summaryrefslogtreecommitdiff
path: root/package/ipsec-tools
diff options
context:
space:
mode:
authorWaldemar Brodkorb <wbx@openadk.org>2009-05-30 20:39:07 +0200
committerWaldemar Brodkorb <wbx@openadk.org>2009-05-30 20:39:07 +0200
commitba3359722cbf8aa7b0ed39e1f81d1d74ec88fecd (patch)
tree10c726d162bc0ded85eb7aeacf8f246bd39ad63a /package/ipsec-tools
parentbbd610f15a71b27c955175cb98392b114717fd47 (diff)
optimize ipkg package management
- generate ipkg control file from PKG_* variables - automatically install init scripts from ./files/*.init set #PKG pkgname to set the binary package - rename FWINIT -> INIT - move postinst and conffiles meta data to ./files - update the packages to the latest upstream version - remove some unready or unused package (strongswan,..) more cleanups needed after allmodconfig
Diffstat (limited to 'package/ipsec-tools')
-rw-r--r--package/ipsec-tools/Config.in1
-rw-r--r--package/ipsec-tools/Makefile14
-rw-r--r--package/ipsec-tools/files/ipsec-tools.conffiles (renamed from package/ipsec-tools/ipkg/ipsec-tools.conffiles)0
-rw-r--r--package/ipsec-tools/ipkg/ipsec-tools.control5
-rw-r--r--package/ipsec-tools/patches/patch-configure24
-rw-r--r--package/ipsec-tools/patches/patch-configure_ac12
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_algorithm_c44
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_cftoken_c2026
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_cftoken_l9
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c54
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_eaytest_c27
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c12
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_pfkey_c18
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_privsep_c93
-rw-r--r--package/ipsec-tools/patches/patch-src_racoon_racoonctl_c12
-rw-r--r--package/ipsec-tools/patches/patch-src_setkey_token_c707
-rw-r--r--package/ipsec-tools/patches/patch-src_setkey_token_l13
17 files changed, 3016 insertions, 55 deletions
diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in
index b140738b1..7edadda2a 100644
--- a/package/ipsec-tools/Config.in
+++ b/package/ipsec-tools/Config.in
@@ -1,7 +1,6 @@
config ADK_PACKAGE_IPSEC_TOOLS
prompt "ipsec-tools....................... IPsec management tools"
tristate
- depends ADK_LINUX_2_6
select ADK_PACKAGE_LIBOPENSSL
default n
help
diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile
index 5fe7101aa..10a3539e9 100644
--- a/package/ipsec-tools/Makefile
+++ b/package/ipsec-tools/Makefile
@@ -6,19 +6,25 @@
include ${TOPDIR}/rules.mk
PKG_NAME:= ipsec-tools
-PKG_VERSION:= 0.6.4
+PKG_VERSION:= 0.7.2
PKG_RELEASE:= 1
-PKG_MD5SUM:= d0242a943c82c0cbf28005966ff35e21
+PKG_MD5SUM:= 72861f005746ee27984b2ee715ecc629
+PKG_DESCR:= IPsec management tools
+PKG_SECTION:= net
+PKG_DEPENDS:= libopenssl
+PKG_URL:= http://ipsec-tools.sourceforge.net
+PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
+
DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.bz2
-MASTER_SITES:= ${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
include ${TOPDIR}/mk/package.mk
-$(eval $(call PKG_template,IPSEC_TOOLS,ipsec-tools,${PKG_VERSION}-${PKG_RELEASE}))
+$(eval $(call PKG_template,IPSEC_TOOLS,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
CONFIGURE_STYLE= gnu
CONFIGURE_ARGS+= --with-kernel-headers="${LINUX_DIR}/include" \
--without-readline \
+ --disable-security-context \
--with-openssl="${STAGING_DIR}/usr" \
--without-libradius \
--without-libpam
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.conffiles b/package/ipsec-tools/files/ipsec-tools.conffiles
index 434045463..434045463 100644
--- a/package/ipsec-tools/ipkg/ipsec-tools.conffiles
+++ b/package/ipsec-tools/files/ipsec-tools.conffiles
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.control b/package/ipsec-tools/ipkg/ipsec-tools.control
deleted file mode 100644
index c1cade10b..000000000
--- a/package/ipsec-tools/ipkg/ipsec-tools.control
+++ /dev/null
@@ -1,5 +0,0 @@
-Package: ipsec-tools
-Priority: optional
-Section: net
-Depends: libopenssl
-Description: IPsec management tools
diff --git a/package/ipsec-tools/patches/patch-configure b/package/ipsec-tools/patches/patch-configure
index 5ff9866f7..29e65cf5b 100644
--- a/package/ipsec-tools/patches/patch-configure
+++ b/package/ipsec-tools/patches/patch-configure
@@ -1,12 +1,12 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure 2005-12-09 10:03:34.000000000 +0100
-+++ ipsec-tools-0.6.4/configure 2007-06-28 16:58:31.000000000 +0200
-@@ -23147,7 +23147,7 @@ echo "${ECHO_T}${crypto_dir-default}" >&
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- echo "$as_me:$LINENO: checking openssl version" >&5
- echo $ECHO_N "checking openssl version... $ECHO_C" >&6
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/configure 2009-04-21 16:41:45.000000000 +0200
++++ ipsec-tools-0.7.2/configure 2009-05-29 15:28:06.991791782 +0200
+@@ -11963,7 +11963,7 @@ echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+
+
+
+-CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
++CFLAGS_ADD="$CFLAGS_ADD -Wall -Wno-unused"
+
+ case $host in
+ *netbsd*)
diff --git a/package/ipsec-tools/patches/patch-configure_ac b/package/ipsec-tools/patches/patch-configure_ac
deleted file mode 100644
index d28f9afb7..000000000
--- a/package/ipsec-tools/patches/patch-configure_ac
+++ /dev/null
@@ -1,12 +0,0 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure.ac 2005-12-09 10:00:28.000000000 +0100
-+++ ipsec-tools-0.6.4/configure.ac 2007-06-28 16:58:31.000000000 +0200
-@@ -183,7 +183,7 @@ AC_MSG_RESULT(${crypto_dir-default})
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- AC_MSG_CHECKING(openssl version)
-
diff --git a/package/ipsec-tools/patches/patch-src_racoon_algorithm_c b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
new file mode 100644
index 000000000..351ce1771
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
@@ -0,0 +1,44 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/algorithm.c 2006-10-06 14:02:27.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/algorithm.c 2009-05-29 15:51:03.662094000 +0200
+@@ -111,9 +111,11 @@ static struct enc_algorithm oakley_encde
+ eay_idea_encrypt, eay_idea_decrypt,
+ eay_idea_weakkey, eay_idea_keylen, },
+ #endif
++#ifndef OPENSSL_NO_BF
+ { "blowfish", algtype_blowfish, OAKLEY_ATTR_ENC_ALG_BLOWFISH, 8,
+ eay_bf_encrypt, eay_bf_decrypt,
+ eay_bf_weakkey, eay_bf_keylen, },
++#endif
+ #ifdef HAVE_OPENSSL_RC5_H
+ { "rc5", algtype_rc5, OAKLEY_ATTR_ENC_ALG_RC5, 8,
+ eay_rc5_encrypt, eay_rc5_decrypt,
+@@ -122,9 +124,11 @@ static struct enc_algorithm oakley_encde
+ { "3des", algtype_3des, OAKLEY_ATTR_ENC_ALG_3DES, 8,
+ eay_3des_encrypt, eay_3des_decrypt,
+ eay_3des_weakkey, eay_3des_keylen, },
++#ifndef OPENSSL_NO_CAST
+ { "cast", algtype_cast128, OAKLEY_ATTR_ENC_ALG_CAST, 8,
+ eay_cast_encrypt, eay_cast_decrypt,
+ eay_cast_weakkey, eay_cast_keylen, },
++#endif
+ { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
+ eay_aes_encrypt, eay_aes_decrypt,
+ eay_aes_weakkey, eay_aes_keylen, },
+@@ -150,12 +154,16 @@ static struct enc_algorithm ipsec_encdef
+ NULL, NULL,
+ NULL, eay_rc5_keylen, },
+ #endif
++#ifndef OPENSSL_NO_CAST
+ { "cast", algtype_cast128, IPSECDOI_ESP_CAST, 8,
+ NULL, NULL,
+ NULL, eay_cast_keylen, },
++#endif
++#ifndef OPENSSL_NO_CAST
+ { "blowfish", algtype_blowfish, IPSECDOI_ESP_BLOWFISH, 8,
+ NULL, NULL,
+ NULL, eay_bf_keylen, },
++#endif
+ { "des-iv32", algtype_des_iv32, IPSECDOI_ESP_DES_IV32, 8,
+ NULL, NULL,
+ NULL, eay_des_keylen, },
diff --git a/package/ipsec-tools/patches/patch-src_racoon_cftoken_c b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
new file mode 100644
index 000000000..29bdf1a77
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
@@ -0,0 +1,2026 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/cftoken.c 2008-07-23 13:49:19.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/cftoken.c 2009-05-29 15:50:16.982910033 +0200
+@@ -8,7 +8,7 @@
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 34
++#define YY_FLEX_SUBMINOR_VERSION 35
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -178,13 +178,6 @@ extern FILE *yyin, *yyout;
+
+ #define unput(c) yyunput( c, (yytext_ptr) )
+
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- * Given that the standard has decreed that size_t exists since 1989,
+- * I guess we can afford to depend on it. Manoj.
+- */
+-
+ #ifndef YY_TYPEDEF_YY_SIZE_T
+ #define YY_TYPEDEF_YY_SIZE_T
+ typedef size_t yy_size_t;
+@@ -1634,6 +1627,7 @@ static struct include_stack {
+ static int incstackp = 0;
+
+ static int yy_first_time = 1;
++int yywrap(void) { return 1; }
+ /* common seciton */
+ /*octet (([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */
+
+@@ -1642,7 +1636,7 @@ static int yy_first_time = 1;
+
+
+
+-#line 1646 "cftoken.c"
++#line 1640 "cftoken.c"
+
+ #define INITIAL 0
+ #define S_INI 1
+@@ -1679,6 +1673,35 @@ static int yy_first_time = 1;
+
+ static int yy_init_globals (void );
+
++/* Accessor methods to globals.
