GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: sbin/pfctl/parse.c Lines: 1522 2269 67.1 %
Date: 2017-11-13 Branches: 894 1531 58.4 %

Line Branch Exec Source
1
#include <stdlib.h>
2
#include <string.h>
3
#define YYBYACC 1
4
#define YYMAJOR 1
5
#define YYMINOR 9
6
#define YYLEX yylex()
7
#define YYEMPTY -1
8
#define yyclearin (yychar=(YYEMPTY))
9
#define yyerrok (yyerrflag=0)
10
#define YYRECOVERING() (yyerrflag!=0)
11
#define YYPREFIX "yy"
12
#line 30 "parse.y"
13
#include <sys/types.h>
14
#include <sys/socket.h>
15
#include <sys/stat.h>
16
#include <net/if.h>
17
#include <netinet/in.h>
18
#include <netinet/ip.h>
19
#include <netinet/ip_icmp.h>
20
#include <netinet/icmp6.h>
21
#include <net/pfvar.h>
22
#include <arpa/inet.h>
23
24
#include <stdio.h>
25
#include <unistd.h>
26
#include <stdlib.h>
27
#include <netdb.h>
28
#include <stdarg.h>
29
#include <errno.h>
30
#include <string.h>
31
#include <ctype.h>
32
#include <math.h>
33
#include <err.h>
34
#include <limits.h>
35
#include <pwd.h>
36
#include <grp.h>
37
#include <md5.h>
38
39
#include "pfctl_parser.h"
40
#include "pfctl.h"
41
42
static struct pfctl	*pf = NULL;
43
static int		 debug = 0;
44
static u_int16_t	 returnicmpdefault =
45
			    (ICMP_UNREACH << 8) | ICMP_UNREACH_PORT;
46
static u_int16_t	 returnicmp6default =
47
			    (ICMP6_DST_UNREACH << 8) | ICMP6_DST_UNREACH_NOPORT;
48
static int		 blockpolicy = PFRULE_DROP;
49
static int		 default_statelock;
50
51
TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);
52
static struct file {
53
	TAILQ_ENTRY(file)	 entry;
54
	FILE			*stream;
55
	char			*name;
56
	int			 lineno;
57
	int			 errors;
58
} *file;
59
struct file	*pushfile(const char *, int);
60
int		 popfile(void);
61
int		 check_file_secrecy(int, const char *);
62
int		 yyparse(void);
63
int		 yylex(void);
64
int		 yyerror(const char *, ...);
65
int		 kw_cmp(const void *, const void *);
66
int		 lookup(char *);
67
int		 lgetc(int);
68
int		 lungetc(int);
69
int		 findeol(void);
70
71
TAILQ_HEAD(symhead, sym)	 symhead = TAILQ_HEAD_INITIALIZER(symhead);
72
struct sym {
73
	TAILQ_ENTRY(sym)	 entry;
74
	int			 used;
75
	int			 persist;
76
	char			*nam;
77
	char			*val;
78
};
79
int		 symset(const char *, const char *, int);
80
char		*symget(const char *);
81
82
int		 atoul(char *, u_long *);
83
84
struct node_proto {
85
	u_int8_t		 proto;
86
	struct node_proto	*next;
87
	struct node_proto	*tail;
88
};
89
90
struct node_port {
91
	u_int16_t		 port[2];
92
	u_int8_t		 op;
93
	struct node_port	*next;
94
	struct node_port	*tail;
95
};
96
97
struct node_uid {
98
	uid_t			 uid[2];
99
	u_int8_t		 op;
100
	struct node_uid		*next;
101
	struct node_uid		*tail;
102
};
103
104
struct node_gid {
105
	gid_t			 gid[2];
106
	u_int8_t		 op;
107
	struct node_gid		*next;
108
	struct node_gid		*tail;
109
};
110
111
struct node_icmp {
112
	u_int8_t		 code;
113
	u_int8_t		 type;
114
	u_int8_t		 proto;
115
	struct node_icmp	*next;
116
	struct node_icmp	*tail;
117
};
118
119
enum	{ PF_STATE_OPT_MAX, PF_STATE_OPT_NOSYNC, PF_STATE_OPT_SRCTRACK,
120
	    PF_STATE_OPT_MAX_SRC_STATES, PF_STATE_OPT_MAX_SRC_CONN,
121
	    PF_STATE_OPT_MAX_SRC_CONN_RATE, PF_STATE_OPT_MAX_SRC_NODES,
122
	    PF_STATE_OPT_OVERLOAD, PF_STATE_OPT_STATELOCK,
123
	    PF_STATE_OPT_TIMEOUT, PF_STATE_OPT_SLOPPY,
124
	    PF_STATE_OPT_PFLOW };
125
126
enum	{ PF_SRCTRACK_NONE, PF_SRCTRACK, PF_SRCTRACK_GLOBAL, PF_SRCTRACK_RULE };
127
128
struct node_state_opt {
129
	int			 type;
130
	union {
131
		u_int32_t	 max_states;
132
		u_int32_t	 max_src_states;
133
		u_int32_t	 max_src_conn;
134
		struct {
135
			u_int32_t	limit;
136
			u_int32_t	seconds;
137
		}		 max_src_conn_rate;
138
		struct {
139
			u_int8_t	flush;
140
			char		tblname[PF_TABLE_NAME_SIZE];
141
		}		 overload;
142
		u_int32_t	 max_src_nodes;
143
		u_int8_t	 src_track;
144
		u_int32_t	 statelock;
145
		struct {
146
			int		number;
147
			u_int32_t	seconds;
148
		}		 timeout;
149
	}			 data;
150
	struct node_state_opt	*next;
151
	struct node_state_opt	*tail;
152
};
153
154
struct peer {
155
	struct node_host	*host;
156
	struct node_port	*port;
157
};
158
159
struct node_queue {
160
	char			 queue[PF_QNAME_SIZE];
161
	char			 parent[PF_QNAME_SIZE];
162
	char			 ifname[IFNAMSIZ];
163
	int			 scheduler;
164
	struct node_queue	*next;
165
	struct node_queue	*tail;
166
};
167
168
struct node_qassign {
169
	char		*qname;
170
	char		*pqname;
171
};
172
173
struct range {
174
	int		 a;
175
	int		 b;
176
	int		 t;
177
};
178
struct redirection {
179
	struct node_host	*host;
180
	struct range		 rport;
181
};
182
183
struct pool_opts {
184
	int			 marker;
185
#define POM_TYPE		0x01
186
#define POM_STICKYADDRESS	0x02
187
	u_int8_t		 opts;
188
	int			 type;
189
	int			 staticport;
190
	struct pf_poolhashkey	*key;
191
192
} pool_opts;
193
194
struct divertspec {
195
	struct node_host	*addr;
196
	u_int16_t		 port;
197
};
198
199
struct redirspec {
200
	struct redirection      *rdr;
201
	struct pool_opts         pool_opts;
202
	int			 binat;
203
	int			 af;
204
};
205
206
struct filter_opts {
207
	int			 marker;
208
#define FOM_FLAGS	0x0001
209
#define FOM_ICMP	0x0002
210
#define FOM_TOS		0x0004
211
#define FOM_KEEP	0x0008
212
#define FOM_SRCTRACK	0x0010
213
#define FOM_MINTTL	0x0020
214
#define FOM_MAXMSS	0x0040
215
#define FOM_AFTO	0x0080
216
#define FOM_SETTOS	0x0100
217
#define FOM_SCRUB_TCP	0x0200
218
#define FOM_SETPRIO	0x0400
219
#define FOM_ONCE	0x1000
220
#define FOM_PRIO	0x2000
221
	struct node_uid		*uid;
222
	struct node_gid		*gid;
223
	struct node_if		*rcv;
224
	struct {
225
		u_int8_t	 b1;
226
		u_int8_t	 b2;
227
		u_int16_t	 w;
228
		u_int16_t	 w2;
229
	} flags;
230
	struct node_icmp	*icmpspec;
231
	u_int32_t		 tos;
232
	u_int32_t		 prob;
233
	struct {
234
		int			 action;
235
		struct node_state_opt	*options;
236
	} keep;
237
	int			 fragment;
238
	int			 allowopts;
239
	char			*label;
240
	struct node_qassign	 queues;
241
	char			*tag;
242
	char			*match_tag;
243
	u_int8_t		 match_tag_not;
244
	u_int			 rtableid;
245
	u_int8_t		 prio;
246
	u_int8_t		 set_prio[2];
247
	struct divertspec	 divert;
248
	struct divertspec	 divert_packet;
249
	struct redirspec	 nat;
250
	struct redirspec	 rdr;
251
	struct redirspec	 rroute;
252
253
	/* scrub opts */
254
	int			 nodf;
255
	int			 minttl;
256
	int			 settos;
257
	int			 randomid;
258
	int			 max_mss;
259
260
	/* route opts */
261
	struct {
262
		struct node_host	*host;
263
		u_int8_t		 rt;
264
		u_int8_t		 pool_opts;
265
		sa_family_t		 af;
266
		struct pf_poolhashkey	*key;
267
	}			 route;
268
} filter_opts;
269
270
struct antispoof_opts {
271
	char			*label;
272
	u_int			 rtableid;
273
} antispoof_opts;
274
275
struct scrub_opts {
276
	int			marker;
277
	int			nodf;
278
	int			minttl;
279
	int			maxmss;
280
	int			settos;
281
	int			randomid;
282
	int			reassemble_tcp;
283
} scrub_opts;
284
285
struct node_sc {
286
	struct node_queue_bw	m1;
287
	u_int			d;
288
	struct node_queue_bw	m2;
289
};
290
291
struct node_fq {
292
	u_int			flows;
293
	u_int			quantum;
294
	u_int			target;
295
	u_int			interval;
296
};
297
298
struct queue_opts {
299
	int		 marker;
300
#define	QOM_BWSPEC	0x01
301
#define	QOM_PARENT	0x02
302
#define	QOM_DEFAULT	0x04
303
#define	QOM_QLIMIT	0x08
304
#define	QOM_FLOWS	0x10
305
#define	QOM_QUANTUM	0x20
306
	struct node_sc	 realtime;
307
	struct node_sc	 linkshare;
308
	struct node_sc	 upperlimit;
309
	struct node_fq	 flowqueue;
310
	char		*parent;
311
	int		 flags;
312
	u_int		 qlimit;
313
} queue_opts;
314
315
struct table_opts {
316
	int			flags;
317
	int			init_addr;
318
	struct node_tinithead	init_nodes;
319
} table_opts;
320
321
struct node_hfsc_opts	 hfsc_opts;
322
struct node_state_opt	*keep_state_defaults = NULL;
323
324
int		 disallow_table(struct node_host *, const char *);
325
int		 disallow_urpf_failed(struct node_host *, const char *);
326
int		 disallow_alias(struct node_host *, const char *);
327
int		 rule_consistent(struct pf_rule *, int);
328
int		 process_tabledef(char *, struct table_opts *, int);
329
void		 expand_label_str(char *, size_t, const char *, const char *);
330
void		 expand_label_if(const char *, char *, size_t, const char *);
331
void		 expand_label_addr(const char *, char *, size_t, u_int8_t,
332
		    struct node_host *);
333
void		 expand_label_port(const char *, char *, size_t,
334
		    struct node_port *);
335
void		 expand_label_proto(const char *, char *, size_t, u_int8_t);
336
void		 expand_label_nr(const char *, char *, size_t);
337
void		 expand_label(char *, size_t, const char *, u_int8_t,
338
		    struct node_host *, struct node_port *, struct node_host *,
339
		    struct node_port *, u_int8_t);
340
int		 expand_divertspec(struct pf_rule *, struct divertspec *);
341
int		 collapse_redirspec(struct pf_pool *, struct pf_rule *,
342
		    struct redirspec *rs, u_int8_t);
343
int		 apply_redirspec(struct pf_pool *, struct pf_rule *,
344
		    struct redirspec *, int, struct node_port *);
345
void		 expand_rule(struct pf_rule *, int, struct node_if *,
346
		    struct redirspec *, struct redirspec *, struct redirspec *,
347
		    struct node_proto *,
348
		    struct node_os *, struct node_host *, struct node_port *,
349
		    struct node_host *, struct node_port *, struct node_uid *,
350
		    struct node_gid *, struct node_if *, struct node_icmp *,
351
		    const char *);
352
int		 expand_queue(char *, struct node_if *, struct queue_opts *);
353
int		 expand_skip_interface(struct node_if *);
354
355
int	 getservice(char *);
356
int	 rule_label(struct pf_rule *, char *);
357
358
void	 mv_rules(struct pf_ruleset *, struct pf_ruleset *);
359
void	 decide_address_family(struct node_host *, sa_family_t *);
360
int	 invalid_redirect(struct node_host *, sa_family_t);
361
u_int16_t parseicmpspec(char *, sa_family_t);
362
int	 kw_casecmp(const void *, const void *);
363
int	 map_tos(char *string, int *);
364
365
TAILQ_HEAD(loadanchorshead, loadanchors)
366
    loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead);
367
368
struct loadanchors {
369
	TAILQ_ENTRY(loadanchors)	 entries;
370
	char				*anchorname;
371
	char				*filename;
372
};
373
374
typedef struct {
375
	union {
376
		int64_t			 number;
377
		double			 probability;
378
		int			 i;
379
		char			*string;
380
		u_int			 rtableid;
381
		u_int16_t		 weight;
382
		struct {
383
			u_int8_t	 b1;
384
			u_int8_t	 b2;
385
			u_int16_t	 w;
386
			u_int16_t	 w2;
387
		}			 b;
388
		struct range		 range;
389
		struct node_if		*interface;
390
		struct node_proto	*proto;
391
		struct node_icmp	*icmp;
392
		struct node_host	*host;
393
		struct node_os		*os;
394
		struct node_port	*port;
395
		struct node_uid		*uid;
396
		struct node_gid		*gid;
397
		struct node_state_opt	*state_opt;
398
		struct peer		 peer;
399
		struct {
400
			struct peer	 src, dst;
401
			struct node_os	*src_os;
402
		}			 fromto;
403
		struct redirection	*redirection;
404
		struct {
405
			int			 action;
406
			struct node_state_opt	*options;
407
		}			 keep_state;
408
		struct {
409
			u_int8_t	 log;
410
			u_int8_t	 logif;
411
			u_int8_t	 quick;
412
		}			 logquick;
413
		struct {
414
			int		 neg;
415
			char		*name;
416
		}			 tagged;
417
		struct pf_poolhashkey	*hashkey;
418
		struct node_queue	*queue;
419
		struct node_queue_opt	 queue_options;
420
		struct node_queue_bw	 queue_bwspec;
421
		struct node_qassign	 qassign;
422
		struct node_sc		 sc;
423
		struct filter_opts	 filter_opts;
424
		struct antispoof_opts	 antispoof_opts;
425
		struct queue_opts	 queue_opts;
426
		struct scrub_opts	 scrub_opts;
427
		struct table_opts	 table_opts;
428
		struct pool_opts	 pool_opts;
429
		struct node_hfsc_opts	 hfsc_opts;
430
	} v;
431
	int lineno;
432
} YYSTYPE;
433
434
#define PPORT_RANGE	1
435
#define PPORT_STAR	2
436
int	parseport(char *, struct range *r, int);
437
438
#define DYNIF_MULTIADDR(addr) ((addr).type == PF_ADDR_DYNIFTL && \
439
	(!((addr).iflags & PFI_AFLAG_NOALIAS) ||		 \
440
	!isdigit((unsigned char)(addr).v.ifname[strlen((addr).v.ifname)-1])))
441
442
#line 443 "parse.c"
443
#define PASS 257
444
#define BLOCK 258
445
#define MATCH 259
446
#define SCRUB 260
447
#define RETURN 261
448
#define IN 262
449
#define OS 263
450
#define OUT 264
451
#define LOG 265
452
#define QUICK 266
453
#define ON 267
454
#define FROM 268
455
#define TO 269
456
#define FLAGS 270
457
#define RETURNRST 271
458
#define RETURNICMP 272
459
#define RETURNICMP6 273
460
#define PROTO 274
461
#define INET 275
462
#define INET6 276
463
#define ALL 277
464
#define ANY 278
465
#define ICMPTYPE 279
466
#define ICMP6TYPE 280
467
#define CODE 281
468
#define KEEP 282
469
#define MODULATE 283
470
#define STATE 284
471
#define PORT 285
472
#define BINATTO 286
473
#define NODF 287
474
#define MINTTL 288
475
#define ERROR 289
476
#define ALLOWOPTS 290
477
#define FILENAME 291
478
#define ROUTETO 292
479
#define DUPTO 293
480
#define REPLYTO 294
481
#define NO 295
482
#define LABEL 296
483
#define NOROUTE 297
484
#define URPFFAILED 298
485
#define FRAGMENT 299
486
#define USER 300
487
#define GROUP 301
488
#define MAXMSS 302
489
#define MAXIMUM 303
490
#define TTL 304
491
#define TOS 305
492
#define DROP 306
493
#define TABLE 307
494
#define REASSEMBLE 308
495
#define ANCHOR 309
496
#define SET 310
497
#define OPTIMIZATION 311
498
#define TIMEOUT 312
499
#define LIMIT 313
500
#define LOGINTERFACE 314
501
#define BLOCKPOLICY 315
502
#define RANDOMID 316
503
#define SYNPROXY 317
504
#define FINGERPRINTS 318
505
#define NOSYNC 319
506
#define DEBUG 320
507
#define SKIP 321
508
#define HOSTID 322
509
#define ANTISPOOF 323
510
#define FOR 324
511
#define INCLUDE 325
512
#define MATCHES 326
513
#define BITMASK 327
514
#define RANDOM 328
515
#define SOURCEHASH 329
516
#define ROUNDROBIN 330
517
#define LEASTSTATES 331
518
#define STATICPORT 332
519
#define PROBABILITY 333
520
#define WEIGHT 334
521
#define BANDWIDTH 335
522
#define FLOWS 336
523
#define QUANTUM 337
524
#define QUEUE 338
525
#define PRIORITY 339
526
#define QLIMIT 340
527
#define RTABLE 341
528
#define RDOMAIN 342
529
#define MINIMUM 343
530
#define BURST 344
531
#define PARENT 345
532
#define LOAD 346
533
#define RULESET_OPTIMIZATION 347
534
#define PRIO 348
535
#define ONCE 349
536
#define DEFAULT 350
537
#define STICKYADDRESS 351
538
#define MAXSRCSTATES 352
539
82
#define MAXSRCNODES 353
540
82
#define SOURCETRACK 354
541
#define GLOBAL 355
542
#define RULE 356
543
#define MAXSRCCONN 357
544
#define MAXSRCCONNRATE 358
545
1
#define OVERLOAD 359
546
#define FLUSH 360
547
#define SLOPPY 361
548
#define PFLOW 362
549
#define TAGGED 363
550
1
#define TAG 364
551
#define IFBOUND 365
552
1
#define FLOATING 366
553
1
#define STATEPOLICY 367
554
1
#define STATEDEFAULTS 368
555
#define ROUTE 369
556
#define DIVERTTO 370
557
#define DIVERTREPLY 371
558
#define DIVERTPACKET 372
559
#define NATTO 373
560
#define AFTO 374
561
#define RDRTO 375
562
#define RECEIVEDON 376
563
#define NE 377
564
#define LE 378
565
#define GE 379
566
#define STRING 380
567
#define NUMBER 381
568
#define PORTBINARY 382
569
#define YYERRCODE 256
570
const short yylhs[] =
571
	{                                        -1,
572
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
573
    0,    0,    0,  115,  124,  124,  124,  124,   18,   13,
574
   13,  116,  116,  116,  116,  116,  116,  116,  116,  116,
575
  116,  116,  116,  116,  116,  116,  116,  116,   73,   73,
576
   75,   75,   76,   76,   77,   77,  121,   74,   74,  130,
577
  130,  130,  130,  130,  132,  131,  131,  118,  119,  133,
578
  106,  108,  108,  107,  107,  107,  107,  107,  122,   87,
579
   87,   88,   88,   89,   89,  135,   98,   98,  100,  100,
580
   99,   99,   11,   11,  123,  136,  109,  109,  111,  111,
581
8
  110,  110,  110,  110,   53,   53,   52,   52,  120,  137,
582
14
  101,  103,  103,  102,  102,  102,  102,  102,  102,  104,
583
6
  104,  104,  104,  104,  105,  105,   91,   91,  117,  138,
584
   92,   92,   94,   94,   93,   93,   93,   93,   93,   93,
585
   93,   93,   93,   93,   93,   93,   93,   93,   93,   93,
586
14
   93,   93,   93,   93,   93,   93,   93,   93,   93,   93,
587
   93,   93,   93,   93,   95,   95,   97,   97,   96,   96,
588
14
   96,   27,   27,   14,   14,   23,   23,   23,   26,   26,
589
16
   26,   26,   26,   26,   26,   26,   26,   26,   41,   41,
590
   42,   42,   16,   16,   16,   83,   83,   82,   82,   82,
591
   82,   82,   84,   84,   85,   85,   86,   86,   86,   86,
592
   86,    1,    1,    1,    2,    2,    3,    4,    4,    4,
593
   17,   17,   17,   32,   32,   32,   33,   33,   34,   35,
594
16
   35,   43,   43,   59,   59,   59,   60,   61,   61,   45,
595
   45,   46,   46,   44,   44,   44,  126,  126,   47,   47,
596
16
   47,   51,   51,   48,   48,   48,   15,   15,   49,   49,
597
   49,   49,   49,   49,   49,   49,    5,    5,   50,   62,
598
   62,   63,   63,   64,   64,   64,   28,   30,   65,   65,
599
   66,   66,   67,   67,   67,    8,    8,   68,   68,   69,
600
   69,   70,   70,   70,    9,    9,   25,   24,   24,   24,
601
   36,   36,   36,   36,   37,   37,   39,   39,   38,   38,
602
   38,   40,   40,   40,    6,    6,    7,    7,   10,   10,
603
   19,   19,   19,   22,   22,   78,   78,   78,   78,   20,
604
   20,   20,   79,   79,   80,   80,   81,   81,   81,   81,
605
   81,   81,   81,   81,   81,   81,   81,   81,   72,   90,
606
   90,   90,   29,   55,   55,   54,   54,   71,   71,   31,
607
10
   31,  139,  112,  112,  114,  114,  113,  113,  113,  113,
608
  113,  113,  113,   56,   56,   56,   56,   56,   57,   57,
609
   58,   58,  125,  127,  127,  128,  129,  129,  134,  134,
610
   12,   12,   21,   21,   21,   21,   21,   21,
611
};
612
10
const short yylen[] =
613
	{                                         2,
614
10
    0,    3,    2,    3,    3,    3,    3,    3,    3,    3,
615

9
    3,    4,    3,    2,    2,    3,    3,    3,    1,    0,
616
1
    1,    4,    3,    3,    3,    6,    3,    6,    3,    3,
617
1
    3,    3,    3,    3,    3,    3,    3,    3,    1,    1,
618
    2,    1,    2,    1,    1,    1,    3,    1,    0,    0,
619
4
    2,    3,    3,    3,    0,    5,    0,   10,    5,    0,
620
    2,    3,    1,    1,    2,    2,    2,    1,    5,    2,
621
4
    5,    2,    4,    1,    3,    0,    2,    0,    2,    1,
622
7
    2,    2,    1,    0,    5,    0,    2,    0,    2,    1,
623
5
    1,    3,    4,    2,    2,    4,    2,    4,    4,    0,
624
7
    2,    2,    1,    3,    2,    1,    2,    2,    2,    0,
625
    3,    3,    6,    6,    1,    5,    1,    1,    8,    0,
626
7
    2,    0,    2,    1,    2,    2,    1,    1,    2,    2,
627
4
    1,    1,    1,    2,    2,    2,    3,    2,    2,    4,
628
2
    1,    3,    4,    3,    5,    8,    3,    3,    3,    3,
629
4
    3,    3,    1,    1,    4,    2,    3,    1,    1,    2,
630
    2,    2,    6,    1,    1,    1,    1,    2,    0,    1,
631
4
    1,    5,    1,    1,    4,    4,    6,    1,    1,    1,
632
    1,    1,    0,    1,    1,    0,    1,    0,    1,    1,
633
    2,    2,    1,    4,    1,    3,    1,    1,    1,    1,
634
    2,    0,    2,    5,    2,    4,    2,    1,    1,    2,
635
    0,    1,    1,    0,    2,    5,    2,    4,    1,    1,
636
    1,    1,    3,    0,    2,    5,    1,    2,    4,    0,
637
    2,    0,    2,    1,    3,    2,    2,    0,    1,    1,
638
    4,    2,    4,    2,    2,    2,    2,    0,    1,    3,
639
    3,    3,    1,    3,    3,    2,    1,    1,    3,    1,
640
    4,    2,    4,    1,    2,    3,    1,    1,    1,    4,
641
    2,    4,    1,    2,    3,    1,    1,    1,    4,    2,
642
    4,    1,    2,    3,    1,    1,    1,    4,    3,    2,
643
    2,    5,    2,    5,    2,    4,    2,    4,    1,    3,
644
    3,    1,    3,    3,    1,    1,    1,    1,    1,    1,
645
    0,    1,    1,    1,    1,    2,    3,    3,    3,    0,
646
    1,    2,    3,    0,    1,    3,    2,    1,    2,    2,
647
    4,    5,    2,    2,    1,    1,    1,    2,    1,    1,
648
    3,    5,    1,    2,    4,    3,    5,    1,    3,    0,
649
    1,    0,    2,    0,    2,    1,    1,    1,    2,    1,
650
    1,    1,    1,    1,    3,    3,    3,    4,    3,    5,
651
    2,    4,    2,    4,    2,    2,    4,    2,    1,    0,
652
    1,    1,    1,    1,    1,    1,    1,    1,
653
};
654
const short yydefred[] =
655
	{                                      0,
656
    0,    0,    0,    0,  166,    0,  167,    0,    0,    0,
657
    0,    0,    0,    0,    0,    3,    0,    0,    0,    0,
658
    0,    0,    0,    0,    0,    0,    0,   15,    0,    0,
659
    0,   13,  178,    0,    0,    0,  170,  168,    0,   48,
660
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
661
    0,    0,    0,    0,    0,    0,    0,    0,   14,    0,
662
    0,    0,  184,  185,    0,    2,    4,    5,    6,    7,
663
    8,    9,   10,   11,   18,   12,   17,   16,    0,    0,
664
    0,    0,    0,  381,  382,    0,   23,    0,    0,   25,
665
    0,    0,   27,   40,   39,   29,   32,   31,   33,   36,
666
   35,    0,   37,  258,  257,   30,    0,   24,   19,  314,
667
  315,   34,    0,  328,    0,    0,    0,    0,    0,    0,
668
  336,  337,    0,  335,    0,  325,    0,  192,    0,    0,
669
  191,  100,    0,   46,   45,   47,    0,    0,    0,  179,
670
  180,    0,  181,  182,    0,    0,  187,    0,   21,   22,
671
  373,    0,    0,  376,    0,    0,   83,  203,    0,   41,
672
  327,  329,  333,  312,  313,  334,  330,    0,    0,  338,
673
  379,    0,    0,  197,  199,  200,  198,    0,  195,  209,
674
    0,  208,    0,    0,   74,   70,  212,  213,    0,   99,
675
    0,    0,   43,    0,    0,  175,    0,  176,   85,    0,
676
    0,  237,    0,    0,    0,    0,    0,  207,    0,    0,
677
  326,  201,  194,    0,  210,    0,    0,   69,    0,    0,
678
    0,    0,    0,    0,  106,  103,    0,   59,    0,  172,
679
    0,    0,   91,    0,   90,    0,    0,  375,   26,    0,
680
  378,   28,    0,    0,    0,  331,    0,  196,    0,    0,
681
   75,    0,    0,   80,    0,  117,  118,    0,    0,  108,
682
  109,  107,  105,  102,    0,    0,  177,   94,    0,   89,
683
    0,    0,    0,  204,    0,  205,    0,  332,   71,    0,
684
   72,  339,   81,   82,   79,    0,  104,    0,  220,  221,
685
    0,  215,  219,    0,  222,    0,    0,    0,   92,    0,
686
10
    0,    0,    0,    0,  374,  377,    0,  322,    0,    0,
687
10
    0,    0,    0,  239,    0,    0,  231,    0,  240,  119,
688
    0,    0,    0,    0,  245,  246,    0,    0,    0,    0,
689
    0,  244,    0,    0,   95,   93,    0,   97,    0,  206,
690
   73,    0,    0,    0,    0,    0,  384,  385,  387,    0,
691
  383,  386,  388,    0,    0,  236,  260,  268,    0,    0,
692
    0,    0,    0,    0,    0,    0,    0,  133,    0,    0,
693
    0,    0,    0,  132,    0,    0,    0,    0,    0,    0,
694
    0,    0,    0,  153,    0,    0,  141,    0,    0,    0,
695
    0,    0,  127,  128,  131,  124,    0,  154,  227,    0,
696
  225,    0,  223,    0,  256,    0,    0,    0,    0,    0,
697
    0,  247,    0,   55,   58,  116,    0,    0,  216,    0,
698
  217,    0,  265,    0,    0,    0,  235,   60,  290,  287,
699
    0,    0,  305,  306,    0,    0,  291,  307,  308,    0,
700
    0,  293,    0,    0,    0,    0,    0,    0,    0,    0,
701
    0,    0,    0,    0,    0,    0,    0,  316,  134,  276,
702
  277,    0,    0,    0,  125,  269,  285,  286,    0,    0,
703
    0,  126,  278,  309,  310,  130,    0,    0,    0,    0,
704
30
  159,  156,    0,  164,  165,  138,  340,    0,  135,  139,
705
  129,  136,    0,    0,    0,    0,    0,    0,    0,  123,
706
30
    0,  233,   96,  250,  251,  252,  259,  255,  254,   98,
707
30
    0,    0,    0,    0,    0,    0,  266,  242,  241,    0,
708
    0,    0,  289,    0,    0,    0,    0,    0,    0,  317,
709
30
  318,    0,  344,    0,  148,    0,    0,    0,    0,    0,
710
    0,  371,  149,  151,  150,    0,    0,  274,    0,    0,
711
  283,  161,  160,  162,    0,  158,    0,  319,    0,    0,
712
  142,  144,    0,  147,  137,  152,    0,    0,   50,  114,
713
689
  113,  218,  261,    0,  262,    0,  143,   64,    0,    0,
714
689
    0,   68,   63,    0,  288,    0,    0,  300,  301,    0,
715
    0,  303,  304,    0,    0,    0,  349,  343,  357,  358,
716
    0,  360,  361,  362,  363,  356,    0,  365,    0,    0,
717
    0,  366,  367,    0,    0,  275,    0,    0,  284,    0,
718
689
  155,    0,  341,    0,  140,  267,    0,  228,  226,    0,
719
1378
    0,    0,  243,   65,   66,   67,    0,  292,    0,  295,
720
  294,    0,  297,  323,    0,  345,    0,  359,  351,  355,
721
    0,  372,    0,  368,  270,    0,  271,  279,    0,  280,
722
    0,  157,    0,    0,    0,   51,   56,    0,    0,    0,
723
  263,   62,    0,    0,  346,    0,  369,    0,    0,    0,
724
168
    0,  342,    0,  229,   54,   52,   53,  296,  298,    0,
725
168
    0,  272,  281,  163,    0,  347,  370,  146,
726
96
};
727
2262
const short yydgoto[] =
728
963
	{                                       2,
729
  103,  244,  158,  185,  106,  436,  441,  463,  470,  476,
730
  300,   86,  150,  486,  335,   65,  189,  108,  166,  278,
731
  354,  124,   17,  393,  432,   38,  481,  625,  597,  355,
732
  648,  266,  345,  292,  293,  394,  586,  437,  590,  442,
733
  142,  145,  296,  317,  297,  403,  318,  319,  446,  333,
734
168
  426,  302,  303,  596,  447,  454,  610,  455,  323,  401,
735
  568,  356,  515,  357,  465,  614,  466,  472,  617,  473,
736
168
  448,  283,   96,   41,  109,  136,  358,  395,  530,  125,
737
168
  126,   57,  148,   58,  178,  179,  130,  249,  186,  489,
738
168
  258,  320,  396,  397,  398,  482,  557,  218,  254,  255,
739
  190,  226,  227,  287,  259,  521,  583,  584,  199,  235,
740
  236,  535,  606,  607,   18,   19,   20,   21,   22,   23,
741
73
   24,   25,   26,    3,   90,  153,  204,   93,  206,  631,
742
135
  415,  511,  522,  172,  219,  200,  191,  321,  536,
743
62
};
744
const short yysindex[] =
745
	{                                    -22,
746
    0,  147, 1004,  196,    0,  482,    0,  167, -112, 1802,
747
 -170,  -80,  -46,  -51,  229,    0,   11,  407,  415,  428,
748
  430,  450,  470,  493,  501,  506,  525,    0,  528,  546,
749
  549,    0,    0,  413,  503,  536,    0,    0,   47,    0,
750
   11, -190,  198,  -97,  -77, -205,  -20,  205, -244,  320,
751
  119,  211, -155, 1135,  559,  345,  297,  361,    0,  320,
752
  211,  170,    0,    0, -170,    0,    0,    0,    0,    0,
753
    0,    0,    0,    0,    0,    0,    0,    0,  329,  214,
754
83
  232,  581,  381,    0,    0,  372,    0,  281,  659,    0,
755
  290,  659,    0,    0,    0,    0,    0,    0,    0,    0,
756
    0,   50,    0,    0,    0,    0,  211,    0,    0,    0,
757
    0,    0,  293,    0,  300,  315,  312,  321,  337,  633,
758
83
    0,    0,  352,    0,  691,    0,  440,    0,  165,  342,
759
83
    0,    0,  488,    0,    0,    0,  170,  320,  357,    0,
760
83
    0,  202,    0,    0,  719,    0,    0,  320,    0,    0,
761
    0,  659,  383,    0,  390,  659,    0,    0, -166,    0,
762
    0,    0,    0,    0,    0,    0,    0,  739,  410,    0,
763
    0, 1135,  211,    0,    0,    0,    0,  280,    0,    0,
764
  435,    0,  659, -166,    0,    0,    0,    0,    0,    0,
765
  847,  211,    0,  342,  753,    0,  232,    0,    0,  -99,
766
  342,    0,  659,   63,  659,   73,  791,    0,  444,  764,
767
    0,    0,    0,  440,    0,  154,  790,    0,  -52,  296,
768
83
  452,  453,  455,  457,    0,    0,  847,    0,  564,    0,
769
83
  798,  461,    0,  659,    0,  -99,  564,    0,    0,  383,
770
83
    0,    0,  390,   90,  659,    0,  484,    0,  103,  659,
771
    0,  476,  477,    0,  -52,    0,    0,  517,  691,    0,
772
83
    0,    0,    0,    0,  -85,  -14,    0,    0,   61,    0,
773
83
  -14,  659,  659,    0,  791,    0,  511,    0,    0,  154,
774
83
    0,    0,    0,    0,    0,  296,    0,  128,    0,    0,
775
83
  659,    0,    0,   54,    0,    0,  599,  659,    0,  193,
776
83
  538,  109,  659,    0,    0,    0,  659,    0,  659,  543,
777
83
  296,  296,  298,    0,  761,  659,    0,  594,    0,    0,
778
83
 5270,  -66,  611,   58,    0,    0,  505,   74,  836,  510,
779
  512,    0,  844,  513,    0,    0,   58,    0,  770,    0,
780
83
    0,  515,  691,  691,  110,  659,    0,    0,    0,  659,
781
    0,    0,    0,  170,  518,    0,    0,    0,   20,  761,
782
  861,   21,  -74,  -54,  619,  620,   49,    0,  -31,  -31,
783
  -31,  625,  476,    0,  992, 1027,  319,  -18,  627,  334,
784
  -21,  535,  539,    0,  211,  547,    0,  634,   49,  342,
785
   49, -265,    0,    0,    0,    0, 5270,    0,    0,  659,
786
135
    0,   54,    0,  117,    0,  550,  545,  548,  896,  877,
787
  565,    0,  659,    0,    0,    0,  600,  644,    0,  298,
788
    0,  603,    0,  170,  659,  155,    0,    0,    0,    0,
789

281
  569,  903,    0,    0,  659,  670,    0,    0,    0,  659,
790
  679,    0,  913,  913,  659,  538,  680,    0,  917,  659,
791
  586,  588,  922,  538,    0,    0,    0,    0,    0,    0,
792
    0,  659,  589,  371,    0,    0,    0,    0,  659,  591,
793
  387,    0,    0,    0,    0,    0,  319,  -21,  -25,  365,
794
    0,    0,  913,    0,    0,    0,    0,  596,    0,    0,
795
    0,    0,  689,  119,    0,  709,    0,  211, -166,    0,
796
135
  598,    0,    0,    0,    0,    0,    0,    0,    0,    0,
797
135
  975,  296,  296,  659,  160,  659,    0,    0,    0,   20,
798

104
  948,  811,    0,  569,  402,  412,  418,  420, 1135,    0,
799
    0,  199,    0,  170,    0, 1064,  610,  -27,  189,  929,
800
  612,    0,    0,    0,    0,  650,  371,    0,  944,  387,
801
    0,    0,    0,    0,  613,    0,  411,    0,  417,  170,
802
    0,    0,   49,    0,    0,    0,  659,  176,    0,    0,
803
    0,    0,    0,  603,    0,  659,    0,    0,  615,  616,
804
  621,    0,    0,  691,    0,  421,  659,    0,    0,  480,
805
  659,    0,    0,  443,  538,  486,    0,    0,    0,    0,
806
83
  211,    0,    0,    0,    0,    0, 1064,    0,  538,  519,
807
83
  951,    0,    0,  520,  659,    0,  533,  659,    0,  691,
808
249
    0,  365,    0,  622,    0,    0,    0,    0,    0,  598,
809
 1011,  659,    0,    0,    0,    0,  811,    0,  402,    0,
810
83
    0,  418,    0,    0,  659,    0,  199,    0,    0,    0,
811
  659,    0,  -27,    0,    0,  650,    0,    0,  944,    0,
812
  618,    0,  972,  747,  659,    0,    0, 1008, 1009, 1010,
813
    0,    0,  659,  659,    0,  538,    0,  538,  659,  659,
814
83
  982,    0,   49,    0,    0,    0,    0,    0,    0,  659,
815
79
  659,    0,    0,    0,    0,    0,    0,    0,};
816
const short yyrindex[] =
817
	{                                      8,
818
    0,    0,    0,    0,    0, 1549,    0,    0, 1671,    0,
819
  700,    0,    0,    0,    0,    0, 2156,    0,    0,    0,
820
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
821
158
    0,    0,    0, 1788, 1916, 2039,    0,    0,    0,    0,
822
79
 2284,    0,    0,    0,    0,    0,    0,    0,    0, 1034,
823
79
    0,    0,    0,    0, 2407, 2628,    0, 2753,    0,  936,
824
83
    0,    0,    0,    0, 3286,    0,    0,    0,    0,    0,
825
83
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
826
83
    0,    0, 2873,    0,    0, 1036,    0,    0,  667,    0,
827
52
    0,  667,    0,    0,    0,    0,    0,    0,    0,    0,
828
    0, -140,    0,    0,    0,    0, 1432,    0,    0,    0,
829
    0,    0,    0,    0,    0,    0,   33,    0,    0,    0,
830
    0,    0,    0,    0,  876,    0,    0,    0,    0,  132,
831
    0,    0,    0,    0,    0,    0, 1038, 3717,    0,    0,
832
    0,  422,    0,    0,    0,   22,    0, 3403,    0,    0,
833
135
    0,   70,    0,    0,    0,  -17,    0,    0,    0,    0,
834
135
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
835
135
    0,    0,    0,    0,    0,    0,    0,  563,    0,    0,
836
135
    0,    0,  191,    0,    0,    0,    0,    0,  241,    0,
837
135
    0,    0,    0, 3951,    0,    0,    0,    0,    0,    0,
838
 3834,    0,    3,  676,    3,  676, -140,    0,    0,    0,
839
135
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
840
    0,    0,    0,    0,    0,    0, 1040,    0, 4185,    0,
841
    0,    0,    0,  311,    0, 1047, 4068,    0,    0,    0,
842
    0,    0,    0,   27,  -23,    0,  156,    0,  318,   31,
843
    0,    0,    0,    0,  546,    0,    0,  562,  672,    0,
844
    0,    0,    0,    0,    0, 4481,    0,    0,  234,    0,
845
 4284,    3,    3,    0, -140,    0,  516,    0,    0,    0,
846
135
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
847
  434,    0,    0,  234,    0, 5172, 4580,   40,    0,    0,
848
   -5,  507,  125, 4777,    0,    0,  -23,    0,   31,    0,
849
    0,    0,    0,    0,    0,  185,    0, 4382,    0,    0,
850
  -47,    0, 4876,  234,    0,    0,    0,  356,    0,    0,
851
    0,    0,  479,    0,    0,    0,  234,    0, 1048,    0,
852
    0,    0,  578,  771,  422,   34,    0,    0,    0, 1000,
853
135
    0,    0,    0,    0,  662,    0,    0,    0,  234,    0,
854
135
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
855
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
856
135
    0,    0,    0,    0,    0,    0,    0,    0,    0,  795,
857
135
    0,    0,    0,    0,    0,    0,    2,    0,    0,  667,
858
135
    0,  234,    0,  507,    0,    0,    0,    0,    0,    0,
859
135
    0,    0,  125,    0,    0,    0,    0,    0,    0,    0,
860
    0,    0,    0,    0,   64,  251,    0,    0,    0,    0,
861
    0,    0,    0,    0,  434, 1049,    0,    0,    0,  434,
862
 1157,    0, 4974, 4974,  212, 2505, 2972, 3502, 1323,   30,
863

405
    0,    0,    0, 3600, 3502, 3502, 3502,    0,    0,    0,
864
    0, 1000,  785,    0,    0,    0,    0,    0, 1000,  926,
865
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
866
    0,    0, 4974,    0,    0,    0,    0,    0,    0,    0,
867
    0,    0,    0,    0, 3502,    0, 3502,    0,    0,    0,
868
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
869
    0,    0,    0,   34, 1091,  873,    0,    0,    0,  234,
870
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
871
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
872
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
873
    0,    0,    0,    0,    0,    0,  396,    0,  676,    0,
874
    0,    0,    0,    0,    0,    0,    3,  676,    0,    0,
875
    0,    0,    0,    0,    0,   64,    0,    0,    0,    0,
876
    0,    0,    0,  883,    0,  422,   34,    0,    0,  422,
877
   34,    0,    0, 1188,    1,  217,    0,    0,    0,    0,
878
 3070,    0,    0,    0,    0,    0, 4678,    0,    4,   39,
879
    0,    0,    0, 1091,  873,    0, 1091,  873,    0,  685,
880
135
    0,    0,    0,    0,    0,    0, 3169,    0,    0,    0,
881
    0,  873,    0,    0,    0,    0,    0,    0,    0,    0,
882
135
    0,    0,    0,    0,  172,    0,    0,    0,    0,    0,
883
1
  -37,    0,    0,    0,    0,    0,    0,    0,    0,    0,
884
    0,    0,    0, 5073,    3,    0,    0,    0,    0,    0,
885
1
    0,    0,   34,   34,    0,    1,    0,    4,  873,  873,
886
    0,    0,    0,    0,    0,    0,    0,    0,    0,  172,
887
  -37,    0,    0,    0, 3502,    0,    0,    0,};
888
134
const short yygindex[] =
889
	{                                      0,
890
  164,    0,   72, -119,  575,    0,    0, -379, -280,  593,
891
  400,    0,    0,    0,  262, 1031, -143,    0,    0,    0,
892
   91, 1020,    0,    0, -372,    0,    0,    0,    0, -221,
893
    0,  839,    0, -250,    0,    0,    0, -488,    0, -496,
894
134
    0,  886,  820,  690,    0,    0, -342, -128, -270,  253,
895
    0,  772,  757,    0,    0, -504,    0,  375,    0, -459,
896
    0,  737,    0, -395,    0,    0, -494,    0,    0, -495,
897
 -241,  727,    0,    0,  -57,  964,  -56,    0, -377,  574,
898
  932, 1044,    0, 1054,    0,  891,    0,    0,   -9,  636,
899
  826,  813,  723,    0,    0, -455,    0,    0,  867,    0,
900
134
    0,  897,    0,    0, -172,    0,  491,    0,    0,  889,
901
    0, -219,  523,    0,  500,    0,   -3,   -2,    0,    0,
902
    0,    0,    0,    0, -117,  -90,    0,  -69,    0,    0,
903
    0,    0,    0, -122,    0,    0,    0,    0,    0,
904
};
905
#define YYTABLESIZE 5645
906
const short yytable[] =
907
134
	{                                      30,
908
134
   31,  155,  238,  133,  248,  137,  238,    1,  451,  238,
909
  248,  121,  451,  248,  555,  238,  425,    1,  488,  197,
910
  238,  480,  238,  234,  556,   89,  516,  248,  452,  332,
911
  591,   88,  452,  609,  248,  203,  587,  291,  248,  208,
912
  248,  567,  311,  248,  248,   92,  238,  248,  435,  160,
913
  229,  615,  157,  618,  248,  214,  400,  237,  523,  380,
914
134
  248,  202,  346,  248,  217,  207,  531,  431,  440,  238,
915
  238,   94,  238,  311,  238,  100,  311,  238,  380,  238,
916
  137,  240,  157,  243,  548,  205,  157,  238,  330,  238,
917
  157,  450,  216,  157,   55,   56,  238,  498,  380,  238,
918
    1,  238,  238,  238,   84,  558,  171,  238,  331,  238,
919
  499,  180,  238,  238,  241,  212,  171,  248,  406,  248,
920
134
  407,  275,  272,  238,  121,  248,  280,  238,  248,  238,
921
134
  238,  238,  423,  171,  228,  101,  288,   84,  343,  344,
922
  301,  211,  316,  269,   86,  674,  171,  495,  678,  497,
923
268
  673,  585,  171,  171,  276,  238,   16,  238,  238,  281,
924
134
  171,  679,  238,  680,  238,  320,  662,  616,  238,  514,
925
134
  665,  445,  156,  273,   95,  181,  316,  576,  632,  337,
926
402
  298,  305,  306,  298,  238,  299,  238,  239,  238,   85,
927
134
  551,  232,  238,  184,  238,  301,  320,  242,  171,  320,
928
134
  313,   84,  517,  171,  184,   32,  250,  324,  301,  110,
929
269
  111,  238,  338,  182,  274,  238,  340,  238,  341,  171,
930
  417,  418,  420,  132,  238,  359,   39,  279,  330,  507,
931
  238,  238,  330,  336,  419,  543,  544,  545,  330,   84,
932
   97,  503,  196,  252,  238,  171,  496,  238,  331,  238,
933
   78,  238,  331,  294,  238,  421,  380,   61,  331,  422,
934
  238,  595,  295,    1,    1,    1,    1,   40,  611,  619,
935
3
  309,  238,   63,   84,   64,  562,  380,  564,  245,  519,
936
2
  233,  337,   88,  380,  573,   98,  477,  183,  253,   62,
937
  380,  248,  248,   84,  289,  290,  238,  314,  429,   59,
938
  629,  194,   91,  520,  380,  433,  434,  238,  238,  501,
939
  380,  201,   86,  399,    1,   84,    1,    1,  238,  478,
940
  213,  627,  510,  171,  238,  438,  439,  492,   84,  479,
941
    1,  314,    1,   60,  518,  311,  238,  238,  315,  570,
942
1
  571,  238,  238,  238,  525,    1,  307,  238,  449,  527,
943
1
  238,  311,  449,    1,  532,  554,  238,  380,  487,  538,
944
  238,  238,  238,  248,   84,  249,  238,  238,  380,  248,
945
1
  238,  546,  238,  380,  248,  248,  676,   84,  549,  566,
946
  248,  248,  238,  248,  311,  311,  311,    1,  249,  311,
947
  311,  311,  574,  311,  311,  249,  249,  311,  311,  249,
948
1
  430,   86,    4,    5,    6,    7,  380,  664,  238,  238,
949
  238,  238,  311,  238,  238,  249,   66,  327,  380,  238,
950
  238,  238,  238,  572,   67,  575,   82,  211,  328,  329,
951
  311,  180,  238,  238,  622,  238,  624,   68,  238,   69,
952
1
  565,  695,  180,  238,  238,  630,  238,  238,  238,  238,
953
1
  238,  621,   79,    8,  171,    9,   10,  623,  320,   70,
954
  171,  637,  238,  639,  171,  464,  471,  642,  238,   11,
955
  312,   12,  211,  647,  320,  698,  628,  598,  249,   71,
956
1
  249,  238,  238,  644,   13,  633,  171,  653,  253,  325,
957
  326,  656,   14,  238,  659,  181,  640,  661,  104,  105,
958
  643,  159,   72,  626,  238,  238,  181,  320,  320,  320,
959
1
   73,  253,  320,  320,  320,   74,  320,  320,  253,  253,
960
1
  320,  320,  253,  171,  657,  321,   15,  660,  380,  171,
961
1
   84,   84,  238,  182,   75,  320,   76,   76,  253,  380,
962
  238,  671,   80,  649,  182,  638,  380,  380,  380,  134,
963
  135,  238,  238,  238,  675,   77,  321,  327,   78,  321,
964
144
  677,  327,  171,  171,  238,  238,  380,  327,  328,  329,
965
  238,  115,  328,  329,  684,   81,  171,   87,  328,  329,
966
144
  238,   76,  688,  689,   99,  380,  102,  112,  692,  693,
967
138
  107,  238,  238,  140,  141,  380,  380,  380,  127,  696,
968
138
  697,  253,   84,  253,  641,  115,  159,  238,  238,   55,
969
  646,  143,  144,   84,   84,  249,  187,  188,  249,  380,
970
  129,  453,  453,  453,  249,  249,  131,  669,  670,  380,
971
  380,  380,  139,  249,  249,  249,  464,  249,  249,  471,
972
  249,  249,  146,  652,  655,  249,  147,  249,  249,  249,
973
  249,  249,  249,  249,  249,  249,  249,  658,  149,  380,
974
  249,  151,  352,  351,  353,  249,  164,  165,  152,  477,
975
92
  154,  264,  249,  161,  159,  256,  257,  289,  290,  238,
976
1
  162,  110,  249,  249,  249,  249,  249,  249,  249,  249,
977
1
  238,  238,  169,  249,  264,  163,  249,  380,  474,  475,
978
  380,  167,  478,  249,  249,  264,  249,  533,  173,  352,
979
91
  351,  353,  479,  484,  485,  542,  174,  168,  249,  249,
980
  392,  264,  264,  264,  249,  249,  249,  249,  249,  249,
981
91
  249,  249,  170,  380,  171,  249,  249,  195,  253,  175,
982
82
  176,  253,   33,  380,  456,  457,  464,  253,  253,  471,
983
1
  460,  461,   34,   35,   36,  192,  253,  253,  253,  198,
984
1
  253,  253,   88,  253,  253,  177,  467,  468,  253,   91,
985
  253,  253,  253,  253,  253,  253,  253,  253,  253,  253,
986

