Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sorry, forgot to cvs add new files

This commit is contained in:
itojun 2000-02-01 03:08:36 +00:00
parent be6d4a9d34
commit ffd73d1d87
4 changed files with 891 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

276
lib/libipsec/ipsec_dump_policy.c Normal file
View File

@ -0,0 +1,276 @@
/* $NetBSD: ipsec_dump_policy.c,v 1.1 2000/02/01 03:08:36 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netkey/key_var.h>
#include <netinet/in.h>
#include <netinet6/ipsec.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "ipsec_strerror.h"
#ifdef USE_GETNAMEINFO
#undef USE_GETNAMEINFO
#endif
static const char *ipsp_dir_strs[] = {
"any", "in", "out",
};
static const char *ipsp_policy_strs[] = {
"discard", "none", "ipsec", "entrust", "bypass",
};
static int set_addresses __P((char *buf, caddr_t ptr));
/*
* policy is sadb_x_policy buffer.
* Must call free() later.
* When delimiter == NULL, alternatively ' '(space) is applied.
*/
char *
ipsec_dump_policy(policy, delimiter)
caddr_t policy;
char *delimiter;
{
struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy;
struct sadb_x_ipsecrequest *xisr;
int xtlen, buflen;
char *buf;
int error;
/* sanity check */
if (policy == NULL)
return NULL;
if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return NULL;
}
/* set delimiter */
if (delimiter == NULL)
delimiter = " ";
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_ANY:
case IPSEC_DIR_INBOUND:
case IPSEC_DIR_OUTBOUND:
break;
default:
ipsec_errcode = EIPSEC_INVAL_DIR;
return NULL;
}
switch (xpl->sadb_x_policy_type) {
case IPSEC_POLICY_DISCARD:
case IPSEC_POLICY_NONE:
case IPSEC_POLICY_IPSEC:
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_ENTRUST:
break;
default:
ipsec_errcode = EIPSEC_INVAL_POLICY;
return NULL;
}
buflen = strlen(ipsp_dir_strs[xpl->sadb_x_policy_dir])
+ 1 /* space */
+ strlen(ipsp_policy_strs[xpl->sadb_x_policy_type])
+ 1; /* NUL */
if ((buf = malloc(buflen)) == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
return NULL;
}
strcpy(buf, ipsp_dir_strs[xpl->sadb_x_policy_dir]);
strcat(buf, " ");
strcat(buf, ipsp_policy_strs[xpl->sadb_x_policy_type]);
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}
xtlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
/* count length of buffer for use */
/* XXX non-seriously */
while (xtlen > 0) {
/* protocol/mode/addresses/level */
buflen += (10 + 10 + 82 + 20);
xtlen -= xisr->sadb_x_ipsecrequest_len;
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
+ xisr->sadb_x_ipsecrequest_len);
}
/* validity check */
if (xtlen < 0) {
ipsec_errcode = EIPSEC_INVAL_SADBMSG;
free(buf);
return NULL;
}
if ((buf = realloc(buf, buflen)) == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
return NULL;
}
xtlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
while (xtlen > 0) {
strcat(buf, delimiter);
switch (xisr->sadb_x_ipsecrequest_proto) {
case IPPROTO_ESP:
strcat(buf, "esp");
break;
case IPPROTO_AH:
strcat(buf, "ah");
break;
case IPPROTO_IPCOMP:
strcat(buf, "ipcomp");
break;
default:
ipsec_errcode = EIPSEC_INVAL_PROTO;
free(buf);
return NULL;
}
strcat(buf, "/");
switch (xisr->sadb_x_ipsecrequest_mode) {
case IPSEC_MODE_ANY:
strcat(buf, "any");
break;
case IPSEC_MODE_TRANSPORT:
strcat(buf, "transport");
break;
case IPSEC_MODE_TUNNEL:
strcat(buf, "tunnel");
break;
default:
ipsec_errcode = EIPSEC_INVAL_MODE;
free(buf);
return NULL;
}
strcat(buf, "/");
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
error = set_addresses(buf, (caddr_t)(xisr + 1));
if (error) {
ipsec_errcode = EIPSEC_INVAL_MODE;
free(buf);
return NULL;
}
}
switch (xisr->sadb_x_ipsecrequest_level) {
case IPSEC_LEVEL_DEFAULT:
strcat(buf, "/default");
break;
case IPSEC_LEVEL_USE:
strcat(buf, "/use");
break;
case IPSEC_LEVEL_REQUIRE:
strcat(buf, "/require");
break;
case IPSEC_LEVEL_UNIQUE:
strcat(buf, "/unique");
break;
default:
ipsec_errcode = EIPSEC_INVAL_LEVEL;
free(buf);
return NULL;
}
if (xisr->sadb_x_ipsecrequest_reqid != 0) {
char id[16];
if (xisr->sadb_x_ipsecrequest_reqid
> IPSEC_MANUAL_REQID_MAX)
strcat(buf, "#");
else
strcat(buf, ":");
snprintf(id, sizeof(id), "%d",
xisr->sadb_x_ipsecrequest_reqid);
strcat(buf, id);
}
xtlen -= xisr->sadb_x_ipsecrequest_len;
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
+ xisr->sadb_x_ipsecrequest_len);
}
ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}
static int
set_addresses(buf, ptr)
char *buf;
caddr_t ptr;
{
char tmp[100]; /* XXX */
struct sockaddr *saddr = (struct sockaddr *)ptr;
#ifdef USE_GETNAMEINFO
getnameinfo(saddr, saddr->sa_len, tmp, sizeof(tmp),
NULL, 0, NI_NUMERICHOST);
#else
inet_ntop(saddr->sa_family, _INADDRBYSA(saddr),
tmp, sizeof(tmp));
#endif
strcat(buf, tmp);
strcat(buf, "-");
saddr = (struct sockaddr *)((caddr_t)saddr + saddr->sa_len);
#ifdef USE_GETNAMEINFO
getnameinfo(saddr, saddr->sa_len, tmp, sizeof(tmp),
NULL, 0, NI_NUMERICHOST);
#else
inet_ntop(saddr->sa_family, _INADDRBYSA(saddr),
tmp, sizeof(tmp));
#endif
strcat(buf, tmp);
return 0;
}

