optimize ipkg package management

- generate ipkg control file from PKG_* variables
- automatically install init scripts from ./files/*.init
  set #PKG pkgname to set the binary package
- rename FWINIT -> INIT
- move postinst and conffiles meta data to ./files
- update the packages to the latest upstream version
- remove some unready or unused package (strongswan,..)

more cleanups needed after allmodconfig

17 files changed, 3016 insertions, 55 deletions

diff --git a/package/ipsec-tools/Config.in b/package/ipsec-tools/Config.in
index b140738b1..7edadda2a 100644
--- a/package/ipsec-tools/Config.in
+++ b/package/ipsec-tools/Config.in
@@ -1,7 +1,6 @@
 config ADK_PACKAGE_IPSEC_TOOLS
 	prompt "ipsec-tools....................... IPsec management tools"
 	tristate
-	depends ADK_LINUX_2_6
 	select ADK_PACKAGE_LIBOPENSSL
 	default n
 	help
diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile
index 5fe7101aa..10a3539e9 100644
--- a/package/ipsec-tools/Makefile
+++ b/package/ipsec-tools/Makefile
@@ -6,19 +6,25 @@
 include ${TOPDIR}/rules.mk
 
 PKG_NAME:=		ipsec-tools
-PKG_VERSION:=		0.6.4
+PKG_VERSION:=		0.7.2
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		d0242a943c82c0cbf28005966ff35e21
+PKG_MD5SUM:=		72861f005746ee27984b2ee715ecc629
+PKG_DESCR:=		IPsec management tools
+PKG_SECTION:=		net
+PKG_DEPENDS:=		libopenssl
+PKG_URL:=		http://ipsec-tools.sourceforge.net
+PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
+
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.bz2
-MASTER_SITES:=		${MASTER_SITE_SOURCEFORGE:=ipsec-tools/}
 
 include ${TOPDIR}/mk/package.mk
 
-$(eval $(call PKG_template,IPSEC_TOOLS,ipsec-tools,${PKG_VERSION}-${PKG_RELEASE}))
+$(eval $(call PKG_template,IPSEC_TOOLS,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 CONFIGURE_STYLE=	gnu
 CONFIGURE_ARGS+=	--with-kernel-headers="${LINUX_DIR}/include" \
 			--without-readline \
+			--disable-security-context \
 			--with-openssl="${STAGING_DIR}/usr" \
 			--without-libradius \
 			--without-libpam
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.conffiles b/package/ipsec-tools/files/ipsec-tools.conffiles
index 434045463..434045463 100644
--- a/package/ipsec-tools/ipkg/ipsec-tools.conffiles
+++ b/package/ipsec-tools/files/ipsec-tools.conffiles
diff --git a/package/ipsec-tools/ipkg/ipsec-tools.control b/package/ipsec-tools/ipkg/ipsec-tools.control
deleted file mode 100644
index c1cade10b..000000000
--- a/package/ipsec-tools/ipkg/ipsec-tools.control
+++ /dev/null
@@ -1,5 +0,0 @@
-Package: ipsec-tools
-Priority: optional
-Section: net
-Depends: libopenssl
-Description: IPsec management tools
diff --git a/package/ipsec-tools/patches/patch-configure b/package/ipsec-tools/patches/patch-configure
index 5ff9866f7..29e65cf5b 100644
--- a/package/ipsec-tools/patches/patch-configure
+++ b/package/ipsec-tools/patches/patch-configure
@@ -1,12 +1,12 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure	2005-12-09 10:03:34.000000000 +0100
-+++ ipsec-tools-0.6.4/configure	2007-06-28 16:58:31.000000000 +0200
-@@ -23147,7 +23147,7 @@ echo "${ECHO_T}${crypto_dir-default}" >&
- 
- if test "x$crypto_dir" != "x"; then
- 	LIBS="$LIBS -L${crypto_dir}/lib"
--	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- echo "$as_me:$LINENO: checking openssl version" >&5
- echo $ECHO_N "checking openssl version... $ECHO_C" >&6
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/configure	2009-04-21 16:41:45.000000000 +0200
++++ ipsec-tools-0.7.2/configure	2009-05-29 15:28:06.991791782 +0200
+@@ -11963,7 +11963,7 @@ echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+ 
