/usr/src/sbin/ifconfig/brconfig.c

Bug Summary

File:	src/sbin/ifconfig/brconfig.c
Warning:	line 851, column 2 Value stored to 'ifrp' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name brconfig.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sbin/ifconfig/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/sbin/ifconfig/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/sbin/ifconfig/brconfig.c

1	/* $OpenBSD: brconfig.c,v 1.32 2023/11/23 03:38:34 dlg Exp $ */
2
3	/*
4	* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
5	* All rights reserved.
6	*
7	* Redistribution and use in source and binary forms, with or without
8	* modification, are permitted provided that the following conditions
9	* are met:
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
20	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
25	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26	* POSSIBILITY OF SUCH DAMAGE.
27	*/
28
29	#ifndef SMALL
30
31	#include <stdio.h>
32	#include <sys/types.h>
33	#include <sys/stdint.h>
34	#include <unistd.h>
35	#include <stdlib.h>
36	#include <sys/socket.h>
37	#include <sys/ioctl.h>
38	#include <net/if.h>
39	#include <netinet/in.h>
40	#include <netinet/if_ether.h>
41	#include <net/if_bridge.h>
42	#include <netdb.h>
43	#include <string.h>
44	#include <err.h>
45	#include <errno(*__errno()).h>
46	#include <getopt.h>
47	#include <limits.h>
48	#include <arpa/inet.h>
49
50	#include "ifconfig.h"
51
52	void bridge_ifsetflag(const char *, u_int32_t);
53	void bridge_ifclrflag(const char *, u_int32_t);
54
55	void bridge_list(char *);
56	void bridge_cfg(const char *);
57	void bridge_badrule(int, char **, int);
58	void bridge_showrule(struct ifbrlreq *);
59	int bridge_arprule(struct ifbrlreq , int , char ***);
60
61	#define IFBAFBITS"\020\1STATIC" "\020\1STATIC"
62	#define IFBIFBITS"\020\1LEARNING\2DISCOVER\3BLOCKNONIP\4STP\5EDGE\6AUTOEDGE\7PTP\10AUTOPTP\11SPAN\15LOCAL" \
63	"\020\1LEARNING\2DISCOVER\3BLOCKNONIP\4STP\5EDGE\6AUTOEDGE\7PTP\10AUTOPTP\11SPAN\15LOCAL"
64
65	#define PV2ID(pv, epri, eaddr)do { epri = pv >> 48; eaddr[0] = pv >> 40; eaddr[ 1] = pv >> 32; eaddr[2] = pv >> 24; eaddr[3] = pv >> 16; eaddr[4] = pv >> 8; eaddr[5] = pv >> 0; } while (0) do { \
66	epri = pv >> 48; \
67	eaddr[0] = pv >> 40; \
68	eaddr[1] = pv >> 32; \
69	eaddr[2] = pv >> 24; \
70	eaddr[3] = pv >> 16; \
71	eaddr[4] = pv >> 8; \
72	eaddr[5] = pv >> 0; \
73	} while (0)
74
75	char *stpstates[] = {
76	"disabled",
77	"listening",
78	"learning",
79	"forwarding",
80	"blocking",
81	"discarding"
82	};
83	char *stpproto[] = {
84	"stp",
85	"(none)",
86	"rstp",
87	};
88	char *stproles[] = {
89	"disabled",
90	"root",
91	"designated",
92	"alternate",
93	"backup"
94	};
95
96
97	void
98	setdiscover(const char *val, int d)
99	{
100	bridge_ifsetflag(val, IFBIF_DISCOVER0x0002);
101	}
102
103	void
104	unsetdiscover(const char *val, int d)
105	{
106	bridge_ifclrflag(val, IFBIF_DISCOVER0x0002);
107	}
108
109	void
110	setblocknonip(const char *val, int d)
111	{
112	bridge_ifsetflag(val, IFBIF_BLOCKNONIP0x0004);
113	}
114
115	void
116	unsetblocknonip(const char *val, int d)
117	{
118	bridge_ifclrflag(val, IFBIF_BLOCKNONIP0x0004);
119	}
120
121	void
122	setlearn(const char *val, int d)
123	{
124	bridge_ifsetflag(val, IFBIF_LEARNING0x0001);
125	}
126
127	void
128	unsetlearn(const char *val, int d)
129	{
130	bridge_ifclrflag(val, IFBIF_LEARNING0x0001);
131	}
132
133	void
134	setstp(const char *val, int d)
135	{
136	bridge_ifsetflag(val, IFBIF_STP0x0008);
137	}
138
139	void
140	unsetstp(const char *val, int d)
141	{
142	bridge_ifclrflag(val, IFBIF_STP0x0008);
143	}
144
145	void
146	setedge(const char *val, int d)
147	{
148	bridge_ifsetflag(val, IFBIF_BSTP_EDGE0x0010);
149	}
150
151	void
152	unsetedge(const char *val, int d)
153	{
154	bridge_ifclrflag(val, IFBIF_BSTP_EDGE0x0010);
155	}
156
157	void
158	setautoedge(const char *val, int d)
159	{
160	bridge_ifsetflag(val, IFBIF_BSTP_AUTOEDGE0x0020);
161	}
162
163	void
164	unsetautoedge(const char *val, int d)
165	{
166	bridge_ifclrflag(val, IFBIF_BSTP_AUTOEDGE0x0020);
167	}
168
169	void
170	setptp(const char *val, int d)
171	{
172	bridge_ifsetflag(val, IFBIF_BSTP_PTP0x0040);
173	}
174
175	void
176	unsetptp(const char *val, int d)
177	{
178	bridge_ifclrflag(val, IFBIF_BSTP_PTP0x0040);
179	}
180
181	void
182	setautoptp(const char *val, int d)
183	{
184	bridge_ifsetflag(val, IFBIF_BSTP_AUTOPTP0x0080);
185	}
186
187	void
188	unsetautoptp(const char *val, int d)
189	{
190	bridge_ifclrflag(val, IFBIF_BSTP_AUTOPTP0x0080);
191	}
192
193	void
194	addlocal(const char *ifsname, int d)
195	{
196	struct ifbreq breq;
197
198	if (strncmp(ifsname, "vether", (sizeof("vether") - 1)) != 0)
199	errx(1, "only vether can be local interface");
