Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/setkey upgrade to the latest KAME setkey(8). allows FQ...
details: https://anonhg.NetBSD.org/src/rev/87b0c7751f5c
branches: trunk
changeset: 514638:87b0c7751f5c
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Sep 07 04:12:10 2001 +0000
description:
upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
diffstat:
sbin/setkey/parse.y | 1213 ++++++++++++++++++++++++++------------------
sbin/setkey/sample.cf | 14 +-
sbin/setkey/scriptdump.pl | 6 +-
sbin/setkey/setkey.8 | 236 ++++----
sbin/setkey/setkey.c | 224 ++++---
sbin/setkey/token.l | 258 ++++-----
6 files changed, 1087 insertions(+), 864 deletions(-)
diffs (truncated from 2829 to 300 lines):
diff -r 48f3e3844dea -r 87b0c7751f5c sbin/setkey/parse.y
--- a/sbin/setkey/parse.y Fri Sep 07 02:17:30 2001 +0000
+++ b/sbin/setkey/parse.y Fri Sep 07 04:12:10 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: parse.y,v 1.4 2001/02/16 23:55:05 thorpej Exp $ */
-/* $KAME: parse.y,v 1.30 2000/07/15 16:08:01 itojun Exp $ */
+/* $NetBSD: parse.y,v 1.5 2001/09/07 04:12:10 itojun Exp $ */
+/* $KAME: parse.y,v 1.63 2001/08/17 06:28:49 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -53,40 +53,31 @@
#include "vchar.h"
#define ATOX(c) \
- (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
+ (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10)))
-u_int p_type;
u_int32_t p_spi;
-int p_no_spi;
-struct sockaddr *p_src, *p_dst;
-u_int p_prefs, p_prefd, p_upper;
-u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
+u_int p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
u_int32_t p_reqid;
u_int p_key_enc_len, p_key_auth_len;
caddr_t p_key_enc, p_key_auth;
time_t p_lt_hard, p_lt_soft;
-u_int p_policy_len;
-char *p_policy;
+static int p_aiflags = 0, p_aifamily = PF_UNSPEC;
-/* temporary buffer */
-static struct sockaddr *pp_addr;
-static u_int pp_prefix;
-static u_int pp_port;
-static caddr_t pp_key;
-
-extern u_char m_buf[BUFSIZ];
-extern int m_len;
-extern char cmdarg[8192];
-extern int f_debug;
-
-static struct addrinfo *parse_addr __P((char *, char *, int));
-static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int));
+static struct addrinfo *parse_addr __P((char *, char *));
+static int setvarbuf __P((char *, int *, struct sadb_ext *, int, caddr_t, int));
void parse_init __P((void));
void free_buffer __P((void));
-extern int setkeymsg __P((void));
-extern int sendkeymsg __P((void));
+int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
+static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
+ struct addrinfo *, int, struct addrinfo *, int));
+static int setkeymsg_addr __P((unsigned int, unsigned int,
+ struct addrinfo *, struct addrinfo *, int));
+static int setkeymsg_add __P((unsigned int, unsigned int,
+ struct addrinfo *, struct addrinfo *));
+extern int setkeymsg __P((char *, size_t *));
+extern int sendkeymsg __P((char *, size_t));
extern int yylex __P((void));
extern void yyfatal __P((const char *));
@@ -94,43 +85,43 @@
%}
%union {
- unsigned long num;
+ int num;
+ unsigned long ulnum;
vchar_t val;
+ struct addrinfo *res;
}
-%token EOT
-%token ADD GET DELETE FLUSH DUMP
-%token ADDRESS PREFIX PORT PORTANY
-%token UP_PROTO PR_ESP PR_AH PR_IPCOMP
+%token EOT SLASH BLCL ELCL
+%token ADD GET DELETE DELETEALL FLUSH DUMP
+%token PR_ESP PR_AH PR_IPCOMP
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
%token F_MODE MODE F_REQID
%token F_EXT EXTENSION NOCYCLICSEQ
%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP
%token F_LIFETIME_HARD F_LIFETIME_SOFT
-%token DECSTRING QUOTEDSTRING HEXSTRING ANY
+%token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
/* SPD management */
%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
+%token F_AIFLAGS
-%type <num> PORT PREFIX EXTENSION MODE
-%type <num> UP_PROTO PR_ESP PR_AH PR_IPCOMP
+%type <num> prefix protocol_spec upper_spec