+ 
+ 
+-CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
++CFLAGS_ADD="$CFLAGS_ADD -Wall -Wno-unused"
+ 
+ case $host in
+ *netbsd*)
diff --git a/package/ipsec-tools/patches/patch-configure_ac b/package/ipsec-tools/patches/patch-configure_ac
deleted file mode 100644
index d28f9afb7..000000000
--- a/package/ipsec-tools/patches/patch-configure_ac
+++ /dev/null
@@ -1,12 +0,0 @@
-$Id$
---- ipsec-tools-0.6.4.orig/configure.ac	2005-12-09 10:00:28.000000000 +0100
-+++ ipsec-tools-0.6.4/configure.ac	2007-06-28 16:58:31.000000000 +0200
-@@ -183,7 +183,7 @@ AC_MSG_RESULT(${crypto_dir-default})
- 
- if test "x$crypto_dir" != "x"; then
- 	LIBS="$LIBS -L${crypto_dir}/lib"
--	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- AC_MSG_CHECKING(openssl version)
- 
diff --git a/package/ipsec-tools/patches/patch-src_racoon_algorithm_c b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
new file mode 100644
index 000000000..351ce1771
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_algorithm_c
@@ -0,0 +1,44 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/algorithm.c	2006-10-06 14:02:27.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/algorithm.c	2009-05-29 15:51:03.662094000 +0200
+@@ -111,9 +111,11 @@ static struct enc_algorithm oakley_encde
+ 		eay_idea_encrypt,	eay_idea_decrypt,
+ 		eay_idea_weakkey,	eay_idea_keylen, },
+ #endif
++#ifndef OPENSSL_NO_BF
+ { "blowfish",	algtype_blowfish,	OAKLEY_ATTR_ENC_ALG_BLOWFISH,	8,
+ 		eay_bf_encrypt,		eay_bf_decrypt,
+ 		eay_bf_weakkey,		eay_bf_keylen, },
++#endif
+ #ifdef HAVE_OPENSSL_RC5_H
+ { "rc5",	algtype_rc5,		OAKLEY_ATTR_ENC_ALG_RC5,	8,
+ 		eay_rc5_encrypt,	eay_rc5_decrypt,
+@@ -122,9 +124,11 @@ static struct enc_algorithm oakley_encde
+ { "3des",	algtype_3des,		OAKLEY_ATTR_ENC_ALG_3DES,	8,
+ 		eay_3des_encrypt,	eay_3des_decrypt,
+ 		eay_3des_weakkey,	eay_3des_keylen, },
++#ifndef OPENSSL_NO_CAST
+ { "cast",	algtype_cast128,	OAKLEY_ATTR_ENC_ALG_CAST,	8,
+ 		eay_cast_encrypt,	eay_cast_decrypt,
+ 		eay_cast_weakkey,	eay_cast_keylen, },
++#endif
+ { "aes",	algtype_aes,	OAKLEY_ATTR_ENC_ALG_AES,	16,
+ 		eay_aes_encrypt,	eay_aes_decrypt,
+ 		eay_aes_weakkey,	eay_aes_keylen, },
+@@ -150,12 +154,16 @@ static struct enc_algorithm ipsec_encdef
+ 		NULL,			NULL,
+ 		NULL,			eay_rc5_keylen, },
+ #endif
++#ifndef OPENSSL_NO_CAST
+ { "cast",	algtype_cast128,	IPSECDOI_ESP_CAST,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_cast_keylen, },
++#endif
++#ifndef OPENSSL_NO_CAST
+ { "blowfish",	algtype_blowfish,	IPSECDOI_ESP_BLOWFISH,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_bf_keylen, },
++#endif
+ { "des-iv32",	algtype_des_iv32,	IPSECDOI_ESP_DES_IV32,		8,
+ 		NULL,			NULL,
+ 		NULL,			eay_des_keylen, },
diff --git a/package/ipsec-tools/patches/patch-src_racoon_cftoken_c b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
new file mode 100644
index 000000000..29bdf1a77
--- /dev/null
+++ b/package/ipsec-tools/patches/patch-src_racoon_cftoken_c
@@ -0,0 +1,2026 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- ipsec-tools-0.7.2.orig/src/racoon/cftoken.c	2008-07-23 13:49:19.000000000 +0200
++++ ipsec-tools-0.7.2/src/racoon/cftoken.c	2009-05-29 15:50:16.982910033 +0200
+@@ -8,7 +8,7 @@
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 34
++#define YY_FLEX_SUBMINOR_VERSION 35
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -178,13 +178,6 @@ extern FILE *yyin, *yyout;
+ 
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- * Given that the standard has decreed that size_t exists since 1989,
+- * I guess we can afford to depend on it. Manoj.
