summaryrefslogtreecommitdiff
path: root/src/starter
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/Makefile.am2
-rw-r--r--src/starter/Makefile.in3
-rw-r--r--src/starter/args.c3
-rw-r--r--src/starter/cmp.c1
-rw-r--r--src/starter/confread.c64
-rw-r--r--src/starter/confread.h1
-rw-r--r--src/starter/ipsec.conf.57
-rw-r--r--src/starter/keywords.c224
-rw-r--r--src/starter/keywords.h3
-rw-r--r--src/starter/keywords.txt2
-rw-r--r--src/starter/lex.yy.c44
-rw-r--r--src/starter/parser.l4
-rw-r--r--src/starter/parser.y16
-rw-r--r--src/starter/starter.c11
-rw-r--r--src/starter/starterstroke.c1
-rw-r--r--src/starter/starterwhack.c29
-rw-r--r--src/starter/y.tab.c325
-rw-r--r--src/starter/y.tab.h42
18 files changed, 417 insertions, 365 deletions
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 7524b5f26..a235013f2 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -38,7 +38,7 @@ if USE_CHARON
AM_CFLAGS += -DSTART_CHARON
endif
-lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
$(LEX) $(srcdir)/parser.l
y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 79ea9de32..11449f465 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -232,6 +232,7 @@ ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
libdir = @libdir@
libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
@@ -718,7 +719,7 @@ uninstall-man: uninstall-man5 uninstall-man8
uninstall-man8
-lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
$(LEX) $(srcdir)/parser.l
y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/args.c b/src/starter/args.c
index ebbd42cc8..512f2f46f 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -248,11 +248,12 @@ static const token_info_t token_info[] =
/* end keywords */
{ ARG_MISC, 0, NULL /* KW_HOST */ },
+ { ARG_UINT, offsetof(starter_end_t, ikeport), NULL },
{ ARG_MISC, 0, NULL /* KW_NEXTHOP */ },
{ ARG_STR, offsetof(starter_end_t, subnet), NULL },
{ ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ },
{ ARG_MISC, 0, NULL /* KW_PROTOPORT */ },
- { ARG_MISC, 0, NULL /* KW_SOURCEIP */ },
+ { ARG_STR, offsetof(starter_end_t, sourceip), NULL },
{ ARG_MISC, 0, NULL /* KW_NATIP */ },
{ ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool },
{ ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool },
diff --git a/src/starter/cmp.c b/src/starter/cmp.c
index 8462a4819..33a057b44 100644
--- a/src/starter/cmp.c
+++ b/src/starter/cmp.c
@@ -43,6 +43,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
{
ADDCMP(addr);
}
+ VARCMP(ikeport);
ADDCMP(nexthop);
VARCMP(has_client);
VARCMP(has_client_wildcard);
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 07cc11503..e9b9028d5 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -96,6 +96,8 @@ static void default_values(starter_config_t *cfg)
anyaddr(AF_INET, &cfg->conn_default.left.nexthop);
anyaddr(AF_INET, &cfg->conn_default.right.addr);
anyaddr(AF_INET, &cfg->conn_default.right.nexthop);
+ cfg->conn_default.left.ikeport = 500;
+ cfg->conn_default.right.ikeport = 500;
cfg->ca_default.seen = LEMPTY;
}
@@ -105,8 +107,7 @@ static void default_values(starter_config_t *cfg)
else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
-static void
-load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
+static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
{
kw_list_t *kw;
@@ -193,11 +194,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
streq(value, "%config") || streq(value, "%cfg"))
{
/* request ip via config payload */
+ free(end->sourceip);
end->sourceip = NULL;
end->sourceip_mask = 1;
}
else
{ /* %poolname, strip %, serve ip requests */
+ free(end->sourceip);
end->sourceip = clone_str(value+1);
end->sourceip_mask = 0;
}
@@ -221,6 +224,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
goto err;
}
*pos = '\0';
+ free(end->sourceip);
end->sourceip = clone_str(value);
end->sourceip_mask = atoi(pos + 1);
}
@@ -232,7 +236,6 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
plog("# bad addr: %s=%s [%s]", name, value, ugh);
goto err;
}
- end->sourceip = clone_str(value);
end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ?
32 : 128;
}
@@ -419,8 +422,8 @@ err:
/*
* handles left|right=<FQDN> DNS resolution failure
*/
-static void
-handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_dns_failure(const char *label, starter_end_t *end,
+ starter_config_t *cfg)
{
if (end->dns_failed)
{
@@ -440,8 +443,8 @@ handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg
/*
* handles left|rightfirewall and left|rightupdown parameters
*/
-static void
-handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_firewall(const char *label, starter_end_t *end,
+ starter_config_t *cfg)
{
if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST)))
{
@@ -461,8 +464,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
/*
* parse a conn section
*/
-static void
-load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
+static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
{
char *conn_name = (conn->name == NULL)? "%default":conn->name;
@@ -718,8 +720,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
/*
* initialize a conn object with the default conn
*/
-static void
-conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
+static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
{
memcpy(conn, def, sizeof(starter_conn_t));
conn->name = clone_str(name);
@@ -732,8 +733,7 @@ conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
/*
* parse a ca section
*/
-static void
-load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
+static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
{
char *ca_name = (ca->name == NULL)? "%default":ca->name;
@@ -786,8 +786,7 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
/*
* initialize a ca object with the default ca
*/
-static void
-ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
+static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
{
memcpy(ca, def, sizeof(starter_ca_t));
ca->name = clone_str(name);
@@ -795,11 +794,11 @@ ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def);
}
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg);
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
+ starter_config_t *cfg);
-static void
-load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
+static void load_also_conns(starter_conn_t *conn, also_t *also,
+ starter_config_t *cfg)
{
while (also != NULL)
{
@@ -825,8 +824,8 @@ load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
/*
* find a conn included by also
*/
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
+ starter_config_t *cfg)
{
starter_conn_t *c = cfg->conn_first;
@@ -852,11 +851,10 @@ find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
return NULL;
}
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg);
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+ starter_config_t *cfg);
-static void
-load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
+static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
{
while (also != NULL)
{
@@ -882,8 +880,8 @@ load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
/*
* find a ca included by also
*/
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+ starter_config_t *cfg)
{
starter_ca_t *c = cfg->ca_first;
@@ -912,8 +910,7 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
/*
* free the memory used by also_t objects
*/
-static void
-free_also(also_t *head)
+static void free_also(also_t *head)
{
while (head != NULL)
{
@@ -928,8 +925,7 @@ free_also(also_t *head)
/*
* free the memory used by a starter_conn_t object
*/
-static void
-confread_free_conn(starter_conn_t *conn)
+static void confread_free_conn(starter_conn_t *conn)
{
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left);
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right);
@@ -950,8 +946,7 @@ confread_free_ca(starter_ca_t *ca)
/*
* free the memory used by a starter_config_t object
*/
-void
-confread_free(starter_config_t *cfg)
+void confread_free(starter_config_t *cfg)
{
starter_conn_t *conn = cfg->conn_first;
starter_ca_t *ca = cfg->ca_first;
@@ -986,8 +981,7 @@ confread_free(starter_config_t *cfg)
/*
* load and parse an IPsec configuration file
*/
-starter_config_t *
-confread_load(const char *file)
+starter_config_t* confread_load(const char *file)
{
starter_config_t *cfg = NULL;
config_parsed_t *cfgp;
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 7f3211628..199fab642 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -66,6 +66,7 @@ struct starter_end {
char *groups;
char *iface;
ip_address addr;
+ u_int ikeport;
ip_address nexthop;
char *subnet;
bool has_client;
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index d4dd7238f..4cb1cb0fc 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -604,6 +604,13 @@ identity to use for a second authentication for the left participant
(IKEv2 only); defaults to
.BR leftid .