%type <num> ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP
-%type <num> DECSTRING
-%type <val> ADDRESS PL_REQUESTS
-%type <val> key_string policy_requests
-%type <val> QUOTEDSTRING HEXSTRING
+%type <num> PR_ESP PR_AH PR_IPCOMP
+%type <num> EXTENSION MODE
+%type <ulnum> DECSTRING
+%type <val> PL_REQUESTS portstr key_string
+%type <val> policy_requests
+%type <val> QUOTEDSTRING HEXSTRING STRING
+%type <val> F_AIFLAGS
+%type <val> policy_spec
+%type <res> ipaddr
%%
commands
: /*NOTHING*/
| commands command
{
- if (f_debug) {
- printf("cmdarg:\n%s\n", cmdarg);
- } else {
- setkeymsg();
- sendkeymsg();
- }
free_buffer();
parse_init();
}
@@ -152,66 +143,90 @@
/* add command */
add_command
- : ADD { p_type = SADB_ADD; }
- sa_selector_spec extension_spec algorithm_spec EOT
+ : ADD ipaddropts ipaddr ipaddr protocol_spec spi extension_spec algorithm_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_add(SADB_ADD, $5, $3, $4);
+ if (status < 0)
+ return -1;
+ }
;
/* delete */
delete_command
- : DELETE { p_type = SADB_DELETE; }
- sa_selector_spec extension_spec
+ : DELETE ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
{
+ int status;
+
+ if ($3->ai_next || $4->ai_next) {
+ yyerror("multiple address specified");
+ return -1;
+ }
if (p_mode != IPSEC_MODE_ANY)
yyerror("WARNING: mode is obsoleted.");
+
+ status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 0);
+ if (status < 0)
+ return -1;
}
- EOT
;
/* deleteall command */
deleteall_command
- : DELETEALL { p_type = SADB_DELETE; }
- ipaddress { p_src = pp_addr; }
- ipaddress { p_dst = pp_addr; }
- protocol_spec
- { p_no_spi = 1; }
- EOT
+ : DELETEALL ipaddropts ipaddr ipaddr protocol_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_addr(SADB_DELETE, $5, $3, $4, 1);
+ if (status < 0)
+ return -1;
+ }
;
/* get command */
get_command
- : GET { p_type = SADB_GET; }
- sa_selector_spec extension_spec
+ : GET ipaddropts ipaddr ipaddr protocol_spec spi extension_spec EOT
{
+ int status;
+
if (p_mode != IPSEC_MODE_ANY)
yyerror("WARNING: mode is obsoleted.");
+
+ status = setkeymsg_addr(SADB_GET, $5, $3, $4, 0);
+ if (status < 0)
+ return -1;
}
- EOT
;
/* flush */
flush_command
- : FLUSH { p_type = SADB_FLUSH; }
- protocol_spec EOT
+ : FLUSH protocol_spec EOT
+ {
+ struct sadb_msg msg;
+ setkeymsg0(&msg, SADB_FLUSH, $2, sizeof(msg));
+ sendkeymsg((char *)&msg, sizeof(msg));
+ }
;
/* dump */
dump_command
- : DUMP { p_type = SADB_DUMP; }
- protocol_spec EOT
- ;
-
- /* sa_selector_spec */
-sa_selector_spec
- : ipaddress { p_src = pp_addr; }
- ipaddress { p_dst = pp_addr; }
- protocol_spec spi
+ : DUMP protocol_spec EOT
+ {
+ struct sadb_msg msg;
+ setkeymsg0(&msg, SADB_DUMP, $2, sizeof(msg));
+ sendkeymsg((char *)&msg, sizeof(msg));
+ }
;
protocol_spec
- : /*NOTHING*/ { p_satype = SADB_SATYPE_UNSPEC; }
+ : /*NOTHING*/
+ {
+ $$ = SADB_SATYPE_UNSPEC;
+ }
| PR_ESP
{
- p_satype = SADB_SATYPE_ESP;
+ $$ = SADB_SATYPE_ESP;
if ($1 == 1)
p_ext |= SADB_X_EXT_OLD;
else
@@ -219,7 +234,7 @@
}
| PR_AH
{
- p_satype = SADB_SATYPE_AH;
+ $$ = SADB_SATYPE_AH;
if ($1 == 1)
p_ext |= SADB_X_EXT_OLD;
else
@@ -227,7 +242,7 @@
}
| PR_IPCOMP
{
- p_satype = SADB_X_SATYPE_IPCOMP;
+ $$ = SADB_X_SATYPE_IPCOMP;
}
;
@@ -235,34 +250,21 @@
: DECSTRING { p_spi = $1; }
| HEXSTRING
{
- caddr_t bp;
- caddr_t yp = $1.buf;
- char buf0[4], buf[4];
- int i, j;
+ char *ep;
+ unsigned long v;
- /* sanity check */
- if ($1.len > 4) {
+ ep = NULL;
+ v = strtoul($1.buf, &ep, 16);
+ if (!ep || *ep) {
+ yyerror("invalid SPI");
+ return -1;
+ }
+ if (v & ~0xffffffff) {
yyerror("SPI too big.");
- free($1.buf);
return -1;
}
- bp = buf0;
- while (*yp) {
- *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
- yp += 2, bp++;
- }
-
- /* initialize */
- for (i = 0; i < 4; i++) buf[i] = 0;
-
- for (j = $1.len - 1, i = 3; j >= 0; j--, i--)
- buf[i] = buf0[j];
Home |
Main Index |
Thread Index |
Old Index