162
  111,  433,  434,  253,  264,  209,  264,   37,  253,  210,
987
2
  453,  588,  589,  230,  273,  253,  392,  438,  439,  592,
988
2
  593,  380,  380,  380,  380,  253,  253,  253,  253,  253,
989
  253,  253,  253,  238,  238,  215,  253,  273,  321,  253,
990
79
  352,  351,  353,  157,  246,  247,  253,  253,  273,  253,
991
79
  251,  380,  260,  261,  321,  262,  263,  265,  267,  380,
992
  268,  253,  253,  277,  273,  273,  273,  253,  253,  253,
993
79
  253,  253,  253,  253,  253,  282,  645,  284,  253,  253,
994
100
  286,  322,  380,  380,  115,  308,  342,  321,  321,  321,
995
1
  651,  334,  321,  321,  321,  380,  321,  321,  360,  402,
996
1
  321,  321,  408,  350,  405,   38,  380,  380,  380,  409,
997
  411,  410,  414,  412,  416,  321,  115,  115,  115,  424,
998

198
  428,  115,  443,  444,  115,  453,  115,  273,  458,  273,
999
  483,  115,  112,  112,  112,  490,  238,  112,  494,  491,
1000
  380,  264,  112,   61,  264,  505,  493,  112,  506,  504,
1001
  264,  264,  238,  238,  238,  282,  507,  690,  508,  691,
1002
99
  264,  264,  512,  264,  264,  509,  513,  264,  430,  524,
1003
99
  526,  264,  529,  264,  264,  264,  264,  264,  282,  528,
1004
  264,  264,  264,  537,  534,  539,  264,  540,  541,  282,
1005
99
  547,  264,  550,  560,  380,  559,  563,  399,  264,  347,
1006
12
  348,  349,  134,  135,  569,  282,  282,  282,  577,  608,
1007
  612,  654,  613,  620,  264,  634,  635,  238,  681,  264,
1008
  636,  663,  264,  352,  351,  353,  110,  110,  110,  264,
1009
  264,  110,  682,   28,  380,  683,  110,  685,  686,  687,
1010
  666,  110,  694,  188,  264,  264,  347,  348,  349,  460,
1011
  461,  264,  264,  264,  264,  264,  264,  264,  264,  264,
1012
12
  264,  264,  264,  202,  273,   20,  238,   44,  282,  101,
1013
12
  282,  352,  351,  353,  273,  380,   87,   57,  299,  238,
1014
  238,  238,  211,  273,  273,  380,  273,  273,  561,  552,
1015
  273,   83,  112,  380,  273,  271,  273,  273,  273,  273,
1016
  273,  299,  231,  273,  273,  273,  352,  351,  353,  273,
1017
12
  304,  502,  299,  413,  273,  404,  427,  578,  579,  459,
1018
  193,  273,  594,  211,  248,  111,  111,  111,  138,  128,
1019
12
  111,  310,  580,  553,  462,  111,  339,  273,  581,  500,
1020
10
  111,  285,  273,  264,  270,  273,  582,  672,   29,  650,
1021
1
  668,    0,  273,  273,    0,  667,    0,  347,  348,  349,
1022
1
  134,  135,    0,    0,    0,    0,    0,  273,  273,  469,
1023
  380,  380,  380,    0,  273,  273,  273,  273,  273,  273,
1024
9
  273,  273,  273,  273,  273,  273,  302,    0,    0,  380,
1025
  380,  299,    0,  299,    0,    0,    0,    0,  380,    0,
1026
9
    0,  220,  221,  222,  380,  282,  223,    0,    0,  302,
1027
  380,  224,    0,    0,  380,  282,  225,    0,  380,    0,
1028
  302,    0,    0,    0,  282,  282,    0,  282,  282,    0,
1029
19
    0,  282,    0,    0,    0,  282,    0,  282,  282,  282,
1030
  282,  282,    0,    0,  282,  282,  282,  380,  380,  380,
1031
  282,    0,  380,  380,  380,  282,  380,  380,    0,    0,
1032
  380,  380,  282,    0,    0,    0,    0,    0,    0,  238,
1033
76
  238,  238,  238,  238,    0,  380,    0,    0,  282,   27,
1034
19
    5,    6,    7,  282,    0,    0,  282,    5,    6,    7,
1035
  202,  202,  202,  282,  282,  202,    0,    0,    0,  302,
1036
19
  202,  302,    0,    0,    0,  202,    0,    0,  282,  282,
1037
19
    0,    0,    0,    0,    0,  282,  282,  282,  282,  282,
1038
19
  282,  282,  282,  282,  282,  282,  282,    0,  299,    0,
1039
19
    0,    0,    9,    0,    0,    0,    0,    0,  299,    9,
1040
19
  347,  348,  349,  467,  468,    0,    0,  299,  299,    0,
1041
19
  299,  299,  364,    0,  299,   12,    0,    0,  299,    0,
1042
19
  299,  299,  299,  299,  299,    0,    0,  299,  299,  299,
1043
    0,    0,    0,  299,    0,  364,    0,    0,  299,    0,
1044
19
    0,    0,  364,    0,    0,  299,  364,    0,  347,  348,
1045
19
  349,  460,  461,    0,    0,    0,  238,  238,  238,  238,
1046
19
  238,  299,  364,    0,    0,    0,  299,    0,    0,  299,
1047
  599,  600,  601,  602,  603,  604,  299,  299,    0,    0,
1048
38
    0,    0,    0,  347,  348,  349,  467,  468,    0,    0,
1049
19
    0,  299,  299,    0,  605,    0,  302,    0,  299,  299,
1050
  299,  299,  299,  299,  299,    0,  302,    0,  299,  299,
1051
    0,    0,    0,    0,    0,  302,  302,  113,  302,  302,
1052
    0,   42,  302,    0,    0,  364,  302,  364,  302,  302,
1053
  302,  302,  302,  114,    0,  302,  302,  302,    0,    0,
1054
19
    0,  302,    0,    0,   42,    0,  302,  380,  380,  380,
1055
19
  380,  380,   42,  302,    0,   42,    0,    0,    0,    0,
1056
6
    0,    0,    0,    0,    0,    0,  115,  116,  117,  302,
1057
6
  380,  118,  119,  120,  302,  121,  122,  302,    0,  110,
1058
  111,    0,    0,    0,  302,  302,  380,    0,    0,    0,
1059
6
    0,    0,    0,    0,  123,    0,    0,    0,    0,  302,
1060
6
  302,    0,    0,    0,    0,    0,  302,  302,  302,  302,
1061
12
  302,  302,  302,    0,    0,    0,  302,  302,    0,  380,
1062
6
  380,  380,    0,    0,  380,  380,  380,    0,  380,  380,
1063
    0,    0,  380,  380,   42,    0,    0,    0,  169,    0,
1064
    0,    0,    0,    0,    0,    0,    0,  380,    0,    0,
1065
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1066
    0,  169,  364,    0,    0,    0,    0,    0,    0,    0,
1067
    0,    0,  364,    0,    0,    0,    0,    0,    0,    0,
1068
    0,  364,  364,    0,  364,  364,    0,    0,  364,    0,
1069
6
    0,    0,  364,    0,  364,  364,  364,  364,  364,    0,
1070
6
    0,  364,  364,  364,    0,    0,    0,  364,    0,    0,
1071
    0,    0,  364,    0,    0,    0,    0,    0,    0,  364,
1072
6
    0,    0,    0,    0,    0,    0,    0,    0,    0,  364,
1073
6
  364,  364,  364,  364,  364,  364,  364,    0,    0,    0,
1074
6
  364,    0,    0,  364,    0,    0,    0,    0,    0,    0,
1075
13
  364,  364,    0,  364,    0,    0,    0,    0,    0,    0,
1076
   49,    0,    0,    0,    0,  364,  364,    0,    0,    0,
1077
    0,   42,  364,  364,  364,  364,  364,  364,  364,   42,
1078
   42,   42,  364,   49,    0,    0,    0,    0,   42,    0,
1079
   42,   42,    0,   42,   42,    0,    0,   42,    0,    0,
1080
19
    0,   42,    0,   42,   42,   42,   42,   42,    0,    0,
1081
18
   42,   42,   42,    0,    0,    0,   42,    0,    0,    0,
1082
    0,   42,    0,    0,    0,    0,    0,    0,   42,    0,
1083
    0,    0,    0,    0,    0,    0,    0,   42,   42,   42,
1084
   42,   42,   42,   42,   42,    0,    0,    0,    0,   42,
1085
19
    0,    0,   42,    0,    0,    0,    0,    0,    0,   42,
1086
   42,    0,   42,    0,    0,    0,    0,    0,    0,    0,
1087
    0,    0,    0,   49,   42,   42,    0,  171,    0,    0,
1088
    0,   42,   42,   42,   42,   42,   42,   42,  169,    0,
1089
  169,  169,  169,  169,  169,  169,  169,  169,  169,    0,
1090
  171,    0,  169,  169,  169,  169,    0,  169,  169,    0,
1091
  169,  169,    0,    0,  169,    0,    0,    0,  169,    0,
1092
  169,  169,  169,  169,  169,    0,    0,  169,  169,  169,
1093
    0,    0,    0,  169,    0,    0,    0,    0,  169,    0,
1094
    0,    0,    0,    0,    0,  169,    0,    0,    0,    0,
1095
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1096
    0,  169,    0,    0,    0,    0,  169,    0,    0,  169,
1097
    0,    0,    0,    0,    0,    0,  169,  169,    0,    0,
1098
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1099
    0,  169,  169,    0,    0,    0,    0,    0,  169,  169,
1100
  169,  169,  169,  169,  169,  173,    0,    0,    0,    0,
1101
   49,    0,   49,   49,   49,    0,   49,   49,   49,   49,
1102
   49,    0,    0,    0,   49,   49,   49,   49,  173,   49,
1103
   49,    0,   49,   49,    0,    0,   49,    0,    0,    0,
1104
   49,    0,   49,   49,   49,   49,   49,    0,    0,   49,
1105
   49,   49,    0,    0,    0,   49,    0,    0,    0,    0,
1106
   49,    0,    0,    0,    0,    0,    0,   49,    0,    0,
1107
19
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1108
    0,    0,    0,   49,    0,    0,    0,    0,   49,    0,
1109
19
    0,   49,    0,    0,    0,    0,    0,    0,   49,   49,
1110
38
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1111
    0,    0,    0,   49,   49,    0,    0,    0,    0,    0,
1112
   49,   49,   49,   49,   49,   49,   49,  171,  174,  171,
1113
19
  171,  171,  171,  171,  171,  171,  171,  171,    0,    0,
1114
19
    0,  171,  171,  171,  171,    0,  171,  171,    0,  171,
1115
  171,  174,    0,  171,    0,    0,    0,  171,    0,  171,
1116
  171,  171,  171,  171,    0,    0,  171,  171,  171,    0,
1117
    0,    0,  171,    0,    0,    0,    0,  171,    0,    0,
1118
    0,    0,    0,    0,  171,    0,    0,    0,    0,   42,
1119
    0,    0,   43,   44,   45,   46,   47,    0,    0,   48,
1120
  171,   49,   50,   51,    0,  171,    0,    0,  171,    0,
1121
    0,    0,    0,    0,    0,  171,  171,    0,    0,    0,
1122
    0,    0,    0,    0,    0,    0,    0,    0,   52,    0,
1123
  171,  171,    0,    0,    0,    0,    0,  171,  171,  171,
1124
  171,  171,  171,  171,    0,  183,    0,    0,   53,   54,
1125
13
    0,    0,    0,    0,    0,  173,    0,  173,  173,  173,
1126
13
  173,  173,  173,  173,  173,  173,    0,    0,  183,  173,
1127
6
  173,  173,  173,    0,  173,  173,    0,  173,  173,    0,
1128
6
    0,  173,    0,    0,    0,  173,    0,  173,  173,  173,
1129
  173,  173,    0,    0,  173,  173,  173,    0,    0,    0,
1130
6
  173,    0,    0,    0,    0,  173,    0,    0,    0,    0,
1131
    0,    0,  173,    0,    0,    0,    0,    0,    0,    0,
1132
    0,    0,    0,    0,    0,    0,    0,    0,  173,    0,
1133
6
    0,    0,    0,  173,    0,    0,  173,    0,    0,    0,
1134
6
    0,    0,    0,  173,  173,    0,    0,    0,    0,    0,
1135
    0,    0,    0,    0,    0,    0,    0,    0,  173,  173,
1136
6
    0,    0,    0,    0,    0,  173,  173,  173,  173,  173,
1137
6
  173,  173,    0,  183,    0,    0,    0,    0,  174,    0,
1138
6
  174,  174,  174,  174,  174,  174,  174,  174,  174,    0,
1139
13
    0,    0,  174,  174,  174,  174,  183,  174,  174,    0,
1140
13
  174,  174,    0,    0,  174,    0,    0,    0,  174,    0,
1141
13
  174,  174,  174,  174,  174,    0,    0,  174,  174,  174,
1142
    0,    0,    0,  174,    0,    0,    0,    0,  174,    0,
1143
13
    0,    0,    0,    0,    0,  174,    0,    0,    0,    0,
1144
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1145
    0,  174,    0,    0,    0,    0,  174,    0,    0,  174,
1146
    0,    0,    0,    0,    0,    0,  174,  174,    0,    0,
1147
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1148
    0,  174,  174,    0,    0,    0,  183,    0,  174,  174,
1149
  174,  174,  174,  174,  174,  183,  193,    0,  183,    0,
1150
6
  183,  183,  183,  183,  183,  183,    0,    0,    0,  183,
1151
  183,  183,  183,    0,  183,  183,    0,  183,  183,  193,
1152
    0,  183,    0,    0,    0,  183,    0,  183,  183,  183,
1153
  183,  183,    0,    0,  183,  183,  183,    0,    0,    0,
1154
6
  183,    0,    0,    0,    0,  183,    0,    0,    0,    0,
1155
    0,    0,  183,    0,    0,    0,    0,    0,    0,    0,
1156
6
    0,    0,    0,    0,    0,    0,    0,    0,  183,    0,
1157
    0,    0,    0,  183,    0,    0,  183,    0,    0,    0,
1158
    0,    0,    0,  183,  183,    0,    0,    0,    0,    0,
1159
    0,    0,    0,    0,  248,    0,    0,    0,  183,  183,
1160
    0,    0,    0,    0,    0,  183,  183,  183,  183,  183,
1161
  183,  183,    0,    0,    0,    0,    0,  248,    0,    0,
1162
    0,    0,    0,  183,    0,    0,  183,    0,    0,  183,
1163
  183,  183,  183,  183,    0,    0,    0,  183,  183,  183,
1164
  183,    0,  183,  183,    0,  183,  183,    0,    0,  183,
1165
200
    0,    0,    0,  183,    0,  183,  183,  183,  183,  183,
1166
4063
    0,    0,  183,  183,  183,    0,    0,    0,  183,    0,
1167
3863
    0,    0,    0,  183,    0,    0,    0,    0,    0,    0,
1168
  183,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1169
    0,    0,    0,    0,    0,    0,  183,    0,    0,    0,
1170
    0,  183,    0,    0,  183,    0,    0,  248,    0,    0,
1171
    0,  183,  183,    0,    0,    0,    0,  190,    0,    0,
1172
    0,    0,    0,    0,    0,    0,  183,  183,    0,    0,
1173
36
    0,    0,    0,  183,  183,  183,  183,  183,  183,  183,
1174
  190,    0,    0,    0,    0,    0,  193,    0,    0,  193,
1175
    0,    0,  193,  193,  193,  193,  193,    0,    0,    0,
1176
  193,  193,  193,  193,    0,  193,  193,    0,  193,  193,
1177
    0,    0,  193,    0,    0,    0,  193,    0,  193,  193,
1178
  193,  193,  193,    0,    0,  193,  193,  193,    0,    0,
1179
72
    0,  193,    0,    0,    0,    0,  193,    0,    0,    0,
1180
36
    0,    0,    0,  193,    0,    0,    0,    0,    0,    0,
1181
1
  193,    0,    0,    0,    0,    0,    0,    0,    0,  193,
1182
    0,    0,    0,    0,  193,    0,    0,  193,    0,    0,
1183
    0,    0,    0,    0,  193,  193,    0,    0,    0,    0,
1184
166
    0,    0,  189,    0,  248,    0,    0,    0,    0,  193,
1185
  193,    0,    0,  248,  248,    0,  193,  193,  193,  193,
1186
48
  193,  193,  193,  248,  248,  189,  248,  248,    0,  248,
1187
11
  248,    0,    0,    0,  248,    0,  248,  248,  248,  248,
1188
268
  248,    0,    0,  248,  248,  248,    0,    0,    0,  248,
1189
86
    0,    0,    0,    0,  248,    0,    0,    0,    0,    0,
1190
86
    0,  248,    0,    0,    0,    0,    0,    0,    0,    0,
1191
    0,  248,  248,  248,  248,  248,  248,  248,    0,    0,
1192
48
    0,    0,  248,    0,    0,  248,    0,    0,    0,    0,
1193
48
    0,    0,  248,  248,    0,  248,    0,    0,    0,    0,
1194
    0,    0,    0,    0,    0,    0,    0,  248,  248,    0,
1195
35
    0,    0,    0,    0,  248,  248,  248,  248,  248,  248,
1196
  248,    0,  186,    0,    0,    0,    0,  190,    0,    0,
1197
  190,    0,    0,    0,  190,  190,  190,  190,    0,    0,
1198
    0,  190,  190,  190,  190,  186,  190,  190,    0,  190,
1199
41
  190,    0,    0,  190,    0,    0,    0,  190,    0,  190,
1200
41
  190,  190,  190,  190,    0,    0,  190,  190,  190,    0,
1201
    0,    0,  190,    0,    0,    0,    0,  190,    0,    0,
1202
41
    0,    0,    0,    0,  190,    0,    0,    0,    0,    0,
1203
36
    0,  190,    0,    0,    0,    0,    0,    0,    0,    0,
1204
36
  190,    0,    0,    0,    0,  190,    0,    0,  190,    0,
1205
    0,    0,    0,    0,    0,  190,  190,    0,    0,    0,
1206
    0,  348,    0,    0,    0,    0,    0,    0,    0,    0,
1207
  190,  190,    0,    0,    0,  186,    0,  190,  190,  190,
1208
  190,  190,  190,  190,  348,    0,    0,    0,    0,    0,
1209
    0,    0,  189,    0,    0,  189,    0,    0,    0,  189,
1210
  189,  189,  189,    0,    0,    0,  189,  189,  189,  189,
1211
    0,  189,  189,    0,  189,  189,    0,    0,  189,    0,
1212
    0,    0,  189,    0,  189,  189,  189,  189,  189,    0,
1213
    0,  189,  189,  189,    0,    0,    0,  189,    0,    0,
1214
    0,    0,  189,    0,    0,    0,    0,    0,    0,  189,
1215
    0,    0,    0,    0,    0,    0,  189,    0,    0,  350,
1216
    0,    0,    0,    0,    0,  189,    0,    0,    0,    0,
1217
33
  189,    0,    0,  189,  348,    0,    0,    0,    0,    0,
1218
  189,  189,  350,    0,    0,    0,    0,    0,    0,    0,
1219
11
    0,    0,    0,    0,    0,  189,  189,    0,    0,    0,
1220
    0,    0,  189,  189,  189,  189,  189,  189,  189,    0,
1221
    0,    0,  186,    0,    0,  186,    0,    0,    0,  186,
1222
  186,  186,  186,    0,    0,    0,  186,  186,  186,  186,
1223
    0,  186,  186,    0,  186,  186,    0,    0,  186,    0,
1224
    0,    0,  186,    0,  186,  186,  186,  186,  186,    0,
1225
    0,  186,  186,  186,    0,    0,    0,  186,  354,    0,
1226
    0,    0,  186,    0,    0,    0,    0,    0,    0,  186,
1227
    0,    0,  350,    0,    0,    0,    0,    0,    0,    0,
1228
33
    0,  354,    0,    0,    0,  186,    0,    0,    0,    0,
1229
  186,    0,    0,  186,    0,    0,    0,    0,    0,    0,
1230
33
  186,  186,    0,    0,    0,    0,    0,    0,    0,    0,
1231
    0,  348,    0,    0,    0,  186,  186,    0,    0,    0,
1232
  348,  348,  186,  186,  186,  186,  186,  186,  186,    0,
1233
  348,  348,    0,  348,  348,    0,    0,  348,    0,    0,
1234
    0,  348,    0,  348,  348,  348,  348,  348,    0,    0,
1235
254
  348,  348,  348,    0,    0,    0,  348,    0,    0,    0,
1236

90
    0,  348,    0,    0,    0,    0,    0,    0,  348,    0,
1237
    0,  354,    0,    0,    0,  188,    0,    0,  348,  348,
1238
  348,  348,  348,  348,  348,    0,    0,    0,    0,  348,
1239
    0,    0,  348,    0,    0,    0,    0,    0,  188,  348,
1240
  348,    0,  348,    0,    0,    0,    0,    0,    0,  350,
1241
    0,    0,    0,    0,  348,  348,    0,    0,  350,  350,
1242
    0,  348,  348,  348,  348,  348,  348,  348,  350,  350,
1243
    0,  350,  350,    0,    0,  350,    0,    0,    0,  350,
1244
1
    0,  350,  350,  350,  350,  350,    0,    0,  350,  350,
1245
  350,    0,    0,    0,  350,    0,    0,    0,    0,  350,
1246
1
    0,    0,    0,    0,    0,    0,  350,    0,    0,    0,
1247
    0,    0,    0,    0,    0,    0,  350,  350,  350,  350,
1248
1
  350,  350,  350,    0,    0,    0,    0,  350,    0,    0,
1249
1
  350,    0,  202,    0,    0,    0,    0,  350,  350,    0,
1250
  350,    0,    0,    0,    0,    0,    0,    0,  354,    0,
1251
1
    0,    0,  350,  350,    0,  202,    0,  354,  354,  350,
1252
  350,  350,  350,  350,  350,  350,    0,  354,  354,    0,
1253
1
  354,  354,    0,    0,  354,    0,    0,    0,  354,    0,
1254
  354,  354,  354,  354,  354,    0,    0,  354,  354,  354,
1255
    0,    0,    0,  354,    0,    0,    0,    0,  354,    0,
1256
    0,    0,    0,    0,    0,  354,    0,    0,    0,    0,
1257
    0,    0,    0,    0,    0,  352,  352,  352,  352,  352,
1258
  352,  354,    0,    0,    0,    0,  354,    0,    0,  354,
1259
    0,  354,    0,    0,    0,    0,  354,  354,    0,  352,
1260
    0,    0,    0,    0,    0,  202,    0,    0,    0,    0,
1261
    0,  354,  354,    0,  354,    0,    0,    0,  354,  354,
1262
3
  354,  354,  354,  354,  354,  188,    0,    0,  188,    0,
1263
    0,    0,  188,  188,  188,  188,    0,    0,    0,  188,
1264
37
  188,  188,  188,    0,  188,  188,    0,  188,  188,    0,
1265
    0,  188,    0,    0,    0,  188,    0,  188,  188,  188,
1266
37
  188,  188,    0,    0,  188,  188,  188,    0,    0,    0,
1267
37
  188,    0,    0,    0,    0,  188,    0,    0,    0,    0,
1268
    0,    0,  188,    0,    0,    0,    0,    0,    0,  248,
1269
37
    0,    0,    0,    0,    0,    0,    0,    0,  188,    0,
1270
37
    0,    0,    0,  188,  354,    0,  188,    0,    0,    0,
1271
    0,    0,  248,  188,  188,    0,    0,    0,    0,    0,
1272
    0,    0,    0,    0,    0,    0,    0,    0,  188,  188,
1273
    0,    0,    0,    0,    0,  188,  188,  188,  188,  188,
1274
13
  188,  188,  202,    0,    0,  202,    0,    0,    0,    0,
1275
  202,  202,  202,    0,    0,    0,  202,  202,  202,  202,
1276
13
    0,  202,  202,    0,  202,  202,    0,    0,  202,    0,
1277
13
    0,    0,  202,    0,  202,  202,  202,  202,  202,    0,
1278
    0,  202,  202,  202,    0,    0,    0,  202,    0,    0,
1279
13
    0,    0,  202,    0,    0,    0,    0,    0,    0,  202,
1280
    0,    0,  248,    0,    0,    0,  202,    0,    0,    0,
1281
13
    0,    0,    0,    0,    0,  202,    0,    0,    0,    0,
1282
  202,    0,    0,  202,    0,    0,    0,    0,    0,  202,
1283
  202,  202,    0,    0,    0,    0,    0,    0,    0,    0,
1284
84
    0,  354,    0,    0,    0,  202,  202,    0,    0,    0,
1285
    0,  354,  202,  202,  202,  202,  202,  202,  202,    0,
1286
  354,  354,    0,  354,  354,    0,    0,  354,    0,    0,
1287
    0,  354,    0,  354,  354,  354,  354,  354,    0,    0,
1288
  354,  354,  354,    0,    0,    0,  354,    0,    0,    0,
1289
84
    0,  354,    0,    0,    0,    0,    0,    0,  354,    0,
1290
    0,    0,    0,    0,    0,    0,    0,    0,  352,  352,
1291
84
  352,  352,  352,  352,  354,    0,    0,    0,    0,  354,
1292
    0,    0,  354,  211,    0,    0,    0,    0,    0,  354,
1293
  354,    0,  352,    0,    0,    0,    0,    0,    0,  248,
1294
40
    0,    0,    0,    0,  354,  354,  211,    0,    0,  248,
1295
40
    0,  354,  354,  354,  354,  354,  354,  354,  248,  248,
1296
44
    0,  248,  248,    0,    0,  248,    0,    0,    0,  248,
1297
44
    0,  248,  248,  248,  248,  248,    0,    0,  248,  248,
1298
44
  248,    0,    0,    0,  248,    0,    0,    0,    0,  248,
1299
    0,    0,    0,    0,    0,    0,  248,    0,    0,    0,
1300
44
    0,    0,    0,    0,    0,    0,  248,  248,  248,  248,
1301
  248,  248,  248,    0,    0,    0,    0,  248,    0,    0,
1302
  248,    0,    0,    0,    0,    0,    0,  248,  248,    0,
1303

53
  248,    0,    0,    0,    0,    0,  211,    0,    0,    0,
1304
  211,    0,  248,  248,    0,    0,    0,    0,    0,  248,
1305
  248,  248,  248,  248,  248,  248,  202,    0,    0,  202,
1306
    0,    0,    0,  211,  202,  202,  202,    0,    0,    0,
1307
38
  202,  202,  202,  202,    0,  202,  202,    0,  202,  202,
1308
    0,    0,  202,    0,    0,    0,  202,    0,  202,  202,
1309
38
  202,  202,  202,    0,    0,  202,  202,  202,    0,    0,
1310
    0,  202,    0,    0,    0,    0,  202,    0,    0,    0,
1311
    0,    0,    0,  202,    0,    0,    0,    0,    0,    0,
1312
38
    0,    0,    0,    0,    0,    0,    0,    0,    0,  202,
1313
    0,    0,    0,    0,  202,    0,    0,  202,    0,    0,
1314
38
    0,    0,    0,    0,  202,  202,    0,    0,    0,    0,
1315
38
    0,    0,    0,    0,    0,    0,    0,  214,    0,  202,
1316
38
  202,    0,    0,    0,    0,    0,  202,  202,  202,  202,
1317
  202,  202,  202,  211,    0,    0,  211,    0,    0,    0,
1318
  214,  211,  211,  211,    0,    0,    0,  211,    0,    0,
1319
  211,    0,  211,  211,    0,  211,  211,    0,    0,  211,
1320
    0,    0,    0,  211,    0,  211,  211,  211,  211,  211,
1321
    0,    0,  211,  211,  211,    0,    0,    0,  211,    0,
1322
    0,    0,    0,  211,    0,    0,    0,    0,    0,    0,
1323
28
  211,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1324
    0,    0,    0,    0,    0,    0,  211,    0,    0,    0,
1325
    0,  211,    0,    0,  211,    0,    0,    0,    0,    0,
1326
    0,  211,  211,    0,    0,    0,    0,    0,    0,    0,
1327
28
  214,    0,    0,    0,  214,    0,  211,  211,    0,    0,
1328
28
    0,    0,    0,  211,  211,  211,  211,  211,  211,  211,
1329
28
  211,    0,    0,  211,    0,    0,    0,  214,  211,  211,
1330
28
  211,    0,    0,    0,  211,    0,    0,  211,    0,  211,
1331
  211,    0,  211,  211,    0,    0,  211,    0,    0,    0,
1332
28
  211,    0,  211,  211,  211,  211,  211,    0,    0,  211,
1333
16
  211,  211,    0,    0,    0,  211,    0,    0,    0,    0,
1334
  211,    0,    0,    0,    0,    0,    0,  211,    0,    0,
1335
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1336
    0,    0,    0,  211,    0,    0,    0,    0,  211,    0,
1337
16
    0,  211,    0,  230,    0,    0,    0,    0,  211,  211,
1338
16
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1339
    0,    0,    0,  211,  211,    0,  230,    0,    0,    0,
1340
16
  211,  211,  211,  211,  211,  211,  211,  214,    0,    0,
1341
13
  214,    0,    0,    0,    0,  214,  214,  214,    0,    0,
1342
    0,    0,    0,    0,  214,    0,  214,  214,    0,  214,
1343
  214,    0,    0,  214,    0,    0,    0,  214,    0,  214,
1344
  214,  214,  214,  214,    0,    0,  214,  214,  214,    0,
1345
13
    0,    0,  214,    0,    0,    0,    0,  214,    0,    0,
1346
13
    0,    0,    0,    0,  214,    0,    0,    0,    0,    0,
1347
    0,  234,    0,    0,    0,    0,    0,    0,    0,    0,
1348
13
  214,    0,    0,    0,    0,  214,  230,    0,  214,    0,
1349
4
    0,    0,    0,    0,  234,  214,  214,    0,    0,    0,
1350
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1351
  214,  214,    0,    0,    0,    0,    0,  214,  214,  214,
1352
  214,  214,  214,  214,  214,    0,    0,  214,    0,    0,
1353

8
    0,    0,  214,  214,  214,    0,    0,    0,    0,    0,
1354
    0,  214,    0,  214,  214,    0,  214,  214,    0,    0,
1355
  214,    0,    0,    0,  214,    0,  214,  214,  214,  214,
1356
  214,    0,    0,  214,  214,  214,    0,    0,    0,  214,
1357
4
  230,    0,    0,    0,  214,    0,    0,    0,    0,    0,
1358
4
    0,  214,    0,    0,  234,    0,    0,    0,    0,    0,
1359
    0,    0,    0,  230,    0,    0,    0,  214,    0,    0,
1360
4
    0,    0,  214,    0,    0,  214,    0,    0,    0,    0,
1361
17
    0,    0,  214,  214,    0,    0,    0,    0,    0,    0,
1362
    0,    0,    0,  230,    0,    0,  230,  214,  214,    0,
1363
    0,    0,  230,  230,  214,  214,  214,  214,  214,  214,
1364
  214,    0,  230,  230,    0,  230,  230,    0,    0,  230,
1365

34
    0,    0,    0,  230,    0,  230,  230,  230,  230,  230,
1366
    0,    0,  230,  230,  230,    0,    0,    0,  230,  224,
1367
    0,    0,    0,  230,    0,    0,    0,    0,    0,    0,
1368
  230,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1369
    0,    0,  224,    0,    0,    0,  230,    0,    0,    0,
1370
17
    0,  230,    0,    0,  230,    0,    0,    0,    0,    0,
1371
17
    0,  230,  230,    0,    0,    0,    0,    0,    0,    0,
1372
17
    0,  234,    0,    0,  234,    0,  230,  230,    0,    0,
1373
  234,  234,    0,  230,  230,  230,  230,  230,  230,  230,
1374
17
  234,  234,    0,  234,  234,    0,    0,  234,    0,    0,
1375
6
    0,  234,    0,  234,  234,  234,  234,  234,    0,    0,
1376
  234,  234,  234,    0,    0,    0,  234,  353,    0,    0,
1377
    0,  234,    0,    0,    0,    0,    0,    0,  234,    0,
1378
    0,    0,  224,    0,    0,    0,    0,    0,    0,    0,
1379

12
  353,    0,    0,    0,  234,    0,    0,    0,    0,  234,
1380
    0,    0,  234,    0,    0,    0,    0,    0,    0,  234,
1381
  234,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1382
  230,    0,    0,  230,  234,  234,    0,    0,    0,  230,
1383
6
  230,  234,  234,  234,  234,  234,  234,  234,    0,  230,
1384
6
  230,    0,  230,  230,    0,    0,  230,    0,    0,    0,
1385
  230,    0,  230,  230,  230,  230,  230,    0,    0,  230,
1386
6
  230,  230,    0,    0,    0,  230,  122,    0,    0,    0,
1387
  230,    0,    0,    0,    0,    0,    0,  230,    0,    0,
1388
  353,    0,    0,    0,    0,    0,    0,    0,    0,  120,
1389
    0,    0,    0,  230,    0,    0,    0,    0,  230,    0,
1390
    0,  230,    0,    0,    0,    0,    0,    0,  230,  230,
1391
    0,    0,    0,    0,    0,    0,    0,    0,    0,  224,
1392
    0,    0,    0,  230,  230,    0,    0,    0,  224,  224,
1393
  230,  230,  230,  230,  230,  230,  230,    0,  224,  224,
1394
    0,  224,  224,    0,    0,  224,    0,    0,    0,  224,
1395
    0,  224,  224,  224,  224,  224,    0,    0,  224,  224,
1396
  224,    0,    0,    0,  224,  232,    0,    0,    0,  224,
1397
    0,    0,    0,    0,    0,    0,  224,    0,    0,  122,
1398
    0,    0,    0,    0,    0,    0,    0,    0,  232,    0,
1399
    0,    0,  224,    0,    0,    0,    0,  224,    0,    0,
1400
  224,    0,    0,    0,    0,    0,    0,  224,  224,    0,
1401
    0,    0,    0,    0,    0,    0,    0,  353,    0,    0,
1402
    0,    0,  224,  224,    0,    0,  353,  353,    0,  224,
1403
  224,  224,  224,  224,  224,  224,  353,  353,    0,  353,
1404
  353,    0,    0,  353,    0,    0,    0,  353,    0,  353,
1405
  353,  353,  353,  353,    0,    0,  353,  353,  353,    0,
1406
    0,    0,  353,  324,    0,    0,    0,  353,    0,    0,
1407
    0,    0,    0,    0,  353,    0,    0,    0,  232,    0,
1408
28
    0,    0,    0,    0,    0,    0,  324,    0,    0,    0,
1409
28
  353,    0,    0,    0,    0,  353,    0,    0,  353,    0,
1410
28
    0,    0,    0,    0,    0,  353,  353,    0,    0,    0,
1411
    0,    0,    0,    0,    0,    0,  120,    0,    0,    0,
1412
  353,  353,    0,    0,    0,    0,  120,  353,  353,  353,
1413
  353,  353,  353,  353,    0,  120,  120,    0,  120,  120,
1414
    0,    0,  120,    0,    0,    0,  120,    0,  120,  120,
1415
  120,  120,  120,    0,    0,  120,  120,  120,    0,    0,
1416
    0,  120,  145,    0,    0,    0,  120,    0,    0,    0,
1417
    0,    0,    0,  120,    0,    0,  324,    0,    0,    0,
1418
    0,    0,    0,    0,    0,  145,    0,    0,    0,  120,
1419
    0,    0,    0,    0,  120,    0,    0,  120,    0,    0,
1420
    0,    0,    0,    0,  120,  120,    0,    0,    0,    0,
1421
    0,    0,    0,    0,    0,  232,    0,    0,    0,  120,
1422
  120,    0,    0,    0,    0,  232,  120,  120,  120,  120,
1423
  120,  120,  120,    0,  232,  232,    0,  232,  232,    0,
1424
    0,  232,    0,    0,    0,  232,    0,  232,  232,  232,
1425
  232,  232,    0,    0,  232,  232,  232,    0,    0,    0,
1426
  232,  122,    0,    0,    0,  232,    0,    0,    0,    0,
1427
    0,    0,  232,    0,    0,  145,    0,    0,    0,    0,
1428
    0,    0,    0,    0,  120,    0,    0,    0,  232,    0,
1429
    0,    0,    0,  232,    0,    0,  232,    0,    0,    0,
1430
    0,    0,    0,  232,  232,    0,    0,    0,    0,    0,
1431
    0,    0,    0,  324,    0,    0,    0,    0,  232,  232,
1432
    0,    0,    0,  324,    0,  232,  232,  232,  232,  232,
1433
  232,  232,  324,  324,    0,  324,  324,    0,    0,  324,
1434
    0,    0,    0,  324,    0,  324,  324,  324,  324,  324,
1435
    0,    0,  324,  324,  324,    0,    0,    0,  324,    0,
1436
    0,    0,    0,  324,    0,    0,    0,    0,    0,    0,
1437
  324,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1438
28
    0,    0,  157,    0,    0,    0,  324,    0,    0,    0,
1439
    0,  324,    0,    0,  324,    0,    0,    0,    0,    0,
1440
28
    0,  324,  324,    0,    0,    0,    0,    0,    0,    0,
1441
    0,    0,  145,    0,    0,    0,  324,  324,    0,    0,
1442
28
    0,    0,  145,  324,  324,  324,  324,  324,  324,  324,
1443
28
    0,  145,  145,    0,  145,  145,    0,    0,  145,    0,
1444
28
    0,    0,  145,    0,  145,  145,  145,  145,  145,    0,
1445
2
    0,  145,  145,  145,    0,    0,    0,  145,    0,    0,
1446

4
    0,    0,  145,    0,    0,    0,    0,    0,    0,  145,
1447
2
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1448
2
    0,    0,    0,    0,    0,  145,    0,    0,    0,    0,
1449
2
  145,    0,    0,  145,    0,    0,    0,    0,    0,    0,
1450
2
  145,  145,    0,    0,    0,    0,    0,    0,    0,    0,
1451
2
    0,  120,    0,    0,    0,  145,  145,    0,    0,    0,
1452
2
    0,  120,  145,  145,  145,  145,  145,  145,  145,    0,
1453
28
  120,  120,    0,  120,  120,    0,    0,  120,    0,    0,
1454
    0,  120,    0,  120,  120,  120,  120,  120,    0,    0,
1455
28
  120,  120,  120,    0,    0,    0,  120,    0,    0,    0,
1456
12
    0,  120,    0,    0,    0,    0,    0,    0,  120,    0,
1457
16
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1458
15
    0,    0,    0,    0,  120,    0,    0,    0,    0,  120,
1459
1
    0,    0,  120,    0,    0,    0,    0,    0,    0,  120,
1460
1
  120,    0,    0,    0,    0,    0,    0,    0,    0,  361,
1461
    0,    0,    0,    0,  120,  120,    0,    0,    0,  362,
1462
    0,  120,  120,  120,  120,  120,  120,  120,  363,  364,
1463
    0,  365,  366,    0,    0,  367,    0,    0,    0,  368,
1464
    0,  369,  370,  371,  372,  373,    0,    0,  374,  375,
1465
  376,    0,    0,    0,  377,    0,    0,    0,    0,  378,
1466
    0,    0,    0,    0,    0,    0,  379,    0,    0,    0,
1467
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1468
    0,    0,  380,    0,    0,    0,    0,  381,    0,    0,
1469
  382,    0,    0,    0,    0,    0,    0,  383,  384,    0,
1470
    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
1471
    0,    0,    0,  385,    0,    0,    0,    0,    0,  386,
1472
  387,  388,  389,  390,  391,
1473
};
1474
const short yycheck[] =
1475
	{                                       3,
1476
28
    3,   92,   40,   61,   10,   62,   44,    0,   40,   33,
1477
28
   10,   10,   40,   10,   40,   33,  359,   10,   40,  142,
1478
56
   44,   40,   60,  123,  480,  123,  422,   33,   60,  300,
1479
  527,   10,   60,  538,   40,  153,  525,  123,   44,  159,
1480
   40,  501,   10,   40,   44,  123,   44,   44,  123,  107,
1481
  194,  546,   33,  549,   60,  178,  123,  201,  431,   33,
1482
   60,  152,  313,   60,  184,  156,  444,   47,  123,   40,
1483
   40,  277,   33,   41,   44,  320,   44,   44,   40,   40,
1484
  137,  204,   33,  206,  464,  155,   33,  125,   40,   60,
1485
   33,  123,  183,   33,  265,  266,   33,  363,   60,   60,
1486
  123,  125,   33,   40,  295,  483,   44,   44,   60,   40,
1487
  376,  278,  203,   44,  205,  173,   44,  123,   45,  125,
1488
   47,  244,  240,   60,  123,  125,  249,  125,  125,   60,
1489
   61,   62,  354,   44,  192,  380,  259,  278,  311,  312,
1490
  269,   10,  123,  234,  123,  642,   44,  389,  653,  391,
1491
  639,  524,   44,   44,  245,  125,   10,   33,  125,  250,
1492
2974
   44,  656,  123,  659,   40,   10,  622,  547,   44,  420,
1493
  630,  123,  123,  243,  380,  342,  123,  520,  574,  302,
1494
  123,  272,  273,  123,   60,  125,  123,  125,  125,  380,
1495
  471,  291,  123,   40,  125,  324,   41,  125,   44,   44,
1496
  291,  342,  424,   44,   40,   10,  216,  298,  337,  365,
1497
  366,   40,  303,  380,  125,   44,  307,   33,  309,   44,
1498
  343,  344,  345,   60,   40,  316,   60,  125,   40,   41,
1499
   40,   60,   40,  125,  125,  455,  456,  457,   40,  380,
1500
2974
  261,  125,   41,  296,   60,   44,  390,  123,   60,  125,
1501
2974
   10,   40,   60,  268,  278,  346,   40,  309,   60,  350,
1502

2974
  278,  532,  277,  256,  257,  258,  259,  380,  539,  550,
1503
  280,   60,  262,   40,  264,  495,   60,  497,  207,  125,
1504
36
  380,  404,  380,   33,  125,  306,  305,  123,  341,   61,
1505
36
   40,  297,  298,   60,  380,  381,  125,  278,  278,  380,
1506
36
  125,  138,  380,  426,  278,  380,  381,  123,  278,  400,
1507
   60,  148,  291,  380,  307,  363,  309,  310,  342,  338,
1508
105
   41,  563,  413,   44,  342,  380,  381,  385,  376,  348,
1509
105
  323,  278,  325,  380,  425,  303,  297,  298,  285,  512,
1510
105
  513,  278,  380,   33,  435,  338,  275,  278,  380,  440,
1511
105
   40,  319,  380,  346,  445,  381,  380,   40,  380,  450,
1512
  297,  298,  380,  369,  363,   10,  297,  298,  342,  369,
1513
40
   60,  462,  342,  123,  380,  381,  647,  376,  469,  499,
1514
40
  380,  381,  380,  380,  352,  353,  354,  380,   33,  357,
1515
40
  358,  359,  515,  361,  362,   40,   41,  365,  366,   44,
1516
40
  380,  380,  256,  257,  258,  259,  380,  627,  369,  380,
1517
  380,  342,  380,  380,  381,   60,   10,  369,  380,  380,
1518
2793
  381,  297,  298,  514,   10,  516,  380,  296,  380,  381,
1519
2793
  303,  278,  369,  123,  557,  125,  559,   10,  369,   10,
1520
2793
  498,  683,  278,  380,  381,  568,  377,  378,  379,  380,
1521
2793
  381,   41,   40,  307,   44,  309,  310,   41,  303,   10,
1522
2793
   44,  584,  278,  586,   44,  375,  376,  590,  278,  323,
1523
2793
  343,  325,  341,  596,  319,  695,  567,  534,  123,   10,
1524
  125,  297,  298,   41,  338,  576,   44,  610,   10,  297,
1525
2793
  298,  614,  346,  369,  617,  342,  587,  620,  380,  381,
1526
90
  591,  102,   10,  560,  380,  381,  342,  352,  353,  354,
1527
2793
   10,   33,  357,  358,  359,   10,  361,  362,   40,   41,
1528
8
  365,  366,   44,   44,  615,   10,  380,  618,  278,   44,
1529
2793
  297,  298,  342,  380,   10,  380,  296,   10,   60,   33,
1530
78
  369,  632,   40,  601,  380,  125,   40,  297,  298,  380,
1531
2793
  381,  380,  381,  369,  645,   10,   41,  369,   10,   44,
1532
98
  651,  369,   44,   44,  380,  381,   60,  369,  380,  381,
1533
2793
  380,   10,  380,  381,  665,   40,   44,  380,  380,  381,
1534
20
  369,  341,  673,  674,  380,  369,  267,   10,  679,  680,
1535
20
  380,  380,  381,  380,  381,  278,  380,  381,   40,  690,
1536
20
  691,  123,  369,  125,  125,   44,  207,  297,  298,  265,
1537
2793
  125,  380,  381,  380,  381,  260,  275,  276,  263,  369,
1538
12
  324,  369,  370,  371,  269,  270,  266,  631,  631,  123,
1539
2793
  380,  381,  304,  278,  279,  280,  546,  282,  283,  549,
1540
  285,  286,   62,  125,  125,  290,  266,  292,  293,  294,
1541
  295,  296,  297,  298,  299,  300,  301,  125,  287,  342,
1542
  305,  381,   60,   61,   62,  310,  355,  356,   10,  305,
1543
  381,   10,  317,  381,  275,  380,  381,  380,  381,  369,
1544
  381,   10,  327,  328,  329,  330,  331,  332,  333,  334,
1545
2793
  380,  381,   60,  338,   33,  381,  341,  380,  380,  381,
1546
28
  305,  381,  338,  348,  349,   44,  351,  446,  269,   60,
1547
28
   61,   62,  348,  380,  381,  454,  277,  381,  363,  364,
1548
28
  321,   60,   61,   62,  369,  370,  371,  372,  373,  374,
1549
28
  375,  376,  381,  338,   44,  380,  381,  381,  260,  300,
1550
2793
  301,  263,  261,  348,  370,  371,  656,  269,  270,  659,
1551
  380,  381,  271,  272,  273,  268,  278,  279,  280,   41,
1552
  282,  283,  380,  285,  286,  326,  380,  381,  290,  380,
1553
  292,  293,  294,  295,  296,  297,  298,  299,  300,  301,
1554
   10,  380,  381,  305,  123,   47,  125,  306,  310,  380,
1555
  538,  380,  381,   41,   10,  317,  397,  380,  381,  380,
1556
  381,  380,  381,  297,  298,  327,  328,  329,  330,  331,
1557
  332,  333,  334,  380,  381,  381,  338,   33,  303,  341,
1558
2793
   60,   61,   62,   33,  381,   62,  348,  349,   44,  351,
1559
8
   41,  269,  381,  381,  319,  381,  380,  274,   41,  277,
1560