.TP
+.B leftikeport
+UDP port the left participant uses for IKE communication. Currently supported in
+IKEv2 connections only. If unspecified, port 500 is used with port floating to
+4500 if NAT is detected or MOBIKE enabled. Specifying a local IKE port
+different from the default additionally requires a socket implementation that
+listens to this port.
+.TP
.B leftnexthop
this parameter is not needed any more because the NETKEY IPsec stack does
not require explicit routing entries for the traffic to be tunneled.
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index e379f78e9..df39f0dc7 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -54,12 +54,12 @@ struct kw_entry {
kw_token_t token;
};
-#define TOTAL_KEYWORDS 119
+#define TOTAL_KEYWORDS 121
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 17
-#define MAX_HASH_VALUE 215
-/* maximum key range = 199, duplicates = 0 */
+#define MIN_HASH_VALUE 11
+#define MAX_HASH_VALUE 230
+/* maximum key range = 220, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -75,32 +75,32 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 12,
- 78, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 4, 216, 20, 216, 45,
- 55, 4, 77, 14, 78, 4, 216, 119, 4, 89,
- 46, 34, 29, 216, 6, 12, 5, 56, 34, 216,
- 4, 20, 5, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 26,
+ 75, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 2, 231, 25, 231, 40,
+ 61, 2, 114, 24, 3, 2, 231, 101, 2, 96,
+ 48, 35, 23, 231, 4, 10, 3, 69, 25, 231,
+ 2, 18, 16, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+ 231, 231, 231, 231, 231, 231
};
register int hval = len;
@@ -128,119 +128,121 @@ static const struct kw_entry wordlist[] =
{"right", KW_RIGHT},
{"lifetime", KW_KEYLIFE},
{"leftcert", KW_LEFTCERT,},
+ {"reauth", KW_REAUTH},
{"leftfirewall", KW_LEFTFIREWALL},
{"leftsendcert", KW_LEFTSENDCERT},
+ {"rightikeport", KW_RIGHTIKEPORT},
{"leftprotoport", KW_LEFTPROTOPORT},
{"type", KW_TYPE},
- {"rekey", KW_REKEY},
{"leftgroups", KW_LEFTGROUPS},
+ {"rekey", KW_REKEY},
{"rightsubnet", KW_RIGHTSUBNET},
{"rightsendcert", KW_RIGHTSENDCERT},
+ {"righthostaccess", KW_RIGHTHOSTACCESS},
+ {"xauth", KW_XAUTH},
{"leftallowany", KW_LEFTALLOWANY},
- {"rightgroups", KW_RIGHTGROUPS},
{"esp", KW_ESP},
+ {"leftnexthop", KW_LEFTNEXTHOP},
{"lifebytes", KW_LIFEBYTES},
{"rightrsasigkey", KW_RIGHTRSASIGKEY},
- {"lifepackets", KW_LIFEPACKETS},
- {"leftnexthop", KW_LEFTNEXTHOP},
+ {"rightauth", KW_RIGHTAUTH},
{"leftrsasigkey", KW_LEFTRSASIGKEY},
- {"leftca", KW_LEFTCA},
- {"eap", KW_EAP},
- {"strictcrlpolicy", KW_STRICTCRLPOLICY},
{"rightprotoport", KW_RIGHTPROTOPORT},
{"plutostart", KW_PLUTOSTART},
- {"also", KW_ALSO},
- {"rightallowany", KW_RIGHTALLOWANY},
+ {"strictcrlpolicy", KW_STRICTCRLPOLICY},
+ {"lifepackets", KW_LIFEPACKETS},
+ {"rightgroups", KW_RIGHTGROUPS},
{"rightsourceip", KW_RIGHTSOURCEIP},
+ {"eap", KW_EAP},
{"crluri", KW_CRLURI},
- {"leftnatip", KW_LEFTNATIP},
- {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"hidetos", KW_HIDETOS},
{"rightcert", KW_RIGHTCERT},
{"certuribase", KW_CERTURIBASE},
+ {"leftca", KW_LEFTCA},
+ {"leftnatip", KW_LEFTNATIP},
+ {"rightallowany", KW_RIGHTALLOWANY},
+ {"lefthostaccess", KW_LEFTHOSTACCESS},
+ {"crlcheckinterval", KW_CRLCHECKINTERVAL},
+ {"also", KW_ALSO},
{"packetdefault", KW_PACKETDEFAULT},
+ {"virtual_private", KW_VIRTUAL_PRIVATE},
{"plutostderrlog", KW_PLUTOSTDERRLOG},
- {"crluri1", KW_CRLURI},
- {"crlcheckinterval", KW_CRLCHECKINTERVAL},
+ {"leftsourceip", KW_LEFTSOURCEIP},
{"rightid", KW_RIGHTID},
- {"virtual_private", KW_VIRTUAL_PRIVATE},
- {"leftsubnet", KW_LEFTSUBNET},
{"cacert", KW_CACERT},
{"rightca", KW_RIGHTCA},
- {"leftsourceip", KW_LEFTSOURCEIP},
+ {"crluri1", KW_CRLURI},
{"inactivity", KW_INACTIVITY},
{"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
{"installpolicy", KW_INSTALLPOLICY},
- {"nat_traversal", KW_NAT_TRAVERSAL},
- {"ldapbase", KW_LDAPBASE},
+ {"leftauth", KW_LEFTAUTH},
{"leftupdown", KW_LEFTUPDOWN},
+ {"leftsubnet", KW_LEFTSUBNET},
{"rightnatip", KW_RIGHTNATIP},
{"ocspuri", KW_OCSPURI},
{"rightnexthop", KW_RIGHTNEXTHOP},
{"leftcert2", KW_LEFTCERT2,},
{"rightid2", KW_RIGHTID2},
- {"rekeyfuzz", KW_REKEYFUZZ},
+ {"nat_traversal", KW_NAT_TRAVERSAL},
{"compress", KW_COMPRESS},
- {"rightfirewall", KW_RIGHTFIREWALL},
- {"ocspuri1", KW_OCSPURI},
- {"ldaphost", KW_LDAPHOST},
- {"xauth", KW_XAUTH},
+ {"ldapbase", KW_LDAPBASE},
+ {"auth", KW_AUTH},
{"postpluto", KW_POSTPLUTO},
- {"eap_identity", KW_EAP_IDENTITY},
- {"plutodebug", KW_PLUTODEBUG},
+ {"charonstart", KW_CHARONSTART},
+ {"ike", KW_IKE},
+ {"ldaphost", KW_LDAPHOST},
{"leftca2", KW_LEFTCA2},
- {"auto", KW_AUTO},
- {"righthostaccess", KW_RIGHTHOSTACCESS},
{"dpddelay", KW_DPDDELAY},
- {"rightauth", KW_RIGHTAUTH},
+ {"ocspuri1", KW_OCSPURI},
{"rightauth2", KW_RIGHTAUTH2},
- {"pfs", KW_PFS},
- {"authby", KW_AUTHBY},
- {"rightupdown", KW_RIGHTUPDOWN},