200
201	/* Add local */
202	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
203	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
204	if (ioctl(sock, SIOCBRDGADDL((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((73))), (caddr_t)&breq) == -1) {
205	if (errno(*__errno()) == EEXIST17)
206	return;
207	else
208	err(1, "%s: ioctl SIOCBRDGADDL %s", ifname, ifsname);
209	}
210	}
211
212	void
213	bridge_ifsetflag(const char *ifsname, u_int32_t flag)
214	{
215	struct ifbreq req;
216
217	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
218	strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
219	if (ioctl(sock, SIOCBRDGGIFFLGS(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbreq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((62))), (caddr_t)&req) == -1)
220	err(1, "%s: ioctl SIOCBRDGGIFFLGS %s", ifname, ifsname);
221
222	req.ifbr_ifsflags \|= flag & ~IFBIF_RO_MASK0x0f00;
223
224	if (ioctl(sock, SIOCBRDGSIFFLGS((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((63))), (caddr_t)&req) == -1)
225	err(1, "%s: ioctl SIOCBRDGSIFFLGS %s", ifname, ifsname);
226	}
227
228	void
229	bridge_ifclrflag(const char *ifsname, u_int32_t flag)
230	{
231	struct ifbreq req;
232
233	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
234	strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
235
236	if (ioctl(sock, SIOCBRDGGIFFLGS(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbreq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((62))), (caddr_t)&req) == -1)
237	err(1, "%s: ioctl SIOCBRDGGIFFLGS %s", ifname, ifsname);
238
239	req.ifbr_ifsflags &= ~(flag \| IFBIF_RO_MASK0x0f00);
240
241	if (ioctl(sock, SIOCBRDGSIFFLGS((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((63))), (caddr_t)&req) == -1)
242	err(1, "%s: ioctl SIOCBRDGSIFFLGS %s", ifname, ifsname);
243	}
244
245	void
246	bridge_flushall(const char *val, int p)
247	{
248	struct ifbreq req;
249
250	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
251	req.ifbr_ifsflags = IFBF_FLUSHALL0x1;
252	if (ioctl(sock, SIOCBRDGFLUSH((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((72))), &req) == -1)
253	err(1, "%s", ifname);
254	}
255
256	void
257	bridge_flush(const char *val, int p)
258	{
259	struct ifbreq req;
260
261	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
262	req.ifbr_ifsflags = IFBF_FLUSHDYN0x0;
263	if (ioctl(sock, SIOCBRDGFLUSH((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((72))), &req) == -1)
264	err(1, "%s", ifname);
265	}
266
267	void
268	bridge_cfg(const char *delim)
269	{
270	struct ifbropreq ifbp;
271	u_int16_t pri;
272	u_int8_t ht, fd, ma, hc, proto;
273	u_int8_t lladdr[ETHER_ADDR_LEN6];
274	u_int16_t bprio;
275
276	strlcpy(ifbp.ifbop_name, ifname, sizeof(ifbp.ifbop_name));
277	if (ioctl(sock, SIOCBRDGGPARAM(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbropreq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((88))), (caddr_t)&ifbp) == -1) {
278	if (errno(*__errno()) == ENOTTY25)
279	return;
280	err(1, "%s SIOCBRDGGPARAM", ifname);
281	}
282
283	printf("%s", delim);
284	pri = ifbp.ifbop_priority;
285	ht = ifbp.ifbop_hellotime;
286	fd = ifbp.ifbop_fwddelay;
287	ma = ifbp.ifbop_maxage;
288	hc = ifbp.ifbop_holdcount;
289	proto = ifbp.ifbop_protocol;
290
291	printf("priority %u hellotime %u fwddelay %u maxage %u "
292	"holdcnt %u proto %s\n", pri, ht, fd, ma, hc, stpproto[proto]);
293
294	if (aflag)
295	return;
296
297	PV2ID(ifbp.ifbop_desg_bridge, bprio, lladdr)do { bprio = ifbp.ifbop_desg_bridge >> 48; lladdr[0] = ifbp .ifbop_desg_bridge >> 40; lladdr[1] = ifbp.ifbop_desg_bridge >> 32; lladdr[2] = ifbp.ifbop_desg_bridge >> 24; lladdr[3] = ifbp.ifbop_desg_bridge >> 16; lladdr[4] = ifbp .ifbop_desg_bridge >> 8; lladdr[5] = ifbp.ifbop_desg_bridge >> 0; } while (0);
298	printf("\tdesignated: id %s priority %u\n",
299	ether_ntoa((struct ether_addr *)lladdr), bprio);
300
301	if (ifbp.ifbop_root_bridge == ifbp.ifbop_desg_bridge)
302	return;
303
304	PV2ID(ifbp.ifbop_root_bridge, bprio, lladdr)do { bprio = ifbp.ifbop_root_bridge >> 48; lladdr[0] = ifbp .ifbop_root_bridge >> 40; lladdr[1] = ifbp.ifbop_root_bridge >> 32; lladdr[2] = ifbp.ifbop_root_bridge >> 24; lladdr[3] = ifbp.ifbop_root_bridge >> 16; lladdr[4] = ifbp .ifbop_root_bridge >> 8; lladdr[5] = ifbp.ifbop_root_bridge >> 0; } while (0);
305	printf("\troot: id %s priority %u ifcost %u port %u\n",
306	ether_ntoa((struct ether_addr *)lladdr), bprio,
307	ifbp.ifbop_root_path_cost, ifbp.ifbop_root_port & 0xfff);
308	}
309
310	void
311	bridge_list(char *delim)
312	{
313	struct ifbreq *reqp;
314	struct ifbifconf bifc;
315	int i, len = 8192;
316	char buf[sizeof(reqp->ifbr_ifsname) + 1], inbuf = NULL((void )0), *inb;
317
318	while (1) {
319	bifc.ifbic_len = len;
