Lines Matching full:av
96 if (!av[0]) \
98 if (_substrcmp(*av, "tablearg") == 0) { \
107 _xval = strtol(*av, &end, 10); \
109 if (!isdigit(**av) || *end != '\0' || (_xval == 0 && errno == EINVAL)) \
111 match_value(s_x, tok), *av); \
115 match_value(s_x, tok), min, max, *av); \
119 match_value(s_x, tok), *av); \
442 ipfw_cfg_lheader *cfg, size_t sz, int ac, char **av);
1081 fill_newports(ipfw_insn_u16 *cmd, char *av, int proto, int cblen) in fill_newports() argument
1085 char *s = av; in fill_newports()
1088 a = strtoport(av, &s, 0, proto); in fill_newports()
1089 if (s == av) /* empty or invalid argument */ in fill_newports()
1096 av = s + 1; in fill_newports()
1097 b = strtoport(av, &s, 0, proto); in fill_newports()
1099 if (s == av || (*s != ',' && *s != '\0')) in fill_newports()
1110 *s, av); in fill_newports()
1116 av = s + 1; in fill_newports()
1130 fill_dscp(ipfw_insn *cmd, char *av, int cblen) in fill_dscp() argument
1133 char *s = av, *a; in fill_dscp()
1175 fill_mark(ipfw_insn *cmd, char *av, int cblen) in fill_mark() argument
1188 value_str = strsep(&av, ":"); in fill_mark()
1198 if (av) in fill_mark()
1199 *mask = strtoul(av, NULL, 0); in fill_mark()
1486 fill_icmptypes(ipfw_insn_u32 *cmd, char *av) in fill_icmptypes() argument
1491 while (*av) { in fill_icmptypes()
1492 if (*av == ',') in fill_icmptypes()
1493 av++; in fill_icmptypes()
1495 type = strtoul(av, &av, 0); in fill_icmptypes()
1497 if (*av != ',' && *av != '\0') in fill_icmptypes()
2620 ipfw_sets_handler(char *av[]) in ipfw_sets_handler() argument
2629 av++; in ipfw_sets_handler()
2632 if (av[0] == NULL) in ipfw_sets_handler()
2634 if (_substrcmp(*av, "show") == 0) { in ipfw_sets_handler()
2655 } else if (_substrcmp(*av, "swap") == 0) { in ipfw_sets_handler()
2656 av++; in ipfw_sets_handler()
2657 if ( av[0] == NULL || av[1] == NULL ) in ipfw_sets_handler()
2659 rt.set = atoi(av[0]); in ipfw_sets_handler()
2660 rt.new_set = atoi(av[1]); in ipfw_sets_handler()
2661 if (!isdigit(*(av[0])) || rt.set > RESVD_SET) in ipfw_sets_handler()
2662 errx(EX_DATAERR, "invalid set number %s\n", av[0]); in ipfw_sets_handler()
2663 if (!isdigit(*(av[1])) || rt.new_set > RESVD_SET) in ipfw_sets_handler()
2664 errx(EX_DATAERR, "invalid set number %s\n", av[1]); in ipfw_sets_handler()
2666 } else if (_substrcmp(*av, "move") == 0) { in ipfw_sets_handler()
2667 av++; in ipfw_sets_handler()
2668 if (av[0] && _substrcmp(*av, "rule") == 0) { in ipfw_sets_handler()
2671 av++; in ipfw_sets_handler()
2674 if (av[0] == NULL || av[1] == NULL || av[2] == NULL || in ipfw_sets_handler()
2675 av[3] != NULL || _substrcmp(av[1], "to") != 0) in ipfw_sets_handler()
2677 rulenum = (uint32_t)strtoul(av[0], NULL, 10); in ipfw_sets_handler()
2678 rt.new_set = atoi(av[2]); in ipfw_sets_handler()
2684 rt.new_set = atoi(av[2]); in ipfw_sets_handler()
