1 /* 2 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 %{ 33 #include <sys/types.h> 34 #include <sys/param.h> 35 #include <sys/socket.h> 36 #include <net/route.h> 37 #include <net/pfkeyv2.h> 38 #include <netkey/keydb.h> 39 #include <netkey/key_debug.h> 40 #include <netinet/in.h> 41 #include <netinet6/ipsec.h> 42 43 #include <stdlib.h> 44 #include <limits.h> 45 #include <string.h> 46 #include <unistd.h> 47 #include <errno.h> 48 #include "vchar.h" 49 #include "y.tab.h" 50 51 #define DECHO \ 52 if (f_debug) {printf("<%d>", yy_start); ECHO ; printf("\n"); } 53 54 #define CMDARG \ 55 { \ 56 char *__buf__ = strdup(yytext), *__p__; \ 57 for (__p__ = __buf__; *__p__ != NULL; __p__++) \ 58 if (*__p__ == '\n' || *__p__ == '\t') \ 59 *__p__ = ' '; \ 60 strcat(cmdarg, __buf__); \ 61 free(__buf__); \ 62 } 63 64 #define PREPROC DECHO CMDARG 65 66 int lineno = 1; 67 char cmdarg[8192]; /* XXX: BUFSIZ is the better ? */ 68 69 extern u_char m_buf[BUFSIZ]; 70 extern u_int m_len; 71 extern int f_debug; 72 73 int yylex __P((void)); 74 void yyerror __P((char *s)); 75 extern void parse_init __P((void)); 76 int parse __P((FILE **)); 77 int yyparse __P((void)); 78 79 %} 80 81 /* common section */ 82 nl \n 83 ws [ \t]+ 84 digit [0-9] 85 letter [0-9A-Za-z] 86 hexdigit [0-9A-Fa-f] 87 /*octet (([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5])))*/ 88 special [()+\|\?\*,] 89 dot \. 90 comma \, 91 hyphen \- 92 colon \: 93 slash \/ 94 bcl \{ 95 ecl \} 96 blcl \[ 97 elcl \] 98 percent \% 99 semi \; 100 usec {dot}{digit}{1,6} 101 comment \#.* 102 ccomment "/*" 103 bracketstring \<[^>]*\> 104 quotedstring \"[^"]*\" 105 decstring {digit}+ 106 hexpair {hexdigit}{hexdigit} 107 hexstring 0[xX]{hexdigit}+ 108 octetstring {octet}({dot}{octet})+ 109 ipaddress {ipv4addr}|{ipv6addr} 110 ipv4addr {digit}{1,3}({dot}{digit}{1,3}){0,3} 111 ipv6addr {hexdigit}{0,4}({colon}{hexdigit}{0,4}){2,7}(%{letter}{letter}+)? 112 ipaddrmask {slash}{digit}{1,3} 113 ipaddrport {blcl}{decstring}{elcl} 114 keyword {letter}{letter}+ 115 name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))* 116 hostname {name}(({dot}{name})+{dot}?)? 117 118 %s S_PL 119 120 %% 121 122 add { PREPROC; return(ADD); } 123 delete { PREPROC; return(DELETE); } 124 get { PREPROC; return(GET); } 125 flush { PREPROC; return(FLUSH); } 126 dump { PREPROC; return(DUMP); } 127 128 /* for management SPD */ 129 spdadd { PREPROC; return(SPDADD); } 130 spddelete { PREPROC; return(SPDDELETE); } 131 spddump { PREPROC; return(SPDDUMP); } 132 spdflush { PREPROC; return(SPDFLUSH); } 133 {hyphen}P { BEGIN S_PL; PREPROC; return(F_POLICY); } 134 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.\-_/ \n\t]* { 135 yymore(); 136 137 /* count up for nl */ 138 { 139 char *p; 140 for (p = yytext; *p != NULL; p++) 141 if (*p == '\n') 142 lineno++; 143 } 144 145 yylval.val.len = strlen(yytext); 146 yylval.val.buf = strdup(yytext); 147 148 return(PL_REQUESTS); 149 } 150 <S_PL>{semi} { PREPROC; BEGIN INITIAL; return(EOT); } 151 152 /* security protocols */ 153 ah { PREPROC; yylval.num = 0; return(PR_AH); } 154 esp { PREPROC; yylval.num = 0; return(PR_ESP); } 155 ah-old { PREPROC; yylval.num = 1; return(PR_AH); } 156 esp-old { PREPROC; yylval.num = 1; return(PR_ESP); } 157 ipcomp { PREPROC; yylval.num = 0; return(PR_IPCOMP); } 158 159 /* authentication alogorithm */ 160 {hyphen}A { PREPROC; return(F_AUTH); } 161 hmac-md5 { PREPROC; yylval.num = SADB_AALG_MD5HMAC; return(ALG_AUTH); } 162 hmac-sha1 { PREPROC; yylval.num = SADB_AALG_SHA1HMAC; return(ALG_AUTH); } 163 keyed-md5 { PREPROC; yylval.num = SADB_AALG_MD5; return(ALG_AUTH); } 164 keyed-sha1 { PREPROC; yylval.num = SADB_AALG_SHA; return(ALG_AUTH); } 165 null { PREPROC; yylval.num = SADB_AALG_NULL; return(ALG_AUTH); } 166 167 /* encryption alogorithm */ 168 {hyphen}E { PREPROC; return(F_ENC); } 169 des-cbc { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC); } 170 3des-cbc { PREPROC; yylval.num = SADB_EALG_3DESCBC; return(ALG_ENC); } 