diff options
| author | Alexander Wirt <formorer@debian.org> | 2012-06-03 08:49:55 +0200 |
|---|---|---|
| committer | Alexander Wirt <formorer@debian.org> | 2012-06-03 08:49:55 +0200 |
| commit | ea27bb406e3d8fe9466ba274af38e6f540ff5bfc (patch) | |
| tree | 9f0c78416f8b617d6af715800ce22815645ee8ec /src | |
| parent | ed902b39d4f4aa2fc8130441d25b849a69b75c15 (diff) | |
| download | conntrack-tools-ea27bb406e3d8fe9466ba274af38e6f540ff5bfc.tar.gz conntrack-tools-ea27bb406e3d8fe9466ba274af38e6f540ff5bfc.zip | |
Imported Upstream version 1.2.1
Diffstat (limited to 'src')
52 files changed, 26840 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..5dbdef3 --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,38 @@ +include $(top_srcdir)/Make_global.am + +AM_YFLAGS = -d + +CLEANFILES = read_config_yy.c read_config_lex.c + +sbin_PROGRAMS = conntrack conntrackd nfct + +conntrack_SOURCES = conntrack.c +conntrack_LDADD = ../extensions/libct_proto_tcp.la ../extensions/libct_proto_udp.la ../extensions/libct_proto_udplite.la ../extensions/libct_proto_icmp.la ../extensions/libct_proto_icmpv6.la ../extensions/libct_proto_sctp.la ../extensions/libct_proto_dccp.la ../extensions/libct_proto_gre.la ../extensions/libct_proto_unknown.la ${LIBNETFILTER_CONNTRACK_LIBS} + +nfct_SOURCES = nfct.c \ + nfct-extensions/timeout.c +nfct_LDADD = ${LIBMNL_LIBS} \ + ${LIBNETFILTER_CONNTRACK_LIBS} \ + ${LIBNETFILTER_CTTIMEOUT_LIBS} + +conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ + local.c log.c mcast.c udp.c netlink.c vector.c \ + filter.c fds.c event.c process.c origin.c date.c \ + cache.c cache-ct.c cache-exp.c \ + cache_timer.c \ + sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \ + traffic_stats.c stats-mode.c \ + network.c cidr.c \ + build.c parse.c \ + channel.c multichannel.c channel_mcast.c channel_udp.c \ + tcp.c channel_tcp.c \ + external_cache.c external_inject.c \ + internal_cache.c internal_bypass.c \ + read_config_yy.y read_config_lex.l + +# yacc and lex generate dirty code +read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls + +conntrackd_LDADD = ${LIBNETFILTER_CONNTRACK_LIBS} + +EXTRA_DIST = read_config_yy.h diff --git a/src/Makefile.in b/src/Makefile.in new file mode 100644 index 0000000..daf7900 --- /dev/null +++ b/src/Makefile.in @@ -0,0 +1,710 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/Make_global.am read_config_lex.c \ + read_config_yy.c read_config_yy.h +sbin_PROGRAMS = conntrack$(EXEEXT) conntrackd$(EXEEXT) nfct$(EXEEXT) +subdir = src +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" +PROGRAMS = $(sbin_PROGRAMS) +am_conntrack_OBJECTS = conntrack.$(OBJEXT) +conntrack_OBJECTS = $(am_conntrack_OBJECTS) +am__DEPENDENCIES_1 = +conntrack_DEPENDENCIES = ../extensions/libct_proto_tcp.la \ + ../extensions/libct_proto_udp.la \ + ../extensions/libct_proto_udplite.la \ + ../extensions/libct_proto_icmp.la \ + ../extensions/libct_proto_icmpv6.la \ + ../extensions/libct_proto_sctp.la \ + ../extensions/libct_proto_dccp.la \ + ../extensions/libct_proto_gre.la \ + ../extensions/libct_proto_unknown.la $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am_conntrackd_OBJECTS = alarm.$(OBJEXT) main.$(OBJEXT) run.$(OBJEXT) \ + hash.$(OBJEXT) queue.$(OBJEXT) rbtree.$(OBJEXT) \ + local.$(OBJEXT) log.$(OBJEXT) mcast.$(OBJEXT) udp.$(OBJEXT) \ + netlink.$(OBJEXT) vector.$(OBJEXT) filter.$(OBJEXT) \ + fds.$(OBJEXT) event.$(OBJEXT) process.$(OBJEXT) \ + origin.$(OBJEXT) date.$(OBJEXT) cache.$(OBJEXT) \ + cache-ct.$(OBJEXT) cache-exp.$(OBJEXT) cache_timer.$(OBJEXT) \ + sync-mode.$(OBJEXT) sync-alarm.$(OBJEXT) sync-ftfw.$(OBJEXT) \ + sync-notrack.$(OBJEXT) traffic_stats.$(OBJEXT) \ + stats-mode.$(OBJEXT) network.$(OBJEXT) cidr.$(OBJEXT) \ + build.$(OBJEXT) parse.$(OBJEXT) channel.$(OBJEXT) \ + multichannel.$(OBJEXT) channel_mcast.$(OBJEXT) \ + channel_udp.$(OBJEXT) tcp.$(OBJEXT) channel_tcp.$(OBJEXT) \ + external_cache.$(OBJEXT) external_inject.$(OBJEXT) \ + internal_cache.$(OBJEXT) internal_bypass.$(OBJEXT) \ + read_config_yy.$(OBJEXT) read_config_lex.$(OBJEXT) +conntrackd_OBJECTS = $(am_conntrackd_OBJECTS) +conntrackd_DEPENDENCIES = $(am__DEPENDENCIES_1) +am__dirstamp = $(am__leading_dot)dirstamp +am_nfct_OBJECTS = nfct.$(OBJEXT) nfct-extensions/timeout.$(OBJEXT) +nfct_OBJECTS = $(am_nfct_OBJECTS) +nfct_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +LEXCOMPILE = $(LEX) $(AM_LFLAGS) $(LFLAGS) +LTLEXCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS) +AM_V_LEX = $(am__v_LEX_@AM_V@) +am__v_LEX_ = $(am__v_LEX_@AM_DEFAULT_V@) +am__v_LEX_0 = @echo " LEX " $@; +YLWRAP = $(top_srcdir)/build-aux/ylwrap +YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS) +LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS) +AM_V_YACC = $(am__v_YACC_@AM_V@) +am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@) +am__v_YACC_0 = @echo " YACC " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(conntrack_SOURCES) $(conntrackd_SOURCES) $(nfct_SOURCES) +DIST_SOURCES = $(conntrack_SOURCES) $(conntrackd_SOURCES) \ + $(nfct_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBMNL_CFLAGS = @LIBMNL_CFLAGS@ +LIBMNL_LIBS = @LIBMNL_LIBS@ +LIBNETFILTER_CONNTRACK_CFLAGS = @LIBNETFILTER_CONNTRACK_CFLAGS@ +LIBNETFILTER_CONNTRACK_LIBS = @LIBNETFILTER_CONNTRACK_LIBS@ +LIBNETFILTER_CTTIMEOUT_CFLAGS = @LIBNETFILTER_CTTIMEOUT_CFLAGS@ +LIBNETFILTER_CTTIMEOUT_LIBS = @LIBNETFILTER_CTTIMEOUT_LIBS@ +LIBNFNETLINK_CFLAGS = @LIBNFNETLINK_CFLAGS@ +LIBNFNETLINK_LIBS = @LIBNFNETLINK_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CPPFLAGS = -I$(top_srcdir)/include +AM_CFLAGS = -std=gnu99 -W -Wall \ + -Wmissing-prototypes -Wwrite-strings -Wcast-qual -Wfloat-equal -Wshadow -Wpointer-arith -Wbad-function-cast -Wsign-compare -Waggregate-return -Wmissing-declarations -Wredundant-decls -Wnested-externs -Winline -Wstrict-prototypes -Wundef \ + -Wno-unused-parameter ${LIBNFNETLINK_CFLAGS} ${LIBMNL_CFLAGS} \ + ${LIBNETFILTER_CONNTRACK_CFLAGS} \ + ${LIBNETFILTER_CTTIMEOUT_CFLAGS} + +AM_YFLAGS = -d +CLEANFILES = read_config_yy.c read_config_lex.c +conntrack_SOURCES = conntrack.c +conntrack_LDADD = ../extensions/libct_proto_tcp.la ../extensions/libct_proto_udp.la ../extensions/libct_proto_udplite.la ../extensions/libct_proto_icmp.la ../extensions/libct_proto_icmpv6.la ../extensions/libct_proto_sctp.la ../extensions/libct_proto_dccp.la ../extensions/libct_proto_gre.la ../extensions/libct_proto_unknown.la ${LIBNETFILTER_CONNTRACK_LIBS} +nfct_SOURCES = nfct.c \ + nfct-extensions/timeout.c + +nfct_LDADD = ${LIBMNL_LIBS} \ + ${LIBNETFILTER_CONNTRACK_LIBS} \ + ${LIBNETFILTER_CTTIMEOUT_LIBS} + +conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ + local.c log.c mcast.c udp.c netlink.c vector.c \ + filter.c fds.c event.c process.c origin.c date.c \ + cache.c cache-ct.c cache-exp.c \ + cache_timer.c \ + sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \ + traffic_stats.c stats-mode.c \ + network.c cidr.c \ + build.c parse.c \ + channel.c multichannel.c channel_mcast.c channel_udp.c \ + tcp.c channel_tcp.c \ + external_cache.c external_inject.c \ + internal_cache.c internal_bypass.c \ + read_config_yy.y read_config_lex.l + +conntrackd_LDADD = ${LIBNETFILTER_CONNTRACK_LIBS} +EXTRA_DIST = read_config_yy.h +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .l .lo .o .obj .y +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/Make_global.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; +$(top_srcdir)/Make_global.am: + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +conntrack$(EXEEXT): $(conntrack_OBJECTS) $(conntrack_DEPENDENCIES) $(EXTRA_conntrack_DEPENDENCIES) + @rm -f conntrack$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(conntrack_OBJECTS) $(conntrack_LDADD) $(LIBS) +read_config_yy.h: read_config_yy.c + @if test ! -f $@; then rm -f read_config_yy.c; else :; fi + @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) read_config_yy.c; else :; fi +conntrackd$(EXEEXT): $(conntrackd_OBJECTS) $(conntrackd_DEPENDENCIES) $(EXTRA_conntrackd_DEPENDENCIES) + @rm -f conntrackd$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(conntrackd_OBJECTS) $(conntrackd_LDADD) $(LIBS) +nfct-extensions/$(am__dirstamp): + @$(MKDIR_P) nfct-extensions + @: > nfct-extensions/$(am__dirstamp) +nfct-extensions/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) nfct-extensions/$(DEPDIR) + @: > nfct-extensions/$(DEPDIR)/$(am__dirstamp) +nfct-extensions/timeout.$(OBJEXT): nfct-extensions/$(am__dirstamp) \ + nfct-extensions/$(DEPDIR)/$(am__dirstamp) +nfct$(EXEEXT): $(nfct_OBJECTS) $(nfct_DEPENDENCIES) $(EXTRA_nfct_DEPENDENCIES) + @rm -f nfct$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(nfct_OBJECTS) $(nfct_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f nfct-extensions/timeout.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alarm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/build.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache-ct.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache-exp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache_timer.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_mcast.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_tcp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_udp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cidr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conntrack.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/date.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/event.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/external_cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/external_inject.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fds.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/filter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/internal_bypass.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/internal_cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/local.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcast.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multichannel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netlink.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/network.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nfct.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/origin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/queue.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rbtree.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/read_config_lex.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/read_config_yy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stats-mode.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sync-alarm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sync-ftfw.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sync-mode.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sync-notrack.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_stats.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vector.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@nfct-extensions/$(DEPDIR)/timeout.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +.l.c: + $(AM_V_LEX)$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) + +.y.c: + $(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(sbindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f nfct-extensions/$(DEPDIR)/$(am__dirstamp) + -rm -f nfct-extensions/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -rm -f read_config_lex.c + -rm -f read_config_yy.c + -rm -f read_config_yy.h +clean: clean-am + +clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) nfct-extensions/$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-sbinPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) nfct-extensions/$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-sbinPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-sbinPROGRAMS ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-sbinPROGRAMS + + +# yacc and lex generate dirty code +read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/alarm.c b/src/alarm.c new file mode 100644 index 0000000..006721a --- /dev/null +++ b/src/alarm.c @@ -0,0 +1,150 @@ +/* + * (C) 2006-2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "alarm.h" +#include "date.h" +#include <stdlib.h> +#include <limits.h> + +static struct rb_root alarm_root = RB_ROOT; + +void init_alarm(struct alarm_block *t, + void *data, + void (*fcn)(struct alarm_block *a, void *data)) +{ + /* initialize the head to check whether a node is inserted */ + RB_CLEAR_NODE(&t->node); + timerclear(&t->tv); + t->data = data; + t->function = fcn; +} + +static void __add_alarm(struct alarm_block *alarm) +{ + struct rb_node **new = &(alarm_root.rb_node); + struct rb_node *parent = NULL; + + while (*new) { + struct alarm_block *this; + + this = container_of(*new, struct alarm_block, node); + + parent = *new; + if (timercmp(&alarm->tv, &this->tv, <)) + new = &((*new)->rb_left); + else + new = &((*new)->rb_right); + } + + rb_link_node(&alarm->node, parent, new); + rb_insert_color(&alarm->node, &alarm_root); +} + +void add_alarm(struct alarm_block *alarm, unsigned long sc, unsigned long usc) +{ + struct timeval tv; + + del_alarm(alarm); + alarm->tv.tv_sec = sc; + alarm->tv.tv_usec = usc; + gettimeofday_cached(&tv); + timeradd(&alarm->tv, &tv, &alarm->tv); + __add_alarm(alarm); +} + +void del_alarm(struct alarm_block *alarm) +{ + /* don't remove a non-inserted node */ + if (!RB_EMPTY_NODE(&alarm->node)) { + rb_erase(&alarm->node, &alarm_root); + RB_CLEAR_NODE(&alarm->node); + } +} + +int alarm_pending(struct alarm_block *alarm) +{ + if (RB_EMPTY_NODE(&alarm->node)) + return 0; + + return 1; +} + +static struct timeval * +calculate_next_run(struct timeval *cand, + struct timeval *tv, + struct timeval *next_run) +{ + if (cand->tv_sec != LONG_MAX) { + if (timercmp(cand, tv, >)) + timersub(cand, tv, next_run); + else { + /* loop again inmediately */ + next_run->tv_sec = 0; + next_run->tv_usec = 0; + } + return next_run; + } + return NULL; +} + +struct timeval * +get_next_alarm_run(struct timeval *next_run) +{ + struct rb_node *node; + struct timeval tv; + + gettimeofday_cached(&tv); + + node = rb_first(&alarm_root); + if (node) { + struct alarm_block *this; + this = container_of(node, struct alarm_block, node); + return calculate_next_run(&this->tv, &tv, next_run); + } + return NULL; +} + +struct timeval * +do_alarm_run(struct timeval *next_run) +{ + struct list_head alarm_run_queue; + struct rb_node *node; + struct alarm_block *this, *tmp; + struct timeval tv; + + gettimeofday_cached(&tv); + + INIT_LIST_HEAD(&alarm_run_queue); + for (node = rb_first(&alarm_root); node; node = rb_next(node)) { + this = container_of(node, struct alarm_block, node); + + if (timercmp(&this->tv, &tv, >)) + break; + + list_add(&this->list, &alarm_run_queue); + } + + /* must be safe as entries can vanish from the callback */ + list_for_each_entry_safe(this, tmp, &alarm_run_queue, list) { + rb_erase(&this->node, &alarm_root); + RB_CLEAR_NODE(&this->node); + this->function(this, this->data); + } + + return get_next_alarm_run(next_run); +} diff --git a/src/build.c b/src/build.c new file mode 100644 index 0000000..7d4ef12 --- /dev/null +++ b/src/build.c @@ -0,0 +1,362 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include <string.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include "network.h" +#include "conntrackd.h" + +static inline void * +put_header(struct nethdr *n, int attr, size_t len) +{ + struct netattr *nta = NETHDR_TAIL(n); + int total_size = NTA_ALIGN(NTA_LENGTH(len)); + int attr_size = NTA_LENGTH(len); + n->len += total_size; + nta->nta_attr = htons(attr); + nta->nta_len = htons(attr_size); + memset((unsigned char *)nta + attr_size, 0, total_size - attr_size); + return NTA_DATA(nta); +} + +static inline void +addattr(struct nethdr *n, int attr, const void *data, size_t len) +{ + void *ptr = put_header(n, attr, len); + memcpy(ptr, data, len); +} + +static inline void +ct_build_u8(const struct nf_conntrack *ct, int a, struct nethdr *n, int b) +{ + void *ptr = put_header(n, b, sizeof(uint8_t)); + memcpy(ptr, nfct_get_attr(ct, a), sizeof(uint8_t)); +} + +static inline void +ct_build_u16(const struct nf_conntrack *ct, int a, struct nethdr *n, int b) +{ + uint16_t data = nfct_get_attr_u16(ct, a); + data = htons(data); + addattr(n, b, &data, sizeof(uint16_t)); +} + +static inline void +ct_build_u32(const struct nf_conntrack *ct, int a, struct nethdr *n, int b) +{ + uint32_t data = nfct_get_attr_u32(ct, a); + data = htonl(data); + addattr(n, b, &data, sizeof(uint32_t)); +} + +static inline void +ct_build_str(const struct nf_conntrack *ct, int a, struct nethdr *n, int b) +{ + const char *data = nfct_get_attr(ct, a); + addattr(n, b, data, strlen(data)+1); +} + +static inline void +ct_build_group(const struct nf_conntrack *ct, int a, struct nethdr *n, + int b, int size) +{ + void *ptr = put_header(n, b, size); + nfct_get_attr_grp(ct, a, ptr); +} + +static inline void +ct_build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n) +{ + struct nta_attr_natseqadj data = { + .orig_seq_correction_pos = + htonl(nfct_get_attr_u32(ct, ATTR_ORIG_NAT_SEQ_CORRECTION_POS)), + .orig_seq_offset_before = + htonl(nfct_get_attr_u32(ct, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE)), + .orig_seq_offset_after = + htonl(nfct_get_attr_u32(ct, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER)), + .repl_seq_correction_pos = + htonl(nfct_get_attr_u32(ct, ATTR_REPL_NAT_SEQ_CORRECTION_POS)), + .repl_seq_offset_before = + htonl(nfct_get_attr_u32(ct, ATTR_REPL_NAT_SEQ_OFFSET_BEFORE)), + .repl_seq_offset_after = + htonl(nfct_get_attr_u32(ct, ATTR_REPL_NAT_SEQ_OFFSET_AFTER)) + }; + addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj)); +} + +static enum nf_conntrack_attr nat_type[] = + { ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, + ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS, + ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ATTR_REPL_NAT_SEQ_OFFSET_AFTER }; + +static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + + if (!nfct_attr_is_set(ct, ATTR_TCP_STATE)) + return; + + ct_build_u8(ct, ATTR_TCP_STATE, n, NTA_TCP_STATE); + if (CONFIG(sync).tcp_window_tracking) { + ct_build_u8(ct, ATTR_TCP_WSCALE_ORIG, n, NTA_TCP_WSCALE_ORIG); + ct_build_u8(ct, ATTR_TCP_WSCALE_REPL, n, NTA_TCP_WSCALE_REPL); + } +} + +static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + + if (!nfct_attr_is_set(ct, ATTR_SCTP_STATE)) + return; + + ct_build_u8(ct, ATTR_SCTP_STATE, n, NTA_SCTP_STATE); + ct_build_u32(ct, ATTR_SCTP_VTAG_ORIG, n, NTA_SCTP_VTAG_ORIG); + ct_build_u32(ct, ATTR_SCTP_VTAG_REPL, n, NTA_SCTP_VTAG_REPL); +} + +static void build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + + if (!nfct_attr_is_set(ct, ATTR_DCCP_STATE)) + return; + + ct_build_u8(ct, ATTR_DCCP_STATE, n, NTA_DCCP_STATE); + ct_build_u8(ct, ATTR_DCCP_ROLE, n, NTA_DCCP_ROLE); +} + +static void build_l4proto_icmp(const struct nf_conntrack *ct, struct nethdr *n) +{ + ct_build_u8(ct, ATTR_ICMP_TYPE, n, NTA_ICMP_TYPE); + ct_build_u8(ct, ATTR_ICMP_CODE, n, NTA_ICMP_CODE); + ct_build_u16(ct, ATTR_ICMP_ID, n, NTA_ICMP_ID); +} + +static void build_l4proto_udp(const struct nf_conntrack *ct, struct nethdr *n) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); +} + +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif + +static struct build_l4proto { + void (*build)(const struct nf_conntrack *, struct nethdr *n); +} l4proto_fcn[IPPROTO_MAX] = { + [IPPROTO_TCP] = { .build = build_l4proto_tcp }, + [IPPROTO_SCTP] = { .build = build_l4proto_sctp }, + [IPPROTO_DCCP] = { .build = build_l4proto_dccp }, + [IPPROTO_ICMP] = { .build = build_l4proto_icmp }, + [IPPROTO_ICMPV6] = { .build = build_l4proto_icmp }, + [IPPROTO_UDP] = { .build = build_l4proto_udp }, +}; + +void ct2msg(const struct nf_conntrack *ct, struct nethdr *n) +{ + uint8_t l4proto = nfct_get_attr_u8(ct, ATTR_L4PROTO); + + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, NTA_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } else if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV6)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV6, n, NTA_IPV6, + sizeof(struct nfct_attr_grp_ipv6)); + } + + ct_build_u32(ct, ATTR_STATUS, n, NTA_STATUS); + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_L4PROTO); + + if (l4proto_fcn[l4proto].build) + l4proto_fcn[l4proto].build(ct, n); + + if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT)) + ct_build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT); + if (nfct_attr_is_set(ct, ATTR_MARK)) + ct_build_u32(ct, ATTR_MARK, n, NTA_MARK); + + /* setup the master conntrack */ + if (nfct_attr_grp_is_set(ct, ATTR_GRP_MASTER_IPV4)) { + ct_build_group(ct, ATTR_GRP_MASTER_IPV4, n, NTA_MASTER_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + ct_build_u8(ct, ATTR_MASTER_L4PROTO, n, NTA_MASTER_L4PROTO); + if (nfct_attr_grp_is_set(ct, ATTR_GRP_MASTER_PORT)) { + ct_build_group(ct, ATTR_GRP_MASTER_PORT, + n, NTA_MASTER_PORT, + sizeof(struct nfct_attr_grp_port)); + } + } else if (nfct_attr_grp_is_set(ct, ATTR_GRP_MASTER_IPV6)) { + ct_build_group(ct, ATTR_GRP_MASTER_IPV6, n, NTA_MASTER_IPV6, + sizeof(struct nfct_attr_grp_ipv6)); + ct_build_u8(ct, ATTR_MASTER_L4PROTO, n, NTA_MASTER_L4PROTO); + if (nfct_attr_grp_is_set(ct, ATTR_GRP_MASTER_PORT)) { + ct_build_group(ct, ATTR_GRP_MASTER_PORT, + n, NTA_MASTER_PORT, + sizeof(struct nfct_attr_grp_port)); + } + } + + /* NAT */ + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) + ct_build_u32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) + ct_build_u32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)) + ct_build_u16(ct, ATTR_REPL_PORT_DST, n, NTA_SPAT_PORT); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)) + ct_build_u16(ct, ATTR_REPL_PORT_SRC, n, NTA_DPAT_PORT); + + /* NAT sequence adjustment */ + if (nfct_attr_is_set_array(ct, nat_type, 6)) + ct_build_natseqadj(ct, n); + + if (nfct_attr_is_set(ct, ATTR_HELPER_NAME)) + ct_build_str(ct, ATTR_HELPER_NAME, n, NTA_HELPER_NAME); +} + +static void +exp_build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n, int a) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, a, + sizeof(struct nfct_attr_grp_port)); +} + +static void +exp_build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n, int a) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, a, + sizeof(struct nfct_attr_grp_port)); +} + +static void +exp_build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n, int a) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, a, + sizeof(struct nfct_attr_grp_port)); +} + +static void +exp_build_l4proto_udp(const struct nf_conntrack *ct, struct nethdr *n, int a) +{ + ct_build_group(ct, ATTR_GRP_ORIG_PORT, n, a, + sizeof(struct nfct_attr_grp_port)); +} + +static struct exp_build_l4proto { + void (*build)(const struct nf_conntrack *, struct nethdr *n, int a); +} exp_l4proto_fcn[IPPROTO_MAX] = { + [IPPROTO_TCP] = { .build = exp_build_l4proto_tcp }, + [IPPROTO_SCTP] = { .build = exp_build_l4proto_sctp }, + [IPPROTO_DCCP] = { .build = exp_build_l4proto_dccp }, + [IPPROTO_UDP] = { .build = exp_build_l4proto_udp }, +}; + +static inline void +exp_build_u32(const struct nf_expect *exp, int a, struct nethdr *n, int b) +{ + uint32_t data = nfexp_get_attr_u32(exp, a); + data = htonl(data); + addattr(n, b, &data, sizeof(uint32_t)); +} + +static inline void +exp_build_str(const struct nf_expect *exp, int a, struct nethdr *n, int b) +{ + const char *data = nfexp_get_attr(exp, a); + addattr(n, b, data, strlen(data)+1); +} + +void exp2msg(const struct nf_expect *exp, struct nethdr *n) +{ + const struct nf_conntrack *ct = nfexp_get_attr(exp, ATTR_EXP_MASTER); + uint8_t l4proto = nfct_get_attr_u8(ct, ATTR_L4PROTO); + + /* master conntrack for this expectation. */ + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, NTA_EXP_MASTER_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } else if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV6)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV6, n, NTA_EXP_MASTER_IPV6, + sizeof(struct nfct_attr_grp_ipv6)); + } + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_MASTER_L4PROTO); + + if (exp_l4proto_fcn[l4proto].build) + exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_MASTER_PORT); + + /* the expectation itself. */ + ct = nfexp_get_attr(exp, ATTR_EXP_EXPECTED); + + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, NTA_EXP_EXPECT_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } else if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV6)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV6, n, NTA_EXP_EXPECT_IPV6, + sizeof(struct nfct_attr_grp_ipv6)); + } + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_EXPECT_L4PROTO); + + if (exp_l4proto_fcn[l4proto].build) + exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_EXPECT_PORT); + + /* mask for the expectation. */ + ct = nfexp_get_attr(exp, ATTR_EXP_MASK); + + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, NTA_EXP_MASK_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } else if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV6)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV6, n, NTA_EXP_MASK_IPV6, + sizeof(struct nfct_attr_grp_ipv6)); + } + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_MASK_L4PROTO); + + if (exp_l4proto_fcn[l4proto].build) + exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_MASK_PORT); + + if (!CONFIG(commit_timeout) && nfexp_attr_is_set(exp, ATTR_EXP_TIMEOUT)) + exp_build_u32(exp, ATTR_EXP_TIMEOUT, n, NTA_EXP_TIMEOUT); + + exp_build_u32(exp, ATTR_EXP_FLAGS, n, NTA_EXP_FLAGS); + if (nfexp_attr_is_set(exp, ATTR_EXP_CLASS)) + exp_build_u32(exp, ATTR_EXP_CLASS, n, NTA_EXP_CLASS); + + /* include NAT information, if any. */ + ct = nfexp_get_attr(exp, ATTR_EXP_NAT_TUPLE); + if (ct != NULL) { + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, + NTA_EXP_NAT_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_NAT_L4PROTO); + if (exp_l4proto_fcn[l4proto].build) + exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_NAT_PORT); + + exp_build_u32(exp, ATTR_EXP_NAT_DIR, n, NTA_EXP_NAT_DIR); + } + exp_build_str(exp, ATTR_EXP_HELPER_NAME, n, NTA_EXP_HELPER_NAME); + if (nfexp_attr_is_set(exp, ATTR_EXP_FN)) + exp_build_str(exp, ATTR_EXP_FN, n, NTA_EXP_FN); +} diff --git a/src/cache-ct.c b/src/cache-ct.c new file mode 100644 index 0000000..0ad8d2a --- /dev/null +++ b/src/cache-ct.c @@ -0,0 +1,356 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "cache.h" +#include "hash.h" +#include "log.h" +#include "conntrackd.h" +#include "netlink.h" +#include "event.h" +#include "jhash.h" +#include "network.h" + +#include <errno.h> +#include <string.h> +#include <time.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static uint32_t +cache_hash4_ct(const struct nf_conntrack *ct, const struct hashtable *table) +{ + uint32_t a[4] = { + [0] = nfct_get_attr_u32(ct, ATTR_IPV4_SRC), + [1] = nfct_get_attr_u32(ct, ATTR_IPV4_DST), + [2] = nfct_get_attr_u8(ct, ATTR_L3PROTO) << 16 | + nfct_get_attr_u8(ct, ATTR_L4PROTO), + [3] = nfct_get_attr_u16(ct, ATTR_PORT_SRC) << 16 | + nfct_get_attr_u16(ct, ATTR_PORT_DST), + }; + + /* + * Instead of returning hash % table->hashsize (implying a divide) + * we return the high 32 bits of the (hash * table->hashsize) that will + * give results between [0 and hashsize-1] and same hash distribution, + * but using a multiply, less expensive than a divide. See: + * http://www.mail-archive.com/netdev@vger.kernel.org/msg56623.html + */ + return ((uint64_t)jhash2(a, 4, 0) * table->hashsize) >> 32; +} + +static uint32_t +cache_hash6_ct(const struct nf_conntrack *ct, const struct hashtable *table) +{ + uint32_t a[10]; + + memcpy(&a[0], nfct_get_attr(ct, ATTR_IPV6_SRC), sizeof(uint32_t)*4); + memcpy(&a[4], nfct_get_attr(ct, ATTR_IPV6_SRC), sizeof(uint32_t)*4); + a[8] = nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO) << 16 | + nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO); + a[9] = nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC) << 16 | + nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST); + + return ((uint64_t)jhash2(a, 10, 0) * table->hashsize) >> 32; +} + +static uint32_t +cache_ct_hash(const void *data, const struct hashtable *table) +{ + int ret = 0; + const struct nf_conntrack *ct = data; + + switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { + case AF_INET: + ret = cache_hash4_ct(ct, table); + break; + case AF_INET6: + ret = cache_hash6_ct(ct, table); + break; + default: + dlog(LOG_ERR, "unknown layer 3 proto in hash"); + break; + } + return ret; +} + +static int cache_ct_cmp(const void *data1, const void *data2) +{ + const struct cache_object *obj = data1; + const struct nf_conntrack *ct = data2; + + return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG) && + nfct_get_attr_u32(obj->ptr, ATTR_ID) == + nfct_get_attr_u32(ct, ATTR_ID); +} + +static void *cache_ct_alloc(void) +{ + return nfct_new(); +} + +static void cache_ct_free(void *ptr) +{ + nfct_destroy(ptr); +} + +static void cache_ct_copy(void *dst, void *src, unsigned int flags) +{ + nfct_copy(dst, src, flags); +} + +static int cache_ct_dump_step(void *data1, void *n) +{ + char buf[1024]; + int size; + struct __dump_container *container = data1; + struct cache_object *obj = n; + char *data = obj->data; + unsigned i; + + /* + * XXX: Do not dump the entries that are scheduled to expire. + * These entries talk about already destroyed connections + * that we keep for some time just in case that we have to + * resent some lost messages. We do not show them to the + * user as he may think that the firewall replicas are not + * in sync. The branch below is a hack as it is quite + * specific and it breaks conntrackd modularity. Probably + * there's a nicer way to do this but until I come up with it... + */ + if (CONFIG(flags) & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD) + return 0; + + /* do not show cached timeout, this may confuse users */ + if (nfct_attr_is_set(obj->ptr, ATTR_TIMEOUT)) + nfct_attr_unset(obj->ptr, ATTR_TIMEOUT); + + memset(buf, 0, sizeof(buf)); + size = nfct_snprintf(buf, + sizeof(buf), + obj->ptr, + NFCT_T_UNKNOWN, + container->type, + 0); + + for (i = 0; i < obj->cache->num_features; i++) { + if (obj->cache->features[i]->dump) { + size += obj->cache->features[i]->dump(obj, + data, + buf+size, + container->type); + data += obj->cache->features[i]->size; + } + } + if (container->type != NFCT_O_XML) { + long tm = time(NULL); + size += sprintf(buf+size, " [active since %lds]", + tm - obj->lifetime); + } + size += sprintf(buf+size, "\n"); + if (send(container->fd, buf, size, 0) == -1) { + if (errno != EPIPE) + return -1; + } + + return 0; +} + +static void +cache_ct_commit_step(struct __commit_container *tmp, struct cache_object *obj) +{ + int ret, retry = 1, timeout; + struct nf_conntrack *ct = obj->ptr; + + if (CONFIG(commit_timeout)) { + timeout = CONFIG(commit_timeout); + } else { + timeout = time(NULL) - obj->lastupdate; + if (timeout < 0) { + /* XXX: Arbitrarily set the timer to one minute, how + * can this happen? For example, an adjustment due to + * daylight-saving. Probably other situations can + * trigger this. */ + timeout = 60; + } + /* calculate an estimation of the current timeout */ + timeout = nfct_get_attr_u32(ct, ATTR_TIMEOUT) - timeout; + if (timeout < 0) { + timeout = 60; + } + } + +retry: + if (nl_create_conntrack(tmp->h, ct, timeout) == -1) { + if (errno == EEXIST && retry == 1) { + ret = nl_destroy_conntrack(tmp->h, ct); + if (ret == 0 || (ret == -1 && errno == ENOENT)) { + if (retry) { + retry = 0; + goto retry; + } + } + dlog(LOG_ERR, "commit-destroy: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + tmp->c->stats.commit_fail++; + } else { + dlog(LOG_ERR, "commit-create: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + tmp->c->stats.commit_fail++; + } + } else { + tmp->c->stats.commit_ok++; + } +} + +static int cache_ct_commit_related(void *data, void *n) +{ + struct cache_object *obj = n; + + if (ct_is_related(obj->ptr)) + cache_ct_commit_step(data, obj); + + /* keep iterating even if we have found errors */ + return 0; +} + +static int cache_ct_commit_master(void *data, void *n) +{ + struct cache_object *obj = n; + + if (ct_is_related(obj->ptr)) + return 0; + + cache_ct_commit_step(data, obj); + return 0; +} + +static int cache_ct_commit(struct cache *c, struct nfct_handle *h, int clientfd) +{ + unsigned int commit_ok, commit_fail; + struct __commit_container tmp = { + .h = h, + .c = c, + }; + struct timeval commit_stop, res; + + /* we already have one commit in progress, skip this. The clientfd + * descriptor has to be closed by the caller. */ + if (clientfd && STATE_SYNC(commit).clientfd != -1) + return -1; + + switch(STATE_SYNC(commit).state) { + case COMMIT_STATE_INACTIVE: + gettimeofday(&STATE_SYNC(commit).stats.start, NULL); + STATE_SYNC(commit).stats.ok = c->stats.commit_ok; + STATE_SYNC(commit).stats.fail = c->stats.commit_fail; + STATE_SYNC(commit).clientfd = clientfd; + case COMMIT_STATE_MASTER: + STATE_SYNC(commit).current = + hashtable_iterate_limit(c->h, &tmp, + STATE_SYNC(commit).current, + CONFIG(general).commit_steps, + cache_ct_commit_master); + if (STATE_SYNC(commit).current < CONFIG(hashsize)) { + STATE_SYNC(commit).state = COMMIT_STATE_MASTER; + /* give it another step as soon as possible */ + write_evfd(STATE_SYNC(commit).evfd); + return 1; + } + STATE_SYNC(commit).current = 0; + STATE_SYNC(commit).state = COMMIT_STATE_RELATED; + case COMMIT_STATE_RELATED: + STATE_SYNC(commit).current = + hashtable_iterate_limit(c->h, &tmp, + STATE_SYNC(commit).current, + CONFIG(general).commit_steps, + cache_ct_commit_related); + if (STATE_SYNC(commit).current < CONFIG(hashsize)) { + STATE_SYNC(commit).state = COMMIT_STATE_RELATED; + /* give it another step as soon as possible */ + write_evfd(STATE_SYNC(commit).evfd); + return 1; + } + /* calculate the time that commit has taken */ + gettimeofday(&commit_stop, NULL); + timersub(&commit_stop, &STATE_SYNC(commit).stats.start, &res); + + /* calculate new entries committed */ + commit_ok = c->stats.commit_ok - STATE_SYNC(commit).stats.ok; + commit_fail = + c->stats.commit_fail - STATE_SYNC(commit).stats.fail; + + /* log results */ + dlog(LOG_NOTICE, "Committed %u new entries", commit_ok); + + if (commit_fail) + dlog(LOG_NOTICE, "%u entries can't be " + "committed", commit_fail); + + dlog(LOG_NOTICE, "commit has taken %lu.%06lu seconds", + res.tv_sec, res.tv_usec); + + /* prepare the state machine for new commits */ + STATE_SYNC(commit).current = 0; + STATE_SYNC(commit).state = COMMIT_STATE_INACTIVE; + + return 0; + } + return 1; +} + +static struct nethdr * +cache_ct_build_msg(const struct cache_object *obj, int type) +{ + return BUILD_NETMSG_FROM_CT(obj->ptr, type); +} + +/* template to cache conntracks coming from the kernel. */ +struct cache_ops cache_sync_internal_ct_ops = { + .hash = cache_ct_hash, + .cmp = cache_ct_cmp, + .alloc = cache_ct_alloc, + .free = cache_ct_free, + .copy = cache_ct_copy, + .dump_step = cache_ct_dump_step, + .commit = NULL, + .build_msg = cache_ct_build_msg, +}; + +/* template to cache conntracks coming from the network. */ +struct cache_ops cache_sync_external_ct_ops = { + .hash = cache_ct_hash, + .cmp = cache_ct_cmp, + .alloc = cache_ct_alloc, + .free = cache_ct_free, + .copy = cache_ct_copy, + .dump_step = cache_ct_dump_step, + .commit = cache_ct_commit, + .build_msg = NULL, +}; + +/* template to cache conntracks for the statistics mode. */ +struct cache_ops cache_stats_ct_ops = { + .hash = cache_ct_hash, + .cmp = cache_ct_cmp, + .alloc = cache_ct_alloc, + .free = cache_ct_free, + .copy = cache_ct_copy, + .dump_step = cache_ct_dump_step, + .commit = NULL, + .build_msg = NULL, +}; diff --git a/src/cache-exp.c b/src/cache-exp.c new file mode 100644 index 0000000..e88877a --- /dev/null +++ b/src/cache-exp.c @@ -0,0 +1,308 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "cache.h" +#include "hash.h" +#include "log.h" +#include "conntrackd.h" +#include "netlink.h" +#include "event.h" +#include "jhash.h" +#include "network.h" + +#include <errno.h> +#include <string.h> +#include <time.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static uint32_t +cache_hash4_exp(const struct nf_conntrack *ct, const struct hashtable *table) +{ + uint32_t a[4] = { + [0] = nfct_get_attr_u32(ct, ATTR_IPV4_SRC), + [1] = nfct_get_attr_u32(ct, ATTR_IPV4_DST), + [2] = nfct_get_attr_u8(ct, ATTR_L3PROTO) << 16 | + nfct_get_attr_u8(ct, ATTR_L4PROTO), + [3] = nfct_get_attr_u16(ct, ATTR_PORT_SRC) << 16 | + nfct_get_attr_u16(ct, ATTR_PORT_DST), + }; + + /* + * Instead of returning hash % table->hashsize (implying a divide) + * we return the high 32 bits of the (hash * table->hashsize) that will + * give results between [0 and hashsize-1] and same hash distribution, + * but using a multiply, less expensive than a divide. See: + * http://www.mail-archive.com/netdev@vger.kernel.org/msg56623.html + */ + return ((uint64_t)jhash2(a, 4, 0) * table->hashsize) >> 32; +} + +static uint32_t +cache_hash6_exp(const struct nf_conntrack *ct, const struct hashtable *table) +{ + uint32_t a[10]; + + memcpy(&a[0], nfct_get_attr(ct, ATTR_IPV6_SRC), sizeof(uint32_t)*4); + memcpy(&a[4], nfct_get_attr(ct, ATTR_IPV6_SRC), sizeof(uint32_t)*4); + a[8] = nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO) << 16 | + nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO); + a[9] = nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC) << 16 | + nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST); + + return ((uint64_t)jhash2(a, 10, 0) * table->hashsize) >> 32; +} + +static uint32_t +cache_exp_hash(const void *data, const struct hashtable *table) +{ + int ret = 0; + const struct nf_expect *exp = data; + const struct nf_conntrack *ct = nfexp_get_attr(exp, ATTR_EXP_MASTER); + + switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { + case AF_INET: + ret = cache_hash4_exp(ct, table); + break; + case AF_INET6: + ret = cache_hash6_exp(ct, table); + break; + default: + dlog(LOG_ERR, "unknown layer 3 proto in hash"); + break; + } + return ret; +} + +static int cache_exp_cmp(const void *data1, const void *data2) +{ + const struct cache_object *obj = data1; + const struct nf_expect *exp = data2; + + return nfexp_cmp(obj->ptr, exp, 0); +} + +static void *cache_exp_alloc(void) +{ + return nfexp_new(); +} + +static void cache_exp_free(void *ptr) +{ + nfexp_destroy(ptr); +} + +static void cache_exp_copy(void *dst, void *src, unsigned int flags) +{ + /* XXX: add nfexp_copy(...) to libnetfilter_conntrack. */ + memcpy(dst, src, nfexp_maxsize()); +} + +static int cache_exp_dump_step(void *data1, void *n) +{ + char buf[1024]; + int size; + struct __dump_container *container = data1; + struct cache_object *obj = n; + char *data = obj->data; + unsigned i; + + /* + * XXX: Do not dump the entries that are scheduled to expire. + * These entries talk about already destroyed connections + * that we keep for some time just in case that we have to + * resent some lost messages. We do not show them to the + * user as he may think that the firewall replicas are not + * in sync. The branch below is a hack as it is quite + * specific and it breaks conntrackd modularity. Probably + * there's a nicer way to do this but until I come up with it... + */ + if (CONFIG(flags) & CTD_SYNC_FTFW && obj->status == C_OBJ_DEAD) + return 0; + + /* do not show cached timeout, this may confuse users */ + if (nfexp_attr_is_set(obj->ptr, ATTR_EXP_TIMEOUT)) + nfexp_attr_unset(obj->ptr, ATTR_EXP_TIMEOUT); + + memset(buf, 0, sizeof(buf)); + size = nfexp_snprintf(buf, sizeof(buf),obj->ptr, + NFCT_T_UNKNOWN, container->type, 0); + + for (i = 0; i < obj->cache->num_features; i++) { + if (obj->cache->features[i]->dump) { + size += obj->cache->features[i]->dump(obj, data, + buf+size, + container->type); + data += obj->cache->features[i]->size; + } + } + if (container->type != NFCT_O_XML) { + long tm = time(NULL); + size += sprintf(buf+size, " [active since %lds]", + tm - obj->lifetime); + } + size += sprintf(buf+size, "\n"); + if (send(container->fd, buf, size, 0) == -1) { + if (errno != EPIPE) + return -1; + } + + return 0; +} + +static int cache_exp_commit_step(void *data, void *n) +{ + struct cache_object *obj = n; + struct __commit_container *tmp = data; + int ret, retry = 1, timeout; + struct nf_expect *exp = obj->ptr; + + if (CONFIG(commit_timeout)) { + timeout = CONFIG(commit_timeout); + } else { + timeout = time(NULL) - obj->lastupdate; + if (timeout < 0) { + /* XXX: Arbitrarily set the timer to one minute, how + * can this happen? For example, an adjustment due to + * daylight-saving. Probably other situations can + * trigger this. */ + timeout = 60; + } + /* calculate an estimation of the current timeout */ + timeout = nfexp_get_attr_u32(exp, ATTR_EXP_TIMEOUT) - timeout; + if (timeout < 0) { + timeout = 60; + } + } + +retry: + if (nl_create_expect(tmp->h, exp, timeout) == -1) { + if (errno == EEXIST && retry == 1) { + ret = nl_destroy_expect(tmp->h, exp); + if (ret == 0 || (ret == -1 && errno == ENOENT)) { + if (retry) { + retry = 0; + goto retry; + } + } + dlog(LOG_ERR, "commit-destroy: %s", strerror(errno)); + dlog_exp(STATE(log), exp, NFCT_O_PLAIN); + tmp->c->stats.commit_fail++; + } else { + dlog(LOG_ERR, "commit-create: %s", strerror(errno)); + dlog_exp(STATE(log), exp, NFCT_O_PLAIN); + tmp->c->stats.commit_fail++; + } + } else { + tmp->c->stats.commit_ok++; + } + /* keep iterating even if we have found errors */ + return 0; +} + +static int +cache_exp_commit(struct cache *c, struct nfct_handle *h, int clientfd) +{ + unsigned int commit_ok, commit_fail; + struct timeval commit_stop, res; + struct __commit_container tmp = { + .h = h, + .c = c, + }; + + /* we already have one commit in progress, skip this. The clientfd + * descriptor has to be closed by the caller. */ + if (clientfd && STATE_SYNC(commit).clientfd != -1) + return -1; + + switch(STATE_SYNC(commit).state) { + case COMMIT_STATE_INACTIVE: + gettimeofday(&STATE_SYNC(commit).stats.start, NULL); + STATE_SYNC(commit).stats.ok = c->stats.commit_ok; + STATE_SYNC(commit).stats.fail = c->stats.commit_fail; + STATE_SYNC(commit).clientfd = clientfd; + case COMMIT_STATE_MASTER: + STATE_SYNC(commit).current = + hashtable_iterate_limit(c->h, &tmp, + STATE_SYNC(commit).current, + CONFIG(general).commit_steps, + cache_exp_commit_step); + if (STATE_SYNC(commit).current < CONFIG(hashsize)) { + STATE_SYNC(commit).state = COMMIT_STATE_MASTER; + /* give it another step as soon as possible */ + write_evfd(STATE_SYNC(commit).evfd); + return 1; + } + + /* calculate the time that commit has taken */ + gettimeofday(&commit_stop, NULL); + timersub(&commit_stop, &STATE_SYNC(commit).stats.start, &res); + + /* calculate new entries committed */ + commit_ok = c->stats.commit_ok - STATE_SYNC(commit).stats.ok; + commit_fail = + c->stats.commit_fail - STATE_SYNC(commit).stats.fail; + + /* log results */ + dlog(LOG_NOTICE, "Committed %u new expectations", commit_ok); + + if (commit_fail) + dlog(LOG_NOTICE, "%u expectations can't be " + "committed", commit_fail); + + dlog(LOG_NOTICE, "commit has taken %lu.%06lu seconds", + res.tv_sec, res.tv_usec); + + /* prepare the state machine for new commits */ + STATE_SYNC(commit).current = 0; + STATE_SYNC(commit).state = COMMIT_STATE_INACTIVE; + + return 0; + } + return 1; +} + +static struct nethdr * +cache_exp_build_msg(const struct cache_object *obj, int type) +{ + return BUILD_NETMSG_FROM_EXP(obj->ptr, type); +} + +/* template to cache expectations coming from the kernel. */ +struct cache_ops cache_sync_internal_exp_ops = { + .hash = cache_exp_hash, + .cmp = cache_exp_cmp, + .alloc = cache_exp_alloc, + .free = cache_exp_free, + .copy = cache_exp_copy, + .dump_step = cache_exp_dump_step, + .commit = NULL, + .build_msg = cache_exp_build_msg, +}; + +/* template to cache expectations coming from the network. */ +struct cache_ops cache_sync_external_exp_ops = { + .hash = cache_exp_hash, + .cmp = cache_exp_cmp, + .alloc = cache_exp_alloc, + .free = cache_exp_free, + .copy = cache_exp_copy, + .dump_step = cache_exp_dump_step, + .commit = cache_exp_commit, + .build_msg = NULL, +}; diff --git a/src/cache.c b/src/cache.c new file mode 100644 index 0000000..7c41e54 --- /dev/null +++ b/src/cache.c @@ -0,0 +1,405 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "cache.h" +#include "jhash.h" +#include "hash.h" +#include "log.h" +#include "conntrackd.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> + +struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = { + [TIMER_FEATURE] = &timer_feature, +}; + +struct cache *cache_create(const char *name, enum cache_type type, + unsigned int features, + struct cache_extra *extra, + struct cache_ops *ops) +{ + size_t size = sizeof(struct cache_object); + int i, j = 0; + struct cache *c; + struct cache_feature *feature_array[CACHE_MAX_FEATURE] = {}; + unsigned int feature_offset[CACHE_MAX_FEATURE] = {}; + unsigned int feature_type[CACHE_MAX_FEATURE] = {}; + + if (type == CACHE_T_NONE || type >= CACHE_T_MAX) + return NULL; + + c = malloc(sizeof(struct cache)); + if (!c) + return NULL; + memset(c, 0, sizeof(struct cache)); + + strcpy(c->name, name); + c->type = type; + + for (i = 0; i < CACHE_MAX_FEATURE; i++) { + if ((1 << i) & features) { + feature_array[j] = cache_feature[i]; + feature_offset[j] = size; + feature_type[i] = j; + size += cache_feature[i]->size; + j++; + } + } + + memcpy(c->feature_type, feature_type, sizeof(feature_type)); + + c->features = malloc(sizeof(struct cache_feature) * j); + if (!c->features) { + free(c); + return NULL; + } + memcpy(c->features, feature_array, sizeof(struct cache_feature) * j); + c->num_features = j; + + c->extra_offset = size; + c->extra = extra; + if (extra) + size += extra->size; + + c->feature_offset = malloc(sizeof(unsigned int) * j); + if (!c->feature_offset) { + free(c->features); + free(c); + return NULL; + } + memcpy(c->feature_offset, feature_offset, sizeof(unsigned int) * j); + + if (!ops || !ops->hash || !ops->cmp || + !ops->alloc || !ops->copy || !ops->free) { + free(c->feature_offset); + free(c->features); + free(c); + return NULL; + } + c->ops = ops; + + c->h = hashtable_create(CONFIG(hashsize), + CONFIG(limit), + c->ops->hash, + c->ops->cmp); + if (!c->h) { + free(c->features); + free(c->feature_offset); + free(c); + return NULL; + } + c->object_size = size; + + return c; +} + +void cache_destroy(struct cache *c) +{ + cache_flush(c); + hashtable_destroy(c->h); + free(c->features); + free(c->feature_offset); + free(c); +} + +struct cache_object *cache_object_new(struct cache *c, void *ptr) +{ + struct cache_object *obj; + + obj = calloc(c->object_size, 1); + if (obj == NULL) { + errno = ENOMEM; + c->stats.add_fail_enomem++; + return NULL; + } + obj->cache = c; + + obj->ptr = c->ops->alloc(); + if (obj->ptr == NULL) { + free(obj); + errno = ENOMEM; + c->stats.add_fail_enomem++; + return NULL; + } + c->ops->copy(obj->ptr, ptr, NFCT_CP_OVERRIDE); + obj->status = C_OBJ_NONE; + c->stats.objects++; + + return obj; +} + +void cache_object_free(struct cache_object *obj) +{ + obj->cache->stats.objects--; + obj->cache->ops->free(obj->ptr); + + free(obj); +} + +int cache_object_put(struct cache_object *obj) +{ + if (--obj->refcnt == 0) { + cache_del(obj->cache, obj); + cache_object_free(obj); + return 1; + } + return 0; +} + +void cache_object_get(struct cache_object *obj) +{ + obj->refcnt++; +} + +void cache_object_set_status(struct cache_object *obj, int status) +{ + if (status == C_OBJ_DEAD) { + obj->cache->stats.del_ok++; + obj->cache->stats.active--; + } + obj->status = status; +} + +static int __add(struct cache *c, struct cache_object *obj, int id) +{ + int ret; + unsigned int i; + char *data = obj->data; + + ret = hashtable_add(c->h, &obj->hashnode, id); + if (ret == -1) + return -1; + + for (i = 0; i < c->num_features; i++) { + c->features[i]->add(obj, data); + data += c->features[i]->size; + } + + if (c->extra && c->extra->add) + c->extra->add(obj, ((char *) obj) + c->extra_offset); + + c->stats.active++; + obj->lifetime = obj->lastupdate = time_cached(); + obj->status = C_OBJ_NEW; + obj->refcnt++; + return 0; +} + +int cache_add(struct cache *c, struct cache_object *obj, int id) +{ + int ret; + + ret = __add(c, obj, id); + if (ret == -1) { + c->stats.add_fail++; + if (errno == ENOSPC) + c->stats.add_fail_enospc++; + return -1; + } + c->stats.add_ok++; + return 0; +} + +void cache_update(struct cache *c, struct cache_object *obj, int id, void *ptr) +{ + char *data = obj->data; + unsigned int i; + + c->ops->copy(obj->ptr, ptr, NFCT_CP_META); + + for (i = 0; i < c->num_features; i++) { + c->features[i]->update(obj, data); + data += c->features[i]->size; + } + + if (c->extra && c->extra->update) + c->extra->update(obj, ((char *) obj) + c->extra_offset); + + c->stats.upd_ok++; + obj->lastupdate = time_cached(); + obj->status = C_OBJ_ALIVE; +} + +static void __del(struct cache *c, struct cache_object *obj) +{ + unsigned i; + char *data = obj->data; + + for (i = 0; i < c->num_features; i++) { + c->features[i]->destroy(obj, data); + data += c->features[i]->size; + } + + if (c->extra && c->extra->destroy) + c->extra->destroy(obj, ((char *) obj) + c->extra_offset); + + hashtable_del(c->h, &obj->hashnode); +} + +void cache_del(struct cache *c, struct cache_object *obj) +{ + /* + * Do not increase stats if we are trying to + * kill an entry was previously deleted via + * __cache_del_timer. + */ + if (obj->status != C_OBJ_DEAD) { + c->stats.del_ok++; + c->stats.active--; + } + __del(c, obj); +} + +struct cache_object *cache_update_force(struct cache *c, void *ptr) +{ + struct cache_object *obj; + int id; + + obj = cache_find(c, ptr, &id); + if (obj) { + if (obj->status != C_OBJ_DEAD) { + cache_update(c, obj, id, ptr); + return obj; + } else { + cache_del(c, obj); + cache_object_free(obj); + } + } + obj = cache_object_new(c, ptr); + if (obj == NULL) + return NULL; + + if (cache_add(c, obj, id) == -1) { + cache_object_free(obj); + return NULL; + } + + return obj; +} + +struct cache_object *cache_find(struct cache *c, void *ptr, int *id) +{ + *id = hashtable_hash(c->h, ptr); + return ((struct cache_object *) hashtable_find(c->h, ptr, *id)); +} + +void *cache_get_extra(struct cache_object *obj) +{ + return (char*)obj + obj->cache->extra_offset; +} + +void cache_stats(const struct cache *c, int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "cache %s:\n" + "current active connections:\t%12u\n" + "connections created:\t\t%12u\tfailed:\t%12u\n" + "connections updated:\t\t%12u\tfailed:\t%12u\n" + "connections destroyed:\t\t%12u\tfailed:\t%12u\n\n", + c->name, + c->stats.active, + c->stats.add_ok, + c->stats.add_fail, + c->stats.upd_ok, + c->stats.upd_fail, + c->stats.del_ok, + c->stats.del_fail); + send(fd, buf, size, 0); +} + +void cache_stats_extended(const struct cache *c, int fd) +{ + char buf[512]; + int size; + + size = snprintf(buf, sizeof(buf), + "cache:%s\tactive objects:\t\t%12u\n" + "\tactive/total entries:\t\t%12u/%12u\n" + "\tcreation OK/failed:\t\t%12u/%12u\n" + "\t\tno memory available:\t%12u\n" + "\t\tno space left in cache:\t%12u\n" + "\tupdate OK/failed:\t\t%12u/%12u\n" + "\t\tentry not found:\t%12u\n" + "\tdeletion created/failed:\t%12u/%12u\n" + "\t\tentry not found:\t%12u\n\n", + c->name, c->stats.objects, + c->stats.active, hashtable_counter(c->h), + c->stats.add_ok, + c->stats.add_fail, + c->stats.add_fail_enomem, + c->stats.add_fail_enospc, + c->stats.upd_ok, + c->stats.upd_fail, + c->stats.upd_fail_enoent, + c->stats.del_ok, + c->stats.del_fail, + c->stats.del_fail_enoent); + + send(fd, buf, size, 0); +} + +void cache_iterate(struct cache *c, + void *data, + int (*iterate)(void *data1, void *data2)) +{ + hashtable_iterate(c->h, data, iterate); +} + +void cache_iterate_limit(struct cache *c, void *data, + uint32_t from, uint32_t steps, + int (*iterate)(void *data1, void *data2)) +{ + hashtable_iterate_limit(c->h, data, from, steps, iterate); +} + +void cache_dump(struct cache *c, int fd, int type) +{ + struct __dump_container tmp = { + .fd = fd, + .type = type + }; + hashtable_iterate(c->h, (void *) &tmp, c->ops->dump_step); +} + +int cache_commit(struct cache *c, struct nfct_handle *h, int clientfd) +{ + return c->ops->commit(c, h, clientfd); +} + +static int do_flush(void *data, void *n) +{ + struct cache *c = data; + struct cache_object *obj = n; + + cache_del(c, obj); + cache_object_free(obj); + return 0; +} + +void cache_flush(struct cache *c) +{ + hashtable_iterate(c->h, c, do_flush); + c->stats.flush++; +} diff --git a/src/cache_timer.c b/src/cache_timer.c new file mode 100644 index 0000000..5881236 --- /dev/null +++ b/src/cache_timer.c @@ -0,0 +1,75 @@ +/* + * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "cache.h" +#include "conntrackd.h" +#include "alarm.h" + +#include <stdio.h> + +static void timeout(struct alarm_block *a, void *data) +{ + struct cache_object *obj = data; + + cache_del(obj->cache, obj); + cache_object_free(obj); +} + +static void timer_add(struct cache_object *obj, void *data) +{ + struct alarm_block *a = data; + + init_alarm(a, obj, timeout); + add_alarm(a, CONFIG(cache_timeout), 0); +} + +static void timer_update(struct cache_object *obj, void *data) +{ + struct alarm_block *a = data; + add_alarm(a, CONFIG(cache_timeout), 0); +} + +static void timer_destroy(struct cache_object *obj, void *data) +{ + struct alarm_block *a = data; + del_alarm(a); +} + +static int timer_dump(struct cache_object *obj, void *data, char *buf, int type) +{ + struct timeval tv, tmp; + struct alarm_block *a = data; + + if (type == NFCT_O_XML) + return 0; + + if (!alarm_pending(a)) + return 0; + + gettimeofday(&tv, NULL); + timersub(&a->tv, &tv, &tmp); + return sprintf(buf, " [expires in %lds]", tmp.tv_sec); +} + +struct cache_feature timer_feature = { + .size = sizeof(struct alarm_block), + .add = timer_add, + .update = timer_update, + .destroy = timer_destroy, + .dump = timer_dump +}; diff --git a/src/channel.c b/src/channel.c new file mode 100644 index 0000000..818bb01 --- /dev/null +++ b/src/channel.c @@ -0,0 +1,312 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <stdlib.h> +#include <unistd.h> +#include <net/if.h> +#include <string.h> +#include <sys/ioctl.h> +#include <netinet/in.h> +#include <errno.h> + +#include "conntrackd.h" +#include "channel.h" +#include "network.h" +#include "queue.h" + +static struct channel_ops *ops[CHANNEL_MAX]; +extern struct channel_ops channel_mcast; +extern struct channel_ops channel_udp; +extern struct channel_ops channel_tcp; + +static struct queue *errorq; + +int channel_init(void) +{ + ops[CHANNEL_MCAST] = &channel_mcast; + ops[CHANNEL_UDP] = &channel_udp; + ops[CHANNEL_TCP] = &channel_tcp; + + errorq = queue_create("errorq", CONFIG(channelc).error_queue_length, 0); + if (errorq == NULL) { + return -1; + } + return 0; +} + +void channel_end(void) +{ + queue_destroy(errorq); +} + +struct channel_buffer { + char *data; + int size; + int len; +}; + +static struct channel_buffer * +channel_buffer_open(int mtu, int headersiz) +{ + struct channel_buffer *b; + + b = calloc(sizeof(struct channel_buffer), 1); + if (b == NULL) + return NULL; + + b->size = mtu - headersiz; + + b->data = malloc(b->size); + if (b->data == NULL) { + free(b); + return NULL; + } + return b; +} + +static void +channel_buffer_close(struct channel_buffer *b) +{ + if (b == NULL) + return; + + free(b->data); + free(b); +} + +struct channel * +channel_open(struct channel_conf *cfg) +{ + struct channel *c; + struct ifreq ifr; + int fd; + + if (cfg->channel_type >= CHANNEL_MAX) + return NULL; + if (!cfg->channel_ifname[0]) + return NULL; + if (cfg->channel_flags >= CHANNEL_F_MAX) + return NULL; + + c = calloc(sizeof(struct channel), 1); + if (c == NULL) + return NULL; + + c->channel_type = cfg->channel_type; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd == -1) { + free(c); + return NULL; + } + strncpy(ifr.ifr_name, cfg->channel_ifname, sizeof(ifr.ifr_name)); + + if (ioctl(fd, SIOCGIFMTU, &ifr) == -1) { + free(c); + return NULL; + } + close(fd); + c->channel_ifmtu = ifr.ifr_mtu; + + c->channel_ifindex = if_nametoindex(cfg->channel_ifname); + if (c->channel_ifindex == 0) { + free(c); + return NULL; + } + c->ops = ops[cfg->channel_type]; + + if (cfg->channel_flags & CHANNEL_F_BUFFERED) { + c->buffer = channel_buffer_open(c->channel_ifmtu, + c->ops->headersiz); + if (c->buffer == NULL) { + free(c); + return NULL; + } + } + c->channel_flags = cfg->channel_flags; + + c->data = c->ops->open(&cfg->u); + if (c->data == NULL) { + channel_buffer_close(c->buffer); + free(c); + return NULL; + } + return c; +} + +void +channel_close(struct channel *c) +{ + c->ops->close(c->data); + if (c->channel_flags & CHANNEL_F_BUFFERED) + channel_buffer_close(c->buffer); + free(c); +} + +struct channel_error { + char *data; + int len; +}; + +static void channel_enqueue_errors(struct channel *c) +{ + struct queue_object *qobj; + struct channel_error *error; + + qobj = queue_object_new(Q_ELEM_ERR, sizeof(struct channel_error)); + if (qobj == NULL) + return; + + error = (struct channel_error *)qobj->data; + error->len = c->buffer->len; + + error->data = malloc(c->buffer->len); + if (error->data == NULL) { + queue_object_free(qobj); + return; + } + memcpy(error->data, c->buffer->data, c->buffer->len); + if (queue_add(errorq, &qobj->qnode) < 0) { + if (errno == ENOSPC) { + struct queue_node *tail; + struct channel_error *tmp; + + tail = queue_del_head(errorq); + tmp = queue_node_data(tail); + free(tmp->data); + queue_object_free((struct queue_object *)tail); + + queue_add(errorq, &qobj->qnode); + } + } +} + +static int channel_handle_error_step(struct queue_node *n, const void *data2) +{ + struct channel_error *error; + const struct channel *c = data2; + int ret; + + error = queue_node_data(n); + ret = c->ops->send(c->data, error->data, error->len); + if (ret != -1) { + /* Success. Delete it from the error queue. */ + queue_del(n); + free(error->data); + queue_object_free((struct queue_object *)n); + } else { + /* We failed to deliver, give up now, try later. */ + return 1; + } + return 0; +} + +static int channel_handle_errors(struct channel *c) +{ + /* there are pending errors that we have to handle. */ + if (c->channel_flags & CHANNEL_F_ERRORS && queue_len(errorq) > 0) { + queue_iterate(errorq, c, channel_handle_error_step); + return queue_len(errorq) > 0; + } + return 0; +} + +int channel_send(struct channel *c, const struct nethdr *net) +{ + int ret = 0, len = ntohs(net->len), pending_errors; + + pending_errors = channel_handle_errors(c); + + if (!(c->channel_flags & CHANNEL_F_BUFFERED)) { + c->ops->send(c->data, net, len); + return 1; + } +retry: + if (c->buffer->len + len < c->buffer->size) { + memcpy(c->buffer->data + c->buffer->len, net, len); + c->buffer->len += len; + } else { + /* We've got pending packets to deliver, enqueue this + * packet to avoid possible re-ordering. */ + if (pending_errors) { + channel_enqueue_errors(c); + } else { + ret = c->ops->send(c->data, c->buffer->data, + c->buffer->len); + if (ret == -1 && + (c->channel_flags & CHANNEL_F_ERRORS)) { + /* Give it another chance to deliver. */ + channel_enqueue_errors(c); + } + } + ret = 1; + c->buffer->len = 0; + goto retry; + } + return ret; +} + +int channel_send_flush(struct channel *c) +{ + int ret, pending_errors; + + pending_errors = channel_handle_errors(c); + + if (!(c->channel_flags & CHANNEL_F_BUFFERED) || c->buffer->len == 0) + return 0; + + /* We still have pending errors to deliver, avoid any re-ordering. */ + if (pending_errors) { + channel_enqueue_errors(c); + } else { + ret = c->ops->send(c->data, c->buffer->data, c->buffer->len); + if (ret == -1 && (c->channel_flags & CHANNEL_F_ERRORS)) { + /* Give it another chance to deliver it. */ + channel_enqueue_errors(c); + } + } + c->buffer->len = 0; + return 1; +} + +int channel_recv(struct channel *c, char *buf, int size) +{ + return c->ops->recv(c->data, buf, size); +} + +int channel_get_fd(struct channel *c) +{ + return c->ops->get_fd(c->data); +} + +void channel_stats(struct channel *c, int fd) +{ + return c->ops->stats(c, fd); +} + +void channel_stats_extended(struct channel *c, int active, + struct nlif_handle *h, int fd) +{ + return c->ops->stats_extended(c, active, h, fd); +} + +int channel_accept_isset(struct channel *c, fd_set *readfds) +{ + return c->ops->accept_isset(c, readfds); +} + +int channel_isset(struct channel *c, fd_set *readfds) +{ + return c->ops->isset(c, readfds); +} + +int channel_accept(struct channel *c) +{ + return c->ops->accept(c); +} diff --git a/src/channel_mcast.c b/src/channel_mcast.c new file mode 100644 index 0000000..35801d7 --- /dev/null +++ b/src/channel_mcast.c @@ -0,0 +1,139 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <stdlib.h> +#include <libnfnetlink/libnfnetlink.h> + +#include "channel.h" +#include "mcast.h" + +static void +*channel_mcast_open(void *conf) +{ + struct mcast_channel *m; + struct mcast_conf *c = conf; + + m = calloc(sizeof(struct mcast_channel), 1); + if (m == NULL) + return NULL; + + m->client = mcast_client_create(c); + if (m->client == NULL) { + free(m); + return NULL; + } + + m->server = mcast_server_create(c); + if (m->server == NULL) { + mcast_client_destroy(m->client); + free(m); + return NULL; + } + return m; +} + +static int +channel_mcast_send(void *channel, const void *data, int len) +{ + struct mcast_channel *m = channel; + return mcast_send(m->client, data, len); +} + +static int +channel_mcast_recv(void *channel, char *buf, int size) +{ + struct mcast_channel *m = channel; + return mcast_recv(m->server, buf, size); +} + +static void +channel_mcast_close(void *channel) +{ + struct mcast_channel *m = channel; + mcast_client_destroy(m->client); + mcast_server_destroy(m->server); + free(m); +} + +static int +channel_mcast_get_fd(void *channel) +{ + struct mcast_channel *m = channel; + return mcast_get_fd(m->server); +} + +static void +channel_mcast_stats(struct channel *c, int fd) +{ + struct mcast_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + int size; + + if_indextoname(c->channel_ifindex, ifname); + size = mcast_snprintf_stats(buf, sizeof(buf), ifname, + &m->client->stats, &m->server->stats); + send(fd, buf, size, 0); +} + +static void +channel_mcast_stats_extended(struct channel *c, int active, + struct nlif_handle *h, int fd) +{ + struct mcast_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + const char *status; + unsigned int flags; + int size; + + if_indextoname(c->channel_ifindex, ifname); + nlif_get_ifflags(h, c->channel_ifindex, &flags); + /* + * IFF_UP shows administrative status + * IFF_RUNNING shows carrier status + */ + if (flags & IFF_UP) { + if (!(flags & IFF_RUNNING)) + status = "NO-CARRIER"; + else + status = "RUNNING"; + } else { + status = "DOWN"; + } + size = mcast_snprintf_stats2(buf, sizeof(buf), + ifname, status, active, + &m->client->stats, + &m->server->stats); + send(fd, buf, size, 0); +} + +static int +channel_mcast_isset(struct channel *c, fd_set *readfds) +{ + struct mcast_channel *m = c->data; + return mcast_isset(m->server, readfds); +} + +static int +channel_mcast_accept_isset(struct channel *c, fd_set *readfds) +{ + return 0; +} + +struct channel_ops channel_mcast = { + .headersiz = 28, /* IP header (20 bytes) + UDP header 8 (bytes) */ + .open = channel_mcast_open, + .close = channel_mcast_close, + .send = channel_mcast_send, + .recv = channel_mcast_recv, + .get_fd = channel_mcast_get_fd, + .isset = channel_mcast_isset, + .accept_isset = channel_mcast_accept_isset, + .stats = channel_mcast_stats, + .stats_extended = channel_mcast_stats_extended, +}; diff --git a/src/channel_tcp.c b/src/channel_tcp.c new file mode 100644 index 0000000..f132840 --- /dev/null +++ b/src/channel_tcp.c @@ -0,0 +1,150 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * TCP support has been sponsored by 6WIND <www.6wind.com>. + */ + +#include <stdlib.h> +#include <libnfnetlink/libnfnetlink.h> + +#include "channel.h" +#include "tcp.h" + +static void +*channel_tcp_open(void *conf) +{ + struct tcp_channel *m; + struct tcp_conf *c = conf; + + m = calloc(sizeof(struct tcp_channel), 1); + if (m == NULL) + return NULL; + + m->client = tcp_client_create(c); + if (m->client == NULL) { + free(m); + return NULL; + } + + m->server = tcp_server_create(c); + if (m->server == NULL) { + tcp_client_destroy(m->client); + free(m); + return NULL; + } + return m; +} + +static int +channel_tcp_send(void *channel, const void *data, int len) +{ + struct tcp_channel *m = channel; + return tcp_send(m->client, data, len); +} + +static int +channel_tcp_recv(void *channel, char *buf, int size) +{ + struct tcp_channel *m = channel; + return tcp_recv(m->server, buf, size); +} + +static void +channel_tcp_close(void *channel) +{ + struct tcp_channel *m = channel; + tcp_client_destroy(m->client); + tcp_server_destroy(m->server); + free(m); +} + +static int +channel_tcp_get_fd(void *channel) +{ + struct tcp_channel *m = channel; + return tcp_get_fd(m->server); +} + +static void +channel_tcp_stats(struct channel *c, int fd) +{ + struct tcp_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + int size; + + if_indextoname(c->channel_ifindex, ifname); + size = tcp_snprintf_stats(buf, sizeof(buf), ifname, + m->client, m->server); + send(fd, buf, size, 0); +} + +static void +channel_tcp_stats_extended(struct channel *c, int active, + struct nlif_handle *h, int fd) +{ + struct tcp_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + const char *status; + unsigned int flags; + int size; + + if_indextoname(c->channel_ifindex, ifname); + nlif_get_ifflags(h, c->channel_ifindex, &flags); + /* + * IFF_UP shows administrative status + * IFF_RUNNING shows carrier status + */ + if (flags & IFF_UP) { + if (!(flags & IFF_RUNNING)) + status = "NO-CARRIER"; + else + status = "RUNNING"; + } else { + status = "DOWN"; + } + size = tcp_snprintf_stats2(buf, sizeof(buf), + ifname, status, active, + &m->client->stats, + &m->server->stats); + send(fd, buf, size, 0); +} + +static int +channel_tcp_isset(struct channel *c, fd_set *readfds) +{ + struct tcp_channel *m = c->data; + return tcp_isset(m->server, readfds); +} + +static int +channel_tcp_accept_isset(struct channel *c, fd_set *readfds) +{ + struct tcp_channel *m = c->data; + return tcp_accept_isset(m->server, readfds); +} + +static int +channel_tcp_accept(struct channel *c) +{ + struct tcp_channel *m = c->data; + return tcp_accept(m->server); +} + +struct channel_ops channel_tcp = { + .headersiz = 40, /* IP header (20 bytes) + TCP header 20 (bytes) */ + .open = channel_tcp_open, + .close = channel_tcp_close, + .send = channel_tcp_send, + .recv = channel_tcp_recv, + .accept = channel_tcp_accept, + .get_fd = channel_tcp_get_fd, + .isset = channel_tcp_isset, + .accept_isset = channel_tcp_accept_isset, + .stats = channel_tcp_stats, + .stats_extended = channel_tcp_stats_extended, +}; diff --git a/src/channel_udp.c b/src/channel_udp.c new file mode 100644 index 0000000..a46a2b1 --- /dev/null +++ b/src/channel_udp.c @@ -0,0 +1,139 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <stdlib.h> +#include <libnfnetlink/libnfnetlink.h> + +#include "channel.h" +#include "udp.h" + +static void +*channel_udp_open(void *conf) +{ + struct udp_channel *m; + struct udp_conf *c = conf; + + m = calloc(sizeof(struct udp_channel), 1); + if (m == NULL) + return NULL; + + m->client = udp_client_create(c); + if (m->client == NULL) { + free(m); + return NULL; + } + + m->server = udp_server_create(c); + if (m->server == NULL) { + udp_client_destroy(m->client); + free(m); + return NULL; + } + return m; +} + +static int +channel_udp_send(void *channel, const void *data, int len) +{ + struct udp_channel *m = channel; + return udp_send(m->client, data, len); +} + +static int +channel_udp_recv(void *channel, char *buf, int size) +{ + struct udp_channel *m = channel; + return udp_recv(m->server, buf, size); +} + +static void +channel_udp_close(void *channel) +{ + struct udp_channel *m = channel; + udp_client_destroy(m->client); + udp_server_destroy(m->server); + free(m); +} + +static int +channel_udp_get_fd(void *channel) +{ + struct udp_channel *m = channel; + return udp_get_fd(m->server); +} + +static void +channel_udp_stats(struct channel *c, int fd) +{ + struct udp_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + int size; + + if_indextoname(c->channel_ifindex, ifname); + size = udp_snprintf_stats(buf, sizeof(buf), ifname, + &m->client->stats, &m->server->stats); + send(fd, buf, size, 0); +} + +static void +channel_udp_stats_extended(struct channel *c, int active, + struct nlif_handle *h, int fd) +{ + struct udp_channel *m = c->data; + char ifname[IFNAMSIZ], buf[512]; + const char *status; + unsigned int flags; + int size; + + if_indextoname(c->channel_ifindex, ifname); + nlif_get_ifflags(h, c->channel_ifindex, &flags); + /* + * IFF_UP shows administrative status + * IFF_RUNNING shows carrier status + */ + if (flags & IFF_UP) { + if (!(flags & IFF_RUNNING)) + status = "NO-CARRIER"; + else + status = "RUNNING"; + } else { + status = "DOWN"; + } + size = udp_snprintf_stats2(buf, sizeof(buf), + ifname, status, active, + &m->client->stats, + &m->server->stats); + send(fd, buf, size, 0); +} + +static int +channel_udp_isset(struct channel *c, fd_set *readfds) +{ + struct udp_channel *m = c->data; + return udp_isset(m->server, readfds); +} + +static int +channel_udp_accept_isset(struct channel *c, fd_set *readfds) +{ + return 0; +} + +struct channel_ops channel_udp = { + .headersiz = 28, /* IP header (20 bytes) + UDP header 8 (bytes) */ + .open = channel_udp_open, + .close = channel_udp_close, + .send = channel_udp_send, + .recv = channel_udp_recv, + .get_fd = channel_udp_get_fd, + .isset = channel_udp_isset, + .accept_isset = channel_udp_accept_isset, + .stats = channel_udp_stats, + .stats_extended = channel_udp_stats_extended, +}; diff --git a/src/cidr.c b/src/cidr.c new file mode 100644 index 0000000..91025b6 --- /dev/null +++ b/src/cidr.c @@ -0,0 +1,70 @@ +/* + * (C) 2006-2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include <stdint.h> +#include <string.h> +#include <netinet/in.h> +#include "cidr.h" + +/* returns the netmask in host byte order */ +uint32_t ipv4_cidr2mask_host(uint8_t cidr) +{ + return 0xFFFFFFFF << (32 - cidr); +} + +/* returns the netmask in network byte order */ +uint32_t ipv4_cidr2mask_net(uint8_t cidr) +{ + return htonl(ipv4_cidr2mask_host(cidr)); +} + +void ipv6_cidr2mask_host(uint8_t cidr, uint32_t *res) +{ + int i, j; + + memset(res, 0, sizeof(uint32_t)*4); + for (i = 0; i < 4 && cidr > 32; i++) { + res[i] = 0xFFFFFFFF; + cidr -= 32; + } + res[i] = 0xFFFFFFFF << (32 - cidr); + for (j = i+1; j < 4; j++) { + res[j] = 0; + } +} + +void ipv6_cidr2mask_net(uint8_t cidr, uint32_t *res) +{ + int i; + + ipv6_cidr2mask_host(cidr, res); + for (i=0; i<4; i++) + res[i] = htonl(res[i]); +} + +/* I need this function because I initially defined an IPv6 address as + * uint32 u[4]. Using char u[16] instead would allow to remove this. */ +void ipv6_addr2addr_host(uint32_t *addr, uint32_t *res) +{ + int i; + + memset(res, 0, sizeof(uint32_t)*4); + for (i = 0; i < 4; i++) { + res[i] = ntohl(addr[i]); + } +} diff --git a/src/conntrack.c b/src/conntrack.c new file mode 100644 index 0000000..0920bc5 --- /dev/null +++ b/src/conntrack.c @@ -0,0 +1,2027 @@ +/* + * (C) 2005-2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2012 by Intra2net AG <http://www.intra2net.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Note: + * Yes, portions of this code has been stolen from iptables ;) + * Special thanks to the the Netfilter Core Team. + * Thanks to Javier de Miguel Rodriguez <jmiguel at talika.eii.us.es> + * for introducing me to advanced firewalling stuff. + * + * --pablo 13/04/2005 + * + * 2005-04-16 Harald Welte <laforge@netfilter.org>: + * Add support for conntrack accounting and conntrack mark + * 2005-06-23 Harald Welte <laforge@netfilter.org>: + * Add support for expect creation + * 2005-09-24 Harald Welte <laforge@netfilter.org>: + * Remove remaints of "-A" + * 2007-04-22 Pablo Neira Ayuso <pablo@netfilter.org>: + * Ported to the new libnetfilter_conntrack API + * 2008-04-13 Pablo Neira Ayuso <pablo@netfilter.org>: + * Way more flexible update and delete operations + */ + +#include "conntrack.h" + +#include <stdio.h> +#include <getopt.h> +#include <stdlib.h> +#include <stdarg.h> +#include <errno.h> +#include <unistd.h> +#include <netinet/in.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <time.h> +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#include <signal.h> +#include <string.h> +#include <netdb.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +struct u32_mask { + uint32_t value; + uint32_t mask; +}; + +/* These are the template objects that are used to send commands. */ +static struct { + struct nf_conntrack *ct; + struct nf_expect *exp; + /* Expectations require the expectation tuple and the mask. */ + struct nf_conntrack *exptuple, *mask; + + /* Allows filtering/setting specific bits in the ctmark */ + struct u32_mask mark; + + /* Allow to filter by mark from kernel-space. */ + struct nfct_filter_dump_mark filter_mark_kernel; +} tmpl; + +static int alloc_tmpl_objects(void) +{ + tmpl.ct = nfct_new(); + tmpl.exptuple = nfct_new(); + tmpl.mask = nfct_new(); + tmpl.exp = nfexp_new(); + + memset(&tmpl.mark, 0, sizeof(tmpl.mark)); + + return tmpl.ct != NULL && tmpl.exptuple != NULL && + tmpl.mask != NULL && tmpl.exp != NULL; +} + +static void free_tmpl_objects(void) +{ + if (tmpl.ct) + nfct_destroy(tmpl.ct); + if (tmpl.exptuple) + nfct_destroy(tmpl.exptuple); + if (tmpl.mask) + nfct_destroy(tmpl.mask); + if (tmpl.exp) + nfexp_destroy(tmpl.exp); +} + +enum ct_command { + CT_NONE = 0, + + CT_LIST_BIT = 0, + CT_LIST = (1 << CT_LIST_BIT), + + CT_CREATE_BIT = 1, + CT_CREATE = (1 << CT_CREATE_BIT), + + CT_UPDATE_BIT = 2, + CT_UPDATE = (1 << CT_UPDATE_BIT), + + CT_DELETE_BIT = 3, + CT_DELETE = (1 << CT_DELETE_BIT), + + CT_GET_BIT = 4, + CT_GET = (1 << CT_GET_BIT), + + CT_FLUSH_BIT = 5, + CT_FLUSH = (1 << CT_FLUSH_BIT), + + CT_EVENT_BIT = 6, + CT_EVENT = (1 << CT_EVENT_BIT), + + CT_VERSION_BIT = 7, + CT_VERSION = (1 << CT_VERSION_BIT), + + CT_HELP_BIT = 8, + CT_HELP = (1 << CT_HELP_BIT), + + EXP_LIST_BIT = 9, + EXP_LIST = (1 << EXP_LIST_BIT), + + EXP_CREATE_BIT = 10, + EXP_CREATE = (1 << EXP_CREATE_BIT), + + EXP_DELETE_BIT = 11, + EXP_DELETE = (1 << EXP_DELETE_BIT), + + EXP_GET_BIT = 12, + EXP_GET = (1 << EXP_GET_BIT), + + EXP_FLUSH_BIT = 13, + EXP_FLUSH = (1 << EXP_FLUSH_BIT), + + EXP_EVENT_BIT = 14, + EXP_EVENT = (1 << EXP_EVENT_BIT), + + CT_COUNT_BIT = 15, + CT_COUNT = (1 << CT_COUNT_BIT), + + EXP_COUNT_BIT = 16, + EXP_COUNT = (1 << EXP_COUNT_BIT), + + X_STATS_BIT = 17, + X_STATS = (1 << X_STATS_BIT), +}; +/* If you add a new command, you have to update NUMBER_OF_CMD in conntrack.h */ + +enum ct_options { + CT_OPT_ORIG_SRC_BIT = 0, + CT_OPT_ORIG_SRC = (1 << CT_OPT_ORIG_SRC_BIT), + + CT_OPT_ORIG_DST_BIT = 1, + CT_OPT_ORIG_DST = (1 << CT_OPT_ORIG_DST_BIT), + + CT_OPT_ORIG = (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST), + + CT_OPT_REPL_SRC_BIT = 2, + CT_OPT_REPL_SRC = (1 << CT_OPT_REPL_SRC_BIT), + + CT_OPT_REPL_DST_BIT = 3, + CT_OPT_REPL_DST = (1 << CT_OPT_REPL_DST_BIT), + + CT_OPT_REPL = (CT_OPT_REPL_SRC | CT_OPT_REPL_DST), + + CT_OPT_PROTO_BIT = 4, + CT_OPT_PROTO = (1 << CT_OPT_PROTO_BIT), + + CT_OPT_TUPLE_ORIG = (CT_OPT_ORIG | CT_OPT_PROTO), + CT_OPT_TUPLE_REPL = (CT_OPT_REPL | CT_OPT_PROTO), + + CT_OPT_TIMEOUT_BIT = 5, + CT_OPT_TIMEOUT = (1 << CT_OPT_TIMEOUT_BIT), + + CT_OPT_STATUS_BIT = 6, + CT_OPT_STATUS = (1 << CT_OPT_STATUS_BIT), + + CT_OPT_ZERO_BIT = 7, + CT_OPT_ZERO = (1 << CT_OPT_ZERO_BIT), + + CT_OPT_EVENT_MASK_BIT = 8, + CT_OPT_EVENT_MASK = (1 << CT_OPT_EVENT_MASK_BIT), + + CT_OPT_EXP_SRC_BIT = 9, + CT_OPT_EXP_SRC = (1 << CT_OPT_EXP_SRC_BIT), + + CT_OPT_EXP_DST_BIT = 10, + CT_OPT_EXP_DST = (1 << CT_OPT_EXP_DST_BIT), + + CT_OPT_MASK_SRC_BIT = 11, + CT_OPT_MASK_SRC = (1 << CT_OPT_MASK_SRC_BIT), + + CT_OPT_MASK_DST_BIT = 12, + CT_OPT_MASK_DST = (1 << CT_OPT_MASK_DST_BIT), + + CT_OPT_NATRANGE_BIT = 13, + CT_OPT_NATRANGE = (1 << CT_OPT_NATRANGE_BIT), + + CT_OPT_MARK_BIT = 14, + CT_OPT_MARK = (1 << CT_OPT_MARK_BIT), + + CT_OPT_ID_BIT = 15, + CT_OPT_ID = (1 << CT_OPT_ID_BIT), + + CT_OPT_FAMILY_BIT = 16, + CT_OPT_FAMILY = (1 << CT_OPT_FAMILY_BIT), + + CT_OPT_SRC_NAT_BIT = 17, + CT_OPT_SRC_NAT = (1 << CT_OPT_SRC_NAT_BIT), + + CT_OPT_DST_NAT_BIT = 18, + CT_OPT_DST_NAT = (1 << CT_OPT_DST_NAT_BIT), + + CT_OPT_OUTPUT_BIT = 19, + CT_OPT_OUTPUT = (1 << CT_OPT_OUTPUT_BIT), + + CT_OPT_SECMARK_BIT = 20, + CT_OPT_SECMARK = (1 << CT_OPT_SECMARK_BIT), + + CT_OPT_BUFFERSIZE_BIT = 21, + CT_OPT_BUFFERSIZE = (1 << CT_OPT_BUFFERSIZE_BIT), + + CT_OPT_ANY_NAT_BIT = 22, + CT_OPT_ANY_NAT = (1 << CT_OPT_ANY_NAT_BIT), + + CT_OPT_ZONE_BIT = 23, + CT_OPT_ZONE = (1 << CT_OPT_ZONE_BIT), +}; +/* If you add a new option, you have to update NUMBER_OF_OPT in conntrack.h */ + +/* Update this mask to allow to filter based on new options. */ +#define CT_COMPARISON (CT_OPT_PROTO | CT_OPT_ORIG | CT_OPT_REPL | \ + CT_OPT_MARK | CT_OPT_SECMARK | CT_OPT_STATUS | \ + CT_OPT_ID | CT_OPT_ZONE) + +static const char *optflags[NUMBER_OF_OPT] = { + [CT_OPT_ORIG_SRC_BIT] = "src", + [CT_OPT_ORIG_DST_BIT] = "dst", + [CT_OPT_REPL_SRC_BIT] = "reply-src", + [CT_OPT_REPL_DST_BIT] = "reply-dst", + [CT_OPT_PROTO_BIT] = "protonum", + [CT_OPT_TIMEOUT_BIT] = "timeout", + [CT_OPT_STATUS_BIT] = "status", + [CT_OPT_ZERO_BIT] = "zero", + [CT_OPT_EVENT_MASK_BIT] = "event-mask", + [CT_OPT_EXP_SRC_BIT] = "tuple-src", + [CT_OPT_EXP_DST_BIT] = "tuple-dst", + [CT_OPT_MASK_SRC_BIT] = "mask-src", + [CT_OPT_MASK_DST_BIT] = "mask-dst", + [CT_OPT_NATRANGE_BIT] = "nat-range", + [CT_OPT_MARK_BIT] = "mark", + [CT_OPT_ID_BIT] = "id", + [CT_OPT_FAMILY_BIT] = "family", + [CT_OPT_SRC_NAT_BIT] = "src-nat", + [CT_OPT_DST_NAT_BIT] = "dst-nat", + [CT_OPT_OUTPUT_BIT] = "output", + [CT_OPT_SECMARK_BIT] = "secmark", + [CT_OPT_BUFFERSIZE_BIT] = "buffer-size", + [CT_OPT_ANY_NAT_BIT] = "any-nat", + [CT_OPT_ZONE_BIT] = "zone", +}; + +static struct option original_opts[] = { + {"dump", 2, 0, 'L'}, + {"create", 2, 0, 'I'}, + {"delete", 2, 0, 'D'}, + {"update", 2, 0, 'U'}, + {"get", 2, 0, 'G'}, + {"flush", 2, 0, 'F'}, + {"event", 2, 0, 'E'}, + {"counter", 2, 0, 'C'}, + {"stats", 0, 0, 'S'}, + {"version", 0, 0, 'V'}, + {"help", 0, 0, 'h'}, + {"orig-src", 1, 0, 's'}, + {"src", 1, 0, 's'}, + {"orig-dst", 1, 0, 'd'}, + {"dst", 1, 0, 'd'}, + {"reply-src", 1, 0, 'r'}, + {"reply-dst", 1, 0, 'q'}, + {"protonum", 1, 0, 'p'}, + {"timeout", 1, 0, 't'}, + {"status", 1, 0, 'u'}, + {"zero", 0, 0, 'z'}, + {"event-mask", 1, 0, 'e'}, + {"tuple-src", 1, 0, '['}, + {"tuple-dst", 1, 0, ']'}, + {"mask-src", 1, 0, '{'}, + {"mask-dst", 1, 0, '}'}, + {"nat-range", 1, 0, 'a'}, /* deprecated */ + {"mark", 1, 0, 'm'}, + {"secmark", 1, 0, 'c'}, + {"id", 2, 0, 'i'}, /* deprecated */ + {"family", 1, 0, 'f'}, + {"src-nat", 2, 0, 'n'}, + {"dst-nat", 2, 0, 'g'}, + {"output", 1, 0, 'o'}, + {"buffer-size", 1, 0, 'b'}, + {"any-nat", 2, 0, 'j'}, + {"zone", 1, 0, 'w'}, + {0, 0, 0, 0} +}; + +static const char *getopt_str = "L::I::U::D::G::E::F::hVs:d:r:q:" + "p:t:u:e:a:z[:]:{:}:m:i:f:o:n::" + "g::c:b:C::Sj::w:"; + +/* Table of legal combinations of commands and options. If any of the + * given commands make an option legal, that option is legal (applies to + * CMD_LIST and CMD_ZERO only). + * Key: + * 0 illegal + * 1 compulsory + * 2 optional + * 3 undecided, see flag combination checkings in generic_opt_check() + */ + +static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = +/* Well, it's better than "Re: Linux vs FreeBSD" */ +{ + /* s d r q p t u z e [ ] { } a m i f n g o c b j w*/ +/*CT_LIST*/ {2,2,2,2,2,0,2,2,0,0,0,0,0,0,2,0,2,2,2,2,2,0,2,2}, +/*CT_CREATE*/ {3,3,3,3,1,1,2,0,0,0,0,0,0,2,2,0,0,2,2,0,0,0,0,2}, +/*CT_UPDATE*/ {2,2,2,2,2,2,2,0,0,0,0,0,0,0,2,2,2,2,2,2,0,0,0,0}, +/*CT_DELETE*/ {2,2,2,2,2,2,2,0,0,0,0,0,0,0,2,2,2,2,2,2,0,0,0,2}, +/*CT_GET*/ {3,3,3,3,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0}, +/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*CT_EVENT*/ {2,2,2,2,2,0,0,0,2,0,0,0,0,0,2,0,0,2,2,2,2,2,2,2}, +/*VERSION*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*HELP*/ {0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0}, +/*EXP_CREATE*/{1,1,2,2,1,1,2,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_DELETE*/{1,1,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_GET*/ {1,1,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0}, +/*CT_COUNT*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*EXP_COUNT*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +/*X_STATS*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, +}; + +static const int cmd2type[][2] = { + ['L'] = { CT_LIST, EXP_LIST }, + ['I'] = { CT_CREATE, EXP_CREATE }, + ['D'] = { CT_DELETE, EXP_DELETE }, + ['G'] = { CT_GET, EXP_GET }, + ['F'] = { CT_FLUSH, EXP_FLUSH }, + ['E'] = { CT_EVENT, EXP_EVENT }, + ['V'] = { CT_VERSION, CT_VERSION }, + ['h'] = { CT_HELP, CT_HELP }, + ['C'] = { CT_COUNT, EXP_COUNT }, +}; + +static const int opt2type[] = { + ['s'] = CT_OPT_ORIG_SRC, + ['d'] = CT_OPT_ORIG_DST, + ['r'] = CT_OPT_REPL_SRC, + ['q'] = CT_OPT_REPL_DST, + ['{'] = CT_OPT_MASK_SRC, + ['}'] = CT_OPT_MASK_DST, + ['['] = CT_OPT_EXP_SRC, + [']'] = CT_OPT_EXP_DST, + ['n'] = CT_OPT_SRC_NAT, + ['g'] = CT_OPT_DST_NAT, + ['m'] = CT_OPT_MARK, + ['c'] = CT_OPT_SECMARK, + ['i'] = CT_OPT_ID, + ['j'] = CT_OPT_ANY_NAT, + ['w'] = CT_OPT_ZONE, +}; + +static const int opt2family_attr[][2] = { + ['s'] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC }, + ['d'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST }, + ['r'] = { ATTR_REPL_IPV4_SRC, ATTR_REPL_IPV6_SRC }, + ['q'] = { ATTR_REPL_IPV4_DST, ATTR_REPL_IPV6_DST }, + ['{'] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC }, + ['}'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST }, + ['['] = { ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_SRC }, + [']'] = { ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV6_DST }, +}; + +static const int opt2attr[] = { + ['s'] = ATTR_ORIG_L3PROTO, + ['d'] = ATTR_ORIG_L3PROTO, + ['r'] = ATTR_REPL_L3PROTO, + ['q'] = ATTR_REPL_L3PROTO, + ['m'] = ATTR_MARK, + ['c'] = ATTR_SECMARK, + ['i'] = ATTR_ID, + ['w'] = ATTR_ZONE, +}; + +static char exit_msg[NUMBER_OF_CMD][64] = { + [CT_LIST_BIT] = "%d flow entries have been shown.