++ These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
++
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined );
++
++FILE *yyget_in (void );
++
++void yyset_in (FILE * in_str );
++
++FILE *yyget_out (void );
++
++void yyset_out (FILE * out_str );
++
++int yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number );
++
+ /* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+@@ -1814,7 +1837,7 @@ YY_DECL
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+-#line 142 "cftoken.l"
++#line 143 "cftoken.l"
+
+
+ if (yy_first_time) {
+@@ -1824,7 +1847,7 @@ YY_DECL
+
+
+ /* privsep */
+-#line 1828 "cftoken.c"
++#line 1851 "cftoken.c"
+
+ if ( !(yy_init) )
+ {
+@@ -1915,1028 +1938,1028 @@ do_action: /* This label is used only to
+
+ case 1:
+ YY_RULE_SETUP
+-#line 151 "cftoken.l"
++#line 152 "cftoken.l"
+ { BEGIN S_PRIV; YYDB; return(PRIVSEP); }
+ YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 152 "cftoken.l"
++#line 153 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 153 "cftoken.l"
++#line 154 "cftoken.l"
+ { YYD; return(USER); }
+ YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 154 "cftoken.l"
++#line 155 "cftoken.l"
+ { YYD; return(GROUP); }
+ YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 155 "cftoken.l"
++#line 156 "cftoken.l"
+ { YYD; return(CHROOT); }
+ YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 156 "cftoken.l"
++#line 157 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* path */
+ case 7:
+ YY_RULE_SETUP
+-#line 159 "cftoken.l"
++#line 160 "cftoken.l"
+ { BEGIN S_PTH; YYDB; return(PATH); }
+ YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 160 "cftoken.l"
++#line 161 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_INCLUDE;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 162 "cftoken.l"
++#line 163 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PSK;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 10:
+ YY_RULE_SETUP
+-#line 164 "cftoken.l"
++#line 165 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_CERT;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 166 "cftoken.l"
++#line 167 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_SCRIPT;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 168 "cftoken.l"
++#line 169 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_BACKUPSA;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 170 "cftoken.l"
++#line 171 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PIDFILE;
+ return(PATHTYPE); }
+ YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 172 "cftoken.l"
++#line 173 "cftoken.l"
+ { BEGIN S_INI; YYDB; return(EOS); }
+ YY_BREAK
+ /* include */
+ case 15:
+ YY_RULE_SETUP
+-#line 175 "cftoken.l"
++#line 176 "cftoken.l"
+ { YYDB; return(INCLUDE); }
+ YY_BREAK
+ /* self information */
+ case 16:
+ YY_RULE_SETUP
+-#line 178 "cftoken.l"
++#line 179 "cftoken.l"
+ { BEGIN S_INF; YYDB; yywarn("it is obsoleted. use \"my_identifier\" in each remote directives."); return(IDENTIFIER); }
+ YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 179 "cftoken.l"
++#line 180 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ YY_BREAK
+ /* special */
+ case 18:
+ YY_RULE_SETUP
+-#line 182 "cftoken.l"
++#line 183 "cftoken.l"
+ { YYDB; return(COMPLEX_BUNDLE); }
+ YY_BREAK
+ /* logging */
+ case 19:
+ YY_RULE_SETUP
+-#line 185 "cftoken.l"
++#line 186 "cftoken.l"
+ { BEGIN S_LOG; YYDB; return(LOGGING); }
+ YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 186 "cftoken.l"
++#line 187 "cftoken.l"
+ { YYD; yylval.num = LLV_ERROR; return(LOGLEV); }
+ YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 187 "cftoken.l"
++#line 188 "cftoken.l"
+ { YYD; yylval.num = LLV_WARNING; return(LOGLEV); }
+ YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 188 "cftoken.l"
++#line 189 "cftoken.l"
+ { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); }
+ YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 189 "cftoken.l"
++#line 190 "cftoken.l"
+ { YYD; yylval.num = LLV_INFO; return(LOGLEV); }
+ YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 190 "cftoken.l"
++#line 191 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); }
+ YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 191 "cftoken.l"
++#line 192 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ YY_BREAK
+ case 26:
+ YY_RULE_SETUP
+-#line 192 "cftoken.l"
++#line 193 "cftoken.l"
+ { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 193 "cftoken.l"
++#line 194 "cftoken.l"
+ { YYD; yywarn("it is obsoleted. use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 194 "cftoken.l"
++#line 195 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ YY_BREAK
+ /* padding */
+ case 29:
+ YY_RULE_SETUP
+-#line 197 "cftoken.l"
++#line 198 "cftoken.l"
+ { BEGIN S_PAD; YYDB; return(PADDING); }
+ YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 198 "cftoken.l"
++#line 199 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 199 "cftoken.l"
++#line 200 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZE); }
+ YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 200 "cftoken.l"
++#line 201 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZELEN); }
+ YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 201 "cftoken.l"
++#line 202 "cftoken.l"
+ { YYD; return(PAD_MAXLEN); }
+ YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 202 "cftoken.l"
++#line 203 "cftoken.l"
+ { YYD; return(PAD_STRICT); }
+ YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 203 "cftoken.l"
++#line 204 "cftoken.l"
+ { YYD; return(PAD_EXCLTAIL); }
+ YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 204 "cftoken.l"
++#line 205 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* listen */
+ case 37:
+ YY_RULE_SETUP
+-#line 207 "cftoken.l"
++#line 208 "cftoken.l"
+ { BEGIN S_LST; YYDB; return(LISTEN); }
+ YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 208 "cftoken.l"
++#line 209 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 209 "cftoken.l"
++#line 210 "cftoken.l"
+ { YYD; return(X_ISAKMP); }
+ YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 210 "cftoken.l"
++#line 211 "cftoken.l"
+ { YYD; return(X_ISAKMP_NATT); }
+ YY_BREAK
+ case 41:
+ YY_RULE_SETUP
+-#line 211 "cftoken.l"
++#line 212 "cftoken.l"
+ { YYD; return(X_ADMIN); }
+ YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 212 "cftoken.l"
++#line 213 "cftoken.l"
+ { YYD; return(ADMINSOCK); }
+ YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 213 "cftoken.l"
++#line 214 "cftoken.l"
+ { YYD; return(DISABLED); }
+ YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 214 "cftoken.l"
++#line 215 "cftoken.l"
+ { YYD; return(STRICT_ADDRESS); }
+ YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 215 "cftoken.l"
++#line 216 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* ldap config */
+ case 46:
+ YY_RULE_SETUP
+-#line 218 "cftoken.l"
++#line 219 "cftoken.l"
+ { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
+ YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 219 "cftoken.l"
++#line 220 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 220 "cftoken.l"
++#line 221 "cftoken.l"
+ { YYD; return(LDAP_PVER); }
+ YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 221 "cftoken.l"
++#line 222 "cftoken.l"
+ { YYD; return(LDAP_HOST); }
+ YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 222 "cftoken.l"
++#line 223 "cftoken.l"
+ { YYD; return(LDAP_PORT); }
+ YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 223 "cftoken.l"
++#line 224 "cftoken.l"
+ { YYD; return(LDAP_BASE); }
+ YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 224 "cftoken.l"
++#line 225 "cftoken.l"
+ { YYD; return(LDAP_SUBTREE); }
+ YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 225 "cftoken.l"
++#line 226 "cftoken.l"
+ { YYD; return(LDAP_BIND_DN); }
+ YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 226 "cftoken.l"
++#line 227 "cftoken.l"
+ { YYD; return(LDAP_BIND_PW); }
+ YY_BREAK
+ case 55:
+ YY_RULE_SETUP
+-#line 227 "cftoken.l"
++#line 228 "cftoken.l"
+ { YYD; return(LDAP_ATTR_USER); }
+ YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 228 "cftoken.l"
++#line 229 "cftoken.l"
+ { YYD; return(LDAP_ATTR_ADDR); }
+ YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 229 "cftoken.l"
++#line 230 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MASK); }
+ YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 230 "cftoken.l"
++#line 231 "cftoken.l"
+ { YYD; return(LDAP_ATTR_GROUP); }
+ YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 231 "cftoken.l"
++#line 232 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MEMBER); }
+ YY_BREAK
+ case 60:
+ YY_RULE_SETUP
+-#line 232 "cftoken.l"
