summaryrefslogtreecommitdiff
path: root/programs/starter
diff options
context:
space:
mode:
Diffstat (limited to 'programs/starter')
-rw-r--r--programs/starter/Makefile182
-rw-r--r--programs/starter/README104
-rw-r--r--programs/starter/args.c623
-rw-r--r--programs/starter/args.h34
-rw-r--r--programs/starter/cmp.c105
-rw-r--r--programs/starter/cmp.h29
-rw-r--r--programs/starter/confread.c908
-rw-r--r--programs/starter/confread.h200
-rw-r--r--programs/starter/exec.c54
-rw-r--r--programs/starter/exec.h23
-rw-r--r--programs/starter/files.h47
-rw-r--r--programs/starter/interfaces.c582
-rw-r--r--programs/starter/interfaces.h41
-rw-r--r--programs/starter/invokepluto.c286
-rw-r--r--programs/starter/invokepluto.h28
-rw-r--r--programs/starter/keywords.c246
-rw-r--r--programs/starter/keywords.h169
-rw-r--r--programs/starter/keywords.txt109
-rw-r--r--programs/starter/klips.c134
-rw-r--r--programs/starter/klips.h26
-rw-r--r--programs/starter/lex.yy.c1966
-rw-r--r--programs/starter/netkey.c85
-rw-r--r--programs/starter/netkey.h24
-rw-r--r--programs/starter/parser.h57
-rw-r--r--programs/starter/parser.l190
-rw-r--r--programs/starter/parser.output351
-rw-r--r--programs/starter/parser.tab.c1832
-rw-r--r--programs/starter/parser.tab.h82
-rw-r--r--programs/starter/parser.y283
-rw-r--r--programs/starter/starter.80
-rw-r--r--programs/starter/starter.c571
-rw-r--r--programs/starter/starterwhack.c372
-rw-r--r--programs/starter/starterwhack.h32
33 files changed, 0 insertions, 9775 deletions
diff --git a/programs/starter/Makefile b/programs/starter/Makefile
deleted file mode 100644
index 60e95d360..000000000
--- a/programs/starter/Makefile
+++ /dev/null
@@ -1,182 +0,0 @@
-# ipsec starter Makefile
-# Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: Makefile,v 1.14 2006/02/17 19:34:02 as Exp $
-
-FREESWANSRCDIR?=$(shell cd ../..; pwd)
-include ${FREESWANSRCDIR}/Makefile.inc
-
-LD=$(CC)
-RM=rm
-LEX=flex
-BISON=bison
-GPERF=gperf
-
-FREESWANDIR=../..
-FREESWANLIB=$(FREESWANDIR)/lib/libfreeswan/libfreeswan.a
-PLUTODIR=../pluto
-OPENACDIR=../openac
-
-DEFINES+= -DVIRTUAL_IP -DDEBUG
-
-# This compile option activates the leak detective
-ifeq ($(USE_LEAK_DETECTIVE),true)
- DEFINES+= -DLEAK_DETECTIVE
-endif
-
-INCLUDES=-I${FREESWANDIR}/linux/include
-CFLAGS=$(DEFINES) $(INCLUDES) -Wall
-CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
-CFLAGS+=-DIPSEC_CONFDIR=\"${FINALCONFDIR}\"
-LDFLAGS=
-
-PLUTO_OBJS=defs.o
-
-OBJS=starter.o parser.tab.o lex.yy.o keywords.o args.o invokepluto.o \
- starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
- loglite.o ${PLUTO_OBJS}
-
-DISTSRC=$(OBJS:.o=.c)
-DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
-DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
-
-LIBS=$(FREESWANLIB)
-
-PROGRAM=starter
-
-include ../Makefile.program
-
-all: starter
-
-starter: $(OBJS) $(FREESWANLIB)
- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS)
-
-lex.yy.c: parser.tab.c parser.l parser.y parser.h
- $(LEX) parser.l
-
-parser.tab.c: parser.l parser.y parser.h
- $(BISON) -v -d parser.y
-
-keywords.c: keywords.txt keywords.h
- $(GPERF) -C -G -t < keywords.txt > keywords.c
-
-.c.o:
- $(CC) $(CFLAGS) -c $<
-
-loglite.o : $(OPENACDIR)/loglite.c $(PLUTODIR)/log.h
- $(CC) $(CFLAGS) -c -o $@ $<
-
-# pluto library
-
-defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h
- $(CC) $(CFLAGS) -c -o $@ $<
-
-clean::
- $(RM) -f starter $(OBJS) parser.tab.* lex.yy.*
-
-# Stolen from pluto/Makefile
-
-gatherdeps:
- @ls | grep '\.c$$' | sed -e 's/\(.*\)\.c$$/\1.o: \1.c/'
- @echo
- @ls | grep '\.c$$' | xargs grep '^#[ ]*include[ ]*"' | \
- sed -e 's/\.c:#[ ]*include[ ]*"/.o: /' -e 's/".*//'
-
-# Dependencies generated by "make gatherdeps":
-
-args.o: args.c
-cmp.o: cmp.c
-confread.o: confread.c
-exec.o: exec.c
-interfaces.o: interfaces.c
-invokepluto.o: invokepluto.c
-keywords.o: keywords.c
-klips.o: klips.c
-lex.yy.o: lex.yy.c
-netkey.o: netkey.c
-parser.tab.o: parser.tab.c
-starter.o: starter.c
-starterwhack.o: starterwhack.c
-
-args.o: ../pluto/constants.h
-args.o: ../pluto/defs.h
-args.o: ../pluto/log.h
-args.o: keywords.h
-args.o: parser.h
-args.o: confread.h
-args.o: args.h
-cmp.o: ../pluto/constants.h
-cmp.o: ../pluto/defs.h
-cmp.o: confread.h
-cmp.o: args.h
-cmp.o: interfaces.h
-cmp.o: cmp.h
-confread.o: ../pluto/constants.h
-confread.o: ../pluto/defs.h
-confread.o: ../pluto/log.h
-confread.o: keywords.h
-confread.o: parser.h
-confread.o: confread.h
-confread.o: args.h
-confread.o: interfaces.h
-exec.o: ../pluto/constants.h
-exec.o: ../pluto/defs.h
-exec.o: ../pluto/log.h
-exec.o: exec.h
-interfaces.o: ../pluto/constants.h
-interfaces.o: ../pluto/defs.h
-interfaces.o: ../pluto/log.h
-interfaces.o: interfaces.h
-interfaces.o: exec.h
-interfaces.o: files.h
-invokepluto.o: ../pluto/constants.h
-invokepluto.o: ../pluto/defs.h
-invokepluto.o: ../pluto/log.h
-invokepluto.o: confread.h
-invokepluto.o: invokepluto.h
-invokepluto.o: files.h
-invokepluto.o: starterwhack.h
-keywords.o: keywords.h
-klips.o: ../pluto/constants.h
-klips.o: ../pluto/defs.h
-klips.o: ../pluto/log.h
-klips.o: confread.h
-klips.o: klips.h
-klips.o: files.h
-klips.o: exec.h
-lex.yy.o: parser.tab.h
-netkey.o: ../pluto/constants.h
-netkey.o: ../pluto/defs.h
-netkey.o: ../pluto/log.h
-netkey.o: files.h
-parser.tab.o: ../pluto/constants.h
-parser.tab.o: ../pluto/defs.h
-parser.tab.o: parser.h
-starter.o: ../pluto/constants.h
-starter.o: ../pluto/defs.h
-starter.o: ../pluto/log.h
-starter.o: confread.h
-starter.o: files.h
-starter.o: starterwhack.h
-starter.o: invokepluto.h
-starter.o: klips.h
-starter.o: netkey.h
-starter.o: cmp.h
-starter.o: interfaces.h
-starterwhack.o: ../pluto/constants.h
-starterwhack.o: ../pluto/defs.h
-starterwhack.o: ../pluto/log.h
-starterwhack.o: ../pluto/whack.h
-starterwhack.o: starterwhack.h
-starterwhack.o: confread.h
-starterwhack.o: files.h
diff --git a/programs/starter/README b/programs/starter/README
deleted file mode 100644
index 12a60a11d..000000000
--- a/programs/starter/README
+++ /dev/null
@@ -1,104 +0,0 @@
-
-IPsec Starter -- Version 0.2 [Contributed by Arkoon Network Security]
-============================ [ http://www.arkoon.net/]
-
-IPsec Starter is aimed to replace all the scripts which are used to
-start and stop strongSwan and to do that in a quicker and a smarter way.
-
-IPsec Starter can also reload the configuration file (kill --HUP or periodicaly)
-and apply the changes.
-
-Usage:
- starter [--debug] [--auto_update <x seconds>]
- --debug: enable debugging output
- --no_fork: all msg (including pluto) are sent to the console
- --auto_update: reload the config file (like kill -HUP) every x seconds
- and determine any configuration changes
-
-FEATURES
---------
-
-o Load and unload KLIPS (ipsec.o kernel module)
-
-o Load modules of the native Linux 2.6 IPsec stack
-
-o Launch and monitor pluto
-
-o Add, initiate, route and del connections
-
-o Attach and detach interfaces according to config file
-
-o kill -HUP can be used to reload the config file. New connections will be
- added, old ones will be removed and modified ones will be reloaded.
- Interfaces/Klips/Pluto will be reloaded if necessary.
-
-o Full support of the %defaultroute wildcard parameter.
-
-o save own pid in /var/run/starter
-
-o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
- --auto_update to periodicaly check dynamic DNS changes.
-
-o kill -USR1 can be used to reload all connections (delete then add and
- route/initiate)
-
-o /var/run/dynip/xxxx can be used to use a virtual interface name in
- ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
- ipsec.conf: interfaces="ipsec0=adsl"
- And use /etc/ppp/ip-up to create /var/run/dynip/adsl
- /var/run/dynip/adsl: IP_PHYS=ppp0
-
-o %auto can be used to automaticaly name the connections
-
-o kill -TERM can be used to stop FS. pluto will be stopped and KLIPS unloaded
- (if it has been loaded).
-
-o Can be used to start strongSwan and load lots of connections in a few
- seconds.
-
-TODO
-----
-
-o handle wildcards in include lines -- use glob() fct
- ex: include /etc/ipsec.*.conf
-
-o handle duplicates keywords and sections
-
-o 'also' keyword not supported
-
-o manually keyed connections
-
-o IPv6
-
-o Documentation
-
-
-CHANGES
--------
-
-o Version 0.1 -- 2002.01.14 -- First public release
-
-o Version 0.2 -- 2002.09.04 -- Various enhancements
- FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0
-
-o Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0
- by Stephan Scholz <sscholz@astaro.com>
-
-o Version 0.2e -- 2004.10.14 -- Added support for change of interface address
- by Stephan Scholz <sscholz@astaro.com>
-
-o Version 0.2s -- 2005-12-02 -- Ported to strongSwan
- by Stephan Scholz <sscholz@astaro.com>
-
-o Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords
- Full support of the native Linux 2.6 IPsec stack
- Full support of %defaultroute
- Improved parsing of keywords using perfect hash
- function generated by gperf.
- by Andreas Steffen <andreas.steffen@hsr.ch>
-
-THANKS
-------
-
-o Nathan Angelacos - include fix
-
diff --git a/programs/starter/args.c b/programs/starter/args.c
deleted file mode 100644
index 9dece2dfb..000000000
--- a/programs/starter/args.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/* automatic handling of confread struct arguments
- * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: args.c,v 1.11 2007/01/11 21:27:27 as Exp $
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "keywords.h"
-#include "parser.h"
-#include "confread.h"
-#include "args.h"
-
-/* argument types */
-
-typedef enum {
- ARG_NONE,
- ARG_ENUM,
- ARG_UINT,
- ARG_TIME,
- ARG_ULNG,
- ARG_PCNT,
- ARG_STR,
- ARG_LST,
- ARG_MISC
-} arg_t;
-
-/* various keyword lists */
-
-static const char *LST_bool[] = {
- "no",
- "yes",
- NULL
-};
-
-static const char *LST_sendcert[] = {
- "always",
- "ifasked",
- "never",
- "yes",
- "no",
- NULL
-};
-
-static const char *LST_dpd_action[] = {
- "none",
- "clear",
- "hold",
- "restart",
- NULL
-};
-
-static const char *LST_startup[] = {
- "ignore",
- "add",
- "route",
- "start",
- NULL
-};
-
-static const char *LST_packetdefault[] = {
- "drop",
- "reject",
- "pass",
- NULL
-};
-
-static const char *LST_keyexchange[] = {
- "ike",
- NULL
-};
-
-static const char *LST_pfsgroup[] = {
- "modp1024",
- "modp1536",
- "modp2048",
- "modp3072",
- "modp4096",
- "modp6144",
- "modp8192",
- NULL
-};
-
-static const char *LST_plutodebug[] = {
- "none",
- "all",
- "raw",
- "crypt",
- "parsing",
- "emitting",
- "control",
- "lifecycle",
- "klips",
- "dns",
- "natt",
- "oppo",
- "controlmore",
- "private",
- NULL
-};
-
-static const char *LST_klipsdebug[] = {
- "tunnel",
- "tunnel-xmit",
- "pfkey",
- "xform",
- "eroute",
- "spi",
- "radij",
- "esp",
- "ah",
- "ipcomp",
- "verbose",
- "all",
- "none",
- NULL
-};
-
-typedef struct {
- arg_t type;
- size_t offset;
- const char **list;
-} token_info_t;
-
-static const token_info_t token_info[] =
-{
- /* config setup keywords */
- { ARG_LST, offsetof(starter_config_t, setup.interfaces), NULL },
- { ARG_STR, offsetof(starter_config_t, setup.dumpdir), NULL },
-
- /* pluto keywords */
- { ARG_LST, offsetof(starter_config_t, setup.plutodebug), LST_plutodebug },
- { ARG_STR, offsetof(starter_config_t, setup.prepluto), NULL },
- { ARG_STR, offsetof(starter_config_t, setup.postpluto), NULL },
- { ARG_ENUM, offsetof(starter_config_t, setup.uniqueids), LST_bool },
- { ARG_UINT, offsetof(starter_config_t, setup.overridemtu), NULL },
- { ARG_TIME, offsetof(starter_config_t, setup.crlcheckinterval), NULL },
- { ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool },
- { ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_bool },
- { ARG_ENUM, offsetof(starter_config_t, setup.nocrsend), LST_bool },
- { ARG_ENUM, offsetof(starter_config_t, setup.nat_traversal), LST_bool },
- { ARG_TIME, offsetof(starter_config_t, setup.keep_alive), NULL },
- { ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL },
- { ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL },
- { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool },
- { ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool },
-
- /* KLIPS keywords */
- { ARG_LST, offsetof(starter_config_t, setup.klipsdebug), LST_klipsdebug },
- { ARG_ENUM, offsetof(starter_config_t, setup.fragicmp), LST_bool },
- { ARG_STR, offsetof(starter_config_t, setup.packetdefault), LST_packetdefault },
- { ARG_ENUM, offsetof(starter_config_t, setup.hidetos), LST_bool },
-
- /* conn section keywords */
- { ARG_STR, offsetof(starter_conn_t, name), NULL },
- { ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup },
- { ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange },
- { ARG_MISC, 0, NULL /* KW_TYPE */ },
- { ARG_MISC, 0, NULL /* KW_PFS */ },
- { ARG_MISC, 0, NULL /* KW_COMPRESS */ },
- { ARG_MISC, 0, NULL /* KW_AUTH */ },
- { ARG_MISC, 0, NULL /* KW_AUTHBY */ },
- { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL },
- { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL },
- { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL },
- { ARG_ULNG, offsetof(starter_conn_t, sa_keying_tries), NULL },
- { ARG_PCNT, offsetof(starter_conn_t, sa_rekey_fuzz), NULL },
- { ARG_MISC, 0, NULL /* KW_REKEY */ },
- { ARG_STR, offsetof(starter_conn_t, ike), NULL },
- { ARG_STR, offsetof(starter_conn_t, esp), NULL },
- { ARG_STR, offsetof(starter_conn_t, pfsgroup), LST_pfsgroup },
- { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL },
- { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL },
- { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action },
- { ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
- { ARG_MISC, 0, NULL /* KW_XAUTH */ },
-
- /* ca section keywords */
- { ARG_STR, offsetof(starter_ca_t, name), NULL },
- { ARG_ENUM, offsetof(starter_ca_t, startup), LST_startup },
- { ARG_STR, offsetof(starter_ca_t, cacert), NULL },
- { ARG_STR, offsetof(starter_ca_t, ldaphost), NULL },
- { ARG_STR, offsetof(starter_ca_t, ldapbase), NULL },
- { ARG_STR, offsetof(starter_ca_t, crluri), NULL },
- { ARG_STR, offsetof(starter_ca_t, crluri2), NULL },
- { ARG_STR, offsetof(starter_ca_t, ocspuri), NULL },
-
- /* end keywords */
- { ARG_MISC, 0, NULL /* KW_HOST */ },
- { ARG_MISC, 0, NULL /* KW_NEXTHOP */ },
- { ARG_MISC, 0, NULL /* KW_SUBNET */ },
- { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ },
- { ARG_MISC, 0, NULL /* KW_PROTOPORT */ },
- { ARG_MISC, 0, NULL /* KW_SOURCEIP */ },
- { ARG_MISC, 0, NULL /* KW_NATIP */ },
- { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool },
- { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool },
- { ARG_STR, offsetof(starter_end_t, updown), NULL },
- { ARG_STR, offsetof(starter_end_t, id), NULL },
- { ARG_STR, offsetof(starter_end_t, rsakey), NULL },
- { ARG_STR, offsetof(starter_end_t, cert), NULL },
- { ARG_ENUM, offsetof(starter_end_t, sendcert), LST_sendcert },
- { ARG_STR, offsetof(starter_end_t, ca), NULL },
- { ARG_STR, offsetof(starter_end_t, groups), NULL },
- { ARG_STR, offsetof(starter_end_t, iface), NULL }
-};
-
-static void
-free_list(char **list)
-{
- char **s;
-
- for (s = list; *s; s++)
- pfree(*s);
- pfree(list);
-}
-
-char **
-new_list(char *value)
-{
- char *val, *b, *e, *end, **ret;
- int count;
-
- val = value ? clone_str(value, "list value") : NULL;
- if (!val)
- return NULL;
- end = val + strlen(val);
- for (b = val, count = 0; b < end;)
- {
- for (e = b; ((*e != ' ') && (*e != '\0')); e++);
- *e = '\0';
- if (e != b)
- count++;
- b = e + 1;
- }
- if (count == 0)
- {
- pfree(val);
- return NULL;
- }
- ret = (char **)alloc_bytes((count+1) * sizeof(char *), "list");
-
- for (b = val, count = 0; b < end; )
- {
- for (e = b; (*e != '\0'); e++);
- if (e != b)
- ret[count++] = clone_str(b, "list value");
- b = e + 1;
- }
- ret[count] = NULL;
- pfree(val);
- return ret;
-}
-
-
-/*
- * assigns an argument value to a struct field
- */
-bool
-assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base
- , bool *assigned)
-{
- char *p = base + token_info[token].offset;
- const char **list = token_info[token].list;
-
- int index = -1; /* used for enumeration arguments */
-
- lset_t *seen = (lset_t *)base; /* seen flags are at the top of the struct */
- lset_t f = LELEM(token - first); /* compute flag position of argument */
-
- *assigned = FALSE;
-
- DBG(DBG_CONTROLMORE,
- DBG_log(" %s=%s", kw->entry->name, kw->value)
- )
-
- if (*seen & f)
- {
- plog("# duplicate '%s' option", kw->entry->name);
- return FALSE;
- }
-
- /* set flag that this argument has been seen */
- *seen |= f;
-
- /* is there a keyword list? */
- if (list != NULL && token_info[token].type != ARG_LST)
- {
- bool match = FALSE;
-
- while (*list != NULL && !match)
- {
- index++;
- match = streq(kw->value, *list++);
- }
- if (!match)
- {
- plog("# bad value: %s=%s", kw->entry->name, kw->value);
- return FALSE;
- }
- }
-
- switch (token_info[token].type)
- {
- case ARG_NONE:
- plog("# option '%s' not supported yet", kw->entry->name);
- return FALSE;
- case ARG_ENUM:
- {
- int *i = (int *)p;
-
- if (index < 0)
- {
- plog("# bad enumeration value: %s=%s (%d)"
- , kw->entry->name, kw->value, index);
- return FALSE;
- }
- *i = index;
- }
- break;
-
- case ARG_UINT:
- {
- char *endptr;
- u_int *u = (u_int *)p;
-
- *u = strtoul(kw->value, &endptr, 10);
-
- if (*endptr != '\0')
- {
- plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
- return FALSE;
- }
- }
- break;
- case ARG_ULNG:
- case ARG_PCNT:
- {
- char *endptr;
- unsigned long *l = (unsigned long *)p;
-
- *l = strtoul(kw->value, &endptr, 10);
-
- if (token_info[token].type == ARG_ULNG)
- {
- if (*endptr != '\0')
- {
- plog("# bad integer value: %s=%s", kw->entry->name, kw->value);
- return FALSE;
- }
- }
- else
- {
- if ((*endptr != '%') || (endptr[1] != '\0') || endptr == kw->value)
- {
- plog("# bad percent value: %s=%s", kw->entry->name, kw->value);
- return FALSE;
- }
- }
-
- }
- break;
- case ARG_TIME:
- {
- char *endptr;
- time_t *t = (time_t *)p;
-
- *t = strtoul(kw->value, &endptr, 10);
-
- /* time in seconds? */
- if (*endptr == '\0' || (*endptr == 's' && endptr[1] == '\0'))
- break;
-
- if (endptr[1] == '\0')
- {
- if (*endptr == 'm') /* time in minutes? */
- {
- *t *= 60;
- break;
- }
- if (*endptr == 'h') /* time in hours? */
- {
- *t *= 3600;
- break;
- }
- if (*endptr == 'd') /* time in days? */
- {
- *t *= 3600*24;
- break;
- }
- }
- plog("# bad duration value: %s=%s", kw->entry->name, kw->value);
- return FALSE;
- }
- case ARG_STR:
- {
- char **cp = (char **)p;
-
- /* free any existing string */
- pfreeany(*cp);
-
- /* assign the new string */
- *cp = clone_str(kw->value, "str_value");
- }
- break;
- case ARG_LST:
- {
- char ***listp = (char ***)p;
-
- /* free any existing list */
- if (*listp != NULL)
- free_list(*listp);
-
- /* create a new list and assign values */
- *listp = new_list(kw->value);
-
- /* is there a keyword list? */
- if (list != NULL)
- {
- char ** lst;
-
- for (lst = *listp; lst && *lst; lst++)
- {
- bool match = FALSE;
-
- list = token_info[token].list;
-
- while (*list != NULL && !match)
- {
- match = streq(*lst, *list++);
- }
- if (!match)
- {
- plog("# bad value: %s=%s", kw->entry->name, *lst);
- return FALSE;
- }
- }
- }
- }
- default:
- return TRUE;
- }
-
- *assigned = TRUE;
- return TRUE;
-}
-
-/*
- * frees all dynamically allocated arguments in a struct
- */
-void
-free_args(kw_token_t first, kw_token_t last, char *base)
-{
- kw_token_t token;
-
- for (token = first; token <= last; token++)
- {
- char *p = base + token_info[token].offset;
-
- switch (token_info[token].type)
- {
- case ARG_STR:
- {
- char **cp = (char **)p;
-
- pfreeany(*cp);
- *cp = NULL;
- }
- break;
- case ARG_LST:
- {
- char ***listp = (char ***)p;
-
- if (*listp != NULL)
- {
- free_list(*listp);
- *listp = NULL;
- }
- }
- break;
- default:
- break;
- }
- }
-}
-
-/*
- * clone all dynamically allocated arguments in a struct
- */
-void
-clone_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
-{
- kw_token_t token;
-
- for (token = first; token <= last; token++)
- {
- if (token_info[token].type == ARG_STR)
- {
- char **cp1 = (char **)(base1 + token_info[token].offset);
- char **cp2 = (char **)(base2 + token_info[token].offset);
-
- *cp1 = clone_str(*cp2, "cloned str");
- }
- }
-}
-
-static bool
-cmp_list(char **list1, char **list2)
-{
- if ((list1 == NULL) && (list2 == NULL))
- return TRUE;
- if ((list1 == NULL) || (list2 == NULL))
- return FALSE;
-
- for ( ; *list1 && *list2; list1++, list2++)
- {
- if (strcmp(*list1,*list2) != 0)
- return FALSE;
- }
-
- if ((*list1 != NULL) || (*list2 != NULL))
- return FALSE;
-
- return TRUE;
-}
-
-/*
- * compare all arguments in a struct
- */
-bool
-cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2)
-{
- kw_token_t token;
-
- for (token = first; token <= last; token++)
- {
- char *p1 = base1 + token_info[token].offset;
- char *p2 = base2 + token_info[token].offset;
-
- switch (token_info[token].type)
- {
- case ARG_ENUM:
- {
- int *i1 = (int *)p1;
- int *i2 = (int *)p2;
-
- if (*i1 != *i2)
- return FALSE;
- }
- break;
- case ARG_UINT:
- {
- u_int *u1 = (u_int *)p1;
- u_int *u2 = (u_int *)p2;
-
- if (*u1 != *u2)
- return FALSE;
- }
- break;
- case ARG_ULNG:
- case ARG_PCNT:
- {
- unsigned long *l1 = (unsigned long *)p1;
- unsigned long *l2 = (unsigned long *)p2;
-
- if (*l1 != *l2)
- return FALSE;
- }
- break;
- case ARG_TIME:
- {
- time_t *t1 = (time_t *)p1;
- time_t *t2 = (time_t *)p2;
-
- if (*t1 != *t2)
- return FALSE;
- }
- break;
- case ARG_STR:
- {
- char **cp1 = (char **)p1;
- char **cp2 = (char **)p2;
-
- if (*cp1 == NULL && *cp2 == NULL)
- break;
- if (*cp1 == NULL || *cp2 == NULL || strcmp(*cp1, *cp2) != 0)
- return FALSE;
- }
- break;
- case ARG_LST:
- {
- char ***listp1 = (char ***)p1;
- char ***listp2 = (char ***)p2;
-
- if (!cmp_list(*listp1, *listp2))
- return FALSE;
- }
- break;
- default:
- break;
- }
- }
- return TRUE;
-}
diff --git a/programs/starter/args.h b/programs/starter/args.h
deleted file mode 100644
index 302e9bb7b..000000000
--- a/programs/starter/args.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* automatic handling of confread struct arguments
- * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: args.h,v 1.3 2006/01/13 18:02:02 as Exp $
- */
-
-#ifndef _ARGS_H_
-#define _ARGS_H_
-
-#include "keywords.h"
-#include "parser.h"
-
-extern char **new_list(char *value);
-extern bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw
- , char *base, bool *assigned);
-extern void free_args(kw_token_t first, kw_token_t last, char *base);
-extern void clone_args(kw_token_t first, kw_token_t last, char *base1
- , char *base2);
-extern bool cmp_args(kw_token_t first, kw_token_t last, char *base1
- , char *base2);
-
-#endif /* _ARGS_H_ */
-
diff --git a/programs/starter/cmp.c b/programs/starter/cmp.c
deleted file mode 100644
index 9222bf58f..000000000
--- a/programs/starter/cmp.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* strongSwan IPsec starter comparison functions
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: cmp.c,v 1.12 2006/01/13 18:03:25 as Exp $
- */
-
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-
-#include "confread.h"
-#include "args.h"
-#include "interfaces.h"
-#include "cmp.h"
-
-#define VARCMP(obj) if (c1->obj != c2->obj) return FALSE
-#define ADDCMP(obj) if (!sameaddr(&c1->obj,&c2->obj)) return FALSE
-#define SUBCMP(obj) if (!samesubnet(&c1->obj,&c2->obj)) return FALSE
-
-static bool
-starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
-{
- if ((c1 == NULL) || (c2 == NULL))
- return FALSE;
-
- ADDCMP(addr);
- ADDCMP(nexthop);
- ADDCMP(srcip);
- SUBCMP(subnet);
- VARCMP(has_client);
- VARCMP(has_client_wildcard);
- VARCMP(has_port_wildcard);
- VARCMP(has_srcip);
- VARCMP(modecfg);
- VARCMP(port);
- VARCMP(protocol);
-
- return cmp_args(KW_END_FIRST, KW_END_LAST, (char *)c1, (char *)c2);
- }
-
-bool
-starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2)
-{
- if ((c1 == NULL) || (c2 == NULL))
- return FALSE;
-
- VARCMP(policy);
- VARCMP(addr_family);
- VARCMP(tunnel_addr_family);
-
- if (!starter_cmp_end(&c1->left, &c2->left))
- return FALSE;
- if (!starter_cmp_end(&c1->right, &c2->right))
- return FALSE;
-
- return cmp_args(KW_CONN_NAME, KW_CONN_LAST, (char *)c1, (char *)c2);
-}
-
-bool
-starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2)
-{
- if (c1 == NULL || c2 == NULL)
- return FALSE;
-
- return cmp_args(KW_CA_NAME, KW_CA_LAST, (char *)c1, (char *)c2);
-}
-
-bool
-starter_cmp_klips(starter_config_t *c1, starter_config_t *c2)
-{
- if ((c1 == NULL) || (c2 == NULL))
- return FALSE;
-
- return cmp_args(KW_KLIPS_FIRST, KW_KLIPS_LAST, (char *)c1, (char *)c2);
-}
-
-bool
-starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2)
-{
- if ((c1 == NULL) || (c2 == NULL))
- return FALSE;
-
- return cmp_args(KW_PLUTO_FIRST, KW_PLUTO_LAST, (char *)c1, (char *)c2);
-}
-
-bool
-starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2)
-{
- if ((d1 == NULL) || (d2 == NULL))
- return FALSE;
- return memcmp(d1, d2, sizeof(defaultroute_t)) == 0;
-}
diff --git a/programs/starter/cmp.h b/programs/starter/cmp.h
