1 /* $FreeBSD: src/usr.sbin/setkey/parse.y,v 1.1.2.2 2001/07/03 11:02:17 ume Exp $ */
2 /* $KAME: kame/kame/kame/setkey/parse.y,v 1.36 2001/06/07 15:53:12 sakane Exp $ */
5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
38 #include <net/route.h>
39 #include <netinet/in.h>
40 #include <net/pfkeyv2.h>
41 #include <netkey/key_var.h>
42 #include <netinet6/ipsec.h>
43 #include <arpa/inet.h>
56 (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
61 struct sockaddr *p_src, *p_dst;
62 u_int p_prefs, p_prefd, p_upper;
63 u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay, p_mode;
65 u_int p_key_enc_len, p_key_auth_len;
66 caddr_t p_key_enc, p_key_auth;
67 time_t p_lt_hard, p_lt_soft;
72 /* temporary buffer */
73 static struct sockaddr *pp_addr;
74 static u_int pp_prefix;
76 static caddr_t pp_key;
78 extern u_char m_buf[BUFSIZ];
80 extern char cmdarg[8192];
83 static struct addrinfo *parse_addr __P((char *, char *, int));
84 static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int));
85 void parse_init __P((void));
86 void free_buffer __P((void));
88 extern int setkeymsg __P((void));
89 extern int sendkeymsg __P((void));
91 extern int yylex __P((void));
92 extern void yyfatal __P((const char *));
93 extern void yyerror __P((const char *));
102 %token ADD GET DELETE FLUSH DUMP
103 %token ADDRESS PREFIX PORT PORTANY
104 %token UP_PROTO PR_ESP PR_AH PR_IPCOMP
105 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
106 %token F_MODE MODE F_REQID
107 %token F_EXT EXTENSION NOCYCLICSEQ
108 %token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP
109 %token F_LIFETIME_HARD F_LIFETIME_SOFT
110 %token DECSTRING QUOTEDSTRING HEXSTRING STRING ANY
112 %token SPDADD SPDDELETE SPDDUMP SPDFLUSH
113 %token F_POLICY PL_REQUESTS
115 %type <num> PORT PREFIX EXTENSION MODE
116 %type <num> UP_PROTO PR_ESP PR_AH PR_IPCOMP
117 %type <num> ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP
118 %type <num> DECSTRING
119 %type <val> ADDRESS PL_REQUESTS
120 %type <val> key_string policy_requests
121 %type <val> QUOTEDSTRING HEXSTRING STRING
129 printf("cmdarg:\n%s\n", cmdarg);
151 /* commands concerned with management, there is in tail of this file. */
155 : ADD { p_type = SADB_ADD; }
156 sa_selector_spec extension_spec algorithm_spec EOT
161 : DELETE { p_type = SADB_DELETE; }
162 sa_selector_spec extension_spec
164 if (p_mode != IPSEC_MODE_ANY)
165 yyerror("WARNING: mode is obsoleted.");
170 /* deleteall command */
172 : DELETEALL { p_type = SADB_DELETE; }
173 ipaddress { p_src = pp_addr; }
174 ipaddress { p_dst = pp_addr; }
182 : GET { p_type = SADB_GET; }
183 sa_selector_spec extension_spec
185 if (p_mode != IPSEC_MODE_ANY)
186 yyerror("WARNING: mode is obsoleted.");
193 : FLUSH { p_type = SADB_FLUSH; }
199 : DUMP { p_type = SADB_DUMP; }
203 /* sa_selector_spec */
205 : ipaddress { p_src = pp_addr; }
206 ipaddress { p_dst = pp_addr; }
211 : /*NOTHING*/ { p_satype = SADB_SATYPE_UNSPEC; }
214 p_satype = SADB_SATYPE_ESP;
216 p_ext |= SADB_X_EXT_OLD;
218 p_ext &= ~SADB_X_EXT_OLD;
222 p_satype = SADB_SATYPE_AH;
224 p_ext |= SADB_X_EXT_OLD;
226 p_ext &= ~SADB_X_EXT_OLD;
230 p_satype = SADB_X_SATYPE_IPCOMP;
235 : DECSTRING { p_spi = $1; }
240 char buf0[4], buf[4];
245 yyerror("SPI too big.");
252 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
257 for (i = 0; i < 4; i++) buf[i] = 0;
259 for (j = $1.len - 1, i = 3; j >= 0; j--, i--)
263 p_spi = ntohl(*(u_int32_t *)buf);
