xref: /freebsd/sbin/ipfw/ipfw2.h (revision 4a77657cbc011ea657ccb079fff6b58b295eccb0) 
1d17aef79SPedro F. Giffuni /*-
23c0c8717SLuigi Rizzo  * Copyright (c) 2002-2003 Luigi Rizzo
33c0c8717SLuigi Rizzo  * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
43c0c8717SLuigi Rizzo  * Copyright (c) 1994 Ugen J.S.Antsilevich
53c0c8717SLuigi Rizzo  *
63c0c8717SLuigi Rizzo  * Idea and grammar partially left from:
73c0c8717SLuigi Rizzo  * Copyright (c) 1993 Daniel Boulet
83c0c8717SLuigi Rizzo  *
93c0c8717SLuigi Rizzo  * Redistribution and use in source forms, with and without modification,
103c0c8717SLuigi Rizzo  * are permitted provided that this entire comment appears intact.
113c0c8717SLuigi Rizzo  *
123c0c8717SLuigi Rizzo  * Redistribution in binary form may occur without any restrictions.
133c0c8717SLuigi Rizzo  * Obviously, it would be nice if you gave credit where credit is due
143c0c8717SLuigi Rizzo  * but requiring it would be too onerous.
153c0c8717SLuigi Rizzo  *
163c0c8717SLuigi Rizzo  * This software is provided ``AS IS'' without any warranties of any kind.
173c0c8717SLuigi Rizzo  *
183c0c8717SLuigi Rizzo  * NEW command line interface for IP firewall facility
193c0c8717SLuigi Rizzo  */
203c0c8717SLuigi Rizzo 
210b95680eSKristof Provost enum cmdline_prog {
220b95680eSKristof Provost 	cmdline_prog_ipfw,
230b95680eSKristof Provost 	cmdline_prog_dnctl
240b95680eSKristof Provost };
250b95680eSKristof Provost 
263c0c8717SLuigi Rizzo /*
273c0c8717SLuigi Rizzo  * Options that can be set on the command line.
283c0c8717SLuigi Rizzo  * When reading commands from a file, a subset of the options can also
293c0c8717SLuigi Rizzo  * be applied globally by specifying them before the file name.
303c0c8717SLuigi Rizzo  * After that, each line can contain its own option that changes
313c0c8717SLuigi Rizzo  * the global value.
323c0c8717SLuigi Rizzo  * XXX The context is not restored after each line.
333c0c8717SLuigi Rizzo  */
343c0c8717SLuigi Rizzo 
353c0c8717SLuigi Rizzo struct cmdline_opts {
363c0c8717SLuigi Rizzo 	/* boolean options: */
373c0c8717SLuigi Rizzo 	int	do_value_as_ip;	/* show table value as IP */
383c0c8717SLuigi Rizzo 	int	do_resolv;	/* try to resolve all ip to names */
393c0c8717SLuigi Rizzo 	int	do_time;	/* Show time stamps */
403c0c8717SLuigi Rizzo 	int	do_quiet;	/* Be quiet in add and flush */
41cc4d3c30SLuigi Rizzo 	int	do_pipe;	/* this cmd refers to a pipe/queue/sched */
423c0c8717SLuigi Rizzo 	int	do_nat; 	/* this cmd refers to a nat config */
433c0c8717SLuigi Rizzo 	int	do_compact;	/* show rules in compact mode */
443c0c8717SLuigi Rizzo 	int	do_force;	/* do not ask for confirmation */