deleted file mode 100644
index ca355e9eb..000000000
--- a/programs/starter/cmp.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* strongSwan IPsec starter comparison functions
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: cmp.h,v 1.4 2006/01/06 20:24:41 as Exp $
- */
-
-#ifndef _STARTER_CMP_H_
-#define _STARTER_CMP_H_
-
-#include "interfaces.h"
-
-extern bool starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2);
-extern bool starter_cmp_ca(starter_ca_t *c1, starter_ca_t *c2);
-extern bool starter_cmp_klips(starter_config_t *c1, starter_config_t *c2);
-extern bool starter_cmp_pluto(starter_config_t *c1, starter_config_t *c2);
-extern bool starter_cmp_defaultroute(defaultroute_t *d1, defaultroute_t *d2);
-
-#endif
-
diff --git a/programs/starter/confread.c b/programs/starter/confread.c
deleted file mode 100644
index 63010685b..000000000
--- a/programs/starter/confread.c
+++ /dev/null
@@ -1,908 +0,0 @@
-/* strongSwan IPsec config file parser
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: confread.c,v 1.40 2007/01/11 21:27:27 as Exp $
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "keywords.h"
-#include "parser.h"
-#include "confread.h"
-#include "args.h"
-#include "interfaces.h"
-
-/* strings containing a colon are interpreted as an IPv6 address */
-#define ip_version(string) (strchr(string, ':') != NULL)? AF_INET6 : AF_INET;
-
-static const char ike_defaults[] = "3des-sha, 3des-md5";
-static const char esp_defaults[] = "3des-sha1, 3des-md5";
-
-static const char firewall_defaults[] = "ipsec _updown iptables";
-
-static void
-default_values(starter_config_t *cfg)
-{
- if (cfg == NULL)
- return;
-
- memset(cfg, 0, sizeof(struct starter_config));
-
- /* is there enough space for all seen flags? */
- assert(KW_SETUP_LAST - KW_SETUP_FIRST <
- sizeof(cfg->setup.seen) * BITS_PER_BYTE);
- assert(KW_CONN_LAST - KW_CONN_FIRST <
- sizeof(cfg->conn_default.seen) * BITS_PER_BYTE);
- assert(KW_END_LAST - KW_END_FIRST <
- sizeof(cfg->conn_default.right.seen) * BITS_PER_BYTE);
- assert(KW_CA_LAST - KW_CA_FIRST <
- sizeof(cfg->ca_default.seen) * BITS_PER_BYTE);
-
- cfg->setup.seen = LEMPTY;
- cfg->setup.fragicmp = TRUE;
- cfg->setup.hidetos = TRUE;
- cfg->setup.uniqueids = TRUE;
- cfg->setup.interfaces = new_list("%defaultroute");
-
- cfg->conn_default.seen = LEMPTY;
- cfg->conn_default.startup = STARTUP_NO;
- cfg->conn_default.state = STATE_IGNORE;
- cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG
- | POLICY_PFS;
-
- cfg->conn_default.ike = clone_str(ike_defaults, "ike_defaults");
- cfg->conn_default.esp = clone_str(esp_defaults, "esp_defaults");
- cfg->conn_default.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
- cfg->conn_default.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
- cfg->conn_default.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
- cfg->conn_default.sa_rekey_fuzz = SA_REPLACEMENT_FUZZ_DEFAULT;
- cfg->conn_default.sa_keying_tries = SA_REPLACEMENT_RETRIES_DEFAULT;
- cfg->conn_default.addr_family = AF_INET;
- cfg->conn_default.tunnel_addr_family = AF_INET;
-
- cfg->conn_default.left.seen = LEMPTY;
- cfg->conn_default.right.seen = LEMPTY;
-
- anyaddr(AF_INET, &cfg->conn_default.left.addr);
- anyaddr(AF_INET, &cfg->conn_default.left.nexthop);
- anyaddr(AF_INET, &cfg->conn_default.left.srcip);
- anyaddr(AF_INET, &cfg->conn_default.right.addr);
- anyaddr(AF_INET, &cfg->conn_default.right.nexthop);
- anyaddr(AF_INET, &cfg->conn_default.right.srcip);
-
- cfg->ca_default.seen = LEMPTY;
-}
-
-#define KW_POLICY_FLAG(sy, sn, fl) \
- if (streq(kw->value, sy)) { conn->policy |= fl; } \
- else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
- else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
-
-static void
-load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
-{
- kw_list_t *kw;
-
- DBG(DBG_CONTROL,
- DBG_log("Loading config setup")
- )
-
- for (kw = cfgp->config_setup; kw; kw = kw->next)
- {
- bool assigned = FALSE;
-
- kw_token_t token = kw->entry->token;
-
- if (token < KW_SETUP_FIRST || token > KW_SETUP_LAST)
- {
- plog("# unsupported keyword '%s' in config setup", kw->entry->name);
- cfg->err++;
- continue;
- }
-
- if (!assign_arg(token, KW_SETUP_FIRST, kw, (char *)cfg, &assigned))
- {
- plog(" bad argument value in config setup");
- cfg->err++;
- continue;
- }
- }
-}
-
-static void
-kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
- , kw_list_t *kw, char *conn_name, starter_config_t *cfg)
-{
- err_t ugh = NULL;
- bool assigned = FALSE;
- int has_port_wildcard; /* set if port is %any */
-
- char *name = kw->entry->name;
- char *value = kw->value;
-
- if (!assign_arg(token, KW_END_FIRST, kw, (char *)end, &assigned))
- goto err;
-
- if (token == KW_SENDCERT)
- {
- if (end->sendcert == CERT_YES_SEND)
- end->sendcert = CERT_ALWAYS_SEND;
- else if (end->sendcert == CERT_NO_SEND)
- end->sendcert = CERT_NEVER_SEND;
- }
-
- if (assigned)
- return;
-
- switch (token)
- {
- case KW_HOST:
- if (streq(value, "%defaultroute"))
- {
- if (cfg->defaultroute.defined)
- {
- end->addr = cfg->defaultroute.addr;
- end->nexthop = cfg->defaultroute.nexthop;
- }
- else
- {
- plog("# default route not known: %s=%s", name, value);
- goto err;
- }
- }
- else if (streq(value, "%any"))
- {
- anyaddr(conn->addr_family, &end->addr);
- }
- else if (streq(value, "%any6"))
- {
- conn->addr_family = AF_INET6;
- anyaddr(conn->addr_family, &end->addr);
- }
- else if (value[0] == '%')
- {
- if (end->iface)
- pfree(end->iface);
- end->iface = clone_str(value+1, "iface");
- if (starter_iface_find(end->iface, conn->addr_family, &end->addr,
- &end->nexthop) == -1)
- {
- conn->state = STATE_INVALID;
- }
- }
- else
- {
- conn->addr_family = ip_version(value);
- ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
- if (ugh != NULL)
- {
- plog("# bad addr: %s=%s [%s]", name, value, ugh);
- goto err;
- }
- }
- break;
- case KW_NEXTHOP:
- if (streq(value, "%defaultroute"))
- {
- if (cfg->defaultroute.defined)
- end->nexthop = cfg->defaultroute.nexthop;
- else
- {
- plog("# default route not known: %s=%s", name, value);
- goto err;
- }
- }
- else if (streq(value, "%direct"))
- {
- ugh = anyaddr(conn->addr_family, &end->nexthop);
- }
- else
- {
- conn->addr_family = ip_version(value);
- ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop);
- }
- if (ugh != NULL)
- {
- plog("# bad addr: %s=%s [%s]", name, value, ugh);
- goto err;
- }
- break;
- case KW_SUBNET:
- if ((strlen(value) >= 6 && strncmp(value,"vhost:",6) == 0)
- || (strlen(value) >= 5 && strncmp(value,"vnet:",5) == 0))
- {
- end->virt = clone_str(value, "virt");
- }
- else
- {
- end->has_client = TRUE;
- conn->tunnel_addr_family = ip_version(value);
- ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
- if (ugh != NULL)
- {
- plog("# bad subnet: %s=%s [%s]", name, value, ugh);
- goto err;
- }
- }
- break;
- case KW_SUBNETWITHIN:
- end->has_client = TRUE;
- end->has_client_wildcard = TRUE;
- conn->tunnel_addr_family = ip_version(value);
- ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
- break;
- case KW_PROTOPORT:
- ugh = ttoprotoport(value, 0, &end->protocol, &end->port, &has_port_wildcard);
- end->has_port_wildcard = has_port_wildcard;
- break;
- case KW_SOURCEIP:
- if (end->has_natip)
- {
- plog("# natip and sourceip cannot be defined at the same time");
- goto err;
- }
- if (streq(value, "%modeconfig") || streq(value, "%modecfg"))
- {
- end->modecfg = TRUE;
- }
- else
- {
- conn->tunnel_addr_family = ip_version(value);
- ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
- if (ugh != NULL)
- {
- plog("# bad addr: %s=%s [%s]", name, value, ugh);
- goto err;
- }
- end->has_srcip = TRUE;
- }
- conn->policy |= POLICY_TUNNEL;
- break;
- case KW_NATIP:
- if (end->has_srcip)
- {
- plog("# natip and sourceip cannot be defined at the same time");
- goto err;
- }
- conn->tunnel_addr_family = ip_version(value);
- ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
- if (ugh != NULL)
- {
- plog("# bad addr: %s=%s [%s]", name, value, ugh);
- goto err;
- }
- end->has_natip = TRUE;
- conn->policy |= POLICY_TUNNEL;
- break;
- default:
- break;
- }
- return;
-
-err:
- plog(" bad argument value in conn '%s'", conn_name);
- cfg->err++;
-}
-
-/*
- * handles left|rightfirewall and left|rightupdown parameters
- */
-static void
-handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
-{
- if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST)))
- {
- if (end->updown != NULL)
- {
- plog("# cannot have both %sfirewall and %supdown", label, label);
- cfg->err++;
- }
- else
- {
- end->updown = clone_str(firewall_defaults, "firewall_defaults");
- end->firewall = FALSE;
- }
- }
-}
-
-/*
- * parse a conn section
- */
-static void
-load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
-{
- char *conn_name = (conn->name == NULL)? "%default":conn->name;
-
- for ( ; kw; kw = kw->next)
- {
- bool assigned = FALSE;
-
- kw_token_t token = kw->entry->token;
-
- if (token >= KW_LEFT_FIRST && token <= KW_LEFT_LAST)
- {
- kw_end(conn, &conn->left, token - KW_LEFT_FIRST + KW_END_FIRST
- , kw, conn_name, cfg);
- continue;
- }
- else if (token >= KW_RIGHT_FIRST && token <= KW_RIGHT_LAST)
- {
- kw_end(conn, &conn->right, token - KW_RIGHT_FIRST + KW_END_FIRST
- , kw, conn_name, cfg);
- continue;
- }
-
- if (token == KW_AUTO)
- {
- token = KW_CONN_SETUP;
- }
- else if (token == KW_ALSO)
- {
- if (cfg->parse_also)
- {
- also_t *also = alloc_thing(also_t, "also_t");
-
- also->name = clone_str(kw->value, "also");
- also->next = conn->also;
- conn->also = also;
-
- DBG(DBG_CONTROL,
- DBG_log(" also=%s", kw->value)
- )
- }
- continue;
- }
-
- if (token < KW_CONN_FIRST || token > KW_CONN_LAST)
- {
- plog("# unsupported keyword '%s' in conn '%s'"
- , kw->entry->name, conn_name);
- cfg->err++;
- continue;
- }
-
- if (!assign_arg(token, KW_CONN_FIRST, kw, (char *)conn, &assigned))
- {
- plog(" bad argument value in conn '%s'", conn_name);
- cfg->err++;
- continue;
- }
-
- if (assigned)
- continue;
-
- switch (token)
- {
- case KW_TYPE:
- conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
- if (streq(kw->value, "tunnel"))
- conn->policy |= POLICY_TUNNEL;
- else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
- conn->policy |= POLICY_SHUNT_PASS;
- else if (streq(kw->value, "drop"))
- conn->policy |= POLICY_SHUNT_DROP;
- else if (streq(kw->value, "reject"))
- conn->policy |= POLICY_SHUNT_REJECT;
- else if (strcmp(kw->value, "transport") != 0)
- {
- plog("# bad policy value: %s=%s", kw->entry->name, kw->value);
- cfg->err++;
- }
- break;
- case KW_PFS:
- KW_POLICY_FLAG("yes", "no", POLICY_PFS)
- break;
- case KW_COMPRESS:
- KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS)
- break;
- case KW_AUTH:
- KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
- break;
- case KW_AUTHBY:
- conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT);
-
- if (strcmp(kw->value, "never") != 0)
- {
- char *value = kw->value;
- char *second = strchr(kw->value, '|');
-
- if (second != NULL)
- *second = '\0';
-
- /* also handles the cases secret|rsasig and rsasig|secret */
- for (;;)
- {
- if (streq(value, "rsasig"))
- conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT;
- else if (streq(value, "secret") || streq(value, "psk"))
- conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
- else if (streq(value, "xauthrsasig"))
- conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
- else if (streq(value, "xauthpsk"))
- conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT;
- else
- {
- plog("# bad policy value: %s=%s", kw->entry->name, kw->value);
- cfg->err++;
- break;
- }
- if (second == NULL)
- break;
- value = second;
- second = NULL; /* traverse the loop no more than twice */
- }
- }
- break;
- case KW_REKEY:
- KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY)
- break;
- case KW_MODECONFIG:
- KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
- break;
- case KW_XAUTH:
- KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER)
- break;
- default:
- break;
- }
- }
- handle_firewall("left", &conn->left, cfg);
- handle_firewall("right", &conn->right, cfg);
-}
-
-/*
- * initialize a conn object with the default conn
- */
-static void
-conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
-{
- memcpy(conn, def, sizeof(starter_conn_t));
- conn->name = clone_str(name, "conn name");
-
- clone_args(KW_CONN_FIRST, KW_CONN_LAST
- , (char *)conn, (char *)def);
- clone_args(KW_END_FIRST, KW_END_LAST
- , (char *)&conn->left, (char *)&def->left);
- clone_args(KW_END_FIRST, KW_END_LAST
- , (char *)&conn->right, (char *)&def->right);
-}
-
-/*
- * parse a ca section
- */
-static void
-load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
-{
- char *ca_name = (ca->name == NULL)? "%default":ca->name;
-
- for ( ; kw; kw = kw->next)
- {
- bool assigned = FALSE;
-
- kw_token_t token = kw->entry->token;
-
- if (token == KW_AUTO)
- {
- token = KW_CA_SETUP;
- }
- else if (token == KW_ALSO)
- {
- if (cfg->parse_also)
- {
- also_t *also = alloc_thing(also_t, "also_t");
-
- also->name = clone_str(kw->value, "also");
- also->next = ca->also;
- ca->also = also;
-
- DBG(DBG_CONTROL,
- DBG_log(" also=%s", kw->value)
- )
- }
- continue;
- }
-
- if (token < KW_CA_FIRST || token > KW_CA_LAST)
- {
- plog("# unsupported keyword '%s' in ca '%s'"
- , kw->entry->name, ca_name);
- cfg->err++;
- continue;
- }
-
- if (!assign_arg(token, KW_CA_FIRST, kw, (char *)ca, &assigned))
- {
- plog(" bad argument value in ca '%s'", ca_name);
- cfg->err++;
- }
- }
-
- /* treat 'route' and 'start' as 'add' */
- if (ca->startup != STARTUP_NO)
- ca->startup = STARTUP_ADD;
-}
-
-/*
- * initialize a ca object with the default ca
- */
-static void
-ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
-{
- memcpy(ca, def, sizeof(starter_ca_t));
- ca->name = clone_str(name, "ca name");
-
- clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def);
-}
-
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg);
-
-static void
-load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
-{
- while (also != NULL)
- {
- kw_list_t *kw = find_also_conn(also->name, conn, cfg);
-
- if (kw == NULL)
- {
- plog(" conn '%s' cannot include '%s'", conn->name, also->name);
- }
- else
- {
- DBG(DBG_CONTROL,
- DBG_log("conn '%s' includes '%s'", conn->name, also->name)
- )
- /* only load if no error occurred in the first round */
- if (cfg->err == 0)
- load_conn(conn, kw, cfg);
- }
- also = also->next;
- }
-}
-
-/*
- * find a conn included by also
- */
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
-{
- starter_conn_t *c = cfg->conn_first;
-
- while (c != NULL)
- {
- if (streq(name, c->name))
- {
- if (conn->visit == c->visit)
- {
- plog("# detected also loop");
- cfg->err++;
- return NULL;
- }
- c->visit = conn->visit;
- load_also_conns(conn, c->also, cfg);
- return c->kw;
- }
- c = c->next;
- }
-
- plog("# also '%s' not found", name);
- cfg->err++;
- return NULL;
-}
-
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg);
-
-static void
-load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
-{
- while (also != NULL)
- {
- kw_list_t *kw = find_also_ca(also->name, ca, cfg);
-
- if (kw == NULL)
- {
- plog(" ca '%s' cannot include '%s'", ca->name, also->name);
- }
- else
- {
- DBG(DBG_CONTROL,
- DBG_log("ca '%s' includes '%s'", ca->name, also->name)
- )
- /* only load if no error occurred in the first round */
- if (cfg->err == 0)
- load_ca(ca, kw, cfg);
- }
- also = also->next;
- }
-}
-
-/*
- * find a ca included by also
- */
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
-{
- starter_ca_t *c = cfg->ca_first;
-
- while (c != NULL)
- {
- if (streq(name, c->name))
- {
- if (ca->visit == c->visit)
- {
- plog("# detected also loop");
- cfg->err++;
- return NULL;
- }
- c->visit = ca->visit;
- load_also_cas(ca, c->also, cfg);
- return c->kw;
- }
- c = c->next;
- }
-
- plog("# also '%s' not found", name);
- cfg->err++;
- return NULL;
-}
-
-
-
-/*
- * load and parse an IPsec configuration file
- */
-starter_config_t *
-confread_load(const char *file)
-{
- starter_config_t *cfg = NULL;
- config_parsed_t *cfgp;
- section_list_t *sconn, *sca;
- starter_conn_t *conn;
- starter_ca_t *ca;
-
- u_int visit = 0;
-
- /* load IPSec configuration file */
- cfgp = parser_load_conf(file);
- if (!cfgp)
- return NULL;
-
- cfg = (starter_config_t *)alloc_thing(starter_config_t, "starter_config_t");
-
- /* set default values */
- default_values(cfg);
-
- /* determine default route */
- get_defaultroute(&cfg->defaultroute);
-
- /* load config setup section */
- load_setup(cfg, cfgp);
-
- /* in the first round parse also statements */
- cfg->parse_also = TRUE;
-
- /* find %default ca section */
- for (sca = cfgp->ca_first; sca; sca = sca->next)
- {
- if (streq(sca->name, "%default"))
- {
- DBG(DBG_CONTROL,
- DBG_log("Loading ca %%default")
- )
- load_ca(&cfg->ca_default, sca->kw, cfg);
- }
- }
-
- /* parameters defined in ca %default sections can be overloads */
- cfg->ca_default.seen = LEMPTY;
-
- /* load other ca sections */
- for (sca = cfgp->ca_first; sca; sca = sca->next)
- {
- /* skip %default ca section */
- if (streq(sca->name, "%default"))
- continue;
-
- DBG(DBG_CONTROL,
- DBG_log("Loading ca '%s'", sca->name)
- )
- ca = (starter_ca_t *)alloc_thing(starter_ca_t, "starter_ca_t");
-
- ca_default(sca->name, ca, &cfg->ca_default);
- ca->kw = sca->kw;
- ca->next = NULL;
-
- if (cfg->ca_last)
- cfg->ca_last->next = ca;
- cfg->ca_last = ca;
- if (!cfg->ca_first)
- cfg->ca_first = ca;
-
- load_ca(ca, ca->kw, cfg);
- }
-
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- also_t *also = ca->also;
-
- while (also != NULL)
- {
- kw_list_t *kw = find_also_ca(also->name, cfg->ca_first, cfg);
-
- load_ca(ca, kw, cfg);
- also = also->next;
- }
-
- if (ca->startup != STARTUP_NO)
- ca->state = STATE_TO_ADD;
- }
-
- /* find %default conn sections */
- for (sconn = cfgp->conn_first; sconn; sconn = sconn->next)
- {
- if (streq(sconn->name, "%default"))
- {
- DBG(DBG_CONTROL,
- DBG_log("Loading conn %%default")
- )
- load_conn(&cfg->conn_default, sconn->kw, cfg);
- }
- }
-
- /* parameter defined in conn %default sections can be overloaded */
- cfg->conn_default.seen = LEMPTY;
- cfg->conn_default.right.seen = LEMPTY;
- cfg->conn_default.left.seen = LEMPTY;
-
- /* load other conn sections */
- for (sconn = cfgp->conn_first; sconn; sconn = sconn->next)
- {
- /* skip %default conn section */
- if (streq(sconn->name, "%default"))
- continue;
-
- DBG(DBG_CONTROL,
- DBG_log("Loading conn '%s'", sconn->name)
- )
- conn = (starter_conn_t *)alloc_thing(starter_conn_t, "starter_conn_t");
-
- conn_default(sconn->name, conn, &cfg->conn_default);
- conn->kw = sconn->kw;
- conn->next = NULL;
-
- if (cfg->conn_last)
- cfg->conn_last->next = conn;
- cfg->conn_last = conn;
- if (!cfg->conn_first)
- cfg->conn_first = conn;
-
- load_conn(conn, conn->kw, cfg);
- }
-
- /* in the second round do not parse also statements */
- cfg->parse_also = FALSE;
-
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- ca->visit = ++visit;
- load_also_cas(ca, ca->also, cfg);
-
- if (ca->startup != STARTUP_NO)
- ca->state = STATE_TO_ADD;
- }
-
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- conn->visit = ++visit;
- load_also_conns(conn, conn->also, cfg);
-
- if (conn->startup != STARTUP_NO)
- conn->state = STATE_TO_ADD;
- }
-
- parser_free_conf(cfgp);
-
- if (cfg->err)
- {
- plog("### %d parsing error%s ###", cfg->err, (cfg->err > 1)?"s":"");
- confread_free(cfg);
- cfg = NULL;
- }
-
- return cfg;
-}
-
-/*
- * free the memory used by also_t objects
- */
-static void
-free_also(also_t *head)
-{
- while (head != NULL)
- {
- also_t *also = head;
-
- head = also->next;
- pfree(also->name);
- pfree(also);
- }
-}
-
-/*
- * free the memory used by a starter_conn_t object
- */
-static void
-confread_free_conn(starter_conn_t *conn)
-{
- free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left);
- free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right);
- free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn);
- free_also(conn->also);
-}
-
-/*
- * free the memory used by a starter_ca_t object
- */
-static void
-confread_free_ca(starter_ca_t *ca)
-{
- free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca);
- free_also(ca->also);
-}
-
-/*
- * free the memory used by a starter_config_t object
- */
-void
-confread_free(starter_config_t *cfg)
-{
- starter_conn_t *conn = cfg->conn_first;
- starter_ca_t *ca = cfg->ca_first;
-
- free_args(KW_SETUP_FIRST, KW_SETUP_LAST, (char *)cfg);
-
- confread_free_conn(&cfg->conn_default);
-
- while (conn != NULL)
- {
- starter_conn_t *conn_aux = conn;
-
- conn = conn->next;
- confread_free_conn(conn_aux);
- pfree(conn_aux);
- }
-
- confread_free_ca(&cfg->ca_default);
-
- while (ca != NULL)
- {
- starter_ca_t *ca_aux = ca;
-
- ca = ca->next;
- confread_free_ca(ca_aux);
- pfree(ca_aux);
- }
-
- pfree(cfg);
-}
diff --git a/programs/starter/confread.h b/programs/starter/confread.h
deleted file mode 100644
index 052f5d527..000000000
--- a/programs/starter/confread.h
+++ /dev/null
@@ -1,200 +0,0 @@
-/* strongSwan IPsec config file parser
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: confread.h,v 1.24 2006/10/19 15:01:05 as Exp $
- */
-
-#ifndef _IPSEC_CONFREAD_H_
-#define _IPSEC_CONFREAD_H_
-
-#ifndef _FREESWAN_H
-#include <freeswan.h>
-#include "../pluto/constants.h"
-#endif
-
-#include "parser.h"
-#include "interfaces.h"
-
-typedef enum {
- STARTUP_NO,
- STARTUP_ADD,
- STARTUP_ROUTE,
- STARTUP_START
-} startup_t;
-
-typedef enum {
- STATE_IGNORE,
- STATE_TO_ADD,
- STATE_ADDED,
- STATE_REPLACED,
- STATE_INVALID
-} starter_state_t;
-
-typedef struct starter_end starter_end_t;
-
-struct starter_end {
- lset_t seen;
- char *id;
- char *rsakey;
- char *cert;
- char *ca;
- char *groups;
- char *iface;
- ip_address addr;
- ip_address nexthop;
- ip_address srcip;
- ip_subnet subnet;
- bool has_client;
- bool has_client_wildcard;
- bool has_port_wildcard;
- bool has_srcip;
- bool has_natip;
- bool modecfg;
- certpolicy_t sendcert;
- bool firewall;
- bool hostaccess;
- char *updown;
- u_int16_t port;
- u_int8_t protocol;
-#ifdef VIRTUAL_IP
- char *virt;
-#endif
-};
-
-typedef struct also also_t;
-
-struct also {
- char *name;
- bool included;
- also_t *next;
-};
-
-typedef struct starter_conn starter_conn_t;
-
-struct starter_conn {
- lset_t seen;
- char *name;
- also_t *also;
- kw_list_t *kw;
- u_int visit;
- startup_t startup;
- starter_state_t state;
-
- int keyexchange;
- lset_t policy;
- time_t sa_ike_life_seconds;
- time_t sa_ipsec_life_seconds;
- time_t sa_rekey_margin;
- unsigned long sa_keying_tries;
- unsigned long sa_rekey_fuzz;
- sa_family_t addr_family;
- sa_family_t tunnel_addr_family;
-
- starter_end_t left, right;
-
- unsigned long id;
-
- char *esp;
- char *ike;
- char *pfsgroup;
-
- time_t dpd_delay;
- time_t dpd_timeout;
- dpd_action_t dpd_action;
- int dpd_count;
-
- starter_conn_t *next;
-};
-
-typedef struct starter_ca starter_ca_t;
-
-struct starter_ca {
- lset_t seen;
- char *name;
- also_t *also;
- kw_list_t *kw;
- u_int visit;
- startup_t startup;
- starter_state_t state;
-
- char *cacert;
- char *ldaphost;
- char *ldapbase;
- char *crluri;
- char *crluri2;
- char *ocspuri;
-
- bool strict;
-
- starter_ca_t *next;
-};
-
-typedef struct starter_config starter_config_t;
-
-struct starter_config {
- struct {
- lset_t seen;
- char **interfaces;
- char *dumpdir;
-
- /* pluto keywords */
- char **plutodebug;
- char *prepluto;
- char *postpluto;
- bool uniqueids;
- u_int overridemtu;
- u_int crlcheckinterval;
- bool cachecrls;
- bool strictcrlpolicy;
- bool nocrsend;
- bool nat_traversal;
- u_int keep_alive;
- char *virtual_private;
- char *pkcs11module;
- bool pkcs11keepstate;
- bool pkcs11proxy;
-
- /* KLIPS keywords */
- char **klipsdebug;
- bool fragicmp;
- char *packetdefault;
- bool hidetos;
- } setup;
-
- /* information about the default route */
- defaultroute_t defaultroute;
-
- /* number of encountered parsing errors */
- u_int err;
-
- /* do we parse also statements */
- bool parse_also;
-
- /* ca %default */
- starter_ca_t ca_default;
-
- /* connections list (without %default) */
- starter_ca_t *ca_first, *ca_last;
-
- /* conn %default */
- starter_conn_t conn_default;
-
- /* connections list (without %default) */
- starter_conn_t *conn_first, *conn_last;
-};
-
-extern starter_config_t *confread_load(const char *file);
-extern void confread_free(starter_config_t *cfg);
-
-#endif /* _IPSEC_CONFREAD_H_ */
-
diff --git a/programs/starter/exec.c b/programs/starter/exec.c
deleted file mode 100644
index 98541db75..000000000
--- a/programs/starter/exec.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/* strongSwan IPsec exec helper function
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: exec.c,v 1.4 2006/01/04 23:30:24 as Exp $
- */
-
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <stdio.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "exec.h"
-
-#define BUF_SIZE 2048
-
-/**
- * TODO:
- * o log stdout with LOG_LEVEL_INFO and stderr with LOG_LEVEL_ERR
- */
-
-int
-starter_exec(const char *fmt, ...)