\n", + [CT_CREATE_BIT] = "%d flow entries have been created.\n", + [CT_UPDATE_BIT] = "%d flow entries have been updated.\n", + [CT_DELETE_BIT] = "%d flow entries have been deleted.\n", + [CT_GET_BIT] = "%d flow entries have been shown.\n", + [CT_EVENT_BIT] = "%d flow events have been shown.\n", + [EXP_LIST_BIT] = "%d expectations have been shown.\n", + [EXP_DELETE_BIT] = "%d expectations have been shown.\n", +}; + +static const char usage_commands[] = + "Commands:\n" + " -L [table] [options]\t\tList conntrack or expectation table\n" + " -G [table] parameters\t\tGet conntrack or expectation\n" + " -D [table] parameters\t\tDelete conntrack or expectation\n" + " -I [table] parameters\t\tCreate a conntrack or expectation\n" + " -U [table] parameters\t\tUpdate a conntrack\n" + " -E [table] [options]\t\tShow events\n" + " -F [table]\t\t\tFlush table\n" + " -C [table]\t\t\tShow counter\n" + " -S\t\t\t\tShow statistics\n"; + +static const char usage_tables[] = + "Tables: conntrack, expect\n"; + +static const char usage_conntrack_parameters[] = + "Conntrack parameters and options:\n" + " -n, --src-nat ip\t\t\tsource NAT ip\n" + " -g, --dst-nat ip\t\t\tdestination NAT ip\n" + " -j, --any-nat ip\t\t\tsource or destination NAT ip\n" + " -m, --mark mark\t\t\tSet mark\n" + " -c, --secmark secmark\t\t\tSet selinux secmark\n" + " -e, --event-mask eventmask\t\tEvent mask, eg. NEW,DESTROY\n" + " -z, --zero \t\t\t\tZero counters while listing\n" + " -o, --output type[,...]\t\tOutput format, eg. xml\n"; + +static const char usage_expectation_parameters[] = + "Expectation parameters and options:\n" + " --tuple-src ip\tSource address in expect tuple\n" + " --tuple-dst ip\tDestination address in expect tuple\n" + " --mask-src ip\t\tSource mask address\n" + " --mask-dst ip\t\tDestination mask address\n"; + +static const char usage_parameters[] = + "Common parameters and options:\n" + " -s, --orig-src ip\t\tSource address from original direction\n" + " -d, --orig-dst ip\t\tDestination address from original direction\n" + " -r, --reply-src ip\t\tSource addres from reply direction\n" + " -q, --reply-dst ip\t\tDestination address from reply direction\n" + " -p, --protonum proto\t\tLayer 4 Protocol, eg. 'tcp'\n" + " -f, --family proto\t\tLayer 3 Protocol, eg. 'ipv6'\n" + " -t, --timeout timeout\t\tSet timeout\n" + " -u, --status status\t\tSet status, eg. ASSURED\n" + " -w, --zone value\t\tSet conntrack zone\n" + " -b, --buffer-size\t\tNetlink socket buffer size\n" + ; + +#define OPTION_OFFSET 256 + +static struct nfct_handle *cth, *ith; +static struct option *opts = original_opts; +static unsigned int global_option_offset = 0; + +#define ADDR_VALID_FLAGS_MAX 2 +static unsigned int addr_valid_flags[ADDR_VALID_FLAGS_MAX] = { + CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST, + CT_OPT_REPL_SRC | CT_OPT_REPL_DST, +}; + +static LIST_HEAD(proto_list); + +static unsigned int options; + +void register_proto(struct ctproto_handler *h) +{ + if (strcmp(h->version, VERSION) != 0) { + fprintf(stderr, "plugin `%s': version %s (I'm %s)\n", + h->name, h->version, VERSION); + exit(1); + } + list_add(&h->head, &proto_list); +} + +extern struct ctproto_handler ct_proto_unknown; + +static struct ctproto_handler *findproto(char *name, int *pnum) +{ + struct ctproto_handler *cur; + struct protoent *pent; + int protonum; + + /* is it in the list of supported protocol? */ + list_for_each_entry(cur, &proto_list, head) { + if (strcmp(cur->name, name) == 0) { + *pnum = cur->protonum; + return cur; + } + } + /* using the protocol name for an unsupported protocol? */ + if ((pent = getprotobyname(name))) { + *pnum = pent->p_proto; + return &ct_proto_unknown; + } + /* using a protocol number? */ + protonum = atoi(name); + if (protonum > 0 && protonum <= IPPROTO_MAX) { + /* try lookup by number, perhaps this protocol is supported */ + list_for_each_entry(cur, &proto_list, head) { + if (cur->protonum == protonum) { + *pnum = protonum; + return cur; + } + } + *pnum = protonum; + return &ct_proto_unknown; + } + + return NULL; +} + +static void +extension_help(struct ctproto_handler *h, int protonum) +{ + const char *name; + + if (h == &ct_proto_unknown) { + struct protoent *pent; + + pent = getprotobynumber(protonum); + if (!pent) + name = h->name; + else + name = pent->p_name; + } else { + name = h->name; + } + + fprintf(stdout, "Proto `%s' help:\n", name); + h->help(); +} + +static void __attribute__((noreturn)) +exit_tryhelp(int status) +{ + fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n", + PROGNAME, PROGNAME); + exit(status); +} + +static void free_options(void) +{ + if (opts != original_opts) { + free(opts); + opts = original_opts; + global_option_offset = 0; + } +} + +void __attribute__((noreturn)) +exit_error(enum exittype status, const char *msg, ...) +{ + va_list args; + + free_options(); + va_start(args, msg); + fprintf(stderr,"%s v%s (conntrack-tools): ", PROGNAME, VERSION); + vfprintf(stderr, msg, args); + fprintf(stderr, "\n"); + va_end(args); + if (status == PARAMETER_PROBLEM) + exit_tryhelp(status); + /* release template objects that were allocated in the setup stage. */ + free_tmpl_objects(); + exit(status); +} + +static int bit2cmd(int command) +{ + int i; + + for (i = 0; i < NUMBER_OF_CMD; i++) + if (command & (1<<i)) + break; + + return i; +} + +int generic_opt_check(int local_options, int num_opts, + char *optset, const char *optflg[], + unsigned int *coupled_flags, int coupled_flags_size, + int *partial) +{ + int i, matching = -1, special_case = 0; + + for (i = 0; i < num_opts; i++) { + if (!(local_options & (1<<i))) { + if (optset[i] == 1) + exit_error(PARAMETER_PROBLEM, + "You need to supply the " + "`--%s' option for this " + "command", optflg[i]); + } else { + if (optset[i] == 0) + exit_error(PARAMETER_PROBLEM, "Illegal " + "option `--%s' with this " + "command", optflg[i]); + } + if (optset[i] == 3) + special_case = 1; + } + + /* no weird flags combinations, leave */ + if (!special_case || coupled_flags == NULL) + return 1; + + *partial = -1; + for (i=0; i<coupled_flags_size; i++) { + /* we look for an exact matching to ensure this is correct */ + if ((local_options & coupled_flags[i]) == coupled_flags[i]) { + matching = i; + break; + } + /* ... otherwise look for the first partial matching */ + if ((local_options & coupled_flags[i]) && *partial < 0) { + *partial = i; + } + } + + /* we found an exact matching, game over */ + if (matching >= 0) + return 1; + + /* report a partial matching to suggest something */ + return 0; +} + +static struct option * +merge_options(struct option *oldopts, const struct option *newopts, + unsigned int *option_offset) +{ + unsigned int num_old, num_new, i; + struct option *merge; + + for (num_old = 0; oldopts[num_old].name; num_old++); + for (num_new = 0; newopts[num_new].name; num_new++); + + global_option_offset += OPTION_OFFSET; + *option_offset = global_option_offset; + + merge = malloc(sizeof(struct option) * (num_new + num_old + 1)); + if (merge == NULL) + return NULL; + + memcpy(merge, oldopts, num_old * sizeof(struct option)); + for (i = 0; i < num_new; i++) { + merge[num_old + i] = newopts[i]; + merge[num_old + i].val += *option_offset; + } + memset(merge + num_old + num_new, 0, sizeof(struct option)); + + return merge; +} + +/* From linux/errno.h */ +#define ENOTSUPP 524 /* Operation is not supported */ + +/* Translates errno numbers into more human-readable form than strerror. */ +static const char * +err2str(int err, enum ct_command command) +{ + unsigned int i; + struct table_struct { + enum ct_command act; + int err; + const char *message; + } table [] = + { { CT_LIST, ENOTSUPP, "function not implemented" }, + { 0xFFFF, EINVAL, "invalid parameters" }, + { CT_CREATE, EEXIST, "Such conntrack exists, try -U to update" }, + { CT_CREATE|CT_GET|CT_DELETE, ENOENT, + "such conntrack doesn't exist" }, + { CT_CREATE|CT_GET, ENOMEM, "not enough memory" }, + { CT_GET, EAFNOSUPPORT, "protocol not supported" }, + { CT_CREATE, ETIME, "conntrack has expired" }, + { EXP_CREATE, ENOENT, "master conntrack not found" }, + { EXP_CREATE, EINVAL, "invalid parameters" }, + { ~0U, EPERM, "sorry, you must be root or get " + "CAP_NET_ADMIN capability to do this"} + }; + + for (i = 0; i < sizeof(table)/sizeof(struct table_struct); i++) { + if ((table[i].act & command) && table[i].err == err) + return table[i].message; + } + + return strerror(err); +} + +static int mark_cmp(const struct u32_mask *m, const struct nf_conntrack *ct) +{ + return nfct_attr_is_set(ct, ATTR_MARK) && + (nfct_get_attr_u32(ct, ATTR_MARK) & m->mask) == m->value; +} + +#define PARSE_STATUS 0 +#define PARSE_EVENT 1 +#define PARSE_OUTPUT 2 +#define PARSE_MAX 3 + +enum { + _O_XML = (1 << 0), + _O_EXT = (1 << 1), + _O_TMS = (1 << 2), + _O_ID = (1 << 3), + _O_KTMS = (1 << 4), +}; + +enum { + CT_EVENT_F_NEW = (1 << 0), + CT_EVENT_F_UPD = (1 << 1), + CT_EVENT_F_DEL = (1 << 2), + CT_EVENT_F_ALL = CT_EVENT_F_NEW | CT_EVENT_F_UPD | CT_EVENT_F_DEL, +}; + +static struct parse_parameter { + const char *parameter[6]; + size_t size; + unsigned int value[6]; +} parse_array[PARSE_MAX] = { + { {"ASSURED", "SEEN_REPLY", "UNSET", "FIXED_TIMEOUT", "EXPECTED"}, 5, + { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} }, + { {"ALL", "NEW", "UPDATES", "DESTROY"}, 4, + { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } }, + { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5, + { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS }, + }, +}; + +static int +do_parse_parameter(const char *str, size_t str_length, unsigned int *value, + int parse_type) +{ + size_t i; + int ret = 0; + struct parse_parameter *p = &parse_array[parse_type]; + + if (strncasecmp(str, "SRC_NAT", str_length) == 0) { + fprintf(stderr, "WARNING: ignoring SRC_NAT, " + "use --src-nat instead\n"); + return 1; + } + + if (strncasecmp(str, "DST_NAT", str_length) == 0) { + fprintf(stderr, "WARNING: ignoring DST_NAT, " + "use --dst-nat instead\n"); + return 1; + } + + for (i = 0; i < p->size; i++) + if (strncasecmp(str, p->parameter[i], str_length) == 0) { + *value |= p->value[i]; + ret = 1; + break; + } + + return ret; +} + +static void +parse_parameter(const char *arg, unsigned int *status, int parse_type) +{ + const char *comma; + + while ((comma = strchr(arg, ',')) != NULL) { + if (comma == arg + || !do_parse_parameter(arg, comma-arg, status, parse_type)) + exit_error(PARAMETER_PROBLEM,"Bad parameter `%s'", arg); + arg = comma+1; + } + + if (strlen(arg) == 0 + || !do_parse_parameter(arg, strlen(arg), status, parse_type)) + exit_error(PARAMETER_PROBLEM, "Bad parameter `%s'", arg); +} + +static void +parse_u32_mask(const char *arg, struct u32_mask *m) +{ + char *end; + + m->value = (uint32_t) strtoul(arg, &end, 0); + + if (*end == '/') + m->mask = (uint32_t) strtoul(end+1, NULL, 0); + else + m->mask = ~0; +} + +static void +add_command(unsigned int *cmd, const int newcmd) +{ + if (*cmd) + exit_error(PARAMETER_PROBLEM, "Invalid commands combination"); + *cmd |= newcmd; +} + +static unsigned int +check_type(int argc, char *argv[]) +{ + char *table = NULL; + + /* Nasty bug or feature in getopt_long ? + * It seems that it behaves badly with optional arguments. + * Fortunately, I just stole the fix from iptables ;) */ + if (optarg) + return 0; + else if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') + table = argv[optind++]; + + if (!table) + return 0; + + if (strncmp("expect", table, strlen(table)) == 0) + return 1; + else if (strncmp("conntrack", table, strlen(table)) == 0) + return 0; + else + exit_error(PARAMETER_PROBLEM, "unknown type `%s'", table); + + return 0; +} + +static void set_family(int *family, int new) +{ + if (*family == AF_UNSPEC) + *family = new; + else if (*family != new) + exit_error(PARAMETER_PROBLEM, "mismatched address family"); +} + +struct addr_parse { + struct in_addr addr; + struct in6_addr addr6; + unsigned int family; +}; + +static int +parse_inetaddr(const char *cp, struct addr_parse *parse) +{ + if (inet_aton(cp, &parse->addr)) + return AF_INET; +#ifdef HAVE_INET_PTON_IPV6 + else if (inet_pton(AF_INET6, cp, &parse->addr6) > 0) + return AF_INET6; +#endif + return AF_UNSPEC; +} + +union ct_address { + uint32_t v4; + uint32_t v6[4]; +}; + +static int +parse_addr(const char *cp, union ct_address *address) +{ + struct addr_parse parse; + int ret; + + if ((ret = parse_inetaddr(cp, &parse)) == AF_INET) + address->v4 = parse.addr.s_addr; + else if (ret == AF_INET6) + memcpy(address->v6, &parse.addr6, sizeof(parse.addr6)); + + return ret; +} + +static void +nat_parse(char *arg, struct nf_conntrack *obj, int type) +{ + char *colon, *error; + union ct_address parse; + + colon = strchr(arg, ':'); + + if (colon) { + uint16_t port; + + *colon = '\0'; + + port = (uint16_t)atoi(colon+1); + if (port == 0) { + if (strlen(colon+1) == 0) { + exit_error(PARAMETER_PROBLEM, + "No port specified after `:'"); + } else { + exit_error(PARAMETER_PROBLEM, + "Port `%s' not valid", colon+1); + } + } + + error = strchr(colon+1, ':'); + if (error) + exit_error(PARAMETER_PROBLEM, + "Invalid port:port syntax"); + + if (type == CT_OPT_SRC_NAT) + nfct_set_attr_u16(tmpl.ct, ATTR_SNAT_PORT, ntohs(port)); + else if (type == CT_OPT_DST_NAT) + nfct_set_attr_u16(tmpl.ct, ATTR_DNAT_PORT, ntohs(port)); + else if (type == CT_OPT_ANY_NAT) { + nfct_set_attr_u16(tmpl.ct, ATTR_SNAT_PORT, ntohs(port)); + nfct_set_attr_u16(tmpl.ct, ATTR_DNAT_PORT, ntohs(port)); + } + } + + if (parse_addr(arg, &parse) == AF_UNSPEC) { + if (strlen(arg) == 0) { + exit_error(PARAMETER_PROBLEM, "No IP specified"); + } else { + exit_error(PARAMETER_PROBLEM, + "Invalid IP address `%s'", arg); + } + } + + if (type == CT_OPT_SRC_NAT || type == CT_OPT_ANY_NAT) + nfct_set_attr_u32(tmpl.ct, ATTR_SNAT_IPV4, parse.v4); + else if (type == CT_OPT_DST_NAT || type == CT_OPT_ANY_NAT) + nfct_set_attr_u32(tmpl.ct, ATTR_DNAT_IPV4, parse.v4); +} + +static void +usage(char *prog) +{ + fprintf(stdout, "Command line interface for the connection " + "tracking system. Version %s\n", VERSION); + fprintf(stdout, "Usage: %s [commands] [options]\n", prog); + + fprintf(stdout, "\n%s", usage_commands); + fprintf(stdout, "\n%s", usage_tables); + fprintf(stdout, "\n%s", usage_conntrack_parameters); + fprintf(stdout, "\n%s", usage_expectation_parameters); + fprintf(stdout, "\n%s\n", usage_parameters); +} + +static unsigned int output_mask; + + +static int +filter_mark(const struct nf_conntrack *ct) +{ + if ((options & CT_OPT_MARK) && + !mark_cmp(&tmpl.mark, ct)) + return 1; + return 0; +} + + +static int +filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct) +{ + int check_srcnat = options & CT_OPT_SRC_NAT ? 1 : 0; + int check_dstnat = options & CT_OPT_DST_NAT ? 1 : 0; + int has_srcnat = 0, has_dstnat = 0; + uint32_t ip; + uint16_t port; + + if (options & CT_OPT_ANY_NAT) + check_srcnat = check_dstnat = 1; + + if (check_srcnat) { + int check_address = 0, check_port = 0; + + if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4)) { + check_address = 1; + ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) && + ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST)) + has_srcnat = 1; + } + if (nfct_attr_is_set(obj, ATTR_SNAT_PORT)) { + int ret = 0; + + check_port = 1; + port = nfct_get_attr_u16(obj, ATTR_SNAT_PORT); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT) && + port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST)) + ret = 1; + + /* the address matches but the port does not. */ + if (check_address && has_srcnat && !ret) + has_srcnat = 0; + if (!check_address && ret) + has_srcnat = 1; + } + if (!check_address && !check_port && + (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) || + nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))) + has_srcnat = 1; + } + if (check_dstnat) { + int check_address = 0, check_port = 0; + + if (nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) { + check_address = 1; + ip = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT) && + ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC)) + has_dstnat = 1; + } + if (nfct_attr_is_set(obj, ATTR_DNAT_PORT)) { + int ret = 0; + + check_port = 1; + port = nfct_get_attr_u16(obj, ATTR_DNAT_PORT); + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT) && + port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC)) + ret = 1; + + /* the address matches but the port does not. */ + if (check_address && has_dstnat && !ret) + has_dstnat = 0; + if (!check_address && ret) + has_dstnat = 1; + } + if (!check_address && !check_port && + (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT) || + nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))) + has_dstnat = 1; + } + if (options & CT_OPT_ANY_NAT) + return !(has_srcnat || has_dstnat); + else if ((options & CT_OPT_SRC_NAT) && (options & CT_OPT_DST_NAT)) + return !(has_srcnat && has_dstnat); + else if (options & CT_OPT_SRC_NAT) + return !has_srcnat; + else if (options & CT_OPT_DST_NAT) + return !has_dstnat; + + return 0; +} + +static int counter; +static int dump_xml_header_done = 1; + +static void __attribute__((noreturn)) +event_sighandler(int s) +{ + if (dump_xml_header_done == 0) { + printf("</conntrack>\n"); + fflush(stdout); + } + + fprintf(stderr, "%s v%s (conntrack-tools): ", PROGNAME, VERSION); + fprintf(stderr, "%d flow events have been shown.\n", counter); + nfct_close(cth); + exit(0); +} + +static void __attribute__((noreturn)) +exp_event_sighandler(int s) +{ + if (dump_xml_header_done == 0) { + printf("</expect>\n"); + fflush(stdout); + } + + fprintf(stderr, "%s v%s (conntrack-tools): ", PROGNAME, VERSION); + fprintf(stderr, "%d expectation events have been shown.\n", counter); + nfct_close(cth); + exit(0); +} + +static int event_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + char buf[1024]; + struct nf_conntrack *obj = data; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (filter_nat(obj, ct)) + return NFCT_CB_CONTINUE; + + if (filter_mark(ct)) + return NFCT_CB_CONTINUE; + + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + return NFCT_CB_CONTINUE; + + if (output_mask & _O_XML) { + op_type = NFCT_O_XML; + if (dump_xml_header_done) { + dump_xml_header_done = 0; + printf("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" + "<conntrack>\n"); + } + } + if (output_mask & _O_EXT) + op_flags = NFCT_OF_SHOW_LAYER3; + if (output_mask & _O_TMS) { + if (!(output_mask & _O_XML)) { + struct timeval tv; + gettimeofday(&tv, NULL); + printf("[%-8ld.%-6ld]\t", tv.tv_sec, tv.tv_usec); + } else + op_flags |= NFCT_OF_TIME; + } + if (output_mask & _O_KTMS) + op_flags |= NFCT_OF_TIMESTAMP; + if (output_mask & _O_ID) + op_flags |= NFCT_OF_ID; + + nfct_snprintf(buf, sizeof(buf), ct, type, op_type, op_flags); + + printf("%s\n", buf); + fflush(stdout); + + counter++; + + return NFCT_CB_CONTINUE; +} + +static int dump_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + char buf[1024]; + struct nf_conntrack *obj = data; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (filter_nat(obj, ct)) + return NFCT_CB_CONTINUE; + + if (filter_mark(ct)) + return NFCT_CB_CONTINUE; + + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + return NFCT_CB_CONTINUE; + + if (output_mask & _O_XML) { + op_type = NFCT_O_XML; + if (dump_xml_header_done) { + dump_xml_header_done = 0; + printf("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" + "<conntrack>\n"); + } + } + if (output_mask & _O_EXT) + op_flags = NFCT_OF_SHOW_LAYER3; + if (output_mask & _O_KTMS) + op_flags |= NFCT_OF_TIMESTAMP; + if (output_mask & _O_ID) + op_flags |= NFCT_OF_ID; + + nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags); + printf("%s\n", buf); + + counter++; + + return NFCT_CB_CONTINUE; +} + +static int delete_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + int res; + char buf[1024]; + struct nf_conntrack *obj = data; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (filter_nat(obj, ct)) + return NFCT_CB_CONTINUE; + + if (filter_mark(ct)) + return NFCT_CB_CONTINUE; + + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + return NFCT_CB_CONTINUE; + + res = nfct_query(ith, NFCT_Q_DESTROY, ct); + if (res < 0) + exit_error(OTHER_PROBLEM, + "Operation failed: %s", + err2str(errno, CT_DELETE)); + + if (output_mask & _O_XML) + op_type = NFCT_O_XML; + if (output_mask & _O_EXT) + op_flags = NFCT_OF_SHOW_LAYER3; + if (output_mask & _O_ID) + op_flags |= NFCT_OF_ID; + + nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags); + printf("%s\n", buf); + + counter++; + + return NFCT_CB_CONTINUE; +} + +static int print_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + char buf[1024]; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (output_mask & _O_XML) + op_type = NFCT_O_XML; + if (output_mask & _O_EXT) + op_flags = NFCT_OF_SHOW_LAYER3; + if (output_mask & _O_ID) + op_flags |= NFCT_OF_ID; + + nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags); + printf("%s\n", buf); + + return NFCT_CB_CONTINUE; +} + +static void copy_mark(struct nf_conntrack *tmp, + const struct nf_conntrack *ct, + const struct u32_mask *m) +{ + if (options & CT_OPT_MARK) { + uint32_t mark = nfct_get_attr_u32(ct, ATTR_MARK); + mark = (mark & ~m->mask) ^ m->value; + nfct_set_attr_u32(tmp, ATTR_MARK, mark); + } +} + +static void copy_status(struct nf_conntrack *tmp, const struct nf_conntrack *ct) +{ + if (options & CT_OPT_STATUS) { + /* copy existing flags, we only allow setting them. */ + uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); + status |= nfct_get_attr_u32(tmp, ATTR_STATUS); + nfct_set_attr_u32(tmp, ATTR_STATUS, status); + } +} + +static int update_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + int res; + struct nf_conntrack *obj = data, *tmp; + + if (filter_nat(obj, ct)) + return NFCT_CB_CONTINUE; + + if (nfct_attr_is_set(obj, ATTR_ID) && nfct_attr_is_set(ct, ATTR_ID) && + nfct_get_attr_u32(obj, ATTR_ID) != nfct_get_attr_u32(ct, ATTR_ID)) + return NFCT_CB_CONTINUE; + + if (options & CT_OPT_TUPLE_ORIG && !nfct_cmp(obj, ct, NFCT_CMP_ORIG)) + return NFCT_CB_CONTINUE; + if (options & CT_OPT_TUPLE_REPL && !nfct_cmp(obj, ct, NFCT_CMP_REPL)) + return NFCT_CB_CONTINUE; + + tmp = nfct_new(); + if (tmp == NULL) + exit_error(OTHER_PROBLEM, "out of memory"); + + nfct_copy(tmp, ct, NFCT_CP_ORIG); + nfct_copy(tmp, obj, NFCT_CP_META); + copy_mark(tmp, ct, &tmpl.mark); + copy_status(tmp, ct); + + /* do not send NFCT_Q_UPDATE if ct appears unchanged */ + if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) { + nfct_destroy(tmp); + return NFCT_CB_CONTINUE; + } + + res = nfct_query(ith, NFCT_Q_UPDATE, tmp); + if (res < 0) { + nfct_destroy(tmp); + exit_error(OTHER_PROBLEM, + "Operation failed: %s", + err2str(errno, CT_UPDATE)); + } + nfct_callback_register(ith, NFCT_T_ALL, print_cb, NULL); + + res = nfct_query(ith, NFCT_Q_GET, tmp); + if (res < 0) { + nfct_destroy(tmp); + /* the entry has vanish in middle of the update */ + if (errno == ENOENT) { + nfct_callback_unregister(ith); + return NFCT_CB_CONTINUE; + } + exit_error(OTHER_PROBLEM, + "Operation failed: %s", + err2str(errno, CT_UPDATE)); + } + nfct_destroy(tmp); + nfct_callback_unregister(ith); + + counter++; + + return NFCT_CB_CONTINUE; +} + +static int dump_exp_cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + char buf[1024]; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (output_mask & _O_XML) { + op_type = NFCT_O_XML; + if (dump_xml_header_done) { + dump_xml_header_done = 0; + printf("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" + "<expect>\n"); + } + } + if (output_mask & _O_TMS) { + if (!(output_mask & _O_XML)) { + struct timeval tv; + gettimeofday(&tv, NULL); + printf("[%-8ld.%-6ld]\t", tv.tv_sec, tv.tv_usec); + } else + op_flags |= NFCT_OF_TIME; + } + + nfexp_snprintf(buf,sizeof(buf), exp, NFCT_T_UNKNOWN, op_type, op_flags); + printf("%s\n", buf); + counter++; + + return NFCT_CB_CONTINUE; +} + +static int event_exp_cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + char buf[1024]; + unsigned int op_type = NFCT_O_DEFAULT; + unsigned int op_flags = 0; + + if (output_mask & _O_XML) { + op_type = NFCT_O_XML; + if (dump_xml_header_done) { + dump_xml_header_done = 0; + printf("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" + "<expect>\n"); + } + } + if (output_mask & _O_TMS) { + if (!(output_mask & _O_XML)) { + struct timeval tv; + gettimeofday(&tv, NULL); + printf("[%-8ld.%-6ld]\t", tv.tv_sec, tv.tv_usec); + } else + op_flags |= NFCT_OF_TIME; + } + + nfexp_snprintf(buf,sizeof(buf), exp, type, op_type, op_flags); + printf("%s\n", buf); + fflush(stdout); + counter++; + + return NFCT_CB_CONTINUE; +} + +static int count_exp_cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + counter++; + return NFCT_CB_CONTINUE; +} + +#ifndef CT_STATS_PROC +#define CT_STATS_PROC "/proc/net/stat/nf_conntrack" +#endif + +/* As of 2.6.29, we have 16 entries, this is enough */ +#ifndef CT_STATS_ENTRIES_MAX +#define CT_STATS_ENTRIES_MAX 64 +#endif + +/* maximum string length currently is 13 characters */ +#ifndef CT_STATS_STRING_MAX +#define CT_STATS_STRING_MAX 64 +#endif + +static int display_proc_conntrack_stats(void) +{ + int ret = 0; + FILE *fd; + char buf[4096], *token, *nl; + char output[CT_STATS_ENTRIES_MAX][CT_STATS_STRING_MAX]; + unsigned int value[CT_STATS_ENTRIES_MAX], i, max; + + fd = fopen(CT_STATS_PROC, "r"); + if (fd == NULL) + return -1; + + if (fgets(buf, sizeof(buf), fd) == NULL) { + ret = -1; + goto out_err; + } + + /* trim off trailing \n */ + nl = strchr(buf, '\n'); + if (nl != NULL) + *nl = '\0'; + + token = strtok(buf, " "); + for (i=0; token != NULL && i<CT_STATS_ENTRIES_MAX; i++) { + strncpy(output[i], token, CT_STATS_STRING_MAX); + output[i][CT_STATS_STRING_MAX-1]='\0'; + token = strtok(NULL, " "); + } + max = i; + + if (fgets(buf, sizeof(buf), fd) == NULL) { + ret = -1; + goto out_err; + } + + nl = strchr(buf, '\n'); + while (nl != NULL) { + *nl = '\0'; + nl = strchr(buf, '\n'); + } + token = strtok(buf, " "); + for (i=0; token != NULL && i<CT_STATS_ENTRIES_MAX; i++) { + value[i] = (unsigned int) strtol(token, (char**) NULL, 16); + token = strtok(NULL, " "); + } + + for (i=0; i<max; i++) + printf("%-10s\t\t%-8u\n", output[i], value[i]); + +out_err: + fclose(fd); + return ret; +} + +static struct ctproto_handler *h; + +int main(int argc, char *argv[]) +{ + int c, cmd; + unsigned int type = 0, event_mask = 0, l4flags = 0, status = 0; + int res = 0, partial; + size_t socketbuffersize = 0; + int family = AF_UNSPEC; + int l3protonum, protonum = 0; + union ct_address ad; + unsigned int command = 0; + + /* we release these objects in the exit_error() path. */ + if (!alloc_tmpl_objects()) + exit_error(OTHER_PROBLEM, "out of memory"); + + register_tcp(); + register_udp(); + register_udplite(); + register_sctp(); + register_dccp(); + register_icmp(); + register_icmpv6(); + register_gre(); + register_unknown(); + + /* disable explicit missing arguments error output from getopt_long */ + opterr = 0; + + while ((c = getopt_long(argc, argv, getopt_str, opts, NULL)) != -1) { + switch(c) { + /* commands */ + case 'L': + case 'I': + case 'D': + case 'G': + case 'F': + case 'E': + case 'V': + case 'h': + case 'C': + type = check_type(argc, argv); + add_command(&command, cmd2type[c][type]); + break; + case 'U': + type = check_type(argc, argv); + if (type == 0) + add_command(&command, CT_UPDATE); + else + exit_error(PARAMETER_PROBLEM, + "Can't update expectations"); + break; + case 'S': + add_command(&command, X_STATS); + break; + /* options */ + case 's': + case 'd': + case 'r': + case 'q': + options |= opt2type[c]; + + l3protonum = parse_addr(optarg, &ad); + if (l3protonum == AF_UNSPEC) { + exit_error(PARAMETER_PROBLEM, + "Invalid IP address `%s'", optarg); + } + set_family(&family, l3protonum); + if (l3protonum == AF_INET) { + nfct_set_attr_u32(tmpl.ct, + opt2family_attr[c][0], + ad.v4); + } else if (l3protonum == AF_INET6) { + nfct_set_attr(tmpl.ct, + opt2family_attr[c][1], + &ad.v6); + } + nfct_set_attr_u8(tmpl.ct, opt2attr[c], l3protonum); + break; + case '{': + case '}': + case '[': + case ']': + options |= opt2type[c]; + l3protonum = parse_addr(optarg, &ad); + if (l3protonum == AF_UNSPEC) { + exit_error(PARAMETER_PROBLEM, + "Invalid IP address `%s'", optarg); + } + set_family(&family, l3protonum); + if (l3protonum == AF_INET) { + nfct_set_attr_u32(tmpl.mask, + opt2family_attr[c][0], + ad.v4); + } else if (l3protonum == AF_INET6) { + nfct_set_attr(tmpl.mask, + opt2family_attr[c][1], + &ad.v6); + } + nfct_set_attr_u8(tmpl.mask, + ATTR_ORIG_L3PROTO, l3protonum); + break; + case 'p': + options |= CT_OPT_PROTO; + h = findproto(optarg, &protonum); + if (!h) + exit_error(PARAMETER_PROBLEM, + "`%s' unsupported protocol", + optarg); + + opts = merge_options(opts, h->opts, &h->option_offset); + if (opts == NULL) + exit_error(OTHER_PROBLEM, "out of memory"); + + nfct_set_attr_u8(tmpl.ct, ATTR_L4PROTO, protonum); + break; + case 't': + options |= CT_OPT_TIMEOUT; + nfct_set_attr_u32(tmpl.ct, ATTR_TIMEOUT, atol(optarg)); + nfexp_set_attr_u32(tmpl.exp, + ATTR_EXP_TIMEOUT, atol(optarg)); + break; + case 'u': + options |= CT_OPT_STATUS; + parse_parameter(optarg, &status, PARSE_STATUS); + nfct_set_attr_u32(tmpl.ct, ATTR_STATUS, status); + break; + case 'e': + options |= CT_OPT_EVENT_MASK; + parse_parameter(optarg, &event_mask, PARSE_EVENT); + break; + case 'o': + options |= CT_OPT_OUTPUT; + parse_parameter(optarg, &output_mask, PARSE_OUTPUT); + break; + case 'z': + options |= CT_OPT_ZERO; + break; + case 'n': + case 'g': + case 'j': { + char *tmp = NULL; + + options |= opt2type[c]; + + if (optarg) + continue; + else if (optind < argc && argv[optind][0] != '-' + && argv[optind][0] != '!') + tmp = argv[optind++]; + + if (tmp == NULL) + continue; + + set_family(&family, AF_INET); + nat_parse(tmp, tmpl.ct, opt2type[c]); + break; + } + case 'w': + options |= opt2type[c]; + nfct_set_attr_u16(tmpl.ct, + opt2attr[c], + strtoul(optarg, NULL, 0)); + break; + case 'i': + case 'c': + options |= opt2type[c]; + nfct_set_attr_u32(tmpl.ct, + opt2attr[c], + strtoul(optarg, NULL, 0)); + break; + case 'm': + options |= opt2type[c]; + parse_u32_mask(optarg, &tmpl.mark); + tmpl.filter_mark_kernel.val = tmpl.mark.value; + tmpl.filter_mark_kernel.mask = tmpl.mark.mask; + break; + case 'a': + fprintf(stderr, "WARNING: ignoring -%c, " + "deprecated option.\n", c); + break; + case 'f': + options |= CT_OPT_FAMILY; + if (strncmp(optarg, "ipv4", strlen("ipv4")) == 0) + set_family(&family, AF_INET); + else if (strncmp(optarg, "ipv6", strlen("ipv6")) == 0) + set_family(&family, AF_INET6); + else + exit_error(PARAMETER_PROBLEM, + "`%s' unsupported protocol", + optarg); + break; + case 'b': + socketbuffersize = atol(optarg); + options |= CT_OPT_BUFFERSIZE; + break; + case '?': + if (optopt) + exit_error(PARAMETER_PROBLEM, + "option `%s' requires an " + "argument", argv[optind-1]); + else + exit_error(PARAMETER_PROBLEM, + "unknown option `%s'", + argv[optind-1]); + break; + default: + if (h && h->parse_opts + &&!h->parse_opts(c - h->option_offset, tmpl.ct, + tmpl.exptuple, tmpl.mask, + &l4flags)) + exit_error(PARAMETER_PROBLEM, "parse error"); + break; + } + } + + /* default family */ + if (family == AF_UNSPEC) + family = AF_INET; + + /* we cannot check this combination with generic_opt_check. */ + if (options & CT_OPT_ANY_NAT && + ((options & CT_OPT_SRC_NAT) || (options & CT_OPT_DST_NAT))) { + exit_error(PARAMETER_PROBLEM, "cannot specify `--src-nat' or " + "`--dst-nat' with `--any-nat'"); + } + cmd = bit2cmd(command); + res = generic_opt_check(options, NUMBER_OF_OPT, + commands_v_options[cmd], optflags, + addr_valid_flags, ADDR_VALID_FLAGS_MAX, + &partial); + if (!res) { + switch(partial) { + case -1: + case 0: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--src' and `--dst'"); + break; + case 1: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--reply-src' and " + "`--reply-dst'"); + break; + } + } + if (!(command & CT_HELP) && h && h->final_check) + h->final_check(l4flags, cmd, tmpl.ct); + + switch(command) { + struct nfct_filter_dump *filter_dump; + + case CT_LIST: + cth = nfct_open(CONNTRACK, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + if (options & CT_COMPARISON && + options & CT_OPT_ZERO) + exit_error(PARAMETER_PROBLEM, "Can't use -z with " + "filtering parameters"); + + nfct_callback_register(cth, NFCT_T_ALL, dump_cb, tmpl.ct); + + filter_dump = nfct_filter_dump_create(); + if (filter_dump == NULL) + exit_error(OTHER_PROBLEM, "OOM"); + + nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_MARK, + &tmpl.filter_mark_kernel); + nfct_filter_dump_set_attr_u8(filter_dump, + NFCT_FILTER_DUMP_L3NUM, + family); + + if (options & CT_OPT_ZERO) + res = nfct_query(cth, NFCT_Q_DUMP_FILTER_RESET, + filter_dump); + else + res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump); + + nfct_filter_dump_destroy(filter_dump); + + if (dump_xml_header_done == 0) { + printf("</conntrack>\n"); + fflush(stdout); + } + + nfct_close(cth); + break; + + case EXP_LIST: + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfexp_callback_register(cth, NFCT_T_ALL, dump_exp_cb, NULL); + res = nfexp_query(cth, NFCT_Q_DUMP, &family); + nfct_close(cth); + + if (dump_xml_header_done == 0) { + printf("</expect>\n"); + fflush(stdout); + } + break; + + case CT_CREATE: + if ((options & CT_OPT_ORIG) && !(options & CT_OPT_REPL)) + nfct_setobjopt(tmpl.ct, NFCT_SOPT_SETUP_REPLY); + else if (!(options & CT_OPT_ORIG) && (options & CT_OPT_REPL)) + nfct_setobjopt(tmpl.ct, NFCT_SOPT_SETUP_ORIGINAL); + + if (options & CT_OPT_MARK) + nfct_set_attr_u32(tmpl.ct, ATTR_MARK, tmpl.mark.value); + + cth = nfct_open(CONNTRACK, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + res = nfct_query(cth, NFCT_Q_CREATE, tmpl.ct); + if (res != -1) + counter++; + nfct_close(cth); + break; + + case EXP_CREATE: + nfexp_set_attr(tmpl.exp, ATTR_EXP_MASTER, tmpl.ct); + nfexp_set_attr(tmpl.exp, ATTR_EXP_EXPECTED, tmpl.exptuple); + nfexp_set_attr(tmpl.exp, ATTR_EXP_MASK, tmpl.mask); + + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + res = nfexp_query(cth, NFCT_Q_CREATE, tmpl.exp); + nfct_close(cth); + break; + + case CT_UPDATE: + cth = nfct_open(CONNTRACK, 0); + /* internal handler for delete_cb, otherwise we hit EILSEQ */ + ith = nfct_open(CONNTRACK, 0); + if (!cth || !ith) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfct_callback_register(cth, NFCT_T_ALL, update_cb, tmpl.ct); + + res = nfct_query(cth, NFCT_Q_DUMP, &family); + nfct_close(ith); + nfct_close(cth); + break; + + case CT_DELETE: + cth = nfct_open(CONNTRACK, 0); + ith = nfct_open(CONNTRACK, 0); + if (!cth || !ith) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfct_callback_register(cth, NFCT_T_ALL, delete_cb, tmpl.ct); + + filter_dump = nfct_filter_dump_create(); + if (filter_dump == NULL) + exit_error(OTHER_PROBLEM, "OOM"); + + nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_MARK, + &tmpl.filter_mark_kernel); + nfct_filter_dump_set_attr_u8(filter_dump, + NFCT_FILTER_DUMP_L3NUM, + family); + + res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump); + + nfct_filter_dump_destroy(filter_dump); + + nfct_close(ith); + nfct_close(cth); + break; + + case EXP_DELETE: + nfexp_set_attr(tmpl.exp, ATTR_EXP_EXPECTED, tmpl.ct); + + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + res = nfexp_query(cth, NFCT_Q_DESTROY, tmpl.exp); + nfct_close(cth); + break; + + case CT_GET: + cth = nfct_open(CONNTRACK, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfct_callback_register(cth, NFCT_T_ALL, dump_cb, tmpl.ct); + res = nfct_query(cth, NFCT_Q_GET, tmpl.ct); + nfct_close(cth); + break; + + case EXP_GET: + nfexp_set_attr(tmpl.exp, ATTR_EXP_MASTER, tmpl.ct); + + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfexp_callback_register(cth, NFCT_T_ALL, dump_exp_cb, NULL); + res = nfexp_query(cth, NFCT_Q_GET, tmpl.exp); + nfct_close(cth); + break; + + case CT_FLUSH: + cth = nfct_open(CONNTRACK, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + res = nfct_query(cth, NFCT_Q_FLUSH, &family); + nfct_close(cth); + fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION); + fprintf(stderr,"connection tracking table has been emptied.\n"); + break; + + case EXP_FLUSH: + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + res = nfexp_query(cth, NFCT_Q_FLUSH, &family); + nfct_close(cth); + fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION); + fprintf(stderr,"expectation table has been emptied.\n"); + break; + + case CT_EVENT: + if (options & CT_OPT_EVENT_MASK) { + unsigned int nl_events = 0; + + if (event_mask & CT_EVENT_F_NEW) + nl_events |= NF_NETLINK_CONNTRACK_NEW; + if (event_mask & CT_EVENT_F_UPD) + nl_events |= NF_NETLINK_CONNTRACK_UPDATE; + if (event_mask & CT_EVENT_F_DEL) + nl_events |= NF_NETLINK_CONNTRACK_DESTROY; + + cth = nfct_open(CONNTRACK, nl_events); + } else { + cth = nfct_open(CONNTRACK, + NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY); + } + + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + if (options & CT_OPT_BUFFERSIZE) { + size_t ret; + ret = nfnl_rcvbufsiz(nfct_nfnlh(cth), socketbuffersize); + fprintf(stderr, "NOTICE: Netlink socket buffer size " + "has been set to %zu bytes.\n", ret); + } + signal(SIGINT, event_sighandler); + signal(SIGTERM, event_sighandler); + nfct_callback_register(cth, NFCT_T_ALL, event_cb, tmpl.ct); + res = nfct_catch(cth); + if (res == -1) { + if (errno == ENOBUFS) { + fprintf(stderr, + "WARNING: We have hit ENOBUFS! We " + "are losing events.\nThis message " + "means that the current netlink " + "socket buffer size is too small.\n" + "Please, check --buffer-size in " + "conntrack(8) manpage.\n"); + } + } + nfct_close(cth); + break; + + case EXP_EVENT: + if (options & CT_OPT_EVENT_MASK) { + unsigned int nl_events = 0; + + if (event_mask & CT_EVENT_F_NEW) + nl_events |= NF_NETLINK_CONNTRACK_EXP_NEW; + if (event_mask & CT_EVENT_F_UPD) + nl_events |= NF_NETLINK_CONNTRACK_EXP_UPDATE; + if (event_mask & CT_EVENT_F_DEL) + nl_events |= NF_NETLINK_CONNTRACK_EXP_DESTROY; + + cth = nfct_open(CONNTRACK, nl_events); + } else { + cth = nfct_open(EXPECT, + NF_NETLINK_CONNTRACK_EXP_NEW | + NF_NETLINK_CONNTRACK_EXP_UPDATE | + NF_NETLINK_CONNTRACK_EXP_DESTROY); + } + + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + signal(SIGINT, exp_event_sighandler); + signal(SIGTERM, exp_event_sighandler); + nfexp_callback_register(cth, NFCT_T_ALL, event_exp_cb, NULL); + res = nfexp_catch(cth); + nfct_close(cth); + break; + case CT_COUNT: { +#define NF_CONNTRACK_COUNT_PROC "/proc/sys/net/netfilter/nf_conntrack_count" + FILE *fd; + int count; + fd = fopen(NF_CONNTRACK_COUNT_PROC, "r"); + if (fd == NULL) { + exit_error(OTHER_PROBLEM, "Can't open %s", + NF_CONNTRACK_COUNT_PROC); + } + if (fscanf(fd, "%d", &count) != 1) { + exit_error(OTHER_PROBLEM, "Can't read %s", + NF_CONNTRACK_COUNT_PROC); + } + fclose(fd); + printf("%d\n", count); + break; + } + case EXP_COUNT: + cth = nfct_open(EXPECT, 0); + if (!cth) + exit_error(OTHER_PROBLEM, "Can't open handler"); + + nfexp_callback_register(cth, NFCT_T_ALL, count_exp_cb, NULL); + res = nfexp_query(cth, NFCT_Q_DUMP, &family); + nfct_close(cth); + printf("%d\n", counter); + break; + case X_STATS: + if (display_proc_conntrack_stats() < 0) + exit_error(OTHER_PROBLEM, "Can't open /proc interface"); + break; + case CT_VERSION: + printf("%s v%s (conntrack-tools)\n", PROGNAME, VERSION); + break; + case CT_HELP: + usage(argv[0]); + if (options & CT_OPT_PROTO) + extension_help(h, protonum); + break; + default: + usage(argv[0]); + break; + } + + if (res < 0) + exit_error(OTHER_PROBLEM, "Operation failed: %s", + err2str(errno, command)); + + free_tmpl_objects(); + free_options(); + + if (command && exit_msg[cmd][0]) { + fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION); + fprintf(stderr, exit_msg[cmd], counter); + if (counter == 0 && !(command & (CT_LIST | EXP_LIST))) + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} diff --git a/src/date.c b/src/date.c new file mode 100644 index 0000000..f5a5ada --- /dev/null +++ b/src/date.c @@ -0,0 +1,28 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +#include "date.h" +#include <stdlib.h> +#include <string.h> + +static struct timeval now; + +int do_gettimeofday(void) +{ + return gettimeofday(&now, NULL); +} + +void gettimeofday_cached(struct timeval *tv) +{ + memcpy(tv, &now, sizeof(struct timeval)); +} + +int time_cached(void) +{ + return now.tv_sec; +} diff --git a/src/event.c b/src/event.c new file mode 100644 index 0000000..d1dfe72 --- /dev/null +++ b/src/event.c @@ -0,0 +1,77 @@ +/* + * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include <unistd.h> +#include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> + +#include "event.h" + +struct evfd { + int read; + int fds[2]; +}; + +struct evfd *create_evfd(void) +{ + struct evfd *e; + + e = calloc(1, sizeof(struct evfd)); + if (e == NULL) + return NULL; + + if (pipe(e->fds) == -1) { + free(e); + return NULL; + } + fcntl(e->fds[0], F_SETFL, O_NONBLOCK); + + return e; +} + +void destroy_evfd(struct evfd *e) +{ + close(e->fds[0]); + close(e->fds[1]); + free(e); +} + +int get_read_evfd(struct evfd *evfd) +{ + return evfd->fds[0]; +} + +int write_evfd(struct evfd *evfd) +{ + int data = 0, ret = 0; + + if (evfd->read == 0) + ret = write(evfd->fds[1], &data, sizeof(data)); + evfd->read++; + + return ret; +} + +int read_evfd(struct evfd *evfd) +{ + int data, ret = 0; + + if (--evfd->read == 0) + ret = read(evfd->fds[0], &data, sizeof(data)); + return ret; +} diff --git a/src/external_cache.c b/src/external_cache.c new file mode 100644 index 0000000..e290249 --- /dev/null +++ b/src/external_cache.c @@ -0,0 +1,210 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include "conntrackd.h" +#include "sync.h" +#include "log.h" +#include "cache.h" +#include "external.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <stdlib.h> + +static struct cache *external; +static struct cache *external_exp; + +static int external_cache_init(void) +{ + external = cache_create("external", CACHE_T_CT, + STATE_SYNC(sync)->external_cache_flags, + NULL, &cache_sync_external_ct_ops); + if (external == NULL) { + dlog(LOG_ERR, "can't allocate memory for the external cache"); + return -1; + } + external_exp = cache_create("external", CACHE_T_EXP, + STATE_SYNC(sync)->external_cache_flags, + NULL, &cache_sync_external_exp_ops); + if (external_exp == NULL) { + dlog(LOG_ERR, "can't allocate memory for the external cache"); + return -1; + } + + return 0; +} + +static void external_cache_close(void) +{ + cache_destroy(external); + cache_destroy(external_exp); +} + +static void external_cache_ct_new(struct nf_conntrack *ct) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external, ct, &id); + if (obj == NULL) { +retry: + obj = cache_object_new(external, ct); + if (obj == NULL) + return; + + if (cache_add(external, obj, id) == -1) { + cache_object_free(obj); + return; + } + } else { + cache_del(external, obj); + cache_object_free(obj); + goto retry; + } +} + +static void external_cache_ct_upd(struct nf_conntrack *ct) +{ + cache_update_force(external, ct); +} + +static void external_cache_ct_del(struct nf_conntrack *ct) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external, ct, &id); + if (obj) { + cache_del(external, obj); + cache_object_free(obj); + } +} + +static void external_cache_ct_dump(int fd, int type) +{ + cache_dump(external, fd, type); +} + +static int external_cache_ct_commit(struct nfct_handle *h, int fd) +{ + return cache_commit(external, h, fd); +} + +static void external_cache_ct_flush(void) +{ + cache_flush(external); +} + +static void external_cache_ct_stats(int fd) +{ + cache_stats(external, fd); +} + +static void external_cache_ct_stats_ext(int fd) +{ + cache_stats_extended(external, fd); +} + +static void external_cache_exp_new(struct nf_expect *exp) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external_exp, exp, &id); + if (obj == NULL) { +retry: + obj = cache_object_new(external_exp, exp); + if (obj == NULL) + return; + + if (cache_add(external_exp, obj, id) == -1) { + cache_object_free(obj); + return; + } + } else { + cache_del(external_exp, obj); + cache_object_free(obj); + goto retry; + } +} + +static void external_cache_exp_upd(struct nf_expect *exp) +{ + cache_update_force(external_exp, exp); +} + +static void external_cache_exp_del(struct nf_expect *exp) +{ + struct cache_object *obj; + int id; + + obj = cache_find(external_exp, exp, &id); + if (obj) { + cache_del(external_exp, obj); + cache_object_free(obj); + } +} + +static void external_cache_exp_dump(int fd, int type) +{ + cache_dump(external_exp, fd, type); +} + +static int external_cache_exp_commit(struct nfct_handle *h, int fd) +{ + return cache_commit(external_exp, h, fd); +} + +static void external_cache_exp_flush(void) +{ + cache_flush(external_exp); +} + +static void external_cache_exp_stats(int fd) +{ + cache_stats(external_exp, fd); +} + +static void external_cache_exp_stats_ext(int fd) +{ + cache_stats_extended(external_exp, fd); +} + +struct external_handler external_cache = { + .init = external_cache_init, + .close = external_cache_close, + .ct = { + .new = external_cache_ct_new, + .upd = external_cache_ct_upd, + .del = external_cache_ct_del, + .dump = external_cache_ct_dump, + .commit = external_cache_ct_commit, + .flush = external_cache_ct_flush, + .stats = external_cache_ct_stats, + .stats_ext = external_cache_ct_stats_ext, + }, + .exp = { + .new = external_cache_exp_new, + .upd = external_cache_exp_upd, + .del = external_cache_exp_del, + .dump = external_cache_exp_dump, + .commit = external_cache_exp_commit, + .flush = external_cache_exp_flush, + .stats = external_cache_exp_stats, + .stats_ext = external_cache_exp_stats_ext, + }, +}; diff --git a/src/external_inject.c b/src/external_inject.c new file mode 100644 index 0000000..0ad3478 --- /dev/null +++ b/src/external_inject.c @@ -0,0 +1,284 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include "conntrackd.h" +#include "sync.h" +#include "log.h" +#include "cache.h" +#include "origin.h" +#include "external.h" +#include "netlink.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <errno.h> +#include <stdlib.h> + +static struct nfct_handle *inject; + +struct { + uint32_t add_ok; + uint32_t add_fail; + uint32_t upd_ok; + uint32_t upd_fail; + uint32_t del_ok; + uint32_t del_fail; +} external_inject_stat; + +static int external_inject_init(void) +{ + /* handler to directly inject conntracks into kernel-space */ + inject = nfct_open(CONFIG(netlink).subsys_id, 0); + if (inject == NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + /* we are directly injecting the entries into the kernel */ + origin_register(inject, CTD_ORIGIN_INJECT); + return 0; +} + +static void external_inject_close(void) +{ + origin_unregister(inject); + nfct_close(inject); +} + +static void external_inject_ct_new(struct nf_conntrack *ct) +{ + int ret, retry = 1; + +retry: + if (nl_create_conntrack(inject, ct, 0) == -1) { + /* if the state entry exists, we delete and try again */ + if (errno == EEXIST && retry == 1) { + ret = nl_destroy_conntrack(inject, ct); + if (ret == 0 || (ret == -1 && errno == ENOENT)) { + if (retry) { + retry = 0; + goto retry; + } + } + external_inject_stat.add_fail++; + dlog(LOG_ERR, "inject-add1: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + return; + } + external_inject_stat.add_fail++; + dlog(LOG_ERR, "inject-add2: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + } else { + external_inject_stat.add_ok++; + } +} + +static void external_inject_ct_upd(struct nf_conntrack *ct) +{ + int ret; + + /* if we successfully update the entry, everything is OK */ + if (nl_update_conntrack(inject, ct, 0) != -1) { + external_inject_stat.upd_ok++; + return; + } + + /* state entries does not exist, we have to create it */ + if (errno == ENOENT) { + if (nl_create_conntrack(inject, ct, 0) == -1) { + external_inject_stat.upd_fail++; + dlog(LOG_ERR, "inject-upd1: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + } else { + external_inject_stat.upd_ok++; + } + return; + } + + /* we failed to update the entry, there are some operations that + * may trigger this error, eg. unset some status bits. Try harder, + * delete the existing entry and create a new one. */ + ret = nl_destroy_conntrack(inject, ct); + if (ret == 0 || (ret == -1 && errno == ENOENT)) { + if (nl_create_conntrack(inject, ct, 0) == -1) { + external_inject_stat.upd_fail++; + dlog(LOG_ERR, "inject-upd2: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + } else { + external_inject_stat.upd_ok++; + } + return; + } + external_inject_stat.upd_fail++; + dlog(LOG_ERR, "inject-upd3: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); +} + +static void external_inject_ct_del(struct nf_conntrack *ct) +{ + if (nl_destroy_conntrack(inject, ct) == -1) { + if (errno != ENOENT) { + external_inject_stat.del_fail++; + dlog(LOG_ERR, "inject-del: %s", strerror(errno)); + dlog_ct(STATE(log), ct, NFCT_O_PLAIN); + } + } else { + external_inject_stat.del_ok++; + } +} + +static void external_inject_ct_dump(int fd, int type) +{ +} + +static int external_inject_ct_commit(struct nfct_handle *h, int fd) +{ + /* close the commit socket. */ + return LOCAL_RET_OK; +} + +static void external_inject_ct_flush(void) +{ +} + +static void external_inject_ct_stats(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "external inject:\n" + "connections created:\t\t%12u\tfailed:\t%12u\n" + "connections updated:\t\t%12u\tfailed:\t%12u\n" + "connections destroyed:\t\t%12u\tfailed:\t%12u\n\n", + external_inject_stat.add_ok, + external_inject_stat.add_fail, + external_inject_stat.upd_ok, + external_inject_stat.upd_fail, + external_inject_stat.del_ok, + external_inject_stat.del_fail); + + send(fd, buf, size, 0); +} + +struct { + uint32_t add_ok; + uint32_t add_fail; + uint32_t upd_ok; + uint32_t upd_fail; + uint32_t del_ok; + uint32_t del_fail; +} exp_external_inject_stat; + +static void external_inject_exp_new(struct nf_expect *exp) +{ + int ret, retry = 1; + +retry: + if (nl_create_expect(inject, exp, 0) == -1) { + /* if the state entry exists, we delete and try again */ + if (errno == EEXIST && retry == 1) { + ret = nl_destroy_expect(inject, exp); + if (ret == 0 || (ret == -1 && errno == ENOENT)) { + if (retry) { + retry = 0; + goto retry; + } + } + exp_external_inject_stat.add_fail++; + dlog(LOG_ERR, "inject-add1: %s", strerror(errno)); + dlog_exp(STATE(log), exp, NFCT_O_PLAIN); + return; + } + exp_external_inject_stat.add_fail++; + dlog(LOG_ERR, "inject-add2: %s", strerror(errno)); + dlog_exp(STATE(log), exp, NFCT_O_PLAIN); + } else { + exp_external_inject_stat.add_ok++; + } +} + +static void external_inject_exp_del(struct nf_expect *exp) +{ + if (nl_destroy_expect(inject, exp) == -1) { + if (errno != ENOENT) { + exp_external_inject_stat.del_fail++; + dlog(LOG_ERR, "inject-del: %s", strerror(errno)); + dlog_exp(STATE(log), exp, NFCT_O_PLAIN); + } + } else { + exp_external_inject_stat.del_ok++; + } +} + +static void external_inject_exp_dump(int fd, int type) +{ +} + +static int external_inject_exp_commit(struct nfct_handle *h, int fd) +{ + /* close the commit socket. */ + return LOCAL_RET_OK; +} + +static void external_inject_exp_flush(void) +{ +} + +static void external_inject_exp_stats(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "external inject:\n" + "connections created:\t\t%12u\tfailed:\t%12u\n" + "connections updated:\t\t%12u\tfailed:\t%12u\n" + "connections destroyed:\t\t%12u\tfailed:\t%12u\n\n", + exp_external_inject_stat.add_ok, + exp_external_inject_stat.add_fail, + exp_external_inject_stat.upd_ok, + exp_external_inject_stat.upd_fail, + exp_external_inject_stat.del_ok, + exp_external_inject_stat.del_fail); + + send(fd, buf, size, 0); +} + +struct external_handler external_inject = { + .init = external_inject_init, + .close = external_inject_close, + .ct = { + .new = external_inject_ct_new, + .upd = external_inject_ct_upd, + .del = external_inject_ct_del, + .dump = external_inject_ct_dump, + .commit = external_inject_ct_commit, + .flush = external_inject_ct_flush, + .stats = external_inject_ct_stats, + .stats_ext = external_inject_ct_stats, + }, + .exp = { + .new = external_inject_exp_new, + .upd = external_inject_exp_new, + .del = external_inject_exp_del, + .dump = external_inject_exp_dump, + .commit = external_inject_exp_commit, + .flush = external_inject_exp_flush, + .stats = external_inject_exp_stats, + .stats_ext = external_inject_exp_stats, + }, +}; diff --git a/src/fds.c b/src/fds.c new file mode 100644 index 0000000..347eee1 --- /dev/null +++ b/src/fds.c @@ -0,0 +1,94 @@ +/* + * (C) 2006-2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include <stdlib.h> +#include <string.h> +#include "fds.h" + +struct fds *create_fds(void) +{ + struct fds *fds; + + fds = (struct fds *) calloc(sizeof(struct fds), 1); + if (fds == NULL) + return NULL; + + INIT_LIST_HEAD(&fds->list); + + return fds; +} + +void destroy_fds(struct fds *fds) +{ + struct fds_item *this, *tmp; + + list_for_each_entry_safe(this, tmp, &fds->list, head) { + list_del(&this->head); + FD_CLR(this->fd, &fds->readfds); + free(this); + } + free(fds); +} + +int register_fd(int fd, struct fds *fds) +{ + struct fds_item *item; + + FD_SET(fd, &fds->readfds); + + if (fd > fds->maxfd) + fds->maxfd = fd; + + item = calloc(sizeof(struct fds_item), 1); + if (item == NULL) + return -1; + + item->fd = fd; + list_add(&item->head, &fds->list); + + return 0; +} + +int unregister_fd(int fd, struct fds *fds) +{ + int found = 0, maxfd = -1; + struct fds_item *this, *tmp; + + list_for_each_entry_safe(this, tmp, &fds->list, head) { + if (this->fd == fd) { + list_del(&this->head); + FD_CLR(this->fd, &fds->readfds); + free(this); + found = 1; + /* ... and recalculate maxfd, see below. */ + } + } + /* not found, report an error. */ + if (!found) + return -1; + + /* calculate the new maximum fd. */ + list_for_each_entry(this, &fds->list, head) { + if (maxfd < this->fd) { + maxfd = this->fd; + } + } + fds->maxfd = maxfd; + + return 0; +} + diff --git a/src/filter.c b/src/filter.c new file mode 100644 index 0000000..39dd4ca --- /dev/null +++ b/src/filter.c @@ -0,0 +1,485 @@ +/* + * (C) 2006-2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011-2012 by Vyatta Inc <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "filter.h" +#include "bitops.h" +#include "jhash.h" +#include "hash.h" +#include "vector.h" +#include "conntrackd.h" +#include "log.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <limits.h> + +struct ct_filter { + int logic[CT_FILTER_MAX]; + u_int32_t l4protomap[IPPROTO_MAX/32]; + u_int16_t statemap[IPPROTO_MAX]; + struct hashtable *h; + struct hashtable *h6; + struct vector *v; + struct vector *v6; +}; + +/* XXX: These should be configurable, better use a rb-tree */ +#define FILTER_POOL_SIZE 128 +#define FILTER_POOL_LIMIT INT_MAX + +static uint32_t ct_filter_hash(const void *data, const struct hashtable *table) +{ + const uint32_t *f = data; + + return jhash_1word(*f, 0) % table->hashsize; +} + +static uint32_t ct_filter_hash6(const void *data, const struct hashtable *table) +{ + return jhash2(data, 4, 0) % table->hashsize; +} + +static int ct_filter_compare(const void *data1, const void *data2) +{ + const struct ct_filter_ipv4_hnode *f1 = data1; + const uint32_t *f2 = data2; + + return f1->ip == *f2; +} + +static int ct_filter_compare6(const void *data1, const void *data2) +{ + const struct ct_filter_ipv6_hnode *f = data1; + + return memcmp(f->ipv6, data2, sizeof(uint32_t)*4) == 0; +} + +struct ct_filter *ct_filter_create(void) +{ + int i; + struct ct_filter *filter; + + filter = calloc(sizeof(struct ct_filter), 1); + if (!filter) + return NULL; + + filter->h = hashtable_create(FILTER_POOL_SIZE, + FILTER_POOL_LIMIT, + ct_filter_hash, + ct_filter_compare); + if (!filter->h) { + free(filter); + return NULL; + } + + filter->h6 = hashtable_create(FILTER_POOL_SIZE, + FILTER_POOL_LIMIT, + ct_filter_hash6, + ct_filter_compare6); + if (!filter->h6) { + free(filter->h); + free(filter); + return NULL; + } + + filter->v = vector_create(sizeof(struct ct_filter_netmask_ipv4)); + if (!filter->v) { + free(filter->h6); + free(filter->h); + free(filter); + return NULL; + } + + filter->v6 = vector_create(sizeof(struct ct_filter_netmask_ipv6)); + if (!filter->v6) { + free(filter->v); + free(filter->h6); + free(filter->h); + free(filter); + return NULL; + } + + for (i=0; i<CT_FILTER_MAX; i++) + filter->logic[i] = -1; + + return filter; +} + +void ct_filter_destroy(struct ct_filter *filter) +{ + hashtable_destroy(filter->h); + hashtable_destroy(filter->h6); + vector_destroy(filter->v); + vector_destroy(filter->v6); + free(filter); +} + +/* this is ugly, but it simplifies read_config_yy.y */ +static struct ct_filter *__filter_alloc(struct ct_filter *filter) +{ + if (!STATE(us_filter)) { + STATE(us_filter) = ct_filter_create(); + if (!STATE(us_filter)) { + fprintf(stderr, "Can't create ignore pool!\n"); + exit(EXIT_FAILURE); + } + } + + return STATE(us_filter); +} + +void ct_filter_set_logic(struct ct_filter *filter, + enum ct_filter_type type, + enum ct_filter_logic logic) +{ + filter = __filter_alloc(filter); + filter->logic[type] = logic; +} + +int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family) +{ + int id; + filter = __filter_alloc(filter); + + switch(family) { + case AF_INET: + id = hashtable_hash(filter->h, data); + if (!hashtable_find(filter->h, data, id)) { + struct ct_filter_ipv4_hnode *n; + n = malloc(sizeof(struct ct_filter_ipv4_hnode)); + if (n == NULL) + return 0; + memcpy(&n->ip, data, sizeof(uint32_t)); + hashtable_add(filter->h, &n->node, id); + return 0; + } + break; + case AF_INET6: + id = hashtable_hash(filter->h6, data); + if (!hashtable_find(filter->h6, data, id)) { + struct ct_filter_ipv6_hnode *n; + n = malloc(sizeof(struct ct_filter_ipv6_hnode)); + if (n == NULL) + return 0; + memcpy(n->ipv6, data, sizeof(uint32_t)*4); + hashtable_add(filter->h6, &n->node, id); + return 0; + } + break; + } + return 1; +} + +static int cmp_ipv4_addr(const void *a, const void *b) +{ + return memcmp(a, b, sizeof(struct ct_filter_netmask_ipv4)) == 0; +} + +static int cmp_ipv6_addr(const void *a, const void *b) +{ + return memcmp(a, b, sizeof(struct ct_filter_netmask_ipv6)) == 0; +} + +int ct_filter_add_netmask(struct ct_filter *filter, void *data, uint8_t family) +{ + filter = __filter_alloc(filter); + + switch(family) { + case AF_INET: + if (vector_iterate(filter->v, data, cmp_ipv4_addr)) { + errno = EEXIST; + return 0; + } + vector_add(filter->v, data); + break; + case AF_INET6: + if (vector_iterate(filter->v, data, cmp_ipv6_addr)) { + errno = EEXIST; + return 0; + } + vector_add(filter->v6, data); + break; + } + return 1; +} + +void ct_filter_add_proto(struct ct_filter *f, int protonum) +{ + f = __filter_alloc(f); + + set_bit_u32(protonum, f->l4protomap); +} + +void ct_filter_add_state(struct ct_filter *f, int protonum, int val) +{ + f = __filter_alloc(f); + + set_bit_u16(val, &f->statemap[protonum]); +} + +static inline int +__ct_filter_test_ipv4(struct ct_filter *f, const struct nf_conntrack *ct) +{ + int id_src, id_dst; + uint32_t src, dst; + + /* we only use the real source and destination address */ + src = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC); + dst = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC); + + id_src = hashtable_hash(f->h, &src); + id_dst = hashtable_hash(f->h, &dst); + + return hashtable_find(f->h, &src, id_src) || + hashtable_find(f->h, &dst, id_dst); +} + +static inline int +__ct_filter_test_ipv6(struct ct_filter *f, const struct nf_conntrack *ct) +{ + int id_src, id_dst; + const uint32_t *src, *dst; + + src = nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC); + dst = nfct_get_attr(ct, ATTR_REPL_IPV6_SRC); + + id_src = hashtable_hash(f->h6, src); + id_dst = hashtable_hash(f->h6, dst); + + return hashtable_find(f->h6, src, id_src) || + hashtable_find(f->h6, dst, id_dst); +} + +static int +__ct_filter_test_mask4(const void *ptr, const void *ct) +{ + const struct ct_filter_netmask_ipv4 *elem = ptr; + const uint32_t src = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC); + const uint32_t dst = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC); + + return ((elem->ip & elem->mask) == (src & elem->mask) || + (elem->ip & elem->mask) == (dst & elem->mask)); +} + +static int +__ct_filter_test_mask6(const void *ptr, const void *ct) +{ + const struct ct_filter_netmask_ipv6 *elem = ptr; + const uint32_t *src = nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC); + const uint32_t *dst = nfct_get_attr(ct, ATTR_REPL_IPV6_SRC); + + return (((elem->ip[0] & elem->mask[0]) == (src[0] & elem->mask[0]) && + (elem->ip[1] & elem->mask[1]) == (src[1] & elem->mask[1]) && + (elem->ip[2] & elem->mask[2]) == (src[2] & elem->mask[2]) && + (elem->ip[3] & elem->mask[3]) == (src[3] & elem->mask[3])) || + ((elem->ip[0] & elem->mask[0]) == (dst[0] & elem->mask[0]) && + (elem->ip[1] & elem->mask[1]) == (dst[1] & elem->mask[1]) && + (elem->ip[2] & elem->mask[2]) == (dst[2] & elem->mask[2]) && + (elem->ip[3] & elem->mask[3]) == (dst[3] & elem->mask[3]))); +} + +static int +__ct_filter_test_state(struct ct_filter *f, const struct nf_conntrack *ct) +{ + uint16_t val = 0; + uint8_t protonum = nfct_get_attr_u8(ct, ATTR_L4PROTO); + + switch(protonum) { + case IPPROTO_TCP: + if (!nfct_attr_is_set(ct, ATTR_TCP_STATE)) + return -1; + + val = nfct_get_attr_u8(ct, ATTR_TCP_STATE); + break; + default: + return -1; + } + + return test_bit_u16(val, &f->statemap[protonum]); +} + +static int +ct_filter_check(struct ct_filter *f, const struct nf_conntrack *ct) +{ + int ret, protonum = nfct_get_attr_u8(ct, ATTR_L4PROTO); + + /* no event filtering at all */ + if (f == NULL) + return 1; + + if (f->logic[CT_FILTER_L4PROTO] != -1) { + ret = test_bit_u32(protonum, f->l4protomap); + if (ret ^ f->logic[CT_FILTER_L4PROTO]) + return 0; + } + + if (f->logic[CT_FILTER_ADDRESS] != -1) { + switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { + case AF_INET: + ret = vector_iterate(f->v, ct, __ct_filter_test_mask4); + if (ret ^ f->logic[CT_FILTER_ADDRESS]) + return 0; + ret = __ct_filter_test_ipv4(f, ct); + if (ret ^ f->logic[CT_FILTER_ADDRESS]) + return 0; + break; + case AF_INET6: + ret = vector_iterate(f->v6, ct, __ct_filter_test_mask6); + if (ret ^ f->logic[CT_FILTER_ADDRESS]) + return 0; + ret = __ct_filter_test_ipv6(f, ct); + if (ret ^ f->logic[CT_FILTER_ADDRESS]) + return 0; + break; + default: + break; + } + } + + if (f->logic[CT_FILTER_STATE] != -1) { + ret = __ct_filter_test_state(f, ct); + /* ret is -1 if we don't know what to do */ + if (ret != -1 && ret ^ f->logic[CT_FILTER_STATE]) + return 0; + } + + return 1; +} + +static inline int ct_filter_sanity_check(const struct nf_conntrack *ct) +{ + if (!nfct_attr_is_set(ct, ATTR_L3PROTO)) { + dlog(LOG_ERR, "missing layer 3 protocol"); + return 0; + } + + switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { + case AF_INET: + if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) || + !nfct_attr_is_set(ct, ATTR_IPV4_DST)) { + dlog(LOG_ERR, "missing IPv4 address. " + "You forgot to load " + "nf_conntrack_ipv4?"); + return 0; + } + break; + case AF_INET6: + if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) || + !nfct_attr_is_set(ct, ATTR_IPV6_DST)) { + dlog(LOG_ERR, "missing IPv6 address. " + "You forgot to load " + "nf_conntrack_ipv6?"); + return 0; + } + break; + } + return 1; +} + +/* we do user-space filtering for dump and resyncs */ +int ct_filter_conntrack(const struct nf_conntrack *ct, int userspace) +{ + /* missing mandatory attributes in object */ + if (!ct_filter_sanity_check(ct)) + return 1; + + if (userspace && !ct_filter_check(STATE(us_filter), ct)) + return 1; + + return 0; +} + +struct exp_filter { + struct list_head list; +}; + +struct exp_filter *exp_filter_create(void) +{ + struct exp_filter *f; + + f = calloc(1, sizeof(struct exp_filter)); + if (f == NULL) + return NULL; + + INIT_LIST_HEAD(&f->list); + return f; +} + +struct exp_filter_item { + struct list_head head; + char helper_name[NFCT_HELPER_NAME_MAX]; +}; + +/* this is ugly, but it simplifies read_config_yy.y */ +static struct exp_filter *exp_filter_alloc(void) +{ + if (STATE(exp_filter) == NULL) { + STATE(exp_filter) = exp_filter_create(); + if (STATE(exp_filter) == NULL) { + fprintf(stderr, "Can't init expectation filtering!\n"); + return NULL; + } + } + return STATE(exp_filter);; +} + +int exp_filter_add(struct exp_filter *f, const char *helper_name) +{ + struct exp_filter_item *item; + + f = exp_filter_alloc(); + if (f == NULL) + return -1; + + list_for_each_entry(item, &f->list, head) { + if (strncasecmp(item->helper_name, helper_name, + NFCT_HELPER_NAME_MAX) == 0) { + return -1; + } + } + item = calloc(1, sizeof(struct exp_filter_item)); + if (item == NULL) + return -1; + + strncpy(item->helper_name, helper_name, NFCT_HELPER_NAME_MAX); + list_add(&item->head, &f->list); + return 0; +} + +int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp) +{ + struct exp_filter_item *item; + + /* if filtering is not active, accept everything. */ + if (f == NULL) + return 1; + + list_for_each_entry(item, &f->list, head) { + const char *name = nfexp_get_attr(exp, ATTR_EXP_HELPER_NAME); + + /* we allow partial matching to support things like sip-PORT. */ + if (strncasecmp(item->helper_name, name, + strlen(item->helper_name)) == 0) { + return 1; + } + } + return 0; +} diff --git a/src/hash.c b/src/hash.c new file mode 100644 index 0000000..fe6a047 --- /dev/null +++ b/src/hash.c @@ -0,0 +1,143 @@ +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: generic hash table implementation + */ + +#include "hash.h" + +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <limits.h> + +struct hashtable * +hashtable_create(int hashsize, int limit, + uint32_t (*hash)(const void *data, + const struct hashtable *table), + int (*compare)(const void *data1, const void *data2)) +{ + int i; + struct hashtable *h; + int size = sizeof(struct hashtable) + + hashsize * sizeof(struct list_head); + + h = (struct hashtable *) calloc(size, 1); + if (h == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i=0; i<hashsize; i++) + INIT_LIST_HEAD(&h->members[i]); + + h->hashsize = hashsize; + h->limit = limit; + h->hash = hash; + h->compare = compare; + + return h; +} + +void hashtable_destroy(struct hashtable *h) +{ + free(h); +} + +int hashtable_hash(const struct hashtable *table, const void *data) +{ + return table->hash(data, table); +} + +struct hashtable_node * +hashtable_find(const struct hashtable *table, const void *data, int id) +{ + struct list_head *e; + struct hashtable_node *n; + + list_for_each(e, &table->members[id]) { + n = list_entry(e, struct hashtable_node, head); + if (table->compare(n, data)) { + return n; + } + } + errno = ENOENT; + return NULL; +} + +int hashtable_add(struct hashtable *table, struct hashtable_node *n, int id) +{ + /* hash table is full */ + if (table->count >= table->limit) { + errno = ENOSPC; + return -1; + } + list_add(&n->head, &table->members[id]); + table->count++; + return 0; +} + +void hashtable_del(struct hashtable *table, struct hashtable_node *n) +{ + list_del(&n->head); + table->count--; +} + +int hashtable_flush(struct hashtable *table) +{ + uint32_t i; + struct list_head *e, *tmp; + struct hashtable_node *n; + + for (i=0; i < table->hashsize; i++) { + list_for_each_safe(e, tmp, &table->members[i]) { + n = list_entry(e, struct hashtable_node, head); + free(n); + } + } + return 0; +} + +int +hashtable_iterate_limit(struct hashtable *table, void *data, + uint32_t from, uint32_t steps, + int (*iterate)(void *data1, void *n)) +{ + uint32_t i; + struct list_head *e, *tmp; + struct hashtable_node *n; + + for (i=from; i < table->hashsize && i < from+steps; i++) { + list_for_each_safe(e, tmp, &table->members[i]) { + n = list_entry(e, struct hashtable_node, head); + if (iterate(data, n) == -1) + return -1; + } + } + return i; +} + +int hashtable_iterate(struct hashtable *table, void *data, + int (*iterate)(void *data1, void *n)) +{ + return hashtable_iterate_limit(table, data, 0, UINT_MAX, iterate); +} + +unsigned int hashtable_counter(const struct hashtable *table) +{ + return table->count; +} diff --git a/src/internal_bypass.c b/src/internal_bypass.c new file mode 100644 index 0000000..5c83c21 --- /dev/null +++ b/src/internal_bypass.c @@ -0,0 +1,313 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This feature has been sponsored by 6WIND <www.6wind.com>. + */ +#include "conntrackd.h" +#include "sync.h" +#include "log.h" +#include "cache.h" +#include "netlink.h" +#include "network.h" +#include "origin.h" + +static int internal_bypass_init(void) +{ + return 0; +} + +static void internal_bypass_close(void) +{ +} + +static int +internal_bypass_ct_dump_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data) +{ + char buf[1024]; + int size, *fd = data; + + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + size = nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0); + if (size < 1024) { + buf[size] = '\n'; + size++; + } + send(*fd, buf, size, 0); + + return NFCT_CB_CONTINUE; +} + +static void internal_bypass_ct_dump(int fd, int type) +{ + struct nfct_handle *h; + u_int32_t family = AF_UNSPEC; + int ret; + + h = nfct_open(CONFIG(netlink).subsys_id, 0); + if (h == NULL) { + dlog(LOG_ERR, "can't allocate memory for the internal cache"); + return; + } + nfct_callback_register(h, NFCT_T_ALL, internal_bypass_ct_dump_cb, &fd); + ret = nfct_query(h, NFCT_Q_DUMP, &family); + if (ret == -1) { + dlog(LOG_ERR, "can't dump kernel table"); + } + nfct_close(h); +} + +static void internal_bypass_ct_flush(void) +{ + nl_flush_conntrack_table(STATE(flush)); +} + +struct { + uint32_t new; + uint32_t upd; + uint32_t del; +} internal_bypass_stats; + +static void internal_bypass_ct_stats(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "internal bypass:\n" + "connections new:\t\t%12u\n" + "connections updated:\t\t%12u\n" + "connections destroyed:\t\t%12u\n\n", + internal_bypass_stats.new, + internal_bypass_stats.upd, + internal_bypass_stats.del); + + send(fd, buf, size, 0); +} + +/* unused, INTERNAL_F_POPULATE is unset. No cache, nothing to populate. */ +static void internal_bypass_ct_populate(struct nf_conntrack *ct) +{ +} + +/* unused, INTERNAL_F_RESYNC is unset. */ +static void internal_bypass_ct_purge(void) +{ +} + +/* unused, INTERNAL_F_RESYNC is unset. Nothing to resync, we have no cache. */ +static int +internal_bypass_ct_resync(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data) +{ + return NFCT_CB_CONTINUE; +} + +static void internal_bypass_ct_event_new(struct nf_conntrack *ct, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return; + + net = BUILD_NETMSG_FROM_CT(ct, NET_T_STATE_CT_NEW); + multichannel_send(STATE_SYNC(channel), net); + internal_bypass_stats.new++; +} + +static void internal_bypass_ct_event_upd(struct nf_conntrack *ct, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return; + + net = BUILD_NETMSG_FROM_CT(ct, NET_T_STATE_CT_UPD); + multichannel_send(STATE_SYNC(channel), net); + internal_bypass_stats.upd++; +} + +static int internal_bypass_ct_event_del(struct nf_conntrack *ct, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return 1; + + net = BUILD_NETMSG_FROM_CT(ct, NET_T_STATE_CT_DEL); + multichannel_send(STATE_SYNC(channel), net); + internal_bypass_stats.del++; + + return 1; +} + +static int +internal_bypass_exp_dump_cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + char buf[1024]; + int size, *fd = data; + const struct nf_conntrack *master = + nfexp_get_attr(exp, ATTR_EXP_MASTER); + + if (!exp_filter_find(STATE(exp_filter), exp)) + return NFCT_CB_CONTINUE; + + if (ct_filter_conntrack(master, 1)) + return NFCT_CB_CONTINUE; + + size = nfexp_snprintf(buf, 1024, exp, + NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0); + if (size < 1024) { + buf[size] = '\n'; + size++; + } + send(*fd, buf, size, 0); + + return NFCT_CB_CONTINUE; +} + +static void internal_bypass_exp_dump(int fd, int type) +{ + struct nfct_handle *h; + u_int32_t family = AF_UNSPEC; + int ret; + + h = nfct_open(CONFIG(netlink).subsys_id, 0); + if (h == NULL) { + dlog(LOG_ERR, "can't allocate memory for the internal cache"); + return; + } + nfexp_callback_register(h, NFCT_T_ALL, + internal_bypass_exp_dump_cb, &fd); + ret = nfexp_query(h, NFCT_Q_DUMP, &family); + if (ret == -1) { + dlog(LOG_ERR, "can't dump kernel table"); + } + nfct_close(h); +} + +static void internal_bypass_exp_flush(void) +{ + nl_flush_expect_table(STATE(flush)); +} + +struct { + uint32_t new; + uint32_t upd; + uint32_t del; +} exp_internal_bypass_stats; + +static void internal_bypass_exp_stats(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "internal bypass:\n" + "connections new:\t\t%12u\n" + "connections updated:\t\t%12u\n" + "connections destroyed:\t\t%12u\n\n", + exp_internal_bypass_stats.new, + exp_internal_bypass_stats.upd, + exp_internal_bypass_stats.del); + + send(fd, buf, size, 0); +} + +/* unused, INTERNAL_F_POPULATE is unset. No cache, nothing to populate. */ +static void internal_bypass_exp_populate(struct nf_expect *exp) +{ +} + +/* unused, INTERNAL_F_RESYNC is unset. */ +static void internal_bypass_exp_purge(void) +{ +} + +/* unused, INTERNAL_F_RESYNC is unset. Nothing to resync, we have no cache. */ +static int +internal_bypass_exp_resync(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + return NFCT_CB_CONTINUE; +} + +static void internal_bypass_exp_event_new(struct nf_expect *exp, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return; + + net = BUILD_NETMSG_FROM_EXP(exp, NET_T_STATE_EXP_NEW); + multichannel_send(STATE_SYNC(channel), net); + exp_internal_bypass_stats.new++; +} + +static void internal_bypass_exp_event_upd(struct nf_expect *exp, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return; + + net = BUILD_NETMSG_FROM_EXP(exp, NET_T_STATE_EXP_UPD); + multichannel_send(STATE_SYNC(channel), net); + exp_internal_bypass_stats.upd++; +} + +static int internal_bypass_exp_event_del(struct nf_expect *exp, int origin) +{ + struct nethdr *net; + + /* this event has been triggered by me, skip */ + if (origin != CTD_ORIGIN_NOT_ME) + return 1; + + net = BUILD_NETMSG_FROM_EXP(exp, NET_T_STATE_EXP_DEL); + multichannel_send(STATE_SYNC(channel), net); + exp_internal_bypass_stats.del++; + + return 1; +} + +struct internal_handler internal_bypass = { + .init = internal_bypass_init, + .close = internal_bypass_close, + .ct = { + .dump = internal_bypass_ct_dump, + .flush = internal_bypass_ct_flush, + .stats = internal_bypass_ct_stats, + .stats_ext = internal_bypass_ct_stats, + .populate = internal_bypass_ct_populate, + .purge = internal_bypass_ct_purge, + .resync = internal_bypass_ct_resync, + .new = internal_bypass_ct_event_new, + .upd = internal_bypass_ct_event_upd, + .del = internal_bypass_ct_event_del, + }, + .exp = { + .dump = internal_bypass_exp_dump, + .flush = internal_bypass_exp_flush, + .stats = internal_bypass_exp_stats, + .stats_ext = internal_bypass_exp_stats, + .populate = internal_bypass_exp_populate, + .purge = internal_bypass_exp_purge, + .resync = internal_bypass_exp_resync, + .new = internal_bypass_exp_event_new, + .upd = internal_bypass_exp_event_upd, + .del = internal_bypass_exp_event_del, + }, +}; diff --git a/src/internal_cache.c b/src/internal_cache.c new file mode 100644 index 0000000..ba2d74b --- /dev/null +++ b/src/internal_cache.c @@ -0,0 +1,395 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ +#include "conntrackd.h" +#include "sync.h" +#include "log.h" +#include "cache.h" +#include "netlink.h" +#include "network.h" +#include "origin.h" + +static inline void sync_send(struct cache_object *obj, int query) +{ + STATE_SYNC(sync)->enqueue(obj, query); +} + +static int internal_cache_init(void) +{ + STATE(mode)->internal->ct.data = + cache_create("internal", CACHE_T_CT, + STATE_SYNC(sync)->internal_cache_flags, + STATE_SYNC(sync)->internal_cache_extra, + &cache_sync_internal_ct_ops); + + if (!STATE(mode)->internal->ct.data) { + dlog(LOG_ERR, "can't allocate memory for the internal cache"); + return -1; + } + + STATE(mode)->internal->exp.data = + cache_create("internal", CACHE_T_EXP, + STATE_SYNC(sync)->internal_cache_flags, + STATE_SYNC(sync)->internal_cache_extra, + &cache_sync_internal_exp_ops); + + if (!STATE(mode)->internal->exp.data) { + dlog(LOG_ERR, "can't allocate memory for the internal cache"); + return -1; + } + + return 0; +} + +static void internal_cache_close(void) +{ + cache_destroy(STATE(mode)->internal->ct.data); + cache_destroy(STATE(mode)->internal->exp.data); +} + +static void internal_cache_ct_dump(int fd, int type) +{ + cache_dump(STATE(mode)->internal->ct.data, fd, type); +} + +static void internal_cache_ct_flush(void) +{ + cache_flush(STATE(mode)->internal->ct.data); +} + +static void internal_cache_ct_stats(int fd) +{ + cache_stats(STATE(mode)->internal->ct.data, fd); +} + +static void internal_cache_ct_stats_ext(int fd) +{ + cache_stats_extended(STATE(mode)->internal->ct.data, fd); +} + +static void internal_cache_ct_populate(struct nf_conntrack *ct) +{ + /* This is required by kernels < 2.6.20 */ + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_USE); + + cache_update_force(STATE(mode)->internal->ct.data, ct); +} + +static int internal_cache_ct_purge_step(void *data1, void *data2) +{ + struct cache_object *obj = data2; + + STATE(get_retval) = 0; + nl_get_conntrack(STATE(get), obj->ptr); /* modifies STATE(get_reval) */ + if (!STATE(get_retval)) { + if (obj->status != C_OBJ_DEAD) { + cache_object_set_status(obj, C_OBJ_DEAD); + sync_send(obj, NET_T_STATE_CT_DEL); + cache_object_put(obj); + } + } + + return 0; +} + +static void internal_cache_ct_purge(void) +{ + cache_iterate(STATE(mode)->internal->ct.data, NULL, + internal_cache_ct_purge_step); +} + +static int +internal_cache_ct_resync(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data) +{ + struct cache_object *obj; + + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + /* This is required by kernels < 2.6.20 */ + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_USE); + + obj = cache_update_force(STATE(mode)->internal->ct.data, ct); + if (obj == NULL) + return NFCT_CB_CONTINUE; + + switch (obj->status) { + case C_OBJ_NEW: + sync_send(obj, NET_T_STATE_CT_NEW); + break; + case C_OBJ_ALIVE: + sync_send(obj, NET_T_STATE_CT_UPD); + break; + } + return NFCT_CB_CONTINUE; +} + +static void internal_cache_ct_event_new(struct nf_conntrack *ct, int origin) +{ + struct cache_object *obj; + int id; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return; + + /* required by linux kernel <= 2.6.20 */ + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); + + obj = cache_find(STATE(mode)->internal->ct.data, ct, &id); + if (obj == NULL) { +retry: + obj = cache_object_new(STATE(mode)->internal->ct.data, ct); + if (obj == NULL) + return; + if (cache_add(STATE(mode)->internal->ct.data, obj, id) == -1) { + cache_object_free(obj); + return; + } + /* only synchronize events that have been triggered by other + * processes or the kernel, but don't propagate events that + * have been triggered by conntrackd itself, eg. commits. */ + if (origin == CTD_ORIGIN_NOT_ME) + sync_send(obj, NET_T_STATE_CT_NEW); + } else { + cache_del(STATE(mode)->internal->ct.data, obj); + cache_object_free(obj); + goto retry; + } +} + +static void internal_cache_ct_event_upd(struct nf_conntrack *ct, int origin) +{ + struct cache_object *obj; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return; + + obj = cache_update_force(STATE(mode)->internal->ct.data, ct); + if (obj == NULL) + return; + + if (origin == CTD_ORIGIN_NOT_ME) + sync_send(obj, NET_T_STATE_CT_UPD); +} + +static int internal_cache_ct_event_del(struct nf_conntrack *ct, int origin) +{ + struct cache_object *obj; + int id; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return 0; + + /* we don't synchronize events for objects that are not in the cache */ + obj = cache_find(STATE(mode)->internal->ct.data, ct, &id); + if (obj == NULL) + return 0; + + if (obj->status != C_OBJ_DEAD) { + cache_object_set_status(obj, C_OBJ_DEAD); + if (origin == CTD_ORIGIN_NOT_ME) { + sync_send(obj, NET_T_STATE_CT_DEL); + } + cache_object_put(obj); + } + return 1; +} + +static void internal_cache_exp_dump(int fd, int type) +{ + cache_dump(STATE(mode)->internal->exp.data, fd, type); +} + +static void internal_cache_exp_flush(void) +{ + cache_flush(STATE(mode)->internal->exp.data); +} + +static void internal_cache_exp_stats(int fd) +{ + cache_stats(STATE(mode)->internal->exp.data, fd); +} + +static void internal_cache_exp_stats_ext(int fd) +{ + cache_stats_extended(STATE(mode)->internal->exp.data, fd); +} + +static void internal_cache_exp_populate(struct nf_expect *exp) +{ + cache_update_force(STATE(mode)->internal->exp.data, exp); +} + +static int internal_cache_exp_purge_step(void *data1, void *data2) +{ + struct cache_object *obj = data2; + + STATE(get_retval) = 0; + nl_get_expect(STATE(get), obj->ptr); /* modifies STATE(get_reval) */ + if (!STATE(get_retval)) { + if (obj->status != C_OBJ_DEAD) { + cache_object_set_status(obj, C_OBJ_DEAD); + sync_send(obj, NET_T_STATE_EXP_DEL); + cache_object_put(obj); + } + } + + return 0; +} + +static void internal_cache_exp_purge(void) +{ + cache_iterate(STATE(mode)->internal->exp.data, NULL, + internal_cache_exp_purge_step); +} + +static int +internal_cache_exp_resync(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + struct cache_object *obj; + const struct nf_conntrack *master = + nfexp_get_attr(exp, ATTR_EXP_MASTER); + + if (!exp_filter_find(STATE(exp_filter), exp)) + return NFCT_CB_CONTINUE; + + if (ct_filter_conntrack(master, 1)) + return NFCT_CB_CONTINUE; + + obj = cache_update_force(STATE(mode)->internal->exp.data, exp); + if (obj == NULL) + return NFCT_CB_CONTINUE; + + switch (obj->status) { + case C_OBJ_NEW: + sync_send(obj, NET_T_STATE_EXP_NEW); + break; + case C_OBJ_ALIVE: + sync_send(obj, NET_T_STATE_EXP_UPD); + break; + } + return NFCT_CB_CONTINUE; +} + +static void internal_cache_exp_event_new(struct nf_expect *exp, int origin) +{ + struct cache_object *obj; + int id; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return; + + obj = cache_find(STATE(mode)->internal->exp.data, exp, &id); + if (obj == NULL) { +retry: + obj = cache_object_new(STATE(mode)->internal->exp.data, exp); + if (obj == NULL) + return; + if (cache_add(STATE(mode)->internal->exp.data, obj, id) == -1) { + cache_object_free(obj); + return; + } + /* only synchronize events that have been triggered by other + * processes or the kernel, but don't propagate events that + * have been triggered by conntrackd itself, eg. commits. */ + if (origin == CTD_ORIGIN_NOT_ME) + sync_send(obj, NET_T_STATE_EXP_NEW); + } else { + cache_del(STATE(mode)->internal->exp.data, obj); + cache_object_free(obj); + goto retry; + } +} + +static void internal_cache_exp_event_upd(struct nf_expect *exp, int origin) +{ + struct cache_object *obj; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return; + + obj = cache_update_force(STATE(mode)->internal->exp.data, exp); + if (obj == NULL) + return; + + if (origin == CTD_ORIGIN_NOT_ME) + sync_send(obj, NET_T_STATE_EXP_UPD); +} + +static int internal_cache_exp_event_del(struct nf_expect *exp, int origin) +{ + struct cache_object *obj; + int id; + + /* this event has been triggered by a direct inject, skip */ + if (origin == CTD_ORIGIN_INJECT) + return 0; + + /* we don't synchronize events for objects that are not in the cache */ + obj = cache_find(STATE(mode)->internal->exp.data, exp, &id); + if (obj == NULL) + return 0; + + if (obj->status != C_OBJ_DEAD) { + cache_object_set_status(obj, C_OBJ_DEAD); + if (origin == CTD_ORIGIN_NOT_ME) { + sync_send(obj, NET_T_STATE_EXP_DEL); + } + cache_object_put(obj); + } + return 1; +} + +struct internal_handler internal_cache = { + .flags = INTERNAL_F_POPULATE | INTERNAL_F_RESYNC, + .init = internal_cache_init, + .close = internal_cache_close, + .ct = { + .dump = internal_cache_ct_dump, + .flush = internal_cache_ct_flush, + .stats = internal_cache_ct_stats, + .stats_ext = internal_cache_ct_stats_ext, + .populate = internal_cache_ct_populate, + .purge = internal_cache_ct_purge, + .resync = internal_cache_ct_resync, + .new = internal_cache_ct_event_new, + .upd = internal_cache_ct_event_upd, + .del = internal_cache_ct_event_del, + }, + .exp = { + .dump = internal_cache_exp_dump, + .flush = internal_cache_exp_flush, + .stats = internal_cache_exp_stats, + .stats_ext = internal_cache_exp_stats_ext, + .populate = internal_cache_exp_populate, + .purge = internal_cache_exp_purge, + .resync = internal_cache_exp_resync, + .new = internal_cache_exp_event_new, + .upd = internal_cache_exp_event_upd, + .del = internal_cache_exp_event_del, + }, +}; diff --git a/src/local.c b/src/local.c new file mode 100644 index 0000000..feff608 --- /dev/null +++ b/src/local.c @@ -0,0 +1,158 @@ +/* + * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: UNIX sockets library + */ + +#include "local.h" + +#include <stdio.h> +#include <unistd.h> +#include <string.h> +#include <arpa/inet.h> +#include <sys/un.h> + +int local_server_create(struct local_server *server, struct local_conf *conf) +{ + int fd; + socklen_t len; + struct sockaddr_un local; + + if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) + return -1; + + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &conf->reuseaddr, + sizeof(conf->reuseaddr)) == -1) { + close(fd); + unlink(conf->path); + return -1; + } + + local.sun_family = AF_UNIX; + strcpy(local.sun_path, conf->path); + len = strlen(local.sun_path) + sizeof(local.sun_family); + unlink(conf->path); + + if (bind(fd, (struct sockaddr *) &local, len) == -1) { + close(fd); + unlink(conf->path); + return -1; + } + + if (listen(fd, conf->backlog) == -1) { + close(fd); + unlink(conf->path); + return -1; + } + + server->fd = fd; + strcpy(server->path, conf->path); + + return 0; +} + +void local_server_destroy(struct local_server *server) +{ + unlink(server->path); + close(server->fd); +} + +int do_local_server_step(struct local_server *server, void *data, + int (*process)(int fd, void *data)) +{ + int rfd; + struct sockaddr_un local; + socklen_t sin_size = sizeof(struct sockaddr_un); + + rfd = accept(server->fd, (struct sockaddr *) &local, &sin_size); + if (rfd == -1) + return -1; + + /* This descriptor will be closed later, we ignore OK and errors */ + if (process(rfd, data) != LOCAL_RET_STOLEN) + close(rfd); + + return 0; +} + +int local_client_create(struct local_conf *conf) +{ + socklen_t len; + struct sockaddr_un local; + int fd; + + if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) + return -1; + + local.sun_family = AF_UNIX; + strcpy(local.sun_path, conf->path); + len = strlen(local.sun_path) + sizeof(local.sun_family); + + if (connect(fd, (struct sockaddr *) &local, len) == -1) { + close(fd); + return -1; + } + + return fd; +} + +void local_client_destroy(int fd) +{ + close(fd); +} + +int do_local_client_step(int fd, void (*process)(char *buf)) +{ + int numbytes; + char buf[1024]; + + memset(buf, 0, sizeof(buf)); + while ((numbytes = recv(fd, buf, sizeof(buf)-1, 0)) > 0) { + buf[sizeof(buf)-1] = '\0'; + if (process) + process(buf); + memset(buf, 0, sizeof(buf)); + } + + return 0; +} + +void local_step(char *buf) +{ + printf("%s", buf); +} + +int do_local_request(int request, + struct local_conf *conf, + void (*step)(char *buf)) +{ + int fd, ret; + + fd = local_client_create(conf); + if (fd == -1) + return -1; + + ret = send(fd, &request, sizeof(int), 0); + if (ret == -1) + return -1; + + do_local_client_step(fd, step); + + local_client_destroy(fd); + + return 0; +} diff --git a/src/log.c b/src/log.c new file mode 100644 index 0000000..d4de111 --- /dev/null +++ b/src/log.c @@ -0,0 +1,196 @@ +/* + * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: Logging support for the conntrack daemon + */ + +#include "log.h" +#include "conntrackd.h" + +#include <time.h> +#include <stdarg.