2 /* $KAME: parse.y,v 1.83 2004/05/18 08:48:23 sakane Exp $ */
5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
38 #include <net/route.h>
39 #include <netinet/in.h>
40 #include <net/pfkeyv2.h>
41 #include <netkey/key_var.h>
42 #include <netinet6/ipsec.h>
43 #include <arpa/inet.h>
56 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10)))
59 u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
61 u_int p_key_enc_len, p_key_auth_len;
62 caddr_t p_key_enc, p_key_auth;
63 time_t p_lt_hard, p_lt_soft;
65 static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
67 static struct addrinfo *parse_addr __P((char *, char *));
68 static int fix_portstr __P((vchar_t *, vchar_t *, vchar_t *));
69 static int setvarbuf __P((char *, int *, struct sadb_ext *, int, caddr_t, int));
70 void parse_init __P((void));
71 void free_buffer __P((void));
73 int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
74 static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
75 struct addrinfo *, int, struct addrinfo *, int));
76 static int setkeymsg_addr __P((unsigned int, unsigned int,
77 struct addrinfo *, struct addrinfo *, int));
78 static int setkeymsg_add __P((unsigned int, unsigned int,
79 struct addrinfo *, struct addrinfo *));
80 extern int setkeymsg __P((char *, size_t *));
81 extern int sendkeymsg __P((char *, size_t));
83 extern int yylex __P((void));
84 extern void yyfatal __P((const char *));
85 extern void yyerror __P((const char *));
95 %token EOT SLASH BLCL ELCL
96 %token ADD GET DELETE DELETEALL FLUSH DUMP
97 %token PR_ESP PR_AH PR_IPCOMP PR_TCP
98 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
99 %token F_MODE MODE F_REQID
100 %token F_EXT EXTENSION NOCYCLICSEQ
101 %token ALG_AUTH ALG_AUTH_NOKEY
102 %token ALG_ENC ALG_ENC_NOKEY ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD
104 %token F_LIFETIME_HARD F_LIFETIME_SOFT
105 %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
107 %token SPDADD SPDDELETE SPDDUMP SPDFLUSH
108 %token F_POLICY PL_REQUESTS
112 %type <num> prefix protocol_spec upper_spec
113 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
114 %type <num> ALG_AUTH ALG_AUTH_NOKEY
116 %type <num> PR_ESP PR_AH PR_IPCOMP PR_TCP
117 %type <num> EXTENSION MODE
118 %type <ulnum> DECSTRING
119 %type <val> PL_REQUESTS portstr key_string
120 %type <val> policy_requests
121 %type <val> QUOTEDSTRING HEXSTRING STRING
122 %type <val> F_AIFLAGS
123 %type <val> upper_misc_spec policy_spec
148 /* commands concerned with management, there is in tail of this file. */
152 : ADD ipaddropts ipaddr ipaddr protocol_spec spi extension_spec algorithm_spec EOT
156 status = setkeymsg_add(SADB_ADD, $5, $3, $4);
164 : DELETE ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
168 if ($3->ai_next || $4->ai_next) {
169 yyerror("multiple address specified");
172 if (p_mode != IPSEC_MODE_ANY)
173 yyerror("WARNING: mode is obsolete");
175 status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 0);
181 /* deleteall command */
183 : DELETEALL ipaddropts ipaddr ipaddr protocol_spec EOT
187 status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 1);
195 : GET ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
199 if (p_mode != IPSEC_MODE_ANY)
200 yyerror("WARNING: mode is obsolete");
202 status = setkeymsg_addr(SADB_GET, $5, $3, $4, 0);
210 : FLUSH protocol_spec EOT
213 setkeymsg0(&msg, SADB_FLUSH, $2, sizeof(msg));
214 sendkeymsg((char *)&msg, sizeof(msg));
220 : DUMP protocol_spec EOT
223 setkeymsg0(&msg, SADB_DUMP, $2, sizeof(msg));
224 sendkeymsg((char *)&msg, sizeof(msg));
231 $$ = SADB_SATYPE_UNSPEC;
235 $$ = SADB_SATYPE_ESP;
237 p_ext |= SADB_X_EXT_OLD;
239 p_ext &= ~SADB_X_EXT_OLD;
245 p_ext |= SADB_X_EXT_OLD;
247 p_ext &= ~SADB_X_EXT_OLD;
251 $$ = SADB_X_SATYPE_IPCOMP;
255 $$ = SADB_X_SATYPE_TCPSIGNATURE;
