xref: /freebsd/sbin/ipfw/ipfw2.h (revision d66f9c86fa3fd8d8f0a56ea96b03ca11f2fac1fb) 
1d17aef79SPedro F. Giffuni /*-
23c0c8717SLuigi Rizzo  * Copyright (c) 2002-2003 Luigi Rizzo
33c0c8717SLuigi Rizzo  * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
43c0c8717SLuigi Rizzo  * Copyright (c) 1994 Ugen J.S.Antsilevich
53c0c8717SLuigi Rizzo  *
63c0c8717SLuigi Rizzo  * Idea and grammar partially left from:
73c0c8717SLuigi Rizzo  * Copyright (c) 1993 Daniel Boulet
83c0c8717SLuigi Rizzo  *
93c0c8717SLuigi Rizzo  * Redistribution and use in source forms, with and without modification,
103c0c8717SLuigi Rizzo  * are permitted provided that this entire comment appears intact.
113c0c8717SLuigi Rizzo  *
123c0c8717SLuigi Rizzo  * Redistribution in binary form may occur without any restrictions.
133c0c8717SLuigi Rizzo  * Obviously, it would be nice if you gave credit where credit is due
143c0c8717SLuigi Rizzo  * but requiring it would be too onerous.
153c0c8717SLuigi Rizzo  *
163c0c8717SLuigi Rizzo  * This software is provided ``AS IS'' without any warranties of any kind.
173c0c8717SLuigi Rizzo  *
183c0c8717SLuigi Rizzo  * NEW command line interface for IP firewall facility
193c0c8717SLuigi Rizzo  *
203c0c8717SLuigi Rizzo  * $FreeBSD$
213c0c8717SLuigi Rizzo  */
223c0c8717SLuigi Rizzo 
233c0c8717SLuigi Rizzo /*
243c0c8717SLuigi Rizzo  * Options that can be set on the command line.
253c0c8717SLuigi Rizzo  * When reading commands from a file, a subset of the options can also
263c0c8717SLuigi Rizzo  * be applied globally by specifying them before the file name.
273c0c8717SLuigi Rizzo  * After that, each line can contain its own option that changes
283c0c8717SLuigi Rizzo  * the global value.
293c0c8717SLuigi Rizzo  * XXX The context is not restored after each line.
303c0c8717SLuigi Rizzo  */
313c0c8717SLuigi Rizzo 
323c0c8717SLuigi Rizzo struct cmdline_opts {
333c0c8717SLuigi Rizzo 	/* boolean options: */
343c0c8717SLuigi Rizzo 	int	do_value_as_ip;	/* show table value as IP */
353c0c8717SLuigi Rizzo 	int	do_resolv;	/* try to resolve all ip to names */
363c0c8717SLuigi Rizzo 	int	do_time;	/* Show time stamps */
373c0c8717SLuigi Rizzo 	int	do_quiet;	/* Be quiet in add and flush */
38cc4d3c30SLuigi Rizzo 	int	do_pipe;	/* this cmd refers to a pipe/queue/sched */
393c0c8717SLuigi Rizzo 	int	do_nat; 	/* this cmd refers to a nat config */
403c0c8717SLuigi Rizzo 	int	do_compact;	/* show rules in compact mode */
413c0c8717SLuigi Rizzo 	int	do_force;	/* do not ask for confirmation */
423c0c8717SLuigi Rizzo 	int	show_sets;	/* display the set each rule belongs to */
433c0c8717SLuigi Rizzo 	int	test_only;	/* only check syntax */
443c0c8717SLuigi Rizzo 	int	comment_only;	/* only print action and comment */
453c0c8717SLuigi Rizzo 	int	verbose;	/* be verbose on some commands */
463c0c8717SLuigi Rizzo 
473c0c8717SLuigi Rizzo 	/* The options below can have multiple values. */
483c0c8717SLuigi Rizzo 
49*d66f9c86SAndrey V. Elsukov 	int	do_dynamic;	/* 1 - display dynamic rules */
50*d66f9c86SAndrey V. Elsukov 				/* 2 - display/delete only dynamic rules */
513c0c8717SLuigi Rizzo 	int	do_sort;	/* field to sort results (0 = no) */
523c0c8717SLuigi Rizzo 		/* valid fields are 1 and above */
533c0c8717SLuigi Rizzo 
543c0c8717SLuigi Rizzo 	int	use_set;	/* work with specified set number */
553c0c8717SLuigi Rizzo 		/* 0 means all sets, otherwise apply to set use_set - 1 */
563c0c8717SLuigi Rizzo 
573c0c8717SLuigi Rizzo };
583c0c8717SLuigi Rizzo 
59aed02679SAndrey V. Elsukov enum {
60aed02679SAndrey V. Elsukov 	TIMESTAMP_NONE = 0,
61aed02679SAndrey V. Elsukov 	TIMESTAMP_STRING,
62aed02679SAndrey V. Elsukov 	TIMESTAMP_NUMERIC,
63aed02679SAndrey V. Elsukov };
64aed02679SAndrey V. Elsukov 
653c0c8717SLuigi Rizzo extern struct cmdline_opts co;
663c0c8717SLuigi Rizzo 
673c0c8717SLuigi Rizzo /*
683c0c8717SLuigi Rizzo  * _s_x is a structure that stores a string <-> token pairs, used in
693c0c8717SLuigi Rizzo  * various places in the parser. Entries are stored in arrays,
703c0c8717SLuigi Rizzo  * with an entry with s=NULL as terminator.
