Lines Matching refs:cmd
101 #define CHECK_CMDLEN CHECK_LENGTH(cblen, F_LEN((ipfw_insn *)cmd))
913 print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode) in print_newports() argument
915 const uint16_t *p = cmd->ports; in print_newports()
926 for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { in print_newports()
1006 fill_newports(ipfw_insn_u16 *cmd, char *av, int proto, int cblen) in fill_newports() argument
1008 uint16_t a, b, *p = cmd->ports; in fill_newports()
1046 cmd->o.len |= i + 1; /* leave F_NOT and F_OR untouched */ in fill_newports()
1055 fill_dscp(ipfw_insn *cmd, char *av, int cblen) in fill_dscp() argument
1061 cmd->opcode = O_DSCP; in fill_dscp()
1062 cmd->len |= F_INSN_SIZE(ipfw_insn_u32) + 1; in fill_dscp()
1066 low = (uint32_t *)(cmd + 1); in fill_dscp()
1172 print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd, in print_flags() argument
1177 uint8_t set = cmd->arg1 & 0xff; in print_flags()
1178 uint8_t clear = (cmd->arg1 >> 8) & 0xff; in print_flags()
1206 const ipfw_insn_ip *cmd) in print_ip() argument
1210 const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d; in print_ip()
1211 uint32_t len = F_LEN((const ipfw_insn *)cmd); in print_ip()
1215 if (cmd->o.opcode == O_IP_DST_LOOKUP && len > F_INSN_SIZE(ipfw_insn_u32)) { in print_ip()
1222 ((const ipfw_insn *)cmd)->arg1); in print_ip()
1226 if (cmd->o.opcode == O_IP_SRC_ME || cmd->o.opcode == O_IP_DST_ME) { in print_ip()
1230 if (cmd->o.opcode == O_IP_SRC_LOOKUP || in print_ip()
1231 cmd->o.opcode == O_IP_DST_LOOKUP) { in print_ip()
1233 ((const ipfw_insn *)cmd)->arg1); in print_ip()
1240 if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) { in print_ip()
1241 const uint32_t *map = (const uint32_t *)&cmd->mask; in print_ip()
1247 x = cmd->o.arg1 - 1; in print_ip()
1249 addr.s_addr = htonl(cmd->addr.s_addr); in print_ip()
1252 x = cmd->addr.s_addr; in print_ip()
1260 for (i=0; i < cmd->o.arg1; i++) in print_ip()
1262 for (j=i+1; j < cmd->o.arg1; j++) in print_ip()
1282 (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? in print_ip()
1337 fill_icmptypes(ipfw_insn_u32 *cmd, char *av) in fill_icmptypes() argument
1341 cmd->d[0] = 0; in fill_icmptypes()
1354 cmd->d[0] |= 1 << type; in fill_icmptypes()
1356 cmd->o.opcode = O_ICMPTYPE; in fill_icmptypes()
1357 cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32); in fill_icmptypes()
1361 print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd) in print_icmptypes() argument
1368 if ( (cmd->d[0] & (1 << (i))) == 0) in print_icmptypes()
1376 print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd) in print_dscp() argument
1384 v = cmd->d; in print_dscp()
1399 #define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd)) argument
1436 is_printed_opcode(struct show_state *state, const ipfw_insn *cmd) in is_printed_opcode() argument
1439 return (state->printed[cmd - state->rule->cmd]); in is_printed_opcode()
1443 mark_printed(struct show_state *state, const ipfw_insn *cmd) in mark_printed() argument
1446 state->printed[cmd - state->rule->cmd] = 1; in mark_printed()
1468 struct show_state *state, const ipfw_insn *cmd) in print_instruction() argument
1476 if (is_printed_opcode(state, cmd)) in print_instruction()
1478 if ((cmd->len & F_OR) != 0 && state->or_block == 0) in print_instruction()
1480 if (cmd->opcode != O_IN && (cmd->len & F_NOT) != 0) in print_instruction()
1483 switch (cmd->opcode) { in print_instruction()
1485 d = 1.0 * insntod(cmd, u32)->d[0] / 0x7fffffff; in print_instruction()
1498 print_ip(bp, fo, insntod(cmd, ip)); in print_instruction()