260 : DECSTRING { p_spi = $1; }
267 v = strtoul($1.buf, &ep, 16);
269 yyerror("invalid SPI");
272 if (v & ~0xffffffff) {
273 yyerror("SPI too big.");
288 : F_ENC enc_alg F_AUTH auth_alg
300 yyerror("unsupported algorithm");
305 | F_COMP ALG_COMP F_RAWCPI
308 yyerror("unsupported algorithm");
312 p_ext |= SADB_X_EXT_RAWCPI;
319 yyerror("unsupported algorithm");
326 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
327 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
328 yyerror(ipsec_strerror());
332 | ALG_ENC key_string {
334 yyerror("unsupported algorithm");
339 p_key_enc_len = $2.len;
341 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
342 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
343 yyerror(ipsec_strerror());
349 yyerror("unsupported algorithm");
352 yyerror("WARNING: obsolete algorithm");
357 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
358 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
359 yyerror(ipsec_strerror());
363 | ALG_ENC_DESDERIV key_string
366 yyerror("unsupported algorithm");
370 if (p_ext & SADB_X_EXT_OLD) {
371 yyerror("algorithm mismatched");
374 p_ext |= SADB_X_EXT_DERIV;
376 p_key_enc_len = $2.len;
378 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
379 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
380 yyerror(ipsec_strerror());
384 | ALG_ENC_DES32IV key_string
387 yyerror("unsupported algorithm");
391 if (!(p_ext & SADB_X_EXT_OLD)) {
392 yyerror("algorithm mismatched");
395 p_ext |= SADB_X_EXT_IV4B;
397 p_key_enc_len = $2.len;
399 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
400 p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
401 yyerror(ipsec_strerror());
408 : ALG_AUTH key_string {
410 yyerror("unsupported algorithm");
415 p_key_auth_len = $2.len;
418 if (p_alg_auth == SADB_X_AALG_TCP_MD5) {
419 if ((p_key_auth_len < 1) || (p_key_auth_len >
422 } else if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
423 p_alg_auth, PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
424 yyerror(ipsec_strerror());
430 yyerror("unsupported algorithm");
452 l = strlen(yp) % 2 + strlen(yp) / 2;
453 if ((pp_key = malloc(l)) == 0) {
454 yyerror("not enough core");
457 memset(pp_key, 0, l);
460 if (strlen(yp) % 2) {
465 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
476 | extension_spec extension
480 : F_EXT EXTENSION { p_ext |= $2; }
481 | F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; }
482 | F_MODE MODE { p_mode = $2; }
483 | F_MODE ANY { p_mode = IPSEC_MODE_ANY; }
484 | F_REQID DECSTRING { p_reqid = $2; }
487 if ((p_ext & SADB_X_EXT_OLD) != 0) {
488 yyerror("replay prevention cannot be used with "
494 | F_LIFETIME_HARD DECSTRING { p_lt_hard = $2; }
495 | F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2; }
498 /* definition about command for SPD management */
501 : SPDADD ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
504 struct addrinfo *src, *dst;
506 /* fixed port fields if ulp is icmpv6 */
507 if ($10.buf != NULL) {
508 if ($9 != IPPROTO_ICMPV6)
512 if (fix_portstr(&$10, &$5, &$8))
516 src = parse_addr($3.buf, $5.buf);
517 dst = parse_addr($6.buf, $8.buf);
519 /* yyerror is already called */
522 if (src->ai_next || dst->ai_next) {
523 yyerror("multiple address specified");
529 status = setkeymsg_spdaddr(SADB_X_SPDADD, $9, &$11,
536 | SPDADD TAGGED QUOTEDSTRING policy_spec EOT
543 : SPDDELETE ipaddropts STRING prefix portstr STRING prefix portstr upper_spec upper_misc_spec policy_spec EOT
546 struct addrinfo *src, *dst;
548 /* fixed port fields if ulp is icmpv6 */
549 if ($10.buf != NULL) {
550 if ($9 != IPPROTO_ICMPV6)
554 if (fix_portstr(&$10, &$5, &$8))
558 src = parse_addr($3.buf, $5.buf);
559 dst = parse_addr($6.buf, $8.buf);
561 /* yyerror is already called */
564 if (src->ai_next || dst->ai_next) {