+- */
+-
+ #ifndef YY_TYPEDEF_YY_SIZE_T
+ #define YY_TYPEDEF_YY_SIZE_T
+ typedef size_t yy_size_t;
+@@ -1634,6 +1627,7 @@ static struct include_stack {
+ static int incstackp = 0;
+ 
+ static int yy_first_time = 1;
++int yywrap(void) { return 1; }
+ /* common seciton */
+ /*octet		(([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */
+ 
+@@ -1642,7 +1636,7 @@ static int yy_first_time = 1;
+ 
+ 
+ 
+-#line 1646 "cftoken.c"
++#line 1640 "cftoken.c"
+ 
+ #define INITIAL 0
+ #define S_INI 1
+@@ -1679,6 +1673,35 @@ static int yy_first_time = 1;
+ 
+ static int yy_init_globals (void );
+ 
++/* Accessor methods to globals.
++   These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
++
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag  );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined  );
++
++FILE *yyget_in (void );
++
++void yyset_in  (FILE * in_str  );
++
++FILE *yyget_out (void );
++
++void yyset_out  (FILE * out_str  );
++
++int yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number  );
++
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+  */
+@@ -1814,7 +1837,7 @@ YY_DECL
+ 	register char *yy_cp, *yy_bp;
+ 	register int yy_act;
+     
+-#line 142 "cftoken.l"
++#line 143 "cftoken.l"
+ 
+ 
+ 	if (yy_first_time) {
+@@ -1824,7 +1847,7 @@ YY_DECL
+ 
+ 
+ 	/* privsep */
+-#line 1828 "cftoken.c"
++#line 1851 "cftoken.c"
+ 
+ 	if ( !(yy_init) )
+ 		{
+@@ -1915,1028 +1938,1028 @@ do_action:	/* This label is used only to
+ 
+ case 1:
+ YY_RULE_SETUP
+-#line 151 "cftoken.l"
++#line 152 "cftoken.l"
+ { BEGIN S_PRIV; YYDB; return(PRIVSEP); }
+ 	YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 152 "cftoken.l"
++#line 153 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 153 "cftoken.l"
++#line 154 "cftoken.l"
+ { YYD; return(USER); }
+ 	YY_BREAK
+ case 4:
+ YY_RULE_SETUP
+-#line 154 "cftoken.l"
++#line 155 "cftoken.l"
+ { YYD; return(GROUP); }
+ 	YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 155 "cftoken.l"
++#line 156 "cftoken.l"
+ { YYD; return(CHROOT); }
+ 	YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 156 "cftoken.l"
++#line 157 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* path */
+ case 7:
+ YY_RULE_SETUP
+-#line 159 "cftoken.l"
++#line 160 "cftoken.l"
+ { BEGIN S_PTH; YYDB; return(PATH); }
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 160 "cftoken.l"
++#line 161 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_INCLUDE;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 162 "cftoken.l"
++#line 163 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PSK;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 10:
+ YY_RULE_SETUP
+-#line 164 "cftoken.l"
++#line 165 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_CERT;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 166 "cftoken.l"
++#line 167 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_SCRIPT;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 168 "cftoken.l"
++#line 169 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_BACKUPSA;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 170 "cftoken.l"
