2 * Copyright (c) 2014 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@dragonflybsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 #include <netinet/in.h>
53 #include <arpa/inet.h>
55 #include <net/route.h>
58 #include "../../../sys/net/ipfw3/ip_fw3.h"
59 #include "../../../sbin/ipfw3/ipfw3.h"
60 #include "ipfw3_basic.h"
63 #define IP_MASK_ALL 0xffffffff
65 * we use IPPROTO_ETHERTYPE as a fake protocol id to call the print routines
66 * This is only used in this code.
68 #define IPPROTO_ETHERTYPE 0x1000
71 struct char_int_map limit_types
[] = {
79 static struct char_int_map ether_types
[] = {
88 { "pppoe_disc", 0x8863 },
89 { "pppoe_sess", 0x8864 },
90 { "ipx_8022", 0x00E0 },
91 { "ipx_8023", 0x0000 },
93 { "ipx_snap", 0x8137 },
101 match_token(struct char_int_map
*table
, char *string
)
104 if (strcmp(table
->key
, string
) == 0) {
113 match_token2(struct char_int_map
*table
, int val
)
116 if (table
->val
== val
)
125 fill_iface(ipfw_insn_if
*cmd
, char *arg
)
128 cmd
->o
.len
|= F_INSN_SIZE(ipfw_insn_if
);
130 /* Parse the interface or address */
131 if (!strcmp(arg
, "any")){
133 } else if (!isdigit(*arg
)) {
134 strlcpy(cmd
->name
, arg
, sizeof(cmd
->name
));
135 cmd
->p
.glob
= strpbrk(arg
, "*?[") != NULL
? 1 : 0;
136 } else if (!inet_aton(arg
, &cmd
->p
.ip
))
137 errx(EX_DATAERR
, "bad ip address ``%s''", arg
);
141 lookup_host (char *host
, struct in_addr
*ipaddr
)
145 if (!inet_aton(host
, ipaddr
)) {
146 if ((he
= gethostbyname(host
)) == NULL
)
148 *ipaddr
= *(struct in_addr
*)he
->h_addr_list
[0];
154 * Like strtol, but also translates service names into port numbers
155 * for some protocols.
157 * proto == -1 disables the protocol check;
158 * proto == IPPROTO_ETHERTYPE looks up an internal table
159 * proto == <some value in /etc/protocols> matches the values there.
160 * Returns *end == s in case the parameter is not found.
163 strtoport(char *s
, char **end
, int base
, int proto
)
169 *end
= s
; /* default - not found */
171 return 0; /* not found */
174 return strtol(s
, end
, base
);
177 * find separator. '\\' escapes the next char.
179 for (s1
= s
; *s1
&& (isalnum(*s1
) || *s1
== '\\') ; s1
++) {
180 if (*s1
== '\\' && s1
[1] != '\0')
184 buf
= malloc(s1
- s
+ 1);
189 * copy into a buffer skipping backslashes
191 for (p
= s
, i
= 0; p
!= s1
; p
++)
196 if (proto
== IPPROTO_ETHERTYPE
) {
197 i
= match_token(ether_types
, buf
);
199 if (i
!= -1) { /* found */
204 struct protoent
*pe
= NULL
;
208 pe
= getprotobynumber(proto
);
210 se
= getservbyname(buf
, pe
? pe
->p_name
: NULL
);
214 return ntohs(se
->s_port
);
217 return 0; /* not found */
221 contigmask(u_char
*p
, int len
)
224 for (i
=0; i
<len
; i
++) {
225 if ( (p
[i
/8] & (1 << (7 - (i
%8)))) == 0) /* first bit unset */
228 for (n
=i
+1; n
< len
; n
++) {
229 if ( (p
[n
/8] & (1 << (7 - (n
%8)))) != 0)
230 return -1; /* mask not contiguous */
236 *add_proto(ipfw_insn
