summaryrefslogtreecommitdiffstats
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/ipfw/altq.c18
-rw-r--r--sbin/ipfw/dummynet.c60
-rw-r--r--sbin/ipfw/ipfw2.c35
-rw-r--r--sbin/ipfw/ipv6.c218
-rw-r--r--sbin/ipfw/main.c6
-rw-r--r--sbin/ipfw/nat.c197
6 files changed, 266 insertions, 268 deletions
diff --git a/sbin/ipfw/altq.c b/sbin/ipfw/altq.c
index 8cf19e5..8dced11 100644
--- a/sbin/ipfw/altq.c
+++ b/sbin/ipfw/altq.c
@@ -45,7 +45,7 @@
/*
* Map between current altq queue id numbers and names.
*/
-static TAILQ_HEAD(, pf_altq) altq_entries =
+static TAILQ_HEAD(, pf_altq) altq_entries =
TAILQ_HEAD_INITIALIZER(altq_entries);
void
@@ -139,13 +139,13 @@ altq_qid_to_name(u_int32_t qid)
void
print_altq_cmd(ipfw_insn_altq *altqptr)
{
- if (altqptr) {
- const char *qname;
+ if (altqptr) {
+ const char *qname;
- qname = altq_qid_to_name(altqptr->qid);
- if (qname == NULL)
- printf(" altq ?<%u>", altqptr->qid);
- else
- printf(" altq %s", qname);
- }
+ qname = altq_qid_to_name(altqptr->qid);
+ if (qname == NULL)
+ printf(" altq ?<%u>", altqptr->qid);
+ else
+ printf(" altq %s", qname);
+ }
}
diff --git a/sbin/ipfw/dummynet.c b/sbin/ipfw/dummynet.c
index f934197..f263d22 100644
--- a/sbin/ipfw/dummynet.c
+++ b/sbin/ipfw/dummynet.c
@@ -418,25 +418,25 @@ ipfw_delete_pipe(int do_pipe, int i)
* We can model the additional delay with an empirical curve
* that represents its distribution.
*
- * cumulative probability
- * 1.0 ^
- * |
- * L +-- loss-level x
- * | ******
- * | *
- * | *****
- * | *
- * | **
- * | *
- * +-------*------------------->
- * delay
+ * cumulative probability
+ * 1.0 ^
+ * |
+ * L +-- loss-level x
+ * | ******
+ * | *
+ * | *****
+ * | *
+ * | **
+ * | *
+ * +-------*------------------->
+ * delay
*
* The empirical curve may have both vertical and horizontal lines.
* Vertical lines represent constant delay for a range of
* probabilities; horizontal lines correspond to a discontinuty
* in the delay distribution: the link will use the largest delay
* for a given probability.
- *
+ *
* To pass the curve to dummynet, we must store the parameters
* in a file as described below, and issue the command
*
@@ -449,9 +449,9 @@ ipfw_delete_pipe(int do_pipe, int i)
* the number of samples used in the internal
* representation (2..1024; default 100);
*
- * loss-level L
+ * loss-level L
* The probability above which packets are lost.
- * (0.0 <= L <= 1.0, default 1.0 i.e. no loss);
+ * (0.0 <= L <= 1.0, default 1.0 i.e. no loss);
*
* name identifier
* Optional a name (listed by "ipfw pipe show")
@@ -472,18 +472,18 @@ ipfw_delete_pipe(int do_pipe, int i)
* the curve as needed.
*
* Example of a profile file:
-
- name bla_bla_bla
- samples 100
- loss-level 0.86
- prob delay
- 0 200 # minimum overhead is 200ms
- 0.5 200
- 0.5 300
- 0.8 1000
- 0.9 1300
- 1 1300
-
+
+ name bla_bla_bla
+ samples 100
+ loss-level 0.86
+ prob delay
+ 0 200 # minimum overhead is 200ms
+ 0.5 200
+ 0.5 300
+ 0.8 1000
+ 0.9 1300
+ 1 1300
+
* Internally, we will convert the curve to a fixed number of
* samples, and when it is time to transmit a packet we will
* model the extra delay as extra bits in the packet.
@@ -613,7 +613,7 @@ load_extra_delays(const char *filename, struct dn_profile *p,
if (f == NULL)
err(EX_UNAVAILABLE, "fopen: %s", filename);
- while (fgets(line, ED_MAX_LINE_LEN, f)) { /* read commands */
+ while (fgets(line, ED_MAX_LINE_LEN, f)) { /* read commands */
char *s, *cur = line, *name = NULL, *arg = NULL;
++lineno;
@@ -740,7 +740,7 @@ load_extra_delays(const char *filename, struct dn_profile *p,
/*
* configuration of pipes, schedulers, flowsets.
* When we configure a new scheduler, an empty pipe is created, so:
- *
+ *
* do_pipe = 1 -> "pipe N config ..." only for backward compatibility
* sched N+Delta type fifo sched_mask ...
