy_parse.y"
{ p_mode = yystack.l_mark[0].num; }
break;
case 16:
#line 172 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_level = yystack.l_mark[0].num;
p_reqid = 0;
}
break;
case 17:
#line 176 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_level = IPSEC_LEVEL_UNIQUE;
p_reqid = atol(yystack.l_mark[0].val.buf); /* atol() is good. */
}
break;
case 18:
#line 183 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_src = parse_sockaddr(&yystack.l_mark[0].val);
if (p_src == NULL)
return -1;
}
break;
case 19:
#line 189 "../../freebsd/lib/libipsec/policy_parse.y"
{
p_dst = parse_sockaddr(&yystack.l_mark[0].val);
if (p_dst == NULL)
return -1;
}
break;
case 20:
#line 194 "../../freebsd/lib/libipsec/policy_parse.y"
{
if (p_dir != IPSEC_DIR_OUTBOUND) {
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
break;
case 21:
#line 200 "../../freebsd/lib/libipsec/policy_parse.y"
{
if (p_dir != IPSEC_DIR_INBOUND) {
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
break;
#line 908 "__libipsecyy.tab.c"
}
yystack.s_mark -= yym;
yystate = *yystack.s_mark;
yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state 0 to\
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
*++yystack.s_mark = YYFINAL;
*++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = YYLEX) < 0) yychar = YYEOF;
#if YYDEBUG
if (yydebug)
{
yys = yyname[YYTRANSLATE(yychar)];
printf("%sdebug: state %d, reading %d (%s)\n",
YYPREFIX, YYFINAL, yychar, yys);
}
#endif
}
if (yychar == YYEOF) goto yyaccept;
goto yyloop;
}
if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
yystate = yytable[yyn];
else
yystate = yydgoto[yym];
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM)
{
goto yyoverflow;
}
*++yystack.s_mark = (YYINT) yystate;
*++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
YYERROR_CALL("yacc stack overflow");
yyabort:
yyfreestack(&yystack);
return (1);
yyaccept:
yyfreestack(&yystack);
return (0);
}