*cmd
, char *av
)
240 if (!strncmp(av
, "all", strlen(av
))) {
242 } else if ((proto
= atoi(av
)) > 0) {
244 } else if ((pe
= getprotobyname(av
)) != NULL
) {
247 errx(EX_USAGE
, "protocol `%s' not recognizable\n", av
);
249 if (proto
!= IPPROTO_IP
) {
250 cmd
->opcode
= O_BASIC_PROTO
;
251 cmd
->module
= MODULE_BASIC_ID
;
252 cmd
->len
|= LEN_OF_IPFWINSN
;
259 parse_count(ipfw_insn
**cmd
, int *ac
, char **av
[])
261 (*cmd
)->opcode
= O_BASIC_COUNT
;
262 (*cmd
)->module
= MODULE_BASIC_ID
;
263 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
268 parse_skipto(ipfw_insn
**cmd
, int *ac
, char **av
[])
271 (*cmd
)->opcode
= O_BASIC_SKIPTO
;
272 (*cmd
)->module
= MODULE_BASIC_ID
;
273 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
274 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
279 * cmd->arg3 is count of the destination
280 * cmd->arg1 is the type, random 0, round-robin 1, sticky 2
283 parse_forward(ipfw_insn
**cmd
, int *ac
, char **av
[])
285 ipfw_insn_sa
*p
= (ipfw_insn_sa
*)(*cmd
);
286 struct sockaddr_in
*sa
;
287 char *tok
, *end
= '\0';
291 (*cmd
)->opcode
= O_BASIC_FORWARD
;
294 * multiple forward destinations are seperated by colon
295 * ip address and port are seperated by comma
296 * e.g. 192.168.1.1:80,192.168.1.2:8080
297 * 192.168.1.1,192.168.1.2 or keep the port the same
299 tok
= strtok(**av
, ",");
302 while (tok
!= NULL
) {
303 sa
->sin_len
= sizeof(struct sockaddr_in
);
304 sa
->sin_family
= AF_INET
;
306 str
= strchr(tok
,':');
309 port
= strtoport(str
, &end
, 0, 0);
310 sa
->sin_port
= (u_short
)port
;
312 if (lookup_host(tok
, &(sa
->sin_addr
)) != 0)
313 errx(EX_DATAERR
, "forward `%s' invalid dst", tok
);
314 tok
= strtok (NULL
, ",");
318 (*cmd
)->arg3
= count
;
320 errx(EX_DATAERR
, "forward `%s' not recognizable", **av
);
324 if (strcmp(**av
, "round-robin") == 0) {
327 } else if (strcmp(**av
, "sticky") == 0) {
335 (*cmd
)->len
= LEN_OF_IPFWINSN
+ count
* sizeof(struct sockaddr_in
);
339 parse_in(ipfw_insn
**cmd
, int *ac
, char **av
[])
341 (*cmd
)->opcode
= O_BASIC_IN
;
342 (*cmd
)->module
= MODULE_BASIC_ID
;
343 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
349 parse_out(ipfw_insn
**cmd
, int *ac
, char **av
[])
351 (*cmd
)->opcode
= O_BASIC_OUT
;
352 (*cmd
)->module
= MODULE_BASIC_ID
;
353 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
360 parse_via(ipfw_insn
**cmd
, int *ac
, char **av
[])
362 (*cmd
)->module
= MODULE_BASIC_ID
;
363 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
364 if (strcmp(*av
[0], "via")==0) {
365 (*cmd
)->opcode
= O_BASIC_VIA
;
366 } else if (strcmp(*av
[0], "xmit")==0) {
367 (*cmd
)->opcode
= O_BASIC_XMIT
;
368 } else if (strcmp(*av
[0], "recv")==0) {
369 (*cmd
)->opcode
= O_BASIC_RECV
;
372 fill_iface((ipfw_insn_if
*)(*cmd
), *av
[0]);
377 parse_src_port(ipfw_insn
**cmd
, int *ac
, char **av
[])
380 (*cmd
)->opcode
= O_BASIC_IP_SRCPORT
;
381 (*cmd
