1 /* $NetBSD: policy_token.l,v 1.7 2007/07/18 12:07:50 vanhu Exp $ */ 2 3 /* Id: policy_token.l,v 1.12 2005/05/05 12:32:18 manubsd Exp */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 %{ 35 #ifdef HAVE_CONFIG_H 36 #include "config.h" 37 #endif 38 39 #include <sys/types.h> 40 #include <sys/param.h> 41 #include <sys/socket.h> 42 #include <net/pfkeyv2.h> 43 #include <netinet/in.h> 44 #include PATH_IPSEC_H 45 46 #include <stdlib.h> 47 #include <limits.h> 48 #include <string.h> 49 #include <unistd.h> 50 #include <errno.h> 51 52 #include "libpfkey.h" 53 54 #if !defined(__NetBSD__) && !defined(__FreeBSD__) && !defined(__linux__) && \ 55 !defined(__APPLE__) && !defined(__MACH__) 56 #include "y.tab.h" 57 #else 58 #include "policy_parse.h" 59 #endif 60 #define yylval __libipseclval /* XXX */ 61 62 int yylex __P((void)); 63 %} 64 65 %option noyywrap 66 %option nounput 67 68 /* common section */ 69 nl \n 70 ws [ \t]+ 71 digit [0-9] 72 hexdigit [0-9A-Fa-f] 73 special [()+\|\?\*,] 74 dot \. 75 comma \, 76 hyphen \- 77 colon \: 78 slash \/ 79 bcl \{ 80 ecl \} 81 blcl \[ 82 elcl \] 83 percent \% 84 semi \; 85 plus \+ 86 usec {dot}{digit}{1,6} 87 comment \#.* 88 ccomment "/*" 89 bracketstring \<[^>]*\> 90 quotedstring \"[^"]*\" 91 decstring {digit}+ 92 hexpair {hexdigit}{hexdigit} 93 hexstring 0[xX]{hexdigit}+ 94 octetstring {octet}({dot}{octet})+ 95 ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*(%[a-zA-Z0-9]+)? 96 97 %% 98 99 in { yylval.num = IPSEC_DIR_INBOUND; return(DIR); } 100 out { yylval.num = IPSEC_DIR_OUTBOUND; return(DIR); } 101 fwd { 102 #ifdef HAVE_POLICY_FWD 103 yylval.num = IPSEC_DIR_FWD; return(DIR); 104 #else 105 yylval.num = IPSEC_DIR_INBOUND; return(DIR); 106 #endif 107 } 108 109 priority { return(PRIORITY); } 110 prio { return(PRIORITY); } 111 low { yylval.num32 = PRIORITY_LOW; return(PRIO_BASE); } 112 def { yylval.num32 = PRIORITY_DEFAULT; return(PRIO_BASE); } 113 high { yylval.num32 = PRIORITY_HIGH; return(PRIO_BASE); } 114 {plus} { return(PLUS); } 115 {decstring} { 116 yylval.val.len = strlen(yytext); 117 yylval.val.buf = yytext; 118 return(PRIO_OFFSET); 119 } 120 121 discard { yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); } 122 none { yylval.num = IPSEC_POLICY_NONE; return(ACTION); } 123 ipsec { yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); } 124 bypass { yylval.num = IPSEC_POLICY_BYPASS; return(ACTION); } 125 entrust { yylval.num = IPSEC_POLICY_ENTRUST; return(ACTION); } 126 127 esp { yylval.num = IPPROTO_ESP; return(PROTOCOL); } 128 ah { yylval.num = IPPROTO_AH; return(PROTOCOL); } 129 ipcomp { yylval.num = IPPROTO_IPCOMP; return(PROTOCOL); } 130 131 transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } 132 tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } 133 134 me { return(ME); } 135 any { return(ANY); } 136 137 default { yylval.num = IPSEC_LEVEL_DEFAULT; return(LEVEL); } 138 use { yylval.num = IPSEC_LEVEL_USE; return(LEVEL); } 139 require { yylval.num = IPSEC_LEVEL_REQUIRE; return(LEVEL); } 140 unique{colon}{decstring} { 141 yylval.val.len = strlen(yytext + 7); 142 yylval.val.buf = yytext + 7; 143 return(LEVEL_SPECIFY); 144 } 145 unique { yylval.num = IPSEC_LEVEL_UNIQUE; return(LEVEL); } 146 {slash} { return(SLASH); } 147 148 {ipaddress} { 149 yylval.val.len = strlen(yytext); 150 yylval.val.buf = yytext; 151 return(IPADDRESS); 152 } 153 154 {hyphen} { return(HYPHEN); } 155 156 {blcl}{decstring}{elcl} { 157 /* Remove leading '[' and trailing ']' */ 158 yylval.val.buf = yytext + 1; 159 yylval.val.len = strlen(yytext) - 2; 160 161 return(PORT); 162 } 163 164 {ws} { ; } 165 {nl} { ; } 166 167 %% 168 169 void __policy__strbuffer__init__ __P((char *)); 170 void __policy__strbuffer__free__ __P((void)); 171 172 static YY_BUFFER_STATE strbuffer; 173 174 void 175 __policy__strbuffer__init__(msg) 176 char *msg; 177 { 178 if (YY_CURRENT_BUFFER) 179 yy_delete_buffer(YY_CURRENT_BUFFER); 180 strbuffer = (YY_BUFFER_STATE)yy_scan_string(msg); 181 yy_switch_to_buffer(strbuffer); 182 183 return; 184 } 185 186 void 187 __policy__strbuffer__free__() 188 { 189 yy_delete_buffer(strbuffer); 190 191 return; 192 } 193