1d17aef79SPedro F. Giffuni /*- 23c0c8717SLuigi Rizzo * Copyright (c) 2002-2003 Luigi Rizzo 33c0c8717SLuigi Rizzo * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp 43c0c8717SLuigi Rizzo * Copyright (c) 1994 Ugen J.S.Antsilevich 53c0c8717SLuigi Rizzo * 63c0c8717SLuigi Rizzo * Idea and grammar partially left from: 73c0c8717SLuigi Rizzo * Copyright (c) 1993 Daniel Boulet 83c0c8717SLuigi Rizzo * 93c0c8717SLuigi Rizzo * Redistribution and use in source forms, with and without modification, 103c0c8717SLuigi Rizzo * are permitted provided that this entire comment appears intact. 113c0c8717SLuigi Rizzo * 123c0c8717SLuigi Rizzo * Redistribution in binary form may occur without any restrictions. 133c0c8717SLuigi Rizzo * Obviously, it would be nice if you gave credit where credit is due 143c0c8717SLuigi Rizzo * but requiring it would be too onerous. 153c0c8717SLuigi Rizzo * 163c0c8717SLuigi Rizzo * This software is provided ``AS IS'' without any warranties of any kind. 173c0c8717SLuigi Rizzo * 183c0c8717SLuigi Rizzo * NEW command line interface for IP firewall facility 193c0c8717SLuigi Rizzo * 203c0c8717SLuigi Rizzo * $FreeBSD$ 213c0c8717SLuigi Rizzo */ 223c0c8717SLuigi Rizzo 233c0c8717SLuigi Rizzo /* 243c0c8717SLuigi Rizzo * Options that can be set on the command line. 253c0c8717SLuigi Rizzo * When reading commands from a file, a subset of the options can also 263c0c8717SLuigi Rizzo * be applied globally by specifying them before the file name. 273c0c8717SLuigi Rizzo * After that, each line can contain its own option that changes 283c0c8717SLuigi Rizzo * the global value. 293c0c8717SLuigi Rizzo * XXX The context is not restored after each line. 303c0c8717SLuigi Rizzo */ 313c0c8717SLuigi Rizzo 323c0c8717SLuigi Rizzo struct cmdline_opts { 333c0c8717SLuigi Rizzo /* boolean options: */ 343c0c8717SLuigi Rizzo int do_value_as_ip; /* show table value as IP */ 353c0c8717SLuigi Rizzo int do_resolv; /* try to resolve all ip to names */ 363c0c8717SLuigi Rizzo int do_time; /* Show time stamps */ 373c0c8717SLuigi Rizzo int do_quiet; /* Be quiet in add and flush */ 38cc4d3c30SLuigi Rizzo int do_pipe; /* this cmd refers to a pipe/queue/sched */ 393c0c8717SLuigi Rizzo int do_nat; /* this cmd refers to a nat config */ 403c0c8717SLuigi Rizzo int do_compact; /* show rules in compact mode */ 413c0c8717SLuigi Rizzo int do_force; /* do not ask for confirmation */ 423c0c8717SLuigi Rizzo int show_sets; /* display the set each rule belongs to */ 433c0c8717SLuigi Rizzo int test_only; /* only check syntax */ 443c0c8717SLuigi Rizzo int comment_only; /* only print action and comment */ 453c0c8717SLuigi Rizzo int verbose; /* be verbose on some commands */ 463c0c8717SLuigi Rizzo 473c0c8717SLuigi Rizzo /* The options