-{
- va_list args;
- static char buf[BUF_SIZE];
- int r;
-
- va_start (args, fmt);
- vsnprintf(buf, BUF_SIZE-1, fmt, args);
- buf[BUF_SIZE - 1] = '\0';
- va_end(args);
- r = system(buf);
- DBG(DBG_CONTROL,
- DBG_log("starter_exec(%s) = %d", buf, r)
- )
- return r;
-}
-
diff --git a/programs/starter/exec.h b/programs/starter/exec.h
deleted file mode 100644
index d4be931dd..000000000
--- a/programs/starter/exec.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* strongSwan IPsec starter exec helper function
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: exec.h,v 1.2 2005/12/28 10:20:32 as Exp $
- */
-
-#ifndef _STARTER_EXEC_H_
-#define _STARTER_EXEC_H_
-
-extern int starter_exec (const char *fmt, ...);
-
-#endif /* _STARTER_EXEC_H_ */
-
diff --git a/programs/starter/files.h b/programs/starter/files.h
deleted file mode 100644
index 286cdf105..000000000
--- a/programs/starter/files.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* strongSwan file locations
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: files.h,v 1.5 2006/02/04 18:52:58 as Exp $
- */
-
-#ifndef _STARTER_FILES_H_
-#define _STARTER_FILES_H_
-
-#ifndef DEFAULT_CTLBASE
-#define DEFAULT_CTLBASE "/var/run/pluto"
-#endif
-#define CTL_SUFFIX ".ctl"
-#define PID_SUFFIX ".pid"
-
-#define MY_PID_FILE "/var/run/starter.pid"
-
-#define DEV_RANDOM "/dev/random"
-#define DEV_URANDOM "/dev/urandom"
-
-#define PROC_NETKEY "/proc/net/pfkey"
-#define PROC_IPSECVERSION "/proc/net/ipsec_version"
-#define PROC_SYSFLAGS "/proc/sys/net/ipsec"
-#define PROC_MODULES "/proc/modules"
-
-#define CONFIG_FILE IPSEC_CONFDIR"/ipsec.conf"
-#define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets"
-
-#define PLUTO_CMD IPSEC_EXECDIR"/pluto"
-#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX
-#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX
-
-#define DYNIP_DIR "/var/run/dynip"
-#define INFO_FILE "/var/run/ipsec.info"
-
-#endif /* _STARTER_FILES_H_ */
-
diff --git a/programs/starter/interfaces.c b/programs/starter/interfaces.c
deleted file mode 100644
index 3b24e2faf..000000000
--- a/programs/starter/interfaces.c
+++ /dev/null
@@ -1,582 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: interfaces.c,v 1.16 2006/05/25 12:10:15 as Exp $
- */
-
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <linux/if.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <freeswan.h>
-#include <freeswan/ipsec_tunnel.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "interfaces.h"
-#include "exec.h"
-#include "files.h"
-
-#define MIN(a,b) ( ((a)>(b)) ? (b) : (a) )
-
-#define N_IPSEC_IF 4
-
-struct st_ipsec_if {
- char name[IFNAMSIZ];
- char phys[IFNAMSIZ];
- int up;
-};
-
-static struct st_ipsec_if _ipsec_if[N_IPSEC_IF];
-
-static char *
-_find_physical_iface(int sock, char *iface)
-{
- static char _if[IFNAMSIZ];
- char *b;
- struct ifreq req;
- FILE *fd;
- char line[BUF_LEN];
-
- strncpy(req.ifr_name, iface, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req)==0)
- {
- if (req.ifr_flags & IFF_UP)
- {
- strncpy(_if, iface, IFNAMSIZ);
- return _if;
- }
- }
- else
- {
- /* If there is a file named /var/run/dynip/<iface>, look if we
- * can get interface name from there (IP_PHYS)
- */
- b = (char *)alloc_bytes(strlen(DYNIP_DIR) + strlen(iface) + 10, "iface");
- if (b)
- {
- sprintf(b, "%s/%s", DYNIP_DIR, iface);
- fd = fopen(b, "r");
- pfree(b);
- if (fd)
- {
- memset(_if, 0, sizeof(_if));
- memset(line, 0, sizeof(line));
- while (fgets(line, sizeof(line), fd) != 0)
- {
- if ((strncmp(line,"IP_PHYS=\"", 9) == 0)
- && (line[strlen(line) - 2] == '"')
- && (line[strlen(line) - 1] == '\n'))
- {
- strncpy(_if, line + 9, MIN(strlen(line) - 11, IFNAMSIZ));
- break;
- }
- else if ((strncmp(line,"IP_PHYS=", 8) == 0)
- && (line[8] != '"')
- && (line[strlen(line) - 1] == '\n'))
- {
- strncpy(_if, line + 8, MIN(strlen(line) - 9, IFNAMSIZ));
- break;
- }
- }
- fclose(fd);
-
- if (*_if)
- {
- strncpy(req.ifr_name, _if, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req) == 0)
- {
- if (req.ifr_flags & IFF_UP)
- return _if;
- }
- }
- }
- }
- }
- return NULL;
-}
-
-int
-starter_iface_find(char *iface, int af, ip_address *dst, ip_address *nh)
-{
- char *phys;
- struct ifreq req;
- struct sockaddr_in *sa = (struct sockaddr_in *)(&req.ifr_addr);
- int sock;
-
- if (!iface)
- return -1;
-
- sock = socket(af, SOCK_DGRAM, 0);
- if (sock < 0)
- return -1;
-
- phys = _find_physical_iface(sock, iface);
- if (!phys)
- goto failed;
-
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req)!=0)
- goto failed;
- if (!(req.ifr_flags & IFF_UP))
- goto failed;
-
- if ((req.ifr_flags & IFF_POINTOPOINT)
- && nh
- && ioctl(sock, SIOCGIFDSTADDR, &req) == 0)
- {
- if (sa->sin_family == af)
- initaddr((const void *)&sa->sin_addr, sizeof(struct in_addr), af, nh);
- }
- if ((dst) && (ioctl(sock, SIOCGIFADDR, &req) == 0))
- {
- if (sa->sin_family == af)
- initaddr((const void *)&sa->sin_addr, sizeof(struct in_addr), af, dst);
- }
- close(sock);
- return 0;
-
-failed:
- close(sock);
- return -1;
-}
-
-static int
-valid_str(char *str, unsigned int *pn, char **pphys
-, defaultroute_t *defaultroute)
-{
- if (streq(str, "%defaultroute"))
- {
- if (!defaultroute->defined)
- {
- return 0;
- }
- *pn = 0;
- *pphys = defaultroute->iface;
- }
- else
- {
- if (strlen(str) < 8
- || str[0] != 'i' || str[1] != 'p' || str[2] !='s' || str[3] != 'e'
- || str[4] != 'c' || str[5] < '0' || str[5] > '9' || str[6] != '=')
- {
- return 0;
- }
- *pn = str[5] - '0';
- *pphys = &(str[7]);
- }
- return 1;
-}
-
-static int
-_iface_up (int sock, struct st_ipsec_if *iface, char *phys
-, unsigned int mtu, bool nat_t)
-{
- struct ifreq req;
- struct ipsectunnelconf *shc=(struct ipsectunnelconf *)&req.ifr_data;
- short phys_flags;
- int ret = 0;
-
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req) !=0 )
- return ret;
- phys_flags = req.ifr_flags;
-
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req) != 0)
- return ret;
-
- if ((!(req.ifr_flags & IFF_UP)) || (!iface->up))
- {
- DBG(DBG_CONTROL,
- DBG_log("attaching interface %s to %s", iface->name, phys)
- )
- ret = 1;
- }
-
- if ((*iface->phys) && (strcmp(iface->phys, phys) != 0 ))
- {
- /* tncfg --detach if phys has changed */
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- ioctl(sock, IPSEC_DEL_DEV, &req);
- ret = 1;
- }
-
- /* tncfg --attach */
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- strncpy(shc->cf_name, phys, sizeof(shc->cf_name));
- ioctl(sock, IPSEC_SET_DEV, &req);
-
- /* set ipsec addr = phys addr */
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFADDR, &req) == 0)
- {
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- ioctl(sock, SIOCSIFADDR, &req);
- }
-
- /* set ipsec mask = phys mask */
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFNETMASK, &req) == 0)
- {
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- ioctl(sock, SIOCSIFNETMASK, &req);
- }
-
- /* set other flags & addr */
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req)==0)
- {
- if (phys_flags & IFF_POINTOPOINT)
- {
- req.ifr_flags |= IFF_POINTOPOINT;
- req.ifr_flags &= ~IFF_BROADCAST;
- ioctl(sock, SIOCSIFFLAGS, &req);
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFDSTADDR, &req) == 0)
- {
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- ioctl(sock, SIOCSIFDSTADDR, &req);
- }
- }
- else if (phys_flags & IFF_BROADCAST)
- {
- req.ifr_flags &= ~IFF_POINTOPOINT;
- req.ifr_flags |= IFF_BROADCAST;
- ioctl(sock, SIOCSIFFLAGS, &req);
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFBRDADDR, &req) == 0)
- {
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- ioctl(sock, SIOCSIFBRDADDR, &req);
- }
- }
- else
- {
- req.ifr_flags &= ~IFF_POINTOPOINT;
- req.ifr_flags &= ~IFF_BROADCAST;
- ioctl(sock, SIOCSIFFLAGS, &req);
- }
- }
-
- /*
- * guess MTU = phys interface MTU - ESP Overhead
- *
- * ESP overhead : 10+16+7+2+12=57 -> 60 by security
- * NAT-T overhead : 20
- */
- if (mtu == 0)
- {
- strncpy(req.ifr_name, phys, IFNAMSIZ);
- ioctl(sock, SIOCGIFMTU, &req);
- mtu = req.ifr_mtu - 60;
- if (nat_t)
- mtu -= 20;
- }
- /* set MTU */
- if (mtu)
- {
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- req.ifr_mtu = mtu;
- ioctl(sock, SIOCSIFMTU, &req);
- }
-
- /* ipsec interface UP */
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req) == 0)
- {
- req.ifr_flags |= IFF_UP;
- ioctl(sock, SIOCSIFFLAGS, &req);
- }
-
- iface->up = 1;
- strncpy(iface->phys, phys, IFNAMSIZ);
- return ret;
-}
-
-static int
-_iface_down(int sock, struct st_ipsec_if *iface)
-{
- struct ifreq req;
- int ret = 0;
-
- iface->up = 0;
-
- strncpy(req.ifr_name, iface->name, IFNAMSIZ);
- if (ioctl(sock, SIOCGIFFLAGS, &req)!=0)
- return ret;
-
- if (req.ifr_flags & IFF_UP)
- {
- DBG(DBG_CONTROL,
- DBG_log("shutting down interface %s/%s", iface->name, iface->phys)
- )
- req.ifr_flags &= ~IFF_UP;
- ioctl(sock, SIOCSIFFLAGS, &req);
- ret = 1;
- }
-
- /* unset addr */
- memset(&req.ifr_addr, 0, sizeof(req.ifr_addr));
- req.ifr_addr.sa_family = AF_INET;
- ioctl(sock, SIOCSIFADDR, &req);
-
- /* tncfg --detach */
- ioctl(sock, IPSEC_DEL_DEV, &req);
-
- memset(iface->phys, 0, sizeof(iface->phys));
-
- return ret;
-}
-
-void
-starter_ifaces_init(void)
-{
- int i;
-
- memset(_ipsec_if, 0, sizeof(_ipsec_if));
- for (i = 0; i < N_IPSEC_IF; i++)
- snprintf(_ipsec_if[i].name, IFNAMSIZ, "ipsec%d", i);
-}
-
-void
-starter_ifaces_clear (void)
-{
- int sock;
- unsigned int i;
-
- sock = socket(AF_INET, SOCK_DGRAM, 0);
- if (sock < 0)
- return;
-
- for (i = 0; i < N_IPSEC_IF; i++)
- _iface_down (sock, &(_ipsec_if[i]));
-}
-
-int
-starter_ifaces_load(char **ifaces, unsigned int omtu, bool nat_t
-, defaultroute_t *defaultroute)
-{
- char *tmp_phys, *phys;
- int n;
- char **i;
- int sock;
- int j, found;
- int ret = 0;
- struct ifreq physreq, ipsecreq; // re-attach interface
- struct sockaddr_in *inp1, *inp2; // re-attach interface
-
- DBG(DBG_CONTROL,
- DBG_log("starter_ifaces_load()")
- )
-
- sock = socket(AF_INET, SOCK_DGRAM, 0);
- if (sock < 0)
- return -1;
-
- for (j = 0; j < N_IPSEC_IF; j++)
- {
- found = 0;
-
- for (i = ifaces; i && *i; i++)
- {
- if (valid_str(*i, &n, &tmp_phys, defaultroute)
- && tmp_phys
- && n >= 0
- && n < N_IPSEC_IF)
- {
- if (n==j)
- {
- if (found)
- {
- plog( "ignoring duplicate entry for interface ipsec%d", j);
- }
- else
- {
- found++;
- phys = _find_physical_iface(sock, tmp_phys);
-
- /* Re-attach ipsec interface if IP address changes
- * sscholz@astaro.com
- */
- if (phys)
- {
- memset ((void*)&physreq, 0, sizeof(physreq));
- memset ((void*)&ipsecreq, 0, sizeof(ipsecreq));
- strncpy(physreq.ifr_name, phys, IFNAMSIZ);
- sprintf(ipsecreq.ifr_name, "ipsec%d", j);
- ioctl(sock, SIOCGIFADDR, &physreq);
- ioctl(sock, SIOCGIFADDR, &ipsecreq);
- inp1 = (struct sockaddr_in *)&physreq.ifr_addr;
- inp2 = (struct sockaddr_in *)&ipsecreq.ifr_addr;
- if (inp1->sin_addr.s_addr != inp2->sin_addr.s_addr)
- {
- plog("IP address of physical interface changed "
- "-> reinit of ipsec interface");
- _iface_down (sock, &(_ipsec_if[n]));
- }
- ret += _iface_up (sock, &(_ipsec_if[n]), phys, omtu, nat_t);
- }
- else
- {
- ret += _iface_down (sock, &(_ipsec_if[n]));
- }
- }
- }
- }
- else if (j == 0)
- {
- /* Only log in the first loop */
- plog("ignoring invalid interface '%s'", *i);
- }
- }
- if (!found)
- ret += _iface_down (sock, &(_ipsec_if[j]));
- }
-
- close(sock);
- return ret; /* = number of changes - 'whack --listen' if > 0 */
-}
-
-/*
- * initialize a defaultroute_t struct
- */
-static void
-init_defaultroute(defaultroute_t *defaultroute)
-{
- memset(defaultroute, 0, sizeof(defaultroute_t));
-}
-
-/*
- * discover the default route via /proc/net/route
- */
-void
-get_defaultroute(defaultroute_t *defaultroute)
-{
- FILE *fd;
- char line[BUF_LEN];
- bool first = TRUE;
-
- init_defaultroute(defaultroute);
-
- fd = fopen("/proc/net/route", "r");
-
- if (!fd)
- {
- plog("could not open 'proc/net/route'");
- return;
- }
-
- while (fgets(line, sizeof(line), fd) != 0)
- {
- char iface[11];
- char destination[9];
- char gateway[11];
- char flags[5];
- char mask[9];
-
- int refcnt;
- int use;
- int metric;
- int items;
-
- /* proc/net/route returns IP addresses in host order */
- strcpy(gateway, "0h");
-
- /* skip the header line */
- if (first)
- {
- first = FALSE;
- continue;
- }
-
- /* parsing a single line of proc/net/route */
- items = sscanf(line, "%10s\t%8s\t%8s\t%5s\t%d\t%d\t%d\t%8s\t"
- , iface, destination, gateway+2, flags, &refcnt, &use, &metric, mask);
- if (items < 8)
- {
- plog("parsing error while scanning /proc/net/route");
- continue;
- }
-
- /* check for defaultroute (destination 0.0.0.0 and mask 0.0.0.0) */
- if (streq(destination, "00000000") && streq(mask, "00000000"))
- {
- if (defaultroute->defined)
- {
- plog("multiple default routes - cannot cope with %%defaultroute!!!");
- defaultroute->defined = FALSE;
- fclose(fd);
- return;
- }
- ttoaddr(gateway, strlen(gateway), AF_INET, &defaultroute->nexthop);
- strncpy(defaultroute->iface, iface, IFNAMSIZ);
- defaultroute->defined = TRUE;
- }
- }
- fclose(fd);
-
- if (!defaultroute->defined)
- {
- plog("no default route - cannot cope with %%defaultroute!!!");
- }
- else
- {
- char addr_buf[20], nexthop_buf[20];
- struct ifreq physreq;
-
- int sock = socket(AF_INET, SOCK_DGRAM, 0);
-
- /* determine IP address of iface */
- if (sock < 0)
- {
- plog("could not open SOCK_DGRAM socket");
- defaultroute->defined = FALSE;
- return;
- }
- memset ((void*)&physreq, 0, sizeof(physreq));
- strncpy(physreq.ifr_name, defaultroute->iface, IFNAMSIZ);
- ioctl(sock, SIOCGIFADDR, &physreq);
- close(sock);
- defaultroute->addr.u.v4 = *((struct sockaddr_in *)&physreq.ifr_addr);
-
- addrtot(&defaultroute->addr, 0, addr_buf, sizeof(addr_buf));
- addrtot(&defaultroute->nexthop, 0, nexthop_buf, sizeof(nexthop_buf));
-
- DBG(DBG_CONTROL,
- DBG_log("Default route found: iface=%s, addr=%s, nexthop=%s"
- , defaultroute->iface, addr_buf, nexthop_buf)
- )
-
- /* for backwards-compatibility with the awk shell scripts
- * store the defaultroute in /var/run/ipsec.info
- */
- fd = fopen(INFO_FILE, "w");
-
- if (fd)
- {
- fprintf(fd, "defaultroutephys=%s\n", defaultroute->iface );
- fprintf(fd, "defaultroutevirt=ipsec0\n");
- fprintf(fd, "defaultrouteaddr=%s\n", addr_buf);
- fprintf(fd, "defaultroutenexthop=%s\n", nexthop_buf);
- fclose(fd);
- }
- }
- return;
-}
diff --git a/programs/starter/interfaces.h b/programs/starter/interfaces.h
deleted file mode 100644
index 9898c0516..000000000
--- a/programs/starter/interfaces.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* strongSwan IPsec interfaces management
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: interfaces.h,v 1.6 2006/01/06 20:24:07 as Exp $
- */
-
-#ifndef _STARTER_INTERFACES_H_
-#define _STARTER_INTERFACES_H_
-
-#include <linux/if.h>
-
-#include "../pluto/constants.h"
-
-typedef struct {
- bool defined;
- char iface[IFNAMSIZ];
- ip_address addr;
- ip_address nexthop;
-} defaultroute_t;
-
-extern void starter_ifaces_init (void);
-extern int starter_iface_find(char *iface, int af, ip_address *dst
- , ip_address *nh);
-extern int starter_ifaces_load (char **ifaces, unsigned int omtu, bool nat_t
- , defaultroute_t *defaultroute);
-extern void starter_ifaces_clear (void);
-extern void get_defaultroute(defaultroute_t *defaultroute);
-
-
-#endif /* _STARTER_INTERFACES_H_ */
-
diff --git a/programs/starter/invokepluto.c b/programs/starter/invokepluto.c
deleted file mode 100644
index 70376e380..000000000
--- a/programs/starter/invokepluto.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/* strongSwan Pluto launcher
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: invokepluto.c,v 1.12 2006/02/17 21:41:50 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <signal.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "confread.h"
-#include "invokepluto.h"
-#include "files.h"
-#include "starterwhack.h"
-#
-static int _pluto_pid = 0;
-static int _stop_requested;
-
-pid_t
-starter_pluto_pid(void)
-{
- return _pluto_pid;
-}
-
-void
-starter_pluto_sigchild(pid_t pid)
-{
- if (pid == _pluto_pid)
- {
- _pluto_pid = 0;
- if (!_stop_requested)
- {
- plog("pluto has died -- restart scheduled (%dsec)"
- , PLUTO_RESTART_DELAY);
- alarm(PLUTO_RESTART_DELAY); // restart in 5 sec
- }
- unlink(PID_FILE);
- }
-}
-
-int
-starter_stop_pluto (void)
-{
- pid_t pid;
- int i;
-
- pid = _pluto_pid;
- if (pid)
- {
- _stop_requested = 1;
- if (starter_whack_shutdown() == 0)
- {
- for (i = 0; i < 20; i++)
- {
- usleep(20000);
- if (_pluto_pid == 0)
- return 0;
- }
- }
- /* be more and more aggressive */
- for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++)
- {
- if (i < 10)
- kill(pid, SIGTERM);
- else
- kill(pid, SIGKILL);
- usleep(20000);
- }
- if (_pluto_pid == 0)
- return 0;
- plog("starter_stop_pluto(): can't stop pluto !!!");
- return -1;
- }
- else
- {
- plog("stater_stop_pluto(): pluto is not started...");
- }
- return -1;
-}
-
-#define ADD_DEBUG(v) { \
- for (l = cfg->setup.plutodebug; l && *l; l++) if (streq(*l, v)) \
- arg[argc++] = "--debug-" v; \
- }
-
-int
-starter_start_pluto (starter_config_t *cfg, bool debug)
-{
- int i;
- struct stat stb;
- pid_t pid;
- char **l;
- int argc = 2;
- char *arg[] = {
- PLUTO_CMD, "--nofork"
- , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
- , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
- , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
- , NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
- };
-
- printf ("starter_start_pluto entered\n");
-
- if (debug)
- {
- arg[argc++] = "--stderrlog";
- }
- if (cfg->setup.uniqueids)
- {
- arg[argc++] = "--uniqueids";
- }
- ADD_DEBUG("none")
- ADD_DEBUG("all")
- ADD_DEBUG("raw")
- ADD_DEBUG("crypt")
- ADD_DEBUG("parsing")
- ADD_DEBUG("emitting")
- ADD_DEBUG("control")
- ADD_DEBUG("lifecycle")
- ADD_DEBUG("klips")
- ADD_DEBUG("dns")
- ADD_DEBUG("natt")
- ADD_DEBUG("oppo")
- ADD_DEBUG("controlmore")
- ADD_DEBUG("private")
- if (cfg->setup.crlcheckinterval > 0)
- {
- static char buf1[15];
-
- arg[argc++] = "--crlcheckinterval";
- snprintf(buf1, sizeof(buf1), "%u", cfg->setup.crlcheckinterval);
- arg[argc++] = buf1;
- }
- if (cfg->setup.cachecrls)
- {
- arg[argc++] = "--cachecrls";
- }
- if (cfg->setup.strictcrlpolicy)
- {
- arg[argc++] = "--strictcrlpolicy";
- }
- if (cfg->setup.nocrsend)
- {
- arg[argc++] = "--nocrsend";
- }
- if (cfg->setup.nat_traversal)
- {
- arg[argc++] = "--nat_traversal";
- }
- if (cfg->setup.keep_alive)
- {
- static char buf2[15];
-
- arg[argc++] = "--keep_alive";
- snprintf(buf2, sizeof(buf2), "%u", cfg->setup.keep_alive);
- arg[argc++] = buf2;
- }
-#ifdef VIRTUAL_IP
- if (cfg->setup.virtual_private)
- {
- arg[argc++] = "--virtual_private";
- arg[argc++] = cfg->setup.virtual_private;
- }
-#endif
- if (cfg->setup.pkcs11module)
- {
- arg[argc++] = "--pkcs11module";
- arg[argc++] = cfg->setup.pkcs11module;
- }
- if (cfg->setup.pkcs11keepstate)
- {
- arg[argc++] = "--pkcs11keepstate";
- }
- if (cfg->setup.pkcs11proxy)
- {
- arg[argc++] = "--pkcs11proxy";
- }
-
- if (_pluto_pid)
- {
- plog("starter_start_pluto(): pluto already started...");
- return -1;
- }
- else
- {
- unlink(CTL_FILE);
- _stop_requested = 0;
-
- if (cfg->setup.prepluto)
- system(cfg->setup.prepluto);
-
- /* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
- {
- mode_t oldmask;
- FILE *f;
-
- plog("no %s file, generating RSA key", SECRETS_FILE);
- system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
-
- /* ipsec.secrets is root readable only */
- oldmask = umask(0066);
-
- f = fopen(SECRETS_FILE, "w");
- if (f)
- {
- fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
- fprintf(f, "\n");
- fprintf(f, ": RSA myKey.der\n");
- fclose(f);
- }
- umask(oldmask);
- }
-
- pid = fork();
- switch (pid)
- {
- case -1:
- plog("can't fork(): %s", strerror(errno));
- return -1;
- case 0:
- /* child */
- setsid();
- sigprocmask(SIG_SETMASK, 0, NULL);
- execv(arg[0], arg);
- plog("can't execv(%s,...): %s", arg[0], strerror(errno));
- exit(1);
- default:
- /* father */
- _pluto_pid = pid;
- for (i = 0; i < 50 && _pluto_pid; i++)
- {
- /* wait for pluto */
- usleep(20000);
- if (stat(CTL_FILE, &stb) == 0)
- {
- DBG(DBG_CONTROL,
- DBG_log("pluto (%d) started", _pluto_pid)
- )
- if (cfg->setup.postpluto)
- system(cfg->setup.postpluto);
- return 0;
- }
- }
- if (_pluto_pid)
- {
- /* If pluto is started but with no ctl file, stop it */
- plog("pluto too long to start... - kill kill");
- for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++)
- {
- if (i < 10)
- kill(pid, SIGTERM);
- else
- kill(pid, SIGKILL);
- usleep(20000);
- }
- }
- else
- {
- plog("pluto refused to be started");
- }
- return -1;
- }
- }
- return -1;
-}
diff --git a/programs/starter/invokepluto.h b/programs/starter/invokepluto.h
deleted file mode 100644
index 26858f9b2..000000000
--- a/programs/starter/invokepluto.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* strongSwan pluto launcher
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: invokepluto.h,v 1.3 2006/01/04 23:30:24 as Exp $
- */
-
-#ifndef _STARTER_PLUTO_H_
-#define _STARTER_PLUTO_H_
-
-#define PLUTO_RESTART_DELAY 5
-
-extern void starter_pluto_sigchild (pid_t pid);
-extern pid_t starter_pluto_pid (void);
-extern int starter_stop_pluto (void);
-extern int starter_start_pluto (struct starter_config *cfg, bool debug);
-
-#endif /* _STARTER_PLUTO_H_ */
-
diff --git a/programs/starter/keywords.c b/programs/starter/keywords.c
deleted file mode 100644
index b06ee3c0c..000000000
--- a/programs/starter/keywords.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* C code produced by gperf version 3.0.1 */
-/* Command-line: gperf -C -G -t */
-/* Computed positions: -k'3,$' */
-
-#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
- && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
- && (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
- && ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
- && ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
- && ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
- && ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
- && ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
- && ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
- && ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
- && ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
- && ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
- && ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
- && ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
- && ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
- && ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
- && ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
- && ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
- && ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
- && ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
- && ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
- && ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
- && ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126))
-/* The character set is not based on ISO-646. */
-error "gperf generated tables don't work with this execution character set. Please report a bug to <bug-gnu-gperf@gnu.org>."