++#line 233 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* mode_cfg */
+ case 61:
+ YY_RULE_SETUP
+-#line 235 "cftoken.l"
++#line 236 "cftoken.l"
+ { BEGIN S_CFG; YYDB; return(MODECFG); }
+ YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 236 "cftoken.l"
++#line 237 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 237 "cftoken.l"
++#line 238 "cftoken.l"
+ { YYD; return(CFG_NET4); }
+ YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 238 "cftoken.l"
++#line 239 "cftoken.l"
+ { YYD; return(CFG_MASK4); }
+ YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 239 "cftoken.l"
++#line 240 "cftoken.l"
+ { YYD; return(CFG_DNS4); }
+ YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 240 "cftoken.l"
++#line 241 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 241 "cftoken.l"
++#line 242 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 242 "cftoken.l"
++#line 243 "cftoken.l"
+ { YYD; return(CFG_DEFAULT_DOMAIN); }
+ YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 243 "cftoken.l"
++#line 244 "cftoken.l"
+ { YYD; return(CFG_AUTH_SOURCE); }
+ YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 244 "cftoken.l"
++#line 245 "cftoken.l"
+ { YYD; return(CFG_AUTH_GROUPS); }
+ YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 245 "cftoken.l"
++#line 246 "cftoken.l"
+ { YYD; return(CFG_GROUP_SOURCE); }
+ YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 246 "cftoken.l"
++#line 247 "cftoken.l"
+ { YYD; return(CFG_CONF_SOURCE); }
+ YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 247 "cftoken.l"
++#line 248 "cftoken.l"
+ { YYD; return(CFG_ACCOUNTING); }
+ YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 248 "cftoken.l"
++#line 249 "cftoken.l"
+ { YYD; return(CFG_SYSTEM); }
+ YY_BREAK
+ case 75:
+ YY_RULE_SETUP
+-#line 249 "cftoken.l"
++#line 250 "cftoken.l"
+ { YYD; return(CFG_LOCAL); }
+ YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 250 "cftoken.l"
++#line 251 "cftoken.l"
+ { YYD; return(CFG_NONE); }
+ YY_BREAK
+ case 77:
+ YY_RULE_SETUP
+-#line 251 "cftoken.l"
++#line 252 "cftoken.l"
+ { YYD; return(CFG_RADIUS); }
+ YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 252 "cftoken.l"
++#line 253 "cftoken.l"
+ { YYD; return(CFG_PAM); }
+ YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 253 "cftoken.l"
++#line 254 "cftoken.l"
+ { YYD; return(CFG_LDAP); }
+ YY_BREAK
+ case 80:
+ YY_RULE_SETUP
+-#line 254 "cftoken.l"
++#line 255 "cftoken.l"
+ { YYD; return(CFG_POOL_SIZE); }
+ YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 255 "cftoken.l"
++#line 256 "cftoken.l"
+ { YYD; return(CFG_MOTD); }
+ YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 256 "cftoken.l"
++#line 257 "cftoken.l"
+ { YYD; return(CFG_AUTH_THROTTLE); }
+ YY_BREAK
+ case 83:
+ YY_RULE_SETUP
+-#line 257 "cftoken.l"
++#line 258 "cftoken.l"
+ { YYD; return(CFG_SPLIT_NETWORK); }
+ YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 258 "cftoken.l"
++#line 259 "cftoken.l"
+ { YYD; return(CFG_SPLIT_LOCAL); }
+ YY_BREAK
+ case 85:
+ YY_RULE_SETUP
+-#line 259 "cftoken.l"
++#line 260 "cftoken.l"
+ { YYD; return(CFG_SPLIT_INCLUDE); }
+ YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 260 "cftoken.l"
++#line 261 "cftoken.l"
+ { YYD; return(CFG_SPLIT_DNS); }
+ YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 261 "cftoken.l"
++#line 262 "cftoken.l"
+ { YYD; return(CFG_PFS_GROUP); }
+ YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 262 "cftoken.l"
++#line 263 "cftoken.l"
+ { YYD; return(CFG_SAVE_PASSWD); }
+ YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 263 "cftoken.l"
++#line 264 "cftoken.l"
+ { YYD; return(COMMA); }
+ YY_BREAK
+ case 90:
+ YY_RULE_SETUP
+-#line 264 "cftoken.l"
++#line 265 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* timer */
+ case 91:
+ YY_RULE_SETUP
+-#line 267 "cftoken.l"
++#line 268 "cftoken.l"
+ { BEGIN S_RTRY; YYDB; return(RETRY); }
+ YY_BREAK
+ case 92:
+ YY_RULE_SETUP
+-#line 268 "cftoken.l"
++#line 269 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 93:
+ YY_RULE_SETUP
+-#line 269 "cftoken.l"
++#line 270 "cftoken.l"
+ { YYD; return(RETRY_COUNTER); }
+ YY_BREAK
+ case 94:
+ YY_RULE_SETUP
+-#line 270 "cftoken.l"
++#line 271 "cftoken.l"
+ { YYD; return(RETRY_INTERVAL); }
+ YY_BREAK
+ case 95:
+ YY_RULE_SETUP
+-#line 271 "cftoken.l"
++#line 272 "cftoken.l"
+ { YYD; return(RETRY_PERSEND); }
+ YY_BREAK
+ case 96:
+ YY_RULE_SETUP
+-#line 272 "cftoken.l"
++#line 273 "cftoken.l"
+ { YYD; return(RETRY_PHASE1); }
+ YY_BREAK
+ case 97:
+ YY_RULE_SETUP
+-#line 273 "cftoken.l"
++#line 274 "cftoken.l"
+ { YYD; return(RETRY_PHASE2); }
+ YY_BREAK
+ case 98:
+ YY_RULE_SETUP
+-#line 274 "cftoken.l"
++#line 275 "cftoken.l"
+ { YYD; return(NATT_KA); }
+ YY_BREAK
+ case 99:
+ YY_RULE_SETUP
+-#line 275 "cftoken.l"
++#line 276 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ /* sainfo */
+ case 100:
+ YY_RULE_SETUP
+-#line 278 "cftoken.l"
++#line 279 "cftoken.l"
+ { BEGIN S_SAINF; YYDB; return(SAINFO); }
+ YY_BREAK
+ case 101:
+ YY_RULE_SETUP
+-#line 279 "cftoken.l"
++#line 280 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ YY_BREAK
+ case 102:
+ YY_RULE_SETUP
+-#line 280 "cftoken.l"
++#line 281 "cftoken.l"
+ { YYD; return(PORTANY); }
+ YY_BREAK
+ case 103:
+ YY_RULE_SETUP
+-#line 281 "cftoken.l"
++#line 282 "cftoken.l"
+ { YYD; return(ANY); }
+ YY_BREAK
+ case 104:
+ YY_RULE_SETUP
+-#line 282 "cftoken.l"
++#line 283 "cftoken.l"
+ { YYD; return(FROM); }
+ YY_BREAK
+ case 105:
+ YY_RULE_SETUP
+-#line 283 "cftoken.l"
++#line 284 "cftoken.l"
+ { YYD; return(GROUP); }
+ YY_BREAK
+ /* sainfo spec */
+ case 106:
+ YY_RULE_SETUP
+-#line 285 "cftoken.l"
++#line 286 "cftoken.l"
+ { BEGIN S_SAINFS; return(BOC); }
+ YY_BREAK
+ case 107:
+ YY_RULE_SETUP
+-#line 286 "cftoken.l"
++#line 287 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ YY_BREAK
+ case 108:
+ YY_RULE_SETUP
+-#line 287 "cftoken.l"
++#line 288 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ case 109:
+ YY_RULE_SETUP
+-#line 288 "cftoken.l"
++#line 289 "cftoken.l"
+ { YYD; return(PFS_GROUP); }
+ YY_BREAK
+ case 110:
+ YY_RULE_SETUP
+-#line 289 "cftoken.l"
++#line 290 "cftoken.l"
+ { YYD; return(REMOTEID); }
+ YY_BREAK
+ case 111:
+ YY_RULE_SETUP
+-#line 290 "cftoken.l"
++#line 291 "cftoken.l"
+ { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); }
+ YY_BREAK
+ case 112:
+ YY_RULE_SETUP
+-#line 291 "cftoken.l"
++#line 292 "cftoken.l"
+ { YYD; return(MY_IDENTIFIER); }
+ YY_BREAK
+ case 113:
+ YY_RULE_SETUP
+-#line 292 "cftoken.l"
++#line 293 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ YY_BREAK
+ case 114:
+ YY_RULE_SETUP
+-#line 293 "cftoken.l"
++#line 294 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ YY_BREAK
+ case 115:
+ YY_RULE_SETUP
+-#line 294 "cftoken.l"
++#line 295 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ YY_BREAK
+ case 116:
+ YY_RULE_SETUP
+-#line 295 "cftoken.l"
++#line 296 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 117:
+ YY_RULE_SETUP
+-#line 296 "cftoken.l"
++#line 297 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 118:
+ YY_RULE_SETUP
+-#line 297 "cftoken.l"
++#line 298 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 119:
+ YY_RULE_SETUP
+-#line 298 "cftoken.l"
++#line 299 "cftoken.l"
+ { YYD; return(COMMA); }
+ YY_BREAK
+ /* remote */
+ case 120:
+ YY_RULE_SETUP
+-#line 301 "cftoken.l"
++#line 302 "cftoken.l"
+ { BEGIN S_RMT; YYDB; return(REMOTE); }
+ YY_BREAK
+ case 121:
+ YY_RULE_SETUP
+-#line 302 "cftoken.l"
++#line 303 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ YY_BREAK
+ case 122:
+ YY_RULE_SETUP
+-#line 303 "cftoken.l"
++#line 304 "cftoken.l"
+ { YYD; return(INHERIT); }
+ YY_BREAK
+ /* remote spec */
+ case 123:
+ YY_RULE_SETUP
+-#line 305 "cftoken.l"
++#line 306 "cftoken.l"
+ { BEGIN S_RMTS; return(BOC); }
+ YY_BREAK
+ case 124:
+ YY_RULE_SETUP
+-#line 306 "cftoken.l"
++#line 307 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ YY_BREAK
+ case 125:
+ YY_RULE_SETUP
+-#line 307 "cftoken.l"
++#line 308 "cftoken.l"
+ { YYD; return(EXCHANGE_MODE); }
+ YY_BREAK
+ case 126:
+ YY_RULE_SETUP
+-#line 308 "cftoken.l"
++#line 309 "cftoken.l"
+ { YYD; /* XXX ignored, but to be handled. */ ; }
+ YY_BREAK
+ case 127:
+ YY_RULE_SETUP
+-#line 309 "cftoken.l"
++#line 310 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); }
+ YY_BREAK
+ case 128:
+ YY_RULE_SETUP
+-#line 310 "cftoken.l"
++#line 311 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); }
+ YY_BREAK
+ case 129:
+ YY_RULE_SETUP
+-#line 311 "cftoken.l"
++#line 312 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); }
+ YY_BREAK
+ case 130:
+ YY_RULE_SETUP
+-#line 312 "cftoken.l"
