optimize ipkg package management

- generate ipkg control file from PKG_* variables - automatically install init scripts from ./files/*.init set #PKG pkgname to set the binary package - rename FWINIT -> INIT - move postinst and conffiles meta data to ./files - update the packages to the latest upstream version - remove some unready or unused package (strongswan,..) more cleanups needed after allmodconfig
author: Waldemar Brodkorb <wbx@openadk.org> 2009-05-30 20:39:07 +0200
committer: Waldemar Brodkorb <wbx@openadk.org> 2009-05-30 20:39:07 +0200
commit: ba3359722cbf8aa7b0ed39e1f81d1d74ec88fecd (patch)
tree: 10c726d162bc0ded85eb7aeacf8f246bd39ad63a /package/ipsec-tools
parent: bbd610f15a71b27c955175cb98392b114717fd47 (diff)
17 files changed, 3016 insertions, 55 deletions
diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in
index b140738b1..7edadda2a 100644
--- a/package/ipsec-tools/Config.in
+++ b/package/ipsec-tools/Config.in
@@ -1,7 +1,6 @@
 config ADK_PACKAGE_IPSEC_TOOLS
 	prompt "ipsec-tools....................... IPsec management tools"
 	tristate
-	depends ADK_LINUX_2_6
 	select ADK_PACKAGE_LIBOPENSSL
 	default n
 	help
diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile
index 5fe7101aa..10a3539e9 100644
--- a/package/ipsec-tools/Makefile
+++ b/package/ipsec-tools/Makefile
@@ -6,19 +6,25 @@
 include ${TOPDIR}/rules.mk
 
 PKG_NAME:=		ipsec-tools
-PKG_VERSION:=		0.6.4
+PKG_VERSION:=		0.7.2
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		d0242a943c82c0cbf28005966ff35e21
+PKG_MD5SUM:=		72861f005746ee27984b2ee715ecc629
+PKG_DESCR:=		IPsec management tools
+PKG_SECTION:=		net
+PKG_DEPENDS:=		libopenssl
+PKG_URL:=		http://ipsec-tools.sourceforge.net
+PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
+
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.bz2
-MASTER_SITES:=		${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
 
 include ${TOPDIR}/mk/package.mk
 
-$(eval $(call PKG_template,IPSEC_TOOLS,ipsec-tools,${PKG_VERSION}-${PKG_RELEASE}))
+$(eval $(call PKG_template,IPSEC_TOOLS,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 CONFIGURE_STYLE=	gnu
 CONFIGURE_ARGS+=	--with-kernel-headers="${LINUX_DIR}/include" \
 			--without-readline \
+			--disable-security-context \
 			--with-openssl="${STAGING_DIR}/usr" \
 			--without-libradius \
 			--without-libpam
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.conffiles b/package/ipsec-tools/files/ipsec-tools.conffiles
index 434045463..434045463 100644
--- a/package/ipsec-tools/ipkg/ipsec-tools.conffiles
+++ b/package/ipsec-tools/files/ipsec-tools.conffiles
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.control b/package/ipsec-tools/ipkg/ipsec-tools.control
deleted file mode 100644
index c1cade10b..000000000
--- a/package/ipsec-tools/ipkg/ipsec-tools.control
+++ /dev/null
@@ -1,5 +0,0 @@
-Package: ipsec-tools
-Priority: optional
-Section: net
-Depends: libopenssl
-Description: IPsec management tools
diff --git a/package/ipsec-tools/patches/patch-configure b/package/ipsec-tools/patches/patch-configure
index 5ff9866f7..29e65cf5b 100644
--- a/package/ipsec-tools/patches/patch-configure
+++ b/package/ipsec-tools/patches/patch-configure
@@ -1,12 +1,12 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure	2005-12-09 10:03:34.000000000 +0100
-+++ ipsec-tools-0.6.4/configure	2007-06-28 16:58:31.000000000 +0200
-@@ -23147,7 +23147,7 @@ echo "${ECHO_T}${crypto_dir-default}" >&
- 
- if test "x$crypto_dir" != "x"; then
- 	LIBS="$LIBS -L${crypto_dir}/lib"
--	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- echo "$as_me:$LINENO: checking openssl version" >&5
- echo $ECHO_N "checking openssl version... $ECHO_C" >&6
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/configure	2009-04-21 16:41:45.000000000 +0200
++++ ipsec-tools-0.7.2/configure	2009-05-29 15:28:06.991791782 +0200
+@@ -11963,7 +11963,7 @@ echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+ 
+ 
+ 
+-CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
++CFLAGS_ADD="$CFLAGS_ADD -Wall -Wno-unused"
+ 
+ case $host in
+ *netbsd*)
diff --git a/package/ipsec-tools/patches/patch-configure_ac b/package/ipsec-tools/patches/patch-configure_ac
deleted file mode 100644
index d28f9afb7..000000000
--- a/package/ipsec-tools/patches/patch-configure_ac
+++ /dev/null
@@ -1,12 +0,0 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure.ac	2005-12-09 10:00:28.000000000 +0100
-+++ ipsec-tools-0.6.4/configure.ac	2007-06-28 16:58:31.000000000 +0200
-@@ -183,7 +183,7 @@ AC_MSG_RESULT(${crypto_dir-default})
- 
- if test "x$crypto_dir" != "x"; then
- 	LIBS="$LIBS -L${crypto_dir}/lib"
--	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- AC_MSG_CHECKING(openssl version)
- 
diff --git a/package/ipsec-tools/patches/patch-src_racoon_algorithm_c b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
new file mode 100644
index 000000000..351ce1771
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
@@ -0,0 +1,44 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/algorithm.c	2006-10-06 14:02:27.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/algorithm.c	2009-05-29 15:51:03.662094000 +0200
+@@ -111,9 +111,11 @@ static struct enc_algorithm oakley_encde
+ 		eay_idea_encrypt,	eay_idea_decrypt,
+ 		eay_idea_weakkey,	eay_idea_keylen, },
+ #endif
++#ifndef OPENSSL_NO_BF
+ { "blowfish",	algtype_blowfish,	OAKLEY_ATTR_ENC_ALG_BLOWFISH,	8,
+ 		eay_bf_encrypt,		eay_bf_decrypt,
+ 		eay_bf_weakkey,		eay_bf_keylen, },
++#endif
+ #ifdef HAVE_OPENSSL_RC5_H
+ { "rc5",	algtype_rc5,		OAKLEY_ATTR_ENC_ALG_RC5,	8,
+ 		eay_rc5_encrypt,	eay_rc5_decrypt,
+@@ -122,9 +124,11 @@ static struct enc_algorithm oakley_encde
+ { "3des",	algtype_3des,		OAKLEY_ATTR_ENC_ALG_3DES,	8,
+ 		eay_3des_encrypt,	eay_3des_decrypt,
+ 		eay_3des_weakkey,	eay_3des_keylen, },
++#ifndef OPENSSL_NO_CAST
+ { "cast",	algtype_cast128,	OAKLEY_ATTR_ENC_ALG_CAST,	8,
+ 		eay_cast_encrypt,	eay_cast_decrypt,
+ 		eay_cast_weakkey,	eay_cast_keylen, },
++#endif
+ { "aes",	algtype_aes,	OAKLEY_ATTR_ENC_ALG_AES,	16,
+ 		eay_aes_encrypt,	eay_aes_decrypt,
+ 		eay_aes_weakkey,	eay_aes_keylen, },
+@@ -150,12 +154,16 @@ static struct enc_algorithm ipsec_encdef
+ 		NULL,			NULL,
+ 		NULL,			eay_rc5_keylen, },
+ #endif
++#ifndef OPENSSL_NO_CAST
+ { "cast",	algtype_cast128,	IPSECDOI_ESP_CAST,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_cast_keylen, },
++#endif
++#ifndef OPENSSL_NO_CAST
+ { "blowfish",	algtype_blowfish,	IPSECDOI_ESP_BLOWFISH,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_bf_keylen, },
++#endif
+ { "des-iv32",	algtype_des_iv32,	IPSECDOI_ESP_DES_IV32,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_des_keylen, },
diff --git a/package/ipsec-tools/patches/patch-src_racoon_cftoken_c b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
new file mode 100644
index 000000000..29bdf1a77
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
@@ -0,0 +1,2026 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/cftoken.c	2008-07-23 13:49:19.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/cftoken.c	2009-05-29 15:50:16.982910033 +0200
+@@ -8,7 +8,7 @@
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 34
++#define YY_FLEX_SUBMINOR_VERSION 35
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -178,13 +178,6 @@ extern FILE *yyin, *yyout;
+ 
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- * Given that the standard has decreed that size_t exists since 1989,
+- * I guess we can afford to depend on it. Manoj.
+- */
+-
+ #ifndef YY_TYPEDEF_YY_SIZE_T
+ #define YY_TYPEDEF_YY_SIZE_T
+ typedef size_t yy_size_t;
+@@ -1634,6 +1627,7 @@ static struct include_stack {
+ static int incstackp = 0;
+ 
+ static int yy_first_time = 1;
++int yywrap(void) { return 1; }
+ /* common seciton */
+ /*octet		(([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */
+ 
+@@ -1642,7 +1636,7 @@ static int yy_first_time = 1;
+ 
+ 
+ 
+-#line 1646 "cftoken.c"
++#line 1640 "cftoken.c"
+ 
+ #define INITIAL 0
+ #define S_INI 1
+@@ -1679,6 +1673,35 @@ static int yy_first_time = 1;
+ 
+ static int yy_init_globals (void );
+ 
++/* Accessor methods to globals.
