Bug Summary

File:src/sbin/pfctl/obj/parse.c
Warning:line 7751, column 9
Null pointer passed as 1st argument to string comparison function

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name parse.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sbin/pfctl/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/sbin/pfctl -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -Wno-uninitialized -fdebug-compilation-dir=/usr/src/sbin/pfctl/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c parse.c
1#include <stdlib.h>
2#include <string.h>
3#define YYBYACC1 1
4#define YYMAJOR1 1
5#define YYMINOR9 9
6#define YYLEXyylex() yylex()
7#define YYEMPTY-1 -1
8#define yyclearin(yychar=(-1)) (yychar=(YYEMPTY-1))
9#define yyerrok(yyerrflag=0) (yyerrflag=0)
10#define YYRECOVERING()(yyerrflag!=0) (yyerrflag!=0)
11#define YYPREFIX"yy" "yy"
12#line 30 "/usr/src/sbin/pfctl/parse.y"
13#include <sys/types.h>
14#include <sys/socket.h>
15#include <sys/stat.h>
16#include <sys/sysctl.h>
17#include <net/if.h>
18#include <netinet/in.h>
19#include <netinet/ip.h>
20#include <netinet/ip_icmp.h>
21#include <netinet/icmp6.h>
22#include <net/pfvar.h>
23#include <arpa/inet.h>
24
25#include <stdio.h>
26#include <unistd.h>
27#include <stdlib.h>
28#include <netdb.h>
29#include <stdarg.h>
30#include <errno(*__errno()).h>
31#include <string.h>
32#include <ctype.h>
33#include <math.h>
34#include <err.h>
35#include <limits.h>
36#include <pwd.h>
37#include <grp.h>
38#include <md5.h>
39
40#include "pfctl_parser.h"
41#include "pfctl.h"
42
43static struct pfctl *pf = NULL((void *)0);
44static int debug = 0;
45static u_int16_t returnicmpdefault =
46 (ICMP_UNREACH3 << 8) | ICMP_UNREACH_PORT3;
47static u_int16_t returnicmp6default =
48 (ICMP6_DST_UNREACH1 << 8) | ICMP6_DST_UNREACH_NOPORT4;
49static int blockpolicy = PFRULE_DROP0x0000;
50static int default_statelock;
51
52TAILQ_HEAD(files, file)struct files { struct file *tqh_first; struct file **tqh_last
; } files = TAILQ_HEAD_INITIALIZER(files){ ((void *)0), &(files).tqh_first };
53static struct file {
54 TAILQ_ENTRY(file)struct { struct file *tqe_next; struct file **tqe_prev; } entry;
55 FILE *stream;
56 char *name;
57 size_t ungetpos;
58 size_t ungetsize;
59 u_char *ungetbuf;
60 int eof_reached;
61 int lineno;
62 int errors;
63} *file, *topfile;
64struct file *pushfile(const char *, int);
65int popfile(void);
66int check_file_secrecy(int, const char *);
67int yyparse(void);
68int yylex(void);
69int yyerror(const char *, ...)
70 __attribute__((__format__ (printf, 1, 2)))
71 __attribute__((__nonnull__ (1)));
72int kw_cmp(const void *, const void *);
73int lookup(char *);
74int igetc(void);
75int lgetc(int);
76void lungetc(int);
77int findeol(void);
78
79TAILQ_HEAD(symhead, sym)struct symhead { struct sym *tqh_first; struct sym **tqh_last
; } symhead = TAILQ_HEAD_INITIALIZER(symhead){ ((void *)0), &(symhead).tqh_first };
80struct sym {
81 TAILQ_ENTRY(sym)struct { struct sym *tqe_next; struct sym **tqe_prev; } entry;
82 int used;
83 int persist;
84 char *nam;
85 char *val;
86};
87int symset(const char *, const char *, int);
88char *symget(const char *);
89
90int atoul(char *, u_long *);
91
92struct node_proto {
93 u_int8_t proto;
94 struct node_proto *next;
95 struct node_proto *tail;
96};
97
98struct node_port {
99 u_int16_t port[2];
100 u_int8_t op;
101 struct node_port *next;
102 struct node_port *tail;
103};
104
105struct node_uid {
106 uid_t uid[2];
107 u_int8_t op;
108 struct node_uid *next;
109 struct node_uid *tail;
110};
111
112struct node_gid {
113 gid_t gid[2];
114 u_int8_t op;
115 struct node_gid *next;
116 struct node_gid *tail;
117};
118
119struct node_icmp {
120 u_int8_t code;
121 u_int8_t type;
122 u_int8_t proto;
123 struct node_icmp *next;
124 struct node_icmp *tail;
125};
126
127enum { PF_STATE_OPT_MAX, PF_STATE_OPT_NOSYNC, PF_STATE_OPT_SRCTRACK,
128 PF_STATE_OPT_MAX_SRC_STATES, PF_STATE_OPT_MAX_SRC_CONN,
129 PF_STATE_OPT_MAX_SRC_CONN_RATE, PF_STATE_OPT_MAX_SRC_NODES,
130 PF_STATE_OPT_OVERLOAD, PF_STATE_OPT_STATELOCK,
131 PF_STATE_OPT_TIMEOUT, PF_STATE_OPT_SLOPPY,
132 PF_STATE_OPT_PFLOW };
133
134enum { PF_SRCTRACK_NONE, PF_SRCTRACK, PF_SRCTRACK_GLOBAL, PF_SRCTRACK_RULE };
135
136struct node_state_opt {
137 int type;
138 union {
139 u_int32_t max_states;
140 u_int32_t max_src_states;
141 u_int32_t max_src_conn;
142 struct {
143 u_int32_t limit;
144 u_int32_t seconds;
145 } max_src_conn_rate;
146 struct {
147 u_int8_t flush;
148 char tblname[PF_TABLE_NAME_SIZE32];
149 } overload;
150 u_int32_t max_src_nodes;
151 u_int8_t src_track;
152 u_int32_t statelock;
153 struct {
154 int number;
155 u_int32_t seconds;
156 } timeout;
157 } data;
158 struct node_state_opt *next;
159 struct node_state_opt *tail;
160};
161
162struct peer {
163 struct node_host *host;
164 struct node_port *port;
165};
166
167struct node_queue {
168 char queue[PF_QNAME_SIZE64];
169 char parent[PF_QNAME_SIZE64];
170 char ifname[IFNAMSIZ16];
171 int scheduler;
172 struct node_queue *next;
173 struct node_queue *tail;
174};
175
176struct node_qassign {
177 char *qname;
178 char *pqname;
179};
180
181struct range {
182 int a;
183 int b;
184 int t;
185};
186struct redirection {
187 struct node_host *host;
188 struct range rport;
189};
190
191struct pool_opts {
192 int marker;
193#define POM_TYPE0x01 0x01
194#define POM_STICKYADDRESS0x02 0x02
195 u_int8_t opts;
196 int type;
197 int staticport;
198 struct pf_poolhashkey *key;
199
200} pool_opts;
201
202struct divertspec {
203 struct node_host *addr;
204 u_int16_t port;
205 enum pf_divert_types type;
206};
207
208struct redirspec {
209 struct redirection *rdr;
210 struct pool_opts pool_opts;
211 int binat;
212 int af;
213};
214
215struct filter_opts {
216 int marker;
217#define FOM_FLAGS0x0001 0x0001
218#define FOM_ICMP0x0002 0x0002
219#define FOM_TOS0x0004 0x0004
220#define FOM_KEEP0x0008 0x0008
221#define FOM_SRCTRACK0x0010 0x0010
222#define FOM_MINTTL0x0020 0x0020
223#define FOM_MAXMSS0x0040 0x0040
224#define FOM_AFTO0x0080 0x0080
225#define FOM_SETTOS0x0100 0x0100
226#define FOM_SCRUB_TCP0x0200 0x0200
227#define FOM_SETPRIO0x0400 0x0400
228#define FOM_ONCE0x1000 0x1000
229#define FOM_PRIO0x2000 0x2000
230#define FOM_SETDELAY0x4000 0x4000
231 struct node_uid *uid;
232 struct node_gid *gid;
233 struct node_if *rcv;
234 struct {
235 u_int8_t b1;
236 u_int8_t b2;
237 u_int16_t w;
238 u_int16_t w2;
239 } flags;
240 struct node_icmp *icmpspec;
241 u_int32_t tos;
242 u_int32_t prob;
243 struct {
244 int action;
245 struct node_state_opt *options;
246 } keep;
247 int fragment;
248 int allowopts;
249 char *label;
250 struct node_qassign queues;
251 char *tag;
252 char *match_tag;
253 u_int8_t match_tag_not;
254 u_int rtableid;
255 u_int8_t prio;
256 u_int8_t set_prio[2];
257 u_int16_t delay;
258 struct divertspec divert;
259 struct redirspec nat;
260 struct redirspec rdr;
261 struct redirspec rroute;
262 u_int8_t rt;
263
264 /* scrub opts */
265 int nodf;
266 int minttl;
267 int settos;
268 int randomid;
269 int max_mss;
270
271 struct {
272 u_int32_t limit;
273 u_int32_t seconds;
274 } pktrate;
275} filter_opts;
276
277struct antispoof_opts {
278 char *label;
279 u_int rtableid;
280} antispoof_opts;
281
282struct scrub_opts {
283 int marker;
284 int nodf;
285 int minttl;
286 int maxmss;
287 int randomid;
288 int reassemble_tcp;
289} scrub_opts;
290
291struct node_sc {
292 struct node_queue_bw m1;
293 u_int d;
294 struct node_queue_bw m2;
295};
296
297struct node_fq {
298 u_int flows;
299 u_int quantum;
300 u_int target;
301 u_int interval;
302};
303
304struct queue_opts {
305 int marker;
306#define QOM_BWSPEC0x01 0x01
307#define QOM_PARENT0x02 0x02
308#define QOM_DEFAULT0x04 0x04
309#define QOM_QLIMIT0x08 0x08
310#define QOM_FLOWS0x10 0x10
311#define QOM_QUANTUM0x20 0x20
312 struct node_sc realtime;
313 struct node_sc linkshare;
314 struct node_sc upperlimit;
315 struct node_fq flowqueue;
316 char *parent;
317 int flags;
318 u_int qlimit;
319} queue_opts;
320
321struct table_opts {
322 int flags;
323 int init_addr;
324 struct node_tinithead init_nodes;
325} table_opts;
326
327struct node_hfsc_opts hfsc_opts;
328struct node_state_opt *keep_state_defaults = NULL((void *)0);
329struct pfctl_watermarks syncookie_opts;
330
331int validate_range(u_int8_t, u_int16_t, u_int16_t);
332int disallow_table(struct node_host *, const char *);
333int disallow_urpf_failed(struct node_host *, const char *);
334int disallow_alias(struct node_host *, const char *);
335int rule_consistent(struct pf_rule *);
336int process_tabledef(char *, struct table_opts *, int);
337void expand_label_str(char *, size_t, const char *, const char *);
338void expand_label_if(const char *, char *, size_t, const char *);
339void expand_label_addr(const char *, char *, size_t, u_int8_t,
340 struct node_host *);
341void expand_label_port(const char *, char *, size_t,
342 struct node_port *);
343void expand_label_proto(const char *, char *, size_t, u_int8_t);
344void expand_label(char *, size_t, const char *, u_int8_t,
345 struct node_host *, struct node_port *, struct node_host *,
346 struct node_port *, u_int8_t);
347int expand_divertspec(struct pf_rule *, struct divertspec *);
348int collapse_redirspec(struct pf_pool *, struct pf_rule *,
349 struct redirspec *rs, int);
350int apply_redirspec(struct pf_pool *, struct pf_rule *,
351 struct redirspec *, int, struct node_port *);
352void expand_rule(struct pf_rule *, int, struct node_if *,
353 struct redirspec *, struct redirspec *, struct redirspec *,
354 struct node_proto *,
355 struct node_os *, struct node_host *, struct node_port *,
356 struct node_host *, struct node_port *, struct node_uid *,
357 struct node_gid *, struct node_if *, struct node_icmp *);
358int expand_queue(char *, struct node_if *, struct queue_opts *);
359int expand_skip_interface(struct node_if *);
360
361int getservice(char *);
362int rule_label(struct pf_rule *, char *);
363
364void mv_rules(struct pf_ruleset *, struct pf_ruleset *);
365void decide_address_family(struct node_host *, sa_family_t *);
366int invalid_redirect(struct node_host *, sa_family_t);
367u_int16_t parseicmpspec(char *, sa_family_t);
368int kw_casecmp(const void *, const void *);
369int map_tos(char *string, int *);
370int lookup_rtable(u_int);
371int filteropts_to_rule(struct pf_rule *, struct filter_opts *);
372
373TAILQ_HEAD(loadanchorshead, loadanchors)struct loadanchorshead { struct loadanchors *tqh_first; struct
loadanchors **tqh_last; }
374 loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead){ ((void *)0), &(loadanchorshead).tqh_first };
375
376struct loadanchors {
377 TAILQ_ENTRY(loadanchors)struct { struct loadanchors *tqe_next; struct loadanchors **tqe_prev
; } entries;
378 char *anchorname;
379 char *filename;
380};
381
382typedef struct {
383 union {
384 int64_t number;
385 double probability;
386 int i;
387 char *string;
388 u_int rtableid;
389 u_int16_t weight;
390 struct {
391 u_int8_t b1;
392 u_int8_t b2;
393 u_int16_t w;
394 u_int16_t w2;
395 } b;
396 struct range range;
397 struct node_if *interface;
398 struct node_proto *proto;
399 struct node_icmp *icmp;
400 struct node_host *host;
401 struct node_os *os;
402 struct node_port *port;
403 struct node_uid *uid;
404 struct node_gid *gid;
405 struct node_state_opt *state_opt;
406 struct peer peer;
407 struct {
408 struct peer src, dst;
409 struct node_os *src_os;
410 } fromto;
411 struct redirection *redirection;
412 struct {
413 int action;
414 struct node_state_opt *options;
415 } keep_state;
416 struct {
417 u_int8_t log;
418 u_int8_t logif;
419 u_int8_t quick;
420 } logquick;
421 struct {
422 int neg;
423 char *name;
424 } tagged;
425 struct pf_poolhashkey *hashkey;
426 struct node_queue *queue;
427 struct node_queue_opt queue_options;
428 struct node_queue_bw queue_bwspec;
429 struct node_qassign qassign;
430 struct node_sc sc;
431 struct filter_opts filter_opts;
432 struct antispoof_opts antispoof_opts;
433 struct queue_opts queue_opts;
434 struct scrub_opts scrub_opts;
435 struct table_opts table_opts;
436 struct pool_opts pool_opts;
437 struct node_hfsc_opts hfsc_opts;
438 struct pfctl_watermarks *watermarks;
439 } v;
440 int lineno;
441} YYSTYPE;
442
443#define PPORT_RANGE1 1
444#define PPORT_STAR2 2
445int parseport(char *, struct range *r, int);
446
447#define DYNIF_MULTIADDR(addr)((addr).type == PF_ADDR_DYNIFTL && (!((addr).iflags &
0x08) || !isdigit((unsigned char)(addr).v.ifname[strlen((addr
).v.ifname)-1]))) ((addr).type == PF_ADDR_DYNIFTL && \
448 (!((addr).iflags & PFI_AFLAG_NOALIAS0x08) || \
449 !isdigit((unsigned char)(addr).v.ifname[strlen((addr).v.ifname)-1])))
450
451#line 452 "parse.c"
452#define PASS257 257
453#define BLOCK258 258
454#define MATCH259 259
455#define SCRUB260 260
456#define RETURN261 261
457#define IN262 262
458#define OS263 263
459#define OUT264 264
460#define LOG265 265
461#define QUICK266 266
462#define ON267 267
463#define FROM268 268
464#define TO269 269
465#define FLAGS270 270
466#define RETURNRST271 271
467#define RETURNICMP272 272
468#define RETURNICMP6273 273
469#define PROTO274 274
470#define INET275 275
471#define INET6276 276
472#define ALL277 277
473#define ANY278 278
474#define ICMPTYPE279 279
475#define ICMP6TYPE280 280
476#define CODE281 281
477#define KEEP282 282
478#define MODULATE283 283
479#define STATE284 284
480#define PORT285 285
481#define BINATTO286 286
482#define NODF287 287
483#define MINTTL288 288
484#define ERROR289 289
485#define ALLOWOPTS290 290
486#define FILENAME291 291
487#define ROUTETO292 292
488#define DUPTO293 293
489#define REPLYTO294 294
490#define NO295 295
491#define LABEL296 296
492#define NOROUTE297 297
493#define URPFFAILED298 298
494#define FRAGMENT299 299
495#define USER300 300
496#define GROUP301 301
497#define MAXMSS302 302
498#define MAXIMUM303 303
499#define TTL304 304
500#define TOS305 305
501#define DROP306 306
502#define TABLE307 307
503#define REASSEMBLE308 308
504#define ANCHOR309 309
505#define SYNCOOKIES310 310
506#define SET311 311
507#define OPTIMIZATION312 312
508#define TIMEOUT313 313
509#define LIMIT314 314
510#define LOGINTERFACE315 315
511#define BLOCKPOLICY316 316
512#define RANDOMID317 317
513#define SYNPROXY318 318
514#define FINGERPRINTS319 319
515#define NOSYNC320 320
516#define DEBUG321 321
517#define SKIP322 322
518#define HOSTID323 323
519#define ANTISPOOF324 324
520#define FOR325 325
521#define INCLUDE326 326
522#define MATCHES327 327
523#define BITMASK328 328
524#define RANDOM329 329
525#define SOURCEHASH330 330
526#define ROUNDROBIN331 331
527#define LEASTSTATES332 332
528#define STATICPORT333 333
529#define PROBABILITY334 334
530#define WEIGHT335 335
531#define BANDWIDTH336 336
532#define FLOWS337 337
533#define QUANTUM338 338
534#define QUEUE339 339
535#define PRIORITY340 340
536#define QLIMIT341 341
537#define RTABLE342 342
538#define RDOMAIN343 343
539#define MINIMUM344 344
540#define BURST345 345
541#define PARENT346 346
542#define LOAD347 347
543#define RULESET_OPTIMIZATION348 348
544#define PRIO349 349
545#define ONCE350 350
546#define DEFAULT351 351
547#define DELAY352 352
548#define STICKYADDRESS353 353
549#define MAXSRCSTATES354 354
550#define MAXSRCNODES355 355
551#define SOURCETRACK356 356
552#define GLOBAL357 357
553#define RULE358 358
554#define MAXSRCCONN359 359
555#define MAXSRCCONNRATE360 360
556#define OVERLOAD361 361
557#define FLUSH362 362
558#define SLOPPY363 363
559#define PFLOW364 364
560#define MAXPKTRATE365 365
561#define TAGGED366 366
562#define TAG367 367
563#define IFBOUND368 368
564#define FLOATING369 369
565#define STATEPOLICY370 370
566#define STATEDEFAULTS371 371
567#define ROUTE372 372
568#define DIVERTTO373 373
569#define DIVERTREPLY374 374
570#define DIVERTPACKET375 375
571#define NATTO376 376
572#define AFTO377 377
573#define RDRTO378 378
574#define RECEIVEDON379 379
575#define NE380 380
576#define LE381 381
577#define GE382 382
578#define STRING383 383
579#define NUMBER384 384
580#define PORTBINARY385 385
581#define YYERRCODE256 256
582const short yylhs[] =
583 { -1,
584 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
585 0, 0, 0, 114, 123, 123, 123, 123, 18, 13,
586 13, 115, 115, 115, 115, 115, 115, 115, 115, 115,
587 115, 115, 115, 115, 115, 115, 115, 115, 115, 19,
588 113, 129, 113, 130, 130, 132, 71, 71, 73, 73,
589 74, 74, 75, 75, 120, 72, 72, 133, 133, 133,
590 133, 133, 135, 134, 134, 117, 118, 136, 104, 106,
591 106, 105, 105, 105, 105, 105, 121, 85, 85, 86,
592 86, 87, 87, 137, 96, 96, 98, 98, 97, 97,
593 11, 11, 122, 138, 107, 107, 109, 109, 108, 108,
594 108, 108, 54, 54, 53, 53, 119, 139, 99, 101,
595 101, 100, 100, 100, 100, 100, 100, 102, 102, 102,
596 102, 102, 103, 103, 89, 89, 116, 140, 90, 90,
597 92, 92, 91, 91, 91, 91, 91, 91, 91, 91,
598 91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
599 91, 91, 91, 91, 91, 91, 91, 91, 91, 91,
600 91, 91, 91, 93, 93, 95, 95, 94, 94, 94,
601 94, 28, 28, 14, 14, 24, 24, 24, 27, 27,
602 27, 27, 27, 27, 27, 27, 27, 27, 42, 42,
603 43, 43, 16, 16, 16, 81, 81, 80, 80, 80,
604 80, 80, 82, 82, 83, 83, 84, 84, 84, 84,
605 1, 1, 1, 2, 2, 3, 4, 4, 4, 17,
606 17, 17, 33, 33, 33, 34, 34, 35, 36, 36,
607 44, 44, 57, 57, 57, 58, 59, 59, 46, 46,
608 47, 47, 45, 45, 45, 125, 125, 48, 48, 48,
609 52, 52, 49, 49, 49, 15, 15, 50, 50, 50,
610 50, 50, 50, 50, 50, 5, 5, 51, 60, 60,
611 61, 61, 62, 62, 62, 29, 31, 63, 63, 64,
612 64, 65, 65, 65, 8, 8, 66, 66, 67, 67,
613 68, 68, 68, 9, 9, 26, 25, 25, 25, 37,
614 37, 37, 37, 38, 38, 40, 40, 39, 39, 39,
615 41, 41, 41, 6, 6, 7, 7, 10, 10, 20,
616 20, 20, 23, 23, 76, 76, 76, 76, 21, 21,
617 21, 77, 77, 78, 78, 79, 79, 79, 79, 79,
618 79, 79, 79, 79, 79, 79, 79, 70, 88, 88,
619 88, 30, 56, 56, 55, 55, 69, 69, 32, 32,
620 142, 110, 110, 112, 112, 111, 111, 111, 111, 111,
621 111, 111, 141, 124, 126, 126, 127, 128, 128, 131,
622 131, 12, 12, 22, 22, 22, 22, 22, 22,
623};
624const short yylen[] =
625 { 2,
626 0, 3, 2, 3, 3, 3, 3, 3, 3, 3,
627 3, 4, 3, 2, 2, 3, 3, 3, 1, 0,
628 1, 4, 3, 3, 3, 6, 3, 6, 3, 3,
629 3, 3, 3, 3, 3, 3, 3, 3, 4, 1,
630 0, 0, 4, 3, 1, 2, 1, 1, 2, 1,
631 2, 1, 1, 1, 3, 1, 0, 0, 2, 3,
632 3, 3, 0, 5, 0, 10, 5, 0, 2, 3,
633 1, 1, 2, 2, 2, 1, 5, 2, 5, 2,
634 4, 1, 3, 0, 2, 0, 2, 1, 2, 2,
635 1, 0, 5, 0, 2, 0, 2, 1, 1, 3,
636 4, 2, 2, 4, 2, 4, 4, 0, 2, 2,
637 1, 3, 2, 1, 2, 2, 2, 0, 3, 3,
638 6, 6, 1, 5, 1, 1, 8, 0, 2, 0,
639 2, 1, 2, 2, 1, 1, 2, 2, 1, 1,
640 1, 2, 2, 2, 3, 2, 2, 4, 1, 3,
641 4, 3, 5, 8, 3, 3, 2, 2, 2, 3,
642 1, 4, 1, 4, 2, 3, 1, 1, 2, 2,
643 2, 2, 6, 1, 1, 1, 1, 2, 0, 1,
644 1, 5, 1, 1, 4, 4, 6, 1, 1, 1,
645 1, 1, 0, 1, 1, 0, 1, 0, 1, 1,
646 2, 2, 1, 4, 1, 3, 1, 1, 1, 2,
647 0, 2, 5, 2, 4, 2, 1, 1, 2, 0,
648 1, 1, 0, 2, 5, 2, 4, 1, 1, 1,
649 1, 3, 0, 2, 5, 1, 2, 4, 0, 2,
650 0, 2, 1, 3, 2, 2, 0, 1, 1, 4,
651 2, 4, 2, 2, 2, 2, 0, 1, 3, 3,
652 3, 1, 3, 3, 2, 1, 1, 3, 1, 4,
653 2, 4, 1, 2, 3, 1, 1, 1, 4, 2,
654 4, 1, 2, 3, 1, 1, 1, 4, 2, 4,
655 1, 2, 3, 1, 1, 1, 4, 3, 2, 2,
656 5, 2, 5, 2, 4, 2, 4, 1, 3, 3,
657 1, 3, 3, 1, 1, 1, 1, 1, 1, 0,
658 1, 1, 1, 1, 2, 3, 3, 3, 0, 1,
659 2, 3, 0, 1, 3, 2, 1, 2, 2, 4,
660 5, 2, 2, 1, 1, 1, 2, 1, 1, 3,
661 5, 1, 2, 4, 3, 5, 1, 3, 0, 1,
662 0, 2, 0, 2, 1, 1, 1, 2, 1, 1,
663 1, 1, 2, 2, 4, 2, 2, 4, 2, 1,
664 0, 1, 1, 1, 1, 1, 1, 1, 1,
665};
666const short yydefred[] =
667 { 0,
668 0, 0, 0, 0, 176, 0, 177, 0, 0, 0,
669 0, 0, 0, 0, 0, 3, 0, 0, 0, 0,
670 0, 0, 0, 0, 0, 0, 0, 15, 0, 0,
671 0, 13, 188, 0, 0, 0, 180, 178, 0, 56,
672 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
673 0, 0, 0, 0, 0, 0, 0, 0, 0, 14,
674 0, 0, 0, 194, 195, 0, 2, 4, 5, 6,
675 7, 8, 9, 10, 11, 18, 12, 17, 16, 0,
676 0, 0, 0, 0, 382, 383, 0, 40, 0, 23,
677 0, 0, 25, 0, 0, 27, 48, 47, 29, 32,
678 31, 33, 36, 35, 0, 37, 267, 266, 30, 0,
679 24, 19, 323, 324, 34, 0, 337, 0, 0, 0,
680 0, 0, 0, 345, 346, 0, 344, 0, 334, 0,
681 202, 0, 0, 201, 108, 0, 54, 53, 55, 0,
682 0, 0, 189, 190, 0, 191, 192, 0, 0, 197,
683 0, 21, 22, 39, 0, 374, 0, 0, 377, 0,
684 0, 91, 212, 0, 49, 336, 338, 342, 321, 322,
685 343, 339, 0, 0, 347, 380, 0, 0, 207, 209,
686 208, 0, 205, 218, 0, 217, 0, 0, 82, 78,
687 221, 222, 0, 107, 0, 0, 51, 0, 0, 185,
688 0, 186, 93, 0, 0, 0, 246, 0, 0, 0,
689 0, 0, 216, 0, 0, 335, 210, 204, 0, 219,
690 0, 0, 77, 0, 0, 0, 0, 0, 0, 114,
691 111, 0, 67, 0, 182, 0, 0, 99, 0, 98,
692 0, 0, 0, 0, 45, 376, 26, 0, 379, 28,
693 0, 0, 0, 340, 0, 206, 0, 0, 83, 0,
694 0, 88, 0, 125, 126, 0, 0, 116, 117, 115,
695 113, 110, 0, 0, 187, 102, 0, 97, 0, 46,
696 43, 0, 0, 0, 213, 0, 214, 0, 341, 79,
697 0, 80, 348, 89, 90, 87, 0, 112, 0, 229,
698 230, 0, 224, 228, 0, 231, 0, 0, 0, 100,
699 0, 0, 0, 0, 0, 44, 375, 378, 0, 331,
700 0, 0, 0, 0, 0, 248, 0, 0, 240, 0,
701 249, 127, 0, 0, 0, 0, 254, 255, 0, 0,
702 0, 0, 0, 253, 0, 0, 103, 101, 0, 105,
703 0, 215, 81, 0, 0, 0, 0, 0, 385, 386,
704 388, 0, 384, 387, 389, 0, 0, 245, 269, 277,
705 0, 0, 0, 0, 0, 0, 0, 0, 0, 141,
706 0, 0, 0, 0, 0, 140, 0, 0, 0, 0,
707 0, 0, 0, 0, 0, 161, 0, 0, 0, 149,
708 0, 0, 0, 0, 0, 135, 136, 139, 132, 0,
709 163, 236, 0, 234, 0, 232, 0, 265, 0, 0,
710 0, 0, 0, 0, 256, 0, 63, 66, 124, 0,
711 0, 225, 0, 226, 0, 274, 0, 0, 0, 244,
712 68, 299, 296, 0, 0, 314, 315, 0, 0, 300,
713 316, 317, 0, 0, 302, 0, 0, 0, 0, 0,
714 0, 0, 157, 159, 158, 325, 142, 285, 286, 0,
715 0, 0, 133, 278, 294, 295, 0, 0, 0, 134,
716 287, 318, 319, 138, 0, 0, 0, 0, 0, 168,
717 165, 0, 174, 175, 146, 349, 0, 143, 147, 137,
718 0, 144, 0, 0, 0, 0, 0, 0, 0, 131,
719 0, 242, 104, 260, 259, 261, 268, 264, 263, 106,
720 0, 0, 0, 0, 0, 0, 275, 251, 250, 0,
721 0, 0, 298, 0, 0, 0, 0, 0, 0, 326,
722 327, 0, 353, 0, 156, 0, 373, 0, 0, 283,
723 0, 0, 292, 170, 169, 172, 0, 171, 167, 0,
724 328, 0, 0, 0, 150, 276, 152, 0, 155, 145,
725 160, 0, 0, 58, 122, 121, 227, 270, 0, 271,
726 0, 151, 72, 0, 0, 0, 76, 71, 0, 297,
727 0, 0, 309, 310, 0, 0, 312, 313, 0, 0,
728 0, 358, 352, 366, 367, 0, 369, 370, 371, 372,
729 365, 0, 0, 0, 284, 0, 0, 293, 0, 164,
730 0, 350, 0, 162, 148, 0, 237, 235, 0, 0,
731 0, 252, 73, 74, 75, 0, 301, 0, 304, 303,
732 0, 306, 332, 0, 354, 0, 368, 360, 364, 279,
733 0, 280, 288, 0, 289, 0, 166, 0, 0, 0,
734 59, 64, 0, 0, 0, 272, 70, 0, 0, 355,
735 0, 0, 0, 0, 351, 0, 238, 62, 60, 61,
736 305, 307, 0, 281, 290, 173, 0, 356, 154,
737};
738const short yydgoto[] =
739 { 2,
740 106, 252, 163, 189, 109, 449, 454, 471, 478, 484,
741 311, 87, 153, 495, 347, 66, 193, 111, 89, 171,
742 289, 366, 127, 17, 406, 445, 38, 490, 565, 602,
743 367, 647, 274, 357, 303, 304, 407, 591, 450, 595,
744 455, 145, 148, 307, 329, 308, 416, 330, 331, 459,
745 345, 439, 313, 314, 601, 460, 335, 414, 573, 368,
746 525, 369, 473, 613, 474, 480, 616, 481, 461, 294,
747 99, 41, 112, 139, 370, 408, 540, 128, 129, 58,
748 151, 59, 182, 183, 133, 257, 190, 498, 266, 332,
749 409, 410, 411, 491, 560, 223, 262, 263, 194, 231,
750 232, 298, 267, 531, 588, 589, 203, 240, 241, 545,
751 611, 612, 154, 18, 19, 20, 21, 22, 23, 24,
752 25, 26, 3, 93, 158, 209, 96, 211, 155, 244,
753 177, 245, 630, 428, 521, 532, 224, 204, 195, 333,
754 463, 546,
755};
756const short yysindex[] =
757 { -21,
758 0, 300, 47, 59, 0, 389, 0, 52, -263, 3644,
759 -128, -172, -145, -27, 205, 0, 159, 267, 297, 316,
760 380, 393, 404, 420, 424, 432, 437, 0, 454, 458,
761 460, 0, 0, 277, 341, 416, 0, 0, 89, 0,
762 159, -195, 93, 114, -81, -65, -224, -51, 125, -158,
763 191, 118, 135, 175, 1200, 487, 258, 214, 294, 0,
764 191, -263, 229, 0, 0, -128, 0, 0, 0, 0,
765 0, 0, 0, 0, 0, 0, 0, 0, 0, 245,
766 236, 239, 500, 304, 0, 0, 291, 0, 0, 0,
767 221, 582, 0, 231, 582, 0, 0, 0, 0, 0,
768 0, 0, 0, 0, 58, 0, 0, 0, 0, 135,
769 0, 0, 0, 0, 0, 279, 0, 289, 301, 272,
770 312, 322, 534, 0, 0, 326, 0, 644, 0, -29,
771 0, -24, 365, 0, 0, 445, 0, 0, 0, 229,
772 191, 348, 0, 0, 208, 0, 0, 711, 0, 0,
773 191, 0, 0, 0, 714, 0, 582, 372, 0, 386,
774 582, 0, 0, -196, 0, 0, 0, 0, 0, 0,
775 0, 0, 725, 387, 0, 0, 1200, 135, 0, 0,
776 0, 399, 0, 0, 390, 0, 582, -196, 0, 0,
777 0, 0, 0, 0, 715, 135, 0, 365, 732, 0,
778 239, 0, 0, -92, 365, 397, 0, 582, 10, 582,
779 82, 743, 0, 409, 736, 0, 0, 0, -29, 0,
780 -11, 768, 0, -208, 265, 426, 427, 430, 440, 0,
781 0, 715, 0, 541, 0, 784, 447, 0, 582, 0,
782 -92, 541, 455, 408, 0, 0, 0, 372, 0, 0,
783 386, 105, 582, 0, 475, 0, 112, 582, 0, 461,
784 463, 0, -208, 0, 0, 507, 644, 0, 0, 0,
785 0, 0, -103, -123, 0, 0, 75, 0, -123, 0,
786 0, 397, 582, 582, 0, 743, 0, 488, 0, 0,
787 -11, 0, 0, 0, 0, 0, 265, 0, -76, 0,
788 0, 582, 0, 0, 56, 0, 0, 590, 582, 0,
789 234, 524, 120, 582, 0, 0, 0, 0, 582, 0,
790 582, 529, 265, 265, 271, 0, 597, 582, 0, 571,
791 0, 0, 5354, -53, 591, 62, 0, 0, 478, 401,
792 815, 484, 486, 0, 819, 502, 0, 0, 62, 0,
793 747, 0, 0, 506, 644, 644, 126, 582, 0, 0,
794 0, 582, 0, 0, 0, 229, 508, 0, 0, 0,
795 17, 597, 831, -34, -96, -75, 610, 611, 83, 0,
796 83, 83, 83, 615, 461, 0, 789, 836, 283, 392,
797 616, 288, -32, 517, 522, 0, 523, 135, 530, 0,
798 629, 83, 365, 83, -261, 0, 0, 0, 0, 5354,
799 0, 0, 582, 0, 56, 0, 160, 0, 531, 533,
800 537, 882, 862, 542, 0, 582, 0, 0, 0, 587,
801 630, 0, 271, 0, 868, 0, 229, 582, 164, 0,
802 0, 0, 0, 551, 888, 0, 0, 582, 658, 0,
803 0, 0, 582, 659, 0, 902, 902, 582, 524, 660,
804 0, 0, 0, 0, 0, 0, 0, 0, 0, 582,
805 558, 307, 0, 0, 0, 0, 582, 562, 310, 0,
806 0, 0, 0, 0, 283, -32, -30, 564, 225, 0,
807 0, 902, 0, 0, 0, 0, 566, 0, 0, 0,
808 903, 0, 667, 229, 0, 685, 0, 135, -196, 0,
809 572, 0, 0, 0, 0, 0, 0, 0, 0, 0,
810 944, 265, 265, 582, 197, 582, 0, 0, 0, 17,
811 915, 555, 0, 551, 321, 352, 354, 359, 1200, 0,
812 0, 102, 0, 229, 0, 632, 0, 934, 307, 0,
813 950, 310, 0, 0, 0, 0, 573, 0, 0, 446,
814 0, 527, 574, 229, 0, 0, 0, 83, 0, 0,
815 0, 582, 202, 0, 0, 0, 0, 0, 868, 0,
816 582, 0, 0, 583, 584, 586, 0, 0, 644, 0,
817 203, 582, 0, 0, 228, 582, 0, 0, 543, 524,
818 293, 0, 0, 0, 0, 135, 0, 0, 0, 0,
819 0, 632, 371, 582, 0, 373, 582, 0, 644, 0,
820 225, 0, 589, 0, 0, 0, 0, 0, 572, 559,
821 582, 0, 0, 0, 0, 555, 0, 321, 0, 0,
822 354, 0, 0, 582, 0, 102, 0, 0, 0, 0,
823 934, 0, 0, 950, 0, 592, 0, 925, 701, 582,
824 0, 0, 964, 972, 974, 0, 0, 582, 582, 0,
825 524, 582, 582, 946, 0, 83, 0, 0, 0, 0,
826 0, 0, 582, 0, 0, 0, 0, 0, 0,};
827const short yyrindex[] =
828 { 5,
829 0, 0, 0, 0, 0, 1497, 0, 0, 1617, 0,
830 650, 0, 0, 0, 0, 0, 2097, 0, 0, 0,
831 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
832 0, 0, 0, 1737, 1857, 1977, 0, 0, 0, 0,
833 2217, 0, 0, 0, 0, 0, 0, 0, 0, 0,
834 978, 0, 0, 0, 0, 2337, 2568, 0, 2688, 0,
835 733, 721, 0, 0, 0, 3279, 0, 0, 0, 0,
836 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
837 0, 0, 0, 2808, 0, 0, 980, 0, 210, 0,
838 0, 608, 0, 0, 608, 0, 0, 0, 0, 0,
839 0, 0, 0, 0, -186, 0, 0, 0, 0, 1377,
840 0, 0, 0, 0, 0, 0, 0, 0, 0, 37,
841 0, 0, 0, 0, 0, 0, 0, 519, 0, 0,
842 0, 0, 4, 0, 0, 0, 0, 0, 0, 988,
843 3630, 0, 0, 0, 362, 0, 0, 0, 2, 0,
844 3399, 0, 0, 0, 0, 0, 1251, 0, 0, 0,
845 -8, 0, 0, 0, 0, 0, 0, 0, 0, 0,
846 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
847 0, 374, 0, 0, 0, 0, 21, 0, 0, 0,
848 0, 0, 117, 0, 0, 0, 0, 3870, 0, 0,
849 0, 0, 0, 0, 3750, 0, 0, -9, 617, -9,
850 617, -186, 0, 0, 0, 0, 0, 0, 0, 0,
851 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
852 0, 989, 0, 4110, 0, 0, 0, 0, 27, 0,
853 991, 3990, 0, 617, 0, 0, 0, 0, 0, 0,
854 0, -5, 33, 0, 151, 0, 134, 521, 0, 0,
855 0, 0, 994, 0, 0, 581, 600, 0, 0, 0,
856 0, 0, 0, 4470, 0, 0, 367, 0, 4230, 0,
857 0, 0, -9, -9, 0, -186, 0, 472, 0, 0,
858 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
859 0, 382, 0, 0, 367, 0, 5253, 4581, 405, 0,
860 0, -1, 493, -14, 4821, 0, 0, 0, 33, 0,
861 521, 0, 0, 0, 0, 0, 0, 111, 0, 4350,
862 0, 0, -137, 0, 4931, 367, 0, 0, 0, 303,
863 0, 0, 0, 0, 429, 0, 0, 0, 367, 0,
864 997, 0, 0, 0, 204, 483, 362, 11, 0, 0,
865 0, 965, 0, 0, 0, 0, 723, 0, 0, 0,
866 367, 0, 0, 0, 0, 0, 0, 0, 0, 0,
867 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
868 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
869 0, 0, 740, 0, 0, 0, 0, 0, 0, 7,
870 0, 0, 608, 0, 367, 0, 493, 0, 0, 0,
871 0, 0, 0, 0, 0, -14, 0, 0, 0, 0,
872 0, 0, 0, 0, 0, 0, 0, -22, 163, 0,
873 0, 0, 0, 0, 0, 0, 0, 382, 1112, 0,
874 0, 0, 382, 1232, 0, 5051, 5051, 108, 2448, 2919,
875 3510, 3510, 0, 0, 0, 0, 0, 0, 0, 965,
876 848, 0, 0, 0, 0, 0, 965, 987, 0, 0,
877 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
878 0, 5051, 0, 0, 0, 0, 0, 0, 0, 0,
879 0, 0, 0, 0, 3510, 0, 3510, 0, 0, 0,
880 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
881 0, 0, 0, 11, 1053, 656, 0, 0, 0, 367,
882 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
883 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
884 0, 0, 0, 0, 0, 0, 0, 0, 0, 448,
885 0, 617, 0, 0, 0, 0, 0, 0, 0, 0,
886 0, -9, 617, 0, 0, 0, 0, 0, 0, 0,
887 -22, 0, 0, 0, 0, 0, 0, 0, 603, 0,
888 362, 11, 0, 0, 362, 11, 0, 0, 1465, -4,
889 153, 0, 0, 0, 0, 3039, 0, 0, 0, 0,
890 0, 4701, 1053, 656, 0, 1053, 656, 0, 637, 0,
891 0, 0, 0, 0, 0, 3159, 0, 0, 0, 0,
892 656, 0, 0, 0, 0, 0, 0, 0, 0, 0,
893 0, 0, 0, 53, 0, 0, 0, 0, 0, 0,
894 0, 0, 0, 0, 0, 0, 0, 0, 5152, -9,
895 0, 0, 0, 0, 0, 0, 0, 11, 11, 0,
896 -4, 656, 656, 0, 0, 0, 0, 0, 0, 0,
897 0, 0, 53, 0, 0, 0, 3510, 0, 0,};
898const short yygindex[] =
899 { 0,
900 71, 0, -133, -143, 0, 0, 0, -344, -372, 544,
901 -43, 0, 0, 0, -418, 973, 26, 0, 0, 0,
902 0, -312, 976, 0, 0, -358, 0, 0, 468, 0,
903 -235, 0, 791, 0, -260, 0, 0, 0, -472, 0,
904 -452, 0, 834, 763, 628, 0, 0, -347, 173, -227,
905 0, 0, 708, 696, 0, -124, 0, -474, 0, 674,
906 0, -412, 0, 0, -465, 0, 0, -477, -353, 665,
907 0, 992, -106, 918, -60, 0, -359, 516, 883, 993,
908 0, 1006, 0, 845, 0, 0, 57, 594, 770, 753,
909 666, 0, 0, -437, 0, 0, 812, 0, 0, 846,
910 0, 0, -290, 0, 441, 0, 0, 840, 0, -366,
911 470, 0, 0, 453, 0, -3, -2, 0, 0, 0,
912 0, 0, 0, -54, -93, 0, -50, 0, 0, 0,
913 -138, 803, 0, 0, 0, 0, 0, 0, 0, 0,
914 366, 0,
915};
916#define YYTABLESIZE5732 5732
917const short yytable[] =
918 { 30,
919 31, 160, 140, 165, 1, 257, 201, 497, 257, 557,
920 247, 96, 444, 220, 1, 188, 129, 247, 247, 302,
921 213, 247, 526, 438, 247, 247, 448, 381, 188, 247,
922 239, 257, 355, 356, 247, 257, 572, 247, 257, 257,
923 543, 92, 257, 219, 222, 247, 320, 453, 505, 162,
924 507, 559, 97, 176, 247, 257, 28, 95, 257, 247,
925 247, 164, 592, 207, 358, 247, 247, 212, 32, 413,
926 248, 217, 251, 617, 472, 479, 247, 320, 253, 140,
927 320, 184, 614, 344, 596, 533, 247, 260, 162, 233,
928 162, 92, 247, 221, 162, 547, 247, 541, 187, 85,
929 247, 1, 247, 208, 508, 282, 553, 162, 247, 210,
930 247, 39, 247, 286, 246, 247, 249, 509, 291, 40,
931 257, 257, 342, 257, 94, 176, 86, 550, 299, 129,
932 436, 135, 561, 261, 247, 247, 56, 57, 567, 328,
933 569, 342, 343, 247, 305, 277, 185, 247, 176, 247,
934 247, 247, 319, 306, 660, 176, 92, 247, 98, 287,
935 329, 343, 103, 176, 292, 668, 631, 247, 164, 176,
936 247, 29, 524, 381, 349, 590, 673, 247, 328, 618,
937 161, 644, 581, 657, 309, 672, 186, 86, 669, 317,
938 318, 329, 381, 283, 329, 381, 92, 309, 237, 310,
939 284, 527, 381, 176, 615, 458, 250, 176, 325, 100,
940 60, 198, 381, 120, 626, 336, 430, 431, 433, 41,
941 350, 205, 381, 234, 104, 352, 323, 353, 92, 285,
942 242, 575, 576, 247, 371, 472, 290, 61, 479, 178,
943 176, 92, 164, 442, 348, 176, 176, 179, 200, 42,
944 432, 176, 683, 184, 101, 247, 462, 462, 462, 659,
945 1, 1, 1, 1, 434, 63, 184, 324, 435, 247,
946 180, 176, 381, 342, 247, 247, 67, 258, 349, 300,
947 301, 62, 247, 247, 513, 381, 446, 447, 529, 405,
948 238, 502, 94, 343, 326, 257, 257, 181, 247, 220,
949 530, 91, 27, 5, 6, 7, 68, 451, 452, 16,
950 247, 1, 258, 1, 600, 1, 80, 94, 185, 511,
951 689, 578, 687, 247, 247, 69, 628, 637, 1, 412,
952 1, 185, 520, 326, 247, 258, 176, 381, 472, 320,
953 327, 479, 258, 1, 528, 220, 258, 321, 443, 247,
954 496, 1, 640, 556, 535, 9, 320, 247, 186, 537,
955 247, 247, 258, 247, 542, 571, 405, 257, 247, 247,
956 257, 186, 92, 247, 247, 247, 548, 381, 257, 257,
957 81, 257, 257, 551, 94, 92, 579, 1, 247, 70,
958 320, 320, 320, 247, 247, 320, 320, 320, 247, 320,
959 320, 570, 71, 247, 320, 320, 92, 247, 247, 247,
960 247, 381, 84, 72, 176, 247, 176, 645, 671, 320,
961 64, 621, 65, 623, 247, 258, 92, 258, 506, 73,
962 577, 489, 580, 74, 629, 247, 247, 247, 262, 218,
963 381, 75, 176, 566, 247, 420, 76, 419, 281, 312,
964 636, 176, 638, 329, 339, 82, 641, 105, 84, 381,
965 381, 262, 646, 77, 247, 340, 341, 78, 262, 79,
966 329, 83, 262, 339, 651, 88, 381, 654, 627, 247,
967 656, 330, 247, 603, 340, 341, 620, 632, 262, 176,
968 247, 247, 119, 247, 247, 650, 90, 653, 639, 648,
969 107, 108, 642, 566, 329, 329, 329, 102, 312, 329,
970 329, 329, 330, 329, 329, 330, 381, 110, 329, 329,
971 652, 312, 56, 655, 381, 381, 130, 247, 38, 485,
972 337, 338, 381, 329, 381, 381, 381, 666, 132, 120,
973 120, 120, 113, 114, 120, 381, 381, 381, 142, 120,
974 670, 262, 381, 262, 120, 4, 5, 6, 7, 134,
975 247, 149, 258, 486, 247, 258, 677, 622, 661, 150,
976 176, 258, 258, 487, 681, 682, 488, 152, 684, 685,
977 258, 258, 258, 643, 258, 258, 176, 258, 258, 688,
978 123, 157, 258, 174, 258, 258, 258, 258, 258, 258,
979 258, 258, 258, 258, 156, 339, 8, 258, 9, 118,
980 10, 137, 138, 258, 159, 381, 340, 341, 143, 144,
981 258, 146, 147, 11, 123, 12, 664, 665, 169, 170,
982 258, 258, 258, 258, 258, 258, 258, 258, 13, 191,
983 192, 258, 381, 69, 258, 247, 14, 264, 265, 33,
984 381, 258, 258, 300, 301, 258, 364, 363, 365, 34,
985 35, 36, 166, 92, 92, 482, 483, 258, 258, 258,
986 493, 494, 167, 381, 258, 258, 258, 258, 258, 258,
987 258, 258, 15, 662, 168, 258, 258, 176, 262, 468,
988 469, 262, 475, 476, 37, 172, 485, 262, 262, 247,
989 381, 247, 247, 446, 447, 173, 262, 262, 262, 175,
990 262, 262, 196, 262, 262, 247, 247, 247, 262, 362,
991 262, 262, 262, 262, 262, 262, 262, 262, 262, 262,
992 486, 199, 273, 262, 593, 594, 451, 452, 92, 262,
993 487, 597, 598, 488, 381, 381, 262, 464, 465, 92,
994 92, 202, 381, 206, 91, 273, 262, 262, 262, 262,
995 262, 262, 262, 262, 247, 247, 273, 262, 94, 215,
996 262, 214, 235, 220, 330, 162, 247, 262, 262, 243,
997 247, 262, 273, 273, 273, 381, 381, 247, 247, 381,
998 381, 330, 254, 262, 262, 262, 381, 255, 247, 381,
999 262, 262, 262, 262, 262, 262, 262, 262, 259, 268,
1000 269, 262, 262, 270, 273, 5, 6, 7, 119, 119,
1001 119, 381, 271, 119, 275, 330, 330, 330, 119, 276,
1002 330, 330, 330, 119, 330, 330, 288, 280, 381, 330,
1003 330, 583, 584, 293, 320, 273, 295, 273, 364, 363,
1004 365, 297, 334, 354, 330, 372, 585, 282, 346, 415,
1005 418, 421, 586, 247, 381, 424, 422, 9, 423, 427,
1006 441, 587, 381, 381, 381, 381, 381, 381, 381, 381,
1007 282, 381, 381, 123, 12, 425, 381, 381, 429, 381,
1008 381, 282, 437, 456, 457, 364, 363, 365, 466, 492,
1009 499, 381, 381, 247, 381, 500, 501, 282, 282, 282,
1010 381, 470, 503, 504, 514, 515, 123, 123, 123, 381,
1011 516, 123, 517, 518, 123, 519, 123, 364, 363, 365,
1012 522, 123, 523, 443, 534, 118, 118, 118, 536, 538,
1013 118, 539, 549, 381, 544, 118, 552, 558, 562, 563,
1014 118, 564, 568, 574, 412, 582, 619, 624, 477, 604,
1015 605, 606, 607, 608, 609, 675, 633, 634, 635, 676,
1016 282, 658, 282, 678, 198, 674, 359, 360, 361, 137,
1017 138, 679, 273, 680, 610, 273, 686, 211, 57, 20,
1018 247, 273, 273, 364, 363, 365, 291, 52, 109, 381,
1019 95, 273, 273, 85, 273, 273, 65, 220, 273, 364,
1020 363, 365, 273, 84, 273, 273, 273, 273, 273, 291,
1021 381, 273, 273, 273, 247, 247, 247, 273, 554, 115,
1022 291, 625, 279, 273, 236, 247, 247, 247, 247, 247,
1023 273, 315, 512, 417, 426, 440, 291, 291, 291, 467,
1024 225, 226, 227, 136, 599, 228, 273, 197, 141, 216,
1025 229, 273, 131, 256, 273, 230, 322, 351, 211, 211,
1026 211, 273, 273, 211, 296, 510, 667, 272, 211, 555,
1027 278, 649, 663, 211, 316, 0, 0, 273, 273, 273,
1028 0, 0, 0, 0, 0, 273, 273, 273, 273, 273,
1029 273, 273, 273, 273, 273, 273, 273, 282, 0, 291,
1030 0, 291, 381, 381, 381, 0, 0, 282, 0, 0,
1031 0, 308, 0, 0, 0, 0, 282, 282, 0, 282,
1032 282, 0, 0, 282, 0, 0, 0, 282, 0, 282,
1033 282, 282, 282, 282, 308, 0, 282, 282, 282, 0,
1034 0, 0, 282, 0, 0, 308, 0, 0, 282, 0,
1035 0, 0, 0, 0, 0, 282, 0, 0, 359, 360,
1036 361, 468, 469, 0, 0, 0, 0, 0, 0, 0,
1037 0, 282, 0, 0, 0, 0, 282, 0, 0, 282,
1038 0, 0, 0, 0, 0, 0, 282, 282, 0, 0,
1039 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1040 0, 0, 282, 282, 282, 359, 360, 361, 475, 476,
1041 282, 282, 282, 282, 282, 282, 282, 282, 282, 282,
1042 282, 282, 0, 0, 308, 0, 308, 0, 0, 0,
1043 0, 311, 0, 0, 0, 0, 291, 359, 360, 361,
1044 137, 138, 0, 0, 0, 0, 291, 0, 0, 0,
1045 0, 0, 0, 0, 311, 291, 291, 0, 291, 291,
1046 0, 0, 291, 0, 0, 311, 291, 0, 291, 291,
1047 291, 291, 291, 247, 0, 291, 291, 291, 0, 0,
1048 247, 291, 0, 0, 247, 0, 0, 291, 0, 0,
1049 0, 0, 0, 0, 291, 0, 0, 0, 0, 0,
1050 247, 247, 247, 359, 360, 361, 468, 469, 0, 0,
1051 291, 0, 0, 0, 0, 291, 0, 0, 291, 359,
1052 360, 361, 475, 476, 0, 291, 291, 0, 0, 0,
1053 0, 0, 0, 0, 247, 247, 247, 247, 247, 0,
1054 0, 291, 291, 291, 311, 0, 311, 0, 0, 291,
1055 291, 291, 291, 291, 291, 291, 291, 291, 291, 291,
1056 291, 308, 0, 247, 0, 247, 0, 0, 0, 0,
1057 0, 308, 0, 0, 0, 0, 50, 0, 0, 0,
1058 308, 308, 0, 308, 308, 0, 0, 308, 0, 0,
1059 0, 308, 0, 308, 308, 308, 308, 308, 0, 50,
1060 308, 308, 308, 0, 0, 0, 308, 50, 0, 0,
1061 50, 0, 308, 0, 0, 0, 0, 0, 0, 308,
1062 0, 0, 381, 381, 381, 381, 381, 0, 0, 0,
1063 0, 0, 0, 0, 0, 308, 0, 0, 0, 0,
1064 308, 0, 0, 308, 0, 0, 0, 0, 0, 0,
1065 308, 308, 0, 0, 0, 0, 0, 0, 0, 0,
1066 0, 0, 0, 0, 0, 0, 308, 308, 308, 0,
1067 0, 0, 0, 0, 308, 308, 308, 308, 308, 308,
1068 308, 311, 0, 0, 308, 308, 0, 0, 0, 50,
1069 0, 311, 116, 0, 0, 0, 179, 0, 0, 0,
1070 311, 311, 0, 311, 311, 0, 0, 311, 0, 117,
