# line 2 "../ipnat_y.y" /* * Copyright (C) 2001-2008 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version # include # else # if __FreeBSD_cc_version < 430000 # include # endif # endif #endif #include #include #include #include #include #if !defined(__SVR4) && !defined(__GNUC__) #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #if __FreeBSD_version >= 300000 # include #endif #include #include #include #include "ipf.h" #include "netinet/ipl.h" #include "ipnat_l.h" #define YYDEBUG 1 extern void ipnat_yyerror __P((char *)); extern int ipnat_yyparse __P((void)); extern int ipnat_yylex __P((void)); extern int ipnat_yydebug; extern FILE *ipnat_yyin; extern int ipnat_yylineNum; static ipnat_t *nattop = NULL; static ipnat_t *nat = NULL; static int natfd = -1; static ioctlfunc_t natioctlfunc = NULL; static addfunc_t nataddfunc = NULL; static void newnatrule __P((void)); static void setnatproto __P((int)); # line 71 "../ipnat_y.y" typedef union #ifdef __cplusplus YYSTYPE #endif { char *str; u_32_t num; struct { i6addr_t a; int v; } ipa; frentry_t fr; frtuc_t *frt; u_short port; struct { u_short p1; u_short p2; int pc; } pc; struct { i6addr_t a; i6addr_t m; int v; } ipp; union i6addr ip6; } YYSTYPE; # define YY_NUMBER 257 # define YY_HEX 258 # define YY_STR 259 # define YY_COMMENT 260 # define YY_CMP_EQ 261 # define YY_CMP_NE 262 # define YY_CMP_LE 263 # define YY_CMP_GE 264 # define YY_CMP_LT 265 # define YY_CMP_GT 266 # define YY_RANGE_OUT 267 # define YY_RANGE_IN 268 # define YY_IPV6 269 # define IPNY_MAPBLOCK 270 # define IPNY_RDR 271 # define IPNY_PORT 272 # define IPNY_PORTS 273 # define IPNY_AUTO 274 # define IPNY_RANGE 275 # define IPNY_MAP 276 # define IPNY_BIMAP 277 # define IPNY_FROM 278 # define IPNY_TO 279 # define IPNY_MASK 280 # define IPNY_PORTMAP 281 # define IPNY_ANY 282 # define IPNY_ROUNDROBIN 283 # define IPNY_FRAG 284 # define IPNY_AGE 285 # define IPNY_ICMPIDMAP 286 # define IPNY_PROXY 287 # define IPNY_TCP 288 # define IPNY_UDP 289 # define IPNY_TCPUDP 290 # define IPNY_STICKY 291 # define IPNY_MSSCLAMP 292 # define IPNY_TAG 293 # define IPNY_TLATE 294 # define IPNY_SEQUENTIAL 295 #include #ifdef __STDC__ #include #include #define YYCONST const #else #include #include #define YYCONST #endif #include #if defined(__cplusplus) || defined(__STDC__) #if defined(__cplusplus) && defined(__EXTERN_C__) extern "C" { #endif #ifndef ipnat_yyerror #if defined(__cplusplus) void ipnat_yyerror(YYCONST char *); #endif #endif #ifndef ipnat_yylex int ipnat_yylex(void); #endif int ipnat_yyparse(void); #if defined(__cplusplus) && defined(__EXTERN_C__) } #endif #endif #define ipnat_yyclearin ipnat_yychar = -1 #define ipnat_yyerrok ipnat_yyerrflag = 0 extern int ipnat_yychar; extern int ipnat_yyerrflag; YYSTYPE ipnat_yylval; YYSTYPE ipnat_yyval; typedef int ipnat_yytabelem; #ifndef YYMAXDEPTH #define YYMAXDEPTH 150 #endif #if YYMAXDEPTH > 0 int ipnat_yy_ipnat_yys[YYMAXDEPTH], *ipnat_yys = ipnat_yy_ipnat_yys; YYSTYPE ipnat_yy_ipnat_yyv[YYMAXDEPTH], *ipnat_yyv = ipnat_yy_ipnat_yyv; #else /* user does initial allocation */ int *ipnat_yys; YYSTYPE *ipnat_yyv; #endif static int ipnat_yymaxdepth = YYMAXDEPTH; # define YYERRCODE 256 # line 791 "../ipnat_y.y" static wordtab_t ipnat_yywords[] = { { "age", IPNY_AGE }, { "any", IPNY_ANY }, { "auto", IPNY_AUTO }, { "bimap", IPNY_BIMAP }, { "frag", IPNY_FRAG }, { "from", IPNY_FROM }, { "icmpidmap", IPNY_ICMPIDMAP }, { "mask", IPNY_MASK }, { "map", IPNY_MAP }, { "map-block", IPNY_MAPBLOCK }, { "mssclamp", IPNY_MSSCLAMP }, { "netmask", IPNY_MASK }, { "port", IPNY_PORT }, { "portmap", IPNY_PORTMAP }, { "ports", IPNY_PORTS }, { "proxy", IPNY_PROXY }, { "range", IPNY_RANGE }, { "rdr", IPNY_RDR }, { "round-robin",IPNY_ROUNDROBIN }, { "sequential", IPNY_SEQUENTIAL }, { "sticky", IPNY_STICKY }, { "tag", IPNY_TAG }, { "tcp", IPNY_TCP }, { "tcpudp", IPNY_TCPUDP }, { "to", IPNY_TO }, { "udp", IPNY_UDP }, { "-", '-' }, { "->", IPNY_TLATE }, { "eq", YY_CMP_EQ }, { "ne", YY_CMP_NE }, { "lt", YY_CMP_LT }, { "gt", YY_CMP_GT }, { "le", YY_CMP_LE }, { "ge", YY_CMP_GE }, { NULL, 0 } }; int ipnat_parsefile(fd, addfunc, ioctlfunc, filename) int fd; addfunc_t addfunc; ioctlfunc_t ioctlfunc; char *filename; { FILE *fp = NULL; char *s; (void) ipnat_yysettab(ipnat_yywords); s = getenv("YYDEBUG"); if (s) ipnat_yydebug = atoi(s); else ipnat_yydebug = 0; if (strcmp(filename, "-")) { fp = fopen(filename, "r"); if (!fp) { fprintf(stderr, "fopen(%s) failed: %s\n", filename, STRERROR(errno)); return -1; } } else fp = stdin; while (ipnat_parsesome(fd, addfunc, ioctlfunc, fp) == 1) ; if (fp != NULL) fclose(fp); return 0; } int ipnat_parsesome(fd, addfunc, ioctlfunc, fp) int fd; addfunc_t addfunc; ioctlfunc_t ioctlfunc; FILE *fp; { char *s; int i; ipnat_yylineNum = 1; natfd = fd; nataddfunc = addfunc; natioctlfunc = ioctlfunc; if (feof(fp)) return 0; i = fgetc(fp); if (i == EOF) return 0; if (ungetc(i, fp) == EOF) return 0; if (feof(fp)) return 0; s = getenv("YYDEBUG"); if (s) ipnat_yydebug = atoi(s); else ipnat_yydebug = 0; ipnat_yyin = fp; ipnat_yyparse(); return 1; } static void newnatrule() { ipnat_t *n; n = calloc(1, sizeof(*n)); if (n == NULL) return; if (nat == NULL) nattop = nat = n; else { nat->in_next = n; nat = n; } } static void setnatproto(p) int p; { nat->in_p = p; switch (p) { case IPPROTO_TCP : nat->in_flags |= IPN_TCP; nat->in_flags &= ~IPN_UDP; break; case IPPROTO_UDP : nat->in_flags |= IPN_UDP; nat->in_flags &= ~IPN_TCP; break; case IPPROTO_ICMP : nat->in_flags &= ~IPN_TCPUDP; if (!