713c0c8717SLuigi Rizzo  * The search routines are match_token() and match_value().
723c0c8717SLuigi Rizzo  * Often, an element with x=0 contains an error string.
733c0c8717SLuigi Rizzo  *
743c0c8717SLuigi Rizzo  */
753c0c8717SLuigi Rizzo struct _s_x {
763c0c8717SLuigi Rizzo 	char const *s;
773c0c8717SLuigi Rizzo 	int x;
783c0c8717SLuigi Rizzo };
793c0c8717SLuigi Rizzo 
80ac35ff17SAlexander V. Chernikov extern struct _s_x f_ipdscp[];
81ac35ff17SAlexander V. Chernikov 
824e9c8ae7SLuigi Rizzo enum tokens {
834e9c8ae7SLuigi Rizzo 	TOK_NULL=0,
844e9c8ae7SLuigi Rizzo 
854e9c8ae7SLuigi Rizzo 	TOK_OR,
864e9c8ae7SLuigi Rizzo 	TOK_NOT,
874e9c8ae7SLuigi Rizzo 	TOK_STARTBRACE,
884e9c8ae7SLuigi Rizzo 	TOK_ENDBRACE,
894e9c8ae7SLuigi Rizzo 
90665c8a2eSMichael Tuexen 	TOK_ABORT6,
91665c8a2eSMichael Tuexen 	TOK_ABORT,
924e9c8ae7SLuigi Rizzo 	TOK_ACCEPT,
934e9c8ae7SLuigi Rizzo 	TOK_COUNT,
942acdf79fSAndrey V. Elsukov 	TOK_EACTION,
954e9c8ae7SLuigi Rizzo 	TOK_PIPE,
96cc4d3c30SLuigi Rizzo 	TOK_LINK,
974e9c8ae7SLuigi Rizzo 	TOK_QUEUE,
98cc4d3c30SLuigi Rizzo 	TOK_FLOWSET,
99cc4d3c30SLuigi Rizzo 	TOK_SCHED,
1004e9c8ae7SLuigi Rizzo 	TOK_DIVERT,
1014e9c8ae7SLuigi Rizzo 	TOK_TEE,
1024e9c8ae7SLuigi Rizzo 	TOK_NETGRAPH,
1034e9c8ae7SLuigi Rizzo 	TOK_NGTEE,
1044e9c8ae7SLuigi Rizzo 	TOK_FORWARD,
1054e9c8ae7SLuigi Rizzo 	TOK_SKIPTO,
1064e9c8ae7SLuigi Rizzo 	TOK_DENY,
1074e9c8ae7SLuigi Rizzo 	TOK_REJECT,
1084e9c8ae7SLuigi Rizzo 	TOK_RESET,
1094e9c8ae7SLuigi Rizzo 	TOK_UNREACH,
1104e9c8ae7SLuigi Rizzo 	TOK_CHECKSTATE,
1114e9c8ae7SLuigi Rizzo 	TOK_NAT,
112eb2e4119SPaolo Pisati 	TOK_REASS,
1139527ec6eSAndrey V. Elsukov 	TOK_CALL,
1149527ec6eSAndrey V. Elsukov 	TOK_RETURN,
1154e9c8ae7SLuigi Rizzo 
1164e9c8ae7SLuigi Rizzo 	TOK_ALTQ,
1174e9c8ae7SLuigi Rizzo 	TOK_LOG,
1184e9c8ae7SLuigi Rizzo 	TOK_TAG,
1194e9c8ae7SLuigi Rizzo 	TOK_UNTAG,
1204e9c8ae7SLuigi Rizzo 
1214e9c8ae7SLuigi Rizzo 	TOK_TAGGED,
1224e9c8ae7SLuigi Rizzo 	TOK_UID,
1234e9c8ae7SLuigi Rizzo 	TOK_GID,
1244e9c8ae7SLuigi Rizzo 	TOK_JAIL,
1254e9c8ae7SLuigi Rizzo 	TOK_IN,
1264e9c8ae7SLuigi Rizzo 	TOK_LIMIT,
127f7c4fdeeSAndrey V. Elsukov 	TOK_SETLIMIT,
1284e9c8ae7SLuigi Rizzo 	TOK_KEEPSTATE,
129f7c4fdeeSAndrey V. Elsukov 	TOK_RECORDSTATE,
1304e9c8ae7SLuigi Rizzo 	TOK_LAYER2,
