git.saurik.com Git - apple/ipsec.git/blame_incremental

... / ...

Commit	Line	Data
	1	/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	%option noyywrap
	33	%{
	34
	35	#ifdef HAVE_CONFIG_H
	36	#include "config.h"
	37	#endif
	38
	39	#include <sys/types.h>
	40	#include <sys/param.h>
	41	#include <sys/socket.h>
	42	#include <net/pfkeyv2.h>
	43	#include <netinet/in.h>
	44	#ifdef HAVE_NETINET6_IPSEC
	45	# include <netinet6/ipsec.h>
	46	#else
	47	# include <netinet/ipsec.h>
	48	#endif
	49
	50	#include <stdlib.h>
	51	#include <limits.h>
	52	#include <string.h>
	53	#include <unistd.h>
	54	#include <errno.h>
	55	#include <netdb.h>
	56
	57	#include "vchar.h"
	58	#include "y.tab.h"
	59
	60	#include "extern.h"
	61
	62	/* make the code compile on BSD-current /
	63	#ifndef SADB_X_AALG_SHA2_256
	64	#define SADB_X_AALG_SHA2_256 (-1)
	65	#endif
	66	#ifndef SADB_X_AALG_SHA2_384
	67	#define SADB_X_AALG_SHA2_384 (-1)
	68	#endif
	69	#ifndef SADB_X_AALG_SHA2_512
	70	#define SADB_X_AALG_SHA2_512 (-1)
	71	#endif
	72	#ifndef SADB_X_AALG_RIPEMD160HMAC
	73	#define SADB_X_AALG_RIPEMD160HMAC (-1)
	74	#endif
	75	#ifndef SADB_X_AALG_AES_XCBC_MAC
	76	#define SADB_X_AALG_AES_XCBC_MAC (-1)
	77	#endif
	78	#ifndef SADB_X_EALG_TWOFISHCBC
	79	#define SADB_X_EALG_TWOFISHCBC (-1)
	80	#endif
	81	#ifndef SADB_X_EALG_AESCTR
	82	#define SADB_X_EALG_AESCTR (-1)
	83	#endif
	84	%}
	85
	86	/* common section */
	87	nl \n
	88	ws [ \t]+
	89	digit [0-9]
	90	letter [0-9A-Za-z]
	91	hexdigit [0-9A-Fa-f]
	92	dot \.
	93	hyphen \-
	94	slash \/
	95	blcl \[
	96	elcl \]
	97	semi \;
	98	comment \#.*
	99	quotedstring \"[^"]*\"
	100	decstring {digit}+
	101	hexstring 0[xX]{hexdigit}+
	102	ipaddress [a-fA-F0-9:]([a-fA-F0-9:\.]\|[a-fA-F0-9:\.]%[a-zA-Z0-9]*)
	103	ipaddrmask {slash}{digit}{1,3}
	104	name {letter}(({letter}\|{digit}\|{hyphen})({letter}\|{digit}))
	105	hostname {name}(({dot}{name})+{dot}?)?
	106
	107	%s S_PL S_AUTHALG S_ENCALG
	108
	109	%%
	110
	111	add { return(ADD); }
	112	delete { return(DELETE); }
	113	deleteall { return(DELETEALL); }
	114	get { return(GET); }
	115	flush { return(FLUSH); }
	116	dump { return(DUMP); }
	117	exit { return(EXIT); }
	118	quit { return(EXIT); }
	119	bye { return(EXIT); }
	120
	121	/* for management SPD */
	122	spdadd { return(SPDADD); }
	123	spddelete { return(SPDDELETE); }
	124	spddump { return(SPDDUMP); }
	125	spdflush { return(SPDFLUSH); }
	126	tagged { return(TAGGED); }
	127	{hyphen}P { BEGIN S_PL; return(F_POLICY); }
	128	<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* {
	129	yymore();
	130
	131	/* count up for nl */
	132	{
	133	char *p;
	134	for (p = yytext; *p != '\0'; p++)
	135	if (*p == '\n')
	136	lineno++;
	137	}
	138
	139	yylval.val.len = strlen(yytext);
	140	yylval.val.buf = strdup(yytext);
	141	if (!yylval.val.buf)
	142	yyfatal("insufficient memory");
	143
	144	return(PL_REQUESTS);
	145	}
	146	<S_PL>{semi} { BEGIN INITIAL; return(EOT); }
	147
	148	/* address resolution flags */
	149	{hyphen}[n46][n46]* {
	150	yylval.val.len = strlen(yytext);
	151	yylval.val.buf = strdup(yytext);
	152	if (!yylval.val.buf)
	153	yyfatal("insufficient memory");
	154	return(F_AIFLAGS);
	155	}
	156
	157	/* security protocols */
	158	ah { yylval.num = 0; return(PR_AH); }
	159	esp { yylval.num = 0; return(PR_ESP); }
	160	ah-old { yylval.num = 1; return(PR_AH); }
	161	esp-old { yylval.num = 1; return(PR_ESP); }
	162	esp-udp { yylval.num = 0; return(PR_ESPUDP); }
	163	ipcomp { yylval.num = 0; return(PR_IPCOMP); }
	164	tcp {
	165	yylval.num = 0; return(PR_TCP);
	166	}
	167
	168	/* authentication alogorithm */
	169	{hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); }
	170	<S_AUTHALG>hmac-md5 { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
	171	<S_AUTHALG>hmac-sha1 { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
	172	<S_AUTHALG>keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
	173	<S_AUTHALG>keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
	174	<S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
	175	<S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
	176	<S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
	177	<S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
	178	<S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
	179	<S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
	180	<S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
	181	<S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
	182	<S_AUTHALG>tcp-md5 {