* pipe N+Delta <parameters>
@@ -955,7 +955,7 @@ ipfw_config_pipe(int ac, char **av)
mask->addr_type = 6;
pa6 = &mask->dst_ip6;
break;
-
+
case TOK_SRCIP6:
mask->addr_type = 6;
pa6 = &mask->src_ip6;
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 9f2fe69..4402f44 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -210,7 +210,7 @@ static struct _s_x rule_actions[] = {
{ "unreach", TOK_UNREACH },
{ "check-state", TOK_CHECKSTATE },
{ "//", TOK_COMMENT },
- { "nat", TOK_NAT },
+ { "nat", TOK_NAT },
{ "reass", TOK_REASS },
{ "setfib", TOK_SETFIB },
{ NULL, 0 } /* terminator */
@@ -380,8 +380,8 @@ do_cmd(int optname, void *optval, uintptr_t optlen)
if (optname == IP_FW_GET || optname == IP_DUMMYNET_GET ||
optname == IP_FW_ADD || optname == IP_FW_TABLE_LIST ||
- optname == IP_FW_TABLE_GETSIZE ||
- optname == IP_FW_NAT_GET_CONFIG ||
+ optname == IP_FW_TABLE_GETSIZE ||
+ optname == IP_FW_NAT_GET_CONFIG ||
optname < 0 ||
optname == IP_FW_NAT_GET_LOG) {
if (optname < 0)
@@ -1028,7 +1028,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
/*
* first print actions
*/
- for (l = rule->cmd_len - rule->act_ofs, cmd = ACTION_PTR(rule);
+ for (l = rule->cmd_len - rule->act_ofs, cmd = ACTION_PTR(rule);
l > 0 ; l -= F_LEN(cmd), cmd += F_LEN(cmd)) {
switch(cmd->opcode) {
case O_CHECK_STATE:
@@ -1158,7 +1158,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
/*
* then print the body.
*/
- for (l = rule->act_ofs, cmd = rule->cmd ;
+ for (l = rule->act_ofs, cmd = rule->cmd ;
l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) {
if ((cmd->len & F_OR) || (cmd->len & F_NOT))
continue;
@@ -1182,7 +1182,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
if (co.comment_only)
comment = "...";
- for (l = rule->act_ofs, cmd = rule->cmd ;
+ for (l = rule->act_ofs, cmd = rule->cmd ;
l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) {
/* useful alias */
ipfw_insn_u32 *cmd32 = (ipfw_insn_u32 *)cmd;
@@ -1569,7 +1569,7 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcwidth)
}
}
show_prerequisites(&flags, HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP
- | HAVE_IP, 0);
+ | HAVE_IP, 0);
if (comment)
printf(" // %s", comment);
printf("\n");
@@ -2198,7 +2198,6 @@ n2mask(struct in6_addr *mask, int n)
}
return;
}
-
/*
* helper function to process a set of flags and set bits in the
@@ -2229,9 +2228,9 @@ fill_flags(ipfw_insn *cmd, enum ipfw_opcodes opcode,
*which |= (uint8_t)val;
p = q;
}
- cmd->opcode = opcode;
- cmd->len = (cmd->len & (F_NOT | F_OR)) | 1;
- cmd->arg1 = (set & 0xff) | ( (clear & 0xff) << 8);
+ cmd->opcode = opcode;
+ cmd->len = (cmd->len & (F_NOT | F_OR)) | 1;
+ cmd->arg1 = (set & 0xff) | ( (clear & 0xff) << 8);
}
@@ -2289,7 +2288,7 @@ ipfw_delete(char *av[])
* fill the interface structure. We do not check the name as we can
* create interfaces dynamically, so checking them at insert time
* makes relatively little sense.
- * Interface names containing '*', '?', or '[' are assumed to be shell
+ * Interface names containing '*', '?', or '[' are assumed to be shell
* patterns which match interfaces.
*/
static void
@@ -2817,7 +2816,7 @@ chkarg:
"illegal forwarding port ``%s''", s);
p->sa.sin_port = (u_short)i;
}
- if (_substrcmp(*av, "tablearg") == 0)
+ if (_substrcmp(*av, "tablearg") == 0)
p->sa.sin_addr.s_addr = INADDR_ANY;
else
lookup_host(*av, &(p->sa.sin_addr));
@@ -2837,7 +2836,7 @@ chkarg:
action->opcode = O_SETFIB;
NEED1("missing fib number");
- action->arg1 = strtoul(*av, NULL, 10);
+ action->arg1 = strtoul(*av, NULL, 10);
if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
errx(EX_DATAERR, "fibs not suported.\n");
if (action->arg1 >= numfibs) /* Temporary */
@@ -3144,7 +3143,7 @@ read_options:
errx(EX_USAGE, "+missing \")\"\n");
open_par = 0;
prev = NULL;
- break;
+ break;
case TOK_IN:
fill_cmd(cmd, O_IN, 0, 0);
@@ -3829,10 +3828,10 @@ ipfw_table_handler(int ac, char *av[])
if (strchr(*av, (int)'.') == NULL && isdigit(**av)) {
ent.value = strtoul(*av, NULL, 0);
} else {
- if (lookup_host(*av, (struct in_addr *)&tval) == 0) {
+ if (lookup_host(*av, (struct in_addr *)&tval) == 0) {
/* The value must be stored in host order *
* so that the values < 65k can be distinguished */
- ent.value = ntohl(tval);
+ ent.value = ntohl(tval);
} else {
errx(EX_NOHOST, "hostname ``%s'' unknown", *av);
}
@@ -3851,7 +3850,7 @@ ipfw_table_handler(int ac, char *av[])
if (do_cmd(IP_FW_TABLE_ADD,
&ent, sizeof(ent)) < 0)
err(EX_OSERR,
- "setsockopt(IP_FW_TABLE_ADD)");
+ "setsockopt(IP_FW_TABLE_ADD)");
}
}
} else if (_substrcmp(*av, "flush") == 0) {
diff --git a/sbin/ipfw/ipv6.c b/sbin/ipfw/ipv6.c
index 40f078b..ee93d98 100644
--- a/sbin/ipfw/ipv6.c
+++ b/sbin/ipfw/ipv6.c
@@ -76,7 +76,7 @@ print_unreach6_code(uint16_t code)
printf("unreach6 %u", code);
}
-/*
+/*
* Print the ip address contained in a command.