(nat->in_flags & IPN_ICMPQUERY)) { nat->in_dcmp = 0; nat->in_scmp = 0; nat->in_pmin = 0; nat->in_pmax = 0; nat->in_pnext = 0; } break; default : if ((nat->in_redir & NAT_MAPBLK) == 0) { /* Only reset dcmp/scmp in case dport/sport not set */ if (0 == nat->in_tuc.ftu_dport) nat->in_dcmp = 0; if (0 == nat->in_tuc.ftu_sport) nat->in_scmp = 0; nat->in_pmin = 0; nat->in_pmax = 0; nat->in_pnext = 0; nat->in_flags &= ~IPN_TCPUDP; } break; } if ((nat->in_flags & (IPN_TCPUDP|IPN_FIXEDDPORT)) == IPN_FIXEDDPORT) nat->in_flags &= ~IPN_FIXEDDPORT; } void ipnat_addrule(fd, ioctlfunc, ptr) int fd; ioctlfunc_t ioctlfunc; void *ptr; { ioctlcmd_t add, del; ipfobj_t obj; ipnat_t *ipn; ipn = ptr; bzero((char *)&obj, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; obj.ipfo_size = sizeof(ipnat_t); obj.ipfo_type = IPFOBJ_IPNAT; obj.ipfo_ptr = ptr; add = 0; del = 0; if ((opts & OPT_DONOTHING) != 0) fd = -1; if (opts & OPT_ZERORULEST) { add = SIOCZRLST; } else if (opts & OPT_INACTIVE) { add = SIOCADNAT; del = SIOCRMNAT; } else { add = SIOCADNAT; del = SIOCRMNAT; } if (ipn && (opts & OPT_VERBOSE)) printnat(ipn, opts); if (opts & OPT_DEBUG) binprint(ipn, sizeof(*ipn)); if ((opts & OPT_ZERORULEST) != 0) { if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) { if ((opts & OPT_DONOTHING) == 0) { fprintf(stderr, "%d:", ipnat_yylineNum); perror("ioctl(SIOCZRLST)"); } } else { #ifdef USE_QUAD_T /* printf("hits %qd bytes %qd ", (long long)fr->fr_hits, (long long)fr->fr_bytes); */ #else /* printf("hits %ld bytes %ld ", fr->fr_hits, fr->fr_bytes); */ #endif printnat(ipn, opts); } } else if ((opts & OPT_REMOVE) != 0) { if ((*ioctlfunc)(fd, del, (void *)&obj) == -1) { if ((opts & OPT_DONOTHING) == 0) { fprintf(stderr, "%d:", ipnat_yylineNum); perror("ioctl(delete nat rule)"); } } } else { if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) { if ((opts & OPT_DONOTHING) == 0) { fprintf(stderr, "%d:", ipnat_yylineNum); perror("ioctl(add/insert nat rule)"); } } } } static YYCONST ipnat_yytabelem ipnat_yyexca[] ={ -1, 1, 0, -1, -2, 9, }; # define YYNPROD 124 # define YYLAST 348 static YYCONST ipnat_yytabelem ipnat_yyact[]={ 194, 63, 124, 85, 126, 64, 60, 50, 49, 210, 201, 124, 208, 126, 141, 142, 143, 195, 222, 184, 97, 47, 189, 62, 171, 98, 96, 38, 38, 37, 37, 137, 51, 123, 125, 122, 38, 81, 37, 40, 40, 134, 214, 125, 105, 69, 92, 41, 40, 41, 18, 19, 34, 34, 156, 225, 16, 17, 89, 118, 90, 34, 132, 148, 139, 82, 57, 38, 139, 37, 89, 157, 90, 109, 220, 175, 79, 76, 211, 40, 71, 76, 152, 153, 168, 6, 5, 89, 75, 173, 219, 191, 75, 190, 144, 59, 31, 28, 206, 202, 197, 177, 162, 154, 83, 209, 94, 200, 120, 121, 193, 170, 188, 102, 136, 35, 131, 86, 21, 159, 135, 95, 104, 53, 129, 48, 23, 196, 192, 128, 67, 72, 127, 212, 39, 73, 204, 130, 203, 106, 176, 161, 181, 36, 116, 57, 145, 42, 26, 32, 221, 207, 43, 44, 108, 22, 3, 140, 8, 55, 2, 58, 7, 29, 30, 27, 163, 24, 25, 55, 65, 61, 68, 68, 46, 15, 117, 100, 87, 14, 87, 70, 91, 84, 77, 99, 74, 74, 78, 55, 93, 66, 101, 13, 12, 11, 10, 20, 9, 4, 1, 87, 45, 119, 33, 103, 133, 54, 151, 107, 0, 0, 0, 0, 0, 0, 138, 0, 88, 149, 0, 146, 147, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 160, 158, 0, 155, 0, 166, 0, 0, 0, 0, 38, 0, 37, 169, 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 178, 150, 0, 0, 52, 41, 182, 0, 89, 34, 90, 183, 110, 111, 113, 115, 112, 114, 185, 89, 160, 90, 80, 164, 165, 186, 167, 179, 56, 0, 0, 0, 0, 172, 174, 199, 160, 0, 0, 0, 0, 198, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 213, 215, 217, 216, 0, 218, 0, 0, 0, 0, 187, 223, 0, 0, 224, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 205 }; static YYCONST ipnat_yytabelem ipnat_yypact[]={ -174, -174,-10000000,-10000000, -220,-10000000, 57,-10000000,-10000000,-10000000, 67, 67, 67, -162, -162, -162,-10000000,-10000000,-10000000,-10000000, -163,-10000000,-10000000,-10000000,-10000000,-10000000, -229, 103,-10000000, -221, -12, 66, -286, -287,-10000000, -15, -221,-10000000, 20,-10000000, -10000000,-10000000, -164, -288, -271, -289, -221, -231,-10000000, -230, -230, -177, -181, 4, -207,-10000000,-10000000, -153,-10000000,-10000000, -221, -291, -190, -187, -190, -233, -221, -261,-10000000, -190, -261, 99,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000, 99, -221, -235, 12, 98, -214, -190, -255, 85, 79,-10000000, -10000000, -210, -221, -238, -252, -252, -208, -274, -165, 101, -252, -252,-10000000, -209,-10000000, -221,-10000000, -187, -185,-10000000, -10000000,-10000000,-10000000,-10000000,-10000000,-10000000, -154, -252, -203, -210, -252,-10000000,-10000000, 94,-10000000,-10000000,-10000000, -155,-10000000, -187, -187, -255, 23,-10000000, -221,-10000000, -260,-10000000,-10000000, -170, -199, 93,-10000000,-10000000, -156, -190,-10000000,-10000000, 12,-10000000, -10000000, -187,-10000000,-10000000, 96,-10000000,-10000000,-10000000, -255,-10000000, -260, -270,-10000000, -190,-10000000,-10000000, -252,-10000000, -187,-10000000, -263,-10000000, -166, -168, 70, -295, -272, 69,-10000000,-10000000, -10000000, -157, -252, -263,-10000000,-10000000,-10000000,-10000000, -282, -158, 91, 89, -187,-10000000,-10000000,-10000000, -159,-10000000,-10000000, -279, -284, -179, 86, -246, -246, -295,-10000000, -282,-10000000, -255, -169,-10000000, -183,-10000000,-10000000,-10000000,-10000000, -269,-10000000,-10000000, -10000000, -284, -204,-10000000,-10000000,-10000000 }; static YYCONST ipnat_yytabelem ipnat_yypgo[]={ 0, 154, 135, 209, 208, 109, 207, 205, 123, 113, 204, 202, 117, 115, 134, 131, 122, 130, 139, 200, 160, 156, 199, 198, 197, 196, 155, 195, 194, 193, 148, 106, 120, 121, 179, 176, 175, 171, 116, 108, 119, 166, 143, 165, 161, 157, 110, 114, 111, 112, 107, 105, 151, 150 }; static YYCONST ipnat_yytabelem ipnat_yyr1[]={ 0, 19, 19, 19, 19, 20, 20, 21, 24, 22, 23, 23, 23, 26, 26, 25, 25, 25, 25, 27, 28, 28, 28, 31, 31, 31, 39, 39, 39, 39, 17, 17, 12, 12, 41, 12, 1, 1, 37, 37, 37, 37, 38, 38, 35, 35, 35, 29, 29, 36, 34, 10, 10, 11, 11, 42, 30, 30, 43, 44, 33, 33, 33, 46, 46, 8, 8, 6, 9, 9, 7, 16, 16, 16, 16, 16, 16, 16, 18, 18, 32, 40, 51, 51, 47, 47, 48, 48, 49, 49, 49, 52, 52, 50, 50, 45, 45, 45, 45, 45, 53, 53, 5, 5, 5, 5, 2, 13, 13, 13, 13, 13, 3, 3, 3, 3, 3, 3, 3, 4, 4, 15, 15, 14 }; static YYCONST ipnat_yytabelem ipnat_yyr2[]={ 0, 2, 2, 4, 4, 5, 2, 9, 3, 1, 4, 4, 4, 0, 2, 15, 15, 15, 15, 15, 19, 17, 15, 0, 13, 13, 0, 3, 3, 7, 3, 9, 3, 7, 1, 9, 3, 3, 0, 5, 9, 9, 5, 7, 0, 5, 5, 3, 3, 3, 3, 9, 11, 9, 11, 3, 3, 7, 3, 3, 13, 9, 11, 0, 3, 3, 7, 3, 3, 7, 3, 3, 3, 7, 7, 7, 7, 7, 5, 7, 12, 14, 0, 5, 0, 3, 0, 3, 0, 5, 9, 0, 3, 0, 5, 0, 3, 3, 3, 7, 5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 15 }; static YYCONST ipnat_yytabelem ipnat_yychk[]={ -10000000, -19, -20, -21, -22, 260, 259, -20, -21, -23, -25, -27, -28, -29, -34, -36, 276, 277, 270, 271, -24, 61, -26, 59, -26, -26, -30, -43, 259, -30, -30, 259, -16, -10, 282, -13, -42, 259, 257, -14, 269, 278, 44, -16, -16, -11, -42, 33, 59, 294, 294, 47, 280, -8, -6, -16, 269, 46, -44, 259, 294, -37, 294, 272, 294, -8, -42, -17, -16, 275, -17, 257, -15, -2, -14, 269, 258, -15, -2, 257, 279, 33, 272, 257, -16, 294, -12, -13, -1, 257, 259, -12, 279, -8, -31, -33, 287, 281, 286, -13, -31, -33, -9, -7, -16, 