171 simple { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); } 172 blowfish-cbc { PREPROC; yylval.num = SADB_EALG_BLOWFISHCBC; return(ALG_ENC); } 173 cast128-cbc { PREPROC; yylval.num = SADB_EALG_CAST128CBC; return(ALG_ENC); } 174 rc5-cbc { PREPROC; yylval.num = SADB_EALG_RC5CBC; return(ALG_ENC); } 175 des-deriv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DESDERIV); } 176 des-32iv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DES32IV); } 177 178 /* compression algorithms */ 179 {hyphen}C { PREPROC; return(F_COMP); } 180 oui { PREPROC; yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); } 181 deflate { PREPROC; yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); } 182 lzs { PREPROC; yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); } 183 {hyphen}R { PREPROC; return(F_RAWCPI); } 184 185 /* extension */ 186 {hyphen}m { PREPROC; return(F_MODE); } 187 transport { PREPROC; yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } 188 tunnel { PREPROC; yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } 189 {hyphen}f { PREPROC; return(F_EXT); } 190 random-pad { PREPROC; yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); } 191 seq-pad { PREPROC; yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); } 192 zero-pad { PREPROC; yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); } 193 cyclic-seq { PREPROC; yylval.num = SADB_X_EXT_CYCSEQ; return(EXTENSION); } 194 {hyphen}r { PREPROC; return(F_REPLAY); } 195 {hyphen}lh { PREPROC; return(F_LIFETIME_HARD); } 196 {hyphen}ls { PREPROC; return(F_LIFETIME_SOFT); } 197 198 199 /* upper layer protocols */ 200 icmp { PREPROC; yylval.num = IPPROTO_ICMP; return(UP_PROTO); } 201 icmp6 { PREPROC; yylval.num = IPPROTO_ICMPV6; return(UP_PROTO); } 202 tcp { PREPROC; yylval.num = IPPROTO_TCP; return(UP_PROTO); } 203 udp { PREPROC; yylval.num = IPPROTO_UDP; return(UP_PROTO); } 204 205 /* ... */ 206 any { PREPROC; return(ANY); } 207 {ws} { PREPROC; } 208 {nl} { lineno++; } 209 {comment} 210 {semi} { PREPROC; return(EOT); } 211 212 /* parameter */ 213 {decstring} { 214 char *bp; 215 216 PREPROC; 217 yylval.num = strtol(yytext, &bp, 10); 218 return(DECSTRING); 219 } 220 221 {ipv4addr} { 222 /* 223 * I can't supprt the type without dot, 224 * because it's umbiguous against {decstring}. 225 * e.g. 127 226 */ 227 PREPROC; 228 229 yylval.val.len = sizeof(struct sockaddr_in); 230 yylval.val.buf = strdup(yytext); 231 232 return(IP4_ADDRESS); 233 } 234 235 {ipv6addr} { 236 #ifdef INET6 237 PREPROC; 238 239 yylval.val.len = sizeof(struct sockaddr_in6); 240 yylval.val.buf = strdup(yytext); 241 242 return(IP6_ADDRESS); 243 #else 244 yyerror("IPv6 address not supported"); 245 #endif 246 } 247 248 {ipaddrmask} { 249 PREPROC; 250 yytext++; 251 yylval.num = atoi(yytext); 252 return(PREFIX); 253 } 254 255 {ipaddrport} { 256 char *p = yytext; 257 PREPROC; 258 while (*++p != ']') ; 259 *p = NULL; 260 yytext++; 261 yylval.num = atoi(yytext); 262 return(PORT); 263 } 264 265 {blcl}any{elcl} { 266 char *p = yytext; 267 PREPROC; 268 return(PORTANY); 269 } 270 271 {hexstring} { 272 int len = yyleng - 2; /* (str - "0x") */ 273 PREPROC; 274 yylval.val.len = (len & 1) + (len / 2); 275 /* fixed string if length is odd. */ 276 if (len & 1) { 277 yytext[1] = '0'; 278 yylval.val.buf = strdup(yytext + 1); 279 } else 280 yylval.val.buf = strdup(yytext + 2); 281 282 return(HEXSTRING); 283 } 284 285 {quotedstring} { 286 char *p = yytext; 287 PREPROC; 288 while (*++p != '"') ; 289 *p = NULL; 290 yytext++; 291 yylval.val.len = yyleng - 2; 292 yylval.val.buf = strdup(yytext); 293 294 return(QUOTEDSTRING); 295 } 296 297 . { yyerror("Syntax error"); } 298 299 %% 300 301 void 302 yyerror(char *s) 303 { 304 printf("line %d: %s at [%s]\n", lineno, s, yytext); 305 } 306 307 int 308 parse(fp) 309 FILE **fp; 310 { 311 yyin = *fp; 312 313 parse_init(); 314 315 if (yyparse()) { 316 printf("parse failed, line %d.\n", lineno); 317 return(-1); 318 } 319 320 return(0); 321 } 322 323