Lines Matching +full:sync +full:- +full:token
21 #define DOALL(x) for (fr = frc; fr != NULL; fr = fr->fr_next) { x }
22 #define DOREM(x) for (; fr != NULL; fr = fr->fr_next) { x }
59 static int dynamic = -1;
65 static int ipffd = -1;
118 %token <num> YY_NUMBER YY_HEX
119 %token <str> YY_STR
120 %token YY_COMMENT
121 %token YY_CMP_EQ YY_CMP_NE YY_CMP_LE YY_CMP_GE YY_CMP_LT YY_CMP_GT
122 %token YY_RANGE_OUT YY_RANGE_IN
123 %token <ip6> YY_IPV6
125 %token IPFY_SET
126 %token IPFY_PASS IPFY_BLOCK IPFY_COUNT IPFY_CALL IPFY_NOMATCH
127 %token IPFY_RETICMP IPFY_RETRST IPFY_RETICMPASDST
128 %token IPFY_IN IPFY_OUT
129 %token IPFY_QUICK IPFY_ON IPFY_OUTVIA IPFY_INVIA
130 %token IPFY_DUPTO IPFY_TO IPFY_FROUTE IPFY_REPLY_TO IPFY_ROUTETO
131 %token IPFY_TOS IPFY_TTL IPFY_PROTO IPFY_INET IPFY_INET6
132 %token IPFY_HEAD IPFY_GROUP
133 %token IPFY_AUTH IPFY_PREAUTH
134 %token IPFY_LOG IPFY_BODY IPFY_FIRST IPFY_LEVEL IPFY_ORBLOCK IPFY_L5AS
135 %token IPFY_LOGTAG IPFY_MATCHTAG IPFY_SETTAG IPFY_SKIP IPFY_DECAPS
136 %token IPFY_FROM IPFY_ALL IPFY_ANY IPFY_BPFV4 IPFY_BPFV6 IPFY_POOL IPFY_HASH
137 %token IPFY_IPFEXPR IPFY_PPS IPFY_FAMILY IPFY_DSTLIST
138 %token IPFY_ESP IPFY_AH
139 %token IPFY_WITH IPFY_AND IPFY_NOT IPFY_NO IPFY_OPT
140 %token IPFY_TCPUDP IPFY_TCP IPFY_UDP
141 %token IPFY_FLAGS IPFY_MULTICAST
142 %token IPFY_MASK IPFY_BROADCAST IPFY_NETWORK IPFY_NETMASKED IPFY_PEER
143 %token IPFY_RPC IPFY_PORT
144 %token IPFY_NOW IPFY_COMMENT IPFY_RULETTL
145 %token IPFY_ICMP IPFY_ICMPTYPE IPFY_ICMPCODE
146 %token IPFY_IPOPTS IPFY_SHORT IPFY_NAT IPFY_BADSRC IPFY_LOWTTL IPFY_FRAG
147 %token IPFY_MBCAST IPFY_BAD IPFY_BADNAT IPFY_OOW IPFY_NEWISN IPFY_NOICMPERR
148 %token IPFY_KEEP IPFY_STATE IPFY_FRAGS IPFY_LIMIT IPFY_STRICT IPFY_AGE
149 %token IPFY_SYNC IPFY_FRAGBODY IPFY_ICMPHEAD IPFY_NOLOG IPFY_LOOSE
150 %token IPFY_MAX_SRCS IPFY_MAX_PER_SRC
151 %token IPFY_IPOPT_NOP IPFY_IPOPT_RR IPFY_IPOPT_ZSU IPFY_IPOPT_MTUP
152 %token IPFY_IPOPT_MTUR IPFY_IPOPT_ENCODE IPFY_IPOPT_TS IPFY_IPOPT_TR
153 %token IPFY_IPOPT_SEC IPFY_IPOPT_LSRR IPFY_IPOPT_ESEC IPFY_IPOPT_CIPSO
154 %token IPFY_IPOPT_SATID IPFY_IPOPT_SSRR IPFY_IPOPT_ADDEXT IPFY_IPOPT_VISA
155 %token IPFY_IPOPT_IMITD IPFY_IPOPT_EIP IPFY_IPOPT_FINN IPFY_IPOPT_DPS
156 %token IPFY_IPOPT_SDB IPFY_IPOPT_NSAPA IPFY_IPOPT_RTRALRT IPFY_IPOPT_UMP
157 %token IPFY_SECCLASS IPFY_SEC_UNC IPFY_SEC_CONF IPFY_SEC_RSV1 IPFY_SEC_RSV2
158 %token IPFY_SEC_RSV4 IPFY_SEC_SEC IPFY_SEC_TS IPFY_SEC_RSV3 IPFY_DOI
160 %token IPFY_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS
161 %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING IPFY_V6HDR
162 %token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG
164 %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH
165 %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST
166 %token IPFY_ICMPT_TIMESTREP IPFY_ICMPT_INFOREQ IPFY_ICMPT_INFOREP
167 %token IPFY_ICMPT_MASKREQ IPFY_ICMPT_MASKREP IPFY_ICMPT_ROUTERAD
168 %token IPFY_ICMPT_ROUTERSOL
170 %token IPFY_ICMPC_NETUNR IPFY_ICMPC_HSTUNR IPFY_ICMPC_PROUNR IPFY_ICMPC_PORUNR
171 %token IPFY_ICMPC_NEEDF IPFY_ICMPC_SRCFAIL IPFY_ICMPC_NETUNK IPFY_ICMPC_HSTUNK
172 %token IPFY_ICMPC_ISOLATE IPFY_ICMPC_NETPRO IPFY_ICMPC_HSTPRO
173 %token IPFY_ICMPC_NETTOS IPFY_ICMPC_HSTTOS IPFY_ICMPC_FLTPRO IPFY_ICMPC_HSTPRE
174 %token IPFY_ICMPC_CUTPRE