2801
  380,  363,  364,  360,   60,   61,   62,  369,  370,  371,
1561
  372,  373,  374,  375,  376,  380,  595,  381,  380,  381,
1562
  344,  263,  300,  301,  303,  355,  324,  352,  353,  354,
1563
  609,  334,  357,  358,  359,  369,  361,  362,  285,  269,
1564

2801
  365,  366,   47,  123,  380,   10,  380,  381,  326,  380,
1565
6
   47,  380,  123,  381,  380,  380,  335,  336,  337,  382,
1566
   40,  340,  284,  284,  343,  653,  345,  123,  284,  125,
1567
6
  284,  350,  335,  336,  337,  381,   44,  340,  285,  381,
1568
  343,  260,  345,   41,  263,  381,  380,  350,  381,  380,
1569
2787
  269,  270,   60,   61,   62,   10,   41,  676,   62,  678,
1570
  279,  280,  343,  282,  283,  381,  303,  286,  380,   47,
1571
2787
  281,  290,   40,  292,  293,  294,  295,  296,   33,  281,
1572
50
  299,  300,  301,   47,  285,  380,  305,  380,   47,   44,
1573
25
  382,  310,  382,  285,  303,  380,  268,  380,  317,  377,
1574
4
  378,  379,  380,  381,   10,   60,   61,   62,   41,  380,
1575
   62,   41,  381,  381,  333,  381,  381,  125,  381,  338,
1576
4
  380,  380,  341,   60,   61,   62,  335,  336,  337,  348,
1577
  349,  340,   41,   10,  343,  269,  345,   10,   10,   10,
1578
2783
   10,  350,   41,  324,  363,  364,  377,  378,  379,  380,
1579
64
  381,  370,  371,  372,  373,  374,  375,  376,  377,  378,
1580
32
  379,  380,  381,   10,  260,   10,  380,   10,  123,   10,
1581
  125,   60,   61,   62,  270,  380,   10,   10,   10,   60,
1582
   61,   62,  268,  279,  280,  381,  282,  283,  494,  477,
1583
  286,   41,   53,  303,  290,  237,  292,  293,  294,  295,
1584
  296,   33,  197,  299,  300,  301,   60,   61,   62,  305,
1585
2783
  271,  402,   44,  337,  310,  324,  360,  287,  288,  373,
1586
2783
  137,  317,  529,  172,  214,  335,  336,  337,   65,   56,
1587
  340,  286,  302,  478,  123,  345,  304,  333,  308,  397,
1588
2783
  350,  255,  338,  227,  236,  341,  316,  637,  125,  607,
1589
2783
  631,   -1,  348,  349,   -1,  125,   -1,  377,  378,  379,
1590
2783
  380,  381,   -1,   -1,   -1,   -1,   -1,  363,  364,  123,
1591
2783
   60,   61,   62,   -1,  370,  371,  372,  373,  374,  375,
1592
3
  376,  377,  378,  379,  380,  381,   10,   -1,   -1,  287,
1593
3
  288,  123,   -1,  125,   -1,   -1,   -1,   -1,  303,   -1,
1594
   -1,  335,  336,  337,  302,  260,  340,   -1,   -1,   33,
1595

7584
  308,  345,   -1,   -1,  319,  270,  350,   -1,  316,   -1,
1596

956
   44,   -1,   -1,   -1,  279,  280,   -1,  282,  283,   -1,
1597
170
   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,
1598
12
  295,  296,   -1,   -1,  299,  300,  301,  352,  353,  354,
1599
  305,   -1,  357,  358,  359,  310,  361,  362,   -1,   -1,
1600

604
  365,  366,  317,   -1,   -1,   -1,   -1,   -1,   -1,  377,
1601

2
  378,  379,  380,  381,   -1,  380,   -1,   -1,  333,  256,
1602
2
  257,  258,  259,  338,   -1,   -1,  341,  257,  258,  259,
1603
  335,  336,  337,  348,  349,  340,   -1,   -1,   -1,  123,
1604
2
  345,  125,   -1,   -1,   -1,  350,   -1,   -1,  363,  364,
1605
   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,  374,
1606
  375,  376,  377,  378,  379,  380,  381,   -1,  260,   -1,
1607
   -1,   -1,  309,   -1,   -1,   -1,   -1,   -1,  270,  309,
1608
2
  377,  378,  379,  380,  381,   -1,   -1,  279,  280,   -1,
1609
  282,  283,   10,   -1,  286,  325,   -1,   -1,  290,   -1,
1610
  292,  293,  294,  295,  296,   -1,   -1,  299,  300,  301,
1611
   -1,   -1,   -1,  305,   -1,   33,   -1,   -1,  310,   -1,
1612
   -1,   -1,   40,   -1,   -1,  317,   44,   -1,  377,  378,
1613
  379,  380,  381,   -1,   -1,   -1,  377,  378,  379,  380,
1614
  381,  333,   60,   -1,   -1,   -1,  338,   -1,   -1,  341,
1615
  327,  328,  329,  330,  331,  332,  348,  349,   -1,   -1,
1616
   -1,   -1,   -1,  377,  378,  379,  380,  381,   -1,   -1,
1617
   -1,  363,  364,   -1,  351,   -1,  260,   -1,  370,  371,
1618
  372,  373,  374,  375,  376,   -1,  270,   -1,  380,  381,
1619
   -1,   -1,   -1,   -1,   -1,  279,  280,  303,  282,  283,
1620
2778
   -1,   10,  286,   -1,   -1,  123,  290,  125,  292,  293,
1621
2778
  294,  295,  296,  319,   -1,  299,  300,  301,   -1,   -1,
1622
2778
   -1,  305,   -1,   -1,   33,   -1,  310,  377,  378,  379,
1623
  380,  381,   41,  317,   -1,   44,   -1,   -1,   -1,   -1,
1624
   -1,   -1,   -1,   -1,   -1,   -1,  352,  353,  354,  333,
1625

6426
  303,  357,  358,  359,  338,  361,  362,  341,   -1,  365,
1626
1134
  366,   -1,   -1,   -1,  348,  349,  319,   -1,   -1,   -1,
1627
1098
   -1,   -1,   -1,   -1,  380,   -1,   -1,   -1,   -1,  363,
1628
1098
  364,   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,
1629
  374,  375,  376,   -1,   -1,   -1,  380,  381,   -1,  352,
1630
1098
  353,  354,   -1,   -1,  357,  358,  359,   -1,  361,  362,
1631
   -1,   -1,  365,  366,  123,   -1,   -1,   -1,   10,   -1,
1632
5772
   -1,   -1,   -1,   -1,   -1,   -1,   -1,  380,   -1,   -1,
1633
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1634
   -1,   33,  260,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1635



216
   -1,   -1,  270,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1636
   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,
1637
4
   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,
1638
   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,
1639
   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,
1640
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  327,
1641
  328,  329,  330,  331,  332,  333,  334,   -1,   -1,   -1,
1642
4
  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,
1643
4
  348,  349,   -1,  351,   -1,   -1,   -1,   -1,   -1,   -1,
1644
   10,   -1,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,
1645
4
   -1,  260,  370,  371,  372,  373,  374,  375,  376,  268,
1646
  269,  270,  380,   33,   -1,   -1,   -1,   -1,  277,   -1,
1647
  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,
1648
   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,
1649
  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,
1650
4
   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,
1651
4
   -1,   -1,   -1,   -1,   -1,   -1,   -1,  326,  327,  328,
1652
  329,  330,  331,  332,  333,   -1,   -1,   -1,   -1,  338,
1653
26
   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,
1654
  349,   -1,  351,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1655
   -1,   -1,   -1,  123,  363,  364,   -1,   10,   -1,   -1,
1656
   -1,  370,  371,  372,  373,  374,  375,  376,  260,   -1,
1657
  262,  263,  264,  265,  266,  267,  268,  269,  270,   -1,
1658
   33,   -1,  274,  275,  276,  277,   -1,  279,  280,   -1,
1659
26
  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,
1660
26
  292,  293,  294,  295,  296,   -1,   -1,  299,  300,  301,
1661
26
   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,
1662
   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,
1663
8
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1664
   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,
1665
   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,
1666
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1667
   -1,  363,  364,   -1,   -1,   -1,   -1,   -1,  370,  371,
1668
  372,  373,  374,  375,  376,   10,   -1,   -1,   -1,   -1,
1669
8
  260,   -1,  262,  263,  264,   -1,  266,  267,  268,  269,
1670
  270,   -1,   -1,   -1,  274,  275,  276,  277,   33,  279,
1671
  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,
1672
  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,
1673
  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,
1674
8
  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,
1675
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1676
8
   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,
1677
8
   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,
1678
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1679
9
   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,   -1,   -1,
1680
  370,  371,  372,  373,  374,  375,  376,  260,   10,  262,
1681
  263,  264,  265,  266,  267,  268,  269,  270,   -1,   -1,
1682
   -1,  274,  275,  276,  277,   -1,  279,  280,   -1,  282,
1683
  283,   33,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,
1684
27
  293,  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,
1685
9
   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,
1686
9
   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,  308,
1687
   -1,   -1,  311,  312,  313,  314,  315,   -1,   -1,  318,
1688
  333,  320,  321,  322,   -1,  338,   -1,   -1,  341,   -1,
1689
   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,
1690
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  347,   -1,
1691
  363,  364,   -1,   -1,   -1,   -1,   -1,  370,  371,  372,
1692
9
  373,  374,  375,  376,   -1,   10,   -1,   -1,  367,  368,
1693
9
   -1,   -1,   -1,   -1,   -1,  260,   -1,  262,  263,  264,
1694
  265,  266,  267,  268,  269,  270,   -1,   -1,   33,  274,
1695
17
  275,  276,  277,   -1,  279,  280,   -1,  282,  283,   -1,
1696
   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,
1697
  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,
1698
  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,
1699
   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1700
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  333,   -1,
1701
17
   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,
1702
   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,
1703
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  363,  364,
1704
   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,  374,
1705
  375,  376,   -1,   10,   -1,   -1,   -1,   -1,  260,   -1,
1706
17
  262,  263,  264,  265,  266,  267,  268,  269,  270,   -1,
1707
   -1,   -1,  274,  275,  276,  277,   33,  279,  280,   -1,
1708
17
  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,
1709
  292,  293,  294,  295,  296,   -1,   -1,  299,  300,  301,
1710
17
   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,
1711
   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,
1712
17
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1713
   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,
1714
   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,
1715
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1716
   -1,  363,  364,   -1,   -1,   -1,  123,   -1,  370,  371,
1717
  372,  373,  374,  375,  376,  260,   10,   -1,  263,   -1,
1718

34
  265,  266,  267,  268,  269,  270,   -1,   -1,   -1,  274,
1719
17
  275,  276,  277,   -1,  279,  280,   -1,  282,  283,   33,
1720
   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,
1721
  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,
1722
  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,
1723
   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1724
17
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  333,   -1,
1725
   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,
1726
   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,
1727
   -1,   -1,   -1,   -1,   10,   -1,   -1,   -1,  363,  364,
1728
   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,  374,
1729
  375,  376,   -1,   -1,   -1,   -1,   -1,   33,   -1,   -1,
1730
   -1,   -1,   -1,  260,   -1,   -1,  263,   -1,   -1,  266,
1731
17
  267,  268,  269,  270,   -1,   -1,   -1,  274,  275,  276,
1732
  277,   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,
1733
17
   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,
1734
17
   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,
1735
17
   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,
1736
  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1737
17
   -1,   -1,   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,
1738
   -1,  338,   -1,   -1,  341,   -1,   -1,  123,   -1,   -1,
1739
9
   -1,  348,  349,   -1,   -1,   -1,   -1,   10,   -1,   -1,
1740
   -1,   -1,   -1,   -1,   -1,   -1,  363,  364,   -1,   -1,
1741
   -1,   -1,   -1,  370,  371,  372,  373,  374,  375,  376,
1742
   33,   -1,   -1,   -1,   -1,   -1,  260,   -1,   -1,  263,
1743
   -1,   -1,  266,  267,  268,  269,  270,   -1,   -1,   -1,
1744
  274,  275,  276,  277,   -1,  279,  280,   -1,  282,  283,
1745
9
   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,
1746
  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,
1747
   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,
1748
   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,
1749
  324,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  333,
1750
9
   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,
1751
   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,
1752
9
   -1,   -1,   10,   -1,  260,   -1,   -1,   -1,   -1,  363,
1753
  364,   -1,   -1,  269,  270,   -1,  370,  371,  372,  373,
1754
9
  374,  375,  376,  279,  280,   33,  282,  283,   -1,  285,
1755
  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,
1756
  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,
1757
   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,
1758
   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1759
   -1,  327,  328,  329,  330,  331,  332,  333,   -1,   -1,
1760
   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,
1761
   -1,   -1,  348,  349,   -1,  351,   -1,   -1,   -1,   -1,
1762
   -1,   -1,   -1,   -1,   -1,   -1,   -1,  363,  364,   -1,
1763
   -1,   -1,   -1,   -1,  370,  371,  372,  373,  374,  375,
1764
  376,   -1,   10,   -1,   -1,   -1,   -1,  260,   -1,   -1,
1765
  263,   -1,   -1,   -1,  267,  268,  269,  270,   -1,   -1,
1766
   -1,  274,  275,  276,  277,   33,  279,  280,   -1,  282,
1767
  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,
1768
  293,  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,
1769
   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,
1770
   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,
1771
   -1,  324,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1772
  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,
1773
   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,
1774
   -1,   10,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1775
  363,  364,   -1,   -1,   -1,  123,   -1,  370,  371,  372,
1776
  373,  374,  375,  376,   33,   -1,   -1,   -1,   -1,   -1,
1777
   -1,   -1,  260,   -1,   -1,  263,   -1,   -1,   -1,  267,
1778
  268,  269,  270,   -1,   -1,   -1,  274,  275,  276,  277,
1779
   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,
1780
   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,
1781
   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,
1782
27
   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,
1783
14
   -1,   -1,   -1,   -1,   -1,   -1,  324,   -1,   -1,   10,
1784
13
   -1,   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,
1785
  338,   -1,   -1,  341,  123,   -1,   -1,   -1,   -1,   -1,
1786
2
  348,  349,   33,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1787
14
   -1,   -1,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,
1788
   -1,   -1,  370,  371,  372,  373,  374,  375,  376,   -1,
1789
   -1,   -1,  260,   -1,   -1,  263,   -1,   -1,   -1,  267,
1790
  268,  269,  270,   -1,   -1,   -1,  274,  275,  276,  277,
1791
   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,
1792
   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,
1793
   -1,  299,  300,  301,   -1,   -1,   -1,  305,   10,   -1,
1794
14
   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,
1795
14
   -1,   -1,  123,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1796
14
   -1,   33,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,
1797
108
  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,
1798
108
  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1799
108
   -1,  260,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,
1800
108
  269,  270,  370,  371,  372,  373,  374,  375,  376,   -1,
1801
  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,
1802
   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,
1803


6229
  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,
1804

2058
   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,
1805
1020
   -1,  123,   -1,   -1,   -1,   10,   -1,   -1,  327,  328,
1806
991
  329,  330,  331,  332,  333,   -1,   -1,   -1,   -1,  338,
1807
991
   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   33,  348,
1808
991
  349,   -1,  351,   -1,   -1,   -1,   -1,   -1,   -1,  260,
1809

5555
   -1,   -1,   -1,   -1,  363,  364,   -1,   -1,  269,  270,
1810
3
   -1,  370,  371,  372,  373,  374,  375,  376,  279,  280,
1811
3
   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,
1812
3
   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,  300,
1813
3
  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,
1814
3
   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,
1815
2778
   -1,   -1,   -1,   -1,   -1,   -1,  327,  328,  329,  330,
1816

49
  331,  332,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,
1817
7
  341,   -1,   10,   -1,   -1,   -1,   -1,  348,  349,   -1,
1818
1
  351,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  260,   -1,
1819
   -1,   -1,  363,  364,   -1,   33,   -1,  269,  270,  370,
1820
  371,  372,  373,  374,  375,  376,   -1,  279,  280,   -1,
1821
1
  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,
1822
  292,  293,  294,  295,  296,   -1,   -1,  299,  300,  301,
1823

47
   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,
1824
6
   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,
1825
   -1,   -1,   -1,   -1,   -1,  327,  328,  329,  330,  331,
1826
  332,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,
1827
   -1,   10,   -1,   -1,   -1,   -1,  348,  349,   -1,  351,
1828
   -1,   -1,   -1,   -1,   -1,  123,   -1,   -1,   -1,   -1,
1829
   -1,  363,  364,   -1,   33,   -1,   -1,   -1,  370,  371,
1830

47
  372,  373,  374,  375,  376,  260,   -1,   -1,  263,   -1,
1831
6
   -1,   -1,  267,  268,  269,  270,   -1,   -1,   -1,  274,
1832
  275,  276,  277,   -1,  279,  280,   -1,  282,  283,   -1,
1833
   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,
1834
  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,
1835
  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,
1836
   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,   10,
1837
82
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  333,   -1,
1838
41
   -1,   -1,   -1,  338,  123,   -1,  341,   -1,   -1,   -1,
1839
13
   -1,   -1,   33,  348,  349,   -1,   -1,   -1,   -1,   -1,
1840
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  363,  364,
1841
41
   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,  374,
1842
41
  375,  376,  260,   -1,   -1,  263,   -1,   -1,   -1,   -1,
1843
10
  268,  269,  270,   -1,   -1,   -1,  274,  275,  276,  277,
1844
   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,
1845
2777
   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,
1846
1361
   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,
1847
   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,
1848
2777
   -1,   -1,  123,   -1,   -1,   -1,   10,   -1,   -1,   -1,
1849
4
   -1,   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,
1850
2777
  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   33,
1851
  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1852
2777
   -1,  260,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,
1853
2777
   -1,  270,  370,  371,  372,  373,  374,  375,  376,   -1,
1854
  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,
1855
2777
   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,
1856
86
  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,
1857
   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,
1858
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  327,  328,
1859
  329,  330,  331,  332,  333,   -1,   -1,   -1,   -1,  338,
1860
   -1,   -1,  341,   10,   -1,   -1,   -1,   -1,   -1,  348,
1861
86
  349,   -1,  351,   -1,   -1,   -1,   -1,   -1,   -1,  260,
1862
86
   -1,   -1,   -1,   -1,  363,  364,   33,   -1,   -1,  270,
1863
86
   -1,  370,  371,  372,  373,  374,  375,  376,  279,  280,
1864
7
   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,
1865
   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,  300,
1866
  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,
1867
2777
   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,
1868
86
   -1,   -1,   -1,   -1,   -1,   -1,  327,  328,  329,  330,
1869
86
  331,  332,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,
1870

148
  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,
1871
59
  351,   -1,   -1,   -1,   -1,   -1,  123,   -1,   -1,   -1,
1872

56
   10,   -1,  363,  364,   -1,   -1,   -1,   -1,   -1,  370,
1873
6
  371,  372,  373,  374,  375,  376,  260,   -1,   -1,  263,
1874
86
   -1,   -1,   -1,   33,  268,  269,  270,   -1,   -1,   -1,
1875


6
  274,  275,  276,  277,   -1,  279,  280,   -1,  282,  283,
1876
   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,
1877
  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,
1878
   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,   -1,
1879
   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,   -1,
1880
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  333,
1881
   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,
1882
172
   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,
1883
86
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   10,   -1,  363,
1884
  364,   -1,   -1,   -1,   -1,   -1,  370,  371,  372,  373,
1885
86
  374,  375,  376,  260,   -1,   -1,  263,   -1,   -1,   -1,
1886
86
   33,  268,  269,  270,   -1,   -1,   -1,  274,   -1,   -1,
1887
2777
  277,   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,
1888
4
   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,
1889
2
   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,
1890
   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,
1891
  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1892
   -1,   -1,   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,
1893
   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,
1894
2
   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1895
2
  123,   -1,   -1,   -1,   10,   -1,  363,  364,   -1,   -1,
1896
2777
   -1,   -1,   -1,  370,  371,  372,  373,  374,  375,  376,
1897
  260,   -1,   -1,  263,   -1,   -1,   -1,   33,  268,  269,
1898
  270,   -1,   -1,   -1,  274,   -1,   -1,  277,   -1,  279,
1899
  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,
1900
  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,
1901
  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,
1902
  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,
1903
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1904
   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,
1905
2777
   -1,  341,   -1,   10,   -1,   -1,   -1,   -1,  348,  349,
1906
2
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1907
2775
   -1,   -1,   -1,  363,  364,   -1,   33,   -1,   -1,   -1,
1908
  370,  371,  372,  373,  374,  375,  376,  260,   -1,   -1,
1909
5550
  263,   -1,   -1,   -1,   -1,  268,  269,  270,   -1,   -1,
1910
2775
   -1,   -1,   -1,   -1,  277,   -1,  279,  280,   -1,  282,
1911
2775
  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,
1912
2775
  293,  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,
1913
5568
   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,   -1,   -1,
1914
   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,   -1,   -1,
1915
   -1,   10,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1916
  333,   -1,   -1,   -1,   -1,  338,  123,   -1,  341,   -1,
1917
1835
   -1,   -1,   -1,   -1,   33,  348,  349,   -1,   -1,   -1,
1918
1835
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1919
  363,  364,   -1,   -1,   -1,   -1,   -1,  370,  371,  372,
1920
1835
  373,  374,  375,  376,  260,   -1,   -1,  263,   -1,   -1,
1921
1809
   -1,   -1,  268,  269,  270,   -1,   -1,   -1,   -1,   -1,
1922
1809
   -1,  277,   -1,  279,  280,   -1,  282,  283,   -1,   -1,
1923
1119
  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,
1924
1119
  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,
1925
1119
   10,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,
1926
   -1,  317,   -1,   -1,  123,   -1,   -1,   -1,   -1,   -1,
1927
1119
   -1,   -1,   -1,   33,   -1,   -1,   -1,  333,   -1,   -1,
1928
   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,
1929
   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,
1930
   -1,   -1,   -1,  260,   -1,   -1,  263,  363,  364,   -1,
1931
   -1,   -1,  269,  270,  370,  371,  372,  373,  374,  375,
1932
  376,   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,
1933
   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,
1934
28
   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,   10,
1935
6
   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,
1936
28
  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1937
   -1,   -1,   33,   -1,   -1,   -1,  333,   -1,   -1,   -1,
1938
28
   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,
1939
21
   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1940
3
   -1,  260,   -1,   -1,  263,   -1,  363,  364,   -1,   -1,
1941
21
  269,  270,   -1,  370,  371,  372,  373,  374,  375,  376,
1942
  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,
1943
21
   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,
1944
391
  299,  300,  301,   -1,   -1,   -1,  305,   10,   -1,   -1,
1945
   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,
1946
   -1,   -1,  123,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1947
   33,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,
1948
391
   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,
1949
391
  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
1950
391
  260,   -1,   -1,  263,  363,  364,   -1,   -1,   -1,  269,
1951
391
  270,  370,  371,  372,  373,  374,  375,  376,   -1,  279,
1952
391
  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,
1953
  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,
1954
391
  300,  301,   -1,   -1,   -1,  305,   10,   -1,   -1,   -1,
1955
100
  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,
1956
  123,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   33,
1957
   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,
1958
   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,
1959
100
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  260,
1960
100
   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,  269,  270,
1961
  370,  371,  372,  373,  374,  375,  376,   -1,  279,  280,
1962
100
   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,
1963
   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,  300,
1964
  301,   -1,   -1,   -1,  305,   10,   -1,   -1,   -1,  310,
1965
   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,  123,
1966
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   33,   -1,
1967
   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,
1968
  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,
1969
   -1,   -1,   -1,   -1,   -1,   -1,   -1,  260,   -1,   -1,
1970
   -1,   -1,  363,  364,   -1,   -1,  269,  270,   -1,  370,
1971
  371,  372,  373,  374,  375,  376,  279,  280,   -1,  282,
1972
  283,   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,
1973
  293,  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,
1974
   -1,   -1,  305,   10,   -1,   -1,   -1,  310,   -1,   -1,
1975
23
   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,  123,   -1,
1976
   -1,   -1,   -1,   -1,   -1,   -1,   33,   -1,   -1,   -1,
1977
  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,
1978
   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,
1979
23
   -1,   -1,   -1,   -1,   -1,   -1,  260,   -1,   -1,   -1,
1980
23
  363,  364,   -1,   -1,   -1,   -1,  270,  370,  371,  372,
1981
  373,  374,  375,  376,   -1,  279,  280,   -1,  282,  283,
1982
23
   -1,   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,
1983
304
  294,  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,
1984
   -1,  305,   10,   -1,   -1,   -1,  310,   -1,   -1,   -1,
1985
   -1,   -1,   -1,  317,   -1,   -1,  123,   -1,   -1,   -1,
1986
   -1,   -1,   -1,   -1,   -1,   33,   -1,   -1,   -1,  333,
1987
304
   -1,   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,
1988
304
   -1,   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,
1989
304
   -1,   -1,   -1,   -1,   -1,  260,   -1,   -1,   -1,  363,
1990
  364,   -1,   -1,   -1,   -1,  270,  370,  371,  372,  373,
1991
304
  374,  375,  376,   -1,  279,  280,   -1,  282,  283,   -1,
1992
4
   -1,  286,   -1,   -1,   -1,  290,   -1,  292,  293,  294,
1993
  295,  296,   -1,   -1,  299,  300,  301,   -1,   -1,   -1,
1994
4
  305,   10,   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,
1995
15
   -1,   -1,  317,   -1,   -1,  123,   -1,   -1,   -1,   -1,
1996
   -1,   -1,   -1,   -1,   33,   -1,   -1,   -1,  333,   -1,
1997
15
   -1,   -1,   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,
1998
293
   -1,   -1,   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,
1999
   -1,   -1,   -1,  260,   -1,   -1,   -1,   -1,  363,  364,
2000
   -1,   -1,   -1,  270,   -1,  370,  371,  372,  373,  374,
2001
  375,  376,  279,  280,   -1,  282,  283,   -1,   -1,  286,
2002
293
   -1,   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,
2003
   -1,   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,
2004
293
   -1,   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,
2005
  317,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2006
   -1,   -1,   33,   -1,   -1,   -1,  333,   -1,   -1,   -1,
2007
   -1,  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,
2008
   -1,  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2009
   -1,   -1,  260,   -1,   -1,   -1,  363,  364,   -1,   -1,
2010
   -1,   -1,  270,  370,  371,  372,  373,  374,  375,  376,
2011
   -1,  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,
2012
25
   -1,   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,
2013
   -1,  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,
2014
25
   -1,   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,
2015
32
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2016
32
   -1,   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,
2017
  338,   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,
2018
32
  348,  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2019
   -1,  260,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,
2020
   -1,  270,  370,  371,  372,  373,  374,  375,  376,   -1,
2021
12
  279,  280,   -1,  282,  283,   -1,   -1,  286,   -1,   -1,
2022
12
   -1,  290,   -1,  292,  293,  294,  295,  296,   -1,   -1,
2023
  299,  300,  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,
2024
   -1,  310,   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,
2025
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2026
12
   -1,   -1,   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,
2027
12
   -1,   -1,  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,
2028
  349,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  260,
2029
12
   -1,   -1,   -1,   -1,  363,  364,   -1,   -1,   -1,  270,
2030
   -1,  370,  371,  372,  373,  374,  375,  376,  279,  280,
2031

4
   -1,  282,  283,   -1,   -1,  286,   -1,   -1,   -1,  290,
2032
   -1,  292,  293,  294,  295,  296,   -1,   -1,  299,  300,
2033
  301,   -1,   -1,   -1,  305,   -1,   -1,   -1,   -1,  310,
2034
   -1,   -1,   -1,   -1,   -1,   -1,  317,   -1,   -1,   -1,
2035
2
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2036
   -1,   -1,  333,   -1,   -1,   -1,   -1,  338,   -1,   -1,
2037
2
  341,   -1,   -1,   -1,   -1,   -1,   -1,  348,  349,   -1,
2038
22
   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
2039
   -1,   -1,   -1,  364,   -1,   -1,   -1,   -1,   -1,  370,
2040
  371,  372,  373,  374,  375,
2041
};
2042
#define YYFINAL 2
2043
#ifndef YYDEBUG
2044
22
#define YYDEBUG 0
2045
22
#endif
2046
22
#define YYMAXTOKEN 382
2047
#if YYDEBUG
2048
const char * const yyname[] =
2049
	{
2050
"end-of-file",0,0,0,0,0,0,0,0,0,"'\\n'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
2051
0,0,"'!'",0,0,0,0,0,0,"'('","')'",0,0,"','","'-'",0,"'/'",0,0,0,0,0,0,0,0,0,0,0,
2052
2
0,"'<'","'='","'>'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
2053
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'{'",0,"'}'",0,0,0,
2054
2
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
2055
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
2056
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
2057
0,0,0,0,0,0,0,0,"PASS","BLOCK","MATCH","SCRUB","RETURN","IN","OS","OUT","LOG",
2058
"QUICK","ON","FROM","TO","FLAGS","RETURNRST","RETURNICMP","RETURNICMP6","PROTO",
2059
"INET","INET6","ALL","ANY","ICMPTYPE","ICMP6TYPE","CODE","KEEP","MODULATE",
2060
"STATE","PORT","BINATTO","NODF","MINTTL","ERROR","ALLOWOPTS","FILENAME",
2061
"ROUTETO","DUPTO","REPLYTO","NO","LABEL","NOROUTE","URPFFAILED","FRAGMENT",
2062
"USER","GROUP","MAXMSS","MAXIMUM","TTL","TOS","DROP","TABLE","REASSEMBLE",
2063
"ANCHOR","SET","OPTIMIZATION","TIMEOUT","LIMIT","LOGINTERFACE","BLOCKPOLICY",
2064
"RANDOMID","SYNPROXY","FINGERPRINTS","NOSYNC","DEBUG","SKIP","HOSTID",
2065
"ANTISPOOF","FOR","INCLUDE","MATCHES","BITMASK","RANDOM","SOURCEHASH",
2066
"ROUNDROBIN","LEASTSTATES","STATICPORT","PROBABILITY","WEIGHT","BANDWIDTH",
2067
"FLOWS","QUANTUM","QUEUE","PRIORITY","QLIMIT","RTABLE","RDOMAIN","MINIMUM",
2068
"BURST","PARENT","LOAD","RULESET_OPTIMIZATION","PRIO","ONCE","DEFAULT",
2069
"STICKYADDRESS","MAXSRCSTATES","MAXSRCNODES","SOURCETRACK","GLOBAL","RULE",
2070
138
"MAXSRCCONN","MAXSRCCONNRATE","OVERLOAD","FLUSH","SLOPPY","PFLOW","TAGGED",
2071
138
"TAG","IFBOUND","FLOATING","STATEPOLICY","STATEDEFAULTS","ROUTE","DIVERTTO",
2072
138
"DIVERTREPLY","DIVERTPACKET","NATTO","AFTO","RDRTO","RECEIVEDON","NE","LE","GE",
2073
138
"STRING","NUMBER","PORTBINARY",
2074
138
};
2075
12
const char * const yyrule[] =
2076
138
	{"$accept : ruleset",
2077
"ruleset :",
2078
138
"ruleset : ruleset include '\\n'",
2079
224
"ruleset : ruleset '\\n'",
2080
"ruleset : ruleset option '\\n'",
2081
"ruleset : ruleset pfrule '\\n'",
2082
"ruleset : ruleset anchorrule '\\n'",
2083
224
"ruleset : ruleset loadrule '\\n'",
2084
224
"ruleset : ruleset queuespec '\\n'",
2085
"ruleset : ruleset varset '\\n'",
2086
"ruleset : ruleset antispoof '\\n'",
2087
224
"ruleset : ruleset tabledef '\\n'",
2088
8
"ruleset : '{' fakeanchor '}' '\\n'",
2089
"ruleset : ruleset error '\\n'",
2090
"include : INCLUDE STRING",
2091
"fakeanchor : fakeanchor '\\n'",
2092
8
"fakeanchor : fakeanchor anchorrule '\\n'",
2093
"fakeanchor : fakeanchor pfrule '\\n'",
2094
"fakeanchor : fakeanchor error '\\n'",
2095
"optimizer : string",
2096
8
"optnodf :",
2097
8
"optnodf : NODF",
2098
8
"option : SET REASSEMBLE yesno optnodf",
2099
"option : SET OPTIMIZATION STRING",
2100
8
"option : SET RULESET_OPTIMIZATION optimizer",
2101
8
"option : SET TIMEOUT timeout_spec",
2102
8
"option : SET TIMEOUT '{' optnl timeout_list '}'",
2103
"option : SET LIMIT limit_spec",
2104
8
"option : SET LIMIT '{' optnl limit_list '}'",
2105
"option : SET LOGINTERFACE stringall",
2106
8
"option : SET HOSTID number",
2107
"option : SET BLOCKPOLICY DROP",
2108
"option : SET BLOCKPOLICY RETURN",
2109
"option : SET FINGERPRINTS STRING",
2110
"option : SET STATEPOLICY statelock",
2111
"option : SET DEBUG STRING",
2112
"option : SET DEBUG DEBUG",
2113
"option : SET SKIP interface",
2114
"option : SET STATEDEFAULTS state_opt_list",
2115
"stringall : STRING",
2116
"stringall : ALL",
2117
"string : STRING string",
2118
"string : STRING",
2119
"varstring : numberstring varstring",
2120
"varstring : numberstring",
2121
"numberstring : NUMBER",
2122
"numberstring : STRING",
2123
"varset : STRING '=' varstring",
2124
"anchorname : STRING",
2125
"anchorname :",
2126
"pfa_anchorlist :",
2127
"pfa_anchorlist : pfa_anchorlist '\\n'",
2128
"pfa_anchorlist : pfa_anchorlist pfrule '\\n'",
2129
"pfa_anchorlist : pfa_anchorlist anchorrule '\\n'",
2130
"pfa_anchorlist : pfa_anchorlist include '\\n'",
2131
"$$1 :",
2132
185
"pfa_anchor : '{' $$1 '\\n' pfa_anchorlist '}'",
2133
"pfa_anchor :",
2134
"anchorrule : ANCHOR anchorname dir quick interface af proto fromto filter_opts pfa_anchor",
2135
"loadrule : LOAD ANCHOR string FROM string",
2136
185
"$$2 :",
2137
185
"scrub_opts : $$2 scrub_opts_l",
2138
"scrub_opts_l : scrub_opts_l comma scrub_opt",
2139
"scrub_opts_l : scrub_opt",
2140
185
"scrub_opt : NODF",
2141
166
"scrub_opt : MINTTL NUMBER",
2142
"scrub_opt : MAXMSS NUMBER",
2143
"scrub_opt : REASSEMBLE STRING",
2144
"scrub_opt : RANDOMID",
2145
166
"antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts",
2146
166
"antispoof_ifspc : FOR antispoof_if",
2147
166
"antispoof_ifspc : FOR '{' optnl antispoof_iflst '}'",
2148
"antispoof_iflst : antispoof_if optnl",
2149
166
"antispoof_iflst : antispoof_iflst comma antispoof_if optnl",
2150
"antispoof_if : if_item",
2151
166
"antispoof_if : '(' if_item ')'",
2152
39
"$$3 :",
2153
39
"antispoof_opts : $$3 antispoof_opts_l",
2154
39
"antispoof_opts :",
2155
39
"antispoof_opts_l : antispoof_opts_l antispoof_opt",
2156
"antispoof_opts_l : antispoof_opt",
2157
39
"antispoof_opt : LABEL label",
2158
4
"antispoof_opt : RTABLE NUMBER",
2159
"not : '!'",
2160
"not :",
2161
23
"tabledef : TABLE '<' STRING '>' table_opts",
2162
23
"$$4 :",
2163
23
"table_opts : $$4 table_opts_l",
2164
23
"table_opts :",
2165
3
"table_opts_l : table_opts_l table_opt",
2166
"table_opts_l : table_opt",
2167
"table_opt : STRING",
2168
30
"table_opt : '{' optnl '}'",
2169
30
"table_opt : '{' optnl table_host_list '}'",
2170
30
"table_opt : FILENAME STRING",
2171
30
"tablespec : xhost optweight",
2172
"tablespec : '{' optnl table_host_list '}'",
2173
30
"table_host_list : tablespec optnl",
2174
"table_host_list : table_host_list comma tablespec optnl",
2175
"queuespec : QUEUE STRING interface queue_opts",
2176
"$$5 :",
2177
"queue_opts : $$5 queue_opts_l",
2178
"queue_opts_l : queue_opts_l queue_opt",
2179
"queue_opts_l : queue_opt",
2180
"queue_opt : BANDWIDTH scspec optscs",
2181
"queue_opt : PARENT STRING",
2182
"queue_opt : DEFAULT",
2183
"queue_opt : QLIMIT NUMBER",
2184
"queue_opt : FLOWS NUMBER",
2185
"queue_opt : QUANTUM NUMBER",
2186
"optscs :",
2187
"optscs : comma MINIMUM scspec",
2188
"optscs : comma MAXIMUM scspec",
2189
"optscs : comma MINIMUM scspec comma MAXIMUM scspec",
2190
16
"optscs : comma MAXIMUM scspec comma MINIMUM scspec",
2191
50
"scspec : bandwidth",
2192
34
"scspec : bandwidth BURST bandwidth FOR STRING",
2193
"bandwidth : STRING",
2194
"bandwidth : NUMBER",
2195
"pfrule : action dir logquick interface af proto fromto filter_opts",
2196
"$$6 :",
2197
"filter_opts : $$6 filter_opts_l",
2198
"filter_opts :",
2199
28
"filter_opts_l : filter_opts_l filter_opt",
2200
"filter_opts_l : filter_opt",
2201
"filter_opt : USER uids",
2202
"filter_opt : GROUP gids",
2203
28
"filter_opt : flags",
2204
28
"filter_opt : icmpspec",
2205
28
"filter_opt : PRIO NUMBER",
2206
"filter_opt : TOS tos",
2207
28
"filter_opt : keep",
2208
2
"filter_opt : FRAGMENT",
2209
"filter_opt : ALLOWOPTS",
2210
"filter_opt : LABEL label",
2211
"filter_opt : QUEUE qname",
2212
2
"filter_opt : TAG string",
2213
"filter_opt : not TAGGED string",
2214
2
"filter_opt : PROBABILITY probability",
2215
20
"filter_opt : RTABLE NUMBER",
2216
"filter_opt : DIVERTTO STRING PORT portplain",
2217
"filter_opt : DIVERTREPLY",
2218
"filter_opt : DIVERTPACKET PORT number",
2219
20
"filter_opt : SCRUB '(' scrub_opts ')'",
2220
20
"filter_opt : NATTO redirpool pool_opts",
2221
"filter_opt : AFTO af FROM redirpool pool_opts",
2222
20
"filter_opt : AFTO af FROM redirpool pool_opts TO redirpool pool_opts",
2223
"filter_opt : RDRTO redirpool pool_opts",
2224
"filter_opt : BINATTO redirpool pool_opts",
2225

51
"filter_opt : ROUTETO routespec pool_opts",
2226
2
"filter_opt : REPLYTO routespec pool_opts",
2227
2
"filter_opt : DUPTO routespec pool_opts",
2228
"filter_opt : not RECEIVEDON if_item",
2229
24
"filter_opt : ONCE",
2230
"filter_opt : filter_sets",
2231
24
"filter_sets : SET '(' filter_sets_l ')'",
2232

12
"filter_sets : SET filter_set",
2233
8
"filter_sets_l : filter_sets_l comma filter_set",
2234
"filter_sets_l : filter_set",
2235
"filter_set : prio",
2236
"filter_set : QUEUE qname",
2237
4
"filter_set : TOS tos",
2238
4
"prio : PRIO NUMBER",
2239
"prio : PRIO '(' NUMBER comma NUMBER ')'",
2240
4
"probability : STRING",
2241
"probability : NUMBER",
2242
"action : PASS",
2243
12
"action : MATCH",
2244
12
"action : BLOCK blockspec",
2245
"blockspec :",
2246
12
"blockspec : DROP",
2247
9
"blockspec : RETURNRST",
2248
9
"blockspec : RETURNRST '(' TTL NUMBER ')'",
2249
9
"blockspec : RETURNICMP",
2250
12
"blockspec : RETURNICMP6",
2251
"blockspec : RETURNICMP '(' reticmpspec ')'",
2252
"blockspec : RETURNICMP6 '(' reticmp6spec ')'",
2253
"blockspec : RETURNICMP '(' reticmpspec comma reticmp6spec ')'",
2254
"blockspec : RETURN",
2255
12
"reticmpspec : STRING",
2256
12
"reticmpspec : NUMBER",
2257
24
"reticmp6spec : STRING",
2258
"reticmp6spec : NUMBER",
2259
"dir :",
2260
"dir : IN",
2261
"dir : OUT",
2262
"quick :",
2263
"quick : QUICK",
2264
1444
"logquick :",
2265
2254
"logquick : log",
2266
1404
"logquick : QUICK",
2267
594
"logquick : log QUICK",
2268
"logquick : QUICK log",
2269
"log : LOG",
2270
251
"log : LOG '(' logopts ')'",
2271
251
"logopts : logopt",
2272
251
"logopts : logopts comma logopt",
2273
"logopt : ALL",
2274
251
"logopt : MATCHES",
2275
171
"logopt : USER",
2276
171
"logopt : GROUP",
2277
171
"logopt : TO string",
2278
"interface :",
2279
171
"interface : ON if_item_not",
2280
28
"interface : ON '{' optnl if_list '}'",
2281
28
"if_list : if_item_not optnl",
2282
28
"if_list : if_list comma if_item_not optnl",
2283
"if_item_not : not if_item",
2284
28
"if_item : STRING",
2285

16
"if_item : ANY",
2286
"if_item : RDOMAIN NUMBER",
2287
"af :",
2288
"af : INET",
2289
8
"af : INET6",
2290
8
"proto :",
2291
8
"proto : PROTO proto_item",
2292
"proto : PROTO '{' optnl proto_list '}'",
2293
8
"proto_list : proto_item optnl",
2294
16
"proto_list : proto_list comma proto_item optnl",
2295
16
"proto_item : protoval",
2296
16
"protoval : STRING",
2297
"protoval : NUMBER",
2298
16
"fromto : ALL",
2299
3
"fromto : from os to",
2300
3
"os :",
2301
3
"os : OS xos",
2302
"os : OS '{' optnl os_list '}'",
2303
3
"xos : STRING",
2304
33
"os_list : xos optnl",
2305
33
"os_list : os_list comma xos optnl",
2306
33
"from :",
2307
"from : FROM ipportspec",
2308
33
"to :",
2309
41
"to : TO ipportspec",
2310
41
"ipportspec : ipspec",
2311
41
"ipportspec : ipspec PORT portspec",
2312
"ipportspec : PORT portspec",
2313
41
"optnl : '\\n' optnl",
2314
12
"optnl :",
2315
12
"ipspec : ANY",
2316
12
"ipspec : xhost",
2317
"ipspec : '{' optnl host_list '}'",
2318
12
"host_list : ipspec optnl",
2319
31
"host_list : host_list comma ipspec optnl",
2320
31
"xhost : not host",
2321
31
"xhost : not NOROUTE",
2322
"xhost : not URPFFAILED",
2323
31
"optweight : WEIGHT NUMBER",
2324
"optweight :",
2325
"host : STRING",
2326
60
"host : STRING '-' STRING",
2327
"host : STRING '/' NUMBER",
2328
"host : NUMBER '/' NUMBER",
2329
"host : dynaddr",
2330
30
"host : dynaddr '/' NUMBER",
2331
"host : '<' STRING '>'",
2332
"host : ROUTE STRING",
2333
"number : NUMBER",
2334
"number : STRING",
2335

30
"dynaddr : '(' STRING ')'",
2336
"portspec : port_item",
2337
"portspec : '{' optnl port_list '}'",
2338
"port_list : port_item optnl",
2339
15
"port_list : port_list comma port_item optnl",
2340
15
"port_item : portrange",
2341
15
"port_item : unaryop portrange",
2342
"port_item : portrange PORTBINARY portrange",
2343
"portplain : numberstring",
2344
"portrange : numberstring",
2345
70
"uids : uid_item",
2346
"uids : '{' optnl uid_list '}'",
2347
"uid_list : uid_item optnl",
2348
"uid_list : uid_list comma uid_item optnl",
2349
35
"uid_item : uid",
2350
"uid_item : unaryop uid",
2351
"uid_item : uid PORTBINARY uid",
2352
"uid : STRING",
2353
"uid : NUMBER",
2354

36
"gids : gid_item",
2355
"gids : '{' optnl gid_list '}'",
2356
"gid_list : gid_item optnl",
2357
"gid_list : gid_list comma gid_item optnl",
2358
18
"gid_item : gid",
2359
18
"gid_item : unaryop gid",
2360
18
"gid_item : gid PORTBINARY gid",
2361
"gid : STRING",
2362
"gid : NUMBER",
2363
662
"flag : STRING",
2364
2463
"flags : FLAGS flag '/' flag",
2365
2321
"flags : FLAGS '/' flag",
2366
520
"flags : FLAGS ANY",
2367
"icmpspec : ICMPTYPE icmp_item",
2368
135
"icmpspec : ICMPTYPE '{' optnl icmp_list '}'",
2369
135
"icmpspec : ICMP6TYPE icmp6_item",
2370
"icmpspec : ICMP6TYPE '{' optnl icmp6_list '}'",
2371
"icmp_list : icmp_item optnl",
2372
2493
"icmp_list : icmp_list comma icmp_item optnl",
2373
2649
"icmp6_list : icmp6_item optnl",
2374
268
"icmp6_list : icmp6_list comma icmp6_item optnl",
2375
203
"icmp_item : icmptype",
2376
103
"icmp_item : icmptype CODE STRING",
2377
12
"icmp_item : icmptype CODE NUMBER",
2378
"icmp6_item : icmp6type",
2379
214
"icmp6_item : icmp6type CODE STRING",
2380
214
"icmp6_item : icmp6type CODE NUMBER",
2381
45
"icmptype : STRING",
2382
45
"icmptype : NUMBER",
2383
"icmp6type : STRING",
2384
45
"icmp6type : NUMBER",
2385
"tos : STRING",
2386
45
"tos : NUMBER",
2387
45
"sourcetrack :",
2388
12
"sourcetrack : GLOBAL",
2389
12
"sourcetrack : RULE",
2390
12
"statelock : IFBOUND",
2391
7
"statelock : FLOATING",
2392
"keep : NO STATE",
2393
"keep : KEEP STATE state_opt_spec",
2394
"keep : MODULATE STATE state_opt_spec",
2395
33
"keep : SYNPROXY STATE state_opt_spec",
2396
33
"flush :",
2397
12
"flush : FLUSH",
2398
12
"flush : FLUSH GLOBAL",
2399
"state_opt_spec : '(' state_opt_list ')'",
2400
12
"state_opt_spec :",
2401
"state_opt_list : state_opt_item",
2402
"state_opt_list : state_opt_list comma state_opt_item",
2403
12
"state_opt_item : MAXIMUM NUMBER",
2404
12
"state_opt_item : NOSYNC",
2405
"state_opt_item : MAXSRCSTATES NUMBER",
2406
"state_opt_item : MAXSRCCONN NUMBER",
2407
"state_opt_item : MAXSRCCONNRATE NUMBER '/' NUMBER",
2408
"state_opt_item : OVERLOAD '<' STRING '>' flush",
2409
12
"state_opt_item : MAXSRCNODES NUMBER",
2410
12
"state_opt_item : SOURCETRACK sourcetrack",
2411
"state_opt_item : statelock",
2412
"state_opt_item : SLOPPY",
2413
"state_opt_item : PFLOW",
2414
"state_opt_item : STRING NUMBER",
2415
12
"label : STRING",
2416
12
"qname : STRING",
2417
24
"qname : '(' STRING ')'",
2418
"qname : '(' STRING comma STRING ')'",
2419
"portstar : numberstring",
2420
1316
"redirspec : host optweight",
2421
3000
"redirspec : '{' optnl redir_host_list '}'",
2422
1702
"redir_host_list : host optweight optnl",
2423
18
"redir_host_list : redir_host_list comma host optweight optnl",
2424
"redirpool : redirspec",
2425
18
"redirpool : redirspec PORT portstar",
2426
18
"hashkey :",
2427
18
"hashkey : string",
2428
18
"$$7 :",
2429
18
"pool_opts : $$7 pool_opts_l",
2430
"pool_opts :",
2431
18
"pool_opts_l : pool_opts_l pool_opt",
2432
"pool_opts_l : pool_opt",
2433
1720
"pool_opt : BITMASK",
2434
1720
"pool_opt : RANDOM",
2435
"pool_opt : SOURCEHASH hashkey",
2436
"pool_opt : ROUNDROBIN",
2437
"pool_opt : LEASTSTATES",
2438
"pool_opt : STATICPORT",
2439
1739
"pool_opt : STICKYADDRESS",
2440
1739
"route_host : STRING",
2441
"route_host : STRING '/' STRING",
2442
1739
"route_host : '<' STRING '>'",
2443
"route_host : dynaddr '/' NUMBER",
2444
"route_host : '(' STRING host ')'",
2445
"route_host_list : route_host optweight optnl",
2446
"route_host_list : route_host_list comma route_host optweight optnl",
2447
"routespec : route_host optweight",
2448
"routespec : '{' optnl route_host_list '}'",
2449
"timeout_spec : STRING NUMBER",
2450
1739
"timeout_list : timeout_list comma timeout_spec optnl",
2451
1637
"timeout_list : timeout_spec optnl",
2452
"limit_spec : STRING NUMBER",
2453
1739
"limit_list : limit_list comma limit_spec optnl",
2454
1739
"limit_list : limit_spec optnl",
2455
1739
"comma : ','",
2456
1739
"comma :",
2457
1739
"yesno : NO",
2458
"yesno : STRING",
2459
"unaryop : '='",
2460
"unaryop : NE",
2461
"unaryop : LE",
2462
"unaryop : '<'",
2463
"unaryop : GE",
2464
"unaryop : '>'",
2465
};
2466
#endif
2467
#ifdef YYSTACKSIZE
2468
#undef YYMAXDEPTH
2469
#define YYMAXDEPTH YYSTACKSIZE
2470
#else
2471
#ifdef YYMAXDEPTH
2472
#define YYSTACKSIZE YYMAXDEPTH
2473
#else
2474
#define YYSTACKSIZE 10000
2475
#define YYMAXDEPTH 10000
2476
#endif
2477
#endif
2478
#define YYINITSTACKSIZE 200
2479
/* LINTUSED */
2480
int yydebug;
2481
int yynerrs;
2482
int yyerrflag;
2483
2017
int yychar;
2484
2693
short *yyssp;
2485
990
YYSTYPE *yyvsp;
2486
314
YYSTYPE yyval;
2487
YYSTYPE yylval;
2488
1795
short *yyss;
2489
2957
short *yysslim;
2490
1185
YYSTYPE *yyvs;
2491
23
unsigned int yystacksize;
2492
int yyparse(void);
2493
23
#line 3906 "parse.y"
2494
23
2495
32
int
2496
32
yyerror(const char *fmt, ...)
2497
32
{
2498
	va_list		 ap;
2499
32
2500
	file->errors++;
2501
	va_start(ap, fmt);
2502
	fprintf(stderr, "%s:%d: ", file->name, yylval.lineno);
2503
	vfprintf(stderr, fmt, ap);
2504
1217
	fprintf(stderr, "\n");
2505
1217
	va_end(ap);
2506
	return (0);
2507
}
2508
2509
1217
int
2510
1217
disallow_table(struct node_host *h, const char *fmt)
2511
{
2512
1217
	for (; h != NULL; h = h->next)
2513
1217
		if (h->addr.type == PF_ADDR_TABLE) {
2514
1217
			yyerror(fmt, h->addr.v.tblname);
2515
1217
			return (1);
2516
		}
2517
	return (0);
2518
}
2519
2520
int
2521
1204
disallow_urpf_failed(struct node_host *h, const char *fmt)
2522
1204
{
2523
	for (; h != NULL; h = h->next)
2524
		if (h->addr.type == PF_ADDR_URPFFAILED) {
2525
			yyerror(fmt);
2526
			return (1);
2527
1204
		}
2528
1204
	return (0);
2529
1204
}
2530
2531