2685 if (!isdigit(*(av[0])) || (cmd == 3 && rt.set > RESVD_SET) || in ipfw_sets_handler()
2687 errx(EX_DATAERR, "invalid source number %s\n", av[0]); in ipfw_sets_handler()
2688 if (!isdigit(*(av[2])) || rt.new_set > RESVD_SET) in ipfw_sets_handler()
2689 errx(EX_DATAERR, "invalid dest. set %s\n", av[1]); in ipfw_sets_handler()
2694 } else if (_substrcmp(*av, "disable") == 0 || in ipfw_sets_handler()
2695 _substrcmp(*av, "enable") == 0 ) { in ipfw_sets_handler()
2696 int which = _substrcmp(*av, "enable") == 0 ? 1 : 0; in ipfw_sets_handler()
2698 av++; in ipfw_sets_handler()
2701 while (av[0]) { in ipfw_sets_handler()
2702 if (isdigit(**av)) { in ipfw_sets_handler()
2703 i = atoi(*av); in ipfw_sets_handler()
2708 } else if (_substrcmp(*av, "disable") == 0) in ipfw_sets_handler()
2710 else if (_substrcmp(*av, "enable") == 0) in ipfw_sets_handler()
2714 "invalid set command %s\n", *av); in ipfw_sets_handler()
2715 av++; in ipfw_sets_handler()
2727 errx(EX_USAGE, "invalid set command %s\n", *av); in ipfw_sets_handler()
2743 ipfw_sysctl_handler(char *av[], int which) in ipfw_sysctl_handler() argument
2745 av++; in ipfw_sysctl_handler()
2747 if (av[0] == NULL) { in ipfw_sysctl_handler()
2749 } else if (_substrcmp(*av, "firewall") == 0) { in ipfw_sysctl_handler()
2754 } else if (_substrcmp(*av, "one_pass") == 0) { in ipfw_sysctl_handler()
2757 } else if (_substrcmp(*av, "debug") == 0) { in ipfw_sysctl_handler()
2760 } else if (_substrcmp(*av, "verbose") == 0) { in ipfw_sysctl_handler()
2763 } else if (_substrcmp(*av, "dyn_keepalive") == 0) { in ipfw_sysctl_handler()
2766 } else if (_substrcmp(*av, "skipto_cache") == 0) { in ipfw_sysctl_handler()
2769 } else if (_substrcmp(*av, "altq") == 0) { in ipfw_sysctl_handler()
2773 warnx("unrecognize enable/disable keyword: %s\n", *av); in ipfw_sysctl_handler()
2951 ipfw_list(int ac, char *av[], int show_counters) in ipfw_list() argument
2967 dummynet_list(ac, av, show_counters); in ipfw_list()
2972 av++; in ipfw_list()
2977 for (lac = ac, lav = av; lac != 0; lac--) { in ipfw_list()
3002 error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av); in ipfw_list()
3012 ipfw_cfg_lheader *cfg, size_t sz, int ac, char *av[]) in ipfw_show_config() argument
3087 for (lac = ac, lav = av; lac != 0; lac--) { in ipfw_show_config()
3115 for (lac = ac, lav = av; lac != 0; lac--) { in ipfw_show_config()
3330 fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate) in fill_table() argument
3335 if ((p = strchr(av + 6, ')')) == NULL) in fill_table()
3336 errx(EX_DATAERR, "forgotten parenthesis: '%s'", av); in fill_table()
3338 p = strchr(av + 6, ','); in fill_table()
3342 if ((c->kidx = pack_table(tstate, av + 6)) == 0) in fill_table()
3343 errx(EX_DATAERR, "Invalid table name: %s", av + 6); in fill_table()
3356 * fills the addr and mask fields in the instruction as appropriate from av.