320	inb = realloc(inbuf, len);
321	if (inb == NULL((void *)0))
322	err(1, "malloc");
323	bifc.ifbic_bufifbic_ifbicu.ifbicu_buf = inbuf = inb;
324	strlcpy(bifc.ifbic_name, ifname, sizeof(bifc.ifbic_name));
325	if (ioctl(sock, SIOCBRDGIFS(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbreq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((66))), &bifc) == -1) {
326	if (errno(*__errno()) == ENOTTY25)
327	return;
328	err(1, "%s SIOCBRDGIFS", ifname);
329	}
330	if (bifc.ifbic_len + sizeof(*reqp) < len)
331	break;
332	len *= 2;
333	}
334	for (i = 0; i < bifc.ifbic_len / sizeof(*reqp); i++) {
335	reqp = bifc.ifbic_reqifbic_ifbicu.ifbicu_req + i;
336	strlcpy(buf, reqp->ifbr_ifsname, sizeof(buf));
337	printf("%s%s ", delim, buf);
338	printb("flags", reqp->ifbr_ifsflags, IFBIFBITS"\020\1LEARNING\2DISCOVER\3BLOCKNONIP\4STP\5EDGE\6AUTOEDGE\7PTP\10AUTOPTP\11SPAN\15LOCAL");
339	printf("\n");
340	if (reqp->ifbr_ifsflags & IFBIF_SPAN0x0100)
341	continue;
342	printf("\t\t");
343	printf("port %u ifpriority %u ifcost %u",
344	reqp->ifbr_portno, reqp->ifbr_priority,
345	reqp->ifbr_path_cost);
346	if (reqp->ifbr_protected) {
347	int v;
348
349	v = ffs(reqp->ifbr_protected);
350	printf(" protected %u", v);
351	while (++v < 32) {
352	if ((1 << (v - 1)) & reqp->ifbr_protected)
353	printf(",%u", v);
354	}
355	}
356	if (reqp->ifbr_ifsflags & IFBIF_STP0x0008)
357	printf(" %s role %s",
358	stpstates[reqp->ifbr_state],
359	stproles[reqp->ifbr_role]);
360	printf("\n");
361	bridge_rules(buf, 1);
362	}
363	free(bifc.ifbic_bufifbic_ifbicu.ifbicu_buf);
364	}
365
366	void
367	bridge_add(const char *ifn, int d)
368	{
369	struct ifbreq req;
370
371	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
372	strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
373	if (ioctl(sock, SIOCBRDGADD((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((60))), &req) == -1) {
374	if (errno(*__errno()) == EEXIST17)
375	return;
376	err(1, "%s: %s", ifname, ifn);
377	}
378	}
379
380	void
381	bridge_delete(const char *ifn, int d)
382	{
383	struct ifbreq req;
384
385	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
386	strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
387	if (ioctl(sock, SIOCBRDGDEL((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((61))), &req) == -1)
388	err(1, "%s: %s", ifname, ifn);
389	}
390
391	void
392	bridge_addspan(const char *ifn, int d)
393	{
394	struct ifbreq req;
395
396	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
397	strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
398	if (ioctl(sock, SIOCBRDGADDS((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((65))), &req) == -1) {
399	if (errno(*__errno()) == EEXIST17)
400	return;
401	err(1, "%s: %s", ifname, ifn);
402	}
403	}
404
405	void
406	bridge_delspan(const char *ifn, int d)
407	{
408	struct ifbreq req;
409
410	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
411	strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
412	if (ioctl(sock, SIOCBRDGDELS((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((66))), &req) == -1)
413	err(1, "%s: %s", ifname, ifn);
414	}
415
416	void
417	bridge_timeout(const char *arg, int d)
418	{
419	struct ifbrparam bp;
420	const char *errstr;
421
422	bp.ifbrp_ctimeifbrp_ifbrpu.ifbrpu_ctime = strtonum(arg, 0, UINT32_MAX0xffffffffU, &errstr);
423	if (errstr)
424	err(1, "timeout %s is: %s", arg, errstr);
425
426	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
427	if (ioctl(sock, SIOCBRDGSTO((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((69))), (caddr_t)&bp) == -1)
428	err(1, "%s", ifname);
429	}
430
431	void
432	bridge_maxage(const char *arg, int d)
433	{
434	struct ifbrparam bp;
435	const char *errstr;
436
437	bp.ifbrp_maxageifbrp_ifbrpu.ifbrpu_maxage = strtonum(arg, 0, UINT8_MAX0xff, &errstr);
438	if (errstr)
439	errx(1, "maxage %s is: %s", arg, errstr);
440
441	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
442	if (ioctl(sock, SIOCBRDGSMA((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((83))), (caddr_t)&bp) == -1)
443	err(1, "%s", ifname);
444	}
445
446	void
447	bridge_priority(const char *arg, int d)
448	{
449	struct ifbrparam bp;
450	const char *errstr;
451
452	bp.ifbrp_prioifbrp_ifbrpu.ifbrpu_prio = strtonum(arg, 0, UINT16_MAX0xffff, &errstr);
453	if (errstr)
454	errx(1, "spanpriority %s is: %s", arg, errstr);
455
456	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
457	if (ioctl(sock, SIOCBRDGSPRI((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((80))), (caddr_t)&bp) == -1)
458	err(1, "%s", ifname);
459	}
460
461	void
462	bridge_protect(const char ifsname, const char val)
463	{
464	struct ifbreq breq;
465	unsigned long v;
466	char optlist, str;
467	const char *errstr;
468
