xref: /freebsd/sbin/ipfw/main.c (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1 /*-
2  * Copyright (c) 2002-2003,2010 Luigi Rizzo
3  * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
4  * Copyright (c) 1994 Ugen J.S.Antsilevich
5  *
6  * Idea and grammar partially left from:
7  * Copyright (c) 1993 Daniel Boulet
8  *
9  * Redistribution and use in source forms, with and without modification,
10  * are permitted provided that this entire comment appears intact.
11  *
12  * Redistribution in binary form may occur without any restrictions.
13  * Obviously, it would be nice if you gave credit where credit is due
14  * but requiring it would be too onerous.
15  *
16  * This software is provided ``AS IS'' without any warranties of any kind.
17  *
18  * Command line interface for IP firewall facility
19  */
20 
21 #include <sys/wait.h>
22 #include <ctype.h>
23 #include <err.h>
24 #include <errno.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sysexits.h>
30 #include <unistd.h>
31 #include <libgen.h>
32 
33 #include "ipfw2.h"
34 
35 static void
36 help(void)
37 {
38 	if (is_ipfw()) {
39 		fprintf(stderr,
40 "ipfw syntax summary (but please do read the ipfw(8) manpage):\n\n"
41 "\tipfw [-abcdefhnNqStTv] <command>\n\n"
42 "where <command> is one of the following:\n\n"
43 "add [num] [set N] [prob x] RULE-BODY\n"
44 "{pipe|queue} N config PIPE-BODY\n"
45 "[pipe|queue] {zero|delete|show} [N{,N}]\n"
46 "nat N config {ip IPADDR|if IFNAME|log|deny_in|same_ports|unreg_only|unreg_cgn|udp_eim|\n"
47 "		reset|reverse|proxy_only|redirect_addr linkspec|\n"
48 "		redirect_port linkspec|redirect_proto linkspec|\n"
49 "		port_range lower-upper}\n"
50 "set [disable N... enable N...] | move [rule] X to Y | swap X Y | show\n"
51 "set N {show|list|zero|resetlog|delete} [N{,N}] | flush\n"
52 "table N {add ip[/bits] [value] | delete ip[/bits] | flush | list}\n"
53 "table all {flush | list}\n"
54 "\n"
55 "RULE-BODY:	check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"
56 "ACTION:	check-state | allow | count | deny | unreach{,6} CODE |\n"
57 "               skipto N | {divert|tee} PORT | forward ADDR |\n"
58 "               pipe N | queue N | nat N | setfib FIB | reass\n"
59 "PARAMS: 	[log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
60 "ADDR:		[ MAC dst src ether_type ] \n"
61 "		[ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
62 "		[ ipv6|ip6 from IP6ADDR [ PORT ] to IP6ADDR [ PORTLIST ] ]\n"
63 "IPADDR:	[not] { any | me | ip/bits{x,y,z} | table(t[,v]) | IPLIST }\n"
64 "IP6ADDR:	[not] { any | me | me6 | ip6/bits | IP6LIST }\n"
65 "IP6LIST:	{ ip6 | ip6/bits }[,IP6LIST]\n"
66 "IPLIST:	{ ip | ip/bits | ip:mask }[,IPLIST]\n"
67 "OPTION_LIST:	OPTION [OPTION_LIST]\n"
68 "OPTION:	bridged | diverted | diverted-loopback | diverted-output |\n"
69 "	{dst-ip|src-ip} IPADDR | {dst-ip6|src-ip6|dst-ipv6|src-ipv6} IP6ADDR |\n"
70 "	{dst-port|src-port} LIST |\n"
71 "	estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n"
72 "	iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n"
73 "	ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n"
74 "	icmp6types LIST | ext6hdr LIST | flow-id N[,N] | fib FIB |\n"
75 "	mac ... | mac-type LIST | proto LIST | {recv|xmit|via} {IF|IPADDR} |\n"
76 "	setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC |\n"
77 "	tcpdatalen LIST | verrevpath | versrcreach | antispoof\n"
78 );
79 	} else {
80 		fprintf(stderr,
81 "dnctl syntax summary (but please do read the dnctl(8) manpage):\n\n"
82 "\tdnctl [-hnsv] <command>\n\n"
83 "where <command> is one of the following:\n\n"
84 "[pipe|queue|sched] N config PIPE-BODY\n"
85 "[pipe|queue|sched] {delete|list|show} [N{,N}]\n"
86 "\n"
87 );
88 	}
89 
90 	exit(0);
91 }
92 
93 /*
94  * Called with the arguments, including program name because getopt
95  * wants it to be present.
