2 * Copyright (c) 2014 Yandex LLC
3 * Copyright (c) 2014 Alexander V. Chernikov
5 * Redistribution and use in source forms, with and without modification,
6 * are permitted provided that this entire comment appears intact.
8 * Redistribution in binary form may occur without any restrictions.
9 * Obviously, it would be nice if you gave credit where credit is due
10 * but requiring it would be too onerous.
12 * This software is provided ``AS IS'' without any warranties of any kind.
14 * in-kernel ipfw tables support.
20 #include <sys/types.h>
21 #include <sys/param.h>
22 #include <sys/socket.h>
23 #include <sys/sysctl.h>
35 #include <netinet/in.h>
36 #include <netinet/ip_fw.h>
37 #include <arpa/inet.h>
42 static void table_modify_record(ipfw_obj_header *oh, int ac, char *av[],
43 int add, int quiet, int update, int atomic);
44 static int table_flush(ipfw_obj_header *oh);
45 static int table_destroy(ipfw_obj_header *oh);
46 static int table_do_create(ipfw_obj_header *oh, ipfw_xtable_info *i);
47 static int table_do_modify(ipfw_obj_header *oh, ipfw_xtable_info *i);
48 static int table_do_swap(ipfw_obj_header *oh, char *second);
49 static void table_create(ipfw_obj_header *oh, int ac, char *av[]);
50 static void table_modify(ipfw_obj_header *oh, int ac, char *av[]);
51 static void table_lookup(ipfw_obj_header *oh, int ac, char *av[]);
52 static void table_lock(ipfw_obj_header *oh, int lock);
53 static int table_swap(ipfw_obj_header *oh, char *second);
54 static int table_get_info(ipfw_obj_header *oh, ipfw_xtable_info *i);
55 static int table_show_info(ipfw_xtable_info *i, void *arg);
57 static int table_destroy_one(ipfw_xtable_info *i, void *arg);
58 static int table_flush_one(ipfw_xtable_info *i, void *arg);
59 static int table_show_one(ipfw_xtable_info *i, void *arg);
60 static int table_do_get_list(ipfw_xtable_info *i, ipfw_obj_header **poh);
61 static void table_show_list(ipfw_obj_header *oh, int need_header);
62 static void table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent);
64 static void tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
65 char *key, int add, uint8_t *ptype, uint32_t *pvmask, ipfw_xtable_info *xi);
66 static void tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
67 char *arg, uint8_t type, uint32_t vmask);
68 static void table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
69 uint32_t vmask, int print_ip);
71 typedef int (table_cb_t)(ipfw_xtable_info *i, void *arg);
72 static int tables_foreach(table_cb_t *f, void *arg, int sort);
75 #define s6_addr32 __u6_addr.__u6_addr32
78 static struct _s_x tabletypes[] = {
79 { "addr", IPFW_TABLE_ADDR },
80 { "iface", IPFW_TABLE_INTERFACE },
81 { "number", IPFW_TABLE_NUMBER },
82 { "flow", IPFW_TABLE_FLOW },
86 static struct _s_x tablevaltypes[] = {
87 { "skipto", IPFW_VTYPE_SKIPTO },
88 { "pipe", IPFW_VTYPE_PIPE },
89 { "fib", IPFW_VTYPE_FIB },
90 { "nat", IPFW_VTYPE_NAT },
91 { "dscp", IPFW_VTYPE_DSCP },
92 { "tag", IPFW_VTYPE_TAG },
93 { "divert", IPFW_VTYPE_DIVERT },
94 { "netgraph", IPFW_VTYPE_NETGRAPH },
95 { "limit", IPFW_VTYPE_LIMIT },
96 { "ipv4", IPFW_VTYPE_NH4 },
97 { "ipv6", IPFW_VTYPE_NH6 },
101 static struct _s_x tablecmds[] = {
103 { "delete", TOK_DEL },
104 { "create", TOK_CREATE },
105 { "destroy", TOK_DESTROY },
106 { "flush", TOK_FLUSH },
107 { "modify", TOK_MODIFY },
108 { "swap", TOK_SWAP },
109 { "info", TOK_INFO },
110 { "detail", TOK_DETAIL },
111 { "list", TOK_LIST },
112 { "lookup", TOK_LOOKUP },
113 { "atomic", TOK_ATOMIC },
114 { "lock", TOK_LOCK },
115 { "unlock", TOK_UNLOCK },
120 lookup_host (char *host, struct in_addr *ipaddr)
124 if (!inet_aton(host, ipaddr)) {
125 if ((he = gethostbyname(host)) == NULL)
127 *ipaddr = *(struct in_addr *)he->h_addr_list[0];
133 * This one handles all table-related commands
134 * ipfw table NAME create ...
135 * ipfw table NAME modify ...
136 * ipfw table {NAME | all} destroy
137 * ipfw table NAME swap NAME
138 * ipfw table NAME lock
139 * ipfw table NAME unlock
140 * ipfw table NAME add addr[/masklen] [value]
141 * ipfw table NAME add [addr[/masklen] value] [addr[/masklen] value] ..
142 * ipfw table NAME delete addr[/masklen] [addr[/masklen]] ..