*/
void
@@ -90,43 +90,43 @@ print_ip6(ipfw_insn_ip6 *cmd, char const *s)
printf("%s%s ", cmd->o.len & F_NOT ? " not": "", s);
if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) {
- printf("me6");
- return;
+ printf("me6");
+ return;
}
if (cmd->o.opcode == O_IP6) {
- printf(" ip6");
- return;
+ printf(" ip6");
+ return;
}
/*
- * len == 4 indicates a single IP, whereas lists of 1 or more
- * addr/mask pairs have len = (2n+1). We convert len to n so we
- * use that to count the number of entries.
- */
+ * len == 4 indicates a single IP, whereas lists of 1 or more
+ * addr/mask pairs have len = (2n+1). We convert len to n so we
+ * use that to count the number of entries.
+ */
for (len = len / 4; len > 0; len -= 2, a += 2) {
- int mb = /* mask length */
- (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ?
- 128 : contigmask((uint8_t *)&(a[1]), 128);
-
- if (mb == 128 && co.do_resolv)
- he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
- if (he != NULL) /* resolved to name */
- printf("%s", he->h_name);
- else if (mb == 0) /* any */
- printf("any");
- else { /* numeric IP followed by some kind of mask */
- if (inet_ntop(AF_INET6, a, trad, sizeof( trad ) ) == NULL)
- printf("Error ntop in print_ip6\n");
- printf("%s", trad );
- if (mb < 0) /* XXX not really legal... */
- printf(":%s",
- inet_ntop(AF_INET6, &a[1], trad, sizeof(trad)));
- else if (mb < 128)
- printf("/%d", mb);
- }
- if (len > 2)
- printf(",");
+ int mb = /* mask length */
+ (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ?
+ 128 : contigmask((uint8_t *)&(a[1]), 128);
+
+ if (mb == 128 && co.do_resolv)
+ he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
+ if (he != NULL) /* resolved to name */
+ printf("%s", he->h_name);
+ else if (mb == 0) /* any */
+ printf("any");
+ else { /* numeric IP followed by some kind of mask */
+ if (inet_ntop(AF_INET6, a, trad, sizeof( trad ) ) == NULL)
+ printf("Error ntop in print_ip6\n");
+ printf("%s", trad );
+ if (mb < 0) /* XXX not really legal... */
+ printf(":%s",
+ inet_ntop(AF_INET6, &a[1], trad, sizeof(trad)));
+ else if (mb < 128)
+ printf("/%d", mb);
+ }
+ if (len > 2)
+ printf(",");
}
}
@@ -137,20 +137,20 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av)
bzero(cmd, sizeof(*cmd));
while (*av) {
- if (*av == ',')
- av++;
- type = strtoul(av, &av, 0);
- if (*av != ',' && *av != '\0')
- errx(EX_DATAERR, "invalid ICMP6 type");
+ if (*av == ',')
+ av++;
+ type = strtoul(av, &av, 0);
+ if (*av != ',' && *av != '\0')
+ errx(EX_DATAERR, "invalid ICMP6 type");
/*
* XXX: shouldn't this be 0xFF? I can't see any reason why
* we shouldn't be able to filter all possiable values
* regardless of the ability of the rest of the kernel to do
* anything useful with them.