96  * Returns 0 if successful, 1 if empty command, errx() in case of errors.
97  * First thing we do is process parameters creating an argv[] array
98  * which includes the program name and a NULL entry at the end.
99  * If we are called with a single string, we split it on whitespace.
100  * Also, arguments with a trailing ',' are joined to the next one.
101  * The pointers (av[]) and data are in a single chunk of memory.
102  * av[0] points to the original program name, all other entries
103  * point into the allocated chunk.
104  */
105 static int
106 ipfw_main(int oldac, char **oldav)
107 {
108 	int ch, ac;
109 	const char *errstr;
110 	char **av, **save_av;
111 	int do_acct = 0;		/* Show packet/byte count */
112 	int try_next = 0;		/* set if pipe cmd not found */
113 	int av_size;			/* compute the av size */
114 	char *av_p;			/* used to build the av list */
115 
116 #define WHITESP		" \t\f\v\n\r"
117 	if (oldac < 2)
118 		return 1;	/* need at least one argument */
119 
120 	if (oldac == 2) {
121 		/*
122 		 * If we are called with one argument, try to split it into
123 		 * words for subsequent parsing. Spaces after a ',' are
124 		 * removed by copying the string in-place.
125 		 */
126 		char *arg = oldav[1];	/* The string is the first arg. */
127 		int l = strlen(arg);
128 		int copy = 0;		/* 1 if we need to copy, 0 otherwise */
129 		int i, j;
130 
131 		for (i = j = 0; i < l; i++) {
132 			if (arg[i] == '#')	/* comment marker */
133 				break;
134 			if (copy) {
135 				arg[j++] = arg[i];
136 				copy = !strchr("," WHITESP, arg[i]);
137 			} else {
138 				copy = !strchr(WHITESP, arg[i]);
139 				if (copy)
140 					arg[j++] = arg[i];
141 			}
142 		}
143 		if (!copy && j > 0)	/* last char was a 'blank', remove it */
144 			j--;
145 		l = j;			/* the new argument length */
146 		arg[j++] = '\0';
147 		if (l == 0)		/* empty string! */
148 			return 1;
149 
150 		/*
151 		 * First, count number of arguments. Because of the previous
152 		 * processing, this is just the number of blanks plus 1.
153 		 */
154 		for (i = 0, ac = 1; i < l; i++)
155 			if (strchr(WHITESP, arg[i]) != NULL)
156 				ac++;
157 
158 		/*
159 		 * Allocate the argument list structure as a single block
160 		 * of memory, containing pointers and the argument
161 		 * strings. We include one entry for the program name
162 		 * because getopt expects it, and a NULL at the end
163 		 * to simplify further parsing.
164 		 */
165 		ac++;		/* add 1 for the program name */
166 		av_size = (ac+1) * sizeof(char *) + l + 1;
167 		av = safe_calloc(av_size, 1);
168 
169 		/*
170 		 * Init the argument pointer to the end of the array
171 		 * and copy arguments from arg[] to av[]. For each one,
172 		 * j is the initial character, i is the one past the end.
173 		 */
174 		av_p = (char *)&av[ac+1];
175 		for (ac = 1, i = j = 0; i < l; i++) {
176 			if (strchr(WHITESP, arg[i]) != NULL || i == l-1) {
177 				if (i == l-1)
178 					i++;
179 				bcopy(arg+j, av_p, i-j);
180 				av[ac] = av_p;
181 				av_p += i-j;	/* the length of the string */
182 				*av_p++ = '\0';
183 				ac++;
184 				j = i + 1;
185 			}
186 		}
187 	} else {
188 		/*
189 		 * If an argument ends with ',' join with the next one.
190 		 */
191 		int first, i, l=0;
192 
193 		/*
194 		 * Allocate the argument list structure as a single block
195 		 * of memory, containing both pointers and the argument
196 		 * strings. We include some space for the program name
197 		 * because getopt expects it.
198 		 * We add an extra pointer to the end of the array,
199 		 * to make simpler further parsing.