176 %token IPFY_FAC_KERN IPFY_FAC_USER IPFY_FAC_MAIL IPFY_FAC_DAEMON IPFY_FAC_AUTH
177 %token IPFY_FAC_SYSLOG IPFY_FAC_LPR IPFY_FAC_NEWS IPFY_FAC_UUCP IPFY_FAC_CRON
178 %token IPFY_FAC_LOCAL0 IPFY_FAC_LOCAL1 IPFY_FAC_LOCAL2 IPFY_FAC_LOCAL3
179 %token IPFY_FAC_LOCAL4 IPFY_FAC_LOCAL5 IPFY_FAC_LOCAL6 IPFY_FAC_LOCAL7
180 %token IPFY_FAC_SECURITY IPFY_FAC_FTP IPFY_FAC_AUTHPRIV IPFY_FAC_AUDIT
181 %token IPFY_FAC_LFMT IPFY_FAC_CONSOLE
183 %token IPFY_PRI_EMERG IPFY_PRI_ALERT IPFY_PRI_CRIT IPFY_PRI_ERR IPFY_PRI_WARN
184 %token IPFY_PRI_NOTICE IPFY_PRI_INFO IPFY_PRI_DEBUG
209 frtop = fr->fr_next;
210 fr->fr_next = NULL;
211 if ((fr->fr_type == FR_T_IPF) &&
212 (fr->fr_ip.fi_v == 0))
213 fr->fr_mip.fi_v = 0;
216 fr->fr_next = frold;
259 markin: IPFY_IN { fr->fr_flags |= FR_INQUE; }
263 IPFY_OUT { fr->fr_flags |= FR_OUTQUE; }
279 frc->fr_family = AF_INET;
285 frc->fr_family = AF_INET;
288 | IPFY_FAMILY IPFY_INET6 { if (use_inet6 == -1) {
291 frc->fr_family = AF_INET6;
294 | IPFY_INET6 { if (use_inet6 == -1) {
297 frc->fr_family = AF_INET6;
326 '@' YY_NUMBER { fr->fr_hits = (U_QUAD_T)$2 + 1; }
330 | YY_NUMBER { fr->fr_collect = $1; }
334 | IPFY_PASS { fr->fr_flags |= FR_PASS; }
335 | IPFY_NOMATCH { fr->fr_flags |= FR_NOMATCH; }
337 | IPFY_COUNT { fr->fr_flags |= FR_ACCOUNT; }
338 | decaps { fr->fr_flags |= FR_DECAPSULATE; }
340 | IPFY_SKIP YY_NUMBER { fr->fr_flags |= FR_SKIP;
341 fr->fr_arg = $2; }
343 | IPFY_CALL IPFY_NOW func { fr->fr_flags |= FR_CALLNOW; }
351 IPFY_BLOCK { fr->fr_flags = FR_BLOCK; }
354 IPFY_RETICMP { fr->fr_flags |= FR_RETICMP; }
355 | IPFY_RETICMP returncode { fr->fr_flags |= FR_RETICMP; }
356 | IPFY_RETICMPASDST { fr->fr_flags |= FR_FAKEICMP; }
357 | IPFY_RETICMPASDST returncode { fr->fr_flags |= FR_FAKEICMP; }
358 | IPFY_RETRST { fr->fr_flags |= FR_RETRST; }
363 { fr->fr_icode = atoi($4); }
366 log: IPFY_LOG { fr->fr_flags |= FR_LOG; }
367 | IPFY_LOG logoptions { fr->fr_flags |= FR_LOG; }
370 auth: IPFY_AUTH { fr->fr_flags |= FR_AUTH; }
371 | IPFY_AUTH blockreturn { fr->fr_flags |= FR_AUTH;}
372 | IPFY_PREAUTH { fr->fr_flags |= FR_PREAUTH; }
376 { fr->fr_func = nametokva($1, ipfioctls[IPL_LOGIPF]);
377 fr->fr_arg = $3;
410 tos: | settos YY_NUMBER { DOALL(fr->fr_tos = $2; fr->fr_mtos = 0xff;) }
411 | settos YY_HEX { DOALL(fr->fr_tos = $2; fr->fr_mtos = 0xff;) }
419 YY_NUMBER { DOALL(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
420 | YY_HEX { DOREM(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
422 { DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
424 { DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
428 { DOALL(fr->fr_ttl = $2; fr->fr_mttl = 0xff;) }
455 YY_NUMBER { DOREM(fr->fr_ttl = $1; fr->fr_mttl = 0xff;) }
457 { DOREM(fr->fr_ttl = $3; fr->fr_mttl = 0xff;) }
485 $$[FR_GROUPLEN - 1] = '\0';
505 nattag: IPFY_NAT '=' YY_STR { DOALL(strncpy(fr->fr_nattag.ipt_tag,\
508 | IPFY_NAT '=' YY_NUMBER { DOALL(sprintf(fr->fr_nattag.ipt_tag,\
512 logtag: IPFY_LOG '=' YY_NUMBER { DOALL(fr->fr_logtag = $3;) }
537 pps: | IPFY_PPS YY_NUMBER { DOALL(fr->fr_pps = $2;) }
544 | IPFY_RULETTL YY_NUMBER { DOALL(fr->fr_die = $2;) }
548 | IPFY_COMMENT YY_STR { DOALL(fr->fr_comment = addname(&fr, \
563 quick: IPFY_QUICK { fr->fr_flags |= FR_QUICK; }
633 fr->fr_dif.fd_name = idx;
638 fr->fr_dif.fd_name = idx;
639 fr->fr_dif.fd_type = FRD_DSTLIST;
644 fr->fr_dif.fd_name = idx;