453c0c8717SLuigi Rizzo 	int	show_sets;	/* display the set each rule belongs to */
463c0c8717SLuigi Rizzo 	int	test_only;	/* only check syntax */
473c0c8717SLuigi Rizzo 	int	comment_only;	/* only print action and comment */
483c0c8717SLuigi Rizzo 	int	verbose;	/* be verbose on some commands */
499f44a47fSAlexander V. Chernikov 	int	debug_only;	/* output ioctl i/o on stdout */
503c0c8717SLuigi Rizzo 
513c0c8717SLuigi Rizzo 	/* The options below can have multiple values. */
523c0c8717SLuigi Rizzo 
53d66f9c86SAndrey V. Elsukov 	int	do_dynamic;	/* 1 - display dynamic rules */
54d66f9c86SAndrey V. Elsukov 				/* 2 - display/delete only dynamic rules */
553c0c8717SLuigi Rizzo 	int	do_sort;	/* field to sort results (0 = no) */
563c0c8717SLuigi Rizzo 		/* valid fields are 1 and above */
573c0c8717SLuigi Rizzo 
5856707beeSMark Johnston 	uint32_t use_set;	/* work with specified set number */
593c0c8717SLuigi Rizzo 		/* 0 means all sets, otherwise apply to set use_set - 1 */
603c0c8717SLuigi Rizzo 
610b95680eSKristof Provost 	enum cmdline_prog	prog;	/* Are we ipfw or dnctl? */
623c0c8717SLuigi Rizzo };
633c0c8717SLuigi Rizzo 
640b95680eSKristof Provost int is_ipfw(void);
650b95680eSKristof Provost 
66aed02679SAndrey V. Elsukov enum {
67aed02679SAndrey V. Elsukov 	TIMESTAMP_NONE = 0,
68aed02679SAndrey V. Elsukov 	TIMESTAMP_STRING,
69aed02679SAndrey V. Elsukov 	TIMESTAMP_NUMERIC,
70aed02679SAndrey V. Elsukov };
71aed02679SAndrey V. Elsukov 
7256707beeSMark Johnston extern struct cmdline_opts g_co;
733c0c8717SLuigi Rizzo 
743c0c8717SLuigi Rizzo /*
753c0c8717SLuigi Rizzo  * _s_x is a structure that stores a string <-> token pairs, used in
763c0c8717SLuigi Rizzo  * various places in the parser. Entries are stored in arrays,
773c0c8717SLuigi Rizzo  * with an entry with s=NULL as terminator.
783c0c8717SLuigi Rizzo  * The search routines are match_token() and match_value().
793c0c8717SLuigi Rizzo  * Often, an element with x=0 contains an error string.
803c0c8717SLuigi Rizzo  *
813c0c8717SLuigi Rizzo  */
823c0c8717SLuigi Rizzo struct _s_x {
833c0c8717SLuigi Rizzo 	char const *s;
843c0c8717SLuigi Rizzo 	int x;
853c0c8717SLuigi Rizzo };
863c0c8717SLuigi Rizzo 
87ac35ff17SAlexander V. Chernikov extern struct _s_x f_ipdscp[];
88ac35ff17SAlexander V. Chernikov 
894e9c8ae7SLuigi Rizzo enum tokens {
904e9c8ae7SLuigi Rizzo 	TOK_NULL=0,
914e9c8ae7SLuigi Rizzo 
924e9c8ae7SLuigi Rizzo 	TOK_OR,
934e9c8ae7SLuigi Rizzo 	TOK_NOT,
944e9c8ae7SLuigi Rizzo 	TOK_STARTBRACE,
954e9c8ae7SLuigi Rizzo 	TOK_ENDBRACE,
964e9c8ae7SLuigi Rizzo 
97665c8a2eSMichael Tuexen 	TOK_ABORT6,
98665c8a2eSMichael Tuexen 	TOK_ABORT,
994e9c8ae7SLuigi Rizzo 	TOK_ACCEPT,
1004e9c8ae7SLuigi Rizzo 	TOK_COUNT,