++#line 313 "cftoken.l"
+ { YYD; return(DOI); }
+ YY_BREAK
+ case 131:
+ YY_RULE_SETUP
+-#line 313 "cftoken.l"
++#line 314 "cftoken.l"
+ { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); }
+ YY_BREAK
+ case 132:
+ YY_RULE_SETUP
+-#line 314 "cftoken.l"
++#line 315 "cftoken.l"
+ { YYD; return(SITUATION); }
+ YY_BREAK
+ case 133:
+ YY_RULE_SETUP
+-#line 315 "cftoken.l"
++#line 316 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); }
+ YY_BREAK
+ case 134:
+ YY_RULE_SETUP
+-#line 316 "cftoken.l"
++#line 317 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); }
+ YY_BREAK
+ case 135:
+ YY_RULE_SETUP
+-#line 317 "cftoken.l"
++#line 318 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); }
+ YY_BREAK
+ case 136:
+ YY_RULE_SETUP
+-#line 318 "cftoken.l"
++#line 319 "cftoken.l"
+ { YYD; yywarn("it is obsoleted. use \"my_identifier\"."); return(IDENTIFIER); }
+ YY_BREAK
+ case 137:
+ YY_RULE_SETUP
+-#line 319 "cftoken.l"
++#line 320 "cftoken.l"
+ { YYD; return(MY_IDENTIFIER); }
+ YY_BREAK
+ case 138:
+ YY_RULE_SETUP
+-#line 320 "cftoken.l"
++#line 321 "cftoken.l"
+ { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ }
+ YY_BREAK
+ case 139:
+ YY_RULE_SETUP
+-#line 321 "cftoken.l"
++#line 322 "cftoken.l"
+ { YYD; return(PEERS_IDENTIFIER); }
+ YY_BREAK
+ case 140:
+ YY_RULE_SETUP
+-#line 322 "cftoken.l"
++#line 323 "cftoken.l"
+ { YYD; return(VERIFY_IDENTIFIER); }
+ YY_BREAK
+ case 141:
+ YY_RULE_SETUP
+-#line 323 "cftoken.l"
++#line 324 "cftoken.l"
+ { YYD; return(CERTIFICATE_TYPE); }
+ YY_BREAK
+ case 142:
+ YY_RULE_SETUP
+-#line 324 "cftoken.l"
++#line 325 "cftoken.l"
+ { YYD; return(CA_TYPE); }
+ YY_BREAK
+ case 143:
+ YY_RULE_SETUP
+-#line 325 "cftoken.l"
++#line 326 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); }
+ YY_BREAK
+ case 144:
+ YY_RULE_SETUP
+-#line 326 "cftoken.l"
++#line 327 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); }
+ YY_BREAK
+ case 145:
+ YY_RULE_SETUP
+-#line 327 "cftoken.l"
++#line 328 "cftoken.l"
+ { YYD; return(PEERS_CERTFILE); }
+ YY_BREAK
+ case 146:
+ YY_RULE_SETUP
+-#line 328 "cftoken.l"
++#line 329 "cftoken.l"
+ { YYD; return(DNSSEC); }
+ YY_BREAK
+ case 147:
+ YY_RULE_SETUP
+-#line 329 "cftoken.l"
++#line 330 "cftoken.l"
+ { YYD; return(VERIFY_CERT); }
+ YY_BREAK
+ case 148:
+ YY_RULE_SETUP
+-#line 330 "cftoken.l"
++#line 331 "cftoken.l"
+ { YYD; return(SEND_CERT); }
+ YY_BREAK
+ case 149:
+ YY_RULE_SETUP
+-#line 331 "cftoken.l"
++#line 332 "cftoken.l"
+ { YYD; return(SEND_CR); }
+ YY_BREAK
+ case 150:
+ YY_RULE_SETUP
+-#line 332 "cftoken.l"
++#line 333 "cftoken.l"
+ { YYD; return(DH_GROUP); }
+ YY_BREAK
+ case 151:
+ YY_RULE_SETUP
+-#line 333 "cftoken.l"
++#line 334 "cftoken.l"
+ { YYD; return(NONCE_SIZE); }
+ YY_BREAK
+ case 152:
+ YY_RULE_SETUP
+-#line 334 "cftoken.l"
++#line 335 "cftoken.l"
+ { YYD; return(GENERATE_POLICY); }
+ YY_BREAK
+ case 153:
+ YY_RULE_SETUP
+-#line 335 "cftoken.l"
++#line 336 "cftoken.l"
+ { YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); }
+ YY_BREAK
+ case 154:
+ YY_RULE_SETUP
+-#line 336 "cftoken.l"
++#line 337 "cftoken.l"
+ { YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); }
+ YY_BREAK
+ case 155:
+ YY_RULE_SETUP
+-#line 337 "cftoken.l"
++#line 338 "cftoken.l"
+ { YYD; yywarn("it is obsoleted. use \"support_proxy\"."); return(SUPPORT_PROXY); }
+ YY_BREAK
+ case 156:
+ YY_RULE_SETUP
+-#line 338 "cftoken.l"
++#line 339 "cftoken.l"
+ { YYD; return(SUPPORT_PROXY); }
+ YY_BREAK
+ case 157:
+ YY_RULE_SETUP
+-#line 339 "cftoken.l"
++#line 340 "cftoken.l"
+ { YYD; return(INITIAL_CONTACT); }
+ YY_BREAK
+ case 158:
+ YY_RULE_SETUP
+-#line 340 "cftoken.l"
++#line 341 "cftoken.l"
+ { YYD; return(NAT_TRAVERSAL); }
+ YY_BREAK
+ case 159:
+ YY_RULE_SETUP
+-#line 341 "cftoken.l"
++#line 342 "cftoken.l"
+ { YYD; return(REMOTE_FORCE_LEVEL); }
+ YY_BREAK
+ case 160:
+ YY_RULE_SETUP
+-#line 342 "cftoken.l"
++#line 343 "cftoken.l"
+ { YYD; return(PROPOSAL_CHECK); }
+ YY_BREAK
+ case 161:
+ YY_RULE_SETUP
+-#line 343 "cftoken.l"
++#line 344 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); }
+ YY_BREAK
+ case 162:
+ YY_RULE_SETUP
+-#line 344 "cftoken.l"
++#line 345 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); }
+ YY_BREAK
+ case 163:
+ YY_RULE_SETUP
+-#line 345 "cftoken.l"
++#line 346 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); }
+ YY_BREAK
+ case 164:
+ YY_RULE_SETUP
+-#line 346 "cftoken.l"
++#line 347 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); }
+ YY_BREAK
+ case 165:
+ YY_RULE_SETUP
+-#line 347 "cftoken.l"
++#line 348 "cftoken.l"
+ { YYD; return(KEEPALIVE); }
+ YY_BREAK
+ case 166:
+ YY_RULE_SETUP
+-#line 348 "cftoken.l"
++#line 349 "cftoken.l"
+ { YYD; return(PASSIVE); }
+ YY_BREAK
+ case 167:
+ YY_RULE_SETUP
+-#line 349 "cftoken.l"
++#line 350 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ YY_BREAK
+ case 168:
+ YY_RULE_SETUP
+-#line 350 "cftoken.l"
++#line 351 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ YY_BREAK
+ case 169:
+ YY_RULE_SETUP
+-#line 351 "cftoken.l"
++#line 352 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ YY_BREAK
+ case 170:
+ YY_RULE_SETUP
+-#line 352 "cftoken.l"
++#line 353 "cftoken.l"
+ { YYD; return(DPD); }
+ YY_BREAK
+ case 171:
+ YY_RULE_SETUP
+-#line 353 "cftoken.l"
++#line 354 "cftoken.l"
+ { YYD; return(DPD_DELAY); }
+ YY_BREAK
+ case 172:
+ YY_RULE_SETUP
+-#line 354 "cftoken.l"
++#line 355 "cftoken.l"
+ { YYD; return(DPD_RETRY); }
+ YY_BREAK
+ case 173:
+ YY_RULE_SETUP
+-#line 355 "cftoken.l"
++#line 356 "cftoken.l"
+ { YYD; return(DPD_MAXFAIL); }
+ YY_BREAK
+ case 174:
+ YY_RULE_SETUP
+-#line 356 "cftoken.l"
++#line 357 "cftoken.l"
+ { YYD; return(PH1ID); }
+ YY_BREAK
+ case 175:
+ YY_RULE_SETUP
+-#line 357 "cftoken.l"
++#line 358 "cftoken.l"
+ { YYD; return(IKE_FRAG); }
+ YY_BREAK
+ case 176:
+ YY_RULE_SETUP
+-#line 358 "cftoken.l"
++#line 359 "cftoken.l"
+ { YYD; return(ESP_FRAG); }
+ YY_BREAK
+ case 177:
+ YY_RULE_SETUP
+-#line 359 "cftoken.l"
++#line 360 "cftoken.l"
+ { YYD; return(SCRIPT); }
+ YY_BREAK
+ case 178:
+ YY_RULE_SETUP
+-#line 360 "cftoken.l"
++#line 361 "cftoken.l"
+ { YYD; return(PHASE1_UP); }
+ YY_BREAK
+ case 179:
+ YY_RULE_SETUP
+-#line 361 "cftoken.l"
++#line 362 "cftoken.l"
+ { YYD; return(PHASE1_DOWN); }
+ YY_BREAK
+ case 180:
+ YY_RULE_SETUP
+-#line 362 "cftoken.l"
++#line 363 "cftoken.l"
+ { YYD; return(MODE_CFG); }
+ YY_BREAK
+ case 181:
+ YY_RULE_SETUP
+-#line 363 "cftoken.l"
++#line 364 "cftoken.l"
+ { YYD; return(WEAK_PHASE1_CHECK); }
+ YY_BREAK
+ /* remote proposal */
+ case 182:
+ YY_RULE_SETUP
+-#line 365 "cftoken.l"
++#line 366 "cftoken.l"
+ { BEGIN S_RMTP; YYDB; return(PROPOSAL); }
+ YY_BREAK
+ case 183:
+ YY_RULE_SETUP
+-#line 366 "cftoken.l"
++#line 367 "cftoken.l"
+ { return(BOC); }
+ YY_BREAK
+ case 184:
+ YY_RULE_SETUP
+-#line 367 "cftoken.l"
++#line 368 "cftoken.l"
+ { BEGIN S_RMTS; return(EOC); }
+ YY_BREAK
+ case 185:
+ YY_RULE_SETUP
+-#line 368 "cftoken.l"
++#line 369 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ YY_BREAK
+ case 186:
+ YY_RULE_SETUP
+-#line 369 "cftoken.l"
++#line 370 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ YY_BREAK
+ case 187:
+ YY_RULE_SETUP
+-#line 370 "cftoken.l"
++#line 371 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ YY_BREAK
+ case 188:
+ YY_RULE_SETUP
+-#line 371 "cftoken.l"
++#line 372 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 189:
+ YY_RULE_SETUP
+-#line 372 "cftoken.l"
++#line 373 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 190:
+ YY_RULE_SETUP
+-#line 373 "cftoken.l"
++#line 374 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); }
+ YY_BREAK
+ case 191:
+ YY_RULE_SETUP
+-#line 374 "cftoken.l"
++#line 375 "cftoken.l"
+ { YYD; return(DH_GROUP); }
+ YY_BREAK
+ case 192:
+ YY_RULE_SETUP
+-#line 375 "cftoken.l"
++#line 376 "cftoken.l"
+ { YYD; return(GSS_ID); }
+ YY_BREAK
+ case 193:
+ YY_RULE_SETUP
+-#line 376 "cftoken.l"
++#line 377 "cftoken.l"
+ { YYD; return(GSS_ID); } /* for back compatibility */
+ YY_BREAK
+ /* GSS ID encoding type (global) */
+ case 194:
+ YY_RULE_SETUP
+-#line 379 "cftoken.l"
++#line 380 "cftoken.l"
+ { BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); }
+ YY_BREAK
+ case 195:
+ YY_RULE_SETUP
+-#line 380 "cftoken.l"
++#line 381 "cftoken.l"
+ { YYD; yylval.num = LC_GSSENC_LATIN1;
+ return(GSS_ID_ENCTYPE); }
+ YY_BREAK
+ case 196:
+ YY_RULE_SETUP
+-#line 382 "cftoken.l"
++#line 383 "cftoken.l"
+ { YYD; yylval.num = LC_GSSENC_UTF16LE;
+ return(GSS_ID_ENCTYPE); }
+ YY_BREAK
+ case 197:
+ YY_RULE_SETUP
+-#line 384 "cftoken.l"
++#line 385 "cftoken.l"
+ { BEGIN S_INI; YYDB; return(EOS); }
+ YY_BREAK
+ /* parameter */
+ case 198:
+ YY_RULE_SETUP