645 fr->fr_dif.fd_ptr = (void *)-1;
646 fr->fr_dif.fd_ip6 = $4.adr;
647 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
648 fr->fr_family = $4.f;
658 froute: IPFY_FROUTE { fr->fr_flags |= FR_FASTROUTE; }
663 fr->fr_tif.fd_name = idx;
668 fr->fr_tif.fd_name = idx;
669 fr->fr_tif.fd_type = FRD_DSTLIST;
674 fr->fr_tif.fd_name = idx;
675 fr->fr_tif.fd_ptr = (void *)-1;
676 fr->fr_tif.fd_ip6 = $4.adr;
677 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
678 fr->fr_family = $4.f;
692 fr->fr_rif.fd_name = idx;
696 { fr->fr_rif.fd_name = addname(&fr, $4);
697 fr->fr_rif.fd_type = FRD_DSTLIST;
702 fr->fr_rif.fd_name = idx;
703 fr->fr_rif.fd_ptr = (void *)-1;
704 fr->fr_rif.fd_ip6 = $4.adr;
705 if (fr->fr_family == AF_UNSPEC && $4.f != AF_UNSPEC)
706 fr->fr_family = $4.f;
717 IPFY_BODY { fr->fr_flags |= FR_LOGBODY; }
718 | IPFY_FIRST { fr->fr_flags |= FR_LOGFIRST; }
719 | IPFY_ORBLOCK { fr->fr_flags |= FR_LOGORBLOCK; }
724 starticmpcode icmpcode ')' { fr->fr_icode = $2; yyresetdict(); }
736 YY_NUMBER { DOALL(fr->fr_proto = $1; \
737 fr->fr_mproto = 0xff;)
739 | YY_STR { if (!strcmp($1, "tcp-udp")) {
740 DOALL(fr->fr_flx |= FI_TCPUDP; \
741 fr->fr_mflx |= FI_TCPUDP;)
744 if (p == -1)
746 DOALL(fr->fr_proto = p; \
747 fr->fr_mproto = 0xff;)
754 DOREM(fr->fr_flx |= FI_TCPUDP; \
755 fr->fr_mflx |= FI_TCPUDP;)
804 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
806 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
808 { DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
810 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
812 { DOALL(fr->fr_tcpf = 0; fr->fr_tcpfm = $3;) }
814 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
816 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
818 { DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
822 IPFY_FLAGS { if (frc->fr_type != FR_T_IPF)
823 yyerror("flags with non-ipf type rule");
824 if (frc->fr_proto != IPPROTO_TCP)
825 yyerror("flags with non-TCP rule");
838 { DOALL(fr->fr_flags |= FR_NOTSRCIP;) }
854 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1;) }
856 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1; \
857 fr->fr_stop = $1.p2;) }
864 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1;) }
866 { DOALL(fr->fr_scmp = $1.pc; fr->fr_sport = $1.p1; \
867 fr->fr_stop = $1.p2;) }
873 portnum { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $1;) }
875 { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $1; \
876 fr->fr_stop = $3;) }
878 { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $1; \
879 fr->fr_stop = $3;) }
881 { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $3;) }
883 { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $3; \
884 fr->fr_stop = $5;) }
886 { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $3; \
887 fr->fr_stop = $5;) }
894 { DOALL(fr->fr_flags |= FR_NOTDSTIP;) }
898 addr { if (($1.f != AF_UNSPEC) && (frc->fr_family != AF_UNSPEC) &&
899 ($1.f != frc->fr_family))
907 addr { if (($1.f != AF_UNSPEC) && (frc->fr_family != AF_UNSPEC) &&
908 ($1.f != frc->fr_family))
913 { if (($3.f != AF_UNSPEC) && (frc->fr_family != AF_UNSPEC) &&
914 ($3.f != frc->fr_family))
923 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1;) }
925 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1; \
926 fr->fr_dtop = $1.p2;) }