1507 print_ip(bp, fo, insntod(cmd, ip)); in print_instruction()
1514 print_ip6(bp, insntod(cmd, ip6)); in print_instruction()
1521 print_ip6(bp, insntod(cmd, ip6)); in print_instruction()
1524 print_flow6id(bp, insntod(cmd, u32)); in print_instruction()
1528 print_newports(bp, insntod(cmd, u16), state->proto, in print_instruction()
1530 (HAVE_SRCIP | HAVE_DSTIP) ? cmd->opcode: 0); in print_instruction()
1533 pe = getprotobynumber(cmd->arg1); in print_instruction()
1539 bprintf(bp, " %u", cmd->arg1); in print_instruction()
1540 state->proto = cmd->arg1; in print_instruction()
1543 print_mac(bp, insntod(cmd, mac)); in print_instruction()
1546 print_newports(bp, insntod(cmd, u16), in print_instruction()
1547 IPPROTO_ETHERTYPE, cmd->opcode); in print_instruction()
1550 print_flags(bp, "frag", cmd, f_ipoff); in print_instruction()
1553 bprintf(bp, " fib %u", cmd->arg1); in print_instruction()
1559 bprintf(bp, cmd->len & F_NOT ? " out" : " in"); in print_instruction()
1562 switch (cmd->arg1) { in print_instruction()
1573 bprintf(bp, " diverted-?<%u>", cmd->arg1); in print_instruction()
1583 if (cmd->opcode == O_XMIT) in print_instruction()
1585 else if (cmd->opcode == O_RECV) in print_instruction()
1589 switch (insntod(cmd, if)->name[0]) { in print_instruction()
1592 inet_ntoa(insntod(cmd, if)->p.ip)); in print_instruction()
1597 insntod(cmd, if)->p.kidx)); in print_instruction()
1601 insntod(cmd, if)->name); in print_instruction()
1605 s = table_search_ctlv(fo->tstate, cmd->arg1); in print_instruction()
1607 if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn_u32)) in print_instruction()
1608 bprintf(bp, ",%u", insntod(cmd, u32)->d[0]); in print_instruction()
1617 if (F_LEN(cmd) == 1) { in print_instruction()
1618 switch (cmd->opcode) { in print_instruction()
1641 bprintf(bp, " %s %u", s, cmd->arg1); in print_instruction()
1643 print_newports(bp, insntod(cmd, u16), 0, in print_instruction()
1644 cmd->opcode); in print_instruction()
1647 bprintf(bp, " ipver %u", cmd->arg1); in print_instruction()
1650 bprintf(bp, " ipprecedence %u", cmd->arg1 >> 5); in print_instruction()
1653 print_dscp(bp, insntod(cmd, u32)); in print_instruction()
1656 print_flags(bp, "ipoptions", cmd, f_ipopts); in print_instruction()
1659 print_flags(bp, "iptos", cmd, f_iptos); in print_instruction()
1662 print_icmptypes(bp, insntod(cmd, u32)); in print_instruction()
1668 print_flags(bp, "tcpflags", cmd, f_tcpflags); in print_instruction()
1671 print_flags(bp, "tcpoptions", cmd, f_tcpopts); in print_instruction()
1675 ntohl(insntod(cmd, u32)->d[0])); in print_instruction()
1679 ntohl(insntod(cmd, u32)->d[0])); in print_instruction()
1682 pwd = getpwuid(insntod(cmd, u32)->d[0]); in print_instruction()
1687 insntod(cmd, u32)->d[0]); in print_instruction()
1690 grp = getgrgid(insntod(cmd, u32)->d[0]); in print_instruction()
1695 insntod(cmd, u32)->d[0]); in print_instruction()
1698 bprintf(bp, " jail %d", insntod(cmd, u32)->d[0]); in print_instruction()
1713 bprintf(bp, " // %s", (const char *)(cmd + 1)); in print_instruction()
1721 object_search_ctlv(fo->tstate, cmd->arg1, in print_instruction()
1729 print_limit_mask(bp, insntod(cmd, limit)); in print_instruction()
1731 object_search_ctlv(fo->tstate, cmd->arg1, in print_instruction()
1745 print_icmp6types(bp, insntod(cmd, u32)); in print_instruction()
1748 print_ext6hdr(bp, cmd); in print_instruction()
1751 if (F_LEN(cmd) == 1) in print_instruction()
1752 bprint_uint_arg(bp, " tagged ", cmd->arg1); in print_instruction()