200 		 */
201 		for (i=0; i<oldac; i++)
202 			l += strlen(oldav[i]);
203 
204 		av_size = (oldac+1) * sizeof(char *) + l + oldac;
205 		av = safe_calloc(av_size, 1);
206 
207 		/*
208 		 * Init the argument pointer to the end of the array
209 		 * and copy arguments from arg[] to av[]
210 		 */
211 		av_p = (char *)&av[oldac+1];
212 		for (first = i = ac = 1, l = 0; i < oldac; i++) {
213 			char *arg = oldav[i];
214 			int k = strlen(arg);
215 
216 			l += k;
217 			if (arg[k-1] != ',' || i == oldac-1) {
218 				/* Time to copy. */
219 				av[ac] = av_p;
220 				for (l=0; first <= i; first++) {
221 					strcat(av_p, oldav[first]);
222 					av_p += strlen(oldav[first]);
223 				}
224 				*av_p++ = '\0';
225 				ac++;
226 				l = 0;
227 				first = i+1;
228 			}
229 		}
230 	}
231 
232 	/*
233 	 * set the progname pointer to the original string
234 	 * and terminate the array with null
235 	 */
236 	av[0] = oldav[0];
237 	av[ac] = NULL;
238 
239 	/* Set the force flag for non-interactive processes */
240 	if (!g_co.do_force)
241 		g_co.do_force = !isatty(STDIN_FILENO);
242 
243 #ifdef EMULATE_SYSCTL /* sysctl emulation */
244 	if (is_ipfw() && ac >= 2 &&
245 	    !strcmp(av[1], "sysctl")) {
246 		char *s;
247 		int i;
248 
249 		if (ac != 3) {
250 			printf(	"sysctl emulation usage:\n"
251 				"	ipfw sysctl name[=value]\n"
252 				"	ipfw sysctl -a\n");
253 			return 0;
254 		}
255 		s = strchr(av[2], '=');
256 		if (s == NULL) {
257 			s = !strcmp(av[2], "-a") ? NULL : av[2];
258 			sysctlbyname(s, NULL, NULL, NULL, 0);
259 		} else {	/* ipfw sysctl x.y.z=value */
260 			/* assume an INT value, will extend later */
261 			if (s[1] == '\0') {
262 				printf("ipfw sysctl: missing value\n\n");
263 				return 0;
264 			}
265 			*s = '\0';
266 			i = strtol(s+1, NULL, 0);
267 			sysctlbyname(av[2], NULL, NULL, &i, sizeof(int));
268 		}
269 		return 0;
270 	}
271 #endif
272 
273 	/* Save arguments for final freeing of memory. */
274 	save_av = av;
275 
276 	optind = optreset = 1;	/* restart getopt() */
277 	if (is_ipfw()) {
278 		while ((ch = getopt(ac, av, "abcdDefhinNp:qs:STtvx")) != -1)
279 			switch (ch) {
280 			case 'a':
281 				do_acct = 1;
282 				break;
283 
284 			case 'b':
285 				g_co.comment_only = 1;
286 				g_co.do_compact = 1;
287 				break;
288 
289 			case 'c':
290 				g_co.do_compact = 1;
291 				break;
292 
293 			case 'd':
294 				g_co.do_dynamic = 1;
295 				break;
296 
297 			case 'D':
298 				g_co.do_dynamic = 2;
299 				break;
300 
301 			case 'e':
302 				/* nop for compatibility */
303 				break;
304 
305 			case 'f':
306 				g_co.do_force = 1;
307 				break;
308 
309 			case 'h': /* help */
310 				free(save_av);
311 				help();
312 				break;	/* NOTREACHED */
313 
314 			case 'i':
315 				g_co.do_value_as_ip = 1;
316 				break;
317 
318 			case 'n':
319 				g_co.test_only = 1;
320 				break;
321 
322 			case 'N':
323 				g_co.do_resolv = 1;
324 				break;
325 
326 			case 'p':
327 				errx(EX_USAGE, "An absolute pathname must be used "
328 				    "with -p option.");
329 				/* NOTREACHED */
330 
331 			case 'q':
332 				g_co.do_quiet = 1;
333 				break;
334 
335 			case 's': /* sort */
336 				g_co.do_sort = atoi(optarg);
337 				break;
338 
339 			case 'S':
340 				g_co.show_sets = 1;
341 				break;
342 
343 			case 't':
344 				g_co.do_time = TIMESTAMP_STRING;
345 				break;
346 
347 			case 'T':
348 				g_co.do_time = TIMESTAMP_NUMERIC;
349 				break;
350 
351 			case 'v': /* verbose */
352 				g_co.verbose = 1;
353 				break;
354 
355 			case 'x': /* debug output */
356 				g_co.debug_only = 1;
357 				break;
358 
359 			default:
360 				free(save_av);
361 				return 1;
362 			}
363 	} else {
364 		while ((ch = getopt(ac, av, "hns:v")) != -1)
365 			switch (ch) {
366 
367 			case 'h': /* help */
368 				free(save_av);
369 				help();
370 				break;	/* NOTREACHED */
371 
372 			case 'n':
373 				g_co.test_only = 1;
374 				break;
375 
376 			case 's': /* sort */
377 				g_co.do_sort = atoi(optarg);
378 				break;
379 
380 			case 'v': /* verbose */
381 				g_co.verbose = 1;
382 				break;
383 
384 			default:
385 				free(save_av);
386 				return 1;
387 			}
388 
389 	}
390 
391 	ac -= optind;
392 	av += optind;
393 	NEED1("bad arguments, for usage summary ``ipfw''");
394 
395 	/*
396 	 * An undocumented behaviour of ipfw1 was to allow rule numbers first,
397 	 * e.g. "100 add allow ..." instead of "add 100 allow ...".