1071 0, 311, 0, 311, 311, 311, 311, 311, 247, 179,
1072 311, 311, 311, 0, 0, 0, 311, 0, 0, 0,
1073 0, 0, 311, 0, 0, 0, 0, 247, 247, 311,
1074 0, 0, 0, 118, 119, 120, 0, 0, 121, 122,
1075 123, 0, 124, 125, 0, 311, 0, 113, 114, 0,
1076 311, 0, 0, 311, 0, 0, 0, 0, 0, 0,
1077 311, 311, 126, 0, 0, 0, 0, 0, 0, 0,
1078 0, 0, 0, 247, 0, 0, 311, 311, 311, 0,
1079 0, 0, 0, 0, 311, 311, 311, 311, 311, 311,
1080 311, 0, 0, 0, 311, 311, 0, 0, 0, 0,
1081 0, 0, 247, 0, 0, 0, 57, 0, 0, 0,
1082 247, 247, 247, 247, 247, 0, 50, 0, 0, 0,
1083 0, 0, 0, 0, 0, 50, 50, 0, 0, 57,
1084 0, 0, 0, 50, 0, 50, 50, 0, 50, 50,
1085 0, 0, 50, 0, 0, 0, 50, 0, 50, 50,
1086 50, 50, 50, 0, 0, 50, 50, 50, 0, 0,
1087 0, 50, 0, 0, 0, 0, 0, 50, 0, 0,
1088 0, 0, 0, 0, 50, 0, 0, 0, 0, 0,
1089 0, 0, 0, 50, 50, 50, 50, 50, 50, 50,
1090 50, 0, 0, 0, 0, 50, 0, 0, 50, 0,
1091 0, 0, 0, 0, 0, 50, 50, 0, 0, 50,
1092 0, 0, 0, 0, 0, 0, 0, 0, 0, 57,
1093 0, 50, 50, 50, 0, 0, 181, 0, 0, 50,
1094 50, 50, 50, 50, 50, 50, 179, 0, 179, 179,
1095 179, 179, 179, 179, 179, 179, 179, 381, 0, 181,
1096 179, 179, 179, 179, 0, 179, 179, 0, 179, 179,
1097 0, 0, 179, 0, 381, 0, 179, 0, 179, 179,
1098 179, 179, 179, 0, 0, 179, 179, 179, 0, 0,
1099 0, 179, 0, 0, 0, 0, 0, 179, 0, 0,
1100 0, 0, 0, 0, 179, 0, 0, 0, 381, 381,
1101 381, 0, 0, 381, 381, 381, 0, 381, 381, 0,
1102 179, 0, 381, 381, 0, 179, 0, 0, 179, 0,
1103 0, 0, 0, 0, 0, 179, 179, 381, 0, 0,
1104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1105 0, 179, 179, 179, 0, 0, 183, 0, 0, 179,
1106 179, 179, 179, 179, 179, 179, 57, 0, 57, 57,
1107 57, 0, 57, 57, 57, 57, 57, 0, 0, 183,
1108 57, 57, 57, 57, 0, 57, 57, 0, 57, 57,
1109 0, 0, 57, 0, 0, 0, 57, 0, 57, 57,
1110 57, 57, 57, 0, 0, 57, 57, 57, 0, 0,
1111 0, 57, 0, 0, 0, 0, 0, 57, 0, 0,
1112 0, 0, 0, 0, 57, 0, 0, 0, 0, 0,
1113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1114 57, 0, 0, 0, 0, 57, 0, 0, 57, 0,
1115 0, 0, 0, 0, 0, 57, 57, 0, 0, 0,
1116 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1117 0, 57, 57, 57, 0, 0, 184, 0, 0, 57,
1118 57, 57, 57, 57, 57, 57, 181, 0, 181, 181,
1119 181, 181, 181, 181, 181, 181, 181, 0, 0, 184,
1120 181, 181, 181, 181, 0, 181, 181, 0, 181, 181,
1121 0, 0, 181, 0, 0, 0, 181, 0, 181, 181,
1122 181, 181, 181, 0, 0, 181, 181, 181, 0, 0,
1123 0, 181, 0, 0, 0, 0, 0, 181, 0, 0,
1124 0, 0, 0, 0, 181, 0, 0, 0, 0, 0,
1125 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1126 181, 0, 0, 0, 0, 181, 0, 0, 181, 0,
1127 0, 0, 0, 0, 0, 181, 181, 0, 0, 0,
1128 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1129 0, 181, 181, 181, 0, 0, 193, 0, 0, 181,
1130 181, 181, 181, 181, 181, 181, 183, 0, 183, 183,
1131 183, 183, 183, 183, 183, 183, 183, 0, 0, 193,
1132 183, 183, 183, 183, 0, 183, 183, 0, 183, 183,
1133 0, 0, 183, 0, 0, 0, 183, 0, 183, 183,
1134 183, 183, 183, 0, 0, 183, 183, 183, 0, 0,
1135 0, 183, 0, 0, 0, 0, 0, 183, 0, 0,
1136 0, 0, 0, 0, 183, 0, 0, 0, 0, 0,
1137 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1138 183, 0, 0, 0, 0, 183, 0, 0, 183, 0,
1139 0, 0, 0, 0, 0, 183, 183, 0, 0, 0,
1140 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1141 0, 183, 183, 183, 0, 0, 193, 0, 0, 183,
1142 183, 183, 183, 183, 183, 183, 184, 0, 184, 184,
1143 184, 184, 184, 184, 184, 184, 184, 0, 0, 193,
1144 184, 184, 184, 184, 0, 184, 184, 0, 184, 184,
1145 0, 0, 184, 0, 0, 0, 184, 0, 184, 184,
1146 184, 184, 184, 0, 0, 184, 184, 184, 0, 0,
1147 0, 184, 0, 0, 0, 0, 0, 184, 0, 0,
1148 0, 0, 0, 0, 184, 0, 0, 0, 0, 0,
1149 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1150 184, 0, 0, 0, 0, 184, 0, 0, 184, 0,
1151 0, 0, 0, 0, 0, 184, 184, 0, 0, 0,
1152 0, 0, 0, 0, 0, 0, 0, 0, 0, 193,
1153 0, 184, 184, 184, 0, 0, 203, 0, 0, 184,
1154 184, 184, 184, 184, 184, 184, 193, 0, 0, 193,
1155 0, 193, 193, 193, 193, 193, 193, 0, 0, 203,
1156 193, 193, 193, 193, 0, 193, 193, 0, 193, 193,
1157 0, 0, 193, 0, 0, 0, 193, 0, 193, 193,
1158 193, 193, 193, 0, 0, 193, 193, 193, 0, 0,
1159 0, 193, 0, 0, 0, 0, 0, 193, 0, 0,
1160 0, 0, 0, 0, 193, 0, 0, 0, 0, 0,
1161 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1162 193, 0, 0, 0, 0, 193, 0, 0, 193, 0,
1163 0, 0, 0, 0, 0, 193, 193, 0, 0, 0,
1164 0, 0, 0, 0, 0, 0, 0, 257, 0, 0,
1165 0, 193, 193, 193, 0, 0, 0, 0, 0, 193,
1166 193, 193, 193, 193, 193, 193, 193, 0, 0, 193,
1167 257, 0, 193, 193, 193, 193, 193, 0, 0, 0,
1168 193, 193, 193, 193, 0, 193, 193, 0, 193, 193,
1169 0, 0, 193, 0, 0, 0, 193, 0, 193, 193,
1170 193, 193, 193, 0, 0, 193, 193, 193, 0, 0,
1171 0, 193, 0, 0, 0, 0, 0, 193, 0, 0,
1172 0, 0, 0, 0, 193, 0, 0, 0, 0, 0,
1173 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1174 193, 0, 0, 0, 0, 193, 0, 0, 193, 0,
1175 0, 0, 0, 0, 0, 193, 193, 0, 0, 0,
1176 257, 0, 0, 0, 0, 0, 0, 200, 0, 0,
1177 0, 193, 193, 193, 0, 0, 0, 0, 0, 193,
1178 193, 193, 193, 193, 193, 193, 203, 0, 0, 203,
1179 200, 0, 203, 203, 203, 203, 203, 0, 0, 0,
1180 203, 203, 203, 203, 0, 203, 203, 0, 203, 203,
1181 0, 0, 203, 0, 0, 0, 203, 0, 203, 203,
1182 203, 203, 203, 0, 0, 203, 203, 203, 0, 0,
1183 0, 203, 0, 0, 0, 0, 0, 203, 0, 0,
1184 0, 0, 0, 0, 203, 0, 0, 0, 0, 0,
1185 0, 203, 0, 0, 0, 0, 0, 0, 0, 0,
1186 203, 0, 0, 0, 0, 203, 0, 0, 203, 0,
1187 0, 0, 0, 0, 0, 203, 203, 0, 0, 0,
1188 0, 0, 0, 0, 0, 0, 0, 199, 0, 0,
1189 0, 203, 203, 203, 0, 0, 0, 257, 0, 203,
1190 203, 203, 203, 203, 203, 203, 257, 257, 0, 0,
1191 199, 0, 0, 0, 0, 0, 257, 257, 0, 257,
1192 257, 0, 257, 257, 0, 0, 0, 257, 0, 257,
1193 257, 257, 257, 257, 0, 0, 257, 257, 257, 0,
1194 0, 0, 257, 0, 0, 0, 0, 0, 257, 0,
1195 0, 0, 0, 0, 0, 257, 0, 0, 0, 0,
1196 0, 0, 0, 0, 0, 257, 257, 257, 257, 257,
1197 257, 257, 0, 0, 0, 0, 257, 0, 0, 257,
1198 0, 0, 0, 0, 0, 0, 257, 257, 0, 0,
1199 257, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1200 0, 0, 257, 257, 257, 0, 0, 196, 0, 0,
1201 257, 257, 257, 257, 257, 257, 257, 200, 0, 0,
1202 200, 0, 0, 0, 200, 200, 200, 200, 0, 0,
1203 196, 200, 200, 200, 200, 0, 200, 200, 0, 200,
1204 200, 0, 0, 200, 0, 0, 0, 200, 0, 200,
1205 200, 200, 200, 200, 0, 0, 200, 200, 200, 0,
1206 0, 0, 200, 0, 0, 0, 0, 0, 200, 0,
1207 0, 0, 0, 0, 0, 200, 0, 0, 0, 0,
1208 0, 0, 200, 0, 0, 0, 0, 0, 0, 0,
1209 0, 200, 0, 0, 0, 0, 200, 0, 0, 200,
1210 0, 0, 0, 0, 0, 0, 200, 200, 0, 0,
1211 0, 0, 0, 0, 0, 0, 0, 0, 357, 0,
1212 196, 0, 200, 200, 200, 0, 0, 0, 0, 0,
1213 200, 200, 200, 200, 200, 200, 200, 199, 0, 0,
1214 199, 357, 0, 0, 199, 199, 199, 199, 0, 0,
1215 0, 199, 199, 199, 199, 0, 199, 199, 0, 199,
1216 199, 0, 0, 199, 0, 0, 0, 199, 0, 199,
1217 199, 199, 199, 199, 0, 0, 199, 199, 199, 0,
1218 0, 0, 199, 0, 0, 0, 0, 0, 199, 0,
1219 0, 0, 0, 0, 0, 199, 0, 0, 0, 0,
1220 0, 0, 199, 0, 0, 0, 0, 0, 0, 0,
1221 0, 199, 0, 0, 0, 0, 199, 0, 0, 199,
1222 0, 0, 0, 0, 0, 0, 199, 199, 0, 0,
1223 0, 357, 0, 0, 0, 0, 0, 0, 359, 0,
1224 0, 0, 199, 199, 199, 0, 0, 0, 0, 0,
1225 199, 199, 199, 199, 199, 199, 199, 196, 0, 0,
1226 196, 359, 0, 0, 196, 196, 196, 196, 0, 0,
1227 0, 196, 196, 196, 196, 0, 196, 196, 0, 196,
1228 196, 0, 0, 196, 0, 0, 0, 196, 0, 196,
1229 196, 196, 196, 196, 0, 0, 196, 196, 196, 0,
1230 0, 0, 196, 0, 0, 0, 0, 0, 196, 0,
1231 0, 0, 0, 0, 0, 196, 0, 0, 0, 0,
1232 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1233 0, 196, 0, 0, 0, 0, 196, 0, 0, 196,
1234 0, 0, 0, 0, 0, 0, 196, 196, 0, 0,
1235 0, 359, 0, 0, 0, 0, 0, 0, 363, 0,
1236 0, 0, 196, 196, 196, 0, 0, 0, 357, 0,
1237 196, 196, 196, 196, 196, 196, 196, 357, 357, 0,
1238 0, 363, 0, 0, 0, 0, 0, 357, 357, 0,
1239 357, 357, 0, 0, 357, 0, 0, 0, 357, 0,
1240 357, 357, 357, 357, 357, 0, 0, 357, 357, 357,
1241 0, 0, 0, 357, 0, 0, 0, 0, 0, 357,
1242 0, 0, 0, 0, 0, 0, 357, 0, 0, 0,
1243 0, 0, 0, 0, 0, 0, 357, 357, 357, 357,
1244 357, 357, 357, 0, 0, 0, 0, 357, 0, 0,
1245 357, 0, 0, 0, 0, 0, 0, 357, 357, 0,
1246 0, 357, 0, 0, 0, 0, 0, 0, 0, 0,
1247 0, 363, 0, 357, 357, 357, 0, 0, 198, 0,
1248 0, 357, 357, 357, 357, 357, 357, 357, 359, 0,
1249 0, 0, 0, 0, 0, 0, 0, 359, 359, 0,
1250 0, 198, 0, 0, 0, 0, 0, 359, 359, 0,
1251 359, 359, 0, 0, 359, 0, 0, 0, 359, 0,
1252 359, 359, 359, 359, 359, 0, 0, 359, 359, 359,
1253 0, 0, 0, 359, 0, 0, 0, 0, 0, 359,
1254 0, 0, 0, 0, 0, 0, 359, 0, 0, 0,
1255 0, 0, 0, 0, 0, 0, 359, 359, 359, 359,
1256 359, 359, 359, 0, 0, 0, 0, 359, 0, 0,
1257 359, 0, 0, 0, 0, 0, 0, 359, 359, 0,
1258 0, 359, 0, 0, 0, 0, 0, 0, 0, 0,
1259 0, 0, 0, 359, 359, 359, 0, 0, 211, 0,
1260 0, 359, 359, 359, 359, 359, 359, 359, 363, 0,
1261 0, 0, 0, 0, 0, 0, 0, 363, 363, 0,
1262 0, 211, 0, 0, 0, 0, 0, 363, 363, 0,
1263 363, 363, 0, 0, 363, 0, 0, 0, 363, 0,
1264 363, 363, 363, 363, 363, 0, 0, 363, 363, 363,
1265 0, 0, 0, 363, 0, 0, 0, 0, 0, 363,
1266 0, 0, 0, 0, 0, 0, 363, 0, 0, 0,
1267 0, 0, 0, 0, 0, 0, 361, 361, 361, 361,
1268 361, 361, 363, 0, 0, 0, 0, 363, 0, 0,
1269 363, 0, 0, 0, 0, 0, 0, 363, 363, 0,
1270 0, 361, 0, 0, 0, 0, 0, 0, 0, 363,
1271 0, 211, 0, 363, 363, 363, 0, 0, 0, 0,
1272 0, 363, 363, 363, 363, 363, 363, 363, 198, 0,
1273 0, 198, 363, 0, 0, 198, 198, 198, 198, 0,
1274 0, 0, 198, 198, 198, 198, 0, 198, 198, 0,
1275 198, 198, 0, 0, 198, 0, 0, 0, 198, 0,
1276 198, 198, 198, 198, 198, 0, 0, 198, 198, 198,
1277 0, 0, 0, 198, 0, 0, 0, 0, 0, 198,
1278 0, 0, 0, 0, 0, 0, 198, 0, 0, 0,
1279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1280 0, 0, 198, 0, 0, 0, 0, 198, 0, 0,
1281 198, 0, 0, 0, 0, 0, 0, 198, 198, 0,
1282 0, 0, 363, 0, 0, 0, 0, 0, 0, 211,
1283 0, 0, 0, 198, 198, 198, 0, 0, 0, 0,
1284 0, 198, 198, 198, 198, 198, 198, 198, 211, 0,
1285 0, 211, 211, 0, 0, 0, 211, 211, 211, 0,
1286 0, 0, 211, 211, 211, 211, 0, 211, 211, 0,
1287 211, 211, 0, 0, 211, 0, 0, 0, 211, 0,
1288 211, 211, 211, 211, 211, 0, 0, 211, 211, 211,
1289 0, 0, 0, 211, 0, 0, 0, 0, 0, 211,
1290 0, 0, 0, 0, 0, 0, 211, 0, 0, 0,
1291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1292 0, 0, 211, 0, 0, 0, 0, 211, 0, 0,
1293 211, 0, 0, 0, 0, 0, 0, 211, 211, 0,
1294 0, 0, 0, 0, 0, 0, 0, 0, 0, 220,
1295 0, 0, 0, 211, 211, 211, 0, 0, 0, 363,
1296 0, 211, 211, 211, 211, 211, 211, 211, 0, 363,
1297 0, 0, 220, 0, 0, 0, 0, 0, 363, 363,
1298 0, 363, 363, 0, 0, 363, 0, 0, 0, 363,
1299 0, 363, 363, 363, 363, 363, 0, 0, 363, 363,
1300 363, 0, 0, 0, 363, 0, 0, 0, 0, 0,
1301 363, 0, 0, 0, 0, 0, 0, 363, 0, 0,
1302 0, 0, 0, 0, 0, 0, 0, 361, 361, 361,
1303 361, 361, 361, 363, 0, 0, 0, 0, 363, 0,
1304 0, 363, 0, 0, 0, 0, 0, 0, 363, 363,
1305 0, 0, 361, 0, 0, 0, 0, 0, 0, 0,
1306 0, 0, 220, 0, 363, 363, 363, 0, 0, 220,
1307 0, 0, 363, 363, 363, 363, 363, 363, 363, 211,
1308 0, 0, 211, 0, 0, 0, 0, 211, 211, 211,
1309 0, 0, 220, 211, 211, 211, 211, 0, 211, 211,
1310 0, 211, 211, 0, 0, 211, 0, 0, 0, 211,
1311 0, 211, 211, 211, 211, 211, 0, 0, 211, 211,
1312 211, 0, 0, 0, 211, 0, 0, 0, 0, 0,
1313 211, 0, 0, 0, 0, 0, 0, 211, 0, 0,
1314 0, 42, 0, 43, 0, 44, 45, 46, 47, 48,
1315 0, 0, 49, 211, 50, 51, 52, 0, 211, 0,
1316 0, 211, 0, 0, 0, 0, 0, 0, 211, 211,
1317 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1318 0, 53, 0, 0, 211, 211, 211, 0, 0, 223,
1319 0, 0, 211, 211, 211, 211, 211, 211, 211, 220,
1320 0, 0, 220, 54, 55, 0, 0, 220, 220, 220,
1321 0, 0, 223, 220, 0, 0, 220, 0, 220, 220,
1322 0, 220, 220, 0, 0, 220, 0, 0, 0, 220,
1323 0, 220, 220, 220, 220, 220, 0, 0, 220, 220,
1324 220, 0, 0, 0, 220, 0, 0, 0, 0, 0,
1325 220, 0, 0, 0, 0, 0, 0, 220, 0, 0,
1326 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1327 0, 0, 0, 220, 0, 0, 0, 0, 220, 0,
1328 0, 220, 0, 0, 0, 0, 0, 0, 220, 220,
1329 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1330 0, 0, 223, 0, 220, 220, 220, 0, 0, 223,
1331 0, 0, 220, 220, 220, 220, 220, 220, 220, 220,
1332 0, 0, 220, 0, 0, 0, 0, 220, 220, 220,
1333 0, 0, 223, 220, 0, 0, 220, 0, 220, 220,
1334 0, 220, 220, 0, 0, 220, 0, 0, 0, 220,
1335 0, 220, 220, 220, 220, 220, 0, 0, 220, 220,
1336 220, 0, 0, 0, 220, 0, 0, 0, 0, 0,
1337 220, 0, 0, 0, 0, 0, 0, 220, 0, 0,
1338 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1339 0, 0, 0, 220, 0, 0, 0, 0, 220, 0,
1340 0, 220, 0, 0, 0, 0, 0, 0, 220, 220,
1341 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1342 0, 0, 0, 0, 220, 220, 220, 0, 0, 239,
1343 0, 0, 220, 220, 220, 220, 220, 220, 220, 223,
1344 0, 0, 223, 0, 0, 0, 0, 223, 223, 223,
1345 0, 0, 239, 0, 0, 0, 223, 0, 223, 223,
1346 0, 223, 223, 0, 0, 223, 0, 0, 0, 223,
1347 0, 223, 223, 223, 223, 223, 0, 0, 223, 223,
1348 223, 0, 0, 0, 223, 0, 0, 0, 0, 0,
1349 223, 0, 0, 0, 0, 0, 0, 223, 0, 0,
1350 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1351 0, 0, 0, 223, 0, 0, 0, 0, 223, 0,
1352 0, 223, 0, 0, 0, 0, 0, 0, 223, 223,
1353 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1354 0, 0, 239, 0, 223, 223, 223, 0, 0, 243,
1355 0, 0, 223, 223, 223, 223, 223, 223, 223, 223,
1356 0, 0, 223, 0, 0, 0, 0, 223, 223, 223,
1357 0, 0, 243, 0, 0, 0, 223, 0, 223, 223,
1358 0, 223, 223, 0, 0, 223, 0, 0, 0, 223,
1359 0, 223, 223, 223, 223, 223, 0, 0, 223, 223,
1360 223, 0, 0, 0, 223, 0, 0, 0, 0, 0,
1361 223, 0, 0, 0, 0, 0, 0, 223, 0, 0,
1362 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1363 0, 0, 0, 223, 0, 0, 0, 0, 223, 0,
1364 0, 223, 0, 0, 0, 0, 0, 0, 223, 223,
1365 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1366 0, 0, 243, 0, 223, 223, 223, 0, 0, 239,
1367 0, 0, 223, 223, 223, 223, 223, 223, 223, 239,
1368 0, 0, 239, 0, 0, 0, 0, 0, 239, 239,
1369 0, 0, 239, 0, 0, 0, 0, 0, 239, 239,
1370 0, 239, 239, 0, 0, 239, 0, 0, 0, 239,
1371 0, 239, 239, 239, 239, 239, 0, 0, 239, 239,
1372 239, 0, 0, 0, 239, 0, 0, 0, 0, 0,
1373 239, 0, 0, 0, 0, 0, 0, 239, 0, 0,
1374 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1375 0, 0, 0, 239, 0, 0, 0, 0, 239, 0,
1376 0, 239, 0, 0, 0, 0, 0, 0, 239, 239,
1377 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1378 233, 0, 0, 0, 239, 239, 239, 0, 0, 0,
1379 0, 0, 239, 239, 239, 239, 239, 239, 239, 243,
1380 0, 0, 243, 233, 0, 0, 0, 0, 243, 243,
1381 0, 0, 0, 0, 0, 0, 0, 0, 243, 243,
1382 0, 243, 243, 0, 0, 243, 0, 0, 0, 243,
1383 0, 243, 243, 243, 243, 243, 0, 0, 243, 243,
1384 243, 0, 0, 0, 243, 0, 0, 0, 0, 0,
1385 243, 0, 0, 0, 0, 0, 0, 243, 0, 0,
1386 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1387 0, 0, 0, 243, 0, 0, 0, 0, 243, 0,
1388 0, 243, 0, 0, 0, 0, 0, 0, 243, 243,
1389 0, 0, 0, 233, 0, 0, 0, 0, 0, 0,
1390 362, 0, 0, 0, 243, 243, 243, 0, 0, 0,
1391 0, 0, 243, 243, 243, 243, 243, 243, 243, 239,
1392 0, 0, 239, 362, 0, 0, 0, 0, 239, 239,
1393 0, 0, 0, 0, 0, 0, 0, 0, 239, 239,
1394 0, 239, 239, 0, 0, 239, 0, 0, 0, 239,
1395 0, 239, 239, 239, 239, 239, 0, 0, 239, 239,
1396 239, 0, 0, 0, 239, 0, 0, 0, 0, 0,
1397 239, 0, 0, 0, 0, 0, 0, 239, 0, 0,
1398 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1399 0, 0, 0, 239, 0, 0, 0, 0, 239, 0,
1400 0, 239, 0, 0, 0, 0, 0, 0, 239, 239,
1401 0, 0, 0, 362, 0, 0, 0, 0, 0, 0,
1402 130, 0, 0, 0, 239, 239, 239, 0, 0, 0,
1403 233, 0, 239, 239, 239, 239, 239, 239, 239, 233,
1404 233, 0, 0, 128, 0, 0, 0, 0, 0, 233,
1405 233, 0, 233, 233, 0, 0, 233, 0, 0, 0,
1406 233, 0, 233, 233, 233, 233, 233, 0, 0, 233,
1407 233, 233, 0, 0, 0, 233, 0, 0, 0, 0,
1408 0, 233, 0, 0, 0, 0, 0, 0, 233, 0,
1409 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1410 0, 0, 0, 0, 233, 0, 0, 0, 0, 233,
1411 0, 0, 233, 0, 0, 0, 0, 0, 0, 233,
1412 233, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1413 241, 0, 0, 130, 0, 233, 233, 233, 0, 0,
1414 0, 0, 0, 233, 233, 233, 233, 233, 233, 233,
1415 362, 0, 0, 241, 0, 0, 0, 0, 0, 362,
1416 362, 0, 0, 0, 0, 0, 0, 0, 0, 362,
1417 362, 0, 362, 362, 0, 0, 362, 0, 0, 0,
1418 362, 0, 362, 362, 362, 362, 362, 0, 0, 362,
1419 362, 362, 0, 0, 0, 362, 0, 0, 0, 0,
1420 0, 362, 0, 0, 0, 0, 0, 0, 362, 0,
1421 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1422 0, 0, 0, 0, 362, 0, 0, 0, 0, 362,
1423 0, 0, 362, 0, 0, 0, 0, 0, 0, 362,
1424 362, 0, 0, 241, 0, 0, 0, 0, 0, 0,
1425 333, 0, 0, 0, 0, 362, 362, 362, 0, 0,
1426 0, 0, 0, 362, 362, 362, 362, 362, 362, 362,
1427 128, 0, 0, 333, 0, 0, 0, 0, 0, 0,
1428 128, 0, 0, 0, 0, 0, 0, 0, 0, 128,
1429 128, 0, 128, 128, 0, 0, 128, 0, 0, 0,
1430 128, 0, 128, 128, 128, 128, 128, 0, 0, 128,
1431 128, 128, 0, 0, 0, 128, 0, 0, 0, 0,
1432 0, 128, 0, 0, 0, 0, 0, 0, 128, 0,
1433 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1434 0, 0, 0, 0, 128, 0, 0, 0, 0, 128,
1435 0, 153, 128, 0, 0, 0, 0, 0, 0, 128,
1436 128, 0, 0, 333, 0, 0, 0, 0, 0, 0,
1437 0, 0, 0, 0, 153, 128, 128, 128, 0, 0,
1438 241, 0, 0, 128, 128, 128, 128, 128, 128, 128,
1439 241, 0, 0, 0, 0, 0, 0, 0, 0, 241,
1440 241, 0, 241, 241, 0, 0, 241, 0, 0, 0,
1441 241, 0, 241, 241, 241, 241, 241, 0, 0, 241,
1442 241, 241, 0, 0, 0, 241, 0, 0, 0, 0,
1443 0, 241, 0, 0, 0, 0, 0, 0, 241, 0,
1444 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1445 0, 0, 130, 0, 241, 0, 0, 0, 0, 241,
1446 0, 0, 241, 0, 153, 0, 0, 0, 0, 241,
1447 241, 0, 0, 0, 0, 128, 0, 0, 0, 0,
1448 0, 0, 0, 0, 0, 241, 241, 241, 0, 0,
1449 0, 0, 0, 241, 241, 241, 241, 241, 241, 241,
1450 333, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1451 333, 0, 0, 0, 0, 0, 0, 0, 0, 333,
1452 333, 0, 333, 333, 0, 0, 333, 0, 0, 0,
1453 333, 0, 333, 333, 333, 333, 333, 0, 0, 333,
1454 333, 333, 0, 0, 0, 333, 0, 0, 0, 0,
1455 0, 333, 0, 0, 0, 0, 0, 0, 333, 0,
1456 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1457 0, 0, 0, 0, 333, 0, 162, 0, 0, 333,
1458 0, 0, 333, 0, 0, 0, 0, 0, 0, 333,
1459 333, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1460 0, 153, 0, 0, 0, 333, 333, 333, 0, 0,
1461 0, 153, 0, 333, 333, 333, 333, 333, 333, 333,
1462 153, 153, 0, 153, 153, 0, 0, 153, 0, 0,
1463 0, 153, 0, 153, 153, 153, 153, 153, 0, 0,
1464 153, 153, 153, 0, 0, 0, 153, 0, 0, 0,
1465 0, 0, 153, 0, 0, 0, 0, 0, 0, 153,
1466 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1467 0, 0, 0, 0, 0, 153, 0, 0, 0, 0,
1468 153, 0, 0, 153, 0, 0, 0, 0, 0, 0,
1469 153, 153, 0, 0, 0, 0, 0, 0, 0, 0,
1470 0, 0, 128, 0, 0, 0, 153, 153, 153, 0,
1471 0, 0, 128, 0, 153, 153, 153, 153, 153, 153,
1472 153, 128, 128, 0, 128, 128, 0, 0, 128, 0,
1473 0, 0, 128, 0, 128, 128, 128, 128, 128, 0,
1474 0, 128, 128, 128, 0, 0, 0, 128, 0, 0,
1475 0, 0, 0, 128, 0, 0, 0, 0, 0, 0,
1476 128, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1477 0, 0, 0, 0, 0, 0, 128, 0, 0, 0,
1478 0, 128, 0, 0, 128, 0, 0, 0, 0, 0,
1479 0, 128, 128, 0, 0, 0, 0, 0, 0, 0,
1480 0, 0, 0, 373, 0, 0, 0, 128, 128, 128,
1481 0, 0, 0, 374, 0, 128, 128, 128, 128, 128,
1482 128, 128, 375, 376, 0, 377, 378, 0, 0, 379,
1483 0, 0, 0, 380, 0, 381, 382, 383, 384, 385,
1484 0, 0, 386, 387, 388, 0, 0, 0, 389, 0,
1485 0, 0, 0, 0, 390, 0, 0, 0, 0, 0,
1486 0, 391, 0, 0, 0, 0, 0, 0, 0, 0,
1487 0, 0, 0, 0, 0, 0, 0, 392, 0, 0,
1488 0, 0, 393, 0, 0, 394, 0, 0, 0, 0,
1489 0, 0, 395, 396, 0, 0, 0, 0, 0, 0,
1490 0, 0, 0, 0, 0, 0, 0, 0, 397, 0,
1491 398, 0, 0, 0, 0, 0, 399, 400, 401, 402,
1492 403, 404,
1493};
1494const short yycheck[] =
1495 { 3,
1496 3, 95, 63, 110, 0, 10, 145, 40, 10, 40,
1497 33, 10, 47, 10, 10, 40, 10, 40, 33, 123,
1498 164, 44, 435, 371, 33, 40, 123, 33, 40, 44,
1499 123, 33, 323, 324, 44, 40, 511, 60, 40, 44,
1500 459, 123, 44, 182, 188, 60, 10, 123, 402, 33,
1501 404, 489, 277, 44, 44, 60, 10, 123, 60, 33,
1502 40, 105, 535, 157, 325, 33, 40, 161, 10, 123,
1503 209, 178, 211, 551, 387, 388, 44, 41, 212, 140,
1504 44, 278, 548, 311, 537, 444, 60, 296, 33, 196,
1505 33, 278, 40, 187, 33, 462, 44, 457, 123, 295,
1506 123, 123, 125, 158, 366, 244, 479, 33, 123, 160,
1507 125, 60, 60, 252, 208, 125, 210, 379, 257, 383,
1508 125, 123, 40, 125, 123, 44, 10, 472, 267, 123,
1509 366, 61, 492, 342, 125, 125, 265, 266, 505, 123,
1510 507, 40, 60, 33, 268, 239, 343, 40, 44, 123,
1511 40, 125, 286, 277, 629, 44, 343, 125, 383, 253,
1512 10, 60, 321, 44, 258, 638, 579, 60, 212, 44,
1513 60, 125, 433, 40, 313, 534, 654, 125, 123, 552,
1514 123, 600, 530, 621, 123, 651, 383, 383, 641, 283,
1515 284, 41, 40, 248, 44, 33, 383, 123, 291, 125,
1516 251, 437, 40, 44, 549, 123, 125, 44, 302, 261,
1517 383, 141, 60, 10, 568, 309, 355, 356, 357, 10,
1518 314, 151, 60, 198, 383, 319, 303, 321, 366, 125,
1519 205, 522, 523, 123, 328, 548, 125, 383, 551, 269,
1520 44, 379, 286, 278, 125, 44, 44, 277, 41, 40,
1521 125, 44, 671, 278, 306, 278, 381, 382, 383, 626,
1522 256, 257, 258, 259, 358, 61, 278, 344, 362, 278,
1523 300, 44, 278, 40, 297, 298, 10, 221, 417, 383,
1524 384, 309, 297, 298, 125, 123, 383, 384, 125, 333,
1525 383, 398, 291, 60, 278, 297, 298, 327, 278, 296,
1526 439, 383, 256, 257, 258, 259, 10, 383, 384, 10,
1527 278, 307, 10, 309, 542, 311, 40, 383, 343, 413,
1528 687, 125, 676, 297, 298, 10, 125, 125, 324, 383,
1529 326, 343, 426, 278, 343, 33, 44, 343, 651, 303,
1530 285, 654, 40, 339, 438, 342, 44, 291, 383, 372,
1531 383, 347, 125, 384, 448, 309, 320, 372, 383, 453,
1532 383, 384, 60, 343, 458, 509, 410, 372, 383, 384,
1533 372, 383, 366, 383, 383, 343, 470, 383, 383, 384,
1534 40, 383, 384, 477, 383, 379, 525, 383, 278, 10,
1535 354, 355, 356, 383, 384, 359, 360, 361, 372, 363,
1536 364, 508, 10, 383, 368, 369, 40, 297, 298, 383,
1537 384, 278, 296, 10, 44, 383, 44, 125, 646, 383,
1538 262, 560, 264, 562, 372, 123, 60, 125, 403, 10,
1539 524, 40, 526, 10, 573, 383, 384, 33, 10, 41,
1540 278, 10, 44, 504, 40, 45, 10, 47, 41, 277,
1541 589, 44, 591, 303, 372, 40, 595, 267, 342, 297,
1542 298, 33, 601, 10, 60, 383, 384, 10, 40, 10,
1543 320, 383, 44, 372, 613, 383, 343, 616, 572, 372,
1544 619, 10, 372, 544, 383, 384, 41, 581, 60, 44,
1545 383, 384, 10, 383, 384, 125, 383, 125, 592, 606,
1546 383, 384, 596, 564, 354, 355, 356, 383, 336, 359,
1547 360, 361, 41, 363, 364, 44, 383, 383, 368, 369,
1548 614, 349, 265, 617, 372, 33, 40, 123, 10, 305,
1549 297, 298, 40, 383, 372, 383, 384, 631, 325, 336,
1550 337, 338, 368, 369, 341, 383, 384, 344, 304, 346,
1551 644, 123, 60, 125, 351, 256, 257, 258, 259, 266,
1552 40, 62, 260, 339, 44, 263, 660, 41, 10, 266,
1553 44, 269, 270, 349, 668, 669, 352, 287, 672, 673,
1554 278, 279, 280, 41, 282, 283, 44, 285, 286, 683,
1555 10, 10, 290, 60, 292, 293, 294, 295, 296, 297,
1556 298, 299, 300, 301, 384, 372, 307, 305, 309, 10,
1557 311, 383, 384, 311, 384, 123, 383, 384, 383, 384,
1558 318, 383, 384, 324, 44, 326, 630, 630, 357, 358,
1559 328, 329, 330, 331, 332, 333, 334, 335, 339, 275,
1560 276, 339, 269, 41, 342, 125, 347, 383, 384, 261,
1561 277, 349, 350, 383, 384, 353, 60, 61, 62, 271,
1562 272, 273, 384, 297, 298, 383, 384, 365, 366, 367,
1563 383, 384, 384, 300, 372, 373, 374, 375, 376, 377,
1564 378, 379, 383, 125, 384, 383, 384, 44, 260, 383,
1565 384, 263, 383, 384, 306, 384, 305, 269, 270, 44,
1566 327, 297, 298, 383, 384, 384, 278, 279, 280, 384,
1567 282, 283, 268, 285, 286, 60, 61, 62, 290, 123,
1568 292, 293, 294, 295, 296, 297, 298, 299, 300, 301,
1569 339, 384, 10, 305, 383, 384, 383, 384, 372, 311,
1570 349, 383, 384, 352, 383, 384, 318, 382, 383, 383,
1571 384, 41, 305, 40, 383, 33, 328, 329, 330, 331,
1572 332, 333, 334, 335, 383, 384, 44, 339, 383, 383,
1573 342, 47, 41, 384, 303, 33, 372, 349, 350, 383,
1574 125, 353, 60, 61, 62, 303, 339, 383, 384, 297,
1575 298, 320, 384, 365, 366, 367, 349, 62, 278, 352,
1576 372, 373, 374, 375, 376, 377, 378, 379, 41, 384,
1577 384, 383, 384, 384, 274, 257, 258, 259, 336, 337,
1578 338, 303, 383, 341, 41, 354, 355, 356, 346, 383,
1579 359, 360, 361, 351, 363, 364, 362, 383, 320, 368,
1580 369, 287, 288, 383, 357, 123, 384, 125, 60, 61,
1581 62, 345, 263, 325, 383, 285, 302, 10, 335, 269,
1582 383, 47, 308, 343, 372, 47, 383, 309, 383, 123,
1583 40, 317, 354, 355, 356, 383, 384, 359, 360, 361,
1584 33, 363, 364, 303, 326, 384, 368, 369, 383, 287,
1585 288, 44, 385, 284, 284, 60, 61, 62, 284, 284,
1586 384, 383, 303, 383, 302, 384, 384, 60, 61, 62,
1587 308, 123, 383, 285, 384, 383, 336, 337, 338, 317,
1588 384, 341, 41, 62, 344, 384, 346, 60, 61, 62,
1589 344, 351, 303, 383, 47, 336, 337, 338, 281, 281,
1590 341, 40, 385, 344, 285, 346, 385, 384, 383, 47,
1591 351, 285, 268, 10, 383, 41, 384, 384, 123, 328,
1592 329, 330, 331, 332, 333, 41, 384, 384, 383, 269,
1593 123, 383, 125, 10, 325, 384, 380, 381, 382, 383,
1594 384, 10, 260, 10, 353, 263, 41, 10, 268, 10,
1595 383, 269, 270, 60, 61, 62, 10, 10, 10, 383,
1596 10, 279, 280, 10, 282, 283, 10, 268, 286, 60,
1597 61, 62, 290, 41, 292, 293, 294, 295, 296, 33,
1598 384, 299, 300, 301, 60, 61, 62, 305, 485, 54,
1599 44, 564, 242, 311, 201, 380, 381, 382, 383, 384,
1600 318, 279, 415, 336, 349, 372, 60, 61, 62, 385,
1601 336, 337, 338, 62, 539, 341, 334, 140, 66, 177,
1602 346, 339, 57, 219, 342, 351, 297, 315, 336, 337,
1603 338, 349, 350, 341, 263, 410, 636, 232, 346, 486,
1604 241, 612, 630, 351, 282, -1, -1, 365, 366, 367,
1605 -1, -1, -1, -1, -1, 373, 374, 375, 376, 377,
1606 378, 379, 380, 381, 382, 383, 384, 260, -1, 123,
1607 -1, 125, 60, 61, 62, -1, -1, 270, -1, -1,
1608 -1, 10, -1, -1, -1, -1, 279, 280, -1, 282,
1609 283, -1, -1, 286, -1, -1, -1, 290, -1, 292,
1610 293, 294, 295, 296, 33, -1, 299, 300, 301, -1,
1611 -1, -1, 305, -1, -1, 44, -1, -1, 311, -1,
1612 -1, -1, -1, -1, -1, 318, -1, -1, 380, 381,
1613 382, 383, 384, -1, -1, -1, -1, -1, -1, -1,
1614 -1, 334, -1, -1, -1, -1, 339, -1, -1, 342,
1615 -1, -1, -1, -1, -1, -1, 349, 350, -1, -1,
1616 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1617 -1, -1, 365, 366, 367, 380, 381, 382, 383, 384,
1618 373, 374, 375, 376, 377, 378, 379, 380, 381, 382,
1619 383, 384, -1, -1, 123, -1, 125, -1, -1, -1,
1620 -1, 10, -1, -1, -1, -1, 260, 380, 381, 382,
1621 383, 384, -1, -1, -1, -1, 270, -1, -1, -1,
1622 -1, -1, -1, -1, 33, 279, 280, -1, 282, 283,
1623 -1, -1, 286, -1, -1, 44, 290, -1, 292, 293,
1624 294, 295, 296, 33, -1, 299, 300, 301, -1, -1,
1625 40, 305, -1, -1, 44, -1, -1, 311, -1, -1,
1626 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1627 60, 61, 62, 380, 381, 382, 383, 384, -1, -1,
1628 334, -1, -1, -1, -1, 339, -1, -1, 342, 380,
1629 381, 382, 383, 384, -1, 349, 350, -1, -1, -1,
1630 -1, -1, -1, -1, 380, 381, 382, 383, 384, -1,
1631 -1, 365, 366, 367, 123, -1, 125, -1, -1, 373,
1632 374, 375, 376, 377, 378, 379, 380, 381, 382, 383,
1633 384, 260, -1, 123, -1, 125, -1, -1, -1, -1,
1634 -1, 270, -1, -1, -1, -1, 10, -1, -1, -1,
1635 279, 280, -1, 282, 283, -1, -1, 286, -1, -1,
1636 -1, 290, -1, 292, 293, 294, 295, 296, -1, 33,
1637 299, 300, 301, -1, -1, -1, 305, 41, -1, -1,
1638 44, -1, 311, -1, -1, -1, -1, -1, -1, 318,
1639 -1, -1, 380, 381, 382, 383, 384, -1, -1, -1,
1640 -1, -1, -1, -1, -1, 334, -1, -1, -1, -1,
1641 339, -1, -1, 342, -1, -1, -1, -1, -1, -1,
1642 349, 350, -1, -1, -1, -1, -1, -1, -1, -1,
1643 -1, -1, -1, -1, -1, -1, 365, 366, 367, -1,
1644 -1, -1, -1, -1, 373, 374, 375, 376, 377, 378,
1645 379, 260, -1, -1, 383, 384, -1, -1, -1, 123,
1646 -1, 270, 303, -1, -1, -1, 10, -1, -1, -1,
1647 279, 280, -1, 282, 283, -1, -1, 286, -1, 320,
1648 -1, 290, -1, 292, 293, 294, 295, 296, 278, 33,
1649 299, 300, 301, -1, -1, -1, 305, -1, -1, -1,
1650 -1, -1, 311, -1, -1, -1, -1, 297, 298, 318,
1651 -1, -1, -1, 354, 355, 356, -1, -1, 359, 360,
1652 361, -1, 363, 364, -1, 334, -1, 368, 369, -1,
1653 339, -1, -1, 342, -1, -1, -1, -1, -1, -1,
1654 349, 350, 383, -1, -1, -1, -1, -1, -1, -1,
1655 -1, -1, -1, 343, -1, -1, 365, 366, 367, -1,
1656 -1, -1, -1, -1, 373, 374, 375, 376, 377, 378,
1657 379, -1, -1, -1, 383, 384, -1, -1, -1, -1,
1658 -1, -1, 372, -1, -1, -1, 10, -1, -1, -1,
1659 380, 381, 382, 383, 384, -1, 260, -1, -1, -1,
1660 -1, -1, -1, -1, -1, 269, 270, -1, -1, 33,
1661 -1, -1, -1, 277, -1, 279, 280, -1, 282, 283,
1662 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1663 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1664 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1665 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1666 -1, -1, -1, 327, 328, 329, 330, 331, 332, 333,
1667 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1668 -1, -1, -1, -1, -1, 349, 350, -1, -1, 353,
1669 -1, -1, -1, -1, -1, -1, -1, -1, -1, 123,
1670 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1671 374, 375, 376, 377, 378, 379, 260, -1, 262, 263,
1672 264, 265, 266, 267, 268, 269, 270, 303, -1, 33,
1673 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1674 -1, -1, 286, -1, 320, -1, 290, -1, 292, 293,
1675 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1676 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1677 -1, -1, -1, -1, 318, -1, -1, -1, 354, 355,
1678 356, -1, -1, 359, 360, 361, -1, 363, 364, -1,
1679 334, -1, 368, 369, -1, 339, -1, -1, 342, -1,
1680 -1, -1, -1, -1, -1, 349, 350, 383, -1, -1,
1681 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1682 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1683 374, 375, 376, 377, 378, 379, 260, -1, 262, 263,
1684 264, -1, 266, 267, 268, 269, 270, -1, -1, 33,
1685 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1686 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1687 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1688 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1689 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1690 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1691 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1692 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1693 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1694 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1695 374, 375, 376, 377, 378, 379, 260, -1, 262, 263,
1696 264, 265, 266, 267, 268, 269, 270, -1, -1, 33,
1697 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1698 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1699 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1700 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1701 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1702 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1703 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1704 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1705 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1706 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1707 374, 375, 376, 377, 378, 379, 260, -1, 262, 263,
1708 264, 265, 266, 267, 268, 269, 270, -1, -1, 33,
1709 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1710 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1711 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1712 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1713 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1714 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1715 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1716 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1717 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1718 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1719 374, 375, 376, 377, 378, 379, 260, -1, 262, 263,
1720 264, 265, 266, 267, 268, 269, 270, -1, -1, 33,
1721 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1722 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1723 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1724 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1725 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1726 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1727 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1728 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1729 -1, -1, -1, -1, -1, -1, -1, -1, -1, 123,
1730 -1, 365, 366, 367, -1, -1, 10, -1, -1, 373,
1731 374, 375, 376, 377, 378, 379, 260, -1, -1, 263,
1732 -1, 265, 266, 267, 268, 269, 270, -1, -1, 33,
1733 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1734 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1735 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1736 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1737 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1738 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1739 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1740 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1741 -1, -1, -1, -1, -1, -1, -1, 10, -1, -1,
1742 -1, 365, 366, 367, -1, -1, -1, -1, -1, 373,
1743 374, 375, 376, 377, 378, 379, 260, -1, -1, 263,
1744 33, -1, 266, 267, 268, 269, 270, -1, -1, -1,
1745 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1746 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1747 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1748 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1749 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1750 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1751 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1752 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1753 123, -1, -1, -1, -1, -1, -1, 10, -1, -1,
1754 -1, 365, 366, 367, -1, -1, -1, -1, -1, 373,
1755 374, 375, 376, 377, 378, 379, 260, -1, -1, 263,
1756 33, -1, 266, 267, 268, 269, 270, -1, -1, -1,
1757 274, 275, 276, 277, -1, 279, 280, -1, 282, 283,
1758 -1, -1, 286, -1, -1, -1, 290, -1, 292, 293,
1759 294, 295, 296, -1, -1, 299, 300, 301, -1, -1,
1760 -1, 305, -1, -1, -1, -1, -1, 311, -1, -1,
1761 -1, -1, -1, -1, 318, -1, -1, -1, -1, -1,
1762 -1, 325, -1, -1, -1, -1, -1, -1, -1, -1,
1763 334, -1, -1, -1, -1, 339, -1, -1, 342, -1,
1764 -1, -1, -1, -1, -1, 349, 350, -1, -1, -1,
1765 -1, -1, -1, -1, -1, -1, -1, 10, -1, -1,
1766 -1, 365, 366, 367, -1, -1, -1, 260, -1, 373,
1767 374, 375, 376, 377, 378, 379, 269, 270, -1, -1,
1768 33, -1, -1, -1, -1, -1, 279, 280, -1, 282,
1769 283, -1, 285, 286, -1, -1, -1, 290, -1, 292,
1770 293, 294, 295, 296, -1, -1, 299, 300, 301, -1,
1771 -1, -1, 305, -1, -1, -1, -1, -1, 311, -1,
1772 -1, -1, -1, -1, -1, 318, -1, -1, -1, -1,
1773 -1, -1, -1, -1, -1, 328, 329, 330, 331, 332,
1774 333, 334, -1, -1, -1, -1, 339, -1, -1, 342,
1775 -1, -1, -1, -1, -1, -1, 349, 350, -1, -1,
1776 353, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1777 -1, -1, 365, 366, 367, -1, -1, 10, -1, -1,
1778 373, 374, 375, 376, 377, 378, 379, 260, -1, -1,
1779 263, -1, -1, -1, 267, 268, 269, 270, -1, -1,
1780 33, 274, 275, 276, 277, -1, 279, 280, -1, 282,
1781 283, -1, -1, 286, -1, -1, -1, 290, -1, 292,
1782 293, 294, 295, 296, -1, -1, 299, 300, 301, -1,
1783 -1, -1, 305, -1, -1, -1, -1, -1, 311, -1,
1784 -1, -1, -1, -1, -1, 318, -1, -1, -1, -1,
1785 -1, -1, 325, -1, -1, -1, -1, -1, -1, -1,
1786 -1, 334, -1, -1, -1, -1, 339, -1, -1, 342,
1787 -1, -1, -1, -1, -1, -1, 349, 350, -1, -1,
1788 -1, -1, -1, -1, -1, -1, -1, -1, 10, -1,
1789 123, -1, 365, 366, 367, -1, -1, -1, -1, -1,
1790 373, 374, 375, 376, 377, 378, 379, 260, -1, -1,
1791 263, 33, -1, -1, 267, 268, 269, 270, -1, -1,
1792 -1, 274, 275, 276, 277, -1, 279, 280, -1, 282,
1793 283, -1, -1, 286, -1, -1, -1, 290, -1, 292,
1794 293, 294, 295, 296, -1, -1, 299, 300, 301, -1,
1795 -1, -1, 305, -1, -1, -1, -1, -1, 311, -1,
1796 -1, -1, -1, -1, -1, 318, -1, -1, -1, -1,
1797 -1, -1, 325, -1, -1, -1, -1, -1, -1, -1,
1798 -1, 334, -1, -1, -1, -1, 339, -1, -1, 342,
1799 -1, -1, -1, -1, -1, -1, 349, 350, -1, -1,
1800 -1, 123, -1, -1, -1, -1, -1, -1, 10, -1,
1801 -1, -1, 365, 366, 367, -1, -1, -1, -1, -1,
1802 373, 374, 375, 376, 377, 378, 379, 260, -1, -1,
1803 263, 33, -1, -1, 267, 268, 269, 270, -1, -1,
1804 -1, 274, 275, 276, 277, -1, 279, 280, -1, 282,
1805 283, -1, -1, 286, -1, -1, -1, 290, -1, 292,
1806 293, 294, 295, 296, -1, -1, 299, 300, 301, -1,
1807 -1, -1, 305, -1, -1, -1, -1, -1, 311, -1,
1808 -1, -1, -1, -1, -1, 318, -1, -1, -1, -1,
1809 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1810 -1, 334, -1, -1, -1, -1, 339, -1, -1, 342,
1811 -1, -1, -1, -1, -1, -1, 349, 350, -1, -1,
1812 -1, 123, -1, -1, -1, -1, -1, -1, 10, -1,
1813 -1, -1, 365, 366, 367, -1, -1, -1, 260, -1,
1814 373, 374, 375, 376, 377, 378, 379, 269, 270, -1,
1815 -1, 33, -1, -1, -1, -1, -1, 279, 280, -1,
1816 282, 283, -1, -1, 286, -1, -1, -1, 290, -1,
1817 292, 293, 294, 295, 296, -1, -1, 299, 300, 301,
1818 -1, -1, -1, 305, -1, -1, -1, -1, -1, 311,
1819 -1, -1, -1, -1, -1, -1, 318, -1, -1, -1,
1820 -1, -1, -1, -1, -1, -1, 328, 329, 330, 331,
1821 332, 333, 334, -1, -1, -1, -1, 339, -1, -1,
1822 342, -1, -1, -1, -1, -1, -1, 349, 350, -1,
1823 -1, 353, -1, -1, -1, -1, -1, -1, -1, -1,
1824 -1, 123, -1, 365, 366, 367, -1, -1, 10, -1,
1825 -1, 373, 374, 375, 376, 377, 378, 379, 260, -1,
1826 -1, -1, -1, -1, -1, -1, -1, 269, 270, -1,
1827 -1, 33, -1, -1, -1, -1, -1, 279, 280, -1,
1828 282, 283, -1, -1, 286, -1, -1, -1, 290, -1,
1829 292, 293, 294, 295, 296, -1, -1, 299, 300, 301,
1830 -1, -1, -1, 305, -1, -1, -1, -1, -1, 311,
1831 -1, -1, -1, -1, -1, -1, 318, -1, -1, -1,
1832 -1, -1, -1, -1, -1, -1, 328, 329, 330, 331,
1833 332, 333, 334, -1, -1, -1, -1, 339, -1, -1,
1834 342, -1, -1, -1, -1, -1, -1, 349, 350, -1,
1835 -1, 353, -1, -1, -1, -1, -1, -1, -1, -1,
1836 -1, -1, -1, 365, 366, 367, -1, -1, 10, -1,
1837 -1, 373, 374, 375, 376, 377, 378, 379, 260, -1,
1838 -1, -1, -1, -1, -1, -1, -1, 269, 270, -1,
1839 -1, 33, -1, -1, -1, -1, -1, 279, 280, -1,
1840 282, 283, -1, -1, 286, -1, -1, -1, 290, -1,
1841 292, 293, 294, 295, 296, -1, -1, 299, 300, 301,
1842 -1, -1, -1, 305, -1, -1, -1, -1, -1, 311,
1843 -1, -1, -1, -1, -1, -1, 318, -1, -1, -1,
1844 -1, -1, -1, -1, -1, -1, 328, 329, 330, 331,
1845 332, 333, 334, -1, -1, -1, -1, 339, -1, -1,
1846 342, -1, -1, -1, -1, -1, -1, 349, 350, -1,
1847 -1, 353, -1, -1, -1, -1, -1, -1, -1, 10,
1848 -1, 123, -1, 365, 366, 367, -1, -1, -1, -1,
1849 -1, 373, 374, 375, 376, 377, 378, 379, 260, -1,
1850 -1, 263, 33, -1, -1, 267, 268, 269, 270, -1,
1851 -1, -1, 274, 275, 276, 277, -1, 279, 280, -1,
1852 282, 283, -1, -1, 286, -1, -1, -1, 290, -1,
1853 292, 293, 294, 295, 296, -1, -1, 299, 300, 301,
1854 -1, -1, -1, 305, -1, -1, -1, -1, -1, 311,
1855 -1, -1, -1, -1, -1, -1, 318, -1, -1, -1,
1856 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1857 -1, -1, 334, -1, -1, -1, -1, 339, -1, -1,