279, -18, -3, -1, 61, 261, 262, 265, 263, 266, 264, 46, -35, 273, -12, -39, -5, 290, 288, 257, 289, 259, 47, 44, 45, 58, -38, 272, -9, 279, -32, -47, 283, -32, 272, -45, 288, 289, 290, 259, 45, -32, -32, 272, -9, -1, -4, 267, 268, 257, -32, 257, 274, -38, -40, -47, 47, 257, -41, -1, -1, -39, -1, 61, -9, -48, 284, -1, 259, -1, 274, 47, 257, -13, -18, -1, 46, -39, -48, 289, -13, -40, -1, -49, 285, 259, 259, 58, -46, 295, 289, 58, 257, -40, -49, -50, 292, 257, 47, 47, -1, 257, -52, 291, -51, 293, 257, 47, -5, 288, -5, -46, -50, -39, 259, 257, -53, 287, -31, -51, 259 }; static YYCONST ipnat_yytabelem ipnat_yydef[]={ 9, -2, 1, 2, 0, 6, 0, 3, 4, 5, 13, 13, 13, 0, 0, 0, 47, 48, 50, 49, 0, 8, 10, 14, 11, 12, 0, 56, 58, 0, 0, 0, 0, 0, 71, 72, 0, 107, 108, 109, 110, 55, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 65, 67, 111, 0, 57, 59, 0, 0, 0, 0, 0, 0, 0, 23, 30, 0, 23, 73, 74, 75, 121, 122, 106, 76, 77, 0, 0, 0, 0, 0, 44, 0, 26, 32, 39, 36, 37, 0, 0, 0, 84, 84, 0, 95, 0, 0, 84, 84, 51, 68, 70, 0, 66, 0, 0, 112, 113, 114, 115, 116, 117, 118, 0, 84, 0, 0, 84, 27, 28, 103, 102, 104, 105, 0, 34, 0, 0, 26, 0, 53, 0, 15, 86, 85, 16, 0, 0, 96, 97, 98, 0, 0, 17, 18, 0, 52, 78, 0, 119, 120, 0, 19, 45, 46, 26, 22, 86, 0, 33, 0, 40, 41, 84, 42, 0, 54, 88, 87, 0, 0, 0, 63, 0, 0, 31, 69, 79, 0, 84, 88, 29, 35, 21, 43, 93, 0, 0, 0, 0, 61, 64, 99, 0, 123, 20, 91, 82, 0, 89, 0, 0, 63, 62, 93, 92, 26, 0, 94, 0, 24, 103, 25, 60, 23, 80, 83, 90, 82, 0, 101, 81, 100 }; typedef struct #ifdef __cplusplus ipnat_yytoktype #endif { #ifdef __cplusplus const #endif char *t_name; int t_val; } ipnat_yytoktype; #ifndef YYDEBUG # define YYDEBUG 0 /* don't allow debugging */ #endif #if YYDEBUG ipnat_yytoktype ipnat_yytoks[] = { "YY_NUMBER", 257, "YY_HEX", 258, "YY_STR", 259, "YY_COMMENT", 260, "YY_CMP_EQ", 261, "YY_CMP_NE", 262, "YY_CMP_LE", 263, "YY_CMP_GE", 264, "YY_CMP_LT", 265, "YY_CMP_GT", 266, "YY_RANGE_OUT", 267, "YY_RANGE_IN", 268, "YY_IPV6", 269, "IPNY_MAPBLOCK", 270, "IPNY_RDR", 271, "IPNY_PORT", 272, "IPNY_PORTS", 273, "IPNY_AUTO", 274, "IPNY_RANGE", 275, "IPNY_MAP", 276, "IPNY_BIMAP", 277, "IPNY_FROM", 278, "IPNY_TO", 279, "IPNY_MASK", 280, "IPNY_PORTMAP", 281, "IPNY_ANY", 282, "IPNY_ROUNDROBIN", 283, "IPNY_FRAG", 284, "IPNY_AGE", 285, "IPNY_ICMPIDMAP", 286, "IPNY_PROXY", 287, "IPNY_TCP", 288, "IPNY_UDP", 289, "IPNY_TCPUDP", 290, "IPNY_STICKY", 291, "IPNY_MSSCLAMP", 292, "IPNY_TAG", 293, "IPNY_TLATE", 294, "IPNY_SEQUENTIAL", 295, "-unknown-", -1 /* ends search */ }; #ifdef __cplusplus const #endif char * ipnat_yyreds[] = { "-no such reduction-", "file : line", "file : assign", "file : file line", "file : file assign", "line : xx rule", "line : YY_COMMENT", "assign : YY_STR assigning YY_STR ';'", "assigning : '='", "xx : /* empty */", "rule : map eol", "rule : mapblock eol", "rule : redir eol", "eol : /* empty */", "eol : ';'", "map : mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions", "map : mapit ifnames addr IPNY_TLATE rhaddr mapport mapoptions", "map : mapit ifnames mapfrom IPNY_TLATE rhaddr proxy mapoptions", "map : mapit ifnames mapfrom IPNY_TLATE rhaddr mapport mapoptions", "mapblock : mapblockit ifnames addr IPNY_TLATE addr ports mapoptions", "redir : rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions", "redir : rdrit ifnames rdrfrom IPNY_TLATE dip nport setproto rdroptions", "redir : rdrit ifnames addr IPNY_TLATE dip setproto rdroptions", "proxy : /* empty */", "proxy : IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto", "proxy : IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto", "setproto : /* empty */", "setproto : proto", "setproto : IPNY_TCPUDP", "setproto : IPNY_TCP '/' IPNY_UDP", "rhaddr : addr", "rhaddr : IPNY_RANGE hostname '-' hostname", "dip : hostname", "dip : hostname '/' YY_NUMBER", "dip : hostname ','", "dip : hostname ',' hostname", "portspec : YY_NUMBER", "portspec : YY_STR", "dport : /* empty */", "dport : IPNY_PORT portspec", "dport : IPNY_PORT portspec '-' portspec", "dport : IPNY_PORT portspec ':' portspec", "nport : IPNY_PORT portspec", "nport : IPNY_PORT '=' portspec", "ports : /* empty */", "ports : IPNY_PORTS YY_NUMBER", "ports : IPNY_PORTS IPNY_AUTO", "mapit : IPNY_MAP", "mapit : IPNY_BIMAP", "rdrit : IPNY_RDR", "mapblockit : IPNY_MAPBLOCK", "mapfrom : from sobject IPNY_TO dobject", "mapfrom : from sobject '!' IPNY_TO dobject", "rdrfrom : from sobject IPNY_TO dobject", "rdrfrom : '!' from sobject IPNY_TO dobject", "from : IPNY_FROM", "ifnames : ifname", "ifnames : ifname ',' otherifname", "ifname : YY_STR", "otherifname : YY_STR", "mapport : IPNY_PORTMAP tcpudp portspec ':' portspec randport", "mapport : IPNY_PORTMAP tcpudp IPNY_AUTO randport", "mapport : IPNY_ICMPIDMAP YY_STR YY_NUMBER ':' YY_NUMBER", "randport : /* empty */", "randport : IPNY_SEQUENTIAL", "sobject : saddr", "sobject : saddr IPNY_PORT portstuff", "saddr : addr", "dobject : daddr", "dobject : daddr IPNY_PORT portstuff", "daddr : addr", "addr : IPNY_ANY", "addr : hostname", "addr : hostname '/' YY_NUMBER", "addr : hostname '/' ipaddr", "addr : hostname '/' hexnumber", "addr : hostname IPNY_MASK ipaddr", "addr : hostname IPNY_MASK hexnumber", "portstuff : compare portspec", "portstuff : portspec range portspec", "mapoptions : rr frag age mssclamp nattag setproto", "rdroptions : rr frag age sticky mssclamp rdrproxy nattag", "nattag : /* empty */", "nattag : IPNY_TAG YY_STR", "rr : /* empty */", "rr : IPNY_ROUNDROBIN", "frag : /* empty */", "frag : IPNY_FRAG", "age : /* empty */", "age : IPNY_AGE YY_NUMBER", "age : IPNY_AGE YY_NUMBER '/' YY_NUMBER", "sticky : /* empty */", "sticky : IPNY_STICKY", "mssclamp : /* empty */", "mssclamp : IPNY_MSSCLAMP YY_NUMBER", "tcpudp : /* empty */", "tcpudp : IPNY_TCP", "tcpudp : IPNY_UDP", "tcpudp : IPNY_TCPUDP", "tcpudp : IPNY_TCP '/' IPNY_UDP", "rdrproxy : IPNY_PROXY YY_STR", "rdrproxy : proxy", "proto : YY_NUMBER", "proto : IPNY_TCP", "proto : IPNY_UDP", "proto : YY_STR", "hexnumber : YY_HEX", "hostname : YY_STR", "hostname : YY_NUMBER", "hostname : ipv4", "hostname : YY_IPV6", "hostname : YY_NUMBER YY_IPV6", "compare : '='", "compare : YY_CMP_EQ", "compare : YY_CMP_NE", "compare : YY_CMP_LT", "compare : YY_CMP_LE", "compare : YY_CMP_GT", "compare : YY_CMP_GE", "range : YY_RANGE_OUT", "range : YY_RANGE_IN", "ipaddr : ipv4", "ipaddr : YY_IPV6", "ipv4 : YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER", }; #endif /* YYDEBUG */ # line 1 "/usr/share/lib/ccs/yaccpar" /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [ipnat_yyipnat_yy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 1993 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1988 AT&T */ /* All Rights Reserved */ #pragma ident "%Z%%M% %I% %E% SMI" /* ** Skeleton parser driver for yacc output */ /* ** yacc user known macros and defines */ #define YYERROR goto ipnat_yyerrlab #define YYACCEPT return(0) #define YYABORT return(1) #define YYBACKUP( newtoken, newvalue )\ {\ if ( ipnat_yychar >= 0 || ( ipnat_yyr2[ ipnat_yytmp ] >> 1 ) != 1 )\ {\ ipnat_yyerror( "syntax error - cannot backup" );\ goto ipnat_yyerrlab;\ }\ ipnat_yychar = newtoken;\ ipnat_yystate = *ipnat_yyps;\ ipnat_yylval = newvalue;\ goto ipnat_yynewstate;\ } #define YYRECOVERING() (!!ipnat_yyerrflag) #define YYNEW(type) malloc(sizeof(type) * ipnat_yynewmax) #define YYCOPY(to, from, type) \ (type *) memcpy(to, (char *) from, ipnat_yymaxdepth * sizeof (type)) #define YYENLARGE( from, type) \ (type *) realloc((char *) from, ipnat_yynewmax * sizeof(type)) #ifndef YYDEBUG # define YYDEBUG 1 /* make debugging available */ #endif /* ** user known globals */ int ipnat_yydebug; /* set to 1 to get debugging */ /* ** driver internal defines */ #define YYFLAG (-10000000) /* ** global variables used by the parser */ YYSTYPE *ipnat_yypv; /* top of value stack */ int *ipnat_yyps; /* top of state stack */ int ipnat_yystate; /* current state */ int ipnat_yytmp; /* extra var (lasts between blocks) */ int ipnat_yynerrs; /* number of errors */ int ipnat_yyerrflag; /* error recovery flag */ int ipnat_yychar; /* current input token number */ #ifdef YYNMBCHARS #define YYLEX() ipnat_yycvtok(ipnat_yylex()) /* ** ipnat_yycvtok - return a token if i is a wchar_t value that exceeds 255. ** If i<255, i itself is the token. If i>255 but the neither ** of the 30th or 31st bit is on, i is already a token. */ #if defined(__STDC__) || defined(__cplusplus) int ipnat_yycvtok(int i) #else int ipnat_yycvtok(i) int i; #endif { int first = 0; int last = YYNMBCHARS - 1; int mid; wchar_t j; if(i&0x60000000){/*Must convert to a token. */ if( ipnat_yymbchars[last].character < i ){ return i;/*Giving up*/ } while ((last>=first)&&(first>=0)) {/*Binary search loop*/ mid = (first+last)/2; j = ipnat_yymbchars[mid].character; if( j==i ){/*Found*/ return ipnat_yymbchars[mid].tvalue; }else if( j= 0; ipnat_yy_i++ ) { if ( ipnat_yytoks[ipnat_yy_i].t_val == ipnat_yychar ) break; } printf( "%s\n", ipnat_yytoks[ipnat_yy_i].t_name ); } } #endif /* YYDEBUG */ if ( ++ipnat_yy_ps >= &ipnat_yys[ ipnat_yymaxdepth ] ) /* room on stack? */ { /* ** reallocate and recover. Note that pointers ** have to be reset, or bad things will happen */ long ipnat_yyps_index = (ipnat_yy_ps - ipnat_yys); long ipnat_yypv_index = (ipnat_yy_pv - ipnat_yyv); long ipnat_yypvt_index = (ipnat_yypvt - ipnat_yyv); int ipnat_yynewmax; #ifdef YYEXPAND ipnat_yynewmax = YYEXPAND(ipnat_yymaxdepth); #else ipnat_yynewmax = 2 * ipnat_yymaxdepth; /* double table size */ if (ipnat_yymaxdepth == YYMAXDEPTH) /* first time growth */ { char *newipnat_yys = (char *)YYNEW(int); char *newipnat_yyv = (char *)YYNEW(YYSTYPE); if (newipnat_yys != 0 && newipnat_yyv != 0) { ipnat_yys = YYCOPY(newipnat_yys, ipnat_yys, int); ipnat_yyv = YYCOPY(newipnat_yyv, ipnat_yyv, YYSTYPE); } else ipnat_yynewmax = 0; /* failed */ } else /* not first time */ { ipnat_yys = YYENLARGE(ipnat_yys, int); ipnat_yyv = YYENLARGE(ipnat_yyv, YYSTYPE); if (ipnat_yys == 0 || ipnat_yyv == 0) ipnat_yynewmax = 0; /* failed */ } #endif if (ipnat_yynewmax <= ipnat_yymaxdepth) /* tables not expanded */ { ipnat_yyerror( "yacc stack overflow" ); YYABORT; } ipnat_yymaxdepth = ipnat_yynewmax; ipnat_yy_ps = ipnat_yys + ipnat_yyps_index; ipnat_yy_pv = ipnat_yyv + ipnat_yypv_index; ipnat_yypvt = ipnat_yyv + ipnat_yypvt_index; } *ipnat_yy_ps = ipnat_yy_state; *++ipnat_yy_pv = ipnat_yyval; /* ** we have a new state - find out what to do */ ipnat_yy_newstate: if ( ( ipnat_yy_n = ipnat_yypact[ ipnat_yy_state ] ) <= YYFLAG ) goto ipnat_yydefault; /* simple state */ #if YYDEBUG /* ** if debugging, need to mark whether new token grabbed */ ipnat_yytmp = ipnat_yychar < 0; #endif if ( ( ipnat_yychar < 0 ) && ( ( ipnat_yychar = YYLEX() ) < 0 ) ) ipnat_yychar = 0; /* reached EOF */ #if YYDEBUG if ( ipnat_yydebug && ipnat_yytmp ) { register int ipnat_yy_i; printf( "Received token " ); if ( ipnat_yychar == 0 ) printf( "end-of-file\n" ); else if ( ipnat_yychar < 0 ) printf( "-none-\n" ); else { for ( ipnat_yy_i = 0; ipnat_yytoks[ipnat_yy_i].t_val >= 0; ipnat_yy_i++ ) { if ( ipnat_yytoks[ipnat_yy_i].t_val == ipnat_yychar ) break; } printf( "%s\n", ipnat_yytoks[ipnat_yy_i].t_name ); } } #endif /* YYDEBUG */ if ( ( ( ipnat_yy_n += ipnat_yychar ) < 0 ) || ( ipnat_yy_n >= YYLAST ) ) goto ipnat_yydefault; if ( ipnat_yychk[ ipnat_yy_n = ipnat_yyact[ ipnat_yy_n ] ] == ipnat_yychar ) /*valid shift*/ { ipnat_yychar = -1; ipnat_yyval = ipnat_yylval; ipnat_yy_state = ipnat_yy_n; if ( ipnat_yyerrflag > 0 ) ipnat_yyerrflag--; goto ipnat_yy_stack; } ipnat_yydefault: if ( ( ipnat_yy_n = ipnat_yydef[ ipnat_yy_state ] ) == -2 ) { #if YYDEBUG ipnat_yytmp = ipnat_yychar < 0; #endif if ( ( ipnat_yychar < 0 ) && ( ( ipnat_yychar = YYLEX() ) < 0 ) ) ipnat_yychar = 0; /* reached EOF */ #if YYDEBUG if ( ipnat_yydebug && ipnat_yytmp ) { register int ipnat_yy_i; printf( "Received token " ); if ( ipnat_yychar == 0 ) printf( "end-of-file\n" ); else if ( ipnat_yychar < 0 ) printf( "-none-\n" ); else { for ( ipnat_yy_i = 0; ipnat_yytoks[ipnat_yy_i].t_val >= 0; ipnat_yy_i++ ) { if ( ipnat_yytoks[ipnat_yy_i].t_val == ipnat_yychar ) { break; } } printf( "%s\n", ipnat_yytoks[ipnat_yy_i].t_name ); } } #endif /* YYDEBUG */ /* ** look through exception table */ { register YYCONST int *ipnat_yyxi = ipnat_yyexca; while ( ( *ipnat_yyxi != -1 ) || ( ipnat_yyxi[1] != ipnat_yy_state ) ) { ipnat_yyxi += 2; } while ( ( *(ipnat_yyxi += 2) >= 0 ) && ( *ipnat_yyxi != ipnat_yychar ) ) ; if ( ( ipnat_yy_n = ipnat_yyxi[1] ) < 0 ) YYACCEPT; } } /* ** check for syntax error */ if ( ipnat_yy_n == 0 ) /* have an error */ { /* no worry about speed here! */ switch ( ipnat_yyerrflag ) { case 0: /* new error */ ipnat_yyerror( "syntax error" ); goto skip_init; ipnat_yyerrlab: /* ** get globals into