+ {"eap_identity", KW_EAP_IDENTITY},
+ {"leftikeport", KW_LEFTIKEPORT},
+ {"plutodebug", KW_PLUTODEBUG},
+ {"cachecrls", KW_CACHECRLS},
+ {"charondebug", KW_CHARONDEBUG},
+ {"crluri2", KW_CRLURI2},
+ {"rightca2", KW_RIGHTCA2},
+ {"mediated_by", KW_MEDIATED_BY},
+ {"rightcert2", KW_RIGHTCERT2},
{"leftid", KW_LEFTID},
+ {"auto", KW_AUTO},
+ {"rightupdown", KW_RIGHTUPDOWN},
+ {"rightfirewall", KW_RIGHTFIREWALL},
+ {"authby", KW_AUTHBY},
{"leftsubnetwithin", KW_LEFTSUBNETWITHIN},
{"uniqueids", KW_UNIQUEIDS},
- {"dumpdir", KW_DUMPDIR},
- {"mediated_by", KW_MEDIATED_BY},
- {"ike", KW_IKE},
- {"cachecrls", KW_CACHECRLS},
{"prepluto", KW_PREPLUTO},
- {"force_keepalive", KW_FORCE_KEEPALIVE},
- {"hidetos", KW_HIDETOS},
+ {"keep_alive", KW_KEEP_ALIVE},
{"mobike", KW_MOBIKE},
- {"forceencaps", KW_FORCEENCAPS},
{"overridemtu", KW_OVERRIDEMTU},
- {"crluri2", KW_CRLURI2},
- {"rightca2", KW_RIGHTCA2},
- {"rightcert2", KW_RIGHTCERT2},
+ {"dumpdir", KW_DUMPDIR},
{"dpdaction", KW_DPDACTION},
- {"nocrsend", KW_NOCRSEND},
+ {"rekeyfuzz", KW_REKEYFUZZ},
{"leftid2", KW_LEFTID2},
- {"interfaces", KW_INTERFACES},
- {"leftauth", KW_LEFTAUTH},
+ {"keyingtries", KW_KEYINGTRIES},
+ {"pfs", KW_PFS},
+ {"nocrsend", KW_NOCRSEND},
+ {"keyexchange", KW_KEYEXCHANGE},
{"leftauth2", KW_LEFTAUTH2},
{"mediation", KW_MEDIATION},
{"rekeymargin", KW_REKEYMARGIN},
- {"keep_alive", KW_KEEP_ALIVE},
- {"auth", KW_AUTH},
- {"keyingtries", KW_KEYINGTRIES},
- {"me_peerid", KW_ME_PEERID},
- {"fragicmp", KW_FRAGICMP},
- {"margintime", KW_REKEYMARGIN},
{"ocspuri2", KW_OCSPURI2},
- {"reauth", KW_REAUTH},
{"pkcs11module", KW_PKCS11MODULE},
- {"pfsgroup", KW_PFSGROUP},
- {"marginbytes", KW_MARGINBYTES},
{"pkcs11keepstate", KW_PKCS11KEEPSTATE},
- {"marginpackets", KW_MARGINPACKETS},
- {"modeconfig", KW_MODECONFIG},
- {"keyexchange", KW_KEYEXCHANGE},
- {"charonstart", KW_CHARONSTART},
+ {"force_keepalive", KW_FORCE_KEEPALIVE},
+ {"me_peerid", KW_ME_PEERID},
+ {"forceencaps", KW_FORCEENCAPS},
{"pkcs11initargs", KW_PKCS11INITARGS},
- {"dpdtimeout", KW_DPDTIMEOUT},
{"pkcs11proxy", KW_PKCS11PROXY},
- {"charondebug", KW_CHARONDEBUG},
+ {"margintime", KW_REKEYMARGIN},
+ {"interfaces", KW_INTERFACES},
+ {"fragicmp", KW_FRAGICMP},
+ {"marginbytes", KW_MARGINBYTES},
+ {"marginpackets", KW_MARGINPACKETS},
+ {"dpdtimeout", KW_DPDTIMEOUT},
{"klipsdebug", KW_KLIPSDEBUG},
+ {"modeconfig", KW_MODECONFIG},
+ {"pfsgroup", KW_PFSGROUP},
{"keylife", KW_KEYLIFE},
{"ikelifetime", KW_IKELIFETIME}
};
@@ -248,27 +250,29 @@ static const struct kw_entry wordlist[] =
static const short lookup[] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
- 1, -1, -1, -1, 2, 3, -1, -1, 4, 5,
- -1, -1, 6, 7, -1, 8, 9, -1, 10, -1,
- 11, -1, -1, -1, 12, -1, -1, 13, 14, 15,
- 16, 17, 18, 19, 20, -1, 21, 22, 23, -1,
- 24, -1, 25, 26, 27, 28, 29, -1, 30, 31,
- 32, -1, 33, 34, 35, 36, 37, 38, -1, 39,
- -1, 40, 41, 42, 43, 44, -1, 45, -1, 46,
- -1, 47, -1, 48, -1, 49, 50, 51, -1, 52,
- 53, 54, -1, 55, 56, 57, 58, 59, -1, -1,
- 60, 61, 62, 63, 64, 65, 66, 67, 68, -1,
- -1, 69, 70, 71, 72, -1, 73, 74, 75, 76,
- 77, 78, -1, 79, 80, 81, -1, 82, 83, 84,
- 85, 86, -1, 87, 88, -1, -1, 89, 90, 91,
- 92, 93, -1, 94, -1, -1, 95, 96, 97, -1,
- 98, 99, -1, -1, -1, 100, -1, -1, -1, 101,
- -1, 102, 103, -1, -1, -1, 104, 105, 106, 107,
- 108, 109, -1, 110, -1, 111, 112, -1, 113, -1,
- -1, 114, -1, -1, 115, -1, -1, -1, -1, -1,
- -1, -1, 116, -1, -1, -1, -1, -1, -1, -1,
- -1, 117, -1, -1, -1, 118
+ -1, 0, -1, -1, 1, -1, 2, 3, 4, -1,
+ 5, 6, -1, 7, 8, -1, -1, 9, 10, 11,
+ 12, -1, 13, -1, 14, 15, 16, -1, 17, -1,
+ 18, 19, 20, 21, -1, 22, 23, -1, 24, 25,
+ 26, 27, 28, 29, 30, -1, -1, 31, 32, 33,
+ 34, 35, 36, 37, 38, -1, 39, 40, -1, 41,
+ -1, -1, -1, 42, 43, -1, 44, 45, 46, 47,
+ 48, 49, -1, 50, 51, 52, 53, 54, 55, 56,
+ 57, 58, 59, -1, -1, 60, -1, -1, 61, -1,
+ -1, 62, -1, -1, 63, 64, -1, -1, 65, 66,
+ -1, 67, 68, 69, -1, -1, 70, -1, 71, 72,
+ 73, -1, -1, -1, 74, -1, 75, -1, 76, 77,
+ 78, 79, 80, 81, 82, 83, 84, 85, 86, 87,
+ 88, 89, 90, 91, 92, 93, -1, 94, 95, -1,
+ 96, -1, -1, -1, 97, -1, 98, 99, 100, -1,
+ -1, 101, 102, -1, 103, -1, -1, 104, 105, -1,
+ 106, -1, 107, -1, 108, -1, -1, -1, -1, 109,
+ -1, 110, -1, -1, 111, -1, -1, -1, -1, 112,
+ 113, -1, 114, 115, -1, -1, -1, -1, 116, -1,
+ 117, -1, -1, 118, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 119, -1, -1, -1,
+ 120
};
#ifdef __GNUC__
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 8be31d148..6c3907a6a 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -118,6 +118,7 @@ typedef enum {
/* end keywords */
KW_HOST,
KW_NEXTHOP,
+ KW_IKEPORT,
KW_SUBNET,
KW_SUBNETWITHIN,
KW_PROTOPORT,
@@ -145,6 +146,7 @@ typedef enum {
/* left end keywords */
KW_LEFT,
+ KW_LEFTIKEPORT,
KW_LEFTNEXTHOP,
KW_LEFTSUBNET,
KW_LEFTSUBNETWITHIN,
@@ -172,6 +174,7 @@ typedef enum {
/* right end keywords */
KW_RIGHT,
+ KW_RIGHTIKEPORT,