26
int
2532
disallow_alias(struct node_host *h, const char *fmt)
2533
{
2534
	for (; h != NULL; h = h->next)
2535
		if (DYNIF_MULTIADDR(h->addr)) {
2536
			yyerror(fmt, h->addr.v.tblname);
2537
			return (1);
2538
		}
2539
732
	return (0);
2540
732
}
2541
732
2542
732
int
2543
732
rule_consistent(struct pf_rule *r, int anchor_call)
2544
{
2545
732
	int	problems = 0;
2546
2222
2547
2222
	if (r->proto != IPPROTO_TCP && r->os_fingerprint != PF_OSFP_ANY) {
2548
2222
		yyerror("os only applies to tcp");
2549
		problems++;
2550
2222
	}
2551
	if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP &&
2552
2224
	    (r->src.port_op || r->dst.port_op)) {
2553
2224
		yyerror("port only applies to tcp/udp");
2554
		problems++;
2555
	}
2556
	if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP &&
2557
	    r->uid.op) {
2558
		yyerror("user only applies to tcp/udp");
2559
		problems++;
2560
	}
2561
	if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP &&
2562
	    r->gid.op) {
2563
		yyerror("group only applies to tcp/udp");
2564
		problems++;
2565
	}
2566
	if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 &&
2567
	    (r->type || r->code)) {
2568
		yyerror("icmp-type/code only applies to icmp");
2569
		problems++;
2570
	}
2571
	if (!r->af && (r->type || r->code)) {
2572
		yyerror("must indicate address family with icmp-type/code");
2573
		problems++;
2574
	}
2575
368
	if (r->rule_flag & PFRULE_AFTO && r->af == r->naf) {
2576
368
		yyerror("must indicate different address family with af-to");
2577
		problems++;
2578
368
	}
2579
1856
	if (r->overload_tblname[0] &&
2580
	    r->max_src_conn == 0 && r->max_src_conn_rate.seconds == 0) {
2581
1856
		yyerror("'overload' requires 'max-src-conn' "
2582
		    "or 'max-src-conn-rate'");
2583
		problems++;
2584
415
	}
2585
415
	if ((r->proto == IPPROTO_ICMP && r->af == AF_INET6) ||
2586
	    (r->proto == IPPROTO_ICMPV6 && r->af == AF_INET)) {
2587
415
		yyerror("proto %s doesn't match address family %s",
2588
1807
		    r->proto == IPPROTO_ICMP ? "icmp" : "icmp6",
2589
		    r->af == AF_INET ? "inet" : "inet6");
2590
		problems++;
2591
1807
	}
2592
	if (r->allow_opts && r->action != PF_PASS) {
2593
1807
		yyerror("allow-opts can only be specified for pass rules");
2594
		problems++;
2595
	}
2596
2997
	if (r->rule_flag & PFRULE_FRAGMENT && (r->src.port_op ||
2597
2997
	    r->dst.port_op || r->flagset || r->type || r->code)) {
2598
		yyerror("fragments can be filtered only on IP header fields");
2599
2997
		problems++;
2600
642
	}
2601
642
	if (r->rule_flag & PFRULE_RETURNRST && r->proto != IPPROTO_TCP) {
2602
		yyerror("return-rst can only be applied to TCP rules");
2603
642
		problems++;
2604
24
	}
2605
24
	if (r->max_src_nodes && !(r->rule_flag & PFRULE_RULESRCTRACK)) {
2606
		yyerror("max-src-nodes requires 'source-track rule'");
2607
24
		problems++;
2608
	}
2609
	if (r->action != PF_PASS && r->keep_state) {
2610
		yyerror("keep state is great, but only for pass rules");
2611
		problems++;
2612
	}
2613
1614
	if (r->rule_flag & PFRULE_STATESLOPPY &&
2614
3814
	    (r->keep_state == PF_STATE_MODULATE ||
2615
2318
	    r->keep_state == PF_STATE_SYNPROXY)) {
2616
118
		yyerror("sloppy state matching cannot be used with "
2617
		    "synproxy state or modulate state");
2618
		problems++;
2619
118
	}
2620
118
	if ((r->nat.addr.type != PF_ADDR_NONE ||
2621
174
	    r->rdr.addr.type != PF_ADDR_NONE) &&
2622
	    r->action != PF_MATCH && !r->keep_state) {
2623
		yyerror("nat-to and rdr-to require keep state");
2624
174
		problems++;
2625
	}
2626
	if (r->direction == PF_INOUT && (r->nat.addr.type != PF_ADDR_NONE ||
2627
	    r->rdr.addr.type != PF_ADDR_NONE)) {
2628
174
		yyerror("nat-to and rdr-to require a direction");
2629
174
		problems++;
2630
	}
2631
	if (r->af == AF_INET6 && (r->scrub_flags &
2632
	    (PFSTATE_NODF|PFSTATE_RANDOMID))) {
2633
174
		yyerror("address family inet6 does not support scrub options "
2634
		    "no-df, random-id");
2635
		problems++;
2636
	}
2637
2638
9220
	/* Basic rule sanity check. */
2639
2376
	switch (r->action) {
2640
2234
	case PF_MATCH:
2641
		if (r->divert.port) {
2642
2234
			yyerror("divert is not supported on match rules");
2643
50
			problems++;
2644
50
		}
2645
		if (r->divert_packet.port) {
2646
50
			yyerror("divert is not supported on match rules");
2647
50
			problems++;
2648
50
		}
2649
50
		if (r->rt) {
2650
			yyerror("route-to, reply-to and dup-to "
2651
50
			   "are not supported on match rules");
2652
			problems++;
2653
		}
2654
		if (r->rule_flag & PFRULE_AFTO) {
2655
			yyerror("af-to is not supported on match rules");
2656
			problems++;
2657
		}
2658
		break;
2659
	case PF_DROP:
2660
		if (r->rt) {
2661
			yyerror("route-to, reply-to and dup-to "
2662
			   "are not supported on block rules");
2663
			problems++;
2664
		}
2665
		break;
2666
	default:;
2667
	}
2668
	return (-problems);
2669
781
}
2670
781
2671
int
2672
process_tabledef(char *name, struct table_opts *opts, int popts)
2673
3258
{
2674
	struct pfr_buffer	 ab;
2675
1629
	struct node_tinit	*ti;
2676
23
2677
23
	bzero(&ab, sizeof(ab));
2678
	ab.pfrb_type = PFRB_ADDRS;
2679
	SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries) {
2680
		if (ti->file)
2681
			if (pfr_buf_load(&ab, ti->file, 0, popts)) {
2682
				if (errno)
2683
					yyerror("cannot load \"%s\": %s",
2684
					    ti->file, strerror(errno));
2685

24
				else
2686
12
					yyerror("file \"%s\" contains bad data",
2687
					    ti->file);
2688
				goto _error;
2689
			}
2690
		if (ti->host)
2691
			if (append_addr_host(&ab, ti->host, 0, 0)) {
2692

24
				yyerror("cannot create address buffer: %s",
2693
12
				    strerror(errno));
2694
12
				goto _error;
2695
24
			}
2696
24
	}
2697
24
	if (pf->opts & PF_OPT_VERBOSE)
2698
24
		print_tabledef(name, opts->flags, opts->init_addr,
2699

24
		    &opts->init_nodes);
2700
24
	if (!(pf->opts & PF_OPT_NOACTION) &&
2701
	    pfctl_define_table(name, opts->flags, opts->init_addr,
2702
	    pf->anchor->name, &ab, pf->anchor->ruleset.tticket)) {
2703
		yyerror("cannot define table %s: %s", name,
2704
		    pfr_strerror(errno));
2705
		goto _error;
2706
	}
2707
	pf->tdirty = 1;
2708
12
	pfr_buf_clear(&ab);
2709
	return (0);
2710
12
_error:
2711
12
	pfr_buf_clear(&ab);
2712
12
	return (-1);
2713
12
}
2714
12
2715
12
struct keywords {
2716
	const char	*k_name;
2717
609
	int		 k_val;
2718
};
2719
609
2720
/* macro gore, but you should've seen the prior indentation nightmare... */
2721
609
2722
1218
#define FREE_LIST(T,r) \
2723
	do { \
2724
609
		T *p, *node = r; \
2725
4
		while (node != NULL) { \
2726
4
			p = node; \
2727
			node = node->next; \
2728
			free(p); \
2729
1214
		} \
2730
	} while (0)
2731
61
2732
#define LOOP_THROUGH(T,n,r,C) \
2733
	do { \
2734
61
		T *n; \
2735
		if (r == NULL) { \
2736
122
			r = calloc(1, sizeof(T)); \
2737
			if (r == NULL) \
2738
61
				err(1, "LOOP: calloc"); \
2739
			r->next = NULL; \
2740
		} \
2741
		n = r; \
2742
		while (n != NULL) { \
2743
122
			do { \
2744
				C; \
2745
			} while (0); \
2746
			n = n->next; \
2747
		} \
2748

76
	} while (0)
2749
2750
void
2751
expand_label_str(char *label, size_t len, const char *srch, const char *repl)
2752
38
{
2753
152
	char *tmp;
2754
38
	char *p, *q;
2755
38
2756
	if ((tmp = calloc(1, len)) == NULL)
2757
253
		err(1, "expand_label_str: calloc");
2758
	p = q = label;
2759
	while ((q = strstr(p, srch)) != NULL) {
2760
		*q = '\0';
2761
		if ((strlcat(tmp, p, len) >= len) ||
2762
253
		    (strlcat(tmp, repl, len) >= len))
2763
253
			errx(1, "expand_label: label too long");
2764
		q += strlen(srch);
2765
253
		p = q;
2766
506
	}
2767
253
	if (strlcat(tmp, p, len) >= len)
2768
		errx(1, "expand_label: label too long");
2769
	strlcpy(label, tmp, len);	/* always fits */
2770
253
	free(tmp);
2771
253
}
2772
253
2773
void
2774
253
expand_label_if(const char *name, char *label, size_t len, const char *ifname)
2775
8
{
2776
8
	if (strstr(label, name) != NULL) {
2777
		if (!*ifname)
2778
			expand_label_str(label, len, name, "any");
2779
		else
2780
8
			expand_label_str(label, len, name, ifname);
2781
16
	}
2782
8
}
2783
2784
void
2785
expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
2786
    struct node_host *h)
2787
{
2788
	char tmp[64], tmp_not[66];
2789
2790
8
	if (strstr(label, name) != NULL) {
2791
8
		switch (h->addr.type) {
2792
8
		case PF_ADDR_DYNIFTL:
2793
			snprintf(tmp, sizeof(tmp), "(%s)", h->addr.v.ifname);
2794
8
			break;
2795
		case PF_ADDR_TABLE:
2796
			snprintf(tmp, sizeof(tmp), "<%s>", h->addr.v.tblname);
2797
			break;
2798
2
		case PF_ADDR_NOROUTE:
2799
			snprintf(tmp, sizeof(tmp), "no-route");
2800
2
			break;
2801
		case PF_ADDR_URPFFAILED:
2802
			snprintf(tmp, sizeof(tmp), "urpf-failed");
2803
			break;
2804
		case PF_ADDR_ADDRMASK:
2805
2
			if (!af || (PF_AZERO(&h->addr.v.a.addr, af) &&
2806
2
			    PF_AZERO(&h->addr.v.a.mask, af)))
2807
4
				snprintf(tmp, sizeof(tmp), "any");
2808
			else {
2809
				char	a[48];
2810
				int	bits;
2811
2812
				if (inet_ntop(af, &h->addr.v.a.addr, a,
2813
				    sizeof(a)) == NULL)
2814
341
					snprintf(tmp, sizeof(tmp), "?");
2815
341
				else {
2816
2
					bits = unmask(&h->addr.v.a.mask, af);
2817
2
					if ((af == AF_INET && bits < 32) ||
2818
2
					    (af == AF_INET6 && bits < 128))
2819
						snprintf(tmp, sizeof(tmp),
2820
1092
						    "%s/%d", a, bits);
2821
207
					else
2822
18
						snprintf(tmp, sizeof(tmp),
2823
189
						    "%s", a);
2824
16
				}
2825
173
			}
2826
26
			break;
2827
147
		default:
2828
147
			snprintf(tmp, sizeof(tmp), "?");
2829
			break;
2830
		}
2831
2832
		if (h->not) {
2833
			snprintf(tmp_not, sizeof(tmp_not), "! %s", tmp);
2834
			expand_label_str(label, len, name, tmp_not);
2835
207
		} else
2836
			expand_label_str(label, len, name, tmp);
2837
339
	}
2838
}
2839
2840
void
2841
expand_label_port(const char *name, char *label, size_t len,
2842
    struct node_port *port)
2843
339
{
2844
339
	char	 a1[6], a2[6], op[13] = "";
2845
2846
339
	if (strstr(label, name) != NULL) {
2847
339
		snprintf(a1, sizeof(a1), "%u", ntohs(port->port[0]));
2848
339
		snprintf(a2, sizeof(a2), "%u", ntohs(port->port[1]));
2849
339
		if (!port->op)
2850
678
			;
2851
339
		else if (port->op == PF_OP_IRG)
2852
			snprintf(op, sizeof(op), "%s><%s", a1, a2);
2853
339
		else if (port->op == PF_OP_XRG)
2854
			snprintf(op, sizeof(op), "%s<>%s", a1, a2);
2855
		else if (port->op == PF_OP_EQ)
2856
			snprintf(op, sizeof(op), "%s", a1);
2857
		else if (port->op == PF_OP_NE)
2858
			snprintf(op, sizeof(op), "!=%s", a1);
2859
339
		else if (port->op == PF_OP_LT)
2860
339
			snprintf(op, sizeof(op), "<%s", a1);
2861
339
		else if (port->op == PF_OP_LE)
2862
			snprintf(op, sizeof(op), "<=%s", a1);
2863
		else if (port->op == PF_OP_GT)
2864
634
			snprintf(op, sizeof(op), ">%s", a1);
2865
666
		else if (port->op == PF_OP_GE)
2866
32
			snprintf(op, sizeof(op), ">=%s", a1);
2867
		expand_label_str(label, len, name, op);
2868
32
	}
2869
32
}
2870
51
2871
51
void
2872
51
expand_label_proto(const char *name, char *label, size_t len, u_int8_t proto)
2873
{
2874
51
	struct protoent *pe;
2875
	char n[4];
2876
2877
345
	if (strstr(label, name) != NULL) {
2878
345
		pe = getprotobynumber(proto);
2879
		if (pe != NULL)
2880
345
			expand_label_str(label, len, name, pe->p_name);
2881
345
		else {
2882
345
			snprintf(n, sizeof(n), "%u", proto);
2883
			expand_label_str(label, len, name, n);
2884
		}
2885
	}
2886
345
}
2887
345
2888
void
2889
345
expand_label_nr(const char *name, char *label, size_t len)
2890
360
{
2891
	char n[11];
2892
2893
	if (strstr(label, name) != NULL) {
2894
		snprintf(n, sizeof(n), "%u", pf->anchor->match);
2895
360
		expand_label_str(label, len, name, n);
2896
360
	}
2897
}
2898
360
2899
360
void
2900
360
expand_label(char *label, size_t len, const char *ifname, sa_family_t af,
2901
360
    struct node_host *src_host, struct node_port *src_port,
2902
360
    struct node_host *dst_host, struct node_port *dst_port,
2903
    u_int8_t proto)
2904
360
{
2905

24
	expand_label_if("$if", label, len, ifname);
2906
	expand_label_addr("$srcaddr", label, len, af, src_host);
2907
	expand_label_addr("$dstaddr", label, len, af, dst_host);
2908
	expand_label_port("$srcport", label, len, src_port);
2909
	expand_label_port("$dstport", label, len, dst_port);
2910
12
	expand_label_proto("$proto", label, len, proto);
2911
12
	expand_label_nr("$nr", label, len);
2912
}
2913
12
2914
12
int
2915
12
expand_queue(char *qname, struct node_if *interfaces, struct queue_opts *opts)
2916
12
{
2917
12
	struct pf_queuespec	qspec;
2918
2919
12
	LOOP_THROUGH(struct node_if, interface, interfaces,
2920
		bzero(&qspec, sizeof(qspec));
2921
		if (!opts->parent && (opts->marker & QOM_BWSPEC))
2922
44
			opts->flags |= PFQS_ROOTCLASS;
2923
22
		if (!(opts->marker & QOM_BWSPEC) &&
2924
		    !(opts->marker & QOM_FLOWS)) {
2925
			yyerror("no bandwidth or flow specification");
2926
			return (1);
2927
		}
2928
		if (strlcpy(qspec.qname, qname, sizeof(qspec.qname)) >=
2929
		    sizeof(qspec.qname)) {
2930
			yyerror("queuename too long");
2931
1460
			return (1);
2932
730
		}
2933
		if (opts->parent && strlcpy(qspec.parent, opts->parent,
2934
		    sizeof(qspec.parent)) >= sizeof(qspec.parent)) {
2935
			yyerror("parent too long");
2936
			return (1);
2937
		}
2938
		if (strlcpy(qspec.ifname, interface->ifname,
2939
28
		    sizeof(qspec.ifname)) >= sizeof(qspec.ifname)) {
2940
28
			yyerror("interface too long");
2941
			return (1);
2942
		}
2943
		qspec.realtime.m1.absolute = opts->realtime.m1.bw_absolute;
2944
		qspec.realtime.m1.percent = opts->realtime.m1.bw_percent;
2945
		qspec.realtime.m2.absolute = opts->realtime.m2.bw_absolute;
2946
		qspec.realtime.m2.percent = opts->realtime.m2.bw_percent;
2947
		qspec.realtime.d = opts->realtime.d;
2948
2949
		qspec.linkshare.m1.absolute = opts->linkshare.m1.bw_absolute;
2950
		qspec.linkshare.m1.percent = opts->linkshare.m1.bw_percent;
2951
		qspec.linkshare.m2.absolute = opts->linkshare.m2.bw_absolute;
2952
19
		qspec.linkshare.m2.percent = opts->linkshare.m2.bw_percent;
2953
19
		qspec.linkshare.d = opts->linkshare.d;
2954
2955
19
		qspec.upperlimit.m1.absolute = opts->upperlimit.m1.bw_absolute;
2956
19
		qspec.upperlimit.m1.percent = opts->upperlimit.m1.bw_percent;
2957
19
		qspec.upperlimit.m2.absolute = opts->upperlimit.m2.bw_absolute;
2958
19
		qspec.upperlimit.m2.percent = opts->upperlimit.m2.bw_percent;
2959
19
		qspec.upperlimit.d = opts->upperlimit.d;
2960
2961
19
		qspec.flowqueue.flows = opts->flowqueue.flows;
2962

9
		qspec.flowqueue.quantum = opts->flowqueue.quantum;
2963
		qspec.flowqueue.interval = opts->flowqueue.interval;
2964
		qspec.flowqueue.target = opts->flowqueue.target;
2965
2966
		qspec.flags = opts->flags;
2967
9
		qspec.qlimit = opts->qlimit;
2968
9
2969
		if (pfctl_add_queue(pf, &qspec)) {
2970
9
			yyerror("cannot add queue");
2971
9
			return (1);
2972
9
		}
2973
9
	);
2974
9
2975
	FREE_LIST(struct node_if, interfaces);
2976
9
	return (0);
2977
}
2978
2979
int
2980
expand_divertspec(struct pf_rule *r, struct divertspec *ds)
2981
{
2982
	struct node_host *n;
2983
2984
	if (ds->port == 0)
2985
		return (0);
2986
2987
	r->divert.port = ds->port;
2988
2989
	if (r->direction == PF_OUT) {
2990
		if (ds->addr) {
2991
			yyerror("address specified for outgoing divert");
2992
			return (1);
2993
		}
2994
19
		bzero(&r->divert.addr, sizeof(r->divert.addr));
2995
		return (0);
2996
	}
2997
2998
	if (!ds->addr) {
2999
19
		yyerror("no address specified for incoming divert");
3000
		return (1);
3001
	}
3002
	if (r->af) {
3003
		for (n = ds->addr; n != NULL; n = n->next)
3004
19
			if (n->af == r->af)
3005
19
				break;
3006
19
		if (n == NULL) {
3007
			yyerror("address family mismatch for divert");
3008
19
			return (1);
3009

18
		}
3010
		r->divert.addr = n->addr.v.a.addr;
3011
	} else {
3012
		r->af = ds->addr->af;
3013
9
		r->divert.addr = ds->addr->addr.v.a.addr;
3014
	}
3015
9
	return (0);
3016
}
3017
21
3018
21
int
3019
collapse_redirspec(struct pf_pool *rpool, struct pf_rule *r,
3020
    struct redirspec *rs, u_int8_t allow_if)
3021
{
3022
	struct pf_opt_tbl *tbl = NULL;
3023
	struct node_host *h, *hprev = NULL;
3024
	struct pf_rule_addr ra;
3025
	int af = 0, naddr = 0;
3026
3027
	if (!rs || !rs->rdr || rs->rdr->host == NULL) {
3028
		rpool->addr.type = PF_ADDR_NONE;
3029
		return (0);
3030
13
	}
3031
13
3032
	if (r->rule_flag & PFRULE_AFTO)
3033
13
		r->naf = rs->af;
3034
13
3035
13
	for (h = rs->rdr->host; h != NULL; h = h->next) {
3036
13
		/* set rule address family if redirect spec has one */
3037
13
		if (rs->af && !r->af && !af) {
3038
			/* swap address families for af-to */
3039
13
			if (r->naf == AF_INET6)
3040

8
				af = AF_INET;
3041
			else if (r->naf == AF_INET)
3042
				af = AF_INET6;
3043
			else
3044
				af = rs->af;
3045
8
		}
3046
8
		if (h->af && !r->naf) {	/* nat-to/rdr-to case */
3047
			/* skip if the rule af doesn't match redirect af */
3048
8
			if (r->af && r->af != h->af)
3049
8
				continue;
3050
8
			/*
3051
8
			 * fail if the chosen af is not universal for
3052
8
			 * all addresses in the redirect address pool
3053
			 */
3054
8
			if (!r->af && af && af != h->af) {
3055
				yyerror("%s spec contains addresses with "
3056
				    "different address families",
3057
				    allow_if ? "routing" : "translation");
3058
				return (1);
3059
			}
3060
		} else if (h->af) {	/* af-to case */
3061
			/*
3062
			 * fail if the redirect spec af is not universal
3063
			 * for all addresses in the redirect address pool
3064
			 */
3065
			if (rs->af && rs->af != h->af) {
3066
				yyerror("%s spec contains addresses that "
3067
				    "don't match target address family",
3068
				    allow_if ? "routing" : "translation");
3069
				return (1);
3070
			}
3071
		}
3072
13
		/* else if (!h->af):
3073
		 * we silently allow any not af-specific host specs,
3074
		 * e.g. (em0) and let the kernel deal with them
3075
		 */
3076
3077
13
		/* if we haven't selected the rule af yet, now it's time */
3078
		if (!r->af && !af)
3079
			af = h->af;
3080
3081
		if (naddr == 0) {	/* the first host */
3082
13
			rpool->addr = h->addr;
3083
13
			if (!allow_if && h->ifname) {
3084
13
				yyerror("@if not permitted for translation");
3085
				return (1);
3086
13
			}
3087

16
			if (h->ifname && strlcpy(rpool->ifname, h->ifname,
3088
			    sizeof(rpool->ifname)) >= sizeof(rpool->ifname))
3089
				errx(1, "collapse_redirspec: strlcpy");
3090
			hprev = h; /* in case we need to conver to a table */
3091
8
		} else {		/* multiple hosts */
3092
			if (rs->pool_opts.type &&
3093
8
			    !PF_POOL_DYNTYPE(rs->pool_opts.type)) {
3094
				yyerror("pool type is not valid for multiple "
3095
				    "translation or routing addresses");
3096
				return (1);
3097
			}
3098
767
			if ((hprev && hprev->addr.type != PF_ADDR_ADDRMASK) &&
3099
			    (hprev && hprev->addr.type != PF_ADDR_NONE) &&
3100
			    h->addr.type != PF_ADDR_ADDRMASK &&
3101
			    h->addr.type != PF_ADDR_NONE) {
3102
				yyerror("multiple tables or dynamic interfaces "
3103
767
				    "not supported for translation or routing");
3104
767
				return (1);
3105
767
			}
3106
			if (!allow_if && h->ifname) {
3107
				yyerror("@if not permitted for translation");
3108
378
				return (1);
3109
384
			}
3110
13
			if (hprev) {
3111
7
				/*
3112
				 * undo some damage and convert the single
3113
63
				 * host pool to the table
3114
63
				 */
3115
37
				memset(&ra, 0, sizeof(ra));
3116
37
				memset(rpool->ifname, 0, sizeof(rpool->ifname));
3117
				ra.addr = hprev->addr;
3118
				ra.weight = hprev->weight;
3119
				if (add_opt_table(pf, &tbl,
3120
				    hprev->af, &ra, hprev->ifname))
3121
					return (1);
3122
				hprev = NULL;
3123
			}
3124
			memset(&ra, 0, sizeof(ra));
3125
			ra.addr = h->addr;
3126
			ra.weight = h->weight;
3127
			if (add_opt_table(pf, &tbl,
3128
			    h->af, &ra, h->ifname))
3129
				return (1);
3130
		}
3131
		naddr++;
3132
	}
3133
	/* set rule af to the one chosen above */
3134
	if (!r->af && af)
3135
		r->af = af;
3136
19
	if (!naddr) {
3137
19
		yyerror("af mismatch in %s spec",
3138
		    allow_if ? "routing" : "translation");
3139
19
		return (1);
3140
19
	}
3141
19
	if (tbl) {
3142
19
		if ((pf->opts & PF_OPT_NOACTION) == 0 &&
3143
19
		     pf_opt_create_table(pf, tbl))
3144
				return (1);
3145
19
3146
		pf->tdirty = 1;
3147
3148
4
		if (pf->opts & PF_OPT_VERBOSE)
3149
			print_tabledef(tbl->pt_name,
3150
			    PFR_TFLAG_CONST | tbl->pt_flags,
3151
			    1, &tbl->pt_nodes);
3152
3153
		memset(&rpool->addr, 0, sizeof(rpool->addr));
3154
4
		rpool->addr.type = PF_ADDR_TABLE;
3155
4
		strlcpy(rpool->addr.v.tblname, tbl->pt_name,
3156
4
		    sizeof(rpool->addr.v.tblname));
3157
3158
4
		pfr_buf_clear(tbl->pt_buf);
3159
4
		free(tbl->pt_buf);
3160
4
		tbl->pt_buf = NULL;
3161
4
		free(tbl);
3162
4
	}
3163
4
	return (0);
3164
}
3165

80
3166
3167
int
3168
apply_redirspec(struct pf_pool *rpool, struct pf_rule *r, struct redirspec *rs,
3169
40
    int isrdr, struct node_port *np)
3170
40
{
3171
	if (!rs || !rs->rdr)
3172
40
		return (0);
3173
40
3174
40
	rpool->proxy_port[0] = ntohs(rs->rdr->rport.a);
3175
40
3176
40
	if (isrdr) {
3177
		if (!rs->rdr->rport.b && rs->rdr->rport.t) {
3178
40
			rpool->proxy_port[1] = ntohs(rs->rdr->rport.a) +
3179
			    (ntohs(np->port[1]) - ntohs(np->port[0]));
3180
		} else
3181
17
			rpool->proxy_port[1] = ntohs(rs->rdr->rport.b);
3182
17
	} else {
3183
		rpool->proxy_port[1] = ntohs(rs->rdr->rport.b);
3184
17
		if (!rpool->proxy_port[0] && !rpool->proxy_port[1]) {
3185
17
			rpool->proxy_port[0] = PF_NAT_PROXY_PORT_LOW;
3186
17
			rpool->proxy_port[1] = PF_NAT_PROXY_PORT_HIGH;
3187
17
		} else if (!rpool->proxy_port[1])
3188
17
			rpool->proxy_port[1] = rpool->proxy_port[0];
3189
	}
3190
17
3191
	rpool->opts = rs->pool_opts.type;
3192
	if ((rpool->opts & PF_POOL_TYPEMASK) == PF_POOL_NONE &&
3193
6
	    (rpool->addr.type == PF_ADDR_TABLE ||
3194
	    DYNIF_MULTIADDR(rpool->addr)))
3195
		rpool->opts |= PF_POOL_ROUNDROBIN;
3196
3197
	if (!PF_POOL_DYNTYPE(rpool->opts) &&
3198
6
	    (disallow_table(rs->rdr->host,
3199
	    "tables are not supported by pool type") ||
3200
6
	    disallow_alias(rs->rdr->host,
3201
6
	    "interface (%s) is not supported by pool type")))
3202
		return (1);
3203
6
3204
6
	if (rs->pool_opts.key != NULL)
3205
6
		memcpy(&rpool->key, rs->pool_opts.key,
3206
6
		    sizeof(struct pf_poolhashkey));
3207
6
3208
6
	if (rs->pool_opts.opts)
3209
		rpool->opts |= rs->pool_opts.opts;
3210

28
3211
	if (rs->pool_opts.staticport) {
3212
		if (isrdr) {
3213
			yyerror("the 'static-port' option is only valid with "
3214
14
			    "nat rules");
3215
14
			return (1);
3216
		}
3217
14
		if (rpool->proxy_port[0] != PF_NAT_PROXY_PORT_LOW &&
3218
14
		    rpool->proxy_port[1] != PF_NAT_PROXY_PORT_HIGH) {
3219
14
			yyerror("the 'static-port' option can't be used when "
3220
14
			    "specifying a port range");
3221
14
			return (1);
3222
		}
3223
14
		rpool->proxy_port[0] = 0;
3224
		rpool->proxy_port[1] = 0;
3225
	}
3226
3227
	return (0);
3228
16
}
3229
3230
3231
void
3232
expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces,
3233
16
    struct redirspec *nat, struct redirspec *rdr, struct redirspec *rroute,
3234
16
    struct node_proto *protos, struct node_os *src_oses,
3235
16
    struct node_host *src_hosts, struct node_port *src_ports,
3236
    struct node_host *dst_hosts, struct node_port *dst_ports,
3237

94
    struct node_uid *uids, struct node_gid *gids, struct node_if *rcv,
3238
    struct node_icmp *icmp_types, const char *anchor_call)
3239
{
3240
	sa_family_t		 af = r->af;
3241
47
	int			 added = 0, error = 0;
3242
	char			 ifname[IF_NAMESIZE];
3243
47
	char			 label[PF_RULE_LABEL_SIZE];
3244
	char			 tagname[PF_TAG_NAME_SIZE];
3245
	char			 match_tagname[PF_TAG_NAME_SIZE];
3246
	u_int8_t		 flags, flagset, keep_state;
3247
	struct node_host	*srch, *dsth, *osrch, *odsth;
3248
8
	struct redirspec	 binat;
3249
	struct pf_rule		 rb;
3250
	int			 dir = r->direction;
3251
3252
	if (strlcpy(label, r->label, sizeof(label)) >= sizeof(label))
3253
		errx(1, "expand_rule: strlcpy");
3254
8
	if (strlcpy(tagname, r->tagname, sizeof(tagname)) >= sizeof(tagname))
3255
8
		errx(1, "expand_rule: strlcpy");
3256
8
	if (strlcpy(match_tagname, r->match_tagname, sizeof(match_tagname)) >=
3257
	    sizeof(match_tagname))
3258

58
		errx(1, "expand_rule: strlcpy");
3259
	flags = r->flags;
3260
	flagset = r->flagset;
3261
	keep_state = r->keep_state;
3262
29
3263
	r->src.addr.type = r->dst.addr.type = PF_ADDR_ADDRMASK;
3264
29
3265
	LOOP_THROUGH(struct node_if, interface, interfaces,
3266
	LOOP_THROUGH(struct node_proto, proto, protos,
3267
43
	LOOP_THROUGH(struct node_icmp, icmp_type, icmp_types,
3268
43
	LOOP_THROUGH(struct node_host, src_host, src_hosts,
3269
	LOOP_THROUGH(struct node_host, dst_host, dst_hosts,
3270
43
	LOOP_THROUGH(struct node_port, src_port, src_ports,
3271
12
	LOOP_THROUGH(struct node_port, dst_port, dst_ports,
3272

62
	LOOP_THROUGH(struct node_os, src_os, src_oses,
3273
31
	LOOP_THROUGH(struct node_uid, uid, uids,
3274
31
	LOOP_THROUGH(struct node_gid, gid, gids,
3275

62
3276
		r->af = af;
3277
3278
		error += collapse_redirspec(&r->rdr, r, rdr, 0);
3279
55
		error += collapse_redirspec(&r->nat, r, nat, 0);
3280
		error += collapse_redirspec(&r->route, r, rroute, 1);
3281
3282
		/* disallow @if in from or to for the time being */
3283
		if ((src_host->addr.type == PF_ADDR_ADDRMASK &&
3284
43
		    src_host->ifname) ||
3285
86
		    (dst_host->addr.type == PF_ADDR_ADDRMASK &&
3286
		    dst_host->ifname)) {
3287
			yyerror("@if syntax not permitted in from or to");
3288
			error++;
3289
		}
3290
		/* for link-local IPv6 address, interface must match up */
3291
		if ((r->af && src_host->af && r->af != src_host->af) ||
3292
		    (r->af && dst_host->af && r->af != dst_host->af) ||
3293
		    (src_host->af && dst_host->af &&
3294
		    src_host->af != dst_host->af) ||
3295
9
		    (src_host->ifindex && dst_host->ifindex &&
3296
16
		    src_host->ifindex != dst_host->ifindex) ||
3297
17
		    (src_host->ifindex && *interface->ifname &&
3298
10
		    src_host->ifindex != ifa_nametoindex(interface->ifname)) ||
3299
		    (dst_host->ifindex && *interface->ifname &&
3300
		    dst_host->ifindex != ifa_nametoindex(interface->ifname)))
3301
			continue;
3302
		if (!r->af && src_host->af)
3303
			r->af = src_host->af;
3304
		else if (!r->af && dst_host->af)
3305
			r->af = dst_host->af;
3306
3307
		if (*interface->ifname)
3308
			strlcpy(r->ifname, interface->ifname,
3309
36
			    sizeof(r->ifname));
3310
36
		else if (ifa_indextoname(src_host->ifindex, ifname))
3311
			strlcpy(r->ifname, ifname, sizeof(r->ifname));
3312
36
		else if (ifa_indextoname(dst_host->ifindex, ifname))
3313
215
			strlcpy(r->ifname, ifname, sizeof(r->ifname));
3314
215
		else
3315
			memset(r->ifname, '\0', sizeof(r->ifname));
3316
215
3317
37
		if (interface->use_rdomain)
3318
37
			r->onrdomain = interface->rdomain;
3319
		else
3320
37
			r->onrdomain = -1;
3321
16
		if (strlcpy(r->label, label, sizeof(r->label)) >=
3322
16
		    sizeof(r->label))
3323
			errx(1, "expand_rule: strlcpy");
3324
16
		if (strlcpy(r->tagname, tagname, sizeof(r->tagname)) >=
3325
		    sizeof(r->tagname))
3326
			errx(1, "expand_rule: strlcpy");
3327
5
		if (strlcpy(r->match_tagname, match_tagname,
3328
5
		    sizeof(r->match_tagname)) >= sizeof(r->match_tagname))
3329
4
			errx(1, "expand_rule: strlcpy");
3330
		expand_label(r->label, PF_RULE_LABEL_SIZE, r->ifname, r->af,
3331
4
		    src_host, src_port, dst_host, dst_port, proto->proto);
3332
		expand_label(r->tagname, PF_TAG_NAME_SIZE, r->ifname, r->af,
3333
50
		    src_host, src_port, dst_host, dst_port, proto->proto);
3334
268
		expand_label(r->match_tagname, PF_TAG_NAME_SIZE, r->ifname,
3335
218
		    r->af, src_host, src_port, dst_host, dst_port,
3336
		    proto->proto);
3337
50
3338
50
		osrch = odsth = NULL;
3339
58
		if (src_host->addr.type == PF_ADDR_DYNIFTL) {
3340
58
			osrch = src_host;
3341
58
			if ((src_host = gen_dynnode(src_host, r->af)) == NULL)
3342
				err(1, "expand_rule: calloc");
3343
58
		}
3344
		if (dst_host->addr.type == PF_ADDR_DYNIFTL) {
3345
			odsth = dst_host;
3346

8
			if ((dst_host = gen_dynnode(dst_host, r->af)) == NULL)
3347
				err(1, "expand_rule: calloc");
3348
		}
3349
3350
4
		error += check_netmask(src_host, r->af);
3351
4
		error += check_netmask(dst_host, r->af);
3352
3353
4
		r->ifnot = interface->not;
3354
4
		r->proto = proto->proto;
3355
4
		r->src.addr = src_host->addr;
3356
4
		r->src.neg = src_host->not;
3357
		r->src.port[0] = src_port->port[0];
3358
4
		r->src.port[1] = src_port->port[1];
3359
4
		r->src.port_op = src_port->op;
3360
4
		r->dst.addr = dst_host->addr;
3361
		r->dst.neg = dst_host->not;
3362
4
		r->dst.port[0] = dst_port->port[0];
3363
4
		r->dst.port[1] = dst_port->port[1];
3364
4
		r->dst.port_op = dst_port->op;
3365
		r->uid.op = uid->op;
3366
4
		r->uid.uid[0] = uid->uid[0];
3367

16
		r->uid.uid[1] = uid->uid[1];
3368
		r->gid.op = gid->op;
3369
		r->gid.gid[0] = gid->gid[0];
3370
		r->gid.gid[1] = gid->gid[1];
3371
8
		if (rcv) {
3372
8
			strlcpy(r->rcv_ifname, rcv->ifname,
3373
			    sizeof(r->rcv_ifname));
3374
8
			r->rcvifnot = rcv->not;
3375
8
		}
3376
8
		r->type = icmp_type->type;
3377
8
		r->code = icmp_type->code;
3378
3379
8
		if ((keep_state == PF_STATE_MODULATE ||
3380

34
		    keep_state == PF_STATE_SYNPROXY) &&
3381
		    r->proto && r->proto != IPPROTO_TCP)
3382
			r->keep_state = PF_STATE_NORMAL;
3383
		else
3384
17
			r->keep_state = keep_state;
3385
17
3386
		if (r->proto && r->proto != IPPROTO_TCP) {
3387
17
			r->flags = 0;
3388
17
			r->flagset = 0;
3389
17
		} else {
3390
17
			r->flags = flags;
3391
			r->flagset = flagset;
3392
17
		}
3393

51
		if (icmp_type->proto && r->proto != icmp_type->proto) {
3394
34
			yyerror("icmp-type mismatch");
3395
			error++;
3396
		}
3397
3398
17
		if (src_os && src_os->os) {
3399
17
			r->os_fingerprint = pfctl_get_fingerprint(src_os->os);
3400
			if ((pf->opts & PF_OPT_VERBOSE2) &&
3401
17
			    r->os_fingerprint == PF_OSFP_NOMATCH)
3402
17
				fprintf(stderr,
3403
17
				    "warning: unknown '%s' OS fingerprint\n",
3404
17
				    src_os->os);
3405
17
		} else {
3406
			r->os_fingerprint = PF_OSFP_ANY;
3407
17
		}
3408
9
3409
		if (nat && nat->rdr && nat->binat) {
3410
			if (disallow_table(src_host, "invalid use of table "
3411
			    "<%s> as the source address of a binat-to rule") ||
3412
			    disallow_alias(src_host, "invalid use of interface "
3413
9
			    "(%s) as the source address of a binat-to rule")) {
3414
9
				error++;
3415
			} else if ((r->src.addr.type != PF_ADDR_ADDRMASK &&
3416
18
			    r->src.addr.type != PF_ADDR_DYNIFTL) ||
3417
9
			    (r->nat.addr.type != PF_ADDR_ADDRMASK &&
3418
			    r->nat.addr.type != PF_ADDR_DYNIFTL)) {
3419
9
				yyerror("binat-to requires a specified "
3420
9
				    "source and redirect address");
3421
9
				error++;
3422
9
			}
3423
9
			if (DYNIF_MULTIADDR(r->src.addr) ||
3424
			    DYNIF_MULTIADDR(r->nat.addr)) {
3425
9
				yyerror ("dynamic interfaces must be used with "
3426

18
				    ":0 in a binat-to rule");
3427
				error++;
3428
			}
3429
			if (PF_AZERO(&r->src.addr.v.a.mask, af) ||
3430
9
			    PF_AZERO(&r->nat.addr.v.a.mask, af)) {
3431
9
				yyerror ("source and redir addresess must have "
3432
				    "a matching network mask in binat-rule");
3433
9
				error++;
3434
9
			}
3435
9
			if (r->nat.addr.type == PF_ADDR_TABLE) {
3436
9
				yyerror ("tables cannot be used as the redirect "
3437
				    "address of a binat-to rule");
3438
9
				error++;
3439
26
			}
3440
26
			if (r->direction != PF_INOUT) {
3441
				yyerror("binat-to cannot be specified "
3442
26
				    "with a direction");
3443
26
				error++;
3444
26
			}
3445
26
3446
			/* first specify outbound NAT rule */
3447
26
			r->direction = PF_OUT;
3448
		}
3449
3450
		error += apply_redirspec(&r->nat, r, nat, 0, dst_port);
3451
		error += apply_redirspec(&r->rdr, r, rdr, 1, dst_port);
3452
		error += apply_redirspec(&r->route, r, rroute, 2, dst_port);
3453
3454
		if (rule_consistent(r, anchor_call[0]) < 0 || error)
3455
			yyerror("skipping rule due to errors");
3456
		else {
3457
			r->nr = pf->astack[pf->asd]->match++;
3458
			pfctl_add_rule(pf, r, anchor_call);
3459
			added++;
3460
		}
3461
		r->direction = dir;
3462
3463
		/* Generate binat's matching inbound rule */
3464
		if (!error && nat && nat->rdr && nat->binat) {
3465
			bcopy(r, &rb, sizeof(rb));
3466
3467
			/* now specify inbound rdr rule */
3468
			rb.direction = PF_IN;
3469
3470
			if ((srch = calloc(1, sizeof(*srch))) == NULL)
3471
				err(1, "expand_rule: calloc");
3472
			bcopy(src_host, srch, sizeof(*srch));
3473
			srch->ifname = NULL;
3474
			srch->next = NULL;
3475

28
			srch->tail = NULL;
3476
3477
			if ((dsth = calloc(1, sizeof(*dsth))) == NULL)
3478
				err(1, "expand_rule: calloc");
3479