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> + +int init_log(void) +{ + if (CONFIG(logfile)[0]) { + STATE(log) = fopen(CONFIG(logfile), "a+"); + if (STATE(log) == NULL) { + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(logfile), + strerror(errno)); + return -1; + } + + setlinebuf(STATE(log)); + } + + if (CONFIG(stats).logfile[0]) { + STATE(stats_log) = fopen(CONFIG(stats).logfile, "a+"); + if (STATE(stats_log) == NULL) { + fprintf(stderr, "ERROR: can't open logfile `%s'." + "Reason: %s\n", CONFIG(stats).logfile, + strerror(errno)); + return -1; + } + + setlinebuf(STATE(stats_log)); + } + + if (CONFIG(syslog_facility) != -1 || + CONFIG(stats).syslog_facility != -1) + openlog(PACKAGE, LOG_PID, CONFIG(syslog_facility)); + + return 0; +} + +void dlog(int priority, const char *format, ...) + { + FILE *fd = STATE(log); + time_t t; + char *buf; + const char *prio; + va_list args; + + if (fd) { + t = time(NULL); + buf = ctime(&t); + buf[strlen(buf)-1]='\0'; + switch (priority) { + case LOG_INFO: + prio = "info"; + break; + case LOG_NOTICE: + prio = "notice"; + break; + case LOG_WARNING: + prio = "warning"; + break; + case LOG_ERR: + prio = "ERROR"; + break; + default: + prio = "?"; + break; + } + va_start(args, format); + fprintf(fd, "[%s] (pid=%d) [%s] ", buf, getpid(), prio); + vfprintf(fd, format, args); + va_end(args); + fprintf(fd, "\n"); + fflush(fd); + } + + if (CONFIG(syslog_facility) != -1) { + va_start(args, format); + vsyslog(priority, format, args); + va_end(args); + } +} + +void dlog_ct(FILE *fd, struct nf_conntrack *ct, unsigned int type) +{ + time_t t; + char buf[1024]; + char *tmp; + unsigned int flags = 0; + + buf[0]='\0'; + + switch(type) { + case NFCT_O_PLAIN: + t = time(NULL); + ctime_r(&t, buf); + tmp = buf + strlen(buf); + buf[strlen(buf)-1]='\t'; + break; + case NFCT_O_XML: + tmp = buf; + flags |= NFCT_OF_TIME; + break; + default: + return; + } + nfct_snprintf(buf+strlen(buf), 1024-strlen(buf), ct, 0, type, flags); + + if (fd) { + snprintf(buf+strlen(buf), 1024-strlen(buf), "\n"); + fputs(buf, fd); + } + + if (fd == STATE(log)) { + /* error reporting */ + if (CONFIG(syslog_facility) != -1) + syslog(LOG_ERR, "%s", tmp); + } else if (fd == STATE(stats_log)) { + /* connection logging */ + if (CONFIG(stats).syslog_facility != -1) + syslog(LOG_INFO, "%s", tmp); + } +} + +void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type) +{ + time_t t; + char buf[1024]; + char *tmp; + unsigned int flags = 0; + + buf[0]='\0'; + + switch(type) { + case NFCT_O_PLAIN: + t = time(NULL); + ctime_r(&t, buf); + tmp = buf + strlen(buf); + buf[strlen(buf)-1]='\t'; + break; + default: + return; + } + nfexp_snprintf(buf+strlen(buf), 1024-strlen(buf), exp, 0, type, flags); + + if (fd) { + snprintf(buf+strlen(buf), 1024-strlen(buf), "\n"); + fputs(buf, fd); + } + + if (fd == STATE(log)) { + /* error reporting */ + if (CONFIG(syslog_facility) != -1) + syslog(LOG_ERR, "%s", tmp); + } else if (fd == STATE(stats_log)) { + /* connection logging */ + if (CONFIG(stats).syslog_facility != -1) + syslog(LOG_INFO, "%s", tmp); + } +} + +void close_log(void) +{ + if (STATE(log) != NULL) + fclose(STATE(log)); + + if (STATE(stats_log) != NULL) + fclose(STATE(stats_log)); + + if (CONFIG(syslog_facility) != -1 || + CONFIG(stats).syslog_facility != -1) + closelog(); +} diff --git a/src/main.c b/src/main.c new file mode 100644 index 0000000..f7803fd --- /dev/null +++ b/src/main.c @@ -0,0 +1,411 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "conntrackd.h" +#include "log.h" + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <sys/utsname.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <sched.h> +#include <limits.h> + +struct ct_general_state st; +union ct_state state; + +static const char usage_daemon_commands[] = + "Daemon mode commands:\n" + " -d [options]\t\tRun in daemon mode\n"; + +static const char usage_client_commands[] = + "Client mode commands:\n" + " -c [ct|expect], commit external cache to conntrack table\n" + " -f [|internal|external], flush internal and external cache\n" + " -F [ct|expect], flush kernel conntrack table\n" + " -i [ct|expect], display content of the internal cache\n" + " -e [ct|expect], display the content of the external cache\n" + " -k, kill conntrack daemon\n" + " -s [|network|cache|runtime|link|rsqueue|queue|ct|expect], " + "dump statistics\n" + " -R [ct|expect], resync with kernel conntrack table\n" + " -n, request resync with other node (only FT-FW and NOTRACK modes)\n" + " -B, force a bulk send to other replica firewalls\n" + " -x, dump cache in XML format (requires -i or -e)\n" + " -t, reset the kernel timeout (see PurgeTimeout clause)\n" + " -v, display conntrackd version\n" + " -h, display this help information\n"; + +static const char usage_options[] = + "Options:\n" + " -C [configfile], configuration file path\n"; + +static void +show_usage(char *progname) +{ + fprintf(stdout, "Connection tracking userspace daemon v%s\n", VERSION); + fprintf(stdout, "Usage: %s [commands] [options]\n\n", progname); + fprintf(stdout, "%s\n", usage_daemon_commands); + fprintf(stdout, "%s\n", usage_client_commands); + fprintf(stdout, "%s\n", usage_options); +} + +static void +show_version(void) +{ + fprintf(stdout, "Connection tracking userspace daemon v%s. ", VERSION); + fprintf(stdout, "Licensed under GPLv2.\n"); + fprintf(stdout, "(C) 2006-2009 Pablo Neira Ayuso "); + fprintf(stdout, "<pablo@netfilter.org>\n"); +} + +static void +set_operation_mode(int *current, int want, char *argv[]) +{ + if (*current == NOT_SET) { + *current = want; + return; + } + if (*current != want) { + show_usage(argv[0]); + fprintf(stderr, "\nError: Invalid parameters\n"); + exit(EXIT_FAILURE); + } +} + +static int +set_action_by_table(int i, int argc, char *argv[], + int ct_action, int exp_action, int dfl_action, int *action) +{ + if (i+1 < argc && argv[i+1][0] != '-') { + if (strncmp(argv[i+1], "ct", strlen(argv[i+1])) == 0) { + *action = ct_action; + i++; + } else if (strncmp(argv[i+1], "expect", + strlen(argv[i+1])) == 0) { + *action = exp_action; + i++; + } + } else + *action = dfl_action; + + return i; +} + +int main(int argc, char *argv[]) +{ + int ret, i, action = -1; + char config_file[PATH_MAX] = {}; + int type = 0; + struct utsname u; + int version, major, minor; + + /* Check kernel version: it must be >= 2.6.18 */ + if (uname(&u) == -1) { + fprintf(stderr, "Can't retrieve kernel version via uname()\n"); + exit(EXIT_FAILURE); + } + sscanf(u.release, "%d.%d.%d", &version, &major, &minor); + if (version < 2 && major < 6 && minor < 18) { + fprintf(stderr, "Linux kernel version must be >= 2.6.18\n"); + exit(EXIT_FAILURE); + } + + for (i=1; i<argc; i++) { + switch(argv[i][1]) { + case 'd': + set_operation_mode(&type, DAEMON, argv); + break; + case 'c': + set_operation_mode(&type, REQUEST, argv); + i = set_action_by_table(i, argc, argv, + CT_COMMIT, EXP_COMMIT, + ALL_COMMIT, &action); + break; + case 'i': + set_operation_mode(&type, REQUEST, argv); + i = set_action_by_table(i, argc, argv, + CT_DUMP_INTERNAL, + EXP_DUMP_INTERNAL, + CT_DUMP_INTERNAL, &action); + break; + case 'e': + set_operation_mode(&type, REQUEST, argv); + i = set_action_by_table(i, argc, argv, + CT_DUMP_EXTERNAL, + EXP_DUMP_EXTERNAL, + CT_DUMP_EXTERNAL, &action); + break; + case 'C': + if (++i < argc) { + strncpy(config_file, argv[i], PATH_MAX); + if (strlen(argv[i]) >= PATH_MAX){ + config_file[PATH_MAX-1]='\0'; + fprintf(stderr, "Path to config file " + "to long. Cutting it " + "down to %d characters", + PATH_MAX); + } + break; + } + show_usage(argv[0]); + fprintf(stderr, "Missing config filename\n"); + break; + case 'F': + set_operation_mode(&type, REQUEST, argv); + i = set_action_by_table(i, argc, argv, + CT_FLUSH_MASTER, + EXP_FLUSH_MASTER, + ALL_FLUSH_MASTER, &action); + break; + case 'f': + set_operation_mode(&type, REQUEST, argv); + if (i+1 < argc && argv[i+1][0] != '-') { + if (strncmp(argv[i+1], "internal", + strlen(argv[i+1])) == 0) { + action = CT_FLUSH_INT_CACHE; + i++; + } else if (strncmp(argv[i+1], "external", + strlen(argv[i+1])) == 0) { + action = CT_FLUSH_EXT_CACHE; + i++; + } else { + fprintf(stderr, "ERROR: unknown " + "parameter `%s' for " + "option `-f'\n", + argv[i+1]); + exit(EXIT_FAILURE); + } + } else { + /* default to general flushing */ + action = ALL_FLUSH_CACHE; + } + break; + case 'R': + set_operation_mode(&type, REQUEST, argv); + i = set_action_by_table(i, argc, argv, + CT_RESYNC_MASTER, + EXP_RESYNC_MASTER, + ALL_RESYNC_MASTER, &action); + break; + case 'B': + set_operation_mode(&type, REQUEST, argv); + action = SEND_BULK; + break; + case 't': + set_operation_mode(&type, REQUEST, argv); + action = RESET_TIMERS; + break; + case 'k': + set_operation_mode(&type, REQUEST, argv); + action = KILL; + break; + case 's': + set_operation_mode(&type, REQUEST, argv); + /* we've got a parameter */ + if (i+1 < argc && argv[i+1][0] != '-') { + if (strncmp(argv[i+1], "network", + strlen(argv[i+1])) == 0) { + action = STATS_NETWORK; + i++; + } else if (strncmp(argv[i+1], "cache", + strlen(argv[i+1])) == 0) { + action = STATS_CACHE; + i++; + } else if (strncmp(argv[i+1], "runtime", + strlen(argv[i+1])) == 0) { + action = STATS_RUNTIME; + i++; + } else if (strncmp(argv[i+1], "multicast", + strlen(argv[i+1])) == 0) { + fprintf(stderr, "WARNING: use `link' " + "instead of `multicast' as " + "parameter.\n"); + action = STATS_LINK; + i++; + } else if (strncmp(argv[i+1], "link", + strlen(argv[i+1])) == 0) { + action = STATS_LINK; + i++; + } else if (strncmp(argv[i+1], "rsqueue", + strlen(argv[i+1])) == 0) { + action = STATS_RSQUEUE; + i++; + } else if (strncmp(argv[i+1], "process", + strlen(argv[i+1])) == 0) { + action = STATS_PROCESS; + i++; + } else if (strncmp(argv[i+1], "queue", + strlen(argv[i+1])) == 0) { + action = STATS_QUEUE; + i++; + } else if (strncmp(argv[i+1], "ct", + strlen(argv[i+1])) == 0) { + action = STATS; + i++; + } else if (strncmp(argv[i+1], "expect", + strlen(argv[i+1])) == 0) { + action = EXP_STATS; + i++; + } else { + fprintf(stderr, "ERROR: unknown " + "parameter `%s' for " + "option `-s'\n", + argv[i+1]); + exit(EXIT_FAILURE); + } + } else { + /* default to general statistics */ + action = STATS; + } + break; + case 'S': + fprintf(stderr, "WARNING: -S option is obsolete. " + "Ignoring.\n"); + break; + case 'n': + set_operation_mode(&type, REQUEST, argv); + action = REQUEST_DUMP; + break; + case 'x': + if (action == CT_DUMP_INTERNAL) + action = CT_DUMP_INT_XML; + else if (action == CT_DUMP_EXTERNAL) + action = CT_DUMP_EXT_XML; + else if (action == EXP_DUMP_INTERNAL) + action = EXP_DUMP_INT_XML; + else if (action == EXP_DUMP_EXTERNAL) + action = EXP_DUMP_EXT_XML; + else { + show_usage(argv[0]); + fprintf(stderr, "Error: Invalid parameters\n"); + exit(EXIT_FAILURE); + + } + break; + case 'v': + show_version(); + exit(EXIT_SUCCESS); + case 'h': + show_usage(argv[0]); + exit(EXIT_SUCCESS); + default: + show_usage(argv[0]); + fprintf(stderr, "Unknown option: %s\n", argv[i]); + return 0; + break; + } + } + + if (!config_file[0]) + strcpy(config_file, DEFAULT_CONFIGFILE); + + umask(0177); + + if ((ret = init_config(config_file)) == -1) { + fprintf(stderr, "can't open config file `%s'\n", config_file); + exit(EXIT_FAILURE); + } + + if (type == REQUEST) { + if (do_local_request(action, &conf.local, local_step) == -1) { + fprintf(stderr, "can't connect: is conntrackd " + "running? appropriate permissions?\n"); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); + } + + /* + * Setting up logging + */ + if (init_log() == -1) + exit(EXIT_FAILURE); + + /* + * lock file + */ + ret = open(CONFIG(lockfile), O_CREAT | O_EXCL | O_TRUNC, 0600); + if (ret == -1) { + fprintf(stderr, "lockfile `%s' exists, perhaps conntrackd " + "already running?\n", CONFIG(lockfile)); + exit(EXIT_FAILURE); + } + close(ret); + + /* + * Setting process priority and scheduler + */ + nice(CONFIG(nice)); + + if (CONFIG(sched).type != SCHED_OTHER) { + struct sched_param schedparam = { + .sched_priority = CONFIG(sched).prio, + }; + + ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam); + if (ret == -1) { + perror("sched"); + exit(EXIT_FAILURE); + } + } + + /* + * initialization process + */ + + if (init() == -1) { + close_log(); + fprintf(stderr, "ERROR: conntrackd cannot start, please " + "check the logfile for more info\n"); + unlink(CONFIG(lockfile)); + exit(EXIT_FAILURE); + } + + chdir("/"); + close(STDIN_FILENO); + + /* Daemonize conntrackd */ + if (type == DAEMON) { + pid_t pid; + + if ((pid = fork()) == -1) { + perror("fork has failed: "); + exit(EXIT_FAILURE); + } else if (pid) + exit(EXIT_SUCCESS); + + setsid(); + + close(STDOUT_FILENO); + close(STDERR_FILENO); + + dlog(LOG_NOTICE, "-- starting in daemon mode --"); + } else + dlog(LOG_NOTICE, "-- starting in console mode --"); + + /* + * run main process + */ + run(); + return 0; +} diff --git a/src/mcast.c b/src/mcast.c new file mode 100644 index 0000000..4107d5d --- /dev/null +++ b/src/mcast.c @@ -0,0 +1,358 @@ +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: multicast socket library + */ + +#include "mcast.h" + +#include <stdio.h> +#include <stdlib.h> +#include <arpa/inet.h> +#include <unistd.h> +#include <string.h> +#include <sys/ioctl.h> +#include <net/if.h> +#include <errno.h> +#include <limits.h> +#include <libnfnetlink/libnfnetlink.h> + +struct mcast_sock *mcast_server_create(struct mcast_conf *conf) +{ + int yes = 1; + union { + struct ip_mreq ipv4; + struct ipv6_mreq ipv6; + } mreq; + struct mcast_sock *m; + socklen_t socklen = sizeof(int); + + m = (struct mcast_sock *) malloc(sizeof(struct mcast_sock)); + if (!m) + return NULL; + memset(m, 0, sizeof(struct mcast_sock)); + + switch(conf->ipproto) { + case AF_INET: + mreq.ipv4.imr_multiaddr.s_addr = conf->in.inet_addr.s_addr; + mreq.ipv4.imr_interface.s_addr =conf->ifa.interface_addr.s_addr; + + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(conf->port); + m->addr.ipv4.sin_addr.s_addr = htonl(INADDR_ANY); + + m->sockaddr_len = sizeof(struct sockaddr_in); + break; + + case AF_INET6: + memcpy(&mreq.ipv6.ipv6mr_multiaddr, &conf->in.inet_addr6, + sizeof(uint32_t) * 4); + mreq.ipv6.ipv6mr_interface = conf->ifa.interface_index6; + + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(conf->port); + m->addr.ipv6.sin6_addr = in6addr_any; + + m->sockaddr_len = sizeof(struct sockaddr_in6); + break; + } + + if ((m->fd = socket(conf->ipproto, SOCK_DGRAM, 0)) == -1) { + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_REUSEADDR, &yes, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + +#ifndef SO_RCVBUFFORCE +#define SO_RCVBUFFORCE 33 +#endif + + if (conf->rcvbuf && + setsockopt(m->fd, SOL_SOCKET, SO_RCVBUFFORCE, &conf->rcvbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + free(m); + return NULL; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_RCVBUF, &conf->rcvbuf, &socklen); + + if (bind(m->fd, (struct sockaddr *) &m->addr, m->sockaddr_len) == -1) { + close(m->fd); + free(m); + return NULL; + } + + switch(conf->ipproto) { + case AF_INET: + if (setsockopt(m->fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, + &mreq.ipv4, sizeof(mreq.ipv4)) < 0) { + close(m->fd); + free(m); + return NULL; + } + break; + case AF_INET6: + if (setsockopt(m->fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, + &mreq.ipv6, sizeof(mreq.ipv6)) < 0) { + close(m->fd); + free(m); + return NULL; + } + break; + } + + return m; +} + +void mcast_server_destroy(struct mcast_sock *m) +{ + close(m->fd); + free(m); +} + +static int +__mcast_client_create_ipv4(struct mcast_sock *m, struct mcast_conf *conf) +{ + int no = 0; + + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(conf->port); + m->addr.ipv4.sin_addr = conf->in.inet_addr; + m->sockaddr_len = sizeof(struct sockaddr_in); + + if (setsockopt(m->fd, IPPROTO_IP, IP_MULTICAST_LOOP, &no, + sizeof(int)) < 0) { + close(m->fd); + return -1; + } + + if (setsockopt(m->fd, IPPROTO_IP, IP_MULTICAST_IF, + &conf->ifa.interface_addr, + sizeof(struct in_addr)) == -1) { + close(m->fd); + return -1; + } + + return 0; +} + +static int +__mcast_client_create_ipv6(struct mcast_sock *m, struct mcast_conf *conf) +{ + int no = 0; + + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(conf->port); + memcpy(&m->addr.ipv6.sin6_addr, + &conf->in.inet_addr6, + sizeof(struct in6_addr)); + m->sockaddr_len = sizeof(struct sockaddr_in6); + + if (setsockopt(m->fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &no, + sizeof(int)) < 0) { + close(m->fd); + return -1; + } + + if (setsockopt(m->fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, + &conf->ifa.interface_index6, + sizeof(unsigned int)) == -1) { + close(m->fd); + return -1; + } + + return 0; +} + +struct mcast_sock *mcast_client_create(struct mcast_conf *conf) +{ + int ret; + struct mcast_sock *m; + socklen_t socklen = sizeof(int); + + m = (struct mcast_sock *) malloc(sizeof(struct mcast_sock)); + if (!m) + return NULL; + memset(m, 0, sizeof(struct mcast_sock)); + + if ((m->fd = socket(conf->ipproto, SOCK_DGRAM, 0)) == -1) { + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_NO_CHECK, &conf->checksum, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + +#ifndef SO_SNDBUFFORCE +#define SO_SNDBUFFORCE 32 +#endif + + if (conf->sndbuf && + setsockopt(m->fd, SOL_SOCKET, SO_SNDBUFFORCE, &conf->sndbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + free(m); + return NULL; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_SNDBUF, &conf->sndbuf, &socklen); + + switch(conf->ipproto) { + case AF_INET: + ret = __mcast_client_create_ipv4(m, conf); + break; + case AF_INET6: + ret = __mcast_client_create_ipv6(m, conf); + break; + default: + ret = 0; + break; + } + + if (ret == -1) { + close(m->fd); + free(m); + m = NULL; + } + + return m; +} + +void mcast_client_destroy(struct mcast_sock *m) +{ + close(m->fd); + free(m); +} + +ssize_t mcast_send(struct mcast_sock *m, const void *data, int size) +{ + ssize_t ret; + + ret = sendto(m->fd, + data, + size, + 0, + (struct sockaddr *) &m->addr, + m->sockaddr_len); + if (ret == -1) { + m->stats.error++; + return ret; + } + + m->stats.bytes += ret; + m->stats.messages++; + + return ret; +} + +ssize_t mcast_recv(struct mcast_sock *m, void *data, int size) +{ + ssize_t ret; + socklen_t sin_size = sizeof(struct sockaddr_in); + + ret = recvfrom(m->fd, + data, + size, + 0, + (struct sockaddr *)&m->addr, + &sin_size); + if (ret == -1) { + if (errno != EAGAIN) + m->stats.error++; + return ret; + } + + m->stats.bytes += ret; + m->stats.messages++; + + return ret; +} + +int mcast_get_fd(struct mcast_sock *m) +{ + return m->fd; +} + +int mcast_isset(struct mcast_sock *m, fd_set *readfds) +{ + return FD_ISSET(m->fd, readfds); +} + +int +mcast_snprintf_stats(char *buf, size_t buflen, char *ifname, + struct mcast_stats *s, struct mcast_stats *r) +{ + size_t size; + + size = snprintf(buf, buflen, "multicast traffic (active device=%s):\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} + +int +mcast_snprintf_stats2(char *buf, size_t buflen, const char *ifname, + const char *status, int active, + struct mcast_stats *s, struct mcast_stats *r) +{ + size_t size; + + size = snprintf(buf, buflen, + "multicast traffic device=%s status=%s role=%s:\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, status, active ? "ACTIVE" : "BACKUP", + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} diff --git a/src/multichannel.c b/src/multichannel.c new file mode 100644 index 0000000..de69d5c --- /dev/null +++ b/src/multichannel.c @@ -0,0 +1,116 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include <stdlib.h> + +#include "channel.h" +#include "network.h" + +struct multichannel * +multichannel_open(struct channel_conf *conf, int len) +{ + struct multichannel *m; + int i, set_default_channel = 0; + + if (len <= 0 || len > MULTICHANNEL_MAX) + return NULL; + + m = calloc(sizeof(struct multichannel), 1); + if (m == NULL) + return NULL; + + m->channel_num = len; + for (i = 0; i < len; i++) { + m->channel[i] = channel_open(&conf[i]); + if (m->channel[i] == NULL) { + int j; + + for (j=0; j<i; j++) { + channel_close(m->channel[j]); + } + free(m); + return NULL; + } + if (conf[i].channel_flags & CHANNEL_F_DEFAULT) { + m->current = m->channel[i]; + set_default_channel = 1; + } + } + if (!set_default_channel) + m->current = m->channel[0]; + + return m; +} + +int multichannel_send(struct multichannel *c, const struct nethdr *net) +{ + return channel_send(c->current, net); +} + +int multichannel_send_flush(struct multichannel *c) +{ + return channel_send_flush(c->current); +} + +int multichannel_recv(struct multichannel *c, char *buf, int size) +{ + return channel_recv(c->current, buf, size); +} + +void multichannel_close(struct multichannel *m) +{ + int i; + + for (i = 0; i < m->channel_num; i++) { + channel_close(m->channel[i]); + } + free(m); +} + +void multichannel_stats(struct multichannel *m, int fd) +{ + channel_stats(m->current, fd); +} + +void +multichannel_stats_extended(struct multichannel *m, + struct nlif_handle *h, int fd) +{ + int i, active; + + for (i = 0; i < m->channel_num; i++) { + if (m->current == m->channel[i]) { + active = 1; + } else { + active = 0; + } + channel_stats_extended(m->channel[i], active, h, fd); + } +} + +int multichannel_get_ifindex(struct multichannel *m, int i) +{ + return m->channel[i]->channel_ifindex; +} + +int multichannel_get_current_ifindex(struct multichannel *m) +{ + return m->current->channel_ifindex; +} + +void multichannel_set_current_channel(struct multichannel *m, int i) +{ + m->current = m->channel[i]; +} + +void multichannel_change_current_channel(struct multichannel *m, int i) +{ + if (m->current != m->channel[i]) + m->current = m->channel[i]; +} diff --git a/src/netlink.c b/src/netlink.c new file mode 100644 index 0000000..fe979e3 --- /dev/null +++ b/src/netlink.c @@ -0,0 +1,362 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "netlink.h" +#include "conntrackd.h" +#include "filter.h" +#include "log.h" + +#include <string.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/fcntl.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> + +struct nfct_handle *nl_init_event_handler(void) +{ + struct nfct_handle *h; + + h = nfct_open(CONFIG(netlink).subsys_id, CONFIG(netlink).groups); + if (h == NULL) + return NULL; + + if (CONFIG(netlink).events_reliable) { + int on = 1; + + setsockopt(nfct_fd(h), SOL_NETLINK, + NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int)); + + setsockopt(nfct_fd(h), SOL_NETLINK, + NETLINK_NO_ENOBUFS, &on, sizeof(int)); + + dlog(LOG_NOTICE, "reliable ctnetlink event delivery " + "is ENABLED."); + } + + if (STATE(filter)) { + if (CONFIG(filter_from_kernelspace)) { + if (nfct_filter_attach(nfct_fd(h), + STATE(filter)) == -1) { + dlog(LOG_ERR, "cannot set event filtering: %s", + strerror(errno)); + } + dlog(LOG_NOTICE, "using kernel-space event filtering"); + } else + dlog(LOG_NOTICE, "using user-space event filtering"); + + nfct_filter_destroy(STATE(filter)); + } + + fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK); + + /* set up socket buffer size */ + if (CONFIG(netlink_buffer_size) && + CONFIG(netlink_buffer_size) <= + CONFIG(netlink_buffer_size_max_grown)) { + /* we divide netlink_buffer_size by 2 here since value passed + to kernel gets doubled in SO_RCVBUF; see net/core/sock.c */ + CONFIG(netlink_buffer_size) = + nfnl_rcvbufsiz(nfct_nfnlh(h), CONFIG(netlink_buffer_size)/2); + } else { + dlog(LOG_NOTICE, "NetlinkBufferSize is either not set or " + "is greater than NetlinkBufferSizeMaxGrowth. " + "Using current system buffer size"); + + socklen_t socklen = sizeof(unsigned int); + unsigned int read_size; + + /* get current buffer size */ + getsockopt(nfct_fd(h), SOL_SOCKET, + SO_RCVBUF, &read_size, &socklen); + + CONFIG(netlink_buffer_size) = read_size; + } + + dlog(LOG_NOTICE, "netlink event socket buffer size has been set " + "to %u bytes", CONFIG(netlink_buffer_size)); + + return h; +} + +struct nlif_handle *nl_init_interface_handler(void) +{ + struct nlif_handle *h; + h = nlif_open(); + if (h == NULL) + return NULL; + + if (nlif_query(h) == -1) { + free(h); + return NULL; + } + fcntl(nlif_fd(h), F_SETFL, O_NONBLOCK); + + return h; +} + +static int warned = 0; + +void nl_resize_socket_buffer(struct nfct_handle *h) +{ + unsigned int s = CONFIG(netlink_buffer_size); + + /* already warned that we have reached the maximum buffer size */ + if (warned) + return; + + /* since sock_setsockopt in net/core/sock.c doubles the size of socket + buffer passed to it using nfnl_rcvbufsiz, only call nfnl_rcvbufsiz + if new value is not greater than netlink_buffer_size_max_grown */ + if (s*2 > CONFIG(netlink_buffer_size_max_grown)) { + dlog(LOG_WARNING, + "netlink event socket buffer size cannot " + "be doubled further since it will exceed " + "NetlinkBufferSizeMaxGrowth. We are likely to " + "be losing events, this may lead to " + "unsynchronized replicas. Please, consider " + "increasing netlink socket buffer size via " + "NetlinkBufferSize and " + "NetlinkBufferSizeMaxGrowth clauses in " + "conntrackd.conf"); + warned = 1; + return; + } + + CONFIG(netlink_buffer_size) = nfnl_rcvbufsiz(nfct_nfnlh(h), s); + + /* notify the sysadmin */ + dlog(LOG_NOTICE, "netlink event socket buffer size has been doubled " + "to %u bytes", CONFIG(netlink_buffer_size)); +} + +int nl_dump_conntrack_table(struct nfct_handle *h) +{ + return nfct_query(h, NFCT_Q_DUMP, &CONFIG(family)); +} + +int nl_flush_conntrack_table(struct nfct_handle *h) +{ + return nfct_query(h, NFCT_Q_FLUSH, &CONFIG(family)); +} + +int nl_send_resync(struct nfct_handle *h) +{ + int family = CONFIG(family); + return nfct_send(h, NFCT_Q_DUMP, &family); +} + +/* if the handle has no callback, check for existence, otherwise, update */ +int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct) +{ + int ret = 1; + struct nf_conntrack *tmp; + + tmp = nfct_new(); + if (tmp == NULL) + return -1; + + /* use the original tuple to check if it is there */ + nfct_copy(tmp, ct, NFCT_CP_ORIG); + + if (nfct_query(h, NFCT_Q_GET, tmp) == -1) + ret = (errno == ENOENT) ? 0 : -1; + + nfct_destroy(tmp); + return ret; +} + +int nl_create_conntrack(struct nfct_handle *h, + const struct nf_conntrack *orig, + int timeout) +{ + int ret; + struct nf_conntrack *ct; + + ct = nfct_clone(orig); + if (ct == NULL) + return -1; + + if (timeout > 0) + nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout); + + /* we hit error if we try to change the expected bit */ + if (nfct_attr_is_set(ct, ATTR_STATUS)) { + uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); + status &= ~IPS_EXPECTED; + nfct_set_attr_u32(ct, ATTR_STATUS, status); + } + + nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); + + /* disable TCP window tracking for recovered connections if required */ + if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) { + uint8_t flags = IP_CT_TCP_FLAG_SACK_PERM; + + if (!CONFIG(sync).tcp_window_tracking) + flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + else + flags |= IP_CT_TCP_FLAG_WINDOW_SCALE; + + /* FIXME: workaround, we should send TCP flags in updates */ + if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >= + TCP_CONNTRACK_TIME_WAIT) { + flags |= IP_CT_TCP_FLAG_CLOSE_INIT; + } + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags); + } + + ret = nfct_query(h, NFCT_Q_CREATE, ct); + nfct_destroy(ct); + + return ret; +} + +int nl_update_conntrack(struct nfct_handle *h, + const struct nf_conntrack *orig, + int timeout) +{ + int ret; + struct nf_conntrack *ct; + + ct = nfct_clone(orig); + if (ct == NULL) + return -1; + + if (timeout > 0) + nfct_set_attr_u32(ct, ATTR_TIMEOUT, timeout); + + /* unset NAT info, otherwise we hit error */ + nfct_attr_unset(ct, ATTR_SNAT_IPV4); + nfct_attr_unset(ct, ATTR_DNAT_IPV4); + nfct_attr_unset(ct, ATTR_SNAT_PORT); + nfct_attr_unset(ct, ATTR_DNAT_PORT); + + if (nfct_attr_is_set(ct, ATTR_STATUS)) { + uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); + status &= ~IPS_NAT_MASK; + nfct_set_attr_u32(ct, ATTR_STATUS, status); + } + /* we have to unset the helper to avoid EBUSY in reset timers */ + if (nfct_attr_is_set(ct, ATTR_HELPER_NAME)) + nfct_attr_unset(ct, ATTR_HELPER_NAME); + + /* we hit error if we try to update the master conntrack */ + if (ct_is_related(ct)) { + nfct_attr_unset(ct, ATTR_MASTER_L3PROTO); + nfct_attr_unset(ct, ATTR_MASTER_L4PROTO); + nfct_attr_unset(ct, ATTR_MASTER_IPV4_SRC); + nfct_attr_unset(ct, ATTR_MASTER_IPV4_DST); + nfct_attr_unset(ct, ATTR_MASTER_IPV6_SRC); + nfct_attr_unset(ct, ATTR_MASTER_IPV6_DST); + nfct_attr_unset(ct, ATTR_MASTER_PORT_SRC); + nfct_attr_unset(ct, ATTR_MASTER_PORT_DST); + } + + /* disable TCP window tracking for recovered connections if required */ + if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) { + uint8_t flags = IP_CT_TCP_FLAG_SACK_PERM; + + if (!CONFIG(sync).tcp_window_tracking) + flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + else + flags |= IP_CT_TCP_FLAG_WINDOW_SCALE; + + /* FIXME: workaround, we should send TCP flags in updates */ + if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >= + TCP_CONNTRACK_TIME_WAIT) { + flags |= IP_CT_TCP_FLAG_CLOSE_INIT; + } + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags); + } + + ret = nfct_query(h, NFCT_Q_UPDATE, ct); + nfct_destroy(ct); + + return ret; +} + +int nl_destroy_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct) +{ + return nfct_query(h, NFCT_Q_DESTROY, ct); +} + +int nl_create_expect(struct nfct_handle *h, const struct nf_expect *orig, + int timeout) +{ + int ret; + struct nf_expect *exp; + + exp = nfexp_clone(orig); + if (exp == NULL) + return -1; + + if (timeout > 0) + nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, timeout); + + ret = nfexp_query(h, NFCT_Q_CREATE, exp); + nfexp_destroy(exp); + + return ret; +} + +int nl_destroy_expect(struct nfct_handle *h, const struct nf_expect *exp) +{ + return nfexp_query(h, NFCT_Q_DESTROY, exp); +} + +/* if the handle has no callback, check for existence, otherwise, update */ +int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp) +{ + int ret = 1; + struct nf_expect *tmp; + + /* XXX: we only need the expectation, not the mask and the master. */ + tmp = nfexp_clone(exp); + if (tmp == NULL) + return -1; + + if (nfexp_query(h, NFCT_Q_GET, tmp) == -1) + ret = (errno == ENOENT) ? 0 : -1; + + nfexp_destroy(tmp); + return ret; +} + +int nl_dump_expect_table(struct nfct_handle *h) +{ + return nfexp_query(h, NFCT_Q_DUMP, &CONFIG(family)); +} + +int nl_flush_expect_table(struct nfct_handle *h) +{ + return nfexp_query(h, NFCT_Q_FLUSH, &CONFIG(family)); +} + +int nl_send_expect_resync(struct nfct_handle *h) +{ + int family = CONFIG(family); + return nfexp_send(h, NFCT_Q_DUMP, &family); +} diff --git a/src/network.c b/src/network.c new file mode 100644 index 0000000..13db37c --- /dev/null +++ b/src/network.c @@ -0,0 +1,139 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "conntrackd.h" +#include "network.h" +#include "log.h" + +#include <stdlib.h> +#include <time.h> +#include <string.h> + +#define NETHDR_ALIGNTO 4 + +static unsigned int seq_set, cur_seq; + +int nethdr_align(int value) +{ + return (value + NETHDR_ALIGNTO - 1) & ~(NETHDR_ALIGNTO - 1); +} + +int nethdr_size(int len) +{ + return NETHDR_SIZ + len; +} + +static inline void __nethdr_set(struct nethdr *net, int len) +{ + if (!seq_set) { + seq_set = 1; + cur_seq = time(NULL); + } + net->version = CONNTRACKD_PROTOCOL_VERSION; + net->len = len; + net->seq = cur_seq++; +} + +void nethdr_set(struct nethdr *net, int type) +{ + __nethdr_set(net, NETHDR_SIZ); + net->type = type; +} + +void nethdr_set_ack(struct nethdr *net) +{ + __nethdr_set(net, NETHDR_ACK_SIZ); +} + +void nethdr_set_ctl(struct nethdr *net) +{ + __nethdr_set(net, NETHDR_SIZ); +} + +static int local_seq_set = 0; + +/* this function only tracks, it does not update the last sequence received */ +int nethdr_track_seq(uint32_t seq, uint32_t *exp_seq) +{ + int ret = SEQ_UNKNOWN; + + /* netlink sequence tracking initialization */ + if (!local_seq_set) { + ret = SEQ_UNSET; + goto out; + } + + /* fast path: we received the correct sequence */ + if (seq == STATE_SYNC(last_seq_recv)+1) { + ret = SEQ_IN_SYNC; + goto out; + } + + /* out of sequence: some messages got lost */ + if (after(seq, STATE_SYNC(last_seq_recv)+1)) { + STATE_SYNC(error).msg_rcv_lost += + seq - STATE_SYNC(last_seq_recv) + 1; + ret = SEQ_AFTER; + goto out; + } + + /* out of sequence: replayed/delayed packet? */ + if (before(seq, STATE_SYNC(last_seq_recv)+1)) { + STATE_SYNC(error).msg_rcv_before++; + ret = SEQ_BEFORE; + } + +out: + *exp_seq = STATE_SYNC(last_seq_recv)+1; + + return ret; +} + +void nethdr_track_update_seq(uint32_t seq) +{ + if (!local_seq_set) + local_seq_set = 1; + + STATE_SYNC(last_seq_recv) = seq; +} + +int nethdr_track_is_seq_set() +{ + return local_seq_set; +} + +#include "cache.h" + +static int status2type[CACHE_T_MAX][C_OBJ_MAX] = { + [CACHE_T_CT] = { + [C_OBJ_NEW] = NET_T_STATE_CT_NEW, + [C_OBJ_ALIVE] = NET_T_STATE_CT_UPD, + [C_OBJ_DEAD] = NET_T_STATE_CT_DEL, + }, + [CACHE_T_EXP] = { + [C_OBJ_NEW] = NET_T_STATE_EXP_NEW, + [C_OBJ_ALIVE] = NET_T_STATE_EXP_UPD, + [C_OBJ_DEAD] = NET_T_STATE_EXP_DEL, + }, +}; + +int object_status_to_network_type(struct cache_object *obj) +{ + return status2type[obj->cache->type][obj->status]; +} diff --git a/src/nfct-extensions/timeout.c b/src/nfct-extensions/timeout.c new file mode 100644 index 0000000..5b32023 --- /dev/null +++ b/src/nfct-extensions/timeout.c @@ -0,0 +1,486 @@ +/* + * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <dirent.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> +#include <time.h> +#include <netinet/in.h> +#include <errno.h> + +#include <libmnl/libmnl.h> +#include <linux/netfilter/nfnetlink_cttimeout.h> +#include <libnetfilter_cttimeout/libnetfilter_cttimeout.h> + +#include "nfct.h" + +static void +nfct_cmd_timeout_usage(char *argv[]) +{ + fprintf(stderr, "nfct v%s: Missing command\n" + "%s timeout list|add|delete|get|flush " + "[parameters...]\n", VERSION, argv[0]); +} + +int nfct_cmd_timeout_parse_params(int argc, char *argv[]) +{ + int cmd = NFCT_CMD_NONE, ret; + + if (argc < 3) { + nfct_cmd_timeout_usage(argv); + return -1; + } + if (strncmp(argv[2], "list", strlen(argv[2])) == 0) + cmd = NFCT_CMD_LIST; + else if (strncmp(argv[2], "add", strlen(argv[2])) == 0) + cmd = NFCT_CMD_ADD; + else if (strncmp(argv[2], "delete", strlen(argv[2])) == 0) + cmd = NFCT_CMD_DELETE; + else if (strncmp(argv[2], "get", strlen(argv[2])) == 0) + cmd = NFCT_CMD_GET; + else if (strncmp(argv[2], "flush", strlen(argv[2])) == 0) + cmd = NFCT_CMD_FLUSH; + else { + fprintf(stderr, "nfct v%s: Unknown command: %s\n", + VERSION, argv[2]); + nfct_cmd_timeout_usage(argv); + return -1; + } + switch(cmd) { + case NFCT_CMD_LIST: + ret = nfct_cmd_timeout_list(argc, argv); + break; + case NFCT_CMD_ADD: + ret = nfct_cmd_timeout_add(argc, argv); + break; + case NFCT_CMD_DELETE: + ret = nfct_cmd_timeout_delete(argc, argv); + break; + case NFCT_CMD_GET: + ret = nfct_cmd_timeout_get(argc, argv); + break; + case NFCT_CMD_FLUSH: + ret = nfct_cmd_timeout_flush(argc, argv); + break; + } + + return ret; +} + +static int nfct_timeout_cb(const struct nlmsghdr *nlh, void *data) +{ + struct nfct_timeout *t; + char buf[4096]; + + t = nfct_timeout_alloc(); + if (t == NULL) { + nfct_perror("OOM"); + goto err; + } + + if (nfct_timeout_nlmsg_parse_payload(nlh, t) < 0) { + nfct_perror("nfct_timeout_nlmsg_parse_payload"); + goto err_free; + } + + nfct_timeout_snprintf(buf, sizeof(buf), t, NFCT_TIMEOUT_O_DEFAULT, 0); + printf("%s\n", buf); + +err_free: + nfct_timeout_free(t); +err: + return MNL_CB_OK; +} + +int nfct_cmd_timeout_list(int argc, char *argv[]) +{ + struct mnl_socket *nl; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + unsigned int seq, portid; + int ret; + + if (argc > 3) { + nfct_perror("too many arguments"); + return -1; + } + + seq = time(NULL); + nlh = nfct_timeout_nlmsg_build_hdr(buf, IPCTNL_MSG_TIMEOUT_GET, + NLM_F_DUMP, seq); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { + nfct_perror("mnl_socket_open"); + return -1; + } + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { + nfct_perror("mnl_socket_bind"); + return -1; + } + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { + nfct_perror("mnl_socket_send"); + return -1; + } + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, nfct_timeout_cb, NULL); + if (ret <= 0) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) { + nfct_perror("error"); + return -1; + } + mnl_socket_close(nl); + + return 0; +} + +static uint32_t nfct_timeout_attr_max[IPPROTO_MAX] = { + [IPPROTO_ICMP] = NFCT_TIMEOUT_ATTR_ICMP_MAX, + [IPPROTO_TCP] = NFCT_TIMEOUT_ATTR_TCP_MAX, + [IPPROTO_UDP] = NFCT_TIMEOUT_ATTR_UDP_MAX, + [IPPROTO_UDPLITE] = NFCT_TIMEOUT_ATTR_UDPLITE_MAX, + [IPPROTO_SCTP] = NFCT_TIMEOUT_ATTR_SCTP_MAX, + [IPPROTO_DCCP] = NFCT_TIMEOUT_ATTR_DCCP_MAX, + [IPPROTO_ICMPV6] = NFCT_TIMEOUT_ATTR_ICMPV6_MAX, + [IPPROTO_GRE] = NFCT_TIMEOUT_ATTR_GRE_MAX, + [IPPROTO_RAW] = NFCT_TIMEOUT_ATTR_GENERIC_MAX, +}; + +int nfct_cmd_timeout_add(int argc, char *argv[]) +{ + struct mnl_socket *nl; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + uint32_t portid, seq; + struct nfct_timeout *t; + uint16_t l3proto; + uint8_t l4proto; + int ret, i; + unsigned int j; + + if (argc < 6) { + nfct_perror("missing parameters\n" + "syntax: nfct timeout add name " + "family protocol state1 " + "timeout1 state2 timeout2..."); + return -1; + } + + t = nfct_timeout_alloc(); + if (t == NULL) { + nfct_perror("OOM"); + return -1; + } + + nfct_timeout_attr_set(t, NFCT_TIMEOUT_ATTR_NAME, argv[3]); + + if (strcmp(argv[4], "inet") == 0) + l3proto = AF_INET; + else if (strcmp(argv[4], "inet6") == 0) + l3proto = AF_INET6; + else { + nfct_perror("unknown layer 3 protocol"); + return -1; + } + nfct_timeout_attr_set_u16(t, NFCT_TIMEOUT_ATTR_L3PROTO, l3proto); + + if (strcmp(argv[5], "tcp") == 0) + l4proto = IPPROTO_TCP; + else if (strcmp(argv[5], "udp") == 0) + l4proto = IPPROTO_UDP; + else if (strcmp(argv[5], "udplite") == 0) + l4proto = IPPROTO_UDPLITE; + else if (strcmp(argv[5], "sctp") == 0) + l4proto = IPPROTO_SCTP; + else if (strcmp(argv[5], "dccp") == 0) + l4proto = IPPROTO_DCCP; + else if (strcmp(argv[5], "icmp") == 0) + l4proto = IPPROTO_ICMP; + else if (strcmp(argv[5], "icmpv6") == 0) + l4proto = IPPROTO_ICMPV6; + else if (strcmp(argv[5], "gre") == 0) + l4proto = IPPROTO_GRE; + else if (strcmp(argv[5], "generic") == 0) + l4proto = IPPROTO_RAW; + else { + nfct_perror("unknown layer 4 protocol"); + return -1; + } + nfct_timeout_attr_set_u8(t, NFCT_TIMEOUT_ATTR_L4PROTO, l4proto); + + for (i=6; i<argc; i+=2) { + int matching = -1; + + for (j=0; j<nfct_timeout_attr_max[l4proto]; j++) { + const char *state_name; + + state_name = + nfct_timeout_policy_attr_to_name(l4proto, j); + if (state_name == NULL) { + nfct_perror("state name is NULL"); + return -1; + } + if (strcasecmp(argv[i], state_name) != 0) + continue; + + matching = j; + break; + } + if (matching != -1) { + if (i+1 >= argc) { + nfct_perror("missing value for this timeout"); + return -1; + } + nfct_timeout_policy_attr_set_u32(t, matching, + atoi(argv[i+1])); + matching = -1; + } else { + fprintf(stderr, "nfct v%s: Wrong state name: `%s' " + "for protocol `%s'\n", + VERSION, argv[i], argv[5]); + return -1; + } + } + + seq = time(NULL); + nlh = nfct_timeout_nlmsg_build_hdr(buf, IPCTNL_MSG_TIMEOUT_NEW, + NLM_F_CREATE | NLM_F_ACK, seq); + nfct_timeout_nlmsg_build_payload(nlh, t); + + nfct_timeout_free(t); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { + nfct_perror("mnl_socket_open"); + return -1; + } + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { + nfct_perror("mnl_socket_bind"); + return -1; + } + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { + nfct_perror("mnl_socket_send"); + return -1; + } + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL); + if (ret <= 0) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) { + nfct_perror("error"); + return -1; + } + mnl_socket_close(nl); + + return 0; +} + +int nfct_cmd_timeout_delete(int argc, char *argv[]) +{ + struct mnl_socket *nl; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + uint32_t portid, seq; + struct nfct_timeout *t; + int ret; + + if (argc < 4) { + nfct_perror("missing timeout policy name"); + return -1; + } else if (argc > 4) { + nfct_perror("too many arguments"); + return -1; + } + + t = nfct_timeout_alloc(); + if (t == NULL) { + nfct_perror("OOM"); + return -1; + } + + nfct_timeout_attr_set(t, NFCT_TIMEOUT_ATTR_NAME, argv[3]); + + seq = time(NULL); + nlh = nfct_timeout_nlmsg_build_hdr(buf, IPCTNL_MSG_TIMEOUT_DELETE, + NLM_F_ACK, seq); + nfct_timeout_nlmsg_build_payload(nlh, t); + + nfct_timeout_free(t); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { + nfct_perror("mnl_socket_open"); + return -1; + } + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { + nfct_perror("mnl_socket_bind"); + return -1; + } + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { + nfct_perror("mnl_socket_send"); + return -1; + } + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL); + if (ret <= 0) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) { + nfct_perror("error"); + return -1; + } + + mnl_socket_close(nl); + + return 0; +} + +int nfct_cmd_timeout_get(int argc, char *argv[]) +{ + struct mnl_socket *nl; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + uint32_t portid, seq; + struct nfct_timeout *t; + int ret; + + if (argc < 4) { + nfct_perror("missing timeout policy name"); + return -1; + } else if (argc > 4) { + nfct_perror("too many arguments"); + return -1; + } + + t = nfct_timeout_alloc(); + if (t == NULL) { + nfct_perror("OOM"); + return -1; + } + nfct_timeout_attr_set(t, NFCT_TIMEOUT_ATTR_NAME, argv[3]); + + seq = time(NULL); + nlh = nfct_timeout_nlmsg_build_hdr(buf, IPCTNL_MSG_TIMEOUT_GET, + NLM_F_ACK, seq); + + nfct_timeout_nlmsg_build_payload(nlh, t); + + nfct_timeout_free(t); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { + nfct_perror("mnl_socket_open"); + return -1; + } + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { + nfct_perror("mnl_socket_bind"); + return -1; + } + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { + nfct_perror("mnl_socket_send"); + return -1; + } + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, nfct_timeout_cb, NULL); + if (ret <= 0) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) { + nfct_perror("error"); + return -1; + } + mnl_socket_close(nl); + + return 0; +} + +int nfct_cmd_timeout_flush(int argc, char *argv[]) +{ + struct mnl_socket *nl; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + uint32_t portid, seq; + int ret; + + if (argc > 3) { + nfct_perror("too many arguments"); + return -1; + } + + seq = time(NULL); + nlh = nfct_timeout_nlmsg_build_hdr(buf, IPCTNL_MSG_TIMEOUT_DELETE, + NLM_F_ACK, seq); + + nl = mnl_socket_open(NETLINK_NETFILTER); + if (nl == NULL) { + nfct_perror("mnl_socket_open"); + return -1; + } + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { + nfct_perror("mnl_socket_bind"); + return -1; + } + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { + nfct_perror("mnl_socket_send"); + return -1; + } + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL); + if (ret <= 0) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) { + nfct_perror("error"); + return -1; + } + + mnl_socket_close(nl); + + return 0; +} diff --git a/src/nfct.c b/src/nfct.c new file mode 100644 index 0000000..db629e7 --- /dev/null +++ b/src/nfct.c @@ -0,0 +1,116 @@ +/* + * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <dirent.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> +#include <time.h> +#include <netinet/in.h> +#include <errno.h> + +#include <libmnl/libmnl.h> +#include <linux/netfilter/nfnetlink_cttimeout.h> +#include <libnetfilter_cttimeout/libnetfilter_cttimeout.h> + +#include "nfct.h" + +static int nfct_cmd_version(int argc, char *argv[]); +static int nfct_cmd_help(int argc, char *argv[]); + +static void usage(char *argv[]) +{ + fprintf(stderr, "Usage: %s subsystem command [parameters]...\n", + argv[0]); +} + +void nfct_perror(const char *msg) +{ + if (errno == 0) { + fprintf(stderr, "nfct v%s: %s\n", VERSION, msg); + } else { + fprintf(stderr, "nfct v%s: %s: %s\n", + VERSION, msg, strerror(errno)); + } +} + +int main(int argc, char *argv[]) +{ + int subsys = NFCT_SUBSYS_NONE, ret = 0; + + if (argc < 2) { + usage(argv); + exit(EXIT_FAILURE); + } + if (strncmp(argv[1], "timeout", strlen(argv[1])) == 0) { + subsys = NFCT_SUBSYS_TIMEOUT; + } else if (strncmp(argv[1], "version", strlen(argv[1])) == 0) + subsys = NFCT_SUBSYS_VERSION; + else if (strncmp(argv[1], "help", strlen(argv[1])) == 0) + subsys = NFCT_SUBSYS_HELP; + else { + fprintf(stderr, "nfct v%s: Unknown subsystem: %s\n", + VERSION, argv[1]); + usage(argv); + exit(EXIT_FAILURE); + } + + switch(subsys) { + case NFCT_SUBSYS_TIMEOUT: + ret = nfct_cmd_timeout_parse_params(argc, argv); + break; + case NFCT_SUBSYS_VERSION: + ret = nfct_cmd_version(argc, argv); + break; + case NFCT_SUBSYS_HELP: + ret = nfct_cmd_help(argc, argv); + break; + } + return ret < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} + +static const char version_msg[] = + "nfct v%s: utility for the Netfilter's Connection Tracking System\n" + "Copyright (C) 2012 Pablo Neira Ayuso <pablo@netfilter.org>\n" + "This program comes with ABSOLUTELY NO WARRANTY.\n" + "This is free software, and you are welcome to redistribute it under " + "certain \nconditions; see LICENSE file distributed in this package " + "for details.\n"; + +static int nfct_cmd_version(int argc, char *argv[]) +{ + printf(version_msg, VERSION); + return 0; +} + +static const char help_msg[] = + "nfct v%s: utility for the Netfilter's Connection Tracking System\n" + "Usage: %s command [parameters]...\n\n" + "Subsystem:\n" + " timeout\t\tAllows definition of fine-grain timeout policies\n" + " version\t\tDisplay version and disclaimer\n" + " help\t\t\tDisplay this help message\n" + "Commands:\n" + " list [reset]\t\tList the accounting object table (and reset)\n" + " add object-name\tAdd new accounting object to table\n" + " delete object-name\tDelete existing accounting object\n" + " get object-name\tGet existing accounting object\n" + " flush\t\t\tFlush accounting object table\n"; + +static int nfct_cmd_help(int argc, char *argv[]) +{ + printf(help_msg, VERSION, argv[0]); + return 0; +} diff --git a/src/origin.c b/src/origin.c new file mode 100644 index 0000000..3c65f3d --- /dev/null +++ b/src/origin.c @@ -0,0 +1,70 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +#include "conntrackd.h" +#include "origin.h" + +static LIST_HEAD(origin_list); + +struct origin { + struct list_head head; + unsigned int nl_portid; + int type; +}; + +/* register a Netlink socket as origin of possible events */ +int origin_register(struct nfct_handle *h, int origin_type) +{ + struct origin *nlp; + + nlp = calloc(sizeof(struct origin), 1); + if (nlp == NULL) + return -1; + + nlp->nl_portid = nfnl_portid(nfct_nfnlh(h)); + nlp->type = origin_type; + + list_add(&nlp->head, &origin_list); + return 0; +} + +/* look up for the origin of this Netlink event */ +int origin_find(const struct nlmsghdr *nlh) +{ + struct origin *this; + + list_for_each_entry(this, &origin_list, head) { + if (this->nl_portid == nlh->nlmsg_pid) { + return this->type; + } + } + return CTD_ORIGIN_NOT_ME; +} + +int origin_unregister(struct nfct_handle *h) +{ + struct origin *this, *tmp; + + list_for_each_entry_safe(this, tmp, &origin_list, head) { + if (this->nl_portid == nfnl_portid(nfct_nfnlh(h))) { + list_del(&this->head); + free(this); + return 1; + } + } + return 0; +} diff --git a/src/parse.c b/src/parse.c new file mode 100644 index 0000000..732bc44 --- /dev/null +++ b/src/parse.c @@ -0,0 +1,524 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "network.h" + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +#ifndef ssizeof +#define ssizeof(x) (int)sizeof(x) +#endif + +static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_str(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data); + +struct ct_parser { + void (*parse)(struct nf_conntrack *ct, int attr, void *data); + int attr; + int size; + int max_size; +}; + +static struct ct_parser h[NTA_MAX] = { + [NTA_IPV4] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_IPV6] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_ORIG_IPV6, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv6)), + }, + [NTA_PORT] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_L4PROTO] = { + .parse = ct_parse_u8, + .attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_TCP_STATE] = { + .parse = ct_parse_u8, + .attr = ATTR_TCP_STATE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_STATUS] = { + .parse = ct_parse_u32, + .attr = ATTR_STATUS, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_MARK] = { + .parse = ct_parse_u32, + .attr = ATTR_MARK, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_TIMEOUT] = { + .parse = ct_parse_u32, + .attr = ATTR_TIMEOUT, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_MASTER_IPV4] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_MASTER_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_MASTER_IPV6] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_MASTER_IPV6, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv6)), + }, + [NTA_MASTER_L4PROTO] = { + .parse = ct_parse_u8, + .attr = ATTR_MASTER_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_MASTER_PORT] = { + .parse = ct_parse_group, + .attr = ATTR_GRP_MASTER_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_SNAT_IPV4] = { + .parse = ct_parse_u32, + .attr = ATTR_SNAT_IPV4, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_DNAT_IPV4] = { + .parse = ct_parse_u32, + .attr = ATTR_DNAT_IPV4, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_SPAT_PORT] = { + .parse = ct_parse_u16, + .attr = ATTR_SNAT_PORT, + .size = NTA_SIZE(sizeof(uint16_t)), + }, + [NTA_DPAT_PORT] = { + .parse = ct_parse_u16, + .attr = ATTR_DNAT_PORT, + .size = NTA_SIZE(sizeof(uint16_t)), + }, + [NTA_NAT_SEQ_ADJ] = { + .parse = ct_parse_nat_seq_adj, + .size = NTA_SIZE(sizeof(struct nta_attr_natseqadj)), + }, + [NTA_SCTP_STATE] = { + .parse = ct_parse_u8, + .attr = ATTR_SCTP_STATE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_SCTP_VTAG_ORIG] = { + .parse = ct_parse_u32, + .attr = ATTR_SCTP_VTAG_ORIG, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_SCTP_VTAG_REPL] = { + .parse = ct_parse_u32, + .attr = ATTR_SCTP_VTAG_REPL, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_DCCP_STATE] = { + .parse = ct_parse_u8, + .attr = ATTR_DCCP_STATE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_DCCP_ROLE] = { + .parse = ct_parse_u8, + .attr = ATTR_DCCP_ROLE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_ICMP_TYPE] = { + .parse = ct_parse_u8, + .attr = ATTR_ICMP_TYPE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_ICMP_CODE] = { + .parse = ct_parse_u8, + .attr = ATTR_ICMP_CODE, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_ICMP_ID] = { + .parse = ct_parse_u16, + .attr = ATTR_ICMP_ID, + .size = NTA_SIZE(sizeof(uint16_t)), + }, + [NTA_TCP_WSCALE_ORIG] = { + .parse = ct_parse_u8, + .attr = ATTR_TCP_WSCALE_ORIG, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_TCP_WSCALE_REPL] = { + .parse = ct_parse_u8, + .attr = ATTR_TCP_WSCALE_REPL, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_HELPER_NAME] = { + .parse = ct_parse_str, + .attr = ATTR_HELPER_NAME, + .max_size = NFCT_HELPER_NAME_MAX, + }, +}; + +static void +ct_parse_u8(struct nf_conntrack *ct, int attr, void *data) +{ + uint8_t *value = (uint8_t *) data; + nfct_set_attr_u8(ct, h[attr].attr, *value); +} + +static void +ct_parse_u16(struct nf_conntrack *ct, int attr, void *data) +{ + uint16_t *value = (uint16_t *) data; + nfct_set_attr_u16(ct, h[attr].attr, ntohs(*value)); +} + +static void +ct_parse_u32(struct nf_conntrack *ct, int attr, void *data) +{ + uint32_t *value = (uint32_t *) data; + nfct_set_attr_u32(ct, h[attr].attr, ntohl(*value)); +} + +static void +ct_parse_str(struct nf_conntrack *ct, int attr, void *data) +{ + nfct_set_attr(ct, h[attr].attr, data); +} + +static void +ct_parse_group(struct nf_conntrack *ct, int attr, void *data) +{ + nfct_set_attr_grp(ct, h[attr].attr, data); +} + +static void +ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data) +{ + struct nta_attr_natseqadj *this = data; + nfct_set_attr_u32(ct, ATTR_ORIG_NAT_SEQ_CORRECTION_POS, + ntohl(this->orig_seq_correction_pos)); + nfct_set_attr_u32(ct, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, + ntohl(this->orig_seq_offset_before)); + nfct_set_attr_u32(ct, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, + ntohl(this->orig_seq_offset_after)); + nfct_set_attr_u32(ct, ATTR_REPL_NAT_SEQ_CORRECTION_POS, + ntohl(this->repl_seq_correction_pos)); + nfct_set_attr_u32(ct, ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, + ntohl(this->repl_seq_offset_before)); + nfct_set_attr_u32(ct, ATTR_REPL_NAT_SEQ_OFFSET_AFTER, + ntohl(this->repl_seq_offset_after)); +} + +int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain) +{ + int len; + struct netattr *attr; + + if (remain < net->len) + return -1; + + len = net->len - NETHDR_SIZ; + attr = NETHDR_DATA(net); + + while (len > ssizeof(struct netattr)) { + ATTR_NETWORK2HOST(attr); + if (attr->nta_len > len) + return -1; + if (attr->nta_attr > NTA_MAX) + return -1; + if (h[attr->nta_attr].size && + attr->nta_len != h[attr->nta_attr].size) + return -1; + if (h[attr->nta_attr].max_size && + attr->nta_len > h[attr->nta_attr].max_size) + return -1; + if (h[attr->nta_attr].parse == NULL) { + attr = NTA_NEXT(attr, len); + continue; + } + h[attr->nta_attr].parse(ct, attr->nta_attr, NTA_DATA(attr)); + attr = NTA_NEXT(attr, len); + } + + return 0; +} + +static void exp_parse_ct_group(void *ct, int attr, void *data); +static void exp_parse_ct_u8(void *ct, int attr, void *data); +static void exp_parse_u32(void *exp, int attr, void *data); +static void exp_parse_str(void *exp, int attr, void *data); + +static struct exp_parser { + void (*parse)(void *obj, int attr, void *data); + int exp_attr; + int ct_attr; + int size; + int max_size; +} exp_h[NTA_EXP_MAX] = { + [NTA_EXP_MASTER_IPV4] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASTER, + .ct_attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_EXP_MASTER_IPV6] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASTER, + .ct_attr = ATTR_GRP_ORIG_IPV6, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv6)), + }, + [NTA_EXP_MASTER_L4PROTO] = { + .parse = exp_parse_ct_u8, + .exp_attr = ATTR_EXP_MASTER, + .ct_attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_EXP_MASTER_PORT] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASTER, + .ct_attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_EXP_EXPECT_IPV4] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_EXPECTED, + .ct_attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_EXP_EXPECT_IPV6] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_EXPECTED, + .ct_attr = ATTR_GRP_ORIG_IPV6, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv6)), + }, + [NTA_EXP_EXPECT_L4PROTO] = { + .parse = exp_parse_ct_u8, + .exp_attr = ATTR_EXP_EXPECTED, + .ct_attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_EXP_EXPECT_PORT] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_EXPECTED, + .ct_attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_EXP_MASK_IPV4] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASK, + .ct_attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_EXP_MASK_IPV6] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASK, + .ct_attr = ATTR_GRP_ORIG_IPV6, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv6)), + }, + [NTA_EXP_MASK_L4PROTO] = { + .parse = exp_parse_ct_u8, + .exp_attr = ATTR_EXP_MASK, + .ct_attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_EXP_MASK_PORT] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_MASK, + .ct_attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_EXP_TIMEOUT] = { + .parse = exp_parse_u32, + .exp_attr = ATTR_EXP_TIMEOUT, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_EXP_FLAGS] = { + .parse = exp_parse_u32, + .exp_attr = ATTR_EXP_FLAGS, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_EXP_CLASS] = { + .parse = exp_parse_u32, + .exp_attr = ATTR_EXP_CLASS, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_EXP_NAT_IPV4] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_EXP_NAT_L4PROTO] = { + .parse = exp_parse_ct_u8, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_EXP_NAT_PORT] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_EXP_NAT_DIR] = { + .parse = exp_parse_u32, + .exp_attr = ATTR_EXP_NAT_DIR, + .size = NTA_SIZE(sizeof(uint32_t)), + }, + [NTA_EXP_HELPER_NAME] = { + .parse = exp_parse_str, + .exp_attr = ATTR_EXP_HELPER_NAME, + .max_size = NFCT_HELPER_NAME_MAX, + }, + [NTA_EXP_FN] = { + .parse = exp_parse_str, + .exp_attr = ATTR_EXP_FN, + .max_size = NFCT_HELPER_NAME_MAX, + }, +}; + +static void exp_parse_ct_group(void *ct, int attr, void *data) +{ + nfct_set_attr_grp(ct, exp_h[attr].ct_attr, data); +} + +static void exp_parse_ct_u8(void *ct, int attr, void *data) +{ + uint8_t *value = (uint8_t *) data; + nfct_set_attr_u8(ct, exp_h[attr].ct_attr, *value); +} + +static void exp_parse_u32(void *exp, int attr, void *data) +{ + uint32_t *value = (uint32_t *) data; + nfexp_set_attr_u32(exp, exp_h[attr].exp_attr, ntohl(*value)); +} + +static void exp_parse_str(void *exp, int attr, void *data) +{ + nfexp_set_attr(exp, exp_h[attr].exp_attr, data); +} + +int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) +{ + int len; + struct netattr *attr; + struct nf_conntrack *master, *expected, *mask, *nat; + + if (remain < net->len) + return -1; + + len = net->len - NETHDR_SIZ; + attr = NETHDR_DATA(net); + + master = nfct_new(); + if (master == NULL) + goto err_master; + + expected = nfct_new(); + if (expected == NULL) + goto err_expected; + + mask = nfct_new(); + if (mask == NULL) + goto err_mask; + + nat = nfct_new(); + if (nat == NULL) + goto err_nat; + + while (len > ssizeof(struct netattr)) { + ATTR_NETWORK2HOST(attr); + if (attr->nta_len > len) + goto err; + if (attr->nta_attr > NTA_MAX) + goto err; + if (exp_h[attr->nta_attr].size && + attr->nta_len != exp_h[attr->nta_attr].size) + goto err; + if (exp_h[attr->nta_attr].max_size && + attr->nta_len > exp_h[attr->nta_attr].max_size) + goto err; + if (exp_h[attr->nta_attr].parse == NULL) { + attr = NTA_NEXT(attr, len); + continue; + } + switch(exp_h[attr->nta_attr].exp_attr) { + case ATTR_EXP_MASTER: + exp_h[attr->nta_attr].parse(master, attr->nta_attr, + NTA_DATA(attr)); + case ATTR_EXP_EXPECTED: + exp_h[attr->nta_attr].parse(expected, attr->nta_attr, + NTA_DATA(attr)); + case ATTR_EXP_MASK: + exp_h[attr->nta_attr].parse(mask, attr->nta_attr, + NTA_DATA(attr)); + break; + case ATTR_EXP_NAT_TUPLE: + exp_h[attr->nta_attr].parse(nat, attr->nta_attr, + NTA_DATA(attr)); + nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat); + break; + case ATTR_EXP_TIMEOUT: + case ATTR_EXP_FLAGS: + case ATTR_EXP_CLASS: + case ATTR_EXP_HELPER_NAME: + case ATTR_EXP_NAT_DIR: + case ATTR_EXP_FN: + exp_h[attr->nta_attr].parse(exp, attr->nta_attr, + NTA_DATA(attr)); + break; + } + attr = NTA_NEXT(attr, len); + } + + nfexp_set_attr(exp, ATTR_EXP_MASTER, master); + nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected); + nfexp_set_attr(exp, ATTR_EXP_MASK, mask); + + /* We can release the conntrack objects at this point because the + * setter makes a copy of them. This is not efficient, it would be + * better to save that extra copy but this is how the library works. + * I'm sorry, I cannot change it without breaking backward + * compatibility. Probably it is a good idea to think of adding new + * interfaces in the near future to get it better. */ + nfct_destroy(mask); + nfct_destroy(expected); + nfct_destroy(master); + nfct_destroy(nat); + + return 0; +err: + nfct_destroy(nat); +err_nat: + nfct_destroy(mask); +err_mask: + nfct_destroy(expected); +err_expected: + nfct_destroy(master); +err_master: + return -1; +} diff --git a/src/process.c b/src/process.c new file mode 100644 index 0000000..9b9734c --- /dev/null +++ b/src/process.c @@ -0,0 +1,103 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include <signal.h> +#include "conntrackd.h" +#include "process.h" + +static LIST_HEAD(process_list); + +int fork_process_new(int type, int flags, void (*cb)(void *data), void *data) +{ + struct child_process *c, *this; + int pid; + + /* block SIGCHLD to avoid the access of the list concurrently */ + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + + /* We only want one process of this type at the same time. This is + * useful if you want to prevent two child processes from accessing + * a shared descriptor at the same time. */ + if (flags & CTD_PROC_F_EXCL) { + list_for_each_entry(this, &process_list, head) { + if (this->type == type) { + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + return -1; + } + } + } + c = calloc(sizeof(struct child_process), 1); + if (c == NULL) { + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + return -1; + } + + c->type = type; + c->cb = cb; + c->data = data; + c->pid = pid = fork(); + + if (c->pid > 0) + list_add(&c->head, &process_list); + + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + + return pid; +} + +int fork_process_delete(int pid) +{ + struct child_process *this, *tmp; + + list_for_each_entry_safe(this, tmp, &process_list, head) { + if (this->pid == pid) { + list_del(&this->head); + if (this->cb) { + this->cb(this->data); + } + free(this); + return 1; + } + } + return 0; +} + +static const char *process_type_to_name[CTD_PROC_MAX] = { + [CTD_PROC_ANY] = "any", + [CTD_PROC_FLUSH] = "flush", + [CTD_PROC_COMMIT] = "commit", +}; + +void fork_process_dump(int fd) +{ + struct child_process *this; + char buf[4096]; + int size = 0; + + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + list_for_each_entry(this, &process_list, head) { + size += snprintf(buf+size, sizeof(buf), + "PID=%u type=%s\n", + this->pid, + this->type < CTD_PROC_MAX ? + process_type_to_name[this->type] : "unknown"); + } + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + + send(fd, buf, size, 0); +} diff --git a/src/queue.c b/src/queue.c new file mode 100644 index 0000000..76425b1 --- /dev/null +++ b/src/queue.c @@ -0,0 +1,187 @@ +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "queue.h" +#include "event.h" + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/socket.h> + +static LIST_HEAD(queue_list); /* list of existing queues */ +static uint32_t qobjects_num; /* number of active queue objects */ + +struct queue * +queue_create(const char *name, int max_objects, unsigned int flags) +{ + struct queue *b; + + b = calloc(sizeof(struct queue), 1); + if (b == NULL) + return NULL; + + b->max_elems = max_objects; + INIT_LIST_HEAD(&b->head); + b->flags = flags; + + if (flags & QUEUE_F_EVFD) { + b->evfd = create_evfd(); + if (b->evfd == NULL) { + free(b); + return NULL; + } + } + strncpy(b->name, name, QUEUE_NAMELEN); + b->name[QUEUE_NAMELEN-1]='\0'; + list_add(&b->list, &queue_list); + + return b; +} + +void queue_destroy(struct queue *b) +{ + list_del(&b->list); + if (b->flags & QUEUE_F_EVFD) + destroy_evfd(b->evfd); + free(b); +} + +void queue_stats_show(int fd) +{ + struct queue *this; + int size = 0; + char buf[512]; + + size += snprintf(buf+size, sizeof(buf), + "allocated queue nodes:\t\t%12u\n\n", + qobjects_num); + + list_for_each_entry(this, &queue_list, list) { + size += snprintf(buf+size, sizeof(buf), + "queue %s:\n" + "current elements:\t\t%12u\n" + "maximum elements:\t\t%12u\n" + "not enough space errors:\t%12u\n\n", + this->name, + this->num_elems, + this->max_elems, + this->enospc_err); + } + send(fd, buf, size, 0); +} + +void queue_node_init(struct queue_node *n, int type) +{ + INIT_LIST_HEAD(&n->head); + n->type = type; +} + +void *queue_node_data(struct queue_node *n) +{ + return ((char *)n) + sizeof(struct queue_node); +} + +struct queue_object *queue_object_new(int type, size_t size) +{ + struct queue_object *obj; + + obj = calloc(sizeof(struct queue_object) + size, 1); + if (obj == NULL) + return NULL; + + obj->qnode.size = size; + queue_node_init(&obj->qnode, type); + qobjects_num++; + + return obj; +} + +void queue_object_free(struct queue_object *obj) +{ + free(obj); + qobjects_num--; +} + +int queue_add(struct queue *b, struct queue_node *n) +{ + if (!list_empty(&n->head)) + return 0; + + if (b->num_elems >= b->max_elems) { + b->enospc_err++; + errno = ENOSPC; + return -1; + } + n->owner = b; + list_add_tail(&n->head, &b->head); + b->num_elems++; + if (b->evfd) + write_evfd(b->evfd); + return 1; +} + +int queue_del(struct queue_node *n) +{ + if (list_empty(&n->head)) + return 0; + + list_del_init(&n->head); + n->owner->num_elems--; + if (n->owner->evfd) + read_evfd(n->owner->evfd); + n->owner = NULL; + return 1; +} + +struct queue_node *queue_del_head(struct queue *b) +{ + struct queue_node *n = (struct queue_node *) b->head.next; + queue_del(n); + return n; +} + +int queue_in(struct queue *b, struct queue_node *n) +{ + return b == n->owner; +} + +int queue_get_eventfd(struct queue *b) +{ + return get_read_evfd(b->evfd); +} + +void queue_iterate(struct queue *b, + const void *data, + int (*iterate)(struct queue_node *n, const void *data2)) +{ + struct list_head *i, *tmp; + struct queue_node *n; + + list_for_each_safe(i, tmp, &b->head) { + n = (struct queue_node *) i; + if (iterate(n, data)) + break; + } +} + +unsigned int queue_len(const struct queue *b) +{ + return b->num_elems; +} diff --git a/src/rbtree.c b/src/rbtree.c new file mode 100644 index 0000000..199e2bb --- /dev/null +++ b/src/rbtree.c @@ -0,0 +1,389 @@ +/* + Red Black Trees + (C) 1999 Andrea Arcangeli <andrea@suse.de> + (C) 2002 David Woodhouse <dwmw2@infradead.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + linux/lib/rbtree.c +*/ + +#include "linux_rbtree.h" + +static void __rb_rotate_left(struct rb_node *node, struct rb_root *root) +{ + struct rb_node *right = node->rb_right; + struct rb_node *parent = rb_parent(node); + + if ((node->rb_right = right->rb_left)) + rb_set_parent(right->rb_left, node); + right->rb_left = node; + + rb_set_parent(right, parent); + + if (parent) + { + if (node == parent->rb_left) + parent->rb_left = right; + else + parent->rb_right = right; + } + else + root->rb_node = right; + rb_set_parent(node, right); +} + +static void __rb_rotate_right(struct rb_node *node, struct rb_root *root) +{ + struct rb_node *left = node->rb_left; + struct rb_node *parent = rb_parent(node); + + if ((node->rb_left = left->rb_right)) + rb_set_parent(left->rb_right, node); + left->rb_right = node; + + rb_set_parent(left, parent); + + if (parent) + { + if (node == parent->rb_right) + parent->rb_right = left; + else + parent->rb_left = left; + } + else + root->rb_node = left; + rb_set_parent(node, left); +} + +void rb_insert_color(struct rb_node *node, struct rb_root *root) +{ + struct rb_node *parent, *gparent; + + while ((parent = rb_parent(node)) && rb_is_red(parent)) + { + gparent = rb_parent(parent); + + if (parent == gparent->rb_left) + { + { + register struct rb_node *uncle = gparent->rb_right; + if (uncle && rb_is_red(uncle)) + { + rb_set_black(uncle); + rb_set_black(parent); + rb_set_red(gparent); + node = gparent; + continue; + } + } + + if (parent->rb_right == node) + { + register struct rb_node *tmp; + __rb_rotate_left(parent, root); + tmp = parent; + parent = node; + node = tmp; + } + + rb_set_black(parent); + rb_set_red(gparent); + __rb_rotate_right(gparent, root); + } else { + { + register struct rb_node *uncle = gparent->rb_left; + if (uncle && rb_is_red(uncle)) + { + rb_set_black(uncle); + rb_set_black(parent); + rb_set_red(gparent); + node = gparent; + continue; + } + } + + if (parent->rb_left == node) + { + register struct rb_node *tmp; + __rb_rotate_right(parent, root); + tmp = parent; + parent = node; + node = tmp; + } + + rb_set_black(parent); + rb_set_red(gparent); + __rb_rotate_left(gparent, root); + } + } + + rb_set_black(root->rb_node); +} + +static void __rb_erase_color(struct rb_node *node, struct rb_node *parent, + struct rb_root *root) +{ + struct rb_node *other; + + while ((!node || rb_is_black(node)) && node != root->rb_node) + { + if (parent->rb_left == node) + { + other = parent->rb_right; + if (rb_is_red(other)) + { + rb_set_black(other); + rb_set_red(parent); + __rb_rotate_left(parent, root); + other = parent->rb_right; + } + if ((!other->rb_left || rb_is_black(other->rb_left)) && + (!other->rb_right || rb_is_black(other->rb_right))) + { + rb_set_red(other); + node = parent; + parent = rb_parent(node); + } + else + { + if (!other->rb_right || rb_is_black(other->rb_right)) + { + struct rb_node *o_left; + if ((o_left = other->rb_left)) + rb_set_black(o_left); + rb_set_red(other); + __rb_rotate_right(other, root); + other = parent->rb_right; + } + rb_set_color(other, rb_color(parent)); + rb_set_black(parent); + if (other->rb_right) + rb_set_black(other->rb_right); + __rb_rotate_left(parent, root); + node = root->rb_node; + break; + } + } + else + { + other = parent->rb_left; + if (rb_is_red(other)) + { + rb_set_black(other); + rb_set_red(parent); + __rb_rotate_right(parent, root); + other = parent->rb_left; + } + if ((!other->rb_left || rb_is_black(other->rb_left)) && + (!other->rb_right || rb_is_black(other->rb_right))) + { + rb_set_red(other); + node = parent; + parent = rb_parent(node); + } + else + { + if (!other->rb_left || rb_is_black(other->rb_left)) + { + register struct rb_node *o_right; + if ((o_right = other->rb_right)) + rb_set_black(o_right); + rb_set_red(other); + __rb_rotate_left(other, root); + other = parent->rb_left; + } + rb_set_color(other, rb_color(parent)); + rb_set_black(parent); + if (other->rb_left) + rb_set_black(other->rb_left); + __rb_rotate_right(parent, root); + node = root->rb_node; + break; + } + } + } + if (node) + rb_set_black(node); +} + +void rb_erase(struct rb_node *node, struct rb_root *root) +{ + struct rb_node *child, *parent; + int color; + + if (!node->rb_left) + child = node->rb_right; + else if (!node->rb_right) + child = node->rb_left; + else + { + struct rb_node *old = node, *left; + + node = node->rb_right; + while ((left = node->rb_left) != NULL) + node = left; + child = node->rb_right; + parent = rb_parent(node); + color = rb_color(node); + + if (child) + rb_set_parent(child, parent); + if (parent == old) { + parent->rb_right = child; + parent = node; + } else + parent->rb_left = child; + + node->rb_parent_color = old->rb_parent_color; + node->rb_right = old->rb_right; + node->rb_left = old->rb_left; + + if (rb_parent(old)) + { + if (rb_parent(old)->rb_left == old) + rb_parent(old)->rb_left = node; + else + rb_parent(old)->rb_right = node; + } else + root->rb_node = node; + + rb_set_parent(old->rb_left, node); + if (old->rb_right) + rb_set_parent(old->rb_right, node); + goto color; + } + + parent = rb_parent(node); + color = rb_color(node); + + if (child) + rb_set_parent(child, parent); + if (parent) + { + if (parent->rb_left == node) + parent->rb_left = child; + else + parent->rb_right = child; + } + else + root->rb_node = child; + + color: + if (color == RB_BLACK) + __rb_erase_color(child, parent, root); +} + +/* + * This function returns the first node (in sort order) of the tree. + */ +struct rb_node *rb_first(struct rb_root *root) +{ + struct rb_node *n; + + n = root->rb_node; + if (!n) + return NULL; + while (n->rb_left) + n = n->rb_left; + return n; +} + +struct rb_node *rb_last(struct rb_root *root) +{ + struct rb_node *n; + + n = root->rb_node; + if (!n) + return NULL; + while (n->rb_right) + n = n->rb_right; + return n; +} + +struct rb_node *rb_next(struct rb_node *node) +{ + struct rb_node *parent; + + if (rb_parent(node) == node) + return NULL; + + /* If we have a right-hand child, go down and then left as far + as we can. */ + if (node->rb_right) { + node = node->rb_right; + while (node->rb_left) + node=node->rb_left; + return node; + } + + /* No right-hand children. Everything down and left is + smaller than us, so any 'next' node must be in the general + direction of our parent. Go up the tree; any time the + ancestor is a right-hand child of its parent, keep going + up. First time it's a left-hand child of its parent, said + parent is our 'next' node. */ + while ((parent = rb_parent(node)) && node == parent->rb_right) + node = parent; + + return parent; +} + +struct rb_node *rb_prev(struct rb_node *node) +{ + struct rb_node *parent; + + if (rb_parent(node) == node) + return NULL; + + /* If we have a left-hand child, go down and then right as far + as we can. */ + if (node->rb_left) { + node = node->rb_left; + while (node->rb_right) + node=node->rb_right; + return node; + } + + /* No left-hand children. Go up till we find an ancestor which + is a right-hand child of its parent */ + while ((parent = rb_parent(node)) && node == parent->rb_left) + node = parent; + + return parent; +} + +void rb_replace_node(struct rb_node *victim, struct rb_node *new, + struct rb_root *root) +{ + struct rb_node *parent = rb_parent(victim); + + /* Set the surrounding nodes to point to the replacement */ + if (parent) { + if (victim == parent->rb_left) + parent->rb_left = new; + else + parent->rb_right = new; + } else { + root->rb_node = new; + } + if (victim->rb_left) + rb_set_parent(victim->rb_left, new); + if (victim->rb_right) + rb_set_parent(victim->rb_right, new); + + /* Copy the pointers/colour from the victim to the replacement */ + *new = *victim; +} diff --git a/src/read_config_lex.c b/src/read_config_lex.c new file mode 100644 index 0000000..a6bcd17 --- /dev/null +++ b/src/read_config_lex.c @@ -0,0 +1,6008 @@ + +#line 3 "read_config_lex.