++   These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
++
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag  );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined  );
++
++FILE *yyget_in (void );
++
++void yyset_in  (FILE * in_str  );
++
++FILE *yyget_out (void );
++
++void yyset_out  (FILE * out_str  );
++
++int yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number  );
++
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+  */
+@@ -1814,7 +1837,7 @@ YY_DECL
+ 	register char *yy_cp, *yy_bp;
+ 	register int yy_act;
+     
+-#line 142 "cftoken.l"
++#line 143 "cftoken.l"
+ 
+ 
+ 	if (yy_first_time) {
+@@ -1824,7 +1847,7 @@ YY_DECL
+ 
+ 
+ 	/* privsep */
+-#line 1828 "cftoken.c"
++#line 1851 "cftoken.c"
+ 
+ 	if ( !(yy_init) )
+ 		{
+@@ -1915,1028 +1938,1028 @@ do_action:	/* This label is used only to
+ 
+ case 1:
+ YY_RULE_SETUP
+-#line 151 "cftoken.l"
++#line 152 "cftoken.l"
+ { BEGIN S_PRIV; YYDB; return(PRIVSEP); }
+ 	YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 152 "cftoken.l"
++#line 153 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 153 "cftoken.l"
++#line 154 "cftoken.l"
+ { YYD; return(USER); }
+ 	YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 154 "cftoken.l"
++#line 155 "cftoken.l"
+ { YYD; return(GROUP); }
+ 	YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 155 "cftoken.l"
++#line 156 "cftoken.l"
+ { YYD; return(CHROOT); }
+ 	YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 156 "cftoken.l"
++#line 157 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* path */
+ case 7:
+ YY_RULE_SETUP
+-#line 159 "cftoken.l"
++#line 160 "cftoken.l"
+ { BEGIN S_PTH; YYDB; return(PATH); }
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 160 "cftoken.l"
++#line 161 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_INCLUDE;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 162 "cftoken.l"
++#line 163 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PSK;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 10:
+ YY_RULE_SETUP
+-#line 164 "cftoken.l"
++#line 165 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_CERT;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 166 "cftoken.l"
++#line 167 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_SCRIPT;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 168 "cftoken.l"
++#line 169 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_BACKUPSA;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 170 "cftoken.l"
++#line 171 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PIDFILE;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 172 "cftoken.l"
++#line 173 "cftoken.l"
+ { BEGIN S_INI; YYDB; return(EOS); }
+ 	YY_BREAK
+ /* include */
+ case 15:
+ YY_RULE_SETUP
+-#line 175 "cftoken.l"
++#line 176 "cftoken.l"
+ { YYDB; return(INCLUDE); }
+ 	YY_BREAK
+ /* self information */
+ case 16:
+ YY_RULE_SETUP
+-#line 178 "cftoken.l"
++#line 179 "cftoken.l"
+ { BEGIN S_INF; YYDB; yywarn("it is obsoleted.  use \"my_identifier\" in each remote directives."); return(IDENTIFIER); }
+ 	YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 179 "cftoken.l"
++#line 180 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ /* special */
+ case 18:
+ YY_RULE_SETUP
+-#line 182 "cftoken.l"
++#line 183 "cftoken.l"
+ { YYDB; return(COMPLEX_BUNDLE); }
+ 	YY_BREAK
+ /* logging */
+ case 19:
+ YY_RULE_SETUP
+-#line 185 "cftoken.l"
++#line 186 "cftoken.l"
+ { BEGIN S_LOG; YYDB; return(LOGGING); }
+ 	YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 186 "cftoken.l"
++#line 187 "cftoken.l"
+ { YYD; yylval.num = LLV_ERROR; return(LOGLEV); }
+ 	YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 187 "cftoken.l"
++#line 188 "cftoken.l"
+ { YYD; yylval.num = LLV_WARNING; return(LOGLEV); }
+ 	YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 188 "cftoken.l"
++#line 189 "cftoken.l"
+ { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); }
+ 	YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 189 "cftoken.l"
++#line 190 "cftoken.l"
+ { YYD; yylval.num = LLV_INFO; return(LOGLEV); }
+ 	YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 190 "cftoken.l"
++#line 191 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); }
+ 	YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 191 "cftoken.l"
++#line 192 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 26:
+ YY_RULE_SETUP
+-#line 192 "cftoken.l"
++#line 193 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 193 "cftoken.l"
++#line 194 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 194 "cftoken.l"
++#line 195 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ /* padding */
+ case 29:
+ YY_RULE_SETUP
+-#line 197 "cftoken.l"
++#line 198 "cftoken.l"
+ { BEGIN S_PAD; YYDB; return(PADDING); }
+ 	YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 198 "cftoken.l"
++#line 199 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 199 "cftoken.l"
++#line 200 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZE); }
+ 	YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 200 "cftoken.l"
++#line 201 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZELEN); }
+ 	YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 201 "cftoken.l"
++#line 202 "cftoken.l"
+ { YYD; return(PAD_MAXLEN); }
+ 	YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 202 "cftoken.l"
++#line 203 "cftoken.l"
+ { YYD; return(PAD_STRICT); }
+ 	YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 203 "cftoken.l"
++#line 204 "cftoken.l"
+ { YYD; return(PAD_EXCLTAIL); }
+ 	YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 204 "cftoken.l"
++#line 205 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* listen */
+ case 37:
+ YY_RULE_SETUP
+-#line 207 "cftoken.l"
++#line 208 "cftoken.l"
+ { BEGIN S_LST; YYDB; return(LISTEN); }
+ 	YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 208 "cftoken.l"
++#line 209 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 209 "cftoken.l"
++#line 210 "cftoken.l"
+ { YYD; return(X_ISAKMP); }
+ 	YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 210 "cftoken.l"
++#line 211 "cftoken.l"
+ { YYD; return(X_ISAKMP_NATT); }
+ 	YY_BREAK
+ case 41:
+ YY_RULE_SETUP
+-#line 211 "cftoken.l"
++#line 212 "cftoken.l"
+ { YYD; return(X_ADMIN); }
+ 	YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 212 "cftoken.l"
++#line 213 "cftoken.l"
+ { YYD; return(ADMINSOCK); }
+ 	YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 213 "cftoken.l"
++#line 214 "cftoken.l"
+ { YYD; return(DISABLED); }
+ 	YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 214 "cftoken.l"
++#line 215 "cftoken.l"
+ { YYD; return(STRICT_ADDRESS); }
+ 	YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 215 "cftoken.l"
++#line 216 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* ldap config */
+ case 46:
+ YY_RULE_SETUP
+-#line 218 "cftoken.l"
++#line 219 "cftoken.l"
+ { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
+ 	YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 219 "cftoken.l"
++#line 220 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 220 "cftoken.l"
++#line 221 "cftoken.l"
+ { YYD; return(LDAP_PVER); }
+ 	YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 221 "cftoken.l"
++#line 222 "cftoken.l"
+ { YYD; return(LDAP_HOST); }
+ 	YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 222 "cftoken.l"
++#line 223 "cftoken.l"
+ { YYD; return(LDAP_PORT); }
+ 	YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 223 "cftoken.l"
++#line 224 "cftoken.l"
+ { YYD; return(LDAP_BASE); }
+ 	YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 224 "cftoken.l"
++#line 225 "cftoken.l"
+ { YYD; return(LDAP_SUBTREE); }
+ 	YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 225 "cftoken.l"
++#line 226 "cftoken.l"
+ { YYD; return(LDAP_BIND_DN); }
+ 	YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 226 "cftoken.l"
++#line 227 "cftoken.l"
+ { YYD; return(LDAP_BIND_PW); }
+ 	YY_BREAK
+ case 55:
+ YY_RULE_SETUP
+-#line 227 "cftoken.l"
++#line 228 "cftoken.l"
+ { YYD; return(LDAP_ATTR_USER); }
+ 	YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 228 "cftoken.l"
++#line 229 "cftoken.l"
+ { YYD; return(LDAP_ATTR_ADDR); }
+ 	YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 229 "cftoken.l"
++#line 230 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MASK); }
+ 	YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 230 "cftoken.l"
++#line 231 "cftoken.l"
+ { YYD; return(LDAP_ATTR_GROUP); }
+ 	YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 231 "cftoken.l"
++#line 232 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MEMBER); }
+ 	YY_BREAK
+ case 60:
+ YY_RULE_SETUP
+-#line 232 "cftoken.l"
++#line 233 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* mode_cfg */
+ case 61:
+ YY_RULE_SETUP
+-#line 235 "cftoken.l"
++#line 236 "cftoken.l"
+ { BEGIN S_CFG; YYDB; return(MODECFG); }
+ 	YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 236 "cftoken.l"
++#line 237 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 237 "cftoken.l"
++#line 238 "cftoken.l"
+ { YYD; return(CFG_NET4); }
+ 	YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 238 "cftoken.l"
++#line 239 "cftoken.l"
+ { YYD; return(CFG_MASK4); }
+ 	YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 239 "cftoken.l"
++#line 240 "cftoken.l"
+ { YYD; return(CFG_DNS4); }
+ 	YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 240 "cftoken.l"
++#line 241 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ 	YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 241 "cftoken.l"
++#line 242 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ 	YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 242 "cftoken.l"