1754 print_newports(bp, insntod(cmd, u16), in print_instruction()
1761 bprintf(bp, " [opcode %d len %d]", cmd->opcode, in print_instruction()
1762 cmd->len); in print_instruction()
1764 if (cmd->len & F_OR) { in print_instruction()
1771 mark_printed(state, cmd); in print_instruction()
1780 ipfw_insn *cmd; in print_opcode() local
1783 for (l = state->rule->act_ofs, cmd = state->rule->cmd; in print_opcode()
1784 l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_opcode()
1786 if (opcode >= 0 && cmd->opcode != opcode) in print_opcode()
1792 if (cmd->opcode == O_NOP && opcode != O_NOP) in print_opcode()
1794 if (!print_instruction(bp, fo, state, cmd)) in print_opcode()
1796 return (cmd); in print_opcode()
1802 print_fwd(struct buf_pr *bp, const ipfw_insn *cmd) in print_fwd() argument
1809 if (cmd->opcode == O_FORWARD_IP) { in print_fwd()
1810 sa = insntod(cmd, sa); in print_fwd()
1817 sa6 = insntod(cmd, sa6); in print_fwd()
1831 struct show_state *state, const ipfw_insn *cmd) in print_action_instruction() argument
1835 if (is_printed_opcode(state, cmd)) in print_action_instruction()
1837 switch (cmd->opcode) { in print_action_instruction()
1840 if (cmd->arg1 != 0) in print_action_instruction()
1841 s = object_search_ctlv(fo->tstate, cmd->arg1, in print_action_instruction()
1857 if (cmd->arg1 == ICMP_REJECT_RST) in print_action_instruction()
1859 else if (cmd->arg1 == ICMP_REJECT_ABORT) in print_action_instruction()
1861 else if (cmd->arg1 == ICMP_UNREACH_HOST) in print_action_instruction()
1864 print_reject_code(bp, cmd->arg1); in print_action_instruction()
1867 if (cmd->arg1 == ICMP6_UNREACH_RST) in print_action_instruction()
1869 else if (cmd->arg1 == ICMP6_UNREACH_ABORT) in print_action_instruction()
1872 print_unreach6_code(bp, cmd->arg1); in print_action_instruction()
1875 bprint_uint_arg(bp, "skipto ", cmd->arg1); in print_action_instruction()
1878 bprint_uint_arg(bp, "pipe ", cmd->arg1); in print_action_instruction()
1881 bprint_uint_arg(bp, "queue ", cmd->arg1); in print_action_instruction()
1884 bprint_uint_arg(bp, "divert ", cmd->arg1); in print_action_instruction()
1887 bprint_uint_arg(bp, "tee ", cmd->arg1); in print_action_instruction()
1890 bprint_uint_arg(bp, "netgraph ", cmd->arg1); in print_action_instruction()
1893 bprint_uint_arg(bp, "ngtee ", cmd->arg1); in print_action_instruction()
1897 print_fwd(bp, cmd); in print_action_instruction()
1900 if (insntod(cmd, log)->max_log > 0) in print_action_instruction()
1902 insntod(cmd, log)->max_log); in print_action_instruction()
1908 print_altq_cmd(bp, insntod(cmd, altq)); in print_action_instruction()
1912 bprint_uint_arg(bp, cmd->len & F_NOT ? " untag ": in print_action_instruction()
1913 " tag ", cmd->arg1); in print_action_instruction()
1916 if (cmd->arg1 != IP_FW_NAT44_GLOBAL) in print_action_instruction()
1917 bprint_uint_arg(bp, "nat ", cmd->arg1); in print_action_instruction()
1922 if (cmd->arg1 == IP_FW_TARG) in print_action_instruction()
1923 bprint_uint_arg(bp, "setfib ", cmd->arg1); in print_action_instruction()
1925 bprintf(bp, "setfib %u", cmd->arg1 & 0x7FFF); in print_action_instruction()
1937 state->eaction = cmd; in print_action_instruction()
1938 s = object_search_ctlv(fo->tstate, cmd->arg1, in print_action_instruction()
1958 s = object_search_ctlv(fo->tstate, cmd->arg1, 0); in print_action_instruction()
1961 cmd->arg1, IPFW_TLV_EACTION_NAME( in print_action_instruction()
1973 if (cmd->len == F_INSN_SIZE(ipfw_insn)) in print_action_instruction()
1974 bprintf(bp, " %u", cmd->arg1); in print_action_instruction()
1977 cmd->len * sizeof(uint32_t)); in print_action_instruction()