1012acdf79fSAndrey V. Elsukov 	TOK_EACTION,
1024e9c8ae7SLuigi Rizzo 	TOK_PIPE,
103cc4d3c30SLuigi Rizzo 	TOK_LINK,
1044e9c8ae7SLuigi Rizzo 	TOK_QUEUE,
105cc4d3c30SLuigi Rizzo 	TOK_FLOWSET,
106cc4d3c30SLuigi Rizzo 	TOK_SCHED,
1074e9c8ae7SLuigi Rizzo 	TOK_DIVERT,
1084e9c8ae7SLuigi Rizzo 	TOK_TEE,
1094e9c8ae7SLuigi Rizzo 	TOK_NETGRAPH,
1104e9c8ae7SLuigi Rizzo 	TOK_NGTEE,
1114e9c8ae7SLuigi Rizzo 	TOK_FORWARD,
1124e9c8ae7SLuigi Rizzo 	TOK_SKIPTO,
1134e9c8ae7SLuigi Rizzo 	TOK_DENY,
1144e9c8ae7SLuigi Rizzo 	TOK_REJECT,
1154e9c8ae7SLuigi Rizzo 	TOK_RESET,
1164e9c8ae7SLuigi Rizzo 	TOK_UNREACH,
1174e9c8ae7SLuigi Rizzo 	TOK_CHECKSTATE,
1184e9c8ae7SLuigi Rizzo 	TOK_NAT,
119eb2e4119SPaolo Pisati 	TOK_REASS,
1209527ec6eSAndrey V. Elsukov 	TOK_CALL,
1219527ec6eSAndrey V. Elsukov 	TOK_RETURN,
1224e9c8ae7SLuigi Rizzo 
1234e9c8ae7SLuigi Rizzo 	TOK_ALTQ,
1244e9c8ae7SLuigi Rizzo 	TOK_LOG,
1254e9c8ae7SLuigi Rizzo 	TOK_TAG,
1264e9c8ae7SLuigi Rizzo 	TOK_UNTAG,
1274e9c8ae7SLuigi Rizzo 
1284e9c8ae7SLuigi Rizzo 	TOK_TAGGED,
1294e9c8ae7SLuigi Rizzo 	TOK_UID,
1304e9c8ae7SLuigi Rizzo 	TOK_GID,
1314e9c8ae7SLuigi Rizzo 	TOK_JAIL,
1324e9c8ae7SLuigi Rizzo 	TOK_IN,
1334e9c8ae7SLuigi Rizzo 	TOK_LIMIT,
134f7c4fdeeSAndrey V. Elsukov 	TOK_SETLIMIT,
1354e9c8ae7SLuigi Rizzo 	TOK_KEEPSTATE,
136f7c4fdeeSAndrey V. Elsukov 	TOK_RECORDSTATE,
1374e9c8ae7SLuigi Rizzo 	TOK_LAYER2,
1384e9c8ae7SLuigi Rizzo 	TOK_OUT,
1394e9c8ae7SLuigi Rizzo 	TOK_DIVERTED,
1404e9c8ae7SLuigi Rizzo 	TOK_DIVERTEDLOOPBACK,
1414e9c8ae7SLuigi Rizzo 	TOK_DIVERTEDOUTPUT,
1424e9c8ae7SLuigi Rizzo 	TOK_XMIT,
1434e9c8ae7SLuigi Rizzo 	TOK_RECV,
1444e9c8ae7SLuigi Rizzo 	TOK_VIA,
1454e9c8ae7SLuigi Rizzo 	TOK_FRAG,
1464e9c8ae7SLuigi Rizzo 	TOK_IPOPTS,
1474e9c8ae7SLuigi Rizzo 	TOK_IPLEN,
1484e9c8ae7SLuigi Rizzo 	TOK_IPID,
1494e9c8ae7SLuigi Rizzo 	TOK_IPPRECEDENCE,
15072662a75SLuigi Rizzo 	TOK_DSCP,
1514e9c8ae7SLuigi Rizzo 	TOK_IPTOS,
1524e9c8ae7SLuigi Rizzo 	TOK_IPTTL,
1534e9c8ae7SLuigi Rizzo 	TOK_IPVER,
1544e9c8ae7SLuigi Rizzo 	TOK_ESTAB,
1554e9c8ae7SLuigi Rizzo 	TOK_SETUP,
1564e9c8ae7SLuigi Rizzo 	TOK_TCPDATALEN,
1574e9c8ae7SLuigi Rizzo 	TOK_TCPFLAGS,
1584e9c8ae7SLuigi Rizzo 	TOK_TCPOPTS,
1594e9c8ae7SLuigi Rizzo 	TOK_TCPSEQ,
1604e9c8ae7SLuigi Rizzo 	TOK_TCPACK,
161978f2d17SAndrey V. Elsukov 	TOK_TCPMSS,
1624e9c8ae7SLuigi Rizzo 	TOK_TCPWIN,
1634e9c8ae7SLuigi Rizzo 	TOK_ICMPTYPES,
1644e9c8ae7SLuigi Rizzo 	TOK_MAC,
1654e9c8ae7SLuigi Rizzo 	TOK_MACTYPE,
1664e9c8ae7SLuigi Rizzo 	TOK_VERREVPATH,
1674e9c8ae7SLuigi Rizzo 	TOK_VERSRCREACH,
1684e9c8ae7SLuigi Rizzo 	TOK_ANTISPOOF,
1694e9c8ae7SLuigi Rizzo 	TOK_IPSEC,
1704e9c8ae7SLuigi Rizzo 	TOK_COMMENT,
1714e9c8ae7SLuigi Rizzo 
1724e9c8ae7SLuigi Rizzo 	TOK_PLR,
