GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
Line | Branch | Exec | Source |
1 |
#include <stdlib.h> |
||
2 |
#include <string.h> |
||
3 |
#define YYBYACC 1 |
||
4 |
#define YYMAJOR 1 |
||
5 |
#define YYMINOR 9 |
||
6 |
#define YYLEX yylex() |
||
7 |
#define YYEMPTY -1 |
||
8 |
#define yyclearin (yychar=(YYEMPTY)) |
||
9 |
#define yyerrok (yyerrflag=0) |
||
10 |
#define YYRECOVERING() (yyerrflag!=0) |
||
11 |
#define YYPREFIX "yy" |
||
12 |
#line 30 "parse.y" |
||
13 |
#include <sys/types.h> |
||
14 |
#include <sys/socket.h> |
||
15 |
#include <sys/stat.h> |
||
16 |
#include <net/if.h> |
||
17 |
#include <netinet/in.h> |
||
18 |
#include <netinet/ip.h> |
||
19 |
#include <netinet/ip_icmp.h> |
||
20 |
#include <netinet/icmp6.h> |
||
21 |
#include <net/pfvar.h> |
||
22 |
#include <arpa/inet.h> |
||
23 |
|||
24 |
#include <stdio.h> |
||
25 |
#include <unistd.h> |
||
26 |
#include <stdlib.h> |
||
27 |
#include <netdb.h> |
||
28 |
#include <stdarg.h> |
||
29 |
#include <errno.h> |
||
30 |
#include <string.h> |
||
31 |
#include <ctype.h> |
||
32 |
#include <math.h> |
||
33 |
#include <err.h> |
||
34 |
#include <limits.h> |
||
35 |
#include <pwd.h> |
||
36 |
#include <grp.h> |
||
37 |
#include <md5.h> |
||
38 |
|||
39 |
#include "pfctl_parser.h" |
||
40 |
#include "pfctl.h" |
||
41 |
|||
42 |
static struct pfctl *pf = NULL; |
||
43 |
static int debug = 0; |
||
44 |
static u_int16_t returnicmpdefault = |
||
45 |
(ICMP_UNREACH << 8) | ICMP_UNREACH_PORT; |
||
46 |
static u_int16_t returnicmp6default = |
||
47 |
(ICMP6_DST_UNREACH << 8) | ICMP6_DST_UNREACH_NOPORT; |
||
48 |
static int blockpolicy = PFRULE_DROP; |
||
49 |
static int default_statelock; |
||
50 |
|||
51 |
TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files); |
||
52 |
static struct file { |
||
53 |
TAILQ_ENTRY(file) entry; |
||
54 |
FILE *stream; |
||
55 |
char *name; |
||
56 |
int lineno; |
||
57 |
int errors; |
||
58 |
} *file; |
||
59 |
struct file *pushfile(const char *, int); |
||
60 |
int popfile(void); |
||
61 |
int check_file_secrecy(int, const char *); |
||
62 |
int yyparse(void); |
||
63 |
int yylex(void); |
||
64 |
int yyerror(const char *, ...); |
||
65 |
int kw_cmp(const void *, const void *); |
||
66 |
int lookup(char *); |
||
67 |
int lgetc(int); |
||
68 |
int lungetc(int); |
||
69 |
int findeol(void); |
||
70 |
|||
71 |
TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead); |
||
72 |
struct sym { |
||
73 |
TAILQ_ENTRY(sym) entry; |
||
74 |
int used; |
||
75 |
int persist; |
||
76 |
char *nam; |
||
77 |
char *val; |
||
78 |
}; |
||
79 |
int symset(const char *, const char *, int); |
||
80 |
char *symget(const char *); |
||
81 |
|||
82 |
int atoul(char *, u_long *); |
||
83 |
|||
84 |
struct node_proto { |
||
85 |
u_int8_t proto; |
||
86 |
struct node_proto *next; |
||
87 |
struct node_proto *tail; |
||
88 |
}; |
||
89 |
|||
90 |
struct node_port { |
||
91 |
u_int16_t port[2]; |
||
92 |
u_int8_t op; |
||
93 |
struct node_port *next; |
||
94 |
struct node_port *tail; |
||
95 |
}; |
||
96 |
|||
97 |
struct node_uid { |
||
98 |
uid_t uid[2]; |
||
99 |
u_int8_t op; |
||
100 |
struct node_uid *next; |
||
101 |
struct node_uid *tail; |
||
102 |
}; |
||
103 |
|||
104 |
struct node_gid { |
||
105 |
gid_t gid[2]; |
||
106 |
u_int8_t op; |
||
107 |
struct node_gid *next; |
||
108 |
struct node_gid *tail; |
||
109 |
}; |
||
110 |
|||
111 |
struct node_icmp { |
||
112 |
u_int8_t code; |
||
113 |
u_int8_t type; |
||
114 |
u_int8_t proto; |
||
115 |
struct node_icmp *next; |
||
116 |
struct node_icmp *tail; |
||
117 |
}; |
||
118 |
|||
119 |
enum { PF_STATE_OPT_MAX, PF_STATE_OPT_NOSYNC, PF_STATE_OPT_SRCTRACK, |
||
120 |
PF_STATE_OPT_MAX_SRC_STATES, PF_STATE_OPT_MAX_SRC_CONN, |
||
121 |
PF_STATE_OPT_MAX_SRC_CONN_RATE, PF_STATE_OPT_MAX_SRC_NODES, |
||
122 |
PF_STATE_OPT_OVERLOAD, PF_STATE_OPT_STATELOCK, |
||
123 |
PF_STATE_OPT_TIMEOUT, PF_STATE_OPT_SLOPPY, |
||
124 |
PF_STATE_OPT_PFLOW }; |
||
125 |
|||
126 |
enum { PF_SRCTRACK_NONE, PF_SRCTRACK, PF_SRCTRACK_GLOBAL, PF_SRCTRACK_RULE }; |
||
127 |
|||
128 |
struct node_state_opt { |
||
129 |
int type; |
||
130 |
union { |
||
131 |
u_int32_t max_states; |
||
132 |
u_int32_t max_src_states; |
||
133 |
u_int32_t max_src_conn; |
||
134 |
struct { |
||
135 |
u_int32_t limit; |
||
136 |
u_int32_t seconds; |
||
137 |
} max_src_conn_rate; |
||
138 |
struct { |
||
139 |
u_int8_t flush; |
||
140 |
char tblname[PF_TABLE_NAME_SIZE]; |
||
141 |
} overload; |
||
142 |
u_int32_t max_src_nodes; |
||
143 |
u_int8_t src_track; |
||
144 |
u_int32_t statelock; |
||
145 |
struct { |
||
146 |
int number; |
||
147 |
u_int32_t seconds; |
||
148 |
} timeout; |
||
149 |
} data; |
||
150 |
struct node_state_opt *next; |
||
151 |
struct node_state_opt *tail; |
||
152 |
}; |
||
153 |
|||
154 |
struct peer { |
||
155 |
struct node_host *host; |
||
156 |
struct node_port *port; |
||
157 |
}; |
||
158 |
|||
159 |
struct node_queue { |
||
160 |
char queue[PF_QNAME_SIZE]; |
||
161 |
char parent[PF_QNAME_SIZE]; |
||
162 |
char ifname[IFNAMSIZ]; |
||
163 |
int scheduler; |
||
164 |
struct node_queue *next; |
||
165 |
struct node_queue *tail; |
||
166 |
}; |
||
167 |
|||
168 |
struct node_qassign { |
||
169 |
char *qname; |
||
170 |
char *pqname; |
||
171 |
}; |
||
172 |
|||
173 |
struct range { |
||
174 |
int a; |
||
175 |
int b; |
||
176 |
int t; |
||
177 |
}; |
||
178 |
struct redirection { |
||
179 |
struct node_host *host; |
||
180 |
struct range rport; |
||
181 |
}; |
||
182 |
|||
183 |
struct pool_opts { |
||
184 |
int marker; |
||
185 |
#define POM_TYPE 0x01 |
||
186 |
#define POM_STICKYADDRESS 0x02 |
||
187 |
u_int8_t opts; |
||
188 |
int type; |
||
189 |
int staticport; |
||
190 |
struct pf_poolhashkey *key; |
||
191 |
|||
192 |
} pool_opts; |
||
193 |
|||
194 |
struct divertspec { |
||
195 |
struct node_host *addr; |
||
196 |
u_int16_t port; |
||
197 |
}; |
||
198 |
|||
199 |
struct redirspec { |
||
200 |
struct redirection *rdr; |
||
201 |
struct pool_opts pool_opts; |
||
202 |
int binat; |
||
203 |
int af; |
||
204 |
}; |
||
205 |
|||
206 |
struct filter_opts { |
||
207 |
int marker; |
||
208 |
#define FOM_FLAGS 0x0001 |
||
209 |
#define FOM_ICMP 0x0002 |
||
210 |
#define FOM_TOS 0x0004 |
||
211 |
#define FOM_KEEP 0x0008 |
||
212 |
#define FOM_SRCTRACK 0x0010 |
||
213 |
#define FOM_MINTTL 0x0020 |
||
214 |
#define FOM_MAXMSS 0x0040 |
||
215 |
#define FOM_AFTO 0x0080 |
||
216 |
#define FOM_SETTOS 0x0100 |
||
217 |
#define FOM_SCRUB_TCP 0x0200 |
||
218 |
#define FOM_SETPRIO 0x0400 |
||
219 |
#define FOM_ONCE 0x1000 |
||
220 |
#define FOM_PRIO 0x2000 |
||
221 |
struct node_uid *uid; |
||
222 |
struct node_gid *gid; |
||
223 |
struct node_if *rcv; |
||
224 |
struct { |
||
225 |
u_int8_t b1; |
||
226 |
u_int8_t b2; |
||
227 |
u_int16_t w; |
||
228 |
u_int16_t w2; |
||
229 |
} flags; |
||
230 |
struct node_icmp *icmpspec; |
||
231 |
u_int32_t tos; |
||
232 |
u_int32_t prob; |
||
233 |
struct { |
||
234 |
int action; |
||
235 |
struct node_state_opt *options; |
||
236 |
} keep; |
||
237 |
int fragment; |
||
238 |
int allowopts; |
||
239 |
char *label; |
||
240 |
struct node_qassign queues; |
||
241 |
char *tag; |
||
242 |
char *match_tag; |
||
243 |
u_int8_t match_tag_not; |
||
244 |
u_int rtableid; |
||
245 |
u_int8_t prio; |
||
246 |
u_int8_t set_prio[2]; |
||
247 |
struct divertspec divert; |
||
248 |
struct divertspec divert_packet; |
||
249 |
struct redirspec nat; |
||
250 |
struct redirspec rdr; |
||
251 |
struct redirspec rroute; |
||
252 |
|||
253 |
/* scrub opts */ |
||
254 |
int nodf; |
||
255 |
int minttl; |
||
256 |
int settos; |
||
257 |
int randomid; |
||
258 |
int max_mss; |
||
259 |
|||
260 |
/* route opts */ |
||
261 |
struct { |
||
262 |
struct node_host *host; |
||
263 |
u_int8_t rt; |
||
264 |
u_int8_t pool_opts; |
||
265 |
sa_family_t af; |
||
266 |
struct pf_poolhashkey *key; |
||
267 |
} route; |
||
268 |
} filter_opts; |
||
269 |
|||
270 |
struct antispoof_opts { |
||
271 |
char *label; |
||
272 |
u_int rtableid; |
||
273 |
} antispoof_opts; |
||
274 |
|||
275 |
struct scrub_opts { |
||
276 |
int marker; |
||
277 |
int nodf; |
||
278 |
int minttl; |
||
279 |
int maxmss; |
||
280 |
int settos; |
||
281 |
int randomid; |
||
282 |
int reassemble_tcp; |
||
283 |
} scrub_opts; |
||
284 |
|||
285 |
struct node_sc { |
||
286 |
struct node_queue_bw m1; |
||
287 |
u_int d; |
||
288 |
struct node_queue_bw m2; |
||
289 |
}; |
||
290 |
|||
291 |
struct node_fq { |
||
292 |
u_int flows; |
||
293 |
u_int quantum; |
||
294 |
u_int target; |
||
295 |
u_int interval; |
||
296 |
}; |
||
297 |
|||
298 |
struct queue_opts { |
||
299 |
int marker; |
||
300 |
#define QOM_BWSPEC 0x01 |
||
301 |
#define QOM_PARENT 0x02 |
||
302 |
#define QOM_DEFAULT 0x04 |
||
303 |
#define QOM_QLIMIT 0x08 |
||
304 |
#define QOM_FLOWS 0x10 |
||
305 |
#define QOM_QUANTUM 0x20 |
||
306 |
struct node_sc realtime; |
||
307 |
struct node_sc linkshare; |
||
308 |
struct node_sc upperlimit; |
||
309 |
struct node_fq flowqueue; |
||
310 |
char *parent; |
||
311 |
int flags; |
||
312 |
u_int qlimit; |
||
313 |
} queue_opts; |
||
314 |
|||
315 |
struct table_opts { |
||
316 |
int flags; |
||
317 |
int init_addr; |
||
318 |
struct node_tinithead init_nodes; |
||
319 |
} table_opts; |
||
320 |
|||
321 |
struct node_hfsc_opts hfsc_opts; |
||
322 |
struct node_state_opt *keep_state_defaults = NULL; |
||
323 |
|||
324 |
int disallow_table(struct node_host *, const char *); |
||
325 |
int disallow_urpf_failed(struct node_host *, const char *); |
||
326 |
int disallow_alias(struct node_host *, const char *); |
||
327 |
int rule_consistent(struct pf_rule *, int); |
||
328 |
int process_tabledef(char *, struct table_opts *, int); |
||
329 |
void expand_label_str(char *, size_t, const char *, const char *); |
||
330 |
void expand_label_if(const char *, char *, size_t, const char *); |
||
331 |
void expand_label_addr(const char *, char *, size_t, u_int8_t, |
||
332 |
struct node_host *); |
||
333 |
void expand_label_port(const char *, char *, size_t, |
||
334 |
struct node_port *); |
||
335 |
void expand_label_proto(const char *, char *, size_t, u_int8_t); |
||
336 |
void expand_label_nr(const char *, char *, size_t); |
||
337 |
void expand_label(char *, size_t, const char *, u_int8_t, |
||
338 |
struct node_host *, struct node_port *, struct node_host *, |
||
339 |
struct node_port *, u_int8_t); |
||
340 |
int expand_divertspec(struct pf_rule *, struct divertspec *); |
||
341 |
int collapse_redirspec(struct pf_pool *, struct pf_rule *, |
||
342 |
struct redirspec *rs, u_int8_t); |
||
343 |
int apply_redirspec(struct pf_pool *, struct pf_rule *, |
||
344 |
struct redirspec *, int, struct node_port *); |
||
345 |
void expand_rule(struct pf_rule *, int, struct node_if *, |
||
346 |
struct redirspec *, struct redirspec *, struct redirspec *, |
||
347 |
struct node_proto *, |
||
348 |
struct node_os *, struct node_host *, struct node_port *, |
||
349 |
struct node_host *, struct node_port *, struct node_uid *, |
||
350 |
struct node_gid *, struct node_if *, struct node_icmp *, |
||
351 |
const char *); |
||
352 |
int expand_queue(char *, struct node_if *, struct queue_opts *); |
||
353 |
int expand_skip_interface(struct node_if *); |
||
354 |
|||
355 |
int getservice(char *); |
||
356 |
int rule_label(struct pf_rule *, char *); |
||
357 |
|||
358 |
void mv_rules(struct pf_ruleset *, struct pf_ruleset *); |
||
359 |
void decide_address_family(struct node_host *, sa_family_t *); |
||
360 |
int invalid_redirect(struct node_host *, sa_family_t); |
||
361 |
u_int16_t parseicmpspec(char *, sa_family_t); |
||
362 |
int kw_casecmp(const void *, const void *); |
||
363 |
int map_tos(char *string, int *); |
||
364 |
|||
365 |
TAILQ_HEAD(loadanchorshead, loadanchors) |
||
366 |
loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead); |
||
367 |
|||
368 |
struct loadanchors { |
||
369 |
TAILQ_ENTRY(loadanchors) entries; |
||
370 |
char *anchorname; |
||
371 |
char *filename; |
||
372 |
}; |
||
373 |
|||
374 |
typedef struct { |
||
375 |
union { |
||
376 |
int64_t number; |
||
377 |
double probability; |
||
378 |
int i; |
||
379 |
char *string; |
||
380 |
u_int rtableid; |
||
381 |
u_int16_t weight; |
||
382 |
struct { |
||
383 |
u_int8_t b1; |
||
384 |
u_int8_t b2; |
||
385 |
u_int16_t w; |
||
386 |
u_int16_t w2; |
||
387 |
} b; |
||
388 |
struct range range; |
||
389 |
struct node_if *interface; |
||
390 |
struct node_proto *proto; |
||
391 |
struct node_icmp *icmp; |
||
392 |
struct node_host *host; |
||
393 |
struct node_os *os; |
||
394 |
struct node_port *port; |
||
395 |
struct node_uid *uid; |
||
396 |
struct node_gid *gid; |
||
397 |
struct node_state_opt *state_opt; |
||
398 |
struct peer peer; |
||
399 |
struct { |
||
400 |
struct peer src, dst; |
||
401 |
struct node_os *src_os; |
||
402 |
} fromto; |
||
403 |
struct redirection *redirection; |
||
404 |
struct { |
||
405 |
int action; |
||
406 |
struct node_state_opt *options; |
||
407 |
} keep_state; |
||
408 |
struct { |
||
409 |
u_int8_t log; |
||
410 |
u_int8_t logif; |
||
411 |
u_int8_t quick; |
||
412 |
} logquick; |
||
413 |
struct { |
||
414 |
int neg; |
||
415 |
char *name; |
||
416 |
} tagged; |
||
417 |
struct pf_poolhashkey *hashkey; |
||
418 |
struct node_queue *queue; |
||
419 |
struct node_queue_opt queue_options; |
||
420 |
struct node_queue_bw queue_bwspec; |
||
421 |
struct node_qassign qassign; |
||
422 |
struct node_sc sc; |
||
423 |
struct filter_opts filter_opts; |
||
424 |
struct antispoof_opts antispoof_opts; |
||
425 |
struct queue_opts queue_opts; |
||
426 |
struct scrub_opts scrub_opts; |
||
427 |
struct table_opts table_opts; |
||
428 |
struct pool_opts pool_opts; |
||
429 |
struct node_hfsc_opts hfsc_opts; |
||
430 |
} v; |
||
431 |
int lineno; |
||
432 |
} YYSTYPE; |
||
433 |
|||
434 |
#define PPORT_RANGE 1 |
||
435 |
#define PPORT_STAR 2 |
||
436 |
int parseport(char *, struct range *r, int); |
||
437 |
|||
438 |
#define DYNIF_MULTIADDR(addr) ((addr).type == PF_ADDR_DYNIFTL && \ |
||
439 |
(!((addr).iflags & PFI_AFLAG_NOALIAS) || \ |
||
440 |
!isdigit((unsigned char)(addr).v.ifname[strlen((addr).v.ifname)-1]))) |
||
441 |
|||
442 |
#line 443 "parse.c" |
||
443 |
#define PASS 257 |
||
444 |
#define BLOCK 258 |
||
445 |
#define MATCH 259 |
||
446 |
#define SCRUB 260 |
||
447 |
#define RETURN 261 |
||
448 |
#define IN 262 |
||
449 |
#define OS 263 |
||
450 |
#define OUT 264 |
||
451 |
#define LOG 265 |
||
452 |
#define QUICK 266 |
||
453 |
#define ON 267 |
||
454 |
#define FROM 268 |
||
455 |
#define TO 269 |
||
456 |
#define FLAGS 270 |
||
457 |
#define RETURNRST 271 |
||
458 |
#define RETURNICMP 272 |
||
459 |
#define RETURNICMP6 273 |
||
460 |
#define PROTO 274 |
||
461 |
#define INET 275 |
||
462 |
#define INET6 276 |
||
463 |
#define ALL 277 |
||
464 |
#define ANY 278 |
||
465 |
#define ICMPTYPE 279 |
||
466 |
#define ICMP6TYPE 280 |
||
467 |
#define CODE 281 |
||
468 |
#define KEEP 282 |
||
469 |
#define MODULATE 283 |
||
470 |
#define STATE 284 |
||
471 |
#define PORT 285 |
||
472 |
#define BINATTO 286 |
||
473 |
#define NODF 287 |
||
474 |
#define MINTTL 288 |
||
475 |
#define ERROR 289 |
||
476 |
#define ALLOWOPTS 290 |
||
477 |
#define FILENAME 291 |
||
478 |
#define ROUTETO 292 |
||
479 |
#define DUPTO 293 |
||
480 |
#define REPLYTO 294 |
||
481 |
#define NO 295 |
||
482 |
#define LABEL 296 |
||
483 |
#define NOROUTE 297 |
||
484 |
#define URPFFAILED 298 |
||
485 |
#define FRAGMENT 299 |
||
486 |
#define USER 300 |
||
487 |
#define GROUP 301 |
||
488 |
#define MAXMSS 302 |
||
489 |
#define MAXIMUM 303 |
||
490 |
#define TTL 304 |
||
491 |
#define TOS 305 |
||
492 |
#define DROP 306 |
||
493 |
#define TABLE 307 |
||
494 |
#define REASSEMBLE 308 |
||
495 |
#define ANCHOR 309 |
||
496 |
#define SET 310 |
||
497 |
#define OPTIMIZATION 311 |
||
498 |
#define TIMEOUT 312 |
||
499 |
#define LIMIT 313 |
||
500 |
#define LOGINTERFACE 314 |
||
501 |
#define BLOCKPOLICY 315 |
||
502 |
#define RANDOMID 316 |
||
503 |
#define SYNPROXY 317 |
||
504 |
#define FINGERPRINTS 318 |
||
505 |
#define NOSYNC 319 |
||
506 |
#define DEBUG 320 |
||
507 |
#define SKIP 321 |
||
508 |
#define HOSTID 322 |
||
509 |
#define ANTISPOOF 323 |
||
510 |
#define FOR 324 |
||
511 |
#define INCLUDE 325 |
||
512 |
#define MATCHES 326 |
||
513 |
#define BITMASK 327 |
||
514 |
#define RANDOM 328 |
||
515 |
#define SOURCEHASH 329 |
||
516 |
#define ROUNDROBIN 330 |
||
517 |
#define LEASTSTATES 331 |
||
518 |
#define STATICPORT 332 |
||
519 |
#define PROBABILITY 333 |
||
520 |
#define WEIGHT 334 |
||
521 |
#define BANDWIDTH 335 |
||
522 |
#define FLOWS 336 |
||
523 |
#define QUANTUM 337 |
||
524 |
#define QUEUE 338 |
||
525 |
#define PRIORITY 339 |
||
526 |
#define QLIMIT 340 |
||
527 |
#define RTABLE 341 |
||
528 |
#define RDOMAIN 342 |
||
529 |
#define MINIMUM 343 |
||
530 |
#define BURST 344 |
||
531 |
#define PARENT 345 |
||
532 |
#define LOAD 346 |
||
533 |
#define RULESET_OPTIMIZATION 347 |
||
534 |
#define PRIO 348 |
||
535 |
#define ONCE 349 |
||
536 |
#define DEFAULT 350 |
||
537 |
#define STICKYADDRESS 351 |
||
538 |
#define MAXSRCSTATES 352 |
||
539 |
82 |
#define MAXSRCNODES 353 |
|
540 |
82 |
#define SOURCETRACK 354 |
|
541 |
#define GLOBAL 355 |
||
542 |
#define RULE 356 |
||
543 |
#define MAXSRCCONN 357 |
||
544 |
#define MAXSRCCONNRATE 358 |
||
545 |
✗✓ | 1 |
#define OVERLOAD 359 |
546 |
#define FLUSH 360 |
||
547 |
#define SLOPPY 361 |
||
548 |
#define PFLOW 362 |
||
549 |
#define TAGGED 363 |
||
550 |
1 |
#define TAG 364 |
|
551 |
#define IFBOUND 365 |
||
552 |
1 |
#define FLOATING 366 |
|
553 |
1 |
#define STATEPOLICY 367 |
|
554 |
✗✓ | 1 |
#define STATEDEFAULTS 368 |
555 |
#define ROUTE 369 |
||
556 |
#define DIVERTTO 370 |
||
557 |
#define DIVERTREPLY 371 |
||
558 |
#define DIVERTPACKET 372 |
||
559 |
#define NATTO 373 |
||
560 |
#define AFTO 374 |
||
561 |
#define RDRTO 375 |
||
562 |
#define RECEIVEDON 376 |
||
563 |
#define NE 377 |
||
564 |
#define LE 378 |
||
565 |
#define GE 379 |
||
566 |
#define STRING 380 |
||
567 |
#define NUMBER 381 |
||
568 |
#define PORTBINARY 382 |
||
569 |
#define YYERRCODE 256 |
||
570 |
const short yylhs[] = |
||
571 |
{ -1, |
||
572 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
573 |
0, 0, 0, 115, 124, 124, 124, 124, 18, 13, |
||
574 |
13, 116, 116, 116, 116, 116, 116, 116, 116, 116, |
||
575 |
116, 116, 116, 116, 116, 116, 116, 116, 73, 73, |
||
576 |
75, 75, 76, 76, 77, 77, 121, 74, 74, 130, |
||
577 |
130, 130, 130, 130, 132, 131, 131, 118, 119, 133, |
||
578 |
106, 108, 108, 107, 107, 107, 107, 107, 122, 87, |
||
579 |
87, 88, 88, 89, 89, 135, 98, 98, 100, 100, |
||
580 |
99, 99, 11, 11, 123, 136, 109, 109, 111, 111, |
||
581 |
8 |
110, 110, 110, 110, 53, 53, 52, 52, 120, 137, |
|
582 |
14 |
101, 103, 103, 102, 102, 102, 102, 102, 102, 104, |
|
583 |
6 |
104, 104, 104, 104, 105, 105, 91, 91, 117, 138, |
|
584 |
92, 92, 94, 94, 93, 93, 93, 93, 93, 93, |
||
585 |
93, 93, 93, 93, 93, 93, 93, 93, 93, 93, |
||
586 |
14 |
93, 93, 93, 93, 93, 93, 93, 93, 93, 93, |
|
587 |
93, 93, 93, 93, 95, 95, 97, 97, 96, 96, |
||
588 |
14 |
96, 27, 27, 14, 14, 23, 23, 23, 26, 26, |
|
589 |
✗✓ | 16 |
26, 26, 26, 26, 26, 26, 26, 26, 41, 41, |
590 |
42, 42, 16, 16, 16, 83, 83, 82, 82, 82, |
||
591 |
82, 82, 84, 84, 85, 85, 86, 86, 86, 86, |
||
592 |
86, 1, 1, 1, 2, 2, 3, 4, 4, 4, |
||
593 |
17, 17, 17, 32, 32, 32, 33, 33, 34, 35, |
||
594 |
16 |
35, 43, 43, 59, 59, 59, 60, 61, 61, 45, |
|
595 |
45, 46, 46, 44, 44, 44, 126, 126, 47, 47, |
||
596 |
16 |
47, 51, 51, 48, 48, 48, 15, 15, 49, 49, |
|
597 |
49, 49, 49, 49, 49, 49, 5, 5, 50, 62, |
||
598 |
62, 63, 63, 64, 64, 64, 28, 30, 65, 65, |
||
599 |
66, 66, 67, 67, 67, 8, 8, 68, 68, 69, |
||
600 |
69, 70, 70, 70, 9, 9, 25, 24, 24, 24, |
||
601 |
36, 36, 36, 36, 37, 37, 39, 39, 38, 38, |
||
602 |
38, 40, 40, 40, 6, 6, 7, 7, 10, 10, |
||
603 |
19, 19, 19, 22, 22, 78, 78, 78, 78, 20, |
||
604 |
20, 20, 79, 79, 80, 80, 81, 81, 81, 81, |
||
605 |
81, 81, 81, 81, 81, 81, 81, 81, 72, 90, |
||
606 |
90, 90, 29, 55, 55, 54, 54, 71, 71, 31, |
||
607 |
✗✓ | 10 |
31, 139, 112, 112, 114, 114, 113, 113, 113, 113, |
608 |
113, 113, 113, 56, 56, 56, 56, 56, 57, 57, |
||
609 |
58, 58, 125, 127, 127, 128, 129, 129, 134, 134, |
||
610 |
12, 12, 21, 21, 21, 21, 21, 21, |
||
611 |
}; |
||
612 |
10 |
const short yylen[] = |
|
613 |
{ 2, |
||
614 |
10 |
0, 3, 2, 3, 3, 3, 3, 3, 3, 3, |
|
615 |
✓✓✗✓ |
9 |
3, 4, 3, 2, 2, 3, 3, 3, 1, 0, |
616 |
1 |
1, 4, 3, 3, 3, 6, 3, 6, 3, 3, |
|
617 |
1 |
3, 3, 3, 3, 3, 3, 3, 3, 1, 1, |
|
618 |
2, 1, 2, 1, 1, 1, 3, 1, 0, 0, |
||
619 |
4 |
2, 3, 3, 3, 0, 5, 0, 10, 5, 0, |
|
620 |
2, 3, 1, 1, 2, 2, 2, 1, 5, 2, |
||
621 |
4 |
5, 2, 4, 1, 3, 0, 2, 0, 2, 1, |
|
622 |
✓✓ | 7 |
2, 2, 1, 0, 5, 0, 2, 0, 2, 1, |
623 |
5 |
1, 3, 4, 2, 2, 4, 2, 4, 4, 0, |
|
624 |
7 |
2, 2, 1, 3, 2, 1, 2, 2, 2, 0, |
|
625 |
3, 3, 6, 6, 1, 5, 1, 1, 8, 0, |
||
626 |
7 |
2, 0, 2, 1, 2, 2, 1, 1, 2, 2, |
|
627 |
✓✓ | 4 |
1, 1, 1, 2, 2, 2, 3, 2, 2, 4, |
628 |
2 |
1, 3, 4, 3, 5, 8, 3, 3, 3, 3, |
|
629 |
4 |
3, 3, 1, 1, 4, 2, 3, 1, 1, 2, |
|
630 |
2, 2, 6, 1, 1, 1, 1, 2, 0, 1, |
||
631 |
4 |
1, 5, 1, 1, 4, 4, 6, 1, 1, 1, |
|
632 |
1, 1, 0, 1, 1, 0, 1, 0, 1, 1, |
||
633 |
2, 2, 1, 4, 1, 3, 1, 1, 1, 1, |
||
634 |
2, 0, 2, 5, 2, 4, 2, 1, 1, 2, |
||
635 |
0, 1, 1, 0, 2, 5, 2, 4, 1, 1, |
||
636 |
1, 1, 3, 0, 2, 5, 1, 2, 4, 0, |
||
637 |
2, 0, 2, 1, 3, 2, 2, 0, 1, 1, |
||
638 |
4, 2, 4, 2, 2, 2, 2, 0, 1, 3, |
||
639 |
3, 3, 1, 3, 3, 2, 1, 1, 3, 1, |
||
640 |
4, 2, 4, 1, 2, 3, 1, 1, 1, 4, |
||
641 |
2, 4, 1, 2, 3, 1, 1, 1, 4, 2, |
||
642 |
4, 1, 2, 3, 1, 1, 1, 4, 3, 2, |
||
643 |
2, 5, 2, 5, 2, 4, 2, 4, 1, 3, |
||
644 |
3, 1, 3, 3, 1, 1, 1, 1, 1, 1, |
||
645 |
0, 1, 1, 1, 1, 2, 3, 3, 3, 0, |
||
646 |
1, 2, 3, 0, 1, 3, 2, 1, 2, 2, |
||
647 |
4, 5, 2, 2, 1, 1, 1, 2, 1, 1, |
||
648 |
3, 5, 1, 2, 4, 3, 5, 1, 3, 0, |
||
649 |
1, 0, 2, 0, 2, 1, 1, 1, 2, 1, |
||
650 |
1, 1, 1, 1, 3, 3, 3, 4, 3, 5, |
||
651 |
2, 4, 2, 4, 2, 2, 4, 2, 1, 0, |
||
652 |
1, 1, 1, 1, 1, 1, 1, 1, |
||
653 |
}; |
||
654 |
const short yydefred[] = |
||
655 |
{ 0, |
||
656 |
0, 0, 0, 0, 166, 0, 167, 0, 0, 0, |
||
657 |
0, 0, 0, 0, 0, 3, 0, 0, 0, 0, |
||
658 |
0, 0, 0, 0, 0, 0, 0, 15, 0, 0, |
||
659 |
0, 13, 178, 0, 0, 0, 170, 168, 0, 48, |
||
660 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
661 |
0, 0, 0, 0, 0, 0, 0, 0, 14, 0, |
||
662 |
0, 0, 184, 185, 0, 2, 4, 5, 6, 7, |
||
663 |
8, 9, 10, 11, 18, 12, 17, 16, 0, 0, |
||
664 |
0, 0, 0, 381, 382, 0, 23, 0, 0, 25, |
||
665 |
0, 0, 27, 40, 39, 29, 32, 31, 33, 36, |
||
666 |
35, 0, 37, 258, 257, 30, 0, 24, 19, 314, |
||
667 |
315, 34, 0, 328, 0, 0, 0, 0, 0, 0, |
||
668 |
336, 337, 0, 335, 0, 325, 0, 192, 0, 0, |
||
669 |
191, 100, 0, 46, 45, 47, 0, 0, 0, 179, |
||
670 |
180, 0, 181, 182, 0, 0, 187, 0, 21, 22, |
||
671 |
373, 0, 0, 376, 0, 0, 83, 203, 0, 41, |
||
672 |
327, 329, 333, 312, 313, 334, 330, 0, 0, 338, |
||
673 |
379, 0, 0, 197, 199, 200, 198, 0, 195, 209, |
||
674 |
0, 208, 0, 0, 74, 70, 212, 213, 0, 99, |
||
675 |
0, 0, 43, 0, 0, 175, 0, 176, 85, 0, |
||
676 |
0, 237, 0, 0, 0, 0, 0, 207, 0, 0, |
||
677 |
326, 201, 194, 0, 210, 0, 0, 69, 0, 0, |
||
678 |
0, 0, 0, 0, 106, 103, 0, 59, 0, 172, |
||
679 |
0, 0, 91, 0, 90, 0, 0, 375, 26, 0, |
||
680 |
378, 28, 0, 0, 0, 331, 0, 196, 0, 0, |
||
681 |
75, 0, 0, 80, 0, 117, 118, 0, 0, 108, |
||
682 |
109, 107, 105, 102, 0, 0, 177, 94, 0, 89, |
||
683 |
0, 0, 0, 204, 0, 205, 0, 332, 71, 0, |
||
684 |
72, 339, 81, 82, 79, 0, 104, 0, 220, 221, |
||
685 |
0, 215, 219, 0, 222, 0, 0, 0, 92, 0, |
||
686 |
10 |
0, 0, 0, 0, 374, 377, 0, 322, 0, 0, |
|
687 |
10 |
0, 0, 0, 239, 0, 0, 231, 0, 240, 119, |
|
688 |
0, 0, 0, 0, 245, 246, 0, 0, 0, 0, |
||
689 |
0, 244, 0, 0, 95, 93, 0, 97, 0, 206, |
||
690 |
73, 0, 0, 0, 0, 0, 384, 385, 387, 0, |
||
691 |
383, 386, 388, 0, 0, 236, 260, 268, 0, 0, |
||
692 |
0, 0, 0, 0, 0, 0, 0, 133, 0, 0, |
||
693 |
0, 0, 0, 132, 0, 0, 0, 0, 0, 0, |
||
694 |
0, 0, 0, 153, 0, 0, 141, 0, 0, 0, |
||
695 |
0, 0, 127, 128, 131, 124, 0, 154, 227, 0, |
||
696 |
225, 0, 223, 0, 256, 0, 0, 0, 0, 0, |
||
697 |
0, 247, 0, 55, 58, 116, 0, 0, 216, 0, |
||
698 |
217, 0, 265, 0, 0, 0, 235, 60, 290, 287, |
||
699 |
0, 0, 305, 306, 0, 0, 291, 307, 308, 0, |
||
700 |
0, 293, 0, 0, 0, 0, 0, 0, 0, 0, |
||
701 |
0, 0, 0, 0, 0, 0, 0, 316, 134, 276, |
||
702 |
277, 0, 0, 0, 125, 269, 285, 286, 0, 0, |
||
703 |
0, 126, 278, 309, 310, 130, 0, 0, 0, 0, |
||
704 |
✗✓ | 30 |
159, 156, 0, 164, 165, 138, 340, 0, 135, 139, |
705 |
129, 136, 0, 0, 0, 0, 0, 0, 0, 123, |
||
706 |
30 |
0, 233, 96, 250, 251, 252, 259, 255, 254, 98, |
|
707 |
30 |
0, 0, 0, 0, 0, 0, 266, 242, 241, 0, |
|
708 |
0, 0, 289, 0, 0, 0, 0, 0, 0, 317, |
||
709 |
30 |
318, 0, 344, 0, 148, 0, 0, 0, 0, 0, |
|
710 |
0, 371, 149, 151, 150, 0, 0, 274, 0, 0, |
||
711 |
283, 161, 160, 162, 0, 158, 0, 319, 0, 0, |
||
712 |
142, 144, 0, 147, 137, 152, 0, 0, 50, 114, |
||
713 |
689 |
113, 218, 261, 0, 262, 0, 143, 64, 0, 0, |
|
714 |
✗✓ | 689 |
0, 68, 63, 0, 288, 0, 0, 300, 301, 0, |
715 |
0, 303, 304, 0, 0, 0, 349, 343, 357, 358, |
||
716 |
0, 360, 361, 362, 363, 356, 0, 365, 0, 0, |
||
717 |
0, 366, 367, 0, 0, 275, 0, 0, 284, 0, |
||
718 |
689 |
155, 0, 341, 0, 140, 267, 0, 228, 226, 0, |
|
719 |
✗✓ | 1378 |
0, 0, 243, 65, 66, 67, 0, 292, 0, 295, |
720 |
294, 0, 297, 323, 0, 345, 0, 359, 351, 355, |
||
721 |
0, 372, 0, 368, 270, 0, 271, 279, 0, 280, |
||
722 |
0, 157, 0, 0, 0, 51, 56, 0, 0, 0, |
||
723 |
263, 62, 0, 0, 346, 0, 369, 0, 0, 0, |
||
724 |
168 |
0, 342, 0, 229, 54, 52, 53, 296, 298, 0, |
|
725 |
✓✓ | 168 |
0, 272, 281, 163, 0, 347, 370, 146, |
726 |
96 |
}; |
|
727 |
✓✓ | 2262 |
const short yydgoto[] = |
728 |
✗✓ | 963 |
{ 2, |
729 |
103, 244, 158, 185, 106, 436, 441, 463, 470, 476, |
||
730 |
300, 86, 150, 486, 335, 65, 189, 108, 166, 278, |
||
731 |
354, 124, 17, 393, 432, 38, 481, 625, 597, 355, |
||
732 |
648, 266, 345, 292, 293, 394, 586, 437, 590, 442, |
||
733 |
142, 145, 296, 317, 297, 403, 318, 319, 446, 333, |
||
734 |
✗✓ | 168 |
426, 302, 303, 596, 447, 454, 610, 455, 323, 401, |
735 |
568, 356, 515, 357, 465, 614, 466, 472, 617, 473, |
||
736 |
168 |
448, 283, 96, 41, 109, 136, 358, 395, 530, 125, |
|
737 |
168 |
126, 57, 148, 58, 178, 179, 130, 249, 186, 489, |
|
738 |
✗✓ | 168 |
258, 320, 396, 397, 398, 482, 557, 218, 254, 255, |
739 |
190, 226, 227, 287, 259, 521, 583, 584, 199, 235, |
||
740 |
236, 535, 606, 607, 18, 19, 20, 21, 22, 23, |
||
741 |
73 |
24, 25, 26, 3, 90, 153, 204, 93, 206, 631, |
|
742 |
135 |
415, 511, 522, 172, 219, 200, 191, 321, 536, |
|
743 |
62 |
}; |
|
744 |
const short yysindex[] = |
||
745 |
{ -22, |
||
746 |
0, 147, 1004, 196, 0, 482, 0, 167, -112, 1802, |
||
747 |
-170, -80, -46, -51, 229, 0, 11, 407, 415, 428, |
||
748 |
430, 450, 470, 493, 501, 506, 525, 0, 528, 546, |
||
749 |
549, 0, 0, 413, 503, 536, 0, 0, 47, 0, |
||
750 |
11, -190, 198, -97, -77, -205, -20, 205, -244, 320, |
||
751 |
119, 211, -155, 1135, 559, 345, 297, 361, 0, 320, |
||
752 |
211, 170, 0, 0, -170, 0, 0, 0, 0, 0, |
||
753 |
0, 0, 0, 0, 0, 0, 0, 0, 329, 214, |
||
754 |
83 |
232, 581, 381, 0, 0, 372, 0, 281, 659, 0, |
|
755 |
290, 659, 0, 0, 0, 0, 0, 0, 0, 0, |
||
756 |
0, 50, 0, 0, 0, 0, 211, 0, 0, 0, |
||
757 |
0, 0, 293, 0, 300, 315, 312, 321, 337, 633, |
||
758 |
83 |
0, 0, 352, 0, 691, 0, 440, 0, 165, 342, |
|
759 |
83 |
0, 0, 488, 0, 0, 0, 170, 320, 357, 0, |
|
760 |
83 |
0, 202, 0, 0, 719, 0, 0, 320, 0, 0, |
|
761 |
0, 659, 383, 0, 390, 659, 0, 0, -166, 0, |
||
762 |
0, 0, 0, 0, 0, 0, 0, 739, 410, 0, |
||
763 |
0, 1135, 211, 0, 0, 0, 0, 280, 0, 0, |
||
764 |
435, 0, 659, -166, 0, 0, 0, 0, 0, 0, |
||
765 |
847, 211, 0, 342, 753, 0, 232, 0, 0, -99, |
||
766 |
342, 0, 659, 63, 659, 73, 791, 0, 444, 764, |
||
767 |
0, 0, 0, 440, 0, 154, 790, 0, -52, 296, |
||
768 |
83 |
452, 453, 455, 457, 0, 0, 847, 0, 564, 0, |
|
769 |
83 |
798, 461, 0, 659, 0, -99, 564, 0, 0, 383, |
|
770 |
✗✓ | 83 |
0, 0, 390, 90, 659, 0, 484, 0, 103, 659, |
771 |
0, 476, 477, 0, -52, 0, 0, 517, 691, 0, |
||
772 |
83 |
0, 0, 0, 0, -85, -14, 0, 0, 61, 0, |
|
773 |
83 |
-14, 659, 659, 0, 791, 0, 511, 0, 0, 154, |
|
774 |
83 |
0, 0, 0, 0, 0, 296, 0, 128, 0, 0, |
|
775 |
83 |
659, 0, 0, 54, 0, 0, 599, 659, 0, 193, |
|
776 |
83 |
538, 109, 659, 0, 0, 0, 659, 0, 659, 543, |
|
777 |
83 |
296, 296, 298, 0, 761, 659, 0, 594, 0, 0, |
|
778 |
83 |
5270, -66, 611, 58, 0, 0, 505, 74, 836, 510, |
|
779 |
512, 0, 844, 513, 0, 0, 58, 0, 770, 0, |
||
780 |
83 |
0, 515, 691, 691, 110, 659, 0, 0, 0, 659, |
|
781 |
0, 0, 0, 170, 518, 0, 0, 0, 20, 761, |
||
782 |
861, 21, -74, -54, 619, 620, 49, 0, -31, -31, |
||
783 |
-31, 625, 476, 0, 992, 1027, 319, -18, 627, 334, |
||
784 |
-21, 535, 539, 0, 211, 547, 0, 634, 49, 342, |
||
785 |
49, -265, 0, 0, 0, 0, 5270, 0, 0, 659, |
||
786 |
135 |
0, 54, 0, 117, 0, 550, 545, 548, 896, 877, |
|
787 |
565, 0, 659, 0, 0, 0, 600, 644, 0, 298, |
||
788 |
0, 603, 0, 170, 659, 155, 0, 0, 0, 0, |
||
789 |
✓✓✓✗ ✗✓ |
281 |
569, 903, 0, 0, 659, 670, 0, 0, 0, 659, |
790 |
679, 0, 913, 913, 659, 538, 680, 0, 917, 659, |
||
791 |
586, 588, 922, 538, 0, 0, 0, 0, 0, 0, |
||
792 |
0, 659, 589, 371, 0, 0, 0, 0, 659, 591, |
||
793 |
387, 0, 0, 0, 0, 0, 319, -21, -25, 365, |
||
794 |
0, 0, 913, 0, 0, 0, 0, 596, 0, 0, |
||
795 |
0, 0, 689, 119, 0, 709, 0, 211, -166, 0, |
||
796 |
135 |
598, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
797 |
✓✓ | 135 |
975, 296, 296, 659, 160, 659, 0, 0, 0, 20, |
798 |
✓✓✗✓ |
104 |
948, 811, 0, 569, 402, 412, 418, 420, 1135, 0, |
799 |
0, 199, 0, 170, 0, 1064, 610, -27, 189, 929, |
||
800 |
612, 0, 0, 0, 0, 650, 371, 0, 944, 387, |
||
801 |
0, 0, 0, 0, 613, 0, 411, 0, 417, 170, |
||
802 |
0, 0, 49, 0, 0, 0, 659, 176, 0, 0, |
||
803 |
0, 0, 0, 603, 0, 659, 0, 0, 615, 616, |
||
804 |
621, 0, 0, 691, 0, 421, 659, 0, 0, 480, |
||
805 |
659, 0, 0, 443, 538, 486, 0, 0, 0, 0, |
||
806 |
83 |
211, 0, 0, 0, 0, 0, 1064, 0, 538, 519, |
|
807 |
83 |
951, 0, 0, 520, 659, 0, 533, 659, 0, 691, |
|
808 |
✓✓ | 249 |
0, 365, 0, 622, 0, 0, 0, 0, 0, 598, |
809 |
1011, 659, 0, 0, 0, 0, 811, 0, 402, 0, |
||
810 |
✗✓ | 83 |
0, 418, 0, 0, 659, 0, 199, 0, 0, 0, |
811 |
659, 0, -27, 0, 0, 650, 0, 0, 944, 0, |
||
812 |
618, 0, 972, 747, 659, 0, 0, 1008, 1009, 1010, |
||
813 |
0, 0, 659, 659, 0, 538, 0, 538, 659, 659, |
||
814 |
✓✓ | 83 |
982, 0, 49, 0, 0, 0, 0, 0, 0, 659, |
815 |
✗✓ | 79 |
659, 0, 0, 0, 0, 0, 0, 0,}; |
816 |
const short yyrindex[] = |
||
817 |
{ 8, |
||
818 |
0, 0, 0, 0, 0, 1549, 0, 0, 1671, 0, |
||
819 |
700, 0, 0, 0, 0, 0, 2156, 0, 0, 0, |
||
820 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
821 |
158 |
0, 0, 0, 1788, 1916, 2039, 0, 0, 0, 0, |
|
822 |
79 |
2284, 0, 0, 0, 0, 0, 0, 0, 0, 1034, |
|
823 |
79 |
0, 0, 0, 0, 2407, 2628, 0, 2753, 0, 936, |
|
824 |
83 |
0, 0, 0, 0, 3286, 0, 0, 0, 0, 0, |
|
825 |
83 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
826 |
83 |
0, 0, 2873, 0, 0, 1036, 0, 0, 667, 0, |
|
827 |
✗✓ | 52 |
0, 667, 0, 0, 0, 0, 0, 0, 0, 0, |
828 |
0, -140, 0, 0, 0, 0, 1432, 0, 0, 0, |
||
829 |
0, 0, 0, 0, 0, 0, 33, 0, 0, 0, |
||
830 |
0, 0, 0, 0, 876, 0, 0, 0, 0, 132, |
||
831 |
0, 0, 0, 0, 0, 0, 1038, 3717, 0, 0, |
||
832 |
0, 422, 0, 0, 0, 22, 0, 3403, 0, 0, |
||
833 |
135 |
0, 70, 0, 0, 0, -17, 0, 0, 0, 0, |
|
834 |
135 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
835 |
135 |
0, 0, 0, 0, 0, 0, 0, 563, 0, 0, |
|
836 |
135 |
0, 0, 191, 0, 0, 0, 0, 0, 241, 0, |
|
837 |
135 |
0, 0, 0, 3951, 0, 0, 0, 0, 0, 0, |
|
838 |
3834, 0, 3, 676, 3, 676, -140, 0, 0, 0, |
||
839 |
✗✓ | 135 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
840 |
0, 0, 0, 0, 0, 0, 1040, 0, 4185, 0, |
||
841 |
0, 0, 0, 311, 0, 1047, 4068, 0, 0, 0, |
||
842 |
0, 0, 0, 27, -23, 0, 156, 0, 318, 31, |
||
843 |
0, 0, 0, 0, 546, 0, 0, 562, 672, 0, |
||
844 |
0, 0, 0, 0, 0, 4481, 0, 0, 234, 0, |
||
845 |
4284, 3, 3, 0, -140, 0, 516, 0, 0, 0, |
||
846 |
✗✓ | 135 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
847 |
434, 0, 0, 234, 0, 5172, 4580, 40, 0, 0, |
||
848 |
-5, 507, 125, 4777, 0, 0, -23, 0, 31, 0, |
||
849 |
0, 0, 0, 0, 0, 185, 0, 4382, 0, 0, |
||
850 |
-47, 0, 4876, 234, 0, 0, 0, 356, 0, 0, |
||
851 |
0, 0, 479, 0, 0, 0, 234, 0, 1048, 0, |
||
852 |
0, 0, 578, 771, 422, 34, 0, 0, 0, 1000, |
||
853 |
135 |
0, 0, 0, 0, 662, 0, 0, 0, 234, 0, |
|
854 |
✗✓ | 135 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
855 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
856 |
135 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 795, |
|
857 |
135 |
0, 0, 0, 0, 0, 0, 2, 0, 0, 667, |
|
858 |
135 |
0, 234, 0, 507, 0, 0, 0, 0, 0, 0, |
|
859 |
✗✓ | 135 |
0, 0, 125, 0, 0, 0, 0, 0, 0, 0, |
860 |
0, 0, 0, 0, 64, 251, 0, 0, 0, 0, |
||
861 |
0, 0, 0, 0, 434, 1049, 0, 0, 0, 434, |
||
862 |
1157, 0, 4974, 4974, 212, 2505, 2972, 3502, 1323, 30, |
||
863 |
✓✗✓✗ ✗✓ |
405 |
0, 0, 0, 3600, 3502, 3502, 3502, 0, 0, 0, |
864 |
0, 1000, 785, 0, 0, 0, 0, 0, 1000, 926, |
||
865 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
866 |
0, 0, 4974, 0, 0, 0, 0, 0, 0, 0, |
||
867 |
0, 0, 0, 0, 3502, 0, 3502, 0, 0, 0, |
||
868 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
869 |
0, 0, 0, 34, 1091, 873, 0, 0, 0, 234, |
||
870 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
871 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
872 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
873 |
0, 0, 0, 0, 0, 0, 396, 0, 676, 0, |
||
874 |
0, 0, 0, 0, 0, 0, 3, 676, 0, 0, |
||
875 |
0, 0, 0, 0, 0, 64, 0, 0, 0, 0, |
||
876 |
0, 0, 0, 883, 0, 422, 34, 0, 0, 422, |
||
877 |
34, 0, 0, 1188, 1, 217, 0, 0, 0, 0, |
||
878 |
3070, 0, 0, 0, 0, 0, 4678, 0, 4, 39, |
||
879 |
0, 0, 0, 1091, 873, 0, 1091, 873, 0, 685, |
||
880 |
135 |
0, 0, 0, 0, 0, 0, 3169, 0, 0, 0, |
|
881 |
0, 873, 0, 0, 0, 0, 0, 0, 0, 0, |
||
882 |
✓✓ | 135 |
0, 0, 0, 0, 172, 0, 0, 0, 0, 0, |
883 |
1 |
-37, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
884 |
0, 0, 0, 5073, 3, 0, 0, 0, 0, 0, |
||
885 |
1 |
0, 0, 34, 34, 0, 1, 0, 4, 873, 873, |
|
886 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 172, |
||
887 |
-37, 0, 0, 0, 3502, 0, 0, 0,}; |
||
888 |
✗✓ | 134 |
const short yygindex[] = |
889 |
{ 0, |
||
890 |
164, 0, 72, -119, 575, 0, 0, -379, -280, 593, |
||
891 |
400, 0, 0, 0, 262, 1031, -143, 0, 0, 0, |
||
892 |
91, 1020, 0, 0, -372, 0, 0, 0, 0, -221, |
||
893 |
0, 839, 0, -250, 0, 0, 0, -488, 0, -496, |
||
894 |
✗✓ | 134 |
0, 886, 820, 690, 0, 0, -342, -128, -270, 253, |
895 |
0, 772, 757, 0, 0, -504, 0, 375, 0, -459, |
||
896 |
0, 737, 0, -395, 0, 0, -494, 0, 0, -495, |
||
897 |
-241, 727, 0, 0, -57, 964, -56, 0, -377, 574, |
||
898 |
932, 1044, 0, 1054, 0, 891, 0, 0, -9, 636, |
||
899 |
826, 813, 723, 0, 0, -455, 0, 0, 867, 0, |
||
900 |
✗✓ | 134 |
0, 897, 0, 0, -172, 0, 491, 0, 0, 889, |
901 |
0, -219, 523, 0, 500, 0, -3, -2, 0, 0, |
||
902 |
0, 0, 0, 0, -117, -90, 0, -69, 0, 0, |
||
903 |
0, 0, 0, -122, 0, 0, 0, 0, 0, |
||
904 |
}; |
||
905 |
#define YYTABLESIZE 5645 |
||
906 |
const short yytable[] = |
||
907 |
134 |
{ 30, |
|
908 |
✗✓ | 134 |
31, 155, 238, 133, 248, 137, 238, 1, 451, 238, |
909 |
248, 121, 451, 248, 555, 238, 425, 1, 488, 197, |
||
910 |
238, 480, 238, 234, 556, 89, 516, 248, 452, 332, |
||
911 |
591, 88, 452, 609, 248, 203, 587, 291, 248, 208, |
||
912 |
248, 567, 311, 248, 248, 92, 238, 248, 435, 160, |
||
913 |
229, 615, 157, 618, 248, 214, 400, 237, 523, 380, |
||
914 |
✗✓ | 134 |
248, 202, 346, 248, 217, 207, 531, 431, 440, 238, |
915 |
238, 94, 238, 311, 238, 100, 311, 238, 380, 238, |
||
916 |
137, 240, 157, 243, 548, 205, 157, 238, 330, 238, |
||
917 |
157, 450, 216, 157, 55, 56, 238, 498, 380, 238, |
||
918 |
1, 238, 238, 238, 84, 558, 171, 238, 331, 238, |
||
919 |
499, 180, 238, 238, 241, 212, 171, 248, 406, 248, |
||
920 |
134 |
407, 275, 272, 238, 121, 248, 280, 238, 248, 238, |
|
921 |
134 |
238, 238, 423, 171, 228, 101, 288, 84, 343, 344, |
|
922 |
301, 211, 316, 269, 86, 674, 171, 495, 678, 497, |
||
923 |
268 |
673, 585, 171, 171, 276, 238, 16, 238, 238, 281, |
|
924 |
134 |
171, 679, 238, 680, 238, 320, 662, 616, 238, 514, |
|
925 |
134 |
665, 445, 156, 273, 95, 181, 316, 576, 632, 337, |
|
926 |
✓✓ | 402 |
298, 305, 306, 298, 238, 299, 238, 239, 238, 85, |
927 |
134 |
551, 232, 238, 184, 238, 301, 320, 242, 171, 320, |
|
928 |
134 |
313, 84, 517, 171, 184, 32, 250, 324, 301, 110, |
|
929 |
✓✓ | 269 |
111, 238, 338, 182, 274, 238, 340, 238, 341, 171, |
930 |
417, 418, 420, 132, 238, 359, 39, 279, 330, 507, |
||
931 |
238, 238, 330, 336, 419, 543, 544, 545, 330, 84, |
||
932 |
97, 503, 196, 252, 238, 171, 496, 238, 331, 238, |
||
933 |
78, 238, 331, 294, 238, 421, 380, 61, 331, 422, |
||
934 |
238, 595, 295, 1, 1, 1, 1, 40, 611, 619, |
||
935 |
✗✓ | 3 |
309, 238, 63, 84, 64, 562, 380, 564, 245, 519, |
936 |
2 |
233, 337, 88, 380, 573, 98, 477, 183, 253, 62, |
|
937 |
380, 248, 248, 84, 289, 290, 238, 314, 429, 59, |
||
938 |
629, 194, 91, 520, 380, 433, 434, 238, 238, 501, |
||
939 |
380, 201, 86, 399, 1, 84, 1, 1, 238, 478, |
||
940 |
213, 627, 510, 171, 238, 438, 439, 492, 84, 479, |
||
941 |
1, 314, 1, 60, 518, 311, 238, 238, 315, 570, |
||
942 |
1 |
571, 238, 238, 238, 525, 1, 307, 238, 449, 527, |
|
943 |
✗✓ | 1 |
238, 311, 449, 1, 532, 554, 238, 380, 487, 538, |
944 |
238, 238, 238, 248, 84, 249, 238, 238, 380, 248, |
||
945 |
✗✓ | 1 |
238, 546, 238, 380, 248, 248, 676, 84, 549, 566, |
946 |
248, 248, 238, 248, 311, 311, 311, 1, 249, 311, |
||
947 |
311, 311, 574, 311, 311, 249, 249, 311, 311, 249, |
||
948 |
✗✓ | 1 |
430, 86, 4, 5, 6, 7, 380, 664, 238, 238, |
949 |
238, 238, 311, 238, 238, 249, 66, 327, 380, 238, |
||
950 |
238, 238, 238, 572, 67, 575, 82, 211, 328, 329, |
||
951 |
311, 180, 238, 238, 622, 238, 624, 68, 238, 69, |
||
952 |
1 |
565, 695, 180, 238, 238, 630, 238, 238, 238, 238, |
|
953 |
✗✓ | 1 |
238, 621, 79, 8, 171, 9, 10, 623, 320, 70, |
954 |
171, 637, 238, 639, 171, 464, 471, 642, 238, 11, |
||
955 |
312, 12, 211, 647, 320, 698, 628, 598, 249, 71, |
||
956 |
1 |
249, 238, 238, 644, 13, 633, 171, 653, 253, 325, |
|
957 |
326, 656, 14, 238, 659, 181, 640, 661, 104, 105, |
||
958 |
643, 159, 72, 626, 238, 238, 181, 320, 320, 320, |
||
959 |
1 |
73, 253, 320, 320, 320, 74, 320, 320, 253, 253, |
|
960 |
1 |
320, 320, 253, 171, 657, 321, 15, 660, 380, 171, |
|
961 |
✗✓ | 1 |
84, 84, 238, 182, 75, 320, 76, 76, 253, 380, |
962 |
238, 671, 80, 649, 182, 638, 380, 380, 380, 134, |
||
963 |
135, 238, 238, 238, 675, 77, 321, 327, 78, 321, |
||
964 |
144 |
677, 327, 171, 171, 238, 238, 380, 327, 328, 329, |
|
965 |
238, 115, 328, 329, 684, 81, 171, 87, 328, 329, |
||
966 |
144 |
238, 76, 688, 689, 99, 380, 102, 112, 692, 693, |
|
967 |
138 |
107, 238, 238, 140, 141, 380, 380, 380, 127, 696, |
|
968 |
138 |
697, 253, 84, 253, 641, 115, 159, 238, 238, 55, |
|
969 |
646, 143, 144, 84, 84, 249, 187, 188, 249, 380, |
||
970 |
129, 453, 453, 453, 249, 249, 131, 669, 670, 380, |
||
971 |
380, 380, 139, 249, 249, 249, 464, 249, 249, 471, |
||
972 |
249, 249, 146, 652, 655, 249, 147, 249, 249, 249, |
||
973 |
249, 249, 249, 249, 249, 249, 249, 658, 149, 380, |
||
974 |
249, 151, 352, 351, 353, 249, 164, 165, 152, 477, |
||
975 |
✓✓ | 92 |
154, 264, 249, 161, 159, 256, 257, 289, 290, 238, |
976 |
1 |
162, 110, 249, 249, 249, 249, 249, 249, 249, 249, |
|
977 |
1 |
238, 238, 169, 249, 264, 163, 249, 380, 474, 475, |
|
978 |
380, 167, 478, 249, 249, 264, 249, 533, 173, 352, |
||
979 |
91 |
351, 353, 479, 484, 485, 542, 174, 168, 249, 249, |
|
980 |
392, 264, 264, 264, 249, 249, 249, 249, 249, 249, |
||
981 |
91 |
249, 249, 170, 380, 171, 249, 249, 195, 253, 175, |
|
982 |
✓✓ | 82 |
176, 253, 33, 380, 456, 457, 464, 253, 253, 471, |
983 |
1 |
460, 461, 34, 35, 36, 192, 253, 253, 253, 198, |
|
984 |
1 |
253, 253, 88, 253, 253, 177, 467, 468, 253, 91, |
|
985 |
253, 253, 253, 253, 253, 253, 253, 253, 253, 253, |
||
986 |
✓✗✓✓ |
162 |
111, 433, 434, 253, 264, 209, 264, 37, 253, 210, |
987 |
2 |
453, 588, 589, 230, 273, 253, 392, 438, 439, 592, |
|
988 |
2 |
593, 380, 380, 380, 380, 253, 253, 253, 253, 253, |
|
989 |
253, 253, 253, 238, 238, 215, 253, 273, 321, 253, |
||
990 |
79 |
352, 351, 353, 157, 246, 247, 253, 253, 273, 253, |
|
991 |
79 |
251, 380, 260, 261, 321, 262, 263, 265, 267, 380, |
|
992 |
268, 253, 253, 277, 273, 273, 273, 253, 253, 253, |
||
993 |
79 |
253, 253, 253, 253, 253, 282, 645, 284, 253, 253, |
|
994 |
✓✓ | 100 |
286, 322, 380, 380, 115, 308, 342, 321, 321, 321, |
995 |
1 |
651, 334, 321, 321, 321, 380, 321, 321, 360, 402, |
|
996 |
1 |
321, 321, 408, 350, 405, 38, 380, 380, 380, 409, |
|
997 |
411, 410, 414, 412, 416, 321, 115, 115, 115, 424, |
||
998 |
✓✗✗✓ |
198 |
428, 115, 443, 444, 115, 453, 115, 273, 458, 273, |
999 |
483, 115, 112, 112, 112, 490, 238, 112, 494, 491, |
||
1000 |
380, 264, 112, 61, 264, 505, 493, 112, 506, 504, |
||
1001 |
264, 264, 238, 238, 238, 282, 507, 690, 508, 691, |
||
1002 |
99 |
264, 264, 512, 264, 264, 509, 513, 264, 430, 524, |
|
1003 |
99 |
526, 264, 529, 264, 264, 264, 264, 264, 282, 528, |
|
1004 |
264, 264, 264, 537, 534, 539, 264, 540, 541, 282, |
||
1005 |
99 |
547, 264, 550, 560, 380, 559, 563, 399, 264, 347, |
|
1006 |
✗✓ | 12 |
348, 349, 134, 135, 569, 282, 282, 282, 577, 608, |
1007 |
612, 654, 613, 620, 264, 634, 635, 238, 681, 264, |
||
1008 |
636, 663, 264, 352, 351, 353, 110, 110, 110, 264, |
||
1009 |
264, 110, 682, 28, 380, 683, 110, 685, 686, 687, |
||
1010 |
666, 110, 694, 188, 264, 264, 347, 348, 349, 460, |
||
1011 |
461, 264, 264, 264, 264, 264, 264, 264, 264, 264, |
||
1012 |
12 |
264, 264, 264, 202, 273, 20, 238, 44, 282, 101, |
|
1013 |
✗✓ | 12 |
282, 352, 351, 353, 273, 380, 87, 57, 299, 238, |
1014 |
238, 238, 211, 273, 273, 380, 273, 273, 561, 552, |
||
1015 |
273, 83, 112, 380, 273, 271, 273, 273, 273, 273, |
||
1016 |
273, 299, 231, 273, 273, 273, 352, 351, 353, 273, |
||
1017 |
12 |
304, 502, 299, 413, 273, 404, 427, 578, 579, 459, |
|
1018 |
193, 273, 594, 211, 248, 111, 111, 111, 138, 128, |
||
1019 |
12 |
111, 310, 580, 553, 462, 111, 339, 273, 581, 500, |
|
1020 |
✓✓ | 10 |
111, 285, 273, 264, 270, 273, 582, 672, 29, 650, |
1021 |
1 |
668, 0, 273, 273, 0, 667, 0, 347, 348, 349, |