143 * ipfw table NAME lookup addr
144 * ipfw table {NAME | all} flush
145 * ipfw table {NAME | all} list
146 * ipfw table {NAME | all} info
147 * ipfw table {NAME | all} detail
150 ipfw_table_handler(int ac, char *av[])
153 int atomic, error, tcmd;
160 memset(&oh, 0, sizeof(oh));
162 if (g_co.use_set != 0)
163 set = g_co.use_set - 1;
168 NEED1("table needs name");
171 if (table_check_name(tablename) == 0) {
172 table_fill_ntlv(&oh.ntlv, *av, set, 1);
175 if (strcmp(tablename, "all") == 0)
178 errx(EX_USAGE, "table name %s is invalid", tablename);
181 NEED1("table needs command");
183 tcmd = get_token(tablecmds, *av, "table command");
184 /* Check if atomic operation was requested */
186 if (tcmd == TOK_ATOMIC) {
188 NEED1("atomic needs command");
189 tcmd = get_token(tablecmds, *av, "table command");
194 errx(EX_USAGE, "atomic is not compatible with %s", *av);
208 errx(EX_USAGE, "table name required");
214 do_add = **av == 'a';
216 table_modify_record(&oh, ac, av, do_add, g_co.do_quiet,
217 g_co.do_quiet, atomic);
221 table_create(&oh, ac, av);
225 table_modify(&oh, ac, av);
229 if (table_destroy(&oh) == 0)
232 err(EX_OSERR, "failed to destroy table %s",
234 /* ESRCH isn't fatal, warn if not quiet mode */
235 if (g_co.do_quiet == 0)
236 warn("failed to destroy table %s", tablename);
238 error = tables_foreach(table_destroy_one, &oh, 1);
241 "failed to destroy tables list");
246 if ((error = table_flush(&oh)) == 0)
249 err(EX_OSERR, "failed to flush table %s info",
251 /* ESRCH isn't fatal, warn if not quiet mode */
252 if (g_co.do_quiet == 0)
253 warn("failed to flush table %s info",
256 error = tables_foreach(table_flush_one, &oh, 1);
258 err(EX_OSERR, "failed to flush tables list");
259 /* XXX: we ignore errors here */
264 NEED1("second table name required");
265 table_swap(&oh, *av);
269 table_lock(&oh, (tcmd == TOK_LOCK));
273 arg = (tcmd == TOK_DETAIL) ? (void *)1 : NULL;
275 if ((error = table_get_info(&oh, &i)) != 0)
276 err(EX_OSERR, "failed to request table info");
277 table_show_info(&i, arg);
279 error = tables_foreach(table_show_info, arg, 1);
281 err(EX_OSERR, "failed to request tables list");
285 arg = is_all ? (void*)1 : NULL;
287 if ((error = table_get_info(&oh, &i)) != 0)
288 err(EX_OSERR, "failed to request table info");
289 table_show_one(&i, arg);
291 error = tables_foreach(table_show_one, arg, 1);
293 err(EX_OSERR, "failed to request tables list");
298 table_lookup(&oh, ac, av);
304 table_fill_ntlv(ipfw_obj_ntlv *ntlv, const char *name, uint8_t set,
308 ntlv->head.type = IPFW_TLV_TBL_NAME;
309 ntlv->head.length = sizeof(ipfw_obj_ntlv);
312 strlcpy(ntlv->name, name, sizeof(ntlv->name));
316 table_fill_objheader(ipfw_obj_header *oh, ipfw_xtable_info *i)
320 table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1);
323 static struct _s_x tablenewcmds[] = {
324 { "type", TOK_TYPE },
325 { "valtype", TOK_VALTYPE },
326 { "algo", TOK_ALGO },
327 { "limit", TOK_LIMIT },
328 { "locked", TOK_LOCK },
329 { "missing", TOK_MISSING },
330 { "or-flush", TOK_ORFLUSH },
334 static struct _s_x flowtypecmds[] = {
335 { "src-ip", IPFW_TFFLAG_SRCIP },
336 { "proto", IPFW_TFFLAG_PROTO },
337 { "src-port", IPFW_TFFLAG_SRCPORT },
338 { "dst-ip", IPFW_TFFLAG_DSTIP },
339 { "dst-port", IPFW_TFFLAG_DSTPORT },
344 table_parse_type(uint8_t ttype, char *p, uint8_t *tflags)
346 uint32_t fset, fclear;
349 /* Parse type options */
351 case IPFW_TABLE_FLOW:
353 if (fill_flags(flowtypecmds, p, &e, &fset, &fclear) != 0)
355 "unable to parse flow option %s", e);
366 table_print_type(char *tbuf, size_t size, uint8_t type, uint8_t tflags)
371 if ((tname = match_value(tabletypes, type)) == NULL)
374 l = snprintf(tbuf, size, "%s", tname);
379 case IPFW_TABLE_FLOW:
383 print_flags_buffer(tbuf, size, flowtypecmds, tflags);
392 * ipfw table NAME create [ type { addr | iface | number | flow } ]
393 * [ algo algoname ] [missing] [or-flush]
396 table_create(ipfw_obj_header *oh, int ac, char *av[])
398 ipfw_xtable_info xi, xie;
399 int error, missing, orflush, tcmd, val;
400 uint32_t fset, fclear;
404 missing = orflush = 0;
405 memset(&xi, 0, sizeof(xi));
407 tcmd = get_token(tablenewcmds, *av, "option");
412 NEED1("limit value required");
413 xi.limit = strtol(*av, NULL, 10);
417 NEED1("table type required");
418 /* Type may have suboptions after ':' */
419 if ((p = strchr(*av, ':')) != NULL)
421 val = match_token(tabletypes, *av);
423 concat_tokens(tbuf, sizeof(tbuf), tabletypes,
426 "Unknown tabletype: %s. Supported: %s",
431 error = table_parse_type(val, p, &xi.tflags);
434 "Unsupported suboptions: %s", p);
439 NEED1("table value type required");
441 val = fill_flags(tablevaltypes, *av, &e, &fset, &fclear);
447 concat_tokens(tbuf, sizeof(tbuf), tablevaltypes, ", ");
448 errx(EX_USAGE, "Unknown value type: %s. Supported: %s",
452 NEED1("table algorithm name required");
453 if (strlen(*av) > sizeof(xi.algoname))
454 errx(EX_USAGE, "algorithm name too long");
455 strlcpy(xi.algoname, *av, sizeof(xi.algoname));
459 xi.flags |= IPFW_TGFLAGS_LOCKED;
470 /* Set some defaults to preserve compatibility. */
471 if (xi.algoname[0] == '\0' && xi.type == 0)
472 xi.type = IPFW_TABLE_ADDR;
474 xi.vmask = IPFW_VTYPE_LEGACY;
476 error = table_do_create(oh, &xi);
481 if (errno != EEXIST || missing == 0)
482 err(EX_OSERR, "Table creation failed");
484 /* Check that existing table is the same we are trying to create */
485 if (table_get_info(oh, &xie) != 0)
486 err(EX_OSERR, "Existing table check failed");
488 if (xi.limit != xie.limit || xi.type != xie.type ||
489 xi.tflags != xie.tflags || xi.vmask != xie.vmask || (
490 xi.algoname[0] != '\0' && strcmp(xi.algoname,
491 xie.algoname) != 0) || xi.flags != xie.flags)
492 errx(EX_DATAERR, "The existing table is not compatible "
493 "with one you are creating.");
495 /* Flush existing table if instructed to do so */
496 if (orflush != 0 && table_flush(oh) != 0)
497 err(EX_OSERR, "Table flush on creation failed");
503 * Request: [ ipfw_obj_header ipfw_xtable_info ]
505 * Returns 0 on success.