+-#line 387 "cftoken.l"
++#line 388 "cftoken.l"
+ { YYD; yylval.num = TRUE; return(SWITCH); }
+ YY_BREAK
+ case 199:
+ YY_RULE_SETUP
+-#line 388 "cftoken.l"
++#line 389 "cftoken.l"
+ { YYD; yylval.num = FALSE; return(SWITCH); }
+ YY_BREAK
+ /* prefix */
+ case 200:
+ YY_RULE_SETUP
+-#line 391 "cftoken.l"
++#line 392 "cftoken.l"
+ {
+ YYD;
+ yytext++;
+@@ -2947,7 +2970,7 @@ YY_RULE_SETUP
+ /* port number */
+ case 201:
+ YY_RULE_SETUP
+-#line 399 "cftoken.l"
++#line 400 "cftoken.l"
+ {
+ char *p = yytext;
+ YYD;
+@@ -2961,7 +2984,7 @@ YY_RULE_SETUP
+ /* address range */
+ case 202:
+ YY_RULE_SETUP
+-#line 410 "cftoken.l"
++#line 411 "cftoken.l"
+ {
+ YYD;
+ yytext++;
+@@ -2977,318 +3000,318 @@ YY_RULE_SETUP
+ /* upper protocol */
+ case 203:
+ YY_RULE_SETUP
+-#line 423 "cftoken.l"
++#line 424 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); }
+ YY_BREAK
+ case 204:
+ YY_RULE_SETUP
+-#line 424 "cftoken.l"
++#line 425 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); }
+ YY_BREAK
+ case 205:
+ YY_RULE_SETUP
+-#line 425 "cftoken.l"
++#line 426 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); }
+ YY_BREAK
+ case 206:
+ YY_RULE_SETUP
+-#line 426 "cftoken.l"
++#line 427 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); }
+ YY_BREAK
+ case 207:
+ YY_RULE_SETUP
+-#line 427 "cftoken.l"
++#line 428 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); }
+ YY_BREAK
+ case 208:
+ YY_RULE_SETUP
+-#line 428 "cftoken.l"
++#line 429 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); }
+ YY_BREAK
+ case 209:
+ YY_RULE_SETUP
+-#line 429 "cftoken.l"
++#line 430 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); }
+ YY_BREAK
+ /* algorithm type */
+ case 210:
+ YY_RULE_SETUP
+-#line 432 "cftoken.l"
++#line 433 "cftoken.l"
+ { YYD; yylval.num = algtype_des_iv64; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 211:
+ YY_RULE_SETUP
+-#line 433 "cftoken.l"
++#line 434 "cftoken.l"
+ { YYD; yylval.num = algtype_des; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 212:
+ YY_RULE_SETUP
+-#line 434 "cftoken.l"
++#line 435 "cftoken.l"
+ { YYD; yylval.num = algtype_3des; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 213:
+ YY_RULE_SETUP
+-#line 435 "cftoken.l"
++#line 436 "cftoken.l"
+ { YYD; yylval.num = algtype_rc5; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 214:
+ YY_RULE_SETUP
+-#line 436 "cftoken.l"
++#line 437 "cftoken.l"
+ { YYD; yylval.num = algtype_idea; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 215:
+ YY_RULE_SETUP
+-#line 437 "cftoken.l"
++#line 438 "cftoken.l"
+ { YYD; yylval.num = algtype_cast128; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 216:
+ YY_RULE_SETUP
+-#line 438 "cftoken.l"
++#line 439 "cftoken.l"
+ { YYD; yylval.num = algtype_blowfish; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 217:
+ YY_RULE_SETUP
+-#line 439 "cftoken.l"
++#line 440 "cftoken.l"
+ { YYD; yylval.num = algtype_3idea; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 218:
+ YY_RULE_SETUP
+-#line 440 "cftoken.l"
++#line 441 "cftoken.l"
+ { YYD; yylval.num = algtype_des_iv32; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 219:
+ YY_RULE_SETUP
+-#line 441 "cftoken.l"
++#line 442 "cftoken.l"
+ { YYD; yylval.num = algtype_rc4; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 220:
+ YY_RULE_SETUP
+-#line 442 "cftoken.l"
++#line 443 "cftoken.l"
+ { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 221:
+ YY_RULE_SETUP
+-#line 443 "cftoken.l"
++#line 444 "cftoken.l"
+ { YYD; yylval.num = algtype_null_enc; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 222:
+ YY_RULE_SETUP
+-#line 444 "cftoken.l"
++#line 445 "cftoken.l"
+ { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 223:
+ YY_RULE_SETUP
+-#line 445 "cftoken.l"
++#line 446 "cftoken.l"
+ { YYD; yylval.num = algtype_aes; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 224:
+ YY_RULE_SETUP
+-#line 446 "cftoken.l"
++#line 447 "cftoken.l"
+ { YYD; yylval.num = algtype_twofish; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 225:
+ YY_RULE_SETUP
+-#line 447 "cftoken.l"
++#line 448 "cftoken.l"
+ { YYD; yylval.num = algtype_camellia; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 226:
+ YY_RULE_SETUP
+-#line 448 "cftoken.l"
++#line 449 "cftoken.l"
+ { YYD; yylval.num = algtype_non_auth; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 227:
+ YY_RULE_SETUP
+-#line 449 "cftoken.l"
++#line 450 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_md5; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 228:
+ YY_RULE_SETUP
+-#line 450 "cftoken.l"
++#line 451 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha1; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 229:
+ YY_RULE_SETUP
+-#line 451 "cftoken.l"
++#line 452 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 230:
+ YY_RULE_SETUP
+-#line 452 "cftoken.l"
++#line 453 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_256; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 231:
+ YY_RULE_SETUP
+-#line 453 "cftoken.l"
++#line 454 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 232:
+ YY_RULE_SETUP
+-#line 454 "cftoken.l"
++#line 455 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_384; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 233:
+ YY_RULE_SETUP
+-#line 455 "cftoken.l"
++#line 456 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 234:
+ YY_RULE_SETUP
+-#line 456 "cftoken.l"
++#line 457 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_512; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 235:
+ YY_RULE_SETUP
+-#line 457 "cftoken.l"
++#line 458 "cftoken.l"
+ { YYD; yylval.num = algtype_des_mac; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 236:
+ YY_RULE_SETUP
+-#line 458 "cftoken.l"
++#line 459 "cftoken.l"
+ { YYD; yylval.num = algtype_kpdk; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 237:
+ YY_RULE_SETUP
+-#line 459 "cftoken.l"
++#line 460 "cftoken.l"
+ { YYD; yylval.num = algtype_md5; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 238:
+ YY_RULE_SETUP
+-#line 460 "cftoken.l"
++#line 461 "cftoken.l"
+ { YYD; yylval.num = algtype_sha1; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 239:
+ YY_RULE_SETUP
+-#line 461 "cftoken.l"
++#line 462 "cftoken.l"
+ { YYD; yylval.num = algtype_tiger; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 240:
+ YY_RULE_SETUP
+-#line 462 "cftoken.l"
++#line 463 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 241:
+ YY_RULE_SETUP
+-#line 463 "cftoken.l"
++#line 464 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_256; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 242:
+ YY_RULE_SETUP
+-#line 464 "cftoken.l"
++#line 465 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 243:
+ YY_RULE_SETUP
+-#line 465 "cftoken.l"
++#line 466 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_384; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 244:
+ YY_RULE_SETUP
+-#line 466 "cftoken.l"
++#line 467 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 245:
+ YY_RULE_SETUP
+-#line 467 "cftoken.l"
++#line 468 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_512; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 246:
+ YY_RULE_SETUP
+-#line 468 "cftoken.l"
++#line 469 "cftoken.l"
+ { YYD; yylval.num = algtype_oui; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 247:
+ YY_RULE_SETUP
+-#line 469 "cftoken.l"
++#line 470 "cftoken.l"
+ { YYD; yylval.num = algtype_deflate; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 248:
+ YY_RULE_SETUP
+-#line 470 "cftoken.l"
++#line 471 "cftoken.l"
+ { YYD; yylval.num = algtype_lzs; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 249:
+ YY_RULE_SETUP
+-#line 471 "cftoken.l"
++#line 472 "cftoken.l"
+ { YYD; yylval.num = algtype_modp768; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 250:
+ YY_RULE_SETUP
+-#line 472 "cftoken.l"
++#line 473 "cftoken.l"
+ { YYD; yylval.num = algtype_modp1024; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 251:
+ YY_RULE_SETUP
+-#line 473 "cftoken.l"
++#line 474 "cftoken.l"
+ { YYD; yylval.num = algtype_modp1536; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 252:
+ YY_RULE_SETUP
+-#line 474 "cftoken.l"
++#line 475 "cftoken.l"
+ { YYD; yylval.num = algtype_ec2n155; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 253:
+ YY_RULE_SETUP
+-#line 475 "cftoken.l"
++#line 476 "cftoken.l"
+ { YYD; yylval.num = algtype_ec2n185; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 254:
+ YY_RULE_SETUP
+-#line 476 "cftoken.l"
++#line 477 "cftoken.l"
+ { YYD; yylval.num = algtype_modp2048; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 255:
+ YY_RULE_SETUP
+-#line 477 "cftoken.l"
++#line 478 "cftoken.l"