438
freebsd/lib/libipsec/policy_parse.y
View File

@@ -1,438 +0,0 @@
/* $KAME: policy_parse.y,v 1.14 2003/06/27 03:39:20 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* IN/OUT bound policy configuration take place such below:
* in <policy>
* out <policy>
*
* <policy> is one of following:
* "discard", "none", "ipsec <requests>", "entrust", "bypass",
*
* The following requests are accepted as <requests>:
*
* protocol/mode/src-dst/level
* protocol/mode/src-dst parsed as protocol/mode/src-dst/default
* protocol/mode/src-dst/ parsed as protocol/mode/src-dst/default
* protocol/transport parsed as protocol/mode/any-any/default
* protocol/transport//level parsed as protocol/mode/any-any/level
*
* You can concatenate these requests with either ' '(single space) or '\n'.
*/
%{
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netipsec/ipsec.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include "ipsec_strerror.h"
#define ATOX(c) \
(isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
static caddr_t pbuf = NULL; /* sadb_x_policy buffer */
static int tlen = 0; /* total length of pbuf */
static int offset = 0; /* offset of pbuf */
static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid;
static struct sockaddr *p_src = NULL;
static struct sockaddr *p_dst = NULL;
struct _val;
extern void yyerror(char *msg);
static struct sockaddr *parse_sockaddr(struct _val *buf);
static int rule_check(void);
static int init_x_policy(void);
static int set_x_request(struct sockaddr *src, struct sockaddr *dst);
static int set_sockaddr(struct sockaddr *addr);
static void policy_parse_request_init(void);
static caddr_t policy_parse(char *msg, int msglen);
extern void __policy__strbuffer__init__(char *msg);
extern void __policy__strbuffer__free__(void);
extern int yylex(void);
extern char *__libipsecyytext; /*XXX*/
%}
%union {
u_int num;
struct _val {
int len;
char *buf;
} val;
}
%token DIR ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY
%token IPADDRESS
%token ME ANY
%token SLASH HYPHEN
%type <num> DIR ACTION PROTOCOL MODE LEVEL
%type <val> IPADDRESS LEVEL_SPECIFY
%%
policy_spec
: DIR ACTION
{
p_dir = $1;
p_type = $2;
if (init_x_policy())
return -1;
}
rules
| DIR
{
p_dir = $1;
p_type = 0; /* ignored it by kernel */
if (init_x_policy())
return -1;
}
;
rules
: /*NOTHING*/
| rules rule {
if (rule_check() < 0)
return -1;
if (set_x_request(p_src, p_dst) < 0)
return -1;
policy_parse_request_init();
}
;
rule
: protocol SLASH mode SLASH addresses SLASH level
| protocol SLASH mode SLASH addresses SLASH
| protocol SLASH mode SLASH addresses
| protocol SLASH mode SLASH
| protocol SLASH mode SLASH SLASH level
| protocol SLASH mode
| protocol SLASH {
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
| protocol {
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
;
protocol
: PROTOCOL { p_protocol = $1; }
;
mode
: MODE { p_mode = $1; }
;
level
: LEVEL {
p_level = $1;
p_reqid = 0;
}
| LEVEL_SPECIFY {
p_level = IPSEC_LEVEL_UNIQUE;
p_reqid = atol($1.buf); /* atol() is good. */
}
;
addresses
: IPADDRESS {
p_src = parse_sockaddr(&$1);
if (p_src == NULL)
return -1;
}
HYPHEN
IPADDRESS {
p_dst = parse_sockaddr(&$4);
if (p_dst == NULL)
return -1;
}
| ME HYPHEN ANY {
if (p_dir != IPSEC_DIR_OUTBOUND) {
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
| ANY HYPHEN ME {
if (p_dir != IPSEC_DIR_INBOUND) {
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
/*
| ME HYPHEN ME
*/
;
%%
void
yyerror(msg)
char *msg;
{
fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
msg, __libipsecyytext);
return;
}
static struct sockaddr *
parse_sockaddr(buf)
struct _val *buf;
{
struct addrinfo hints, *res;
char *serv = NULL;
int error;
struct sockaddr *newaddr = NULL;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
error = getaddrinfo(buf->buf, serv, &hints, &res);
if (error != 0) {
yyerror("invalid IP address");
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
if (res->ai_addr == NULL) {
yyerror("invalid IP address");
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
newaddr = malloc(res->ai_addr->sa_len);
if (newaddr == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
freeaddrinfo(res);
return NULL;
}
memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len);
freeaddrinfo(res);
__ipsec_errcode = EIPSEC_NO_ERROR;
return newaddr;
}
static int
rule_check()
{
if (p_type == IPSEC_POLICY_IPSEC) {
if (p_protocol == IPPROTO_IP) {
__ipsec_errcode = EIPSEC_NO_PROTO;
return -1;
}
if (p_mode != IPSEC_MODE_TRANSPORT
&& p_mode != IPSEC_MODE_TUNNEL) {
__ipsec_errcode = EIPSEC_INVAL_MODE;
return -1;
}
if (p_src == NULL && p_dst == NULL) {
if (p_mode != IPSEC_MODE_TRANSPORT) {
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return -1;
}
}
else if (p_src->sa_family != p_dst->sa_family) {
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
}
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
init_x_policy()
{
struct sadb_x_policy *p;
tlen = sizeof(struct sadb_x_policy);
pbuf = malloc(tlen);
if (pbuf == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
memset(pbuf, 0, tlen);
p = (struct sadb_x_policy *)pbuf;
p->sadb_x_policy_len = 0; /* must update later */
p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
p->sadb_x_policy_type = p_type;
p->sadb_x_policy_dir = p_dir;
p->sadb_x_policy_id = 0;
offset = tlen;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_x_request(src, dst)
struct sockaddr *src, *dst;
{
struct sadb_x_ipsecrequest *p;
int reqlen;
reqlen = sizeof(*p)
+ (src ? src->sa_len : 0)
+ (dst ? dst->sa_len : 0);
tlen += reqlen; /* increment to total length */
pbuf = realloc(pbuf, tlen);
if (pbuf == NULL) {
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
p->sadb_x_ipsecrequest_len = reqlen;
p->sadb_x_ipsecrequest_proto = p_protocol;
p->sadb_x_ipsecrequest_mode = p_mode;
p->sadb_x_ipsecrequest_level = p_level;
p->sadb_x_ipsecrequest_reqid = p_reqid;
offset += sizeof(*p);
if (set_sockaddr(src) || set_sockaddr(dst))
return -1;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_sockaddr(addr)
struct sockaddr *addr;
{
if (addr == NULL) {
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
/* tlen has already incremented */
memcpy(&pbuf[offset], addr, addr->sa_len);
offset += addr->sa_len;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static void
policy_parse_request_init()
{
p_protocol = IPPROTO_IP;
p_mode = IPSEC_MODE_ANY;
p_level = IPSEC_LEVEL_DEFAULT;
p_reqid = 0;
if (p_src != NULL) {
free(p_src);
p_src = NULL;
}
if (p_dst != NULL) {
free(p_dst);
p_dst = NULL;
}
return;
}
static caddr_t
policy_parse(msg, msglen)
char *msg;
int msglen;
{
int error;
pbuf = NULL;
tlen = 0;
/* initialize */
p_dir = IPSEC_DIR_INVALID;
p_type = IPSEC_POLICY_DISCARD;
policy_parse_request_init();
__policy__strbuffer__init__(msg);
error = yyparse(); /* it must be set errcode. */
__policy__strbuffer__free__();
if (error) {
if (pbuf != NULL)
free(pbuf);
return NULL;
}
/* update total length */
((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
__ipsec_errcode = EIPSEC_NO_ERROR;
return pbuf;
}
caddr_t
ipsec_set_policy(msg, msglen)
char *msg;
int msglen;
{
caddr_t policy;
policy = policy_parse(msg, msglen);
if (policy == NULL) {
if (__ipsec_errcode == EIPSEC_NO_ERROR)
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return NULL;
}
__ipsec_errcode = EIPSEC_NO_ERROR;
return policy;
}