508 table_do_create(ipfw_obj_header *oh, ipfw_xtable_info *i)
510 char tbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_xtable_info)];
513 memcpy(tbuf, oh, sizeof(*oh));
514 memcpy(tbuf + sizeof(*oh), i, sizeof(*i));
515 oh = (ipfw_obj_header *)tbuf;
517 error = do_set3(IP_FW_TABLE_XCREATE, &oh->opheader, sizeof(tbuf));
523 * Modifies existing table
525 * ipfw table NAME modify [ limit number ]
528 table_modify(ipfw_obj_header *oh, int ac, char *av[])
533 memset(&xi, 0, sizeof(xi));
536 tcmd = get_token(tablenewcmds, *av, "option");
541 NEED1("limit value required");
542 xi.limit = strtol(*av, NULL, 10);
543 xi.mflags |= IPFW_TMFLAGS_LIMIT;
547 errx(EX_USAGE, "cmd is not supported for modification");
551 if (table_do_modify(oh, &xi) != 0)
552 err(EX_OSERR, "Table modification failed");
556 * Modifies existing table.
558 * Request: [ ipfw_obj_header ipfw_xtable_info ]
560 * Returns 0 on success.
563 table_do_modify(ipfw_obj_header *oh, ipfw_xtable_info *i)
565 char tbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_xtable_info)];
568 memcpy(tbuf, oh, sizeof(*oh));
569 memcpy(tbuf + sizeof(*oh), i, sizeof(*i));
570 oh = (ipfw_obj_header *)tbuf;
572 error = do_set3(IP_FW_TABLE_XMODIFY, &oh->opheader, sizeof(tbuf));
578 * Locks or unlocks given table
581 table_lock(ipfw_obj_header *oh, int lock)
585 memset(&xi, 0, sizeof(xi));
587 xi.mflags |= IPFW_TMFLAGS_LOCK;
588 xi.flags |= (lock != 0) ? IPFW_TGFLAGS_LOCKED : 0;
590 if (table_do_modify(oh, &xi) != 0)
591 err(EX_OSERR, "Table %s failed", lock != 0 ? "lock" : "unlock");
595 * Destroys given table specified by @oh->ntlv.
596 * Returns 0 on success.
599 table_destroy(ipfw_obj_header *oh)
602 if (do_set3(IP_FW_TABLE_XDESTROY, &oh->opheader, sizeof(*oh)) != 0)
609 table_destroy_one(ipfw_xtable_info *i, void *arg)
613 oh = (ipfw_obj_header *)arg;
614 table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1);
615 if (table_destroy(oh) != 0) {
616 if (g_co.do_quiet == 0)
617 warn("failed to destroy table(%s) in set %u",
618 i->tablename, i->set);
625 * Flushes given table specified by @oh->ntlv.
626 * Returns 0 on success.
629 table_flush(ipfw_obj_header *oh)
632 if (do_set3(IP_FW_TABLE_XFLUSH, &oh->opheader, sizeof(*oh)) != 0)
639 table_do_swap(ipfw_obj_header *oh, char *second)
641 char tbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_obj_ntlv)];
644 memset(tbuf, 0, sizeof(tbuf));
645 memcpy(tbuf, oh, sizeof(*oh));
646 oh = (ipfw_obj_header *)tbuf;
647 table_fill_ntlv((ipfw_obj_ntlv *)(oh + 1), second, oh->ntlv.set, 1);
649 error = do_set3(IP_FW_TABLE_XSWAP, &oh->opheader, sizeof(tbuf));
655 * Swaps given table with @second one.
658 table_swap(ipfw_obj_header *oh, char *second)
661 if (table_check_name(second) != 0)
662 errx(EX_USAGE, "table name %s is invalid", second);
664 if (table_do_swap(oh, second) == 0)
669 errx(EX_USAGE, "Unable to swap table: check types");
671 errx(EX_USAGE, "Unable to swap table: check limits");
679 * Retrieves table in given table specified by @oh->ntlv.
681 * Returns 0 on success.
684 table_get_info(ipfw_obj_header *oh, ipfw_xtable_info *i)
686 char tbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_xtable_info)];
690 memset(tbuf, 0, sizeof(tbuf));
691 memcpy(tbuf, oh, sizeof(*oh));
692 oh = (ipfw_obj_header *)tbuf;
694 if (do_get3(IP_FW_TABLE_XINFO, &oh->opheader, &sz) != 0)
697 if (sz < sizeof(tbuf))
700 *i = *(ipfw_xtable_info *)(oh + 1);
705 static struct _s_x tablealgoclass[] = {
706 { "hash", IPFW_TACLASS_HASH },
707 { "array", IPFW_TACLASS_ARRAY },
708 { "radix", IPFW_TACLASS_RADIX },
722 * Print global/per-AF table @i algorithm info.
725 table_show_tainfo(ipfw_xtable_info *i __unused, struct ta_cldata *d,
726 const char *af, const char *taclass)
729 switch (d->taclass) {
730 case IPFW_TACLASS_HASH:
731 case IPFW_TACLASS_ARRAY:
732 printf(" %salgorithm %s info\n", af, taclass);
733 if (d->itemsize == d->itemsize6)
734 printf(" size: %u items: %u itemsize: %u\n",
735 d->size, d->count, d->itemsize);
737 printf(" size: %u items: %u "
738 "itemsize4: %u itemsize6: %u\n",
740 d->itemsize, d->itemsize6);
742 case IPFW_TACLASS_RADIX:
743 printf(" %salgorithm %s info\n", af, taclass);
744 if (d->itemsize == d->itemsize6)
745 printf(" items: %u itemsize: %u\n",
746 d->count, d->itemsize);
749 "itemsize4: %u itemsize6: %u\n",
750 d->count, d->itemsize, d->itemsize6);
753 printf(" algo class: %s\n", taclass);
758 table_print_valheader(char *buf, size_t bufsize, uint32_t vmask)
761 if (vmask == IPFW_VTYPE_LEGACY) {
762 snprintf(buf, bufsize, "legacy");
766 memset(buf, 0, bufsize);
767 print_flags_buffer(buf, bufsize, tablevaltypes, vmask);
771 * Prints table info struct @i in human-readable form.