++#line 243 "cftoken.l"
+ { YYD; return(CFG_DEFAULT_DOMAIN); }
+ 	YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 243 "cftoken.l"
++#line 244 "cftoken.l"
+ { YYD; return(CFG_AUTH_SOURCE); }
+ 	YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 244 "cftoken.l"
++#line 245 "cftoken.l"
+ { YYD; return(CFG_AUTH_GROUPS); }
+ 	YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 245 "cftoken.l"
++#line 246 "cftoken.l"
+ { YYD; return(CFG_GROUP_SOURCE); }
+ 	YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 246 "cftoken.l"
++#line 247 "cftoken.l"
+ { YYD; return(CFG_CONF_SOURCE); }
+ 	YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 247 "cftoken.l"
++#line 248 "cftoken.l"
+ { YYD; return(CFG_ACCOUNTING); }
+ 	YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 248 "cftoken.l"
++#line 249 "cftoken.l"
+ { YYD; return(CFG_SYSTEM); }
+ 	YY_BREAK
+ case 75:
+ YY_RULE_SETUP
+-#line 249 "cftoken.l"
++#line 250 "cftoken.l"
+ { YYD; return(CFG_LOCAL); }
+ 	YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 250 "cftoken.l"
++#line 251 "cftoken.l"
+ { YYD; return(CFG_NONE); }
+ 	YY_BREAK
+ case 77:
+ YY_RULE_SETUP
+-#line 251 "cftoken.l"
++#line 252 "cftoken.l"
+ { YYD; return(CFG_RADIUS); }
+ 	YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 252 "cftoken.l"
++#line 253 "cftoken.l"
+ { YYD; return(CFG_PAM); }
+ 	YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 253 "cftoken.l"
++#line 254 "cftoken.l"
+ { YYD; return(CFG_LDAP); }
+ 	YY_BREAK
+ case 80:
+ YY_RULE_SETUP
+-#line 254 "cftoken.l"
++#line 255 "cftoken.l"
+ { YYD; return(CFG_POOL_SIZE); }
+ 	YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 255 "cftoken.l"
++#line 256 "cftoken.l"
+ { YYD; return(CFG_MOTD); }
+ 	YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 256 "cftoken.l"
++#line 257 "cftoken.l"
+ { YYD; return(CFG_AUTH_THROTTLE); }
+ 	YY_BREAK
+ case 83:
+ YY_RULE_SETUP
+-#line 257 "cftoken.l"
++#line 258 "cftoken.l"
+ { YYD; return(CFG_SPLIT_NETWORK); }
+ 	YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 258 "cftoken.l"
++#line 259 "cftoken.l"
+ { YYD; return(CFG_SPLIT_LOCAL); }
+ 	YY_BREAK
+ case 85:
+ YY_RULE_SETUP
+-#line 259 "cftoken.l"
++#line 260 "cftoken.l"
+ { YYD; return(CFG_SPLIT_INCLUDE); }
+ 	YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 260 "cftoken.l"
++#line 261 "cftoken.l"
+ { YYD; return(CFG_SPLIT_DNS); }
+ 	YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 261 "cftoken.l"
++#line 262 "cftoken.l"
+ { YYD; return(CFG_PFS_GROUP); }
+ 	YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 262 "cftoken.l"
++#line 263 "cftoken.l"
+ { YYD; return(CFG_SAVE_PASSWD); }
+ 	YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 263 "cftoken.l"
++#line 264 "cftoken.l"
+ { YYD; return(COMMA); }
+ 	YY_BREAK
+ case 90:
+ YY_RULE_SETUP
+-#line 264 "cftoken.l"
++#line 265 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* timer */
+ case 91:
+ YY_RULE_SETUP
+-#line 267 "cftoken.l"
++#line 268 "cftoken.l"
+ { BEGIN S_RTRY; YYDB; return(RETRY); }
+ 	YY_BREAK
+ case 92:
+ YY_RULE_SETUP
+-#line 268 "cftoken.l"
++#line 269 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 93:
+ YY_RULE_SETUP
+-#line 269 "cftoken.l"
++#line 270 "cftoken.l"
+ { YYD; return(RETRY_COUNTER); }
+ 	YY_BREAK
+ case 94:
+ YY_RULE_SETUP
+-#line 270 "cftoken.l"
++#line 271 "cftoken.l"
+ { YYD; return(RETRY_INTERVAL); }
+ 	YY_BREAK
+ case 95:
+ YY_RULE_SETUP
+-#line 271 "cftoken.l"
++#line 272 "cftoken.l"
+ { YYD; return(RETRY_PERSEND); }
+ 	YY_BREAK
+ case 96:
+ YY_RULE_SETUP
+-#line 272 "cftoken.l"
++#line 273 "cftoken.l"
+ { YYD; return(RETRY_PHASE1); }
+ 	YY_BREAK
+ case 97:
+ YY_RULE_SETUP
+-#line 273 "cftoken.l"
++#line 274 "cftoken.l"
+ { YYD; return(RETRY_PHASE2); }
+ 	YY_BREAK
+ case 98:
+ YY_RULE_SETUP
+-#line 274 "cftoken.l"
++#line 275 "cftoken.l"
+ { YYD; return(NATT_KA); }
+ 	YY_BREAK
+ case 99:
+ YY_RULE_SETUP
+-#line 275 "cftoken.l"
++#line 276 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* sainfo */
+ case 100:
+ YY_RULE_SETUP
+-#line 278 "cftoken.l"
++#line 279 "cftoken.l"
+ { BEGIN S_SAINF; YYDB; return(SAINFO); }
+ 	YY_BREAK
+ case 101:
+ YY_RULE_SETUP
+-#line 279 "cftoken.l"
++#line 280 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ 	YY_BREAK
+ case 102:
+ YY_RULE_SETUP
+-#line 280 "cftoken.l"
++#line 281 "cftoken.l"
+ { YYD; return(PORTANY); }
+ 	YY_BREAK
+ case 103:
+ YY_RULE_SETUP
+-#line 281 "cftoken.l"
++#line 282 "cftoken.l"
+ { YYD; return(ANY); }
+ 	YY_BREAK
+ case 104:
+ YY_RULE_SETUP
+-#line 282 "cftoken.l"
++#line 283 "cftoken.l"
+ { YYD; return(FROM); }
+ 	YY_BREAK
+ case 105:
+ YY_RULE_SETUP
+-#line 283 "cftoken.l"
++#line 284 "cftoken.l"
+ { YYD; return(GROUP); }
+ 	YY_BREAK
+ /* sainfo spec */
+ case 106:
+ YY_RULE_SETUP
+-#line 285 "cftoken.l"
++#line 286 "cftoken.l"
+ { BEGIN S_SAINFS; return(BOC); }
+ 	YY_BREAK
+ case 107:
+ YY_RULE_SETUP
+-#line 286 "cftoken.l"
++#line 287 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ case 108:
+ YY_RULE_SETUP
+-#line 287 "cftoken.l"
++#line 288 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ case 109:
+ YY_RULE_SETUP
+-#line 288 "cftoken.l"
++#line 289 "cftoken.l"
+ { YYD; return(PFS_GROUP); }
+ 	YY_BREAK
+ case 110:
+ YY_RULE_SETUP
+-#line 289 "cftoken.l"
++#line 290 "cftoken.l"
+ { YYD; return(REMOTEID); }
+ 	YY_BREAK
+ case 111:
+ YY_RULE_SETUP
+-#line 290 "cftoken.l"
++#line 291 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"my_identifier\"."); return(IDENTIFIER); }
+ 	YY_BREAK
+ case 112:
+ YY_RULE_SETUP
+-#line 291 "cftoken.l"
++#line 292 "cftoken.l"
+ { YYD; return(MY_IDENTIFIER); }
+ 	YY_BREAK
+ case 113:
+ YY_RULE_SETUP
+-#line 292 "cftoken.l"
++#line 293 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ 	YY_BREAK
+ case 114:
+ YY_RULE_SETUP
+-#line 293 "cftoken.l"
++#line 294 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ 	YY_BREAK
+ case 115:
+ YY_RULE_SETUP
+-#line 294 "cftoken.l"
++#line 295 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ 	YY_BREAK
+ case 116:
+ YY_RULE_SETUP
+-#line 295 "cftoken.l"
++#line 296 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 117:
+ YY_RULE_SETUP
+-#line 296 "cftoken.l"
++#line 297 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 118:
+ YY_RULE_SETUP
+-#line 297 "cftoken.l"
++#line 298 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 119:
+ YY_RULE_SETUP
+-#line 298 "cftoken.l"
++#line 299 "cftoken.l"
+ { YYD; return(COMMA); }
+ 	YY_BREAK
+ /* remote */
+ case 120:
+ YY_RULE_SETUP
+-#line 301 "cftoken.l"
++#line 302 "cftoken.l"
+ { BEGIN S_RMT; YYDB; return(REMOTE); }
+ 	YY_BREAK
+ case 121:
+ YY_RULE_SETUP
+-#line 302 "cftoken.l"
++#line 303 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ 	YY_BREAK
+ case 122:
+ YY_RULE_SETUP
+-#line 303 "cftoken.l"
++#line 304 "cftoken.l"
+ { YYD; return(INHERIT); }
+ 	YY_BREAK
+ /* remote spec */
+ case 123:
+ YY_RULE_SETUP
+-#line 305 "cftoken.l"
++#line 306 "cftoken.l"
+ { BEGIN S_RMTS; return(BOC); }
+ 	YY_BREAK
+ case 124:
+ YY_RULE_SETUP
+-#line 306 "cftoken.l"
++#line 307 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ case 125:
+ YY_RULE_SETUP
+-#line 307 "cftoken.l"
++#line 308 "cftoken.l"
+ { YYD; return(EXCHANGE_MODE); }
+ 	YY_BREAK
+ case 126:
+ YY_RULE_SETUP
+-#line 308 "cftoken.l"
++#line 309 "cftoken.l"
+ { YYD; /* XXX ignored, but to be handled. */ ; }
+ 	YY_BREAK
+ case 127:
+ YY_RULE_SETUP
+-#line 309 "cftoken.l"
++#line 310 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 128:
+ YY_RULE_SETUP
+-#line 310 "cftoken.l"
++#line 311 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 129:
+ YY_RULE_SETUP
+-#line 311 "cftoken.l"
++#line 312 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 130:
+ YY_RULE_SETUP
+-#line 312 "cftoken.l"
++#line 313 "cftoken.l"
+ { YYD; return(DOI); }
+ 	YY_BREAK
+ case 131:
+ YY_RULE_SETUP
+-#line 313 "cftoken.l"
++#line 314 "cftoken.l"
+ { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); }
+ 	YY_BREAK
+ case 132:
+ YY_RULE_SETUP
+-#line 314 "cftoken.l"
++#line 315 "cftoken.l"
+ { YYD; return(SITUATION); }
+ 	YY_BREAK
+ case 133:
+ YY_RULE_SETUP
+-#line 315 "cftoken.l"
++#line 316 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); }
+ 	YY_BREAK
+ case 134:
+ YY_RULE_SETUP
+-#line 316 "cftoken.l"
++#line 317 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); }
+ 	YY_BREAK
+ case 135:
+ YY_RULE_SETUP
+-#line 317 "cftoken.l"
++#line 318 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); }
+ 	YY_BREAK
+ case 136:
+ YY_RULE_SETUP
+-#line 318 "cftoken.l"
++#line 319 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"my_identifier\"."); return(IDENTIFIER); }
+ 	YY_BREAK
+ case 137:
+ YY_RULE_SETUP
+-#line 319 "cftoken.l"
++#line 320 "cftoken.l"
+ { YYD; return(MY_IDENTIFIER); }
+ 	YY_BREAK
+ case 138:
+ YY_RULE_SETUP
+-#line 320 "cftoken.l"
++#line 321 "cftoken.l"
+ { YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ }
+ 	YY_BREAK
+ case 139:
+ YY_RULE_SETUP
+-#line 321 "cftoken.l"
++#line 322 "cftoken.l"
+ { YYD; return(PEERS_IDENTIFIER); }
+ 	YY_BREAK
+ case 140:
+ YY_RULE_SETUP
+-#line 322 "cftoken.l"
++#line 323 "cftoken.l"
+ { YYD; return(VERIFY_IDENTIFIER); }
+ 	YY_BREAK
+ case 141:
+ YY_RULE_SETUP
+-#line 323 "cftoken.l"
++#line 324 "cftoken.l"
+ { YYD; return(CERTIFICATE_TYPE); }
+ 	YY_BREAK
+ case 142:
+ YY_RULE_SETUP
+-#line 324 "cftoken.l"
++#line 325 "cftoken.l"
+ { YYD; return(CA_TYPE); }
+ 	YY_BREAK
+ case 143:
+ YY_RULE_SETUP
+-#line 325 "cftoken.l"
++#line 326 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); }
+ 	YY_BREAK
+ case 144:
+ YY_RULE_SETUP
+-#line 326 "cftoken.l"
++#line 327 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); }