1314e9c8ae7SLuigi Rizzo 	TOK_OUT,
1324e9c8ae7SLuigi Rizzo 	TOK_DIVERTED,
1334e9c8ae7SLuigi Rizzo 	TOK_DIVERTEDLOOPBACK,
1344e9c8ae7SLuigi Rizzo 	TOK_DIVERTEDOUTPUT,
1354e9c8ae7SLuigi Rizzo 	TOK_XMIT,
1364e9c8ae7SLuigi Rizzo 	TOK_RECV,
1374e9c8ae7SLuigi Rizzo 	TOK_VIA,
1384e9c8ae7SLuigi Rizzo 	TOK_FRAG,
1394e9c8ae7SLuigi Rizzo 	TOK_IPOPTS,
1404e9c8ae7SLuigi Rizzo 	TOK_IPLEN,
1414e9c8ae7SLuigi Rizzo 	TOK_IPID,
1424e9c8ae7SLuigi Rizzo 	TOK_IPPRECEDENCE,
14372662a75SLuigi Rizzo 	TOK_DSCP,
1444e9c8ae7SLuigi Rizzo 	TOK_IPTOS,
1454e9c8ae7SLuigi Rizzo 	TOK_IPTTL,
1464e9c8ae7SLuigi Rizzo 	TOK_IPVER,
1474e9c8ae7SLuigi Rizzo 	TOK_ESTAB,
1484e9c8ae7SLuigi Rizzo 	TOK_SETUP,
1494e9c8ae7SLuigi Rizzo 	TOK_TCPDATALEN,
1504e9c8ae7SLuigi Rizzo 	TOK_TCPFLAGS,
1514e9c8ae7SLuigi Rizzo 	TOK_TCPOPTS,
1524e9c8ae7SLuigi Rizzo 	TOK_TCPSEQ,
1534e9c8ae7SLuigi Rizzo 	TOK_TCPACK,
1544e9c8ae7SLuigi Rizzo 	TOK_TCPWIN,
1554e9c8ae7SLuigi Rizzo 	TOK_ICMPTYPES,
1564e9c8ae7SLuigi Rizzo 	TOK_MAC,
1574e9c8ae7SLuigi Rizzo 	TOK_MACTYPE,
1584e9c8ae7SLuigi Rizzo 	TOK_VERREVPATH,
1594e9c8ae7SLuigi Rizzo 	TOK_VERSRCREACH,
1604e9c8ae7SLuigi Rizzo 	TOK_ANTISPOOF,
1614e9c8ae7SLuigi Rizzo 	TOK_IPSEC,
1624e9c8ae7SLuigi Rizzo 	TOK_COMMENT,
1634e9c8ae7SLuigi Rizzo 
1644e9c8ae7SLuigi Rizzo 	TOK_PLR,
1654e9c8ae7SLuigi Rizzo 	TOK_NOERROR,
1664e9c8ae7SLuigi Rizzo 	TOK_BUCKETS,
1674e9c8ae7SLuigi Rizzo 	TOK_DSTIP,
1684e9c8ae7SLuigi Rizzo 	TOK_SRCIP,
1694e9c8ae7SLuigi Rizzo 	TOK_DSTPORT,
1704e9c8ae7SLuigi Rizzo 	TOK_SRCPORT,
1714e9c8ae7SLuigi Rizzo 	TOK_ALL,
1724e9c8ae7SLuigi Rizzo 	TOK_MASK,
173cc4d3c30SLuigi Rizzo 	TOK_FLOW_MASK,
174cc4d3c30SLuigi Rizzo 	TOK_SCHED_MASK,
1754e9c8ae7SLuigi Rizzo 	TOK_BW,
1764e9c8ae7SLuigi Rizzo 	TOK_DELAY,
177cc4d3c30SLuigi Rizzo 	TOK_PROFILE,
1786882bf4dSOleg Bulyzhin 	TOK_BURST,
1794e9c8ae7SLuigi Rizzo 	TOK_RED,
1804e9c8ae7SLuigi Rizzo 	TOK_GRED,
181fc5e1956SHiren Panchasara 	TOK_ECN,
1824e9c8ae7SLuigi Rizzo 	TOK_DROPTAIL,
1834e9c8ae7SLuigi Rizzo 	TOK_PROTO,
18491336b40SDon Lewis #ifdef NEW_AQM
18591336b40SDon Lewis 	/* AQM tokens*/
18691336b40SDon Lewis 	TOK_NO_ECN,
18791336b40SDon Lewis 	TOK_CODEL,
18891336b40SDon Lewis 	TOK_FQ_CODEL,
18991336b40SDon Lewis 	TOK_TARGET,