469	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
470	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
471	breq.ifbr_protected = 0;
472
473	/* We muck with the string, so copy it. */
474	optlist = strdup(val);
475	if (optlist == NULL((void *)0))
476	err(1, "strdup");
477
478	str = strtok(optlist, ",");
479	while (str != NULL((void *)0)) {
480	v = strtonum(str, 1, 31, &errstr);
481	if (errstr)
482	err(1, "protected domain %s is: %s", str, errstr);
483	breq.ifbr_protected \|= (1 << (v - 1));
484	str = strtok(NULL((void *)0), ",");
485	}
486
487	if (ioctl(sock, SIOCBRDGSIFPROT((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((74))), (caddr_t)&breq) == -1)
488	err(1, "%s: %s", ifname, val);
489
490	free(optlist);
491	}
492
493	void
494	bridge_unprotect(const char *ifsname, int d)
495	{
496	struct ifbreq breq;
497
498	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
499	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
500
501	breq.ifbr_protected = 0;
502
503	if (ioctl(sock, SIOCBRDGSIFPROT((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((74))), (caddr_t)&breq) == -1)
504	err(1, "%s: %d", ifname, 0);
505	}
506
507	void
508	bridge_proto(const char *arg, int d)
509	{
510	struct ifbrparam bp;
511	int i, proto = -1;
512
513	for (i = 0; i <= BSTP_PROTO_MAX0x02; i++)
514	if (strcmp(arg, stpproto[i]) == 0) {
515	proto = i;
516	break;
517	}
518	if (proto == -1)
519	errx(1, "invalid arg for proto: %s", arg);
520
521	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
522	bp.ifbrp_prioifbrp_ifbrpu.ifbrpu_prio = proto;
523	if (ioctl(sock, SIOCBRDGSPROTO((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((90))), (caddr_t)&bp) == -1)
524	err(1, "%s", ifname);
525	}
526
527	void
528	bridge_fwddelay(const char *arg, int d)
529	{
530	struct ifbrparam bp;
531	const char *errstr;
532
533	bp.ifbrp_fwddelayifbrp_ifbrpu.ifbrpu_fwddelay = strtonum(arg, 0, UINT8_MAX0xff, &errstr);
534	if (errstr)
535	errx(1, "fwddelay %s is: %s", arg, errstr);
536
537	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
538
539	if (ioctl(sock, SIOCBRDGSFD((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((82))), (caddr_t)&bp) == -1)
540	err(1, "%s", ifname);
541	}
542
543	void
544	bridge_hellotime(const char *arg, int d)
545	{
546	struct ifbrparam bp;
547	const char *errstr;
548
549	bp.ifbrp_hellotimeifbrp_ifbrpu.ifbrpu_hellotime = strtonum(arg, 0, UINT8_MAX0xff, &errstr);
550	if (errstr)
551	errx(1, "hellotime %s is: %s", arg, errstr);
552
553	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
554
555	if (ioctl(sock, SIOCBRDGSHT((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((81))), (caddr_t)&bp) == -1)
556	err(1, "%s", ifname);
557	}
558
559	void
560	bridge_maxaddr(const char *arg, int d)
561	{
562	struct ifbrparam bp;
563	const char *errstr;
564
565	bp.ifbrp_csizeifbrp_ifbrpu.ifbrpu_csize = strtonum(arg, 0, UINT32_MAX0xffffffffU, &errstr);
566	if (errstr)
567	errx(1, "maxaddr %s is: %s", arg, errstr);
568
569	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
570	if (ioctl(sock, SIOCBRDGSCACHE((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((64))), (caddr_t)&bp) == -1)
571	err(1, "%s", ifname);
572	}
573
574	void
575	bridge_deladdr(const char *addr, int d)
576	{
577	struct ifbareq ifba;
578	struct ether_addr *ea;
579
580	strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
581	ea = ether_aton(addr);
582	if (ea == NULL((void *)0))
583	err(1, "Invalid address: %s", addr);
584
585	bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
586
587	if (ioctl(sock, SIOCBRDGDADDR((unsigned long)0x80000000 \| ((sizeof(struct ifbareq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((71))), &ifba) == -1)
588	err(1, "%s: %s", ifname, addr);
589	}
590
591	void
592	bridge_ifprio(const char ifsname, const char val)
593	{
594	struct ifbreq breq;
595	const char *errstr;
596
597	breq.ifbr_priority = strtonum(val, 0, UINT8_MAX0xff, &errstr);
598	if (errstr)
599	errx(1, "ifpriority %s is: %s", val, errstr);
600
601	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
602	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
603
604	if (ioctl(sock, SIOCBRDGSIFPRIO((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((84))), (caddr_t)&breq) == -1)
605	err(1, "%s: %s", ifname, val);
606	}
607
608	void
609	bridge_ifcost(const char ifsname, const char val)
610	{
611	struct ifbreq breq;
612	const char *errstr;
613
614	breq.ifbr_path_cost = strtonum(val, 0, UINT32_MAX0xffffffffU, &errstr);
615	if (errstr)
616	errx(1, "ifcost %s is: %s", val, errstr);
617
618	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
619	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
620