++#line 171 "cftoken.l"
+ { YYD; yylval.num = LC_PATHTYPE_PIDFILE;
+ 				return(PATHTYPE); }
+ 	YY_BREAK
+ case 14:
+ YY_RULE_SETUP
+-#line 172 "cftoken.l"
++#line 173 "cftoken.l"
+ { BEGIN S_INI; YYDB; return(EOS); }
+ 	YY_BREAK
+ /* include */
+ case 15:
+ YY_RULE_SETUP
+-#line 175 "cftoken.l"
++#line 176 "cftoken.l"
+ { YYDB; return(INCLUDE); }
+ 	YY_BREAK
+ /* self information */
+ case 16:
+ YY_RULE_SETUP
+-#line 178 "cftoken.l"
++#line 179 "cftoken.l"
+ { BEGIN S_INF; YYDB; yywarn("it is obsoleted.  use \"my_identifier\" in each remote directives."); return(IDENTIFIER); }
+ 	YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 179 "cftoken.l"
++#line 180 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ /* special */
+ case 18:
+ YY_RULE_SETUP
+-#line 182 "cftoken.l"
++#line 183 "cftoken.l"
+ { YYDB; return(COMPLEX_BUNDLE); }
+ 	YY_BREAK
+ /* logging */
+ case 19:
+ YY_RULE_SETUP
+-#line 185 "cftoken.l"
++#line 186 "cftoken.l"
+ { BEGIN S_LOG; YYDB; return(LOGGING); }
+ 	YY_BREAK
+ case 20:
+ YY_RULE_SETUP
+-#line 186 "cftoken.l"
++#line 187 "cftoken.l"
+ { YYD; yylval.num = LLV_ERROR; return(LOGLEV); }
+ 	YY_BREAK
+ case 21:
+ YY_RULE_SETUP
+-#line 187 "cftoken.l"
++#line 188 "cftoken.l"
+ { YYD; yylval.num = LLV_WARNING; return(LOGLEV); }
+ 	YY_BREAK
+ case 22:
+ YY_RULE_SETUP
+-#line 188 "cftoken.l"
++#line 189 "cftoken.l"
+ { YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); }
+ 	YY_BREAK
+ case 23:
+ YY_RULE_SETUP
+-#line 189 "cftoken.l"
++#line 190 "cftoken.l"
+ { YYD; yylval.num = LLV_INFO; return(LOGLEV); }
+ 	YY_BREAK
+ case 24:
+ YY_RULE_SETUP
+-#line 190 "cftoken.l"
++#line 191 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG; return(LOGLEV); }
+ 	YY_BREAK
+ case 25:
+ YY_RULE_SETUP
+-#line 191 "cftoken.l"
++#line 192 "cftoken.l"
+ { YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 26:
+ YY_RULE_SETUP
+-#line 192 "cftoken.l"
++#line 193 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 27:
+ YY_RULE_SETUP
+-#line 193 "cftoken.l"
++#line 194 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"debug2\""); yylval.num = LLV_DEBUG2; return(LOGLEV); }
+ 	YY_BREAK
+ case 28:
+ YY_RULE_SETUP
+-#line 194 "cftoken.l"
++#line 195 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ /* padding */
+ case 29:
+ YY_RULE_SETUP
+-#line 197 "cftoken.l"
++#line 198 "cftoken.l"
+ { BEGIN S_PAD; YYDB; return(PADDING); }
+ 	YY_BREAK
+ case 30:
+ YY_RULE_SETUP
+-#line 198 "cftoken.l"
++#line 199 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 31:
+ YY_RULE_SETUP
+-#line 199 "cftoken.l"
++#line 200 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZE); }
+ 	YY_BREAK
+ case 32:
+ YY_RULE_SETUP
+-#line 200 "cftoken.l"
++#line 201 "cftoken.l"
+ { YYD; return(PAD_RANDOMIZELEN); }
+ 	YY_BREAK
+ case 33:
+ YY_RULE_SETUP
+-#line 201 "cftoken.l"
++#line 202 "cftoken.l"
+ { YYD; return(PAD_MAXLEN); }
+ 	YY_BREAK
+ case 34:
+ YY_RULE_SETUP
+-#line 202 "cftoken.l"
++#line 203 "cftoken.l"
+ { YYD; return(PAD_STRICT); }
+ 	YY_BREAK
+ case 35:
+ YY_RULE_SETUP
+-#line 203 "cftoken.l"