-#endif
-
-
-/* strongSwan keywords
- * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: keywords.c,v 1.9 2007/01/11 21:29:28 as Exp $
- */
-
-#include <string.h>
-
-#include "keywords.h"
-
-struct kw_entry {
- char *name;
- kw_token_t token;
-};
-
-#define TOTAL_KEYWORDS 81
-#define MIN_WORD_LENGTH 3
-#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 9
-#define MAX_HASH_VALUE 156
-/* maximum key range = 148, duplicates = 0 */
-
-#ifdef __GNUC__
-__inline
-#else
-#ifdef __cplusplus
-inline
-#endif
-#endif
-static unsigned int
-hash (str, len)
- register const char *str;
- register unsigned int len;
-{
- static const unsigned char asso_values[] =
- {
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 25, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 90, 157, 60,
- 50, 25, 0, 10, 30, 65, 157, 65, 70, 5,
- 0, 75, 35, 157, 10, 20, 5, 70, 157, 157,
- 157, 55, 0, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
- 157, 157, 157, 157, 157, 157
- };
- return len + asso_values[(unsigned char)str[2]] + asso_values[(unsigned char)str[len - 1]];
-}
-
-static const struct kw_entry wordlist[] =
- {
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {"left", KW_LEFT},
- {"leftupdown", KW_LEFTUPDOWN},
- {""}, {""},
- {"leftcert", KW_LEFTCERT,},
- {""},
- {"leftsubnet", KW_LEFTSUBNET},
- {"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
- {"leftsendcert", KW_LEFTSENDCERT},
- {"leftprotoport", KW_LEFTPROTOPORT},
- {""},
- {"right", KW_RIGHT},
- {"rightupdown", KW_RIGHTUPDOWN},
- {"dumpdir", KW_DUMPDIR},
- {""},
- {"rightcert", KW_RIGHTCERT},
- {""},
- {"rightsubnet", KW_RIGHTSUBNET},
- {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
- {"rightsendcert", KW_RIGHTSENDCERT},
- {"rightprotoport", KW_RIGHTPROTOPORT},
- {"leftgroups", KW_LEFTGROUPS},
- {""}, {""},
- {"compress", KW_COMPRESS},
- {"lefthostaccess", KW_LEFTHOSTACCESS},
- {"interfaces", KW_INTERFACES},
- {""}, {""}, {""},
- {"auth", KW_AUTH},
- {""},
- {"rightgroups", KW_RIGHTGROUPS},
- {""},
- {"pfs", KW_PFS},
- {"leftnatip", KW_LEFTNATIP},
- {"righthostaccess", KW_RIGHTHOSTACCESS},
- {"leftnexthop", KW_LEFTNEXTHOP},
- {"leftsourceip", KW_LEFTSOURCEIP},
- {""}, {""},
- {"virtual_private", KW_VIRTUAL_PRIVATE},
- {""}, {""},
- {"ike", KW_IKE},
- {""},
- {"rightnatip", KW_RIGHTNATIP},
- {"leftid", KW_LEFTID},
- {"rightnexthop", KW_RIGHTNEXTHOP},
- {"rightsourceip", KW_RIGHTSOURCEIP},
- {"dpdaction", KW_DPDACTION},
- {"keep_alive", KW_KEEP_ALIVE},
- {"ikelifetime", KW_IKELIFETIME},
- {""},
- {"pfsgroup", KW_PFSGROUP},
- {"type", KW_TYPE},
- {"dpdtimeout", KW_DPDTIMEOUT},
- {"authby", KW_AUTHBY},
- {"rightid", KW_RIGHTID},
- {"leftrsasigkey", KW_LEFTRSASIGKEY},
- {""},
- {"modeconfig", KW_MODECONFIG},
- {"cacert", KW_CACERT},
- {""},
- {"esp", KW_ESP},
- {"rekeyfuzz", KW_REKEYFUZZ},
- {""},
- {"rekeymargin", KW_REKEYMARGIN},
- {"hidetos", KW_HIDETOS},
- {"packetdefault", KW_PACKETDEFAULT},
- {"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
- {""},
- {"leftfirewall", KW_LEFTFIREWALL},
- {""},
- {"auto", KW_AUTO},
- {"klipsdebug", KW_KLIPSDEBUG},
- {"keyingtries", KW_KEYINGTRIES},
- {"keylife", KW_KEYLIFE},
- {"nat_traversal", KW_NAT_TRAVERSAL},
- {"cachecrls", KW_CACHECRLS},
- {"plutodebug", KW_PLUTODEBUG},
- {"keyexchange", KW_KEYEXCHANGE},
- {"ocspuri", KW_OCSPURI},
- {"rightfirewall", KW_RIGHTFIREWALL},
- {"uniqueids", KW_UNIQUEIDS},
- {""},
- {"leftca", KW_LEFTCA},
- {"pkcs11module", KW_PKCS11MODULE},
- {""},
- {"also", KW_ALSO},
- {"pkcs11keepstate", KW_PKCS11KEEPSTATE},
- {""},
- {"crluri2", KW_CRLURI2},
- {"ldaphost", KW_LDAPHOST},
- {"postpluto", KW_POSTPLUTO},
- {"xauth", KW_XAUTH},
- {"overridemtu", KW_OVERRIDEMTU},
- {"rightca", KW_RIGHTCA},
- {"prepluto", KW_PREPLUTO},
- {""}, {""}, {""}, {""},
- {"dpddelay", KW_DPDDELAY},
- {""}, {""}, {""}, {""},
- {"nocrsend", KW_NOCRSEND},
- {""}, {""}, {""}, {""},
- {"ldapbase", KW_LDAPBASE},
- {""},
- {"rekey", KW_REKEY},
- {"pkcs11proxy", KW_PKCS11PROXY},
- {""}, {""}, {""}, {""}, {""}, {""},
- {"fragicmp", KW_FRAGICMP},
- {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {"crluri", KW_CRLURI},
- {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""},
- {""}, {""}, {""}, {""}, {""},
- {"crlcheckinterval", KW_CRLCHECKINTERVAL}
- };
-
-#ifdef __GNUC__
-__inline
-#endif
-const struct kw_entry *
-in_word_set (str, len)
- register const char *str;
- register unsigned int len;
-{
- if (len <= MAX_WORD_LENGTH && len >= MIN_WORD_LENGTH)
- {
- register int key = hash (str, len);
-
- if (key <= MAX_HASH_VALUE && key >= 0)
- {
- register const char *s = wordlist[key].name;
-
- if (*str == *s && !strcmp (str + 1, s + 1))
- return &wordlist[key];
- }
- }
- return 0;
-}
diff --git a/programs/starter/keywords.h b/programs/starter/keywords.h
deleted file mode 100644
index 4356b4947..000000000
--- a/programs/starter/keywords.h
+++ /dev/null
@@ -1,169 +0,0 @@
-/* strongSwan keywords
- * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: keywords.h,v 1.10 2007/01/11 21:27:27 as Exp $
- */
-
-#ifndef _KEYWORDS_H_
-#define _KEYWORDS_H_
-
-typedef enum {
- /* config setup keywords */
- KW_INTERFACES,
- KW_DUMPDIR,
-
- /* pluto keywords */
- KW_PLUTODEBUG,
- KW_PREPLUTO,
- KW_POSTPLUTO,
- KW_UNIQUEIDS,
- KW_OVERRIDEMTU,
- KW_CRLCHECKINTERVAL,
- KW_CACHECRLS,
- KW_STRICTCRLPOLICY,
- KW_NOCRSEND,
- KW_NAT_TRAVERSAL,
- KW_KEEP_ALIVE,
- KW_VIRTUAL_PRIVATE,
- KW_PKCS11MODULE,
- KW_PKCS11KEEPSTATE,
- KW_PKCS11PROXY,
-
-#define KW_PLUTO_FIRST KW_PLUTODEBUG
-#define KW_PLUTO_LAST KW_PKCS11PROXY
-
- /* KLIPS keywords */
- KW_KLIPSDEBUG,
- KW_FRAGICMP,
- KW_PACKETDEFAULT,
- KW_HIDETOS,
-
-#define KW_KLIPS_FIRST KW_KLIPSDEBUG
-#define KW_KLIPS_LAST KW_HIDETOS
-
-#define KW_SETUP_FIRST KW_INTERFACES
-#define KW_SETUP_LAST KW_HIDETOS
-
- /* conn section keywords */
- KW_CONN_NAME,
- KW_CONN_SETUP,
- KW_KEYEXCHANGE,
- KW_TYPE,
- KW_PFS,
- KW_COMPRESS,
- KW_AUTH,
- KW_AUTHBY,
- KW_IKELIFETIME,
- KW_KEYLIFE,
- KW_REKEYMARGIN,
- KW_KEYINGTRIES,
- KW_REKEYFUZZ,
- KW_REKEY,
- KW_IKE,
- KW_ESP,
- KW_PFSGROUP,
- KW_DPDDELAY,
- KW_DPDTIMEOUT,
- KW_DPDACTION,
- KW_MODECONFIG,
- KW_XAUTH,
-
-#define KW_CONN_FIRST KW_CONN_SETUP
-#define KW_CONN_LAST KW_XAUTH
-
- /* ca section keywords */
- KW_CA_NAME,
- KW_CA_SETUP,
- KW_CACERT,
- KW_LDAPHOST,
- KW_LDAPBASE,
- KW_CRLURI,
- KW_CRLURI2,
- KW_OCSPURI,
-
-#define KW_CA_FIRST KW_CA_SETUP
-#define KW_CA_LAST KW_OCSPURI
-
- /* end keywords */
- KW_HOST,
- KW_NEXTHOP,
- KW_SUBNET,
- KW_SUBNETWITHIN,
- KW_PROTOPORT,
- KW_SOURCEIP,
- KW_NATIP,
- KW_FIREWALL,
- KW_HOSTACCESS,
- KW_UPDOWN,
- KW_ID,
- KW_RSASIGKEY,
- KW_CERT,
- KW_SENDCERT,
- KW_CA,
- KW_GROUPS,
- KW_IFACE,
-
-#define KW_END_FIRST KW_HOST
-#define KW_END_LAST KW_IFACE
-
- /* left end keywords */
- KW_LEFT,
- KW_LEFTNEXTHOP,
- KW_LEFTSUBNET,
- KW_LEFTSUBNETWITHIN,
- KW_LEFTPROTOPORT,
- KW_LEFTSOURCEIP,
- KW_LEFTNATIP,
- KW_LEFTFIREWALL,
- KW_LEFTHOSTACCESS,
- KW_LEFTUPDOWN,
- KW_LEFTID,
- KW_LEFTRSASIGKEY,
- KW_LEFTCERT,
- KW_LEFTSENDCERT,
- KW_LEFTCA,
- KW_LEFTGROUPS,
-
-#define KW_LEFT_FIRST KW_LEFT
-#define KW_LEFT_LAST KW_LEFTGROUPS
-
- /* right end keywords */
- KW_RIGHT,
- KW_RIGHTNEXTHOP,
- KW_RIGHTSUBNET,
- KW_RIGHTSUBNETWITHIN,
- KW_RIGHTPROTOPORT,
- KW_RIGHTSOURCEIP,
- KW_RIGHTNATIP,
- KW_RIGHTFIREWALL,
- KW_RIGHTHOSTACCESS,
- KW_RIGHTUPDOWN,
- KW_RIGHTID,
- KW_RIGHTRSASIGKEY,
- KW_RIGHTCERT,
- KW_RIGHTSENDCERT,
- KW_RIGHTCA,
- KW_RIGHTGROUPS,
-
-#define KW_RIGHT_FIRST KW_RIGHT
-#define KW_RIGHT_LAST KW_RIGHTGROUPS
-
- /* general section keywords */
- KW_ALSO,
- KW_AUTO
-
-} kw_token_t;
-
-#endif /* _KEYWORDS_H_ */
-
diff --git a/programs/starter/keywords.txt b/programs/starter/keywords.txt
deleted file mode 100644
index 6ad2d5fce..000000000
--- a/programs/starter/keywords.txt
+++ /dev/null
@@ -1,109 +0,0 @@
-%{
-/* strongSwan keywords
- * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: keywords.txt,v 1.8 2007/01/11 21:27:51 as Exp $
- */
-
-#include <string.h>
-
-#include "keywords.h"
-
-%}
-struct kw_entry {
- char *name;
- kw_token_t token;
-};
-%%
-interfaces, KW_INTERFACES
-klipsdebug, KW_KLIPSDEBUG
-plutodebug, KW_PLUTODEBUG
-dumpdir, KW_DUMPDIR
-prepluto, KW_PREPLUTO
-postpluto, KW_POSTPLUTO
-fragicmp, KW_FRAGICMP
-packetdefault, KW_PACKETDEFAULT
-hidetos, KW_HIDETOS
-uniqueids, KW_UNIQUEIDS
-overridemtu, KW_OVERRIDEMTU
-crlcheckinterval, KW_CRLCHECKINTERVAL
-cachecrls, KW_CACHECRLS
-strictcrlpolicy, KW_STRICTCRLPOLICY
-nocrsend, KW_NOCRSEND
-nat_traversal, KW_NAT_TRAVERSAL
-keep_alive, KW_KEEP_ALIVE
-virtual_private, KW_VIRTUAL_PRIVATE
-pkcs11module, KW_PKCS11MODULE
-pkcs11keepstate, KW_PKCS11KEEPSTATE
-pkcs11proxy, KW_PKCS11PROXY
-keyexchange, KW_KEYEXCHANGE
-type, KW_TYPE
-pfs, KW_PFS
-compress, KW_COMPRESS
-auth, KW_AUTH
-authby, KW_AUTHBY
-keylife, KW_KEYLIFE
-rekeymargin, KW_REKEYMARGIN
-ikelifetime, KW_IKELIFETIME
-keyingtries, KW_KEYINGTRIES
-rekeyfuzz, KW_REKEYFUZZ
-rekey, KW_REKEY
-esp, KW_ESP
-ike, KW_IKE
-pfsgroup, KW_PFSGROUP
-dpddelay, KW_DPDDELAY
-dpdtimeout, KW_DPDTIMEOUT
-dpdaction, KW_DPDACTION
-modeconfig, KW_MODECONFIG
-xauth, KW_XAUTH
-cacert, KW_CACERT
-ldaphost, KW_LDAPHOST
-ldapbase, KW_LDAPBASE
-crluri, KW_CRLURI
-crluri2, KW_CRLURI2
-ocspuri, KW_OCSPURI
-left, KW_LEFT
-leftnexthop, KW_LEFTNEXTHOP
-leftsubnet, KW_LEFTSUBNET
-leftsubnetwithin, KW_LEFTSUBNETWITHIN
-leftprotoport, KW_LEFTPROTOPORT
-leftsourceip, KW_LEFTSOURCEIP
-leftnatip, KW_LEFTNATIP
-leftfirewall, KW_LEFTFIREWALL
-lefthostaccess, KW_LEFTHOSTACCESS
-leftupdown, KW_LEFTUPDOWN
-leftid, KW_LEFTID
-leftrsasigkey, KW_LEFTRSASIGKEY
-leftcert, KW_LEFTCERT,
-leftsendcert, KW_LEFTSENDCERT
-leftca, KW_LEFTCA
-leftgroups, KW_LEFTGROUPS
-right, KW_RIGHT
-rightnexthop, KW_RIGHTNEXTHOP
-rightsubnet, KW_RIGHTSUBNET
-rightsubnetwithin, KW_RIGHTSUBNETWITHIN
-rightprotoport, KW_RIGHTPROTOPORT
-rightsourceip, KW_RIGHTSOURCEIP
-rightnatip, KW_RIGHTNATIP
-rightfirewall, KW_RIGHTFIREWALL
-righthostaccess, KW_RIGHTHOSTACCESS
-rightupdown, KW_RIGHTUPDOWN
-rightid, KW_RIGHTID
-rightrsasigkey, KW_RIGHTRSASIGKEY
-rightcert, KW_RIGHTCERT
-rightsendcert, KW_RIGHTSENDCERT
-rightca, KW_RIGHTCA
-rightgroups, KW_RIGHTGROUPS
-also, KW_ALSO
-auto, KW_AUTO
diff --git a/programs/starter/klips.c b/programs/starter/klips.c
deleted file mode 100644
index 5595eb6eb..000000000
--- a/programs/starter/klips.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* strongSwan KLIPS starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: klips.c,v 1.8 2006/02/15 18:33:57 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "confread.h"
-#include "klips.h"
-#include "files.h"
-#include "exec.h"
-
-static int _klips_module_loaded = 0;
-
-bool
-starter_klips_init(void)
-{
- struct stat stb;
-
- if (stat(PROC_IPSECVERSION, &stb) != 0)
- {
- if (stat(PROC_MODULES, &stb) == 0)
- {
- unsetenv("MODPATH");
- unsetenv("MODULECONF");
- system("depmod -a >/dev/null 2>&1");
- system("modprobe -qv ipsec");
- }
- if (stat(PROC_IPSECVERSION, &stb) == 0)
- {
- _klips_module_loaded = 1;
- }
- else
- {
- DBG(DBG_CONTROL,
- DBG_log("kernel appears to lack KLIPS")
- )
- return FALSE;
- }
- }
-
- /* make sure that all available crypto algorithms are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- system("modprobe -qv ipsec_aes");
- system("modprobe -qv ipsec_serpent");
- system("modprobe -qv ipsec_twofish");
- system("modprobe -qv ipsec_blowfish");
- system("modprobe -qv ipsec_sha2");
- }
-
- starter_klips_clear();
-
- DBG(DBG_CONTROL,
- DBG_log("Found KLIPS IPsec stack")
- )
- return TRUE;
-}
-
-static void
-_sysflags (char *name, int value)
-{
- int res = starter_exec("echo %d >%s/%s 2>/dev/null"
- , value? 1 : 0, PROC_SYSFLAGS, name);
-
- if (res)
- plog("can't set sysflag %s to %d", name, value? 1 : 0);
-}
-
-void
-starter_klips_set_config(starter_config_t *cfg)
-{
- char **l;
-
- _sysflags("icmp", cfg->setup.fragicmp);
- _sysflags("inbound_policy_check", 1);
- /* _sysflags("no_eroute_pass", 0); */
- /* _sysflags("opportunistic", 0); */
- _sysflags("tos", cfg->setup.hidetos);
-
- starter_exec("%s/klipsdebug --none", IPSEC_EXECDIR);
- for (l = cfg->setup.klipsdebug; l && *l; l++)
- {
- if ((streq(*l, "none")) || (streq(*l, "all")))
- starter_exec("%s/klipsdebug --%s", IPSEC_EXECDIR, *l);
- else
- starter_exec("%s/klipsdebug --set %s", IPSEC_EXECDIR, *l);
- }
-
- starter_exec("%s/eroute --del --eraf inet --src 0/0 --dst 0/0 2>/dev/null"
- , IPSEC_EXECDIR);
- starter_exec("%s/eroute --label packetdefault --replace --eraf inet "
- "--src 0/0 --dst 0/0 --said %%%s", IPSEC_EXECDIR
- , cfg->setup.packetdefault ? cfg->setup.packetdefault : "drop");
-}
-
-void
-starter_klips_clear(void)
-{
- system(IPSEC_EXECDIR"/eroute --clear");
- system(IPSEC_EXECDIR"/spi --clear");
- system(IPSEC_EXECDIR"/klipsdebug --none");
-}
-
-void
-starter_klips_cleanup(void)
-{
- starter_klips_clear();
- if (_klips_module_loaded)
- {
- system("rmmod ipsec");
- _klips_module_loaded = 0;
- }
-}
diff --git a/programs/starter/klips.h b/programs/starter/klips.h
deleted file mode 100644
index d07c6cca4..000000000
--- a/programs/starter/klips.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* strongSwan klips initialization and cleanup
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: klips.h,v 1.2 2005/12/30 19:03:56 as Exp $
- */
-
-#ifndef _STARTER_KLIPS_H_
-#define _STARTER_KLIPS_H_
-
-extern bool starter_klips_init (void);
-extern void starter_klips_set_config (struct starter_config *);
-extern void starter_klips_cleanup (void);
-extern void starter_klips_clear (void);
-
-#endif /* _STARTER_KLIPS_H_ */
-
diff --git a/programs/starter/lex.yy.c b/programs/starter/lex.yy.c
deleted file mode 100644
index 2c0dd040a..000000000
--- a/programs/starter/lex.yy.c
+++ /dev/null
@@ -1,1966 +0,0 @@
-
-#line 3 "lex.yy.c"
-
-#define YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types.
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else /* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif /* __STDC__ */
-#endif /* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index. If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition. This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state. The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
- #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- *yy_cp = (yy_hold_char); \
- YY_RESTORE_YY_MORE_OFFSET \
- (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up yytext again */ \
- } \
- while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr) )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- int yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- int yy_bs_lineno; /**< The line count. */
- int yy_bs_column; /**< The column count. */
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via yyrestart()), so that the user can continue scanning by
- * just pointing yyin at a new input file.