565 yyerror("multiple address specified");
571 status = setkeymsg_spdaddr(SADB_X_SPDDELETE, $9, &$11,
584 setkeymsg0(&msg, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC,
586 sendkeymsg((char *)&msg, sizeof(msg));
594 setkeymsg0(&msg, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC,
596 sendkeymsg((char *)&msg, sizeof(msg));
602 | ipaddropts ipaddropt
610 for (p = $1.buf + 1; *p; p++)
613 p_aifamily = AF_INET;
617 p_aifamily = AF_INET6;
621 p_aiflags = AI_NUMERICHOST;
624 yyerror("invalid flag");
633 $$ = parse_addr($1.buf, NULL);
635 /* yyerror already called by parse_addr */
642 : /*NOTHING*/ { $$ = -1; }
643 | SLASH DECSTRING { $$ = $2; }
649 $$.buf = strdup("0");
651 yyerror("insufficient memory");
654 $$.len = strlen($$.buf);
658 $$.buf = strdup("0");
660 yyerror("insufficient memory");
663 $$.len = strlen($$.buf);
665 | BLCL DECSTRING ELCL
668 snprintf(buf, sizeof(buf), "%lu", $2);
669 $$.buf = strdup(buf);
671 yyerror("insufficient memory");
674 $$.len = strlen($$.buf);
683 : DECSTRING { $$ = $1; }
684 | ANY { $$ = IPSEC_ULPROTO_ANY; }
685 | PR_TCP { $$ = IPPROTO_TCP; }
688 struct protoent *ent;
690 ent = getprotobyname($1.buf);
694 if (strcmp("icmp6", $1.buf) == 0) {
696 } else if(strcmp("ip4", $1.buf) == 0) {
699 yyerror("invalid upper layer protocol");
715 $$.buf = strdup($1.buf);
717 yyerror("insufficient memory");
720 $$.len = strlen($$.buf);
725 : F_POLICY policy_requests
729 policy = ipsec_set_policy($2.buf, $2.len);
730 if (policy == NULL) {
731 yyerror(ipsec_strerror());
736 $$.len = ipsec_get_policylen(policy);
741 : PL_REQUESTS { $$ = $1; }
747 setkeymsg0(msg, type, satype, l)
748 struct sadb_msg *msg;
754 msg->sadb_msg_version = PF_KEY_V2;
755 msg->sadb_msg_type = type;
756 msg->sadb_msg_errno = 0;
757 msg->sadb_msg_satype = satype;
758 msg->sadb_msg_reserved = 0;
759 msg->sadb_msg_seq = 0;
760 msg->sadb_msg_pid = getpid();
761 msg->sadb_msg_len = PFKEY_UNIT64(l);
765 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
767 setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
771 struct addrinfo *srcs;
773 struct addrinfo *dsts;
776 struct sadb_msg *msg;
779 struct sadb_address m_addr;
780 struct addrinfo *s, *d;
786 msg = (struct sadb_msg *)buf;
791 /* fix up length afterwards */
792 setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
793 l = sizeof(struct sadb_msg);
795 memcpy(buf + l, policy->buf, policy->len);
801 /* do it for all src/dst pairs */
802 for (s = srcs; s; s = s->ai_next) {
803 for (d = dsts; d; d = d->ai_next) {
807 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
809 switch (s->ai_addr->sa_family) {
811 plen = sizeof(struct in_addr) << 3;
815 plen = sizeof(struct in6_addr) << 3;
824 salen = s->ai_addr->sa_len;
825 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
826 PFKEY_ALIGN8(salen));
827 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
828 m_addr.sadb_address_proto = upper;
829 m_addr.sadb_address_prefixlen =
830 (splen >= 0 ? splen : plen);
831 m_addr.sadb_address_reserved = 0;
833 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
834 sizeof(m_addr), (caddr_t)sa, salen);
838 salen = d->ai_addr->sa_len;
839 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
840 PFKEY_ALIGN8(salen));
841 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
842 m_addr.sadb_address_proto = upper;
843 m_addr.sadb_address_prefixlen =
844 (dplen >= 0 ? dplen : plen);
845 m_addr.sadb_address_reserved = 0;
847 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
848 sizeof(m_addr), (caddr_t)sa, salen);
850 msg->sadb_msg_len = PFKEY_UNIT64(l);
864 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
866 setkeymsg_addr(type, satype, srcs, dsts, no_spi)
869 struct addrinfo *srcs;
870 struct addrinfo *dsts;
873 struct sadb_msg *msg;
877 struct sadb_x_sa2 m_sa2;