3367 fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct tidx *tstate) in fill_ip() argument
3374 if (_substrcmp(av, "any") == 0) in fill_ip()
3377 if (_substrcmp(av, "me") == 0) { in fill_ip()
3382 if (strncmp(av, "table(", 6) == 0) { in fill_ip()
3383 fill_table(&cmd->o, av, O_IP_DST_LOOKUP, tstate); in fill_ip()
3387 while (av) { in fill_ip()
3393 char *t = NULL, *p = strpbrk(av, "/:,{"); in fill_ip()
3409 if (lookup_host(av, (struct in_addr *)&d[0]) != 0) in fill_ip()
3410 errx(EX_NOHOST, "hostname ``%s'' unknown", av); in fill_ip()
3468 av = p + 1; in fill_ip()
3477 while (isdigit(*av)) { in fill_ip()
3479 int a = strtol(av, &s, 0); in fill_ip()
3481 if (s == av) { /* no parameter */ in fill_ip()
3482 if (*av != '}') in fill_ip()
3508 av = s+1; in fill_ip()
3512 av = p; in fill_ip()
3513 if (av) /* then *av must be a ',' */ in fill_ip()
3514 av++; in fill_ip()
3525 if (av == NULL && len == 0) /* only this entry */ in fill_ip()
3532 if (d[1] == (uint32_t)~0 && av == NULL && len == 0) { in fill_ip()
3581 ipfw_delete(char *av[]) in ipfw_delete() argument
3589 av++; in ipfw_delete()
3591 if ( *av && _substrcmp(*av, "set") == 0) { in ipfw_delete()
3598 av++; in ipfw_delete()
3602 while (*av && isdigit(**av)) { in ipfw_delete()
3603 i = strtol(*av, &sep, 10); in ipfw_delete()
3607 av++; in ipfw_delete()
3763 fill_comment(ipfw_insn *cmd, char **av, int cblen) in fill_comment() argument
3772 for (i = 0, l = 0; av[i] != NULL; i++) in fill_comment()
3773 l += strlen(av[i]) + 1; in fill_comment()
3783 for (i = 0; av[i] != NULL; i++) { in fill_comment()
3784 strcpy(p, av[i]); in fill_comment()
3785 p += strlen(av[i]); in fill_comment()
3808 add_mac(ipfw_insn *cmd, char *av[], int cblen) in add_mac() argument
3812 if ( ( av[0] == NULL ) || ( av[1] == NULL ) ) in add_mac()
3820 get_mac_addr_mask(av[0], mac->addr, mac->mask); /* dst */ in add_mac()
3821 get_mac_addr_mask(av[1], &(mac->addr[ETHER_ADDR_LEN]), in add_mac()
3827 add_mactype(ipfw_insn *cmd, char *av, int cblen) in add_mactype() argument
3829 if (!av) in add_mactype()
3831 if (strcmp(av, "any") != 0) { /* we have a non-null type */ in add_mactype()
3832 fill_newports((ipfw_insn_u16 *)cmd, av, IPPROTO_ETHERTYPE, in add_mactype()
3841 add_proto0(ipfw_insn *cmd, char *av, u_char *protop) in add_proto0() argument
3847 proto = strtol(av, &ep, 10); in add_proto0()
3849 if ((pe = getprotobyname(av)) == NULL) in add_proto0()
3860 add_proto(ipfw_insn *cmd, char *av, u_char *protop) in add_proto() argument
3864 if (_substrcmp(av, "all") == 0 || strcmp(av, "ip") == 0) in add_proto()
3866 else if (strcmp(av, "ip4") == 0) in add_proto()
3869 else if (strcmp(av, "ip6") == 0) { in add_proto()
3874 return add_proto0(cmd, av, protop); in add_proto()
3881 add_proto_compat(ipfw_insn *cmd, char *av, u_char *protop) in add_proto_compat() argument
3885 if (_substrcmp(av, "all") == 0 || strcmp(av, "ip") == 0) in add_proto_compat()
3887 else if (strcmp(av, "ipv4") == 0 || strcmp(av, "ip4") == 0) in add_proto_compat()
3890 else if (strcmp(av, "ipv6") == 0 || strcmp(av, "ip6") == 0) { in add_proto_compat()
3895 return add_proto0(cmd, av, protop); in add_proto_compat()
3902 add_srcip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) in add_srcip() argument
3904 fill_ip((ipfw_insn_ip *)cmd, av, cblen, tstate); in add_srcip()
3919 add_dstip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) in add_dstip() argument
3921 fill_ip((ipfw_insn_ip *)cmd, av, cblen, tstate); in add_dstip()