933 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1;) }
935 { DOALL(fr->fr_dcmp = $1.pc; fr->fr_dport = $1.p1; \
936 fr->fr_dtop = $1.p2;) }
942 portnum { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $1;) }
944 { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $1; \
945 fr->fr_dtop = $3;) }
947 { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $1; \
948 fr->fr_dtop = $3;) }
950 { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $3;) }
952 { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $3; \
953 fr->fr_dtop = $5;) }
955 { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $3; \
956 fr->fr_dtop = $5;) }
963 $$.ifpos = -1;
969 $$.ifpos = -1;
981 $$.ifpos = -1;
991 $$.ifpos = -1;
1001 $$.ifpos = -1;
1012 $$.ifpos = -1;
1025 $$.ifpos = -1;
1054 if (frc->fr_family == AF_INET6){
1078 if (frc->fr_family == AF_UNSPEC)
1079 frc->fr_family = AF_INET;
1081 ntomask(frc->fr_family,
1094 if (frc->fr_family == AF_UNSPEC)
1095 frc->fr_family = AF_INET;
1097 ntomask(frc->fr_family,
1152 if (frc->fr_family == AF_INET6)
1158 if (frc->fr_family == AF_INET6)
1165 if (frc->fr_family == AF_INET6)
1178 if (frc->fr_family == AF_INET)
1188 $$->al_family = $1.f;
1189 $$->al_i6addr = $1.a;
1190 $$->al_i6mask = $1.m;
1194 $$->al_family = $1.f;
1195 $$->al_i6addr = $1.a;
1196 $$->al_i6mask = $1.m;
1208 $$->al_family = $1.f;
1209 $$->al_i6addr = $1.a;
1210 $$->al_i6mask = $1.m;
1213 $$->al_not = 1;
1214 $$->al_family = $2.f;
1215 $$->al_i6addr = $2.a;
1216 $$->al_i6mask = $2.m;
1220 $$->al_family = $3.f;
1221 $$->al_i6addr = $3.a;
1222 $$->al_i6mask = $3.m;
1226 $$->al_not = 1;
1227 $$->al_family = $4.f;
1228 $$->al_i6addr = $4.a;
1229 $$->al_i6mask = $4.m;
1235 if (frc->fr_proto != 0 &&
1236 frc->fr_proto != IPPROTO_UDP &&
1237 frc->fr_proto != IPPROTO_TCP)
1278 { DOALL(fr->fr_icmp = htons($2 << 8); fr->fr_icmpm = htons(0xff00););
1285 IPFY_ICMPTYPE { if (frc->fr_family == AF_UNSPEC)
1286 frc->fr_family = AF_INET;
1287 if (frc->fr_family == AF_INET &&
1288 frc->fr_type == FR_T_IPF &&
1289 frc->fr_proto != IPPROTO_ICMP) {
1292 if (frc->fr_family == AF_INET6 &&
1293 frc->fr_type == FR_T_IPF &&
1294 frc->fr_proto != IPPROTO_ICMPV6) {
1295 yyerror("proto not ipv6-icmp");
1298 DOALL(if (fr->fr_family == AF_INET) { \
1299 fr->fr_ip.fi_v = 4; \
1300 fr->fr_mip.fi_v = 0xf; \
1302 if (fr->fr_family == AF_INET6) { \
1303 fr->fr_ip.fi_v = 6; \
1304 fr->fr_mip.fi_v = 0xf; \
1312 { DOALL(fr->fr_icmp |= htons($2); fr->fr_icmpm |= htons(0xff););
1324 { DOREM(fr->fr_icmp = htons($1 << 8); fr->fr_icmpm = htons(0xff00);) }
1326 { DOREM(fr->fr_icmp = htons($3 << 8); fr->fr_icmpm = htons(0xff00);) }
1331 { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) }
1333 { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); \
1334 fr->fr_icmpm |= htons(0xff);) }
1337 age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \
1338 fr->fr_age[1] = $2;) }
1340 { DOALL(fr->fr_age[0] = $2; \
1341 fr->fr_age[1] = $4;) }
1349 IPFY_STATE stateoptlist { DOALL(fr->fr_flags |= FR_KEEPSTATE;)}
1353 IPFY_FRAGS fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
1354 | IPFY_FRAG fragoptlist { DOALL(fr->fr_flags |= FR_KEEPFRAG;) }
1367 IPFY_STRICT { DOALL(fr->fr_flags |= FR_FRSTRICT;) }
1380 IPFY_LIMIT YY_NUMBER { DOALL(fr->fr_statemax = $2;) }