1858 342, -1, -1, -1, -1, -1, -1, 349, 350, -1,
1859 -1, -1, 123, -1, -1, -1, -1, -1, -1, 10,
1860 -1, -1, -1, 365, 366, 367, -1, -1, -1, -1,
1861 -1, 373, 374, 375, 376, 377, 378, 379, 260, -1,
1862 -1, 263, 33, -1, -1, -1, 268, 269, 270, -1,
1863 -1, -1, 274, 275, 276, 277, -1, 279, 280, -1,
1864 282, 283, -1, -1, 286, -1, -1, -1, 290, -1,
1865 292, 293, 294, 295, 296, -1, -1, 299, 300, 301,
1866 -1, -1, -1, 305, -1, -1, -1, -1, -1, 311,
1867 -1, -1, -1, -1, -1, -1, 318, -1, -1, -1,
1868 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1869 -1, -1, 334, -1, -1, -1, -1, 339, -1, -1,
1870 342, -1, -1, -1, -1, -1, -1, 349, 350, -1,
1871 -1, -1, -1, -1, -1, -1, -1, -1, -1, 10,
1872 -1, -1, -1, 365, 366, 367, -1, -1, -1, 260,
1873 -1, 373, 374, 375, 376, 377, 378, 379, -1, 270,
1874 -1, -1, 33, -1, -1, -1, -1, -1, 279, 280,
1875 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1876 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1877 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1878 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1879 -1, -1, -1, -1, -1, -1, -1, 328, 329, 330,
1880 331, 332, 333, 334, -1, -1, -1, -1, 339, -1,
1881 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1882 -1, -1, 353, -1, -1, -1, -1, -1, -1, -1,
1883 -1, -1, 123, -1, 365, 366, 367, -1, -1, 10,
1884 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1885 -1, -1, 263, -1, -1, -1, -1, 268, 269, 270,
1886 -1, -1, 33, 274, 275, 276, 277, -1, 279, 280,
1887 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1888 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1889 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1890 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1891 -1, 308, -1, 310, -1, 312, 313, 314, 315, 316,
1892 -1, -1, 319, 334, 321, 322, 323, -1, 339, -1,
1893 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1894 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1895 -1, 348, -1, -1, 365, 366, 367, -1, -1, 10,
1896 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1897 -1, -1, 263, 370, 371, -1, -1, 268, 269, 270,
1898 -1, -1, 33, 274, -1, -1, 277, -1, 279, 280,
1899 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1900 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1901 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1902 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1903 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1904 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1905 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1906 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1907 -1, -1, 123, -1, 365, 366, 367, -1, -1, 10,
1908 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1909 -1, -1, 263, -1, -1, -1, -1, 268, 269, 270,
1910 -1, -1, 33, 274, -1, -1, 277, -1, 279, 280,
1911 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1912 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1913 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1914 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1915 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1916 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1917 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1918 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1919 -1, -1, -1, -1, 365, 366, 367, -1, -1, 10,
1920 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1921 -1, -1, 263, -1, -1, -1, -1, 268, 269, 270,
1922 -1, -1, 33, -1, -1, -1, 277, -1, 279, 280,
1923 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1924 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1925 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1926 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1927 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1928 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1929 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1930 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1931 -1, -1, 123, -1, 365, 366, 367, -1, -1, 10,
1932 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1933 -1, -1, 263, -1, -1, -1, -1, 268, 269, 270,
1934 -1, -1, 33, -1, -1, -1, 277, -1, 279, 280,
1935 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1936 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1937 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1938 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1939 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1940 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1941 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1942 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1943 -1, -1, 123, -1, 365, 366, 367, -1, -1, 10,
1944 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1945 -1, -1, 263, -1, -1, -1, -1, -1, 269, 270,
1946 -1, -1, 33, -1, -1, -1, -1, -1, 279, 280,
1947 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1948 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1949 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1950 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1951 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1952 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1953 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1954 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1955 10, -1, -1, -1, 365, 366, 367, -1, -1, -1,
1956 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1957 -1, -1, 263, 33, -1, -1, -1, -1, 269, 270,
1958 -1, -1, -1, -1, -1, -1, -1, -1, 279, 280,
1959 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1960 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1961 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1962 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1963 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1964 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1965 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1966 -1, -1, -1, 123, -1, -1, -1, -1, -1, -1,
1967 10, -1, -1, -1, 365, 366, 367, -1, -1, -1,
1968 -1, -1, 373, 374, 375, 376, 377, 378, 379, 260,
1969 -1, -1, 263, 33, -1, -1, -1, -1, 269, 270,
1970 -1, -1, -1, -1, -1, -1, -1, -1, 279, 280,
1971 -1, 282, 283, -1, -1, 286, -1, -1, -1, 290,
1972 -1, 292, 293, 294, 295, 296, -1, -1, 299, 300,
1973 301, -1, -1, -1, 305, -1, -1, -1, -1, -1,
1974 311, -1, -1, -1, -1, -1, -1, 318, -1, -1,
1975 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1976 -1, -1, -1, 334, -1, -1, -1, -1, 339, -1,
1977 -1, 342, -1, -1, -1, -1, -1, -1, 349, 350,
1978 -1, -1, -1, 123, -1, -1, -1, -1, -1, -1,
1979 10, -1, -1, -1, 365, 366, 367, -1, -1, -1,
1980 260, -1, 373, 374, 375, 376, 377, 378, 379, 269,
1981 270, -1, -1, 33, -1, -1, -1, -1, -1, 279,
1982 280, -1, 282, 283, -1, -1, 286, -1, -1, -1,
1983 290, -1, 292, 293, 294, 295, 296, -1, -1, 299,
1984 300, 301, -1, -1, -1, 305, -1, -1, -1, -1,
1985 -1, 311, -1, -1, -1, -1, -1, -1, 318, -1,
1986 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1987 -1, -1, -1, -1, 334, -1, -1, -1, -1, 339,
1988 -1, -1, 342, -1, -1, -1, -1, -1, -1, 349,
1989 350, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1990 10, -1, -1, 123, -1, 365, 366, 367, -1, -1,
1991 -1, -1, -1, 373, 374, 375, 376, 377, 378, 379,
1992 260, -1, -1, 33, -1, -1, -1, -1, -1, 269,
1993 270, -1, -1, -1, -1, -1, -1, -1, -1, 279,
1994 280, -1, 282, 283, -1, -1, 286, -1, -1, -1,
1995 290, -1, 292, 293, 294, 295, 296, -1, -1, 299,
1996 300, 301, -1, -1, -1, 305, -1, -1, -1, -1,
1997 -1, 311, -1, -1, -1, -1, -1, -1, 318, -1,
1998 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1999 -1, -1, -1, -1, 334, -1, -1, -1, -1, 339,
2000 -1, -1, 342, -1, -1, -1, -1, -1, -1, 349,
2001 350, -1, -1, 123, -1, -1, -1, -1, -1, -1,
2002 10, -1, -1, -1, -1, 365, 366, 367, -1, -1,
2003 -1, -1, -1, 373, 374, 375, 376, 377, 378, 379,
2004 260, -1, -1, 33, -1, -1, -1, -1, -1, -1,
2005 270, -1, -1, -1, -1, -1, -1, -1, -1, 279,
2006 280, -1, 282, 283, -1, -1, 286, -1, -1, -1,
2007 290, -1, 292, 293, 294, 295, 296, -1, -1, 299,
2008 300, 301, -1, -1, -1, 305, -1, -1, -1, -1,
2009 -1, 311, -1, -1, -1, -1, -1, -1, 318, -1,
2010 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2011 -1, -1, -1, -1, 334, -1, -1, -1, -1, 339,
2012 -1, 10, 342, -1, -1, -1, -1, -1, -1, 349,
2013 350, -1, -1, 123, -1, -1, -1, -1, -1, -1,
2014 -1, -1, -1, -1, 33, 365, 366, 367, -1, -1,
2015 260, -1, -1, 373, 374, 375, 376, 377, 378, 379,
2016 270, -1, -1, -1, -1, -1, -1, -1, -1, 279,
2017 280, -1, 282, 283, -1, -1, 286, -1, -1, -1,
2018 290, -1, 292, 293, 294, 295, 296, -1, -1, 299,
2019 300, 301, -1, -1, -1, 305, -1, -1, -1, -1,
2020 -1, 311, -1, -1, -1, -1, -1, -1, 318, -1,
2021 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2022 -1, -1, 10, -1, 334, -1, -1, -1, -1, 339,
2023 -1, -1, 342, -1, 123, -1, -1, -1, -1, 349,
2024 350, -1, -1, -1, -1, 33, -1, -1, -1, -1,
2025 -1, -1, -1, -1, -1, 365, 366, 367, -1, -1,
2026 -1, -1, -1, 373, 374, 375, 376, 377, 378, 379,
2027 260, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2028 270, -1, -1, -1, -1, -1, -1, -1, -1, 279,
2029 280, -1, 282, 283, -1, -1, 286, -1, -1, -1,
2030 290, -1, 292, 293, 294, 295, 296, -1, -1, 299,
2031 300, 301, -1, -1, -1, 305, -1, -1, -1, -1,
2032 -1, 311, -1, -1, -1, -1, -1, -1, 318, -1,
2033 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2034 -1, -1, -1, -1, 334, -1, 33, -1, -1, 339,
2035 -1, -1, 342, -1, -1, -1, -1, -1, -1, 349,
2036 350, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2037 -1, 260, -1, -1, -1, 365, 366, 367, -1, -1,
2038 -1, 270, -1, 373, 374, 375, 376, 377, 378, 379,
2039 279, 280, -1, 282, 283, -1, -1, 286, -1, -1,
2040 -1, 290, -1, 292, 293, 294, 295, 296, -1, -1,
2041 299, 300, 301, -1, -1, -1, 305, -1, -1, -1,
2042 -1, -1, 311, -1, -1, -1, -1, -1, -1, 318,
2043 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2044 -1, -1, -1, -1, -1, 334, -1, -1, -1, -1,
2045 339, -1, -1, 342, -1, -1, -1, -1, -1, -1,
2046 349, 350, -1, -1, -1, -1, -1, -1, -1, -1,
2047 -1, -1, 260, -1, -1, -1, 365, 366, 367, -1,
2048 -1, -1, 270, -1, 373, 374, 375, 376, 377, 378,
2049 379, 279, 280, -1, 282, 283, -1, -1, 286, -1,
2050 -1, -1, 290, -1, 292, 293, 294, 295, 296, -1,
2051 -1, 299, 300, 301, -1, -1, -1, 305, -1, -1,
2052 -1, -1, -1, 311, -1, -1, -1, -1, -1, -1,
2053 318, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2054 -1, -1, -1, -1, -1, -1, 334, -1, -1, -1,
2055 -1, 339, -1, -1, 342, -1, -1, -1, -1, -1,
2056 -1, 349, 350, -1, -1, -1, -1, -1, -1, -1,
2057 -1, -1, -1, 260, -1, -1, -1, 365, 366, 367,
2058 -1, -1, -1, 270, -1, 373, 374, 375, 376, 377,
2059 378, 379, 279, 280, -1, 282, 283, -1, -1, 286,
2060 -1, -1, -1, 290, -1, 292, 293, 294, 295, 296,
2061 -1, -1, 299, 300, 301, -1, -1, -1, 305, -1,
2062 -1, -1, -1, -1, 311, -1, -1, -1, -1, -1,
2063 -1, 318, -1, -1, -1, -1, -1, -1, -1, -1,
2064 -1, -1, -1, -1, -1, -1, -1, 334, -1, -1,
2065 -1, -1, 339, -1, -1, 342, -1, -1, -1, -1,
2066 -1, -1, 349, 350, -1, -1, -1, -1, -1, -1,
2067 -1, -1, -1, -1, -1, -1, -1, -1, 365, -1,
2068 367, -1, -1, -1, -1, -1, 373, 374, 375, 376,
2069 377, 378,
2070};
2071#define YYFINAL2 2
2072#ifndef YYDEBUG0
2073#define YYDEBUG0 0
2074#endif
2075#define YYMAXTOKEN385 385
2076#if YYDEBUG0
2077const char * const yyname[] =
2078 {
2079"end-of-file",0,0,0,0,0,0,0,0,0,"'\\n'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
20800,0,"'!'",0,0,0,0,0,0,"'('","')'",0,0,"','","'-'",0,"'/'",0,0,0,0,0,0,0,0,0,0,0,
20810,"'<'","'='","'>'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
20820,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'{'",0,"'}'",0,0,0,
20830,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
20840,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
20850,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
20860,0,0,0,0,0,0,0,"PASS","BLOCK","MATCH","SCRUB","RETURN","IN","OS","OUT","LOG",
2087"QUICK","ON","FROM","TO","FLAGS","RETURNRST","RETURNICMP","RETURNICMP6","PROTO",
2088"INET","INET6","ALL","ANY","ICMPTYPE","ICMP6TYPE","CODE","KEEP","MODULATE",
2089"STATE","PORT","BINATTO","NODF","MINTTL","ERROR","ALLOWOPTS","FILENAME",
2090"ROUTETO","DUPTO","REPLYTO","NO","LABEL","NOROUTE","URPFFAILED","FRAGMENT",
2091"USER","GROUP","MAXMSS","MAXIMUM","TTL","TOS","DROP","TABLE","REASSEMBLE",
2092"ANCHOR","SYNCOOKIES","SET","OPTIMIZATION","TIMEOUT","LIMIT","LOGINTERFACE",
2093"BLOCKPOLICY","RANDOMID","SYNPROXY","FINGERPRINTS","NOSYNC","DEBUG","SKIP",
2094"HOSTID","ANTISPOOF","FOR","INCLUDE","MATCHES","BITMASK","RANDOM","SOURCEHASH",
2095"ROUNDROBIN","LEASTSTATES","STATICPORT","PROBABILITY","WEIGHT","BANDWIDTH",
2096"FLOWS","QUANTUM","QUEUE","PRIORITY","QLIMIT","RTABLE","RDOMAIN","MINIMUM",
2097"BURST","PARENT","LOAD","RULESET_OPTIMIZATION","PRIO","ONCE","DEFAULT","DELAY",
2098"STICKYADDRESS","MAXSRCSTATES","MAXSRCNODES","SOURCETRACK","GLOBAL","RULE",
2099"MAXSRCCONN","MAXSRCCONNRATE","OVERLOAD","FLUSH","SLOPPY","PFLOW","MAXPKTRATE",
2100"TAGGED","TAG","IFBOUND","FLOATING","STATEPOLICY","STATEDEFAULTS","ROUTE",
2101"DIVERTTO","DIVERTREPLY","DIVERTPACKET","NATTO","AFTO","RDRTO","RECEIVEDON",
2102"NE","LE","GE","STRING","NUMBER","PORTBINARY",
2103};
2104const char * const yyrule[] =
2105 {"$accept : ruleset",
2106"ruleset :",
2107"ruleset : ruleset include '\\n'",
2108"ruleset : ruleset '\\n'",
2109"ruleset : ruleset option '\\n'",
2110"ruleset : ruleset pfrule '\\n'",
2111"ruleset : ruleset anchorrule '\\n'",
2112"ruleset : ruleset loadrule '\\n'",
2113"ruleset : ruleset queuespec '\\n'",
2114"ruleset : ruleset varset '\\n'",
2115"ruleset : ruleset antispoof '\\n'",
2116"ruleset : ruleset tabledef '\\n'",
2117"ruleset : '{' fakeanchor '}' '\\n'",
2118"ruleset : ruleset error '\\n'",
2119"include : INCLUDE STRING",
2120"fakeanchor : fakeanchor '\\n'",
2121"fakeanchor : fakeanchor anchorrule '\\n'",
2122"fakeanchor : fakeanchor pfrule '\\n'",
2123"fakeanchor : fakeanchor error '\\n'",
2124"optimizer : string",
2125"optnodf :",
2126"optnodf : NODF",
2127"option : SET REASSEMBLE yesno optnodf",
2128"option : SET OPTIMIZATION STRING",
2129"option : SET RULESET_OPTIMIZATION optimizer",
2130"option : SET TIMEOUT timeout_spec",
2131"option : SET TIMEOUT '{' optnl timeout_list '}'",
2132"option : SET LIMIT limit_spec",
2133"option : SET LIMIT '{' optnl limit_list '}'",
2134"option : SET LOGINTERFACE stringall",
2135"option : SET HOSTID number",
2136"option : SET BLOCKPOLICY DROP",
2137"option : SET BLOCKPOLICY RETURN",
2138"option : SET FINGERPRINTS STRING",
2139"option : SET STATEPOLICY statelock",
2140"option : SET DEBUG STRING",
2141"option : SET DEBUG DEBUG",
2142"option : SET SKIP interface",
2143"option : SET STATEDEFAULTS state_opt_list",
2144"option : SET SYNCOOKIES syncookie_val syncookie_opts",
2145"syncookie_val : STRING",
2146"syncookie_opts :",
2147"$$1 :",
2148"syncookie_opts : $$1 '(' syncookie_opt_l ')'",
2149"syncookie_opt_l : syncookie_opt_l comma syncookie_opt",
2150"syncookie_opt_l : syncookie_opt",
2151"syncookie_opt : STRING STRING",
2152"stringall : STRING",
2153"stringall : ALL",
2154"string : STRING string",
2155"string : STRING",
2156"varstring : numberstring varstring",
2157"varstring : numberstring",
2158"numberstring : NUMBER",
2159"numberstring : STRING",
2160"varset : STRING '=' varstring",
2161"anchorname : STRING",
2162"anchorname :",
2163"pfa_anchorlist :",
2164"pfa_anchorlist : pfa_anchorlist '\\n'",
2165"pfa_anchorlist : pfa_anchorlist pfrule '\\n'",
2166"pfa_anchorlist : pfa_anchorlist anchorrule '\\n'",
2167"pfa_anchorlist : pfa_anchorlist include '\\n'",
2168"$$2 :",
2169"pfa_anchor : '{' $$2 '\\n' pfa_anchorlist '}'",
2170"pfa_anchor :",
2171"anchorrule : ANCHOR anchorname dir quick interface af proto fromto filter_opts pfa_anchor",
2172"loadrule : LOAD ANCHOR anchorname FROM string",
2173"$$3 :",
2174"scrub_opts : $$3 scrub_opts_l",
2175"scrub_opts_l : scrub_opts_l comma scrub_opt",
2176"scrub_opts_l : scrub_opt",
2177"scrub_opt : NODF",
2178"scrub_opt : MINTTL NUMBER",
2179"scrub_opt : MAXMSS NUMBER",
2180"scrub_opt : REASSEMBLE STRING",
2181"scrub_opt : RANDOMID",
2182"antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts",
2183"antispoof_ifspc : FOR antispoof_if",
2184"antispoof_ifspc : FOR '{' optnl antispoof_iflst '}'",
2185"antispoof_iflst : antispoof_if optnl",
2186"antispoof_iflst : antispoof_iflst comma antispoof_if optnl",
2187"antispoof_if : if_item",
2188"antispoof_if : '(' if_item ')'",
2189"$$4 :",
2190"antispoof_opts : $$4 antispoof_opts_l",
2191"antispoof_opts :",
2192"antispoof_opts_l : antispoof_opts_l antispoof_opt",
2193"antispoof_opts_l : antispoof_opt",
2194"antispoof_opt : LABEL label",
2195"antispoof_opt : RTABLE NUMBER",
2196"not : '!'",
2197"not :",
2198"tabledef : TABLE '<' STRING '>' table_opts",
2199"$$5 :",
2200"table_opts : $$5 table_opts_l",
2201"table_opts :",
2202"table_opts_l : table_opts_l table_opt",
2203"table_opts_l : table_opt",
2204"table_opt : STRING",
2205"table_opt : '{' optnl '}'",
2206"table_opt : '{' optnl table_host_list '}'",
2207"table_opt : FILENAME STRING",
2208"tablespec : xhost optweight",
2209"tablespec : '{' optnl table_host_list '}'",
2210"table_host_list : tablespec optnl",
2211"table_host_list : table_host_list comma tablespec optnl",
2212"queuespec : QUEUE STRING interface queue_opts",
2213"$$6 :",
2214"queue_opts : $$6 queue_opts_l",
2215"queue_opts_l : queue_opts_l queue_opt",
2216"queue_opts_l : queue_opt",
2217"queue_opt : BANDWIDTH scspec optscs",
2218"queue_opt : PARENT STRING",
2219"queue_opt : DEFAULT",
2220"queue_opt : QLIMIT NUMBER",
2221"queue_opt : FLOWS NUMBER",
2222"queue_opt : QUANTUM NUMBER",
2223"optscs :",
2224"optscs : comma MINIMUM scspec",
2225"optscs : comma MAXIMUM scspec",
2226"optscs : comma MINIMUM scspec comma MAXIMUM scspec",
2227"optscs : comma MAXIMUM scspec comma MINIMUM scspec",
2228"scspec : bandwidth",
2229"scspec : bandwidth BURST bandwidth FOR STRING",
2230"bandwidth : STRING",
2231"bandwidth : NUMBER",
2232"pfrule : action dir logquick interface af proto fromto filter_opts",
2233"$$7 :",
2234"filter_opts : $$7 filter_opts_l",
2235"filter_opts :",
2236"filter_opts_l : filter_opts_l filter_opt",
2237"filter_opts_l : filter_opt",
2238"filter_opt : USER uids",
2239"filter_opt : GROUP gids",
2240"filter_opt : flags",
2241"filter_opt : icmpspec",
2242"filter_opt : PRIO NUMBER",
2243"filter_opt : TOS tos",
2244"filter_opt : keep",
2245"filter_opt : FRAGMENT",
2246"filter_opt : ALLOWOPTS",
2247"filter_opt : LABEL label",
2248"filter_opt : QUEUE qname",
2249"filter_opt : TAG string",
2250"filter_opt : not TAGGED string",
2251"filter_opt : PROBABILITY probability",
2252"filter_opt : RTABLE NUMBER",
2253"filter_opt : DIVERTTO STRING PORT portplain",
2254"filter_opt : DIVERTREPLY",
2255"filter_opt : DIVERTPACKET PORT portplain",
2256"filter_opt : SCRUB '(' scrub_opts ')'",
2257"filter_opt : NATTO redirpool pool_opts",
2258"filter_opt : AFTO af FROM redirpool pool_opts",
2259"filter_opt : AFTO af FROM redirpool pool_opts TO redirpool pool_opts",
2260"filter_opt : RDRTO redirpool pool_opts",
2261"filter_opt : BINATTO redirpool pool_opts",
2262"filter_opt : ROUTETO routespec",
2263"filter_opt : REPLYTO routespec",
2264"filter_opt : DUPTO routespec",
2265"filter_opt : not RECEIVEDON if_item",
2266"filter_opt : ONCE",
2267"filter_opt : MAXPKTRATE NUMBER '/' NUMBER",
2268"filter_opt : filter_sets",
2269"filter_sets : SET '(' filter_sets_l ')'",
2270"filter_sets : SET filter_set",
2271"filter_sets_l : filter_sets_l comma filter_set",
2272"filter_sets_l : filter_set",
2273"filter_set : prio",
2274"filter_set : QUEUE qname",
2275"filter_set : TOS tos",
2276"filter_set : DELAY NUMBER",
2277"prio : PRIO NUMBER",
2278"prio : PRIO '(' NUMBER comma NUMBER ')'",
2279"probability : STRING",
2280"probability : NUMBER",
2281"action : PASS",
2282"action : MATCH",
2283"action : BLOCK blockspec",
2284"blockspec :",
2285"blockspec : DROP",
2286"blockspec : RETURNRST",
2287"blockspec : RETURNRST '(' TTL NUMBER ')'",
2288"blockspec : RETURNICMP",
2289"blockspec : RETURNICMP6",
2290"blockspec : RETURNICMP '(' reticmpspec ')'",
2291"blockspec : RETURNICMP6 '(' reticmp6spec ')'",
2292"blockspec : RETURNICMP '(' reticmpspec comma reticmp6spec ')'",
2293"blockspec : RETURN",
2294"reticmpspec : STRING",
2295"reticmpspec : NUMBER",
2296"reticmp6spec : STRING",
2297"reticmp6spec : NUMBER",
2298"dir :",
2299"dir : IN",
2300"dir : OUT",
2301"quick :",
2302"quick : QUICK",
2303"logquick :",
2304"logquick : log",
2305"logquick : QUICK",
2306"logquick : log QUICK",
2307"logquick : QUICK log",
2308"log : LOG",
2309"log : LOG '(' logopts ')'",
2310"logopts : logopt",
2311"logopts : logopts comma logopt",
2312"logopt : ALL",
2313"logopt : MATCHES",
2314"logopt : USER",
2315"logopt : TO string",
2316"interface :",
2317"interface : ON if_item_not",
2318"interface : ON '{' optnl if_list '}'",
2319"if_list : if_item_not optnl",
2320"if_list : if_list comma if_item_not optnl",
2321"if_item_not : not if_item",
2322"if_item : STRING",
2323"if_item : ANY",
2324"if_item : RDOMAIN NUMBER",
2325"af :",
2326"af : INET",
2327"af : INET6",
2328"proto :",
2329"proto : PROTO proto_item",
2330"proto : PROTO '{' optnl proto_list '}'",
2331"proto_list : proto_item optnl",
2332"proto_list : proto_list comma proto_item optnl",
2333"proto_item : protoval",
2334"protoval : STRING",
2335"protoval : NUMBER",
2336"fromto : ALL",
2337"fromto : from os to",
2338"os :",
2339"os : OS xos",
2340"os : OS '{' optnl os_list '}'",
2341"xos : STRING",
2342"os_list : xos optnl",
2343"os_list : os_list comma xos optnl",
2344"from :",
2345"from : FROM ipportspec",
2346"to :",
2347"to : TO ipportspec",
2348"ipportspec : ipspec",
2349"ipportspec : ipspec PORT portspec",
2350"ipportspec : PORT portspec",
2351"optnl : '\\n' optnl",
2352"optnl :",
2353"ipspec : ANY",
2354"ipspec : xhost",
2355"ipspec : '{' optnl host_list '}'",
2356"host_list : ipspec optnl",
2357"host_list : host_list comma ipspec optnl",
2358"xhost : not host",
2359"xhost : not NOROUTE",
2360"xhost : not URPFFAILED",
2361"optweight : WEIGHT NUMBER",
2362"optweight :",
2363"host : STRING",
2364"host : STRING '-' STRING",
2365"host : STRING '/' NUMBER",
2366"host : NUMBER '/' NUMBER",
2367"host : dynaddr",
2368"host : dynaddr '/' NUMBER",
2369"host : '<' STRING '>'",
2370"host : ROUTE STRING",
2371"number : NUMBER",
2372"number : STRING",
2373"dynaddr : '(' STRING ')'",
2374"portspec : port_item",
2375"portspec : '{' optnl port_list '}'",
2376"port_list : port_item optnl",
2377"port_list : port_list comma port_item optnl",
2378"port_item : portrange",
2379"port_item : unaryop portrange",
2380"port_item : portrange PORTBINARY portrange",
2381"portplain : numberstring",
2382"portrange : numberstring",
2383"uids : uid_item",
2384"uids : '{' optnl uid_list '}'",
2385"uid_list : uid_item optnl",
2386"uid_list : uid_list comma uid_item optnl",
2387"uid_item : uid",
2388"uid_item : unaryop uid",
2389"uid_item : uid PORTBINARY uid",
2390"uid : STRING",
2391"uid : NUMBER",
2392"gids : gid_item",
2393"gids : '{' optnl gid_list '}'",
2394"gid_list : gid_item optnl",
2395"gid_list : gid_list comma gid_item optnl",
2396"gid_item : gid",
2397"gid_item : unaryop gid",
2398"gid_item : gid PORTBINARY gid",
2399"gid : STRING",
2400"gid : NUMBER",
2401"flag : STRING",
2402"flags : FLAGS flag '/' flag",
2403"flags : FLAGS '/' flag",
2404"flags : FLAGS ANY",
2405"icmpspec : ICMPTYPE icmp_item",
2406"icmpspec : ICMPTYPE '{' optnl icmp_list '}'",
2407"icmpspec : ICMP6TYPE icmp6_item",
2408"icmpspec : ICMP6TYPE '{' optnl icmp6_list '}'",
2409"icmp_list : icmp_item optnl",
2410"icmp_list : icmp_list comma icmp_item optnl",
2411"icmp6_list : icmp6_item optnl",
2412"icmp6_list : icmp6_list comma icmp6_item optnl",
2413"icmp_item : icmptype",
2414"icmp_item : icmptype CODE STRING",
2415"icmp_item : icmptype CODE NUMBER",
2416"icmp6_item : icmp6type",
2417"icmp6_item : icmp6type CODE STRING",
2418"icmp6_item : icmp6type CODE NUMBER",
2419"icmptype : STRING",
2420"icmptype : NUMBER",
2421"icmp6type : STRING",
2422"icmp6type : NUMBER",
2423"tos : STRING",
2424"tos : NUMBER",
2425"sourcetrack :",
2426"sourcetrack : GLOBAL",
2427"sourcetrack : RULE",
2428"statelock : IFBOUND",
2429"statelock : FLOATING",
2430"keep : NO STATE",
2431"keep : KEEP STATE state_opt_spec",
2432"keep : MODULATE STATE state_opt_spec",
2433"keep : SYNPROXY STATE state_opt_spec",
2434"flush :",
2435"flush : FLUSH",
2436"flush : FLUSH GLOBAL",
2437"state_opt_spec : '(' state_opt_list ')'",
2438"state_opt_spec :",
2439"state_opt_list : state_opt_item",
2440"state_opt_list : state_opt_list comma state_opt_item",
2441"state_opt_item : MAXIMUM NUMBER",
2442"state_opt_item : NOSYNC",
2443"state_opt_item : MAXSRCSTATES NUMBER",
2444"state_opt_item : MAXSRCCONN NUMBER",
2445"state_opt_item : MAXSRCCONNRATE NUMBER '/' NUMBER",
2446"state_opt_item : OVERLOAD '<' STRING '>' flush",
2447"state_opt_item : MAXSRCNODES NUMBER",
2448"state_opt_item : SOURCETRACK sourcetrack",
2449"state_opt_item : statelock",
2450"state_opt_item : SLOPPY",
2451"state_opt_item : PFLOW",
2452"state_opt_item : STRING NUMBER",
2453"label : STRING",
2454"qname : STRING",
2455"qname : '(' STRING ')'",
2456"qname : '(' STRING comma STRING ')'",
2457"portstar : numberstring",
2458"redirspec : host optweight",
2459"redirspec : '{' optnl redir_host_list '}'",
2460"redir_host_list : host optweight optnl",
2461"redir_host_list : redir_host_list comma host optweight optnl",
2462"redirpool : redirspec",
2463"redirpool : redirspec PORT portstar",
2464"hashkey :",
2465"hashkey : string",
2466"$$8 :",
2467"pool_opts : $$8 pool_opts_l",
2468"pool_opts :",
2469"pool_opts_l : pool_opts_l pool_opt",
2470"pool_opts_l : pool_opt",
2471"pool_opt : BITMASK",
2472"pool_opt : RANDOM",
2473"pool_opt : SOURCEHASH hashkey",
2474"pool_opt : ROUNDROBIN",
2475"pool_opt : LEASTSTATES",
2476"pool_opt : STATICPORT",
2477"pool_opt : STICKYADDRESS",
2478"routespec : redirspec pool_opts",
2479"timeout_spec : STRING NUMBER",
2480"timeout_list : timeout_list comma timeout_spec optnl",
2481"timeout_list : timeout_spec optnl",
2482"limit_spec : STRING NUMBER",
2483"limit_list : limit_list comma limit_spec optnl",
2484"limit_list : limit_spec optnl",
2485"comma : ','",
2486"comma :",
2487"yesno : NO",
2488"yesno : STRING",
2489"unaryop : '='",
2490"unaryop : NE",
2491"unaryop : LE",
2492"unaryop : '<'",
2493"unaryop : GE",
2494"unaryop : '>'",
2495};
2496#endif
2497#ifdef YYSTACKSIZE10000
2498#undef YYMAXDEPTH10000
2499#define YYMAXDEPTH10000 YYSTACKSIZE10000
2500#else
2501#ifdef YYMAXDEPTH10000
2502#define YYSTACKSIZE10000 YYMAXDEPTH10000
2503#else
2504#define YYSTACKSIZE10000 10000
2505#define YYMAXDEPTH10000 10000
2506#endif
2507#endif
2508#define YYINITSTACKSIZE200 200
2509/* LINTUSED */
2510int yydebug;
2511int yynerrs;
2512int yyerrflag;
2513int yychar;
2514short *yyssp;
2515YYSTYPE *yyvsp;
2516YYSTYPE yyval;
2517YYSTYPE yylval;
2518short *yyss;
2519short *yysslim;
2520YYSTYPE *yyvs;
2521unsigned int yystacksize;
2522int yyparse(void);
2523#line 3778 "/usr/src/sbin/pfctl/parse.y"
2524
2525int
2526yyerror(const char *fmt, ...)
2527{
2528 va_list ap;
2529
2530 file->errors++;
2531 va_start(ap, fmt)__builtin_va_start(ap, fmt);
2532 fprintf(stderr(&__sF[2]), "%s:%d: ", file->name, yylval.lineno);
2533 vfprintf(stderr(&__sF[2]), fmt, ap);
2534 fprintf(stderr(&__sF[2]), "\n");
2535 va_end(ap)__builtin_va_end(ap);
2536 return (0);
2537}
2538
2539int
2540validate_range(u_int8_t op, u_int16_t p1, u_int16_t p2)
2541{
2542 u_int16_t a = ntohs(p1)(__uint16_t)(__builtin_constant_p(p1) ? (__uint16_t)(((__uint16_t
)(p1) & 0xffU) << 8 | ((__uint16_t)(p1) & 0xff00U
) >> 8) : __swap16md(p1));
2543 u_int16_t b = ntohs(p2)(__uint16_t)(__builtin_constant_p(p2) ? (__uint16_t)(((__uint16_t
)(p2) & 0xffU) << 8 | ((__uint16_t)(p2) & 0xff00U
) >> 8) : __swap16md(p2));
2544
2545 if ((op == PF_OP_RRG && a > b) || /* 34:12, i.e. none */
2546 (op == PF_OP_IRG && a >= b) || /* 34><12, i.e. none */
2547 (op == PF_OP_XRG && a > b)) /* 34<>22, i.e. all */
2548 return 1;
2549 return 0;
2550}
2551
2552int
2553disallow_table(struct node_host *h, const char *fmt)
2554{
2555 for (; h != NULL((void *)0); h = h->next)
2556 if (h->addr.type == PF_ADDR_TABLE) {
2557 yyerror(fmt, h->addr.v.tblname);
2558 return (1);
2559 }
2560 return (0);
2561}
2562
2563int
2564disallow_urpf_failed(struct node_host *h, const char *fmt)
2565{
2566 for (; h != NULL((void *)0); h = h->next)
2567 if (h->addr.type == PF_ADDR_URPFFAILED) {
2568 yyerror("%s", fmt);
2569 return (1);
2570 }
2571 return (0);
2572}
2573
2574int
2575disallow_alias(struct node_host *h, const char *fmt)
2576{
2577 for (; h != NULL((void *)0); h = h->next)
2578 if (DYNIF_MULTIADDR(h->addr)((h->addr).type == PF_ADDR_DYNIFTL && (!((h->addr
).iflags & 0x08) || !isdigit((unsigned char)(h->addr).
v.ifname[strlen((h->addr).v.ifname)-1])))) {
2579 yyerror(fmt, h->addr.v.tblname);
2580 return (1);
2581 }
2582 return (0);
2583}
2584
2585int
2586rule_consistent(struct pf_rule *r)
2587{
2588 int problems = 0;
2589
2590 if (r->proto != IPPROTO_TCP6 && r->os_fingerprint != PF_OSFP_ANY((pf_osfp_t)0)) {
2591 yyerror("os only applies to tcp");
2592 problems++;
2593 }
2594 if (r->proto != IPPROTO_TCP6 && r->proto != IPPROTO_UDP17 &&
2595 (r->src.port_op || r->dst.port_op)) {
2596 yyerror("port only applies to tcp/udp");
2597 problems++;
2598 }
2599 if (r->proto != IPPROTO_TCP6 && r->proto != IPPROTO_UDP17 &&
2600 r->uid.op) {
2601 yyerror("user only applies to tcp/udp");
2602 problems++;
2603 }
2604 if (r->proto != IPPROTO_TCP6 && r->proto != IPPROTO_UDP17 &&
2605 r->gid.op) {
2606 yyerror("group only applies to tcp/udp");
2607 problems++;
2608 }
2609 if (r->proto != IPPROTO_ICMP1 && r->proto != IPPROTO_ICMPV658 &&
2610 (r->type || r->code)) {
2611 yyerror("icmp-type/code only applies to icmp");
2612 problems++;
2613 }
2614 if (!r->af && (r->type || r->code)) {
2615 yyerror("must indicate address family with icmp-type/code");
2616 problems++;
2617 }
2618 if (r->rule_flag & PFRULE_AFTO0x00200000 && r->af == r->naf) {
2619 yyerror("must indicate different address family with af-to");
2620 problems++;
2621 }
2622 if (r->overload_tblname[0] &&
2623 r->max_src_conn == 0 && r->max_src_conn_rate.seconds == 0) {
2624 yyerror("'overload' requires 'max-src-conn' "
2625 "or 'max-src-conn-rate'");
2626 problems++;
2627 }
2628 if ((r->proto == IPPROTO_ICMP1 && r->af == AF_INET624) ||
2629 (r->proto == IPPROTO_ICMPV658 && r->af == AF_INET2)) {
2630 yyerror("proto %s doesn't match address family %s",
2631 r->proto == IPPROTO_ICMP1 ? "icmp" : "icmp6",
2632 r->af == AF_INET2 ? "inet" : "inet6");
2633 problems++;
2634 }
2635 if (r->allow_opts && r->action != PF_PASS) {
2636 yyerror("allow-opts can only be specified for pass rules");
2637 problems++;
2638 }
2639 if (r->rule_flag & PFRULE_FRAGMENT0x0002 && (r->src.port_op ||
2640 r->dst.port_op || r->flagset || r->type || r->code)) {
2641 yyerror("fragments can be filtered only on IP header fields");
2642 problems++;
2643 }
2644 if (r->rule_flag & PFRULE_RETURNRST0x0001 && r->proto != IPPROTO_TCP6) {
2645 yyerror("return-rst can only be applied to TCP rules");
2646 problems++;
2647 }
2648 if (r->max_src_nodes && !(r->rule_flag & PFRULE_RULESRCTRACK0x0040)) {
2649 yyerror("max-src-nodes requires 'source-track rule'");
2650 problems++;
2651 }
2652 if (r->action != PF_PASS && r->keep_state) {
2653 yyerror("keep state is great, but only for pass rules");
2654 problems++;
2655 }
2656 if (r->rt && !r->keep_state) {
2657 yyerror("route-to, reply-to and dup-to require keep state");
2658 problems++;
2659 }
2660 if (r->rule_flag & PFRULE_STATESLOPPY0x00020000 &&
2661 (r->keep_state == PF_STATE_MODULATE0x2 ||
2662 r->keep_state == PF_STATE_SYNPROXY0x3)) {
2663 yyerror("sloppy state matching cannot be used with "
2664 "synproxy state or modulate state");
2665 problems++;
2666 }
2667
2668 if ((r->keep_state == PF_STATE_SYNPROXY0x3) && (r->direction != PF_IN))
2669 fprintf(stderr(&__sF[2]), "%s:%d: warning: "
2670 "synproxy used for inbound rules only, "
2671 "ignored for outbound\n", file->name, yylval.lineno);
2672
2673 if ((r->nat.addr.type != PF_ADDR_NONE ||
2674 r->rdr.addr.type != PF_ADDR_NONE) &&
2675 r->action != PF_MATCH && !r->keep_state) {
2676 yyerror("nat-to and rdr-to require keep state");
2677 problems++;
2678 }
2679 if (r->direction == PF_INOUT && (r->nat.addr.type != PF_ADDR_NONE ||
2680 r->rdr.addr.type != PF_ADDR_NONE)) {
2681 yyerror("nat-to and rdr-to require a direction");
2682 problems++;
2683 }
2684 if (r->af == AF_INET624 && (r->scrub_flags &
2685 (PFSTATE_NODF0x0020|PFSTATE_RANDOMID0x0080))) {
2686 yyerror("address family inet6 does not support scrub options "
2687 "no-df, random-id");
2688 problems++;
2689 }
2690
2691 /* Basic rule sanity check. */
2692 switch (r->action) {
2693 case PF_MATCH:
2694 if (r->divert.type != PF_DIVERT_NONE) {
2695 yyerror("divert is not supported on match rules");
2696 problems++;
2697 }
2698 if (r->rt) {
2699 yyerror("route-to, reply-to and dup-to "
2700 "are not supported on match rules");
2701 problems++;
2702 }
2703 if (r->rule_flag & PFRULE_AFTO0x00200000) {
2704 yyerror("af-to is not supported on match rules");
2705 problems++;
2706 }
2707 break;
2708 case PF_DROP:
2709 if (r->rt) {
2710 yyerror("route-to, reply-to and dup-to "
2711 "are not supported on block rules");
2712 problems++;
2713 }
2714 break;
2715 default:;
2716 }
2717 return (-problems);
2718}
2719
2720int
2721process_tabledef(char *name, struct table_opts *opts, int popts)
2722{
2723 struct pfr_buffer ab;
2724 struct node_tinit *ti;
2725
2726 bzero(&ab, sizeof(ab));
2727 ab.pfrb_type = PFRB_ADDRS;
2728 SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries)for((ti) = ((&opts->init_nodes)->sqh_first); (ti) !=
((void *)0); (ti) = ((ti)->entries.sqe_next)) {
2729 if (ti->file)
2730 if (pfr_buf_load(&ab, ti->file, 0, popts)) {
2731 if (errno(*__errno()))
2732 yyerror("cannot load \"%s\": %s",
2733 ti->file, strerror(errno(*__errno())));
2734 else
2735 yyerror("file \"%s\" contains bad data",
2736 ti->file);
2737 goto _error;
2738 }
2739 if (ti->host)
2740 if (append_addr_host(&ab, ti->host, 0, 0)) {
2741 yyerror("cannot create address buffer: %s",
2742 strerror(errno(*__errno())));
2743 goto _error;
2744 }
2745 }
2746 if (pf->opts & PF_OPT_VERBOSE0x00004)
2747 print_tabledef(name, opts->flags, opts->init_addr,
2748 &opts->init_nodes);
2749 if (!(pf->opts & PF_OPT_NOACTION0x00008) ||
2750 (pf->opts & PF_OPT_DUMMYACTION0x00100))
2751 warn_duplicate_tables(name, pf->anchor->path);
2752 else if (pf->opts & PF_OPT_VERBOSE0x00004)
2753 fprintf(stderr(&__sF[2]), "%s:%d: skipping duplicate table checks"
2754 " for <%s>\n", file->name, yylval.lineno, name);
2755 if (!(pf->opts & PF_OPT_NOACTION0x00008) &&
2756 pfctl_define_table(name, opts->flags, opts->init_addr,
2757 pf->anchor->path, &ab, pf->anchor->ruleset.tticket)) {
2758 yyerror("cannot define table %s: %s", name,
2759 pf_strerror(errno(*__errno())));
2760 goto _error;
2761 }
2762 pf->tdirty = 1;
2763 pfr_buf_clear(&ab);
2764 return (0);
2765_error:
2766 pfr_buf_clear(&ab);
2767 return (-1);
2768}
2769
2770struct keywords {
2771 const char *k_name;
2772 int k_val;
2773};
2774
2775/* macro gore, but you should've seen the prior indentation nightmare... */
2776
2777#define FREE_LIST(T,r) \
2778 do { \
2779 T *p, *node = r; \
2780 while (node != NULL((void *)0)) { \
2781 p = node; \
2782 node = node->next; \
2783 free(p); \
2784 } \
2785 } while (0)
2786
2787#define LOOP_THROUGH(T,n,r,C) \
2788 do { \
2789 T *n; \
2790 if (r == NULL((void *)0)) { \
2791 r = calloc(1, sizeof(T)); \
2792 if (r == NULL((void *)0)) \
2793 err(1, "LOOP: calloc"); \
2794 r->next = NULL((void *)0); \
2795 } \
2796 n = r; \
2797 while (n != NULL((void *)0)) { \
2798 do { \
2799 C; \
2800 } while (0); \
2801 n = n->next; \
2802 } \
2803 } while (0)
2804
2805void
2806expand_label_str(char *label, size_t len, const char *srch, const char *repl)
2807{
2808 char *tmp;
2809 char *p, *q;
2810
2811 if ((tmp = calloc(1, len)) == NULL((void *)0))
2812 err(1, "%s", __func__);
2813 p = q = label;
2814 while ((q = strstr(p, srch)) != NULL((void *)0)) {
2815 *q = '\0';
2816 if ((strlcat(tmp, p, len) >= len) ||
2817 (strlcat(tmp, repl, len) >= len))
2818 errx(1, "expand_label: label too long");
2819 q += strlen(srch);
2820 p = q;
2821 }
2822 if (strlcat(tmp, p, len) >= len)
2823 errx(1, "expand_label: label too long");
2824 strlcpy(label, tmp, len); /* always fits */
2825 free(tmp);
2826}
2827
2828void
2829expand_label_if(const char *name, char *label, size_t len, const char *ifname)
2830{
2831 if (strstr(label, name) != NULL((void *)0)) {
2832 if (!*ifname)
2833 expand_label_str(label, len, name, "any");
2834 else
2835 expand_label_str(label, len, name, ifname);
2836 }
2837}
2838
2839void
2840expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
2841 struct node_host *h)
2842{
2843 char tmp[64], tmp_not[66];
2844
2845 if (strstr(label, name) != NULL((void *)0)) {
2846 switch (h->addr.type) {
2847 case PF_ADDR_DYNIFTL:
2848 snprintf(tmp, sizeof(tmp), "(%s)", h->addr.v.ifname);
2849 break;
2850 case PF_ADDR_TABLE:
2851 snprintf(tmp, sizeof(tmp), "<%s>", h->addr.v.tblname);
2852 break;
2853 case PF_ADDR_NOROUTE:
2854 snprintf(tmp, sizeof(tmp), "no-route");
2855 break;
2856 case PF_ADDR_URPFFAILED:
2857 snprintf(tmp, sizeof(tmp), "urpf-failed");
2858 break;
2859 case PF_ADDR_ADDRMASK:
2860 if (!af || (PF_AZERO(&h->addr.v.a.addr, af)((af == 2 && !(&h->addr.v.a.addr)->pfa.addr32
[0]) || (af == 24 && !(&h->addr.v.a.addr)->
pfa.addr32[0] && !(&h->addr.v.a.addr)->pfa.