++#line 204 "cftoken.l"
+ { YYD; return(PAD_EXCLTAIL); }
+ 	YY_BREAK
+ case 36:
+ YY_RULE_SETUP
+-#line 204 "cftoken.l"
++#line 205 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* listen */
+ case 37:
+ YY_RULE_SETUP
+-#line 207 "cftoken.l"
++#line 208 "cftoken.l"
+ { BEGIN S_LST; YYDB; return(LISTEN); }
+ 	YY_BREAK
+ case 38:
+ YY_RULE_SETUP
+-#line 208 "cftoken.l"
++#line 209 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 39:
+ YY_RULE_SETUP
+-#line 209 "cftoken.l"
++#line 210 "cftoken.l"
+ { YYD; return(X_ISAKMP); }
+ 	YY_BREAK
+ case 40:
+ YY_RULE_SETUP
+-#line 210 "cftoken.l"
++#line 211 "cftoken.l"
+ { YYD; return(X_ISAKMP_NATT); }
+ 	YY_BREAK
+ case 41:
+ YY_RULE_SETUP
+-#line 211 "cftoken.l"
++#line 212 "cftoken.l"
+ { YYD; return(X_ADMIN); }
+ 	YY_BREAK
+ case 42:
+ YY_RULE_SETUP
+-#line 212 "cftoken.l"
++#line 213 "cftoken.l"
+ { YYD; return(ADMINSOCK); }
+ 	YY_BREAK
+ case 43:
+ YY_RULE_SETUP
+-#line 213 "cftoken.l"
++#line 214 "cftoken.l"
+ { YYD; return(DISABLED); }
+ 	YY_BREAK
+ case 44:
+ YY_RULE_SETUP
+-#line 214 "cftoken.l"
++#line 215 "cftoken.l"
+ { YYD; return(STRICT_ADDRESS); }
+ 	YY_BREAK
+ case 45:
+ YY_RULE_SETUP
+-#line 215 "cftoken.l"
++#line 216 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* ldap config */
+ case 46:
+ YY_RULE_SETUP
+-#line 218 "cftoken.l"
++#line 219 "cftoken.l"
+ { BEGIN S_LDAP; YYDB; return(LDAPCFG); }
+ 	YY_BREAK
+ case 47:
+ YY_RULE_SETUP
+-#line 219 "cftoken.l"
++#line 220 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 48:
+ YY_RULE_SETUP
+-#line 220 "cftoken.l"
++#line 221 "cftoken.l"
+ { YYD; return(LDAP_PVER); }
+ 	YY_BREAK
+ case 49:
+ YY_RULE_SETUP
+-#line 221 "cftoken.l"
++#line 222 "cftoken.l"
+ { YYD; return(LDAP_HOST); }
+ 	YY_BREAK
+ case 50:
+ YY_RULE_SETUP
+-#line 222 "cftoken.l"
++#line 223 "cftoken.l"
+ { YYD; return(LDAP_PORT); }
+ 	YY_BREAK
+ case 51:
+ YY_RULE_SETUP
+-#line 223 "cftoken.l"
++#line 224 "cftoken.l"
+ { YYD; return(LDAP_BASE); }
+ 	YY_BREAK
+ case 52:
+ YY_RULE_SETUP
+-#line 224 "cftoken.l"
++#line 225 "cftoken.l"
+ { YYD; return(LDAP_SUBTREE); }
+ 	YY_BREAK
+ case 53:
+ YY_RULE_SETUP
+-#line 225 "cftoken.l"
++#line 226 "cftoken.l"
+ { YYD; return(LDAP_BIND_DN); }
+ 	YY_BREAK
+ case 54:
+ YY_RULE_SETUP
+-#line 226 "cftoken.l"
++#line 227 "cftoken.l"
+ { YYD; return(LDAP_BIND_PW); }
+ 	YY_BREAK
+ case 55:
+ YY_RULE_SETUP
+-#line 227 "cftoken.l"
++#line 228 "cftoken.l"
+ { YYD; return(LDAP_ATTR_USER); }
+ 	YY_BREAK
+ case 56:
+ YY_RULE_SETUP
+-#line 228 "cftoken.l"
++#line 229 "cftoken.l"
+ { YYD; return(LDAP_ATTR_ADDR); }
+ 	YY_BREAK
+ case 57:
+ YY_RULE_SETUP
+-#line 229 "cftoken.l"
++#line 230 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MASK); }
+ 	YY_BREAK
+ case 58:
+ YY_RULE_SETUP
+-#line 230 "cftoken.l"
++#line 231 "cftoken.l"
+ { YYD; return(LDAP_ATTR_GROUP); }
+ 	YY_BREAK
+ case 59:
+ YY_RULE_SETUP
+-#line 231 "cftoken.l"
++#line 232 "cftoken.l"
+ { YYD; return(LDAP_ATTR_MEMBER); }
+ 	YY_BREAK
+ case 60:
+ YY_RULE_SETUP
+-#line 232 "cftoken.l"
++#line 233 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* mode_cfg */