399
			bcopy(&rb.nat.addr, &dsth->addr, sizeof(dsth->addr));
3480
252
			dsth->ifname = NULL;
3481
			dsth->next = NULL;
3482
14
			dsth->tail = NULL;
3483
3484
			bzero(&binat, sizeof(binat));
3485
			if ((binat.rdr =
3486
			    calloc(1, sizeof(*binat.rdr))) == NULL)
3487
14
				err(1, "expand_rule: calloc");
3488
			bcopy(nat->rdr, binat.rdr, sizeof(*binat.rdr));
3489
			bcopy(&nat->pool_opts, &binat.pool_opts,
3490
			    sizeof(binat.pool_opts));
3491
			binat.pool_opts.staticport = 0;
3492
14
			binat.rdr->host = srch;
3493
14
3494
14
			expand_rule(&rb, 1, interface, NULL, &binat, NULL,
3495
			    proto,
3496
14
			    src_os, dst_host, dst_port, dsth, src_port,
3497
14
			    uid, gid, rcv, icmp_type, anchor_call);
3498
14
		}
3499
14
3500
14
		if (osrch && src_host->addr.type == PF_ADDR_DYNIFTL) {
3501
14
			free(src_host);
3502
			src_host = osrch;
3503
		}
3504
		if (odsth && dst_host->addr.type == PF_ADDR_DYNIFTL) {
3505
299
			free(dst_host);
3506
			dst_host = odsth;
3507
299
		}
3508
	))))))))));
3509
3510
	if (!keeprule) {
3511
		FREE_LIST(struct node_if, interfaces);
3512
3
		FREE_LIST(struct node_proto, protos);
3513
1
		FREE_LIST(struct node_host, src_hosts);
3514
1
		FREE_LIST(struct node_port, src_ports);
3515
		FREE_LIST(struct node_os, src_oses);
3516
2
		FREE_LIST(struct node_host, dst_hosts);
3517
2
		FREE_LIST(struct node_port, dst_ports);
3518
2
		FREE_LIST(struct node_uid, uids);
3519
		FREE_LIST(struct node_gid, gids);
3520
		FREE_LIST(struct node_icmp, icmp_types);
3521
		if (nat && nat->rdr)
3522
			FREE_LIST(struct node_host, nat->rdr->host);
3523
		if (rdr && rdr->rdr)
3524
			FREE_LIST(struct node_host, rdr->rdr->host);
3525
3526
	}
3527
3528
	if (!added)
3529
		yyerror("rule expands to no valid combination");
3530
}
3531
3532
int
3533
expand_skip_interface(struct node_if *interfaces)
3534
{
3535
	int	errs = 0;
3536
3537
	if (!interfaces || (!interfaces->next && !interfaces->not &&
3538
	    !strcmp(interfaces->ifname, "none"))) {
3539
		if (pf->opts & PF_OPT_VERBOSE)
3540
			printf("set skip on none\n");
3541
		errs = pfctl_set_interface_flags(pf, "", PFI_IFLAG_SKIP, 0);
3542
		return (errs);
3543
	}
3544
3545
	if (pf->opts & PF_OPT_VERBOSE)
3546
166
		printf("set skip on {");
3547
83
	LOOP_THROUGH(struct node_if, interface, interfaces,
3548
		if (pf->opts & PF_OPT_VERBOSE)
3549
			printf(" %s", interface->ifname);
3550
		if (interface->not) {
3551
			yyerror("skip on ! <interface> is not supported");
3552
			errs++;
3553
		} else if (interface->use_rdomain) {
3554
			yyerror("skip on rdomain <num> is not supported");
3555
564
			errs++;
3556
		} else
3557
			errs += pfctl_set_interface_flags(pf,
3558
			    interface->ifname, PFI_IFLAG_SKIP, 1);
3559
	);
3560
564
	if (pf->opts & PF_OPT_VERBOSE)
3561
		printf(" }\n");
3562
583
3563
19
	FREE_LIST(struct node_if, interfaces);
3564
3565
	if (errs)
3566
19
		return (1);
3567
	else
3568
		return (0);
3569
}
3570
3571
void
3572
19
freehostlist(struct node_host *h)
3573
{
3574
	struct node_host *n;
3575
3576
	for (n = h; n != NULL; n = n->next)
3577
19
		if (n->ifname)
3578
			free(n->ifname);
3579
19
	FREE_LIST(struct node_host, h);
3580
16
}
3581
16
3582
16
#undef FREE_LIST
3583
#undef LOOP_THROUGH
3584
3585
int
3586
kw_cmp(const void *k, const void *e)
3587
16
{
3588
	return (strcmp(k, ((const struct keywords *)e)->k_name));
3589
16
}
3590
3591
int
3592
500
lookup(char *s)
3593
500
{
3594
	/* this has to be sorted always */
3595
500
	static const struct keywords keywords[] = {
3596
500
		{ "af-to",		AFTO},
3597
		{ "all",		ALL},
3598
500
		{ "allow-opts",		ALLOWOPTS},
3599
83
		{ "anchor",		ANCHOR},
3600
83
		{ "antispoof",		ANTISPOOF},
3601
		{ "any",		ANY},
3602
83
		{ "bandwidth",		BANDWIDTH},
3603
83
		{ "binat-to",		BINATTO},
3604
		{ "bitmask",		BITMASK},
3605
83
		{ "block",		BLOCK},
3606
		{ "block-policy",	BLOCKPOLICY},
3607
		{ "burst",		BURST},
3608
		{ "code",		CODE},
3609
		{ "debug",		DEBUG},
3610
		{ "default",		DEFAULT},
3611
		{ "divert-packet",	DIVERTPACKET},
3612
		{ "divert-reply",	DIVERTREPLY},
3613
		{ "divert-to",		DIVERTTO},
3614
		{ "drop",		DROP},
3615
		{ "dup-to",		DUPTO},
3616
		{ "file",		FILENAME},
3617
		{ "fingerprints",	FINGERPRINTS},
3618
		{ "flags",		FLAGS},
3619
23
		{ "floating",		FLOATING},
3620
14
		{ "flows",		FLOWS},
3621
		{ "flush",		FLUSH},
3622
		{ "for",		FOR},
3623
		{ "fragment",		FRAGMENT},
3624
		{ "from",		FROM},
3625
		{ "global",		GLOBAL},
3626
14
		{ "group",		GROUP},
3627
14
		{ "hostid",		HOSTID},
3628
		{ "icmp-type",		ICMPTYPE},
3629
		{ "icmp6-type",		ICMP6TYPE},
3630
42
		{ "if-bound",		IFBOUND},
3631
14
		{ "in",			IN},
3632
28
		{ "include",		INCLUDE},
3633
		{ "inet",		INET},
3634
		{ "inet6",		INET6},
3635
		{ "keep",		KEEP},
3636
		{ "label",		LABEL},
3637
		{ "least-states",	LEASTSTATES},
3638
		{ "limit",		LIMIT},
3639
9
		{ "load",		LOAD},
3640
		{ "log",		LOG},
3641
9
		{ "loginterface",	LOGINTERFACE},
3642
9
		{ "match",		MATCH},
3643
		{ "matches",		MATCHES},
3644
9
		{ "max",		MAXIMUM},
3645
18
		{ "max-mss",		MAXMSS},
3646
9
		{ "max-src-conn",	MAXSRCCONN},
3647
9
		{ "max-src-conn-rate",	MAXSRCCONNRATE},
3648
9
		{ "max-src-nodes",	MAXSRCNODES},
3649
9
		{ "max-src-states",	MAXSRCSTATES},
3650
9
		{ "min",		MINIMUM},
3651
9
		{ "min-ttl",		MINTTL},
3652
9
		{ "modulate",		MODULATE},
3653
23
		{ "nat-to",		NATTO},
3654
		{ "no",			NO},
3655
23
		{ "no-df",		NODF},
3656
		{ "no-route",		NOROUTE},
3657
146
		{ "no-sync",		NOSYNC},
3658
146
		{ "on",			ON},
3659
146
		{ "once",		ONCE},
3660
146
		{ "optimization",	OPTIMIZATION},
3661
529
		{ "os",			OS},
3662
529
		{ "out",		OUT},
3663
		{ "overload",		OVERLOAD},
3664
529
		{ "parent",		PARENT},
3665
		{ "pass",		PASS},
3666
		{ "pflow",		PFLOW},
3667
		{ "port",		PORT},
3668
		{ "prio",		PRIO},
3669
		{ "probability",	PROBABILITY},
3670
		{ "proto",		PROTO},
3671
12
		{ "qlimit",		QLIMIT},
3672
		{ "quantum",		QUANTUM},
3673
		{ "queue",		QUEUE},
3674
		{ "quick",		QUICK},
3675
12
		{ "random",		RANDOM},
3676
		{ "random-id",		RANDOMID},
3677
12
		{ "rdomain",		RDOMAIN},
3678
16
		{ "rdr-to",		RDRTO},
3679
		{ "reassemble",		REASSEMBLE},
3680
		{ "received-on",	RECEIVEDON},
3681
		{ "reply-to",		REPLYTO},
3682
16
		{ "return",		RETURN},
3683
		{ "return-icmp",	RETURNICMP},
3684
16
		{ "return-icmp6",	RETURNICMP6},
3685
23
		{ "return-rst",		RETURNRST},
3686
		{ "round-robin",	ROUNDROBIN},
3687
		{ "route",		ROUTE},
3688
		{ "route-to",		ROUTETO},
3689
23
		{ "rtable",		RTABLE},
3690
23
		{ "rule",		RULE},
3691
		{ "ruleset-optimization",	RULESET_OPTIMIZATION},
3692
23
		{ "scrub",		SCRUB},
3693
37
		{ "set",		SET},
3694
		{ "skip",		SKIP},
3695
		{ "sloppy",		SLOPPY},
3696
		{ "source-hash",	SOURCEHASH},
3697
37
		{ "source-track",	SOURCETRACK},
3698
		{ "state",		STATE},
3699
37
		{ "state-defaults",	STATEDEFAULTS},
3700
		{ "state-policy",	STATEPOLICY},
3701
		{ "static-port",	STATICPORT},
3702
		{ "sticky-address",	STICKYADDRESS},
3703
		{ "synproxy",		SYNPROXY},
3704
		{ "table",		TABLE},
3705
		{ "tag",		TAG},
3706
		{ "tagged",		TAGGED},
3707
59
		{ "timeout",		TIMEOUT},
3708
		{ "to",			TO},
3709
		{ "tos",		TOS},
3710
		{ "ttl",		TTL},
3711
59
		{ "urpf-failed",	URPFFAILED},
3712
		{ "user",		USER},
3713
59
		{ "weight",		WEIGHT},
3714
12
	};
3715
	const struct keywords	*p;
3716
3717
	p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
3718
12
	    sizeof(keywords[0]), kw_cmp);
3719
12
3720
	if (p) {
3721
12
		if (debug > 1)
3722
			fprintf(stderr, "%s: %d\n", s, p->k_val);
3723
		return (p->k_val);
3724
	} else {
3725
40
		if (debug > 1)
3726
6
			fprintf(stderr, "string: %s\n", s);
3727
		return (STRING);
3728
	}
3729
}
3730
6
3731
6
#define MAXPUSHBACK	128
3732
34
3733
34
u_char	*parsebuf;
3734
int	 parseindex;
3735
34
u_char	 pushback_buffer[MAXPUSHBACK];
3736
34
int	 pushback_index = 0;
3737
34
3738
34
int
3739
34
lgetc(int quotec)
3740
{
3741
	int		c, next;
3742
3743
5
	if (parsebuf) {
3744
		/* Read character from the parsebuffer instead of input. */
3745
5
		if (parseindex >= 0) {
3746
			c = parsebuf[parseindex++];
3747
5
			if (c != '\0')
3748
10
				return (c);
3749
			parsebuf = NULL;
3750
5
		} else
3751
			parseindex++;
3752
	}
3753
3754
	if (pushback_index)
3755
10
		return (pushback_buffer[--pushback_index]);
3756
3757
2
	if (quotec) {
3758
		if ((c = getc(file->stream)) == EOF) {
3759
			yyerror("reached end of file while parsing quoted string");
3760
			if (popfile() == EOF)
3761
				return (EOF);
3762
2
			return (quotec);
3763
2
		}
3764
		return (c);
3765
2
	}
3766
4
3767
2
	while ((c = getc(file->stream)) == '\\') {
3768
		next = getc(file->stream);
3769
		if (next != '\n') {
3770
2
			c = next;
3771
2
			break;
3772
2
		}
3773
		yylval.lineno = file->lineno;
3774
2
		file->lineno++;
3775
	}
3776
3777
	while (c == EOF) {
3778
		if (popfile() == EOF)
3779
			return (EOF);
3780
		c = getc(file->stream);
3781
	}
3782
	return (c);
3783
}
3784
3785
int
3786
lungetc(int c)
3787
{
3788
51
	if (c == EOF)
3789
		return (EOF);
3790
204
	if (parsebuf) {
3791
51
		parseindex--;
3792
		if (parseindex >= 0)
3793
			return (c);
3794
	}
3795
	if (pushback_index < MAXPUSHBACK-1)
3796
51
		return (pushback_buffer[pushback_index++] = c);
3797
	else
3798
		return (EOF);
3799
51
}
3800
51
3801
int
3802
findeol(void)
3803
{
3804
6
	int	c;
3805
3806
	parsebuf = NULL;
3807
3808
	/* skip to either EOF or the first real EOL */
3809
6
	while (1) {
3810
		if (pushback_index)
3811
6
			c = pushback_buffer[--pushback_index];
3812
6
		else
3813
			c = lgetc(0);
3814
6
		if (c == '\n') {
3815
			file->lineno++;
3816
			break;
3817
		}
3818
		if (c == EOF)
3819
6
			break;
3820
6
	}
3821
6
	return (ERROR);
3822
}
3823
3824
int
3825
yylex(void)
3826
6
{
3827
	u_char	 buf[8096];
3828
6
	u_char	*p, *val;
3829
	int	 quotec, next, c;
3830
	int	 token;
3831
86
3832
top:
3833
	p = buf;
3834
	while ((c = lgetc(0)) == ' ' || c == '\t')
3835
		; /* nothing */
3836
86
3837
	yylval.lineno = file->lineno;
3838
92
	if (c == '#')
3839
6
		while ((c = lgetc(0)) != '\n' && c != EOF)
3840
			; /* nothing */
3841
	if (c == '$' && parsebuf == NULL) {
3842
		while (1) {
3843

92
			if ((c = lgetc(0)) == EOF)
3844
				return (0);
3845
3846
			if (p + 1 >= buf + sizeof(buf) - 1) {
3847
46
				yyerror("string too long");
3848
				return (findeol());
3849
			}
3850
			if (isalnum(c) || c == '_') {
3851
				*p++ = c;
3852
46
				continue;
3853
			}
3854
46
			*p = '\0';
3855
			lungetc(c);
3856
			break;
3857
		}
3858
		val = symget(buf);
3859
		if (val == NULL) {
3860
			yyerror("macro '%s' not defined", buf);
3861
			return (findeol());
3862

32
		}
3863
		parsebuf = val;
3864
		parseindex = 0;
3865
		goto top;
3866
16
	}
3867
3868
	switch (c) {
3869
	case '\'':
3870
	case '"':
3871
16
		quotec = c;
3872
		while (1) {
3873
16
			if ((c = lgetc(quotec)) == EOF)
3874
				return (0);
3875
			if (c == '\n') {
3876
				file->lineno++;
3877
				continue;
3878
			} else if (c == '\\') {
3879
				if ((next = lgetc(quotec)) == EOF)
3880
					return (0);
3881
				if (next == quotec || c == ' ' || c == '\t')
3882
					c = next;
3883
6
				else if (next == '\n') {
3884
6
					file->lineno++;
3885
8
					continue;
3886
8
				} else
3887
					lungetc(next);
3888
			} else if (c == quotec) {
3889
				*p = '\0';
3890
				break;
3891
			} else if (c == '\0') {
3892
				yyerror("syntax error");
3893
8
				return (findeol());
3894
			}
3895
8
			if (p + 1 >= buf + sizeof(buf) - 1) {
3896
				yyerror("string too long");
3897
326
				return (findeol());
3898
343
			}
3899
26
			*p++ = c;
3900
13
		}
3901
12
		yylval.v.string = strdup(buf);
3902
21
		if (yylval.v.string == NULL)
3903
13
			err(1, "yylex: strdup");
3904
		return (STRING);
3905
	case '!':
3906
		next = lgetc(0);
3907
		if (next == '=')
3908
			return (NE);
3909
		lungetc(next);
3910
		break;
3911
	case '<':
3912
		next = lgetc(0);
3913
		if (next == '>') {
3914
			yylval.v.i = PF_OP_XRG;
3915
			return (PORTBINARY);
3916
		} else if (next == '=')
3917
			return (LE);
3918
		lungetc(next);
3919
		break;
3920
	case '>':
3921
		next = lgetc(0);
3922
		if (next == '<') {
3923
			yylval.v.i = PF_OP_IRG;
3924
			return (PORTBINARY);
3925
		} else if (next == '=')
3926
			return (GE);
3927
		lungetc(next);
3928
		break;
3929
	}
3930
3931
#define allowed_to_end_number(x) \
3932
	(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
3933
3934
	if (c == '-' || isdigit(c)) {
3935
		do {
3936
			*p++ = c;
3937
			if ((unsigned)(p-buf) >= sizeof(buf)) {
3938
				yyerror("string too long");
3939
				return (findeol());
3940
			}
3941
		} while ((c = lgetc(0)) != EOF && isdigit(c));
3942
		lungetc(c);
3943
		if (p == buf + 1 && buf[0] == '-')
3944
			goto nodigits;
3945
		if (c == EOF || allowed_to_end_number(c)) {
3946
			const char *errstr = NULL;
3947
3948
			*p = '\0';
3949
			yylval.v.number = strtonum(buf, LLONG_MIN,
3950
			    LLONG_MAX, &errstr);
3951
			if (errstr) {
3952
				yyerror("\"%s\" invalid number: %s",
3953
				    buf, errstr);
3954
				return (findeol());
3955
			}
3956
			return (NUMBER);
3957
		} else {
3958
nodigits:
3959
			while (p > buf + 1)
3960
				lungetc(*--p);
3961
			c = *--p;
3962
			if (c == '-')
3963
				return (c);
3964
		}
3965
	}
3966
3967
#define allowed_in_string(x) \
3968
	(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
3969
	x != '{' && x != '}' && x != '<' && x != '>' && \
3970
	x != '!' && x != '=' && x != '/' && x != '#' && \
3971
	x != ','))
3972
3973
	if (isalnum(c) || c == ':' || c == '_') {
3974
		do {
3975
			*p++ = c;
3976
			if ((unsigned)(p-buf) >= sizeof(buf)) {
3977
				yyerror("string too long");
3978
				return (findeol());
3979
			}
3980
		} while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
3981
		lungetc(c);
3982
		*p = '\0';
3983
		if ((token = lookup(buf)) == STRING)
3984
			if ((yylval.v.string = strdup(buf)) == NULL)
3985
				err(1, "yylex: strdup");
3986
		return (token);
3987
	}
3988
	if (c == '\n') {
3989
		yylval.lineno = file->lineno;
3990
		file->lineno++;
3991
	}
3992
	if (c == EOF)
3993
		return (0);
3994
	return (c);
3995
}
3996
3997
int
3998
check_file_secrecy(int fd, const char *fname)
3999
{
4000
	struct stat	st;
4001
4002
	if (fstat(fd, &st)) {
4003
		warn("cannot stat %s", fname);
4004
		return (-1);
4005
	}
4006
	if (st.st_uid != 0 && st.st_uid != getuid()) {
4007
		warnx("%s: owner not root or current user", fname);
4008
		return (-1);
4009
	}
4010
	if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
4011
		warnx("%s: group writable or world read/writable", fname);
4012
		return (-1);
4013
	}
4014
	return (0);
4015
}
4016
4017
struct file *
4018
pushfile(const char *name, int secret)
4019
{
4020
	struct file	*nfile;
4021
4022
	if ((nfile = calloc(1, sizeof(struct file))) == NULL ||
4023
	    (nfile->name = strdup(name)) == NULL) {
4024
		if (nfile)
4025
			free(nfile);
4026
		warn("malloc");
4027
		return (NULL);
4028
	}
4029
	if (TAILQ_FIRST(&files) == NULL && strcmp(nfile->name, "-") == 0) {
4030
		nfile->stream = stdin;
4031
		free(nfile->name);
4032
		if ((nfile->name = strdup("stdin")) == NULL) {
4033
			warn("strdup");
4034
			free(nfile);
4035
			return (NULL);
4036
		}
4037
	} else if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
4038
		warn("%s", nfile->name);
4039
		free(nfile->name);
4040
		free(nfile);
4041
		return (NULL);
4042
	} else if (secret &&
4043
	    check_file_secrecy(fileno(nfile->stream), nfile->name)) {
4044
		fclose(nfile->stream);
4045
		free(nfile->name);
4046
		free(nfile);
4047
		return (NULL);
4048
	}
4049
	nfile->lineno = 1;
4050
	TAILQ_INSERT_TAIL(&files, nfile, entry);
4051
	return (nfile);
4052
}
4053
4054
int
4055
popfile(void)
4056
{
4057
	struct file	*prev;
4058
4059
	if ((prev = TAILQ_PREV(file, files, entry)) != NULL) {
4060
		prev->errors += file->errors;
4061
		TAILQ_REMOVE(&files, file, entry);
4062
		fclose(file->stream);
4063
		free(file->name);
4064
		free(file);
4065
		file = prev;
4066
		return (0);
4067
	}
4068
	return (EOF);
4069
}
4070
4071
int
4072
parse_config(char *filename, struct pfctl *xpf)
4073
{
4074
	int		 errors = 0;
4075
	struct sym	*sym;
4076
4077
	pf = xpf;
4078
	returnicmpdefault = (ICMP_UNREACH << 8) | ICMP_UNREACH_PORT;
4079
	returnicmp6default =
4080
	    (ICMP6_DST_UNREACH << 8) | ICMP6_DST_UNREACH_NOPORT;
4081
	blockpolicy = PFRULE_DROP;
4082
4083
	if ((file = pushfile(filename, 0)) == NULL) {
4084
		warn("cannot open the main config file!");
4085
		return (-1);
4086
	}
4087
4088
	yyparse();
4089
	errors = file->errors;
4090
	popfile();
4091
4092
	/* Free macros and check which have not been used. */
4093
	while ((sym = TAILQ_FIRST(&symhead))) {
4094
		if ((pf->opts & PF_OPT_VERBOSE2) && !sym->used)
4095
			fprintf(stderr, "warning: macro '%s' not "
4096
			    "used\n", sym->nam);
4097
		free(sym->nam);
4098
		free(sym->val);
4099
		TAILQ_REMOVE(&symhead, sym, entry);
4100
		free(sym);
4101
	}
4102
4103
	return (errors ? -1 : 0);
4104
}
4105
4106
int
4107
symset(const char *nam, const char *val, int persist)
4108
{
4109
	struct sym	*sym;
4110
4111
	TAILQ_FOREACH(sym, &symhead, entry) {
4112
		if (strcmp(nam, sym->nam) == 0)
4113
			break;
4114
	}
4115
4116
	if (sym != NULL) {
4117
		if (sym->persist == 1)
4118
			return (0);
4119
		else {
4120
			free(sym->nam);
4121
			free(sym->val);
4122
			TAILQ_REMOVE(&symhead, sym, entry);
4123
			free(sym);
4124
		}
4125
	}
4126
	if ((sym = calloc(1, sizeof(*sym))) == NULL)
4127
		return (-1);
4128
4129
	sym->nam = strdup(nam);
4130
	if (sym->nam == NULL) {
4131
		free(sym);
4132
		return (-1);
4133
	}
4134
	sym->val = strdup(val);
4135
	if (sym->val == NULL) {
4136
		free(sym->nam);
4137
		free(sym);
4138
		return (-1);
4139
	}
4140
	sym->used = 0;
4141
	sym->persist = persist;
4142
	TAILQ_INSERT_TAIL(&symhead, sym, entry);
4143
	return (0);
4144
}
4145
4146
int
4147
pfctl_cmdline_symset(char *s)
4148
{
4149
	char	*sym, *val;
4150
	int	 ret;
4151
4152
	if ((val = strrchr(s, '=')) == NULL)
4153
		return (-1);
4154
4155
	if ((sym = malloc(strlen(s) - strlen(val) + 1)) == NULL)
4156
		err(1, "pfctl_cmdline_symset: malloc");
4157
4158
	strlcpy(sym, s, strlen(s) - strlen(val) + 1);
4159
4160
	ret = symset(sym, val + 1, 1);
4161
	free(sym);
4162
4163
	return (ret);
4164
}
4165
4166
char *
4167
symget(const char *nam)
4168
{
4169
	struct sym	*sym;
4170
4171
	TAILQ_FOREACH(sym, &symhead, entry) {
4172
		if (strcmp(nam, sym->nam) == 0) {
4173
			sym->used = 1;
4174
			return (sym->val);
4175
		}
4176
	}
4177
	return (NULL);
4178
}
4179
4180
void
4181
mv_rules(struct pf_ruleset *src, struct pf_ruleset *dst)
4182
{
4183
	struct pf_rule *r;
4184
4185
	while ((r = TAILQ_FIRST(src->rules.active.ptr)) != NULL) {
4186
		TAILQ_REMOVE(src->rules.active.ptr, r, entries);
4187
		TAILQ_INSERT_TAIL(dst->rules.active.ptr, r, entries);
4188
		dst->anchor->match++;
4189
	}
4190
	src->anchor->match = 0;
4191
	while ((r = TAILQ_FIRST(src->rules.inactive.ptr)) != NULL) {
4192
		TAILQ_REMOVE(src->rules.inactive.ptr, r, entries);
4193
		TAILQ_INSERT_TAIL(dst->rules.inactive.ptr, r, entries);
4194
	}
4195
}
4196
4197
void
4198
decide_address_family(struct node_host *n, sa_family_t *af)
4199
{
4200
	if (*af != 0 || n == NULL)
4201
		return;
4202
	*af = n->af;
4203
	while ((n = n->next) != NULL) {
4204
		if (n->af != *af) {
4205
			*af = 0;
4206
			return;
4207
		}
4208
	}
4209
}
4210
4211
int
4212
invalid_redirect(struct node_host *nh, sa_family_t af)
4213
{
4214
	if (!af) {
4215
		struct node_host *n;
4216
4217
		/* tables and dyniftl are ok without an address family */
4218
		for (n = nh; n != NULL; n = n->next) {
4219
			if (n->addr.type != PF_ADDR_TABLE &&
4220
			    n->addr.type != PF_ADDR_DYNIFTL) {
4221
				yyerror("address family not given and "
4222
				    "translation address expands to multiple "
4223
				    "address families");
4224
				return (1);
4225
			}
4226
		}
4227
	}
4228
	if (nh == NULL) {
4229
		yyerror("no translation address with matching address family "
4230
		    "found.");
4231
		return (1);
4232
	}
4233
	return (0);
4234
}
4235
4236
int
4237
atoul(char *s, u_long *ulvalp)
4238
{
4239
	u_long	 ulval;
4240
	char	*ep;
4241
4242
	errno = 0;
4243
	ulval = strtoul(s, &ep, 0);
4244
	if (s[0] == '\0' || *ep != '\0')
4245
		return (-1);
4246
	if (errno == ERANGE && ulval == ULONG_MAX)
4247
		return (-1);
4248
	*ulvalp = ulval;
4249
	return (0);
4250
}
4251
4252
int
4253
getservice(char *n)
4254
{
4255
	struct servent	*s;
4256
	u_long		 ulval;
4257
4258
	if (atoul(n, &ulval) == 0) {
4259
		if (ulval > 65535) {
4260
			yyerror("illegal port value %lu", ulval);
4261
			return (-1);
4262
		}
4263
		return (htons(ulval));
4264
	} else {
4265
		s = getservbyname(n, "tcp");
4266
		if (s == NULL)
4267
			s = getservbyname(n, "udp");
4268
		if (s == NULL) {
4269
			yyerror("unknown port %s", n);
4270
			return (-1);
4271
		}
4272
		return (s->s_port);
4273
	}
4274
}
4275
4276
int
4277
rule_label(struct pf_rule *r, char *s)
4278
{
4279
	if (s) {
4280
		if (strlcpy(r->label, s, sizeof(r->label)) >=
4281
		    sizeof(r->label)) {
4282
			yyerror("rule label too long (max %d chars)",
4283
			    sizeof(r->label)-1);
4284
			return (-1);
4285
		}
4286
	}
4287
	return (0);
4288
}
4289
4290
u_int16_t
4291
parseicmpspec(char *w, sa_family_t af)
4292
{
4293
	const struct icmpcodeent	*p;
4294
	u_long				 ulval;
4295
	u_int8_t			 icmptype;
4296
4297
	if (af == AF_INET)
4298
		icmptype = returnicmpdefault >> 8;
4299
	else
4300
		icmptype = returnicmp6default >> 8;
4301
4302
	if (atoul(w, &ulval) == -1) {
4303
		if ((p = geticmpcodebyname(icmptype, w, af)) == NULL) {
4304
			yyerror("unknown icmp code %s", w);
4305
			return (0);
4306
		}
4307
		ulval = p->code;
4308
	}
4309
	if (ulval > 255) {
4310
		yyerror("invalid icmp code %lu", ulval);
4311
		return (0);
4312
	}
4313
	return (icmptype << 8 | ulval);
4314
}
4315
4316
int
4317
parseport(char *port, struct range *r, int extensions)
4318
{
4319
	char	*p = strchr(port, ':');
4320
4321
	if (p == NULL) {
4322
		if ((r->a = getservice(port)) == -1)
4323
			return (-1);
4324
		r->b = 0;
4325
		r->t = PF_OP_NONE;
4326
		return (0);
4327
	}
4328
	if ((extensions & PPORT_STAR) && !strcmp(p+1, "*")) {
4329
		*p = 0;
4330
		if ((r->a = getservice(port)) == -1)
4331
			return (-1);
4332
		r->b = 0;
4333
		r->t = PF_OP_IRG;
4334
		return (0);
4335
	}
4336
	if ((extensions & PPORT_RANGE)) {
4337
		*p++ = 0;
4338
		if ((r->a = getservice(port)) == -1 ||
4339
		    (r->b = getservice(p)) == -1)
4340
			return (-1);
4341
		if (r->a == r->b) {
4342
			r->b = 0;
4343
			r->t = PF_OP_NONE;
4344
		} else
4345
			r->t = PF_OP_RRG;
4346
		return (0);
4347
	}
4348
	return (-1);
4349
}
4350
4351
int
4352
pfctl_load_anchors(int dev, struct pfctl *pf, struct pfr_buffer *trans)
4353
{
4354
	struct loadanchors	*la;
4355
4356
	TAILQ_FOREACH(la, &loadanchorshead, entries) {
4357
		if (pf->opts & PF_OPT_VERBOSE)
4358
			fprintf(stderr, "\nLoading anchor %s from %s\n",
4359
			    la->anchorname, la->filename);
4360
		if (pfctl_rules(dev, la->filename, pf->opts, pf->optimize,
4361
		    la->anchorname, trans) == -1)
4362
			return (-1);
4363
	}
4364
4365
	return (0);
4366
}
4367
4368
int
4369
kw_casecmp(const void *k, const void *e)
4370
{
4371
	return (strcasecmp(k, ((const struct keywords *)e)->k_name));
4372
}
4373
4374
int
4375
map_tos(char *s, int *val)
4376
{
4377
	/* DiffServ Codepoints and other TOS mappings */
4378
	const struct keywords	 toswords[] = {
4379
		{ "af11",		IPTOS_DSCP_AF11 },
4380
		{ "af12",		IPTOS_DSCP_AF12 },
4381
		{ "af13",		IPTOS_DSCP_AF13 },
4382
		{ "af21",		IPTOS_DSCP_AF21 },
4383
		{ "af22",		IPTOS_DSCP_AF22 },
4384
		{ "af23",		IPTOS_DSCP_AF23 },
4385
		{ "af31",		IPTOS_DSCP_AF31 },
4386
		{ "af32",		IPTOS_DSCP_AF32 },
4387
		{ "af33",		IPTOS_DSCP_AF33 },
4388
		{ "af41",		IPTOS_DSCP_AF41 },
4389
		{ "af42",		IPTOS_DSCP_AF42 },
4390
		{ "af43",		IPTOS_DSCP_AF43 },
4391
		{ "critical",		IPTOS_PREC_CRITIC_ECP },
4392
		{ "cs0",		IPTOS_DSCP_CS0 },
4393
		{ "cs1",		IPTOS_DSCP_CS1 },
4394
		{ "cs2",		IPTOS_DSCP_CS2 },
4395
		{ "cs3",		IPTOS_DSCP_CS3 },
4396
		{ "cs4",		IPTOS_DSCP_CS4 },
4397
		{ "cs5",		IPTOS_DSCP_CS5 },
4398
		{ "cs6",		IPTOS_DSCP_CS6 },
4399
		{ "cs7",		IPTOS_DSCP_CS7 },
4400
		{ "ef",			IPTOS_DSCP_EF },
4401
		{ "inetcontrol",	IPTOS_PREC_INTERNETCONTROL },
4402
		{ "lowdelay",		IPTOS_LOWDELAY },
4403
		{ "netcontrol",		IPTOS_PREC_NETCONTROL },
4404
		{ "reliability",	IPTOS_RELIABILITY },
4405
		{ "throughput",		IPTOS_THROUGHPUT }
4406
	};
4407
	const struct keywords	*p;
4408
4409
	p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]),
4410
	    sizeof(toswords[0]), kw_casecmp);
4411
4412
	if (p) {
4413
		*val = p->k_val;
4414
		return (1);
4415
	}
4416
	return (0);
4417
}
4418
#line 4411 "parse.c"
4419
908
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
4420
454
static int yygrowstack(void)
4421
{
4422
    unsigned int newsize;
4423
    long sslen;
4424
    short *newss;
4425
454
    YYSTYPE *newvs;
4426
4427
    if ((newsize = yystacksize) == 0)
4428
        newsize = YYINITSTACKSIZE;
4429
    else if (newsize >= YYMAXDEPTH)
4430
        return -1;
4431

908
    else if ((newsize *= 2) > YYMAXDEPTH)
4432
        newsize = YYMAXDEPTH;
4433
908
    sslen = yyssp - yyss;
4434
454
#ifdef SIZE_MAX
4435
454
#define YY_SIZE_MAX SIZE_MAX
4436
#else
4437
454
#define YY_SIZE_MAX 0xffffffffU
4438
454
#endif
4439

908
    if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
4440
        goto bail;
4441
908
    newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
4442
454
      (short *)malloc(newsize * sizeof *newss); /* overflow check above */
4443
454
    if (newss == NULL)
4444
        goto bail;
4445
454
    yyss = newss;
4446
454
    yyssp = newss + sslen;
4447
454
    if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
4448
454
        goto bail;
4449
454
    newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
4450
      (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
4451
    if (newvs == NULL)
4452
        goto bail;
4453
    yyvs = newvs;
4454
    yyvsp = newvs + sslen;
4455
    yystacksize = newsize;
4456
    yysslim = yyss + newsize - 1;
4457
    return 0;
4458
bail:
4459
454
    if (yyss)
4460
            free(yyss);
4461
    if (yyvs)
4462
            free(yyvs);
4463
    yyss = yyssp = NULL;
4464
    yyvs = yyvsp = NULL;
4465
    yystacksize = 0;
4466
    return -1;
4467
}
4468
4469
#define YYABORT goto yyabort
4470
#define YYREJECT goto yyabort
4471
#define YYACCEPT goto yyaccept
4472
#define YYERROR goto yyerrlab
4473
int
4474
yyparse(void)
4475
{
4476
    int yym, yyn, yystate;
4477
#if YYDEBUG
4478
    const char *yys;
4479
4480
908
    if ((yys = getenv("YYDEBUG")))
4481
454
    {
4482
454
        yyn = *yys;
4483
        if (yyn >= '0' && yyn <= '9')
4484

908
            yydebug = yyn - '0';
4485
454
    }
4486
454
#endif /* YYDEBUG */
4487
454
4488
    yynerrs = 0;
4489
    yyerrflag = 0;
4490
122610
    yychar = (-1);
4491
70788
4492
    if (yyss == NULL && yygrowstack()) goto yyoverflow;
4493
36483
    yyssp = yyss;
4494
    yyvsp = yyvs;
4495
    *yyssp = yystate = 0;
4496
4497
yyloop:
4498
    if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
4499
    if (yychar < 0)
4500
    {
4501
        if ((yychar = yylex()) < 0) yychar = 0;
4502
#if YYDEBUG
4503
        if (yydebug)
4504
36483
        {
4505

271757
            yys = 0;
4506
133870
            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
4507
            if (!yys) yys = "illegal-symbol";
4508
            printf("%sdebug: state %d, reading %d (%s)\n",
4509
                    YYPREFIX, yystate, yychar, yys);
4510
        }
4511
#endif
4512
    }
4513

39802
    if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
4514
            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
4515
    {
4516
#if YYDEBUG
4517
39802
        if (yydebug)
4518
39802
            printf("%sdebug: state %d, shifting to state %d\n",
4519
39802
                    YYPREFIX, yystate, yytable[yyn]);
4520
39975
#endif
4521
39802
        if (yyssp >= yysslim && yygrowstack())
4522
        {
4523

123755
            goto yyoverflow;
4524
61846
        }
4525
        *++yyssp = yystate = yytable[yyn];
4526
30918
        *++yyvsp = yylval;
4527
30918
        yychar = (-1);
4528
        if (yyerrflag > 0)  --yyerrflag;
4529
68
        goto yyloop;
4530
    }
4531
    if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
4532
            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
4533
    {
4534
20
        yyn = yytable[yyn];
4535
        goto yyreduce;
4536
20
    }
4537
    if (yyerrflag) goto yyinrecovery;
4538
#if defined(__GNUC__)
4539
83
    goto yynewerror;
4540
#endif
4541
131
yynewerror:
4542
    yyerror("syntax error");
4543
84
#if defined(__GNUC__)
4544
838
    goto yyerrlab;
4545
#endif
4546

3060
yyerrlab:
4547
1481
    ++yynerrs;
4548
yyinrecovery:
4549
    if (yyerrflag < 3)
4550
    {
4551
        yyerrflag = 3;
4552
        for (;;)
4553
        {
4554

84
            if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
4555
                    yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
4556
            {
4557
#if YYDEBUG
4558
84
                if (yydebug)
4559
84
                    printf("%sdebug: state %d, error recovery shifting\
4560
84
 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
4561
#endif
4562
                if (yyssp >= yysslim && yygrowstack())
4563
                {
4564
                    goto yyoverflow;
4565
                }
4566
                *++yyssp = yystate = yytable[yyn];
4567
                *++yyvsp = yylval;
4568
                goto yyloop;
4569
754
            }
4570
754
            else
4571
754
            {
4572
#if YYDEBUG
4573
                if (yydebug)
4574
                    printf("%sdebug: error recovery discarding state %d\n",
4575
                            YYPREFIX, *yyssp);
4576
#endif
4577
47
                if (yyssp <= yyss) goto yyabort;
4578
                --yyssp;
4579
                --yyvsp;
4580
            }
4581
        }
4582
    }
4583
    else
4584
    {
4585
        if (yychar == 0) goto yyabort;
4586
#if YYDEBUG
4587
        if (yydebug)
4588
45
        {
4589
45
            yys = 0;
4590
            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
4591
            if (!yys) yys = "illegal-symbol";
4592
            printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
4593
                    YYPREFIX, yystate, yychar, yys);
4594
        }
4595
#endif
4596
        yychar = (-1);
4597
82740
        goto yyloop;
4598
82740
    }
4599
60359
yyreduce:
4600
#if YYDEBUG
4601
22381
    if (yydebug)
4602



















































