|
1022 |
1 |
134, 135, 0, 0, 0, 0, 0, 273, 273, 469, |
|
1023 |
380, 380, 380, 0, 273, 273, 273, 273, 273, 273, |
||
1024 |
9 |
273, 273, 273, 273, 273, 273, 302, 0, 0, 380, |
|
1025 |
380, 299, 0, 299, 0, 0, 0, 0, 380, 0, |
||
1026 |
9 |
0, 220, 221, 222, 380, 282, 223, 0, 0, 302, |
|
1027 |
380, 224, 0, 0, 380, 282, 225, 0, 380, 0, |
||
1028 |
302, 0, 0, 0, 282, 282, 0, 282, 282, 0, |
||
1029 |
19 |
0, 282, 0, 0, 0, 282, 0, 282, 282, 282, |
|
1030 |
282, 282, 0, 0, 282, 282, 282, 380, 380, 380, |
||
1031 |
282, 0, 380, 380, 380, 282, 380, 380, 0, 0, |
||
1032 |
380, 380, 282, 0, 0, 0, 0, 0, 0, 238, |
||
1033 |
✓✓ | 76 |
238, 238, 238, 238, 0, 380, 0, 0, 282, 27, |
1034 |
19 |
5, 6, 7, 282, 0, 0, 282, 5, 6, 7, |
|
1035 |
202, 202, 202, 282, 282, 202, 0, 0, 0, 302, |
||
1036 |
19 |
202, 302, 0, 0, 0, 202, 0, 0, 282, 282, |
|
1037 |
19 |
0, 0, 0, 0, 0, 282, 282, 282, 282, 282, |
|
1038 |
19 |
282, 282, 282, 282, 282, 282, 282, 0, 299, 0, |
|
1039 |
19 |
0, 0, 9, 0, 0, 0, 0, 0, 299, 9, |
|
1040 |
19 |
347, 348, 349, 467, 468, 0, 0, 299, 299, 0, |
|
1041 |
19 |
299, 299, 364, 0, 299, 12, 0, 0, 299, 0, |
|
1042 |
✗✓ | 19 |
299, 299, 299, 299, 299, 0, 0, 299, 299, 299, |
1043 |
0, 0, 0, 299, 0, 364, 0, 0, 299, 0, |
||
1044 |
19 |
0, 0, 364, 0, 0, 299, 364, 0, 347, 348, |
|
1045 |
19 |
349, 460, 461, 0, 0, 0, 238, 238, 238, 238, |
|
1046 |
✗✓ | 19 |
238, 299, 364, 0, 0, 0, 299, 0, 0, 299, |
1047 |
599, 600, 601, 602, 603, 604, 299, 299, 0, 0, |
||
1048 |
✗✓ | 38 |
0, 0, 0, 347, 348, 349, 467, 468, 0, 0, |
1049 |
19 |
0, 299, 299, 0, 605, 0, 302, 0, 299, 299, |
|
1050 |
299, 299, 299, 299, 299, 0, 302, 0, 299, 299, |
||
1051 |
0, 0, 0, 0, 0, 302, 302, 113, 302, 302, |
||
1052 |
0, 42, 302, 0, 0, 364, 302, 364, 302, 302, |
||
1053 |
302, 302, 302, 114, 0, 302, 302, 302, 0, 0, |
||
1054 |
19 |
0, 302, 0, 0, 42, 0, 302, 380, 380, 380, |
|
1055 |
✓✓ | 19 |
380, 380, 42, 302, 0, 42, 0, 0, 0, 0, |
1056 |
6 |
0, 0, 0, 0, 0, 0, 115, 116, 117, 302, |
|
1057 |
✗✓ | 6 |
380, 118, 119, 120, 302, 121, 122, 302, 0, 110, |
1058 |
111, 0, 0, 0, 302, 302, 380, 0, 0, 0, |
||
1059 |
6 |
0, 0, 0, 0, 123, 0, 0, 0, 0, 302, |
|
1060 |
6 |
302, 0, 0, 0, 0, 0, 302, 302, 302, 302, |
|
1061 |
✗✓ | 12 |
302, 302, 302, 0, 0, 0, 302, 302, 0, 380, |
1062 |
6 |
380, 380, 0, 0, 380, 380, 380, 0, 380, 380, |
|
1063 |
0, 0, 380, 380, 42, 0, 0, 0, 169, 0, |
||
1064 |
0, 0, 0, 0, 0, 0, 0, 380, 0, 0, |
||
1065 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1066 |
0, 169, 364, 0, 0, 0, 0, 0, 0, 0, |
||
1067 |
0, 0, 364, 0, 0, 0, 0, 0, 0, 0, |
||
1068 |
0, 364, 364, 0, 364, 364, 0, 0, 364, 0, |
||
1069 |
6 |
0, 0, 364, 0, 364, 364, 364, 364, 364, 0, |
|
1070 |
✗✓ | 6 |
0, 364, 364, 364, 0, 0, 0, 364, 0, 0, |
1071 |
0, 0, 364, 0, 0, 0, 0, 0, 0, 364, |
||
1072 |
6 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 364, |
|
1073 |
6 |
364, 364, 364, 364, 364, 364, 364, 0, 0, 0, |
|
1074 |
6 |
364, 0, 0, 364, 0, 0, 0, 0, 0, 0, |
|
1075 |
13 |
364, 364, 0, 364, 0, 0, 0, 0, 0, 0, |
|
1076 |
49, 0, 0, 0, 0, 364, 364, 0, 0, 0, |
||
1077 |
0, 42, 364, 364, 364, 364, 364, 364, 364, 42, |
||
1078 |
42, 42, 364, 49, 0, 0, 0, 0, 42, 0, |
||
1079 |
42, 42, 0, 42, 42, 0, 0, 42, 0, 0, |
||
1080 |
✓✓ | 19 |
0, 42, 0, 42, 42, 42, 42, 42, 0, 0, |
1081 |
18 |
42, 42, 42, 0, 0, 0, 42, 0, 0, 0, |
|
1082 |
0, 42, 0, 0, 0, 0, 0, 0, 42, 0, |
||
1083 |
0, 0, 0, 0, 0, 0, 0, 42, 42, 42, |
||
1084 |
42, 42, 42, 42, 42, 0, 0, 0, 0, 42, |
||
1085 |
✗✓ | 19 |
0, 0, 42, 0, 0, 0, 0, 0, 0, 42, |
1086 |
42, 0, 42, 0, 0, 0, 0, 0, 0, 0, |
||
1087 |
0, 0, 0, 49, 42, 42, 0, 171, 0, 0, |
||
1088 |
0, 42, 42, 42, 42, 42, 42, 42, 169, 0, |
||
1089 |
169, 169, 169, 169, 169, 169, 169, 169, 169, 0, |
||
1090 |
171, 0, 169, 169, 169, 169, 0, 169, 169, 0, |
||
1091 |
169, 169, 0, 0, 169, 0, 0, 0, 169, 0, |
||
1092 |
169, 169, 169, 169, 169, 0, 0, 169, 169, 169, |
||
1093 |
0, 0, 0, 169, 0, 0, 0, 0, 169, 0, |
||
1094 |
0, 0, 0, 0, 0, 169, 0, 0, 0, 0, |
||
1095 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1096 |
0, 169, 0, 0, 0, 0, 169, 0, 0, 169, |
||
1097 |
0, 0, 0, 0, 0, 0, 169, 169, 0, 0, |
||
1098 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1099 |
0, 169, 169, 0, 0, 0, 0, 0, 169, 169, |
||
1100 |
169, 169, 169, 169, 169, 173, 0, 0, 0, 0, |
||
1101 |
49, 0, 49, 49, 49, 0, 49, 49, 49, 49, |
||
1102 |
49, 0, 0, 0, 49, 49, 49, 49, 173, 49, |
||
1103 |
49, 0, 49, 49, 0, 0, 49, 0, 0, 0, |
||
1104 |
49, 0, 49, 49, 49, 49, 49, 0, 0, 49, |
||
1105 |
49, 49, 0, 0, 0, 49, 0, 0, 0, 0, |
||
1106 |
49, 0, 0, 0, 0, 0, 0, 49, 0, 0, |
||
1107 |
19 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1108 |
0, 0, 0, 49, 0, 0, 0, 0, 49, 0, |
||
1109 |
19 |
0, 49, 0, 0, 0, 0, 0, 0, 49, 49, |
|
1110 |
✗✓ | 38 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
1111 |
0, 0, 0, 49, 49, 0, 0, 0, 0, 0, |
||
1112 |
49, 49, 49, 49, 49, 49, 49, 171, 174, 171, |
||
1113 |
19 |
171, 171, 171, 171, 171, 171, 171, 171, 0, 0, |
|
1114 |
19 |
0, 171, 171, 171, 171, 0, 171, 171, 0, 171, |
|
1115 |
171, 174, 0, 171, 0, 0, 0, 171, 0, 171, |
||
1116 |
171, 171, 171, 171, 0, 0, 171, 171, 171, 0, |
||
1117 |
0, 0, 171, 0, 0, 0, 0, 171, 0, 0, |
||
1118 |
0, 0, 0, 0, 171, 0, 0, 0, 0, 42, |
||
1119 |
0, 0, 43, 44, 45, 46, 47, 0, 0, 48, |
||
1120 |
171, 49, 50, 51, 0, 171, 0, 0, 171, 0, |
||
1121 |
0, 0, 0, 0, 0, 171, 171, 0, 0, 0, |
||
1122 |
0, 0, 0, 0, 0, 0, 0, 0, 52, 0, |
||
1123 |
171, 171, 0, 0, 0, 0, 0, 171, 171, 171, |
||
1124 |
171, 171, 171, 171, 0, 183, 0, 0, 53, 54, |
||
1125 |
13 |
0, 0, 0, 0, 0, 173, 0, 173, 173, 173, |
|
1126 |
13 |
173, 173, 173, 173, 173, 173, 0, 0, 183, 173, |
|
1127 |
6 |
173, 173, 173, 0, 173, 173, 0, 173, 173, 0, |
|
1128 |
6 |
0, 173, 0, 0, 0, 173, 0, 173, 173, 173, |
|
1129 |
173, 173, 0, 0, 173, 173, 173, 0, 0, 0, |
||
1130 |
6 |
173, 0, 0, 0, 0, 173, 0, 0, 0, 0, |
|
1131 |
0, 0, 173, 0, 0, 0, 0, 0, 0, 0, |
||
1132 |
0, 0, 0, 0, 0, 0, 0, 0, 173, 0, |
||
1133 |
6 |
0, 0, 0, 173, 0, 0, 173, 0, 0, 0, |
|
1134 |
6 |
0, 0, 0, 173, 173, 0, 0, 0, 0, 0, |
|
1135 |
0, 0, 0, 0, 0, 0, 0, 0, 173, 173, |
||
1136 |
6 |
0, 0, 0, 0, 0, 173, 173, 173, 173, 173, |
|
1137 |
6 |
173, 173, 0, 183, 0, 0, 0, 0, 174, 0, |
|
1138 |
6 |
174, 174, 174, 174, 174, 174, 174, 174, 174, 0, |
|
1139 |
13 |
0, 0, 174, 174, 174, 174, 183, 174, 174, 0, |
|
1140 |
13 |
174, 174, 0, 0, 174, 0, 0, 0, 174, 0, |
|
1141 |
13 |
174, 174, 174, 174, 174, 0, 0, 174, 174, 174, |
|
1142 |
0, 0, 0, 174, 0, 0, 0, 0, 174, 0, |
||
1143 |
13 |
0, 0, 0, 0, 0, 174, 0, 0, 0, 0, |
|
1144 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1145 |
0, 174, 0, 0, 0, 0, 174, 0, 0, 174, |
||
1146 |
0, 0, 0, 0, 0, 0, 174, 174, 0, 0, |
||
1147 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1148 |
0, 174, 174, 0, 0, 0, 183, 0, 174, 174, |
||
1149 |
174, 174, 174, 174, 174, 183, 193, 0, 183, 0, |
||
1150 |
✗✓ | 6 |
183, 183, 183, 183, 183, 183, 0, 0, 0, 183, |
1151 |
183, 183, 183, 0, 183, 183, 0, 183, 183, 193, |
||
1152 |
0, 183, 0, 0, 0, 183, 0, 183, 183, 183, |
||
1153 |
183, 183, 0, 0, 183, 183, 183, 0, 0, 0, |
||
1154 |
6 |
183, 0, 0, 0, 0, 183, 0, 0, 0, 0, |
|
1155 |
0, 0, 183, 0, 0, 0, 0, 0, 0, 0, |
||
1156 |
6 |
0, 0, 0, 0, 0, 0, 0, 0, 183, 0, |
|
1157 |
0, 0, 0, 183, 0, 0, 183, 0, 0, 0, |
||
1158 |
0, 0, 0, 183, 183, 0, 0, 0, 0, 0, |
||
1159 |
0, 0, 0, 0, 248, 0, 0, 0, 183, 183, |
||
1160 |
0, 0, 0, 0, 0, 183, 183, 183, 183, 183, |
||
1161 |
183, 183, 0, 0, 0, 0, 0, 248, 0, 0, |
||
1162 |
0, 0, 0, 183, 0, 0, 183, 0, 0, 183, |
||
1163 |
183, 183, 183, 183, 0, 0, 0, 183, 183, 183, |
||
1164 |
183, 0, 183, 183, 0, 183, 183, 0, 0, 183, |
||
1165 |
200 |
0, 0, 0, 183, 0, 183, 183, 183, 183, 183, |
|
1166 |
4063 |
0, 0, 183, 183, 183, 0, 0, 0, 183, 0, |
|
1167 |
3863 |
0, 0, 0, 183, 0, 0, 0, 0, 0, 0, |
|
1168 |
183, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1169 |
0, 0, 0, 0, 0, 0, 183, 0, 0, 0, |
||
1170 |
0, 183, 0, 0, 183, 0, 0, 248, 0, 0, |
||
1171 |
0, 183, 183, 0, 0, 0, 0, 190, 0, 0, |
||
1172 |
0, 0, 0, 0, 0, 0, 183, 183, 0, 0, |
||
1173 |
✗✓ | 36 |
0, 0, 0, 183, 183, 183, 183, 183, 183, 183, |
1174 |
190, 0, 0, 0, 0, 0, 193, 0, 0, 193, |
||
1175 |
0, 0, 193, 193, 193, 193, 193, 0, 0, 0, |
||
1176 |
193, 193, 193, 193, 0, 193, 193, 0, 193, 193, |
||
1177 |
0, 0, 193, 0, 0, 0, 193, 0, 193, 193, |
||
1178 |
193, 193, 193, 0, 0, 193, 193, 193, 0, 0, |
||
1179 |
✓✓ | 72 |
0, 193, 0, 0, 0, 0, 193, 0, 0, 0, |
1180 |
36 |
0, 0, 0, 193, 0, 0, 0, 0, 0, 0, |
|
1181 |
1 |
193, 0, 0, 0, 0, 0, 0, 0, 0, 193, |
|
1182 |
0, 0, 0, 0, 193, 0, 0, 193, 0, 0, |
||
1183 |
0, 0, 0, 0, 193, 193, 0, 0, 0, 0, |
||
1184 |
✓✓ | 166 |
0, 0, 189, 0, 248, 0, 0, 0, 0, 193, |
1185 |
193, 0, 0, 248, 248, 0, 193, 193, 193, 193, |
||
1186 |
✓✓ | 48 |
193, 193, 193, 248, 248, 189, 248, 248, 0, 248, |
1187 |
11 |
248, 0, 0, 0, 248, 0, 248, 248, 248, 248, |
|
1188 |
✓✓ | 268 |
248, 0, 0, 248, 248, 248, 0, 0, 0, 248, |
1189 |
86 |
0, 0, 0, 0, 248, 0, 0, 0, 0, 0, |
|
1190 |
86 |
0, 248, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1191 |
0, 248, 248, 248, 248, 248, 248, 248, 0, 0, |
||
1192 |
48 |
0, 0, 248, 0, 0, 248, 0, 0, 0, 0, |
|
1193 |
48 |
0, 0, 248, 248, 0, 248, 0, 0, 0, 0, |
|
1194 |
0, 0, 0, 0, 0, 0, 0, 248, 248, 0, |
||
1195 |
✓✓ | 35 |
0, 0, 0, 0, 248, 248, 248, 248, 248, 248, |
1196 |
248, 0, 186, 0, 0, 0, 0, 190, 0, 0, |
||
1197 |
190, 0, 0, 0, 190, 190, 190, 190, 0, 0, |
||
1198 |
0, 190, 190, 190, 190, 186, 190, 190, 0, 190, |
||
1199 |
41 |
190, 0, 0, 190, 0, 0, 0, 190, 0, 190, |
|
1200 |
41 |
190, 190, 190, 190, 0, 0, 190, 190, 190, 0, |
|
1201 |
0, 0, 190, 0, 0, 0, 0, 190, 0, 0, |
||
1202 |
41 |
0, 0, 0, 0, 190, 0, 0, 0, 0, 0, |
|
1203 |
36 |
0, 190, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1204 |
36 |
190, 0, 0, 0, 0, 190, 0, 0, 190, 0, |
|
1205 |
0, 0, 0, 0, 0, 190, 190, 0, 0, 0, |
||
1206 |
0, 348, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1207 |
190, 190, 0, 0, 0, 186, 0, 190, 190, 190, |
||
1208 |
190, 190, 190, 190, 348, 0, 0, 0, 0, 0, |
||
1209 |
0, 0, 189, 0, 0, 189, 0, 0, 0, 189, |
||
1210 |
189, 189, 189, 0, 0, 0, 189, 189, 189, 189, |
||
1211 |
0, 189, 189, 0, 189, 189, 0, 0, 189, 0, |
||
1212 |
0, 0, 189, 0, 189, 189, 189, 189, 189, 0, |
||
1213 |
0, 189, 189, 189, 0, 0, 0, 189, 0, 0, |
||
1214 |
0, 0, 189, 0, 0, 0, 0, 0, 0, 189, |
||
1215 |
0, 0, 0, 0, 0, 0, 189, 0, 0, 350, |
||
1216 |
0, 0, 0, 0, 0, 189, 0, 0, 0, 0, |
||
1217 |
✓✓ | 33 |
189, 0, 0, 189, 348, 0, 0, 0, 0, 0, |
1218 |
189, 189, 350, 0, 0, 0, 0, 0, 0, 0, |
||
1219 |
✗✓ | 11 |
0, 0, 0, 0, 0, 189, 189, 0, 0, 0, |
1220 |
0, 0, 189, 189, 189, 189, 189, 189, 189, 0, |
||
1221 |
0, 0, 186, 0, 0, 186, 0, 0, 0, 186, |
||
1222 |
186, 186, 186, 0, 0, 0, 186, 186, 186, 186, |
||
1223 |
0, 186, 186, 0, 186, 186, 0, 0, 186, 0, |
||
1224 |
0, 0, 186, 0, 186, 186, 186, 186, 186, 0, |
||
1225 |
0, 186, 186, 186, 0, 0, 0, 186, 354, 0, |
||
1226 |
0, 0, 186, 0, 0, 0, 0, 0, 0, 186, |
||
1227 |
0, 0, 350, 0, 0, 0, 0, 0, 0, 0, |
||
1228 |
33 |
0, 354, 0, 0, 0, 186, 0, 0, 0, 0, |
|
1229 |
186, 0, 0, 186, 0, 0, 0, 0, 0, 0, |
||
1230 |
33 |
186, 186, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1231 |
0, 348, 0, 0, 0, 186, 186, 0, 0, 0, |
||
1232 |
348, 348, 186, 186, 186, 186, 186, 186, 186, 0, |
||
1233 |
348, 348, 0, 348, 348, 0, 0, 348, 0, 0, |
||
1234 |
0, 348, 0, 348, 348, 348, 348, 348, 0, 0, |
||
1235 |
✓✓ | 254 |
348, 348, 348, 0, 0, 0, 348, 0, 0, 0, |
1236 |
✗✓✓✓ ✗✗✓ |
90 |
0, 348, 0, 0, 0, 0, 0, 0, 348, 0, |
1237 |
0, 354, 0, 0, 0, 188, 0, 0, 348, 348, |
||
1238 |
348, 348, 348, 348, 348, 0, 0, 0, 0, 348, |
||
1239 |
0, 0, 348, 0, 0, 0, 0, 0, 188, 348, |
||
1240 |
348, 0, 348, 0, 0, 0, 0, 0, 0, 350, |
||
1241 |
0, 0, 0, 0, 348, 348, 0, 0, 350, 350, |
||
1242 |
0, 348, 348, 348, 348, 348, 348, 348, 350, 350, |
||
1243 |
0, 350, 350, 0, 0, 350, 0, 0, 0, 350, |
||
1244 |
1 |
0, 350, 350, 350, 350, 350, 0, 0, 350, 350, |
|
1245 |
350, 0, 0, 0, 350, 0, 0, 0, 0, 350, |
||
1246 |
1 |
0, 0, 0, 0, 0, 0, 350, 0, 0, 0, |
|
1247 |
0, 0, 0, 0, 0, 0, 350, 350, 350, 350, |
||
1248 |
1 |
350, 350, 350, 0, 0, 0, 0, 350, 0, 0, |
|
1249 |
1 |
350, 0, 202, 0, 0, 0, 0, 350, 350, 0, |
|
1250 |
350, 0, 0, 0, 0, 0, 0, 0, 354, 0, |
||
1251 |
1 |
0, 0, 350, 350, 0, 202, 0, 354, 354, 350, |
|
1252 |
350, 350, 350, 350, 350, 350, 0, 354, 354, 0, |
||
1253 |
1 |
354, 354, 0, 0, 354, 0, 0, 0, 354, 0, |
|
1254 |
354, 354, 354, 354, 354, 0, 0, 354, 354, 354, |
||
1255 |
0, 0, 0, 354, 0, 0, 0, 0, 354, 0, |
||
1256 |
0, 0, 0, 0, 0, 354, 0, 0, 0, 0, |
||
1257 |
0, 0, 0, 0, 0, 352, 352, 352, 352, 352, |
||
1258 |
352, 354, 0, 0, 0, 0, 354, 0, 0, 354, |
||
1259 |
0, 354, 0, 0, 0, 0, 354, 354, 0, 352, |
||
1260 |
0, 0, 0, 0, 0, 202, 0, 0, 0, 0, |
||
1261 |
0, 354, 354, 0, 354, 0, 0, 0, 354, 354, |
||
1262 |
3 |
354, 354, 354, 354, 354, 188, 0, 0, 188, 0, |
|
1263 |
0, 0, 188, 188, 188, 188, 0, 0, 0, 188, |
||
1264 |
✗✓ | 37 |
188, 188, 188, 0, 188, 188, 0, 188, 188, 0, |
1265 |
0, 188, 0, 0, 0, 188, 0, 188, 188, 188, |
||
1266 |
37 |
188, 188, 0, 0, 188, 188, 188, 0, 0, 0, |
|
1267 |
37 |
188, 0, 0, 0, 0, 188, 0, 0, 0, 0, |
|
1268 |
0, 0, 188, 0, 0, 0, 0, 0, 0, 248, |
||
1269 |
37 |
0, 0, 0, 0, 0, 0, 0, 0, 188, 0, |
|
1270 |
✓✓ | 37 |
0, 0, 0, 188, 354, 0, 188, 0, 0, 0, |
1271 |
0, 0, 248, 188, 188, 0, 0, 0, 0, 0, |
||
1272 |
0, 0, 0, 0, 0, 0, 0, 0, 188, 188, |
||
1273 |
0, 0, 0, 0, 0, 188, 188, 188, 188, 188, |
||
1274 |
✗✓ | 13 |
188, 188, 202, 0, 0, 202, 0, 0, 0, 0, |
1275 |
202, 202, 202, 0, 0, 0, 202, 202, 202, 202, |
||
1276 |
13 |
0, 202, 202, 0, 202, 202, 0, 0, 202, 0, |
|
1277 |
13 |
0, 0, 202, 0, 202, 202, 202, 202, 202, 0, |
|
1278 |
0, 202, 202, 202, 0, 0, 0, 202, 0, 0, |
||
1279 |
13 |
0, 0, 202, 0, 0, 0, 0, 0, 0, 202, |
|
1280 |
0, 0, 248, 0, 0, 0, 202, 0, 0, 0, |
||
1281 |
13 |
0, 0, 0, 0, 0, 202, 0, 0, 0, 0, |
|
1282 |
202, 0, 0, 202, 0, 0, 0, 0, 0, 202, |
||
1283 |
202, 202, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1284 |
✗✓ | 84 |
0, 354, 0, 0, 0, 202, 202, 0, 0, 0, |
1285 |
0, 354, 202, 202, 202, 202, 202, 202, 202, 0, |
||
1286 |
354, 354, 0, 354, 354, 0, 0, 354, 0, 0, |
||
1287 |
0, 354, 0, 354, 354, 354, 354, 354, 0, 0, |
||
1288 |
354, 354, 354, 0, 0, 0, 354, 0, 0, 0, |
||
1289 |
84 |
0, 354, 0, 0, 0, 0, 0, 0, 354, 0, |
|
1290 |
0, 0, 0, 0, 0, 0, 0, 0, 352, 352, |
||
1291 |
84 |
352, 352, 352, 352, 354, 0, 0, 0, 0, 354, |
|
1292 |
0, 0, 354, 211, 0, 0, 0, 0, 0, 354, |
||
1293 |
354, 0, 352, 0, 0, 0, 0, 0, 0, 248, |
||
1294 |
40 |
0, 0, 0, 0, 354, 354, 211, 0, 0, 248, |
|
1295 |
40 |
0, 354, 354, 354, 354, 354, 354, 354, 248, 248, |
|
1296 |
44 |
0, 248, 248, 0, 0, 248, 0, 0, 0, 248, |
|
1297 |
44 |
0, 248, 248, 248, 248, 248, 0, 0, 248, 248, |
|
1298 |
44 |
248, 0, 0, 0, 248, 0, 0, 0, 0, 248, |
|
1299 |
0, 0, 0, 0, 0, 0, 248, 0, 0, 0, |
||
1300 |
44 |
0, 0, 0, 0, 0, 0, 248, 248, 248, 248, |
|
1301 |
248, 248, 248, 0, 0, 0, 0, 248, 0, 0, |
||
1302 |
248, 0, 0, 0, 0, 0, 0, 248, 248, 0, |
||
1303 |
✓✓✗✓ |
53 |
248, 0, 0, 0, 0, 0, 211, 0, 0, 0, |
1304 |
211, 0, 248, 248, 0, 0, 0, 0, 0, 248, |
||
1305 |
248, 248, 248, 248, 248, 248, 202, 0, 0, 202, |
||
1306 |
0, 0, 0, 211, 202, 202, 202, 0, 0, 0, |
||
1307 |
38 |
202, 202, 202, 202, 0, 202, 202, 0, 202, 202, |
|
1308 |
0, 0, 202, 0, 0, 0, 202, 0, 202, 202, |
||
1309 |
38 |
202, 202, 202, 0, 0, 202, 202, 202, 0, 0, |
|
1310 |
0, 202, 0, 0, 0, 0, 202, 0, 0, 0, |
||
1311 |
0, 0, 0, 202, 0, 0, 0, 0, 0, 0, |
||
1312 |
38 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 202, |
|
1313 |
0, 0, 0, 0, 202, 0, 0, 202, 0, 0, |
||
1314 |
38 |
0, 0, 0, 0, 202, 202, 0, 0, 0, 0, |
|
1315 |
38 |
0, 0, 0, 0, 0, 0, 0, 214, 0, 202, |
|
1316 |
38 |
202, 0, 0, 0, 0, 0, 202, 202, 202, 202, |
|
1317 |
202, 202, 202, 211, 0, 0, 211, 0, 0, 0, |
||
1318 |
214, 211, 211, 211, 0, 0, 0, 211, 0, 0, |
||
1319 |
211, 0, 211, 211, 0, 211, 211, 0, 0, 211, |
||
1320 |
0, 0, 0, 211, 0, 211, 211, 211, 211, 211, |
||
1321 |
0, 0, 211, 211, 211, 0, 0, 0, 211, 0, |
||
1322 |
0, 0, 0, 211, 0, 0, 0, 0, 0, 0, |
||
1323 |
✗✓ | 28 |
211, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
1324 |
0, 0, 0, 0, 0, 0, 211, 0, 0, 0, |
||
1325 |
0, 211, 0, 0, 211, 0, 0, 0, 0, 0, |
||
1326 |
0, 211, 211, 0, 0, 0, 0, 0, 0, 0, |
||
1327 |
28 |
214, 0, 0, 0, 214, 0, 211, 211, 0, 0, |
|
1328 |
28 |
0, 0, 0, 211, 211, 211, 211, 211, 211, 211, |
|
1329 |
28 |
211, 0, 0, 211, 0, 0, 0, 214, 211, 211, |
|
1330 |
28 |
211, 0, 0, 0, 211, 0, 0, 211, 0, 211, |
|
1331 |
211, 0, 211, 211, 0, 0, 211, 0, 0, 0, |
||
1332 |
28 |
211, 0, 211, 211, 211, 211, 211, 0, 0, 211, |
|
1333 |
✗✓ | 16 |
211, 211, 0, 0, 0, 211, 0, 0, 0, 0, |
1334 |
211, 0, 0, 0, 0, 0, 0, 211, 0, 0, |
||
1335 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1336 |
0, 0, 0, 211, 0, 0, 0, 0, 211, 0, |
||
1337 |
16 |
0, 211, 0, 230, 0, 0, 0, 0, 211, 211, |
|
1338 |
16 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1339 |
0, 0, 0, 211, 211, 0, 230, 0, 0, 0, |
||
1340 |
16 |
211, 211, 211, 211, 211, 211, 211, 214, 0, 0, |
|
1341 |
✗✓ | 13 |
214, 0, 0, 0, 0, 214, 214, 214, 0, 0, |
1342 |
0, 0, 0, 0, 214, 0, 214, 214, 0, 214, |
||
1343 |
214, 0, 0, 214, 0, 0, 0, 214, 0, 214, |
||
1344 |
214, 214, 214, 214, 0, 0, 214, 214, 214, 0, |
||
1345 |
13 |
0, 0, 214, 0, 0, 0, 0, 214, 0, 0, |
|
1346 |
13 |
0, 0, 0, 0, 214, 0, 0, 0, 0, 0, |
|
1347 |
0, 234, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1348 |
13 |
214, 0, 0, 0, 0, 214, 230, 0, 214, 0, |
|
1349 |
✗✓ | 4 |
0, 0, 0, 0, 234, 214, 214, 0, 0, 0, |
1350 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1351 |
214, 214, 0, 0, 0, 0, 0, 214, 214, 214, |
||
1352 |
214, 214, 214, 214, 214, 0, 0, 214, 0, 0, |
||
1353 |
✓✗✗✓ |
8 |
0, 0, 214, 214, 214, 0, 0, 0, 0, 0, |
1354 |
0, 214, 0, 214, 214, 0, 214, 214, 0, 0, |
||
1355 |
214, 0, 0, 0, 214, 0, 214, 214, 214, 214, |
||
1356 |
214, 0, 0, 214, 214, 214, 0, 0, 0, 214, |
||
1357 |
4 |
230, 0, 0, 0, 214, 0, 0, 0, 0, 0, |
|
1358 |
4 |
0, 214, 0, 0, 234, 0, 0, 0, 0, 0, |
|
1359 |
0, 0, 0, 230, 0, 0, 0, 214, 0, 0, |
||
1360 |
4 |
0, 0, 214, 0, 0, 214, 0, 0, 0, 0, |
|
1361 |
✗✓ | 17 |
0, 0, 214, 214, 0, 0, 0, 0, 0, 0, |
1362 |
0, 0, 0, 230, 0, 0, 230, 214, 214, 0, |
||
1363 |
0, 0, 230, 230, 214, 214, 214, 214, 214, 214, |
||
1364 |
214, 0, 230, 230, 0, 230, 230, 0, 0, 230, |
||
1365 |
✓✗✗✓ |
34 |
0, 0, 0, 230, 0, 230, 230, 230, 230, 230, |
1366 |
0, 0, 230, 230, 230, 0, 0, 0, 230, 224, |
||
1367 |
0, 0, 0, 230, 0, 0, 0, 0, 0, 0, |
||
1368 |
230, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1369 |
0, 0, 224, 0, 0, 0, 230, 0, 0, 0, |
||
1370 |
17 |
0, 230, 0, 0, 230, 0, 0, 0, 0, 0, |
|
1371 |
17 |
0, 230, 230, 0, 0, 0, 0, 0, 0, 0, |
|
1372 |
17 |
0, 234, 0, 0, 234, 0, 230, 230, 0, 0, |
|
1373 |
234, 234, 0, 230, 230, 230, 230, 230, 230, 230, |
||
1374 |
17 |
234, 234, 0, 234, 234, 0, 0, 234, 0, 0, |
|
1375 |
✗✓ | 6 |
0, 234, 0, 234, 234, 234, 234, 234, 0, 0, |
1376 |
234, 234, 234, 0, 0, 0, 234, 353, 0, 0, |
||
1377 |
0, 234, 0, 0, 0, 0, 0, 0, 234, 0, |
||
1378 |
0, 0, 224, 0, 0, 0, 0, 0, 0, 0, |
||
1379 |
✓✗✗✓ |
12 |
353, 0, 0, 0, 234, 0, 0, 0, 0, 234, |
1380 |
0, 0, 234, 0, 0, 0, 0, 0, 0, 234, |
||
1381 |
234, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1382 |
230, 0, 0, 230, 234, 234, 0, 0, 0, 230, |
||
1383 |
6 |
230, 234, 234, 234, 234, 234, 234, 234, 0, 230, |
|
1384 |
6 |
230, 0, 230, 230, 0, 0, 230, 0, 0, 0, |
|
1385 |
230, 0, 230, 230, 230, 230, 230, 0, 0, 230, |
||
1386 |
6 |
230, 230, 0, 0, 0, 230, 122, 0, 0, 0, |
|
1387 |
230, 0, 0, 0, 0, 0, 0, 230, 0, 0, |
||
1388 |
353, 0, 0, 0, 0, 0, 0, 0, 0, 120, |
||
1389 |
0, 0, 0, 230, 0, 0, 0, 0, 230, 0, |
||
1390 |
0, 230, 0, 0, 0, 0, 0, 0, 230, 230, |
||
1391 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 224, |
||
1392 |
0, 0, 0, 230, 230, 0, 0, 0, 224, 224, |
||
1393 |
230, 230, 230, 230, 230, 230, 230, 0, 224, 224, |
||
1394 |
0, 224, 224, 0, 0, 224, 0, 0, 0, 224, |
||
1395 |
0, 224, 224, 224, 224, 224, 0, 0, 224, 224, |
||
1396 |
224, 0, 0, 0, 224, 232, 0, 0, 0, 224, |
||
1397 |
0, 0, 0, 0, 0, 0, 224, 0, 0, 122, |
||
1398 |
0, 0, 0, 0, 0, 0, 0, 0, 232, 0, |
||
1399 |
0, 0, 224, 0, 0, 0, 0, 224, 0, 0, |
||
1400 |
224, 0, 0, 0, 0, 0, 0, 224, 224, 0, |
||
1401 |
0, 0, 0, 0, 0, 0, 0, 353, 0, 0, |
||
1402 |
0, 0, 224, 224, 0, 0, 353, 353, 0, 224, |
||
1403 |
224, 224, 224, 224, 224, 224, 353, 353, 0, 353, |
||
1404 |
353, 0, 0, 353, 0, 0, 0, 353, 0, 353, |
||
1405 |
353, 353, 353, 353, 0, 0, 353, 353, 353, 0, |
||
1406 |
0, 0, 353, 324, 0, 0, 0, 353, 0, 0, |
||
1407 |
0, 0, 0, 0, 353, 0, 0, 0, 232, 0, |
||
1408 |
28 |
0, 0, 0, 0, 0, 0, 324, 0, 0, 0, |
|
1409 |
28 |
353, 0, 0, 0, 0, 353, 0, 0, 353, 0, |
|
1410 |
✗✓ | 28 |
0, 0, 0, 0, 0, 353, 353, 0, 0, 0, |
1411 |
0, 0, 0, 0, 0, 0, 120, 0, 0, 0, |
||
1412 |
353, 353, 0, 0, 0, 0, 120, 353, 353, 353, |
||
1413 |
353, 353, 353, 353, 0, 120, 120, 0, 120, 120, |
||
1414 |
0, 0, 120, 0, 0, 0, 120, 0, 120, 120, |
||
1415 |
120, 120, 120, 0, 0, 120, 120, 120, 0, 0, |
||
1416 |
0, 120, 145, 0, 0, 0, 120, 0, 0, 0, |
||
1417 |
0, 0, 0, 120, 0, 0, 324, 0, 0, 0, |
||
1418 |
0, 0, 0, 0, 0, 145, 0, 0, 0, 120, |
||
1419 |
0, 0, 0, 0, 120, 0, 0, 120, 0, 0, |
||
1420 |
0, 0, 0, 0, 120, 120, 0, 0, 0, 0, |
||
1421 |
0, 0, 0, 0, 0, 232, 0, 0, 0, 120, |
||
1422 |
120, 0, 0, 0, 0, 232, 120, 120, 120, 120, |
||
1423 |
120, 120, 120, 0, 232, 232, 0, 232, 232, 0, |
||
1424 |
0, 232, 0, 0, 0, 232, 0, 232, 232, 232, |
||
1425 |
232, 232, 0, 0, 232, 232, 232, 0, 0, 0, |
||
1426 |
232, 122, 0, 0, 0, 232, 0, 0, 0, 0, |
||
1427 |
0, 0, 232, 0, 0, 145, 0, 0, 0, 0, |
||
1428 |
0, 0, 0, 0, 120, 0, 0, 0, 232, 0, |
||
1429 |
0, 0, 0, 232, 0, 0, 232, 0, 0, 0, |
||
1430 |
0, 0, 0, 232, 232, 0, 0, 0, 0, 0, |
||
1431 |
0, 0, 0, 324, 0, 0, 0, 0, 232, 232, |
||
1432 |
0, 0, 0, 324, 0, 232, 232, 232, 232, 232, |
||
1433 |
232, 232, 324, 324, 0, 324, 324, 0, 0, 324, |
||
1434 |
0, 0, 0, 324, 0, 324, 324, 324, 324, 324, |
||
1435 |
0, 0, 324, 324, 324, 0, 0, 0, 324, 0, |
||
1436 |
0, 0, 0, 324, 0, 0, 0, 0, 0, 0, |
||
1437 |
324, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1438 |
28 |
0, 0, 157, 0, 0, 0, 324, 0, 0, 0, |
|
1439 |
0, 324, 0, 0, 324, 0, 0, 0, 0, 0, |
||
1440 |
28 |
0, 324, 324, 0, 0, 0, 0, 0, 0, 0, |
|
1441 |
0, 0, 145, 0, 0, 0, 324, 324, 0, 0, |
||
1442 |
28 |
0, 0, 145, 324, 324, 324, 324, 324, 324, 324, |
|
1443 |
✓✗ | 28 |
0, 145, 145, 0, 145, 145, 0, 0, 145, 0, |
1444 |
✓✓ | 28 |
0, 0, 145, 0, 145, 145, 145, 145, 145, 0, |
1445 |
2 |
0, 145, 145, 145, 0, 0, 0, 145, 0, 0, |
|
1446 |
✓✗✓✗ |
4 |
0, 0, 145, 0, 0, 0, 0, 0, 0, 145, |
1447 |
✓✗ | 2 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
1448 |
✓✗ | 2 |
0, 0, 0, 0, 0, 145, 0, 0, 0, 0, |
1449 |
2 |
145, 0, 0, 145, 0, 0, 0, 0, 0, 0, |
|
1450 |
2 |
145, 145, 0, 0, 0, 0, 0, 0, 0, 0, |
|
1451 |
2 |
0, 120, 0, 0, 0, 145, 145, 0, 0, 0, |
|
1452 |
2 |
0, 120, 145, 145, 145, 145, 145, 145, 145, 0, |
|
1453 |
✓✗ | 28 |
120, 120, 0, 120, 120, 0, 0, 120, 0, 0, |
1454 |
0, 120, 0, 120, 120, 120, 120, 120, 0, 0, |
||
1455 |
✓✓ | 28 |
120, 120, 120, 0, 0, 0, 120, 0, 0, 0, |
1456 |
12 |
0, 120, 0, 0, 0, 0, 0, 0, 120, 0, |
|
1457 |
✓✓ | 16 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
1458 |
15 |
0, 0, 0, 0, 120, 0, 0, 0, 0, 120, |
|
1459 |
✓✗ | 1 |
0, 0, 120, 0, 0, 0, 0, 0, 0, 120, |
1460 |
1 |
120, 0, 0, 0, 0, 0, 0, 0, 0, 361, |
|
1461 |
0, 0, 0, 0, 120, 120, 0, 0, 0, 362, |
||
1462 |
0, 120, 120, 120, 120, 120, 120, 120, 363, 364, |
||
1463 |
0, 365, 366, 0, 0, 367, 0, 0, 0, 368, |
||
1464 |
0, 369, 370, 371, 372, 373, 0, 0, 374, 375, |
||
1465 |
376, 0, 0, 0, 377, 0, 0, 0, 0, 378, |
||
1466 |
0, 0, 0, 0, 0, 0, 379, 0, 0, 0, |
||
1467 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1468 |
0, 0, 380, 0, 0, 0, 0, 381, 0, 0, |
||
1469 |
382, 0, 0, 0, 0, 0, 0, 383, 384, 0, |
||
1470 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
||
1471 |
0, 0, 0, 385, 0, 0, 0, 0, 0, 386, |
||
1472 |
387, 388, 389, 390, 391, |
||
1473 |
}; |
||
1474 |
const short yycheck[] = |
||
1475 |
{ 3, |
||
1476 |
28 |
3, 92, 40, 61, 10, 62, 44, 0, 40, 33, |
|
1477 |
28 |
10, 10, 40, 10, 40, 33, 359, 10, 40, 142, |
|
1478 |
✗✓ | 56 |
44, 40, 60, 123, 480, 123, 422, 33, 60, 300, |
1479 |
527, 10, 60, 538, 40, 153, 525, 123, 44, 159, |
||
1480 |
40, 501, 10, 40, 44, 123, 44, 44, 123, 107, |
||
1481 |
194, 546, 33, 549, 60, 178, 123, 201, 431, 33, |
||
1482 |
60, 152, 313, 60, 184, 156, 444, 47, 123, 40, |
||
1483 |
40, 277, 33, 41, 44, 320, 44, 44, 40, 40, |
||
1484 |
137, 204, 33, 206, 464, 155, 33, 125, 40, 60, |
||
1485 |
33, 123, 183, 33, 265, 266, 33, 363, 60, 60, |
||
1486 |
123, 125, 33, 40, 295, 483, 44, 44, 60, 40, |
||
1487 |
376, 278, 203, 44, 205, 173, 44, 123, 45, 125, |
||
1488 |
47, 244, 240, 60, 123, 125, 249, 125, 125, 60, |
||
1489 |
61, 62, 354, 44, 192, 380, 259, 278, 311, 312, |
||
1490 |
269, 10, 123, 234, 123, 642, 44, 389, 653, 391, |
||
1491 |
639, 524, 44, 44, 245, 125, 10, 33, 125, 250, |
||
1492 |
2974 |
44, 656, 123, 659, 40, 10, 622, 547, 44, 420, |
|
1493 |
630, 123, 123, 243, 380, 342, 123, 520, 574, 302, |
||
1494 |
123, 272, 273, 123, 60, 125, 123, 125, 125, 380, |
||
1495 |
471, 291, 123, 40, 125, 324, 41, 125, 44, 44, |
||
1496 |
291, 342, 424, 44, 40, 10, 216, 298, 337, 365, |
||
1497 |
366, 40, 303, 380, 125, 44, 307, 33, 309, 44, |
||
1498 |
343, 344, 345, 60, 40, 316, 60, 125, 40, 41, |
||
1499 |
40, 60, 40, 125, 125, 455, 456, 457, 40, 380, |
||
1500 |
2974 |
261, 125, 41, 296, 60, 44, 390, 123, 60, 125, |
|
1501 |
2974 |
10, 40, 60, 268, 278, 346, 40, 309, 60, 350, |
|
1502 |
✓✓✓✓ |
2974 |
278, 532, 277, 256, 257, 258, 259, 380, 539, 550, |
1503 |
280, 60, 262, 40, 264, 495, 60, 497, 207, 125, |
||
1504 |
36 |
380, 404, 380, 33, 125, 306, 305, 123, 341, 61, |
|
1505 |
36 |
40, 297, 298, 60, 380, 381, 125, 278, 278, 380, |
|
1506 |
36 |
125, 138, 380, 426, 278, 380, 381, 123, 278, 400, |
|
1507 |
60, 148, 291, 380, 307, 363, 309, 310, 342, 338, |
||
1508 |
105 |
41, 563, 413, 44, 342, 380, 381, 385, 376, 348, |
|
1509 |
105 |
323, 278, 325, 380, 425, 303, 297, 298, 285, 512, |
|
1510 |
105 |
513, 278, 380, 33, 435, 338, 275, 278, 380, 440, |
|
1511 |
105 |
40, 319, 380, 346, 445, 381, 380, 40, 380, 450, |
|
1512 |
297, 298, 380, 369, 363, 10, 297, 298, 342, 369, |
||
1513 |
40 |
60, 462, 342, 123, 380, 381, 647, 376, 469, 499, |
|
1514 |
40 |
380, 381, 380, 380, 352, 353, 354, 380, 33, 357, |
|
1515 |
40 |
358, 359, 515, 361, 362, 40, 41, 365, 366, 44, |
|
1516 |
40 |
380, 380, 256, 257, 258, 259, 380, 627, 369, 380, |
|
1517 |
380, 342, 380, 380, 381, 60, 10, 369, 380, 380, |
||
1518 |
2793 |
381, 297, 298, 514, 10, 516, 380, 296, 380, 381, |
|
1519 |
2793 |
303, 278, 369, 123, 557, 125, 559, 10, 369, 10, |
|
1520 |
2793 |
498, 683, 278, 380, 381, 568, 377, 378, 379, 380, |
|
1521 |
2793 |
381, 41, 40, 307, 44, 309, 310, 41, 303, 10, |
|
1522 |
2793 |
44, 584, 278, 586, 44, 375, 376, 590, 278, 323, |
|
1523 |
2793 |
343, 325, 341, 596, 319, 695, 567, 534, 123, 10, |
|
1524 |
125, 297, 298, 41, 338, 576, 44, 610, 10, 297, |
||
1525 |
✓✓ | 2793 |
298, 614, 346, 369, 617, 342, 587, 620, 380, 381, |
1526 |
90 |
591, 102, 10, 560, 380, 381, 342, 352, 353, 354, |
|
1527 |
✓✓ | 2793 |
10, 33, 357, 358, 359, 10, 361, 362, 40, 41, |
1528 |
8 |
365, 366, 44, 44, 615, 10, 380, 618, 278, 44, |
|
1529 |
✓✓ | 2793 |
297, 298, 342, 380, 10, 380, 296, 10, 60, 33, |
1530 |
78 |
369, 632, 40, 601, 380, 125, 40, 297, 298, 380, |
|
1531 |
✓✓ | 2793 |
381, 380, 381, 369, 645, 10, 41, 369, 10, 44, |
1532 |
98 |
651, 369, 44, 44, 380, 381, 60, 369, 380, 381, |
|
1533 |
✓✓ | 2793 |
380, 10, 380, 381, 665, 40, 44, 380, 380, 381, |
1534 |
20 |
369, 341, 673, 674, 380, 369, 267, 10, 679, 680, |
|
1535 |
20 |
380, 380, 381, 380, 381, 278, 380, 381, 40, 690, |
|
1536 |
20 |
691, 123, 369, 125, 125, 44, 207, 297, 298, 265, |
|
1537 |
✓✓ | 2793 |
125, 380, 381, 380, 381, 260, 275, 276, 263, 369, |
1538 |
12 |
324, 369, 370, 371, 269, 270, 266, 631, 631, 123, |
|
1539 |
✗✓ | 2793 |
380, 381, 304, 278, 279, 280, 546, 282, 283, 549, |
1540 |
285, 286, 62, 125, 125, 290, 266, 292, 293, 294, |
||
1541 |
295, 296, 297, 298, 299, 300, 301, 125, 287, 342, |
||
1542 |
305, 381, 60, 61, 62, 310, 355, 356, 10, 305, |
||
1543 |
381, 10, 317, 381, 275, 380, 381, 380, 381, 369, |
||
1544 |
381, 10, 327, 328, 329, 330, 331, 332, 333, 334, |
||
1545 |
✓✓ | 2793 |
380, 381, 60, 338, 33, 381, 341, 380, 380, 381, |
1546 |
28 |
305, 381, 338, 348, 349, 44, 351, 446, 269, 60, |
|
1547 |
28 |
61, 62, 348, 380, 381, 454, 277, 381, 363, 364, |
|
1548 |
28 |
321, 60, 61, 62, 369, 370, 371, 372, 373, 374, |
|
1549 |
28 |
375, 376, 381, 338, 44, 380, 381, 381, 260, 300, |
|
1550 |
✗✓ | 2793 |
301, 263, 261, 348, 370, 371, 656, 269, 270, 659, |
1551 |
380, 381, 271, 272, 273, 268, 278, 279, 280, 41, |
||
1552 |
282, 283, 380, 285, 286, 326, 380, 381, 290, 380, |
||
1553 |
292, 293, 294, 295, 296, 297, 298, 299, 300, 301, |
||
1554 |
10, 380, 381, 305, 123, 47, 125, 306, 310, 380, |
||
1555 |
538, 380, 381, 41, 10, 317, 397, 380, 381, 380, |
||
1556 |
381, 380, 381, 297, 298, 327, 328, 329, 330, 331, |
||
1557 |
332, 333, 334, 380, 381, 381, 338, 33, 303, 341, |
||
1558 |
✓✓ | 2793 |
60, 61, 62, 33, 381, 62, 348, 349, 44, 351, |
1559 |
8 |
41, 269, 381, 381, 319, 381, 380, 274, 41, 277, |
|
1560 |
✓✓✗✓ |
2801 |
380, 363, 364, 360, 60, 61, 62, 369, 370, 371, |
1561 |
372, 373, 374, 375, 376, 380, 595, 381, 380, 381, |
||
1562 |
344, 263, 300, 301, 303, 355, 324, 352, 353, 354, |
||
1563 |
609, 334, 357, 358, 359, 369, 361, 362, 285, 269, |
||
1564 |
✓✓✓✓ |
2801 |
365, 366, 47, 123, 380, 10, 380, 381, 326, 380, |
1565 |
6 |
47, 380, 123, 381, 380, 380, 335, 336, 337, 382, |
|
1566 |
40, 340, 284, 284, 343, 653, 345, 123, 284, 125, |
||
1567 |
6 |
284, 350, 335, 336, 337, 381, 44, 340, 285, 381, |
|
1568 |
343, 260, 345, 41, 263, 381, 380, 350, 381, 380, |
||
1569 |
2787 |
269, 270, 60, 61, 62, 10, 41, 676, 62, 678, |
|
1570 |
279, 280, 343, 282, 283, 381, 303, 286, 380, 47, |
||
1571 |
✓✓ | 2787 |
281, 290, 40, 292, 293, 294, 295, 296, 33, 281, |
1572 |
✓✓ | 50 |
299, 300, 301, 47, 285, 380, 305, 380, 47, 44, |
1573 |
25 |
382, 310, 382, 285, 303, 380, 268, 380, 317, 377, |
|
1574 |
4 |
378, 379, 380, 381, 10, 60, 61, 62, 41, 380, |
|
1575 |
62, 41, 381, 381, 333, 381, 381, 125, 381, 338, |
||
1576 |
4 |
380, 380, 341, 60, 61, 62, 335, 336, 337, 348, |
|
1577 |
349, 340, 41, 10, 343, 269, 345, 10, 10, 10, |
||
1578 |
✓✓ | 2783 |
10, 350, 41, 324, 363, 364, 377, 378, 379, 380, |
1579 |
✗✓ | 64 |
381, 370, 371, 372, 373, 374, 375, 376, 377, 378, |
1580 |
32 |
379, 380, 381, 10, 260, 10, 380, 10, 123, 10, |
|
1581 |
125, 60, 61, 62, 270, 380, 10, 10, 10, 60, |
||
1582 |
61, 62, 268, 279, 280, 381, 282, 283, 494, 477, |
||
1583 |
286, 41, 53, 303, 290, 237, 292, 293, 294, 295, |
||
1584 |
296, 33, 197, 299, 300, 301, 60, 61, 62, 305, |
||
1585 |
2783 |
271, 402, 44, 337, 310, 324, 360, 287, 288, 373, |
|
1586 |
✗✓ | 2783 |
137, 317, 529, 172, 214, 335, 336, 337, 65, 56, |
1587 |
340, 286, 302, 478, 123, 345, 304, 333, 308, 397, |
||
1588 |
2783 |
350, 255, 338, 227, 236, 341, 316, 637, 125, 607, |
|
1589 |
2783 |
631, -1, 348, 349, -1, 125, -1, 377, 378, 379, |
|
1590 |
2783 |
380, 381, -1, -1, -1, -1, -1, 363, 364, 123, |
|
1591 |
✓✓ | 2783 |
60, 61, 62, -1, 370, 371, 372, 373, 374, 375, |
1592 |
3 |
376, 377, 378, 379, 380, 381, 10, -1, -1, 287, |
|
1593 |
3 |
288, 123, -1, 125, -1, -1, -1, -1, 303, -1, |
|
1594 |
-1, 335, 336, 337, 302, 260, 340, -1, -1, 33, |
||
1595 |
✓✓✓✓ ✗✓ |
7584 |
308, 345, -1, -1, 319, 270, 350, -1, 316, -1, |
1596 |
✓✓✓✓ |
956 |
44, -1, -1, -1, 279, 280, -1, 282, 283, -1, |
1597 |
170 |
-1, 286, -1, -1, -1, 290, -1, 292, 293, 294, |
|
1598 |
12 |
295, 296, -1, -1, 299, 300, 301, 352, 353, 354, |
|
1599 |
305, -1, 357, 358, 359, 310, 361, 362, -1, -1, |
||
1600 |
✓✓✓✓ |
604 |
365, 366, 317, -1, -1, -1, -1, -1, -1, 377, |
1601 |
✗✓✗✗ |
2 |
378, 379, 380, 381, -1, 380, -1, -1, 333, 256, |
1602 |
2 |
257, 258, 259, 338, -1, -1, 341, 257, 258, 259, |
|
1603 |
335, 336, 337, 348, 349, 340, -1, -1, -1, 123, |
||
1604 |
✗✓ | 2 |
345, 125, -1, -1, -1, 350, -1, -1, 363, 364, |
1605 |
-1, -1, -1, -1, -1, 370, 371, 372, 373, 374, |
||
1606 |
375, 376, 377, 378, 379, 380, 381, -1, 260, -1, |
||
1607 |
-1, -1, 309, -1, -1, -1, -1, -1, 270, 309, |
||
1608 |
2 |
377, 378, 379, 380, 381, -1, -1, 279, 280, -1, |
|
1609 |
282, 283, 10, -1, 286, 325, -1, -1, 290, -1, |
||
1610 |
292, 293, 294, 295, 296, -1, -1, 299, 300, 301, |
||
1611 |
-1, -1, -1, 305, -1, 33, -1, -1, 310, -1, |
||
1612 |
-1, -1, 40, -1, -1, 317, 44, -1, 377, 378, |
||
1613 |
379, 380, 381, -1, -1, -1, 377, 378, 379, 380, |
||
1614 |
381, 333, 60, -1, -1, -1, 338, -1, -1, 341, |
||
1615 |
327, 328, 329, 330, 331, 332, 348, 349, -1, -1, |
||
1616 |
-1, -1, -1, 377, 378, 379, 380, 381, -1, -1, |
||
1617 |
-1, 363, 364, -1, 351, -1, 260, -1, 370, 371, |
||
1618 |
372, 373, 374, 375, 376, -1, 270, -1, 380, 381, |
||
1619 |
-1, -1, -1, -1, -1, 279, 280, 303, 282, 283, |
||
1620 |
2778 |
-1, 10, 286, -1, -1, 123, 290, 125, 292, 293, |
|
1621 |
2778 |
294, 295, 296, 319, -1, 299, 300, 301, -1, -1, |
|
1622 |
2778 |
-1, 305, -1, -1, 33, -1, 310, 377, 378, 379, |
|
1623 |
380, 381, 41, 317, -1, 44, -1, -1, -1, -1, |
||
1624 |
-1, -1, -1, -1, -1, -1, 352, 353, 354, 333, |
||
1625 |
✓✓✓✓ ✓✓ |
6426 |
303, 357, 358, 359, 338, 361, 362, 341, -1, 365, |
1626 |
1134 |
366, -1, -1, -1, 348, 349, 319, -1, -1, -1, |
|
1627 |
1098 |
-1, -1, -1, -1, 380, -1, -1, -1, -1, 363, |
|
1628 |
1098 |
364, -1, -1, -1, -1, -1, 370, 371, 372, 373, |
|
1629 |
374, 375, 376, -1, -1, -1, 380, 381, -1, 352, |
||
1630 |
1098 |
353, 354, -1, -1, 357, 358, 359, -1, 361, 362, |
|
1631 |
-1, -1, 365, 366, 123, -1, -1, -1, 10, -1, |
||
1632 |
✓✓ | 5772 |
-1, -1, -1, -1, -1, -1, -1, 380, -1, -1, |
1633 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1634 |
-1, 33, 260, -1, -1, -1, -1, -1, -1, -1, |
||
1635 |
✓✓✓✓ ✓✓✓✓ ✗✗✗✓ ✓ |
216 |
-1, -1, 270, -1, -1, -1, -1, -1, -1, -1, |
1636 |
-1, 279, 280, -1, 282, 283, -1, -1, 286, -1, |
||
1637 |
✗✓ | 4 |
-1, -1, 290, -1, 292, 293, 294, 295, 296, -1, |
1638 |
-1, 299, 300, 301, -1, -1, -1, 305, -1, -1, |
||
1639 |
-1, -1, 310, -1, -1, -1, -1, -1, -1, 317, |
||
1640 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, 327, |
||
1641 |
328, 329, 330, 331, 332, 333, 334, -1, -1, -1, |
||
1642 |
4 |
338, -1, -1, 341, -1, -1, -1, -1, -1, -1, |
|
1643 |
4 |
348, 349, -1, 351, -1, -1, -1, -1, -1, -1, |
|
1644 |
10, -1, -1, -1, -1, 363, 364, -1, -1, -1, |
||
1645 |
✗✓ | 4 |
-1, 260, 370, 371, 372, 373, 374, 375, 376, 268, |
1646 |
269, 270, 380, 33, -1, -1, -1, -1, 277, -1, |
||
1647 |
279, 280, -1, 282, 283, -1, -1, 286, -1, -1, |
||
1648 |
-1, 290, -1, 292, 293, 294, 295, 296, -1, -1, |
||
1649 |
299, 300, 301, -1, -1, -1, 305, -1, -1, -1, |
||
1650 |
4 |
-1, 310, -1, -1, -1, -1, -1, -1, 317, -1, |
|
1651 |
4 |
-1, -1, -1, -1, -1, -1, -1, 326, 327, 328, |
|
1652 |
329, 330, 331, 332, 333, -1, -1, -1, -1, 338, |
||
1653 |
✗✓ | 26 |
-1, -1, 341, -1, -1, -1, -1, -1, -1, 348, |
1654 |
349, -1, 351, -1, -1, -1, -1, -1, -1, -1, |
||
1655 |
-1, -1, -1, 123, 363, 364, -1, 10, -1, -1, |
||
1656 |
-1, 370, 371, 372, 373, 374, 375, 376, 260, -1, |
||
1657 |
262, 263, 264, 265, 266, 267, 268, 269, 270, -1, |
||
1658 |
33, -1, 274, 275, 276, 277, -1, 279, 280, -1, |
||
1659 |
26 |
282, 283, -1, -1, 286, -1, -1, -1, 290, -1, |
|
1660 |
26 |
292, 293, 294, 295, 296, -1, -1, 299, 300, 301, |
|
1661 |
26 |
-1, -1, -1, 305, -1, -1, -1, -1, 310, -1, |
|
1662 |
-1, -1, -1, -1, -1, 317, -1, -1, -1, -1, |
||
1663 |
✗✓ | 8 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
1664 |
-1, 333, -1, -1, -1, -1, 338, -1, -1, 341, |
||
1665 |
-1, -1, -1, -1, -1, -1, 348, 349, -1, -1, |
||
1666 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1667 |
-1, 363, 364, -1, -1, -1, -1, -1, 370, 371, |
||
1668 |
372, 373, 374, 375, 376, 10, -1, -1, -1, -1, |
||
1669 |
✗✓ | 8 |
260, -1, 262, 263, 264, -1, 266, 267, 268, 269, |
1670 |
270, -1, -1, -1, 274, 275, 276, 277, 33, 279, |
||
1671 |
280, -1, 282, 283, -1, -1, 286, -1, -1, -1, |
||
1672 |
290, -1, 292, 293, 294, 295, 296, -1, -1, 299, |
||
1673 |
300, 301, -1, -1, -1, 305, -1, -1, -1, -1, |
||
1674 |
8 |
310, -1, -1, -1, -1, -1, -1, 317, -1, -1, |
|
1675 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1676 |
8 |
-1, -1, -1, 333, -1, -1, -1, -1, 338, -1, |
|
1677 |
8 |
-1, 341, -1, -1, -1, -1, -1, -1, 348, 349, |
|
1678 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1679 |
✗✓ | 9 |
-1, -1, -1, 363, 364, -1, -1, -1, -1, -1, |
1680 |
370, 371, 372, 373, 374, 375, 376, 260, 10, 262, |
||
1681 |
263, 264, 265, 266, 267, 268, 269, 270, -1, -1, |
||
1682 |
-1, 274, 275, 276, 277, -1, 279, 280, -1, 282, |
||
1683 |
283, 33, -1, 286, -1, -1, -1, 290, -1, 292, |
||
1684 |
✗✓ | 27 |
293, 294, 295, 296, -1, -1, 299, 300, 301, -1, |
1685 |
9 |
-1, -1, 305, -1, -1, -1, -1, 310, -1, -1, |
|
1686 |
9 |
-1, -1, -1, -1, 317, -1, -1, -1, -1, 308, |
|
1687 |
-1, -1, 311, 312, 313, 314, 315, -1, -1, 318, |
||
1688 |
333, 320, 321, 322, -1, 338, -1, -1, 341, -1, |
||
1689 |
-1, -1, -1, -1, -1, 348, 349, -1, -1, -1, |
||
1690 |
-1, -1, -1, -1, -1, -1, -1, -1, 347, -1, |
||
1691 |
363, 364, -1, -1, -1, -1, -1, 370, 371, 372, |
||
1692 |
9 |
373, 374, 375, 376, -1, 10, -1, -1, 367, 368, |
|
1693 |
9 |
-1, -1, -1, -1, -1, 260, -1, 262, 263, 264, |
|
1694 |
265, 266, 267, 268, 269, 270, -1, -1, 33, 274, |
||
1695 |
✗✓ | 17 |
275, 276, 277, -1, 279, 280, -1, 282, 283, -1, |
1696 |
-1, 286, -1, -1, -1, 290, -1, 292, 293, 294, |
||
1697 |
295, 296, -1, -1, 299, 300, 301, -1, -1, -1, |
||
1698 |
305, -1, -1, -1, -1, 310, -1, -1, -1, -1, |
||
1699 |
-1, -1, 317, -1, -1, -1, -1, -1, -1, -1, |
||
1700 |
-1, -1, -1, -1, -1, -1, -1, -1, 333, -1, |
||
1701 |
✗✓ | 17 |
-1, -1, -1, 338, -1, -1, 341, -1, -1, -1, |
1702 |
-1, -1, -1, 348, 349, -1, -1, -1, -1, -1, |
||
1703 |
-1, -1, -1, -1, -1, -1, -1, -1, 363, 364, |
||
1704 |
-1, -1, -1, -1, -1, 370, 371, 372, 373, 374, |
||
1705 |
375, 376, -1, 10, -1, -1, -1, -1, 260, -1, |
||
1706 |
17 |
262, 263, 264, 265, 266, 267, 268, 269, 270, -1, |
|
1707 |
-1, -1, 274, 275, 276, 277, 33, 279, 280, -1, |
||
1708 |
17 |
282, 283, -1, -1, 286, -1, -1, -1, 290, -1, |
|
1709 |
292, 293, 294, 295, 296, -1, -1, 299, 300, 301, |
||
1710 |
17 |
-1, -1, -1, 305, -1, -1, -1, -1, 310, -1, |
|
1711 |
-1, -1, -1, -1, -1, 317, -1, -1, -1, -1, |
||
1712 |
✗✓ | 17 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
1713 |
-1, 333, -1, -1, -1, -1, 338, -1, -1, 341, |
||
1714 |
-1, -1, -1, -1, -1, -1, 348, 349, -1, -1, |
||
1715 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1716 |
-1, 363, 364, -1, -1, -1, 123, -1, 370, 371, |
||
1717 |
372, 373, 374, 375, 376, 260, 10, -1, 263, -1, |
||
1718 |
✓✗✗✓ |
34 |
265, 266, 267, 268, 269, 270, -1, -1, -1, 274, |
1719 |
17 |
275, 276, 277, -1, 279, 280, -1, 282, 283, 33, |
|
1720 |
-1, 286, -1, -1, -1, 290, -1, 292, 293, 294, |
||
1721 |
295, 296, -1, -1, 299, 300, 301, -1, -1, -1, |
||
1722 |
305, -1, -1, -1, -1, 310, -1, -1, -1, -1, |
||
1723 |
-1, -1, 317, -1, -1, -1, -1, -1, -1, -1, |
||
1724 |
✗✓ | 17 |
-1, -1, -1, -1, -1, -1, -1, -1, 333, -1, |
1725 |
-1, -1, -1, 338, -1, -1, 341, -1, -1, -1, |
||
1726 |
-1, -1, -1, 348, 349, -1, -1, -1, -1, -1, |
||
1727 |
-1, -1, -1, -1, 10, -1, -1, -1, 363, 364, |
||
1728 |
-1, -1, -1, -1, -1, 370, 371, 372, 373, 374, |
||
1729 |
375, 376, -1, -1, -1, -1, -1, 33, -1, -1, |
||
1730 |
-1, -1, -1, 260, -1, -1, 263, -1, -1, 266, |
||
1731 |
17 |
267, 268, 269, 270, -1, -1, -1, 274, 275, 276, |
|
1732 |
277, -1, 279, 280, -1, 282, 283, -1, -1, 286, |
||
1733 |
17 |
-1, -1, -1, 290, -1, 292, 293, 294, 295, 296, |
|
1734 |
17 |
-1, -1, 299, 300, 301, -1, -1, -1, 305, -1, |
|
1735 |
17 |
-1, -1, -1, 310, -1, -1, -1, -1, -1, -1, |
|
1736 |
317, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1737 |
17 |
-1, -1, -1, -1, -1, -1, 333, -1, -1, -1, |
|
1738 |
-1, 338, -1, -1, 341, -1, -1, 123, -1, -1, |
||
1739 |
✗✓ | 9 |
-1, 348, 349, -1, -1, -1, -1, 10, -1, -1, |
1740 |
-1, -1, -1, -1, -1, -1, 363, 364, -1, -1, |
||
1741 |
-1, -1, -1, 370, 371, 372, 373, 374, 375, 376, |
||
1742 |
33, -1, -1, -1, -1, -1, 260, -1, -1, 263, |
||
1743 |
-1, -1, 266, 267, 268, 269, 270, -1, -1, -1, |
||
1744 |
274, 275, 276, 277, -1, 279, 280, -1, 282, 283, |
||
1745 |
✗✓ | 9 |
-1, -1, 286, -1, -1, -1, 290, -1, 292, 293, |
1746 |
294, 295, 296, -1, -1, 299, 300, 301, -1, -1, |
||
1747 |
-1, 305, -1, -1, -1, -1, 310, -1, -1, -1, |
||
1748 |
-1, -1, -1, 317, -1, -1, -1, -1, -1, -1, |
||
1749 |
324, -1, -1, -1, -1, -1, -1, -1, -1, 333, |
||
1750 |
9 |
-1, -1, -1, -1, 338, -1, -1, 341, -1, -1, |
|
1751 |
-1, -1, -1, -1, 348, 349, -1, -1, -1, -1, |
||
1752 |
9 |
-1, -1, 10, -1, 260, -1, -1, -1, -1, 363, |
|
1753 |
364, -1, -1, 269, 270, -1, 370, 371, 372, 373, |
||
1754 |
9 |
374, 375, 376, 279, 280, 33, 282, 283, -1, 285, |
|
1755 |
286, -1, -1, -1, 290, -1, 292, 293, 294, 295, |
||
1756 |
296, -1, -1, 299, 300, 301, -1, -1, -1, 305, |
||
1757 |
-1, -1, -1, -1, 310, -1, -1, -1, -1, -1, |
||
1758 |
-1, 317, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1759 |
-1, 327, 328, 329, 330, 331, 332, 333, -1, -1, |
||
1760 |
-1, -1, 338, -1, -1, 341, -1, -1, -1, -1, |
||
1761 |
-1, -1, 348, 349, -1, 351, -1, -1, -1, -1, |
||
1762 |
-1, -1, -1, -1, -1, -1, -1, 363, 364, -1, |
||
1763 |
-1, -1, -1, -1, 370, 371, 372, 373, 374, 375, |
||
1764 |
376, -1, 10, -1, -1, -1, -1, 260, -1, -1, |
||
1765 |
263, -1, -1, -1, 267, 268, 269, 270, -1, -1, |
||
1766 |
-1, 274, 275, 276, 277, 33, 279, 280, -1, 282, |
||
1767 |
283, -1, -1, 286, -1, -1, -1, 290, -1, 292, |
||
1768 |
293, 294, 295, 296, -1, -1, 299, 300, 301, -1, |
||
1769 |
-1, -1, 305, -1, -1, -1, -1, 310, -1, -1, |
||
1770 |
-1, -1, -1, -1, 317, -1, -1, -1, -1, -1, |
||
1771 |
-1, 324, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1772 |
333, -1, -1, -1, -1, 338, -1, -1, 341, -1, |
||
1773 |
-1, -1, -1, -1, -1, 348, 349, -1, -1, -1, |
||
1774 |
-1, 10, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1775 |
363, 364, -1, -1, -1, 123, -1, 370, 371, 372, |
||
1776 |
373, 374, 375, 376, 33, -1, -1, -1, -1, -1, |
||
1777 |
-1, -1, 260, -1, -1, 263, -1, -1, -1, 267, |