below can have multiple values. */ 483c0c8717SLuigi Rizzo 49d66f9c86SAndrey V. Elsukov int do_dynamic; /* 1 - display dynamic rules */ 50d66f9c86SAndrey V. Elsukov /* 2 - display/delete only dynamic rules */ 513c0c8717SLuigi Rizzo int do_sort; /* field to sort results (0 = no) */ 523c0c8717SLuigi Rizzo /* valid fields are 1 and above */ 533c0c8717SLuigi Rizzo 543c0c8717SLuigi Rizzo int use_set; /* work with specified set number */ 553c0c8717SLuigi Rizzo /* 0 means all sets, otherwise apply to set use_set - 1 */ 563c0c8717SLuigi Rizzo 573c0c8717SLuigi Rizzo }; 583c0c8717SLuigi Rizzo 59aed02679SAndrey V. Elsukov enum { 60aed02679SAndrey V. Elsukov TIMESTAMP_NONE = 0, 61aed02679SAndrey V. Elsukov TIMESTAMP_STRING, 62aed02679SAndrey V. Elsukov TIMESTAMP_NUMERIC, 63aed02679SAndrey V. Elsukov }; 64aed02679SAndrey V. Elsukov 653c0c8717SLuigi Rizzo extern struct cmdline_opts co; 663c0c8717SLuigi Rizzo 673c0c8717SLuigi Rizzo /* 683c0c8717SLuigi Rizzo * _s_x is a structure that stores a string <-> token pairs, used in 693c0c8717SLuigi Rizzo * various places in the parser. Entries are stored in arrays, 703c0c8717SLuigi Rizzo * with an entry with s=NULL as terminator. 713c0c8717SLuigi Rizzo * The search routines are match_token() and match_value(). 723c0c8717SLuigi Rizzo * Often, an element with x=0 contains an error string. 733c0c8717SLuigi Rizzo * 743c0c8717SLuigi Rizzo */ 753c0c8717SLuigi Rizzo struct _s_x { 763c0c8717SLuigi Rizzo char const *s; 773c0c8717SLuigi Rizzo int x; 783c0c8717SLuigi Rizzo }; 793c0c8717SLuigi Rizzo 80ac35ff17SAlexander V. Chernikov extern struct _s_x f_ipdscp[]; 81ac35ff17SAlexander V. Chernikov 824e9c8ae7SLuigi Rizzo enum tokens { 834e9c8ae7SLuigi Rizzo TOK_NULL=0, 844e9c8ae7SLuigi Rizzo 854e9c8ae7SLuigi Rizzo TOK_OR, 864e9c8ae7SLuigi Rizzo TOK_NOT, 874e9c8ae7SLuigi Rizzo TOK_STARTBRACE, 884e9c8ae7SLuigi Rizzo TOK_ENDBRACE, 894e9c8ae7SLuigi Rizzo 90665c8a2eSMichael Tuexen TOK_ABORT6, 91665c8a2eSMichael Tuexen TOK_ABORT, 924e9c8ae7SLuigi Rizzo TOK_ACCEPT, 934e9c8ae7SLuigi Rizzo TOK_COUNT, 942acdf79fSAndrey V. Elsukov TOK_EACTION, 954e9c8ae7SLuigi Rizzo TOK_PIPE, 96cc4d3c30SLuigi Rizzo TOK_LINK, 974e9c8ae7SLuigi Rizzo TOK_QUEUE, 98cc4d3c30SLuigi Rizzo TOK_FLOWSET, 99cc4d3c30SLuigi Rizzo TOK_SCHED, 1004e9c8ae7SLuigi Rizzo TOK_DIVERT, 1014e9c8ae7SLuigi Rizzo TOK_TEE, 1024e9c8ae7SLuigi Rizzo TOK_NETGRAPH, 1034e9c8ae7SLuigi Rizzo TOK_NGTEE, 1044e9c8ae7SLuigi Rizzo TOK_FORWARD, 1054e9c8ae7SLuigi Rizzo TOK_SKIPTO, 1064e9c8ae7SLuigi Rizzo TOK_DENY, 1074e9c8ae7SLuigi Rizzo TOK_REJECT, 1084e9c8ae7SLuigi Rizzo TOK_RESET, 1094e9c8ae7SLuigi Rizzo TOK_UNREACH, 1104e9c8ae7SLuigi Rizzo TOK_CHECKSTATE, 1114e9c8ae7SLuigi Rizzo TOK_NAT, 112eb2e4119SPaolo Pisati TOK_REASS, 