276 : F_ENC enc_alg enc_key F_AUTH auth_alg auth_key
277 | F_ENC enc_alg enc_key
281 : F_AUTH auth_alg auth_key
285 : F_COMP ALG_COMP { p_alg_enc = $2; }
286 | F_COMP ALG_COMP { p_alg_enc = $2; }
287 F_RAWCPI { p_ext |= SADB_X_EXT_RAWCPI; }
291 : ALG_ENC { p_alg_enc = $1; }
295 if (p_ext & SADB_X_EXT_OLD) {
296 yyerror("algorithm mismatched.");
299 p_ext |= SADB_X_EXT_DERIV;
304 if (!(p_ext & SADB_X_EXT_OLD)) {
305 yyerror("algorithm mismatched.");
308 p_ext |= SADB_X_EXT_IV4B;
315 if (p_alg_enc != SADB_EALG_NULL) {
316 yyerror("no key found.");
322 p_key_enc_len = $1.len;
325 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
327 PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
328 yyerror(ipsec_strerror());
335 : ALG_AUTH { p_alg_auth = $1; }
341 if (p_alg_auth != SADB_X_AALG_NULL) {
342 yyerror("no key found.");
348 p_key_auth_len = $1.len;
351 if (ipsec_check_keylen(SADB_EXT_SUPPORTED_AUTH,
353 PFKEY_UNUNIT64(p_key_auth_len)) < 0) {
354 yyerror(ipsec_strerror());
364 /* free pp_key later */
371 if ((pp_key = malloc($1.len)) == 0) {
373 yyerror("not enough core");
376 memset(pp_key, 0, $1.len);
380 *bp = (ATOX(yp[0]) << 4) | ATOX(yp[1]);
390 | extension_spec extension
394 : F_EXT EXTENSION { p_ext |= $2; }
395 | F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; }
396 | F_MODE MODE { p_mode = $2; }
397 | F_MODE ANY { p_mode = IPSEC_MODE_ANY; }
398 | F_REQID DECSTRING { p_reqid = $2; }
401 if (p_ext & SADB_X_EXT_OLD) {
402 yyerror("replay prevention "
403 "only use on new spec.");
408 | F_LIFETIME_HARD DECSTRING { p_lt_hard = $2; }
409 | F_LIFETIME_SOFT DECSTRING { p_lt_soft = $2; }
412 /* definition about command for SPD management */
417 p_type = SADB_X_SPDADD;
418 p_satype = SADB_SATYPE_UNSPEC;
420 sp_selector_spec policy_spec EOT
426 p_type = SADB_X_SPDDELETE;
427 p_satype = SADB_SATYPE_UNSPEC;
429 sp_selector_spec policy_spec EOT
435 p_type = SADB_X_SPDDUMP;
436 p_satype = SADB_SATYPE_UNSPEC;
444 p_type = SADB_X_SPDFLUSH;
445 p_satype = SADB_SATYPE_UNSPEC;
450 /* sp_selector_spec */
452 : ipaddress { p_src = pp_addr; }
453 prefix { p_prefs = pp_prefix; }
456 switch (p_src->sa_family) {
458 ((struct sockaddr_in *)p_src)->sin_port =
463 ((struct sockaddr_in6 *)p_src)->sin6_port =
471 ipaddress { p_dst = pp_addr; }
472 prefix { p_prefd = pp_prefix; }
475 switch (p_dst->sa_family) {
477 ((struct sockaddr_in *)p_dst)->sin_port =
482 ((struct sockaddr_in6 *)p_dst)->sin6_port =
492 /* XXX is it something userland should check? */
497 if (_INPORTBYSA(p_src) != IPSEC_PORT_ANY
498 || _INPORTBYSA(p_dst) != IPSEC_PORT_ANY) {
499 yyerror("port number must be \"any\".");
502 if ((pp_addr->sa_family == AF_INET6
503 && p_upper == IPPROTO_ICMP)
504 || (pp_addr->sa_family == AF_INET
505 && p_upper == IPPROTO_ICMPV6)) {
506 yyerror("upper layer protocol "
521 struct addrinfo *res;
523 res = parse_addr($1.buf, NULL, AI_NUMERICHOST);
528 pp_addr = (struct sockaddr *)malloc(res->ai_addrlen);
530 yyerror("not enough core");
534 memcpy(pp_addr, res->ai_addr, res->ai_addrlen);
542 : /*NOTHING*/ { pp_prefix = ~0; }
543 | PREFIX { pp_prefix = $1; }
547 : /*NOTHING*/ { pp_port = IPSEC_PORT_ANY; }
548 | PORT { pp_port = $1; }
549 | PORTANY { pp_port = IPSEC_PORT_ANY; }
553 : DECSTRING { p_upper = $1; }
554 | UP_PROTO { p_upper = $1; }
555 | ANY { p_upper = IPSEC_ULPROTO_ANY; }
558 struct protoent *ent;
560 ent = getprotobyname($1.buf);
562 p_upper = ent->p_proto;