152833
        printf("%sdebug: state %d, reducing by rule %d (%s)\n",
4603
                YYPREFIX, yystate, yyn, yyrule[yyn]);
4604
#endif
4605
    yym = yylen[yyn];
4606
    if (yym)
4607
        yyval = yyvsp[1-yym];
4608
    else
4609
        memset(&yyval, 0, sizeof yyval);
4610
    switch (yyn)
4611
    {
4612
case 13:
4613
#line 539 "parse.y"
4614
{ file->errors++; }
4615
break;
4616
case 14:
4617
#line 542 "parse.y"
4618
{
4619
			struct file	*nfile;
4620
4621
			if ((nfile = pushfile(yyvsp[0].v.string, 0)) == NULL) {
4622
				yyerror("failed to include file %s", yyvsp[0].v.string);
4623
				free(yyvsp[0].v.string);
4624
				YYERROR;
4625
			}
4626
			free(yyvsp[0].v.string);
4627
4628
			file = nfile;
4629
			lungetc('\n');
4630
		}
4631
break;
4632
case 19:
4633
#line 567 "parse.y"
4634
{
4635
			if (!strcmp(yyvsp[0].v.string, "none"))
4636
				yyval.v.i = 0;
4637
			else if (!strcmp(yyvsp[0].v.string, "basic"))
4638
				yyval.v.i = PF_OPTIMIZE_BASIC;
4639
			else if (!strcmp(yyvsp[0].v.string, "profile"))
4640
				yyval.v.i = PF_OPTIMIZE_BASIC | PF_OPTIMIZE_PROFILE;
4641
			else {
4642
				yyerror("unknown ruleset-optimization %s", yyvsp[0].v.string);
4643
				YYERROR;
4644
			}
4645
		}
4646
break;
4647
case 20:
4648
#line 581 "parse.y"
4649
{ yyval.v.number = 0; }
4650
break;
4651
case 21:
4652
#line 582 "parse.y"
4653
{ yyval.v.number = 1; }
4654
break;
4655
case 22:
4656
#line 585 "parse.y"
4657
{
4658
			pfctl_set_reassembly(pf, yyvsp[-1].v.number, yyvsp[0].v.number);
4659
		}
4660
break;
4661
case 23:
4662
#line 588 "parse.y"
4663
{
4664
			if (pfctl_set_optimization(pf, yyvsp[0].v.string) != 0) {
4665
				yyerror("unknown optimization %s", yyvsp[0].v.string);
4666
				free(yyvsp[0].v.string);
4667
				YYERROR;
4668
			}
4669
			free(yyvsp[0].v.string);
4670
		}
4671
break;
4672
case 24:
4673
#line 596 "parse.y"
4674
{
4675
			if (!(pf->opts & PF_OPT_OPTIMIZE)) {
4676
				pf->opts |= PF_OPT_OPTIMIZE;
4677
				pf->optimize = yyvsp[0].v.i;
4678
			}
4679
		}
4680
break;
4681
case 29:
4682
#line 606 "parse.y"
4683
{
4684
			if (pfctl_set_logif(pf, yyvsp[0].v.string) != 0) {
4685
				yyerror("error setting loginterface %s", yyvsp[0].v.string);
4686
				free(yyvsp[0].v.string);
4687
				YYERROR;
4688
			}
4689
			free(yyvsp[0].v.string);
4690
		}
4691
break;
4692
case 30:
4693
#line 614 "parse.y"
4694
{
4695
			if (yyvsp[0].v.number == 0 || yyvsp[0].v.number > UINT_MAX) {
4696
				yyerror("hostid must be non-zero");
4697
				YYERROR;
4698
			}
4699
			pfctl_set_hostid(pf, yyvsp[0].v.number);
4700
		}
4701
break;
4702
case 31:
4703
#line 621 "parse.y"
4704
{
4705
			if (pf->opts & PF_OPT_VERBOSE)
4706
				printf("set block-policy drop\n");
4707
			blockpolicy = PFRULE_DROP;
4708
		}
4709
break;
4710
case 32:
4711
#line 626 "parse.y"
4712
{
4713
			if (pf->opts & PF_OPT_VERBOSE)
4714
				printf("set block-policy return\n");
4715
			blockpolicy = PFRULE_RETURN;
4716
		}
4717
break;
4718
case 33:
4719
#line 631 "parse.y"
4720
{
4721
			if (pf->opts & PF_OPT_VERBOSE)
4722
				printf("set fingerprints \"%s\"\n", yyvsp[0].v.string);
4723
			if (!pf->anchor->name[0]) {
4724
				if (pfctl_file_fingerprints(pf->dev,
4725
				    pf->opts, yyvsp[0].v.string)) {
4726
					yyerror("error loading "
4727
					    "fingerprints %s", yyvsp[0].v.string);
4728
					free(yyvsp[0].v.string);
4729
					YYERROR;
4730
				}
4731
			}
4732
			free(yyvsp[0].v.string);
4733
		}
4734
break;
4735
case 34:
4736
#line 645 "parse.y"
4737
{
4738
			if (pf->opts & PF_OPT_VERBOSE)
4739
				switch (yyvsp[0].v.i) {
4740
				case 0:
4741
					printf("set state-policy floating\n");
4742
					break;
4743
				case PFRULE_IFBOUND:
4744
					printf("set state-policy if-bound\n");
4745
					break;
4746
				}
4747
			default_statelock = yyvsp[0].v.i;
4748
		}
4749
break;
4750
case 35:
4751
#line 657 "parse.y"
4752
{
4753
			if (pfctl_set_debug(pf, yyvsp[0].v.string) != 0) {
4754
				yyerror("error setting debuglevel %s", yyvsp[0].v.string);
4755
				free(yyvsp[0].v.string);
4756
				YYERROR;
4757
			}
4758
			free(yyvsp[0].v.string);
4759
		}
4760
break;
4761
case 36:
4762
#line 665 "parse.y"
4763
{
4764
			if (pfctl_set_debug(pf, "debug") != 0) {
4765
				yyerror("error setting debuglevel %s", "debug");
4766
				YYERROR;
4767
			}
4768
		}
4769
break;
4770
case 37:
4771
#line 671 "parse.y"
4772
{
4773
			if (expand_skip_interface(yyvsp[0].v.interface) != 0) {
4774
				yyerror("error setting skip interface(s)");
4775
				YYERROR;
4776
			}
4777
		}
4778
break;
4779
case 38:
4780
#line 677 "parse.y"
4781
{
4782
			if (keep_state_defaults != NULL) {
4783
				yyerror("cannot redefine state-defaults");
4784
				YYERROR;
4785
			}
4786
			keep_state_defaults = yyvsp[0].v.state_opt;
4787
		}
4788
break;
4789
case 39:
4790
#line 686 "parse.y"
4791
{ yyval.v.string = yyvsp[0].v.string; }
4792
break;
4793
case 40:
4794
#line 687 "parse.y"
4795
{
4796
			if ((yyval.v.string = strdup("all")) == NULL) {
4797
				err(1, "stringall: strdup");
4798
			}
4799
		}
4800
break;
4801
case 41:
4802
#line 694 "parse.y"
4803
{
4804
			if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1)
4805
				err(1, "string: asprintf");
4806
			free(yyvsp[-1].v.string);
4807
			free(yyvsp[0].v.string);
4808
		}
4809
break;
4810
case 43:
4811
#line 703 "parse.y"
4812
{
4813
			if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1)
4814
				err(1, "string: asprintf");
4815
			free(yyvsp[-1].v.string);
4816
			free(yyvsp[0].v.string);
4817
		}
4818
break;
4819
case 45:
4820
#line 712 "parse.y"
4821
{
4822
			char	*s;
4823
			if (asprintf(&s, "%lld", yyvsp[0].v.number) == -1) {
4824
				yyerror("string: asprintf");
4825
				YYERROR;
4826
			}
4827
			yyval.v.string = s;
4828
		}
4829
break;
4830
case 47:
4831
#line 723 "parse.y"
4832
{
4833
			char *s = yyvsp[-2].v.string;
4834
			if (pf->opts & PF_OPT_VERBOSE)
4835
				printf("%s = \"%s\"\n", yyvsp[-2].v.string, yyvsp[0].v.string);
4836
			while (*s++) {
4837
				if (isspace((unsigned char)*s)) {
4838
					yyerror("macro name cannot contain "
4839
					    "whitespace");
4840
					YYERROR;
4841
				}
4842
			}
4843
			if (symset(yyvsp[-2].v.string, yyvsp[0].v.string, 0) == -1)
4844
				err(1, "cannot store variable %s", yyvsp[-2].v.string);
4845
			free(yyvsp[-2].v.string);
4846
			free(yyvsp[0].v.string);
4847
		}
4848
break;
4849
case 48:
4850
#line 741 "parse.y"
4851
{ yyval.v.string = yyvsp[0].v.string; }
4852
break;
4853
case 49:
4854
#line 742 "parse.y"
4855
{ yyval.v.string = NULL; }
4856
break;
4857
case 55:
4858
#line 753 "parse.y"
4859
{
4860
			char ta[PF_ANCHOR_NAME_SIZE];
4861
			struct pf_ruleset *rs;
4862
4863
			/* steping into a brace anchor */
4864
			pf->asd++;
4865
			pf->bn++;
4866
			pf->brace = 1;
4867
4868
			/*
4869
			 * Anchor contents are parsed before the anchor rule
4870
			 * production completes, so we don't know the real
4871
			 * location yet. Create a holding ruleset in the root;
4872
			 * contents will be moved afterwards.
4873
			 */
4874
			snprintf(ta, PF_ANCHOR_NAME_SIZE, "_%d", pf->bn);
4875
			rs = pf_find_or_create_ruleset(ta);
4876
			if (rs == NULL)
4877
				err(1, "pfa_anchor: pf_find_or_create_ruleset");
4878
			pf->astack[pf->asd] = rs->anchor;
4879
			pf->anchor = rs->anchor;
4880
		}
4881
break;
4882
case 56:
4883
#line 775 "parse.y"
4884
{
4885
			pf->alast = pf->anchor;
4886
			pf->asd--;
4887
			pf->anchor = pf->astack[pf->asd];
4888
		}
4889
break;
4890
case 58:
4891
#line 785 "parse.y"
4892
{
4893
			struct pf_rule	r;
4894
			struct node_proto	*proto;
4895
4896
			if (yyvsp[-8].v.string && (yyvsp[-8].v.string[0] == '_' || strstr(yyvsp[-8].v.string, "/_") != NULL)) {
4897
				free(yyvsp[-8].v.string);
4898
				yyerror("anchor names beginning with '_' "
4899
				    "are reserved for internal use");
4900
				YYERROR;
4901
			}
4902
4903
			memset(&r, 0, sizeof(r));
4904
			if (pf->astack[pf->asd + 1]) {
4905
				if (yyvsp[-8].v.string && strchr(yyvsp[-8].v.string, '/') != NULL) {
4906
					free(yyvsp[-8].v.string);
4907
					yyerror("anchor paths containing '/' "
4908
				    	    "cannot be used for inline anchors.");
4909
					YYERROR;
4910
				}
4911
4912
				/* Move inline rules into relative location. */
4913
				pf_anchor_setup(&r,
4914
				    &pf->astack[pf->asd]->ruleset,
4915
				    yyvsp[-8].v.string ? yyvsp[-8].v.string : pf->alast->name);
4916
4917
				if (r.anchor == NULL)
4918
					err(1, "anchorrule: unable to "
4919
					    "create ruleset");
4920
4921
				if (pf->alast != r.anchor) {
4922
					if (r.anchor->match) {
4923
						yyerror("inline anchor '%s' "
4924
						    "already exists",
4925
						    r.anchor->name);
4926
						YYERROR;
4927
					}
4928
					mv_rules(&pf->alast->ruleset,
4929
					    &r.anchor->ruleset);
4930
				}
4931
				pf_remove_if_empty_ruleset(&pf->alast->ruleset);
4932
				pf->alast = r.anchor;
4933
			} else {
4934
				if (!yyvsp[-8].v.string) {
4935
					yyerror("anchors without explicit "
4936
					    "rules must specify a name");
4937
					YYERROR;
4938
				}
4939
			}
4940
			r.direction = yyvsp[-7].v.i;
4941
			r.quick = yyvsp[-6].v.logquick.quick;
4942
			r.af = yyvsp[-4].v.i;
4943
			r.prob = yyvsp[-1].v.filter_opts.prob;
4944
			r.rtableid = yyvsp[-1].v.filter_opts.rtableid;
4945
4946
			if (yyvsp[-1].v.filter_opts.tag)
4947
				if (strlcpy(r.tagname, yyvsp[-1].v.filter_opts.tag,
4948
				    PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) {
4949
					yyerror("tag too long, max %u chars",
4950
					    PF_TAG_NAME_SIZE - 1);
4951
					YYERROR;
4952
				}
4953
			if (yyvsp[-1].v.filter_opts.match_tag)
4954
				if (strlcpy(r.match_tagname, yyvsp[-1].v.filter_opts.match_tag,
4955
				    PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) {
4956
					yyerror("tag too long, max %u chars",
4957
					    PF_TAG_NAME_SIZE - 1);
4958
					YYERROR;
4959
				}
4960
			r.match_tag_not = yyvsp[-1].v.filter_opts.match_tag_not;
4961
			if (rule_label(&r, yyvsp[-1].v.filter_opts.label))
4962
				YYERROR;
4963
			free(yyvsp[-1].v.filter_opts.label);
4964
			r.flags = yyvsp[-1].v.filter_opts.flags.b1;
4965
			r.flagset = yyvsp[-1].v.filter_opts.flags.b2;
4966
			if ((yyvsp[-1].v.filter_opts.flags.b1 & yyvsp[-1].v.filter_opts.flags.b2) != yyvsp[-1].v.filter_opts.flags.b1) {
4967
				yyerror("flags always false");
4968
				YYERROR;
4969
			}
4970
			if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2 || yyvsp[-2].v.fromto.src_os) {
4971
				for (proto = yyvsp[-3].v.proto; proto != NULL &&
4972
				    proto->proto != IPPROTO_TCP;
4973
				    proto = proto->next)
4974
					;	/* nothing */
4975
				if (proto == NULL && yyvsp[-3].v.proto != NULL) {
4976
					if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2)
4977
						yyerror(
4978
						    "flags only apply to tcp");
4979
					if (yyvsp[-2].v.fromto.src_os)
4980
						yyerror(
4981
						    "OS fingerprinting only "
4982
						    "applies to tcp");
4983
					YYERROR;
4984
				}
4985
			}
4986
4987
			r.tos = yyvsp[-1].v.filter_opts.tos;
4988
4989
			if (yyvsp[-1].v.filter_opts.keep.action) {
4990
				yyerror("cannot specify state handling "
4991
				    "on anchors");
4992
				YYERROR;
4993
			}
4994
4995
			if (yyvsp[-1].v.filter_opts.route.rt) {
4996
				yyerror("cannot specify route handling "
4997
				    "on anchors");
4998
				YYERROR;
4999
			}
5000
5001
			if (yyvsp[-1].v.filter_opts.marker & FOM_ONCE) {
5002
				yyerror("cannot specify 'once' "
5003
				    "on anchors");
5004
				YYERROR;
5005
			}
5006
5007
			if (yyvsp[-1].v.filter_opts.match_tag)
5008
				if (strlcpy(r.match_tagname, yyvsp[-1].v.filter_opts.match_tag,
5009
				    PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) {
5010
					yyerror("tag too long, max %u chars",
5011
					    PF_TAG_NAME_SIZE - 1);
5012
					YYERROR;
5013
				}
5014
			r.match_tag_not = yyvsp[-1].v.filter_opts.match_tag_not;
5015
			if (yyvsp[-1].v.filter_opts.marker & FOM_PRIO) {
5016
				if (yyvsp[-1].v.filter_opts.prio == 0)
5017
					r.prio = PF_PRIO_ZERO;
5018
				else
5019
					r.prio = yyvsp[-1].v.filter_opts.prio;
5020
			}
5021
			if (yyvsp[-1].v.filter_opts.marker & FOM_SETPRIO) {
5022
				r.set_prio[0] = yyvsp[-1].v.filter_opts.set_prio[0];
5023
				r.set_prio[1] = yyvsp[-1].v.filter_opts.set_prio[1];
5024
				r.scrub_flags |= PFSTATE_SETPRIO;
5025
			}
5026
5027
			decide_address_family(yyvsp[-2].v.fromto.src.host, &r.af);
5028
			decide_address_family(yyvsp[-2].v.fromto.dst.host, &r.af);
5029
5030
			expand_rule(&r, 0, yyvsp[-5].v.interface, NULL, NULL, NULL, yyvsp[-3].v.proto, yyvsp[-2].v.fromto.src_os,
5031
			    yyvsp[-2].v.fromto.src.host, yyvsp[-2].v.fromto.src.port, yyvsp[-2].v.fromto.dst.host, yyvsp[-2].v.fromto.dst.port,
5032
			    yyvsp[-1].v.filter_opts.uid, yyvsp[-1].v.filter_opts.gid, yyvsp[-1].v.filter_opts.rcv, yyvsp[-1].v.filter_opts.icmpspec,
5033
			    pf->astack[pf->asd + 1] ? pf->alast->name : yyvsp[-8].v.string);
5034
			free(yyvsp[-8].v.string);
5035
			pf->astack[pf->asd + 1] = NULL;
5036
		}
5037
break;
5038
case 59:
5039
#line 932 "parse.y"
5040
{
5041
			struct loadanchors	*loadanchor;
5042
5043
			if (strlen(pf->anchor->name) + 1 +
5044
			    strlen(yyvsp[-2].v.string) >= PATH_MAX) {
5045
				yyerror("anchorname %s too long, max %u\n",
5046
				    yyvsp[-2].v.string, PATH_MAX - 1);
5047
				free(yyvsp[-2].v.string);
5048
				YYERROR;
5049
			}
5050
			loadanchor = calloc(1, sizeof(struct loadanchors));
5051
			if (loadanchor == NULL)
5052
				err(1, "loadrule: calloc");
5053
			if ((loadanchor->anchorname = malloc(PATH_MAX)) ==
5054
			    NULL)
5055
				err(1, "loadrule: malloc");
5056
			if (pf->anchor->name[0])
5057
				snprintf(loadanchor->anchorname, PATH_MAX,
5058
				    "%s/%s", pf->anchor->name, yyvsp[-2].v.string);
5059
			else
5060
				strlcpy(loadanchor->anchorname, yyvsp[-2].v.string, PATH_MAX);
5061
			if ((loadanchor->filename = strdup(yyvsp[0].v.string)) == NULL)
5062
				err(1, "loadrule: strdup");
5063
5064
			TAILQ_INSERT_TAIL(&loadanchorshead, loadanchor,
5065
			    entries);
5066
5067
			free(yyvsp[-2].v.string);
5068
			free(yyvsp[0].v.string);
5069
		}
5070
break;
5071
case 60:
5072
#line 963 "parse.y"
5073
{
5074
				bzero(&scrub_opts, sizeof scrub_opts);
5075
			}
5076
break;
5077
case 61:
5078
#line 967 "parse.y"
5079
{ yyval.v.scrub_opts = scrub_opts; }
5080
break;
5081
case 64:
5082
#line 974 "parse.y"
5083
{
5084
			if (scrub_opts.nodf) {
5085
				yyerror("no-df cannot be respecified");
5086
				YYERROR;
5087
			}
5088
			scrub_opts.nodf = 1;
5089
		}
5090
break;
5091
case 65:
5092
#line 981 "parse.y"
5093
{
5094
			if (scrub_opts.marker & FOM_MINTTL) {
5095
				yyerror("min-ttl cannot be respecified");
5096
				YYERROR;
5097
			}
5098
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
5099
				yyerror("illegal min-ttl value %d", yyvsp[0].v.number);
5100
				YYERROR;
5101
			}
5102
			scrub_opts.marker |= FOM_MINTTL;
5103
			scrub_opts.minttl = yyvsp[0].v.number;
5104
		}
5105
break;
5106
case 66:
5107
#line 993 "parse.y"
5108
{
5109
			if (scrub_opts.marker & FOM_MAXMSS) {
5110
				yyerror("max-mss cannot be respecified");
5111
				YYERROR;
5112
			}
5113
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) {
5114
				yyerror("illegal max-mss value %d", yyvsp[0].v.number);
5115
				YYERROR;
5116
			}
5117
			scrub_opts.marker |= FOM_MAXMSS;
5118
			scrub_opts.maxmss = yyvsp[0].v.number;
5119
		}
5120
break;
5121
case 67:
5122
#line 1005 "parse.y"
5123
{
5124
			if (strcasecmp(yyvsp[0].v.string, "tcp") != 0) {
5125
				yyerror("scrub reassemble supports only tcp, "
5126
				    "not '%s'", yyvsp[0].v.string);
5127
				free(yyvsp[0].v.string);
5128
				YYERROR;
5129
			}
5130
			free(yyvsp[0].v.string);
5131
			if (scrub_opts.reassemble_tcp) {
5132
				yyerror("reassemble tcp cannot be respecified");
5133
				YYERROR;
5134
			}
5135
			scrub_opts.reassemble_tcp = 1;
5136
		}
5137
break;
5138
case 68:
5139
#line 1019 "parse.y"
5140
{
5141
			if (scrub_opts.randomid) {
5142
				yyerror("random-id cannot be respecified");
5143
				YYERROR;
5144
			}
5145
			scrub_opts.randomid = 1;
5146
		}
5147
break;
5148
case 69:
5149
#line 1028 "parse.y"
5150
{
5151
			struct pf_rule		 r;
5152
			struct node_host	*h = NULL, *hh;
5153
			struct node_if		*i, *j;
5154
5155
			for (i = yyvsp[-2].v.interface; i; i = i->next) {
5156
				bzero(&r, sizeof(r));
5157
5158
				r.action = PF_DROP;
5159
				r.direction = PF_IN;
5160
				r.log = yyvsp[-3].v.logquick.log;
5161
				r.logif = yyvsp[-3].v.logquick.logif;
5162
				r.quick = yyvsp[-3].v.logquick.quick;
5163
				r.af = yyvsp[-1].v.i;
5164
				if (rule_label(&r, yyvsp[0].v.antispoof_opts.label))
5165
					YYERROR;
5166
				r.rtableid = yyvsp[0].v.antispoof_opts.rtableid;
5167
				j = calloc(1, sizeof(struct node_if));
5168
				if (j == NULL)
5169
					err(1, "antispoof: calloc");
5170
				if (strlcpy(j->ifname, i->ifname,
5171
				    sizeof(j->ifname)) >= sizeof(j->ifname)) {
5172
					free(j);
5173
					yyerror("interface name too long");
5174
					YYERROR;
5175
				}
5176
				j->not = 1;
5177
				if (i->dynamic) {
5178
					h = calloc(1, sizeof(*h));
5179
					if (h == NULL)
5180
						err(1, "address: calloc");
5181
					h->addr.type = PF_ADDR_DYNIFTL;
5182
					set_ipmask(h, 128);
5183
					if (strlcpy(h->addr.v.ifname, i->ifname,
5184
					    sizeof(h->addr.v.ifname)) >=
5185
					    sizeof(h->addr.v.ifname)) {
5186
						free(h);
5187
						yyerror(
5188
						    "interface name too long");
5189
						YYERROR;
5190
					}
5191
					hh = malloc(sizeof(*hh));
5192
					if (hh == NULL)
5193
						 err(1, "address: malloc");
5194
					bcopy(h, hh, sizeof(*hh));
5195
					h->addr.iflags = PFI_AFLAG_NETWORK;
5196
				} else {
5197
					h = ifa_lookup(j->ifname,
5198
					    PFI_AFLAG_NETWORK);
5199
					hh = NULL;
5200
				}
5201
5202
				if (h != NULL)
5203
					expand_rule(&r, 0, j, NULL, NULL, NULL,
5204
					    NULL, NULL, h, NULL, NULL, NULL,
5205
					    NULL, NULL, NULL, NULL, "");
5206
5207
				if ((i->ifa_flags & IFF_LOOPBACK) == 0) {
5208
					bzero(&r, sizeof(r));
5209
5210
					r.action = PF_DROP;
5211
					r.direction = PF_IN;
5212
					r.log = yyvsp[-3].v.logquick.log;
5213
					r.logif = yyvsp[-3].v.logquick.logif;
5214
					r.quick = yyvsp[-3].v.logquick.quick;
5215
					r.af = yyvsp[-1].v.i;
5216
					if (rule_label(&r, yyvsp[0].v.antispoof_opts.label))
5217
						YYERROR;
5218
					r.rtableid = yyvsp[0].v.antispoof_opts.rtableid;
5219
					if (hh != NULL)
5220
						h = hh;
5221
					else
5222
						h = ifa_lookup(i->ifname, 0);
5223
					if (h != NULL)
5224
						expand_rule(&r, 0, NULL, NULL,
5225
						    NULL, NULL, NULL, NULL, h,
5226
						    NULL, NULL, NULL, NULL,
5227
						    NULL, NULL, NULL, "");
5228
				} else
5229
					free(hh);
5230
			}
5231
			free(yyvsp[0].v.antispoof_opts.label);
5232
		}
5233
break;
5234
case 70:
5235
#line 1113 "parse.y"
5236
{ yyval.v.interface = yyvsp[0].v.interface; }
5237
break;
5238
case 71:
5239
#line 1114 "parse.y"
5240
{ yyval.v.interface = yyvsp[-1].v.interface; }
5241
break;
5242
case 72:
5243
#line 1117 "parse.y"
5244
{ yyval.v.interface = yyvsp[-1].v.interface; }
5245
break;
5246
case 73:
5247
#line 1118 "parse.y"
5248
{
5249
			yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface;
5250
			yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface;
5251
			yyval.v.interface = yyvsp[-3].v.interface;
5252
		}
5253
break;
5254
case 74:
5255
#line 1125 "parse.y"
5256
{ yyval.v.interface = yyvsp[0].v.interface; }
5257
break;
5258
case 75:
5259
#line 1126 "parse.y"
5260
{
5261
			yyvsp[-1].v.interface->dynamic = 1;
5262
			yyval.v.interface = yyvsp[-1].v.interface;
5263
		}
5264
break;
5265
case 76:
5266
#line 1132 "parse.y"
5267
{
5268
				bzero(&antispoof_opts, sizeof antispoof_opts);
5269
				antispoof_opts.rtableid = -1;
5270
			}
5271
break;
5272
case 77:
5273
#line 1137 "parse.y"
5274
{ yyval.v.antispoof_opts = antispoof_opts; }
5275
break;
5276
case 78:
5277
#line 1138 "parse.y"
5278
{
5279
			bzero(&antispoof_opts, sizeof antispoof_opts);
5280
			antispoof_opts.rtableid = -1;
5281
			yyval.v.antispoof_opts = antispoof_opts;
5282
		}
5283
break;
5284
case 81:
5285
#line 1149 "parse.y"
5286
{
5287
			if (antispoof_opts.label) {
5288
				yyerror("label cannot be redefined");
5289
				YYERROR;
5290
			}
5291
			antispoof_opts.label = yyvsp[0].v.string;
5292
		}
5293
break;
5294
case 82:
5295
#line 1156 "parse.y"
5296
{
5297
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) {
5298
				yyerror("invalid rtable id");
5299
				YYERROR;
5300
			}
5301
			antispoof_opts.rtableid = yyvsp[0].v.number;
5302
		}
5303
break;
5304
case 83:
5305
#line 1165 "parse.y"
5306
{ yyval.v.number = 1; }
5307
break;
5308
case 84:
5309
#line 1166 "parse.y"
5310
{ yyval.v.number = 0; }
5311
break;
5312
case 85:
5313
#line 1169 "parse.y"
5314
{
5315
			struct node_host	 *h, *nh;
5316
			struct node_tinit	 *ti, *nti;
5317
5318
			if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE) {
5319
				yyerror("table name too long, max %d chars",
5320
				    PF_TABLE_NAME_SIZE - 1);
5321
				free(yyvsp[-2].v.string);
5322
				YYERROR;
5323
			}
5324
			if (process_tabledef(yyvsp[-2].v.string, &yyvsp[0].v.table_opts, pf->opts)) {
5325
				free(yyvsp[-2].v.string);
5326
				YYERROR;
5327
			}
5328
			free(yyvsp[-2].v.string);
5329
			for (ti = SIMPLEQ_FIRST(&yyvsp[0].v.table_opts.init_nodes); ti != NULL;
5330
			    ti = nti) {
5331
				if (ti->file)
5332
					free(ti->file);
5333
				for (h = ti->host; h != NULL; h = nh) {
5334
					nh = h->next;
5335
					free(h);
5336
				}
5337
				nti = SIMPLEQ_NEXT(ti, entries);
5338
				free(ti);
5339
			}
5340
		}
5341
break;
5342
case 86:
5343
#line 1198 "parse.y"
5344
{
5345
			bzero(&table_opts, sizeof table_opts);
5346
			SIMPLEQ_INIT(&table_opts.init_nodes);
5347
		}
5348
break;
5349
case 87:
5350
#line 1203 "parse.y"
5351
{ yyval.v.table_opts = table_opts; }
5352
break;
5353
case 88:
5354
#line 1205 "parse.y"
5355
{
5356
			bzero(&table_opts, sizeof table_opts);
5357
			SIMPLEQ_INIT(&table_opts.init_nodes);
5358
			yyval.v.table_opts = table_opts;
5359
		}
5360
break;
5361
case 91:
5362
#line 1216 "parse.y"
5363
{
5364
			if (!strcmp(yyvsp[0].v.string, "const"))
5365
				table_opts.flags |= PFR_TFLAG_CONST;
5366
			else if (!strcmp(yyvsp[0].v.string, "persist"))
5367
				table_opts.flags |= PFR_TFLAG_PERSIST;
5368
			else if (!strcmp(yyvsp[0].v.string, "counters"))
5369
				table_opts.flags |= PFR_TFLAG_COUNTERS;
5370
			else {
5371
				yyerror("invalid table option '%s'", yyvsp[0].v.string);
5372
				free(yyvsp[0].v.string);
5373
				YYERROR;
5374
			}
5375
			free(yyvsp[0].v.string);
5376
		}
5377
break;
5378
case 92:
5379
#line 1230 "parse.y"
5380
{ table_opts.init_addr = 1; }
5381
break;
5382
case 93:
5383
#line 1231 "parse.y"
5384
{
5385
			struct node_host	*n;
5386
			struct node_tinit	*ti;
5387
5388
			for (n = yyvsp[-1].v.host; n != NULL; n = n->next) {
5389
				switch (n->addr.type) {
5390
				case PF_ADDR_ADDRMASK:
5391
					continue; /* ok */
5392
				case PF_ADDR_RANGE:
5393
					yyerror("address ranges are not "
5394
					    "permitted inside tables");
5395
					break;
5396
				case PF_ADDR_DYNIFTL:
5397
					yyerror("dynamic addresses are not "
5398
					    "permitted inside tables");
5399
					break;
5400
				case PF_ADDR_TABLE:
5401
					yyerror("tables cannot contain tables");
5402
					break;
5403
				case PF_ADDR_NOROUTE:
5404
					yyerror("\"no-route\" is not permitted "
5405
					    "inside tables");
5406
					break;
5407
				case PF_ADDR_URPFFAILED:
5408
					yyerror("\"urpf-failed\" is not "
5409
					    "permitted inside tables");
5410
					break;
5411
				default:
5412
					yyerror("unknown address type %d",
5413
					    n->addr.type);
5414
				}
5415
				YYERROR;
5416
			}
5417
			if (!(ti = calloc(1, sizeof(*ti))))
5418
				err(1, "table_opt: calloc");
5419
			ti->host = yyvsp[-1].v.host;
5420
			SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,
5421
			    entries);
5422
			table_opts.init_addr = 1;
5423
		}
5424
break;
5425
case 94:
5426
#line 1271 "parse.y"
5427
{
5428
			struct node_tinit	*ti;
5429
5430
			if (!(ti = calloc(1, sizeof(*ti))))
5431
				err(1, "table_opt: calloc");
5432
			ti->file = yyvsp[0].v.string;
5433
			SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,
5434
			    entries);
5435
			table_opts.init_addr = 1;
5436
		}
5437
break;
5438
case 95:
5439
#line 1283 "parse.y"
5440
{
5441
			if (yyvsp[0].v.weight > 0) {
5442
				struct node_host	*n;
5443
				for (n = yyvsp[-1].v.host; n != NULL; n = n->next)
5444
					n->weight = yyvsp[0].v.weight;
5445
			}
5446
			yyval.v.host = yyvsp[-1].v.host;
5447
		}
5448
break;
5449
case 96:
5450
#line 1291 "parse.y"
5451
{ yyval.v.host = yyvsp[-1].v.host; }
5452
break;
5453
case 97:
5454
#line 1294 "parse.y"
5455
{ yyval.v.host = yyvsp[-1].v.host; }
5456
break;
5457
case 98:
5458
#line 1295 "parse.y"
5459
{
5460
			yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host;
5461
			yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail;
5462
			yyval.v.host = yyvsp[-3].v.host;
5463
		}
5464
break;
5465
case 99:
5466
#line 1302 "parse.y"
5467
{
5468
			if (yyvsp[-1].v.interface == NULL && yyvsp[0].v.queue_opts.parent == NULL) {
5469
				yyerror("root queue without interface");
5470
				YYERROR;
5471
			}
5472
			expand_queue(yyvsp[-2].v.string, yyvsp[-1].v.interface, &yyvsp[0].v.queue_opts);
5473
		}
5474
break;
5475
case 100:
5476
#line 1311 "parse.y"
5477
{
5478
			bzero(&queue_opts, sizeof queue_opts);
5479
		}
5480
break;
5481
case 101:
5482
#line 1315 "parse.y"
5483
{ yyval.v.queue_opts = queue_opts; }
5484
break;
5485
case 104:
5486
#line 1322 "parse.y"
5487
{
5488
			if (queue_opts.marker & QOM_BWSPEC) {
5489
				yyerror("bandwidth cannot be respecified");
5490
				YYERROR;
5491
			}
5492
			queue_opts.marker |= QOM_BWSPEC;
5493
			queue_opts.linkshare = yyvsp[-1].v.sc;
5494
			queue_opts.realtime= yyvsp[0].v.queue_opts.realtime;
5495
			queue_opts.upperlimit = yyvsp[0].v.queue_opts.upperlimit;
5496
		}
5497
break;
5498
case 105:
5499
#line 1332 "parse.y"
5500
{
5501
			if (queue_opts.marker & QOM_PARENT) {
5502
				yyerror("parent cannot be respecified");
5503
				YYERROR;
5504
			}
5505
			queue_opts.marker |= QOM_PARENT;
5506
			queue_opts.parent = yyvsp[0].v.string;
5507
		}
5508
break;
5509
case 106:
5510
#line 1340 "parse.y"
5511
{
5512
			if (queue_opts.marker & QOM_DEFAULT) {
5513
				yyerror("default cannot be respecified");
5514
				YYERROR;
5515
			}
5516
			queue_opts.marker |= QOM_DEFAULT;
5517
			queue_opts.flags |= PFQS_DEFAULT;
5518
		}
5519
break;
5520
case 107:
5521
#line 1348 "parse.y"
5522
{
5523
			if (queue_opts.marker & QOM_QLIMIT) {
5524
				yyerror("qlimit cannot be respecified");
5525
				YYERROR;
5526
			}
5527
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) {
5528
				yyerror("qlimit out of range: max 65535");
5529
				YYERROR;
5530
			}
5531
			queue_opts.marker |= QOM_QLIMIT;
5532
			queue_opts.qlimit = yyvsp[0].v.number;
5533
		}
5534
break;
5535
case 108:
5536
#line 1360 "parse.y"
5537
{
5538
			if (queue_opts.marker & QOM_FLOWS) {
5539
				yyerror("number of flows cannot be respecified");
5540
				YYERROR;
5541
			}
5542
			if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 32767) {
5543
				yyerror("number of flows out of range: "
5544
				    "max 32767");
5545
				YYERROR;
5546
			}
5547
			queue_opts.marker |= QOM_FLOWS;
5548
			queue_opts.flags |= PFQS_FLOWQUEUE;
5549
			queue_opts.flowqueue.flows = yyvsp[0].v.number;
5550
		}
5551
break;
5552
case 109:
5553
#line 1374 "parse.y"
5554
{
5555
			if (queue_opts.marker & QOM_QUANTUM) {
5556
				yyerror("quantum cannot be respecified");
5557
				YYERROR;
5558
			}
5559
			if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 65535) {
5560
				yyerror("quantum out of range: max 65535");
5561
				YYERROR;
5562
			}
5563
			queue_opts.marker |= QOM_QUANTUM;
5564
			queue_opts.flowqueue.quantum = yyvsp[0].v.number;
5565
		}
5566
break;
5567
case 110:
5568
#line 1388 "parse.y"
5569
{
5570
5571
		}
5572
break;
5573
case 111:
5574
#line 1391 "parse.y"
5575
{
5576
			yyval.v.queue_opts.realtime = yyvsp[0].v.sc;
5577
		}
5578
break;
5579
case 112:
5580
#line 1394 "parse.y"
5581
{
5582
			yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc;
5583
		}
5584
break;
5585
case 113:
5586
#line 1397 "parse.y"
5587
{
5588
			yyval.v.queue_opts.realtime = yyvsp[-3].v.sc;
5589
			yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc;
5590
		}
5591
break;
5592
case 114:
5593
#line 1401 "parse.y"
5594
{
5595
			yyval.v.queue_opts.realtime = yyvsp[0].v.sc;
5596
			yyval.v.queue_opts.upperlimit = yyvsp[-3].v.sc;
5597
		}
5598
break;
5599
case 115:
5600
#line 1407 "parse.y"
5601
{
5602
			yyval.v.sc.m2 = yyvsp[0].v.queue_bwspec;
5603
			yyval.v.sc.d = 0;
5604
			if (yyval.v.sc.m2.bw_percent) {
5605
				yyerror("no bandwidth in %% yet");
5606
				YYERROR;
5607
			}
5608
		}
5609
break;
5610
case 116:
5611
#line 1415 "parse.y"
5612
{
5613
			u_long	 ul;
5614
			char	*cp;
5615
5616
			ul = strtoul(yyvsp[0].v.string, &cp, 10);
5617
			if (cp == NULL || strcmp(cp, "ms")) {
5618
				yyerror("time in scspec must be in ms");
5619
				YYERROR;
5620
			}
5621
5622
			yyval.v.sc.m1 = yyvsp[-2].v.queue_bwspec;
5623
			yyval.v.sc.d = ul;
5624
			yyval.v.sc.m2 = yyvsp[-4].v.queue_bwspec;
5625
5626
			if (yyval.v.sc.m1.bw_percent || yyval.v.sc.m2.bw_percent) {
5627
				yyerror("no bandwidth in %% yet");
5628
				YYERROR;
5629
			}
5630
		}
5631
break;
5632
case 117:
5633
#line 1436 "parse.y"
5634
{
5635
			double	 bps;
5636
			char	*cp;
5637
5638
			yyval.v.queue_bwspec.bw_percent = 0;
5639
5640
			bps = strtod(yyvsp[0].v.string, &cp);
5641
			if (cp != NULL) {
5642
				if (strlen(cp) > 1) {
5643
					char *cu = cp + 1;
5644
					if (!strcmp(cu, "Bit") ||
5645
					    !strcmp(cu, "B") ||
5646
					    !strcmp(cu, "bit") ||
5647
					    !strcmp(cu, "b")) {
5648
						*cu = 0;
5649
					}
5650
				}
5651
				if (!strcmp(cp, "b"))
5652
					; /* nothing */
5653
				else if (!strcmp(cp, "K"))
5654
					bps *= 1000;
5655
				else if (!strcmp(cp, "M"))
5656
					bps *= 1000 * 1000;
5657
				else if (!strcmp(cp, "G"))
5658
					bps *= 1000 * 1000 * 1000;
5659
				else if (!strcmp(cp, "%")) {
5660
					if (bps < 0 || bps > 100) {
5661
						yyerror("bandwidth spec "
5662
						    "out of range");
5663
						free(yyvsp[0].v.string);
5664
						YYERROR;
5665
					}
5666
					yyval.v.queue_bwspec.bw_percent = bps;
5667
					bps = 0;
5668
				} else {
5669
					yyerror("unknown unit \"%s\"", cp);
5670
					free(yyvsp[0].v.string);
5671
					YYERROR;
5672
				}
5673
			}
5674
			free(yyvsp[0].v.string);
5675
			yyval.v.queue_bwspec.bw_absolute = (u_int32_t)bps;
5676
		}
5677
break;
5678
case 118:
5679
#line 1479 "parse.y"
5680
{
5681
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
5682
				yyerror("bandwidth number too big");
5683
				YYERROR;
5684
			}
5685
			yyval.v.queue_bwspec.bw_percent = 0;
5686
			yyval.v.queue_bwspec.bw_absolute = yyvsp[0].v.number;
5687
		}
5688
break;
5689
case 119:
5690
#line 1491 "parse.y"
5691
{
5692
			struct pf_rule		 r;
5693
			struct node_state_opt	*o;
5694
			struct node_proto	*proto;
5695
			int			 srctrack = 0;
5696
			int			 statelock = 0;
5697
			int			 adaptive = 0;
5698
			int			 defaults = 0;
5699
5700
			memset(&r, 0, sizeof(r));
5701
			r.action = yyvsp[-7].v.b.b1;
5702
			switch (yyvsp[-7].v.b.b2) {
5703
			case PFRULE_RETURNRST:
5704
				r.rule_flag |= PFRULE_RETURNRST;
5705
				r.return_ttl = yyvsp[-7].v.b.w;
5706
				break;
5707
			case PFRULE_RETURNICMP:
5708
				r.rule_flag |= PFRULE_RETURNICMP;
5709
				r.return_icmp = yyvsp[-7].v.b.w;
5710
				r.return_icmp6 = yyvsp[-7].v.b.w2;
5711
				break;
5712
			case PFRULE_RETURN:
5713
				r.rule_flag |= PFRULE_RETURN;
5714
				r.return_icmp = yyvsp[-7].v.b.w;
5715
				r.return_icmp6 = yyvsp[-7].v.b.w2;
5716
				break;
5717
			}
5718
			r.direction = yyvsp[-6].v.i;
5719
			r.log = yyvsp[-5].v.logquick.log;
5720
			r.logif = yyvsp[-5].v.logquick.logif;
5721
			r.quick = yyvsp[-5].v.logquick.quick;
5722
			r.prob = yyvsp[0].v.filter_opts.prob;
5723
			r.rtableid = yyvsp[0].v.filter_opts.rtableid;
5724
5725
			if (yyvsp[0].v.filter_opts.nodf)
5726
				r.scrub_flags |= PFSTATE_NODF;
5727
			if (yyvsp[0].v.filter_opts.randomid)
5728
				r.scrub_flags |= PFSTATE_RANDOMID;
5729
			if (yyvsp[0].v.filter_opts.minttl)
5730
				r.min_ttl = yyvsp[0].v.filter_opts.minttl;
5731
			if (yyvsp[0].v.filter_opts.max_mss)
5732
				r.max_mss = yyvsp[0].v.filter_opts.max_mss;
5733
			if (yyvsp[0].v.filter_opts.marker & FOM_SETTOS) {
5734
				r.scrub_flags |= PFSTATE_SETTOS;
5735
				r.set_tos = yyvsp[0].v.filter_opts.settos;
5736
			}
5737
			if (yyvsp[0].v.filter_opts.marker & FOM_SCRUB_TCP)
5738
				r.scrub_flags |= PFSTATE_SCRUB_TCP;
5739
			if (yyvsp[0].v.filter_opts.marker & FOM_PRIO) {
5740
				if (yyvsp[0].v.filter_opts.prio == 0)
5741
					r.prio = PF_PRIO_ZERO;
5742
				else
5743
					r.prio = yyvsp[0].v.filter_opts.prio;
5744
			}
5745
			if (yyvsp[0].v.filter_opts.marker & FOM_SETPRIO) {
5746
				r.set_prio[0] = yyvsp[0].v.filter_opts.set_prio[0];
5747
				r.set_prio[1] = yyvsp[0].v.filter_opts.set_prio[1];
5748
				r.scrub_flags |= PFSTATE_SETPRIO;
5749
			}
5750
			if (yyvsp[0].v.filter_opts.marker & FOM_ONCE) {
5751
				if (r.action == PF_MATCH) {
5752
					yyerror("can't specify once for "
5753
					    "match rules");
5754
					YYERROR;
5755
				}
5756
				r.rule_flag |= PFRULE_ONCE;
5757
			}
5758
			if (yyvsp[0].v.filter_opts.marker & FOM_AFTO)
5759
				r.rule_flag |= PFRULE_AFTO;
5760
			if ((yyvsp[0].v.filter_opts.marker & FOM_AFTO) && r.direction != PF_IN) {
5761
				yyerror("af-to can only be used with direction in");
5762
				YYERROR;
5763
			}
5764
			if ((yyvsp[0].v.filter_opts.marker & FOM_AFTO) && yyvsp[0].v.filter_opts.route.rt) {
5765
				yyerror("af-to cannot be used together with "
5766
				    "route-to, reply-to, dup-to");
5767
				YYERROR;
5768
			}
5769
			r.af = yyvsp[-3].v.i;
5770
5771
			if (yyvsp[0].v.filter_opts.tag)
5772
				if (strlcpy(r.tagname, yyvsp[0].v.filter_opts.tag,
5773
				    PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) {
5774
					yyerror("tag too long, max %u chars",
5775
					    PF_TAG_NAME_SIZE - 1);
5776
					YYERROR;
5777
				}
5778
			if (yyvsp[0].v.filter_opts.match_tag)
5779
				if (strlcpy(r.match_tagname, yyvsp[0].v.filter_opts.match_tag,
5780
				    PF_TAG_NAME_SIZE) >= PF_TAG_NAME_SIZE) {
5781
					yyerror("tag too long, max %u chars",
5782
					    PF_TAG_NAME_SIZE - 1);
5783
					YYERROR;
5784
				}
5785
			r.match_tag_not = yyvsp[0].v.filter_opts.match_tag_not;
5786
			if (rule_label(&r, yyvsp[0].v.filter_opts.label))
5787
				YYERROR;
5788
			free(yyvsp[0].v.filter_opts.label);
5789
			r.flags = yyvsp[0].v.filter_opts.flags.b1;
5790
			r.flagset = yyvsp[0].v.filter_opts.flags.b2;
5791
			if ((yyvsp[0].v.filter_opts.flags.b1 & yyvsp[0].v.filter_opts.flags.b2) != yyvsp[0].v.filter_opts.flags.b1) {
5792
				yyerror("flags always false");
5793
				YYERROR;
5794
			}
5795
			if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2 || yyvsp[-1].v.fromto.src_os) {
5796
				for (proto = yyvsp[-2].v.proto; proto != NULL &&
5797
				    proto->proto != IPPROTO_TCP;
5798
				    proto = proto->next)
5799
					;	/* nothing */
5800
				if (proto == NULL && yyvsp[-2].v.proto != NULL) {
5801
					if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2)
5802
						yyerror(
5803
						    "flags only apply to tcp");
5804
					if (yyvsp[-1].v.fromto.src_os)
5805
						yyerror(
5806
						    "OS fingerprinting only "
5807
						    "apply to tcp");
5808
					YYERROR;
5809
				}
5810
#if 0
5811
				if ((yyvsp[0].v.filter_opts.flags.b1 & parse_flags("S")) == 0 &&
5812
				    yyvsp[-1].v.fromto.src_os) {
5813
					yyerror("OS fingerprinting requires "
5814
					    "the SYN TCP flag (flags S/SA)");
5815
					YYERROR;
5816
				}
5817
#endif
5818
			}
5819
5820
			r.tos = yyvsp[0].v.filter_opts.tos;
5821
			r.keep_state = yyvsp[0].v.filter_opts.keep.action;
5822
			o = yyvsp[0].v.filter_opts.keep.options;
5823
5824
			/* 'keep state' by default on pass rules. */
5825
			if (!r.keep_state && !r.action &&
5826
			    !(yyvsp[0].v.filter_opts.marker & FOM_KEEP)) {
5827
				r.keep_state = PF_STATE_NORMAL;
5828
				o = keep_state_defaults;
5829
				defaults = 1;
5830
			}
5831
5832
			while (o) {
5833
				struct node_state_opt	*p = o;
5834
5835
				switch (o->type) {
5836
				case PF_STATE_OPT_MAX:
5837
					if (r.max_states) {
5838
						yyerror("state option 'max' "
5839
						    "multiple definitions");
5840
						YYERROR;
5841
					}
5842
					r.max_states = o->data.max_states;
5843
					break;
5844
				case PF_STATE_OPT_NOSYNC:
5845
					if (r.rule_flag & PFRULE_NOSYNC) {
5846
						yyerror("state option 'sync' "
5847
						    "multiple definitions");
5848
						YYERROR;
5849
					}
5850
					r.rule_flag |= PFRULE_NOSYNC;
5851
					break;
5852
				case PF_STATE_OPT_SRCTRACK:
5853
					if (srctrack) {
5854
						yyerror("state option "
5855
						    "'source-track' "
5856
						    "multiple definitions");
5857
						YYERROR;
5858
					}
5859
					srctrack =  o->data.src_track;
5860
					r.rule_flag |= PFRULE_SRCTRACK;
5861
					break;
5862
				case PF_STATE_OPT_MAX_SRC_STATES:
5863
					if (r.max_src_states) {
5864
						yyerror("state option "
5865
						    "'max-src-states' "
5866
						    "multiple definitions");
5867
						YYERROR;
5868
					}
5869
					if (o->data.max_src_states == 0) {
5870
						yyerror("'max-src-states' must "
5871
						    "be > 0");
5872
						YYERROR;
5873
					}
5874
					r.max_src_states =
5875
					    o->data.max_src_states;
5876
					r.rule_flag |= PFRULE_SRCTRACK;
5877
					break;
5878
				case PF_STATE_OPT_OVERLOAD:
5879
					if (r.overload_tblname[0]) {
5880
						yyerror("multiple 'overload' "
5881
						    "table definitions");
5882
						YYERROR;
5883
					}
5884
					if (strlcpy(r.overload_tblname,
5885
					    o->data.overload.tblname,
5886
					    PF_TABLE_NAME_SIZE) >=
5887
					    PF_TABLE_NAME_SIZE) {
5888
						yyerror("state option: "
5889
						    "strlcpy");
5890
						YYERROR;
5891
					}
5892
					r.flush = o->data.overload.flush;
5893
					break;
5894
				case PF_STATE_OPT_MAX_SRC_CONN:
5895
					if (r.max_src_conn) {
5896
						yyerror("state option "
5897
						    "'max-src-conn' "
5898
						    "multiple definitions");
5899
						YYERROR;
5900
					}
5901
					if (o->data.max_src_conn == 0) {
5902
						yyerror("'max-src-conn' "
5903
						    "must be > 0");
5904
						YYERROR;
5905
					}
5906
					r.max_src_conn =
5907
					    o->data.max_src_conn;
5908
					r.rule_flag |= PFRULE_SRCTRACK |
5909
					    PFRULE_RULESRCTRACK;
5910
					break;
5911
				case PF_STATE_OPT_MAX_SRC_CONN_RATE:
5912
					if (r.max_src_conn_rate.limit) {
5913
						yyerror("state option "
5914
						    "'max-src-conn-rate' "
5915
						    "multiple definitions");
5916
						YYERROR;
5917
					}
5918
					if (!o->data.max_src_conn_rate.limit ||
5919
					    !o->data.max_src_conn_rate.seconds) {
5920
						yyerror("'max-src-conn-rate' "
5921
						    "values must be > 0");
5922
						YYERROR;
5923
					}
5924
					if (o->data.max_src_conn_rate.limit >
5925
					    PF_THRESHOLD_MAX) {
5926
						yyerror("'max-src-conn-rate' "
5927
						    "maximum rate must be < %u",
5928
						    PF_THRESHOLD_MAX);
5929
						YYERROR;
5930
					}
5931
					r.max_src_conn_rate.limit =
5932
					    o->data.max_src_conn_rate.limit;
5933
					r.max_src_conn_rate.seconds =
5934
					    o->data.max_src_conn_rate.seconds;
5935
					r.rule_flag |= PFRULE_SRCTRACK |
5936
					    PFRULE_RULESRCTRACK;
5937
					break;
5938
				case PF_STATE_OPT_MAX_SRC_NODES:
5939
					if (r.max_src_nodes) {
5940
						yyerror("state option "
5941
						    "'max-src-nodes' "
5942
						    "multiple definitions");
5943
						YYERROR;
5944
					}
5945
					if (o->data.max_src_nodes == 0) {
5946
						yyerror("'max-src-nodes' must "
5947
						    "be > 0");
5948
						YYERROR;
5949
					}
5950
					r.max_src_nodes =
5951
					    o->data.max_src_nodes;
5952
					r.rule_flag |= PFRULE_SRCTRACK |
5953
					    PFRULE_RULESRCTRACK;
5954
					break;
5955
				case PF_STATE_OPT_STATELOCK:
5956
					if (statelock) {
5957
						yyerror("state locking option: "
5958
						    "multiple definitions");
5959
						YYERROR;
5960
					}
5961
					statelock = 1;
5962
					r.rule_flag |= o->data.statelock;
5963
					break;
5964
				case PF_STATE_OPT_SLOPPY:
5965
					if (r.rule_flag & PFRULE_STATESLOPPY) {
5966
						yyerror("state sloppy option: "
5967
						    "multiple definitions");
5968
						YYERROR;
5969
					}
5970
					r.rule_flag |= PFRULE_STATESLOPPY;
5971
					break;
5972
				case PF_STATE_OPT_PFLOW:
5973
					if (r.rule_flag & PFRULE_PFLOW) {
5974
						yyerror("state pflow "
5975
						    "option: multiple "
5976
						    "definitions");
5977
						YYERROR;
5978
					}
5979
					r.rule_flag |= PFRULE_PFLOW;
5980
					break;
5981
				case PF_STATE_OPT_TIMEOUT:
5982
					if (o->data.timeout.number ==
5983
					    PFTM_ADAPTIVE_START ||
5984
					    o->data.timeout.number ==
5985
					    PFTM_ADAPTIVE_END)
5986
						adaptive = 1;
5987
					if (r.timeout[o->data.timeout.number]) {
5988
						yyerror("state timeout %s "
5989
						    "multiple definitions",
5990
						    pf_timeouts[o->data.
5991
						    timeout.number].name);
5992
						YYERROR;
5993
					}
5994
					r.timeout[o->data.timeout.number] =
5995
					    o->data.timeout.seconds;
5996
				}
5997
				o = o->next;
5998
				if (!defaults)
5999
					free(p);
6000
			}
6001
6002
			/* 'flags S/SA' by default on stateful rules */
6003
			if (!r.action && !r.flags && !r.flagset &&
6004
			    !yyvsp[0].v.filter_opts.fragment && !(yyvsp[0].v.filter_opts.marker & FOM_FLAGS) &&
6005
			    r.keep_state) {
6006
				r.flags = parse_flags("S");
6007
				r.flagset =  parse_flags("SA");
6008
			}
6009
			if (!adaptive && r.max_states) {
6010
				r.timeout[PFTM_ADAPTIVE_START] =
6011
				    (r.max_states / 10) * 6;
6012
				r.timeout[PFTM_ADAPTIVE_END] =
6013
				    (r.max_states / 10) * 12;
6014
			}
6015
			if (r.rule_flag & PFRULE_SRCTRACK) {
6016
				if (srctrack == PF_SRCTRACK_GLOBAL &&
6017
				    r.max_src_nodes) {
6018
					yyerror("'max-src-nodes' is "
6019
					    "incompatible with "
6020
					    "'source-track global'");
6021
					YYERROR;
6022
				}
6023
				if (srctrack == PF_SRCTRACK_GLOBAL &&
6024
				    r.max_src_conn) {
6025
					yyerror("'max-src-conn' is "
6026
					    "incompatible with "
6027
					    "'source-track global'");
6028
					YYERROR;
6029
				}
6030
				if (srctrack == PF_SRCTRACK_GLOBAL &&
6031
				    r.max_src_conn_rate.seconds) {
6032
					yyerror("'max-src-conn-rate' is "
6033
					    "incompatible with "
6034
					    "'source-track global'");
6035
					YYERROR;
6036
				}
6037
				if (r.timeout[PFTM_SRC_NODE] <
6038
				    r.max_src_conn_rate.seconds)
6039
					r.timeout[PFTM_SRC_NODE] =
6040
					    r.max_src_conn_rate.seconds;
6041
				r.rule_flag |= PFRULE_SRCTRACK;
6042
				if (srctrack == PF_SRCTRACK_RULE)
6043
					r.rule_flag |= PFRULE_RULESRCTRACK;
6044
			}
6045
			if (r.keep_state && !statelock)
6046
				r.rule_flag |= default_statelock;
6047
6048
			if (yyvsp[0].v.filter_opts.fragment)
6049
				r.rule_flag |= PFRULE_FRAGMENT;
6050
			r.allow_opts = yyvsp[0].v.filter_opts.allowopts;
6051
6052
			decide_address_family(yyvsp[-1].v.fromto.src.host, &r.af);
6053
			decide_address_family(yyvsp[-1].v.fromto.dst.host, &r.af);
6054
6055
			if (yyvsp[0].v.filter_opts.route.rt) {
6056
				if (!r.direction) {
6057
					yyerror("direction must be explicit "
6058
					    "with rules that specify routing");
6059
					YYERROR;
6060
				}
6061
				r.rt = yyvsp[0].v.filter_opts.route.rt;
6062
				r.route.opts = yyvsp[0].v.filter_opts.route.pool_opts;
6063
				if (yyvsp[0].v.filter_opts.route.key != NULL)
6064
					memcpy(&r.route.key, yyvsp[0].v.filter_opts.route.key,
6065
					    sizeof(struct pf_poolhashkey));
6066
			}
6067
			if (r.rt) {
6068
				decide_address_family(yyvsp[0].v.filter_opts.route.host, &r.af);
6069
				if ((r.route.opts & PF_POOL_TYPEMASK) ==
6070
				    PF_POOL_NONE && (yyvsp[0].v.filter_opts.route.host->next != NULL ||
6071
				    yyvsp[0].v.filter_opts.route.host->addr.type == PF_ADDR_TABLE ||
6072
				    DYNIF_MULTIADDR(yyvsp[0].v.filter_opts.route.host->addr)))
6073
					r.route.opts |= PF_POOL_ROUNDROBIN;
6074
				if (yyvsp[0].v.filter_opts.route.host->next != NULL) {
6075
					if (!PF_POOL_DYNTYPE(r.route.opts)) {
6076
						yyerror("address pool option "
6077
						    "not supported by type");
6078
						YYERROR;
6079
					}
6080
				}
6081
				/* fake redirspec */
6082
				if ((yyvsp[0].v.filter_opts.rroute.rdr = calloc(1,
6083
				    sizeof(*yyvsp[0].v.filter_opts.rroute.rdr))) == NULL)
6084
					err(1, "$8.rroute.rdr");
6085
				yyvsp[0].v.filter_opts.rroute.rdr->host = yyvsp[0].v.filter_opts.route.host;
6086
			}
6087
			if (yyvsp[0].v.filter_opts.queues.qname != NULL) {
6088
				if (strlcpy(r.qname, yyvsp[0].v.filter_opts.queues.qname,
6089
				    sizeof(r.qname)) >= sizeof(r.qname)) {
6090
					yyerror("rule qname too long (max "
6091
					    "%d chars)", sizeof(r.qname)-1);
6092
					YYERROR;
6093
				}
6094
				free(yyvsp[0].v.filter_opts.queues.qname);
6095
			}
6096
			if (yyvsp[0].v.filter_opts.queues.pqname != NULL) {
6097
				if (strlcpy(r.pqname, yyvsp[0].v.filter_opts.queues.pqname,
6098
				    sizeof(r.pqname)) >= sizeof(r.pqname)) {
6099
					yyerror("rule pqname too long (max "
6100
					    "%d chars)", sizeof(r.pqname)-1);
6101
					YYERROR;
6102
				}
6103
				free(yyvsp[0].v.filter_opts.queues.pqname);
6104
			}
6105
			if (expand_divertspec(&r, &yyvsp[0].v.filter_opts.divert))
6106
				YYERROR;
6107
			r.divert_packet.port = yyvsp[0].v.filter_opts.divert_packet.port;
6108
6109
			expand_rule(&r, 0, yyvsp[-4].v.interface, &yyvsp[0].v.filter_opts.nat, &yyvsp[0].v.filter_opts.rdr, &yyvsp[0].v.filter_opts.rroute, yyvsp[-2].v.proto,
6110
			    yyvsp[-1].v.fromto.src_os,
6111
			    yyvsp[-1].v.fromto.src.host, yyvsp[-1].v.fromto.src.port, yyvsp[-1].v.fromto.dst.host, yyvsp[-1].v.fromto.dst.port,
6112
			    yyvsp[0].v.filter_opts.uid, yyvsp[0].v.filter_opts.gid, yyvsp[0].v.filter_opts.rcv, yyvsp[0].v.filter_opts.icmpspec, "");
6113
		}
6114
break;
6115
case 120:
6116
#line 1916 "parse.y"
6117
{
6118
				bzero(&filter_opts, sizeof filter_opts);
6119
				filter_opts.rtableid = -1;
6120
			}
6121
break;
6122
case 121:
6123
#line 1921 "parse.y"
6124
{ yyval.v.filter_opts = filter_opts; }
6125
break;
6126
case 122:
6127
#line 1922 "parse.y"
6128
{
6129
			bzero(&filter_opts, sizeof filter_opts);
6130
			filter_opts.rtableid = -1;
6131
			yyval.v.filter_opts = filter_opts;
6132
		}
6133
break;
6134
case 125:
6135
#line 1933 "parse.y"
6136
{
6137
			if (filter_opts.uid)
6138
				yyvsp[0].v.uid->tail->next = filter_opts.uid;
6139
			filter_opts.uid = yyvsp[0].v.uid;
6140
		}
6141
break;
6142
case 126:
6143
#line 1938 "parse.y"
6144
{
6145
			if (filter_opts.gid)
6146
				yyvsp[0].v.gid->tail->next = filter_opts.gid;
6147
			filter_opts.gid = yyvsp[0].v.gid;
6148
		}
6149
break;
6150
case 127:
6151
#line 1943 "parse.y"
6152
{
6153
			if (filter_opts.marker & FOM_FLAGS) {
6154
				yyerror("flags cannot be redefined");
6155
				YYERROR;
6156
			}
6157
			filter_opts.marker |= FOM_FLAGS;
6158
			filter_opts.flags.b1 |= yyvsp[0].v.b.b1;
6159
			filter_opts.flags.b2 |= yyvsp[0].v.b.b2;
6160
			filter_opts.flags.w |= yyvsp[0].v.b.w;
6161
			filter_opts.flags.w2 |= yyvsp[0].v.b.w2;
6162
		}
6163
break;
6164
case 128:
6165
#line 1954 "parse.y"
6166
{
6167
			if (filter_opts.marker & FOM_ICMP) {
6168
				yyerror("icmp-type cannot be redefined");
6169
				YYERROR;
6170
			}
6171
			filter_opts.marker |= FOM_ICMP;
6172
			filter_opts.icmpspec = yyvsp[0].v.icmp;
6173
		}
6174
break;
6175
case 129:
6176
#line 1962 "parse.y"
6177
{
6178
			if (filter_opts.marker & FOM_PRIO) {
6179
				yyerror("prio cannot be redefined");
6180
				YYERROR;
6181
			}
6182
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO) {
6183
				yyerror("prio must be 0 - %u", IFQ_MAXPRIO);
6184
				YYERROR;
6185
			}
6186
			filter_opts.marker |= FOM_PRIO;
6187
			filter_opts.prio = yyvsp[0].v.number;
6188
		}
6189
break;
6190
case 130:
6191
#line 1974 "parse.y"
6192
{
6193
			if (filter_opts.marker & FOM_TOS) {
6194
				yyerror("tos cannot be redefined");
6195
				YYERROR;
6196
			}
6197
			filter_opts.marker |= FOM_TOS;
6198
			filter_opts.tos = yyvsp[0].v.number;
6199
		}
6200
break;
6201
case 131:
6202
#line 1982 "parse.y"
6203
{
6204
			if (filter_opts.marker & FOM_KEEP) {
6205
				yyerror("modulate or keep cannot be redefined");
6206
				YYERROR;
6207
			}
6208
			filter_opts.marker |= FOM_KEEP;
6209
			filter_opts.keep.action = yyvsp[0].v.keep_state.action;
6210
			filter_opts.keep.options = yyvsp[0].v.keep_state.options;
6211
		}
6212
break;
6213
case 132:
6214
#line 1991 "parse.y"
6215
{
6216
			filter_opts.fragment = 1;
6217
		}
6218
break;
6219
case 133:
6220
#line 1994 "parse.y"
6221
{
6222
			filter_opts.allowopts = 1;
6223
		}
6224
break;
6225
case 134:
6226
#line 1997 "parse.y"
6227
{
6228
			if (filter_opts.label) {
6229
				yyerror("label cannot be redefined");
6230
				YYERROR;
6231
			}
6232
			filter_opts.label = yyvsp[0].v.string;
6233
		}
6234
break;
6235
case 135:
6236
#line 2004 "parse.y"
6237
{
6238
			if (filter_opts.queues.qname) {
6239
				yyerror("queue cannot be redefined");
6240
				YYERROR;
6241
			}
6242
			filter_opts.queues = yyvsp[0].v.qassign;
6243
		}
6244
break;
6245
case 136:
6246
#line 2011 "parse.y"
6247
{
6248
			filter_opts.tag = yyvsp[0].v.string;
6249
		}
6250
break;
6251
case 137:
6252
#line 2014 "parse.y"
6253
{
6254
			filter_opts.match_tag = yyvsp[0].v.string;
6255
			filter_opts.match_tag_not = yyvsp[-2].v.number;
6256
		}
6257
break;
6258
case 138:
6259
#line 2018 "parse.y"
6260
{
6261
			double	p;
6262
6263
			p = floor(yyvsp[0].v.probability * UINT_MAX + 0.5);
6264
			if (p < 0.0 || p > UINT_MAX) {
6265
				yyerror("invalid probability: %g%%", yyvsp[0].v.probability * 100);
6266
				YYERROR;
6267
			}
6268
			filter_opts.prob = (u_int32_t)p;
6269
			if (filter_opts.prob == 0)
6270
				filter_opts.prob = 1;
6271
		}
6272
break;
6273
case 139:
6274
#line 2030 "parse.y"
6275
{
6276
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) {
6277
				yyerror("invalid rtable id");
6278
				YYERROR;
6279
			}
6280
			filter_opts.rtableid = yyvsp[0].v.number;
6281
		}
6282
break;
6283
case 140:
6284
#line 2037 "parse.y"
6285
{
6286
			if ((filter_opts.divert.addr = host(yyvsp[-2].v.string, pf->opts)) == NULL) {
6287
				yyerror("could not parse divert address: %s",
6288
				    yyvsp[-2].v.string);
6289
				free(yyvsp[-2].v.string);
6290
				YYERROR;
6291
			}
6292
			free(yyvsp[-2].v.string);
6293
			filter_opts.divert.port = yyvsp[0].v.range.a;
6294
			if (!filter_opts.divert.port) {
6295
				yyerror("invalid divert port: %u", ntohs(yyvsp[0].v.range.a));
6296
				YYERROR;
6297
			}
6298
		}
6299
break;
6300
case 141:
6301
#line 2051 "parse.y"
6302
{
6303
			filter_opts.divert.port = 1;	/* some random value */
6304
		}
6305
break;
6306
case 142:
6307
#line 2054 "parse.y"
6308
{
6309
			/*
6310
			 * If IP reassembly was not turned off, also
6311
			 * forcibly enable TCP reassembly by default.
6312
			 */
6313
			if (pf->reassemble & PF_REASS_ENABLED)
6314
				filter_opts.marker |= FOM_SCRUB_TCP;
6315
6316
			if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 65535) {
6317
				yyerror("invalid divert port");
6318
				YYERROR;
6319
			}
6320
6321
			filter_opts.divert_packet.port = htons(yyvsp[0].v.number);
6322
		}
6323
break;
6324
case 143:
6325
#line 2069 "parse.y"
6326
{
6327
			filter_opts.nodf = yyvsp[-1].v.scrub_opts.nodf;
6328
			filter_opts.minttl = yyvsp[-1].v.scrub_opts.minttl;
6329
			filter_opts.randomid = yyvsp[-1].v.scrub_opts.randomid;
6330
			filter_opts.max_mss = yyvsp[-1].v.scrub_opts.maxmss;
6331
			if (yyvsp[-1].v.scrub_opts.reassemble_tcp)
6332
				filter_opts.marker |= FOM_SCRUB_TCP;
6333
			filter_opts.marker |= yyvsp[-1].v.scrub_opts.marker;
6334
		}
6335
break;
6336
case 144:
6337
#line 2078 "parse.y"
6338
{
6339
			if (filter_opts.nat.rdr) {
6340
				yyerror("cannot respecify nat-to/binat-to");
6341
				YYERROR;
6342
			}
6343
			filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6344
			memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6345
			    sizeof(filter_opts.nat.pool_opts));
6346
		}
6347
break;
6348
case 145:
6349
#line 2087 "parse.y"
6350
{
6351
			if (filter_opts.nat.rdr) {
6352
				yyerror("cannot respecify af-to");
6353
				YYERROR;
6354
			}
6355
			if (yyvsp[-3].v.i == 0) {
6356
				yyerror("no target address family specified");
6357
				YYERROR;
6358
			}
6359
			filter_opts.nat.af = yyvsp[-3].v.i;
6360
			filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6361
			memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6362
			    sizeof(filter_opts.nat.pool_opts));
6363
			filter_opts.rdr.rdr =
6364
			    calloc(1, sizeof(struct redirection));
6365
			bzero(&filter_opts.rdr.pool_opts,
6366
			    sizeof(filter_opts.rdr.pool_opts));
6367
			filter_opts.marker |= FOM_AFTO;
6368
		}
6369
break;
6370
case 146:
6371
#line 2106 "parse.y"
6372
{
6373
			if (filter_opts.nat.rdr) {
6374
				yyerror("cannot respecify af-to");
6375
				YYERROR;
6376
			}
6377
			if (yyvsp[-6].v.i == 0) {
6378
				yyerror("no address family specified");
6379
				YYERROR;
6380
			}
6381
			if ((yyvsp[-4].v.redirection->host->af && yyvsp[-4].v.redirection->host->af != yyvsp[-6].v.i) ||
6382
			    (yyvsp[-1].v.redirection->host->af && yyvsp[-1].v.redirection->host->af != yyvsp[-6].v.i)) {
6383
				yyerror("af-to addresses must be in the "
6384
				    "target address family");
6385
				YYERROR;
6386
			}
6387
			filter_opts.nat.af = yyvsp[-6].v.i;
6388
			filter_opts.nat.rdr = yyvsp[-4].v.redirection;
6389
			memcpy(&filter_opts.nat.pool_opts, &yyvsp[-3].v.pool_opts,
6390
			    sizeof(filter_opts.nat.pool_opts));
6391
			filter_opts.rdr.af = yyvsp[-6].v.i;
6392
			filter_opts.rdr.rdr = yyvsp[-1].v.redirection;
6393
			memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6394
			    sizeof(filter_opts.nat.pool_opts));
6395
			filter_opts.marker |= FOM_AFTO;
6396
		}
6397
break;
6398
case 147:
6399
#line 2131 "parse.y"
6400
{
6401
			if (filter_opts.rdr.rdr) {
6402
				yyerror("cannot respecify rdr-to");
6403
				YYERROR;
6404
			}
6405
			filter_opts.rdr.rdr = yyvsp[-1].v.redirection;
6406
			memcpy(&filter_opts.rdr.pool_opts, &yyvsp[0].v.pool_opts,
6407
			    sizeof(filter_opts.rdr.pool_opts));
6408
		}
6409
break;
6410
case 148:
6411
#line 2140 "parse.y"
6412
{
6413
			if (filter_opts.nat.rdr) {
6414
				yyerror("cannot respecify nat-to/binat-to");
6415
				YYERROR;
6416
			}
6417
			filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6418
			filter_opts.nat.binat = 1;
6419
			memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6420
			    sizeof(filter_opts.nat.pool_opts));
6421
			filter_opts.nat.pool_opts.staticport = 1;
6422
		}
6423
break;
6424
case 149:
6425
#line 2151 "parse.y"
6426
{
6427
			filter_opts.route.host = yyvsp[-1].v.host;
6428
			filter_opts.route.rt = PF_ROUTETO;
6429
			filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts;
6430
			memcpy(&filter_opts.rroute.pool_opts, &yyvsp[0].v.pool_opts,
6431
			    sizeof(filter_opts.rroute.pool_opts));
6432
			if (yyvsp[0].v.pool_opts.key != NULL)
6433
				filter_opts.route.key = yyvsp[0].v.pool_opts.key;
6434
		}
6435
break;
6436
case 150:
6437
#line 2160 "parse.y"
6438
{
6439
			filter_opts.route.host = yyvsp[-1].v.host;
6440
			filter_opts.route.rt = PF_REPLYTO;
6441
			filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts;
6442
			if (yyvsp[0].v.pool_opts.key != NULL)
6443
				filter_opts.route.key = yyvsp[0].v.pool_opts.key;
6444
		}
6445
break;
6446
case 151:
6447
#line 2167 "parse.y"
6448
{
6449
			filter_opts.route.host = yyvsp[-1].v.host;
6450
			filter_opts.route.rt = PF_DUPTO;
6451
			filter_opts.route.pool_opts = yyvsp[0].v.pool_opts.type | yyvsp[0].v.pool_opts.opts;
6452
			memcpy(&filter_opts.rroute.pool_opts, &yyvsp[0].v.pool_opts,
6453
			    sizeof(filter_opts.rroute.pool_opts));
6454
			if (yyvsp[0].v.pool_opts.key != NULL)
6455
				filter_opts.route.key = yyvsp[0].v.pool_opts.key;
6456
		}
6457
break;
6458
case 152:
6459
#line 2176 "parse.y"
6460
{
6461
			if (filter_opts.rcv) {
6462
				yyerror("cannot respecify received-on");
6463
				YYERROR;
6464
			}
6465
			filter_opts.rcv = yyvsp[0].v.interface;
6466
			filter_opts.rcv->not = yyvsp[-2].v.number;
6467
		}
6468
break;
6469
case 153:
6470
#line 2184 "parse.y"
6471
{
6472
			filter_opts.marker |= FOM_ONCE;
6473
		}
6474
break;
6475
case 155:
6476
#line 2190 "parse.y"
6477
{ yyval.v.filter_opts = filter_opts; }
6478
break;
6479
case 156:
6480
#line 2191 "parse.y"
6481
{ yyval.v.filter_opts = filter_opts; }
6482
break;
6483
case 159:
6484
#line 2198 "parse.y"
6485
{
6486
			if (filter_opts.marker & FOM_SETPRIO) {
6487
				yyerror("prio cannot be redefined");
6488
				YYERROR;
6489
			}
6490
			filter_opts.marker |= FOM_SETPRIO;
6491
			filter_opts.set_prio[0] = yyvsp[0].v.b.b1;
6492
			filter_opts.set_prio[1] = yyvsp[0].v.b.b2;
6493
		}
6494
break;
6495
case 160:
6496
#line 2207 "parse.y"
6497
{
6498
			if (filter_opts.queues.qname) {
6499
				yyerror("queue cannot be redefined");
6500
				YYERROR;
6501
			}
6502
			filter_opts.queues = yyvsp[0].v.qassign;
6503
		}
6504
break;
6505
case 161:
6506
#line 2214 "parse.y"
6507
{
6508
			if (filter_opts.marker & FOM_SETTOS) {
6509
				yyerror("tos cannot be respecified");
6510
				YYERROR;
6511
			}
6512
			filter_opts.marker |= FOM_SETTOS;
6513
			filter_opts.settos = yyvsp[0].v.number;
6514
		}
6515
break;
6516
case 162:
6517
#line 2224 "parse.y"
6518
{
6519
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO) {
6520
				yyerror("prio must be 0 - %u", IFQ_MAXPRIO);
6521
				YYERROR;
6522
			}
6523
			yyval.v.b.b1 = yyval.v.b.b2 = yyvsp[0].v.number;
6524
		}
6525
break;
6526
case 163:
6527
#line 2231 "parse.y"
6528
{
6529
			if (yyvsp[-3].v.number < 0 || yyvsp[-3].v.number > IFQ_MAXPRIO ||
6530
			    yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > IFQ_MAXPRIO) {
6531
				yyerror("prio must be 0 - %u", IFQ_MAXPRIO);
6532
				YYERROR;
6533
			}
6534
			yyval.v.b.b1 = yyvsp[-3].v.number;
6535
			yyval.v.b.b2 = yyvsp[-1].v.number;
6536
		}
6537
break;
6538
case 164:
6539
#line 2242 "parse.y"
6540
{
6541
			char	*e;
6542
			double	 p = strtod(yyvsp[0].v.string, &e);
6543
6544
			if (*e == '%') {
6545
				p *= 0.01;
6546
				e++;
6547
			}
6548
			if (*e) {
6549
				yyerror("invalid probability: %s", yyvsp[0].v.string);
6550
				free(yyvsp[0].v.string);
6551
				YYERROR;
6552
			}
6553
			free(yyvsp[0].v.string);
6554
			yyval.v.probability = p;
6555
		}
6556
break;
6557
case 165:
6558
#line 2258 "parse.y"
6559
{
6560
			yyval.v.probability = (double)yyvsp[0].v.number;
6561
		}
6562
break;
6563
case 166:
6564
#line 2264 "parse.y"
6565
{ yyval.v.b.b1 = PF_PASS; yyval.v.b.b2 = yyval.v.b.w = 0; }
6566
break;
6567
case 167:
6568
#line 2265 "parse.y"
6569
{ yyval.v.b.b1 = PF_MATCH; yyval.v.b.b2 = yyval.v.b.w = 0; }
6570
break;
6571
case 168:
6572
#line 2266 "parse.y"
6573
{ yyval.v.b = yyvsp[0].v.b; yyval.v.b.b1 = PF_DROP; }
6574
break;
6575
case 169:
6576
#line 2269 "parse.y"
6577
{
6578
			yyval.v.b.b2 = blockpolicy;
6579
			yyval.v.b.w = returnicmpdefault;
6580
			yyval.v.b.w2 = returnicmp6default;
6581
		}
6582
break;
6583
case 170:
6584
#line 2274 "parse.y"
6585
{
6586
			yyval.v.b.b2 = PFRULE_DROP;
6587
			yyval.v.b.w = 0;
6588
			yyval.v.b.w2 = 0;
6589
		}
6590
break;
6591
case 171:
6592
#line 2279 "parse.y"
6593
{
6594
			yyval.v.b.b2 = PFRULE_RETURNRST;
6595
			yyval.v.b.w = 0;
6596
			yyval.v.b.w2 = 0;
6597
		}
6598
break;
6599
case 172:
6600
#line 2284 "parse.y"
6601
{
6602
			if (yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > 255) {
6603
				yyerror("illegal ttl value %d", yyvsp[-1].v.number);
6604
				YYERROR;
6605
			}
6606