878 struct sadb_address m_addr;
879 struct addrinfo *s, *d;
885 msg = (struct sadb_msg *)buf;
890 /* fix up length afterwards */
891 setkeymsg0(msg, type, satype, 0);
892 l = sizeof(struct sadb_msg);
895 len = sizeof(struct sadb_sa);
896 m_sa.sadb_sa_len = PFKEY_UNIT64(len);
897 m_sa.sadb_sa_exttype = SADB_EXT_SA;
898 m_sa.sadb_sa_spi = htonl(p_spi);
899 m_sa.sadb_sa_replay = p_replay;
900 m_sa.sadb_sa_state = 0;
901 m_sa.sadb_sa_auth = p_alg_auth;
902 m_sa.sadb_sa_encrypt = p_alg_enc;
903 m_sa.sadb_sa_flags = p_ext;
905 memcpy(buf + l, &m_sa, len);
908 len = sizeof(struct sadb_x_sa2);
909 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
910 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
911 m_sa2.sadb_x_sa2_mode = p_mode;
912 m_sa2.sadb_x_sa2_reqid = p_reqid;
914 memcpy(buf + l, &m_sa2, len);
921 /* do it for all src/dst pairs */
922 for (s = srcs; s; s = s->ai_next) {
923 for (d = dsts; d; d = d->ai_next) {
927 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
929 switch (s->ai_addr->sa_family) {
931 plen = sizeof(struct in_addr) << 3;
935 plen = sizeof(struct in6_addr) << 3;
944 salen = s->ai_addr->sa_len;
945 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
946 PFKEY_ALIGN8(salen));
947 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
948 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
949 m_addr.sadb_address_prefixlen = plen;
950 m_addr.sadb_address_reserved = 0;
952 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
953 sizeof(m_addr), (caddr_t)sa, salen);
957 salen = d->ai_addr->sa_len;
958 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
959 PFKEY_ALIGN8(salen));
960 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
961 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
962 m_addr.sadb_address_prefixlen = plen;
963 m_addr.sadb_address_reserved = 0;
965 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
966 sizeof(m_addr), (caddr_t)sa, salen);
968 msg->sadb_msg_len = PFKEY_UNIT64(l);
982 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
984 setkeymsg_add(type, satype, srcs, dsts)
987 struct addrinfo *srcs;
988 struct addrinfo *dsts;
990 struct sadb_msg *msg;
994 struct sadb_x_sa2 m_sa2;
995 struct sadb_address m_addr;
996 struct addrinfo *s, *d;
1002 msg = (struct sadb_msg *)buf;
1007 /* fix up length afterwards */
1008 setkeymsg0(msg, type, satype, 0);
1009 l = sizeof(struct sadb_msg);
1011 /* set encryption algorithm, if present. */
1012 if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
1013 struct sadb_key m_key;
1015 m_key.sadb_key_len =
1016 PFKEY_UNIT64(sizeof(m_key)
1017 + PFKEY_ALIGN8(p_key_enc_len));
1018 m_key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
1019 m_key.sadb_key_bits = p_key_enc_len * 8;
1020 m_key.sadb_key_reserved = 0;
1023 (struct sadb_ext *)&m_key, sizeof(m_key),
1024 (caddr_t)p_key_enc, p_key_enc_len);
1027 /* set authentication algorithm, if present. */
1029 struct sadb_key m_key;
1031 m_key.sadb_key_len =
1032 PFKEY_UNIT64(sizeof(m_key)
1033 + PFKEY_ALIGN8(p_key_auth_len));
1034 m_key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
1035 m_key.sadb_key_bits = p_key_auth_len * 8;
1036 m_key.sadb_key_reserved = 0;
1039 (struct sadb_ext *)&m_key, sizeof(m_key),
1040 (caddr_t)p_key_auth, p_key_auth_len);
1043 /* set lifetime for HARD */
1044 if (p_lt_hard != 0) {
1045 struct sadb_lifetime m_lt;
1046 u_int slen = sizeof(struct sadb_lifetime);
1048 m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1049 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
1050 m_lt.sadb_lifetime_allocations = 0;
1051 m_lt.sadb_lifetime_bytes = 0;
1052 m_lt.sadb_lifetime_addtime = p_lt_hard;
1053 m_lt.sadb_lifetime_usetime = 0;
1055 memcpy(buf + l, &m_lt, slen);
1059 /* set lifetime for SOFT */
1060 if (p_lt_soft != 0) {