1139527ec6eSAndrey V. Elsukov TOK_CALL, 1149527ec6eSAndrey V. Elsukov TOK_RETURN, 1154e9c8ae7SLuigi Rizzo 1164e9c8ae7SLuigi Rizzo TOK_ALTQ, 1174e9c8ae7SLuigi Rizzo TOK_LOG, 1184e9c8ae7SLuigi Rizzo TOK_TAG, 1194e9c8ae7SLuigi Rizzo TOK_UNTAG, 1204e9c8ae7SLuigi Rizzo 1214e9c8ae7SLuigi Rizzo TOK_TAGGED, 1224e9c8ae7SLuigi Rizzo TOK_UID, 1234e9c8ae7SLuigi Rizzo TOK_GID, 1244e9c8ae7SLuigi Rizzo TOK_JAIL, 1254e9c8ae7SLuigi Rizzo TOK_IN, 1264e9c8ae7SLuigi Rizzo TOK_LIMIT, 127f7c4fdeeSAndrey V. Elsukov TOK_SETLIMIT, 1284e9c8ae7SLuigi Rizzo TOK_KEEPSTATE, 129f7c4fdeeSAndrey V. Elsukov TOK_RECORDSTATE, 1304e9c8ae7SLuigi Rizzo TOK_LAYER2, 1314e9c8ae7SLuigi Rizzo TOK_OUT, 1324e9c8ae7SLuigi Rizzo TOK_DIVERTED, 1334e9c8ae7SLuigi Rizzo TOK_DIVERTEDLOOPBACK, 1344e9c8ae7SLuigi Rizzo TOK_DIVERTEDOUTPUT, 1354e9c8ae7SLuigi Rizzo TOK_XMIT, 1364e9c8ae7SLuigi Rizzo TOK_RECV, 1374e9c8ae7SLuigi Rizzo TOK_VIA, 1384e9c8ae7SLuigi Rizzo TOK_FRAG, 1394e9c8ae7SLuigi Rizzo TOK_IPOPTS, 1404e9c8ae7SLuigi Rizzo TOK_IPLEN, 1414e9c8ae7SLuigi Rizzo TOK_IPID, 1424e9c8ae7SLuigi Rizzo TOK_IPPRECEDENCE, 14372662a75SLuigi Rizzo TOK_DSCP, 1444e9c8ae7SLuigi Rizzo TOK_IPTOS, 1454e9c8ae7SLuigi Rizzo TOK_IPTTL, 1464e9c8ae7SLuigi Rizzo TOK_IPVER, 1474e9c8ae7SLuigi Rizzo TOK_ESTAB, 1484e9c8ae7SLuigi Rizzo TOK_SETUP, 1494e9c8ae7SLuigi Rizzo TOK_TCPDATALEN, 1504e9c8ae7SLuigi Rizzo TOK_TCPFLAGS, 1514e9c8ae7SLuigi Rizzo TOK_TCPOPTS, 1524e9c8ae7SLuigi Rizzo TOK_TCPSEQ, 1534e9c8ae7SLuigi Rizzo TOK_TCPACK, 154978f2d17SAndrey V. Elsukov TOK_TCPMSS, 1554e9c8ae7SLuigi Rizzo TOK_TCPWIN, 1564e9c8ae7SLuigi Rizzo TOK_ICMPTYPES, 1574e9c8ae7SLuigi Rizzo TOK_MAC, 1584e9c8ae7SLuigi Rizzo TOK_MACTYPE, 1594e9c8ae7SLuigi Rizzo TOK_VERREVPATH, 1604e9c8ae7SLuigi Rizzo TOK_VERSRCREACH, 1614e9c8ae7SLuigi Rizzo TOK_ANTISPOOF, 1624e9c8ae7SLuigi Rizzo TOK_IPSEC, 1634e9c8ae7SLuigi Rizzo TOK_COMMENT, 1644e9c8ae7SLuigi Rizzo 1654e9c8ae7SLuigi Rizzo TOK_PLR, 1664e9c8ae7SLuigi Rizzo TOK_NOERROR, 1674e9c8ae7SLuigi Rizzo TOK_BUCKETS, 1684e9c8ae7SLuigi Rizzo TOK_DSTIP, 1694e9c8ae7SLuigi Rizzo TOK_SRCIP, 1704e9c8ae7SLuigi Rizzo TOK_DSTPORT, 1714e9c8ae7SLuigi Rizzo TOK_SRCPORT, 1724e9c8ae7SLuigi Rizzo TOK_ALL, 1734e9c8ae7SLuigi Rizzo TOK_MASK, 174cc4d3c30SLuigi Rizzo TOK_FLOW_MASK, 175cc4d3c30SLuigi Rizzo TOK_SCHED_MASK, 1764e9c8ae7SLuigi Rizzo TOK_BW, 1774e9c8ae7SLuigi Rizzo TOK_DELAY, 178cc4d3c30SLuigi Rizzo TOK_PROFILE, 1796882bf4dSOleg Bulyzhin TOK_BURST, 1804e9c8ae7SLuigi Rizzo TOK_RED, 1814e9c8ae7SLuigi Rizzo TOK_GRED, 182fc5e1956SHiren Panchasara TOK_ECN, 1834e9c8ae7SLuigi Rizzo TOK_DROPTAIL, 1844e9c8ae7SLuigi Rizzo TOK_PROTO, 18591336b40SDon Lewis #ifdef NEW_AQM 18691336b40SDon Lewis /* AQM tokens*/ 18791336b40SDon Lewis TOK_NO_ECN, 18891336b40SDon Lewis TOK_CODEL, 