registers. ** we have a user generated syntax type error */ ipnat_yy_pv = ipnat_yypv; ipnat_yy_ps = ipnat_yyps; ipnat_yy_state = ipnat_yystate; skip_init: ipnat_yynerrs++; /* FALLTHRU */ case 1: case 2: /* incompletely recovered error */ /* try again... */ ipnat_yyerrflag = 3; /* ** find state where "error" is a legal ** shift action */ while ( ipnat_yy_ps >= ipnat_yys ) { ipnat_yy_n = ipnat_yypact[ *ipnat_yy_ps ] + YYERRCODE; if ( ipnat_yy_n >= 0 && ipnat_yy_n < YYLAST && ipnat_yychk[ipnat_yyact[ipnat_yy_n]] == YYERRCODE) { /* ** simulate shift of "error" */ ipnat_yy_state = ipnat_yyact[ ipnat_yy_n ]; goto ipnat_yy_stack; } /* ** current state has no shift on ** "error", pop stack */ #if YYDEBUG # define _POP_ "Error recovery pops state %d, uncovers state %d\n" if ( ipnat_yydebug ) printf( _POP_, *ipnat_yy_ps, ipnat_yy_ps[-1] ); # undef _POP_ #endif ipnat_yy_ps--; ipnat_yy_pv--; } /* ** there is no state on stack with "error" as ** a valid shift. give up. */ YYABORT; case 3: /* no shift yet; eat a token */ #if YYDEBUG /* ** if debugging, look up token in list of ** pairs. 0 and negative shouldn't occur, ** but since timing doesn't matter when ** debugging, it doesn't hurt to leave the ** tests here. */ if ( ipnat_yydebug ) { register int ipnat_yy_i; printf( "Error recovery discards " ); if ( ipnat_yychar == 0 ) printf( "token end-of-file\n" ); else if ( ipnat_yychar < 0 ) printf( "token -none-\n" ); else { for ( ipnat_yy_i = 0; ipnat_yytoks[ipnat_yy_i].t_val >= 0; ipnat_yy_i++ ) { if ( ipnat_yytoks[ipnat_yy_i].t_val == ipnat_yychar ) { break; } } printf( "token %s\n", ipnat_yytoks[ipnat_yy_i].t_name ); } } #endif /* YYDEBUG */ if ( ipnat_yychar == 0 ) /* reached EOF. quit */ YYABORT; ipnat_yychar = -1; goto ipnat_yy_newstate; } }/* end if ( ipnat_yy_n == 0 ) */ /* ** reduction by production ipnat_yy_n ** put stack tops, etc. so things right after switch */ #if YYDEBUG /* ** if debugging, print the string that is the user's ** specification of the reduction which is just about ** to be done. */ if ( ipnat_yydebug ) printf( "Reduce by (%d) \"%s\"\n", ipnat_yy_n, ipnat_yyreds[ ipnat_yy_n ] ); #endif ipnat_yytmp = ipnat_yy_n; /* value to switch over */ ipnat_yypvt = ipnat_yy_pv; /* $vars top of value stack */ /* ** Look in goto table for next state ** Sorry about using ipnat_yy_state here as temporary ** register variable, but why not, if it works... ** If ipnat_yyr2[ ipnat_yy_n ] doesn't have the low order bit ** set, then there is no action to be done for ** this reduction. So, no saving & unsaving of ** registers done. The only difference between the ** code just after the if and the body of the if is ** the goto ipnat_yy_stack in the body. This way the test ** can be made before the choice of what to do is needed. */ { /* length of production doubled with extra bit */ register int ipnat_yy_len = ipnat_yyr2[ ipnat_yy_n ]; if ( !( ipnat_yy_len & 01 ) ) { ipnat_yy_len >>= 1; ipnat_yyval = ( ipnat_yy_pv -= ipnat_yy_len )[1]; /* $$ = $1 */ ipnat_yy_state = ipnat_yypgo[ ipnat_yy_n = ipnat_yyr1[ ipnat_yy_n ] ] + *( ipnat_yy_ps -= ipnat_yy_len ) + 1; if ( ipnat_yy_state >= YYLAST || ipnat_yychk[ ipnat_yy_state = ipnat_yyact[ ipnat_yy_state ] ] != -ipnat_yy_n ) { ipnat_yy_state = ipnat_yyact[ ipnat_yypgo[ ipnat_yy_n ] ]; } goto ipnat_yy_stack; } ipnat_yy_len >>= 1; ipnat_yyval = ( ipnat_yy_pv -= ipnat_yy_len )[1]; /* $$ = $1 */ ipnat_yy_state = ipnat_yypgo[ ipnat_yy_n = ipnat_yyr1[ ipnat_yy_n ] ] + *( ipnat_yy_ps -= ipnat_yy_len ) + 1; if ( ipnat_yy_state >= YYLAST || ipnat_yychk[ ipnat_yy_state = ipnat_yyact[ ipnat_yy_state ] ] != -ipnat_yy_n ) { ipnat_yy_state = ipnat_yyact[ ipnat_yypgo[ ipnat_yy_n ] ]; } } /* save until reenter driver code */ ipnat_yystate = ipnat_yy_state; ipnat_yyps = ipnat_yy_ps; ipnat_yypv = ipnat_yy_pv; } /* ** code supplied by user is placed in this switch */ switch( ipnat_yytmp ) { case 5: # line 119 "../ipnat_y.y" { while ((nat = nattop) != NULL) { if (nat->in_v == 0) nat->in_v = 4; nattop = nat->in_next; (*nataddfunc)(natfd, natioctlfunc, nat); free(nat); } resetlexer(); } break; case 7: # line 131 "../ipnat_y.y" { set_variable(ipnat_yypvt[-3].str, ipnat_yypvt[-1].str); resetlexer(); free(ipnat_yypvt[-3].str); free(ipnat_yypvt[-1].str); } break; case 8: # line 139 "../ipnat_y.y" { ipnat_yyvarnext = 1; } break; case 9: # line 142 "../ipnat_y.y" { newnatrule(); } break; case 15: # line 154 "../ipnat_y.y" { if (ipnat_yypvt[-4].ipp.v != 0 && ipnat_yypvt[-4].ipp.v != ipnat_yypvt[-2].ipp.v && ipnat_yypvt[-2].ipp.v != 0) ipnat_yyerror("1.address family mismatch"); bcopy(&ipnat_yypvt[-4].ipp.a, &nat->in_in[0], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-4].ipp.m, &nat->in_in[1], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-2].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-2].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_flags & IPN_TCPUDP) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); } break; case 16: # line 171 "../ipnat_y.y" { if (ipnat_yypvt[-4].ipp.v != 0 && ipnat_yypvt[-4].ipp.v != ipnat_yypvt[-2].ipp.v && ipnat_yypvt[-2].ipp.v != 0) ipnat_yyerror("2.address family mismatch"); bcopy(&ipnat_yypvt[-4].ipp.a, &nat->in_in[0], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-4].ipp.m, &nat->in_in[1], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-2].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-2].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); } break; case 17: # line 188 "../ipnat_y.y" { if (ipnat_yypvt[-4].num != 0 && ipnat_yypvt[-4].num != ipnat_yypvt[-2].ipp.v && ipnat_yypvt[-2].ipp.v != 0) ipnat_yyerror("3.address family mismatch"); bcopy(&ipnat_yypvt[-2].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-2].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-2].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_flags & IPN_TCPUDP) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); } break; case 18: # line 203 "../ipnat_y.y" { if (ipnat_yypvt[-4].num != 0 && ipnat_yypvt[-4].num != ipnat_yypvt[-2].ipp.v && ipnat_yypvt[-2].ipp.v != 0) ipnat_yyerror("4.address family mismatch"); bcopy(&ipnat_yypvt[-2].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-2].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-2].