)->module
= MODULE_BASIC_ID
;
382 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
383 double v
= strtol(**av
, NULL
, 0);
384 if (v
<= 0 || v
>= 65535)
385 errx(EX_NOHOST
, "port `%s' invalid", **av
);
391 parse_dst_port(ipfw_insn
**cmd
, int *ac
, char **av
[])
394 (*cmd
)->opcode
= O_BASIC_IP_DSTPORT
;
395 (*cmd
)->module
= MODULE_BASIC_ID
;
396 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
397 double v
= strtol(**av
, NULL
, 0);
398 if (v
<= 0 || v
>= 65535)
399 errx(EX_NOHOST
, "port `%s' invalid", **av
);
405 * Below formats are supported:
406 * from table 1 O_BASIC_IP_SRC_LOOKUP
407 * from any return 0 len instruction
408 * from me O_BASIC_IP_SRC_ME
409 * from 1.2.3.4 O_BASIC_IP_SRC
410 * from 1.2.3.4/24 O_BASIC_IP_SRC_MASK
413 parse_from(ipfw_insn
**cmd
, int *ac
, char **av
[])
415 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)(*cmd
);
419 (*cmd
)->module
= MODULE_BASIC_ID
;
421 if (strcmp(**av
, "table") == 0) {
423 NEED(*ac
, 1, "table id missing");
424 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn
);
425 (*cmd
)->opcode
= O_BASIC_IP_SRC_LOOKUP
;
426 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
427 } else if (strcmp(**av
, "any") == 0) {
428 (*cmd
)->len
&= ~F_LEN_MASK
;
429 } else if (strcmp(**av
, "me") == 0) {
430 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn
);
431 (*cmd
)->opcode
= O_BASIC_IP_SRC_ME
;
433 char *c
= NULL
, md
= 0;
434 c
= strchr(**av
, '/');
436 c
= strchr(**av
, ':');
441 if (lookup_host(**av
, &p
->addr
) != 0)
442 errx(EX_NOHOST
, "hostname ``%s'' unknown", **av
);
445 port
= strtol(c
, NULL
, 0);
446 if (port
<= 0 || port
>= 65535)
447 errx(EX_NOHOST
, "port `%s' invalid", c
);
449 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_ip
);
450 (*cmd
)->opcode
= O_BASIC_IP_SRC_N_PORT
;
455 p
->mask
.s_addr
= htonl(0);
457 errx(EX_DATAERR
, "bad width ``%s''", c
);
459 p
->mask
.s_addr
= htonl(~0 << (32 - i
));
460 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_ip
);
461 (*cmd
)->opcode
= O_BASIC_IP_SRC_MASK
;
462 p
->addr
.s_addr
&= p
->mask
.s_addr
;
465 p
->mask
.s_addr
= htonl(~0);
466 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_u32
);
467 (*cmd
)->opcode
= O_BASIC_IP_SRC
;
475 parse_to(ipfw_insn
**cmd
, int *ac
, char **av
[])
477 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)(*cmd
);
481 (*cmd
)->module
= MODULE_BASIC_ID
;
483 if (strcmp(**av
, "table") == 0) {
485 NEED(*ac
, 1, "table id missing");
486 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn
);
487 (*cmd
)->opcode
= O_BASIC_IP_DST_LOOKUP
;
488 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
489 } else if (strcmp(**av
, "any") == 0) {
490 (*cmd
)->len
&= ~F_LEN_MASK
;
491 } else if (strcmp(**av
, "me") == 0) {
492 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn
);
493 (*cmd
)->opcode
= O_BASIC_IP_DST_ME
;
495 char *c
= NULL
, md
= 0;
496 c
= strchr(**av
, '/');
498 c