774 table_show_info(ipfw_xtable_info *i, void *arg)
777 ipfw_ta_tinfo *tainfo;
780 char ttype[64], tvtype[64];
782 table_print_type(ttype, sizeof(ttype), i->type, i->tflags);
783 table_print_valheader(tvtype, sizeof(tvtype), i->vmask);
785 printf("--- table(%s), set(%u) ---\n", i->tablename, i->set);
786 if ((i->flags & IPFW_TGFLAGS_LOCKED) != 0)
787 printf(" kindex: %d, type: %s, locked\n", i->kidx, ttype);
789 printf(" kindex: %d, type: %s\n", i->kidx, ttype);
790 printf(" references: %u, valtype: %s\n", i->refcnt, tvtype);
791 printf(" algorithm: %s\n", i->algoname);
792 printf(" items: %u, size: %u\n", i->count, i->size);
794 printf(" limit: %u\n", i->limit);
796 /* Print algo-specific info if requested & set */
800 if ((i->ta_info.flags & IPFW_TATFLAGS_DATA) == 0)
802 tainfo = &i->ta_info;
806 if (tainfo->flags & IPFW_TATFLAGS_AFDATA)
808 if (tainfo->flags & IPFW_TATFLAGS_AFITEM)
811 memset(&d, 0, sizeof(d));
812 d.taclass = tainfo->taclass4;
813 d.size = tainfo->size4;
814 d.count = tainfo->count4;
815 d.itemsize = tainfo->itemsize4;
816 if (afdata == 0 && afitem != 0)
817 d.itemsize6 = tainfo->itemsize6;
819 d.itemsize6 = d.itemsize;
820 if ((vtype = match_value(tablealgoclass, d.taclass)) == NULL)
824 table_show_tainfo(i, &d, "", vtype);
826 table_show_tainfo(i, &d, "IPv4 ", vtype);
827 memset(&d, 0, sizeof(d));
828 d.taclass = tainfo->taclass6;
829 if ((vtype = match_value(tablealgoclass, d.taclass)) == NULL)
831 d.size = tainfo->size6;
832 d.count = tainfo->count6;
833 d.itemsize = tainfo->itemsize6;
834 d.itemsize6 = d.itemsize;
835 table_show_tainfo(i, &d, "IPv6 ", vtype);
843 * Function wrappers which can be used either
844 * as is or as foreach function parameter.
848 table_show_one(ipfw_xtable_info *i, void *arg)
850 ipfw_obj_header *oh = NULL;
854 is_all = arg == NULL ? 0 : 1;
856 if ((error = table_do_get_list(i, &oh)) != 0) {
857 err(EX_OSERR, "Error requesting table %s list", i->tablename);
861 table_show_list(oh, is_all);
868 table_flush_one(ipfw_xtable_info *i, void *arg)
872 oh = (ipfw_obj_header *)arg;
874 table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1);
876 return (table_flush(oh));
880 table_do_modify_record(int cmd, ipfw_obj_header *oh,
881 ipfw_obj_tentry *tent, int count, int atomic)
884 ipfw_obj_tentry *tent_base;
886 char xbuf[sizeof(*oh) + sizeof(ipfw_obj_ctlv) + sizeof(*tent)];
890 sz = sizeof(*ctlv) + sizeof(*tent) * count;
892 memset(xbuf, 0, sizeof(xbuf));
895 if ((pbuf = calloc(1, sizeof(*oh) + sz)) == NULL)
899 memcpy(pbuf, oh, sizeof(*oh));
900 oh = (ipfw_obj_header *)pbuf;
901 oh->opheader.version = 1;
903 ctlv = (ipfw_obj_ctlv *)(oh + 1);
905 ctlv->head.length = sz;
907 ctlv->flags |= IPFW_CTF_ATOMIC;
910 memcpy(ctlv + 1, tent, sizeof(*tent) * count);
911 tent = (ipfw_obj_tentry *)(ctlv + 1);
912 for (i = 0; i < count; i++, tent++) {
913 tent->head.length = sizeof(ipfw_obj_tentry);
918 error = do_get3(cmd, &oh->opheader, &sz);
921 tent = (ipfw_obj_tentry *)(ctlv + 1);
922 /* Copy result back to provided buffer */
923 memcpy(tent_base, ctlv + 1, sizeof(*tent) * count);
932 table_modify_record(ipfw_obj_header *oh, int ac, char *av[], int add,
933 int quiet, int update, int atomic)
935 ipfw_obj_tentry *ptent, tent, *tent_buf;
937 const char *etxt, *px, *texterr;
940 int cmd, count, error, i, ignored;
943 errx(EX_USAGE, "address required");
946 cmd = IP_FW_TABLE_XADD;
947 texterr = "Adding record failed";
949 cmd = IP_FW_TABLE_XDEL;
950 texterr = "Deleting record failed";
954 * Calculate number of entries:
955 * Assume [key val] x N for add
959 count = (add != 0) ? ac / 2 + 1 : ac;
962 /* Adding single entry with/without value */
963 memset(&tent, 0, sizeof(tent));
967 if ((tent_buf = calloc(count, sizeof(tent))) == NULL)
969 "Unable to allocate memory for all entries");
973 memset(&xi, 0, sizeof(xi));
976 tentry_fill_key(oh, ptent, *av, add, &type, &vmask, &xi);
979 * Compatibility layer: auto-create table if not exists.