18991336b40SDon Lewis TOK_FQ_CODEL, 19091336b40SDon Lewis TOK_TARGET, 19191336b40SDon Lewis TOK_INTERVAL, 19291336b40SDon Lewis TOK_FLOWS, 19391336b40SDon Lewis TOK_QUANTUM, 19491336b40SDon Lewis 19591336b40SDon Lewis TOK_PIE, 19691336b40SDon Lewis TOK_FQ_PIE, 19791336b40SDon Lewis TOK_TUPDATE, 19891336b40SDon Lewis TOK_MAX_BURST, 19991336b40SDon Lewis TOK_MAX_ECNTH, 20091336b40SDon Lewis TOK_ALPHA, 20191336b40SDon Lewis TOK_BETA, 20291336b40SDon Lewis TOK_CAPDROP, 20391336b40SDon Lewis TOK_NO_CAPDROP, 20491336b40SDon Lewis TOK_ONOFF, 20591336b40SDon Lewis TOK_DRE, 20691336b40SDon Lewis TOK_TS, 20791336b40SDon Lewis TOK_DERAND, 20891336b40SDon Lewis TOK_NO_DERAND, 20991336b40SDon Lewis #endif 210cc4d3c30SLuigi Rizzo /* dummynet tokens */ 2114e9c8ae7SLuigi Rizzo TOK_WEIGHT, 212cc4d3c30SLuigi Rizzo TOK_LMAX, 213cc4d3c30SLuigi Rizzo TOK_PRI, 214cc4d3c30SLuigi Rizzo TOK_TYPE, 215cc4d3c30SLuigi Rizzo TOK_SLOTSIZE, 216cc4d3c30SLuigi Rizzo 2174e9c8ae7SLuigi Rizzo TOK_IP, 2184e9c8ae7SLuigi Rizzo TOK_IF, 2194e9c8ae7SLuigi Rizzo TOK_ALOG, 2204e9c8ae7SLuigi Rizzo TOK_DENY_INC, 2214e9c8ae7SLuigi Rizzo TOK_SAME_PORTS, 2224e9c8ae7SLuigi Rizzo TOK_UNREG_ONLY, 22375b89337SAlexander V. Chernikov TOK_UNREG_CGN, 2241875bbfeSAndrey V. Elsukov TOK_SKIP_GLOBAL, 2254e9c8ae7SLuigi Rizzo TOK_RESET_ADDR, 2264e9c8ae7SLuigi Rizzo TOK_ALIAS_REV, 2274e9c8ae7SLuigi Rizzo TOK_PROXY_ONLY, 2284e9c8ae7SLuigi Rizzo TOK_REDIR_ADDR, 2294e9c8ae7SLuigi Rizzo TOK_REDIR_PORT, 2304e9c8ae7SLuigi Rizzo TOK_REDIR_PROTO, 2314e9c8ae7SLuigi Rizzo 2324e9c8ae7SLuigi Rizzo TOK_IPV6, 2334e9c8ae7SLuigi Rizzo TOK_FLOWID, 2344e9c8ae7SLuigi Rizzo TOK_ICMP6TYPES, 2354e9c8ae7SLuigi Rizzo TOK_EXT6HDR, 2364e9c8ae7SLuigi Rizzo TOK_DSTIP6, 2374e9c8ae7SLuigi Rizzo TOK_SRCIP6, 2384e9c8ae7SLuigi Rizzo 2394e9c8ae7SLuigi Rizzo TOK_IPV4, 2404e9c8ae7SLuigi Rizzo TOK_UNREACH6, 2414e9c8ae7SLuigi Rizzo TOK_RESET6, 2424e9c8ae7SLuigi Rizzo 2434e9c8ae7SLuigi Rizzo TOK_FIB, 2444e9c8ae7SLuigi Rizzo TOK_SETFIB, 245472099c4SLuigi Rizzo TOK_LOOKUP, 246ae99fd0eSLuigi Rizzo TOK_SOCKARG, 247ae01d73cSAlexander V. Chernikov TOK_SETDSCP, 248358b9d09SAlexander V. Chernikov TOK_FLOW, 249358b9d09SAlexander V. Chernikov TOK_IFLIST, 250ac35ff17SAlexander V. Chernikov /* Table tokens */ 251ac35ff17SAlexander V. Chernikov TOK_CREATE, 252ac35ff17SAlexander V. Chernikov TOK_DESTROY, 253ac35ff17SAlexander V. Chernikov TOK_LIST, 254ac35ff17SAlexander V. Chernikov TOK_INFO, 255358b9d09SAlexander V. Chernikov TOK_DETAIL, 256adf3b2b9SAlexander V. Chernikov TOK_MODIFY, 257ac35ff17SAlexander V. Chernikov TOK_FLUSH, 25846d52008SAlexander V. Chernikov TOK_SWAP, 259ac35ff17SAlexander V. Chernikov TOK_ADD, 260ac35ff17SAlexander V. Chernikov TOK_DEL, 261ac35ff17SAlexander V. Chernikov