*/
- if (type > ICMP6_MAXTYPE)
- errx(EX_DATAERR, "ICMP6 type out of range");
- cmd->d[type / 32] |= ( 1 << (type % 32));
+ if (type > ICMP6_MAXTYPE)
+ errx(EX_DATAERR, "ICMP6 type out of range");
+ cmd->d[type / 32] |= ( 1 << (type % 32));
}
cmd->o.opcode = O_ICMP6TYPE;
cmd->o.len |= F_INSN_SIZE(ipfw_insn_icmp6);
@@ -165,12 +165,12 @@ print_icmp6types(ipfw_insn_u32 *cmd)
printf(" ip6 icmp6types");
for (i = 0; i < 7; i++)
- for (j=0; j < 32; ++j) {
- if ( (cmd->d[i] & (1 << (j))) == 0)
- continue;
- printf("%c%d", sep, (i*32 + j));
- sep = ',';
- }
+ for (j=0; j < 32; ++j) {
+ if ( (cmd->d[i] & (1 << (j))) == 0)
+ continue;
+ printf("%c%d", sep, (i*32 + j));
+ sep = ',';
+ }
}
void
@@ -181,9 +181,9 @@ print_flow6id( ipfw_insn_u32 *cmd)
printf(" flow-id ");
for( i=0; i < limit; ++i) {
- if (i == limit - 1)
- sep = ' ';
- printf("%d%c", cmd->d[i], sep);
+ if (i == limit - 1)
+ sep = ' ';
+ printf("%d%c", cmd->d[i], sep);
}
}
@@ -193,11 +193,11 @@ static struct _s_x ext6hdrcodes[] = {
{ "hopopt", EXT_HOPOPTS },
{ "route", EXT_ROUTING },
{ "dstopt", EXT_DSTOPTS },
- { "ah", EXT_AH },
- { "esp", EXT_ESP },
+ { "ah", EXT_AH },
+ { "esp", EXT_ESP },
{ "rthdr0", EXT_RTHDR0 },
{ "rthdr2", EXT_RTHDR2 },
- { NULL, 0 }
+ { NULL, 0 }
};
/* fills command for the extension header filtering */
@@ -210,48 +210,48 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
cmd->arg1 = 0;
while(s) {
- av = strsep( &s, ",") ;
- tok = match_token(ext6hdrcodes, av);
- switch (tok) {
- case EXT_FRAGMENT:
- cmd->arg1 |= EXT_FRAGMENT;
- break;
-
- case EXT_HOPOPTS:
- cmd->arg1 |= EXT_HOPOPTS;
- break;
-
- case EXT_ROUTING:
- cmd->arg1 |= EXT_ROUTING;
- break;
-
- case EXT_DSTOPTS:
- cmd->arg1 |= EXT_DSTOPTS;
- break;
-
- case EXT_AH:
- cmd->arg1 |= EXT_AH;
- break;
-
- case EXT_ESP:
- cmd->arg1 |= EXT_ESP;
- break;
-
- case EXT_RTHDR0:
- cmd->arg1 |= EXT_RTHDR0;
- break;
-
- case EXT_RTHDR2:
- cmd->arg1 |= EXT_RTHDR2;
- break;
-
- default:
- errx( EX_DATAERR, "invalid option for ipv6 exten header" );
- break;
- }
+ av = strsep( &s, ",") ;
+ tok = match_token(ext6hdrcodes, av);
+ switch (tok) {
+ case EXT_FRAGMENT:
+ cmd->arg1 |= EXT_FRAGMENT;
+ break;
+
+ case EXT_HOPOPTS:
+ cmd->arg1 |= EXT_HOPOPTS;
+ break;
+
+ case EXT_ROUTING:
+ cmd->arg1 |= EXT_ROUTING;
+ break;
+
+ case EXT_DSTOPTS:
+ cmd->arg1 |= EXT_DSTOPTS;
+ break;
+
+ case EXT_AH:
+ cmd->arg1 |= EXT_AH;
+ break;
+
+ case EXT_ESP:
+ cmd->arg1 |= EXT_ESP;
+ break;
+
+ case EXT_RTHDR0:
+ cmd->arg1 |= EXT_RTHDR0;
+ break;
+
+ case EXT_RTHDR2:
+ cmd->arg1 |= EXT_RTHDR2;
+ break;
+
+ default:
+ errx( EX_DATAERR, "invalid option for ipv6 exten header" );
+ break;
+ }
}
if (cmd->arg1 == 0 )
- return 0;
+ return 0;
cmd->opcode = O_EXT_HDR;
cmd->len |= F_INSN_SIZE( ipfw_insn );
return 1;
@@ -264,35 +264,35 @@ print_ext6hdr( ipfw_insn *cmd )
printf(" extension header:");
if (cmd->arg1 & EXT_FRAGMENT ) {
- printf("%cfragmentation", sep);
- sep = ',';
+ printf("%cfragmentation", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_HOPOPTS ) {
- printf("%chop options", sep);
- sep = ',';
+ printf("%chop options", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_ROUTING ) {
- printf("%crouting options", sep);
- sep = ',';
+ printf("%crouting options", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_RTHDR0 ) {
- printf("%crthdr0", sep);
- sep = ',';
+ printf("%crthdr0", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_RTHDR2 ) {
- printf("%crthdr2", sep);
- sep = ',';
+ printf("%crthdr2", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_DSTOPTS ) {
- printf("%cdestination options", sep);
- sep = ',';
+ printf("%cdestination options", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_AH ) {
- printf("%cauthentication header", sep);
- sep = ',';
+ printf("%cauthentication header", sep);
+ sep = ',';
}
if (cmd->arg1 & EXT_ESP ) {
- printf("%cencapsulated security payload", sep);
+ printf("%cencapsulated security payload", sep);
}
}
@@ -318,9 +318,9 @@ lookup_host6 (char *host, struct in6_addr *ip6addr)
* any matches any IP6. Actually returns an empty instruction.