981 if (xi.tablename[0] == '\0') {
984 strlcpy(xi.tablename, oh->ntlv.name,
985 sizeof(xi.tablename));
987 warnx("DEPRECATED: inserting data into "
988 "non-existent table %s. (auto-created)",
990 table_do_create(oh, &xi);
993 oh->ntlv.type = type;
996 if (add != 0 && ac > 0) {
997 tentry_fill_value(oh, ptent, *av, type, vmask);
1002 ptent->head.flags |= IPFW_TF_UPDATE;
1008 error = table_do_modify_record(cmd, oh, tent_buf, count, atomic);
1011 * Compatibility stuff: do not yell on duplicate keys or
1014 if (error == 0 || (error == EEXIST && add != 0) ||
1015 (error == ENOENT && add == 0)) {
1017 if (tent_buf != &tent)
1023 /* Report results back */
1025 for (i = 0; i < count; ptent++, i++) {
1027 switch (ptent->result) {
1031 case IPFW_TR_DELETED:
1034 case IPFW_TR_UPDATED:
1045 case IPFW_TR_NOTFOUND:
1049 case IPFW_TR_EXISTS:
1053 case IPFW_TR_IGNORED:
1062 if (error != 0 && atomic != 0 && ignored == 0)
1063 printf("%s(reverted): ", px);
1067 table_show_entry(&xi, ptent);
1070 if (tent_buf != &tent)
1075 /* Get real OS error */
1078 /* Try to provide more human-readable error */
1081 etxt = "record already exists";
1087 etxt = "table not found";
1090 etxt = "record not found";
1093 etxt = "table is locked";
1096 etxt = strerror(error);
1099 errx(EX_OSERR, "%s: %s", texterr, etxt);
1103 table_do_lookup(ipfw_obj_header *oh, char *key, ipfw_xtable_info *xi,
1104 ipfw_obj_tentry *xtent)
1106 char xbuf[sizeof(ipfw_obj_header) + sizeof(ipfw_obj_tentry)];
1107 ipfw_obj_tentry *tent;
1112 memcpy(xbuf, oh, sizeof(*oh));
1113 oh = (ipfw_obj_header *)xbuf;
1114 tent = (ipfw_obj_tentry *)(oh + 1);
1116 memset(tent, 0, sizeof(*tent));
1117 tent->head.length = sizeof(*tent);
1120 tentry_fill_key(oh, tent, key, 0, &type, &vmask, xi);
1121 oh->ntlv.type = type;
1124 if (do_get3(IP_FW_TABLE_XFIND, &oh->opheader, &sz) != 0)
1127 if (sz < sizeof(xbuf))
1136 table_lookup(ipfw_obj_header *oh, int ac, char *av[])
1138 ipfw_obj_tentry xtent;
1139 ipfw_xtable_info xi;
1144 errx(EX_USAGE, "address required");
1146 strlcpy(key, *av, sizeof(key));
1148 memset(&xi, 0, sizeof(xi));
1149 error = table_do_lookup(oh, key, &xi, &xtent);
1155 errx(EX_UNAVAILABLE, "Table %s not found", oh->ntlv.name);
1157 errx(EX_UNAVAILABLE, "Entry %s not found", *av);
1159 errx(EX_UNAVAILABLE, "Table %s algo does not support "
1160 "\"lookup\" method", oh->ntlv.name);
1162 err(EX_OSERR, "getsockopt(IP_FW_TABLE_XFIND)");
1165 table_show_entry(&xi, &xtent);
1169 tentry_fill_key_type(char *arg, ipfw_obj_tentry *tentry, uint8_t type,
1174 struct in6_addr *paddr, tmp;
1175 struct tflow_entry *tfe;
1176 uint32_t key, *pkey;
1178 struct protoent *pent;
1179 struct servent *sent;
1184 paddr = (struct in6_addr *)&tentry->k;
1187 case IPFW_TABLE_ADDR:
1188 /* Remove / if exists */
1189 if ((p = strchr(arg, '/')) != NULL) {
1194 if (inet_pton(AF_INET, arg, paddr) == 1) {
1195 if (p != NULL && mask > 32)
1196 errx(EX_DATAERR, "bad IPv4 mask width: %s",
1199 masklen = p ? mask : 32;
1201 } else if (inet_pton(AF_INET6, arg, paddr) == 1) {
1202 if (IN6_IS_ADDR_V4COMPAT(paddr))
1204 "Use IPv4 instead of v4-compatible");
1205 if (p != NULL && mask > 128)
1206 errx(EX_DATAERR, "bad IPv6 mask width: %s",
1209 masklen = p ? mask : 128;
1213 if (lookup_host(arg, (struct in_addr *)paddr) != 0)
1214 errx(EX_NOHOST, "hostname ``%s'' unknown", arg);
1217 type = IPFW_TABLE_ADDR;
1221 case IPFW_TABLE_INTERFACE:
1222 /* Assume interface name. Copy significant data only */
1223 mask = MIN(strlen(arg), IF_NAMESIZE - 1);
1224 memcpy(paddr, arg, mask);
1225 /* Set mask to exact match */
1226 masklen = 8 * IF_NAMESIZE;
1228 case IPFW_TABLE_NUMBER:
1229 /* Port or any other key */
1230 key = strtol(arg, &p, 10);
1232 errx(EX_DATAERR, "Invalid number: %s", arg);
1234 pkey = (uint32_t *)paddr;
1238 case IPFW_TABLE_FLOW:
1239 /* Assume [src-ip][,proto][,src-port][,dst-ip][,dst-port] */
1240 tfe = &tentry->k.flow;
1243 /* Handle <ipv4|ipv6> */
1244 if ((tflags & IPFW_TFFLAG_SRCIP) != 0) {
1245 if ((p = strchr(arg, ',')) != NULL)
1247 /* Determine family using temporary storage */
1248 if (inet_pton(AF_INET, arg, &tmp) == 1) {
1249 if (af != 0 && af != AF_INET)
1251 "Inconsistent address family\n");
1253 memcpy(&tfe->a.a4.sip, &tmp, 4);
1254 } else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
1255 if (af != 0 && af != AF_INET6)
1257 "Inconsistent address family\n");
1259 memcpy(&tfe->a.a6.sip6, &tmp, 16);
1265 /* Handle <proto-num|proto-name> */
1266 if ((tflags & IPFW_TFFLAG_PROTO) != 0) {
1268 errx(EX_DATAERR, "invalid key: proto missing");
1269 if ((p = strchr(arg, ',')) != NULL)
1272 key = strtol(arg, &pp, 10);
1274 if ((pent = getprotobyname(arg)) == NULL)
1275 errx(EX_DATAERR, "Unknown proto: %s",
1278 key = pent->p_proto;
1282 errx(EX_DATAERR, "Bad protocol number: %u",key);
1289 /* Handle <port-num|service-name> */
1290 if ((tflags & IPFW_TFFLAG_SRCPORT) != 0) {
1292 errx(EX_DATAERR, "invalid key: src port missing");
1293 if ((p = strchr(arg, ',')) != NULL)
1296 port = htons(strtol(arg, &pp, 10));
1298 if ((sent = getservbyname(arg, NULL)) == NULL)
1299 errx(EX_DATAERR, "Unknown service: %s",
1301 port = sent->s_port;
1307 /* Handle <ipv4|ipv6>*/
1308 if ((tflags & IPFW_TFFLAG_DSTIP) != 0) {
1310 errx(EX_DATAERR, "invalid key: dst ip missing");
1311 if ((p = strchr(arg, ',')) != NULL)
1313 /* Determine family using temporary storage */
1314 if (inet_pton(AF_INET, arg, &tmp) == 1) {
1315 if (af != 0 && af != AF_INET)
1317 "Inconsistent address family");
1319 memcpy(&tfe->a.a4.dip, &tmp, 4);
1320 } else if (inet_pton(AF_INET6, arg, &tmp) == 1) {
1321 if (af != 0 && af != AF_INET6)
1323 "Inconsistent address family");
1325 memcpy(&tfe->a.a6.dip6, &tmp, 16);
1331 /* Handle <port-num|service-name> */
1332 if ((tflags & IPFW_TFFLAG_DSTPORT) != 0) {
1334 errx(EX_DATAERR, "invalid key: dst port missing");
1335 if ((p = strchr(arg, ',')) != NULL)
1338 port = htons(strtol(arg, &pp, 10));
1340 if ((sent = getservbyname(arg, NULL)) == NULL)
1341 errx(EX_DATAERR, "Unknown service: %s",
1343 port = sent->s_port;
1354 errx(EX_DATAERR, "Unsupported table type: %d", type);
1357 tentry->subtype = af;
1358 tentry->masklen = masklen;
1362 * Tries to guess table key type.