			yyval.v.b.b2 = PFRULE_RETURNRST;
6607
			yyval.v.b.w = yyvsp[-1].v.number;
6608
			yyval.v.b.w2 = 0;
6609
		}
6610
break;
6611
case 173:
6612
#line 2293 "parse.y"
6613
{
6614
			yyval.v.b.b2 = PFRULE_RETURNICMP;
6615
			yyval.v.b.w = returnicmpdefault;
6616
			yyval.v.b.w2 = returnicmp6default;
6617
		}
6618
break;
6619
case 174:
6620
#line 2298 "parse.y"
6621
{
6622
			yyval.v.b.b2 = PFRULE_RETURNICMP;
6623
			yyval.v.b.w = returnicmpdefault;
6624
			yyval.v.b.w2 = returnicmp6default;
6625
		}
6626
break;
6627
case 175:
6628
#line 2303 "parse.y"
6629
{
6630
			yyval.v.b.b2 = PFRULE_RETURNICMP;
6631
			yyval.v.b.w = yyvsp[-1].v.number;
6632
			yyval.v.b.w2 = returnicmpdefault;
6633
		}
6634
break;
6635
case 176:
6636
#line 2308 "parse.y"
6637
{
6638
			yyval.v.b.b2 = PFRULE_RETURNICMP;
6639
			yyval.v.b.w = returnicmpdefault;
6640
			yyval.v.b.w2 = yyvsp[-1].v.number;
6641
		}
6642
break;
6643
case 177:
6644
#line 2313 "parse.y"
6645
{
6646
			yyval.v.b.b2 = PFRULE_RETURNICMP;
6647
			yyval.v.b.w = yyvsp[-3].v.number;
6648
			yyval.v.b.w2 = yyvsp[-1].v.number;
6649
		}
6650
break;
6651
case 178:
6652
#line 2318 "parse.y"
6653
{
6654
			yyval.v.b.b2 = PFRULE_RETURN;
6655
			yyval.v.b.w = returnicmpdefault;
6656
			yyval.v.b.w2 = returnicmp6default;
6657
		}
6658
break;
6659
case 179:
6660
#line 2325 "parse.y"
6661
{
6662
			if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET))) {
6663
				free(yyvsp[0].v.string);
6664
				YYERROR;
6665
			}
6666
			free(yyvsp[0].v.string);
6667
		}
6668
break;
6669
case 180:
6670
#line 2332 "parse.y"
6671
{
6672
			u_int8_t		icmptype;
6673
6674
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
6675
				yyerror("invalid icmp code %lu", yyvsp[0].v.number);
6676
				YYERROR;
6677
			}
6678
			icmptype = returnicmpdefault >> 8;
6679
			yyval.v.number = (icmptype << 8 | yyvsp[0].v.number);
6680
		}
6681
break;
6682
case 181:
6683
#line 2344 "parse.y"
6684
{
6685
			if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET6))) {
6686
				free(yyvsp[0].v.string);
6687
				YYERROR;
6688
			}
6689
			free(yyvsp[0].v.string);
6690
		}
6691
break;
6692
case 182:
6693
#line 2351 "parse.y"
6694
{
6695
			u_int8_t		icmptype;
6696
6697
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
6698
				yyerror("invalid icmp code %lu", yyvsp[0].v.number);
6699
				YYERROR;
6700
			}
6701
			icmptype = returnicmp6default >> 8;
6702
			yyval.v.number = (icmptype << 8 | yyvsp[0].v.number);
6703
		}
6704
break;
6705
case 183:
6706
#line 2363 "parse.y"
6707
{ yyval.v.i = PF_INOUT; }
6708
break;
6709
case 184:
6710
#line 2364 "parse.y"
6711
{ yyval.v.i = PF_IN; }
6712
break;
6713
case 185:
6714
#line 2365 "parse.y"
6715
{ yyval.v.i = PF_OUT; }
6716
break;
6717
case 186:
6718
#line 2368 "parse.y"
6719
{ yyval.v.logquick.quick = 0; }
6720
break;
6721
case 187:
6722
#line 2369 "parse.y"
6723
{ yyval.v.logquick.quick = 1; }
6724
break;
6725
case 188:
6726
#line 2372 "parse.y"
6727
{ yyval.v.logquick.log = 0; yyval.v.logquick.quick = 0; yyval.v.logquick.logif = 0; }
6728
break;
6729
case 189:
6730
#line 2373 "parse.y"
6731
{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 0; }
6732
break;
6733
case 190:
6734
#line 2374 "parse.y"
6735
{ yyval.v.logquick.quick = 1; yyval.v.logquick.log = 0; yyval.v.logquick.logif = 0; }
6736
break;
6737
case 191:
6738
#line 2375 "parse.y"
6739
{ yyval.v.logquick = yyvsp[-1].v.logquick; yyval.v.logquick.quick = 1; }
6740
break;
6741
case 192:
6742
#line 2376 "parse.y"
6743
{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 1; }
6744
break;
6745
case 193:
6746
#line 2379 "parse.y"
6747
{ yyval.v.logquick.log = PF_LOG; yyval.v.logquick.logif = 0; }
6748
break;
6749
case 194:
6750
#line 2380 "parse.y"
6751
{
6752
			yyval.v.logquick.log = PF_LOG | yyvsp[-1].v.logquick.log;
6753
			yyval.v.logquick.logif = yyvsp[-1].v.logquick.logif;
6754
		}
6755
break;
6756
case 195:
6757
#line 2386 "parse.y"
6758
{ yyval.v.logquick = yyvsp[0].v.logquick; }
6759
break;
6760
case 196:
6761
#line 2387 "parse.y"
6762
{
6763
			yyval.v.logquick.log = yyvsp[-2].v.logquick.log | yyvsp[0].v.logquick.log;
6764
			yyval.v.logquick.logif = yyvsp[0].v.logquick.logif;
6765
			if (yyval.v.logquick.logif == 0)
6766
				yyval.v.logquick.logif = yyvsp[-2].v.logquick.logif;
6767
		}
6768
break;
6769
case 197:
6770
#line 2395 "parse.y"
6771
{ yyval.v.logquick.log = PF_LOG_ALL; yyval.v.logquick.logif = 0; }
6772
break;
6773
case 198:
6774
#line 2396 "parse.y"
6775
{ yyval.v.logquick.log = PF_LOG_MATCHES; yyval.v.logquick.logif = 0; }
6776
break;
6777
case 199:
6778
#line 2397 "parse.y"
6779
{ yyval.v.logquick.log = PF_LOG_SOCKET_LOOKUP; yyval.v.logquick.logif = 0; }
6780
break;
6781
case 200:
6782
#line 2398 "parse.y"
6783
{ yyval.v.logquick.log = PF_LOG_SOCKET_LOOKUP; yyval.v.logquick.logif = 0; }
6784
break;
6785
case 201:
6786
#line 2399 "parse.y"
6787
{
6788
			const char	*errstr;
6789
			u_int		 i;
6790
6791
			yyval.v.logquick.log = 0;
6792
			if (strncmp(yyvsp[0].v.string, "pflog", 5)) {
6793
				yyerror("%s: should be a pflog interface", yyvsp[0].v.string);
6794
				free(yyvsp[0].v.string);
6795
				YYERROR;
6796
			}
6797
			i = strtonum(yyvsp[0].v.string + 5, 0, 255, &errstr);
6798
			if (errstr) {
6799
				yyerror("%s: %s", yyvsp[0].v.string, errstr);
6800
				free(yyvsp[0].v.string);
6801
				YYERROR;
6802
			}
6803
			free(yyvsp[0].v.string);
6804
			yyval.v.logquick.logif = i;
6805
		}
6806
break;
6807
case 202:
6808
#line 2420 "parse.y"
6809
{ yyval.v.interface = NULL; }
6810
break;
6811
case 203:
6812
#line 2421 "parse.y"
6813
{ yyval.v.interface = yyvsp[0].v.interface; }
6814
break;
6815
case 204:
6816
#line 2422 "parse.y"
6817
{ yyval.v.interface = yyvsp[-1].v.interface; }
6818
break;
6819
case 205:
6820
#line 2425 "parse.y"
6821
{ yyval.v.interface = yyvsp[-1].v.interface; }
6822
break;
6823
case 206:
6824
#line 2426 "parse.y"
6825
{
6826
			yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface;
6827
			yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface;
6828
			yyval.v.interface = yyvsp[-3].v.interface;
6829
		}
6830
break;
6831
case 207:
6832
#line 2433 "parse.y"
6833
{ yyval.v.interface = yyvsp[0].v.interface; yyval.v.interface->not = yyvsp[-1].v.number; }
6834
break;
6835
case 208:
6836
#line 2436 "parse.y"
6837
{
6838
			struct node_host	*n;
6839
6840
			yyval.v.interface = calloc(1, sizeof(struct node_if));
6841
			if (yyval.v.interface == NULL)
6842
				err(1, "if_item: calloc");
6843
			if (strlcpy(yyval.v.interface->ifname, yyvsp[0].v.string, sizeof(yyval.v.interface->ifname)) >=
6844
			    sizeof(yyval.v.interface->ifname)) {
6845
				free(yyvsp[0].v.string);
6846
				free(yyval.v.interface);
6847
				yyerror("interface name too long");
6848
				YYERROR;
6849
			}
6850
6851
			if ((n = ifa_exists(yyvsp[0].v.string)) != NULL)
6852
				yyval.v.interface->ifa_flags = n->ifa_flags;
6853
6854
			free(yyvsp[0].v.string);
6855
			yyval.v.interface->not = 0;
6856
			yyval.v.interface->next = NULL;
6857
			yyval.v.interface->tail = yyval.v.interface;
6858
		}
6859
break;
6860
case 209:
6861
#line 2458 "parse.y"
6862
{
6863
			yyval.v.interface = calloc(1, sizeof(struct node_if));
6864
			if (yyval.v.interface == NULL)
6865
				err(1, "if_item: calloc");
6866
			strlcpy(yyval.v.interface->ifname, "any", sizeof(yyval.v.interface->ifname));
6867
			yyval.v.interface->not = 0;
6868
			yyval.v.interface->next = NULL;
6869
			yyval.v.interface->tail = yyval.v.interface;
6870
		}
6871
break;
6872
case 210:
6873
#line 2467 "parse.y"
6874
{
6875
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX) {
6876
				yyerror("rdomain outside range");
6877
				YYERROR;
6878
			}
6879
			yyval.v.interface = calloc(1, sizeof(struct node_if));
6880
			if (yyval.v.interface == NULL)
6881
				err(1, "if_item: calloc");
6882
			yyval.v.interface->not = 0;
6883
			yyval.v.interface->use_rdomain = 1;
6884
			yyval.v.interface->rdomain = yyvsp[0].v.number;
6885
			yyval.v.interface->next = NULL;
6886
			yyval.v.interface->tail = yyval.v.interface;
6887
		}
6888
break;
6889
case 211:
6890
#line 2483 "parse.y"
6891
{ yyval.v.i = 0; }
6892
break;
6893
case 212:
6894
#line 2484 "parse.y"
6895
{ yyval.v.i = AF_INET; }
6896
break;
6897
case 213:
6898
#line 2485 "parse.y"
6899
{ yyval.v.i = AF_INET6; }
6900
break;
6901
case 214:
6902
#line 2488 "parse.y"
6903
{ yyval.v.proto = NULL; }
6904
break;
6905
case 215:
6906
#line 2489 "parse.y"
6907
{ yyval.v.proto = yyvsp[0].v.proto; }
6908
break;
6909
case 216:
6910
#line 2490 "parse.y"
6911
{ yyval.v.proto = yyvsp[-1].v.proto; }
6912
break;
6913
case 217:
6914
#line 2493 "parse.y"
6915
{ yyval.v.proto = yyvsp[-1].v.proto; }
6916
break;
6917
case 218:
6918
#line 2494 "parse.y"
6919
{
6920
			yyvsp[-3].v.proto->tail->next = yyvsp[-1].v.proto;
6921
			yyvsp[-3].v.proto->tail = yyvsp[-1].v.proto;
6922
			yyval.v.proto = yyvsp[-3].v.proto;
6923
		}
6924
break;
6925
case 219:
6926
#line 2501 "parse.y"
6927
{
6928
			u_int8_t	pr;
6929
6930
			pr = (u_int8_t)yyvsp[0].v.number;
6931
			if (pr == 0) {
6932
				yyerror("proto 0 cannot be used");
6933
				YYERROR;
6934
			}
6935
			yyval.v.proto = calloc(1, sizeof(struct node_proto));
6936
			if (yyval.v.proto == NULL)
6937
				err(1, "proto_item: calloc");
6938
			yyval.v.proto->proto = pr;
6939
			yyval.v.proto->next = NULL;
6940
			yyval.v.proto->tail = yyval.v.proto;
6941
		}
6942
break;
6943
case 220:
6944
#line 2518 "parse.y"
6945
{
6946
			struct protoent	*p;
6947
6948
			p = getprotobyname(yyvsp[0].v.string);
6949
			if (p == NULL) {
6950
				yyerror("unknown protocol %s", yyvsp[0].v.string);
6951
				free(yyvsp[0].v.string);
6952
				YYERROR;
6953
			}
6954
			yyval.v.number = p->p_proto;
6955
			free(yyvsp[0].v.string);
6956
		}
6957
break;
6958
case 221:
6959
#line 2530 "parse.y"
6960
{
6961
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
6962
				yyerror("protocol outside range");
6963
				YYERROR;
6964
			}
6965
		}
6966
break;
6967
case 222:
6968
#line 2538 "parse.y"
6969
{
6970
			yyval.v.fromto.src.host = NULL;
6971
			yyval.v.fromto.src.port = NULL;
6972
			yyval.v.fromto.dst.host = NULL;
6973
			yyval.v.fromto.dst.port = NULL;
6974
			yyval.v.fromto.src_os = NULL;
6975
		}
6976
break;
6977
case 223:
6978
#line 2545 "parse.y"
6979
{
6980
			yyval.v.fromto.src = yyvsp[-2].v.peer;
6981
			yyval.v.fromto.src_os = yyvsp[-1].v.os;
6982
			yyval.v.fromto.dst = yyvsp[0].v.peer;
6983
		}
6984
break;
6985
case 224:
6986
#line 2552 "parse.y"
6987
{ yyval.v.os = NULL; }
6988
break;
6989
case 225:
6990
#line 2553 "parse.y"
6991
{ yyval.v.os = yyvsp[0].v.os; }
6992
break;
6993
case 226:
6994
#line 2554 "parse.y"
6995
{ yyval.v.os = yyvsp[-1].v.os; }
6996
break;
6997
case 227:
6998
#line 2557 "parse.y"
6999
{
7000
			yyval.v.os = calloc(1, sizeof(struct node_os));
7001
			if (yyval.v.os == NULL)
7002
				err(1, "os: calloc");
7003
			yyval.v.os->os = yyvsp[0].v.string;
7004
			yyval.v.os->tail = yyval.v.os;
7005
		}
7006
break;
7007
case 228:
7008
#line 2566 "parse.y"
7009
{ yyval.v.os = yyvsp[-1].v.os; }
7010
break;
7011
case 229:
7012
#line 2567 "parse.y"
7013
{
7014
			yyvsp[-3].v.os->tail->next = yyvsp[-1].v.os;
7015
			yyvsp[-3].v.os->tail = yyvsp[-1].v.os;
7016
			yyval.v.os = yyvsp[-3].v.os;
7017
		}
7018
break;
7019
case 230:
7020
#line 2574 "parse.y"
7021
{
7022
			yyval.v.peer.host = NULL;
7023
			yyval.v.peer.port = NULL;
7024
		}
7025
break;
7026
case 231:
7027
#line 2578 "parse.y"
7028
{
7029
			yyval.v.peer = yyvsp[0].v.peer;
7030
		}
7031
break;
7032
case 232:
7033
#line 2583 "parse.y"
7034
{
7035
			yyval.v.peer.host = NULL;
7036
			yyval.v.peer.port = NULL;
7037
		}
7038
break;
7039
case 233:
7040
#line 2587 "parse.y"
7041
{
7042
			if (disallow_urpf_failed(yyvsp[0].v.peer.host, "\"urpf-failed\" is "
7043
			    "not permitted in a destination address"))
7044
				YYERROR;
7045
			yyval.v.peer = yyvsp[0].v.peer;
7046
		}
7047
break;
7048
case 234:
7049
#line 2595 "parse.y"
7050
{
7051
			yyval.v.peer.host = yyvsp[0].v.host;
7052
			yyval.v.peer.port = NULL;
7053
		}
7054
break;
7055
case 235:
7056
#line 2599 "parse.y"
7057
{
7058
			yyval.v.peer.host = yyvsp[-2].v.host;
7059
			yyval.v.peer.port = yyvsp[0].v.port;
7060
		}
7061
break;
7062
case 236:
7063
#line 2603 "parse.y"
7064
{
7065
			yyval.v.peer.host = NULL;
7066
			yyval.v.peer.port = yyvsp[0].v.port;
7067
		}
7068
break;
7069
case 239:
7070
#line 2613 "parse.y"
7071
{ yyval.v.host = NULL; }
7072
break;
7073
case 240:
7074
#line 2614 "parse.y"
7075
{ yyval.v.host = yyvsp[0].v.host; }
7076
break;
7077
case 241:
7078
#line 2615 "parse.y"
7079
{ yyval.v.host = yyvsp[-1].v.host; }
7080
break;
7081
case 242:
7082
#line 2619 "parse.y"
7083
{ yyval.v.host = yyvsp[-1].v.host; }
7084
break;
7085
case 243:
7086
#line 2620 "parse.y"
7087
{
7088
			if (yyvsp[-3].v.host == NULL) {
7089
				freehostlist(yyvsp[-1].v.host);
7090
				yyval.v.host = yyvsp[-3].v.host;
7091
			} else if (yyvsp[-1].v.host == NULL) {
7092
				freehostlist(yyvsp[-3].v.host);
7093
				yyval.v.host = yyvsp[-1].v.host;
7094
			} else {
7095
				yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host;
7096
				yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail;
7097
				yyval.v.host = yyvsp[-3].v.host;
7098
			}
7099
		}
7100
break;
7101
case 244:
7102
#line 2635 "parse.y"
7103
{
7104
			struct node_host	*n;
7105
7106
			for (n = yyvsp[0].v.host; n != NULL; n = n->next)
7107
				n->not = yyvsp[-1].v.number;
7108
			yyval.v.host = yyvsp[0].v.host;
7109
		}
7110
break;
7111
case 245:
7112
#line 2642 "parse.y"
7113
{
7114
			yyval.v.host = calloc(1, sizeof(struct node_host));
7115
			if (yyval.v.host == NULL)
7116
				err(1, "xhost: calloc");
7117
			yyval.v.host->addr.type = PF_ADDR_NOROUTE;
7118
			yyval.v.host->next = NULL;
7119
			yyval.v.host->not = yyvsp[-1].v.number;
7120
			yyval.v.host->tail = yyval.v.host;
7121
		}
7122
break;
7123
case 246:
7124
#line 2651 "parse.y"
7125
{
7126
			yyval.v.host = calloc(1, sizeof(struct node_host));
7127
			if (yyval.v.host == NULL)
7128
				err(1, "xhost: calloc");
7129
			yyval.v.host->addr.type = PF_ADDR_URPFFAILED;
7130
			yyval.v.host->next = NULL;
7131
			yyval.v.host->not = yyvsp[-1].v.number;
7132
			yyval.v.host->tail = yyval.v.host;
7133
		}
7134
break;
7135
case 247:
7136
#line 2662 "parse.y"
7137
{
7138
			if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > USHRT_MAX) {
7139
				yyerror("weight out of range");
7140
				YYERROR;
7141
			}
7142
			yyval.v.weight = yyvsp[0].v.number;
7143
		}
7144
break;
7145
case 248:
7146
#line 2669 "parse.y"
7147
{ yyval.v.weight = 0; }
7148
break;
7149
case 249:
7150
#line 2672 "parse.y"
7151
{
7152
			if ((yyval.v.host = host(yyvsp[0].v.string, pf->opts)) == NULL)	{
7153
				/* error. "any" is handled elsewhere */
7154
				free(yyvsp[0].v.string);
7155
				yyerror("could not parse host specification");
7156
				YYERROR;
7157
			}
7158
			free(yyvsp[0].v.string);
7159
7160
		}
7161
break;
7162
case 250:
7163
#line 2682 "parse.y"
7164
{
7165
			struct node_host *b, *e;
7166
7167
			if ((b = host(yyvsp[-2].v.string, pf->opts)) == NULL ||
7168
			    (e = host(yyvsp[0].v.string, pf->opts)) == NULL) {
7169
				free(yyvsp[-2].v.string);
7170
				free(yyvsp[0].v.string);
7171
				yyerror("could not parse host specification");
7172
				YYERROR;
7173
			}
7174
			if (b->af != e->af ||
7175
			    b->addr.type != PF_ADDR_ADDRMASK ||
7176
			    e->addr.type != PF_ADDR_ADDRMASK ||
7177
			    unmask(&b->addr.v.a.mask, b->af) !=
7178
			    (b->af == AF_INET ? 32 : 128) ||
7179
			    unmask(&e->addr.v.a.mask, e->af) !=
7180
			    (e->af == AF_INET ? 32 : 128) ||
7181
			    b->next != NULL || b->not ||
7182
			    e->next != NULL || e->not) {
7183
				free(b);
7184
				free(e);
7185
				free(yyvsp[-2].v.string);
7186
				free(yyvsp[0].v.string);
7187
				yyerror("invalid address range");
7188
				YYERROR;
7189
			}
7190
			memcpy(&b->addr.v.a.mask, &e->addr.v.a.addr,
7191
			    sizeof(b->addr.v.a.mask));
7192
			b->addr.type = PF_ADDR_RANGE;
7193
			yyval.v.host = b;
7194
			free(e);
7195
			free(yyvsp[-2].v.string);
7196
			free(yyvsp[0].v.string);
7197
		}
7198
break;
7199
case 251:
7200
#line 2716 "parse.y"
7201
{
7202
			char	*buf;
7203
7204
			if (asprintf(&buf, "%s/%lld", yyvsp[-2].v.string, yyvsp[0].v.number) == -1)
7205
				err(1, "host: asprintf");
7206
			free(yyvsp[-2].v.string);
7207
			if ((yyval.v.host = host(buf, pf->opts)) == NULL)	{
7208
				/* error. "any" is handled elsewhere */
7209
				free(buf);
7210
				yyerror("could not parse host specification");
7211
				YYERROR;
7212
			}
7213
			free(buf);
7214
		}
7215
break;
7216
case 252:
7217
#line 2730 "parse.y"
7218
{
7219
			char	*buf;
7220
7221
			/* ie. for 10/8 parsing */
7222
			if (asprintf(&buf, "%lld/%lld", yyvsp[-2].v.number, yyvsp[0].v.number) == -1)
7223
				err(1, "host: asprintf");
7224
			if ((yyval.v.host = host(buf, pf->opts)) == NULL)	{
7225
				/* error. "any" is handled elsewhere */
7226
				free(buf);
7227
				yyerror("could not parse host specification");
7228
				YYERROR;
7229
			}
7230
			free(buf);
7231
		}
7232
break;
7233
case 254:
7234
#line 2745 "parse.y"
7235
{
7236
			struct node_host	*n;
7237
7238
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 128) {
7239
				yyerror("bit number too big");
7240
				YYERROR;
7241
			}
7242
			yyval.v.host = yyvsp[-2].v.host;
7243
			for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
7244
				set_ipmask(n, yyvsp[0].v.number);
7245
		}
7246
break;
7247
case 255:
7248
#line 2756 "parse.y"
7249
{
7250
			if (strlen(yyvsp[-1].v.string) >= PF_TABLE_NAME_SIZE) {
7251
				yyerror("table name '%s' too long", yyvsp[-1].v.string);
7252
				free(yyvsp[-1].v.string);
7253
				YYERROR;
7254
			}
7255
			yyval.v.host = calloc(1, sizeof(struct node_host));
7256
			if (yyval.v.host == NULL)
7257
				err(1, "host: calloc");
7258
			yyval.v.host->addr.type = PF_ADDR_TABLE;
7259
			if (strlcpy(yyval.v.host->addr.v.tblname, yyvsp[-1].v.string,
7260
			    sizeof(yyval.v.host->addr.v.tblname)) >=
7261
			    sizeof(yyval.v.host->addr.v.tblname))
7262
				errx(1, "host: strlcpy");
7263
			free(yyvsp[-1].v.string);
7264
			yyval.v.host->next = NULL;
7265
			yyval.v.host->tail = yyval.v.host;
7266
		}
7267
break;
7268
case 256:
7269
#line 2774 "parse.y"
7270
{
7271
			yyval.v.host = calloc(1, sizeof(struct node_host));
7272
			if (yyval.v.host == NULL) {
7273
				free(yyvsp[0].v.string);
7274
				err(1, "host: calloc");
7275
			}
7276
			yyval.v.host->addr.type = PF_ADDR_RTLABEL;
7277
			if (strlcpy(yyval.v.host->addr.v.rtlabelname, yyvsp[0].v.string,
7278
			    sizeof(yyval.v.host->addr.v.rtlabelname)) >=
7279
			    sizeof(yyval.v.host->addr.v.rtlabelname)) {
7280
				yyerror("route label too long, max %u chars",
7281
				    sizeof(yyval.v.host->addr.v.rtlabelname) - 1);
7282
				free(yyvsp[0].v.string);
7283
				free(yyval.v.host);
7284
				YYERROR;
7285
			}
7286
			yyval.v.host->next = NULL;
7287
			yyval.v.host->tail = yyval.v.host;
7288
			free(yyvsp[0].v.string);
7289
		}
7290
break;
7291
case 258:
7292
#line 2797 "parse.y"
7293
{
7294
			u_long	ulval;
7295
7296
			if (atoul(yyvsp[0].v.string, &ulval) == -1) {
7297
				yyerror("%s is not a number", yyvsp[0].v.string);
7298
				free(yyvsp[0].v.string);
7299
				YYERROR;
7300
			} else
7301
				yyval.v.number = ulval;
7302
			free(yyvsp[0].v.string);
7303
		}
7304
break;
7305
case 259:
7306
#line 2810 "parse.y"
7307
{
7308
			int	 flags = 0;
7309
			char	*p, *op;
7310
7311
			op = yyvsp[-1].v.string;
7312
			if (!isalpha((unsigned char)op[0])) {
7313
				yyerror("invalid interface name '%s'", op);
7314
				free(op);
7315
				YYERROR;
7316
			}
7317
			while ((p = strrchr(yyvsp[-1].v.string, ':')) != NULL) {
7318
				if (!strcmp(p+1, "network"))
7319
					flags |= PFI_AFLAG_NETWORK;
7320
				else if (!strcmp(p+1, "broadcast"))
7321
					flags |= PFI_AFLAG_BROADCAST;
7322
				else if (!strcmp(p+1, "peer"))
7323
					flags |= PFI_AFLAG_PEER;
7324
				else if (!strcmp(p+1, "0"))
7325
					flags |= PFI_AFLAG_NOALIAS;
7326
				else {
7327
					yyerror("interface %s has bad modifier",
7328
					    yyvsp[-1].v.string);
7329
					free(op);
7330
					YYERROR;
7331
				}
7332
				*p = '\0';
7333
			}
7334
			if (flags & (flags - 1) & PFI_AFLAG_MODEMASK) {
7335
				free(op);
7336
				yyerror("illegal combination of "
7337
				    "interface modifiers");
7338
				YYERROR;
7339
			}
7340
			yyval.v.host = calloc(1, sizeof(struct node_host));
7341
			if (yyval.v.host == NULL)
7342
				err(1, "address: calloc");
7343
			yyval.v.host->af = 0;
7344
			set_ipmask(yyval.v.host, 128);
7345
			yyval.v.host->addr.type = PF_ADDR_DYNIFTL;
7346
			yyval.v.host->addr.iflags = flags;
7347
			if (strlcpy(yyval.v.host->addr.v.ifname, yyvsp[-1].v.string,
7348
			    sizeof(yyval.v.host->addr.v.ifname)) >=
7349
			    sizeof(yyval.v.host->addr.v.ifname)) {
7350
				free(op);
7351
				free(yyval.v.host);
7352
				yyerror("interface name too long");
7353
				YYERROR;
7354
			}
7355
			free(op);
7356
			yyval.v.host->next = NULL;
7357
			yyval.v.host->tail = yyval.v.host;
7358
		}
7359
break;
7360
case 260:
7361
#line 2864 "parse.y"
7362
{ yyval.v.port = yyvsp[0].v.port; }
7363
break;
7364
case 261:
7365
#line 2865 "parse.y"
7366
{ yyval.v.port = yyvsp[-1].v.port; }
7367
break;
7368
case 262:
7369
#line 2868 "parse.y"
7370
{ yyval.v.port = yyvsp[-1].v.port; }
7371
break;
7372
case 263:
7373
#line 2869 "parse.y"
7374
{
7375
			yyvsp[-3].v.port->tail->next = yyvsp[-1].v.port;
7376
			yyvsp[-3].v.port->tail = yyvsp[-1].v.port;
7377
			yyval.v.port = yyvsp[-3].v.port;
7378
		}
7379
break;
7380
case 264:
7381
#line 2876 "parse.y"
7382
{
7383
			yyval.v.port = calloc(1, sizeof(struct node_port));
7384
			if (yyval.v.port == NULL)
7385
				err(1, "port_item: calloc");
7386
			yyval.v.port->port[0] = yyvsp[0].v.range.a;
7387
			yyval.v.port->port[1] = yyvsp[0].v.range.b;
7388
			if (yyvsp[0].v.range.t)
7389
				yyval.v.port->op = PF_OP_RRG;
7390
			else
7391
				yyval.v.port->op = PF_OP_EQ;
7392
			yyval.v.port->next = NULL;
7393
			yyval.v.port->tail = yyval.v.port;
7394
		}
7395
break;
7396
case 265:
7397
#line 2889 "parse.y"
7398
{
7399
			if (yyvsp[0].v.range.t) {
7400
				yyerror("':' cannot be used with an other "
7401
				    "port operator");
7402
				YYERROR;
7403
			}
7404
			yyval.v.port = calloc(1, sizeof(struct node_port));
7405
			if (yyval.v.port == NULL)
7406
				err(1, "port_item: calloc");
7407
			yyval.v.port->port[0] = yyvsp[0].v.range.a;
7408
			yyval.v.port->port[1] = yyvsp[0].v.range.b;
7409
			yyval.v.port->op = yyvsp[-1].v.i;
7410
			yyval.v.port->next = NULL;
7411
			yyval.v.port->tail = yyval.v.port;
7412
		}
7413
break;
7414
case 266:
7415
#line 2904 "parse.y"
7416
{
7417
			if (yyvsp[-2].v.range.t || yyvsp[0].v.range.t) {
7418
				yyerror("':' cannot be used with an other "
7419
				    "port operator");
7420
				YYERROR;
7421
			}
7422
			yyval.v.port = calloc(1, sizeof(struct node_port));
7423
			if (yyval.v.port == NULL)
7424
				err(1, "port_item: calloc");
7425
			yyval.v.port->port[0] = yyvsp[-2].v.range.a;
7426
			yyval.v.port->port[1] = yyvsp[0].v.range.a;
7427
			yyval.v.port->op = yyvsp[-1].v.i;
7428
			yyval.v.port->next = NULL;
7429
			yyval.v.port->tail = yyval.v.port;
7430
		}
7431
break;
7432
case 267:
7433
#line 2921 "parse.y"
7434
{
7435
			if (parseport(yyvsp[0].v.string, &yyval.v.range, 0) == -1) {
7436
				free(yyvsp[0].v.string);
7437
				YYERROR;
7438
			}
7439
			free(yyvsp[0].v.string);
7440
		}
7441
break;
7442
case 268:
7443
#line 2930 "parse.y"
7444
{
7445
			if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE) == -1) {
7446
				free(yyvsp[0].v.string);
7447
				YYERROR;
7448
			}
7449
			free(yyvsp[0].v.string);
7450
		}
7451
break;
7452
case 269:
7453
#line 2939 "parse.y"
7454
{ yyval.v.uid = yyvsp[0].v.uid; }
7455
break;
7456
case 270:
7457
#line 2940 "parse.y"
7458
{ yyval.v.uid = yyvsp[-1].v.uid; }
7459
break;
7460
case 271:
7461
#line 2943 "parse.y"
7462
{ yyval.v.uid = yyvsp[-1].v.uid; }
7463
break;
7464
case 272:
7465
#line 2944 "parse.y"
7466
{
7467
			yyvsp[-3].v.uid->tail->next = yyvsp[-1].v.uid;
7468
			yyvsp[-3].v.uid->tail = yyvsp[-1].v.uid;
7469
			yyval.v.uid = yyvsp[-3].v.uid;
7470
		}
7471
break;
7472
case 273:
7473
#line 2951 "parse.y"
7474
{
7475
			yyval.v.uid = calloc(1, sizeof(struct node_uid));
7476
			if (yyval.v.uid == NULL)
7477
				err(1, "uid_item: calloc");
7478
			yyval.v.uid->uid[0] = yyvsp[0].v.number;
7479
			yyval.v.uid->uid[1] = yyvsp[0].v.number;
7480
			yyval.v.uid->op = PF_OP_EQ;
7481
			yyval.v.uid->next = NULL;
7482
			yyval.v.uid->tail = yyval.v.uid;
7483
		}
7484
break;
7485
case 274:
7486
#line 2961 "parse.y"
7487
{
7488
			if (yyvsp[0].v.number == UID_MAX && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) {
7489
				yyerror("user unknown requires operator = or "
7490
				    "!=");
7491
				YYERROR;
7492
			}
7493
			yyval.v.uid = calloc(1, sizeof(struct node_uid));
7494
			if (yyval.v.uid == NULL)
7495
				err(1, "uid_item: calloc");
7496
			yyval.v.uid->uid[0] = yyvsp[0].v.number;
7497
			yyval.v.uid->uid[1] = yyvsp[0].v.number;
7498
			yyval.v.uid->op = yyvsp[-1].v.i;
7499
			yyval.v.uid->next = NULL;
7500
			yyval.v.uid->tail = yyval.v.uid;
7501
		}
7502
break;
7503
case 275:
7504
#line 2976 "parse.y"
7505
{
7506
			if (yyvsp[-2].v.number == UID_MAX || yyvsp[0].v.number == UID_MAX) {
7507
				yyerror("user unknown requires operator = or "
7508
				    "!=");
7509
				YYERROR;
7510
			}
7511
			yyval.v.uid = calloc(1, sizeof(struct node_uid));
7512
			if (yyval.v.uid == NULL)
7513
				err(1, "uid_item: calloc");
7514
			yyval.v.uid->uid[0] = yyvsp[-2].v.number;
7515
			yyval.v.uid->uid[1] = yyvsp[0].v.number;
7516
			yyval.v.uid->op = yyvsp[-1].v.i;
7517
			yyval.v.uid->next = NULL;
7518
			yyval.v.uid->tail = yyval.v.uid;
7519
		}
7520
break;
7521
case 276:
7522
#line 2993 "parse.y"
7523
{
7524
			if (!strcmp(yyvsp[0].v.string, "unknown"))
7525
				yyval.v.number = UID_MAX;
7526
			else {
7527
				struct passwd	*pw;
7528
7529
				if ((pw = getpwnam(yyvsp[0].v.string)) == NULL) {
7530
					yyerror("unknown user %s", yyvsp[0].v.string);
7531
					free(yyvsp[0].v.string);
7532
					YYERROR;
7533
				}
7534
				yyval.v.number = pw->pw_uid;
7535
			}
7536
			free(yyvsp[0].v.string);
7537
		}
7538
break;
7539
case 277:
7540
#line 3008 "parse.y"
7541
{
7542
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= UID_MAX) {
7543
				yyerror("illegal uid value %lu", yyvsp[0].v.number);
7544
				YYERROR;
7545
			}
7546
			yyval.v.number = yyvsp[0].v.number;
7547
		}
7548
break;
7549
case 278:
7550
#line 3017 "parse.y"
7551
{ yyval.v.gid = yyvsp[0].v.gid; }
7552
break;
7553
case 279:
7554
#line 3018 "parse.y"
7555
{ yyval.v.gid = yyvsp[-1].v.gid; }
7556
break;
7557
case 280:
7558
#line 3021 "parse.y"
7559
{ yyval.v.gid = yyvsp[-1].v.gid; }
7560
break;
7561
case 281:
7562
#line 3022 "parse.y"
7563
{
7564
			yyvsp[-3].v.gid->tail->next = yyvsp[-1].v.gid;
7565
			yyvsp[-3].v.gid->tail = yyvsp[-1].v.gid;
7566
			yyval.v.gid = yyvsp[-3].v.gid;
7567
		}
7568
break;
7569
case 282:
7570
#line 3029 "parse.y"
7571
{
7572
			yyval.v.gid = calloc(1, sizeof(struct node_gid));
7573
			if (yyval.v.gid == NULL)
7574
				err(1, "gid_item: calloc");
7575
			yyval.v.gid->gid[0] = yyvsp[0].v.number;
7576
			yyval.v.gid->gid[1] = yyvsp[0].v.number;
7577
			yyval.v.gid->op = PF_OP_EQ;
7578
			yyval.v.gid->next = NULL;
7579
			yyval.v.gid->tail = yyval.v.gid;
7580
		}
7581
break;
7582
case 283:
7583
#line 3039 "parse.y"
7584
{
7585
			if (yyvsp[0].v.number == GID_MAX && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) {
7586
				yyerror("group unknown requires operator = or "
7587
				    "!=");
7588
				YYERROR;
7589
			}
7590
			yyval.v.gid = calloc(1, sizeof(struct node_gid));
7591
			if (yyval.v.gid == NULL)
7592
				err(1, "gid_item: calloc");
7593
			yyval.v.gid->gid[0] = yyvsp[0].v.number;
7594
			yyval.v.gid->gid[1] = yyvsp[0].v.number;
7595
			yyval.v.gid->op = yyvsp[-1].v.i;
7596
			yyval.v.gid->next = NULL;
7597
			yyval.v.gid->tail = yyval.v.gid;
7598
		}
7599
break;
7600
case 284:
7601
#line 3054 "parse.y"
7602
{
7603
			if (yyvsp[-2].v.number == GID_MAX || yyvsp[0].v.number == GID_MAX) {
7604
				yyerror("group unknown requires operator = or "
7605
				    "!=");
7606
				YYERROR;
7607
			}
7608
			yyval.v.gid = calloc(1, sizeof(struct node_gid));
7609
			if (yyval.v.gid == NULL)
7610
				err(1, "gid_item: calloc");
7611
			yyval.v.gid->gid[0] = yyvsp[-2].v.number;
7612
			yyval.v.gid->gid[1] = yyvsp[0].v.number;
7613
			yyval.v.gid->op = yyvsp[-1].v.i;
7614
			yyval.v.gid->next = NULL;
7615
			yyval.v.gid->tail = yyval.v.gid;
7616
		}
7617
break;
7618
case 285:
7619
#line 3071 "parse.y"
7620
{
7621
			if (!strcmp(yyvsp[0].v.string, "unknown"))
7622
				yyval.v.number = GID_MAX;
7623
			else {
7624
				struct group	*grp;
7625
7626
				if ((grp = getgrnam(yyvsp[0].v.string)) == NULL) {
7627
					yyerror("unknown group %s", yyvsp[0].v.string);
7628
					free(yyvsp[0].v.string);
7629
					YYERROR;
7630
				}
7631
				yyval.v.number = grp->gr_gid;
7632
			}
7633
			free(yyvsp[0].v.string);
7634
		}
7635
break;
7636
case 286:
7637
#line 3086 "parse.y"
7638
{
7639
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= GID_MAX) {
7640
				yyerror("illegal gid value %lu", yyvsp[0].v.number);
7641
				YYERROR;
7642
			}
7643
			yyval.v.number = yyvsp[0].v.number;
7644
		}
7645
break;
7646
case 287:
7647
#line 3095 "parse.y"
7648
{
7649
			int	f;
7650
7651
			if ((f = parse_flags(yyvsp[0].v.string)) < 0) {
7652
				yyerror("bad flags %s", yyvsp[0].v.string);
7653
				free(yyvsp[0].v.string);
7654
				YYERROR;
7655
			}
7656
			free(yyvsp[0].v.string);
7657
			yyval.v.b.b1 = f;
7658
		}
7659
break;
7660
case 288:
7661
#line 3108 "parse.y"
7662
{ yyval.v.b.b1 = yyvsp[-2].v.b.b1; yyval.v.b.b2 = yyvsp[0].v.b.b1; }
7663
break;
7664
case 289:
7665
#line 3109 "parse.y"
7666
{ yyval.v.b.b1 = 0; yyval.v.b.b2 = yyvsp[0].v.b.b1; }
7667
break;
7668
case 290:
7669
#line 3110 "parse.y"
7670
{ yyval.v.b.b1 = 0; yyval.v.b.b2 = 0; }
7671
break;
7672
case 291:
7673
#line 3113 "parse.y"
7674
{ yyval.v.icmp = yyvsp[0].v.icmp; }
7675
break;
7676
case 292:
7677
#line 3114 "parse.y"
7678
{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7679
break;
7680
case 293:
7681
#line 3115 "parse.y"
7682
{ yyval.v.icmp = yyvsp[0].v.icmp; }
7683
break;
7684
case 294:
7685
#line 3116 "parse.y"
7686
{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7687
break;
7688
case 295:
7689
#line 3119 "parse.y"
7690
{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7691
break;
7692
case 296:
7693
#line 3120 "parse.y"
7694
{
7695
			yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp;
7696
			yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp;
7697
			yyval.v.icmp = yyvsp[-3].v.icmp;
7698
		}
7699
break;
7700
case 297:
7701
#line 3127 "parse.y"
7702
{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7703
break;
7704
case 298:
7705
#line 3128 "parse.y"
7706
{
7707
			yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp;
7708
			yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp;
7709
			yyval.v.icmp = yyvsp[-3].v.icmp;
7710
		}
7711
break;
7712
case 299:
7713
#line 3135 "parse.y"
7714
{
7715
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7716
			if (yyval.v.icmp == NULL)
7717
				err(1, "icmp_item: calloc");
7718
			yyval.v.icmp->type = yyvsp[0].v.number;
7719
			yyval.v.icmp->code = 0;
7720
			yyval.v.icmp->proto = IPPROTO_ICMP;
7721
			yyval.v.icmp->next = NULL;
7722
			yyval.v.icmp->tail = yyval.v.icmp;
7723
		}
7724
break;
7725
case 300:
7726
#line 3145 "parse.y"
7727
{
7728
			const struct icmpcodeent	*p;
7729
7730
			if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET)) == NULL) {
7731
				yyerror("unknown icmp-code %s", yyvsp[0].v.string);
7732
				free(yyvsp[0].v.string);
7733
				YYERROR;
7734
			}
7735
7736
			free(yyvsp[0].v.string);
7737
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7738
			if (yyval.v.icmp == NULL)
7739
				err(1, "icmp_item: calloc");
7740
			yyval.v.icmp->type = yyvsp[-2].v.number;
7741
			yyval.v.icmp->code = p->code + 1;
7742
			yyval.v.icmp->proto = IPPROTO_ICMP;
7743
			yyval.v.icmp->next = NULL;
7744
			yyval.v.icmp->tail = yyval.v.icmp;
7745
		}
7746
break;
7747
case 301:
7748
#line 3164 "parse.y"
7749
{
7750
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7751
				yyerror("illegal icmp-code %lu", yyvsp[0].v.number);
7752
				YYERROR;
7753
			}
7754
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7755
			if (yyval.v.icmp == NULL)
7756
				err(1, "icmp_item: calloc");
7757
			yyval.v.icmp->type = yyvsp[-2].v.number;
7758
			yyval.v.icmp->code = yyvsp[0].v.number + 1;
7759
			yyval.v.icmp->proto = IPPROTO_ICMP;
7760
			yyval.v.icmp->next = NULL;
7761
			yyval.v.icmp->tail = yyval.v.icmp;
7762
		}
7763
break;
7764
case 302:
7765
#line 3180 "parse.y"
7766
{
7767
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7768
			if (yyval.v.icmp == NULL)
7769
				err(1, "icmp_item: calloc");
7770
			yyval.v.icmp->type = yyvsp[0].v.number;
7771
			yyval.v.icmp->code = 0;
7772
			yyval.v.icmp->proto = IPPROTO_ICMPV6;
7773
			yyval.v.icmp->next = NULL;
7774
			yyval.v.icmp->tail = yyval.v.icmp;
7775
		}
7776
break;
7777
case 303:
7778
#line 3190 "parse.y"
7779
{
7780
			const struct icmpcodeent	*p;
7781
7782
			if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET6)) == NULL) {
7783
				yyerror("unknown icmp6-code %s", yyvsp[0].v.string);
7784
				free(yyvsp[0].v.string);
7785
				YYERROR;
7786
			}
7787
			free(yyvsp[0].v.string);
7788
7789
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7790
			if (yyval.v.icmp == NULL)
7791
				err(1, "icmp_item: calloc");
7792
			yyval.v.icmp->type = yyvsp[-2].v.number;
7793
			yyval.v.icmp->code = p->code + 1;
7794
			yyval.v.icmp->proto = IPPROTO_ICMPV6;
7795
			yyval.v.icmp->next = NULL;
7796
			yyval.v.icmp->tail = yyval.v.icmp;
7797
		}
7798
break;
7799
case 304:
7800
#line 3209 "parse.y"
7801
{
7802
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7803
				yyerror("illegal icmp-code %lu", yyvsp[0].v.number);
7804
				YYERROR;
7805
			}
7806
			yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7807
			if (yyval.v.icmp == NULL)
7808
				err(1, "icmp_item: calloc");
7809
			yyval.v.icmp->type = yyvsp[-2].v.number;
7810
			yyval.v.icmp->code = yyvsp[0].v.number + 1;
7811
			yyval.v.icmp->proto = IPPROTO_ICMPV6;
7812
			yyval.v.icmp->next = NULL;
7813
			yyval.v.icmp->tail = yyval.v.icmp;
7814
		}
7815
break;
7816
case 305:
7817
#line 3225 "parse.y"
7818
{
7819
			const struct icmptypeent	*p;
7820
7821
			if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET)) == NULL) {
7822
				yyerror("unknown icmp-type %s", yyvsp[0].v.string);
7823
				free(yyvsp[0].v.string);
7824
				YYERROR;
7825
			}
7826
			yyval.v.number = p->type + 1;
7827
			free(yyvsp[0].v.string);
7828
		}
7829
break;
7830
case 306:
7831
#line 3236 "parse.y"
7832
{
7833
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7834
				yyerror("illegal icmp-type %lu", yyvsp[0].v.number);
7835
				YYERROR;
7836
			}
7837
			yyval.v.number = yyvsp[0].v.number + 1;
7838
		}
7839
break;
7840
case 307:
7841
#line 3245 "parse.y"
7842
{
7843
			const struct icmptypeent	*p;
7844
7845
			if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET6)) ==
7846
			    NULL) {
7847
				yyerror("unknown icmp6-type %s", yyvsp[0].v.string);
7848
				free(yyvsp[0].v.string);
7849
				YYERROR;
7850
			}
7851
			yyval.v.number = p->type + 1;
7852
			free(yyvsp[0].v.string);
7853
		}
7854
break;
7855
case 308:
7856
#line 3257 "parse.y"
7857
{
7858
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7859
				yyerror("illegal icmp6-type %lu", yyvsp[0].v.number);
7860
				YYERROR;
7861
			}
7862
			yyval.v.number = yyvsp[0].v.number + 1;
7863
		}
7864
break;
7865
case 309:
7866
#line 3266 "parse.y"
7867
{
7868
			int val;
7869
			char *end;
7870
7871
			if (map_tos(yyvsp[0].v.string, &val))
7872
				yyval.v.number = val;
7873
			else if (yyvsp[0].v.string[0] == '0' && yyvsp[0].v.string[1] == 'x') {
7874
				errno = 0;
7875
				yyval.v.number = strtoul(yyvsp[0].v.string, &end, 16);
7876
				if (errno || *end != '\0')
7877
					yyval.v.number = 256;
7878
			} else
7879
				yyval.v.number = 256;		/* flag bad argument */
7880
			if (yyval.v.number < 0 || yyval.v.number > 255) {
7881
				yyerror("illegal tos value %s", yyvsp[0].v.string);
7882
				free(yyvsp[0].v.string);
7883
				YYERROR;
7884
			}
7885
			free(yyvsp[0].v.string);
7886
		}
7887
break;
7888
case 310:
7889
#line 3286 "parse.y"
7890
{
7891
			yyval.v.number = yyvsp[0].v.number;
7892
			if (yyval.v.number < 0 || yyval.v.number > 255) {
7893
				yyerror("illegal tos value %lld", yyvsp[0].v.number);
7894
				YYERROR;
7895
			}
7896
		}
7897
break;
7898
case 311:
7899
#line 3295 "parse.y"
7900
{ yyval.v.i = PF_SRCTRACK; }
7901
break;
7902
case 312:
7903
#line 3296 "parse.y"
7904
{ yyval.v.i = PF_SRCTRACK_GLOBAL; }
7905
break;
7906
case 313:
7907
#line 3297 "parse.y"
7908
{ yyval.v.i = PF_SRCTRACK_RULE; }
7909
break;
7910
case 314:
7911
#line 3300 "parse.y"
7912
{
7913
			yyval.v.i = PFRULE_IFBOUND;
7914
		}
7915
break;
7916
case 315:
7917
#line 3303 "parse.y"
7918
{
7919
			yyval.v.i = 0;
7920
		}
7921
break;
7922
case 316:
7923
#line 3308 "parse.y"
7924
{
7925
			yyval.v.keep_state.action = 0;
7926
			yyval.v.keep_state.options = NULL;
7927
		}
7928
break;
7929
case 317:
7930
#line 3312 "parse.y"
7931
{
7932
			yyval.v.keep_state.action = PF_STATE_NORMAL;
7933
			yyval.v.keep_state.options = yyvsp[0].v.state_opt;
7934
		}
7935
break;
7936
case 318:
7937
#line 3316 "parse.y"
7938
{
7939
			yyval.v.keep_state.action = PF_STATE_MODULATE;
7940
			yyval.v.keep_state.options = yyvsp[0].v.state_opt;
7941
		}
7942
break;
7943
case 319:
7944
#line 3320 "parse.y"
7945
{
7946
			yyval.v.keep_state.action = PF_STATE_SYNPROXY;
7947
			yyval.v.keep_state.options = yyvsp[0].v.state_opt;
7948
		}
7949
break;
7950
case 320:
7951
#line 3326 "parse.y"
7952
{ yyval.v.i = 0; }
7953
break;
7954
case 321:
7955
#line 3327 "parse.y"
7956
{ yyval.v.i = PF_FLUSH; }
7957
break;
7958
case 322:
7959
#line 3328 "parse.y"
7960
{
7961
			yyval.v.i = PF_FLUSH | PF_FLUSH_GLOBAL;
7962
		}
7963
break;
7964
case 323:
7965
#line 3333 "parse.y"
7966
{ yyval.v.state_opt = yyvsp[-1].v.state_opt; }
7967
break;
7968
case 324:
7969
#line 3334 "parse.y"
7970
{ yyval.v.state_opt = NULL; }
7971
break;
7972
case 325:
7973
#line 3337 "parse.y"
7974
{ yyval.v.state_opt = yyvsp[0].v.state_opt; }
7975
break;
7976
case 326:
7977
#line 3338 "parse.y"
7978
{
7979
			yyvsp[-2].v.state_opt->tail->next = yyvsp[0].v.state_opt;
7980
			yyvsp[-2].v.state_opt->tail = yyvsp[0].v.state_opt;
7981
			yyval.v.state_opt = yyvsp[-2].v.state_opt;
7982
		}
7983
break;
7984
case 327:
7985
#line 3345 "parse.y"
7986
{
7987
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
7988
				yyerror("only positive values permitted");
7989
				YYERROR;
7990
			}
7991
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
7992
			if (yyval.v.state_opt == NULL)
7993
				err(1, "state_opt_item: calloc");
7994
			yyval.v.state_opt->type = PF_STATE_OPT_MAX;
7995
			yyval.v.state_opt->data.max_states = yyvsp[0].v.number;
7996
			yyval.v.state_opt->next = NULL;
7997
			yyval.v.state_opt->tail = yyval.v.state_opt;
7998
		}
7999
break;
8000
case 328:
8001
#line 3358 "parse.y"
8002
{
8003
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8004
			if (yyval.v.state_opt == NULL)
8005
				err(1, "state_opt_item: calloc");
8006
			yyval.v.state_opt->type = PF_STATE_OPT_NOSYNC;
8007
			yyval.v.state_opt->next = NULL;
8008
			yyval.v.state_opt->tail = yyval.v.state_opt;
8009
		}
8010
break;
8011
case 329:
8012
#line 3366 "parse.y"
8013
{
8014
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8015
				yyerror("only positive values permitted");
8016
				YYERROR;
8017
			}
8018
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8019
			if (yyval.v.state_opt == NULL)
8020
				err(1, "state_opt_item: calloc");
8021
			yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_STATES;
8022
			yyval.v.state_opt->data.max_src_states = yyvsp[0].v.number;
8023
			yyval.v.state_opt->next = NULL;
8024
			yyval.v.state_opt->tail = yyval.v.state_opt;
8025
		}
8026
break;
8027
case 330:
8028
#line 3379 "parse.y"
8029
{
8030
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8031
				yyerror("only positive values permitted");
8032
				YYERROR;
8033
			}
8034
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8035
			if (yyval.v.state_opt == NULL)
8036
				err(1, "state_opt_item: calloc");
8037
			yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN;
8038
			yyval.v.state_opt->data.max_src_conn = yyvsp[0].v.number;
8039
			yyval.v.state_opt->next = NULL;
8040
			yyval.v.state_opt->tail = yyval.v.state_opt;
8041
		}
8042
break;
8043
case 331:
8044
#line 3392 "parse.y"
8045
{
8046
			if (yyvsp[-2].v.number < 0 || yyvsp[-2].v.number > UINT_MAX ||
8047
			    yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8048
				yyerror("only positive values permitted");
8049
				YYERROR;
8050
			}
8051
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8052
			if (yyval.v.state_opt == NULL)
8053
				err(1, "state_opt_item: calloc");
8054
			yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN_RATE;
8055
			yyval.v.state_opt->data.max_src_conn_rate.limit = yyvsp[-2].v.number;
8056
			yyval.v.state_opt->data.max_src_conn_rate.seconds = yyvsp[0].v.number;
8057
			yyval.v.state_opt->next = NULL;
8058
			yyval.v.state_opt->tail = yyval.v.state_opt;
8059
		}
8060
break;
8061
case 332:
8062
#line 3407 "parse.y"
8063
{
8064
			if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE) {
8065
				yyerror("table name '%s' too long", yyvsp[-2].v.string);
8066
				free(yyvsp[-2].v.string);
8067
				YYERROR;
8068
			}
8069
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8070
			if (yyval.v.state_opt == NULL)
8071
				err(1, "state_opt_item: calloc");
8072
			if (strlcpy(yyval.v.state_opt->data.overload.tblname, yyvsp[-2].v.string,
8073
			    PF_TABLE_NAME_SIZE) >= PF_TABLE_NAME_SIZE)
8074
				errx(1, "state_opt_item: strlcpy");
8075
			free(yyvsp[-2].v.string);
8076
			yyval.v.state_opt->type = PF_STATE_OPT_OVERLOAD;
8077
			yyval.v.state_opt->data.overload.flush = yyvsp[0].v.i;
8078
			yyval.v.state_opt->next = NULL;
8079
			yyval.v.state_opt->tail = yyval.v.state_opt;
8080
		}
8081
break;
8082
case 333:
8083
#line 3425 "parse.y"
8084
{
8085
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8086
				yyerror("only positive values permitted");
8087
				YYERROR;
8088
			}
8089
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8090
			if (yyval.v.state_opt == NULL)
8091
				err(1, "state_opt_item: calloc");
8092
			yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_NODES;
8093
			yyval.v.state_opt->data.max_src_nodes = yyvsp[0].v.number;
8094
			yyval.v.state_opt->next = NULL;
8095
			yyval.v.state_opt->tail = yyval.v.state_opt;
8096
		}
8097
break;
8098
case 334:
8099
#line 3438 "parse.y"
8100
{
8101
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8102
			if (yyval.v.state_opt == NULL)
8103
				err(1, "state_opt_item: calloc");
8104
			yyval.v.state_opt->type = PF_STATE_OPT_SRCTRACK;
8105
			yyval.v.state_opt->data.src_track = yyvsp[0].v.i;
8106
			yyval.v.state_opt->next = NULL;
8107
			yyval.v.state_opt->tail = yyval.v.state_opt;
8108
		}
8109
break;
8110
case 335:
8111
#line 3447 "parse.y"
8112
{
8113
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8114
			if (yyval.v.state_opt == NULL)
8115
				err(1, "state_opt_item: calloc");
8116
			yyval.v.state_opt->type = PF_STATE_OPT_STATELOCK;
8117
			yyval.v.state_opt->data.statelock = yyvsp[0].v.i;
8118
			yyval.v.state_opt->next = NULL;
8119
			yyval.v.state_opt->tail = yyval.v.state_opt;
8120
		}
8121
break;
8122
case 336:
8123
#line 3456 "parse.y"
8124
{
8125
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8126
			if (yyval.v.state_opt == NULL)
8127
				err(1, "state_opt_item: calloc");
8128
			yyval.v.state_opt->type = PF_STATE_OPT_SLOPPY;
8129
			yyval.v.state_opt->next = NULL;
8130
			yyval.v.state_opt->tail = yyval.v.state_opt;
8131
		}
8132
break;
8133
case 337:
8134
#line 3464 "parse.y"
8135
{
8136
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8137
			if (yyval.v.state_opt == NULL)
8138
				err(1, "state_opt_item: calloc");
8139
			yyval.v.state_opt->type = PF_STATE_OPT_PFLOW;
8140
			yyval.v.state_opt->next = NULL;
8141
			yyval.v.state_opt->tail = yyval.v.state_opt;
8142
		}
8143
break;
8144
case 338:
8145
#line 3472 "parse.y"
8146
{
8147
			int	i;
8148
8149
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8150
				yyerror("only positive values permitted");
8151
				YYERROR;
8152
			}
8153
			for (i = 0; pf_timeouts[i].name &&
8154
			    strcmp(pf_timeouts[i].name, yyvsp[-1].v.string); ++i)
8155
				;	/* nothing */
8156
			if (!pf_timeouts[i].name) {
8157
				yyerror("illegal timeout name %s", yyvsp[-1].v.string);
8158
				free(yyvsp[-1].v.string);
8159
				YYERROR;
8160
			}
8161
			if (strchr(pf_timeouts[i].name, '.') == NULL) {
8162
				yyerror("illegal state timeout %s", yyvsp[-1].v.string);
8163
				free(yyvsp[-1].v.string);
8164
				YYERROR;
8165
			}
8166
			free(yyvsp[-1].v.string);
8167
			yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8168
			if (yyval.v.state_opt == NULL)
8169
				err(1, "state_opt_item: calloc");
8170
			yyval.v.state_opt->type = PF_STATE_OPT_TIMEOUT;
8171
			yyval.v.state_opt->data.timeout.number = pf_timeouts[i].timeout;
8172
			yyval.v.state_opt->data.timeout.seconds = yyvsp[0].v.number;
8173
			yyval.v.state_opt->next = NULL;
8174
			yyval.v.state_opt->tail = yyval.v.state_opt;
8175
		}
8176
break;
8177
case 339:
8178
#line 3504 "parse.y"
8179
{
8180
			yyval.v.string = yyvsp[0].v.string;
8181
		}
8182
break;
8183
case 340:
8184
#line 3509 "parse.y"
8185
{
8186
			struct pfctl_qsitem *qsi;
8187
8188
			if ((qsi = pfctl_find_queue(yyvsp[0].v.string, &qspecs)) == NULL) {
8189
				yyerror("queue %s is not defined", yyvsp[0].v.string);
8190
				YYERROR;
8191
			}
8192
			yyval.v.qassign.qname = yyvsp[0].v.string;
8193
			yyval.v.qassign.pqname = NULL;
8194
		}
8195
break;
8196
case 341:
8197
#line 3519 "parse.y"
8198
{
8199
			struct pfctl_qsitem *qsi;
8200
8201
			if ((qsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL) {
8202
				yyerror("queue %s is not defined", yyvsp[-1].v.string);
8203
				YYERROR;
8204
			}
8205
			yyval.v.qassign.qname = yyvsp[-1].v.string;
8206
			yyval.v.qassign.pqname = NULL;
8207
		}
8208
break;
8209
case 342:
8210
#line 3529 "parse.y"
8211
{
8212
			struct pfctl_qsitem *qsi, *pqsi;
8213
8214
			if ((qsi = pfctl_find_queue(yyvsp[-3].v.string, &qspecs)) == NULL) {
8215
				yyerror("queue %s is not defined", yyvsp[-3].v.string);
8216
				YYERROR;
8217
			}
8218
			if ((pqsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL) {
8219
				yyerror("queue %s is not defined", yyvsp[-1].v.string);
8220
				YYERROR;
8221
			}
8222
			yyval.v.qassign.qname = yyvsp[-3].v.string;
8223
			yyval.v.qassign.pqname = yyvsp[-1].v.string;
8224
		}
8225
break;
8226
case 343:
8227
#line 3545 "parse.y"
8228
{
8229
			if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE|PPORT_STAR) == -1) {
8230
				free(yyvsp[0].v.string);
8231
				YYERROR;
8232
			}
8233
			free(yyvsp[0].v.string);
8234
		}
8235
break;
8236
case 344:
8237
#line 3554 "parse.y"
8238
{
8239
			if (yyvsp[0].v.weight > 0) {
8240
				struct node_host	*n;
8241
				for (n = yyvsp[-1].v.host; n != NULL; n = n->next)
8242
					n->weight = yyvsp[0].v.weight;
8243
			}
8244
			yyval.v.host = yyvsp[-1].v.host;
8245
		}
8246
break;
8247
case 345:
8248
#line 3562 "parse.y"
8249
{ yyval.v.host = yyvsp[-1].v.host; }
8250
break;
8251
case 346:
8252
#line 3565 "parse.y"
8253
{
8254
			if (yyvsp[-2].v.host->addr.type != PF_ADDR_ADDRMASK) {
8255
				free(yyvsp[-2].v.host);
8256
				yyerror("only addresses can be listed for "
8257
				    "redirection pools ");
8258
				YYERROR;
8259
			}
8260
			if (yyvsp[-1].v.weight > 0) {
8261
				struct node_host	*n;
8262
				for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
8263
					n->weight = yyvsp[-1].v.weight;
8264
			}
8265
			yyval.v.host = yyvsp[-2].v.host;
8266
		}
8267
break;
8268
case 347:
8269
#line 3579 "parse.y"
8270
{
8271
			yyvsp[-4].v.host->tail->next = yyvsp[-2].v.host;
8272
			yyvsp[-4].v.host->tail = yyvsp[-2].v.host->tail;
8273
			if (yyvsp[-1].v.weight > 0) {
8274
				struct node_host	*n;
8275
				for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
8276
					n->weight = yyvsp[-1].v.weight;
8277
			}
8278
			yyval.v.host = yyvsp[-4].v.host;
8279
		}
8280
break;
8281
case 348:
8282
#line 3591 "parse.y"
8283
{
8284
			yyval.v.redirection = calloc(1, sizeof(struct redirection));
8285
			if (yyval.v.redirection == NULL)
8286
				err(1, "redirection: calloc");
8287
			yyval.v.redirection->host = yyvsp[0].v.host;
8288
			yyval.v.redirection->rport.a = yyval.v.redirection->rport.b = yyval.v.redirection->rport.t = 0;
8289
		}
8290
break;
8291
case 349:
8292
#line 3598 "parse.y"
8293
{
8294
			yyval.v.redirection = calloc(1, sizeof(struct redirection));
8295
			if (yyval.v.redirection == NULL)
8296
				err(1, "redirection: calloc");
8297
			yyval.v.redirection->host = yyvsp[-2].v.host;
8298
			yyval.v.redirection->rport = yyvsp[0].v.range;
8299
		}
8300
break;
8301
case 350:
8302
#line 3608 "parse.y"
8303
{
8304
			yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8305
			if (yyval.v.hashkey == NULL)
8306
				err(1, "hashkey: calloc");
8307
			yyval.v.hashkey->key32[0] = arc4random();
8308
			yyval.v.hashkey->key32[1] = arc4random();
8309
			yyval.v.hashkey->key32[2] = arc4random();
8310
			yyval.v.hashkey->key32[3] = arc4random();
8311
		}
8312
break;
8313
case 351:
8314
#line 3618 "parse.y"
8315
{
8316
			if (!strncmp(yyvsp[0].v.string, "0x", 2)) {
8317
				if (strlen(yyvsp[0].v.string) != 34) {
8318
					free(yyvsp[0].v.string);
8319
					yyerror("hex key must be 128 bits "
8320
						"(32 hex digits) long");
8321
					YYERROR;
8322
				}
8323
				yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8324
				if (yyval.v.hashkey == NULL)
8325
					err(1, "hashkey: calloc");
8326
8327
				if (sscanf(yyvsp[0].v.string, "0x%8x%8x%8x%8x",
8328
				    &yyval.v.hashkey->key32[0], &yyval.v.hashkey->key32[1],
8329
				    &yyval.v.hashkey->key32[2], &yyval.v.hashkey->key32[3]) != 4) {
8330
					free(yyval.v.hashkey);
8331
					free(yyvsp[0].v.string);
8332
					yyerror("invalid hex key");
8333
					YYERROR;
8334
				}
8335
			} else {
8336
				MD5_CTX	context;
8337
8338
				yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8339
				if (yyval.v.hashkey == NULL)
8340
					err(1, "hashkey: calloc");
8341
				MD5Init(&context);
8342
				MD5Update(&context, (unsigned char *)yyvsp[0].v.string,
8343
				    strlen(yyvsp[0].v.string));
8344
				MD5Final((unsigned char *)yyval.v.hashkey, &context);
8345
				HTONL(yyval.v.hashkey->key32[0]);
8346
				HTONL(yyval.v.hashkey->key32[1]);
8347
				HTONL(yyval.v.hashkey->key32[2]);
8348
				HTONL(yyval.v.hashkey->key32[3]);
8349
			}
8350
			free(yyvsp[0].v.string);
8351
		}
8352
break;
8353
case 352:
8354
#line 3657 "parse.y"
8355
{ bzero(&pool_opts, sizeof pool_opts); }
8356
break;
8357
case 353:
8358
#line 3659 "parse.y"
8359
{ yyval.v.pool_opts = pool_opts; }
8360
break;
8361
case 354:
8362
#line 3660 "parse.y"
8363
{
8364
			bzero(&pool_opts, sizeof pool_opts);
8365
			yyval.v.pool_opts = pool_opts;
8366
		}
8367
break;
8368
case 357:
8369
#line 3670 "parse.y"
8370
{
8371
			if (pool_opts.type) {
8372
				yyerror("pool type cannot be redefined");
8373
				YYERROR;
8374
			}
8375
			pool_opts.type =  PF_POOL_BITMASK;
8376
		}
8377
break;
8378
case 358:
8379
#line 3677 "parse.y"
8380
{
8381
			if (pool_opts.type) {
8382
				yyerror("pool type cannot be redefined");
8383
				YYERROR;
8384
			}
8385
			pool_opts.type = PF_POOL_RANDOM;
8386
		}
8387
break;
8388
case 359:
8389
#line 3684 "parse.y"
8390
{
8391
			if (pool_opts.type) {
8392
				yyerror("pool type cannot be redefined");
8393
				YYERROR;
8394
			}
8395
			pool_opts.type = PF_POOL_SRCHASH;
8396
			pool_opts.key = yyvsp[0].v.hashkey;
8397
		}
8398
break;
8399
case 360:
8400
#line 3692 "parse.y"
8401
{
8402
			if (pool_opts.type) {
8403
				yyerror("pool type cannot be redefined");
8404
				YYERROR;
8405
			}
8406
			pool_opts.type = PF_POOL_ROUNDROBIN;
8407
		}
8408
break;
8409
case 361:
8410
#line 3699 "parse.y"
8411
{
8412
			if (pool_opts.type) {
8413
				yyerror("pool type cannot be redefined");
8414
				YYERROR;
8415
			}
8416
			pool_opts.type = PF_POOL_LEASTSTATES;
8417
		}
8418
break;
8419
case 362:
8420
#line 3706 "parse.y"
8421
{
8422
			if (pool_opts.staticport) {
8423
				yyerror("static-port cannot be redefined");
8424
				YYERROR;
8425
			}
8426
			pool_opts.staticport = 1;
8427
		}
8428
break;
8429
case 363:
8430
#line 3713 "parse.y"
8431
{
8432
			if (filter_opts.marker & POM_STICKYADDRESS) {
8433
				yyerror("sticky-address cannot be redefined");
8434
				YYERROR;
8435
			}
8436
			pool_opts.marker |= POM_STICKYADDRESS;
8437
			pool_opts.opts |= PF_POOL_STICKYADDR;
8438
		}
8439
break;
8440
case 364:
8441
#line 3723 "parse.y"
8442
{
8443
			/* try to find @if0 address specs */
8444
			if (strrchr(yyvsp[0].v.string, '@') != NULL) {
8445
				if ((yyval.v.host = host(yyvsp[0].v.string, pf->opts)) == NULL)	{
8446
					yyerror("invalid host for route spec");
8447
					YYERROR;
8448
				}
8449
				free(yyvsp[0].v.string);
8450
			} else {
8451
				yyval.v.host = calloc(1, sizeof(struct node_host));
8452
				if (yyval.v.host == NULL)
8453
					err(1, "route_host: calloc");
8454
				yyval.v.host->ifname = yyvsp[0].v.string;
8455
				yyval.v.host->addr.type = PF_ADDR_NONE;
8456
				set_ipmask(yyval.v.host, 128);
8457
				yyval.v.host->next = NULL;
8458
				yyval.v.host->tail = yyval.v.host;
8459
			}
8460
		}
8461
break;
8462
case 365:
8463
#line 3742 "parse.y"
8464
{
8465
			char	*buf;
8466
8467
			if (asprintf(&buf, "%s/%s", yyvsp[-2].v.string, yyvsp[0].v.string) == -1)
8468
				err(1, "host: asprintf");
8469
			free(yyvsp[-2].v.string);
8470
			if ((yyval.v.host = host(buf, pf->opts)) == NULL)	{
8471
				/* error. "any" is handled elsewhere */
8472
				free(buf);
8473
				yyerror("could not parse host specification");
8474
				YYERROR;
8475
			}
8476
			free(buf);
8477
		}
8478
break;
8479
case 366:
8480
#line 3756 "parse.y"
8481
{
8482
			if (strlen(yyvsp[-1].v.string) >= PF_TABLE_NAME_SIZE) {
8483
				yyerror("table name '%s' too long", yyvsp[-1].v.string);
8484
				free(yyvsp[-1].v.string);
8485
				YYERROR;
8486
			}
8487
			yyval.v.host = calloc(1, sizeof(struct node_host));
8488
			if (yyval.v.host == NULL)
8489
				err(1, "host: calloc");
8490
			yyval.v.host->addr.type = PF_ADDR_TABLE;
8491
			if (strlcpy(yyval.v.host->addr.v.tblname, yyvsp[-1].v.string,
8492
			    sizeof(yyval.v.host->addr.v.tblname)) >=
8493
			    sizeof(yyval.v.host->addr.v.tblname))
8494
				errx(1, "host: strlcpy");
8495
			free(yyvsp[-1].v.string);
8496
			yyval.v.host->next = NULL;
8497
			yyval.v.host->tail = yyval.v.host;
8498
		}
8499
break;
8500
case 367:
8501
#line 3774 "parse.y"
8502
{
8503
			struct node_host	*n;
8504
8505
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 128) {
8506
				yyerror("bit number too big");
8507
				YYERROR;
8508
			}
8509
			yyval.v.host = yyvsp[-2].v.host;
8510
			for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
8511
				set_ipmask(n, yyvsp[0].v.number);
8512
		}
8513
break;
8514
case 368:
8515
#line 3785 "parse.y"
8516
{
8517
			struct node_host	*n;
8518
8519
			yyval.v.host = yyvsp[-1].v.host;
8520
			/* XXX check masks, only full mask should be allowed */
8521
			for (n = yyvsp[-1].v.host; n != NULL; n = n->next) {
8522
				if (yyval.v.host->ifname) {
8523
					yyerror("cannot specify interface twice "
8524
					    "in route spec");
8525
					YYERROR;
8526
				}
8527
				if ((yyval.v.host->ifname = strdup(yyvsp[-2].v.string)) == NULL)
8528
					errx(1, "host: strdup");
8529
			}
8530
			free(yyvsp[-2].v.string);
8531
		}
8532
break;
8533
case 369:
8534
#line 3803 "parse.y"
8535
{
8536
			if (yyvsp[-1].v.weight > 0) {
8537
				struct node_host	*n;
8538
				for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
8539
					n->weight = yyvsp[-1].v.weight;
8540
			}
8541
			yyval.v.host = yyvsp[-2].v.host;
8542
		}
8543
break;
8544
case 370:
8545
#line 3811 "parse.y"
8546
{
8547
			if (yyvsp[-4].v.host->af == 0)
8548
				yyvsp[-4].v.host->af = yyvsp[-2].v.host->af;
8549
			if (yyvsp[-4].v.host->af != yyvsp[-2].v.host->af) {
8550
				yyerror("all pool addresses must be in the "
8551
				    "same address family");
8552
				YYERROR;
8553
			}
8554
			yyvsp[-4].v.host->tail->next = yyvsp[-2].v.host;
8555
			yyvsp[-4].v.host->tail = yyvsp[-2].v.host->tail;
8556
			if (yyvsp[-1].v.weight > 0) {
8557
				struct node_host	*n;
8558
				for (n = yyvsp[-2].v.host; n != NULL; n = n->next)
8559
					n->weight = yyvsp[-1].v.weight;
8560
			}
8561
			yyval.v.host = yyvsp[-4].v.host;
8562
		}
8563
break;
8564
case 371:
8565
#line 3830 "parse.y"
8566
{
8567
			if (yyvsp[0].v.weight > 0) {
8568
				struct node_host	*n;
8569
				for (n = yyvsp[-1].v.host; n != NULL; n = n->next)
8570
					n->weight = yyvsp[0].v.weight;
8571
			}
8572
			yyval.v.host = yyvsp[-1].v.host;
8573
		}
8574
break;
8575
case 372:
8576
#line 3838 "parse.y"
8577
{ yyval.v.host = yyvsp[-1].v.host; }
8578
break;
8579
case 373:
8580
#line 3842 "parse.y"
8581
{
8582
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8583
				yyerror("only positive values permitted");
8584
				YYERROR;
8585
			}
8586
			if (pfctl_set_timeout(pf, yyvsp[-1].v.string, yyvsp[0].v.number, 0) != 0) {
8587
				yyerror("unknown timeout %s", yyvsp[-1].v.string);
8588
				free(yyvsp[-1].v.string);
8589
				YYERROR;
8590
			}
8591
			free(yyvsp[-1].v.string);
8592
		}
8593
break;
8594
case 376:
8595
#line 3861 "parse.y"
8596
{
8597
			if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX) {
8598
				yyerror("only positive values permitted");
8599
				YYERROR;
8600
			}
8601
			if (pfctl_set_limit(pf, yyvsp[-1].v.string, yyvsp[0].v.number) != 0) {
8602
				yyerror("unable to set limit %s %u", yyvsp[-1].v.string, yyvsp[0].v.number);
8603
				free(yyvsp[-1].v.string);
8604
				YYERROR;
8605
			}
8606
			free(yyvsp[-1].v.string);
8607
		}
8608
break;
8609
case 381:
8610
#line 3883 "parse.y"
8611
{ yyval.v.number = 0; }
8612
break;
8613
case 382:
8614
#line 3884 "parse.y"
8615
{
8616
			if (!strcmp(yyvsp[0].v.string, "yes"))
8617
				yyval.v.number = 1;
8618
			else {
8619
				yyerror("invalid value '%s', expected 'yes' "
8620
				    "or 'no'", yyvsp[0].v.string);
8621
				free(yyvsp[0].v.string);
8622
				YYERROR;
8623
			}
8624
			free(yyvsp[0].v.string);
8625
		}
8626
break;
8627
case 383:
8628
#line 3897 "parse.y"
8629
{ yyval.v.i = PF_OP_EQ; }
8630
break;
8631
case 384:
8632
#line 3898 "parse.y"
8633
{ yyval.v.i = PF_OP_NE; }
8634
break;
8635
case 385:
8636
#line 3899 "parse.y"
8637
{ yyval.v.i = PF_OP_LE; }
8638
break;
8639
case 386:
8640
#line 3900 "parse.y"
8641
{ yyval.v.i = PF_OP_LT; }
8642
break;
8643
case 387:
8644
#line 3901 "parse.y"
8645
82677
{ yyval.v.i = PF_OP_GE; }
8646
82677
break;
8647
82677
case 388:
8648
82677
#line 3902 "parse.y"
8649
82677
{ yyval.v.i = PF_OP_GT; }
8650
break;
8651
#line 8644 "parse.c"
8652
    }
8653
    yyssp -= yym;
8654
    yystate = *yyssp;
8655
    yyvsp -= yym;
8656
    yym = yylhs[yyn];
8657
4272
    if (yystate == 0 && yym == 0)
8658
4272
    {
8659
4272
#if YYDEBUG
8660
        if (yydebug)
8661
3818
            printf("%sdebug: after reduction, shifting from state 0 to\
8662
 state %d\n", YYPREFIX, YYFINAL);
8663
#endif
8664
        yystate = YYFINAL;
8665
        *++yyssp = YYFINAL;
8666
        *++yyvsp = yyval;
8667
        if (yychar < 0)
8668
        {
8669
            if ((yychar = yylex()) < 0) yychar = 0;
8670
#if YYDEBUG
8671
            if (yydebug)
8672
3818
            {
8673
4272
                yys = 0;
8674
3820
                if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
8675
                if (!yys) yys = "illegal-symbol";
8676

