2 /* $KAME: parse.y,v 1.83 2004/05/18 08:48:23 sakane Exp $ */
5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
38 #include <net/route.h>
39 #include <netinet/in.h>
40 #include <net/pfkeyv2.h>
41 #include <netipsec/key_var.h>
42 #include <netipsec/ipsec.h>
43 #include <arpa/inet.h>
56 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10)))
59 u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
61 u_int p_key_enc_len, p_key_auth_len;
62 caddr_t p_key_enc, p_key_auth;
63 time_t p_lt_hard, p_lt_soft;
65 static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
67 static struct addrinfo *parse_addr __P((char *, char *));
68 static int fix_portstr __P((vchar_t *, vchar_t *, vchar_t *));
69 static int setvarbuf __P((char *, int *, struct sadb_ext *, int, caddr_t, int));
70 void parse_init __P((void));
71 void free_buffer __P((void));
73 int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
74 static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
75 struct addrinfo *, int, struct addrinfo *, int));
76 static int setkeymsg_addr __P((unsigned int, unsigned int,
77 struct addrinfo *, struct addrinfo *, int));
78 static int setkeymsg_add __P((unsigned int, unsigned int,
79 struct addrinfo *, struct addrinfo *));
80 extern int setkeymsg __P((char *, size_t *));
81 extern int sendkeymsg __P((char *, size_t));
83 extern int yylex __P((void));
84 extern void yyfatal __P((const char *));
85 extern void yyerror __P((const char *));
95 %token EOT SLASH BLCL ELCL
96 %token ADD GET DELETE DELETEALL FLUSH DUMP
97 %token PR_ESP PR_AH PR_IPCOMP PR_TCP
98 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
99 %token F_MODE MODE F_REQID
100 %token F_EXT EXTENSION NOCYCLICSEQ
101 %token ALG_AUTH ALG_AUTH_NOKEY
102 %token ALG_ENC ALG_ENC_NOKEY ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD
104 %token F_LIFETIME_HARD F_LIFETIME_SOFT
105 %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
107 %token SPDADD SPDDELETE SPDDUMP SPDFLUSH
108 %token F_POLICY PL_REQUESTS
112 %type <num> prefix protocol_spec upper_spec
113 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
114 %type <num> ALG_AUTH ALG_AUTH_NOKEY
116 %type <num> PR_ESP PR_AH PR_IPCOMP PR_TCP
117 %type <num> EXTENSION MODE
118 %type <ulnum> DECSTRING
119 %type <val> PL_REQUESTS portstr key_string
120 %type <val> policy_requests
121 %type <val> QUOTEDSTRING HEXSTRING STRING
122 %type <val> F_AIFLAGS
123 %type <val> upper_misc_spec policy_spec
148 /* commands concerned with management, there is in tail of this file. */
152 : ADD ipaddropts ipaddr ipaddr protocol_spec spi extension_spec algorithm_spec EOT
156 status = setkeymsg_add(SADB_ADD, $5, $3, $4);
164 : DELETE ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
168 if ($3->ai_next || $4->ai_next) {
169 yyerror("multiple address specified");
172 if (p_mode != IPSEC_MODE_ANY)
173 yyerror("WARNING: mode is obsolete");
175 status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 0);
181 /* deleteall command */
183 : DELETEALL ipaddropts ipaddr ipaddr protocol_spec EOT
187 status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 1);
195 : GET ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
199 if (p_mode != IPSEC_MODE_ANY)
200 yyerror("WARNING: mode is obsolete");
202 status = setkeymsg_addr(SADB_GET, $5, $3, $4, 0);
210 : FLUSH protocol_spec EOT
213 setkeymsg0(&msg, SADB_FLUSH, $2, sizeof(msg));
214 sendkeymsg((char *)&msg, sizeof(msg));
220 : DUMP protocol_spec EOT
223 setkeymsg0(&msg, SADB_DUMP, $2, sizeof(msg));
224 sendkeymsg((char *)&msg, sizeof(msg));
231 $$ = SADB_SATYPE_UNSPEC;
235 $$ = SADB_SATYPE_ESP;
237 p_ext |= SADB_X_EXT_OLD;
239 p_ext &= ~SADB_X_EXT_OLD;
245 p_ext |= SADB_X_EXT_OLD;
247 p_ext &= ~SADB_X_EXT_OLD;
251 $$ = SADB_X_SATYPE_IPCOMP;
255 $$ = SADB_X_SATYPE_TCPSIGNATURE;