19091336b40SDon Lewis 	TOK_INTERVAL,
19191336b40SDon Lewis 	TOK_FLOWS,
19291336b40SDon Lewis 	TOK_QUANTUM,
19391336b40SDon Lewis 
19491336b40SDon Lewis 	TOK_PIE,
19591336b40SDon Lewis 	TOK_FQ_PIE,
19691336b40SDon Lewis 	TOK_TUPDATE,
19791336b40SDon Lewis 	TOK_MAX_BURST,
19891336b40SDon Lewis 	TOK_MAX_ECNTH,
19991336b40SDon Lewis 	TOK_ALPHA,
20091336b40SDon Lewis 	TOK_BETA,
20191336b40SDon Lewis 	TOK_CAPDROP,
20291336b40SDon Lewis 	TOK_NO_CAPDROP,
20391336b40SDon Lewis 	TOK_ONOFF,
20491336b40SDon Lewis 	TOK_DRE,
20591336b40SDon Lewis 	TOK_TS,
20691336b40SDon Lewis 	TOK_DERAND,
20791336b40SDon Lewis 	TOK_NO_DERAND,
20891336b40SDon Lewis #endif
209cc4d3c30SLuigi Rizzo 	/* dummynet tokens */
2104e9c8ae7SLuigi Rizzo 	TOK_WEIGHT,
211cc4d3c30SLuigi Rizzo 	TOK_LMAX,
212cc4d3c30SLuigi Rizzo 	TOK_PRI,
213cc4d3c30SLuigi Rizzo 	TOK_TYPE,
214cc4d3c30SLuigi Rizzo 	TOK_SLOTSIZE,
215cc4d3c30SLuigi Rizzo 
2164e9c8ae7SLuigi Rizzo 	TOK_IP,
2174e9c8ae7SLuigi Rizzo 	TOK_IF,
2184e9c8ae7SLuigi Rizzo 	TOK_ALOG,
2194e9c8ae7SLuigi Rizzo 	TOK_DENY_INC,
2204e9c8ae7SLuigi Rizzo 	TOK_SAME_PORTS,
2214e9c8ae7SLuigi Rizzo 	TOK_UNREG_ONLY,
2221875bbfeSAndrey V. Elsukov 	TOK_SKIP_GLOBAL,
2234e9c8ae7SLuigi Rizzo 	TOK_RESET_ADDR,
2244e9c8ae7SLuigi Rizzo 	TOK_ALIAS_REV,
2254e9c8ae7SLuigi Rizzo 	TOK_PROXY_ONLY,
2264e9c8ae7SLuigi Rizzo 	TOK_REDIR_ADDR,
2274e9c8ae7SLuigi Rizzo 	TOK_REDIR_PORT,
2284e9c8ae7SLuigi Rizzo 	TOK_REDIR_PROTO,
2294e9c8ae7SLuigi Rizzo 
2304e9c8ae7SLuigi Rizzo 	TOK_IPV6,
2314e9c8ae7SLuigi Rizzo 	TOK_FLOWID,
2324e9c8ae7SLuigi Rizzo 	TOK_ICMP6TYPES,
2334e9c8ae7SLuigi Rizzo 	TOK_EXT6HDR,
2344e9c8ae7SLuigi Rizzo 	TOK_DSTIP6,
2354e9c8ae7SLuigi Rizzo 	TOK_SRCIP6,
2364e9c8ae7SLuigi Rizzo 
2374e9c8ae7SLuigi Rizzo 	TOK_IPV4,
2384e9c8ae7SLuigi Rizzo 	TOK_UNREACH6,
2394e9c8ae7SLuigi Rizzo 	TOK_RESET6,
2404e9c8ae7SLuigi Rizzo 
2414e9c8ae7SLuigi Rizzo 	TOK_FIB,
2424e9c8ae7SLuigi Rizzo 	TOK_SETFIB,
243472099c4SLuigi Rizzo 	TOK_LOOKUP,
244ae99fd0eSLuigi Rizzo 	TOK_SOCKARG,
245ae01d73cSAlexander V. Chernikov 	TOK_SETDSCP,
246358b9d09SAlexander V. Chernikov 	TOK_FLOW,
247358b9d09SAlexander V. Chernikov 	TOK_IFLIST,
248ac35ff17SAlexander V. Chernikov 	/* Table tokens */
249ac35ff17SAlexander V. Chernikov 	TOK_CREATE,