1381 | IPFY_STRICT { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1383 } else if (fr->fr_flags & FR_STLOOSE) {\
1386 fr->fr_flags |= FR_STSTRICT;)
1388 | IPFY_LOOSE { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1390 } else if (fr->fr_flags & FR_STSTRICT){\
1393 fr->fr_flags |= FR_STLOOSE;)
1395 | IPFY_NEWISN { DOALL(if (fr->fr_proto != IPPROTO_TCP) { \
1398 fr->fr_flags |= FR_NEWISN;)
1400 | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) }
1402 | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) }
1403 | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \
1404 fr->fr_age[1] = $2;) }
1406 { DOALL(fr->fr_age[0] = $2; \
1407 fr->fr_age[1] = $4;) }
1413 { DOALL(fr->fr_nostatelog = 1;) }
1415 { DOALL(fr->fr_rpc = 1;) }
1417 { DOALL(fr->fr_rpc = 1;) }
1419 { DOALL(fr->fr_srctrack.ht_max_nodes = $2;) }
1421 { DOALL(fr->fr_srctrack.ht_max_per_node = $2; \
1422 fr->fr_srctrack.ht_netmask = \
1423 fr->fr_family == AF_INET ? 32: 128;)
1426 { DOALL(fr->fr_srctrack.ht_max_per_node = $2; \
1427 fr->fr_srctrack.ht_netmask = $4;)
1433 &($$), NULL) == -1)
1452 opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) }
1453 | notwith opttype { DOALL(fr->fr_mflx |= $2;) }
1463 IPFY_V6HDR { if (frc->fr_family != AF_INET6)
1494 ipopts: optlist { DOALL(fr->fr_mip.fi_optmsk |= $1;
1495 if (fr->fr_family == AF_UNSPEC) {
1496 fr->fr_family = AF_INET;
1497 fr->fr_ip.fi_v = 4;
1498 fr->fr_mip.fi_v = 0xf;
1499 } else if (fr->fr_family != AF_INET) {
1503 fr->fr_ip.fi_optmsk |= $1;)
1513 ipv6hdrlist { DOALL(fr->fr_mip.fi_optmsk |= $1;
1515 fr->fr_ip.fi_optmsk |= $1;)
1542 | YY_STR { $$ = geticmptype(frc->fr_family, $1);
1543 if ($$ == -1)
1595 { DOALL(fr->fr_mip.fi_secmsk |= $2;
1596 if (fr->fr_family == AF_UNSPEC) {
1597 fr->fr_family = AF_INET;
1598 fr->fr_ip.fi_v = 4;
1599 fr->fr_mip.fi_v = 0xf;
1600 } else if (fr->fr_family != AF_INET) {
1604 fr->fr_ip.fi_secmsk |= $2;)
1614 doi: IPFY_DOI YY_NUMBER { DOALL(fr->fr_doimask = 0xffffffff; \
1616 fr->fr_doi = $2;) }
1617 | IPFY_DOI YY_HEX { DOALL(fr->fr_doimask = 0xffffffff; \
1619 fr->fr_doi = $2;) }
1638 priority { fr->fr_loglevel = LOG_LOCAL0|$1; }
1639 | facility '.' priority { fr->fr_loglevel = $1 | $3; }
1707 | '-' { $$ = strdup("-"); }
1752 { "bad-nat", IPFY_BADNAT },
1753 { "bad-src", IPFY_BADSRC },
1757 { "bpf-v4", IPFY_BPFV4 },
1759 { "bpf-v6", IPFY_BPFV6 },
1768 { "dup-to", IPFY_DUPTO },
1777 { "frag-body", IPFY_FRAGBODY },
1785 { "icmp-head", IPFY_ICMPHEAD },
1786 { "icmp-type", IPFY_ICMPTYPE },
1788 { "in-via", IPFY_INVIA },
1794 { "l5-as", IPFY_L5AS },
1803 { "match-tag", IPFY_MATCHTAG },
1804 { "max-per-src", IPFY_MAX_PER_SRC },
1805 { "max-srcs", IPFY_MAX_SRCS },
1814 { "no-icmp-err", IPFY_NOICMPERR },
1822 { "or-block", IPFY_ORBLOCK },
1824 { "out-via", IPFY_OUTVIA },
1831 { "reply-to", IPFY_REPLY_TO },
1832 { "return-icmp", IPFY_RETICMP },
1833 { "return-icmp-as-dest", IPFY_RETICMPASDST },
1834 { "return-rst", IPFY_RETRST },
1835 { "route-to", IPFY_ROUTETO },
1836 { "rule-ttl", IPFY_RULETTL },
1838 { "sec-class", IPFY_SECCLASS },
1840 { "set-tag", IPFY_SETTAG },
1844 { "state-age", IPFY_AGE },
1846 { "sync", IPFY_SYNC },
1848 { "tcp-udp", IPFY_TCPUDP },
1875 { "cutoff-preced", IPFY_ICMPC_CUTPRE },
1876 { "filter-prohib", IPFY_ICMPC_FLTPRO },
1879 { "net-prohib", IPFY_ICMPC_NETPRO },
1880 { "net-tos", IPFY_ICMPC_NETTOS },
1881 { "host-preced", IPFY_ICMPC_HSTPRE },