addr32[1] && !(&h->addr.v.a.addr)->pfa.addr32
[2] && !(&h->addr.v.a.addr)->pfa.addr32[3] )
) &&
2861 PF_AZERO(&h->addr.v.a.mask, af)((af == 2 && !(&h->addr.v.a.mask)->pfa.addr32
[0]) || (af == 24 && !(&h->addr.v.a.mask)->
pfa.addr32[0] && !(&h->addr.v.a.mask)->pfa.
addr32[1] && !(&h->addr.v.a.mask)->pfa.addr32
[2] && !(&h->addr.v.a.mask)->pfa.addr32[3] )
)))
2862 snprintf(tmp, sizeof(tmp), "any");
2863 else {
2864 char a[48];
2865 int bits;
2866
2867 if (inet_ntop(af, &h->addr.v.a.addr, a,
2868 sizeof(a)) == NULL((void *)0))
2869 snprintf(tmp, sizeof(tmp), "?");
2870 else {
2871 bits = unmask(&h->addr.v.a.mask);
2872 if ((af == AF_INET2 && bits < 32) ||
2873 (af == AF_INET624 && bits < 128))
2874 snprintf(tmp, sizeof(tmp),
2875 "%s/%d", a, bits);
2876 else
2877 snprintf(tmp, sizeof(tmp),
2878 "%s", a);
2879 }
2880 }
2881 break;
2882 default:
2883 snprintf(tmp, sizeof(tmp), "?");
2884 break;
2885 }
2886
2887 if (h->not) {
2888 snprintf(tmp_not, sizeof(tmp_not), "! %s", tmp);
2889 expand_label_str(label, len, name, tmp_not);
2890 } else
2891 expand_label_str(label, len, name, tmp);
2892 }
2893}
2894
2895void
2896expand_label_port(const char *name, char *label, size_t len,
2897 struct node_port *port)
2898{
2899 char a1[6], a2[6], op[13] = "";
2900
2901 if (strstr(label, name) != NULL((void *)0)) {
2902 snprintf(a1, sizeof(a1), "%u", ntohs(port->port[0])(__uint16_t)(__builtin_constant_p(port->port[0]) ? (__uint16_t
)(((__uint16_t)(port->port[0]) & 0xffU) << 8 | (
(__uint16_t)(port->port[0]) & 0xff00U) >> 8) : __swap16md
(port->port[0])));
2903 snprintf(a2, sizeof(a2), "%u", ntohs(port->port[1])(__uint16_t)(__builtin_constant_p(port->port[1]) ? (__uint16_t
)(((__uint16_t)(port->port[1]) & 0xffU) << 8 | (
(__uint16_t)(port->port[1]) & 0xff00U) >> 8) : __swap16md
(port->port[1])));
2904 if (!port->op)
2905 ;
2906 else if (port->op == PF_OP_IRG)
2907 snprintf(op, sizeof(op), "%s><%s", a1, a2);
2908 else if (port->op == PF_OP_XRG)
2909 snprintf(op, sizeof(op), "%s<>%s", a1, a2);
2910 else if (port->op == PF_OP_EQ)
2911 snprintf(op, sizeof(op), "%s", a1);
2912 else if (port->op == PF_OP_NE)
2913 snprintf(op, sizeof(op), "!=%s", a1);
2914 else if (port->op == PF_OP_LT)
2915 snprintf(op, sizeof(op), "<%s", a1);
2916 else if (port->op == PF_OP_LE)
2917 snprintf(op, sizeof(op), "<=%s", a1);
2918 else if (port->op == PF_OP_GT)
2919 snprintf(op, sizeof(op), ">%s", a1);
2920 else if (port->op == PF_OP_GE)
2921 snprintf(op, sizeof(op), ">=%s", a1);
2922 expand_label_str(label, len, name, op);
2923 }
2924}
2925
2926void
2927expand_label_proto(const char *name, char *label, size_t len, u_int8_t proto)
2928{
2929 struct protoent *pe;
2930 char n[4];
2931
2932 if (strstr(label, name) != NULL((void *)0)) {
2933 pe = getprotobynumber(proto);
2934 if (pe != NULL((void *)0))
2935 expand_label_str(label, len, name, pe->p_name);
2936 else {
2937 snprintf(n, sizeof(n), "%u", proto);
2938 expand_label_str(label, len, name, n);
2939 }
2940 }
2941}
2942
2943void
2944pfctl_expand_label_nr(struct pf_rule *r, unsigned int rno)
2945{
2946 char n[11];
2947
2948 snprintf(n, sizeof(n), "%u", rno);
2949
2950 if (strstr(r->label, "$nr") != NULL((void *)0))
2951 expand_label_str(r->label, PF_RULE_LABEL_SIZE64, "$nr", n);
2952
2953 if (strstr(r->tagname, "$nr") != NULL((void *)0))
2954 expand_label_str(r->tagname, PF_TAG_NAME_SIZE64, "$nr", n);
2955
2956 if (strstr(r->match_tagname, "$nr") != NULL((void *)0))
2957 expand_label_str(r->match_tagname, PF_TAG_NAME_SIZE64, "$nr", n);
2958}
2959
2960void
2961expand_label(char *label, size_t len, const char *ifname, sa_family_t af,
2962 struct node_host *src_host, struct node_port *src_port,
2963 struct node_host *dst_host, struct node_port *dst_port,
2964 u_int8_t proto)
2965{
2966 expand_label_if("$if", label, len, ifname);
2967 expand_label_addr("$srcaddr", label, len, af, src_host);
2968 expand_label_addr("$dstaddr", label, len, af, dst_host);
2969 expand_label_port("$srcport", label, len, src_port);
2970 expand_label_port("$dstport", label, len, dst_port);
2971 expand_label_proto("$proto", label, len, proto);
2972 /* rule number, '$nr', gets expanded after optimizer */
2973}
2974
2975int
2976expand_queue(char *qname, struct node_if *interfaces, struct queue_opts *opts)
2977{
2978 struct pf_queuespec qspec;
2979
2980 LOOP_THROUGH(struct node_if, interface, interfaces,
2981 bzero(&qspec, sizeof(qspec));
2982 if (!opts->parent && (opts->marker & QOM_BWSPEC0x01))
2983 opts->flags |= PFQS_ROOTCLASS0x0002;
2984 if (!(opts->marker & QOM_BWSPEC0x01) &&
2985 !(opts->marker & QOM_FLOWS0x10)) {
2986 yyerror("no bandwidth or flow specification");
2987 return (1);
2988 }
2989 if (strlcpy(qspec.qname, qname, sizeof(qspec.qname)) >=
2990 sizeof(qspec.qname)) {
2991 yyerror("queuename too long");
2992 return (1);
2993 }
2994 if (opts->parent && strlcpy(qspec.parent, opts->parent,
2995 sizeof(qspec.parent)) >= sizeof(qspec.parent)) {
2996 yyerror("parent too long");
2997 return (1);
2998 }
2999 if (strlcpy(qspec.ifname, interface->ifname,
3000 sizeof(qspec.ifname)) >= sizeof(qspec.ifname)) {
3001 yyerror("interface too long");
3002 return (1);
3003 }
3004 qspec.realtime.m1.absolute = opts->realtime.m1.bw_absolute;
3005 qspec.realtime.m1.percent = opts->realtime.m1.bw_percent;
3006 qspec.realtime.m2.absolute = opts->realtime.m2.bw_absolute;
3007 qspec.realtime.m2.percent = opts->realtime.m2.bw_percent;
3008 qspec.realtime.d = opts->realtime.d;
3009
3010 qspec.linkshare.m1.absolute = opts->linkshare.m1.bw_absolute;
3011 qspec.linkshare.m1.percent = opts->linkshare.m1.bw_percent;
3012 qspec.linkshare.m2.absolute = opts->linkshare.m2.bw_absolute;
3013 qspec.linkshare.m2.percent = opts->linkshare.m2.bw_percent;
3014 qspec.linkshare.d = opts->linkshare.d;
3015
3016 qspec.upperlimit.m1.absolute = opts->upperlimit.m1.bw_absolute;
3017 qspec.upperlimit.m1.percent = opts->upperlimit.m1.bw_percent;
3018 qspec.upperlimit.m2.absolute = opts->upperlimit.m2.bw_absolute;
3019 qspec.upperlimit.m2.percent = opts->upperlimit.m2.bw_percent;
3020 qspec.upperlimit.d = opts->upperlimit.d;
3021
3022 qspec.flowqueue.flows = opts->flowqueue.flows;
3023 qspec.flowqueue.quantum = opts->flowqueue.quantum;
3024 qspec.flowqueue.interval = opts->flowqueue.interval;
3025 qspec.flowqueue.target = opts->flowqueue.target;
3026
3027 qspec.flags = opts->flags;
3028 qspec.qlimit = opts->qlimit;
3029
3030 if (pfctl_add_queue(pf, &qspec)) {
3031 yyerror("cannot add queue");
3032 return (1);
3033 }
3034 );
3035
3036 FREE_LIST(struct node_if, interfaces);
3037 return (0);
3038}
3039
3040int
3041expand_divertspec(struct pf_rule *r, struct divertspec *ds)
3042{
3043 struct node_host *n;
3044
3045 switch (ds->type) {
3046 case PF_DIVERT_NONE:
3047 return (0);
3048 case PF_DIVERT_TO:
3049 if (r->direction == PF_OUT) {
3050 yyerror("divert-to used with outgoing rule");
3051 return (1);
3052 }
3053 if (r->af) {
3054 for (n = ds->addr; n != NULL((void *)0); n = n->next)
3055 if (n->af == r->af)
3056 break;
3057 if (n == NULL((void *)0)) {
3058 yyerror("divert-to address family mismatch");
3059 return (1);
3060 }
3061 r->divert.addr = n->addr.v.a.addr;
3062 } else {
3063 r->af = ds->addr->af;
3064 r->divert.addr = ds->addr->addr.v.a.addr;
3065 }
3066 r->divert.port = ds->port;
3067 r->divert.type = ds->type;
3068 return (0);
3069 case PF_DIVERT_REPLY:
3070 if (r->direction == PF_IN) {
3071 yyerror("divert-reply used with incoming rule");
3072 return (1);
3073 }
3074 r->divert.type = ds->type;
3075 return (0);
3076 case PF_DIVERT_PACKET:
3077 r->divert.port = ds->port;
3078 r->divert.type = ds->type;
3079 return (0);
3080 }
3081 return (1);
3082}
3083
3084int
3085collapse_redirspec(struct pf_pool *rpool, struct pf_rule *r,
3086 struct redirspec *rs, int routing)
3087{
3088 struct pf_opt_tbl *tbl = NULL((void *)0);
3089 struct node_host *h, *hprev = NULL((void *)0);
3090 struct pf_rule_addr ra;
3091 int af = 0, naddr = 0;
3092
3093 if (!rs || !rs->rdr || rs->rdr->host == NULL((void *)0)) {
3094 rpool->addr.type = PF_ADDR_NONE;
3095 return (0);
3096 }
3097
3098 if (r->rule_flag & PFRULE_AFTO0x00200000)
3099 r->naf = rs->af;
3100
3101 for (h = rs->rdr->host; h != NULL((void *)0); h = h->next) {
3102 if (routing) {
3103 if (h->addr.type == PF_ADDR_DYNIFTL &&
3104 h->addr.iflags != PFI_AFLAG_PEER0x04) {
3105 yyerror("route spec requires :peer with "
3106 "dynamic interface addresses");
3107 return (1);
3108 }
3109 }
3110
3111 /* set rule address family if redirect spec has one */
3112 if (rs->af && !r->af && !af) {
3113 /* swap address families for af-to */
3114 if (r->naf == AF_INET624)
3115 af = AF_INET2;
3116 else if (r->naf == AF_INET2)
3117 af = AF_INET624;
3118 else
3119 af = rs->af;
3120 }
3121 if (h->af && !r->naf) { /* nat-to/rdr-to case */
3122 /* skip if the rule af doesn't match redirect af */
3123 if (r->af && r->af != h->af)
3124 continue;
3125 /*
3126 * fail if the chosen af is not universal for
3127 * all addresses in the redirect address pool
3128 */
3129 if (!r->af && af && af != h->af) {
3130 yyerror("%s spec contains addresses with "
3131 "different address families",
3132 routing ? "routing" : "translation");
3133 return (1);
3134 }
3135 } else if (h->af) { /* af-to case */
3136 /*
3137 * fail if the redirect spec af is not universal
3138 * for all addresses in the redirect address pool
3139 */
3140 if (rs->af && rs->af != h->af) {
3141 yyerror("%s spec contains addresses that "
3142 "don't match target address family",
3143 routing ? "routing" : "translation");
3144 return (1);
3145 }
3146 }
3147 /* else if (!h->af):
3148 * we silently allow any not af-specific host specs,
3149 * e.g. (em0) and let the kernel deal with them
3150 */
3151
3152 /* if we haven't selected the rule af yet, now it's time */
3153 if (!r->af && !af)
3154 af = h->af;
3155
3156 if (naddr == 0) { /* the first host */
3157 rpool->addr = h->addr;
3158 if (h->ifname) {
3159 yyerror("@if not permitted for %s",
3160 routing ? "routing" : "translation");
3161 return (1);
3162 }
3163 if (h->ifname && strlcpy(rpool->ifname, h->ifname,
3164 sizeof(rpool->ifname)) >= sizeof(rpool->ifname))
3165 errx(1, "collapse_redirspec: strlcpy");
3166 hprev = h; /* in case we need to conver to a table */
3167 } else { /* multiple hosts */
3168 if (rs->pool_opts.type &&
3169 !PF_POOL_DYNTYPE(rs->pool_opts.type)((((rs->pool_opts.type) & 0x0f) == PF_POOL_ROUNDROBIN)
|| (((rs->pool_opts.type) & 0x0f) == PF_POOL_LEASTSTATES
) || (((rs->pool_opts.type) & 0x0f) == PF_POOL_RANDOM)
|| (((rs->pool_opts.type) & 0x0f) == PF_POOL_SRCHASH)
)) {
3170 yyerror("pool type is not valid for multiple "
3171 "translation or routing addresses");
3172 return (1);
3173 }
3174 if ((hprev && hprev->addr.type != PF_ADDR_ADDRMASK) &&
3175 (hprev && hprev->addr.type != PF_ADDR_NONE) &&
3176 h->addr.type != PF_ADDR_ADDRMASK &&
3177 h->addr.type != PF_ADDR_NONE) {
3178 yyerror("multiple tables or dynamic interfaces "
3179 "not supported for translation or routing");
3180 return (1);
3181 }
3182 if (h->ifname) {
3183 yyerror("@if not permitted for %s",
3184 routing ? "routing" : "translation");
3185 return (1);
3186 }
3187 if (hprev) {
3188 /*
3189 * undo some damage and convert the single
3190 * host pool to the table
3191 */
3192 memset(&ra, 0, sizeof(ra));
3193 memset(rpool->ifname, 0, sizeof(rpool->ifname));
3194 ra.addr = hprev->addr;
3195 ra.weight = hprev->weight;
3196 if (add_opt_table(pf, &tbl,
3197 hprev->af, &ra, hprev->ifname))
3198 return (1);
3199 hprev = NULL((void *)0);
3200 }
3201 memset(&ra, 0, sizeof(ra));
3202 ra.addr = h->addr;
3203 ra.weight = h->weight;
3204 if (add_opt_table(pf, &tbl,
3205 h->af, &ra, h->ifname))
3206 return (1);
3207 }
3208 naddr++;
3209 }
3210 /* set rule af to the one chosen above */
3211 if (!r->af && af)
3212 r->af = af;
3213 if (!naddr) {
3214 yyerror("af mismatch in %s spec",
3215 routing ? "routing" : "translation");
3216 return (1);
3217 }
3218 if (tbl) {
3219 if ((pf->opts & PF_OPT_NOACTION0x00008) == 0 &&
3220 pf_opt_create_table(pf, tbl))
3221 return (1);
3222
3223 pf->tdirty = 1;
3224
3225 if (pf->opts & PF_OPT_VERBOSE0x00004)
3226 print_tabledef(tbl->pt_name,
3227 PFR_TFLAG_CONST0x00000002 | tbl->pt_flags,
3228 1, &tbl->pt_nodes);
3229
3230 memset(&rpool->addr, 0, sizeof(rpool->addr));
3231 rpool->addr.type = PF_ADDR_TABLE;
3232 strlcpy(rpool->addr.v.tblname, tbl->pt_name,
3233 sizeof(rpool->addr.v.tblname));
3234
3235 pfr_buf_clear(tbl->pt_buf);
3236 free(tbl->pt_buf);
3237 tbl->pt_buf = NULL((void *)0);
3238 free(tbl);
3239 }
3240 return (0);
3241}
3242
3243
3244int
3245apply_redirspec(struct pf_pool *rpool, struct pf_rule *r, struct redirspec *rs,
3246 int isrdr, struct node_port *np)
3247{
3248 if (!rs || !rs->rdr)
3249 return (0);
3250
3251 rpool->proxy_port[0] = ntohs(rs->rdr->rport.a)(__uint16_t)(__builtin_constant_p(rs->rdr->rport.a) ? (
__uint16_t)(((__uint16_t)(rs->rdr->rport.a) & 0xffU
) << 8 | ((__uint16_t)(rs->rdr->rport.a) & 0xff00U
) >> 8) : __swap16md(rs->rdr->rport.a));
3252
3253 if (isrdr) {
3254 if (!rs->rdr->rport.b && rs->rdr->rport.t) {
3255 rpool->proxy_port[1] = ntohs(rs->rdr->rport.a)(__uint16_t)(__builtin_constant_p(rs->rdr->rport.a) ? (
__uint16_t)(((__uint16_t)(rs->rdr->rport.a) & 0xffU
) << 8 | ((__uint16_t)(rs->rdr->rport.a) & 0xff00U
) >> 8) : __swap16md(rs->rdr->rport.a)) +
3256 (ntohs(np->port[1])(__uint16_t)(__builtin_constant_p(np->port[1]) ? (__uint16_t
)(((__uint16_t)(np->port[1]) & 0xffU) << 8 | ((__uint16_t
)(np->port[1]) & 0xff00U) >> 8) : __swap16md(np->
port[1])) - ntohs(np->port[0])(__uint16_t)(__builtin_constant_p(np->port[0]) ? (__uint16_t
)(((__uint16_t)(np->port[0]) & 0xffU) << 8 | ((__uint16_t
)(np->port[0]) & 0xff00U) >> 8) : __swap16md(np->
port[0])));
3257 } else {
3258 if (validate_range(rs->rdr->rport.t, rs->rdr->rport.a,
3259 rs->rdr->rport.b)) {
3260 yyerror("invalid rdr-to port range");
3261 return (1);
3262 }
3263
3264 rpool->port_op = rs->rdr->rport.t;
3265 rpool->proxy_port[1] = ntohs(rs->rdr->rport.b)(__uint16_t)(__builtin_constant_p(rs->rdr->rport.b) ? (
__uint16_t)(((__uint16_t)(rs->rdr->rport.b) & 0xffU
) << 8 | ((__uint16_t)(rs->rdr->rport.b) & 0xff00U
) >> 8) : __swap16md(rs->rdr->rport.b));
3266 }
3267 } else {
3268 rpool->proxy_port[1] = ntohs(rs->rdr->rport.b)(__uint16_t)(__builtin_constant_p(rs->rdr->rport.b) ? (
__uint16_t)(((__uint16_t)(rs->rdr->rport.b) & 0xffU
) << 8 | ((__uint16_t)(rs->rdr->rport.b) & 0xff00U
) >> 8) : __swap16md(rs->rdr->rport.b));
3269 if (!rpool->proxy_port[0] && !rpool->proxy_port[1]) {
3270 rpool->proxy_port[0] = PF_NAT_PROXY_PORT_LOW50001;
3271 rpool->proxy_port[1] = PF_NAT_PROXY_PORT_HIGH65535;
3272 } else if (!rpool->proxy_port[1])
3273 rpool->proxy_port[1] = rpool->proxy_port[0];
3274 }
3275
3276 rpool->opts = rs->pool_opts.type;
3277 if ((rpool->opts & PF_POOL_TYPEMASK0x0f) == PF_POOL_NONE &&
3278 (rpool->addr.type == PF_ADDR_TABLE ||
3279 DYNIF_MULTIADDR(rpool->addr)((rpool->addr).type == PF_ADDR_DYNIFTL && (!((rpool
->addr).iflags & 0x08) || !isdigit((unsigned char)(rpool
->addr).v.ifname[strlen((rpool->addr).v.ifname)-1])))))
3280 rpool->opts |= PF_POOL_ROUNDROBIN;
3281
3282 if (!PF_POOL_DYNTYPE(rpool->opts)((((rpool->opts) & 0x0f) == PF_POOL_ROUNDROBIN) || (((
rpool->opts) & 0x0f) == PF_POOL_LEASTSTATES) || (((rpool
->opts) & 0x0f) == PF_POOL_RANDOM) || (((rpool->opts
) & 0x0f) == PF_POOL_SRCHASH)) &&
3283 (disallow_table(rs->rdr->host,
3284 "tables are not supported by pool type") ||
3285 disallow_alias(rs->rdr->host,
3286 "interface (%s) is not supported by pool type")))
3287 return (1);
3288
3289 if (rs->pool_opts.key != NULL((void *)0))
3290 memcpy(&rpool->key, rs->pool_opts.key,
3291 sizeof(struct pf_poolhashkey));
3292
3293 if (rs->pool_opts.opts)
3294 rpool->opts |= rs->pool_opts.opts;
3295
3296 if (rs->pool_opts.staticport) {
3297 if (isrdr) {
3298 yyerror("the 'static-port' option is only valid with "
3299 "nat rules");
3300 return (1);
3301 }
3302 if (rpool->proxy_port[0] != PF_NAT_PROXY_PORT_LOW50001 &&
3303 rpool->proxy_port[1] != PF_NAT_PROXY_PORT_HIGH65535) {
3304 yyerror("the 'static-port' option can't be used when "
3305 "specifying a port range");
3306 return (1);
3307 }
3308 rpool->proxy_port[0] = 0;
3309 rpool->proxy_port[1] = 0;
3310 }
3311
3312 return (0);
3313}
3314
3315
3316void
3317expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces,
3318 struct redirspec *nat, struct redirspec *rdr, struct redirspec *rroute,
3319 struct node_proto *protos, struct node_os *src_oses,
3320 struct node_host *src_hosts, struct node_port *src_ports,
3321 struct node_host *dst_hosts, struct node_port *dst_ports,
3322 struct node_uid *uids, struct node_gid *gids, struct node_if *rcv,
3323 struct node_icmp *icmp_types)
3324{
3325 sa_family_t af = r->af;
3326 int added = 0, error = 0;
3327 char ifname[IF_NAMESIZE16];
3328 char label[PF_RULE_LABEL_SIZE64];
3329 char tagname[PF_TAG_NAME_SIZE64];
3330 char match_tagname[PF_TAG_NAME_SIZE64];
3331 u_int8_t flags, flagset, keep_state;
3332 struct node_host *srch, *dsth, *osrch, *odsth;
3333 struct redirspec binat;
3334 struct pf_rule rb;
3335 int dir = r->direction;
3336
3337 if (strlcpy(label, r->label, sizeof(label)) >= sizeof(label))
3338 errx(1, "expand_rule: strlcpy");
3339 if (strlcpy(tagname, r->tagname, sizeof(tagname)) >= sizeof(tagname))
3340 errx(1, "expand_rule: strlcpy");
3341 if (strlcpy(match_tagname, r->match_tagname, sizeof(match_tagname)) >=
3342 sizeof(match_tagname))
3343 errx(1, "expand_rule: strlcpy");
3344 flags = r->flags;
3345 flagset = r->flagset;
3346 keep_state = r->keep_state;
3347
3348 r->src.addr.type = r->dst.addr.type = PF_ADDR_ADDRMASK;
3349
3350 LOOP_THROUGH(struct node_if, interface, interfaces,
3351 LOOP_THROUGH(struct node_proto, proto, protos,
3352 LOOP_THROUGH(struct node_icmp, icmp_type, icmp_types,
3353 LOOP_THROUGH(struct node_host, src_host, src_hosts,
3354 LOOP_THROUGH(struct node_host, dst_host, dst_hosts,
3355 LOOP_THROUGH(struct node_port, src_port, src_ports,
3356 LOOP_THROUGH(struct node_port, dst_port, dst_ports,
3357 LOOP_THROUGH(struct node_os, src_os, src_oses,
3358 LOOP_THROUGH(struct node_uid, uid, uids,
3359 LOOP_THROUGH(struct node_gid, gid, gids,
3360
3361 r->af = af;
3362
3363 error += collapse_redirspec(&r->rdr, r, rdr, 0);
3364 error += collapse_redirspec(&r->nat, r, nat, 0);
3365 error += collapse_redirspec(&r->route, r, rroute, 1);
3366
3367 /* disallow @if in from or to for the time being */
3368 if ((src_host->addr.type == PF_ADDR_ADDRMASK &&
3369 src_host->ifname) ||
3370 (dst_host->addr.type == PF_ADDR_ADDRMASK &&
3371 dst_host->ifname)) {
3372 yyerror("@if syntax not permitted in from or to");
3373 error++;
3374 }
3375 /* for link-local IPv6 address, interface must match up */
3376 if ((r->af && src_host->af && r->af != src_host->af) ||
3377 (r->af && dst_host->af && r->af != dst_host->af) ||
3378 (src_host->af && dst_host->af &&
3379 src_host->af != dst_host->af) ||
3380 (src_host->ifindex && dst_host->ifindex &&
3381 src_host->ifindex != dst_host->ifindex) ||
3382 (src_host->ifindex && *interface->ifname &&
3383 src_host->ifindex != ifa_nametoindex(interface->ifname)) ||
3384 (dst_host->ifindex && *interface->ifname &&
3385 dst_host->ifindex != ifa_nametoindex(interface->ifname)))
3386 continue;
3387 if (!r->af && src_host->af)
3388 r->af = src_host->af;
3389 else if (!r->af && dst_host->af)
3390 r->af = dst_host->af;
3391
3392 if (*interface->ifname)
3393 strlcpy(r->ifname, interface->ifname,
3394 sizeof(r->ifname));
3395 else if (ifa_indextoname(src_host->ifindex, ifname))
3396 strlcpy(r->ifname, ifname, sizeof(r->ifname));
3397 else if (ifa_indextoname(dst_host->ifindex, ifname))
3398 strlcpy(r->ifname, ifname, sizeof(r->ifname));
3399 else
3400 memset(r->ifname, '\0', sizeof(r->ifname));
3401
3402 if (interface->use_rdomain)
3403 r->onrdomain = interface->rdomain;
3404 else
3405 r->onrdomain = -1;
3406 if (strlcpy(r->label, label, sizeof(r->label)) >=
3407 sizeof(r->label))
3408 errx(1, "expand_rule: strlcpy");
3409 if (strlcpy(r->tagname, tagname, sizeof(r->tagname)) >=
3410 sizeof(r->tagname))
3411 errx(1, "expand_rule: strlcpy");
3412 if (strlcpy(r->match_tagname, match_tagname,
3413 sizeof(r->match_tagname)) >= sizeof(r->match_tagname))
3414 errx(1, "expand_rule: strlcpy");
3415 expand_label(r->label, PF_RULE_LABEL_SIZE64, r->ifname, r->af,
3416 src_host, src_port, dst_host, dst_port, proto->proto);
3417 expand_label(r->tagname, PF_TAG_NAME_SIZE64, r->ifname, r->af,
3418 src_host, src_port, dst_host, dst_port, proto->proto);
3419 expand_label(r->match_tagname, PF_TAG_NAME_SIZE64, r->ifname,
3420 r->af, src_host, src_port, dst_host, dst_port,
3421 proto->proto);
3422
3423 osrch = odsth = NULL((void *)0);
3424 if (src_host->addr.type == PF_ADDR_DYNIFTL) {
3425 osrch = src_host;
3426 if ((src_host = gen_dynnode(src_host, r->af)) == NULL((void *)0))
3427 err(1, "%s", __func__);
3428 }
3429 if (dst_host->addr.type == PF_ADDR_DYNIFTL) {
3430 odsth = dst_host;
3431 if ((dst_host = gen_dynnode(dst_host, r->af)) == NULL((void *)0))
3432 err(1, "%s", __func__);
3433 }
3434
3435 error += check_netmask(src_host, r->af);
3436 error += check_netmask(dst_host, r->af);
3437
3438 r->ifnot = interface->not;
3439 r->proto = proto->proto;
3440 r->src.addr = src_host->addr;
3441 r->src.neg = src_host->not;
3442 r->src.port[0] = src_port->port[0];
3443 r->src.port[1] = src_port->port[1];
3444 r->src.port_op = src_port->op;
3445 r->dst.addr = dst_host->addr;
3446 r->dst.neg = dst_host->not;
3447 r->dst.port[0] = dst_port->port[0];
3448 r->dst.port[1] = dst_port->port[1];
3449 r->dst.port_op = dst_port->op;
3450 r->uid.op = uid->op;
3451 r->uid.uid[0] = uid->uid[0];
3452 r->uid.uid[1] = uid->uid[1];
3453 r->gid.op = gid->op;
3454 r->gid.gid[0] = gid->gid[0];
3455 r->gid.gid[1] = gid->gid[1];
3456 if (rcv) {
3457 strlcpy(r->rcv_ifname, rcv->ifname,
3458 sizeof(r->rcv_ifname));
3459 r->rcvifnot = rcv->not;
3460 }
3461 r->type = icmp_type->type;
3462 r->code = icmp_type->code;
3463
3464 if ((keep_state == PF_STATE_MODULATE0x2 ||
3465 keep_state == PF_STATE_SYNPROXY0x3) &&
3466 r->proto && r->proto != IPPROTO_TCP6)
3467 r->keep_state = PF_STATE_NORMAL0x1;
3468 else
3469 r->keep_state = keep_state;
3470
3471 if (r->proto && r->proto != IPPROTO_TCP6) {
3472 r->flags = 0;
3473 r->flagset = 0;
3474 } else {
3475 r->flags = flags;
3476 r->flagset = flagset;
3477 }
3478 if (icmp_type->proto && r->proto != icmp_type->proto) {
3479 yyerror("icmp-type mismatch");
3480 error++;
3481 }
3482
3483 if (src_os && src_os->os) {
3484 r->os_fingerprint = pfctl_get_fingerprint(src_os->os);
3485 if ((pf->opts & PF_OPT_VERBOSE20x00080) &&
3486 r->os_fingerprint == PF_OSFP_NOMATCH((pf_osfp_t)-2))
3487 fprintf(stderr(&__sF[2]),
3488 "warning: unknown '%s' OS fingerprint\n",
3489 src_os->os);
3490 } else {
3491 r->os_fingerprint = PF_OSFP_ANY((pf_osfp_t)0);
3492 }
3493
3494 if (nat && nat->rdr && nat->binat) {
3495 if (disallow_table(src_host, "invalid use of table "
3496 "<%s> as the source address of a binat-to rule") ||
3497 disallow_alias(src_host, "invalid use of interface "
3498 "(%s) as the source address of a binat-to rule")) {
3499 error++;
3500 } else if ((r->src.addr.type != PF_ADDR_ADDRMASK &&
3501 r->src.addr.type != PF_ADDR_DYNIFTL) ||
3502 (r->nat.addr.type != PF_ADDR_ADDRMASK &&
3503 r->nat.addr.type != PF_ADDR_DYNIFTL)) {
3504 yyerror("binat-to requires a specified "
3505 "source and redirect address");
3506 error++;
3507 }
3508 if (DYNIF_MULTIADDR(r->src.addr)((r->src.addr).type == PF_ADDR_DYNIFTL && (!((r->
src.addr).iflags & 0x08) || !isdigit((unsigned char)(r->
src.addr).v.ifname[strlen((r->src.addr).v.ifname)-1]))) ||
3509 DYNIF_MULTIADDR(r->nat.addr)((r->nat.addr).type == PF_ADDR_DYNIFTL && (!((r->
nat.addr).iflags & 0x08) || !isdigit((unsigned char)(r->
nat.addr).v.ifname[strlen((r->nat.addr).v.ifname)-1])))) {
3510 yyerror ("dynamic interfaces must be used with "
3511 ":0 in a binat-to rule");
3512 error++;
3513 }
3514 if (PF_AZERO(&r->src.addr.v.a.mask, af)((af == 2 && !(&r->src.addr.v.a.mask)->pfa.
addr32[0]) || (af == 24 && !(&r->src.addr.v.a.
mask)->pfa.addr32[0] && !(&r->src.addr.v.a.
mask)->pfa.addr32[1] && !(&r->src.addr.v.a.
mask)->pfa.addr32[2] && !(&r->src.addr.v.a.
mask)->pfa.addr32[3] )) ||
3515 PF_AZERO(&r->nat.addr.v.a.mask, af)((af == 2 && !(&r->nat.addr.v.a.mask)->pfa.
addr32[0]) || (af == 24 && !(&r->nat.addr.v.a.
mask)->pfa.addr32[0] && !(&r->nat.addr.v.a.
mask)->pfa.addr32[1] && !(&r->nat.addr.v.a.
mask)->pfa.addr32[2] && !(&r->nat.addr.v.a.
mask)->pfa.addr32[3] ))) {
3516 yyerror ("source and redir addresess must have "
3517 "a matching network mask in binat-rule");
3518 error++;
3519 }
3520 if (r->nat.addr.type == PF_ADDR_TABLE) {
3521 yyerror ("tables cannot be used as the redirect "
3522 "address of a binat-to rule");
3523 error++;
3524 }
3525 if (r->direction != PF_INOUT) {
3526 yyerror("binat-to cannot be specified "
3527 "with a direction");
3528 error++;
3529 }
3530
3531 /* first specify outbound NAT rule */
3532 r->direction = PF_OUT;
3533 }
3534
3535 error += apply_redirspec(&r->nat, r, nat, 0, dst_port);
3536 error += apply_redirspec(&r->rdr, r, rdr, 1, dst_port);
3537 error += apply_redirspec(&r->route, r, rroute, 2, dst_port);
3538
3539 if (rule_consistent(r) < 0 || error)
3540 yyerror("skipping rule due to errors");
3541 else {
3542 r->nr = pf->astack[pf->asd]->match++;
3543 pfctl_add_rule(pf, r);
3544 added++;
3545 }
3546 r->direction = dir;
3547
3548 /* Generate binat's matching inbound rule */
3549 if (!error && nat && nat->rdr && nat->binat) {
3550 bcopy(r, &rb, sizeof(rb));
3551
3552 /* now specify inbound rdr rule */
3553 rb.direction = PF_IN;
3554
3555 if ((srch = calloc(1, sizeof(*srch))) == NULL((void *)0))
3556 err(1, "%s", __func__);
3557 bcopy(src_host, srch, sizeof(*srch));
3558 srch->ifname = NULL((void *)0);
3559 srch->next = NULL((void *)0);
3560 srch->tail = NULL((void *)0);
3561
3562 if ((dsth = calloc(1, sizeof(*dsth))) == NULL((void *)0))
3563 err(1, "%s", __func__);
3564 bcopy(&rb.nat.addr, &dsth->addr, sizeof(dsth->addr));
3565 dsth->ifname = NULL((void *)0);
3566 dsth->next = NULL((void *)0);
3567 dsth->tail = NULL((void *)0);
3568
3569 bzero(&binat, sizeof(binat));
3570 if ((binat.rdr =
3571 calloc(1, sizeof(*binat.rdr))) == NULL((void *)0))
3572 err(1, "%s", __func__);
3573 bcopy(nat->rdr, binat.rdr, sizeof(*binat.rdr));
3574 bcopy(&nat->pool_opts, &binat.pool_opts,
3575 sizeof(binat.pool_opts));
3576 binat.pool_opts.staticport = 0;
3577 binat.rdr->host = srch;
3578
3579 expand_rule(&rb, 1, interface, NULL((void *)0), &binat, NULL((void *)0),
3580 proto,
3581 src_os, dst_host, dst_port, dsth, src_port,
3582 uid, gid, rcv, icmp_type);
3583 }
3584
3585 if (osrch && src_host->addr.type == PF_ADDR_DYNIFTL) {
3586 free(src_host);
3587 src_host = osrch;
3588 }
3589 if (odsth && dst_host->addr.type == PF_ADDR_DYNIFTL) {
3590 free(dst_host);
3591 dst_host = odsth;
3592 }
3593 ))))))))));
3594
3595 if (!keeprule) {
3596 FREE_LIST(struct node_if, interfaces);
3597 FREE_LIST(struct node_proto, protos);
3598 FREE_LIST(struct node_host, src_hosts);
3599 FREE_LIST(struct node_port, src_ports);
3600 FREE_LIST(struct node_os, src_oses);
3601 FREE_LIST(struct node_host, dst_hosts);
3602 FREE_LIST(struct node_port, dst_ports);
3603 FREE_LIST(struct node_uid, uids);
3604 FREE_LIST(struct node_gid, gids);
3605 FREE_LIST(struct node_icmp, icmp_types);
3606 if (nat && nat->rdr)
3607 FREE_LIST(struct node_host, nat->rdr->host);
3608 if (rdr && rdr->rdr)
3609 FREE_LIST(struct node_host, rdr->rdr->host);
3610
3611 }
3612
3613 if (!added)
3614 yyerror("rule expands to no valid combination");
3615}
3616
3617int
3618expand_skip_interface(struct node_if *interfaces)
3619{
3620 int errs = 0;
3621
3622 if (!interfaces || (!interfaces->next && !interfaces->not &&
3623 !strcmp(interfaces->ifname, "none"))) {
3624 if (pf->opts & PF_OPT_VERBOSE0x00004)
3625 printf("set skip on none\n");
3626 errs = pfctl_set_interface_flags(pf, "", PFI_IFLAG_SKIP0x0100, 0);
3627 return (errs);
3628 }
3629
3630 if (pf->opts & PF_OPT_VERBOSE0x00004)
3631 printf("set skip on {");
3632 LOOP_THROUGH(struct node_if, interface, interfaces,
3633 if (pf->opts & PF_OPT_VERBOSE0x00004)
3634 printf(" %s", interface->ifname);
3635 if (interface->not) {
3636 yyerror("skip on ! <interface> is not supported");
3637 errs++;
3638 } else if (interface->use_rdomain) {
3639 yyerror("skip on rdomain <num> is not supported");
3640 errs++;
3641 } else
3642 errs += pfctl_set_interface_flags(pf,
3643 interface->ifname, PFI_IFLAG_SKIP0x0100, 1);
3644 );
3645 if (pf->opts & PF_OPT_VERBOSE0x00004)
3646 printf(" }\n");
3647
3648 FREE_LIST(struct node_if, interfaces);
3649
3650 if (errs)
3651 return (1);
3652 else
3653 return (0);
3654}
3655
3656void
3657freehostlist(struct node_host *h)
3658{
3659 struct node_host *n;
3660
3661 for (n = h; n != NULL((void *)0); n = n->next)
3662 if (n->ifname)
3663 free(n->ifname);
3664 FREE_LIST(struct node_host, h);
3665}
3666
3667#undef FREE_LIST
3668#undef LOOP_THROUGH
3669
3670int
3671kw_cmp(const void *k, const void *e)
3672{
3673 return (strcmp(k, ((const struct keywords *)e)->k_name));
3674}
3675
3676int
3677lookup(char *s)
3678{
3679 /* this has to be sorted always */
3680 static const struct keywords keywords[] = {
3681 { "af-to", AFTO377},
3682 { "all", ALL277},
3683 { "allow-opts", ALLOWOPTS290},
3684 { "anchor", ANCHOR309},
3685 { "antispoof", ANTISPOOF324},
3686 { "any", ANY278},
3687 { "bandwidth", BANDWIDTH336},
3688 { "binat-to", BINATTO286},
3689 { "bitmask", BITMASK328},
3690 { "block", BLOCK258},
3691 { "block-policy", BLOCKPOLICY316},
3692 { "burst", BURST345},
3693 { "code", CODE281},
3694 { "debug", DEBUG321},
3695 { "default", DEFAULT351},
3696 { "delay", DELAY352},
3697 { "divert-packet", DIVERTPACKET375},
3698 { "divert-reply", DIVERTREPLY374},
3699 { "divert-to", DIVERTTO373},
3700 { "drop", DROP306},
3701 { "dup-to", DUPTO293},
3702 { "file", FILENAME291},
3703 { "fingerprints", FINGERPRINTS319},
3704 { "flags", FLAGS270},
3705 { "floating", FLOATING369},
3706 { "flows", FLOWS337},
3707 { "flush", FLUSH362},
3708 { "for", FOR325},
3709 { "fragment", FRAGMENT299},
3710 { "from", FROM268},
3711 { "global", GLOBAL357},
3712 { "group", GROUP301},
3713 { "hostid", HOSTID323},
3714 { "icmp-type", ICMPTYPE279},
3715 { "icmp6-type", ICMP6TYPE280},
3716 { "if-bound", IFBOUND368},
3717 { "in", IN262},
3718 { "include", INCLUDE326},
3719 { "inet", INET275},
3720 { "inet6", INET6276},
3721 { "keep", KEEP282},
3722 { "label", LABEL296},
3723 { "least-states", LEASTSTATES332},
3724 { "limit", LIMIT314},
3725 { "load", LOAD347},
3726 { "log", LOG265},
3727 { "loginterface", LOGINTERFACE315},
3728 { "match", MATCH259},
3729 { "matches", MATCHES327},
3730 { "max", MAXIMUM303},
3731 { "max-mss", MAXMSS302},
3732 { "max-pkt-rate", MAXPKTRATE365},
3733 { "max-src-conn", MAXSRCCONN359},
3734 { "max-src-conn-rate", MAXSRCCONNRATE360},
3735 { "max-src-nodes", MAXSRCNODES355},
3736 { "max-src-states", MAXSRCSTATES354},
3737 { "min", MINIMUM344},
3738 { "min-ttl", MINTTL288},
3739 { "modulate", MODULATE283},
3740 { "nat-to", NATTO376},
3741 { "no", NO295},
3742 { "no-df", NODF287},
3743 { "no-route", NOROUTE297},
3744 { "no-sync", NOSYNC320},
3745 { "on", ON267},
3746 { "once", ONCE350},
3747 { "optimization", OPTIMIZATION312},
3748 { "os", OS263},
3749 { "out", OUT264},
3750 { "overload", OVERLOAD361},
3751 { "parent", PARENT346},
3752 { "pass", PASS257},
3753 { "pflow", PFLOW364},
3754 { "port", PORT285},
3755 { "prio", PRIO349},
3756 { "probability", PROBABILITY334},
3757 { "proto", PROTO274},
3758 { "qlimit", QLIMIT341},
3759 { "quantum", QUANTUM338},
3760 { "queue", QUEUE339},
3761 { "quick", QUICK266},
3762 { "random", RANDOM329},
3763 { "random-id", RANDOMID317},
3764 { "rdomain", RDOMAIN343},
3765 { "rdr-to", RDRTO378},
3766 { "reassemble", REASSEMBLE308},
3767 { "received-on", RECEIVEDON379},
3768 { "reply-to", REPLYTO294},
3769 { "return", RETURN261},
3770 { "return-icmp", RETURNICMP272},
3771 { "return-icmp6", RETURNICMP6273},
3772 { "return-rst", RETURNRST271},
3773 { "round-robin", ROUNDROBIN331},
3774 { "route", ROUTE372},
3775 { "route-to", ROUTETO292},
3776 { "rtable", RTABLE342},
3777 { "rule", RULE358},
3778 { "ruleset-optimization", RULESET_OPTIMIZATION348},
3779 { "scrub", SCRUB260},
3780 { "set", SET311},
3781 { "skip", SKIP322},
3782 { "sloppy", SLOPPY363},
3783 { "source-hash", SOURCEHASH330},
3784 { "source-track", SOURCETRACK356},
3785 { "state", STATE284},
3786 { "state-defaults", STATEDEFAULTS371},
3787 { "state-policy", STATEPOLICY370},
3788 { "static-port", STATICPORT333},
3789 { "sticky-address", STICKYADDRESS353},
3790 { "syncookies", SYNCOOKIES310},
3791 { "synproxy", SYNPROXY318},
3792 { "table", TABLE307},
3793 { "tag", TAG367},
3794 { "tagged", TAGGED366},
3795 { "timeout", TIMEOUT313},
3796 { "to", TO269},
3797 { "tos", TOS305},
3798 { "ttl", TTL304},
3799 { "urpf-failed", URPFFAILED298},
3800 { "user", USER300},
3801 { "weight", WEIGHT335},
3802 };
3803 const struct keywords *p;
3804
3805 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
3806 sizeof(keywords[0]), kw_cmp);
3807
3808 if (p) {
3809 if (debug > 1)
3810 fprintf(stderr(&__sF[2]), "%s: %d\n", s, p->k_val);
3811 return (p->k_val);
3812 } else {
3813 if (debug > 1)
3814 fprintf(stderr(&__sF[2]), "string: %s\n", s);
3815 return (STRING383);
3816 }
3817}
3818
3819#define START_EXPAND1 1
3820#define DONE_EXPAND2 2
3821
3822static int expanding;
3823
3824int
3825igetc(void)
3826{
3827 int c;
3828 while (1) {
3829 if (file->ungetpos > 0)
3830 c = file->ungetbuf[--file->ungetpos];
3831 else
3832 c = getc(file->stream)(!__isthreaded ? (--(file->stream)->_r < 0 ? __srget
(file->stream) : (int)(*(file->stream)->_p++)) : (getc
)(file->stream));
3833 if (c == START_EXPAND1)
3834 expanding = 1;
3835 else if (c == DONE_EXPAND2)
3836 expanding = 0;
3837 else
3838 break;
3839 }
3840 return (c);
3841}
3842
3843int
3844lgetc(int quotec)
3845{
3846 int c, next;
3847
3848 if (quotec) {
3849 if ((c = igetc()) == EOF(-1)) {
3850 yyerror("reached end of file while parsing quoted string");
3851 if (file == topfile || popfile() == EOF(-1))
3852 return (EOF(-1));
3853 return (quotec);
3854 }
3855 return (c);
3856 }
3857
3858 while ((c = igetc()) == '\\') {
3859 next = igetc();
3860 if (next != '\n') {
3861 c = next;
3862 break;
3863 }
3864 yylval.lineno = file->lineno;
3865 file->lineno++;
3866 }
3867
3868 if (c == EOF(-1)) {
3869 /*
3870 * Fake EOL when hit EOF for the first time. This gets line
3871 * count right if last line in included file is syntactically
3872 * invalid and has no newline.