* me returns O_IP6_*_ME
*
- * 03f1::234:123:0342 single IP6 addres
- * 03f1::234:123:0342/24 address/mask
- * 03f1::234:123:0342/24,03f1::234:123:0343/ List of address
+ * 03f1::234:123:0342 single IP6 addres
+ * 03f1::234:123:0342/24 address/mask
+ * 03f1::234:123:0342/24,03f1::234:123:0343/ List of address
*
* Set of address (as in ipv6) not supported because ipv6 address
* are typically random past the initial prefix.
diff --git a/sbin/ipfw/main.c b/sbin/ipfw/main.c
index 43693e0..fb3f3fb 100644
--- a/sbin/ipfw/main.c
+++ b/sbin/ipfw/main.c
@@ -357,7 +357,7 @@ ipfw_main(int oldac, char **oldav)
co.do_nat = 0;
co.do_pipe = 0;
if (!strncmp(*av, "nat", strlen(*av)))
- co.do_nat = 1;
+ co.do_nat = 1;
else if (!strncmp(*av, "pipe", strlen(*av)))
co.do_pipe = 1;
else if (_substrcmp(*av, "queue") == 0)
@@ -426,7 +426,7 @@ ipfw_main(int oldac, char **oldav)
else if (_substrcmp(*av, "resetlog") == 0)
ipfw_zero(ac, av, 1 /* IP_FW_RESETLOG */);
else if (_substrcmp(*av, "print") == 0 ||
- _substrcmp(*av, "list") == 0)
+ _substrcmp(*av, "list") == 0)
ipfw_list(ac, av, do_acct);
else if (_substrcmp(*av, "show") == 0)
ipfw_list(ac, av, 1 /* show counters */);
@@ -591,7 +591,7 @@ main(int ac, char *av[])
ret = WSAStartup(wVersionRequested, &wsaData);
if (ret != 0) {
/* Tell the user that we could not find a usable */
- /* Winsock DLL. */
+ /* Winsock DLL. */
printf("WSAStartup failed with error: %d\n", ret);
return 1;
}
diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c
index 21196bc..bf93549 100644
--- a/sbin/ipfw/nat.c
+++ b/sbin/ipfw/nat.c
@@ -47,15 +47,15 @@
#include <alias.h>
static struct _s_x nat_params[] = {
- { "ip", TOK_IP },
- { "if", TOK_IF },
- { "log", TOK_ALOG },
- { "deny_in", TOK_DENY_INC },
- { "same_ports", TOK_SAME_PORTS },
- { "unreg_only", TOK_UNREG_ONLY },
- { "reset", TOK_RESET_ADDR },
- { "reverse", TOK_ALIAS_REV },
- { "proxy_only", TOK_PROXY_ONLY },
+ { "ip", TOK_IP },
+ { "if", TOK_IF },
+ { "log", TOK_ALOG },
+ { "deny_in", TOK_DENY_INC },
+ { "same_ports", TOK_SAME_PORTS },
+ { "unreg_only", TOK_UNREG_ONLY },
+ { "reset", TOK_RESET_ADDR },
+ { "reverse", TOK_ALIAS_REV },
+ { "proxy_only", TOK_PROXY_ONLY },
{ "redirect_addr", TOK_REDIR_ADDR },
{ "redirect_port", TOK_REDIR_PORT },
{ "redirect_proto", TOK_REDIR_PROTO },
@@ -63,10 +63,10 @@ static struct _s_x nat_params[] = {
};
-/*
+/*
* Search for interface with name "ifn", and fill n accordingly:
*
- * n->ip ip address of interface "ifn"
+ * n->ip ip address of interface "ifn"
* n->if_name copy of interface name "ifn"
*/
static void
@@ -163,25 +163,25 @@ set_addr_dynamic(const char *ifn, struct cfg_nat *n)
free(buf);
}
-/*
+/*
* XXX - The following functions, macros and definitions come from natd.c:
- * it would be better to move them outside natd.c, in a file
- * (redirect_support.[ch]?) shared by ipfw and natd, but for now i can live
+ * it would be better to move them outside natd.c, in a file
+ * (redirect_support.[ch]?) shared by ipfw and natd, but for now i can live
* with it.
*/
/*
* Definition of a port range, and macros to deal with values.
* FORMAT: HI 16-bits == first port in range, 0 == all ports.
- * LO 16-bits == number of ports in range
+ * LO 16-bits == number of ports in range
* NOTES: - Port values are not stored in network byte order.