1882 { "host-prohib", IPFY_ICMPC_HSTPRO },
1883 { "host-tos", IPFY_ICMPC_HSTTOS },
1884 { "host-unk", IPFY_ICMPC_HSTUNK },
1885 { "host-unr", IPFY_ICMPC_HSTUNR },
1886 { "net-unk", IPFY_ICMPC_NETUNK },
1887 { "net-unr", IPFY_ICMPC_NETUNR },
1888 { "port-unr", IPFY_ICMPC_PORUNR },
1889 { "proto-unr", IPFY_ICMPC_PROUNR },
1898 { "e-sec", IPFY_IPOPT_ESEC },
1924 { "reserv-1", IPFY_SEC_RSV1 },
1925 { "reserv-2", IPFY_SEC_RSV2 },
1926 { "reserv-3", IPFY_SEC_RSV3 },
1927 { "reserv-4", IPFY_SEC_RSV4 },
2000 if (strcmp(filename, "-")) { in ipf_parsefile()
2005 return(-1); in ipf_parsefile()
2056 for (fr = frtop; fr != NULL && fr->fr_next != NULL; fr = fr->fr_next) in newrule()
2059 fr->fr_next = frn; in newrule()
2060 frn->fr_pnext = &fr->fr_next; in newrule()
2064 frn->fr_pnext = &frtop; in newrule()
2068 fr->fr_loglevel = 0xffff; in newrule()
2069 fr->fr_isc = (void *)-1; in newrule()
2070 fr->fr_logtag = FR_NOLOGTAG; in newrule()
2071 fr->fr_type = FR_T_NONE; in newrule()
2072 fr->fr_flineno = yylineNum; in newrule()
2075 fr->fr_family = AF_INET6; in newrule()
2076 else if (use_inet6 == -1) in newrule()
2077 fr->fr_family = AF_INET; in newrule()
2086 for (fr = frc; fr != NULL; fr = fr->fr_next) { in setipftype()
2087 if (fr->fr_type == FR_T_NONE) { in setipftype()
2088 fr->fr_type = FR_T_IPF; in setipftype()
2089 fr->fr_data = (void *)calloc(sizeof(fripf_t), 1); in setipftype()
2090 fr->fr_dsize = sizeof(fripf_t); in setipftype()
2091 fr->fr_family = frc->fr_family; in setipftype()
2092 if (fr->fr_family == AF_INET) { in setipftype()
2093 fr->fr_ip.fi_v = 4; in setipftype()
2095 else if (fr->fr_family == AF_INET6) { in setipftype()
2096 fr->fr_ip.fi_v = 6; in setipftype()
2098 fr->fr_mip.fi_v = 0xf; in setipftype()
2099 fr->fr_ipf->fri_sifpidx = -1; in setipftype()
2100 fr->fr_ipf->fri_difpidx = -1; in setipftype()
2102 if (fr->fr_type != FR_T_IPF) { in setipftype()
2115 for (f2 = frc; f2->fr_next != NULL; f2 = f2->fr_next) in addrule()
2120 for (f1 = frc; count > 0; count--, f1 = f1->fr_next) { in addrule()
2121 f->fr_next = allocfr(); in addrule()
2122 if (f->fr_next == NULL) in addrule()
2124 f->fr_next->fr_pnext = &f->fr_next; in addrule()
2126 f = f->fr_next; in addrule()
2128 f->fr_next = NULL; in addrule()
2129 if (f->fr_caddr != NULL) { in addrule()
2130 f->fr_caddr = malloc(f->fr_dsize); in addrule()
2131 bcopy(f1->fr_caddr, f->fr_caddr, f->fr_dsize); in addrule()
2135 return(f2->fr_next); in addrule()
2146 dynamic = -1; in lookuphost()
2149 if (fr->fr_ifnames[i] == -1) in lookuphost()
2151 if (strcmp(name, fr->fr_names + fr->fr_ifnames[i]) == 0) { in lookuphost()
2158 if (gethost(AF_INET, name, addrp) == -1) { in lookuphost()
2160 return(-1); in lookuphost()
2178 for (fr = frc; fr != NULL; fr = fr->fr_next) { in dobpf()
2179 if (fr->fr_type != FR_T_NONE) { in dobpf()
2183 fr->fr_family = vtof(v); in dobpf()
2184 fr->fr_type = FR_T_BPFOPC; in dobpf()
2218 i--; in dobpf()
2219 fr->fr_dsize = (i / 4 + 1) * sizeof(*fb); in dobpf()
2220 fr->fr_data = fb; in dobpf()
2240 fr->fr_dsize = bpf.bf_len * sizeof(struct bpf_insn); in dobpf()
2241 fr->fr_data = malloc(fr->fr_dsize); in dobpf()
2242 bcopy((char *)bpf.bf_insns, fr->fr_data, fr->fr_dsize); in dobpf()
2243 if (!bpf_validate(fr->fr_data, bpf.bf_len)) { in dobpf()
2265 dynamic = -1; in resetaddr()