+ case 61:
+ YY_RULE_SETUP
+-#line 235 "cftoken.l"
++#line 236 "cftoken.l"
+ { BEGIN S_CFG; YYDB; return(MODECFG); }
+ 	YY_BREAK
+ case 62:
+ YY_RULE_SETUP
+-#line 236 "cftoken.l"
++#line 237 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 63:
+ YY_RULE_SETUP
+-#line 237 "cftoken.l"
++#line 238 "cftoken.l"
+ { YYD; return(CFG_NET4); }
+ 	YY_BREAK
+ case 64:
+ YY_RULE_SETUP
+-#line 238 "cftoken.l"
++#line 239 "cftoken.l"
+ { YYD; return(CFG_MASK4); }
+ 	YY_BREAK
+ case 65:
+ YY_RULE_SETUP
+-#line 239 "cftoken.l"
++#line 240 "cftoken.l"
+ { YYD; return(CFG_DNS4); }
+ 	YY_BREAK
+ case 66:
+ YY_RULE_SETUP
+-#line 240 "cftoken.l"
++#line 241 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ 	YY_BREAK
+ case 67:
+ YY_RULE_SETUP
+-#line 241 "cftoken.l"
++#line 242 "cftoken.l"
+ { YYD; return(CFG_NBNS4); }
+ 	YY_BREAK
+ case 68:
+ YY_RULE_SETUP
+-#line 242 "cftoken.l"
++#line 243 "cftoken.l"
+ { YYD; return(CFG_DEFAULT_DOMAIN); }
+ 	YY_BREAK
+ case 69:
+ YY_RULE_SETUP
+-#line 243 "cftoken.l"
++#line 244 "cftoken.l"
+ { YYD; return(CFG_AUTH_SOURCE); }
+ 	YY_BREAK
+ case 70:
+ YY_RULE_SETUP
+-#line 244 "cftoken.l"
++#line 245 "cftoken.l"
+ { YYD; return(CFG_AUTH_GROUPS); }
+ 	YY_BREAK
+ case 71:
+ YY_RULE_SETUP
+-#line 245 "cftoken.l"
++#line 246 "cftoken.l"
+ { YYD; return(CFG_GROUP_SOURCE); }
+ 	YY_BREAK
+ case 72:
+ YY_RULE_SETUP
+-#line 246 "cftoken.l"
++#line 247 "cftoken.l"
+ { YYD; return(CFG_CONF_SOURCE); }
+ 	YY_BREAK
+ case 73:
+ YY_RULE_SETUP
+-#line 247 "cftoken.l"
++#line 248 "cftoken.l"
+ { YYD; return(CFG_ACCOUNTING); }
+ 	YY_BREAK
+ case 74:
+ YY_RULE_SETUP
+-#line 248 "cftoken.l"
++#line 249 "cftoken.l"
+ { YYD; return(CFG_SYSTEM); }
+ 	YY_BREAK
+ case 75:
+ YY_RULE_SETUP
+-#line 249 "cftoken.l"
++#line 250 "cftoken.l"
+ { YYD; return(CFG_LOCAL); }
+ 	YY_BREAK
+ case 76:
+ YY_RULE_SETUP
+-#line 250 "cftoken.l"
++#line 251 "cftoken.l"
+ { YYD; return(CFG_NONE); }
+ 	YY_BREAK
+ case 77:
+ YY_RULE_SETUP
+-#line 251 "cftoken.l"
++#line 252 "cftoken.l"
+ { YYD; return(CFG_RADIUS); }
+ 	YY_BREAK
+ case 78:
+ YY_RULE_SETUP
+-#line 252 "cftoken.l"
++#line 253 "cftoken.l"
+ { YYD; return(CFG_PAM); }
+ 	YY_BREAK
+ case 79:
+ YY_RULE_SETUP
+-#line 253 "cftoken.l"
++#line 254 "cftoken.l"
+ { YYD; return(CFG_LDAP); }
+ 	YY_BREAK
+ case 80:
+ YY_RULE_SETUP
+-#line 254 "cftoken.l"
++#line 255 "cftoken.l"
+ { YYD; return(CFG_POOL_SIZE); }
+ 	YY_BREAK
+ case 81:
+ YY_RULE_SETUP
+-#line 255 "cftoken.l"
++#line 256 "cftoken.l"
+ { YYD; return(CFG_MOTD); }
+ 	YY_BREAK
+ case 82:
+ YY_RULE_SETUP
+-#line 256 "cftoken.l"
++#line 257 "cftoken.l"
+ { YYD; return(CFG_AUTH_THROTTLE); }
+ 	YY_BREAK
+ case 83:
+ YY_RULE_SETUP
+-#line 257 "cftoken.l"
++#line 258 "cftoken.l"
+ { YYD; return(CFG_SPLIT_NETWORK); }
+ 	YY_BREAK
+ case 84:
+ YY_RULE_SETUP
+-#line 258 "cftoken.l"
++#line 259 "cftoken.l"
+ { YYD; return(CFG_SPLIT_LOCAL); }
+ 	YY_BREAK
+ case 85:
+ YY_RULE_SETUP
+-#line 259 "cftoken.l"
++#line 260 "cftoken.l"
+ { YYD; return(CFG_SPLIT_INCLUDE); }
+ 	YY_BREAK
+ case 86:
+ YY_RULE_SETUP