260 : DECSTRING { p_spi = $1; }
267 v = strtoul($1.buf, &ep, 16);
269 yyerror("invalid SPI");
272 if (v & ~0xffffffff) {
273 yyerror("SPI too big.");
288 : F_ENC enc_alg F_AUTH auth_alg
300 yyerror("unsupported algorithm");
305 | F_COMP ALG_COMP F_RAWCPI
308 yyerror("unsupported algorithm");
312 p_ext |= SADB_X_EXT_RAWCPI;
319 yyerror("unsupported algorithm");
326 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
327 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
328 yyerror(ipsec_strerror());
332 | ALG_ENC key_string {
334 yyerror("unsupported algorithm");
339 p_key_enc_len = $2.len;
341 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
342 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
343 yyerror(ipsec_strerror());
349 yyerror("unsupported algorithm");
352 yyerror("WARNING: obsolete algorithm");
357 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
358 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
359 yyerror(ipsec_strerror());
363 | ALG_ENC_DESDERIV key_string
366 yyerror("unsupported algorithm");
370 if (p_ext & SADB_X_EXT_OLD) {
371 yyerror("algorithm mismatched");
374 p_ext |= SADB_X_EXT_DERIV;
376 p_key_enc_len = $2.len;
378 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
379 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
380 yyerror(ipsec_strerror());
384 | ALG_ENC_DES32IV key_string
387 yyerror("unsupported algorithm");
391 if (!(p_ext & SADB_X_EXT_OLD)) {
392 yyerror("algorithm mismatched");
395 p_ext |= SADB_X_EXT_IV4B;
397 p_key_enc_len = $2.len;
399 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
400 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
401 yyerror(ipsec_strerror());
408 : ALG_AUTH key_string {
410 yyerror("unsupported algorithm");
415 p_key_auth_len = $2.len;
418 if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
419 if ((p_key_auth_len < 1) || (p_key_auth_len >
422 } else if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
423 p_alg_auth, PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
424 yyerror(ipsec_strerror());
430 yyerror("unsupported algorithm");
452 l = strlen(yp) % 2 + strlen(yp) / 2;
453 if ((pp_key = malloc(l)) == 0) {
454 yyerror("not enough core");
457 memset(pp_key, 0, l);
460 if (strlen(yp) % 2) {
465 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
476 | extension_spec extension
480 : F_EXT EXTENSION { p_ext |= $2; }
481 | F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; }
482 | F_MODE MODE { p_mode = $2; }
483 | F_MODE ANY { p_mode = IPSEC_MODE_ANY; }
484 | F_REQID DECSTRING { p_reqid = $2; }
487 if ((p_ext & SADB_X_EXT_OLD) != 0) {
488 yyerror("replay prevention cannot be used with "
494 | F_LIFETIME_HARD DECSTRING { p_lt_hard = $2; }
495 | F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2; }
498 /* definition about command for SPD management */
501 : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
504 struct addrinfo *src, *dst;
506 /* fixed port fields if ulp is icmpv6 */
507 if ($10.buf != NULL) {
508 if ($9 != IPPROTO_ICMPV6)
512 if (fix_portstr(&$10, &$5, &$8))
516 src = parse_addr($3.buf, $5.buf);
517 dst = parse_addr($6.buf, $8.buf);
519 /* yyerror is already called */
522 if (src->ai_next || dst->ai_next) {
523 yyerror("multiple address specified");
529 status = setkeymsg_spdaddr(SADB_X_SPDADD, $9, &$11,
536 | SPDADD TAGGED QUOTEDSTRING policy_spec EOT
543 : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
546 struct addrinfo *src, *dst;
548 /* fixed port fields if ulp is icmpv6 */
549 if ($10.buf != NULL) {
550 if ($9 != IPPROTO_ICMPV6)
554 if (fix_portstr(&$10, &$5, &$8))
558 src = parse_addr($3.buf, $5.buf);
559 dst = parse_addr($6.buf, $8.buf);
561 /* yyerror is already called */
564 if (src->ai_next || dst->ai_next) {
565 yyerror("multiple address specified");