250ac35ff17SAlexander V. Chernikov 	TOK_DESTROY,
251ac35ff17SAlexander V. Chernikov 	TOK_LIST,
252ac35ff17SAlexander V. Chernikov 	TOK_INFO,
253358b9d09SAlexander V. Chernikov 	TOK_DETAIL,
254adf3b2b9SAlexander V. Chernikov 	TOK_MODIFY,
255ac35ff17SAlexander V. Chernikov 	TOK_FLUSH,
25646d52008SAlexander V. Chernikov 	TOK_SWAP,
257ac35ff17SAlexander V. Chernikov 	TOK_ADD,
258ac35ff17SAlexander V. Chernikov 	TOK_DEL,
259ac35ff17SAlexander V. Chernikov 	TOK_VALTYPE,
260ac35ff17SAlexander V. Chernikov 	TOK_ALGO,
261358b9d09SAlexander V. Chernikov 	TOK_TALIST,
2623a845e10SAlexander V. Chernikov 	TOK_ATOMIC,
2634f43138aSAlexander V. Chernikov 	TOK_LOCK,
2644f43138aSAlexander V. Chernikov 	TOK_UNLOCK,
2650cba2b28SAlexander V. Chernikov 	TOK_VLIST,
2665dc5a0e0SAndrey V. Elsukov 	TOK_OLIST,
267d8caf56eSAndrey V. Elsukov 
268d8caf56eSAndrey V. Elsukov 	/* NAT64 tokens */
269d8caf56eSAndrey V. Elsukov 	TOK_NAT64STL,
270d8caf56eSAndrey V. Elsukov 	TOK_NAT64LSN,
271b867e84eSAndrey V. Elsukov 	TOK_STATS,
272d8caf56eSAndrey V. Elsukov 	TOK_STATES,
273d8caf56eSAndrey V. Elsukov 	TOK_CONFIG,
274d8caf56eSAndrey V. Elsukov 	TOK_TABLE4,
275d8caf56eSAndrey V. Elsukov 	TOK_TABLE6,
276d8caf56eSAndrey V. Elsukov 	TOK_PREFIX4,
277d8caf56eSAndrey V. Elsukov 	TOK_PREFIX6,
278d8caf56eSAndrey V. Elsukov 	TOK_AGG_LEN,
279d8caf56eSAndrey V. Elsukov 	TOK_AGG_COUNT,
280d8caf56eSAndrey V. Elsukov 	TOK_MAX_PORTS,
281d8caf56eSAndrey V. Elsukov 	TOK_JMAXLEN,
282d8caf56eSAndrey V. Elsukov 	TOK_PORT_RANGE,
283d8caf56eSAndrey V. Elsukov 	TOK_HOST_DEL_AGE,
284d8caf56eSAndrey V. Elsukov 	TOK_PG_DEL_AGE,
285d8caf56eSAndrey V. Elsukov 	TOK_TCP_SYN_AGE,
286d8caf56eSAndrey V. Elsukov 	TOK_TCP_CLOSE_AGE,
287d8caf56eSAndrey V. Elsukov 	TOK_TCP_EST_AGE,
288d8caf56eSAndrey V. Elsukov 	TOK_UDP_AGE,
289d8caf56eSAndrey V. Elsukov 	TOK_ICMP_AGE,
290d8caf56eSAndrey V. Elsukov 	TOK_LOGOFF,
291b867e84eSAndrey V. Elsukov 
292b867e84eSAndrey V. Elsukov 	/* NPTv6 tokens */
293b867e84eSAndrey V. Elsukov 	TOK_NPTV6,
294b867e84eSAndrey V. Elsukov 	TOK_INTPREFIX,
295b867e84eSAndrey V. Elsukov 	TOK_EXTPREFIX,
296b867e84eSAndrey V. Elsukov 	TOK_PREFIXLEN,
297b2b56606SAndrey V. Elsukov 	TOK_EXTIF,
298aac74aeaSAndrey V. Elsukov 
299aac74aeaSAndrey V. Elsukov 	TOK_TCPSETMSS,
