Lines Matching full:fr
21 #define DOALL(x) for (fr = frc; fr != NULL; fr = fr->fr_next) { x }
22 #define DOREM(x) for (; fr != NULL; fr = fr->fr_next) { x }
55 frentry_t *fr = NULL, *frc = NULL, *frtop = NULL, *frold = NULL; variable
74 frentry_t fr; member
208 line: rule { while ((fr = frtop) != NULL) {
209 frtop = fr->fr_next;
210 fr->fr_next = NULL;
211 if ((fr->fr_type == FR_T_IPF) &&
212 (fr->fr_ip.fi_v == 0))
213 fr->fr_mip.fi_v = 0;
215 (*ipfaddfunc)(ipffd, ipfioctls[IPL_LOGIPF], fr);
216 fr->fr_next = frold;
217 frold = fr;
259 markin: IPFY_IN { fr->fr_flags |= FR_INQUE; }
263 IPFY_OUT { fr->fr_flags |= FR_OUTQUE; }
326 '@' YY_NUMBER { fr->fr_hits = (U_QUAD_T)$2 + 1; }
330 | YY_NUMBER { fr->fr_collect = $1; }
334 | IPFY_PASS { fr->fr_flags |= FR_PASS; }
335 | IPFY_NOMATCH { fr->fr_flags |= FR_NOMATCH; }
337 | IPFY_COUNT { fr->fr_flags |= FR_ACCOUNT; }
338 | decaps { fr->fr_flags |= FR_DECAPSULATE; }
340 | IPFY_SKIP YY_NUMBER { fr->fr_flags |= FR_SKIP;
341 fr->fr_arg = $2; }
343 | IPFY_CALL IPFY_NOW func { fr->fr_flags |= FR_CALLNOW; }
351 IPFY_BLOCK { fr->fr_flags = FR_BLOCK; }
354 IPFY_RETICMP { fr->fr_flags |= FR_RETICMP; }
355 | IPFY_RETICMP returncode { fr->fr_flags |= FR_RETICMP; }
356 | IPFY_RETICMPASDST { fr->fr_flags |= FR_FAKEICMP; }
357 | IPFY_RETICMPASDST returncode { fr->fr_flags |= FR_FAKEICMP; }
358 | IPFY_RETRST { fr->fr_flags |= FR_RETRST; }
363 { fr->fr_icode = atoi($4); }
366 log: IPFY_LOG { fr->fr_flags |= FR_LOG; }
367 | IPFY_LOG logoptions { fr->fr_flags |= FR_LOG; }
370 auth: IPFY_AUTH { fr->fr_flags |= FR_AUTH; }
371 | IPFY_AUTH blockreturn { fr->fr_flags |= FR_AUTH;}
372 | IPFY_PREAUTH { fr->fr_flags |= FR_PREAUTH; }
376 { fr->fr_func = nametokva($1, ipfioctls[IPL_LOGIPF]);
377 fr->fr_arg = $3;
410 tos: | settos YY_NUMBER { DOALL(fr->fr_tos = $2; fr->fr_mtos = 0xff;) }
411 | settos YY_HEX { DOALL(fr->fr_tos = $2; fr->fr_mtos = 0xff;) }
419 YY_NUMBER { DOALL(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
420 | YY_HEX { DOREM(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
422 { DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
424 { DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
428 { DOALL(fr->fr_ttl = $2; fr->fr_mttl = 0xff;) }
432 lstart: '{' { newlist = 1; fr = frc; added = 0; }
441 fr = addrule();
455 YY_NUMBER { DOREM(fr->fr_ttl = $1; fr->fr_mttl = 0xff;) }
457 { DOREM(fr->fr_ttl = $3; fr->fr_mttl = 0xff;) }
464 fr = frc;
471 group: | IPFY_GROUP groupname { DOALL(setgroup(&fr, $2); \
472 fillgroup(fr););
477 head: | IPFY_HEAD groupname { DOALL(setgrhead(&fr, $2););
505 nattag: IPFY_NAT '=' YY_STR { DOALL(strncpy(fr->fr_nattag.ipt_tag,\
508 | IPFY_NAT '=' YY_NUMBER { DOALL(sprintf(fr->fr_nattag.ipt_tag,\
512 logtag: IPFY_LOG '=' YY_NUMBER { DOALL(fr->fr_logtag = $3;) }
537 pps: | IPFY_PPS YY_NUMBER { DOALL(fr->fr_pps = $2;) }
544 | IPFY_RULETTL YY_NUMBER { DOALL(fr->fr_die = $2;) }
548 | IPFY_COMMENT YY_STR { DOALL(fr->fr_comment = addname(&fr, \
563 quick: IPFY_QUICK { fr->fr_flags |= FR_QUICK; }
566 on: IPFY_ON onname { setifname(&fr, 0, $2.if1);
569 setifname(&fr, 1,
575 | IPFY_ON onname IPFY_INVIA vianame { setifname(&fr, 0, $2.if1);