	183	#ifdef SADB_X_AALG_TCP_MD5
	184	yylval.num = SADB_X_AALG_TCP_MD5;
	185	BEGIN INITIAL;
	186	return(ALG_AUTH);
	187	#endif
	188	}
	189	<S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
	190
	191	/* encryption alogorithm */
	192	{hyphen}E { BEGIN S_ENCALG; return(F_ENC); }
	193	<S_ENCALG>des-cbc { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
	194	<S_ENCALG>3des-cbc { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
	195	<S_ENCALG>null { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
	196	<S_ENCALG>simple { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
	197	<S_ENCALG>blowfish-cbc { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
	198	<S_ENCALG>cast128-cbc { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
	199	<S_ENCALG>des-deriv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
	200	<S_ENCALG>des-32iv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
	201	<S_ENCALG>twofish-cbc { yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
	202	<S_ENCALG>aes-cbc {
	203	#ifdef SADB_X_EALG_AESCBC
	204	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
	205	#endif
	206	}
	207	<S_ENCALG>rijndael-cbc {
	208	#ifdef SADB_X_EALG_AESCBC
	209	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
	210	#endif
	211	}
	212	<S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
	213
	214	/* compression algorithms */
	215	{hyphen}C { return(F_COMP); }
	216	oui { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
	217	deflate { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
	218	lzs { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
	219	{hyphen}R { return(F_RAWCPI); }
	220
	221	/* extension */
	222	{hyphen}m { return(F_MODE); }
	223	transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
	224	tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
	225	{hyphen}u { return(F_REQID); }
	226	{hyphen}f { return(F_EXT); }
	227	random-pad { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
	228	seq-pad { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
	229	zero-pad { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
	230	nocyclic-seq { return(NOCYCLICSEQ); }
	231	{hyphen}r { return(F_REPLAY); }
	232	{hyphen}lh { return(F_LIFETIME_HARD); }
	233	{hyphen}ls { return(F_LIFETIME_SOFT); }
	234	{hyphen}bh { return(F_LIFEBYTE_HARD); }
	235	{hyphen}bs { return(F_LIFEBYTE_SOFT); }
	236
	237	/* ... */
	238	any { return(ANY); }
	239	{ws} { }
	240	{nl} { lineno++; }
	241	{comment}
	242	{semi} { return(EOT); }
	243
	244	/* for address parameters: /prefix, [port] */
	245	{slash} { return SLASH; }
	246	{blcl} { return BLCL; }
	247	{elcl} { return ELCL; }
	248
	249	/* parameter */
	250	{decstring} {
	251	char *bp;
	252
	253	yylval.ulnum = strtoul(yytext, &bp, 10);
	254	return(DECSTRING);
	255	}
	256
	257	{hexstring} {
	258	yylval.val.buf = strdup(yytext + 2);
	259	if (!yylval.val.buf)
	260	yyfatal("insufficient memory");
	261	yylval.val.len = strlen(yylval.val.buf);
	262
	263	return(HEXSTRING);
	264	}
	265
	266	{quotedstring} {
	267	char *p = yytext;
	268	while (*++p != '"') ;
	269	*p = '\0';
	270	yytext++;
	271	yylval.val.len = yyleng - 2;
	272	yylval.val.buf = strdup(yytext);
	273	if (!yylval.val.buf)
	274	yyfatal("insufficient memory");
	275
	276	return(QUOTEDSTRING);
	277	}
	278
	279	[A-Za-z0-9:][A-Za-z0-9:%\.-]* {
	280	yylval.val.len = yyleng;
	281	yylval.val.buf = strdup(yytext);
	282	if (!yylval.val.buf)
	283	yyfatal("insufficient memory");
	284	return(STRING);
	285	}
	286
	287	[0-9,]+ {
	288	yylval.val.len = yyleng;
	289	yylval.val.buf = strdup(yytext);
	290	if (!yylval.val.buf)
	291	yyfatal("insufficient memory");
	292	return(STRING);
	293	}
	294
	295	. {
	296	yyfatal("Syntax error");
	297	/NOTREACHED/
	298	}
	299
	300	%%
	301
	302	void
	303	yyfatal(s)
	304	const char *s;
	305	{
	306	yyerror(s);
	307	exit(1);
	308	}
	309
	310	void
	311	yyerror(s)
	312	const char *s;
	313	{
	314	printf("line %d: %s at [%s]\n", lineno, s, yytext);
	315	}
	316
	317	int
	318	parse(fp)
	319	FILE **fp;
	320	{
	321	yyin = *fp;
	322
	323	lineno = 1;
	324	parse_init();
	325
	326	if (yyparse()) {
	327	printf("parse failed, line %d.\n", lineno);
	328	return(-1);
	329	}
	330
	331	return(0);
	332	}
	333
	334	int
	335	parse_string (char *src)
	336	{
	337	int result;
	338	YY_BUFFER_STATE buf_state;
	339
	340	buf_state = yy_scan_string(src);
	341	result = yyparse();
	342	yy_delete_buffer(buf_state);
	343	return result;
	344	}
	345