3936 add_srcmac(ipfw_insn *cmd, char *av, struct tidx *tstate) in add_srcmac() argument
3939 if (strncmp(av, "table(", 6) == 0) in add_srcmac()
3940 fill_table(cmd, av, O_MAC_SRC_LOOKUP, tstate); in add_srcmac()
3942 errx(EX_DATAERR, "only mac table lookup is supported %s", av); in add_srcmac()
3947 add_dstmac(ipfw_insn *cmd, char *av, struct tidx *tstate) in add_dstmac() argument
3950 if (strncmp(av, "table(", 6) == 0) in add_dstmac()
3951 fill_table(cmd, av, O_MAC_DST_LOOKUP, tstate); in add_dstmac()
3953 errx(EX_DATAERR, "only mac table lookup is supported %s", av); in add_dstmac()
3981 add_ports(ipfw_insn *cmd, char *av, u_char proto, int opcode, int cblen) in add_ports() argument
3984 if (match_token(f_reserved_keywords, av) != -1) in add_ports()
3987 if (fill_newports((ipfw_insn_u16 *)cmd, av, proto, cblen)) { in add_ports()
3996 add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) in add_src() argument
4004 if ((ch = strpbrk(av, "/,")) != NULL) { in add_src()
4005 len = ch - av; in add_src()
4006 strlcpy(buf, av, sizeof(buf)); in add_src()
4011 host = av; in add_src()
4013 if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || in add_src()
4015 ret = add_srcip6(cmd, av, cblen, tstate); in add_src()
4017 if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || in add_src()
4019 ret = add_srcip(cmd, av, cblen, tstate); in add_src()
4020 if (ret == NULL && strcmp(av, "any") != 0) in add_src()
4027 add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) in add_dst() argument
4035 if ((ch = strpbrk(av, "/,")) != NULL) { in add_dst()
4036 len = ch - av; in add_dst()
4037 strlcpy(buf, av, sizeof(buf)); in add_dst()
4042 host = av; in add_dst()
4044 if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || in add_dst()
4046 ret = add_dstip6(cmd, av, cblen, tstate); in add_dst()
4048 if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || in add_dst()
4050 ret = add_dstip(cmd, av, cblen, tstate); in add_dst()
4051 if (ret == NULL && strcmp(av, "any") != 0) in add_dst()
4141 compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate) in compile_rule() argument
4192 av++; in compile_rule()
4195 if (av[0] && isdigit(**av)) { in compile_rule()
4196 rule->rulenum = atoi(*av); in compile_rule()
4197 av++; in compile_rule()
4201 if (av[0] && av[1] && _substrcmp(*av, "set") == 0) { in compile_rule()
4202 int set = strtoul(av[1], NULL, 10); in compile_rule()
4204 errx(EX_DATAERR, "illegal set %s", av[1]); in compile_rule()
4207 av += 2; in compile_rule()
4211 if (av[0] && av[1] && _substrcmp(*av, "prob") == 0) { in compile_rule()
4212 match_prob = strtod(av[1], NULL); in compile_rule()
4215 errx(EX_DATAERR, "illegal match prob. %s", av[1]); in compile_rule()
4216 av += 2; in compile_rule()
4221 i = match_token(rule_actions, *av); in compile_rule()
4222 av++; in compile_rule()
4231 if (*av == NULL || in compile_rule()
4232 match_token(rule_options, *av) == TOK_COMMENT) { in compile_rule()
4237 if (*av[0] == ':') { in compile_rule()
4238 if (strcmp(*av + 1, "any") == 0) in compile_rule()
4240 else if (state_check_name(*av + 1) == 0) in compile_rule()
4242 tstate, *av + 1, IPFW_TLV_STATE_NAME); in compile_rule()
4245 *av); in compile_rule()
4246 av++; in compile_rule()
4249 errx(EX_DATAERR, "Invalid state name %s", *av); in compile_rule()
4289 action->arg1 = get_reject_code(*av); in compile_rule()
4290 av++; in compile_rule()
4291 if (action->arg1 == ICMP_UNREACH_NEEDFRAG && isdigit(**av)) { in compile_rule()