571 status = setkeymsg_spdaddr(SADB_X_SPDDELETE, $9, &$11,
584 setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
586 sendkeymsg((char *)&msg, sizeof(msg));
594 setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
596 sendkeymsg((char *)&msg, sizeof(msg));
602 | ipaddropts ipaddropt
610 for (p = $1.buf + 1; *p; p++)
613 p_aifamily = AF_INET;
617 p_aifamily = AF_INET6;
621 p_aiflags = AI_NUMERICHOST;
624 yyerror("invalid flag");
633 $$ = parse_addr($1.buf, NULL);
635 /* yyerror already called by parse_addr */
642 : /*NOTHING*/ { $$ = -1; }
643 | SLASH DECSTRING { $$ = $2; }
649 $$.buf = strdup("0");
651 yyerror("insufficient memory");
654 $$.len = strlen($$.buf);
658 $$.buf = strdup("0");
660 yyerror("insufficient memory");
663 $$.len = strlen($$.buf);
665 | BLCL DECSTRING ELCL
668 snprintf(buf, sizeof(buf), "%lu", $2);
669 $$.buf = strdup(buf);
671 yyerror("insufficient memory");
674 $$.len = strlen($$.buf);
683 : DECSTRING { $$ = $1; }
684 | ANY { $$ = IPSEC_ULPROTO_ANY; }
685 | PR_TCP { $$ = IPPROTO_TCP; }
686 | PR_ESP { $$ = IPPROTO_ESP; }
689 struct protoent *ent;
691 ent = getprotobyname($1.buf);
695 if (strcmp("icmp6", $1.buf) == 0) {
697 } else if(strcmp("ip4", $1.buf) == 0) {
700 yyerror("invalid upper layer protocol");
716 $$.buf = strdup($1.buf);
718 yyerror("insufficient memory");
721 $$.len = strlen($$.buf);
726 : F_POLICY policy_requests
730 policy = ipsec_set_policy($2.buf, $2.len);
731 if (policy == NULL) {
732 yyerror(ipsec_strerror());
737 $$.len = ipsec_get_policylen(policy);
742 : PL_REQUESTS { $$ = $1; }
748 setkeymsg0(msg, type, satype, l)
749 struct sadb_msg *msg;
755 msg->sadb_msg_version = PF_KEY_V2;
756 msg->sadb_msg_type = type;
757 msg->sadb_msg_errno = 0;
758 msg->sadb_msg_satype = satype;
759 msg->sadb_msg_reserved = 0;
760 msg->sadb_msg_seq = 0;
761 msg->sadb_msg_pid = getpid();
762 msg->sadb_msg_len = PFKEY_UNIT64(l);
766 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
768 setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
772 struct addrinfo *srcs;
774 struct addrinfo *dsts;
777 struct sadb_msg *msg;
780 struct sadb_address m_addr;
781 struct addrinfo *s, *d;
787 msg = (struct sadb_msg *)buf;
792 /* fix up length afterwards */
793 setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
794 l = sizeof(struct sadb_msg);
796 memcpy(buf + l, policy->buf, policy->len);
802 /* do it for all src/dst pairs */
803 for (s = srcs; s; s = s->ai_next) {
804 for (d = dsts; d; d = d->ai_next) {
808 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
810 switch (s->ai_addr->sa_family) {
812 plen = sizeof(struct in_addr) << 3;
816 plen = sizeof(struct in6_addr) << 3;
825 salen = s->ai_addr->sa_len;
826 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
827 PFKEY_ALIGN8(salen));
828 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
829 m_addr.sadb_address_proto = upper;
830 m_addr.sadb_address_prefixlen =
831 (splen >= 0 ? splen : plen);
832 m_addr.sadb_address_reserved = 0;
834 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
835 sizeof(m_addr), (caddr_t)sa, salen);
839 salen = d->ai_addr->sa_len;
840 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
841 PFKEY_ALIGN8(salen));
842 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
843 m_addr.sadb_address_proto = upper;
844 m_addr.sadb_address_prefixlen =
845 (dplen >= 0 ? dplen : plen);
846 m_addr.sadb_address_reserved = 0;
848 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
849 sizeof(m_addr), (caddr_t)sa, salen);
851 msg->sadb_msg_len = PFKEY_UNIT64(l);
865 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
867 setkeymsg_addr(type, satype, srcs, dsts, no_spi)
870 struct addrinfo *srcs;
871 struct addrinfo *dsts;
874 struct sadb_msg *msg;
878 struct sadb_x_sa2 m_sa2;