398 	 * In case, swap first and second argument to get the normal form.
399 	 */
400 	if (ac > 1 && isdigit(*av[0])) {
401 		char *p = av[0];
402 
403 		av[0] = av[1];
404 		av[1] = p;
405 	}
406 
407 	/*
408 	 * Optional: pipe, queue or nat.
409 	 */
410 	g_co.do_nat = 0;
411 	g_co.do_pipe = 0;
412 	g_co.use_set = 0;
413 	if (is_ipfw() && !strncmp(*av, "nat", strlen(*av)))
414 		g_co.do_nat = 1;
415 	else if (!strncmp(*av, "pipe", strlen(*av)))
416 		g_co.do_pipe = 1;
417 	else if (_substrcmp(*av, "queue") == 0)
418 		g_co.do_pipe = 2;
419 	else if (_substrcmp(*av, "flowset") == 0)
420 		g_co.do_pipe = 2;
421 	else if (_substrcmp(*av, "sched") == 0)
422 		g_co.do_pipe = 3;
423 	else if (is_ipfw() && !strncmp(*av, "set", strlen(*av))) {
424 		if (ac > 1 && isdigit(av[1][0])) {
425 			g_co.use_set = strtonum(av[1], 0, resvd_set_number,
426 					&errstr);
427 			if (errstr)
428 				errx(EX_DATAERR,
429 				    "invalid set number %s\n", av[1]);
430 			ac -= 2; av += 2; g_co.use_set++;
431 		}
432 	}
433 
434 	if (g_co.do_pipe || g_co.do_nat) {
435 		ac--;
436 		av++;
437 	}
438 	NEED1("missing command");
439 
440 	/*
441 	 * For pipes, queues and nats we normally say 'nat|pipe NN config'
442 	 * but the code is easier to parse as 'nat|pipe config NN'
443 	 * so we swap the two arguments.
444 	 */
445 	if ((g_co.do_pipe || g_co.do_nat) && ac > 1 && isdigit(*av[0])) {
446 		char *p = av[0];
447 
448 		av[0] = av[1];
449 		av[1] = p;
450 	}
451 
452 	if (! is_ipfw() && g_co.do_pipe == 0) {
453 		help();
454 	}
455 
456 	if (g_co.use_set == 0) {
457 		if (is_ipfw() && _substrcmp(*av, "add") == 0)
458 			ipfw_add(av);
459 		else if (g_co.do_nat && _substrcmp(*av, "show") == 0)
460  			ipfw_show_nat(ac, av);
461 		else if (g_co.do_pipe && _substrcmp(*av, "config") == 0)
462 			ipfw_config_pipe(ac, av);
463 		else if (g_co.do_nat && _substrcmp(*av, "config") == 0)
464  			ipfw_config_nat(ac, av);
465 		else if (is_ipfw() && _substrcmp(*av, "set") == 0)
466 			ipfw_sets_handler(av);
467 		else if (is_ipfw() && _substrcmp(*av, "table") == 0)
468 			ipfw_table_handler(ac, av);
469 		else if (is_ipfw() && _substrcmp(*av, "enable") == 0)
470 			ipfw_sysctl_handler(av, 1);
471 		else if (is_ipfw() && _substrcmp(*av, "disable") == 0)
472 			ipfw_sysctl_handler(av, 0);
473 		else
474 			try_next = 1;
475 	}
476 
477 	if (g_co.use_set || try_next) {
478 		if (_substrcmp(*av, "delete") == 0)
479 			ipfw_delete(av);
480 		else if (is_ipfw() && !strncmp(*av, "nat64clat", strlen(*av)))
481 			ipfw_nat64clat_handler(ac, av);
