ipfw_insn
for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
fill_dscp(ipfw_insn *cmd, char *av, int cblen)
fill_mark(ipfw_insn *cmd, char *av, int cblen)
print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd,
const ipfw_insn *cmd)
is_printed_opcode(struct show_state *state, const ipfw_insn *cmd)
mark_printed(struct show_state *state, const ipfw_insn *cmd)
struct show_state *state, const ipfw_insn *cmd)
static ipfw_insn *
ipfw_insn *cmd;
print_fwd(struct buf_pr *bp, const ipfw_insn *cmd)
struct show_state *state, const ipfw_insn *cmd)
if (cmd->len == F_INSN_SIZE(ipfw_insn))
static ipfw_insn *
ipfw_insn *cmd;
ipfw_insn *cmd;
ipfw_insn *cmd;
ipfw_insn *cmd;
fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate)
cmd->o.len |= F_INSN_SIZE(ipfw_insn);
CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len);
fill_flags_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode,
static ipfw_insn *
next_cmd(ipfw_insn *cmd, int *len)
fill_comment(ipfw_insn *cmd, char **av, int cblen)
fill_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode, int flags, uint16_t arg)
static ipfw_insn *
add_mac(ipfw_insn *cmd, char *av[], int cblen)
static ipfw_insn *
add_mactype(ipfw_insn *cmd, char *av, int cblen)
static ipfw_insn *
add_proto0(ipfw_insn *cmd, char *av, u_char *protop)
static ipfw_insn *
add_proto(ipfw_insn *cmd, char *av, u_char *protop)
static ipfw_insn *
add_proto_compat(ipfw_insn *cmd, char *av, u_char *protop)
static ipfw_insn *
add_srcip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) /* me */
static ipfw_insn *
add_dstip(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) /* me */
static ipfw_insn *
add_srcmac(ipfw_insn *cmd, char *av, struct tidx *tstate)
static ipfw_insn *
add_dstmac(ipfw_insn *cmd, char *av, struct tidx *tstate)
static ipfw_insn *
add_ports(ipfw_insn *cmd, char *av, u_char proto, int opcode, int cblen)
static ipfw_insn *
add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
ipfw_insn *ret = NULL;
static ipfw_insn *
add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
ipfw_insn *ret = NULL;
ipfw_insn *src, *dst, *cmd, *action, *prev=NULL;
ipfw_insn *first_cmd; /* first match pattern */
ipfw_insn *have_state = NULL; /* any state-related option */
ipfw_insn *have_log = NULL, *have_altq = NULL, *have_tag = NULL;
ipfw_insn *have_skipcmd = NULL;
cmd = (ipfw_insn *)cmdbuf;
action = (ipfw_insn *)actbuf;
have_log = (ipfw_insn *)c;
have_altq = (ipfw_insn *)a;
dst = (ipfw_insn *)rule->cmd;
for (src = (ipfw_insn *)cmdbuf; src != cmd; src += i) {
for (src = (ipfw_insn *)actbuf; src != action; src += i) {
#define CHECK_CMDLEN CHECK_LENGTH(cblen, F_LEN((ipfw_insn *)cmd))
fill_ext6hdr( ipfw_insn *cmd, char *av)
cmd->len |= F_INSN_SIZE(ipfw_insn);
print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd )
cmd->o.len |= F_INSN_SIZE(ipfw_insn);
ipfw_insn *
add_srcip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
} else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) { /* "me" */
(F_INSN_SIZE(struct in6_addr) + F_INSN_SIZE(ipfw_insn))) {
ipfw_insn *
add_dstip6(ipfw_insn *cmd, char *av, int cblen, struct tidx *tstate)
} else if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn)) { /* "me" */
(F_INSN_SIZE(struct in6_addr) + F_INSN_SIZE(ipfw_insn))) {
len = F_LEN((const ipfw_insn *)cmd) - 1;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o; /* arg1 is optional lookup key */
ipfw_insn o; /* arg1 is flags and lookup key */
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn cmd;
ipfw_insn o;
ipfw_insn o;
ipfw_insn o;
ipfw_insn cmd[1]; /* storage for commands */
ipfw_insn cmd[1]; /* storage for commands */
((ipfw_insn *)( (uint32_t *)((rule)->cmd) + ((rule)->act_ofs) ))
static ipfw_insn *
next_cmd(ipfw_insn * cmd)
static ipfw_insn *
fill_cmd(ipfw_insn * cmd, enum ipfw_opcodes opcode, int size,
static ipfw_insn *
fill_ip(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int32_t addr)
static ipfw_insn *
fill_one_port(ipfw_insn * cmd1, enum ipfw_opcodes opcode, u_int16_t port)
ipfw_insn *cmd = (ipfw_insn *)rule->cmd;
cmd = fill_cmd(cmd, O_PROTO, F_INSN_SIZE(ipfw_insn), 0, proto);