2005
freebsd/lib/libipsec/policy_token.c
View File

File diff suppressed because it is too large Load Diff

156
freebsd/lib/libipsec/policy_token.l
View File

@@ -1,156 +0,0 @@
/* $FreeBSD$ */
/* $KAME: policy_token.l,v 1.13 2003/05/09 05:19:55 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
%{
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/route.h>
#include <net/pfkeyv2.h>
#include <netipsec/keydb.h>
#include <netinet/in.h>
#include <netipsec/ipsec.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include "y.tab.h"
#define yylval __libipsecyylval /* XXX */
int yylex(void);
%}
%option noyywrap
%option nounput
%option noinput
/* common section */
nl \n
ws [ \t]+
digit [0-9]
hexdigit [0-9A-Fa-f]
special [()+\|\?\*,]
dot \.
comma \,
hyphen \-
colon \:
slash \/
bcl \{
ecl \}
blcl \[
elcl \]
percent \%
semi \;
usec {dot}{digit}{1,6}
comment \#.*
ccomment "/*"
bracketstring \<[^>]*\>
quotedstring \"[^"]*\"
decstring {digit}+
hexpair {hexdigit}{hexdigit}
hexstring 0[xX]{hexdigit}+
octetstring {octet}({dot}{octet})+
ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*(%[a-zA-Z0-9]+)?
%%
in { yylval.num = IPSEC_DIR_INBOUND; return(DIR); }
out { yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); }
discard { yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); }
none { yylval.num = IPSEC_POLICY_NONE; return(ACTION); }
ipsec { yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); }
bypass { yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); }
entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); }
ah { yylval.num = IPPROTO_AH; return(PROTOCOL); }
ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
tcp { yylval.num = IPPROTO_TCP; return(PROTOCOL); }
transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
me { return(ME); }
any { return(ANY); }
default { yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); }
use { yylval.num = IPSEC_LEVEL_USE; return(LEVEL); }
require { yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); }
unique{colon}{decstring} {
yylval.val.len = strlen(yytext + 7);
yylval.val.buf = yytext + 7;
return(LEVEL_SPECIFY);
}
unique { yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); }
{slash} { return(SLASH); }
{ipaddress} {
yylval.val.len = strlen(yytext);
yylval.val.buf = yytext;
return(IPADDRESS);
}
{hyphen} { return(HYPHEN); }
{ws} { ; }
{nl} { ; }
%%
void __policy__strbuffer__init__(char *);
void __policy__strbuffer__free__(void);
static YY_BUFFER_STATE strbuffer;
void
__policy__strbuffer__init__(msg)
char *msg;
{
if (YY_CURRENT_BUFFER)
yy_delete_buffer(YY_CURRENT_BUFFER);
strbuffer = (YY_BUFFER_STATE)yy_scan_string(msg);
yy_switch_to_buffer(strbuffer);
return;
}
void
__policy__strbuffer__free__()
{
yy_delete_buffer(strbuffer);
return;
}

114
freebsd/lib/libipsec/y.tab.h
View File

@@ -1,114 +0,0 @@
/* A Bison parser, made by GNU Bison 2.7. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED
# define YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
#if YYDEBUG
extern int __libipsecyydebug;
#endif
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
DIR = 258,
ACTION = 259,
PROTOCOL = 260,
MODE = 261,
LEVEL = 262,
LEVEL_SPECIFY = 263,
IPADDRESS = 264,
ME = 265,
ANY = 266,
SLASH = 267,
HYPHEN = 268
};
#endif
/* Tokens. */
#define DIR 258
#define ACTION 259
#define PROTOCOL 260
#define MODE 261
#define LEVEL 262
#define LEVEL_SPECIFY 263
#define IPADDRESS 264
#define ME 265
#define ANY 266
#define SLASH 267
#define HYPHEN 268
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 2058 of yacc.c */
#line 98 "freebsd/lib/libipsec/policy_parse.y"
u_int num;
struct _val {
int len;
char *buf;
} val;
/* Line 2058 of yacc.c */
#line 92 "__libipsecyy.tab.h"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE __libipsecyylval;
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int __libipsecyyparse (void *YYPARSE_PARAM);
#else
int __libipsecyyparse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int __libipsecyyparse (void);
#else
int __libipsecyyparse ();
#endif
#endif /* ! YYPARSE_PARAM */
#endif /* !YY__LIBIPSECYY_LIBIPSECYY_TAB_H_INCLUDED */