KW_RIGHTNEXTHOP,
KW_RIGHTSUBNET,
KW_RIGHTSUBNETWITHIN,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index adf3069bf..12037a685 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -98,6 +98,7 @@ ocspuri1, KW_OCSPURI
ocspuri2, KW_OCSPURI2
certuribase, KW_CERTURIBASE
left, KW_LEFT
+leftikeport, KW_LEFTIKEPORT
leftnexthop, KW_LEFTNEXTHOP
leftsubnet, KW_LEFTSUBNET
leftsubnetwithin, KW_LEFTSUBNETWITHIN
@@ -120,6 +121,7 @@ leftca, KW_LEFTCA
leftca2, KW_LEFTCA2
leftgroups, KW_LEFTGROUPS
right, KW_RIGHT
+rightikeport, KW_RIGHTIKEPORT
rightnexthop, KW_RIGHTNEXTHOP
rightsubnet, KW_RIGHTSUBNET
rightsubnetwithin, KW_RIGHTSUBNETWITHIN
diff --git a/src/starter/lex.yy.c b/src/starter/lex.yy.c
index 4596c0cc3..13bf87f0b 100644
--- a/src/starter/lex.yy.c
+++ b/src/starter/lex.yy.c
@@ -513,7 +513,8 @@ char *yytext;
#define MAX_INCLUDE_DEPTH 20
extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
static struct {
int stack_ptr;
@@ -557,6 +558,7 @@ void _parser_y_fini (void)
fclose(__parser_y_private.file[i]);
}
memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+ yylex_destroy();
}
int _parser_y_include (const char *filename)
@@ -617,7 +619,7 @@ int _parser_y_include (const char *filename)
return 0;
}
-#line 621 "lex.yy.c"
+#line 623 "lex.yy.c"
#define INITIAL 0
@@ -805,10 +807,10 @@ YY_DECL
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 133 "./parser.l"
+#line 135 "./parser.l"
-#line 812 "lex.yy.c"
+#line 814 "lex.yy.c"
if ( !(yy_init) )
{
@@ -893,7 +895,7 @@ do_action: /* This label is used only to access EOF actions. */
goto yy_find_action;
case YY_STATE_EOF(INITIAL):
-#line 135 "./parser.l"
+#line 137 "./parser.l"
{
if (__parser_y_private.filename[__parser_y_private.stack_ptr]) {
free(__parser_y_private.filename[__parser_y_private.stack_ptr]);
@@ -913,23 +915,23 @@ case YY_STATE_EOF(INITIAL):
YY_BREAK
case 1:
YY_RULE_SETUP
-#line 152 "./parser.l"
+#line 154 "./parser.l"
return FIRST_SPACES;
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 154 "./parser.l"
+#line 156 "./parser.l"
/* ignore spaces in line */ ;
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 156 "./parser.l"
+#line 158 "./parser.l"
return EQUAL;
YY_BREAK
case 4:
/* rule 4 can match eol */
YY_RULE_SETUP
-#line 158 "./parser.l"
+#line 160 "./parser.l"
{
__parser_y_private.line[__parser_y_private.stack_ptr]++;
return EOL;
@@ -937,37 +939,37 @@ YY_RULE_SETUP
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 163 "./parser.l"
+#line 165 "./parser.l"
return CONFIG;
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 164 "./parser.l"
+#line 166 "./parser.l"
return SETUP;
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 165 "./parser.l"
+#line 167 "./parser.l"
return CONN;
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 166 "./parser.l"
+#line 168 "./parser.l"
return CA;
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 167 "./parser.l"
+#line 169 "./parser.l"
return INCLUDE;
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 168 "./parser.l"
+#line 170 "./parser.l"
return FILE_VERSION;
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 170 "./parser.l"
+#line 172 "./parser.l"
{
yylval.s = strdup(yytext);
return STRING;
@@ -975,7 +977,7 @@ YY_RULE_SETUP
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 175 "./parser.l"
+#line 177 "./parser.l"
{
yylval.s = strdup(yytext+1);
if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0';
@@ -984,15 +986,15 @@ YY_RULE_SETUP
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 181 "./parser.l"
+#line 183 "./parser.l"
yyerror(yytext);
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 183 "./parser.l"
+#line 185 "./parser.l"
ECHO;
YY_BREAK
-#line 996 "lex.yy.c"
+#line 998 "lex.yy.c"
case YY_END_OF_BUFFER:
{
@@ -1954,7 +1956,7 @@ void yyfree (void * ptr )
#define YYTABLES_NAME "yytables"
-#line 183 "./parser.l"
+#line 185 "./parser.l"
diff --git a/src/starter/parser.l b/src/starter/parser.l
index 5857c0815..c45847c5c 100644
--- a/src/starter/parser.l
+++ b/src/starter/parser.l
@@ -24,7 +24,8 @@
#define MAX_INCLUDE_DEPTH 20
extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
static struct {
int stack_ptr;
@@ -68,6 +69,7 @@ void _parser_y_fini (void)
fclose(__parser_y_private.file[i]);
}
memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+ yylex_destroy();
}
int _parser_y_include (const char *filename)
diff --git a/src/starter/parser.y b/src/starter/parser.y
index 4533228c2..b0b1f6f21 100644
--- a/src/starter/parser.y
+++ b/src/starter/parser.y
@@ -156,21 +156,20 @@ statement_kw:
%%
-void
-yyerror(const char *s)
+void yyerror(const char *s)
{
if (_save_errors_)
_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
}
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
{
config_parsed_t *cfg = NULL;
int err = 0;
FILE *f;
- extern void _parser_y_init (const char *f);
+ extern void _parser_y_init(const char *f);