4294 mtu = strtoul(*av, NULL, 10); in compile_rule()
4297 *(av - 1)); in compile_rule()
4300 av++; in compile_rule()
4307 action->arg1 = get_unreach6_code(*av); in compile_rule()
4308 av++; in compile_rule()
4319 if (*av != NULL && _substrcmp(*av, "global") == 0) in compile_rule()
4322 action->arg1 = arg_or_targ(av[0], *(av - 1)); in compile_rule()
4323 av++; in compile_rule()
4327 action->arg1 = arg_or_targ(av[0], *(av - 1)); in compile_rule()
4328 av++; in compile_rule()
4332 action->arg1 = arg_or_targ(av[0], *(av - 1)); in compile_rule()
4333 av++; in compile_rule()
4340 arg_or_targ_relaxed(av[0], *(av - 1), IPFW_DEFAULT_RULE); in compile_rule()
4341 av++; in compile_rule()
4345 action->arg1 = arg_or_targ(av[0], *(av - 1)); in compile_rule()
4346 av++; in compile_rule()
4350 action->arg1 = arg_or_targ(av[0], *(av - 1)); in compile_rule()
4351 av++; in compile_rule()
4355 action->arg1 = get_divert_port(av[0], *(av - 1)); in compile_rule()
4356 av++; in compile_rule()
4360 action->arg1 = get_divert_port(av[0], *(av - 1)); in compile_rule()
4361 av++; in compile_rule()
4368 arg_or_targ_relaxed(av[0], *(av - 1), IPFW_DEFAULT_RULE); in compile_rule()
4369 av++; in compile_rule()
4390 if (strncmp(*av, "tablearg", 8) == 0 && in compile_rule()
4391 ((*av)[8] == '\0' || (*av)[8] == ',' || (*av)[8] == ':')) in compile_rule()
4392 memcpy(++(*av), "0.0.0.0", 7); in compile_rule()
4397 if (strchr(*av, '[')) in compile_rule()
4398 (*av)++; in compile_rule()
4403 s = strchr(*av, ','); in compile_rule()
4405 s = strchr(*av, ']'); in compile_rule()
4410 s = *av; in compile_rule()
4432 if (getaddrinfo(*av, NULL, NULL, &res)) in compile_rule()
4474 av++; in compile_rule()
4480 av--; /* go back... */ in compile_rule()
4490 if (_substrcmp(*av, "tablearg") == 0) { in compile_rule()
4493 action->arg1 = strtoul(*av, NULL, 10); in compile_rule()
4502 av++; in compile_rule()
4512 if (_substrcmp(*av, "tablearg") == 0) { in compile_rule()
4515 if (isalpha(*av[0])) { in compile_rule()
4516 if ((code = match_token(f_ipdscp, *av)) == -1) in compile_rule()
4520 action->arg1 = strtoul(*av, NULL, 10); in compile_rule()
4527 av++; in compile_rule()
4539 if (*av != NULL) { in compile_rule()
4544 i = match_token(return_types, *av); in compile_rule()
4547 av++; in compile_rule()
4557 if (strcmp(*av, "tablearg") == 0) { in compile_rule()
4560 insntod(action, u32)->d[0] = strtoul(*av, NULL, 0); in compile_rule()
4564 av++; in compile_rule()
4585 mss = strtoul(*av, NULL, 10); in compile_rule()
4587 errx(EX_USAGE, "invalid MSS value %s", *av); in compile_rule()
4589 av++; in compile_rule()
4594 av--; in compile_rule()
4595 if (match_token(rule_eactions, *av) == -1) in compile_rule()
4596 errx(EX_DATAERR, "invalid action %s\n", *av); in compile_rule()
4609 if (eaction_check_name(*av) != 0) in compile_rule()
4610 errx(EX_DATAERR, "Invalid eaction name %s", *av); in compile_rule()
4611 idx = pack_object(tstate, *av, IPFW_TLV_EACTION); in compile_rule()
4619 av++; in compile_rule()
4621 if (eaction_check_name(*av) != 0) in compile_rule()
4623 *av); in compile_rule()
4629 idx = pack_object(tstate, *av, 0); in compile_rule()
4637 av++; in compile_rule()
4649 while (av[0] != NULL && (i = match_token(rule_action_params, *av)) != -1) { in compile_rule()
4650 av++; in compile_rule()
4666 if (av[0] && _substrcmp(*av, "logdst") == 0) { in compile_rule()
4667 av++; in compile_rule()
4669 cmd->arg1 = parse_logdst(*av); in compile_rule()
