From 0d20e2bb7d4165af1d9c53cad9137b40d684f3ff Mon Sep 17 00:00:00 2001
From: sakane <sakane>
Date: Fri, 7 Dec 2001 03:35:14 +0000
Subject: [PATCH] nuke obsoleted things.

---
 kame/kame/racoon/cfparse.y | 292 +++----------------------------------
 kame/kame/racoon/cftoken.l |  41 +-----
 2 files changed, 23 insertions(+), 310 deletions(-)

diff --git a/kame/kame/racoon/cfparse.y b/kame/kame/racoon/cfparse.y
index cd5ecfd49a..db8eede0bc 100644
--- a/kame/kame/racoon/cfparse.y
+++ b/kame/kame/racoon/cfparse.y
@@ -1,4 +1,4 @@
-/*	$KAME: cfparse.y,v 1.108 2001/09/26 05:30:34 sakane Exp $	*/
+/*	$KAME: cfparse.y,v 1.109 2001/12/07 03:35:14 sakane Exp $	*/
 
 %{
 #include <sys/types.h>
@@ -85,7 +85,6 @@ static int num2dhgroup[] = {
 	OAKLEY_ATTR_GRP_DESC_MODP1536,
 };
 
-static struct policyindex *cur_spidx;
 static struct remoteconf *cur_rmconf;
 static int tmpalgtype[MAXALGCLASS];
 static struct sainfo *cur_sainfo;
@@ -113,7 +112,6 @@ static int fix_lifebyte __P((u_long));
 %union {
 	unsigned long num;
 	vchar_t *val;
-	struct policyindex *spidx;
 	struct remoteconf *rmconf;
 	struct sockaddr *saddr;
 	struct sainfoalg *alg;
@@ -136,10 +134,6 @@ static int fix_lifebyte __P((u_long));
 %token RETRY_PHASE1 RETRY_PHASE2
 	/* algorithm */
 %token ALGORITHM_CLASS ALGORITHMTYPE STRENGTHTYPE
-	/* policy */
-%token POLICY DIRTYPE ACTION
-%token PLADDRTYPE PROPOSAL WHICHSIDE
-%token PROTOCOL SECLEVEL SECLEVELTYPE SECMODE SECMODETYPE
 	/* sainfo */
 %token SAINFO
 	/* remote */
@@ -151,7 +145,7 @@ static int fix_lifebyte __P((u_long));
 %token NONCE_SIZE DH_GROUP KEEPALIVE PASSIVE INITIAL_CONTACT
 %token PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL
 %token GENERATE_POLICY SUPPORT_MIP6
-%token POST_COMMAND
+%token PROPOSAL
 %token EXEC_PATH EXEC_COMMAND EXEC_SUCCESS EXEC_FAILURE
 %token GSSAPI_ID
 %token COMPLEX_BUNDLE
@@ -169,15 +163,13 @@ static int fix_lifebyte __P((u_long));
 %type <num> PATHTYPE IDENTIFIERTYPE LOGLEV 
 %type <num> ALGORITHM_CLASS dh_group_num
 %type <num> ALGORITHMTYPE STRENGTHTYPE
-%type <num> PREFIX prefix PORT port ike_port DIRTYPE ACTION PLADDRTYPE WHICHSIDE
-%type <num> ul_proto UL_PROTO secproto
-%type <num> SECLEVELTYPE SECMODETYPE 
+%type <num> PREFIX prefix PORT port ike_port
+%type <num> ul_proto UL_PROTO
 %type <num> EXCHANGETYPE DOITYPE SITUATIONTYPE
 %type <num> CERTTYPE CERT_X509 PROPOSAL_CHECK_LEVEL
 %type <num> unittype_time unittype_byte
 %type <val> QUOTEDSTRING HEXSTRING ADDRSTRING sainfo_id
 %type <val> identifierstring
-%type <spidx> policy_index
 %type <saddr> remote_index ike_addrinfo_port
 %type <alg> algorithm
 
@@ -195,7 +187,6 @@ statement
 	|	padding_statement
 	|	listen_statement
 	|	timer_statement
-	|	policy_statement
 	|	sainfo_statement
 	|	remote_statement
 	|	special_statement
@@ -396,263 +387,6 @@ timer_stmt
 		EOS
 	;
 