3873 */
3874 if (file->eof_reached == 0) {
3875 file->eof_reached = 1;
3876 return ('\n');
3877 }
3878 while (c == EOF(-1)) {
3879 if (file == topfile || popfile() == EOF(-1))
3880 return (EOF(-1));
3881 c = igetc();
3882 }
3883 }
3884
3885 return (c);
3886}
3887
3888void
3889lungetc(int c)
3890{
3891 if (c == EOF(-1))
3892 return;
3893 if (file->ungetpos >= file->ungetsize) {
3894 void *p = reallocarray(file->ungetbuf, file->ungetsize, 2);
3895 if (p == NULL((void *)0))
3896 err(1, "%s", __func__);
3897 file->ungetbuf = p;
3898 file->ungetsize *= 2;
3899 }
3900 file->ungetbuf[file->ungetpos++] = c;
3901}
3902
3903int
3904findeol(void)
3905{
3906 int c;
3907
3908 /* skip to either EOF or the first real EOL */
3909 while (1) {
3910 c = lgetc(0);
3911 if (c == '\n') {
3912 file->lineno++;
3913 break;
3914 }
3915 if (c == EOF(-1))
3916 break;
3917 }
3918 return (ERROR289);
3919}
3920
3921int
3922yylex(void)
3923{
3924 char buf[8096];
3925 char *p, *val;
3926 int quotec, next, c;
3927 int token;
3928
3929top:
3930 p = buf;
3931 while ((c = lgetc(0)) == ' ' || c == '\t')
3932 ; /* nothing */
3933
3934 yylval.lineno = file->lineno;
3935 if (c == '#')
3936 while ((c = lgetc(0)) != '\n' && c != EOF(-1))
3937 ; /* nothing */
3938 if (c == '$' && !expanding) {
3939 while (1) {
3940 if ((c = lgetc(0)) == EOF(-1))
3941 return (0);
3942
3943 if (p + 1 >= buf + sizeof(buf) - 1) {
3944 yyerror("string too long");
3945 return (findeol());
3946 }
3947 if (isalnum(c) || c == '_') {
3948 *p++ = c;
3949 continue;
3950 }
3951 *p = '\0';
3952 lungetc(c);
3953 break;
3954 }
3955 val = symget(buf);
3956 if (val == NULL((void *)0)) {
3957 yyerror("macro '%s' not defined", buf);
3958 return (findeol());
3959 }
3960 p = val + strlen(val) - 1;
3961 lungetc(DONE_EXPAND2);
3962 while (p >= val) {
3963 lungetc((unsigned char)*p);
3964 p--;
3965 }
3966 lungetc(START_EXPAND1);
3967 goto top;
3968 }
3969
3970 switch (c) {
3971 case '\'':
3972 case '"':
3973 quotec = c;
3974 while (1) {
3975 if ((c = lgetc(quotec)) == EOF(-1))
3976 return (0);
3977 if (c == '\n') {
3978 file->lineno++;
3979 continue;
3980 } else if (c == '\\') {
3981 if ((next = lgetc(quotec)) == EOF(-1))
3982 return (0);
3983 if (next == quotec || next == ' ' ||
3984 next == '\t')
3985 c = next;
3986 else if (next == '\n') {
3987 file->lineno++;
3988 continue;
3989 } else
3990 lungetc(next);
3991 } else if (c == quotec) {
3992 *p = '\0';
3993 break;
3994 } else if (c == '\0') {
3995 yyerror("syntax error");
3996 return (findeol());
3997 }
3998 if (p + 1 >= buf + sizeof(buf) - 1) {
3999 yyerror("string too long");
4000 return (findeol());
4001 }
4002 *p++ = c;
4003 }
4004 yylval.v.string = strdup(buf);
4005 if (yylval.v.string == NULL((void *)0))
4006 err(1, "%s", __func__);
4007 return (STRING383);
4008 case '!':
4009 next = lgetc(0);
4010 if (next == '=')
4011 return (NE380);
4012 lungetc(next);
4013 break;
4014 case '<':
4015 next = lgetc(0);
4016 if (next == '>') {
4017 yylval.v.i = PF_OP_XRG;
4018 return (PORTBINARY385);
4019 } else if (next == '=')
4020 return (LE381);
4021 lungetc(next);
4022 break;
4023 case '>':
4024 next = lgetc(0);
4025 if (next == '<') {
4026 yylval.v.i = PF_OP_IRG;
4027 return (PORTBINARY385);
4028 } else if (next == '=')
4029 return (GE382);
4030 lungetc(next);
4031 break;
4032 }
4033
4034#define allowed_to_end_number(x)(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' ||
x == '=') \
4035 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
4036
4037 if (c == '-' || isdigit(c)) {
4038 do {
4039 *p++ = c;
4040 if ((size_t)(p-buf) >= sizeof(buf)) {
4041 yyerror("string too long");
4042 return (findeol());
4043 }
4044 } while ((c = lgetc(0)) != EOF(-1) && isdigit(c));
4045 lungetc(c);
4046 if (p == buf + 1 && buf[0] == '-')
4047 goto nodigits;
4048 if (c == EOF(-1) || allowed_to_end_number(c)(isspace(c) || c == ')' || c ==',' || c == '/' || c == '}' ||
c == '=')) {
4049 const char *errstr = NULL((void *)0);
4050
4051 *p = '\0';
4052 yylval.v.number = strtonum(buf, LLONG_MIN(-9223372036854775807LL -1LL),
4053 LLONG_MAX9223372036854775807LL, &errstr);
4054 if (errstr) {
4055 yyerror("\"%s\" invalid number: %s",
4056 buf, errstr);
4057 return (findeol());
4058 }
4059 return (NUMBER384);
4060 } else {
4061nodigits:
4062 while (p > buf + 1)
4063 lungetc((unsigned char)*--p);
4064 c = (unsigned char)*--p;
4065 if (c == '-')
4066 return (c);
4067 }
4068 }
4069
4070#define allowed_in_string(x)(isalnum(x) || (ispunct(x) && x != '(' && x !=
')' && x != '{' && x != '}' && x != '<'
&& x != '>' && x != '!' && x != '='
&& x != '/' && x != '#' && x != ',')
) \
4071 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
4072 x != '{' && x != '}' && x != '<' && x != '>' && \
4073 x != '!' && x != '=' && x != '/' && x != '#' && \
4074 x != ','))
4075
4076 if (isalnum(c) || c == ':' || c == '_') {
4077 do {
4078 *p++ = c;
4079 if ((size_t)(p-buf) >= sizeof(buf)) {
4080 yyerror("string too long");
4081 return (findeol());
4082 }
4083 } while ((c = lgetc(0)) != EOF(-1) && (allowed_in_string(c)(isalnum(c) || (ispunct(c) && c != '(' && c !=
')' && c != '{' && c != '}' && c != '<'
&& c != '>' && c != '!' && c != '='
&& c != '/' && c != '#' && c != ',')
)));
4084 lungetc(c);
4085 *p = '\0';
4086 if ((token = lookup(buf)) == STRING383)
4087 if ((yylval.v.string = strdup(buf)) == NULL((void *)0))
4088 err(1, "%s", __func__);
4089 return (token);
4090 }
4091 if (c == '\n') {
4092 yylval.lineno = file->lineno;
4093 file->lineno++;
4094 }
4095 if (c == EOF(-1))
4096 return (0);
4097 return (c);
4098}
4099
4100int
4101check_file_secrecy(int fd, const char *fname)
4102{
4103 struct stat st;
4104
4105 if (fstat(fd, &st)) {
4106 warn("cannot stat %s", fname);
4107 return (-1);
4108 }
4109 if (st.st_uid != 0 && st.st_uid != getuid()) {
4110 warnx("%s: owner not root or current user", fname);
4111 return (-1);
4112 }
4113 if (st.st_mode & (S_IWGRP0000020 | S_IXGRP0000010 | S_IRWXO0000007)) {
4114 warnx("%s: group writable or world read/writable", fname);
4115 return (-1);
4116 }
4117 return (0);
4118}
4119
4120struct file *
4121pushfile(const char *name, int secret)
4122{
4123 struct file *nfile;
4124
4125 if ((nfile = calloc(1, sizeof(struct file))) == NULL((void *)0) ||
4126 (nfile->name = strdup(name)) == NULL((void *)0)) {
4127 warn("%s", __func__);
4128 if (nfile)
4129 free(nfile);
4130 return (NULL((void *)0));
4131 }
4132 if (TAILQ_FIRST(&files)((&files)->tqh_first) == NULL((void *)0) && strcmp(nfile->name, "-") == 0) {
4133 nfile->stream = stdin(&__sF[0]);
4134 free(nfile->name);
4135 if ((nfile->name = strdup("stdin")) == NULL((void *)0)) {
4136 warn("%s", __func__);
4137 free(nfile);
4138 return (NULL((void *)0));
4139 }
4140 } else if ((nfile->stream = fopen(nfile->name, "r")) == NULL((void *)0)) {
4141 warn("%s: %s", __func__, nfile->name);
4142 free(nfile->name);
4143 free(nfile);
4144 return (NULL((void *)0));
4145 } else if (secret &&
4146 check_file_secrecy(fileno(nfile->stream)(!__isthreaded ? ((nfile->stream)->_file) : (fileno)(nfile
->stream)), nfile->name)) {
4147 fclose(nfile->stream);
4148 free(nfile->name);
4149 free(nfile);
4150 return (NULL((void *)0));
4151 }
4152 nfile->lineno = TAILQ_EMPTY(&files)(((&files)->tqh_first) == ((void *)0)) ? 1 : 0;
4153 nfile->ungetsize = 16;
4154 nfile->ungetbuf = malloc(nfile->ungetsize);
4155 if (nfile->ungetbuf == NULL((void *)0)) {
4156 warn("%s", __func__);
4157 fclose(nfile->stream);
4158 free(nfile->name);
4159 free(nfile);
4160 return (NULL((void *)0));
4161 }
4162 TAILQ_INSERT_TAIL(&files, nfile, entry)do { (nfile)->entry.tqe_next = ((void *)0); (nfile)->entry
.tqe_prev = (&files)->tqh_last; *(&files)->tqh_last
= (nfile); (&files)->tqh_last = &(nfile)->entry
.tqe_next; } while (0);
4163 return (nfile);
4164}
4165
4166int
4167popfile(void)
4168{
4169 struct file *prev;
4170
4171 if ((prev = TAILQ_PREV(file, files, entry)(*(((struct files *)((file)->entry.tqe_prev))->tqh_last
))) != NULL((void *)0))
4172 prev->errors += file->errors;
4173
4174 TAILQ_REMOVE(&files, file, entry)do { if (((file)->entry.tqe_next) != ((void *)0)) (file)->
entry.tqe_next->entry.tqe_prev = (file)->entry.tqe_prev
; else (&files)->tqh_last = (file)->entry.tqe_prev;
*(file)->entry.tqe_prev = (file)->entry.tqe_next; ; ; }
while (0);
4175 fclose(file->stream);
4176 free(file->name);
4177 free(file->ungetbuf);
4178 free(file);
4179 file = prev;
4180
4181 return (file ? 0 : EOF(-1));
4182}
4183
4184int
4185parse_config(char *filename, struct pfctl *xpf)
4186{
4187 int errors = 0;
4188 struct sym *sym;
4189
4190 pf = xpf;
4191 returnicmpdefault = (ICMP_UNREACH3 << 8) | ICMP_UNREACH_PORT3;
4192 returnicmp6default =
4193 (ICMP6_DST_UNREACH1 << 8) | ICMP6_DST_UNREACH_NOPORT4;
4194 blockpolicy = PFRULE_DROP0x0000;
4195
4196 if ((file = pushfile(filename, 0)) == NULL((void *)0)) {
4197 warn("cannot open the main config file!");
4198 return (-1);
4199 }
4200 topfile = file;
4201
4202 yyparse();
4203 errors = file->errors;
4204 popfile();
4205
4206 /* Free macros and check which have not been used. */
4207 while ((sym = TAILQ_FIRST(&symhead)((&symhead)->tqh_first))) {
4208 if ((pf->opts & PF_OPT_VERBOSE20x00080) && !sym->used)
4209 fprintf(stderr(&__sF[2]), "warning: macro '%s' not "
4210 "used\n", sym->nam);
4211 free(sym->nam);
4212 free(sym->val);
4213 TAILQ_REMOVE(&symhead, sym, entry)do { if (((sym)->entry.tqe_next) != ((void *)0)) (sym)->
entry.tqe_next->entry.tqe_prev = (sym)->entry.tqe_prev;
else (&symhead)->tqh_last = (sym)->entry.tqe_prev;
*(sym)->entry.tqe_prev = (sym)->entry.tqe_next; ; ; } while
(0);
4214 free(sym);
4215 }
4216
4217 return (errors ? -1 : 0);
4218}
4219
4220int
4221symset(const char *nam, const char *val, int persist)
4222{
4223 struct sym *sym;
4224
4225 TAILQ_FOREACH(sym, &symhead, entry)for((sym) = ((&symhead)->tqh_first); (sym) != ((void *
)0); (sym) = ((sym)->entry.tqe_next)) {
4226 if (strcmp(nam, sym->nam) == 0)
4227 break;
4228 }
4229
4230 if (sym != NULL((void *)0)) {
4231 if (sym->persist == 1)
4232 return (0);
4233 else {
4234 free(sym->nam);
4235 free(sym->val);
4236 TAILQ_REMOVE(&symhead, sym, entry)do { if (((sym)->entry.tqe_next) != ((void *)0)) (sym)->
entry.tqe_next->entry.tqe_prev = (sym)->entry.tqe_prev;
else (&symhead)->tqh_last = (sym)->entry.tqe_prev;
*(sym)->entry.tqe_prev = (sym)->entry.tqe_next; ; ; } while
(0);
4237 free(sym);
4238 }
4239 }
4240 if ((sym = calloc(1, sizeof(*sym))) == NULL((void *)0))
4241 return (-1);
4242
4243 sym->nam = strdup(nam);
4244 if (sym->nam == NULL((void *)0)) {
4245 free(sym);
4246 return (-1);
4247 }
4248 sym->val = strdup(val);
4249 if (sym->val == NULL((void *)0)) {
4250 free(sym->nam);
4251 free(sym);
4252 return (-1);
4253 }
4254 sym->used = 0;
4255 sym->persist = persist;
4256 TAILQ_INSERT_TAIL(&symhead, sym, entry)do { (sym)->entry.tqe_next = ((void *)0); (sym)->entry.
tqe_prev = (&symhead)->tqh_last; *(&symhead)->tqh_last
= (sym); (&symhead)->tqh_last = &(sym)->entry.
tqe_next; } while (0);
4257 return (0);
4258}
4259
4260int
4261pfctl_cmdline_symset(char *s)
4262{
4263 char *sym, *val;
4264 int ret;
4265
4266 if ((val = strrchr(s, '=')) == NULL((void *)0))
4267 return (-1);
4268
4269 sym = strndup(s, val - s);
4270 if (sym == NULL((void *)0))
4271 err(1, "%s", __func__);
4272 ret = symset(sym, val + 1, 1);
4273 free(sym);
4274
4275 return (ret);
4276}
4277
4278char *
4279symget(const char *nam)
4280{
4281 struct sym *sym;
4282
4283 TAILQ_FOREACH(sym, &symhead, entry)for((sym) = ((&symhead)->tqh_first); (sym) != ((void *
)0); (sym) = ((sym)->entry.tqe_next)) {
4284 if (strcmp(nam, sym->nam) == 0) {
4285 sym->used = 1;
4286 return (sym->val);
4287 }
4288 }
4289 return (NULL((void *)0));
4290}
4291
4292void
4293mv_rules(struct pf_ruleset *src, struct pf_ruleset *dst)
4294{
4295 struct pf_rule *r;
4296
4297 TAILQ_FOREACH(r, src->rules.active.ptr, entries)for((r) = ((src->rules.active.ptr)->tqh_first); (r) != (
(void *)0); (r) = ((r)->entries.tqe_next))
4298 dst->anchor->match++;
4299 TAILQ_CONCAT(dst->rules.active.ptr, src->rules.active.ptr, entries)do { if (!(((src->rules.active.ptr)->tqh_first) == ((void
*)0))) { *(dst->rules.active.ptr)->tqh_last = (src->
rules.active.ptr)->tqh_first; (src->rules.active.ptr)->
tqh_first->entries.tqe_prev = (dst->rules.active.ptr)->
tqh_last; (dst->rules.active.ptr)->tqh_last = (src->
rules.active.ptr)->tqh_last; do { ((src->rules.active.ptr
))->tqh_first = ((void *)0); ((src->rules.active.ptr))->
tqh_last = &((src->rules.active.ptr))->tqh_first; }
while (0); } } while (0);
4300 src->anchor->match = 0;
4301 TAILQ_CONCAT(dst->rules.inactive.ptr, src->rules.inactive.ptr, entries)do { if (!(((src->rules.inactive.ptr)->tqh_first) == ((
void *)0))) { *(dst->rules.inactive.ptr)->tqh_last = (src
->rules.inactive.ptr)->tqh_first; (src->rules.inactive
.ptr)->tqh_first->entries.tqe_prev = (dst->rules.inactive
.ptr)->tqh_last; (dst->rules.inactive.ptr)->tqh_last
= (src->rules.inactive.ptr)->tqh_last; do { ((src->
rules.inactive.ptr))->tqh_first = ((void *)0); ((src->rules
.inactive.ptr))->tqh_last = &((src->rules.inactive.
ptr))->tqh_first; } while (0); } } while (0);
4302}
4303
4304void
4305decide_address_family(struct node_host *n, sa_family_t *af)
4306{
4307 if (*af != 0 || n == NULL((void *)0))
4308 return;
4309 *af = n->af;
4310 while ((n = n->next) != NULL((void *)0)) {
4311 if (n->af != *af) {
4312 *af = 0;
4313 return;
4314 }
4315 }
4316}
4317
4318int
4319invalid_redirect(struct node_host *nh, sa_family_t af)
4320{
4321 if (!af) {
4322 struct node_host *n;
4323
4324 /* tables and dyniftl are ok without an address family */
4325 for (n = nh; n != NULL((void *)0); n = n->next) {
4326 if (n->addr.type != PF_ADDR_TABLE &&
4327 n->addr.type != PF_ADDR_DYNIFTL) {
4328 yyerror("address family not given and "
4329 "translation address expands to multiple "
4330 "address families");
4331 return (1);
4332 }
4333 }
4334 }
4335 if (nh == NULL((void *)0)) {
4336 yyerror("no translation address with matching address family "
4337 "found.");
4338 return (1);
4339 }
4340 return (0);
4341}
4342
4343int
4344atoul(char *s, u_long *ulvalp)
4345{
4346 u_long ulval;
4347 char *ep;
4348
4349 errno(*__errno()) = 0;
4350 ulval = strtoul(s, &ep, 0);
4351 if (s[0] == '\0' || *ep != '\0')
4352 return (-1);
4353 if (errno(*__errno()) == ERANGE34 && ulval == ULONG_MAX(9223372036854775807L *2UL+1UL))
4354 return (-1);
4355 *ulvalp = ulval;
4356 return (0);
4357}
4358
4359int
4360getservice(char *n)
4361{
4362 struct servent *s;
4363 u_long ulval;
4364
4365 if (atoul(n, &ulval) == 0) {
4366 if (ulval > 65535) {
4367 yyerror("illegal port value %lu", ulval);
4368 return (-1);
4369 }
4370 return (htons(ulval)(__uint16_t)(__builtin_constant_p(ulval) ? (__uint16_t)(((__uint16_t
)(ulval) & 0xffU) << 8 | ((__uint16_t)(ulval) &
0xff00U) >> 8) : __swap16md(ulval)));
4371 } else {
4372 s = getservbyname(n, "tcp");
4373 if (s == NULL((void *)0))
4374 s = getservbyname(n, "udp");
4375 if (s == NULL((void *)0)) {
4376 yyerror("unknown port %s", n);
4377 return (-1);
4378 }
4379 return (s->s_port);
4380 }
4381}
4382
4383int
4384rule_label(struct pf_rule *r, char *s)
4385{
4386 if (s) {
4387 if (strlcpy(r->label, s, sizeof(r->label)) >=
4388 sizeof(r->label)) {
4389 yyerror("rule label too long (max %zu chars)",
4390 sizeof(r->label)-1);
4391 return (-1);
4392 }
4393 }
4394 return (0);
4395}
4396
4397u_int16_t
4398parseicmpspec(char *w, sa_family_t af)
4399{
4400 const struct icmpcodeent *p;
4401 u_long ulval;
4402 u_int8_t icmptype;
4403
4404 if (af == AF_INET2)
4405 icmptype = returnicmpdefault >> 8;
4406 else
4407 icmptype = returnicmp6default >> 8;
4408
4409 if (atoul(w, &ulval) == -1) {
4410 if ((p = geticmpcodebyname(icmptype, w, af)) == NULL((void *)0)) {
4411 yyerror("unknown icmp code %s", w);
4412 return (0);
4413 }
4414 ulval = p->code;
4415 }
4416 if (ulval > 255) {
4417 yyerror("invalid icmp code %lu", ulval);
4418 return (0);
4419 }
4420 return (icmptype << 8 | ulval);
4421}
4422
4423int
4424parseport(char *port, struct range *r, int extensions)
4425{
4426 char *p = strchr(port, ':');
4427
4428 if (p == NULL((void *)0)) {
4429 if ((r->a = getservice(port)) == -1)
4430 return (-1);
4431 r->b = 0;
4432 r->t = PF_OP_NONE;
4433 return (0);
4434 }
4435 if ((extensions & PPORT_STAR2) && !strcmp(p+1, "*")) {
4436 *p = 0;
4437 if ((r->a = getservice(port)) == -1)
4438 return (-1);
4439 r->b = 0;
4440 r->t = PF_OP_IRG;
4441 return (0);
4442 }
4443 if ((extensions & PPORT_RANGE1)) {
4444 *p++ = 0;
4445 if ((r->a = getservice(port)) == -1 ||
4446 (r->b = getservice(p)) == -1)
4447 return (-1);
4448 if (r->a == r->b) {
4449 r->b = 0;
4450 r->t = PF_OP_NONE;
4451 } else
4452 r->t = PF_OP_RRG;
4453 return (0);
4454 }
4455 yyerror("port is invalid: %s", port);
4456 return (-1);
4457}
4458
4459int
4460pfctl_load_anchors(int dev, struct pfctl *pf, struct pfr_buffer *trans)
4461{
4462 struct loadanchors *la;
4463
4464 TAILQ_FOREACH(la, &loadanchorshead, entries)for((la) = ((&loadanchorshead)->tqh_first); (la) != ((
void *)0); (la) = ((la)->entries.tqe_next)) {
4465 if (pf->opts & PF_OPT_VERBOSE0x00004)
4466 fprintf(stderr(&__sF[2]), "\nLoading anchor %s from %s\n",
4467 la->anchorname, la->filename);
4468 if (pfctl_rules(dev, la->filename, pf->opts, pf->optimize,
4469 la->anchorname, trans) == -1)
4470 return (-1);
4471 }
4472
4473 return (0);
4474}
4475
4476int
4477kw_casecmp(const void *k, const void *e)
4478{
4479 return (strcasecmp(k, ((const struct keywords *)e)->k_name));
4480}
4481
4482int
4483map_tos(char *s, int *val)
4484{
4485 /* DiffServ Codepoints and other TOS mappings */
4486 const struct keywords toswords[] = {
4487 { "af11", IPTOS_DSCP_AF110x28 },
4488 { "af12", IPTOS_DSCP_AF120x30 },
4489 { "af13", IPTOS_DSCP_AF130x38 },
4490 { "af21", IPTOS_DSCP_AF210x48 },
4491 { "af22", IPTOS_DSCP_AF220x50 },
4492 { "af23", IPTOS_DSCP_AF230x58 },
4493 { "af31", IPTOS_DSCP_AF310x68 },
4494 { "af32", IPTOS_DSCP_AF320x70 },
4495 { "af33", IPTOS_DSCP_AF330x78 },
4496 { "af41", IPTOS_DSCP_AF410x88 },
4497 { "af42", IPTOS_DSCP_AF420x90 },
4498 { "af43", IPTOS_DSCP_AF430x98 },
4499 { "critical", IPTOS_PREC_CRITIC_ECP0xa0 },
4500 { "cs0", IPTOS_DSCP_CS00x00 },
4501 { "cs1", IPTOS_DSCP_CS10x20 },
4502 { "cs2", IPTOS_DSCP_CS20x40 },
4503 { "cs3", IPTOS_DSCP_CS30x60 },
4504 { "cs4", IPTOS_DSCP_CS40x80 },
4505 { "cs5", IPTOS_DSCP_CS50xa0 },
4506 { "cs6", IPTOS_DSCP_CS60xc0 },
4507 { "cs7", IPTOS_DSCP_CS70xe0 },
4508 { "ef", IPTOS_DSCP_EF0xb8 },
4509 { "inetcontrol", IPTOS_PREC_INTERNETCONTROL0xc0 },
4510 { "lowdelay", IPTOS_LOWDELAY0x10 },
4511 { "netcontrol", IPTOS_PREC_NETCONTROL0xe0 },
4512 { "reliability", IPTOS_RELIABILITY0x04 },
4513 { "throughput", IPTOS_THROUGHPUT0x08 }
4514 };
4515 const struct keywords *p;
4516
4517 p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]),
4518 sizeof(toswords[0]), kw_casecmp);
4519
4520 if (p) {
4521 *val = p->k_val;
4522 return (1);
4523 }
4524 return (0);
4525}
4526
4527int
4528lookup_rtable(u_int rtableid)
4529{
4530 size_t len;
4531 struct rt_tableinfo info;
4532 int mib[6];
4533 static u_int found[RT_TABLEID_MAX255+1];
4534
4535 if (found[rtableid])
4536 return found[rtableid];
4537
4538 mib[0] = CTL_NET4;
4539 mib[1] = PF_ROUTE17;
4540 mib[2] = 0;
4541 mib[3] = 0;
4542 mib[4] = NET_RT_TABLE5;
4543 mib[5] = rtableid;
4544
4545 len = sizeof(info);
4546 if (sysctl(mib, 6, &info, &len, NULL((void *)0), 0) == -1) {
4547 if (errno(*__errno()) == ENOENT2) {
4548 /* table nonexistent */
4549 found[rtableid] = 0;
4550 return 0;
4551 }
4552 err(1, "%s", __func__);
4553 }
4554 found[rtableid] = 1;
4555 return 1;
4556}
4557
4558int
4559filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts)
4560{
4561 if (opts->marker & FOM_ONCE0x1000) {
4562 if ((r->action != PF_PASS && r->action != PF_DROP) || r->anchor) {
4563 yyerror("'once' only applies to pass/block rules");
4564 return (1);
4565 }
4566 r->rule_flag |= PFRULE_ONCE0x00100000;
4567 }
4568
4569 r->keep_state = opts->keep.action;
4570 r->pktrate.limit = opts->pktrate.limit;
4571 r->pktrate.seconds = opts->pktrate.seconds;
4572 r->prob = opts->prob;
4573 r->rtableid = opts->rtableid;
4574 r->tos = opts->tos;
4575
4576 if (opts->nodf)
4577 r->scrub_flags |= PFSTATE_NODF0x0020;
4578 if (opts->randomid)
4579 r->scrub_flags |= PFSTATE_RANDOMID0x0080;
4580 if (opts->minttl)
4581 r->min_ttl = opts->minttl;
4582 if (opts->max_mss)
4583 r->max_mss = opts->max_mss;
4584
4585 if (opts->tag)
4586 if (strlcpy(r->tagname, opts->tag,
4587 PF_TAG_NAME_SIZE64) >= PF_TAG_NAME_SIZE64) {
4588 yyerror("tag too long, max %u chars",
4589 PF_TAG_NAME_SIZE64 - 1);
4590 return (1);
4591 }
4592 if (opts->match_tag)
4593 if (strlcpy(r->match_tagname, opts->match_tag,
4594 PF_TAG_NAME_SIZE64) >= PF_TAG_NAME_SIZE64) {
4595 yyerror("tag too long, max %u chars",
4596 PF_TAG_NAME_SIZE64 - 1);
4597 return (1);
4598 }
4599 r->match_tag_not = opts->match_tag_not;
4600
4601 if (rule_label(r, opts->label))
4602 return (1);
4603 free(opts->label);
4604
4605 if (opts->marker & FOM_AFTO0x0080)
4606 r->rule_flag |= PFRULE_AFTO0x00200000;
4607 if ((opts->marker & FOM_AFTO0x0080) && r->direction != PF_IN) {
4608 yyerror("af-to can only be used with direction in");
4609 return (1);
4610 }
4611 if ((opts->marker & FOM_AFTO0x0080) && opts->rt) {
4612 yyerror("af-to cannot be used together with "
4613 "route-to, reply-to, dup-to");
4614 return (1);
4615 }
4616 if (opts->marker & FOM_SCRUB_TCP0x0200)
4617 r->scrub_flags |= PFSTATE_SCRUB_TCP0x0100;
4618 if (opts->marker & FOM_SETDELAY0x4000) {
4619 r->delay = opts->delay;
4620 r->rule_flag |= PFRULE_SETDELAY0x0080;
4621 }
4622 if (opts->marker & FOM_SETPRIO0x0400) {
4623 r->set_prio[0] = opts->set_prio[0];
4624 r->set_prio[1] = opts->set_prio[1];
4625 r->scrub_flags |= PFSTATE_SETPRIO0x0200;
4626 }
4627 if (opts->marker & FOM_SETTOS0x0100) {
4628 r->scrub_flags |= PFSTATE_SETTOS0x0040;
4629 r->set_tos = opts->settos;
4630 }
4631 if (opts->marker & FOM_PRIO0x2000)
4632 r->prio = opts->prio ? opts->prio : PF_PRIO_ZERO0xff;
4633 if (opts->marker & FOM_SETPRIO0x0400) {
4634 r->set_prio[0] = opts->set_prio[0];
4635 r->set_prio[1] = opts->set_prio[1];
4636 r->scrub_flags |= PFSTATE_SETPRIO0x0200;
4637 }
4638
4639 r->flags = opts->flags.b1;
4640 r->flagset = opts->flags.b2;
4641 if ((opts->flags.b1 & opts->flags.b2) != opts->flags.b1) {
4642 yyerror("flags always false");
4643 return (1);
4644 }
4645
4646 if (opts->queues.qname != NULL((void *)0)) {
4647 if (strlcpy(r->qname, opts->queues.qname,
4648 sizeof(r->qname)) >= sizeof(r->qname)) {
4649 yyerror("rule qname too long (max "
4650 "%zu chars)", sizeof(r->qname)-1);
4651 return (1);
4652 }
4653 free(opts->queues.qname);
4654 }
4655 if (opts->queues.pqname != NULL((void *)0)) {
4656 if (strlcpy(r->pqname, opts->queues.pqname,
4657 sizeof(r->pqname)) >= sizeof(r->pqname)) {
4658 yyerror("rule pqname too long (max "
4659 "%zu chars)", sizeof(r->pqname)-1);
4660 return (1);
4661 }
4662 free(opts->queues.pqname);
4663 }
4664
4665 if (opts->fragment)
4666 r->rule_flag |= PFRULE_FRAGMENT0x0002;
4667 r->allow_opts = opts->allowopts;
4668
4669 return (0);
4670}
4671#line 4664 "parse.c"
4672/* allocate initial stack or double stack size, up to YYMAXDEPTH */
4673static int yygrowstack(void)
4674{
4675 unsigned int newsize;
4676 long sslen;
4677 short *newss;
4678 YYSTYPE *newvs;
4679
4680 if ((newsize = yystacksize) == 0)
4681 newsize = YYINITSTACKSIZE200;
4682 else if (newsize >= YYMAXDEPTH10000)
4683 return -1;
4684 else if ((newsize *= 2) > YYMAXDEPTH10000)
4685 newsize = YYMAXDEPTH10000;
4686 sslen = yyssp - yyss;
4687#ifdef SIZE_MAX
4688#define YY_SIZE_MAX0xffffffffU SIZE_MAX
4689#else
4690#define YY_SIZE_MAX0xffffffffU 0xffffffffU
4691#endif
4692 if (newsize && YY_SIZE_MAX0xffffffffU / newsize < sizeof *newss)
4693 goto bail;
4694 newss = (short *)realloc(yyss, newsize * sizeof *newss);
4695 if (newss == NULL((void *)0))
4696 goto bail;
4697 yyss = newss;
4698 yyssp = newss + sslen;
4699 if (newsize && YY_SIZE_MAX0xffffffffU / newsize < sizeof *newvs)
4700 goto bail;
4701 newvs = (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs);
4702 if (newvs == NULL((void *)0))
4703 goto bail;
4704 yyvs = newvs;
4705 yyvsp = newvs + sslen;
4706 yystacksize = newsize;
4707 yysslim = yyss + newsize - 1;
4708 return 0;
4709bail:
4710 if (yyss)
4711 free(yyss);
4712 if (yyvs)
4713 free(yyvs);
4714 yyss = yyssp = NULL((void *)0);
4715 yyvs = yyvsp = NULL((void *)0);
4716 yystacksize = 0;
4717 return -1;
4718}
4719
4720#define YYABORTgoto yyabort goto yyabort
4721#define YYREJECTgoto yyabort goto yyabort
4722#define YYACCEPTgoto yyaccept goto yyaccept
4723#define YYERRORgoto yyerrlab goto yyerrlab
4724int
4725yyparse(void)
4726{
4727 int yym, yyn, yystate;
4728#if YYDEBUG0
4729 const char *yys;
4730
4731 if ((yys = getenv("YYDEBUG")))
4732 {
4733 yyn = *yys;
4734 if (yyn >= '0' && yyn <= '9')
4735 yydebug = yyn - '0';
4736 }
4737#endif /* YYDEBUG */
4738
4739 yynerrs = 0;
4740 yyerrflag = 0;
4741 yychar = (-1);
4742
4743 if (yyss == NULL((void *)0) && yygrowstack()) goto yyoverflow;
1
Assuming 'yyss' is not equal to NULL
4744 yyssp = yyss;
4745 yyvsp = yyvs;
4746 *yyssp = yystate = 0;
4747
4748yyloop:
4749 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
2
Taking false branch
20
Assuming the condition is true
21
Taking true branch
22
Control jumps to line 4856
4750 if (yychar
2.1
'yychar' is < 0
 < 0)
3
Taking true branch
4751 {
4752 if ((yychar = yylex()) < 0) yychar = 0;
4
Assuming the condition is false
5
Taking false branch
4753#if YYDEBUG0
4754 if (yydebug)
4755 {
4756 yys = 0;
4757 if (yychar <= YYMAXTOKEN385) yys = yyname[yychar];
4758 if (!yys) yys = "illegal-symbol";
4759 printf("%sdebug: state %d, reading %d (%s)\n",
4760 YYPREFIX"yy", yystate, yychar, yys);
4761 }
4762#endif
4763 }
4764 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
6
Assuming 'yyn' is not equal to 0
7
Assuming the condition is false
4765 yyn <= YYTABLESIZE5732 && yycheck[yyn] == yychar)
4766 {
4767#if YYDEBUG0
4768 if (yydebug)
4769 printf("%sdebug: state %d, shifting to state %d\n",
4770 YYPREFIX"yy", yystate, yytable[yyn]);
4771#endif
4772 if (yyssp >= yysslim && yygrowstack())
4773 {
4774 goto yyoverflow;
4775 }
4776 *++yyssp = yystate = yytable[yyn];
4777 *++yyvsp = yylval;
4778 yychar = (-1);
4779 if (yyerrflag > 0) --yyerrflag;
4780 goto yyloop;
4781 }
4782 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
8
Assuming 'yyn' is not equal to 0
10
Taking true branch
4783 yyn
8.1
'yyn' is <= YYTABLESIZE
 <= YYTABLESIZE5732 && yycheck[yyn] == yychar)
9
Assuming the condition is true
4784 {
4785 yyn = yytable[yyn];
4786 goto yyreduce;
11
Control jumps to line 4856
4787 }
4788 if (yyerrflag) goto yyinrecovery;
4789#if defined(__GNUC__4)
4790 goto yynewerror;
4791#endif
4792yynewerror:
4793 yyerror("syntax error");
4794#if defined(__GNUC__4)
4795 goto yyerrlab;
4796#endif
4797yyerrlab:
4798 ++yynerrs;
4799yyinrecovery:
4800 if (yyerrflag < 3)
4801 {
4802 yyerrflag = 3;
4803 for (;;)
4804 {
4805 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE256) >= 0 &&
4806 yyn <= YYTABLESIZE5732 && yycheck[yyn] == YYERRCODE256)
4807 {
4808#if YYDEBUG0
4809 if (yydebug)
4810 printf("%sdebug: state %d, error recovery shifting\
4811 to state %d\n", YYPREFIX"yy", *yyssp, yytable[yyn]);
4812#endif
4813 if (yyssp >= yysslim && yygrowstack())
4814 {
4815 goto yyoverflow;
4816 }
4817 *++yyssp = yystate = yytable[yyn];
4818 *++yyvsp = yylval;
4819 goto yyloop;
4820 }
4821 else
4822 {
4823#if YYDEBUG0
4824 if (yydebug)
4825 printf("%sdebug: error recovery discarding state %d\n",
4826 YYPREFIX"yy", *yyssp);
4827#endif
4828 if (yyssp <= yyss) goto yyabort;
4829 --yyssp;
4830 --yyvsp;
4831 }
4832 }
4833 }
4834 else
4835 {
4836 if (yychar == 0) goto yyabort;
4837#if YYDEBUG0
4838 if (yydebug)
4839 {
4840 yys = 0;
4841 if (yychar <= YYMAXTOKEN385) yys = yyname[yychar];
4842 if (!yys) yys = "illegal-symbol";
4843 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
4844 YYPREFIX"yy", yystate, yychar, yys);
4845 }
4846#endif
4847 yychar = (-1);
4848 goto yyloop;
4849 }
4850yyreduce:
4851#if YYDEBUG0
4852 if (yydebug)
4853 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
4854 YYPREFIX"yy", yystate, yyn, yyrule[yyn]);
4855#endif
4856 yym = yylen[yyn];
4857 if (yym)
12
Assuming 'yym' is 0
13
Taking false branch
23
Assuming 'yym' is not equal to 0
24
Taking true branch
4858 yyval = yyvsp[1-yym];
4859 else
4860 memset(&yyval, 0, sizeof yyval);
4861 switch (yyn)
14
'Default' branch taken. Execution continues on line 8759
25
Control jumps to 'case 285:' at line 7748
4862 {
4863case 13:
4864#line 548 "/usr/src/sbin/pfctl/parse.y"
4865{ file->errors++; }
4866break;
4867case 14:
4868#line 551 "/usr/src/sbin/pfctl/parse.y"
4869{
4870 struct file *nfile;
4871
4872 if ((nfile = pushfile(yyvsp[0].v.string, 0)) == NULL((void *)0)) {
4873 yyerror("failed to include file %s", yyvsp[0].v.string);
4874 free(yyvsp[0].v.string);
4875 YYERRORgoto yyerrlab;
4876 }
4877 free(yyvsp[0].v.string);
4878
4879 file = nfile;
4880 lungetc('\n');
4881 }
4882break;
4883case 19:
4884#line 576 "/usr/src/sbin/pfctl/parse.y"
4885{
4886 if (!strcmp(yyvsp[0].v.string, "none"))
4887 yyval.v.i = 0;
4888 else if (!strcmp(yyvsp[0].v.string, "basic"))
4889 yyval.v.i = PF_OPTIMIZE_BASIC0x0001;
4890 else if (!strcmp(yyvsp[0].v.string, "profile"))
4891 yyval.v.i = PF_OPTIMIZE_BASIC0x0001 | PF_OPTIMIZE_PROFILE0x0002;
4892 else {
4893 yyerror("unknown ruleset-optimization %s", yyvsp[0].v.string);
4894 YYERRORgoto yyerrlab;
4895 }
4896 }
4897break;
4898case 20:
4899#line 590 "/usr/src/sbin/pfctl/parse.y"
4900{ yyval.v.number = 0; }
4901break;
4902case 21:
4903#line 591 "/usr/src/sbin/pfctl/parse.y"
4904{ yyval.v.number = 1; }
4905break;
4906case 22:
4907#line 594 "/usr/src/sbin/pfctl/parse.y"
4908{
4909 pfctl_set_reassembly(pf, yyvsp[-1].v.number, yyvsp[0].v.number);
4910 }
4911break;
4912case 23:
4913#line 597 "/usr/src/sbin/pfctl/parse.y"
4914{
4915 if (pfctl_set_optimization(pf, yyvsp[0].v.string) != 0) {
4916 yyerror("unknown optimization %s", yyvsp[0].v.string);
4917 free(yyvsp[0].v.string);
4918 YYERRORgoto yyerrlab;
4919 }
4920 free(yyvsp[0].v.string);
4921 }
4922break;
4923case 24:
4924#line 605 "/usr/src/sbin/pfctl/parse.y"
4925{
4926 if (!(pf->opts & PF_OPT_OPTIMIZE0x00800)) {
4927 pf->opts |= PF_OPT_OPTIMIZE0x00800;
4928 pf->optimize = yyvsp[0].v.i;
4929 }
4930 }
4931break;
4932case 29:
4933#line 615 "/usr/src/sbin/pfctl/parse.y"
4934{
4935 if (pfctl_set_logif(pf, yyvsp[0].v.string) != 0) {
4936 yyerror("error setting loginterface %s", yyvsp[0].v.string);
4937 free(yyvsp[0].v.string);
4938 YYERRORgoto yyerrlab;
4939 }
4940 free(yyvsp[0].v.string);
4941 }
4942break;
4943case 30:
4944#line 623 "/usr/src/sbin/pfctl/parse.y"
4945{
4946 if (yyvsp[0].v.number == 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
4947 yyerror("hostid must be non-zero");
4948 YYERRORgoto yyerrlab;
4949 }
4950 pfctl_set_hostid(pf, yyvsp[0].v.number);
4951 }
4952break;
4953case 31:
4954#line 630 "/usr/src/sbin/pfctl/parse.y"
4955{
4956 if (pf->opts & PF_OPT_VERBOSE0x00004)
4957 printf("set block-policy drop\n");
4958 blockpolicy = PFRULE_DROP0x0000;
4959 }
4960break;
4961case 32:
4962#line 635 "/usr/src/sbin/pfctl/parse.y"
4963{
4964 if (pf->opts & PF_OPT_VERBOSE0x00004)
4965 printf("set block-policy return\n");
4966 blockpolicy = PFRULE_RETURN0x0008;
4967 }
4968break;
4969case 33:
4970#line 640 "/usr/src/sbin/pfctl/parse.y"
4971{
4972 if (pf->opts & PF_OPT_VERBOSE0x00004)
4973 printf("set fingerprints \"%s\"\n", yyvsp[0].v.string);
4974 if (!pf->anchor->name[0]) {
4975 if (pfctl_file_fingerprints(pf->dev,
4976 pf->opts, yyvsp[0].v.string)) {
4977 yyerror("error loading "
4978 "fingerprints %s", yyvsp[0].v.string);
4979 free(yyvsp[0].v.string);
4980 YYERRORgoto yyerrlab;
4981 }
4982 }
4983 free(yyvsp[0].v.string);
4984 }
4985break;
4986case 34:
4987#line 654 "/usr/src/sbin/pfctl/parse.y"
4988{
4989 if (pf->opts & PF_OPT_VERBOSE0x00004)
4990 switch (yyvsp[0].v.i) {
4991 case 0:
4992 printf("set state-policy floating\n");
4993 break;
4994 case PFRULE_IFBOUND0x00010000:
4995 printf("set state-policy if-bound\n");
4996 break;
4997 }
4998 default_statelock = yyvsp[0].v.i;
4999 }
5000break;
5001case 35:
5002#line 666 "/usr/src/sbin/pfctl/parse.y"
5003{
5004 if (pfctl_set_debug(pf, yyvsp[0].v.string) != 0) {
5005 yyerror("error setting debuglevel %s", yyvsp[0].v.string);
5006 free(yyvsp[0].v.string);
5007 YYERRORgoto yyerrlab;
5008 }
5009 free(yyvsp[0].v.string);
5010 }
5011break;
5012case 36:
5013#line 674 "/usr/src/sbin/pfctl/parse.y"
5014{
5015 if (pfctl_set_debug(pf, "debug") != 0) {
5016 yyerror("error setting debuglevel %s", "debug");
5017 YYERRORgoto yyerrlab;
5018 }
5019 }
5020break;
5021case 37:
5022#line 680 "/usr/src/sbin/pfctl/parse.y"
5023{
5024 if (expand_skip_interface(yyvsp[0].v.interface) != 0) {
5025 yyerror("error setting skip interface(s)");
5026 YYERRORgoto yyerrlab;
5027 }
5028 }
5029break;
5030case 38:
5031#line 686 "/usr/src/sbin/pfctl/parse.y"
5032{
5033 if (keep_state_defaults != NULL((void *)0)) {
5034 yyerror("cannot redefine state-defaults");
5035 YYERRORgoto yyerrlab;
5036 }
5037 keep_state_defaults = yyvsp[0].v.state_opt;
5038 }
5039break;
5040case 39:
5041#line 693 "/usr/src/sbin/pfctl/parse.y"
5042{
5043 if (pfctl_set_syncookies(pf, yyvsp[-1].v.i, yyvsp[0].v.watermarks)) {
5044 yyerror("error setting syncookies");
5045 YYERRORgoto yyerrlab;
5046 }
5047 }
5048break;
5049case 40:
5050#line 701 "/usr/src/sbin/pfctl/parse.y"
5051{
5052 if (!strcmp(yyvsp[0].v.string, "never"))
5053 yyval.v.i = PF_SYNCOOKIES_NEVER0;
5054 else if (!strcmp(yyvsp[0].v.string, "adaptive"))
5055 yyval.v.i = PF_SYNCOOKIES_ADAPTIVE2;
5056 else if (!strcmp(yyvsp[0].v.string, "always"))
5057 yyval.v.i = PF_SYNCOOKIES_ALWAYS1;
5058 else {
5059 yyerror("illegal value for syncookies");
5060 YYERRORgoto yyerrlab;
5061 }
5062 }
5063break;
5064case 41:
5065#line 715 "/usr/src/sbin/pfctl/parse.y"
5066{ yyval.v.watermarks = NULL((void *)0); }
5067break;
5068case 42:
5069#line 716 "/usr/src/sbin/pfctl/parse.y"
5070{
5071 memset(&syncookie_opts, 0, sizeof(syncookie_opts));
5072 }
5073break;
5074case 43:
5075#line 718 "/usr/src/sbin/pfctl/parse.y"
5076{ yyval.v.watermarks = &syncookie_opts; }
5077break;
5078case 46:
5079#line 725 "/usr/src/sbin/pfctl/parse.y"
5080{
5081 double val;
5082 char *cp;
5083
5084 val = strtod(yyvsp[0].v.string, &cp);
5085 if (cp == NULL((void *)0) || strcmp(cp, "%"))
5086 YYERRORgoto yyerrlab;
5087 if (val <= 0 || val > 100) {
5088 yyerror("illegal percentage value");
5089 YYERRORgoto yyerrlab;
5090 }
5091 if (!strcmp(yyvsp[-1].v.string, "start")) {
5092 syncookie_opts.hi = val;
5093 } else if (!strcmp(yyvsp[-1].v.string, "end")) {
5094 syncookie_opts.lo = val;
5095 } else {
5096 yyerror("illegal syncookie option");
5097 YYERRORgoto yyerrlab;
5098 }
5099 }
5100break;
5101case 47:
5102#line 747 "/usr/src/sbin/pfctl/parse.y"
5103{ yyval.v.string = yyvsp[0].v.string; }
5104break;
5105case 48:
5106#line 748 "/usr/src/sbin/pfctl/parse.y"
5107{
5108 if ((yyval.v.string = strdup("all")) == NULL((void *)0)) {
5109 err(1, "stringall: strdup");
5110 }
5111 }
5112break;
5113case 49:
5114#line 755 "/usr/src/sbin/pfctl/parse.y"
5115{
5116 if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1)
5117 err(1, "string: asprintf");
5118 free(yyvsp[-1].v.string);
5119 free(yyvsp[0].v.string);
5120 }
5121break;
5122case 51:
5123#line 764 "/usr/src/sbin/pfctl/parse.y"
5124{
5125 if (asprintf(&yyval.v.string, "%s %s", yyvsp[-1].v.string, yyvsp[0].v.string) == -1)
5126 err(1, "string: asprintf");
5127 free(yyvsp[-1].v.string);
5128 free(yyvsp[0].v.string);
5129 }
5130break;
5131case 53:
5132#line 773 "/usr/src/sbin/pfctl/parse.y"
5133{
5134 char *s;
5135 if (asprintf(&s, "%lld", yyvsp[0].v.number) == -1) {
5136 yyerror("string: asprintf");
5137 YYERRORgoto yyerrlab;
5138 }
5139 yyval.v.string = s;
5140 }
5141break;
5142case 55:
5143#line 784 "/usr/src/sbin/pfctl/parse.y"
5144{
5145 char *s = yyvsp[-2].v.string;
5146 if (pf->opts & PF_OPT_VERBOSE0x00004)
5147 printf("%s = \"%s\"\n", yyvsp[-2].v.string, yyvsp[0].v.string);
5148 while (*s++) {
5149 if (isspace((unsigned char)*s)) {
5150 yyerror("macro name cannot contain "
5151 "whitespace");
5152 free(yyvsp[-2].v.string);
5153 free(yyvsp[0].v.string);
5154 YYERRORgoto yyerrlab;
5155 }
5156 }
5157 if (symset(yyvsp[-2].v.string, yyvsp[0].v.string, 0) == -1)
5158 err(1, "cannot store variable %s", yyvsp[-2].v.string);
5159 free(yyvsp[-2].v.string);
5160 free(yyvsp[0].v.string);
5161 }
5162break;
5163case 56:
5164#line 804 "/usr/src/sbin/pfctl/parse.y"
5165{
5166 if (yyvsp[0].v.string[0] == '\0') {
5167 free(yyvsp[0].v.string);
5168 yyerror("anchor name must not be empty");
5169 YYERRORgoto yyerrlab;
5170 }
5171 if (strlen(pf->anchor->path) + 1 +
5172 strlen(yyvsp[0].v.string) >= PATH_MAX1024) {
5173 free(yyvsp[0].v.string);
5174 yyerror("anchor name is longer than %u",
5175 PATH_MAX1024 - 1);
5176 YYERRORgoto yyerrlab;
5177 }
5178 if (yyvsp[0].v.string[0] == '_' || strstr(yyvsp[0].v.string, "/_") != NULL((void *)0)) {
5179 free(yyvsp[0].v.string);
5180 yyerror("anchor names beginning with '_' "
5181 "are reserved for internal use");
5182 YYERRORgoto yyerrlab;
5183 }
5184 yyval.v.string = yyvsp[0].v.string;
5185 }
5186break;
5187case 57:
5188#line 825 "/usr/src/sbin/pfctl/parse.y"
5189{ yyval.v.string = NULL((void *)0); }
5190break;
5191case 63:
5192#line 836 "/usr/src/sbin/pfctl/parse.y"
5193{
5194 char ta[PF_ANCHOR_NAME_SIZE64];
5195 struct pf_ruleset *rs;
5196
5197 /* steping into a brace anchor */
5198 pf->asd++;
5199 if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH64)
5200 errx(1, "pfa_anchor: anchors too deep");
5201 pf->bn++;
5202 pf->brace = 1;
5203
5204 /*
5205 * Anchor contents are parsed before the anchor rule
5206 * production completes, so we don't know the real
5207 * location yet. Create a holding ruleset in the root;
5208 * contents will be moved afterwards.