300f7c4fdeeSAndrey V. Elsukov 
301f7c4fdeeSAndrey V. Elsukov 	TOK_SKIPACTION,
3024e9c8ae7SLuigi Rizzo };
3031940fa77SAlexander V. Chernikov 
3043c0c8717SLuigi Rizzo /*
3053c0c8717SLuigi Rizzo  * the following macro returns an error message if we run out of
3063c0c8717SLuigi Rizzo  * arguments.
3073c0c8717SLuigi Rizzo  */
308cc4d3c30SLuigi Rizzo #define NEED(_p, msg)      {if (!_p) errx(EX_USAGE, msg);}
309cc4d3c30SLuigi Rizzo #define NEED1(msg)      {if (!(*av)) errx(EX_USAGE, msg);}
3103c0c8717SLuigi Rizzo 
311563b5ab1SAlexander V. Chernikov struct buf_pr {
312563b5ab1SAlexander V. Chernikov 	char	*buf;	/* allocated buffer */
313563b5ab1SAlexander V. Chernikov 	char	*ptr;	/* current pointer */
314563b5ab1SAlexander V. Chernikov 	size_t	size;	/* total buffer size */
315563b5ab1SAlexander V. Chernikov 	size_t	avail;	/* available storage */
316563b5ab1SAlexander V. Chernikov 	size_t	needed;	/* length needed */
317563b5ab1SAlexander V. Chernikov };
318563b5ab1SAlexander V. Chernikov 
319563b5ab1SAlexander V. Chernikov int pr_u64(struct buf_pr *bp, uint64_t *pd, int width);
320563b5ab1SAlexander V. Chernikov int bp_alloc(struct buf_pr *b, size_t size);
321563b5ab1SAlexander V. Chernikov void bp_free(struct buf_pr *b);
322563b5ab1SAlexander V. Chernikov int bprintf(struct buf_pr *b, char *format, ...);
323563b5ab1SAlexander V. Chernikov 
32450a99912SLuigi Rizzo 
3253c0c8717SLuigi Rizzo /* memory allocation support */
3263c0c8717SLuigi Rizzo void *safe_calloc(size_t number, size_t size);
3273c0c8717SLuigi Rizzo void *safe_realloc(void *ptr, size_t size);
3283c0c8717SLuigi Rizzo 
329ead75a59SLuigi Rizzo /* string comparison functions used for historical compatibility */
3303c0c8717SLuigi Rizzo int _substrcmp(const char *str1, const char* str2);
3314e9c8ae7SLuigi Rizzo int _substrcmp2(const char *str1, const char* str2, const char* str3);
33268394ec8SAlexander V. Chernikov int stringnum_cmp(const char *a, const char *b);
3334e9c8ae7SLuigi Rizzo 
334ead75a59SLuigi Rizzo /* utility functions */
3352acdf79fSAndrey V. Elsukov int match_token(struct _s_x *table, const char *string);
3362acdf79fSAndrey V. Elsukov int match_token_relaxed(struct _s_x *table, const char *string);