4670 av++; in compile_rule()
4673 if (av[0] && _substrcmp(*av, "logamount") == 0) { in compile_rule()
4674 av++; in compile_rule()
4676 l = atoi(*av); in compile_rule()
4681 av++; in compile_rule()
4696 if (av[0] && _substrcmp(*av, "logdst") == 0) { in compile_rule()
4697 av++; in compile_rule()
4699 cmd->arg1 = parse_logdst(*av); in compile_rule()
4700 av++; in compile_rule()
4718 a->qid = altq_name_to_qid(*av); in compile_rule()
4719 av++; in compile_rule()
4735 av++; in compile_rule()
4746 if (*av != NULL && in compile_rule()
4747 match_token(rule_options, *av) == TOK_COMMENT) { in compile_rule()
4749 av++; in compile_rule()
4750 fill_comment(cmd, av, cblen); in compile_rule()
4752 av[0] = NULL; in compile_rule()
4758 if (av[0] && (*av[0] == '(' || *av[0] == '{')) { \ in compile_rule()
4763 if ( (av[0])[1] == '\0') { \ in compile_rule()
4764 av++; \ in compile_rule()
4766 (*av)++; \ in compile_rule()
4773 if (av[0] && ( \ in compile_rule()
4774 strcmp(*av, ")") == 0 || \ in compile_rule()
4775 strcmp(*av, "}") == 0)) { \ in compile_rule()
4778 av++; \ in compile_rule()
4784 if (av[0] && _substrcmp(*av, "not") == 0) { \ in compile_rule()
4788 av++; \ in compile_rule()
4792 if (av[0] && _substrcmp(*av, "or") == 0) { \ in compile_rule()
4796 av++; \ in compile_rule()
4811 if (_substrcmp(*av, "MAC") == 0 || in compile_rule()
4812 _substrcmp(*av, "mac") == 0) { in compile_rule()
4813 av++; /* the "MAC" keyword */ in compile_rule()
4814 add_mac(cmd, av); /* exits in case of errors */ in compile_rule()
4816 av += 2; /* dst-mac and src-mac */ in compile_rule()
4819 if (add_mactype(cmd, av[0])) in compile_rule()
4821 av++; /* any or mac-type */ in compile_rule()
4832 if (add_proto_compat(cmd, *av, &proto)) { in compile_rule()
4833 av++; in compile_rule()
4839 errx(EX_DATAERR, "invalid protocol ``%s''", *av); in compile_rule()
4851 if ((av[0] == NULL) || _substrcmp(*av, "from") != 0) in compile_rule()
4853 av++; in compile_rule()
4861 if (add_src(cmd, *av, proto, cblen, tstate)) { in compile_rule()
4862 av++; in compile_rule()
4868 errx(EX_USAGE, "bad source address %s", *av); in compile_rule()
4875 if ( av[0] != NULL ) { in compile_rule()
4876 if (_substrcmp(*av, "any") == 0 || in compile_rule()
4877 add_ports(cmd, *av, proto, O_IP_SRCPORT, cblen)) { in compile_rule()
4878 av++; in compile_rule()
4887 if ( (av[0] == NULL) || _substrcmp(*av, "to") != 0 ) in compile_rule()
4889 av++; in compile_rule()
4897 if (add_dst(cmd, *av, proto, cblen, tstate)) { in compile_rule()
4898 av++; in compile_rule()
4904 errx( EX_USAGE, "bad destination address %s", *av); in compile_rule()
4911 if (av[0]) { in compile_rule()
4912 if (_substrcmp(*av, "any") == 0 || in compile_rule()
4913 add_ports(cmd, *av, proto, O_IP_DSTPORT, cblen)) { in compile_rule()
4914 av++; in compile_rule()
4924 while ( av[0] != NULL ) { in compile_rule()
4928 s = *av; in compile_rule()
4938 av++; in compile_rule()
4989 if (*av != NULL && fill_flags(f_ipoff, *av, NULL, in compile_rule()
4991 av++; in compile_rule()
5014 fill_iface(insntod(cmd, if), av[0], cblen, tstate); in compile_rule()
5015 av++; in compile_rule()
5028 fill_icmptypes((ipfw_insn_u32 *)cmd, *av); in compile_rule()
5029 av++; in compile_rule()
5034 fill_icmp6types((ipfw_insn_icmp6 *)cmd, *av, cblen); in compile_rule()
5035 av++; in compile_rule()
5040 if (strpbrk(*av, "-,")) { in compile_rule()
5041 if (!add_ports(cmd, *av, 0, O_IPTTL, cblen)) in compile_rule()
5042 errx(EX_DATAERR, "invalid ipttl %s", *av); in compile_rule()