||
1778 |
268, 269, 270, -1, -1, -1, 274, 275, 276, 277, |
||
1779 |
-1, 279, 280, -1, 282, 283, -1, -1, 286, -1, |
||
1780 |
-1, -1, 290, -1, 292, 293, 294, 295, 296, -1, |
||
1781 |
-1, 299, 300, 301, -1, -1, -1, 305, -1, -1, |
||
1782 |
✓✓ | 27 |
-1, -1, 310, -1, -1, -1, -1, -1, -1, 317, |
1783 |
✓✓ | 14 |
-1, -1, -1, -1, -1, -1, 324, -1, -1, 10, |
1784 |
13 |
-1, -1, -1, -1, -1, 333, -1, -1, -1, -1, |
|
1785 |
338, -1, -1, 341, 123, -1, -1, -1, -1, -1, |
||
1786 |
2 |
348, 349, 33, -1, -1, -1, -1, -1, -1, -1, |
|
1787 |
✗✓ | 14 |
-1, -1, -1, -1, -1, 363, 364, -1, -1, -1, |
1788 |
-1, -1, 370, 371, 372, 373, 374, 375, 376, -1, |
||
1789 |
-1, -1, 260, -1, -1, 263, -1, -1, -1, 267, |
||
1790 |
268, 269, 270, -1, -1, -1, 274, 275, 276, 277, |
||
1791 |
-1, 279, 280, -1, 282, 283, -1, -1, 286, -1, |
||
1792 |
-1, -1, 290, -1, 292, 293, 294, 295, 296, -1, |
||
1793 |
-1, 299, 300, 301, -1, -1, -1, 305, 10, -1, |
||
1794 |
14 |
-1, -1, 310, -1, -1, -1, -1, -1, -1, 317, |
|
1795 |
14 |
-1, -1, 123, -1, -1, -1, -1, -1, -1, -1, |
|
1796 |
14 |
-1, 33, -1, -1, -1, 333, -1, -1, -1, -1, |
|
1797 |
108 |
338, -1, -1, 341, -1, -1, -1, -1, -1, -1, |
|
1798 |
✓✗ | 108 |
348, 349, -1, -1, -1, -1, -1, -1, -1, -1, |
1799 |
108 |
-1, 260, -1, -1, -1, 363, 364, -1, -1, -1, |
|
1800 |
✓✗ | 108 |
269, 270, 370, 371, 372, 373, 374, 375, 376, -1, |
1801 |
279, 280, -1, 282, 283, -1, -1, 286, -1, -1, |
||
1802 |
-1, 290, -1, 292, 293, 294, 295, 296, -1, -1, |
||
1803 |
✓✓✓✓ ✓✓✓✓ |
6229 |
299, 300, 301, -1, -1, -1, 305, -1, -1, -1, |
1804 |
✓✓✓✓ |
2058 |
-1, 310, -1, -1, -1, -1, -1, -1, 317, -1, |
1805 |
1020 |
-1, 123, -1, -1, -1, 10, -1, -1, 327, 328, |
|
1806 |
991 |
329, 330, 331, 332, 333, -1, -1, -1, -1, 338, |
|
1807 |
991 |
-1, -1, 341, -1, -1, -1, -1, -1, 33, 348, |
|
1808 |
991 |
349, -1, 351, -1, -1, -1, -1, -1, -1, 260, |
|
1809 |
✓✓✓✓ |
5555 |
-1, -1, -1, -1, 363, 364, -1, -1, 269, 270, |
1810 |
3 |
-1, 370, 371, 372, 373, 374, 375, 376, 279, 280, |
|
1811 |
3 |
-1, 282, 283, -1, -1, 286, -1, -1, -1, 290, |
|
1812 |
3 |
-1, 292, 293, 294, 295, 296, -1, -1, 299, 300, |
|
1813 |
3 |
301, -1, -1, -1, 305, -1, -1, -1, -1, 310, |
|
1814 |
3 |
-1, -1, -1, -1, -1, -1, 317, -1, -1, -1, |
|
1815 |
✓✓ | 2778 |
-1, -1, -1, -1, -1, -1, 327, 328, 329, 330, |
1816 |
✓✓✓✓ |
49 |
331, 332, 333, -1, -1, -1, -1, 338, -1, -1, |
1817 |
7 |
341, -1, 10, -1, -1, -1, -1, 348, 349, -1, |
|
1818 |
1 |
351, -1, -1, -1, -1, -1, -1, -1, 260, -1, |
|
1819 |
-1, -1, 363, 364, -1, 33, -1, 269, 270, 370, |
||
1820 |
371, 372, 373, 374, 375, 376, -1, 279, 280, -1, |
||
1821 |
1 |
282, 283, -1, -1, 286, -1, -1, -1, 290, -1, |
|
1822 |
292, 293, 294, 295, 296, -1, -1, 299, 300, 301, |
||
1823 |
✓✓✗✓ |
47 |
-1, -1, -1, 305, -1, -1, -1, -1, 310, -1, |
1824 |
6 |
-1, -1, -1, -1, -1, 317, -1, -1, -1, -1, |
|
1825 |
-1, -1, -1, -1, -1, 327, 328, 329, 330, 331, |
||
1826 |
332, 333, -1, -1, -1, -1, 338, -1, -1, 341, |
||
1827 |
-1, 10, -1, -1, -1, -1, 348, 349, -1, 351, |
||
1828 |
-1, -1, -1, -1, -1, 123, -1, -1, -1, -1, |
||
1829 |
-1, 363, 364, -1, 33, -1, -1, -1, 370, 371, |
||
1830 |
✓✓✗✓ |
47 |
372, 373, 374, 375, 376, 260, -1, -1, 263, -1, |
1831 |
6 |
-1, -1, 267, 268, 269, 270, -1, -1, -1, 274, |
|
1832 |
275, 276, 277, -1, 279, 280, -1, 282, 283, -1, |
||
1833 |
-1, 286, -1, -1, -1, 290, -1, 292, 293, 294, |
||
1834 |
295, 296, -1, -1, 299, 300, 301, -1, -1, -1, |
||
1835 |
305, -1, -1, -1, -1, 310, -1, -1, -1, -1, |
||
1836 |
-1, -1, 317, -1, -1, -1, -1, -1, -1, 10, |
||
1837 |
✓✓ | 82 |
-1, -1, -1, -1, -1, -1, -1, -1, 333, -1, |
1838 |
41 |
-1, -1, -1, 338, 123, -1, 341, -1, -1, -1, |
|
1839 |
13 |
-1, -1, 33, 348, 349, -1, -1, -1, -1, -1, |
|
1840 |
-1, -1, -1, -1, -1, -1, -1, -1, 363, 364, |
||
1841 |
41 |
-1, -1, -1, -1, -1, 370, 371, 372, 373, 374, |
|
1842 |
✓✓ | 41 |
375, 376, 260, -1, -1, 263, -1, -1, -1, -1, |
1843 |
10 |
268, 269, 270, -1, -1, -1, 274, 275, 276, 277, |
|
1844 |
-1, 279, 280, -1, 282, 283, -1, -1, 286, -1, |
||
1845 |
✓✓ | 2777 |
-1, -1, 290, -1, 292, 293, 294, 295, 296, -1, |
1846 |
1361 |
-1, 299, 300, 301, -1, -1, -1, 305, -1, -1, |
|
1847 |
-1, -1, 310, -1, -1, -1, -1, -1, -1, 317, |
||
1848 |
✓✓ | 2777 |
-1, -1, 123, -1, -1, -1, 10, -1, -1, -1, |
1849 |
4 |
-1, -1, -1, -1, -1, 333, -1, -1, -1, -1, |
|
1850 |
2777 |
338, -1, -1, 341, -1, -1, -1, -1, -1, 33, |
|
1851 |
348, 349, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1852 |
2777 |
-1, 260, -1, -1, -1, 363, 364, -1, -1, -1, |
|
1853 |
2777 |
-1, 270, 370, 371, 372, 373, 374, 375, 376, -1, |
|
1854 |
279, 280, -1, 282, 283, -1, -1, 286, -1, -1, |
||
1855 |
✓✓ | 2777 |
-1, 290, -1, 292, 293, 294, 295, 296, -1, -1, |
1856 |
✗✓ | 86 |
299, 300, 301, -1, -1, -1, 305, -1, -1, -1, |
1857 |
-1, 310, -1, -1, -1, -1, -1, -1, 317, -1, |
||
1858 |
-1, -1, -1, -1, -1, -1, -1, -1, 327, 328, |
||
1859 |
329, 330, 331, 332, 333, -1, -1, -1, -1, 338, |
||
1860 |
-1, -1, 341, 10, -1, -1, -1, -1, -1, 348, |
||
1861 |
86 |
349, -1, 351, -1, -1, -1, -1, -1, -1, 260, |
|
1862 |
86 |
-1, -1, -1, -1, 363, 364, 33, -1, -1, 270, |
|
1863 |
✓✓ | 86 |
-1, 370, 371, 372, 373, 374, 375, 376, 279, 280, |
1864 |
7 |
-1, 282, 283, -1, -1, 286, -1, -1, -1, 290, |
|
1865 |
-1, 292, 293, 294, 295, 296, -1, -1, 299, 300, |
||
1866 |
301, -1, -1, -1, 305, -1, -1, -1, -1, 310, |
||
1867 |
✓✓ | 2777 |
-1, -1, -1, -1, -1, -1, 317, -1, -1, -1, |
1868 |
86 |
-1, -1, -1, -1, -1, -1, 327, 328, 329, 330, |
|
1869 |
✗✗ | 86 |
331, 332, 333, -1, -1, -1, -1, 338, -1, -1, |
1870 |
✓✓✓✓ |
148 |
341, -1, -1, -1, -1, -1, -1, 348, 349, -1, |
1871 |
✓✓ | 59 |
351, -1, -1, -1, -1, -1, 123, -1, -1, -1, |
1872 |
✗✓✗✗ |
56 |
10, -1, 363, 364, -1, -1, -1, -1, -1, 370, |
1873 |
6 |
371, 372, 373, 374, 375, 376, 260, -1, -1, 263, |
|
1874 |
✓✓ | 86 |
-1, -1, -1, 33, 268, 269, 270, -1, -1, -1, |
1875 |
✗✓✗✗ ✗✗✗✗ |
6 |
274, 275, 276, 277, -1, 279, 280, -1, 282, 283, |
1876 |
-1, -1, 286, -1, -1, -1, 290, -1, 292, 293, |
||
1877 |
294, 295, 296, -1, -1, 299, 300, 301, -1, -1, |
||
1878 |
-1, 305, -1, -1, -1, -1, 310, -1, -1, -1, |
||
1879 |
-1, -1, -1, 317, -1, -1, -1, -1, -1, -1, |
||
1880 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, 333, |
||
1881 |
-1, -1, -1, -1, 338, -1, -1, 341, -1, -1, |
||
1882 |
✗✓ | 172 |
-1, -1, -1, -1, 348, 349, -1, -1, -1, -1, |
1883 |
86 |
-1, -1, -1, -1, -1, -1, -1, 10, -1, 363, |
|
1884 |
364, -1, -1, -1, -1, -1, 370, 371, 372, 373, |
||
1885 |
86 |
374, 375, 376, 260, -1, -1, 263, -1, -1, -1, |
|
1886 |
86 |
33, 268, 269, 270, -1, -1, -1, 274, -1, -1, |
|
1887 |
✓✓ | 2777 |
277, -1, 279, 280, -1, 282, 283, -1, -1, 286, |
1888 |
✗✓ | 4 |
-1, -1, -1, 290, -1, 292, 293, 294, 295, 296, |
1889 |
2 |
-1, -1, 299, 300, 301, -1, -1, -1, 305, -1, |
|
1890 |
-1, -1, -1, 310, -1, -1, -1, -1, -1, -1, |
||
1891 |
317, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1892 |
-1, -1, -1, -1, -1, -1, 333, -1, -1, -1, |
||
1893 |
-1, 338, -1, -1, 341, -1, -1, -1, -1, -1, |
||
1894 |
2 |
-1, 348, 349, -1, -1, -1, -1, -1, -1, -1, |
|
1895 |
2 |
123, -1, -1, -1, 10, -1, 363, 364, -1, -1, |
|
1896 |
✗✓ | 2777 |
-1, -1, -1, 370, 371, 372, 373, 374, 375, 376, |
1897 |
260, -1, -1, 263, -1, -1, -1, 33, 268, 269, |
||
1898 |
270, -1, -1, -1, 274, -1, -1, 277, -1, 279, |
||
1899 |
280, -1, 282, 283, -1, -1, 286, -1, -1, -1, |
||
1900 |
290, -1, 292, 293, 294, 295, 296, -1, -1, 299, |
||
1901 |
300, 301, -1, -1, -1, 305, -1, -1, -1, -1, |
||
1902 |
310, -1, -1, -1, -1, -1, -1, 317, -1, -1, |
||
1903 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1904 |
-1, -1, -1, 333, -1, -1, -1, -1, 338, -1, |
||
1905 |
✓✓ | 2777 |
-1, 341, -1, 10, -1, -1, -1, -1, 348, 349, |
1906 |
2 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
1907 |
2775 |
-1, -1, -1, 363, 364, -1, 33, -1, -1, -1, |
|
1908 |
370, 371, 372, 373, 374, 375, 376, 260, -1, -1, |
||
1909 |
5550 |
263, -1, -1, -1, -1, 268, 269, 270, -1, -1, |
|
1910 |
2775 |
-1, -1, -1, -1, 277, -1, 279, 280, -1, 282, |
|
1911 |
2775 |
283, -1, -1, 286, -1, -1, -1, 290, -1, 292, |
|
1912 |
2775 |
293, 294, 295, 296, -1, -1, 299, 300, 301, -1, |
|
1913 |
✓✓ | 5568 |
-1, -1, 305, -1, -1, -1, -1, 310, -1, -1, |
1914 |
-1, -1, -1, -1, 317, -1, -1, -1, -1, -1, |
||
1915 |
-1, 10, -1, -1, -1, -1, -1, -1, -1, -1, |
||
1916 |
333, -1, -1, -1, -1, 338, 123, -1, 341, -1, |
||
1917 |
1835 |
-1, -1, -1, -1, 33, 348, 349, -1, -1, -1, |
|
1918 |
1835 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
1919 |
363, 364, -1, -1, -1, -1, -1, 370, 371, 372, |
||
1920 |
1835 |
373, 374, 375, 376, 260, -1, -1, 263, -1, -1, |
|
1921 |
1809 |
-1, -1, 268, 269, 270, -1, -1, -1, -1, -1, |
|
1922 |
1809 |
-1, 277, -1, 279, 280, -1, 282, 283, -1, -1, |
|
1923 |
1119 |
286, -1, -1, -1, 290, -1, 292, 293, 294, 295, |
|
1924 |
1119 |
296, -1, -1, 299, 300, 301, -1, -1, -1, 305, |
|
1925 |
1119 |
10, -1, -1, -1, 310, -1, -1, -1, -1, -1, |
|
1926 |
-1, 317, -1, -1, 123, -1, -1, -1, -1, -1, |
||
1927 |
1119 |
-1, -1, -1, 33, -1, -1, -1, 333, -1, -1, |
|
1928 |
-1, -1, 338, -1, -1, 341, -1, -1, -1, -1, |
||
1929 |
-1, -1, 348, 349, -1, -1, -1, -1, -1, -1, |
||
1930 |
-1, -1, -1, 260, -1, -1, 263, 363, 364, -1, |
||
1931 |
-1, -1, 269, 270, 370, 371, 372, 373, 374, 375, |
||
1932 |
376, -1, 279, 280, -1, 282, 283, -1, -1, 286, |
||
1933 |
-1, -1, -1, 290, -1, 292, 293, 294, 295, 296, |
||
1934 |
✓✓ | 28 |
-1, -1, 299, 300, 301, -1, -1, -1, 305, 10, |
1935 |
6 |
-1, -1, -1, 310, -1, -1, -1, -1, -1, -1, |
|
1936 |
28 |
317, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
1937 |
-1, -1, 33, -1, -1, -1, 333, -1, -1, -1, |
||
1938 |
28 |
-1, 338, -1, -1, 341, -1, -1, -1, -1, -1, |
|
1939 |
✓✓ | 21 |
-1, 348, 349, -1, -1, -1, -1, -1, -1, -1, |
1940 |
3 |
-1, 260, -1, -1, 263, -1, 363, 364, -1, -1, |
|
1941 |
21 |
269, 270, -1, 370, 371, 372, 373, 374, 375, 376, |
|
1942 |
279, 280, -1, 282, 283, -1, -1, 286, -1, -1, |
||
1943 |
21 |
-1, 290, -1, 292, 293, 294, 295, 296, -1, -1, |
|
1944 |
✗✓ | 391 |
299, 300, 301, -1, -1, -1, 305, 10, -1, -1, |
1945 |
-1, 310, -1, -1, -1, -1, -1, -1, 317, -1, |
||
1946 |
-1, -1, 123, -1, -1, -1, -1, -1, -1, -1, |
||
1947 |
33, -1, -1, -1, 333, -1, -1, -1, -1, 338, |
||
1948 |
391 |
-1, -1, 341, -1, -1, -1, -1, -1, -1, 348, |
|
1949 |
391 |
349, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
1950 |
391 |
260, -1, -1, 263, 363, 364, -1, -1, -1, 269, |
|
1951 |
391 |
270, 370, 371, 372, 373, 374, 375, 376, -1, 279, |
|
1952 |
391 |
280, -1, 282, 283, -1, -1, 286, -1, -1, -1, |
|
1953 |
290, -1, 292, 293, 294, 295, 296, -1, -1, 299, |
||
1954 |
391 |
300, 301, -1, -1, -1, 305, 10, -1, -1, -1, |
|
1955 |
✗✓ | 100 |
310, -1, -1, -1, -1, -1, -1, 317, -1, -1, |
1956 |
123, -1, -1, -1, -1, -1, -1, -1, -1, 33, |
||
1957 |
-1, -1, -1, 333, -1, -1, -1, -1, 338, -1, |
||
1958 |
-1, 341, -1, -1, -1, -1, -1, -1, 348, 349, |
||
1959 |
100 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, 260, |
|
1960 |
100 |
-1, -1, -1, 363, 364, -1, -1, -1, 269, 270, |
|
1961 |
370, 371, 372, 373, 374, 375, 376, -1, 279, 280, |
||
1962 |
100 |
-1, 282, 283, -1, -1, 286, -1, -1, -1, 290, |
|
1963 |
-1, 292, 293, 294, 295, 296, -1, -1, 299, 300, |
||
1964 |
301, -1, -1, -1, 305, 10, -1, -1, -1, 310, |
||
1965 |
-1, -1, -1, -1, -1, -1, 317, -1, -1, 123, |
||
1966 |
-1, -1, -1, -1, -1, -1, -1, -1, 33, -1, |
||
1967 |
-1, -1, 333, -1, -1, -1, -1, 338, -1, -1, |
||
1968 |
341, -1, -1, -1, -1, -1, -1, 348, 349, -1, |
||
1969 |
-1, -1, -1, -1, -1, -1, -1, 260, -1, -1, |
||
1970 |
-1, -1, 363, 364, -1, -1, 269, 270, -1, 370, |
||
1971 |
371, 372, 373, 374, 375, 376, 279, 280, -1, 282, |
||
1972 |
283, -1, -1, 286, -1, -1, -1, 290, -1, 292, |
||
1973 |
293, 294, 295, 296, -1, -1, 299, 300, 301, -1, |
||
1974 |
-1, -1, 305, 10, -1, -1, -1, 310, -1, -1, |
||
1975 |
✗✓ | 23 |
-1, -1, -1, -1, 317, -1, -1, -1, 123, -1, |
1976 |
-1, -1, -1, -1, -1, -1, 33, -1, -1, -1, |
||
1977 |
333, -1, -1, -1, -1, 338, -1, -1, 341, -1, |
||
1978 |
-1, -1, -1, -1, -1, 348, 349, -1, -1, -1, |
||
1979 |
23 |
-1, -1, -1, -1, -1, -1, 260, -1, -1, -1, |
|
1980 |
23 |
363, 364, -1, -1, -1, -1, 270, 370, 371, 372, |
|
1981 |
373, 374, 375, 376, -1, 279, 280, -1, 282, 283, |
||
1982 |
23 |
-1, -1, 286, -1, -1, -1, 290, -1, 292, 293, |
|
1983 |
✗✓ | 304 |
294, 295, 296, -1, -1, 299, 300, 301, -1, -1, |
1984 |
-1, 305, 10, -1, -1, -1, 310, -1, -1, -1, |
||
1985 |
-1, -1, -1, 317, -1, -1, 123, -1, -1, -1, |
||
1986 |
-1, -1, -1, -1, -1, 33, -1, -1, -1, 333, |
||
1987 |
304 |
-1, -1, -1, -1, 338, -1, -1, 341, -1, -1, |
|
1988 |
304 |
-1, -1, -1, -1, 348, 349, -1, -1, -1, -1, |
|
1989 |
304 |
-1, -1, -1, -1, -1, 260, -1, -1, -1, 363, |
|
1990 |
364, -1, -1, -1, -1, 270, 370, 371, 372, 373, |
||
1991 |
304 |
374, 375, 376, -1, 279, 280, -1, 282, 283, -1, |
|
1992 |
4 |
-1, 286, -1, -1, -1, 290, -1, 292, 293, 294, |
|
1993 |
295, 296, -1, -1, 299, 300, 301, -1, -1, -1, |
||
1994 |
4 |
305, 10, -1, -1, -1, 310, -1, -1, -1, -1, |
|
1995 |
15 |
-1, -1, 317, -1, -1, 123, -1, -1, -1, -1, |
|
1996 |
-1, -1, -1, -1, 33, -1, -1, -1, 333, -1, |
||
1997 |
15 |
-1, -1, -1, 338, -1, -1, 341, -1, -1, -1, |
|
1998 |
✗✓ | 293 |
-1, -1, -1, 348, 349, -1, -1, -1, -1, -1, |
1999 |
-1, -1, -1, 260, -1, -1, -1, -1, 363, 364, |
||
2000 |
-1, -1, -1, 270, -1, 370, 371, 372, 373, 374, |
||
2001 |
375, 376, 279, 280, -1, 282, 283, -1, -1, 286, |
||
2002 |
293 |
-1, -1, -1, 290, -1, 292, 293, 294, 295, 296, |
|
2003 |
-1, -1, 299, 300, 301, -1, -1, -1, 305, -1, |
||
2004 |
293 |
-1, -1, -1, 310, -1, -1, -1, -1, -1, -1, |
|
2005 |
317, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
2006 |
-1, -1, 33, -1, -1, -1, 333, -1, -1, -1, |
||
2007 |
-1, 338, -1, -1, 341, -1, -1, -1, -1, -1, |
||
2008 |
-1, 348, 349, -1, -1, -1, -1, -1, -1, -1, |
||
2009 |
-1, -1, 260, -1, -1, -1, 363, 364, -1, -1, |
||
2010 |
-1, -1, 270, 370, 371, 372, 373, 374, 375, 376, |
||
2011 |
-1, 279, 280, -1, 282, 283, -1, -1, 286, -1, |
||
2012 |
25 |
-1, -1, 290, -1, 292, 293, 294, 295, 296, -1, |
|
2013 |
-1, 299, 300, 301, -1, -1, -1, 305, -1, -1, |
||
2014 |
25 |
-1, -1, 310, -1, -1, -1, -1, -1, -1, 317, |
|
2015 |
32 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
2016 |
32 |
-1, -1, -1, -1, -1, 333, -1, -1, -1, -1, |
|
2017 |
338, -1, -1, 341, -1, -1, -1, -1, -1, -1, |
||
2018 |
32 |
348, 349, -1, -1, -1, -1, -1, -1, -1, -1, |
|
2019 |
-1, 260, -1, -1, -1, 363, 364, -1, -1, -1, |
||
2020 |
-1, 270, 370, 371, 372, 373, 374, 375, 376, -1, |
||
2021 |
12 |
279, 280, -1, 282, 283, -1, -1, 286, -1, -1, |
|
2022 |
✗✓ | 12 |
-1, 290, -1, 292, 293, 294, 295, 296, -1, -1, |
2023 |
299, 300, 301, -1, -1, -1, 305, -1, -1, -1, |
||
2024 |
-1, 310, -1, -1, -1, -1, -1, -1, 317, -1, |
||
2025 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
||
2026 |
12 |
-1, -1, -1, -1, 333, -1, -1, -1, -1, 338, |
|
2027 |
12 |
-1, -1, 341, -1, -1, -1, -1, -1, -1, 348, |
|
2028 |
349, -1, -1, -1, -1, -1, -1, -1, -1, 260, |
||
2029 |
✗✓ | 12 |
-1, -1, -1, -1, 363, 364, -1, -1, -1, 270, |
2030 |
-1, 370, 371, 372, 373, 374, 375, 376, 279, 280, |
||
2031 |
✓✗✗✓ |
4 |
-1, 282, 283, -1, -1, 286, -1, -1, -1, 290, |
2032 |
-1, 292, 293, 294, 295, 296, -1, -1, 299, 300, |
||
2033 |
301, -1, -1, -1, 305, -1, -1, -1, -1, 310, |
||
2034 |
-1, -1, -1, -1, -1, -1, 317, -1, -1, -1, |
||
2035 |
2 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
|
2036 |
-1, -1, 333, -1, -1, -1, -1, 338, -1, -1, |
||
2037 |
2 |
341, -1, -1, -1, -1, -1, -1, 348, 349, -1, |
|
2038 |
✗✓ | 22 |
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, |
2039 |
-1, -1, -1, 364, -1, -1, -1, -1, -1, 370, |
||
2040 |
371, 372, 373, 374, 375, |
||
2041 |
}; |
||
2042 |
#define YYFINAL 2 |
||
2043 |
#ifndef YYDEBUG |
||
2044 |
22 |
#define YYDEBUG 0 |
|
2045 |
22 |
#endif |
|
2046 |
✗✓ | 22 |
#define YYMAXTOKEN 382 |
2047 |
#if YYDEBUG |
||
2048 |
const char * const yyname[] = |
||
2049 |
{ |
||
2050 |
"end-of-file",0,0,0,0,0,0,0,0,0,"'\\n'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
||
2051 |
0,0,"'!'",0,0,0,0,0,0,"'('","')'",0,0,"','","'-'",0,"'/'",0,0,0,0,0,0,0,0,0,0,0, |
||
2052 |
2 |
0,"'<'","'='","'>'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
|
2053 |
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'{'",0,"'}'",0,0,0, |
||
2054 |
2 |
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
|
2055 |
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
||
2056 |
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
||
2057 |
0,0,0,0,0,0,0,0,"PASS","BLOCK","MATCH","SCRUB","RETURN","IN","OS","OUT","LOG", |
||
2058 |
"QUICK","ON","FROM","TO","FLAGS","RETURNRST","RETURNICMP","RETURNICMP6","PROTO", |
||
2059 |
"INET","INET6","ALL","ANY","ICMPTYPE","ICMP6TYPE","CODE","KEEP","MODULATE", |
||
2060 |
"STATE","PORT","BINATTO","NODF","MINTTL","ERROR","ALLOWOPTS","FILENAME", |
||
2061 |
"ROUTETO","DUPTO","REPLYTO","NO","LABEL","NOROUTE","URPFFAILED","FRAGMENT", |
||
2062 |
"USER","GROUP","MAXMSS","MAXIMUM","TTL","TOS","DROP","TABLE","REASSEMBLE", |
||
2063 |
"ANCHOR","SET","OPTIMIZATION","TIMEOUT","LIMIT","LOGINTERFACE","BLOCKPOLICY", |
||
2064 |
"RANDOMID","SYNPROXY","FINGERPRINTS","NOSYNC","DEBUG","SKIP","HOSTID", |
||
2065 |
"ANTISPOOF","FOR","INCLUDE","MATCHES","BITMASK","RANDOM","SOURCEHASH", |
||
2066 |
"ROUNDROBIN","LEASTSTATES","STATICPORT","PROBABILITY","WEIGHT","BANDWIDTH", |
||
2067 |
"FLOWS","QUANTUM","QUEUE","PRIORITY","QLIMIT","RTABLE","RDOMAIN","MINIMUM", |
||
2068 |
"BURST","PARENT","LOAD","RULESET_OPTIMIZATION","PRIO","ONCE","DEFAULT", |
||
2069 |
"STICKYADDRESS","MAXSRCSTATES","MAXSRCNODES","SOURCETRACK","GLOBAL","RULE", |
||
2070 |
138 |
"MAXSRCCONN","MAXSRCCONNRATE","OVERLOAD","FLUSH","SLOPPY","PFLOW","TAGGED", |
|
2071 |
138 |
"TAG","IFBOUND","FLOATING","STATEPOLICY","STATEDEFAULTS","ROUTE","DIVERTTO", |
|
2072 |
138 |
"DIVERTREPLY","DIVERTPACKET","NATTO","AFTO","RDRTO","RECEIVEDON","NE","LE","GE", |
|
2073 |
138 |
"STRING","NUMBER","PORTBINARY", |
|
2074 |
✓✓ | 138 |
}; |
2075 |
12 |
const char * const yyrule[] = |
|
2076 |
138 |
{"$accept : ruleset", |
|
2077 |
"ruleset :", |
||
2078 |
138 |
"ruleset : ruleset include '\\n'", |
|
2079 |
✗✓ | 224 |
"ruleset : ruleset '\\n'", |
2080 |
"ruleset : ruleset option '\\n'", |
||
2081 |
"ruleset : ruleset pfrule '\\n'", |
||
2082 |
"ruleset : ruleset anchorrule '\\n'", |
||
2083 |
224 |
"ruleset : ruleset loadrule '\\n'", |
|
2084 |
224 |
"ruleset : ruleset queuespec '\\n'", |
|
2085 |
"ruleset : ruleset varset '\\n'", |
||
2086 |
"ruleset : ruleset antispoof '\\n'", |
||
2087 |
224 |
"ruleset : ruleset tabledef '\\n'", |
|
2088 |
✗✓ | 8 |
"ruleset : '{' fakeanchor '}' '\\n'", |
2089 |
"ruleset : ruleset error '\\n'", |
||
2090 |
"include : INCLUDE STRING", |
||
2091 |
"fakeanchor : fakeanchor '\\n'", |
||
2092 |
✗✓ | 8 |
"fakeanchor : fakeanchor anchorrule '\\n'", |
2093 |
"fakeanchor : fakeanchor pfrule '\\n'", |
||
2094 |
"fakeanchor : fakeanchor error '\\n'", |
||
2095 |
"optimizer : string", |
||
2096 |
8 |
"optnodf :", |
|
2097 |
8 |
"optnodf : NODF", |
|
2098 |
8 |
"option : SET REASSEMBLE yesno optnodf", |
|
2099 |
"option : SET OPTIMIZATION STRING", |
||
2100 |
8 |
"option : SET RULESET_OPTIMIZATION optimizer", |
|
2101 |
8 |
"option : SET TIMEOUT timeout_spec", |
|
2102 |
8 |
"option : SET TIMEOUT '{' optnl timeout_list '}'", |
|
2103 |
"option : SET LIMIT limit_spec", |
||
2104 |
8 |
"option : SET LIMIT '{' optnl limit_list '}'", |
|
2105 |
"option : SET LOGINTERFACE stringall", |
||
2106 |
8 |
"option : SET HOSTID number", |
|
2107 |
"option : SET BLOCKPOLICY DROP", |
||
2108 |
"option : SET BLOCKPOLICY RETURN", |
||
2109 |
"option : SET FINGERPRINTS STRING", |
||
2110 |
"option : SET STATEPOLICY statelock", |
||
2111 |
"option : SET DEBUG STRING", |
||
2112 |
"option : SET DEBUG DEBUG", |
||
2113 |
"option : SET SKIP interface", |
||
2114 |
"option : SET STATEDEFAULTS state_opt_list", |
||
2115 |
"stringall : STRING", |
||
2116 |
"stringall : ALL", |
||
2117 |
"string : STRING string", |
||
2118 |
"string : STRING", |
||
2119 |
"varstring : numberstring varstring", |
||
2120 |
"varstring : numberstring", |
||
2121 |
"numberstring : NUMBER", |
||
2122 |
"numberstring : STRING", |
||
2123 |
"varset : STRING '=' varstring", |
||
2124 |
"anchorname : STRING", |
||
2125 |
"anchorname :", |
||
2126 |
"pfa_anchorlist :", |
||
2127 |
"pfa_anchorlist : pfa_anchorlist '\\n'", |
||
2128 |
"pfa_anchorlist : pfa_anchorlist pfrule '\\n'", |
||
2129 |
"pfa_anchorlist : pfa_anchorlist anchorrule '\\n'", |
||
2130 |
"pfa_anchorlist : pfa_anchorlist include '\\n'", |
||
2131 |
"$$1 :", |
||
2132 |
✗✓ | 185 |
"pfa_anchor : '{' $$1 '\\n' pfa_anchorlist '}'", |
2133 |
"pfa_anchor :", |
||
2134 |
"anchorrule : ANCHOR anchorname dir quick interface af proto fromto filter_opts pfa_anchor", |
||
2135 |
"loadrule : LOAD ANCHOR string FROM string", |
||
2136 |
185 |
"$$2 :", |
|
2137 |
185 |
"scrub_opts : $$2 scrub_opts_l", |
|
2138 |
"scrub_opts_l : scrub_opts_l comma scrub_opt", |
||
2139 |
"scrub_opts_l : scrub_opt", |
||
2140 |
185 |
"scrub_opt : NODF", |
|
2141 |
✗✓ | 166 |
"scrub_opt : MINTTL NUMBER", |
2142 |
"scrub_opt : MAXMSS NUMBER", |
||
2143 |
"scrub_opt : REASSEMBLE STRING", |
||
2144 |
"scrub_opt : RANDOMID", |
||
2145 |
166 |
"antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts", |
|
2146 |
166 |
"antispoof_ifspc : FOR antispoof_if", |
|
2147 |
166 |
"antispoof_ifspc : FOR '{' optnl antispoof_iflst '}'", |
|
2148 |
"antispoof_iflst : antispoof_if optnl", |
||
2149 |
166 |
"antispoof_iflst : antispoof_iflst comma antispoof_if optnl", |
|
2150 |
"antispoof_if : if_item", |
||
2151 |
166 |
"antispoof_if : '(' if_item ')'", |
|
2152 |
39 |
"$$3 :", |
|
2153 |
39 |
"antispoof_opts : $$3 antispoof_opts_l", |
|
2154 |
39 |
"antispoof_opts :", |
|
2155 |
39 |
"antispoof_opts_l : antispoof_opts_l antispoof_opt", |
|
2156 |
"antispoof_opts_l : antispoof_opt", |
||
2157 |
✓✓ | 39 |
"antispoof_opt : LABEL label", |
2158 |
4 |
"antispoof_opt : RTABLE NUMBER", |
|
2159 |
"not : '!'", |
||
2160 |
"not :", |
||
2161 |
23 |
"tabledef : TABLE '<' STRING '>' table_opts", |
|
2162 |
23 |
"$$4 :", |
|
2163 |
23 |
"table_opts : $$4 table_opts_l", |
|
2164 |
✓✓ | 23 |
"table_opts :", |
2165 |
3 |
"table_opts_l : table_opts_l table_opt", |
|
2166 |
"table_opts_l : table_opt", |
||
2167 |
"table_opt : STRING", |
||
2168 |
30 |
"table_opt : '{' optnl '}'", |
|
2169 |
30 |
"table_opt : '{' optnl table_host_list '}'", |
|
2170 |
30 |
"table_opt : FILENAME STRING", |
|
2171 |
30 |
"tablespec : xhost optweight", |
|
2172 |
"tablespec : '{' optnl table_host_list '}'", |
||
2173 |
✗✓ | 30 |
"table_host_list : tablespec optnl", |
2174 |
"table_host_list : table_host_list comma tablespec optnl", |
||
2175 |
"queuespec : QUEUE STRING interface queue_opts", |
||
2176 |
"$$5 :", |
||
2177 |
"queue_opts : $$5 queue_opts_l", |
||
2178 |
"queue_opts_l : queue_opts_l queue_opt", |
||
2179 |
"queue_opts_l : queue_opt", |
||
2180 |
"queue_opt : BANDWIDTH scspec optscs", |
||
2181 |
"queue_opt : PARENT STRING", |
||
2182 |
"queue_opt : DEFAULT", |
||
2183 |
"queue_opt : QLIMIT NUMBER", |
||
2184 |
"queue_opt : FLOWS NUMBER", |
||
2185 |
"queue_opt : QUANTUM NUMBER", |
||
2186 |
"optscs :", |
||
2187 |
"optscs : comma MINIMUM scspec", |
||
2188 |
"optscs : comma MAXIMUM scspec", |
||
2189 |
"optscs : comma MINIMUM scspec comma MAXIMUM scspec", |
||
2190 |
16 |
"optscs : comma MAXIMUM scspec comma MINIMUM scspec", |
|
2191 |
50 |
"scspec : bandwidth", |
|
2192 |
34 |
"scspec : bandwidth BURST bandwidth FOR STRING", |
|
2193 |
"bandwidth : STRING", |
||
2194 |
"bandwidth : NUMBER", |
||
2195 |
"pfrule : action dir logquick interface af proto fromto filter_opts", |
||
2196 |
"$$6 :", |
||
2197 |
"filter_opts : $$6 filter_opts_l", |
||
2198 |
"filter_opts :", |
||
2199 |
✗✓ | 28 |
"filter_opts_l : filter_opts_l filter_opt", |
2200 |
"filter_opts_l : filter_opt", |
||
2201 |
"filter_opt : USER uids", |
||
2202 |
"filter_opt : GROUP gids", |
||
2203 |
28 |
"filter_opt : flags", |
|
2204 |
28 |
"filter_opt : icmpspec", |
|
2205 |
28 |
"filter_opt : PRIO NUMBER", |
|
2206 |
"filter_opt : TOS tos", |
||
2207 |
28 |
"filter_opt : keep", |
|
2208 |
✗✓ | 2 |
"filter_opt : FRAGMENT", |
2209 |
"filter_opt : ALLOWOPTS", |
||
2210 |
"filter_opt : LABEL label", |
||
2211 |
"filter_opt : QUEUE qname", |
||
2212 |
2 |
"filter_opt : TAG string", |
|
2213 |
"filter_opt : not TAGGED string", |
||
2214 |
2 |
"filter_opt : PROBABILITY probability", |
|
2215 |
✗✓ | 20 |
"filter_opt : RTABLE NUMBER", |
2216 |
"filter_opt : DIVERTTO STRING PORT portplain", |
||
2217 |
"filter_opt : DIVERTREPLY", |
||
2218 |
"filter_opt : DIVERTPACKET PORT number", |
||
2219 |
20 |
"filter_opt : SCRUB '(' scrub_opts ')'", |
|
2220 |
20 |
"filter_opt : NATTO redirpool pool_opts", |
|
2221 |
"filter_opt : AFTO af FROM redirpool pool_opts", |
||
2222 |
20 |
"filter_opt : AFTO af FROM redirpool pool_opts TO redirpool pool_opts", |
|
2223 |
"filter_opt : RDRTO redirpool pool_opts", |
||
2224 |
"filter_opt : BINATTO redirpool pool_opts", |
||
2225 |
✓✓✓✓ |
51 |
"filter_opt : ROUTETO routespec pool_opts", |
2226 |
2 |
"filter_opt : REPLYTO routespec pool_opts", |
|
2227 |
2 |
"filter_opt : DUPTO routespec pool_opts", |
|
2228 |
"filter_opt : not RECEIVEDON if_item", |
||
2229 |
24 |
"filter_opt : ONCE", |
|
2230 |
"filter_opt : filter_sets", |
||
2231 |
24 |
"filter_sets : SET '(' filter_sets_l ')'", |
|
2232 |
✓✗✓✗ ✗✓ |
12 |
"filter_sets : SET filter_set", |
2233 |
✓✗ | 8 |
"filter_sets_l : filter_sets_l comma filter_set", |
2234 |
"filter_sets_l : filter_set", |
||
2235 |
"filter_set : prio", |
||
2236 |
"filter_set : QUEUE qname", |
||
2237 |
4 |
"filter_set : TOS tos", |
|
2238 |
4 |
"prio : PRIO NUMBER", |
|
2239 |
"prio : PRIO '(' NUMBER comma NUMBER ')'", |
||
2240 |
4 |
"probability : STRING", |
|
2241 |
"probability : NUMBER", |
||
2242 |
"action : PASS", |
||
2243 |
12 |
"action : MATCH", |
|
2244 |
12 |
"action : BLOCK blockspec", |
|
2245 |
"blockspec :", |
||
2246 |
✓✓ | 12 |
"blockspec : DROP", |
2247 |
9 |
"blockspec : RETURNRST", |
|
2248 |
9 |
"blockspec : RETURNRST '(' TTL NUMBER ')'", |
|
2249 |
9 |
"blockspec : RETURNICMP", |
|
2250 |
✗✓ | 12 |
"blockspec : RETURNICMP6", |
2251 |
"blockspec : RETURNICMP '(' reticmpspec ')'", |
||
2252 |
"blockspec : RETURNICMP6 '(' reticmp6spec ')'", |
||
2253 |
"blockspec : RETURNICMP '(' reticmpspec comma reticmp6spec ')'", |
||
2254 |
"blockspec : RETURN", |
||
2255 |
12 |
"reticmpspec : STRING", |
|
2256 |
12 |
"reticmpspec : NUMBER", |
|
2257 |
✗✓ | 24 |
"reticmp6spec : STRING", |
2258 |
"reticmp6spec : NUMBER", |
||
2259 |
"dir :", |
||
2260 |
"dir : IN", |
||
2261 |
"dir : OUT", |
||
2262 |
"quick :", |
||
2263 |
"quick : QUICK", |
||
2264 |
1444 |
"logquick :", |
|
2265 |
2254 |
"logquick : log", |
|
2266 |
1404 |
"logquick : QUICK", |
|
2267 |
594 |
"logquick : log QUICK", |
|
2268 |
"logquick : QUICK log", |
||
2269 |
"log : LOG", |
||
2270 |
251 |
"log : LOG '(' logopts ')'", |
|
2271 |
251 |
"logopts : logopt", |
|
2272 |
251 |
"logopts : logopts comma logopt", |
|
2273 |
"logopt : ALL", |
||
2274 |
251 |
"logopt : MATCHES", |
|
2275 |
171 |
"logopt : USER", |
|
2276 |
171 |
"logopt : GROUP", |
|
2277 |
171 |
"logopt : TO string", |
|
2278 |
"interface :", |
||
2279 |
171 |
"interface : ON if_item_not", |
|
2280 |
28 |
"interface : ON '{' optnl if_list '}'", |
|
2281 |
28 |
"if_list : if_item_not optnl", |
|
2282 |
28 |
"if_list : if_list comma if_item_not optnl", |
|
2283 |
"if_item_not : not if_item", |
||
2284 |
28 |
"if_item : STRING", |
|
2285 |
✓✗✗✓ |
16 |
"if_item : ANY", |
2286 |
"if_item : RDOMAIN NUMBER", |
||
2287 |
"af :", |
||
2288 |
"af : INET", |
||
2289 |
8 |
"af : INET6", |
|
2290 |
8 |
"proto :", |
|
2291 |
8 |
"proto : PROTO proto_item", |
|
2292 |
"proto : PROTO '{' optnl proto_list '}'", |
||
2293 |
8 |
"proto_list : proto_item optnl", |
|
2294 |
16 |
"proto_list : proto_list comma proto_item optnl", |
|
2295 |
16 |
"proto_item : protoval", |
|
2296 |
16 |
"protoval : STRING", |
|
2297 |
"protoval : NUMBER", |
||
2298 |
16 |
"fromto : ALL", |
|
2299 |
3 |
"fromto : from os to", |
|
2300 |
3 |
"os :", |
|
2301 |
3 |
"os : OS xos", |
|
2302 |
"os : OS '{' optnl os_list '}'", |
||
2303 |
3 |
"xos : STRING", |
|
2304 |
33 |
"os_list : xos optnl", |
|
2305 |
33 |
"os_list : os_list comma xos optnl", |
|
2306 |
33 |
"from :", |
|
2307 |
"from : FROM ipportspec", |
||
2308 |
33 |
"to :", |
|
2309 |
41 |
"to : TO ipportspec", |
|
2310 |
41 |
"ipportspec : ipspec", |
|
2311 |
41 |
"ipportspec : ipspec PORT portspec", |
|
2312 |
"ipportspec : PORT portspec", |
||
2313 |
41 |
"optnl : '\\n' optnl", |
|
2314 |
12 |
"optnl :", |
|
2315 |
12 |
"ipspec : ANY", |
|
2316 |
12 |
"ipspec : xhost", |
|
2317 |
"ipspec : '{' optnl host_list '}'", |
||
2318 |
12 |
"host_list : ipspec optnl", |
|
2319 |
31 |
"host_list : host_list comma ipspec optnl", |
|
2320 |
31 |
"xhost : not host", |
|
2321 |
31 |
"xhost : not NOROUTE", |
|
2322 |
"xhost : not URPFFAILED", |
||
2323 |
31 |
"optweight : WEIGHT NUMBER", |
|
2324 |
"optweight :", |
||
2325 |
"host : STRING", |
||
2326 |
✗✓ | 60 |
"host : STRING '-' STRING", |
2327 |
"host : STRING '/' NUMBER", |
||
2328 |
"host : NUMBER '/' NUMBER", |
||
2329 |
"host : dynaddr", |
||
2330 |
30 |
"host : dynaddr '/' NUMBER", |
|
2331 |
"host : '<' STRING '>'", |
||
2332 |
"host : ROUTE STRING", |
||
2333 |
"number : NUMBER", |
||
2334 |
"number : STRING", |
||
2335 |
✓✗✗✓ |
30 |
"dynaddr : '(' STRING ')'", |
2336 |
"portspec : port_item", |
||
2337 |
"portspec : '{' optnl port_list '}'", |
||
2338 |
"port_list : port_item optnl", |
||
2339 |
15 |
"port_list : port_list comma port_item optnl", |
|
2340 |
15 |
"port_item : portrange", |
|
2341 |
✗✓ | 15 |
"port_item : unaryop portrange", |
2342 |
"port_item : portrange PORTBINARY portrange", |
||
2343 |
"portplain : numberstring", |
||
2344 |
"portrange : numberstring", |
||
2345 |
✗✓ | 70 |
"uids : uid_item", |
2346 |
"uids : '{' optnl uid_list '}'", |
||
2347 |
"uid_list : uid_item optnl", |
||
2348 |
"uid_list : uid_list comma uid_item optnl", |
||
2349 |
35 |
"uid_item : uid", |
|
2350 |
"uid_item : unaryop uid", |
||
2351 |
"uid_item : uid PORTBINARY uid", |
||
2352 |
"uid : STRING", |
||
2353 |
"uid : NUMBER", |
||
2354 |
✓✗✗✓ |
36 |
"gids : gid_item", |
2355 |
"gids : '{' optnl gid_list '}'", |
||
2356 |
"gid_list : gid_item optnl", |
||
2357 |
"gid_list : gid_list comma gid_item optnl", |
||
2358 |
18 |
"gid_item : gid", |
|
2359 |
18 |
"gid_item : unaryop gid", |
|
2360 |
✗✓ | 18 |
"gid_item : gid PORTBINARY gid", |
2361 |
"gid : STRING", |
||
2362 |
"gid : NUMBER", |
||
2363 |
662 |
"flag : STRING", |
|
2364 |
2463 |
"flags : FLAGS flag '/' flag", |
|
2365 |
2321 |
"flags : FLAGS '/' flag", |
|
2366 |
520 |
"flags : FLAGS ANY", |
|
2367 |
"icmpspec : ICMPTYPE icmp_item", |
||
2368 |
135 |
"icmpspec : ICMPTYPE '{' optnl icmp_list '}'", |
|
2369 |
135 |
"icmpspec : ICMP6TYPE icmp6_item", |
|
2370 |
"icmpspec : ICMP6TYPE '{' optnl icmp6_list '}'", |
||
2371 |
"icmp_list : icmp_item optnl", |
||
2372 |
2493 |
"icmp_list : icmp_list comma icmp_item optnl", |
|
2373 |
2649 |
"icmp6_list : icmp6_item optnl", |
|
2374 |
268 |
"icmp6_list : icmp6_list comma icmp6_item optnl", |
|
2375 |
203 |
"icmp_item : icmptype", |
|
2376 |
103 |
"icmp_item : icmptype CODE STRING", |
|
2377 |
12 |
"icmp_item : icmptype CODE NUMBER", |
|
2378 |
"icmp6_item : icmp6type", |
||
2379 |
214 |
"icmp6_item : icmp6type CODE STRING", |
|
2380 |
214 |
"icmp6_item : icmp6type CODE NUMBER", |
|
2381 |
45 |
"icmptype : STRING", |
|
2382 |
45 |
"icmptype : NUMBER", |
|
2383 |
"icmp6type : STRING", |
||
2384 |
45 |
"icmp6type : NUMBER", |
|
2385 |
"tos : STRING", |
||
2386 |
45 |
"tos : NUMBER", |
|
2387 |
45 |
"sourcetrack :", |
|
2388 |
12 |
"sourcetrack : GLOBAL", |
|
2389 |
12 |
"sourcetrack : RULE", |
|
2390 |
✓✓ | 12 |
"statelock : IFBOUND", |
2391 |
7 |
"statelock : FLOATING", |
|
2392 |
"keep : NO STATE", |
||
2393 |
"keep : KEEP STATE state_opt_spec", |
||
2394 |
"keep : MODULATE STATE state_opt_spec", |
||
2395 |
33 |
"keep : SYNPROXY STATE state_opt_spec", |
|
2396 |
33 |
"flush :", |
|
2397 |
12 |
"flush : FLUSH", |
|
2398 |
12 |
"flush : FLUSH GLOBAL", |
|
2399 |
"state_opt_spec : '(' state_opt_list ')'", |
||
2400 |
12 |
"state_opt_spec :", |
|
2401 |
"state_opt_list : state_opt_item", |
||
2402 |
"state_opt_list : state_opt_list comma state_opt_item", |
||
2403 |
12 |
"state_opt_item : MAXIMUM NUMBER", |
|
2404 |
✗✓ | 12 |
"state_opt_item : NOSYNC", |
2405 |
"state_opt_item : MAXSRCSTATES NUMBER", |
||
2406 |
"state_opt_item : MAXSRCCONN NUMBER", |
||
2407 |
"state_opt_item : MAXSRCCONNRATE NUMBER '/' NUMBER", |
||
2408 |
"state_opt_item : OVERLOAD '<' STRING '>' flush", |
||
2409 |
12 |
"state_opt_item : MAXSRCNODES NUMBER", |
|
2410 |
✗✓ | 12 |
"state_opt_item : SOURCETRACK sourcetrack", |
2411 |
"state_opt_item : statelock", |
||
2412 |
"state_opt_item : SLOPPY", |
||
2413 |
"state_opt_item : PFLOW", |
||
2414 |
"state_opt_item : STRING NUMBER", |
||
2415 |
12 |
"label : STRING", |
|
2416 |
12 |
"qname : STRING", |
|
2417 |
✗✓ | 24 |
"qname : '(' STRING ')'", |
2418 |
"qname : '(' STRING comma STRING ')'", |
||
2419 |
"portstar : numberstring", |
||
2420 |
1316 |
"redirspec : host optweight", |
|
2421 |
3000 |
"redirspec : '{' optnl redir_host_list '}'", |
|
2422 |
1702 |
"redir_host_list : host optweight optnl", |
|
2423 |
18 |
"redir_host_list : redir_host_list comma host optweight optnl", |
|
2424 |
"redirpool : redirspec", |
||
2425 |
18 |
"redirpool : redirspec PORT portstar", |
|
2426 |
18 |
"hashkey :", |
|
2427 |
18 |
"hashkey : string", |
|
2428 |
18 |
"$$7 :", |
|
2429 |
18 |
"pool_opts : $$7 pool_opts_l", |
|
2430 |
"pool_opts :", |
||
2431 |
18 |
"pool_opts_l : pool_opts_l pool_opt", |
|
2432 |
"pool_opts_l : pool_opt", |
||
2433 |
1720 |
"pool_opt : BITMASK", |
|
2434 |
1720 |
"pool_opt : RANDOM", |
|
2435 |
"pool_opt : SOURCEHASH hashkey", |
||
2436 |
"pool_opt : ROUNDROBIN", |
||
2437 |
"pool_opt : LEASTSTATES", |
||
2438 |
"pool_opt : STATICPORT", |
||
2439 |
1739 |
"pool_opt : STICKYADDRESS", |
|
2440 |
✗✓ | 1739 |
"route_host : STRING", |
2441 |
"route_host : STRING '/' STRING", |
||
2442 |
✗✓ | 1739 |
"route_host : '<' STRING '>'", |
2443 |
"route_host : dynaddr '/' NUMBER", |
||
2444 |
"route_host : '(' STRING host ')'", |
||
2445 |
"route_host_list : route_host optweight optnl", |
||
2446 |
"route_host_list : route_host_list comma route_host optweight optnl", |
||
2447 |
"routespec : route_host optweight", |
||
2448 |
"routespec : '{' optnl route_host_list '}'", |
||
2449 |
"timeout_spec : STRING NUMBER", |
||
2450 |
✓✓ | 1739 |
"timeout_list : timeout_list comma timeout_spec optnl", |
2451 |
1637 |
"timeout_list : timeout_spec optnl", |
|
2452 |
"limit_spec : STRING NUMBER", |
||
2453 |
1739 |
"limit_list : limit_list comma limit_spec optnl", |
|
2454 |
1739 |
"limit_list : limit_spec optnl", |
|
2455 |
1739 |
"comma : ','", |
|
2456 |
1739 |
"comma :", |
|
2457 |
✗✓ | 1739 |
"yesno : NO", |
2458 |
"yesno : STRING", |
||
2459 |
"unaryop : '='", |
||
2460 |
"unaryop : NE", |
||
2461 |
"unaryop : LE", |
||
2462 |
"unaryop : '<'", |
||
2463 |
"unaryop : GE", |
||
2464 |
"unaryop : '>'", |
||
2465 |
}; |
||
2466 |
#endif |
||
2467 |
#ifdef YYSTACKSIZE |
||
2468 |
#undef YYMAXDEPTH |
||
2469 |
#define YYMAXDEPTH YYSTACKSIZE |
||
2470 |
#else |
||
2471 |
#ifdef YYMAXDEPTH |
||
2472 |
#define YYSTACKSIZE YYMAXDEPTH |
||
2473 |
#else |
||
2474 |
#define YYSTACKSIZE 10000 |
||
2475 |
#define YYMAXDEPTH 10000 |
||
2476 |
#endif |
||
2477 |
#endif |
||
2478 |
#define YYINITSTACKSIZE 200 |
||
2479 |
/* LINTUSED */ |
||
2480 |
int yydebug; |
||
2481 |
int yynerrs; |
||
2482 |
int yyerrflag; |
||
2483 |
2017 |
int yychar; |
|
2484 |
2693 |
short *yyssp; |
|
2485 |
990 |
YYSTYPE *yyvsp; |
|
2486 |
314 |
YYSTYPE yyval; |
|
2487 |
YYSTYPE yylval; |
||
2488 |
1795 |
short *yyss; |
|
2489 |
2957 |
short *yysslim; |
|
2490 |
1185 |
YYSTYPE *yyvs; |
|
2491 |
23 |
unsigned int yystacksize; |
|
2492 |
int yyparse(void); |
||
2493 |
23 |
#line 3906 "parse.y" |
|
2494 |
23 |
||
2495 |
32 |
int |
|
2496 |
32 |
yyerror(const char *fmt, ...) |
|
2497 |
32 |
{ |
|
2498 |
va_list ap; |
||
2499 |
32 |
||
2500 |
file->errors++; |
||
2501 |
va_start(ap, fmt); |
||
2502 |
fprintf(stderr, "%s:%d: ", file->name, yylval.lineno); |
||
2503 |
vfprintf(stderr, fmt, ap); |
||
2504 |
1217 |
fprintf(stderr, "\n"); |
|
2505 |
✗✓ | 1217 |
va_end(ap); |
2506 |
return (0); |
||
2507 |
} |
||
2508 |
|||
2509 |
1217 |
int |
|
2510 |
✗✓ | 1217 |
disallow_table(struct node_host *h, const char *fmt) |
2511 |
{ |
||
2512 |
1217 |
for (; h != NULL; h = h->next) |
|
2513 |
1217 |
if (h->addr.type == PF_ADDR_TABLE) { |
|
2514 |
1217 |
yyerror(fmt, h->addr.v.tblname); |
|
2515 |
✗✓ | 1217 |
return (1); |
2516 |
} |
||
2517 |
return (0); |
||
2518 |
} |
||
2519 |
|||
2520 |
int |
||
2521 |
1204 |
disallow_urpf_failed(struct node_host *h, const char *fmt) |
|
2522 |
✗✓ | 1204 |
{ |
2523 |
for (; h != NULL; h = h->next) |
||
2524 |
if (h->addr.type == PF_ADDR_URPFFAILED) { |
||
2525 |
yyerror(fmt); |
||
2526 |
return (1); |
||
2527 |
1204 |
} |
|
2528 |
1204 |
return (0); |
|
2529 |
✗✓ | 1204 |
} |
2530 |
|||
2531 |
✓✗✗✓ |
26 |
int |
2532 |
disallow_alias(struct node_host *h, const char *fmt) |
||
2533 |
{ |
||
2534 |
for (; h != NULL; h = h->next) |
||
2535 |
if (DYNIF_MULTIADDR(h->addr)) { |
||
2536 |
yyerror(fmt, h->addr.v.tblname); |
||
2537 |
return (1); |
||
2538 |
} |
||
2539 |
732 |
return (0); |
|
2540 |
732 |
} |
|
2541 |
732 |
||
2542 |
732 |
int |
|
2543 |
732 |
rule_consistent(struct pf_rule *r, int anchor_call) |
|
2544 |
{ |
||
2545 |
732 |
int problems = 0; |
|
2546 |
2222 |
||
2547 |
2222 |
if (r->proto != IPPROTO_TCP && r->os_fingerprint != PF_OSFP_ANY) { |
|
2548 |
2222 |
yyerror("os only applies to tcp"); |
|
2549 |
problems++; |
||
2550 |
2222 |
} |
|
2551 |
if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && |
||
2552 |
2224 |
(r->src.port_op || r->dst.port_op)) { |
|
2553 |
2224 |
yyerror("port only applies to tcp/udp"); |
|
2554 |
problems++; |
||
2555 |
} |
||
2556 |
if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && |
||
2557 |
r->uid.op) { |
||
2558 |
yyerror("user only applies to tcp/udp"); |
||
2559 |
problems++; |
||
2560 |
} |
||
2561 |
if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && |
||
2562 |
r->gid.op) { |
||
2563 |
yyerror("group only applies to tcp/udp"); |
||
2564 |
problems++; |
||
2565 |
} |
||
2566 |
if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 && |
||
2567 |
(r->type || r->code)) { |
||
2568 |
yyerror("icmp-type/code only applies to icmp"); |
||
2569 |
problems++; |
||
2570 |
} |
||
2571 |
if (!r->af && (r->type || r->code)) { |
||
2572 |
yyerror("must indicate address family with icmp-type/code"); |
||
2573 |
problems++; |
||
2574 |
} |
||
2575 |
368 |
if (r->rule_flag & PFRULE_AFTO && r->af == r->naf) { |
|
2576 |
368 |
yyerror("must indicate different address family with af-to"); |
|
2577 |
problems++; |
||
2578 |
368 |
} |
|
2579 |
1856 |
if (r->overload_tblname[0] && |
|
2580 |
r->max_src_conn == 0 && r->max_src_conn_rate.seconds == 0) { |
||
2581 |
1856 |
yyerror("'overload' requires 'max-src-conn' " |
|
2582 |
"or 'max-src-conn-rate'"); |
||
2583 |
problems++; |
||
2584 |
415 |
} |
|
2585 |
415 |
if ((r->proto == IPPROTO_ICMP && r->af == AF_INET6) || |
|
2586 |
(r->proto == IPPROTO_ICMPV6 && r->af == AF_INET)) { |
||
2587 |
415 |
yyerror("proto %s doesn't match address family %s", |
|
2588 |
✗✓ | 1807 |
r->proto == IPPROTO_ICMP ? "icmp" : "icmp6", |
2589 |
r->af == AF_INET ? "inet" : "inet6"); |
||
2590 |
problems++; |
||
2591 |
1807 |
} |
|
2592 |
if (r->allow_opts && r->action != PF_PASS) { |
||
2593 |
1807 |
yyerror("allow-opts can only be specified for pass rules"); |
|
2594 |
problems++; |
||
2595 |
} |
||
2596 |
2997 |
if (r->rule_flag & PFRULE_FRAGMENT && (r->src.port_op || |
|
2597 |
2997 |
r->dst.port_op || r->flagset || r->type || r->code)) { |
|
2598 |
yyerror("fragments can be filtered only on IP header fields"); |
||
2599 |
2997 |
problems++; |
|
2600 |
642 |
} |
|
2601 |
642 |
if (r->rule_flag & PFRULE_RETURNRST && r->proto != IPPROTO_TCP) { |
|
2602 |
yyerror("return-rst can only be applied to TCP rules"); |
||
2603 |
642 |
problems++; |
|
2604 |
24 |
} |
|
2605 |
24 |
if (r->max_src_nodes && !(r->rule_flag & PFRULE_RULESRCTRACK)) { |
|
2606 |
yyerror("max-src-nodes requires 'source-track rule'"); |
||
2607 |
24 |
problems++; |
|
2608 |
} |
||
2609 |
if (r->action != PF_PASS && r->keep_state) { |
||
2610 |
yyerror("keep state is great, but only for pass rules"); |
||
2611 |
problems++; |
||
2612 |
} |
||
2613 |
1614 |
if (r->rule_flag & PFRULE_STATESLOPPY && |
|
2614 |
3814 |
(r->keep_state == PF_STATE_MODULATE || |
|
2615 |
2318 |
r->keep_state == PF_STATE_SYNPROXY)) { |
|
2616 |
118 |
yyerror("sloppy state matching cannot be used with " |
|
2617 |
"synproxy state or modulate state"); |
||
2618 |
problems++; |
||
2619 |
118 |
} |
|
2620 |
118 |
if ((r->nat.addr.type != PF_ADDR_NONE || |
|
2621 |
✗✓ | 174 |
r->rdr.addr.type != PF_ADDR_NONE) && |
2622 |
r->action != PF_MATCH && !r->keep_state) { |
||
2623 |
yyerror("nat-to and rdr-to require keep state"); |
||
2624 |
✗✓ | 174 |
problems++; |
2625 |
} |
||
2626 |
if (r->direction == PF_INOUT && (r->nat.addr.type != PF_ADDR_NONE || |
||
2627 |
r->rdr.addr.type != PF_ADDR_NONE)) { |
||
2628 |
174 |
yyerror("nat-to and rdr-to require a direction"); |
|
2629 |
174 |
problems++; |
|
2630 |
} |
||
2631 |
if (r->af == AF_INET6 && (r->scrub_flags & |
||
2632 |
(PFSTATE_NODF|PFSTATE_RANDOMID))) { |
||
2633 |
174 |
yyerror("address family inet6 does not support scrub options " |
|
2634 |
"no-df, random-id"); |
||
2635 |
problems++; |
||
2636 |
} |
||
2637 |
|||
2638 |
✓✓ | 9220 |
/* Basic rule sanity check. */ |
2639 |
2376 |
switch (r->action) { |
|
2640 |
2234 |
case PF_MATCH: |
|
2641 |
if (r->divert.port) { |
||
2642 |
2234 |
yyerror("divert is not supported on match rules"); |
|
2643 |
50 |
problems++; |
|
2644 |
✗✓ | 50 |
} |
2645 |
if (r->divert_packet.port) { |
||