1734e9c8ae7SLuigi Rizzo 	TOK_NOERROR,
1744e9c8ae7SLuigi Rizzo 	TOK_BUCKETS,
1754e9c8ae7SLuigi Rizzo 	TOK_DSTIP,
1764e9c8ae7SLuigi Rizzo 	TOK_SRCIP,
1774e9c8ae7SLuigi Rizzo 	TOK_DSTPORT,
1784e9c8ae7SLuigi Rizzo 	TOK_SRCPORT,
17981cac390SArseny Smalyuk 	TOK_DSTMAC,
18081cac390SArseny Smalyuk 	TOK_SRCMAC,
1814e9c8ae7SLuigi Rizzo 	TOK_ALL,
1824e9c8ae7SLuigi Rizzo 	TOK_MASK,
183cc4d3c30SLuigi Rizzo 	TOK_FLOW_MASK,
184cc4d3c30SLuigi Rizzo 	TOK_SCHED_MASK,
1854e9c8ae7SLuigi Rizzo 	TOK_BW,
1864e9c8ae7SLuigi Rizzo 	TOK_DELAY,
187cc4d3c30SLuigi Rizzo 	TOK_PROFILE,
1886882bf4dSOleg Bulyzhin 	TOK_BURST,
1894e9c8ae7SLuigi Rizzo 	TOK_RED,
1904e9c8ae7SLuigi Rizzo 	TOK_GRED,
191fc5e1956SHiren Panchasara 	TOK_ECN,
1924e9c8ae7SLuigi Rizzo 	TOK_DROPTAIL,
1934e9c8ae7SLuigi Rizzo 	TOK_PROTO,
19491336b40SDon Lewis #ifdef NEW_AQM
19591336b40SDon Lewis 	/* AQM tokens*/
19691336b40SDon Lewis 	TOK_NO_ECN,
19791336b40SDon Lewis 	TOK_CODEL,
19891336b40SDon Lewis 	TOK_FQ_CODEL,
19991336b40SDon Lewis 	TOK_TARGET,
20091336b40SDon Lewis 	TOK_INTERVAL,
20191336b40SDon Lewis 	TOK_FLOWS,
20291336b40SDon Lewis 	TOK_QUANTUM,
20391336b40SDon Lewis 
20491336b40SDon Lewis 	TOK_PIE,
20591336b40SDon Lewis 	TOK_FQ_PIE,
20691336b40SDon Lewis 	TOK_TUPDATE,
20791336b40SDon Lewis 	TOK_MAX_BURST,
20891336b40SDon Lewis 	TOK_MAX_ECNTH,
20991336b40SDon Lewis 	TOK_ALPHA,
21091336b40SDon Lewis 	TOK_BETA,
21191336b40SDon Lewis 	TOK_CAPDROP,
21291336b40SDon Lewis 	TOK_NO_CAPDROP,
21391336b40SDon Lewis 	TOK_ONOFF,
21491336b40SDon Lewis 	TOK_DRE,
21591336b40SDon Lewis 	TOK_TS,
21691336b40SDon Lewis 	TOK_DERAND,
21791336b40SDon Lewis 	TOK_NO_DERAND,
21891336b40SDon Lewis #endif
219cc4d3c30SLuigi Rizzo 	/* dummynet tokens */
2204e9c8ae7SLuigi Rizzo 	TOK_WEIGHT,
221cc4d3c30SLuigi Rizzo 	TOK_LMAX,
222cc4d3c30SLuigi Rizzo 	TOK_PRI,
223cc4d3c30SLuigi Rizzo 	TOK_TYPE,
224cc4d3c30SLuigi Rizzo 	TOK_SLOTSIZE,
225cc4d3c30SLuigi Rizzo 
2264e9c8ae7SLuigi Rizzo 	TOK_IP,
2274e9c8ae7SLuigi Rizzo 	TOK_IF,
2284e9c8ae7SLuigi Rizzo 	TOK_ALOG,
2294e9c8ae7SLuigi Rizzo 	TOK_DENY_INC,
2304e9c8ae7SLuigi Rizzo 	TOK_SAME_PORTS,
2314e9c8ae7SLuigi Rizzo 	TOK_UNREG_ONLY,
23275b89337SAlexander V. Chernikov 	TOK_UNREG_CGN,
2331875bbfeSAndrey V. Elsukov 	TOK_SKIP_GLOBAL,
2344e9c8ae7SLuigi Rizzo 	TOK_RESET_ADDR,
2354e9c8ae7SLuigi Rizzo 	TOK_ALIAS_REV,
2364e9c8ae7SLuigi Rizzo 	TOK_PROXY_ONLY,
2374e9c8ae7SLuigi Rizzo 	TOK_REDIR_ADDR,
2384e9c8ae7SLuigi Rizzo 	TOK_REDIR_PORT,
2394e9c8ae7SLuigi Rizzo 	TOK_REDIR_PROTO,
2404e9c8ae7SLuigi Rizzo 
2414e9c8ae7SLuigi Rizzo 	TOK_IPV6,
2424e9c8ae7SLuigi Rizzo 	TOK_FLOWID,
2434e9c8ae7SLuigi Rizzo 	TOK_ICMP6TYPES,
2444e9c8ae7SLuigi Rizzo 	TOK_EXT6HDR,
2454e9c8ae7SLuigi Rizzo 	TOK_DSTIP6,