+ extern void _parser_y_fini(void);
extern FILE *yyin;
memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -231,11 +230,11 @@ parser_load_conf(const char *file)
cfg = NULL;
}
+ _parser_y_fini();
return cfg;
}
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
{
kw_list_t *elt;
@@ -248,8 +247,7 @@ parser_free_kwlist(kw_list_t *list)
}
}
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
{
section_list_t *sec;
if (cfg)
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 0aab76d43..50ef9c07b 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -28,6 +28,7 @@
#include <grp.h>
#include <freeswan.h>
+#include <library.h>
#include "../pluto/constants.h"
#include "../pluto/defs.h"
@@ -245,6 +246,9 @@ int main (int argc, char **argv)
log_to_stderr = TRUE;
base_debugging = DBG_NONE;
+ library_init(NULL);
+ atexit(library_deinit);
+
/* parse command line */
for (i = 1; i < argc; i++)
{
@@ -358,6 +362,7 @@ int main (int argc, char **argv)
if (stat(STARTER_PID_FILE, &stb) == 0)
{
plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
+ confread_free(cfg);
exit(LSB_RC_SUCCESS);
}
@@ -388,6 +393,7 @@ int main (int argc, char **argv)
plog("can't fork: %s", strerror(errno));
break;
default:
+ confread_free(cfg);
exit(LSB_RC_SUCCESS);
}
}
@@ -422,11 +428,8 @@ int main (int argc, char **argv)
confread_free(cfg);
unlink(STARTER_PID_FILE);
unlink(INFO_FILE);
-#ifdef LEAK_DETECTIVE
- report_leaks();
-#endif /* LEAK_DETECTIVE */
- close_log();
plog("ipsec starter stopped");
+ close_log();
exit(LSB_RC_SUCCESS);
}
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 665350c00..d877661ec 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -186,6 +186,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->updown = push_string(msg, conn_end->updown);
ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
msg_end->address = push_string(msg, buffer);
+ msg_end->ikeport = conn_end->ikeport;
msg_end->subnets = push_string(msg, conn_end->subnet);
msg_end->sourceip = push_string(msg, conn_end->sourceip);
msg_end->sourceip_mask = conn_end->sourceip_mask;
diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c
index 67916395f..527142a4e 100644
--- a/src/starter/starterwhack.c
+++ b/src/starter/starterwhack.c
@@ -91,6 +91,8 @@ static int send_whack_msg (whack_message_t *msg)
|| !pack_str(&msg->ike, &str_next, &str_roof)
|| !pack_str(&msg->esp, &str_next, &str_roof)
|| !pack_str(&msg->sc_data, &str_next, &str_roof)
+ || !pack_str(&msg->whack_lease_ip, &str_next, &str_roof)
+ || !pack_str(&msg->whack_lease_id, &str_next, &str_roof)
|| (str_roof - str_next < msg->keyval.len))
{
plog("send_wack_msg(): can't pack strings");
@@ -138,14 +140,12 @@ static void init_whack_msg(whack_message_t *msg)
msg->magic = WHACK_MAGIC;
}
-static char *connection_name(starter_conn_t *conn)
+static char *connection_name(starter_conn_t *conn, char *buf, size_t size)
{
/* if connection name is '%auto', create a new name like conn_xxxxx */
- static char buf[32];
-
if (streq(conn->name, "%auto"))
{
- sprintf(buf, "conn_%ld", conn->id);
+ snprintf(buf, size, "conn_%ld", conn->id);
return buf;
}
return conn->name;
@@ -161,7 +161,7 @@ static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family
w->has_client = end->has_client;
w->sourceip = end->sourceip;
w->sourceip_mask = end->sourceip_mask;
-
+
if (end->sourceip && end->sourceip_mask > 0)
{
ttoaddr(end->sourceip, 0, ip_version(end->sourceip), &w->host_srcip);
@@ -226,10 +226,11 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
{
const char *err;
static char keyspace[1024 + 4];
- char buf[ADDRTOT_BUF];
+ char buf[ADDRTOT_BUF], name[32];
whack_message_t msg;
init_whack_msg(&msg);
+ connection_name(conn, name, sizeof(name));
msg.whack_key = TRUE;
msg.pubkey_alg = PUBKEY_ALG_RSA;
@@ -246,7 +247,7 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len);
if (err)
{
- plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err);
+ plog("conn %s/%s: rsakey malformed [%s]", name, lr, err);
return 1;
}
if (end->id)
@@ -266,13 +267,14 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
int starter_whack_add_conn(starter_conn_t *conn)
{
+ char esp_buf[256], name[32];
whack_message_t msg;
int r;
init_whack_msg(&msg);
msg.whack_connection = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
msg.addr_family = conn->addr_family;
@@ -302,8 +304,6 @@ int starter_whack_add_conn(starter_conn_t *conn)
/* taken from pluto/whack.c */
if (msg.pfsgroup)
{
- char esp_buf[256];
-
snprintf(esp_buf, sizeof (esp_buf), "%s;%s"
, msg.esp ? msg.esp : ""
, msg.pfsgroup ? msg.pfsgroup : "");
@@ -331,32 +331,35 @@ int starter_whack_add_conn(starter_conn_t *conn)
int starter_whack_del_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_delete = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
int starter_whack_route_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_route = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