= strchr(**av
, ':');
503 if (lookup_host(**av
, &p
->addr
) != 0)
504 errx(EX_NOHOST
, "hostname ``%s'' unknown", **av
);
507 port
= strtol(c
, NULL
, 0);
508 if (port
<= 0 || port
>= 65535)
509 errx(EX_NOHOST
, "port `%s' invalid", c
);
511 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_ip
);
512 (*cmd
)->opcode
= O_BASIC_IP_DST_N_PORT
;
517 p
->mask
.s_addr
= htonl(0);
519 errx(EX_DATAERR
, "bad width ``%s''", c
);
521 p
->mask
.s_addr
= htonl(~0 << (32 - i
));
522 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_ip
);
523 (*cmd
)->opcode
= O_BASIC_IP_DST_MASK
;
524 p
->addr
.s_addr
&= p
->mask
.s_addr
;
527 p
->mask
.s_addr
= htonl(~0);
528 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_u32
);
529 (*cmd
)->opcode
= O_BASIC_IP_DST
;
538 parse_proto(ipfw_insn
**cmd
, int *ac
, char **av
[])
540 add_proto(*cmd
, **av
);
545 parse_prob(ipfw_insn
**cmd
, int *ac
, char **av
[])
548 (*cmd
)->opcode
= O_BASIC_PROB
;
549 (*cmd
)->module
= MODULE_BASIC_ID
;
550 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
551 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
556 parse_keep_state(ipfw_insn
**cmd
, int *ac
, char **av
[])
559 (*cmd
)->opcode
= O_BASIC_KEEP_STATE
;
560 (*cmd
)->module
= MODULE_BASIC_ID
;
561 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
562 if (strcmp(**av
, "limit") == 0) {
564 (*cmd
)->arg3
= match_token(limit_types
, **av
);
565 if ((*cmd
)->arg3
== 0)
566 errx(EX_DATAERR
, "limit `%s' not recognizable", **av
);
569 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
570 if ((*cmd
)->arg1
== 0)
571 errx(EX_DATAERR
, "bad limit `%s'", **av
);
575 if (strcmp(**av
, "live") == 0) {
577 (*cmd
)->arg2
= strtoul(**av
, NULL
, 10);
583 parse_check_state(ipfw_insn
**cmd
, int *ac
, char **av
[])
586 (*cmd
)->opcode
= O_BASIC_CHECK_STATE
;
587 (*cmd
)->module
= MODULE_BASIC_ID
;
588 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
592 parse_tagged(ipfw_insn
**cmd
, int *ac
, char **av
[])
595 (*cmd
)->opcode
= O_BASIC_TAGGED
;
596 (*cmd
)->module
= MODULE_BASIC_ID
;
597 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
598 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
603 parse_comment(ipfw_insn
**cmd
, int *ac
, char **av
[])
606 char *p
= (char *)((*cmd
) + 1);
609 (*cmd
)->opcode
= O_BASIC_COMMENT
;
610 (*cmd
)->module
= MODULE_BASIC_ID
;
613 l
+= strlen(**av
) + 1;
615 errx(EX_DATAERR
, "comment too long (max 80 chars)");
628 parse_tag(ipfw_insn
**cmd
, int *ac
, char **av
[])
631 (*cmd
)->opcode
= O_BASIC_TAG
;
632 (*cmd
)->module
= MODULE_BASIC_ID
;
633 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
634 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
639 parse_untag(ipfw_insn
**cmd
, int *ac
, char **av
[])
642 (*cmd
)->opcode
= O_BASIC_UNTAG
;
643 (*cmd
)->module
= MODULE_BASIC_ID
;
644 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
645 (*cmd
)->arg1
= strtoul(**av