+ 	YY_BREAK
+ case 145:
+ YY_RULE_SETUP
+-#line 327 "cftoken.l"
++#line 328 "cftoken.l"
+ { YYD; return(PEERS_CERTFILE); }
+ 	YY_BREAK
+ case 146:
+ YY_RULE_SETUP
+-#line 328 "cftoken.l"
++#line 329 "cftoken.l"
+ { YYD; return(DNSSEC); }
+ 	YY_BREAK
+ case 147:
+ YY_RULE_SETUP
+-#line 329 "cftoken.l"
++#line 330 "cftoken.l"
+ { YYD; return(VERIFY_CERT); }
+ 	YY_BREAK
+ case 148:
+ YY_RULE_SETUP
+-#line 330 "cftoken.l"
++#line 331 "cftoken.l"
+ { YYD; return(SEND_CERT); }
+ 	YY_BREAK
+ case 149:
+ YY_RULE_SETUP
+-#line 331 "cftoken.l"
++#line 332 "cftoken.l"
+ { YYD; return(SEND_CR); }
+ 	YY_BREAK
+ case 150:
+ YY_RULE_SETUP
+-#line 332 "cftoken.l"
++#line 333 "cftoken.l"
+ { YYD; return(DH_GROUP); }
+ 	YY_BREAK
+ case 151:
+ YY_RULE_SETUP
+-#line 333 "cftoken.l"
++#line 334 "cftoken.l"
+ { YYD; return(NONCE_SIZE); }
+ 	YY_BREAK
+ case 152:
+ YY_RULE_SETUP
+-#line 334 "cftoken.l"
++#line 335 "cftoken.l"
+ { YYD; return(GENERATE_POLICY); }
+ 	YY_BREAK
+ case 153:
+ YY_RULE_SETUP
+-#line 335 "cftoken.l"
++#line 336 "cftoken.l"
+ { YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); }
+ 	YY_BREAK
+ case 154:
+ YY_RULE_SETUP
+-#line 336 "cftoken.l"
++#line 337 "cftoken.l"
+ { YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); }
+ 	YY_BREAK
+ case 155:
+ YY_RULE_SETUP
+-#line 337 "cftoken.l"
++#line 338 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"support_proxy\"."); return(SUPPORT_PROXY); }
+ 	YY_BREAK
+ case 156:
+ YY_RULE_SETUP
+-#line 338 "cftoken.l"
++#line 339 "cftoken.l"
+ { YYD; return(SUPPORT_PROXY); }
+ 	YY_BREAK
+ case 157:
+ YY_RULE_SETUP
+-#line 339 "cftoken.l"
++#line 340 "cftoken.l"
+ { YYD; return(INITIAL_CONTACT); }
+ 	YY_BREAK
+ case 158:
+ YY_RULE_SETUP
+-#line 340 "cftoken.l"
++#line 341 "cftoken.l"
+ { YYD; return(NAT_TRAVERSAL); }
+ 	YY_BREAK
+ case 159:
+ YY_RULE_SETUP
+-#line 341 "cftoken.l"
++#line 342 "cftoken.l"
+ { YYD; return(REMOTE_FORCE_LEVEL); }
+ 	YY_BREAK
+ case 160:
+ YY_RULE_SETUP
+-#line 342 "cftoken.l"
++#line 343 "cftoken.l"
+ { YYD; return(PROPOSAL_CHECK); }
+ 	YY_BREAK
+ case 161:
+ YY_RULE_SETUP
+-#line 343 "cftoken.l"
++#line 344 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); }
+ 	YY_BREAK
+ case 162:
+ YY_RULE_SETUP
+-#line 344 "cftoken.l"
++#line 345 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); }
+ 	YY_BREAK
+ case 163:
+ YY_RULE_SETUP
+-#line 345 "cftoken.l"
++#line 346 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); }
+ 	YY_BREAK
+ case 164:
+ YY_RULE_SETUP
+-#line 346 "cftoken.l"
++#line 347 "cftoken.l"
+ { YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); }
+ 	YY_BREAK
+ case 165:
+ YY_RULE_SETUP
+-#line 347 "cftoken.l"
++#line 348 "cftoken.l"
+ { YYD; return(KEEPALIVE); }
+ 	YY_BREAK
+ case 166:
+ YY_RULE_SETUP
+-#line 348 "cftoken.l"
++#line 349 "cftoken.l"
+ { YYD; return(PASSIVE); }
+ 	YY_BREAK
+ case 167:
+ YY_RULE_SETUP
+-#line 349 "cftoken.l"
++#line 350 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ 	YY_BREAK
+ case 168:
+ YY_RULE_SETUP
+-#line 350 "cftoken.l"
++#line 351 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ 	YY_BREAK
+ case 169:
+ YY_RULE_SETUP
+-#line 351 "cftoken.l"
++#line 352 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ 	YY_BREAK
+ case 170:
+ YY_RULE_SETUP
+-#line 352 "cftoken.l"
++#line 353 "cftoken.l"
+ { YYD; return(DPD); }
+ 	YY_BREAK
+ case 171:
+ YY_RULE_SETUP
+-#line 353 "cftoken.l"
++#line 354 "cftoken.l"
+ { YYD; return(DPD_DELAY); }
+ 	YY_BREAK
+ case 172:
+ YY_RULE_SETUP
+-#line 354 "cftoken.l"
++#line 355 "cftoken.l"
+ { YYD; return(DPD_RETRY); }
+ 	YY_BREAK
+ case 173:
+ YY_RULE_SETUP
+-#line 355 "cftoken.l"
++#line 356 "cftoken.l"
+ { YYD; return(DPD_MAXFAIL); }
+ 	YY_BREAK
+ case 174:
+ YY_RULE_SETUP
+-#line 356 "cftoken.l"
++#line 357 "cftoken.l"
+ { YYD; return(PH1ID); }
+ 	YY_BREAK
+ case 175:
+ YY_RULE_SETUP
+-#line 357 "cftoken.l"
++#line 358 "cftoken.l"
+ { YYD; return(IKE_FRAG); }
+ 	YY_BREAK
+ case 176:
+ YY_RULE_SETUP
+-#line 358 "cftoken.l"
++#line 359 "cftoken.l"
+ { YYD; return(ESP_FRAG); }
+ 	YY_BREAK
+ case 177:
+ YY_RULE_SETUP
+-#line 359 "cftoken.l"
++#line 360 "cftoken.l"
+ { YYD; return(SCRIPT); }
+ 	YY_BREAK
+ case 178:
+ YY_RULE_SETUP
+-#line 360 "cftoken.l"
++#line 361 "cftoken.l"
+ { YYD; return(PHASE1_UP); }
+ 	YY_BREAK
+ case 179:
+ YY_RULE_SETUP
+-#line 361 "cftoken.l"
++#line 362 "cftoken.l"
+ { YYD; return(PHASE1_DOWN); }
+ 	YY_BREAK
+ case 180:
+ YY_RULE_SETUP
+-#line 362 "cftoken.l"
++#line 363 "cftoken.l"
+ { YYD; return(MODE_CFG); }
+ 	YY_BREAK
+ case 181:
+ YY_RULE_SETUP
+-#line 363 "cftoken.l"
++#line 364 "cftoken.l"
+ { YYD; return(WEAK_PHASE1_CHECK); }
+ 	YY_BREAK
+ /* remote proposal */
+ case 182:
+ YY_RULE_SETUP
+-#line 365 "cftoken.l"
++#line 366 "cftoken.l"
+ { BEGIN S_RMTP; YYDB; return(PROPOSAL); }
+ 	YY_BREAK
+ case 183:
+ YY_RULE_SETUP
+-#line 366 "cftoken.l"
++#line 367 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 184:
+ YY_RULE_SETUP
+-#line 367 "cftoken.l"
++#line 368 "cftoken.l"
+ { BEGIN S_RMTS; return(EOC); }
+ 	YY_BREAK
+ case 185:
+ YY_RULE_SETUP
+-#line 368 "cftoken.l"
++#line 369 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ 	YY_BREAK
+ case 186:
+ YY_RULE_SETUP
+-#line 369 "cftoken.l"
++#line 370 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ 	YY_BREAK
+ case 187:
+ YY_RULE_SETUP
+-#line 370 "cftoken.l"
++#line 371 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ 	YY_BREAK
+ case 188:
+ YY_RULE_SETUP
+-#line 371 "cftoken.l"
++#line 372 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 189:
+ YY_RULE_SETUP
+-#line 372 "cftoken.l"
++#line 373 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 190:
+ YY_RULE_SETUP
+-#line 373 "cftoken.l"
++#line 374 "cftoken.l"
+ { YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 191:
+ YY_RULE_SETUP
+-#line 374 "cftoken.l"
++#line 375 "cftoken.l"
+ { YYD; return(DH_GROUP); }
+ 	YY_BREAK
+ case 192:
+ YY_RULE_SETUP
+-#line 375 "cftoken.l"
++#line 376 "cftoken.l"
+ { YYD; return(GSS_ID); }
+ 	YY_BREAK
+ case 193:
+ YY_RULE_SETUP
+-#line 376 "cftoken.l"
++#line 377 "cftoken.l"
+ { YYD; return(GSS_ID); } /* for back compatibility */
+ 	YY_BREAK
+ /* GSS ID encoding type (global) */
+ case 194:
+ YY_RULE_SETUP
+-#line 379 "cftoken.l"
++#line 380 "cftoken.l"
+ { BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); }
+ 	YY_BREAK
+ case 195:
+ YY_RULE_SETUP
+-#line 380 "cftoken.l"
++#line 381 "cftoken.l"
+ { YYD; yylval.num = LC_GSSENC_LATIN1;
+ 				return(GSS_ID_ENCTYPE); }
+ 	YY_BREAK
+ case 196:
+ YY_RULE_SETUP
+-#line 382 "cftoken.l"
++#line 383 "cftoken.l"
+ { YYD; yylval.num = LC_GSSENC_UTF16LE;
+ 				return(GSS_ID_ENCTYPE); }
+ 	YY_BREAK
+ case 197:
+ YY_RULE_SETUP
+-#line 384 "cftoken.l"
++#line 385 "cftoken.l"
+ { BEGIN S_INI; YYDB; return(EOS); }
+ 	YY_BREAK
+ /* parameter */
+ case 198:
+ YY_RULE_SETUP
+-#line 387 "cftoken.l"
++#line 388 "cftoken.l"
+ { YYD; yylval.num = TRUE; return(SWITCH); }
+ 	YY_BREAK
+ case 199:
+ YY_RULE_SETUP
+-#line 388 "cftoken.l"
++#line 389 "cftoken.l"
+ { YYD; yylval.num = FALSE; return(SWITCH); }
+ 	YY_BREAK
+ /* prefix */
+ case 200:
+ YY_RULE_SETUP
+-#line 391 "cftoken.l"
++#line 392 "cftoken.l"
+ {
+ 			YYD;
+ 			yytext++;
+@@ -2947,7 +2970,7 @@ YY_RULE_SETUP
+ /* port number */
+ case 201:
+ YY_RULE_SETUP
+-#line 399 "cftoken.l"
++#line 400 "cftoken.l"
+ {
+ 			char *p = yytext;
+ 			YYD;
+@@ -2961,7 +2984,7 @@ YY_RULE_SETUP
+ /* address range */
+ case 202:
+ YY_RULE_SETUP
+-#line 410 "cftoken.l"
++#line 411 "cftoken.l"
+ {
+                         YYD;
+                         yytext++;
+@@ -2977,318 +3000,318 @@ YY_RULE_SETUP
+ /* upper protocol */
+ case 203:
+ YY_RULE_SETUP
+-#line 423 "cftoken.l"
++#line 424 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); }
+ 	YY_BREAK
+ case 204:
+ YY_RULE_SETUP
+-#line 424 "cftoken.l"
++#line 425 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); }
+ 	YY_BREAK
+ case 205:
+ YY_RULE_SETUP
+-#line 425 "cftoken.l"
++#line 426 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); }
+ 	YY_BREAK
+ case 206:
+ YY_RULE_SETUP
+-#line 426 "cftoken.l"
++#line 427 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); }
+ 	YY_BREAK
+ case 207:
+ YY_RULE_SETUP
+-#line 427 "cftoken.l"
++#line 428 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); }
+ 	YY_BREAK
+ case 208:
+ YY_RULE_SETUP
+-#line 428 "cftoken.l"
++#line 429 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); }
+ 	YY_BREAK
+ case 209:
+ YY_RULE_SETUP
+-#line 429 "cftoken.l"
++#line 430 "cftoken.l"
+ { YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); }
+ 	YY_BREAK
+ /* algorithm type */
+ case 210:
+ YY_RULE_SETUP
+-#line 432 "cftoken.l"
++#line 433 "cftoken.l"
+ { YYD; yylval.num = algtype_des_iv64;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 211:
+ YY_RULE_SETUP
+-#line 433 "cftoken.l"
++#line 434 "cftoken.l"
+ { YYD; yylval.num = algtype_des;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 212:
+ YY_RULE_SETUP
+-#line 434 "cftoken.l"
++#line 435 "cftoken.l"
+ { YYD; yylval.num = algtype_3des;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 213:
+ YY_RULE_SETUP
+-#line 435 "cftoken.l"
++#line 436 "cftoken.l"
+ { YYD; yylval.num = algtype_rc5;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 214:
+ YY_RULE_SETUP
+-#line 436 "cftoken.l"
++#line 437 "cftoken.l"
+ { YYD; yylval.num = algtype_idea;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 215:
+ YY_RULE_SETUP
+-#line 437 "cftoken.l"
++#line 438 "cftoken.l"
+ { YYD; yylval.num = algtype_cast128;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 216:
+ YY_RULE_SETUP
+-#line 438 "cftoken.l"
++#line 439 "cftoken.l"