5209 */
5210 snprintf(ta, PF_ANCHOR_NAME_SIZE64, "_%d", pf->bn);
5211 rs = pf_find_or_create_ruleset(ta);
5212 if (rs == NULL((void *)0))
5213 err(1, "pfa_anchor: pf_find_or_create_ruleset");
5214 pf->astack[pf->asd] = rs->anchor;
5215 pf->anchor = rs->anchor;
5216 }
5217break;
5218case 64:
5219#line 860 "/usr/src/sbin/pfctl/parse.y"
5220{
5221 pf->alast = pf->anchor;
5222 pf->asd--;
5223 pf->anchor = pf->astack[pf->asd];
5224 }
5225break;
5226case 66:
5227#line 870 "/usr/src/sbin/pfctl/parse.y"
5228{
5229 struct pf_rule r;
5230 struct node_proto *proto;
5231 char *p;
5232
5233 memset(&r, 0, sizeof(r));
5234 if (pf->astack[pf->asd + 1]) {
5235 if (yyvsp[-8].v.string && strchr(yyvsp[-8].v.string, '/') != NULL((void *)0)) {
5236 free(yyvsp[-8].v.string);
5237 yyerror("anchor paths containing '/' "
5238 "cannot be used for inline anchors.");
5239 YYERRORgoto yyerrlab;
5240 }
5241
5242 /* Move inline rules into relative location. */
5243 pf_anchor_setup(&r,
5244 &pf->astack[pf->asd]->ruleset,
5245 yyvsp[-8].v.string ? yyvsp[-8].v.string : pf->alast->name);
5246
5247 if (r.anchor == NULL((void *)0))
5248 err(1, "anchorrule: unable to "
5249 "create ruleset");
5250
5251 if (pf->alast != r.anchor) {
5252 if (r.anchor->match) {
5253 yyerror("inline anchor '%s' "
5254 "already exists",
5255 r.anchor->name);
5256 YYERRORgoto yyerrlab;
5257 }
5258 mv_rules(&pf->alast->ruleset,
5259 &r.anchor->ruleset);
5260 }
5261 pf_remove_if_empty_ruleset(&pf->alast->ruleset);
5262 pf->alast = r.anchor;
5263 } else {
5264 if (!yyvsp[-8].v.string) {
5265 yyerror("anchors without explicit "
5266 "rules must specify a name");
5267 YYERRORgoto yyerrlab;
5268 }
5269
5270 /*
5271 * Don't make non-brace anchors part of the main anchor pool.
5272 */
5273 if ((r.anchor = calloc(1, sizeof(*r.anchor))) == NULL((void *)0)) {
5274 err(1, "anchorrule: calloc");
5275 }
5276 pf_init_ruleset(&r.anchor->ruleset);
5277 r.anchor->ruleset.anchor = r.anchor;
5278 if (strlcpy(r.anchor->path, yyvsp[-8].v.string,
5279 sizeof(r.anchor->path)) >= sizeof(r.anchor->path)) {
5280 errx(1, "anchorrule: strlcpy");
5281 }
5282 if ((p = strrchr(yyvsp[-8].v.string, '/')) != NULL((void *)0)) {
5283 if (strlen(p) == 1) {
5284 yyerror("anchorrule: bad anchor name %s",
5285 yyvsp[-8].v.string);
5286 YYERRORgoto yyerrlab;
5287 }
5288 } else
5289 p = yyvsp[-8].v.string;
5290 if (strlcpy(r.anchor->name, p,
5291 sizeof(r.anchor->name)) >= sizeof(r.anchor->name)) {
5292 errx(1, "anchorrule: strlcpy");
5293 }
5294 }
5295
5296 r.direction = yyvsp[-7].v.i;
5297 r.quick = yyvsp[-6].v.logquick.quick;
5298 r.af = yyvsp[-4].v.i;
5299
5300 if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2 || yyvsp[-2].v.fromto.src_os) {
5301 for (proto = yyvsp[-3].v.proto; proto != NULL((void *)0) &&
5302 proto->proto != IPPROTO_TCP6;
5303 proto = proto->next)
5304 ; /* nothing */
5305 if (proto == NULL((void *)0) && yyvsp[-3].v.proto != NULL((void *)0)) {
5306 if (yyvsp[-1].v.filter_opts.flags.b1 || yyvsp[-1].v.filter_opts.flags.b2)
5307 yyerror(
5308 "flags only apply to tcp");
5309 if (yyvsp[-2].v.fromto.src_os)
5310 yyerror(
5311 "OS fingerprinting only "
5312 "applies to tcp");
5313 YYERRORgoto yyerrlab;
5314 }
5315 }
5316
5317 if (filteropts_to_rule(&r, &yyvsp[-1].v.filter_opts))
5318 YYERRORgoto yyerrlab;
5319
5320 if (yyvsp[-1].v.filter_opts.keep.action) {
5321 yyerror("cannot specify state handling "
5322 "on anchors");
5323 YYERRORgoto yyerrlab;
5324 }
5325
5326 if (yyvsp[-1].v.filter_opts.rt) {
5327 yyerror("cannot specify route handling "
5328 "on anchors");
5329 YYERRORgoto yyerrlab;
5330 }
5331
5332 decide_address_family(yyvsp[-2].v.fromto.src.host, &r.af);
5333 decide_address_family(yyvsp[-2].v.fromto.dst.host, &r.af);
5334
5335 expand_rule(&r, 0, yyvsp[-5].v.interface, NULL((void *)0), NULL((void *)0), NULL((void *)0), yyvsp[-3].v.proto, yyvsp[-2].v.fromto.src_os,
5336 yyvsp[-2].v.fromto.src.host, yyvsp[-2].v.fromto.src.port, yyvsp[-2].v.fromto.dst.host, yyvsp[-2].v.fromto.dst.port,
5337 yyvsp[-1].v.filter_opts.uid, yyvsp[-1].v.filter_opts.gid, yyvsp[-1].v.filter_opts.rcv, yyvsp[-1].v.filter_opts.icmpspec);
5338 free(yyvsp[-8].v.string);
5339 pf->astack[pf->asd + 1] = NULL((void *)0);
5340 }
5341break;
5342case 67:
5343#line 985 "/usr/src/sbin/pfctl/parse.y"
5344{
5345 struct loadanchors *loadanchor;
5346
5347 if (yyvsp[-2].v.string == NULL((void *)0)) {
5348 yyerror("anchor name is missing");
5349 YYERRORgoto yyerrlab;
5350 }
5351 loadanchor = calloc(1, sizeof(struct loadanchors));
5352 if (loadanchor == NULL((void *)0))
5353 err(1, "loadrule: calloc");
5354 if ((loadanchor->anchorname = malloc(PATH_MAX1024)) ==
5355 NULL((void *)0))
5356 err(1, "loadrule: malloc");
5357 if (pf->anchor->name[0])
5358 snprintf(loadanchor->anchorname, PATH_MAX1024,
5359 "%s/%s", pf->anchor->path, yyvsp[-2].v.string);
5360 else
5361 strlcpy(loadanchor->anchorname, yyvsp[-2].v.string, PATH_MAX1024);
5362 if ((loadanchor->filename = strdup(yyvsp[0].v.string)) == NULL((void *)0))
5363 err(1, "loadrule: strdup");
5364
5365 TAILQ_INSERT_TAIL(&loadanchorshead, loadanchor,do { (loadanchor)->entries.tqe_next = ((void *)0); (loadanchor
)->entries.tqe_prev = (&loadanchorshead)->tqh_last;
*(&loadanchorshead)->tqh_last = (loadanchor); (&loadanchorshead
)->tqh_last = &(loadanchor)->entries.tqe_next; } while
(0)
5366 entries)do { (loadanchor)->entries.tqe_next = ((void *)0); (loadanchor
)->entries.tqe_prev = (&loadanchorshead)->tqh_last;
*(&loadanchorshead)->tqh_last = (loadanchor); (&loadanchorshead
)->tqh_last = &(loadanchor)->entries.tqe_next; } while
(0);
5367
5368 free(yyvsp[-2].v.string);
5369 free(yyvsp[0].v.string);
5370 }
5371break;
5372case 68:
5373#line 1013 "/usr/src/sbin/pfctl/parse.y"
5374{
5375 bzero(&scrub_opts, sizeof scrub_opts);
5376 }
5377break;
5378case 69:
5379#line 1017 "/usr/src/sbin/pfctl/parse.y"
5380{ yyval.v.scrub_opts = scrub_opts; }
5381break;
5382case 72:
5383#line 1024 "/usr/src/sbin/pfctl/parse.y"
5384{
5385 if (scrub_opts.nodf) {
5386 yyerror("no-df cannot be respecified");
5387 YYERRORgoto yyerrlab;
5388 }
5389 scrub_opts.nodf = 1;
5390 }
5391break;
5392case 73:
5393#line 1031 "/usr/src/sbin/pfctl/parse.y"
5394{
5395 if (scrub_opts.marker & FOM_MINTTL0x0020) {
5396 yyerror("min-ttl cannot be respecified");
5397 YYERRORgoto yyerrlab;
5398 }
5399 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
5400 yyerror("illegal min-ttl value %lld", yyvsp[0].v.number);
5401 YYERRORgoto yyerrlab;
5402 }
5403 scrub_opts.marker |= FOM_MINTTL0x0020;
5404 scrub_opts.minttl = yyvsp[0].v.number;
5405 }
5406break;
5407case 74:
5408#line 1043 "/usr/src/sbin/pfctl/parse.y"
5409{
5410 if (scrub_opts.marker & FOM_MAXMSS0x0040) {
5411 yyerror("max-mss cannot be respecified");
5412 YYERRORgoto yyerrlab;
5413 }
5414 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) {
5415 yyerror("illegal max-mss value %lld", yyvsp[0].v.number);
5416 YYERRORgoto yyerrlab;
5417 }
5418 scrub_opts.marker |= FOM_MAXMSS0x0040;
5419 scrub_opts.maxmss = yyvsp[0].v.number;
5420 }
5421break;
5422case 75:
5423#line 1055 "/usr/src/sbin/pfctl/parse.y"
5424{
5425 if (strcasecmp(yyvsp[0].v.string, "tcp") != 0) {
5426 yyerror("scrub reassemble supports only tcp, "
5427 "not '%s'", yyvsp[0].v.string);
5428 free(yyvsp[0].v.string);
5429 YYERRORgoto yyerrlab;
5430 }
5431 free(yyvsp[0].v.string);
5432 if (scrub_opts.reassemble_tcp) {
5433 yyerror("reassemble tcp cannot be respecified");
5434 YYERRORgoto yyerrlab;
5435 }
5436 scrub_opts.reassemble_tcp = 1;
5437 }
5438break;
5439case 76:
5440#line 1069 "/usr/src/sbin/pfctl/parse.y"
5441{
5442 if (scrub_opts.randomid) {
5443 yyerror("random-id cannot be respecified");
5444 YYERRORgoto yyerrlab;
5445 }
5446 scrub_opts.randomid = 1;
5447 }
5448break;
5449case 77:
5450#line 1078 "/usr/src/sbin/pfctl/parse.y"
5451{
5452 struct pf_rule r;
5453 struct node_host *h = NULL((void *)0), *hh;
5454 struct node_if *i, *j;
5455
5456 for (i = yyvsp[-2].v.interface; i; i = i->next) {
5457 bzero(&r, sizeof(r));
5458
5459 r.action = PF_DROP;
5460 r.direction = PF_IN;
5461 r.log = yyvsp[-3].v.logquick.log;
5462 r.logif = yyvsp[-3].v.logquick.logif;
5463 r.quick = yyvsp[-3].v.logquick.quick;
5464 r.af = yyvsp[-1].v.i;
5465 if (rule_label(&r, yyvsp[0].v.antispoof_opts.label))
5466 YYERRORgoto yyerrlab;
5467 r.rtableid = yyvsp[0].v.antispoof_opts.rtableid;
5468 j = calloc(1, sizeof(struct node_if));
5469 if (j == NULL((void *)0))
5470 err(1, "antispoof: calloc");
5471 if (strlcpy(j->ifname, i->ifname,
5472 sizeof(j->ifname)) >= sizeof(j->ifname)) {
5473 free(j);
5474 yyerror("interface name too long");
5475 YYERRORgoto yyerrlab;
5476 }
5477 j->not = 1;
5478 if (i->dynamic) {
5479 h = calloc(1, sizeof(*h));
5480 if (h == NULL((void *)0))
5481 err(1, "address: calloc");
5482 h->addr.type = PF_ADDR_DYNIFTL;
5483 set_ipmask(h, 128);
5484 if (strlcpy(h->addr.v.ifname, i->ifname,
5485 sizeof(h->addr.v.ifname)) >=
5486 sizeof(h->addr.v.ifname)) {
5487 free(h);
5488 yyerror(
5489 "interface name too long");
5490 YYERRORgoto yyerrlab;
5491 }
5492 hh = malloc(sizeof(*hh));
5493 if (hh == NULL((void *)0))
5494 err(1, "address: malloc");
5495 bcopy(h, hh, sizeof(*hh));
5496 h->addr.iflags = PFI_AFLAG_NETWORK0x01;
5497 } else {
5498 h = ifa_lookup(j->ifname,
5499 PFI_AFLAG_NETWORK0x01);
5500 hh = NULL((void *)0);
5501 }
5502
5503 if (h != NULL((void *)0))
5504 expand_rule(&r, 0, j, NULL((void *)0), NULL((void *)0), NULL((void *)0),
5505 NULL((void *)0), NULL((void *)0), h, NULL((void *)0), NULL((void *)0), NULL((void *)0),
5506 NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0));
5507
5508 if ((i->ifa_flags & IFF_LOOPBACK0x8) == 0) {
5509 bzero(&r, sizeof(r));
5510
5511 r.action = PF_DROP;
5512 r.direction = PF_IN;
5513 r.log = yyvsp[-3].v.logquick.log;
5514 r.logif = yyvsp[-3].v.logquick.logif;
5515 r.quick = yyvsp[-3].v.logquick.quick;
5516 r.af = yyvsp[-1].v.i;
5517 if (rule_label(&r, yyvsp[0].v.antispoof_opts.label))
5518 YYERRORgoto yyerrlab;
5519 r.rtableid = yyvsp[0].v.antispoof_opts.rtableid;
5520 if (hh != NULL((void *)0))
5521 h = hh;
5522 else
5523 h = ifa_lookup(i->ifname, 0);
5524 if (h != NULL((void *)0))
5525 expand_rule(&r, 0, NULL((void *)0), NULL((void *)0),
5526 NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), h,
5527 NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0),
5528 NULL((void *)0), NULL((void *)0), NULL((void *)0));
5529 } else
5530 free(hh);
5531 }
5532 free(yyvsp[0].v.antispoof_opts.label);
5533 }
5534break;
5535case 78:
5536#line 1163 "/usr/src/sbin/pfctl/parse.y"
5537{ yyval.v.interface = yyvsp[0].v.interface; }
5538break;
5539case 79:
5540#line 1164 "/usr/src/sbin/pfctl/parse.y"
5541{ yyval.v.interface = yyvsp[-1].v.interface; }
5542break;
5543case 80:
5544#line 1167 "/usr/src/sbin/pfctl/parse.y"
5545{ yyval.v.interface = yyvsp[-1].v.interface; }
5546break;
5547case 81:
5548#line 1168 "/usr/src/sbin/pfctl/parse.y"
5549{
5550 yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface;
5551 yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface;
5552 yyval.v.interface = yyvsp[-3].v.interface;
5553 }
5554break;
5555case 82:
5556#line 1175 "/usr/src/sbin/pfctl/parse.y"
5557{ yyval.v.interface = yyvsp[0].v.interface; }
5558break;
5559case 83:
5560#line 1176 "/usr/src/sbin/pfctl/parse.y"
5561{
5562 yyvsp[-1].v.interface->dynamic = 1;
5563 yyval.v.interface = yyvsp[-1].v.interface;
5564 }
5565break;
5566case 84:
5567#line 1182 "/usr/src/sbin/pfctl/parse.y"
5568{
5569 bzero(&antispoof_opts, sizeof antispoof_opts);
5570 antispoof_opts.rtableid = -1;
5571 }
5572break;
5573case 85:
5574#line 1187 "/usr/src/sbin/pfctl/parse.y"
5575{ yyval.v.antispoof_opts = antispoof_opts; }
5576break;
5577case 86:
5578#line 1188 "/usr/src/sbin/pfctl/parse.y"
5579{
5580 bzero(&antispoof_opts, sizeof antispoof_opts);
5581 antispoof_opts.rtableid = -1;
5582 yyval.v.antispoof_opts = antispoof_opts;
5583 }
5584break;
5585case 89:
5586#line 1199 "/usr/src/sbin/pfctl/parse.y"
5587{
5588 if (antispoof_opts.label) {
5589 yyerror("label cannot be redefined");
5590 YYERRORgoto yyerrlab;
5591 }
5592 antispoof_opts.label = yyvsp[0].v.string;
5593 }
5594break;
5595case 90:
5596#line 1206 "/usr/src/sbin/pfctl/parse.y"
5597{
5598 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX255) {
5599 yyerror("invalid rtable id");
5600 YYERRORgoto yyerrlab;
5601 } else if (!lookup_rtable(yyvsp[0].v.number)) {
5602 yyerror("rtable %lld does not exist", yyvsp[0].v.number);
5603 YYERRORgoto yyerrlab;
5604 }
5605 antispoof_opts.rtableid = yyvsp[0].v.number;
5606 }
5607break;
5608case 91:
5609#line 1218 "/usr/src/sbin/pfctl/parse.y"
5610{ yyval.v.number = 1; }
5611break;
5612case 92:
5613#line 1219 "/usr/src/sbin/pfctl/parse.y"
5614{ yyval.v.number = 0; }
5615break;
5616case 93:
5617#line 1222 "/usr/src/sbin/pfctl/parse.y"
5618{
5619 struct node_host *h, *nh;
5620 struct node_tinit *ti, *nti;
5621
5622 if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE32) {
5623 yyerror("table name too long, max %d chars",
5624 PF_TABLE_NAME_SIZE32 - 1);
5625 free(yyvsp[-2].v.string);
5626 YYERRORgoto yyerrlab;
5627 }
5628 if (process_tabledef(yyvsp[-2].v.string, &yyvsp[0].v.table_opts, pf->opts)) {
5629 free(yyvsp[-2].v.string);
5630 YYERRORgoto yyerrlab;
5631 }
5632 free(yyvsp[-2].v.string);
5633 for (ti = SIMPLEQ_FIRST(&yyvsp[0].v.table_opts.init_nodes)((&yyvsp[0].v.table_opts.init_nodes)->sqh_first); ti != NULL((void *)0);
5634 ti = nti) {
5635 if (ti->file)
5636 free(ti->file);
5637 for (h = ti->host; h != NULL((void *)0); h = nh) {
5638 nh = h->next;
5639 free(h);
5640 }
5641 nti = SIMPLEQ_NEXT(ti, entries)((ti)->entries.sqe_next);
5642 free(ti);
5643 }
5644 }
5645break;
5646case 94:
5647#line 1251 "/usr/src/sbin/pfctl/parse.y"
5648{
5649 bzero(&table_opts, sizeof table_opts);
5650 SIMPLEQ_INIT(&table_opts.init_nodes)do { (&table_opts.init_nodes)->sqh_first = ((void *)0)
; (&table_opts.init_nodes)->sqh_last = &(&table_opts
.init_nodes)->sqh_first; } while (0);
5651 }
5652break;
5653case 95:
5654#line 1256 "/usr/src/sbin/pfctl/parse.y"
5655{ yyval.v.table_opts = table_opts; }
5656break;
5657case 96:
5658#line 1258 "/usr/src/sbin/pfctl/parse.y"
5659{
5660 bzero(&table_opts, sizeof table_opts);
5661 SIMPLEQ_INIT(&table_opts.init_nodes)do { (&table_opts.init_nodes)->sqh_first = ((void *)0)
; (&table_opts.init_nodes)->sqh_last = &(&table_opts
.init_nodes)->sqh_first; } while (0);
5662 yyval.v.table_opts = table_opts;
5663 }
5664break;
5665case 99:
5666#line 1269 "/usr/src/sbin/pfctl/parse.y"
5667{
5668 if (!strcmp(yyvsp[0].v.string, "const"))
5669 table_opts.flags |= PFR_TFLAG_CONST0x00000002;
5670 else if (!strcmp(yyvsp[0].v.string, "persist"))
5671 table_opts.flags |= PFR_TFLAG_PERSIST0x00000001;
5672 else if (!strcmp(yyvsp[0].v.string, "counters"))
5673 table_opts.flags |= PFR_TFLAG_COUNTERS0x00000040;
5674 else {
5675 yyerror("invalid table option '%s'", yyvsp[0].v.string);
5676 free(yyvsp[0].v.string);
5677 YYERRORgoto yyerrlab;
5678 }
5679 free(yyvsp[0].v.string);
5680 }
5681break;
5682case 100:
5683#line 1283 "/usr/src/sbin/pfctl/parse.y"
5684{ table_opts.init_addr = 1; }
5685break;
5686case 101:
5687#line 1284 "/usr/src/sbin/pfctl/parse.y"
5688{
5689 struct node_host *n;
5690 struct node_tinit *ti;
5691
5692 for (n = yyvsp[-1].v.host; n != NULL((void *)0); n = n->next) {
5693 switch (n->addr.type) {
5694 case PF_ADDR_ADDRMASK:
5695 continue; /* ok */
5696 case PF_ADDR_RANGE:
5697 yyerror("address ranges are not "
5698 "permitted inside tables");
5699 break;
5700 case PF_ADDR_DYNIFTL:
5701 yyerror("dynamic addresses are not "
5702 "permitted inside tables");
5703 break;
5704 case PF_ADDR_TABLE:
5705 yyerror("tables cannot contain tables");
5706 break;
5707 case PF_ADDR_NOROUTE:
5708 yyerror("\"no-route\" is not permitted "
5709 "inside tables");
5710 break;
5711 case PF_ADDR_URPFFAILED:
5712 yyerror("\"urpf-failed\" is not "
5713 "permitted inside tables");
5714 break;
5715 default:
5716 yyerror("unknown address type %d",
5717 n->addr.type);
5718 }
5719 YYERRORgoto yyerrlab;
5720 }
5721 if (!(ti = calloc(1, sizeof(*ti))))
5722 err(1, "table_opt: calloc");
5723 ti->host = yyvsp[-1].v.host;
5724 SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,do { (ti)->entries.sqe_next = ((void *)0); *(&table_opts
.init_nodes)->sqh_last = (ti); (&table_opts.init_nodes
)->sqh_last = &(ti)->entries.sqe_next; } while (0)
5725 entries)do { (ti)->entries.sqe_next = ((void *)0); *(&table_opts
.init_nodes)->sqh_last = (ti); (&table_opts.init_nodes
)->sqh_last = &(ti)->entries.sqe_next; } while (0);
5726 table_opts.init_addr = 1;
5727 }
5728break;
5729case 102:
5730#line 1324 "/usr/src/sbin/pfctl/parse.y"
5731{
5732 struct node_tinit *ti;
5733
5734 if (!(ti = calloc(1, sizeof(*ti))))
5735 err(1, "table_opt: calloc");
5736 ti->file = yyvsp[0].v.string;
5737 SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,do { (ti)->entries.sqe_next = ((void *)0); *(&table_opts
.init_nodes)->sqh_last = (ti); (&table_opts.init_nodes
)->sqh_last = &(ti)->entries.sqe_next; } while (0)
5738 entries)do { (ti)->entries.sqe_next = ((void *)0); *(&table_opts
.init_nodes)->sqh_last = (ti); (&table_opts.init_nodes
)->sqh_last = &(ti)->entries.sqe_next; } while (0);
5739 table_opts.init_addr = 1;
5740 }
5741break;
5742case 103:
5743#line 1336 "/usr/src/sbin/pfctl/parse.y"
5744{
5745 if (yyvsp[0].v.weight > 0) {
5746 struct node_host *n;
5747 for (n = yyvsp[-1].v.host; n != NULL((void *)0); n = n->next)
5748 n->weight = yyvsp[0].v.weight;
5749 }
5750 yyval.v.host = yyvsp[-1].v.host;
5751 }
5752break;
5753case 104:
5754#line 1344 "/usr/src/sbin/pfctl/parse.y"
5755{ yyval.v.host = yyvsp[-1].v.host; }
5756break;
5757case 105:
5758#line 1347 "/usr/src/sbin/pfctl/parse.y"
5759{ yyval.v.host = yyvsp[-1].v.host; }
5760break;
5761case 106:
5762#line 1348 "/usr/src/sbin/pfctl/parse.y"
5763{
5764 yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host;
5765 yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail;
5766 yyval.v.host = yyvsp[-3].v.host;
5767 }
5768break;
5769case 107:
5770#line 1355 "/usr/src/sbin/pfctl/parse.y"
5771{
5772 struct node_host *n;
5773
5774 if (yyvsp[-1].v.interface == NULL((void *)0) && yyvsp[0].v.queue_opts.parent == NULL((void *)0)) {
5775 yyerror("root queue without interface");
5776 YYERRORgoto yyerrlab;
5777 }
5778 if (yyvsp[-1].v.interface != NULL((void *)0) &&
5779 ((n = ifa_exists(yyvsp[-1].v.interface->ifname)) == NULL((void *)0) ||
5780 n->af != AF_LINK18)) {
5781 yyerror("not an interface");
5782 YYERRORgoto yyerrlab;
5783 }
5784
5785 expand_queue(yyvsp[-2].v.string, yyvsp[-1].v.interface, &yyvsp[0].v.queue_opts);
5786 }
5787break;
5788case 108:
5789#line 1373 "/usr/src/sbin/pfctl/parse.y"
5790{
5791 bzero(&queue_opts, sizeof queue_opts);
5792 }
5793break;
5794case 109:
5795#line 1377 "/usr/src/sbin/pfctl/parse.y"
5796{ yyval.v.queue_opts = queue_opts; }
5797break;
5798case 112:
5799#line 1384 "/usr/src/sbin/pfctl/parse.y"
5800{
5801 if (queue_opts.marker & QOM_BWSPEC0x01) {
5802 yyerror("bandwidth cannot be respecified");
5803 YYERRORgoto yyerrlab;
5804 }
5805 queue_opts.marker |= QOM_BWSPEC0x01;
5806 queue_opts.linkshare = yyvsp[-1].v.sc;
5807 queue_opts.realtime= yyvsp[0].v.queue_opts.realtime;
5808 queue_opts.upperlimit = yyvsp[0].v.queue_opts.upperlimit;
5809 }
5810break;
5811case 113:
5812#line 1394 "/usr/src/sbin/pfctl/parse.y"
5813{
5814 if (queue_opts.marker & QOM_PARENT0x02) {
5815 yyerror("parent cannot be respecified");
5816 YYERRORgoto yyerrlab;
5817 }
5818 queue_opts.marker |= QOM_PARENT0x02;
5819 queue_opts.parent = yyvsp[0].v.string;
5820 }
5821break;
5822case 114:
5823#line 1402 "/usr/src/sbin/pfctl/parse.y"
5824{
5825 if (queue_opts.marker & QOM_DEFAULT0x04) {
5826 yyerror("default cannot be respecified");
5827 YYERRORgoto yyerrlab;
5828 }
5829 queue_opts.marker |= QOM_DEFAULT0x04;
5830 queue_opts.flags |= PFQS_DEFAULT0x1000;
5831 }
5832break;
5833case 115:
5834#line 1410 "/usr/src/sbin/pfctl/parse.y"
5835{
5836 if (queue_opts.marker & QOM_QLIMIT0x08) {
5837 yyerror("qlimit cannot be respecified");
5838 YYERRORgoto yyerrlab;
5839 }
5840 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 65535) {
5841 yyerror("qlimit out of range: max 65535");
5842 YYERRORgoto yyerrlab;
5843 }
5844 queue_opts.marker |= QOM_QLIMIT0x08;
5845 queue_opts.qlimit = yyvsp[0].v.number;
5846 }
5847break;
5848case 116:
5849#line 1422 "/usr/src/sbin/pfctl/parse.y"
5850{
5851 if (queue_opts.marker & QOM_FLOWS0x10) {
5852 yyerror("number of flows cannot be respecified");
5853 YYERRORgoto yyerrlab;
5854 }
5855 if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 32767) {
5856 yyerror("number of flows out of range: "
5857 "max 32767");
5858 YYERRORgoto yyerrlab;
5859 }
5860 queue_opts.marker |= QOM_FLOWS0x10;
5861 queue_opts.flags |= PFQS_FLOWQUEUE0x0001;
5862 queue_opts.flowqueue.flows = yyvsp[0].v.number;
5863 }
5864break;
5865case 117:
5866#line 1436 "/usr/src/sbin/pfctl/parse.y"
5867{
5868 if (queue_opts.marker & QOM_QUANTUM0x20) {
5869 yyerror("quantum cannot be respecified");
5870 YYERRORgoto yyerrlab;
5871 }
5872 if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > 65535) {
5873 yyerror("quantum out of range: max 65535");
5874 YYERRORgoto yyerrlab;
5875 }
5876 queue_opts.marker |= QOM_QUANTUM0x20;
5877 queue_opts.flowqueue.quantum = yyvsp[0].v.number;
5878 }
5879break;
5880case 118:
5881#line 1450 "/usr/src/sbin/pfctl/parse.y"
5882{
5883
5884 }
5885break;
5886case 119:
5887#line 1453 "/usr/src/sbin/pfctl/parse.y"
5888{
5889 yyval.v.queue_opts.realtime = yyvsp[0].v.sc;
5890 }
5891break;
5892case 120:
5893#line 1456 "/usr/src/sbin/pfctl/parse.y"
5894{
5895 yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc;
5896 }
5897break;
5898case 121:
5899#line 1459 "/usr/src/sbin/pfctl/parse.y"
5900{
5901 yyval.v.queue_opts.realtime = yyvsp[-3].v.sc;
5902 yyval.v.queue_opts.upperlimit = yyvsp[0].v.sc;
5903 }
5904break;
5905case 122:
5906#line 1463 "/usr/src/sbin/pfctl/parse.y"
5907{
5908 yyval.v.queue_opts.realtime = yyvsp[0].v.sc;
5909 yyval.v.queue_opts.upperlimit = yyvsp[-3].v.sc;
5910 }
5911break;
5912case 123:
5913#line 1469 "/usr/src/sbin/pfctl/parse.y"
5914{
5915 yyval.v.sc.m2 = yyvsp[0].v.queue_bwspec;
5916 yyval.v.sc.d = 0;
5917 if (yyval.v.sc.m2.bw_percent) {
5918 yyerror("no bandwidth in %% yet");
5919 YYERRORgoto yyerrlab;
5920 }
5921 }
5922break;
5923case 124:
5924#line 1477 "/usr/src/sbin/pfctl/parse.y"
5925{
5926 u_long ul;
5927 char *cp;
5928
5929 ul = strtoul(yyvsp[0].v.string, &cp, 10);
5930 if (cp == NULL((void *)0) || strcmp(cp, "ms")) {
5931 yyerror("time in scspec must be in ms");
5932 YYERRORgoto yyerrlab;
5933 }
5934
5935 yyval.v.sc.m1 = yyvsp[-2].v.queue_bwspec;
5936 yyval.v.sc.d = ul;
5937 yyval.v.sc.m2 = yyvsp[-4].v.queue_bwspec;
5938
5939 if (yyval.v.sc.m1.bw_percent || yyval.v.sc.m2.bw_percent) {
5940 yyerror("no bandwidth in %% yet");
5941 YYERRORgoto yyerrlab;
5942 }
5943 }
5944break;
5945case 125:
5946#line 1498 "/usr/src/sbin/pfctl/parse.y"
5947{
5948 double bps;
5949 char *cp;
5950
5951 yyval.v.queue_bwspec.bw_percent = 0;
5952
5953 bps = strtod(yyvsp[0].v.string, &cp);
5954 if (cp != NULL((void *)0)) {
5955 if (strlen(cp) > 1) {
5956 char *cu = cp + 1;
5957 if (!strcmp(cu, "Bit") ||
5958 !strcmp(cu, "B") ||
5959 !strcmp(cu, "bit") ||
5960 !strcmp(cu, "b")) {
5961 *cu = 0;
5962 }
5963 }
5964 if (!strcmp(cp, "b"))
5965 ; /* nothing */
5966 else if (!strcmp(cp, "K"))
5967 bps *= 1000;
5968 else if (!strcmp(cp, "M"))
5969 bps *= 1000 * 1000;
5970 else if (!strcmp(cp, "G"))
5971 bps *= 1000 * 1000 * 1000;
5972 else if (!strcmp(cp, "%")) {
5973 if (bps < 0 || bps > 100) {
5974 yyerror("bandwidth spec "
5975 "out of range");
5976 free(yyvsp[0].v.string);
5977 YYERRORgoto yyerrlab;
5978 }
5979 yyval.v.queue_bwspec.bw_percent = bps;
5980 bps = 0;
5981 } else {
5982 yyerror("unknown unit \"%s\"", cp);
5983 free(yyvsp[0].v.string);
5984 YYERRORgoto yyerrlab;
5985 }
5986 }
5987 free(yyvsp[0].v.string);
5988 yyval.v.queue_bwspec.bw_absolute = (u_int32_t)bps;
5989 }
5990break;
5991case 126:
5992#line 1541 "/usr/src/sbin/pfctl/parse.y"
5993{
5994 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
5995 yyerror("bandwidth number too big");
5996 YYERRORgoto yyerrlab;
5997 }
5998 yyval.v.queue_bwspec.bw_percent = 0;
5999 yyval.v.queue_bwspec.bw_absolute = yyvsp[0].v.number;
6000 }
6001break;
6002case 127:
6003#line 1553 "/usr/src/sbin/pfctl/parse.y"
6004{
6005 struct pf_rule r;
6006 struct node_state_opt *o;
6007 struct node_proto *proto;
6008 int srctrack = 0;
6009 int statelock = 0;
6010 int adaptive = 0;
6011 int defaults = 0;
6012
6013 memset(&r, 0, sizeof(r));
6014 r.action = yyvsp[-7].v.b.b1;
6015 switch (yyvsp[-7].v.b.b2) {
6016 case PFRULE_RETURNRST0x0001:
6017 r.rule_flag |= PFRULE_RETURNRST0x0001;
6018 r.return_ttl = yyvsp[-7].v.b.w;
6019 break;
6020 case PFRULE_RETURNICMP0x0004:
6021 r.rule_flag |= PFRULE_RETURNICMP0x0004;
6022 r.return_icmp = yyvsp[-7].v.b.w;
6023 r.return_icmp6 = yyvsp[-7].v.b.w2;
6024 break;
6025 case PFRULE_RETURN0x0008:
6026 r.rule_flag |= PFRULE_RETURN0x0008;
6027 r.return_icmp = yyvsp[-7].v.b.w;
6028 r.return_icmp6 = yyvsp[-7].v.b.w2;
6029 break;
6030 }
6031 r.direction = yyvsp[-6].v.i;
6032 r.log = yyvsp[-5].v.logquick.log;
6033 r.logif = yyvsp[-5].v.logquick.logif;
6034 r.quick = yyvsp[-5].v.logquick.quick;
6035 r.af = yyvsp[-3].v.i;
6036
6037 if (filteropts_to_rule(&r, &yyvsp[0].v.filter_opts))
6038 YYERRORgoto yyerrlab;
6039
6040 if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2 || yyvsp[-1].v.fromto.src_os) {
6041 for (proto = yyvsp[-2].v.proto; proto != NULL((void *)0) &&
6042 proto->proto != IPPROTO_TCP6;
6043 proto = proto->next)
6044 ; /* nothing */
6045 if (proto == NULL((void *)0) && yyvsp[-2].v.proto != NULL((void *)0)) {
6046 if (yyvsp[0].v.filter_opts.flags.b1 || yyvsp[0].v.filter_opts.flags.b2)
6047 yyerror(
6048 "flags only apply to tcp");
6049 if (yyvsp[-1].v.fromto.src_os)
6050 yyerror(
6051 "OS fingerprinting only "
6052 "apply to tcp");
6053 YYERRORgoto yyerrlab;
6054 }
6055 }
6056
6057 r.keep_state = yyvsp[0].v.filter_opts.keep.action;
6058 o = yyvsp[0].v.filter_opts.keep.options;
6059
6060 /* 'keep state' by default on pass rules. */
6061 if (!r.keep_state && !r.action &&
6062 !(yyvsp[0].v.filter_opts.marker & FOM_KEEP0x0008)) {
6063 r.keep_state = PF_STATE_NORMAL0x1;
6064 o = keep_state_defaults;
6065 defaults = 1;
6066 }
6067
6068 while (o) {
6069 struct node_state_opt *p = o;
6070
6071 switch (o->type) {
6072 case PF_STATE_OPT_MAX:
6073 if (r.max_states) {
6074 yyerror("state option 'max' "
6075 "multiple definitions");
6076 YYERRORgoto yyerrlab;
6077 }
6078 r.max_states = o->data.max_states;
6079 break;
6080 case PF_STATE_OPT_NOSYNC:
6081 if (r.rule_flag & PFRULE_NOSYNC0x0010) {
6082 yyerror("state option 'sync' "
6083 "multiple definitions");
6084 YYERRORgoto yyerrlab;
6085 }
6086 r.rule_flag |= PFRULE_NOSYNC0x0010;
6087 break;
6088 case PF_STATE_OPT_SRCTRACK:
6089 if (srctrack) {
6090 yyerror("state option "
6091 "'source-track' "
6092 "multiple definitions");
6093 YYERRORgoto yyerrlab;
6094 }
6095 srctrack = o->data.src_track;
6096 r.rule_flag |= PFRULE_SRCTRACK0x0020;
6097 break;
6098 case PF_STATE_OPT_MAX_SRC_STATES:
6099 if (r.max_src_states) {
6100 yyerror("state option "
6101 "'max-src-states' "
6102 "multiple definitions");
6103 YYERRORgoto yyerrlab;
6104 }
6105 if (o->data.max_src_states == 0) {
6106 yyerror("'max-src-states' must "
6107 "be > 0");
6108 YYERRORgoto yyerrlab;
6109 }
6110 r.max_src_states =
6111 o->data.max_src_states;
6112 r.rule_flag |= PFRULE_SRCTRACK0x0020;
6113 break;
6114 case PF_STATE_OPT_OVERLOAD:
6115 if (r.overload_tblname[0]) {
6116 yyerror("multiple 'overload' "
6117 "table definitions");
6118 YYERRORgoto yyerrlab;
6119 }
6120 if (strlcpy(r.overload_tblname,
6121 o->data.overload.tblname,
6122 PF_TABLE_NAME_SIZE32) >=
6123 PF_TABLE_NAME_SIZE32) {
6124 yyerror("state option: "
6125 "strlcpy");
6126 YYERRORgoto yyerrlab;
6127 }
6128 r.flush = o->data.overload.flush;
6129 break;
6130 case PF_STATE_OPT_MAX_SRC_CONN:
6131 if (r.max_src_conn) {
6132 yyerror("state option "
6133 "'max-src-conn' "
6134 "multiple definitions");
6135 YYERRORgoto yyerrlab;
6136 }
6137 if (o->data.max_src_conn == 0) {
6138 yyerror("'max-src-conn' "
6139 "must be > 0");
6140 YYERRORgoto yyerrlab;
6141 }
6142 r.max_src_conn =
6143 o->data.max_src_conn;
6144 r.rule_flag |= PFRULE_SRCTRACK0x0020 |
6145 PFRULE_RULESRCTRACK0x0040;
6146 break;
6147 case PF_STATE_OPT_MAX_SRC_CONN_RATE:
6148 if (r.max_src_conn_rate.limit) {
6149 yyerror("state option "
6150 "'max-src-conn-rate' "
6151 "multiple definitions");
6152 YYERRORgoto yyerrlab;
6153 }
6154 if (!o->data.max_src_conn_rate.limit ||
6155 !o->data.max_src_conn_rate.seconds) {
6156 yyerror("'max-src-conn-rate' "
6157 "values must be > 0");
6158 YYERRORgoto yyerrlab;
6159 }
6160 if (o->data.max_src_conn_rate.limit >
6161 PF_THRESHOLD_MAX0xffffffff / 1000) {
6162 yyerror("'max-src-conn-rate' "
6163 "maximum rate must be < %u",
6164 PF_THRESHOLD_MAX0xffffffff / 1000);
6165 YYERRORgoto yyerrlab;
6166 }
6167 r.max_src_conn_rate.limit =
6168 o->data.max_src_conn_rate.limit;
6169 r.max_src_conn_rate.seconds =
6170 o->data.max_src_conn_rate.seconds;
6171 r.rule_flag |= PFRULE_SRCTRACK0x0020 |
6172 PFRULE_RULESRCTRACK0x0040;
6173 break;
6174 case PF_STATE_OPT_MAX_SRC_NODES:
6175 if (r.max_src_nodes) {
6176 yyerror("state option "
6177 "'max-src-nodes' "
6178 "multiple definitions");
6179 YYERRORgoto yyerrlab;
6180 }
6181 if (o->data.max_src_nodes == 0) {
6182 yyerror("'max-src-nodes' must "
6183 "be > 0");
6184 YYERRORgoto yyerrlab;
6185 }
6186 r.max_src_nodes =
6187 o->data.max_src_nodes;
6188 r.rule_flag |= PFRULE_SRCTRACK0x0020 |
6189 PFRULE_RULESRCTRACK0x0040;
6190 break;
6191 case PF_STATE_OPT_STATELOCK:
6192 if (statelock) {
6193 yyerror("state locking option: "
6194 "multiple definitions");
6195 YYERRORgoto yyerrlab;
6196 }
6197 statelock = 1;
6198 r.rule_flag |= o->data.statelock;
6199 break;
6200 case PF_STATE_OPT_SLOPPY:
6201 if (r.rule_flag & PFRULE_STATESLOPPY0x00020000) {
6202 yyerror("state sloppy option: "
6203 "multiple definitions");
6204 YYERRORgoto yyerrlab;
6205 }
6206 r.rule_flag |= PFRULE_STATESLOPPY0x00020000;
6207 break;
6208 case PF_STATE_OPT_PFLOW:
6209 if (r.rule_flag & PFRULE_PFLOW0x00040000) {
6210 yyerror("state pflow "
6211 "option: multiple "
6212 "definitions");
6213 YYERRORgoto yyerrlab;
6214 }
6215 r.rule_flag |= PFRULE_PFLOW0x00040000;
6216 break;
6217 case PF_STATE_OPT_TIMEOUT:
6218 if (o->data.timeout.number ==
6219 PFTM_ADAPTIVE_START ||
6220 o->data.timeout.number ==
6221 PFTM_ADAPTIVE_END)
6222 adaptive = 1;
6223 if (r.timeout[o->data.timeout.number]) {
6224 yyerror("state timeout %s "
6225 "multiple definitions",
6226 pf_timeouts[o->data.
6227 timeout.number].name);
6228 YYERRORgoto yyerrlab;
6229 }
6230 r.timeout[o->data.timeout.number] =
6231 o->data.timeout.seconds;
6232 }
6233 o = o->next;
6234 if (!defaults)
6235 free(p);
6236 }
6237
6238 /* 'flags S/SA' by default on stateful rules */
6239 if (!r.action && !r.flags && !r.flagset &&
6240 !yyvsp[0].v.filter_opts.fragment && !(yyvsp[0].v.filter_opts.marker & FOM_FLAGS0x0001) &&
6241 r.keep_state) {
6242 r.flags = parse_flags("S");
6243 r.flagset = parse_flags("SA");
6244 }
6245 if (!adaptive && r.max_states) {
6246 r.timeout[PFTM_ADAPTIVE_START] =
6247 (r.max_states / 10) * 6;
6248 r.timeout[PFTM_ADAPTIVE_END] =
6249 (r.max_states / 10) * 12;
6250 }
6251 if (r.rule_flag & PFRULE_SRCTRACK0x0020) {
6252 if (srctrack == PF_SRCTRACK_GLOBAL &&
6253 r.max_src_nodes) {
6254 yyerror("'max-src-nodes' is "
6255 "incompatible with "
6256 "'source-track global'");
6257 YYERRORgoto yyerrlab;
6258 }
6259 if (srctrack == PF_SRCTRACK_GLOBAL &&
6260 r.max_src_conn) {
6261 yyerror("'max-src-conn' is "
6262 "incompatible with "
6263 "'source-track global'");
6264 YYERRORgoto yyerrlab;
6265 }
6266 if (srctrack == PF_SRCTRACK_GLOBAL &&
6267 r.max_src_conn_rate.seconds) {
6268 yyerror("'max-src-conn-rate' is "
6269 "incompatible with "
6270 "'source-track global'");
6271 YYERRORgoto yyerrlab;
6272 }
6273 if (r.timeout[PFTM_SRC_NODE] <
6274 r.max_src_conn_rate.seconds)
6275 r.timeout[PFTM_SRC_NODE] =
6276 r.max_src_conn_rate.seconds;
6277 r.rule_flag |= PFRULE_SRCTRACK0x0020;
6278 if (srctrack == PF_SRCTRACK_RULE)
6279 r.rule_flag |= PFRULE_RULESRCTRACK0x0040;
6280 }
6281 if (r.keep_state && !statelock)
6282 r.rule_flag |= default_statelock;
6283
6284 decide_address_family(yyvsp[-1].v.fromto.src.host, &r.af);
6285 decide_address_family(yyvsp[-1].v.fromto.dst.host, &r.af);
6286
6287 if (yyvsp[0].v.filter_opts.rt) {
6288 if (yyvsp[0].v.filter_opts.rt != PF_DUPTO && !r.direction) {
6289 yyerror("direction must be explicit "
6290 "with rules that specify routing");
6291 YYERRORgoto yyerrlab;
6292 }
6293 r.rt = yyvsp[0].v.filter_opts.rt;
6294 }
6295
6296 if (expand_divertspec(&r, &yyvsp[0].v.filter_opts.divert))
6297 YYERRORgoto yyerrlab;
6298
6299 expand_rule(&r, 0, yyvsp[-4].v.interface, &yyvsp[0].v.filter_opts.nat, &yyvsp[0].v.filter_opts.rdr, &yyvsp[0].v.filter_opts.rroute, yyvsp[-2].v.proto,
6300 yyvsp[-1].v.fromto.src_os,
6301 yyvsp[-1].v.fromto.src.host, yyvsp[-1].v.fromto.src.port, yyvsp[-1].v.fromto.dst.host, yyvsp[-1].v.fromto.dst.port,
6302 yyvsp[0].v.filter_opts.uid, yyvsp[0].v.filter_opts.gid, yyvsp[0].v.filter_opts.rcv, yyvsp[0].v.filter_opts.icmpspec);
6303 }
6304break;
6305case 128:
6306#line 1855 "/usr/src/sbin/pfctl/parse.y"
6307{
6308 bzero(&filter_opts, sizeof filter_opts);
6309 filter_opts.rtableid = -1;
6310 }
6311break;
6312case 129:
6313#line 1860 "/usr/src/sbin/pfctl/parse.y"
6314{ yyval.v.filter_opts = filter_opts; }
6315break;
6316case 130:
6317#line 1861 "/usr/src/sbin/pfctl/parse.y"
6318{
6319 bzero(&filter_opts, sizeof filter_opts);
6320 filter_opts.rtableid = -1;
6321 yyval.v.filter_opts = filter_opts;
6322 }
6323break;
6324case 133:
6325#line 1872 "/usr/src/sbin/pfctl/parse.y"
6326{
6327 if (filter_opts.uid)
6328 yyvsp[0].v.uid->tail->next = filter_opts.uid;
6329 filter_opts.uid = yyvsp[0].v.uid;
6330 }
6331break;
6332case 134:
6333#line 1877 "/usr/src/sbin/pfctl/parse.y"
6334{
6335 if (filter_opts.gid)
6336 yyvsp[0].v.gid->tail->next = filter_opts.gid;
6337 filter_opts.gid = yyvsp[0].v.gid;
6338 }
6339break;
6340case 135:
6341#line 1882 "/usr/src/sbin/pfctl/parse.y"
6342{
6343 if (filter_opts.marker & FOM_FLAGS0x0001) {
6344 yyerror("flags cannot be redefined");
6345 YYERRORgoto yyerrlab;
6346 }
6347 filter_opts.marker |= FOM_FLAGS0x0001;
6348 filter_opts.flags.b1 |= yyvsp[0].v.b.b1;
6349 filter_opts.flags.b2 |= yyvsp[0].v.b.b2;
6350 filter_opts.flags.w |= yyvsp[0].v.b.w;
6351 filter_opts.flags.w2 |= yyvsp[0].v.b.w2;
6352 }
6353break;
6354case 136:
6355#line 1893 "/usr/src/sbin/pfctl/parse.y"
6356{
6357 if (filter_opts.marker & FOM_ICMP0x0002) {
6358 yyerror("icmp-type cannot be redefined");
6359 YYERRORgoto yyerrlab;
6360 }
6361 filter_opts.marker |= FOM_ICMP0x0002;
6362 filter_opts.icmpspec = yyvsp[0].v.icmp;
6363 }
6364break;
6365case 137:
6366#line 1901 "/usr/src/sbin/pfctl/parse.y"
6367{
6368 if (filter_opts.marker & FOM_PRIO0x2000) {
6369 yyerror("prio cannot be redefined");
6370 YYERRORgoto yyerrlab;
6371 }
6372 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO8 - 1) {
6373 yyerror("prio must be 0 - %u", IFQ_MAXPRIO8 - 1);
6374 YYERRORgoto yyerrlab;
6375 }
6376 filter_opts.marker |= FOM_PRIO0x2000;
6377 filter_opts.prio = yyvsp[0].v.number;
6378 }
6379break;
6380case 138:
6381#line 1913 "/usr/src/sbin/pfctl/parse.y"
6382{
6383 if (filter_opts.marker & FOM_TOS0x0004) {
6384 yyerror("tos cannot be redefined");
6385 YYERRORgoto yyerrlab;
6386 }
6387 filter_opts.marker |= FOM_TOS0x0004;
6388 filter_opts.tos = yyvsp[0].v.number;
6389 }
6390break;
6391case 139:
6392#line 1921 "/usr/src/sbin/pfctl/parse.y"
6393{
6394 if (filter_opts.marker & FOM_KEEP0x0008) {
6395 yyerror("modulate or keep cannot be redefined");
6396 YYERRORgoto yyerrlab;
6397 }
6398 filter_opts.marker |= FOM_KEEP0x0008;
6399 filter_opts.keep.action = yyvsp[0].v.keep_state.action;
6400 filter_opts.keep.options = yyvsp[0].v.keep_state.options;
6401 }
6402break;
6403case 140:
6404#line 1930 "/usr/src/sbin/pfctl/parse.y"
6405{
6406 filter_opts.fragment = 1;
6407 }
6408break;
6409case 141:
6410#line 1933 "/usr/src/sbin/pfctl/parse.y"
6411{
6412 filter_opts.allowopts = 1;
6413 }
6414break;
6415case 142:
6416#line 1936 "/usr/src/sbin/pfctl/parse.y"
6417{
6418 if (filter_opts.label) {
6419 yyerror("label cannot be redefined");
6420 YYERRORgoto yyerrlab;
6421 }
6422 filter_opts.label = yyvsp[0].v.string;
6423 }
6424break;
6425case 143:
6426#line 1943 "/usr/src/sbin/pfctl/parse.y"
6427{
6428 if (filter_opts.queues.qname) {
6429 yyerror("queue cannot be redefined");
6430 YYERRORgoto yyerrlab;
6431 }
6432 filter_opts.queues = yyvsp[0].v.qassign;
6433 }
6434break;
6435case 144:
6436#line 1950 "/usr/src/sbin/pfctl/parse.y"
6437{
6438 filter_opts.tag = yyvsp[0].v.string;
6439 }
6440break;
6441case 145:
6442#line 1953 "/usr/src/sbin/pfctl/parse.y"
6443{
6444 filter_opts.match_tag = yyvsp[0].v.string;
6445 filter_opts.match_tag_not = yyvsp[-2].v.number;
6446 }
6447break;
6448case 146:
6449#line 1957 "/usr/src/sbin/pfctl/parse.y"
6450{
6451 double p;
6452
6453 p = floor(yyvsp[0].v.probability * UINT_MAX(2147483647 *2U +1U) + 0.5);
6454 if (p < 0.0 || p > UINT_MAX(2147483647 *2U +1U)) {
6455 yyerror("invalid probability: %g%%", yyvsp[0].v.probability * 100);
6456 YYERRORgoto yyerrlab;
6457 }
6458 filter_opts.prob = (u_int32_t)p;
6459 if (filter_opts.prob == 0)
6460 filter_opts.prob = 1;
6461 }
6462break;
6463case 147:
6464#line 1969 "/usr/src/sbin/pfctl/parse.y"
6465{
6466 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX255) {
6467 yyerror("invalid rtable id");
6468 YYERRORgoto yyerrlab;
6469 } else if (!lookup_rtable(yyvsp[0].v.number)) {
6470 yyerror("rtable %lld does not exist", yyvsp[0].v.number);
6471 YYERRORgoto yyerrlab;
6472 }
6473 filter_opts.rtableid = yyvsp[0].v.number;
6474 }
6475break;
6476case 148:
6477#line 1979 "/usr/src/sbin/pfctl/parse.y"
6478{
6479 if (filter_opts.divert.type != PF_DIVERT_NONE) {
6480 yyerror("more than one divert option");
6481 YYERRORgoto yyerrlab;
6482 }
6483 filter_opts.divert.type = PF_DIVERT_TO;
6484 if ((filter_opts.divert.addr = host(yyvsp[-2].v.string, pf->opts)) == NULL((void *)0)) {
6485 yyerror("could not parse divert address: %s",
6486 yyvsp[-2].v.string);
6487 free(yyvsp[-2].v.string);
6488 YYERRORgoto yyerrlab;
6489 }
6490 free(yyvsp[-2].v.string);
6491 filter_opts.divert.port = yyvsp[0].v.range.a;
6492 if (!filter_opts.divert.port) {
6493 yyerror("invalid divert port: %u", ntohs(yyvsp[0].v.range.a)(__uint16_t)(__builtin_constant_p(yyvsp[0].v.range.a) ? (__uint16_t
)(((__uint16_t)(yyvsp[0].v.range.a) & 0xffU) << 8 |
((__uint16_t)(yyvsp[0].v.range.a) & 0xff00U) >> 8)
: __swap16md(yyvsp[0].v.range.a)));
6494 YYERRORgoto yyerrlab;
6495 }
6496 }
6497break;
6498case 149:
6499#line 1998 "/usr/src/sbin/pfctl/parse.y"
6500{
6501 if (filter_opts.divert.type != PF_DIVERT_NONE) {
6502 yyerror("more than one divert option");
6503 YYERRORgoto yyerrlab;
6504 }
6505 filter_opts.divert.type = PF_DIVERT_REPLY;
6506 }
6507break;
6508case 150:
6509#line 2005 "/usr/src/sbin/pfctl/parse.y"
6510{
6511 if (filter_opts.divert.type != PF_DIVERT_NONE) {
6512 yyerror("more than one divert option");
6513 YYERRORgoto yyerrlab;
6514 }
6515 filter_opts.divert.type = PF_DIVERT_PACKET;
6516 /*
6517 * If IP reassembly was not turned off, also
6518 * forcibly enable TCP reassembly by default.