2646 |
50 |
yyerror("divert is not supported on match rules"); |
|
2647 |
50 |
problems++; |
|
2648 |
50 |
} |
|
2649 |
50 |
if (r->rt) { |
|
2650 |
yyerror("route-to, reply-to and dup-to " |
||
2651 |
50 |
"are not supported on match rules"); |
|
2652 |
problems++; |
||
2653 |
} |
||
2654 |
if (r->rule_flag & PFRULE_AFTO) { |
||
2655 |
yyerror("af-to is not supported on match rules"); |
||
2656 |
problems++; |
||
2657 |
} |
||
2658 |
break; |
||
2659 |
case PF_DROP: |
||
2660 |
if (r->rt) { |
||
2661 |
yyerror("route-to, reply-to and dup-to " |
||
2662 |
"are not supported on block rules"); |
||
2663 |
problems++; |
||
2664 |
} |
||
2665 |
break; |
||
2666 |
default:; |
||
2667 |
} |
||
2668 |
return (-problems); |
||
2669 |
781 |
} |
|
2670 |
781 |
||
2671 |
int |
||
2672 |
process_tabledef(char *name, struct table_opts *opts, int popts) |
||
2673 |
✓✓ | 3258 |
{ |
2674 |
struct pfr_buffer ab; |
||
2675 |
1629 |
struct node_tinit *ti; |
|
2676 |
23 |
||
2677 |
23 |
bzero(&ab, sizeof(ab)); |
|
2678 |
ab.pfrb_type = PFRB_ADDRS; |
||
2679 |
SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries) { |
||
2680 |
if (ti->file) |
||
2681 |
if (pfr_buf_load(&ab, ti->file, 0, popts)) { |
||
2682 |
if (errno) |
||
2683 |
yyerror("cannot load \"%s\": %s", |
||
2684 |
ti->file, strerror(errno)); |
||
2685 |
✓✗✗✓ |
24 |
else |
2686 |
12 |
yyerror("file \"%s\" contains bad data", |
|
2687 |
ti->file); |
||
2688 |
goto _error; |
||
2689 |
} |
||
2690 |
if (ti->host) |
||
2691 |
if (append_addr_host(&ab, ti->host, 0, 0)) { |
||
2692 |
✓✗✗✓ |
24 |
yyerror("cannot create address buffer: %s", |
2693 |
✓✗ | 12 |
strerror(errno)); |
2694 |
✓✗ | 12 |
goto _error; |
2695 |
24 |
} |
|
2696 |
✓✗ | 24 |
} |
2697 |
24 |
if (pf->opts & PF_OPT_VERBOSE) |
|
2698 |
✓✗ | 24 |
print_tabledef(name, opts->flags, opts->init_addr, |
2699 |
✓✗✓✗ |
24 |
&opts->init_nodes); |
2700 |
✓✗ | 24 |
if (!(pf->opts & PF_OPT_NOACTION) && |
2701 |
pfctl_define_table(name, opts->flags, opts->init_addr, |
||
2702 |
pf->anchor->name, &ab, pf->anchor->ruleset.tticket)) { |
||
2703 |
yyerror("cannot define table %s: %s", name, |
||
2704 |
pfr_strerror(errno)); |
||
2705 |
goto _error; |
||
2706 |
} |
||
2707 |
pf->tdirty = 1; |
||
2708 |
12 |
pfr_buf_clear(&ab); |
|
2709 |
return (0); |
||
2710 |
12 |
_error: |
|
2711 |
12 |
pfr_buf_clear(&ab); |
|
2712 |
12 |
return (-1); |
|
2713 |
12 |
} |
|
2714 |
12 |
||
2715 |
✗✓ | 12 |
struct keywords { |
2716 |
const char *k_name; |
||
2717 |
609 |
int k_val; |
|
2718 |
}; |
||
2719 |
✗✓ | 609 |
|
2720 |
/* macro gore, but you should've seen the prior indentation nightmare... */ |
||
2721 |
609 |
||
2722 |
✓✓ | 1218 |
#define FREE_LIST(T,r) \ |
2723 |
do { \ |
||
2724 |
609 |
T *p, *node = r; \ |
|
2725 |
4 |
while (node != NULL) { \ |
|
2726 |
4 |
p = node; \ |
|
2727 |
node = node->next; \ |
||
2728 |
free(p); \ |
||
2729 |
✓✓ | 1214 |
} \ |
2730 |
} while (0) |
||
2731 |
61 |
||
2732 |
#define LOOP_THROUGH(T,n,r,C) \ |
||
2733 |
do { \ |
||
2734 |
✗✓ | 61 |
T *n; \ |
2735 |
if (r == NULL) { \ |
||
2736 |
✗✓ | 122 |
r = calloc(1, sizeof(T)); \ |
2737 |
if (r == NULL) \ |
||
2738 |
61 |
err(1, "LOOP: calloc"); \ |
|
2739 |
r->next = NULL; \ |
||
2740 |
} \ |
||
2741 |
n = r; \ |
||
2742 |
while (n != NULL) { \ |
||
2743 |
✗✓ | 122 |
do { \ |
2744 |
C; \ |
||
2745 |
} while (0); \ |
||
2746 |
n = n->next; \ |
||
2747 |
} \ |
||
2748 |
✓✗✗✓ |
76 |
} while (0) |
2749 |
|||
2750 |
void |
||
2751 |
expand_label_str(char *label, size_t len, const char *srch, const char *repl) |
||
2752 |
38 |
{ |
|
2753 |
✓✓ | 152 |
char *tmp; |
2754 |
38 |
char *p, *q; |
|
2755 |
✗✓ | 38 |
|
2756 |
if ((tmp = calloc(1, len)) == NULL) |
||
2757 |
✗✓ | 253 |
err(1, "expand_label_str: calloc"); |
2758 |
p = q = label; |
||
2759 |
while ((q = strstr(p, srch)) != NULL) { |
||
2760 |
*q = '\0'; |
||
2761 |
if ((strlcat(tmp, p, len) >= len) || |
||
2762 |
253 |
(strlcat(tmp, repl, len) >= len)) |
|
2763 |
✗✓ | 253 |
errx(1, "expand_label: label too long"); |
2764 |
q += strlen(srch); |
||
2765 |
253 |
p = q; |
|
2766 |
✗✓ | 506 |
} |
2767 |
253 |
if (strlcat(tmp, p, len) >= len) |
|
2768 |
errx(1, "expand_label: label too long"); |
||
2769 |
strlcpy(label, tmp, len); /* always fits */ |
||
2770 |
253 |
free(tmp); |
|
2771 |
253 |
} |
|
2772 |
253 |
||
2773 |
void |
||
2774 |
253 |
expand_label_if(const char *name, char *label, size_t len, const char *ifname) |
|
2775 |
8 |
{ |
|
2776 |
✗✓ | 8 |
if (strstr(label, name) != NULL) { |
2777 |
if (!*ifname) |
||
2778 |
expand_label_str(label, len, name, "any"); |
||
2779 |
else |
||
2780 |
8 |
expand_label_str(label, len, name, ifname); |
|
2781 |
✗✓ | 16 |
} |
2782 |
8 |
} |
|
2783 |
|||
2784 |
void |
||
2785 |
expand_label_addr(const char *name, char *label, size_t len, sa_family_t af, |
||
2786 |
struct node_host *h) |
||
2787 |
{ |
||
2788 |
char tmp[64], tmp_not[66]; |
||
2789 |
|||
2790 |
8 |
if (strstr(label, name) != NULL) { |
|
2791 |
8 |
switch (h->addr.type) { |
|
2792 |
8 |
case PF_ADDR_DYNIFTL: |
|
2793 |
snprintf(tmp, sizeof(tmp), "(%s)", h->addr.v.ifname); |
||
2794 |
8 |
break; |
|
2795 |
case PF_ADDR_TABLE: |
||
2796 |
snprintf(tmp, sizeof(tmp), "<%s>", h->addr.v.tblname); |
||
2797 |
break; |
||
2798 |
2 |
case PF_ADDR_NOROUTE: |
|
2799 |
snprintf(tmp, sizeof(tmp), "no-route"); |
||
2800 |
✗✓ | 2 |
break; |
2801 |
case PF_ADDR_URPFFAILED: |
||
2802 |
snprintf(tmp, sizeof(tmp), "urpf-failed"); |
||
2803 |
break; |
||
2804 |
case PF_ADDR_ADDRMASK: |
||
2805 |
2 |
if (!af || (PF_AZERO(&h->addr.v.a.addr, af) && |
|
2806 |
2 |
PF_AZERO(&h->addr.v.a.mask, af))) |
|
2807 |
✗✓ | 4 |
snprintf(tmp, sizeof(tmp), "any"); |
2808 |
else { |
||
2809 |
char a[48]; |
||
2810 |
int bits; |
||
2811 |
|||
2812 |
if (inet_ntop(af, &h->addr.v.a.addr, a, |
||
2813 |
sizeof(a)) == NULL) |
||
2814 |
341 |
snprintf(tmp, sizeof(tmp), "?"); |
|
2815 |
✓✓ | 341 |
else { |
2816 |
2 |
bits = unmask(&h->addr.v.a.mask, af); |
|
2817 |
2 |
if ((af == AF_INET && bits < 32) || |
|
2818 |
2 |
(af == AF_INET6 && bits < 128)) |
|
2819 |
snprintf(tmp, sizeof(tmp), |
||
2820 |
✓✓ | 1092 |
"%s/%d", a, bits); |
2821 |
✓✓ | 207 |
else |
2822 |
18 |
snprintf(tmp, sizeof(tmp), |
|
2823 |
✓✓ | 189 |
"%s", a); |
2824 |
16 |
} |
|
2825 |
✓✓ | 173 |
} |
2826 |
26 |
break; |
|
2827 |
✓✗ | 147 |
default: |
2828 |
147 |
snprintf(tmp, sizeof(tmp), "?"); |
|
2829 |
break; |
||
2830 |
} |
||
2831 |
|||
2832 |
if (h->not) { |
||
2833 |
snprintf(tmp_not, sizeof(tmp_not), "! %s", tmp); |
||
2834 |
expand_label_str(label, len, name, tmp_not); |
||
2835 |
207 |
} else |
|
2836 |
expand_label_str(label, len, name, tmp); |
||
2837 |
✗✓ | 339 |
} |
2838 |
} |
||
2839 |
|||
2840 |
void |
||
2841 |
expand_label_port(const char *name, char *label, size_t len, |
||
2842 |
struct node_port *port) |
||
2843 |
339 |
{ |
|
2844 |
✗✓ | 339 |
char a1[6], a2[6], op[13] = ""; |
2845 |
|||
2846 |
339 |
if (strstr(label, name) != NULL) { |
|
2847 |
339 |
snprintf(a1, sizeof(a1), "%u", ntohs(port->port[0])); |
|
2848 |
339 |
snprintf(a2, sizeof(a2), "%u", ntohs(port->port[1])); |
|
2849 |
339 |
if (!port->op) |
|
2850 |
✗✓ | 678 |
; |
2851 |
339 |
else if (port->op == PF_OP_IRG) |
|
2852 |
snprintf(op, sizeof(op), "%s><%s", a1, a2); |
||
2853 |
339 |
else if (port->op == PF_OP_XRG) |
|
2854 |
snprintf(op, sizeof(op), "%s<>%s", a1, a2); |
||
2855 |
else if (port->op == PF_OP_EQ) |
||
2856 |
snprintf(op, sizeof(op), "%s", a1); |
||
2857 |
else if (port->op == PF_OP_NE) |
||
2858 |
snprintf(op, sizeof(op), "!=%s", a1); |
||
2859 |
339 |
else if (port->op == PF_OP_LT) |
|
2860 |
339 |
snprintf(op, sizeof(op), "<%s", a1); |
|
2861 |
✓✓ | 339 |
else if (port->op == PF_OP_LE) |
2862 |
snprintf(op, sizeof(op), "<=%s", a1); |
||
2863 |
else if (port->op == PF_OP_GT) |
||
2864 |
634 |
snprintf(op, sizeof(op), ">%s", a1); |
|
2865 |
666 |
else if (port->op == PF_OP_GE) |
|
2866 |
32 |
snprintf(op, sizeof(op), ">=%s", a1); |
|
2867 |
expand_label_str(label, len, name, op); |
||
2868 |
32 |
} |
|
2869 |
32 |
} |
|
2870 |
51 |
||
2871 |
51 |
void |
|
2872 |
51 |
expand_label_proto(const char *name, char *label, size_t len, u_int8_t proto) |
|
2873 |
{ |
||
2874 |
51 |
struct protoent *pe; |
|
2875 |
char n[4]; |
||
2876 |
|||
2877 |
345 |
if (strstr(label, name) != NULL) { |
|
2878 |
✗✓ | 345 |
pe = getprotobynumber(proto); |
2879 |
if (pe != NULL) |
||
2880 |
345 |
expand_label_str(label, len, name, pe->p_name); |
|
2881 |
345 |
else { |
|
2882 |
345 |
snprintf(n, sizeof(n), "%u", proto); |
|
2883 |
expand_label_str(label, len, name, n); |
||
2884 |
} |
||
2885 |
} |
||
2886 |
345 |
} |
|
2887 |
345 |
||
2888 |
void |
||
2889 |
345 |
expand_label_nr(const char *name, char *label, size_t len) |
|
2890 |
✗✓ | 360 |
{ |
2891 |
char n[11]; |
||
2892 |
|||
2893 |
if (strstr(label, name) != NULL) { |
||
2894 |
snprintf(n, sizeof(n), "%u", pf->anchor->match); |
||
2895 |
360 |
expand_label_str(label, len, name, n); |
|
2896 |
✗✓ | 360 |
} |
2897 |
} |
||
2898 |
360 |
||
2899 |
360 |
void |
|
2900 |
360 |
expand_label(char *label, size_t len, const char *ifname, sa_family_t af, |
|
2901 |
360 |
struct node_host *src_host, struct node_port *src_port, |
|
2902 |
360 |
struct node_host *dst_host, struct node_port *dst_port, |
|
2903 |
u_int8_t proto) |
||
2904 |
360 |
{ |
|
2905 |
✓✗✗✓ |
24 |
expand_label_if("$if", label, len, ifname); |
2906 |
expand_label_addr("$srcaddr", label, len, af, src_host); |
||
2907 |
expand_label_addr("$dstaddr", label, len, af, dst_host); |
||
2908 |
expand_label_port("$srcport", label, len, src_port); |
||
2909 |
expand_label_port("$dstport", label, len, dst_port); |
||
2910 |
12 |
expand_label_proto("$proto", label, len, proto); |
|
2911 |
✗✓ | 12 |
expand_label_nr("$nr", label, len); |
2912 |
} |
||
2913 |
12 |
||
2914 |
12 |
int |
|
2915 |
12 |
expand_queue(char *qname, struct node_if *interfaces, struct queue_opts *opts) |
|
2916 |
12 |
{ |
|
2917 |
12 |
struct pf_queuespec qspec; |
|
2918 |
|||
2919 |
12 |
LOOP_THROUGH(struct node_if, interface, interfaces, |
|
2920 |
bzero(&qspec, sizeof(qspec)); |
||
2921 |
if (!opts->parent && (opts->marker & QOM_BWSPEC)) |
||
2922 |
✗✓ | 44 |
opts->flags |= PFQS_ROOTCLASS; |
2923 |
22 |
if (!(opts->marker & QOM_BWSPEC) && |
|
2924 |
!(opts->marker & QOM_FLOWS)) { |
||
2925 |
yyerror("no bandwidth or flow specification"); |
||
2926 |
return (1); |
||
2927 |
} |
||
2928 |
if (strlcpy(qspec.qname, qname, sizeof(qspec.qname)) >= |
||
2929 |
sizeof(qspec.qname)) { |
||
2930 |
yyerror("queuename too long"); |
||
2931 |
✓✓ | 1460 |
return (1); |
2932 |
730 |
} |
|
2933 |
if (opts->parent && strlcpy(qspec.parent, opts->parent, |
||
2934 |
sizeof(qspec.parent)) >= sizeof(qspec.parent)) { |
||
2935 |
yyerror("parent too long"); |
||
2936 |
return (1); |
||
2937 |
} |
||
2938 |
if (strlcpy(qspec.ifname, interface->ifname, |
||
2939 |
28 |
sizeof(qspec.ifname)) >= sizeof(qspec.ifname)) { |
|
2940 |
28 |
yyerror("interface too long"); |
|
2941 |
return (1); |
||
2942 |
} |
||
2943 |
qspec.realtime.m1.absolute = opts->realtime.m1.bw_absolute; |
||
2944 |
qspec.realtime.m1.percent = opts->realtime.m1.bw_percent; |
||
2945 |
qspec.realtime.m2.absolute = opts->realtime.m2.bw_absolute; |
||
2946 |
qspec.realtime.m2.percent = opts->realtime.m2.bw_percent; |
||
2947 |
qspec.realtime.d = opts->realtime.d; |
||
2948 |
|||
2949 |
qspec.linkshare.m1.absolute = opts->linkshare.m1.bw_absolute; |
||
2950 |
qspec.linkshare.m1.percent = opts->linkshare.m1.bw_percent; |
||
2951 |
qspec.linkshare.m2.absolute = opts->linkshare.m2.bw_absolute; |
||
2952 |
19 |
qspec.linkshare.m2.percent = opts->linkshare.m2.bw_percent; |
|
2953 |
✗✓ | 19 |
qspec.linkshare.d = opts->linkshare.d; |
2954 |
|||
2955 |
19 |
qspec.upperlimit.m1.absolute = opts->upperlimit.m1.bw_absolute; |
|
2956 |
19 |
qspec.upperlimit.m1.percent = opts->upperlimit.m1.bw_percent; |
|
2957 |
19 |
qspec.upperlimit.m2.absolute = opts->upperlimit.m2.bw_absolute; |
|
2958 |
19 |
qspec.upperlimit.m2.percent = opts->upperlimit.m2.bw_percent; |
|
2959 |
19 |
qspec.upperlimit.d = opts->upperlimit.d; |
|
2960 |
|||
2961 |
19 |
qspec.flowqueue.flows = opts->flowqueue.flows; |
|
2962 |
✗✓✗✗ ✗✗ |
9 |
qspec.flowqueue.quantum = opts->flowqueue.quantum; |
2963 |
qspec.flowqueue.interval = opts->flowqueue.interval; |
||
2964 |
qspec.flowqueue.target = opts->flowqueue.target; |
||
2965 |
|||
2966 |
qspec.flags = opts->flags; |
||
2967 |
9 |
qspec.qlimit = opts->qlimit; |
|
2968 |
✗✓ | 9 |
|
2969 |
if (pfctl_add_queue(pf, &qspec)) { |
||
2970 |
9 |
yyerror("cannot add queue"); |
|
2971 |
9 |
return (1); |
|
2972 |
9 |
} |
|
2973 |
9 |
); |
|
2974 |
9 |
||
2975 |
FREE_LIST(struct node_if, interfaces); |
||
2976 |
9 |
return (0); |
|
2977 |
} |
||
2978 |
|||
2979 |
int |
||
2980 |
expand_divertspec(struct pf_rule *r, struct divertspec *ds) |
||
2981 |
{ |
||
2982 |
struct node_host *n; |
||
2983 |
|||
2984 |
if (ds->port == 0) |
||
2985 |
return (0); |
||
2986 |
|||
2987 |
r->divert.port = ds->port; |
||
2988 |
|||
2989 |
if (r->direction == PF_OUT) { |
||
2990 |
if (ds->addr) { |
||
2991 |
yyerror("address specified for outgoing divert"); |
||
2992 |
return (1); |
||
2993 |
} |
||
2994 |
✗✓ | 19 |
bzero(&r->divert.addr, sizeof(r->divert.addr)); |
2995 |
return (0); |
||
2996 |
} |
||
2997 |
|||
2998 |
if (!ds->addr) { |
||
2999 |
✗✓ | 19 |
yyerror("no address specified for incoming divert"); |
3000 |
return (1); |
||
3001 |
} |
||
3002 |
if (r->af) { |
||
3003 |
for (n = ds->addr; n != NULL; n = n->next) |
||
3004 |
19 |
if (n->af == r->af) |
|
3005 |
✗✓ | 19 |
break; |
3006 |
19 |
if (n == NULL) { |
|
3007 |
yyerror("address family mismatch for divert"); |
||
3008 |
19 |
return (1); |
|
3009 |
✓✗✗✓ |
18 |
} |
3010 |
r->divert.addr = n->addr.v.a.addr; |
||
3011 |
} else { |
||
3012 |
r->af = ds->addr->af; |
||
3013 |
9 |
r->divert.addr = ds->addr->addr.v.a.addr; |
|
3014 |
} |
||
3015 |
9 |
return (0); |
|
3016 |
} |
||
3017 |
21 |
||
3018 |
21 |
int |
|
3019 |
collapse_redirspec(struct pf_pool *rpool, struct pf_rule *r, |
||
3020 |
struct redirspec *rs, u_int8_t allow_if) |
||
3021 |
{ |
||
3022 |
struct pf_opt_tbl *tbl = NULL; |
||
3023 |
struct node_host *h, *hprev = NULL; |
||
3024 |
struct pf_rule_addr ra; |
||
3025 |
int af = 0, naddr = 0; |
||
3026 |
|||
3027 |
if (!rs || !rs->rdr || rs->rdr->host == NULL) { |
||
3028 |
rpool->addr.type = PF_ADDR_NONE; |
||
3029 |
return (0); |
||
3030 |
13 |
} |
|
3031 |
✗✓ | 13 |
|
3032 |
if (r->rule_flag & PFRULE_AFTO) |
||
3033 |
13 |
r->naf = rs->af; |
|
3034 |
13 |
||
3035 |
13 |
for (h = rs->rdr->host; h != NULL; h = h->next) { |
|
3036 |
13 |
/* set rule address family if redirect spec has one */ |
|
3037 |
13 |
if (rs->af && !r->af && !af) { |
|
3038 |
/* swap address families for af-to */ |
||
3039 |
13 |
if (r->naf == AF_INET6) |
|
3040 |
✗✓✗✗ ✗✗ |
8 |
af = AF_INET; |
3041 |
else if (r->naf == AF_INET) |
||
3042 |
af = AF_INET6; |
||
3043 |
else |
||
3044 |
af = rs->af; |
||
3045 |
8 |
} |
|
3046 |
✗✓ | 8 |
if (h->af && !r->naf) { /* nat-to/rdr-to case */ |
3047 |
/* skip if the rule af doesn't match redirect af */ |
||
3048 |
8 |
if (r->af && r->af != h->af) |
|
3049 |
8 |
continue; |
|
3050 |
8 |
/* |
|
3051 |
8 |
* fail if the chosen af is not universal for |
|
3052 |
8 |
* all addresses in the redirect address pool |
|
3053 |
*/ |
||
3054 |
8 |
if (!r->af && af && af != h->af) { |
|
3055 |
yyerror("%s spec contains addresses with " |
||
3056 |
"different address families", |
||
3057 |
allow_if ? "routing" : "translation"); |
||
3058 |
return (1); |
||
3059 |
} |
||
3060 |
} else if (h->af) { /* af-to case */ |
||
3061 |
/* |
||
3062 |
* fail if the redirect spec af is not universal |
||
3063 |
* for all addresses in the redirect address pool |
||
3064 |
*/ |
||
3065 |
if (rs->af && rs->af != h->af) { |
||
3066 |
yyerror("%s spec contains addresses that " |
||
3067 |
"don't match target address family", |
||
3068 |
allow_if ? "routing" : "translation"); |
||
3069 |
return (1); |
||
3070 |
} |
||
3071 |
} |
||
3072 |
✗✓ | 13 |
/* else if (!h->af): |
3073 |
* we silently allow any not af-specific host specs, |
||
3074 |
* e.g. (em0) and let the kernel deal with them |
||
3075 |
*/ |
||
3076 |
|||
3077 |
✗✓ | 13 |
/* if we haven't selected the rule af yet, now it's time */ |
3078 |
if (!r->af && !af) |
||
3079 |
af = h->af; |
||
3080 |
|||
3081 |
if (naddr == 0) { /* the first host */ |
||
3082 |
13 |
rpool->addr = h->addr; |
|
3083 |
✗✓ | 13 |
if (!allow_if && h->ifname) { |
3084 |
13 |
yyerror("@if not permitted for translation"); |
|
3085 |
return (1); |
||
3086 |
13 |
} |
|
3087 |
✓✗✗✓ |
16 |
if (h->ifname && strlcpy(rpool->ifname, h->ifname, |
3088 |
sizeof(rpool->ifname)) >= sizeof(rpool->ifname)) |
||
3089 |
errx(1, "collapse_redirspec: strlcpy"); |
||
3090 |
hprev = h; /* in case we need to conver to a table */ |
||
3091 |
8 |
} else { /* multiple hosts */ |
|
3092 |
if (rs->pool_opts.type && |
||
3093 |
8 |
!PF_POOL_DYNTYPE(rs->pool_opts.type)) { |
|
3094 |
yyerror("pool type is not valid for multiple " |
||
3095 |
"translation or routing addresses"); |
||
3096 |
return (1); |
||
3097 |
} |
||
3098 |
✗✓ | 767 |
if ((hprev && hprev->addr.type != PF_ADDR_ADDRMASK) && |
3099 |
(hprev && hprev->addr.type != PF_ADDR_NONE) && |
||
3100 |
h->addr.type != PF_ADDR_ADDRMASK && |
||
3101 |
h->addr.type != PF_ADDR_NONE) { |
||
3102 |
yyerror("multiple tables or dynamic interfaces " |
||
3103 |
767 |
"not supported for translation or routing"); |
|
3104 |
767 |
return (1); |
|
3105 |
✗✓ | 767 |
} |
3106 |
if (!allow_if && h->ifname) { |
||
3107 |
yyerror("@if not permitted for translation"); |
||
3108 |
378 |
return (1); |
|
3109 |
384 |
} |
|
3110 |
13 |
if (hprev) { |
|
3111 |
7 |
/* |
|
3112 |
* undo some damage and convert the single |
||
3113 |
63 |
* host pool to the table |
|
3114 |
63 |
*/ |
|
3115 |
37 |
memset(&ra, 0, sizeof(ra)); |
|
3116 |
37 |
memset(rpool->ifname, 0, sizeof(rpool->ifname)); |
|
3117 |
ra.addr = hprev->addr; |
||
3118 |
ra.weight = hprev->weight; |
||
3119 |
if (add_opt_table(pf, &tbl, |
||
3120 |
hprev->af, &ra, hprev->ifname)) |
||
3121 |
return (1); |
||
3122 |
hprev = NULL; |
||
3123 |
} |
||
3124 |
memset(&ra, 0, sizeof(ra)); |
||
3125 |
ra.addr = h->addr; |
||
3126 |
ra.weight = h->weight; |
||
3127 |
if (add_opt_table(pf, &tbl, |
||
3128 |
h->af, &ra, h->ifname)) |
||
3129 |
return (1); |
||
3130 |
} |
||
3131 |
naddr++; |
||
3132 |
} |
||
3133 |
/* set rule af to the one chosen above */ |
||
3134 |
if (!r->af && af) |
||
3135 |
r->af = af; |
||
3136 |
19 |
if (!naddr) { |
|
3137 |
✗✓ | 19 |
yyerror("af mismatch in %s spec", |
3138 |
allow_if ? "routing" : "translation"); |
||
3139 |
19 |
return (1); |
|
3140 |
19 |
} |
|
3141 |
19 |
if (tbl) { |
|
3142 |
19 |
if ((pf->opts & PF_OPT_NOACTION) == 0 && |
|
3143 |
19 |
pf_opt_create_table(pf, tbl)) |
|
3144 |
return (1); |
||
3145 |
19 |
||
3146 |
pf->tdirty = 1; |
||
3147 |
|||
3148 |
✗✓ | 4 |
if (pf->opts & PF_OPT_VERBOSE) |
3149 |
print_tabledef(tbl->pt_name, |
||
3150 |
PFR_TFLAG_CONST | tbl->pt_flags, |
||
3151 |
1, &tbl->pt_nodes); |
||
3152 |
|||
3153 |
memset(&rpool->addr, 0, sizeof(rpool->addr)); |
||
3154 |
4 |
rpool->addr.type = PF_ADDR_TABLE; |
|
3155 |
4 |
strlcpy(rpool->addr.v.tblname, tbl->pt_name, |
|
3156 |
✗✓ | 4 |
sizeof(rpool->addr.v.tblname)); |
3157 |
|||
3158 |
4 |
pfr_buf_clear(tbl->pt_buf); |
|
3159 |
4 |
free(tbl->pt_buf); |
|
3160 |
4 |
tbl->pt_buf = NULL; |
|
3161 |
4 |
free(tbl); |
|
3162 |
4 |
} |
|
3163 |
✗✓ | 4 |
return (0); |
3164 |
} |
||
3165 |
✓✗✗✓ |
80 |
|
3166 |
|||
3167 |
int |
||
3168 |
apply_redirspec(struct pf_pool *rpool, struct pf_rule *r, struct redirspec *rs, |
||
3169 |
40 |
int isrdr, struct node_port *np) |
|
3170 |
✗✓ | 40 |
{ |
3171 |
if (!rs || !rs->rdr) |
||
3172 |
40 |
return (0); |
|
3173 |
40 |
||
3174 |
40 |
rpool->proxy_port[0] = ntohs(rs->rdr->rport.a); |
|
3175 |
40 |
||
3176 |
40 |
if (isrdr) { |
|
3177 |
if (!rs->rdr->rport.b && rs->rdr->rport.t) { |
||
3178 |
40 |
rpool->proxy_port[1] = ntohs(rs->rdr->rport.a) + |
|
3179 |
(ntohs(np->port[1]) - ntohs(np->port[0])); |
||
3180 |
} else |
||
3181 |
17 |
rpool->proxy_port[1] = ntohs(rs->rdr->rport.b); |
|
3182 |
✗✓ | 17 |
} else { |
3183 |
rpool->proxy_port[1] = ntohs(rs->rdr->rport.b); |
||
3184 |
17 |
if (!rpool->proxy_port[0] && !rpool->proxy_port[1]) { |
|
3185 |
17 |
rpool->proxy_port[0] = PF_NAT_PROXY_PORT_LOW; |
|
3186 |
17 |
rpool->proxy_port[1] = PF_NAT_PROXY_PORT_HIGH; |
|
3187 |
17 |
} else if (!rpool->proxy_port[1]) |
|
3188 |
17 |
rpool->proxy_port[1] = rpool->proxy_port[0]; |
|
3189 |
} |
||
3190 |
17 |
||
3191 |
rpool->opts = rs->pool_opts.type; |
||
3192 |
if ((rpool->opts & PF_POOL_TYPEMASK) == PF_POOL_NONE && |
||
3193 |
✗✓ | 6 |
(rpool->addr.type == PF_ADDR_TABLE || |
3194 |
DYNIF_MULTIADDR(rpool->addr))) |
||
3195 |
rpool->opts |= PF_POOL_ROUNDROBIN; |
||
3196 |
|||
3197 |
if (!PF_POOL_DYNTYPE(rpool->opts) && |
||
3198 |
6 |
(disallow_table(rs->rdr->host, |
|
3199 |
"tables are not supported by pool type") || |
||
3200 |
6 |
disallow_alias(rs->rdr->host, |
|
3201 |
✗✓ | 6 |
"interface (%s) is not supported by pool type"))) |
3202 |
return (1); |
||
3203 |
6 |
||
3204 |
6 |
if (rs->pool_opts.key != NULL) |
|
3205 |
6 |
memcpy(&rpool->key, rs->pool_opts.key, |
|
3206 |
6 |
sizeof(struct pf_poolhashkey)); |
|
3207 |
6 |
||
3208 |
✗✓ | 6 |
if (rs->pool_opts.opts) |
3209 |
rpool->opts |= rs->pool_opts.opts; |
||
3210 |
✓✗✗✓ |
28 |
|
3211 |
if (rs->pool_opts.staticport) { |
||
3212 |
if (isrdr) { |
||
3213 |
yyerror("the 'static-port' option is only valid with " |
||
3214 |
14 |
"nat rules"); |
|
3215 |
✗✓ | 14 |
return (1); |
3216 |
} |
||
3217 |
14 |
if (rpool->proxy_port[0] != PF_NAT_PROXY_PORT_LOW && |
|
3218 |
14 |
rpool->proxy_port[1] != PF_NAT_PROXY_PORT_HIGH) { |
|
3219 |
14 |
yyerror("the 'static-port' option can't be used when " |
|
3220 |
14 |
"specifying a port range"); |
|
3221 |
14 |
return (1); |
|
3222 |
} |
||
3223 |
14 |
rpool->proxy_port[0] = 0; |
|
3224 |
rpool->proxy_port[1] = 0; |
||
3225 |
} |
||
3226 |
|||
3227 |
return (0); |
||
3228 |
✗✓ | 16 |
} |
3229 |
|||
3230 |
|||
3231 |
void |
||
3232 |
expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces, |
||
3233 |
16 |
struct redirspec *nat, struct redirspec *rdr, struct redirspec *rroute, |
|
3234 |
16 |
struct node_proto *protos, struct node_os *src_oses, |
|
3235 |
✗✓ | 16 |
struct node_host *src_hosts, struct node_port *src_ports, |
3236 |
struct node_host *dst_hosts, struct node_port *dst_ports, |
||
3237 |
✓✗✗✓ |
94 |
struct node_uid *uids, struct node_gid *gids, struct node_if *rcv, |
3238 |
struct node_icmp *icmp_types, const char *anchor_call) |
||
3239 |
{ |
||
3240 |
sa_family_t af = r->af; |
||
3241 |
47 |
int added = 0, error = 0; |
|
3242 |
char ifname[IF_NAMESIZE]; |
||
3243 |
47 |
char label[PF_RULE_LABEL_SIZE]; |
|
3244 |
char tagname[PF_TAG_NAME_SIZE]; |
||
3245 |
char match_tagname[PF_TAG_NAME_SIZE]; |
||
3246 |
u_int8_t flags, flagset, keep_state; |
||
3247 |
struct node_host *srch, *dsth, *osrch, *odsth; |
||
3248 |
✗✓ | 8 |
struct redirspec binat; |
3249 |
struct pf_rule rb; |
||
3250 |
int dir = r->direction; |
||
3251 |
|||
3252 |
if (strlcpy(label, r->label, sizeof(label)) >= sizeof(label)) |
||
3253 |
errx(1, "expand_rule: strlcpy"); |
||
3254 |
8 |
if (strlcpy(tagname, r->tagname, sizeof(tagname)) >= sizeof(tagname)) |
|
3255 |
8 |
errx(1, "expand_rule: strlcpy"); |
|
3256 |
✗✓ | 8 |
if (strlcpy(match_tagname, r->match_tagname, sizeof(match_tagname)) >= |
3257 |
sizeof(match_tagname)) |
||
3258 |
✓✗✗✓ |
58 |
errx(1, "expand_rule: strlcpy"); |
3259 |
flags = r->flags; |
||
3260 |
flagset = r->flagset; |
||
3261 |
keep_state = r->keep_state; |
||
3262 |
29 |
||
3263 |
r->src.addr.type = r->dst.addr.type = PF_ADDR_ADDRMASK; |
||
3264 |
29 |
||
3265 |
LOOP_THROUGH(struct node_if, interface, interfaces, |
||
3266 |
LOOP_THROUGH(struct node_proto, proto, protos, |
||
3267 |
43 |
LOOP_THROUGH(struct node_icmp, icmp_type, icmp_types, |
|
3268 |
43 |
LOOP_THROUGH(struct node_host, src_host, src_hosts, |
|
3269 |
LOOP_THROUGH(struct node_host, dst_host, dst_hosts, |
||
3270 |
✓✓ | 43 |
LOOP_THROUGH(struct node_port, src_port, src_ports, |
3271 |
12 |
LOOP_THROUGH(struct node_port, dst_port, dst_ports, |
|
3272 |
✓✗✓✗ |
62 |
LOOP_THROUGH(struct node_os, src_os, src_oses, |
3273 |
31 |
LOOP_THROUGH(struct node_uid, uid, uids, |
|
3274 |
31 |
LOOP_THROUGH(struct node_gid, gid, gids, |
|
3275 |
✓✗✗✓ |
62 |
|
3276 |
r->af = af; |
||
3277 |
|||
3278 |
error += collapse_redirspec(&r->rdr, r, rdr, 0); |
||
3279 |
✗✓ | 55 |
error += collapse_redirspec(&r->nat, r, nat, 0); |
3280 |
error += collapse_redirspec(&r->route, r, rroute, 1); |
||
3281 |
|||
3282 |
/* disallow @if in from or to for the time being */ |
||
3283 |
if ((src_host->addr.type == PF_ADDR_ADDRMASK && |
||
3284 |
43 |
src_host->ifname) || |
|
3285 |
✗✓ | 86 |
(dst_host->addr.type == PF_ADDR_ADDRMASK && |
3286 |
dst_host->ifname)) { |
||
3287 |
yyerror("@if syntax not permitted in from or to"); |
||
3288 |
error++; |
||
3289 |
} |
||
3290 |
/* for link-local IPv6 address, interface must match up */ |
||
3291 |
if ((r->af && src_host->af && r->af != src_host->af) || |
||
3292 |
(r->af && dst_host->af && r->af != dst_host->af) || |
||
3293 |
(src_host->af && dst_host->af && |
||
3294 |
src_host->af != dst_host->af) || |
||
3295 |
9 |
(src_host->ifindex && dst_host->ifindex && |
|
3296 |
16 |
src_host->ifindex != dst_host->ifindex) || |
|
3297 |
17 |
(src_host->ifindex && *interface->ifname && |
|
3298 |
10 |
src_host->ifindex != ifa_nametoindex(interface->ifname)) || |
|
3299 |
(dst_host->ifindex && *interface->ifname && |
||
3300 |
dst_host->ifindex != ifa_nametoindex(interface->ifname))) |
||
3301 |
continue; |
||
3302 |
if (!r->af && src_host->af) |
||
3303 |
r->af = src_host->af; |
||
3304 |
else if (!r->af && dst_host->af) |
||
3305 |
r->af = dst_host->af; |
||
3306 |
|||
3307 |
if (*interface->ifname) |
||
3308 |
strlcpy(r->ifname, interface->ifname, |
||
3309 |
36 |
sizeof(r->ifname)); |
|
3310 |
36 |
else if (ifa_indextoname(src_host->ifindex, ifname)) |
|
3311 |
strlcpy(r->ifname, ifname, sizeof(r->ifname)); |
||
3312 |
36 |
else if (ifa_indextoname(dst_host->ifindex, ifname)) |
|
3313 |
215 |
strlcpy(r->ifname, ifname, sizeof(r->ifname)); |
|
3314 |
215 |
else |
|
3315 |
memset(r->ifname, '\0', sizeof(r->ifname)); |
||
3316 |
215 |
||
3317 |
37 |
if (interface->use_rdomain) |
|
3318 |
37 |
r->onrdomain = interface->rdomain; |
|
3319 |
else |
||
3320 |
37 |
r->onrdomain = -1; |
|
3321 |
16 |
if (strlcpy(r->label, label, sizeof(r->label)) >= |
|
3322 |
16 |
sizeof(r->label)) |
|
3323 |
errx(1, "expand_rule: strlcpy"); |
||
3324 |
16 |
if (strlcpy(r->tagname, tagname, sizeof(r->tagname)) >= |
|
3325 |
sizeof(r->tagname)) |
||
3326 |
errx(1, "expand_rule: strlcpy"); |
||
3327 |
5 |
if (strlcpy(r->match_tagname, match_tagname, |
|
3328 |
5 |
sizeof(r->match_tagname)) >= sizeof(r->match_tagname)) |
|
3329 |
4 |
errx(1, "expand_rule: strlcpy"); |
|
3330 |
expand_label(r->label, PF_RULE_LABEL_SIZE, r->ifname, r->af, |
||
3331 |
4 |
src_host, src_port, dst_host, dst_port, proto->proto); |
|
3332 |
expand_label(r->tagname, PF_TAG_NAME_SIZE, r->ifname, r->af, |
||
3333 |
50 |
src_host, src_port, dst_host, dst_port, proto->proto); |
|
3334 |
268 |
expand_label(r->match_tagname, PF_TAG_NAME_SIZE, r->ifname, |
|
3335 |
218 |
r->af, src_host, src_port, dst_host, dst_port, |
|
3336 |
proto->proto); |
||
3337 |
50 |
||
3338 |
50 |
osrch = odsth = NULL; |
|
3339 |
58 |
if (src_host->addr.type == PF_ADDR_DYNIFTL) { |
|
3340 |
58 |
osrch = src_host; |
|
3341 |
58 |
if ((src_host = gen_dynnode(src_host, r->af)) == NULL) |
|
3342 |
err(1, "expand_rule: calloc"); |
||
3343 |
58 |
} |
|
3344 |
if (dst_host->addr.type == PF_ADDR_DYNIFTL) { |
||
3345 |
odsth = dst_host; |
||
3346 |
✓✗✗✓ |
8 |
if ((dst_host = gen_dynnode(dst_host, r->af)) == NULL) |
3347 |
err(1, "expand_rule: calloc"); |
||
3348 |
} |
||
3349 |
|||
3350 |
4 |
error += check_netmask(src_host, r->af); |
|
3351 |
✗✓ | 4 |
error += check_netmask(dst_host, r->af); |
3352 |
|||
3353 |
4 |
r->ifnot = interface->not; |
|
3354 |
4 |
r->proto = proto->proto; |
|
3355 |
4 |
r->src.addr = src_host->addr; |
|
3356 |
4 |
r->src.neg = src_host->not; |
|
3357 |
r->src.port[0] = src_port->port[0]; |
||
3358 |
4 |
r->src.port[1] = src_port->port[1]; |
|
3359 |
4 |
r->src.port_op = src_port->op; |
|
3360 |
✗✓ | 4 |
r->dst.addr = dst_host->addr; |
3361 |
r->dst.neg = dst_host->not; |
||
3362 |
4 |
r->dst.port[0] = dst_port->port[0]; |
|
3363 |
4 |
r->dst.port[1] = dst_port->port[1]; |
|
3364 |
4 |
r->dst.port_op = dst_port->op; |
|
3365 |
r->uid.op = uid->op; |
||
3366 |
4 |
r->uid.uid[0] = uid->uid[0]; |
|
3367 |
✓✗✗✓ |
16 |
r->uid.uid[1] = uid->uid[1]; |
3368 |
r->gid.op = gid->op; |
||
3369 |
r->gid.gid[0] = gid->gid[0]; |
||
3370 |
r->gid.gid[1] = gid->gid[1]; |
||
3371 |
8 |
if (rcv) { |
|
3372 |
✗✓ | 8 |
strlcpy(r->rcv_ifname, rcv->ifname, |
3373 |
sizeof(r->rcv_ifname)); |
||
3374 |
8 |
r->rcvifnot = rcv->not; |
|
3375 |
8 |
} |
|
3376 |
8 |
r->type = icmp_type->type; |
|
3377 |
8 |
r->code = icmp_type->code; |
|
3378 |
|||
3379 |
8 |
if ((keep_state == PF_STATE_MODULATE || |
|
3380 |
✓✗✗✓ |
34 |
keep_state == PF_STATE_SYNPROXY) && |
3381 |
r->proto && r->proto != IPPROTO_TCP) |
||
3382 |
r->keep_state = PF_STATE_NORMAL; |
||
3383 |
else |
||
3384 |
17 |
r->keep_state = keep_state; |
|
3385 |
✗✓ | 17 |
|
3386 |
if (r->proto && r->proto != IPPROTO_TCP) { |
||
3387 |
17 |
r->flags = 0; |
|
3388 |
17 |
r->flagset = 0; |
|
3389 |
17 |
} else { |
|
3390 |
17 |
r->flags = flags; |
|
3391 |
r->flagset = flagset; |
||
3392 |
17 |
} |
|
3393 |
✓✗✓✗ ✗✓ |
51 |
if (icmp_type->proto && r->proto != icmp_type->proto) { |
3394 |
✓✗ | 34 |
yyerror("icmp-type mismatch"); |
3395 |
error++; |
||
3396 |
} |
||
3397 |
|||
3398 |
17 |
if (src_os && src_os->os) { |
|
3399 |
✗✓ | 17 |
r->os_fingerprint = pfctl_get_fingerprint(src_os->os); |
3400 |
if ((pf->opts & PF_OPT_VERBOSE2) && |
||
3401 |
17 |
r->os_fingerprint == PF_OSFP_NOMATCH) |
|
3402 |
17 |
fprintf(stderr, |
|
3403 |
17 |
"warning: unknown '%s' OS fingerprint\n", |
|
3404 |
17 |
src_os->os); |
|
3405 |
17 |
} else { |
|
3406 |
r->os_fingerprint = PF_OSFP_ANY; |
||
3407 |
17 |
} |
|
3408 |
✗✓ | 9 |
|
3409 |
if (nat && nat->rdr && nat->binat) { |
||
3410 |
if (disallow_table(src_host, "invalid use of table " |
||
3411 |
"<%s> as the source address of a binat-to rule") || |
||
3412 |
disallow_alias(src_host, "invalid use of interface " |
||
3413 |
9 |
"(%s) as the source address of a binat-to rule")) { |
|
3414 |
✗✓ | 9 |
error++; |
3415 |
} else if ((r->src.addr.type != PF_ADDR_ADDRMASK && |
||
3416 |
✗✓ | 18 |
r->src.addr.type != PF_ADDR_DYNIFTL) || |
3417 |
9 |
(r->nat.addr.type != PF_ADDR_ADDRMASK && |
|
3418 |
r->nat.addr.type != PF_ADDR_DYNIFTL)) { |
||
3419 |
9 |
yyerror("binat-to requires a specified " |
|
3420 |
9 |
"source and redirect address"); |
|
3421 |
9 |
error++; |
|
3422 |
9 |
} |
|
3423 |
9 |
if (DYNIF_MULTIADDR(r->src.addr) || |
|
3424 |
DYNIF_MULTIADDR(r->nat.addr)) { |
||
3425 |
9 |
yyerror ("dynamic interfaces must be used with " |
|
3426 |
✓✗✗✓ |
18 |
":0 in a binat-to rule"); |
3427 |
error++; |
||
3428 |
} |
||
3429 |
if (PF_AZERO(&r->src.addr.v.a.mask, af) || |
||
3430 |
9 |
PF_AZERO(&r->nat.addr.v.a.mask, af)) { |
|
3431 |
✗✓ | 9 |
yyerror ("source and redir addresess must have " |
3432 |
"a matching network mask in binat-rule"); |
||
3433 |
9 |
error++; |
|
3434 |
9 |
} |
|
3435 |
9 |
if (r->nat.addr.type == PF_ADDR_TABLE) { |
|
3436 |
9 |
yyerror ("tables cannot be used as the redirect " |
|
3437 |
"address of a binat-to rule"); |
||
3438 |
9 |
error++; |
|
3439 |
26 |
} |
|
3440 |
✗✓ | 26 |
if (r->direction != PF_INOUT) { |
3441 |
yyerror("binat-to cannot be specified " |
||
3442 |
26 |
"with a direction"); |
|
3443 |
26 |
error++; |
|
3444 |
26 |
} |
|
3445 |
26 |
||
3446 |
/* first specify outbound NAT rule */ |
||
3447 |
26 |
r->direction = PF_OUT; |
|
3448 |
} |
||
3449 |
|||
3450 |
error += apply_redirspec(&r->nat, r, nat, 0, dst_port); |
||
3451 |
error += apply_redirspec(&r->rdr, r, rdr, 1, dst_port); |
||
3452 |
error += apply_redirspec(&r->route, r, rroute, 2, dst_port); |
||
3453 |
|||
3454 |
if (rule_consistent(r, anchor_call[0]) < 0 || error) |
||
3455 |
yyerror("skipping rule due to errors"); |
||
3456 |
else { |
||
3457 |
r->nr = pf->astack[pf->asd]->match++; |
||
3458 |
pfctl_add_rule(pf, r, anchor_call); |
||
3459 |
added++; |
||
3460 |
} |
||
3461 |
r->direction = dir; |
||
3462 |
|||
3463 |
/* Generate binat's matching inbound rule */ |
||
3464 |
if (!error && nat && nat->rdr && nat->binat) { |
||
3465 |
bcopy(r, &rb, sizeof(rb)); |
||
3466 |
|||
3467 |
/* now specify inbound rdr rule */ |
||
3468 |
rb.direction = PF_IN; |
||
3469 |
|||
3470 |
if ((srch = calloc(1, sizeof(*srch))) == NULL) |
||
3471 |
err(1, "expand_rule: calloc"); |
||
3472 |
bcopy(src_host, srch, sizeof(*srch)); |
||
3473 |
srch->ifname = NULL; |
||
3474 |
srch->next = NULL; |
||
3475 |
✓✗✗✓ |
28 |
srch->tail = NULL; |
3476 |
|||
3477 |
if ((dsth = calloc(1, sizeof(*dsth))) == NULL) |
||
3478 |
err(1, "expand_rule: calloc"); |
||
3479 |
✓✗✓✓ |
399 |
bcopy(&rb.nat.addr, &dsth->addr, sizeof(dsth->addr)); |
3480 |
252 |
dsth->ifname = NULL; |
|
3481 |
dsth->next = NULL; |
||
3482 |
✗✓ | 14 |
dsth->tail = NULL; |
3483 |
|||
3484 |
bzero(&binat, sizeof(binat)); |
||
3485 |
if ((binat.rdr = |
||
3486 |
calloc(1, sizeof(*binat.rdr))) == NULL) |
||
3487 |
✗✓ | 14 |
err(1, "expand_rule: calloc"); |
3488 |
bcopy(nat->rdr, binat.rdr, sizeof(*binat.rdr)); |
||
3489 |
bcopy(&nat->pool_opts, &binat.pool_opts, |
||
3490 |
sizeof(binat.pool_opts)); |
||
3491 |
binat.pool_opts.staticport = 0; |
||
3492 |
14 |
binat.rdr->host = srch; |
|
3493 |
14 |
||
3494 |
✗✓ | 14 |
expand_rule(&rb, 1, interface, NULL, &binat, NULL, |
3495 |
proto, |
||
3496 |
14 |
src_os, dst_host, dst_port, dsth, src_port, |
|
3497 |
14 |
uid, gid, rcv, icmp_type, anchor_call); |
|
3498 |
14 |
} |
|
3499 |
14 |
||
3500 |
14 |
if (osrch && src_host->addr.type == PF_ADDR_DYNIFTL) { |
|
3501 |
✗✓ | 14 |
free(src_host); |
3502 |
src_host = osrch; |
||
3503 |
} |
||
3504 |
if (odsth && dst_host->addr.type == PF_ADDR_DYNIFTL) { |
||
3505 |
299 |
free(dst_host); |
|
3506 |
dst_host = odsth; |
||
3507 |
299 |
} |
|
3508 |
)))))))))); |
||
3509 |
|||
3510 |
if (!keeprule) { |
||
3511 |
FREE_LIST(struct node_if, interfaces); |
||
3512 |
✓✓ | 3 |
FREE_LIST(struct node_proto, protos); |
3513 |
1 |
FREE_LIST(struct node_host, src_hosts); |
|
3514 |
1 |
FREE_LIST(struct node_port, src_ports); |
|
3515 |
FREE_LIST(struct node_os, src_oses); |
||
3516 |
2 |
FREE_LIST(struct node_host, dst_hosts); |
|
3517 |
2 |
FREE_LIST(struct node_port, dst_ports); |
|
3518 |
✓✓ | 2 |
FREE_LIST(struct node_uid, uids); |
3519 |
FREE_LIST(struct node_gid, gids); |
||
3520 |
FREE_LIST(struct node_icmp, icmp_types); |
||
3521 |
if (nat && nat->rdr) |
||
3522 |
FREE_LIST(struct node_host, nat->rdr->host); |
||
3523 |
if (rdr && rdr->rdr) |
||
3524 |
FREE_LIST(struct node_host, rdr->rdr->host); |
||
3525 |
|||
3526 |
} |
||
3527 |
|||
3528 |
if (!added) |
||
3529 |
yyerror("rule expands to no valid combination"); |
||
3530 |
} |
||
3531 |
|||
3532 |
int |
||
3533 |
expand_skip_interface(struct node_if *interfaces) |
||
3534 |
{ |
||
3535 |
int errs = 0; |
||
3536 |
|||
3537 |
if (!interfaces || (!interfaces->next && !interfaces->not && |
||
3538 |
!strcmp(interfaces->ifname, "none"))) { |
||
3539 |
if (pf->opts & PF_OPT_VERBOSE) |
||
3540 |
printf("set skip on none\n"); |
||
3541 |
errs = pfctl_set_interface_flags(pf, "", PFI_IFLAG_SKIP, 0); |
||
3542 |
return (errs); |
||
3543 |
} |
||
3544 |
|||
3545 |
if (pf->opts & PF_OPT_VERBOSE) |
||
3546 |
✗✓ | 166 |
printf("set skip on {"); |
3547 |
83 |
LOOP_THROUGH(struct node_if, interface, interfaces, |
|
3548 |
if (pf->opts & PF_OPT_VERBOSE) |
||
3549 |
printf(" %s", interface->ifname); |
||
3550 |
if (interface->not) { |
||
3551 |
yyerror("skip on ! <interface> is not supported"); |
||
3552 |
errs++; |
||
3553 |
} else if (interface->use_rdomain) { |
||
3554 |
yyerror("skip on rdomain <num> is not supported"); |
||
3555 |
✗✓ | 564 |
errs++; |
3556 |
} else |
||
3557 |
errs += pfctl_set_interface_flags(pf, |
||
3558 |
interface->ifname, PFI_IFLAG_SKIP, 1); |
||
3559 |
); |
||
3560 |
564 |
if (pf->opts & PF_OPT_VERBOSE) |
|
3561 |
printf(" }\n"); |
||
3562 |
583 |
||
3563 |
19 |
FREE_LIST(struct node_if, interfaces); |
|
3564 |
|||
3565 |
if (errs) |
||
3566 |
✗✓ | 19 |
return (1); |
3567 |
else |
||
3568 |
return (0); |
||
3569 |
} |
||
3570 |
|||
3571 |
void |
||
3572 |
✗✓ | 19 |
freehostlist(struct node_host *h) |
3573 |
{ |
||
3574 |
struct node_host *n; |
||
3575 |
|||
3576 |
for (n = h; n != NULL; n = n->next) |
||
3577 |
19 |
if (n->ifname) |
|
3578 |
free(n->ifname); |
||
3579 |
19 |
FREE_LIST(struct node_host, h); |
|
3580 |
16 |
} |
|
3581 |
16 |
||
3582 |
✗✓ | 16 |
#undef FREE_LIST |
3583 |
#undef LOOP_THROUGH |
||
3584 |
|||
3585 |
int |
||
3586 |
kw_cmp(const void *k, const void *e) |
||
3587 |
16 |
{ |
|
3588 |
return (strcmp(k, ((const struct keywords *)e)->k_name)); |
||
3589 |
16 |
} |
|
3590 |
|||
3591 |
int |
||
3592 |
500 |
lookup(char *s) |
|
3593 |
✗✓ | 500 |
{ |
3594 |
/* this has to be sorted always */ |
||
3595 |
500 |
static const struct keywords keywords[] = { |
|
3596 |
500 |
{ "af-to", AFTO}, |
|
3597 |
{ "all", ALL}, |
||
3598 |
500 |
{ "allow-opts", ALLOWOPTS}, |
|
3599 |
83 |
{ "anchor", ANCHOR}, |
|
3600 |
✗✓ | 83 |
{ "antispoof", ANTISPOOF}, |
3601 |
{ "any", ANY}, |
||
3602 |
83 |
{ "bandwidth", BANDWIDTH}, |
|
3603 |
83 |
{ "binat-to", BINATTO}, |
|
3604 |
{ "bitmask", BITMASK}, |
||
3605 |
83 |
{ "block", BLOCK}, |
|
3606 |
{ "block-policy", BLOCKPOLICY}, |
||
3607 |
{ "burst", BURST}, |
||
3608 |
{ "code", CODE}, |
||
3609 |
{ "debug", DEBUG}, |
||
3610 |
{ "default", DEFAULT}, |
||
3611 |
{ "divert-packet", DIVERTPACKET}, |
||
3612 |
{ "divert-reply", DIVERTREPLY}, |
||
3613 |
{ "divert-to", DIVERTTO}, |
||
3614 |
{ "drop", DROP}, |
||
3615 |
{ "dup-to", DUPTO}, |
||
3616 |
{ "file", FILENAME}, |
||
3617 |
{ "fingerprints", FINGERPRINTS}, |
||
3618 |
{ "flags", FLAGS}, |
||
3619 |
✓✓ | 23 |
{ "floating", FLOATING}, |
3620 |
✗✓ | 14 |
{ "flows", FLOWS}, |
3621 |
{ "flush", FLUSH}, |
||
3622 |
{ "for", FOR}, |
||
3623 |
{ "fragment", FRAGMENT}, |
||
3624 |
{ "from", FROM}, |
||
3625 |
{ "global", GLOBAL}, |
||
3626 |
14 |
{ "group", GROUP}, |
|
3627 |
✗✓ | 14 |
{ "hostid", HOSTID}, |
3628 |
{ "icmp-type", ICMPTYPE}, |
||
3629 |
{ "icmp6-type", ICMP6TYPE}, |
||
3630 |
✗✓ | 42 |
{ "if-bound", IFBOUND}, |
3631 |
14 |
{ "in", IN}, |
|
3632 |
28 |
{ "include", INCLUDE}, |
|
3633 |
{ "inet", INET}, |
||
3634 |
{ "inet6", INET6}, |
||
3635 |
{ "keep", KEEP}, |
||
3636 |
{ "label", LABEL}, |
||
3637 |
{ "least-states", LEASTSTATES}, |
||
3638 |
{ "limit", LIMIT}, |
||
3639 |
9 |
{ "load", LOAD}, |
|
3640 |
{ "log", LOG}, |
||
3641 |
9 |
{ "loginterface", LOGINTERFACE}, |
|
3642 |
✗✓ | 9 |
{ "match", MATCH}, |
3643 |
{ "matches", MATCHES}, |
||
3644 |
9 |
{ "max", MAXIMUM}, |
|
3645 |
18 |
{ "max-mss", MAXMSS}, |
|
3646 |
9 |
{ "max-src-conn", MAXSRCCONN}, |
|
3647 |
9 |
{ "max-src-conn-rate", MAXSRCCONNRATE}, |
|
3648 |
9 |
{ "max-src-nodes", MAXSRCNODES}, |
|
3649 |
9 |
{ "max-src-states", MAXSRCSTATES}, |
|
3650 |
9 |
{ "min", MINIMUM}, |
|
3651 |
9 |
{ "min-ttl", MINTTL}, |
|
3652 |
9 |
{ "modulate", MODULATE}, |
|
3653 |
23 |
{ "nat-to", NATTO}, |
|
3654 |
{ "no", NO}, |
||
3655 |
23 |
{ "no-df", NODF}, |
|
3656 |
{ "no-route", NOROUTE}, |
||
3657 |
146 |
{ "no-sync", NOSYNC}, |
|
3658 |
146 |
{ "on", ON}, |
|
3659 |
146 |
{ "once", ONCE}, |
|
3660 |
146 |
{ "optimization", OPTIMIZATION}, |
|
3661 |
529 |
{ "os", OS}, |
|
3662 |
529 |
{ "out", OUT}, |
|
3663 |
{ "overload", OVERLOAD}, |
||
3664 |
529 |
{ "parent", PARENT}, |
|
3665 |
{ "pass", PASS}, |
||
3666 |
{ "pflow", PFLOW}, |
||
3667 |
{ "port", PORT}, |
||
3668 |
{ "prio", PRIO}, |
||
3669 |
{ "probability", PROBABILITY}, |
||
3670 |
{ "proto", PROTO}, |
||
3671 |
✗✓ | 12 |
{ "qlimit", QLIMIT}, |
3672 |
{ "quantum", QUANTUM}, |
||
3673 |
{ "queue", QUEUE}, |
||
3674 |
{ "quick", QUICK}, |
||
3675 |
12 |
{ "random", RANDOM}, |
|
3676 |
{ "random-id", RANDOMID}, |
||
3677 |
12 |
{ "rdomain", RDOMAIN}, |
|
3678 |
✗✓ | 16 |
{ "rdr-to", RDRTO}, |
3679 |
{ "reassemble", REASSEMBLE}, |
||
3680 |
{ "received-on", RECEIVEDON}, |
||
3681 |
{ "reply-to", REPLYTO}, |
||
3682 |
16 |
{ "return", RETURN}, |
|
3683 |
{ "return-icmp", RETURNICMP}, |
||
3684 |
16 |
{ "return-icmp6", RETURNICMP6}, |
|
3685 |
✗✓ | 23 |
{ "return-rst", RETURNRST}, |
3686 |
{ "round-robin", ROUNDROBIN}, |
||
3687 |
{ "route", ROUTE}, |
||
3688 |
{ "route-to", ROUTETO}, |
||
3689 |
23 |
{ "rtable", RTABLE}, |
|
3690 |
23 |
{ "rule", RULE}, |
|
3691 |
{ "ruleset-optimization", RULESET_OPTIMIZATION}, |
||
3692 |
23 |
{ "scrub", SCRUB}, |
|
3693 |
✗✓ | 37 |
{ "set", SET}, |
3694 |
{ "skip", SKIP}, |
||
3695 |
{ "sloppy", SLOPPY}, |
||
3696 |
{ "source-hash", SOURCEHASH}, |
||
3697 |
37 |
{ "source-track", SOURCETRACK}, |
|
3698 |
{ "state", STATE}, |
||
3699 |
37 |
{ "state-defaults", STATEDEFAULTS}, |
|
3700 |
{ "state-policy", STATEPOLICY}, |
||
3701 |
{ "static-port", STATICPORT}, |
||
3702 |
{ "sticky-address", STICKYADDRESS}, |
||
3703 |
{ "synproxy", SYNPROXY}, |
||
3704 |
{ "table", TABLE}, |
||
3705 |
{ "tag", TAG}, |
||
3706 |
{ "tagged", TAGGED}, |
||
3707 |
✗✓ | 59 |
{ "timeout", TIMEOUT}, |
3708 |
{ "to", TO}, |
||
3709 |
{ "tos", TOS}, |
||
3710 |
{ "ttl", TTL}, |
||
3711 |
59 |
{ "urpf-failed", URPFFAILED}, |
|
3712 |
{ "user", USER}, |
||
3713 |
59 |
{ "weight", WEIGHT}, |
|
3714 |
✗✓ | 12 |
}; |
3715 |
const struct keywords *p; |
||
3716 |
|||
3717 |
p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]), |
||
3718 |
12 |
sizeof(keywords[0]), kw_cmp); |
|
3719 |
12 |
||
3720 |
if (p) { |
||
3721 |
12 |
if (debug > 1) |
|
3722 |
fprintf(stderr, "%s: %d\n", s, p->k_val); |