+ { YYD; yylval.num = algtype_modp3072; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 256:
+ YY_RULE_SETUP
+-#line 478 "cftoken.l"
++#line 479 "cftoken.l"
+ { YYD; yylval.num = algtype_modp4096; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 257:
+ YY_RULE_SETUP
+-#line 479 "cftoken.l"
++#line 480 "cftoken.l"
+ { YYD; yylval.num = algtype_modp6144; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 258:
+ YY_RULE_SETUP
+-#line 480 "cftoken.l"
++#line 481 "cftoken.l"
+ { YYD; yylval.num = algtype_modp8192; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 259:
+ YY_RULE_SETUP
+-#line 481 "cftoken.l"
++#line 482 "cftoken.l"
+ { YYD; yylval.num = algtype_psk; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 260:
+ YY_RULE_SETUP
+-#line 482 "cftoken.l"
++#line 483 "cftoken.l"
+ { YYD; yylval.num = algtype_rsasig; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 261:
+ YY_RULE_SETUP
+-#line 483 "cftoken.l"
++#line 484 "cftoken.l"
+ { YYD; yylval.num = algtype_dsssig; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 262:
+ YY_RULE_SETUP
+-#line 484 "cftoken.l"
++#line 485 "cftoken.l"
+ { YYD; yylval.num = algtype_rsaenc; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 263:
+ YY_RULE_SETUP
+-#line 485 "cftoken.l"
++#line 486 "cftoken.l"
+ { YYD; yylval.num = algtype_rsarev; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 264:
+ YY_RULE_SETUP
+-#line 486 "cftoken.l"
++#line 487 "cftoken.l"
+ { YYD; yylval.num = algtype_gssapikrb; return(ALGORITHMTYPE); }
+ YY_BREAK
+ case 265:
+ YY_RULE_SETUP
+-#line 487 "cftoken.l"
++#line 488 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE);
+@@ -3299,7 +3322,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 266:
+ YY_RULE_SETUP
+-#line 494 "cftoken.l"
++#line 495 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE);
+@@ -3310,7 +3333,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 267:
+ YY_RULE_SETUP
+-#line 501 "cftoken.l"
++#line 502 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE);
+@@ -3321,7 +3344,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 268:
+ YY_RULE_SETUP
+-#line 508 "cftoken.l"
++#line 509 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE);
+@@ -3332,7 +3355,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 269:
+ YY_RULE_SETUP
+-#line 515 "cftoken.l"
++#line 516 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE);
+@@ -3343,7 +3366,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 270:
+ YY_RULE_SETUP
+-#line 522 "cftoken.l"
++#line 523 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE);
+@@ -3354,7 +3377,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 271:
+ YY_RULE_SETUP
+-#line 529 "cftoken.l"
++#line 530 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE);
+@@ -3365,7 +3388,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 272:
+ YY_RULE_SETUP
+-#line 536 "cftoken.l"
++#line 537 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE);
+@@ -3377,105 +3400,105 @@ YY_RULE_SETUP
+ /* identifier type */
+ case 273:
+ YY_RULE_SETUP
+-#line 546 "cftoken.l"
++#line 547 "cftoken.l"
+ { YYD; yywarn("it is obsoleted."); return(VENDORID); }
+ YY_BREAK
+ case 274:
+ YY_RULE_SETUP
+-#line 547 "cftoken.l"
++#line 548 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 275:
+ YY_RULE_SETUP
+-#line 548 "cftoken.l"
++#line 549 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 276:
+ YY_RULE_SETUP
+-#line 549 "cftoken.l"
++#line 550 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 277:
+ YY_RULE_SETUP
+-#line 550 "cftoken.l"
++#line 551 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 278:
+ YY_RULE_SETUP
+-#line 551 "cftoken.l"
++#line 552 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 279:
+ YY_RULE_SETUP
+-#line 552 "cftoken.l"
++#line 553 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ case 280:
+ YY_RULE_SETUP
+-#line 553 "cftoken.l"
++#line 554 "cftoken.l"
+ { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
+ YY_BREAK
+ /* identifier qualifier */
+ case 281:
+ YY_RULE_SETUP
+-#line 556 "cftoken.l"
++#line 557 "cftoken.l"
+ { YYD; yylval.num = IDQUAL_TAG; return(IDENTIFIERQUAL); }
+ YY_BREAK
+ case 282:
+ YY_RULE_SETUP
+-#line 557 "cftoken.l"
++#line 558 "cftoken.l"
+ { YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); }
+ YY_BREAK
+ /* units */
+ case 283:
+ YY_RULE_SETUP
+-#line 560 "cftoken.l"
++#line 561 "cftoken.l"
+ { YYD; return(UNITTYPE_BYTE); }
+ YY_BREAK
+ case 284:
+ YY_RULE_SETUP
+-#line 561 "cftoken.l"
++#line 562 "cftoken.l"
+ { YYD; return(UNITTYPE_KBYTES); }
+ YY_BREAK
+ case 285:
+ YY_RULE_SETUP
+-#line 562 "cftoken.l"
++#line 563 "cftoken.l"
+ { YYD; return(UNITTYPE_MBYTES); }
+ YY_BREAK
+ case 286:
+ YY_RULE_SETUP
+-#line 563 "cftoken.l"
++#line 564 "cftoken.l"
+ { YYD; return(UNITTYPE_TBYTES); }
+ YY_BREAK
+ case 287:
+ YY_RULE_SETUP
+-#line 564 "cftoken.l"
++#line 565 "cftoken.l"
+ { YYD; return(UNITTYPE_SEC); }
+ YY_BREAK
+ case 288:
+ YY_RULE_SETUP
+-#line 565 "cftoken.l"
++#line 566 "cftoken.l"
+ { YYD; return(UNITTYPE_MIN); }
+ YY_BREAK
+ case 289:
+ YY_RULE_SETUP
+-#line 566 "cftoken.l"
++#line 567 "cftoken.l"
+ { YYD; return(UNITTYPE_HOUR); }
+ YY_BREAK
+ /* boolean */
+ case 290:
+ YY_RULE_SETUP
+-#line 569 "cftoken.l"
++#line 570 "cftoken.l"
+ { YYD; yylval.num = TRUE; return(BOOLEAN); }
+ YY_BREAK
+ case 291:
+ YY_RULE_SETUP
+-#line 570 "cftoken.l"
++#line 571 "cftoken.l"
+ { YYD; yylval.num = FALSE; return(BOOLEAN); }
+ YY_BREAK
+ case 292:
+ YY_RULE_SETUP
+-#line 572 "cftoken.l"
++#line 573 "cftoken.l"
+ {
+ char *bp;
+
+@@ -3486,7 +3509,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 293:
+ YY_RULE_SETUP
+-#line 580 "cftoken.l"
++#line 581 "cftoken.l"
+ {
+ char *p;
+
+@@ -3512,7 +3535,7 @@ YY_RULE_SETUP
+ case 294:
+ /* rule 294 can match eol */
+ YY_RULE_SETUP
+-#line 602 "cftoken.l"
++#line 603 "cftoken.l"
+ {
+ char *p = yytext;
+
+@@ -3532,7 +3555,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 295:
+ YY_RULE_SETUP
+-#line 619 "cftoken.l"
++#line 620 "cftoken.l"
+ {
+ YYD;
+
+@@ -3566,7 +3589,7 @@ case YY_STATE_EOF(S_RMTS):
+ case YY_STATE_EOF(S_RMTP):
+ case YY_STATE_EOF(S_SA):
+ case YY_STATE_EOF(S_GSSENC):
+-#line 632 "cftoken.l"
++#line 633 "cftoken.l"
+ {
+ yy_delete_buffer(YY_CURRENT_BUFFER);
+ incstackp--;
+@@ -3594,36 +3617,36 @@ case YY_STATE_EOF(S_GSSENC):
+ /* ... */
+ case 296:
+ YY_RULE_SETUP
+-#line 657 "cftoken.l"
++#line 658 "cftoken.l"
+ { ; }
+ YY_BREAK
+ case 297:
+ /* rule 297 can match eol */
+ YY_RULE_SETUP
+-#line 658 "cftoken.l"
++#line 659 "cftoken.l"
+ { incstack[incstackp].lineno++; }
+ YY_BREAK
+ case 298:
+ YY_RULE_SETUP
+-#line 659 "cftoken.l"
++#line 660 "cftoken.l"
+ { YYD; }
+ YY_BREAK
+ case 299:
+ YY_RULE_SETUP
+-#line 660 "cftoken.l"
++#line 661 "cftoken.l"
+ { return(EOS); }
+ YY_BREAK
+ case 300:
+ YY_RULE_SETUP
+-#line 661 "cftoken.l"
++#line 662 "cftoken.l"
+ { yymore(); }
+ YY_BREAK
+ case 301:
+ YY_RULE_SETUP
+-#line 663 "cftoken.l"
++#line 664 "cftoken.l"
+ ECHO;
+ YY_BREAK
+-#line 3627 "cftoken.c"
++#line 3650 "cftoken.c"
+
+ case YY_END_OF_BUFFER:
+ {
+@@ -4171,9 +4194,19 @@ static void yy_load_buffer_state (void)
+ yyfree((void *) b );
+ }
+
+-#ifndef __cplusplus
++#ifndef _UNISTD_H /* assume unistd.h has isatty() for us */
++#ifdef __cplusplus
++extern "C" {
++#endif
++#ifdef __THROW /* this is a gnuism */
++extern int isatty (int ) __THROW;
++#else
+ extern int isatty (int );
+-#endif /* __cplusplus */
++#endif
++#ifdef __cplusplus
++}
++#endif
++#endif
+
+ /* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+@@ -4619,7 +4652,7 @@ void yyfree (void * ptr )
+
+ #define YYTABLES_NAME "yytables"
+
+-#line 663 "cftoken.l"
++#line 664 "cftoken.l"
+
+
+
diff --git a/package/ipsec-tools/patches/patch-src_racoon_cftoken_l b/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
index 977ba8a37..8ada6f602 100644
--- a/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
+++ b/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
@@ -1,11 +1,10 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/racoon/cftoken.l 2005-11-06 18:18:26.000000000 +0100
-+++ ipsec-tools-0.6.4/src/racoon/cftoken.l 2007-06-28 16:58:31.000000000 +0200
-@@ -105,6 +105,8 @@ static struct include_stack {
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/cftoken.l 2007-09-03 20:07:29.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/cftoken.l 2009-05-29 15:46:06.836399719 +0200
+@@ -104,6 +104,7 @@ static struct include_stack {
static int incstackp = 0;
static int yy_first_time = 1;
-+
+int yywrap(void) { return 1; }
%}
diff --git a/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c b/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