5044 fill_cmd(cmd, O_IPTTL, 0, strtoul(*av, NULL, 0)); in compile_rule()
5045 av++; in compile_rule()
5050 if (strpbrk(*av, "-,")) { in compile_rule()
5051 if (!add_ports(cmd, *av, 0, O_IPID, cblen)) in compile_rule()
5052 errx(EX_DATAERR, "invalid ipid %s", *av); in compile_rule()
5054 fill_cmd(cmd, O_IPID, 0, strtoul(*av, NULL, 0)); in compile_rule()
5055 av++; in compile_rule()
5060 if (strpbrk(*av, "-,")) { in compile_rule()
5061 if (!add_ports(cmd, *av, 0, O_IPLEN, cblen)) in compile_rule()
5062 errx(EX_DATAERR, "invalid ip len %s", *av); in compile_rule()
5064 fill_cmd(cmd, O_IPLEN, 0, strtoul(*av, NULL, 0)); in compile_rule()
5065 av++; in compile_rule()
5070 fill_cmd(cmd, O_IPVER, 0, strtoul(*av, NULL, 0)); in compile_rule()
5071 av++; in compile_rule()
5077 (strtoul(*av, NULL, 0) & 7) << 5); in compile_rule()
5078 av++; in compile_rule()
5083 fill_dscp(cmd, *av, cblen); in compile_rule()
5084 av++; in compile_rule()
5089 fill_flags_cmd(cmd, O_IPOPT, f_ipopts, *av); in compile_rule()
5090 av++; in compile_rule()
5095 fill_flags_cmd(cmd, O_IPTOS, f_iptos, *av); in compile_rule()
5096 av++; in compile_rule()
5107 uid = strtoul(*av, &end, 0); in compile_rule()
5108 pwd = (*end == '\0') ? getpwuid(uid) : getpwnam(*av); in compile_rule()
5110 errx(EX_DATAERR, "uid \"%s\" nonexistent", *av); in compile_rule()
5113 av++; in compile_rule()
5125 gid = strtoul(*av, &end, 0); in compile_rule()
5126 grp = (*end == '\0') ? getgrgid(gid) : getgrnam(*av); in compile_rule()
5128 errx(EX_DATAERR, "gid \"%s\" nonexistent", *av); in compile_rule()
5131 av++; in compile_rule()
5143 * If av is a number, then we'll just pass it as-is. If in compile_rule()
5153 jid = strtoul(*av, &end, 10); in compile_rule()
5155 jid = jail_getid(*av); in compile_rule()
5161 av++; in compile_rule()
5176 if (strpbrk(*av, "-,")) { in compile_rule()
5177 if (!add_ports(cmd, *av, 0, O_TCPDATALEN, cblen)) in compile_rule()
5178 errx(EX_DATAERR, "invalid tcpdata len %s", *av); in compile_rule()
5181 strtoul(*av, NULL, 0)); in compile_rule()
5182 av++; in compile_rule()
5187 fill_flags_cmd(cmd, O_TCPOPTS, f_tcpopts, *av); in compile_rule()
5188 av++; in compile_rule()
5196 cmd32->d[0] = htonl(strtoul(*av, NULL, 0)); in compile_rule()
5197 av++; in compile_rule()
5203 if (strpbrk(*av, "-,")) { in compile_rule()
5204 if (add_ports(cmd, *av, 0, in compile_rule()
5208 s, *av); in compile_rule()
5211 O_TCPMSS, 0, strtoul(*av, NULL, 0)); in compile_rule()
5212 av++; in compile_rule()
5218 fill_flags_cmd(cmd, O_TCPFLAGS, f_tcpflags, *av); in compile_rule()
5219 av++; in compile_rule()
5232 if (*av != NULL && *av[0] == ':') { in compile_rule()
5233 if (state_check_name(*av + 1) != 0) in compile_rule()
5235 "Invalid state name %s", *av); in compile_rule()
5236 uidx = pack_object(tstate, *av + 1, in compile_rule()
5238 av++; in compile_rule()
5270 while ( av[0] != NULL ) { in compile_rule()
5271 if ((val = match_token(limit_masks, *av)) <= 0) in compile_rule()
5274 av++; in compile_rule()
5282 av++; in compile_rule()
5284 if (*av != NULL && *av[0] == ':') { in compile_rule()
5285 if (state_check_name(*av + 1) != 0) in compile_rule()
5287 "Invalid state name %s", *av); in compile_rule()
5288 c->kidx = pack_object(tstate, *av + 1, in compile_rule()
5290 av++; in compile_rule()
5299 if (add_proto(cmd, *av, &proto)) { in compile_rule()
5300 av++; in compile_rule()
5303 *av); in compile_rule()
5308 if (add_srcip(cmd, *av, cblen, tstate)) { in compile_rule()