- */
-#define YY_BUFFER_EOF_PENDING 2
-
- };
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
- ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
- : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars; /* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin. A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
-void yy_delete_buffer (YY_BUFFER_STATE b );
-void yy_flush_buffer (YY_BUFFER_STATE b );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
-
-void *yyalloc (yy_size_t );
-void *yyrealloc (void *,yy_size_t );
-void yyfree (void * );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! YY_CURRENT_BUFFER ){ \
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
- }
-
-#define yy_set_bol(at_bol) \
- { \
- if ( ! YY_CURRENT_BUFFER ){\
- yyensure_buffer_stack (); \
- YY_CURRENT_BUFFER_LVALUE = \
- yy_create_buffer(yyin,YY_BUF_SIZE ); \
- } \
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
- }
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[] );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
- (yytext_ptr) = yy_bp; \
- yyleng = (size_t) (yy_cp - yy_bp); \
- (yy_hold_char) = *yy_cp; \
- *yy_cp = '\0'; \
- (yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 14
-#define YY_END_OF_BUFFER 15
-/* This struct is not used in this scanner,
- but its presence is necessary. */
-struct yy_trans_info
- {
- flex_int32_t yy_verify;
- flex_int32_t yy_nxt;
- };
-static yyconst flex_int16_t yy_accept[47] =
- { 0,
- 0, 0, 15, 11, 2, 4, 13, 11, 3, 11,
- 11, 11, 11, 1, 11, 2, 0, 12, 11, 0,
- 4, 8, 11, 11, 11, 11, 1, 11, 11, 11,
- 11, 11, 7, 11, 11, 11, 11, 11, 6, 11,
- 5, 11, 11, 9, 10, 0
- } ;
-
-static yyconst flex_int32_t yy_ec[256] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 2, 1, 4, 5, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 6, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 7, 1, 8, 9,
-
- 10, 11, 12, 1, 13, 1, 1, 14, 1, 15,
- 16, 17, 1, 18, 19, 20, 21, 22, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1
- } ;
-
-static yyconst flex_int32_t yy_meta[23] =
- { 0,
- 1, 2, 3, 2, 1, 2, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1
- } ;
-
-static yyconst flex_int16_t yy_base[51] =
- { 0,
- 0, 69, 70, 0, 67, 72, 64, 21, 72, 19,
- 52, 56, 55, 62, 0, 61, 58, 72, 34, 58,
- 72, 0, 45, 51, 38, 39, 54, 17, 41, 33,
- 34, 39, 0, 30, 33, 36, 27, 25, 0, 17,
- 0, 21, 15, 0, 0, 72, 28, 40, 42, 45
- } ;
-
-static yyconst flex_int16_t yy_def[51] =
- { 0,
- 46, 1, 46, 47, 46, 46, 48, 49, 46, 47,
- 47, 47, 47, 46, 47, 46, 48, 46, 49, 50,
- 46, 47, 47, 47, 47, 47, 46, 47, 47, 47,
- 47, 47, 47, 47, 47, 47, 47, 47, 47, 47,
- 47, 47, 47, 47, 47, 0, 46, 46, 46, 46
- } ;
-
-static yyconst flex_int16_t yy_nxt[95] =
- { 0,
- 4, 5, 6, 7, 8, 9, 4, 10, 4, 4,
- 4, 4, 11, 4, 4, 4, 4, 4, 12, 4,
- 4, 13, 20, 21, 20, 22, 20, 32, 15, 45,
- 44, 33, 43, 42, 23, 20, 21, 20, 41, 20,
- 17, 17, 19, 19, 19, 20, 20, 20, 40, 39,
- 38, 37, 36, 35, 34, 27, 31, 30, 29, 28,
- 21, 18, 16, 27, 26, 25, 24, 18, 16, 46,
- 14, 3, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46
-
- } ;
-
-static yyconst flex_int16_t yy_chk[95] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 8, 8, 8, 10, 8, 28, 47, 43,
- 42, 28, 40, 38, 10, 19, 19, 19, 37, 19,
- 48, 48, 49, 49, 49, 50, 50, 50, 36, 35,
- 34, 32, 31, 30, 29, 27, 26, 25, 24, 23,
- 20, 17, 16, 14, 13, 12, 11, 7, 5, 3,
- 2, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46, 46, 46, 46, 46, 46, 46,
- 46, 46, 46, 46
-
- } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "parser.l"
-#line 2 "parser.l"
-/* FreeS/WAN config file parser (parser.l)
- * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: lex.yy.c,v 1.6 2007/01/14 18:37:25 as Exp $
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <glob.h>
-
-#include "parser.tab.h"
-
-#define MAX_INCLUDE_DEPTH 20
-
-#define YY_NO_UNPUT
-extern void yyerror(const char *);
-extern int yylex (void);
-
-static struct {
- int stack_ptr;
- YY_BUFFER_STATE stack[MAX_INCLUDE_DEPTH];
- FILE *file[MAX_INCLUDE_DEPTH];
- unsigned int line[MAX_INCLUDE_DEPTH];
- char *filename[MAX_INCLUDE_DEPTH];
-} __parser_y_private;
-
-void _parser_y_error(char *b, int size, const char *s);
-void _parser_y_init (const char *f);
-void _parser_y_fini (void);
-int _parser_y_include (const char *filename);
-
-void _parser_y_error(char *b, int size, const char *s)
-{
- extern char *yytext; // was: char yytext[];
-
- snprintf(b, size, "%s:%d: %s [%s]",
- __parser_y_private.filename[__parser_y_private.stack_ptr],
- __parser_y_private.line[__parser_y_private.stack_ptr],
- s, yytext);
-}
-
-void _parser_y_init (const char *f)
-{
- memset(&__parser_y_private, 0, sizeof(__parser_y_private));
- __parser_y_private.line[0] = 1;
- __parser_y_private.filename[0] = strdup(f);
-}
-
-void _parser_y_fini (void)
-{
- unsigned int i;
-
- for (i = 0; i < MAX_INCLUDE_DEPTH; i++)
- {
- if (__parser_y_private.filename[i])
- free(__parser_y_private.filename[i]);
- if (__parser_y_private.file[i])
- fclose(__parser_y_private.file[i]);
- }
- memset(&__parser_y_private, 0, sizeof(__parser_y_private));
-}
-
-int _parser_y_include (const char *filename)
-{
- glob_t files;
- int i, ret;
-
- ret = glob(filename, GLOB_ERR, NULL, &files);
- if (ret)
- {
- const char *err;
-
- switch (ret)
- {
- case GLOB_NOSPACE:
- err = "include files ran out of memory";
- break;
- case GLOB_ABORTED:
- err = "include files aborted due to read error";
- break;
- case GLOB_NOMATCH:
- err = "include files found no matches";
- break;
- default:
- err = "unknown include files error";
- }
- yyerror(err);
- return 1;
- }
-
- for (i = 0; i < files.gl_pathc; i++)
- {
- FILE *f;
- unsigned int p = __parser_y_private.stack_ptr + 1;
-
- if (p >= MAX_INCLUDE_DEPTH)
- {
- yyerror("max inclusion depth reached");
- return 1;
- }
-
- f = fopen(files.gl_pathv[i], "r");
- if (!f)
- {
- yyerror("can't open include filename");
- continue;
- }
-
- __parser_y_private.stack_ptr++;
- __parser_y_private.file[p] = f;
- __parser_y_private.stack[p] = YY_CURRENT_BUFFER;
- __parser_y_private.line[p] = 1;
- __parser_y_private.filename[p] = strdup(files.gl_pathv[i]);
-
- yy_switch_to_buffer(yy_create_buffer(f,YY_BUF_SIZE));
- }
- globfree(&files);
- return 0;
-}
-
-#line 618 "lex.yy.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
- static void yyunput (int c,char *buf_ptr );
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
- { \
- int c = '*'; \
- size_t n; \
- for ( n = 0; n < max_size && \
- (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else \
- { \
- errno=0; \
- while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
- { \
- if( errno != EINTR) \
- { \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- break; \
- } \
- errno=0; \
- clearerr(yyin); \
- } \
- }\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
- if ( yyleng > 0 ) \
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = \
- (yytext[yyleng - 1] == '\n'); \
- YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
-
-#line 134 "parser.l"
-
-
-#line 777 "lex.yy.c"
-
- if ( !(yy_init) )
- {
- (yy_init) = 1;
-
-#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! (yy_start) )
- (yy_start) = 1; /* first start state */
-
- if ( ! yyin )
- yyin = stdin;
-
- if ( ! yyout )
- yyout = stdout;
-
- if ( ! YY_CURRENT_BUFFER ) {
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
- }
-
- yy_load_buffer_state( );
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_cp = (yy_c_buf_p);
-
- /* Support of yytext. */
- *yy_cp = (yy_hold_char);
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = (yy_start);
- yy_current_state += YY_AT_BOL();
-yy_match:
- do
- {
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 47 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_base[yy_current_state] != 72 );
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
- if ( yy_act == 0 )
- { /* have to back up */
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
- yy_act = yy_accept[yy_current_state];
- }
-
- YY_DO_BEFORE_ACTION;
-
-do_action: /* This label is used only to access EOF actions. */
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = (yy_hold_char);
- yy_cp = (yy_last_accepting_cpos);
- yy_current_state = (yy_last_accepting_state);
- goto yy_find_action;
-
-case YY_STATE_EOF(INITIAL):
-#line 136 "parser.l"
-{
- if (__parser_y_private.filename[__parser_y_private.stack_ptr]) {
- free(__parser_y_private.filename[__parser_y_private.stack_ptr]);
- __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL;
- }
- if (__parser_y_private.file[__parser_y_private.stack_ptr]) {
- fclose(__parser_y_private.file[__parser_y_private.stack_ptr]);
- __parser_y_private.file[__parser_y_private.stack_ptr] = NULL;
- yy_delete_buffer (YY_CURRENT_BUFFER);
- yy_switch_to_buffer
- (__parser_y_private.stack[__parser_y_private.stack_ptr]);
- }
- if (--__parser_y_private.stack_ptr < 0) {
- yyterminate();
- }
-}
- YY_BREAK
-case 1:
-YY_RULE_SETUP
-#line 153 "parser.l"
-return FIRST_SPACES;
- YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 155 "parser.l"
-/* ignore spaces in line */ ;
- YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 157 "parser.l"
-return EQUAL;
- YY_BREAK
-case 4:
-/* rule 4 can match eol */
-YY_RULE_SETUP
-#line 159 "parser.l"
-{
- __parser_y_private.line[__parser_y_private.stack_ptr]++;
- return EOL;
- }
- YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 164 "parser.l"
-return CONFIG;
- YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 165 "parser.l"
-return SETUP;
- YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 166 "parser.l"
-return CONN;
- YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 167 "parser.l"
-return CA;
- YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 168 "parser.l"
-return INCLUDE;
- YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 169 "parser.l"
-return VERSION;
- YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 171 "parser.l"
-{
- yylval.s = strdup(yytext);
- return STRING;
- }
- YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 176 "parser.l"
-{
- yylval.s = strdup(yytext+1);
- if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0';
- return STRING;
- }
- YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 182 "parser.l"
-yyerror(yytext);
- YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 184 "parser.l"
-ECHO;
- YY_BREAK
-#line 961 "lex.yy.c"
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = (yy_hold_char);
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed yyin at a new source and called
- * yylex(). If so, then we have to assure
- * consistency between YY_CURRENT_BUFFER and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state( );
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++(yy_c_buf_p);
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = (yy_c_buf_p);
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer( ) )
- {
- case EOB_ACT_END_OF_FILE:
- {
- (yy_did_buffer_switch_on_eof) = 0;
-
- if ( yywrap( ) )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * yytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! (yy_did_buffer_switch_on_eof) )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) =
- (yytext_ptr) + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state( );
-
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- (yy_c_buf_p) =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
- yy_current_state = yy_get_previous_state( );
-
- yy_cp = (yy_c_buf_p);
- yy_bp = (yytext_ptr) + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
- register char *source = (yytext_ptr);
- register int number_to_move, i;
- int ret_val;
-
- if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
- else
- {
- int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
-
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
- int yy_c_buf_p_offset =
- (int) ((yy_c_buf_p) - b->yy_ch_buf);
-
- if ( b->yy_is_our_buffer )
- {
- int new_size = b->yy_buf_size * 2;
-
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
-
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
-
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
-
- (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
- num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
- number_to_move - 1;
-
- }
-
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
-
- /* Read in more data. */
- YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
- (yy_n_chars), num_to_read );
-
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- if ( (yy_n_chars) == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- yyrestart(yyin );
- }
-
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
-
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
-
- (yy_n_chars) += number_to_move;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
- (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
- return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
- static yy_state_type yy_get_previous_state (void)
-{
- register yy_state_type yy_current_state;
- register char *yy_cp;
-
- yy_current_state = (yy_start);
- yy_current_state += YY_AT_BOL();
-
- for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
- {
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 47 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- * next_state = yy_try_NUL_trans( current_state );
- */
- static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
-{
- register int yy_is_jam;
- register char *yy_cp = (yy_c_buf_p);
-
- register YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- (yy_last_accepting_state) = yy_current_state;
- (yy_last_accepting_cpos) = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 47 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 46);
-
- return yy_is_jam ? 0 : yy_current_state;
-}
-
- static void yyunput (int c, register char * yy_bp )
-{
- register char *yy_cp;
-
- yy_cp = (yy_c_buf_p);
-
- /* undo effects of setting up yytext */
- *yy_cp = (yy_hold_char);
-
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = (yy_n_chars) + 2;
- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
- register char *source =
- &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
- while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
- *--dest = *--source;
-
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
- if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
-
- *--yy_cp = (char) c;
-
- (yytext_ptr) = yy_bp;
- (yy_hold_char) = *yy_cp;
- (yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
- static int yyinput (void)
-#else
- static int input (void)
-#endif
-
-{
- int c;
-
- *(yy_c_buf_p) = (yy_hold_char);
-
- if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
- /* This was really a NUL. */
- *(yy_c_buf_p) = '\0';
-
- else
- { /* need more input */
- int offset = (yy_c_buf_p) - (yytext_ptr);
- ++(yy_c_buf_p);
-
- switch ( yy_get_next_buffer( ) )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- yyrestart(yyin );
-
- /*FALLTHROUGH*/
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( yywrap( ) )
- return EOF;
-
- if ( ! (yy_did_buffer_switch_on_eof) )
- YY_NEW_FILE;
-#ifdef __cplusplus
- return yyinput();
-#else
- return input();
-#endif
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- (yy_c_buf_p) = (yytext_ptr) + offset;
- break;
- }
- }
- }
-
- c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
- *(yy_c_buf_p) = '\0'; /* preserve yytext */
- (yy_hold_char) = *++(yy_c_buf_p);
-
- YY_CURRENT_BUFFER_LVALUE->yy_at_bol = (c == '\n');
-
- return c;
-}
-#endif /* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
- void yyrestart (FILE * input_file )
-{
-
- if ( ! YY_CURRENT_BUFFER ){
- yyensure_buffer_stack ();
- YY_CURRENT_BUFFER_LVALUE =
- yy_create_buffer(yyin,YY_BUF_SIZE );
- }
-
- yy_init_buffer(YY_CURRENT_BUFFER,input_file );
- yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
- void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
-{
-
- /* TODO. We should be able to replace this entire function body
- * with
- * yypop_buffer_state();
- * yypush_buffer_state(new_buffer);
- */
- yyensure_buffer_stack ();
- if ( YY_CURRENT_BUFFER == new_buffer )
- return;
-
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
- yy_load_buffer_state( );
-
- /* We don't actually know whether we did this switch during
- * EOF (yywrap()) processing, but the only time this flag
- * is looked at is after yywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state (void)
-{
- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
- (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
- yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
- (yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
- YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
-{
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_buf_size = size;
-
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_is_our_buffer = 1;
-
- yy_init_buffer(b,file );
-
- return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- *
- */
- void yy_delete_buffer (YY_BUFFER_STATE b )
-{
-
- if ( ! b )
- return;
-
- if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
- YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
- if ( b->yy_is_our_buffer )
- yyfree((void *) b->yy_ch_buf );
-
- yyfree((void *) b );
-}
-
-#ifndef _UNISTD_H /* assume unistd.h has isatty() for us */
-#ifdef __cplusplus
-extern "C" {
-#endif
-#ifdef __THROW /* this is a gnuism */
-extern int isatty (int ) __THROW;
-#else
-extern int isatty (int );
-#endif
-#ifdef __cplusplus
-}
-#endif
-#endif
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
- static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
-
-{
- int oerrno = errno;
-
- yy_flush_buffer(b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
-
- /* If b is the current buffer, then yy_init_buffer was _probably_
- * called from yyrestart() or through yy_get_next_buffer.
- * In that case, we don't want to reset the lineno or column.
- */
- if (b != YY_CURRENT_BUFFER){
- b->yy_bs_lineno = 1;
- b->yy_bs_column = 0;
- }
-
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-
- errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
- void yy_flush_buffer (YY_BUFFER_STATE b )
-{
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
-
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
- b->yy_buf_pos = &b->yy_ch_buf[0];
-
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- if ( b == YY_CURRENT_BUFFER )
- yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- * the current state. This function will allocate the stack
- * if necessary.
- * @param new_buffer The new state.
- *
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
- if (new_buffer == NULL)
- return;
-
- yyensure_buffer_stack();
-
- /* This block is copied from yy_switch_to_buffer. */
- if ( YY_CURRENT_BUFFER )
- {
- /* Flush out information for old buffer. */
- *(yy_c_buf_p) = (yy_hold_char);
- YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
- YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
- }
-
- /* Only push if top exists. Otherwise, replace top. */
- if (YY_CURRENT_BUFFER)
- (yy_buffer_stack_top)++;
- YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
- /* copied from yy_switch_to_buffer. */
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- * The next element becomes the new top.
- *
- */
-void yypop_buffer_state (void)
-{
- if (!YY_CURRENT_BUFFER)
- return;
-
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- if ((yy_buffer_stack_top) > 0)
- --(yy_buffer_stack_top);
-
- if (YY_CURRENT_BUFFER) {
- yy_load_buffer_state( );
- (yy_did_buffer_switch_on_eof) = 1;
- }
-}
-
-/* Allocates the stack if it does not exist.
- * Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
- int num_to_alloc;
-
- if (!(yy_buffer_stack)) {
-
- /* First allocation is just for 2 elements, since we don't know if this
- * scanner will even need a stack. We use 2 instead of 1 to avoid an
- * immediate realloc on the next call.
- */
- num_to_alloc = 1;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
- (num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
- (yy_buffer_stack_max) = num_to_alloc;
- (yy_buffer_stack_top) = 0;
- return;
- }
-
- if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
- /* Increase the buffer to prepare for a possible push. */
- int grow_size = 8 /* arbitrary grow size */;
-
- num_to_alloc = (yy_buffer_stack_max) + grow_size;
- (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
- ((yy_buffer_stack),
- num_to_alloc * sizeof(struct yy_buffer_state*)
- );
-
- /* zero only the new slots.*/
- memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
- (yy_buffer_stack_max) = num_to_alloc;
- }
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
-{
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- yy_switch_to_buffer(b );
-
- return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- * yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-
- return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
-{
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- int i;
-
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = _yybytes_len + 2;
- buf = (char *) yyalloc(n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
- for ( i = 0; i < _yybytes_len; ++i )
- buf[i] = yybytes[i];
-
- buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
- b = yy_scan_buffer(buf,n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
-
- return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- int yyless_macro_arg = (n); \
- YY_LESS_LINENO(yyless_macro_arg);\
- yytext[yyleng] = (yy_hold_char); \
- (yy_c_buf_p) = yytext + yyless_macro_arg; \
- (yy_hold_char) = *(yy_c_buf_p); \
- *(yy_c_buf_p) = '\0'; \
- yyleng = yyless_macro_arg; \
- } \
- while ( 0 )
-
-/* Accessor methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- *
- */
-int yyget_lineno (void)
-{
-
- return yylineno;
-}
-
-/** Get the input stream.
- *
- */
-FILE *yyget_in (void)
-{
- return yyin;
-}
-
-/** Get the output stream.
- *
- */
-FILE *yyget_out (void)
-{
- return yyout;
-}
-
-/** Get the length of the current token.
- *
- */
-int yyget_leng (void)
-{
- return yyleng;
-}
-
-/** Get the current token.
- *
- */
-
-char *yyget_text (void)
-{
- return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- *
- */
-void yyset_lineno (int line_number )
-{
-
- yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE * in_str )
-{
- yyin = in_str ;
-}
-
-void yyset_out (FILE * out_str )
-{
- yyout = out_str ;
-}
-
-int yyget_debug (void)
-{
- return yy_flex_debug;
-}
-
-void yyset_debug (int bdebug )
-{
- yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
- /* Initialization is the same as for the non-reentrant scanner.
- * This function is called from yylex_destroy(), so don't allocate here.