1061 struct sadb_lifetime m_lt;
1062 u_int slen = sizeof(struct sadb_lifetime);
1064 m_lt.sadb_lifetime_len = PFKEY_UNIT64(slen);
1065 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
1066 m_lt.sadb_lifetime_allocations = 0;
1067 m_lt.sadb_lifetime_bytes = 0;
1068 m_lt.sadb_lifetime_addtime = p_lt_soft;
1069 m_lt.sadb_lifetime_usetime = 0;
1071 memcpy(buf + l, &m_lt, slen);
1075 len = sizeof(struct sadb_sa);
1076 m_sa.sadb_sa_len = PFKEY_UNIT64(len);
1077 m_sa.sadb_sa_exttype = SADB_EXT_SA;
1078 m_sa.sadb_sa_spi = htonl(p_spi);
1079 m_sa.sadb_sa_replay = p_replay;
1080 m_sa.sadb_sa_state = 0;
1081 m_sa.sadb_sa_auth = p_alg_auth;
1082 m_sa.sadb_sa_encrypt = p_alg_enc;
1083 m_sa.sadb_sa_flags = p_ext;
1085 memcpy(buf + l, &m_sa, len);
1088 len = sizeof(struct sadb_x_sa2);
1089 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
1090 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
1091 m_sa2.sadb_x_sa2_mode = p_mode;
1092 m_sa2.sadb_x_sa2_reqid = p_reqid;
1094 memcpy(buf + l, &m_sa2, len);
1100 /* do it for all src/dst pairs */
1101 for (s = srcs; s; s = s->ai_next) {
1102 for (d = dsts; d; d = d->ai_next) {
1103 /* rewind pointer */
1106 if (s->ai_addr->sa_family != d->ai_addr->sa_family)
1108 switch (s->ai_addr->sa_family) {
1110 plen = sizeof(struct in_addr) << 3;
1114 plen = sizeof(struct in6_addr) << 3;
1123 salen = s->ai_addr->sa_len;
1124 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1125 PFKEY_ALIGN8(salen));
1126 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
1127 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1128 m_addr.sadb_address_prefixlen = plen;
1129 m_addr.sadb_address_reserved = 0;
1131 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1132 sizeof(m_addr), (caddr_t)sa, salen);
1136 salen = d->ai_addr->sa_len;
1137 m_addr.sadb_address_len = PFKEY_UNIT64(sizeof(m_addr) +
1138 PFKEY_ALIGN8(salen));
1139 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
1140 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
1141 m_addr.sadb_address_prefixlen = plen;
1142 m_addr.sadb_address_reserved = 0;
1144 setvarbuf(buf, &l, (struct sadb_ext *)&m_addr,
1145 sizeof(m_addr), (caddr_t)sa, salen);
1147 msg->sadb_msg_len = PFKEY_UNIT64(l);
1161 static struct addrinfo *
1162 parse_addr(host, port)
1166 struct addrinfo hints, *res = NULL;
1169 memset(&hints, 0, sizeof(hints));
1170 hints.ai_family = p_aifamily;
1171 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
1172 hints.ai_protocol = IPPROTO_UDP; /*dummy*/
1173 hints.ai_flags = p_aiflags;
1174 error = getaddrinfo(host, port, &hints, &res);
1176 yyerror(gai_strerror(error));
1183 fix_portstr(spec, sport, dport)
1184 vchar_t *spec, *sport, *dport;
1190 for (p = spec->buf; *p != ',' && *p != '\0' && l < spec->len; p++, l++)
1199 for (p = p2; *p != '\0' && l < spec->len; p++, l++)
1201 if (*p != '\0' || *p2 == '\0') {
1202 yyerror("invalid an upper layer protocol spec");
1207 sport->buf = strdup(spec->buf);
1209 yyerror("insufficient memory");
1212 sport->len = strlen(sport->buf);
1213 dport->buf = strdup(p2);
1215 yyerror("insufficient memory");
1218 dport->len = strlen(dport->buf);
1224 setvarbuf(buf, off, ebuf, elen, vbuf, vlen)
1227 struct sadb_ext *ebuf;
1232 memset(buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
1233 memcpy(buf + *off, (caddr_t)ebuf, elen);
1234 memcpy(buf + *off + elen, vbuf, vlen);
1235 (*off) += PFKEY_ALIGN8(elen + vlen);
1245 p_ext = SADB_X_EXT_CYCSEQ;
1246 p_alg_enc = SADB_EALG_NONE;
1247 p_alg_auth = SADB_AALG_NONE;
1248 p_mode = IPSEC_MODE_ANY;
1251 p_key_enc_len = p_key_auth_len = 0;
1252 p_key_enc = p_key_auth = 0;
1253 p_lt_hard = p_lt_soft = 0;
1256 p_aifamily = PF_UNSPEC;
1264 /* we got tons of memory leaks in the parser anyways, leave them */
projects / FreeBSD / FreeBSD.git / blob