621	if (ioctl(sock, SIOCBRDGSIFCOST((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((85))), (caddr_t)&breq) == -1)
622	err(1, "%s: %s", ifname, val);
623	}
624
625	void
626	bridge_noifcost(const char *ifsname, int d)
627	{
628	struct ifbreq breq;
629
630	strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
631	strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
632
633	breq.ifbr_path_cost = 0;
634
635	if (ioctl(sock, SIOCBRDGSIFCOST((unsigned long)0x80000000 \| ((sizeof(struct ifbreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((85))), (caddr_t)&breq) == -1)
636	err(1, "%s", ifname);
637	}
638
639	void
640	bridge_addaddr(const char ifsname, const char addr)
641	{
642	struct ifbareq ifba;
643	struct ether_addr *ea;
644
645	strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
646	strlcpy(ifba.ifba_ifsname, ifsname, sizeof(ifba.ifba_ifsname));
647
648	ea = ether_aton(addr);
649	if (ea == NULL((void *)0))
650	errx(1, "Invalid address: %s", addr);
651
652	bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
653	ifba.ifba_flags = IFBAF_STATIC0x01;
654
655	if (ioctl(sock, SIOCBRDGSADDR(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbareq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((68))), &ifba) == -1)
656	err(1, "%s: %s", ifname, addr);
657	}
658
659	void
660	bridge_addendpoint(const char endpoint, const char addr)
661	{
662	struct ifbareq ifba;
663	struct ether_addr *ea;
664	struct addrinfo *res;
665	int ecode;
666
667	/* should we handle ports? */
668	ecode = getaddrinfo(endpoint, NULL((void )0), NULL((void )0), &res);
669	if (ecode != 0) {
670	errx(1, "%s endpoint %s: %s", ifname, endpoint,
671	gai_strerror(ecode));
672	}
673	if (res->ai_addrlen > sizeof(ifba.ifba_dstsa))
674	errx(1, "%s: addrlen > dstsa", __func__);
675
676	ea = ether_aton(addr);
677	if (ea == NULL((void *)0)) {
678	errx(1, "%s endpoint %s %s: invalid Ethernet address",
679	ifname, endpoint, addr);
680	}
681
682	memset(&ifba, 0, sizeof(ifba));
683	strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
684	strlcpy(ifba.ifba_ifsname, ifname, sizeof(ifba.ifba_ifsname));
685	memcpy(&ifba.ifba_dst, ea, sizeof(struct ether_addr));
686	memcpy(&ifba.ifba_dstsa, res->ai_addr, res->ai_addrlen);
687	ifba.ifba_flags = IFBAF_STATIC0x01;
688
689	freeaddrinfo(res);
690
691	if (ioctl(sock, SIOCBRDGSADDR(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbareq) & 0x1fff) << 16) \| ((('i')) << 8) \| ((68))), &ifba) == -1)
692	err(1, "%s endpoint %s %s", ifname, endpoint, addr);
693	}
694
695	void
696	bridge_addrs(const char *delim, int d)
697	{
698	char dstaddr[NI_MAXHOST256];
699	char dstport[NI_MAXSERV32];
700	const int niflag = NI_NUMERICHOST1\|NI_DGRAM16;
701	struct ifbaconf ifbac;
702	struct ifbareq *ifba;
703	char inbuf = NULL((void )0), buf[sizeof(ifba->ifba_ifsname) + 1], *inb;
704	struct sockaddr *sa;
705	int i, len = 8192;
706
707	/* ifconfig will call us with the argv of the command */
708	if (strcmp(delim, "addr") == 0)
709	delim = "";
710
711	while (1) {
712	ifbac.ifbac_len = len;
713	inb = realloc(inbuf, len);
714	if (inb == NULL((void *)0))
715	err(1, "malloc");
716	ifbac.ifbac_bufifbac_ifbacu.ifbacu_buf = inbuf = inb;
717	strlcpy(ifbac.ifbac_name, ifname, sizeof(ifbac.ifbac_name));
718	if (ioctl(sock, SIOCBRDGRTS(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbaconf) & 0x1fff) << 16) \| ((('i')) << 8) \| ((67))), &ifbac) == -1) {
719	if (errno(*__errno()) == ENETDOWN50)
720	return;
721	err(1, "%s", ifname);
722	}
723	if (ifbac.ifbac_len + sizeof(*ifba) < len)
724	break;
725	len *= 2;
726	}
727
728	for (i = 0; i < ifbac.ifbac_len / sizeof(*ifba); i++) {
729	ifba = ifbac.ifbac_reqifbac_ifbacu.ifbacu_req + i;
730	strlcpy(buf, ifba->ifba_ifsname, sizeof(buf));
731	printf("%s%s %s %u ", delim, ether_ntoa(&ifba->ifba_dst),
732	buf, ifba->ifba_age);
733	sa = (struct sockaddr *)&ifba->ifba_dstsa;
734	printb("flags", ifba->ifba_flags, IFBAFBITS"\020\1STATIC");
735	if (sa->sa_family != AF_UNSPEC0 &&
736	getnameinfo(sa, sa->sa_len,
737	dstaddr, sizeof(dstaddr),
738	dstport, sizeof(dstport), niflag) == 0)
739	printf(" tunnel %s:%s", dstaddr, dstport);
740	printf("\n");
741	}
742	free(inbuf);
743	}
744
745	void
746	bridge_holdcnt(const char *value, int d)
747	{
748	struct ifbrparam bp;
749	const char *errstr;
750
751	bp.ifbrp_txhcifbrp_ifbrpu.ifbrpu_txhc = strtonum(value, 0, UINT8_MAX0xff, &errstr);
752	if (errstr)
753	err(1, "holdcnt %s is: %s", value, errstr);
754
755	strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
756	if (ioctl(sock, SIOCBRDGSTXHC((unsigned long)0x80000000 \| ((sizeof(struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((89))), (caddr_t)&bp) == -1)
757	err(1, "%s", ifname);
758	}
759
760	/*
761	* Check to make sure interface is really a bridge interface.