- */
-
- (yy_buffer_stack) = 0;
- (yy_buffer_stack_top) = 0;
- (yy_buffer_stack_max) = 0;
- (yy_c_buf_p) = (char *) 0;
- (yy_init) = 0;
- (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
- yyin = stdin;
- yyout = stdout;
-#else
- yyin = (FILE *) 0;
- yyout = (FILE *) 0;
-#endif
-
- /* For future reference: Set errno on error, since we are called by
- * yylex_init()
- */
- return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy (void)
-{
-
- /* Pop the buffer stack, destroying each element. */
- while(YY_CURRENT_BUFFER){
- yy_delete_buffer(YY_CURRENT_BUFFER );
- YY_CURRENT_BUFFER_LVALUE = NULL;
- yypop_buffer_state();
- }
-
- /* Destroy the stack itself. */
- yyfree((yy_buffer_stack) );
- (yy_buffer_stack) = NULL;
-
- /* Reset the globals. This is important in a non-reentrant scanner so the next time
- * yylex() is called, initialization will occur. */
- yy_init_globals( );
-
- return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
- register int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
- register int n;
- for ( n = 0; s[n]; ++n )
- ;
-
- return n;
-}
-#endif
-
-void *yyalloc (yy_size_t size )
-{
- return (void *) malloc( size );
-}
-
-void *yyrealloc (void * ptr, yy_size_t size )
-{
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
- free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 184 "parser.l"
-
-
-
-int yywrap(void)
-{
- return 1;
-}
-
-
diff --git a/programs/starter/netkey.c b/programs/starter/netkey.c
deleted file mode 100644
index d0b8e0a2c..000000000
--- a/programs/starter/netkey.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* strongSwan netkey starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: netkey.c,v 1.4 2006/02/15 18:33:57 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "files.h"
-
-bool
-starter_netkey_init(void)
-{
- struct stat stb;
-
- if (stat(PROC_NETKEY, &stb) != 0)
- {
- /* af_key module makes the netkey proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- system("modprobe -qv af_key");
- }
-
- /* now test again */
- if (stat(PROC_NETKEY, &stb) != 0)
- {
- DBG(DBG_CONTROL,
- DBG_log("kernel appears to lack the native netkey IPsec stack")
- )
- return FALSE;
- }
- }
-
- /* make sure that all required IPsec modules are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- system("modprobe -qv ah4");
- system("modprobe -qv esp4");
- system("modprobe -qv ipcomp");
- system("modprobe -qv xfrm4_tunnel");
- system("modprobe -qv xfrm_user");
- }
-
- DBG(DBG_CONTROL,
- DBG_log("Found netkey IPsec stack")
- )
- return TRUE;
-}
-
-void
-starter_netkey_cleanup(void)
-{
- if (system("ip xfrm state > /dev/null 2>&1") == 0)
- {
- system("ip xfrm state flush");
- system("ip xfrm policy flush");
- }
- else if (system("type setkey > /dev/null 2>&1") == 0)
- {
- system("setkey -F");
- system("setkey -FP");
- }
- else
- {
- plog("WARNING: cannot flush IPsec state/policy database");
- }
-}
diff --git a/programs/starter/netkey.h b/programs/starter/netkey.h
deleted file mode 100644
index ff8989d34..000000000
--- a/programs/starter/netkey.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/* strongSwan netkey initialization and cleanup
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: netkey.h,v 1.1 2005/12/30 19:03:15 as Exp $
- */
-
-#ifndef _STARTER_NETKEY_H_
-#define _STARTER_NETKEY_H_
-
-extern bool starter_netkey_init (void);
-extern void starter_netkey_cleanup (void);
-
-#endif /* _STARTER_NETKEY_H_ */
-
diff --git a/programs/starter/parser.h b/programs/starter/parser.h
deleted file mode 100644
index 61bdea974..000000000
--- a/programs/starter/parser.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* strongSwan config file parser
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: parser.h,v 1.5 2006/01/17 23:43:36 as Exp $
- */
-
-#ifndef _IPSEC_PARSER_H_
-#define _IPSEC_PARSER_H_
-
-#include "keywords.h"
-
-typedef struct kw_entry kw_entry_t;
-
-struct kw_entry {
- char *name;
- kw_token_t token;
-};
-
-typedef struct kw_list kw_list_t;
-
-struct kw_list {
- kw_entry_t *entry;
- char *value;
- kw_list_t *next;
-};
-
-typedef struct section_list section_list_t;
-
-struct section_list {
- char *name;
- kw_list_t *kw;
- section_list_t *next;
-};
-
-typedef struct config_parsed config_parsed_t;
-
-struct config_parsed {
- kw_list_t *config_setup;
- section_list_t *conn_first, *conn_last;
- section_list_t *ca_first, *ca_last;
-};
-
-config_parsed_t *parser_load_conf (const char *file);
-void parser_free_conf (config_parsed_t *cfg);
-
-#endif /* _IPSEC_PARSER_H_ */
-
diff --git a/programs/starter/parser.l b/programs/starter/parser.l
deleted file mode 100644
index 8d1cc4c31..000000000
--- a/programs/starter/parser.l
+++ /dev/null
@@ -1,190 +0,0 @@
-%{
-/* FreeS/WAN config file parser (parser.l)
- * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: parser.l,v 1.5 2006/03/28 22:32:33 as Exp $
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <glob.h>
-
-#include "parser.tab.h"
-
-#define MAX_INCLUDE_DEPTH 20
-
-#define YY_NO_UNPUT
-extern void yyerror(const char *);
-extern int yylex (void);
-
-static struct {
- int stack_ptr;
- YY_BUFFER_STATE stack[MAX_INCLUDE_DEPTH];
- FILE *file[MAX_INCLUDE_DEPTH];
- unsigned int line[MAX_INCLUDE_DEPTH];
- char *filename[MAX_INCLUDE_DEPTH];
-} __parser_y_private;
-
-void _parser_y_error(char *b, int size, const char *s);
-void _parser_y_init (const char *f);
-void _parser_y_fini (void);
-int _parser_y_include (const char *filename);
-
-void _parser_y_error(char *b, int size, const char *s)
-{
- extern char *yytext; // was: char yytext[];
-
- snprintf(b, size, "%s:%d: %s [%s]",
- __parser_y_private.filename[__parser_y_private.stack_ptr],
- __parser_y_private.line[__parser_y_private.stack_ptr],
- s, yytext);
-}
-
-void _parser_y_init (const char *f)
-{
- memset(&__parser_y_private, 0, sizeof(__parser_y_private));
- __parser_y_private.line[0] = 1;
- __parser_y_private.filename[0] = strdup(f);
-}
-
-void _parser_y_fini (void)
-{
- unsigned int i;
-
- for (i = 0; i < MAX_INCLUDE_DEPTH; i++)
- {
- if (__parser_y_private.filename[i])
- free(__parser_y_private.filename[i]);
- if (__parser_y_private.file[i])
- fclose(__parser_y_private.file[i]);
- }
- memset(&__parser_y_private, 0, sizeof(__parser_y_private));
-}
-
-int _parser_y_include (const char *filename)
-{
- glob_t files;
- int i, ret;
-
- ret = glob(filename, GLOB_ERR, NULL, &files);
- if (ret)
- {
- const char *err;
-
- switch (ret)
- {
- case GLOB_NOSPACE:
- err = "include files ran out of memory";
- break;
- case GLOB_ABORTED:
- err = "include files aborted due to read error";
- break;
- case GLOB_NOMATCH:
- err = "include files found no matches";
- break;
- default:
- err = "unknown include files error";
- }
- yyerror(err);
- return 1;
- }
-
- for (i = 0; i < files.gl_pathc; i++)
- {
- FILE *f;
- unsigned int p = __parser_y_private.stack_ptr + 1;
-
- if (p >= MAX_INCLUDE_DEPTH)
- {
- yyerror("max inclusion depth reached");
- return 1;
- }
-
- f = fopen(files.gl_pathv[i], "r");
- if (!f)
- {
- yyerror("can't open include filename");
- continue;
- }
-
- __parser_y_private.stack_ptr++;
- __parser_y_private.file[p] = f;
- __parser_y_private.stack[p] = YY_CURRENT_BUFFER;
- __parser_y_private.line[p] = 1;
- __parser_y_private.filename[p] = strdup(files.gl_pathv[i]);
-
- yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE));
- }
- globfree(&files);
- return 0;
-}
-
-%}
-
-%%
-
-<<EOF>> {
- if (__parser_y_private.filename[__parser_y_private.stack_ptr]) {
- free(__parser_y_private.filename[__parser_y_private.stack_ptr]);
- __parser_y_private.filename[__parser_y_private.stack_ptr] = NULL;
- }
- if (__parser_y_private.file[__parser_y_private.stack_ptr]) {
- fclose(__parser_y_private.file[__parser_y_private.stack_ptr]);
- __parser_y_private.file[__parser_y_private.stack_ptr] = NULL;
- yy_delete_buffer (YY_CURRENT_BUFFER);
- yy_switch_to_buffer
- (__parser_y_private.stack[__parser_y_private.stack_ptr]);
- }
- if (--__parser_y_private.stack_ptr < 0) {
- yyterminate();
- }
-}
-
-^[\t ]+ return FIRST_SPACES;
-
-[\t ]+ /* ignore spaces in line */ ;
-
-= return EQUAL;
-
-\n|#.*\n {
- __parser_y_private.line[__parser_y_private.stack_ptr]++;
- return EOL;
- }
-
-config return CONFIG;
-setup return SETUP;
-conn return CONN;
-ca return CA;
-include return INCLUDE;
-version return VERSION;
-
-[^\"= \t\n]+ {
- yylval.s = strdup(yytext);
- return STRING;
- }
-
-\"[^\"\n]*\" {
- yylval.s = strdup(yytext+1);
- if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0';
- return STRING;
- }
-
-. yyerror(yytext);
-
-%%
-
-int yywrap(void)
-{
- return 1;
-}
-
diff --git a/programs/starter/parser.output b/programs/starter/parser.output
deleted file mode 100644
index ddb01e89a..000000000
--- a/programs/starter/parser.output
+++ /dev/null
@@ -1,351 +0,0 @@
-Grammar
-
- 0 $accept: config_file $end
-
- 1 config_file: config_file section_or_include
- 2 | /* empty */
-
- 3 section_or_include: VERSION STRING EOL
-
- 4 @1: /* empty */
-
- 5 section_or_include: CONFIG SETUP EOL @1 kw_section
-
- 6 @2: /* empty */
-
- 7 section_or_include: CONN STRING EOL @2 kw_section
-
- 8 @3: /* empty */
-
- 9 section_or_include: CA STRING EOL @3 kw_section
-
- 10 @4: /* empty */
-
- 11 section_or_include: INCLUDE STRING @4 EOL
- 12 | EOL
-
- 13 kw_section: FIRST_SPACES statement_kw EOL kw_section
- 14 | /* empty */
-
- 15 statement_kw: STRING EQUAL STRING
- 16 | STRING EQUAL
- 17 | /* empty */
-
-
-Terminals, with rules where they appear
-
-$end (0) 0
-error (256)
-EQUAL (258) 15 16
-FIRST_SPACES (259) 13
-EOL (260) 3 5 7 9 11 12 13
-CONFIG (261) 5
-SETUP (262) 5
-CONN (263) 7
-CA (264) 9
-INCLUDE (265) 11
-VERSION (266) 3
-STRING (267) 3 7 9 11 15 16
-
-
-Nonterminals, with rules where they appear
-
-$accept (13)
- on left: 0
-config_file (14)
- on left: 1 2, on right: 0 1
-section_or_include (15)
- on left: 3 5 7 9 11 12, on right: 1
-@1 (16)
- on left: 4, on right: 5
-@2 (17)
- on left: 6, on right: 7
-@3 (18)
- on left: 8, on right: 9
-@4 (19)
- on left: 10, on right: 11
-kw_section (20)
- on left: 13 14, on right: 5 7 9 13
-statement_kw (21)
- on left: 15 16 17, on right: 13
-
-
-state 0
-
- 0 $accept: . config_file $end
-
- $default reduce using rule 2 (config_file)
-
- config_file go to state 1
-
-
-state 1
-
- 0 $accept: config_file . $end
- 1 config_file: config_file . section_or_include
-
- $end shift, and go to state 2
- EOL shift, and go to state 3
- CONFIG shift, and go to state 4
- CONN shift, and go to state 5
- CA shift, and go to state 6
- INCLUDE shift, and go to state 7
- VERSION shift, and go to state 8
-
- section_or_include go to state 9
-
-
-state 2
-
- 0 $accept: config_file $end .
-
- $default accept
-
-
-state 3
-
- 12 section_or_include: EOL .
-
- $default reduce using rule 12 (section_or_include)
-
-
-state 4
-
- 5 section_or_include: CONFIG . SETUP EOL @1 kw_section
-
- SETUP shift, and go to state 10
-
-
-state 5
-
- 7 section_or_include: CONN . STRING EOL @2 kw_section
-
- STRING shift, and go to state 11
-
-
-state 6
-
- 9 section_or_include: CA . STRING EOL @3 kw_section
-
- STRING shift, and go to state 12
-
-
-state 7
-
- 11 section_or_include: INCLUDE . STRING @4 EOL
-
- STRING shift, and go to state 13
-
-
-state 8
-
- 3 section_or_include: VERSION . STRING EOL
-
- STRING shift, and go to state 14
-
-
-state 9
-
- 1 config_file: config_file section_or_include .
-
- $default reduce using rule 1 (config_file)
-
-
-state 10
-
- 5 section_or_include: CONFIG SETUP . EOL @1 kw_section
-
- EOL shift, and go to state 15
-
-
-state 11
-
- 7 section_or_include: CONN STRING . EOL @2 kw_section
-
- EOL shift, and go to state 16
-
-
-state 12
-
- 9 section_or_include: CA STRING . EOL @3 kw_section
-
- EOL shift, and go to state 17
-
-
-state 13
-
- 11 section_or_include: INCLUDE STRING . @4 EOL
-
- $default reduce using rule 10 (@4)
-
- @4 go to state 18
-
-
-state 14
-
- 3 section_or_include: VERSION STRING . EOL
-
- EOL shift, and go to state 19
-
-
-state 15
-
- 5 section_or_include: CONFIG SETUP EOL . @1 kw_section
-
- $default reduce using rule 4 (@1)
-
- @1 go to state 20
-
-
-state 16
-
- 7 section_or_include: CONN STRING EOL . @2 kw_section
-
- $default reduce using rule 6 (@2)
-
- @2 go to state 21
-
-
-state 17
-
- 9 section_or_include: CA STRING EOL . @3 kw_section
-
- $default reduce using rule 8 (@3)
-
- @3 go to state 22
-
-
-state 18
-
- 11 section_or_include: INCLUDE STRING @4 . EOL
-
- EOL shift, and go to state 23
-
-
-state 19
-
- 3 section_or_include: VERSION STRING EOL .
-
- $default reduce using rule 3 (section_or_include)
-
-
-state 20
-
- 5 section_or_include: CONFIG SETUP EOL @1 . kw_section
-
- FIRST_SPACES shift, and go to state 24
-
- $default reduce using rule 14 (kw_section)
-
- kw_section go to state 25
-
-
-state 21
-
- 7 section_or_include: CONN STRING EOL @2 . kw_section
-
- FIRST_SPACES shift, and go to state 24
-
- $default reduce using rule 14 (kw_section)
-
- kw_section go to state 26
-
-
-state 22
-
- 9 section_or_include: CA STRING EOL @3 . kw_section
-
- FIRST_SPACES shift, and go to state 24
-
- $default reduce using rule 14 (kw_section)
-
- kw_section go to state 27
-
-
-state 23
-
- 11 section_or_include: INCLUDE STRING @4 EOL .
-
- $default reduce using rule 11 (section_or_include)
-
-
-state 24
-
- 13 kw_section: FIRST_SPACES . statement_kw EOL kw_section
-
- STRING shift, and go to state 28
-
- $default reduce using rule 17 (statement_kw)
-
- statement_kw go to state 29
-
-
-state 25
-
- 5 section_or_include: CONFIG SETUP EOL @1 kw_section .
-
- $default reduce using rule 5 (section_or_include)
-
-
-state 26
-
- 7 section_or_include: CONN STRING EOL @2 kw_section .
-
- $default reduce using rule 7 (section_or_include)
-
-
-state 27
-
- 9 section_or_include: CA STRING EOL @3 kw_section .
-
- $default reduce using rule 9 (section_or_include)
-
-
-state 28
-
- 15 statement_kw: STRING . EQUAL STRING
- 16 | STRING . EQUAL
-
- EQUAL shift, and go to state 30
-
-
-state 29
-
- 13 kw_section: FIRST_SPACES statement_kw . EOL kw_section
-
- EOL shift, and go to state 31
-
-
-state 30
-
- 15 statement_kw: STRING EQUAL . STRING
- 16 | STRING EQUAL .
-
- STRING shift, and go to state 32
-
- $default reduce using rule 16 (statement_kw)
-
-
-state 31
-
- 13 kw_section: FIRST_SPACES statement_kw EOL . kw_section
-
- FIRST_SPACES shift, and go to state 24
-
- $default reduce using rule 14 (kw_section)
-
- kw_section go to state 33
-
-
-state 32
-
- 15 statement_kw: STRING EQUAL STRING .
-
- $default reduce using rule 15 (statement_kw)
-
-
-state 33
-
- 13 kw_section: FIRST_SPACES statement_kw EOL kw_section .
-
- $default reduce using rule 13 (kw_section)
diff --git a/programs/starter/parser.tab.c b/programs/starter/parser.tab.c
deleted file mode 100644
index 6e0061f89..000000000
--- a/programs/starter/parser.tab.c
+++ /dev/null
@@ -1,1832 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.2. */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
- Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
-
-/* As a special exception, you may create a larger work that contains
- part or all of the Bison parser skeleton and distribute that work
- under terms of your choice, so long as that work isn't itself a
- parser generator using the skeleton or a modified version thereof
- as a parser skeleton. Alternatively, if you modify or redistribute
- the parser skeleton itself, you may (at your option) remove this
- special exception, which will cause the skeleton and the resulting
- Bison output files to be licensed under the GNU General Public
- License without this special exception.
-
- This special exception was added by the Free Software Foundation in
- version 2.2 of Bison. */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
- simplifying the original so-called "semantic" parser. */
-
-/* All symbols defined below should begin with yy or YY, to avoid
- infringing on user name space. This should be done even for local
- variables, as they might otherwise be expanded by user macros.
- There are some unavoidable exceptions within include files to
- define necessary library symbols; they are noted "INFRINGES ON
- USER NAME SPACE" below. */
-
-/* Identify Bison output. */
-#define YYBISON 1
-
-/* Bison version. */
-#define YYBISON_VERSION "2.2"
-
-/* Skeleton name. */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers. */
-#define YYPURE 0
-
-/* Using locations. */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens. */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
- /* Put the tokens into the symbol table, so that GDB and other debuggers
- know about them. */
- enum yytokentype {
- EQUAL = 258,
- FIRST_SPACES = 259,
- EOL = 260,
- CONFIG = 261,
- SETUP = 262,
- CONN = 263,
- CA = 264,
- INCLUDE = 265,
- VERSION = 266,
- STRING = 267
- };
-#endif
-/* Tokens. */
-#define EQUAL 258
-#define FIRST_SPACES 259
-#define EOL 260
-#define CONFIG 261
-#define SETUP 262
-#define CONN 263
-#define CA 264
-#define INCLUDE 265
-#define VERSION 266
-#define STRING 267
-
-
-
-
-/* Copy the first part of user declarations. */
-#line 1 "parser.y"
-
-/* strongSwan config file parser (parser.y)
- * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: parser.tab.c,v 1.7 2007/01/14 18:37:25 as Exp $
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-#include "parser.h"
-
-#define YYERROR_VERBOSE
-#define ERRSTRING_LEN 256
-
-/**
- * Bison
- */
-static char parser_errstring[ERRSTRING_LEN+1];
-
-extern void yyerror(const char *s);
-extern int yylex (void);
-extern void _parser_y_error(char *b, int size, const char *s);
-
-/**
- * Static Globals
- */
-static int _save_errors_;
-static config_parsed_t *_parser_cfg;
-static kw_list_t **_parser_kw, *_parser_kw_last;
-static char errbuf[ERRSTRING_LEN+1];
-
-/**
- * Gperf
- */
-extern kw_entry_t *in_word_set (char *str, unsigned int len);
-
-
-
-/* Enabling traces. */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages. */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table. */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 56 "parser.y"
-{ char *s; }
-/* Line 193 of yacc.c. */
-#line 177 "parser.tab.c"
- YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations. */
-
-
-/* Line 216 of yacc.c. */
-#line 190 "parser.tab.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-# define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-# define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-# define YYSIZE_T size_t
-# else
-# define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if YYENABLE_NLS
-# if ENABLE_NLS
-# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-# define YY_(msgid) dgettext ("bison-runtime", msgid)
-# endif
-# endif
-# ifndef YY_
-# define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E. */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions. */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
- int i;
-#endif
-{
- return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols. */
-
-# ifdef YYSTACK_USE_ALLOCA
-# if YYSTACK_USE_ALLOCA
-# ifdef __GNUC__
-# define YYSTACK_ALLOC __builtin_alloca
-# elif defined __BUILTIN_VA_ARG_INCR
-# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-# elif defined _AIX
-# define YYSTACK_ALLOC __alloca
-# elif defined _MSC_VER
-# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-# define alloca _alloca
-# else
-# define YYSTACK_ALLOC alloca
-# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-# ifndef _STDLIB_H
-# define _STDLIB_H 1
-# endif
-# endif
-# endif
-# endif
-# endif
-
-# ifdef YYSTACK_ALLOC
- /* Pacify GCC's `empty if-body' warning. */
-# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-# ifndef YYSTACK_ALLOC_MAXIMUM
- /* The OS might guarantee only one guard page at the bottom of the stack,
- and a page size can be as small as 4096 bytes. So we cannot safely
- invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
- to allow for a few compiler-allocated temporary stack slots. */
-# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-# endif
-# else
-# define YYSTACK_ALLOC YYMALLOC
-# define YYSTACK_FREE YYFREE
-# ifndef YYSTACK_ALLOC_MAXIMUM
-# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-# endif
-# if (defined __cplusplus && ! defined _STDLIB_H \
- && ! ((defined YYMALLOC || defined malloc) \
- && (defined YYFREE || defined free)))
-# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-# ifndef _STDLIB_H
-# define _STDLIB_H 1
-# endif
-# endif
-# ifndef YYMALLOC
-# define YYMALLOC malloc
-# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-# endif
-# endif
-# ifndef YYFREE
-# define YYFREE free
-# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-# endif
-# endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
- && (! defined __cplusplus \
- || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member. */
-union yyalloc
-{
- yytype_int16 yyss;
- YYSTYPE yyvs;
- };
-
-/* The size of the maximum gap between one aligned stack and the next. */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
- N elements. */
-# define YYSTACK_BYTES(N) \
- ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
- + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO. The source and destination do
- not overlap. */
-# ifndef YYCOPY
-# if defined __GNUC__ && 1 < __GNUC__
-# define YYCOPY(To, From, Count) \
- __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-# else
-# define YYCOPY(To, From, Count) \
- do \
- { \
- YYSIZE_T yyi; \
- for (yyi = 0; yyi < (Count); yyi++) \
- (To)[yyi] = (From)[yyi]; \
- } \
- while (YYID (0))
-# endif
-# endif
-
-/* Relocate STACK from its old location to the new one. The
- local variables YYSIZE and YYSTACKSIZE give the old and new number of
- elements in the stack, and YYPTR gives the new location of the
- stack. Advance YYPTR to a properly aligned location for the next
- stack. */
-# define YYSTACK_RELOCATE(Stack) \
- do \
- { \
- YYSIZE_T yynewbytes; \
- YYCOPY (&yyptr->Stack, Stack, yysize); \
- Stack = &yyptr->Stack; \
- yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
- yyptr += yynewbytes / sizeof (*yyptr); \
- } \
- while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state. */
-#define YYFINAL 2
-/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 27
-
-/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS 13
-/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 9
-/* YYNRULES -- Number of rules. */
-#define YYNRULES 18
-/* YYNRULES -- Number of states. */
-#define YYNSTATES 34
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
-#define YYUNDEFTOK 2
-#define YYMAXUTOK 267
-
-#define YYTRANSLATE(YYX) \
- ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
-static const yytype_uint8 yytranslate[] =
-{
- 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
- 5, 6, 7, 8, 9, 10, 11, 12
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
- YYRHS. */
-static const yytype_uint8 yyprhs[] =
-{
- 0, 0, 3, 6, 7, 11, 12, 18, 19, 25,
- 26, 32, 33, 38, 40, 45, 46, 50, 53
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS. */
-static const yytype_int8 yyrhs[] =
-{
- 14, 0, -1, 14, 15, -1, -1, 11, 12, 5,
- -1, -1, 6, 7, 5, 16, 20, -1, -1, 8,
- 12, 5, 17, 20, -1, -1, 9, 12, 5, 18,
- 20, -1, -1, 10, 12, 19, 5, -1, 5, -1,
- 4, 21, 5, 20, -1, -1, 12, 3, 12, -1,
- 12, 3, -1, -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
-static const yytype_uint8 yyrline[] =
-{
- 0, 67, 67, 68, 72, 77, 76, 82, 81, 99,
- 98, 115, 114, 120, 124, 125, 129, 154, 158
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
- First, the terminals, then, starting at YYNTOKENS, nonterminals. */
-static const char *const yytname[] =
-{
- "$end", "error", "$undefined", "EQUAL", "FIRST_SPACES", "EOL", "CONFIG",
- "SETUP", "CONN", "CA", "INCLUDE", "VERSION", "STRING", "$accept",
- "config_file", "section_or_include", "@1", "@2", "@3", "@4",
- "kw_section", "statement_kw", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
- token YYLEX-NUM. */
-static const yytype_uint16 yytoknum[] =
-{
- 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
- 265, 266, 267
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
-static const yytype_uint8 yyr1[] =
-{
- 0, 13, 14, 14, 15, 16, 15, 17, 15, 18,
- 15, 19, 15, 15, 20, 20, 21, 21, 21
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
-static const yytype_uint8 yyr2[] =
-{
- 0, 2, 2, 0, 3, 0, 5, 0, 5, 0,
- 5, 0, 4, 1, 4, 0, 3, 2, 0
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
- STATE-NUM when YYTABLE doesn't specify something else to do. Zero
- means the default is an error. */
-static const yytype_uint8 yydefact[] =
-{
- 3, 0, 1, 13, 0, 0, 0, 0, 0, 2,
- 0, 0, 0, 11, 0, 5, 7, 9, 0, 4,
- 15, 15, 15, 12, 18, 6, 8, 10, 0, 0,
- 17, 15, 16, 14
-};
-
-/* YYDEFGOTO[NTERM-NUM]. */
-static const yytype_int8 yydefgoto[] =
-{
- -1, 1, 9, 20, 21, 22, 18, 25, 29
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
- STATE-NUM. */
-#define YYPACT_NINF -20
-static const yytype_int8 yypact[] =
-{
- -20, 0, -20, -20, -6, -8, -5, 1, 2, -20,
- 10, 11, 12, -20, 13, -20, -20, -20, 14, -20,
- 16, 16, 16, -20, 9, -20, -20, -20, 19, 18,
- 15, 16, -20, -20
-};
-
-/* YYPGOTO[NTERM-NUM]. */
-static const yytype_int8 yypgoto[] =
-{
- -20, -20, -20, -20, -20, -20, -20, -19, -20
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
- positive, shift that token. If negative, reduce the rule which
- number is the opposite. If zero, do what YYDEFACT says.
- If YYTABLE_NINF, syntax error. */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
- 2, 10, 26, 27, 11, 3, 4, 12, 5, 6,
- 7, 8, 33, 13, 14, 15, 16, 17, 19, 23,
- 24, 28, 30, 31, 0, 0, 0, 32
-};
-
-static const yytype_int8 yycheck[] =
-{
- 0, 7, 21, 22, 12, 5, 6, 12, 8, 9,
- 10, 11, 31, 12, 12, 5, 5, 5, 5, 5,
- 4, 12, 3, 5, -1, -1, -1, 12
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
- symbol of state STATE-NUM. */
-static const yytype_uint8 yystos[] =
-{
- 0, 14, 0, 5, 6, 8, 9, 10, 11, 15,
- 7, 12, 12, 12, 12, 5, 5, 5, 19, 5,
- 16, 17, 18, 5, 4, 20, 20, 20, 12, 21,
- 3, 5, 12, 20
-};
-
-#define yyerrok (yyerrstatus = 0)
-#define yyclearin (yychar = YYEMPTY)
-#define YYEMPTY (-2)
-#define YYEOF 0
-
-#define YYACCEPT goto yyacceptlab
-#define YYABORT goto yyabortlab
-#define YYERROR goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror. This remains here temporarily
- to ease the transition to the new meaning of YYERROR, for GCC.
- Once GCC version 2 has supplanted version 1, this can go. */
-
-#define YYFAIL goto yyerrlab
-
-#define YYRECOVERING() (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value) \
-do \
- if (yychar == YYEMPTY && yylen == 1) \
- { \
- yychar = (Token); \
- yylval = (Value); \
- yytoken = YYTRANSLATE (yychar); \
- YYPOPSTACK (1); \
- goto yybackup; \
- } \
- else \
- { \
- yyerror (YY_("syntax error: cannot back up")); \
- YYERROR; \
- } \
-while (YYID (0))
-
-
-#define YYTERROR 1
-#define YYERRCODE 256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
- If N is 0, then set CURRENT to the empty location which ends
- the previous symbol: RHS[0] (always defined). */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N) \
- do \
- if (YYID (N)) \
- { \
- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
- } \
- else \
- { \
- (Current).first_line = (Current).last_line = \
- YYRHSLOC (Rhs, 0).last_line; \
- (Current).first_column = (Current).last_column = \
- YYRHSLOC (Rhs, 0).last_column; \
- } \
- while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
- This macro was not mandated originally: define only if we know
- we won't break user code: when these are the locations we know. */
-
-#ifndef YY_LOCATION_PRINT
-# if YYLTYPE_IS_TRIVIAL
-# define YY_LOCATION_PRINT(File, Loc) \
- fprintf (File, "%d.%d-%d.%d", \
- (Loc).first_line, (Loc).first_column, \
- (Loc).last_line, (Loc).last_column)
-# else
-# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments. */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested. */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-# define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args) \
-do { \
- if (yydebug) \
- YYFPRINTF Args; \
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
-do { \
- if (yydebug) \
- { \
- YYFPRINTF (stderr, "%s ", Title); \
- yy_symbol_print (stderr, \
- Type, Value); \
- YYFPRINTF (stderr, "\n"); \
- } \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT. |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, const YYSTYPE * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
- FILE *yyoutput;
- int yytype;
- const YYSTYPE * const yyvaluep;
-#endif
-{
- if (!yyvaluep)
- return;
-# ifdef YYPRINT
- if (yytype < YYNTOKENS)
- YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
- YYUSE (yyoutput);
-# endif
- switch (yytype)
- {
- default:
- break;
- }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT. |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, const YYSTYPE * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
- FILE *yyoutput;
- int yytype;
- const YYSTYPE * const yyvaluep;
-#endif
-{
- if (yytype < YYNTOKENS)
- YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
- else
- YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
- yy_symbol_value_print (yyoutput, yytype, yyvaluep);
- YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included). |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
- yytype_int16 *bottom;
- yytype_int16 *top;
-#endif
-{
- YYFPRINTF (stderr, "Stack now");
- for (; bottom <= top; ++bottom)
- YYFPRINTF (stderr, " %d", *bottom);
- YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top) \
-do { \
- if (yydebug) \
- yy_stack_print ((Bottom), (Top)); \
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced. |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp,
- int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule
- )
- YYSTYPE *yyvsp;
-
- int yyrule;
-#endif
-{
- int yynrhs = yyr2[yyrule];
- int yyi;
- unsigned long int yylno = yyrline[yyrule];
- YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
- yyrule - 1, yylno);
- /* The symbols being reduced. */
- for (yyi = 0; yyi < yynrhs; yyi++)
- {
- fprintf (stderr, " $%d = ", yyi + 1);
- yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
- &(yyvsp[(yyi + 1) - (yynrhs)])
- );
- fprintf (stderr, "\n");
- }
-}
-
-# define YY_REDUCE_PRINT(Rule) \
-do { \
- if (yydebug) \
- yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace. It is left uninitialized so that
- multiple parsers can coexist. */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks. */
-#ifndef YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
- if the built-in stack extension method is used).