6519 */
6520 if (pf->reassemble & PF_REASS_ENABLED0x01)
6521 filter_opts.marker |= FOM_SCRUB_TCP0x0200;
6522
6523 filter_opts.divert.port = yyvsp[0].v.range.a;
6524 if (!filter_opts.divert.port) {
6525 yyerror("invalid divert port: %u", ntohs(yyvsp[0].v.range.a)(__uint16_t)(__builtin_constant_p(yyvsp[0].v.range.a) ? (__uint16_t
)(((__uint16_t)(yyvsp[0].v.range.a) & 0xffU) << 8 |
((__uint16_t)(yyvsp[0].v.range.a) & 0xff00U) >> 8)
: __swap16md(yyvsp[0].v.range.a)));
6526 YYERRORgoto yyerrlab;
6527 }
6528 }
6529break;
6530case 151:
6531#line 2024 "/usr/src/sbin/pfctl/parse.y"
6532{
6533 filter_opts.nodf = yyvsp[-1].v.scrub_opts.nodf;
6534 filter_opts.minttl = yyvsp[-1].v.scrub_opts.minttl;
6535 filter_opts.randomid = yyvsp[-1].v.scrub_opts.randomid;
6536 filter_opts.max_mss = yyvsp[-1].v.scrub_opts.maxmss;
6537 if (yyvsp[-1].v.scrub_opts.reassemble_tcp)
6538 filter_opts.marker |= FOM_SCRUB_TCP0x0200;
6539 filter_opts.marker |= yyvsp[-1].v.scrub_opts.marker;
6540 }
6541break;
6542case 152:
6543#line 2033 "/usr/src/sbin/pfctl/parse.y"
6544{
6545 if (filter_opts.nat.rdr) {
6546 yyerror("cannot respecify nat-to/binat-to");
6547 YYERRORgoto yyerrlab;
6548 }
6549 filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6550 memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6551 sizeof(filter_opts.nat.pool_opts));
6552 }
6553break;
6554case 153:
6555#line 2042 "/usr/src/sbin/pfctl/parse.y"
6556{
6557 if (filter_opts.nat.rdr) {
6558 yyerror("cannot respecify af-to");
6559 YYERRORgoto yyerrlab;
6560 }
6561 if (yyvsp[-3].v.i == 0) {
6562 yyerror("no target address family specified");
6563 YYERRORgoto yyerrlab;
6564 }
6565 filter_opts.nat.af = yyvsp[-3].v.i;
6566 filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6567 memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6568 sizeof(filter_opts.nat.pool_opts));
6569 filter_opts.rdr.rdr =
6570 calloc(1, sizeof(struct redirection));
6571 bzero(&filter_opts.rdr.pool_opts,
6572 sizeof(filter_opts.rdr.pool_opts));
6573 filter_opts.marker |= FOM_AFTO0x0080;
6574 }
6575break;
6576case 154:
6577#line 2061 "/usr/src/sbin/pfctl/parse.y"
6578{
6579 if (filter_opts.nat.rdr) {
6580 yyerror("cannot respecify af-to");
6581 YYERRORgoto yyerrlab;
6582 }
6583 if (yyvsp[-6].v.i == 0) {
6584 yyerror("no address family specified");
6585 YYERRORgoto yyerrlab;
6586 }
6587 if ((yyvsp[-4].v.redirection->host->af && yyvsp[-4].v.redirection->host->af != yyvsp[-6].v.i) ||
6588 (yyvsp[-1].v.redirection->host->af && yyvsp[-1].v.redirection->host->af != yyvsp[-6].v.i)) {
6589 yyerror("af-to addresses must be in the "
6590 "target address family");
6591 YYERRORgoto yyerrlab;
6592 }
6593 filter_opts.nat.af = yyvsp[-6].v.i;
6594 filter_opts.nat.rdr = yyvsp[-4].v.redirection;
6595 memcpy(&filter_opts.nat.pool_opts, &yyvsp[-3].v.pool_opts,
6596 sizeof(filter_opts.nat.pool_opts));
6597 filter_opts.rdr.af = yyvsp[-6].v.i;
6598 filter_opts.rdr.rdr = yyvsp[-1].v.redirection;
6599 memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6600 sizeof(filter_opts.nat.pool_opts));
6601 filter_opts.marker |= FOM_AFTO0x0080;
6602 }
6603break;
6604case 155:
6605#line 2086 "/usr/src/sbin/pfctl/parse.y"
6606{
6607 if (filter_opts.rdr.rdr) {
6608 yyerror("cannot respecify rdr-to");
6609 YYERRORgoto yyerrlab;
6610 }
6611 filter_opts.rdr.rdr = yyvsp[-1].v.redirection;
6612 memcpy(&filter_opts.rdr.pool_opts, &yyvsp[0].v.pool_opts,
6613 sizeof(filter_opts.rdr.pool_opts));
6614 }
6615break;
6616case 156:
6617#line 2095 "/usr/src/sbin/pfctl/parse.y"
6618{
6619 if (filter_opts.nat.rdr) {
6620 yyerror("cannot respecify nat-to/binat-to");
6621 YYERRORgoto yyerrlab;
6622 }
6623 filter_opts.nat.rdr = yyvsp[-1].v.redirection;
6624 filter_opts.nat.binat = 1;
6625 memcpy(&filter_opts.nat.pool_opts, &yyvsp[0].v.pool_opts,
6626 sizeof(filter_opts.nat.pool_opts));
6627 filter_opts.nat.pool_opts.staticport = 1;
6628 }
6629break;
6630case 157:
6631#line 2106 "/usr/src/sbin/pfctl/parse.y"
6632{
6633 filter_opts.rt = PF_ROUTETO;
6634 }
6635break;
6636case 158:
6637#line 2109 "/usr/src/sbin/pfctl/parse.y"
6638{
6639 filter_opts.rt = PF_REPLYTO;
6640 }
6641break;
6642case 159:
6643#line 2112 "/usr/src/sbin/pfctl/parse.y"
6644{
6645 filter_opts.rt = PF_DUPTO;
6646 }
6647break;
6648case 160:
6649#line 2115 "/usr/src/sbin/pfctl/parse.y"
6650{
6651 if (filter_opts.rcv) {
6652 yyerror("cannot respecify received-on");
6653 YYERRORgoto yyerrlab;
6654 }
6655 filter_opts.rcv = yyvsp[0].v.interface;
6656 filter_opts.rcv->not = yyvsp[-2].v.number;
6657 }
6658break;
6659case 161:
6660#line 2123 "/usr/src/sbin/pfctl/parse.y"
6661{
6662 filter_opts.marker |= FOM_ONCE0x1000;
6663 }
6664break;
6665case 162:
6666#line 2126 "/usr/src/sbin/pfctl/parse.y"
6667{
6668 if (yyvsp[-2].v.number < 0 || yyvsp[-2].v.number > UINT_MAX(2147483647 *2U +1U) ||
6669 yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
6670 yyerror("only positive values permitted");
6671 YYERRORgoto yyerrlab;
6672 }
6673 if (filter_opts.pktrate.limit) {
6674 yyerror("cannot respecify max-pkt-rate");
6675 YYERRORgoto yyerrlab;
6676 }
6677 filter_opts.pktrate.limit = yyvsp[-2].v.number;
6678 filter_opts.pktrate.seconds = yyvsp[0].v.number;
6679 }
6680break;
6681case 164:
6682#line 2142 "/usr/src/sbin/pfctl/parse.y"
6683{ yyval.v.filter_opts = filter_opts; }
6684break;
6685case 165:
6686#line 2143 "/usr/src/sbin/pfctl/parse.y"
6687{ yyval.v.filter_opts = filter_opts; }
6688break;
6689case 168:
6690#line 2150 "/usr/src/sbin/pfctl/parse.y"
6691{
6692 if (filter_opts.marker & FOM_SETPRIO0x0400) {
6693 yyerror("prio cannot be redefined");
6694 YYERRORgoto yyerrlab;
6695 }
6696 filter_opts.marker |= FOM_SETPRIO0x0400;
6697 filter_opts.set_prio[0] = yyvsp[0].v.b.b1;
6698 filter_opts.set_prio[1] = yyvsp[0].v.b.b2;
6699 }
6700break;
6701case 169:
6702#line 2159 "/usr/src/sbin/pfctl/parse.y"
6703{
6704 if (filter_opts.queues.qname) {
6705 yyerror("queue cannot be redefined");
6706 YYERRORgoto yyerrlab;
6707 }
6708 filter_opts.queues = yyvsp[0].v.qassign;
6709 }
6710break;
6711case 170:
6712#line 2166 "/usr/src/sbin/pfctl/parse.y"
6713{
6714 if (filter_opts.marker & FOM_SETTOS0x0100) {
6715 yyerror("tos cannot be respecified");
6716 YYERRORgoto yyerrlab;
6717 }
6718 filter_opts.marker |= FOM_SETTOS0x0100;
6719 filter_opts.settos = yyvsp[0].v.number;
6720 }
6721break;
6722case 171:
6723#line 2174 "/usr/src/sbin/pfctl/parse.y"
6724{
6725 if (filter_opts.delay) {
6726 yyerror("delay cannot be respecified");
6727 YYERRORgoto yyerrlab;
6728 }
6729 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 0xffff) {
6730 yyerror("illegal delay value %lld (0-%u)", yyvsp[0].v.number,
6731 0xffff);
6732 YYERRORgoto yyerrlab;
6733 }
6734 filter_opts.marker |= FOM_SETDELAY0x4000;
6735 filter_opts.delay = yyvsp[0].v.number;
6736 }
6737break;
6738case 172:
6739#line 2189 "/usr/src/sbin/pfctl/parse.y"
6740{
6741 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > IFQ_MAXPRIO8 - 1) {
6742 yyerror("prio must be 0 - %u", IFQ_MAXPRIO8 - 1);
6743 YYERRORgoto yyerrlab;
6744 }
6745 yyval.v.b.b1 = yyval.v.b.b2 = yyvsp[0].v.number;
6746 }
6747break;
6748case 173:
6749#line 2196 "/usr/src/sbin/pfctl/parse.y"
6750{
6751 if (yyvsp[-3].v.number < 0 || yyvsp[-3].v.number > IFQ_MAXPRIO8 - 1 ||
6752 yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > IFQ_MAXPRIO8 - 1) {
6753 yyerror("prio must be 0 - %u", IFQ_MAXPRIO8 - 1);
6754 YYERRORgoto yyerrlab;
6755 }
6756 yyval.v.b.b1 = yyvsp[-3].v.number;
6757 yyval.v.b.b2 = yyvsp[-1].v.number;
6758 }
6759break;
6760case 174:
6761#line 2207 "/usr/src/sbin/pfctl/parse.y"
6762{
6763 char *e;
6764 double p = strtod(yyvsp[0].v.string, &e);
6765
6766 if (*e == '%') {
6767 p *= 0.01;
6768 e++;
6769 }
6770 if (*e) {
6771 yyerror("invalid probability: %s", yyvsp[0].v.string);
6772 free(yyvsp[0].v.string);
6773 YYERRORgoto yyerrlab;
6774 }
6775 free(yyvsp[0].v.string);
6776 yyval.v.probability = p;
6777 }
6778break;
6779case 175:
6780#line 2223 "/usr/src/sbin/pfctl/parse.y"
6781{
6782 yyval.v.probability = (double)yyvsp[0].v.number;
6783 }
6784break;
6785case 176:
6786#line 2229 "/usr/src/sbin/pfctl/parse.y"
6787{ yyval.v.b.b1 = PF_PASS; yyval.v.b.b2 = yyval.v.b.w = 0; }
6788break;
6789case 177:
6790#line 2230 "/usr/src/sbin/pfctl/parse.y"
6791{ yyval.v.b.b1 = PF_MATCH; yyval.v.b.b2 = yyval.v.b.w = 0; }
6792break;
6793case 178:
6794#line 2231 "/usr/src/sbin/pfctl/parse.y"
6795{ yyval.v.b = yyvsp[0].v.b; yyval.v.b.b1 = PF_DROP; }
6796break;
6797case 179:
6798#line 2234 "/usr/src/sbin/pfctl/parse.y"
6799{
6800 yyval.v.b.b2 = blockpolicy;
6801 yyval.v.b.w = returnicmpdefault;
6802 yyval.v.b.w2 = returnicmp6default;
6803 }
6804break;
6805case 180:
6806#line 2239 "/usr/src/sbin/pfctl/parse.y"
6807{
6808 yyval.v.b.b2 = PFRULE_DROP0x0000;
6809 yyval.v.b.w = 0;
6810 yyval.v.b.w2 = 0;
6811 }
6812break;
6813case 181:
6814#line 2244 "/usr/src/sbin/pfctl/parse.y"
6815{
6816 yyval.v.b.b2 = PFRULE_RETURNRST0x0001;
6817 yyval.v.b.w = 0;
6818 yyval.v.b.w2 = 0;
6819 }
6820break;
6821case 182:
6822#line 2249 "/usr/src/sbin/pfctl/parse.y"
6823{
6824 if (yyvsp[-1].v.number < 0 || yyvsp[-1].v.number > 255) {
6825 yyerror("illegal ttl value %lld", yyvsp[-1].v.number);
6826 YYERRORgoto yyerrlab;
6827 }
6828 yyval.v.b.b2 = PFRULE_RETURNRST0x0001;
6829 yyval.v.b.w = yyvsp[-1].v.number;
6830 yyval.v.b.w2 = 0;
6831 }
6832break;
6833case 183:
6834#line 2258 "/usr/src/sbin/pfctl/parse.y"
6835{
6836 yyval.v.b.b2 = PFRULE_RETURNICMP0x0004;
6837 yyval.v.b.w = returnicmpdefault;
6838 yyval.v.b.w2 = returnicmp6default;
6839 }
6840break;
6841case 184:
6842#line 2263 "/usr/src/sbin/pfctl/parse.y"
6843{
6844 yyval.v.b.b2 = PFRULE_RETURNICMP0x0004;
6845 yyval.v.b.w = returnicmpdefault;
6846 yyval.v.b.w2 = returnicmp6default;
6847 }
6848break;
6849case 185:
6850#line 2268 "/usr/src/sbin/pfctl/parse.y"
6851{
6852 yyval.v.b.b2 = PFRULE_RETURNICMP0x0004;
6853 yyval.v.b.w = yyvsp[-1].v.number;
6854 yyval.v.b.w2 = returnicmpdefault;
6855 }
6856break;
6857case 186:
6858#line 2273 "/usr/src/sbin/pfctl/parse.y"
6859{
6860 yyval.v.b.b2 = PFRULE_RETURNICMP0x0004;
6861 yyval.v.b.w = returnicmpdefault;
6862 yyval.v.b.w2 = yyvsp[-1].v.number;
6863 }
6864break;
6865case 187:
6866#line 2278 "/usr/src/sbin/pfctl/parse.y"
6867{
6868 yyval.v.b.b2 = PFRULE_RETURNICMP0x0004;
6869 yyval.v.b.w = yyvsp[-3].v.number;
6870 yyval.v.b.w2 = yyvsp[-1].v.number;
6871 }
6872break;
6873case 188:
6874#line 2283 "/usr/src/sbin/pfctl/parse.y"
6875{
6876 yyval.v.b.b2 = PFRULE_RETURN0x0008;
6877 yyval.v.b.w = returnicmpdefault;
6878 yyval.v.b.w2 = returnicmp6default;
6879 }
6880break;
6881case 189:
6882#line 2290 "/usr/src/sbin/pfctl/parse.y"
6883{
6884 if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET2))) {
6885 free(yyvsp[0].v.string);
6886 YYERRORgoto yyerrlab;
6887 }
6888 free(yyvsp[0].v.string);
6889 }
6890break;
6891case 190:
6892#line 2297 "/usr/src/sbin/pfctl/parse.y"
6893{
6894 u_int8_t icmptype;
6895
6896 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
6897 yyerror("invalid icmp code %lld", yyvsp[0].v.number);
6898 YYERRORgoto yyerrlab;
6899 }
6900 icmptype = returnicmpdefault >> 8;
6901 yyval.v.number = (icmptype << 8 | yyvsp[0].v.number);
6902 }
6903break;
6904case 191:
6905#line 2309 "/usr/src/sbin/pfctl/parse.y"
6906{
6907 if (!(yyval.v.number = parseicmpspec(yyvsp[0].v.string, AF_INET624))) {
6908 free(yyvsp[0].v.string);
6909 YYERRORgoto yyerrlab;
6910 }
6911 free(yyvsp[0].v.string);
6912 }
6913break;
6914case 192:
6915#line 2316 "/usr/src/sbin/pfctl/parse.y"
6916{
6917 u_int8_t icmptype;
6918
6919 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
6920 yyerror("invalid icmp code %lld", yyvsp[0].v.number);
6921 YYERRORgoto yyerrlab;
6922 }
6923 icmptype = returnicmp6default >> 8;
6924 yyval.v.number = (icmptype << 8 | yyvsp[0].v.number);
6925 }
6926break;
6927case 193:
6928#line 2328 "/usr/src/sbin/pfctl/parse.y"
6929{ yyval.v.i = PF_INOUT; }
6930break;
6931case 194:
6932#line 2329 "/usr/src/sbin/pfctl/parse.y"
6933{ yyval.v.i = PF_IN; }
6934break;
6935case 195:
6936#line 2330 "/usr/src/sbin/pfctl/parse.y"
6937{ yyval.v.i = PF_OUT; }
6938break;
6939case 196:
6940#line 2333 "/usr/src/sbin/pfctl/parse.y"
6941{ yyval.v.logquick.quick = 0; }
6942break;
6943case 197:
6944#line 2334 "/usr/src/sbin/pfctl/parse.y"
6945{ yyval.v.logquick.quick = 1; }
6946break;
6947case 198:
6948#line 2337 "/usr/src/sbin/pfctl/parse.y"
6949{ yyval.v.logquick.log = 0; yyval.v.logquick.quick = 0; yyval.v.logquick.logif = 0; }
6950break;
6951case 199:
6952#line 2338 "/usr/src/sbin/pfctl/parse.y"
6953{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 0; }
6954break;
6955case 200:
6956#line 2339 "/usr/src/sbin/pfctl/parse.y"
6957{ yyval.v.logquick.quick = 1; yyval.v.logquick.log = 0; yyval.v.logquick.logif = 0; }
6958break;
6959case 201:
6960#line 2340 "/usr/src/sbin/pfctl/parse.y"
6961{ yyval.v.logquick = yyvsp[-1].v.logquick; yyval.v.logquick.quick = 1; }
6962break;
6963case 202:
6964#line 2341 "/usr/src/sbin/pfctl/parse.y"
6965{ yyval.v.logquick = yyvsp[0].v.logquick; yyval.v.logquick.quick = 1; }
6966break;
6967case 203:
6968#line 2344 "/usr/src/sbin/pfctl/parse.y"
6969{ yyval.v.logquick.log = PF_LOG0x01; yyval.v.logquick.logif = 0; }
6970break;
6971case 204:
6972#line 2345 "/usr/src/sbin/pfctl/parse.y"
6973{
6974 yyval.v.logquick.log = PF_LOG0x01 | yyvsp[-1].v.logquick.log;
6975 yyval.v.logquick.logif = yyvsp[-1].v.logquick.logif;
6976 }
6977break;
6978case 205:
6979#line 2351 "/usr/src/sbin/pfctl/parse.y"
6980{ yyval.v.logquick = yyvsp[0].v.logquick; }
6981break;
6982case 206:
6983#line 2352 "/usr/src/sbin/pfctl/parse.y"
6984{
6985 yyval.v.logquick.log = yyvsp[-2].v.logquick.log | yyvsp[0].v.logquick.log;
6986 yyval.v.logquick.logif = yyvsp[0].v.logquick.logif;
6987 if (yyval.v.logquick.logif == 0)
6988 yyval.v.logquick.logif = yyvsp[-2].v.logquick.logif;
6989 }
6990break;
6991case 207:
6992#line 2360 "/usr/src/sbin/pfctl/parse.y"
6993{ yyval.v.logquick.log = PF_LOG_ALL0x02; yyval.v.logquick.logif = 0; }
6994break;
6995case 208:
6996#line 2361 "/usr/src/sbin/pfctl/parse.y"
6997{ yyval.v.logquick.log = PF_LOG_MATCHES0x10; yyval.v.logquick.logif = 0; }
6998break;
6999case 209:
7000#line 2362 "/usr/src/sbin/pfctl/parse.y"
7001{ yyval.v.logquick.log = PF_LOG_USER0x04; yyval.v.logquick.logif = 0; }
7002break;
7003case 210:
7004#line 2363 "/usr/src/sbin/pfctl/parse.y"
7005{
7006 const char *errstr;
7007 u_int i;
7008
7009 yyval.v.logquick.log = 0;
7010 if (strncmp(yyvsp[0].v.string, "pflog", 5)) {
7011 yyerror("%s: should be a pflog interface", yyvsp[0].v.string);
7012 free(yyvsp[0].v.string);
7013 YYERRORgoto yyerrlab;
7014 }
7015 i = strtonum(yyvsp[0].v.string + 5, 0, 255, &errstr);
7016 if (errstr) {
7017 yyerror("%s: %s", yyvsp[0].v.string, errstr);
7018 free(yyvsp[0].v.string);
7019 YYERRORgoto yyerrlab;
7020 }
7021 free(yyvsp[0].v.string);
7022 yyval.v.logquick.logif = i;
7023 }
7024break;
7025case 211:
7026#line 2384 "/usr/src/sbin/pfctl/parse.y"
7027{ yyval.v.interface = NULL((void *)0); }
7028break;
7029case 212:
7030#line 2385 "/usr/src/sbin/pfctl/parse.y"
7031{ yyval.v.interface = yyvsp[0].v.interface; }
7032break;
7033case 213:
7034#line 2386 "/usr/src/sbin/pfctl/parse.y"
7035{ yyval.v.interface = yyvsp[-1].v.interface; }
7036break;
7037case 214:
7038#line 2389 "/usr/src/sbin/pfctl/parse.y"
7039{ yyval.v.interface = yyvsp[-1].v.interface; }
7040break;
7041case 215:
7042#line 2390 "/usr/src/sbin/pfctl/parse.y"
7043{
7044 yyvsp[-3].v.interface->tail->next = yyvsp[-1].v.interface;
7045 yyvsp[-3].v.interface->tail = yyvsp[-1].v.interface;
7046 yyval.v.interface = yyvsp[-3].v.interface;
7047 }
7048break;
7049case 216:
7050#line 2397 "/usr/src/sbin/pfctl/parse.y"
7051{ yyval.v.interface = yyvsp[0].v.interface; yyval.v.interface->not = yyvsp[-1].v.number; }
7052break;
7053case 217:
7054#line 2400 "/usr/src/sbin/pfctl/parse.y"
7055{
7056 struct node_host *n;
7057
7058 yyval.v.interface = calloc(1, sizeof(struct node_if));
7059 if (yyval.v.interface == NULL((void *)0))
7060 err(1, "if_item: calloc");
7061 if (strlcpy(yyval.v.interface->ifname, yyvsp[0].v.string, sizeof(yyval.v.interface->ifname)) >=
7062 sizeof(yyval.v.interface->ifname)) {
7063 free(yyvsp[0].v.string);
7064 free(yyval.v.interface);
7065 yyerror("interface name too long");
7066 YYERRORgoto yyerrlab;
7067 }
7068
7069 if ((n = ifa_exists(yyvsp[0].v.string)) != NULL((void *)0))
7070 yyval.v.interface->ifa_flags = n->ifa_flags;
7071
7072 free(yyvsp[0].v.string);
7073 yyval.v.interface->not = 0;
7074 yyval.v.interface->next = NULL((void *)0);
7075 yyval.v.interface->tail = yyval.v.interface;
7076 }
7077break;
7078case 218:
7079#line 2422 "/usr/src/sbin/pfctl/parse.y"
7080{
7081 yyval.v.interface = calloc(1, sizeof(struct node_if));
7082 if (yyval.v.interface == NULL((void *)0))
7083 err(1, "if_item: calloc");
7084 strlcpy(yyval.v.interface->ifname, "any", sizeof(yyval.v.interface->ifname));
7085 yyval.v.interface->not = 0;
7086 yyval.v.interface->next = NULL((void *)0);
7087 yyval.v.interface->tail = yyval.v.interface;
7088 }
7089break;
7090case 219:
7091#line 2431 "/usr/src/sbin/pfctl/parse.y"
7092{
7093 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > RT_TABLEID_MAX255)
7094 yyerror("rdomain %lld outside range", yyvsp[0].v.number);
7095
7096 yyval.v.interface = calloc(1, sizeof(struct node_if));
7097 if (yyval.v.interface == NULL((void *)0))
7098 err(1, "if_item: calloc");
7099 yyval.v.interface->not = 0;
7100 yyval.v.interface->use_rdomain = 1;
7101 yyval.v.interface->rdomain = yyvsp[0].v.number;
7102 yyval.v.interface->next = NULL((void *)0);
7103 yyval.v.interface->tail = yyval.v.interface;
7104 }
7105break;
7106case 220:
7107#line 2446 "/usr/src/sbin/pfctl/parse.y"
7108{ yyval.v.i = 0; }
7109break;
7110case 221:
7111#line 2447 "/usr/src/sbin/pfctl/parse.y"
7112{ yyval.v.i = AF_INET2; }
7113break;
7114case 222:
7115#line 2448 "/usr/src/sbin/pfctl/parse.y"
7116{ yyval.v.i = AF_INET624; }
7117break;
7118case 223:
7119#line 2451 "/usr/src/sbin/pfctl/parse.y"
7120{ yyval.v.proto = NULL((void *)0); }
7121break;
7122case 224:
7123#line 2452 "/usr/src/sbin/pfctl/parse.y"
7124{ yyval.v.proto = yyvsp[0].v.proto; }
7125break;
7126case 225:
7127#line 2453 "/usr/src/sbin/pfctl/parse.y"
7128{ yyval.v.proto = yyvsp[-1].v.proto; }
7129break;
7130case 226:
7131#line 2456 "/usr/src/sbin/pfctl/parse.y"
7132{ yyval.v.proto = yyvsp[-1].v.proto; }
7133break;
7134case 227:
7135#line 2457 "/usr/src/sbin/pfctl/parse.y"
7136{
7137 yyvsp[-3].v.proto->tail->next = yyvsp[-1].v.proto;
7138 yyvsp[-3].v.proto->tail = yyvsp[-1].v.proto;
7139 yyval.v.proto = yyvsp[-3].v.proto;
7140 }
7141break;
7142case 228:
7143#line 2464 "/usr/src/sbin/pfctl/parse.y"
7144{
7145 u_int8_t pr;
7146
7147 pr = (u_int8_t)yyvsp[0].v.number;
7148 if (pr == 0) {
7149 yyerror("proto 0 cannot be used");
7150 YYERRORgoto yyerrlab;
7151 }
7152 yyval.v.proto = calloc(1, sizeof(struct node_proto));
7153 if (yyval.v.proto == NULL((void *)0))
7154 err(1, "proto_item: calloc");
7155 yyval.v.proto->proto = pr;
7156 yyval.v.proto->next = NULL((void *)0);
7157 yyval.v.proto->tail = yyval.v.proto;
7158 }
7159break;
7160case 229:
7161#line 2481 "/usr/src/sbin/pfctl/parse.y"
7162{
7163 struct protoent *p;
7164
7165 p = getprotobyname(yyvsp[0].v.string);
7166 if (p == NULL((void *)0)) {
7167 yyerror("unknown protocol %s", yyvsp[0].v.string);
7168 free(yyvsp[0].v.string);
7169 YYERRORgoto yyerrlab;
7170 }
7171 yyval.v.number = p->p_proto;
7172 free(yyvsp[0].v.string);
7173 }
7174break;
7175case 230:
7176#line 2493 "/usr/src/sbin/pfctl/parse.y"
7177{
7178 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7179 yyerror("protocol outside range");
7180 YYERRORgoto yyerrlab;
7181 }
7182 }
7183break;
7184case 231:
7185#line 2501 "/usr/src/sbin/pfctl/parse.y"
7186{
7187 yyval.v.fromto.src.host = NULL((void *)0);
7188 yyval.v.fromto.src.port = NULL((void *)0);
7189 yyval.v.fromto.dst.host = NULL((void *)0);
7190 yyval.v.fromto.dst.port = NULL((void *)0);
7191 yyval.v.fromto.src_os = NULL((void *)0);
7192 }
7193break;
7194case 232:
7195#line 2508 "/usr/src/sbin/pfctl/parse.y"
7196{
7197 yyval.v.fromto.src = yyvsp[-2].v.peer;
7198 yyval.v.fromto.src_os = yyvsp[-1].v.os;
7199 yyval.v.fromto.dst = yyvsp[0].v.peer;
7200 }
7201break;
7202case 233:
7203#line 2515 "/usr/src/sbin/pfctl/parse.y"
7204{ yyval.v.os = NULL((void *)0); }
7205break;
7206case 234:
7207#line 2516 "/usr/src/sbin/pfctl/parse.y"
7208{ yyval.v.os = yyvsp[0].v.os; }
7209break;
7210case 235:
7211#line 2517 "/usr/src/sbin/pfctl/parse.y"
7212{ yyval.v.os = yyvsp[-1].v.os; }
7213break;
7214case 236:
7215#line 2520 "/usr/src/sbin/pfctl/parse.y"
7216{
7217 yyval.v.os = calloc(1, sizeof(struct node_os));
7218 if (yyval.v.os == NULL((void *)0))
7219 err(1, "os: calloc");
7220 yyval.v.os->os = yyvsp[0].v.string;
7221 yyval.v.os->tail = yyval.v.os;
7222 }
7223break;
7224case 237:
7225#line 2529 "/usr/src/sbin/pfctl/parse.y"
7226{ yyval.v.os = yyvsp[-1].v.os; }
7227break;
7228case 238:
7229#line 2530 "/usr/src/sbin/pfctl/parse.y"
7230{
7231 yyvsp[-3].v.os->tail->next = yyvsp[-1].v.os;
7232 yyvsp[-3].v.os->tail = yyvsp[-1].v.os;
7233 yyval.v.os = yyvsp[-3].v.os;
7234 }
7235break;
7236case 239:
7237#line 2537 "/usr/src/sbin/pfctl/parse.y"
7238{
7239 yyval.v.peer.host = NULL((void *)0);
7240 yyval.v.peer.port = NULL((void *)0);
7241 }
7242break;
7243case 240:
7244#line 2541 "/usr/src/sbin/pfctl/parse.y"
7245{
7246 yyval.v.peer = yyvsp[0].v.peer;
7247 }
7248break;
7249case 241:
7250#line 2546 "/usr/src/sbin/pfctl/parse.y"
7251{
7252 yyval.v.peer.host = NULL((void *)0);
7253 yyval.v.peer.port = NULL((void *)0);
7254 }
7255break;
7256case 242:
7257#line 2550 "/usr/src/sbin/pfctl/parse.y"
7258{
7259 if (disallow_urpf_failed(yyvsp[0].v.peer.host, "\"urpf-failed\" is "
7260 "not permitted in a destination address"))
7261 YYERRORgoto yyerrlab;
7262 yyval.v.peer = yyvsp[0].v.peer;
7263 }
7264break;
7265case 243:
7266#line 2558 "/usr/src/sbin/pfctl/parse.y"
7267{
7268 yyval.v.peer.host = yyvsp[0].v.host;
7269 yyval.v.peer.port = NULL((void *)0);
7270 }
7271break;
7272case 244:
7273#line 2562 "/usr/src/sbin/pfctl/parse.y"
7274{
7275 yyval.v.peer.host = yyvsp[-2].v.host;
7276 yyval.v.peer.port = yyvsp[0].v.port;
7277 }
7278break;
7279case 245:
7280#line 2566 "/usr/src/sbin/pfctl/parse.y"
7281{
7282 yyval.v.peer.host = NULL((void *)0);
7283 yyval.v.peer.port = yyvsp[0].v.port;
7284 }
7285break;
7286case 248:
7287#line 2576 "/usr/src/sbin/pfctl/parse.y"
7288{ yyval.v.host = NULL((void *)0); }
7289break;
7290case 249:
7291#line 2577 "/usr/src/sbin/pfctl/parse.y"
7292{ yyval.v.host = yyvsp[0].v.host; }
7293break;
7294case 250:
7295#line 2578 "/usr/src/sbin/pfctl/parse.y"
7296{ yyval.v.host = yyvsp[-1].v.host; }
7297break;
7298case 251:
7299#line 2582 "/usr/src/sbin/pfctl/parse.y"
7300{ yyval.v.host = yyvsp[-1].v.host; }
7301break;
7302case 252:
7303#line 2583 "/usr/src/sbin/pfctl/parse.y"
7304{
7305 if (yyvsp[-3].v.host == NULL((void *)0)) {
7306 freehostlist(yyvsp[-1].v.host);
7307 yyval.v.host = yyvsp[-3].v.host;
7308 } else if (yyvsp[-1].v.host == NULL((void *)0)) {
7309 freehostlist(yyvsp[-3].v.host);
7310 yyval.v.host = yyvsp[-1].v.host;
7311 } else {
7312 yyvsp[-3].v.host->tail->next = yyvsp[-1].v.host;
7313 yyvsp[-3].v.host->tail = yyvsp[-1].v.host->tail;
7314 yyval.v.host = yyvsp[-3].v.host;
7315 }
7316 }
7317break;
7318case 253:
7319#line 2598 "/usr/src/sbin/pfctl/parse.y"
7320{
7321 struct node_host *n;
7322
7323 for (n = yyvsp[0].v.host; n != NULL((void *)0); n = n->next)
7324 n->not = yyvsp[-1].v.number;
7325 yyval.v.host = yyvsp[0].v.host;
7326 }
7327break;
7328case 254:
7329#line 2605 "/usr/src/sbin/pfctl/parse.y"
7330{
7331 yyval.v.host = calloc(1, sizeof(struct node_host));
7332 if (yyval.v.host == NULL((void *)0))
7333 err(1, "xhost: calloc");
7334 yyval.v.host->addr.type = PF_ADDR_NOROUTE;
7335 yyval.v.host->next = NULL((void *)0);
7336 yyval.v.host->not = yyvsp[-1].v.number;
7337 yyval.v.host->tail = yyval.v.host;
7338 }
7339break;
7340case 255:
7341#line 2614 "/usr/src/sbin/pfctl/parse.y"
7342{
7343 yyval.v.host = calloc(1, sizeof(struct node_host));
7344 if (yyval.v.host == NULL((void *)0))
7345 err(1, "xhost: calloc");
7346 yyval.v.host->addr.type = PF_ADDR_URPFFAILED;
7347 yyval.v.host->next = NULL((void *)0);
7348 yyval.v.host->not = yyvsp[-1].v.number;
7349 yyval.v.host->tail = yyval.v.host;
7350 }
7351break;
7352case 256:
7353#line 2625 "/usr/src/sbin/pfctl/parse.y"
7354{
7355 if (yyvsp[0].v.number < 1 || yyvsp[0].v.number > USHRT_MAX(32767 *2 +1)) {
7356 yyerror("weight out of range");
7357 YYERRORgoto yyerrlab;
7358 }
7359 yyval.v.weight = yyvsp[0].v.number;
7360 }
7361break;
7362case 257:
7363#line 2632 "/usr/src/sbin/pfctl/parse.y"
7364{ yyval.v.weight = 0; }
7365break;
7366case 258:
7367#line 2635 "/usr/src/sbin/pfctl/parse.y"
7368{
7369 if ((yyval.v.host = host(yyvsp[0].v.string, pf->opts)) == NULL((void *)0)) {
7370 /* error. "any" is handled elsewhere */
7371 free(yyvsp[0].v.string);
7372 yyerror("could not parse host specification");
7373 YYERRORgoto yyerrlab;
7374 }
7375 free(yyvsp[0].v.string);
7376
7377 }
7378break;
7379case 259:
7380#line 2645 "/usr/src/sbin/pfctl/parse.y"
7381{
7382 struct node_host *b, *e;
7383
7384 if ((b = host(yyvsp[-2].v.string, pf->opts)) == NULL((void *)0) ||
7385 (e = host(yyvsp[0].v.string, pf->opts)) == NULL((void *)0)) {
7386 free(yyvsp[-2].v.string);
7387 free(yyvsp[0].v.string);
7388 yyerror("could not parse host specification");
7389 YYERRORgoto yyerrlab;
7390 }
7391 if (b->af != e->af ||
7392 b->addr.type != PF_ADDR_ADDRMASK ||
7393 e->addr.type != PF_ADDR_ADDRMASK ||
7394 unmask(&b->addr.v.a.mask) !=
7395 (b->af == AF_INET2 ? 32 : 128) ||
7396 unmask(&e->addr.v.a.mask) !=
7397 (e->af == AF_INET2 ? 32 : 128) ||
7398 b->next != NULL((void *)0) || b->not ||
7399 e->next != NULL((void *)0) || e->not) {
7400 free(b);
7401 free(e);
7402 free(yyvsp[-2].v.string);
7403 free(yyvsp[0].v.string);
7404 yyerror("invalid address range");
7405 YYERRORgoto yyerrlab;
7406 }
7407 memcpy(&b->addr.v.a.mask, &e->addr.v.a.addr,
7408 sizeof(b->addr.v.a.mask));
7409 b->addr.type = PF_ADDR_RANGE;
7410 yyval.v.host = b;
7411 free(e);
7412 free(yyvsp[-2].v.string);
7413 free(yyvsp[0].v.string);
7414 }
7415break;
7416case 260:
7417#line 2679 "/usr/src/sbin/pfctl/parse.y"
7418{
7419 char *buf;
7420
7421 if (asprintf(&buf, "%s/%lld", yyvsp[-2].v.string, yyvsp[0].v.number) == -1)
7422 err(1, "host: asprintf");
7423 free(yyvsp[-2].v.string);
7424 if ((yyval.v.host = host(buf, pf->opts)) == NULL((void *)0)) {
7425 /* error. "any" is handled elsewhere */
7426 free(buf);
7427 yyerror("could not parse host specification");
7428 YYERRORgoto yyerrlab;
7429 }
7430 free(buf);
7431 }
7432break;
7433case 261:
7434#line 2693 "/usr/src/sbin/pfctl/parse.y"
7435{
7436 char *buf;
7437
7438 /* ie. for 10/8 parsing */
7439 if (asprintf(&buf, "%lld/%lld", yyvsp[-2].v.number, yyvsp[0].v.number) == -1)
7440 err(1, "host: asprintf");
7441 if ((yyval.v.host = host(buf, pf->opts)) == NULL((void *)0)) {
7442 /* error. "any" is handled elsewhere */
7443 free(buf);
7444 yyerror("could not parse host specification");
7445 YYERRORgoto yyerrlab;
7446 }
7447 free(buf);
7448 }
7449break;
7450case 263:
7451#line 2708 "/usr/src/sbin/pfctl/parse.y"
7452{
7453 struct node_host *n;
7454
7455 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 128) {
7456 yyerror("bit number too big");
7457 YYERRORgoto yyerrlab;
7458 }
7459 yyval.v.host = yyvsp[-2].v.host;
7460 for (n = yyvsp[-2].v.host; n != NULL((void *)0); n = n->next)
7461 set_ipmask(n, yyvsp[0].v.number);
7462 }
7463break;
7464case 264:
7465#line 2719 "/usr/src/sbin/pfctl/parse.y"
7466{
7467 if (strlen(yyvsp[-1].v.string) >= PF_TABLE_NAME_SIZE32) {
7468 yyerror("table name '%s' too long", yyvsp[-1].v.string);
7469 free(yyvsp[-1].v.string);
7470 YYERRORgoto yyerrlab;
7471 }
7472 yyval.v.host = calloc(1, sizeof(struct node_host));
7473 if (yyval.v.host == NULL((void *)0))
7474 err(1, "host: calloc");
7475 yyval.v.host->addr.type = PF_ADDR_TABLE;
7476 if (strlcpy(yyval.v.host->addr.v.tblname, yyvsp[-1].v.string,
7477 sizeof(yyval.v.host->addr.v.tblname)) >=
7478 sizeof(yyval.v.host->addr.v.tblname))
7479 errx(1, "host: strlcpy");
7480 free(yyvsp[-1].v.string);
7481 yyval.v.host->next = NULL((void *)0);
7482 yyval.v.host->tail = yyval.v.host;
7483 }
7484break;
7485case 265:
7486#line 2737 "/usr/src/sbin/pfctl/parse.y"
7487{
7488 yyval.v.host = calloc(1, sizeof(struct node_host));
7489 if (yyval.v.host == NULL((void *)0)) {
7490 free(yyvsp[0].v.string);
7491 err(1, "host: calloc");
7492 }
7493 yyval.v.host->addr.type = PF_ADDR_RTLABEL;
7494 if (strlcpy(yyval.v.host->addr.v.rtlabelname, yyvsp[0].v.string,
7495 sizeof(yyval.v.host->addr.v.rtlabelname)) >=
7496 sizeof(yyval.v.host->addr.v.rtlabelname)) {
7497 yyerror("route label too long, max %zu chars",
7498 sizeof(yyval.v.host->addr.v.rtlabelname) - 1);
7499 free(yyvsp[0].v.string);
7500 free(yyval.v.host);
7501 YYERRORgoto yyerrlab;
7502 }
7503 yyval.v.host->next = NULL((void *)0);
7504 yyval.v.host->tail = yyval.v.host;
7505 free(yyvsp[0].v.string);
7506 }
7507break;
7508case 267:
7509#line 2760 "/usr/src/sbin/pfctl/parse.y"
7510{
7511 u_long ulval;
7512
7513 if (atoul(yyvsp[0].v.string, &ulval) == -1) {
7514 yyerror("%s is not a number", yyvsp[0].v.string);
7515 free(yyvsp[0].v.string);
7516 YYERRORgoto yyerrlab;
7517 } else
7518 yyval.v.number = ulval;
7519 free(yyvsp[0].v.string);
7520 }
7521break;
7522case 268:
7523#line 2773 "/usr/src/sbin/pfctl/parse.y"
7524{
7525 int flags = 0;
7526 char *p, *op;
7527
7528 op = yyvsp[-1].v.string;
7529 if (!isalpha((unsigned char)op[0])) {
7530 yyerror("invalid interface name '%s'", op);
7531 free(op);
7532 YYERRORgoto yyerrlab;
7533 }
7534 while ((p = strrchr(yyvsp[-1].v.string, ':')) != NULL((void *)0)) {
7535 if (!strcmp(p+1, "network"))
7536 flags |= PFI_AFLAG_NETWORK0x01;
7537 else if (!strcmp(p+1, "broadcast"))
7538 flags |= PFI_AFLAG_BROADCAST0x02;
7539 else if (!strcmp(p+1, "peer"))
7540 flags |= PFI_AFLAG_PEER0x04;
7541 else if (!strcmp(p+1, "0"))
7542 flags |= PFI_AFLAG_NOALIAS0x08;
7543 else {
7544 yyerror("interface %s has bad modifier",
7545 yyvsp[-1].v.string);
7546 free(op);
7547 YYERRORgoto yyerrlab;
7548 }
7549 *p = '\0';
7550 }
7551 if (flags & (flags - 1) & PFI_AFLAG_MODEMASK0x07) {
7552 free(op);
7553 yyerror("illegal combination of "
7554 "interface modifiers");
7555 YYERRORgoto yyerrlab;
7556 }
7557 yyval.v.host = calloc(1, sizeof(struct node_host));
7558 if (yyval.v.host == NULL((void *)0))
7559 err(1, "address: calloc");
7560 yyval.v.host->af = 0;
7561 set_ipmask(yyval.v.host, 128);
7562 yyval.v.host->addr.type = PF_ADDR_DYNIFTL;
7563 yyval.v.host->addr.iflags = flags;
7564 if (strlcpy(yyval.v.host->addr.v.ifname, yyvsp[-1].v.string,
7565 sizeof(yyval.v.host->addr.v.ifname)) >=
7566 sizeof(yyval.v.host->addr.v.ifname)) {
7567 free(op);
7568 free(yyval.v.host);
7569 yyerror("interface name too long");
7570 YYERRORgoto yyerrlab;
7571 }
7572 free(op);
7573 yyval.v.host->next = NULL((void *)0);
7574 yyval.v.host->tail = yyval.v.host;
7575 }
7576break;
7577case 269:
7578#line 2827 "/usr/src/sbin/pfctl/parse.y"
7579{ yyval.v.port = yyvsp[0].v.port; }
7580break;
7581case 270:
7582#line 2828 "/usr/src/sbin/pfctl/parse.y"
7583{ yyval.v.port = yyvsp[-1].v.port; }
7584break;
7585case 271:
7586#line 2831 "/usr/src/sbin/pfctl/parse.y"
7587{ yyval.v.port = yyvsp[-1].v.port; }
7588break;
7589case 272:
7590#line 2832 "/usr/src/sbin/pfctl/parse.y"
7591{
7592 yyvsp[-3].v.port->tail->next = yyvsp[-1].v.port;
7593 yyvsp[-3].v.port->tail = yyvsp[-1].v.port;
7594 yyval.v.port = yyvsp[-3].v.port;
7595 }
7596break;
7597case 273:
7598#line 2839 "/usr/src/sbin/pfctl/parse.y"
7599{
7600 yyval.v.port = calloc(1, sizeof(struct node_port));
7601 if (yyval.v.port == NULL((void *)0))
7602 err(1, "port_item: calloc");
7603 yyval.v.port->port[0] = yyvsp[0].v.range.a;
7604 yyval.v.port->port[1] = yyvsp[0].v.range.b;
7605 if (yyvsp[0].v.range.t) {
7606 yyval.v.port->op = PF_OP_RRG;
7607
7608 if (validate_range(yyval.v.port->op, yyval.v.port->port[0],
7609 yyval.v.port->port[1])) {
7610 yyerror("invalid port range");
7611 YYERRORgoto yyerrlab;
7612 }
7613 } else
7614 yyval.v.port->op = PF_OP_EQ;
7615 yyval.v.port->next = NULL((void *)0);
7616 yyval.v.port->tail = yyval.v.port;
7617 }
7618break;
7619case 274:
7620#line 2858 "/usr/src/sbin/pfctl/parse.y"
7621{
7622 if (yyvsp[0].v.range.t) {
7623 yyerror("':' cannot be used with an other "
7624 "port operator");
7625 YYERRORgoto yyerrlab;
7626 }
7627 yyval.v.port = calloc(1, sizeof(struct node_port));
7628 if (yyval.v.port == NULL((void *)0))
7629 err(1, "port_item: calloc");
7630 yyval.v.port->port[0] = yyvsp[0].v.range.a;
7631 yyval.v.port->port[1] = yyvsp[0].v.range.b;
7632 yyval.v.port->op = yyvsp[-1].v.i;
7633 yyval.v.port->next = NULL((void *)0);
7634 yyval.v.port->tail = yyval.v.port;
7635 }
7636break;
7637case 275:
7638#line 2873 "/usr/src/sbin/pfctl/parse.y"
7639{
7640 if (yyvsp[-2].v.range.t || yyvsp[0].v.range.t) {
7641 yyerror("':' cannot be used with an other "
7642 "port operator");
7643 YYERRORgoto yyerrlab;
7644 }
7645 yyval.v.port = calloc(1, sizeof(struct node_port));
7646 if (yyval.v.port == NULL((void *)0))
7647 err(1, "port_item: calloc");
7648 yyval.v.port->port[0] = yyvsp[-2].v.range.a;
7649 yyval.v.port->port[1] = yyvsp[0].v.range.a;
7650 yyval.v.port->op = yyvsp[-1].v.i;
7651 if (validate_range(yyval.v.port->op, yyval.v.port->port[0], yyval.v.port->port[1])) {
7652 yyerror("invalid port range");
7653 YYERRORgoto yyerrlab;
7654 }
7655 yyval.v.port->next = NULL((void *)0);
7656 yyval.v.port->tail = yyval.v.port;
7657 }
7658break;
7659case 276:
7660#line 2894 "/usr/src/sbin/pfctl/parse.y"
7661{
7662 if (parseport(yyvsp[0].v.string, &yyval.v.range, 0) == -1) {
7663 free(yyvsp[0].v.string);
7664 YYERRORgoto yyerrlab;
7665 }
7666 free(yyvsp[0].v.string);
7667 }
7668break;
7669case 277:
7670#line 2903 "/usr/src/sbin/pfctl/parse.y"
7671{
7672 if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE1) == -1) {
7673 free(yyvsp[0].v.string);
7674 YYERRORgoto yyerrlab;
7675 }
7676 free(yyvsp[0].v.string);
7677 }
7678break;
7679case 278:
7680#line 2912 "/usr/src/sbin/pfctl/parse.y"
7681{ yyval.v.uid = yyvsp[0].v.uid; }
7682break;
7683case 279:
7684#line 2913 "/usr/src/sbin/pfctl/parse.y"
7685{ yyval.v.uid = yyvsp[-1].v.uid; }
7686break;
7687case 280:
7688#line 2916 "/usr/src/sbin/pfctl/parse.y"
7689{ yyval.v.uid = yyvsp[-1].v.uid; }
7690break;
7691case 281:
7692#line 2917 "/usr/src/sbin/pfctl/parse.y"
7693{
7694 yyvsp[-3].v.uid->tail->next = yyvsp[-1].v.uid;
7695 yyvsp[-3].v.uid->tail = yyvsp[-1].v.uid;
7696 yyval.v.uid = yyvsp[-3].v.uid;
7697 }
7698break;
7699case 282:
7700#line 2924 "/usr/src/sbin/pfctl/parse.y"
7701{
7702 yyval.v.uid = calloc(1, sizeof(struct node_uid));
7703 if (yyval.v.uid == NULL((void *)0))
7704 err(1, "uid_item: calloc");
7705 yyval.v.uid->uid[0] = yyvsp[0].v.number;
7706 yyval.v.uid->uid[1] = yyvsp[0].v.number;
7707 yyval.v.uid->op = PF_OP_EQ;
7708 yyval.v.uid->next = NULL((void *)0);
7709 yyval.v.uid->tail = yyval.v.uid;
7710 }
7711break;
7712case 283:
7713#line 2934 "/usr/src/sbin/pfctl/parse.y"
7714{
7715 if (yyvsp[0].v.number == -1 && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) {
7716 yyerror("user unknown requires operator = or "
7717 "!=");
7718 YYERRORgoto yyerrlab;
7719 }
7720 yyval.v.uid = calloc(1, sizeof(struct node_uid));
7721 if (yyval.v.uid == NULL((void *)0))
7722 err(1, "uid_item: calloc");
7723 yyval.v.uid->uid[0] = yyvsp[0].v.number;
7724 yyval.v.uid->uid[1] = yyvsp[0].v.number;
7725 yyval.v.uid->op = yyvsp[-1].v.i;
7726 yyval.v.uid->next = NULL((void *)0);