+ { YYD; yylval.num = algtype_blowfish;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 217:
+ YY_RULE_SETUP
+-#line 439 "cftoken.l"
++#line 440 "cftoken.l"
+ { YYD; yylval.num = algtype_3idea;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 218:
+ YY_RULE_SETUP
+-#line 440 "cftoken.l"
++#line 441 "cftoken.l"
+ { YYD; yylval.num = algtype_des_iv32;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 219:
+ YY_RULE_SETUP
+-#line 441 "cftoken.l"
++#line 442 "cftoken.l"
+ { YYD; yylval.num = algtype_rc4;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 220:
+ YY_RULE_SETUP
+-#line 442 "cftoken.l"
++#line 443 "cftoken.l"
+ { YYD; yylval.num = algtype_null_enc;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 221:
+ YY_RULE_SETUP
+-#line 443 "cftoken.l"
++#line 444 "cftoken.l"
+ { YYD; yylval.num = algtype_null_enc;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 222:
+ YY_RULE_SETUP
+-#line 444 "cftoken.l"
++#line 445 "cftoken.l"
+ { YYD; yylval.num = algtype_aes;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 223:
+ YY_RULE_SETUP
+-#line 445 "cftoken.l"
++#line 446 "cftoken.l"
+ { YYD; yylval.num = algtype_aes;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 224:
+ YY_RULE_SETUP
+-#line 446 "cftoken.l"
++#line 447 "cftoken.l"
+ { YYD; yylval.num = algtype_twofish;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 225:
+ YY_RULE_SETUP
+-#line 447 "cftoken.l"
++#line 448 "cftoken.l"
+ { YYD; yylval.num = algtype_camellia;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 226:
+ YY_RULE_SETUP
+-#line 448 "cftoken.l"
++#line 449 "cftoken.l"
+ { YYD; yylval.num = algtype_non_auth;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 227:
+ YY_RULE_SETUP
+-#line 449 "cftoken.l"
++#line 450 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_md5;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 228:
+ YY_RULE_SETUP
+-#line 450 "cftoken.l"
++#line 451 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha1;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 229:
+ YY_RULE_SETUP
+-#line 451 "cftoken.l"
++#line 452 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_256;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 230:
+ YY_RULE_SETUP
+-#line 452 "cftoken.l"
++#line 453 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_256;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 231:
+ YY_RULE_SETUP
+-#line 453 "cftoken.l"
++#line 454 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_384;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 232:
+ YY_RULE_SETUP
+-#line 454 "cftoken.l"
++#line 455 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_384;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 233:
+ YY_RULE_SETUP
+-#line 455 "cftoken.l"
++#line 456 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_512;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 234:
+ YY_RULE_SETUP
+-#line 456 "cftoken.l"
++#line 457 "cftoken.l"
+ { YYD; yylval.num = algtype_hmac_sha2_512;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 235:
+ YY_RULE_SETUP
+-#line 457 "cftoken.l"
++#line 458 "cftoken.l"
+ { YYD; yylval.num = algtype_des_mac;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 236:
+ YY_RULE_SETUP
+-#line 458 "cftoken.l"
++#line 459 "cftoken.l"
+ { YYD; yylval.num = algtype_kpdk;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 237:
+ YY_RULE_SETUP
+-#line 459 "cftoken.l"
++#line 460 "cftoken.l"
+ { YYD; yylval.num = algtype_md5;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 238:
+ YY_RULE_SETUP
+-#line 460 "cftoken.l"
++#line 461 "cftoken.l"
+ { YYD; yylval.num = algtype_sha1;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 239:
+ YY_RULE_SETUP
+-#line 461 "cftoken.l"
++#line 462 "cftoken.l"
+ { YYD; yylval.num = algtype_tiger;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 240:
+ YY_RULE_SETUP
+-#line 462 "cftoken.l"
++#line 463 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_256;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 241:
+ YY_RULE_SETUP
+-#line 463 "cftoken.l"
++#line 464 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_256;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 242:
+ YY_RULE_SETUP
+-#line 464 "cftoken.l"
++#line 465 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_384;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 243:
+ YY_RULE_SETUP
+-#line 465 "cftoken.l"
++#line 466 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_384;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 244:
+ YY_RULE_SETUP
+-#line 466 "cftoken.l"
++#line 467 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_512;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 245:
+ YY_RULE_SETUP
+-#line 467 "cftoken.l"
++#line 468 "cftoken.l"
+ { YYD; yylval.num = algtype_sha2_512;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 246:
+ YY_RULE_SETUP
+-#line 468 "cftoken.l"
++#line 469 "cftoken.l"
+ { YYD; yylval.num = algtype_oui;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 247:
+ YY_RULE_SETUP
+-#line 469 "cftoken.l"
++#line 470 "cftoken.l"
+ { YYD; yylval.num = algtype_deflate;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 248:
+ YY_RULE_SETUP
+-#line 470 "cftoken.l"
++#line 471 "cftoken.l"
+ { YYD; yylval.num = algtype_lzs;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 249:
+ YY_RULE_SETUP
+-#line 471 "cftoken.l"
++#line 472 "cftoken.l"
+ { YYD; yylval.num = algtype_modp768;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 250:
+ YY_RULE_SETUP
+-#line 472 "cftoken.l"
++#line 473 "cftoken.l"
+ { YYD; yylval.num = algtype_modp1024;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 251:
+ YY_RULE_SETUP
+-#line 473 "cftoken.l"
++#line 474 "cftoken.l"
+ { YYD; yylval.num = algtype_modp1536;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 252:
+ YY_RULE_SETUP
+-#line 474 "cftoken.l"
++#line 475 "cftoken.l"
+ { YYD; yylval.num = algtype_ec2n155;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 253:
+ YY_RULE_SETUP
+-#line 475 "cftoken.l"
++#line 476 "cftoken.l"
+ { YYD; yylval.num = algtype_ec2n185;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 254:
+ YY_RULE_SETUP
+-#line 476 "cftoken.l"
++#line 477 "cftoken.l"
+ { YYD; yylval.num = algtype_modp2048;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 255:
+ YY_RULE_SETUP
+-#line 477 "cftoken.l"
++#line 478 "cftoken.l"
+ { YYD; yylval.num = algtype_modp3072;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 256:
+ YY_RULE_SETUP
+-#line 478 "cftoken.l"
++#line 479 "cftoken.l"
+ { YYD; yylval.num = algtype_modp4096;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 257:
+ YY_RULE_SETUP
+-#line 479 "cftoken.l"
++#line 480 "cftoken.l"
+ { YYD; yylval.num = algtype_modp6144;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 258:
+ YY_RULE_SETUP
+-#line 480 "cftoken.l"
++#line 481 "cftoken.l"
+ { YYD; yylval.num = algtype_modp8192;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 259:
+ YY_RULE_SETUP
+-#line 481 "cftoken.l"
++#line 482 "cftoken.l"
+ { YYD; yylval.num = algtype_psk;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 260:
+ YY_RULE_SETUP
+-#line 482 "cftoken.l"
++#line 483 "cftoken.l"
+ { YYD; yylval.num = algtype_rsasig;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 261:
+ YY_RULE_SETUP
+-#line 483 "cftoken.l"
++#line 484 "cftoken.l"
+ { YYD; yylval.num = algtype_dsssig;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 262:
+ YY_RULE_SETUP
+-#line 484 "cftoken.l"
++#line 485 "cftoken.l"
+ { YYD; yylval.num = algtype_rsaenc;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 263:
+ YY_RULE_SETUP
+-#line 485 "cftoken.l"
++#line 486 "cftoken.l"
+ { YYD; yylval.num = algtype_rsarev;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 264:
+ YY_RULE_SETUP
+-#line 486 "cftoken.l"
++#line 487 "cftoken.l"
+ { YYD; yylval.num = algtype_gssapikrb;	return(ALGORITHMTYPE); }
+ 	YY_BREAK
+ case 265:
+ YY_RULE_SETUP
+-#line 487 "cftoken.l"
++#line 488 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE);
+@@ -3299,7 +3322,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 266:
+ YY_RULE_SETUP
+-#line 494 "cftoken.l"
++#line 495 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE);
+@@ -3310,7 +3333,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 267:
+ YY_RULE_SETUP
+-#line 501 "cftoken.l"
++#line 502 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE);
+@@ -3321,7 +3344,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 268:
+ YY_RULE_SETUP
+-#line 508 "cftoken.l"
++#line 509 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE);
+@@ -3332,7 +3355,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 269:
+ YY_RULE_SETUP
+-#line 515 "cftoken.l"
++#line 516 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE);
+@@ -3343,7 +3366,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 270:
+ YY_RULE_SETUP
+-#line 522 "cftoken.l"
++#line 523 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE);
+@@ -3354,7 +3377,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 271:
+ YY_RULE_SETUP
+-#line 529 "cftoken.l"
++#line 530 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE);
+@@ -3365,7 +3388,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 272:
+ YY_RULE_SETUP
+-#line 536 "cftoken.l"
++#line 537 "cftoken.l"
+ {
+ #ifdef ENABLE_HYBRID
+ 	YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE);
+@@ -3377,105 +3400,105 @@ YY_RULE_SETUP
+ /* identifier type */
+ case 273:
+ YY_RULE_SETUP
+-#line 546 "cftoken.l"
++#line 547 "cftoken.l"
+ { YYD; yywarn("it is obsoleted."); return(VENDORID); }
+ 	YY_BREAK
+ case 274:
+ YY_RULE_SETUP
+-#line 547 "cftoken.l"