*/
#define port_range u_long
-#define GETLOPORT(x) ((x) >> 0x10)
-#define GETNUMPORTS(x) ((x) & 0x0000ffff)
-#define GETHIPORT(x) (GETLOPORT((x)) + GETNUMPORTS((x)))
+#define GETLOPORT(x) ((x) >> 0x10)
+#define GETNUMPORTS(x) ((x) & 0x0000ffff)
+#define GETHIPORT(x) (GETLOPORT((x)) + GETNUMPORTS((x)))
/* Set y to be the low-port value in port_range variable x. */
#define SETLOPORT(x,y) ((x) = ((x) & 0x0000ffff) | ((y) << 0x10))
@@ -189,7 +189,7 @@ set_addr_dynamic(const char *ifn, struct cfg_nat *n)
/* Set y to be the number of ports in port_range variable x. */
#define SETNUMPORTS(x,y) ((x) = ((x) & 0xffff0000) | (y))
-static void
+static void
StrToAddr (const char* str, struct in_addr* addr)
{
struct hostent* hp;
@@ -204,30 +204,30 @@ StrToAddr (const char* str, struct in_addr* addr)
memcpy (addr, hp->h_addr, sizeof (struct in_addr));
}
-static int
+static int
StrToPortRange (const char* str, const char* proto, port_range *portRange)
{
- char* sep;
+ char* sep;
struct servent* sp;
char* end;
- u_short loPort;
- u_short hiPort;
+ u_short loPort;
+ u_short hiPort;
/* First see if this is a service, return corresponding port if so. */
sp = getservbyname (str,proto);
if (sp) {
- SETLOPORT(*portRange, ntohs(sp->s_port));
+ SETLOPORT(*portRange, ntohs(sp->s_port));
SETNUMPORTS(*portRange, 1);
return 0;
}
-
+
/* Not a service, see if it's a single port or port range. */
sep = strchr (str, '-');
if (sep == NULL) {
- SETLOPORT(*portRange, strtol(str, &end, 10));
+ SETLOPORT(*portRange, strtol(str, &end, 10));
if (end != str) {
- /* Single port. */
- SETNUMPORTS(*portRange, 1);
+ /* Single port. */
+ SETNUMPORTS(*portRange, 1);
return 0;
}
@@ -240,15 +240,15 @@ StrToPortRange (const char* str, const char* proto, port_range *portRange)
SETLOPORT(*portRange, loPort);
SETNUMPORTS(*portRange, 0); /* Error by default */
if (loPort <= hiPort)
- SETNUMPORTS(*portRange, hiPort - loPort + 1);
+ SETNUMPORTS(*portRange, hiPort - loPort + 1);
if (GETNUMPORTS(*portRange) == 0)
- errx (EX_DATAERR, "invalid port range %s", str);
+ errx (EX_DATAERR, "invalid port range %s", str);
return 0;
}
-static int
+static int
StrToProto (const char* str)
{
if (!strcmp (str, "tcp"))
@@ -262,9 +262,9 @@ StrToProto (const char* str)
errx (EX_DATAERR, "unknown protocol %s. Expected sctp, tcp or udp", str);
}
-static int
-StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto,
- port_range *portRange)
+static int
+StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto,
+ port_range *portRange)
{
char* ptr;
@@ -281,50 +281,49 @@ StrToAddrAndPortRange (const char* str, struct in_addr* addr, char* proto,
/* End of stuff taken from natd.c. */
-#define INC_ARGCV() do { \
- (*_av)++; \
- (*_ac)--; \
- av = *_av; \
- ac = *_ac; \
+#define INC_ARGCV() do { \
+ (*_av)++; \
+ (*_ac)--; \
+ av = *_av; \
+ ac = *_ac; \
} while(0)
-/*
- * The next 3 functions add support for the addr, port and proto redirect and
- * their logic is loosely based on SetupAddressRedirect(), SetupPortRedirect()
+/*
+ * The next 3 functions add support for the addr, port and proto redirect and
+ * their logic is loosely based on SetupAddressRedirect(), SetupPortRedirect()
* and SetupProtoRedirect() from natd.c.
*
- * Every setup_* function fills at least one redirect entry
- * (struct cfg_redir) and zero or more server pool entry (struct cfg_spool)
+ * Every setup_* function fills at least one redirect entry
+ * (struct cfg_redir) and zero or more server pool entry (struct cfg_spool)
* in buf.
- *
+ *
* The format of data in buf is:
- *
*
- * cfg_nat cfg_redir cfg_spool ...... cfg_spool
+ * cfg_nat cfg_redir cfg_spool ...... cfg_spool
*
* ------------------------------------- ------------
* | | .....X ... | | | | .....
* ------------------------------------- ...... ------------
- * ^
+ * ^
* spool_cnt n=0 ...... n=(X-1)
*
* len points to the amount of available space in buf
* space counts the memory consumed by every function
*
- * XXX - Every function get all the argv params so it
+ * XXX - Every function get all the argv params so it
* has to check, in optional parameters, that the next
- * args is a valid option for the redir entry and not
- * another token. Only redir_port and redir_proto are
+ * args is a valid option for the redir entry and not
+ * another token. Only redir_port and redir_proto are
* affected by this.
*/
static int
setup_redir_addr(char *spool_buf, unsigned int len,
- int *_ac, char ***_av)
+ int *_ac, char ***_av)
{
char **av, *sep; /* Token separator. */
/* Temporary buffer used to hold server pool ip's. */
- char tmp_spool_buf[NAT_BUF_LEN];
+ char tmp_spool_buf[NAT_BUF_LEN];
int ac, space, lsnat;
struct cfg_redir *r;
struct cfg_spool *tmp;
@@ -339,11 +338,11 @@ setup_redir_addr(char *spool_buf, unsigned int len,
spool_buf = &spool_buf[SOF_REDIR];
space = SOF_REDIR;
len -= SOF_REDIR;
- } else
- goto nospace;
+ } else
+ goto nospace;
r->mode = REDIR_ADDR;
/* Extract local address. */
- if (ac == 0)
+ if (ac == 0)
errx(EX_DATAERR, "redirect_addr: missing local address");
sep = strchr(*av, ',');
if (sep) { /* LSNAT redirection syntax. */
@@ -351,12 +350,12 @@ setup_redir_addr(char *spool_buf, unsigned int len,
/* Preserve av, copy spool servers to tmp_spool_buf. */
strncpy(tmp_spool_buf, *av, strlen(*av)+1);
lsnat = 1;
- } else
+ } else
StrToAddr(*av, &r->laddr);
INC_ARGCV();
/* Extract public address. */
- if (ac == 0)
+ if (ac == 0)
errx(EX_DATAERR, "redirect_addr: missing public address");
StrToAddr(*av, &r->paddr);
INC_ARGCV();
@@ -385,7 +384,7 @@ nospace:
static int
setup_redir_port(char *spool_buf, unsigned int len,
- int *_ac, char ***_av)
+ int *_ac, char ***_av)
{
char **av, *sep, *protoName;
char tmp_spool_buf[NAT_BUF_LEN];
@@ -407,8 +406,8 @@ setup_redir_port(char *spool_buf, unsigned int len,
spool_buf = &spool_buf[SOF_REDIR];
space = SOF_REDIR;
len -= SOF_REDIR;
- } else
- goto nospace;
+ } else
+ goto nospace;
r->mode = REDIR_PORT;
/*
* Extract protocol.