2464e9c8ae7SLuigi Rizzo 	TOK_SRCIP6,
2474e9c8ae7SLuigi Rizzo 
2484e9c8ae7SLuigi Rizzo 	TOK_IPV4,
2494e9c8ae7SLuigi Rizzo 	TOK_UNREACH6,
2504e9c8ae7SLuigi Rizzo 	TOK_RESET6,
2514e9c8ae7SLuigi Rizzo 
2524e9c8ae7SLuigi Rizzo 	TOK_FIB,
2534e9c8ae7SLuigi Rizzo 	TOK_SETFIB,
254472099c4SLuigi Rizzo 	TOK_LOOKUP,
255ae99fd0eSLuigi Rizzo 	TOK_SOCKARG,
256ae01d73cSAlexander V. Chernikov 	TOK_SETDSCP,
257358b9d09SAlexander V. Chernikov 	TOK_FLOW,
258358b9d09SAlexander V. Chernikov 	TOK_IFLIST,
259ac35ff17SAlexander V. Chernikov 	/* Table tokens */
260ac35ff17SAlexander V. Chernikov 	TOK_CREATE,
261ac35ff17SAlexander V. Chernikov 	TOK_DESTROY,
262ac35ff17SAlexander V. Chernikov 	TOK_LIST,
263ac35ff17SAlexander V. Chernikov 	TOK_INFO,
264358b9d09SAlexander V. Chernikov 	TOK_DETAIL,
265adf3b2b9SAlexander V. Chernikov 	TOK_MODIFY,
266ac35ff17SAlexander V. Chernikov 	TOK_FLUSH,
26746d52008SAlexander V. Chernikov 	TOK_SWAP,
268ac35ff17SAlexander V. Chernikov 	TOK_ADD,
269ac35ff17SAlexander V. Chernikov 	TOK_DEL,
270ac35ff17SAlexander V. Chernikov 	TOK_VALTYPE,
271ac35ff17SAlexander V. Chernikov 	TOK_ALGO,
272358b9d09SAlexander V. Chernikov 	TOK_TALIST,
2733a845e10SAlexander V. Chernikov 	TOK_ATOMIC,
2744f43138aSAlexander V. Chernikov 	TOK_LOCK,
2754f43138aSAlexander V. Chernikov 	TOK_UNLOCK,
2760cba2b28SAlexander V. Chernikov 	TOK_VLIST,
2775dc5a0e0SAndrey V. Elsukov 	TOK_OLIST,
27805ab1ef6SAndrey V. Elsukov 	TOK_MISSING,
27905ab1ef6SAndrey V. Elsukov 	TOK_ORFLUSH,
280d8caf56eSAndrey V. Elsukov 
281d8caf56eSAndrey V. Elsukov 	/* NAT64 tokens */
282d8caf56eSAndrey V. Elsukov 	TOK_NAT64STL,
283d8caf56eSAndrey V. Elsukov 	TOK_NAT64LSN,
284b867e84eSAndrey V. Elsukov 	TOK_STATS,
285d8caf56eSAndrey V. Elsukov 	TOK_STATES,
286d8caf56eSAndrey V. Elsukov 	TOK_CONFIG,
287d8caf56eSAndrey V. Elsukov 	TOK_TABLE4,
288d8caf56eSAndrey V. Elsukov 	TOK_TABLE6,
289d8caf56eSAndrey V. Elsukov 	TOK_PREFIX4,
290d8caf56eSAndrey V. Elsukov 	TOK_PREFIX6,
291d8caf56eSAndrey V. Elsukov 	TOK_AGG_LEN,
292d8caf56eSAndrey V. Elsukov 	TOK_AGG_COUNT,
293d8caf56eSAndrey V. Elsukov 	TOK_MAX_PORTS,
294d18c1f26SAndrey V. Elsukov 	TOK_STATES_CHUNKS,
295d8caf56eSAndrey V. Elsukov 	TOK_JMAXLEN,
296d8caf56eSAndrey V. Elsukov 	TOK_PORT_RANGE,
297a08cdb6cSNeel Chauhan 	TOK_PORT_ALIAS,
298d8caf56eSAndrey V. Elsukov 	TOK_HOST_DEL_AGE,
299d8caf56eSAndrey V. Elsukov 	TOK_PG_DEL_AGE,
300d8caf56eSAndrey V. Elsukov 	TOK_TCP_SYN_AGE,
301d8caf56eSAndrey V. Elsukov 	TOK_TCP_CLOSE_AGE,
302d8caf56eSAndrey V. Elsukov 	TOK_TCP_EST_AGE,
303d8caf56eSAndrey V. Elsukov 	TOK_UDP_AGE,
304d8caf56eSAndrey V. Elsukov 	TOK_ICMP_AGE,
305d8caf56eSAndrey V. Elsukov 	TOK_LOGOFF,
306b11efc1eSAndrey V. Elsukov 	TOK_PRIVATE,