2277 al->al_not = 0; in newalist()
2278 al->al_next = ptr; in newalist()
2297 for (n = top, a = list; (n != NULL) && (a != NULL); a = a->al_next) { in makepool()
2300 n->ipn_addr.adf_family = AF_INET6; in makepool()
2301 n->ipn_addr.adf_addr = a->al_i6addr; in makepool()
2302 n->ipn_addr.adf_len = offsetof(addrfamily_t, in makepool()
2304 n->ipn_mask.adf_family = AF_INET6; in makepool()
2305 n->ipn_mask.adf_addr = a->al_i6mask; in makepool()
2306 n->ipn_mask.adf_len = offsetof(addrfamily_t, in makepool()
2311 n->ipn_addr.adf_family = AF_INET; in makepool()
2312 n->ipn_addr.adf_addr.in4.s_addr = a->al_1; in makepool()
2313 n->ipn_addr.adf_len = offsetof(addrfamily_t, in makepool()
2315 n->ipn_mask.adf_family = AF_INET; in makepool()
2316 n->ipn_mask.adf_addr.in4.s_addr = a->al_2; in makepool()
2317 n->ipn_mask.adf_len = offsetof(addrfamily_t, in makepool()
2320 n->ipn_info = a->al_not; in makepool()
2321 if (a->al_next != NULL) { in makepool()
2322 n->ipn_next = calloc(1, sizeof(*n)); in makepool()
2323 n = n->ipn_next; in makepool()
2333 top = n->ipn_next; in makepool()
2354 for (n = top, a = list; (n != NULL) && (a != NULL); a = a->al_next) { in makehash()
2355 if (a->al_family == AF_INET6) { in makehash()
2356 n->ipe_family = AF_INET6; in makehash()
2357 n->ipe_addr = a->al_i6addr; in makehash()
2358 n->ipe_mask = a->al_i6mask; in makehash()
2360 n->ipe_family = AF_INET; in makehash()
2361 n->ipe_addr.in4_addr = a->al_1; in makehash()
2362 n->ipe_mask.in4_addr = a->al_2; in makehash()
2364 n->ipe_value = 0; in makehash()
2365 if (a->al_next != NULL) { in makehash()
2366 n->ipe_next = calloc(1, sizeof(*n)); in makehash()
2367 n = n->ipe_next; in makehash()
2382 top = n->ipe_next; in makehash()
2405 obj.ipfo_size = fr->fr_size; in ipf_addrule()
2410 fd = -1; in ipf_addrule()
2415 add = (u_int)fr->fr_hits ? SIOCINIFR : in ipf_addrule()
2419 add = (u_int)fr->fr_hits ? SIOCINAFR : in ipf_addrule()
2425 fr->fr_flags |= FR_OUTQUE; in ipf_addrule()
2426 if (fr->fr_hits) in ipf_addrule()
2427 fr->fr_hits--; in ipf_addrule()
2433 if (fr->fr_data != NULL) in ipf_addrule()
2434 binprint(fr->fr_data, fr->fr_dsize); in ipf_addrule()
2438 if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) { in ipf_addrule()
2443 fr->fr_flineno); in ipf_addrule()
2449 (long long)fr->fr_hits, in ipf_addrule()
2450 (long long)fr->fr_bytes); in ipf_addrule()
2453 fr->fr_hits, fr->fr_bytes); in ipf_addrule()
2458 if ((*ioctlfunc)(fd, del, (void *)&obj) == -1) { in ipf_addrule()
2463 fr->fr_flineno); in ipf_addrule()
2468 if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) { in ipf_addrule()
2473 fr->fr_flineno); in ipf_addrule()
2502 for (f = frold; f != NULL; f = f->fr_next) { in fillgroup()
2503 if (f->fr_grhead == -1 && fr->fr_group == -1) in fillgroup()
2505 if (f->fr_grhead == -1 || fr->fr_group == -1) in fillgroup()
2507 if (strcmp(f->fr_names + f->fr_grhead, in fillgroup()
2508 fr->fr_names + fr->fr_group) == 0) in fillgroup()
2521 if (f->fr_type != fr->fr_type || f->fr_type != FR_T_IPF) in fillgroup()
2524 if (fr->fr_family == 0 && f->fr_family != 0) in fillgroup()
2525 fr->fr_family = f->fr_family; in fillgroup()
2527 if (fr->fr_mproto == 0 && f->fr_mproto != 0) in fillgroup()
2528 fr->fr_mproto = f->fr_mproto; in fillgroup()
2529 if (fr->fr_proto == 0 && f->fr_proto != 0) in fillgroup()