1980 if (cmd->arg1 == IP_FW_TARG) { in print_action_instruction()
1984 s = match_value(f_ipdscp, cmd->arg1 & 0x3F); in print_action_instruction()
1988 bprintf(bp, "setdscp %u", cmd->arg1 & 0x3F); in print_action_instruction()
1994 if (cmd->len & F_NOT) in print_action_instruction()
1997 bprint_uint_arg(bp, "call ", cmd->arg1); in print_action_instruction()
2001 cmd->opcode, cmd->len); in print_action_instruction()
2003 mark_printed(state, cmd); in print_action_instruction()
2013 ipfw_insn *cmd; in print_action() local
2017 cmd = ACTION_PTR(state->rule); l > 0; in print_action()
2018 l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_action()
2019 if (cmd->opcode != opcode) in print_action()
2021 if (!print_action_instruction(bp, fo, state, cmd)) in print_action()
2023 return (cmd); in print_action()
2032 ipfw_insn *cmd; in print_proto() local
2037 for (l = state->rule->act_ofs, cmd = state->rule->cmd; in print_proto()
2038 l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_proto()
2039 switch (cmd->opcode) { in print_proto()
2045 if (cmd->len & F_OR) in print_proto()
2050 if (cmd->len & F_OR) in print_proto()
2064 cmd = NULL; in print_proto()
2066 cmd = print_opcode(bp, fo, state, ip4 > ip6 ? O_IP4: O_IP6); in print_proto()
2067 if (cmd != NULL && (cmd->len & F_OR)) in print_proto()
2068 cmd = print_opcode(bp, fo, state, ip4 > ip6 ? O_IP6: O_IP4); in print_proto()
2069 if (cmd == NULL || (cmd->len & F_OR)) in print_proto()
2071 cmd = print_opcode(bp, fo, state, O_PROTO); in print_proto()
2072 if (cmd == NULL || (cmd->len & F_OR) == 0) in print_proto()
2097 ipfw_insn *cmd; in print_address() local
2101 for (l = state->rule->act_ofs, cmd = state->rule->cmd; in print_address()
2102 l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_address()
2103 if (match_opcode(cmd->opcode, opcodes, nops)) in print_address()
2105 else if (cmd->opcode == portop) in print_address()
2110 for (l = state->rule->act_ofs, cmd = state->rule->cmd; in print_address()
2111 l > 0 && count > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_address()
2112 if (!match_opcode(cmd->opcode, opcodes, nops)) in print_address()
2114 print_instruction(bp, fo, state, cmd); in print_address()
2115 if ((cmd->len & F_OR) == 0) in print_address()
2124 for (l = state->rule->act_ofs, cmd = state->rule->cmd, pf = 0; in print_address()
2125 l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { in print_address()
2126 if (cmd->opcode != portop) { in print_address()
2127 pf = (cmd->len & F_OR); in print_address()
2131 if (pf == 0 && (cmd->len & F_OR) == 0) in print_address()
2132 print_instruction(bp, fo, state, cmd); in print_address()
2168 ipfw_insn *cmd; in show_static_rule() local
2219 cmd = print_opcode(bp, fo, &state, O_PROB); in show_static_rule()
2222 cmd = print_action(bp, fo, &state, action_opcodes[i]); in show_static_rule()
2223 if (cmd == NULL) in show_static_rule()
2226 switch (cmd->opcode) { in show_static_rule()
2270 cmd = print_opcode(bp, fo, &state, O_NOP); in show_static_rule()
2271 if (co->comment_only != 0 && cmd == NULL) in show_static_rule()
2360 do_range_cmd(int cmd, ipfw_range_tlv *rt) in do_range_cmd() argument
2371 if (do_get3(cmd, &rh.opheader, &sz) != 0) in do_range_cmd()
2394 uint8_t cmd; in ipfw_sets_handler() local
2437 cmd = IP_FW_XMOVE; in ipfw_sets_handler()
2440 cmd = IP_FW_SET_MOVE; /* Move set to new one */ in ipfw_sets_handler()
2446 if (cmd == IP_FW_XMOVE) { in ipfw_sets_handler()
2452 if (!isdigit(*(av[0])) || (cmd == 3 && rt.set > RESVD_SET) || in ipfw_sets_handler()