TOK_VALTYPE, 262ac35ff17SAlexander V. Chernikov TOK_ALGO, 263358b9d09SAlexander V. Chernikov TOK_TALIST, 2643a845e10SAlexander V. Chernikov TOK_ATOMIC, 2654f43138aSAlexander V. Chernikov TOK_LOCK, 2664f43138aSAlexander V. Chernikov TOK_UNLOCK, 2670cba2b28SAlexander V. Chernikov TOK_VLIST, 2685dc5a0e0SAndrey V. Elsukov TOK_OLIST, 26905ab1ef6SAndrey V. Elsukov TOK_MISSING, 27005ab1ef6SAndrey V. Elsukov TOK_ORFLUSH, 271d8caf56eSAndrey V. Elsukov 272d8caf56eSAndrey V. Elsukov /* NAT64 tokens */ 273d8caf56eSAndrey V. Elsukov TOK_NAT64STL, 274d8caf56eSAndrey V. Elsukov TOK_NAT64LSN, 275b867e84eSAndrey V. Elsukov TOK_STATS, 276d8caf56eSAndrey V. Elsukov TOK_STATES, 277d8caf56eSAndrey V. Elsukov TOK_CONFIG, 278d8caf56eSAndrey V. Elsukov TOK_TABLE4, 279d8caf56eSAndrey V. Elsukov TOK_TABLE6, 280d8caf56eSAndrey V. Elsukov TOK_PREFIX4, 281d8caf56eSAndrey V. Elsukov TOK_PREFIX6, 282d8caf56eSAndrey V. Elsukov TOK_AGG_LEN, 283d8caf56eSAndrey V. Elsukov TOK_AGG_COUNT, 284d8caf56eSAndrey V. Elsukov TOK_MAX_PORTS, 285d18c1f26SAndrey V. Elsukov TOK_STATES_CHUNKS, 286d8caf56eSAndrey V. Elsukov TOK_JMAXLEN, 287d8caf56eSAndrey V. Elsukov TOK_PORT_RANGE, 288d8caf56eSAndrey V. Elsukov TOK_HOST_DEL_AGE, 289d8caf56eSAndrey V. Elsukov TOK_PG_DEL_AGE, 290d8caf56eSAndrey V. Elsukov TOK_TCP_SYN_AGE, 291d8caf56eSAndrey V. Elsukov TOK_TCP_CLOSE_AGE, 292d8caf56eSAndrey V. Elsukov TOK_TCP_EST_AGE, 293d8caf56eSAndrey V. Elsukov TOK_UDP_AGE, 294d8caf56eSAndrey V. Elsukov TOK_ICMP_AGE, 295d8caf56eSAndrey V. Elsukov TOK_LOGOFF, 296b11efc1eSAndrey V. Elsukov TOK_PRIVATE, 297b11efc1eSAndrey V. Elsukov TOK_PRIVATEOFF, 298b867e84eSAndrey V. Elsukov 2995c04f73eSAndrey V. Elsukov /* NAT64 CLAT tokens */ 3005c04f73eSAndrey V. Elsukov TOK_NAT64CLAT, 3015c04f73eSAndrey V. Elsukov TOK_PLAT_PREFIX, 3025c04f73eSAndrey V. Elsukov TOK_CLAT_PREFIX, 3035c04f73eSAndrey V. Elsukov 304b867e84eSAndrey V. Elsukov /* NPTv6 tokens */ 305b867e84eSAndrey V. Elsukov TOK_NPTV6, 306b867e84eSAndrey V. Elsukov TOK_INTPREFIX, 307b867e84eSAndrey V. Elsukov TOK_EXTPREFIX, 308b867e84eSAndrey V. Elsukov TOK_PREFIXLEN, 309b2b56606SAndrey V. Elsukov TOK_EXTIF, 310aac74aeaSAndrey V. Elsukov 311aac74aeaSAndrey V. Elsukov TOK_TCPSETMSS, 312f7c4fdeeSAndrey V. Elsukov 313f7c4fdeeSAndrey V. Elsukov TOK_SKIPACTION, 3144e9c8ae7SLuigi Rizzo }; 3151940fa77SAlexander V. Chernikov 3163c0c8717SLuigi Rizzo /* 3173c0c8717SLuigi Rizzo * the following macro returns an error message if we run out of 3183c0c8717SLuigi Rizzo * arguments. 3193c0c8717SLuigi Rizzo */ 320cc4d3c30SLuigi Rizzo #define NEED(_p, msg) {if (!_p) errx(EX_USAGE, msg);} 321cc4d3c30SLuigi Rizzo #define NEED1(msg) {if (!