++#line 548 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 275:
+ YY_RULE_SETUP
+-#line 548 "cftoken.l"
++#line 549 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 276:
+ YY_RULE_SETUP
+-#line 549 "cftoken.l"
++#line 550 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 277:
+ YY_RULE_SETUP
+-#line 550 "cftoken.l"
++#line 551 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 278:
+ YY_RULE_SETUP
+-#line 551 "cftoken.l"
++#line 552 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 279:
+ YY_RULE_SETUP
+-#line 552 "cftoken.l"
++#line 553 "cftoken.l"
+ { YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ case 280:
+ YY_RULE_SETUP
+-#line 553 "cftoken.l"
++#line 554 "cftoken.l"
+ { YYD; yywarn("certname will be obsoleted in near future."); yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
+ 	YY_BREAK
+ /* identifier qualifier */
+ case 281:
+ YY_RULE_SETUP
+-#line 556 "cftoken.l"
++#line 557 "cftoken.l"
+ { YYD; yylval.num = IDQUAL_TAG;  return(IDENTIFIERQUAL); }
+ 	YY_BREAK
+ case 282:
+ YY_RULE_SETUP
+-#line 557 "cftoken.l"
++#line 558 "cftoken.l"
+ { YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); }
+ 	YY_BREAK
+ /* units */
+ case 283:
+ YY_RULE_SETUP
+-#line 560 "cftoken.l"
++#line 561 "cftoken.l"
+ { YYD; return(UNITTYPE_BYTE); }
+ 	YY_BREAK
+ case 284:
+ YY_RULE_SETUP
+-#line 561 "cftoken.l"
++#line 562 "cftoken.l"
+ { YYD; return(UNITTYPE_KBYTES); }
+ 	YY_BREAK
+ case 285:
+ YY_RULE_SETUP
+-#line 562 "cftoken.l"
++#line 563 "cftoken.l"
+ { YYD; return(UNITTYPE_MBYTES); }
+ 	YY_BREAK
+ case 286:
+ YY_RULE_SETUP
+-#line 563 "cftoken.l"
++#line 564 "cftoken.l"
+ { YYD; return(UNITTYPE_TBYTES); }
+ 	YY_BREAK
+ case 287:
+ YY_RULE_SETUP
+-#line 564 "cftoken.l"
++#line 565 "cftoken.l"
+ { YYD; return(UNITTYPE_SEC); }
+ 	YY_BREAK
+ case 288:
+ YY_RULE_SETUP
+-#line 565 "cftoken.l"
++#line 566 "cftoken.l"
+ { YYD; return(UNITTYPE_MIN); }
+ 	YY_BREAK
+ case 289:
+ YY_RULE_SETUP
+-#line 566 "cftoken.l"
++#line 567 "cftoken.l"
+ { YYD; return(UNITTYPE_HOUR); }
+ 	YY_BREAK
+ /* boolean */
+ case 290:
+ YY_RULE_SETUP
+-#line 569 "cftoken.l"
++#line 570 "cftoken.l"
+ { YYD; yylval.num = TRUE; return(BOOLEAN); }
+ 	YY_BREAK
+ case 291:
+ YY_RULE_SETUP
+-#line 570 "cftoken.l"
++#line 571 "cftoken.l"
+ { YYD; yylval.num = FALSE; return(BOOLEAN); }
+ 	YY_BREAK
+ case 292:
+ YY_RULE_SETUP
+-#line 572 "cftoken.l"
++#line 573 "cftoken.l"
+ {
+ 			char *bp;
+ 
+@@ -3486,7 +3509,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 293:
+ YY_RULE_SETUP
+-#line 580 "cftoken.l"
++#line 581 "cftoken.l"
+ {
+ 			char *p;
+ 
+@@ -3512,7 +3535,7 @@ YY_RULE_SETUP
+ case 294:
+ /* rule 294 can match eol */
+ YY_RULE_SETUP
+-#line 602 "cftoken.l"
++#line 603 "cftoken.l"
+ {
+ 			char *p = yytext;
+ 
+@@ -3532,7 +3555,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 295:
+ YY_RULE_SETUP
+-#line 619 "cftoken.l"
++#line 620 "cftoken.l"
+ {
+ 			YYD;
+ 
+@@ -3566,7 +3589,7 @@ case YY_STATE_EOF(S_RMTS):
+ case YY_STATE_EOF(S_RMTP):
+ case YY_STATE_EOF(S_SA):
+ case YY_STATE_EOF(S_GSSENC):
+-#line 632 "cftoken.l"
++#line 633 "cftoken.l"
+ {
+ 			yy_delete_buffer(YY_CURRENT_BUFFER);
+ 			incstackp--;
+@@ -3594,36 +3617,36 @@ case YY_STATE_EOF(S_GSSENC):
+ /* ... */
+ case 296:
+ YY_RULE_SETUP
+-#line 657 "cftoken.l"
++#line 658 "cftoken.l"
+ { ; }
+ 	YY_BREAK
+ case 297:
+ /* rule 297 can match eol */
+ YY_RULE_SETUP
+-#line 658 "cftoken.l"
++#line 659 "cftoken.l"
+ { incstack[incstackp].lineno++; }
+ 	YY_BREAK
+ case 298:
+ YY_RULE_SETUP
+-#line 659 "cftoken.l"
++#line 660 "cftoken.l"
+ { YYD; }
+ 	YY_BREAK
+ case 299:
+ YY_RULE_SETUP
+-#line 660 "cftoken.l"
++#line 661 "cftoken.l"
+ { return(EOS); }
+ 	YY_BREAK
+ case 300:
+ YY_RULE_SETUP
+-#line 661 "cftoken.l"
++#line 662 "cftoken.l"
+ { yymore(); }
+ 	YY_BREAK
+ case 301:
+ YY_RULE_SETUP
+-#line 663 "cftoken.l"
++#line 664 "cftoken.l"
+ ECHO;
+ 	YY_BREAK
+-#line 3627 "cftoken.c"
++#line 3650 "cftoken.c"
+ 
+ 	case YY_END_OF_BUFFER:
+ 		{
+@@ -4171,9 +4194,19 @@ static void yy_load_buffer_state  (void)
+ 	yyfree((void *) b  );
+ }
+ 
+-#ifndef __cplusplus
++#ifndef _UNISTD_H /* assume unistd.h has isatty() for us */
++#ifdef __cplusplus
++extern "C" {
++#endif
++#ifdef __THROW /* this is a gnuism */
++extern int isatty (int ) __THROW;
++#else
+ extern int isatty (int );
+-#endif /* __cplusplus */
++#endif
++#ifdef __cplusplus
++}
++#endif
++#endif
+     
+ /* Initializes or reinitializes a buffer.
+  * This function is sometimes called more than once on the same buffer,
+@@ -4619,7 +4652,7 @@ void yyfree (void * ptr )
+ 
+ #define YYTABLES_NAME "yytables"
+ 
+-#line 663 "cftoken.l"
++#line 664 "cftoken.l"
+ 
+ 
+ 
diff --git a/package/ipsec-tools/patches/patch-src_racoon_cftoken_l b/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
index 977ba8a37..8ada6f602 100644
--- a/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
+++ b/package/ipsec-tools/patches/patch-src_racoon_cftoken_l
@@ -1,11 +1,10 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/racoon/cftoken.l	2005-11-06 18:18:26.000000000 +0100
-+++ ipsec-tools-0.6.4/src/racoon/cftoken.l	2007-06-28 16:58:31.000000000 +0200
-@@ -105,6 +105,8 @@ static struct include_stack {
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/cftoken.l	2007-09-03 20:07:29.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/cftoken.l	2009-05-29 15:46:06.836399719 +0200
+@@ -104,6 +104,7 @@ static struct include_stack {
  static int incstackp = 0;
  
  static int yy_first_time = 1;
-+
 +int yywrap(void) { return 1; }
  %}
  
diff --git a/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c b/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
index 66f9ba7d2..76c6a62cc 100644
--- a/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
+++ b/package/ipsec-tools/patches/patch-src_racoon_crypto_openssl_c
@@ -1,12 +1,48 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/racoon/crypto_openssl.c	2005-07-12 13:50:15.000000000 +0200
-+++ ipsec-tools-0.6.4/src/racoon/crypto_openssl.c	2007-06-28 17:04:27.000000000 +0200
-@@ -81,7 +81,7 @@
- #ifdef HAVE_OPENSSL_SHA2_H
- #include <openssl/sha2.h>
- #else
--#include "crypto/sha2/sha2.h"
-+#include "missing/crypto/sha2/sha2.h"
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/crypto_openssl.c	2009-04-20 15:33:30.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/crypto_openssl.c	2009-05-29 15:31:04.728378359 +0200
+@@ -63,8 +63,12 @@
+ #ifdef HAVE_OPENSSL_ENGINE_H
+ #include <openssl/engine.h>
  #endif
++#ifndef OPENSSL_NO_BF
+ #include <openssl/blowfish.h>
++#endif
++#ifndef OPENSSL_NO_CAST
+ #include <openssl/cast.h>
++#endif
+ #include <openssl/err.h>
+ #ifdef HAVE_OPENSSL_RC5_H
+ #include <openssl/rc5.h>
+@@ -1347,6 +1351,7 @@ eay_idea_keylen(len)
+ }
  #endif
  
++#ifndef OPENSSL_NO_BF
+ /*
+  * BLOWFISH-CBC
+  */
+@@ -1381,6 +1386,7 @@ eay_bf_keylen(len)
+ 		return -1;
+ 	return len;
+ }
++#endif
+ 
+ #ifdef HAVE_OPENSSL_RC5_H
+ /*
+@@ -1492,6 +1498,7 @@ eay_3des_keylen(len)
+ 	return 192;
+ }
+ 
++#ifndef OPENSSL_NO_CAST
+ /*
+  * CAST-CBC
+  */
+@@ -1526,6 +1533,7 @@ eay_cast_keylen(len)
+ 		return -1;
+ 	return len;
+ }
++#endif
+ 
+ /*
+  * AES(RIJNDAEL)-CBC
diff --git a/package/ipsec-tools/patches/patch-src_racoon_eaytest_c b/package/ipsec-tools/patches/patch-src_racoon_eaytest_c
new file mode 100644
index 000000000..a7d7807c4
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_eaytest_c
@@ -0,0 +1,27 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/eaytest.c	2008-07-16 10:50:02.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/eaytest.c	2009-05-29 15:33:04.286374004 +0200
+@@ -683,19 +683,23 @@ ciphertest(ac, av)
+ 			  eay_aes_encrypt, eay_aes_decrypt) < 0)
+ 	  return -1;
+ 
++#ifndef OPENSSL_NO_BF
+ 	if (ciphertest_1 ("BLOWFISH",
+ 			  &data, 8,
+ 			  &key, key.l,
+ 			  &iv0, 8,
+ 			  eay_bf_encrypt, eay_bf_decrypt) < 0)
+ 	  return -1;
++#endif
+ 
++#ifndef OPENSSL_NO_CAST
+ 	if (ciphertest_1 ("CAST",
+ 			  &data, 8,
+ 			  &key, key.l,
+ 			  &iv0, 8,
+ 			  eay_cast_encrypt, eay_cast_decrypt) < 0)
+ 	  return -1;
++#endif
+ 	
+ #ifdef HAVE_OPENSSL_IDEA_H
+ 	if (ciphertest_1 ("IDEA",
diff --git a/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c b/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c
new file mode 100644
index 000000000..7b612f035
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_isakmp_xauth_c
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/isakmp_xauth.c	2009-04-20 15:35:36.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/isakmp_xauth.c	2009-05-29 15:56:30.460377529 +0200
+@@ -585,7 +585,7 @@ PAM_conv(msg_count, msg, rsp, dontcare)
+ 
+ 	if ((reply = racoon_malloc(sizeof(*reply) * msg_count)) == NULL) 
+ 		return PAM_CONV_ERR;
+-	bzero(reply, sizeof(*reply) * msg_count);
++	memset(reply, 0, sizeof(*reply) * msg_count);
+ 
+ 	for (i = 0; i < msg_count; i++) {
+ 		switch (msg[i]->msg_style) {
diff --git a/package/ipsec-tools/patches/patch-src_racoon_pfkey_c b/package/ipsec-tools/patches/patch-src_racoon_pfkey_c
new file mode 100644
index 000000000..cedbc5cdd
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_pfkey_c
@@ -0,0 +1,18 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/pfkey.c	2008-12-08 07:06:24.000000000 +0100
++++ ipsec-tools-0.7.2/src/racoon/pfkey.c	2009-05-29 15:48:49.201433105 +0200
+@@ -3008,12 +3008,12 @@ addnewsp(mhp)
+ 				struct sockaddr *paddr;
+ 
+ 				paddr = (struct sockaddr *)(xisr + 1);
+-				bcopy(paddr, &(*p_isr)->saidx.src,
++				memcpy(&(*p_isr)->saidx.src, paddr, 
+ 					sysdep_sa_len(paddr));
+ 
+ 				paddr = (struct sockaddr *)((caddr_t)paddr
+ 							+ sysdep_sa_len(paddr));
+-				bcopy(paddr, &(*p_isr)->saidx.dst,