1363 * This procedure is used in legacy table auto-create
1364 * code AND in `ipfw -n` ruleset checking.
1366 * Imported from old table_fill_xentry() parse code.
1369 guess_key_type(char *key, uint8_t *ptype)
1372 struct in6_addr addr;
1375 if (ishexnumber(*key) != 0 || *key == ':') {
1376 /* Remove / if exists */
1377 if ((p = strchr(key, '/')) != NULL)
1380 if ((inet_pton(AF_INET, key, &addr) == 1) ||
1381 (inet_pton(AF_INET6, key, &addr) == 1)) {
1382 *ptype = IPFW_TABLE_CIDR;
1387 /* Port or any other key */
1388 /* Skip non-base 10 entries like 'fa1' */
1389 kv = strtol(key, &p, 10);
1391 *ptype = IPFW_TABLE_NUMBER;
1393 } else if ((p != key) && (*p == '.')) {
1395 * Warn on IPv4 address strings
1396 * which are "valid" for inet_aton() but not
1399 * Typical examples: '10.5' or '10.0.0.05'
1406 if (strchr(key, '.') == NULL) {
1407 *ptype = IPFW_TABLE_INTERFACE;
1411 if (lookup_host(key, (struct in_addr *)&addr) != 0)
1414 *ptype = IPFW_TABLE_CIDR;
1419 tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
1420 int add, uint8_t *ptype, uint32_t *pvmask, ipfw_xtable_info *xi)
1422 uint8_t type, tflags;
1430 if (xi->tablename[0] == '\0')
1431 error = table_get_info(oh, xi);
1436 if (g_co.test_only == 0) {
1439 tflags = xi->tflags;
1443 * We're running `ipfw -n`
1444 * Compatibility layer: try to guess key type
1447 if (guess_key_type(key, &type) != 0) {
1449 errx(EX_USAGE, "Cannot guess "
1450 "key '%s' type", key);
1452 vmask = IPFW_VTYPE_LEGACY;
1456 errx(EX_OSERR, "Error requesting table %s info",
1459 errx(EX_DATAERR, "Table %s does not exist",
1462 * Table does not exist
1463 * Compatibility layer: try to guess key type before failing.
1465 if (guess_key_type(key, &type) != 0) {
1467 errx(EX_USAGE, "Table %s does not exist, cannot guess "
1468 "key '%s' type", oh->ntlv.name, key);
1471 vmask = IPFW_VTYPE_LEGACY;
1474 tentry_fill_key_type(key, tent, type, tflags);
1481 set_legacy_value(uint32_t val, ipfw_table_value *v)
1491 v->dscp = (uint8_t)val;
1496 tentry_fill_value(ipfw_obj_header *oh __unused, ipfw_obj_tentry *tent,
1497 char *arg, uint8_t type __unused, uint32_t vmask)
1499 struct addrinfo hints, *res;
1500 struct in_addr ipaddr;
1502 char *comma, *e, *n, *p;
1503 uint32_t a4, flag, val;
1504 ipfw_table_value *v;
1510 /* Compat layer: keep old behavior for legacy value types */
1511 if (vmask == IPFW_VTYPE_LEGACY) {
1512 /* Try to interpret as number first */
1513 val = strtoul(arg, &p, 0);
1515 set_legacy_value(val, v);
1518 if (inet_pton(AF_INET, arg, &val) == 1) {
1519 set_legacy_value(ntohl(val), v);
1523 if (lookup_host(arg, &ipaddr) == 0) {
1524 set_legacy_value(ntohl(ipaddr.s_addr), v);
1527 errx(EX_OSERR, "Unable to parse value %s", arg);
1531 * Shorthands: handle single value if vmask consists
1532 * of numbers only. e.g.:
1533 * vmask = "fib,skipto" -> treat input "1" as "1,1"
1538 for (i = 1; i < (1u << 31); i *= 2) {
1539 if ((flag = (vmask & i)) == 0)
1543 if ((comma = strchr(n, ',')) != NULL)
1547 case IPFW_VTYPE_TAG:
1548 v->tag = strtol(n, &e, 10);
1552 case IPFW_VTYPE_PIPE:
1553 v->pipe = strtol(n, &e, 10);
1557 case IPFW_VTYPE_DIVERT:
1558 v->divert = strtol(n, &e, 10);
1562 case IPFW_VTYPE_SKIPTO:
1563 v->skipto = strtol(n, &e, 10);
1567 case IPFW_VTYPE_NETGRAPH:
1568 v->netgraph = strtol(n, &e, 10);
1572 case IPFW_VTYPE_FIB:
1573 v->fib = strtol(n, &e, 10);
1577 case IPFW_VTYPE_NAT:
1578 v->nat = strtol(n, &e, 10);
1582 case IPFW_VTYPE_LIMIT:
1583 v->limit = strtol(n, &e, 10);
1587 case IPFW_VTYPE_NH4:
1588 if (strchr(n, '.') != NULL &&
1589 inet_pton(AF_INET, n, &a4) == 1) {
1593 if (lookup_host(n, &ipaddr) == 0) {
1594 v->nh4 = ntohl(ipaddr.s_addr);
1599 case IPFW_VTYPE_DSCP:
1601 if ((dval = match_token(f_ipdscp, n)) != -1) {
1605 etype = "DSCP code";
1607 v->dscp = strtol(n, &e, 10);
1608 if (v->dscp > 63 || *e != '\0')
1609 etype = "DSCP value";
1612 case IPFW_VTYPE_NH6:
1613 if (strchr(n, ':') != NULL) {
1614 memset(&hints, 0, sizeof(hints));
1615 hints.ai_family = AF_INET6;
1616 hints.ai_flags = AI_NUMERICHOST;
1617 if (getaddrinfo(n, NULL, &hints, &res) == 0) {
1618 v->nh6 = ((struct sockaddr_in6 *)
1619 res->ai_addr)->sin6_addr;
1620 v->zoneid = ((struct sockaddr_in6 *)
1621 res->ai_addr)->sin6_scope_id;
1631 errx(EX_USAGE, "Unable to parse %s as %s", n, etype);
1636 if ((n = comma) != NULL)
1641 errx(EX_USAGE, "Not enough fields inside value");
1646 * Compare table names.