46
lib/libipsec/ipsec_get_policylen.c Normal file
View File

@ -0,0 +1,46 @@
/* $NetBSD: ipsec_get_policylen.c,v 1.1 2000/02/01 03:08:36 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet6/ipsec.h>
#include <netkey/keyv2.h>
#include "ipsec_strerror.h"
int
ipsec_get_policylen(policy)
caddr_t policy;
{
return policy ? PFKEY_EXTLEN(policy) : -1;
}

424
lib/libipsec/policy_parse.y Normal file
View File

@ -0,0 +1,424 @@
/* $NetBSD: policy_parse.y,v 1.1 2000/02/01 03:08:37 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* KAME Id: policy_parse.y,v 1.7 2000/01/27 17:59:13 itojun Exp */
/*
* IN/OUT bound policy configuration take place such below:
* in <policy>
* out <policy>
*
* <policy> is one of following:
* "discard", "none", "ipsec <requests>", "entrust", "bypass",
*
* The following requests are accepted as <requests>:
*
* protocol/mode/src-dst/level
* protocol/mode/src-dst parsed as protocol/mode/src-dst/default
* protocol/mode/src-dst/ parsed as protocol/mode/src-dst/default
* protocol/transport parsed as protocol/mode/any-any/default
* protocol/transport//level parsed as protocol/mode/any-any/level
*
* You can concatenate these requests with either ' '(single space) or '\n'.
*/
%{
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet6/ipsec.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include "ipsec_strerror.h"
#define ATOX(c) \
(isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
static caddr_t pbuf = NULL; /* sadb_x_policy buffer */
static int tlen = 0; /* total length of pbuf */
static int offset = 0; /* offset of pbuf */
static int p_dir, p_type, p_protocol, p_mode, p_level, p_reqid;
static struct sockaddr *p_src = NULL;
static struct sockaddr *p_dst = NULL;
struct _val;
extern void yyerror __P((char *msg));
static struct sockaddr *parse_sockaddr __P((struct _val *buf));
static int rule_check __P((void));
static int init_x_policy __P((void));
static int set_x_request __P((struct sockaddr *src, struct sockaddr *dst));
static int set_sockaddr __P((struct sockaddr *addr));
static void policy_parse_request_init __P((void));
static caddr_t policy_parse __P((char *msg, int msglen));
extern void __policy__strbuffer__init__ __P((char *msg));
extern int yyparse __P((void));
extern int yylex __P((void));
%}
%union {
u_int num;
struct _val {
int len;
char *buf;
} val;
}
%token DIR ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY
%token IPADDRESS
%token ME ANY
%token SLASH HYPHEN
%type <num> DIR ACTION PROTOCOL MODE LEVEL
%type <val> IPADDRESS LEVEL_SPECIFY
%%
policy_spec
: DIR ACTION
{
p_dir = $1;
p_type = $2;
if (init_x_policy())
return -1;
}
rules
;
rules
: /*NOTHING*/
| rules rule {
if (rule_check() < 0)
return -1;
if (set_x_request(p_src, p_dst) < 0)
return -1;
policy_parse_request_init();
}
;
rule
: protocol SLASH mode SLASH addresses SLASH level
| protocol SLASH mode SLASH addresses SLASH
| protocol SLASH mode SLASH addresses
| protocol SLASH mode SLASH
| protocol SLASH mode SLASH SLASH level
| protocol SLASH mode
| protocol SLASH {
ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
| protocol {
ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
;
protocol
: PROTOCOL { p_protocol = $1; }
;
mode
: MODE { p_mode = $1; }
;
level
: LEVEL {
p_level = $1;
p_reqid = 0;
}
| LEVEL_SPECIFY {
p_level = IPSEC_LEVEL_UNIQUE;
p_reqid = atol($1.buf); /* atol() is good. */
}
;
addresses
: IPADDRESS {
p_src = parse_sockaddr(&$1);
if (p_src == NULL)
return -1;
}
HYPHEN
IPADDRESS {
p_dst = parse_sockaddr(&$4);
if (p_dst == NULL)
return -1;
}
| ME HYPHEN ANY {
if (p_dir != IPSEC_DIR_OUTBOUND) {
ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
| ANY HYPHEN ME {
if (p_dir != IPSEC_DIR_INBOUND) {
ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
/*
| ME HYPHEN ME
*/
;
%%
void
yyerror(msg)
char *msg;