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 35 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <stdlib.h> + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */ + +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 +#endif + +#include <inttypes.h> +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! C99 */ + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) + +#define YY_USE_CONST + +#endif /* defined (__STDC__) */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else +#define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ +#endif + +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + /* Note: We specifically omit the test for yy_rule_can_match_eol because it requires + * access to the local variable yy_act. Since yyless() is a macro, it would break + * existing scanners that call yyless() from OUTSIDE yylex. + * One obvious solution it to make yy_act a global. I tried that, and saw + * a 5% performance hit in a non-yylineno scanner, because yy_act is + * normally declared as a register variable-- so it is not worth it. + */ + #define YY_LESS_LINENO(n) \ + do { \ + int yyl;\ + for ( yyl = n; yyl < yyleng; ++yyl )\ + if ( yytext[yyl] == '\n' )\ + --yylineno;\ + }while(0) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 0; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 105 +#define YY_END_OF_BUFFER 106 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[2865] = + { 0, + 0, 0, 106, 104, 102, 103, 103, 104, 104, 94, + 90, 90, 104, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 104, + 102, 0, 101, 91, 94, 0, 90, 90, 0, 0, + 93, 100, 100, 100, 100, 100, 100, 0, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 0, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 0, 100, 88, 100, 88, 100, 100, + + 100, 100, 100, 0, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 0, + 0, 88, 0, 88, 0, 0, 90, 90, 0, 0, + 0, 93, 0, 93, 100, 100, 100, 0, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 0, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 0, 100, 0, 100, 100, + 0, 89, 89, 100, 100, 0, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + + 100, 100, 100, 100, 100, 11, 100, 100, 10, 100, + 100, 45, 89, 89, 0, 90, 90, 0, 0, 0, + 0, 0, 93, 93, 93, 93, 100, 100, 100, 0, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 0, 97, 97, 100, 100, + 70, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 37, 100, 98, 98, 100, + 0, 100, 77, 98, 100, 100, 0, 18, 100, 24, + 100, 100, 100, 100, 100, 100, 100, 100, 0, 100, + 100, 100, 100, 100, 29, 100, 100, 100, 79, 1, + + 100, 0, 97, 0, 0, 90, 90, 0, 0, 0, + 0, 0, 0, 0, 93, 93, 93, 100, 100, 95, + 95, 100, 100, 100, 54, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 0, 100, 100, 100, + 23, 100, 100, 0, 0, 100, 100, 100, 0, 100, + 100, 100, 100, 100, 100, 100, 0, 100, 100, 100, + 0, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 0, 0, 100, 100, 100, 66, 30, 100, 100, 100, + 0, 100, 95, 95, 0, 90, 90, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 93, 93, 93, + + 93, 93, 100, 100, 67, 100, 100, 55, 0, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 0, 39, 63, 100, 100, 100, 0, 0, 0, + 0, 0, 0, 68, 100, 100, 0, 56, 100, 100, + 100, 100, 100, 100, 100, 0, 100, 100, 100, 0, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 0, + 0, 100, 100, 100, 100, 26, 100, 0, 100, 0, + 92, 92, 90, 90, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 93, 93, 93, + 93, 93, 93, 93, 100, 100, 65, 22, 0, 100, + + 100, 100, 100, 74, 100, 100, 100, 100, 100, 100, + 100, 0, 28, 100, 100, 0, 0, 0, 0, 0, + 0, 100, 100, 100, 100, 0, 100, 100, 25, 100, + 100, 100, 99, 99, 100, 84, 100, 0, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 0, 0, + 100, 100, 100, 100, 100, 0, 100, 99, 0, 90, + 90, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 100, + 100, 0, 100, 100, 42, 100, 100, 100, 100, 100, + + 100, 100, 100, 100, 50, 100, 12, 0, 0, 0, + 0, 0, 0, 100, 100, 100, 100, 52, 38, 27, + 100, 100, 100, 100, 100, 100, 100, 100, 0, 75, + 80, 64, 100, 100, 100, 100, 100, 100, 100, 48, + 47, 100, 100, 100, 21, 100, 0, 100, 92, 92, + 90, 90, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 100, 100, 0, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + + 100, 17, 0, 0, 0, 0, 0, 0, 100, 100, + 8, 100, 100, 100, 100, 9, 100, 100, 100, 100, + 0, 100, 100, 100, 100, 44, 100, 100, 78, 100, + 100, 100, 53, 71, 90, 90, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 100, 100, 51, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 100, 100, 0, 0, 0, 0, 0, 0, + + 100, 100, 100, 100, 100, 100, 100, 100, 100, 96, + 96, 100, 100, 100, 100, 100, 100, 100, 100, 100, + 90, 90, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 100, 100, 100, 100, 100, 100, 100, 100, + 100, 49, 100, 100, 100, 0, 0, 0, 0, 0, + 0, 100, 100, 72, 100, 100, 100, 100, 100, 100, + + 100, 100, 13, 100, 100, 100, 100, 100, 100, 90, + 90, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 100, 100, 14, 100, 100, 100, 100, 100, 100, 100, + 100, 100, 0, 2, 0, 0, 3, 0, 100, 100, + 100, 100, 100, 100, 100, 100, 69, 100, 100, 100, + + 100, 100, 100, 100, 90, 90, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 100, 43, 100, 15, 100, 100, 100, 100, 100, + 100, 100, 0, 0, 0, 0, 100, 100, 100, 100, + 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, + + 100, 90, 90, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 100, 100, 100, + 58, 100, 100, 100, 100, 100, 0, 6, 0, 7, + 19, 100, 100, 100, 100, 100, 100, 100, 100, 100, + + 100, 100, 100, 100, 100, 90, 90, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 100, 100, 100, + 100, 100, 100, 100, 86, 0, 0, 100, 100, 100, + + 100, 100, 100, 100, 62, 100, 100, 41, 61, 100, + 100, 90, 90, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 100, 100, 100, 100, 100, 87, 100, 0, + 0, 20, 100, 100, 100, 100, 100, 100, 31, 40, + 32, 100, 90, 90, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 100, + 46, 100, 100, 100, 100, 0, 0, 57, 100, 100, + 35, 100, 100, 100, 85, 90, 90, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, + + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 100, + 100, 100, 100, 100, 0, 0, 100, 100, 100, 100, + 100, 100, 90, 90, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 100, 100, 100, 100, 73, 0, 0, 100, 100, 100, + 100, 100, 100, 90, 90, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 100, 16, 83, 82, 0, 0, 60, + 59, 100, 100, 76, 100, 90, 90, 0, 0, 0, + + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 100, 0, 0, 100, 81, 100, 90, 90, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 100, 0, 0, 100, 100, 90, 90, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 100, 0, 0, 100, 100, 90, 90, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + + 93, 93, 93, 100, 4, 5, 100, 33, 100, 90, + 90, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 100, 100, 34, + 90, 90, 0, 0, 0, 0, 0, 0, 0, 0, + + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 100, 36, 90, 90, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 93, 93, 93, 93, + + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 100, 90, 90, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 100, 90, 90, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + + 0, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 100, 90, 90, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 100, 90, 90, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 93, + 93, 93, 93, 100, 90, 90, 0, 0, 0, 0, + + 0, 0, 0, 0, 0, 0, 93, 93, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 100, + 90, 90, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 93, 93, 93, 100, + 90, 90, 0, 0, 0, 0, 0, 0, 93, 93, + 93, 93, 93, 93, 93, 93, 100, 90, 90, 0, + 0, 93, 93, 93, 93, 93, 93, 93, 100, 90, + 90, 0, 93, 93, 93, 100, 90, 90, 93, 100, + 90, 90, 100, 90, 90, 100, 90, 90, 100, 90, + 90, 100, 90, 90, 100, 90, 90, 100, 90, 90, + + 100, 90, 90, 100, 90, 90, 100, 90, 90, 100, + 90, 90, 100, 90, 90, 100, 90, 90, 100, 90, + 90, 100, 90, 90, 100, 90, 90, 100, 90, 90, + 100, 90, 90, 100, 90, 90, 100, 90, 90, 100, + 90, 90, 100, 90, 90, 100, 90, 90, 100, 90, + 90, 100, 90, 90, 100, 90, 90, 100, 90, 90, + 100, 90, 90, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 5, 1, 6, 7, 1, 1, 1, 1, 1, + 1, 1, 8, 1, 9, 10, 11, 12, 12, 13, + 14, 15, 14, 16, 14, 14, 14, 17, 1, 1, + 1, 1, 1, 1, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, + 34, 35, 36, 37, 38, 39, 40, 41, 42, 27, + 1, 1, 1, 1, 43, 1, 44, 45, 46, 47, + + 48, 49, 50, 51, 52, 27, 53, 54, 55, 56, + 57, 58, 27, 59, 60, 61, 62, 63, 64, 65, + 66, 67, 1, 68, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[69] = + { 0, + 1, 1, 2, 1, 2, 2, 1, 1, 3, 4, + 5, 6, 6, 6, 6, 6, 7, 6, 6, 6, + 6, 6, 6, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 1, 6, 6, 6, 6, 6, 6, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 8 + } ; + +static yyconst flex_int16_t yy_base[4576] = + { 0, + 0, 0,10775,10776, 67,10776,10776,10771, 61, 0, + 68, 76,10756, 82, 139, 81, 64, 78, 137, 123, + 98, 147, 53, 100, 152, 155, 182, 193, 196, 127, + 191, 202, 214, 192,10728, 219, 249, 248, 221, 300, + 104,10768,10776, 286, 0, 295, 326, 350,10753, 103, + 10758, 122, 357,10740, 277,10721,10719, 244,10719, 258, + 10718, 224, 260, 224, 329, 266, 237, 342, 330, 364, + 368,10708, 365, 366, 363, 370, 367, 377, 376, 390, + 379, 341, 375, 382, 391, 403, 397, 159, 398, 396, + 411, 408, 410, 437, 438, 405, 443, 431, 450, 446, + + 458, 445, 451, 435, 460, 467, 464, 469, 475, 483, + 471, 484, 491, 516, 473, 517, 519, 521, 531, 99, + 524,10776, 518, 582, 548, 562, 581, 594,10745, 215, + 10744, 107, 600, 274, 639, 604, 566, 568,10712,10700, + 10705, 601,10706, 603, 612,10712, 621, 571, 629, 606, + 565, 623, 628, 625, 630, 287, 647, 646, 649, 658, + 660, 661, 685, 664, 665, 675, 673, 686, 678, 691, + 688, 692, 699, 701, 702, 696, 723, 707, 703, 717, + 733, 474,10776, 720, 757, 727, 728, 756, 759, 721, + 760, 731, 766, 763, 767, 783, 781, 773, 788, 777, + + 780, 786, 787, 792, 789, 790, 797, 798, 791, 801, + 809, 795, 810, 836, 867, 893, 901,10738, 303,10737, + 10736,10735, 872, 878, 308,10740, 907, 880, 882, 903, + 10692, 914, 881, 917, 919, 921, 923,10687, 924, 925, + 927, 926, 929, 940, 930,10708, 942,10776, 946, 948, + 943, 944, 947, 989, 956, 961, 960, 962, 969, 964, + 1005, 985, 1003, 992, 1006, 963, 996, 966,10776, 1018, + 1021, 1023, 1024, 1025, 1028, 1029, 81, 1030, 1032, 1033, + 1035, 1042, 1034, 1049, 1039, 1044, 1053, 1055, 99, 1061, + 1059, 1066, 1071, 1060, 1062, 1067, 1073, 1103, 1087, 1096, + + 1098, 1108, 1118, 1165, 1175, 1182, 1190,10730, 472,10729, + 10728,10727,10726,10725, 313,10730, 554, 1196, 1116, 1115, + 10776, 1165, 1133, 1203, 1204, 1211, 1205, 1206, 1207, 1210, + 1212, 1222, 1217, 1215, 1233, 1220,10722, 1218, 1235, 1219, + 1221, 1239, 1240, 823, 1101, 1245, 1247, 1241,10721, 1237, + 1260, 1265, 1280, 1283, 1253, 1294, 1278, 1285, 1287, 1289, + 1101, 1306, 1293, 1310, 1295, 1312, 1305, 1313, 1314, 1319, + 10716,10715, 1309, 1318, 1322, 1320, 1321, 1353, 1325, 1335, + 10696, 1327, 1348, 1372, 1384, 1397, 1410,10718, 539,10717, + 10716,10715,10714,10713,10712,10711,10710, 1132,10715, 1140, + + 1143,10714, 1429, 1387, 1362, 1398, 1385, 1388,10684, 1402, + 1400, 1419, 1420, 1411, 1412, 1416, 1421, 1445, 1444, 1422, + 1447,10697, 1446, 1448, 1450, 1468, 1475,10674,10674,10664, + 10671,10671,10661, 1484, 1476, 1469,10696, 1477, 1482, 1478, + 1479, 1480, 1483, 1481, 1505, 1500, 1488, 1494, 1518, 1470, + 1513, 1517, 1507, 1540, 1523, 1543, 1544, 1546, 1548,10695, + 10683, 1552, 1549, 1553, 1566, 1554, 1557,10695, 1563, 1582, + 1584, 1625, 1632, 1641,10695, 1130,10694,10693,10692,10691, + 10690,10689,10688,10687,10686,10685,10684, 1148,10689, 1157, + 1491,10688, 1492, 1576, 1647, 1615, 1560, 1584,10680, 1616, + + 1656, 1657, 1658, 1609, 1659, 1661, 1663, 1664, 1665, 1669, + 1662,10660, 1670, 1682, 1673,10636,10648,10633,10633,10645, + 10630, 1680, 1684, 1689, 1686,10662, 1685, 1688, 1690, 1697, + 1698, 1687, 1694,10776, 1742, 1699, 1729, 1727, 1703, 1723, + 1751, 1752, 1753, 1755, 1756, 1761, 1763, 1764,10650,10651, + 1765, 1766, 1768, 1759, 1771,10661, 1769, 1787, 1828, 1835, + 1844,10669, 1359,10668,10667,10666,10665,10664,10663,10662, + 10661,10660,10659,10658,10657,10656,10655,10654,10653, 1598, + 10658, 1607, 1612,10657, 1711, 1773, 1776, 1787,10656, 1850, + 129,10640, 853, 62,10648, 297, 1777, 177, 1836, 806, + + 404, 130, 1021, 1794,10776, 1857,10647,10602,10603,10613, + 10599,10600,10610, 1858, 536, 1859, 537,10776,10640,10639, + 1860, 1782, 1864, 1862, 1863, 148, 1861, 1871, 1852,10638, + 10637,10636, 1865, 1867, 1869, 1303, 1868, 1046, 1886,10776, + 10776, 1571, 1870, 1887,10635, 269,10614, 1889, 1877, 1928, + 1935, 1943,10633, 1895,10632,10631,10630,10629,10628,10627, + 10626,10625,10624,10623,10622,10621,10620,10619,10618,10617, + 10616,10615,10614,10613,10612, 1791,10617, 1795, 1900, 1915, + 1918, 1950, 1951,10616, 1952, 1953, 1954, 1960, 1897,10589, + 1929, 1937, 1949, 1967, 1572, 1970, 1971, 613, 1972, 1973, + + 1976,10608,10572,10575,10563,10569,10572,10560, 1974, 1975, + 10601, 815, 1978, 1977, 1979,10600, 1981, 1993, 1994, 1982, + 1975, 1983, 160, 1762, 1984,10599, 1996, 1985,10598, 549, + 1997, 836,10776,10597, 2039, 2047,10596, 2005,10595,10594, + 10593,10592,10591,10590,10589,10588,10587,10586,10585,10584, + 10583,10582,10581,10580,10579,10578,10577,10576,10575,10574, + 10573,10572,10571,10570, 2012,10575, 2054, 2055,10574, 2056, + 2057, 2058,10573, 2059, 2066, 2067, 2068, 2069, 2070,10570, + 2076, 1986,10776, 2020, 1330, 2001, 2083, 2084, 2085, 2086, + 949, 823, 2087, 2088,10521,10513,10520,10509,10501,10508, + + 2089, 1999, 2090, 2092, 1355, 1892, 2093, 2091, 2094,10536, + 10776, 2095, 2096, 2097, 2098, 2101, 2111, 2099, 2112, 2109, + 2157, 2165,10532, 2011,10528,10524,10520,10516,10512,10508, + 10504,10500,10496,10492,10488,10484,10480,10476,10472,10468, + 10464,10460,10453,10439,10417,10385,10341,10287,10283,10200, + 10196,10100,10096, 9980, 2119, 9982, 2120, 2145, 9852, 2172, + 2173, 2174, 2175, 2176, 2177, 2184, 2185, 9848, 2186, 2187, + 2188, 2189, 2195, 2159, 2102, 2100, 2202, 2203, 2204, 2206, + 2207, 9690, 2118, 2205, 2210, 9659, 9478, 9490, 9303, 9283, + 9096, 2208, 2211, 9119, 2212, 1213, 2214, 2220, 2213, 2216, + + 2215, 2221, 8894, 2217, 2218, 2219, 2230, 2228, 2110, 2276, + 2284, 8890, 2239, 8664, 8660, 8422, 8418, 8191, 8187, 7960, + 7956, 7753, 7749, 7551, 7547, 7375, 7371, 7205, 7201, 7059, + 7055, 6922, 6918, 6807, 6803, 6702, 6698, 6617, 6613, 6547, + 6500, 6465, 6441, 6424, 6413, 6405, 6400, 6395, 2241, 6393, + 2242, 2291, 6377, 2292, 2293, 2294, 2295, 6376, 2296, 2303, + 2304, 6375, 2305, 2306, 2307, 2308, 2315, 2316, 2317, 6374, + 2323, 2233, 6367, 2314, 2234, 540, 2267, 2330, 2331, 2332, + 2333, 2313, 6322,10776, 6331, 6309,10776, 6316, 2334, 2335, + 2336, 2337, 2341, 2338, 2339, 2340, 6333, 2231, 2342, 2344, + + 2346, 2343, 2347, 2357, 2394, 2402, 6332, 2365, 6331, 6330, + 6323, 6315, 6307, 6295, 6294, 6293, 6292, 6285, 6277, 6269, + 6257, 6256, 6255, 6254, 6247, 6239, 6219, 6218, 6217, 6216, + 6209, 6201, 6193, 6181, 6180, 6179, 6178, 6171, 6163, 6155, + 6143, 6142, 6141, 6140, 6133, 6125, 6117, 2367, 6111, 2409, + 2410, 2411, 2412, 2413, 2414, 6110, 2421, 2422, 2423, 2424, + 2425, 2426, 2433, 2434, 2435, 2436, 6109, 2437, 2438, 2445, + 2446, 2452, 6102, 2348, 6095, 2345, 2441, 2442, 2443, 2444, + 2459, 2460, 6052, 6036, 6031, 6034, 2359, 2461, 2360, 2462, + 2463, 2468, 318, 2464, 2465, 2471, 2349, 2466, 2473, 2474, + + 2472, 2493, 2522, 6064, 2501, 6057, 6049, 6041, 6029, 6028, + 6027, 6026, 6019, 6011, 6003, 5991, 5990, 5989, 5988, 5981, + 5973, 5965, 5953, 5952, 5951, 5950, 5943, 5935, 5915, 5914, + 5913, 5912, 5905, 5897, 5889, 5877, 5876, 5875, 5874, 5867, + 5859, 5851, 5839, 5838, 5837, 5836, 5829, 5821, 5813, 2529, + 5807, 2530, 2531, 5806, 2532, 2533, 2534, 5805, 2541, 2542, + 2543, 2544, 2545, 2546, 5804, 2553, 2554, 2555, 5797, 2556, + 2557, 2558, 2565, 2566, 2567, 2568, 5789, 2574, 2563, 2564, + 5763, 2475, 2476, 2581, 1025, 2582, 5722,10776, 5721,10776, + 5760, 2583, 2584, 708, 1236, 2585, 2586, 2591, 2587, 2588, + + 2589, 2590, 2592, 2593, 2595, 2649, 2657, 5753, 2502, 5745, + 5737, 5725, 5724, 5723, 5722, 5715, 5707, 5699, 5687, 5686, + 5685, 5684, 5677, 5669, 5661, 5649, 5648, 5647, 5646, 5639, + 5631, 5611, 5610, 5609, 5608, 5601, 5593, 5585, 5573, 5572, + 5571, 5570, 5563, 5555, 5547, 5535, 5534, 5533, 5532, 5525, + 5517, 5509, 5497, 5496, 5495, 5494, 5487, 2600, 5485, 2616, + 2618, 5465, 2628, 2632, 2637, 2641, 2664, 2665, 2666, 2667, + 5464, 2668, 2669, 2676, 2677, 2678, 2679, 2680, 2681, 2688, + 2689, 2690, 5463, 2691, 2692, 2693, 2700, 2706, 2695, 2597, + 476, 2135, 2599, 2696, 5456, 5410, 5402, 2596, 2697, 2698, + + 2699, 2713, 2614, 2714, 5433, 2715, 2717, 5421, 5420, 2718, + 2716, 2726, 2769, 5419, 2727, 5418, 5411, 5403, 5395, 5383, + 5382, 5381, 5380, 5373, 5365, 5357, 5345, 5344, 5343, 5342, + 5335, 5327, 5312, 5311, 5310, 5309, 5308, 5300, 5299, 5298, + 5297, 5290, 5282, 5274, 5266, 5265, 5264, 5263, 5254, 5253, + 5252, 5251, 5244, 5236, 5228, 5218, 5217, 5196, 5195, 5194, + 54, 70, 185, 333, 413, 550, 631, 718, 2746, 725, + 2756, 2757, 739, 2759, 2760, 2776, 2777, 740, 2778, 2779, + 2780, 891, 2781, 2788, 2789, 2790, 2791, 2792, 2793, 957, + 2800, 2801, 2802, 958, 2803, 2804, 2805, 2812, 2813, 2814, + + 2815, 1047, 2821, 2810, 2478, 2811, 2828, 1125, 2598, 1113, + 1124, 1389, 2730, 2829, 2830, 2832, 2831, 2833, 1414, 1493, + 1786, 2834, 2875, 2884, 1588, 2739, 1596, 1671, 1701, 1893, + 1902, 1913, 2008, 2022, 2122, 2126, 2147, 2148, 2245, 2254, + 2255, 2256, 2265, 2266, 2268, 2383, 2497, 2500, 2510, 2514, + 2613, 2615, 2624, 2729, 2741, 2742, 2752, 2835, 2836, 2837, + 2839, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2854, 2856, + 2857, 2858, 2859, 2860, 2864, 2865, 2869, 2878, 2885, 2886, + 2887, 2888, 2889, 2896, 2897, 2898, 2899, 2900, 2901, 2903, + 2908, 2910, 2911, 2912, 2913, 2915, 2916, 2920, 2923, 2924, + + 2925, 2927, 2928, 2932, 2934, 2935, 2936, 2937, 2939, 2944, + 2946, 2947, 2948, 2949, 2951, 2956, 2957, 2958, 2959, 2965, + 2954, 2955, 2972, 2973, 2974, 2974, 2975, 2977, 2978, 2979, + 2985, 2980, 2981, 2986, 2982, 3019, 3027, 2983, 2991, 2987, + 2989, 2990, 2999, 3000, 3003, 3004, 3005, 3006, 3008, 3021, + 3028, 3029, 3031, 3032, 3033, 3034, 3035, 3036, 3037, 3038, + 3039, 3040, 3041, 3042, 3043, 3044, 3045, 3046, 3047, 3048, + 3049, 3050, 3051, 3052, 3053, 3054, 3055, 3056, 3057, 3058, + 3059, 3060, 3061, 3062, 3063, 3064, 3065, 3066, 3067, 3068, + 3069, 3070, 3071, 3072, 3073, 3074, 3075, 3076, 3077, 3084, + + 3085, 3086, 3087, 3088, 3089, 3091, 3094, 3096, 3098, 3099, + 3101, 3102, 3103, 3106, 3110, 3111, 3113, 3114, 3115, 3116, + 3118, 3121, 3123, 3125, 3126, 3128, 3130, 3133, 3135, 3136, + 3137, 3138, 3140, 3143, 3145, 3147, 3148, 3150, 3152, 3156, + 3149, 3163, 3164, 3165, 3136, 3137, 3168, 3169, 3174, 3175, + 3171, 3170, 3196, 3224, 3179, 3211, 3173, 3176, 3177, 3178, + 3181, 3182, 3212, 3190, 3202, 3206, 3207, 3208, 3213, 3214, + 3215, 3216, 3225, 3226, 3227, 3228, 3229, 3230, 3231, 3232, + 3233, 3234, 3235, 3236, 3237, 3238, 3239, 3240, 3241, 3242, + 3243, 3244, 3245, 3246, 3247, 3248, 3249, 3250, 3251, 3252, + + 3253, 3254, 3255, 3256, 3257, 3258, 3259, 3260, 3261, 3262, + 3263, 3264, 3265, 3266, 3267, 3268, 3269, 3270, 3277, 3278, + 3279, 3280, 3281, 3282, 3284, 3287, 3289, 3291, 3292, 3294, + 3296, 3299, 3301, 3303, 3304, 3305, 3306, 3308, 3313, 3315, + 3316, 3317, 3318, 3320, 3325, 3326, 3327, 3328, 3329, 3330, + 3337, 3338, 3339, 3340, 3341, 3342, 3348, 3349, 3350, 3351, + 3357, 3347, 3346, 3364, 3365, 3336, 3337, 3368, 3369, 3370, + 3371, 3372, 3373, 3407, 3424, 3381, 3375, 3376, 3378, 3379, + 3382, 3383, 3391, 3392, 3393, 3394, 3396, 3397, 3398, 3399, + 3409, 3412, 3413, 3414, 3415, 3416, 3425, 3426, 3427, 3428, + + 3429, 3430, 3431, 3432, 3433, 3434, 3435, 3436, 3437, 3438, + 3439, 3440, 3441, 3442, 3443, 3444, 3445, 3446, 3447, 3448, + 3449, 3450, 3451, 3452, 3453, 3454, 3455, 3456, 3457, 3458, + 3459, 3460, 3461, 3462, 3463, 3464, 3465, 3466, 3467, 3474, + 3475, 3476, 3477, 3478, 3479, 3481, 3486, 3488, 3489, 3490, + 3491, 3492, 3493, 3497, 3500, 3501, 3502, 3504, 3505, 3509, + 3511, 3512, 3513, 3514, 3516, 3519, 3521, 3523, 3524, 3526, + 3528, 3531, 3533, 3534, 3535, 3536, 3538, 3541, 3543, 3545, + 3546, 3548, 3550, 3554, 3547, 3561, 3562, 3521, 3522, 3565, + 3566, 3567, 3568, 3569, 3570, 3580, 3594, 3571, 3572, 3588, + + 3595, 3596, 3597, 3598, 3600, 3601, 3602, 3603, 3604, 3605, + 3606, 3607, 3608, 3609, 3610, 3611, 3613, 3614, 3615, 3616, + 3617, 3618, 3619, 3620, 3621, 3622, 3623, 3624, 3625, 3626, + 3627, 3628, 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, + 3637, 3638, 3639, 3640, 3641, 3642, 3643, 3644, 3645, 3646, + 3647, 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3661, 3662, + 3663, 3664, 3665, 3666, 3671, 3673, 3674, 3675, 3676, 3678, + 3683, 3685, 3686, 3687, 3688, 3690, 3693, 3695, 3697, 3698, + 3700, 3702, 3705, 3707, 3709, 3710, 3712, 3714, 3716, 3717, + 3719, 3721, 3724, 3726, 3728, 3729, 3731, 3733, 3736, 3738, + + 3739, 3740, 3746, 3704, 3706, 3753, 3754, 3756, 3762, 3770, + 3764, 3771, 3772, 3779, 3780, 3781, 3782, 3783, 3784, 3785, + 3786, 3787, 3788, 3789, 3790, 3791, 3792, 3793, 3794, 3797, + 3798, 3799, 3800, 3801, 3802, 3803, 3804, 3805, 3806, 3807, + 3808, 3809, 3810, 3811, 3812, 3813, 3814, 3815, 3816, 3817, + 3818, 3819, 3820, 3821, 3822, 3823, 3824, 3825, 3826, 3827, + 3828, 3829, 3830, 3831, 3832, 3833, 3834, 3835, 3842, 3843, + 3844, 3845, 3846, 3847, 3854, 3855, 3856, 3857, 3858, 3859, + 3860, 3864, 3867, 3868, 3869, 3871, 3872, 3876, 3878, 3879, + 3880, 3881, 3883, 3886, 3888, 3890, 3891, 3893, 3895, 3898, + + 3900, 3901, 3902, 3903, 3905, 3908, 3910, 3912, 3913, 3915, + 3917, 3921, 3871, 3885, 3929, 3930, 3938, 3946, 3932, 3940, + 3947, 3954, 3955, 3956, 3957, 3958, 3959, 3960, 3961, 3962, + 3963, 3964, 3965, 3966, 3967, 3968, 3970, 3971, 3972, 3973, + 3974, 3975, 3976, 3978, 3979, 3980, 3981, 3982, 3983, 3984, + 3985, 3986, 3987, 3988, 3989, 3990, 3991, 3992, 3993, 3994, + 3995, 3996, 3997, 3998, 3999, 4000, 4001, 4002, 4003, 4004, + 4005, 4006, 4013, 4014, 4015, 4016, 4017, 4018, 4025, 4026, + 4027, 4028, 4029, 4030, 4035, 4037, 4038, 4039, 4040, 4042, + 4047, 4049, 4050, 4051, 4052, 4054, 4058, 4059, 4061, 4062, + + 4063, 4066, 4070, 4071, 4073, 4074, 4075, 4078, 4081, 4082, + 4083, 4089, 4036, 4037, 4096, 4097, 4105, 4113, 4099, 4107, + 4114, 4115, 4122, 4123, 4124, 4125, 4126, 4127, 4128, 4129, + 4130, 4131, 4132, 4133, 4134, 4135, 4137, 4145, 4139, 4140, + 4142, 4144, 4146, 4147, 4148, 4149, 4150, 4151, 4152, 4153, + 4154, 4155, 4156, 4157, 4158, 4159, 4160, 4161, 4162, 4163, + 4164, 4165, 4166, 4167, 4168, 4169, 4176, 4177, 4178, 4179, + 4180, 4181, 4185, 4188, 4189, 4190, 4192, 4193, 4197, 4200, + 4201, 4202, 4203, 4204, 4205, 4209, 4212, 4213, 4214, 4216, + 4217, 4221, 4223, 4224, 4225, 4226, 4228, 4231, 4233, 4235, + + 4236, 4238, 4240, 4244,10776,10776, 4237, 4251, 4252, 4260, + 4268, 4254, 4262, 4269, 4270, 4277, 4278, 4279, 4280, 4282, + 4283, 4284, 4285, 4287, 4288, 4289, 4290, 4291, 4292, 4293, + 4294, 4295, 4296, 4297, 4298, 4299, 4300, 4301, 4302, 4303, + 4304, 4305, 4306, 4307, 4308, 4309, 4310, 4311, 4312, 4313, + 4314, 4315, 4316, 4323, 4324, 4325, 4326, 4327, 4328, 4334, + 4335, 4336, 4337, 4338, 4339, 4346, 4347, 4348, 4349, 4350, + 4351, 4357, 4358, 4359, 4360, 4361, 4362, 4369, 4370, 4371, + 4372, 4373, 4374, 4380, 4381, 4382, 4383, 4389, 4378, 4379, + 4403, 4411, 4397, 4405, 4413, 4414, 4415, 4422, 4423, 4424, + + 4425, 4426, 4427, 4428, 4429, 4430, 4431, 4432, 4433, 4434, + 4435, 4436, 4437, 4438, 4439, 4440, 4441, 4442, 4443, 4444, + 4445, 4446, 4447, 4448, 4449, 4450, 4451, 4452, 4453, 4460, + 4461, 4462, 4463, 4464, 4465, 4472, 4473, 4474, 4475, 4476, + 4477, 4478, 4482, 4485, 4486, 4487, 4489, 4490, 4494, 4496, + 4497, 4498, 4499, 4501, 4504, 4506, 4508, 4509, 4511, 4513, + 4517, 4510, 4531, 4539, 4525, 4533, 4540, 4541, 4542, 4543, + 4550, 4551, 4552, 4553, 4554, 4555, 4556, 4557, 4558, 4559, + 4560, 4561, 4562, 4563, 4564, 4565, 4566, 4567, 4568, 4569, + 4570, 4571, 4572, 4573, 4574, 4575, 4582, 4583, 4584, 4585, + + 4586, 4587, 4594, 4595, 4596, 4597, 4598, 4599, 4604, 4606, + 4607, 4608, 4609, 4611, 4616, 4618, 4619, 4620, 4621, 4623, + 4627, 4628, 4630, 4636, 4650, 4658, 4625, 4626, 4629, 4644, + 4652, 4659, 4660, 4661, 4662, 4669, 4670, 4671, 4672, 4673, + 4674, 4675, 4676, 4677, 4678, 4679, 4680, 4681, 4682, 4683, + 4684, 4685, 4692, 4693, 4694, 4695, 4696, 4697, 4701, 4704, + 4705, 4706, 4708, 4709, 4713, 4716, 4717, 4718, 4719, 4720, + 4721, 4725, 4728, 4729, 4730, 4732, 4733, 4738, 4752, 4760, + 4731, 4746, 4754, 4761, 4762, 4763, 4764, 4771, 4772, 4773, + 4774, 4775, 4776, 4777, 4778, 4779, 4780, 4781, 4782, 4783, + + 4784, 4791, 4792, 4793, 4794, 4795, 4796, 4802, 4803, 4804, + 4805, 4806, 4807, 4814, 4815, 4816, 4817, 4818, 4819, 4825, + 4826, 4827, 4828, 4834, 4848, 4856, 4823, 4824, 4842, 4850, + 4857, 4858, 4859, 4860, 4867, 4868, 4869, 4870, 4871, 4872, + 4873, 4874, 4875, 4882, 4883, 4884, 4885, 4886, 4887, 4894, + 4895, 4896, 4897, 4898, 4899, 4900, 4904, 4907, 4908, 4909, + 4911, 4912, 4917, 4931, 4939, 4910, 4925, 4933, 4940, 4941, + 4942, 4943, 4950, 4951, 4952, 4953, 4954, 4955, 4962, 4963, + 4964, 4965, 4966, 4967, 4974, 4975, 4976, 4977, 4978, 4979, + 4984, 4986, 4987, 4993, 5007, 5015, 4982, 4983, 4985, 5001, + + 5009, 5016, 5017, 5018, 5019, 5026, 5033, 5034, 5035, 5036, + 5037, 5038, 5042, 5045, 5046, 5047, 5049, 5050, 5054, 5056, + 5070, 5078, 5056, 5064, 5072, 5079, 5080, 5081, 5088, 5095, + 5096, 5097, 5098, 5099, 5100, 5106, 5107, 5108, 5109, 5115, + 5129, 5137, 5104, 5105, 5123, 5131, 5138, 5153, 5145, 5159, + 5160, 5161, 5162, 5163, 5164, 5146, 5170, 5184, 5192, 5141, + 5170, 5208, 5213, 5184, 5219, 5220, 5221, 5222, 5228, 5242, + 5250, 5186, 5199, 5267, 5268, 5274, 5288, 5296, 5313, 5319, + 5333, 5341, 5357, 5371, 5379, 5395, 5409, 5417, 5433, 5447, + 5455, 5471, 5485, 5493, 5509, 5523, 5531, 5547, 5561, 5569, + + 5585, 5599, 5607, 5623, 5637, 5645, 5661, 5675, 5683, 5699, + 5713, 5721, 5737, 5751, 5759, 5775, 5789, 5797, 5813, 5827, + 5835, 5851, 5865, 5873, 5889, 5903, 5911, 5927, 5941, 5949, + 5965, 5979, 5987, 6003, 6017, 6025, 6041, 6055, 6063, 6079, + 6093, 6101, 6117, 6131, 6139, 6155, 6169, 6177, 6193, 6207, + 6215, 6231, 6245, 6253, 6269, 6283, 6291, 6307, 6321, 6329, + 6345, 6359, 6366,10776, 6394, 6402, 6407, 6412, 6417, 6419, + 6422, 6425, 6427, 6429, 6432, 6436, 6438, 6440, 6442, 6444, + 6447, 6450, 6453, 6455, 6457, 6459, 6461, 6463, 6465, 6468, + 6471, 6473, 6477, 6479, 6481, 6483, 6485, 6487, 6489, 6491, + + 6493, 6495, 6498, 6501, 6503, 6506, 6509, 6512, 6514, 6516, + 6518, 6520, 6522, 6524, 6526, 6528, 6530, 6532, 6534, 6536, + 6539, 6542, 6544, 6547, 6550, 6552, 6555, 6559, 6561, 6563, + 6565, 6567, 6569, 6571, 6573, 6575, 6577, 6579, 6581, 6583, + 6585, 6587, 6589, 6591, 6593, 6596, 6599, 6601, 6604, 6607, + 6609, 6612, 6615, 6618, 6621, 6625, 6629, 6631, 6633, 6635, + 6637, 6639, 6641, 6643, 6645, 6647, 6649, 6651, 6653, 6655, + 6657, 6659, 6661, 6663, 6665, 6667, 6669, 6671, 6674, 6677, + 6679, 6682, 6685, 6688, 6691, 6694, 6697, 6699, 6702, 6705, + 6710, 6714, 6716, 6718, 6720, 6722, 6724, 6726, 6728, 6730, + + 6732, 6734, 6736, 6738, 6740, 6742, 6744, 6746, 6748, 6750, + 6752, 6754, 6756, 6758, 6760, 6762, 6764, 6766, 6769, 6772, + 6774, 6777, 6780, 6782, 6785, 6788, 6791, 6793, 6796, 6799, + 6802, 6805, 6808, 6811, 6815, 6819, 6821, 6823, 6825, 6827, + 6829, 6831, 6833, 6835, 6837, 6839, 6841, 6843, 6845, 6847, + 6849, 6851, 6853, 6855, 6857, 6859, 6861, 6863, 6865, 6867, + 6869, 6871, 6873, 6875, 6877, 6880, 6883, 6885, 6888, 6891, + 6893, 6896, 6899, 6902, 6905, 6908, 6911, 6914, 6917, 6919, + 6922, 6925, 6930, 6934, 6936, 6938, 6940, 6942, 6944, 6946, + 6948, 6950, 6952, 6954, 6956, 6958, 6960, 6962, 6964, 6966, + + 6968, 6970, 6972, 6974, 6976, 6978, 6980, 6982, 6984, 6986, + 6988, 6990, 6992, 6994, 6996, 6998, 7000, 7002, 7004, 7007, + 7010, 7012, 7015, 7018, 7020, 7023, 7026, 7029, 7032, 7034, + 7037, 7040, 7043, 7045, 7048, 7051, 7054, 7057, 7060, 7063, + 7067, 7071, 7073, 7075, 7077, 7079, 7081, 7083, 7085, 7087, + 7089, 7091, 7093, 7095, 7097, 7099, 7101, 7103, 7105, 7107, + 7109, 7111, 7113, 7115, 7117, 7119, 7121, 7123, 7125, 7127, + 7129, 7131, 7133, 7135, 7137, 7139, 7141, 7143, 7145, 7148, + 7151, 7153, 7156, 7159, 7162, 7165, 7168, 7171, 7173, 7176, + 7179, 7182, 7185, 7188, 7191, 7194, 7197, 7200, 7202, 7205, + + 7208, 7213, 7217, 7219, 7221, 7223, 7225, 7227, 7229, 7231, + 7233, 7235, 7237, 7239, 7241, 7243, 7245, 7247, 7249, 7251, + 7253, 7255, 7257, 7259, 7261, 7263, 7265, 7267, 7269, 7271, + 7273, 7275, 7277, 7279, 7281, 7283, 7285, 7287, 7289, 7291, + 7293, 7295, 7297, 7299, 7301, 7303, 7306, 7309, 7311, 7314, + 7317, 7319, 7322, 7325, 7328, 7330, 7333, 7336, 7339, 7342, + 7345, 7348, 7350, 7353, 7356, 7359, 7361, 7364, 7367, 7370, + 7373, 7376, 7379, 7383, 7387, 7389, 7391, 7393, 7395, 7397, + 7399, 7401, 7403, 7405, 7407, 7409, 7411, 7413, 7415, 7417, + 7419, 7421, 7423, 7425, 7427, 7429, 7431, 7433, 7435, 7437, + + 7439, 7441, 7443, 7445, 7447, 7449, 7451, 7453, 7455, 7457, + 7459, 7461, 7463, 7465, 7467, 7469, 7471, 7473, 7475, 7477, + 7480, 7483, 7485, 7488, 7491, 7493, 7496, 7499, 7502, 7505, + 7508, 7511, 7514, 7517, 7519, 7522, 7525, 7528, 7531, 7534, + 7537, 7540, 7543, 7546, 7548, 7551, 7554, 7559, 7563, 7565, + 7567, 7569, 7571, 7573, 7575, 7577, 7579, 7581, 7583, 7585, + 7587, 7589, 7591, 7593, 7595, 7597, 7599, 7601, 7603, 7605, + 7607, 7609, 7611, 7613, 7615, 7617, 7619, 7621, 7623, 7625, + 7627, 7629, 7631, 7633, 7635, 7637, 7639, 7641, 7643, 7645, + 7647, 7649, 7651, 7653, 7655, 7657, 7659, 7661, 7663, 7665, + + 7667, 7670, 7673, 7675, 7678, 7681, 7683, 7686, 7689, 7692, + 7695, 7697, 7700, 7703, 7706, 7708, 7711, 7714, 7717, 7720, + 7723, 7726, 7728, 7731, 7734, 7737, 7739, 7742, 7745, 7748, + 7751, 7754, 7757, 7761, 7765, 7767, 7769, 7771, 7773, 7775, + 7777, 7779, 7781, 7783, 7785, 7787, 7789, 7791, 7793, 7795, + 7797, 7799, 7801, 7803, 7805, 7807, 7809, 7811, 7813, 7815, + 7817, 7819, 7821, 7823, 7825, 7827, 7829, 7831, 7833, 7835, + 7837, 7839, 7841, 7843, 7845, 7847, 7849, 7851, 7853, 7855, + 7857, 7859, 7861, 7863, 7865, 7867, 7869, 7871, 7874, 7877, + 7879, 7882, 7885, 7888, 7891, 7894, 7897, 7899, 7902, 7905, + + 7908, 7911, 7914, 7917, 7920, 7923, 7926, 7928, 7931, 7934, + 7937, 7940, 7943, 7946, 7949, 7952, 7955, 7957, 7960, 7963, + 7968, 7972, 7974, 7976, 7978, 7980, 7982, 7984, 7986, 7988, + 7990, 7992, 7994, 7996, 7998, 8000, 8002, 8004, 8006, 8008, + 8010, 8012, 8014, 8016, 8018, 8020, 8022, 8024, 8026, 8028, + 8030, 8032, 8034, 8036, 8038, 8040, 8042, 8044, 8046, 8048, + 8050, 8052, 8054, 8056, 8058, 8060, 8062, 8064, 8066, 8068, + 8070, 8072, 8074, 8076, 8078, 8080, 8082, 8084, 8086, 8088, + 8091, 8094, 8096, 8099, 8102, 8104, 8107, 8110, 8113, 8115, + 8118, 8121, 8124, 8127, 8130, 8133, 8135, 8138, 8141, 8144, + + 8146, 8149, 8152, 8155, 8158, 8161, 8164, 8166, 8169, 8172, + 8175, 8177, 8180, 8183, 8186, 8189, 8192, 8195, 8199, 8203, + 8205, 8207, 8209, 8211, 8213, 8215, 8217, 8219, 8221, 8223, + 8225, 8227, 8229, 8231, 8233, 8235, 8237, 8239, 8241, 8243, + 8245, 8247, 8249, 8251, 8253, 8255, 8257, 8259, 8261, 8263, + 8265, 8267, 8269, 8271, 8273, 8275, 8277, 8279, 8281, 8283, + 8285, 8287, 8289, 8291, 8293, 8295, 8297, 8299, 8301, 8303, + 8305, 8307, 8309, 8311, 8313, 8315, 8317, 8319, 8322, 8325, + 8327, 8330, 8333, 8335, 8338, 8341, 8344, 8347, 8350, 8353, + 8356, 8359, 8361, 8364, 8367, 8370, 8373, 8376, 8379, 8382, + + 8385, 8388, 8390, 8393, 8396, 8399, 8402, 8405, 8408, 8411, + 8414, 8417, 8419, 8422, 8425, 8430, 8434, 8436, 8438, 8440, + 8442, 8444, 8446, 8448, 8450, 8452, 8454, 8456, 8458, 8460, + 8462, 8464, 8466, 8468, 8470, 8472, 8474, 8476, 8478, 8480, + 8482, 8484, 8486, 8488, 8490, 8492, 8494, 8496, 8498, 8500, + 8502, 8504, 8506, 8508, 8510, 8512, 8514, 8516, 8518, 8520, + 8522, 8524, 8526, 8528, 8530, 8532, 8534, 8536, 8538, 8540, + 8542, 8544, 8546, 8548, 8550, 8552, 8555, 8558, 8560, 8563, + 8566, 8569, 8572, 8575, 8577, 8580, 8583, 8586, 8588, 8591, + 8594, 8597, 8600, 8603, 8606, 8608, 8611, 8614, 8617, 8619, + + 8622, 8625, 8628, 8631, 8634, 8637, 8639, 8642, 8645, 8648, + 8650, 8653, 8656, 8659, 8662, 8665, 8668, 8672, 8676, 8678, + 8680, 8682, 8684, 8686, 8688, 8690, 8692, 8694, 8696, 8698, + 8700, 8702, 8704, 8706, 8708, 8710, 8712, 8714, 8716, 8718, + 8720, 8722, 8724, 8726, 8728, 8730, 8732, 8734, 8736, 8738, + 8740, 8742, 8744, 8746, 8748, 8750, 8752, 8754, 8756, 8758, + 8760, 8762, 8764, 8766, 8768, 8770, 8772, 8774, 8776, 8778, + 8780, 8782, 8784, 8786, 8788, 8790, 8793, 8796, 8799, 8802, + 8804, 8807, 8810, 8813, 8816, 8819, 8822, 8825, 8828, 8831, + 8833, 8836, 8839, 8842, 8845, 8848, 8851, 8854, 8857, 8860, + + 8862, 8865, 8868, 8871, 8874, 8877, 8880, 8883, 8886, 8889, + 8891, 8894, 8897, 8902, 8906, 8908, 8910, 8912, 8914, 8916, + 8918, 8920, 8922, 8924, 8926, 8928, 8930, 8932, 8934, 8936, + 8938, 8940, 8942, 8944, 8946, 8948, 8950, 8952, 8954, 8956, + 8958, 8960, 8962, 8964, 8966, 8968, 8970, 8972, 8974, 8976, + 8978, 8980, 8982, 8984, 8986, 8988, 8990, 8992, 8994, 8996, + 8998, 9000, 9002, 9004, 9006, 9008, 9010, 9012, 9014, 9016, + 9018, 9021, 9024, 9027, 9030, 9033, 9036, 9039, 9041, 9044, + 9047, 9050, 9053, 9056, 9059, 9062, 9065, 9067, 9070, 9073, + 9076, 9078, 9081, 9084, 9087, 9090, 9093, 9096, 9098, 9101, + + 9104, 9107, 9109, 9112, 9115, 9118, 9121, 9124, 9127, 9131, + 9135, 9137, 9139, 9141, 9143, 9145, 9147, 9149, 9151, 9153, + 9155, 9157, 9159, 9161, 9163, 9165, 9167, 9169, 9171, 9173, + 9175, 9177, 9179, 9181, 9183, 9185, 9187, 9189, 9191, 9193, + 9195, 9197, 9199, 9201, 9203, 9205, 9207, 9209, 9211, 9213, + 9215, 9217, 9219, 9221, 9223, 9225, 9227, 9229, 9231, 9233, + 9235, 9237, 9240, 9243, 9246, 9249, 9252, 9255, 9258, 9261, + 9264, 9267, 9269, 9272, 9275, 9278, 9281, 9284, 9287, 9290, + 9293, 9296, 9298, 9301, 9304, 9307, 9310, 9313, 9316, 9319, + 9322, 9325, 9327, 9330, 9333, 9338, 9342, 9344, 9346, 9348, + + 9350, 9352, 9354, 9356, 9358, 9360, 9362, 9364, 9366, 9368, + 9370, 9372, 9374, 9376, 9378, 9380, 9382, 9384, 9386, 9388, + 9390, 9392, 9394, 9396, 9398, 9400, 9402, 9404, 9406, 9408, + 9410, 9412, 9414, 9416, 9418, 9420, 9422, 9424, 9426, 9428, + 9431, 9434, 9437, 9440, 9442, 9445, 9448, 9451, 9454, 9457, + 9460, 9463, 9465, 9468, 9471, 9474, 9476, 9479, 9482, 9485, + 9488, 9491, 9494, 9496, 9499, 9502, 9505, 9507, 9510, 9513, + 9516, 9519, 9522, 9525, 9529, 9533, 9535, 9537, 9539, 9541, + 9543, 9545, 9547, 9549, 9551, 9553, 9555, 9557, 9559, 9561, + 9563, 9565, 9567, 9569, 9571, 9573, 9575, 9577, 9579, 9581, + + 9583, 9585, 9587, 9589, 9591, 9593, 9595, 9597, 9599, 9601, + 9603, 9605, 9607, 9609, 9612, 9615, 9618, 9621, 9624, 9627, + 9629, 9632, 9635, 9638, 9641, 9644, 9647, 9650, 9653, 9656, + 9658, 9661, 9664, 9667, 9670, 9673, 9676, 9679, 9682, 9685, + 9687, 9690, 9693, 9698, 9702, 9704, 9706, 9708, 9710, 9712, + 9714, 9716, 9718, 9720, 9722, 9724, 9726, 9728, 9730, 9732, + 9734, 9736, 9738, 9740, 9742, 9744, 9746, 9748, 9750, 9752, + 9754, 9756, 9758, 9760, 9762, 9764, 9766, 9768, 9770, 9772, + 9775, 9778, 9781, 9784, 9787, 9790, 9793, 9795, 9798, 9801, + 9804, 9807, 9810, 9813, 9816, 9819, 9821, 9824, 9827, 9830, + + 9832, 9835, 9838, 9841, 9844, 9847, 9850, 9854, 9858, 9860, + 9862, 9864, 9866, 9868, 9870, 9872, 9874, 9876, 9878, 9880, + 9882, 9884, 9886, 9888, 9890, 9892, 9894, 9896, 9898, 9900, + 9902, 9904, 9906, 9908, 9910, 9912, 9914, 9916, 9919, 9922, + 9925, 9928, 9931, 9934, 9937, 9940, 9943, 9946, 9948, 9951, + 9954, 9957, 9960, 9963, 9966, 9969, 9972, 9975, 9977, 9980, + 9983, 9988, 9992, 9994, 9996, 9998,10000,10002,10004,10006, + 10008,10010,10012,10014,10016,10018,10020,10022,10024,10026, + 10028,10030,10032,10034,10036,10038,10041,10044,10047,10050, + 10052,10055,10058,10061,10064,10067,10070,10073,10075,10078, + + 10081,10084,10086,10089,10092,10095,10098,10101,10104,10108, + 10112,10114,10116,10118,10120,10122,10124,10126,10128,10130, + 10132,10134,10136,10138,10140,10142,10144,10146,10148,10151, + 10154,10157,10160,10163,10166,10168,10171,10174,10177,10180, + 10183,10186,10189,10192,10195,10197,10200,10203,10208,10212, + 10214,10216,10218,10220,10222,10224,10226,10228,10230,10232, + 10234,10236,10238,10240,10242,10244,10247,10250,10253,10256, + 10259,10262,10265,10267,10270,10273,10276,10279,10282,10285, + 10288,10291,10295,10299,10301,10303,10305,10307,10309,10311, + 10313,10315,10317,10320,10323,10326,10329,10332,10335,10338, + + 10341,10343,10346,10349,10353,10355,10357,10359,10361,10363, + 10365,10367,10370,10373,10376,10379,10382,10385,10388,10391, + 10394,10397,10399,10401,10403,10405,10408,10410,10413,10416, + 10419,10422,10425,10429,10431,10433,10436,10438,10441,10444, + 10447,10451,10453,10456,10458,10461,10465,10468,10472,10476, + 10480,10484,10488,10492,10496,10500,10504,10508,10512,10516, + 10520,10524,10528,10532,10536,10540,10544,10548,10552,10556, + 10560,10564,10568,10572,10576 + } ; + +static yyconst flex_int16_t yy_def[4576] = + { 0, + 2864, 1, 2864, 2864, 2864, 2864, 2864, 2865, 2864, 2866, + 2867, 2867, 2864, 2868, 2868, 15, 15, 15, 15, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 15, 15, 15, 2868, 2868, 2868, 2864, + 2864, 2865, 2864, 2864, 2866, 2864, 2869, 2869, 2870, 2869, + 2871, 2868, 15, 53, 2868, 53, 53, 2864, 53, 2868, + 53, 2868, 2868, 53, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 53, 2868, 2868, 2864, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2864, 2868, 2868, + + 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2872, 2872, 2873, 2872, + 2874, 2871, 2864, 2875, 53, 2868, 2868, 2864, 135, 135, + 135, 2868, 135, 2868, 2868, 135, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2864, 2868, 2868, + 2864, 2868, 2864, 2868, 2868, 2864, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2864, 2864, 2864, 2876, 2876, 2877, 2876, 2878, + 2879, 2880, 2864, 2864, 2881, 2882, 135, 2868, 2868, 2864, + 227, 2868, 2868, 2868, 2868, 2868, 2868, 227, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2864, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2868, + 2864, 2868, 2868, 2864, 2868, 2868, 2864, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + + 2868, 2864, 2864, 2864, 2864, 2883, 2883, 2884, 2883, 2885, + 2886, 2887, 2888, 2889, 2890, 2891, 2892, 227, 2868, 2868, + 2864, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2868, 2868, + 2868, 2868, 2868, 2864, 2864, 2868, 2868, 2868, 2864, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2868, 2868, + 2864, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2864, 2864, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2864, 2868, 2864, 2864, 2864, 2893, 2893, 2894, 2893, 2895, + 2896, 2897, 2898, 2899, 2900, 2901, 2902, 2903, 2904, 2905, + + 2906, 2907, 227, 2868, 2868, 2868, 2868, 2868, 2864, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2864, 2868, 2868, 2868, 2868, 2868, 2864, 2864, 2864, + 2864, 2864, 2864, 2868, 2868, 2868, 2864, 2868, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2864, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2864, + 2864, 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2864, + 2864, 2864, 2908, 2908, 2909, 2908, 2910, 2911, 2912, 2913, + 2914, 2915, 2916, 2917, 2918, 2919, 2920, 2921, 2922, 2923, + 2924, 2925, 2926, 2927, 227, 2868, 2868, 2868, 2864, 2868, + + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, + 2868, 2864, 2868, 2868, 2868, 2864, 2864, 2864, 2864, 2864, + 2864, 2868, 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2868, + 2868, 2868, 2868, 2864, 2868, 2868, 2868, 2864, 2868, 2868, + 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2868, 2864, 2864, + 2868, 2868, 2868, 2868, 2868, 2864, 2868, 2864, 2864, 2928, + 2928, 2929, 2928, 2930, 2931, 2932, 2933, 2934, 2935, 2936, + 2937, 2938, 2939, 2940, 2941, 2942, 2943, 2944, 2945, 2946, + 2947, 2948, 2949, 2950, 2951, 2952, 2953, 2954, 2955, 2956, + 2956, 2864, 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2956, + + 2956, 2956, 2956, 2956, 2864, 2956, 2956, 2864, 2864, 2864, + 2864, 2864, 2864, 2956, 2956, 2956, 2956, 2864, 2956, 2956, + 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2864, 2956, + 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2956, 2864, + 2864, 2956, 2956, 2956, 2956, 2956, 2864, 2956, 2864, 2864, + 2957, 2957, 2958, 2957, 2959, 2960, 2961, 2962, 2963, 2964, + 2965, 2966, 2967, 2968, 2969, 2970, 2971, 2972, 2973, 2974, + 2975, 2962, 2976, 2977, 2978, 2979, 2980, 2981, 2982, 2983, + 2984, 2985, 2986, 2987, 2988, 2989, 2990, 2991, 2991, 2864, + 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, + + 2991, 2991, 2864, 2864, 2864, 2864, 2864, 2864, 2991, 2991, + 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, + 2864, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, 2991, + 2991, 2991, 2864, 2991, 2992, 2992, 2993, 2992, 2994, 2995, + 2996, 2997, 2998, 2999, 3000, 3001, 3002, 3003, 3004, 3005, + 3006, 3007, 3008, 3009, 3010, 3011, 2997, 3012, 3013, 3014, + 3015, 3016, 3017, 3018, 3019, 3020, 3021, 3022, 3023, 3024, + 3025, 3026, 3027, 3028, 3029, 3030, 3031, 3032, 3033, 3034, + 3035, 3035, 2864, 3035, 3035, 3035, 3035, 3035, 3035, 3035, + 3035, 3035, 3035, 3035, 2864, 2864, 2864, 2864, 2864, 2864, + + 3035, 3035, 3035, 3035, 3035, 3035, 3035, 3035, 3035, 3035, + 2864, 3035, 3035, 3035, 3035, 3035, 3035, 3035, 3035, 3035, + 3036, 3036, 3037, 3036, 3038, 3039, 3040, 3041, 3042, 3043, + 3044, 3045, 3046, 3047, 3048, 3049, 3050, 3051, 3052, 3053, + 3054, 3055, 3040, 3056, 3057, 3058, 3059, 3060, 3061, 3062, + 3046, 3063, 3064, 3065, 3066, 3067, 3068, 3069, 3070, 3071, + 3072, 3073, 3074, 3075, 3076, 3077, 3078, 3079, 3071, 3080, + 3081, 3082, 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3083, + 3083, 3083, 3083, 3083, 3083, 2864, 2864, 2864, 2864, 2864, + 2864, 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3083, + + 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3083, 3084, + 3084, 3085, 3084, 3086, 3087, 3088, 3089, 3090, 3091, 3092, + 3093, 3094, 3095, 3096, 3097, 3098, 3099, 3100, 3101, 3102, + 3103, 3104, 3105, 3106, 3107, 3108, 3109, 3110, 3111, 3112, + 3094, 3113, 3114, 3115, 3116, 3117, 3118, 3119, 3120, 3121, + 3122, 3123, 3124, 3125, 3126, 3127, 3128, 3129, 3130, 3131, + 3132, 3133, 3125, 3134, 3135, 3136, 3137, 3138, 3139, 3140, + 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, + 3141, 3141, 2864, 2864, 2864, 2864, 2864, 2864, 3141, 3141, + 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, 3141, + + 3141, 3141, 3141, 3141, 3142, 3142, 3143, 3142, 3144, 3145, + 3146, 3147, 3148, 3149, 3150, 3151, 3152, 3153, 3154, 3155, + 3147, 3156, 3157, 3158, 3159, 3160, 3161, 3162, 3163, 3164, + 3165, 3166, 3167, 3168, 3169, 3150, 3170, 3171, 3172, 3173, + 3174, 3175, 3176, 3157, 3177, 3178, 3179, 3180, 3181, 3182, + 3183, 3184, 3185, 3186, 3187, 3188, 3189, 3190, 3191, 3184, + 3192, 3193, 3194, 3195, 3196, 3197, 3198, 3190, 3199, 3200, + 3201, 3202, 3202, 3202, 3202, 3202, 3202, 3202, 3202, 3202, + 3202, 3202, 2864, 2864, 2864, 2864, 3202, 3202, 3202, 3202, + 3202, 3202, 3202, 3202, 3202, 3202, 3202, 3202, 3202, 3202, + + 3202, 3203, 3203, 3204, 3203, 3205, 3206, 3207, 3208, 3209, + 3210, 3211, 3212, 3213, 3214, 3215, 3216, 3208, 3217, 3218, + 3219, 3220, 3221, 3222, 3223, 3224, 3225, 3226, 3227, 3228, + 3229, 3230, 3231, 3232, 3233, 3234, 3235, 3236, 3237, 3238, + 3239, 3218, 3240, 3241, 3242, 3243, 3244, 3245, 3246, 3247, + 3248, 3249, 3250, 3251, 3252, 3253, 3254, 3255, 3256, 3257, + 3258, 3259, 3260, 3261, 3262, 3263, 3264, 3265, 3266, 3257, + 3267, 3268, 3269, 3270, 3271, 3272, 3273, 3274, 3274, 3274, + 3274, 3274, 3274, 3274, 3274, 3274, 2864, 2864, 2864, 2864, + 3274, 3274, 3274, 3274, 3274, 3274, 3274, 3274, 3274, 3274, + + 3274, 3274, 3274, 3274, 3274, 3275, 3275, 3276, 3275, 3277, + 3278, 3279, 3280, 3281, 3282, 3283, 3284, 3285, 3286, 3279, + 3287, 3288, 3289, 3290, 3291, 3292, 3293, 3285, 3294, 3295, + 3296, 3297, 3298, 3299, 3300, 3301, 3302, 3303, 3304, 3305, + 3306, 3307, 3308, 3309, 3310, 3288, 3311, 3312, 3313, 3314, + 3315, 3316, 3317, 3295, 3318, 3319, 3320, 3321, 3322, 3323, + 3324, 3325, 3326, 3327, 3328, 3329, 3330, 3331, 3332, 3333, + 3334, 3326, 3335, 3336, 3337, 3329, 3338, 3339, 3340, 3341, + 3342, 3343, 3344, 3336, 3345, 3346, 3347, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 2864, 2864, 3348, 3348, 3348, + + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3349, 3349, 3350, 3349, 3351, 3352, 3353, 3354, 3355, + 3356, 3357, 3358, 3359, 3360, 3361, 3362, 3363, 3364, 3365, + 3366, 3367, 3368, 3359, 3369, 3370, 3371, 3372, 3373, 3374, + 3375, 3376, 3377, 3378, 3379, 3380, 3381, 3382, 3383, 3384, + 3385, 3386, 3387, 3388, 3389, 3390, 3391, 3392, 3393, 3394, + 3370, 3395, 3396, 3397, 3398, 3399, 3400, 3401, 3402, 3403, + 3404, 3405, 3406, 3407, 3408, 3409, 3410, 3411, 3412, 3413, + 3414, 3415, 3407, 3416, 3417, 3418, 3419, 3420, 3421, 3422, + 3423, 3424, 3425, 3426, 3417, 3427, 3428, 3429, 3430, 3431, + + 3432, 3433, 3434, 3434, 3434, 3434, 3434, 3434, 3434, 2864, + 2864, 3434, 3434, 3434, 3434, 3434, 3434, 3434, 3434, 3434, + 3434, 3434, 3435, 3435, 3436, 3435, 3437, 3438, 3439, 3440, + 3441, 3442, 3443, 3444, 3445, 3446, 3447, 3448, 3440, 3449, + 3450, 3451, 3443, 3452, 3453, 3454, 3455, 3456, 3457, 3458, + 3450, 3459, 3460, 3461, 3462, 3463, 3464, 3465, 3466, 3467, + 3468, 3469, 3470, 3471, 3472, 3473, 3474, 3475, 3476, 3477, + 3478, 3453, 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3460, + 3486, 3487, 3488, 3489, 3490, 3491, 3492, 3493, 3494, 3495, + 3496, 3497, 3498, 3499, 3500, 3493, 3501, 3502, 3503, 3504, + + 3505, 3506, 3507, 3499, 3508, 3509, 3510, 3502, 3511, 3512, + 3513, 3514, 3515, 3516, 3517, 3509, 3518, 3519, 3520, 3521, + 3521, 3521, 3521, 3521, 3521, 2864, 2864, 3521, 3521, 3521, + 3521, 3521, 3521, 3521, 3521, 3522, 3522, 3523, 3522, 3524, + 3525, 3526, 3527, 3528, 3529, 3530, 3531, 3532, 3533, 3525, + 3534, 3535, 3536, 3537, 3538, 3539, 3540, 3541, 3542, 3543, + 3544, 3535, 3545, 3546, 3547, 3548, 3549, 3550, 3551, 3552, + 3553, 3554, 3555, 3556, 3557, 3558, 3559, 3560, 3561, 3562, + 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, 3572, + 3573, 3546, 3574, 3575, 3576, 3577, 3578, 3579, 3580, 3581, + + 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, + 3592, 3593, 3594, 3595, 3596, 3597, 3598, 3599, 3600, 3591, + 3601, 3602, 3603, 3604, 3605, 3606, 3607, 3608, 3609, 3610, + 3611, 3602, 3612, 3613, 3614, 3615, 3616, 3617, 3618, 3619, + 3619, 3619, 3619, 3619, 2864, 2864, 3619, 3619, 3619, 3619, + 3619, 3619, 3620, 3620, 3620, 3620, 3621, 3622, 3623, 3624, + 3625, 3626, 3620, 3627, 3628, 3629, 3630, 3631, 3632, 3633, + 3625, 3634, 3635, 3636, 3628, 3637, 3638, 3639, 3640, 3641, + 3642, 3643, 3635, 3644, 3645, 3646, 3647, 3648, 3649, 3650, + 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, + + 3661, 3662, 3663, 3664, 3665, 3666, 3667, 3668, 3669, 3670, + 3671, 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, 3680, + 3681, 3682, 3683, 3684, 3685, 3686, 3687, 3688, 3689, 3690, + 3691, 3692, 3684, 3693, 3694, 3695, 3687, 3696, 3697, 3698, + 3699, 3700, 3701, 3702, 3694, 3703, 3704, 3705, 3697, 3706, + 3707, 3708, 3709, 3710, 3711, 3712, 3704, 3713, 3714, 3715, + 3716, 3716, 3716, 3716, 3716, 2864, 2864, 3716, 3716, 3716, + 3716, 3716, 3716, 3717, 3717, 3717, 3718, 3719, 3720, 3721, + 3722, 3723, 3720, 3724, 3725, 3723, 3719, 3726, 3727, 3728, + 3729, 3730, 3731, 3732, 3733, 3734, 3735, 3736, 3727, 3737, + + 3738, 3739, 3740, 3741, 3742, 3743, 3744, 3745, 3746, 3747, + 3748, 3749, 3750, 3751, 3752, 3753, 3754, 3755, 3756, 3757, + 3758, 3759, 3760, 3761, 3762, 3763, 3764, 3765, 3766, 3767, + 3768, 3769, 3770, 3771, 3772, 3773, 3774, 3775, 3776, 3777, + 3778, 3779, 3780, 3781, 3782, 3783, 3784, 3785, 3786, 3787, + 3788, 3780, 3789, 3790, 3791, 3792, 3793, 3794, 3795, 3796, + 3797, 3798, 3799, 3790, 3800, 3801, 3802, 3803, 3804, 3805, + 3806, 3807, 3808, 3809, 3810, 3801, 3811, 3812, 3813, 3814, + 3815, 3816, 3817, 3818, 3818, 3818, 3818, 2864, 2864, 3818, + 3818, 3818, 3818, 3818, 3818, 3819, 3819, 3820, 3821, 3822, + + 3823, 3824, 3822, 3825, 3826, 3827, 3828, 3829, 3823, 3830, + 3831, 3832, 3825, 3833, 3834, 3835, 3836, 3837, 3838, 3839, + 3831, 3840, 3841, 3842, 3843, 3844, 3845, 3846, 3847, 3848, + 3849, 3850, 3851, 3852, 3853, 3854, 3855, 3856, 3857, 3858, + 3859, 3860, 3861, 3862, 3863, 3864, 3865, 3866, 3867, 3868, + 3869, 3870, 3871, 3872, 3873, 3874, 3875, 3876, 3877, 3877, + 3878, 3879, 3880, 3881, 3882, 3883, 3877, 3884, 3885, 3886, + 3887, 3888, 3889, 3890, 3882, 3891, 3892, 3893, 3885, 3894, + 3895, 3896, 3897, 3898, 3899, 3900, 3892, 3901, 3902, 3903, + 3895, 3904, 3905, 3906, 3907, 3908, 3909, 3910, 3902, 3911, + + 3912, 3913, 3914, 2864, 2864, 3914, 3914, 3914, 3915, 3915, + 3916, 3917, 3918, 3919, 3917, 3920, 3921, 3922, 3923, 3924, + 3925, 3926, 3927, 3928, 3929, 3930, 3931, 3922, 3932, 3933, + 3934, 3935, 3936, 3937, 3938, 3939, 3940, 3941, 3942, 3943, + 3944, 3945, 3946, 3947, 3948, 3949, 3950, 3951, 3952, 3953, + 3954, 3955, 3956, 3957, 3958, 3959, 3960, 3961, 3962, 3963, + 3964, 3965, 3966, 3967, 3968, 3969, 3970, 3971, 3972, 3973, + 3974, 3975, 3976, 3977, 3978, 3975, 3979, 3980, 3978, 3974, + 3981, 3982, 3983, 3984, 3985, 3986, 3987, 3988, 3989, 3990, + 3991, 3982, 3992, 3993, 3994, 3995, 3996, 3997, 3998, 3999, + + 4000, 4001, 4002, 3993, 4003, 4004, 4005, 4006, 4007, 4008, + 4009, 4010, 2864, 2864, 4010, 4010, 4011, 4011, 4012, 4013, + 4014, 4015, 4016, 4017, 4013, 4018, 4019, 4020, 4013, 4021, + 4022, 4023, 4024, 4025, 4026, 4027, 4019, 4028, 4029, 4030, + 4031, 4032, 4033, 4034, 4035, 4036, 4037, 4038, 4039, 4040, + 4041, 4042, 4043, 4044, 4045, 4046, 4047, 4048, 4049, 4050, + 4051, 4052, 4053, 4054, 4055, 4056, 4057, 4058, 4059, 4060, + 4061, 4062, 4063, 4064, 4065, 4066, 4067, 4065, 4068, 4069, + 4070, 4071, 4072, 4066, 4073, 4074, 4075, 4068, 4076, 4077, + 4078, 4079, 4080, 4081, 4082, 4074, 4083, 4084, 4085, 4077, + + 4086, 4087, 4088, 4089, 4090, 4091, 4092, 4084, 4093, 4094, + 4095, 4096, 2864, 2864, 4096, 4096, 4097, 4097, 4098, 4099, + 4100, 4101, 4102, 4103, 4104, 4101, 4105, 4106, 4104, 4100, + 4107, 4108, 4109, 4110, 4111, 4112, 4113, 4097, 4114, 4115, + 4116, 4117, 4118, 4119, 4120, 4121, 4122, 4123, 4124, 4125, + 4126, 4127, 4128, 4129, 4130, 4131, 4132, 4133, 4108, 4134, + 4135, 4136, 4137, 4138, 4139, 4140, 4141, 4142, 4143, 4144, + 4142, 4145, 4146, 4147, 4148, 4149, 4150, 4151, 4152, 4153, + 4154, 4155, 4156, 4147, 4157, 4158, 4159, 4160, 4161, 4162, + 4163, 4164, 4165, 4166, 4167, 4158, 4168, 4169, 4170, 4171, + + 4172, 4173, 4174, 4175, 2864, 2864, 4175, 4175, 4175, 4176, + 4176, 4177, 4178, 4179, 4180, 4181, 4179, 4182, 4183, 4184, + 4185, 4186, 4180, 4187, 4188, 4189, 4190, 4191, 4192, 4193, + 4194, 4195, 4196, 4197, 4198, 4199, 4200, 4201, 4202, 4203, + 4204, 4182, 4205, 4206, 4207, 4208, 4209, 4210, 4211, 4188, + 4212, 4213, 4214, 4215, 4216, 4217, 4218, 4219, 4220, 4216, + 4221, 4222, 4223, 4216, 4224, 4225, 4226, 4227, 4228, 4229, + 4230, 4222, 4231, 4232, 4233, 4225, 4234, 4235, 4236, 4237, + 4238, 4239, 4240, 4232, 4241, 4242, 4243, 4244, 4244, 4244, + 4245, 4245, 4246, 4247, 4248, 4249, 4247, 4250, 4251, 4252, + + 4253, 4254, 4255, 4256, 4257, 4258, 4259, 4260, 4261, 4262, + 4263, 4264, 4265, 4266, 4267, 4268, 4269, 4270, 4271, 4272, + 4273, 4252, 4274, 4275, 4276, 4277, 4278, 4279, 4280, 4281, + 4282, 4283, 4284, 4285, 4286, 4287, 4284, 4288, 4289, 4287, + 4283, 4290, 4291, 4292, 4293, 4294, 4295, 4296, 4297, 4298, + 4299, 4300, 4291, 4301, 4302, 4303, 4304, 4305, 4306, 4307, + 4308, 4308, 4309, 4309, 4310, 4311, 4312, 4313, 4314, 4315, + 4311, 4316, 4317, 4318, 4319, 4320, 4321, 4322, 4323, 4324, + 4325, 4326, 4327, 4328, 4311, 4329, 4330, 4331, 4332, 4333, + 4334, 4335, 4317, 4336, 4337, 4338, 4339, 4340, 4341, 4342, + + 4343, 4341, 4344, 4345, 4346, 4347, 4348, 4342, 4349, 4350, + 4351, 4344, 4352, 4353, 4354, 4355, 4356, 4357, 4358, 4350, + 4359, 4360, 4361, 4362, 4363, 4363, 4364, 4365, 4366, 4367, + 4368, 4369, 4370, 4371, 4372, 4364, 4373, 4374, 4375, 4376, + 4367, 4377, 4378, 4379, 4366, 4380, 4381, 4382, 4383, 4384, + 4385, 4386, 4387, 4388, 4389, 4390, 4388, 4391, 4392, 4393, + 4394, 4395, 4396, 4397, 4398, 4399, 4400, 4401, 4402, 4393, + 4403, 4404, 4405, 4406, 4407, 4408, 4409, 4410, 4411, 4411, + 4412, 4413, 4414, 4415, 4416, 4417, 4418, 4412, 4419, 4420, + 4414, 4421, 4422, 4423, 4424, 4425, 4426, 4415, 4427, 4428, + + 4429, 4430, 4431, 4432, 4433, 4434, 4435, 4431, 4436, 4437, + 4438, 4431, 4439, 4440, 4441, 4442, 4443, 4444, 4445, 4437, + 4446, 4447, 4448, 4449, 4450, 4450, 4451, 4452, 4453, 4454, + 4455, 4456, 4452, 4457, 4458, 4459, 4460, 4461, 4462, 4463, + 4464, 4465, 4466, 4467, 4468, 4469, 4470, 4471, 4472, 4473, + 4470, 4474, 4475, 4473, 4469, 4476, 4477, 4478, 4479, 4480, + 4481, 4482, 4483, 4484, 4484, 4460, 4485, 4486, 4487, 4488, + 4463, 4489, 4490, 4466, 4485, 4491, 4492, 4493, 4471, 4469, + 4494, 4495, 4496, 4494, 4497, 4498, 4499, 4500, 4501, 4495, + 4502, 4503, 4504, 4483, 4505, 4505, 4489, 4506, 4507, 4489, + + 4491, 4508, 4509, 4510, 4511, 4512, 4498, 4513, 4514, 4501, + 4513, 4495, 4515, 4516, 4517, 4518, 4519, 4520, 4521, 2694, + 4522, 4522, 4523, 4524, 4510, 4523, 4525, 4526, 4527, 4515, + 4528, 4518, 4529, 4530, 4521, 4528, 4531, 4532, 4533, 2694, + 4534, 4534, 4510, 4535, 2864, 4536, 2864, 2864, 4537, 4529, + 4531, 4538, 4539, 4540, 4541, 2864, 2740, 4542, 4542, 4543, + 4543, 2864, 2864, 4544, 4540, 4538, 4545, 4546, 2740, 4547, + 4547, 2864, 2864, 4548, 2864, 2740, 4549, 4549, 4546, 2740, + 4550, 4550, 2780, 4551, 4551, 2780, 4552, 4552, 2780, 4553, + 4553, 2780, 4554, 4554, 2792, 4555, 4555, 2792, 4556, 4556, + + 2792, 4557, 4557, 2792, 4558, 4558, 2804, 4559, 4559, 2804, + 4560, 4560, 2804, 4561, 4561, 2804, 4562, 4562, 2816, 4563, + 4563, 2816, 4564, 4564, 2816, 4565, 4565, 2816, 4566, 4566, + 2828, 4567, 4567, 2828, 4568, 4568, 2828, 4569, 4569, 2828, + 4570, 4570, 2840, 4571, 4571, 2840, 4572, 4572, 2840, 4573, + 4573, 2840, 4574, 4574, 2852, 4575, 4575, 2852, 2864, 2864, + 2852, 2864, 2864, 0, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864 + } ; + +static yyconst flex_int16_t yy_nxt[10845] = + { 0, + 4, 5, 6, 7, 5, 4, 8, 9, 9, 4, + 10, 11, 11, 12, 12, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, + 27, 28, 29, 23, 30, 31, 32, 33, 23, 23, + 23, 23, 4, 34, 35, 35, 35, 35, 36, 23, + 23, 23, 23, 23, 23, 37, 38, 39, 23, 23, + 23, 23, 23, 23, 23, 23, 23, 40, 41, 2864, + 1329, 41, 44, 44, 44, 44, 44, 46, 2864, 47, + 47, 48, 48, 48, 49, 46, 1450, 48, 48, 48, + 48, 48, 49, 53, 53, 53, 53, 53, 49, 53, + + 53, 54, 53, 53, 53, 41, 361, 53, 41, 60, + 55, 64, 2864, 66, 2864, 65, 2864, 133, 176, 129, + 2864, 53, 692, 51, 61, 53, 53, 56, 57, 53, + 53, 62, 361, 371, 372, 55, 67, 63, 2864, 2864, + 68, 78, 69, 2864, 176, 2864, 2864, 82, 361, 58, + 53, 53, 53, 53, 53, 49, 53, 53, 53, 53, + 53, 53, 70, 2864, 2864, 2864, 176, 2864, 2864, 83, + 76, 2864, 105, 71, 106, 2864, 2864, 84, 813, 79, + 72, 77, 59, 53, 53, 53, 53, 53, 73, 2864, + 2864, 699, 689, 2864, 2864, 74, 80, 71, 2864, 90, + + 87, 1471, 81, 85, 75, 173, 2864, 2864, 86, 2864, + 718, 88, 2864, 91, 2864, 95, 89, 99, 2864, 2864, + 55, 113, 2864, 96, 2864, 90, 2864, 114, 695, 92, + 2864, 218, 107, 93, 116, 53, 108, 2864, 91, 100, + 2864, 95, 99, 99, 117, 55, 109, 110, 96, 94, + 97, 111, 101, 2864, 102, 71, 112, 103, 2864, 58, + 98, 138, 53, 104, 2864, 2864, 90, 115, 99, 2864, + 95, 144, 146, 118, 2864, 119, 2864, 147, 96, 71, + 91, 2864, 2864, 148, 133, 2864, 75, 138, 104, 142, + 226, 2864, 90, 2864, 137, 151, 95, 44, 44, 44, + + 44, 44, 150, 96, 2864, 91, 125, 125, 126, 126, + 126, 138, 2864, 2864, 145, 98, 94, 120, 133, 308, + 137, 104, 121, 133, 316, 2864, 248, 2864, 58, 399, + 122, 123, 732, 2864, 2864, 46, 75, 127, 127, 128, + 128, 128, 129, 120, 138, 2864, 2864, 104, 121, 1479, + 248, 693, 1197, 58, 248, 122, 123, 2864, 2864, 46, + 75, 128, 128, 128, 128, 128, 129, 124, 135, 135, + 135, 135, 135, 129, 135, 135, 135, 135, 135, 135, + 2864, 2864, 2864, 2864, 2864, 156, 2864, 153, 149, 152, + 155, 2864, 2864, 2864, 154, 2864, 2864, 2864, 2864, 166, + + 135, 135, 135, 135, 135, 135, 2864, 2864, 2864, 2864, + 167, 156, 2864, 2864, 2864, 175, 155, 168, 158, 2864, + 2864, 2864, 159, 161, 2864, 160, 2864, 2864, 698, 1450, + 156, 2864, 2864, 2864, 2864, 156, 162, 2864, 163, 165, + 172, 175, 2864, 2864, 2864, 164, 2864, 177, 170, 2864, + 169, 174, 171, 183, 2864, 180, 176, 2864, 2864, 2864, + 182, 2864, 2864, 176, 2864, 2864, 2864, 2864, 179, 186, + 2864, 177, 2864, 178, 2864, 2864, 2864, 2864, 178, 183, + 2864, 2864, 176, 2864, 185, 2864, 182, 2864, 388, 2864, + 2864, 2864, 2864, 186, 198, 1406, 190, 178, 183, 2864, + + 2864, 191, 186, 184, 181, 183, 187, 2864, 185, 192, + 2864, 188, 2864, 2864, 202, 194, 189, 186, 2864, 199, + 195, 200, 193, 206, 196, 2864, 197, 2864, 201, 203, + 208, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 204, + 2864, 2864, 2864, 205, 210, 207, 183, 2864, 2864, 209, + 2864, 2864, 2864, 2864, 178, 475, 2864, 215, 2864, 125, + 125, 126, 126, 126, 133, 2864, 1471, 818, 211, 1076, + 402, 215, 183, 126, 126, 126, 126, 126, 178, 710, + 712, 2864, 2864, 2864, 2864, 178, 2864, 2864, 2864, 212, + 46, 183, 216, 216, 217, 217, 217, 218, 2864, 138, + + 229, 176, 230, 46, 213, 217, 217, 217, 217, 217, + 218, 223, 224, 224, 224, 224, 186, 2864, 178, 2864, + 2864, 243, 2864, 242, 229, 138, 230, 176, 2864, 2864, + 213, 240, 2864, 230, 791, 230, 234, 2864, 2864, 2864, + 186, 2864, 178, 228, 2864, 2864, 2864, 1479, 236, 214, + 227, 227, 227, 227, 227, 218, 227, 227, 227, 227, + 227, 227, 2864, 2864, 239, 2864, 237, 246, 2864, 247, + 2864, 2864, 241, 2864, 2864, 245, 2864, 2864, 244, 2864, + 2864, 2864, 227, 227, 227, 227, 227, 227, 2864, 2864, + 2864, 2864, 2864, 247, 2864, 2864, 2864, 248, 249, 255, + + 256, 2864, 2864, 251, 2864, 252, 250, 2864, 2864, 260, + 264, 254, 258, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 257, 253, 261, 269, 2864, 2864, 1300, 2864, 2864, 268, + 259, 2864, 2864, 2864, 132, 133, 2864, 2864, 262, 2864, + 2864, 271, 2864, 263, 2864, 2864, 266, 2864, 269, 133, + 133, 265, 2864, 2864, 268, 2864, 272, 270, 2864, 2864, + 269, 267, 277, 269, 273, 271, 2864, 271, 2864, 269, + 2864, 275, 2864, 2864, 271, 2864, 2864, 281, 278, 2864, + 283, 270, 2864, 2864, 2864, 269, 277, 2864, 2864, 2864, + 271, 271, 276, 2864, 277, 2864, 2864, 2864, 2864, 2864, + + 274, 284, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 279, + 286, 2864, 291, 2864, 2864, 289, 276, 2864, 298, 280, + 282, 285, 2864, 2864, 277, 2864, 2864, 2864, 288, 297, + 2864, 2864, 292, 2864, 2864, 290, 287, 295, 294, 2864, + 2864, 300, 296, 428, 2864, 299, 293, 2864, 2864, 248, + 2864, 883, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 803, 697, 2864, 269, 2864, 2864, 429, 301, 2864, 2864, + 302, 277, 820, 248, 430, 248, 2864, 248, 304, 304, + 305, 305, 305, 223, 224, 224, 224, 224, 269, 224, + 224, 224, 224, 224, 302, 277, 2864, 2864, 2864, 248, + + 691, 133, 46, 303, 306, 306, 307, 307, 307, 308, + 46, 320, 307, 307, 307, 307, 307, 308, 318, 318, + 318, 318, 318, 308, 318, 318, 318, 318, 318, 318, + 2864, 319, 321, 2864, 324, 2864, 320, 2864, 325, 2864, + 2864, 2864, 2864, 2864, 333, 2864, 2864, 2864, 2864, 321, + 318, 318, 318, 318, 318, 318, 2864, 321, 2864, 2864, + 2864, 323, 2864, 2864, 2864, 2864, 326, 133, 133, 882, + 321, 332, 2864, 327, 328, 336, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 331, 2864, 2864, 2864, 334, 2864, 330, + 2864, 2864, 2864, 2864, 2864, 339, 2864, 2864, 344, 338, + + 335, 2864, 340, 345, 341, 2864, 349, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 348, 342, 346, 2864, + 347, 2864, 2864, 2864, 343, 352, 350, 2864, 2864, 2864, + 2864, 2864, 351, 2864, 2864, 356, 2864, 2864, 357, 2864, + 2864, 2864, 357, 353, 2864, 2864, 2864, 355, 2864, 2864, + 2864, 2864, 2864, 1294, 360, 2864, 2864, 133, 2864, 2864, + 2864, 356, 2864, 2864, 357, 2864, 354, 362, 357, 2864, + 2864, 2864, 2864, 2864, 358, 2864, 2864, 2864, 2864, 700, + 360, 365, 2864, 2864, 359, 357, 367, 2864, 357, 2864, + 2864, 2864, 357, 363, 727, 2864, 361, 2864, 364, 2864, + + 2864, 2864, 2864, 2864, 369, 366, 2864, 373, 368, 2864, + 370, 2864, 2864, 375, 2864, 374, 2864, 378, 376, 2864, + 2864, 431, 2864, 379, 380, 357, 2864, 2864, 2864, 2864, + 377, 2864, 2864, 2864, 2864, 357, 450, 321, 2864, 2864, + 2864, 2864, 133, 361, 432, 381, 562, 321, 489, 2864, + 133, 357, 433, 133, 2864, 1526, 492, 382, 133, 492, + 450, 357, 321, 2864, 581, 2864, 1527, 133, 450, 361, + 2864, 404, 321, 584, 385, 383, 304, 304, 305, 305, + 305, 2864, 2864, 2864, 385, 384, 305, 305, 305, 305, + 305, 46, 406, 386, 386, 387, 387, 387, 388, 46, + + 2864, 387, 387, 387, 387, 387, 388, 403, 403, 403, + 403, 403, 388, 403, 403, 403, 403, 403, 403, 2864, + 2864, 2864, 2864, 2864, 408, 405, 2864, 2864, 2864, 2864, + 415, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 403, + 403, 403, 403, 403, 403, 418, 409, 410, 419, 2864, + 411, 2864, 2864, 2864, 1301, 2864, 2864, 2864, 420, 407, + 414, 2864, 425, 2864, 412, 992, 413, 438, 416, 2864, + 2864, 2864, 2864, 2864, 2864, 417, 2864, 2864, 2864, 2864, + 421, 2864, 2864, 423, 2864, 2864, 2864, 2864, 2864, 2864, + 426, 427, 434, 424, 436, 435, 2864, 446, 444, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 445, 2864, 439, 440, 442, 443, 2864, + 2864, 2864, 2864, 446, 449, 2864, 2864, 2864, 2864, 2864, + 2864, 454, 2864, 441, 2864, 2864, 2864, 2864, 2864, 445, + 447, 2864, 448, 2864, 452, 446, 2864, 2864, 449, 457, + 2864, 2864, 2864, 451, 2864, 453, 450, 455, 725, 458, + 2864, 446, 2864, 463, 456, 459, 876, 446, 2864, 2864, + 462, 2864, 2864, 2864, 466, 653, 2864, 2864, 2864, 2864, + 2864, 2864, 464, 465, 469, 2864, 2864, 2864, 2864, 2864, + 467, 446, 2864, 446, 2864, 471, 471, 472, 472, 472, + + 896, 2864, 2864, 2864, 2864, 2864, 46, 450, 473, 473, + 474, 474, 474, 475, 2864, 446, 2864, 446, 2864, 46, + 2864, 474, 474, 474, 474, 474, 475, 2864, 2864, 2864, + 2864, 450, 2864, 496, 498, 2864, 2864, 2864, 2864, 470, + 495, 495, 495, 495, 495, 475, 495, 495, 495, 495, + 495, 495, 2864, 500, 2864, 2864, 503, 497, 501, 505, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 507, 2864, + 508, 504, 495, 495, 495, 495, 495, 495, 2864, 2864, + 502, 506, 510, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 511, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 133, 133, 513, 2864, 509, 538, 584, 584, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 522, 2864, 527, 524, + 523, 2864, 514, 2864, 532, 530, 529, 534, 525, 2864, + 538, 528, 533, 2864, 2864, 2864, 2864, 538, 531, 2864, + 535, 515, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 534, 536, 537, 2864, 2864, 533, 539, 2864, + 2864, 2864, 2864, 541, 2864, 2864, 547, 534, 2864, 2864, + 2864, 553, 534, 2864, 2864, 543, 2864, 540, 537, 2864, + 2864, 548, 2864, 554, 2864, 538, 133, 2864, 2864, 546, + 2864, 542, 589, 544, 559, 471, 471, 472, 472, 472, + + 2864, 552, 545, 555, 132, 551, 557, 2864, 133, 534, + 2864, 2864, 1538, 2864, 677, 2864, 2864, 133, 538, 2864, + 2864, 2864, 133, 581, 2864, 2864, 788, 2864, 581, 729, + 2864, 2864, 2864, 2864, 534, 559, 472, 472, 472, 472, + 472, 46, 538, 560, 560, 561, 561, 561, 562, 558, + 46, 2864, 561, 561, 561, 561, 561, 562, 590, 590, + 590, 590, 590, 562, 590, 590, 590, 590, 590, 590, + 593, 591, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 599, 2864, 2864, 1538, 600, 2864, + 590, 590, 590, 590, 590, 590, 2864, 598, 2864, 601, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 594, 621, 596, + 2864, 595, 602, 2864, 2864, 2864, 603, 132, 597, 2864, + 607, 133, 604, 2864, 2864, 2864, 2864, 581, 2864, 2864, + 2864, 2864, 2864, 606, 616, 620, 2864, 2864, 614, 2864, + 2864, 619, 615, 617, 623, 2864, 624, 2864, 629, 2864, + 628, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 622, + 625, 2864, 630, 626, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 627, 629, 2864, 628, 2864, 2864, 2864, + 2864, 2864, 2864, 133, 2864, 2864, 133, 2864, 631, 684, + 2864, 635, 581, 2864, 629, 645, 629, 133, 2864, 636, + + 634, 133, 2864, 684, 632, 133, 633, 766, 629, 2864, + 2864, 769, 642, 643, 648, 1534, 814, 714, 2864, 2864, + 2864, 637, 2864, 2864, 638, 639, 2864, 646, 2864, 644, + 2864, 2864, 2864, 2864, 629, 2864, 2864, 694, 2864, 649, + 649, 650, 650, 650, 46, 701, 651, 651, 652, 652, + 652, 653, 2864, 46, 629, 652, 652, 652, 652, 652, + 653, 688, 688, 688, 688, 688, 653, 688, 688, 688, + 688, 688, 688, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 721, 2864, 2864, 2864, 2864, 2864, 649, 649, + 650, 650, 650, 688, 688, 688, 688, 688, 688, 715, + + 696, 720, 2864, 2864, 2864, 2864, 711, 721, 2864, 1538, + 133, 737, 722, 2864, 709, 726, 677, 702, 1545, 721, + 724, 713, 716, 719, 717, 133, 720, 723, 133, 1538, + 730, 677, 782, 728, 773, 731, 734, 897, 721, 650, + 650, 650, 650, 650, 46, 2864, 735, 735, 736, 736, + 736, 737, 46, 2864, 736, 736, 736, 736, 736, 737, + 133, 133, 133, 133, 133, 2864, 677, 773, 769, 773, + 780, 781, 781, 781, 781, 781, 737, 781, 781, 781, + 781, 781, 781, 2864, 785, 784, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 786, 2864, 2864, 2864, + + 2864, 2864, 2864, 781, 781, 781, 781, 781, 781, 2864, + 2864, 811, 2864, 2864, 2864, 2864, 793, 2864, 810, 792, + 2864, 823, 133, 802, 1429, 787, 804, 912, 856, 807, + 789, 790, 794, 805, 801, 806, 2864, 874, 1549, 812, + 808, 809, 811, 815, 816, 819, 817, 893, 46, 811, + 821, 821, 822, 822, 822, 823, 46, 877, 822, 822, + 822, 822, 822, 823, 133, 133, 133, 133, 133, 133, + 859, 859, 766, 766, 769, 859, 133, 133, 133, 133, + 133, 875, 769, 868, 859, 769, 868, 873, 873, 873, + 873, 873, 823, 873, 873, 873, 873, 873, 873, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 873, + 873, 873, 873, 873, 873, 2864, 2864, 2864, 2864, 133, + 133, 879, 880, 881, 2864, 950, 953, 894, 1538, 878, + 895, 898, 1429, 885, 903, 892, 899, 884, 905, 904, + 974, 2864, 900, 1004, 1407, 133, 901, 902, 906, 908, + 907, 953, 973, 1549, 132, 980, 46, 909, 910, 910, + 911, 911, 911, 912, 46, 2864, 911, 911, 911, 911, + 911, 912, 133, 133, 133, 133, 133, 133, 953, 958, + 953, 859, 962, 953, 133, 133, 133, 133, 133, 133, + + 859, 962, 953, 958, 962, 970, 971, 971, 971, 971, + 971, 912, 971, 971, 971, 971, 971, 971, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 972, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 971, 971, + 971, 971, 971, 971, 2864, 982, 2864, 2864, 2864, 2864, + 2864, 133, 133, 989, 1001, 1007, 981, 1049, 950, 991, + 977, 1538, 990, 975, 978, 979, 993, 994, 976, 998, + 1545, 1549, 1557, 995, 996, 997, 1000, 999, 1002, 1095, + 1073, 1429, 1549, 2864, 1438, 46, 1003, 1005, 1005, 1006, + 1006, 1006, 1007, 46, 1075, 1006, 1006, 1006, 1006, 1006, + + 1007, 133, 133, 133, 133, 133, 133, 950, 950, 1056, + 950, 1056, 950, 133, 133, 133, 133, 133, 133, 953, + 958, 950, 1056, 958, 1067, 133, 133, 133, 1077, 2864, + 2864, 1056, 958, 1067, 1072, 1072, 1072, 1072, 1072, 1007, + 1072, 1072, 1072, 1072, 1072, 1072, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 1072, 1072, 1072, 1072, + 1072, 1072, 1074, 2864, 2864, 2864, 2864, 133, 1082, 1097, + 1088, 1104, 1100, 1151, 1090, 1078, 1079, 1080, 1091, 1081, + 1087, 1099, 1180, 1096, 1089, 1193, 1092, 1098, 1093, 1561, + + 1201, 1094, 1101, 46, 1179, 1102, 1102, 1103, 1103, 1103, + 1104, 46, 1191, 1103, 1103, 1103, 1103, 1103, 1104, 133, + 133, 133, 133, 133, 133, 1154, 1049, 1049, 1158, 1049, + 1158, 133, 133, 133, 133, 133, 133, 1154, 1158, 1165, + 1049, 1158, 1056, 133, 133, 133, 133, 133, 133, 1169, + 1158, 1056, 1169, 1158, 1165, 133, 133, 2864, 2864, 2864, + 2864, 1169, 1177, 1178, 1178, 1178, 1178, 1178, 1104, 1178, + 1178, 1178, 1178, 1178, 1178, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 1192, 2864, 1182, 1183, 2864, 2864, 2864, + 2864, 2864, 2864, 1184, 2864, 1178, 1178, 1178, 1178, 1178, + + 1178, 1181, 46, 1196, 1206, 1206, 1207, 1207, 1207, 1208, + 2864, 2864, 1199, 1549, 1185, 1186, 1438, 1208, 1314, 1198, + 1203, 1522, 1194, 1195, 1205, 1204, 1561, 1200, 1291, 1292, + 132, 46, 1202, 1207, 1207, 1207, 1207, 1207, 1208, 133, + 133, 133, 133, 133, 133, 1259, 1262, 1262, 1151, 1151, + 1154, 133, 133, 133, 133, 133, 133, 1262, 1154, 1271, + 1262, 1154, 1271, 133, 133, 133, 133, 133, 133, 1154, + 1158, 1165, 1154, 1271, 1165, 133, 133, 133, 133, 2864, + 2864, 1283, 1271, 1165, 1283, 1288, 1288, 1288, 1288, 1288, + 1208, 1288, 1288, 1288, 1288, 1288, 1288, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 133, 2864, 2864, 2864, 2864, 2864, 1370, 1288, 1288, 1288, + 1288, 1288, 1288, 1290, 1289, 1304, 133, 1295, 133, 1549, + 2864, 1557, 1373, 1303, 1373, 1299, 1302, 1308, 133, 1298, + 1561, 1293, 133, 1306, 1373, 1305, 1311, 133, 1378, 1408, + 1309, 133, 1525, 1373, 1412, 1307, 1405, 1262, 46, 1310, + 1312, 1312, 1313, 1313, 1313, 1314, 46, 1417, 1313, 1313, + 1313, 1313, 1313, 1314, 133, 133, 133, 133, 133, 133, + 1382, 1373, 1262, 1382, 1373, 1378, 133, 133, 133, 133, + 133, 133, 1382, 1390, 1262, 1382, 1271, 1394, 133, 133, + + 133, 133, 133, 133, 1382, 1271, 1394, 1382, 1390, 1394, + 133, 2864, 2864, 2864, 2864, 2864, 1402, 1403, 1403, 1403, + 1403, 1403, 1314, 1403, 1403, 1403, 1403, 1403, 1403, 2864, + 2864, 2864, 2864, 2864, 2864, 46, 2864, 1423, 1423, 1424, + 1424, 1424, 1425, 1425, 1404, 1569, 2864, 1409, 2864, 1403, + 1403, 1403, 1403, 1403, 1403, 1538, 133, 1571, 132, 1414, + 1415, 1418, 1485, 1413, 1420, 1421, 133, 133, 1571, 133, + 133, 1422, 1370, 1370, 1419, 1370, 1492, 1528, 46, 1416, + 1424, 1424, 1424, 1424, 1424, 1425, 133, 133, 133, 133, + 133, 133, 1370, 1492, 1370, 1373, 1378, 1370, 133, 133, + + 133, 133, 133, 133, 1492, 1378, 1503, 1492, 1378, 1503, + 133, 133, 133, 133, 133, 133, 1378, 1382, 1390, 1378, + 1503, 1390, 133, 133, 133, 133, 2864, 2864, 1515, 1503, + 1390, 1515, 1520, 1520, 1520, 1520, 1520, 1425, 1520, 1520, + 1520, 1520, 1520, 1520, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 1575, 1571, 1575, 1523, 132, 1575, 1580, 1575, 1580, + 1521, 132, 1580, 1585, 1520, 1520, 1520, 1520, 1520, 1520, + 1580, 1524, 1585, 132, 1438, 1561, 1585, 1529, 1530, 1531, + 1591, 1561, 1532, 1535, 46, 1585, 1536, 1536, 1537, 1537, + 1537, 1538, 1533, 46, 1591, 1537, 1537, 1537, 1537, 1537, + + 1538, 132, 1561, 1569, 1591, 1599, 133, 133, 133, 133, + 133, 133, 1601, 133, 1604, 1485, 1485, 1608, 133, 1485, + 133, 133, 133, 133, 1608, 133, 133, 1604, 1608, 1615, + 133, 1485, 1608, 133, 133, 133, 1492, 133, 133, 1619, + 1608, 1492, 133, 1619, 133, 133, 133, 133, 1608, 133, + 1615, 1619, 1627, 1492, 133, 1619, 133, 133, 133, 133, + 1503, 133, 1631, 1619, 1503, 1631, 133, 133, 133, 133, + 2864, 2864, 1619, 1627, 1631, 1639, 1640, 1640, 1640, 1640, + 1640, 1538, 1640, 1640, 1640, 1640, 1640, 1640, 2864, 2864, + 2864, 1645, 1646, 2864, 2864, 2864, 2864, 2864, 2864, 132, + + 2864, 2864, 2864, 1538, 1641, 1538, 1659, 1538, 1640, 1640, + 1640, 1640, 1640, 1640, 1649, 1538, 1659, 1642, 1643, 132, + 1538, 1538, 1545, 1650, 132, 1644, 1647, 1648, 46, 1652, + 1653, 1653, 1654, 1654, 1654, 1538, 46, 1538, 1654, 1654, + 1654, 1654, 1654, 1538, 1659, 1545, 1651, 1670, 1659, 1545, + 1670, 132, 1545, 1549, 1557, 132, 1545, 1670, 1557, 1682, + 1670, 1557, 1682, 132, 1688, 132, 1691, 1688, 1691, 132, + 1691, 1696, 1691, 1696, 132, 1696, 1701, 1696, 1701, 132, + 1701, 1706, 1557, 1701, 1706, 132, 1557, 1682, 1706, 1714, + 1682, 1706, 1714, 132, 133, 133, 133, 133, 133, 133, + + 1720, 133, 1723, 1723, 133, 1601, 133, 1601, 133, 133, + 1604, 133, 133, 133, 1723, 1604, 133, 1732, 1723, 1604, + 133, 133, 1732, 133, 133, 133, 133, 1604, 133, 1608, + 1615, 133, 1604, 133, 1732, 133, 133, 1615, 133, 1744, + 133, 1732, 1615, 133, 1744, 133, 133, 133, 133, 1615, + 133, 1619, 1627, 133, 1615, 133, 1744, 133, 133, 1627, + 133, 1756, 133, 1744, 1627, 2864, 1756, 1761, 1761, 1761, + 1761, 1761, 1538, 1761, 1761, 1761, 1761, 1761, 1761, 2864, + 2864, 2864, 1766, 1767, 2864, 2864, 2864, 2864, 2864, 1538, + 2864, 2864, 1659, 132, 1659, 1538, 1762, 1659, 1782, 1761, + + 1761, 1761, 1761, 1761, 1761, 46, 1659, 1774, 1774, 1775, + 1775, 1775, 1538, 1763, 1764, 1768, 1769, 1770, 1659, 1771, + 2864, 2864, 1786, 1659, 1659, 1765, 1772, 1538, 1538, 1786, + 132, 1659, 1782, 46, 1773, 1775, 1775, 1775, 1775, 1775, + 1538, 1786, 1794, 1659, 1786, 1670, 1798, 1786, 1670, 1798, + 132, 1786, 1794, 1798, 1806, 1807, 132, 1810, 1810, 132, + 1810, 1815, 1810, 1815, 132, 1815, 1820, 1815, 1820, 132, + 1820, 1825, 1820, 1825, 132, 1670, 1798, 1825, 1831, 1798, + 1825, 1831, 132, 1798, 1806, 1831, 1839, 133, 133, 133, + 133, 133, 133, 1841, 133, 1841, 1841, 133, 1841, 133, + + 1847, 133, 133, 1841, 133, 1723, 133, 1851, 1841, 133, + 1723, 133, 1851, 133, 133, 133, 133, 1841, 133, 1847, + 1851, 1859, 1723, 133, 1851, 133, 133, 133, 133, 1732, + 133, 1863, 1851, 1732, 1863, 133, 133, 133, 133, 133, + 133, 1851, 1859, 1863, 1871, 1732, 1863, 133, 133, 133, + 133, 133, 133, 1744, 1875, 1863, 1744, 1875, 133, 133, + 133, 133, 2864, 2864, 1863, 1871, 1875, 1883, 1884, 1884, + 1884, 1884, 1884, 1538, 1884, 1884, 1884, 1884, 1884, 1884, + 2864, 2864, 1888, 1889, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 1659, 1659, 1886, 1659, 1659, 1895, 1538, 1782, 132, + + 1884, 1884, 1884, 1884, 1884, 1884, 1885, 1659, 1659, 1782, + 132, 1887, 1659, 1782, 1782, 1908, 46, 1894, 1896, 1896, + 1897, 1897, 1897, 1538, 1893, 1782, 1890, 1891, 1782, 1908, + 132, 1782, 1786, 46, 1892, 1897, 1897, 1897, 1897, 1897, + 1538, 1794, 132, 1782, 1908, 1794, 1920, 1908, 1794, 1920, + 132, 132, 1926, 1926, 132, 1926, 1931, 1926, 1931, 132, + 1931, 1936, 1931, 1936, 132, 1936, 1941, 1936, 1941, 132, + 1941, 1946, 1794, 1941, 1946, 132, 1794, 1920, 1946, 1954, + 1920, 1946, 1954, 132, 133, 133, 133, 133, 133, 133, + 1841, 133, 1841, 1841, 1963, 1841, 133, 1963, 133, 133, + + 133, 133, 133, 133, 1841, 1841, 1847, 133, 1841, 1963, + 133, 133, 133, 1847, 133, 133, 1974, 1963, 1847, 133, + 1974, 133, 133, 133, 133, 1847, 133, 1851, 1859, 133, + 1847, 133, 1974, 133, 133, 1859, 133, 1986, 133, 1974, + 1859, 133, 1986, 133, 133, 133, 133, 1859, 133, 1863, + 1871, 133, 1859, 133, 1986, 133, 133, 1871, 133, 1998, + 133, 1986, 1871, 2864, 1998, 2003, 2003, 2003, 2003, 2003, + 1538, 2003, 2003, 2003, 2003, 2003, 2003, 2864, 2864, 2004, + 2005, 2864, 2864, 2864, 2864, 2864, 2864, 1659, 1659, 46, + 2006, 2009, 2009, 2010, 2010, 2010, 1659, 2003, 2003, 2003, + + 2003, 2003, 2003, 46, 1782, 2010, 2010, 2010, 2010, 2010, + 1659, 1782, 2014, 1782, 1782, 2007, 1782, 1782, 2014, 132, + 1782, 2014, 2014, 2023, 1782, 2014, 1908, 2027, 2008, 2014, + 1908, 2027, 132, 2014, 2023, 2027, 2035, 1926, 132, 1926, + 2039, 1926, 2039, 132, 2039, 2044, 2039, 2044, 132, 2044, + 2049, 2044, 2049, 132, 2049, 2054, 2049, 2054, 132, 1908, + 2027, 2054, 2060, 2027, 2054, 2060, 132, 2027, 2035, 2060, + 2068, 133, 133, 133, 133, 133, 133, 1841, 1841, 1841, + 1963, 133, 1963, 133, 133, 133, 133, 1963, 133, 2075, + 1841, 1963, 1963, 133, 2079, 133, 133, 133, 133, 1963, + + 133, 1963, 2079, 133, 1963, 133, 2075, 133, 133, 2079, + 133, 2087, 133, 1963, 2079, 133, 1974, 133, 2091, 133, + 133, 2079, 133, 1974, 133, 2091, 133, 133, 2079, 133, + 2087, 133, 2091, 2099, 133, 1974, 133, 2091, 133, 133, + 1986, 133, 2103, 133, 2091, 1986, 133, 2103, 133, 133, + 133, 2113, 2091, 2114, 2099, 2103, 2111, 2112, 2112, 2112, + 2112, 2112, 1659, 2112, 2112, 2112, 2112, 2112, 2112, 2864, + 2864, 46, 2864, 2117, 2117, 2118, 2118, 2118, 1659, 46, + 1782, 2118, 2118, 2118, 2118, 2118, 1659, 1782, 2014, 2112, + 2112, 2112, 2112, 2112, 2112, 132, 1782, 1782, 2014, 2014, + + 2124, 2014, 2014, 2124, 132, 2014, 2014, 2023, 132, 2014, + 2124, 2115, 2116, 2023, 2136, 2124, 2023, 2136, 132, 1926, + 1926, 2039, 132, 2039, 2145, 2039, 2145, 132, 2145, 2150, + 2145, 2150, 132, 2150, 2155, 2150, 2155, 132, 2155, 2160, + 2023, 2155, 2160, 132, 2023, 2136, 2160, 2168, 2136, 2160, + 2168, 132, 133, 133, 133, 133, 133, 133, 1841, 1963, + 1963, 1963, 1963, 2075, 133, 