307b11efc1eSAndrey V. Elsukov 	TOK_PRIVATEOFF,
308*4a77657cSAndrey V. Elsukov 	TOK_SWAPCONF,
309*4a77657cSAndrey V. Elsukov 	TOK_SWAPCONFOFF,
310b867e84eSAndrey V. Elsukov 
3115c04f73eSAndrey V. Elsukov 	/* NAT64 CLAT tokens */
3125c04f73eSAndrey V. Elsukov 	TOK_NAT64CLAT,
3135c04f73eSAndrey V. Elsukov 	TOK_PLAT_PREFIX,
3145c04f73eSAndrey V. Elsukov 	TOK_CLAT_PREFIX,
3155c04f73eSAndrey V. Elsukov 
316b867e84eSAndrey V. Elsukov 	/* NPTv6 tokens */
317b867e84eSAndrey V. Elsukov 	TOK_NPTV6,
318b867e84eSAndrey V. Elsukov 	TOK_INTPREFIX,
319b867e84eSAndrey V. Elsukov 	TOK_EXTPREFIX,
320b867e84eSAndrey V. Elsukov 	TOK_PREFIXLEN,
321b2b56606SAndrey V. Elsukov 	TOK_EXTIF,
322aac74aeaSAndrey V. Elsukov 
323aac74aeaSAndrey V. Elsukov 	TOK_TCPSETMSS,
324f7c4fdeeSAndrey V. Elsukov 
325fc727ad6SBoris Lytochkin 	TOK_MARK,
326fc727ad6SBoris Lytochkin 	TOK_SETMARK,
327fc727ad6SBoris Lytochkin 
328f7c4fdeeSAndrey V. Elsukov 	TOK_SKIPACTION,
329b6c90b90SDamjan Jovanovic 	TOK_UDP_EIM,
3304e9c8ae7SLuigi Rizzo };
3311940fa77SAlexander V. Chernikov 
3323c0c8717SLuigi Rizzo /*
3333c0c8717SLuigi Rizzo  * the following macro returns an error message if we run out of
3343c0c8717SLuigi Rizzo  * arguments.
3353c0c8717SLuigi Rizzo  */
336cc4d3c30SLuigi Rizzo #define NEED(_p, msg)      {if (!_p) errx(EX_USAGE, msg);}
337cc4d3c30SLuigi Rizzo #define NEED1(msg)      {if (!(*av)) errx(EX_USAGE, msg);}
3383c0c8717SLuigi Rizzo 
339563b5ab1SAlexander V. Chernikov struct buf_pr {
340563b5ab1SAlexander V. Chernikov 	char	*buf;	/* allocated buffer */
341563b5ab1SAlexander V. Chernikov 	char	*ptr;	/* current pointer */
342563b5ab1SAlexander V. Chernikov 	size_t	size;	/* total buffer size */
343563b5ab1SAlexander V. Chernikov 	size_t	avail;	/* available storage */
344563b5ab1SAlexander V. Chernikov 	size_t	needed;	/* length needed */
345563b5ab1SAlexander V. Chernikov };
346563b5ab1SAlexander V. Chernikov 
347165236a1SMark Johnston int pr_u64(struct buf_pr *bp, void *pd, int width);
348563b5ab1SAlexander V. Chernikov int bp_alloc(struct buf_pr *b, size_t size);
349563b5ab1SAlexander V. Chernikov void bp_free(struct buf_pr *b);
35056707beeSMark Johnston int bprintf(struct buf_pr *b, const char *format, ...);
351563b5ab1SAlexander V. Chernikov 
35250a99912SLuigi Rizzo 
3533c0c8717SLuigi Rizzo /* memory allocation support */
3543c0c8717SLuigi Rizzo void *safe_calloc(size_t number, size_t size);
3553c0c8717SLuigi Rizzo void *safe_realloc(void *ptr, size_t size);
3563c0c8717SLuigi Rizzo 
357ead75a59SLuigi Rizzo /* string comparison functions used for historical compatibility */
3583c0c8717SLuigi Rizzo int _substrcmp(const char *str1, const char* str2);