@@ -436,8 +435,8 @@ setup_redir_port(char *spool_buf, unsigned int len,
lsnat = 1;
} else {
/*
- * The sctp nat does not allow the port numbers to be mapped to
- * new port numbers. Therefore, no ports are to be specified
+ * The sctp nat does not allow the port numbers to be mapped to
+ * new port numbers. Therefore, no ports are to be specified
* in the target port field.
*/
if (r->proto == IPPROTO_SCTP) {
@@ -448,7 +447,7 @@ setup_redir_port(char *spool_buf, unsigned int len,
else
StrToAddr(*av, &r->laddr);
} else {
- if (StrToAddrAndPortRange (*av, &r->laddr, protoName,
+ if (StrToAddrAndPortRange (*av, &r->laddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port:"
"invalid local port range");
@@ -467,14 +466,14 @@ setup_redir_port(char *spool_buf, unsigned int len,
sep = strchr (*av, ':');
if (sep) {
- if (StrToAddrAndPortRange (*av, &r->paddr, protoName,
+ if (StrToAddrAndPortRange (*av, &r->paddr, protoName,
&portRange) != 0)
- errx(EX_DATAERR, "redirect_port:"
+ errx(EX_DATAERR, "redirect_port:"
"invalid public port range");
} else {
r->paddr.s_addr = INADDR_ANY;
if (StrToPortRange (*av, protoName, &portRange) != 0)
- errx(EX_DATAERR, "redirect_port:"
+ errx(EX_DATAERR, "redirect_port:"
"invalid public port range");
}
@@ -489,19 +488,19 @@ setup_redir_port(char *spool_buf, unsigned int len,
/*
* Extract remote address and optionally port.
*/
- /*
+ /*
* NB: isalpha(**av) => we've to check that next parameter is really an
* option for this redirect entry, else stop here processing arg[cv].
*/
- if (ac != 0 && !isalpha(**av)) {
+ if (ac != 0 && !isalpha(**av)) {
sep = strchr (*av, ':');
if (sep) {
- if (StrToAddrAndPortRange (*av, &r->raddr, protoName,
+ if (StrToAddrAndPortRange (*av, &r->raddr, protoName,
&portRange) != 0)
errx(EX_DATAERR, "redirect_port:"
"invalid remote port range");
} else {
- SETLOPORT(portRange, 0);
+ SETLOPORT(portRange, 0);
SETNUMPORTS(portRange, 1);
StrToAddr (*av, &r->raddr);
}
@@ -514,17 +513,17 @@ setup_redir_port(char *spool_buf, unsigned int len,
r->rport = GETLOPORT(portRange);
r->rport_cnt = GETNUMPORTS(portRange);
- /*
+ /*
* Make sure port ranges match up, then add the redirect ports.
*/
if (numLocalPorts != r->pport_cnt)
- errx(EX_DATAERR, "redirect_port:"
+ errx(EX_DATAERR, "redirect_port:"
"port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
- if (r->rport_cnt != numLocalPorts &&
+ if (r->rport_cnt != numLocalPorts &&
(r->rport_cnt != 1 || r->rport != 0))
- errx(EX_DATAERR, "redirect_port: remote port must"
+ errx(EX_DATAERR, "redirect_port: remote port must"
"be 0 or equal to local port range in size");
/*
@@ -553,7 +552,7 @@ setup_redir_port(char *spool_buf, unsigned int len,
tmp->port = r->pport;
}
} else {
- if (StrToAddrAndPortRange(sep, &tmp->addr,
+ if (StrToAddrAndPortRange(sep, &tmp->addr,
protoName, &portRange) != 0)
errx(EX_DATAERR, "redirect_port:"
"invalid local port range");
@@ -576,7 +575,7 @@ nospace:
static int
setup_redir_proto(char *spool_buf, unsigned int len,
- int *_ac, char ***_av)
+ int *_ac, char ***_av)
{
char **av;
int ac, space;
@@ -591,7 +590,7 @@ setup_redir_proto(char *spool_buf, unsigned int len,
spool_buf = &spool_buf[SOF_REDIR];
space = SOF_REDIR;
len -= SOF_REDIR;
- } else
+ } else
goto nospace;
r->mode = REDIR_PROTO;
/*
@@ -700,7 +699,7 @@ print_nat_config(unsigned char *buf)
s = (struct cfg_spool *)&buf[off];
if (i)
printf(",");
- else
+ else
printf(" ");
printf("%s", inet_ntoa(s->addr));
off += SOF_SPOOL;