762	*/
763	int
764	is_bridge()
765	{
766	struct ifbaconf ifbac;
767
768	ifbac.ifbac_len = 0;
769	strlcpy(ifbac.ifbac_name, ifname, sizeof(ifbac.ifbac_name));
770	if (ioctl(sock, SIOCBRDGRTS(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbaconf) & 0x1fff) << 16) \| ((('i')) << 8) \| ((67))), (caddr_t)&ifbac) == -1) {
771	if (errno(*__errno()) == ENETDOWN50)
772	return (1);
773	return (0);
774	}
775	return (1);
776	}
777
778	/* no tpmr(4) specific ioctls, name is enough if ifconfig.c:printif() passed */
779	int
780	is_tpmr(void)
781	{
782	return (strncmp(ifname, "tpmr", sizeof("tpmr") - 1) == 0);
783	}
784
785	void
786	bridge_status(void)
787	{
788	struct ifbrparam bp1, bp2;
789
790	if (is_tpmr()) {
791	bridge_list("\t");
792	return;
793	}
794
795	if (!is_bridge())
796	return;
797
798	bridge_cfg("\t");
799	bridge_list("\t");
800
801	if (aflag && !ifaliases)
802	return;
803
804	strlcpy(bp1.ifbrp_name, ifname, sizeof(bp1.ifbrp_name));
805	if (ioctl(sock, SIOCBRDGGCACHE(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((65))), (caddr_t)&bp1) == -1)
806	return;
807
808	strlcpy(bp2.ifbrp_name, ifname, sizeof(bp2.ifbrp_name));
809	if (ioctl(sock, SIOCBRDGGTO(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbrparam) & 0x1fff) << 16) \| ((('i')) << 8) \| ((70))), (caddr_t)&bp2) == -1)
810	return;
811
812	printf("\tAddresses (max cache: %u, timeout: %u):\n",
813	bp1.ifbrp_csizeifbrp_ifbrpu.ifbrpu_csize, bp2.ifbrp_ctimeifbrp_ifbrpu.ifbrpu_ctime);
814
815	bridge_addrs("\t\t", 0);
816	}
817
818	void
819	bridge_flushrule(const char *ifsname, int d)
820	{
821	struct ifbrlreq req;
822
823	strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
824	strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
825	if (ioctl(sock, SIOCBRDGFRL((unsigned long)0x80000000 \| ((sizeof(struct ifbrlreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((78))), &req) == -1)
826	err(1, "%s: %s", ifname, ifsname);
827	}
828
829	void
830	bridge_rules(const char *ifsname, int usetab)
831	{
832	char inbuf = NULL((void )0), *inb;
833	struct ifbrlconf ifc;
834	struct ifbrlreq *ifrp;
835	int len = 8192, i;
836
837	while (1) {
838	ifc.ifbrl_len = len;
839	inb = realloc(inbuf, len);
840	if (inb == NULL((void *)0))
841	err(1, "malloc");
842	ifc.ifbrl_bufifbrl_ifbrlu.ifbrlu_buf = inbuf = inb;
843	strlcpy(ifc.ifbrl_name, ifname, sizeof(ifc.ifbrl_name));
844	strlcpy(ifc.ifbrl_ifsname, ifsname, sizeof(ifc.ifbrl_ifsname));
845	if (ioctl(sock, SIOCBRDGGRL(((unsigned long)0x80000000\|(unsigned long)0x40000000) \| ((sizeof (struct ifbrlconf) & 0x1fff) << 16) \| ((('i')) << 8) \| ((79))), &ifc) == -1)
846	err(1, "ioctl(SIOCBRDGGRL)");
847	if (ifc.ifbrl_len + sizeof(*ifrp) < len)
848	break;
849	len *= 2;
850	}
851	ifrp = ifc.ifbrl_reqifbrl_ifbrlu.ifbrlu_req;
	Value stored to 'ifrp' is never read
852	for (i = 0; i < ifc.ifbrl_len; i += sizeof(*ifrp)) {
853	ifrp = (struct ifbrlreq *)((caddr_t)ifc.ifbrl_reqifbrl_ifbrlu.ifbrlu_req + i);
854
855	if (usetab)
856	printf("\t");
857
858	bridge_showrule(ifrp);
859	}
860	}
861
862	void
863	bridge_showrule(struct ifbrlreq *r)
864	{
865	if (r->ifbr_action == BRL_ACTION_BLOCK0x01)
866	printf("block ");
867	else if (r->ifbr_action == BRL_ACTION_PASS0x02)
868	printf("pass ");
869	else
870	printf("[neither block nor pass?]\n");
871
872	if ((r->ifbr_flags & (BRL_FLAG_IN0x08 \| BRL_FLAG_OUT0x04)) ==
873	(BRL_FLAG_IN0x08 \| BRL_FLAG_OUT0x04))
874	printf("in/out ");
875	else if (r->ifbr_flags & BRL_FLAG_IN0x08)
876	printf("in ");