578 setifname(&fr, 1,
583 | IPFY_ON onname IPFY_OUTVIA vianame { setifname(&fr, 0, $2.if1);
586 setifname(&fr, 1,
593 onlist: onname { DOREM(setifname(&fr, 0, $1.if1); \
595 setifname(&fr, 1, $1.if2); \
601 | onlist lmore onname { DOREM(setifname(&fr, 0, $3.if1); \
603 setifname(&fr, 1, $3.if2); \
621 name { setifname(&fr, 2, $1);
624 | name ',' name { setifname(&fr, 2, $1);
626 setifname(&fr, 3, $3);
632 { int idx = addname(&fr, $2);
633 fr->fr_dif.fd_name = idx;
637 { int idx = addname(&fr, $4);
638 fr->fr_dif.fd_name = idx;
639 fr->fr_dif.fd_type = FRD_DSTLIST;
643 { int idx = addname(&fr, $2);
644 fr->fr_dif.fd_name = idx;
645 fr->fr_dif.fd_ptr = (void *)-1;
646 fr->fr_dif.fd_ip6 = $4.adr;
647 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
648 fr->fr_family = $4.f;
658 froute: IPFY_FROUTE { fr->fr_flags |= FR_FASTROUTE; }
662 { int idx = addname(&fr, $2);
663 fr->fr_tif.fd_name = idx;
667 { int idx = addname(&fr, $4);
668 fr->fr_tif.fd_name = idx;
669 fr->fr_tif.fd_type = FRD_DSTLIST;
673 { int idx = addname(&fr, $2);
674 fr->fr_tif.fd_name = idx;
675 fr->fr_tif.fd_ptr = (void *)-1;
676 fr->fr_tif.fd_ip6 = $4.adr;
677 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
678 fr->fr_family = $4.f;
691 { int idx = addname(&fr, $2);
692 fr->fr_rif.fd_name = idx;
696 { fr->fr_rif.fd_name = addname(&fr, $4);
697 fr->fr_rif.fd_type = FRD_DSTLIST;
701 { int idx = addname(&fr, $2);
702 fr->fr_rif.fd_name = idx;
703 fr->fr_rif.fd_ptr = (void *)-1;
704 fr->fr_rif.fd_ip6 = $4.adr;
705 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
706 fr->fr_family = $4.f;
717 IPFY_BODY { fr->fr_flags |= FR_LOGBODY; }
718 | IPFY_FIRST { fr->fr_flags |= FR_LOGFIRST; }
719 | IPFY_ORBLOCK { fr->fr_flags |= FR_LOGORBLOCK; }
724 starticmpcode icmpcode ')' { fr->fr_icode = $2; yyresetdict(); }
736 YY_NUMBER { DOALL(fr->fr_proto = $1; \
737 fr->fr_mproto = 0xff;)
740 DOALL(fr->fr_flx |= FI_TCPUDP; \
741 fr->fr_mflx |= FI_TCPUDP;)
746 DOALL(fr->fr_proto = p; \
747 fr->fr_mproto = 0xff;)
754 DOREM(fr->fr_flx |= FI_TCPUDP; \
755 fr->fr_mflx |= FI_TCPUDP;)
774 if (fr == NULL)
775 fr = frc;
784 to: IPFY_TO { if (fr == NULL)
785 fr = frc;
804 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
806 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
808 { DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
810 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
812 { DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
814 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
816 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
818 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
838 { DOALL(fr->fr_flags |= FR_NOTSRCIP;) }
842 addr { build_srcaddr_af(fr, &$1); }
847 addr { build_srcaddr_af(fr, &$1); }
849 { build_srcaddr_af(fr, &$3); }
854 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1;) }
856 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1; \
857 fr->fr_stop = $1.p2;) }
864 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1;) }
866 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1; \
867 fr->fr_stop = $1.p2;) }