(*av)) errx(EX_USAGE, msg);} 3223c0c8717SLuigi Rizzo 323563b5ab1SAlexander V. Chernikov struct buf_pr { 324563b5ab1SAlexander V. Chernikov char *buf; /* allocated buffer */ 325563b5ab1SAlexander V. Chernikov char *ptr; /* current pointer */ 326563b5ab1SAlexander V. Chernikov size_t size; /* total buffer size */ 327563b5ab1SAlexander V. Chernikov size_t avail; /* available storage */ 328563b5ab1SAlexander V. Chernikov size_t needed; /* length needed */ 329563b5ab1SAlexander V. Chernikov }; 330563b5ab1SAlexander V. Chernikov 331563b5ab1SAlexander V. Chernikov int pr_u64(struct buf_pr *bp, uint64_t *pd, int width); 332563b5ab1SAlexander V. Chernikov int bp_alloc(struct buf_pr *b, size_t size); 333563b5ab1SAlexander V. Chernikov void bp_free(struct buf_pr *b); 334563b5ab1SAlexander V. Chernikov int bprintf(struct buf_pr *b, char *format, ...); 335563b5ab1SAlexander V. Chernikov 33650a99912SLuigi Rizzo 3373c0c8717SLuigi Rizzo /* memory allocation support */ 3383c0c8717SLuigi Rizzo void *safe_calloc(size_t number, size_t size); 3393c0c8717SLuigi Rizzo void *safe_realloc(void *ptr, size_t size); 3403c0c8717SLuigi Rizzo 341ead75a59SLuigi Rizzo /* string comparison functions used for historical compatibility */ 3423c0c8717SLuigi Rizzo int _substrcmp(const char *str1, const char* str2); 3434e9c8ae7SLuigi Rizzo int _substrcmp2(const char *str1, const char* str2, const char* str3); 34468394ec8SAlexander V. Chernikov int stringnum_cmp(const char *a, const char *b); 3454e9c8ae7SLuigi Rizzo 346ead75a59SLuigi Rizzo /* utility functions */ 3472acdf79fSAndrey V. Elsukov int match_token(struct _s_x *table, const char *string); 3482acdf79fSAndrey V. Elsukov int match_token_relaxed(struct _s_x *table, const char *string); 3492acdf79fSAndrey V. Elsukov int get_token(struct _s_x *table, const char *string, const char *errbase); 350ead75a59SLuigi Rizzo char const *match_value(struct _s_x *p, int value); 351ac35ff17SAlexander V. Chernikov size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table, 352ac35ff17SAlexander V. Chernikov char *delimiter); 3530cba2b28SAlexander V. Chernikov int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set, 3540cba2b28SAlexander V. Chernikov uint32_t *clear); 3550cba2b28SAlexander V. Chernikov void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set); 356ead75a59SLuigi Rizzo 357f1220db8SAlexander V. Chernikov struct _ip_fw3_opheader; 3584e9c8ae7SLuigi Rizzo int do_cmd(int optname, void *optval, uintptr_t optlen); 3596d3c367dSMarius Strobl int do_set3(int optname, struct _ip_fw3_opheader *op3, size_t optlen); 360f1220db8SAlexander V. Chernikov int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen); 3611058f177SAlexander V. Chernikov 3624e9c8ae7SLuigi Rizzo struct in6_addr; 3634e9c8ae7SLuigi Rizzo void n2mask(struct in6_addr *mask, int n); 364ead75a59SLuigi Rizzo int contigmask(uint8_t *p, int len); 365ead75a59SLuigi Rizzo 36616e3606fSLuigi Rizzo /* 36716e3606fSLuigi Rizzo * Forward declarations to avoid include way too many headers. 