||
3723 |
return (p->k_val); |
||
3724 |
} else { |
||
3725 |
✓✓ | 40 |
if (debug > 1) |
3726 |
✗✓ | 6 |
fprintf(stderr, "string: %s\n", s); |
3727 |
return (STRING); |
||
3728 |
} |
||
3729 |
} |
||
3730 |
6 |
||
3731 |
6 |
#define MAXPUSHBACK 128 |
|
3732 |
34 |
||
3733 |
✗✓ | 34 |
u_char *parsebuf; |
3734 |
int parseindex; |
||
3735 |
34 |
u_char pushback_buffer[MAXPUSHBACK]; |
|
3736 |
34 |
int pushback_index = 0; |
|
3737 |
34 |
||
3738 |
34 |
int |
|
3739 |
34 |
lgetc(int quotec) |
|
3740 |
{ |
||
3741 |
int c, next; |
||
3742 |
|||
3743 |
5 |
if (parsebuf) { |
|
3744 |
/* Read character from the parsebuffer instead of input. */ |
||
3745 |
✗✓ | 5 |
if (parseindex >= 0) { |
3746 |
c = parsebuf[parseindex++]; |
||
3747 |
5 |
if (c != '\0') |
|
3748 |
✗✓ | 10 |
return (c); |
3749 |
parsebuf = NULL; |
||
3750 |
5 |
} else |
|
3751 |
parseindex++; |
||
3752 |
} |
||
3753 |
|||
3754 |
if (pushback_index) |
||
3755 |
✗✓ | 10 |
return (pushback_buffer[--pushback_index]); |
3756 |
|||
3757 |
✗✓ | 2 |
if (quotec) { |
3758 |
if ((c = getc(file->stream)) == EOF) { |
||
3759 |
yyerror("reached end of file while parsing quoted string"); |
||
3760 |
if (popfile() == EOF) |
||
3761 |
return (EOF); |
||
3762 |
2 |
return (quotec); |
|
3763 |
✗✓ | 2 |
} |
3764 |
return (c); |
||
3765 |
2 |
} |
|
3766 |
✗✓ | 4 |
|
3767 |
2 |
while ((c = getc(file->stream)) == '\\') { |
|
3768 |
next = getc(file->stream); |
||
3769 |
if (next != '\n') { |
||
3770 |
2 |
c = next; |
|
3771 |
2 |
break; |
|
3772 |
2 |
} |
|
3773 |
yylval.lineno = file->lineno; |
||
3774 |
2 |
file->lineno++; |
|
3775 |
} |
||
3776 |
|||
3777 |
while (c == EOF) { |
||
3778 |
if (popfile() == EOF) |
||
3779 |
return (EOF); |
||
3780 |
c = getc(file->stream); |
||
3781 |
} |
||
3782 |
return (c); |
||
3783 |
} |
||
3784 |
|||
3785 |
int |
||
3786 |
lungetc(int c) |
||
3787 |
{ |
||
3788 |
51 |
if (c == EOF) |
|
3789 |
return (EOF); |
||
3790 |
✓✓ | 204 |
if (parsebuf) { |
3791 |
✗✓ | 51 |
parseindex--; |
3792 |
if (parseindex >= 0) |
||
3793 |
return (c); |
||
3794 |
} |
||
3795 |
if (pushback_index < MAXPUSHBACK-1) |
||
3796 |
✗✓ | 51 |
return (pushback_buffer[pushback_index++] = c); |
3797 |
else |
||
3798 |
return (EOF); |
||
3799 |
51 |
} |
|
3800 |
✗✓ | 51 |
|
3801 |
int |
||
3802 |
findeol(void) |
||
3803 |
{ |
||
3804 |
✗✓ | 6 |
int c; |
3805 |
|||
3806 |
parsebuf = NULL; |
||
3807 |
|||
3808 |
/* skip to either EOF or the first real EOL */ |
||
3809 |
6 |
while (1) { |
|
3810 |
if (pushback_index) |
||
3811 |
6 |
c = pushback_buffer[--pushback_index]; |
|
3812 |
✗✓ | 6 |
else |
3813 |
c = lgetc(0); |
||
3814 |
✗✓ | 6 |
if (c == '\n') { |
3815 |
file->lineno++; |
||
3816 |
break; |
||
3817 |
} |
||
3818 |
if (c == EOF) |
||
3819 |
6 |
break; |
|
3820 |
6 |
} |
|
3821 |
✗✓ | 6 |
return (ERROR); |
3822 |
} |
||
3823 |
|||
3824 |
int |
||
3825 |
yylex(void) |
||
3826 |
6 |
{ |
|
3827 |
u_char buf[8096]; |
||
3828 |
6 |
u_char *p, *val; |
|
3829 |
int quotec, next, c; |
||
3830 |
int token; |
||
3831 |
✗✓ | 86 |
|
3832 |
top: |
||
3833 |
p = buf; |
||
3834 |
while ((c = lgetc(0)) == ' ' || c == '\t') |
||
3835 |
; /* nothing */ |
||
3836 |
86 |
||
3837 |
yylval.lineno = file->lineno; |
||
3838 |
92 |
if (c == '#') |
|
3839 |
6 |
while ((c = lgetc(0)) != '\n' && c != EOF) |
|
3840 |
; /* nothing */ |
||
3841 |
if (c == '$' && parsebuf == NULL) { |
||
3842 |
while (1) { |
||
3843 |
✓✗✗✓ |
92 |
if ((c = lgetc(0)) == EOF) |
3844 |
return (0); |
||
3845 |
|||
3846 |
if (p + 1 >= buf + sizeof(buf) - 1) { |
||
3847 |
✗✓ | 46 |
yyerror("string too long"); |
3848 |
return (findeol()); |
||
3849 |
} |
||
3850 |
if (isalnum(c) || c == '_') { |
||
3851 |
*p++ = c; |
||
3852 |
46 |
continue; |
|
3853 |
} |
||
3854 |
46 |
*p = '\0'; |
|
3855 |
lungetc(c); |
||
3856 |
break; |
||
3857 |
} |
||
3858 |
val = symget(buf); |
||
3859 |
if (val == NULL) { |
||
3860 |
yyerror("macro '%s' not defined", buf); |
||
3861 |
return (findeol()); |
||
3862 |
✓✗✗✓ |
32 |
} |
3863 |
parsebuf = val; |
||
3864 |
parseindex = 0; |
||
3865 |
goto top; |
||
3866 |
✗✓ | 16 |
} |
3867 |
|||
3868 |
switch (c) { |
||
3869 |
case '\'': |
||
3870 |
case '"': |
||
3871 |
16 |
quotec = c; |
|
3872 |
while (1) { |
||
3873 |
16 |
if ((c = lgetc(quotec)) == EOF) |
|
3874 |
return (0); |
||
3875 |
if (c == '\n') { |
||
3876 |
file->lineno++; |
||
3877 |
continue; |
||
3878 |
} else if (c == '\\') { |
||
3879 |
if ((next = lgetc(quotec)) == EOF) |
||
3880 |
return (0); |
||
3881 |
if (next == quotec || c == ' ' || c == '\t') |
||
3882 |
c = next; |
||
3883 |
6 |
else if (next == '\n') { |
|
3884 |
6 |
file->lineno++; |
|
3885 |
✓✗ | 8 |
continue; |
3886 |
8 |
} else |
|
3887 |
lungetc(next); |
||
3888 |
} else if (c == quotec) { |
||
3889 |
*p = '\0'; |
||
3890 |
break; |
||
3891 |
} else if (c == '\0') { |
||
3892 |
yyerror("syntax error"); |
||
3893 |
8 |
return (findeol()); |
|
3894 |
} |
||
3895 |
8 |
if (p + 1 >= buf + sizeof(buf) - 1) { |
|
3896 |
yyerror("string too long"); |
||
3897 |
326 |
return (findeol()); |
|
3898 |
343 |
} |
|
3899 |
26 |
*p++ = c; |
|
3900 |
13 |
} |
|
3901 |
12 |
yylval.v.string = strdup(buf); |
|
3902 |
21 |
if (yylval.v.string == NULL) |
|
3903 |
13 |
err(1, "yylex: strdup"); |
|
3904 |
return (STRING); |
||
3905 |
case '!': |
||
3906 |
next = lgetc(0); |
||
3907 |
if (next == '=') |
||
3908 |
return (NE); |
||
3909 |
lungetc(next); |
||
3910 |
break; |
||
3911 |
case '<': |
||
3912 |
next = lgetc(0); |
||
3913 |
if (next == '>') { |
||
3914 |
yylval.v.i = PF_OP_XRG; |
||
3915 |
return (PORTBINARY); |
||
3916 |
} else if (next == '=') |
||
3917 |
return (LE); |
||
3918 |
lungetc(next); |
||
3919 |
break; |
||
3920 |
case '>': |
||
3921 |
next = lgetc(0); |
||
3922 |
if (next == '<') { |
||
3923 |
yylval.v.i = PF_OP_IRG; |
||
3924 |
return (PORTBINARY); |
||
3925 |
} else if (next == '=') |
||
3926 |
return (GE); |
||
3927 |
lungetc(next); |
||
3928 |
break; |
||
3929 |
} |
||
3930 |
|||
3931 |
#define allowed_to_end_number(x) \ |
||
3932 |
(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=') |
||
3933 |
|||
3934 |
if (c == '-' || isdigit(c)) { |
||
3935 |
do { |
||
3936 |
*p++ = c; |
||
3937 |
if ((unsigned)(p-buf) >= sizeof(buf)) { |
||
3938 |
yyerror("string too long"); |
||
3939 |
return (findeol()); |
||
3940 |
} |
||
3941 |
} while ((c = lgetc(0)) != EOF && isdigit(c)); |
||
3942 |
lungetc(c); |
||
3943 |
if (p == buf + 1 && buf[0] == '-') |
||
3944 |
goto nodigits; |
||
3945 |
if (c == EOF || allowed_to_end_number(c)) { |
||
3946 |
const char *errstr = NULL; |
||
3947 |
|||
3948 |
*p = '\0'; |
||
3949 |
yylval.v.number = strtonum(buf, LLONG_MIN, |
||
3950 |
LLONG_MAX, &errstr); |
||
3951 |
if (errstr) { |
||
3952 |
yyerror("\"%s\" invalid number: %s", |
||
3953 |
buf, errstr); |
||
3954 |
return (findeol()); |
||
3955 |
} |
||
3956 |
return (NUMBER); |
||
3957 |
} else { |
||
3958 |
nodigits: |
||
3959 |
while (p > buf + 1) |
||
3960 |
lungetc(*--p); |
||
3961 |
c = *--p; |
||
3962 |
if (c == '-') |
||
3963 |
return (c); |
||
3964 |
} |
||
3965 |
} |
||
3966 |
|||
3967 |
#define allowed_in_string(x) \ |
||
3968 |
(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ |
||
3969 |
x != '{' && x != '}' && x != '<' && x != '>' && \ |
||
3970 |
x != '!' && x != '=' && x != '/' && x != '#' && \ |
||
3971 |
x != ',')) |
||
3972 |
|||
3973 |
if (isalnum(c) || c == ':' || c == '_') { |
||
3974 |
do { |
||
3975 |
*p++ = c; |
||
3976 |
if ((unsigned)(p-buf) >= sizeof(buf)) { |
||
3977 |
yyerror("string too long"); |
||
3978 |
return (findeol()); |
||
3979 |
} |
||
3980 |
} while ((c = lgetc(0)) != EOF && (allowed_in_string(c))); |
||
3981 |
lungetc(c); |
||
3982 |
*p = '\0'; |
||
3983 |
if ((token = lookup(buf)) == STRING) |
||
3984 |
if ((yylval.v.string = strdup(buf)) == NULL) |
||
3985 |
err(1, "yylex: strdup"); |
||
3986 |
return (token); |
||
3987 |
} |
||
3988 |
if (c == '\n') { |
||
3989 |
yylval.lineno = file->lineno; |
||
3990 |
file->lineno++; |
||
3991 |
} |
||
3992 |
if (c == EOF) |
||
3993 |
return (0); |
||
3994 |
return (c); |
||
3995 |
} |
||
3996 |
|||
3997 |
int |
||
3998 |
check_file_secrecy(int fd, const char *fname) |
||
3999 |
{ |
||
4000 |
struct stat st; |
||
4001 |
|||
4002 |
if (fstat(fd, &st)) { |
||
4003 |
warn("cannot stat %s", fname); |
||
4004 |
return (-1); |
||
4005 |
} |
||
4006 |
if (st.st_uid != 0 && st.st_uid != getuid()) { |
||
4007 |
warnx("%s: owner not root or current user", fname); |
||
4008 |
return (-1); |
||
4009 |
} |
||
4010 |
if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { |
||
4011 |
warnx("%s: group writable or world read/writable", fname); |
||
4012 |
return (-1); |
||
4013 |
} |
||
4014 |
return (0); |
||
4015 |
} |
||
4016 |
|||
4017 |
struct file * |
||
4018 |
pushfile(const char *name, int secret) |
||
4019 |
{ |
||
4020 |
struct file *nfile; |
||
4021 |
|||
4022 |
if ((nfile = calloc(1, sizeof(struct file))) == NULL || |
||
4023 |
(nfile->name = strdup(name)) == NULL) { |
||
4024 |
if (nfile) |
||
4025 |
free(nfile); |
||
4026 |
warn("malloc"); |
||
4027 |
return (NULL); |
||
4028 |
} |
||
4029 |
if (TAILQ_FIRST(&files) == NULL && strcmp(nfile->name, "-") == 0) { |
||
4030 |
nfile->stream = stdin; |
||
4031 |
free(nfile->name); |
||
4032 |
if ((nfile->name = strdup("stdin")) == NULL) { |
||
4033 |
warn("strdup"); |
||
4034 |
free(nfile); |
||
4035 |
return (NULL); |
||
4036 |
} |
||
4037 |
} else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { |
||
4038 |
warn("%s", nfile->name); |
||
4039 |
free(nfile->name); |
||
4040 |
free(nfile); |
||
4041 |
return (NULL); |
||
4042 |
} else if (secret && |
||
4043 |
check_file_secrecy(fileno(nfile->stream), nfile->name)) { |
||
4044 |
fclose(nfile->stream); |
||
4045 |
free(nfile->name); |
||
4046 |
free(nfile); |
||
4047 |
return (NULL); |
||
4048 |
} |
||
4049 |
nfile->lineno = 1; |
||
4050 |
TAILQ_INSERT_TAIL(&files, nfile, entry); |
||
4051 |
return (nfile); |
||
4052 |
} |
||
4053 |
|||
4054 |
int |
||
4055 |
popfile(void) |
||
4056 |
{ |
||
4057 |
struct file *prev; |
||
4058 |
|||
4059 |
if ((prev = TAILQ_PREV(file, files, entry)) != NULL) { |
||
4060 |
prev->errors += file->errors; |
||
4061 |
TAILQ_REMOVE(&files, file, entry); |
||
4062 |
fclose(file->stream); |
||
4063 |
free(file->name); |
||
4064 |
free(file); |
||
4065 |
file = prev; |
||
4066 |
return (0); |
||
4067 |
} |
||
4068 |
return (EOF); |
||
4069 |
} |
||
4070 |
|||
4071 |
int |
||
4072 |
parse_config(char *filename, struct pfctl *xpf) |
||
4073 |
{ |
||
4074 |
int errors = 0; |
||
4075 |
struct sym *sym; |
||
4076 |
|||
4077 |
pf = xpf; |
||
4078 |
returnicmpdefault = (ICMP_UNREACH << 8) | ICMP_UNREACH_PORT; |
||
4079 |
returnicmp6default = |
||
4080 |
(ICMP6_DST_UNREACH << 8) | ICMP6_DST_UNREACH_NOPORT; |
||
4081 |
blockpolicy = PFRULE_DROP; |
||
4082 |
|||
4083 |
if ((file = pushfile(filename, 0)) == NULL) { |
||
4084 |
warn("cannot open the main config file!"); |
||
4085 |
return (-1); |
||
4086 |
} |
||
4087 |
|||
4088 |
yyparse(); |
||
4089 |
errors = file->errors; |
||
4090 |
popfile(); |
||
4091 |
|||
4092 |
/* Free macros and check which have not been used. */ |
||
4093 |
while ((sym = TAILQ_FIRST(&symhead))) { |
||
4094 |
if ((pf->opts & PF_OPT_VERBOSE2) && !sym->used) |
||
4095 |
fprintf(stderr, "warning: macro '%s' not " |
||
4096 |
"used\n", sym->nam); |
||
4097 |
free(sym->nam); |
||
4098 |
free(sym->val); |
||
4099 |
TAILQ_REMOVE(&symhead, sym, entry); |
||
4100 |
free(sym); |
||
4101 |
} |
||
4102 |
|||
4103 |
return (errors ? -1 : 0); |
||
4104 |
} |
||
4105 |
|||
4106 |
int |
||
4107 |
symset(const char *nam, const char *val, int persist) |
||
4108 |
{ |
||
4109 |
struct sym *sym; |
||
4110 |
|||
4111 |
TAILQ_FOREACH(sym, &symhead, entry) { |
||
4112 |
if (strcmp(nam, sym->nam) == 0) |
||
4113 |
break; |
||
4114 |
} |
||
4115 |
|||
4116 |
if (sym != NULL) { |
||
4117 |
if (sym->persist == 1) |
||
4118 |
return (0); |
||
4119 |
else { |
||
4120 |
free(sym->nam); |
||
4121 |
free(sym->val); |
||
4122 |
TAILQ_REMOVE(&symhead, sym, entry); |
||
4123 |
free(sym); |
||
4124 |
} |
||
4125 |
} |
||
4126 |
if ((sym = calloc(1, sizeof(*sym))) == NULL) |
||
4127 |
return (-1); |
||
4128 |
|||
4129 |
sym->nam = strdup(nam); |
||
4130 |
if (sym->nam == NULL) { |
||
4131 |
free(sym); |
||
4132 |
return (-1); |
||
4133 |
} |
||
4134 |
sym->val = strdup(val); |
||
4135 |
if (sym->val == NULL) { |
||
4136 |
free(sym->nam); |
||
4137 |
free(sym); |
||
4138 |
return (-1); |
||
4139 |
} |
||
4140 |
sym->used = 0; |
||
4141 |
sym->persist = persist; |
||
4142 |
TAILQ_INSERT_TAIL(&symhead, sym, entry); |
||
4143 |
return (0); |
||
4144 |
} |
||
4145 |
|||
4146 |
int |
||
4147 |
pfctl_cmdline_symset(char *s) |
||
4148 |
{ |
||
4149 |
char *sym, *val; |
||
4150 |
int ret; |
||
4151 |
|||
4152 |
if ((val = strrchr(s, '=')) == NULL) |
||
4153 |
return (-1); |
||
4154 |
|||
4155 |
if ((sym = malloc(strlen(s) - strlen(val) + 1)) == NULL) |
||
4156 |
err(1, "pfctl_cmdline_symset: malloc"); |
||
4157 |
|||
4158 |
strlcpy(sym, s, strlen(s) - strlen(val) + 1); |
||
4159 |
|||
4160 |
ret = symset(sym, val + 1, 1); |
||
4161 |
free(sym); |
||
4162 |
|||
4163 |
return (ret); |
||
4164 |
} |
||
4165 |
|||
4166 |
char * |
||
4167 |
symget(const char *nam) |
||
4168 |
{ |
||
4169 |
struct sym *sym; |
||
4170 |
|||
4171 |
TAILQ_FOREACH(sym, &symhead, entry) { |
||
4172 |
if (strcmp(nam, sym->nam) == 0) { |
||
4173 |
sym->used = 1; |
||
4174 |
return (sym->val); |
||
4175 |
} |
||
4176 |
} |
||
4177 |
return (NULL); |
||
4178 |
} |
||
4179 |
|||
4180 |
void |
||
4181 |
mv_rules(struct pf_ruleset *src, struct pf_ruleset *dst) |
||
4182 |
{ |
||
4183 |
struct pf_rule *r; |
||
4184 |
|||
4185 |
while ((r = TAILQ_FIRST(src->rules.active.ptr)) != NULL) { |
||
4186 |
TAILQ_REMOVE(src->rules.active.ptr, r, entries); |
||
4187 |
TAILQ_INSERT_TAIL(dst->rules.active.ptr, r, entries); |
||
4188 |
dst->anchor->match++; |
||
4189 |
} |
||
4190 |
src->anchor->match = 0; |
||
4191 |
while ((r = TAILQ_FIRST(src->rules.inactive.ptr)) != NULL) { |
||
4192 |
TAILQ_REMOVE(src->rules.inactive.ptr, r, entries); |
||
4193 |
TAILQ_INSERT_TAIL(dst->rules.inactive.ptr, r, entries); |
||
4194 |
} |
||
4195 |
} |
||
4196 |
|||
4197 |
void |
||
4198 |
decide_address_family(struct node_host *n, sa_family_t *af) |
||
4199 |
{ |
||
4200 |
if (*af != 0 || n == NULL) |
||
4201 |
return; |
||
4202 |
*af = n->af; |
||
4203 |
while ((n = n->next) != NULL) { |
||
4204 |
if (n->af != *af) { |
||
4205 |
*af = 0; |
||
4206 |
return; |
||
4207 |
} |
||
4208 |
} |
||
4209 |
} |
||
4210 |
|||
4211 |
int |
||
4212 |
invalid_redirect(struct node_host *nh, sa_family_t af) |
||
4213 |
{ |
||
4214 |
if (!af) { |
||
4215 |
struct node_host *n; |
||
4216 |
|||
4217 |
/* tables and dyniftl are ok without an address family */ |
||
4218 |
for (n = nh; n != NULL; n = n->next) { |
||
4219 |
if (n->addr.type != PF_ADDR_TABLE && |
||
4220 |
n->addr.type != PF_ADDR_DYNIFTL) { |
||
4221 |
yyerror("address family not given and " |
||
4222 |
"translation address expands to multiple " |
||
4223 |
"address families"); |
||
4224 |
return (1); |
||
4225 |
} |
||
4226 |
} |
||
4227 |
} |
||
4228 |
if (nh == NULL) { |
||
4229 |
yyerror("no translation address with matching address family " |
||
4230 |
"found."); |
||
4231 |
return (1); |
||
4232 |
} |
||
4233 |
return (0); |
||
4234 |
} |
||
4235 |
|||
4236 |
int |
||
4237 |
atoul(char *s, u_long *ulvalp) |
||
4238 |
{ |
||
4239 |
u_long ulval; |
||
4240 |
char *ep; |
||
4241 |
|||
4242 |
errno = 0; |
||
4243 |
ulval = strtoul(s, &ep, 0); |
||
4244 |
if (s[0] == '\0' || *ep != '\0') |
||
4245 |
return (-1); |
||
4246 |
if (errno == ERANGE && ulval == ULONG_MAX) |
||
4247 |
return (-1); |
||
4248 |
*ulvalp = ulval; |
||
4249 |
return (0); |
||
4250 |
} |
||
4251 |
|||
4252 |
int |
||
4253 |
getservice(char *n) |
||
4254 |
{ |
||
4255 |
struct servent *s; |
||
4256 |
u_long ulval; |
||
4257 |
|||
4258 |
if (atoul(n, &ulval) == 0) { |
||
4259 |
if (ulval > 65535) { |
||
4260 |
yyerror("illegal port value %lu", ulval); |
||
4261 |
return (-1); |
||
4262 |
} |
||
4263 |
return (htons(ulval)); |
||
4264 |
} else { |
||
4265 |
s = getservbyname(n, "tcp"); |
||
4266 |
if (s == NULL) |
||
4267 |
s = getservbyname(n, "udp"); |
||
4268 |
if (s == NULL) { |
||
4269 |
yyerror("unknown port %s", n); |
||
4270 |
return (-1); |
||
4271 |
} |
||
4272 |
return (s->s_port); |
||
4273 |
} |
||
4274 |
} |
||
4275 |
|||
4276 |
int |
||
4277 |
rule_label(struct pf_rule *r, char *s) |
||
4278 |
{ |
||
4279 |
if (s) { |
||
4280 |
if (strlcpy(r->label, s, sizeof(r->label)) >= |
||
4281 |
sizeof(r->label)) { |
||
4282 |
yyerror("rule label too long (max %d chars)", |
||
4283 |
sizeof(r->label)-1); |
||
4284 |
return (-1); |
||
4285 |
} |
||
4286 |
} |
||
4287 |
return (0); |
||
4288 |
} |
||
4289 |
|||
4290 |
u_int16_t |
||
4291 |
parseicmpspec(char *w, sa_family_t af) |
||
4292 |
{ |
||
4293 |
const struct icmpcodeent *p; |
||
4294 |
u_long ulval; |
||
4295 |
u_int8_t icmptype; |
||
4296 |
|||
4297 |
if (af == AF_INET) |
||
4298 |
icmptype = returnicmpdefault >> 8; |
||
4299 |
else |
||
4300 |
icmptype = returnicmp6default >> 8; |
||
4301 |
|||
4302 |
if (atoul(w, &ulval) == -1) { |
||
4303 |
if ((p = geticmpcodebyname(icmptype, w, af)) == NULL) { |
||
4304 |
yyerror("unknown icmp code %s", w); |
||
4305 |
return (0); |
||
4306 |
} |
||
4307 |
ulval = p->code; |
||
4308 |
} |
||
4309 |
if (ulval > 255) { |
||
4310 |
yyerror("invalid icmp code %lu", ulval); |
||
4311 |
return (0); |
||
4312 |
} |
||
4313 |
return (icmptype << 8 | ulval); |
||
4314 |
} |
||
4315 |
|||
4316 |
int |
||
4317 |
parseport(char *port, struct range *r, int extensions) |
||
4318 |
{ |
||
4319 |
char *p = strchr(port, ':'); |
||
4320 |
|||
4321 |
if (p == NULL) { |
||
4322 |
if ((r->a = getservice(port)) == -1) |
||
4323 |
return (-1); |
||
4324 |
r->b = 0; |
||
4325 |
r->t = PF_OP_NONE; |
||
4326 |
return (0); |
||
4327 |
} |
||
4328 |
if ((extensions & PPORT_STAR) && !strcmp(p+1, "*")) { |
||
4329 |
*p = 0; |
||
4330 |
if ((r->a = getservice(port)) == -1) |
||
4331 |
return (-1); |
||
4332 |
r->b = 0; |
||
4333 |
r->t = PF_OP_IRG; |
||
4334 |
return (0); |
||
4335 |
} |
||
4336 |
if ((extensions & PPORT_RANGE)) { |
||
4337 |
*p++ = 0; |
||
4338 |
if ((r->a = getservice(port)) == -1 || |
||
4339 |
(r->b = getservice(p)) == -1) |
||
4340 |
return (-1); |
||
4341 |
if (r->a == r->b) { |
||
4342 |
r->b = 0; |
||
4343 |
r->t = PF_OP_NONE; |
||
4344 |
} else |
||
4345 |
r->t = PF_OP_RRG; |
||
4346 |
return (0); |
||
4347 |
} |
||
4348 |
return (-1); |
||
4349 |
} |
||
4350 |
|||
4351 |
int |
||
4352 |
pfctl_load_anchors(int dev, struct pfctl *pf, struct pfr_buffer *trans) |
||
4353 |
{ |
||
4354 |
struct loadanchors *la; |
||
4355 |
|||
4356 |
TAILQ_FOREACH(la, &loadanchorshead, entries) { |
||
4357 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4358 |
fprintf(stderr, "\nLoading anchor %s from %s\n", |
||
4359 |
la->anchorname, la->filename); |
||
4360 |
if (pfctl_rules(dev, la->filename, pf->opts, pf->optimize, |
||
4361 |
la->anchorname, trans) == -1) |
||
4362 |
return (-1); |
||
4363 |
} |
||
4364 |
|||
4365 |
return (0); |
||
4366 |
} |
||
4367 |
|||
4368 |
int |
||
4369 |
kw_casecmp(const void *k, const void *e) |
||
4370 |
{ |
||
4371 |
return (strcasecmp(k, ((const struct keywords *)e)->k_name)); |
||
4372 |
} |
||
4373 |
|||
4374 |
int |
||
4375 |
map_tos(char *s, int *val) |
||
4376 |
{ |
||
4377 |
/* DiffServ Codepoints and other TOS mappings */ |
||
4378 |
const struct keywords toswords[] = { |
||
4379 |
{ "af11", IPTOS_DSCP_AF11 }, |
||
4380 |
{ "af12", IPTOS_DSCP_AF12 }, |
||
4381 |
{ "af13", IPTOS_DSCP_AF13 }, |
||
4382 |
{ "af21", IPTOS_DSCP_AF21 }, |
||
4383 |
{ "af22", IPTOS_DSCP_AF22 }, |
||
4384 |
{ "af23", IPTOS_DSCP_AF23 }, |
||
4385 |
{ "af31", IPTOS_DSCP_AF31 }, |
||
4386 |
{ "af32", IPTOS_DSCP_AF32 }, |
||
4387 |
{ "af33", IPTOS_DSCP_AF33 }, |
||
4388 |
{ "af41", IPTOS_DSCP_AF41 }, |
||
4389 |
{ "af42", IPTOS_DSCP_AF42 }, |
||
4390 |
{ "af43", IPTOS_DSCP_AF43 }, |
||
4391 |
{ "critical", IPTOS_PREC_CRITIC_ECP }, |
||
4392 |
{ "cs0", IPTOS_DSCP_CS0 }, |
||
4393 |
{ "cs1", IPTOS_DSCP_CS1 }, |
||
4394 |
{ "cs2", IPTOS_DSCP_CS2 }, |
||
4395 |
{ "cs3", IPTOS_DSCP_CS3 }, |
||
4396 |
{ "cs4", IPTOS_DSCP_CS4 }, |
||
4397 |
{ "cs5", IPTOS_DSCP_CS5 }, |
||
4398 |
{ "cs6", IPTOS_DSCP_CS6 }, |
||
4399 |
{ "cs7", IPTOS_DSCP_CS7 }, |
||
4400 |
{ "ef", IPTOS_DSCP_EF }, |
||
4401 |
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, |
||
4402 |
{ "lowdelay", IPTOS_LOWDELAY }, |
||
4403 |
{ "netcontrol", IPTOS_PREC_NETCONTROL }, |
||
4404 |
{ "reliability", IPTOS_RELIABILITY }, |
||
4405 |
{ "throughput", IPTOS_THROUGHPUT } |
||
4406 |
}; |
||
4407 |
const struct keywords *p; |
||
4408 |
|||
4409 |
p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]), |
||
4410 |
sizeof(toswords[0]), kw_casecmp); |
||
4411 |
|||
4412 |
if (p) { |
||
4413 |
*val = p->k_val; |
||
4414 |
return (1); |
||
4415 |
} |
||
4416 |
return (0); |
||
4417 |
} |
||
4418 |
#line 4411 "parse.c" |
||
4419 |
✓✗ | 908 |
/* allocate initial stack or double stack size, up to YYMAXDEPTH */ |
4420 |
454 |
static int yygrowstack(void) |
|
4421 |
{ |
||
4422 |
unsigned int newsize; |
||
4423 |
long sslen; |
||
4424 |
short *newss; |
||
4425 |
454 |
YYSTYPE *newvs; |
|
4426 |
|||
4427 |
if ((newsize = yystacksize) == 0) |
||
4428 |
newsize = YYINITSTACKSIZE; |
||
4429 |
else if (newsize >= YYMAXDEPTH) |
||
4430 |
return -1; |
||
4431 |
✓✗✓✗ |
908 |
else if ((newsize *= 2) > YYMAXDEPTH) |
4432 |
newsize = YYMAXDEPTH; |
||
4433 |
✗✓ | 908 |
sslen = yyssp - yyss; |
4434 |
454 |
#ifdef SIZE_MAX |
|
4435 |
✓✗ | 454 |
#define YY_SIZE_MAX SIZE_MAX |
4436 |
#else |
||
4437 |
454 |
#define YY_SIZE_MAX 0xffffffffU |
|
4438 |
454 |
#endif |
|
4439 |
✓✗✓✗ |
908 |
if (newsize && YY_SIZE_MAX / newsize < sizeof *newss) |
4440 |
goto bail; |
||
4441 |
✗✓ | 908 |
newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : |
4442 |
454 |
(short *)malloc(newsize * sizeof *newss); /* overflow check above */ |
|
4443 |
✓✗ | 454 |
if (newss == NULL) |
4444 |
goto bail; |
||
4445 |
454 |
yyss = newss; |
|
4446 |
454 |
yyssp = newss + sslen; |
|
4447 |
454 |
if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs) |
|
4448 |
454 |
goto bail; |
|
4449 |
454 |
newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : |
|
4450 |
(YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */ |
||
4451 |
if (newvs == NULL) |
||
4452 |
goto bail; |
||
4453 |
yyvs = newvs; |
||
4454 |
yyvsp = newvs + sslen; |
||
4455 |
yystacksize = newsize; |
||
4456 |
yysslim = yyss + newsize - 1; |
||
4457 |
return 0; |
||
4458 |
bail: |
||
4459 |
454 |
if (yyss) |
|
4460 |
free(yyss); |
||
4461 |
if (yyvs) |
||
4462 |
free(yyvs); |
||
4463 |
yyss = yyssp = NULL; |
||
4464 |
yyvs = yyvsp = NULL; |
||
4465 |
yystacksize = 0; |
||
4466 |
return -1; |
||
4467 |
} |
||
4468 |
|||
4469 |
#define YYABORT goto yyabort |
||
4470 |
#define YYREJECT goto yyabort |
||
4471 |
#define YYACCEPT goto yyaccept |
||
4472 |
#define YYERROR goto yyerrlab |
||
4473 |
int |
||
4474 |
yyparse(void) |
||
4475 |
{ |
||
4476 |
int yym, yyn, yystate; |
||
4477 |
#if YYDEBUG |
||
4478 |
const char *yys; |
||
4479 |
|||
4480 |
908 |
if ((yys = getenv("YYDEBUG"))) |
|
4481 |
454 |
{ |
|
4482 |
454 |
yyn = *yys; |
|
4483 |
if (yyn >= '0' && yyn <= '9') |
||
4484 |
✓✗✓✗ |
908 |
yydebug = yyn - '0'; |
4485 |
454 |
} |
|
4486 |
454 |
#endif /* YYDEBUG */ |
|
4487 |
454 |
||
4488 |
yynerrs = 0; |
||
4489 |
yyerrflag = 0; |
||
4490 |
✓✓ | 122610 |
yychar = (-1); |
4491 |
✓✓ | 70788 |
|
4492 |
if (yyss == NULL && yygrowstack()) goto yyoverflow; |
||
4493 |
36483 |
yyssp = yyss; |
|
4494 |
yyvsp = yyvs; |
||
4495 |
*yyssp = yystate = 0; |
||
4496 |
|||
4497 |
yyloop: |
||
4498 |
if ((yyn = yydefred[yystate]) != 0) goto yyreduce; |
||
4499 |
if (yychar < 0) |
||
4500 |
{ |
||
4501 |
if ((yychar = yylex()) < 0) yychar = 0; |
||
4502 |
#if YYDEBUG |
||
4503 |
if (yydebug) |
||
4504 |
36483 |
{ |
|
4505 |
✓✓✓✓ ✓✓ |
271757 |
yys = 0; |
4506 |
133870 |
if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; |
|
4507 |
if (!yys) yys = "illegal-symbol"; |
||
4508 |
printf("%sdebug: state %d, reading %d (%s)\n", |
||
4509 |
YYPREFIX, yystate, yychar, yys); |
||
4510 |
} |
||
4511 |
#endif |
||
4512 |
} |
||
4513 |
✗✓✗✗ |
39802 |
if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && |
4514 |
yyn <= YYTABLESIZE && yycheck[yyn] == yychar) |
||
4515 |
{ |
||
4516 |
#if YYDEBUG |
||
4517 |
39802 |
if (yydebug) |
|
4518 |
39802 |
printf("%sdebug: state %d, shifting to state %d\n", |
|
4519 |
39802 |
YYPREFIX, yystate, yytable[yyn]); |
|
4520 |
✓✓ | 39975 |
#endif |
4521 |
39802 |
if (yyssp >= yysslim && yygrowstack()) |
|
4522 |
{ |
||
4523 |
✓✓✓✗ ✓✓ |
123755 |
goto yyoverflow; |
4524 |
61846 |
} |
|
4525 |
*++yyssp = yystate = yytable[yyn]; |
||
4526 |
30918 |
*++yyvsp = yylval; |
|
4527 |
30918 |
yychar = (-1); |
|
4528 |
if (yyerrflag > 0) --yyerrflag; |
||
4529 |
✓✓ | 68 |
goto yyloop; |
4530 |
} |
||
4531 |
if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && |
||
4532 |
yyn <= YYTABLESIZE && yycheck[yyn] == yychar) |
||
4533 |
{ |
||
4534 |
20 |
yyn = yytable[yyn]; |
|
4535 |
goto yyreduce; |
||
4536 |
20 |
} |
|
4537 |
if (yyerrflag) goto yyinrecovery; |
||
4538 |
#if defined(__GNUC__) |
||
4539 |
83 |
goto yynewerror; |
|
4540 |
#endif |
||
4541 |
✓✓ | 131 |
yynewerror: |
4542 |
yyerror("syntax error"); |
||
4543 |
84 |
#if defined(__GNUC__) |
|
4544 |
838 |
goto yyerrlab; |
|
4545 |
#endif |
||
4546 |
✓✓✓✓ ✓✓ |
3060 |
yyerrlab: |
4547 |
1481 |
++yynerrs; |
|
4548 |
yyinrecovery: |
||
4549 |
if (yyerrflag < 3) |
||
4550 |
{ |
||
4551 |
yyerrflag = 3; |
||
4552 |
for (;;) |
||
4553 |
{ |
||
4554 |
✗✓✗✗ |
84 |
if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && |
4555 |
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) |
||
4556 |
{ |
||
4557 |
#if YYDEBUG |
||
4558 |
84 |
if (yydebug) |
|
4559 |
84 |
printf("%sdebug: state %d, error recovery shifting\ |
|
4560 |
84 |
to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); |
|
4561 |
#endif |
||
4562 |
if (yyssp >= yysslim && yygrowstack()) |
||
4563 |
{ |
||
4564 |
goto yyoverflow; |
||
4565 |
} |
||
4566 |
*++yyssp = yystate = yytable[yyn]; |
||
4567 |
*++yyvsp = yylval; |
||
4568 |
goto yyloop; |
||
4569 |
✓✗ | 754 |
} |
4570 |
754 |
else |
|
4571 |
754 |
{ |
|
4572 |
#if YYDEBUG |
||
4573 |
if (yydebug) |
||
4574 |
printf("%sdebug: error recovery discarding state %d\n", |
||
4575 |
YYPREFIX, *yyssp); |
||
4576 |
#endif |
||
4577 |
✓✓ | 47 |
if (yyssp <= yyss) goto yyabort; |
4578 |
--yyssp; |
||
4579 |
--yyvsp; |
||
4580 |
} |
||
4581 |
} |
||
4582 |
} |
||
4583 |
else |
||
4584 |
{ |
||
4585 |
if (yychar == 0) goto yyabort; |
||
4586 |
#if YYDEBUG |
||
4587 |
if (yydebug) |
||
4588 |
45 |
{ |
|
4589 |
45 |
yys = 0; |
|
4590 |
if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; |
||
4591 |
if (!yys) yys = "illegal-symbol"; |
||
4592 |
printf("%sdebug: state %d, error recovery discards token %d (%s)\n", |
||
4593 |
YYPREFIX, yystate, yychar, yys); |
||
4594 |
} |
||
4595 |
#endif |
||
4596 |
yychar = (-1); |
||
4597 |
82740 |
goto yyloop; |
|
4598 |
✓✓ | 82740 |
} |
4599 |
60359 |
yyreduce: |
|
4600 |
#if YYDEBUG |
||
4601 |
22381 |
if (yydebug) |
|
4602 |
✓✓✗✓ ✓✓✓✗ ✓✓✓✓ ✗✗✗✗ ✗✗✓✗ ✗✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✗ ✗✗✓✓ ✓✓✓✓ ✗✓✓✓ ✓✓✗✓ ✗✓✓✓ ✗✓✓✓ ✓✓✓✓ ✓✓✓✓ ✗✗✗✗ ✓✗✓✗ ✓✓✓✓ ✓✓✓✓ ✗✓✓✓ ✓✓✗✓ ✓✓✓✓ ✓✗✓✓ ✓✗✓✓ ✓✓✓✗ ✗✓✓✓ ✓✓✓✓ ✓✗✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✗ ✓✓✓✓ ✓✓✓✓ ✓✓✗✓ ✗✓✓✓ ✓✓✓✓ ✓✗✗✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✗✗✗ ✗✗✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✗✗✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✗✗ ✗✓✓✗ ✓✓✓✗ ✗✗✓✓ ✗✓✓✓ ✓✓✓✓ ✗✓✗✗ ✗✗✗✓ ✓✓✓✓ ✓✓✓✓ ✓✓✗✓ ✓✓✗✗ ✓✓✓✓ ✗✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✗ ✗✗✓✓ ✓✗✗✓ ✓✓✓✓ ✓✓✗✓ ✓✓✓✓ ✓✓✓✗ ✓✓✓✓ ✓✗✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓✓✓ ✓✓ |
152833 |
printf("%sdebug: state %d, reducing by rule %d (%s)\n", |
4603 |
YYPREFIX, yystate, yyn, yyrule[yyn]); |
||
4604 |
#endif |
||
4605 |
yym = yylen[yyn]; |
||
4606 |
if (yym) |
||
4607 |
yyval = yyvsp[1-yym]; |
||
4608 |
else |
||
4609 |
memset(&yyval, 0, sizeof yyval); |
||
4610 |
switch (yyn) |
||
4611 |
{ |
||
4612 |
case 13: |
||
4613 |
#line 539 "parse.y" |
||
4614 |
{ file->errors++; } |
||
4615 |
break; |
||
4616 |
case 14: |
||
4617 |
#line 542 "parse.y" |
||
4618 |
{ |
||
4619 |
struct file *nfile; |
||
4620 |
|||
4621 |
if ((nfile = pushfile(yyvsp[0].v.string, 0)) == NULL) { |
||
4622 |
yyerror("failed to include file %s", yyvsp[0].v.string); |
||
4623 |
free(yyvsp[0].v.string); |
||
4624 |
YYERROR; |
||
4625 |
} |
||
4626 |
free(yyvsp[0].v.string); |
||
4627 |
|||
4628 |
file = nfile; |
||
4629 |
lungetc('\n'); |
||
4630 |
} |
||
4631 |
break; |
||
4632 |
case 19: |
||
4633 |
#line 567 "parse.y" |
||
4634 |
{ |
||
4635 |
if (!strcmp(yyvsp[0].v.string, "none")) |
||
4636 |
yyval.v.i = 0; |
||
4637 |
else if (!strcmp(yyvsp[0].v.string, "basic")) |
||
4638 |
yyval.v.i = PF_OPTIMIZE_BASIC; |
||
4639 |
else if (!strcmp(yyvsp[0].v.string, "profile")) |
||
4640 |
yyval.v.i = PF_OPTIMIZE_BASIC | PF_OPTIMIZE_PROFILE; |
||
4641 |
else { |
||
4642 |
yyerror("unknown ruleset-optimization %s", yyvsp[0].v.string); |
||
4643 |
YYERROR; |
||
4644 |
} |
||
4645 |
} |
||
4646 |
break; |
||
4647 |
case 20: |
||
4648 |
#line 581 "parse.y" |
||
4649 |
{ yyval.v.number = 0; } |
||
4650 |
break; |
||
4651 |
case 21: |
||
4652 |
#line 582 "parse.y" |
||
4653 |
{ yyval.v.number = 1; } |
||
4654 |
break; |
||
4655 |
case 22: |
||
4656 |
#line 585 "parse.y" |
||
4657 |
{ |
||
4658 |
pfctl_set_reassembly(pf, yyvsp[-1].v.number, yyvsp[0].v.number); |
||
4659 |
} |
||
4660 |
break; |
||
4661 |
case 23: |
||
4662 |
#line 588 "parse.y" |
||
4663 |
{ |
||
4664 |
if (pfctl_set_optimization(pf, yyvsp[0].v.string) != 0) { |
||
4665 |
yyerror("unknown optimization %s", yyvsp[0].v.string); |
||
4666 |
free(yyvsp[0].v.string); |
||
4667 |
YYERROR; |
||
4668 |
} |
||
4669 |
free(yyvsp[0].v.string); |
||
4670 |
} |
||
4671 |
break; |
||
4672 |
case 24: |
||
4673 |
#line 596 "parse.y" |
||
4674 |
{ |
||
4675 |
if (!(pf->opts & PF_OPT_OPTIMIZE)) { |
||
4676 |
pf->opts |= PF_OPT_OPTIMIZE; |
||
4677 |
pf->optimize = yyvsp[0].v.i; |
||
4678 |
} |
||
4679 |
} |
||
4680 |
break; |
||
4681 |
case 29: |
||
4682 |
#line 606 "parse.y" |
||
4683 |
{ |
||
4684 |
if (pfctl_set_logif(pf, yyvsp[0].v.string) != 0) { |
||
4685 |
yyerror("error setting loginterface %s", yyvsp[0].v.string); |
||
4686 |
free(yyvsp[0].v.string); |
||
4687 |
YYERROR; |
||
4688 |
} |
||
4689 |
free(yyvsp[0].v.string); |
||
4690 |
} |
||
4691 |
break; |
||
4692 |
case 30: |
||
4693 |
#line 614 "parse.y" |
||
4694 |
{ |
||
4695 |
if (yyvsp[0].v.number == 0 || yyvsp[0].v.number > UINT_MAX) { |
||
4696 |
yyerror("hostid must be non-zero"); |
||
4697 |
YYERROR; |
||
4698 |
} |
||
4699 |
pfctl_set_hostid(pf, yyvsp[0].v.number); |
||
4700 |
} |
||
4701 |
break; |
||
4702 |
case 31: |
||
4703 |
#line 621 "parse.y" |
||
4704 |
{ |
||
4705 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4706 |
printf("set block-policy drop\n"); |
||
4707 |
blockpolicy = PFRULE_DROP; |
||
4708 |
} |
||
4709 |
break; |
||
4710 |
case 32: |
||
4711 |
#line 626 "parse.y" |
||
4712 |
{ |
||
4713 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4714 |
printf("set block-policy return\n"); |
||
4715 |
blockpolicy = PFRULE_RETURN; |
||
4716 |
} |
||
4717 |
break; |
||
4718 |
case 33: |
||
4719 |
#line 631 "parse.y" |
||
4720 |
{ |
||
4721 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4722 |
printf("set fingerprints \"%s\"\n", yyvsp[0].v.string); |
||
4723 |
if (!pf->anchor->name[0]) { |
||
4724 |
if (pfctl_file_fingerprints(pf->dev, |
||
4725 |
pf->opts, yyvsp[0].v.string)) { |
||
4726 |
yyerror("error loading " |
||
4727 |
"fingerprints %s", yyvsp[0].v.string); |
||
4728 |
free(yyvsp[0].v.string); |
||
4729 |
YYERROR; |
||
4730 |
} |
||
4731 |
} |
||
4732 |
free(yyvsp[0].v.string); |
||
4733 |
} |
||
4734 |
break; |
||
4735 |
case 34: |
||
4736 |
#line 645 "parse.y" |
||
4737 |
{ |
||
4738 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4739 |
switch (yyvsp[0].v.i) { |
||
4740 |
case 0: |
||
4741 |
printf("set state-policy floating\n"); |
||
4742 |
break; |
||
4743 |
case PFRULE_IFBOUND: |
||
4744 |
printf("set state-policy if-bound\n"); |
||
4745 |
break; |
||
4746 |
} |
||
4747 |
default_statelock = yyvsp[0].v.i; |
||
4748 |
} |
||
4749 |
break; |
||
4750 |
case 35: |
||
4751 |
#line 657 "parse.y" |
||
4752 |
{ |
||
4753 |
if (pfctl_set_debug(pf, yyvsp[0].v.string) != 0) { |
||
4754 |
yyerror("error setting debuglevel %s", yyvsp[0].v.string); |
||
4755 |
free(yyvsp[0].v.string); |
||
4756 |
YYERROR; |
||
4757 |
} |
||
4758 |
free(yyvsp[0].v.string); |
||
4759 |
} |
||
4760 |
break; |
||
4761 |
case 36: |
||
4762 |
#line 665 "parse.y" |
||
4763 |
{ |
||
4764 |
if (pfctl_set_debug(pf, "debug") != 0) { |
||
4765 |
yyerror("error setting debuglevel %s", "debug"); |
||
4766 |
YYERROR; |
||
4767 |
} |
||
4768 |
} |
||
4769 |
break; |
||
4770 |
case 37: |
||
4771 |
#line 671 "parse.y" |
||
4772 |
{ |
||
4773 |
if (expand_skip_interface(yyvsp[0].v.interface) != 0) { |
||
4774 |
yyerror("error setting skip interface(s)"); |
||
4775 |
YYERROR; |
||
4776 |
} |
||
4777 |
} |
||
4778 |
break; |
||
4779 |
case 38: |
||
4780 |
#line 677 "parse.y" |
||
4781 |
{ |
||
4782 |
if (keep_state_defaults != NULL) { |
||
4783 |
yyerror("cannot redefine state-defaults"); |
||
4784 |
YYERROR; |
||
4785 |
} |
||
4786 |
keep_state_defaults = yyvsp[0].v.state_opt; |
||
4787 |
} |
||
4788 |
break; |
||
4789 |
case 39: |
||
4790 |
#line 686 "parse.y" |
||
4791 |
{ yyval.v.string = yyvsp[0].v.string; } |
||
4792 |
break; |
||
4793 |
case 40: |
||
4794 |
#line 687 "parse.y" |
||
4795 |
{ |
||
4796 |
if ((yyval.v.string = strdup("all")) == NULL) { |
||
4797 |
err(1, "stringall: strdup"); |
||
4798 |
} |
||
4799 |
} |
||
4800 |
break; |
||
4801 |
case 41: |
||
4802 |
#line 694 "parse.y" |
||
4803 |
{ |
||
4804 |
if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1) |
||
4805 |
err(1, "string: asprintf"); |
||
4806 |
free(yyvsp[-1].v.string); |
||
4807 |
free(yyvsp[0].v.string); |
||
4808 |
} |
||
4809 |
break; |
||
4810 |
case 43: |
||
4811 |
#line 703 "parse.y" |
||
4812 |
{ |
||
4813 |
if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1) |
||
4814 |
err(1, "string: asprintf"); |
||
4815 |
free(yyvsp[-1].v.string); |
||
4816 |
free(yyvsp[0].v.string); |
||
4817 |
} |
||
4818 |
break; |
||
4819 |
case 45: |
||
4820 |
#line 712 "parse.y" |
||
4821 |
{ |
||
4822 |
char *s; |
||
4823 |
if (asprintf(&s, "%lld", yyvsp[0].v.number) == -1) { |
||
4824 |
yyerror("string: asprintf"); |
||
4825 |
YYERROR; |
||
4826 |
} |
||
4827 |
yyval.v.string = s; |
||
4828 |
} |
||
4829 |
break; |
||
4830 |
case 47: |
||
4831 |
#line 723 "parse.y" |
||
4832 |
{ |
||
4833 |
char *s = yyvsp[-2].v.string; |
||
4834 |
if (pf->opts & PF_OPT_VERBOSE) |
||
4835 |
printf("%s = \"%s\"\n", yyvsp[-2].v.string, yyvsp[0].v.string); |
||
4836 |
while (*s++) { |
||
4837 |
if (isspace((unsigned char)*s)) { |
||
4838 |
yyerror("macro name cannot contain " |
||
4839 |
"whitespace"); |
||
4840 |
YYERROR; |
||
4841 |
} |
||
4842 |
} |
||
4843 |
if (symset(yyvsp[-2].v.string, yyvsp[0].v.string, 0) == -1) |
||
4844 |
err(1, "cannot store variable %s", yyvsp[-2].v.string); |
||
4845 |
free(yyvsp[-2].v.string); |
||
4846 |
free(yyvsp[0].v.string); |
||
4847 |
} |
||
4848 |
break; |
||
4849 |
case 48: |
||
4850 |
#line 741 "parse.y" |
||
4851 |
{ yyval.v.string = yyvsp[0].v.string; } |
||
4852 |
break; |
||
4853 |
case 49: |
||
4854 |
#line 742 "parse.y" |
||
4855 |
{ yyval.v.string = NULL; } |
||
4856 |
break; |
||
4857 |
case 55: |
||
4858 |
#line 753 "parse.y" |
||
4859 |
{ |
||
4860 |
char ta[PF_ANCHOR_NAME_SIZE]; |
||
4861 |
struct pf_ruleset *rs; |
||
4862 |
|||
4863 |
/* steping into a brace anchor */ |
||
4864 |
pf->asd++; |
||
4865 |
pf->bn++; |
||
4866 |
pf->brace = 1; |
||
4867 |
|||
4868 |
/* |
||
4869 |
* Anchor contents are parsed before the anchor rule |
||
4870 |
* production completes, so we don't know the real |
||
4871 |
* location yet. Create a holding ruleset in the root; |
||
4872 |
* contents will be moved afterwards. |
||
4873 |
*/ |
||
4874 |
snprintf(ta, PF_ANCHOR_NAME_SIZE, "_%d", pf->bn); |
||
4875 |
rs = pf_find_or_create_ruleset(ta); |
||
4876 |
if (rs == NULL) |
||
4877 |
err(1, "pfa_anchor: pf_find_or_create_ruleset"); |
||
4878 |
pf->astack[pf->asd] = rs->anchor; |
||
4879 |
pf->anchor = rs->anchor; |
||
4880 |
} |
||
4881 |
break; |
||
4882 |
case 56: |
||
4883 |
#line 775 "parse.y" |
||
4884 |
{ |
||
4885 |
pf->alast = pf->anchor; |
||
4886 |
pf->asd--; |
||
4887 |
pf->anchor = pf->astack[pf->asd]; |
||
4888 |
} |
||
4889 |
break; |
||
4890 |
case 58: |
||
4891 |
#line 785 "parse.y" |
||
4892 |
{ |
||
4893 |
struct pf_rule r; |
||
4894 |
struct node_proto *proto; |
||
4895 |
|||
4896 |
if (yyvsp[-8].v.string && (yyvsp[-8].v.string[0] == '_' || strstr(yyvsp[-8].v.string, "/_") != NULL)) { |
||
4897 |
free(yyvsp[-8].v.string); |
||
4898 |
yyerror("anchor names beginning with '_' " |
||
4899 |
"are reserved for internal use"); |
||
4900 |
YYERROR; |
||
4901 |
} |
||
4902 |
|||
4903 |
memset(&r, 0, sizeof(r)); |
||
4904 |
if (pf->astack[pf->asd + 1]) { |
||
4905 |
if (yyvsp[-8].v.string && strchr(yyvsp[-8].v.string, '/') != NULL) { |
||
4906 |
free(yyvsp[-8].v.string); |
||
4907 |
yyerror("anchor paths containing '/' " |
||
4908 |
"cannot be used for inline anchors."); |
||
4909 |
YYERROR; |
||
4910 |
} |
||
4911 |
|||
4912 |
/* Move inline rules into relative location. */ |
||
4913 |
pf_anchor_setup(&r, |
||
4914 |
&pf->astack[pf->asd]->ruleset, |
||
4915 |
yyvsp[-8].v.string ? yyvsp[-8].v.string : pf->alast->name); |
||
4916 |
|||
4917 |
if (r.anchor == NULL) |
||
4918 |
err(1, "anchorrule: unable to " |
||
4919 |
"create ruleset"); |
||
4920 |
|||
4921 |
if (pf->alast != r.anchor) { |
||
4922 |
if (r.anchor->match) { |
||
4923 |
yyerror("inline anchor '%s' " |
||
4924 |
"already exists", |
||
4925 |
r.anchor->name); |
||
4926 |
YYERROR; |
||
4927 |
} |
||
4928 |
mv_rules(&pf->alast->ruleset, |
||
4929 |
&r.anchor->ruleset); |
||
4930 |
} |
||
4931 |
pf_remove_if_empty_ruleset(&pf->alast->ruleset); |
||
4932 |
pf->alast = r.anchor; |
||
4933 |
} else { |
||
4934 |
if (!yyvsp[-8].v.string) { |
||
4935 |
yyerror("anchors without explicit " |
||
4936 |
"rules must specify a name"); |
||
4937 |
YYERROR; |
||
4938 |
} |
||
4939 |
} |
||
4940 |
r.direction = yyvsp[-7].v.i; |
||
4941 |
r.quick = yyvsp[-6].v.logquick.quick; |
||
4942 |
r.af = yyvsp[-4].v.i; |
||
4943 |
r.prob = yyvsp[-1].v.filter_opts.prob; |
||
4944 |
r.rtableid = yyvsp[-1].v.filter_opts.rtableid; |
||
4945 |
|||
4946 |
if (yyvsp[-1].v.filter_opts.tag) |
||
4947 |
if (strlcpy(r.tagname, yyvsp[-1].v.filter_opts.tag, |
||
4948 |
PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) { |
||
4949 |
yyerror("tag too long, max %u chars", |
||
4950 |
PF_TAG_NAME_SIZE - 1); |
||
4951 |
YYERROR; |
||
4952 |
} |
||
4953 |
if (yyvsp[-1].v.filter_opts.match_tag) |
||
4954 |
if (strlcpy(r.match_tagname, yyvsp[-1].v.filter_opts.match_tag, |
||
4955 |
PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) { |
||
4956 |
yyerror("tag too long, max %u chars", |
||
4957 |
PF_TAG_NAME_SIZE - 1); |
||
4958 |
YYERROR; |
||
4959 |
} |
||
4960 |
r.match_tag_not = yyvsp[-1].v.filter_opts.match_tag_not; |
||
4961 |
if (rule_label(&r, yyvsp[-1].v.filter_opts.label)) |
||
4962 |
YYERROR; |
||
4963 |
free(yyvsp[-1].v.filter_opts.label); |
||
4964 |
r.flags = yyvsp[-1].v.filter_opts.flags.b1; |
||
4965 |
r.flagset = yyvsp[-1].v.filter_opts.flags.b2; |
||
4966 |
if ((yyvsp[-1].v.filter_opts.flags.b1 & yyvsp[-1].v.filter_opts.flags.b2) != yyvsp[-1].v.filter_opts.flags.b1) { |
||
4967 |
yyerror("flags always false"); |
||
4968 |
YYERROR; |
||
4969 |
} |
||
4970 |
if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2 || yyvsp[-2].v.fromto.src_os) { |
||
4971 |
for (proto = yyvsp[-3].v.proto; proto != NULL && |
||
4972 |
proto->proto != IPPROTO_TCP; |
||
4973 |
proto = proto->next) |
||
4974 |
; /* nothing */ |
||
4975 |
if (proto == NULL && yyvsp[-3].v.proto != NULL) { |
||
4976 |
if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2) |
||
4977 |
yyerror( |
||
4978 |
"flags only apply to tcp"); |
||
4979 |
if (yyvsp[-2].v.fromto.src_os) |
||
4980 |
yyerror( |
||
4981 |
"OS fingerprinting only " |
||
4982 |
"applies to tcp"); |
||
4983 |
YYERROR; |
||
4984 |
} |
||
4985 |
} |
||
4986 |
|||
4987 |
r.tos = yyvsp[-1].v.filter_opts.tos; |
||
4988 |
|||
4989 |
if (yyvsp[-1].v.filter_opts.keep.action) { |
||
4990 |
yyerror("cannot specify state handling " |
||
4991 |
"on anchors"); |
||
4992 |
YYERROR; |
||
4993 |
} |
||
4994 |
|||
4995 |
if (yyvsp[-1].v.filter_opts.route.rt) { |
||
4996 |
yyerror("cannot specify route handling " |
||
4997 |
"on anchors"); |
||
4998 |
YYERROR; |
||
4999 |
} |
||
5000 |
|||
5001 |
if (yyvsp[-1].v.filter_opts.marker & FOM_ONCE) { |
||
5002 |
yyerror("cannot specify 'once' " |
||
5003 |
"on anchors"); |
||
5004 |
YYERROR; |
||
5005 |
} |
||
5006 |
|||
5007 |
if (yyvsp[-1].v.filter_opts.match_tag) |
||
5008 |
if (strlcpy(r.match_tagname, yyvsp[-1].v.filter_opts.match_tag, |
||
5009 |
PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) { |
||
5010 |
yyerror("tag too long, max %u chars", |
||
5011 |
PF_TAG_NAME_SIZE - 1); |
||
5012 |
YYERROR; |
||
5013 |
} |
||
5014 |
r.match_tag_not = yyvsp[-1].v.filter_opts.match_tag_not; |
||
5015 |
if (yyvsp[-1].v.filter_opts.marker & FOM_PRIO) { |
||
5016 |
if (yyvsp[-1].v.filter_opts.prio == 0) |
||
5017 |
r.prio = PF_PRIO_ZERO; |
||
5018 |
else |
||
5019 |
r.prio = yyvsp[-1].v.filter_opts.prio; |
||
5020 |
} |
||
5021 |
if (yyvsp[-1].v.filter_opts.marker & FOM_SETPRIO) { |
||
5022 |
r.set_prio[0] = yyvsp[-1].v.filter_opts.set_prio[0]; |
||
5023 |
r.set_prio[1] = yyvsp[-1].v.filter_opts.set_prio[1]; |
||
5024 |