873 portnum { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $1;) }
875 { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $1; \
876 fr->fr_stop = $3;) }
878 { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $1; \
879 fr->fr_stop = $3;) }
881 { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $3;) }
883 { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $3; \
884 fr->fr_stop = $5;) }
886 { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $3; \
887 fr->fr_stop = $5;) }
894 { DOALL(fr->fr_flags |= FR_NOTDSTIP;) }
901 build_dstaddr_af(fr, &$1);
910 build_dstaddr_af(fr, &$1);
916 build_dstaddr_af(fr, &$3);
923 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1;) }
925 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1; \
926 fr->fr_dtop = $1.p2;) }
933 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1;) }
935 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1; \
936 fr->fr_dtop = $1.p2;) }
942 portnum { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $1;) }
944 { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $1; \
945 fr->fr_dtop = $3;) }
947 { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $1; \
948 fr->fr_dtop = $3;) }
950 { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $3;) }
952 { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $3; \
953 fr->fr_dtop = $5;) }
955 { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $3; \
956 fr->fr_dtop = $5;) }
974 $$.a.iplookupname = addname(&fr, $3);
1005 $$.a.iplookupname = addname(&fr, $3);
1068 $$.ifpos = addname(&fr, $2);
1076 $$.ifpos = addname(&fr, $2);
1092 $$.ifpos = addname(&fr, $2);
1278 { DOALL(fr->fr_icmp = htons($2 << 8); fr->fr_icmpm = htons(0xff00););
1298 DOALL(if (fr->fr_family == AF_INET) { \
1299 fr->fr_ip.fi_v = 4; \
1300 fr->fr_mip.fi_v = 0xf; \
1302 if (fr->fr_family == AF_INET6) { \
1303 fr->fr_ip.fi_v = 6; \
1304 fr->fr_mip.fi_v = 0xf; \
1312 { DOALL(fr->fr_icmp |= htons($2); fr->fr_icmpm |= htons(0xff););
1324 { DOREM(fr->fr_icmp = htons($1 << 8); fr->fr_icmpm = htons(0xff00);) }
1326 { DOREM(fr->fr_icmp = htons($3 << 8); fr->fr_icmpm = htons(0xff00);) }
1331 { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) }
1333 { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); \
1334 fr->fr_icmpm |= htons(0xff);) }
1337 age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \
1338 fr->fr_age[1] = $2;) }
1340 { DOALL(fr->fr_age[0] = $2; \
1341 fr->fr_age[1] = $4;) }
1349 IPFY_STATE stateoptlist { DOALL(fr->fr_flags |= FR_KEEPSTATE;)}
1353 IPFY_FRAGS fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
1354 | IPFY_FRAG fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
1367 IPFY_STRICT { DOALL(fr->fr_flags |= FR_FRSTRICT;) }
1380 IPFY_LIMIT YY_NUMBER { DOALL(fr->fr_statemax = $2;) }
1381 | IPFY_STRICT { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1383 } else if (fr->fr_flags & FR_STLOOSE) {\
1386 fr->fr_flags |= FR_STSTRICT;)
1388 | IPFY_LOOSE { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1390 } else if (fr->fr_flags & FR_STSTRICT){\
1393 fr->fr_flags |= FR_STLOOSE;)
1395 | IPFY_NEWISN { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1398 fr->fr_flags |= FR_NEWISN;)