3372acdf79fSAndrey V. Elsukov int get_token(struct _s_x *table, const char *string, const char *errbase);
338ead75a59SLuigi Rizzo char const *match_value(struct _s_x *p, int value);
339ac35ff17SAlexander V. Chernikov size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
340ac35ff17SAlexander V. Chernikov     char *delimiter);
3410cba2b28SAlexander V. Chernikov int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
3420cba2b28SAlexander V. Chernikov     uint32_t *clear);
3430cba2b28SAlexander V. Chernikov void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
344ead75a59SLuigi Rizzo 
345f1220db8SAlexander V. Chernikov struct _ip_fw3_opheader;
3464e9c8ae7SLuigi Rizzo int do_cmd(int optname, void *optval, uintptr_t optlen);
3476d3c367dSMarius Strobl int do_set3(int optname, struct _ip_fw3_opheader *op3, size_t optlen);
348f1220db8SAlexander V. Chernikov int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen);
3491058f177SAlexander V. Chernikov 
3504e9c8ae7SLuigi Rizzo struct in6_addr;
3514e9c8ae7SLuigi Rizzo void n2mask(struct in6_addr *mask, int n);
352ead75a59SLuigi Rizzo int contigmask(uint8_t *p, int len);
353ead75a59SLuigi Rizzo 
35416e3606fSLuigi Rizzo /*
35516e3606fSLuigi Rizzo  * Forward declarations to avoid include way too many headers.
35616e3606fSLuigi Rizzo  * C does not allow duplicated typedefs, so we use the base struct
35716e3606fSLuigi Rizzo  * that the typedef points to.
35816e3606fSLuigi Rizzo  * Should the typedefs use a different type, the compiler will
35916e3606fSLuigi Rizzo  * still detect the change when compiling the body of the
36016e3606fSLuigi Rizzo  * functions involved, so we do not lose error checking.
36116e3606fSLuigi Rizzo  */
36216e3606fSLuigi Rizzo struct _ipfw_insn;
36323c608c8SLuigi Rizzo struct _ipfw_insn_altq;
36416e3606fSLuigi Rizzo struct _ipfw_insn_u32;
36516e3606fSLuigi Rizzo struct _ipfw_insn_ip6;
36616e3606fSLuigi Rizzo struct _ipfw_insn_icmp6;
3673c0c8717SLuigi Rizzo 
3683c0c8717SLuigi Rizzo /*
3693c0c8717SLuigi Rizzo  * The reserved set numer. This is a constant in ip_fw.h
3703c0c8717SLuigi Rizzo  * but we store it in a variable so other files do not depend
3713c0c8717SLuigi Rizzo  * in that header just for one constant.