int starter_whack_initiate_conn(starter_conn_t *conn)
{
+ char name[32];
whack_message_t msg;
init_whack_msg(&msg);
msg.whack_initiate = TRUE;
msg.whack_async = TRUE;
- msg.name = connection_name(conn);
+ msg.name = connection_name(conn, name, sizeof(name));
return send_whack_msg(&msg);
}
diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c
index b78c1b1f9..504b5589e 100644
--- a/src/starter/y.tab.c
+++ b/src/starter/y.tab.c
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3. */
-/* Skeleton implementation for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1. */
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
+
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -29,7 +28,7 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
-
+
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
@@ -47,7 +46,7 @@
#define YYBISON 1
/* Bison version. */
-#define YYBISON_VERSION "2.3"
+#define YYBISON_VERSION "2.4.1"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@@ -55,45 +54,20 @@
/* Pure parsers. */
#define YYPURE 0
-/* Using locations. */
-#define YYLSP_NEEDED 0
-
+/* Push parsers. */
+#define YYPUSH 0
+/* Pull parsers. */
+#define YYPULL 1
-/* Tokens. */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
- /* Put the tokens into the symbol table, so that GDB and other debuggers
- know about them. */
- enum yytokentype {
- EQUAL = 258,
- FIRST_SPACES = 259,
- EOL = 260,
- CONFIG = 261,
- SETUP = 262,
- CONN = 263,
- CA = 264,
- INCLUDE = 265,
- FILE_VERSION = 266,
- STRING = 267
- };
-#endif
-/* Tokens. */
-#define EQUAL 258
-#define FIRST_SPACES 259
-#define EOL 260
-#define CONFIG 261
-#define SETUP 262
-#define CONN 263
-#define CA 264
-#define INCLUDE 265
-#define FILE_VERSION 266
-#define STRING 267
-
+/* Using locations. */
+#define YYLSP_NEEDED 0
/* Copy the first part of user declarations. */
+
+/* Line 189 of yacc.c */
#line 1 "./parser.y"
/* strongSwan config file parser (parser.y)
@@ -148,6 +122,9 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
+/* Line 189 of yacc.c */
+#line 127 "y.tab.c"
+
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
@@ -166,25 +143,63 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
# define YYTOKEN_TABLE 0
#endif
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ EQUAL = 258,
+ FIRST_SPACES = 259,
+ EOL = 260,
+ CONFIG = 261,
+ SETUP = 262,
+ CONN = 263,
+ CA = 264,
+ INCLUDE = 265,
+ FILE_VERSION = 266,
+ STRING = 267
+ };
+#endif
+/* Tokens. */
+#define EQUAL 258
+#define FIRST_SPACES 259
+#define EOL 260
+#define CONFIG 261
+#define SETUP 262
+#define CONN 263
+#define CA 264
+#define INCLUDE 265
+#define FILE_VERSION 266
+#define STRING 267
+
+
+
+
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
+{
+
+/* Line 214 of yacc.c */
#line 54 "./parser.y"
-{ char *s; }
-/* Line 187 of yacc.c. */
-#line 175 "y.tab.c"
- YYSTYPE;
+ char *s;
+
+
+/* Line 214 of yacc.c */
+#line 191 "y.tab.c"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
#endif
-
/* Copy the second part of user declarations. */
-/* Line 216 of yacc.c. */
-#line 188 "y.tab.c"
+/* Line 264 of yacc.c */
+#line 203 "y.tab.c"
#ifdef short
# undef short
@@ -259,14 +274,14 @@ typedef short int yytype_int16;
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
static int
-YYID (int i)
+YYID (int yyi)
#else
static int
-YYID (i)
- int i;
+YYID (yyi)
+ int yyi;
#endif
{
- return i;
+ return yyi;
}
#endif
@@ -347,9 +362,9 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */
/* A type that is properly aligned for any stack member. */
union yyalloc
{
- yytype_int16 yyss;
- YYSTYPE yyvs;
- };
+ yytype_int16 yyss_alloc;
+ YYSTYPE yyvs_alloc;
+};
/* The size of the maximum gap between one aligned stack and the next. */
# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
@@ -383,12 +398,12 @@ union yyalloc
elements in the stack, and YYPTR gives the new location of the
stack. Advance YYPTR to a properly aligned location for the next
stack. */
-# define YYSTACK_RELOCATE(Stack) \
+# define YYSTACK_RELOCATE(Stack_alloc, Stack) \
do \
{ \
YYSIZE_T yynewbytes; \
- YYCOPY (&yyptr->Stack, Stack, yysize); \
- Stack = &yyptr->Stack; \
+ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
+ Stack = &yyptr->Stack_alloc; \
yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
yyptr += yynewbytes / sizeof (*yyptr); \
} \
@@ -484,7 +499,7 @@ static const char *const yytname[] =
{
"$end", "error", "$undefined", "EQUAL", "FIRST_SPACES", "EOL", "CONFIG",
"SETUP", "CONN", "CA", "INCLUDE", "FILE_VERSION", "STRING", "$accept",
- "config_file", "section_or_include", "@1", "@2", "@3", "@4",
+ "config_file", "section_or_include", "$@1", "$@2", "$@3", "$@4",
"kw_section", "statement_kw", 0
};
#endif
@@ -758,17 +773,20 @@ yy_symbol_print (yyoutput, yytype, yyvaluep)
#if (defined __STDC__ || defined __C99__FUNC__ \
|| defined __cplusplus || defined _MSC_VER)