877	else if (r->ifbr_flags & BRL_FLAG_OUT0x04)
878	printf("out ");
879	else
880	printf("[neither in nor out?]\n");
881
882	printf("on %s", r->ifbr_ifsname);
883
884	if (r->ifbr_flags & BRL_FLAG_SRCVALID0x02)
885	printf(" src %s", ether_ntoa(&r->ifbr_src));
886	if (r->ifbr_flags & BRL_FLAG_DSTVALID0x01)
887	printf(" dst %s", ether_ntoa(&r->ifbr_dst));
888	if (r->ifbr_tagname[0])
889	printf(" tag %s", r->ifbr_tagname);
890
891	if (r->ifbr_arpf.brla_flags & BRLA_ARP0x01)
892	printf(" arp");
893	if (r->ifbr_arpf.brla_flags & BRLA_RARP0x02)
894	printf(" rarp");
895	if (r->ifbr_arpf.brla_op == ARPOP_REQUEST1 \|\|
896	r->ifbr_arpf.brla_op == ARPOP_REVREQUEST3)
897	printf(" request");
898	if (r->ifbr_arpf.brla_op == ARPOP_REPLY2 \|\|
899	r->ifbr_arpf.brla_op == ARPOP_REVREPLY4)
900	printf(" reply");
901	if (r->ifbr_arpf.brla_flags & BRLA_SHA0x10)
902	printf(" sha %s", ether_ntoa(&r->ifbr_arpf.brla_sha));
903	if (r->ifbr_arpf.brla_flags & BRLA_THA0x40)
904	printf(" tha %s", ether_ntoa(&r->ifbr_arpf.brla_tha));
905	if (r->ifbr_arpf.brla_flags & BRLA_SPA0x20)
906	printf(" spa %s", inet_ntoa(r->ifbr_arpf.brla_spa));
907	if (r->ifbr_arpf.brla_flags & BRLA_TPA0x80)
908	printf(" tpa %s", inet_ntoa(r->ifbr_arpf.brla_tpa));
909
910	printf("\n");
911	}
912
913	/*
914	* Parse a rule definition and send it upwards.
915	*
916	* Syntax:
917	* {block\|pass} {in\|out\|in/out} on {ifs} [src {mac}] [dst {mac}]
918	*/
919	int
920	bridge_rule(int targc, char **targv, int ln)
921	{
922	char **argv = targv;
923	int argc = targc;
924	struct ifbrlreq rule;
925	struct ether_addr ea, dea;
926
927	if (argc == 0) {
928	warnx("invalid rule");
929	return (1);
930	}
931	bzero(&rule, sizeof(rule));
932	strlcpy(rule.ifbr_name, ifname, sizeof(rule.ifbr_name));
933
934	if (strcmp(argv[0], "block") == 0)
935	rule.ifbr_action = BRL_ACTION_BLOCK0x01;
936	else if (strcmp(argv[0], "pass") == 0)
937	rule.ifbr_action = BRL_ACTION_PASS0x02;
938	else
939	goto bad_rule;
940	argc--; argv++;
941
942	if (argc == 0) {
943	bridge_badrule(targc, targv, ln);
944	return (1);
945	}
946	if (strcmp(argv[0], "in") == 0)
947	rule.ifbr_flags \|= BRL_FLAG_IN0x08;
948	else if (strcmp(argv[0], "out") == 0)
949	rule.ifbr_flags \|= BRL_FLAG_OUT0x04;
950	else if (strcmp(argv[0], "in/out") == 0)
951	rule.ifbr_flags \|= BRL_FLAG_IN0x08 \| BRL_FLAG_OUT0x04;
952	else if (strcmp(argv[0], "on") == 0) {
953	rule.ifbr_flags \|= BRL_FLAG_IN0x08 \| BRL_FLAG_OUT0x04;
954	argc++; argv--;
955	} else
956	goto bad_rule;
957	argc--; argv++;
958
959	if (argc == 0 \|\| strcmp(argv[0], "on"))
960	goto bad_rule;
961	argc--; argv++;
962
963	if (argc == 0)
964	goto bad_rule;
965	strlcpy(rule.ifbr_ifsname, argv[0], sizeof(rule.ifbr_ifsname));
966	argc--; argv++;
967
968	while (argc) {
969	dea = NULL((void *)0);
970	if (strcmp(argv[0], "dst") == 0) {
971	if (rule.ifbr_flags & BRL_FLAG_DSTVALID0x01)
972	goto bad_rule;
973	rule.ifbr_flags \|= BRL_FLAG_DSTVALID0x01;
974	dea = &rule.ifbr_dst;
975	argc--; argv++;
976	} else if (strcmp(argv[0], "src") == 0) {
977	if (rule.ifbr_flags & BRL_FLAG_SRCVALID0x02)
978	goto bad_rule;
979	rule.ifbr_flags \|= BRL_FLAG_SRCVALID0x02;
980	dea = &rule.ifbr_src;
981	argc--; argv++;
982	} else if (strcmp(argv[0], "tag") == 0) {
983	if (argc < 2) {
984	warnx("missing tag name");
985	goto bad_rule;
986	}
987	if (rule.ifbr_tagname[0]) {
988	warnx("tag already defined");
989	goto bad_rule;
990	}
991	argc--; argv++;
992	if (strlcpy(rule.ifbr_tagname, argv[0],
993	PF_TAG_NAME_SIZE64) > PF_TAG_NAME_SIZE64) {