1400 | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) }
1402 | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) }
1403 | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \
1404 fr->fr_age[1] = $2;) }
1406 { DOALL(fr->fr_age[0] = $2; \
1407 fr->fr_age[1] = $4;) }
1409 { DOALL(seticmphead(&fr, $2);)
1413 { DOALL(fr->fr_nostatelog = 1;) }
1415 { DOALL(fr->fr_rpc = 1;) }
1417 { DOALL(fr->fr_rpc = 1;) }
1419 { DOALL(fr->fr_srctrack.ht_max_nodes = $2;) }
1421 { DOALL(fr->fr_srctrack.ht_max_per_node = $2; \
1422 fr->fr_srctrack.ht_netmask = \
1423 fr->fr_family == AF_INET ? 32: 128;)
1426 { DOALL(fr->fr_srctrack.ht_max_per_node = $2; \
1427 fr->fr_srctrack.ht_netmask = $4;)
1452 opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) }
1453 | notwith opttype { DOALL(fr->fr_mflx |= $2;) }
1494 ipopts: optlist { DOALL(fr->fr_mip.fi_optmsk |= $1;
1495 if (fr->fr_family == AF_UNSPEC) {
1496 fr->fr_family = AF_INET;
1497 fr->fr_ip.fi_v = 4;
1498 fr->fr_mip.fi_v = 0xf;
1499 } else if (fr->fr_family != AF_INET) {
1503 fr->fr_ip.fi_optmsk |= $1;)
1513 ipv6hdrlist { DOALL(fr->fr_mip.fi_optmsk |= $1;
1515 fr->fr_ip.fi_optmsk |= $1;)
1595 { DOALL(fr->fr_mip.fi_secmsk |= $2;
1596 if (fr->fr_family == AF_UNSPEC) {
1597 fr->fr_family = AF_INET;
1598 fr->fr_ip.fi_v = 4;
1599 fr->fr_mip.fi_v = 0xf;
1600 } else if (fr->fr_family != AF_INET) {
1604 fr->fr_ip.fi_secmsk |= $2;)
1614 doi: IPFY_DOI YY_NUMBER { DOALL(fr->fr_doimask = 0xffffffff; \
1616 fr->fr_doi = $2;) }
1617 | IPFY_DOI YY_HEX { DOALL(fr->fr_doimask = 0xffffffff; \
1619 fr->fr_doi = $2;) }
1638 priority { fr->fr_loglevel = LOG_LOCAL0|$1; }
1639 | facility '.' priority { fr->fr_loglevel = $1 | $3; }
2056 for (fr = frtop; fr != NULL && fr->fr_next != NULL; fr = fr->fr_next) in newrule()
2058 if (fr != NULL) { in newrule()
2059 fr->fr_next = frn; in newrule()
2060 frn->fr_pnext = &fr->fr_next; in newrule()
2066 fr = frn; in newrule()
2068 fr->fr_loglevel = 0xffff; in newrule()
2069 fr->fr_isc = (void *)-1; in newrule()
2070 fr->fr_logtag = FR_NOLOGTAG; in newrule()
2071 fr->fr_type = FR_T_NONE; in newrule()
2072 fr->fr_flineno = yylineNum; in newrule()
2075 fr->fr_family = AF_INET6; in newrule()
2077 fr->fr_family = AF_INET; in newrule()
2086 for (fr = frc; fr != NULL; fr = fr->fr_next) { in setipftype()
2087 if (fr->fr_type == FR_T_NONE) { in setipftype()
2088 fr->fr_type = FR_T_IPF; in setipftype()
2089 fr->fr_data = (void *)calloc(sizeof(fripf_t), 1); in setipftype()
2090 fr->fr_dsize = sizeof(fripf_t); in setipftype()
2091 fr->fr_family = frc->fr_family; in setipftype()
2092 if (fr->fr_family == AF_INET) { in setipftype()
2093 fr->fr_ip.fi_v = 4; in setipftype()
2095 else if (fr->fr_family == AF_INET6) { in setipftype()
2096 fr->fr_ip.fi_v = 6; in setipftype()
2098 fr->fr_mip.fi_v = 0xf; in setipftype()
2099 fr->fr_ipf->fri_sifpidx = -1; in setipftype()
2100 fr->fr_ipf->fri_difpidx = -1; in setipftype()
2102 if (fr->fr_type != FR_T_IPF) { in setipftype()
2149 if (fr->fr_ifnames[i] == -1) in lookuphost()
2151 if (strcmp(name, fr->fr_names + fr->fr_ifnames[i]) == 0) { in lookuphost()
2153 dynamic = addname(&fr, name); in lookuphost()