{
extern char *__libyytext; /*XXX*/
fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
msg, __libyytext);
return;
}
static struct sockaddr *
parse_sockaddr(buf)
struct _val *buf;
{
struct addrinfo hints, *res;
char *serv = NULL;
int error;
struct sockaddr *newaddr = NULL;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
error = getaddrinfo(buf->buf, serv, &hints, &res);
if (error != 0) {
yyerror("invalid IP address");
ipsec_set_strerror(gai_strerror(error));
return NULL;
}
if (res->ai_addr == NULL) {
yyerror("invalid IP address");
ipsec_set_strerror(gai_strerror(error));
return NULL;
}
newaddr = malloc(res->ai_addr->sa_len);
if (newaddr == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
freeaddrinfo(res);
return NULL;
}
memcpy(newaddr, res->ai_addr, res->ai_addr->sa_len);
freeaddrinfo(res);
ipsec_errcode = EIPSEC_NO_ERROR;
return newaddr;
}
static int
rule_check()
{
if (p_type == IPSEC_POLICY_IPSEC) {
if (p_protocol == IPPROTO_IP) {
ipsec_errcode = EIPSEC_NO_PROTO;
return -1;
}
if (p_mode != IPSEC_MODE_TRANSPORT
&& p_mode != IPSEC_MODE_TUNNEL) {
ipsec_errcode = EIPSEC_INVAL_MODE;
return -1;
}
if (p_src == NULL && p_dst == NULL) {
if (p_mode != IPSEC_MODE_TRANSPORT) {
ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return -1;
}
}
else if (p_src->sa_family != p_dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
}
ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
init_x_policy()
{
struct sadb_x_policy *p;
tlen = sizeof(struct sadb_x_policy);
pbuf = malloc(tlen);
if (pbuf == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_policy *)pbuf;
p->sadb_x_policy_len = 0; /* must update later */
p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
p->sadb_x_policy_type = p_type;
p->sadb_x_policy_dir = p_dir;
p->sadb_x_policy_reserved = 0;
offset = tlen;
ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_x_request(src, dst)
struct sockaddr *src, *dst;
{
struct sadb_x_ipsecrequest *p;
int reqlen;
reqlen = sizeof(*p)
+ (src ? src->sa_len : 0)
+ (dst ? dst->sa_len : 0);
tlen += reqlen; /* increment to total length */
pbuf = realloc(pbuf, tlen);
if (pbuf == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
p->sadb_x_ipsecrequest_len = reqlen;
p->sadb_x_ipsecrequest_proto = p_protocol;
p->sadb_x_ipsecrequest_mode = p_mode;
p->sadb_x_ipsecrequest_level = p_level;
p->sadb_x_ipsecrequest_reqid = p_reqid;
offset += sizeof(*p);
if (set_sockaddr(src) || set_sockaddr(dst))
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static int
set_sockaddr(addr)
struct sockaddr *addr;
{
if (addr == NULL) {
ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
/* tlen has already incremented */
memcpy(&pbuf[offset], addr, addr->sa_len);
offset += addr->sa_len;
ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
static void
policy_parse_request_init()
{
p_protocol = IPPROTO_IP;
p_mode = IPSEC_MODE_ANY;
p_level = IPSEC_LEVEL_DEFAULT;
p_reqid = 0;
if (p_src != NULL) {
free(p_src);
p_src = NULL;
}
if (p_dst != NULL) {
free(p_dst);
p_dst = NULL;
}
return;
}
static caddr_t
policy_parse(msg, msglen)
char *msg;
int msglen;
{
int error;
pbuf = NULL;
tlen = 0;
/* initialize */
p_dir = IPSEC_DIR_INVALID;
p_type = IPSEC_POLICY_DISCARD;
policy_parse_request_init();
__policy__strbuffer__init__(msg);
error = yyparse(); /* it must be set errcode. */
if (error) {
if (pbuf != NULL)
free(pbuf);
return NULL;
}
/* update total length */
((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
ipsec_errcode = EIPSEC_NO_ERROR;
return pbuf;
}
caddr_t
ipsec_set_policy(msg, msglen)
char *msg;
int msglen;
{
caddr_t policy;
policy = policy_parse(msg, msglen);
if (policy == NULL) {
if (ipsec_errcode == EIPSEC_NO_ERROR)
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return NULL;
}
ipsec_errcode = EIPSEC_NO_ERROR;
return policy;
}