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); } break; case 19: # line 221 "../ipnat_y.y" { if (ipnat_yypvt[-4].ipp.v != 0 && ipnat_yypvt[-4].ipp.v != ipnat_yypvt[-2].ipp.v && ipnat_yypvt[-2].ipp.v != 0) ipnat_yyerror("5.address family mismatch"); bcopy(&ipnat_yypvt[-4].ipp.a, &nat->in_in[0], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-4].ipp.m, &nat->in_in[1], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-2].ipp.a)); bcopy(&ipnat_yypvt[-2].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-2].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_flags & IPN_TCPUDP) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); } break; case 20: # line 240 "../ipnat_y.y" { if (ipnat_yypvt[-3].num != 0 && ipnat_yypvt[-6].ipp.v != 0 && ipnat_yypvt[-3].num != ipnat_yypvt[-6].ipp.v) ipnat_yyerror("6.address family mismatch"); bcopy(&ipnat_yypvt[-6].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-6].ipp.a)); bcopy(&ipnat_yypvt[-6].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-6].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); if ((nat->in_p == 0) && ((nat->in_flags & IPN_TCPUDP) == 0) && (nat->in_pmin != 0 || nat->in_pmax != 0 || nat->in_pnext != 0)) setnatproto(IPPROTO_TCP); } break; case 21: # line 256 "../ipnat_y.y" { if (ipnat_yypvt[-3].num != 0 && ipnat_yypvt[-5].num != 0 && ipnat_yypvt[-3].num != ipnat_yypvt[-5].num) ipnat_yyerror("7.address family mismatch"); if ((nat->in_p == 0) && ((nat->in_flags & IPN_TCPUDP) == 0) && (nat->in_pmin != 0 || nat->in_pmax != 0 || nat->in_pnext != 0)) setnatproto(IPPROTO_TCP); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); } break; case 22: # line 270 "../ipnat_y.y" { if (ipnat_yypvt[-2].num != 0 && ipnat_yypvt[-4].ipp.v != 0 && ipnat_yypvt[-2].num != ipnat_yypvt[-4].ipp.v) ipnat_yyerror("8.address family mismatch"); bcopy(&ipnat_yypvt[-4].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-4].ipp.a)); bcopy(&ipnat_yypvt[-4].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-4].ipp.a)); if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); } break; case 24: # line 282 "../ipnat_y.y" { strncpy(nat->in_plabel, ipnat_yypvt[-2].str, sizeof(nat->in_plabel)); if (nat->in_dcmp == 0) { nat->in_dport = htons(ipnat_yypvt[-3].port); } else if (ipnat_yypvt[-3].port != nat->in_dport) { ipnat_yyerror("proxy port numbers not consistant"); } setnatproto(ipnat_yypvt[-0].num); free(ipnat_yypvt[-2].str); } break; case 25: # line 292 "../ipnat_y.y" { int pnum; strncpy(nat->in_plabel, ipnat_yypvt[-2].str, sizeof(nat->in_plabel)); pnum = getportproto(ipnat_yypvt[-3].str, ipnat_yypvt[-0].num); if (pnum == -1) ipnat_yyerror("invalid port number"); nat->in_dport = pnum; setnatproto(ipnat_yypvt[-0].num); free(ipnat_yypvt[-3].str); free(ipnat_yypvt[-2].str); } break; case 27: # line 305 "../ipnat_y.y" { if (nat->in_p != 0 || nat->in_flags & IPN_TCPUDP) ipnat_yyerror("protocol set twice"); setnatproto(ipnat_yypvt[-0].num); } break; case 28: # line 310 "../ipnat_y.y" { if (nat->in_p != 0 || nat->in_flags & IPN_TCPUDP) ipnat_yyerror("protocol set twice"); nat->in_flags |= IPN_TCPUDP; nat->in_p = 0; } break; case 29: # line 316 "../ipnat_y.y" { if (nat->in_p != 0 || nat->in_flags & IPN_TCPUDP) ipnat_yyerror("protocol set twice"); nat->in_flags |= IPN_TCPUDP; nat->in_p = 0; } break; case 30: # line 324 "../ipnat_y.y" { ipnat_yyval.ipp.a = ipnat_yypvt[-0].ipp.a; ipnat_yyval.ipp.m = ipnat_yypvt[-0].ipp.m; ipnat_yyval.ipp.v = ipnat_yypvt[-0].ipp.v; if (ipnat_yyval.ipp.v == 0) ipnat_yyval.ipp.v = nat->in_v; ipnat_yyexpectaddr = 0; } break; case 31: # line 331 "../ipnat_y.y" { if (ipnat_yypvt[-2].ipa.v != 0 && ipnat_yypvt[-0].ipa.v != 0 && ipnat_yypvt[-0].ipa.v != ipnat_yypvt[-2].ipa.v) ipnat_yyerror("9.address family " "mismatch"); ipnat_yyval.ipp.v = ipnat_yypvt[-2].ipa.v; ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; ipnat_yyval.ipp.m = ipnat_yypvt[-0].ipa.a; nat->in_flags |= IPN_IPRANGE; ipnat_yyexpectaddr = 0; } break; case 32: # line 342 "../ipnat_y.y" { bcopy(&ipnat_yypvt[-0].ipa.a, &nat->in_in[0], sizeof(ipnat_yypvt[-0].ipa.a)); if (ipnat_yypvt[-0].ipa.v == 0) ipnat_yypvt[-0].ipa.v = nat->in_v; if (ipnat_yypvt[-0].ipa.v == 4) { nat->in_inmsk = 0xffffffff; } else { nat->in_in[1].i6[0] = 0xffffffff; nat->in_in[1].i6[1] = 0xffffffff; nat->in_in[1].i6[2] = 0xffffffff; nat->in_in[1].i6[3] = 0xffffffff; } ipnat_yyval.num = ipnat_yypvt[-0].ipa.v; } break; case 33: # line 356 "../ipnat_y.y" { if (ipnat_yypvt[-2].ipa.v == 0) ipnat_yypvt[-2].ipa.v = nat->in_v; if (ipnat_yypvt[-2].ipa.v == 4 && (ipnat_yypvt[-2].ipa.a.in4.s_addr != 0 || (ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-0].num != 32))) ipnat_yyerror("Invalid mask for dip"); else if (ipnat_yypvt[-2].ipa.v == 6 && (ipnat_yypvt[-2].ipa.a.in4.s_addr != 0 || (ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-0].num != 128))) ipnat_yyerror("Invalid mask for dip"); else if (ipnat_yypvt[-2].ipa.v == 0 ) { if (ipnat_yypvt[-2].ipa.a.in4.s_addr == 0 && (ipnat_yypvt[-0].num == 32 || ipnat_yypvt[-0].num == 0)) ipnat_yypvt[-2].ipa.v = 4; else if (ipnat_yypvt[-0].num == 128) ipnat_yypvt[-2].ipa.v = 6; } bcopy(&ipnat_yypvt[-2].ipa.a, &nat->in_in[0], sizeof(ipnat_yypvt[-2].ipa.a)); ntomask(ipnat_yypvt[-2].ipa.v, ipnat_yypvt[-0].num, (u_32_t *)&nat->in_in[1]); nat->in_in[0].i6[0] &= nat->in_in[1].i6[0]; nat->in_in[0].i6[0] &= nat->in_in[1].i6[1]; nat->in_in[0].i6[0] &= nat->in_in[1].i6[2]; nat->in_in[0].i6[0] &= nat->in_in[1].i6[3]; nat->in_v = ipnat_yypvt[-2].ipa.v; ipnat_yyval.num = ipnat_yypvt[-2].ipa.v; } break; case 34: # line 384 "../ipnat_y.y" { ipnat_yyexpectaddr = 1; } break; case 35: # line 385 "../ipnat_y.y" { if (ipnat_yypvt[-3].ipa.v != ipnat_yypvt[-0].ipa.v) ipnat_yyerror("10.address family " "mismatch"); ipnat_yyval.num = ipnat_yypvt[-3].ipa.v; nat->in_flags |= IPN_SPLIT; bcopy(&ipnat_yypvt[-3].ipa.a, &nat->in_in[0], sizeof(ipnat_yypvt[-3].ipa.a)); bcopy(&ipnat_yypvt[-0].ipa.a, &nat->in_in[1], sizeof(ipnat_yypvt[-0].ipa.a)); ipnat_yyexpectaddr = 0; } break; case 36: # line 398 "../ipnat_y.y" { if (ipnat_yypvt[-0].num > 65535) /* Unsigned */ ipnat_yyerror("invalid port number"); else ipnat_yyval.port = ipnat_yypvt[-0].num; } break; case 37: # line 403 "../ipnat_y.y" { if (getport(NULL, ipnat_yypvt[-0].str, &(ipnat_yyval.port)) == -1) ipnat_yyerror("invalid port number"); ipnat_yyval.port = ntohs(ipnat_yyval.port); } break; case 39: # line 409 "../ipnat_y.y" { nat->in_pmin = htons(ipnat_yypvt[-0].port); nat->in_pmax = htons(ipnat_yypvt[-0].port); } break; case 40: # line 411 "../ipnat_y.y" { nat->in_pmin = htons(ipnat_yypvt[-2].port); nat->in_pmax = htons(ipnat_yypvt[-0].port); } break; case 41: # line 413 "../ipnat_y.y" { nat->in_pmin = htons(ipnat_yypvt[-2].port); nat->in_pmax = htons(ipnat_yypvt[-0].port); } break; case 42: # line 417 "../ipnat_y.y" { nat->in_pnext = htons(ipnat_yypvt[-0].port); } break; case 43: # line 418 "../ipnat_y.y" { nat->in_pnext = htons(ipnat_yypvt[-0].port); nat->in_flags |= IPN_FIXEDDPORT; } break; case 45: # line 423 "../ipnat_y.y" { nat->in_pmin = ipnat_yypvt[-0].num; } break; case 46: # line 424 "../ipnat_y.y" { nat->in_flags |= IPN_AUTOPORTMAP; } break; case 47: # line 427 "../ipnat_y.y" { nat->in_redir = NAT_MAP; } break; case 48: # line 428 "../ipnat_y.y" { nat->in_redir = NAT_BIMAP; } break; case 49: # line 431 "../ipnat_y.y" { nat->in_redir = NAT_REDIRECT; } break; case 50: # line 435 "../ipnat_y.y" { nat->in_redir = NAT_MAPBLK; } break; case 51: # line 439 "../ipnat_y.y" { if (ipnat_yypvt[-2].num != 0 && ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-2].num != ipnat_yypvt[-0].num) ipnat_yyerror("11.address family " "mismatch"); ipnat_yyval.num = ipnat_yypvt[-2].num; } break; case 52: # line 445 "../ipnat_y.y" { if (ipnat_yypvt[-3].num != 0 && ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-3].num != ipnat_yypvt[-0].num) ipnat_yyerror("12.address family " "mismatch"); nat->in_flags |= IPN_NOTDST; ipnat_yyval.num = ipnat_yypvt[-3].num; } break; case 53: # line 454 "../ipnat_y.y" { if (ipnat_yypvt[-2].num != 0 && ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-2].num != ipnat_yypvt[-0].num) ipnat_yyerror("13.address family " "mismatch"); ipnat_yyval.num = ipnat_yypvt[-2].num; } break; case 54: # line 460 "../ipnat_y.y" { if (ipnat_yypvt[-2].num != 0 && ipnat_yypvt[-0].num != 0 && ipnat_yypvt[-2].num != ipnat_yypvt[-0].num) ipnat_yyerror("14.address family " "mismatch"); nat->in_flags |= IPN_NOTSRC; ipnat_yyval.num = ipnat_yypvt[-2].num; } break; case 55: # line 468 "../ipnat_y.y" { nat->in_flags |= IPN_FILTER; ipnat_yyexpectaddr = 1; } break; case 56: # line 473 "../ipnat_y.y" { ipnat_yyexpectaddr = 1; } break; case 57: # line 474 "../ipnat_y.y" { ipnat_yyexpectaddr = 1; } break; case 58: # line 477 "../ipnat_y.y" { strncpy(nat->in_ifnames[0], ipnat_yypvt[-0].str, sizeof(nat->in_ifnames[0])); nat->in_ifnames[0][LIFNAMSIZ - 1] = '\0'; free(ipnat_yypvt[-0].str); } break; case 59: # line 485 "../ipnat_y.y" { strncpy(nat->in_ifnames[1], ipnat_yypvt[-0].str, sizeof(nat->in_ifnames[1])); nat->in_ifnames[1][LIFNAMSIZ - 1] = '\0'; free(ipnat_yypvt[-0].str); } break; case 60: # line 494 "../ipnat_y.y" { nat->in_pmin = htons(ipnat_yypvt[-3].port); nat->in_pmax = htons(ipnat_yypvt[-1].port); } break; case 61: # line 498 "../ipnat_y.y" { nat->in_flags |= IPN_AUTOPORTMAP; nat->in_pmin = htons(1024); nat->in_pmax = htons(65535); } break; case 62: # line 503 "../ipnat_y.y" { if (strcmp(ipnat_yypvt[-3].str, "icmp") != 0) { ipnat_yyerror("icmpidmap not followed by icmp"); } free(ipnat_yypvt[-3].str); if (ipnat_yypvt[-2].num < 0 || ipnat_yypvt[-2].num > 65535) ipnat_yyerror("invalid ICMP Id number"); if (ipnat_yypvt[-0].num < 0 || ipnat_yypvt[-0].num > 65535) ipnat_yyerror("invalid ICMP Id number"); nat->in_flags = IPN_ICMPQUERY; nat->in_pmin = htons(ipnat_yypvt[-2].num); nat->in_pmax = htons(ipnat_yypvt[-0].num); } break; case 64: # line 518 "../ipnat_y.y" { nat->in_flags |= IPN_SEQUENTIAL; } break; case 65: # line 522 "../ipnat_y.y" { ipnat_yyval.num = ipnat_yypvt[-0].num; } break; case 66: # line 523 "../ipnat_y.y" { nat->in_sport = ipnat_yypvt[-0].pc.p1; nat->in_stop = ipnat_yypvt[-0].pc.p2; nat->in_scmp = ipnat_yypvt[-0].pc.pc; ipnat_yyval.num = ipnat_yypvt[-2].num; } break; case 67: # line 530 "../ipnat_y.y" { if (nat->in_redir == NAT_REDIRECT) { bcopy(&ipnat_yypvt[-0].ipp.a, &nat->in_src[0], sizeof(ipnat_yypvt[-0].ipp.a)); bcopy(&ipnat_yypvt[-0].ipp.m, &nat->in_src[1], sizeof(ipnat_yypvt[-0].ipp.a)); } else { bcopy(&ipnat_yypvt[-0].ipp.a, &nat->in_in[0], sizeof(ipnat_yypvt[-0].ipp.a)); bcopy(&ipnat_yypvt[-0].ipp.m, &nat->in_in[1], sizeof(ipnat_yypvt[-0].ipp.a)); } ipnat_yyval.num = ipnat_yypvt[-0].ipp.v; } break; case 68: # line 546 "../ipnat_y.y" { ipnat_yyval.num = ipnat_yypvt[-0].num; } break; case 69: # line 547 "../ipnat_y.y" { nat->in_dport = ipnat_yypvt[-0].pc.p1; nat->in_dtop = ipnat_yypvt[-0].pc.p2; nat->in_dcmp = ipnat_yypvt[-0].pc.pc; if (nat->in_redir == NAT_REDIRECT) nat->in_pmin = htons(ipnat_yypvt[-0].pc.p1); } break; case 70: # line 555 "../ipnat_y.y" { if (nat->in_redir == NAT_REDIRECT) { bcopy(&ipnat_yypvt[-0].ipp.a, &nat->in_out[0], sizeof(ipnat_yypvt[-0].ipp.a)); bcopy(&ipnat_yypvt[-0].ipp.m, &nat->in_out[1], sizeof(ipnat_yypvt[-0].ipp.a)); } else { bcopy(&ipnat_yypvt[-0].ipp.a, &nat->in_src[0], sizeof(ipnat_yypvt[-0].ipp.a)); bcopy(&ipnat_yypvt[-0].ipp.m, &nat->in_src[1], sizeof(ipnat_yypvt[-0].ipp.a)); } ipnat_yyval.num = ipnat_yypvt[-0].ipp.v; } break; case 71: # line 570 "../ipnat_y.y" { ipnat_yyexpectaddr = 0; bzero(&ipnat_yyval.ipp.a, sizeof(ipnat_yyval.ipp.a)); bzero(&ipnat_yyval.ipp.m, sizeof(ipnat_yyval.ipp.a)); ipnat_yyval.ipp.v = nat->in_v; } break; case 72: # line 575 "../ipnat_y.y" { ipnat_yyval.ipp.a = ipnat_yypvt[-0].ipa.a; ipnat_yyval.ipp.v = ipnat_yypvt[-0].ipa.v; if (ipnat_yyval.ipp.v == 4) { ipnat_yyval.ipp.m.in4.s_addr = 0xffffffff; } else { ipnat_yyval.ipp.m.i6[0] = 0xffffffff; ipnat_yyval.ipp.m.i6[1] = 0xffffffff; ipnat_yyval.ipp.m.i6[2] = 0xffffffff; ipnat_yyval.ipp.m.i6[3] = 0xffffffff; } ipnat_yyexpectaddr = 0; } break; case 73: # line 587 "../ipnat_y.y" { ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; if (ipnat_yypvt[-2].ipa.v == 0) { if (ipnat_yypvt[-2].ipa.a.in4.s_addr != 0) ipnat_yyerror("invalid addr"); if (ipnat_yypvt[-0].num == 0 || ipnat_yypvt[-0].num == 32) ipnat_yypvt[-2].ipa.v = 4; else if (ipnat_yypvt[-0].num == 128) ipnat_yypvt[-2].ipa.v = 6; else ipnat_yyerror("invalid mask"); nat->in_v = ipnat_yypvt[-2].ipa.v; } ntomask(ipnat_yypvt[-2].ipa.v, ipnat_yypvt[-0].num, (u_32_t *)&ipnat_yyval.ipp.m); ipnat_yyval.ipp.a.i6[0] &= ipnat_yyval.ipp.m.i6[0]; ipnat_yyval.ipp.a.i6[1] &= ipnat_yyval.ipp.m.i6[1]; ipnat_yyval.ipp.a.i6[2] &= ipnat_yyval.ipp.m.i6[2]; ipnat_yyval.ipp.a.i6[3] &= ipnat_yyval.ipp.m.i6[3]; ipnat_yyval.ipp.v = ipnat_yypvt[-2].ipa.v; ipnat_yyexpectaddr = 0; } break; case 74: # line 607 "../ipnat_y.y" { if (ipnat_yypvt[-2].ipa.v != ipnat_yypvt[-0].ipa.v) { ipnat_yyerror("1.address family " "mismatch"); } ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; ipnat_yyval.ipp.m = ipnat_yypvt[-0].ipa.a; ipnat_yyval.ipp.a.i6[0] &= ipnat_yyval.ipp.m.i6[0]; ipnat_yyval.ipp.a.i6[1] &= ipnat_yyval.ipp.m.i6[1]; ipnat_yyval.ipp.a.i6[2] &= ipnat_yyval.ipp.m.i6[2]; ipnat_yyval.ipp.a.i6[3] &= ipnat_yyval.ipp.m.i6[3]; ipnat_yyval.ipp.v = ipnat_yypvt[-2].ipa.v; ipnat_yyexpectaddr = 0; } break; case 75: # line 620 "../ipnat_y.y" { ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; ipnat_yyval.ipp.m.in4.s_addr = htonl(ipnat_yypvt[-0].num); ipnat_yyval.ipp.a.in4.s_addr &= ipnat_yyval.ipp.m.in4.s_addr; ipnat_yyval.ipp.v = 4; } break; case 76: # line 625 "../ipnat_y.y" { if (ipnat_yypvt[-2].ipa.v != ipnat_yypvt[-0].ipa.v) { ipnat_yyerror("2.address family " "mismatch"); } ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; ipnat_yyval.ipp.m = ipnat_yypvt[-0].ipa.a; ipnat_yyval.ipp.a.i6[0] &= ipnat_yyval.ipp.m.i6[0]; ipnat_yyval.ipp.a.i6[1] &= ipnat_yyval.ipp.m.i6[1]; ipnat_yyval.ipp.a.i6[2] &= ipnat_yyval.ipp.m.i6[2]; ipnat_yyval.ipp.a.i6[3] &= ipnat_yyval.ipp.m.i6[3]; ipnat_yyval.ipp.v = ipnat_yypvt[-2].ipa.v; ipnat_yyexpectaddr = 0; } break; case 77: # line 638 "../ipnat_y.y" { ipnat_yyval.ipp.a = ipnat_yypvt[-2].ipa.a; ipnat_yyval.ipp.m.in4.s_addr = htonl(ipnat_yypvt[-0].num); ipnat_yyval.ipp.a.in4.s_addr &= ipnat_yyval.ipp.m.in4.s_addr; ipnat_yyval.ipp.v = 4; } break; case 78: # line 646 "../ipnat_y.y" { ipnat_yyval.pc.pc = ipnat_yypvt[-1].num; ipnat_yyval.pc.p1 = ipnat_yypvt[-0].port; } break; case 79: # line 647 "../ipnat_y.y" { ipnat_yyval.pc.pc = ipnat_yypvt[-1].num; ipnat_yyval.pc.p1 = ipnat_yypvt[-2].port; ipnat_yyval.pc.p2 = ipnat_yypvt[-0].port; } break; case 83: # line 658 "../ipnat_y.y" { strncpy(nat->in_tag.ipt_tag, ipnat_yypvt[-0].str, sizeof(nat->in_tag.ipt_tag)); } break; case 85: # line 662 "../ipnat_y.y" { nat->in_flags |= IPN_ROUNDR; } break; case 87: # line 665 "../ipnat_y.y" { nat->in_flags |= IPN_FRAG; } break; case 89: # line 668 "../ipnat_y.y" { nat->in_age[0] = ipnat_yypvt[-0].num; nat->in_age[1] = ipnat_yypvt[-0].num; } break; case 90: # line 670 "../ipnat_y.y" { nat->in_age[0] = ipnat_yypvt[-2].num; nat->in_age[1] = ipnat_yypvt[-0].num; } break; case 92: # line 674 "../ipnat_y.y" { if (!(nat->in_flags & IPN_ROUNDR) && !(nat->in_flags & IPN_SPLIT)) { fprintf(stderr, "'sticky' for use with round-robin/IP splitting only\n"); } else nat->in_flags |= IPN_STICKY; } break; case 94: # line 684 "../ipnat_y.y" { nat->in_mssclamp = ipnat_yypvt[-0].num; } break; case 96: # line 687 "../ipnat_y.y" { setnatproto(IPPROTO_TCP); } break; case 97: # line 688 "../ipnat_y.y" { setnatproto(IPPROTO_UDP); } break; case 98: # line 689 "../ipnat_y.y" { nat->in_flags |= IPN_TCPUDP; nat->in_p = 0; } break; case 99: # line 692 "../ipnat_y.y" { nat->in_flags |= IPN_TCPUDP; nat->in_p = 0; } break; case 100: # line 699 "../ipnat_y.y" { strncpy(nat->in_plabel, ipnat_yypvt[-0].str, sizeof(nat->in_plabel)); nat->in_dport = nat->in_pnext; nat->in_dport = htons(nat->in_dport); free(ipnat_yypvt[-0].str); } break; case 101: # line 705 "../ipnat_y.y" { if (nat->in_plabel[0] != '\0') { nat->in_pmin = nat->in_dport; nat->in_pmax = nat->in_pmin; nat->in_pnext = nat->in_pmin; } } break; case 102: # line 713 "../ipnat_y.y" { ipnat_yyval.num = ipnat_yypvt[-0].num; } break; case 103: # line 714 "../ipnat_y.y" { ipnat_yyval.num = IPPROTO_TCP; } break; case 104: # line 715 "../ipnat_y.y" { ipnat_yyval.num = IPPROTO_UDP; } break; case 105: # line 716 "../ipnat_y.y" { ipnat_yyval.num = getproto(ipnat_yypvt[-0].str); free(ipnat_yypvt[-0].str); } break; case 106: # line 720 "../ipnat_y.y" { ipnat_yyval.num = ipnat_yypvt[-0].num; } break; case 107: # line 724 "../ipnat_y.y" { i6addr_t addr; if (gethost(ipnat_yypvt[-0].str, &addr, 0) == 0) { ipnat_yyval.ipa.a = addr; ipnat_yyval.ipa.v = 4; } else if (gethost(ipnat_yypvt[-0].str, &addr, 1) == 0) { ipnat_yyval.ipa.a = addr; ipnat_yyval.ipa.v = 6; } else { ipnat_yyerror("Unknown hostname"); } if (ipnat_yyval.ipa.v != 0) nat->in_v = ipnat_yyval.ipa.v; free(ipnat_yypvt[-0].str); } break; case 108: # line 739 "../ipnat_y.y" { bzero(&ipnat_yyval.ipa.a, sizeof(ipnat_yyval.ipa.a)); ipnat_yyval.ipa.a.in4.s_addr = htonl(ipnat_yypvt[-0].num); if (ipnat_yyval.ipa.a.in4.s_addr != 0) ipnat_yyval.ipa.v = 4; else ipnat_yyval.ipa.v = nat->in_v; if (ipnat_yyval.ipa.v != 0) nat->in_v = ipnat_yyval.ipa.v; } break; case 109: # line 748 "../ipnat_y.y" { ipnat_yyval.ipa = ipnat_yypvt[-0].ipa; nat->in_v = 4; } break; case 110: # line 751 "../ipnat_y.y" { ipnat_yyval.ipa.a = ipnat_yypvt[-0].ip6; ipnat_yyval.ipa.v = 6; nat->in_v = 6; } break; case 111: # line 755 "../ipnat_y.y" { ipnat_yyval.ipa.a = ipnat_yypvt[-0].ip6; ipnat_yyval.ipa.v = 6; } break; case 112: # line 761 "../ipnat_y.y" { ipnat_yyval.num = FR_EQUAL; } break; case 113: # line 762 "../ipnat_y.y" { ipnat_yyval.num = FR_EQUAL; } break; case 114: # line 763 "../ipnat_y.y" { ipnat_yyval.num = FR_NEQUAL; } break; case 115: # line 764 "../ipnat_y.y" { ipnat_yyval.num = FR_LESST; } break; case 116: # line 765 "../ipnat_y.y" { ipnat_yyval.num = FR_LESSTE; } break; case 117: # line 766 "../ipnat_y.y" { ipnat_yyval.num = FR_GREATERT; } break; case 118: # line 767 "../ipnat_y.y" { ipnat_yyval.num = FR_GREATERTE; } break; case 119: # line 770 "../ipnat_y.y" { ipnat_yyval.num = FR_OUTRANGE; } break; case 120: # line 771 "../ipnat_y.y" { ipnat_yyval.num = FR_INRANGE; } break; case 121: # line 774 "../ipnat_y.y" { ipnat_yyval.ipa = ipnat_yypvt[-0].ipa; } break; case 122: # line 775 "../ipnat_y.y" { ipnat_yyval.ipa.a = ipnat_yypvt[-0].ip6; ipnat_yyval.ipa.v = 6; } break; case 123: # line 781 "../ipnat_y.y" { if (ipnat_yypvt[-6].num > 255 || ipnat_yypvt[-4].num > 255 || ipnat_yypvt[-2].num > 255 || ipnat_yypvt[-0].num > 255) { ipnat_yyerror("Invalid octet string for IP address"); return 0; } ipnat_yyval.ipa.a.in4.s_addr = (ipnat_yypvt[-6].num << 24) | (ipnat_yypvt[-4].num << 16) | (ipnat_yypvt[-2].num << 8) | ipnat_yypvt[-0].num; ipnat_yyval.ipa.a.in4.s_addr = htonl(ipnat_yyval.ipa.a.in4.s_addr); ipnat_yyval.ipa.v = 4; } break; # line 556 "/usr/share/lib/ccs/yaccpar" } goto ipnat_yystack; /* reset registers in driver code */ }