2178 for (fr = frc; fr != NULL; fr = fr->fr_next) { in dobpf()
2179 if (fr->fr_type != FR_T_NONE) { in dobpf()
2183 fr->fr_family = vtof(v); in dobpf()
2184 fr->fr_type = FR_T_BPFOPC; in dobpf()
2219 fr->fr_dsize = (i / 4 + 1) * sizeof(*fb); in dobpf()
2220 fr->fr_data = fb; in dobpf()
2240 fr->fr_dsize = bpf.bf_len * sizeof(struct bpf_insn); in dobpf()
2241 fr->fr_data = malloc(fr->fr_dsize); in dobpf()
2242 bcopy((char *)bpf.bf_insns, fr->fr_data, fr->fr_dsize); in dobpf()
2243 if (!bpf_validate(fr->fr_data, bpf.bf_len)) { in dobpf()
2393 frentry_t *fr; in ipf_addrule() local
2399 fr = ptr; in ipf_addrule()
2405 obj.ipfo_size = fr->fr_size; in ipf_addrule()
2415 add = (u_int)fr->fr_hits ? SIOCINIFR : in ipf_addrule()
2419 add = (u_int)fr->fr_hits ? SIOCINAFR : in ipf_addrule()
2425 fr->fr_flags |= FR_OUTQUE; in ipf_addrule()
2426 if (fr->fr_hits) in ipf_addrule()
2427 fr->fr_hits--; in ipf_addrule()
2429 printfr(fr, ioctlfunc); in ipf_addrule()
2432 binprint(fr, sizeof(*fr)); in ipf_addrule()
2433 if (fr->fr_data != NULL) in ipf_addrule()
2434 binprint(fr->fr_data, fr->fr_dsize); in ipf_addrule()
2443 fr->fr_flineno); in ipf_addrule()
2449 (long long)fr->fr_hits, in ipf_addrule()
2450 (long long)fr->fr_bytes); in ipf_addrule()
2453 fr->fr_hits, fr->fr_bytes); in ipf_addrule()
2455 printfr(fr, ioctlfunc); in ipf_addrule()
2463 fr->fr_flineno); in ipf_addrule()
2473 fr->fr_flineno); in ipf_addrule()
2498 fillgroup(frentry_t *fr) in fillgroup() argument
2503 if (f->fr_grhead == -1 && fr->fr_group == -1) in fillgroup()
2505 if (f->fr_grhead == -1 || fr->fr_group == -1) in fillgroup()
2508 fr->fr_names + fr->fr_group) == 0) in fillgroup()
2521 if (f->fr_type != fr->fr_type || f->fr_type != FR_T_IPF) in fillgroup()
2524 if (fr->fr_family == 0 && f->fr_family != 0) in fillgroup()
2525 fr->fr_family = f->fr_family; in fillgroup()
2527 if (fr->fr_mproto == 0 && f->fr_mproto != 0) in fillgroup()
2528 fr->fr_mproto = f->fr_mproto; in fillgroup()
2529 if (fr->fr_proto == 0 && f->fr_proto != 0) in fillgroup()
2530 fr->fr_proto = f->fr_proto; in fillgroup()
2532 if ((fr->fr_mproto == 0) && ((fr->fr_flx & FI_TCPUDP) == 0) && in fillgroup()
2534 fr->fr_flx |= FI_TCPUDP; in fillgroup()
2535 fr->fr_mflx |= FI_TCPUDP; in fillgroup()
2553 fr->fr_type = FR_T_IPFEXPR; in doipfexpr()
2554 fr->fr_data = array; in doipfexpr()
2555 fr->fr_dsize = array[0] * sizeof(*array); in doipfexpr()
2626 frentry_t *fr; in allocfr() local
2628 fr = calloc(1, sizeof(*fr)); in allocfr()
2629 if (fr != NULL) { in allocfr()
2630 fr->fr_size = sizeof(*fr); in allocfr()
2631 fr->fr_comment = -1; in allocfr()
2632 fr->fr_group = -1; in allocfr()
2633 fr->fr_grhead = -1; in allocfr()
2634 fr->fr_icmphead = -1; in allocfr()
2635 fr->fr_ifnames[0] = -1; in allocfr()
2636 fr->fr_ifnames[1] = -1; in allocfr()
2637 fr->fr_ifnames[2] = -1; in allocfr()
2638 fr->fr_ifnames[3] = -1; in allocfr()
2639 fr->fr_tif.fd_name = -1; in allocfr()
2640 fr->fr_rif.fd_name = -1; in allocfr()
2641 fr->fr_dif.fd_name = -1; in allocfr()
2643 return(fr); in allocfr()
2708 fr = NULL; in build_dstaddr_af()
2736 fr = NULL; in build_srcaddr_af()