564 if (strcmp("icmp6", $1.buf) == 0) {
565 p_upper = IPPROTO_ICMPV6;
566 } else if(strcmp("ip4", $1.buf) == 0) {
567 p_upper = IPPROTO_IPV4;
569 yyerror("invalid upper layer protocol");
579 : F_POLICY policy_requests
581 p_policy = ipsec_set_policy($2.buf, $2.len);
582 if (p_policy == NULL) {
585 yyerror(ipsec_strerror());
589 p_policy_len = ipsec_get_policylen(p_policy);
596 : PL_REQUESTS { $$ = $1; }
604 struct sadb_msg m_msg;
606 m_msg.sadb_msg_version = PF_KEY_V2;
607 m_msg.sadb_msg_type = p_type;
608 m_msg.sadb_msg_errno = 0;
609 m_msg.sadb_msg_satype = p_satype;
610 m_msg.sadb_msg_reserved = 0;
611 m_msg.sadb_msg_seq = 0;
612 m_msg.sadb_msg_pid = getpid();
614 m_len = sizeof(struct sadb_msg);
615 memcpy(m_buf, &m_msg, m_len);
623 /* set encryption algorithm, if present. */
624 if (p_satype != SADB_X_SATYPE_IPCOMP && p_alg_enc != SADB_EALG_NONE) {
625 struct sadb_key m_key;
628 PFKEY_UNIT64(sizeof(m_key)
629 + PFKEY_ALIGN8(p_key_enc_len));
630 m_key.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
631 m_key.sadb_key_bits = p_key_enc_len * 8;
632 m_key.sadb_key_reserved = 0;
635 (struct sadb_ext *)&m_key, sizeof(m_key),
636 (caddr_t)p_key_enc, p_key_enc_len);
639 /* set authentication algorithm, if present. */
640 if (p_alg_auth != SADB_AALG_NONE) {
641 struct sadb_key m_key;
644 PFKEY_UNIT64(sizeof(m_key)
645 + PFKEY_ALIGN8(p_key_auth_len));
646 m_key.sadb_key_exttype = SADB_EXT_KEY_AUTH;
647 m_key.sadb_key_bits = p_key_auth_len * 8;
648 m_key.sadb_key_reserved = 0;
651 (struct sadb_ext *)&m_key, sizeof(m_key),
652 (caddr_t)p_key_auth, p_key_auth_len);
655 /* set lifetime for HARD */
656 if (p_lt_hard != 0) {
657 struct sadb_lifetime m_lt;
658 u_int len = sizeof(struct sadb_lifetime);
660 m_lt.sadb_lifetime_len = PFKEY_UNIT64(len);
661 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
662 m_lt.sadb_lifetime_allocations = 0;
663 m_lt.sadb_lifetime_bytes = 0;
664 m_lt.sadb_lifetime_addtime = p_lt_hard;
665 m_lt.sadb_lifetime_usetime = 0;
667 memcpy(m_buf + m_len, &m_lt, len);
671 /* set lifetime for SOFT */
672 if (p_lt_soft != 0) {
673 struct sadb_lifetime m_lt;
674 u_int len = sizeof(struct sadb_lifetime);
676 m_lt.sadb_lifetime_len = PFKEY_UNIT64(len);
677 m_lt.sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
678 m_lt.sadb_lifetime_allocations = 0;
679 m_lt.sadb_lifetime_bytes = 0;
680 m_lt.sadb_lifetime_addtime = p_lt_soft;
681 m_lt.sadb_lifetime_usetime = 0;
683 memcpy(m_buf + m_len, &m_lt, len);
692 struct sadb_x_sa2 m_sa2;
693 struct sadb_address m_addr;
697 len = sizeof(struct sadb_sa);
698 m_sa.sadb_sa_len = PFKEY_UNIT64(len);
699 m_sa.sadb_sa_exttype = SADB_EXT_SA;
700 m_sa.sadb_sa_spi = htonl(p_spi);
701 m_sa.sadb_sa_replay = p_replay;
702 m_sa.sadb_sa_state = 0;
703 m_sa.sadb_sa_auth = p_alg_auth;
704 m_sa.sadb_sa_encrypt = p_alg_enc;
705 m_sa.sadb_sa_flags = p_ext;
707 memcpy(m_buf + m_len, &m_sa, len);
710 len = sizeof(struct sadb_x_sa2);
711 m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
712 m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
713 m_sa2.sadb_x_sa2_mode = p_mode;
714 m_sa2.sadb_x_sa2_reqid = p_reqid;
716 memcpy(m_buf + m_len, &m_sa2, len);
721 m_addr.sadb_address_len =
722 PFKEY_UNIT64(sizeof(m_addr)
723 + PFKEY_ALIGN8(p_src->sa_len));
724 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
725 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
726 switch (p_src->sa_family) {