@@ -713,21 +712,21 @@ print_nat_config(unsigned char *buf)
if (!t->spool_cnt) {
printf("%s:%u", inet_ntoa(t->laddr), t->lport);
if (t->pport_cnt > 1)
- printf("-%u", t->lport +
+ printf("-%u", t->lport +
t->pport_cnt - 1);
} else
for (i=0; i < t->spool_cnt; i++) {
s = (struct cfg_spool *)&buf[off];
if (i)
printf(",");
- printf("%s:%u", inet_ntoa(s->addr),
+ printf("%s:%u", inet_ntoa(s->addr),
s->port);
off += SOF_SPOOL;
}
printf(" ");
if (t->paddr.s_addr)
- printf("%s:", inet_ntoa(t->paddr));
+ printf("%s:", inet_ntoa(t->paddr));
printf("%u", t->pport);
if (!t->spool_cnt && t->pport_cnt > 1)
printf("-%u", t->pport + t->pport_cnt - 1);
@@ -737,14 +736,14 @@ print_nat_config(unsigned char *buf)
if (t->rport) {
printf(":%u", t->rport);
if (!t->spool_cnt && t->rport_cnt > 1)
- printf("-%u", t->rport +
+ printf("-%u", t->rport +
t->rport_cnt - 1);
}
}
break;
case REDIR_PROTO:
p = getprotobynumber(t->proto);
- printf(" redirect_proto %s %s", p->p_name,
+ printf(" redirect_proto %s %s", p->p_name,
inet_ntoa(t->laddr));
if (t->paddr.s_addr != 0) {
printf(" %s", inet_ntoa(t->paddr));
@@ -763,7 +762,7 @@ print_nat_config(unsigned char *buf)
void
ipfw_config_nat(int ac, char **av)
{
- struct cfg_nat *n; /* Nat instance configuration. */
+ struct cfg_nat *n; /* Nat instance configuration. */
int i, len, off, tok;
char *id, buf[NAT_BUF_LEN]; /* Buffer for serialized data. */
@@ -777,12 +776,12 @@ ipfw_config_nat(int ac, char **av)
/* Nat id. */
if (ac && isdigit(**av)) {
id = *av;
- i = atoi(*av);
+ i = atoi(*av);
ac--; av++;
n->id = i;
- } else
+ } else
errx(EX_DATAERR, "missing nat id");
- if (ac == 0)
+ if (ac == 0)
errx(EX_DATAERR, "missing option");
while (ac > 0) {
@@ -790,15 +789,15 @@ ipfw_config_nat(int ac, char **av)
ac--; av++;
switch (tok) {
case TOK_IP:
- if (ac == 0)
+ if (ac == 0)
errx(EX_DATAERR, "missing option");
if (!inet_aton(av[0], &(n->ip)))
- errx(EX_DATAERR, "bad ip address ``%s''",
+ errx(EX_DATAERR, "bad ip address ``%s''",
av[0]);
ac--; av++;
- break;
+ break;
case TOK_IF:
- if (ac == 0)
+ if (ac == 0)
errx(EX_DATAERR, "missing option");
set_addr_dynamic(av[0], n);
ac--; av++;
@@ -824,9 +823,9 @@ ipfw_config_nat(int ac, char **av)
case TOK_PROXY_ONLY:
n->mode |= PKT_ALIAS_PROXY_ONLY;
break;
- /*
- * All the setup_redir_* functions work directly in the final
- * buffer, see above for details.
+ /*
+ * All the setup_redir_* functions work directly in
+ * the final buffer, see above for details.
*/
case TOK_REDIR_ADDR:
case TOK_REDIR_PORT:
@@ -834,10 +833,10 @@ ipfw_config_nat(int ac, char **av)
switch (tok) {
case TOK_REDIR_ADDR:
i = setup_redir_addr(&buf[off], len, &ac, &av);
- break;
+ break;
case TOK_REDIR_PORT:
i = setup_redir_port(&buf[off], len, &ac, &av);
- break;
+ break;
case TOK_REDIR_PROTO:
i = setup_redir_proto(&buf[off], len, &ac, &av);
break;
@@ -888,7 +887,7 @@ ipfw_show_nat(int ac, char **av)
/* Parse parameters. */
for (cmd = IP_FW_NAT_GET_LOG, do_cfg = 0; ac != 0; ac--, av++) {
if (!strncmp(av[0], "config", strlen(av[0]))) {
- cmd = IP_FW_NAT_GET_CONFIG, do_cfg = 1;
+ cmd = IP_FW_NAT_GET_CONFIG, do_cfg = 1;
continue;
}
/* Convert command line rule #. */
@@ -920,7 +919,7 @@ ipfw_show_nat(int ac, char **av)
i += sizeof(struct cfg_nat);
for (redir_cnt = 0; redir_cnt < n->redir_cnt; redir_cnt++) {
e = (struct cfg_redir *)&data[i];
- i += sizeof(struct cfg_redir) + e->spool_cnt *
+ i += sizeof(struct cfg_redir) + e->spool_cnt *
sizeof(struct cfg_spool);
}
}
OpenPOWER on IntegriCloud