+-#line 260 "cftoken.l"
++#line 261 "cftoken.l"
+ { YYD; return(CFG_SPLIT_DNS); }
+ 	YY_BREAK
+ case 87:
+ YY_RULE_SETUP
+-#line 261 "cftoken.l"
++#line 262 "cftoken.l"
+ { YYD; return(CFG_PFS_GROUP); }
+ 	YY_BREAK
+ case 88:
+ YY_RULE_SETUP
+-#line 262 "cftoken.l"
++#line 263 "cftoken.l"
+ { YYD; return(CFG_SAVE_PASSWD); }
+ 	YY_BREAK
+ case 89:
+ YY_RULE_SETUP
+-#line 263 "cftoken.l"
++#line 264 "cftoken.l"
+ { YYD; return(COMMA); }
+ 	YY_BREAK
+ case 90:
+ YY_RULE_SETUP
+-#line 264 "cftoken.l"
++#line 265 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* timer */
+ case 91:
+ YY_RULE_SETUP
+-#line 267 "cftoken.l"
++#line 268 "cftoken.l"
+ { BEGIN S_RTRY; YYDB; return(RETRY); }
+ 	YY_BREAK
+ case 92:
+ YY_RULE_SETUP
+-#line 268 "cftoken.l"
++#line 269 "cftoken.l"
+ { return(BOC); }
+ 	YY_BREAK
+ case 93:
+ YY_RULE_SETUP
+-#line 269 "cftoken.l"
++#line 270 "cftoken.l"
+ { YYD; return(RETRY_COUNTER); }
+ 	YY_BREAK
+ case 94:
+ YY_RULE_SETUP
+-#line 270 "cftoken.l"
++#line 271 "cftoken.l"
+ { YYD; return(RETRY_INTERVAL); }
+ 	YY_BREAK
+ case 95:
+ YY_RULE_SETUP
+-#line 271 "cftoken.l"
++#line 272 "cftoken.l"
+ { YYD; return(RETRY_PERSEND); }
+ 	YY_BREAK
+ case 96:
+ YY_RULE_SETUP
+-#line 272 "cftoken.l"
++#line 273 "cftoken.l"
+ { YYD; return(RETRY_PHASE1); }
+ 	YY_BREAK
+ case 97:
+ YY_RULE_SETUP
+-#line 273 "cftoken.l"
++#line 274 "cftoken.l"
+ { YYD; return(RETRY_PHASE2); }
+ 	YY_BREAK
+ case 98:
+ YY_RULE_SETUP
+-#line 274 "cftoken.l"
++#line 275 "cftoken.l"
+ { YYD; return(NATT_KA); }
+ 	YY_BREAK
+ case 99:
+ YY_RULE_SETUP
+-#line 275 "cftoken.l"
++#line 276 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ /* sainfo */
+ case 100:
+ YY_RULE_SETUP
+-#line 278 "cftoken.l"
++#line 279 "cftoken.l"
+ { BEGIN S_SAINF; YYDB; return(SAINFO); }
+ 	YY_BREAK
+ case 101:
+ YY_RULE_SETUP
+-#line 279 "cftoken.l"
++#line 280 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ 	YY_BREAK
+ case 102:
+ YY_RULE_SETUP
+-#line 280 "cftoken.l"
++#line 281 "cftoken.l"
+ { YYD; return(PORTANY); }
+ 	YY_BREAK
+ case 103:
+ YY_RULE_SETUP
+-#line 281 "cftoken.l"
++#line 282 "cftoken.l"
+ { YYD; return(ANY); }
+ 	YY_BREAK
+ case 104:
+ YY_RULE_SETUP
+-#line 282 "cftoken.l"
++#line 283 "cftoken.l"
+ { YYD; return(FROM); }
+ 	YY_BREAK
+ case 105:
+ YY_RULE_SETUP
+-#line 283 "cftoken.l"
++#line 284 "cftoken.l"
+ { YYD; return(GROUP); }
+ 	YY_BREAK
+ /* sainfo spec */
+ case 106:
+ YY_RULE_SETUP
+-#line 285 "cftoken.l"
++#line 286 "cftoken.l"
+ { BEGIN S_SAINFS; return(BOC); }
+ 	YY_BREAK
+ case 107:
+ YY_RULE_SETUP
+-#line 286 "cftoken.l"
++#line 287 "cftoken.l"
+ { BEGIN S_INI; return(EOS); }
+ 	YY_BREAK
+ case 108:
+ YY_RULE_SETUP
+-#line 287 "cftoken.l"
++#line 288 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ case 109:
+ YY_RULE_SETUP
+-#line 288 "cftoken.l"
++#line 289 "cftoken.l"
+ { YYD; return(PFS_GROUP); }
+ 	YY_BREAK
+ case 110:
+ YY_RULE_SETUP
+-#line 289 "cftoken.l"
++#line 290 "cftoken.l"
+ { YYD; return(REMOTEID); }
+ 	YY_BREAK
+ case 111:
+ YY_RULE_SETUP
+-#line 290 "cftoken.l"
++#line 291 "cftoken.l"