2453 (cmd == 2 && rt.start_rule == IPFW_DEFAULT_RULE) ) in ipfw_sets_handler()
2457 i = do_range_cmd(cmd, &rt); in ipfw_sets_handler()
2460 cmd == IP_FW_SET_MOVE ? "set": "rule"); in ipfw_sets_handler()
3084 fill_table(struct _ipfw_insn *cmd, char *av, uint8_t opcode, in fill_table() argument
3087 uint32_t *d = ((ipfw_insn_u32 *)cmd)->d; in fill_table()
3101 cmd->opcode = opcode; in fill_table()
3102 cmd->arg1 = uidx; in fill_table()
3104 cmd->len |= F_INSN_SIZE(ipfw_insn_u32); in fill_table()
3107 cmd->len |= F_INSN_SIZE(ipfw_insn); in fill_table()
3123 fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct tidx *tstate) in fill_ip() argument
3126 uint32_t *d = ((ipfw_insn_u32 *)cmd)->d; in fill_ip()
3128 cmd->o.len &= ~F_LEN_MASK; /* zero len */ in fill_ip()
3134 cmd->o.len |= F_INSN_SIZE(ipfw_insn); in fill_ip()
3139 fill_table(&cmd->o, av, O_IP_DST_LOOKUP, tstate); in fill_ip()
3209 uint32_t *map = (uint32_t *)&cmd->mask; in fill_ip()
3217 cmd->o.arg1 = 1<<(32-i); /* map length */ in fill_ip()
3219 cmd->o.opcode = O_IP_DST_SET; /* default */ in fill_ip()
3220 cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32) + (cmd->o.arg1+31)/32; in fill_ip()
3221 for (i = 0; i < (cmd->o.arg1+31)/32 ; i++) in fill_ip()
3226 high = low + cmd->o.arg1 - 1; in fill_ip()
3280 if (cmd->o.len & F_NOT) { /* "not any" never matches */ in fill_ip()
3289 cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32); in fill_ip()
3297 cmd->o.len |= len+1; in fill_ip()
3321 fill_flags_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, in fill_flags_cmd() argument
3330 cmd->opcode = opcode; in fill_flags_cmd()
3331 cmd->len = (cmd->len & (F_NOT | F_OR)) | 1; in fill_flags_cmd()
3332 cmd->arg1 = (set & 0xff) | ( (clear & 0xff) << 8); in fill_flags_cmd()
3425 fill_iface(ipfw_insn_if *cmd, char *arg, int cblen, struct tidx *tstate) in fill_iface() argument
3430 cmd->name[0] = '\0'; in fill_iface()
3431 cmd->o.len |= F_INSN_SIZE(ipfw_insn_if); in fill_iface()
3437 cmd->o.len = 0; /* effectively ignore this command */ in fill_iface()
3448 cmd->name[0] = '\1'; /* Special value indicating table */ in fill_iface()
3449 cmd->p.kidx = uidx; in fill_iface()
3451 strlcpy(cmd->name, arg, sizeof(cmd->name)); in fill_iface()
3452 cmd->p.glob = strpbrk(arg, "*?[") != NULL ? 1 : 0; in fill_iface()
3453 } else if (!inet_aton(arg, &cmd->p.ip)) in fill_iface()
3511 next_cmd(ipfw_insn *cmd, int *len) in next_cmd() argument
3513 *len -= F_LEN(cmd); in next_cmd()
3515 cmd += F_LEN(cmd); in next_cmd()
3516 bzero(cmd, sizeof(*cmd)); in next_cmd()
3517 return cmd; in next_cmd()
3524 fill_comment(ipfw_insn *cmd, char **av, int cblen) in fill_comment() argument
3527 char *p = (char *)(cmd + 1); in fill_comment()
3529 cmd->opcode = O_NOP; in fill_comment()
3530 cmd->len = (cmd->len & (F_NOT | F_OR)); in fill_comment()
3541 cmd->len = (cmd->len & (F_NOT | F_OR)) | l; in fill_comment()
3557 fill_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, int flags, uint16_t arg) in fill_cmd() argument
3559 cmd->opcode = opcode; in fill_cmd()
3560 cmd->len = ((cmd->len | flags) & (F_NOT | F_OR)) | 1; in fill_cmd()
3561 cmd->arg1 = arg; in fill_cmd()
3569 add_mac(ipfw_insn *cmd, char *av[], int cblen) in add_mac() argument
3576 cmd->opcode = O_MACADDR2; in add_mac()
3577 cmd->len = (cmd->len & (F_NOT | F_OR)) | F_INSN_SIZE(ipfw_insn_mac); in add_mac()
3580 mac = (ipfw_insn_mac *)cmd; in add_mac()
3584 return cmd; in add_mac()
3588 add_mactype(ipfw_insn *cmd, char *av, int cblen) in add_mactype() argument