1647 * Honor number comparison.
1650 tablename_cmp(const void *a, const void *b)
1652 const ipfw_xtable_info *ia, *ib;
1654 ia = (const ipfw_xtable_info *)a;
1655 ib = (const ipfw_xtable_info *)b;
1657 return (stringnum_cmp(ia->tablename, ib->tablename));
1661 * Retrieves table list from kernel,
1662 * optionally sorts it and calls requested function for each table.
1663 * Returns 0 on success.
1666 tables_foreach(table_cb_t *f, void *arg, int sort)
1668 ipfw_obj_lheader *olh;
1669 ipfw_xtable_info *info;
1674 /* Start with reasonable default */
1675 sz = sizeof(*olh) + 16 * sizeof(ipfw_xtable_info);
1678 if ((olh = calloc(1, sz)) == NULL)
1682 if (do_get3(IP_FW_TABLES_XLIST, &olh->opheader, &sz) != 0) {
1685 if (errno != ENOMEM)
1691 qsort(olh + 1, olh->count, olh->objsize,
1694 info = (ipfw_xtable_info *)(olh + 1);
1695 for (i = 0; i < olh->count; i++) {
1696 if (g_co.use_set == 0 || info->set == g_co.use_set - 1)
1697 error = f(info, arg);
1698 info = (ipfw_xtable_info *)((caddr_t)info +
1709 * Retrieves all entries for given table @i in
1710 * eXtended format. Allocate buffer large enough
1711 * to store result. Called needs to free it later.
1713 * Returns 0 on success.
1716 table_do_get_list(ipfw_xtable_info *i, ipfw_obj_header **poh)
1718 ipfw_obj_header *oh;
1724 for (c = 0; c < 8; c++) {
1729 if ((oh = calloc(1, sz)) == NULL)
1731 table_fill_objheader(oh, i);
1732 oh->opheader.version = 1; /* Current version */
1733 if (do_get3(IP_FW_TABLE_XLIST, &oh->opheader, &sz) == 0) {
1738 if (errno != ENOMEM)
1747 * Shows all entries from @oh in human-readable format
1750 table_show_list(ipfw_obj_header *oh, int need_header)
1752 ipfw_obj_tentry *tent;
1754 ipfw_xtable_info *i;
1756 i = (ipfw_xtable_info *)(oh + 1);
1757 tent = (ipfw_obj_tentry *)(i + 1);
1760 printf("--- table(%s), set(%u) ---\n", i->tablename, i->set);
1764 table_show_entry(i, tent);
1765 tent = (ipfw_obj_tentry *)((caddr_t)tent + tent->head.length);
1771 table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
1772 uint32_t vmask, int print_ip)
1774 char abuf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2];
1775 struct sockaddr_in6 sa6;
1776 uint32_t flag, i, l;
1783 * Some shorthands for printing values:
1784 * legacy assumes all values are equal, so keep the first one.
