- do hexdump on send. set length field properly

- check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols. Obtained from: KAME
author: ume <ume@FreeBSD.org> 2003-11-05 09:47:54 +0000
committer: ume <ume@FreeBSD.org> 2003-11-05 09:47:54 +0000
commit: 832d3f0af5caaf598c2d5fad02933d42fad01078 (patch)
tree: f650d6c8624acdedbc28ef079442ba99097fdba0 /sbin/setkey/token.l
parent: 1b0d2b237ef5dc12f3fb211efc7b75ca8569ceea (diff)
download: FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.zip
FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.tar.gz
1 files changed, 114 insertions, 155 deletions
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index 5f73594..f065fd3 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: token.l,v 1.21 2001/05/18 05:35:01 sakane Exp $	*/
+/*	$KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -46,30 +46,12 @@
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
+#include <netdb.h>
+
 #include "vchar.h"
-#ifdef __NetBSD__
-#include "parse.h"
-#else
 #include "y.tab.h"
-#endif
-
-#define DECHO \
-	if (f_debug) {printf("<%d>", yy_start); ECHO ; printf("\n"); }
-
-#define CMDARG \
-{ \
-	char *__buf__ = strdup(yytext), *__p__; \
-	for (__p__ = __buf__; *__p__ != NULL; __p__++) \
-		if (*__p__ == '\n' || *__p__ == '\t') \
-			*__p__ = ' '; \
-	strcat(cmdarg, __buf__); \
-	free(__buf__); \
-}
-
-#define PREPROC	DECHO CMDARG
 
 int lineno = 1;
-char cmdarg[8192]; /* XXX: BUFSIZ is the better ? */
 
 extern u_char m_buf[BUFSIZ];
 extern u_int m_len;
@@ -81,7 +63,6 @@ void yyerror __P((const char *s));
 extern void parse_init __P((void));
 int parse __P((FILE **));
 int yyparse __P((void));
-
 %}
 
 /* common section */
@@ -90,199 +71,177 @@ ws		[ \t]+
 digit		[0-9]
 letter		[0-9A-Za-z]
 hexdigit	[0-9A-Fa-f]
-/*octet		(([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5])))*/
-special		[()+\|\?\*,]
 dot		\.
-comma		\,
 hyphen		\-
-colon		\:
 slash		\/
-bcl		\{
-ecl		\}
 blcl		\[
 elcl		\]
-percent		\%
 semi		\;
-usec		{dot}{digit}{1,6}
 comment		\#.*
-ccomment	"/*"
-bracketstring	\<[^>]*\>
 quotedstring	\"[^"]*\"
 decstring	{digit}+
-hexpair		{hexdigit}{hexdigit}
 hexstring	0[xX]{hexdigit}+
-octetstring	{octet}({dot}{octet})+
 ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
 ipaddrmask	{slash}{digit}{1,3}
-ipaddrport	{blcl}{decstring}{elcl}
-keyword		{letter}{letter}+
 name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
 hostname	{name}(({dot}{name})+{dot}?)?
 
-%s S_PL
+%s S_PL S_AUTHALG S_ENCALG
 
 %%
 
-add		{ PREPROC; return(ADD); }
-delete		{ PREPROC; return(DELETE); }
-deleteall	{ PREPROC; return(DELETEALL); }
-get		{ PREPROC; return(GET); }
-flush		{ PREPROC; return(FLUSH); }
-dump		{ PREPROC; return(DUMP); }
+add		{ return(ADD); }
+delete		{ return(DELETE); }
+deleteall	{ return(DELETEALL); }
+get		{ return(GET); }
+flush		{ return(FLUSH); }
+dump		{ return(DUMP); }
 
 	/* for management SPD */
-spdadd		{ PREPROC; return(SPDADD); }
-spddelete	{ PREPROC; return(SPDDELETE); }
-spddump		{ PREPROC; return(SPDDUMP); }
-spdflush	{ PREPROC; return(SPDFLUSH); }
-{hyphen}P	{ BEGIN S_PL; PREPROC; return(F_POLICY); }
-<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.\-_/ \n\t]* {
-		yymore();
-
-		/* count up for nl */
-		    {
-			char *p;
-			for (p = yytext; *p != NULL; p++)
-				if (*p == '\n')
-					lineno++;
-		    }
-
-		yylval.val.len = strlen(yytext);
-		yylval.val.buf = strdup(yytext);
-
-		return(PL_REQUESTS);
-}
-<S_PL>{semi}	{ PREPROC; BEGIN INITIAL; return(EOT); }
+spdadd		{ return(SPDADD); }
+spddelete	{ return(SPDDELETE); }
+spddump		{ return(SPDDUMP); }
+spdflush	{ return(SPDFLUSH); }
+tagged		{ return(TAGGED); }
+{hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
+<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
+			yymore();
+
+			/* count up for nl */
+			    {
+				char *p;
+				for (p = yytext; *p != NULL; p++)
+					if (*p == '\n')
+						lineno++;
+			    }
+
+			yylval.val.len = strlen(yytext);
+			yylval.val.buf = strdup(yytext);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
+
+			return(PL_REQUESTS);
+		}
+<S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
+
+	/* address resolution flags */
+{hyphen}[n46][n46]*	{
+			yylval.val.len = strlen(yytext);
+			yylval.val.buf = strdup(yytext);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
+			return(F_AIFLAGS);
+		}
 