3593 fill_newports((ipfw_insn_u16 *)cmd, av, IPPROTO_ETHERTYPE, in add_mactype()
3595 cmd->opcode = O_MAC_TYPE; in add_mactype()
3596 return cmd; in add_mactype()
3602 add_proto0(ipfw_insn *cmd, char *av, u_char *protop) in add_proto0() argument
3615 fill_cmd(cmd, O_PROTO, 0, proto); in add_proto0()
3617 return cmd; in add_proto0()
3621 add_proto(ipfw_insn *cmd, char *av, u_char *protop) in add_proto() argument
3629 fill_cmd(cmd, O_IP4, 0, 0); in add_proto()
3633 fill_cmd(cmd, O_IP6, 0, 0); in add_proto()
3635 return add_proto0(cmd, av, protop); in add_proto()
3638 return cmd; in add_proto()
3642 add_proto_compat(ipfw_insn *cmd, char *av, u_char *protop) in add_proto_compat() argument
3650 fill_cmd(cmd, O_IP4, 0, 0); in add_proto_compat()
3654 fill_cmd(cmd, O_IP6, 0, 0); in add_proto_compat()
3656 return add_proto0(cmd, av, protop); in add_proto_compat()
3659 return cmd; in add_proto_compat()
3663 add_srcip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) in add_srcip() argument
3665 fill_ip((ipfw_insn_ip *)cmd, av, cblen, tstate); in add_srcip()
3666 if (cmd->opcode == O_IP_DST_SET) /* set */ in add_srcip()
3667 cmd->opcode = O_IP_SRC_SET; in add_srcip()
3668 else if (cmd->opcode == O_IP_DST_LOOKUP) /* table */ in add_srcip()
3669 cmd->opcode = O_IP_SRC_LOOKUP; in add_srcip()
3670 else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) /* me */ in add_srcip()
3671 cmd->opcode = O_IP_SRC_ME; in add_srcip()
3672 else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn_u32)) /* one IP */ in add_srcip()
3673 cmd->opcode = O_IP_SRC; in add_srcip()
3675 cmd->opcode = O_IP_SRC_MASK; in add_srcip()
3676 return cmd; in add_srcip()
3680 add_dstip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate) in add_dstip() argument
3682 fill_ip((ipfw_insn_ip *)cmd, av, cblen, tstate); in add_dstip()
3683 if (cmd->opcode == O_IP_DST_SET) /* set */ in add_dstip()
3685 else if (cmd->opcode == O_IP_DST_LOOKUP) /* table */ in add_dstip()
3687 else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) /* me */ in add_dstip()
3688 cmd->opcode = O_IP_DST_ME; in add_dstip()
3689 else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn_u32)) /* one IP */ in add_dstip()
3690 cmd->opcode = O_IP_DST; in add_dstip()
3692 cmd->opcode = O_IP_DST_MASK; in add_dstip()
3693 return cmd; in add_dstip()
3717 add_ports(ipfw_insn *cmd, char *av, u_char proto, int opcode, int cblen) in add_ports() argument
3723 if (fill_newports((ipfw_insn_u16 *)cmd, av, proto, cblen)) { in add_ports()
3725 cmd->opcode = opcode; in add_ports()
3726 return cmd; in add_ports()
3732 add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) in add_src() argument
3751 ret = add_srcip6(cmd, av, cblen, tstate); in add_src()
3755 ret = add_srcip(cmd, av, cblen, tstate); in add_src()
3757 ret = cmd; in add_src()
3763 add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate) in add_dst() argument
3782 ret = add_dstip6(cmd, av, cblen, tstate); in add_dst()
3786 ret = add_dstip(cmd, av, cblen, tstate); in add_dst()
3788 ret = cmd; in add_dst()
3817 ipfw_insn *src, *dst, *cmd, *action, *prev=NULL; in compile_rule() local
3845 cmd = (ipfw_insn *)cmdbuf; in compile_rule()
4268 ipfw_insn_log *c = (ipfw_insn_log *)cmd; in compile_rule()
4275 cmd->len = F_INSN_SIZE(ipfw_insn_log); in compile_rule()
4277 cmd->opcode = O_LOG; in compile_rule()
4305 ipfw_insn_altq *a = (ipfw_insn_altq *)cmd; in compile_rule()
4312 cmd->len = F_INSN_SIZE(ipfw_insn_altq); in compile_rule()
4314 cmd->opcode = O_ALTQ; in compile_rule()
4330 have_tag = cmd; in compile_rule()