482 		else if (is_ipfw() && !strncmp(*av, "nat64stl", strlen(*av)))
483 			ipfw_nat64stl_handler(ac, av);
484 		else if (is_ipfw() && !strncmp(*av, "nat64lsn", strlen(*av)))
485 			ipfw_nat64lsn_handler(ac, av);
486 		else if (is_ipfw() && !strncmp(*av, "nptv6", strlen(*av)))
487 			ipfw_nptv6_handler(ac, av);
488 		else if (_substrcmp(*av, "flush") == 0)
489 			ipfw_flush(g_co.do_force);
490 		else if (is_ipfw() && _substrcmp(*av, "zero") == 0)
491 			ipfw_zero(ac, av, 0 /* IP_FW_ZERO */);
492 		else if (is_ipfw() && _substrcmp(*av, "resetlog") == 0)
493 			ipfw_zero(ac, av, 1 /* IP_FW_RESETLOG */);
494 		else if (_substrcmp(*av, "print") == 0 ||
495 			 _substrcmp(*av, "list") == 0)
496 			ipfw_list(ac, av, do_acct);
497 		else if (_substrcmp(*av, "show") == 0)
498 			ipfw_list(ac, av, 1 /* show counters */);
499 		else if (is_ipfw() && _substrcmp(*av, "table") == 0)
500 			ipfw_table_handler(ac, av);
501 		else if (is_ipfw() && _substrcmp(*av, "internal") == 0)
502 			ipfw_internal_handler(ac, av);
503 		else
504 			errx(EX_USAGE, "bad command `%s'", *av);
505 	}
506 
507 	/* Free memory allocated in the argument parsing. */
508 	free(save_av);
509 	return 0;
510 }
511 
512 
513 static void
514 ipfw_readfile(int ac, char *av[])
515 {
516 #define MAX_ARGS	32
517 	char buf[4096];
518 	char *progname = av[0];		/* original program name */
519 	const char *cmd = NULL;		/* preprocessor name, if any */
520 	const char *filename = av[ac-1]; /* file to read */
521 	int	c, lineno=0;
522 	FILE	*f = NULL;
523 	pid_t	preproc = 0;
524 
525 	if (is_ipfw()) {
526 		while ((c = getopt(ac, av, "cfNnp:qS")) != -1) {
527 			switch(c) {
528 			case 'c':
529 				g_co.do_compact = 1;
530 				break;
531 
532 			case 'f':
533 				g_co.do_force = 1;
534 				break;
535 
536 			case 'N':
537 				g_co.do_resolv = 1;
538 				break;
539 
540 			case 'n':
541 				g_co.test_only = 1;
542 				break;
543 
544 			case 'p':
545 				/*
546 				 * ipfw -p cmd [args] filename
547 				 *
548 				 * We are done with getopt(). All arguments
549 				 * except the filename go to the preprocessor,
550 				 * so we need to do the following:
551 				 * - check that a filename is actually present;
552 				 * - advance av by optind-1 to skip arguments
553 				 *   already processed;
554 				 * - decrease ac by optind, to remove the args
555 				 *   already processed and the final filename;
556 				 * - set the last entry in av[] to NULL so
557 				 *   popen() can detect the end of the array;
558 				 * - set optind=ac to let getopt() terminate.