133, 133, 133, 133, 133, + 133, 1963, 1963, 2075, 133, 1963, 2075, 133, 133, 133, + 2075, 133, 133, 2183, 2075, 2075, 133, 2183, 133, 133, + 133, 133, 2075, 133, 2079, 2087, 133, 2075, 133, 2183, + + 133, 133, 2087, 133, 2195, 133, 2183, 2087, 133, 2195, + 133, 133, 133, 133, 2087, 133, 2091, 2099, 133, 2087, + 133, 2195, 133, 133, 2099, 133, 2207, 133, 2195, 2099, + 2213, 2207, 2212, 2212, 2212, 2212, 2212, 1659, 2212, 2212, + 2212, 2212, 2212, 2212, 2214, 2864, 2864, 46, 2014, 2217, + 2217, 2218, 2218, 2218, 1659, 46, 2014, 2218, 2218, 2218, + 2218, 2218, 1659, 2014, 2212, 2212, 2212, 2212, 2212, 2212, + 2014, 2124, 132, 2014, 2124, 2124, 2225, 2014, 2124, 2124, + 2229, 2124, 2124, 2229, 132, 2215, 2124, 2225, 2229, 2237, + 1926, 2039, 2039, 2216, 2145, 132, 2145, 2242, 2145, 2242, + + 132, 2242, 2247, 2242, 2247, 132, 2247, 2252, 2247, 2252, + 132, 2124, 2229, 2252, 2258, 2229, 2252, 2258, 132, 2229, + 2237, 2258, 2266, 133, 133, 133, 133, 133, 133, 1963, + 1963, 2075, 2075, 2270, 2075, 133, 133, 133, 133, 133, + 133, 2075, 2075, 2075, 2270, 133, 2075, 133, 133, 133, + 133, 2270, 133, 2270, 2279, 2075, 2270, 133, 2183, 133, + 133, 133, 133, 2283, 133, 2270, 2183, 2283, 133, 133, + 2270, 133, 133, 133, 2279, 2283, 133, 2291, 2183, 2283, + 133, 133, 2195, 133, 133, 133, 2295, 2283, 133, 2195, + 2295, 133, 133, 133, 2283, 2305, 2306, 2291, 2295, 2303, + + 2304, 2304, 2304, 2304, 2304, 1659, 2304, 2304, 2304, 2304, + 2304, 2304, 2864, 2864, 46, 2014, 2310, 2310, 2311, 2311, + 2311, 1659, 46, 2124, 2311, 2311, 2311, 2311, 2311, 1659, + 2124, 2124, 2304, 2304, 2304, 2304, 2304, 2304, 2124, 2225, + 132, 2124, 2124, 2225, 132, 2124, 2225, 2225, 2322, 2225, + 2225, 2322, 2308, 132, 2864, 2145, 2145, 2309, 2242, 2307, + 132, 2039, 2242, 2331, 2242, 2331, 132, 2331, 2336, 2331, + 2336, 132, 2336, 2341, 2225, 2336, 2341, 132, 2225, 2322, + 2341, 2349, 2322, 2341, 2349, 132, 133, 133, 133, 133, + 133, 133, 2075, 2075, 2270, 133, 2075, 2075, 133, 133, + + 133, 2270, 133, 133, 2270, 2359, 2270, 133, 2270, 2359, + 133, 133, 133, 133, 133, 133, 2270, 2270, 2279, 133, + 2270, 2359, 133, 133, 133, 2279, 133, 133, 2371, 2359, + 2279, 133, 2371, 133, 133, 133, 133, 2279, 133, 2283, + 2291, 133, 2279, 133, 2371, 133, 133, 2291, 133, 2383, + 133, 2371, 2291, 2864, 2383, 2388, 2388, 2388, 2388, 2388, + 1659, 2388, 2388, 2388, 2388, 2388, 2388, 2864, 2864, 46, + 2124, 2391, 2391, 2392, 2392, 2392, 1782, 46, 2124, 2392, + 2392, 2392, 2392, 2392, 1782, 2225, 2225, 2388, 2388, 2388, + 2388, 2388, 2388, 2396, 2225, 2225, 2225, 2389, 2225, 2396, + + 132, 2225, 2390, 2396, 2396, 2405, 2145, 2242, 2242, 2331, + 132, 2331, 2410, 2331, 2410, 132, 2410, 2415, 2410, 2415, + 132, 2225, 2396, 2415, 2421, 2396, 2415, 2421, 132, 2396, + 2405, 2421, 2429, 133, 133, 133, 133, 133, 133, 2270, + 2270, 2270, 2270, 2359, 133, 133, 133, 133, 133, 133, + 2270, 2359, 2359, 2436, 2270, 2359, 133, 133, 133, 133, + 133, 133, 2359, 2440, 2359, 2359, 2440, 133, 133, 133, + 133, 133, 133, 2359, 2436, 2440, 2448, 2359, 2440, 133, + 133, 133, 133, 133, 133, 2371, 2452, 2440, 2371, 2452, + 133, 133, 133, 133, 2864, 2864, 2440, 2448, 2452, 2460, + + 2461, 2461, 2461, 2461, 2461, 1782, 2461, 2461, 2461, 2461, + 2461, 2461, 46, 2225, 2463, 2463, 2464, 2464, 2464, 1782, + 46, 2225, 2464, 2464, 2464, 2464, 2464, 1782, 2462, 2396, + 132, 2225, 2461, 2461, 2461, 2461, 2461, 2461, 2225, 2396, + 2396, 2470, 2396, 2396, 2470, 132, 2242, 2331, 2331, 2410, + 132, 2410, 2479, 2410, 2479, 132, 2479, 2484, 2396, 2479, + 2484, 132, 2396, 2470, 2484, 2492, 2470, 2484, 2492, 132, + 133, 133, 133, 133, 133, 133, 2270, 2359, 2359, 2359, + 2359, 2436, 133, 133, 133, 133, 133, 133, 133, 2359, + 2359, 2436, 133, 2359, 2436, 133, 133, 133, 2436, 133, + + 133, 2507, 2436, 2436, 133, 2507, 133, 133, 133, 133, + 2436, 133, 2440, 2448, 133, 2436, 133, 2507, 133, 133, + 2448, 133, 2519, 133, 2507, 2448, 2864, 2519, 2524, 2524, + 2524, 2524, 2524, 1782, 2524, 2524, 2524, 2524, 2524, 2524, + 46, 2396, 2525, 2525, 2526, 2526, 2526, 1782, 46, 2396, + 2526, 2526, 2526, 2526, 2526, 1782, 2396, 2396, 2470, 132, + 2524, 2524, 2524, 2524, 2524, 2524, 2396, 2470, 2470, 2533, + 2331, 2410, 2410, 2479, 132, 2479, 2538, 2479, 2538, 132, + 2396, 2470, 2538, 2544, 2470, 2538, 2544, 132, 2470, 2533, + 2544, 2552, 133, 133, 133, 133, 133, 133, 2359, 2359, + + 2436, 2436, 2556, 2436, 133, 133, 133, 133, 133, 133, + 2436, 2436, 2436, 2556, 133, 2436, 133, 133, 133, 133, + 2556, 133, 2556, 2565, 2436, 2556, 133, 2507, 133, 133, + 133, 133, 2569, 133, 2556, 2507, 2569, 133, 133, 2556, + 133, 2396, 2470, 2565, 2569, 2470, 2577, 2578, 2578, 2578, + 2578, 2578, 1782, 2578, 2578, 2578, 2578, 2578, 2578, 46, + 2470, 2579, 2579, 2580, 2580, 2580, 1782, 46, 2470, 2580, + 2580, 2580, 2580, 2580, 1782, 2533, 132, 2410, 2479, 2578, + 2578, 2578, 2578, 2578, 2578, 2479, 2538, 132, 2538, 2590, + 2470, 2538, 2590, 132, 2470, 2533, 2590, 2597, 2533, 2590, + + 2597, 132, 133, 133, 133, 133, 133, 133, 2436, 2436, + 2556, 133, 2436, 2436, 133, 133, 133, 2556, 133, 133, + 2556, 2607, 2556, 133, 2556, 2607, 133, 133, 133, 133, + 133, 133, 2556, 2556, 2565, 133, 2556, 2607, 133, 133, + 133, 2565, 133, 133, 2619, 2607, 2565, 2470, 2619, 2624, + 2624, 2624, 2624, 2624, 1782, 2624, 2624, 2624, 2624, 2624, + 2624, 46, 2470, 2625, 2625, 2626, 2626, 2626, 2014, 46, + 2533, 2626, 2626, 2626, 2626, 2626, 2014, 2533, 2630, 2479, + 2538, 2624, 2624, 2624, 2624, 2624, 2624, 2538, 2590, 132, + 2533, 2590, 2635, 2533, 2590, 2635, 132, 2533, 2630, 2635, + + 2643, 133, 133, 133, 133, 133, 133, 2556, 2556, 2556, + 2556, 2607, 133, 133, 133, 133, 133, 133, 2556, 2607, + 2607, 2650, 2556, 2607, 133, 133, 133, 133, 133, 133, + 2607, 2654, 2607, 2607, 2654, 133, 133, 133, 133, 2533, + 2533, 2607, 2650, 2654, 2662, 2663, 2663, 2663, 2663, 2663, + 2014, 2663, 2663, 2663, 2663, 2663, 2663, 46, 2630, 2664, + 2664, 2665, 2665, 2665, 2014, 46, 132, 2665, 2665, 2665, + 2665, 2665, 2014, 2538, 2590, 2590, 2635, 2663, 2663, 2663, + 2663, 2663, 2663, 132, 2533, 2630, 2635, 2674, 2630, 2635, + 2674, 132, 133, 133, 133, 133, 133, 133, 2556, 2607, + + 2607, 2607, 2607, 2650, 133, 133, 133, 133, 133, 133, + 133, 2607, 2607, 2650, 133, 2607, 2650, 133, 133, 133, + 2650, 133, 133, 2689, 2650, 2650, 2630, 2689, 2694, 2694, + 2694, 2694, 2694, 2014, 2694, 2694, 2694, 2694, 2694, 2694, + 46, 2630, 2695, 2695, 2696, 2696, 2696, 2014, 46, 2699, + 2696, 2696, 2696, 2696, 2696, 2014, 2590, 2635, 2630, 2635, + 2694, 2694, 2694, 2694, 2694, 2694, 2674, 132, 2630, 2699, + 2674, 2706, 133, 133, 133, 133, 133, 133, 2607, 2607, + 2650, 2650, 2710, 2650, 133, 133, 133, 133, 133, 133, + 2650, 2650, 2650, 2710, 133, 2650, 133, 133, 2630, 2699, + + 2710, 132, 2710, 2719, 2720, 2720, 2720, 2720, 2720, 2014, + 2720, 2720, 2720, 2720, 2720, 2720, 46, 2635, 2721, 2721, + 2722, 2722, 2722, 2014, 46, 2699, 2722, 2722, 2722, 2722, + 2722, 2014, 2674, 2699, 2674, 2706, 2720, 2720, 2720, 2720, + 2720, 2720, 132, 133, 133, 133, 133, 133, 133, 2650, + 2650, 2710, 133, 2650, 2650, 133, 133, 133, 2710, 133, + 133, 2710, 2735, 2710, 133, 2710, 2735, 2740, 2740, 2740, + 2740, 2740, 2699, 2740, 2740, 2740, 2740, 2740, 2740, 46, + 2745, 2741, 2741, 2742, 2742, 2742, 2124, 46, 2674, 2742, + 2742, 2742, 2742, 2742, 2124, 2699, 2745, 2706, 2748, 2740, + + 2740, 2740, 2740, 2740, 2740, 133, 133, 133, 133, 133, + 133, 2710, 2710, 2710, 2710, 2735, 133, 133, 133, 133, + 2699, 2745, 2710, 2735, 2735, 2756, 2757, 2757, 2757, 2757, + 2757, 2124, 2757, 2757, 2757, 2757, 2757, 2757, 46, 132, + 2758, 2758, 2759, 2759, 2759, 2124, 46, 2745, 2759, 2759, + 2759, 2759, 2759, 2124, 2706, 2748, 133, 2745, 2757, 2757, + 2757, 2757, 2757, 2757, 2762, 2763, 2763, 2763, 2763, 133, + 133, 133, 133, 133, 133, 2710, 2735, 2735, 2735, 2735, + 2756, 2769, 2769, 2769, 2769, 2769, 2745, 2769, 2769, 2769, + 2769, 2769, 2769, 46, 2748, 2770, 2770, 2771, 2771, 2771, + + 2124, 46, 2745, 2771, 2771, 2771, 2771, 2771, 2124, 2748, + 132, 1471, 1466, 2769, 2769, 2769, 2769, 2769, 2769, 2762, + 2763, 2763, 2763, 2763, 2763, 2763, 2763, 2763, 2763, 133, + 133, 133, 133, 1329, 1471, 2735, 2735, 2756, 2756, 2776, + 2776, 2776, 2776, 2776, 1466, 2776, 2776, 2776, 2776, 2776, + 2776, 46, 132, 2777, 2777, 2778, 2778, 2778, 2124, 46, + 1466, 2778, 2778, 2778, 2778, 2778, 2124, 1461, 1466, 1461, + 132, 2776, 2776, 2776, 2776, 2776, 2776, 133, 133, 1461, + 1456, 1461, 1456, 2756, 2756, 2780, 2780, 2780, 2780, 2780, + 132, 2780, 2780, 2780, 2780, 2780, 2780, 46, 1456, 2781, + + 2781, 2782, 2782, 2782, 2225, 46, 1456, 2782, 2782, 2782, + 2782, 2782, 2225, 132, 1450, 1329, 1438, 2780, 2780, 2780, + 2780, 2780, 2780, 133, 1450, 1329, 1438, 1318, 132, 2756, + 2783, 2783, 2783, 2783, 2783, 2225, 2783, 2783, 2783, 2783, + 2783, 2783, 46, 1329, 2784, 2784, 2785, 2785, 2785, 2225, + 46, 1322, 2785, 2785, 2785, 2785, 2785, 2225, 1318, 132, + 1438, 1318, 2783, 2783, 2783, 2783, 2783, 2783, 2786, 2786, + 2786, 2786, 2786, 1429, 2786, 2786, 2786, 2786, 2786, 2786, + 46, 1438, 2787, 2787, 2788, 2788, 2788, 2225, 46, 1318, + 2788, 2788, 2788, 2788, 2788, 2225, 1429, 132, 1318, 1314, + + 2786, 2786, 2786, 2786, 2786, 2786, 2789, 2789, 2789, 2789, + 2789, 1314, 2789, 2789, 2789, 2789, 2789, 2789, 46, 132, + 2790, 2790, 2791, 2791, 2791, 2225, 46, 1429, 2791, 2791, + 2791, 2791, 2791, 2225, 1429, 132, 2864, 2864, 2789, 2789, + 2789, 2789, 2789, 2789, 2792, 2792, 2792, 2792, 2792, 2864, + 2792, 2792, 2792, 2792, 2792, 2792, 46, 1411, 2793, 2793, + 2794, 2794, 2794, 2396, 46, 1410, 2794, 2794, 2794, 2794, + 2794, 2396, 2864, 133, 133, 133, 2792, 2792, 2792, 2792, + 2792, 2792, 2795, 2795, 2795, 2795, 2795, 2396, 2795, 2795, + 2795, 2795, 2795, 2795, 46, 133, 2796, 2796, 2797, 2797, + + 2797, 2396, 46, 1368, 2797, 2797, 2797, 2797, 2797, 2396, + 1360, 1341, 1333, 132, 2795, 2795, 2795, 2795, 2795, 2795, + 2798, 2798, 2798, 2798, 2798, 1360, 2798, 2798, 2798, 2798, + 2798, 2798, 46, 1354, 2799, 2799, 2800, 2800, 2800, 2396, + 46, 1333, 2800, 2800, 2800, 2800, 2800, 2396, 1360, 1354, + 1333, 1216, 2798, 2798, 2798, 2798, 2798, 2798, 2801, 2801, + 2801, 2801, 2801, 132, 2801, 2801, 2801, 2801, 2801, 2801, + 46, 1354, 2802, 2802, 2803, 2803, 2803, 2396, 46, 1349, + 2803, 2803, 2803, 2803, 2803, 2396, 1354, 1349, 132, 1349, + 2801, 2801, 2801, 2801, 2801, 2801, 2804, 2804, 2804, 2804, + + 2804, 1344, 2804, 2804, 2804, 2804, 2804, 2804, 46, 1349, + 2805, 2805, 2806, 2806, 2806, 2470, 46, 1344, 2806, 2806, + 2806, 2806, 2806, 2470, 132, 1344, 1344, 132, 2804, 2804, + 2804, 2804, 2804, 2804, 2807, 2807, 2807, 2807, 2807, 2470, + 2807, 2807, 2807, 2807, 2807, 2807, 46, 1341, 2808, 2808, + 2809, 2809, 2809, 2470, 46, 1333, 2809, 2809, 2809, 2809, + 2809, 2470, 1329, 1322, 132, 1333, 2807, 2807, 2807, 2807, + 2807, 2807, 2810, 2810, 2810, 2810, 2810, 1216, 2810, 2810, + 2810, 2810, 2810, 2810, 46, 1322, 2811, 2811, 2812, 2812, + 2812, 2470, 46, 1333, 2812, 2812, 2812, 2812, 2812, 2470, + + 1216, 1322, 1208, 1329, 2810, 2810, 2810, 2810, 2810, 2810, + 2813, 2813, 2813, 2813, 2813, 1322, 2813, 2813, 2813, 2813, + 2813, 2813, 46, 1318, 2814, 2814, 2815, 2815, 2815, 2470, + 46, 132, 2815, 2815, 2815, 2815, 2815, 2470, 1322, 1208, + 1322, 1208, 2813, 2813, 2813, 2813, 2813, 2813, 2816, 2816, + 2816, 2816, 2816, 1208, 2816, 2816, 2816, 2816, 2816, 2816, + 46, 1318, 2817, 2817, 2818, 2818, 2818, 2533, 46, 132, + 2818, 2818, 2818, 2818, 2818, 2533, 2864, 1297, 1296, 2864, + 2816, 2816, 2816, 2816, 2816, 2816, 2819, 2819, 2819, 2819, + 2819, 2533, 2819, 2819, 2819, 2819, 2819, 2819, 46, 133, + + 2820, 2820, 2821, 2821, 2821, 2533, 46, 133, 2821, 2821, + 2821, 2821, 2821, 2533, 133, 133, 133, 133, 2819, 2819, + 2819, 2819, 2819, 2819, 2822, 2822, 2822, 2822, 2822, 132, + 2822, 2822, 2822, 2822, 2822, 2822, 46, 1253, 2823, 2823, + 2824, 2824, 2824, 2533, 46, 1245, 2824, 2824, 2824, 2824, + 2824, 2533, 1227, 1253, 1245, 1227, 2822, 2822, 2822, 2822, + 2822, 2822, 2825, 2825, 2825, 2825, 2825, 1113, 2825, 2825, + 2825, 2825, 2825, 2825, 46, 132, 2826, 2826, 2827, 2827, + 2827, 2533, 46, 1245, 2827, 2827, 2827, 2827, 2827, 2533, + 1240, 1113, 1245, 1240, 2825, 2825, 2825, 2825, 2825, 2825, + + 2828, 2828, 2828, 2828, 2828, 132, 2828, 2828, 2828, 2828, + 2828, 2828, 46, 1240, 2829, 2829, 2830, 2830, 2830, 2630, + 46, 1235, 2830, 2830, 2830, 2830, 2830, 2630, 1240, 1235, + 132, 1235, 2828, 2828, 2828, 2828, 2828, 2828, 2831, 2831, + 2831, 2831, 2831, 2630, 2831, 2831, 2831, 2831, 2831, 2831, + 46, 1235, 2832, 2832, 2833, 2833, 2833, 2630, 46, 132, + 2833, 2833, 2833, 2833, 2833, 2630, 1232, 132, 1227, 1113, + 2831, 2831, 2831, 2831, 2831, 2831, 2834, 2834, 2834, 2834, + 2834, 1216, 2834, 2834, 2834, 2834, 2834, 2834, 46, 1227, + 2835, 2835, 2836, 2836, 2836, 2630, 46, 1113, 2836, 2836, + + 2836, 2836, 2836, 2630, 1216, 1104, 132, 1113, 2834, 2834, + 2834, 2834, 2834, 2834, 2837, 2837, 2837, 2837, 2837, 1108, + 2837, 2837, 2837, 2837, 2837, 2837, 46, 1104, 2838, 2838, + 2839, 2839, 2839, 2630, 46, 132, 2839, 2839, 2839, 2839, + 2839, 2630, 1216, 1104, 1216, 1104, 2837, 2837, 2837, 2837, + 2837, 2837, 2840, 2840, 2840, 2840, 2840, 132, 2840, 2840, + 2840, 2840, 2840, 2840, 46, 1104, 2841, 2841, 2842, 2842, + 2842, 2699, 46, 1104, 2842, 2842, 2842, 2842, 2842, 2699, + 132, 1190, 1189, 1188, 2840, 2840, 2840, 2840, 2840, 2840, + 2843, 2843, 2843, 2843, 2843, 2699, 2843, 2843, 2843, 2843, + + 2843, 2843, 46, 1187, 2844, 2844, 2845, 2845, 2845, 2699, + 46, 2864, 2845, 2845, 2845, 2845, 2845, 2699, 2864, 133, + 133, 133, 2843, 2843, 2843, 2843, 2843, 2843, 2846, 2846, + 2846, 2846, 2846, 1149, 2846, 2846, 2846, 2846, 2846, 2846, + 46, 1141, 2847, 2847, 2848, 2848, 2848, 2699, 46, 1125, + 2848, 2848, 2848, 2848, 2848, 2699, 1117, 132, 1141, 1135, + 2846, 2846, 2846, 2846, 2846, 2846, 2849, 2849, 2849, 2849, + 2849, 1117, 2849, 2849, 2849, 2849, 2849, 2849, 46, 1141, + 2850, 2850, 2851, 2851, 2851, 2699, 46, 1135, 2851, 2851, + 2851, 2851, 2851, 2699, 1117, 1011, 132, 1135, 2849, 2849, + + 2849, 2849, 2849, 2849, 2852, 2852, 2852, 2852, 2852, 1130, + 2852, 2852, 2852, 2852, 2852, 2852, 46, 1135, 2853, 2853, + 2854, 2854, 2854, 2745, 46, 1130, 2854, 2854, 2854, 2854, + 2854, 2745, 132, 1130, 1127, 1130, 2852, 2852, 2852, 2852, + 2852, 2852, 2855, 2855, 2855, 2855, 2855, 2745, 2855, 2855, + 2855, 2855, 2855, 2855, 46, 132, 2856, 2856, 2857, 2857, + 2857, 2745, 46, 1127, 2857, 2857, 2857, 2857, 2857, 2745, + 1125, 1117, 1113, 1108, 2855, 2855, 2855, 2855, 2855, 2855, + 2858, 2858, 2858, 2858, 2858, 132, 2858, 2858, 2858, 2858, + 2858, 2858, 46, 1117, 2859, 2859, 2860, 2860, 2860, 2745, + + 46, 1011, 2860, 2860, 2860, 2860, 2860, 2745, 1108, 1117, + 1011, 1108, 2858, 2858, 2858, 2858, 2858, 2858, 2861, 2861, + 2861, 2861, 2861, 1113, 2861, 2861, 2861, 2861, 2861, 2861, + 46, 1108, 2862, 2862, 2863, 2863, 2863, 2745, 46, 132, + 2863, 2863, 2863, 2863, 2863, 2745, 1108, 1108, 132, 2864, + 2861, 2861, 2861, 2861, 2861, 2861, 52, 52, 52, 52, + 52, 1086, 52, 52, 52, 52, 52, 52, 46, 1085, + 2862, 2862, 2863, 2863, 2863, 46, 1084, 2863, 2863, 2863, + 2863, 2863, 1083, 2864, 133, 133, 133, 133, 52, 52, + 52, 52, 52, 52, 42, 42, 42, 42, 42, 42, + + 42, 42, 45, 133, 45, 45, 45, 45, 45, 45, + 50, 132, 50, 50, 52, 52, 1043, 52, 52, 52, + 130, 1035, 130, 130, 131, 131, 134, 134, 219, 1020, + 219, 219, 220, 220, 221, 221, 225, 225, 225, 309, + 1043, 309, 309, 310, 310, 311, 311, 313, 313, 314, + 314, 315, 315, 315, 317, 317, 389, 1035, 389, 389, + 390, 390, 391, 391, 393, 393, 394, 394, 395, 395, + 396, 396, 398, 398, 398, 400, 400, 401, 401, 401, + 476, 1020, 476, 476, 477, 477, 478, 478, 480, 480, + 481, 481, 482, 482, 483, 483, 485, 485, 486, 486, + + 487, 487, 488, 488, 488, 490, 490, 491, 491, 491, + 493, 493, 493, 494, 494, 563, 916, 563, 563, 564, + 564, 565, 565, 567, 567, 569, 569, 570, 570, 571, + 571, 573, 573, 574, 574, 575, 575, 576, 576, 577, + 577, 578, 578, 580, 580, 580, 582, 582, 583, 583, + 583, 585, 585, 585, 586, 586, 587, 587, 587, 588, + 588, 588, 654, 132, 654, 654, 655, 655, 656, 656, + 658, 658, 659, 659, 660, 660, 662, 662, 663, 663, + 665, 665, 666, 666, 667, 667, 668, 668, 669, 669, + 670, 670, 672, 672, 673, 673, 674, 674, 675, 675, + + 676, 676, 676, 678, 678, 679, 679, 679, 680, 680, + 680, 681, 681, 682, 682, 682, 683, 683, 683, 685, + 685, 685, 686, 686, 686, 687, 687, 52, 52, 1035, + 52, 52, 738, 1030, 738, 738, 739, 739, 740, 740, + 742, 742, 743, 743, 744, 744, 745, 745, 654, 654, + 748, 748, 749, 749, 751, 751, 752, 752, 753, 753, + 754, 754, 755, 755, 757, 757, 758, 758, 759, 759, + 760, 760, 761, 761, 762, 762, 763, 763, 765, 765, + 765, 767, 767, 768, 768, 768, 770, 770, 770, 771, + 771, 771, 772, 772, 772, 774, 774, 774, 775, 775, + + 775, 776, 776, 777, 777, 777, 778, 778, 778, 779, + 779, 779, 52, 52, 916, 52, 52, 824, 1035, 824, + 824, 825, 825, 826, 826, 827, 827, 828, 828, 829, + 829, 830, 830, 832, 832, 833, 833, 834, 834, 835, + 835, 836, 836, 838, 838, 839, 839, 840, 840, 841, + 841, 843, 843, 844, 844, 845, 845, 846, 846, 847, + 847, 848, 848, 849, 849, 851, 851, 852, 852, 853, + 853, 854, 854, 855, 855, 855, 857, 857, 858, 858, + 858, 860, 860, 860, 861, 861, 765, 765, 765, 862, + 862, 862, 863, 863, 863, 864, 864, 865, 865, 865, + + 866, 866, 866, 867, 867, 867, 869, 869, 869, 870, + 870, 870, 871, 871, 871, 872, 872, 52, 52, 1030, + 52, 52, 913, 132, 913, 913, 914, 914, 915, 915, + 917, 917, 918, 918, 919, 919, 921, 921, 922, 922, + 923, 923, 924, 924, 925, 925, 926, 926, 928, 928, + 930, 930, 931, 931, 932, 932, 933, 933, 832, 832, + 935, 935, 936, 936, 937, 937, 938, 938, 939, 939, + 941, 941, 942, 942, 943, 943, 944, 944, 945, 945, + 946, 946, 947, 947, 949, 949, 949, 951, 951, 952, + 952, 952, 954, 954, 954, 955, 955, 956, 956, 956, + + 957, 957, 957, 959, 959, 959, 960, 960, 960, 961, + 961, 961, 963, 963, 963, 964, 964, 964, 965, 965, + 965, 966, 966, 967, 967, 967, 968, 968, 968, 969, + 969, 969, 52, 52, 1030, 52, 52, 1008, 1026, 1008, + 1008, 1009, 1009, 1010, 1010, 1012, 1012, 1013, 1013, 913, + 913, 1014, 1014, 1015, 1015, 1016, 1016, 1017, 1017, 1018, + 1018, 1019, 1019, 1021, 1021, 1022, 1022, 1023, 1023, 1024, + 1024, 1025, 1025, 1027, 1027, 1028, 1028, 1029, 1029, 921, + 921, 1031, 1031, 1032, 1032, 1033, 1033, 1034, 1034, 1036, + 1036, 1037, 1037, 1038, 1038, 1039, 1039, 1040, 1040, 1041, + + 1041, 1042, 1042, 1044, 1044, 1045, 1045, 1046, 1046, 1047, + 1047, 1048, 1048, 1048, 1050, 1050, 1051, 1051, 1051, 1052, + 1052, 1052, 1053, 1053, 1054, 1054, 1054, 1055, 1055, 1055, + 1057, 1057, 1057, 1058, 1058, 1058, 1059, 1059, 1060, 1060, + 1060, 1061, 1061, 1061, 1062, 1062, 1062, 1063, 1063, 1064, + 1064, 1064, 1065, 1065, 1065, 1066, 1066, 1066, 1068, 1068, + 1068, 1069, 1069, 1069, 1070, 1070, 1070, 1071, 1071, 52, + 52, 1030, 52, 52, 1105, 1026, 1105, 1105, 1106, 1106, + 1107, 1107, 1109, 1109, 1110, 1110, 1111, 1111, 1112, 1112, + 1114, 1114, 1115, 1115, 1116, 1116, 1118, 1118, 1119, 1119, + + 1120, 1120, 1121, 1121, 1122, 1122, 1123, 1123, 1124, 1124, + 1126, 1126, 1128, 1128, 1129, 1129, 1014, 1014, 1131, 1131, + 1132, 1132, 1133, 1133, 1134, 1134, 1022, 1022, 1136, 1136, + 1137, 1137, 1138, 1138, 1139, 1139, 1140, 1140, 1142, 1142, + 1143, 1143, 1144, 1144, 1145, 1145, 1146, 1146, 1147, 1147, + 1148, 1148, 1150, 1150, 1150, 1152, 1152, 1153, 1153, 1153, + 1155, 1155, 1155, 1156, 1156, 1156, 1157, 1157, 1157, 1159, + 1159, 1159, 1160, 1160, 1160, 1161, 1161, 1162, 1162, 1162, + 1163, 1163, 1163, 1164, 1164, 1164, 1166, 1166, 1166, 1167, + 1167, 1167, 1168, 1168, 1168, 1170, 1170, 1170, 1171, 1171, + + 1171, 1172, 1172, 1172, 1173, 1173, 1174, 1174, 1174, 1175, + 1175, 1175, 1176, 1176, 1176, 52, 52, 132, 52, 52, + 1209, 1026, 1209, 1209, 1210, 1210, 1211, 1211, 1212, 1212, + 1213, 1213, 1214, 1214, 1215, 1215, 1217, 1217, 1218, 1218, + 1219, 1219, 1220, 1220, 1221, 1221, 1222, 1222, 1223, 1223, + 1224, 1224, 1225, 1225, 1226, 1226, 1228, 1228, 1229, 1229, + 1230, 1230, 1231, 1231, 1008, 1008, 1233, 1233, 1234, 1234, + 1236, 1236, 1237, 1237, 1238, 1238, 1239, 1239, 1119, 1119, + 1241, 1241, 1242, 1242, 1243, 1243, 1244, 1244, 1246, 1246, + 1247, 1247, 1248, 1248, 1249, 1249, 1250, 1250, 1251, 1251, + + 1252, 1252, 1254, 1254, 1255, 1255, 1256, 1256, 1257, 1257, + 1258, 1258, 1258, 1260, 1260, 1261, 1261, 1261, 1263, 1263, + 1263, 1264, 1264, 1150, 1150, 1150, 1265, 1265, 1265, 1266, + 1266, 1266, 1267, 1267, 1268, 1268, 1268, 1269, 1269, 1269, + 1270, 1270, 1270, 1272, 1272, 1272, 1273, 1273, 1273, 1274, + 1274, 1274, 1275, 1275, 1276, 1276, 1276, 1277, 1277, 1277, + 1278, 1278, 1278, 1279, 1279, 1280, 1280, 1280, 1281, 1281, + 1281, 1282, 1282, 1282, 1284, 1284, 1284, 1285, 1285, 1285, + 1286, 1286, 1286, 1287, 1287, 52, 52, 132, 52, 52, + 1315, 1020, 1315, 1315, 1316, 1316, 1317, 1317, 1319, 1319, + + 1320, 1320, 1321, 1321, 1323, 1323, 1324, 1324, 1325, 1325, + 1326, 1326, 1327, 1327, 1328, 1328, 1330, 1330, 1331, 1331, + 1332, 1332, 1334, 1334, 1335, 1335, 1336, 1336, 1337, 1337, + 1338, 1338, 1339, 1339, 1340, 1340, 1342, 1342, 1343, 1343, + 1345, 1345, 1346, 1346, 1347, 1347, 1348, 1348, 1221, 1221, + 1350, 1350, 1351, 1351, 1352, 1352, 1353, 1353, 1229, 1229, + 1355, 1355, 1356, 1356, 1357, 1357, 1358, 1358, 1359, 1359, + 1361, 1361, 1362, 1362, 1363, 1363, 1364, 1364, 1365, 1365, + 1366, 1366, 1367, 1367, 1369, 1369, 1369, 1371, 1371, 1372, + 1372, 1372, 1374, 1374, 1374, 1375, 1375, 1376, 1376, 1376, + + 1377, 1377, 1377, 1379, 1379, 1379, 1380, 1380, 1380, 1381, + 1381, 1381, 1383, 1383, 1383, 1384, 1384, 1384, 1385, 1385, + 1385, 1386, 1386, 1387, 1387, 1387, 1388, 1388, 1388, 1389, + 1389, 1389, 1391, 1391, 1391, 1392, 1392, 1392, 1393, 1393, + 1393, 1395, 1395, 1395, 1396, 1396, 1396, 1397, 1397, 1397, + 1398, 1398, 1399, 1399, 1399, 1400, 1400, 1400, 1401, 1401, + 1401, 52, 52, 916, 52, 52, 1426, 1011, 1426, 1426, + 1427, 1427, 1428, 1428, 1430, 1430, 1431, 1431, 1315, 1315, + 1432, 1432, 1433, 1433, 1434, 1434, 1435, 1435, 1436, 1436, + 1437, 1437, 1439, 1439, 1440, 1440, 1441, 1441, 1442, 1442, + + 1443, 1443, 1444, 1444, 1445, 1445, 1446, 1446, 1447, 1447, + 1448, 1448, 1449, 1449, 1451, 1451, 1452, 1452, 1453, 1453, + 1454, 1454, 1455, 1455, 1457, 1457, 1458, 1458, 1459, 1459, + 1460, 1460, 1217, 1217, 1462, 1462, 1463, 1463, 1464, 1464, + 1465, 1465, 1335, 1335, 1467, 1467, 1468, 1468, 1469, 1469, + 1470, 1470, 1472, 1472, 1473, 1473, 1474, 1474, 1475, 1475, + 1476, 1476, 1477, 1477, 1478, 1478, 1480, 1480, 1481, 1481, + 1482, 1482, 1483, 1483, 1484, 1484, 1484, 1486, 1486, 1487, + 1487, 1487, 1488, 1488, 1488, 1489, 1489, 1490, 1490, 1490, + 1491, 1491, 1491, 1493, 1493, 1493, 1494, 1494, 1494, 1495, + + 1495, 1496, 1496, 1496, 1497, 1497, 1497, 1498, 1498, 1498, + 1499, 1499, 1500, 1500, 1500, 1501, 1501, 1501, 1502, 1502, + 1502, 1504, 1504, 1504, 1505, 1505, 1505, 1506, 1506, 1506, + 1507, 1507, 1508, 1508, 1508, 1509, 1509, 1509, 1510, 1510, + 1510, 1511, 1511, 1512, 1512, 1512, 1513, 1513, 1513, 1514, + 1514, 1514, 1516, 1516, 1516, 1517, 1517, 1517, 1518, 1518, + 1518, 1519, 1519, 52, 52, 1020, 52, 52, 1539, 916, + 1539, 1539, 1427, 1427, 1540, 1540, 1541, 1541, 1542, 1542, + 1543, 1543, 1544, 1544, 1546, 1546, 1547, 1547, 1548, 1548, + 1550, 1550, 1551, 1551, 1552, 1552, 1553, 1553, 1554, 1554, + + 1555, 1555, 1556, 1556, 1558, 1558, 1559, 1559, 1560, 1560, + 1562, 1562, 1563, 1563, 1564, 1564, 1565, 1565, 1566, 1566, + 1567, 1567, 1568, 1568, 1570, 1570, 1572, 1572, 1573, 1573, + 1574, 1574, 1323, 1323, 1576, 1576, 1577, 1577, 1578, 1578, + 1579, 1579, 1444, 1444, 1581, 1581, 1582, 1582, 1583, 1583, + 1584, 1584, 1452, 1452, 1586, 1586, 1587, 1587, 1588, 1588, + 1589, 1589, 1590, 1590, 1592, 1592, 1593, 1593, 1594, 1594, + 1595, 1595, 1596, 1596, 1597, 1597, 1598, 1598, 1600, 1600, + 1600, 1602, 1602, 1603, 1603, 1603, 1605, 1605, 1605, 1606, + 1606, 1606, 1607, 1607, 1607, 1609, 1609, 1609, 1610, 1610, + + 1610, 1611, 1611, 1612, 1612, 1612, 1613, 1613, 1613, 1614, + 1614, 1614, 1616, 1616, 1616, 1617, 1617, 1617, 1618, 1618, + 1618, 1620, 1620, 1620, 1621, 1621, 1621, 1622, 1622, 1622, + 1623, 1623, 1624, 1624, 1624, 1625, 1625, 1625, 1626, 1626, + 1626, 1628, 1628, 1628, 1629, 1629, 1629, 1630, 1630, 1630, + 1632, 1632, 1632, 1633, 1633, 1633, 1634, 1634, 1634, 1635, + 1635, 1636, 1636, 1636, 1637, 1637, 1637, 1638, 1638, 1638, + 52, 52, 1011, 52, 52, 1655, 132, 1655, 1655, 1542, + 1542, 1656, 1656, 1657, 1657, 1658, 1658, 1660, 1660, 1661, + 1661, 1662, 1662, 1663, 1663, 1664, 1664, 1665, 1665, 1666, + + 1666, 1667, 1667, 1668, 1668, 1669, 1669, 1671, 1671, 1672, + 1672, 1673, 1673, 1674, 1674, 1675, 1675, 1676, 1676, 1677, + 1677, 1678, 1678, 1679, 1679, 1680, 1680, 1681, 1681, 1683, + 1683, 1684, 1684, 1685, 1685, 1686, 1686, 1687, 1687, 1689, + 1689, 1690, 1690, 1432, 1432, 1692, 1692, 1693, 1693, 1694, + 1694, 1695, 1695, 1440, 1440, 1697, 1697, 1698, 1698, 1699, + 1699, 1700, 1700, 1563, 1563, 1702, 1702, 1703, 1703, 1704, + 1704, 1705, 1705, 1707, 1707, 1708, 1708, 1709, 1709, 1710, + 1710, 1711, 1711, 1712, 1712, 1713, 1713, 1715, 1715, 1716, + 1716, 1717, 1717, 1718, 1718, 1719, 1719, 1719, 1721, 1721, + + 1722, 1722, 1722, 1724, 1724, 1724, 1725, 1725, 1600, 1600, + 1600, 1726, 1726, 1726, 1727, 1727, 1727, 1728, 1728, 1729, + 1729, 1729, 1730, 1730, 1730, 1731, 1731, 1731, 1733, 1733, + 1733, 1734, 1734, 1734, 1735, 1735, 1735, 1736, 1736, 1737, + 1737, 1737, 1738, 1738, 1738, 1739, 1739, 1739, 1740, 1740, + 1741, 1741, 1741, 1742, 1742, 1742, 1743, 1743, 1743, 1745, + 1745, 1745, 1746, 1746, 1746, 1747, 1747, 1747, 1748, 1748, + 1749, 1749, 1749, 1750, 1750, 1750, 1751, 1751, 1751, 1752, + 1752, 1753, 1753, 1753, 1754, 1754, 1754, 1755, 1755, 1755, + 1757, 1757, 1757, 1758, 1758, 1758, 1759, 1759, 1759, 1760, + + 1760, 52, 52, 916, 52, 52, 1776, 912, 1776, 1776, + 1777, 1777, 1778, 1778, 1662, 1662, 1779, 1779, 1780, 1780, + 1781, 1781, 1783, 1783, 1784, 1784, 1785, 1785, 1787, 1787, + 1788, 1788, 1789, 1789, 1790, 1790, 1791, 1791, 1792, 1792, + 1793, 1793, 1795, 1795, 1796, 1796, 1797, 1797, 1799, 1799, + 1800, 1800, 1801, 1801, 1802, 1802, 1803, 1803, 1804, 1804, + 1805, 1805, 1426, 1426, 1808, 1808, 1809, 1809, 1811, 1811, + 1812, 1812, 1813, 1813, 1814, 1814, 1551, 1551, 1816, 1816, + 1817, 1817, 1818, 1818, 1819, 1819, 1676, 1676, 1821, 1821, + 1822, 1822, 1823, 1823, 1824, 1824, 1684, 1684, 1826, 1826, + + 1827, 1827, 1796, 1796, 1828, 1828, 1829, 1829, 1830, 1830, + 1832, 1832, 1833, 1833, 1834, 1834, 1835, 1835, 1804, 1804, + 1836, 1836, 1837, 1837, 1838, 1838, 1840, 1840, 1840, 1721, + 1721, 1842, 1842, 1842, 1843, 1843, 1843, 1844, 1844, 1845, + 1845, 1845, 1846, 1846, 1846, 1848, 1848, 1848, 1849, 1849, + 1849, 1850, 1850, 1850, 1852, 1852, 1852, 1853, 1853, 1853, + 1854, 1854, 1854, 1855, 1855, 1856, 1856, 1856, 1857, 1857, + 1857, 1858, 1858, 1858, 1860, 1860, 1860, 1861, 1861, 1861, + 1862, 1862, 1862, 1864, 1864, 1864, 1865, 1865, 1865, 1866, + 1866, 1866, 1867, 1867, 1868, 1868, 1868, 1869, 1869, 1869, + + 1870, 1870, 1870, 1872, 1872, 1872, 1873, 1873, 1873, 1874, + 1874, 1874, 1876, 1876, 1876, 1877, 1877, 1877, 1878, 1878, + 1878, 1879, 1879, 1880, 1880, 1880, 1881, 1881, 1881, 1882, + 1882, 1882, 52, 52, 912, 52, 52, 1777, 132, 1777, + 1777, 1779, 1779, 1898, 1898, 1899, 1899, 1900, 1900, 1901, + 1901, 1902, 1902, 1903, 1903, 1904, 1904, 1905, 1905, 1906, + 1906, 1907, 1907, 1909, 1909, 1910, 1910, 1911, 1911, 1912, + 1912, 1913, 1913, 1914, 1914, 1915, 1915, 1916, 1916, 1917, + 1917, 1918, 1918, 1919, 1919, 1921, 1921, 1922, 1922, 1923, + 1923, 1924, 1924, 1808, 1808, 1925, 1925, 1927, 1927, 1928, + + 1928, 1929, 1929, 1930, 1930, 1664, 1664, 1932, 1932, 1933, + 1933, 1934, 1934, 1935, 1935, 1672, 1672, 1937, 1937, 1938, + 1938, 1939, 1939, 1940, 1940, 1800, 1800, 1942, 1942, 1943, + 1943, 1944, 1944, 1945, 1945, 1947, 1947, 1948, 1948, 1949, + 1949, 1950, 1950, 1918, 1918, 1951, 1951, 1952, 1952, 1953, + 1953, 1955, 1955, 1956, 1956, 1957, 1957, 1958, 1958, 1959, + 1959, 1959, 1844, 1844, 1960, 1960, 1960, 1961, 1961, 1961, + 1962, 1962, 1962, 1964, 1964, 1964, 1965, 1965, 1965, 1966, + 1966, 1967, 1967, 1967, 1968, 1968, 1968, 1969, 1969, 1969, + 1970, 1970, 1971, 1971, 1971, 1972, 1972, 1972, 1973, 1973, + + 1973, 1975, 1975, 1975, 1976, 1976, 1976, 1977, 1977, 1977, + 1978, 1978, 1979, 1979, 1979, 1980, 1980, 1980, 1981, 1981, + 1981, 1982, 1982, 1983, 1983, 1983, 1984, 1984, 1984, 1985, + 1985, 1985, 1987, 1987, 1987, 1988, 1988, 1988, 1989, 1989, + 1989, 1990, 1990, 1991, 1991, 1991, 1992, 1992, 1992, 1993, + 1993, 1993, 1994, 1994, 1995, 1995, 1995, 1996, 1996, 1996, + 1997, 1997, 1997, 1999, 1999, 1999, 2000, 2000, 2000, 2001, + 2001, 2001, 2002, 2002, 52, 52, 1011, 52, 52, 1779, + 1011, 1779, 1779, 1900, 1900, 1898, 1898, 2011, 2011, 2012, + 2012, 2013, 2013, 2015, 2015, 2016, 2016, 2017, 2017, 2018, + + 2018, 2019, 2019, 2020, 2020, 2021, 2021, 2022, 2022, 2024, + 2024, 2025, 2025, 2026, 2026, 2028, 2028, 2029, 2029, 2030, + 2030, 2031, 2031, 2032, 2032, 2033, 2033, 2034, 2034, 2036, + 2036, 1928, 1928, 2037, 2037, 2038, 2038, 1660, 1660, 2040, + 2040, 2041, 2041, 2042, 2042, 2043, 2043, 1788, 1788, 2045, + 2045, 2046, 2046, 2047, 2047, 2048, 2048, 1914, 1914, 2050, + 2050, 2051, 2051, 2052, 2052, 2053, 2053, 1922, 1922, 2055, + 2055, 2056, 2056, 2025, 2025, 2057, 2057, 2058, 2058, 2059, + 2059, 2061, 2061, 2062, 2062, 2063, 2063, 2064, 2064, 2033, + 2033, 2065, 2065, 2066, 2066, 2067, 2067, 2069, 2069, 2069, + + 2070, 2070, 2070, 2071, 2071, 2071, 1966, 1966, 2072, 2072, + 2072, 2073, 2073, 2073, 2074, 2074, 2074, 2076, 2076, 2076, + 2077, 2077, 2077, 2078, 2078, 2078, 2080, 2080, 2080, 2081, + 2081, 2081, 2082, 2082, 2082, 2083, 2083, 2084, 2084, 2084, + 2085, 2085, 2085, 2086, 2086, 2086, 2088, 2088, 2088, 2089, + 2089, 2089, 2090, 2090, 2090, 2092, 2092, 2092, 2093, 2093, + 2093, 2094, 2094, 2094, 2095, 2095, 2096, 2096, 2096, 2097, + 2097, 2097, 2098, 2098, 2098, 2100, 2100, 2100, 2101, 2101, + 2101, 2102, 2102, 2102, 2104, 2104, 2104, 2105, 2105, 2105, + 2106, 2106, 2106, 2107, 2107, 2108, 2108, 2108, 2109, 2109, + + 2109, 2110, 2110, 2110, 52, 52, 132, 52, 52, 1899, + 2864, 1899, 1899, 2016, 2016, 2119, 2119, 2120, 2120, 2019, + 2019, 2012, 2012, 2121, 2121, 2122, 2122, 2123, 2123, 2125, + 2125, 2126, 2126, 2127, 2127, 2128, 2128, 2129, 2129, 2130, + 2130, 2131, 2131, 2132, 2132, 2133, 2133, 2134, 2134, 2135, + 2135, 2137, 2137, 2138, 2138, 2139, 2139, 2140, 2140, 2141, + 2141, 1777, 1777, 2142, 2142, 2041, 2041, 2143, 2143, 2144, + 2144, 1903, 1903, 2146, 2146, 2147, 2147, 2148, 2148, 2149, + 2149, 1910, 1910, 2151, 2151, 2152, 2152, 2153, 2153, 2154, + 2154, 2029, 2029, 2156, 2156, 2157, 2157, 2158, 2158, 2159, + + 2159, 2161, 2161, 2162, 2162, 2163, 2163, 2164, 2164, 2134, + 2134, 2165, 2165, 2166, 2166, 2167, 2167, 2169, 2169, 2170, + 2170, 2171, 2171, 2172, 2172, 2070, 2070, 2070, 2072, 2072, + 2072, 2173, 2173, 2173, 2174, 2174, 2174, 2175, 2175, 2175, + 2176, 2176, 2176, 2177, 2177, 2178, 2178, 2178, 2179, 2179, + 2179, 2180, 2180, 2180, 2181, 2181, 2181, 2182, 2182, 2182, + 2184, 2184, 2184, 2185, 2185, 2185, 2186, 2186, 2186, 2187, + 2187, 2188, 2188, 2188, 2189, 2189, 2189, 2190, 2190, 2190, + 2191, 2191, 2192, 2192, 2192, 2193, 2193, 2193, 2194, 2194, + 2194, 2196, 2196, 2196, 2197, 2197, 2197, 2198, 2198, 2198, + + 2199, 2199, 2200, 2200, 2200, 2201, 2201, 2201, 2202, 2202, + 2202, 2203, 2203, 2204, 2204, 2204, 2205, 2205, 2205, 2206, + 2206, 2206, 2208, 2208, 2208, 2209, 2209, 2209, 2210, 2210, + 2210, 2211, 2211, 52, 52, 2864, 52, 52, 1898, 988, + 1898, 1898, 2121, 2121, 2219, 2219, 2125, 2125, 2220, 2220, + 2221, 2221, 2128, 2128, 2222, 2222, 2223, 2223, 2224, 2224, + 2226, 2226, 2227, 2227, 2228, 2228, 2230, 2230, 2231, 2231, + 2232, 2232, 2233, 2233, 2234, 2234, 2235, 2235, 2236, 2236, + 1777, 1777, 2238, 2238, 1900, 1900, 2239, 2239, 2147, 2147, + 2240, 2240, 2241, 2241, 2017, 2017, 2243, 2243, 2244, 2244, + + 2245, 2245, 2246, 2246, 2130, 2130, 2248, 2248, 2249, 2249, + 2250, 2250, 2251, 2251, 2138, 2138, 2253, 2253, 2254, 2254, + 2227, 2227, 2255, 2255, 2256, 2256, 2257, 2257, 2259, 2259, + 2260, 2260, 2261, 2261, 2262, 2262, 2235, 2235, 2263, 2263, + 2264, 2264, 2265, 2265, 2175, 2175, 2175, 2173, 2173, 2173, + 2267, 2267, 2267, 2268, 2268, 2268, 2269, 2269, 2269, 2271, + 2271, 2271, 2272, 2272, 2272, 2273, 2273, 2273, 2274, 2274, + 2274, 2275, 2275, 2276, 2276, 2276, 2277, 2277, 2277, 2278, + 2278, 2278, 2280, 2280, 2280, 2281, 2281, 2281, 2282, 2282, + 2282, 2284, 2284, 2284, 2285, 2285, 2285, 2286, 2286, 2286, + + 2287, 2287, 2288, 2288, 2288, 2289, 2289, 2289, 2290, 2290, + 2290, 2292, 2292, 2292, 2293, 2293, 2293, 2294, 2294, 2294, + 2296, 2296, 2296, 2297, 2297, 2297, 2298, 2298, 2298, 2299, + 2299, 2300, 2300, 2300, 2301, 2301, 2301, 2302, 2302, 2302, + 52, 52, 987, 52, 52, 1900, 986, 1900, 1900, 2220, + 2220, 2222, 2222, 2312, 2312, 2313, 2313, 2314, 2314, 2315, + 2315, 2316, 2316, 2317, 2317, 2318, 2318, 2319, 2319, 2320, + 2320, 2321, 2321, 2323, 2323, 2324, 2324, 2325, 2325, 2326, + 2326, 2327, 2327, 2119, 2119, 2328, 2328, 2244, 2244, 2329, + 2329, 2330, 2330, 2126, 2126, 2332, 2332, 2333, 2333, 2334, + + 2334, 2335, 2335, 2231, 2231, 2337, 2337, 2338, 2338, 2339, + 2339, 2340, 2340, 2342, 2342, 2343, 2343, 2344, 2344, 2345, + 2345, 2346, 2346, 2347, 2347, 2348, 2348, 2350, 2350, 2351, + 2351, 2352, 2352, 2353, 2353, 2272, 2272, 2272, 2354, 2354, + 2354, 2355, 2355, 2355, 2275, 2275, 2268, 2268, 2268, 2356, + 2356, 2356, 2357, 2357, 2357, 2358, 2358, 2358, 2360, 2360, + 2360, 2361, 2361, 2361, 2362, 2362, 2362, 2363, 2363, 2364, + 2364, 2364, 2365, 2365, 2365, 2366, 2366, 2366, 2367, 2367, + 2368, 2368, 2368, 2369, 2369, 2369, 2370, 2370, 2370, 2372, + 2372, 2372, 2373, 2373, 2373, 2374, 2374, 2374, 2375, 2375, + + 2376, 2376, 2376, 2377, 2377, 2377, 2378, 2378, 2378, 2379, + 2379, 2380, 2380, 2380, 2381, 2381, 2381, 2382, 2382, 2382, + 2384, 2384, 2384, 2385, 2385, 2385, 2386, 2386, 2386, 2387, + 2387, 52, 52, 985, 52, 52, 2011, 984, 2011, 2011, + 2314, 2314, 2312, 2312, 2393, 2393, 2394, 2394, 2395, 2395, + 2397, 2397, 2398, 2398, 2399, 2399, 2400, 2400, 2401, 2401, + 2402, 2402, 2403, 2403, 2404, 2404, 2119, 2119, 2406, 2406, + 2220, 2220, 2407, 2407, 2333, 2333, 2408, 2408, 2409, 2409, + 2317, 2317, 2411, 2411, 2412, 2412, 2413, 2413, 2414, 2414, + 2324, 2324, 2416, 2416, 2417, 2417, 2418, 2418, 2419, 2419, + + 2420, 2420, 2422, 2422, 2423, 2423, 2424, 2424, 2425, 2425, + 2426, 2426, 2427, 2427, 2428, 2428, 2356, 2356, 2356, 2430, + 2430, 2430, 2360, 2360, 2360, 2431, 2431, 2431, 2432, 2432, + 2432, 2363, 2363, 2433, 2433, 2433, 2434, 2434, 2434, 2435, + 2435, 2435, 2437, 2437, 2437, 2438, 2438, 2438, 2439, 2439, + 2439, 2441, 2441, 2441, 2442, 2442, 2442, 2443, 2443, 2443, + 2444, 2444, 2445, 2445, 2445, 2446, 2446, 2446, 2447, 2447, + 2447, 2449, 2449, 2449, 2450, 2450, 2450, 2451, 2451, 2451, + 2453, 2453, 2453, 2454, 2454, 2454, 2455, 2455, 2455, 2456, + 2456, 2457, 2457, 2457, 2458, 2458, 2458, 2459, 2459, 2459, + + 52, 52, 983, 52, 52, 2016, 2864, 2016, 2016, 2398, + 2398, 2465, 2465, 2466, 2466, 2401, 2401, 2394, 2394, 2467, + 2467, 2468, 2468, 2469, 2469, 2471, 2471, 2472, 2472, 2473, + 2473, 2474, 2474, 2220, 2220, 2475, 2475, 2314, 2314, 2476, + 2476, 2412, 2412, 2477, 2477, 2478, 2478, 2399, 2399, 2480, + 2480, 2481, 2481, 2482, 2482, 2483, 2483, 2485, 2485, 2486, + 2486, 2487, 2487, 2488, 2488, 2489, 2489, 2490, 2490, 2491, + 2491, 2493, 2493, 2494, 2494, 2495, 2495, 2496, 2496, 2431, + 2431, 2431, 2433, 2433, 2433, 2497, 2497, 2497, 2498, 2498, + 2498, 2499, 2499, 2499, 2500, 2500, 2500, 2501, 2501, 2502, + + 2502, 2502, 2503, 2503, 2503, 2504, 2504, 2504, 2505, 2505, + 2505, 2506, 2506, 2506, 2508, 2508, 2508, 2509, 2509, 2509, + 2510, 2510, 2510, 2511, 2511, 2512, 2512, 2512, 2513, 2513, + 2513, 2514, 2514, 2514, 2515, 2515, 2516, 2516, 2516, 2517, + 2517, 2517, 2518, 2518, 2518, 2520, 2520, 2520, 2521, 2521, + 2521, 2522, 2522, 2522, 2523, 2523, 52, 52, 133, 52, + 52, 2012, 133, 2012, 2012, 2467, 2467, 2527, 2527, 2471, + 2471, 2528, 2528, 2529, 2529, 2474, 2474, 2530, 2530, 2531, + 2531, 2532, 2532, 2314, 2314, 2534, 2534, 2465, 2465, 2535, + 2535, 2481, 2481, 2536, 2536, 2537, 2537, 2472, 2472, 2539, + + 2539, 2540, 2540, 2541, 2541, 2542, 2542, 2543, 2543, 2545, + 2545, 2546, 2546, 2547, 2547, 2548, 2548, 2549, 2549, 2550, + 2550, 2551, 2551, 2499, 2499, 2499, 2497, 2497, 2497, 2553, + 2553, 2553, 2554, 2554, 2554, 2555, 2555, 2555, 2557, 2557, + 2557, 2558, 2558, 2558, 2559, 2559, 2559, 2560, 2560, 2560, + 2561, 2561, 2562, 2562, 2562, 2563, 2563, 2563, 2564, 2564, + 2564, 2566, 2566, 2566, 2567, 2567, 2567, 2568, 2568, 2568, + 2570, 2570, 2570, 2571, 2571, 2571, 2572, 2572, 2572, 2573, + 2573, 2574, 2574, 2574, 2575, 2575, 2575, 2576, 2576, 2576, + 52, 52, 133, 52, 52, 2119, 948, 2119, 2119, 2528, + + 2528, 2530, 2530, 2581, 2581, 2582, 2582, 2583, 2583, 2584, + 2584, 2585, 2585, 2465, 2465, 2586, 2586, 2587, 2587, 2540, + 2540, 2588, 2588, 2589, 2589, 2591, 2591, 2592, 2592, 2593, + 2593, 2594, 2594, 2595, 2595, 2596, 2596, 2598, 2598, 2599, + 2599, 2600, 2600, 2601, 2601, 2558, 2558, 2558, 2602, 2602, + 2602, 2603, 2603, 2603, 2561, 2561, 2554, 2554, 2554, 2604, + 2604, 2604, 2605, 2605, 2605, 2606, 2606, 2606, 2608, 2608, + 2608, 2609, 2609, 2609, 2610, 2610, 2610, 2611, 2611, 2612, + 2612, 2612, 2613, 2613, 2613, 2614, 2614, 2614, 2615, 2615, + 2616, 2616, 2616, 2617, 2617, 2617, 2618, 2618, 2618, 2620, + + 2620, 2620, 2621, 2621, 2621, 2622, 2622, 2622, 2623, 2623, + 52, 52, 940, 52, 52, 2121, 927, 2121, 2121, 2583, + 2583, 2581, 2581, 2627, 2627, 2628, 2628, 2629, 2629, 2528, + 2528, 2631, 2631, 2632, 2632, 2593, 2593, 2633, 2633, 2634, + 2634, 2636, 2636, 2637, 2637, 2638, 2638, 2639, 2639, 2640, + 2640, 2641, 2641, 2642, 2642, 2604, 2604, 2604, 2644, 2644, + 2644, 2608, 2608, 2608, 2645, 2645, 2645, 2646, 2646, 2646, + 2611, 2611, 2647, 2647, 2647, 2648, 2648, 2648, 2649, 2649, + 2649, 2651, 2651, 2651, 2652, 2652, 2652, 2653, 2653, 2653, + 2655, 2655, 2655, 2656, 2656, 2656, 2657, 2657, 2657, 2658, + + 2658, 2659, 2659, 2659, 2660, 2660, 2660, 2661, 2661, 2661, + 52, 52, 920, 52, 52, 2125, 132, 2125, 2125, 2636, + 2636, 2666, 2666, 2667, 2667, 2668, 2668, 2583, 2583, 2669, + 2669, 2670, 2670, 2639, 2639, 2628, 2628, 2671, 2671, 2672, + 2672, 2673, 2673, 2675, 2675, 2676, 2676, 2677, 2677, 2678, + 2678, 2645, 2645, 2645, 2647, 2647, 2647, 2679, 2679, 2679, + 2680, 2680, 2680, 2681, 2681, 2681, 2682, 2682, 2682, 2683, + 2683, 2684, 2684, 2684, 2685, 2685, 2685, 2686, 2686, 2686, + 2687, 2687, 2687, 2688, 2688, 2688, 2690, 2690, 2690, 2691, + 2691, 2691, 2692, 2692, 2692, 2693, 2693, 52, 52, 940, + + 52, 52, 2219, 934, 2219, 2219, 2697, 2697, 2698, 2698, + 2666, 2666, 2700, 2700, 2701, 2701, 2702, 2702, 2703, 2703, + 2704, 2704, 2705, 2705, 2707, 2707, 2707, 2708, 2708, 2708, + 2709, 2709, 2709, 2711, 2711, 2711, 2712, 2712, 2712, 2713, + 2713, 2713, 2714, 2714, 2714, 2715, 2715, 2716, 2716, 2716, + 2717, 2717, 2717, 2718, 2718, 2718, 2220, 920, 2220, 2220, + 2723, 2723, 2724, 2724, 2725, 2725, 2726, 2726, 2727, 2727, + 2728, 2728, 2729, 2729, 2730, 2730, 2730, 2731, 2731, 2731, + 2732, 2732, 2732, 2733, 2733, 2733, 2734, 2734, 2734, 2736, + 2736, 2736, 2737, 2737, 2737, 2738, 2738, 2738, 2739, 2739, + + 2222, 940, 2222, 2222, 2743, 2743, 2744, 2744, 2746, 2746, + 2747, 2747, 2749, 2749, 2750, 2750, 2750, 2751, 2751, 2751, + 2752, 2752, 2752, 2753, 2753, 2753, 2754, 2754, 2754, 2755, + 2755, 2755, 2313, 934, 2313, 2313, 2760, 2760, 2761, 2761, + 2764, 2764, 2765, 2765, 2765, 2766, 2766, 2766, 2767, 2767, + 2767, 2768, 2768, 2768, 2312, 920, 2312, 2312, 2772, 2772, + 2773, 2773, 2774, 2774, 2774, 2775, 2775, 2775, 2314, 823, + 2314, 2314, 2779, 2779, 2779, 2393, 132, 2393, 2393, 2398, + 934, 2398, 2398, 2394, 929, 2394, 2394, 2465, 934, 2465, + 2465, 2467, 929, 2467, 2467, 2471, 132, 2471, 2471, 2527, + + 929, 2527, 2527, 2528, 929, 2528, 2528, 2530, 927, 2530, + 2530, 2582, 920, 2582, 2582, 2581, 916, 2581, 2581, 2583, + 132, 2583, 2583, 2627, 920, 2627, 2627, 2636, 823, 2636, + 2636, 2628, 920, 2628, 2628, 2666, 823, 2666, 2666, 2671, + 823, 2671, 2671, 2675, 916, 2675, 2675, 2697, 132, 2697, + 2697, 2701, 2864, 2701, 2701, 2703, 891, 2703, 2703, 2726, + 890, 2726, 2726, 2743, 889, 2743, 2743, 2727, 888, 2727, + 2727, 2746, 887, 2746, 2746, 2761, 886, 2761, 2761, 2772, + 133, 2772, 2772, 133, 133, 133, 132, 850, 842, 831, + 850, 842, 831, 737, 132, 842, 837, 737, 842, 837, + + 132, 837, 837, 132, 132, 831, 737, 831, 737, 132, + 737, 737, 132, 2864, 2864, 2864, 2864, 2864, 800, 799, + 798, 797, 796, 795, 2864, 783, 133, 133, 764, 756, + 746, 741, 132, 756, 750, 741, 756, 750, 741, 132, + 750, 750, 132, 747, 746, 741, 132, 741, 741, 132, + 733, 2864, 2864, 2864, 2864, 2864, 2864, 708, 707, 706, + 705, 704, 703, 2864, 2864, 690, 133, 133, 133, 132, + 671, 664, 657, 671, 664, 657, 132, 664, 661, 664, + 132, 661, 132, 657, 657, 132, 647, 641, 640, 618, + 613, 612, 611, 610, 609, 608, 605, 592, 133, 133, + + 579, 572, 566, 132, 572, 568, 572, 568, 132, 568, + 566, 132, 556, 550, 549, 526, 521, 520, 519, 518, + 517, 516, 512, 499, 133, 133, 132, 484, 479, 484, + 479, 132, 479, 479, 132, 468, 461, 460, 437, 422, + 133, 397, 392, 132, 392, 392, 132, 337, 329, 322, + 133, 132, 312, 312, 132, 238, 235, 233, 232, 231, + 222, 132, 157, 143, 141, 140, 139, 136, 133, 132, + 43, 53, 51, 43, 2864, 3, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864 + } ; + +static yyconst flex_int16_t yy_chk[10845] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 5, 23, + 1361, 5, 9, 9, 9, 9, 9, 11, 594, 11, + 11, 11, 11, 11, 11, 12, 1362, 12, 12, 12, + 12, 12, 12, 14, 14, 14, 14, 14, 14, 14, + + 14, 14, 14, 14, 14, 41, 277, 17, 41, 16, + 14, 17, 50, 18, 21, 17, 24, 132, 120, 50, + 23, 18, 594, 132, 16, 14, 14, 14, 14, 14, + 14, 16, 277, 289, 289, 14, 18, 16, 52, 20, + 18, 21, 18, 30, 120, 591, 602, 24, 277, 14, + 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, + 15, 15, 19, 22, 626, 21, 120, 24, 25, 25, + 20, 26, 30, 19, 30, 88, 723, 25, 723, 22, + 19, 20, 15, 15, 15, 15, 15, 15, 19, 52, + 20, 602, 591, 598, 30, 19, 22, 19, 27, 27, + + 26, 1363, 22, 25, 19, 88, 15, 31, 25, 28, + 626, 26, 29, 27, 22, 28, 26, 29, 32, 25, + 34, 32, 26, 28, 130, 27, 88, 32, 598, 27, + 33, 130, 31, 27, 33, 34, 31, 39, 27, 29, + 62, 28, 39, 29, 33, 34, 31, 31, 28, 27, + 28, 31, 29, 67, 29, 36, 31, 29, 31, 34, + 28, 58, 36, 29, 38, 37, 37, 32, 39, 32, + 38, 62, 64, 33, 60, 36, 63, 64, 38, 36, + 37, 33, 66, 64, 134, 646, 36, 58, 39, 60, + 134, 62, 37, 55, 55, 67, 38, 44, 44, 44, + + 44, 44, 66, 38, 67, 37, 46, 46, 46, 46, + 46, 58, 219, 596, 63, 38, 37, 40, 225, 219, + 55, 40, 40, 315, 225, 60, 156, 63, 40, 315, + 40, 40, 646, 66, 1093, 47, 40, 47, 47, 47, + 47, 47, 47, 40, 55, 65, 69, 40, 40, 1364, + 156, 596, 1093, 40, 156, 40, 40, 82, 68, 48, + 40, 48, 48, 48, 48, 48, 48, 40, 53, 53, + 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, + 70, 73, 74, 77, 71, 75, 76, 69, 65, 68, + 71, 83, 79, 78, 70, 81, 65, 69, 84, 82, + + 53, 53, 53, 53, 53, 53, 80, 85, 82, 68, + 83, 75, 90, 87, 89, 90, 71, 84, 73, 86, + 601, 96, 74, 77, 92, 76, 93, 91, 601, 1365, + 75, 70, 73, 74, 77, 71, 78, 76, 79, 81, + 87, 90, 83, 79, 78, 80, 81, 91, 86, 84, + 85, 89, 86, 98, 95, 93, 94, 80, 85, 97, + 95, 102, 100, 90, 87, 89, 99, 103, 92, 104, + 86, 91, 96, 94, 101, 92, 105, 93, 91, 98, + 107, 309, 94, 106, 99, 108, 95, 111, 309, 115, + 182, 109, 1291, 104, 107, 1291, 102, 94, 98, 110, + + 112, 102, 104, 97, 94, 95, 100, 113, 99, 103, + 97, 101, 102, 100, 111, 106, 101, 99, 103, 108, + 106, 109, 105, 113, 106, 101, 106, 105, 110, 111, + 115, 107, 114, 116, 106, 117, 108, 118, 111, 112, + 115, 182, 109, 112, 117, 114, 121, 119, 389, 116, + 110, 112, 615, 617, 123, 389, 976, 125, 113, 125, + 125, 125, 125, 125, 317, 730, 1366, 730, 118, 976, + 317, 126, 121, 126, 126, 126, 126, 126, 123, 615, + 617, 151, 137, 114, 116, 123, 117, 148, 118, 119, + 127, 121, 127, 127, 127, 127, 127, 127, 119, 124, + + 137, 124, 138, 128, 124, 128, 128, 128, 128, 128, + 128, 133, 133, 133, 133, 133, 124, 142, 124, 144, + 136, 151, 150, 150, 137, 124, 138, 124, 145, 698, + 124, 148, 151, 137, 698, 138, 142, 147, 148, 152, + 124, 154, 124, 136, 153, 149, 155, 1367, 144, 124, + 135, 135, 135, 135, 135, 135, 135, 135, 135, 135, + 135, 135, 158, 157, 147, 159, 145, 154, 142, 155, + 144, 136, 149, 150, 160, 153, 161, 162, 152, 145, + 164, 165, 135, 135, 135, 135, 135, 135, 147, 167, + 152, 166, 154, 155, 169, 153, 149, 155, 157, 163, + + 163, 163, 168, 159, 171, 160, 158, 170, 172, 167, + 171, 162, 165, 158, 157, 173, 159, 174, 175, 179, + 164, 161, 168, 176, 1194, 160, 1194, 161, 162, 175, + 166, 164, 165, 180, 1368, 1370, 184, 190, 169, 177, + 167, 178, 166, 170, 187, 169, 173, 192, 176, 1373, + 1378, 172, 163, 168, 175, 171, 179, 177, 170, 172, + 181, 174, 186, 176, 180, 178, 173, 181, 174, 175, + 179, 184, 188, 185, 178, 189, 191, 190, 187, 194, + 192, 177, 193, 195, 180, 181, 186, 184, 190, 198, + 177, 181, 185, 200, 186, 187, 201, 197, 192, 196, + + 181, 193, 202, 203, 199, 205, 206, 209, 204, 188, + 195, 212, 200, 207, 208, 198, 185, 210, 207, 189, + 191, 194, 600, 188, 185, 211, 189, 191, 197, 206, + 194, 712, 201, 193, 195, 199, 196, 204, 203, 792, + 198, 210, 205, 344, 200, 208, 202, 201, 197, 213, + 196, 792, 732, 202, 203, 199, 205, 206, 209, 204, + 712, 600, 212, 214, 207, 208, 344, 211, 210, 593, + 214, 214, 732, 213, 344, 214, 211, 213, 215, 215, + 215, 215, 215, 223, 223, 223, 223, 223, 214, 224, + 224, 224, 224, 224, 214, 214, 228, 233, 229, 214, + + 593, 1382, 216, 214, 216, 216, 216, 216, 216, 216, + 217, 229, 217, 217, 217, 217, 217, 217, 227, 227, + 227, 227, 227, 227, 227, 227, 227, 227, 227, 227, + 232, 228, 230, 234, 233, 235, 229, 236, 234, 237, + 239, 240, 242, 241, 242, 243, 245, 228, 233, 229, + 227, 227, 227, 227, 227, 227, 244, 230, 247, 251, + 252, 232, 249, 253, 250, 791, 235, 1390, 1394, 791, + 230, 241, 255, 236, 237, 245, 257, 256, 258, 266, + 260, 232, 268, 240, 234, 259, 235, 243, 236, 239, + 237, 239, 240, 242, 241, 250, 243, 245, 255, 249, + + 244, 262, 252, 256, 253, 254, 260, 244, 264, 247, + 251, 252, 267, 249, 253, 250, 259, 254, 257, 263, + 258, 261, 265, 255, 254, 263, 261, 257, 256, 258, + 266, 260, 262, 268, 270, 270, 259, 603, 271, 272, + 273, 1185, 274, 264, 275, 276, 278, 267, 279, 280, + 283, 281, 262, 1185, 276, 285, 254, 1402, 282, 264, + 286, 270, 638, 267, 271, 284, 265, 279, 274, 287, + 263, 288, 261, 265, 272, 291, 294, 290, 295, 603, + 276, 283, 292, 296, 275, 270, 285, 293, 271, 297, + 272, 273, 274, 281, 638, 275, 276, 278, 282, 279, + + 280, 283, 281, 299, 287, 284, 285, 290, 286, 282, + 288, 286, 300, 292, 301, 291, 284, 294, 293, 298, + 287, 345, 288, 296, 297, 302, 291, 294, 290, 295, + 293, 320, 319, 292, 296, 303, 361, 302, 293, 476, + 297, 1408, 398, 303, 345, 298, 476, 303, 398, 323, + 400, 302, 345, 401, 299, 1410, 400, 301, 488, 401, + 361, 303, 302, 300, 488, 301, 1411, 490, 361, 303, + 298, 319, 303, 490, 304, 302, 304, 304, 304, 304, + 304, 322, 320, 319, 305, 303, 305, 305, 305, 305, + 305, 306, 323, 306, 306, 306, 306, 306, 306, 307, + + 323, 307, 307, 307, 307, 307, 307, 318, 318, 318, + 318, 318, 318, 318, 318, 318, 318, 318, 318, 324, + 325, 327, 328, 329, 325, 322, 330, 326, 331, 896, + 330, 334, 322, 333, 338, 340, 336, 341, 332, 318, + 318, 318, 318, 318, 318, 333, 325, 326, 334, 335, + 326, 339, 1195, 350, 1195, 342, 343, 348, 335, 324, + 329, 346, 340, 347, 327, 896, 328, 350, 331, 355, + 324, 325, 327, 328, 329, 332, 351, 330, 326, 331, + 336, 352, 334, 338, 333, 338, 340, 336, 341, 332, + 342, 343, 346, 339, 348, 347, 353, 357, 355, 354, + + 335, 358, 339, 359, 350, 360, 342, 343, 348, 363, + 356, 365, 346, 356, 347, 351, 352, 354, 354, 636, + 355, 367, 362, 357, 360, 373, 364, 351, 366, 368, + 369, 365, 352, 353, 374, 370, 376, 377, 375, 356, + 358, 379, 359, 382, 363, 357, 785, 353, 360, 368, + 354, 380, 358, 362, 359, 364, 360, 366, 636, 369, + 363, 356, 365, 374, 367, 370, 785, 383, 563, 378, + 373, 805, 367, 362, 379, 563, 373, 364, 405, 366, + 368, 369, 375, 378, 382, 374, 370, 376, 377, 375, + 380, 384, 379, 383, 382, 385, 385, 385, 385, 385, + + 805, 407, 380, 404, 408, 1412, 386, 384, 386, 386, + 386, 386, 386, 386, 406, 383, 411, 384, 410, 387, + 378, 387, 387, 387, 387, 387, 387, 414, 415, 405, + 1419, 384, 416, 404, 407, 412, 413, 417, 420, 384, + 403, 403, 403, 403, 403, 403, 403, 403, 403, 403, + 403, 403, 407, 410, 404, 408, 413, 406, 411, 415, + 419, 418, 423, 421, 424, 406, 425, 411, 417, 410, + 418, 414, 403, 403, 403, 403, 403, 403, 414, 415, + 412, 416, 420, 416, 426, 436, 412, 413, 417, 420, + 421, 427, 435, 438, 440, 441, 442, 444, 439, 443, + + 434, 491, 493, 425, 447, 419, 450, 491, 493, 1420, + 448, 419, 418, 423, 421, 424, 434, 425, 439, 435, + 434, 445, 426, 453, 444, 442, 441, 446, 436, 451, + 450, 440, 445, 452, 449, 426, 436, 450, 443, 455, + 447, 427, 427, 435, 438, 440, 441, 442, 444, 439, + 443, 434, 446, 448, 449, 447, 454, 445, 451, 456, + 457, 448, 458, 453, 459, 463, 459, 446, 462, 464, + 466, 464, 445, 467, 453, 455, 497, 452, 449, 469, + 451, 459, 465, 465, 452, 449, 494, 642, 695, 458, + 455, 454, 494, 456, 471, 471, 471, 471, 471, 471, + + 498, 463, 457, 467, 1425, 462, 469, 454, 580, 470, + 456, 457, 1427, 458, 580, 459, 463, 582, 470, 462, + 464, 466, 583, 582, 467, 504, 695, 497, 583, 642, + 469, 496, 500, 465, 470, 472, 472, 472, 472, 472, + 472, 473, 470, 473, 473, 473, 473, 473, 473, 470, + 474, 498, 474, 474, 474, 474, 474, 474, 495, 495, + 495, 495, 495, 495, 495, 495, 495, 495, 495, 495, + 500, 496, 501, 502, 503, 505, 504, 506, 511, 507, + 508, 509, 496, 500, 507, 510, 513, 1428, 507, 515, + 495, 495, 495, 495, 495, 495, 522, 506, 514, 508, + + 523, 527, 525, 532, 528, 524, 529, 501, 529, 503, + 533, 502, 509, 530, 531, 536, 510, 1429, 505, 539, + 515, 585, 511, 501, 502, 503, 505, 585, 506, 511, + 507, 508, 509, 514, 524, 528, 510, 513, 522, 540, + 515, 527, 523, 525, 531, 537, 532, 522, 538, 514, + 537, 523, 527, 525, 532, 528, 524, 529, 535, 530, + 535, 533, 539, 535, 530, 531, 536, 541, 542, 543, + 539, 544, 545, 535, 538, 554, 537, 546, 724, 547, + 548, 551, 552, 586, 553, 557, 587, 555, 540, 586, + 540, 544, 587, 597, 538, 554, 537, 588, 622, 545, + + 543, 676, 1421, 588, 541, 678, 542, 676, 558, 535, + 604, 678, 551, 552, 557, 1421, 724, 622, 541, 542, + 543, 546, 544, 545, 547, 548, 554, 555, 546, 553, + 547, 548, 551, 552, 558, 553, 557, 597, 555, 559, + 559, 559, 559, 559, 560, 604, 560, 560, 560, 560, + 560, 560, 599, 561, 558, 561, 561, 561, 561, 561, + 561, 590, 590, 590, 590, 590, 590, 590, 590, 590, + 590, 590, 590, 606, 614, 616, 621, 627, 624, 625, + 623, 633, 629, 634, 637, 635, 643, 628, 649, 649, + 649, 649, 649, 590, 590, 590, 590, 590, 590, 623, + + 599, 628, 639, 644, 654, 648, 616, 629, 806, 1430, + 679, 654, 633, 689, 614, 637, 679, 606, 1431, 629, + 635, 621, 624, 627, 625, 680, 628, 634, 681, 1432, + 643, 680, 689, 639, 681, 644, 648, 806, 628, 650, + 650, 650, 650, 650, 651, 691, 651, 651, 651, 651, + 651, 651, 652, 692, 652, 652, 652, 652, 652, 652, + 682, 683, 685, 686, 687, 693, 682, 683, 685, 686, + 687, 688, 688, 688, 688, 688, 688, 688, 688, 688, + 688, 688, 688, 694, 692, 691, 696, 697, 699, 700, + 709, 710, 701, 714, 713, 715, 693, 717, 720, 722, + + 725, 728, 782, 688, 688, 688, 688, 688, 688, 718, + 719, 721, 727, 731, 738, 802, 700, 786, 720, 699, + 824, 738, 765, 710, 1433, 694, 713, 824, 765, 717, + 696, 697, 701, 714, 709, 715, 784, 782, 1434, 722, + 718, 719, 721, 725, 727, 731, 728, 802, 735, 720, + 735, 735, 735, 735, 735, 735, 736, 786, 736, 736, + 736, 736, 736, 736, 767, 768, 770, 771, 772, 774, + 767, 768, 770, 771, 772, 774, 775, 776, 777, 778, + 779, 784, 775, 776, 777, 778, 779, 781, 781, 781, + 781, 781, 781, 781, 781, 781, 781, 781, 781, 787, + + 788, 789, 790, 793, 794, 801, 803, 808, 804, 807, + 809, 812, 813, 814, 815, 818, 876, 816, 875, 781, + 781, 781, 781, 781, 781, 820, 909, 817, 819, 855, + 857, 788, 789, 790, 883, 855, 857, 803, 1435, 787, + 804, 807, 1436, 794, 814, 801, 808, 793, 816, 815, + 876, 1292, 809, 909, 1292, 858, 812, 813, 817, 819, + 818, 858, 875, 1437, 1438, 883, 821, 820, 821, 821, + 821, 821, 821, 821, 822, 874, 822, 822, 822, 822, + 822, 822, 860, 861, 862, 863, 864, 865, 860, 861, + 862, 863, 864, 865, 866, 867, 869, 870, 871, 872, + + 866, 867, 869, 870, 871, 872, 873, 873, 873, 873, + 873, 873, 873, 873, 873, 873, 873, 873, 877, 878, + 879, 884, 880, 881, 892, 874, 885, 893, 895, 899, + 897, 901, 900, 904, 905, 906, 898, 902, 873, 873, + 873, 873, 873, 873, 908, 885, 907, 998, 913, 972, + 975, 949, 951, 892, 906, 913, 884, 949, 951, 895, + 879, 1439, 893, 877, 880, 881, 897, 898, 878, 902, + 1440, 1441, 1442, 899, 900, 901, 905, 904, 907, 998, + 972, 1443, 1444, 977, 1445, 910, 908, 910, 910, 910, + 910, 910, 910, 911, 975, 911, 911, 911, 911, 911, + + 911, 952, 954, 955, 956, 957, 959, 952, 954, 955, + 956, 957, 959, 960, 961, 963, 964, 965, 966, 960, + 961, 963, 964, 965, 966, 967, 968, 969, 977, 982, + 974, 967, 968, 969, 971, 971, 971, 971, 971, 971, + 971, 971, 971, 971, 971, 971, 978, 979, 980, 981, + 989, 990, 991, 992, 994, 995, 996, 993, 999, 1002, + 1000, 1076, 1001, 1003, 1074, 1097, 971, 971, 971, 971, + 971, 971, 974, 1004, 1008, 1087, 1089, 1048, 982, 1000, + 990, 1008, 1003, 1048, 992, 978, 979, 980, 993, 981, + 989, 1002, 1076, 999, 991, 1089, 994, 1001, 995, 1446, + + 1097, 996, 1004, 1005, 1074, 1005, 1005, 1005, 1005, 1005, + 1005, 1006, 1087, 1006, 1006, 1006, 1006, 1006, 1006, 1050, + 1051, 1052, 1053, 1054, 1055, 1050, 1051, 1052, 1053, 1054, + 1055, 1057, 1058, 1059, 1060, 1061, 1062, 1057, 1058, 1059, + 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1068, 1069, 1063, + 1064, 1065, 1066, 1068, 1069, 1070, 1071, 1077, 1078, 1079, + 1080, 1070, 1071, 1072, 1072, 1072, 1072, 1072, 1072, 1072, + 1072, 1072, 1072, 1072, 1072, 1081, 1082, 1088, 1090, 1091, + 1094, 1095, 1098, 1088, 1092, 1078, 1079, 1096, 1101, 1099, + 1100, 1182, 1183, 1080, 1405, 1072, 1072, 1072, 1072, 1072, + + 1072, 1077, 1102, 1092, 1102, 1102, 1102, 1102, 1102, 1102, + 1105, 1209, 1095, 1447, 1081, 1082, 1448, 1105, 1209, 1094, + 1099, 1405, 1090, 1091, 1101, 1100, 1449, 1096, 1182, 1183, + 1450, 1103, 1098, 1103, 1103, 1103, 1103, 1103, 1103, 1150, + 1152, 1153, 1155, 1156, 1157, 1150, 1152, 1153, 1155, 1156, + 1157, 1159, 1160, 1161, 1162, 1163, 1164, 1159, 1160, 1161, + 1162, 1163, 1164, 1166, 1167, 1168, 1170, 1171, 1172, 1166, + 1167, 1168, 1170, 1171, 1172, 1173, 1174, 1175, 1176, 1179, + 1180, 1173, 1174, 1175, 1176, 1178, 1178, 1178, 1178, 1178, + 1178, 1178, 1178, 1178, 1178, 1178, 1178, 1184, 1186, 1192, + + 1193, 1196, 1197, 1199, 1200, 1201, 1202, 1198, 1203, 1204, + 1258, 1205, 1298, 1290, 1409, 1293, 1258, 1178, 1178, 1178, + 1178, 1178, 1178, 1180, 1179, 1198, 1260, 1186, 1261, 1451, + 1303, 1452, 1260, 1197, 1261, 1193, 1196, 1202, 1263, 1192, + 1453, 1184, 1264, 1200, 1263, 1199, 1205, 1265, 1264, 1293, + 1203, 1266, 1409, 1265, 1298, 1201, 1290, 1266, 1206, 1204, + 1206, 1206, 1206, 1206, 1206, 1206, 1207, 1303, 1207, 1207, + 1207, 1207, 1207, 1207, 1267, 1268, 1269, 1270, 1272, 1273, + 1267, 1268, 1269, 1270, 1272, 1273, 1274, 1275, 1276, 1277, + 1278, 1279, 1274, 1275, 1276, 1277, 1278, 1279, 1280, 1281, + + 1282, 1284, 1285, 1286, 1280, 1281, 1282, 1284, 1285, 1286, + 1287, 1289, 1294, 1299, 1300, 1301, 1287, 1288, 1288, 1288, + 1288, 1288, 1288, 1288, 1288, 1288, 1288, 1288, 1288, 1302, + 1304, 1306, 1311, 1307, 1310, 1312, 1315, 1312, 1312, 1312, + 1312, 1312, 1312, 1315, 1289, 1454, 1413, 1294, 1426, 1288, + 1288, 1288, 1288, 1288, 1288, 1426, 1369, 1455, 1456, 1300, + 1301, 1304, 1369, 1299, 1307, 1310, 1371, 1372, 1457, 1374, + 1375, 1311, 1371, 1372, 1306, 1374, 1375, 1413, 1313, 1302, + 1313, 1313, 1313, 1313, 1313, 1313, 1376, 1377, 1379, 1380, + 1381, 1383, 1376, 1377, 1379, 1380, 1381, 1383, 1384, 1385, + + 1386, 1387, 1388, 1389, 1384, 1385, 1386, 1387, 1388, 1389, + 1391, 1392, 1393, 1395, 1396, 1397, 1391, 1392, 1393, 1395, + 1396, 1397, 1398, 1399, 1400, 1401, 1404, 1406, 1398, 1399, + 1400, 1401, 1403, 1403, 1403, 1403, 1403, 1403, 1403, 1403, + 1403, 1403, 1403, 1403, 1407, 1414, 1415, 1417, 1416, 1418, + 1422, 1458, 1459, 1460, 1406, 1461, 1462, 1463, 1464, 1465, + 1404, 1466, 1467, 1468, 1403, 1403, 1403, 1403, 1403, 1403, + 1469, 1407, 1470, 1471, 1472, 1473, 1474, 1414, 1415, 1416, + 1475, 1476, 1417, 1422, 1423, 1477, 1423, 1423, 1423, 1423, + 1423, 1423, 1418, 1424, 1478, 1424, 1424, 1424, 1424, 1424, + + 1424, 1479, 1480, 1481, 1482, 1483, 1484, 1485, 1486, 1487, + 1488, 1489, 1484, 1490, 1486, 1487, 1488, 1489, 1491, 1490, + 1492, 1493, 1494, 1495, 1491, 1496, 1497, 1493, 1494, 1495, + 1498, 1496, 1497, 1499, 1500, 1501, 1498, 1502, 1503, 1499, + 1500, 1501, 1504, 1502, 1505, 1506, 1507, 1508, 1504, 1509, + 1505, 1506, 1507, 1508, 1510, 1509, 1511, 1512, 1513, 1514, + 1510, 1515, 1511, 1512, 1513, 1514, 1516, 1517, 1518, 1519, + 1521, 1522, 1516, 1517, 1518, 1519, 1520, 1520, 1520, 1520, + 1520, 1520, 1520, 1520, 1520, 1520, 1520, 1520, 1523, 1524, + 1525, 1526, 1527, 1528, 1529, 1530, 1532, 1533, 1535, 1538, + + 1539, 1531, 1534, 1540, 1522, 1541, 1542, 1539, 1520, 1520, + 1520, 1520, 1520, 1520, 1531, 1543, 1544, 1523, 1524, 1545, + 1546, 1547, 1548, 1532, 1549, 1525, 1529, 1530, 1536, 1534, + 1536, 1536, 1536, 1536, 1536, 1536, 1537, 1550, 1537, 1537, + 1537, 1537, 1537, 1537, 1551, 1552, 1533, 1553, 1554, 1555, + 1556, 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, 1565, + 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, 1575, + 1576, 1577, 1578, 1579, 1580, 1581, 1582, 1583, 1584, 1585, + 1586, 1587, 1588, 1589, 1590, 1591, 1592, 1593, 1594, 1595, + 1596, 1597, 1598, 1599, 1600, 1601, 1602, 1603, 1604, 1605, + + 1600, 1606, 1602, 1603, 1607, 1605, 1608, 1606, 1609, 1610, + 1607, 1611, 1612, 1613, 1609, 1610, 1614, 1611, 1612, 1613, + 1615, 1616, 1614, 1617, 1618, 1619, 1620, 1616, 1621, 1617, + 1618, 1622, 1620, 1623, 1621, 1624, 1625, 1622, 1626, 1623, + 1627, 1624, 1625, 1628, 1626, 1629, 1630, 1631, 1632, 1628, + 1633, 1629, 1630, 1634, 1632, 1635, 1633, 1636, 1637, 1634, + 1638, 1635, 1639, 1636, 1637, 1641, 1638, 1640, 1640, 1640, + 1640, 1640, 1640, 1640, 1640, 1640, 1640, 1640, 1640, 1642, + 1643, 1644, 1645, 1646, 1647, 1648, 1652, 1651, 1655, 1657, + 1649, 1650, 1658, 1659, 1660, 1655, 1641, 1661, 1662, 1640, + + 1640, 1640, 1640, 1640, 1640, 1653, 1664, 1653, 1653, 1653, + 1653, 1653, 1653, 1642, 1643, 1647, 1648, 1649, 1665, 1650, + 1656, 1663, 1666, 1667, 1668, 1644, 1651, 1656, 1663, 1669, + 1670, 1671, 1672, 1654, 1652, 1654, 1654, 1654, 1654, 1654, + 1654, 1673, 1674, 1675, 1676, 1677, 1678, 1679, 1680, 1681, + 1682, 1683, 1684, 1685, 1686, 1687, 1688, 1689, 1690, 1691, + 1692, 1693, 1694, 1695, 1696, 1697, 1698, 1699, 1700, 1701, + 1702, 1703, 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, + 1712, 1713, 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, + 1722, 1723, 1724, 1719, 1725, 1721, 1722, 1726, 1724, 1727, + + 1725, 1728, 1729, 1726, 1730, 1727, 1731, 1728, 1729, 1732, + 1730, 1733, 1731, 1734, 1735, 1736, 1737, 1733, 1738, 1734, + 1735, 1736, 1737, 1739, 1738, 1740, 1741, 1742, 1743, 1739, + 1744, 1740, 1741, 1742, 1743, 1745, 1746, 1747, 1748, 1749, + 1750, 1745, 1746, 1747, 1748, 1749, 1750, 1751, 1752, 1753, + 1754, 1755, 1756, 1751, 1752, 1753, 1754, 1755, 1757, 1758, + 1759, 1760, 1763, 1762, 1757, 1758, 1759, 1760, 1761, 1761, + 1761, 1761, 1761, 1761, 1761, 1761, 1761, 1761, 1761, 1761, + 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, 1772, 1773, + 1776, 1777, 1778, 1763, 1779, 1780, 1773, 1776, 1781, 1782, + + 1761, 1761, 1761, 1761, 1761, 1761, 1762, 1783, 1784, 1785, + 1786, 1764, 1787, 1788, 1789, 1790, 1774, 1772, 1774, 1774, + 1774, 1774, 1774, 1774, 1771, 1791, 1768, 1769, 1792, 1793, + 1794, 1795, 1796, 1775, 1770, 1775, 1775, 1775, 1775, 1775, + 1775, 1797, 1798, 1799, 1800, 1801, 1802, 1803, 1804, 1805, + 1806, 1807, 1808, 1809, 1810, 1811, 1812, 1813, 1814, 1815, + 1816, 1817, 1818, 1819, 1820, 1821, 1822, 1823, 1824, 1825, + 1826, 1827, 1828, 1829, 1830, 1831, 1832, 1833, 1834, 1835, + 1836, 1837, 1838, 1839, 1840, 1841, 1842, 1843, 1844, 1845, + 1840, 1846, 1842, 1843, 1844, 1845, 1847, 1846, 1848, 1849, + + 1850, 1851, 1852, 1853, 1848, 1849, 1850, 1854, 1852, 1853, + 1855, 1856, 1857, 1854, 1858, 1859, 1855, 1856, 1857, 1860, + 1858, 1861, 1862, 1863, 1864, 1860, 1865, 1861, 1862, 1866, + 1864, 1867, 1865, 1868, 1869, 1866, 1870, 1867, 1871, 1868, + 1869, 1872, 1870, 1873, 1874, 1875, 1876, 1872, 1877, 1873, + 1874, 1878, 1876, 1879, 1877, 1880, 1881, 1878, 1882, 1879, + 1883, 1880, 1881, 1885, 1882, 1884, 1884, 1884, 1884, 1884, + 1884, 1884, 1884, 1884, 1884, 1884, 1884, 1886, 1887, 1888, + 1889, 1890, 1891, 1892, 1893, 1894, 1895, 1898, 1899, 1896, + 1892, 1896, 1896, 1896, 1896, 1896, 1896, 1884, 1884, 1884, + + 1884, 1884, 1884, 1897, 1900, 1897, 1897, 1897, 1897, 1897, + 1897, 1901, 1902, 1903, 1904, 1893, 1905, 1906, 1907, 1908, + 1909, 1910, 1911, 1912, 1913, 1914, 1915, 1916, 1895, 1917, + 1918, 1919, 1920, 1921, 1922, 1923, 1924, 1925, 1926, 1927, + 1928, 1929, 1930, 1931, 1932, 1933, 1934, 1935, 1936, 1937, + 1938, 1939, 1940, 1941, 1942, 1943, 1944, 1945, 1946, 1947, + 1948, 1949, 1950, 1951, 1952, 1953, 1954, 1955, 1956, 1957, + 1958, 1959, 1960, 1961, 1962, 1963, 1964, 1959, 1960, 1961, + 1962, 1965, 1964, 1966, 1967, 1968, 1969, 1965, 1970, 1966, + 1967, 1968, 1969, 1971, 1970, 1972, 1973, 1974, 1975, 1971, + + 1976, 1972, 1973, 1977, 1975, 1978, 1976, 1979, 1980, 1977, + 1981, 1978, 1982, 1979, 1980, 1983, 1981, 1984, 1982, 1985, + 1986, 1983, 1987, 1984, 1988, 1985, 1989, 1990, 1987, 1991, + 1988, 1992, 1989, 1990, 1993, 1991, 1994, 1992, 1995, 1996, + 1993, 1997, 1994, 1998, 1995, 1996, 1999, 1997, 2000, 2001, + 2002, 2004, 1999, 2005, 2000, 2001, 2002, 2003, 2003, 2003, + 2003, 2003, 2003, 2003, 2003, 2003, 2003, 2003, 2003, 2006, + 2007, 2009, 2008, 2009, 2009, 2009, 2009, 2009, 2009, 2010, + 2011, 2010, 2010, 2010, 2010, 2010, 2010, 2012, 2013, 2003, + 2003, 2003, 2003, 2003, 2003, 2014, 2015, 2016, 2017, 2018, + + 2019, 2020, 2021, 2022, 2023, 2024, 2025, 2026, 2027, 2028, + 2029, 2006, 2008, 2030, 2031, 2032, 2033, 2034, 2035, 2036, + 2037, 2038, 2039, 2040, 2041, 2042, 2043, 2044, 2045, 2046, + 2047, 2048, 2049, 2050, 2051, 2052, 2053, 2054, 2055, 2056, + 2057, 2058, 2059, 2060, 2061, 2062, 2063, 2064, 2065, 2066, + 2067, 2068, 2069, 2070, 2071, 2072, 2073, 2074, 2069, 2070, + 2071, 2072, 2073, 2074, 2075, 2076, 2077, 2078, 2079, 2080, + 2081, 2076, 2077, 2078, 2082, 2080, 2081, 2083, 2084, 2085, + 2082, 2086, 2087, 2083, 2084, 2085, 2088, 2086, 2089, 2090, + 2091, 2092, 2088, 2093, 2089, 2090, 2094, 2092, 2095, 2093, + + 2096, 2097, 2094, 2098, 2095, 2099, 2096, 2097, 2100, 2098, + 2101, 2102, 2103, 2104, 2100, 2105, 2101, 2102, 2106, 2104, + 2107, 2105, 2108, 2109, 2106, 2110, 2107, 2111, 2108, 2109, + 2113, 2110, 2112, 2112, 2112, 2112, 2112, 2112, 2112, 2112, + 2112, 2112, 2112, 2112, 2114, 2115, 2116, 2117, 2119, 2117, + 2117, 2117, 2117, 2117, 2117, 2118, 2120, 2118, 2118, 2118, + 2118, 2118, 2118, 2121, 2112, 2112, 2112, 2112, 2112, 2112, + 2122, 2123, 2124, 2125, 2126, 2127, 2128, 2129, 2130, 2131, + 2132, 2133, 2134, 2135, 2136, 2115, 2137, 2138, 2139, 2140, + 2141, 2142, 2143, 2116, 2144, 2145, 2146, 2147, 2148, 2149, + + 2150, 2151, 2152, 2153, 2154, 2155, 2156, 2157, 2158, 2159, + 2160, 2161, 2162, 2163, 2164, 2165, 2166, 2167, 2168, 2169, + 2170, 2171, 2172, 2173, 2174, 2175, 2176, 2177, 2178, 2173, + 2174, 2175, 2176, 2177, 2178, 2179, 2180, 2181, 2182, 2183, + 2184, 2179, 2180, 2181, 2182, 2185, 2184, 2186, 2187, 2188, + 2189, 2185, 2190, 2186, 2187, 2188, 2189, 2191, 2190, 2192, + 2193, 2194, 2195, 2191, 2196, 2192, 2193, 2194, 2197, 2198, + 2196, 2199, 2200, 2201, 2197, 2198, 2202, 2199, 2200, 2201, + 2203, 2204, 2202, 2205, 2206, 2207, 2203, 2204, 2208, 2205, + 2206, 2209, 2210, 2211, 2208, 2213, 2214, 2209, 2210, 2211, + + 2212, 2212, 2212, 2212, 2212, 2212, 2212, 2212, 2212, 2212, + 2212, 2212, 2215, 2216, 2217, 2219, 2217, 2217, 2217, 2217, + 2217, 2217, 2218, 2220, 2218, 2218, 2218, 2218, 2218, 2218, + 2221, 2222, 2212, 2212, 2212, 2212, 2212, 2212, 2223, 2224, + 2225, 2226, 2227, 2228, 2229, 2230, 2231, 2232, 2233, 2234, + 2235, 2236, 2216, 2237, 2238, 2239, 2240, 2216, 2241, 2215, + 2242, 2238, 2243, 2244, 2245, 2246, 2247, 2248, 2249, 2250, + 2251, 2252, 2253, 2254, 2255, 2256, 2257, 2258, 2259, 2260, + 2261, 2262, 2263, 2264, 2265, 2266, 2267, 2268, 2269, 2270, + 2271, 2272, 2267, 2268, 2269, 2273, 2271, 2272, 2274, 2275, + + 2276, 2273, 2277, 2278, 2274, 2275, 2276, 2279, 2277, 2278, + 2280, 2281, 2282, 2283, 2284, 2285, 2280, 2281, 2282, 2286, + 2284, 2285, 2287, 2288, 2289, 2286, 2290, 2291, 2287, 2288, + 2289, 2292, 2290, 2293, 2294, 2295, 2296, 2292, 2297, 2293, + 2294, 2298, 2296, 2299, 2297, 2300, 2301, 2298, 2302, 2299, + 2303, 2300, 2301, 2307, 2302, 2304, 2304, 2304, 2304, 2304, + 2304, 2304, 2304, 2304, 2304, 2304, 2304, 2308, 2309, 2310, + 2312, 2310, 2310, 2310, 2310, 2310, 2310, 2311, 2313, 2311, + 2311, 2311, 2311, 2311, 2311, 2314, 2315, 2304, 2304, 2304, + 2304, 2304, 2304, 2316, 2317, 2318, 2319, 2307, 2320, 2321, + + 2322, 2323, 2309, 2324, 2325, 2326, 2327, 2328, 2329, 2330, + 2331, 2332, 2333, 2334, 2335, 2336, 2337, 2338, 2339, 2340, + 2341, 2342, 2343, 2344, 2345, 2346, 2347, 2348, 2349, 2350, + 2351, 2352, 2353, 2354, 2355, 2356, 2357, 2358, 2359, 2354, + 2355, 2356, 2357, 2358, 2360, 2361, 2362, 2363, 2364, 2365, + 2360, 2361, 2362, 2363, 2364, 2365, 2366, 2367, 2368, 2369, + 2370, 2371, 2366, 2367, 2368, 2369, 2370, 2372, 2373, 2374, + 2375, 2376, 2377, 2372, 2373, 2374, 2375, 2376, 2377, 2378, + 2379, 2380, 2381, 2382, 2383, 2378, 2379, 2380, 2381, 2382, + 2384, 2385, 2386, 2387, 2389, 2390, 2384, 2385, 2386, 2387, + + 2388, 2388, 2388, 2388, 2388, 2388, 2388, 2388, 2388, 2388, + 2388, 2388, 2391, 2393, 2391, 2391, 2391, 2391, 2391, 2391, + 2392, 2394, 2392, 2392, 2392, 2392, 2392, 2392, 2389, 2395, + 2396, 2397, 2388, 2388, 2388, 2388, 2388, 2388, 2398, 2399, + 2400, 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2408, 2409, + 2410, 2411, 2412, 2413, 2414, 2415, 2416, 2417, 2418, 2419, + 2420, 2421, 2422, 2423, 2424, 2425, 2426, 2427, 2428, 2429, + 2430, 2431, 2432, 2433, 2434, 2435, 2430, 2431, 2432, 2433, + 2434, 2435, 2436, 2437, 2438, 2439, 2440, 2441, 2442, 2437, + 2438, 2439, 2443, 2441, 2442, 2444, 2445, 2446, 2443, 2447, + + 2448, 2444, 2445, 2446, 2449, 2447, 2450, 2451, 2452, 2453, + 2449, 2454, 2450, 2451, 2455, 2453, 2456, 2454, 2457, 2458, + 2455, 2459, 2456, 2460, 2457, 2458, 2462, 2459, 2461, 2461, + 2461, 2461, 2461, 2461, 2461, 2461, 2461, 2461, 2461, 2461, + 2463, 2465, 2463, 2463, 2463, 2463, 2463, 2463, 2464, 2466, + 2464, 2464, 2464, 2464, 2464, 2464, 2467, 2468, 2469, 2470, + 2461, 2461, 2461, 2461, 2461, 2461, 2471, 2472, 2473, 2474, + 2475, 2476, 2477, 2478, 2479, 2480, 2481, 2482, 2483, 2484, + 2485, 2486, 2487, 2488, 2489, 2490, 2491, 2492, 2493, 2494, + 2495, 2496, 2497, 2498, 2499, 2500, 2501, 2502, 2497, 2498, + + 2499, 2500, 2501, 2502, 2503, 2504, 2505, 2506, 2507, 2508, + 2503, 2504, 2505, 2506, 2509, 2508, 2510, 2511, 2512, 2513, + 2509, 2514, 2510, 2511, 2512, 2513, 2515, 2514, 2516, 2517, + 2518, 2519, 2515, 2520, 2516, 2517, 2518, 2521, 2522, 2520, + 2523, 2527, 2528, 2521, 2522, 2529, 2523, 2524, 2524, 2524, + 2524, 2524, 2524, 2524, 2524, 2524, 2524, 2524, 2524, 2525, + 2530, 2525, 2525, 2525, 2525, 2525, 2525, 2526, 2531, 2526, + 2526, 2526, 2526, 2526, 2526, 2532, 2533, 2534, 2535, 2524, + 2524, 2524, 2524, 2524, 2524, 2536, 2537, 2538, 2539, 2540, + 2541, 2542, 2543, 2544, 2545, 2546, 2547, 2548, 2549, 2550, + + 2551, 2552, 2553, 2554, 2555, 2556, 2557, 2558, 2553, 2554, + 2555, 2559, 2557, 2558, 2560, 2561, 2562, 2559, 2563, 2564, + 2560, 2561, 2562, 2565, 2563, 2564, 2566, 2567, 2568, 2569, + 2570, 2571, 2566, 2567, 2568, 2572, 2570, 2571, 2573, 2574, + 2575, 2572, 2576, 2577, 2573, 2574, 2575, 2581, 2576, 2578, + 2578, 2578, 2578, 2578, 2578, 2578, 2578, 2578, 2578, 2578, + 2578, 2579, 2582, 2579, 2579, 2579, 2579, 2579, 2579, 2580, + 2583, 2580, 2580, 2580, 2580, 2580, 2580, 2584, 2585, 2586, + 2587, 2578, 2578, 2578, 2578, 2578, 2578, 2588, 2589, 2590, + 2591, 2592, 2593, 2594, 2595, 2596, 2597, 2598, 2599, 2600, + + 2601, 2602, 2603, 2604, 2605, 2606, 2607, 2602, 2603, 2604, + 2605, 2606, 2608, 2609, 2610, 2611, 2612, 2613, 2608, 2609, + 2610, 2611, 2612, 2613, 2614, 2615, 2616, 2617, 2618, 2619, + 2614, 2615, 2616, 2617, 2618, 2620, 2621, 2622, 2623, 2627, + 2628, 2620, 2621, 2622, 2623, 2624, 2624, 2624, 2624, 2624, + 2624, 2624, 2624, 2624, 2624, 2624, 2624, 2625, 2629, 2625, + 2625, 2625, 2625, 2625, 2625, 2626, 2630, 2626, 2626, 2626, + 2626, 2626, 2626, 2631, 2632, 2633, 2634, 2624, 2624, 2624, + 2624, 2624, 2624, 2635, 2636, 2637, 2638, 2639, 2640, 2641, + 2642, 2643, 2644, 2645, 2646, 2647, 2648, 2649, 2644, 2645, + + 2646, 2647, 2648, 2649, 2650, 2651, 2652, 2653, 2654, 2655, + 2656, 2651, 2652, 2653, 2657, 2655, 2656, 2658, 2659, 2660, + 2657, 2661, 2662, 2658, 2659, 2660, 2666, 2661, 2663, 2663, + 2663, 2663, 2663, 2663, 2663, 2663, 2663, 2663, 2663, 2663, + 2664, 2667, 2664, 2664, 2664, 2664, 2664, 2664, 2665, 2668, + 2665, 2665, 2665, 2665, 2665, 2665, 2669, 2670, 2671, 2672, + 2663, 2663, 2663, 2663, 2663, 2663, 2673, 2674, 2675, 2676, + 2677, 2678, 2679, 2680, 2681, 2682, 2683, 2684, 2679, 2680, + 2681, 2682, 2683, 2684, 2685, 2686, 2687, 2688, 2689, 2690, + 2685, 2686, 2687, 2688, 2691, 2690, 2692, 2693, 2697, 2698, + + 2691, 2699, 2692, 2693, 2694, 2694, 2694, 2694, 2694, 2694, + 2694, 2694, 2694, 2694, 2694, 2694, 2695, 2700, 2695, 2695, + 2695, 2695, 2695, 2695, 2696, 2701, 2696, 2696, 2696, 2696, + 2696, 2696, 2702, 2703, 2704, 2705, 2694, 2694, 2694, 2694, + 2694, 2694, 2706, 2707, 2708, 2709, 2710, 2711, 2712, 2707, + 2708, 2709, 2713, 2711, 2712, 2714, 2715, 2716, 2713, 2717, + 2718, 2714, 2715, 2716, 2719, 2717, 2718, 2720, 2720, 2720, + 2720, 2720, 2723, 2720, 2720, 2720, 2720, 2720, 2720, 2721, + 2724, 2721, 2721, 2721, 2721, 2721, 2721, 2722, 2725, 2722, + 2722, 2722, 2722, 2722, 2722, 2726, 2727, 2728, 2729, 2720, + + 2720, 2720, 2720, 2720, 2720, 2730, 2731, 2732, 2733, 2734, + 2735, 2730, 2731, 2732, 2733, 2734, 2736, 2737, 2738, 2739, + 2743, 2744, 2736, 2737, 2738, 2739, 2740, 2740, 2740, 2740, + 2740, 2740, 2740, 2740, 2740, 2740, 2740, 2740, 2741, 2745, + 2741, 2741, 2741, 2741, 2741, 2741, 2742, 2746, 2742, 2742, + 2742, 2742, 2742, 2742, 2747, 2749, 2756, 2760, 2740, 2740, + 2740, 2740, 2740, 2740, 2748, 2748, 2748, 2748, 2748, 2750, + 2751, 2752, 2753, 2754, 2755, 2750, 2751, 2752, 2753, 2754, + 2755, 2757, 2757, 2757, 2757, 2757, 2761, 2757, 2757, 2757, + 2757, 2757, 2757, 2758, 2764, 2758, 2758, 2758, 2758, 2758, + + 2758, 2759, 2772, 2759, 2759, 2759, 2759, 2759, 2759, 2773, + 1360, 1359, 1358, 2757, 2757, 2757, 2757, 2757, 2757, 2762, + 2762, 2762, 2762, 2762, 2763, 2763, 2763, 2763, 2763, 2765, + 2766, 2767, 2768, 1357, 1356, 2765, 2766, 2767, 2768, 2769, + 2769, 2769, 2769, 2769, 1355, 2769, 2769, 2769, 2769, 2769, + 2769, 2770, 1354, 2770, 2770, 2770, 2770, 2770, 2770, 2771, + 1353, 2771, 2771, 2771, 2771, 2771, 2771, 1352, 1351, 1350, + 1349, 2769, 2769, 2769, 2769, 2769, 2769, 2774, 2775, 1348, + 1347, 1346, 1345, 2774, 2775, 2776, 2776, 2776, 2776, 2776, + 1344, 2776, 2776, 2776, 2776, 2776, 2776, 2777, 1343, 2777, + + 2777, 2777, 2777, 2777, 2777, 2778, 1342, 2778, 2778, 2778, + 2778, 2778, 2778, 1341, 1340, 1339, 1338, 2776, 2776, 2776, + 2776, 2776, 2776, 2779, 1337, 1336, 1335, 1334, 1333, 2779, + 2780, 2780, 2780, 2780, 2780, 2780, 2780, 2780, 2780, 2780, + 2780, 2780, 2781, 1332, 2781, 2781, 2781, 2781, 2781, 2781, + 2782, 1331, 2782, 2782, 2782, 2782, 2782, 2782, 1330, 1329, + 1328, 1327, 2780, 2780, 2780, 2780, 2780, 2780, 2783, 2783, + 2783, 2783, 2783, 1326, 2783, 2783, 2783, 2783, 2783, 2783, + 2784, 1325, 2784, 2784, 2784, 2784, 2784, 2784, 2785, 1324, + 2785, 2785, 2785, 2785, 2785, 2785, 1323, 1322, 1321, 1320, + + 2783, 2783, 2783, 2783, 2783, 2783, 2786, 2786, 2786, 2786, + 2786, 1319, 2786, 2786, 2786, 2786, 2786, 2786, 2787, 1318, + 2787, 2787, 2787, 2787, 2787, 2787, 2788, 1317, 2788, 2788, + 2788, 2788, 2788, 2788, 1316, 1314, 1309, 1308, 2786, 2786, + 2786, 2786, 2786, 2786, 2789, 2789, 2789, 2789, 2789, 1305, + 2789, 2789, 2789, 2789, 2789, 2789, 2790, 1297, 2790, 2790, + 2790, 2790, 2790, 2790, 2791, 1296, 2791, 2791, 2791, 2791, + 2791, 2791, 1295, 1283, 1271, 1262, 2789, 2789, 2789, 2789, + 2789, 2789, 2792, 2792, 2792, 2792, 2792, 2792, 2792, 2792, + 2792, 2792, 2792, 2792, 2793, 1259, 2793, 2793, 2793, 2793, + + 2793, 2793, 2794, 1257, 2794, 2794, 2794, 2794, 2794, 2794, + 1256, 1255, 1254, 1253, 2792, 2792, 2792, 2792, 2792, 2792, + 2795, 2795, 2795, 2795, 2795, 1252, 2795, 2795, 2795, 2795, + 2795, 2795, 2796, 1251, 2796, 2796, 2796, 2796, 2796, 2796, + 2797, 1250, 2797, 2797, 2797, 2797, 2797, 2797, 1249, 1248, + 1247, 1246, 2795, 2795, 2795, 2795, 2795, 2795, 2798, 2798, + 2798, 2798, 2798, 1245, 2798, 2798, 2798, 2798, 2798, 2798, + 2799, 1244, 2799, 2799, 2799, 2799, 2799, 2799, 2800, 1243, + 2800, 2800, 2800, 2800, 2800, 2800, 1242, 1241, 1240, 1239, + 2798, 2798, 2798, 2798, 2798, 2798, 2801, 2801, 2801, 2801, + + 2801, 1238, 2801, 2801, 2801, 2801, 2801, 2801, 2802, 1237, + 2802, 2802, 2802, 2802, 2802, 2802, 2803, 1236, 2803, 2803, + 2803, 2803, 2803, 2803, 1235, 1234, 1233, 1232, 2801, 2801, + 2801, 2801, 2801, 2801, 2804, 2804, 2804, 2804, 2804, 2804, + 2804, 2804, 2804, 2804, 2804, 2804, 2805, 1231, 2805, 2805, + 2805, 2805, 2805, 2805, 2806, 1230, 2806, 2806, 2806, 2806, + 2806, 2806, 1229, 1228, 1227, 1226, 2804, 2804, 2804, 2804, + 2804, 2804, 2807, 2807, 2807, 2807, 2807, 1225, 2807, 2807, + 2807, 2807, 2807, 2807, 2808, 1224, 2808, 2808, 2808, 2808, + 2808, 2808, 2809, 1223, 2809, 2809, 2809, 2809, 2809, 2809, + + 1222, 1221, 1220, 1219, 2807, 2807, 2807, 2807, 2807, 2807, + 2810, 2810, 2810, 2810, 2810, 1218, 2810, 2810, 2810, 2810, + 2810, 2810, 2811, 1217, 2811, 2811, 2811, 2811, 2811, 2811, + 2812, 1216, 2812, 2812, 2812, 2812, 2812, 2812, 1215, 1214, + 1213, 1212, 2810, 2810, 2810, 2810, 2810, 2810, 2813, 2813, + 2813, 2813, 2813, 1211, 2813, 2813, 2813, 2813, 2813, 2813, + 2814, 1210, 2814, 2814, 2814, 2814, 2814, 2814, 2815, 1208, + 2815, 2815, 2815, 2815, 2815, 2815, 1191, 1189, 1187, 1181, + 2813, 2813, 2813, 2813, 2813, 2813, 2816, 2816, 2816, 2816, + 2816, 2816, 2816, 2816, 2816, 2816, 2816, 2816, 2817, 1177, + + 2817, 2817, 2817, 2817, 2817, 2817, 2818, 1169, 2818, 2818, + 2818, 2818, 2818, 2818, 1165, 1158, 1154, 1151, 2816, 2816, + 2816, 2816, 2816, 2816, 2819, 2819, 2819, 2819, 2819, 1149, + 2819, 2819, 2819, 2819, 2819, 2819, 2820, 1148, 2820, 2820, + 2820, 2820, 2820, 2820, 2821, 1147, 2821, 2821, 2821, 2821, + 2821, 2821, 1146, 1145, 1144, 1143, 2819, 2819, 2819, 2819, + 2819, 2819, 2822, 2822, 2822, 2822, 2822, 1142, 2822, 2822, + 2822, 2822, 2822, 2822, 2823, 1141, 2823, 2823, 2823, 2823, + 2823, 2823, 2824, 1140, 2824, 2824, 2824, 2824, 2824, 2824, + 1139, 1138, 1137, 1136, 2822, 2822, 2822, 2822, 2822, 2822, + + 2825, 2825, 2825, 2825, 2825, 1135, 2825, 2825, 2825, 2825, + 2825, 2825, 2826, 1134, 2826, 2826, 2826, 2826, 2826, 2826, + 2827, 1133, 2827, 2827, 2827, 2827, 2827, 2827, 1132, 1131, + 1130, 1129, 2825, 2825, 2825, 2825, 2825, 2825, 2828, 2828, + 2828, 2828, 2828, 2828, 2828, 2828, 2828, 2828, 2828, 2828, + 2829, 1128, 2829, 2829, 2829, 2829, 2829, 2829, 2830, 1127, + 2830, 2830, 2830, 2830, 2830, 2830, 1126, 1125, 1124, 1123, + 2828, 2828, 2828, 2828, 2828, 2828, 2831, 2831, 2831, 2831, + 2831, 1122, 2831, 2831, 2831, 2831, 2831, 2831, 2832, 1121, + 2832, 2832, 2832, 2832, 2832, 2832, 2833, 1120, 2833, 2833, + + 2833, 2833, 2833, 2833, 1119, 1118, 1117, 1116, 2831, 2831, + 2831, 2831, 2831, 2831, 2834, 2834, 2834, 2834, 2834, 1115, + 2834, 2834, 2834, 2834, 2834, 2834, 2835, 1114, 2835, 2835, + 2835, 2835, 2835, 2835, 2836, 1113, 2836, 2836, 2836, 2836, + 2836, 2836, 1112, 1111, 1110, 1109, 2834, 2834, 2834, 2834, + 2834, 2834, 2837, 2837, 2837, 2837, 2837, 1108, 2837, 2837, + 2837, 2837, 2837, 2837, 2838, 1107, 2838, 2838, 2838, 2838, + 2838, 2838, 2839, 1106, 2839, 2839, 2839, 2839, 2839, 2839, + 1104, 1086, 1085, 1084, 2837, 2837, 2837, 2837, 2837, 2837, + 2840, 2840, 2840, 2840, 2840, 2840, 2840, 2840, 2840, 2840, + + 2840, 2840, 2841, 1083, 2841, 2841, 2841, 2841, 2841, 2841, + 2842, 1075, 2842, 2842, 2842, 2842, 2842, 2842, 1073, 1067, + 1056, 1049, 2840, 2840, 2840, 2840, 2840, 2840, 2843, 2843, + 2843, 2843, 2843, 1047, 2843, 2843, 2843, 2843, 2843, 2843, + 2844, 1046, 2844, 2844, 2844, 2844, 2844, 2844, 2845, 1045, + 2845, 2845, 2845, 2845, 2845, 2845, 1044, 1043, 1042, 1041, + 2843, 2843, 2843, 2843, 2843, 2843, 2846, 2846, 2846, 2846, + 2846, 1040, 2846, 2846, 2846, 2846, 2846, 2846, 2847, 1039, + 2847, 2847, 2847, 2847, 2847, 2847, 2848, 1038, 2848, 2848, + 2848, 2848, 2848, 2848, 1037, 1036, 1035, 1034, 2846, 2846, + + 2846, 2846, 2846, 2846, 2849, 2849, 2849, 2849, 2849, 1033, + 2849, 2849, 2849, 2849, 2849, 2849, 2850, 1032, 2850, 2850, + 2850, 2850, 2850, 2850, 2851, 1031, 2851, 2851, 2851, 2851, + 2851, 2851, 1030, 1029, 1028, 1027, 2849, 2849, 2849, 2849, + 2849, 2849, 2852, 2852, 2852, 2852, 2852, 2852, 2852, 2852, + 2852, 2852, 2852, 2852, 2853, 1026, 2853, 2853, 2853, 2853, + 2853, 2853, 2854, 1025, 2854, 2854, 2854, 2854, 2854, 2854, + 1024, 1023, 1022, 1021, 2852, 2852, 2852, 2852, 2852, 2852, + 2855, 2855, 2855, 2855, 2855, 1020, 2855, 2855, 2855, 2855, + 2855, 2855, 2856, 1019, 2856, 2856, 2856, 2856, 2856, 2856, + + 2857, 1018, 2857, 2857, 2857, 2857, 2857, 2857, 1017, 1016, + 1015, 1014, 2855, 2855, 2855, 2855, 2855, 2855, 2858, 2858, + 2858, 2858, 2858, 1013, 2858, 2858, 2858, 2858, 2858, 2858, + 2859, 1012, 2859, 2859, 2859, 2859, 2859, 2859, 2860, 1011, + 2860, 2860, 2860, 2860, 2860, 2860, 1010, 1009, 1007, 997, + 2858, 2858, 2858, 2858, 2858, 2858, 2861, 2861, 2861, 2861, + 2861, 988, 2861, 2861, 2861, 2861, 2861, 2861, 2862, 986, + 2862, 2862, 2862, 2862, 2862, 2863, 985, 2863, 2863, 2863, + 2863, 2863, 983, 973, 970, 962, 958, 953, 2861, 2861, + 2861, 2861, 2861, 2861, 2865, 2865, 2865, 2865, 2865, 2865, + + 2865, 2865, 2866, 950, 2866, 2866, 2866, 2866, 2866, 2866, + 2867, 948, 2867, 2867, 2868, 2868, 947, 2868, 2868, 2868, + 2869, 946, 2869, 2869, 2870, 2870, 2871, 2871, 2872, 945, + 2872, 2872, 2873, 2873, 2874, 2874, 2875, 2875, 2875, 2876, + 944, 2876, 2876, 2877, 2877, 2878, 2878, 2879, 2879, 2880, + 2880, 2881, 2881, 2881, 2882, 2882, 2883, 943, 2883, 2883, + 2884, 2884, 2885, 2885, 2886, 2886, 2887, 2887, 2888, 2888, + 2889, 2889, 2890, 2890, 2890, 2891, 2891, 2892, 2892, 2892, + 2893, 942, 2893, 2893, 2894, 2894, 2895, 2895, 2896, 2896, + 2897, 2897, 2898, 2898, 2899, 2899, 2900, 2900, 2901, 2901, + + 2902, 2902, 2903, 2903, 2903, 2904, 2904, 2905, 2905, 2905, + 2906, 2906, 2906, 2907, 2907, 2908, 941, 2908, 2908, 2909, + 2909, 2910, 2910, 2911, 2911, 2912, 2912, 2913, 2913, 2914, + 2914, 2915, 2915, 2916, 2916, 2917, 2917, 2918, 2918, 2919, + 2919, 2920, 2920, 2921, 2921, 2921, 2922, 2922, 2923, 2923, + 2923, 2924, 2924, 2924, 2925, 2925, 2926, 2926, 2926, 2927, + 2927, 2927, 2928, 940, 2928, 2928, 2929, 2929, 2930, 2930, + 2931, 2931, 2932, 2932, 2933, 2933, 2934, 2934, 2935, 2935, + 2936, 2936, 2937, 2937, 2938, 2938, 2939, 2939, 2940, 2940, + 2941, 2941, 2942, 2942, 2943, 2943, 2944, 2944, 2945, 2945, + + 2946, 2946, 2946, 2947, 2947, 2948, 2948, 2948, 2949, 2949, + 2949, 2950, 2950, 2951, 2951, 2951, 2952, 2952, 2952, 2953, + 2953, 2953, 2954, 2954, 2954, 2955, 2955, 2956, 2956, 939, + 2956, 2956, 2957, 938, 2957, 2957, 2958, 2958, 2959, 2959, + 2960, 2960, 2961, 2961, 2962, 2962, 2963, 2963, 2964, 2964, + 2965, 2965, 2966, 2966, 2967, 2967, 2968, 2968, 2969, 2969, + 2970, 2970, 2971, 2971, 2972, 2972, 2973, 2973, 2974, 2974, + 2975, 2975, 2976, 2976, 2977, 2977, 2978, 2978, 2979, 2979, + 2979, 2980, 2980, 