4331 fill_cmd(cmd, O_TAG, (i == TOK_TAG) ? 0: F_NOT, tag); in compile_rule()
4339 cmd = next_cmd(cmd, &cblen); in compile_rule()
4347 fill_comment(cmd, av, cblen); in compile_rule()
4348 cmd = next_cmd(cmd, &cblen); in compile_rule()
4382 if (cmd->len & F_NOT) \ in compile_rule()
4384 cmd->len |= F_NOT; \ in compile_rule()
4398 first_cmd = cmd; in compile_rule()
4411 add_mac(cmd, av); /* exits in case of errors */ in compile_rule()
4412 cmd = next_cmd(cmd); in compile_rule()
4416 if (add_mactype(cmd, av[0])) in compile_rule()
4417 cmd = next_cmd(cmd); in compile_rule()
4429 if (add_proto_compat(cmd, *av, &proto)) { in compile_rule()
4431 if (F_LEN(cmd) != 0) { in compile_rule()
4432 prev = cmd; in compile_rule()
4433 cmd = next_cmd(cmd, &cblen); in compile_rule()
4435 } else if (first_cmd != cmd) { in compile_rule()
4443 first_cmd = cmd; /* update pointer to use in compact form */ in compile_rule()
4458 if (add_src(cmd, *av, proto, cblen, tstate)) { in compile_rule()
4460 if (F_LEN(cmd) != 0) { /* ! any */ in compile_rule()
4461 prev = cmd; in compile_rule()
4462 cmd = next_cmd(cmd, &cblen); in compile_rule()
4474 add_ports(cmd, *av, proto, O_IP_SRCPORT, cblen)) { in compile_rule()
4476 if (F_LEN(cmd) != 0) in compile_rule()
4477 cmd = next_cmd(cmd, &cblen); in compile_rule()
4494 if (add_dst(cmd, *av, proto, cblen, tstate)) { in compile_rule()
4496 if (F_LEN(cmd) != 0) { /* ! any */ in compile_rule()
4497 prev = cmd; in compile_rule()
4498 cmd = next_cmd(cmd, &cblen); in compile_rule()
4510 add_ports(cmd, *av, proto, O_IP_DSTPORT, cblen)) { in compile_rule()
4512 if (F_LEN(cmd) != 0) in compile_rule()
4513 cmd = next_cmd(cmd, &cblen); in compile_rule()
4516 if (first_cmd == cmd) in compile_rule()
4526 cmd32 = (ipfw_insn_u32 *)cmd; in compile_rule()
4529 if (cmd->len & F_NOT) in compile_rule()
4531 cmd->len = F_NOT; in compile_rule()
4538 if (cmd->len & F_NOT) in compile_rule()
4540 cmd->len = F_NOT; in compile_rule()
4563 fill_cmd(cmd, O_IN, 0, 0); in compile_rule()
4567 cmd->len ^= F_NOT; /* toggle F_NOT */ in compile_rule()
4568 fill_cmd(cmd, O_IN, 0, 0); in compile_rule()
4572 fill_cmd(cmd, O_DIVERTED, 0, 3); in compile_rule()
4576 fill_cmd(cmd, O_DIVERTED, 0, 1); in compile_rule()
4580 fill_cmd(cmd, O_DIVERTED, 0, 2); in compile_rule()
4597 fill_cmd(cmd, O_FRAG, 0, in compile_rule()
4603 fill_cmd(cmd, O_LAYER2, 0, 0); in compile_rule()
4611 fill_iface((ipfw_insn_if *)cmd, av[0], cblen, tstate); in compile_rule()
4613 if (F_LEN(cmd) == 0) /* not a valid address */ in compile_rule()
4616 cmd->opcode = O_XMIT; in compile_rule()
4618 cmd->opcode = O_RECV; in compile_rule()
4620 cmd->opcode = O_VIA; in compile_rule()
4625 fill_icmptypes((ipfw_insn_u32 *)cmd, *av); in compile_rule()
4631 fill_icmp6types((ipfw_insn_icmp6 *)cmd, *av, cblen); in compile_rule()
4638 if (!add_ports(cmd, *av, 0, O_IPTTL, cblen)) in compile_rule()
4641 fill_cmd(cmd, O_IPTTL, 0, strtoul(*av, NULL, 0)); in compile_rule()
4648 if (!add_ports(cmd, *av, 0, O_IPID, cblen)) in compile_rule()
4651 fill_cmd(cmd, O_IPID, 0, strtoul(*av, NULL, 0)); in compile_rule()
4658 if (!add_ports(cmd, *av, 0, O_IPLEN, cblen)) in compile_rule()
4661 fill_cmd(cmd, O_IPLEN, 0, strtoul(*av, NULL, 0)); in compile_rule()
4667 fill_cmd(cmd, O_IPVER, 0, strtoul(*av, NULL, 0)); in compile_rule()
4673 fill_cmd(cmd, O_IPPRECEDENCE, 0, in compile_rule()
4680 fill_dscp(cmd, *av, cblen); in compile_rule()
4686 fill_flags_cmd(cmd, O_IPOPT, f_ipopts, *av); in compile_rule()
4692 fill_flags_cmd(cmd, O_IPTOS, f_iptos, *av); in compile_rule()
4703 cmd->opcode = O_UID; in compile_rule()