 	/* security protocols */
-ah		{ PREPROC; yylval.num = 0; return(PR_AH); }
-esp		{ PREPROC; yylval.num = 0; return(PR_ESP); }
-ah-old		{ PREPROC; yylval.num = 1; return(PR_AH); }
-esp-old		{ PREPROC; yylval.num = 1; return(PR_ESP); }
-ipcomp		{ PREPROC; yylval.num = 0; return(PR_IPCOMP); }
+ah		{ yylval.num = 0; return(PR_AH); }
+esp		{ yylval.num = 0; return(PR_ESP); }
+ah-old		{ yylval.num = 1; return(PR_AH); }
+esp-old		{ yylval.num = 1; return(PR_ESP); }
+ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
 
 	/* authentication alogorithm */
-{hyphen}A	{ PREPROC; return(F_AUTH); }
-hmac-md5	{ PREPROC; yylval.num = SADB_AALG_MD5HMAC; return(ALG_AUTH); }
-hmac-sha1	{ PREPROC; yylval.num = SADB_AALG_SHA1HMAC; return(ALG_AUTH); }
-keyed-md5	{ PREPROC; yylval.num = SADB_X_AALG_MD5; return(ALG_AUTH); }
-keyed-sha1	{ PREPROC; yylval.num = SADB_X_AALG_SHA; return(ALG_AUTH); }
-hmac-sha2-256	{ PREPROC; yylval.num = SADB_X_AALG_SHA2_256; return(ALG_AUTH); }
-hmac-sha2-384	{ PREPROC; yylval.num = SADB_X_AALG_SHA2_384; return(ALG_AUTH); }
-hmac-sha2-512	{ PREPROC; yylval.num = SADB_X_AALG_SHA2_512; return(ALG_AUTH); }
-hmac-ripemd160	{ PREPROC; yylval.num = SADB_X_AALG_RIPEMD160HMAC; return(ALG_AUTH); }
-aes-xcbc-mac	{ PREPROC; yylval.num = SADB_X_AALG_AES_XCBC_MAC; return(ALG_AUTH); }
-null		{ PREPROC; yylval.num = SADB_X_AALG_NULL; return(ALG_AUTH); }
+{hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
+<S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+<S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
 	/* encryption alogorithm */
-{hyphen}E	{ PREPROC; return(F_ENC); }
-des-cbc		{ PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC); }
-3des-cbc	{ PREPROC; yylval.num = SADB_EALG_3DESCBC; return(ALG_ENC); }
-simple		{ PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); }
-blowfish-cbc	{ PREPROC; yylval.num = SADB_X_EALG_BLOWFISHCBC; return(ALG_ENC); }
-cast128-cbc	{ PREPROC; yylval.num = SADB_X_EALG_CAST128CBC; return(ALG_ENC); }
-des-deriv	{ PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DESDERIV); }
-des-32iv	{ PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DES32IV); }
-rijndael-cbc	{ PREPROC; yylval.num = SADB_X_EALG_RIJNDAELCBC; return(ALG_ENC); }
-aes-ctr		{ PREPROC; yylval.num = SADB_X_EALG_AESCTR; return(ALG_ENC); }
+{hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
+<S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
+<S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
+<S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
+<S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
+<S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
 
 	/* compression algorithms */
-{hyphen}C	{ PREPROC; return(F_COMP); }
-oui		{ PREPROC; yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
-deflate		{ PREPROC; yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
-lzs		{ PREPROC; yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
-{hyphen}R	{ PREPROC; return(F_RAWCPI); }
+{hyphen}C	{ return(F_COMP); }
+oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
+deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
+lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
+{hyphen}R	{ return(F_RAWCPI); }
 