879 struct sadb_address m_addr;
880 struct addrinfo *s, *d;
886 msg = (struct sadb_msg *)buf;
891 /* fix up length afterwards */
892 setkeymsg0(msg, type, satype, 0);
893 l = sizeof(struct sadb_msg);
896 len = sizeof(struct sadb_sa);
897 m_sa.sadb_sa_len = PFKEY_UNIT64(len);
898 m_sa.sadb_sa_exttype = SADB_EXT_SA;
899 m_sa.sadb_sa_spi = htonl(p_spi);
900 m_sa.sadb_sa_replay = p_replay;
901 m_sa.sadb_sa_state = 0;
902 m_sa.sadb_sa_auth = p_alg_auth;
903 m_sa.sadb_sa_encrypt = p_alg_enc;
904 m_sa.sadb_sa_flags = p_ext;
906 memcpy(buf + l, &m_sa, len);
909 len = sizeof(struct sadb_x_sa2);
910 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
911 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
912 m_sa2.sadb_x_sa2_mode = p_mode;
913 m_sa2.sadb_x_sa2_reqid = p_reqid;
915 memcpy(buf + l, &m_sa2, len);
922 /* do it for all src/dst pairs */
923 for (s = srcs; s; s = s->ai_next) {
924 for (d = dsts; d; d = d->ai_next) {
928 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
930 switch (s->ai_addr->sa_family) {
932 plen = sizeof(struct in_addr) << 3;
936 plen = sizeof(struct in6_addr) << 3;
945 salen = s->ai_addr->sa_len;
946 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
947 PFKEY_ALIGN8(salen));
948 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
949 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
950 m_addr.sadb_address_prefixlen = plen;
951 m_addr.sadb_address_reserved = 0;
953 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
954 sizeof(m_addr), (caddr_t)sa, salen);
958 salen = d->ai_addr->sa_len;
959 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
960 PFKEY_ALIGN8(salen));
961 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
962 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
963 m_addr.sadb_address_prefixlen = plen;
964 m_addr.sadb_address_reserved = 0;
966 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
967 sizeof(m_addr), (caddr_t)sa, salen);
969 msg->sadb_msg_len = PFKEY_UNIT64(l);
983 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
985 setkeymsg_add(type, satype, srcs, dsts)
988 struct addrinfo *srcs;
989 struct addrinfo *dsts;
991 struct sadb_msg *msg;
995 struct sadb_x_sa2 m_sa2;
996 struct sadb_address m_addr;
997 struct addrinfo *s, *d;
1000 struct sockaddr *sa;
1003 msg = (struct sadb_msg *)buf;
1008 /* fix up length afterwards */
1009 setkeymsg0(msg, type, satype, 0);
1010 l = sizeof(struct sadb_msg);
1012 /* set encryption algorithm, if present. */
1013 if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
1014 struct sadb_key m_key;
1016 m_key.sadb_key_len =
1017 PFKEY_UNIT64(sizeof(m_key)
1018 + PFKEY_ALIGN8(p_key_enc_len));
1019 m_key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
1020 m_key.sadb_key_bits = p_key_enc_len * 8;
1021 m_key.sadb_key_reserved = 0;
1024 (struct sadb_ext *)&m_key, sizeof(m_key),
1025 (caddr_t)p_key_enc, p_key_enc_len);
1028 /* set authentication algorithm, if present. */
1030 struct sadb_key m_key;
1032 m_key.sadb_key_len =
1033 PFKEY_UNIT64(sizeof(m_key)
1034 + PFKEY_ALIGN8(p_key_auth_len));
1035 m_key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
1036 m_key.sadb_key_bits = p_key_auth_len * 8;
1037 m_key.sadb_key_reserved = 0;
1040 (struct sadb_ext *)&m_key, sizeof(m_key),
1041 (caddr_t)p_key_auth, p_key_auth_len);
1044 /* set lifetime for HARD */
1045 if (p_lt_hard != 0) {
1046 struct sadb_lifetime m_lt;
1047 u_int slen = sizeof(struct sadb_lifetime);
1049 m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1050 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
1051 m_lt.sadb_lifetime_allocations = 0;
1052 m_lt.sadb_lifetime_bytes = 0;
1053 m_lt.sadb_lifetime_addtime = p_lt_hard;
1054 m_lt.sadb_lifetime_usetime = 0;
1056 memcpy(buf + l, &m_lt, slen);
1060 /* set lifetime for SOFT */