247318
                printf("%sdebug: state %d, reading %d (%s)\n",
8677
110624
                        YYPREFIX, YYFINAL, yychar, yys);
8678
23860
            }
8679
#endif
8680
54545
        }
8681
        if (yychar == 0) goto yyaccept;
8682
        goto yyloop;
8683
    }
8684
    if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
8685
            yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
8686

78405
        yystate = yytable[yyn];
8687
    else
8688
        yystate = yydgoto[yym];
8689
#if YYDEBUG
8690
78405
    if (yydebug)
8691
78405
        printf("%sdebug: after reduction, shifting from state %d \
8692
78405
to state %d\n", YYPREFIX, *yyssp, yystate);
8693
#endif
8694
    if (yyssp >= yysslim && yygrowstack())
8695
    {
8696
2
        goto yyoverflow;
8697
2
    }
8698
2
    *++yyssp = yystate;
8699
2
    *++yyvsp = yyval;
8700
2
    goto yyloop;
8701
2
yyoverflow:
8702
2
    yyerror("yacc stack overflow");
8703
2
yyabort:
8704
    if (yyss)
8705
452
            free(yyss);
8706
452
    if (yyvs)
8707
452
            free(yyvs);
8708
452
    yyss = yyssp = NULL;
8709
452
    yyvs = yyvsp = NULL;
8710
452
    yystacksize = 0;
8711
452
    return (1);
8712
452
yyaccept:
8713
454
    if (yyss)
8714
            free(yyss);
8715
    if (yyvs)
8716
            free(yyvs);
8717
    yyss = yyssp = NULL;
8718
    yyvs = yyvsp = NULL;
8719
    yystacksize = 0;
8720
    return (0);
8721
}