 	/* extension */
-{hyphen}m	{ PREPROC; return(F_MODE); }
-transport	{ PREPROC; yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
-tunnel		{ PREPROC; yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
-{hyphen}u	{ PREPROC; return(F_REQID); }
-{hyphen}f	{ PREPROC; return(F_EXT); }
-random-pad	{ PREPROC; yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
-seq-pad		{ PREPROC; yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
-zero-pad	{ PREPROC; yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
-nocyclic-seq	{ PREPROC; return(NOCYCLICSEQ); }
-{hyphen}r	{ PREPROC; return(F_REPLAY); }
-{hyphen}lh	{ PREPROC; return(F_LIFETIME_HARD); }
-{hyphen}ls	{ PREPROC; return(F_LIFETIME_SOFT); }
+{hyphen}m	{ return(F_MODE); }
+transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
+tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
+{hyphen}u	{ return(F_REQID); }
+{hyphen}f	{ return(F_EXT); }
+random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
+seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
+zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
+nocyclic-seq	{ return(NOCYCLICSEQ); }
+{hyphen}r	{ return(F_REPLAY); }
+{hyphen}lh	{ return(F_LIFETIME_HARD); }
+{hyphen}ls	{ return(F_LIFETIME_SOFT); }
 
 	/* ... */
-any		{ PREPROC; return(ANY); }
-{ws}		{ PREPROC; }
+any		{ return(ANY); }
+{ws}		{ }
 {nl}		{ lineno++; }
 {comment}
-{semi}		{ PREPROC; return(EOT); }
+{semi}		{ return(EOT); }
+
+	/* for address parameters: /prefix, [port] */
+{slash}		{ return SLASH; }
+{blcl}		{ return BLCL; }
+{elcl}		{ return ELCL; }
 
 	/* parameter */
 {decstring}	{
 			char *bp;
 
-			PREPROC;
-			yylval.num = strtoul(yytext, &bp, 10);
+			yylval.ulnum = strtoul(yytext, &bp, 10);
 			return(DECSTRING);
 		}
 
-{ipaddress}	{
-			PREPROC;
-
-			yylval.val.len = yyleng;
-			yylval.val.buf = strdup(yytext);
-
-			return(ADDRESS);
-		}
-
-{ipaddrmask}	{
-			PREPROC;
-			yytext++;
-			yylval.num = atoi(yytext);
-			return(PREFIX);
-		}
-
-{ipaddrport}	{
-			char *p = yytext;
-			PREPROC;
-			while (*++p != ']') ;
-			*p = NULL;
-			yytext++;
-			yylval.num = atoi(yytext);
-			return(PORT);
-		}
-
-{blcl}any{elcl}	{
-			PREPROC;
-			return(PORTANY);
-		}
-
 {hexstring}	{
-			int len = yyleng - 2; /* (str - "0x") */
-			PREPROC;
-			yylval.val.len = (len & 1) + (len / 2);
-			/* fixed string if length is odd. */
-			if (len & 1) {
-				yytext[1] = '0';
-				yylval.val.buf = strdup(yytext + 1);
-			} else
-				yylval.val.buf = strdup(yytext + 2);
+			yylval.val.buf = strdup(yytext + 2);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
+			yylval.val.len = strlen(yylval.val.buf);
 
 			return(HEXSTRING);
 		}
 
 {quotedstring}	{
 			char *p = yytext;
-			PREPROC;
 			while (*++p != '"') ;
 			*p = NULL;
 			yytext++;
 			yylval.val.len = yyleng - 2;
 			yylval.val.buf = strdup(yytext);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
 
 			return(QUOTEDSTRING);
 		}
 
-[a-z0-9.\-]*	{
+[A-Za-z0-9:][A-Za-z0-9:%\.-]* {
+			yylval.val.len = yyleng;
+			yylval.val.buf = strdup(yytext);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
+			return(STRING);
+		}
+
+[0-9,]+ {
 			yylval.val.len = yyleng;
 			yylval.val.buf = strdup(yytext);
+			if (!yylval.val.buf)
+				yyfatal("insufficient memory");
 			return(STRING);
 		}
author	ume <ume@FreeBSD.org>	2003-11-05 09:47:54 +0000
committer	ume <ume@FreeBSD.org>	2003-11-05 09:47:54 +0000
commit	832d3f0af5caaf598c2d5fad02933d42fad01078 (patch)
tree	f650d6c8624acdedbc28ef079442ba99097fdba0 /sbin/setkey/token.l
parent	1b0d2b237ef5dc12f3fb211efc7b75ca8569ceea (diff)
download	FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.zip FreeBSD-src-832d3f0af5caaf598c2d5fad02933d42fad01078.tar.gz