r.scrub_flags |= PFSTATE_SETPRIO; |
||
5025 |
} |
||
5026 |
|||
5027 |
decide_address_family(yyvsp[-2].v.fromto.src.host, &r.af); |
||
5028 |
decide_address_family(yyvsp[-2].v.fromto.dst.host, &r.af); |
||
5029 |
|||
5030 |
expand_rule(&r, 0, yyvsp[-5].v.interface, NULL, NULL, NULL, yyvsp[-3].v.proto, yyvsp[-2].v.fromto.src_os, |
||
5031 |
yyvsp[-2].v.fromto.src.host, yyvsp[-2].v.fromto.src.port, yyvsp[-2].v.fromto.dst.host, yyvsp[-2].v.fromto.dst.port, |
||
5032 |
yyvsp[-1].v.filter_opts.uid, yyvsp[-1].v.filter_opts.gid, yyvsp[-1].v.filter_opts.rcv, yyvsp[-1].v.filter_opts.icmpspec, |
||
5033 |
pf->astack[pf->asd + 1] ? pf->alast->name : yyvsp[-8].v.string); |
||
5034 |
free(yyvsp[-8].v.string); |
||
5035 |
pf->astack[pf->asd + 1] = NULL; |
||
5036 |
} |
||
5037 |
break; |
||
5038 |
case 59: |
||
5039 |
#line 932 "parse.y" |
||
5040 |
{ |
||
5041 |
struct loadanchors *loadanchor; |
||
5042 |
|||
5043 |
if (strlen(pf->anchor->name) + 1 + |
||
5044 |
strlen(yyvsp[-2].v.string) >= PATH_MAX) { |
||
5045 |
yyerror("anchorname %s too long, max %u\n", |
||
5046 |
yyvsp[-2].v.string, PATH_MAX - 1); |
||
5047 |
free(yyvsp[-2].v.string); |
||
5048 |
YYERROR; |
||
5049 |
} |
||
5050 |
loadanchor = calloc(1, sizeof(struct loadanchors)); |
||
5051 |
if (loadanchor == NULL) |
||
5052 |
err(1, "loadrule: calloc"); |
||
5053 |
if ((loadanchor->anchorname = malloc(PATH_MAX)) == |
||
5054 |
NULL) |
||
5055 |
err(1, "loadrule: malloc"); |
||
5056 |
if (pf->anchor->name[0]) |
||
5057 |
snprintf(loadanchor->anchorname, PATH_MAX, |
||
5058 |
"%s/%s", pf->anchor->name, yyvsp[-2].v.string); |
||
5059 |
else |
||
5060 |
strlcpy(loadanchor->anchorname, yyvsp[-2].v.string, PATH_MAX); |
||
5061 |
if ((loadanchor->filename = strdup(yyvsp[0].v.string)) == NULL) |
||
5062 |
err(1, "loadrule: strdup"); |
||
5063 |
|||
5064 |
TAILQ_INSERT_TAIL(&loadanchorshead, loadanchor, |
||
5065 |
entries); |
||
5066 |
|||
5067 |
free(yyvsp[-2].v.string); |
||
5068 |
free(yyvsp[0].v.string); |
||
5069 |
} |
||
5070 |
break; |
||
5071 |
case 60: |
||
5072 |
#line 963 "parse.y" |
||
5073 |
{ |
||
5074 |
bzero(&scrub_opts, sizeof scrub_opts); |
||
5075 |
} |
||
5076 |
break; |
||
5077 |
case 61: |
||
5078 |
#line 967 "parse.y" |
||
5079 |
{ yyval.v.scrub_opts = scrub_opts; } |
||
5080 |
break; |
||
5081 |
case 64: |
||
5082 |
#line 974 "parse.y" |
||
5083 |
{ |
||
5084 |
if (scrub_opts.nodf) { |
||
5085 |
yyerror("no-df cannot be respecified"); |
||
5086 |
YYERROR; |
||
5087 |
} |
||
5088 |
scrub_opts.nodf = 1; |
||
5089 |
} |
||
5090 |
break; |
||
5091 |
case 65: |
||
5092 |
#line 981 "parse.y" |
||
5093 |
{ |
||
5094 |
if (scrub_opts.marker & FOM_MINTTL) { |
||
5095 |
yyerror("min-ttl cannot be respecified"); |
||
5096 |
YYERROR; |
||
5097 |
} |
||
5098 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
5099 |
yyerror("illegal min-ttl value %d", yyvsp[0].v.number); |
||
5100 |
YYERROR; |
||
5101 |
} |
||
5102 |
scrub_opts.marker |= FOM_MINTTL; |
||
5103 |
scrub_opts.minttl = yyvsp[0].v.number; |
||
5104 |
} |
||
5105 |
break; |
||
5106 |
case 66: |
||
5107 |
#line 993 "parse.y" |
||
5108 |
{ |
||
5109 |
if (scrub_opts.marker & FOM_MAXMSS) { |
||
5110 |
yyerror("max-mss cannot be respecified"); |
||
5111 |
YYERROR; |
||
5112 |
} |
||
5113 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) { |
||
5114 |
yyerror("illegal max-mss value %d", yyvsp[0].v.number); |
||
5115 |
YYERROR; |
||
5116 |
} |
||
5117 |
scrub_opts.marker |= FOM_MAXMSS; |
||
5118 |
scrub_opts.maxmss = yyvsp[0].v.number; |
||
5119 |
} |
||
5120 |
break; |
||
5121 |
case 67: |
||
5122 |
#line 1005 "parse.y" |
||
5123 |
{ |
||
5124 |
if (strcasecmp(yyvsp[0].v.string, "tcp") != 0) { |
||
5125 |
yyerror("scrub reassemble supports only tcp, " |
||
5126 |
"not '%s'", yyvsp[0].v.string); |
||
5127 |
free(yyvsp[0].v.string); |
||
5128 |
YYERROR; |
||
5129 |
} |
||
5130 |
free(yyvsp[0].v.string); |
||
5131 |
if (scrub_opts.reassemble_tcp) { |
||
5132 |
yyerror("reassemble tcp cannot be respecified"); |
||
5133 |
YYERROR; |
||
5134 |
} |
||
5135 |
scrub_opts.reassemble_tcp = 1; |
||
5136 |
} |
||
5137 |
break; |
||
5138 |
case 68: |
||
5139 |
#line 1019 "parse.y" |
||
5140 |
{ |
||
5141 |
if (scrub_opts.randomid) { |
||
5142 |
yyerror("random-id cannot be respecified"); |
||
5143 |
YYERROR; |
||
5144 |
} |
||
5145 |
scrub_opts.randomid = 1; |
||
5146 |
} |
||
5147 |
break; |
||
5148 |
case 69: |
||
5149 |
#line 1028 "parse.y" |
||
5150 |
{ |
||
5151 |
struct pf_rule r; |
||
5152 |
struct node_host *h = NULL, *hh; |
||
5153 |
struct node_if *i, *j; |
||
5154 |
|||
5155 |
for (i = yyvsp[-2].v.interface; i; i = i->next) { |
||
5156 |
bzero(&r, sizeof(r)); |
||
5157 |
|||
5158 |
r.action = PF_DROP; |
||
5159 |
r.direction = PF_IN; |
||
5160 |
r.log = yyvsp[-3].v.logquick.log; |
||
5161 |
r.logif = yyvsp[-3].v.logquick.logif; |
||
5162 |
r.quick = yyvsp[-3].v.logquick.quick; |
||
5163 |
r.af = yyvsp[-1].v.i; |
||
5164 |
if (rule_label(&r, yyvsp[0].v.antispoof_opts.label)) |
||
5165 |
YYERROR; |
||
5166 |
r.rtableid = yyvsp[0].v.antispoof_opts.rtableid; |
||
5167 |
j = calloc(1, sizeof(struct node_if)); |
||
5168 |
if (j == NULL) |
||
5169 |
err(1, "antispoof: calloc"); |
||
5170 |
if (strlcpy(j->ifname, i->ifname, |
||
5171 |
sizeof(j->ifname)) >= sizeof(j->ifname)) { |
||
5172 |
free(j); |
||
5173 |
yyerror("interface name too long"); |
||
5174 |
YYERROR; |
||
5175 |
} |
||
5176 |
j->not = 1; |
||
5177 |
if (i->dynamic) { |
||
5178 |
h = calloc(1, sizeof(*h)); |
||
5179 |
if (h == NULL) |
||
5180 |
err(1, "address: calloc"); |
||
5181 |
h->addr.type = PF_ADDR_DYNIFTL; |
||
5182 |
set_ipmask(h, 128); |
||
5183 |
if (strlcpy(h->addr.v.ifname, i->ifname, |
||
5184 |
sizeof(h->addr.v.ifname)) >= |
||
5185 |
sizeof(h->addr.v.ifname)) { |
||
5186 |
free(h); |
||
5187 |
yyerror( |
||
5188 |
"interface name too long"); |
||
5189 |
YYERROR; |
||
5190 |
} |
||
5191 |
hh = malloc(sizeof(*hh)); |
||
5192 |
if (hh == NULL) |
||
5193 |
err(1, "address: malloc"); |
||
5194 |
bcopy(h, hh, sizeof(*hh)); |
||
5195 |
h->addr.iflags = PFI_AFLAG_NETWORK; |
||
5196 |
} else { |
||
5197 |
h = ifa_lookup(j->ifname, |
||
5198 |
PFI_AFLAG_NETWORK); |
||
5199 |
hh = NULL; |
||
5200 |
} |
||
5201 |
|||
5202 |
if (h != NULL) |
||
5203 |
expand_rule(&r, 0, j, NULL, NULL, NULL, |
||
5204 |
NULL, NULL, h, NULL, NULL, NULL, |
||
5205 |
NULL, NULL, NULL, NULL, ""); |
||
5206 |
|||
5207 |
if ((i->ifa_flags & IFF_LOOPBACK) == 0) { |
||
5208 |
bzero(&r, sizeof(r)); |
||
5209 |
|||
5210 |
r.action = PF_DROP; |
||
5211 |
r.direction = PF_IN; |
||
5212 |
r.log = yyvsp[-3].v.logquick.log; |
||
5213 |
r.logif = yyvsp[-3].v.logquick.logif; |
||
5214 |
r.quick = yyvsp[-3].v.logquick.quick; |
||
5215 |
r.af = yyvsp[-1].v.i; |
||
5216 |
if (rule_label(&r, yyvsp[0].v.antispoof_opts.label)) |
||
5217 |
YYERROR; |
||
5218 |
r.rtableid = yyvsp[0].v.antispoof_opts.rtableid; |
||
5219 |
if (hh != NULL) |
||
5220 |
h = hh; |
||
5221 |
else |
||
5222 |
h = ifa_lookup(i->ifname, 0); |
||
5223 |
if (h != NULL) |
||
5224 |
expand_rule(&r, 0, NULL, NULL, |
||
5225 |
NULL, NULL, NULL, NULL, h, |
||
5226 |
NULL, NULL, NULL, NULL, |
||
5227 |
NULL, NULL, NULL, ""); |
||
5228 |
} else |
||
5229 |
free(hh); |
||
5230 |
} |
||
5231 |
free(yyvsp[0].v.antispoof_opts.label); |
||
5232 |
} |
||
5233 |
break; |
||
5234 |
case 70: |
||
5235 |
#line 1113 "parse.y" |
||
5236 |
{ yyval.v.interface = yyvsp[0].v.interface; } |
||
5237 |
break; |
||
5238 |
case 71: |
||
5239 |
#line 1114 "parse.y" |
||
5240 |
{ yyval.v.interface = yyvsp[-1].v.interface; } |
||
5241 |
break; |
||
5242 |
case 72: |
||
5243 |
#line 1117 "parse.y" |
||
5244 |
{ yyval.v.interface = yyvsp[-1].v.interface; } |
||
5245 |
break; |
||
5246 |
case 73: |
||
5247 |
#line 1118 "parse.y" |
||
5248 |
{ |
||
5249 |
yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface; |
||
5250 |
yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface; |
||
5251 |
yyval.v.interface = yyvsp[-3].v.interface; |
||
5252 |
} |
||
5253 |
break; |
||
5254 |
case 74: |
||
5255 |
#line 1125 "parse.y" |
||
5256 |
{ yyval.v.interface = yyvsp[0].v.interface; } |
||
5257 |
break; |
||
5258 |
case 75: |
||
5259 |
#line 1126 "parse.y" |
||
5260 |
{ |
||
5261 |
yyvsp[-1].v.interface->dynamic = 1; |
||
5262 |
yyval.v.interface = yyvsp[-1].v.interface; |
||
5263 |
} |
||
5264 |
break; |
||
5265 |
case 76: |
||
5266 |
#line 1132 "parse.y" |
||
5267 |
{ |
||
5268 |
bzero(&antispoof_opts, sizeof antispoof_opts); |
||
5269 |
antispoof_opts.rtableid = -1; |
||
5270 |
} |
||
5271 |
break; |
||
5272 |
case 77: |
||
5273 |
#line 1137 "parse.y" |
||
5274 |
{ yyval.v.antispoof_opts = antispoof_opts; } |
||
5275 |
break; |
||
5276 |
case 78: |
||
5277 |
#line 1138 "parse.y" |
||
5278 |
{ |
||
5279 |
bzero(&antispoof_opts, sizeof antispoof_opts); |
||
5280 |
antispoof_opts.rtableid = -1; |
||
5281 |
yyval.v.antispoof_opts = antispoof_opts; |
||
5282 |
} |
||
5283 |
break; |
||
5284 |
case 81: |
||
5285 |
#line 1149 "parse.y" |
||
5286 |
{ |
||
5287 |
if (antispoof_opts.label) { |
||
5288 |
yyerror("label cannot be redefined"); |
||
5289 |
YYERROR; |
||
5290 |
} |
||
5291 |
antispoof_opts.label = yyvsp[0].v.string; |
||
5292 |
} |
||
5293 |
break; |
||
5294 |
case 82: |
||
5295 |
#line 1156 "parse.y" |
||
5296 |
{ |
||
5297 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) { |
||
5298 |
yyerror("invalid rtable id"); |
||
5299 |
YYERROR; |
||
5300 |
} |
||
5301 |
antispoof_opts.rtableid = yyvsp[0].v.number; |
||
5302 |
} |
||
5303 |
break; |
||
5304 |
case 83: |
||
5305 |
#line 1165 "parse.y" |
||
5306 |
{ yyval.v.number = 1; } |
||
5307 |
break; |
||
5308 |
case 84: |
||
5309 |
#line 1166 "parse.y" |
||
5310 |
{ yyval.v.number = 0; } |
||
5311 |
break; |
||
5312 |
case 85: |
||
5313 |
#line 1169 "parse.y" |
||
5314 |
{ |
||
5315 |
struct node_host *h, *nh; |
||
5316 |
struct node_tinit *ti, *nti; |
||
5317 |
|||
5318 |
if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE) { |
||
5319 |
yyerror("table name too long, max %d chars", |
||
5320 |
PF_TABLE_NAME_SIZE - 1); |
||
5321 |
free(yyvsp[-2].v.string); |
||
5322 |
YYERROR; |
||
5323 |
} |
||
5324 |
if (process_tabledef(yyvsp[-2].v.string, &yyvsp[0].v.table_opts, pf->opts)) { |
||
5325 |
free(yyvsp[-2].v.string); |
||
5326 |
YYERROR; |
||
5327 |
} |
||
5328 |
free(yyvsp[-2].v.string); |
||
5329 |
for (ti = SIMPLEQ_FIRST(&yyvsp[0].v.table_opts.init_nodes); ti != NULL; |
||
5330 |
ti = nti) { |
||
5331 |
if (ti->file) |
||
5332 |
free(ti->file); |
||
5333 |
for (h = ti->host; h != NULL; h = nh) { |
||
5334 |
nh = h->next; |
||
5335 |
free(h); |
||
5336 |
} |
||
5337 |
nti = SIMPLEQ_NEXT(ti, entries); |
||
5338 |
free(ti); |
||
5339 |
} |
||
5340 |
} |
||
5341 |
break; |
||
5342 |
case 86: |
||
5343 |
#line 1198 "parse.y" |
||
5344 |
{ |
||
5345 |
bzero(&table_opts, sizeof table_opts); |
||
5346 |
SIMPLEQ_INIT(&table_opts.init_nodes); |
||
5347 |
} |
||
5348 |
break; |
||
5349 |
case 87: |
||
5350 |
#line 1203 "parse.y" |
||
5351 |
{ yyval.v.table_opts = table_opts; } |
||
5352 |
break; |
||
5353 |
case 88: |
||
5354 |
#line 1205 "parse.y" |
||
5355 |
{ |
||
5356 |
bzero(&table_opts, sizeof table_opts); |
||
5357 |
SIMPLEQ_INIT(&table_opts.init_nodes); |
||
5358 |
yyval.v.table_opts = table_opts; |
||
5359 |
} |
||
5360 |
break; |
||
5361 |
case 91: |
||
5362 |
#line 1216 "parse.y" |
||
5363 |
{ |
||
5364 |
if (!strcmp(yyvsp[0].v.string, "const")) |
||
5365 |
table_opts.flags |= PFR_TFLAG_CONST; |
||
5366 |
else if (!strcmp(yyvsp[0].v.string, "persist")) |
||
5367 |
table_opts.flags |= PFR_TFLAG_PERSIST; |
||
5368 |
else if (!strcmp(yyvsp[0].v.string, "counters")) |
||
5369 |
table_opts.flags |= PFR_TFLAG_COUNTERS; |
||
5370 |
else { |
||
5371 |
yyerror("invalid table option '%s'", yyvsp[0].v.string); |
||
5372 |
free(yyvsp[0].v.string); |
||
5373 |
YYERROR; |
||
5374 |
} |
||
5375 |
free(yyvsp[0].v.string); |
||
5376 |
} |
||
5377 |
break; |
||
5378 |
case 92: |
||
5379 |
#line 1230 "parse.y" |
||
5380 |
{ table_opts.init_addr = 1; } |
||
5381 |
break; |
||
5382 |
case 93: |
||
5383 |
#line 1231 "parse.y" |
||
5384 |
{ |
||
5385 |
struct node_host *n; |
||
5386 |
struct node_tinit *ti; |
||
5387 |
|||
5388 |
for (n = yyvsp[-1].v.host; n != NULL; n = n->next) { |
||
5389 |
switch (n->addr.type) { |
||
5390 |
case PF_ADDR_ADDRMASK: |
||
5391 |
continue; /* ok */ |
||
5392 |
case PF_ADDR_RANGE: |
||
5393 |
yyerror("address ranges are not " |
||
5394 |
"permitted inside tables"); |
||
5395 |
break; |
||
5396 |
case PF_ADDR_DYNIFTL: |
||
5397 |
yyerror("dynamic addresses are not " |
||
5398 |
"permitted inside tables"); |
||
5399 |
break; |
||
5400 |
case PF_ADDR_TABLE: |
||
5401 |
yyerror("tables cannot contain tables"); |
||
5402 |
break; |
||
5403 |
case PF_ADDR_NOROUTE: |
||
5404 |
yyerror("\"no-route\" is not permitted " |
||
5405 |
"inside tables"); |
||
5406 |
break; |
||
5407 |
case PF_ADDR_URPFFAILED: |
||
5408 |
yyerror("\"urpf-failed\" is not " |
||
5409 |
"permitted inside tables"); |
||
5410 |
break; |
||
5411 |
default: |
||
5412 |
yyerror("unknown address type %d", |
||
5413 |
n->addr.type); |
||
5414 |
} |
||
5415 |
YYERROR; |
||
5416 |
} |
||
5417 |
if (!(ti = calloc(1, sizeof(*ti)))) |
||
5418 |
err(1, "table_opt: calloc"); |
||
5419 |
ti->host = yyvsp[-1].v.host; |
||
5420 |
SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti, |
||
5421 |
entries); |
||
5422 |
table_opts.init_addr = 1; |
||
5423 |
} |
||
5424 |
break; |
||
5425 |
case 94: |
||
5426 |
#line 1271 "parse.y" |
||
5427 |
{ |
||
5428 |
struct node_tinit *ti; |
||
5429 |
|||
5430 |
if (!(ti = calloc(1, sizeof(*ti)))) |
||
5431 |
err(1, "table_opt: calloc"); |
||
5432 |
ti->file = yyvsp[0].v.string; |
||
5433 |
SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti, |
||
5434 |
entries); |
||
5435 |
table_opts.init_addr = 1; |
||
5436 |
} |
||
5437 |
break; |
||
5438 |
case 95: |
||
5439 |
#line 1283 "parse.y" |
||
5440 |
{ |
||
5441 |
if (yyvsp[0].v.weight > 0) { |
||
5442 |
struct node_host *n; |
||
5443 |
for (n = yyvsp[-1].v.host; n != NULL; n = n->next) |
||
5444 |
n->weight = yyvsp[0].v.weight; |
||
5445 |
} |
||
5446 |
yyval.v.host = yyvsp[-1].v.host; |
||
5447 |
} |
||
5448 |
break; |
||
5449 |
case 96: |
||
5450 |
#line 1291 "parse.y" |
||
5451 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
5452 |
break; |
||
5453 |
case 97: |
||
5454 |
#line 1294 "parse.y" |
||
5455 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
5456 |
break; |
||
5457 |
case 98: |
||
5458 |
#line 1295 "parse.y" |
||
5459 |
{ |
||
5460 |
yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host; |
||
5461 |
yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail; |
||
5462 |
yyval.v.host = yyvsp[-3].v.host; |
||
5463 |
} |
||
5464 |
break; |
||
5465 |
case 99: |
||
5466 |
#line 1302 "parse.y" |
||
5467 |
{ |
||
5468 |
if (yyvsp[-1].v.interface == NULL && yyvsp[0].v.queue_opts.parent == NULL) { |
||
5469 |
yyerror("root queue without interface"); |
||
5470 |
YYERROR; |
||
5471 |
} |
||
5472 |
expand_queue(yyvsp[-2].v.string, yyvsp[-1].v.interface, &yyvsp[0].v.queue_opts); |
||
5473 |
} |
||
5474 |
break; |
||
5475 |
case 100: |
||
5476 |
#line 1311 "parse.y" |
||
5477 |
{ |
||
5478 |
bzero(&queue_opts, sizeof queue_opts); |
||
5479 |
} |
||
5480 |
break; |
||
5481 |
case 101: |
||
5482 |
#line 1315 "parse.y" |
||
5483 |
{ yyval.v.queue_opts = queue_opts; } |
||
5484 |
break; |
||
5485 |
case 104: |
||
5486 |
#line 1322 "parse.y" |
||
5487 |
{ |
||
5488 |
if (queue_opts.marker & QOM_BWSPEC) { |
||
5489 |
yyerror("bandwidth cannot be respecified"); |
||
5490 |
YYERROR; |
||
5491 |
} |
||
5492 |
queue_opts.marker |= QOM_BWSPEC; |
||
5493 |
queue_opts.linkshare = yyvsp[-1].v.sc; |
||
5494 |
queue_opts.realtime= yyvsp[0].v.queue_opts.realtime; |
||
5495 |
queue_opts.upperlimit = yyvsp[0].v.queue_opts.upperlimit; |
||
5496 |
} |
||
5497 |
break; |
||
5498 |
case 105: |
||
5499 |
#line 1332 "parse.y" |
||
5500 |
{ |
||
5501 |
if (queue_opts.marker & QOM_PARENT) { |
||
5502 |
yyerror("parent cannot be respecified"); |
||
5503 |
YYERROR; |
||
5504 |
} |
||
5505 |
queue_opts.marker |= QOM_PARENT; |
||
5506 |
queue_opts.parent = yyvsp[0].v.string; |
||
5507 |
} |
||
5508 |
break; |
||
5509 |
case 106: |
||
5510 |
#line 1340 "parse.y" |
||
5511 |
{ |
||
5512 |
if (queue_opts.marker & QOM_DEFAULT) { |
||
5513 |
yyerror("default cannot be respecified"); |
||
5514 |
YYERROR; |
||
5515 |
} |
||
5516 |
queue_opts.marker |= QOM_DEFAULT; |
||
5517 |
queue_opts.flags |= PFQS_DEFAULT; |
||
5518 |
} |
||
5519 |
break; |
||
5520 |
case 107: |
||
5521 |
#line 1348 "parse.y" |
||
5522 |
{ |
||
5523 |
if (queue_opts.marker & QOM_QLIMIT) { |
||
5524 |
yyerror("qlimit cannot be respecified"); |
||
5525 |
YYERROR; |
||
5526 |
} |
||
5527 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) { |
||
5528 |
yyerror("qlimit out of range: max 65535"); |
||
5529 |
YYERROR; |
||
5530 |
} |
||
5531 |
queue_opts.marker |= QOM_QLIMIT; |
||
5532 |
queue_opts.qlimit = yyvsp[0].v.number; |
||
5533 |
} |
||
5534 |
break; |
||
5535 |
case 108: |
||
5536 |
#line 1360 "parse.y" |
||
5537 |
{ |
||
5538 |
if (queue_opts.marker & QOM_FLOWS) { |
||
5539 |
yyerror("number of flows cannot be respecified"); |
||
5540 |
YYERROR; |
||
5541 |
} |
||
5542 |
if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 32767) { |
||
5543 |
yyerror("number of flows out of range: " |
||
5544 |
"max 32767"); |
||
5545 |
YYERROR; |
||
5546 |
} |
||
5547 |
queue_opts.marker |= QOM_FLOWS; |
||
5548 |
queue_opts.flags |= PFQS_FLOWQUEUE; |
||
5549 |
queue_opts.flowqueue.flows = yyvsp[0].v.number; |
||
5550 |
} |
||
5551 |
break; |
||
5552 |
case 109: |
||
5553 |
#line 1374 "parse.y" |
||
5554 |
{ |
||
5555 |
if (queue_opts.marker & QOM_QUANTUM) { |
||
5556 |
yyerror("quantum cannot be respecified"); |
||
5557 |
YYERROR; |
||
5558 |
} |
||
5559 |
if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 65535) { |
||
5560 |
yyerror("quantum out of range: max 65535"); |
||
5561 |
YYERROR; |
||
5562 |
} |
||
5563 |
queue_opts.marker |= QOM_QUANTUM; |
||
5564 |
queue_opts.flowqueue.quantum = yyvsp[0].v.number; |
||
5565 |
} |
||
5566 |
break; |
||
5567 |
case 110: |
||
5568 |
#line 1388 "parse.y" |
||
5569 |
{ |
||
5570 |
|||
5571 |
} |
||
5572 |
break; |
||
5573 |
case 111: |
||
5574 |
#line 1391 "parse.y" |
||
5575 |
{ |
||
5576 |
yyval.v.queue_opts.realtime = yyvsp[0].v.sc; |
||
5577 |
} |
||
5578 |
break; |
||
5579 |
case 112: |
||
5580 |
#line 1394 "parse.y" |
||
5581 |
{ |
||
5582 |
yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc; |
||
5583 |
} |
||
5584 |
break; |
||
5585 |
case 113: |
||
5586 |
#line 1397 "parse.y" |
||
5587 |
{ |
||
5588 |
yyval.v.queue_opts.realtime = yyvsp[-3].v.sc; |
||
5589 |
yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc; |
||
5590 |
} |
||
5591 |
break; |
||
5592 |
case 114: |
||
5593 |
#line 1401 "parse.y" |
||
5594 |
{ |
||
5595 |
yyval.v.queue_opts.realtime = yyvsp[0].v.sc; |
||
5596 |
yyval.v.queue_opts.upperlimit = yyvsp[-3].v.sc; |
||
5597 |
} |
||
5598 |
break; |
||
5599 |
case 115: |
||
5600 |
#line 1407 "parse.y" |
||
5601 |
{ |
||
5602 |
yyval.v.sc.m2 = yyvsp[0].v.queue_bwspec; |
||
5603 |
yyval.v.sc.d = 0; |
||
5604 |
if (yyval.v.sc.m2.bw_percent) { |
||
5605 |
yyerror("no bandwidth in %% yet"); |
||
5606 |
YYERROR; |
||
5607 |
} |
||
5608 |
} |
||
5609 |
break; |
||
5610 |
case 116: |
||
5611 |
#line 1415 "parse.y" |
||
5612 |
{ |
||
5613 |
u_long ul; |
||
5614 |
char *cp; |
||
5615 |
|||
5616 |
ul = strtoul(yyvsp[0].v.string, &cp, 10); |
||
5617 |
if (cp == NULL || strcmp(cp, "ms")) { |
||
5618 |
yyerror("time in scspec must be in ms"); |
||
5619 |
YYERROR; |
||
5620 |
} |
||
5621 |
|||
5622 |
yyval.v.sc.m1 = yyvsp[-2].v.queue_bwspec; |
||
5623 |
yyval.v.sc.d = ul; |
||
5624 |
yyval.v.sc.m2 = yyvsp[-4].v.queue_bwspec; |
||
5625 |
|||
5626 |
if (yyval.v.sc.m1.bw_percent || yyval.v.sc.m2.bw_percent) { |
||
5627 |
yyerror("no bandwidth in %% yet"); |
||
5628 |
YYERROR; |
||
5629 |
} |
||
5630 |
} |
||
5631 |
break; |
||
5632 |
case 117: |
||
5633 |
#line 1436 "parse.y" |
||
5634 |
{ |
||
5635 |
double bps; |
||
5636 |
char *cp; |
||
5637 |
|||
5638 |
yyval.v.queue_bwspec.bw_percent = 0; |
||
5639 |
|||
5640 |
bps = strtod(yyvsp[0].v.string, &cp); |
||
5641 |
if (cp != NULL) { |
||
5642 |
if (strlen(cp) > 1) { |
||
5643 |
char *cu = cp + 1; |
||
5644 |
if (!strcmp(cu, "Bit") || |
||
5645 |
!strcmp(cu, "B") || |
||
5646 |
!strcmp(cu, "bit") || |
||
5647 |
!strcmp(cu, "b")) { |
||
5648 |
*cu = 0; |
||
5649 |
} |
||
5650 |
} |
||
5651 |
if (!strcmp(cp, "b")) |
||
5652 |
; /* nothing */ |
||
5653 |
else if (!strcmp(cp, "K")) |
||
5654 |
bps *= 1000; |
||
5655 |
else if (!strcmp(cp, "M")) |
||
5656 |
bps *= 1000 * 1000; |
||
5657 |
else if (!strcmp(cp, "G")) |
||
5658 |
bps *= 1000 * 1000 * 1000; |
||
5659 |
else if (!strcmp(cp, "%")) { |
||
5660 |
if (bps < 0 || bps > 100) { |
||
5661 |
yyerror("bandwidth spec " |
||
5662 |
"out of range"); |
||
5663 |
free(yyvsp[0].v.string); |
||
5664 |
YYERROR; |
||
5665 |
} |
||
5666 |
yyval.v.queue_bwspec.bw_percent = bps; |
||
5667 |
bps = 0; |
||
5668 |
} else { |
||
5669 |
yyerror("unknown unit \"%s\"", cp); |
||
5670 |
free(yyvsp[0].v.string); |
||
5671 |
YYERROR; |
||
5672 |
} |
||
5673 |
} |
||
5674 |
free(yyvsp[0].v.string); |
||
5675 |
yyval.v.queue_bwspec.bw_absolute = (u_int32_t)bps; |
||
5676 |
} |
||
5677 |
break; |
||
5678 |
case 118: |
||
5679 |
#line 1479 "parse.y" |
||
5680 |
{ |
||
5681 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
5682 |
yyerror("bandwidth number too big"); |
||
5683 |
YYERROR; |
||
5684 |
} |
||
5685 |
yyval.v.queue_bwspec.bw_percent = 0; |
||
5686 |
yyval.v.queue_bwspec.bw_absolute = yyvsp[0].v.number; |
||
5687 |
} |
||
5688 |
break; |
||
5689 |
case 119: |
||
5690 |
#line 1491 "parse.y" |
||
5691 |
{ |
||
5692 |
struct pf_rule r; |
||
5693 |
struct node_state_opt *o; |
||
5694 |
struct node_proto *proto; |
||
5695 |
int srctrack = 0; |
||
5696 |
int statelock = 0; |
||
5697 |
int adaptive = 0; |
||
5698 |
int defaults = 0; |
||
5699 |
|||
5700 |
memset(&r, 0, sizeof(r)); |
||
5701 |
r.action = yyvsp[-7].v.b.b1; |
||
5702 |
switch (yyvsp[-7].v.b.b2) { |
||
5703 |
case PFRULE_RETURNRST: |
||
5704 |
r.rule_flag |= PFRULE_RETURNRST; |
||
5705 |
r.return_ttl = yyvsp[-7].v.b.w; |
||
5706 |
break; |
||
5707 |
case PFRULE_RETURNICMP: |
||
5708 |
r.rule_flag |= PFRULE_RETURNICMP; |
||
5709 |
r.return_icmp = yyvsp[-7].v.b.w; |
||
5710 |
r.return_icmp6 = yyvsp[-7].v.b.w2; |
||
5711 |
break; |
||
5712 |
case PFRULE_RETURN: |
||
5713 |
r.rule_flag |= PFRULE_RETURN; |
||
5714 |
r.return_icmp = yyvsp[-7].v.b.w; |
||
5715 |
r.return_icmp6 = yyvsp[-7].v.b.w2; |
||
5716 |
break; |
||
5717 |
} |
||
5718 |
r.direction = yyvsp[-6].v.i; |
||
5719 |
r.log = yyvsp[-5].v.logquick.log; |
||
5720 |
r.logif = yyvsp[-5].v.logquick.logif; |
||
5721 |
r.quick = yyvsp[-5].v.logquick.quick; |
||
5722 |
r.prob = yyvsp[0].v.filter_opts.prob; |
||
5723 |
r.rtableid = yyvsp[0].v.filter_opts.rtableid; |
||
5724 |
|||
5725 |
if (yyvsp[0].v.filter_opts.nodf) |
||
5726 |
r.scrub_flags |= PFSTATE_NODF; |
||
5727 |
if (yyvsp[0].v.filter_opts.randomid) |
||
5728 |
r.scrub_flags |= PFSTATE_RANDOMID; |
||
5729 |
if (yyvsp[0].v.filter_opts.minttl) |
||
5730 |
r.min_ttl = yyvsp[0].v.filter_opts.minttl; |
||
5731 |
if (yyvsp[0].v.filter_opts.max_mss) |
||
5732 |
r.max_mss = yyvsp[0].v.filter_opts.max_mss; |
||
5733 |
if (yyvsp[0].v.filter_opts.marker & FOM_SETTOS) { |
||
5734 |
r.scrub_flags |= PFSTATE_SETTOS; |
||
5735 |
r.set_tos = yyvsp[0].v.filter_opts.settos; |
||
5736 |
} |
||
5737 |
if (yyvsp[0].v.filter_opts.marker & FOM_SCRUB_TCP) |
||
5738 |
r.scrub_flags |= PFSTATE_SCRUB_TCP; |
||
5739 |
if (yyvsp[0].v.filter_opts.marker & FOM_PRIO) { |
||
5740 |
if (yyvsp[0].v.filter_opts.prio == 0) |
||
5741 |
r.prio = PF_PRIO_ZERO; |
||
5742 |
else |
||
5743 |
r.prio = yyvsp[0].v.filter_opts.prio; |
||
5744 |
} |
||
5745 |
if (yyvsp[0].v.filter_opts.marker & FOM_SETPRIO) { |
||
5746 |
r.set_prio[0] = yyvsp[0].v.filter_opts.set_prio[0]; |
||
5747 |
r.set_prio[1] = yyvsp[0].v.filter_opts.set_prio[1]; |
||
5748 |
r.scrub_flags |= PFSTATE_SETPRIO; |
||
5749 |
} |
||
5750 |
if (yyvsp[0].v.filter_opts.marker & FOM_ONCE) { |
||
5751 |
if (r.action == PF_MATCH) { |
||
5752 |
yyerror("can't specify once for " |
||
5753 |
"match rules"); |
||
5754 |
YYERROR; |
||
5755 |
} |
||
5756 |
r.rule_flag |= PFRULE_ONCE; |
||
5757 |
} |
||
5758 |
if (yyvsp[0].v.filter_opts.marker & FOM_AFTO) |
||
5759 |
r.rule_flag |= PFRULE_AFTO; |
||
5760 |
if ((yyvsp[0].v.filter_opts.marker & FOM_AFTO) && r.direction != PF_IN) { |
||
5761 |
yyerror("af-to can only be used with direction in"); |
||
5762 |
YYERROR; |
||
5763 |
} |
||
5764 |
if ((yyvsp[0].v.filter_opts.marker & FOM_AFTO) && yyvsp[0].v.filter_opts.route.rt) { |
||
5765 |
yyerror("af-to cannot be used together with " |
||
5766 |
"route-to, reply-to, dup-to"); |
||
5767 |
YYERROR; |
||
5768 |
} |
||
5769 |
r.af = yyvsp[-3].v.i; |
||
5770 |
|||
5771 |
if (yyvsp[0].v.filter_opts.tag) |
||
5772 |
if (strlcpy(r.tagname, yyvsp[0].v.filter_opts.tag, |
||
5773 |
PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) { |
||
5774 |
yyerror("tag too long, max %u chars", |
||
5775 |
PF_TAG_NAME_SIZE - 1); |
||
5776 |
YYERROR; |
||
5777 |
} |
||
5778 |
if (yyvsp[0].v.filter_opts.match_tag) |
||
5779 |
if (strlcpy(r.match_tagname, yyvsp[0].v.filter_opts.match_tag, |
||
5780 |
PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) { |
||
5781 |
yyerror("tag too long, max %u chars", |
||
5782 |
PF_TAG_NAME_SIZE - 1); |
||
5783 |
YYERROR; |
||
5784 |
} |
||
5785 |
r.match_tag_not = yyvsp[0].v.filter_opts.match_tag_not; |
||
5786 |
if (rule_label(&r, yyvsp[0].v.filter_opts.label)) |
||
5787 |
YYERROR; |
||
5788 |
free(yyvsp[0].v.filter_opts.label); |
||
5789 |
r.flags = yyvsp[0].v.filter_opts.flags.b1; |
||
5790 |
r.flagset = yyvsp[0].v.filter_opts.flags.b2; |
||
5791 |
if ((yyvsp[0].v.filter_opts.flags.b1 & yyvsp[0].v.filter_opts.flags.b2) != yyvsp[0].v.filter_opts.flags.b1) { |
||
5792 |
yyerror("flags always false"); |
||
5793 |
YYERROR; |
||
5794 |
} |
||
5795 |
if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2 || yyvsp[-1].v.fromto.src_os) { |
||
5796 |
for (proto = yyvsp[-2].v.proto; proto != NULL && |
||
5797 |
proto->proto != IPPROTO_TCP; |
||
5798 |
proto = proto->next) |
||
5799 |
; /* nothing */ |
||
5800 |
if (proto == NULL && yyvsp[-2].v.proto != NULL) { |
||
5801 |
if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2) |
||
5802 |
yyerror( |
||
5803 |
"flags only apply to tcp"); |
||
5804 |
if (yyvsp[-1].v.fromto.src_os) |
||
5805 |
yyerror( |
||
5806 |
"OS fingerprinting only " |
||
5807 |
"apply to tcp"); |
||
5808 |
YYERROR; |
||
5809 |
} |
||
5810 |
#if 0 |
||
5811 |
if ((yyvsp[0].v.filter_opts.flags.b1 & parse_flags("S")) == 0 && |
||
5812 |
yyvsp[-1].v.fromto.src_os) { |
||
5813 |
yyerror("OS fingerprinting requires " |
||
5814 |
"the SYN TCP flag (flags S/SA)"); |
||
5815 |
YYERROR; |
||
5816 |
} |
||
5817 |
#endif |
||
5818 |
} |
||
5819 |
|||
5820 |
r.tos = yyvsp[0].v.filter_opts.tos; |
||
5821 |
r.keep_state = yyvsp[0].v.filter_opts.keep.action; |
||
5822 |
o = yyvsp[0].v.filter_opts.keep.options; |
||
5823 |
|||
5824 |
/* 'keep state' by default on pass rules. */ |
||
5825 |
if (!r.keep_state && !r.action && |
||
5826 |
!(yyvsp[0].v.filter_opts.marker & FOM_KEEP)) { |
||
5827 |
r.keep_state = PF_STATE_NORMAL; |
||
5828 |
o = keep_state_defaults; |
||
5829 |
defaults = 1; |
||
5830 |
} |
||
5831 |
|||
5832 |
while (o) { |
||
5833 |
struct node_state_opt *p = o; |
||
5834 |
|||
5835 |
switch (o->type) { |
||
5836 |
case PF_STATE_OPT_MAX: |
||
5837 |
if (r.max_states) { |
||
5838 |
yyerror("state option 'max' " |
||
5839 |
"multiple definitions"); |
||
5840 |
YYERROR; |
||
5841 |
} |
||
5842 |
r.max_states = o->data.max_states; |
||
5843 |
break; |
||
5844 |
case PF_STATE_OPT_NOSYNC: |
||
5845 |
if (r.rule_flag & PFRULE_NOSYNC) { |
||
5846 |
yyerror("state option 'sync' " |
||
5847 |
"multiple definitions"); |
||
5848 |
YYERROR; |
||
5849 |
} |
||
5850 |
r.rule_flag |= PFRULE_NOSYNC; |
||
5851 |
break; |
||
5852 |
case PF_STATE_OPT_SRCTRACK: |
||
5853 |
if (srctrack) { |
||
5854 |
yyerror("state option " |
||
5855 |
"'source-track' " |
||
5856 |
"multiple definitions"); |
||
5857 |
YYERROR; |
||
5858 |
} |
||
5859 |
srctrack = o->data.src_track; |
||
5860 |
r.rule_flag |= PFRULE_SRCTRACK; |
||
5861 |
break; |
||
5862 |
case PF_STATE_OPT_MAX_SRC_STATES: |
||
5863 |
if (r.max_src_states) { |
||
5864 |
yyerror("state option " |
||
5865 |
"'max-src-states' " |
||
5866 |
"multiple definitions"); |
||
5867 |
YYERROR; |
||
5868 |
} |
||
5869 |
if (o->data.max_src_states == 0) { |
||
5870 |
yyerror("'max-src-states' must " |
||
5871 |
"be > 0"); |
||
5872 |
YYERROR; |
||
5873 |
} |
||
5874 |
r.max_src_states = |
||
5875 |
o->data.max_src_states; |
||
5876 |
r.rule_flag |= PFRULE_SRCTRACK; |
||
5877 |
break; |
||
5878 |
case PF_STATE_OPT_OVERLOAD: |
||
5879 |
if (r.overload_tblname[0]) { |
||
5880 |
yyerror("multiple 'overload' " |
||
5881 |
"table definitions"); |
||
5882 |
YYERROR; |
||
5883 |
} |
||
5884 |
if (strlcpy(r.overload_tblname, |
||
5885 |
o->data.overload.tblname, |
||
5886 |
PF_TABLE_NAME_SIZE) >= |
||
5887 |
PF_TABLE_NAME_SIZE) { |
||
5888 |
yyerror("state option: " |
||
5889 |
"strlcpy"); |
||
5890 |
YYERROR; |
||
5891 |
} |
||
5892 |
r.flush = o->data.overload.flush; |
||
5893 |
break; |
||
5894 |
case PF_STATE_OPT_MAX_SRC_CONN: |
||
5895 |
if (r.max_src_conn) { |
||
5896 |
yyerror("state option " |
||
5897 |
"'max-src-conn' " |
||
5898 |
"multiple definitions"); |
||
5899 |
YYERROR; |
||
5900 |
} |
||
5901 |
if (o->data.max_src_conn == 0) { |
||
5902 |
yyerror("'max-src-conn' " |
||
5903 |
"must be > 0"); |
||
5904 |
YYERROR; |
||
5905 |
} |
||
5906 |
r.max_src_conn = |
||
5907 |
o->data.max_src_conn; |
||
5908 |
r.rule_flag |= PFRULE_SRCTRACK | |
||
5909 |
PFRULE_RULESRCTRACK; |
||
5910 |
break; |
||
5911 |
case PF_STATE_OPT_MAX_SRC_CONN_RATE: |
||
5912 |
if (r.max_src_conn_rate.limit) { |
||
5913 |
yyerror("state option " |
||
5914 |
"'max-src-conn-rate' " |
||
5915 |
"multiple definitions"); |
||
5916 |
YYERROR; |
||
5917 |
} |
||
5918 |
if (!o->data.max_src_conn_rate.limit || |
||
5919 |
!o->data.max_src_conn_rate.seconds) { |
||
5920 |
yyerror("'max-src-conn-rate' " |
||
5921 |
"values must be > 0"); |
||
5922 |
YYERROR; |
||
5923 |
} |
||
5924 |
if (o->data.max_src_conn_rate.limit > |
||
5925 |
PF_THRESHOLD_MAX) { |
||
5926 |
yyerror("'max-src-conn-rate' " |
||
5927 |
"maximum rate must be < %u", |
||
5928 |
PF_THRESHOLD_MAX); |
||
5929 |
YYERROR; |
||
5930 |
} |
||
5931 |
r.max_src_conn_rate.limit = |
||
5932 |
o->data.max_src_conn_rate.limit; |
||
5933 |
r.max_src_conn_rate.seconds = |
||
5934 |
o->data.max_src_conn_rate.seconds; |
||
5935 |
r.rule_flag |= PFRULE_SRCTRACK | |
||
5936 |
PFRULE_RULESRCTRACK; |
||
5937 |
break; |
||
5938 |
case PF_STATE_OPT_MAX_SRC_NODES: |
||
5939 |
if (r.max_src_nodes) { |
||
5940 |
yyerror("state option " |
||
5941 |
"'max-src-nodes' " |
||
5942 |
"multiple definitions"); |
||
5943 |
YYERROR; |
||
5944 |
} |
||
5945 |
if (o->data.max_src_nodes == 0) { |
||
5946 |
yyerror("'max-src-nodes' must " |
||
5947 |
"be > 0"); |
||
5948 |
YYERROR; |
||
5949 |
} |
||
5950 |
r.max_src_nodes = |
||
5951 |
o->data.max_src_nodes; |
||
5952 |
r.rule_flag |= PFRULE_SRCTRACK | |
||
5953 |
PFRULE_RULESRCTRACK; |
||
5954 |
break; |
||
5955 |
case PF_STATE_OPT_STATELOCK: |
||
5956 |
if (statelock) { |
||
5957 |
yyerror("state locking option: " |
||
5958 |
"multiple definitions"); |
||
5959 |
YYERROR; |
||
5960 |
} |
||
5961 |
statelock = 1; |
||
5962 |
r.rule_flag |= o->data.statelock; |
||
5963 |
break; |
||
5964 |
case PF_STATE_OPT_SLOPPY: |
||
5965 |
if (r.rule_flag & PFRULE_STATESLOPPY) { |
||
5966 |
yyerror("state sloppy option: " |
||
5967 |
"multiple definitions"); |
||
5968 |
YYERROR; |
||
5969 |
} |
||
5970 |
r.rule_flag |= PFRULE_STATESLOPPY; |
||
5971 |
break; |
||
5972 |
case PF_STATE_OPT_PFLOW: |
||
5973 |
if (r.rule_flag & PFRULE_PFLOW) { |
||
5974 |
yyerror("state pflow " |
||
5975 |
"option: multiple " |
||
5976 |
"definitions"); |
||
5977 |
YYERROR; |
||
5978 |
} |
||
5979 |
r.rule_flag |= PFRULE_PFLOW; |
||
5980 |
break; |
||
5981 |
case PF_STATE_OPT_TIMEOUT: |
||
5982 |
if (o->data.timeout.number == |
||
5983 |
PFTM_ADAPTIVE_START || |
||
5984 |
o->data.timeout.number == |
||
5985 |
PFTM_ADAPTIVE_END) |
||
5986 |
adaptive = 1; |
||
5987 |
if (r.timeout[o->data.timeout.number]) { |
||
5988 |
yyerror("state timeout %s " |
||
5989 |
"multiple definitions", |
||
5990 |
pf_timeouts[o->data. |
||
5991 |
timeout.number].name); |
||
5992 |
YYERROR; |
||
5993 |
} |
||
5994 |
r.timeout[o->data.timeout.number] = |
||
5995 |
o->data.timeout.seconds; |
||
5996 |
} |
||
5997 |
o = o->next; |
||
5998 |
if (!defaults) |
||
5999 |
free(p); |
||
6000 |
} |
||
6001 |
|||
6002 |
/* 'flags S/SA' by default on stateful rules */ |
||
6003 |
if (!r.action && !r.flags && !r.flagset && |
||
6004 |
!yyvsp[0].v.filter_opts.fragment && !(yyvsp[0].v.filter_opts.marker & FOM_FLAGS) && |
||
6005 |
r.keep_state) { |
||
6006 |
r.flags = parse_flags("S"); |
||
6007 |
r.flagset = parse_flags("SA"); |
||
6008 |
} |
||
6009 |
if (!adaptive && r.max_states) { |
||
6010 |
r.timeout[PFTM_ADAPTIVE_START] = |
||
6011 |
(r.max_states / 10) * 6; |
||
6012 |
r.timeout[PFTM_ADAPTIVE_END] = |
||
6013 |
(r.max_states / 10) * 12; |
||
6014 |
} |
||
6015 |
if (r.rule_flag & PFRULE_SRCTRACK) { |
||
6016 |
if (srctrack == PF_SRCTRACK_GLOBAL && |
||
6017 |
r.max_src_nodes) { |
||
6018 |
yyerror("'max-src-nodes' is " |
||
6019 |
"incompatible with " |
||
6020 |
"'source-track global'"); |
||
6021 |
YYERROR; |
||
6022 |
} |
||
6023 |
if (srctrack == PF_SRCTRACK_GLOBAL && |
||
6024 |
r.max_src_conn) { |
||
6025 |
yyerror("'max-src-conn' is " |
||
6026 |
"incompatible with " |
||
6027 |
"'source-track global'"); |
||
6028 |
YYERROR; |
||
6029 |
} |
||
6030 |
if (srctrack == PF_SRCTRACK_GLOBAL && |
||
6031 |
r.max_src_conn_rate.seconds) { |
||
6032 |
yyerror("'max-src-conn-rate' is " |
||
6033 |
"incompatible with " |
||
6034 |
"'source-track global'"); |
||
6035 |
YYERROR; |
||
6036 |
} |
||
6037 |
if (r.timeout[PFTM_SRC_NODE] < |
||
6038 |
r.max_src_conn_rate.seconds) |
||
6039 |
r.timeout[PFTM_SRC_NODE] = |
||
6040 |
r.max_src_conn_rate.seconds; |
||
6041 |
r.rule_flag |= PFRULE_SRCTRACK; |
||
6042 |
if (srctrack == PF_SRCTRACK_RULE) |
||
6043 |
r.rule_flag |= PFRULE_RULESRCTRACK; |
||
6044 |
} |
||
6045 |
if (r.keep_state && !statelock) |
||
6046 |
r.rule_flag |= default_statelock; |
||
6047 |
|||
6048 |
if (yyvsp[0].v.filter_opts.fragment) |
||
6049 |
r.rule_flag |= PFRULE_FRAGMENT; |
||
6050 |
r.allow_opts = yyvsp[0].v.filter_opts.allowopts; |
||
6051 |
|||
6052 |
decide_address_family(yyvsp[-1].v.fromto.src.host, &r.af); |
||
6053 |
decide_address_family(yyvsp[-1].v.fromto.dst.host, &r.af); |
||
6054 |
|||
6055 |
if (yyvsp[0].v.filter_opts.route.rt) { |
||
6056 |
if (!r.direction) { |
||
6057 |
yyerror("direction must be explicit " |
||
6058 |
"with rules that specify routing"); |
||
6059 |
YYERROR; |
||
6060 |
} |
||
6061 |
r.rt = yyvsp[0].v.filter_opts.route.rt; |
||
6062 |
r.route.opts = yyvsp[0].v.filter_opts.route.pool_opts; |
||
6063 |
if (yyvsp[0].v.filter_opts.route.key != NULL) |
||
6064 |
memcpy(&r.route.key, yyvsp[0].v.filter_opts.route.key, |
||
6065 |
sizeof(struct pf_poolhashkey)); |
||
6066 |
} |
||
6067 |
if (r.rt) { |
||
6068 |
decide_address_family(yyvsp[0].v.filter_opts.route.host, &r.af); |
||
6069 |
if ((r.route.opts & PF_POOL_TYPEMASK) == |
||
6070 |
PF_POOL_NONE && (yyvsp[0].v.filter_opts.route.host->next != NULL || |
||
6071 |
yyvsp[0].v.filter_opts.route.host->addr.type == PF_ADDR_TABLE || |
||
6072 |
DYNIF_MULTIADDR(yyvsp[0].v.filter_opts.route.host->addr))) |
||
6073 |
r.route.opts |= PF_POOL_ROUNDROBIN; |
||
6074 |
if (yyvsp[0].v.filter_opts.route.host->next != NULL) { |
||
6075 |
if (!PF_POOL_DYNTYPE(r.route.opts)) { |
||
6076 |
yyerror("address pool option " |
||
6077 |
"not supported by type"); |
||
6078 |
YYERROR; |
||
6079 |
} |
||
6080 |
} |
||
6081 |
/* fake redirspec */ |
||
6082 |
if ((yyvsp[0].v.filter_opts.rroute.rdr = calloc(1, |
||
6083 |
sizeof(*yyvsp[0].v.filter_opts.rroute.rdr))) == NULL) |
||
6084 |
err(1, "$8.rroute.rdr"); |
||
6085 |
yyvsp[0].v.filter_opts.rroute.rdr->host = yyvsp[0].v.filter_opts.route.host; |
||
6086 |
} |
||
6087 |
if (yyvsp[0].v.filter_opts.queues.qname != NULL) { |
||
6088 |
if (strlcpy(r.qname, yyvsp[0].v.filter_opts.queues.qname, |
||
6089 |
sizeof(r.qname)) >= sizeof(r.qname)) { |
||
6090 |
yyerror("rule qname too long (max " |
||
6091 |
"%d chars)", sizeof(r.qname)-1); |
||
6092 |
YYERROR; |
||
6093 |
} |
||
6094 |
free(yyvsp[0].v.filter_opts.queues.qname); |
||
6095 |
} |
||
6096 |
if (yyvsp[0].v.filter_opts.queues.pqname != NULL) { |
||
6097 |
if (strlcpy(r.pqname, yyvsp[0].v.filter_opts.queues.pqname, |
||
6098 |
sizeof(r.pqname)) >= sizeof(r.pqname)) { |
||
6099 |
yyerror("rule pqname too long (max " |
||
6100 |
"%d chars)", sizeof(r.pqname)-1); |
||
6101 |
YYERROR; |
||
6102 |
} |
||
6103 |
free(yyvsp[0].v.filter_opts.queues.pqname); |
||
6104 |
} |
||
6105 |
if (expand_divertspec(&r, &yyvsp[0].v.filter_opts.divert)) |
||
6106 |
YYERROR; |
||
6107 |
r.divert_packet.port = yyvsp[0].v.filter_opts.divert_packet.port; |
||
6108 |
|||
6109 |
expand_rule(&r, 0, yyvsp[-4].v.interface, &yyvsp[0].v.filter_opts.nat, &yyvsp[0].v.filter_opts.rdr, &yyvsp[0].v.filter_opts.rroute, yyvsp[-2].v.proto, |
||
6110 |
yyvsp[-1].v.fromto.src_os, |
||
6111 |
yyvsp[-1].v.fromto.src.host, yyvsp[-1].v.fromto.src.port, yyvsp[-1].v.fromto.dst.host, yyvsp[-1].v.fromto.dst.port, |
||
6112 |
yyvsp[0].v.filter_opts.uid, yyvsp[0].v.filter_opts.gid, yyvsp[0].v.filter_opts.rcv, yyvsp[0].v.filter_opts.icmpspec, ""); |
||
6113 |
} |
||
6114 |
break; |
||
6115 |
case 120: |
||
6116 |
#line 1916 "parse.y" |
||
6117 |
{ |
||
6118 |
bzero(&filter_opts, sizeof filter_opts); |
||
6119 |
filter_opts.rtableid = -1; |
||
6120 |
} |
||
6121 |
break; |
||
6122 |
case 121: |
||
6123 |
#line 1921 "parse.y" |
||
6124 |
{ yyval.v.filter_opts = filter_opts; } |
||
6125 |
break; |
||
6126 |
case 122: |
||
6127 |
#line 1922 "parse.y" |
||
6128 |
{ |
||
6129 |
bzero(&filter_opts, sizeof filter_opts); |
||
6130 |
filter_opts.rtableid = -1; |
||
6131 |
yyval.v.filter_opts = filter_opts; |
||
6132 |
} |
||
6133 |
break; |
||
6134 |
case 125: |
||
6135 |
#line 1933 "parse.y" |
||
6136 |
{ |
||
6137 |
if (filter_opts.uid) |
||
6138 |
yyvsp[0].v.uid->tail->next = filter_opts.uid; |
||
6139 |
filter_opts.uid = yyvsp[0].v.uid; |
||
6140 |
} |
||
6141 |
break; |
||
6142 |
case 126: |
||
6143 |
#line 1938 "parse.y" |
||
6144 |
{ |
||
6145 |
if (filter_opts.gid) |
||
6146 |
yyvsp[0].v.gid->tail->next = filter_opts.gid; |
||
6147 |
filter_opts.gid = yyvsp[0].v.gid; |
||
6148 |
} |
||
6149 |
break; |
||
6150 |
case 127: |
||
6151 |
#line 1943 "parse.y" |
||
6152 |
{ |
||
6153 |
if (filter_opts.marker & FOM_FLAGS) { |
||
6154 |
yyerror("flags cannot be redefined"); |
||
6155 |
YYERROR; |
||
6156 |
} |
||
6157 |
filter_opts.marker |= FOM_FLAGS; |
||
6158 |
filter_opts.flags.b1 |= yyvsp[0].v.b.b1; |
||
6159 |
filter_opts.flags.b2 |= yyvsp[0].v.b.b2; |
||
6160 |
filter_opts.flags.w |= yyvsp[0].v.b.w; |
||
6161 |
filter_opts.flags.w2 |= yyvsp[0].v.b.w2; |
||
6162 |
} |
||
6163 |
break; |
||
6164 |
case 128: |
||
6165 |
#line 1954 "parse.y" |
||
6166 |
{ |
||
6167 |
if (filter_opts.marker & FOM_ICMP) { |
||
6168 |
yyerror("icmp-type cannot be redefined"); |
||
6169 |
YYERROR; |
||
6170 |
} |
||
6171 |
filter_opts.marker |= FOM_ICMP; |
||
6172 |
filter_opts.icmpspec = yyvsp[0].v.icmp; |
||
6173 |
} |
||
6174 |
break; |
||
6175 |
case 129: |
||
6176 |
#line 1962 "parse.y" |
||
6177 |
{ |
||
6178 |
if (filter_opts.marker & FOM_PRIO) { |
||
6179 |
yyerror("prio cannot be redefined"); |
||
6180 |
YYERROR; |
||
6181 |
} |
||
6182 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO) { |
||
6183 |
yyerror("prio must be 0 - %u", IFQ_MAXPRIO); |
||
6184 |
YYERROR; |
||
6185 |
} |
||
6186 |
filter_opts.marker |= FOM_PRIO; |
||
6187 |
filter_opts.prio = yyvsp[0].v.number; |
||
6188 |
} |
||
6189 |
break; |
||
6190 |
case 130: |
||
6191 |
#line 1974 "parse.y" |
||
6192 |
{ |
||
6193 |
if (filter_opts.marker & FOM_TOS) { |
||
6194 |
yyerror("tos cannot be redefined"); |
||
6195 |
YYERROR; |
||
6196 |
} |
||
6197 |
filter_opts.marker |= FOM_TOS; |
||
6198 |
filter_opts.tos = yyvsp[0].v.number; |
||
6199 |
} |
||
6200 |
break; |
||
6201 |
case 131: |
||
6202 |
#line 1982 "parse.y" |
||
6203 |
{ |
||
6204 |
if (filter_opts.marker & FOM_KEEP) { |
||
6205 |
yyerror("modulate or keep cannot be redefined"); |
||
6206 |
YYERROR; |
||
6207 |
} |
||
6208 |
filter_opts.marker |= FOM_KEEP; |
||
6209 |
filter_opts.keep.action = yyvsp[0].v.keep_state.action; |
||
6210 |
filter_opts.keep.options = yyvsp[0].v.keep_state.options; |
||
6211 |
} |
||
6212 |
break; |
||
6213 |
case 132: |
||
6214 |
#line 1991 "parse.y" |
||
6215 |
{ |
||
6216 |
filter_opts.fragment = 1; |
||
6217 |
} |
||
6218 |
break; |
||
6219 |
case 133: |
||
6220 |
#line 1994 "parse.y" |
||
6221 |
{ |
||
6222 |
filter_opts.allowopts = 1; |
||
6223 |
} |
||
6224 |
break; |
||
6225 |
case 134: |
||
6226 |
#line 1997 "parse.y" |
||
6227 |
{ |
||
6228 |
if (filter_opts.label) { |
||
6229 |
yyerror("label cannot be redefined"); |
||
6230 |
YYERROR; |
||
6231 |
} |
||
6232 |
filter_opts.label = yyvsp[0].v.string; |
||
6233 |
} |
||
6234 |
break; |
||
6235 |
case 135: |
||
6236 |
#line 2004 "parse.y" |
||
6237 |
{ |
||
6238 |
if (filter_opts.queues.qname) { |
||
6239 |
yyerror("queue cannot be redefined"); |
||
6240 |
YYERROR; |
||
6241 |
} |
||
6242 |
filter_opts.queues = yyvsp[0].v.qassign; |
||
6243 |
} |
||
6244 |
break; |
||
6245 |
case 136: |
||
6246 |
#line 2011 "parse.y" |
||
6247 |
{ |
||
6248 |
filter_opts.tag = yyvsp[0].v.string; |
||
6249 |
} |
||
6250 |
break; |
||
6251 |
case 137: |
||
6252 |