index 66f9ba7d2..76c6a62cc 100644
--- a/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
+++ b/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
@@ -1,12 +1,48 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/racoon/crypto_openssl.c 2005-07-12 13:50:15.000000000 +0200
-+++ ipsec-tools-0.6.4/src/racoon/crypto_openssl.c 2007-06-28 17:04:27.000000000 +0200
-@@ -81,7 +81,7 @@
- #ifdef HAVE_OPENSSL_SHA2_H
- #include <openssl/sha2.h>
- #else
--#include "crypto/sha2/sha2.h"
-+#include "missing/crypto/sha2/sha2.h"
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/crypto_openssl.c 2009-04-20 15:33:30.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/crypto_openssl.c 2009-05-29 15:31:04.728378359 +0200
+@@ -63,8 +63,12 @@
+ #ifdef HAVE_OPENSSL_ENGINE_H
+ #include <openssl/engine.h>
#endif
++#ifndef OPENSSL_NO_BF
+ #include <openssl/blowfish.h>
++#endif
++#ifndef OPENSSL_NO_CAST
+ #include <openssl/cast.h>
++#endif
+ #include <openssl/err.h>
+ #ifdef HAVE_OPENSSL_RC5_H
+ #include <openssl/rc5.h>
+@@ -1347,6 +1351,7 @@ eay_idea_keylen(len)
+ }
#endif
++#ifndef OPENSSL_NO_BF
+ /*
+ * BLOWFISH-CBC
+ */
+@@ -1381,6 +1386,7 @@ eay_bf_keylen(len)
+ return -1;
+ return len;
+ }
++#endif
+
+ #ifdef HAVE_OPENSSL_RC5_H
+ /*
+@@ -1492,6 +1498,7 @@ eay_3des_keylen(len)
+ return 192;
+ }
+
++#ifndef OPENSSL_NO_CAST
+ /*
+ * CAST-CBC
+ */
+@@ -1526,6 +1533,7 @@ eay_cast_keylen(len)
+ return -1;
+ return len;
+ }
++#endif
+
+ /*
+ * AES(RIJNDAEL)-CBC
diff --git a/package/ipsec-tools/patches/patch-src_racoon_eaytest_c b/package/ipsec-tools/patches/patch-src_racoon_eaytest_c
new file mode 100644
index 000000000..a7d7807c4
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_eaytest_c
@@ -0,0 +1,27 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/eaytest.c 2008-07-16 10:50:02.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/eaytest.c 2009-05-29 15:33:04.286374004 +0200
+@@ -683,19 +683,23 @@ ciphertest(ac, av)
+ eay_aes_encrypt, eay_aes_decrypt) < 0)
+ return -1;
+
++#ifndef OPENSSL_NO_BF
+ if (ciphertest_1 ("BLOWFISH",
+ &data, 8,
+ &key, key.l,
+ &iv0, 8,
+ eay_bf_encrypt, eay_bf_decrypt) < 0)
+ return -1;
++#endif
+
++#ifndef OPENSSL_NO_CAST
+ if (ciphertest_1 ("CAST",
+ &data, 8,
+ &key, key.l,
+ &iv0, 8,
+ eay_cast_encrypt, eay_cast_decrypt) < 0)
+ return -1;
++#endif
+
+ #ifdef HAVE_OPENSSL_IDEA_H
+ if (ciphertest_1 ("IDEA",
diff --git a/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c b/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c
new file mode 100644
index 000000000..7b612f035
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/isakmp_xauth.c 2009-04-20 15:35:36.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/isakmp_xauth.c 2009-05-29 15:56:30.460377529 +0200
+@@ -585,7 +585,7 @@ PAM_conv(msg_count, msg, rsp, dontcare)
+
+ if ((reply = racoon_malloc(sizeof(*reply) * msg_count)) == NULL)
+ return PAM_CONV_ERR;
+- bzero(reply, sizeof(*reply) * msg_count);
++ memset(reply, 0, sizeof(*reply) * msg_count);
+
+ for (i = 0; i < msg_count; i++) {
+ switch (msg[i]->msg_style) {
diff --git a/package/ipsec-tools/patches/patch-src_racoon_pfkey_c b/package/ipsec-tools/patches/patch-src_racoon_pfkey_c
new file mode 100644
index 000000000..cedbc5cdd
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_pfkey_c
@@ -0,0 +1,18 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/pfkey.c 2008-12-08 07:06:24.000000000 +0100
++++ ipsec-tools-0.7.2/src/racoon/pfkey.c 2009-05-29 15:48:49.201433105 +0200
+@@ -3008,12 +3008,12 @@ addnewsp(mhp)
+ struct sockaddr *paddr;
+
+ paddr = (struct sockaddr *)(xisr + 1);
+- bcopy(paddr, &(*p_isr)->saidx.src,
++ memcpy(&(*p_isr)->saidx.src, paddr,
+ sysdep_sa_len(paddr));
+
+ paddr = (struct sockaddr *)((caddr_t)paddr
+ + sysdep_sa_len(paddr));
+- bcopy(paddr, &(*p_isr)->saidx.dst,
++ memcpy(&(*p_isr)->saidx.dst, paddr,
+ sysdep_sa_len(paddr));
+ }
+
diff --git a/package/ipsec-tools/patches/patch-src_racoon_privsep_c b/package/ipsec-tools/patches/patch-src_racoon_privsep_c
new file mode 100644
index 000000000..c69abd264
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_privsep_c
@@ -0,0 +1,93 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/privsep.c 2008-12-08 07:06:24.000000000 +0100
++++ ipsec-tools-0.7.2/src/racoon/privsep.c 2009-05-29 15:55:47.787585131 +0200
+@@ -323,7 +323,7 @@ privsep_init(void)
+ strerror(errno));
+ goto out;
+ }
+- bzero(reply, sizeof(*reply));
++ memset(reply, 0, sizeof(*reply));
+ reply->hdr.ac_cmd = combuf->hdr.ac_cmd;
+ reply->hdr.ac_len = sizeof(*reply);
+
+@@ -421,7 +421,7 @@ privsep_init(void)
+ strerror(errno));
+ goto out;
+ }
+- bzero(envp, (envc + 1) * sizeof(char *));
++ memset(envp, 0, (envc + 1) * sizeof(char *));
+
+
+ /*
+@@ -716,7 +716,7 @@ privsep_eay_get_pkcs1privkey(path)
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return NULL;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_EAY_GET_PKCS1PRIVKEY;
+ msg->hdr.ac_len = len;
+ msg->bufs.buflen[0] = len - sizeof(*msg);
+@@ -797,7 +797,7 @@ privsep_script_exec(script, name, envp)
+ return -1;
+ }
+
+- bzero(msg, sizeof(*msg));
++ memset(msg, 0, sizeof(*msg));
+ msg->hdr.ac_cmd = PRIVSEP_SCRIPT_EXEC;
+ msg->hdr.ac_len = sizeof(*msg);
+
+@@ -906,7 +906,7 @@ privsep_getpsk(str, keylen)
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return NULL;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_GETPSK;
+ msg->hdr.ac_len = len;
+
+@@ -960,7 +960,7 @@ privsep_xauth_login_system(usr, pwd)
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return -1;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_XAUTH_LOGIN_SYSTEM;
+ msg->hdr.ac_len = len;
+
+@@ -1014,7 +1014,7 @@ privsep_accounting_system(port, raddr, u
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return -1;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_ACCOUNTING_SYSTEM;
+ msg->hdr.ac_len = len;
+ msg->bufs.buflen[0] = sizeof(port);
+@@ -1187,7 +1187,7 @@ privsep_accounting_pam(port, inout)
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return -1;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_ACCOUNTING_PAM;
+ msg->hdr.ac_len = len;
+ msg->bufs.buflen[0] = sizeof(port);
+@@ -1248,7 +1248,7 @@ privsep_xauth_login_pam(port, raddr, usr
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return -1;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_XAUTH_LOGIN_PAM;
+ msg->hdr.ac_len = len;
+ msg->bufs.buflen[0] = sizeof(port);
+@@ -1312,7 +1312,7 @@ privsep_cleanup_pam(port)
+ "Cannot allocate memory: %s\n", strerror(errno));
+ return;
+ }
+- bzero(msg, len);
++ memset(msg, 0, len);
+ msg->hdr.ac_cmd = PRIVSEP_CLEANUP_PAM;
+ msg->hdr.ac_len = len;
+ msg->bufs.buflen[0] = sizeof(port);
diff --git a/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c b/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c
new file mode 100644
index 000000000..d5d6267c6
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/racoonctl.c 2009-04-20 15:32:57.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/racoonctl.c 2009-05-29 15:57:45.600377208 +0200
+@@ -785,7 +785,7 @@ f_vpnc(ac, av)
+ errx(1, "cannot read source address");
+
+ /* We get "ip[port]" strip the port */
+- if ((idx = index(srcaddr, '[')) == NULL)
++ if ((idx = strchr(srcaddr, '[')) == NULL)
+ errx(1, "unexpected source address format");
+ *idx = '\0';
+
diff --git a/package/ipsec-tools/patches/patch-src_setkey_token_c b/package/ipsec-tools/patches/patch-src_setkey_token_c
new file mode 100644
index 000000000..1c0231885
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_setkey_token_c
@@ -0,0 +1,707 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/setkey/token.c 2008-07-23 10:26:58.000000000 +0200
++++ ipsec-tools-0.7.2/src/setkey/token.c 2009-05-29 15:26:39.126303087 +0200
+@@ -8,7 +8,7 @@
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 34
++#define YY_FLEX_SUBMINOR_VERSION 35
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -178,13 +178,6 @@ extern FILE *yyin, *yyout;
+
+ #define unput(c) yyunput( c, (yytext_ptr) )
+
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- * Given that the standard has decreed that size_t exists since 1989,
+- * I guess we can afford to depend on it. Manoj.
+- */
+-
+ #ifndef YY_TYPEDEF_YY_SIZE_T
+ #define YY_TYPEDEF_YY_SIZE_T
+ typedef size_t yy_size_t;
+@@ -1069,9 +1062,10 @@ char *yytext;
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC SADB_X_EALG_AES
+ #endif
++int yywrap(void) { return 1; }
+ /* common section */
+
+-#line 1075 "token.c"
++#line 1069 "token.c"
+
+ #define INITIAL 0
+ #define S_PL 1
+@@ -1092,6 +1086,35 @@ char *yytext;
+
+ static int yy_init_globals (void );
+
++/* Accessor methods to globals.