1061 if (p_lt_soft != 0) {
1062 struct sadb_lifetime m_lt;
1063 u_int slen = sizeof(struct sadb_lifetime);
1065 m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1066 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
1067 m_lt.sadb_lifetime_allocations = 0;
1068 m_lt.sadb_lifetime_bytes = 0;
1069 m_lt.sadb_lifetime_addtime = p_lt_soft;
1070 m_lt.sadb_lifetime_usetime = 0;
1072 memcpy(buf + l, &m_lt, slen);
1076 len = sizeof(struct sadb_sa);
1077 m_sa.sadb_sa_len = PFKEY_UNIT64(len);
1078 m_sa.sadb_sa_exttype = SADB_EXT_SA;
1079 m_sa.sadb_sa_spi = htonl(p_spi);
1080 m_sa.sadb_sa_replay = p_replay;
1081 m_sa.sadb_sa_state = 0;
1082 m_sa.sadb_sa_auth = p_alg_auth;
1083 m_sa.sadb_sa_encrypt = p_alg_enc;
1084 m_sa.sadb_sa_flags = p_ext;
1086 memcpy(buf + l, &m_sa, len);
1089 len = sizeof(struct sadb_x_sa2);
1090 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
1091 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
1092 m_sa2.sadb_x_sa2_mode = p_mode;
1093 m_sa2.sadb_x_sa2_reqid = p_reqid;
1095 memcpy(buf + l, &m_sa2, len);
1101 /* do it for all src/dst pairs */
1102 for (s = srcs; s; s = s->ai_next) {
1103 for (d = dsts; d; d = d->ai_next) {
1104 /* rewind pointer */
1107 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
1109 switch (s->ai_addr->sa_family) {
1111 plen = sizeof(struct in_addr) << 3;
1115 plen = sizeof(struct in6_addr) << 3;
1124 salen = s->ai_addr->sa_len;
1125 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1126 PFKEY_ALIGN8(salen));
1127 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
1128 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1129 m_addr.sadb_address_prefixlen = plen;
1130 m_addr.sadb_address_reserved = 0;
1132 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1133 sizeof(m_addr), (caddr_t)sa, salen);
1137 salen = d->ai_addr->sa_len;
1138 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1139 PFKEY_ALIGN8(salen));
1140 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
1141 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1142 m_addr.sadb_address_prefixlen = plen;
1143 m_addr.sadb_address_reserved = 0;
1145 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1146 sizeof(m_addr), (caddr_t)sa, salen);
1148 msg->sadb_msg_len = PFKEY_UNIT64(l);
1162 static struct addrinfo *
1163 parse_addr(host, port)
1167 struct addrinfo hints, *res = NULL;
1170 memset(&hints, 0, sizeof(hints));
1171 hints.ai_family = p_aifamily;
1172 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
1173 hints.ai_protocol = IPPROTO_UDP; /*dummy*/
1174 hints.ai_flags = p_aiflags;
1175 error = getaddrinfo(host, port, &hints, &res);
1177 yyerror(gai_strerror(error));
1184 fix_portstr(spec, sport, dport)
1185 vchar_t *spec, *sport, *dport;
1191 for (p = spec->buf; *p != ',' && *p != '\0' && l < spec->len; p++, l++)
1200 for (p = p2; *p != '\0' && l < spec->len; p++, l++)
1202 if (*p != '\0' || *p2 == '\0') {
1203 yyerror("invalid an upper layer protocol spec");
1208 sport->buf = strdup(spec->buf);
1210 yyerror("insufficient memory");
1213 sport->len = strlen(sport->buf);
1214 dport->buf = strdup(p2);
1216 yyerror("insufficient memory");
1219 dport->len = strlen(dport->buf);
1225 setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
1228 struct sadb_ext *ebuf;
1233 memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
1234 memcpy(buf + *off, (caddr_t)ebuf, elen);
1235 memcpy(buf + *off + elen, vbuf, vlen);
1236 (*off) += PFKEY_ALIGN8(elen + vlen);
1246 p_ext = SADB_X_EXT_CYCSEQ;
1247 p_alg_enc = SADB_EALG_NONE;
1248 p_alg_auth = SADB_AALG_NONE;
1249 p_mode = IPSEC_MODE_ANY;
1252 p_key_enc_len = p_key_auth_len = 0;
1253 p_key_enc = p_key_auth = 0;
1254 p_lt_hard = p_lt_soft = 0;
1257 p_aifamily = PF_UNSPEC;
1265 /* we got tons of memory leaks in the parser anyways, leave them */