3723c0c8717SLuigi Rizzo  */
3733c0c8717SLuigi Rizzo extern int resvd_set_number;
3743c0c8717SLuigi Rizzo 
375ead75a59SLuigi Rizzo /* first-level command handlers */
376cc4d3c30SLuigi Rizzo void ipfw_add(char *av[]);
3773c0c8717SLuigi Rizzo void ipfw_show_nat(int ac, char **av);
3783c0c8717SLuigi Rizzo void ipfw_config_pipe(int ac, char **av);
3793c0c8717SLuigi Rizzo void ipfw_config_nat(int ac, char **av);
380cc4d3c30SLuigi Rizzo void ipfw_sets_handler(char *av[]);
3813c0c8717SLuigi Rizzo void ipfw_table_handler(int ac, char *av[]);
382cc4d3c30SLuigi Rizzo void ipfw_sysctl_handler(char *av[], int which);
383cc4d3c30SLuigi Rizzo void ipfw_delete(char *av[]);
3843c0c8717SLuigi Rizzo void ipfw_flush(int force);
3853c0c8717SLuigi Rizzo void ipfw_zero(int ac, char *av[], int optname);
3863c0c8717SLuigi Rizzo void ipfw_list(int ac, char *av[], int show_counters);
387358b9d09SAlexander V. Chernikov void ipfw_internal_handler(int ac, char *av[]);
388d8caf56eSAndrey V. Elsukov void ipfw_nat64lsn_handler(int ac, char *av[]);
389d8caf56eSAndrey V. Elsukov void ipfw_nat64stl_handler(int ac, char *av[]);
390b867e84eSAndrey V. Elsukov void ipfw_nptv6_handler(int ac, char *av[]);
3912acdf79fSAndrey V. Elsukov int ipfw_check_object_name(const char *name);
392782360deSAndrey V. Elsukov int ipfw_check_nat64prefix(const struct in6_addr *prefix, int length);
3933c0c8717SLuigi Rizzo 
3949968f056SGleb Smirnoff #ifdef PF
39523c608c8SLuigi Rizzo /* altq.c */
39623c608c8SLuigi Rizzo void altq_set_enabled(int enabled);
39723c608c8SLuigi Rizzo u_int32_t altq_name_to_qid(const char *name);
398563b5ab1SAlexander V. Chernikov void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr);
3999968f056SGleb Smirnoff #else
4009968f056SGleb Smirnoff #define NO_ALTQ
4019968f056SGleb Smirnoff #endif
40223c608c8SLuigi Rizzo 
403ead75a59SLuigi Rizzo /* dummynet.c */
404cc4d3c30SLuigi Rizzo void dummynet_list(int ac, char *av[], int show_counters);
405cc4d3c30SLuigi Rizzo void dummynet_flush(void);
4064e9c8ae7SLuigi Rizzo int ipfw_delete_pipe(int pipe_or_queue, int n);
4074e9c8ae7SLuigi Rizzo 
408ead75a59SLuigi Rizzo /* ipv6.c */
4097b34dbe4SAndrey V. Elsukov void print_unreach6_code(struct buf_pr *bp, uint16_t code);
410bd32e335SAndrey V. Elsukov void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd);
4114df4dadaSAlexander V. Chernikov void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
4124df4dadaSAlexander V. Chernikov void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
4134df4dadaSAlexander V. Chernikov void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
414ead75a59SLuigi Rizzo 
415757b5d87SAndrey V. Elsukov struct tidx;
416757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
417757b5d87SAndrey V. Elsukov     struct tidx *tstate);
418757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen,
419757b5d87SAndrey V. Elsukov     struct tidx *tstate);
420ead75a59SLuigi Rizzo 
421579ed7bdSAlexander V. Chernikov void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen);
422ead75a59SLuigi Rizzo void fill_unreach6_code(u_short *codep, char *str);
423579ed7bdSAlexander V. Chernikov void fill_icmp6types(struct _ipfw_insn_icmp6 *cmd, char *av, int cblen);
42416e3606fSLuigi Rizzo int fill_ext6hdr(struct _ipfw_insn *cmd, char *av);
425563b5ab1SAlexander V. Chernikov 
426b04471d8SCy Schubert /* ipfw2.c */
427b04471d8SCy Schubert void bp_flush(struct buf_pr *b);
428757b5d87SAndrey V. Elsukov void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode,
429757b5d87SAndrey V. Elsukov     struct tidx *tstate);
430b04471d8SCy Schubert 
431563b5ab1SAlexander V. Chernikov /* tables.c */
432563b5ab1SAlexander V. Chernikov struct _ipfw_obj_ctlv;
433d8caf56eSAndrey V. Elsukov struct _ipfw_obj_ntlv;
4342acdf79fSAndrey V. Elsukov int table_check_name(const char *tablename);
435358b9d09SAlexander V. Chernikov void ipfw_list_ta(int ac, char *av[]);
4360cba2b28SAlexander V. Chernikov void ipfw_list_values(int ac, char *av[]);
437d8caf56eSAndrey V. Elsukov void table_fill_ntlv(struct _ipfw_obj_ntlv *ntlv, const char *name,
438d8caf56eSAndrey V. Elsukov     uint8_t set, uint16_t uidx);
439563b5ab1SAlexander V. Chernikov 
440