++ These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
++
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined );
++
++FILE *yyget_in (void );
++
++void yyset_in (FILE * in_str );
++
++FILE *yyget_out (void );
++
++void yyset_out (FILE * out_str );
++
++int yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number );
++
+ /* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+@@ -1227,10 +1250,10 @@ YY_DECL
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+-#line 114 "token.l"
++#line 115 "token.l"
+
+
+-#line 1234 "token.c"
++#line 1257 "token.c"
+
+ if ( !(yy_init) )
+ {
+@@ -1321,84 +1344,84 @@ do_action: /* This label is used only to
+
+ case 1:
+ YY_RULE_SETUP
+-#line 116 "token.l"
++#line 117 "token.l"
+ { return(ADD); }
+ YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 117 "token.l"
++#line 118 "token.l"
+ { return(DELETE); }
+ YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 118 "token.l"
++#line 119 "token.l"
+ { return(DELETEALL); }
+ YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 119 "token.l"
++#line 120 "token.l"
+ { return(GET); }
+ YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 120 "token.l"
++#line 121 "token.l"
+ { return(FLUSH); }
+ YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 121 "token.l"
++#line 122 "token.l"
+ { return(DUMP); }
+ YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 122 "token.l"
++#line 123 "token.l"
+ { return(EXIT); }
+ YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 123 "token.l"
++#line 124 "token.l"
+ { return(EXIT); }
+ YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 124 "token.l"
++#line 125 "token.l"
+ { return(EXIT); }
+ YY_BREAK
+ /* for management SPD */
+ case 10:
+ YY_RULE_SETUP
+-#line 127 "token.l"
++#line 128 "token.l"
+ { return(SPDADD); }
+ YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 128 "token.l"
++#line 129 "token.l"
+ { return(SPDDELETE); }
+ YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 129 "token.l"
++#line 130 "token.l"
+ { return(SPDDUMP); }
+ YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 130 "token.l"
++#line 131 "token.l"
+ { return(SPDFLUSH); }
+ YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 131 "token.l"
++#line 132 "token.l"
+ { return(TAGGED); }
+ YY_BREAK
+ case 15:
+ YY_RULE_SETUP
+-#line 132 "token.l"
++#line 133 "token.l"
+ { BEGIN S_PL; return(F_POLICY); }
+ YY_BREAK
+ case 16:
+ /* rule 16 can match eol */
+ YY_RULE_SETUP
+-#line 133 "token.l"
++#line 134 "token.l"
+ {
+ yymore();
+
+@@ -1420,13 +1443,13 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 151 "token.l"
++#line 152 "token.l"
+ { BEGIN INITIAL; return(EOT); }
+ YY_BREAK
+ /* address resolution flags */
+ case 18:
+ YY_RULE_SETUP
+-#line 154 "token.l"
++#line 155 "token.l"
+ {
+ yylval.val.len = strlen(yytext);
+ yylval.val.buf = strdup(yytext);
+@@ -1438,37 +1461,37 @@ YY_RULE_SETUP
+ /* security protocols */
+ case 19:
+ YY_RULE_SETUP
+-#line 163 "token.l"
++#line 164 "token.l"
+ { yylval.num = 0; return(PR_AH); }
+ YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 164 "token.l"
++#line 165 "token.l"
+ { yylval.num = 0; return(PR_ESP); }
+ YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 165 "token.l"
++#line 166 "token.l"
+ { yylval.num = 1; return(PR_AH); }
+ YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 166 "token.l"
++#line 167 "token.l"
+ { yylval.num = 1; return(PR_ESP); }
+ YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 167 "token.l"
++#line 168 "token.l"
+ { yylval.num = 0; return(PR_ESPUDP); }
+ YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 168 "token.l"
++#line 169 "token.l"
+ { yylval.num = 0; return(PR_IPCOMP); }
+ YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 169 "token.l"
++#line 170 "token.l"
+ {
+ yylval.num = 0; return(PR_TCP);
+ }
+@@ -1476,72 +1499,72 @@ YY_RULE_SETUP
+ /* authentication alogorithm */
+ case 26:
+ YY_RULE_SETUP
+-#line 174 "token.l"
++#line 175 "token.l"
+ { BEGIN S_AUTHALG; return(F_AUTH); }
+ YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 175 "token.l"
++#line 176 "token.l"
+ { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 176 "token.l"
++#line 177 "token.l"
+ { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 29:
+ YY_RULE_SETUP
+-#line 177 "token.l"
++#line 178 "token.l"
+ { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 178 "token.l"
++#line 179 "token.l"
+ { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 179 "token.l"
++#line 180 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 180 "token.l"
++#line 181 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 181 "token.l"
++#line 182 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 182 "token.l"
++#line 183 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 183 "token.l"
++#line 184 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 184 "token.l"
++#line 185 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 37:
+ YY_RULE_SETUP
+-#line 185 "token.l"
++#line 186 "token.l"
+ { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 186 "token.l"
++#line 187 "token.l"
+ { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+ YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 187 "token.l"
++#line 188 "token.l"
+ {
+ #ifdef SADB_X_AALG_TCP_MD5
+ yylval.num = SADB_X_AALG_TCP_MD5;
+@@ -1552,63 +1575,63 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 194 "token.l"
++#line 195 "token.l"
+ { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
+ YY_BREAK
+ /* encryption alogorithm */
+ case 41:
+ YY_RULE_SETUP
+-#line 197 "token.l"
++#line 198 "token.l"
+ { BEGIN S_ENCALG; return(F_ENC); }
+ YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 198 "token.l"
++#line 199 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 199 "token.l"
++#line 200 "token.l"
+ { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 200 "token.l"
++#line 201 "token.l"
+ { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
+ YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 201 "token.l"
++#line 202 "token.l"
+ { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
+ YY_BREAK
+ case 46:
+ YY_RULE_SETUP
+-#line 202 "token.l"
++#line 203 "token.l"
+ { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 203 "token.l"
++#line 204 "token.l"
+ { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 204 "token.l"
++#line 205 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
+ YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 205 "token.l"
++#line 206 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
+ YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 206 "token.l"
++#line 207 "token.l"
+ { yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 207 "token.l"
++#line 208 "token.l"
+ {
+ #ifdef SADB_X_EALG_AESCBC
+ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
+@@ -1617,7 +1640,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 212 "token.l"
++#line 213 "token.l"
+ {
+ #ifdef SADB_X_EALG_AESCBC
+ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
+@@ -1626,12 +1649,12 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 217 "token.l"
++#line 218 "token.l"
+ { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
+ YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 218 "token.l"
++#line 219 "token.l"
+ {
+ #ifdef SADB_X_EALG_CAMELLIACBC
+ yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC);
+@@ -1641,152 +1664,152 @@ YY_RULE_SETUP
+ /* compression algorithms */
+ case 55:
+ YY_RULE_SETUP
+-#line 225 "token.l"
++#line 226 "token.l"
+ { return(F_COMP); }
+ YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 226 "token.l"
++#line 227 "token.l"
+ { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
+ YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 227 "token.l"
++#line 228 "token.l"
+ { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
+ YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 228 "token.l"
++#line 229 "token.l"
+ { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
+ YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 229 "token.l"
++#line 230 "token.l"
+ { return(F_RAWCPI); }
+ YY_BREAK
+ /* extension */
+ case 60:
+ YY_RULE_SETUP
+-#line 232 "token.l"
++#line 233 "token.l"
+ { return(F_MODE); }
+ YY_BREAK
+ case 61:
+ YY_RULE_SETUP
+-#line 233 "token.l"
++#line 234 "token.l"
+ { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
+ YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 234 "token.l"
++#line 235 "token.l"
+ { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
+ YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 235 "token.l"
++#line 236 "token.l"
+ { return(F_REQID); }
+ YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 236 "token.l"
++#line 237 "token.l"
+ { return(F_EXT); }
+ YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 237 "token.l"
++#line 238 "token.l"
+ { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
+ YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 238 "token.l"
++#line 239 "token.l"
+ { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
+ YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 239 "token.l"
++#line 240 "token.l"
+ { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
+ YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 240 "token.l"
++#line 241 "token.l"
+ { return(NOCYCLICSEQ); }
+ YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 241 "token.l"
++#line 242 "token.l"
+ { return(F_REPLAY); }
+ YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 242 "token.l"
++#line 243 "token.l"
+ { return(F_LIFETIME_HARD); }
+ YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 243 "token.l"
++#line 244 "token.l"
+ { return(F_LIFETIME_SOFT); }
+ YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 244 "token.l"
++#line 245 "token.l"
+ { return(F_LIFEBYTE_HARD); }
+ YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 245 "token.l"
++#line 246 "token.l"
+ { return(F_LIFEBYTE_SOFT); }
+ YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 246 "token.l"
++#line 247 "token.l"
+ { return(SECURITY_CTX); }
+ YY_BREAK
+ /* ... */
+ case 75:
+ YY_RULE_SETUP
+-#line 249 "token.l"
++#line 250 "token.l"
+ { return(ANY); }
+ YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 250 "token.l"
++#line 251 "token.l"
+ { }
+ YY_BREAK
+ case 77:
+ /* rule 77 can match eol */
+ YY_RULE_SETUP
+-#line 251 "token.l"
++#line 252 "token.l"
+ { lineno++; }
+ YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 252 "token.l"
++#line 253 "token.l"
+
+ YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 253 "token.l"
++#line 254 "token.l"
+ { return(EOT); }
+ YY_BREAK
+ /* for address parameters: /prefix, [port] */
+ case 80:
+ YY_RULE_SETUP
+-#line 256 "token.l"
++#line 257 "token.l"
+ { return SLASH; }
+ YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 257 "token.l"
++#line 258 "token.l"
+ { return BLCL; }
+ YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 258 "token.l"
++#line 259 "token.l"
+ { return ELCL; }
+ YY_BREAK
+ /* parameter */
+ case 83:
+ YY_RULE_SETUP
+-#line 261 "token.l"
++#line 262 "token.l"
+ {
+ char *bp;
+
+@@ -1796,7 +1819,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 268 "token.l"
++#line 269 "token.l"
+ {
+ yylval.val.buf = strdup(yytext + 2);
+ if (!yylval.val.buf)
+@@ -1809,7 +1832,7 @@ YY_RULE_SETUP
+ case 85:
+ /* rule 85 can match eol */
+ YY_RULE_SETUP
+-#line 277 "token.l"
++#line 278 "token.l"
+ {
+ char *p = yytext;
+ while (*++p != '"') ;
+@@ -1825,7 +1848,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 290 "token.l"
++#line 291 "token.l"
+ {
+ yylval.val.len = yyleng;
+ yylval.val.buf = strdup(yytext);
+@@ -1836,7 +1859,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 298 "token.l"
++#line 299 "token.l"
+ {
+ yylval.val.len = yyleng;
+ yylval.val.buf = strdup(yytext);
+@@ -1847,7 +1870,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 306 "token.l"
++#line 307 "token.l"
+ {
+ yyfatal("Syntax error");
+ /*NOTREACHED*/
+@@ -1855,10 +1878,10 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 311 "token.l"
++#line 312 "token.l"
+ ECHO;
+ YY_BREAK
+-#line 1862 "token.c"
++#line 1885 "token.c"
+ case YY_STATE_EOF(INITIAL):
+ case YY_STATE_EOF(S_PL):
+ case YY_STATE_EOF(S_AUTHALG):
+@@ -2411,9 +2434,19 @@ static void yy_load_buffer_state (void)
+ yyfree((void *) b );
+ }
+
+-#ifndef __cplusplus
++#ifndef _UNISTD_H /* assume unistd.h has isatty() for us */
++#ifdef __cplusplus
++extern "C" {
++#endif
++#ifdef __THROW /* this is a gnuism */
++extern int isatty (int ) __THROW;
++#else
+ extern int isatty (int );
+-#endif /* __cplusplus */
++#endif
++#ifdef __cplusplus
++}
++#endif
++#endif
+
+ /* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+@@ -2859,7 +2892,7 @@ void yyfree (void * ptr )
+
+ #define YYTABLES_NAME "yytables"
+
+-#line 311 "token.l"
++#line 312 "token.l"
+
+
+
diff --git a/package/ipsec-tools/patches/patch-src_setkey_token_l b/package/ipsec-tools/patches/patch-src_setkey_token_l
index b73f73fea..e0697835c 100644
--- a/package/ipsec-tools/patches/patch-src_setkey_token_l
+++ b/package/ipsec-tools/patches/patch-src_setkey_token_l
@@ -1,11 +1,10 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/setkey/token.l 2005-06-29 15:01:30.000000000 +0200
-+++ ipsec-tools-0.6.4/src/setkey/token.l 2007-06-28 16:58:31.000000000 +0200
-@@ -84,6 +84,8 @@
- #ifndef SADB_X_EALG_AESCTR
- #define SADB_X_EALG_AESCTR (-1)
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/setkey/token.l 2007-08-01 13:52:23.000000000 +0200
++++ ipsec-tools-0.7.2/src/setkey/token.l 2009-05-29 15:25:54.760377400 +0200
+@@ -86,6 +86,7 @@
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC SADB_X_EALG_AES
#endif
-+
+int yywrap(void) { return 1; }
%}