static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
#else
static void
-yy_stack_print (bottom, top)
- yytype_int16 *bottom;
- yytype_int16 *top;
+yy_stack_print (yybottom, yytop)
+ yytype_int16 *yybottom;
+ yytype_int16 *yytop;
#endif
{
YYFPRINTF (stderr, "Stack now");
- for (; bottom <= top; ++bottom)
- YYFPRINTF (stderr, " %d", *bottom);
+ for (; yybottom <= yytop; yybottom++)
+ {
+ int yybot = *yybottom;
+ YYFPRINTF (stderr, " %d", yybot);
+ }
YYFPRINTF (stderr, "\n");
}
@@ -802,11 +820,11 @@ yy_reduce_print (yyvsp, yyrule)
/* The symbols being reduced. */
for (yyi = 0; yyi < yynrhs; yyi++)
{
- fprintf (stderr, " $%d = ", yyi + 1);
+ YYFPRINTF (stderr, " $%d = ", yyi + 1);
yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
&(yyvsp[(yyi + 1) - (yynrhs)])
);
- fprintf (stderr, "\n");
+ YYFPRINTF (stderr, "\n");
}
}
@@ -1086,10 +1104,8 @@ yydestruct (yymsg, yytype, yyvaluep)
break;
}
}
-
/* Prevent warnings from -Wmissing-prototypes. */
-
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
@@ -1105,11 +1121,10 @@ int yyparse ();
#endif /* ! YYPARSE_PARAM */
-
-/* The look-ahead symbol. */
+/* The lookahead symbol. */
int yychar;
-/* The semantic value of the look-ahead symbol. */
+/* The semantic value of the lookahead symbol. */
YYSTYPE yylval;
/* Number of syntax errors so far. */
@@ -1117,9 +1132,9 @@ int yynerrs;
-/*----------.
-| yyparse. |
-`----------*/
+/*-------------------------.
+| yyparse or yypush_parse. |
+`-------------------------*/
#ifdef YYPARSE_PARAM
#if (defined __STDC__ || defined __C99__FUNC__ \
@@ -1143,66 +1158,68 @@ yyparse ()
#endif
#endif
{
-
- int yystate;
- int yyn;
- int yyresult;
- /* Number of tokens to shift before error messages enabled. */
- int yyerrstatus;
- /* Look-ahead token as an internal (translated) token number. */
- int yytoken = 0;
-#if YYERROR_VERBOSE
- /* Buffer for error messages, and its allocated size. */
- char yymsgbuf[128];
- char *yymsg = yymsgbuf;
- YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
- /* Three stacks and their tools:
- `yyss': related to states,
- `yyvs': related to semantic values,
- `yyls': related to locations.
- Refer to the stacks thru separate pointers, to allow yyoverflow
- to reallocate them elsewhere. */
+ int yystate;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
- /* The state stack. */
- yytype_int16 yyssa[YYINITDEPTH];
- yytype_int16 *yyss = yyssa;
- yytype_int16 *yyssp;
+ /* The stacks and their tools:
+ `yyss': related to states.
+ `yyvs': related to semantic values.
- /* The semantic value stack. */
- YYSTYPE yyvsa[YYINITDEPTH];
- YYSTYPE *yyvs = yyvsa;
- YYSTYPE *yyvsp;
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss;
+ yytype_int16 *yyssp;
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs;
+ YYSTYPE *yyvsp;
-#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
-
- YYSIZE_T yystacksize = YYINITDEPTH;
+ YYSIZE_T yystacksize;
+ int yyn;
+ int yyresult;
+ /* Lookahead token as an internal (translated) token number. */
+ int yytoken;
/* The variables used to return semantic value and location from the
action routines. */
YYSTYPE yyval;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
/* The number of symbols on the RHS of the reduced rule.
Keep to zero when no symbol should be popped. */
int yylen = 0;
+ yytoken = 0;
+ yyss = yyssa;
+ yyvs = yyvsa;
+ yystacksize = YYINITDEPTH;
+
YYDPRINTF ((stderr, "Starting parse\n"));
yystate = 0;
yyerrstatus = 0;
yynerrs = 0;
- yychar = YYEMPTY; /* Cause a token to be read. */
+ yychar = YYEMPTY; /* Cause a token to be read. */
/* Initialize stack pointers.
Waste one element of value and location stack
so that they stay on the same level as the state stack.
The wasted elements are never initialized. */
-
yyssp = yyss;
yyvsp = yyvs;
@@ -1232,7 +1249,6 @@ yyparse ()
YYSTYPE *yyvs1 = yyvs;
yytype_int16 *yyss1 = yyss;
-
/* Each stack pointer address is followed by the size of the
data in use in that stack, in bytes. This used to be a
conditional around just the two extra args, but that might
@@ -1240,7 +1256,6 @@ yyparse ()
yyoverflow (YY_("memory exhausted"),
&yyss1, yysize * sizeof (*yyssp),
&yyvs1, yysize * sizeof (*yyvsp),
-
&yystacksize);
yyss = yyss1;
@@ -1263,9 +1278,8 @@ yyparse ()
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
goto yyexhaustedlab;
- YYSTACK_RELOCATE (yyss);
- YYSTACK_RELOCATE (yyvs);
-
+ YYSTACK_RELOCATE (yyss_alloc, yyss);
+ YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# undef YYSTACK_RELOCATE
if (yyss1 != yyssa)
YYSTACK_FREE (yyss1);
@@ -1276,7 +1290,6 @@ yyparse ()
yyssp = yyss + yysize - 1;
yyvsp = yyvs + yysize - 1;
-
YYDPRINTF ((stderr, "Stack size increased to %lu\n",
(unsigned long int) yystacksize));
@@ -1286,6 +1299,9 @@ yyparse ()
YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+ if (yystate == YYFINAL)
+ YYACCEPT;
+
goto yybackup;
/*-----------.