1786 if (vmask == IPFW_VTYPE_LEGACY) {
1787 if (print_ip != 0) {
1788 flag = htonl(v->tag);
1789 inet_ntop(AF_INET, &flag, buf, sz);
1791 snprintf(buf, sz, "%u", v->tag);
1795 for (i = 1; i < (1u << 31); i *= 2) {
1796 if ((flag = (vmask & i)) == 0)
1801 case IPFW_VTYPE_TAG:
1802 l = snprintf(buf, sz, "%u,", v->tag);
1804 case IPFW_VTYPE_PIPE:
1805 l = snprintf(buf, sz, "%u,", v->pipe);
1807 case IPFW_VTYPE_DIVERT:
1808 l = snprintf(buf, sz, "%d,", v->divert);
1810 case IPFW_VTYPE_SKIPTO:
1811 l = snprintf(buf, sz, "%d,", v->skipto);
1813 case IPFW_VTYPE_NETGRAPH:
1814 l = snprintf(buf, sz, "%u,", v->netgraph);
1816 case IPFW_VTYPE_FIB:
1817 l = snprintf(buf, sz, "%u,", v->fib);
1819 case IPFW_VTYPE_NAT:
1820 l = snprintf(buf, sz, "%u,", v->nat);
1822 case IPFW_VTYPE_LIMIT:
1823 l = snprintf(buf, sz, "%u,", v->limit);
1825 case IPFW_VTYPE_NH4:
1826 a4.s_addr = htonl(v->nh4);
1827 inet_ntop(AF_INET, &a4, abuf, sizeof(abuf));
1828 l = snprintf(buf, sz, "%s,", abuf);
1830 case IPFW_VTYPE_DSCP:
1831 l = snprintf(buf, sz, "%d,", v->dscp);
1833 case IPFW_VTYPE_NH6:
1834 sa6.sin6_family = AF_INET6;
1835 sa6.sin6_len = sizeof(sa6);
1836 sa6.sin6_addr = v->nh6;
1838 sa6.sin6_scope_id = v->zoneid;
1839 if (getnameinfo((const struct sockaddr *)&sa6,
1840 sa6.sin6_len, abuf, sizeof(abuf), NULL, 0,
1841 NI_NUMERICHOST) == 0)
1842 l = snprintf(buf, sz, "%s,", abuf);
1855 table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent)
1857 char tbuf[128], pval[128];
1860 struct tflow_entry *tfe;
1862 table_show_value(pval, sizeof(pval), &tent->v.value, i->vmask,
1863 g_co.do_value_as_ip);
1866 case IPFW_TABLE_ADDR:
1867 /* IPv4 or IPv6 prefixes */
1868 inet_ntop(tent->subtype, &tent->k, tbuf, sizeof(tbuf));
1869 printf("%s/%u %s\n", tbuf, tent->masklen, pval);
1871 case IPFW_TABLE_INTERFACE:
1872 /* Interface names */
1873 printf("%s %s\n", tent->k.iface, pval);
1875 case IPFW_TABLE_NUMBER:
1877 printf("%u %s\n", tent->k.key, pval);
1879 case IPFW_TABLE_FLOW:
1881 tfe = &tent->k.flow;
1884 if ((i->tflags & IPFW_TFFLAG_SRCIP) != 0) {
1885 if (tfe->af == AF_INET)
1886 paddr = &tfe->a.a4.sip;
1888 paddr = &tfe->a.a6.sip6;
1890 inet_ntop(tfe->af, paddr, tbuf, sizeof(tbuf));
1891 printf("%s%s", comma, tbuf);
1895 if ((i->tflags & IPFW_TFFLAG_PROTO) != 0) {
1896 printf("%s%d", comma, tfe->proto);
1900 if ((i->tflags & IPFW_TFFLAG_SRCPORT) != 0) {
1901 printf("%s%d", comma, ntohs(tfe->sport));
1904 if ((i->tflags & IPFW_TFFLAG_DSTIP) != 0) {
1905 if (tfe->af == AF_INET)
1906 paddr = &tfe->a.a4.dip;
1908 paddr = &tfe->a.a6.dip6;
1910 inet_ntop(tfe->af, paddr, tbuf, sizeof(tbuf));
1911 printf("%s%s", comma, tbuf);
1915 if ((i->tflags & IPFW_TFFLAG_DSTPORT) != 0) {
1916 printf("%s%d", comma, ntohs(tfe->dport));
1920 printf(" %s\n", pval);
1925 table_do_get_stdlist(uint16_t opcode, ipfw_obj_lheader **polh)
1927 ipfw_obj_lheader req, *olh;
1930 memset(&req, 0, sizeof(req));
1933 if (do_get3(opcode, &req.opheader, &sz) != 0)
1934 if (errno != ENOMEM)
1938 if ((olh = calloc(1, sz)) == NULL)
1942 if (do_get3(opcode, &olh->opheader, &sz) != 0) {
1952 table_do_get_algolist(ipfw_obj_lheader **polh)
1955 return (table_do_get_stdlist(IP_FW_TABLES_ALIST, polh));
1959 table_do_get_vlist(ipfw_obj_lheader **polh)
1962 return (table_do_get_stdlist(IP_FW_TABLE_VLIST, polh));
1966 ipfw_list_ta(int ac __unused, char *av[] __unused)
1968 ipfw_obj_lheader *olh;
1974 error = table_do_get_algolist(&olh);
1976 err(EX_OSERR, "Unable to request algorithm list");
1978 info = (ipfw_ta_info *)(olh + 1);
1979 for (i = 0; i < olh->count; i++) {
1980 if ((atype = match_value(tabletypes, info->type)) == NULL)
1982 printf("--- %s ---\n", info->algoname);
1983 printf(" type: %s\n refcount: %u\n", atype, info->refcnt);
1985 info = (ipfw_ta_info *)((caddr_t)info + olh->objsize);
1992 /* Copy of current kernel table_value structure */
1993 struct _table_value {
1994 uint32_t tag; /* O_TAG/O_TAGGED */
1995 uint32_t pipe; /* O_PIPE/O_QUEUE */
1996 uint16_t divert; /* O_DIVERT/O_TEE */
1997 uint16_t skipto; /* skipto, CALLRET */
1998 uint32_t netgraph; /* O_NETGRAPH/O_NGTEE */
1999 uint32_t fib; /* O_SETFIB */
2000 uint32_t nat; /* O_NAT */
2005 /* -- 32 bytes -- */
2006 struct in6_addr nh6;
2007 uint32_t limit; /* O_LIMIT */
2009 uint64_t refcnt; /* Number of references */
2013 compare_values(const void *_a, const void *_b)
2015 const struct _table_value *a, *b;
2017 a = (const struct _table_value *)_a;
2018 b = (const struct _table_value *)_b;
2020 if (a->spare1 < b->spare1)
2022 else if (a->spare1 > b->spare1)
2029 ipfw_list_values(int ac __unused, char *av[] __unused)
2032 ipfw_obj_lheader *olh;
2033 struct _table_value *v;
2037 error = table_do_get_vlist(&olh);
2039 err(EX_OSERR, "Unable to request value list");
2041 vmask = 0x7FFFFFFF; /* Similar to IPFW_VTYPE_LEGACY */
2043 table_print_valheader(buf, sizeof(buf), vmask);
2044 printf("HEADER: %s\n", buf);
2045 v = (struct _table_value *)(olh + 1);
2046 qsort(v, olh->count, olh->objsize, compare_values);
2047 for (i = 0; i < olh->count; i++) {
2048 table_show_value(buf, sizeof(buf), (ipfw_table_value *)v,
2050 printf("[%u] refs=%lu %s\n", v->spare1, (u_long)v->refcnt, buf);
2051 v = (struct _table_value *)((caddr_t)v + olh->objsize);
2058 table_check_name(const char *tablename)
2061 if (ipfw_check_object_name(tablename) != 0)
2063 /* Restrict some 'special' names */
2064 if (strcmp(tablename, "all") == 0)
projects / FreeBSD / FreeBSD.git / blob