5309 av++; in compile_rule()
5315 if (add_dstip(cmd, *av, cblen, tstate)) { in compile_rule()
5316 av++; in compile_rule()
5322 if (add_srcip6(cmd, *av, cblen, tstate)) { in compile_rule()
5323 av++; in compile_rule()
5329 if (add_dstip6(cmd, *av, cblen, tstate)) { in compile_rule()
5330 av++; in compile_rule()
5337 if (add_srcmac(cmd, *av, tstate)) { in compile_rule()
5338 av++; in compile_rule()
5344 if (add_dstmac(cmd, *av, tstate)) { in compile_rule()
5345 av++; in compile_rule()
5351 if (_substrcmp(*av, "any") == 0 || in compile_rule()
5352 add_ports(cmd, *av, proto, O_IP_SRCPORT, cblen)) { in compile_rule()
5353 av++; in compile_rule()
5355 errx(EX_DATAERR, "invalid source port %s", *av); in compile_rule()
5360 if (_substrcmp(*av, "any") == 0 || in compile_rule()
5361 add_ports(cmd, *av, proto, O_IP_DSTPORT, cblen)) { in compile_rule()
5362 av++; in compile_rule()
5365 *av); in compile_rule()
5369 if (add_mac(cmd, av, cblen)) in compile_rule()
5370 av += 2; in compile_rule()
5375 if (!add_mactype(cmd, *av, cblen)) in compile_rule()
5376 errx(EX_DATAERR, "invalid mac type %s", *av); in compile_rule()
5377 av++; in compile_rule()
5406 fill_ext6hdr( cmd, *av ); in compile_rule()
5407 av++; in compile_rule()
5414 fill_flow6( (ipfw_insn_u32 *) cmd, *av, cblen); in compile_rule()
5415 av++; in compile_rule()
5419 fill_comment(cmd, av, cblen); in compile_rule()
5420 av[0]=NULL; in compile_rule()
5424 if (av[0] && strpbrk(*av, "-,")) { in compile_rule()
5425 if (!add_ports(cmd, *av, 0, O_TAGGED, cblen)) in compile_rule()
5427 " list: %s", *av); in compile_rule()
5436 av++; in compile_rule()
5441 fill_cmd(cmd, O_FIB, 0, strtoul(*av, NULL, 0)); in compile_rule()
5442 av++; in compile_rule()
5453 if (!av[0] || !av[1]) in compile_rule()
5458 lkey = strsep(av, ":"); in compile_rule()
5464 if (*av != NULL) { in compile_rule()
5480 c->value = strtoul(*av, NULL, 0); in compile_rule()
5491 av++; in compile_rule()
5492 c->kidx = pack_table(tstate, *av); in compile_rule()
5495 "Invalid table name: %s", *av); in compile_rule()
5496 av++; in compile_rule()
5501 if (strncmp(*av, "table(", 6) != 0) in compile_rule()
5504 fill_table(cmd, *av, O_IP_FLOW_LOOKUP, tstate); in compile_rule()
5505 av++; in compile_rule()
5518 fill_mark(cmd, *av, cblen); in compile_rule()
5519 av++; in compile_rule()
5766 ipfw_add(char *av[]) in ipfw_add() argument
5788 compile_rule(av, (uint32_t *)rule, &rbufsize, &ts); in ipfw_add()
5856 ipfw_zero(int ac, char *av[], int optname) in ipfw_zero() argument
5865 av++; ac--; in ipfw_zero()
5882 if (isdigit(**av)) { in ipfw_zero()
5883 arg = strtonum(*av, 0, 0xffff, &errstr); in ipfw_zero()
5886 "invalid rule number %s\n", *av); in ipfw_zero()
5907 errx(EX_USAGE, "invalid rule number ``%s''", *av); in ipfw_zero()
5909 av++; ac--; in ipfw_zero()
5986 ipfw_list_objects(int ac __unused, char *av[] __unused) in ipfw_list_objects()
6161 ipfw_internal_handler(int ac, char *av[]) in ipfw_internal_handler() argument
6165 ac--; av++; in ipfw_internal_handler()
6168 if ((tcmd = match_token(intcmds, *av)) == -1) in ipfw_internal_handler()
6169 errx(EX_USAGE, "invalid internal sub-cmd: %s", *av); in ipfw_internal_handler()
6176 ipfw_list_ta(ac, av); in ipfw_internal_handler()
6179 ipfw_list_objects(ac, av); in ipfw_internal_handler()
6182 ipfw_list_values(ac, av); in ipfw_internal_handler()
6185 av++; in ipfw_internal_handler()
6186 ipfw_rtsock_monitor(*av); in ipfw_internal_handler()