4709 cmd->len |= F_INSN_SIZE(ipfw_insn_u32); in compile_rule()
4721 cmd->opcode = O_GID; in compile_rule()
4727 cmd->len |= F_INSN_SIZE(ipfw_insn_u32); in compile_rule()
4739 cmd->opcode = O_JAIL; in compile_rule()
4758 cmd->len |= F_INSN_SIZE(ipfw_insn_u32); in compile_rule()
4767 fill_cmd(cmd, O_ESTAB, 0, 0); in compile_rule()
4771 fill_cmd(cmd, O_TCPFLAGS, 0, in compile_rule()
4778 if (!add_ports(cmd, *av, 0, O_TCPDATALEN, cblen)) in compile_rule()
4781 fill_cmd(cmd, O_TCPDATALEN, 0, in compile_rule()
4788 fill_flags_cmd(cmd, O_TCPOPTS, f_tcpopts, *av); in compile_rule()
4795 cmd->len = F_INSN_SIZE(ipfw_insn_u32); in compile_rule()
4796 cmd->opcode = (i == TOK_TCPSEQ) ? O_TCPSEQ : O_TCPACK; in compile_rule()
4805 if (add_ports(cmd, *av, 0, in compile_rule()
4811 fill_cmd(cmd, i == TOK_TCPWIN ? O_TCPWIN : in compile_rule()
4818 cmd->opcode = O_TCPFLAGS; in compile_rule()
4819 fill_flags_cmd(cmd, O_TCPFLAGS, f_tcpflags, *av); in compile_rule()
4843 have_state = cmd; in compile_rule()
4845 fill_cmd(cmd, O_KEEP_STATE, 0, uidx); in compile_rule()
4851 ipfw_insn_limit *c = (ipfw_insn_limit *)cmd; in compile_rule()
4860 have_state = cmd; in compile_rule()
4863 cmd->len = F_INSN_SIZE(ipfw_insn_limit); in compile_rule()
4865 cmd->opcode = O_LIMIT; in compile_rule()
4886 cmd->arg1 = pack_object(tstate, *av + 1, in compile_rule()
4890 cmd->arg1 = pack_object(tstate, in compile_rule()
4897 if (add_proto(cmd, *av, &proto)) { in compile_rule()
4906 if (add_srcip(cmd, *av, cblen, tstate)) { in compile_rule()
4913 if (add_dstip(cmd, *av, cblen, tstate)) { in compile_rule()
4920 if (add_srcip6(cmd, *av, cblen, tstate)) { in compile_rule()
4927 if (add_dstip6(cmd, *av, cblen, tstate)) { in compile_rule()
4935 add_ports(cmd, *av, proto, O_IP_SRCPORT, cblen)) { in compile_rule()
4944 add_ports(cmd, *av, proto, O_IP_DSTPORT, cblen)) { in compile_rule()
4952 if (add_mac(cmd, av, cblen)) in compile_rule()
4958 if (!add_mactype(cmd, *av, cblen)) in compile_rule()
4964 fill_cmd(cmd, O_VERREVPATH, 0, 0); in compile_rule()
4968 fill_cmd(cmd, O_VERSRCREACH, 0, 0); in compile_rule()
4972 fill_cmd(cmd, O_ANTISPOOF, 0, 0); in compile_rule()
4976 fill_cmd(cmd, O_IPSEC, 0, 0); in compile_rule()
4980 fill_cmd(cmd, O_IP6, 0, 0); in compile_rule()
4984 fill_cmd(cmd, O_IP4, 0, 0); in compile_rule()
4989 fill_ext6hdr( cmd, *av ); in compile_rule()
4997 fill_flow6( (ipfw_insn_u32 *) cmd, *av, cblen); in compile_rule()
5002 fill_comment(cmd, av, cblen); in compile_rule()
5008 if (!add_ports(cmd, *av, 0, O_TAGGED, cblen)) in compile_rule()
5017 fill_cmd(cmd, O_TAGGED, 0, tag); in compile_rule()
5024 fill_cmd(cmd, O_FIB, 0, strtoul(*av, NULL, 0)); in compile_rule()
5028 fill_cmd(cmd, O_SOCKARG, 0, 0); in compile_rule()
5032 ipfw_insn_u32 *c = (ipfw_insn_u32 *)cmd; in compile_rule()
5037 cmd->opcode = O_IP_DST_LOOKUP; in compile_rule()
5038 cmd->len |= F_INSN_SIZE(ipfw_insn) + 2; in compile_rule()
5052 cmd->arg1 = j; in compile_rule()
5061 fill_table(cmd, *av, O_IP_FLOW_LOOKUP, tstate); in compile_rule()
5069 have_skipcmd = cmd; in compile_rule()
5070 fill_cmd(cmd, O_SKIP_ACTION, 0, 0); in compile_rule()
5076 if (F_LEN(cmd) > 0) { /* prepare to advance */ in compile_rule()
5077 prev = cmd; in compile_rule()
5078 cmd = next_cmd(cmd, &cblen); in compile_rule()
5095 dst = (ipfw_insn *)rule->cmd; in compile_rule()
5119 for (src = (ipfw_insn *)cmdbuf; src != cmd; src += i) { in compile_rule()
5160 rule->act_ofs = dst - rule->cmd; in compile_rule()
5192 rule->cmd_len = (uint32_t *)dst - (uint32_t *)(rule->cmd); in compile_rule()