, NULL
, 10);
650 show_count(ipfw_insn
*cmd
, int show_or
)
656 show_skipto(ipfw_insn
*cmd
, int show_or
)
658 printf(" skipto %u", cmd
->arg1
);
662 show_forward(ipfw_insn
*cmd
, int show_or
)
664 struct sockaddr_in
*sa
;
667 ipfw_insn_sa
*s
= (ipfw_insn_sa
*)cmd
;
670 for (i
= 0; i
< cmd
->arg3
; i
++){
676 printf("%s", inet_ntoa(sa
->sin_addr
));
677 if (sa
->sin_port
!= 0)
678 printf(":%d", sa
->sin_port
);
683 printf(" round-robin");
684 else if (cmd
->arg1
== 2)
690 show_in(ipfw_insn
*cmd
, int show_or
)
696 show_out(ipfw_insn
*cmd
, int show_or
)
702 show_via(ipfw_insn
*cmd
, int show_or
)
705 ipfw_insn_if
*cmdif
= (ipfw_insn_if
*)cmd
;
707 if ((int)cmd
->opcode
== O_BASIC_XMIT
)
709 else if ((int)cmd
->opcode
== O_BASIC_RECV
)
711 else if ((int)cmd
->opcode
== O_BASIC_VIA
)
717 if (cmdif
->name
[0] == '\0')
718 printf(" %s %s", s
, inet_ntoa(cmdif
->p
.ip
));
720 printf(" %s %s", s
, cmdif
->name
);
724 show_src_port(ipfw_insn
*cmd
, int show_or
)
726 char *word
= "src-port";
729 printf(" %s %d", word
, cmd
->arg1
);
733 show_dst_port(ipfw_insn
*cmd
, int show_or
)
735 char *word
= "dst-port";
738 printf(" %s %d", word
, cmd
->arg1
);
742 show_from(ipfw_insn
*cmd
, int show_or
)
747 printf(" %s %s", word
, inet_ntoa(((ipfw_insn_ip
*)cmd
)->addr
));
751 show_from_lookup(ipfw_insn
*cmd
, int show_or
)
756 printf(" %s table %d", word
, cmd
->arg1
);
760 show_from_me(ipfw_insn
*cmd
, int show_or
)
765 printf(" %s me", word
);
769 show_from_mask(ipfw_insn
*cmd
, int show_or
)
775 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)cmd
;
776 printf(" %s %s", word
, inet_ntoa(p
->addr
));
778 mask
= contigmask((u_char
*)&(p
->mask
.s_addr
), 32);
784 show_from_src_n_port(ipfw_insn
*cmd
, int show_or
)
789 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)cmd
;
790 printf(" %s %s", word
, inet_ntoa(p
->addr
));
791 printf(":%d", cmd
->arg1
);
795 show_to(ipfw_insn
*cmd
, int show_or
)
800 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)cmd
;
801 printf(" %s %s", word
, inet_ntoa(p
->addr
));
805 show_to_lookup(ipfw_insn
*cmd
, int show_or
)
810 printf(" %s table %d", word
, cmd
->arg1
);
814 show_to_me(ipfw_insn
*cmd
, int show_or
)
819 printf(" %s me", word
);
823 show_to_mask(ipfw_insn
*cmd
, int show_or
)
829 ipfw_insn_ip
*p
= (ipfw_insn_ip
*)cmd
;
830 printf(" %s %s", word
, inet_ntoa(p
->addr
));
832 mask
= contigmask((u_char
*)&(p
->mask
.s_addr
), 32);
838 show_to_src_n_port(ipfw_insn
*cmd
, int show_or
)
843 printf(" %s %s", word
, inet_ntoa(((ipfw_insn_ip
*)cmd
)->addr
));
844 printf(":%d", cmd
->arg1
);
848 show_proto(ipfw_insn
*cmd
, int show_or
)
853 pe
= getprotobynumber(cmd
->arg1
);
854 printf(" %s", pe
->p_name
);
858 show_prob(ipfw_insn
*cmd
, int show_or
)
863 printf(" %s %d%%", word
, cmd
->arg1
);
867 show_keep_state(ipfw_insn
*cmd
, int show_or
)
869 printf(" keep-state");
870 if (cmd
->arg1
!= 0) {
871 char *type