++				memcpy(&(*p_isr)->saidx.dst, paddr, 
+ 					sysdep_sa_len(paddr));
+ 			}
+ 
diff --git a/package/ipsec-tools/patches/patch-src_racoon_privsep_c b/package/ipsec-tools/patches/patch-src_racoon_privsep_c
new file mode 100644
index 000000000..c69abd264
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_privsep_c
@@ -0,0 +1,93 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/privsep.c	2008-12-08 07:06:24.000000000 +0100
++++ ipsec-tools-0.7.2/src/racoon/privsep.c	2009-05-29 15:55:47.787585131 +0200
+@@ -323,7 +323,7 @@ privsep_init(void)
+ 			    strerror(errno));
+ 			goto out;
+ 		}
+-		bzero(reply, sizeof(*reply));
++		memset(reply, 0, sizeof(*reply));
+ 		reply->hdr.ac_cmd = combuf->hdr.ac_cmd;
+ 		reply->hdr.ac_len = sizeof(*reply);
+ 
+@@ -421,7 +421,7 @@ privsep_init(void)
+ 				    strerror(errno));
+ 				goto out;
+ 			}
+-			bzero(envp, (envc + 1) * sizeof(char *));
++			memset(envp, 0, (envc + 1) * sizeof(char *));
+ 
+ 	
+ 			/*
+@@ -716,7 +716,7 @@ privsep_eay_get_pkcs1privkey(path) 
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return NULL;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_EAY_GET_PKCS1PRIVKEY;
+ 	msg->hdr.ac_len = len;
+ 	msg->bufs.buflen[0] = len - sizeof(*msg);
+@@ -797,7 +797,7 @@ privsep_script_exec(script, name, envp)
+ 		return -1;
+ 	}
+ 
+-	bzero(msg, sizeof(*msg));
++	memset(msg, 0, sizeof(*msg));
+ 	msg->hdr.ac_cmd = PRIVSEP_SCRIPT_EXEC;
+ 	msg->hdr.ac_len = sizeof(*msg);
+ 
+@@ -906,7 +906,7 @@ privsep_getpsk(str, keylen)
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return NULL;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_GETPSK;
+ 	msg->hdr.ac_len = len;
+ 
+@@ -960,7 +960,7 @@ privsep_xauth_login_system(usr, pwd)
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return -1;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_XAUTH_LOGIN_SYSTEM;
+ 	msg->hdr.ac_len = len;
+ 
+@@ -1014,7 +1014,7 @@ privsep_accounting_system(port, raddr, u
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return -1;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_ACCOUNTING_SYSTEM;
+ 	msg->hdr.ac_len = len;
+ 	msg->bufs.buflen[0] = sizeof(port);
+@@ -1187,7 +1187,7 @@ privsep_accounting_pam(port, inout)
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return -1;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_ACCOUNTING_PAM;
+ 	msg->hdr.ac_len = len;
+ 	msg->bufs.buflen[0] = sizeof(port);
+@@ -1248,7 +1248,7 @@ privsep_xauth_login_pam(port, raddr, usr
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return -1;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_XAUTH_LOGIN_PAM;
+ 	msg->hdr.ac_len = len;
+ 	msg->bufs.buflen[0] = sizeof(port);
+@@ -1312,7 +1312,7 @@ privsep_cleanup_pam(port)
+ 		    "Cannot allocate memory: %s\n", strerror(errno));
+ 		return;
+ 	}
+-	bzero(msg, len);
++	memset(msg, 0, len);
+ 	msg->hdr.ac_cmd = PRIVSEP_CLEANUP_PAM;
+ 	msg->hdr.ac_len = len;
+ 	msg->bufs.buflen[0] = sizeof(port);
diff --git a/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c b/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c
new file mode 100644
index 000000000..d5d6267c6
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_racoonctl_c
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/racoonctl.c	2009-04-20 15:32:57.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/racoonctl.c	2009-05-29 15:57:45.600377208 +0200
+@@ -785,7 +785,7 @@ f_vpnc(ac, av)
+ 		errx(1, "cannot read source address");
+ 
+ 	/* We get "ip[port]" strip the port */
+-	if ((idx = index(srcaddr, '[')) == NULL) 
++	if ((idx = strchr(srcaddr, '[')) == NULL) 
+ 		errx(1, "unexpected source address format");
+ 	*idx = '\0';
+ 
diff --git a/package/ipsec-tools/patches/patch-src_setkey_token_c b/package/ipsec-tools/patches/patch-src_setkey_token_c
new file mode 100644
index 000000000..1c0231885
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_setkey_token_c
@@ -0,0 +1,707 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/setkey/token.c	2008-07-23 10:26:58.000000000 +0200
++++ ipsec-tools-0.7.2/src/setkey/token.c	2009-05-29 15:26:39.126303087 +0200
+@@ -8,7 +8,7 @@
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 34
++#define YY_FLEX_SUBMINOR_VERSION 35
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -178,13 +178,6 @@ extern FILE *yyin, *yyout;
+ 
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- * Given that the standard has decreed that size_t exists since 1989,
+- * I guess we can afford to depend on it. Manoj.
+- */
+-
+ #ifndef YY_TYPEDEF_YY_SIZE_T
+ #define YY_TYPEDEF_YY_SIZE_T
+ typedef size_t yy_size_t;
+@@ -1069,9 +1062,10 @@ char *yytext;
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
+ #endif
++int yywrap(void) { return 1; }
+ /* common section */
+ 
+-#line 1075 "token.c"
++#line 1069 "token.c"
+ 
+ #define INITIAL 0
+ #define S_PL 1
+@@ -1092,6 +1086,35 @@ char *yytext;
+ 
+ static int yy_init_globals (void );
+ 
++/* Accessor methods to globals.
++   These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
++
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag  );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined  );
++
++FILE *yyget_in (void );
++
++void yyset_in  (FILE * in_str  );
++
++FILE *yyget_out (void );
++
++void yyset_out  (FILE * out_str  );
++
++int yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number  );
++
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+  */
+@@ -1227,10 +1250,10 @@ YY_DECL
+ 	register char *yy_cp, *yy_bp;
+ 	register int yy_act;
+     
+-#line 114 "token.l"
++#line 115 "token.l"
+ 
+ 
+-#line 1234 "token.c"
++#line 1257 "token.c"
+ 
+ 	if ( !(yy_init) )
+ 		{
+@@ -1321,84 +1344,84 @@ do_action:	/* This label is used only to
+ 
+ case 1:
+ YY_RULE_SETUP
+-#line 116 "token.l"
++#line 117 "token.l"
+ { return(ADD); }
+ 	YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 117 "token.l"
++#line 118 "token.l"
+ { return(DELETE); }
+ 	YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 118 "token.l"
++#line 119 "token.l"
+ { return(DELETEALL); }
+ 	YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 119 "token.l"
++#line 120 "token.l"
+ { return(GET); }
+ 	YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 120 "token.l"
++#line 121 "token.l"
+ { return(FLUSH); }
+ 	YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 121 "token.l"
++#line 122 "token.l"
+ { return(DUMP); }
+ 	YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 122 "token.l"
++#line 123 "token.l"
+ { return(EXIT); }
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 123 "token.l"
++#line 124 "token.l"
+ { return(EXIT); }
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 124 "token.l"
++#line 125 "token.l"
+ { return(EXIT); }
+ 	YY_BREAK
+ /* for management SPD */
+ case 10:
+ YY_RULE_SETUP
+-#line 127 "token.l"
++#line 128 "token.l"
+ { return(SPDADD); }
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 128 "token.l"
++#line 129 "token.l"
+ { return(SPDDELETE); }
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 129 "token.l"
++#line 130 "token.l"
+ { return(SPDDUMP); }
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 130 "token.l"
++#line 131 "token.l"
+ { return(SPDFLUSH); }
+ 	YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 131 "token.l"
++#line 132 "token.l"
+ { return(TAGGED); }
+ 	YY_BREAK
+ case 15:
+ YY_RULE_SETUP
+-#line 132 "token.l"
++#line 133 "token.l"
+ { BEGIN S_PL; return(F_POLICY); }
+ 	YY_BREAK
+ case 16:
+ /* rule 16 can match eol */
+ YY_RULE_SETUP
+-#line 133 "token.l"
++#line 134 "token.l"
+ {
+ 			yymore();
+ 
+@@ -1420,13 +1443,13 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 151 "token.l"
++#line 152 "token.l"
+ { BEGIN INITIAL; return(EOT); }
+ 	YY_BREAK
+ /* address resolution flags */
+ case 18:
+ YY_RULE_SETUP
+-#line 154 "token.l"
++#line 155 "token.l"
+ {
+ 			yylval.val.len = strlen(yytext);
+ 			yylval.val.buf = strdup(yytext);
+@@ -1438,37 +1461,37 @@ YY_RULE_SETUP
+ /* security protocols */
+ case 19:
+ YY_RULE_SETUP
+-#line 163 "token.l"
++#line 164 "token.l"
+ { yylval.num = 0; return(PR_AH); }
+ 	YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 164 "token.l"
++#line 165 "token.l"
+ { yylval.num = 0; return(PR_ESP); }
+ 	YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 165 "token.l"
++#line 166 "token.l"
+ { yylval.num = 1; return(PR_AH); }
+ 	YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 166 "token.l"
++#line 167 "token.l"
+ { yylval.num = 1; return(PR_ESP); }
+ 	YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 167 "token.l"
++#line 168 "token.l"
+ { yylval.num = 0; return(PR_ESPUDP); }
+ 	YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 168 "token.l"
++#line 169 "token.l"
+ { yylval.num = 0; return(PR_IPCOMP); }
+ 	YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 169 "token.l"
++#line 170 "token.l"
+ { 
+ 			yylval.num = 0; return(PR_TCP); 
+ 		}
+@@ -1476,72 +1499,72 @@ YY_RULE_SETUP
+ /* authentication alogorithm */
+ case 26:
+ YY_RULE_SETUP
+-#line 174 "token.l"
++#line 175 "token.l"
+ { BEGIN S_AUTHALG; return(F_AUTH); }
+ 	YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 175 "token.l"
++#line 176 "token.l"
+ { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 176 "token.l"
++#line 177 "token.l"
+ { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 29:
+ YY_RULE_SETUP
+-#line 177 "token.l"
++#line 178 "token.l"
+ { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 178 "token.l"
++#line 179 "token.l"
+ { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 179 "token.l"
++#line 180 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 180 "token.l"
++#line 181 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 181 "token.l"