-
- Do not make this value too large; the results are undefined if
- YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
- evaluated with infinite-precision integer arithmetic. */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-# if defined __GLIBC__ && defined _STRING_H
-# define yystrlen strlen
-# else
-/* Return the length of YYSTR. */
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
- const char *yystr;
-#endif
-{
- YYSIZE_T yylen;
- for (yylen = 0; yystr[yylen]; yylen++)
- continue;
- return yylen;
-}
-# endif
-# endif
-
-# ifndef yystpcpy
-# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-# define yystpcpy stpcpy
-# else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
- YYDEST. */
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
- char *yydest;
- const char *yysrc;
-#endif
-{
- char *yyd = yydest;
- const char *yys = yysrc;
-
- while ((*yyd++ = *yys++) != '\0')
- continue;
-
- return yyd - 1;
-}
-# endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
- quotes and backslashes, so that it's suitable for yyerror. The
- heuristic is that double-quoting is unnecessary unless the string
- contains an apostrophe, a comma, or backslash (other than
- backslash-backslash). YYSTR is taken from yytname. If YYRES is
- null, do not copy; instead, return the length of what the result
- would have been. */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
- if (*yystr == '"')
- {
- YYSIZE_T yyn = 0;
- char const *yyp = yystr;
-
- for (;;)
- switch (*++yyp)
- {
- case '\'':
- case ',':
- goto do_not_strip_quotes;
-
- case '\\':
- if (*++yyp != '\\')
- goto do_not_strip_quotes;
- /* Fall through. */
- default:
- if (yyres)
- yyres[yyn] = *yyp;
- yyn++;
- break;
-
- case '"':
- if (yyres)
- yyres[yyn] = '\0';
- return yyn;
- }
- do_not_strip_quotes: ;
- }
-
- if (! yyres)
- return yystrlen (yystr);
-
- return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
- YYCHAR while in state YYSTATE. Return the number of bytes copied,
- including the terminating null byte. If YYRESULT is null, do not
- copy anything; just return the number of bytes that would be
- copied. As a special case, return 0 if an ordinary "syntax error"
- message will do. Return YYSIZE_MAXIMUM if overflow occurs during
- size calculation. */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
- int yyn = yypact[yystate];
-
- if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
- return 0;
- else
- {
- int yytype = YYTRANSLATE (yychar);
- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
- YYSIZE_T yysize = yysize0;
- YYSIZE_T yysize1;
- int yysize_overflow = 0;
- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
- int yyx;
-
-# if 0
- /* This is so xgettext sees the translatable formats that are
- constructed on the fly. */
- YY_("syntax error, unexpected %s");
- YY_("syntax error, unexpected %s, expecting %s");
- YY_("syntax error, unexpected %s, expecting %s or %s");
- YY_("syntax error, unexpected %s, expecting %s or %s or %s");
- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
- char *yyfmt;
- char const *yyf;
- static char const yyunexpected[] = "syntax error, unexpected %s";
- static char const yyexpecting[] = ", expecting %s";
- static char const yyor[] = " or %s";
- char yyformat[sizeof yyunexpected
- + sizeof yyexpecting - 1
- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
- * (sizeof yyor - 1))];
- char const *yyprefix = yyexpecting;
-
- /* Start YYX at -YYN if negative to avoid negative indexes in
- YYCHECK. */
- int yyxbegin = yyn < 0 ? -yyn : 0;
-
- /* Stay within bounds of both yycheck and yytname. */
- int yychecklim = YYLAST - yyn + 1;
- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
- int yycount = 1;
-
- yyarg[0] = yytname[yytype];
- yyfmt = yystpcpy (yyformat, yyunexpected);
-
- for (yyx = yyxbegin; yyx < yyxend; ++yyx)
- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
- {
- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
- {
- yycount = 1;
- yysize = yysize0;
- yyformat[sizeof yyunexpected - 1] = '\0';
- break;
- }
- yyarg[yycount++] = yytname[yyx];
- yysize1 = yysize + yytnamerr (0, yytname[yyx]);
- yysize_overflow |= (yysize1 < yysize);
- yysize = yysize1;
- yyfmt = yystpcpy (yyfmt, yyprefix);
- yyprefix = yyor;
- }
-
- yyf = YY_(yyformat);
- yysize1 = yysize + yystrlen (yyf);
- yysize_overflow |= (yysize1 < yysize);
- yysize = yysize1;
-
- if (yysize_overflow)
- return YYSIZE_MAXIMUM;
-
- if (yyresult)
- {
- /* Avoid sprintf, as that infringes on the user's name space.
- Don't have undefined behavior even if the translation
- produced a string with the wrong number of "%s"s. */
- char *yyp = yyresult;
- int yyi = 0;
- while ((*yyp = *yyf) != '\0')
- {
- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
- {
- yyp += yytnamerr (yyp, yyarg[yyi++]);
- yyf += 2;
- }
- else
- {
- yyp++;
- yyf++;
- }
- }
- }
- return yysize;
- }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol. |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
- const char *yymsg;
- int yytype;
- YYSTYPE *yyvaluep;
-#endif
-{
- YYUSE (yyvaluep);
-
- if (!yymsg)
- yymsg = "Deleting";
- YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
- switch (yytype)
- {
-
- default:
- break;
- }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes. */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol. */
-int yychar;
-
-/* The semantic value of the look-ahead symbol. */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far. */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse. |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
- void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
- || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-
- int yystate;
- int yyn;
- int yyresult;
- /* Number of tokens to shift before error messages enabled. */
- int yyerrstatus;
- /* Look-ahead token as an internal (translated) token number. */
- int yytoken = 0;
-#if YYERROR_VERBOSE
- /* Buffer for error messages, and its allocated size. */
- char yymsgbuf[128];
- char *yymsg = yymsgbuf;
- YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
- /* Three stacks and their tools:
- `yyss': related to states,
- `yyvs': related to semantic values,
- `yyls': related to locations.
-
- Refer to the stacks thru separate pointers, to allow yyoverflow
- to reallocate them elsewhere. */
-
- /* The state stack. */
- yytype_int16 yyssa[YYINITDEPTH];
- yytype_int16 *yyss = yyssa;
- yytype_int16 *yyssp;
-
- /* The semantic value stack. */
- YYSTYPE yyvsa[YYINITDEPTH];
- YYSTYPE *yyvs = yyvsa;
- YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
-
- YYSIZE_T yystacksize = YYINITDEPTH;
-
- /* The variables used to return semantic value and location from the
- action routines. */
- YYSTYPE yyval;
-
-
- /* The number of symbols on the RHS of the reduced rule.
- Keep to zero when no symbol should be popped. */
- int yylen = 0;
-
- YYDPRINTF ((stderr, "Starting parse\n"));
-
- yystate = 0;
- yyerrstatus = 0;
- yynerrs = 0;
- yychar = YYEMPTY; /* Cause a token to be read. */
-
- /* Initialize stack pointers.
- Waste one element of value and location stack
- so that they stay on the same level as the state stack.
- The wasted elements are never initialized. */
-
- yyssp = yyss;
- yyvsp = yyvs;
-
- goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate. |
-`------------------------------------------------------------*/
- yynewstate:
- /* In all cases, when you get here, the value and location stacks
- have just been pushed. So pushing a state here evens the stacks. */
- yyssp++;
-
- yysetstate:
- *yyssp = yystate;
-
- if (yyss + yystacksize - 1 <= yyssp)
- {
- /* Get the current used size of the three stacks, in elements. */
- YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
- {
- /* Give user a chance to reallocate the stack. Use copies of
- these so that the &'s don't force the real ones into
- memory. */
- YYSTYPE *yyvs1 = yyvs;
- yytype_int16 *yyss1 = yyss;
-
-
- /* Each stack pointer address is followed by the size of the
- data in use in that stack, in bytes. This used to be a
- conditional around just the two extra args, but that might
- be undefined if yyoverflow is a macro. */
- yyoverflow (YY_("memory exhausted"),
- &yyss1, yysize * sizeof (*yyssp),
- &yyvs1, yysize * sizeof (*yyvsp),
-
- &yystacksize);
-
- yyss = yyss1;
- yyvs = yyvs1;
- }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
- goto yyexhaustedlab;
-# else
- /* Extend the stack our own way. */
- if (YYMAXDEPTH <= yystacksize)
- goto yyexhaustedlab;
- yystacksize *= 2;
- if (YYMAXDEPTH < yystacksize)
- yystacksize = YYMAXDEPTH;
-
- {
- yytype_int16 *yyss1 = yyss;
- union yyalloc *yyptr =
- (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
- if (! yyptr)
- goto yyexhaustedlab;
- YYSTACK_RELOCATE (yyss);
- YYSTACK_RELOCATE (yyvs);
-
-# undef YYSTACK_RELOCATE
- if (yyss1 != yyssa)
- YYSTACK_FREE (yyss1);
- }
-# endif
-#endif /* no yyoverflow */
-
- yyssp = yyss + yysize - 1;
- yyvsp = yyvs + yysize - 1;
-
-
- YYDPRINTF ((stderr, "Stack size increased to %lu\n",
- (unsigned long int) yystacksize));
-
- if (yyss + yystacksize - 1 <= yyssp)
- YYABORT;
- }
-
- YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
- goto yybackup;
-
-/*-----------.
-| yybackup. |
-`-----------*/
-yybackup:
-
- /* Do appropriate processing given the current state. Read a
- look-ahead token if we need one and don't already have one. */
-
- /* First try to decide what to do without reference to look-ahead token. */
- yyn = yypact[yystate];
- if (yyn == YYPACT_NINF)
- goto yydefault;
-
- /* Not known => get a look-ahead token if don't already have one. */
-
- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
- if (yychar == YYEMPTY)
- {
- YYDPRINTF ((stderr, "Reading a token: "));
- yychar = YYLEX;
- }
-
- if (yychar <= YYEOF)
- {
- yychar = yytoken = YYEOF;
- YYDPRINTF ((stderr, "Now at end of input.\n"));
- }
- else
- {
- yytoken = YYTRANSLATE (yychar);
- YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
- }
-
- /* If the proper action on seeing token YYTOKEN is to reduce or to
- detect an error, take that action. */
- yyn += yytoken;
- if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
- goto yydefault;
- yyn = yytable[yyn];
- if (yyn <= 0)
- {
- if (yyn == 0 || yyn == YYTABLE_NINF)
- goto yyerrlab;
- yyn = -yyn;
- goto yyreduce;
- }
-
- if (yyn == YYFINAL)
- YYACCEPT;
-
- /* Count tokens shifted since error; after three, turn off error
- status. */
- if (yyerrstatus)
- yyerrstatus--;
-
- /* Shift the look-ahead token. */
- YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
- /* Discard the shifted token unless it is eof. */
- if (yychar != YYEOF)
- yychar = YYEMPTY;
-
- yystate = yyn;
- *++yyvsp = yylval;
-
- goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state. |
-`-----------------------------------------------------------*/
-yydefault:
- yyn = yydefact[yystate];
- if (yyn == 0)
- goto yyerrlab;
- goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction. |
-`-----------------------------*/
-yyreduce:
- /* yyn is the number of a rule to reduce with. */
- yylen = yyr2[yyn];
-
- /* If YYLEN is nonzero, implement the default value of the action:
- `$$ = $1'.
-
- Otherwise, the following line sets YYVAL to garbage.
- This behavior is undocumented and Bison
- users should not rely upon it. Assigning to YYVAL
- unconditionally makes the parser a bit smaller, and it avoids a
- GCC warning that YYVAL may be used uninitialized. */
- yyval = yyvsp[1-yylen];
-
-
- YY_REDUCE_PRINT (yyn);
- switch (yyn)
- {
- case 4:
-#line 73 "parser.y"
- {
- free((yyvsp[(2) - (3)].s));
- ;}
- break;
-
- case 5:
-#line 77 "parser.y"
- {
- _parser_kw = &(_parser_cfg->config_setup);
- _parser_kw_last = NULL;
- ;}
- break;
-
- case 7:
-#line 82 "parser.y"
- {
- section_list_t *section = (section_list_t *)alloc_thing(section_list_t
- , "section_list_t");
-
- section->name = clone_str((yyvsp[(2) - (3)].s), "conn section name");
- section->kw = NULL;
- section->next = NULL;
- _parser_kw = &(section->kw);
- if (!_parser_cfg->conn_first)
- _parser_cfg->conn_first = section;
- if (_parser_cfg->conn_last)
- _parser_cfg->conn_last->next = section;
- _parser_cfg->conn_last = section;
- _parser_kw_last = NULL;
- free((yyvsp[(2) - (3)].s));
- ;}
- break;
-
- case 9:
-#line 99 "parser.y"
- {
- section_list_t *section = (section_list_t *)alloc_thing(section_list_t
- , "section_list_t");
- section->name = clone_str((yyvsp[(2) - (3)].s), "ca section name");
- section->kw = NULL;
- section->next = NULL;
- _parser_kw = &(section->kw);
- if (!_parser_cfg->ca_first)
- _parser_cfg->ca_first = section;
- if (_parser_cfg->ca_last)
- _parser_cfg->ca_last->next = section;
- _parser_cfg->ca_last = section;
- _parser_kw_last = NULL;
- free((yyvsp[(2) - (3)].s));
- ;}
- break;
-
- case 11:
-#line 115 "parser.y"
- {
- extern void _parser_y_include (const char *f);
- _parser_y_include((yyvsp[(2) - (2)].s));
- free((yyvsp[(2) - (2)].s));
- ;}
- break;
-
- case 16:
-#line 130 "parser.y"
- {
- kw_list_t *new;
- kw_entry_t *entry = in_word_set((yyvsp[(1) - (3)].s), strlen((yyvsp[(1) - (3)].s)));
-
- if (entry == NULL)
- {
- snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", (yyvsp[(1) - (3)].s));
- yyerror(errbuf);
- }
- else if (_parser_kw)
- {
- new = (kw_list_t *)alloc_thing(kw_list_t, "kw_list_t");
- new->entry = entry;
- new->value = clone_str((yyvsp[(3) - (3)].s), "kw_list value");
- new->next = NULL;
- if (_parser_kw_last)
- _parser_kw_last->next = new;
- _parser_kw_last = new;
- if (!*_parser_kw)
- *_parser_kw = new;
- }
- free((yyvsp[(1) - (3)].s));
- free((yyvsp[(3) - (3)].s));
- ;}
- break;
-
- case 17:
-#line 155 "parser.y"
- {
- free((yyvsp[(1) - (2)].s));
- ;}
- break;
-
-
-/* Line 1267 of yacc.c. */
-#line 1496 "parser.tab.c"
- default: break;
- }
- YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
- YYPOPSTACK (yylen);
- yylen = 0;
- YY_STACK_PRINT (yyss, yyssp);
-
- *++yyvsp = yyval;
-
-
- /* Now `shift' the result of the reduction. Determine what state
- that goes to, based on the state we popped back to and the rule
- number reduced by. */
-
- yyn = yyr1[yyn];
-
- yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
- if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
- yystate = yytable[yystate];
- else
- yystate = yydefgoto[yyn - YYNTOKENS];
-
- goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
- /* If not already recovering from an error, report this error. */
- if (!yyerrstatus)
- {
- ++yynerrs;
-#if ! YYERROR_VERBOSE
- yyerror (YY_("syntax error"));
-#else
- {
- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
- {
- YYSIZE_T yyalloc = 2 * yysize;
- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
- yyalloc = YYSTACK_ALLOC_MAXIMUM;
- if (yymsg != yymsgbuf)
- YYSTACK_FREE (yymsg);
- yymsg = (char *) YYSTACK_ALLOC (yyalloc);
- if (yymsg)
- yymsg_alloc = yyalloc;
- else
- {
- yymsg = yymsgbuf;
- yymsg_alloc = sizeof yymsgbuf;
- }
- }
-
- if (0 < yysize && yysize <= yymsg_alloc)
- {
- (void) yysyntax_error (yymsg, yystate, yychar);
- yyerror (yymsg);
- }
- else
- {
- yyerror (YY_("syntax error"));
- if (yysize != 0)
- goto yyexhaustedlab;
- }
- }
-#endif
- }
-
-
-
- if (yyerrstatus == 3)
- {
- /* If just tried and failed to reuse look-ahead token after an
- error, discard it. */
-
- if (yychar <= YYEOF)
- {
- /* Return failure if at end of input. */
- if (yychar == YYEOF)
- YYABORT;
- }
- else
- {
- yydestruct ("Error: discarding",
- yytoken, &yylval);
- yychar = YYEMPTY;
- }
- }
-
- /* Else will try to reuse look-ahead token after shifting the error
- token. */
- goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR. |
-`---------------------------------------------------*/
-yyerrorlab:
-
- /* Pacify compilers like GCC when the user code never invokes
- YYERROR and the label yyerrorlab therefore never appears in user
- code. */
- if (/*CONSTCOND*/ 0)
- goto yyerrorlab;
-
- /* Do not reclaim the symbols of the rule which action triggered
- this YYERROR. */
- YYPOPSTACK (yylen);
- yylen = 0;
- YY_STACK_PRINT (yyss, yyssp);
- yystate = *yyssp;
- goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR. |
-`-------------------------------------------------------------*/
-yyerrlab1:
- yyerrstatus = 3; /* Each real token shifted decrements this. */
-
- for (;;)
- {
- yyn = yypact[yystate];
- if (yyn != YYPACT_NINF)
- {
- yyn += YYTERROR;
- if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
- {
- yyn = yytable[yyn];
- if (0 < yyn)
- break;
- }
- }
-
- /* Pop the current state because it cannot handle the error token. */
- if (yyssp == yyss)
- YYABORT;
-
-
- yydestruct ("Error: popping",
- yystos[yystate], yyvsp);
- YYPOPSTACK (1);
- yystate = *yyssp;
- YY_STACK_PRINT (yyss, yyssp);
- }
-
- if (yyn == YYFINAL)
- YYACCEPT;
-
- *++yyvsp = yylval;
-
-
- /* Shift the error token. */
- YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
- yystate = yyn;
- goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here. |
-`-------------------------------------*/
-yyacceptlab:
- yyresult = 0;
- goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here. |
-`-----------------------------------*/
-yyabortlab:
- yyresult = 1;
- goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here. |
-`-------------------------------------------------*/
-yyexhaustedlab:
- yyerror (YY_("memory exhausted"));
- yyresult = 2;
- /* Fall through. */
-#endif
-
-yyreturn:
- if (yychar != YYEOF && yychar != YYEMPTY)
- yydestruct ("Cleanup: discarding lookahead",
- yytoken, &yylval);
- /* Do not reclaim the symbols of the rule which action triggered
- this YYABORT or YYACCEPT. */
- YYPOPSTACK (yylen);
- YY_STACK_PRINT (yyss, yyssp);
- while (yyssp != yyss)
- {
- yydestruct ("Cleanup: popping",
- yystos[*yyssp], yyvsp);
- YYPOPSTACK (1);
- }
-#ifndef yyoverflow
- if (yyss != yyssa)
- YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
- if (yymsg != yymsgbuf)
- YYSTACK_FREE (yymsg);
-#endif
- return yyresult;
-}
-
-
-#line 161 "parser.y"
-
-
-void
-yyerror(const char *s)
-{
- if (_save_errors_)
- _parser_y_error(parser_errstring, ERRSTRING_LEN, s);
-}
-
-config_parsed_t *
-parser_load_conf(const char *file)
-{
- config_parsed_t *cfg = NULL;
- int err = 0;
- FILE *f;
-
- extern void _parser_y_init (const char *f);
- extern FILE *yyin;
-
- memset(parser_errstring, 0, ERRSTRING_LEN+1);
-
- cfg = (config_parsed_t *)alloc_thing(config_parsed_t, "config_parsed_t");
- if (cfg)
- {
- memset(cfg, 0, sizeof(config_parsed_t));
- f = fopen(file, "r");
- if (f)
- {
- yyin = f;
- _parser_y_init(file);
- _save_errors_ = 1;
- _parser_cfg = cfg;
-
- if (yyparse() !=0 )
- {
- if (parser_errstring[0] == '\0')
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error...");
- }
- _save_errors_ = 0;
- while (yyparse() != 0);
- err++;
- }
- else if (parser_errstring[0] != '\0')
- {
- err++;
- }
- else
- {
- /**
- * Config valid
- */
- }
-
- fclose(f);
- }
- else
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file);
- err++;
- }
- }
- else
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory");
- err++;
- }
-
- if (err)
- {
- plog("%s", parser_errstring);
-
- if (cfg)
- parser_free_conf(cfg);
- cfg = NULL;
- }
-
- return cfg;
-}
-
-static void
-parser_free_kwlist(kw_list_t *list)
-{
- kw_list_t *elt;
-
- while (list)
- {
- elt = list;
- list = list->next;
- if (elt->value)
- pfree(elt->value);
- pfree(elt);
- }
-}
-
-void
-parser_free_conf(config_parsed_t *cfg)
-{
- section_list_t *sec;
- if (cfg)
- {
- parser_free_kwlist(cfg->config_setup);
- while (cfg->conn_first)
- {
- sec = cfg->conn_first;
- cfg->conn_first = cfg->conn_first->next;
- if (sec->name)
- pfree(sec->name);
- parser_free_kwlist(sec->kw);
- pfree(sec);
- }
- while (cfg->ca_first)
- {
- sec = cfg->ca_first;
- cfg->ca_first = cfg->ca_first->next;
- if (sec->name)
- pfree(sec->name);
- parser_free_kwlist(sec->kw);
- pfree(sec);
- }
- pfree(cfg);
- }
-}
-
diff --git a/programs/starter/parser.tab.h b/programs/starter/parser.tab.h
deleted file mode 100644
index b6a810f51..000000000
--- a/programs/starter/parser.tab.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.2. */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
- Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
-
-/* As a special exception, you may create a larger work that contains
- part or all of the Bison parser skeleton and distribute that work
- under terms of your choice, so long as that work isn't itself a
- parser generator using the skeleton or a modified version thereof
- as a parser skeleton. Alternatively, if you modify or redistribute
- the parser skeleton itself, you may (at your option) remove this
- special exception, which will cause the skeleton and the resulting
- Bison output files to be licensed under the GNU General Public
- License without this special exception.