=match_token2(limit_types
, cmd
->arg3
);
872 printf(" limit %s %d", type
, cmd
->arg1
);
874 if (cmd
->arg2
!= 0) {
875 printf(" live %d", cmd
->arg2
);
880 show_check_state(ipfw_insn
*cmd
, int show_or
)
882 printf(" check-state");
886 show_tagged(ipfw_insn
*cmd
, int show_or
)
888 printf(" tagged %d", cmd
->arg1
);
892 show_comment(ipfw_insn
*cmd
, int show_or
)
894 printf(" // %s", (char *)(cmd
+ 1));
898 show_tag(ipfw_insn
*cmd
, int show_or
)
900 printf(" tag %d", cmd
->arg1
);
904 show_untag(ipfw_insn
*cmd
, int show_or
)
906 printf(" untag %d", cmd
->arg1
);
910 load_module(register_func function
, register_keyword keyword
)
912 keyword(MODULE_BASIC_ID
, O_BASIC_COUNT
, "count", ACTION
);
913 function(MODULE_BASIC_ID
, O_BASIC_COUNT
,
914 (parser_func
)parse_count
, (shower_func
)show_count
);
916 keyword(MODULE_BASIC_ID
, O_BASIC_SKIPTO
, "skipto", ACTION
);
917 function(MODULE_BASIC_ID
, O_BASIC_SKIPTO
,
918 (parser_func
)parse_skipto
, (shower_func
)show_skipto
);
920 keyword(MODULE_BASIC_ID
, O_BASIC_FORWARD
, "forward", ACTION
);
921 function(MODULE_BASIC_ID
, O_BASIC_FORWARD
,
922 (parser_func
)parse_forward
, (shower_func
)show_forward
);
924 keyword(MODULE_BASIC_ID
, O_BASIC_IN
, "in", FILTER
);
925 function(MODULE_BASIC_ID
, O_BASIC_IN
,
926 (parser_func
)parse_in
, (shower_func
)show_in
);
928 keyword(MODULE_BASIC_ID
, O_BASIC_OUT
, "out", FILTER
);
929 function(MODULE_BASIC_ID
, O_BASIC_OUT
,
930 (parser_func
)parse_out
, (shower_func
)show_out
);
932 keyword(MODULE_BASIC_ID
, O_BASIC_VIA
, "via", FILTER
);
933 function(MODULE_BASIC_ID
, O_BASIC_VIA
,
934 (parser_func
)parse_via
, (shower_func
)show_via
);
936 keyword(MODULE_BASIC_ID
, O_BASIC_XMIT
, "xmit", FILTER
);
937 function(MODULE_BASIC_ID
, O_BASIC_XMIT
,
938 (parser_func
)parse_via
, (shower_func
)show_via
);
940 keyword(MODULE_BASIC_ID
, O_BASIC_RECV
, "recv", FILTER
);
941 function(MODULE_BASIC_ID
, O_BASIC_RECV
,
942 (parser_func
)parse_via
, (shower_func
)show_via
);
944 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRCPORT
, "src-port", FILTER
);
945 function(MODULE_BASIC_ID
, O_BASIC_IP_SRCPORT
,
946 (parser_func
)parse_src_port
, (shower_func
)show_src_port
);
948 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DSTPORT
, "dst-port", FILTER
);
949 function(MODULE_BASIC_ID
, O_BASIC_IP_DSTPORT
,
950 (parser_func
)parse_dst_port
, (shower_func
)show_dst_port
);
952 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRC
, "from", FROM
);
953 function(MODULE_BASIC_ID
, O_BASIC_IP_SRC
,
954 (parser_func
)parse_from
, (shower_func
)show_from
);
956 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRC_LOOKUP
, "from-[table]", FROM
);
957 function(MODULE_BASIC_ID
, O_BASIC_IP_SRC_LOOKUP
,
958 (parser_func
)parse_from
, (shower_func
)show_from_lookup
);
960 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRC_ME
, "from-[me]", FROM
);
961 function(MODULE_BASIC_ID