-	/* policy */
-policy_statement
-	:	POLICY policy_index
-		{
-			/*XXX to be deleted*/
-			cur_spidx = $2;
-		}
-		policy_specswrap
-	;
-policy_specswrap
-	:	EOS
-		{
-			/*
-			if (cur_spidx->action == IPSEC_POLICY_IPSEC) {
-				yyerror("must define policy for IPsec");
-				return -1;
-			}
-			*/
-		}
-	|	BOC
-		{
-			/*
-			if (cur_spidx->action != IPSEC_POLICY_IPSEC) {
-				yyerror("must not define policy for no IPsec");
-				return -1;
-			}
-
-			cur_spidx->policy = newipsp();
-			if (cur_spidx->policy == NULL) {
-				yyerror("failed to allocate ipsec policy");
-				return -1;
-			}
-			cur_spidx->policy->spidx = cur_spidx;
-			*/
-		}
-		policy_specs EOC
-		{
-			/*
-			if (set_ipsec_proposal(cur_spidx, prhead) != 0)
-				return -1;
-			*/
-
-			/* DH group settting if PFS is required. */
-			/*
-			if (cur_spidx->policy->pfs_group != 0
-			 && oakley_setdhgroup(cur_spidx->policy->pfs_group,
-					&cur_spidx->policy->pfsgrp) == -1) {
-				yyerror("failed to set DH value.\n");
-				return -1;
-			}
-
-#if 0
-			ipsecdoi_printsa(cur_spidx->policy->proposal);
-#endif
-			insspidx(cur_spidx);
-
-			cleanprhead();
-			*/
-		}
-	;
-policy_index
-	:	ADDRSTRING prefix port
-		ADDRSTRING prefix port ul_proto DIRTYPE ACTION
-		{
-			/*
-			$$ = parse_spidx($1->v, $2, $3, $4->v, $5, $6, $7, $8);
-			$$->action = $9;
-			vfree($1);
-			vfree($4);
-			*/
-		}
-	;
-prefix
-	:	/* nothing */ { $$ = ~0; }
-	|	PREFIX { $$ = $1; }
-	;
-port
-	:	/* nothing */ { $$ = IPSEC_PORT_ANY; }
-	|	PORT { $$ = $1; }
-	|	PORTANY { $$ = IPSEC_PORT_ANY; }
-	;
-ul_proto
-	:	NUMBER { $$ = $1; }
-	|	UL_PROTO { $$ = $1; }
-	|	ANY { $$ = IPSEC_ULPROTO_ANY; }
-	;
-policy_specs
-	:	/* nothing */
-	|	policy_specs policy_spec
-	;
-policy_spec
-	:	PFS_GROUP dh_group_num
-		{
-			/*
-			cur_spidx->policy->pfs_group = $2;
-			*/
-		}
-		EOS
-	|	PROPOSAL
-		{
-			/*
-			struct proposalspec *prspec;
-
-			prspec = newprspec();
-			if (prspec == NULL)
-				return -1;
-			prspec->lifetime = ipsecdoi_get_defaultlifetime();
-			insprspec(prspec, &prhead);
-			*/
-		}
-		BOC ipsecproposal_specs EOC
-	;
-ipsecproposal_specs
-	:	/* nothing */
-	|	ipsecproposal_specs ipsecproposal_spec
-	;
-ipsecproposal_spec
-	:	LIFETIME LIFETYPE_TIME NUMBER unittype_time
-		{
-			prhead->lifetime = $3 * $4;
-		}
-		EOS
-	|	LIFETIME LIFETYPE_BYTE NUMBER unittype_byte
-		{
-#if 1
-			yyerror("byte lifetime support is deprecated");
-			return -1;
-#else
-			prhead->lifebyte = fix_lifebyte($3 * $4);
-			if (prhead->lifebyte == 0)
-				return -1;
-#endif
-		}
-		EOS
-	|	PROTOCOL secproto
-		{
-			struct secprotospec *spspec;
-	
-			spspec = newspspec();
-			if (spspec == NULL)
-				return -1;
-			insspspec(spspec, &prhead);
-
-			prhead->spspec->proto_id = ipproto2doi($2);
-		}
-		BOC secproto_specs EOC
-	;
-secproto
-	:	UL_PROTO {
-			switch ($1) {
-			case IPPROTO_ESP:
-			case IPPROTO_AH:
-			case IPPROTO_IPCOMP:
-				break;
-			default:
-				yyerror("It's not security protocol");
-				return -1;
-			}
-			$$ = $1;
-		}
-	;
-secproto_specs
-	:	/* nothing */
-	|	secproto_specs secproto_spec
-	;
-secproto_spec
-	:	SECLEVEL SECLEVELTYPE { prhead->spspec->ipsec_level = $2; } EOS
-	|	SECMODE secmode EOS
-	|	STRENGTH
-		{
-			yyerror("strength directive is obsoleted.");
-		} STRENGTHTYPE EOS
-	|	ALGORITHM_CLASS ALGORITHMTYPE keylength
-		{
-			int doi;
-			int defklen;
-
-			doi = algtype2doi($1, $2);
-			if (doi == -1) {
-				yyerror("algorithm mismatched");
-				return -1;
-			}
-			switch ($1) {
-			case algclass_ipsec_enc:
-				if (prhead->spspec->proto_id != IPSECDOI_PROTO_IPSEC_ESP) {
-					yyerror("algorithm mismatched");
-					return -1;
-				}
-				prhead->spspec->algclass[algclass_ipsec_enc] = doi;
-				defklen = default_keylen($1, $2);
-				if (defklen == 0) {
-					if ($3) {
-						yyerror("keylen not allowed");
-						return -1;
-					}
-				} else {
-					if ($3 && check_keylen($1, $2, $3) < 0) {
-						yyerror("invalid keylen %d", $3);
-						return -1;
-					}
-				}
-				if ($3)
-					prhead->spspec->encklen = $3;
-				else
-					prhead->spspec->encklen = defklen;
-				break;
-			case algclass_ipsec_auth:
-				if (prhead->spspec->proto_id == IPSECDOI_PROTO_IPCOMP) {
-					yyerror("algorithm mismatched");
-					return -1;
-				}
-				prhead->spspec->algclass[algclass_ipsec_auth] = doi;
-				break;
-			case algclass_ipsec_comp:
-				if (prhead->spspec->proto_id != IPSECDOI_PROTO_IPCOMP) {
-					yyerror("algorithm mismatched");
-					return -1;
-				}
-				prhead->spspec->algclass[algclass_ipsec_comp] = doi;
-				break;
-			default:
-				yyerror("algorithm mismatched");
-				return -1;
-			}
-		}
-		EOS
-	;
-secmode
-	:	SECMODETYPE {
-			if ($1 == IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
-				yyerror("must specify peer's address");
-				return -1;
-			}
-			prhead->spspec->encmode = $1;
-			prhead->spspec->remote = NULL;
-		}
-	|	SECMODETYPE ADDRSTRING {
-			struct sockaddr *saddr;
-
-			if ($1 != IPSECDOI_ATTR_ENC_MODE_TUNNEL) {
-				yyerror("should not specify peer's address");
-				return -1;
-			}
-			prhead->spspec->encmode = $1;
-
-			saddr = str2saddr($2->v, NULL);
-			vfree($2);
-			if (saddr == NULL)
-				return -1;
-			prhead->spspec->remote = saddr;
-		}
-	;
-keylength
-	:	/* nothing */ { $$ = 0; }
-	|	NUMBER { $$ = $1; }
-	;
-
 	/* sainfo */
 sainfo_statement
 	:	SAINFO
@@ -901,6 +635,24 @@ algorithm
 			}
 		}
 	;
+prefix
+	:	/* nothing */ { $$ = ~0; }
+	|	PREFIX { $$ = $1; }
+	;
+port
+	:	/* nothing */ { $$ = IPSEC_PORT_ANY; }
+	|	PORT { $$ = $1; }
+	|	PORTANY { $$ = IPSEC_PORT_ANY; }
+	;
+ul_proto
+	:	NUMBER { $$ = $1; }
+	|	UL_PROTO { $$ = $1; }
+	|	ANY { $$ = IPSEC_ULPROTO_ANY; }
+	;
+keylength
+	:	/* nothing */ { $$ = 0; }
+	|	NUMBER { $$ = $1; }
+	;
 