2981, 2981, 2981, 2982, 2982, 2982, 2983, + 2983, 2983, 2984, 2984, 2984, 2985, 2985, 2985, 2986, 2986, + + 2986, 2987, 2987, 2988, 2988, 2988, 2989, 2989, 2989, 2990, + 2990, 2990, 2991, 2991, 937, 2991, 2991, 2992, 936, 2992, + 2992, 2993, 2993, 2994, 2994, 2995, 2995, 2996, 2996, 2997, + 2997, 2998, 2998, 2999, 2999, 3000, 3000, 3001, 3001, 3002, + 3002, 3003, 3003, 3004, 3004, 3005, 3005, 3006, 3006, 3007, + 3007, 3008, 3008, 3009, 3009, 3010, 3010, 3011, 3011, 3012, + 3012, 3013, 3013, 3014, 3014, 3015, 3015, 3016, 3016, 3017, + 3017, 3018, 3018, 3019, 3019, 3019, 3020, 3020, 3021, 3021, + 3021, 3022, 3022, 3022, 3023, 3023, 3024, 3024, 3024, 3025, + 3025, 3025, 3026, 3026, 3026, 3027, 3027, 3028, 3028, 3028, + + 3029, 3029, 3029, 3030, 3030, 3030, 3031, 3031, 3031, 3032, + 3032, 3032, 3033, 3033, 3033, 3034, 3034, 3035, 3035, 935, + 3035, 3035, 3036, 934, 3036, 3036, 3037, 3037, 3038, 3038, + 3039, 3039, 3040, 3040, 3041, 3041, 3042, 3042, 3043, 3043, + 3044, 3044, 3045, 3045, 3046, 3046, 3047, 3047, 3048, 3048, + 3049, 3049, 3050, 3050, 3051, 3051, 3052, 3052, 3053, 3053, + 3054, 3054, 3055, 3055, 3056, 3056, 3057, 3057, 3058, 3058, + 3059, 3059, 3060, 3060, 3061, 3061, 3062, 3062, 3063, 3063, + 3064, 3064, 3065, 3065, 3066, 3066, 3066, 3067, 3067, 3068, + 3068, 3068, 3069, 3069, 3069, 3070, 3070, 3071, 3071, 3071, + + 3072, 3072, 3072, 3073, 3073, 3073, 3074, 3074, 3074, 3075, + 3075, 3075, 3076, 3076, 3076, 3077, 3077, 3077, 3078, 3078, + 3078, 3079, 3079, 3080, 3080, 3080, 3081, 3081, 3081, 3082, + 3082, 3082, 3083, 3083, 933, 3083, 3083, 3084, 932, 3084, + 3084, 3085, 3085, 3086, 3086, 3087, 3087, 3088, 3088, 3089, + 3089, 3090, 3090, 3091, 3091, 3092, 3092, 3093, 3093, 3094, + 3094, 3095, 3095, 3096, 3096, 3097, 3097, 3098, 3098, 3099, + 3099, 3100, 3100, 3101, 3101, 3102, 3102, 3103, 3103, 3104, + 3104, 3105, 3105, 3106, 3106, 3107, 3107, 3108, 3108, 3109, + 3109, 3110, 3110, 3111, 3111, 3112, 3112, 3113, 3113, 3114, + + 3114, 3115, 3115, 3116, 3116, 3117, 3117, 3118, 3118, 3119, + 3119, 3120, 3120, 3120, 3121, 3121, 3122, 3122, 3122, 3123, + 3123, 3123, 3124, 3124, 3125, 3125, 3125, 3126, 3126, 3126, + 3127, 3127, 3127, 3128, 3128, 3128, 3129, 3129, 3130, 3130, + 3130, 3131, 3131, 3131, 3132, 3132, 3132, 3133, 3133, 3134, + 3134, 3134, 3135, 3135, 3135, 3136, 3136, 3136, 3137, 3137, + 3137, 3138, 3138, 3138, 3139, 3139, 3139, 3140, 3140, 3141, + 3141, 931, 3141, 3141, 3142, 930, 3142, 3142, 3143, 3143, + 3144, 3144, 3145, 3145, 3146, 3146, 3147, 3147, 3148, 3148, + 3149, 3149, 3150, 3150, 3151, 3151, 3152, 3152, 3153, 3153, + + 3154, 3154, 3155, 3155, 3156, 3156, 3157, 3157, 3158, 3158, + 3159, 3159, 3160, 3160, 3161, 3161, 3162, 3162, 3163, 3163, + 3164, 3164, 3165, 3165, 3166, 3166, 3167, 3167, 3168, 3168, + 3169, 3169, 3170, 3170, 3171, 3171, 3172, 3172, 3173, 3173, + 3174, 3174, 3175, 3175, 3176, 3176, 3177, 3177, 3178, 3178, + 3179, 3179, 3180, 3180, 3180, 3181, 3181, 3182, 3182, 3182, + 3183, 3183, 3183, 3184, 3184, 3184, 3185, 3185, 3185, 3186, + 3186, 3186, 3187, 3187, 3187, 3188, 3188, 3189, 3189, 3189, + 3190, 3190, 3190, 3191, 3191, 3191, 3192, 3192, 3192, 3193, + 3193, 3193, 3194, 3194, 3194, 3195, 3195, 3195, 3196, 3196, + + 3196, 3197, 3197, 3197, 3198, 3198, 3199, 3199, 3199, 3200, + 3200, 3200, 3201, 3201, 3201, 3202, 3202, 929, 3202, 3202, + 3203, 928, 3203, 3203, 3204, 3204, 3205, 3205, 3206, 3206, + 3207, 3207, 3208, 3208, 3209, 3209, 3210, 3210, 3211, 3211, + 3212, 3212, 3213, 3213, 3214, 3214, 3215, 3215, 3216, 3216, + 3217, 3217, 3218, 3218, 3219, 3219, 3220, 3220, 3221, 3221, + 3222, 3222, 3223, 3223, 3224, 3224, 3225, 3225, 3226, 3226, + 3227, 3227, 3228, 3228, 3229, 3229, 3230, 3230, 3231, 3231, + 3232, 3232, 3233, 3233, 3234, 3234, 3235, 3235, 3236, 3236, + 3237, 3237, 3238, 3238, 3239, 3239, 3240, 3240, 3241, 3241, + + 3242, 3242, 3243, 3243, 3244, 3244, 3245, 3245, 3246, 3246, + 3247, 3247, 3247, 3248, 3248, 3249, 3249, 3249, 3250, 3250, + 3250, 3251, 3251, 3252, 3252, 3252, 3253, 3253, 3253, 3254, + 3254, 3254, 3255, 3255, 3256, 3256, 3256, 3257, 3257, 3257, + 3258, 3258, 3258, 3259, 3259, 3259, 3260, 3260, 3260, 3261, + 3261, 3261, 3262, 3262, 3263, 3263, 3263, 3264, 3264, 3264, + 3265, 3265, 3265, 3266, 3266, 3267, 3267, 3267, 3268, 3268, + 3268, 3269, 3269, 3269, 3270, 3270, 3270, 3271, 3271, 3271, + 3272, 3272, 3272, 3273, 3273, 3274, 3274, 927, 3274, 3274, + 3275, 926, 3275, 3275, 3276, 3276, 3277, 3277, 3278, 3278, + + 3279, 3279, 3280, 3280, 3281, 3281, 3282, 3282, 3283, 3283, + 3284, 3284, 3285, 3285, 3286, 3286, 3287, 3287, 3288, 3288, + 3289, 3289, 3290, 3290, 3291, 3291, 3292, 3292, 3293, 3293, + 3294, 3294, 3295, 3295, 3296, 3296, 3297, 3297, 3298, 3298, + 3299, 3299, 3300, 3300, 3301, 3301, 3302, 3302, 3303, 3303, + 3304, 3304, 3305, 3305, 3306, 3306, 3307, 3307, 3308, 3308, + 3309, 3309, 3310, 3310, 3311, 3311, 3312, 3312, 3313, 3313, + 3314, 3314, 3315, 3315, 3316, 3316, 3317, 3317, 3318, 3318, + 3319, 3319, 3320, 3320, 3321, 3321, 3321, 3322, 3322, 3323, + 3323, 3323, 3324, 3324, 3324, 3325, 3325, 3326, 3326, 3326, + + 3327, 3327, 3327, 3328, 3328, 3328, 3329, 3329, 3329, 3330, + 3330, 3330, 3331, 3331, 3331, 3332, 3332, 3332, 3333, 3333, + 3333, 3334, 3334, 3335, 3335, 3335, 3336, 3336, 3336, 3337, + 3337, 3337, 3338, 3338, 3338, 3339, 3339, 3339, 3340, 3340, + 3340, 3341, 3341, 3341, 3342, 3342, 3342, 3343, 3343, 3343, + 3344, 3344, 3345, 3345, 3345, 3346, 3346, 3346, 3347, 3347, + 3347, 3348, 3348, 925, 3348, 3348, 3349, 924, 3349, 3349, + 3350, 3350, 3351, 3351, 3352, 3352, 3353, 3353, 3354, 3354, + 3355, 3355, 3356, 3356, 3357, 3357, 3358, 3358, 3359, 3359, + 3360, 3360, 3361, 3361, 3362, 3362, 3363, 3363, 3364, 3364, + + 3365, 3365, 3366, 3366, 3367, 3367, 3368, 3368, 3369, 3369, + 3370, 3370, 3371, 3371, 3372, 3372, 3373, 3373, 3374, 3374, + 3375, 3375, 3376, 3376, 3377, 3377, 3378, 3378, 3379, 3379, + 3380, 3380, 3381, 3381, 3382, 3382, 3383, 3383, 3384, 3384, + 3385, 3385, 3386, 3386, 3387, 3387, 3388, 3388, 3389, 3389, + 3390, 3390, 3391, 3391, 3392, 3392, 3393, 3393, 3394, 3394, + 3395, 3395, 3396, 3396, 3397, 3397, 3398, 3398, 3399, 3399, + 3400, 3400, 3401, 3401, 3402, 3402, 3402, 3403, 3403, 3404, + 3404, 3404, 3405, 3405, 3405, 3406, 3406, 3407, 3407, 3407, + 3408, 3408, 3408, 3409, 3409, 3409, 3410, 3410, 3410, 3411, + + 3411, 3412, 3412, 3412, 3413, 3413, 3413, 3414, 3414, 3414, + 3415, 3415, 3416, 3416, 3416, 3417, 3417, 3417, 3418, 3418, + 3418, 3419, 3419, 3419, 3420, 3420, 3420, 3421, 3421, 3421, + 3422, 3422, 3423, 3423, 3423, 3424, 3424, 3424, 3425, 3425, + 3425, 3426, 3426, 3427, 3427, 3427, 3428, 3428, 3428, 3429, + 3429, 3429, 3430, 3430, 3430, 3431, 3431, 3431, 3432, 3432, + 3432, 3433, 3433, 3434, 3434, 923, 3434, 3434, 3435, 922, + 3435, 3435, 3436, 3436, 3437, 3437, 3438, 3438, 3439, 3439, + 3440, 3440, 3441, 3441, 3442, 3442, 3443, 3443, 3444, 3444, + 3445, 3445, 3446, 3446, 3447, 3447, 3448, 3448, 3449, 3449, + + 3450, 3450, 3451, 3451, 3452, 3452, 3453, 3453, 3454, 3454, + 3455, 3455, 3456, 3456, 3457, 3457, 3458, 3458, 3459, 3459, + 3460, 3460, 3461, 3461, 3462, 3462, 3463, 3463, 3464, 3464, + 3465, 3465, 3466, 3466, 3467, 3467, 3468, 3468, 3469, 3469, + 3470, 3470, 3471, 3471, 3472, 3472, 3473, 3473, 3474, 3474, + 3475, 3475, 3476, 3476, 3477, 3477, 3478, 3478, 3479, 3479, + 3480, 3480, 3481, 3481, 3482, 3482, 3483, 3483, 3484, 3484, + 3485, 3485, 3486, 3486, 3487, 3487, 3488, 3488, 3489, 3489, + 3489, 3490, 3490, 3491, 3491, 3491, 3492, 3492, 3492, 3493, + 3493, 3493, 3494, 3494, 3494, 3495, 3495, 3495, 3496, 3496, + + 3496, 3497, 3497, 3498, 3498, 3498, 3499, 3499, 3499, 3500, + 3500, 3500, 3501, 3501, 3501, 3502, 3502, 3502, 3503, 3503, + 3503, 3504, 3504, 3504, 3505, 3505, 3505, 3506, 3506, 3506, + 3507, 3507, 3508, 3508, 3508, 3509, 3509, 3509, 3510, 3510, + 3510, 3511, 3511, 3511, 3512, 3512, 3512, 3513, 3513, 3513, + 3514, 3514, 3514, 3515, 3515, 3515, 3516, 3516, 3516, 3517, + 3517, 3518, 3518, 3518, 3519, 3519, 3519, 3520, 3520, 3520, + 3521, 3521, 921, 3521, 3521, 3522, 920, 3522, 3522, 3523, + 3523, 3524, 3524, 3525, 3525, 3526, 3526, 3527, 3527, 3528, + 3528, 3529, 3529, 3530, 3530, 3531, 3531, 3532, 3532, 3533, + + 3533, 3534, 3534, 3535, 3535, 3536, 3536, 3537, 3537, 3538, + 3538, 3539, 3539, 3540, 3540, 3541, 3541, 3542, 3542, 3543, + 3543, 3544, 3544, 3545, 3545, 3546, 3546, 3547, 3547, 3548, + 3548, 3549, 3549, 3550, 3550, 3551, 3551, 3552, 3552, 3553, + 3553, 3554, 3554, 3555, 3555, 3556, 3556, 3557, 3557, 3558, + 3558, 3559, 3559, 3560, 3560, 3561, 3561, 3562, 3562, 3563, + 3563, 3564, 3564, 3565, 3565, 3566, 3566, 3567, 3567, 3568, + 3568, 3569, 3569, 3570, 3570, 3571, 3571, 3572, 3572, 3573, + 3573, 3574, 3574, 3575, 3575, 3576, 3576, 3577, 3577, 3578, + 3578, 3579, 3579, 3580, 3580, 3581, 3581, 3581, 3582, 3582, + + 3583, 3583, 3583, 3584, 3584, 3584, 3585, 3585, 3586, 3586, + 3586, 3587, 3587, 3587, 3588, 3588, 3588, 3589, 3589, 3590, + 3590, 3590, 3591, 3591, 3591, 3592, 3592, 3592, 3593, 3593, + 3593, 3594, 3594, 3594, 3595, 3595, 3595, 3596, 3596, 3597, + 3597, 3597, 3598, 3598, 3598, 3599, 3599, 3599, 3600, 3600, + 3601, 3601, 3601, 3602, 3602, 3602, 3603, 3603, 3603, 3604, + 3604, 3604, 3605, 3605, 3605, 3606, 3606, 3606, 3607, 3607, + 3608, 3608, 3608, 3609, 3609, 3609, 3610, 3610, 3610, 3611, + 3611, 3612, 3612, 3612, 3613, 3613, 3613, 3614, 3614, 3614, + 3615, 3615, 3615, 3616, 3616, 3616, 3617, 3617, 3617, 3618, + + 3618, 3619, 3619, 919, 3619, 3619, 3620, 918, 3620, 3620, + 3621, 3621, 3622, 3622, 3623, 3623, 3624, 3624, 3625, 3625, + 3626, 3626, 3627, 3627, 3628, 3628, 3629, 3629, 3630, 3630, + 3631, 3631, 3632, 3632, 3633, 3633, 3634, 3634, 3635, 3635, + 3636, 3636, 3637, 3637, 3638, 3638, 3639, 3639, 3640, 3640, + 3641, 3641, 3642, 3642, 3643, 3643, 3644, 3644, 3645, 3645, + 3646, 3646, 3647, 3647, 3648, 3648, 3649, 3649, 3650, 3650, + 3651, 3651, 3652, 3652, 3653, 3653, 3654, 3654, 3655, 3655, + 3656, 3656, 3657, 3657, 3658, 3658, 3659, 3659, 3660, 3660, + 3661, 3661, 3662, 3662, 3663, 3663, 3664, 3664, 3665, 3665, + + 3666, 3666, 3667, 3667, 3668, 3668, 3669, 3669, 3670, 3670, + 3671, 3671, 3672, 3672, 3673, 3673, 3674, 3674, 3675, 3675, + 3676, 3676, 3677, 3677, 3678, 3678, 3679, 3679, 3679, 3680, + 3680, 3681, 3681, 3681, 3682, 3682, 3682, 3683, 3683, 3684, + 3684, 3684, 3685, 3685, 3685, 3686, 3686, 3686, 3687, 3687, + 3687, 3688, 3688, 3688, 3689, 3689, 3689, 3690, 3690, 3690, + 3691, 3691, 3691, 3692, 3692, 3693, 3693, 3693, 3694, 3694, + 3694, 3695, 3695, 3695, 3696, 3696, 3696, 3697, 3697, 3697, + 3698, 3698, 3698, 3699, 3699, 3699, 3700, 3700, 3700, 3701, + 3701, 3701, 3702, 3702, 3703, 3703, 3703, 3704, 3704, 3704, + + 3705, 3705, 3705, 3706, 3706, 3706, 3707, 3707, 3707, 3708, + 3708, 3708, 3709, 3709, 3709, 3710, 3710, 3710, 3711, 3711, + 3711, 3712, 3712, 3713, 3713, 3713, 3714, 3714, 3714, 3715, + 3715, 3715, 3716, 3716, 917, 3716, 3716, 3717, 916, 3717, + 3717, 3718, 3718, 3719, 3719, 3720, 3720, 3721, 3721, 3722, + 3722, 3723, 3723, 3724, 3724, 3725, 3725, 3726, 3726, 3727, + 3727, 3728, 3728, 3729, 3729, 3730, 3730, 3731, 3731, 3732, + 3732, 3733, 3733, 3734, 3734, 3735, 3735, 3736, 3736, 3737, + 3737, 3738, 3738, 3739, 3739, 3740, 3740, 3741, 3741, 3742, + 3742, 3743, 3743, 3744, 3744, 3745, 3745, 3746, 3746, 3747, + + 3747, 3748, 3748, 3749, 3749, 3750, 3750, 3751, 3751, 3752, + 3752, 3753, 3753, 3754, 3754, 3755, 3755, 3756, 3756, 3757, + 3757, 3758, 3758, 3759, 3759, 3760, 3760, 3761, 3761, 3762, + 3762, 3763, 3763, 3764, 3764, 3765, 3765, 3766, 3766, 3767, + 3767, 3768, 3768, 3769, 3769, 3770, 3770, 3771, 3771, 3772, + 3772, 3773, 3773, 3774, 3774, 3775, 3775, 3776, 3776, 3777, + 3777, 3777, 3778, 3778, 3779, 3779, 3779, 3780, 3780, 3780, + 3781, 3781, 3781, 3782, 3782, 3782, 3783, 3783, 3783, 3784, + 3784, 3785, 3785, 3785, 3786, 3786, 3786, 3787, 3787, 3787, + 3788, 3788, 3789, 3789, 3789, 3790, 3790, 3790, 3791, 3791, + + 3791, 3792, 3792, 3792, 3793, 3793, 3793, 3794, 3794, 3794, + 3795, 3795, 3796, 3796, 3796, 3797, 3797, 3797, 3798, 3798, + 3798, 3799, 3799, 3800, 3800, 3800, 3801, 3801, 3801, 3802, + 3802, 3802, 3803, 3803, 3803, 3804, 3804, 3804, 3805, 3805, + 3805, 3806, 3806, 3807, 3807, 3807, 3808, 3808, 3808, 3809, + 3809, 3809, 3810, 3810, 3811, 3811, 3811, 3812, 3812, 3812, + 3813, 3813, 3813, 3814, 3814, 3814, 3815, 3815, 3815, 3816, + 3816, 3816, 3817, 3817, 3818, 3818, 915, 3818, 3818, 3819, + 914, 3819, 3819, 3820, 3820, 3821, 3821, 3822, 3822, 3823, + 3823, 3824, 3824, 3825, 3825, 3826, 3826, 3827, 3827, 3828, + + 3828, 3829, 3829, 3830, 3830, 3831, 3831, 3832, 3832, 3833, + 3833, 3834, 3834, 3835, 3835, 3836, 3836, 3837, 3837, 3838, + 3838, 3839, 3839, 3840, 3840, 3841, 3841, 3842, 3842, 3843, + 3843, 3844, 3844, 3845, 3845, 3846, 3846, 3847, 3847, 3848, + 3848, 3849, 3849, 3850, 3850, 3851, 3851, 3852, 3852, 3853, + 3853, 3854, 3854, 3855, 3855, 3856, 3856, 3857, 3857, 3858, + 3858, 3859, 3859, 3860, 3860, 3861, 3861, 3862, 3862, 3863, + 3863, 3864, 3864, 3865, 3865, 3866, 3866, 3867, 3867, 3868, + 3868, 3869, 3869, 3870, 3870, 3871, 3871, 3872, 3872, 3873, + 3873, 3874, 3874, 3875, 3875, 3876, 3876, 3877, 3877, 3877, + + 3878, 3878, 3878, 3879, 3879, 3879, 3880, 3880, 3881, 3881, + 3881, 3882, 3882, 3882, 3883, 3883, 3883, 3884, 3884, 3884, + 3885, 3885, 3885, 3886, 3886, 3886, 3887, 3887, 3887, 3888, + 3888, 3888, 3889, 3889, 3889, 3890, 3890, 3891, 3891, 3891, + 3892, 3892, 3892, 3893, 3893, 3893, 3894, 3894, 3894, 3895, + 3895, 3895, 3896, 3896, 3896, 3897, 3897, 3897, 3898, 3898, + 3898, 3899, 3899, 3899, 3900, 3900, 3901, 3901, 3901, 3902, + 3902, 3902, 3903, 3903, 3903, 3904, 3904, 3904, 3905, 3905, + 3905, 3906, 3906, 3906, 3907, 3907, 3907, 3908, 3908, 3908, + 3909, 3909, 3909, 3910, 3910, 3911, 3911, 3911, 3912, 3912, + + 3912, 3913, 3913, 3913, 3914, 3914, 912, 3914, 3914, 3915, + 903, 3915, 3915, 3916, 3916, 3917, 3917, 3918, 3918, 3919, + 3919, 3920, 3920, 3921, 3921, 3922, 3922, 3923, 3923, 3924, + 3924, 3925, 3925, 3926, 3926, 3927, 3927, 3928, 3928, 3929, + 3929, 3930, 3930, 3931, 3931, 3932, 3932, 3933, 3933, 3934, + 3934, 3935, 3935, 3936, 3936, 3937, 3937, 3938, 3938, 3939, + 3939, 3940, 3940, 3941, 3941, 3942, 3942, 3943, 3943, 3944, + 3944, 3945, 3945, 3946, 3946, 3947, 3947, 3948, 3948, 3949, + 3949, 3950, 3950, 3951, 3951, 3952, 3952, 3953, 3953, 3954, + 3954, 3955, 3955, 3956, 3956, 3957, 3957, 3958, 3958, 3959, + + 3959, 3960, 3960, 3961, 3961, 3962, 3962, 3963, 3963, 3964, + 3964, 3965, 3965, 3966, 3966, 3967, 3967, 3968, 3968, 3969, + 3969, 3970, 3970, 3971, 3971, 3972, 3972, 3972, 3973, 3973, + 3973, 3974, 3974, 3974, 3975, 3975, 3975, 3976, 3976, 3976, + 3977, 3977, 3977, 3978, 3978, 3979, 3979, 3979, 3980, 3980, + 3980, 3981, 3981, 3981, 3982, 3982, 3982, 3983, 3983, 3983, + 3984, 3984, 3984, 3985, 3985, 3985, 3986, 3986, 3986, 3987, + 3987, 3988, 3988, 3988, 3989, 3989, 3989, 3990, 3990, 3990, + 3991, 3991, 3992, 3992, 3992, 3993, 3993, 3993, 3994, 3994, + 3994, 3995, 3995, 3995, 3996, 3996, 3996, 3997, 3997, 3997, + + 3998, 3998, 3999, 3999, 3999, 4000, 4000, 4000, 4001, 4001, + 4001, 4002, 4002, 4003, 4003, 4003, 4004, 4004, 4004, 4005, + 4005, 4005, 4006, 4006, 4006, 4007, 4007, 4007, 4008, 4008, + 4008, 4009, 4009, 4010, 4010, 894, 4010, 4010, 4011, 891, + 4011, 4011, 4012, 4012, 4013, 4013, 4014, 4014, 4015, 4015, + 4016, 4016, 4017, 4017, 4018, 4018, 4019, 4019, 4020, 4020, + 4021, 4021, 4022, 4022, 4023, 4023, 4024, 4024, 4025, 4025, + 4026, 4026, 4027, 4027, 4028, 4028, 4029, 4029, 4030, 4030, + 4031, 4031, 4032, 4032, 4033, 4033, 4034, 4034, 4035, 4035, + 4036, 4036, 4037, 4037, 4038, 4038, 4039, 4039, 4040, 4040, + + 4041, 4041, 4042, 4042, 4043, 4043, 4044, 4044, 4045, 4045, + 4046, 4046, 4047, 4047, 4048, 4048, 4049, 4049, 4050, 4050, + 4051, 4051, 4052, 4052, 4053, 4053, 4054, 4054, 4055, 4055, + 4056, 4056, 4057, 4057, 4058, 4058, 4059, 4059, 4060, 4060, + 4061, 4061, 4062, 4062, 4063, 4063, 4063, 4064, 4064, 4064, + 4065, 4065, 4065, 4066, 4066, 4066, 4067, 4067, 4067, 4068, + 4068, 4068, 4069, 4069, 4069, 4070, 4070, 4070, 4071, 4071, + 4071, 4072, 4072, 4073, 4073, 4073, 4074, 4074, 4074, 4075, + 4075, 4075, 4076, 4076, 4076, 4077, 4077, 4077, 4078, 4078, + 4078, 4079, 4079, 4079, 4080, 4080, 4080, 4081, 4081, 4081, + + 4082, 4082, 4083, 4083, 4083, 4084, 4084, 4084, 4085, 4085, + 4085, 4086, 4086, 4086, 4087, 4087, 4087, 4088, 4088, 4088, + 4089, 4089, 4089, 4090, 4090, 4090, 4091, 4091, 4091, 4092, + 4092, 4093, 4093, 4093, 4094, 4094, 4094, 4095, 4095, 4095, + 4096, 4096, 890, 4096, 4096, 4097, 889, 4097, 4097, 4098, + 4098, 4099, 4099, 4100, 4100, 4101, 4101, 4102, 4102, 4103, + 4103, 4104, 4104, 4105, 4105, 4106, 4106, 4107, 4107, 4108, + 4108, 4109, 4109, 4110, 4110, 4111, 4111, 4112, 4112, 4113, + 4113, 4114, 4114, 4115, 4115, 4116, 4116, 4117, 4117, 4118, + 4118, 4119, 4119, 4120, 4120, 4121, 4121, 4122, 4122, 4123, + + 4123, 4124, 4124, 4125, 4125, 4126, 4126, 4127, 4127, 4128, + 4128, 4129, 4129, 4130, 4130, 4131, 4131, 4132, 4132, 4133, + 4133, 4134, 4134, 4135, 4135, 4136, 4136, 4137, 4137, 4138, + 4138, 4139, 4139, 4140, 4140, 4141, 4141, 4141, 4142, 4142, + 4142, 4143, 4143, 4143, 4144, 4144, 4145, 4145, 4145, 4146, + 4146, 4146, 4147, 4147, 4147, 4148, 4148, 4148, 4149, 4149, + 4149, 4150, 4150, 4150, 4151, 4151, 4151, 4152, 4152, 4153, + 4153, 4153, 4154, 4154, 4154, 4155, 4155, 4155, 4156, 4156, + 4157, 4157, 4157, 4158, 4158, 4158, 4159, 4159, 4159, 4160, + 4160, 4160, 4161, 4161, 4161, 4162, 4162, 4162, 4163, 4163, + + 4164, 4164, 4164, 4165, 4165, 4165, 4166, 4166, 4166, 4167, + 4167, 4168, 4168, 4168, 4169, 4169, 4169, 4170, 4170, 4170, + 4171, 4171, 4171, 4172, 4172, 4172, 4173, 4173, 4173, 4174, + 4174, 4175, 4175, 888, 4175, 4175, 4176, 887, 4176, 4176, + 4177, 4177, 4178, 4178, 4179, 4179, 4180, 4180, 4181, 4181, + 4182, 4182, 4183, 4183, 4184, 4184, 4185, 4185, 4186, 4186, + 4187, 4187, 4188, 4188, 4189, 4189, 4190, 4190, 4191, 4191, + 4192, 4192, 4193, 4193, 4194, 4194, 4195, 4195, 4196, 4196, + 4197, 4197, 4198, 4198, 4199, 4199, 4200, 4200, 4201, 4201, + 4202, 4202, 4203, 4203, 4204, 4204, 4205, 4205, 4206, 4206, + + 4207, 4207, 4208, 4208, 4209, 4209, 4210, 4210, 4211, 4211, + 4212, 4212, 4213, 4213, 4214, 4214, 4215, 4215, 4215, 4216, + 4216, 4216, 4217, 4217, 4217, 4218, 4218, 4218, 4219, 4219, + 4219, 4220, 4220, 4221, 4221, 4221, 4222, 4222, 4222, 4223, + 4223, 4223, 4224, 4224, 4224, 4225, 4225, 4225, 4226, 4226, + 4226, 4227, 4227, 4227, 4228, 4228, 4228, 4229, 4229, 4229, + 4230, 4230, 4231, 4231, 4231, 4232, 4232, 4232, 4233, 4233, + 4233, 4234, 4234, 4234, 4235, 4235, 4235, 4236, 4236, 4236, + 4237, 4237, 4237, 4238, 4238, 4238, 4239, 4239, 4239, 4240, + 4240, 4241, 4241, 4241, 4242, 4242, 4242, 4243, 4243, 4243, + + 4244, 4244, 886, 4244, 4244, 4245, 882, 4245, 4245, 4246, + 4246, 4247, 4247, 4248, 4248, 4249, 4249, 4250, 4250, 4251, + 4251, 4252, 4252, 4253, 4253, 4254, 4254, 4255, 4255, 4256, + 4256, 4257, 4257, 4258, 4258, 4259, 4259, 4260, 4260, 4261, + 4261, 4262, 4262, 4263, 4263, 4264, 4264, 4265, 4265, 4266, + 4266, 4267, 4267, 4268, 4268, 4269, 4269, 4270, 4270, 4271, + 4271, 4272, 4272, 4273, 4273, 4274, 4274, 4275, 4275, 4276, + 4276, 4277, 4277, 4278, 4278, 4279, 4279, 4280, 4280, 4281, + 4281, 4281, 4282, 4282, 4282, 4283, 4283, 4283, 4284, 4284, + 4284, 4285, 4285, 4285, 4286, 4286, 4286, 4287, 4287, 4288, + + 4288, 4288, 4289, 4289, 4289, 4290, 4290, 4290, 4291, 4291, + 4291, 4292, 4292, 4292, 4293, 4293, 4293, 4294, 4294, 4294, + 4295, 4295, 4295, 4296, 4296, 4297, 4297, 4297, 4298, 4298, + 4298, 4299, 4299, 4299, 4300, 4300, 4301, 4301, 4301, 4302, + 4302, 4302, 4303, 4303, 4303, 4304, 4304, 4304, 4305, 4305, + 4305, 4306, 4306, 4306, 4307, 4307, 4308, 4308, 868, 4308, + 4308, 4309, 859, 4309, 4309, 4310, 4310, 4311, 4311, 4312, + 4312, 4313, 4313, 4314, 4314, 4315, 4315, 4316, 4316, 4317, + 4317, 4318, 4318, 4319, 4319, 4320, 4320, 4321, 4321, 4322, + 4322, 4323, 4323, 4324, 4324, 4325, 4325, 4326, 4326, 4327, + + 4327, 4328, 4328, 4329, 4329, 4330, 4330, 4331, 4331, 4332, + 4332, 4333, 4333, 4334, 4334, 4335, 4335, 4336, 4336, 4337, + 4337, 4338, 4338, 4339, 4339, 4339, 4340, 4340, 4340, 4341, + 4341, 4341, 4342, 4342, 4342, 4343, 4343, 4343, 4344, 4344, + 4344, 4345, 4345, 4345, 4346, 4346, 4346, 4347, 4347, 4347, + 4348, 4348, 4349, 4349, 4349, 4350, 4350, 4350, 4351, 4351, + 4351, 4352, 4352, 4352, 4353, 4353, 4353, 4354, 4354, 4354, + 4355, 4355, 4355, 4356, 4356, 4356, 4357, 4357, 4357, 4358, + 4358, 4359, 4359, 4359, 4360, 4360, 4360, 4361, 4361, 4361, + 4362, 4362, 856, 4362, 4362, 4363, 854, 4363, 4363, 4364, + + 4364, 4365, 4365, 4366, 4366, 4367, 4367, 4368, 4368, 4369, + 4369, 4370, 4370, 4371, 4371, 4372, 4372, 4373, 4373, 4374, + 4374, 4375, 4375, 4376, 4376, 4377, 4377, 4378, 4378, 4379, + 4379, 4380, 4380, 4381, 4381, 4382, 4382, 4383, 4383, 4384, + 4384, 4385, 4385, 4386, 4386, 4387, 4387, 4387, 4388, 4388, + 4388, 4389, 4389, 4389, 4390, 4390, 4391, 4391, 4391, 4392, + 4392, 4392, 4393, 4393, 4393, 4394, 4394, 4394, 4395, 4395, + 4395, 4396, 4396, 4396, 4397, 4397, 4397, 4398, 4398, 4399, + 4399, 4399, 4400, 4400, 4400, 4401, 4401, 4401, 4402, 4402, + 4403, 4403, 4403, 4404, 4404, 4404, 4405, 4405, 4405, 4406, + + 4406, 4406, 4407, 4407, 4407, 4408, 4408, 4408, 4409, 4409, + 4410, 4410, 853, 4410, 4410, 4411, 852, 4411, 4411, 4412, + 4412, 4413, 4413, 4414, 4414, 4415, 4415, 4416, 4416, 4417, + 4417, 4418, 4418, 4419, 4419, 4420, 4420, 4421, 4421, 4422, + 4422, 4423, 4423, 4424, 4424, 4425, 4425, 4426, 4426, 4427, + 4427, 4428, 4428, 4429, 4429, 4430, 4430, 4430, 4431, 4431, + 4431, 4432, 4432, 4432, 4433, 4433, 4433, 4434, 4434, 4434, + 4435, 4435, 4436, 4436, 4436, 4437, 4437, 4437, 4438, 4438, + 4438, 4439, 4439, 4439, 4440, 4440, 4440, 4441, 4441, 4441, + 4442, 4442, 4442, 4443, 4443, 4443, 4444, 4444, 4444, 4445, + + 4445, 4446, 4446, 4446, 4447, 4447, 4447, 4448, 4448, 4448, + 4449, 4449, 851, 4449, 4449, 4450, 850, 4450, 4450, 4451, + 4451, 4452, 4452, 4453, 4453, 4454, 4454, 4455, 4455, 4456, + 4456, 4457, 4457, 4458, 4458, 4459, 4459, 4460, 4460, 4461, + 4461, 4462, 4462, 4463, 4463, 4464, 4464, 4465, 4465, 4466, + 4466, 4467, 4467, 4467, 4468, 4468, 4468, 4469, 4469, 4469, + 4470, 4470, 4470, 4471, 4471, 4471, 4472, 4472, 4472, 4473, + 4473, 4474, 4474, 4474, 4475, 4475, 4475, 4476, 4476, 4476, + 4477, 4477, 4477, 4478, 4478, 4478, 4479, 4479, 4479, 4480, + 4480, 4480, 4481, 4481, 4481, 4482, 4482, 4483, 4483, 849, + + 4483, 4483, 4484, 848, 4484, 4484, 4485, 4485, 4486, 4486, + 4487, 4487, 4488, 4488, 4489, 4489, 4490, 4490, 4491, 4491, + 4492, 4492, 4493, 4493, 4494, 4494, 4494, 4495, 4495, 4495, + 4496, 4496, 4496, 4497, 4497, 4497, 4498, 4498, 4498, 4499, + 4499, 4499, 4500, 4500, 4500, 4501, 4501, 4502, 4502, 4502, + 4503, 4503, 4503, 4504, 4504, 4504, 4505, 847, 4505, 4505, + 4506, 4506, 4507, 4507, 4508, 4508, 4509, 4509, 4510, 4510, + 4511, 4511, 4512, 4512, 4513, 4513, 4513, 4514, 4514, 4514, + 4515, 4515, 4515, 4516, 4516, 4516, 4517, 4517, 4517, 4518, + 4518, 4518, 4519, 4519, 4519, 4520, 4520, 4520, 4521, 4521, + + 4522, 846, 4522, 4522, 4523, 4523, 4524, 4524, 4525, 4525, + 4526, 4526, 4527, 4527, 4528, 4528, 4528, 4529, 4529, 4529, + 4530, 4530, 4530, 4531, 4531, 4531, 4532, 4532, 4532, 4533, + 4533, 4533, 4534, 845, 4534, 4534, 4535, 4535, 4536, 4536, + 4537, 4537, 4538, 4538, 4538, 4539, 4539, 4539, 4540, 4540, + 4540, 4541, 4541, 4541, 4542, 844, 4542, 4542, 4543, 4543, + 4544, 4544, 4545, 4545, 4545, 4546, 4546, 4546, 4547, 843, + 4547, 4547, 4548, 4548, 4548, 4549, 842, 4549, 4549, 4550, + 841, 4550, 4550, 4551, 840, 4551, 4551, 4552, 839, 4552, + 4552, 4553, 838, 4553, 4553, 4554, 837, 4554, 4554, 4555, + + 836, 4555, 4555, 4556, 835, 4556, 4556, 4557, 834, 4557, + 4557, 4558, 833, 4558, 4558, 4559, 832, 4559, 4559, 4560, + 831, 4560, 4560, 4561, 830, 4561, 4561, 4562, 829, 4562, + 4562, 4563, 828, 4563, 4563, 4564, 827, 4564, 4564, 4565, + 826, 4565, 4565, 4566, 825, 4566, 4566, 4567, 823, 4567, + 4567, 4568, 810, 4568, 4568, 4569, 800, 4569, 4569, 4570, + 799, 4570, 4570, 4571, 798, 4571, 4571, 4572, 797, 4572, + 4572, 4573, 796, 4573, 4573, 4574, 795, 4574, 4574, 4575, + 780, 4575, 4575, 773, 769, 766, 764, 763, 762, 761, + 760, 759, 758, 757, 756, 755, 754, 753, 752, 751, + + 750, 749, 748, 747, 746, 745, 744, 743, 742, 741, + 740, 739, 737, 734, 729, 726, 716, 711, 708, 707, + 706, 705, 704, 703, 702, 690, 684, 677, 675, 674, + 673, 672, 671, 670, 669, 668, 667, 666, 665, 664, + 663, 662, 661, 660, 659, 658, 657, 656, 655, 653, + 647, 645, 632, 631, 630, 620, 619, 613, 612, 611, + 610, 609, 608, 607, 595, 592, 589, 584, 581, 579, + 578, 577, 576, 575, 574, 573, 572, 571, 570, 569, + 568, 567, 566, 565, 564, 562, 556, 550, 549, 526, + 521, 520, 519, 518, 517, 516, 512, 499, 492, 489, + + 487, 486, 485, 484, 483, 482, 481, 480, 479, 478, + 477, 475, 468, 461, 460, 437, 433, 432, 431, 430, + 429, 428, 422, 409, 402, 399, 397, 396, 395, 394, + 393, 392, 391, 390, 388, 381, 372, 371, 349, 337, + 316, 314, 313, 312, 311, 310, 308, 246, 238, 231, + 226, 222, 221, 220, 218, 146, 143, 141, 140, 139, + 131, 129, 72, 61, 59, 57, 56, 54, 51, 49, + 42, 35, 13, 8, 3, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, 2864, + 2864, 2864, 2864, 2864 + } ; + +/* Table of booleans, true if rule could match eol. */ +static yyconst flex_int32_t yy_rule_can_match_eol[106] = + { 0, +0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1, 0, 0, }; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "read_config_lex.l" +#line 2 "read_config_lex.l" +/* + * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: configuration file syntax + */ + +#include <string.h> + +#include "read_config_yy.h" +#define YY_NO_INPUT 1 +#line 4214 "read_config_lex.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include <unistd.h> +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); + +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +int yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else +#define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 57 "read_config_lex.l" + +#line 4401 "read_config_lex.c" + + if ( !(yy_init) ) + { + (yy_init) = 1; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 2865 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 10776 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + + if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) + { + int yyl; + for ( yyl = 0; yyl < yyleng; ++yyl ) + if ( yytext[yyl] == '\n' ) + + yylineno++; +; + } + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 58 "read_config_lex.l" +{ return T_UNIX; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 59 "read_config_lex.l" +{ return T_IPV4_ADDR; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 60 "read_config_lex.l" +{ return T_IPV6_ADDR; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 61 "read_config_lex.l" +{ return T_IPV4_DEST_ADDR; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 62 "read_config_lex.l" +{ return T_IPV6_DEST_ADDR; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 63 "read_config_lex.l" +{ return T_IPV4_IFACE; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 64 "read_config_lex.l" +{ return T_IPV6_IFACE; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 65 "read_config_lex.l" +{ return T_IFACE; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 66 "read_config_lex.l" +{ return T_MULTICAST; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 67 "read_config_lex.l" +{ return T_UDP; } + YY_BREAK +case 11: +YY_RULE_SETUP +#line 68 "read_config_lex.l" +{ return T_TCP; } + YY_BREAK +case 12: +YY_RULE_SETUP +#line 69 "read_config_lex.l" +{ return T_HASHSIZE; } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 70 "read_config_lex.l" +{ return T_REFRESH; } + YY_BREAK +case 14: +YY_RULE_SETUP +#line 71 "read_config_lex.l" +{ return T_EXPIRE; } + YY_BREAK +case 15: +YY_RULE_SETUP +#line 72 "read_config_lex.l" +{ return T_TIMEOUT; } + YY_BREAK +case 16: +YY_RULE_SETUP +#line 73 "read_config_lex.l" +{ return T_DELAY; } + YY_BREAK +case 17: +YY_RULE_SETUP +#line 74 "read_config_lex.l" +{ return T_HASHLIMIT; } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 75 "read_config_lex.l" +{ return T_PATH; } + YY_BREAK +case 19: +YY_RULE_SETUP +#line 76 "read_config_lex.l" +{ return T_IGNORE_PROTOCOL; } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 77 "read_config_lex.l" +{ return T_IGNORE_TRAFFIC; } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 78 "read_config_lex.l" +{ return T_STRIP_NAT; } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 79 "read_config_lex.l" +{ return T_BACKLOG; } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 80 "read_config_lex.l" +{ return T_GROUP; } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 81 "read_config_lex.l" +{ return T_PORT; } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 82 "read_config_lex.l" +{ return T_LOG; } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 83 "read_config_lex.l" +{ return T_SYSLOG; } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 84 "read_config_lex.l" +{ return T_LOCK; } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 85 "read_config_lex.l" +{ return T_GENERAL; } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 86 "read_config_lex.l" +{ return T_SYNC; } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 87 "read_config_lex.l" +{ return T_STATS; } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 88 "read_config_lex.l" +{ return T_RELAX_TRANSITIONS; } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 89 "read_config_lex.l" +{ return T_BUFFER_SIZE; /* alias */ } + YY_BREAK +case 33: +YY_RULE_SETUP +#line 90 "read_config_lex.l" +{ return T_BUFFER_SIZE_MAX_GROWN; /* alias */ } + YY_BREAK +case 34: +YY_RULE_SETUP +#line 91 "read_config_lex.l" +{ return T_BUFFER_SIZE_MAX_GROWN; /* alias */ } + YY_BREAK +case 35: +YY_RULE_SETUP +#line 92 "read_config_lex.l" +{ return T_BUFFER_SIZE; } + YY_BREAK +case 36: +YY_RULE_SETUP +#line 93 "read_config_lex.l" +{ return T_BUFFER_SIZE_MAX_GROWN; } + YY_BREAK +case 37: +YY_RULE_SETUP +#line 94 "read_config_lex.l" +{ return T_SYNC_MODE; } + YY_BREAK +case 38: +YY_RULE_SETUP +#line 95 "read_config_lex.l" +{ return T_LISTEN_TO; } + YY_BREAK +case 39: +YY_RULE_SETUP +#line 96 "read_config_lex.l" +{ return T_FAMILY; } + YY_BREAK +case 40: +YY_RULE_SETUP +#line 97 "read_config_lex.l" +{ return T_RESEND_BUFFER_SIZE; } + YY_BREAK +case 41: +YY_RULE_SETUP +#line 98 "read_config_lex.l" +{ return T_RESEND_QUEUE_SIZE; } + YY_BREAK +case 42: +YY_RULE_SETUP +#line 99 "read_config_lex.l" +{ return T_CHECKSUM; } + YY_BREAK +case 43: +YY_RULE_SETUP +#line 100 "read_config_lex.l" +{ return T_WINDOWSIZE; } + YY_BREAK +case 44: +YY_RULE_SETUP +#line 101 "read_config_lex.l" +{ return T_REPLICATE; } + YY_BREAK +case 45: +YY_RULE_SETUP +#line 102 "read_config_lex.l" +{ return T_FOR; } + YY_BREAK +case 46: +YY_RULE_SETUP +#line 103 "read_config_lex.l" +{ return T_WRITE_THROUGH; } + YY_BREAK +case 47: +YY_RULE_SETUP +#line 104 "read_config_lex.l" +{ return T_SYN_SENT; } + YY_BREAK +case 48: +YY_RULE_SETUP +#line 105 "read_config_lex.l" +{ return T_SYN_RECV; } + YY_BREAK +case 49: +YY_RULE_SETUP +#line 106 "read_config_lex.l" +{ return T_ESTABLISHED; } + YY_BREAK +case 50: +YY_RULE_SETUP +#line 107 "read_config_lex.l" +{ return T_FIN_WAIT; } + YY_BREAK +case 51: +YY_RULE_SETUP +#line 108 "read_config_lex.l" +{ return T_CLOSE_WAIT; } + YY_BREAK +case 52: +YY_RULE_SETUP +#line 109 "read_config_lex.l" +{ return T_LAST_ACK; } + YY_BREAK +case 53: +YY_RULE_SETUP +#line 110 "read_config_lex.l" +{ return T_TIME_WAIT; } + YY_BREAK +case 54: +YY_RULE_SETUP +#line 111 "read_config_lex.l" +{ return T_CLOSE; /* alias of CLOSED */ } + YY_BREAK +case 55: +YY_RULE_SETUP +#line 112 "read_config_lex.l" +{ return T_CLOSE; } + YY_BREAK +case 56: +YY_RULE_SETUP +#line 113 "read_config_lex.l" +{ return T_LISTEN; } + YY_BREAK +case 57: +YY_RULE_SETUP +#line 114 "read_config_lex.l" +{ return T_STAT_BUFFER_SIZE; } + YY_BREAK +case 58: +YY_RULE_SETUP +#line 115 "read_config_lex.l" +{ return T_DESTROY_TIMEOUT; } + YY_BREAK +case 59: +YY_RULE_SETUP +#line 116 "read_config_lex.l" +{ return T_SNDBUFF; /* deprecated */ } + YY_BREAK +case 60: +YY_RULE_SETUP +#line 117 "read_config_lex.l" +{ return T_RCVBUFF; /* deprecated */ } + YY_BREAK +case 61: +YY_RULE_SETUP +#line 118 "read_config_lex.l" +{ return T_SNDBUFF; } + YY_BREAK +case 62: +YY_RULE_SETUP +#line 119 "read_config_lex.l" +{ return T_RCVBUFF; } + YY_BREAK +case 63: +YY_RULE_SETUP +#line 120 "read_config_lex.l" +{ return T_FILTER; } + YY_BREAK +case 64: +YY_RULE_SETUP +#line 121 "read_config_lex.l" +{ return T_PROTOCOL; } + YY_BREAK +case 65: +YY_RULE_SETUP +#line 122 "read_config_lex.l" +{ return T_ADDRESS; } + YY_BREAK +case 66: +YY_RULE_SETUP +#line 123 "read_config_lex.l" +{ return T_STATE; } + YY_BREAK +case 67: +YY_RULE_SETUP +#line 124 "read_config_lex.l" +{ return T_ACCEPT; } + YY_BREAK +case 68: +YY_RULE_SETUP +#line 125 "read_config_lex.l" +{ return T_IGNORE; } + YY_BREAK +case 69: +YY_RULE_SETUP +#line 126 "read_config_lex.l" +{ return T_PURGE; } + YY_BREAK +case 70: +YY_RULE_SETUP +#line 127 "read_config_lex.l" +{ return T_FROM; } + YY_BREAK +case 71: +YY_RULE_SETUP +#line 128 "read_config_lex.l" +{ return T_USERSPACE; } + YY_BREAK +case 72: +YY_RULE_SETUP +#line 129 "read_config_lex.l" +{ return T_KERNELSPACE; } + YY_BREAK +case 73: +YY_RULE_SETUP +#line 130 "read_config_lex.l" +{ return T_EVENT_ITER_LIMIT; } + YY_BREAK +case 74: +YY_RULE_SETUP +#line 131 "read_config_lex.l" +{ return T_DEFAULT; } + YY_BREAK +case 75: +YY_RULE_SETUP +#line 132 "read_config_lex.l" +{ return T_POLL_SECS; } + YY_BREAK +case 76: +YY_RULE_SETUP +#line 133 "read_config_lex.l" +{ return T_NETLINK_OVERRUN_RESYNC; } + YY_BREAK +case 77: +YY_RULE_SETUP +#line 134 "read_config_lex.l" +{ return T_NICE; } + YY_BREAK +case 78: +YY_RULE_SETUP +#line 135 "read_config_lex.l" +{ return T_SCHEDULER; } + YY_BREAK +case 79: +YY_RULE_SETUP +#line 136 "read_config_lex.l" +{ return T_TYPE; } + YY_BREAK +case 80: +YY_RULE_SETUP +#line 137 "read_config_lex.l" +{ return T_PRIO; } + YY_BREAK +case 81: +YY_RULE_SETUP +#line 138 "read_config_lex.l" +{ return T_NETLINK_EVENTS_RELIABLE; } + YY_BREAK +case 82: +YY_RULE_SETUP +#line 139 "read_config_lex.l" +{ return T_DISABLE_INTERNAL_CACHE; } + YY_BREAK +case 83: +YY_RULE_SETUP +#line 140 "read_config_lex.l" +{ return T_DISABLE_EXTERNAL_CACHE; } + YY_BREAK +case 84: +YY_RULE_SETUP +#line 141 "read_config_lex.l" +{ return T_OPTIONS; } + YY_BREAK +case 85: +YY_RULE_SETUP +#line 142 "read_config_lex.l" +{ return T_TCP_WINDOW_TRACKING; } + YY_BREAK +case 86: +YY_RULE_SETUP +#line 143 "read_config_lex.l" +{ return T_EXPECT_SYNC; } + YY_BREAK +case 87: +YY_RULE_SETUP +#line 144 "read_config_lex.l" +{ return T_ERROR_QUEUE_LENGTH; } + YY_BREAK +case 88: +YY_RULE_SETUP +#line 146 "read_config_lex.l" +{ return T_ON; } + YY_BREAK +case 89: +YY_RULE_SETUP +#line 147 "read_config_lex.l" +{ return T_OFF; } + YY_BREAK +case 90: +YY_RULE_SETUP +#line 148 "read_config_lex.l" +{ yylval.val = atoi(yytext); return T_NUMBER; } + YY_BREAK +case 91: +YY_RULE_SETUP +#line 149 "read_config_lex.l" +{ yylval.val = atoi(yytext); return T_SIGNED_NUMBER; } + YY_BREAK +case 92: +YY_RULE_SETUP +#line 150 "read_config_lex.l" +{ yylval.string = strdup(yytext); return T_IP; } + YY_BREAK +case 93: +YY_RULE_SETUP +#line 151 "read_config_lex.l" +{ yylval.string = strdup(yytext); return T_IP; } + YY_BREAK +case 94: +YY_RULE_SETUP +#line 152 "read_config_lex.l" +{ yylval.string = strdup(yytext); return T_PATH_VAL; } + YY_BREAK +case 95: +YY_RULE_SETUP +#line 153 "read_config_lex.l" +{ return T_ALARM; } + YY_BREAK +case 96: +YY_RULE_SETUP +#line 154 "read_config_lex.l" +{ fprintf(stderr, "\nWARNING: Now `persistent' mode " + "is called `alarm'. Please, update " + "your conntrackd.conf file.\n"); + return T_ALARM; } + YY_BREAK +case 97: +YY_RULE_SETUP +#line 158 "read_config_lex.l" +{ return T_FTFW; } + YY_BREAK +case 98: +YY_RULE_SETUP +#line 159 "read_config_lex.l" +{ fprintf(stderr, "\nWARNING: Now `nack' mode " + "is called `ftfw'. Please, update " + "your conntrackd.conf file.\n"); + return T_FTFW; } + YY_BREAK +case 99: +YY_RULE_SETUP +#line 163 "read_config_lex.l" +{ return T_NOTRACK; } + YY_BREAK +case 100: +YY_RULE_SETUP +#line 164 "read_config_lex.l" +{ yylval.string = strdup(yytext); return T_STRING; } + YY_BREAK +case 101: +*yy_cp = (yy_hold_char); /* undo effects of setting up yytext */ +(yy_c_buf_p) = yy_cp -= 1; +YY_DO_BEFORE_ACTION; /* set up yytext again */ +YY_RULE_SETUP +#line 166 "read_config_lex.l" +; + YY_BREAK +case 102: +YY_RULE_SETUP +#line 167 "read_config_lex.l" +; + YY_BREAK +case 103: +/* rule 103 can match eol */ +YY_RULE_SETUP +#line 168 "read_config_lex.l" +; + YY_BREAK +case YY_STATE_EOF(INITIAL): +#line 170 "read_config_lex.l" +{ yyterminate(); } + YY_BREAK +case 104: +YY_RULE_SETUP +#line 172 "read_config_lex.l" +{ return yytext[0]; } + YY_BREAK +case 105: +YY_RULE_SETUP +#line 174 "read_config_lex.l" +ECHO; + YY_BREAK +#line 5033 "read_config_lex.c" + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), (size_t) num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 2865 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 2865 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 2864); + + return yy_is_jam ? 0 : yy_current_state; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + if ( c == '\n' ) + + yylineno++; +; + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; + + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + /* We do not touch yylineno unless the option is enabled. */ + yylineno = 1; + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; +#else + yyin = (FILE *) 0; + yyout = (FILE *) 0; +#endif + + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#line 174 "read_config_lex.l" + + + +int +yywrap() +{ + return 1; +} + diff --git a/src/read_config_lex.l b/src/read_config_lex.l new file mode 100644 index 0000000..01fe4fc --- /dev/null +++ b/src/read_config_lex.l @@ -0,0 +1,180 @@ +%{ +/* + * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: configuration file syntax + */ + +#include <string.h> + +#include "read_config_yy.h" +%} + +%option yylineno +%option noinput +%option nounput + +ws [ \t]+ +comment #.*$ +nl [\n\r] + +is_on [o|O][n|N] +is_off [o|O][f|F][f|F] +integer [0-9]+ +signed_integer [\-\+][0-9]+ +path \/[^\"\n ]* +ip4_cidr \/[0-2]*[0-9]+ +ip4_end [0-9]*[0-9]+ +ip4_part [0-2]*{ip4_end} +ip4 {ip4_part}\.{ip4_part}\.{ip4_part}\.{ip4_part}{ip4_cidr}? +hex_255 [0-9a-fA-F]{1,4} +ip6_cidr \/[0-1]*[0-9]*[0-9]+ +ip6_part {hex_255}":"? +ip6_form1 {ip6_part}{0,16}"::"{ip6_part}{0,16} +ip6_form2 ({hex_255}":"){16}{hex_255} +ip6 {ip6_form1}{ip6_cidr}?|{ip6_form2}{ip6_cidr}? +string [a-zA-Z][a-zA-Z0-9\.\-]* +persistent [P|p][E|e][R|r][S|s][I|i][S|s][T|t][E|e][N|n][T|T] +nack [N|n][A|a][C|c][K|k] +alarm [A|a][L|l][A|a][R|r][M|m] +ftfw [F|f][T|t][F|f][W|w] +notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] + +%% +"UNIX" { return T_UNIX; } +"IPv4_address" { return T_IPV4_ADDR; } +"IPv6_address" { return T_IPV6_ADDR; } +"IPv4_Destination_Address" { return T_IPV4_DEST_ADDR; } +"IPv6_Destination_Address" { return T_IPV6_DEST_ADDR; } +"IPv4_interface" { return T_IPV4_IFACE; } +"IPv6_interface" { return T_IPV6_IFACE; } +"Interface" { return T_IFACE; } +"Multicast" { return T_MULTICAST; } +"UDP" { return T_UDP; } +"TCP" { return T_TCP; } +"HashSize" { return T_HASHSIZE; } +"RefreshTime" { return T_REFRESH; } +"CacheTimeout" { return T_EXPIRE; } +"CommitTimeout" { return T_TIMEOUT; } +"DelayDestroyMessages" { return T_DELAY; } +"HashLimit" { return T_HASHLIMIT; } +"Path" { return T_PATH; } +"IgnoreProtocol" { return T_IGNORE_PROTOCOL; } +"IgnoreTrafficFor" { return T_IGNORE_TRAFFIC; } +"StripNAT" { return T_STRIP_NAT; } +"Backlog" { return T_BACKLOG; } +"Group" { return T_GROUP; } +"Port" { return T_PORT; } +"LogFile" { return T_LOG; } +"Syslog" { return T_SYSLOG; } +"LockFile" { return T_LOCK; } +"General" { return T_GENERAL; } +"Sync" { return T_SYNC; } +"Stats" { return T_STATS; } +"RelaxTransitions" { return T_RELAX_TRANSITIONS; } +"SocketBufferSize" { return T_BUFFER_SIZE; /* alias */ } +"SocketBufferSizeMaxGrown" { return T_BUFFER_SIZE_MAX_GROWN; /* alias */ } +"SocketBufferSizeMaxGrowth" { return T_BUFFER_SIZE_MAX_GROWN; /* alias */ } +"NetlinkBufferSize" { return T_BUFFER_SIZE; } +"NetlinkBufferSizeMaxGrowth" { return T_BUFFER_SIZE_MAX_GROWN; } +"Mode" { return T_SYNC_MODE; } +"ListenTo" { return T_LISTEN_TO; } +"Family" { return T_FAMILY; } +"ResendBufferSize" { return T_RESEND_BUFFER_SIZE; } +"ResendQueueSize" { return T_RESEND_QUEUE_SIZE; } +"Checksum" { return T_CHECKSUM; } +"ACKWindowSize" { return T_WINDOWSIZE; } +"Replicate" { return T_REPLICATE; } +"for" { return T_FOR; } +"CacheWriteThrough" { return T_WRITE_THROUGH; } +"SYN_SENT" { return T_SYN_SENT; } +"SYN_RECV" { return T_SYN_RECV; } +"ESTABLISHED" { return T_ESTABLISHED; } +"FIN_WAIT" { return T_FIN_WAIT; } +"CLOSE_WAIT" { return T_CLOSE_WAIT; } +"LAST_ACK" { return T_LAST_ACK; } +"TIME_WAIT" { return T_TIME_WAIT; } +"CLOSE" { return T_CLOSE; /* alias of CLOSED */ } +"CLOSED" { return T_CLOSE; } +"LISTEN" { return T_LISTEN; } +"LogFileBufferSize" { return T_STAT_BUFFER_SIZE; } +"DestroyTimeout" { return T_DESTROY_TIMEOUT; } +"McastSndSocketBuffer" { return T_SNDBUFF; /* deprecated */ } +"McastRcvSocketBuffer" { return T_RCVBUFF; /* deprecated */ } +"SndSocketBuffer" { return T_SNDBUFF; } +"RcvSocketBuffer" { return T_RCVBUFF; } +"Filter" { return T_FILTER; } +"Protocol" { return T_PROTOCOL; } +"Address" { return T_ADDRESS; } +"State" { return T_STATE; } +"Accept" { return T_ACCEPT; } +"Ignore" { return T_IGNORE; } +"PurgeTimeout" { return T_PURGE; } +"From" { return T_FROM; } +"Userspace" { return T_USERSPACE; } +"Kernelspace" { return T_KERNELSPACE; } +"EventIterationLimit" { return T_EVENT_ITER_LIMIT; } +"Default" { return T_DEFAULT; } +"PollSecs" { return T_POLL_SECS; } +"NetlinkOverrunResync" { return T_NETLINK_OVERRUN_RESYNC; } +"Nice" { return T_NICE; } +"Scheduler" { return T_SCHEDULER; } +"Type" { return T_TYPE; } +"Priority" { return T_PRIO; } +"NetlinkEventsReliable" { return T_NETLINK_EVENTS_RELIABLE; } +"DisableInternalCache" { return T_DISABLE_INTERNAL_CACHE; } +"DisableExternalCache" { return T_DISABLE_EXTERNAL_CACHE; } +"Options" { return T_OPTIONS; } +"TCPWindowTracking" { return T_TCP_WINDOW_TRACKING; } +"ExpectationSync" { return T_EXPECT_SYNC; } +"ErrorQueueLength" { return T_ERROR_QUEUE_LENGTH; } + +{is_on} { return T_ON; } +{is_off} { return T_OFF; } +{integer} { yylval.val = atoi(yytext); return T_NUMBER; } +{signed_integer} { yylval.val = atoi(yytext); return T_SIGNED_NUMBER; } +{ip4} { yylval.string = strdup(yytext); return T_IP; } +{ip6} { yylval.string = strdup(yytext); return T_IP; } +{path} { yylval.string = strdup(yytext); return T_PATH_VAL; } +{alarm} { return T_ALARM; } +{persistent} { fprintf(stderr, "\nWARNING: Now `persistent' mode " + "is called `alarm'. Please, update " + "your conntrackd.conf file.\n"); + return T_ALARM; } +{ftfw} { return T_FTFW; } +{nack} { fprintf(stderr, "\nWARNING: Now `nack' mode " + "is called `ftfw'. Please, update " + "your conntrackd.conf file.\n"); + return T_FTFW; } +{notrack} { return T_NOTRACK; } +{string} { yylval.string = strdup(yytext); return T_STRING; } + +{comment} ; +{ws} ; +{nl} ; + +<<EOF>> { yyterminate(); } + +. { return yytext[0]; } + +%% + +int +yywrap() +{ + return 1; +} diff --git a/src/read_config_yy.c b/src/read_config_yy.c new file mode 100644 index 0000000..7acff83 --- /dev/null +++ b/src/read_config_yy.c @@ -0,0 +1,4227 @@ +/* A Bison parser, made by GNU Bison 2.5. */ + +/* Bison implementation for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Bison version. */ +#define YYBISON_VERSION "2.5" + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ +#define YYPURE 0 + +/* Push parsers. */ +#define YYPUSH 0 + +/* Pull parsers. */ +#define YYPULL 1 + +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Copy the first part of user declarations. */ + +/* Line 268 of yacc.c */ +#line 1 "read_config_yy.y" + +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: configuration file abstract grammar + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <netdb.h> +#include <errno.h> +#include <stdarg.h> +#include "conntrackd.h" +#include "bitops.h" +#include "cidr.h" +#include <syslog.h> +#include <sched.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> + +extern char *yytext; +extern int yylineno; + +struct ct_conf conf; + +enum { + CTD_CFG_ERROR = 0, + CTD_CFG_WARN, +}; + +static void print_err(int err, const char *msg, ...); + +static void __kernel_filter_start(void); +static void __kernel_filter_add_state(int value); +static void __max_dedicated_links_reached(void); + + +/* Line 268 of yacc.c */ +#line 124 "read_config_yy.c" + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + T_IPV4_ADDR = 258, + T_IPV4_IFACE = 259, + T_PORT = 260, + T_HASHSIZE = 261, + T_HASHLIMIT = 262, + T_MULTICAST = 263, + T_PATH = 264, + T_UNIX = 265, + T_REFRESH = 266, + T_IPV6_ADDR = 267, + T_IPV6_IFACE = 268, + T_IGNORE_UDP = 269, + T_IGNORE_ICMP = 270, + T_IGNORE_TRAFFIC = 271, + T_BACKLOG = 272, + T_GROUP = 273, + T_LOG = 274, + T_UDP = 275, + T_ICMP = 276, + T_IGMP = 277, + T_VRRP = 278, + T_TCP = 279, + T_IGNORE_PROTOCOL = 280, + T_LOCK = 281, + T_STRIP_NAT = 282, + T_BUFFER_SIZE_MAX_GROWN = 283, + T_EXPIRE = 284, + T_TIMEOUT = 285, + T_GENERAL = 286, + T_SYNC = 287, + T_STATS = 288, + T_RELAX_TRANSITIONS = 289, + T_BUFFER_SIZE = 290, + T_DELAY = 291, + T_SYNC_MODE = 292, + T_LISTEN_TO = 293, + T_FAMILY = 294, + T_RESEND_BUFFER_SIZE = 295, + T_ALARM = 296, + T_FTFW = 297, + T_CHECKSUM = 298, + T_WINDOWSIZE = 299, + T_ON = 300, + T_OFF = 301, + T_REPLICATE = 302, + T_FOR = 303, + T_IFACE = 304, + T_PURGE = 305, + T_RESEND_QUEUE_SIZE = 306, + T_ESTABLISHED = 307, + T_SYN_SENT = 308, + T_SYN_RECV = 309, + T_FIN_WAIT = 310, + T_CLOSE_WAIT = 311, + T_LAST_ACK = 312, + T_TIME_WAIT = 313, + T_CLOSE = 314, + T_LISTEN = 315, + T_SYSLOG = 316, + T_WRITE_THROUGH = 317, + T_STAT_BUFFER_SIZE = 318, + T_DESTROY_TIMEOUT = 319, + T_RCVBUFF = 320, + T_SNDBUFF = 321, + T_NOTRACK = 322, + T_POLL_SECS = 323, + T_FILTER = 324, + T_ADDRESS = 325, + T_PROTOCOL = 326, + T_STATE = 327, + T_ACCEPT = 328, + T_IGNORE = 329, + T_FROM = 330, + T_USERSPACE = 331, + T_KERNELSPACE = 332, + T_EVENT_ITER_LIMIT = 333, + T_DEFAULT = 334, + T_NETLINK_OVERRUN_RESYNC = 335, + T_NICE = 336, + T_IPV4_DEST_ADDR = 337, + T_IPV6_DEST_ADDR = 338, + T_SCHEDULER = 339, + T_TYPE = 340, + T_PRIO = 341, + T_NETLINK_EVENTS_RELIABLE = 342, + T_DISABLE_INTERNAL_CACHE = 343, + T_DISABLE_EXTERNAL_CACHE = 344, + T_ERROR_QUEUE_LENGTH = 345, + T_OPTIONS = 346, + T_TCP_WINDOW_TRACKING = 347, + T_EXPECT_SYNC = 348, + T_IP = 349, + T_PATH_VAL = 350, + T_NUMBER = 351, + T_SIGNED_NUMBER = 352, + T_STRING = 353 + }; +#endif +/* Tokens. */ +#define T_IPV4_ADDR 258 +#define T_IPV4_IFACE 259 +#define T_PORT 260 +#define T_HASHSIZE 261 +#define T_HASHLIMIT 262 +#define T_MULTICAST 263 +#define T_PATH 264 +#define T_UNIX 265 +#define T_REFRESH 266 +#define T_IPV6_ADDR 267 +#define T_IPV6_IFACE 268 +#define T_IGNORE_UDP 269 +#define T_IGNORE_ICMP 270 +#define T_IGNORE_TRAFFIC 271 +#define T_BACKLOG 272 +#define T_GROUP 273 +#define T_LOG 274 +#define T_UDP 275 +#define T_ICMP 276 +#define T_IGMP 277 +#define T_VRRP 278 +#define T_TCP 279 +#define T_IGNORE_PROTOCOL 280 +#define T_LOCK 281 +#define T_STRIP_NAT 282 +#define T_BUFFER_SIZE_MAX_GROWN 283 +#define T_EXPIRE 284 +#define T_TIMEOUT 285 +#define T_GENERAL 286 +#define T_SYNC 287 +#define T_STATS 288 +#define T_RELAX_TRANSITIONS 289 +#define T_BUFFER_SIZE 290 +#define T_DELAY 291 +#define T_SYNC_MODE 292 +#define T_LISTEN_TO 293 +#define T_FAMILY 294 +#define T_RESEND_BUFFER_SIZE 295 +#define T_ALARM 296 +#define T_FTFW 297 +#define T_CHECKSUM 298 +#define T_WINDOWSIZE 299 +#define T_ON 300 +#define T_OFF 301 +#define T_REPLICATE 302 +#define T_FOR 303 +#define T_IFACE 304 +#define T_PURGE 305 +#define T_RESEND_QUEUE_SIZE 306 +#define T_ESTABLISHED 307 +#define T_SYN_SENT 308 +#define T_SYN_RECV 309 +#define T_FIN_WAIT 310 +#define T_CLOSE_WAIT 311 +#define T_LAST_ACK 312 +#define T_TIME_WAIT 313 +#define T_CLOSE 314 +#define T_LISTEN 315 +#define T_SYSLOG 316 +#define T_WRITE_THROUGH 317 +#define T_STAT_BUFFER_SIZE 318 +#define T_DESTROY_TIMEOUT 319 +#define T_RCVBUFF 320 +#define T_SNDBUFF 321 +#define T_NOTRACK 322 +#define T_POLL_SECS 323 +#define T_FILTER 324 +#define T_ADDRESS 325 +#define T_PROTOCOL 326 +#define T_STATE 327 +#define T_ACCEPT 328 +#define T_IGNORE 329 +#define T_FROM 330 +#define T_USERSPACE 331 +#define T_KERNELSPACE 332 +#define T_EVENT_ITER_LIMIT 333 +#define T_DEFAULT 334 +#define T_NETLINK_OVERRUN_RESYNC 335 +#define T_NICE 336 +#define T_IPV4_DEST_ADDR 337 +#define T_IPV6_DEST_ADDR 338 +#define T_SCHEDULER 339 +#define T_TYPE 340 +#define T_PRIO 341 +#define T_NETLINK_EVENTS_RELIABLE 342 +#define T_DISABLE_INTERNAL_CACHE 343 +#define T_DISABLE_EXTERNAL_CACHE 344 +#define T_ERROR_QUEUE_LENGTH 345 +#define T_OPTIONS 346 +#define T_TCP_WINDOW_TRACKING 347 +#define T_EXPECT_SYNC 348 +#define T_IP 349 +#define T_PATH_VAL 350 +#define T_NUMBER 351 +#define T_SIGNED_NUMBER 352 +#define T_STRING 353 + + + + +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +{ + +/* Line 293 of yacc.c */ +#line 53 "read_config_yy.y" + + int val; + char *string; + + + +/* Line 293 of yacc.c */ +#line 363 "read_config_yy.c" +} YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +#endif + + +/* Copy the second part of user declarations. */ + + +/* Line 343 of yacc.c */ +#line 375 "read_config_yy.c" + +#ifdef short +# undef short +#endif + +#ifdef YYTYPE_UINT8 +typedef YYTYPE_UINT8 yytype_uint8; +#else +typedef unsigned char yytype_uint8; +#endif + +#ifdef YYTYPE_INT8 +typedef YYTYPE_INT8 yytype_int8; +#elif (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +typedef signed char yytype_int8; +#else +typedef short int yytype_int8; +#endif + +#ifdef YYTYPE_UINT16 +typedef YYTYPE_UINT16 yytype_uint16; +#else +typedef unsigned short int yytype_uint16; +#endif + +#ifdef YYTYPE_INT16 +typedef YYTYPE_INT16 yytype_int16; +#else +typedef short int yytype_int16; +#endif + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include <stddef.h> /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned int +# endif +#endif + +#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + +#ifndef YY_ +# if defined YYENABLE_NLS && YYENABLE_NLS +# if ENABLE_NLS +# include <libintl.h> /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif +# endif +# ifndef YY_ +# define YY_(msgid) msgid +# endif +#endif + +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(e) ((void) (e)) +#else +# define YYUSE(e) /* empty */ +#endif + +/* Identity function, used to suppress warnings about constant conditions. */ +#ifndef lint +# define YYID(n) (n) +#else +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static int +YYID (int yyi) +#else +static int +YYID (yyi) + int yyi; +#endif +{ + return yyi; +} +#endif + +#if ! defined yyoverflow || YYERROR_VERBOSE + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include <alloca.h> /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include <malloc.h> /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca +# else +# define YYSTACK_ALLOC alloca +# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 +# endif +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ +# endif +# else +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM +# endif +# if (defined __cplusplus && ! defined EXIT_SUCCESS \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 +# endif +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# endif +#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ + + +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + yytype_int16 yyss_alloc; + YYSTYPE yyvs_alloc; +}; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +# define YYCOPY_NEEDED 1 + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (YYID (0)) + +#endif + +#if defined YYCOPY_NEEDED && YYCOPY_NEEDED +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (YYID (0)) +# endif +# endif +#endif /* !YYCOPY_NEEDED */ + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 21 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 349 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 101 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 99 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 247 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 385 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 353 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const yytype_uint8 yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 99, 2, 100, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98 +}; + +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const yytype_uint16 yyprhs[] = +{ + 0, 0, 3, 4, 6, 8, 11, 13, 15, 17, + 19, 21, 23, 26, 29, 32, 35, 38, 41, 44, + 46, 49, 52, 55, 58, 61, 64, 69, 70, 73, + 76, 79, 84, 90, 91, 94, 97, 100, 103, 106, + 109, 112, 115, 118, 121, 124, 127, 132, 138, 139, + 142, 145, 148, 151, 154, 157, 160, 163, 166, 169, + 172, 177, 183, 184, 187, 190, 193, 196, 199, 202, + 205, 208, 211, 214, 217, 220, 223, 226, 231, 232, + 235, 238, 241, 246, 247, 250, 252, 254, 259, 260, + 263, 265, 267, 269, 271, 273, 275, 277, 279, 281, + 283, 285, 287, 289, 291, 293, 295, 297, 299, 304, + 305, 308, 311, 314, 317, 320, 325, 326, 329, 331, + 337, 343, 349, 350, 353, 355, 357, 359, 361, 363, + 365, 366, 369, 371, 373, 375, 377, 379, 381, 382, + 385, 387, 389, 391, 393, 396, 399, 402, 405, 408, + 411, 414, 417, 419, 421, 424, 429, 430, 433, 435, + 437, 438, 441, 443, 445, 447, 449, 451, 453, 455, + 457, 459, 462, 465, 470, 471, 474, 476, 478, 480, + 482, 484, 486, 488, 490, 492, 494, 496, 498, 500, + 502, 504, 506, 508, 510, 513, 516, 519, 522, 525, + 528, 531, 534, 539, 540, 543, 546, 549, 552, 555, + 558, 563, 570, 577, 578, 581, 587, 593, 594, 597, + 599, 601, 603, 609, 615, 616, 619, 622, 625, 631, + 637, 638, 641, 645, 650, 651, 654, 656, 658, 660, + 662, 664, 667, 670, 673, 676, 679, 682 +}; + +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yytype_int16 yyrhs[] = +{ + 102, 0, -1, -1, 103, -1, 104, -1, 103, 104, + -1, 133, -1, 116, -1, 110, -1, 169, -1, 136, + -1, 192, -1, 19, 45, -1, 19, 46, -1, 19, + 95, -1, 61, 45, -1, 61, 46, -1, 61, 98, + -1, 26, 95, -1, 27, -1, 11, 96, -1, 29, + 96, -1, 30, 96, -1, 50, 96, -1, 43, 45, + -1, 43, 46, -1, 16, 99, 117, 100, -1, -1, + 117, 118, -1, 3, 94, -1, 12, 94, -1, 8, + 99, 120, 100, -1, 8, 79, 99, 120, 100, -1, + -1, 120, 121, -1, 3, 94, -1, 12, 94, -1, + 4, 94, -1, 13, 94, -1, 49, 98, -1, 17, + 96, -1, 18, 96, -1, 66, 96, -1, 65, 96, + -1, 43, 45, -1, 43, 46, -1, 20, 99, 123, + 100, -1, 20, 79, 99, 123, 100, -1, -1, 123, + 124, -1, 3, 94, -1, 12, 94, -1, 82, 94, + -1, 83, 94, -1, 49, 98, -1, 5, 96, -1, + 66, 96, -1, 65, 96, -1, 43, 45, -1, 43, + 46, -1, 24, 99, 126, 100, -1, 24, 79, 99, + 126, 100, -1, -1, 126, 127, -1, 3, 94, -1, + 12, 94, -1, 82, 94, -1, 83, 94, -1, 49, + 98, -1, 5, 96, -1, 66, 96, -1, 65, 96, + -1, 43, 45, -1, 43, 46, -1, 90, 96, -1, + 6, 96, -1, 7, 96, -1, 10, 99, 131, 100, + -1, -1, 131, 132, -1, 9, 95, -1, 17, 96, + -1, 25, 99, 134, 100, -1, -1, 134, 135, -1, + 96, -1, 98, -1, 32, 99, 137, 100, -1, -1, + 137, 138, -1, 111, -1, 112, -1, 113, -1, 114, + -1, 115, -1, 119, -1, 122, -1, 125, -1, 159, + -1, 160, -1, 144, -1, 145, -1, 146, -1, 161, + -1, 162, -1, 168, -1, 158, -1, 139, -1, 91, + 99, 140, 100, -1, -1, 140, 141, -1, 92, 45, + -1, 92, 46, -1, 93, 45, -1, 93, 46, -1, + 93, 99, 142, 100, -1, -1, 142, 143, -1, 98, + -1, 37, 41, 99, 147, 100, -1, 37, 42, 99, + 149, 100, -1, 37, 67, 99, 151, 100, -1, -1, + 147, 148, -1, 111, -1, 112, -1, 113, -1, 114, + -1, 159, -1, 160, -1, -1, 149, 150, -1, 156, + -1, 155, -1, 113, -1, 114, -1, 157, -1, 154, + -1, -1, 151, 152, -1, 113, -1, 114, -1, 153, + -1, 154, -1, 88, 45, -1, 88, 46, -1, 89, + 45, -1, 89, 46, -1, 40, 96, -1, 51, 96, + -1, 44, 96, -1, 64, 96, -1, 34, -1, 36, + -1, 38, 94, -1, 47, 163, 48, 164, -1, -1, + 163, 165, -1, 98, -1, 167, -1, -1, 166, 167, + -1, 53, -1, 54, -1, 52, -1, 55, -1, 56, + -1, 57, -1, 58, -1, 59, -1, 60, -1, 62, + 45, -1, 62, 46, -1, 31, 99, 170, 100, -1, + -1, 170, 171, -1, 128, -1, 129, -1, 105, -1, + 106, -1, 108, -1, 107, -1, 109, -1, 130, -1, + 172, -1, 173, -1, 180, -1, 181, -1, 182, -1, + 183, -1, 174, -1, 175, -1, 176, -1, 177, -1, + 35, 96, -1, 28, 96, -1, 80, 45, -1, 80, + 46, -1, 80, 96, -1, 87, 45, -1, 87, 46, + -1, 81, 97, -1, 84, 99, 178, 100, -1, -1, + 178, 179, -1, 85, 98, -1, 86, 96, -1, 39, + 98, -1, 78, 96, -1, 68, 96, -1, 69, 99, + 184, 100, -1, 69, 75, 76, 99, 184, 100, -1, + 69, 75, 77, 99, 184, 100, -1, -1, 184, 185, + -1, 71, 73, 99, 186, 100, -1, 71, 74, 99, + 186, 100, -1, -1, 186, 187, -1, 98, -1, 24, + -1, 20, -1, 70, 73, 99, 188, 100, -1, 70, + 74, 99, 188, 100, -1, -1, 188, 189, -1, 3, + 94, -1, 12, 94, -1, 72, 73, 99, 190, 100, + -1, 72, 74, 99, 190, 100, -1, -1, 190, 191, + -1, 166, 48, 24, -1, 33, 99, 193, 100, -1, + -1, 193, 194, -1, 195, -1, 196, -1, 197, -1, + 198, -1, 199, -1, 19, 45, -1, 19, 46, -1, + 19, 95, -1, 61, 45, -1, 61, 46, -1, 61, + 98, -1, 63, 96, -1 +}; + +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const yytype_uint16 yyrline[] = +{ + 0, 85, 85, 86, 89, 90, 93, 94, 95, 96, + 97, 98, 101, 106, 110, 115, 120, 125, 157, 162, + 167, 172, 177, 182, 187, 198, 209, 219, 220, 222, + 244, 270, 284, 300, 301, 303, 322, 362, 381, 386, + 406, 413, 419, 425, 431, 437, 443, 457, 473, 474, + 476, 487, 504, 515, 532, 547, 553, 559, 565, 571, + 577, 593, 611, 612, 614, 625, 642, 653, 670, 685, + 691, 697, 703, 709, 715, 721, 726, 731, 733, 734, + 737, 742, 747, 757, 758, 761, 769, 782, 792, 793, + 795, 796, 797, 798, 799, 800, 801, 802, 803, 804, + 805, 806, 807, 808, 809, 810, 811, 812, 815, 817, + 818, 821, 826, 831, 843, 851, 863, 864, 866, 871, + 876, 881, 886, 887, 889, 890, 891, 892, 893, 894, + 897, 898, 900, 901, 902, 903, 904, 905, 908, 909, + 911, 912, 913, 914, 917, 922, 927, 932, 937, 943, + 948, 953, 958, 964, 970, 975, 985, 986, 988, 995, + 997, 998, 1000, 1008, 1016, 1024, 1032, 1040, 1048, 1056, + 1064, 1073, 1079, 1085, 1087, 1088, 1091, 1092, 1093, 1094, + 1095, 1096, 1097, 1098, 1099, 1100, 1101, 1102, 1103, 1104, + 1105, 1106, 1107, 1108, 1111, 1116, 1121, 1126, 1131, 1136, + 1141, 1146, 1151, 1153, 1154, 1157, 1169, 1178, 1186, 1191, + 1201, 1206, 1211, 1216, 1217, 1219, 1228, 1241, 1242, 1244, + 1263, 1282, 1301, 1310, 1332, 1333, 1335, 1394, 1454, 1463, + 1477, 1478, 1480, 1482, 1492, 1493, 1496, 1497, 1498, 1499, + 1500, 1503, 1508, 1512, 1517, 1522, 1527, 1559 +}; +#endif + +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "T_IPV4_ADDR", "T_IPV4_IFACE", "T_PORT", + "T_HASHSIZE", "T_HASHLIMIT", "T_MULTICAST", "T_PATH", "T_UNIX", + "T_REFRESH", "T_IPV6_ADDR", "T_IPV6_IFACE", "T_IGNORE_UDP", + "T_IGNORE_ICMP", "T_IGNORE_TRAFFIC", "T_BACKLOG", "T_GROUP", "T_LOG", + "T_UDP", "T_ICMP", "T_IGMP", "T_VRRP", "T_TCP", "T_IGNORE_PROTOCOL", + "T_LOCK", "T_STRIP_NAT", "T_BUFFER_SIZE_MAX_GROWN", "T_EXPIRE", + "T_TIMEOUT", "T_GENERAL", "T_SYNC", "T_STATS", "T_RELAX_TRANSITIONS", + "T_BUFFER_SIZE", "T_DELAY", "T_SYNC_MODE", "T_LISTEN_TO", "T_FAMILY", + "T_RESEND_BUFFER_SIZE", "T_ALARM", "T_FTFW", "T_CHECKSUM", + "T_WINDOWSIZE", "T_ON", "T_OFF", "T_REPLICATE", "T_FOR", "T_IFACE", + "T_PURGE", "T_RESEND_QUEUE_SIZE", "T_ESTABLISHED", "T_SYN_SENT", + "T_SYN_RECV", "T_FIN_WAIT", "T_CLOSE_WAIT", "T_LAST_ACK", "T_TIME_WAIT", + "T_CLOSE", "T_LISTEN", "T_SYSLOG", "T_WRITE_THROUGH", + "T_STAT_BUFFER_SIZE", "T_DESTROY_TIMEOUT", "T_RCVBUFF", "T_SNDBUFF", + "T_NOTRACK", "T_POLL_SECS", "T_FILTER", "T_ADDRESS", "T_PROTOCOL", + "T_STATE", "T_ACCEPT", "T_IGNORE", "T_FROM", "T_USERSPACE", + "T_KERNELSPACE", "T_EVENT_ITER_LIMIT", "T_DEFAULT", + "T_NETLINK_OVERRUN_RESYNC", "T_NICE", "T_IPV4_DEST_ADDR", + "T_IPV6_DEST_ADDR", "T_SCHEDULER", "T_TYPE", "T_PRIO", + "T_NETLINK_EVENTS_RELIABLE", "T_DISABLE_INTERNAL_CACHE", + "T_DISABLE_EXTERNAL_CACHE", "T_ERROR_QUEUE_LENGTH", "T_OPTIONS", + "T_TCP_WINDOW_TRACKING", "T_EXPECT_SYNC", "T_IP", "T_PATH_VAL", + "T_NUMBER", "T_SIGNED_NUMBER", "T_STRING", "'{'", "'}'", "$accept", + "configfile", "lines", "line", "logfile_bool", "logfile_path", + "syslog_bool", "syslog_facility", "lock", "strip_nat", "refreshtime", + "expiretime", "timeout", "purge", "checksum", "ignore_traffic", + "ignore_traffic_options", "ignore_traffic_option", "multicast_line", + "multicast_options", "multicast_option", "udp_line", "udp_options", + "udp_option", "tcp_line", "tcp_options", "tcp_option", "hashsize", + "hashlimit", "unix_line", "unix_options", "unix_option", + "ignore_protocol", "ignore_proto_list", "ignore_proto", "sync", + "sync_list", "sync_line", "option_line", "options", "option", + "expect_list", "expect_item", "sync_mode_alarm", "sync_mode_ftfw", + "sync_mode_notrack", "sync_mode_alarm_list", "sync_mode_alarm_line", + "sync_mode_ftfw_list", "sync_mode_ftfw_line", "sync_mode_notrack_list", + "sync_mode_notrack_line", "disable_internal_cache", + "disable_external_cache", "resend_buffer_size", "resend_queue_size", + "window_size", "destroy_timeout", "relax_transitions", + "delay_destroy_msgs", "listen_to", "state_replication", "states", + "state_proto", "state", "tcp_states", "tcp_state", "cache_writethrough", + "general", "general_list", "general_line", "netlink_buffer_size", + "netlink_buffer_size_max_grown", "netlink_overrun_resync", + "netlink_events_reliable", "nice", "scheduler", "scheduler_options", + "scheduler_line", "family", "event_iterations_limit", "poll_secs", + "filter", "filter_list", "filter_item", "filter_protocol_list", + "filter_protocol_item", "filter_address_list", "filter_address_item", + "filter_state_list", "filter_state_item", "stats", "stats_list", + "stat_line", "stat_logfile_bool", "stat_logfile_path", + "stat_syslog_bool", "stat_syslog_facility", "buffer_size", 0 +}; +#endif + +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const yytype_uint16 yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, + 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 123, + 125 +}; +# endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_uint8 yyr1[] = +{ + 0, 101, 102, 102, 103, 103, 104, 104, 104, 104, + 104, 104, 105, 105, 106, 107, 107, 108, 109, 110, + 111, 112, 113, 114, 115, 115, 116, 117, 117, 118, + 118, 119, 119, 120, 120, 121, 121, 121, 121, 121, + 121, 121, 121, 121, 121, 121, 122, 122, 123, 123, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 125, 125, 126, 126, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 128, 129, 130, 131, 131, + 132, 132, 133, 134, 134, 135, 135, 136, 137, 137, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 139, 140, + 140, 141, 141, 141, 141, 141, 142, 142, 143, 144, + 145, 146, 147, 147, 148, 148, 148, 148, 148, 148, + 149, 149, 150, 150, 150, 150, 150, 150, 151, 151, + 152, 152, 152, 152, 153, 153, 154, 154, 155, 156, + 157, 158, 159, 160, 161, 162, 163, 163, 164, 165, + 166, 166, 167, 167, 167, 167, 167, 167, 167, 167, + 167, 168, 168, 169, 170, 170, 171, 171, 171, 171, + 171, 171, 171, 171, 171, 171, 171, 171, 171, 171, + 171, 171, 171, 171, 172, 173, 174, 174, 174, 175, + 175, 176, 177, 178, 178, 179, 179, 180, 181, 182, + 183, 183, 183, 184, 184, 185, 185, 186, 186, 187, + 187, 187, 185, 185, 188, 188, 189, 189, 185, 185, + 190, 190, 191, 192, 193, 193, 194, 194, 194, 194, + 194, 195, 195, 196, 197, 197, 198, 199 +}; + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const yytype_uint8 yyr2[] = +{ + 0, 2, 0, 1, 1, 2, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 1, + 2, 2, 2, 2, 2, 2, 4, 0, 2, 2, + 2, 4, 5, 0, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 4, 5, 0, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 4, 5, 0, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 4, 0, 2, + 2, 2, 4, 0, 2, 1, 1, 4, 0, 2, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 4, 0, + 2, 2, 2, 2, 2, 4, 0, 2, 1, 5, + 5, 5, 0, 2, 1, 1, 1, 1, 1, 1, + 0, 2, 1, 1, 1, 1, 1, 1, 0, 2, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 1, 1, 2, 4, 0, 2, 1, 1, + 0, 2, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 2, 4, 0, 2, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 4, 0, 2, 2, 2, 2, 2, 2, + 4, 6, 6, 0, 2, 5, 5, 0, 2, 1, + 1, 1, 5, 5, 0, 2, 2, 2, 5, 5, + 0, 2, 3, 4, 0, 2, 1, 1, 1, 1, + 1, 2, 2, 2, 2, 2, 2, 2 +}; + +/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const yytype_uint8 yydefact[] = +{ + 2, 0, 0, 19, 0, 0, 0, 0, 3, 4, + 8, 7, 6, 10, 9, 11, 27, 83, 174, 88, + 234, 1, 5, 0, 0, 0, 0, 0, 0, 0, + 26, 28, 85, 86, 82, 84, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 173, 178, 179, 181, 180, 182, 176, 177, + 183, 175, 184, 185, 190, 191, 192, 193, 186, 187, + 188, 189, 0, 0, 0, 0, 0, 0, 152, 153, + 0, 0, 0, 156, 0, 0, 0, 0, 87, 90, + 91, 92, 93, 94, 95, 96, 97, 89, 107, 100, + 101, 102, 106, 98, 99, 103, 104, 105, 0, 0, + 0, 233, 235, 236, 237, 238, 239, 240, 29, 30, + 75, 76, 78, 12, 13, 14, 18, 195, 194, 207, + 15, 16, 17, 209, 0, 213, 208, 196, 197, 198, + 201, 203, 199, 200, 0, 33, 20, 0, 48, 0, + 62, 21, 22, 0, 0, 0, 154, 24, 25, 0, + 23, 171, 172, 151, 109, 241, 242, 243, 244, 245, + 246, 247, 0, 0, 0, 0, 0, 33, 0, 48, + 0, 62, 0, 122, 130, 138, 0, 164, 162, 163, + 165, 166, 167, 168, 169, 170, 157, 159, 0, 0, + 0, 77, 79, 213, 213, 0, 0, 0, 210, 214, + 0, 0, 202, 204, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 31, 34, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 46, 49, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 60, 63, 0, 0, 0, 158, 155, 0, 0, 108, + 110, 80, 81, 0, 0, 0, 0, 0, 0, 0, + 0, 205, 206, 32, 35, 37, 36, 38, 40, 41, + 44, 45, 39, 43, 42, 47, 50, 55, 51, 58, + 59, 54, 57, 56, 52, 53, 61, 64, 69, 65, + 72, 73, 68, 71, 70, 66, 67, 74, 119, 124, + 125, 126, 127, 123, 128, 129, 0, 0, 0, 0, + 120, 134, 135, 131, 137, 133, 132, 136, 0, 121, + 140, 141, 139, 142, 143, 111, 112, 113, 114, 116, + 211, 212, 224, 224, 217, 217, 230, 230, 148, 150, + 149, 146, 147, 144, 145, 0, 0, 0, 0, 0, + 160, 160, 118, 115, 117, 0, 0, 222, 225, 223, + 221, 220, 219, 215, 218, 216, 228, 0, 231, 229, + 226, 227, 0, 161, 232 +}; + +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int16 yydefgoto[] = +{ + -1, 7, 8, 9, 53, 54, 55, 56, 57, 10, + 89, 90, 91, 92, 93, 11, 23, 31, 94, 178, + 226, 95, 180, 238, 96, 182, 251, 58, 59, 60, + 172, 202, 12, 24, 35, 13, 26, 97, 98, 198, + 260, 355, 364, 99, 100, 101, 252, 313, 253, 323, + 254, 332, 333, 324, 325, 326, 327, 102, 103, 104, + 105, 106, 159, 256, 196, 377, 197, 107, 14, 25, + 61, 62, 63, 64, 65, 66, 67, 176, 213, 68, + 69, 70, 71, 175, 209, 358, 374, 356, 368, 360, + 378, 15, 27, 112, 113, 114, 115, 116, 117 +}; + +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -77 +static const yytype_int16 yypact[] = +{ + 194, -76, -68, -77, -49, -39, -14, 98, 194, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, 0, -42, 124, 153, 10, 20, 28, + -77, -77, -77, -77, -77, -77, 36, 40, 50, 56, + 77, 79, 82, 86, 30, 90, -50, 92, 42, 104, + 117, 121, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -73, 122, -44, 34, 135, 145, -77, -77, + -23, 126, 149, -77, 147, 152, 181, 177, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, 73, 47, + 184, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -10, -77, -77, -77, -77, -77, + -77, -77, -77, -77, 182, -77, -77, 183, -77, 185, + -77, -77, -77, 186, 187, 188, -77, -77, -77, 180, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -4, 189, 190, 99, 62, -77, -3, -77, + 29, -77, -1, -77, -77, -77, 131, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, 130, 195, + 196, -77, -77, -77, -77, 81, 133, 175, -77, -77, + 193, 197, -77, -77, 4, 200, 201, 203, 204, 205, + 207, 206, 198, 208, 209, -77, -77, 74, 212, 211, + 214, 221, 213, 216, 217, 215, 220, -77, -77, 25, + 222, 219, 224, 223, 226, 230, 231, 228, 234, 233, + -77, -77, 9, 76, 53, -77, -77, 225, 6, -77, + -77, -77, -77, 109, 142, 218, 232, 235, 236, 237, + 238, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, 242, 243, 244, 227, + -77, -77, -77, -77, -77, -77, -77, -77, 229, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, 46, 21, 24, 37, 60, + 199, 210, -77, -77, -77, 239, 247, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, 202, -77, -77, + -77, -77, 259, -77, -77 +}; + +/* YYPGOTO[NTERM-NUM]. */ +static const yytype_int16 yypgoto[] = +{ + -77, -77, -77, 292, -77, -77, -77, -77, -77, -77, + 67, 68, -7, 11, -77, -77, -77, -77, -77, 125, + -77, -77, 144, -77, -77, 140, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, 71, -77, -77, -77, -77, 78, 80, + -77, -77, -77, -77, -77, -77, -35, -77, -77, -77, + -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, + -77, -77, -77, 75, -77, -2, -77, 1, -77, 2, + -77, -77, -77, -77, -77, -77, -77, -77, -77 +}; + +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const yytype_uint16 yytable[] = +{ + 215, 216, 240, 28, 241, 199, 144, 215, 216, 217, + 218, 242, 29, 200, 219, 220, 217, 218, 153, 154, + 73, 219, 220, 16, 365, 134, 145, 365, 240, 108, + 241, 17, 228, 366, 229, 147, 366, 242, 76, 77, + 221, 230, 243, 78, 155, 79, 222, 221, 244, 135, + 18, 337, 338, 222, 32, 148, 33, 370, 34, 84, + 19, 371, 223, 224, 245, 246, 173, 174, 243, 223, + 224, 109, 231, 110, 244, 130, 131, 228, 232, 229, + 370, 247, 248, 77, 371, 20, 230, 137, 138, 249, + 245, 246, 168, 169, 233, 234, 201, 225, 21, 250, + 30, 123, 124, 84, 273, 339, 77, 247, 248, 308, + 111, 235, 236, 149, 118, 249, 316, 231, 165, 166, + 317, 367, 119, 232, 369, 296, 84, 318, 132, 237, + 36, 37, 120, 150, 38, 372, 121, 373, 139, 233, + 234, 328, 319, 39, 362, 170, 363, 210, 211, 122, + 40, 125, 41, 329, 265, 266, 235, 236, 372, 42, + 375, 72, 212, 43, 73, 319, 142, 143, 167, 205, + 206, 207, 126, 74, 285, 127, 320, 75, 128, 205, + 206, 207, 76, 77, 129, 44, 133, 78, 136, 79, + 80, 81, 45, 46, 157, 158, 82, 161, 162, 208, + 83, 140, 47, 84, 48, 49, 267, 268, 50, 340, + 1, 51, 205, 206, 207, 85, 141, 86, 146, 2, + 156, 3, 257, 258, 52, 4, 5, 6, 186, 255, + 259, 151, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 152, 341, 160, 87, 311, 321, 330, 269, 270, + 382, 280, 281, 88, 187, 188, 189, 190, 191, 192, + 193, 194, 195, 312, 322, 331, 289, 290, 300, 301, + 335, 336, 351, 352, 353, 354, 164, 163, 263, 264, + 171, 177, 179, 384, 181, 183, 184, 185, 203, 204, + 261, 271, 262, 272, 274, 275, 282, 276, 277, 376, + 22, 278, 214, 279, 283, 284, 286, 287, 288, 294, + 379, 291, 292, 293, 295, 298, 297, 342, 299, 309, + 310, 239, 305, 227, 302, 334, 303, 304, 306, 307, + 314, 343, 315, 380, 344, 345, 346, 347, 348, 349, + 350, 381, 383, 359, 357, 0, 0, 0, 0, 361 +}; + +#define yypact_value_is_default(yystate) \ + ((yystate) == (-77)) + +#define yytable_value_is_error(yytable_value) \ + YYID (0) + +static const yytype_int16 yycheck[] = +{ + 3, 4, 3, 3, 5, 9, 79, 3, 4, 12, + 13, 12, 12, 17, 17, 18, 12, 13, 41, 42, + 11, 17, 18, 99, 3, 75, 99, 3, 3, 19, + 5, 99, 3, 12, 5, 79, 12, 12, 29, 30, + 43, 12, 43, 34, 67, 36, 49, 43, 49, 99, + 99, 45, 46, 49, 96, 99, 98, 20, 100, 50, + 99, 24, 65, 66, 65, 66, 76, 77, 43, 65, + 66, 61, 43, 63, 49, 45, 46, 3, 49, 5, + 20, 82, 83, 30, 24, 99, 12, 45, 46, 90, + 65, 66, 45, 46, 65, 66, 100, 100, 0, 100, + 100, 45, 46, 50, 100, 99, 30, 82, 83, 100, + 100, 82, 83, 79, 94, 90, 40, 43, 45, 46, + 44, 100, 94, 49, 100, 100, 50, 51, 98, 100, + 6, 7, 96, 99, 10, 98, 96, 100, 96, 65, + 66, 88, 89, 19, 98, 98, 100, 85, 86, 99, + 26, 95, 28, 100, 73, 74, 82, 83, 98, 35, + 100, 8, 100, 39, 11, 89, 45, 46, 95, 70, + 71, 72, 95, 20, 100, 96, 100, 24, 96, 70, + 71, 72, 29, 30, 98, 61, 96, 34, 96, 36, + 37, 38, 68, 69, 45, 46, 43, 45, 46, 100, + 47, 97, 78, 50, 80, 81, 73, 74, 84, 100, + 16, 87, 70, 71, 72, 62, 99, 64, 96, 25, + 94, 27, 92, 93, 100, 31, 32, 33, 48, 98, + 100, 96, 52, 53, 54, 55, 56, 57, 58, 59, + 60, 96, 100, 96, 91, 252, 253, 254, 73, 74, + 48, 45, 46, 100, 52, 53, 54, 55, 56, 57, + 58, 59, 60, 252, 253, 254, 45, 46, 45, 46, + 45, 46, 45, 46, 45, 46, 99, 96, 203, 204, + 96, 99, 99, 24, 99, 99, 99, 99, 99, 99, + 95, 98, 96, 96, 94, 94, 98, 94, 94, 100, + 8, 96, 177, 96, 96, 96, 94, 96, 94, 94, + 100, 98, 96, 96, 94, 96, 94, 99, 94, 252, + 252, 181, 94, 179, 98, 254, 96, 96, 94, 96, + 252, 99, 252, 94, 99, 99, 99, 99, 96, 96, + 96, 94, 377, 345, 343, -1, -1, -1, -1, 347 +}; + +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_uint8 yystos[] = +{ + 0, 16, 25, 27, 31, 32, 33, 102, 103, 104, + 110, 116, 133, 136, 169, 192, 99, 99, 99, 99, + 99, 0, 104, 117, 134, 170, 137, 193, 3, 12, + 100, 118, 96, 98, 100, 135, 6, 7, 10, 19, + 26, 28, 35, 39, 61, 68, 69, 78, 80, 81, + 84, 87, 100, 105, 106, 107, 108, 109, 128, 129, + 130, 171, 172, 173, 174, 175, 176, 177, 180, 181, + 182, 183, 8, 11, 20, 24, 29, 30, 34, 36, + 37, 38, 43, 47, 50, 62, 64, 91, 100, 111, + 112, 113, 114, 115, 119, 122, 125, 138, 139, 144, + 145, 146, 158, 159, 160, 161, 162, 168, 19, 61, + 63, 100, 194, 195, 196, 197, 198, 199, 94, 94, + 96, 96, 99, 45, 46, 95, 95, 96, 96, 98, + 45, 46, 98, 96, 75, 99, 96, 45, 46, 96, + 97, 99, 45, 46, 79, 99, 96, 79, 99, 79, + 99, 96, 96, 41, 42, 67, 94, 45, 46, 163, + 96, 45, 46, 96, 99, 45, 46, 95, 45, 46, + 98, 96, 131, 76, 77, 184, 178, 99, 120, 99, + 123, 99, 126, 99, 99, 99, 48, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 165, 167, 140, 9, + 17, 100, 132, 99, 99, 70, 71, 72, 100, 185, + 85, 86, 100, 179, 120, 3, 4, 12, 13, 17, + 18, 43, 49, 65, 66, 100, 121, 123, 3, 5, + 12, 43, 49, 65, 66, 82, 83, 100, 124, 126, + 3, 5, 12, 43, 49, 65, 66, 82, 83, 90, + 100, 127, 147, 149, 151, 98, 164, 92, 93, 100, + 141, 95, 96, 184, 184, 73, 74, 73, 74, 73, + 74, 98, 96, 100, 94, 94, 94, 94, 96, 96, + 45, 46, 98, 96, 96, 100, 94, 96, 94, 45, + 46, 98, 96, 96, 94, 94, 100, 94, 96, 94, + 45, 46, 98, 96, 96, 94, 94, 96, 100, 111, + 112, 113, 114, 148, 159, 160, 40, 44, 51, 89, + 100, 113, 114, 150, 154, 155, 156, 157, 88, 100, + 113, 114, 152, 153, 154, 45, 46, 45, 46, 99, + 100, 100, 99, 99, 99, 99, 99, 99, 96, 96, + 96, 45, 46, 45, 46, 142, 188, 188, 186, 186, + 190, 190, 98, 100, 143, 3, 12, 100, 189, 100, + 20, 24, 98, 100, 187, 100, 100, 166, 191, 100, + 94, 94, 48, 167, 24 +}; + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY (-2) +#define YYEOF 0 + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. However, + YYFAIL appears to be in use. Nevertheless, it is formally deprecated + in Bison 2.4.2's NEWS entry, where a plan to phase it out is + discussed. */ + +#define YYFAIL goto yyerrlab +#if defined YYFAIL + /* This is here to suppress warnings from the GCC cpp's + -Wunused-macros. Normally we don't worry about that warning, but + some users do, and we want to make it easy for users to remove + YYFAIL uses, which will produce warnings from Bison 2.5. */ +#endif + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (1); \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ +while (YYID (0)) + + +#define YYTERROR 1 +#define YYERRCODE 256 + + +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (YYID (N)) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (YYID (0)) +#endif + + +/* This macro is provided for backward compatibility. */ + +#ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +#endif + + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#ifdef YYLEX_PARAM +# define YYLEX yylex (YYLEX_PARAM) +#else +# define YYLEX yylex () +#endif + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include <stdio.h> /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (YYID (0)) + +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (YYID (0)) + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_value_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# else + YYUSE (yyoutput); +# endif + switch (yytype) + { + default: + break; + } +} + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + yy_symbol_value_print (yyoutput, yytype, yyvaluep); + YYFPRINTF (yyoutput, ")"); +} + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) +#else +static void +yy_stack_print (yybottom, yytop) + yytype_int16 *yybottom; + yytype_int16 *yytop; +#endif +{ + YYFPRINTF (stderr, "Stack now"); + for (; yybottom <= yytop; yybottom++) + { + int yybot = *yybottom; + YYFPRINTF (stderr, " %d", yybot); + } + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (YYID (0)) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_reduce_print (YYSTYPE *yyvsp, int yyrule) +#else +static void +yy_reduce_print (yyvsp, yyrule) + YYSTYPE *yyvsp; + int yyrule; +#endif +{ + int yynrhs = yyr2[yyrule]; + int yyi; + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + YYFPRINTF (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); + YYFPRINTF (stderr, "\n"); + } +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyvsp, Rule); \ +} while (YYID (0)) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static YYSIZE_T +yystrlen (const char *yystr) +#else +static YYSIZE_T +yystrlen (yystr) + const char *yystr; +#endif +{ + YYSIZE_T yylen; + for (yylen = 0; yystr[yylen]; yylen++) + continue; + return yylen; +} +# endif +# endif + +# ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static char * +yystpcpy (char *yydest, const char *yysrc) +#else +static char * +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +#endif +{ + char *yyd = yydest; + const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif + +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) +{ + if (*yystr == '"') + { + YYSIZE_T yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); + + return yystpcpy (yyres, yystr) - yyres; +} +# endif + +/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message + about the unexpected token YYTOKEN for the state stack whose top is + YYSSP. + + Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is + not large enough to hold the message. In that case, also set + *YYMSG_ALLOC to the required number of bytes. Return 2 if the + required number of bytes is too large to store. */ +static int +yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, + yytype_int16 *yyssp, int yytoken) +{ + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytoken]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; + /* Internationalized format string. */ + const char *yyformat = 0; + /* Arguments of yyformat. */ + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + /* Number of reported tokens (one for the "unexpected", one per + "expected"). */ + int yycount = 0; + + /* There are many possibilities here to consider: + - Assume YYFAIL is not used. It's too flawed to consider. See + <http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html> + for details. YYERROR is fine as it does not invoke this + function. + - If this state is a consistent state with a default action, then + the only way this function was invoked is if the default action + is an error action. In that case, don't check for expected + tokens because there are none. + - The only way there can be no lookahead present (in yychar) is if + this state is a consistent state with a default action. Thus, + detecting the absence of a lookahead is sufficient to determine + that there is no unexpected or expected token to report. In that + case, just report a simple "syntax error". + - Don't assume there isn't a lookahead just because this state is a + consistent state with a default action. There might have been a + previous inconsistent state, consistent state with a non-default + action, or user semantic action that manipulated yychar. + - Of course, the expected token list depends on states to have + correct lookahead information, and it depends on the parser not + to perform extra reductions after fetching a lookahead from the + scanner and before detecting a syntax error. Thus, state merging + (from LALR or IELR) and default reductions corrupt the expected + token list. However, the list is correct for canonical LR with + one exception: it will still contain any token that will not be + accepted due to an error action in a later state. + */ + if (yytoken != YYEMPTY) + { + int yyn = yypact[*yyssp]; + yyarg[yycount++] = yytname[yytoken]; + if (!yypact_value_is_default (yyn)) + { + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. In other words, skip the first -YYN actions for + this state because they are default actions. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yyx; + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR + && !yytable_value_is_error (yytable[yyx + yyn])) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + if (! (yysize <= yysize1 + && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) + return 2; + yysize = yysize1; + } + } + } + + switch (yycount) + { +# define YYCASE_(N, S) \ + case N: \ + yyformat = S; \ + break + YYCASE_(0, YY_("syntax error")); + YYCASE_(1, YY_("syntax error, unexpected %s")); + YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); + YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); + YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); + YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); +# undef YYCASE_ + } + + yysize1 = yysize + yystrlen (yyformat); + if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) + return 2; + yysize = yysize1; + + if (*yymsg_alloc < yysize) + { + *yymsg_alloc = 2 * yysize; + if (! (yysize <= *yymsg_alloc + && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) + *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; + return 1; + } + + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + { + char *yyp = *yymsg; + int yyi = 0; + while ((*yyp = *yyformat) != '\0') + if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyformat += 2; + } + else + { + yyp++; + yyformat++; + } + } + return 0; +} +#endif /* YYERROR_VERBOSE */ + +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + YYUSE (yyvaluep); + + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + + switch (yytype) + { + + default: + break; + } +} + + +/* Prevent warnings from -Wmissing-prototypes. */ +#ifdef YYPARSE_PARAM +#if defined __STDC__ || defined __cplusplus +int yyparse (void *YYPARSE_PARAM); +#else +int yyparse (); +#endif +#else /* ! YYPARSE_PARAM */ +#if defined __STDC__ || defined __cplusplus +int yyparse (void); +#else +int yyparse (); +#endif +#endif /* ! YYPARSE_PARAM */ + + +/* The lookahead symbol. */ +int yychar; + +/* The semantic value of the lookahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + +/*----------. +| yyparse. | +`----------*/ + +#ifdef YYPARSE_PARAM +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void *YYPARSE_PARAM) +#else +int +yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +#endif +#else /* ! YYPARSE_PARAM */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void) +#else +int +yyparse () + +#endif +#endif +{ + int yystate; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + + /* The stacks and their tools: + `yyss': related to states. + `yyvs': related to semantic values. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss; + yytype_int16 *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs; + YYSTYPE *yyvsp; + + YYSIZE_T yystacksize; + + int yyn; + int yyresult; + /* Lookahead token as an internal (translated) token number. */ + int yytoken; + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif + +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + + yytoken = 0; + yyss = yyssa; + yyvs = yyvsa; + yystacksize = YYINITDEPTH; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + yyssp = yyss; + yyvsp = yyvs; + + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. So pushing a state here evens the stacks. */ + yyssp++; + + yysetstate: + *yyssp = yystate; + + if (yyss + yystacksize - 1 <= yyssp) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + yytype_int16 *yyss1 = yyss; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyexhaustedlab; +# else + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyexhaustedlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + yytype_int16 *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + + if (yystate == YYFINAL) + YYACCEPT; + + goto yybackup; + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + + /* Do appropriate processing given the current state. Read a + lookahead token if we need one and don't already have one. */ + + /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; + if (yypact_value_is_default (yyn)) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; + } + + if (yychar <= YYEOF) + { + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else + { + yytoken = YYTRANSLATE (yychar); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yytable_value_is_error (yyn)) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + + /* Discard the shifted token. */ + yychar = YYEMPTY; + + yystate = yyn; + *++yyvsp = yylval; + + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 12: + +/* Line 1806 of yacc.c */ +#line 102 "read_config_yy.y" + { + strncpy(conf.logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN); +} + break; + + case 13: + +/* Line 1806 of yacc.c */ +#line 107 "read_config_yy.y" + { +} + break; + + case 14: + +/* Line 1806 of yacc.c */ +#line 111 "read_config_yy.y" + { + strncpy(conf.logfile, (yyvsp[(2) - (2)].string), FILENAME_MAXLEN); +} + break; + + case 15: + +/* Line 1806 of yacc.c */ +#line 116 "read_config_yy.y" + { + conf.syslog_facility = DEFAULT_SYSLOG_FACILITY; +} + break; + + case 16: + +/* Line 1806 of yacc.c */ +#line 121 "read_config_yy.y" + { + conf.syslog_facility = -1; +} + break; + + case 17: + +/* Line 1806 of yacc.c */ +#line 126 "read_config_yy.y" + { + if (!strcmp((yyvsp[(2) - (2)].string), "daemon")) + conf.syslog_facility = LOG_DAEMON; + else if (!strcmp((yyvsp[(2) - (2)].string), "local0")) + conf.syslog_facility = LOG_LOCAL0; + else if (!strcmp((yyvsp[(2) - (2)].string), "local1")) + conf.syslog_facility = LOG_LOCAL1; + else if (!strcmp((yyvsp[(2) - (2)].string), "local2")) + conf.syslog_facility = LOG_LOCAL2; + else if (!strcmp((yyvsp[(2) - (2)].string), "local3")) + conf.syslog_facility = LOG_LOCAL3; + else if (!strcmp((yyvsp[(2) - (2)].string), "local4")) + conf.syslog_facility = LOG_LOCAL4; + else if (!strcmp((yyvsp[(2) - (2)].string), "local5")) + conf.syslog_facility = LOG_LOCAL5; + else if (!strcmp((yyvsp[(2) - (2)].string), "local6")) + conf.syslog_facility = LOG_LOCAL6; + else if (!strcmp((yyvsp[(2) - (2)].string), "local7")) + conf.syslog_facility = LOG_LOCAL7; + else { + print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, " + "ignoring", (yyvsp[(2) - (2)].string)); + break; + } + + if (conf.stats.syslog_facility != -1 && + conf.syslog_facility != conf.stats.syslog_facility) + print_err(CTD_CFG_WARN, "conflicting Syslog facility " + "values, defaulting to General"); +} + break; + + case 18: + +/* Line 1806 of yacc.c */ +#line 158 "read_config_yy.y" + { + strncpy(conf.lockfile, (yyvsp[(2) - (2)].string), FILENAME_MAXLEN); +} + break; + + case 19: + +/* Line 1806 of yacc.c */ +#line 163 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`StripNAT' clause is obsolete, ignoring"); +} + break; + + case 20: + +/* Line 1806 of yacc.c */ +#line 168 "read_config_yy.y" + { + conf.refresh = (yyvsp[(2) - (2)].val); +} + break; + + case 21: + +/* Line 1806 of yacc.c */ +#line 173 "read_config_yy.y" + { + conf.cache_timeout = (yyvsp[(2) - (2)].val); +} + break; + + case 22: + +/* Line 1806 of yacc.c */ +#line 178 "read_config_yy.y" + { + conf.commit_timeout = (yyvsp[(2) - (2)].val); +} + break; + + case 23: + +/* Line 1806 of yacc.c */ +#line 183 "read_config_yy.y" + { + conf.purge_timeout = (yyvsp[(2) - (2)].val); +} + break; + + case 24: + +/* Line 1806 of yacc.c */ +#line 188 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "the use of `Checksum' outside the " + "`Multicast' clause is ambiguous"); + /* + * XXX: The use of Checksum outside of the Multicast clause is broken + * if we have more than one dedicated links. + */ + conf.channel[0].u.mcast.checksum = 0; +} + break; + + case 25: + +/* Line 1806 of yacc.c */ +#line 199 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "the use of `Checksum' outside the " + "`Multicast' clause is ambiguous"); + /* + * XXX: The use of Checksum outside of the Multicast clause is broken + * if we have more than one dedicated links. + */ + conf.channel[0].u.mcast.checksum = 1; +} + break; + + case 26: + +/* Line 1806 of yacc.c */ +#line 210 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_NEGATIVE); + + print_err(CTD_CFG_WARN, "the clause `IgnoreTrafficFor' is obsolete. " + "Use `Filter' instead"); +} + break; + + case 29: + +/* Line 1806 of yacc.c */ +#line 223 "read_config_yy.y" + { + union inet_address ip; + + memset(&ip, 0, sizeof(union inet_address)); + + if (!inet_aton((yyvsp[(2) - (2)].string), &ip.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4, " + "ignoring", (yyvsp[(2) - (2)].string)); + break; + } + + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated " + "in the ignore pool", (yyvsp[(2) - (2)].string)); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } +} + break; + + case 30: + +/* Line 1806 of yacc.c */ +#line 245 "read_config_yy.y" + { + union inet_address ip; + + memset(&ip, 0, sizeof(union inet_address)); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), &ip.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); +#endif + + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated " + "in the ignore pool", (yyvsp[(2) - (2)].string)); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + +} + break; + + case 31: + +/* Line 1806 of yacc.c */ +#line 271 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_MCAST) { + print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED; + conf.channel_num++; +} + break; + + case 32: + +/* Line 1806 of yacc.c */ +#line 285 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_MCAST) { + print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED; + conf.channel_default = conf.channel_num; + conf.channel_num++; +} + break; + + case 35: + +/* Line 1806 of yacc.c */ +#line 304 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.mcast.in)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + print_err(CTD_CFG_WARN, "your multicast address is IPv4 but " + "is binded to an IPv6 interface? " + "Surely, this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET; +} + break; + + case 36: + +/* Line 1806 of yacc.c */ +#line 323 "read_config_yy.y" + { + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), + &conf.channel[conf.channel_num].u.mcast.in) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) { + print_err(CTD_CFG_WARN, "your multicast address is IPv6 but " + "is binded to an IPv4 interface? " + "Surely this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + + if (conf.channel[conf.channel_num].channel_ifname[0] && + !conf.channel[conf.channel_num].u.mcast.ifa.interface_index6) { + unsigned int idx; + + idx = if_nametoindex((yyvsp[(2) - (2)].string)); + if (!idx) { + print_err(CTD_CFG_WARN, + "%s is an invalid interface", (yyvsp[(2) - (2)].string)); + break; + } + + conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx; + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + } +} + break; + + case 37: + +/* Line 1806 of yacc.c */ +#line 363 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.mcast.ifa)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + print_err(CTD_CFG_WARN, "your multicast interface is IPv4 but " + "is binded to an IPv6 interface? " + "Surely, this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET; +} + break; + + case 38: + +/* Line 1806 of yacc.c */ +#line 382 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`IPv6_interface' not required, ignoring"); +} + break; + + case 39: + +/* Line 1806 of yacc.c */ +#line 387 "read_config_yy.y" + { + unsigned int idx; + + __max_dedicated_links_reached(); + + strncpy(conf.channel[conf.channel_num].channel_ifname, (yyvsp[(2) - (2)].string), IFNAMSIZ); + + idx = if_nametoindex((yyvsp[(2) - (2)].string)); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", (yyvsp[(2) - (2)].string)); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx; + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + } +} + break; + + case 40: + +/* Line 1806 of yacc.c */ +#line 407 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`Backlog' option inside Multicast clause is " + "obsolete. Please, remove it from " + "conntrackd.conf"); +} + break; + + case 41: + +/* Line 1806 of yacc.c */ +#line 414 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.port = (yyvsp[(2) - (2)].val); +} + break; + + case 42: + +/* Line 1806 of yacc.c */ +#line 420 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.sndbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 43: + +/* Line 1806 of yacc.c */ +#line 426 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.rcvbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 44: + +/* Line 1806 of yacc.c */ +#line 432 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.checksum = 0; +} + break; + + case 45: + +/* Line 1806 of yacc.c */ +#line 438 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.checksum = 1; +} + break; + + case 46: + +/* Line 1806 of yacc.c */ +#line 444 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_UDP) { + print_err(CTD_CFG_ERROR, "cannot use `UDP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_type = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED; + conf.channel_num++; +} + break; + + case 47: + +/* Line 1806 of yacc.c */ +#line 458 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_UDP) { + print_err(CTD_CFG_ERROR, "cannot use `UDP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_type = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED; + conf.channel_default = conf.channel_num; + conf.channel_num++; +} + break; + + case 50: + +/* Line 1806 of yacc.c */ +#line 477 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.udp.server.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET; +} + break; + + case 51: + +/* Line 1806 of yacc.c */ +#line 488 "read_config_yy.y" + { + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), + &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; +} + break; + + case 52: + +/* Line 1806 of yacc.c */ +#line 505 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.udp.client)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET; +} + break; + + case 53: + +/* Line 1806 of yacc.c */ +#line 516 "read_config_yy.y" + { + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), + &conf.channel[conf.channel_num].u.udp.client) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; +} + break; + + case 54: + +/* Line 1806 of yacc.c */ +#line 533 "read_config_yy.y" + { + int idx; + + __max_dedicated_links_reached(); + strncpy(conf.channel[conf.channel_num].channel_ifname, (yyvsp[(2) - (2)].string), IFNAMSIZ); + + idx = if_nametoindex((yyvsp[(2) - (2)].string)); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx; +} + break; + + case 55: + +/* Line 1806 of yacc.c */ +#line 548 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.port = (yyvsp[(2) - (2)].val); +} + break; + + case 56: + +/* Line 1806 of yacc.c */ +#line 554 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.sndbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 57: + +/* Line 1806 of yacc.c */ +#line 560 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.rcvbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 58: + +/* Line 1806 of yacc.c */ +#line 566 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.checksum = 0; +} + break; + + case 59: + +/* Line 1806 of yacc.c */ +#line 572 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.checksum = 1; +} + break; + + case 60: + +/* Line 1806 of yacc.c */ +#line 578 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_TCP) { + print_err(CTD_CFG_ERROR, "cannot use `TCP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_type = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED | + CHANNEL_F_STREAM | + CHANNEL_F_ERRORS; + conf.channel_num++; +} + break; + + case 61: + +/* Line 1806 of yacc.c */ +#line 594 "read_config_yy.y" + { + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_TCP) { + print_err(CTD_CFG_ERROR, "cannot use `TCP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_type = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED | + CHANNEL_F_STREAM | + CHANNEL_F_ERRORS; + conf.channel_default = conf.channel_num; + conf.channel_num++; +} + break; + + case 64: + +/* Line 1806 of yacc.c */ +#line 615 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.tcp.server.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET; +} + break; + + case 65: + +/* Line 1806 of yacc.c */ +#line 626 "read_config_yy.y" + { + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), + &conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; +} + break; + + case 66: + +/* Line 1806 of yacc.c */ +#line 643 "read_config_yy.y" + { + __max_dedicated_links_reached(); + + if (!inet_aton((yyvsp[(2) - (2)].string), &conf.channel[conf.channel_num].u.tcp.client)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET; +} + break; + + case 67: + +/* Line 1806 of yacc.c */ +#line 654 "read_config_yy.y" + { + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), + &conf.channel[conf.channel_num].u.tcp.client) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; +} + break; + + case 68: + +/* Line 1806 of yacc.c */ +#line 671 "read_config_yy.y" + { + int idx; + + __max_dedicated_links_reached(); + strncpy(conf.channel[conf.channel_num].channel_ifname, (yyvsp[(2) - (2)].string), IFNAMSIZ); + + idx = if_nametoindex((yyvsp[(2) - (2)].string)); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", (yyvsp[(2) - (2)].string)); + break; + } + conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx; +} + break; + + case 69: + +/* Line 1806 of yacc.c */ +#line 686 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.port = (yyvsp[(2) - (2)].val); +} + break; + + case 70: + +/* Line 1806 of yacc.c */ +#line 692 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.sndbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 71: + +/* Line 1806 of yacc.c */ +#line 698 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.rcvbuf = (yyvsp[(2) - (2)].val); +} + break; + + case 72: + +/* Line 1806 of yacc.c */ +#line 704 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.checksum = 0; +} + break; + + case 73: + +/* Line 1806 of yacc.c */ +#line 710 "read_config_yy.y" + { + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.checksum = 1; +} + break; + + case 74: + +/* Line 1806 of yacc.c */ +#line 716 "read_config_yy.y" + { + __max_dedicated_links_reached(); + CONFIG(channelc).error_queue_length = (yyvsp[(2) - (2)].val); +} + break; + + case 75: + +/* Line 1806 of yacc.c */ +#line 722 "read_config_yy.y" + { + conf.hashsize = (yyvsp[(2) - (2)].val); +} + break; + + case 76: + +/* Line 1806 of yacc.c */ +#line 727 "read_config_yy.y" + { + conf.limit = (yyvsp[(2) - (2)].val); +} + break; + + case 80: + +/* Line 1806 of yacc.c */ +#line 738 "read_config_yy.y" + { + strcpy(conf.local.path, (yyvsp[(2) - (2)].string)); +} + break; + + case 81: + +/* Line 1806 of yacc.c */ +#line 743 "read_config_yy.y" + { + conf.local.backlog = (yyvsp[(2) - (2)].val); +} + break; + + case 82: + +/* Line 1806 of yacc.c */ +#line 748 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_NEGATIVE); + + print_err(CTD_CFG_WARN, "the clause `IgnoreProtocol' is " + "obsolete. Use `Filter' instead"); +} + break; + + case 85: + +/* Line 1806 of yacc.c */ +#line 762 "read_config_yy.y" + { + if ((yyvsp[(1) - (1)].val) < IPPROTO_MAX) + ct_filter_add_proto(STATE(us_filter), (yyvsp[(1) - (1)].val)); + else + print_err(CTD_CFG_WARN, "protocol number `%d' is freak", (yyvsp[(1) - (1)].val)); +} + break; + + case 86: + +/* Line 1806 of yacc.c */ +#line 770 "read_config_yy.y" + { + struct protoent *pent; + + pent = getprotobyname((yyvsp[(1) - (1)].string)); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `%s' in /etc/protocols", (yyvsp[(1) - (1)].string)); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); +} + break; + + case 87: + +/* Line 1806 of yacc.c */ +#line 783 "read_config_yy.y" + { + if (conf.flags & CTD_STATS_MODE) { + print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' " + "clauses in conntrackd.conf"); + exit(EXIT_FAILURE); + } + conf.flags |= CTD_SYNC_MODE; +} + break; + + case 111: + +/* Line 1806 of yacc.c */ +#line 822 "read_config_yy.y" + { + CONFIG(sync).tcp_window_tracking = 1; +} + break; + + case 112: + +/* Line 1806 of yacc.c */ +#line 827 "read_config_yy.y" + { + CONFIG(sync).tcp_window_tracking = 0; +} + break; + + case 113: + +/* Line 1806 of yacc.c */ +#line 832 "read_config_yy.y" + { + CONFIG(flags) |= CTD_EXPECT; + CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY | + NF_NETLINK_CONNTRACK_EXP_NEW | + NF_NETLINK_CONNTRACK_EXP_UPDATE | + NF_NETLINK_CONNTRACK_EXP_DESTROY; +} + break; + + case 114: + +/* Line 1806 of yacc.c */ +#line 844 "read_config_yy.y" + { + CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY; +} + break; + + case 115: + +/* Line 1806 of yacc.c */ +#line 852 "read_config_yy.y" + { + CONFIG(flags) |= CTD_EXPECT; + CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY | + NF_NETLINK_CONNTRACK_EXP_NEW | + NF_NETLINK_CONNTRACK_EXP_UPDATE | + NF_NETLINK_CONNTRACK_EXP_DESTROY; +} + break; + + case 118: + +/* Line 1806 of yacc.c */ +#line 867 "read_config_yy.y" + { + exp_filter_add(STATE(exp_filter), (yyvsp[(1) - (1)].string)); +} + break; + + case 119: + +/* Line 1806 of yacc.c */ +#line 872 "read_config_yy.y" + { + conf.flags |= CTD_SYNC_ALARM; +} + break; + + case 120: + +/* Line 1806 of yacc.c */ +#line 877 "read_config_yy.y" + { + conf.flags |= CTD_SYNC_FTFW; +} + break; + + case 121: + +/* Line 1806 of yacc.c */ +#line 882 "read_config_yy.y" + { + conf.flags |= CTD_SYNC_NOTRACK; +} + break; + + case 144: + +/* Line 1806 of yacc.c */ +#line 918 "read_config_yy.y" + { + conf.sync.internal_cache_disable = 1; +} + break; + + case 145: + +/* Line 1806 of yacc.c */ +#line 923 "read_config_yy.y" + { + conf.sync.internal_cache_disable = 0; +} + break; + + case 146: + +/* Line 1806 of yacc.c */ +#line 928 "read_config_yy.y" + { + conf.sync.external_cache_disable = 1; +} + break; + + case 147: + +/* Line 1806 of yacc.c */ +#line 933 "read_config_yy.y" + { + conf.sync.external_cache_disable = 0; +} + break; + + case 148: + +/* Line 1806 of yacc.c */ +#line 938 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`ResendBufferSize' is deprecated. " + "Use `ResendQueueSize' instead"); +} + break; + + case 149: + +/* Line 1806 of yacc.c */ +#line 944 "read_config_yy.y" + { + conf.resend_queue_size = (yyvsp[(2) - (2)].val); +} + break; + + case 150: + +/* Line 1806 of yacc.c */ +#line 949 "read_config_yy.y" + { + conf.window_size = (yyvsp[(2) - (2)].val); +} + break; + + case 151: + +/* Line 1806 of yacc.c */ +#line 954 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`DestroyTimeout' is deprecated. Remove it"); +} + break; + + case 152: + +/* Line 1806 of yacc.c */ +#line 959 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`RelaxTransitions' clause is obsolete. " + "Please, remove it from conntrackd.conf"); +} + break; + + case 153: + +/* Line 1806 of yacc.c */ +#line 965 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`DelayDestroyMessages' clause is obsolete. " + "Please, remove it from conntrackd.conf"); +} + break; + + case 154: + +/* Line 1806 of yacc.c */ +#line 971 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "the clause `ListenTo' is obsolete, ignoring"); +} + break; + + case 155: + +/* Line 1806 of yacc.c */ +#line 976 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_POSITIVE); + + print_err(CTD_CFG_WARN, "the clause `Replicate' is obsolete. " + "Use `Filter' instead"); +} + break; + + case 158: + +/* Line 1806 of yacc.c */ +#line 989 "read_config_yy.y" + { + if (strncmp((yyvsp[(1) - (1)].string), "TCP", strlen("TCP")) != 0) { + print_err(CTD_CFG_WARN, "unsupported protocol `%s' in line %d", + (yyvsp[(1) - (1)].string), yylineno); + } +} + break; + + case 162: + +/* Line 1806 of yacc.c */ +#line 1001 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_SYN_SENT); + + __kernel_filter_add_state(TCP_CONNTRACK_SYN_SENT); +} + break; + + case 163: + +/* Line 1806 of yacc.c */ +#line 1009 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_SYN_RECV); + + __kernel_filter_add_state(TCP_CONNTRACK_SYN_RECV); +} + break; + + case 164: + +/* Line 1806 of yacc.c */ +#line 1017 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_ESTABLISHED); + + __kernel_filter_add_state(TCP_CONNTRACK_ESTABLISHED); +} + break; + + case 165: + +/* Line 1806 of yacc.c */ +#line 1025 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_FIN_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_FIN_WAIT); +} + break; + + case 166: + +/* Line 1806 of yacc.c */ +#line 1033 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_CLOSE_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_CLOSE_WAIT); +} + break; + + case 167: + +/* Line 1806 of yacc.c */ +#line 1041 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_LAST_ACK); + + __kernel_filter_add_state(TCP_CONNTRACK_LAST_ACK); +} + break; + + case 168: + +/* Line 1806 of yacc.c */ +#line 1049 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_TIME_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_TIME_WAIT); +} + break; + + case 169: + +/* Line 1806 of yacc.c */ +#line 1057 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_CLOSE); + + __kernel_filter_add_state(TCP_CONNTRACK_CLOSE); +} + break; + + case 170: + +/* Line 1806 of yacc.c */ +#line 1065 "read_config_yy.y" + { + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_LISTEN); + + __kernel_filter_add_state(TCP_CONNTRACK_LISTEN); +} + break; + + case 171: + +/* Line 1806 of yacc.c */ +#line 1074 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); +} + break; + + case 172: + +/* Line 1806 of yacc.c */ +#line 1080 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); +} + break; + + case 194: + +/* Line 1806 of yacc.c */ +#line 1112 "read_config_yy.y" + { + conf.netlink_buffer_size = (yyvsp[(2) - (2)].val); +} + break; + + case 195: + +/* Line 1806 of yacc.c */ +#line 1117 "read_config_yy.y" + { + conf.netlink_buffer_size_max_grown = (yyvsp[(2) - (2)].val); +} + break; + + case 196: + +/* Line 1806 of yacc.c */ +#line 1122 "read_config_yy.y" + { + conf.nl_overrun_resync = 30; +} + break; + + case 197: + +/* Line 1806 of yacc.c */ +#line 1127 "read_config_yy.y" + { + conf.nl_overrun_resync = -1; +} + break; + + case 198: + +/* Line 1806 of yacc.c */ +#line 1132 "read_config_yy.y" + { + conf.nl_overrun_resync = (yyvsp[(2) - (2)].val); +} + break; + + case 199: + +/* Line 1806 of yacc.c */ +#line 1137 "read_config_yy.y" + { + conf.netlink.events_reliable = 1; +} + break; + + case 200: + +/* Line 1806 of yacc.c */ +#line 1142 "read_config_yy.y" + { + conf.netlink.events_reliable = 0; +} + break; + + case 201: + +/* Line 1806 of yacc.c */ +#line 1147 "read_config_yy.y" + { + conf.nice = (yyvsp[(2) - (2)].val); +} + break; + + case 205: + +/* Line 1806 of yacc.c */ +#line 1158 "read_config_yy.y" + { + if (strcasecmp((yyvsp[(2) - (2)].string), "rr") == 0) { + conf.sched.type = SCHED_RR; + } else if (strcasecmp((yyvsp[(2) - (2)].string), "fifo") == 0) { + conf.sched.type = SCHED_FIFO; + } else { + print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", (yyvsp[(2) - (2)].string)); + exit(EXIT_FAILURE); + } +} + break; + + case 206: + +/* Line 1806 of yacc.c */ +#line 1170 "read_config_yy.y" + { + conf.sched.prio = (yyvsp[(2) - (2)].val); + if (conf.sched.prio < 0 || conf.sched.prio > 99) { + print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", (yyvsp[(2) - (2)].val)); + exit(EXIT_FAILURE); + } +} + break; + + case 207: + +/* Line 1806 of yacc.c */ +#line 1179 "read_config_yy.y" + { + if (strncmp((yyvsp[(2) - (2)].string), "IPv6", strlen("IPv6")) == 0) + conf.family = AF_INET6; + else + conf.family = AF_INET; +} + break; + + case 208: + +/* Line 1806 of yacc.c */ +#line 1187 "read_config_yy.y" + { + CONFIG(event_iterations_limit) = (yyvsp[(2) - (2)].val); +} + break; + + case 209: + +/* Line 1806 of yacc.c */ +#line 1192 "read_config_yy.y" + { + conf.flags |= CTD_POLL; + conf.poll_kernel_secs = (yyvsp[(2) - (2)].val); + if (conf.poll_kernel_secs == 0) { + print_err(CTD_CFG_ERROR, "`PollSecs' clause must be > 0"); + exit(EXIT_FAILURE); + } +} + break; + + case 210: + +/* Line 1806 of yacc.c */ +#line 1202 "read_config_yy.y" + { + CONFIG(filter_from_kernelspace) = 0; +} + break; + + case 211: + +/* Line 1806 of yacc.c */ +#line 1207 "read_config_yy.y" + { + CONFIG(filter_from_kernelspace) = 0; +} + break; + + case 212: + +/* Line 1806 of yacc.c */ +#line 1212 "read_config_yy.y" + { + CONFIG(filter_from_kernelspace) = 1; +} + break; + + case 215: + +/* Line 1806 of yacc.c */ +#line 1220 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +} + break; + + case 216: + +/* Line 1806 of yacc.c */ +#line 1229 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_NEGATIVE); + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_L4PROTO, + NFCT_FILTER_LOGIC_NEGATIVE); +} + break; + + case 219: + +/* Line 1806 of yacc.c */ +#line 1245 "read_config_yy.y" + { + struct protoent *pent; + + pent = getprotobyname((yyvsp[(1) - (1)].string)); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `%s' in /etc/protocols", (yyvsp[(1) - (1)].string)); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +} + break; + + case 220: + +/* Line 1806 of yacc.c */ +#line 1264 "read_config_yy.y" + { + struct protoent *pent; + + pent = getprotobyname("tcp"); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `tcp' in /etc/protocols"); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +} + break; + + case 221: + +/* Line 1806 of yacc.c */ +#line 1283 "read_config_yy.y" + { + struct protoent *pent; + + pent = getprotobyname("udp"); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `udp' in /etc/protocols"); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +} + break; + + case 222: + +/* Line 1806 of yacc.c */ +#line 1302 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +} + break; + + case 223: + +/* Line 1806 of yacc.c */ +#line 1311 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_NEGATIVE); + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_SRC_IPV4, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_DST_IPV4, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_SRC_IPV6, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_DST_IPV6, + NFCT_FILTER_LOGIC_NEGATIVE); +} + break; + + case 226: + +/* Line 1806 of yacc.c */ +#line 1336 "read_config_yy.y" + { + union inet_address ip; + char *slash; + unsigned int cidr = 32; + + memset(&ip, 0, sizeof(union inet_address)); + + slash = strchr((yyvsp[(2) - (2)].string), '/'); + if (slash) { + *slash = '\0'; + cidr = atoi(slash+1); + if (cidr > 32) { + print_err(CTD_CFG_WARN, "%s/%d is not a valid network, " + "ignoring", (yyvsp[(2) - (2)].string), cidr); + break; + } + } + + if (!inet_aton((yyvsp[(2) - (2)].string), &ip.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4, ignoring", (yyvsp[(2) - (2)].string)); + break; + } + + if (slash && cidr < 32) { + /* network byte order */ + struct ct_filter_netmask_ipv4 tmp = { + .ip = ip.ipv4, + .mask = ipv4_cidr2mask_net(cidr) + }; + + if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "netmask %s is " + "repeated in the " + "ignore pool", (yyvsp[(2) - (2)].string)); + } + } else { + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated in " + "the ignore pool", (yyvsp[(2) - (2)].string)); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + } + __kernel_filter_start(); + + /* host byte order */ + struct nfct_filter_ipv4 filter_ipv4 = { + .addr = ntohl(ip.ipv4), + .mask = ipv4_cidr2mask_host(cidr), + }; + + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_SRC_IPV4, &filter_ipv4); + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_DST_IPV4, &filter_ipv4); +} + break; + + case 227: + +/* Line 1806 of yacc.c */ +#line 1395 "read_config_yy.y" + { + union inet_address ip; + char *slash; + int cidr = 128; + struct nfct_filter_ipv6 filter_ipv6; + + memset(&ip, 0, sizeof(union inet_address)); + + slash = strchr((yyvsp[(2) - (2)].string), '/'); + if (slash) { + *slash = '\0'; + cidr = atoi(slash+1); + if (cidr > 128) { + print_err(CTD_CFG_WARN, "%s/%d is not a valid network, " + "ignoring", (yyvsp[(2) - (2)].string), cidr); + break; + } + } + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, (yyvsp[(2) - (2)].string), &ip.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", (yyvsp[(2) - (2)].string)); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + if (slash && cidr < 128) { + struct ct_filter_netmask_ipv6 tmp; + + memcpy(tmp.ip, ip.ipv6, sizeof(uint32_t)*4); + ipv6_cidr2mask_net(cidr, tmp.mask); + if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "netmask %s is " + "repeated in the " + "ignore pool", (yyvsp[(2) - (2)].string)); + } + } else { + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated in " + "the ignore pool", (yyvsp[(2) - (2)].string)); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + } + __kernel_filter_start(); + + /* host byte order */ + ipv6_addr2addr_host(ip.ipv6, filter_ipv6.addr); + ipv6_cidr2mask_host(cidr, filter_ipv6.mask); + + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_SRC_IPV6, &filter_ipv6); + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_DST_IPV6, &filter_ipv6); +} + break; + + case 228: + +/* Line 1806 of yacc.c */ +#line 1455 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +} + break; + + case 229: + +/* Line 1806 of yacc.c */ +#line 1464 "read_config_yy.y" + { + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_NEGATIVE); + + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_L4PROTO_STATE, + NFCT_FILTER_LOGIC_NEGATIVE); +} + break; + + case 233: + +/* Line 1806 of yacc.c */ +#line 1483 "read_config_yy.y" + { + if (conf.flags & CTD_SYNC_MODE) { + print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' " + "clauses in conntrackd.conf"); + exit(EXIT_FAILURE); + } + conf.flags |= CTD_STATS_MODE; +} + break; + + case 241: + +/* Line 1806 of yacc.c */ +#line 1504 "read_config_yy.y" + { + strncpy(conf.stats.logfile, DEFAULT_STATS_LOGFILE, FILENAME_MAXLEN); +} + break; + + case 242: + +/* Line 1806 of yacc.c */ +#line 1509 "read_config_yy.y" + { +} + break; + + case 243: + +/* Line 1806 of yacc.c */ +#line 1513 "read_config_yy.y" + { + strncpy(conf.stats.logfile, (yyvsp[(2) - (2)].string), FILENAME_MAXLEN); +} + break; + + case 244: + +/* Line 1806 of yacc.c */ +#line 1518 "read_config_yy.y" + { + conf.stats.syslog_facility = DEFAULT_SYSLOG_FACILITY; +} + break; + + case 245: + +/* Line 1806 of yacc.c */ +#line 1523 "read_config_yy.y" + { + conf.stats.syslog_facility = -1; +} + break; + + case 246: + +/* Line 1806 of yacc.c */ +#line 1528 "read_config_yy.y" + { + if (!strcmp((yyvsp[(2) - (2)].string), "daemon")) + conf.stats.syslog_facility = LOG_DAEMON; + else if (!strcmp((yyvsp[(2) - (2)].string), "local0")) + conf.stats.syslog_facility = LOG_LOCAL0; + else if (!strcmp((yyvsp[(2) - (2)].string), "local1")) + conf.stats.syslog_facility = LOG_LOCAL1; + else if (!strcmp((yyvsp[(2) - (2)].string), "local2")) + conf.stats.syslog_facility = LOG_LOCAL2; + else if (!strcmp((yyvsp[(2) - (2)].string), "local3")) + conf.stats.syslog_facility = LOG_LOCAL3; + else if (!strcmp((yyvsp[(2) - (2)].string), "local4")) + conf.stats.syslog_facility = LOG_LOCAL4; + else if (!strcmp((yyvsp[(2) - (2)].string), "local5")) + conf.stats.syslog_facility = LOG_LOCAL5; + else if (!strcmp((yyvsp[(2) - (2)].string), "local6")) + conf.stats.syslog_facility = LOG_LOCAL6; + else if (!strcmp((yyvsp[(2) - (2)].string), "local7")) + conf.stats.syslog_facility = LOG_LOCAL7; + else { + print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, " + "ignoring.", (yyvsp[(2) - (2)].string)); + break; + } + + if (conf.syslog_facility != -1 && + conf.stats.syslog_facility != conf.syslog_facility) + print_err(CTD_CFG_WARN, "conflicting Syslog facility " + "values, defaulting to General"); +} + break; + + case 247: + +/* Line 1806 of yacc.c */ +#line 1560 "read_config_yy.y" + { + print_err(CTD_CFG_WARN, "`LogFileBufferSize' is deprecated"); +} + break; + + + +/* Line 1806 of yacc.c */ +#line 3861 "read_config_yy.c" + default: break; + } + /* User semantic actions sometimes alter yychar, and that requires + that yytoken be updated with the new translation. We take the + approach of translating immediately before every use of yytoken. + One alternative is translating here after every semantic action, + but that translation would be missed if the semantic action invokes + YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or + if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an + incorrect destructor might then be invoked immediately. In the + case of YYERROR or YYBACKUP, subsequent parser actions might lead + to an incorrect destructor call or verbose syntax error message + before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTOKENS]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); + + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +#else +# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ + yyssp, yytoken) + { + char const *yymsgp = YY_("syntax error"); + int yysyntax_error_status; + yysyntax_error_status = YYSYNTAX_ERROR; + if (yysyntax_error_status == 0) + yymsgp = yymsg; + else if (yysyntax_error_status == 1) + { + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); + if (!yymsg) + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + yysyntax_error_status = 2; + } + else + { + yysyntax_error_status = YYSYNTAX_ERROR; + yymsgp = yymsg; + } + } + yyerror (yymsgp); + if (yysyntax_error_status == 2) + goto yyexhaustedlab; + } +# undef YYSYNTAX_ERROR +#endif + } + + + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } + else + { + yydestruct ("Error: discarding", + yytoken, &yylval); + yychar = YYEMPTY; + } + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ + if (/*CONSTCOND*/ 0) + goto yyerrorlab; + + /* Do not reclaim the symbols of the rule which action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + for (;;) + { + yyn = yypact[yystate]; + if (!yypact_value_is_default (yyn)) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + + yydestruct ("Error: popping", + yystos[yystate], yyvsp); + YYPOPSTACK (1); + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + *++yyvsp = yylval; + + + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#if !defined(yyoverflow) || YYERROR_VERBOSE +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; + /* Fall through. */ +#endif + +yyreturn: + if (yychar != YYEMPTY) + { + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = YYTRANSLATE (yychar); + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + } + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK (1); + } +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif +#if YYERROR_VERBOSE + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); +#endif + /* Make sure YYID is used. */ + return YYID (yyresult); +} + + + +/* Line 2067 of yacc.c */ +#line 1564 "read_config_yy.y" + + +int __attribute__((noreturn)) +yyerror(char *msg) +{ + print_err(CTD_CFG_ERROR, "parsing config file in " + "line (%d), symbol '%s': %s", + yylineno, yytext, msg); + exit(EXIT_FAILURE); +} + +static void print_err(int type, const char *msg, ...) +{ + va_list args; + + va_start(args, msg); + switch(type) { + case CTD_CFG_ERROR: + fprintf(stderr, "ERROR: "); + break; + case CTD_CFG_WARN: + fprintf(stderr, "WARNING: "); + break; + default: + fprintf(stderr, "?: "); + } + vfprintf(stderr, msg, args); + va_end(args); + fprintf(stderr,"\n"); +} + +static void __kernel_filter_start(void) +{ + if (!STATE(filter)) { + STATE(filter) = nfct_filter_create(); + if (!STATE(filter)) { + print_err(CTD_CFG_ERROR, "cannot create ignore pool!"); + exit(EXIT_FAILURE); + } + } +} + +static void __kernel_filter_add_state(int value) +{ + __kernel_filter_start(); + + struct nfct_filter_proto filter_proto = { + .proto = IPPROTO_TCP, + .state = value + }; + nfct_filter_add_attr(STATE(filter), + NFCT_FILTER_L4PROTO_STATE, + &filter_proto); +} + +static void __max_dedicated_links_reached(void) +{ + if (conf.channel_num >= MULTICHANNEL_MAX) { + print_err(CTD_CFG_ERROR, "too many dedicated links in " + "the configuration file " + "(Maximum: %d)", MULTICHANNEL_MAX); + exit(EXIT_FAILURE); + } +} + +int +init_config(char *filename) +{ + FILE *fp; + + fp = fopen(filename, "r"); + if (!fp) + return -1; + + /* Zero may be a valid facility */ + CONFIG(syslog_facility) = -1; + CONFIG(stats).syslog_facility = -1; + CONFIG(netlink).subsys_id = -1; + + yyrestart(fp); + yyparse(); + fclose(fp); + + /* default to IPv4 */ + if (CONFIG(family) == 0) + CONFIG(family) = AF_INET; + + /* set to default is not specified */ + if (strcmp(CONFIG(lockfile), "") == 0) + strncpy(CONFIG(lockfile), DEFAULT_LOCKFILE, FILENAME_MAXLEN); + + /* default to 180 seconds of expiration time: cache entries */ + if (CONFIG(cache_timeout) == 0) + CONFIG(cache_timeout) = 180; + + /* default to 60 seconds: purge kernel entries */ + if (CONFIG(purge_timeout) == 0) + CONFIG(purge_timeout) = 60; + + /* default to 60 seconds of refresh time */ + if (CONFIG(refresh) == 0) + CONFIG(refresh) = 60; + + if (CONFIG(resend_queue_size) == 0) + CONFIG(resend_queue_size) = 131072; + + /* default to a window size of 300 packets */ + if (CONFIG(window_size) == 0) + CONFIG(window_size) = 300; + + if (CONFIG(event_iterations_limit) == 0) + CONFIG(event_iterations_limit) = 100; + + /* default number of bucket of the hashtable that are committed in + one run loop. XXX: no option available to tune this value yet. */ + if (CONFIG(general).commit_steps == 0) + CONFIG(general).commit_steps = 8192; + + /* if overrun, automatically resync with kernel after 30 seconds */ + if (CONFIG(nl_overrun_resync) == 0) + CONFIG(nl_overrun_resync) = 30; + + /* default to 128 elements in the channel error queue */ + if (CONFIG(channelc).error_queue_length == 0) + CONFIG(channelc).error_queue_length = 128; + + if (CONFIG(netlink).subsys_id == -1) { + CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY; + } + + return 0; +} + diff --git a/src/read_config_yy.h b/src/read_config_yy.h new file mode 100644 index 0000000..bf8bad3 --- /dev/null +++ b/src/read_config_yy.h @@ -0,0 +1,261 @@ +/* A Bison parser, made by GNU Bison 2.5. */ + +/* Bison interface for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + T_IPV4_ADDR = 258, + T_IPV4_IFACE = 259, + T_PORT = 260, + T_HASHSIZE = 261, + T_HASHLIMIT = 262, + T_MULTICAST = 263, + T_PATH = 264, + T_UNIX = 265, + T_REFRESH = 266, + T_IPV6_ADDR = 267, + T_IPV6_IFACE = 268, + T_IGNORE_UDP = 269, + T_IGNORE_ICMP = 270, + T_IGNORE_TRAFFIC = 271, + T_BACKLOG = 272, + T_GROUP = 273, + T_LOG = 274, + T_UDP = 275, + T_ICMP = 276, + T_IGMP = 277, + T_VRRP = 278, + T_TCP = 279, + T_IGNORE_PROTOCOL = 280, + T_LOCK = 281, + T_STRIP_NAT = 282, + T_BUFFER_SIZE_MAX_GROWN = 283, + T_EXPIRE = 284, + T_TIMEOUT = 285, + T_GENERAL = 286, + T_SYNC = 287, + T_STATS = 288, + T_RELAX_TRANSITIONS = 289, + T_BUFFER_SIZE = 290, + T_DELAY = 291, + T_SYNC_MODE = 292, + T_LISTEN_TO = 293, + T_FAMILY = 294, + T_RESEND_BUFFER_SIZE = 295, + T_ALARM = 296, + T_FTFW = 297, + T_CHECKSUM = 298, + T_WINDOWSIZE = 299, + T_ON = 300, + T_OFF = 301, + T_REPLICATE = 302, + T_FOR = 303, + T_IFACE = 304, + T_PURGE = 305, + T_RESEND_QUEUE_SIZE = 306, + T_ESTABLISHED = 307, + T_SYN_SENT = 308, + T_SYN_RECV = 309, + T_FIN_WAIT = 310, + T_CLOSE_WAIT = 311, + T_LAST_ACK = 312, + T_TIME_WAIT = 313, + T_CLOSE = 314, + T_LISTEN = 315, + T_SYSLOG = 316, + T_WRITE_THROUGH = 317, + T_STAT_BUFFER_SIZE = 318, + T_DESTROY_TIMEOUT = 319, + T_RCVBUFF = 320, + T_SNDBUFF = 321, + T_NOTRACK = 322, + T_POLL_SECS = 323, + T_FILTER = 324, + T_ADDRESS = 325, + T_PROTOCOL = 326, + T_STATE = 327, + T_ACCEPT = 328, + T_IGNORE = 329, + T_FROM = 330, + T_USERSPACE = 331, + T_KERNELSPACE = 332, + T_EVENT_ITER_LIMIT = 333, + T_DEFAULT = 334, + T_NETLINK_OVERRUN_RESYNC = 335, + T_NICE = 336, + T_IPV4_DEST_ADDR = 337, + T_IPV6_DEST_ADDR = 338, + T_SCHEDULER = 339, + T_TYPE = 340, + T_PRIO = 341, + T_NETLINK_EVENTS_RELIABLE = 342, + T_DISABLE_INTERNAL_CACHE = 343, + T_DISABLE_EXTERNAL_CACHE = 344, + T_ERROR_QUEUE_LENGTH = 345, + T_OPTIONS = 346, + T_TCP_WINDOW_TRACKING = 347, + T_EXPECT_SYNC = 348, + T_IP = 349, + T_PATH_VAL = 350, + T_NUMBER = 351, + T_SIGNED_NUMBER = 352, + T_STRING = 353 + }; +#endif +/* Tokens. */ +#define T_IPV4_ADDR 258 +#define T_IPV4_IFACE 259 +#define T_PORT 260 +#define T_HASHSIZE 261 +#define T_HASHLIMIT 262 +#define T_MULTICAST 263 +#define T_PATH 264 +#define T_UNIX 265 +#define T_REFRESH 266 +#define T_IPV6_ADDR 267 +#define T_IPV6_IFACE 268 +#define T_IGNORE_UDP 269 +#define T_IGNORE_ICMP 270 +#define T_IGNORE_TRAFFIC 271 +#define T_BACKLOG 272 +#define T_GROUP 273 +#define T_LOG 274 +#define T_UDP 275 +#define T_ICMP 276 +#define T_IGMP 277 +#define T_VRRP 278 +#define T_TCP 279 +#define T_IGNORE_PROTOCOL 280 +#define T_LOCK 281 +#define T_STRIP_NAT 282 +#define T_BUFFER_SIZE_MAX_GROWN 283 +#define T_EXPIRE 284 +#define T_TIMEOUT 285 +#define T_GENERAL 286 +#define T_SYNC 287 +#define T_STATS 288 +#define T_RELAX_TRANSITIONS 289 +#define T_BUFFER_SIZE 290 +#define T_DELAY 291 +#define T_SYNC_MODE 292 +#define T_LISTEN_TO 293 +#define T_FAMILY 294 +#define T_RESEND_BUFFER_SIZE 295 +#define T_ALARM 296 +#define T_FTFW 297 +#define T_CHECKSUM 298 +#define T_WINDOWSIZE 299 +#define T_ON 300 +#define T_OFF 301 +#define T_REPLICATE 302 +#define T_FOR 303 +#define T_IFACE 304 +#define T_PURGE 305 +#define T_RESEND_QUEUE_SIZE 306 +#define T_ESTABLISHED 307 +#define T_SYN_SENT 308 +#define T_SYN_RECV 309 +#define T_FIN_WAIT 310 +#define T_CLOSE_WAIT 311 +#define T_LAST_ACK 312 +#define T_TIME_WAIT 313 +#define T_CLOSE 314 +#define T_LISTEN 315 +#define T_SYSLOG 316 +#define T_WRITE_THROUGH 317 +#define T_STAT_BUFFER_SIZE 318 +#define T_DESTROY_TIMEOUT 319 +#define T_RCVBUFF 320 +#define T_SNDBUFF 321 +#define T_NOTRACK 322 +#define T_POLL_SECS 323 +#define T_FILTER 324 +#define T_ADDRESS 325 +#define T_PROTOCOL 326 +#define T_STATE 327 +#define T_ACCEPT 328 +#define T_IGNORE 329 +#define T_FROM 330 +#define T_USERSPACE 331 +#define T_KERNELSPACE 332 +#define T_EVENT_ITER_LIMIT 333 +#define T_DEFAULT 334 +#define T_NETLINK_OVERRUN_RESYNC 335 +#define T_NICE 336 +#define T_IPV4_DEST_ADDR 337 +#define T_IPV6_DEST_ADDR 338 +#define T_SCHEDULER 339 +#define T_TYPE 340 +#define T_PRIO 341 +#define T_NETLINK_EVENTS_RELIABLE 342 +#define T_DISABLE_INTERNAL_CACHE 343 +#define T_DISABLE_EXTERNAL_CACHE 344 +#define T_ERROR_QUEUE_LENGTH 345 +#define T_OPTIONS 346 +#define T_TCP_WINDOW_TRACKING 347 +#define T_EXPECT_SYNC 348 +#define T_IP 349 +#define T_PATH_VAL 350 +#define T_NUMBER 351 +#define T_SIGNED_NUMBER 352 +#define T_STRING 353 + + + + +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +{ + +/* Line 2068 of yacc.c */ +#line 53 "read_config_yy.y" + + int val; + char *string; + + + +/* Line 2068 of yacc.c */ +#line 253 "read_config_yy.h" +} YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +#endif + +extern YYSTYPE yylval; + + diff --git a/src/read_config_yy.y b/src/read_config_yy.y new file mode 100644 index 0000000..b22784c --- /dev/null +++ b/src/read_config_yy.y @@ -0,0 +1,1698 @@ +%{ +/* + * (C) 2006-2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: configuration file abstract grammar + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <netdb.h> +#include <errno.h> +#include <stdarg.h> +#include "conntrackd.h" +#include "bitops.h" +#include "cidr.h" +#include <syslog.h> +#include <sched.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> + +extern char *yytext; +extern int yylineno; + +struct ct_conf conf; + +enum { + CTD_CFG_ERROR = 0, + CTD_CFG_WARN, +}; + +static void print_err(int err, const char *msg, ...); + +static void __kernel_filter_start(void); +static void __kernel_filter_add_state(int value); +static void __max_dedicated_links_reached(void); +%} + +%union { + int val; + char *string; +} + +%token T_IPV4_ADDR T_IPV4_IFACE T_PORT T_HASHSIZE T_HASHLIMIT T_MULTICAST +%token T_PATH T_UNIX T_REFRESH T_IPV6_ADDR T_IPV6_IFACE +%token T_IGNORE_UDP T_IGNORE_ICMP T_IGNORE_TRAFFIC T_BACKLOG T_GROUP +%token T_LOG T_UDP T_ICMP T_IGMP T_VRRP T_TCP T_IGNORE_PROTOCOL +%token T_LOCK T_STRIP_NAT T_BUFFER_SIZE_MAX_GROWN T_EXPIRE T_TIMEOUT +%token T_GENERAL T_SYNC T_STATS T_RELAX_TRANSITIONS T_BUFFER_SIZE T_DELAY +%token T_SYNC_MODE T_LISTEN_TO T_FAMILY T_RESEND_BUFFER_SIZE +%token T_ALARM T_FTFW T_CHECKSUM T_WINDOWSIZE T_ON T_OFF +%token T_REPLICATE T_FOR T_IFACE T_PURGE T_RESEND_QUEUE_SIZE +%token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT +%token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN +%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT +%token T_RCVBUFF T_SNDBUFF T_NOTRACK T_POLL_SECS +%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE +%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT +%token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR +%token T_SCHEDULER T_TYPE T_PRIO T_NETLINK_EVENTS_RELIABLE +%token T_DISABLE_INTERNAL_CACHE T_DISABLE_EXTERNAL_CACHE T_ERROR_QUEUE_LENGTH +%token T_OPTIONS T_TCP_WINDOW_TRACKING T_EXPECT_SYNC + +%token <string> T_IP T_PATH_VAL +%token <val> T_NUMBER +%token <val> T_SIGNED_NUMBER +%token <string> T_STRING + +%% + +configfile : + | lines + ; + +lines : line + | lines line + ; + +line : ignore_protocol + | ignore_traffic + | strip_nat + | general + | sync + | stats + ; + +logfile_bool : T_LOG T_ON +{ + strncpy(conf.logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN); +}; + +logfile_bool : T_LOG T_OFF +{ +}; + +logfile_path : T_LOG T_PATH_VAL +{ + strncpy(conf.logfile, $2, FILENAME_MAXLEN); +}; + +syslog_bool : T_SYSLOG T_ON +{ + conf.syslog_facility = DEFAULT_SYSLOG_FACILITY; +}; + +syslog_bool : T_SYSLOG T_OFF +{ + conf.syslog_facility = -1; +} + +syslog_facility : T_SYSLOG T_STRING +{ + if (!strcmp($2, "daemon")) + conf.syslog_facility = LOG_DAEMON; + else if (!strcmp($2, "local0")) + conf.syslog_facility = LOG_LOCAL0; + else if (!strcmp($2, "local1")) + conf.syslog_facility = LOG_LOCAL1; + else if (!strcmp($2, "local2")) + conf.syslog_facility = LOG_LOCAL2; + else if (!strcmp($2, "local3")) + conf.syslog_facility = LOG_LOCAL3; + else if (!strcmp($2, "local4")) + conf.syslog_facility = LOG_LOCAL4; + else if (!strcmp($2, "local5")) + conf.syslog_facility = LOG_LOCAL5; + else if (!strcmp($2, "local6")) + conf.syslog_facility = LOG_LOCAL6; + else if (!strcmp($2, "local7")) + conf.syslog_facility = LOG_LOCAL7; + else { + print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, " + "ignoring", $2); + break; + } + + if (conf.stats.syslog_facility != -1 && + conf.syslog_facility != conf.stats.syslog_facility) + print_err(CTD_CFG_WARN, "conflicting Syslog facility " + "values, defaulting to General"); +}; + +lock : T_LOCK T_PATH_VAL +{ + strncpy(conf.lockfile, $2, FILENAME_MAXLEN); +}; + +strip_nat: T_STRIP_NAT +{ + print_err(CTD_CFG_WARN, "`StripNAT' clause is obsolete, ignoring"); +}; + +refreshtime : T_REFRESH T_NUMBER +{ + conf.refresh = $2; +}; + +expiretime: T_EXPIRE T_NUMBER +{ + conf.cache_timeout = $2; +}; + +timeout: T_TIMEOUT T_NUMBER +{ + conf.commit_timeout = $2; +}; + +purge: T_PURGE T_NUMBER +{ + conf.purge_timeout = $2; +}; + +checksum: T_CHECKSUM T_ON +{ + print_err(CTD_CFG_WARN, "the use of `Checksum' outside the " + "`Multicast' clause is ambiguous"); + /* + * XXX: The use of Checksum outside of the Multicast clause is broken + * if we have more than one dedicated links. + */ + conf.channel[0].u.mcast.checksum = 0; +}; + +checksum: T_CHECKSUM T_OFF +{ + print_err(CTD_CFG_WARN, "the use of `Checksum' outside the " + "`Multicast' clause is ambiguous"); + /* + * XXX: The use of Checksum outside of the Multicast clause is broken + * if we have more than one dedicated links. + */ + conf.channel[0].u.mcast.checksum = 1; +}; + +ignore_traffic : T_IGNORE_TRAFFIC '{' ignore_traffic_options '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_NEGATIVE); + + print_err(CTD_CFG_WARN, "the clause `IgnoreTrafficFor' is obsolete. " + "Use `Filter' instead"); +}; + +ignore_traffic_options : + | ignore_traffic_options ignore_traffic_option; + +ignore_traffic_option : T_IPV4_ADDR T_IP +{ + union inet_address ip; + + memset(&ip, 0, sizeof(union inet_address)); + + if (!inet_aton($2, &ip.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4, " + "ignoring", $2); + break; + } + + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated " + "in the ignore pool", $2); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } +}; + +ignore_traffic_option : T_IPV6_ADDR T_IP +{ + union inet_address ip; + + memset(&ip, 0, sizeof(union inet_address)); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); +#endif + + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated " + "in the ignore pool", $2); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + +}; + +multicast_line : T_MULTICAST '{' multicast_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_MCAST) { + print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED; + conf.channel_num++; +}; + +multicast_line : T_MULTICAST T_DEFAULT '{' multicast_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_MCAST) { + print_err(CTD_CFG_ERROR, "cannot use `Multicast' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED; + conf.channel_default = conf.channel_num; + conf.channel_num++; +}; + +multicast_options : + | multicast_options multicast_option; + +multicast_option : T_IPV4_ADDR T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + print_err(CTD_CFG_WARN, "your multicast address is IPv4 but " + "is binded to an IPv6 interface? " + "Surely, this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET; +}; + +multicast_option : T_IPV6_ADDR T_IP +{ + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.mcast.in) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) { + print_err(CTD_CFG_WARN, "your multicast address is IPv6 but " + "is binded to an IPv4 interface? " + "Surely this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + + if (conf.channel[conf.channel_num].channel_ifname[0] && + !conf.channel[conf.channel_num].u.mcast.ifa.interface_index6) { + unsigned int idx; + + idx = if_nametoindex($2); + if (!idx) { + print_err(CTD_CFG_WARN, + "%s is an invalid interface", $2); + break; + } + + conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx; + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + } +}; + +multicast_option : T_IPV4_IFACE T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + print_err(CTD_CFG_WARN, "your multicast interface is IPv4 but " + "is binded to an IPv6 interface? " + "Surely, this is not what you want"); + break; + } + + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET; +}; + +multicast_option : T_IPV6_IFACE T_IP +{ + print_err(CTD_CFG_WARN, "`IPv6_interface' not required, ignoring"); +} + +multicast_option : T_IFACE T_STRING +{ + unsigned int idx; + + __max_dedicated_links_reached(); + + strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ); + + idx = if_nametoindex($2); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", $2); + break; + } + + if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET6) { + conf.channel[conf.channel_num].u.mcast.ifa.interface_index6 = idx; + conf.channel[conf.channel_num].u.mcast.ipproto = AF_INET6; + } +}; + +multicast_option : T_BACKLOG T_NUMBER +{ + print_err(CTD_CFG_WARN, "`Backlog' option inside Multicast clause is " + "obsolete. Please, remove it from " + "conntrackd.conf"); +}; + +multicast_option : T_GROUP T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.port = $2; +}; + +multicast_option: T_SNDBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.sndbuf = $2; +}; + +multicast_option: T_RCVBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.rcvbuf = $2; +}; + +multicast_option: T_CHECKSUM T_ON +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.checksum = 0; +}; + +multicast_option: T_CHECKSUM T_OFF +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.mcast.checksum = 1; +}; + +udp_line : T_UDP '{' udp_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_UDP) { + print_err(CTD_CFG_ERROR, "cannot use `UDP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_type = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED; + conf.channel_num++; +}; + +udp_line : T_UDP T_DEFAULT '{' udp_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_UDP) { + print_err(CTD_CFG_ERROR, "cannot use `UDP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_type = CHANNEL_UDP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED; + conf.channel_default = conf.channel_num; + conf.channel_num++; +}; + +udp_options : + | udp_options udp_option; + +udp_option : T_IPV4_ADDR T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET; +}; + +udp_option : T_IPV6_ADDR T_IP +{ + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; +}; + +udp_option : T_IPV4_DEST_ADDR T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET; +}; + +udp_option : T_IPV6_DEST_ADDR T_IP +{ + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.udp.client) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; +}; + +udp_option : T_IFACE T_STRING +{ + int idx; + + __max_dedicated_links_reached(); + strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ); + + idx = if_nametoindex($2); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", $2); + break; + } + conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx; +}; + +udp_option : T_PORT T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.port = $2; +}; + +udp_option: T_SNDBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.sndbuf = $2; +}; + +udp_option: T_RCVBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.rcvbuf = $2; +}; + +udp_option: T_CHECKSUM T_ON +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.checksum = 0; +}; + +udp_option: T_CHECKSUM T_OFF +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.udp.checksum = 1; +}; + +tcp_line : T_TCP '{' tcp_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_TCP) { + print_err(CTD_CFG_ERROR, "cannot use `TCP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_type = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED | + CHANNEL_F_STREAM | + CHANNEL_F_ERRORS; + conf.channel_num++; +}; + +tcp_line : T_TCP T_DEFAULT '{' tcp_options '}' +{ + if (conf.channel_type_global != CHANNEL_NONE && + conf.channel_type_global != CHANNEL_TCP) { + print_err(CTD_CFG_ERROR, "cannot use `TCP' with other " + "dedicated link protocols!"); + exit(EXIT_FAILURE); + } + conf.channel_type_global = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_type = CHANNEL_TCP; + conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT | + CHANNEL_F_BUFFERED | + CHANNEL_F_STREAM | + CHANNEL_F_ERRORS; + conf.channel_default = conf.channel_num; + conf.channel_num++; +}; + +tcp_options : + | tcp_options tcp_option; + +tcp_option : T_IPV4_ADDR T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET; +}; + +tcp_option : T_IPV6_ADDR T_IP +{ + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; +}; + +tcp_option : T_IPV4_DEST_ADDR T_IP +{ + __max_dedicated_links_reached(); + + if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4 address", $2); + break; + } + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET; +}; + +tcp_option : T_IPV6_DEST_ADDR T_IP +{ + __max_dedicated_links_reached(); + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.tcp.client) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6 address", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; +}; + +tcp_option : T_IFACE T_STRING +{ + int idx; + + __max_dedicated_links_reached(); + strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ); + + idx = if_nametoindex($2); + if (!idx) { + print_err(CTD_CFG_WARN, "%s is an invalid interface", $2); + break; + } + conf.channel[conf.channel_num].u.tcp.server.ipv6.scope_id = idx; +}; + +tcp_option : T_PORT T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.port = $2; +}; + +tcp_option: T_SNDBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.sndbuf = $2; +}; + +tcp_option: T_RCVBUFF T_NUMBER +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.rcvbuf = $2; +}; + +tcp_option: T_CHECKSUM T_ON +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.checksum = 0; +}; + +tcp_option: T_CHECKSUM T_OFF +{ + __max_dedicated_links_reached(); + conf.channel[conf.channel_num].u.tcp.checksum = 1; +}; + +tcp_option: T_ERROR_QUEUE_LENGTH T_NUMBER +{ + __max_dedicated_links_reached(); + CONFIG(channelc).error_queue_length = $2; +}; + +hashsize : T_HASHSIZE T_NUMBER +{ + conf.hashsize = $2; +}; + +hashlimit: T_HASHLIMIT T_NUMBER +{ + conf.limit = $2; +}; + +unix_line: T_UNIX '{' unix_options '}'; + +unix_options: + | unix_options unix_option + ; + +unix_option : T_PATH T_PATH_VAL +{ + strcpy(conf.local.path, $2); +}; + +unix_option : T_BACKLOG T_NUMBER +{ + conf.local.backlog = $2; +}; + +ignore_protocol: T_IGNORE_PROTOCOL '{' ignore_proto_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_NEGATIVE); + + print_err(CTD_CFG_WARN, "the clause `IgnoreProtocol' is " + "obsolete. Use `Filter' instead"); +}; + +ignore_proto_list: + | ignore_proto_list ignore_proto + ; + +ignore_proto: T_NUMBER +{ + if ($1 < IPPROTO_MAX) + ct_filter_add_proto(STATE(us_filter), $1); + else + print_err(CTD_CFG_WARN, "protocol number `%d' is freak", $1); +}; + +ignore_proto: T_STRING +{ + struct protoent *pent; + + pent = getprotobyname($1); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `%s' in /etc/protocols", $1); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); +}; + +sync: T_SYNC '{' sync_list '}' +{ + if (conf.flags & CTD_STATS_MODE) { + print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' " + "clauses in conntrackd.conf"); + exit(EXIT_FAILURE); + } + conf.flags |= CTD_SYNC_MODE; +}; + +sync_list: + | sync_list sync_line; + +sync_line: refreshtime + | expiretime + | timeout + | purge + | checksum + | multicast_line + | udp_line + | tcp_line + | relax_transitions + | delay_destroy_msgs + | sync_mode_alarm + | sync_mode_ftfw + | sync_mode_notrack + | listen_to + | state_replication + | cache_writethrough + | destroy_timeout + | option_line + ; + +option_line: T_OPTIONS '{' options '}'; + +options: + | options option + ; + +option: T_TCP_WINDOW_TRACKING T_ON +{ + CONFIG(sync).tcp_window_tracking = 1; +}; + +option: T_TCP_WINDOW_TRACKING T_OFF +{ + CONFIG(sync).tcp_window_tracking = 0; +}; + +option: T_EXPECT_SYNC T_ON +{ + CONFIG(flags) |= CTD_EXPECT; + CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY | + NF_NETLINK_CONNTRACK_EXP_NEW | + NF_NETLINK_CONNTRACK_EXP_UPDATE | + NF_NETLINK_CONNTRACK_EXP_DESTROY; +}; + +option: T_EXPECT_SYNC T_OFF +{ + CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY; +}; + +option: T_EXPECT_SYNC '{' expect_list '}' +{ + CONFIG(flags) |= CTD_EXPECT; + CONFIG(netlink).subsys_id = NFNL_SUBSYS_NONE; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY | + NF_NETLINK_CONNTRACK_EXP_NEW | + NF_NETLINK_CONNTRACK_EXP_UPDATE | + NF_NETLINK_CONNTRACK_EXP_DESTROY; +}; + +expect_list: + | expect_list expect_item ; + +expect_item: T_STRING +{ + exp_filter_add(STATE(exp_filter), $1); +} + +sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}' +{ + conf.flags |= CTD_SYNC_ALARM; +}; + +sync_mode_ftfw: T_SYNC_MODE T_FTFW '{' sync_mode_ftfw_list '}' +{ + conf.flags |= CTD_SYNC_FTFW; +}; + +sync_mode_notrack: T_SYNC_MODE T_NOTRACK '{' sync_mode_notrack_list '}' +{ + conf.flags |= CTD_SYNC_NOTRACK; +}; + +sync_mode_alarm_list: + | sync_mode_alarm_list sync_mode_alarm_line; + +sync_mode_alarm_line: refreshtime + | expiretime + | timeout + | purge + | relax_transitions + | delay_destroy_msgs + ; + +sync_mode_ftfw_list: + | sync_mode_ftfw_list sync_mode_ftfw_line; + +sync_mode_ftfw_line: resend_queue_size + | resend_buffer_size + | timeout + | purge + | window_size + | disable_external_cache + ; + +sync_mode_notrack_list: + | sync_mode_notrack_list sync_mode_notrack_line; + +sync_mode_notrack_line: timeout + | purge + | disable_internal_cache + | disable_external_cache + ; + +disable_internal_cache: T_DISABLE_INTERNAL_CACHE T_ON +{ + conf.sync.internal_cache_disable = 1; +}; + +disable_internal_cache: T_DISABLE_INTERNAL_CACHE T_OFF +{ + conf.sync.internal_cache_disable = 0; +}; + +disable_external_cache: T_DISABLE_EXTERNAL_CACHE T_ON +{ + conf.sync.external_cache_disable = 1; +}; + +disable_external_cache: T_DISABLE_EXTERNAL_CACHE T_OFF +{ + conf.sync.external_cache_disable = 0; +}; + +resend_buffer_size: T_RESEND_BUFFER_SIZE T_NUMBER +{ + print_err(CTD_CFG_WARN, "`ResendBufferSize' is deprecated. " + "Use `ResendQueueSize' instead"); +}; + +resend_queue_size: T_RESEND_QUEUE_SIZE T_NUMBER +{ + conf.resend_queue_size = $2; +}; + +window_size: T_WINDOWSIZE T_NUMBER +{ + conf.window_size = $2; +}; + +destroy_timeout: T_DESTROY_TIMEOUT T_NUMBER +{ + print_err(CTD_CFG_WARN, "`DestroyTimeout' is deprecated. Remove it"); +}; + +relax_transitions: T_RELAX_TRANSITIONS +{ + print_err(CTD_CFG_WARN, "`RelaxTransitions' clause is obsolete. " + "Please, remove it from conntrackd.conf"); +}; + +delay_destroy_msgs: T_DELAY +{ + print_err(CTD_CFG_WARN, "`DelayDestroyMessages' clause is obsolete. " + "Please, remove it from conntrackd.conf"); +}; + +listen_to: T_LISTEN_TO T_IP +{ + print_err(CTD_CFG_WARN, "the clause `ListenTo' is obsolete, ignoring"); +}; + +state_replication: T_REPLICATE states T_FOR state_proto +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_POSITIVE); + + print_err(CTD_CFG_WARN, "the clause `Replicate' is obsolete. " + "Use `Filter' instead"); +}; + +states: + | states state; + +state_proto: T_STRING +{ + if (strncmp($1, "TCP", strlen("TCP")) != 0) { + print_err(CTD_CFG_WARN, "unsupported protocol `%s' in line %d", + $1, yylineno); + } +}; +state: tcp_state; + +tcp_states: + | tcp_states tcp_state; + +tcp_state: T_SYN_SENT +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_SYN_SENT); + + __kernel_filter_add_state(TCP_CONNTRACK_SYN_SENT); +}; +tcp_state: T_SYN_RECV +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_SYN_RECV); + + __kernel_filter_add_state(TCP_CONNTRACK_SYN_RECV); +}; +tcp_state: T_ESTABLISHED +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_ESTABLISHED); + + __kernel_filter_add_state(TCP_CONNTRACK_ESTABLISHED); +}; +tcp_state: T_FIN_WAIT +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_FIN_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_FIN_WAIT); +}; +tcp_state: T_CLOSE_WAIT +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_CLOSE_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_CLOSE_WAIT); +}; +tcp_state: T_LAST_ACK +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_LAST_ACK); + + __kernel_filter_add_state(TCP_CONNTRACK_LAST_ACK); +}; +tcp_state: T_TIME_WAIT +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_TIME_WAIT); + + __kernel_filter_add_state(TCP_CONNTRACK_TIME_WAIT); +}; +tcp_state: T_CLOSE +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_CLOSE); + + __kernel_filter_add_state(TCP_CONNTRACK_CLOSE); +}; +tcp_state: T_LISTEN +{ + ct_filter_add_state(STATE(us_filter), + IPPROTO_TCP, + TCP_CONNTRACK_LISTEN); + + __kernel_filter_add_state(TCP_CONNTRACK_LISTEN); +}; + +cache_writethrough: T_WRITE_THROUGH T_ON +{ + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); +}; + +cache_writethrough: T_WRITE_THROUGH T_OFF +{ + print_err(CTD_CFG_WARN, "`CacheWriteThrough' clause is obsolete, " + "ignoring"); +}; + +general: T_GENERAL '{' general_list '}'; + +general_list: + | general_list general_line + ; + +general_line: hashsize + | hashlimit + | logfile_bool + | logfile_path + | syslog_facility + | syslog_bool + | lock + | unix_line + | netlink_buffer_size + | netlink_buffer_size_max_grown + | family + | event_iterations_limit + | poll_secs + | filter + | netlink_overrun_resync + | netlink_events_reliable + | nice + | scheduler + ; + +netlink_buffer_size: T_BUFFER_SIZE T_NUMBER +{ + conf.netlink_buffer_size = $2; +}; + +netlink_buffer_size_max_grown : T_BUFFER_SIZE_MAX_GROWN T_NUMBER +{ + conf.netlink_buffer_size_max_grown = $2; +}; + +netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_ON +{ + conf.nl_overrun_resync = 30; +}; + +netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_OFF +{ + conf.nl_overrun_resync = -1; +}; + +netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_NUMBER +{ + conf.nl_overrun_resync = $2; +}; + +netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_ON +{ + conf.netlink.events_reliable = 1; +}; + +netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF +{ + conf.netlink.events_reliable = 0; +}; + +nice : T_NICE T_SIGNED_NUMBER +{ + conf.nice = $2; +}; + +scheduler : T_SCHEDULER '{' scheduler_options '}'; + +scheduler_options : + | scheduler_options scheduler_line + ; + +scheduler_line : T_TYPE T_STRING +{ + if (strcasecmp($2, "rr") == 0) { + conf.sched.type = SCHED_RR; + } else if (strcasecmp($2, "fifo") == 0) { + conf.sched.type = SCHED_FIFO; + } else { + print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2); + exit(EXIT_FAILURE); + } +}; + +scheduler_line : T_PRIO T_NUMBER +{ + conf.sched.prio = $2; + if (conf.sched.prio < 0 || conf.sched.prio > 99) { + print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2); + exit(EXIT_FAILURE); + } +}; + +family : T_FAMILY T_STRING +{ + if (strncmp($2, "IPv6", strlen("IPv6")) == 0) + conf.family = AF_INET6; + else + conf.family = AF_INET; +}; + +event_iterations_limit : T_EVENT_ITER_LIMIT T_NUMBER +{ + CONFIG(event_iterations_limit) = $2; +}; + +poll_secs: T_POLL_SECS T_NUMBER +{ + conf.flags |= CTD_POLL; + conf.poll_kernel_secs = $2; + if (conf.poll_kernel_secs == 0) { + print_err(CTD_CFG_ERROR, "`PollSecs' clause must be > 0"); + exit(EXIT_FAILURE); + } +}; + +filter : T_FILTER '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 0; +}; + +filter : T_FILTER T_FROM T_USERSPACE '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 0; +}; + +filter : T_FILTER T_FROM T_KERNELSPACE '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 1; +}; + +filter_list : + | filter_list filter_item; + +filter_item : T_PROTOCOL T_ACCEPT '{' filter_protocol_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +}; + +filter_item : T_PROTOCOL T_IGNORE '{' filter_protocol_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_L4PROTO, + CT_FILTER_NEGATIVE); + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_L4PROTO, + NFCT_FILTER_LOGIC_NEGATIVE); +}; + +filter_protocol_list : + | filter_protocol_list filter_protocol_item; + +filter_protocol_item : T_STRING +{ + struct protoent *pent; + + pent = getprotobyname($1); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `%s' in /etc/protocols", $1); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +}; + +filter_protocol_item : T_TCP +{ + struct protoent *pent; + + pent = getprotobyname("tcp"); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `tcp' in /etc/protocols"); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +}; + +filter_protocol_item : T_UDP +{ + struct protoent *pent; + + pent = getprotobyname("udp"); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `udp' in /etc/protocols"); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +}; + +filter_item : T_ADDRESS T_ACCEPT '{' filter_address_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +}; + +filter_item : T_ADDRESS T_IGNORE '{' filter_address_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_ADDRESS, + CT_FILTER_NEGATIVE); + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_SRC_IPV4, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_DST_IPV4, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_SRC_IPV6, + NFCT_FILTER_LOGIC_NEGATIVE); + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_DST_IPV6, + NFCT_FILTER_LOGIC_NEGATIVE); +}; + +filter_address_list : + | filter_address_list filter_address_item; + +filter_address_item : T_IPV4_ADDR T_IP +{ + union inet_address ip; + char *slash; + unsigned int cidr = 32; + + memset(&ip, 0, sizeof(union inet_address)); + + slash = strchr($2, '/'); + if (slash) { + *slash = '\0'; + cidr = atoi(slash+1); + if (cidr > 32) { + print_err(CTD_CFG_WARN, "%s/%d is not a valid network, " + "ignoring", $2, cidr); + break; + } + } + + if (!inet_aton($2, &ip.ipv4)) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv4, ignoring", $2); + break; + } + + if (slash && cidr < 32) { + /* network byte order */ + struct ct_filter_netmask_ipv4 tmp = { + .ip = ip.ipv4, + .mask = ipv4_cidr2mask_net(cidr) + }; + + if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "netmask %s is " + "repeated in the " + "ignore pool", $2); + } + } else { + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated in " + "the ignore pool", $2); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + } + __kernel_filter_start(); + + /* host byte order */ + struct nfct_filter_ipv4 filter_ipv4 = { + .addr = ntohl(ip.ipv4), + .mask = ipv4_cidr2mask_host(cidr), + }; + + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_SRC_IPV4, &filter_ipv4); + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_DST_IPV4, &filter_ipv4); +}; + +filter_address_item : T_IPV6_ADDR T_IP +{ + union inet_address ip; + char *slash; + int cidr = 128; + struct nfct_filter_ipv6 filter_ipv6; + + memset(&ip, 0, sizeof(union inet_address)); + + slash = strchr($2, '/'); + if (slash) { + *slash = '\0'; + cidr = atoi(slash+1); + if (cidr > 128) { + print_err(CTD_CFG_WARN, "%s/%d is not a valid network, " + "ignoring", $2, cidr); + break; + } + } + +#ifdef HAVE_INET_PTON_IPV6 + if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) { + print_err(CTD_CFG_WARN, "%s is not a valid IPv6, ignoring", $2); + break; + } +#else + print_err(CTD_CFG_WARN, "cannot find inet_pton(), IPv6 unsupported!"); + break; +#endif + if (slash && cidr < 128) { + struct ct_filter_netmask_ipv6 tmp; + + memcpy(tmp.ip, ip.ipv6, sizeof(uint32_t)*4); + ipv6_cidr2mask_net(cidr, tmp.mask); + if (!ct_filter_add_netmask(STATE(us_filter), &tmp, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "netmask %s is " + "repeated in the " + "ignore pool", $2); + } + } else { + if (!ct_filter_add_ip(STATE(us_filter), &ip, AF_INET6)) { + if (errno == EEXIST) + print_err(CTD_CFG_WARN, "IP %s is repeated in " + "the ignore pool", $2); + if (errno == ENOSPC) + print_err(CTD_CFG_WARN, "too many IP in the " + "ignore pool!"); + } + } + __kernel_filter_start(); + + /* host byte order */ + ipv6_addr2addr_host(ip.ipv6, filter_ipv6.addr); + ipv6_cidr2mask_host(cidr, filter_ipv6.mask); + + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_SRC_IPV6, &filter_ipv6); + nfct_filter_add_attr(STATE(filter), NFCT_FILTER_DST_IPV6, &filter_ipv6); +}; + +filter_item : T_STATE T_ACCEPT '{' filter_state_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_POSITIVE); + + __kernel_filter_start(); +}; + +filter_item : T_STATE T_IGNORE '{' filter_state_list '}' +{ + ct_filter_set_logic(STATE(us_filter), + CT_FILTER_STATE, + CT_FILTER_NEGATIVE); + + + __kernel_filter_start(); + + nfct_filter_set_logic(STATE(filter), + NFCT_FILTER_L4PROTO_STATE, + NFCT_FILTER_LOGIC_NEGATIVE); +}; + +filter_state_list : + | filter_state_list filter_state_item; + +filter_state_item : tcp_states T_FOR T_TCP; + +stats: T_STATS '{' stats_list '}' +{ + if (conf.flags & CTD_SYNC_MODE) { + print_err(CTD_CFG_ERROR, "cannot use both `Stats' and `Sync' " + "clauses in conntrackd.conf"); + exit(EXIT_FAILURE); + } + conf.flags |= CTD_STATS_MODE; +}; + +stats_list: + | stats_list stat_line + ; + +stat_line: stat_logfile_bool + | stat_logfile_path + | stat_syslog_bool + | stat_syslog_facility + | buffer_size + ; + +stat_logfile_bool : T_LOG T_ON +{ + strncpy(conf.stats.logfile, DEFAULT_STATS_LOGFILE, FILENAME_MAXLEN); +}; + +stat_logfile_bool : T_LOG T_OFF +{ +}; + +stat_logfile_path : T_LOG T_PATH_VAL +{ + strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN); +}; + +stat_syslog_bool : T_SYSLOG T_ON +{ + conf.stats.syslog_facility = DEFAULT_SYSLOG_FACILITY; +}; + +stat_syslog_bool : T_SYSLOG T_OFF +{ + conf.stats.syslog_facility = -1; +} + +stat_syslog_facility : T_SYSLOG T_STRING +{ + if (!strcmp($2, "daemon")) + conf.stats.syslog_facility = LOG_DAEMON; + else if (!strcmp($2, "local0")) + conf.stats.syslog_facility = LOG_LOCAL0; + else if (!strcmp($2, "local1")) + conf.stats.syslog_facility = LOG_LOCAL1; + else if (!strcmp($2, "local2")) + conf.stats.syslog_facility = LOG_LOCAL2; + else if (!strcmp($2, "local3")) + conf.stats.syslog_facility = LOG_LOCAL3; + else if (!strcmp($2, "local4")) + conf.stats.syslog_facility = LOG_LOCAL4; + else if (!strcmp($2, "local5")) + conf.stats.syslog_facility = LOG_LOCAL5; + else if (!strcmp($2, "local6")) + conf.stats.syslog_facility = LOG_LOCAL6; + else if (!strcmp($2, "local7")) + conf.stats.syslog_facility = LOG_LOCAL7; + else { + print_err(CTD_CFG_WARN, "'%s' is not a known syslog facility, " + "ignoring.", $2); + break; + } + + if (conf.syslog_facility != -1 && + conf.stats.syslog_facility != conf.syslog_facility) + print_err(CTD_CFG_WARN, "conflicting Syslog facility " + "values, defaulting to General"); +}; + +buffer_size: T_STAT_BUFFER_SIZE T_NUMBER +{ + print_err(CTD_CFG_WARN, "`LogFileBufferSize' is deprecated"); +}; + +%% + +int __attribute__((noreturn)) +yyerror(char *msg) +{ + print_err(CTD_CFG_ERROR, "parsing config file in " + "line (%d), symbol '%s': %s", + yylineno, yytext, msg); + exit(EXIT_FAILURE); +} + +static void print_err(int type, const char *msg, ...) +{ + va_list args; + + va_start(args, msg); + switch(type) { + case CTD_CFG_ERROR: + fprintf(stderr, "ERROR: "); + break; + case CTD_CFG_WARN: + fprintf(stderr, "WARNING: "); + break; + default: + fprintf(stderr, "?: "); + } + vfprintf(stderr, msg, args); + va_end(args); + fprintf(stderr,"\n"); +} + +static void __kernel_filter_start(void) +{ + if (!STATE(filter)) { + STATE(filter) = nfct_filter_create(); + if (!STATE(filter)) { + print_err(CTD_CFG_ERROR, "cannot create ignore pool!"); + exit(EXIT_FAILURE); + } + } +} + +static void __kernel_filter_add_state(int value) +{ + __kernel_filter_start(); + + struct nfct_filter_proto filter_proto = { + .proto = IPPROTO_TCP, + .state = value + }; + nfct_filter_add_attr(STATE(filter), + NFCT_FILTER_L4PROTO_STATE, + &filter_proto); +} + +static void __max_dedicated_links_reached(void) +{ + if (conf.channel_num >= MULTICHANNEL_MAX) { + print_err(CTD_CFG_ERROR, "too many dedicated links in " + "the configuration file " + "(Maximum: %d)", MULTICHANNEL_MAX); + exit(EXIT_FAILURE); + } +} + +int +init_config(char *filename) +{ + FILE *fp; + + fp = fopen(filename, "r"); + if (!fp) + return -1; + + /* Zero may be a valid facility */ + CONFIG(syslog_facility) = -1; + CONFIG(stats).syslog_facility = -1; + CONFIG(netlink).subsys_id = -1; + + yyrestart(fp); + yyparse(); + fclose(fp); + + /* default to IPv4 */ + if (CONFIG(family) == 0) + CONFIG(family) = AF_INET; + + /* set to default is not specified */ + if (strcmp(CONFIG(lockfile), "") == 0) + strncpy(CONFIG(lockfile), DEFAULT_LOCKFILE, FILENAME_MAXLEN); + + /* default to 180 seconds of expiration time: cache entries */ + if (CONFIG(cache_timeout) == 0) + CONFIG(cache_timeout) = 180; + + /* default to 60 seconds: purge kernel entries */ + if (CONFIG(purge_timeout) == 0) + CONFIG(purge_timeout) = 60; + + /* default to 60 seconds of refresh time */ + if (CONFIG(refresh) == 0) + CONFIG(refresh) = 60; + + if (CONFIG(resend_queue_size) == 0) + CONFIG(resend_queue_size) = 131072; + + /* default to a window size of 300 packets */ + if (CONFIG(window_size) == 0) + CONFIG(window_size) = 300; + + if (CONFIG(event_iterations_limit) == 0) + CONFIG(event_iterations_limit) = 100; + + /* default number of bucket of the hashtable that are committed in + one run loop. XXX: no option available to tune this value yet. */ + if (CONFIG(general).commit_steps == 0) + CONFIG(general).commit_steps = 8192; + + /* if overrun, automatically resync with kernel after 30 seconds */ + if (CONFIG(nl_overrun_resync) == 0) + CONFIG(nl_overrun_resync) = 30; + + /* default to 128 elements in the channel error queue */ + if (CONFIG(channelc).error_queue_length == 0) + CONFIG(channelc).error_queue_length = 128; + + if (CONFIG(netlink).subsys_id == -1) { + CONFIG(netlink).subsys_id = NFNL_SUBSYS_CTNETLINK; + CONFIG(netlink).groups = NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE | + NF_NETLINK_CONNTRACK_DESTROY; + } + + return 0; +} diff --git a/src/run.c b/src/run.c new file mode 100644 index 0000000..26c1783 --- /dev/null +++ b/src/run.c @@ -0,0 +1,774 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * Description: run and init functions + */ + +#include "conntrackd.h" +#include "netlink.h" +#include "filter.h" +#include "log.h" +#include "alarm.h" +#include "fds.h" +#include "traffic_stats.h" +#include "process.h" +#include "origin.h" +#include "date.h" +#include "internal.h" + +#include <errno.h> +#include <signal.