cmd = fill_cmd(cmd, action, F_INSN_SIZE(ipfw_insn), 0, 0);
ipfw_insn *cmd;
(ext_hd & ((ipfw_insn *) cmd)->arg1);
flags_match(ipfw_insn *cmd, u_int8_t bits)
ipopts_match(struct ip *ip, ipfw_insn *cmd)
tcpopts_match(struct tcphdr *tcp, ipfw_insn *cmd)
ipfw_insn o;
adjust_size_v0(ipfw_insn *cmd)
if (cmdlen == F_INSN_SIZE(ipfw_insn))
ipfw_insn *src, *dst;
if (cmdlen == F_INSN_SIZE(ipfw_insn) + 2) {
if (cmdlen == F_INSN_SIZE(ipfw_insn)) {
ipfw_insn *cmd;
check_opcode_compat(ipfw_insn **pcmd, int *plen, struct rule_check_info *ci)
ipfw_insn *cmd;
if (cmdlen != F_INSN_SIZE(ipfw_insn))
if (cmdlen != F_INSN_SIZE(ipfw_insn) &&
if (cmdlen != F_INSN_SIZE(ipfw_insn) &&
if (cmdlen != F_INSN_SIZE(ipfw_insn))
cmdlen != F_INSN_SIZE(ipfw_insn)) {
cmdlen != F_INSN_SIZE(ipfw_insn)) {
const ipfw_insn *cmd, *old_cmd;
int pktlen, const ipfw_insn *cmd, struct ipfw_dyn_info *info)
ipfw_insn *cmd;
ipfw_insn *cmd;
rule = ipfw_alloc_rule(chain, sizeof(*rule) + sizeof(ipfw_insn) + l);
dyn_classify(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
dyn_update(ipfw_insn *cmd0, uint32_t idx)
ipfw_insn *cmd, int *done)
eaction_classify(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
eaction_update(ipfw_insn *cmd0, uint32_t idx)
ipfw_insn *cmd, *icmd;
ipfw_insn *cmd, int *done)
ipfw_insn *cmd = ACTION_PTR(f);
struct ip_fw_args *args, ipfw_insn *cmd, uint32_t tablearg,
ipfw_insn *cmd;
ipfw_insn *cmd;
ipfw_insn *cmd;
const void *ulp, int pktlen, const ipfw_insn *cmd,
ipfw_insn cmd[1]; /* storage for commands */
typedef int (ipfw_obj_rw_cl)(ipfw_insn *cmd, uint32_t *puidx, uint8_t *ptype);
typedef void (ipfw_obj_rw_upd)(ipfw_insn *cmd, uint32_t puidx);
ipfw_insn *ipfw_get_action(struct ip_fw *);
void update_opcode_kidx(ipfw_insn *cmd, uint32_t idx);
int classify_opcode_kidx(ipfw_insn *cmd, uint32_t *puidx);
ipfw_insn *cmd, int *done);
ipfw_insn *cmd, int *done);
ipfw_check_opcode(ipfw_insn **pcmd, int *plen, struct rule_check_info *ci)
ipfw_insn *cmd;
if (cmdlen != F_INSN_SIZE(ipfw_insn))
if (cmdlen != F_INSN_SIZE(ipfw_insn))
if (cmdlen != F_INSN_SIZE(ipfw_insn))
static struct opcode_obj_rewrite *find_op_rw(ipfw_insn *cmd,
if (cmdlen != F_INSN_SIZE(ipfw_insn))
static int ref_opcode_object(struct ip_fw_chain *ch, ipfw_insn *cmd,
if (cmdlen != F_INSN_SIZE(ipfw_insn))
if (cmdlen != F_INSN_SIZE(ipfw_insn))
static void unref_oib_objects(struct ip_fw_chain *ch, ipfw_insn *cmd,
if (cmdlen != F_INSN_SIZE(ipfw_insn))
F_INSN_SIZE(ipfw_insn))
check_ipfw_rule_body(ipfw_insn *cmd, int cmd_len, struct rule_check_info *ci)
ipfw_insn *cmd;
create_objects_compat(struct ip_fw_chain *ch, ipfw_insn *cmd,
unref_oib_objects(struct ip_fw_chain *ch, ipfw_insn *cmd, struct obj_idx *oib,
ipfw_insn *cmd;
ref_opcode_object(struct ip_fw_chain *ch, ipfw_insn *cmd, struct tid_info *ti,
ipfw_insn *cmd;
ipfw_insn *cmd;
find_op_rw(ipfw_insn *cmd, uint32_t *puidx, uint8_t *ptype)
classify_opcode_kidx(ipfw_insn *cmd, uint32_t *puidx)
update_opcode_kidx(ipfw_insn *cmd, uint32_t idx)
check_opcode_compat_nop(ipfw_insn **pcmd, int *plen,
ipfw_insn *cmd;
static int check_ipfw_rule_body(ipfw_insn *cmd, int cmd_len,
ipfw_insn *
ipfw_insn *cmd;
classify_srcdst(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
classify_via(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
classify_flow(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
classify_mac_lookup(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
update_kidx(ipfw_insn *cmd0, uint32_t idx)
update_via(ipfw_insn *cmd0, uint32_t idx)
ipfw_insn *cmd;
mod ## _classify(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype) \
ipfw_insn *icmd; \
mod ## _update_kidx(ipfw_insn *cmd0, uint32_t idx) \
ipfw_insn *cmd, int *done)
ipfw_insn *icmd;
ipfw_insn *cmd, int *done);
ipfw_insn *cmd, int *done)
ipfw_insn *icmd;
ipfw_insn *cmd, int *done);
ipfw_insn *cmd, int *done)
ipfw_insn *icmd;
ipfw_insn *cmd, int *done);
ipfw_insn *cmd, int *done)
ipfw_insn *icmd;
nptv6_classify(ipfw_insn *cmd0, uint32_t *puidx, uint8_t *ptype)
ipfw_insn *icmd;
nptv6_update_kidx(ipfw_insn *cmd0, uint32_t idx)
ipfw_insn *cmd, int *done)
ipfw_insn *icmd;
icmd->len != F_INSN_SIZE(ipfw_insn))