-
- This special exception was added by the Free Software Foundation in
- version 2.2 of Bison. */
-
-/* Tokens. */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
- /* Put the tokens into the symbol table, so that GDB and other debuggers
- know about them. */
- enum yytokentype {
- EQUAL = 258,
- FIRST_SPACES = 259,
- EOL = 260,
- CONFIG = 261,
- SETUP = 262,
- CONN = 263,
- CA = 264,
- INCLUDE = 265,
- VERSION = 266,
- STRING = 267
- };
-#endif
-/* Tokens. */
-#define EQUAL 258
-#define FIRST_SPACES 259
-#define EOL 260
-#define CONFIG 261
-#define SETUP 262
-#define CONN 263
-#define CA 264
-#define INCLUDE 265
-#define VERSION 266
-#define STRING 267
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 56 "parser.y"
-{ char *s; }
-/* Line 1528 of yacc.c. */
-#line 75 "parser.tab.h"
- YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/programs/starter/parser.y b/programs/starter/parser.y
deleted file mode 100644
index 159bbc651..000000000
--- a/programs/starter/parser.y
+++ /dev/null
@@ -1,283 +0,0 @@
-%{
-/* strongSwan config file parser (parser.y)
- * Copyright (C) 2001 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: parser.y,v 1.6 2006/01/17 23:43:36 as Exp $
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-#include "parser.h"
-
-#define YYERROR_VERBOSE
-#define ERRSTRING_LEN 256
-
-/**
- * Bison
- */
-static char parser_errstring[ERRSTRING_LEN+1];
-
-extern void yyerror(const char *s);
-extern int yylex (void);
-extern void _parser_y_error(char *b, int size, const char *s);
-
-/**
- * Static Globals
- */
-static int _save_errors_;
-static config_parsed_t *_parser_cfg;
-static kw_list_t **_parser_kw, *_parser_kw_last;
-static char errbuf[ERRSTRING_LEN+1];
-
-/**
- * Gperf
- */
-extern kw_entry_t *in_word_set (char *str, unsigned int len);
-
-%}
-
-%union { char *s; };
-%token EQUAL FIRST_SPACES EOL CONFIG SETUP CONN CA INCLUDE VERSION
-%token <s> STRING
-
-%%
-
-/*
- * Config file
- */
-
-config_file:
- config_file section_or_include
- | /* NULL */
- ;
-
-section_or_include:
- VERSION STRING EOL
- {
- free($2);
- }
- | CONFIG SETUP EOL
- {
- _parser_kw = &(_parser_cfg->config_setup);
- _parser_kw_last = NULL;
- } kw_section
- | CONN STRING EOL
- {
- section_list_t *section = (section_list_t *)alloc_thing(section_list_t
- , "section_list_t");
-
- section->name = clone_str($2, "conn section name");
- section->kw = NULL;
- section->next = NULL;
- _parser_kw = &(section->kw);
- if (!_parser_cfg->conn_first)
- _parser_cfg->conn_first = section;
- if (_parser_cfg->conn_last)
- _parser_cfg->conn_last->next = section;
- _parser_cfg->conn_last = section;
- _parser_kw_last = NULL;
- free($2);
- } kw_section
- | CA STRING EOL
- {
- section_list_t *section = (section_list_t *)alloc_thing(section_list_t
- , "section_list_t");
- section->name = clone_str($2, "ca section name");
- section->kw = NULL;
- section->next = NULL;
- _parser_kw = &(section->kw);
- if (!_parser_cfg->ca_first)
- _parser_cfg->ca_first = section;
- if (_parser_cfg->ca_last)
- _parser_cfg->ca_last->next = section;
- _parser_cfg->ca_last = section;
- _parser_kw_last = NULL;
- free($2);
- } kw_section
- | INCLUDE STRING
- {
- extern void _parser_y_include (const char *f);
- _parser_y_include($2);
- free($2);
- } EOL
- | EOL
- ;
-
-kw_section:
- FIRST_SPACES statement_kw EOL kw_section
- |
- ;
-
-statement_kw:
- STRING EQUAL STRING
- {
- kw_list_t *new;
- kw_entry_t *entry = in_word_set($1, strlen($1));
-
- if (entry == NULL)
- {
- snprintf(errbuf, ERRSTRING_LEN, "unknown keyword '%s'", $1);
- yyerror(errbuf);
- }
- else if (_parser_kw)
- {
- new = (kw_list_t *)alloc_thing(kw_list_t, "kw_list_t");
- new->entry = entry;
- new->value = clone_str($3, "kw_list value");
- new->next = NULL;
- if (_parser_kw_last)
- _parser_kw_last->next = new;
- _parser_kw_last = new;
- if (!*_parser_kw)
- *_parser_kw = new;
- }
- free($1);
- free($3);
- }
- | STRING EQUAL
- {
- free($1);
- }
- |
- ;
-
-%%
-
-void
-yyerror(const char *s)
-{
- if (_save_errors_)
- _parser_y_error(parser_errstring, ERRSTRING_LEN, s);
-}
-
-config_parsed_t *
-parser_load_conf(const char *file)
-{
- config_parsed_t *cfg = NULL;
- int err = 0;
- FILE *f;
-
- extern void _parser_y_init (const char *f);
- extern FILE *yyin;
-
- memset(parser_errstring, 0, ERRSTRING_LEN+1);
-
- cfg = (config_parsed_t *)alloc_thing(config_parsed_t, "config_parsed_t");
- if (cfg)
- {
- memset(cfg, 0, sizeof(config_parsed_t));
- f = fopen(file, "r");
- if (f)
- {
- yyin = f;
- _parser_y_init(file);
- _save_errors_ = 1;
- _parser_cfg = cfg;
-
- if (yyparse() !=0 )
- {
- if (parser_errstring[0] == '\0')
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "Unknown error...");
- }
- _save_errors_ = 0;
- while (yyparse() != 0);
- err++;
- }
- else if (parser_errstring[0] != '\0')
- {
- err++;
- }
- else
- {
- /**
- * Config valid
- */
- }
-
- fclose(f);
- }
- else
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "can't load file '%s'", file);
- err++;
- }
- }
- else
- {
- snprintf(parser_errstring, ERRSTRING_LEN, "can't allocate memory");
- err++;
- }
-
- if (err)
- {
- plog("%s", parser_errstring);
-
- if (cfg)
- parser_free_conf(cfg);
- cfg = NULL;
- }
-
- return cfg;
-}
-
-static void
-parser_free_kwlist(kw_list_t *list)
-{
- kw_list_t *elt;
-
- while (list)
- {
- elt = list;
- list = list->next;
- if (elt->value)
- pfree(elt->value);
- pfree(elt);
- }
-}
-
-void
-parser_free_conf(config_parsed_t *cfg)
-{
- section_list_t *sec;
- if (cfg)
- {
- parser_free_kwlist(cfg->config_setup);
- while (cfg->conn_first)
- {
- sec = cfg->conn_first;
- cfg->conn_first = cfg->conn_first->next;
- if (sec->name)
- pfree(sec->name);
- parser_free_kwlist(sec->kw);
- pfree(sec);
- }
- while (cfg->ca_first)
- {
- sec = cfg->ca_first;
- cfg->ca_first = cfg->ca_first->next;
- if (sec->name)
- pfree(sec->name);
- parser_free_kwlist(sec->kw);
- pfree(sec);
- }
- pfree(cfg);
- }
-}
diff --git a/programs/starter/starter.8 b/programs/starter/starter.8
deleted file mode 100644
index e69de29bb..000000000
--- a/programs/starter/starter.8
+++ /dev/null
diff --git a/programs/starter/starter.c b/programs/starter/starter.c
deleted file mode 100644
index 0b2c83369..000000000
--- a/programs/starter/starter.c
+++ /dev/null
@@ -1,571 +0,0 @@
-/* strongSwan IPsec starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: starter.c,v 1.23 2006/02/15 18:37:46 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-
-#include "confread.h"
-#include "files.h"
-#include "starterwhack.h"
-#include "invokepluto.h"
-#include "klips.h"
-#include "netkey.h"
-#include "cmp.h"
-#include "interfaces.h"
-
-#define FLAG_ACTION_START_PLUTO 0x01
-#define FLAG_ACTION_UPDATE 0x02
-#define FLAG_ACTION_RELOAD 0x04
-#define FLAG_ACTION_QUIT 0x08
-#define FLAG_ACTION_LISTEN 0x10
-
-static unsigned int _action_ = 0;
-
-static void
-fsig(int signal)
-{
- switch (signal)
- {
- case SIGCHLD:
- {
- int status;
- pid_t pid;
- char *name = NULL;
-
- while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
- {
- if (pid == starter_pluto_pid())
- name = " (Pluto)";
- if (WIFSIGNALED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has been killed by sig %d\n",
- pid, name?name:"", WTERMSIG(status))
- )
- else if (WIFSTOPPED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has been stopped by sig %d\n",
- pid, name?name:"", WSTOPSIG(status))
- )
- else if (WIFEXITED(status))
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has quit (exit code %d)\n",
- pid, name?name:"", WEXITSTATUS(status))
- )
- else
- DBG(DBG_CONTROL,
- DBG_log("child %d%s has quit", pid, name?name:"")
- )
-
- if (pid == starter_pluto_pid())
- starter_pluto_sigchild(pid);
- }
- }
- break;
-
- case SIGPIPE:
- /** ignore **/
- break;
-
- case SIGALRM:
- _action_ |= FLAG_ACTION_START_PLUTO;
- break;
-
- case SIGHUP:
- _action_ |= FLAG_ACTION_UPDATE;
- break;
-
- case SIGTERM:
- case SIGQUIT:
- case SIGINT:
- _action_ |= FLAG_ACTION_QUIT;
- break;
-
- case SIGUSR1:
- _action_ |= FLAG_ACTION_RELOAD;
- _action_ |= FLAG_ACTION_UPDATE;
- break;
-
- default:
- plog("fsig(): unknown signal %d -- investigate", signal);
- break;
- }
-}
-
-static void
-usage(char *name)
-{
- fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
- "[--debug|--debug-more|--debug-all]\n");
- exit(1);
-}
-
-int main (int argc, char **argv)
-{
- starter_config_t *cfg = NULL;
- starter_config_t *new_cfg;
- starter_conn_t *conn, *conn2;
- starter_ca_t *ca, *ca2;
-
- struct stat stb;
-
- char *err = NULL;
- int i;
- int id = 1;
- struct timeval tv;
- unsigned long auto_update = 0;
- time_t last_reload;
- bool has_netkey;
- bool no_fork = FALSE;
-
- /* global variables defined in log.h */
- log_to_stderr = TRUE;
- base_debugging = DBG_NONE;
-
- /* parse command line */
- for (i = 1; i < argc; i++)
- {
- if (streq(argv[i], "--debug"))
- {
- base_debugging |= DBG_CONTROL;
- }
- else if (streq(argv[i], "--debug-more"))
- {
- base_debugging |= DBG_CONTROLMORE;
- }
- else if (streq(argv[i], "--debug-all"))
- {
- base_debugging |= DBG_ALL;
- }
- else if (streq(argv[i], "--nofork"))
- {
- no_fork = TRUE;
- }
- else if (streq(argv[i], "--auto-update") && i+1 < argc)
- {
- auto_update = atoi(argv[++i]);
- if (!auto_update)
- usage(argv[0]);
- }
- else
- {
- usage(argv[0]);
- }
- }
-
- /* Init */
- init_log("ipsec_starter");
- cur_debugging = base_debugging;
-
- signal(SIGHUP, fsig);
- signal(SIGCHLD, fsig);
- signal(SIGPIPE, fsig);
- signal(SIGINT, fsig);
- signal(SIGTERM, fsig);
- signal(SIGQUIT, fsig);
- signal(SIGALRM, fsig);
- signal(SIGUSR1, fsig);
-
- /* verify that we can start */
- if (getuid() != 0)
- {
- plog("permission denied (must be superuser)");
- exit(1);
- }
-
- if (stat(PID_FILE, &stb) == 0)
- {
- plog("pluto is already running (%s exists) -- aborting", PID_FILE);
- exit(1);
- }
-
- if (stat(DEV_RANDOM, &stb) != 0)
- {
- plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
- exit(1);
- }
-
- if (stat(DEV_URANDOM, &stb)!= 0)
- {
- plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
- exit(1);
- }
-
- cfg = confread_load(CONFIG_FILE);
- if (!cfg)
- {
- plog("unable to start strongSwan -- errors in config");
- exit(1);
- }
-
- /* determine if we have a native netkey IPsec stack */
- has_netkey = starter_netkey_init();
-
- if (!has_netkey)
- {
- /* determine if we have a KLIPS IPsec stack instead */
- if (starter_klips_init())
- {
- starter_klips_set_config(cfg);
- starter_ifaces_init();
- starter_ifaces_clear();
- }
- else
- {
- plog("neither netkey nor KLIPS IPSec stack detected");
- exit(1);
- }
- }
-
- last_reload = time(NULL);
-
- plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
-
- /* fork if we're not debugging stuff */
- if (!no_fork)
- {
- log_to_stderr = FALSE;
-
- switch (fork())
- {
- case 0:
- {
- int fnull = open("/dev/null", O_RDWR);
-
- if (fnull >= 0)
- {
- dup2(fnull, STDIN_FILENO);
- dup2(fnull, STDOUT_FILENO);
- dup2(fnull, STDERR_FILENO);
- close(fnull);
- }
- }
- break;
- case -1:
- plog("can't fork: %s", strerror(errno));
- break;
- default:
- exit(0);
- }
- }
-
- /* save pid file in /var/run/starter.pid */
- {
- FILE *fd = fopen(MY_PID_FILE, "w");
-
- if (fd)
- {
- fprintf(fd, "%u\n", getpid());
- fclose(fd);
- }
- }
-
- if (!has_netkey)
- {
- starter_ifaces_load(cfg->setup.interfaces
- , cfg->setup.overridemtu
- , cfg->setup.nat_traversal
- , &cfg->defaultroute);
- }
-
- _action_ = FLAG_ACTION_START_PLUTO;
-
- for (;;)
- {
- /*
- * Stop pluto (if started) and exit
- */
- if (_action_ & FLAG_ACTION_QUIT)
- {
- if (starter_pluto_pid())
- starter_stop_pluto();
- if (has_netkey)
- starter_netkey_cleanup();
- else
- {
- starter_ifaces_clear();
- starter_klips_cleanup();
- }
- confread_free(cfg);
- unlink(MY_PID_FILE);
- unlink(INFO_FILE);
-#ifdef LEAK_DETECTIVE
- report_leaks();
-#endif /* LEAK_DETECTIVE */
- close_log();
- plog("ipsec starter stopped");
- exit(0);
- }
-
- /*
- * Delete all connections. Will be added below
- */
- if (_action_ & FLAG_ACTION_RELOAD)
- {
- if (starter_pluto_pid())
- {
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
- {
- starter_whack_del_conn(conn);
- conn->state = STATE_TO_ADD;
- }
- }
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
- {
- starter_whack_del_ca(ca);
- ca->state = STATE_TO_ADD;
- }
- }
- }
- _action_ &= ~FLAG_ACTION_RELOAD;
- }
-
- /*
- * Update configuration
- */
- if (_action_ & FLAG_ACTION_UPDATE)
- {
- err = NULL;
- DBG(DBG_CONTROL,
- DBG_log("Reloading config...")
- )
- new_cfg = confread_load(CONFIG_FILE);
-
- if (new_cfg)
- {
- /* Switch to new config. New conn will be loaded below */
- if (has_netkey)
- {
- if (!starter_cmp_defaultroute(&new_cfg->defaultroute
- , &cfg->defaultroute))
- {
- _action_ |= FLAG_ACTION_LISTEN;
- }
- }
- else
- {
- if (!starter_cmp_klips(cfg, new_cfg))
- {
- plog("KLIPS has changed");
- starter_klips_set_config(new_cfg);
- }
-
- if (starter_ifaces_load(new_cfg->setup.interfaces
- , new_cfg->setup.overridemtu
- , new_cfg->setup.nat_traversal
- , &new_cfg->defaultroute))
- {
- _action_ |= FLAG_ACTION_LISTEN;
- }
- }
-
- if (!starter_cmp_pluto(cfg, new_cfg))
- {
- plog("Pluto has changed");
- if (starter_pluto_pid())
- starter_stop_pluto();
- _action_ &= ~FLAG_ACTION_LISTEN;
- _action_ |= FLAG_ACTION_START_PLUTO;
- }
- else
- {
- /* Only reload conn and ca sections if pluto is not killed */
-
- /* Look for new connections that are already loaded */
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
- {
- for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
- {
- if (conn2->state == STATE_TO_ADD
- && starter_cmp_conn(conn, conn2))
- {
- conn->state = STATE_REPLACED;
- conn2->state = STATE_ADDED;
- conn2->id = conn->id;
- break;
- }
- }
- }
- }
-
- /* Remove conn sections that have become unused */
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
- starter_whack_del_conn(conn);
- }
-
- /* Look for new ca sections that are already loaded */
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
- {
- for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
- {
- if (ca2->state == STATE_TO_ADD
- && starter_cmp_ca(ca, ca2))
- {
- ca->state = STATE_REPLACED;
- ca2->state = STATE_ADDED;
- break;
- }
- }
- }
- }
-
- /* Remove ca sections that have become unused */
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
- starter_whack_del_ca(ca);
- }
- }
- confread_free(cfg);
- cfg = new_cfg;
- }
- else
- {
- plog("can't reload config file: %s -- keeping old one");
- }
- _action_ &= ~FLAG_ACTION_UPDATE;
- last_reload = time(NULL);
- }
-
- /*
- * Start pluto
- */
- if (_action_ & FLAG_ACTION_START_PLUTO)
- {
- if (starter_pluto_pid() == 0)
- {
- DBG(DBG_CONTROL,
- DBG_log("Attempting to start pluto...")
- )
- if (!has_netkey)
- starter_klips_clear();
-
- if (starter_start_pluto(cfg, no_fork) == 0)
- {
- starter_whack_listen();
- }
- else
- {
- /* schedule next try */
- alarm(PLUTO_RESTART_DELAY);
- }
- }
- _action_ &= ~FLAG_ACTION_START_PLUTO;
-
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_ADDED)
- ca->state = STATE_TO_ADD;
- }
-
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_ADDED)
- conn->state = STATE_TO_ADD;
- }
- }
-
- /*
- * Tell pluto to reread its interfaces
- */
- if (_action_ & FLAG_ACTION_LISTEN)
- {
- starter_whack_listen();
- _action_ &= ~FLAG_ACTION_LISTEN;
- }
-
- /*
- * Add stale conn and ca sections
- */
- if (starter_pluto_pid() != 0)
- {
- for (ca = cfg->ca_first; ca; ca = ca->next)
- {
- if (ca->state == STATE_TO_ADD)
- {
- starter_whack_add_ca(ca);
- ca->state = STATE_ADDED;
- }
- }
-
- for (conn = cfg->conn_first; conn; conn = conn->next)
- {
- if (conn->state == STATE_TO_ADD)
- {
- if (conn->id == 0)
- {
- /* affect new unique id */
- conn->id = id++;
- }
- starter_whack_add_conn(conn);
- conn->state = STATE_ADDED;
- if (conn->startup == STARTUP_START)
- starter_whack_initiate_conn(conn);
- else if (conn->startup == STARTUP_ROUTE)
- starter_whack_route_conn(conn);
- }
- }
- }
-
- /*
- * If auto_update activated, when to stop select
- */
- if (auto_update)
- {
- time_t now = time(NULL);
- tv.tv_sec = (now < last_reload + auto_update)
- ? (last_reload + auto_update-now) : 0;
- tv.tv_usec = 0;
- }
-
- /*
- * Wait for something to happen
- */
- if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0)
- {
- /* timeout -> auto_update */
- _action_ |= FLAG_ACTION_UPDATE;
- }
- }
-
- return 0;
-}
-
diff --git a/programs/starter/starterwhack.c b/programs/starter/starterwhack.c
deleted file mode 100644
index cb3e02172..000000000
--- a/programs/starter/starterwhack.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/* strongSwan whack functions to communicate with pluto (whack.c)
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: starterwhack.c,v 1.20 2007/01/18 21:16:45 as Exp $
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <stddef.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/log.h"
-#include "../pluto/whack.h"
-
-#include "starterwhack.h"
-#include "confread.h"
-#include "files.h"
-
-static int
-pack_str (char **p, char **next, char **roof)
-{
- const char *s = (*p==NULL) ? "" : *p; /* note: NULL becomes ""! */
- size_t len = strlen(s) + 1;
-
- if ((*roof - *next) < len)
- {
- return 0; /* not enough space */
- }
- else
- {
- strcpy(*next, s);
- *next += len;
- *p = NULL; /* don't send pointers on the wire! */
- return 1;
- }
-}
-
-static int
-send_whack_msg (whack_message_t *msg)
-{
- struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
- int sock;
- ssize_t len;
- char *str_next, *str_roof;
-
- /* pack strings */
- str_next = (char *)msg->string;
- str_roof = (char *)&msg->string[sizeof(msg->string)];
-
- if (!pack_str(&msg->name, &str_next, &str_roof)
- || !pack_str(&msg->left.id, &str_next, &str_roof)
- || !pack_str(&msg->left.cert, &str_next, &str_roof)
- || !pack_str(&msg->left.ca, &str_next, &str_roof)
- || !pack_str(&msg->left.groups, &str_next, &str_roof)
- || !pack_str(&msg->left.updown, &str_next, &str_roof)
-#ifdef VIRTUAL_IP
- || !pack_str(&msg->left.virt, &str_next, &str_roof)
-#endif
- || !pack_str(&msg->right.id, &str_next, &str_roof)
- || !pack_str(&msg->right.cert, &str_next, &str_roof)
- || !pack_str(&msg->right.ca, &str_next, &str_roof)
- || !pack_str(&msg->right.groups, &str_next, &str_roof)
- || !pack_str(&msg->right.updown, &str_next, &str_roof)
-#ifdef VIRTUAL_IP
- || !pack_str(&msg->right.virt, &str_next, &str_roof)
-#endif
- || !pack_str(&msg->keyid, &str_next, &str_roof)
- || !pack_str(&msg->myid, &str_next, &str_roof)
- || !pack_str(&msg->cacert, &str_next, &str_roof)
- || !pack_str(&msg->ldaphost, &str_next, &str_roof)
- || !pack_str(&msg->ldapbase, &str_next, &str_roof)
- || !pack_str(&msg->crluri, &str_next, &str_roof)
- || !pack_str(&msg->crluri2, &str_next, &str_roof)
- || !pack_str(&msg->ocspuri, &str_next, &str_roof)
- || !pack_str(&msg->ike, &str_next, &str_roof)
- || !pack_str(&msg->esp, &str_next, &str_roof)
- || !pack_str(&msg->sc_data, &str_next, &str_roof)
- || (str_roof - str_next < msg->keyval.len))
- {
- plog("send_wack_msg(): can't pack strings");
- return -1;
- }
- if (msg->keyval.ptr)
- memcpy(str_next, msg->keyval.ptr, msg->keyval.len);
- msg->keyval.ptr = NULL;
- str_next += msg->keyval.len;
- len = str_next - (char *)msg;
-
- /* connect to pluto ctl */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0)
- {
- plog("socket() failed: %s", strerror(errno));
- return -1;
- }
- if (connect(sock, (struct sockaddr *)&ctl_addr,
- offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
- {
- plog("connect(pluto_ctl) failed: %s", strerror(errno));
- close(sock);
- return -1;
- }
-
- /* send message */
- if (write(sock, msg, len) != len)
- {
- plog("write(pluto_ctl) failed: %s", strerror(errno));
- close(sock);
- return -1;
- }
-
- /* TODO: read reply */
- close(sock);
- return 0;
-}
-
-static void
-init_whack_msg(whack_message_t *msg)
-{
- memset(msg, 0, sizeof(whack_message_t));
- msg->magic = WHACK_MAGIC;
-}
-
-static char *
-connection_name(starter_conn_t *conn)
-{
- /* if connection name is '%auto', create a new name like conn_xxxxx */
- static char buf[32];
-
- if (streq(conn->name, "%auto"))
- {
- sprintf(buf, "conn_%ld", conn->id);
- return buf;
- }
- return conn->name;
-}
-
-static void
-set_whack_end(whack_end_t *w, starter_end_t *end)
-{
- w->id = end->id;
- w->cert = end->cert;
- w->ca = end->ca;
- w->groups = end->groups;
- w->host_addr = end->addr;
- w->host_nexthop = end->nexthop;
- w->host_srcip = end->srcip;
- w->has_client = end->has_client;
-
- if (w->has_client)
- w->client = end->subnet;
- else
- w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr);
-
- w->has_client_wildcard = end->has_client_wildcard;
- w->has_port_wildcard = end->has_port_wildcard;
- w->has_srcip = end->has_srcip;
- w->has_natip = end->has_natip;
- w->modecfg = end->modecfg;
- w->hostaccess = end->hostaccess;
- w->sendcert = end->sendcert;
- w->updown = end->updown;
- w->host_port = IKE_UDP_PORT;
- w->port = end->port;
- w->protocol = end->protocol;
- w->virt = end->virt;
-
- if (w->port != 0)
- {
- int port = htons(w->port);
-
- setportof(port, &w->host_addr);
- setportof(port, &w->client.addr);
- }
-}
-
-static int
-starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
-, const char *lr)
-{
- const char *err;
- static char keyspace[1024 + 4];
- whack_message_t msg;
-
- init_whack_msg(&msg);
-
- msg.whack_key = TRUE;
- msg.pubkey_alg = PUBKEY_ALG_RSA;
- if (end->id && end->rsakey)
- {
- /* special values to ignore */
- if (streq(end->rsakey, "")
- || streq(end->rsakey, "%none")
- || streq(end->rsakey, "%cert")
- || streq(end->rsakey, "0x00"))
- {
- return 0;
- }
- msg.keyid = end->id;
- err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len);
- if (err)
- {
- plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err);
- return 1;
- }
- else
- {
- msg.keyval.ptr = keyspace;
- return send_whack_msg(&msg);
- }
- }
- return 0;
-}
-
-int
-starter_whack_add_conn(starter_conn_t *conn)
-{
- whack_message_t msg;
- int r;
-
- init_whack_msg(&msg);
-
- msg.whack_connection = TRUE;
- msg.name = connection_name(conn);
-
- msg.addr_family = conn->addr_family;
- msg.tunnel_addr_family = conn->tunnel_addr_family;
- msg.sa_ike_life_seconds = conn->sa_ike_life_seconds;
- msg.sa_ipsec_life_seconds = conn->sa_ipsec_life_seconds;
- msg.sa_rekey_margin = conn->sa_rekey_margin;
- msg.sa_rekey_fuzz = conn->sa_rekey_fuzz;
- msg.sa_keying_tries = conn->sa_keying_tries;
- msg.policy = conn->policy;
-
- set_whack_end(&msg.left, &conn->left);
- set_whack_end(&msg.right, &conn->right);
-
- msg.esp = conn->esp;
- msg.ike = conn->ike;
- msg.pfsgroup = conn->pfsgroup;
-
- /* taken from pluto/whack.c */
- if (msg.pfsgroup)
- {
- char esp_buf[256];
-
- snprintf(esp_buf, sizeof (esp_buf), "%s;%s"
- , msg.esp ? msg.esp : ""
- , msg.pfsgroup ? msg.pfsgroup : "");
- msg.esp = esp_buf;
-
- DBG(DBG_CONTROL,
- DBG_log("Setting --esp=%s", msg.esp)
- )
- }
- msg.dpd_delay = conn->dpd_delay;
- msg.dpd_timeout = conn->dpd_timeout;
- msg.dpd_action = conn->dpd_action;
-/* msg.dpd_count = conn->dpd_count; not supported yet by strongSwan */
-
- r = send_whack_msg(&msg);
-
- if (r == 0 && (conn->policy & POLICY_RSASIG))
- {
- r += starter_whack_add_pubkey (conn, &conn->left, "left");
- r += starter_whack_add_pubkey (conn, &conn->right, "right");
- }
-
- return r;
-}
-
-int
-starter_whack_del_conn(starter_conn_t *conn)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
- msg.whack_delete = TRUE;
- msg.name = connection_name(conn);
- return send_whack_msg(&msg);
-}
-
-int
-starter_whack_route_conn(starter_conn_t *conn)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
- msg.whack_route = TRUE;
- msg.name = connection_name(conn);
- return send_whack_msg(&msg);
-}
-
-int
-starter_whack_initiate_conn(starter_conn_t *conn)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
- msg.whack_initiate = TRUE;
- msg.whack_async = TRUE;
- msg.name = connection_name(conn);
- return send_whack_msg(&msg);
-}
-
-int
-starter_whack_listen(void)
-{
- whack_message_t msg;
- init_whack_msg(&msg);
- msg.whack_listen = TRUE;
- return send_whack_msg(&msg);
-}
-
-int starter_whack_shutdown(void)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
- msg.whack_shutdown = TRUE;
- return send_whack_msg(&msg);
-}
-
-int
-starter_whack_add_ca(starter_ca_t *ca)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
-
- msg.whack_ca = TRUE;
- msg.name = ca->name;
- msg.cacert = ca->cacert;
- msg.ldaphost = ca->ldaphost;
- msg.ldapbase = ca->ldapbase;
- msg.crluri = ca->crluri;
- msg.crluri2 = ca->crluri2;
- msg.ocspuri = ca->ocspuri;
- msg.whack_strict = ca->strict;
-
- return send_whack_msg(&msg);
-}
-
-int
-starter_whack_del_ca(starter_ca_t *ca)
-{
- whack_message_t msg;
-
- init_whack_msg(&msg);
-
- msg.whack_delete = TRUE;
- msg.whack_ca = TRUE;
- msg.name = ca->name;
-
- return send_whack_msg(&msg);
-}
diff --git a/programs/starter/starterwhack.h b/programs/starter/starterwhack.h
deleted file mode 100644
index 2e79c0715..000000000
--- a/programs/starter/starterwhack.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* FreeS/WAN whack functions to communicate with pluto (whack.h)
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: starterwhack.h,v 1.6 2006/01/03 18:37:03 as Exp $
- */
-
-#ifndef _STARTER_WHACK_H_
-#define _STARTER_WHACK_H_
-
-#include "confread.h"
-
-extern int starter_whack_add_conn(starter_conn_t *conn);
-extern int starter_whack_del_conn(starter_conn_t *conn);
-extern int starter_whack_route_conn(starter_conn_t *conn);
-extern int starter_whack_initiate_conn(starter_conn_t *conn);
-extern int starter_whack_listen(void);
-extern int starter_whack_shutdown(void);
-extern int starter_whack_add_ca(starter_ca_t *ca);
-extern int starter_whack_del_ca(starter_ca_t *ca);
-
-#endif /* _STARTER_WHACK_H_ */
-
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-26 16:08:19 +0000