559 				 */
560 				if (optind == ac)
561 					errx(EX_USAGE, "no filename argument");
562 				cmd = optarg;
563 				av[ac-1] = NULL;
564 				av += optind - 1;
565 				ac -= optind;
566 				optind = ac;
567 				break;
568 
569 			case 'q':
570 				g_co.do_quiet = 1;
571 				break;
572 
573 			case 'S':
574 				g_co.show_sets = 1;
575 				break;
576 
577 			default:
578 				errx(EX_USAGE, "bad arguments, for usage"
579 				     " summary ``ipfw''");
580 			}
581 		}
582 	} else {
583 		while ((c = getopt(ac, av, "nq")) != -1) {
584 			switch(c) {
585 			case 'n':
586 				g_co.test_only = 1;
587 				break;
588 
589 			case 'q':
590 				g_co.do_quiet = 1;
591 				break;
592 
593 			default:
594 				errx(EX_USAGE, "bad arguments, for usage"
595 				     " summary ``dnctl''");
596 			}
597 		}
598 	}
599 
600 	if (cmd == NULL && ac != optind + 1)
601 		errx(EX_USAGE, "extraneous filename arguments %s", av[ac-1]);
602 
603 	if ((f = fopen(filename, "r")) == NULL)
604 		err(EX_UNAVAILABLE, "fopen: %s", filename);
605 
606 	if (cmd != NULL) {			/* pipe through preprocessor */
607 		int pipedes[2];
608 
609 		if (pipe(pipedes) == -1)
610 			err(EX_OSERR, "cannot create pipe");
611 
612 		preproc = fork();
613 		if (preproc == -1)
614 			err(EX_OSERR, "cannot fork");
615 
616 		if (preproc == 0) {
617 			/*
618 			 * Child, will run the preprocessor with the
619 			 * file on stdin and the pipe on stdout.
620 			 */
621 			if (dup2(fileno(f), 0) == -1
622 			    || dup2(pipedes[1], 1) == -1)
623 				err(EX_OSERR, "dup2()");
624 			fclose(f);
625 			close(pipedes[1]);
626 			close(pipedes[0]);
627 			execvp(cmd, av);
628 			err(EX_OSERR, "execvp(%s) failed", cmd);
629 		} else { /* parent, will reopen f as the pipe */
630 			fclose(f);
631 			close(pipedes[1]);
632 			if ((f = fdopen(pipedes[0], "r")) == NULL) {
633 				int savederrno = errno;
634 
635 				(void)kill(preproc, SIGTERM);
636 				errno = savederrno;
637 				err(EX_OSERR, "fdopen()");
638 			}
639 		}
640 	}
641 
642 	while (fgets(buf, sizeof(buf), f)) {		/* read commands */
643 		char linename[20];
644 		char *args[2];
645 
646 		lineno++;
647 		snprintf(linename, sizeof(linename), "Line %d", lineno);
648 		setprogname(linename); /* XXX */
649 		args[0] = progname;
650 		args[1] = buf;
651 		ipfw_main(2, args);
652 	}
653 	fclose(f);
654 	if (cmd != NULL) {
655 		int status;
656 
657 		if (waitpid(preproc, &status, 0) == -1)
658 			errx(EX_OSERR, "waitpid()");
659 		if (WIFEXITED(status) && WEXITSTATUS(status) != EX_OK)
660 			errx(EX_UNAVAILABLE,
661 			    "preprocessor exited with status %d",
662 			    WEXITSTATUS(status));
663 		else if (WIFSIGNALED(status))
664 			errx(EX_UNAVAILABLE,
665 			    "preprocessor exited with signal %d",
666 			    WTERMSIG(status));
667 	}
668 }
669 
670 int
671 main(int ac, char *av[])
672 {
673 #if defined(_WIN32) && defined(TCC)
674 	{
675 		WSADATA wsaData;
676 		int ret=0;
677 		unsigned short wVersionRequested = MAKEWORD(2, 2);
678 		ret = WSAStartup(wVersionRequested, &wsaData);
679 		if (ret != 0) {
680 			/* Tell the user that we could not find a usable */
681 			/* Winsock DLL.				  */
682 			printf("WSAStartup failed with error: %d\n", ret);
683 			return 1;
684 		}
685 	}
686 #endif
687 
688 	if (strcmp("dnctl", basename(av[0])) == 0)
689 		g_co.prog = cmdline_prog_dnctl;
690 	else
691 		g_co.prog = cmdline_prog_ipfw;
692 
693 	/*
694 	 * If the last argument is an absolute pathname, interpret it
695 	 * as a file to be preprocessed.
696 	 */
697 
698 	if (ac > 1 && av[ac - 1][0] == '/') {
699 		if (access(av[ac - 1], R_OK) == 0)
700 			ipfw_readfile(ac, av);
701 		else
702 			err(EX_USAGE, "pathname: %s", av[ac - 1]);
703 	} else {
704 		if (ipfw_main(ac, av)) {
705 			errx(EX_USAGE,
706 			    "usage: %s [options]\n"
707 			    "do \"%s -h\" or \"man %s\" for details", av[0],
708 			    av[0], av[0]);
709 		}
710 	}
711 	return EX_OK;
712 }
713