36816e3606fSLuigi Rizzo * C does not allow duplicated typedefs, so we use the base struct 36916e3606fSLuigi Rizzo * that the typedef points to. 37016e3606fSLuigi Rizzo * Should the typedefs use a different type, the compiler will 37116e3606fSLuigi Rizzo * still detect the change when compiling the body of the 37216e3606fSLuigi Rizzo * functions involved, so we do not lose error checking. 37316e3606fSLuigi Rizzo */ 37416e3606fSLuigi Rizzo struct _ipfw_insn; 37523c608c8SLuigi Rizzo struct _ipfw_insn_altq; 37616e3606fSLuigi Rizzo struct _ipfw_insn_u32; 37716e3606fSLuigi Rizzo struct _ipfw_insn_ip6; 37816e3606fSLuigi Rizzo struct _ipfw_insn_icmp6; 3793c0c8717SLuigi Rizzo 3803c0c8717SLuigi Rizzo /* 3813c0c8717SLuigi Rizzo * The reserved set numer. This is a constant in ip_fw.h 3823c0c8717SLuigi Rizzo * but we store it in a variable so other files do not depend 3833c0c8717SLuigi Rizzo * in that header just for one constant. 3843c0c8717SLuigi Rizzo */ 3853c0c8717SLuigi Rizzo extern int resvd_set_number; 3863c0c8717SLuigi Rizzo 387ead75a59SLuigi Rizzo /* first-level command handlers */ 388cc4d3c30SLuigi Rizzo void ipfw_add(char *av[]); 3893c0c8717SLuigi Rizzo void ipfw_show_nat(int ac, char **av); 390*db1102f2SAndrey V. Elsukov int ipfw_delete_nat(int i); 3913c0c8717SLuigi Rizzo void ipfw_config_pipe(int ac, char **av); 3923c0c8717SLuigi Rizzo void ipfw_config_nat(int ac, char **av); 393cc4d3c30SLuigi Rizzo void ipfw_sets_handler(char *av[]); 3943c0c8717SLuigi Rizzo void ipfw_table_handler(int ac, char *av[]); 395cc4d3c30SLuigi Rizzo void ipfw_sysctl_handler(char *av[], int which); 396cc4d3c30SLuigi Rizzo void ipfw_delete(char *av[]); 3973c0c8717SLuigi Rizzo void ipfw_flush(int force); 3983c0c8717SLuigi Rizzo void ipfw_zero(int ac, char *av[], int optname); 3993c0c8717SLuigi Rizzo void ipfw_list(int ac, char *av[], int show_counters); 400358b9d09SAlexander V. Chernikov void ipfw_internal_handler(int ac, char *av[]); 4015c04f73eSAndrey V. Elsukov void ipfw_nat64clat_handler(int ac, char *av[]); 402d8caf56eSAndrey V. Elsukov void ipfw_nat64lsn_handler(int ac, char *av[]); 403d8caf56eSAndrey V. Elsukov void ipfw_nat64stl_handler(int ac, char *av[]); 404b867e84eSAndrey V. Elsukov void ipfw_nptv6_handler(int ac, char *av[]); 4052acdf79fSAndrey V. Elsukov int ipfw_check_object_name(const char *name); 406782360deSAndrey V. Elsukov int ipfw_check_nat64prefix(const struct in6_addr *prefix, int length); 4073c0c8717SLuigi Rizzo 4089968f056SGleb Smirnoff #ifdef PF 40923c608c8SLuigi Rizzo /* altq.c */ 41023c608c8SLuigi