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/wait.h> +#include <string.h> +#include <time.h> +#include <fcntl.h> + +void killer(int foo) +{ + /* no signals while handling signals */ + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + + if (!(CONFIG(flags) & CTD_POLL)) + nfct_close(STATE(event)); + + nfct_close(STATE(resync)); + nfct_close(STATE(get)); + origin_unregister(STATE(flush)); + nfct_close(STATE(flush)); + + if (STATE(us_filter)) + ct_filter_destroy(STATE(us_filter)); + local_server_destroy(&STATE(local)); + STATE(mode)->kill(); + + if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) { + nfct_close(STATE(dump)); + } + destroy_fds(STATE(fds)); + + unlink(CONFIG(lockfile)); + dlog(LOG_NOTICE, "---- shutdown received ----"); + close_log(); + + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + + exit(0); +} + +static void child(int foo) +{ + int status, ret; + + while ((ret = waitpid(0, &status, WNOHANG)) != 0) { + if (ret == -1) { + if (errno == EINTR) + continue; + if (errno == ECHILD) + break; + STATE(stats).wait_failed++; + break; + } + /* delete process from list and run the callback */ + fork_process_delete(ret); + + if (!WIFSIGNALED(status)) + continue; + + switch(WTERMSIG(status)) { + case SIGSEGV: + dlog(LOG_ERR, "child process (pid=%u) has aborted, " + "received signal SIGSEGV (crashed)", ret); + STATE(stats).child_process_failed++; + STATE(stats).child_process_error_segfault++; + break; + case SIGINT: + case SIGTERM: + case SIGKILL: + dlog(LOG_ERR, "child process (pid=%u) has aborted, " + "received termination signal (%u)", + ret, WTERMSIG(status)); + STATE(stats).child_process_failed++; + STATE(stats).child_process_error_term++; + break; + default: + dlog(LOG_NOTICE, "child process (pid=%u) " + "received signal (%u)", + ret, WTERMSIG(status)); + STATE(stats).child_process_failed++; + break; + } + } +} + +static void uptime(char *buf, size_t bufsiz) +{ + time_t tmp; + int updays, upminutes, uphours; + size_t size = 0; + + time(&tmp); + tmp = tmp - STATE(stats).daemon_start_time; + updays = (int) tmp / (60*60*24); + if (updays) { + size = snprintf(buf, bufsiz, "%d day%s ", + updays, (updays != 1) ? "s" : ""); + } + upminutes = (int) tmp / 60; + uphours = (upminutes / 60) % 24; + upminutes %= 60; + if(uphours) { + snprintf(buf + size, bufsiz, "%d h %d min", uphours, upminutes); + } else { + snprintf(buf + size, bufsiz, "%d min", upminutes); + } +} + +static void dump_stats_runtime(int fd) +{ + char buf[1024], uptime_string[512]; + int size; + + uptime(uptime_string, sizeof(uptime_string)); + size = snprintf(buf, sizeof(buf), + "daemon uptime: %s\n\n" + "netlink stats:\n" + "\tevents received:\t%20llu\n" + "\tevents filtered:\t%20llu\n" + "\tevents unknown type:\t\t%12u\n" + "\tcatch event failed:\t\t%12u\n" + "\tdump unknown type:\t\t%12u\n" + "\tnetlink overrun:\t\t%12u\n" + "\tflush kernel table:\t\t%12u\n" + "\tresync with kernel table:\t%12u\n" + "\tcurrent buffer size (in bytes):\t%12u\n\n" + "runtime stats:\n" + "\tchild process failed:\t\t%12u\n" + "\t\tchild process segfault:\t%12u\n" + "\t\tchild process termsig:\t%12u\n" + "\tselect failed:\t\t\t%12u\n" + "\twait failed:\t\t\t%12u\n" + "\tlocal read failed:\t\t%12u\n" + "\tlocal unknown request:\t\t%12u\n\n", + uptime_string, + (unsigned long long)STATE(stats).nl_events_received, + (unsigned long long)STATE(stats).nl_events_filtered, + STATE(stats).nl_events_unknown_type, + STATE(stats).nl_catch_event_failed, + STATE(stats).nl_dump_unknown_type, + STATE(stats).nl_overrun, + STATE(stats).nl_kernel_table_flush, + STATE(stats).nl_kernel_table_resync, + CONFIG(netlink_buffer_size), + STATE(stats).child_process_failed, + STATE(stats).child_process_error_segfault, + STATE(stats).child_process_error_term, + STATE(stats).select_failed, + STATE(stats).wait_failed, + STATE(stats).local_read_failed, + STATE(stats).local_unknown_request); + + send(fd, buf, size, 0); +} + +static void local_flush_master(void) +{ + STATE(stats).nl_kernel_table_flush++; + dlog(LOG_NOTICE, "flushing kernel conntrack table"); + + /* fork a child process that performs the flush operation, + * meanwhile the parent process handles events. */ + if (fork_process_new(CTD_PROC_FLUSH, CTD_PROC_F_EXCL, + NULL, NULL) == 0) { + nl_flush_conntrack_table(STATE(flush)); + exit(EXIT_SUCCESS); + } +} + +static void local_resync_master(void) +{ + if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) { + STATE(stats).nl_kernel_table_resync++; + dlog(LOG_NOTICE, "resync with master conntrack table"); + nl_dump_conntrack_table(STATE(dump)); + } else { + dlog(LOG_NOTICE, "resync is unsupported in this mode"); + } +} + +static void local_exp_flush_master(void) +{ + if (!(CONFIG(flags) & CTD_EXPECT)) + return; + + STATE(stats).nl_kernel_table_flush++; + dlog(LOG_NOTICE, "flushing kernel expect table"); + + /* fork a child process that performs the flush operation, + * meanwhile the parent process handles events. */ + if (fork_process_new(CTD_PROC_FLUSH, CTD_PROC_F_EXCL, + NULL, NULL) == 0) { + nl_flush_expect_table(STATE(flush)); + exit(EXIT_SUCCESS); + } +} + +static void local_exp_resync_master(void) +{ + if (!(CONFIG(flags) & CTD_EXPECT)) + return; + + if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) { + STATE(stats).nl_kernel_table_resync++; + dlog(LOG_NOTICE, "resync with master expect table"); + nl_dump_expect_table(STATE(dump)); + } else { + dlog(LOG_NOTICE, "resync is unsupported in this mode"); + } +} + +static int local_handler(int fd, void *data) +{ + int ret = LOCAL_RET_OK; + int type; + + if (read(fd, &type, sizeof(type)) <= 0) { + STATE(stats).local_read_failed++; + return LOCAL_RET_OK; + } + switch(type) { + case CT_FLUSH_MASTER: + local_flush_master(); + break; + case CT_RESYNC_MASTER: + local_resync_master(); + break; + case EXP_FLUSH_MASTER: + local_exp_flush_master(); + break; + case EXP_RESYNC_MASTER: + local_exp_resync_master(); + break; + case ALL_FLUSH_MASTER: + local_flush_master(); + local_exp_flush_master(); + break; + case ALL_RESYNC_MASTER: + local_resync_master(); + local_exp_resync_master(); + break; + case STATS_RUNTIME: + dump_stats_runtime(fd); + break; + case STATS_PROCESS: + fork_process_dump(fd); + break; + } + + ret = STATE(mode)->local(fd, type, data); + if (ret == LOCAL_RET_ERROR) { + STATE(stats).local_unknown_request++; + return LOCAL_RET_ERROR; + } + return ret; +} + +static void do_overrun_resync_alarm(struct alarm_block *a, void *data) +{ + nl_send_resync(STATE(resync)); + STATE(stats).nl_kernel_table_resync++; +} + +static void do_polling_alarm(struct alarm_block *a, void *data) +{ + if (STATE(mode)->internal->ct.purge) + STATE(mode)->internal->ct.purge(); + + if (STATE(mode)->internal->exp.purge) + STATE(mode)->internal->exp.purge(); + + nl_send_resync(STATE(resync)); + nl_send_expect_resync(STATE(resync)); + add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0); +} + +static int event_handler(const struct nlmsghdr *nlh, + enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + int origin_type; + + STATE(stats).nl_events_received++; + + /* skip user-space filtering if already do it in the kernel */ + if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace))) { + STATE(stats).nl_events_filtered++; + goto out; + } + + origin_type = origin_find(nlh); + + switch(type) { + case NFCT_T_NEW: + STATE(mode)->internal->ct.new(ct, origin_type); + break; + case NFCT_T_UPDATE: + STATE(mode)->internal->ct.upd(ct, origin_type); + break; + case NFCT_T_DESTROY: + if (STATE(mode)->internal->ct.del(ct, origin_type)) + update_traffic_stats(ct); + break; + default: + STATE(stats).nl_events_unknown_type++; + break; + } + +out: + /* we reset the iteration limiter in the main select loop. */ + if (STATE(event_iterations_limit)-- <= 0) + return NFCT_CB_STOP; + else + return NFCT_CB_CONTINUE; +} + +static int exp_event_handler(const struct nlmsghdr *nlh, + enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + int origin_type; + const struct nf_conntrack *master = + nfexp_get_attr(exp, ATTR_EXP_MASTER); + + STATE(stats).nl_events_received++; + + if (!exp_filter_find(STATE(exp_filter), exp)) { + STATE(stats).nl_events_filtered++; + goto out; + } + if (ct_filter_conntrack(master, 1)) + return NFCT_CB_CONTINUE; + + origin_type = origin_find(nlh); + + switch(type) { + case NFCT_T_NEW: + STATE(mode)->internal->exp.new(exp, origin_type); + break; + case NFCT_T_UPDATE: + STATE(mode)->internal->exp.upd(exp, origin_type); + break; + case NFCT_T_DESTROY: + STATE(mode)->internal->exp.del(exp, origin_type); + break; + default: + STATE(stats).nl_events_unknown_type++; + break; + } + +out: + /* we reset the iteration limiter in the main select loop. */ + if (STATE(event_iterations_limit)-- <= 0) + return NFCT_CB_STOP; + else + return NFCT_CB_CONTINUE; +} + +static int dump_handler(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + switch(type) { + case NFCT_T_UPDATE: + STATE(mode)->internal->ct.populate(ct); + break; + default: + STATE(stats).nl_dump_unknown_type++; + break; + } + return NFCT_CB_CONTINUE; +} + +static int exp_dump_handler(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + const struct nf_conntrack *master = + nfexp_get_attr(exp, ATTR_EXP_MASTER); + + if (!exp_filter_find(STATE(exp_filter), exp)) + return NFCT_CB_CONTINUE; + + if (ct_filter_conntrack(master, 1)) + return NFCT_CB_CONTINUE; + + switch(type) { + case NFCT_T_UPDATE: + STATE(mode)->internal->exp.populate(exp); + break; + default: + STATE(stats).nl_dump_unknown_type++; + break; + } + return NFCT_CB_CONTINUE; +} + +static int get_handler(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + STATE(get_retval) = 1; + return NFCT_CB_CONTINUE; +} + +static int exp_get_handler(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data) +{ + const struct nf_conntrack *master = + nfexp_get_attr(exp, ATTR_EXP_MASTER); + + if (!exp_filter_find(STATE(exp_filter), exp)) + return NFCT_CB_CONTINUE; + + if (ct_filter_conntrack(master, 1)) + return NFCT_CB_CONTINUE; + + STATE(get_retval) = 1; + return NFCT_CB_CONTINUE; +} + +int +init(void) +{ + do_gettimeofday(); + + if (CONFIG(flags) & CTD_STATS_MODE) + STATE(mode) = &stats_mode; + else if (CONFIG(flags) & CTD_SYNC_MODE) + STATE(mode) = &sync_mode; + else { + fprintf(stderr, "WARNING: No running mode specified. " + "Defaulting to statistics mode.\n"); + CONFIG(flags) |= CTD_STATS_MODE; + STATE(mode) = &stats_mode; + } + + STATE(fds) = create_fds(); + if (STATE(fds) == NULL) { + dlog(LOG_ERR, "can't create file descriptor pool"); + return -1; + } + + /* Initialization */ + if (STATE(mode)->init() == -1) { + dlog(LOG_ERR, "initialization failed"); + return -1; + } + + /* local UNIX socket */ + if (local_server_create(&STATE(local), &CONFIG(local)) == -1) { + dlog(LOG_ERR, "can't open unix socket!"); + return -1; + } + register_fd(STATE(local).fd, STATE(fds)); + + /* resynchronize (like 'dump' socket) but it also purges old entries */ + STATE(resync) = nfct_open(CONFIG(netlink).subsys_id, 0); + if (STATE(resync)== NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + nfct_callback_register(STATE(resync), + NFCT_T_ALL, + STATE(mode)->internal->ct.resync, + NULL); + register_fd(nfct_fd(STATE(resync)), STATE(fds)); + fcntl(nfct_fd(STATE(resync)), F_SETFL, O_NONBLOCK); + + if (STATE(mode)->internal->flags & INTERNAL_F_POPULATE) { + STATE(dump) = nfct_open(CONFIG(netlink).subsys_id, 0); + if (STATE(dump) == NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + nfct_callback_register(STATE(dump), NFCT_T_ALL, + dump_handler, NULL); + + if (CONFIG(flags) & CTD_EXPECT) { + nfexp_callback_register(STATE(dump), NFCT_T_ALL, + exp_dump_handler, NULL); + } + + if (nl_dump_conntrack_table(STATE(dump)) == -1) { + dlog(LOG_ERR, "can't get kernel conntrack table"); + return -1; + } + + if (CONFIG(flags) & CTD_EXPECT) { + if (nl_dump_expect_table(STATE(dump)) == -1) { + dlog(LOG_ERR, "can't get kernel " + "expect table"); + return -1; + } + } + } + + STATE(get) = nfct_open(CONFIG(netlink).subsys_id, 0); + if (STATE(get) == NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + nfct_callback_register(STATE(get), NFCT_T_ALL, get_handler, NULL); + + if (CONFIG(flags) & CTD_EXPECT) { + nfexp_callback_register(STATE(get), NFCT_T_ALL, + exp_get_handler, NULL); + } + + STATE(flush) = nfct_open(CONFIG(netlink).subsys_id, 0); + if (STATE(flush) == NULL) { + dlog(LOG_ERR, "cannot open flusher handler"); + return -1; + } + /* register this handler as the origin of a flush operation */ + origin_register(STATE(flush), CTD_ORIGIN_FLUSH); + + if (CONFIG(flags) & CTD_POLL) { + init_alarm(&STATE(polling_alarm), NULL, do_polling_alarm); + add_alarm(&STATE(polling_alarm), CONFIG(poll_kernel_secs), 0); + dlog(LOG_NOTICE, "running in polling mode"); + } else { + init_alarm(&STATE(resync_alarm), NULL, do_overrun_resync_alarm); + /* + * The last nfct handler that we register is the event handler. + * The reason to do this is that we may receive events while + * populating the internal cache. Thus, we hit ENOBUFS + * prematurely. However, if we open the event handler before + * populating the internal cache, we may still lose events + * that have occured during the population. + */ + STATE(event) = nl_init_event_handler(); + if (STATE(event) == NULL) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + nfct_callback_register2(STATE(event), NFCT_T_ALL, + event_handler, NULL); + + if (CONFIG(flags) & CTD_EXPECT) { + nfexp_callback_register2(STATE(event), NFCT_T_ALL, + exp_event_handler, NULL); + } + register_fd(nfct_fd(STATE(event)), STATE(fds)); + } + + /* Signals handling */ + sigemptyset(&STATE(block)); + sigaddset(&STATE(block), SIGTERM); + sigaddset(&STATE(block), SIGINT); + sigaddset(&STATE(block), SIGCHLD); + + if (signal(SIGINT, killer) == SIG_ERR) + return -1; + + if (signal(SIGTERM, killer) == SIG_ERR) + return -1; + + /* ignore connection reset by peer */ + if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) + return -1; + + if (signal(SIGCHLD, child) == SIG_ERR) + return -1; + + time(&STATE(stats).daemon_start_time); + + dlog(LOG_NOTICE, "initialization completed"); + + return 0; +} + +static void run_events(struct timeval *next_alarm) +{ + int ret; + fd_set readfds = STATE(fds)->readfds; + + ret = select(STATE(fds)->maxfd + 1, &readfds, NULL, NULL, next_alarm); + if (ret == -1) { + /* interrupted syscall, retry */ + if (errno == EINTR) + return; + + STATE(stats).select_failed++; + return; + } + + /* signals are racy */ + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + + /* order received via UNIX socket */ + if (FD_ISSET(STATE(local).fd, &readfds)) + do_local_server_step(&STATE(local), NULL, local_handler); + + /* we have receive an event from ctnetlink */ + if (FD_ISSET(nfct_fd(STATE(event)), &readfds)) { + ret = nfct_catch(STATE(event)); + /* reset event iteration limit counter */ + STATE(event_iterations_limit) = CONFIG(event_iterations_limit); + if (ret == -1) { + switch(errno) { + case ENOBUFS: + /* We have hit ENOBUFS, it's likely that we are + * losing events. Two possible situations may + * trigger this error: + * + * 1) The netlink receiver buffer is too small: + * increasing the netlink buffer size should + * be enough. However, some event messages + * got lost. We have to resync ourselves + * with the kernel table conntrack table to + * resolve the inconsistency. + * + * 2) The receiver is too slow to process the + * netlink messages so that the queue gets + * full quickly. This generally happens + * if the system is under heavy workload + * (busy CPU). In this case, increasing the + * size of the netlink receiver buffer + * would not help anymore since we would + * be delaying the overrun. Moreover, we + * should avoid resynchronizations. We + * should do our best here and keep + * replicating as much states as possible. + * If workload lowers at some point, + * we resync ourselves. + */ + nl_resize_socket_buffer(STATE(event)); + if (CONFIG(nl_overrun_resync) > 0 && + STATE(mode)->internal->flags & INTERNAL_F_RESYNC) { + add_alarm(&STATE(resync_alarm), + CONFIG(nl_overrun_resync),0); + } + STATE(stats).nl_catch_event_failed++; + STATE(stats).nl_overrun++; + break; + case ENOENT: + /* + * We received a message from another + * netfilter subsystem that we are not + * interested in. Just ignore it. + */ + break; + case EAGAIN: + /* No more events to receive, try later. */ + break; + default: + STATE(stats).nl_catch_event_failed++; + break; + } + } + } + /* we previously requested a resync due to buffer overrun. */ + if (FD_ISSET(nfct_fd(STATE(resync)), &readfds)) { + nfct_catch(STATE(resync)); + if (STATE(mode)->internal->ct.purge) + STATE(mode)->internal->ct.purge(); + } + + if (STATE(mode)->run) + STATE(mode)->run(&readfds); + + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); +} + +static void run_polling(struct timeval *next_alarm) +{ + int ret; + fd_set readfds = STATE(fds)->readfds; + + ret = select(STATE(fds)->maxfd + 1, &readfds, NULL, NULL, next_alarm); + if (ret == -1) { + /* interrupted syscall, retry */ + if (errno == EINTR) + return; + + STATE(stats).select_failed++; + return; + } + + /* signals are racy */ + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + + /* order received via UNIX socket */ + if (FD_ISSET(STATE(local).fd, &readfds)) + do_local_server_step(&STATE(local), NULL, local_handler); + + /* we requested a dump from the kernel via polling_alarm */ + if (FD_ISSET(nfct_fd(STATE(resync)), &readfds)) + nfct_catch(STATE(resync)); + + if (STATE(mode)->run) + STATE(mode)->run(&readfds); + + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); +} + +static void __attribute__((noreturn)) +do_run(void (*run_step)(struct timeval *next_alarm)) +{ + struct timeval next_alarm; + struct timeval *next = NULL; + + while(1) { + do_gettimeofday(); + + sigprocmask(SIG_BLOCK, &STATE(block), NULL); + if (next != NULL && !timerisset(next)) + next = do_alarm_run(&next_alarm); + else + next = get_next_alarm_run(&next_alarm); + sigprocmask(SIG_UNBLOCK, &STATE(block), NULL); + + run_step(next); + } +} + +void run(void) +{ + if (CONFIG(flags) & CTD_POLL) { + do_run(run_polling); + } else { + do_run(run_events); + } +} diff --git a/src/stats-mode.c b/src/stats-mode.c new file mode 100644 index 0000000..b768033 --- /dev/null +++ b/src/stats-mode.c @@ -0,0 +1,208 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "netlink.h" +#include "traffic_stats.h" +#include "cache.h" +#include "log.h" +#include "conntrackd.h" +#include "internal.h" + +#include <errno.h> +#include <string.h> +#include <stdlib.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static int init_stats(void) +{ + state.stats = malloc(sizeof(struct ct_stats_state)); + if (!state.stats) { + dlog(LOG_ERR, "can't allocate memory for stats"); + return -1; + } + memset(state.stats, 0, sizeof(struct ct_stats_state)); + + STATE_STATS(cache) = cache_create("stats", CACHE_T_CT, + NO_FEATURES, NULL, + &cache_stats_ct_ops); + if (!STATE_STATS(cache)) { + dlog(LOG_ERR, "can't allocate memory for the " + "external cache"); + free(state.stats); + return -1; + } + + return 0; +} + +static void kill_stats(void) +{ + cache_destroy(STATE_STATS(cache)); +} + +/* handler for requests coming via UNIX socket */ +static int local_handler_stats(int fd, int type, void *data) +{ + int ret = LOCAL_RET_OK; + + switch(type) { + case CT_DUMP_INTERNAL: + cache_dump(STATE_STATS(cache), fd, NFCT_O_PLAIN); + break; + case CT_DUMP_INT_XML: + cache_dump(STATE_STATS(cache), fd, NFCT_O_XML); + break; + case CT_FLUSH_CACHE: + case CT_FLUSH_INT_CACHE: + dlog(LOG_NOTICE, "flushing caches"); + cache_flush(STATE_STATS(cache)); + break; + case KILL: + killer(0); + break; + case STATS: + cache_stats(STATE_STATS(cache), fd); + dump_traffic_stats(fd); + break; + case STATS_CACHE: + cache_stats_extended(STATE_STATS(cache), fd); + break; + default: + ret = 0; + break; + } + + return ret; +} + +static void stats_populate(struct nf_conntrack *ct) +{ + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_TIMEOUT); + nfct_attr_unset(ct, ATTR_USE); + + cache_update_force(STATE_STATS(cache), ct); +} + +static int stats_resync(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + /* This is required by kernels < 2.6.20 */ + nfct_attr_unset(ct, ATTR_TIMEOUT); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES); + nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS); + nfct_attr_unset(ct, ATTR_USE); + + cache_update_force(STATE_STATS(cache), ct); + + return NFCT_CB_CONTINUE; +} + +static int purge_step(void *data1, void *data2) +{ + struct cache_object *obj = data2; + + STATE(get_retval) = 0; + nl_get_conntrack(STATE(get), obj->ptr); /* modifies STATE(get_retval) */ + if (!STATE(get_retval)) { + cache_del(STATE_STATS(cache), obj); + dlog_ct(STATE(stats_log), obj->ptr, NFCT_O_PLAIN); + cache_object_free(obj); + } + + return 0; +} + +static void stats_purge(void) +{ + cache_iterate(STATE_STATS(cache), NULL, purge_step); +} + +static void stats_event_new(struct nf_conntrack *ct, int origin) +{ + int id; + struct cache_object *obj; + + nfct_attr_unset(ct, ATTR_TIMEOUT); + + obj = cache_find(STATE_STATS(cache), ct, &id); + if (obj == NULL) { + obj = cache_object_new(STATE_STATS(cache), ct); + if (obj == NULL) + return; + + if (cache_add(STATE_STATS(cache), obj, id) == -1) { + cache_object_free(obj); + return; + } + } + return; +} + +static void stats_event_upd(struct nf_conntrack *ct, int origin) +{ + nfct_attr_unset(ct, ATTR_TIMEOUT); + cache_update_force(STATE_STATS(cache), ct); +} + +static int stats_event_del(struct nf_conntrack *ct, int origin) +{ + int id; + struct cache_object *obj; + + nfct_attr_unset(ct, ATTR_TIMEOUT); + + obj = cache_find(STATE_STATS(cache), ct, &id); + if (obj) { + cache_del(STATE_STATS(cache), obj); + dlog_ct(STATE(stats_log), ct, NFCT_O_PLAIN); + cache_object_free(obj); + return 1; + } + return 0; +} + +static struct internal_handler internal_cache_stats = { + .flags = INTERNAL_F_POPULATE | INTERNAL_F_RESYNC, + .ct = { + .populate = stats_populate, + .resync = stats_resync, + .purge = stats_purge, + .new = stats_event_new, + .upd = stats_event_upd, + .del = stats_event_del, + }, +}; + +struct ct_mode stats_mode = { + .init = init_stats, + .run = NULL, + .local = local_handler_stats, + .kill = kill_stats, + .internal = &internal_cache_stats, +}; diff --git a/src/sync-alarm.c b/src/sync-alarm.c new file mode 100644 index 0000000..acaf5e6 --- /dev/null +++ b/src/sync-alarm.c @@ -0,0 +1,161 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "conntrackd.h" +#include "sync.h" +#include "network.h" +#include "alarm.h" +#include "cache.h" +#include "queue.h" + +#include <stdlib.h> +#include <string.h> + +struct cache_alarm { + struct queue_node qnode; + struct cache_object *obj; + struct alarm_block alarm; +}; + +static void alarm_enqueue(struct cache_object *obj, int query); + +static void refresher(struct alarm_block *a, void *data) +{ + struct cache_object *obj = data; + + add_alarm(a, + random() % CONFIG(refresh) + 1, + ((random() % 5 + 1) * 200000) - 1); + + alarm_enqueue(obj, NET_T_STATE_CT_UPD); +} + +static void cache_alarm_add(struct cache_object *obj, void *data) +{ + struct cache_alarm *ca = data; + + queue_node_init(&ca->qnode, Q_ELEM_OBJ); + ca->obj = obj; + init_alarm(&ca->alarm, obj, refresher); + add_alarm(&ca->alarm, + random() % CONFIG(refresh) + 1, + ((random() % 5 + 1) * 200000) - 1); +} + +static void cache_alarm_update(struct cache_object *obj, void *data) +{ + struct cache_alarm *ca = data; + add_alarm(&ca->alarm, + random() % CONFIG(refresh) + 1, + ((random() % 5 + 1) * 200000) - 1); +} + +static void cache_alarm_destroy(struct cache_object *obj, void *data) +{ + struct cache_alarm *ca = data; + queue_del(&ca->qnode); + del_alarm(&ca->alarm); +} + +static struct cache_extra cache_alarm_extra = { + .size = sizeof(struct cache_alarm), + .add = cache_alarm_add, + .update = cache_alarm_update, + .destroy = cache_alarm_destroy +}; + +static int alarm_recv(const struct nethdr *net) +{ + unsigned int exp_seq; + + /* + * Ignore error messages: Although this message type is not ever + * generated in alarm mode, we don't want to crash the daemon + * if someone nuts mixes ftfw and alarm. + */ + if (net->flags) + return 1; + + /* + * Multicast sequence tracking: we keep track of multicast messages + * although we don't do any explicit message recovery. So, why do + * we do sequence tracking? Just to let know the sysadmin. + * + * Let t be 1 < t < RefreshTime. To ensure consistency, conntrackd + * retransmit every t seconds a message with the state of a certain + * entry even if such entry did not change. This mechanism also + * provides passive resynchronization, in other words, there is + * no facility to request a full synchronization from new nodes that + * just joined the cluster, instead they just get resynchronized in + * RefreshTime seconds at worst case. + */ + nethdr_track_seq(net->seq, &exp_seq); + + return 0; +} + +static void alarm_enqueue(struct cache_object *obj, int query) +{ + struct cache_alarm *ca = cache_get_extra(obj); + if (queue_add(STATE_SYNC(tx_queue), &ca->qnode) > 0) + cache_object_get(obj); +} + +static int tx_queue_xmit(struct queue_node *n, const void *data) +{ + struct nethdr *net; + + queue_del(n); + + switch(n->type) { + case Q_ELEM_CTL: + net = queue_node_data(n); + nethdr_set_ctl(net); + HDR_HOST2NETWORK(net); + multichannel_send(STATE_SYNC(channel), net); + queue_object_free((struct queue_object *)n); + break; + case Q_ELEM_OBJ: { + struct cache_alarm *ca; + int type; + + ca = (struct cache_alarm *)n; + type = object_status_to_network_type(ca->obj); + net = ca->obj->cache->ops->build_msg(ca->obj, type); + multichannel_send(STATE_SYNC(channel), net); + cache_object_put(ca->obj); + break; + } + } + return 0; +} + +static void alarm_xmit(void) +{ + queue_iterate(STATE_SYNC(tx_queue), NULL, tx_queue_xmit); +} + +struct sync_mode sync_alarm = { + .internal_cache_flags = NO_FEATURES, + .external_cache_flags = TIMER, + .internal_cache_extra = &cache_alarm_extra, + .recv = alarm_recv, + .enqueue = alarm_enqueue, + .xmit = alarm_xmit, +}; diff --git a/src/sync-ftfw.c b/src/sync-ftfw.c new file mode 100644 index 0000000..1bc2d9f --- /dev/null +++ b/src/sync-ftfw.c @@ -0,0 +1,573 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "conntrackd.h" +#include "sync.h" +#include "queue.h" +#include "network.h" +#include "alarm.h" +#include "log.h" +#include "cache.h" +#include "fds.h" + +#include <string.h> +#include <errno.h> + +#if 0 +#define dp printf +#else +#define dp(...) +#endif + +struct queue *rs_queue; +static uint32_t exp_seq; +static uint32_t window; +static uint32_t ack_from; +static int ack_from_set = 0; +static struct alarm_block alive_alarm; + +enum { + HELLO_INIT, + HELLO_SAY, + HELLO_DONE, +}; +static int hello_state = HELLO_INIT; +static int say_hello_back; + +/* XXX: alive message expiration configurable */ +#define ALIVE_INT 1 + +struct cache_ftfw { + struct queue_node qnode; + struct cache_object *obj; + uint32_t seq; +}; + +static void cache_ftfw_add(struct cache_object *obj, void *data) +{ + struct cache_ftfw *cn = data; + cn->obj = obj; + /* These nodes are not inserted in the list */ + queue_node_init(&cn->qnode, Q_ELEM_OBJ); +} + +static void cache_ftfw_del(struct cache_object *obj, void *data) +{ + struct cache_ftfw *cn = data; + queue_del(&cn->qnode); +} + +static struct cache_extra cache_ftfw_extra = { + .size = sizeof(struct cache_ftfw), + .add = cache_ftfw_add, + .destroy = cache_ftfw_del +}; + +static void nethdr_set_hello(struct nethdr *net) +{ + switch(hello_state) { + case HELLO_INIT: + hello_state = HELLO_SAY; + /* fall through */ + case HELLO_SAY: + net->flags |= NET_F_HELLO; + break; + } + if (say_hello_back) { + net->flags |= NET_F_HELLO_BACK; + say_hello_back = 0; + } +} + +static void tx_queue_add_ctlmsg(uint32_t flags, uint32_t from, uint32_t to) +{ + struct queue_object *qobj; + struct nethdr_ack *ack; + + qobj = queue_object_new(Q_ELEM_CTL, sizeof(struct nethdr_ack)); + if (qobj == NULL) + return; + + ack = (struct nethdr_ack *)qobj->data; + ack->type = NET_T_CTL; + ack->flags = flags; + ack->from = from; + ack->to = to; + + if (queue_add(STATE_SYNC(tx_queue), &qobj->qnode) < 0) + queue_object_free(qobj); +} + +static void tx_queue_add_ctlmsg2(uint32_t flags) +{ + struct queue_object *qobj; + struct nethdr *ctl; + + qobj = queue_object_new(Q_ELEM_CTL, sizeof(struct nethdr_ack)); + if (qobj == NULL) + return; + + ctl = (struct nethdr *)qobj->data; + ctl->type = NET_T_CTL; + ctl->flags = flags; + + if (queue_add(STATE_SYNC(tx_queue), &qobj->qnode) < 0) + queue_object_free(qobj); +} + +/* this function is called from the alarm framework */ +static void do_alive_alarm(struct alarm_block *a, void *data) +{ + if (ack_from_set && nethdr_track_is_seq_set()) { + /* exp_seq contains the last update received */ + tx_queue_add_ctlmsg(NET_F_ACK, + ack_from, + STATE_SYNC(last_seq_recv)); + ack_from_set = 0; + } else + tx_queue_add_ctlmsg2(NET_F_ALIVE); + + add_alarm(&alive_alarm, ALIVE_INT, 0); +} + +static int ftfw_init(void) +{ + rs_queue = queue_create("rsqueue", CONFIG(resend_queue_size), 0); + if (rs_queue == NULL) { + dlog(LOG_ERR, "cannot create rs queue"); + return -1; + } + + init_alarm(&alive_alarm, NULL, do_alive_alarm); + add_alarm(&alive_alarm, ALIVE_INT, 0); + + /* set ack window size */ + window = CONFIG(window_size); + + return 0; +} + +static void ftfw_kill(void) +{ + queue_destroy(rs_queue); +} + +static int do_cache_to_tx(void *data1, void *data2) +{ + struct cache_object *obj = data2; + struct cache_ftfw *cn = cache_get_extra(obj); + + if (queue_in(rs_queue, &cn->qnode)) { + queue_del(&cn->qnode); + queue_add(STATE_SYNC(tx_queue), &cn->qnode); + } else { + if (queue_add(STATE_SYNC(tx_queue), &cn->qnode) > 0) + cache_object_get(obj); + } + return 0; +} + +static int rs_queue_dump(struct queue_node *n, const void *data2) +{ + const int *fd = data2; + char buf[512]; + int size; + + switch(n->type) { + case Q_ELEM_CTL: { + struct nethdr *net = queue_node_data(n); + size = sprintf(buf, "control -> seq:%u flags:%u\n", + net->seq, net->flags); + break; + } + case Q_ELEM_OBJ: { + struct cache_ftfw *cn = (struct cache_ftfw *) n; + size = sprintf(buf, "object -> seq:%u\n", cn->seq); + break; + } + default: + return 0; + } + send(*fd, buf, size, 0); + return 0; +} + +static void ftfw_local_queue(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "resent queue (len=%u)\n", queue_len(rs_queue)); + send(fd, buf, size, 0); + queue_iterate(rs_queue, &fd, rs_queue_dump); +} + +static int ftfw_local(int fd, int type, void *data) +{ + int ret = LOCAL_RET_OK; + + switch(type) { + case REQUEST_DUMP: + dlog(LOG_NOTICE, "request resync"); + tx_queue_add_ctlmsg(NET_F_RESYNC, 0, 0); + break; + case SEND_BULK: + dlog(LOG_NOTICE, "sending bulk update"); + cache_iterate(STATE(mode)->internal->ct.data, + NULL, do_cache_to_tx); + cache_iterate(STATE(mode)->internal->exp.data, + NULL, do_cache_to_tx); + break; + case STATS_RSQUEUE: + ftfw_local_queue(fd); + break; + } + + return ret; +} + +static int rs_queue_to_tx(struct queue_node *n, const void *data) +{ + const struct nethdr_ack *nack = data; + + switch(n->type) { + case Q_ELEM_CTL: { + struct nethdr_ack *net = queue_node_data(n); + + if (before(net->seq, nack->from)) + return 0; /* continue */ + else if (after(net->seq, nack->to)) + return 1; /* break */ + + dp("rs_queue_to_tx sq: %u fl:%u len:%u\n", + net->seq, net->flags, net->len); + + queue_del(n); + queue_add(STATE_SYNC(tx_queue), n); + break; + } + case Q_ELEM_OBJ: { + struct cache_ftfw *cn; + + cn = (struct cache_ftfw *) n; + if (before(cn->seq, nack->from)) + return 0; + else if (after(cn->seq, nack->to)) + return 1; + + dp("resending nack'ed (oldseq=%u)\n", cn->seq); + + queue_del(n); + queue_add(STATE_SYNC(tx_queue), n); + break; + } + } + return 0; +} + +static int rs_queue_empty(struct queue_node *n, const void *data) +{ + const struct nethdr_ack *h = data; + + switch(n->type) { + case Q_ELEM_CTL: { + struct nethdr_ack *net = queue_node_data(n); + + if (h == NULL) { + queue_del(n); + queue_object_free((struct queue_object *)n); + return 0; + } + if (before(net->seq, h->from)) + return 0; /* continue */ + else if (after(net->seq, h->to)) + return 1; /* break */ + + dp("remove from queue (seq=%u)\n", net->seq); + queue_del(n); + queue_object_free((struct queue_object *)n); + break; + } + case Q_ELEM_OBJ: { + struct cache_ftfw *cn; + + cn = (struct cache_ftfw *) n; + if (h == NULL) { + queue_del(n); + cache_object_put(cn->obj); + return 0; + } + if (before(cn->seq, h->from)) + return 0; + else if (after(cn->seq, h->to)) + return 1; + + dp("queue: deleting from queue (seq=%u)\n", cn->seq); + queue_del(n); + cache_object_put(cn->obj); + break; + } + } + return 0; +} + +static int digest_msg(const struct nethdr *net) +{ + if (IS_DATA(net)) + return MSG_DATA; + + else if (IS_ACK(net)) { + const struct nethdr_ack *h = (const struct nethdr_ack *) net; + + if (before(h->to, h->from)) + return MSG_BAD; + + queue_iterate(rs_queue, h, rs_queue_empty); + return MSG_CTL; + + } else if (IS_NACK(net)) { + const struct nethdr_ack *nack = (const struct nethdr_ack *) net; + + if (before(nack->to, nack->from)) + return MSG_BAD; + + queue_iterate(rs_queue, nack, rs_queue_to_tx); + return MSG_CTL; + + } else if (IS_RESYNC(net)) { + dp("RESYNC ALL\n"); + cache_iterate(STATE(mode)->internal->ct.data, NULL, + do_cache_to_tx); + cache_iterate(STATE(mode)->internal->exp.data, NULL, + do_cache_to_tx); + return MSG_CTL; + + } else if (IS_ALIVE(net)) + return MSG_CTL; + + return MSG_BAD; +} + +static int digest_hello(const struct nethdr *net) +{ + int ret = 0; + + if (IS_HELLO(net)) { + say_hello_back = 1; + ret = 1; + } + if (IS_HELLO_BACK(net)) { + /* this is a hello back for a requested hello */ + if (hello_state == HELLO_SAY) + hello_state = HELLO_DONE; + } + + return ret; +} + +static int ftfw_recv(const struct nethdr *net) +{ + int ret = MSG_DATA; + + if (digest_hello(net)) { + /* we have received a hello while we had data to acknowledge. + * reset the window, the other doesn't know anthing about it. */ + if (ack_from_set && before(net->seq, ack_from)) { + window = CONFIG(window_size) - 1; + ack_from = net->seq; + } + + /* XXX: flush the resend queues since the other does not + * know anything about that data, we are unreliable until + * the helloing finishes */ + queue_iterate(rs_queue, NULL, rs_queue_empty); + + goto bypass; + } + + switch (nethdr_track_seq(net->seq, &exp_seq)) { + case SEQ_AFTER: + ret = digest_msg(net); + if (ret == MSG_BAD) { + ret = MSG_BAD; + goto out; + } + + if (ack_from_set) { + tx_queue_add_ctlmsg(NET_F_ACK, ack_from, exp_seq-1); + ack_from_set = 0; + } + + tx_queue_add_ctlmsg(NET_F_NACK, exp_seq, net->seq-1); + + /* count this message as part of the new window */ + window = CONFIG(window_size) - 1; + ack_from = net->seq; + ack_from_set = 1; + break; + + case SEQ_BEFORE: + /* we don't accept delayed packets */ + ret = MSG_DROP; + break; + + case SEQ_UNSET: + case SEQ_IN_SYNC: +bypass: + ret = digest_msg(net); + if (ret == MSG_BAD) { + ret = MSG_BAD; + goto out; + } + + if (!ack_from_set) { + ack_from_set = 1; + ack_from = net->seq; + } + + if (--window <= 0) { + /* received a window, send an acknowledgement */ + tx_queue_add_ctlmsg(NET_F_ACK, ack_from, net->seq); + window = CONFIG(window_size); + ack_from_set = 0; + } + } + +out: + if ((ret == MSG_DATA || ret == MSG_CTL)) + nethdr_track_update_seq(net->seq); + + return ret; +} + +static void rs_queue_purge_full(void) +{ + struct queue_node *n; + + n = queue_del_head(rs_queue); + switch(n->type) { + case Q_ELEM_CTL: { + struct queue_object *qobj = (struct queue_object *)n; + queue_object_free(qobj); + break; + } + case Q_ELEM_OBJ: { + struct cache_ftfw *cn; + + cn = (struct cache_ftfw *)n; + cache_object_put(cn->obj); + break; + } + } +} + +static int tx_queue_xmit(struct queue_node *n, const void *data) +{ + queue_del(n); + + switch(n->type) { + case Q_ELEM_CTL: { + struct nethdr *net = queue_node_data(n); + + nethdr_set_hello(net); + + if (IS_ACK(net) || IS_NACK(net) || IS_RESYNC(net)) { + nethdr_set_ack(net); + } else { + nethdr_set_ctl(net); + } + HDR_HOST2NETWORK(net); + + dp("tx_queue sq: %u fl:%u len:%u\n", + ntohl(net->seq), net->flags, ntohs(net->len)); + + multichannel_send(STATE_SYNC(channel), net); + HDR_NETWORK2HOST(net); + + if (IS_ACK(net) || IS_NACK(net) || IS_RESYNC(net)) { + if (queue_add(rs_queue, n) < 0) { + if (errno == ENOSPC) { + rs_queue_purge_full(); + queue_add(rs_queue, n); + } + } + } else + queue_object_free((struct queue_object *)n); + break; + } + case Q_ELEM_OBJ: { + struct cache_ftfw *cn; + int type; + struct nethdr *net; + + cn = (struct cache_ftfw *)n; + type = object_status_to_network_type(cn->obj); + net = cn->obj->cache->ops->build_msg(cn->obj, type); + nethdr_set_hello(net); + + dp("tx_list sq: %u fl:%u len:%u\n", + ntohl(net->seq), net->flags, ntohs(net->len)); + + multichannel_send(STATE_SYNC(channel), net); + cn->seq = ntohl(net->seq); + if (queue_add(rs_queue, &cn->qnode) < 0) { + if (errno == ENOSPC) { + rs_queue_purge_full(); + queue_add(rs_queue, &cn->qnode); + } + } + /* we release the object once we get the acknowlegment */ + break; + } + } + + return 0; +} + +static void ftfw_xmit(void) +{ + queue_iterate(STATE_SYNC(tx_queue), NULL, tx_queue_xmit); + add_alarm(&alive_alarm, ALIVE_INT, 0); + dp("tx_queue_len:%u rs_queue_len:%u\n", + queue_len(tx_queue), queue_len(rs_queue)); +} + +static void ftfw_enqueue(struct cache_object *obj, int type) +{ + struct cache_ftfw *cn = cache_get_extra(obj); + if (queue_in(rs_queue, &cn->qnode)) { + queue_del(&cn->qnode); + queue_add(STATE_SYNC(tx_queue), &cn->qnode); + } else { + if (queue_add(STATE_SYNC(tx_queue), &cn->qnode) > 0) + cache_object_get(obj); + } +} + +struct sync_mode sync_ftfw = { + .internal_cache_flags = NO_FEATURES, + .external_cache_flags = NO_FEATURES, + .internal_cache_extra = &cache_ftfw_extra, + .init = ftfw_init, + .kill = ftfw_kill, + .local = ftfw_local, + .recv = ftfw_recv, + .enqueue = ftfw_enqueue, + .xmit = ftfw_xmit, +}; diff --git a/src/sync-mode.c b/src/sync-mode.c new file mode 100644 index 0000000..10fdb9e --- /dev/null +++ b/src/sync-mode.c @@ -0,0 +1,736 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "sync.h" +#include "netlink.h" +#include "traffic_stats.h" +#include "log.h" +#include "cache.h" +#include "conntrackd.h" +#include "network.h" +#include "fds.h" +#include "event.h" +#include "queue.h" +#include "process.h" +#include "origin.h" +#include "internal.h" +#include "external.h" + +#include <errno.h> +#include <unistd.h> +#include <time.h> +#include <string.h> +#include <stdlib.h> +#include <limits.h> +#include <net/if.h> +#include <fcntl.h> + +static struct nf_conntrack *msg2ct_alloc(struct nethdr *net, size_t remain) +{ + struct nf_conntrack *ct; + + /* TODO: add stats on ENOMEM errors in the future. */ + ct = nfct_new(); + if (ct == NULL) + return NULL; + + if (msg2ct(ct, net, remain) == -1) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_payload++; + nfct_destroy(ct); + return NULL; + } + return ct; +} + +static struct nf_expect *msg2exp_alloc(struct nethdr *net, size_t remain) +{ + struct nf_expect *exp; + + /* TODO: add stats on ENOMEM errors in the future. */ + exp = nfexp_new(); + if (exp == NULL) + return NULL; + + if (msg2exp(exp, net, remain) == -1) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_payload++; + nfexp_destroy(exp); + return NULL; + } + return exp; +} + +static void +do_channel_handler_step(int i, struct nethdr *net, size_t remain) +{ + struct nf_conntrack *ct = NULL; + struct nf_expect *exp = NULL; + + if (net->version != CONNTRACKD_PROTOCOL_VERSION) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_version++; + return; + } + + switch (STATE_SYNC(sync)->recv(net)) { + case MSG_DATA: + multichannel_change_current_channel(STATE_SYNC(channel), i); + break; + case MSG_CTL: + multichannel_change_current_channel(STATE_SYNC(channel), i); + return; + case MSG_BAD: + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_header++; + return; + case MSG_DROP: + return; + default: + break; + } + + if (net->type > NET_T_STATE_MAX) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_type++; + return; + } + + switch(net->type) { + case NET_T_STATE_CT_NEW: + ct = msg2ct_alloc(net, remain); + if (ct == NULL) + return; + STATE_SYNC(external)->ct.new(ct); + break; + case NET_T_STATE_CT_UPD: + ct = msg2ct_alloc(net, remain); + if (ct == NULL) + return; + STATE_SYNC(external)->ct.upd(ct); + break; + case NET_T_STATE_CT_DEL: + ct = msg2ct_alloc(net, remain); + if (ct == NULL) + return; + STATE_SYNC(external)->ct.del(ct); + break; + case NET_T_STATE_EXP_NEW: + exp = msg2exp_alloc(net, remain); + if (exp == NULL) + return; + STATE_SYNC(external)->exp.new(exp); + break; + case NET_T_STATE_EXP_UPD: + exp = msg2exp_alloc(net, remain); + if (exp == NULL) + return; + STATE_SYNC(external)->exp.upd(exp); + break; + case NET_T_STATE_EXP_DEL: + exp = msg2exp_alloc(net, remain); + if (exp == NULL) + return; + STATE_SYNC(external)->exp.del(exp); + break; + default: + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_type++; + break; + } + if (ct != NULL) + nfct_destroy(ct); + if (exp != NULL) + nfexp_destroy(exp); +} + +static char __net[65536]; /* XXX: maximum MTU for IPv4 */ +static char *cur = __net; + +static int channel_stream(struct channel *m, const char *ptr, ssize_t remain) +{ + if (m->channel_flags & CHANNEL_F_STREAM) { + /* truncated data. */ + memcpy(__net, ptr, remain); + cur = __net + remain; + return 1; + } + return 0; +} + +/* handler for messages received */ +static int channel_handler_routine(struct channel *m, int i) +{ + ssize_t numbytes; + ssize_t remain, pending = cur - __net; + char *ptr = __net; + + numbytes = channel_recv(m, cur, sizeof(__net) - pending); + if (numbytes <= 0) + return -1; + + remain = numbytes; + if (pending) { + remain += pending; + cur = __net; + } + + while (remain > 0) { + struct nethdr *net = (struct nethdr *) ptr; + int len; + + if (remain < NETHDR_SIZ) { + if (!channel_stream(m, ptr, remain)) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_truncated++; + } + break; + } + + len = ntohs(net->len); + if (len <= 0) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_size++; + break; + } + + if (len > remain) { + if (!channel_stream(m, ptr, remain)) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_size++; + } + break; + } + + if (IS_ACK(net) || IS_NACK(net) || IS_RESYNC(net)) { + if (remain < NETHDR_ACK_SIZ) { + if (!channel_stream(m, ptr, remain)) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_truncated++; + } + break; + } + + if (len < NETHDR_ACK_SIZ) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_size++; + break; + } + } else { + if (len < NETHDR_SIZ) { + STATE_SYNC(error).msg_rcv_malformed++; + STATE_SYNC(error).msg_rcv_bad_size++; + break; + } + } + + HDR_NETWORK2HOST(net); + + do_channel_handler_step(i, net, remain); + ptr += net->len; + remain -= net->len; + } + return 0; +} + +/* handler for messages received */ +static void channel_handler(struct channel *m, int i) +{ + int k; + + for (k=0; k<CONFIG(event_iterations_limit); k++) { + if (channel_handler_routine(m, i) == -1) { + break; + } + } +} + +/* select a new interface candidate in a round robin basis */ +static void interface_candidate(void) +{ + int i, idx; + unsigned int flags; + char buf[IFNAMSIZ]; + + for (i=0; i<STATE_SYNC(channel)->channel_num; i++) { + idx = multichannel_get_ifindex(STATE_SYNC(channel), i); + if (idx == multichannel_get_current_ifindex(STATE_SYNC(channel))) + continue; + nlif_get_ifflags(STATE_SYNC(interface), idx, &flags); + if (flags & (IFF_RUNNING | IFF_UP)) { + multichannel_set_current_channel(STATE_SYNC(channel), i); + dlog(LOG_NOTICE, "device `%s' becomes " + "dedicated link", + if_indextoname(idx, buf)); + return; + } + } + dlog(LOG_ERR, "no dedicated links available!"); +} + +static void interface_handler(void) +{ + int idx = multichannel_get_current_ifindex(STATE_SYNC(channel)); + unsigned int flags; + + nlif_catch(STATE_SYNC(interface)); + nlif_get_ifflags(STATE_SYNC(interface), idx, &flags); + if (!(flags & IFF_RUNNING) || !(flags & IFF_UP)) + interface_candidate(); +} + +static void do_reset_cache_alarm(struct alarm_block *a, void *data) +{ + STATE(stats).nl_kernel_table_flush++; + dlog(LOG_NOTICE, "flushing kernel conntrack table (scheduled)"); + + /* fork a child process that performs the flush operation, + * meanwhile the parent process handles events. */ + if (fork_process_new(CTD_PROC_FLUSH, CTD_PROC_F_EXCL, + NULL, NULL) == 0) { + nl_flush_conntrack_table(STATE(flush)); + exit(EXIT_SUCCESS); + } + /* this is not required if events don't get lost */ + STATE(mode)->internal->ct.flush(); +} + +static int init_sync(void) +{ + int i; + + state.sync = malloc(sizeof(struct ct_sync_state)); + if (!state.sync) { + dlog(LOG_ERR, "can't allocate memory for sync"); + return -1; + } + memset(state.sync, 0, sizeof(struct ct_sync_state)); + + if (CONFIG(flags) & CTD_SYNC_FTFW) + STATE_SYNC(sync) = &sync_ftfw; + else if (CONFIG(flags) & CTD_SYNC_ALARM) + STATE_SYNC(sync) = &sync_alarm; + else if (CONFIG(flags) & CTD_SYNC_NOTRACK) + STATE_SYNC(sync) = &sync_notrack; + else { + fprintf(stderr, "WARNING: No synchronization mode specified. " + "Defaulting to FT-FW mode.\n"); + CONFIG(flags) |= CTD_SYNC_FTFW; + STATE_SYNC(sync) = &sync_ftfw; + } + + if (STATE_SYNC(sync)->init) + STATE_SYNC(sync)->init(); + + if (CONFIG(sync).internal_cache_disable == 0) { + STATE(mode)->internal = &internal_cache; + } else { + STATE(mode)->internal = &internal_bypass; + dlog(LOG_NOTICE, "disabling internal cache"); + + } + if (STATE(mode)->internal->init() == -1) + return -1; + + if (CONFIG(sync).external_cache_disable == 0) { + STATE_SYNC(external) = &external_cache; + } else { + STATE_SYNC(external) = &external_inject; + dlog(LOG_NOTICE, "disabling external cache"); + } + if (STATE_SYNC(external)->init() == -1) + return -1; + + if (channel_init() == -1) + return -1; + + /* channel to send events on the wire */ + STATE_SYNC(channel) = + multichannel_open(CONFIG(channel), CONFIG(channel_num)); + if (STATE_SYNC(channel) == NULL) { + dlog(LOG_ERR, "can't open channel socket"); + return -1; + } + for (i=0; i<STATE_SYNC(channel)->channel_num; i++) { + int fd = channel_get_fd(STATE_SYNC(channel)->channel[i]); + fcntl(fd, F_SETFL, O_NONBLOCK); + if (register_fd(fd, STATE(fds)) == -1) + return -1; + } + + STATE_SYNC(interface) = nl_init_interface_handler(); + if (!STATE_SYNC(interface)) { + dlog(LOG_ERR, "can't open interface watcher"); + return -1; + } + if (register_fd(nlif_fd(STATE_SYNC(interface)), STATE(fds)) == -1) + return -1; + + STATE_SYNC(tx_queue) = queue_create("txqueue", INT_MAX, QUEUE_F_EVFD); + if (STATE_SYNC(tx_queue) == NULL) { + dlog(LOG_ERR, "cannot create tx queue"); + return -1; + } + if (register_fd(queue_get_eventfd(STATE_SYNC(tx_queue)), + STATE(fds)) == -1) + return -1; + + STATE_SYNC(commit).h = nfct_open(CONFIG(netlink).subsys_id, 0); + if (STATE_SYNC(commit).h == NULL) { + dlog(LOG_ERR, "can't create handler to commit"); + return -1; + } + origin_register(STATE_SYNC(commit).h, CTD_ORIGIN_COMMIT); + + STATE_SYNC(commit).evfd = create_evfd(); + if (STATE_SYNC(commit).evfd == NULL) { + dlog(LOG_ERR, "can't create eventfd to commit"); + return -1; + } + if (register_fd(get_read_evfd(STATE_SYNC(commit).evfd), + STATE(fds)) == -1) { + return -1; + } + STATE_SYNC(commit).clientfd = -1; + + init_alarm(&STATE_SYNC(reset_cache_alarm), NULL, do_reset_cache_alarm); + + /* initialization of message sequence generation */ + STATE_SYNC(last_seq_sent) = time(NULL); + + return 0; +} + +static void channel_check(struct channel *c, int i, fd_set *readfds) +{ + /* In case that this channel is connection-oriented. */ + if (channel_accept_isset(c, readfds)) + channel_accept(c); + + /* For data handling. */ + if (channel_isset(c, readfds)) + channel_handler(c, i); +} + +static void run_sync(fd_set *readfds) +{ + int i; + + for (i=0; i<STATE_SYNC(channel)->channel_num; i++) + channel_check(STATE_SYNC(channel)->channel[i], i, readfds); + + if (FD_ISSET(queue_get_eventfd(STATE_SYNC(tx_queue)), readfds)) + STATE_SYNC(sync)->xmit(); + + if (FD_ISSET(nlif_fd(STATE_SYNC(interface)), readfds)) + interface_handler(); + + if (FD_ISSET(get_read_evfd(STATE_SYNC(commit).evfd), readfds)) { + int ret; + + read_evfd(STATE_SYNC(commit).evfd); + + ret = STATE_SYNC(commit).rq[0].cb(STATE_SYNC(commit).h, 0); + if (ret == 0) { + /* we still have things in the callback queue. */ + if (STATE_SYNC(commit).rq[1].cb) { + int fd = STATE_SYNC(commit).clientfd; + + STATE_SYNC(commit).rq[0].cb = + STATE_SYNC(commit).rq[1].cb; + + STATE_SYNC(commit).rq[1].cb = NULL; + + STATE_SYNC(commit).clientfd = -1; + STATE_SYNC(commit).rq[0].cb( + STATE_SYNC(commit).h, fd); + } else { + /* Close the client socket now, we're done. */ + close(STATE_SYNC(commit).clientfd); + STATE_SYNC(commit).clientfd = -1; + } + } + } + + /* flush pending messages */ + multichannel_send_flush(STATE_SYNC(channel)); +} + +static void kill_sync(void) +{ + STATE(mode)->internal->close(); + STATE_SYNC(external)->close(); + + multichannel_close(STATE_SYNC(channel)); + + nlif_close(STATE_SYNC(interface)); + + queue_destroy(STATE_SYNC(tx_queue)); + + channel_end(); + + origin_unregister(STATE_SYNC(commit).h); + nfct_close(STATE_SYNC(commit).h); + destroy_evfd(STATE_SYNC(commit).evfd); + + if (STATE_SYNC(sync)->kill) + STATE_SYNC(sync)->kill(); +} + +static void dump_stats_sync(int fd) +{ + char buf[512]; + int size; + + size = sprintf(buf, "message tracking:\n" + "%20llu Malformed msgs " + "%20llu Lost msgs\n\n", + (unsigned long long)STATE_SYNC(error).msg_rcv_malformed, + (unsigned long long)STATE_SYNC(error).msg_rcv_lost); + + send(fd, buf, size, 0); +} + +static void dump_stats_sync_extended(int fd) +{ + char buf[512]; + int size; + + size = snprintf(buf, sizeof(buf), + "network statistics:\n" + "\trecv:\n" + "\t\tMalformed messages:\t%20llu\n" + "\t\tWrong protocol version:\t%20u\n" + "\t\tMalformed header:\t%20u\n" + "\t\tMalformed payload:\t%20u\n" + "\t\tBad message type:\t%20u\n" + "\t\tTruncated message:\t%20u\n" + "\t\tBad message size:\t%20u\n" + "\tsend:\n" + "\t\tMalformed messages:\t%20u\n\n" + "sequence tracking statistics:\n" + "\trecv:\n" + "\t\tPackets lost:\t\t%20llu\n" + "\t\tPackets before:\t\t%20llu\n\n", + (unsigned long long)STATE_SYNC(error).msg_rcv_malformed, + STATE_SYNC(error).msg_rcv_bad_version, + STATE_SYNC(error).msg_rcv_bad_header, + STATE_SYNC(error).msg_rcv_bad_payload, + STATE_SYNC(error).msg_rcv_bad_type, + STATE_SYNC(error).msg_rcv_truncated, + STATE_SYNC(error).msg_rcv_bad_size, + STATE_SYNC(error).msg_snd_malformed, + (unsigned long long)STATE_SYNC(error).msg_rcv_lost, + (unsigned long long)STATE_SYNC(error).msg_rcv_before); + + send(fd, buf, size, 0); +} + +static int local_commit(int fd) +{ + int ret; + + /* delete the reset alarm if any before committing */ + del_alarm(&STATE_SYNC(reset_cache_alarm)); + + ret = STATE_SYNC(commit).rq[0].cb(STATE_SYNC(commit).h, fd); + if (ret == -1) { + dlog(LOG_NOTICE, "commit already in progress, skipping"); + ret = LOCAL_RET_OK; + } else if (ret == 0) { + /* we've finished the commit. */ + ret = LOCAL_RET_OK; + } else { + /* Keep open the client, we want synchronous commit. */ + ret = LOCAL_RET_STOLEN; + } + return ret; +} + +/* handler for requests coming via UNIX socket */ +static int local_handler_sync(int fd, int type, void *data) +{ + int ret = LOCAL_RET_OK; + + switch(type) { + case CT_DUMP_INTERNAL: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE(mode)->internal->ct.dump(fd, NFCT_O_PLAIN); + exit(EXIT_SUCCESS); + } + break; + case CT_DUMP_EXTERNAL: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE_SYNC(external)->ct.dump(fd, NFCT_O_PLAIN); + exit(EXIT_SUCCESS); + } + break; + case CT_DUMP_INT_XML: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE(mode)->internal->ct.dump(fd, NFCT_O_XML); + exit(EXIT_SUCCESS); + } + break; + case CT_DUMP_EXT_XML: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE_SYNC(external)->ct.dump(fd, NFCT_O_XML); + exit(EXIT_SUCCESS); + } + break; + case CT_COMMIT: + dlog(LOG_NOTICE, "committing conntrack cache"); + STATE_SYNC(commit).rq[0].cb = STATE_SYNC(external)->ct.commit; + STATE_SYNC(commit).rq[1].cb = NULL; + ret = local_commit(fd); + break; + case RESET_TIMERS: + if (!alarm_pending(&STATE_SYNC(reset_cache_alarm))) { + dlog(LOG_NOTICE, "flushing conntrack table in %d secs", + CONFIG(purge_timeout)); + add_alarm(&STATE_SYNC(reset_cache_alarm), + CONFIG(purge_timeout), 0); + } + break; + case CT_FLUSH_CACHE: + /* inmediate flush, remove pending flush scheduled if any */ + del_alarm(&STATE_SYNC(reset_cache_alarm)); + dlog(LOG_NOTICE, "flushing caches"); + STATE(mode)->internal->ct.flush(); + STATE_SYNC(external)->ct.flush(); + break; + case CT_FLUSH_INT_CACHE: + /* inmediate flush, remove pending flush scheduled if any */ + del_alarm(&STATE_SYNC(reset_cache_alarm)); + dlog(LOG_NOTICE, "flushing internal cache"); + STATE(mode)->internal->ct.flush(); + break; + case CT_FLUSH_EXT_CACHE: + dlog(LOG_NOTICE, "flushing external cache"); + STATE_SYNC(external)->ct.flush(); + break; + case KILL: + killer(0); + break; + case STATS: + STATE(mode)->internal->ct.stats(fd); + STATE_SYNC(external)->ct.stats(fd); + dump_traffic_stats(fd); + multichannel_stats(STATE_SYNC(channel), fd); + dump_stats_sync(fd); + break; + case STATS_NETWORK: + dump_stats_sync_extended(fd); + multichannel_stats(STATE_SYNC(channel), fd); + break; + case STATS_CACHE: + STATE(mode)->internal->ct.stats_ext(fd); + STATE_SYNC(external)->ct.stats_ext(fd); + break; + case STATS_LINK: + multichannel_stats_extended(STATE_SYNC(channel), + STATE_SYNC(interface), fd); + break; + case STATS_QUEUE: + queue_stats_show(fd); + break; + case EXP_STATS: + if (!(CONFIG(flags) & CTD_EXPECT)) + break; + + STATE(mode)->internal->exp.stats(fd); + STATE_SYNC(external)->exp.stats(fd); + dump_traffic_stats(fd); + multichannel_stats(STATE_SYNC(channel), fd); + dump_stats_sync(fd); + break; + case EXP_DUMP_INTERNAL: + if (!(CONFIG(flags) & CTD_EXPECT)) + break; + + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE(mode)->internal->exp.dump(fd, NFCT_O_PLAIN); + exit(EXIT_SUCCESS); + } + break; + case EXP_DUMP_EXTERNAL: + if (!(CONFIG(flags) & CTD_EXPECT)) + break; + + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE_SYNC(external)->exp.dump(fd, NFCT_O_PLAIN); + exit(EXIT_SUCCESS); + } + break; + case EXP_COMMIT: + if (!(CONFIG(flags) & CTD_EXPECT)) + break; + + dlog(LOG_NOTICE, "committing expectation cache"); + STATE_SYNC(commit).rq[0].cb = STATE_SYNC(external)->exp.commit; + STATE_SYNC(commit).rq[1].cb = NULL; + local_commit(fd); + break; + case ALL_FLUSH_CACHE: + dlog(LOG_NOTICE, "flushing caches"); + STATE(mode)->internal->ct.flush(); + STATE_SYNC(external)->ct.flush(); + if (CONFIG(flags) & CTD_EXPECT) { + STATE(mode)->internal->exp.flush(); + STATE_SYNC(external)->exp.flush(); + } + break; + case ALL_COMMIT: + dlog(LOG_NOTICE, "committing all external caches"); + STATE_SYNC(commit).rq[0].cb = STATE_SYNC(external)->ct.commit; + if (CONFIG(flags) & CTD_EXPECT) { + STATE_SYNC(commit).rq[1].cb = + STATE_SYNC(external)->exp.commit; + } else { + STATE_SYNC(commit).rq[1].cb = NULL; + } + local_commit(fd); + break; + case EXP_DUMP_INT_XML: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE(mode)->internal->exp.dump(fd, NFCT_O_XML); + exit(EXIT_SUCCESS); + } + break; + case EXP_DUMP_EXT_XML: + if (fork_process_new(CTD_PROC_ANY, 0, NULL, NULL) == 0) { + STATE_SYNC(external)->exp.dump(fd, NFCT_O_XML); + exit(EXIT_SUCCESS); + } + break; + default: + if (STATE_SYNC(sync)->local) + ret = STATE_SYNC(sync)->local(fd, type, data); + break; + } + + return ret; +} + +struct ct_mode sync_mode = { + .init = init_sync, + .run = run_sync, + .local = local_handler_sync, + .kill = kill_sync, + /* the internal handler is set in run-time. */ +}; diff --git a/src/sync-notrack.c b/src/sync-notrack.c new file mode 100644 index 0000000..a7df4e7 --- /dev/null +++ b/src/sync-notrack.c @@ -0,0 +1,269 @@ +/* + * (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2011 by Vyatta Inc. <http://www.vyatta.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "conntrackd.h" +#include "sync.h" +#include "queue.h" +#include "network.h" +#include "log.h" +#include "cache.h" +#include "fds.h" + +#include <string.h> + +static struct alarm_block alive_alarm; + +/* XXX: alive message expiration configurable */ +#define ALIVE_INT 1 + +struct cache_notrack { + struct queue_node qnode; + struct cache_object *obj; +}; + +static void cache_notrack_add(struct cache_object *obj, void *data) +{ + struct cache_notrack *cn = data; + queue_node_init(&cn->qnode, Q_ELEM_OBJ); + cn->obj = obj; +} + +static void cache_notrack_del(struct cache_object *obj, void *data) +{ + struct cache_notrack *cn = data; + queue_del(&cn->qnode); +} + +static struct cache_extra cache_notrack_extra = { + .size = sizeof(struct cache_notrack), + .add = cache_notrack_add, + .destroy = cache_notrack_del +}; + +static void tx_queue_add_ctlmsg(uint32_t flags, uint32_t from, uint32_t to) +{ + struct queue_object *qobj; + struct nethdr_ack *ack; + + qobj = queue_object_new(Q_ELEM_CTL, sizeof(struct nethdr_ack)); + if (qobj == NULL) + return; + + ack = (struct nethdr_ack *)qobj->data; + ack->type = NET_T_CTL; + ack->flags = flags; + ack->from = from; + ack->to = to; + + if (queue_add(STATE_SYNC(tx_queue), &qobj->qnode) < 0) + queue_object_free(qobj); +} + +static int do_cache_to_tx(void *data1, void *data2) +{ + struct cache_object *obj = data2; + struct cache_notrack *cn = cache_get_extra(obj); + if (queue_add(STATE_SYNC(tx_queue), &cn->qnode) > 0) + cache_object_get(obj); + return 0; +} + +static int kernel_resync_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data) +{ + struct nethdr *net; + + net = BUILD_NETMSG_FROM_CT(ct, NET_T_STATE_CT_NEW); + multichannel_send(STATE_SYNC(channel), net); + + return NFCT_CB_CONTINUE; +} + +/* Only used if the internal cache is disabled. */ +static void kernel_resync(void) +{ + struct nfct_handle *h; + u_int32_t family = AF_UNSPEC; + int ret; + + h = nfct_open(CONFIG(netlink).subsys_id, 0); + if (h == NULL) { + dlog(LOG_ERR, "can't allocate memory for the internal cache"); + return; + } + nfct_callback_register(h, NFCT_T_ALL, kernel_resync_cb, NULL); + ret = nfct_query(h, NFCT_Q_DUMP, &family); + if (ret == -1) { + dlog(LOG_ERR, "can't dump kernel table"); + } + nfct_close(h); +} + +static int notrack_local(int fd, int type, void *data) +{ + int ret = LOCAL_RET_OK; + + switch(type) { + case REQUEST_DUMP: + dlog(LOG_NOTICE, "request resync"); + tx_queue_add_ctlmsg(NET_F_RESYNC, 0, 0); + break; + case SEND_BULK: + dlog(LOG_NOTICE, "sending bulk update"); + if (CONFIG(sync).internal_cache_disable) { + kernel_resync(); + } else { + cache_iterate(STATE(mode)->internal->ct.data, + NULL, do_cache_to_tx); + cache_iterate(STATE(mode)->internal->exp.data, + NULL, do_cache_to_tx); + } + break; + default: + ret = 0; + break; + } + + return ret; +} + +static int digest_msg(const struct nethdr *net) +{ + if (IS_DATA(net)) + return MSG_DATA; + + if (IS_RESYNC(net)) { + if (CONFIG(sync).internal_cache_disable) { + kernel_resync(); + } else { + cache_iterate(STATE(mode)->internal->ct.data, + NULL, do_cache_to_tx); + cache_iterate(STATE(mode)->internal->exp.data, + NULL, do_cache_to_tx); + } + return MSG_CTL; + } + + if (IS_ALIVE(net)) + return MSG_CTL; + + return MSG_BAD; +} + +static int notrack_recv(const struct nethdr *net) +{ + int ret; + unsigned int exp_seq; + + nethdr_track_seq(net->seq, &exp_seq); + + ret = digest_msg(net); + + if (ret != MSG_BAD) + nethdr_track_update_seq(net->seq); + + return ret; +} + +static int tx_queue_xmit(struct queue_node *n, const void *data2) +{ + switch (n->type) { + case Q_ELEM_CTL: { + struct nethdr *net = queue_node_data(n); + if (IS_RESYNC(net)) + nethdr_set_ack(net); + else + nethdr_set_ctl(net); + HDR_HOST2NETWORK(net); + multichannel_send(STATE_SYNC(channel), net); + queue_del(n); + queue_object_free((struct queue_object *)n); + break; + } + case Q_ELEM_OBJ: { + struct cache_notrack *cn; + int type; + struct nethdr *net; + + cn = (struct cache_notrack *)n; + type = object_status_to_network_type(cn->obj); + net = cn->obj->cache->ops->build_msg(cn->obj, type); + + multichannel_send(STATE_SYNC(channel), net); + queue_del(n); + cache_object_put(cn->obj); + break; + } + } + return 0; +} + +static void notrack_xmit(void) +{ + queue_iterate(STATE_SYNC(tx_queue), NULL, tx_queue_xmit); + add_alarm(&alive_alarm, ALIVE_INT, 0); +} + +static void notrack_enqueue(struct cache_object *obj, int query) +{ + struct cache_notrack *cn = cache_get_extra(obj); + if (queue_add(STATE_SYNC(tx_queue), &cn->qnode) > 0) + cache_object_get(obj); +} + +static void tx_queue_add_ctlmsg2(uint32_t flags) +{ + struct queue_object *qobj; + struct nethdr *ctl; + + qobj = queue_object_new(Q_ELEM_CTL, sizeof(struct nethdr_ack)); + if (qobj == NULL) + return; + + ctl = (struct nethdr *)qobj->data; + ctl->type = NET_T_CTL; + ctl->flags = flags; + + if (queue_add(STATE_SYNC(tx_queue), &qobj->qnode) < 0) + queue_object_free(qobj); +} + +static void do_alive_alarm(struct alarm_block *a, void *data) +{ + tx_queue_add_ctlmsg2(NET_F_ALIVE); + add_alarm(&alive_alarm, ALIVE_INT, 0); +} + +static int notrack_init(void) +{ + init_alarm(&alive_alarm, NULL, do_alive_alarm); + add_alarm(&alive_alarm, ALIVE_INT, 0); + return 0; +} + +struct sync_mode sync_notrack = { + .internal_cache_flags = NO_FEATURES, + .external_cache_flags = NO_FEATURES, + .internal_cache_extra = &cache_notrack_extra, + .init = notrack_init, + .local = notrack_local, + .recv = notrack_recv, + .enqueue = notrack_enqueue, + .xmit = notrack_xmit, +}; diff --git a/src/tcp.c b/src/tcp.c new file mode 100644 index 0000000..c551c54 --- /dev/null +++ b/src/tcp.c @@ -0,0 +1,457 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * TCP support has been sponsored by 6WIND <www.6wind.com>. + */ + +#include "tcp.h" + +#include <stdio.h> +#include <stdlib.h> +#include <arpa/inet.h> +#include <unistd.h> +#include <string.h> +#include <sys/ioctl.h> +#include <net/if.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> + +#include "conntrackd.h" +#include "fds.h" + +struct tcp_sock *tcp_server_create(struct tcp_conf *c) +{ + int yes = 1, ret; + struct tcp_sock *m; + socklen_t socklen = sizeof(int); + + m = calloc(sizeof(struct tcp_sock), 1); + if (m == NULL) + return NULL; + + m->conf = c; + + switch(c->ipproto) { + case AF_INET: + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(c->port); + m->addr.ipv4.sin_addr = c->server.ipv4.inet_addr; + m->sockaddr_len = sizeof(struct sockaddr_in); + break; + + case AF_INET6: + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(c->port); + m->addr.ipv6.sin6_addr = c->server.ipv6.inet_addr6; + m->addr.ipv6.sin6_scope_id = c->server.ipv6.scope_id; + m->sockaddr_len = sizeof(struct sockaddr_in6); + break; + } + + m->fd = socket(c->ipproto, SOCK_STREAM, 0); + if (m->fd == -1) { + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_REUSEADDR, &yes, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_KEEPALIVE, &yes, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + +#ifndef SO_RCVBUFFORCE +#define SO_RCVBUFFORCE 33 +#endif + + if (c->rcvbuf && + setsockopt(m->fd, SOL_SOCKET, SO_RCVBUFFORCE, &c->rcvbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + free(m); + return NULL; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_RCVBUF, &c->rcvbuf, &socklen); + + if (bind(m->fd, (struct sockaddr *) &m->addr, m->sockaddr_len) == -1) { + close(m->fd); + free(m); + return NULL; + } + + if (listen(m->fd, 1) == -1) { + close(m->fd); + free(m); + return NULL; + } + + if (fcntl(m->fd, F_SETFL, O_NONBLOCK) == -1) { + close(m->fd); + free(m); + return NULL; + } + + /* now we accept new connections ... */ + ret = accept(m->fd, NULL, NULL); + if (ret == -1) { + if (errno != EAGAIN) { + /* unexpected error, give up. */ + close(m->fd); + free(m); + m = NULL; + } else { + /* still in progress ... we'll do it in tcp_recv() */ + m->state = TCP_SERVER_ACCEPTING; + } + } else { + /* very unlikely at this stage. */ + if (fcntl(ret, F_SETFL, O_NONBLOCK) == -1) { + /* unexpected error, give up. */ + close(m->fd); + free(m); + return NULL; + } + m->client_fd = ret; + m->state = TCP_SERVER_CONNECTED; + register_fd(m->client_fd, STATE(fds)); + } + + return m; +} + +void tcp_server_destroy(struct tcp_sock *m) +{ + close(m->fd); + free(m); +} + +static int +tcp_client_init(struct tcp_sock *m, struct tcp_conf *c) +{ + int ret = 0; + socklen_t socklen = sizeof(int); + + m->fd = socket(c->ipproto, SOCK_STREAM, 0); + if (m->fd == -1) + return -1; + + if (setsockopt(m->fd, SOL_SOCKET, SO_NO_CHECK, &c->checksum, + sizeof(int)) == -1) { + close(m->fd); + return -1; + } + +#ifndef SO_SNDBUFFORCE +#define SO_SNDBUFFORCE 32 +#endif + + if (c->sndbuf && + setsockopt(m->fd, SOL_SOCKET, SO_SNDBUFFORCE, &c->sndbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + return -1; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_SNDBUF, &c->sndbuf, &socklen); + + switch(c->ipproto) { + case AF_INET: + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(c->port); + m->addr.ipv4.sin_addr = c->client.inet_addr; + m->sockaddr_len = sizeof(struct sockaddr_in); + break; + case AF_INET6: + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(c->port); + memcpy(&m->addr.ipv6.sin6_addr, &c->client.inet_addr6, + sizeof(struct in6_addr)); + m->sockaddr_len = sizeof(struct sockaddr_in6); + break; + default: + ret = -1; + break; + } + + if (ret == -1) { + close(m->fd); + return -1; + } + + if (fcntl(m->fd, F_SETFL, O_NONBLOCK) == -1) { + close(m->fd); + return -1; + } + + ret = connect(m->fd, (struct sockaddr *)&m->addr, m->sockaddr_len); + if (ret == -1) { + if (errno == EINPROGRESS) { + /* connection in progress ... */ + m->state = TCP_CLIENT_DISCONNECTED; + } else if (errno == ECONNREFUSED) { + /* connection refused. */ + m->state = TCP_CLIENT_DISCONNECTED; + } else { + /* unexpected error, give up. */ + close(m->fd); + return -1; + } + } else { + /* very unlikely at this stage. */ + m->state = TCP_CLIENT_CONNECTED; + } + return 0; +} + +/* We use this to rate-limit the amount of connect() calls per second. */ +static struct alarm_block tcp_connect_alarm; +static void tcp_connect_alarm_cb(struct alarm_block *a, void *data) {} + +struct tcp_sock *tcp_client_create(struct tcp_conf *c) +{ + struct tcp_sock *m; + + m = calloc(sizeof(struct tcp_sock), 1); + if (m == NULL) + return NULL; + + m->conf = c; + + if (tcp_client_init(m, c) == -1) { + free(m); + return NULL; + } + + init_alarm(&tcp_connect_alarm, NULL, tcp_connect_alarm_cb); + + return m; +} + +void tcp_client_destroy(struct tcp_sock *m) +{ + close(m->fd); + free(m); +} + +int tcp_accept(struct tcp_sock *m) +{ + int ret; + + /* we got an attempt to connect but we already have a client? */ + if (m->state != TCP_SERVER_ACCEPTING) { + /* clear the session and restart ... */ + unregister_fd(m->client_fd, STATE(fds)); + close(m->client_fd); + m->client_fd = -1; + m->state = TCP_SERVER_ACCEPTING; + } + + /* the other peer wants to connect ... */ + ret = accept(m->fd, NULL, NULL); + if (ret == -1) { + if (errno != EAGAIN) { + /* unexpected error. Give us another try. */ + m->state = TCP_SERVER_ACCEPTING; + } else { + /* waiting for new connections. */ + m->state = TCP_SERVER_ACCEPTING; + } + } else { + /* the peer finally got connected. */ + if (fcntl(ret, F_SETFL, O_NONBLOCK) == -1) { + /* close the connection and give us another chance. */ + close(ret); + return -1; + } + + m->client_fd = ret; + m->state = TCP_SERVER_CONNECTED; + register_fd(m->client_fd, STATE(fds)); + } + return m->client_fd; +} + +#define TCP_CONNECT_TIMEOUT 1 + +ssize_t tcp_send(struct tcp_sock *m, const void *data, int size) +{ + ssize_t ret = 0; + + switch(m->state) { + case TCP_CLIENT_DISCONNECTED: + /* We rate-limit the amount of connect() calls. */ + if (alarm_pending(&tcp_connect_alarm)) { + ret = -1; + break; + } + add_alarm(&tcp_connect_alarm, TCP_CONNECT_TIMEOUT, 0); + ret = connect(m->fd, (struct sockaddr *)&m->addr, + m->sockaddr_len); + if (ret == -1) { + if (errno == EINPROGRESS || errno == EALREADY) { + /* connection in progress or already trying. */ + m->state = TCP_CLIENT_DISCONNECTED; + } else if (errno == ECONNREFUSED) { + /* connection refused. */ + m->state = TCP_CLIENT_DISCONNECTED; + m->stats.error++; + } else { + /* unexpected error, give up. */ + m->state = TCP_CLIENT_DISCONNECTED; + m->stats.error++; + } + break; + } else { + /* we got connected :) */ + m->state = TCP_CLIENT_CONNECTED; + } + case TCP_CLIENT_CONNECTED: + ret = sendto(m->fd, data, size, 0, + (struct sockaddr *) &m->addr, m->sockaddr_len); + if (ret == -1) { + if (errno == EPIPE || errno == ECONNRESET) { + close(m->fd); + tcp_client_init(m, m->conf); + m->state = TCP_CLIENT_DISCONNECTED; + m->stats.error++; + } else { + m->stats.error++; + return -1; + } + } + } + + if (ret >= 0) { + m->stats.bytes += ret; + m->stats.messages++; + } + return ret; +} + +ssize_t tcp_recv(struct tcp_sock *m, void *data, int size) +{ + ssize_t ret = 0; + socklen_t sin_size = sizeof(struct sockaddr_in); + + /* we are not connected, skip. */ + if (m->state != TCP_SERVER_CONNECTED) + return 0; + + ret = recvfrom(m->client_fd, data, size, 0, + (struct sockaddr *)&m->addr, &sin_size); + if (ret == -1) { + /* the other peer has disconnected... */ + if (errno == ENOTCONN) { + unregister_fd(m->client_fd, STATE(fds)); + close(m->client_fd); + m->client_fd = -1; + m->state = TCP_SERVER_ACCEPTING; + tcp_accept(m); + } else if (errno != EAGAIN) { + m->stats.error++; + } + } else if (ret == 0) { + /* the other peer has closed the connection... */ + unregister_fd(m->client_fd, STATE(fds)); + close(m->client_fd); + m->client_fd = -1; + m->state = TCP_SERVER_ACCEPTING; + tcp_accept(m); + } + + if (ret >= 0) { + m->stats.bytes += ret; + m->stats.messages++; + } + return ret; +} + +int tcp_get_fd(struct tcp_sock *m) +{ + return m->fd; +} + +int tcp_isset(struct tcp_sock *m, fd_set *readfds) +{ + return m->client_fd >= 0 ? FD_ISSET(m->client_fd, readfds) : 0; +} + +int tcp_accept_isset(struct tcp_sock *m, fd_set *readfds) +{ + return FD_ISSET(m->fd, readfds); +} + +int +tcp_snprintf_stats(char *buf, size_t buflen, char *ifname, + struct tcp_sock *client, struct tcp_sock *server) +{ + size_t size; + struct tcp_stats *s = &client->stats, *r = &server->stats; + + size = snprintf(buf, buflen, "TCP traffic (active device=%s) " + "server=%s client=%s:\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, + server->state == TCP_SERVER_CONNECTED ? + "connected" : "disconnected", + client->state == TCP_CLIENT_CONNECTED ? + "connected" : "disconnected", + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} + +int +tcp_snprintf_stats2(char *buf, size_t buflen, const char *ifname, + const char *status, int active, + struct tcp_stats *s, struct tcp_stats *r) +{ + size_t size; + + size = snprintf(buf, buflen, + "TCP traffic device=%s status=%s role=%s:\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, status, active ? "ACTIVE" : "BACKUP", + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} diff --git a/src/traffic_stats.c b/src/traffic_stats.c new file mode 100644 index 0000000..6535527 --- /dev/null +++ b/src/traffic_stats.c @@ -0,0 +1,47 @@ +/* + * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "traffic_stats.h" +#include "conntrackd.h" + +void update_traffic_stats(struct nf_conntrack *ct) +{ + STATE(stats).bytes_orig += + nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_BYTES); + STATE(stats).bytes_repl += + nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_BYTES); + STATE(stats).packets_orig += + nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_PACKETS); + STATE(stats).packets_repl += + nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_PACKETS); +} + +void dump_traffic_stats(int fd) +{ + char buf[512]; + int size; + uint64_t bytes = STATE(stats).bytes_orig + STATE(stats).bytes_repl; + uint64_t packets = STATE(stats).packets_orig + + STATE(stats).packets_repl; + + size = sprintf(buf, "traffic processed:\n"); + size += sprintf(buf+size, "%20llu Bytes ", (unsigned long long)bytes); + size += sprintf(buf+size, "%20llu Pckts\n\n", (unsigned long long)packets); + + send(fd, buf, size, 0); +} diff --git a/src/udp.c b/src/udp.c new file mode 100644 index 0000000..ecaa46e --- /dev/null +++ b/src/udp.c @@ -0,0 +1,268 @@ +/* + * (C) 2009 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include "udp.h" + +#include <stdio.h> +#include <stdlib.h> +#include <arpa/inet.h> +#include <unistd.h> +#include <string.h> +#include <sys/ioctl.h> +#include <net/if.h> +#include <errno.h> +#include <limits.h> + +struct udp_sock *udp_server_create(struct udp_conf *conf) +{ + int yes = 1; + struct udp_sock *m; + socklen_t socklen = sizeof(int); + + m = calloc(sizeof(struct udp_sock), 1); + if (m == NULL) + return NULL; + + switch(conf->ipproto) { + case AF_INET: + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(conf->port); + m->addr.ipv4.sin_addr = conf->server.ipv4.inet_addr; + m->sockaddr_len = sizeof(struct sockaddr_in); + break; + + case AF_INET6: + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(conf->port); + m->addr.ipv6.sin6_addr = conf->server.ipv6.inet_addr6; + m->addr.ipv6.sin6_scope_id = conf->server.ipv6.scope_id; + m->sockaddr_len = sizeof(struct sockaddr_in6); + break; + } + + m->fd = socket(conf->ipproto, SOCK_DGRAM, 0); + if (m->fd == -1) { + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_REUSEADDR, &yes, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + +#ifndef SO_RCVBUFFORCE +#define SO_RCVBUFFORCE 33 +#endif + + if (conf->rcvbuf && + setsockopt(m->fd, SOL_SOCKET, SO_RCVBUFFORCE, &conf->rcvbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + free(m); + return NULL; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_RCVBUF, &conf->rcvbuf, &socklen); + + if (bind(m->fd, (struct sockaddr *) &m->addr, m->sockaddr_len) == -1) { + close(m->fd); + free(m); + return NULL; + } + + return m; +} + +void udp_server_destroy(struct udp_sock *m) +{ + close(m->fd); + free(m); +} + +struct udp_sock *udp_client_create(struct udp_conf *conf) +{ + int ret = 0; + struct udp_sock *m; + socklen_t socklen = sizeof(int); + + m = calloc(sizeof(struct udp_sock), 1); + if (m == NULL) + return NULL; + + m->fd = socket(conf->ipproto, SOCK_DGRAM, 0); + if (m->fd == -1) { + free(m); + return NULL; + } + + if (setsockopt(m->fd, SOL_SOCKET, SO_NO_CHECK, &conf->checksum, + sizeof(int)) == -1) { + close(m->fd); + free(m); + return NULL; + } + +#ifndef SO_SNDBUFFORCE +#define SO_SNDBUFFORCE 32 +#endif + + if (conf->sndbuf && + setsockopt(m->fd, SOL_SOCKET, SO_SNDBUFFORCE, &conf->sndbuf, + sizeof(int)) == -1) { + /* not supported in linux kernel < 2.6.14 */ + if (errno != ENOPROTOOPT) { + close(m->fd); + free(m); + return NULL; + } + } + + getsockopt(m->fd, SOL_SOCKET, SO_SNDBUF, &conf->sndbuf, &socklen); + + switch(conf->ipproto) { + case AF_INET: + m->addr.ipv4.sin_family = AF_INET; + m->addr.ipv4.sin_port = htons(conf->port); + m->addr.ipv4.sin_addr = conf->client.inet_addr; + m->sockaddr_len = sizeof(struct sockaddr_in); + break; + case AF_INET6: + m->addr.ipv6.sin6_family = AF_INET6; + m->addr.ipv6.sin6_port = htons(conf->port); + memcpy(&m->addr.ipv6.sin6_addr, &conf->client.inet_addr6, + sizeof(struct in6_addr)); + m->sockaddr_len = sizeof(struct sockaddr_in6); + break; + default: + ret = -1; + break; + } + + if (ret == -1) { + close(m->fd); + free(m); + m = NULL; + } + + return m; +} + +void udp_client_destroy(struct udp_sock *m) +{ + close(m->fd); + free(m); +} + +ssize_t udp_send(struct udp_sock *m, const void *data, int size) +{ + ssize_t ret; + + ret = sendto(m->fd, + data, + size, + 0, + (struct sockaddr *) &m->addr, + m->sockaddr_len); + if (ret == -1) { + m->stats.error++; + return ret; + } + + m->stats.bytes += ret; + m->stats.messages++; + + return ret; +} + +ssize_t udp_recv(struct udp_sock *m, void *data, int size) +{ + ssize_t ret; + socklen_t sin_size = sizeof(struct sockaddr_in); + + ret = recvfrom(m->fd, + data, + size, + 0, + (struct sockaddr *)&m->addr, + &sin_size); + if (ret == -1) { + if (errno != EAGAIN) + m->stats.error++; + return ret; + } + + m->stats.bytes += ret; + m->stats.messages++; + + return ret; +} + +int udp_get_fd(struct udp_sock *m) +{ + return m->fd; +} + +int udp_isset(struct udp_sock *m, fd_set *readfds) +{ + return FD_ISSET(m->fd, readfds); +} + +int +udp_snprintf_stats(char *buf, size_t buflen, char *ifname, + struct udp_stats *s, struct udp_stats *r) +{ + size_t size; + + size = snprintf(buf, buflen, "UDP traffic (active device=%s):\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} + +int +udp_snprintf_stats2(char *buf, size_t buflen, const char *ifname, + const char *status, int active, + struct udp_stats *s, struct udp_stats *r) +{ + size_t size; + + size = snprintf(buf, buflen, + "UDP traffic device=%s status=%s role=%s:\n" + "%20llu Bytes sent " + "%20llu Bytes recv\n" + "%20llu Pckts sent " + "%20llu Pckts recv\n" + "%20llu Error send " + "%20llu Error recv\n\n", + ifname, status, active ? "ACTIVE" : "BACKUP", + (unsigned long long)s->bytes, + (unsigned long long)r->bytes, + (unsigned long long)s->messages, + (unsigned long long)r->messages, + (unsigned long long)s->error, + (unsigned long long)r->error); + return size; +} diff --git a/src/vector.c b/src/vector.c new file mode 100644 index 0000000..c81e7ce --- /dev/null +++ b/src/vector.c @@ -0,0 +1,88 @@ +/* + * (C) 2006-2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "vector.h" + +#include <stdlib.h> +#include <string.h> + +struct vector { + char *data; + unsigned int cur_elems; + unsigned int max_elems; + size_t size; +}; + +#define DEFAULT_VECTOR_MEMBERS 8 +#define DEFAULT_VECTOR_GROWTH 8 + +struct vector *vector_create(size_t size) +{ + struct vector *v; + + v = calloc(sizeof(struct vector), 1); + if (v == NULL) + return NULL; + + v->size = size; + v->cur_elems = 0; + v->max_elems = DEFAULT_VECTOR_MEMBERS; + + v->data = calloc(size * DEFAULT_VECTOR_MEMBERS, 1); + if (v->data == NULL) { + free(v); + return NULL; + } + + return v; +} + +void vector_destroy(struct vector *v) +{ + free(v->data); + free(v); +} + +int vector_add(struct vector *v, void *data) +{ + if (v->cur_elems >= v->max_elems) { + v->max_elems += DEFAULT_VECTOR_GROWTH; + v->data = realloc(v->data, v->max_elems * v->size); + if (v->data == NULL) { + v->max_elems -= DEFAULT_VECTOR_GROWTH; + return -1; + } + } + memcpy(v->data + (v->size * v->cur_elems), data, v->size); + v->cur_elems++; + return 0; +} + +int vector_iterate(struct vector *v, + const void *data, + int (*fcn)(const void *a, const void *b)) +{ + unsigned int i; + + for (i=0; i<v->cur_elems; i++) { + char *ptr = v->data + (v->size * i); + if (fcn(ptr, data)) + return 1; + } + return 0; +} |