#line 2014 "parse.y" |
||
6253 |
{ |
||
6254 |
filter_opts.match_tag = yyvsp[0].v.string; |
||
6255 |
filter_opts.match_tag_not = yyvsp[-2].v.number; |
||
6256 |
} |
||
6257 |
break; |
||
6258 |
case 138: |
||
6259 |
#line 2018 "parse.y" |
||
6260 |
{ |
||
6261 |
double p; |
||
6262 |
|||
6263 |
p = floor(yyvsp[0].v.probability * UINT_MAX + 0.5); |
||
6264 |
if (p < 0.0 || p > UINT_MAX) { |
||
6265 |
yyerror("invalid probability: %g%%", yyvsp[0].v.probability * 100); |
||
6266 |
YYERROR; |
||
6267 |
} |
||
6268 |
filter_opts.prob = (u_int32_t)p; |
||
6269 |
if (filter_opts.prob == 0) |
||
6270 |
filter_opts.prob = 1; |
||
6271 |
} |
||
6272 |
break; |
||
6273 |
case 139: |
||
6274 |
#line 2030 "parse.y" |
||
6275 |
{ |
||
6276 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) { |
||
6277 |
yyerror("invalid rtable id"); |
||
6278 |
YYERROR; |
||
6279 |
} |
||
6280 |
filter_opts.rtableid = yyvsp[0].v.number; |
||
6281 |
} |
||
6282 |
break; |
||
6283 |
case 140: |
||
6284 |
#line 2037 "parse.y" |
||
6285 |
{ |
||
6286 |
if ((filter_opts.divert.addr = host(yyvsp[-2].v.string, pf->opts)) == NULL) { |
||
6287 |
yyerror("could not parse divert address: %s", |
||
6288 |
yyvsp[-2].v.string); |
||
6289 |
free(yyvsp[-2].v.string); |
||
6290 |
YYERROR; |
||
6291 |
} |
||
6292 |
free(yyvsp[-2].v.string); |
||
6293 |
filter_opts.divert.port = yyvsp[0].v.range.a; |
||
6294 |
if (!filter_opts.divert.port) { |
||
6295 |
yyerror("invalid divert port: %u", ntohs(yyvsp[0].v.range.a)); |
||
6296 |
YYERROR; |
||
6297 |
} |
||
6298 |
} |
||
6299 |
break; |
||
6300 |
case 141: |
||
6301 |
#line 2051 "parse.y" |
||
6302 |
{ |
||
6303 |
filter_opts.divert.port = 1; /* some random value */ |
||
6304 |
} |
||
6305 |
break; |
||
6306 |
case 142: |
||
6307 |
#line 2054 "parse.y" |
||
6308 |
{ |
||
6309 |
/* |
||
6310 |
* If IP reassembly was not turned off, also |
||
6311 |
* forcibly enable TCP reassembly by default. |
||
6312 |
*/ |
||
6313 |
if (pf->reassemble & PF_REASS_ENABLED) |
||
6314 |
filter_opts.marker |= FOM_SCRUB_TCP; |
||
6315 |
|||
6316 |
if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 65535) { |
||
6317 |
yyerror("invalid divert port"); |
||
6318 |
YYERROR; |
||
6319 |
} |
||
6320 |
|||
6321 |
filter_opts.divert_packet.port = htons(yyvsp[0].v.number); |
||
6322 |
} |
||
6323 |
break; |
||
6324 |
case 143: |
||
6325 |
#line 2069 "parse.y" |
||
6326 |
{ |
||
6327 |
filter_opts.nodf = yyvsp[-1].v.scrub_opts.nodf; |
||
6328 |
filter_opts.minttl = yyvsp[-1].v.scrub_opts.minttl; |
||
6329 |
filter_opts.randomid = yyvsp[-1].v.scrub_opts.randomid; |
||
6330 |
filter_opts.max_mss = yyvsp[-1].v.scrub_opts.maxmss; |
||
6331 |
if (yyvsp[-1].v.scrub_opts.reassemble_tcp) |
||
6332 |
filter_opts.marker |= FOM_SCRUB_TCP; |
||
6333 |
filter_opts.marker |= yyvsp[-1].v.scrub_opts.marker; |
||
6334 |
} |
||
6335 |
break; |
||
6336 |
case 144: |
||
6337 |
#line 2078 "parse.y" |
||
6338 |
{ |
||
6339 |
if (filter_opts.nat.rdr) { |
||
6340 |
yyerror("cannot respecify nat-to/binat-to"); |
||
6341 |
YYERROR; |
||
6342 |
} |
||
6343 |
filter_opts.nat.rdr = yyvsp[-1].v.redirection; |
||
6344 |
memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts, |
||
6345 |
sizeof(filter_opts.nat.pool_opts)); |
||
6346 |
} |
||
6347 |
break; |
||
6348 |
case 145: |
||
6349 |
#line 2087 "parse.y" |
||
6350 |
{ |
||
6351 |
if (filter_opts.nat.rdr) { |
||
6352 |
yyerror("cannot respecify af-to"); |
||
6353 |
YYERROR; |
||
6354 |
} |
||
6355 |
if (yyvsp[-3].v.i == 0) { |
||
6356 |
yyerror("no target address family specified"); |
||
6357 |
YYERROR; |
||
6358 |
} |
||
6359 |
filter_opts.nat.af = yyvsp[-3].v.i; |
||
6360 |
filter_opts.nat.rdr = yyvsp[-1].v.redirection; |
||
6361 |
memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts, |
||
6362 |
sizeof(filter_opts.nat.pool_opts)); |
||
6363 |
filter_opts.rdr.rdr = |
||
6364 |
calloc(1, sizeof(struct redirection)); |
||
6365 |
bzero(&filter_opts.rdr.pool_opts, |
||
6366 |
sizeof(filter_opts.rdr.pool_opts)); |
||
6367 |
filter_opts.marker |= FOM_AFTO; |
||
6368 |
} |
||
6369 |
break; |
||
6370 |
case 146: |
||
6371 |
#line 2106 "parse.y" |
||
6372 |
{ |
||
6373 |
if (filter_opts.nat.rdr) { |
||
6374 |
yyerror("cannot respecify af-to"); |
||
6375 |
YYERROR; |
||
6376 |
} |
||
6377 |
if (yyvsp[-6].v.i == 0) { |
||
6378 |
yyerror("no address family specified"); |
||
6379 |
YYERROR; |
||
6380 |
} |
||
6381 |
if ((yyvsp[-4].v.redirection->host->af && yyvsp[-4].v.redirection->host->af != yyvsp[-6].v.i) || |
||
6382 |
(yyvsp[-1].v.redirection->host->af && yyvsp[-1].v.redirection->host->af != yyvsp[-6].v.i)) { |
||
6383 |
yyerror("af-to addresses must be in the " |
||
6384 |
"target address family"); |
||
6385 |
YYERROR; |
||
6386 |
} |
||
6387 |
filter_opts.nat.af = yyvsp[-6].v.i; |
||
6388 |
filter_opts.nat.rdr = yyvsp[-4].v.redirection; |
||
6389 |
memcpy(&filter_opts.nat.pool_opts, &yyvsp[-3].v.pool_opts, |
||
6390 |
sizeof(filter_opts.nat.pool_opts)); |
||
6391 |
filter_opts.rdr.af = yyvsp[-6].v.i; |
||
6392 |
filter_opts.rdr.rdr = yyvsp[-1].v.redirection; |
||
6393 |
memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts, |
||
6394 |
sizeof(filter_opts.nat.pool_opts)); |
||
6395 |
filter_opts.marker |= FOM_AFTO; |
||
6396 |
} |
||
6397 |
break; |
||
6398 |
case 147: |
||
6399 |
#line 2131 "parse.y" |
||
6400 |
{ |
||
6401 |
if (filter_opts.rdr.rdr) { |
||
6402 |
yyerror("cannot respecify rdr-to"); |
||
6403 |
YYERROR; |
||
6404 |
} |
||
6405 |
filter_opts.rdr.rdr = yyvsp[-1].v.redirection; |
||
6406 |
memcpy(&filter_opts.rdr.pool_opts, &yyvsp[0].v.pool_opts, |
||
6407 |
sizeof(filter_opts.rdr.pool_opts)); |
||
6408 |
} |
||
6409 |
break; |
||
6410 |
case 148: |
||
6411 |
#line 2140 "parse.y" |
||
6412 |
{ |
||
6413 |
if (filter_opts.nat.rdr) { |
||
6414 |
yyerror("cannot respecify nat-to/binat-to"); |
||
6415 |
YYERROR; |
||
6416 |
} |
||
6417 |
filter_opts.nat.rdr = yyvsp[-1].v.redirection; |
||
6418 |
filter_opts.nat.binat = 1; |
||
6419 |
memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts, |
||
6420 |
sizeof(filter_opts.nat.pool_opts)); |
||
6421 |
filter_opts.nat.pool_opts.staticport = 1; |
||
6422 |
} |
||
6423 |
break; |
||
6424 |
case 149: |
||
6425 |
#line 2151 "parse.y" |
||
6426 |
{ |
||
6427 |
filter_opts.route.host = yyvsp[-1].v.host; |
||
6428 |
filter_opts.route.rt = PF_ROUTETO; |
||
6429 |
filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts; |
||
6430 |
memcpy(&filter_opts.rroute.pool_opts, &yyvsp[0].v.pool_opts, |
||
6431 |
sizeof(filter_opts.rroute.pool_opts)); |
||
6432 |
if (yyvsp[0].v.pool_opts.key != NULL) |
||
6433 |
filter_opts.route.key = yyvsp[0].v.pool_opts.key; |
||
6434 |
} |
||
6435 |
break; |
||
6436 |
case 150: |
||
6437 |
#line 2160 "parse.y" |
||
6438 |
{ |
||
6439 |
filter_opts.route.host = yyvsp[-1].v.host; |
||
6440 |
filter_opts.route.rt = PF_REPLYTO; |
||
6441 |
filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts; |
||
6442 |
if (yyvsp[0].v.pool_opts.key != NULL) |
||
6443 |
filter_opts.route.key = yyvsp[0].v.pool_opts.key; |
||
6444 |
} |
||
6445 |
break; |
||
6446 |
case 151: |
||
6447 |
#line 2167 "parse.y" |
||
6448 |
{ |
||
6449 |
filter_opts.route.host = yyvsp[-1].v.host; |
||
6450 |
filter_opts.route.rt = PF_DUPTO; |
||
6451 |
filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts; |
||
6452 |
memcpy(&filter_opts.rroute.pool_opts, &yyvsp[0].v.pool_opts, |
||
6453 |
sizeof(filter_opts.rroute.pool_opts)); |
||
6454 |
if (yyvsp[0].v.pool_opts.key != NULL) |
||
6455 |
filter_opts.route.key = yyvsp[0].v.pool_opts.key; |
||
6456 |
} |
||
6457 |
break; |
||
6458 |
case 152: |
||
6459 |
#line 2176 "parse.y" |
||
6460 |
{ |
||
6461 |
if (filter_opts.rcv) { |
||
6462 |
yyerror("cannot respecify received-on"); |
||
6463 |
YYERROR; |
||
6464 |
} |
||
6465 |
filter_opts.rcv = yyvsp[0].v.interface; |
||
6466 |
filter_opts.rcv->not = yyvsp[-2].v.number; |
||
6467 |
} |
||
6468 |
break; |
||
6469 |
case 153: |
||
6470 |
#line 2184 "parse.y" |
||
6471 |
{ |
||
6472 |
filter_opts.marker |= FOM_ONCE; |
||
6473 |
} |
||
6474 |
break; |
||
6475 |
case 155: |
||
6476 |
#line 2190 "parse.y" |
||
6477 |
{ yyval.v.filter_opts = filter_opts; } |
||
6478 |
break; |
||
6479 |
case 156: |
||
6480 |
#line 2191 "parse.y" |
||
6481 |
{ yyval.v.filter_opts = filter_opts; } |
||
6482 |
break; |
||
6483 |
case 159: |
||
6484 |
#line 2198 "parse.y" |
||
6485 |
{ |
||
6486 |
if (filter_opts.marker & FOM_SETPRIO) { |
||
6487 |
yyerror("prio cannot be redefined"); |
||
6488 |
YYERROR; |
||
6489 |
} |
||
6490 |
filter_opts.marker |= FOM_SETPRIO; |
||
6491 |
filter_opts.set_prio[0] = yyvsp[0].v.b.b1; |
||
6492 |
filter_opts.set_prio[1] = yyvsp[0].v.b.b2; |
||
6493 |
} |
||
6494 |
break; |
||
6495 |
case 160: |
||
6496 |
#line 2207 "parse.y" |
||
6497 |
{ |
||
6498 |
if (filter_opts.queues.qname) { |
||
6499 |
yyerror("queue cannot be redefined"); |
||
6500 |
YYERROR; |
||
6501 |
} |
||
6502 |
filter_opts.queues = yyvsp[0].v.qassign; |
||
6503 |
} |
||
6504 |
break; |
||
6505 |
case 161: |
||
6506 |
#line 2214 "parse.y" |
||
6507 |
{ |
||
6508 |
if (filter_opts.marker & FOM_SETTOS) { |
||
6509 |
yyerror("tos cannot be respecified"); |
||
6510 |
YYERROR; |
||
6511 |
} |
||
6512 |
filter_opts.marker |= FOM_SETTOS; |
||
6513 |
filter_opts.settos = yyvsp[0].v.number; |
||
6514 |
} |
||
6515 |
break; |
||
6516 |
case 162: |
||
6517 |
#line 2224 "parse.y" |
||
6518 |
{ |
||
6519 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO) { |
||
6520 |
yyerror("prio must be 0 - %u", IFQ_MAXPRIO); |
||
6521 |
YYERROR; |
||
6522 |
} |
||
6523 |
yyval.v.b.b1 = yyval.v.b.b2 = yyvsp[0].v.number; |
||
6524 |
} |
||
6525 |
break; |
||
6526 |
case 163: |
||
6527 |
#line 2231 "parse.y" |
||
6528 |
{ |
||
6529 |
if (yyvsp[-3].v.number < 0 || yyvsp[-3].v.number > IFQ_MAXPRIO || |
||
6530 |
yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > IFQ_MAXPRIO) { |
||
6531 |
yyerror("prio must be 0 - %u", IFQ_MAXPRIO); |
||
6532 |
YYERROR; |
||
6533 |
} |
||
6534 |
yyval.v.b.b1 = yyvsp[-3].v.number; |
||
6535 |
yyval.v.b.b2 = yyvsp[-1].v.number; |
||
6536 |
} |
||
6537 |
break; |
||
6538 |
case 164: |
||
6539 |
#line 2242 "parse.y" |
||
6540 |
{ |
||
6541 |
char *e; |
||
6542 |
double p = strtod(yyvsp[0].v.string, &e); |
||
6543 |
|||
6544 |
if (*e == '%') { |
||
6545 |
p *= 0.01; |
||
6546 |
e++; |
||
6547 |
} |
||
6548 |
if (*e) { |
||
6549 |
yyerror("invalid probability: %s", yyvsp[0].v.string); |
||
6550 |
free(yyvsp[0].v.string); |
||
6551 |
YYERROR; |
||
6552 |
} |
||
6553 |
free(yyvsp[0].v.string); |
||
6554 |
yyval.v.probability = p; |
||
6555 |
} |
||
6556 |
break; |
||
6557 |
case 165: |
||
6558 |
#line 2258 "parse.y" |
||
6559 |
{ |
||
6560 |
yyval.v.probability = (double)yyvsp[0].v.number; |
||
6561 |
} |
||
6562 |
break; |
||
6563 |
case 166: |
||
6564 |
#line 2264 "parse.y" |
||
6565 |
{ yyval.v.b.b1 = PF_PASS; yyval.v.b.b2 = yyval.v.b.w = 0; } |
||
6566 |
break; |
||
6567 |
case 167: |
||
6568 |
#line 2265 "parse.y" |
||
6569 |
{ yyval.v.b.b1 = PF_MATCH; yyval.v.b.b2 = yyval.v.b.w = 0; } |
||
6570 |
break; |
||
6571 |
case 168: |
||
6572 |
#line 2266 "parse.y" |
||
6573 |
{ yyval.v.b = yyvsp[0].v.b; yyval.v.b.b1 = PF_DROP; } |
||
6574 |
break; |
||
6575 |
case 169: |
||
6576 |
#line 2269 "parse.y" |
||
6577 |
{ |
||
6578 |
yyval.v.b.b2 = blockpolicy; |
||
6579 |
yyval.v.b.w = returnicmpdefault; |
||
6580 |
yyval.v.b.w2 = returnicmp6default; |
||
6581 |
} |
||
6582 |
break; |
||
6583 |
case 170: |
||
6584 |
#line 2274 "parse.y" |
||
6585 |
{ |
||
6586 |
yyval.v.b.b2 = PFRULE_DROP; |
||
6587 |
yyval.v.b.w = 0; |
||
6588 |
yyval.v.b.w2 = 0; |
||
6589 |
} |
||
6590 |
break; |
||
6591 |
case 171: |
||
6592 |
#line 2279 "parse.y" |
||
6593 |
{ |
||
6594 |
yyval.v.b.b2 = PFRULE_RETURNRST; |
||
6595 |
yyval.v.b.w = 0; |
||
6596 |
yyval.v.b.w2 = 0; |
||
6597 |
} |
||
6598 |
break; |
||
6599 |
case 172: |
||
6600 |
#line 2284 "parse.y" |
||
6601 |
{ |
||
6602 |
if (yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > 255) { |
||
6603 |
yyerror("illegal ttl value %d", yyvsp[-1].v.number); |
||
6604 |
YYERROR; |
||
6605 |
} |
||
6606 |
yyval.v.b.b2 = PFRULE_RETURNRST; |
||
6607 |
yyval.v.b.w = yyvsp[-1].v.number; |
||
6608 |
yyval.v.b.w2 = 0; |
||
6609 |
} |
||
6610 |
break; |
||
6611 |
case 173: |
||
6612 |
#line 2293 "parse.y" |
||
6613 |
{ |
||
6614 |
yyval.v.b.b2 = PFRULE_RETURNICMP; |
||
6615 |
yyval.v.b.w = returnicmpdefault; |
||
6616 |
yyval.v.b.w2 = returnicmp6default; |
||
6617 |
} |
||
6618 |
break; |
||
6619 |
case 174: |
||
6620 |
#line 2298 "parse.y" |
||
6621 |
{ |
||
6622 |
yyval.v.b.b2 = PFRULE_RETURNICMP; |
||
6623 |
yyval.v.b.w = returnicmpdefault; |
||
6624 |
yyval.v.b.w2 = returnicmp6default; |
||
6625 |
} |
||
6626 |
break; |
||
6627 |
case 175: |
||
6628 |
#line 2303 "parse.y" |
||
6629 |
{ |
||
6630 |
yyval.v.b.b2 = PFRULE_RETURNICMP; |
||
6631 |
yyval.v.b.w = yyvsp[-1].v.number; |
||
6632 |
yyval.v.b.w2 = returnicmpdefault; |
||
6633 |
} |
||
6634 |
break; |
||
6635 |
case 176: |
||
6636 |
#line 2308 "parse.y" |
||
6637 |
{ |
||
6638 |
yyval.v.b.b2 = PFRULE_RETURNICMP; |
||
6639 |
yyval.v.b.w = returnicmpdefault; |
||
6640 |
yyval.v.b.w2 = yyvsp[-1].v.number; |
||
6641 |
} |
||
6642 |
break; |
||
6643 |
case 177: |
||
6644 |
#line 2313 "parse.y" |
||
6645 |
{ |
||
6646 |
yyval.v.b.b2 = PFRULE_RETURNICMP; |
||
6647 |
yyval.v.b.w = yyvsp[-3].v.number; |
||
6648 |
yyval.v.b.w2 = yyvsp[-1].v.number; |
||
6649 |
} |
||
6650 |
break; |
||
6651 |
case 178: |
||
6652 |
#line 2318 "parse.y" |
||
6653 |
{ |
||
6654 |
yyval.v.b.b2 = PFRULE_RETURN; |
||
6655 |
yyval.v.b.w = returnicmpdefault; |
||
6656 |
yyval.v.b.w2 = returnicmp6default; |
||
6657 |
} |
||
6658 |
break; |
||
6659 |
case 179: |
||
6660 |
#line 2325 "parse.y" |
||
6661 |
{ |
||
6662 |
if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET))) { |
||
6663 |
free(yyvsp[0].v.string); |
||
6664 |
YYERROR; |
||
6665 |
} |
||
6666 |
free(yyvsp[0].v.string); |
||
6667 |
} |
||
6668 |
break; |
||
6669 |
case 180: |
||
6670 |
#line 2332 "parse.y" |
||
6671 |
{ |
||
6672 |
u_int8_t icmptype; |
||
6673 |
|||
6674 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
6675 |
yyerror("invalid icmp code %lu", yyvsp[0].v.number); |
||
6676 |
YYERROR; |
||
6677 |
} |
||
6678 |
icmptype = returnicmpdefault >> 8; |
||
6679 |
yyval.v.number = (icmptype << 8 | yyvsp[0].v.number); |
||
6680 |
} |
||
6681 |
break; |
||
6682 |
case 181: |
||
6683 |
#line 2344 "parse.y" |
||
6684 |
{ |
||
6685 |
if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET6))) { |
||
6686 |
free(yyvsp[0].v.string); |
||
6687 |
YYERROR; |
||
6688 |
} |
||
6689 |
free(yyvsp[0].v.string); |
||
6690 |
} |
||
6691 |
break; |
||
6692 |
case 182: |
||
6693 |
#line 2351 "parse.y" |
||
6694 |
{ |
||
6695 |
u_int8_t icmptype; |
||
6696 |
|||
6697 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
6698 |
yyerror("invalid icmp code %lu", yyvsp[0].v.number); |
||
6699 |
YYERROR; |
||
6700 |
} |
||
6701 |
icmptype = returnicmp6default >> 8; |
||
6702 |
yyval.v.number = (icmptype << 8 | yyvsp[0].v.number); |
||
6703 |
} |
||
6704 |
break; |
||
6705 |
case 183: |
||
6706 |
#line 2363 "parse.y" |
||
6707 |
{ yyval.v.i = PF_INOUT; } |
||
6708 |
break; |
||
6709 |
case 184: |
||
6710 |
#line 2364 "parse.y" |
||
6711 |
{ yyval.v.i = PF_IN; } |
||
6712 |
break; |
||
6713 |
case 185: |
||
6714 |
#line 2365 "parse.y" |
||
6715 |
{ yyval.v.i = PF_OUT; } |
||
6716 |
break; |
||
6717 |
case 186: |
||
6718 |
#line 2368 "parse.y" |
||
6719 |
{ yyval.v.logquick.quick = 0; } |
||
6720 |
break; |
||
6721 |
case 187: |
||
6722 |
#line 2369 "parse.y" |
||
6723 |
{ yyval.v.logquick.quick = 1; } |
||
6724 |
break; |
||
6725 |
case 188: |
||
6726 |
#line 2372 "parse.y" |
||
6727 |
{ yyval.v.logquick.log = 0; yyval.v.logquick.quick = 0; yyval.v.logquick.logif = 0; } |
||
6728 |
break; |
||
6729 |
case 189: |
||
6730 |
#line 2373 "parse.y" |
||
6731 |
{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 0; } |
||
6732 |
break; |
||
6733 |
case 190: |
||
6734 |
#line 2374 "parse.y" |
||
6735 |
{ yyval.v.logquick.quick = 1; yyval.v.logquick.log = 0; yyval.v.logquick.logif = 0; } |
||
6736 |
break; |
||
6737 |
case 191: |
||
6738 |
#line 2375 "parse.y" |
||
6739 |
{ yyval.v.logquick = yyvsp[-1].v.logquick; yyval.v.logquick.quick = 1; } |
||
6740 |
break; |
||
6741 |
case 192: |
||
6742 |
#line 2376 "parse.y" |
||
6743 |
{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 1; } |
||
6744 |
break; |
||
6745 |
case 193: |
||
6746 |
#line 2379 "parse.y" |
||
6747 |
{ yyval.v.logquick.log = PF_LOG; yyval.v.logquick.logif = 0; } |
||
6748 |
break; |
||
6749 |
case 194: |
||
6750 |
#line 2380 "parse.y" |
||
6751 |
{ |
||
6752 |
yyval.v.logquick.log = PF_LOG | yyvsp[-1].v.logquick.log; |
||
6753 |
yyval.v.logquick.logif = yyvsp[-1].v.logquick.logif; |
||
6754 |
} |
||
6755 |
break; |
||
6756 |
case 195: |
||
6757 |
#line 2386 "parse.y" |
||
6758 |
{ yyval.v.logquick = yyvsp[0].v.logquick; } |
||
6759 |
break; |
||
6760 |
case 196: |
||
6761 |
#line 2387 "parse.y" |
||
6762 |
{ |
||
6763 |
yyval.v.logquick.log = yyvsp[-2].v.logquick.log | yyvsp[0].v.logquick.log; |
||
6764 |
yyval.v.logquick.logif = yyvsp[0].v.logquick.logif; |
||
6765 |
if (yyval.v.logquick.logif == 0) |
||
6766 |
yyval.v.logquick.logif = yyvsp[-2].v.logquick.logif; |
||
6767 |
} |
||
6768 |
break; |
||
6769 |
case 197: |
||
6770 |
#line 2395 "parse.y" |
||
6771 |
{ yyval.v.logquick.log = PF_LOG_ALL; yyval.v.logquick.logif = 0; } |
||
6772 |
break; |
||
6773 |
case 198: |
||
6774 |
#line 2396 "parse.y" |
||
6775 |
{ yyval.v.logquick.log = PF_LOG_MATCHES; yyval.v.logquick.logif = 0; } |
||
6776 |
break; |
||
6777 |
case 199: |
||
6778 |
#line 2397 "parse.y" |
||
6779 |
{ yyval.v.logquick.log = PF_LOG_SOCKET_LOOKUP; yyval.v.logquick.logif = 0; } |
||
6780 |
break; |
||
6781 |
case 200: |
||
6782 |
#line 2398 "parse.y" |
||
6783 |
{ yyval.v.logquick.log = PF_LOG_SOCKET_LOOKUP; yyval.v.logquick.logif = 0; } |
||
6784 |
break; |
||
6785 |
case 201: |
||
6786 |
#line 2399 "parse.y" |
||
6787 |
{ |
||
6788 |
const char *errstr; |
||
6789 |
u_int i; |
||
6790 |
|||
6791 |
yyval.v.logquick.log = 0; |
||
6792 |
if (strncmp(yyvsp[0].v.string, "pflog", 5)) { |
||
6793 |
yyerror("%s: should be a pflog interface", yyvsp[0].v.string); |
||
6794 |
free(yyvsp[0].v.string); |
||
6795 |
YYERROR; |
||
6796 |
} |
||
6797 |
i = strtonum(yyvsp[0].v.string + 5, 0, 255, &errstr); |
||
6798 |
if (errstr) { |
||
6799 |
yyerror("%s: %s", yyvsp[0].v.string, errstr); |
||
6800 |
free(yyvsp[0].v.string); |
||
6801 |
YYERROR; |
||
6802 |
} |
||
6803 |
free(yyvsp[0].v.string); |
||
6804 |
yyval.v.logquick.logif = i; |
||
6805 |
} |
||
6806 |
break; |
||
6807 |
case 202: |
||
6808 |
#line 2420 "parse.y" |
||
6809 |
{ yyval.v.interface = NULL; } |
||
6810 |
break; |
||
6811 |
case 203: |
||
6812 |
#line 2421 "parse.y" |
||
6813 |
{ yyval.v.interface = yyvsp[0].v.interface; } |
||
6814 |
break; |
||
6815 |
case 204: |
||
6816 |
#line 2422 "parse.y" |
||
6817 |
{ yyval.v.interface = yyvsp[-1].v.interface; } |
||
6818 |
break; |
||
6819 |
case 205: |
||
6820 |
#line 2425 "parse.y" |
||
6821 |
{ yyval.v.interface = yyvsp[-1].v.interface; } |
||
6822 |
break; |
||
6823 |
case 206: |
||
6824 |
#line 2426 "parse.y" |
||
6825 |
{ |
||
6826 |
yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface; |
||
6827 |
yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface; |
||
6828 |
yyval.v.interface = yyvsp[-3].v.interface; |
||
6829 |
} |
||
6830 |
break; |
||
6831 |
case 207: |
||
6832 |
#line 2433 "parse.y" |
||
6833 |
{ yyval.v.interface = yyvsp[0].v.interface; yyval.v.interface->not = yyvsp[-1].v.number; } |
||
6834 |
break; |
||
6835 |
case 208: |
||
6836 |
#line 2436 "parse.y" |
||
6837 |
{ |
||
6838 |
struct node_host *n; |
||
6839 |
|||
6840 |
yyval.v.interface = calloc(1, sizeof(struct node_if)); |
||
6841 |
if (yyval.v.interface == NULL) |
||
6842 |
err(1, "if_item: calloc"); |
||
6843 |
if (strlcpy(yyval.v.interface->ifname, yyvsp[0].v.string, sizeof(yyval.v.interface->ifname)) >= |
||
6844 |
sizeof(yyval.v.interface->ifname)) { |
||
6845 |
free(yyvsp[0].v.string); |
||
6846 |
free(yyval.v.interface); |
||
6847 |
yyerror("interface name too long"); |
||
6848 |
YYERROR; |
||
6849 |
} |
||
6850 |
|||
6851 |
if ((n = ifa_exists(yyvsp[0].v.string)) != NULL) |
||
6852 |
yyval.v.interface->ifa_flags = n->ifa_flags; |
||
6853 |
|||
6854 |
free(yyvsp[0].v.string); |
||
6855 |
yyval.v.interface->not = 0; |
||
6856 |
yyval.v.interface->next = NULL; |
||
6857 |
yyval.v.interface->tail = yyval.v.interface; |
||
6858 |
} |
||
6859 |
break; |
||
6860 |
case 209: |
||
6861 |
#line 2458 "parse.y" |
||
6862 |
{ |
||
6863 |
yyval.v.interface = calloc(1, sizeof(struct node_if)); |
||
6864 |
if (yyval.v.interface == NULL) |
||
6865 |
err(1, "if_item: calloc"); |
||
6866 |
strlcpy(yyval.v.interface->ifname, "any", sizeof(yyval.v.interface->ifname)); |
||
6867 |
yyval.v.interface->not = 0; |
||
6868 |
yyval.v.interface->next = NULL; |
||
6869 |
yyval.v.interface->tail = yyval.v.interface; |
||
6870 |
} |
||
6871 |
break; |
||
6872 |
case 210: |
||
6873 |
#line 2467 "parse.y" |
||
6874 |
{ |
||
6875 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) { |
||
6876 |
yyerror("rdomain outside range"); |
||
6877 |
YYERROR; |
||
6878 |
} |
||
6879 |
yyval.v.interface = calloc(1, sizeof(struct node_if)); |
||
6880 |
if (yyval.v.interface == NULL) |
||
6881 |
err(1, "if_item: calloc"); |
||
6882 |
yyval.v.interface->not = 0; |
||
6883 |
yyval.v.interface->use_rdomain = 1; |
||
6884 |
yyval.v.interface->rdomain = yyvsp[0].v.number; |
||
6885 |
yyval.v.interface->next = NULL; |
||
6886 |
yyval.v.interface->tail = yyval.v.interface; |
||
6887 |
} |
||
6888 |
break; |
||
6889 |
case 211: |
||
6890 |
#line 2483 "parse.y" |
||
6891 |
{ yyval.v.i = 0; } |
||
6892 |
break; |
||
6893 |
case 212: |
||
6894 |
#line 2484 "parse.y" |
||
6895 |
{ yyval.v.i = AF_INET; } |
||
6896 |
break; |
||
6897 |
case 213: |
||
6898 |
#line 2485 "parse.y" |
||
6899 |
{ yyval.v.i = AF_INET6; } |
||
6900 |
break; |
||
6901 |
case 214: |
||
6902 |
#line 2488 "parse.y" |
||
6903 |
{ yyval.v.proto = NULL; } |
||
6904 |
break; |
||
6905 |
case 215: |
||
6906 |
#line 2489 "parse.y" |
||
6907 |
{ yyval.v.proto = yyvsp[0].v.proto; } |
||
6908 |
break; |
||
6909 |
case 216: |
||
6910 |
#line 2490 "parse.y" |
||
6911 |
{ yyval.v.proto = yyvsp[-1].v.proto; } |
||
6912 |
break; |
||
6913 |
case 217: |
||
6914 |
#line 2493 "parse.y" |
||
6915 |
{ yyval.v.proto = yyvsp[-1].v.proto; } |
||
6916 |
break; |
||
6917 |
case 218: |
||
6918 |
#line 2494 "parse.y" |
||
6919 |
{ |
||
6920 |
yyvsp[-3].v.proto->tail->next = yyvsp[-1].v.proto; |
||
6921 |
yyvsp[-3].v.proto->tail = yyvsp[-1].v.proto; |
||
6922 |
yyval.v.proto = yyvsp[-3].v.proto; |
||
6923 |
} |
||
6924 |
break; |
||
6925 |
case 219: |
||
6926 |
#line 2501 "parse.y" |
||
6927 |
{ |
||
6928 |
u_int8_t pr; |
||
6929 |
|||
6930 |
pr = (u_int8_t)yyvsp[0].v.number; |
||
6931 |
if (pr == 0) { |
||
6932 |
yyerror("proto 0 cannot be used"); |
||
6933 |
YYERROR; |
||
6934 |
} |
||
6935 |
yyval.v.proto = calloc(1, sizeof(struct node_proto)); |
||
6936 |
if (yyval.v.proto == NULL) |
||
6937 |
err(1, "proto_item: calloc"); |
||
6938 |
yyval.v.proto->proto = pr; |
||
6939 |
yyval.v.proto->next = NULL; |
||
6940 |
yyval.v.proto->tail = yyval.v.proto; |
||
6941 |
} |
||
6942 |
break; |
||
6943 |
case 220: |
||
6944 |
#line 2518 "parse.y" |
||
6945 |
{ |
||
6946 |
struct protoent *p; |
||
6947 |
|||
6948 |
p = getprotobyname(yyvsp[0].v.string); |
||
6949 |
if (p == NULL) { |
||
6950 |
yyerror("unknown protocol %s", yyvsp[0].v.string); |
||
6951 |
free(yyvsp[0].v.string); |
||
6952 |
YYERROR; |
||
6953 |
} |
||
6954 |
yyval.v.number = p->p_proto; |
||
6955 |
free(yyvsp[0].v.string); |
||
6956 |
} |
||
6957 |
break; |
||
6958 |
case 221: |
||
6959 |
#line 2530 "parse.y" |
||
6960 |
{ |
||
6961 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
6962 |
yyerror("protocol outside range"); |
||
6963 |
YYERROR; |
||
6964 |
} |
||
6965 |
} |
||
6966 |
break; |
||
6967 |
case 222: |
||
6968 |
#line 2538 "parse.y" |
||
6969 |
{ |
||
6970 |
yyval.v.fromto.src.host = NULL; |
||
6971 |
yyval.v.fromto.src.port = NULL; |
||
6972 |
yyval.v.fromto.dst.host = NULL; |
||
6973 |
yyval.v.fromto.dst.port = NULL; |
||
6974 |
yyval.v.fromto.src_os = NULL; |
||
6975 |
} |
||
6976 |
break; |
||
6977 |
case 223: |
||
6978 |
#line 2545 "parse.y" |
||
6979 |
{ |
||
6980 |
yyval.v.fromto.src = yyvsp[-2].v.peer; |
||
6981 |
yyval.v.fromto.src_os = yyvsp[-1].v.os; |
||
6982 |
yyval.v.fromto.dst = yyvsp[0].v.peer; |
||
6983 |
} |
||
6984 |
break; |
||
6985 |
case 224: |
||
6986 |
#line 2552 "parse.y" |
||
6987 |
{ yyval.v.os = NULL; } |
||
6988 |
break; |
||
6989 |
case 225: |
||
6990 |
#line 2553 "parse.y" |
||
6991 |
{ yyval.v.os = yyvsp[0].v.os; } |
||
6992 |
break; |
||
6993 |
case 226: |
||
6994 |
#line 2554 "parse.y" |
||
6995 |
{ yyval.v.os = yyvsp[-1].v.os; } |
||
6996 |
break; |
||
6997 |
case 227: |
||
6998 |
#line 2557 "parse.y" |
||
6999 |
{ |
||
7000 |
yyval.v.os = calloc(1, sizeof(struct node_os)); |
||
7001 |
if (yyval.v.os == NULL) |
||
7002 |
err(1, "os: calloc"); |
||
7003 |
yyval.v.os->os = yyvsp[0].v.string; |
||
7004 |
yyval.v.os->tail = yyval.v.os; |
||
7005 |
} |
||
7006 |
break; |
||
7007 |
case 228: |
||
7008 |
#line 2566 "parse.y" |
||
7009 |
{ yyval.v.os = yyvsp[-1].v.os; } |
||
7010 |
break; |
||
7011 |
case 229: |
||
7012 |
#line 2567 "parse.y" |
||
7013 |
{ |
||
7014 |
yyvsp[-3].v.os->tail->next = yyvsp[-1].v.os; |
||
7015 |
yyvsp[-3].v.os->tail = yyvsp[-1].v.os; |
||
7016 |
yyval.v.os = yyvsp[-3].v.os; |
||
7017 |
} |
||
7018 |
break; |
||
7019 |
case 230: |
||
7020 |
#line 2574 "parse.y" |
||
7021 |
{ |
||
7022 |
yyval.v.peer.host = NULL; |
||
7023 |
yyval.v.peer.port = NULL; |
||
7024 |
} |
||
7025 |
break; |
||
7026 |
case 231: |
||
7027 |
#line 2578 "parse.y" |
||
7028 |
{ |
||
7029 |
yyval.v.peer = yyvsp[0].v.peer; |
||
7030 |
} |
||
7031 |
break; |
||
7032 |
case 232: |
||
7033 |
#line 2583 "parse.y" |
||
7034 |
{ |
||
7035 |
yyval.v.peer.host = NULL; |
||
7036 |
yyval.v.peer.port = NULL; |
||
7037 |
} |
||
7038 |
break; |
||
7039 |
case 233: |
||
7040 |
#line 2587 "parse.y" |
||
7041 |
{ |
||
7042 |
if (disallow_urpf_failed(yyvsp[0].v.peer.host, "\"urpf-failed\" is " |
||
7043 |
"not permitted in a destination address")) |
||
7044 |
YYERROR; |
||
7045 |
yyval.v.peer = yyvsp[0].v.peer; |
||
7046 |
} |
||
7047 |
break; |
||
7048 |
case 234: |
||
7049 |
#line 2595 "parse.y" |
||
7050 |
{ |
||
7051 |
yyval.v.peer.host = yyvsp[0].v.host; |
||
7052 |
yyval.v.peer.port = NULL; |
||
7053 |
} |
||
7054 |
break; |
||
7055 |
case 235: |
||
7056 |
#line 2599 "parse.y" |
||
7057 |
{ |
||
7058 |
yyval.v.peer.host = yyvsp[-2].v.host; |
||
7059 |
yyval.v.peer.port = yyvsp[0].v.port; |
||
7060 |
} |
||
7061 |
break; |
||
7062 |
case 236: |
||
7063 |
#line 2603 "parse.y" |
||
7064 |
{ |
||
7065 |
yyval.v.peer.host = NULL; |
||
7066 |
yyval.v.peer.port = yyvsp[0].v.port; |
||
7067 |
} |
||
7068 |
break; |
||
7069 |
case 239: |
||
7070 |
#line 2613 "parse.y" |
||
7071 |
{ yyval.v.host = NULL; } |
||
7072 |
break; |
||
7073 |
case 240: |
||
7074 |
#line 2614 "parse.y" |
||
7075 |
{ yyval.v.host = yyvsp[0].v.host; } |
||
7076 |
break; |
||
7077 |
case 241: |
||
7078 |
#line 2615 "parse.y" |
||
7079 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
7080 |
break; |
||
7081 |
case 242: |
||
7082 |
#line 2619 "parse.y" |
||
7083 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
7084 |
break; |
||
7085 |
case 243: |
||
7086 |
#line 2620 "parse.y" |
||
7087 |
{ |
||
7088 |
if (yyvsp[-3].v.host == NULL) { |
||
7089 |
freehostlist(yyvsp[-1].v.host); |
||
7090 |
yyval.v.host = yyvsp[-3].v.host; |
||
7091 |
} else if (yyvsp[-1].v.host == NULL) { |
||
7092 |
freehostlist(yyvsp[-3].v.host); |
||
7093 |
yyval.v.host = yyvsp[-1].v.host; |
||
7094 |
} else { |
||
7095 |
yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host; |
||
7096 |
yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail; |
||
7097 |
yyval.v.host = yyvsp[-3].v.host; |
||
7098 |
} |
||
7099 |
} |
||
7100 |
break; |
||
7101 |
case 244: |
||
7102 |
#line 2635 "parse.y" |
||
7103 |
{ |
||
7104 |
struct node_host *n; |
||
7105 |
|||
7106 |
for (n = yyvsp[0].v.host; n != NULL; n = n->next) |
||
7107 |
n->not = yyvsp[-1].v.number; |
||
7108 |
yyval.v.host = yyvsp[0].v.host; |
||
7109 |
} |
||
7110 |
break; |
||
7111 |
case 245: |
||
7112 |
#line 2642 "parse.y" |
||
7113 |
{ |
||
7114 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
7115 |
if (yyval.v.host == NULL) |
||
7116 |
err(1, "xhost: calloc"); |
||
7117 |
yyval.v.host->addr.type = PF_ADDR_NOROUTE; |
||
7118 |
yyval.v.host->next = NULL; |
||
7119 |
yyval.v.host->not = yyvsp[-1].v.number; |
||
7120 |
yyval.v.host->tail = yyval.v.host; |
||
7121 |
} |
||
7122 |
break; |
||
7123 |
case 246: |
||
7124 |
#line 2651 "parse.y" |
||
7125 |
{ |
||
7126 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
7127 |
if (yyval.v.host == NULL) |
||
7128 |
err(1, "xhost: calloc"); |
||
7129 |
yyval.v.host->addr.type = PF_ADDR_URPFFAILED; |
||
7130 |
yyval.v.host->next = NULL; |
||
7131 |
yyval.v.host->not = yyvsp[-1].v.number; |
||
7132 |
yyval.v.host->tail = yyval.v.host; |
||
7133 |
} |
||
7134 |
break; |
||
7135 |
case 247: |
||
7136 |
#line 2662 "parse.y" |
||
7137 |
{ |
||
7138 |
if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > USHRT_MAX) { |
||
7139 |
yyerror("weight out of range"); |
||
7140 |
YYERROR; |
||
7141 |
} |
||
7142 |
yyval.v.weight = yyvsp[0].v.number; |
||
7143 |
} |
||
7144 |
break; |
||
7145 |
case 248: |
||
7146 |
#line 2669 "parse.y" |
||
7147 |
{ yyval.v.weight = 0; } |
||
7148 |
break; |
||
7149 |
case 249: |
||
7150 |
#line 2672 "parse.y" |
||
7151 |
{ |
||
7152 |
if ((yyval.v.host = host(yyvsp[0].v.string, pf->opts)) == NULL) { |
||
7153 |
/* error. "any" is handled elsewhere */ |
||
7154 |
free(yyvsp[0].v.string); |
||
7155 |
yyerror("could not parse host specification"); |
||
7156 |
YYERROR; |
||
7157 |
} |
||
7158 |
free(yyvsp[0].v.string); |
||
7159 |
|||
7160 |
} |
||
7161 |
break; |
||
7162 |
case 250: |
||
7163 |
#line 2682 "parse.y" |
||
7164 |
{ |
||
7165 |
struct node_host *b, *e; |
||
7166 |
|||
7167 |
if ((b = host(yyvsp[-2].v.string, pf->opts)) == NULL || |
||
7168 |
(e = host(yyvsp[0].v.string, pf->opts)) == NULL) { |
||
7169 |
free(yyvsp[-2].v.string); |
||
7170 |
free(yyvsp[0].v.string); |
||
7171 |
yyerror("could not parse host specification"); |
||
7172 |
YYERROR; |
||
7173 |
} |
||
7174 |
if (b->af != e->af || |
||
7175 |
b->addr.type != PF_ADDR_ADDRMASK || |
||
7176 |
e->addr.type != PF_ADDR_ADDRMASK || |
||
7177 |
unmask(&b->addr.v.a.mask, b->af) != |
||
7178 |
(b->af == AF_INET ? 32 : 128) || |
||
7179 |
unmask(&e->addr.v.a.mask, e->af) != |
||
7180 |
(e->af == AF_INET ? 32 : 128) || |
||
7181 |
b->next != NULL || b->not || |
||
7182 |
e->next != NULL || e->not) { |
||
7183 |
free(b); |
||
7184 |
free(e); |
||
7185 |
free(yyvsp[-2].v.string); |
||
7186 |
free(yyvsp[0].v.string); |
||
7187 |
yyerror("invalid address range"); |
||
7188 |
YYERROR; |
||
7189 |
} |
||
7190 |
memcpy(&b->addr.v.a.mask, &e->addr.v.a.addr, |
||
7191 |
sizeof(b->addr.v.a.mask)); |
||
7192 |
b->addr.type = PF_ADDR_RANGE; |
||
7193 |
yyval.v.host = b; |
||
7194 |
free(e); |
||
7195 |
free(yyvsp[-2].v.string); |
||
7196 |
free(yyvsp[0].v.string); |
||
7197 |
} |
||
7198 |
break; |
||
7199 |
case 251: |
||
7200 |
#line 2716 "parse.y" |
||
7201 |
{ |
||
7202 |
char *buf; |
||
7203 |
|||
7204 |
if (asprintf(&buf, "%s/%lld", yyvsp[-2].v.string, yyvsp[0].v.number) == -1) |
||
7205 |
err(1, "host: asprintf"); |
||
7206 |
free(yyvsp[-2].v.string); |
||
7207 |
if ((yyval.v.host = host(buf, pf->opts)) == NULL) { |
||
7208 |
/* error. "any" is handled elsewhere */ |
||
7209 |
free(buf); |
||
7210 |
yyerror("could not parse host specification"); |
||
7211 |
YYERROR; |
||
7212 |
} |
||
7213 |
free(buf); |
||
7214 |
} |
||
7215 |
break; |
||
7216 |
case 252: |
||
7217 |
#line 2730 "parse.y" |
||
7218 |
{ |
||
7219 |
char *buf; |
||
7220 |
|||
7221 |
/* ie. for 10/8 parsing */ |
||
7222 |
if (asprintf(&buf, "%lld/%lld", yyvsp[-2].v.number, yyvsp[0].v.number) == -1) |
||
7223 |
err(1, "host: asprintf"); |
||
7224 |
if ((yyval.v.host = host(buf, pf->opts)) == NULL) { |
||
7225 |
/* error. "any" is handled elsewhere */ |
||
7226 |
free(buf); |
||
7227 |
yyerror("could not parse host specification"); |
||
7228 |
YYERROR; |
||
7229 |
} |
||
7230 |
free(buf); |
||
7231 |
} |
||
7232 |
break; |
||
7233 |
case 254: |
||
7234 |
#line 2745 "parse.y" |
||
7235 |
{ |
||
7236 |
struct node_host *n; |
||
7237 |
|||
7238 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 128) { |
||
7239 |
yyerror("bit number too big"); |
||
7240 |
YYERROR; |
||
7241 |
} |
||
7242 |
yyval.v.host = yyvsp[-2].v.host; |
||
7243 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
7244 |
set_ipmask(n, yyvsp[0].v.number); |
||
7245 |
} |
||
7246 |
break; |
||
7247 |
case 255: |
||
7248 |
#line 2756 "parse.y" |
||
7249 |
{ |
||
7250 |
if (strlen(yyvsp[-1].v.string) >= PF_TABLE_NAME_SIZE) { |
||
7251 |
yyerror("table name '%s' too long", yyvsp[-1].v.string); |
||
7252 |
free(yyvsp[-1].v.string); |
||
7253 |
YYERROR; |
||
7254 |
} |
||
7255 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
7256 |
if (yyval.v.host == NULL) |
||
7257 |
err(1, "host: calloc"); |
||
7258 |
yyval.v.host->addr.type = PF_ADDR_TABLE; |
||
7259 |
if (strlcpy(yyval.v.host->addr.v.tblname, yyvsp[-1].v.string, |
||
7260 |
sizeof(yyval.v.host->addr.v.tblname)) >= |
||
7261 |
sizeof(yyval.v.host->addr.v.tblname)) |
||
7262 |
errx(1, "host: strlcpy"); |
||
7263 |
free(yyvsp[-1].v.string); |
||
7264 |
yyval.v.host->next = NULL; |
||
7265 |
yyval.v.host->tail = yyval.v.host; |
||
7266 |
} |
||
7267 |
break; |
||
7268 |
case 256: |
||
7269 |
#line 2774 "parse.y" |
||
7270 |
{ |
||
7271 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
7272 |
if (yyval.v.host == NULL) { |
||
7273 |
free(yyvsp[0].v.string); |
||
7274 |
err(1, "host: calloc"); |
||
7275 |
} |
||
7276 |
yyval.v.host->addr.type = PF_ADDR_RTLABEL; |
||
7277 |
if (strlcpy(yyval.v.host->addr.v.rtlabelname, yyvsp[0].v.string, |
||
7278 |
sizeof(yyval.v.host->addr.v.rtlabelname)) >= |
||
7279 |
sizeof(yyval.v.host->addr.v.rtlabelname)) { |
||
7280 |
yyerror("route label too long, max %u chars", |
||
7281 |
sizeof(yyval.v.host->addr.v.rtlabelname) - 1); |
||
7282 |
free(yyvsp[0].v.string); |
||
7283 |
free(yyval.v.host); |
||
7284 |
YYERROR; |
||
7285 |
} |
||
7286 |
yyval.v.host->next = NULL; |
||
7287 |
yyval.v.host->tail = yyval.v.host; |
||
7288 |
free(yyvsp[0].v.string); |
||
7289 |
} |
||
7290 |
break; |
||
7291 |
case 258: |
||
7292 |
#line 2797 "parse.y" |
||
7293 |
{ |
||
7294 |
u_long ulval; |
||
7295 |
|||
7296 |
if (atoul(yyvsp[0].v.string, &ulval) == -1) { |
||
7297 |
yyerror("%s is not a number", yyvsp[0].v.string); |
||
7298 |
free(yyvsp[0].v.string); |
||
7299 |
YYERROR; |
||
7300 |
} else |
||
7301 |
yyval.v.number = ulval; |
||
7302 |
free(yyvsp[0].v.string); |
||
7303 |
} |
||
7304 |
break; |
||
7305 |
case 259: |
||
7306 |
#line 2810 "parse.y" |
||
7307 |
{ |
||
7308 |
int flags = 0; |
||
7309 |
char *p, *op; |
||
7310 |
|||
7311 |
op = yyvsp[-1].v.string; |
||
7312 |
if (!isalpha((unsigned char)op[0])) { |
||
7313 |
yyerror("invalid interface name '%s'", op); |
||
7314 |
free(op); |
||
7315 |
YYERROR; |
||
7316 |
} |
||
7317 |
while ((p = strrchr(yyvsp[-1].v.string, ':')) != NULL) { |
||
7318 |
if (!strcmp(p+1, "network")) |
||
7319 |
flags |= PFI_AFLAG_NETWORK; |
||
7320 |
else if (!strcmp(p+1, "broadcast")) |
||
7321 |
flags |= PFI_AFLAG_BROADCAST; |
||
7322 |
else if (!strcmp(p+1, "peer")) |
||
7323 |
flags |= PFI_AFLAG_PEER; |
||
7324 |
else if (!strcmp(p+1, "0")) |
||
7325 |
flags |= PFI_AFLAG_NOALIAS; |
||
7326 |
else { |
||
7327 |
yyerror("interface %s has bad modifier", |
||
7328 |
yyvsp[-1].v.string); |
||
7329 |
free(op); |
||
7330 |
YYERROR; |
||
7331 |
} |
||
7332 |
*p = '\0'; |
||
7333 |
} |
||
7334 |
if (flags & (flags - 1) & PFI_AFLAG_MODEMASK) { |
||
7335 |
free(op); |
||
7336 |
yyerror("illegal combination of " |
||
7337 |
"interface modifiers"); |
||
7338 |
YYERROR; |
||
7339 |
} |
||
7340 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
7341 |
if (yyval.v.host == NULL) |
||
7342 |
err(1, "address: calloc"); |
||
7343 |
yyval.v.host->af = 0; |
||
7344 |
set_ipmask(yyval.v.host, 128); |
||
7345 |
yyval.v.host->addr.type = PF_ADDR_DYNIFTL; |
||
7346 |
yyval.v.host->addr.iflags = flags; |
||
7347 |
if (strlcpy(yyval.v.host->addr.v.ifname, yyvsp[-1].v.string, |
||
7348 |
sizeof(yyval.v.host->addr.v.ifname)) >= |
||
7349 |
sizeof(yyval.v.host->addr.v.ifname)) { |
||
7350 |
free(op); |
||
7351 |
free(yyval.v.host); |
||
7352 |
yyerror("interface name too long"); |
||
7353 |
YYERROR; |
||
7354 |
} |
||
7355 |
free(op); |
||
7356 |
yyval.v.host->next = NULL; |
||
7357 |
yyval.v.host->tail = yyval.v.host; |
||
7358 |
} |
||
7359 |
break; |
||
7360 |
case 260: |
||
7361 |
#line 2864 "parse.y" |
||
7362 |
{ yyval.v.port = yyvsp[0].v.port; } |
||
7363 |
break; |
||
7364 |
case 261: |
||
7365 |
#line 2865 "parse.y" |
||
7366 |
{ yyval.v.port = yyvsp[-1].v.port; } |
||
7367 |
break; |
||
7368 |
case 262: |
||
7369 |
#line 2868 "parse.y" |
||
7370 |
{ yyval.v.port = yyvsp[-1].v.port; } |
||
7371 |
break; |
||
7372 |
case 263: |
||
7373 |
#line 2869 "parse.y" |
||
7374 |
{ |
||
7375 |
yyvsp[-3].v.port->tail->next = yyvsp[-1].v.port; |
||
7376 |
yyvsp[-3].v.port->tail = yyvsp[-1].v.port; |
||
7377 |
yyval.v.port = yyvsp[-3].v.port; |
||
7378 |
} |
||
7379 |
break; |
||
7380 |
case 264: |
||
7381 |
#line 2876 "parse.y" |
||
7382 |
{ |
||
7383 |
yyval.v.port = calloc(1, sizeof(struct node_port)); |
||
7384 |
if (yyval.v.port == NULL) |
||
7385 |
err(1, "port_item: calloc"); |
||
7386 |
yyval.v.port->port[0] = yyvsp[0].v.range.a; |
||
7387 |
yyval.v.port->port[1] = yyvsp[0].v.range.b; |
||
7388 |
if (yyvsp[0].v.range.t) |
||
7389 |
yyval.v.port->op = PF_OP_RRG; |
||
7390 |
else |
||
7391 |
yyval.v.port->op = PF_OP_EQ; |
||
7392 |
yyval.v.port->next = NULL; |
||
7393 |
yyval.v.port->tail = yyval.v.port; |
||
7394 |
} |
||
7395 |
break; |
||
7396 |
case 265: |
||
7397 |
#line 2889 "parse.y" |
||
7398 |
{ |
||
7399 |
if (yyvsp[0].v.range.t) { |
||
7400 |
yyerror("':' cannot be used with an other " |
||
7401 |
"port operator"); |
||
7402 |
YYERROR; |
||
7403 |
} |
||
7404 |
yyval.v.port = calloc(1, sizeof(struct node_port)); |
||
7405 |
if (yyval.v.port == NULL) |
||
7406 |
err(1, "port_item: calloc"); |
||
7407 |
yyval.v.port->port[0] = yyvsp[0].v.range.a; |
||
7408 |
yyval.v.port->port[1] = yyvsp[0].v.range.b; |
||
7409 |
yyval.v.port->op = yyvsp[-1].v.i; |
||
7410 |
yyval.v.port->next = NULL; |
||
7411 |
yyval.v.port->tail = yyval.v.port; |
||
7412 |
} |
||
7413 |
break; |
||
7414 |
case 266: |
||
7415 |
#line 2904 "parse.y" |
||
7416 |
{ |
||
7417 |
if (yyvsp[-2].v.range.t || yyvsp[0].v.range.t) { |
||
7418 |
yyerror("':' cannot be used with an other " |
||
7419 |
"port operator"); |
||
7420 |
YYERROR; |
||
7421 |
} |
||
7422 |
yyval.v.port = calloc(1, sizeof(struct node_port)); |
||
7423 |
if (yyval.v.port == NULL) |
||
7424 |
err(1, "port_item: calloc"); |
||
7425 |
yyval.v.port->port[0] = yyvsp[-2].v.range.a; |
||
7426 |
yyval.v.port->port[1] = yyvsp[0].v.range.a; |
||
7427 |
yyval.v.port->op = yyvsp[-1].v.i; |
||
7428 |
yyval.v.port->next = NULL; |
||
7429 |
yyval.v.port->tail = yyval.v.port; |
||
7430 |
} |
||
7431 |
break; |
||
7432 |
case 267: |
||
7433 |
#line 2921 "parse.y" |
||
7434 |
{ |
||
7435 |
if (parseport(yyvsp[0].v.string, &yyval.v.range, 0) == -1) { |
||
7436 |
free(yyvsp[0].v.string); |
||
7437 |
YYERROR; |
||
7438 |
} |
||
7439 |
free(yyvsp[0].v.string); |
||
7440 |
} |
||
7441 |
break; |
||
7442 |
case 268: |
||
7443 |
#line 2930 "parse.y" |
||
7444 |
{ |
||
7445 |
if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE) == -1) { |
||
7446 |
free(yyvsp[0].v.string); |
||
7447 |
YYERROR; |
||
7448 |
} |
||
7449 |
free(yyvsp[0].v.string); |
||
7450 |
} |
||
7451 |
break; |
||
7452 |
case 269: |
||
7453 |
#line 2939 "parse.y" |
||
7454 |
{ yyval.v.uid = yyvsp[0].v.uid; } |
||
7455 |
break; |
||
7456 |
case 270: |
||
7457 |
#line 2940 "parse.y" |
||
7458 |
{ yyval.v.uid = yyvsp[-1].v.uid; } |
||
7459 |
break; |
||
7460 |
case 271: |
||
7461 |
#line 2943 "parse.y" |
||
7462 |
{ yyval.v.uid = yyvsp[-1].v.uid; } |
||
7463 |
break; |
||
7464 |
case 272: |
||
7465 |
#line 2944 "parse.y" |
||
7466 |
{ |
||
7467 |
yyvsp[-3].v.uid->tail->next = yyvsp[-1].v.uid; |
||
7468 |
yyvsp[-3].v.uid->tail = yyvsp[-1].v.uid; |
||
7469 |
yyval.v.uid = yyvsp[-3].v.uid; |
||
7470 |
} |
||
7471 |
break; |
||
7472 |
case 273: |
||
7473 |
#line 2951 "parse.y" |
||
7474 |
{ |
||
7475 |
yyval.v.uid = calloc(1, sizeof(struct node_uid)); |
||
7476 |
if (yyval.v.uid == NULL) |
||
7477 |
err(1, "uid_item: calloc"); |
||
7478 |
yyval.v.uid->uid[0] = yyvsp[0].v.number; |
||
7479 |
yyval.v.uid->uid[1] = yyvsp[0].v.number; |
||
7480 |
yyval.v.uid->op = PF_OP_EQ; |
||
7481 |
yyval.v.uid->next = NULL; |
||
7482 |
yyval.v.uid->tail = yyval.v.uid; |
||
7483 |
} |
||
7484 |
break; |
||
7485 |
case 274: |
||
7486 |
#line 2961 "parse.y" |
||
7487 |
{ |
||
7488 |
if (yyvsp[0].v.number == UID_MAX && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) { |
||
7489 |
yyerror("user unknown requires operator = or " |
||
7490 |
"!="); |
||
7491 |
YYERROR; |
||
7492 |
} |
||
7493 |
yyval.v.uid = calloc(1, sizeof(struct node_uid)); |
||
7494 |
if (yyval.v.uid == NULL) |
||
7495 |
err(1, "uid_item: calloc"); |
||
7496 |
yyval.v.uid->uid[0] = yyvsp[0].v.number; |
||
7497 |
yyval.v.uid->uid[1] = yyvsp[0].v.number; |
||
7498 |
yyval.v.uid->op = yyvsp[-1].v.i; |
||
7499 |
yyval.v.uid->next = NULL; |
||
7500 |
yyval.v.uid->tail = yyval.v.uid; |
||
7501 |
} |
||
7502 |
break; |
||
7503 |
case 275: |
||
7504 |
#line 2976 "parse.y" |
||
7505 |
{ |
||
7506 |
