summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-02 03:31:21 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-06-02 03:31:21 +0000
commit16ce5c8c14e5018230e2d16b15cf8b9bd79208f9 (patch)
tree406419304a60e78073e70afe38769fb37ff738db
parentd6469f3c92ace85543048a57cebdf94b2f355dd3 (diff)
Generalize parsing of main/quick mode specification. Preparation
for lifetime support.
-rw-r--r--sbin/ipsecctl/ipsecctl.h7
-rw-r--r--sbin/ipsecctl/parse.y62
2 files changed, 49 insertions, 20 deletions
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 10da1082db6..6e5a367c138 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.44 2006/06/02 00:33:47 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.45 2006/06/02 03:31:20 hshoexer Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -139,6 +139,11 @@ struct ipsec_life {
int lifevolume;
};
+struct ike_mode {
+ struct ipsec_transforms *xfs;
+ struct ipsec_life *life;
+};
+
extern const struct ipsec_xf authxfs[];
extern const struct ipsec_xf encxfs[];
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 557eacc4479..9afe9c857c6 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.90 2006/06/02 00:33:47 hshoexer Exp $ */
+/* $OpenBSD: parse.y,v 1.91 2006/06/02 03:31:20 hshoexer Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -231,9 +231,9 @@ typedef struct {
struct ipsec_key *keyin;
} keys;
struct ipsec_transforms *transforms;
- struct ipsec_transforms *mmxfs;
- struct ipsec_transforms *qmxfs;
struct ipsec_life *life;
+ struct ike_mode *mainmode;
+ struct ike_mode *quickmode;
} v;
int lineno;
} YYSTYPE;
@@ -263,12 +263,12 @@ typedef struct {
%type <v.enckeys> enckeyspec
%type <v.keys> keyspec
%type <v.transforms> transforms
-%type <v.mmxfs> mmxfs
-%type <v.qmxfs> qmxfs
%type <v.ikemode> ikemode
%type <v.ikeauth> ikeauth
%type <v.type> type
%type <v.life> life
+%type <v.mainmode> mainmode
+%type <v.quickmode> quickmode
%%
grammar : /* empty */
@@ -346,12 +346,12 @@ flowrule : FLOW satype dir proto hosts peers ids type {
}
;
-ikerule : IKE ikemode satype proto hosts peers mmxfs life qmxfs life
+ikerule : IKE ikemode satype proto hosts peers mainmode quickmode
ids ikeauth {
struct ipsec_rule *r;
r = create_ike($4, $5.src, $5.dst, $6.local, $6.peer,
- $7, $9, $3, $2, $11.srcid, $11.dstid, &$12);
+ $7->xfs, $8->xfs, $3, $2, $9.srcid, $9.dstid, &$10);
if (r == NULL)
YYERROR;
r->nr = ipsec->rule_nr++;
@@ -655,28 +655,52 @@ transform : AUTHXF STRING {
}
;
-mmxfs : /* empty */ {
- struct ipsec_transforms *xfs;
+mainmode : /* empty */ {
+ struct ike_mode *mm;
+ struct ipsec_transforms *xfs;
- /* We create just an empty transform */
+ /* We create just an empty mode */
+ if ((mm = calloc(1, sizeof(struct ike_mode))) == NULL)
+ err(1, "mainmode: calloc");
+ /* And an empty transform */
if ((xfs = calloc(1, sizeof(struct ipsec_transforms)))
== NULL)
- err(1, "mmxfs: calloc");
- $$ = xfs;
+ err(1, "mainmode: calloc");
+ mm->xfs = xfs;
+ $$ = mm;
+ }
+ | MAIN transforms life {
+ struct ike_mode *mm;
+
+ if ((mm = calloc(1, sizeof(struct ike_mode))) == NULL)
+ err(1, "mainmode: calloc");
+ mm->xfs = $2;
+ $$ = mm;
}
- | MAIN transforms { $$ = $2; }
;
-qmxfs : /* empty */ {
- struct ipsec_transforms *xfs;
+quickmode : /* empty */ {
+ struct ike_mode *qm;
+ struct ipsec_transforms *xfs;
- /* We create just an empty transform */
+ /* We create just an empty mode */
+ if ((qm = calloc(1, sizeof(struct ike_mode))) == NULL)
+ err(1, "quickmode: calloc");
+ /* And an empty transform */
if ((xfs = calloc(1, sizeof(struct ipsec_transforms)))
== NULL)
- err(1, "qmxfs: calloc");
- $$ = xfs;
+ err(1, "mainmode: calloc");
+ qm->xfs = xfs;
+ $$ = qm;
+ }
+ | QUICK transforms life {
+ struct ike_mode *qm;
+
+ if ((qm = calloc(1, sizeof(struct ike_mode))) == NULL)
+ err(1, "quickmode: calloc");
+ qm->xfs = $2;
+ $$ = qm;
}
- | QUICK transforms { $$ = $2; }
;
life : /* empty */ {