2530 fr->fr_proto = f->fr_proto; in fillgroup()
2532 if ((fr->fr_mproto == 0) && ((fr->fr_flx & FI_TCPUDP) == 0) && in fillgroup()
2533 ((f->fr_flx & FI_TCPUDP) != 0)) { in fillgroup()
2534 fr->fr_flx |= FI_TCPUDP; in fillgroup()
2535 fr->fr_mflx |= FI_TCPUDP; in fillgroup()
2553 fr->fr_type = FR_T_IPFEXPR; in doipfexpr()
2554 fr->fr_data = array; in doipfexpr()
2555 fr->fr_dsize = array[0] * sizeof(*array); in doipfexpr()
2592 if (pos == -1) in setifname()
2594 (*frp)->fr_ifnames[idx] = pos; in setifname()
2606 f = realloc(*frp, (*frp)->fr_size + nlen); in addname()
2611 return(-1); in addname()
2612 if (f->fr_pnext != NULL) in addname()
2613 *f->fr_pnext = f; in addname()
2614 f->fr_size += nlen; in addname()
2615 pos = f->fr_namelen; in addname()
2616 f->fr_namelen += nlen; in addname()
2617 strcpy(f->fr_names + pos, name); in addname()
2618 f->fr_names[f->fr_namelen] = '\0'; in addname()
2630 fr->fr_size = sizeof(*fr); in allocfr()
2631 fr->fr_comment = -1; in allocfr()
2632 fr->fr_group = -1; in allocfr()
2633 fr->fr_grhead = -1; in allocfr()
2634 fr->fr_icmphead = -1; in allocfr()
2635 fr->fr_ifnames[0] = -1; in allocfr()
2636 fr->fr_ifnames[1] = -1; in allocfr()
2637 fr->fr_ifnames[2] = -1; in allocfr()
2638 fr->fr_ifnames[3] = -1; in allocfr()
2639 fr->fr_tif.fd_name = -1; in allocfr()
2640 fr->fr_rif.fd_name = -1; in allocfr()
2641 fr->fr_dif.fd_name = -1; in allocfr()
2653 if (pos == -1) in setgroup()
2655 (*frp)->fr_group = pos; in setgroup()
2665 if (pos == -1) in setgrhead()
2667 (*frp)->fr_grhead = pos; in setgrhead()
2677 if (pos == -1) in seticmphead()
2679 (*frp)->fr_icmphead = pos; in seticmphead()
2689 if (f->fr_family != AF_UNSPEC && ipp->f == AF_UNSPEC) { in build_dstaddr_af()
2690 ipp->f = f->fr_family; in build_dstaddr_af()
2691 ipp->v = f->fr_ip.fi_v; in build_dstaddr_af()
2693 if (ipp->f == AF_INET) in build_dstaddr_af()
2694 ipp->v = 4; in build_dstaddr_af()
2695 else if (ipp->f == AF_INET6) in build_dstaddr_af()
2696 ipp->v = 6; in build_dstaddr_af()
2698 for (; f != NULL; f = f->fr_next) { in build_dstaddr_af()
2699 f->fr_ip.fi_dst = ipp->a; in build_dstaddr_af()
2700 f->fr_mip.fi_dst = ipp->m; in build_dstaddr_af()
2701 f->fr_family = ipp->f; in build_dstaddr_af()
2702 f->fr_ip.fi_v = ipp->v; in build_dstaddr_af()
2703 f->fr_mip.fi_v = 0xf; in build_dstaddr_af()
2704 f->fr_datype = ipp->type; in build_dstaddr_af()
2705 if (ipp->ifpos != -1) in build_dstaddr_af()
2706 f->fr_ipf->fri_difpidx = ipp->ifpos; in build_dstaddr_af()
2718 if (f->fr_family != AF_UNSPEC && ipp->f == AF_UNSPEC) { in build_srcaddr_af()
2719 ipp->f = f->fr_family; in build_srcaddr_af()
2720 ipp->v = f->fr_ip.fi_v; in build_srcaddr_af()
2722 if (ipp->f == AF_INET) in build_srcaddr_af()
2723 ipp->v = 4; in build_srcaddr_af()
2724 else if (ipp->f == AF_INET6) in build_srcaddr_af()
2725 ipp->v = 6; in build_srcaddr_af()
2727 for (; f != NULL; f = f->fr_next) { in build_srcaddr_af()
2728 f->fr_ip.fi_src = ipp->a; in build_srcaddr_af()
2729 f->fr_mip.fi_src = ipp->m; in build_srcaddr_af()
2730 f->fr_family = ipp->f; in build_srcaddr_af()
2731 f->fr_ip.fi_v = ipp->v; in build_srcaddr_af()
2732 f->fr_mip.fi_v = 0xf; in build_srcaddr_af()
2733 f->fr_satype = ipp->type; in build_srcaddr_af()
2734 f->fr_ipf->fri_sifpidx = ipp->ifpos; in build_srcaddr_af()