, O_BASIC_IP_SRC_ME
,
962 (parser_func
)parse_from
, (shower_func
)show_from_me
);
964 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRC_MASK
, "from-[mask]", FROM
);
965 function(MODULE_BASIC_ID
, O_BASIC_IP_SRC_MASK
,
966 (parser_func
)parse_from
, (shower_func
)show_from_mask
);
968 keyword(MODULE_BASIC_ID
, O_BASIC_IP_SRC_N_PORT
, "from-[ip:port]", FROM
);
969 function(MODULE_BASIC_ID
, O_BASIC_IP_SRC_N_PORT
,
970 (parser_func
)parse_from
, (shower_func
)show_from_src_n_port
);
972 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DST
, "to", TO
);
973 function(MODULE_BASIC_ID
, O_BASIC_IP_DST
,
974 (parser_func
)parse_to
, (shower_func
)show_to
);
976 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DST_LOOKUP
, "to-[table]", TO
);
977 function(MODULE_BASIC_ID
, O_BASIC_IP_DST_LOOKUP
,
978 (parser_func
)parse_to
, (shower_func
)show_to_lookup
);
980 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DST_ME
, "to-[me]", TO
);
981 function(MODULE_BASIC_ID
, O_BASIC_IP_DST_ME
,
982 (parser_func
)parse_to
, (shower_func
)show_to_me
);
984 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DST_MASK
, "to-[mask]", TO
);
985 function(MODULE_BASIC_ID
, O_BASIC_IP_DST_MASK
,
986 (parser_func
)parse_to
, (shower_func
)show_to_mask
);
988 keyword(MODULE_BASIC_ID
, O_BASIC_IP_DST_N_PORT
, "to-[ip:port]", FROM
);
989 function(MODULE_BASIC_ID
, O_BASIC_IP_DST_N_PORT
,
990 (parser_func
)parse_to
, (shower_func
)show_to_src_n_port
);
992 keyword(MODULE_BASIC_ID
, O_BASIC_PROTO
, "proto", PROTO
);
993 function(MODULE_BASIC_ID
, O_BASIC_PROTO
,
994 (parser_func
)parse_proto
, (shower_func
)show_proto
);
996 keyword(MODULE_BASIC_ID
, O_BASIC_PROB
, "prob", FILTER
);
997 function(MODULE_BASIC_ID
, O_BASIC_PROB
,
998 (parser_func
)parse_prob
, (shower_func
)show_prob
);
1000 keyword(MODULE_BASIC_ID
, O_BASIC_KEEP_STATE
, "keep-state", FILTER
);
1001 function(MODULE_BASIC_ID
, O_BASIC_KEEP_STATE
,
1002 (parser_func
)parse_keep_state
,
1003 (shower_func
)show_keep_state
);
1005 keyword(MODULE_BASIC_ID
, O_BASIC_CHECK_STATE
, "check-state", BEFORE
);
1006 function(MODULE_BASIC_ID
, O_BASIC_CHECK_STATE
,
1007 (parser_func
)parse_check_state
,
1008 (shower_func
)show_check_state
);
1010 keyword(MODULE_BASIC_ID
, O_BASIC_TAG
, "tag", ACTION
);
1011 function(MODULE_BASIC_ID
, O_BASIC_TAG
,
1012 (parser_func
)parse_tag
, (shower_func
)show_tag
);
1014 keyword(MODULE_BASIC_ID
, O_BASIC_UNTAG
, "untag", ACTION
);
1015 function(MODULE_BASIC_ID
, O_BASIC_UNTAG
,
1016 (parser_func
)parse_untag
, (shower_func
)show_untag
);
1018 keyword(MODULE_BASIC_ID
, O_BASIC_TAGGED
, "tagged", FILTER
);
1019 function(MODULE_BASIC_ID
, O_BASIC_TAGGED
,
1020 (parser_func
)parse_tagged
, (shower_func
)show_tagged
);
1022 keyword(MODULE_BASIC_ID
, O_BASIC_COMMENT
, "//", AFTER
);
1023 function(MODULE_BASIC_ID
, O_BASIC_COMMENT
,
1024 (parser_func
)parse_comment
, (shower_func
)show_comment
);