2 /* $KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $ */
5 * SPDX-License-Identifier: BSD-3-Clause
7 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the project nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/socket.h>
39 #include <net/route.h>
40 #include <net/pfkeyv2.h>
41 #include <netipsec/keydb.h>
42 #include <netipsec/key_debug.h>
43 #include <netinet/in.h>
44 #include <netipsec/ipsec.h>
58 extern u_char m_buf[BUFSIZ];
63 void yyfatal(const char *s);
64 void yyerror(const char *s);
65 extern void parse_init(void);
83 quotedstring \"[^"]*\"
85 hexstring 0[xX]{hexdigit}+
86 ipaddress [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
87 ipaddrmask {slash}{digit}{1,3}
88 name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
89 hostname {name}(({dot}{name})+{dot}?)?
91 %s S_PL S_AUTHALG S_ENCALG
96 delete { return(DELETE); }
97 deleteall { return(DELETEALL); }
99 flush { return(FLUSH); }
100 dump { return(DUMP); }
102 /* for management SPD */
103 spdadd { return(SPDADD); }
104 spddelete { return(SPDDELETE); }
105 spddump { return(SPDDUMP); }
106 spdflush { return(SPDFLUSH); }
107 tagged { return(TAGGED); }
108 {hyphen}P { BEGIN S_PL; return(F_POLICY); }
109 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
112 /* count up for nl */
115 for (p = yytext; *p != '\0'; p++)
120 yylval.val.len = strlen(yytext);
121 yylval.val.buf = strdup(yytext);
123 yyfatal("insufficient memory");
127 <S_PL>{semi} { BEGIN INITIAL; return(EOT); }
129 /* address resolution flags */
130 {hyphen}[n46][n46]* {
131 yylval.val.len = strlen(yytext);
132 yylval.val.buf = strdup(yytext);
134 yyfatal("insufficient memory");
138 /* security protocols */
139 ah { yylval.num = 0; return(PR_AH); }
140 esp { yylval.num = 0; return(PR_ESP); }
141 ah-old { yylval.num = 1; return(PR_AH); }
142 esp-old { yylval.num = 1; return(PR_ESP); }
143 ipcomp { yylval.num = 0; return(PR_IPCOMP); }
144 tcp { yylval.num = 0; return(PR_TCP); }
146 /* authentication alogorithm */
147 {hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); }
148 <S_AUTHALG>hmac-md5 { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
149 <S_AUTHALG>hmac-sha1 { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
150 <S_AUTHALG>keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
151 <S_AUTHALG>keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
152 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
153 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
154 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
155 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
156 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
157 <S_AUTHALG>tcp-md5 { yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
158 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
160 /* encryption alogorithm */
161 {hyphen}E { BEGIN S_ENCALG; return(F_ENC); }
162 <S_ENCALG>des-cbc { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
163 <S_ENCALG>3des-cbc { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
164 <S_ENCALG>null { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC); }
165 <S_ENCALG>simple { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
166 <S_ENCALG>blowfish-cbc { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
167 <S_ENCALG>cast128-cbc { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
168 <S_ENCALG>des-deriv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
169 <S_ENCALG>des-32iv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
170 <S_ENCALG>rijndael-cbc { yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
171 <S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); }
172 <S_ENCALG>camellia-cbc { yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
173 <S_ENCALG>aes-gcm-16 { yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
175 /* compression algorithms */
176 {hyphen}C { return(F_COMP); }
177 oui { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
178 deflate { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
179 lzs { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
180 {hyphen}R { return(F_RAWCPI); }
183 {hyphen}m { return(F_MODE); }
184 transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
185 tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
186 {hyphen}u { return(F_REQID); }
187 {hyphen}f { return(F_EXT); }
188 random-pad { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
189 seq-pad { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
190 zero-pad { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
191 nocyclic-seq { return(NOCYCLICSEQ); }
192 {hyphen}r { return(F_REPLAY); }
193 {hyphen}lh { return(F_LIFETIME_HARD); }
194 {hyphen}ls { return(F_LIFETIME_SOFT); }
201 {semi} { return(EOT); }
203 /* for address parameters: /prefix, [port] */
204 {slash} { return SLASH; }
205 {blcl} { return BLCL; }
206 {elcl} { return ELCL; }
212 yylval.ulnum = strtoul(yytext, &bp, 10);
217 yylval.val.buf = strdup(yytext + 2);
219 yyfatal("insufficient memory");
220 yylval.val.len = strlen(yylval.val.buf);
227 while (*++p != '"') ;
230 yylval.val.len = yyleng - 2;
231 yylval.val.buf = strdup(yytext);
233 yyfatal("insufficient memory");
235 return(QUOTEDSTRING);
238 [A-Za-z0-9:][A-Za-z0-9:%\.-]* {
239 yylval.val.len = yyleng;
240 yylval.val.buf = strdup(yytext);
242 yyfatal("insufficient memory");
247 yylval.val.len = yyleng;
248 yylval.val.buf = strdup(yytext);
250 yyfatal("insufficient memory");
255 yyfatal("Syntax error");
273 printf("line %d: %s at [%s]\n", lineno, s, yytext);
285 printf("parse failed, line %d.\n", lineno);