@@ -1294,16 +1310,16 @@ yyparse ()
yybackup:
/* Do appropriate processing given the current state. Read a
- look-ahead token if we need one and don't already have one. */
+ lookahead token if we need one and don't already have one. */
- /* First try to decide what to do without reference to look-ahead token. */
+ /* First try to decide what to do without reference to lookahead token. */
yyn = yypact[yystate];
if (yyn == YYPACT_NINF)
goto yydefault;
- /* Not known => get a look-ahead token if don't already have one. */
+ /* Not known => get a lookahead token if don't already have one. */
- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
if (yychar == YYEMPTY)
{
YYDPRINTF ((stderr, "Reading a token: "));
@@ -1335,20 +1351,16 @@ yybackup:
goto yyreduce;
}
- if (yyn == YYFINAL)
- YYACCEPT;
-
/* Count tokens shifted since error; after three, turn off error
status. */
if (yyerrstatus)
yyerrstatus--;
- /* Shift the look-ahead token. */
+ /* Shift the lookahead token. */
YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
- /* Discard the shifted token unless it is eof. */
- if (yychar != YYEOF)
- yychar = YYEMPTY;
+ /* Discard the shifted token. */
+ yychar = YYEMPTY;
yystate = yyn;
*++yyvsp = yylval;
@@ -1388,6 +1400,8 @@ yyreduce:
switch (yyn)
{
case 4:
+
+/* Line 1455 of yacc.c */
#line 71 "./parser.y"
{
free((yyvsp[(2) - (3)].s));
@@ -1395,6 +1409,8 @@ yyreduce:
break;
case 5:
+
+/* Line 1455 of yacc.c */
#line 75 "./parser.y"
{
_parser_kw = &(_parser_cfg->config_setup);
@@ -1403,6 +1419,8 @@ yyreduce:
break;
case 7:
+
+/* Line 1455 of yacc.c */
#line 80 "./parser.y"
{
section_list_t *section = malloc_thing(section_list_t);
@@ -1422,6 +1440,8 @@ yyreduce:
break;
case 9:
+
+/* Line 1455 of yacc.c */
#line 96 "./parser.y"
{
section_list_t *section = malloc_thing(section_list_t);
@@ -1440,6 +1460,8 @@ yyreduce:
break;
case 11:
+
+/* Line 1455 of yacc.c */
#line 111 "./parser.y"
{
extern void _parser_y_include (const char *f);
@@ -1449,6 +1471,8 @@ yyreduce:
break;
case 16:
+
+/* Line 1455 of yacc.c */
#line 126 "./parser.y"
{
kw_list_t *new;
@@ -1477,6 +1501,8 @@ yyreduce:
break;
case 17:
+
+/* Line 1455 of yacc.c */
#line 151 "./parser.y"
{
free((yyvsp[(1) - (2)].s));
@@ -1484,8 +1510,9 @@ yyreduce:
break;
-/* Line 1267 of yacc.c. */
-#line 1489 "y.tab.c"
+
+/* Line 1455 of yacc.c */
+#line 1516 "y.tab.c"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -1496,7 +1523,6 @@ yyreduce:
*++yyvsp = yyval;
-
/* Now `shift' the result of the reduction. Determine what state
that goes to, based on the state we popped back to and the rule
number reduced by. */
@@ -1561,7 +1587,7 @@ yyerrlab:
if (yyerrstatus == 3)
{
- /* If just tried and failed to reuse look-ahead token after an
+ /* If just tried and failed to reuse lookahead token after an
error, discard it. */
if (yychar <= YYEOF)
@@ -1578,7 +1604,7 @@ yyerrlab:
}
}
- /* Else will try to reuse look-ahead token after shifting the error
+ /* Else will try to reuse lookahead token after shifting the error
token. */
goto yyerrlab1;
@@ -1635,9 +1661,6 @@ yyerrlab1:
YY_STACK_PRINT (yyss, yyssp);
}
- if (yyn == YYFINAL)
- YYACCEPT;
-
*++yyvsp = yylval;
@@ -1662,7 +1685,7 @@ yyabortlab:
yyresult = 1;
goto yyreturn;
-#ifndef yyoverflow
+#if !defined(yyoverflow) || YYERROR_VERBOSE
/*-------------------------------------------------.
| yyexhaustedlab -- memory exhaustion comes here. |
`-------------------------------------------------*/
@@ -1673,7 +1696,7 @@ yyexhaustedlab:
#endif
yyreturn:
- if (yychar != YYEOF && yychar != YYEMPTY)
+ if (yychar != YYEMPTY)
yydestruct ("Cleanup: discarding lookahead",
yytoken, &yylval);
/* Do not reclaim the symbols of the rule which action triggered
@@ -1699,24 +1722,25 @@ yyreturn:
}
+
+/* Line 1675 of yacc.c */
#line 157 "./parser.y"
-void
-yyerror(const char *s)
+void yyerror(const char *s)
{
if (_save_errors_)
_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
}
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
{
config_parsed_t *cfg = NULL;
int err = 0;
FILE *f;
- extern void _parser_y_init (const char *f);
+ extern void _parser_y_init(const char *f);
+ extern void _parser_y_fini(void);
extern FILE *yyin;
memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -1777,11 +1801,11 @@ parser_load_conf(const char *file)
cfg = NULL;
}
+ _parser_y_fini();
return cfg;
}
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
{
kw_list_t *elt;
@@ -1794,8 +1818,7 @@ parser_free_kwlist(kw_list_t *list)
}
}
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
{
section_list_t *sec;
if (cfg)
diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h
index 871de1e97..caf6ea172 100644
--- a/src/starter/y.tab.h
+++ b/src/starter/y.tab.h
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3. */
-/* Skeleton interface for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1. */
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
+
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA. */
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@@ -29,10 +28,11 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
-
+
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
+
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
@@ -68,15 +68,21 @@
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
+{
+
+/* Line 1676 of yacc.c */
#line 54 "./parser.y"
-{ char *s; }
-/* Line 1489 of yacc.c. */
-#line 75 "y.tab.h"
- YYSTYPE;
+ char *s;
+
+
+/* Line 1676 of yacc.c */
+#line 80 "y.tab.h"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
#endif
extern YYSTYPE yylval;
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 11:18:57 +0000