3594e9c8ae7SLuigi Rizzo int _substrcmp2(const char *str1, const char* str2, const char* str3);
36068394ec8SAlexander V. Chernikov int stringnum_cmp(const char *a, const char *b);
3614e9c8ae7SLuigi Rizzo 
362ead75a59SLuigi Rizzo /* utility functions */
3632acdf79fSAndrey V. Elsukov int match_token(struct _s_x *table, const char *string);
3642acdf79fSAndrey V. Elsukov int match_token_relaxed(struct _s_x *table, const char *string);
3652acdf79fSAndrey V. Elsukov int get_token(struct _s_x *table, const char *string, const char *errbase);
366ead75a59SLuigi Rizzo char const *match_value(struct _s_x *p, int value);
367ac35ff17SAlexander V. Chernikov size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
36856707beeSMark Johnston     const char *delimiter);
3690cba2b28SAlexander V. Chernikov int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
3700cba2b28SAlexander V. Chernikov     uint32_t *clear);
3710cba2b28SAlexander V. Chernikov void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
372ead75a59SLuigi Rizzo 
373f1220db8SAlexander V. Chernikov struct _ip_fw3_opheader;
3744e9c8ae7SLuigi Rizzo int do_cmd(int optname, void *optval, uintptr_t optlen);
3756d3c367dSMarius Strobl int do_set3(int optname, struct _ip_fw3_opheader *op3, size_t optlen);
376f1220db8SAlexander V. Chernikov int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen);
3771058f177SAlexander V. Chernikov 
3784e9c8ae7SLuigi Rizzo struct in6_addr;
3794e9c8ae7SLuigi Rizzo void n2mask(struct in6_addr *mask, int n);
38056707beeSMark Johnston int contigmask(const uint8_t *p, int len);
381ead75a59SLuigi Rizzo 
38216e3606fSLuigi Rizzo /*
38316e3606fSLuigi Rizzo  * Forward declarations to avoid include way too many headers.
38416e3606fSLuigi Rizzo  * C does not allow duplicated typedefs, so we use the base struct
38516e3606fSLuigi Rizzo  * that the typedef points to.
38616e3606fSLuigi Rizzo  * Should the typedefs use a different type, the compiler will
38716e3606fSLuigi Rizzo  * still detect the change when compiling the body of the
38816e3606fSLuigi Rizzo  * functions involved, so we do not lose error checking.
38916e3606fSLuigi Rizzo  */
39016e3606fSLuigi Rizzo struct _ipfw_insn;
39123c608c8SLuigi Rizzo struct _ipfw_insn_altq;
39216e3606fSLuigi Rizzo struct _ipfw_insn_u32;
39316e3606fSLuigi Rizzo struct _ipfw_insn_ip6;
39416e3606fSLuigi Rizzo struct _ipfw_insn_icmp6;
3953c0c8717SLuigi Rizzo 
3963c0c8717SLuigi Rizzo /*
3973c0c8717SLuigi Rizzo  * The reserved set numer. This is a constant in ip_fw.h
3983c0c8717SLuigi Rizzo  * but we store it in a variable so other files do not depend
3993c0c8717SLuigi Rizzo  * in that header just for one constant.