+ { YYD; yywarn("it is obsoleted.  use \"my_identifier\"."); return(IDENTIFIER); }
+ 	YY_BREAK
+ case 112:
+ YY_RULE_SETUP
+-#line 291 "cftoken.l"
++#line 292 "cftoken.l"
+ { YYD; return(MY_IDENTIFIER); }
+ 	YY_BREAK
+ case 113:
+ YY_RULE_SETUP
+-#line 292 "cftoken.l"
++#line 293 "cftoken.l"
+ { YYD; return(LIFETIME); }
+ 	YY_BREAK
+ case 114:
+ YY_RULE_SETUP
+-#line 293 "cftoken.l"
++#line 294 "cftoken.l"
+ { YYD; return(LIFETYPE_TIME); }
+ 	YY_BREAK
+ case 115:
+ YY_RULE_SETUP
+-#line 294 "cftoken.l"
++#line 295 "cftoken.l"
+ { YYD; return(LIFETYPE_BYTE); }
+ 	YY_BREAK
+ case 116:
+ YY_RULE_SETUP
+-#line 295 "cftoken.l"
++#line 296 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 117:
+ YY_RULE_SETUP
+-#line 296 "cftoken.l"
++#line 297 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 118:
+ YY_RULE_SETUP
+-#line 297 "cftoken.l"
++#line 298 "cftoken.l"
+ { YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
+ 	YY_BREAK
+ case 119:
+ YY_RULE_SETUP
+-#line 298 "cftoken.l"
++#line 299 "cftoken.l"
+ { YYD; return(COMMA); }
+ 	YY_BREAK
+ /* remote */
+ case 120:
+ YY_RULE_SETUP
+-#line 301 "cftoken.l"
++#line 302 "cftoken.l"
+ { BEGIN S_RMT; YYDB; return(REMOTE); }
+ 	YY_BREAK
+ case 121:
+ YY_RULE_SETUP
+-#line 302 "cftoken.l"
++#line 303 "cftoken.l"
+ { YYD; return(ANONYMOUS); }
+ 	YY_BREAK
+ case 122:
+ YY_RULE_SETUP
+-#line 303 "cftoken.l"
++#line 304 "cftoken.l"
+ { YYD; return(INHERIT); }
+ 	YY_BREAK
+ /* remote spec */
+ case 123:
+ YY_RULE_SETUP
+-#line 305 "cftoken.l"
++#line 306 "cftoken.l"
+ { BEGIN S_RMTS; return(BOC); }
+ 	YY_BREAK
+ case 124:
+ YY_RULE_SETUP
+-#line 306 "cftoken.l"
++#line 307 "cftoken.l"
+ { BEGIN S_INI; return(EOC); }
+ 	YY_BREAK
+ case 125:
+ YY_RULE_SETUP
+-#line 307 "cftoken.l"
++#line 308 "cftoken.l"
+ { YYD; return(EXCHANGE_MODE); }
+ 	YY_BREAK
+ case 126:
+ YY_RULE_SETUP
+-#line 308 "cftoken.l"
++#line 309 "cftoken.l"
+ { YYD; /* XXX ignored, but to be handled. */ ; }
+ 	YY_BREAK
+ case 127:
+ YY_RULE_SETUP
+-#line 309 "cftoken.l"
++#line 310 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 128:
+ YY_RULE_SETUP
+-#line 310 "cftoken.l"
++#line 311 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 129:
+ YY_RULE_SETUP
+-#line 311 "cftoken.l"
++#line 312 "cftoken.l"
+ { YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); }
+ 	YY_BREAK
+ case 130:
+ YY_RULE_SETUP
+-#line 312 "cftoken.l"
++#line 313 "cftoken.l"
+ { YYD; return(DOI); }
+ 	YY_BREAK
+ case 131:
+ YY_RULE_SETUP
+-#line 313 "cftoken.l"
++#line 314 "cftoken.l"
+ { YYD; yylval.num = IPSEC_DOI; return(DOITYPE); }
+ 	YY_BREAK
+ case 132:
+ YY_RULE_SETUP
+-#line 314 "cftoken.l"
++#line 315 "cftoken.l"
+ { YYD; return(SITUATION); }
+ 	YY_BREAK
+ case 133:
+ YY_RULE_SETUP
+-#line 315 "cftoken.l"
++#line 316 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); }
+ 	YY_BREAK
+ case 134:
+ YY_RULE_SETUP
+-#line 316 "cftoken.l"
++#line 317 "cftoken.l"
+ { YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); }
+ 	YY_BREAK
+ case 135:
+ YY_RULE_SETUP
+-#line 317 "cftoken.l"
++#line 318 "cftoken.l"
+ { YYD; yylval.num = IPS