++#line 182 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 182 "token.l"
++#line 183 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 183 "token.l"
++#line 184 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 184 "token.l"
++#line 185 "token.l"
+ { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 37:
+ YY_RULE_SETUP
+-#line 185 "token.l"
++#line 186 "token.l"
+ { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 186 "token.l"
++#line 187 "token.l"
+ { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
+ 	YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 187 "token.l"
++#line 188 "token.l"
+ { 
+ #ifdef SADB_X_AALG_TCP_MD5
+ 				yylval.num = SADB_X_AALG_TCP_MD5; 
+@@ -1552,63 +1575,63 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 194 "token.l"
++#line 195 "token.l"
+ { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
+ 	YY_BREAK
+ /* encryption alogorithm */
+ case 41:
+ YY_RULE_SETUP
+-#line 197 "token.l"
++#line 198 "token.l"
+ { BEGIN S_ENCALG; return(F_ENC); }
+ 	YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 198 "token.l"
++#line 199 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 199 "token.l"
++#line 200 "token.l"
+ { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 200 "token.l"
++#line 201 "token.l"
+ { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
+ 	YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 201 "token.l"
++#line 202 "token.l"
+ { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
+ 	YY_BREAK
+ case 46:
+ YY_RULE_SETUP
+-#line 202 "token.l"
++#line 203 "token.l"
+ { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 203 "token.l"
++#line 204 "token.l"
+ { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 204 "token.l"
++#line 205 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
+ 	YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 205 "token.l"
++#line 206 "token.l"
+ { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
+ 	YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 206 "token.l"
++#line 207 "token.l"
+ { yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 207 "token.l"
++#line 208 "token.l"
+ { 
+ #ifdef SADB_X_EALG_AESCBC
+ 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); 
+@@ -1617,7 +1640,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 212 "token.l"
++#line 213 "token.l"
+ { 
+ #ifdef SADB_X_EALG_AESCBC
+ 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); 
+@@ -1626,12 +1649,12 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 217 "token.l"
++#line 218 "token.l"
+ { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
+ 	YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 218 "token.l"
++#line 219 "token.l"
+ { 
+ #ifdef SADB_X_EALG_CAMELLIACBC
+ 	yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); 
+@@ -1641,152 +1664,152 @@ YY_RULE_SETUP
+ /* compression algorithms */
+ case 55:
+ YY_RULE_SETUP
+-#line 225 "token.l"
++#line 226 "token.l"
+ { return(F_COMP); }
+ 	YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 226 "token.l"
++#line 227 "token.l"
+ { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
+ 	YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 227 "token.l"
++#line 228 "token.l"
+ { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
+ 	YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 228 "token.l"
++#line 229 "token.l"
+ { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
+ 	YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 229 "token.l"
++#line 230 "token.l"
+ { return(F_RAWCPI); }
+ 	YY_BREAK
+ /* extension */
+ case 60:
+ YY_RULE_SETUP
+-#line 232 "token.l"
++#line 233 "token.l"
+ { return(F_MODE); }
+ 	YY_BREAK
+ case 61:
+ YY_RULE_SETUP
+-#line 233 "token.l"
++#line 234 "token.l"
+ { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
+ 	YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 234 "token.l"
++#line 235 "token.l"
+ { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
+ 	YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 235 "token.l"
++#line 236 "token.l"
+ { return(F_REQID); }
+ 	YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 236 "token.l"
++#line 237 "token.l"
+ { return(F_EXT); }
+ 	YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 237 "token.l"
++#line 238 "token.l"
+ { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
+ 	YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 238 "token.l"
++#line 239 "token.l"
+ { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
+ 	YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 239 "token.l"
++#line 240 "token.l"
+ { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
+ 	YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 240 "token.l"
++#line 241 "token.l"
+ { return(NOCYCLICSEQ); }
+ 	YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 241 "token.l"
++#line 242 "token.l"
+ { return(F_REPLAY); }
+ 	YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 242 "token.l"
++#line 243 "token.l"
+ { return(F_LIFETIME_HARD); }
+ 	YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 243 "token.l"
++#line 244 "token.l"
+ { return(F_LIFETIME_SOFT); }
+ 	YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 244 "token.l"
++#line 245 "token.l"
+ { return(F_LIFEBYTE_HARD); }
+ 	YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 245 "token.l"
++#line 246 "token.l"
+ { return(F_LIFEBYTE_SOFT); }
+ 	YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 246 "token.l"
++#line 247 "token.l"
+ { return(SECURITY_CTX); }
+ 	YY_BREAK
+ /* ... */
+ case 75:
+ YY_RULE_SETUP
+-#line 249 "token.l"
++#line 250 "token.l"
+ { return(ANY); }
+ 	YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 250 "token.l"
++#line 251 "token.l"
+ { }
+ 	YY_BREAK
+ case 77:
+ /* rule 77 can match eol */
+ YY_RULE_SETUP
+-#line 251 "token.l"
++#line 252 "token.l"
+ { lineno++; }
+ 	YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 252 "token.l"
++#line 253 "token.l"
+ 
+ 	YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 253 "token.l"
++#line 254 "token.l"
+ { return(EOT); }
+ 	YY_BREAK
+ /* for address parameters: /prefix, [port] */
+ case 80:
+ YY_RULE_SETUP
+-#line 256 "token.l"
++#line 257 "token.l"
+ { return SLASH; }
+ 	YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 257 "token.l"
++#line 258 "token.l"
+ { return BLCL; }
+ 	YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 258 "token.l"
++#line 259 "token.l"
+ { return ELCL; }
+ 	YY_BREAK
+ /* parameter */
+ case 83:
+ YY_RULE_SETUP
+-#line 261 "token.l"
++#line 262 "token.l"
+ {
+ 			char *bp;
+ 
+@@ -1796,7 +1819,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 268 "token.l"
++#line 269 "token.l"
+ {
+ 			yylval.val.buf = strdup(yytext + 2);
+ 			if (!yylval.val.buf)
+@@ -1809,7 +1832,7 @@ YY_RULE_SETUP
+ case 85:
+ /* rule 85 can match eol */
+ YY_RULE_SETUP
+-#line 277 "token.l"
++#line 278 "token.l"
+ {
+ 			char *p = yytext;
+ 			while (*++p != '"') ;
+@@ -1825,7 +1848,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 290 "token.l"
++#line 291 "token.l"
+ {
+ 			yylval.val.len = yyleng;
+ 			yylval.val.buf = strdup(yytext);
+@@ -1836,7 +1859,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 298 "token.l"
++#line 299 "token.l"
+ {
+ 			yylval.val.len = yyleng;
+ 			yylval.val.buf = strdup(yytext);
+@@ -1847,7 +1870,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 306 "token.l"
++#line 307 "token.l"
+ {
+ 			yyfatal("Syntax error");
+ 			/*NOTREACHED*/
+@@ -1855,10 +1878,10 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 311 "token.l"
++#line 312 "token.l"
+ ECHO;
+ 	YY_BREAK
+-#line 1862 "token.c"
++#line 1885 "token.c"
+ case YY_STATE_EOF(INITIAL):
+ case YY_STATE_EOF(S_PL):
+ case YY_STATE_EOF(S_AUTHALG):
+@@ -2411,9 +2434,19 @@ static void yy_load_buffer_state  (void)
+ 	yyfree((void *) b  );
+ }
+ 
+-#ifndef __cplusplus
++#ifndef _UNISTD_H /* assume unistd.h has isatty() for us */
++#ifdef __cplusplus
++extern "C" {
++#endif
++#ifdef __THROW /* this is a gnuism */
++extern int isatty (int ) __THROW;
++#else
+ extern int isatty (int );
+-#endif /* __cplusplus */
++#endif
++#ifdef __cplusplus
++}
++#endif
++#endif
+     
+ /* Initializes or reinitializes a buffer.
+  * This function is sometimes called more than once on the same buffer,
+@@ -2859,7 +2892,7 @@ void yyfree (void * ptr )
+ 
+ #define YYTABLES_NAME "yytables"
+ 
+-#line 311 "token.l"
++#line 312 "token.l"
+ 
+ 
+ 
diff --git a/package/ipsec-tools/patches/patch-src_setkey_token_l b/package/ipsec-tools/patches/patch-src_setkey_token_l
index b73f73fea..e0697835c 100644
--- a/package/ipsec-tools/patches/patch-src_setkey_token_l
+++ b/package/ipsec-tools/patches/patch-src_setkey_token_l
@@ -1,11 +1,10 @@
-$Id$
---- ipsec-tools-0.6.4.orig/src/setkey/token.l	2005-06-29 15:01:30.000000000 +0200
-+++ ipsec-tools-0.6.4/src/setkey/token.l	2007-06-28 16:58:31.000000000 +0200
-@@ -84,6 +84,8 @@
- #ifndef SADB_X_EALG_AESCTR
- #define SADB_X_EALG_AESCTR	(-1)
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/setkey/token.l	2007-08-01 13:52:23.000000000 +0200
++++ ipsec-tools-0.7.2/src/setkey/token.l	2009-05-29 15:25:54.760377400 +0200
+@@ -86,6 +86,7 @@
+ #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
+ #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
  #endif
-+
 +int yywrap(void) { return 1; }
  %}
author	Waldemar Brodkorb <wbx@openadk.org>	2009-05-30 20:39:07 +0200
committer	Waldemar Brodkorb <wbx@openadk.org>	2009-05-30 20:39:07 +0200
commit	ba3359722cbf8aa7b0ed39e1f81d1d74ec88fecd (patch)
tree	10c726d162bc0ded85eb7aeacf8f246bd39ad63a /package/ipsec-tools
parent	bbd610f15a71b27c955175cb98392b114717fd47 (diff)