 	/* remote */
 remote_statement
diff --git a/kame/kame/racoon/cftoken.l b/kame/kame/racoon/cftoken.l
index 31b6b65ab9..81ac020956 100644
--- a/kame/kame/racoon/cftoken.l
+++ b/kame/kame/racoon/cftoken.l
@@ -1,4 +1,4 @@
-/*	$KAME: cftoken.l,v 1.65 2001/09/26 05:30:34 sakane Exp $	*/
+/*	$KAME: cftoken.l,v 1.66 2001/12/07 03:35:14 sakane Exp $	*/
 
 %{
 #include <sys/types.h>
@@ -95,7 +95,6 @@ hexstring	0x{hexdigit}+
 
 %s S_INI S_PTH S_INF S_LOG S_PAD S_LST S_RTRY
 %s S_ALGST S_ALGCL
-%s S_PLCY S_PLCYS S_PLCYP S_PLCYT
 %s S_SAINF S_SAINFS
 %s S_RMT S_RMTS S_RMTP
 %s S_SA
@@ -168,44 +167,6 @@ hexstring	0x{hexdigit}+
 <S_RTRY>phase2		{ YYD; return(RETRY_PHASE2); }
 <S_RTRY>{ecl}		{ BEGIN S_INI; return(EOC); }
 
-	/* policy */
-<S_INI>policy		{ BEGIN S_PLCY; YYDB; yywarn("it is obsoleted"); return(POLICY); }
-<S_PLCY>any		{ YYD; return(ANY); }
-<S_PLCY>{blcl}any{elcl}	{ YYD; return(PORTANY); }
-<S_PLCY>in		{ YYD; yylval.num = IPSEC_DIR_INBOUND; return(DIRTYPE); }
-<S_PLCY>out		{ YYD; yylval.num = IPSEC_DIR_OUTBOUND; return(DIRTYPE); }
-<S_PLCY>inout		{ YYD; /* XXX */ yylval.num = IPSEC_DIR_ANY; return(DIRTYPE); }
-<S_PLCY>discard		{ YYD; yylval.num = IPSEC_POLICY_DISCARD; return(ACTION); }
-<S_PLCY>none		{ YYD; yylval.num = IPSEC_POLICY_NONE; return(ACTION); }
-<S_PLCY>ipsec		{ YYD; yylval.num = IPSEC_POLICY_IPSEC; return(ACTION); }
-	/* policy spec */
-<S_PLCY>{bcl}		{ BEGIN S_PLCYS; return(BOC); }
-<S_PLCY>{semi}		{ BEGIN S_INI; return(EOS); }
-<S_PLCYS>{ecl}		{ BEGIN S_INI; return(EOC); }
-<S_PLCYS>pfs_group	{ YYD; return(PFS_GROUP); }
-	/* policy proposal */
-<S_PLCYS>proposal	{ BEGIN S_PLCYP; YYDB; return(PROPOSAL); }
-<S_PLCYP>{bcl}		{ return(BOC); }
-<S_PLCYP>{ecl}		{ BEGIN S_PLCYS; return(EOC); }
-<S_PLCYP>lifetime	{ YYD; return(LIFETIME); }
-<S_PLCYP>time		{ YYD; return(LIFETYPE_TIME); }
-<S_PLCYP>byte		{ YYD; return(LIFETYPE_BYTE); }
-	/* policy protocol */
-<S_PLCYP>protocol	{ BEGIN S_PLCYT; YYDB; return(PROTOCOL); }
-<S_PLCYT>{bcl}		{ return(BOC); }
-<S_PLCYT>{ecl}		{ BEGIN S_PLCYP; return(EOC); }
-<S_PLCYT>level		{ YYD; return(SECLEVEL); }
-<S_PLCYT>require	{ YYD; yylval.num = IPSEC_LEVEL_REQUIRE; return(SECLEVELTYPE); }
-<S_PLCYT>use		{ YYD; yylval.num = IPSEC_LEVEL_USE; return(SECLEVELTYPE); }
-<S_PLCYT>default	{ YYD; yylval.num = IPSEC_LEVEL_DEFAULT; return(SECLEVELTYPE); }
-<S_PLCYT>unique		{ YYD; yylval.num = IPSEC_LEVEL_UNIQUE; return(SECLEVELTYPE); }
-<S_PLCYT>mode		{ YYD; return(SECMODE); }
-<S_PLCYT>tunnel		{ YYD; yylval.num = IPSECDOI_ATTR_ENC_MODE_TUNNEL; return(SECMODETYPE); }
-<S_PLCYT>transport	{ YYD; yylval.num = IPSECDOI_ATTR_ENC_MODE_TRNS; return(SECMODETYPE); }
-<S_PLCYT>encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
-<S_PLCYT>authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
-<S_PLCYT>compression_algorithm	{ YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
-
 	/* sainfo */
 <S_INI>sainfo		{ BEGIN S_SAINF; YYDB; return(SAINFO); }
 <S_SAINF>anonymous	{ YYD; return(ANONYMOUS); }