7727 yyval.v.uid->tail = yyval.v.uid;
7728 }
7729break;
7730case 284:
7731#line 2949 "/usr/src/sbin/pfctl/parse.y"
7732{
7733 if (yyvsp[-2].v.number == -1 || yyvsp[0].v.number == -1) {
7734 yyerror("user unknown requires operator = or "
7735 "!=");
7736 YYERRORgoto yyerrlab;
7737 }
7738 yyval.v.uid = calloc(1, sizeof(struct node_uid));
7739 if (yyval.v.uid == NULL((void *)0))
7740 err(1, "uid_item: calloc");
7741 yyval.v.uid->uid[0] = yyvsp[-2].v.number;
7742 yyval.v.uid->uid[1] = yyvsp[0].v.number;
7743 yyval.v.uid->op = yyvsp[-1].v.i;
7744 yyval.v.uid->next = NULL((void *)0);
7745 yyval.v.uid->tail = yyval.v.uid;
7746 }
7747break;
7748case 285:
7749#line 2966 "/usr/src/sbin/pfctl/parse.y"
7750{
7751 if (!strcmp(yyvsp[0].v.string, "unknown"))
26
Null pointer passed as 1st argument to string comparison function
7752 yyval.v.number = -1;
7753 else {
7754 uid_t uid;
7755
7756 if (uid_from_user(yyvsp[0].v.string, &uid) == -1) {
7757 yyerror("unknown user %s", yyvsp[0].v.string);
7758 free(yyvsp[0].v.string);
7759 YYERRORgoto yyerrlab;
7760 }
7761 yyval.v.number = uid;
7762 }
7763 free(yyvsp[0].v.string);
7764 }
7765break;
7766case 286:
7767#line 2981 "/usr/src/sbin/pfctl/parse.y"
7768{
7769 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= UID_MAX(2147483647 *2U +1U)) {
7770 yyerror("illegal uid value %lld", yyvsp[0].v.number);
7771 YYERRORgoto yyerrlab;
7772 }
7773 yyval.v.number = yyvsp[0].v.number;
7774 }
7775break;
7776case 287:
7777#line 2990 "/usr/src/sbin/pfctl/parse.y"
7778{ yyval.v.gid = yyvsp[0].v.gid; }
7779break;
7780case 288:
7781#line 2991 "/usr/src/sbin/pfctl/parse.y"
7782{ yyval.v.gid = yyvsp[-1].v.gid; }
7783break;
7784case 289:
7785#line 2994 "/usr/src/sbin/pfctl/parse.y"
7786{ yyval.v.gid = yyvsp[-1].v.gid; }
7787break;
7788case 290:
7789#line 2995 "/usr/src/sbin/pfctl/parse.y"
7790{
7791 yyvsp[-3].v.gid->tail->next = yyvsp[-1].v.gid;
7792 yyvsp[-3].v.gid->tail = yyvsp[-1].v.gid;
7793 yyval.v.gid = yyvsp[-3].v.gid;
7794 }
7795break;
7796case 291:
7797#line 3002 "/usr/src/sbin/pfctl/parse.y"
7798{
7799 yyval.v.gid = calloc(1, sizeof(struct node_gid));
7800 if (yyval.v.gid == NULL((void *)0))
7801 err(1, "gid_item: calloc");
7802 yyval.v.gid->gid[0] = yyvsp[0].v.number;
7803 yyval.v.gid->gid[1] = yyvsp[0].v.number;
7804 yyval.v.gid->op = PF_OP_EQ;
7805 yyval.v.gid->next = NULL((void *)0);
7806 yyval.v.gid->tail = yyval.v.gid;
7807 }
7808break;
7809case 292:
7810#line 3012 "/usr/src/sbin/pfctl/parse.y"
7811{
7812 if (yyvsp[0].v.number == -1 && yyvsp[-1].v.i != PF_OP_EQ && yyvsp[-1].v.i != PF_OP_NE) {
7813 yyerror("group unknown requires operator = or "
7814 "!=");
7815 YYERRORgoto yyerrlab;
7816 }
7817 yyval.v.gid = calloc(1, sizeof(struct node_gid));
7818 if (yyval.v.gid == NULL((void *)0))
7819 err(1, "gid_item: calloc");
7820 yyval.v.gid->gid[0] = yyvsp[0].v.number;
7821 yyval.v.gid->gid[1] = yyvsp[0].v.number;
7822 yyval.v.gid->op = yyvsp[-1].v.i;
7823 yyval.v.gid->next = NULL((void *)0);
7824 yyval.v.gid->tail = yyval.v.gid;
7825 }
7826break;
7827case 293:
7828#line 3027 "/usr/src/sbin/pfctl/parse.y"
7829{
7830 if (yyvsp[-2].v.number == -1 || yyvsp[0].v.number == -1) {
7831 yyerror("group unknown requires operator = or "
7832 "!=");
7833 YYERRORgoto yyerrlab;
7834 }
7835 yyval.v.gid = calloc(1, sizeof(struct node_gid));
7836 if (yyval.v.gid == NULL((void *)0))
7837 err(1, "gid_item: calloc");
7838 yyval.v.gid->gid[0] = yyvsp[-2].v.number;
7839 yyval.v.gid->gid[1] = yyvsp[0].v.number;
7840 yyval.v.gid->op = yyvsp[-1].v.i;
7841 yyval.v.gid->next = NULL((void *)0);
7842 yyval.v.gid->tail = yyval.v.gid;
7843 }
7844break;
7845case 294:
7846#line 3044 "/usr/src/sbin/pfctl/parse.y"
7847{
7848 if (!strcmp(yyvsp[0].v.string, "unknown"))
7849 yyval.v.number = -1;
7850 else {
7851 gid_t gid;
7852
7853 if (gid_from_group(yyvsp[0].v.string, &gid) == -1) {
7854 yyerror("unknown group %s", yyvsp[0].v.string);
7855 free(yyvsp[0].v.string);
7856 YYERRORgoto yyerrlab;
7857 }
7858 yyval.v.number = gid;
7859 }
7860 free(yyvsp[0].v.string);
7861 }
7862break;
7863case 295:
7864#line 3059 "/usr/src/sbin/pfctl/parse.y"
7865{
7866 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number >= GID_MAX(2147483647 *2U +1U)) {
7867 yyerror("illegal gid value %lld", yyvsp[0].v.number);
7868 YYERRORgoto yyerrlab;
7869 }
7870 yyval.v.number = yyvsp[0].v.number;
7871 }
7872break;
7873case 296:
7874#line 3068 "/usr/src/sbin/pfctl/parse.y"
7875{
7876 int f;
7877
7878 if ((f = parse_flags(yyvsp[0].v.string)) < 0) {
7879 yyerror("bad flags %s", yyvsp[0].v.string);
7880 free(yyvsp[0].v.string);
7881 YYERRORgoto yyerrlab;
7882 }
7883 free(yyvsp[0].v.string);
7884 yyval.v.b.b1 = f;
7885 }
7886break;
7887case 297:
7888#line 3081 "/usr/src/sbin/pfctl/parse.y"
7889{ yyval.v.b.b1 = yyvsp[-2].v.b.b1; yyval.v.b.b2 = yyvsp[0].v.b.b1; }
7890break;
7891case 298:
7892#line 3082 "/usr/src/sbin/pfctl/parse.y"
7893{ yyval.v.b.b1 = 0; yyval.v.b.b2 = yyvsp[0].v.b.b1; }
7894break;
7895case 299:
7896#line 3083 "/usr/src/sbin/pfctl/parse.y"
7897{ yyval.v.b.b1 = 0; yyval.v.b.b2 = 0; }
7898break;
7899case 300:
7900#line 3086 "/usr/src/sbin/pfctl/parse.y"
7901{ yyval.v.icmp = yyvsp[0].v.icmp; }
7902break;
7903case 301:
7904#line 3087 "/usr/src/sbin/pfctl/parse.y"
7905{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7906break;
7907case 302:
7908#line 3088 "/usr/src/sbin/pfctl/parse.y"
7909{ yyval.v.icmp = yyvsp[0].v.icmp; }
7910break;
7911case 303:
7912#line 3089 "/usr/src/sbin/pfctl/parse.y"
7913{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7914break;
7915case 304:
7916#line 3092 "/usr/src/sbin/pfctl/parse.y"
7917{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7918break;
7919case 305:
7920#line 3093 "/usr/src/sbin/pfctl/parse.y"
7921{
7922 yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp;
7923 yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp;
7924 yyval.v.icmp = yyvsp[-3].v.icmp;
7925 }
7926break;
7927case 306:
7928#line 3100 "/usr/src/sbin/pfctl/parse.y"
7929{ yyval.v.icmp = yyvsp[-1].v.icmp; }
7930break;
7931case 307:
7932#line 3101 "/usr/src/sbin/pfctl/parse.y"
7933{
7934 yyvsp[-3].v.icmp->tail->next = yyvsp[-1].v.icmp;
7935 yyvsp[-3].v.icmp->tail = yyvsp[-1].v.icmp;
7936 yyval.v.icmp = yyvsp[-3].v.icmp;
7937 }
7938break;
7939case 308:
7940#line 3108 "/usr/src/sbin/pfctl/parse.y"
7941{
7942 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7943 if (yyval.v.icmp == NULL((void *)0))
7944 err(1, "icmp_item: calloc");
7945 yyval.v.icmp->type = yyvsp[0].v.number;
7946 yyval.v.icmp->code = 0;
7947 yyval.v.icmp->proto = IPPROTO_ICMP1;
7948 yyval.v.icmp->next = NULL((void *)0);
7949 yyval.v.icmp->tail = yyval.v.icmp;
7950 }
7951break;
7952case 309:
7953#line 3118 "/usr/src/sbin/pfctl/parse.y"
7954{
7955 const struct icmpcodeent *p;
7956
7957 if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET2)) == NULL((void *)0)) {
7958 yyerror("unknown icmp-code %s", yyvsp[0].v.string);
7959 free(yyvsp[0].v.string);
7960 YYERRORgoto yyerrlab;
7961 }
7962
7963 free(yyvsp[0].v.string);
7964 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7965 if (yyval.v.icmp == NULL((void *)0))
7966 err(1, "icmp_item: calloc");
7967 yyval.v.icmp->type = yyvsp[-2].v.number;
7968 yyval.v.icmp->code = p->code + 1;
7969 yyval.v.icmp->proto = IPPROTO_ICMP1;
7970 yyval.v.icmp->next = NULL((void *)0);
7971 yyval.v.icmp->tail = yyval.v.icmp;
7972 }
7973break;
7974case 310:
7975#line 3137 "/usr/src/sbin/pfctl/parse.y"
7976{
7977 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
7978 yyerror("illegal icmp-code %lld", yyvsp[0].v.number);
7979 YYERRORgoto yyerrlab;
7980 }
7981 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7982 if (yyval.v.icmp == NULL((void *)0))
7983 err(1, "icmp_item: calloc");
7984 yyval.v.icmp->type = yyvsp[-2].v.number;
7985 yyval.v.icmp->code = yyvsp[0].v.number + 1;
7986 yyval.v.icmp->proto = IPPROTO_ICMP1;
7987 yyval.v.icmp->next = NULL((void *)0);
7988 yyval.v.icmp->tail = yyval.v.icmp;
7989 }
7990break;
7991case 311:
7992#line 3153 "/usr/src/sbin/pfctl/parse.y"
7993{
7994 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
7995 if (yyval.v.icmp == NULL((void *)0))
7996 err(1, "icmp_item: calloc");
7997 yyval.v.icmp->type = yyvsp[0].v.number;
7998 yyval.v.icmp->code = 0;
7999 yyval.v.icmp->proto = IPPROTO_ICMPV658;
8000 yyval.v.icmp->next = NULL((void *)0);
8001 yyval.v.icmp->tail = yyval.v.icmp;
8002 }
8003break;
8004case 312:
8005#line 3163 "/usr/src/sbin/pfctl/parse.y"
8006{
8007 const struct icmpcodeent *p;
8008
8009 if ((p = geticmpcodebyname(yyvsp[-2].v.number-1, yyvsp[0].v.string, AF_INET624)) == NULL((void *)0)) {
8010 yyerror("unknown icmp6-code %s", yyvsp[0].v.string);
8011 free(yyvsp[0].v.string);
8012 YYERRORgoto yyerrlab;
8013 }
8014 free(yyvsp[0].v.string);
8015
8016 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
8017 if (yyval.v.icmp == NULL((void *)0))
8018 err(1, "icmp_item: calloc");
8019 yyval.v.icmp->type = yyvsp[-2].v.number;
8020 yyval.v.icmp->code = p->code + 1;
8021 yyval.v.icmp->proto = IPPROTO_ICMPV658;
8022 yyval.v.icmp->next = NULL((void *)0);
8023 yyval.v.icmp->tail = yyval.v.icmp;
8024 }
8025break;
8026case 313:
8027#line 3182 "/usr/src/sbin/pfctl/parse.y"
8028{
8029 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
8030 yyerror("illegal icmp-code %lld", yyvsp[0].v.number);
8031 YYERRORgoto yyerrlab;
8032 }
8033 yyval.v.icmp = calloc(1, sizeof(struct node_icmp));
8034 if (yyval.v.icmp == NULL((void *)0))
8035 err(1, "icmp_item: calloc");
8036 yyval.v.icmp->type = yyvsp[-2].v.number;
8037 yyval.v.icmp->code = yyvsp[0].v.number + 1;
8038 yyval.v.icmp->proto = IPPROTO_ICMPV658;
8039 yyval.v.icmp->next = NULL((void *)0);
8040 yyval.v.icmp->tail = yyval.v.icmp;
8041 }
8042break;
8043case 314:
8044#line 3198 "/usr/src/sbin/pfctl/parse.y"
8045{
8046 const struct icmptypeent *p;
8047
8048 if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET2)) == NULL((void *)0)) {
8049 yyerror("unknown icmp-type %s", yyvsp[0].v.string);
8050 free(yyvsp[0].v.string);
8051 YYERRORgoto yyerrlab;
8052 }
8053 yyval.v.number = p->type + 1;
8054 free(yyvsp[0].v.string);
8055 }
8056break;
8057case 315:
8058#line 3209 "/usr/src/sbin/pfctl/parse.y"
8059{
8060 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
8061 yyerror("illegal icmp-type %lld", yyvsp[0].v.number);
8062 YYERRORgoto yyerrlab;
8063 }
8064 yyval.v.number = yyvsp[0].v.number + 1;
8065 }
8066break;
8067case 316:
8068#line 3218 "/usr/src/sbin/pfctl/parse.y"
8069{
8070 const struct icmptypeent *p;
8071
8072 if ((p = geticmptypebyname(yyvsp[0].v.string, AF_INET624)) ==
8073 NULL((void *)0)) {
8074 yyerror("unknown icmp6-type %s", yyvsp[0].v.string);
8075 free(yyvsp[0].v.string);
8076 YYERRORgoto yyerrlab;
8077 }
8078 yyval.v.number = p->type + 1;
8079 free(yyvsp[0].v.string);
8080 }
8081break;
8082case 317:
8083#line 3230 "/usr/src/sbin/pfctl/parse.y"
8084{
8085 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > 255) {
8086 yyerror("illegal icmp6-type %lld", yyvsp[0].v.number);
8087 YYERRORgoto yyerrlab;
8088 }
8089 yyval.v.number = yyvsp[0].v.number + 1;
8090 }
8091break;
8092case 318:
8093#line 3239 "/usr/src/sbin/pfctl/parse.y"
8094{
8095 int val;
8096 char *end;
8097
8098 if (map_tos(yyvsp[0].v.string, &val))
8099 yyval.v.number = val;
8100 else if (yyvsp[0].v.string[0] == '0' && yyvsp[0].v.string[1] == 'x') {
8101 errno(*__errno()) = 0;
8102 yyval.v.number = strtoul(yyvsp[0].v.string, &end, 16);
8103 if (errno(*__errno()) || *end != '\0')
8104 yyval.v.number = 256;
8105 } else
8106 yyval.v.number = 256; /* flag bad argument */
8107 if (yyval.v.number < 0 || yyval.v.number > 255) {
8108 yyerror("illegal tos value %s", yyvsp[0].v.string);
8109 free(yyvsp[0].v.string);
8110 YYERRORgoto yyerrlab;
8111 }
8112 free(yyvsp[0].v.string);
8113 }
8114break;
8115case 319:
8116#line 3259 "/usr/src/sbin/pfctl/parse.y"
8117{
8118 yyval.v.number = yyvsp[0].v.number;
8119 if (yyval.v.number < 0 || yyval.v.number > 255) {
8120 yyerror("illegal tos value %lld", yyvsp[0].v.number);
8121 YYERRORgoto yyerrlab;
8122 }
8123 }
8124break;
8125case 320:
8126#line 3268 "/usr/src/sbin/pfctl/parse.y"
8127{ yyval.v.i = PF_SRCTRACK; }
8128break;
8129case 321:
8130#line 3269 "/usr/src/sbin/pfctl/parse.y"
8131{ yyval.v.i = PF_SRCTRACK_GLOBAL; }
8132break;
8133case 322:
8134#line 3270 "/usr/src/sbin/pfctl/parse.y"
8135{ yyval.v.i = PF_SRCTRACK_RULE; }
8136break;
8137case 323:
8138#line 3273 "/usr/src/sbin/pfctl/parse.y"
8139{
8140 yyval.v.i = PFRULE_IFBOUND0x00010000;
8141 }
8142break;
8143case 324:
8144#line 3276 "/usr/src/sbin/pfctl/parse.y"
8145{
8146 yyval.v.i = 0;
8147 }
8148break;
8149case 325:
8150#line 3281 "/usr/src/sbin/pfctl/parse.y"
8151{
8152 yyval.v.keep_state.action = 0;
8153 yyval.v.keep_state.options = NULL((void *)0);
8154 }
8155break;
8156case 326:
8157#line 3285 "/usr/src/sbin/pfctl/parse.y"
8158{
8159 yyval.v.keep_state.action = PF_STATE_NORMAL0x1;
8160 yyval.v.keep_state.options = yyvsp[0].v.state_opt;
8161 }
8162break;
8163case 327:
8164#line 3289 "/usr/src/sbin/pfctl/parse.y"
8165{
8166 yyval.v.keep_state.action = PF_STATE_MODULATE0x2;
8167 yyval.v.keep_state.options = yyvsp[0].v.state_opt;
8168 }
8169break;
8170case 328:
8171#line 3293 "/usr/src/sbin/pfctl/parse.y"
8172{
8173 yyval.v.keep_state.action = PF_STATE_SYNPROXY0x3;
8174 yyval.v.keep_state.options = yyvsp[0].v.state_opt;
8175 }
8176break;
8177case 329:
8178#line 3299 "/usr/src/sbin/pfctl/parse.y"
8179{ yyval.v.i = 0; }
8180break;
8181case 330:
8182#line 3300 "/usr/src/sbin/pfctl/parse.y"
8183{ yyval.v.i = PF_FLUSH0x01; }
8184break;
8185case 331:
8186#line 3301 "/usr/src/sbin/pfctl/parse.y"
8187{
8188 yyval.v.i = PF_FLUSH0x01 | PF_FLUSH_GLOBAL0x02;
8189 }
8190break;
8191case 332:
8192#line 3306 "/usr/src/sbin/pfctl/parse.y"
8193{ yyval.v.state_opt = yyvsp[-1].v.state_opt; }
8194break;
8195case 333:
8196#line 3307 "/usr/src/sbin/pfctl/parse.y"
8197{ yyval.v.state_opt = NULL((void *)0); }
8198break;
8199case 334:
8200#line 3310 "/usr/src/sbin/pfctl/parse.y"
8201{ yyval.v.state_opt = yyvsp[0].v.state_opt; }
8202break;
8203case 335:
8204#line 3311 "/usr/src/sbin/pfctl/parse.y"
8205{
8206 yyvsp[-2].v.state_opt->tail->next = yyvsp[0].v.state_opt;
8207 yyvsp[-2].v.state_opt->tail = yyvsp[0].v.state_opt;
8208 yyval.v.state_opt = yyvsp[-2].v.state_opt;
8209 }
8210break;
8211case 336:
8212#line 3318 "/usr/src/sbin/pfctl/parse.y"
8213{
8214 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8215 yyerror("only positive values permitted");
8216 YYERRORgoto yyerrlab;
8217 }
8218 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8219 if (yyval.v.state_opt == NULL((void *)0))
8220 err(1, "state_opt_item: calloc");
8221 yyval.v.state_opt->type = PF_STATE_OPT_MAX;
8222 yyval.v.state_opt->data.max_states = yyvsp[0].v.number;
8223 yyval.v.state_opt->next = NULL((void *)0);
8224 yyval.v.state_opt->tail = yyval.v.state_opt;
8225 }
8226break;
8227case 337:
8228#line 3331 "/usr/src/sbin/pfctl/parse.y"
8229{
8230 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8231 if (yyval.v.state_opt == NULL((void *)0))
8232 err(1, "state_opt_item: calloc");
8233 yyval.v.state_opt->type = PF_STATE_OPT_NOSYNC;
8234 yyval.v.state_opt->next = NULL((void *)0);
8235 yyval.v.state_opt->tail = yyval.v.state_opt;
8236 }
8237break;
8238case 338:
8239#line 3339 "/usr/src/sbin/pfctl/parse.y"
8240{
8241 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8242 yyerror("only positive values permitted");
8243 YYERRORgoto yyerrlab;
8244 }
8245 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8246 if (yyval.v.state_opt == NULL((void *)0))
8247 err(1, "state_opt_item: calloc");
8248 yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_STATES;
8249 yyval.v.state_opt->data.max_src_states = yyvsp[0].v.number;
8250 yyval.v.state_opt->next = NULL((void *)0);
8251 yyval.v.state_opt->tail = yyval.v.state_opt;
8252 }
8253break;
8254case 339:
8255#line 3352 "/usr/src/sbin/pfctl/parse.y"
8256{
8257 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8258 yyerror("only positive values permitted");
8259 YYERRORgoto yyerrlab;
8260 }
8261 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8262 if (yyval.v.state_opt == NULL((void *)0))
8263 err(1, "state_opt_item: calloc");
8264 yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN;
8265 yyval.v.state_opt->data.max_src_conn = yyvsp[0].v.number;
8266 yyval.v.state_opt->next = NULL((void *)0);
8267 yyval.v.state_opt->tail = yyval.v.state_opt;
8268 }
8269break;
8270case 340:
8271#line 3365 "/usr/src/sbin/pfctl/parse.y"
8272{
8273 if (yyvsp[-2].v.number < 0 || yyvsp[-2].v.number > UINT_MAX(2147483647 *2U +1U) ||
8274 yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8275 yyerror("only positive values permitted");
8276 YYERRORgoto yyerrlab;
8277 }
8278 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8279 if (yyval.v.state_opt == NULL((void *)0))
8280 err(1, "state_opt_item: calloc");
8281 yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_CONN_RATE;
8282 yyval.v.state_opt->data.max_src_conn_rate.limit = yyvsp[-2].v.number;
8283 yyval.v.state_opt->data.max_src_conn_rate.seconds = yyvsp[0].v.number;
8284 yyval.v.state_opt->next = NULL((void *)0);
8285 yyval.v.state_opt->tail = yyval.v.state_opt;
8286 }
8287break;
8288case 341:
8289#line 3380 "/usr/src/sbin/pfctl/parse.y"
8290{
8291 if (strlen(yyvsp[-2].v.string) >= PF_TABLE_NAME_SIZE32) {
8292 yyerror("table name '%s' too long", yyvsp[-2].v.string);
8293 free(yyvsp[-2].v.string);
8294 YYERRORgoto yyerrlab;
8295 }
8296 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8297 if (yyval.v.state_opt == NULL((void *)0))
8298 err(1, "state_opt_item: calloc");
8299 if (strlcpy(yyval.v.state_opt->data.overload.tblname, yyvsp[-2].v.string,
8300 PF_TABLE_NAME_SIZE32) >= PF_TABLE_NAME_SIZE32)
8301 errx(1, "state_opt_item: strlcpy");
8302 free(yyvsp[-2].v.string);
8303 yyval.v.state_opt->type = PF_STATE_OPT_OVERLOAD;
8304 yyval.v.state_opt->data.overload.flush = yyvsp[0].v.i;
8305 yyval.v.state_opt->next = NULL((void *)0);
8306 yyval.v.state_opt->tail = yyval.v.state_opt;
8307 }
8308break;
8309case 342:
8310#line 3398 "/usr/src/sbin/pfctl/parse.y"
8311{
8312 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8313 yyerror("only positive values permitted");
8314 YYERRORgoto yyerrlab;
8315 }
8316 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8317 if (yyval.v.state_opt == NULL((void *)0))
8318 err(1, "state_opt_item: calloc");
8319 yyval.v.state_opt->type = PF_STATE_OPT_MAX_SRC_NODES;
8320 yyval.v.state_opt->data.max_src_nodes = yyvsp[0].v.number;
8321 yyval.v.state_opt->next = NULL((void *)0);
8322 yyval.v.state_opt->tail = yyval.v.state_opt;
8323 }
8324break;
8325case 343:
8326#line 3411 "/usr/src/sbin/pfctl/parse.y"
8327{
8328 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8329 if (yyval.v.state_opt == NULL((void *)0))
8330 err(1, "state_opt_item: calloc");
8331 yyval.v.state_opt->type = PF_STATE_OPT_SRCTRACK;
8332 yyval.v.state_opt->data.src_track = yyvsp[0].v.i;
8333 yyval.v.state_opt->next = NULL((void *)0);
8334 yyval.v.state_opt->tail = yyval.v.state_opt;
8335 }
8336break;
8337case 344:
8338#line 3420 "/usr/src/sbin/pfctl/parse.y"
8339{
8340 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8341 if (yyval.v.state_opt == NULL((void *)0))
8342 err(1, "state_opt_item: calloc");
8343 yyval.v.state_opt->type = PF_STATE_OPT_STATELOCK;
8344 yyval.v.state_opt->data.statelock = yyvsp[0].v.i;
8345 yyval.v.state_opt->next = NULL((void *)0);
8346 yyval.v.state_opt->tail = yyval.v.state_opt;
8347 }
8348break;
8349case 345:
8350#line 3429 "/usr/src/sbin/pfctl/parse.y"
8351{
8352 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8353 if (yyval.v.state_opt == NULL((void *)0))
8354 err(1, "state_opt_item: calloc");
8355 yyval.v.state_opt->type = PF_STATE_OPT_SLOPPY;
8356 yyval.v.state_opt->next = NULL((void *)0);
8357 yyval.v.state_opt->tail = yyval.v.state_opt;
8358 }
8359break;
8360case 346:
8361#line 3437 "/usr/src/sbin/pfctl/parse.y"
8362{
8363 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8364 if (yyval.v.state_opt == NULL((void *)0))
8365 err(1, "state_opt_item: calloc");
8366 yyval.v.state_opt->type = PF_STATE_OPT_PFLOW;
8367 yyval.v.state_opt->next = NULL((void *)0);
8368 yyval.v.state_opt->tail = yyval.v.state_opt;
8369 }
8370break;
8371case 347:
8372#line 3445 "/usr/src/sbin/pfctl/parse.y"
8373{
8374 int i;
8375
8376 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8377 yyerror("only positive values permitted");
8378 YYERRORgoto yyerrlab;
8379 }
8380 for (i = 0; pf_timeouts[i].name &&
8381 strcmp(pf_timeouts[i].name, yyvsp[-1].v.string); ++i)
8382 ; /* nothing */
8383 if (!pf_timeouts[i].name) {
8384 yyerror("illegal timeout name %s", yyvsp[-1].v.string);
8385 free(yyvsp[-1].v.string);
8386 YYERRORgoto yyerrlab;
8387 }
8388 if (strchr(pf_timeouts[i].name, '.') == NULL((void *)0)) {
8389 yyerror("illegal state timeout %s", yyvsp[-1].v.string);
8390 free(yyvsp[-1].v.string);
8391 YYERRORgoto yyerrlab;
8392 }
8393 free(yyvsp[-1].v.string);
8394 yyval.v.state_opt = calloc(1, sizeof(struct node_state_opt));
8395 if (yyval.v.state_opt == NULL((void *)0))
8396 err(1, "state_opt_item: calloc");
8397 yyval.v.state_opt->type = PF_STATE_OPT_TIMEOUT;
8398 yyval.v.state_opt->data.timeout.number = pf_timeouts[i].timeout;
8399 yyval.v.state_opt->data.timeout.seconds = yyvsp[0].v.number;
8400 yyval.v.state_opt->next = NULL((void *)0);
8401 yyval.v.state_opt->tail = yyval.v.state_opt;
8402 }
8403break;
8404case 348:
8405#line 3477 "/usr/src/sbin/pfctl/parse.y"
8406{
8407 yyval.v.string = yyvsp[0].v.string;
8408 }
8409break;
8410case 349:
8411#line 3482 "/usr/src/sbin/pfctl/parse.y"
8412{
8413 struct pfctl_qsitem *qsi;
8414
8415 if ((qsi = pfctl_find_queue(yyvsp[0].v.string, &qspecs)) == NULL((void *)0)) {
8416 yyerror("queue %s is not defined", yyvsp[0].v.string);
8417 YYERRORgoto yyerrlab;
8418 }
8419 yyval.v.qassign.qname = yyvsp[0].v.string;
8420 yyval.v.qassign.pqname = NULL((void *)0);
8421 }
8422break;
8423case 350:
8424#line 3492 "/usr/src/sbin/pfctl/parse.y"
8425{
8426 struct pfctl_qsitem *qsi;
8427
8428 if ((qsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL((void *)0)) {
8429 yyerror("queue %s is not defined", yyvsp[-1].v.string);
8430 YYERRORgoto yyerrlab;
8431 }
8432 yyval.v.qassign.qname = yyvsp[-1].v.string;
8433 yyval.v.qassign.pqname = NULL((void *)0);
8434 }
8435break;
8436case 351:
8437#line 3502 "/usr/src/sbin/pfctl/parse.y"
8438{
8439 struct pfctl_qsitem *qsi, *pqsi;
8440
8441 if ((qsi = pfctl_find_queue(yyvsp[-3].v.string, &qspecs)) == NULL((void *)0)) {
8442 yyerror("queue %s is not defined", yyvsp[-3].v.string);
8443 YYERRORgoto yyerrlab;
8444 }
8445 if ((pqsi = pfctl_find_queue(yyvsp[-1].v.string, &qspecs)) == NULL((void *)0)) {
8446 yyerror("queue %s is not defined", yyvsp[-1].v.string);
8447 YYERRORgoto yyerrlab;
8448 }
8449 yyval.v.qassign.qname = yyvsp[-3].v.string;
8450 yyval.v.qassign.pqname = yyvsp[-1].v.string;
8451 }
8452break;
8453case 352:
8454#line 3518 "/usr/src/sbin/pfctl/parse.y"
8455{
8456 if (parseport(yyvsp[0].v.string, &yyval.v.range, PPORT_RANGE1|PPORT_STAR2) == -1) {
8457 free(yyvsp[0].v.string);
8458 YYERRORgoto yyerrlab;
8459 }
8460 free(yyvsp[0].v.string);
8461 }
8462break;
8463case 353:
8464#line 3527 "/usr/src/sbin/pfctl/parse.y"
8465{
8466 if (yyvsp[0].v.weight > 0) {
8467 struct node_host *n;
8468 for (n = yyvsp[-1].v.host; n != NULL((void *)0); n = n->next)
8469 n->weight = yyvsp[0].v.weight;
8470 }
8471 yyval.v.host = yyvsp[-1].v.host;
8472 }
8473break;
8474case 354:
8475#line 3535 "/usr/src/sbin/pfctl/parse.y"
8476{ yyval.v.host = yyvsp[-1].v.host; }
8477break;
8478case 355:
8479#line 3538 "/usr/src/sbin/pfctl/parse.y"
8480{
8481 if (yyvsp[-2].v.host->addr.type != PF_ADDR_ADDRMASK) {
8482 free(yyvsp[-2].v.host);
8483 yyerror("only addresses can be listed for "
8484 "redirection pools ");
8485 YYERRORgoto yyerrlab;
8486 }
8487 if (yyvsp[-1].v.weight > 0) {
8488 struct node_host *n;
8489 for (n = yyvsp[-2].v.host; n != NULL((void *)0); n = n->next)
8490 n->weight = yyvsp[-1].v.weight;
8491 }
8492 yyval.v.host = yyvsp[-2].v.host;
8493 }
8494break;
8495case 356:
8496#line 3552 "/usr/src/sbin/pfctl/parse.y"
8497{
8498 yyvsp[-4].v.host->tail->next = yyvsp[-2].v.host;
8499 yyvsp[-4].v.host->tail = yyvsp[-2].v.host->tail;
8500 if (yyvsp[-1].v.weight > 0) {
8501 struct node_host *n;
8502 for (n = yyvsp[-2].v.host; n != NULL((void *)0); n = n->next)
8503 n->weight = yyvsp[-1].v.weight;
8504 }
8505 yyval.v.host = yyvsp[-4].v.host;
8506 }
8507break;
8508case 357:
8509#line 3564 "/usr/src/sbin/pfctl/parse.y"
8510{
8511 yyval.v.redirection = calloc(1, sizeof(struct redirection));
8512 if (yyval.v.redirection == NULL((void *)0))
8513 err(1, "redirection: calloc");
8514 yyval.v.redirection->host = yyvsp[0].v.host;
8515 yyval.v.redirection->rport.a = yyval.v.redirection->rport.b = yyval.v.redirection->rport.t = 0;
8516 }
8517break;
8518case 358:
8519#line 3571 "/usr/src/sbin/pfctl/parse.y"
8520{
8521 yyval.v.redirection = calloc(1, sizeof(struct redirection));
8522 if (yyval.v.redirection == NULL((void *)0))
8523 err(1, "redirection: calloc");
8524 yyval.v.redirection->host = yyvsp[-2].v.host;
8525 yyval.v.redirection->rport = yyvsp[0].v.range;
8526 }
8527break;
8528case 359:
8529#line 3581 "/usr/src/sbin/pfctl/parse.y"
8530{
8531 yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8532 if (yyval.v.hashkey == NULL((void *)0))
8533 err(1, "hashkey: calloc");
8534 yyval.v.hashkey->key32pfk.key32[0] = arc4random();
8535 yyval.v.hashkey->key32pfk.key32[1] = arc4random();
8536 yyval.v.hashkey->key32pfk.key32[2] = arc4random();
8537 yyval.v.hashkey->key32pfk.key32[3] = arc4random();
8538 }
8539break;
8540case 360:
8541#line 3591 "/usr/src/sbin/pfctl/parse.y"
8542{
8543 if (!strncmp(yyvsp[0].v.string, "0x", 2)) {
8544 if (strlen(yyvsp[0].v.string) != 34) {
8545 free(yyvsp[0].v.string);
8546 yyerror("hex key must be 128 bits "
8547 "(32 hex digits) long");
8548 YYERRORgoto yyerrlab;
8549 }
8550 yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8551 if (yyval.v.hashkey == NULL((void *)0))
8552 err(1, "hashkey: calloc");
8553
8554 if (sscanf(yyvsp[0].v.string, "0x%8x%8x%8x%8x",
8555 &yyval.v.hashkey->key32pfk.key32[0], &yyval.v.hashkey->key32pfk.key32[1],
8556 &yyval.v.hashkey->key32pfk.key32[2], &yyval.v.hashkey->key32pfk.key32[3]) != 4) {
8557 free(yyval.v.hashkey);
8558 free(yyvsp[0].v.string);
8559 yyerror("invalid hex key");
8560 YYERRORgoto yyerrlab;
8561 }
8562 } else {
8563 MD5_CTX context;
8564
8565 yyval.v.hashkey = calloc(1, sizeof(struct pf_poolhashkey));
8566 if (yyval.v.hashkey == NULL((void *)0))
8567 err(1, "hashkey: calloc");
8568 MD5Init(&context);
8569 MD5Update(&context, (unsigned char *)yyvsp[0].v.string,
8570 strlen(yyvsp[0].v.string));
8571 MD5Final((unsigned char *)yyval.v.hashkey, &context);
8572 HTONL(yyval.v.hashkey->key32[0])(yyval.v.hashkey->pfk.key32[0]) = (__uint32_t)(__builtin_constant_p
((u_int32_t)(yyval.v.hashkey->pfk.key32[0])) ? (__uint32_t
)(((__uint32_t)((u_int32_t)(yyval.v.hashkey->pfk.key32[0])
) & 0xff) << 24 | ((__uint32_t)((u_int32_t)(yyval.v
.hashkey->pfk.key32[0])) & 0xff00) << 8 | ((__uint32_t
)((u_int32_t)(yyval.v.hashkey->pfk.key32[0])) & 0xff0000
) >> 8 | ((__uint32_t)((u_int32_t)(yyval.v.hashkey->
pfk.key32[0])) & 0xff000000) >> 24) : __swap32md((u_int32_t
)(yyval.v.hashkey->pfk.key32[0])));
8573 HTONL(yyval.v.hashkey->key32[1])(yyval.v.hashkey->pfk.key32[1]) = (__uint32_t)(__builtin_constant_p
((u_int32_t)(yyval.v.hashkey->pfk.key32[1])) ? (__uint32_t
)(((__uint32_t)((u_int32_t)(yyval.v.hashkey->pfk.key32[1])
) & 0xff) << 24 | ((__uint32_t)((u_int32_t)(yyval.v
.hashkey->pfk.key32[1])) & 0xff00) << 8 | ((__uint32_t
)((u_int32_t)(yyval.v.hashkey->pfk.key32[1])) & 0xff0000
) >> 8 | ((__uint32_t)((u_int32_t)(yyval.v.hashkey->
pfk.key32[1])) & 0xff000000) >> 24) : __swap32md((u_int32_t
)(yyval.v.hashkey->pfk.key32[1])));
8574 HTONL(yyval.v.hashkey->key32[2])(yyval.v.hashkey->pfk.key32[2]) = (__uint32_t)(__builtin_constant_p
((u_int32_t)(yyval.v.hashkey->pfk.key32[2])) ? (__uint32_t
)(((__uint32_t)((u_int32_t)(yyval.v.hashkey->pfk.key32[2])
) & 0xff) << 24 | ((__uint32_t)((u_int32_t)(yyval.v
.hashkey->pfk.key32[2])) & 0xff00) << 8 | ((__uint32_t
)((u_int32_t)(yyval.v.hashkey->pfk.key32[2])) & 0xff0000
) >> 8 | ((__uint32_t)((u_int32_t)(yyval.v.hashkey->
pfk.key32[2])) & 0xff000000) >> 24) : __swap32md((u_int32_t
)(yyval.v.hashkey->pfk.key32[2])));
8575 HTONL(yyval.v.hashkey->key32[3])(yyval.v.hashkey->pfk.key32[3]) = (__uint32_t)(__builtin_constant_p
((u_int32_t)(yyval.v.hashkey->pfk.key32[3])) ? (__uint32_t
)(((__uint32_t)((u_int32_t)(yyval.v.hashkey->pfk.key32[3])
) & 0xff) << 24 | ((__uint32_t)((u_int32_t)(yyval.v
.hashkey->pfk.key32[3])) & 0xff00) << 8 | ((__uint32_t
)((u_int32_t)(yyval.v.hashkey->pfk.key32[3])) & 0xff0000
) >> 8 | ((__uint32_t)((u_int32_t)(yyval.v.hashkey->
pfk.key32[3])) & 0xff000000) >> 24) : __swap32md((u_int32_t
)(yyval.v.hashkey->pfk.key32[3])));
8576 }
8577 free(yyvsp[0].v.string);
8578 }
8579break;
8580case 361:
8581#line 3630 "/usr/src/sbin/pfctl/parse.y"
8582{ bzero(&pool_opts, sizeof pool_opts); }
8583break;
8584case 362:
8585#line 3632 "/usr/src/sbin/pfctl/parse.y"
8586{ yyval.v.pool_opts = pool_opts; }
8587break;
8588case 363:
8589#line 3633 "/usr/src/sbin/pfctl/parse.y"
8590{
8591 bzero(&pool_opts, sizeof pool_opts);
8592 yyval.v.pool_opts = pool_opts;
8593 }
8594break;
8595case 366:
8596#line 3643 "/usr/src/sbin/pfctl/parse.y"
8597{
8598 if (pool_opts.type) {
8599 yyerror("pool type cannot be redefined");
8600 YYERRORgoto yyerrlab;
8601 }
8602 pool_opts.type = PF_POOL_BITMASK;
8603 }
8604break;
8605case 367:
8606#line 3650 "/usr/src/sbin/pfctl/parse.y"
8607{
8608 if (pool_opts.type) {
8609 yyerror("pool type cannot be redefined");
8610 YYERRORgoto yyerrlab;
8611 }
8612 pool_opts.type = PF_POOL_RANDOM;
8613 }
8614break;
8615case 368:
8616#line 3657 "/usr/src/sbin/pfctl/parse.y"
8617{
8618 if (pool_opts.type) {
8619 yyerror("pool type cannot be redefined");
8620 YYERRORgoto yyerrlab;
8621 }
8622 pool_opts.type = PF_POOL_SRCHASH;
8623 pool_opts.key = yyvsp[0].v.hashkey;
8624 }
8625break;
8626case 369:
8627#line 3665 "/usr/src/sbin/pfctl/parse.y"
8628{
8629 if (pool_opts.type) {
8630 yyerror("pool type cannot be redefined");
8631 YYERRORgoto yyerrlab;
8632 }
8633 pool_opts.type = PF_POOL_ROUNDROBIN;
8634 }
8635break;
8636case 370:
8637#line 3672 "/usr/src/sbin/pfctl/parse.y"
8638{
8639 if (pool_opts.type) {
8640 yyerror("pool type cannot be redefined");
8641 YYERRORgoto yyerrlab;
8642 }
8643 pool_opts.type = PF_POOL_LEASTSTATES;
8644 }
8645break;
8646case 371:
8647#line 3679 "/usr/src/sbin/pfctl/parse.y"
8648{
8649 if (pool_opts.staticport) {
8650 yyerror("static-port cannot be redefined");
8651 YYERRORgoto yyerrlab;
8652 }
8653 pool_opts.staticport = 1;
8654 }
8655break;
8656case 372:
8657#line 3686 "/usr/src/sbin/pfctl/parse.y"
8658{
8659 if (filter_opts.marker & POM_STICKYADDRESS0x02) {
8660 yyerror("sticky-address cannot be redefined");
8661 YYERRORgoto yyerrlab;
8662 }
8663 pool_opts.marker |= POM_STICKYADDRESS0x02;
8664 pool_opts.opts |= PF_POOL_STICKYADDR0x20;
8665 }
8666break;
8667case 373:
8668#line 3696 "/usr/src/sbin/pfctl/parse.y"
8669{
8670 struct redirection *redir;
8671 if (filter_opts.rt != PF_NOPFROUTE) {
8672 yyerror("cannot respecify "
8673 "route-to/reply-to/dup-to");
8674 YYERRORgoto yyerrlab;
8675 }
8676 redir = calloc(1, sizeof(*redir));
8677 if (redir == NULL((void *)0))
8678 err(1, "routespec calloc");
8679 redir->host = yyvsp[-1].v.host;
8680 filter_opts.rroute.rdr = redir;
8681 memcpy(&filter_opts.rroute.pool_opts, &yyvsp[0].v.pool_opts,
8682 sizeof(filter_opts.rroute.pool_opts));
8683 }
8684break;
8685case 374:
8686#line 3714 "/usr/src/sbin/pfctl/parse.y"
8687{
8688 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8689 yyerror("only positive values permitted");
8690 YYERRORgoto yyerrlab;
8691 }
8692 if (pfctl_set_timeout(pf, yyvsp[-1].v.string, yyvsp[0].v.number, 0) != 0) {
8693 yyerror("unknown timeout %s", yyvsp[-1].v.string);
8694 free(yyvsp[-1].v.string);
8695 YYERRORgoto yyerrlab;
8696 }
8697 free(yyvsp[-1].v.string);
8698 }
8699break;
8700case 377:
8701#line 3733 "/usr/src/sbin/pfctl/parse.y"
8702{
8703 if (yyvsp[0].v.number < 0 || yyvsp[0].v.number > UINT_MAX(2147483647 *2U +1U)) {
8704 yyerror("only positive values permitted");
8705 YYERRORgoto yyerrlab;
8706 }
8707 if (pfctl_set_limit(pf, yyvsp[-1].v.string, yyvsp[0].v.number) != 0) {
8708 yyerror("unable to set limit %s %lld", yyvsp[-1].v.string, yyvsp[0].v.number);
8709 free(yyvsp[-1].v.string);
8710 YYERRORgoto yyerrlab;
8711 }
8712 free(yyvsp[-1].v.string);
8713 }
8714break;
8715case 382:
8716#line 3755 "/usr/src/sbin/pfctl/parse.y"
8717{ yyval.v.number = 0; }
8718break;
8719case 383:
8720#line 3756 "/usr/src/sbin/pfctl/parse.y"
8721{
8722 if (!strcmp(yyvsp[0].v.string, "yes"))
8723 yyval.v.number = 1;
8724 else {
8725 yyerror("invalid value '%s', expected 'yes' "
8726 "or 'no'", yyvsp[0].v.string);
8727 free(yyvsp[0].v.string);
8728 YYERRORgoto yyerrlab;
8729 }
8730 free(yyvsp[0].v.string);
8731 }
8732break;
8733case 384:
8734#line 3769 "/usr/src/sbin/pfctl/parse.y"
8735{ yyval.v.i = PF_OP_EQ; }
8736break;
8737case 385:
8738#line 3770 "/usr/src/sbin/pfctl/parse.y"
8739{ yyval.v.i = PF_OP_NE; }
8740break;
8741case 386:
8742#line 3771 "/usr/src/sbin/pfctl/parse.y"
8743{ yyval.v.i = PF_OP_LE; }
8744break;
8745case 387:
8746#line 3772 "/usr/src/sbin/pfctl/parse.y"
8747{ yyval.v.i = PF_OP_LT; }
8748break;
8749case 388:
8750#line 3773 "/usr/src/sbin/pfctl/parse.y"
8751{ yyval.v.i = PF_OP_GE; }
8752break;
8753case 389:
8754#line 3774 "/usr/src/sbin/pfctl/parse.y"
8755{ yyval.v.i = PF_OP_GT; }
8756break;
8757#line 8750 "parse.c"
8758 }
8759 yyssp -= yym;
8760 yystate = *yyssp;
8761 yyvsp -= yym;
8762 yym = yylhs[yyn];
8763 if (yystate == 0 && yym == 0)
15
Assuming 'yystate' is not equal to 0
8764 {
8765#if YYDEBUG0
8766 if (yydebug)
8767 printf("%sdebug: after reduction, shifting from state 0 to\
8768 state %d\n", YYPREFIX"yy", YYFINAL2);
8769#endif
8770 yystate = YYFINAL2;
8771 *++yyssp = YYFINAL2;
8772 *++yyvsp = yyval;
8773 if (yychar < 0)
8774 {
8775 if ((yychar = yylex()) < 0) yychar = 0;
8776#if YYDEBUG0
8777 if (yydebug)
8778 {
8779 yys = 0;
8780 if (yychar <= YYMAXTOKEN385) yys = yyname[yychar];
8781 if (!yys) yys = "illegal-symbol";
8782 printf("%sdebug: state %d, reading %d (%s)\n",
8783 YYPREFIX"yy", YYFINAL2, yychar, yys);
8784 }
8785#endif
8786 }
8787 if (yychar == 0) goto yyaccept;
8788 goto yyloop;
8789 }
8790 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
16
Assuming 'yyn' is 0
8791 yyn <= YYTABLESIZE5732 && yycheck[yyn] == yystate)
8792 yystate = yytable[yyn];
8793 else
8794 yystate = yydgoto[yym];
8795#if YYDEBUG0
8796 if (yydebug)
8797 printf("%sdebug: after reduction, shifting from state %d \
8798to state %d\n", YYPREFIX"yy", *yyssp, yystate);
8799#endif
8800 if (yyssp >= yysslim && yygrowstack())
17
Assuming 'yyssp' is < 'yysslim'
8801 {
8802 goto yyoverflow;
8803 }
8804 *++yyssp = yystate;
8805 *++yyvsp = yyval;
18
Null pointer value stored to field 'string'
8806 goto yyloop;
19
Control jumps to line 4749
8807yyoverflow:
8808 yyerror("yacc stack overflow");
8809yyabort:
8810 if (yyss)
8811 free(yyss);
8812 if (yyvs)
8813 free(yyvs);
8814 yyss = yyssp = NULL((void *)0);
8815 yyvs = yyvsp = NULL((void *)0);
8816 yystacksize = 0;
8817 return (1);
8818yyaccept:
8819 if (yyss)
8820 free(yyss);
8821 if (yyvs)
8822 free(yyvs);
8823 yyss = yyssp = NULL((void *)0);
8824 yyvs = yyvsp = NULL((void *)0);
8825 yystacksize = 0;
8826 return (0);
8827}