if (yyvsp[-2].v.number == UID_MAX || yyvsp[0].v.number == UID_MAX) { |
||
7507 |
yyerror("user unknown requires operator = or " |
||
7508 |
"!="); |
||
7509 |
YYERROR; |
||
7510 |
} |
||
7511 |
yyval.v.uid = calloc(1, sizeof(struct node_uid)); |
||
7512 |
if (yyval.v.uid == NULL) |
||
7513 |
err(1, "uid_item: calloc"); |
||
7514 |
yyval.v.uid->uid[0] = yyvsp[-2].v.number; |
||
7515 |
yyval.v.uid->uid[1] = yyvsp[0].v.number; |
||
7516 |
yyval.v.uid->op = yyvsp[-1].v.i; |
||
7517 |
yyval.v.uid->next = NULL; |
||
7518 |
yyval.v.uid->tail = yyval.v.uid; |
||
7519 |
} |
||
7520 |
break; |
||
7521 |
case 276: |
||
7522 |
#line 2993 "parse.y" |
||
7523 |
{ |
||
7524 |
if (!strcmp(yyvsp[0].v.string, "unknown")) |
||
7525 |
yyval.v.number = UID_MAX; |
||
7526 |
else { |
||
7527 |
struct passwd *pw; |
||
7528 |
|||
7529 |
if ((pw = getpwnam(yyvsp[0].v.string)) == NULL) { |
||
7530 |
yyerror("unknown user %s", yyvsp[0].v.string); |
||
7531 |
free(yyvsp[0].v.string); |
||
7532 |
YYERROR; |
||
7533 |
} |
||
7534 |
yyval.v.number = pw->pw_uid; |
||
7535 |
} |
||
7536 |
free(yyvsp[0].v.string); |
||
7537 |
} |
||
7538 |
break; |
||
7539 |
case 277: |
||
7540 |
#line 3008 "parse.y" |
||
7541 |
{ |
||
7542 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= UID_MAX) { |
||
7543 |
yyerror("illegal uid value %lu", yyvsp[0].v.number); |
||
7544 |
YYERROR; |
||
7545 |
} |
||
7546 |
yyval.v.number = yyvsp[0].v.number; |
||
7547 |
} |
||
7548 |
break; |
||
7549 |
case 278: |
||
7550 |
#line 3017 "parse.y" |
||
7551 |
{ yyval.v.gid = yyvsp[0].v.gid; } |
||
7552 |
break; |
||
7553 |
case 279: |
||
7554 |
#line 3018 "parse.y" |
||
7555 |
{ yyval.v.gid = yyvsp[-1].v.gid; } |
||
7556 |
break; |
||
7557 |
case 280: |
||
7558 |
#line 3021 "parse.y" |
||
7559 |
{ yyval.v.gid = yyvsp[-1].v.gid; } |
||
7560 |
break; |
||
7561 |
case 281: |
||
7562 |
#line 3022 "parse.y" |
||
7563 |
{ |
||
7564 |
yyvsp[-3].v.gid->tail->next = yyvsp[-1].v.gid; |
||
7565 |
yyvsp[-3].v.gid->tail = yyvsp[-1].v.gid; |
||
7566 |
yyval.v.gid = yyvsp[-3].v.gid; |
||
7567 |
} |
||
7568 |
break; |
||
7569 |
case 282: |
||
7570 |
#line 3029 "parse.y" |
||
7571 |
{ |
||
7572 |
yyval.v.gid = calloc(1, sizeof(struct node_gid)); |
||
7573 |
if (yyval.v.gid == NULL) |
||
7574 |
err(1, "gid_item: calloc"); |
||
7575 |
yyval.v.gid->gid[0] = yyvsp[0].v.number; |
||
7576 |
yyval.v.gid->gid[1] = yyvsp[0].v.number; |
||
7577 |
yyval.v.gid->op = PF_OP_EQ; |
||
7578 |
yyval.v.gid->next = NULL; |
||
7579 |
yyval.v.gid->tail = yyval.v.gid; |
||
7580 |
} |
||
7581 |
break; |
||
7582 |
case 283: |
||
7583 |
#line 3039 "parse.y" |
||
7584 |
{ |
||
7585 |
if (yyvsp[0].v.number == GID_MAX && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) { |
||
7586 |
yyerror("group unknown requires operator = or " |
||
7587 |
"!="); |
||
7588 |
YYERROR; |
||
7589 |
} |
||
7590 |
yyval.v.gid = calloc(1, sizeof(struct node_gid)); |
||
7591 |
if (yyval.v.gid == NULL) |
||
7592 |
err(1, "gid_item: calloc"); |
||
7593 |
yyval.v.gid->gid[0] = yyvsp[0].v.number; |
||
7594 |
yyval.v.gid->gid[1] = yyvsp[0].v.number; |
||
7595 |
yyval.v.gid->op = yyvsp[-1].v.i; |
||
7596 |
yyval.v.gid->next = NULL; |
||
7597 |
yyval.v.gid->tail = yyval.v.gid; |
||
7598 |
} |
||
7599 |
break; |
||
7600 |
case 284: |
||
7601 |
#line 3054 "parse.y" |
||
7602 |
{ |
||
7603 |
if (yyvsp[-2].v.number == GID_MAX || yyvsp[0].v.number == GID_MAX) { |
||
7604 |
yyerror("group unknown requires operator = or " |
||
7605 |
"!="); |
||
7606 |
YYERROR; |
||
7607 |
} |
||
7608 |
yyval.v.gid = calloc(1, sizeof(struct node_gid)); |
||
7609 |
if (yyval.v.gid == NULL) |
||
7610 |
err(1, "gid_item: calloc"); |
||
7611 |
yyval.v.gid->gid[0] = yyvsp[-2].v.number; |
||
7612 |
yyval.v.gid->gid[1] = yyvsp[0].v.number; |
||
7613 |
yyval.v.gid->op = yyvsp[-1].v.i; |
||
7614 |
yyval.v.gid->next = NULL; |
||
7615 |
yyval.v.gid->tail = yyval.v.gid; |
||
7616 |
} |
||
7617 |
break; |
||
7618 |
case 285: |
||
7619 |
#line 3071 "parse.y" |
||
7620 |
{ |
||
7621 |
if (!strcmp(yyvsp[0].v.string, "unknown")) |
||
7622 |
yyval.v.number = GID_MAX; |
||
7623 |
else { |
||
7624 |
struct group *grp; |
||
7625 |
|||
7626 |
if ((grp = getgrnam(yyvsp[0].v.string)) == NULL) { |
||
7627 |
yyerror("unknown group %s", yyvsp[0].v.string); |
||
7628 |
free(yyvsp[0].v.string); |
||
7629 |
YYERROR; |
||
7630 |
} |
||
7631 |
yyval.v.number = grp->gr_gid; |
||
7632 |
} |
||
7633 |
free(yyvsp[0].v.string); |
||
7634 |
} |
||
7635 |
break; |
||
7636 |
case 286: |
||
7637 |
#line 3086 "parse.y" |
||
7638 |
{ |
||
7639 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= GID_MAX) { |
||
7640 |
yyerror("illegal gid value %lu", yyvsp[0].v.number); |
||
7641 |
YYERROR; |
||
7642 |
} |
||
7643 |
yyval.v.number = yyvsp[0].v.number; |
||
7644 |
} |
||
7645 |
break; |
||
7646 |
case 287: |
||
7647 |
#line 3095 "parse.y" |
||
7648 |
{ |
||
7649 |
int f; |
||
7650 |
|||
7651 |
if ((f = parse_flags(yyvsp[0].v.string)) < 0) { |
||
7652 |
yyerror("bad flags %s", yyvsp[0].v.string); |
||
7653 |
free(yyvsp[0].v.string); |
||
7654 |
YYERROR; |
||
7655 |
} |
||
7656 |
free(yyvsp[0].v.string); |
||
7657 |
yyval.v.b.b1 = f; |
||
7658 |
} |
||
7659 |
break; |
||
7660 |
case 288: |
||
7661 |
#line 3108 "parse.y" |
||
7662 |
{ yyval.v.b.b1 = yyvsp[-2].v.b.b1; yyval.v.b.b2 = yyvsp[0].v.b.b1; } |
||
7663 |
break; |
||
7664 |
case 289: |
||
7665 |
#line 3109 "parse.y" |
||
7666 |
{ yyval.v.b.b1 = 0; yyval.v.b.b2 = yyvsp[0].v.b.b1; } |
||
7667 |
break; |
||
7668 |
case 290: |
||
7669 |
#line 3110 "parse.y" |
||
7670 |
{ yyval.v.b.b1 = 0; yyval.v.b.b2 = 0; } |
||
7671 |
break; |
||
7672 |
case 291: |
||
7673 |
#line 3113 "parse.y" |
||
7674 |
{ yyval.v.icmp = yyvsp[0].v.icmp; } |
||
7675 |
break; |
||
7676 |
case 292: |
||
7677 |
#line 3114 "parse.y" |
||
7678 |
{ yyval.v.icmp = yyvsp[-1].v.icmp; } |
||
7679 |
break; |
||
7680 |
case 293: |
||
7681 |
#line 3115 "parse.y" |
||
7682 |
{ yyval.v.icmp = yyvsp[0].v.icmp; } |
||
7683 |
break; |
||
7684 |
case 294: |
||
7685 |
#line 3116 "parse.y" |
||
7686 |
{ yyval.v.icmp = yyvsp[-1].v.icmp; } |
||
7687 |
break; |
||
7688 |
case 295: |
||
7689 |
#line 3119 "parse.y" |
||
7690 |
{ yyval.v.icmp = yyvsp[-1].v.icmp; } |
||
7691 |
break; |
||
7692 |
case 296: |
||
7693 |
#line 3120 "parse.y" |
||
7694 |
{ |
||
7695 |
yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp; |
||
7696 |
yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp; |
||
7697 |
yyval.v.icmp = yyvsp[-3].v.icmp; |
||
7698 |
} |
||
7699 |
break; |
||
7700 |
case 297: |
||
7701 |
#line 3127 "parse.y" |
||
7702 |
{ yyval.v.icmp = yyvsp[-1].v.icmp; } |
||
7703 |
break; |
||
7704 |
case 298: |
||
7705 |
#line 3128 "parse.y" |
||
7706 |
{ |
||
7707 |
yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp; |
||
7708 |
yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp; |
||
7709 |
yyval.v.icmp = yyvsp[-3].v.icmp; |
||
7710 |
} |
||
7711 |
break; |
||
7712 |
case 299: |
||
7713 |
#line 3135 "parse.y" |
||
7714 |
{ |
||
7715 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7716 |
if (yyval.v.icmp == NULL) |
||
7717 |
err(1, "icmp_item: calloc"); |
||
7718 |
yyval.v.icmp->type = yyvsp[0].v.number; |
||
7719 |
yyval.v.icmp->code = 0; |
||
7720 |
yyval.v.icmp->proto = IPPROTO_ICMP; |
||
7721 |
yyval.v.icmp->next = NULL; |
||
7722 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7723 |
} |
||
7724 |
break; |
||
7725 |
case 300: |
||
7726 |
#line 3145 "parse.y" |
||
7727 |
{ |
||
7728 |
const struct icmpcodeent *p; |
||
7729 |
|||
7730 |
if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET)) == NULL) { |
||
7731 |
yyerror("unknown icmp-code %s", yyvsp[0].v.string); |
||
7732 |
free(yyvsp[0].v.string); |
||
7733 |
YYERROR; |
||
7734 |
} |
||
7735 |
|||
7736 |
free(yyvsp[0].v.string); |
||
7737 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7738 |
if (yyval.v.icmp == NULL) |
||
7739 |
err(1, "icmp_item: calloc"); |
||
7740 |
yyval.v.icmp->type = yyvsp[-2].v.number; |
||
7741 |
yyval.v.icmp->code = p->code + 1; |
||
7742 |
yyval.v.icmp->proto = IPPROTO_ICMP; |
||
7743 |
yyval.v.icmp->next = NULL; |
||
7744 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7745 |
} |
||
7746 |
break; |
||
7747 |
case 301: |
||
7748 |
#line 3164 "parse.y" |
||
7749 |
{ |
||
7750 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
7751 |
yyerror("illegal icmp-code %lu", yyvsp[0].v.number); |
||
7752 |
YYERROR; |
||
7753 |
} |
||
7754 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7755 |
if (yyval.v.icmp == NULL) |
||
7756 |
err(1, "icmp_item: calloc"); |
||
7757 |
yyval.v.icmp->type = yyvsp[-2].v.number; |
||
7758 |
yyval.v.icmp->code = yyvsp[0].v.number + 1; |
||
7759 |
yyval.v.icmp->proto = IPPROTO_ICMP; |
||
7760 |
yyval.v.icmp->next = NULL; |
||
7761 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7762 |
} |
||
7763 |
break; |
||
7764 |
case 302: |
||
7765 |
#line 3180 "parse.y" |
||
7766 |
{ |
||
7767 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7768 |
if (yyval.v.icmp == NULL) |
||
7769 |
err(1, "icmp_item: calloc"); |
||
7770 |
yyval.v.icmp->type = yyvsp[0].v.number; |
||
7771 |
yyval.v.icmp->code = 0; |
||
7772 |
yyval.v.icmp->proto = IPPROTO_ICMPV6; |
||
7773 |
yyval.v.icmp->next = NULL; |
||
7774 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7775 |
} |
||
7776 |
break; |
||
7777 |
case 303: |
||
7778 |
#line 3190 "parse.y" |
||
7779 |
{ |
||
7780 |
const struct icmpcodeent *p; |
||
7781 |
|||
7782 |
if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET6)) == NULL) { |
||
7783 |
yyerror("unknown icmp6-code %s", yyvsp[0].v.string); |
||
7784 |
free(yyvsp[0].v.string); |
||
7785 |
YYERROR; |
||
7786 |
} |
||
7787 |
free(yyvsp[0].v.string); |
||
7788 |
|||
7789 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7790 |
if (yyval.v.icmp == NULL) |
||
7791 |
err(1, "icmp_item: calloc"); |
||
7792 |
yyval.v.icmp->type = yyvsp[-2].v.number; |
||
7793 |
yyval.v.icmp->code = p->code + 1; |
||
7794 |
yyval.v.icmp->proto = IPPROTO_ICMPV6; |
||
7795 |
yyval.v.icmp->next = NULL; |
||
7796 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7797 |
} |
||
7798 |
break; |
||
7799 |
case 304: |
||
7800 |
#line 3209 "parse.y" |
||
7801 |
{ |
||
7802 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
7803 |
yyerror("illegal icmp-code %lu", yyvsp[0].v.number); |
||
7804 |
YYERROR; |
||
7805 |
} |
||
7806 |
yyval.v.icmp = calloc(1, sizeof(struct node_icmp)); |
||
7807 |
if (yyval.v.icmp == NULL) |
||
7808 |
err(1, "icmp_item: calloc"); |
||
7809 |
yyval.v.icmp->type = yyvsp[-2].v.number; |
||
7810 |
yyval.v.icmp->code = yyvsp[0].v.number + 1; |
||
7811 |
yyval.v.icmp->proto = IPPROTO_ICMPV6; |
||
7812 |
yyval.v.icmp->next = NULL; |
||
7813 |
yyval.v.icmp->tail = yyval.v.icmp; |
||
7814 |
} |
||
7815 |
break; |
||
7816 |
case 305: |
||
7817 |
#line 3225 "parse.y" |
||
7818 |
{ |
||
7819 |
const struct icmptypeent *p; |
||
7820 |
|||
7821 |
if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET)) == NULL) { |
||
7822 |
yyerror("unknown icmp-type %s", yyvsp[0].v.string); |
||
7823 |
free(yyvsp[0].v.string); |
||
7824 |
YYERROR; |
||
7825 |
} |
||
7826 |
yyval.v.number = p->type + 1; |
||
7827 |
free(yyvsp[0].v.string); |
||
7828 |
} |
||
7829 |
break; |
||
7830 |
case 306: |
||
7831 |
#line 3236 "parse.y" |
||
7832 |
{ |
||
7833 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
7834 |
yyerror("illegal icmp-type %lu", yyvsp[0].v.number); |
||
7835 |
YYERROR; |
||
7836 |
} |
||
7837 |
yyval.v.number = yyvsp[0].v.number + 1; |
||
7838 |
} |
||
7839 |
break; |
||
7840 |
case 307: |
||
7841 |
#line 3245 "parse.y" |
||
7842 |
{ |
||
7843 |
const struct icmptypeent *p; |
||
7844 |
|||
7845 |
if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET6)) == |
||
7846 |
NULL) { |
||
7847 |
yyerror("unknown icmp6-type %s", yyvsp[0].v.string); |
||
7848 |
free(yyvsp[0].v.string); |
||
7849 |
YYERROR; |
||
7850 |
} |
||
7851 |
yyval.v.number = p->type + 1; |
||
7852 |
free(yyvsp[0].v.string); |
||
7853 |
} |
||
7854 |
break; |
||
7855 |
case 308: |
||
7856 |
#line 3257 "parse.y" |
||
7857 |
{ |
||
7858 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) { |
||
7859 |
yyerror("illegal icmp6-type %lu", yyvsp[0].v.number); |
||
7860 |
YYERROR; |
||
7861 |
} |
||
7862 |
yyval.v.number = yyvsp[0].v.number + 1; |
||
7863 |
} |
||
7864 |
break; |
||
7865 |
case 309: |
||
7866 |
#line 3266 "parse.y" |
||
7867 |
{ |
||
7868 |
int val; |
||
7869 |
char *end; |
||
7870 |
|||
7871 |
if (map_tos(yyvsp[0].v.string, &val)) |
||
7872 |
yyval.v.number = val; |
||
7873 |
else if (yyvsp[0].v.string[0] == '0' && yyvsp[0].v.string[1] == 'x') { |
||
7874 |
errno = 0; |
||
7875 |
yyval.v.number = strtoul(yyvsp[0].v.string, &end, 16); |
||
7876 |
if (errno || *end != '\0') |
||
7877 |
yyval.v.number = 256; |
||
7878 |
} else |
||
7879 |
yyval.v.number = 256; /* flag bad argument */ |
||
7880 |
if (yyval.v.number < 0 || yyval.v.number > 255) { |
||
7881 |
yyerror("illegal tos value %s", yyvsp[0].v.string); |
||
7882 |
free(yyvsp[0].v.string); |
||
7883 |
YYERROR; |
||
7884 |
} |
||
7885 |
free(yyvsp[0].v.string); |
||
7886 |
} |
||
7887 |
break; |
||
7888 |
case 310: |
||
7889 |
#line 3286 "parse.y" |
||
7890 |
{ |
||
7891 |
yyval.v.number = yyvsp[0].v.number; |
||
7892 |
if (yyval.v.number < 0 || yyval.v.number > 255) { |
||
7893 |
yyerror("illegal tos value %lld", yyvsp[0].v.number); |
||
7894 |
YYERROR; |
||
7895 |
} |
||
7896 |
} |
||
7897 |
break; |
||
7898 |
case 311: |
||
7899 |
#line 3295 "parse.y" |
||
7900 |
{ yyval.v.i = PF_SRCTRACK; } |
||
7901 |
break; |
||
7902 |
case 312: |
||
7903 |
#line 3296 "parse.y" |
||
7904 |
{ yyval.v.i = PF_SRCTRACK_GLOBAL; } |
||
7905 |
break; |
||
7906 |
case 313: |
||
7907 |
#line 3297 "parse.y" |
||
7908 |
{ yyval.v.i = PF_SRCTRACK_RULE; } |
||
7909 |
break; |
||
7910 |
case 314: |
||
7911 |
#line 3300 "parse.y" |
||
7912 |
{ |
||
7913 |
yyval.v.i = PFRULE_IFBOUND; |
||
7914 |
} |
||
7915 |
break; |
||
7916 |
case 315: |
||
7917 |
#line 3303 "parse.y" |
||
7918 |
{ |
||
7919 |
yyval.v.i = 0; |
||
7920 |
} |
||
7921 |
break; |
||
7922 |
case 316: |
||
7923 |
#line 3308 "parse.y" |
||
7924 |
{ |
||
7925 |
yyval.v.keep_state.action = 0; |
||
7926 |
yyval.v.keep_state.options = NULL; |
||
7927 |
} |
||
7928 |
break; |
||
7929 |
case 317: |
||
7930 |
#line 3312 "parse.y" |
||
7931 |
{ |
||
7932 |
yyval.v.keep_state.action = PF_STATE_NORMAL; |
||
7933 |
yyval.v.keep_state.options = yyvsp[0].v.state_opt; |
||
7934 |
} |
||
7935 |
break; |
||
7936 |
case 318: |
||
7937 |
#line 3316 "parse.y" |
||
7938 |
{ |
||
7939 |
yyval.v.keep_state.action = PF_STATE_MODULATE; |
||
7940 |
yyval.v.keep_state.options = yyvsp[0].v.state_opt; |
||
7941 |
} |
||
7942 |
break; |
||
7943 |
case 319: |
||
7944 |
#line 3320 "parse.y" |
||
7945 |
{ |
||
7946 |
yyval.v.keep_state.action = PF_STATE_SYNPROXY; |
||
7947 |
yyval.v.keep_state.options = yyvsp[0].v.state_opt; |
||
7948 |
} |
||
7949 |
break; |
||
7950 |
case 320: |
||
7951 |
#line 3326 "parse.y" |
||
7952 |
{ yyval.v.i = 0; } |
||
7953 |
break; |
||
7954 |
case 321: |
||
7955 |
#line 3327 "parse.y" |
||
7956 |
{ yyval.v.i = PF_FLUSH; } |
||
7957 |
break; |
||
7958 |
case 322: |
||
7959 |
#line 3328 "parse.y" |
||
7960 |
{ |
||
7961 |
yyval.v.i = PF_FLUSH | PF_FLUSH_GLOBAL; |
||
7962 |
} |
||
7963 |
break; |
||
7964 |
case 323: |
||
7965 |
#line 3333 "parse.y" |
||
7966 |
{ yyval.v.state_opt = yyvsp[-1].v.state_opt; } |
||
7967 |
break; |
||
7968 |
case 324: |
||
7969 |
#line 3334 "parse.y" |
||
7970 |
{ yyval.v.state_opt = NULL; } |
||
7971 |
break; |
||
7972 |
case 325: |
||
7973 |
#line 3337 "parse.y" |
||
7974 |
{ yyval.v.state_opt = yyvsp[0].v.state_opt; } |
||
7975 |
break; |
||
7976 |
case 326: |
||
7977 |
#line 3338 "parse.y" |
||
7978 |
{ |
||
7979 |
yyvsp[-2].v.state_opt->tail->next = yyvsp[0].v.state_opt; |
||
7980 |
yyvsp[-2].v.state_opt->tail = yyvsp[0].v.state_opt; |
||
7981 |
yyval.v.state_opt = yyvsp[-2].v.state_opt; |
||
7982 |
} |
||
7983 |
break; |
||
7984 |
case 327: |
||
7985 |
#line 3345 "parse.y" |
||
7986 |
{ |
||
7987 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
7988 |
yyerror("only positive values permitted"); |
||
7989 |
YYERROR; |
||
7990 |
} |
||
7991 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
7992 |
if (yyval.v.state_opt == NULL) |
||
7993 |
err(1, "state_opt_item: calloc"); |
||
7994 |
yyval.v.state_opt->type = PF_STATE_OPT_MAX; |
||
7995 |
yyval.v.state_opt->data.max_states = yyvsp[0].v.number; |
||
7996 |
yyval.v.state_opt->next = NULL; |
||
7997 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
7998 |
} |
||
7999 |
break; |
||
8000 |
case 328: |
||
8001 |
#line 3358 "parse.y" |
||
8002 |
{ |
||
8003 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8004 |
if (yyval.v.state_opt == NULL) |
||
8005 |
err(1, "state_opt_item: calloc"); |
||
8006 |
yyval.v.state_opt->type = PF_STATE_OPT_NOSYNC; |
||
8007 |
yyval.v.state_opt->next = NULL; |
||
8008 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8009 |
} |
||
8010 |
break; |
||
8011 |
case 329: |
||
8012 |
#line 3366 "parse.y" |
||
8013 |
{ |
||
8014 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8015 |
yyerror("only positive values permitted"); |
||
8016 |
YYERROR; |
||
8017 |
} |
||
8018 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8019 |
if (yyval.v.state_opt == NULL) |
||
8020 |
err(1, "state_opt_item: calloc"); |
||
8021 |
yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_STATES; |
||
8022 |
yyval.v.state_opt->data.max_src_states = yyvsp[0].v.number; |
||
8023 |
yyval.v.state_opt->next = NULL; |
||
8024 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8025 |
} |
||
8026 |
break; |
||
8027 |
case 330: |
||
8028 |
#line 3379 "parse.y" |
||
8029 |
{ |
||
8030 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8031 |
yyerror("only positive values permitted"); |
||
8032 |
YYERROR; |
||
8033 |
} |
||
8034 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8035 |
if (yyval.v.state_opt == NULL) |
||
8036 |
err(1, "state_opt_item: calloc"); |
||
8037 |
yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN; |
||
8038 |
yyval.v.state_opt->data.max_src_conn = yyvsp[0].v.number; |
||
8039 |
yyval.v.state_opt->next = NULL; |
||
8040 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8041 |
} |
||
8042 |
break; |
||
8043 |
case 331: |
||
8044 |
#line 3392 "parse.y" |
||
8045 |
{ |
||
8046 |
if (yyvsp[-2].v.number < 0 || yyvsp[-2].v.number > UINT_MAX || |
||
8047 |
yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8048 |
yyerror("only positive values permitted"); |
||
8049 |
YYERROR; |
||
8050 |
} |
||
8051 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8052 |
if (yyval.v.state_opt == NULL) |
||
8053 |
err(1, "state_opt_item: calloc"); |
||
8054 |
yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN_RATE; |
||
8055 |
yyval.v.state_opt->data.max_src_conn_rate.limit = yyvsp[-2].v.number; |
||
8056 |
yyval.v.state_opt->data.max_src_conn_rate.seconds = yyvsp[0].v.number; |
||
8057 |
yyval.v.state_opt->next = NULL; |
||
8058 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8059 |
} |
||
8060 |
break; |
||
8061 |
case 332: |
||
8062 |
#line 3407 "parse.y" |
||
8063 |
{ |
||
8064 |
if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE) { |
||
8065 |
yyerror("table name '%s' too long", yyvsp[-2].v.string); |
||
8066 |
free(yyvsp[-2].v.string); |
||
8067 |
YYERROR; |
||
8068 |
} |
||
8069 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8070 |
if (yyval.v.state_opt == NULL) |
||
8071 |
err(1, "state_opt_item: calloc"); |
||
8072 |
if (strlcpy(yyval.v.state_opt->data.overload.tblname, yyvsp[-2].v.string, |
||
8073 |
PF_TABLE_NAME_SIZE) >= PF_TABLE_NAME_SIZE) |
||
8074 |
errx(1, "state_opt_item: strlcpy"); |
||
8075 |
free(yyvsp[-2].v.string); |
||
8076 |
yyval.v.state_opt->type = PF_STATE_OPT_OVERLOAD; |
||
8077 |
yyval.v.state_opt->data.overload.flush = yyvsp[0].v.i; |
||
8078 |
yyval.v.state_opt->next = NULL; |
||
8079 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8080 |
} |
||
8081 |
break; |
||
8082 |
case 333: |
||
8083 |
#line 3425 "parse.y" |
||
8084 |
{ |
||
8085 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8086 |
yyerror("only positive values permitted"); |
||
8087 |
YYERROR; |
||
8088 |
} |
||
8089 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8090 |
if (yyval.v.state_opt == NULL) |
||
8091 |
err(1, "state_opt_item: calloc"); |
||
8092 |
yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_NODES; |
||
8093 |
yyval.v.state_opt->data.max_src_nodes = yyvsp[0].v.number; |
||
8094 |
yyval.v.state_opt->next = NULL; |
||
8095 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8096 |
} |
||
8097 |
break; |
||
8098 |
case 334: |
||
8099 |
#line 3438 "parse.y" |
||
8100 |
{ |
||
8101 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8102 |
if (yyval.v.state_opt == NULL) |
||
8103 |
err(1, "state_opt_item: calloc"); |
||
8104 |
yyval.v.state_opt->type = PF_STATE_OPT_SRCTRACK; |
||
8105 |
yyval.v.state_opt->data.src_track = yyvsp[0].v.i; |
||
8106 |
yyval.v.state_opt->next = NULL; |
||
8107 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8108 |
} |
||
8109 |
break; |
||
8110 |
case 335: |
||
8111 |
#line 3447 "parse.y" |
||
8112 |
{ |
||
8113 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8114 |
if (yyval.v.state_opt == NULL) |
||
8115 |
err(1, "state_opt_item: calloc"); |
||
8116 |
yyval.v.state_opt->type = PF_STATE_OPT_STATELOCK; |
||
8117 |
yyval.v.state_opt->data.statelock = yyvsp[0].v.i; |
||
8118 |
yyval.v.state_opt->next = NULL; |
||
8119 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8120 |
} |
||
8121 |
break; |
||
8122 |
case 336: |
||
8123 |
#line 3456 "parse.y" |
||
8124 |
{ |
||
8125 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8126 |
if (yyval.v.state_opt == NULL) |
||
8127 |
err(1, "state_opt_item: calloc"); |
||
8128 |
yyval.v.state_opt->type = PF_STATE_OPT_SLOPPY; |
||
8129 |
yyval.v.state_opt->next = NULL; |
||
8130 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8131 |
} |
||
8132 |
break; |
||
8133 |
case 337: |
||
8134 |
#line 3464 "parse.y" |
||
8135 |
{ |
||
8136 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8137 |
if (yyval.v.state_opt == NULL) |
||
8138 |
err(1, "state_opt_item: calloc"); |
||
8139 |
yyval.v.state_opt->type = PF_STATE_OPT_PFLOW; |
||
8140 |
yyval.v.state_opt->next = NULL; |
||
8141 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8142 |
} |
||
8143 |
break; |
||
8144 |
case 338: |
||
8145 |
#line 3472 "parse.y" |
||
8146 |
{ |
||
8147 |
int i; |
||
8148 |
|||
8149 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8150 |
yyerror("only positive values permitted"); |
||
8151 |
YYERROR; |
||
8152 |
} |
||
8153 |
for (i = 0; pf_timeouts[i].name && |
||
8154 |
strcmp(pf_timeouts[i].name, yyvsp[-1].v.string); ++i) |
||
8155 |
; /* nothing */ |
||
8156 |
if (!pf_timeouts[i].name) { |
||
8157 |
yyerror("illegal timeout name %s", yyvsp[-1].v.string); |
||
8158 |
free(yyvsp[-1].v.string); |
||
8159 |
YYERROR; |
||
8160 |
} |
||
8161 |
if (strchr(pf_timeouts[i].name, '.') == NULL) { |
||
8162 |
yyerror("illegal state timeout %s", yyvsp[-1].v.string); |
||
8163 |
free(yyvsp[-1].v.string); |
||
8164 |
YYERROR; |
||
8165 |
} |
||
8166 |
free(yyvsp[-1].v.string); |
||
8167 |
yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt)); |
||
8168 |
if (yyval.v.state_opt == NULL) |
||
8169 |
err(1, "state_opt_item: calloc"); |
||
8170 |
yyval.v.state_opt->type = PF_STATE_OPT_TIMEOUT; |
||
8171 |
yyval.v.state_opt->data.timeout.number = pf_timeouts[i].timeout; |
||
8172 |
yyval.v.state_opt->data.timeout.seconds = yyvsp[0].v.number; |
||
8173 |
yyval.v.state_opt->next = NULL; |
||
8174 |
yyval.v.state_opt->tail = yyval.v.state_opt; |
||
8175 |
} |
||
8176 |
break; |
||
8177 |
case 339: |
||
8178 |
#line 3504 "parse.y" |
||
8179 |
{ |
||
8180 |
yyval.v.string = yyvsp[0].v.string; |
||
8181 |
} |
||
8182 |
break; |
||
8183 |
case 340: |
||
8184 |
#line 3509 "parse.y" |
||
8185 |
{ |
||
8186 |
struct pfctl_qsitem *qsi; |
||
8187 |
|||
8188 |
if ((qsi = pfctl_find_queue(yyvsp[0].v.string, &qspecs)) == NULL) { |
||
8189 |
yyerror("queue %s is not defined", yyvsp[0].v.string); |
||
8190 |
YYERROR; |
||
8191 |
} |
||
8192 |
yyval.v.qassign.qname = yyvsp[0].v.string; |
||
8193 |
yyval.v.qassign.pqname = NULL; |
||
8194 |
} |
||
8195 |
break; |
||
8196 |
case 341: |
||
8197 |
#line 3519 "parse.y" |
||
8198 |
{ |
||
8199 |
struct pfctl_qsitem *qsi; |
||
8200 |
|||
8201 |
if ((qsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL) { |
||
8202 |
yyerror("queue %s is not defined", yyvsp[-1].v.string); |
||
8203 |
YYERROR; |
||
8204 |
} |
||
8205 |
yyval.v.qassign.qname = yyvsp[-1].v.string; |
||
8206 |
yyval.v.qassign.pqname = NULL; |
||
8207 |
} |
||
8208 |
break; |
||
8209 |
case 342: |
||
8210 |
#line 3529 "parse.y" |
||
8211 |
{ |
||
8212 |
struct pfctl_qsitem *qsi, *pqsi; |
||
8213 |
|||
8214 |
if ((qsi = pfctl_find_queue(yyvsp[-3].v.string, &qspecs)) == NULL) { |
||
8215 |
yyerror("queue %s is not defined", yyvsp[-3].v.string); |
||
8216 |
YYERROR; |
||
8217 |
} |
||
8218 |
if ((pqsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL) { |
||
8219 |
yyerror("queue %s is not defined", yyvsp[-1].v.string); |
||
8220 |
YYERROR; |
||
8221 |
} |
||
8222 |
yyval.v.qassign.qname = yyvsp[-3].v.string; |
||
8223 |
yyval.v.qassign.pqname = yyvsp[-1].v.string; |
||
8224 |
} |
||
8225 |
break; |
||
8226 |
case 343: |
||
8227 |
#line 3545 "parse.y" |
||
8228 |
{ |
||
8229 |
if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE|PPORT_STAR) == -1) { |
||
8230 |
free(yyvsp[0].v.string); |
||
8231 |
YYERROR; |
||
8232 |
} |
||
8233 |
free(yyvsp[0].v.string); |
||
8234 |
} |
||
8235 |
break; |
||
8236 |
case 344: |
||
8237 |
#line 3554 "parse.y" |
||
8238 |
{ |
||
8239 |
if (yyvsp[0].v.weight > 0) { |
||
8240 |
struct node_host *n; |
||
8241 |
for (n = yyvsp[-1].v.host; n != NULL; n = n->next) |
||
8242 |
n->weight = yyvsp[0].v.weight; |
||
8243 |
} |
||
8244 |
yyval.v.host = yyvsp[-1].v.host; |
||
8245 |
} |
||
8246 |
break; |
||
8247 |
case 345: |
||
8248 |
#line 3562 "parse.y" |
||
8249 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
8250 |
break; |
||
8251 |
case 346: |
||
8252 |
#line 3565 "parse.y" |
||
8253 |
{ |
||
8254 |
if (yyvsp[-2].v.host->addr.type != PF_ADDR_ADDRMASK) { |
||
8255 |
free(yyvsp[-2].v.host); |
||
8256 |
yyerror("only addresses can be listed for " |
||
8257 |
"redirection pools "); |
||
8258 |
YYERROR; |
||
8259 |
} |
||
8260 |
if (yyvsp[-1].v.weight > 0) { |
||
8261 |
struct node_host *n; |
||
8262 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
8263 |
n->weight = yyvsp[-1].v.weight; |
||
8264 |
} |
||
8265 |
yyval.v.host = yyvsp[-2].v.host; |
||
8266 |
} |
||
8267 |
break; |
||
8268 |
case 347: |
||
8269 |
#line 3579 "parse.y" |
||
8270 |
{ |
||
8271 |
yyvsp[-4].v.host->tail->next = yyvsp[-2].v.host; |
||
8272 |
yyvsp[-4].v.host->tail = yyvsp[-2].v.host->tail; |
||
8273 |
if (yyvsp[-1].v.weight > 0) { |
||
8274 |
struct node_host *n; |
||
8275 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
8276 |
n->weight = yyvsp[-1].v.weight; |
||
8277 |
} |
||
8278 |
yyval.v.host = yyvsp[-4].v.host; |
||
8279 |
} |
||
8280 |
break; |
||
8281 |
case 348: |
||
8282 |
#line 3591 "parse.y" |
||
8283 |
{ |
||
8284 |
yyval.v.redirection = calloc(1, sizeof(struct redirection)); |
||
8285 |
if (yyval.v.redirection == NULL) |
||
8286 |
err(1, "redirection: calloc"); |
||
8287 |
yyval.v.redirection->host = yyvsp[0].v.host; |
||
8288 |
yyval.v.redirection->rport.a = yyval.v.redirection->rport.b = yyval.v.redirection->rport.t = 0; |
||
8289 |
} |
||
8290 |
break; |
||
8291 |
case 349: |
||
8292 |
#line 3598 "parse.y" |
||
8293 |
{ |
||
8294 |
yyval.v.redirection = calloc(1, sizeof(struct redirection)); |
||
8295 |
if (yyval.v.redirection == NULL) |
||
8296 |
err(1, "redirection: calloc"); |
||
8297 |
yyval.v.redirection->host = yyvsp[-2].v.host; |
||
8298 |
yyval.v.redirection->rport = yyvsp[0].v.range; |
||
8299 |
} |
||
8300 |
break; |
||
8301 |
case 350: |
||
8302 |
#line 3608 "parse.y" |
||
8303 |
{ |
||
8304 |
yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey)); |
||
8305 |
if (yyval.v.hashkey == NULL) |
||
8306 |
err(1, "hashkey: calloc"); |
||
8307 |
yyval.v.hashkey->key32[0] = arc4random(); |
||
8308 |
yyval.v.hashkey->key32[1] = arc4random(); |
||
8309 |
yyval.v.hashkey->key32[2] = arc4random(); |
||
8310 |
yyval.v.hashkey->key32[3] = arc4random(); |
||
8311 |
} |
||
8312 |
break; |
||
8313 |
case 351: |
||
8314 |
#line 3618 "parse.y" |
||
8315 |
{ |
||
8316 |
if (!strncmp(yyvsp[0].v.string, "0x", 2)) { |
||
8317 |
if (strlen(yyvsp[0].v.string) != 34) { |
||
8318 |
free(yyvsp[0].v.string); |
||
8319 |
yyerror("hex key must be 128 bits " |
||
8320 |
"(32 hex digits) long"); |
||
8321 |
YYERROR; |
||
8322 |
} |
||
8323 |
yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey)); |
||
8324 |
if (yyval.v.hashkey == NULL) |
||
8325 |
err(1, "hashkey: calloc"); |
||
8326 |
|||
8327 |
if (sscanf(yyvsp[0].v.string, "0x%8x%8x%8x%8x", |
||
8328 |
&yyval.v.hashkey->key32[0], &yyval.v.hashkey->key32[1], |
||
8329 |
&yyval.v.hashkey->key32[2], &yyval.v.hashkey->key32[3]) != 4) { |
||
8330 |
free(yyval.v.hashkey); |
||
8331 |
free(yyvsp[0].v.string); |
||
8332 |
yyerror("invalid hex key"); |
||
8333 |
YYERROR; |
||
8334 |
} |
||
8335 |
} else { |
||
8336 |
MD5_CTX context; |
||
8337 |
|||
8338 |
yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey)); |
||
8339 |
if (yyval.v.hashkey == NULL) |
||
8340 |
err(1, "hashkey: calloc"); |
||
8341 |
MD5Init(&context); |
||
8342 |
MD5Update(&context, (unsigned char *)yyvsp[0].v.string, |
||
8343 |
strlen(yyvsp[0].v.string)); |
||
8344 |
MD5Final((unsigned char *)yyval.v.hashkey, &context); |
||
8345 |
HTONL(yyval.v.hashkey->key32[0]); |
||
8346 |
HTONL(yyval.v.hashkey->key32[1]); |
||
8347 |
HTONL(yyval.v.hashkey->key32[2]); |
||
8348 |
HTONL(yyval.v.hashkey->key32[3]); |
||
8349 |
} |
||
8350 |
free(yyvsp[0].v.string); |
||
8351 |
} |
||
8352 |
break; |
||
8353 |
case 352: |
||
8354 |
#line 3657 "parse.y" |
||
8355 |
{ bzero(&pool_opts, sizeof pool_opts); } |
||
8356 |
break; |
||
8357 |
case 353: |
||
8358 |
#line 3659 "parse.y" |
||
8359 |
{ yyval.v.pool_opts = pool_opts; } |
||
8360 |
break; |
||
8361 |
case 354: |
||
8362 |
#line 3660 "parse.y" |
||
8363 |
{ |
||
8364 |
bzero(&pool_opts, sizeof pool_opts); |
||
8365 |
yyval.v.pool_opts = pool_opts; |
||
8366 |
} |
||
8367 |
break; |
||
8368 |
case 357: |
||
8369 |
#line 3670 "parse.y" |
||
8370 |
{ |
||
8371 |
if (pool_opts.type) { |
||
8372 |
yyerror("pool type cannot be redefined"); |
||
8373 |
YYERROR; |
||
8374 |
} |
||
8375 |
pool_opts.type = PF_POOL_BITMASK; |
||
8376 |
} |
||
8377 |
break; |
||
8378 |
case 358: |
||
8379 |
#line 3677 "parse.y" |
||
8380 |
{ |
||
8381 |
if (pool_opts.type) { |
||
8382 |
yyerror("pool type cannot be redefined"); |
||
8383 |
YYERROR; |
||
8384 |
} |
||
8385 |
pool_opts.type = PF_POOL_RANDOM; |
||
8386 |
} |
||
8387 |
break; |
||
8388 |
case 359: |
||
8389 |
#line 3684 "parse.y" |
||
8390 |
{ |
||
8391 |
if (pool_opts.type) { |
||
8392 |
yyerror("pool type cannot be redefined"); |
||
8393 |
YYERROR; |
||
8394 |
} |
||
8395 |
pool_opts.type = PF_POOL_SRCHASH; |
||
8396 |
pool_opts.key = yyvsp[0].v.hashkey; |
||
8397 |
} |
||
8398 |
break; |
||
8399 |
case 360: |
||
8400 |
#line 3692 "parse.y" |
||
8401 |
{ |
||
8402 |
if (pool_opts.type) { |
||
8403 |
yyerror("pool type cannot be redefined"); |
||
8404 |
YYERROR; |
||
8405 |
} |
||
8406 |
pool_opts.type = PF_POOL_ROUNDROBIN; |
||
8407 |
} |
||
8408 |
break; |
||
8409 |
case 361: |
||
8410 |
#line 3699 "parse.y" |
||
8411 |
{ |
||
8412 |
if (pool_opts.type) { |
||
8413 |
yyerror("pool type cannot be redefined"); |
||
8414 |
YYERROR; |
||
8415 |
} |
||
8416 |
pool_opts.type = PF_POOL_LEASTSTATES; |
||
8417 |
} |
||
8418 |
break; |
||
8419 |
case 362: |
||
8420 |
#line 3706 "parse.y" |
||
8421 |
{ |
||
8422 |
if (pool_opts.staticport) { |
||
8423 |
yyerror("static-port cannot be redefined"); |
||
8424 |
YYERROR; |
||
8425 |
} |
||
8426 |
pool_opts.staticport = 1; |
||
8427 |
} |
||
8428 |
break; |
||
8429 |
case 363: |
||
8430 |
#line 3713 "parse.y" |
||
8431 |
{ |
||
8432 |
if (filter_opts.marker & POM_STICKYADDRESS) { |
||
8433 |
yyerror("sticky-address cannot be redefined"); |
||
8434 |
YYERROR; |
||
8435 |
} |
||
8436 |
pool_opts.marker |= POM_STICKYADDRESS; |
||
8437 |
pool_opts.opts |= PF_POOL_STICKYADDR; |
||
8438 |
} |
||
8439 |
break; |
||
8440 |
case 364: |
||
8441 |
#line 3723 "parse.y" |
||
8442 |
{ |
||
8443 |
/* try to find @if0 address specs */ |
||
8444 |
if (strrchr(yyvsp[0].v.string, '@') != NULL) { |
||
8445 |
if ((yyval.v.host = host(yyvsp[0].v.string, pf->opts)) == NULL) { |
||
8446 |
yyerror("invalid host for route spec"); |
||
8447 |
YYERROR; |
||
8448 |
} |
||
8449 |
free(yyvsp[0].v.string); |
||
8450 |
} else { |
||
8451 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
8452 |
if (yyval.v.host == NULL) |
||
8453 |
err(1, "route_host: calloc"); |
||
8454 |
yyval.v.host->ifname = yyvsp[0].v.string; |
||
8455 |
yyval.v.host->addr.type = PF_ADDR_NONE; |
||
8456 |
set_ipmask(yyval.v.host, 128); |
||
8457 |
yyval.v.host->next = NULL; |
||
8458 |
yyval.v.host->tail = yyval.v.host; |
||
8459 |
} |
||
8460 |
} |
||
8461 |
break; |
||
8462 |
case 365: |
||
8463 |
#line 3742 "parse.y" |
||
8464 |
{ |
||
8465 |
char *buf; |
||
8466 |
|||
8467 |
if (asprintf(&buf, "%s/%s", yyvsp[-2].v.string, yyvsp[0].v.string) == -1) |
||
8468 |
err(1, "host: asprintf"); |
||
8469 |
free(yyvsp[-2].v.string); |
||
8470 |
if ((yyval.v.host = host(buf, pf->opts)) == NULL) { |
||
8471 |
/* error. "any" is handled elsewhere */ |
||
8472 |
free(buf); |
||
8473 |
yyerror("could not parse host specification"); |
||
8474 |
YYERROR; |
||
8475 |
} |
||
8476 |
free(buf); |
||
8477 |
} |
||
8478 |
break; |
||
8479 |
case 366: |
||
8480 |
#line 3756 "parse.y" |
||
8481 |
{ |
||
8482 |
if (strlen(yyvsp[-1].v.string) >= PF_TABLE_NAME_SIZE) { |
||
8483 |
yyerror("table name '%s' too long", yyvsp[-1].v.string); |
||
8484 |
free(yyvsp[-1].v.string); |
||
8485 |
YYERROR; |
||
8486 |
} |
||
8487 |
yyval.v.host = calloc(1, sizeof(struct node_host)); |
||
8488 |
if (yyval.v.host == NULL) |
||
8489 |
err(1, "host: calloc"); |
||
8490 |
yyval.v.host->addr.type = PF_ADDR_TABLE; |
||
8491 |
if (strlcpy(yyval.v.host->addr.v.tblname, yyvsp[-1].v.string, |
||
8492 |
sizeof(yyval.v.host->addr.v.tblname)) >= |
||
8493 |
sizeof(yyval.v.host->addr.v.tblname)) |
||
8494 |
errx(1, "host: strlcpy"); |
||
8495 |
free(yyvsp[-1].v.string); |
||
8496 |
yyval.v.host->next = NULL; |
||
8497 |
yyval.v.host->tail = yyval.v.host; |
||
8498 |
} |
||
8499 |
break; |
||
8500 |
case 367: |
||
8501 |
#line 3774 "parse.y" |
||
8502 |
{ |
||
8503 |
struct node_host *n; |
||
8504 |
|||
8505 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 128) { |
||
8506 |
yyerror("bit number too big"); |
||
8507 |
YYERROR; |
||
8508 |
} |
||
8509 |
yyval.v.host = yyvsp[-2].v.host; |
||
8510 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
8511 |
set_ipmask(n, yyvsp[0].v.number); |
||
8512 |
} |
||
8513 |
break; |
||
8514 |
case 368: |
||
8515 |
#line 3785 "parse.y" |
||
8516 |
{ |
||
8517 |
struct node_host *n; |
||
8518 |
|||
8519 |
yyval.v.host = yyvsp[-1].v.host; |
||
8520 |
/* XXX check masks, only full mask should be allowed */ |
||
8521 |
for (n = yyvsp[-1].v.host; n != NULL; n = n->next) { |
||
8522 |
if (yyval.v.host->ifname) { |
||
8523 |
yyerror("cannot specify interface twice " |
||
8524 |
"in route spec"); |
||
8525 |
YYERROR; |
||
8526 |
} |
||
8527 |
if ((yyval.v.host->ifname = strdup(yyvsp[-2].v.string)) == NULL) |
||
8528 |
errx(1, "host: strdup"); |
||
8529 |
} |
||
8530 |
free(yyvsp[-2].v.string); |
||
8531 |
} |
||
8532 |
break; |
||
8533 |
case 369: |
||
8534 |
#line 3803 "parse.y" |
||
8535 |
{ |
||
8536 |
if (yyvsp[-1].v.weight > 0) { |
||
8537 |
struct node_host *n; |
||
8538 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
8539 |
n->weight = yyvsp[-1].v.weight; |
||
8540 |
} |
||
8541 |
yyval.v.host = yyvsp[-2].v.host; |
||
8542 |
} |
||
8543 |
break; |
||
8544 |
case 370: |
||
8545 |
#line 3811 "parse.y" |
||
8546 |
{ |
||
8547 |
if (yyvsp[-4].v.host->af == 0) |
||
8548 |
yyvsp[-4].v.host->af = yyvsp[-2].v.host->af; |
||
8549 |
if (yyvsp[-4].v.host->af != yyvsp[-2].v.host->af) { |
||
8550 |
yyerror("all pool addresses must be in the " |
||
8551 |
"same address family"); |
||
8552 |
YYERROR; |
||
8553 |
} |
||
8554 |
yyvsp[-4].v.host->tail->next = yyvsp[-2].v.host; |
||
8555 |
yyvsp[-4].v.host->tail = yyvsp[-2].v.host->tail; |
||
8556 |
if (yyvsp[-1].v.weight > 0) { |
||
8557 |
struct node_host *n; |
||
8558 |
for (n = yyvsp[-2].v.host; n != NULL; n = n->next) |
||
8559 |
n->weight = yyvsp[-1].v.weight; |
||
8560 |
} |
||
8561 |
yyval.v.host = yyvsp[-4].v.host; |
||
8562 |
} |
||
8563 |
break; |
||
8564 |
case 371: |
||
8565 |
#line 3830 "parse.y" |
||
8566 |
{ |
||
8567 |
if (yyvsp[0].v.weight > 0) { |
||
8568 |
struct node_host *n; |
||
8569 |
for (n = yyvsp[-1].v.host; n != NULL; n = n->next) |
||
8570 |
n->weight = yyvsp[0].v.weight; |
||
8571 |
} |
||
8572 |
yyval.v.host = yyvsp[-1].v.host; |
||
8573 |
} |
||
8574 |
break; |
||
8575 |
case 372: |
||
8576 |
#line 3838 "parse.y" |
||
8577 |
{ yyval.v.host = yyvsp[-1].v.host; } |
||
8578 |
break; |
||
8579 |
case 373: |
||
8580 |
#line 3842 "parse.y" |
||
8581 |
{ |
||
8582 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8583 |
yyerror("only positive values permitted"); |
||
8584 |
YYERROR; |
||
8585 |
} |
||
8586 |
if (pfctl_set_timeout(pf, yyvsp[-1].v.string, yyvsp[0].v.number, 0) != 0) { |
||
8587 |
yyerror("unknown timeout %s", yyvsp[-1].v.string); |
||
8588 |
free(yyvsp[-1].v.string); |
||
8589 |
YYERROR; |
||
8590 |
} |
||
8591 |
free(yyvsp[-1].v.string); |
||
8592 |
} |
||
8593 |
break; |
||
8594 |
case 376: |
||
8595 |
#line 3861 "parse.y" |
||
8596 |
{ |
||
8597 |
if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) { |
||
8598 |
yyerror("only positive values permitted"); |
||
8599 |
YYERROR; |
||
8600 |
} |
||
8601 |
if (pfctl_set_limit(pf, yyvsp[-1].v.string, yyvsp[0].v.number) != 0) { |
||
8602 |
yyerror("unable to set limit %s %u", yyvsp[-1].v.string, yyvsp[0].v.number); |
||
8603 |
free(yyvsp[-1].v.string); |
||
8604 |
YYERROR; |
||
8605 |
} |
||
8606 |
free(yyvsp[-1].v.string); |
||
8607 |
} |
||
8608 |
break; |
||
8609 |
case 381: |
||
8610 |
#line 3883 "parse.y" |
||
8611 |
{ yyval.v.number = 0; } |
||
8612 |
break; |
||
8613 |
case 382: |
||
8614 |
#line 3884 "parse.y" |
||
8615 |
{ |
||
8616 |
if (!strcmp(yyvsp[0].v.string, "yes")) |
||
8617 |
yyval.v.number = 1; |
||
8618 |
else { |
||
8619 |
yyerror("invalid value '%s', expected 'yes' " |
||
8620 |
"or 'no'", yyvsp[0].v.string); |
||
8621 |
free(yyvsp[0].v.string); |
||
8622 |
YYERROR; |
||
8623 |
} |
||
8624 |
free(yyvsp[0].v.string); |
||
8625 |
} |
||
8626 |
break; |
||
8627 |
case 383: |
||
8628 |
#line 3897 "parse.y" |
||
8629 |
{ yyval.v.i = PF_OP_EQ; } |
||
8630 |
break; |
||
8631 |
case 384: |
||
8632 |
#line 3898 "parse.y" |
||
8633 |
{ yyval.v.i = PF_OP_NE; } |
||
8634 |
break; |
||
8635 |
case 385: |
||
8636 |
#line 3899 "parse.y" |
||
8637 |
{ yyval.v.i = PF_OP_LE; } |
||
8638 |
break; |
||
8639 |
case 386: |
||
8640 |
#line 3900 "parse.y" |
||
8641 |
{ yyval.v.i = PF_OP_LT; } |
||
8642 |
break; |
||
8643 |
case 387: |
||
8644 |
#line 3901 "parse.y" |
||
8645 |
82677 |
{ yyval.v.i = PF_OP_GE; } |
|
8646 |
82677 |
break; |
|
8647 |
82677 |
case 388: |
|
8648 |
82677 |
#line 3902 "parse.y" |
|
8649 |
✓✓ | 82677 |
{ yyval.v.i = PF_OP_GT; } |
8650 |
break; |
||
8651 |
#line 8644 "parse.c" |
||
8652 |
} |
||
8653 |
yyssp -= yym; |
||
8654 |
yystate = *yyssp; |
||
8655 |
yyvsp -= yym; |
||
8656 |
yym = yylhs[yyn]; |
||
8657 |
4272 |
if (yystate == 0 && yym == 0) |
|
8658 |
4272 |
{ |
|
8659 |
✓✓ | 4272 |
#if YYDEBUG |
8660 |
if (yydebug) |
||
8661 |
3818 |
printf("%sdebug: after reduction, shifting from state 0 to\ |
|
8662 |
state %d\n", YYPREFIX, YYFINAL); |
||
8663 |
#endif |
||
8664 |
yystate = YYFINAL; |
||
8665 |
*++yyssp = YYFINAL; |
||
8666 |
*++yyvsp = yyval; |
||
8667 |
if (yychar < 0) |
||
8668 |
{ |
||
8669 |
if ((yychar = yylex()) < 0) yychar = 0; |
||
8670 |
#if YYDEBUG |
||
8671 |
if (yydebug) |
||
8672 |
3818 |
{ |
|
8673 |
✓✓ | 4272 |
yys = 0; |
8674 |
3820 |
if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; |
|
8675 |
if (!yys) yys = "illegal-symbol"; |
||
8676 |
✓✓✓✓ ✓✓ |
247318 |
printf("%sdebug: state %d, reading %d (%s)\n", |
8677 |
110624 |
YYPREFIX, YYFINAL, yychar, yys); |
|
8678 |
23860 |
} |
|
8679 |
#endif |
||
8680 |
54545 |
} |
|
8681 |
if (yychar == 0) goto yyaccept; |
||
8682 |
goto yyloop; |
||
8683 |
} |
||
8684 |
if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && |
||
8685 |
yyn <= YYTABLESIZE && yycheck[yyn] == yystate) |
||
8686 |
✗✓✗✗ |
78405 |
yystate = yytable[yyn]; |
8687 |
else |
||
8688 |
yystate = yydgoto[yym]; |
||
8689 |
#if YYDEBUG |
||
8690 |
78405 |
if (yydebug) |
|
8691 |
78405 |
printf("%sdebug: after reduction, shifting from state %d \ |
|
8692 |
78405 |
to state %d\n", YYPREFIX, *yyssp, yystate); |
|
8693 |
#endif |
||
8694 |
if (yyssp >= yysslim && yygrowstack()) |
||
8695 |
{ |
||
8696 |
✓✗ | 2 |
goto yyoverflow; |
8697 |
2 |
} |
|
8698 |
✓✗ | 2 |
*++yyssp = yystate; |
8699 |
2 |
*++yyvsp = yyval; |
|
8700 |
2 |
goto yyloop; |
|
8701 |
2 |
yyoverflow: |
|
8702 |
2 |
yyerror("yacc stack overflow"); |
|
8703 |
2 |
yyabort: |
|
8704 |
if (yyss) |
||
8705 |
✓✗ | 452 |
free(yyss); |
8706 |
452 |
if (yyvs) |
|
8707 |
✓✗ | 452 |
free(yyvs); |
8708 |
452 |
yyss = yyssp = NULL; |
|
8709 |
452 |
yyvs = yyvsp = NULL; |
|
8710 |
452 |
yystacksize = 0; |
|
8711 |
452 |
return (1); |
|
8712 |
452 |
yyaccept: |
|
8713 |
454 |
if (yyss) |
|
8714 |
free(yyss); |
||
8715 |
if (yyvs) |
||
8716 |
free(yyvs); |
||
8717 |
yyss = yyssp = NULL; |
||
8718 |
yyvs = yyvsp = NULL; |
||
8719 |
yystacksize = 0; |
||
8720 |
return (0); |
||
8721 |
} |
Generated by: GCOVR (Version 3.3) |