728 m_addr.sadb_address_prefixlen =
729 sizeof(struct in_addr) << 3;
733 m_addr.sadb_address_prefixlen =
734 sizeof(struct in6_addr) << 3;
738 yyerror("unsupported address family");
741 m_addr.sadb_address_reserved = 0;
744 (struct sadb_ext *)&m_addr, sizeof(m_addr),
745 (caddr_t)p_src, p_src->sa_len);
748 m_addr.sadb_address_len =
749 PFKEY_UNIT64(sizeof(m_addr)
750 + PFKEY_ALIGN8(p_dst->sa_len));
751 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
752 m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
753 switch (p_dst->sa_family) {
755 m_addr.sadb_address_prefixlen =
756 sizeof(struct in_addr) << 3;
760 m_addr.sadb_address_prefixlen =
761 sizeof(struct in6_addr) << 3;
765 yyerror("unsupported address family");
768 m_addr.sadb_address_reserved = 0;
771 (struct sadb_ext *)&m_addr, sizeof(m_addr),
772 (caddr_t)p_dst, p_dst->sa_len);
776 /* for SPD management */
777 case SADB_X_SPDFLUSH:
782 case SADB_X_SPDDELETE:
784 struct sadb_address m_addr;
787 memcpy(m_buf + m_len, p_policy, p_policy_len);
788 m_len += p_policy_len;
793 m_addr.sadb_address_len =
794 PFKEY_UNIT64(sizeof(m_addr)
795 + PFKEY_ALIGN8(p_src->sa_len));
796 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
797 m_addr.sadb_address_proto = p_upper;
798 switch (p_src->sa_family) {
800 plen = sizeof(struct in_addr) << 3;
804 plen = sizeof(struct in6_addr) << 3;
808 yyerror("unsupported address family");
811 m_addr.sadb_address_prefixlen =
812 (p_prefs != ~0 ? p_prefs : plen);
813 m_addr.sadb_address_reserved = 0;
816 (struct sadb_ext *)&m_addr, sizeof(m_addr),
817 (caddr_t)p_src, p_src->sa_len);
820 m_addr.sadb_address_len =
821 PFKEY_UNIT64(sizeof(m_addr)
822 + PFKEY_ALIGN8(p_dst->sa_len));
823 m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
824 m_addr.sadb_address_proto = p_upper;
825 switch (p_dst->sa_family) {
827 plen = sizeof(struct in_addr) << 3;
831 plen = sizeof(struct in6_addr) << 3;
835 yyerror("unsupported address family");
838 m_addr.sadb_address_prefixlen =
839 (p_prefd != ~0 ? p_prefd : plen);
840 m_addr.sadb_address_reserved = 0;
843 (struct sadb_ext *)&m_addr, sizeof(m_addr),
844 (caddr_t)p_dst, p_dst->sa_len);
849 ((struct sadb_msg *)m_buf)->sadb_msg_len = PFKEY_UNIT64(m_len);
854 static struct addrinfo *
855 parse_addr(host, port, flag)
860 struct addrinfo hints, *res = NULL;
863 memset(&hints, 0, sizeof(hints));
864 hints.ai_family = PF_UNSPEC;
865 hints.ai_socktype = SOCK_DGRAM;
866 hints.ai_flags = flag;
867 error = getaddrinfo(host, port, &hints, &res);
869 yyerror(gai_strerror(error));
872 if (res->ai_next != NULL) {
873 yyerror(gai_strerror(error));
879 setvarbuf(off, ebuf, elen, vbuf, vlen)
881 struct sadb_ext *ebuf;
882 int *off, elen, vlen;
884 memset(m_buf + *off, 0, PFKEY_UNUNIT64(ebuf->sadb_ext_len));
885 memcpy(m_buf + *off, (caddr_t)ebuf, elen);
886 memcpy(m_buf + *off + elen, vbuf, vlen);
887 (*off) += PFKEY_ALIGN8(elen + vlen);
899 p_src = 0, p_dst = 0;
900 pp_prefix = p_prefs = p_prefd = ~0;
901 pp_port = IPSEC_PORT_ANY;
905 p_ext = SADB_X_EXT_CYCSEQ;
906 p_alg_enc = SADB_EALG_NONE;
907 p_alg_auth = SADB_AALG_NONE;
908 p_mode = IPSEC_MODE_ANY;
911 p_key_enc_len = p_key_auth_len = 0;
912 p_key_enc = p_key_auth = 0;
913 p_lt_hard = p_lt_soft = 0;
918 memset(cmdarg, 0, sizeof(cmdarg));
926 if (p_src) free(p_src);
927 if (p_dst) free(p_dst);
928 if (p_key_enc) free(p_key_enc);
929 if (p_key_auth) free(p_key_auth);
projects / dragonfly.git / blob