7 #include <netinet/in.h>
8 #include <netinet/ip_fw.h>
10 #define IP_FW_BASE (IP_FW_ADD - 5)
11 #define IP_FW_INIT (IP_FW_BASE + 1)
12 #define IP_FW_TERM (IP_FW_BASE + 2)
14 static int ipfw_exec(int optname
, void * optval
, uintptr_t optlen
) {
21 sock
= socket(AF_INET
, SOCK_RAW
, IPPROTO_RAW
);
23 syslog(LOG_ERR
, "socket(SOCK_RAW): %m");
34 result
= setsockopt(sock
, IPPROTO_IP
, optname
, optval
, optlen
);
36 syslog(LOG_ERR
, "setsockopt(): %m");
41 result
= getsockopt(sock
, IPPROTO_IP
, optname
, optval
, (socklen_t
*)optlen
);
43 syslog(LOG_ERR
, "getsockopt(): %m");
48 syslog(LOG_ERR
, "unhandled option");
55 static void ipfw_free_ruleset(struct ip_fw
** rules
) {
56 if (rules
== NULL
|| *rules
== NULL
)
62 static int ipfw_fetch_ruleset(struct ip_fw
** rules
, int * total_fetched
, int count
) {
66 if (rules
== NULL
|| *total_fetched
< 0 || count
< 1)
69 size
= sizeof(struct ip_fw
) * (*total_fetched
+ count
);
70 *rules
= (struct ip_fw
*)realloc(*rules
, size
);
72 syslog(LOG_ERR
, "realloc(): %m");
76 (*rules
)->version
= IP_FW_CURRENT_API_VERSION
;
77 if (ipfw_exec(IP_FW_GET
, *rules
, (uintptr_t)&size
) < 0)
79 fetched
= *total_fetched
;
80 *total_fetched
= size
/ sizeof(struct ip_fw
);
82 return *total_fetched
- fetched
;
85 static int ipfw_validate_protocol(int value
) {
91 syslog(LOG_ERR
, "invalid protocol");
97 static int ipfw_validate_ifname(const char * const value
) {
98 int len
= strlen(value
);
99 if (len
< 2 || len
> FW_IFNLEN
) {
100 syslog(LOG_ERR
, "invalid interface name");