145
lib/libipsec/policy_token.l Normal file
View File

@ -0,0 +1,145 @@
/* $NetBSD: policy_token.l,v 1.1 2000/02/01 03:08:37 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
%{
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/route.h>
#include <netkey/keyv2.h>
#include <netkey/keydb.h>
#include <netkey/key_debug.h>
#include <netinet/in.h>
#include <netinet6/ipsec.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include "policy_parse.h"
#define yylval __libyylval /* XXX */
int yylex __P((void));
%}
%option noyywrap
/* common section */
nl \n
ws [ \t]+
digit [0-9]
hexdigit [0-9A-Fa-f]
special [()+\|\?\*,]
dot \.
comma \,
hyphen \-
colon \:
slash \/
bcl \{
ecl \}
blcl \[
elcl \]
percent \%
semi \;
usec {dot}{digit}{1,6}
comment \#.*
ccomment "/*"
bracketstring \<[^>]*\>
quotedstring \"[^"]*\"
decstring {digit}+
hexpair {hexdigit}{hexdigit}
hexstring 0[xX]{hexdigit}+
octetstring {octet}({dot}{octet})+
ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*
name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
hostname {name}(({dot}{name})+{dot}?)?
%%
in { yylval.num = IPSEC_DIR_INBOUND; return(DIR); }
out { yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); }
discard { yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); }
none { yylval.num = IPSEC_POLICY_NONE; return(ACTION); }
ipsec { yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); }
bypass { yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); }
entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); }
esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); }
ah { yylval.num = IPPROTO_AH; return(PROTOCOL); }
ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); }
transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
me { return(ME); }
any { return(ANY); }
default { yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); }
use { yylval.num = IPSEC_LEVEL_USE; return(LEVEL); }
require { yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); }
unique{colon}{decstring} {
yylval.val.len = strlen(yytext + 7);
yylval.val.buf = yytext + 7;
return(LEVEL_SPECIFY);
}
unique { yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); }
{slash} { return(SLASH); }
{ipaddress} {
yylval.val.len = strlen(yytext);
yylval.val.buf = yytext;
return(IPADDRESS);
}
{hyphen} { return(HYPHEN); }
{ws} { ; }
{nl} { ; }
%%
void __policy__strbuffer__init__ __P((char *));
void
__policy__strbuffer__init__(msg)
char *msg;
{
YY_BUFFER_STATE yyb;
yyb = (YY_BUFFER_STATE)yy_scan_string(msg);
yy_switch_to_buffer(yyb);
return;
}