4003c0c8717SLuigi Rizzo  */
4013c0c8717SLuigi Rizzo extern int resvd_set_number;
4023c0c8717SLuigi Rizzo 
403ead75a59SLuigi Rizzo /* first-level command handlers */
404cc4d3c30SLuigi Rizzo void ipfw_add(char *av[]);
4053c0c8717SLuigi Rizzo void ipfw_show_nat(int ac, char **av);
406db1102f2SAndrey V. Elsukov int ipfw_delete_nat(int i);
4073c0c8717SLuigi Rizzo void ipfw_config_pipe(int ac, char **av);
4083c0c8717SLuigi Rizzo void ipfw_config_nat(int ac, char **av);
409cc4d3c30SLuigi Rizzo void ipfw_sets_handler(char *av[]);
4103c0c8717SLuigi Rizzo void ipfw_table_handler(int ac, char *av[]);
411cc4d3c30SLuigi Rizzo void ipfw_sysctl_handler(char *av[], int which);
412cc4d3c30SLuigi Rizzo void ipfw_delete(char *av[]);
4133c0c8717SLuigi Rizzo void ipfw_flush(int force);
4143c0c8717SLuigi Rizzo void ipfw_zero(int ac, char *av[], int optname);
4153c0c8717SLuigi Rizzo void ipfw_list(int ac, char *av[], int show_counters);
416358b9d09SAlexander V. Chernikov void ipfw_internal_handler(int ac, char *av[]);
4175c04f73eSAndrey V. Elsukov void ipfw_nat64clat_handler(int ac, char *av[]);
418d8caf56eSAndrey V. Elsukov void ipfw_nat64lsn_handler(int ac, char *av[]);
419d8caf56eSAndrey V. Elsukov void ipfw_nat64stl_handler(int ac, char *av[]);
420b867e84eSAndrey V. Elsukov void ipfw_nptv6_handler(int ac, char *av[]);
4212acdf79fSAndrey V. Elsukov int ipfw_check_object_name(const char *name);
422782360deSAndrey V. Elsukov int ipfw_check_nat64prefix(const struct in6_addr *prefix, int length);
4233c0c8717SLuigi Rizzo 
4249968f056SGleb Smirnoff #ifdef PF
42523c608c8SLuigi Rizzo /* altq.c */
42623c608c8SLuigi Rizzo void altq_set_enabled(int enabled);
42723c608c8SLuigi Rizzo u_int32_t altq_name_to_qid(const char *name);
42856707beeSMark Johnston void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr);
4299968f056SGleb Smirnoff #else
4309968f056SGleb Smirnoff #define NO_ALTQ
4319968f056SGleb Smirnoff #endif
43223c608c8SLuigi Rizzo 
433ead75a59SLuigi Rizzo /* dummynet.c */
434cc4d3c30SLuigi Rizzo void dummynet_list(int ac, char *av[], int show_counters);
435cc4d3c30SLuigi Rizzo void dummynet_flush(void);
4364e9c8ae7SLuigi Rizzo int ipfw_delete_pipe(int pipe_or_queue, int n);
4374e9c8ae7SLuigi Rizzo 
438ead75a59SLuigi Rizzo /* ipv6.c */
4397b34dbe4SAndrey V. Elsukov void print_unreach6_code(struct buf_pr *bp, uint16_t code);
44056707beeSMark Johnston void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd);
44156707beeSMark Johnston void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
44256707beeSMark Johnston void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
44356707beeSMark Johnston void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd);
444ead75a59SLuigi Rizzo 
445757b5d87SAndrey V. Elsukov struct tidx;
446757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
447757b5d87SAndrey V. Elsukov     struct tidx *tstate);
448757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen,
449757b5d87SAndrey V. Elsukov     struct tidx *tstate);
450ead75a59SLuigi Rizzo 
451579ed7bdSAlexander V. Chernikov void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen);
4522b5dd8b8SAlexander V. Chernikov uint16_t get_unreach6_code(const char *str);
453579ed7bdSAlexander V. Chernikov void fill_icmp6types(struct _ipfw_insn_icmp6 *cmd, char *av, int cblen);
45416e3606fSLuigi Rizzo int fill_ext6hdr(struct _ipfw_insn *cmd, char *av);
455563b5ab1SAlexander V. Chernikov 
456b04471d8SCy Schubert /* ipfw2.c */
457b04471d8SCy Schubert void bp_flush(struct buf_pr *b);
458757b5d87SAndrey V. Elsukov void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
459757b5d87SAndrey V. Elsukov     struct tidx *tstate);
460b04471d8SCy Schubert 
461563b5ab1SAlexander V. Chernikov /* tables.c */
462563b5ab1SAlexander V. Chernikov struct _ipfw_obj_ctlv;
463d8caf56eSAndrey V. Elsukov struct _ipfw_obj_ntlv;
4642acdf79fSAndrey V. Elsukov int table_check_name(const char *tablename);
465358b9d09SAlexander V. Chernikov void ipfw_list_ta(int ac, char *av[]);
4660cba2b28SAlexander V. Chernikov void ipfw_list_values(int ac, char *av[]);
467d8caf56eSAndrey V. Elsukov void table_fill_ntlv(struct _ipfw_obj_ntlv *ntlv, const char *name,
468*4a77657cSAndrey V. Elsukov     uint8_t set, uint32_t uidx);
469563b5ab1SAlexander V. Chernikov 
470