Rizzo void altq_set_enabled(int enabled); 41123c608c8SLuigi Rizzo u_int32_t altq_name_to_qid(const char *name); 412563b5ab1SAlexander V. Chernikov void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr); 4139968f056SGleb Smirnoff #else 4149968f056SGleb Smirnoff #define NO_ALTQ 4159968f056SGleb Smirnoff #endif 41623c608c8SLuigi Rizzo 417ead75a59SLuigi Rizzo /* dummynet.c */ 418cc4d3c30SLuigi Rizzo void dummynet_list(int ac, char *av[], int show_counters); 419cc4d3c30SLuigi Rizzo void dummynet_flush(void); 4204e9c8ae7SLuigi Rizzo int ipfw_delete_pipe(int pipe_or_queue, int n); 4214e9c8ae7SLuigi Rizzo 422ead75a59SLuigi Rizzo /* ipv6.c */ 4237b34dbe4SAndrey V. Elsukov void print_unreach6_code(struct buf_pr *bp, uint16_t code); 424bd32e335SAndrey V. Elsukov void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd); 4254df4dadaSAlexander V. Chernikov void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); 4264df4dadaSAlexander V. Chernikov void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); 4274df4dadaSAlexander V. Chernikov void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd ); 428ead75a59SLuigi Rizzo 429757b5d87SAndrey V. Elsukov struct tidx; 430757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen, 431757b5d87SAndrey V. Elsukov struct tidx *tstate); 432757b5d87SAndrey V. Elsukov struct _ipfw_insn *add_dstip6(struct _ipfw_insn *cmd, char *av, int cblen, 433757b5d87SAndrey V. Elsukov struct tidx *tstate); 434ead75a59SLuigi Rizzo 435579ed7bdSAlexander V. Chernikov void fill_flow6(struct _ipfw_insn_u32 *cmd, char *av, int cblen); 436ead75a59SLuigi Rizzo void fill_unreach6_code(u_short *codep, char *str); 437579ed7bdSAlexander V. Chernikov void fill_icmp6types(struct _ipfw_insn_icmp6 *cmd, char *av, int cblen); 43816e3606fSLuigi Rizzo int fill_ext6hdr(struct _ipfw_insn *cmd, char *av); 439563b5ab1SAlexander V. Chernikov 440b04471d8SCy Schubert /* ipfw2.c */ 441b04471d8SCy Schubert void bp_flush(struct buf_pr *b); 442757b5d87SAndrey V. Elsukov void fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode, 443757b5d87SAndrey V. Elsukov struct tidx *tstate); 444b04471d8SCy Schubert 445563b5ab1SAlexander V. Chernikov /* tables.c */ 446563b5ab1SAlexander V. Chernikov struct _ipfw_obj_ctlv; 447d8caf56eSAndrey V. Elsukov struct _ipfw_obj_ntlv; 4482acdf79fSAndrey V. Elsukov int table_check_name(const char *tablename); 449358b9d09SAlexander V. Chernikov void ipfw_list_ta(int ac, char *av[]); 4500cba2b28SAlexander V. Chernikov void ipfw_list_values(int ac, char *av[]); 451d8caf56eSAndrey V. Elsukov void table_fill_ntlv(struct _ipfw_obj_ntlv *ntlv, const char *name, 452d8caf56eSAndrey V. Elsukov uint8_t set, uint16_t uidx); 453563b5ab1SAlexander V. Chernikov 454