994	warnx("tag name '%s' too long", argv[0]);
995	goto bad_rule;
996	}
997	argc--; argv++;
998	} else if (strcmp(argv[0], "arp") == 0) {
999	rule.ifbr_arpf.brla_flags \|= BRLA_ARP0x01;
1000	argc--; argv++;
1001	if (bridge_arprule(&rule, &argc, &argv) == -1)
1002	goto bad_rule;
1003	} else if (strcmp(argv[0], "rarp") == 0) {
1004	rule.ifbr_arpf.brla_flags \|= BRLA_RARP0x02;
1005	argc--; argv++;
1006	if (bridge_arprule(&rule, &argc, &argv) == -1)
1007	goto bad_rule;
1008	} else
1009	goto bad_rule;
1010
1011	if (dea != NULL((void *)0)) {
1012	if (argc == 0)
1013	goto bad_rule;
1014	ea = ether_aton(argv[0]);
1015	if (ea == NULL((void *)0)) {
1016	warnx("invalid address: %s", argv[0]);
1017	return (1);
1018	}
1019	bcopy(ea, dea, sizeof(*dea));
1020	argc--; argv++;
1021	}
1022	}
1023
1024	if (ioctl(sock, SIOCBRDGARL((unsigned long)0x80000000 \| ((sizeof(struct ifbrlreq) & 0x1fff ) << 16) \| ((('i')) << 8) \| ((77))), &rule) == -1) {
1025	warn("%s", ifname);
1026	return (1);
1027	}
1028	return (0);
1029
1030	bad_rule:
1031	bridge_badrule(targc, targv, ln);
1032	return (1);
1033	}
1034
1035	int
1036	bridge_arprule(struct ifbrlreq rule, int argc, char ***argv)
1037	{
1038	while (*argc) {
1039	struct ether_addr ea, dea = NULL((void *)0);
1040	struct in_addr ia, dia = NULL((void )0);
1041
1042	if (strcmp((*argv)[0], "request") == 0) {
1043	if (rule->ifbr_arpf.brla_flags & BRLA_ARP0x01)
1044	rule->ifbr_arpf.brla_op = ARPOP_REQUEST1;
1045	else if (rule->ifbr_arpf.brla_flags & BRLA_RARP0x02)
1046	rule->ifbr_arpf.brla_op = ARPOP_REVREQUEST3;
1047	else
1048	errx(1, "bridge_arprule: arp/rarp undefined");
1049	} else if (strcmp((*argv)[0], "reply") == 0) {
1050	if (rule->ifbr_arpf.brla_flags & BRLA_ARP0x01)
1051	rule->ifbr_arpf.brla_op = ARPOP_REPLY2;
1052	else if (rule->ifbr_arpf.brla_flags & BRLA_RARP0x02)
1053	rule->ifbr_arpf.brla_op = ARPOP_REVREPLY4;
1054	else
1055	errx(1, "bridge_arprule: arp/rarp undefined");
1056	} else if (strcmp((*argv)[0], "sha") == 0) {
1057	rule->ifbr_arpf.brla_flags \|= BRLA_SHA0x10;
1058	dea = &rule->ifbr_arpf.brla_sha;
1059	} else if (strcmp((*argv)[0], "tha") == 0) {
1060	rule->ifbr_arpf.brla_flags \|= BRLA_THA0x40;
1061	dea = &rule->ifbr_arpf.brla_tha;
1062	} else if (strcmp((*argv)[0], "spa") == 0) {
1063	rule->ifbr_arpf.brla_flags \|= BRLA_SPA0x20;
1064	dia = &rule->ifbr_arpf.brla_spa;
1065	} else if (strcmp((*argv)[0], "tpa") == 0) {
1066	rule->ifbr_arpf.brla_flags \|= BRLA_TPA0x80;
1067	dia = &rule->ifbr_arpf.brla_tpa;
1068	} else
1069	return (0);
1070
1071	(argc)--; (argv)++;
1072	if (dea != NULL((void *)0)) {
1073	if (*argc == 0)
1074	return (-1);
1075	ea = ether_aton((*argv)[0]);
1076	if (ea == NULL((void *)0)) {
1077	warnx("invalid address: %s", (*argv)[0]);
1078	return (-1);
1079	}
1080	bcopy(ea, dea, sizeof(*dea));
1081	(argc)--; (argv)++;
1082	}
1083	if (dia != NULL((void *)0)) {
1084	if (*argc == 0)
1085	return (-1);
1086	ia.s_addr = inet_addr((*argv)[0]);
1087	if (ia.s_addr == INADDR_NONE((u_int32_t)(0xffffffff))) {
1088	warnx("invalid address: %s", (*argv)[0]);
1089	return (-1);
1090	}
1091	bcopy(&ia, dia, sizeof(*dia));
1092	(argc)--; (argv)++;
1093	}
1094	}
1095	return (0);
1096	}
1097
1098
1099	#define MAXRULEWORDS32 32
1100
1101	void
1102	bridge_rulefile(const char *fname, int d)
1103	{
1104	FILE *f;
1105	char str, argv[MAXRULEWORDS32], buf[1024];
1106	int ln = 0, argc = 0;
1107
1108	f = fopen(fname, "r");
1109	if (f == NULL((void *)0))
1110	err(1, "%s", fname);
1111
1112	while (fgets(buf, sizeof(buf), f) != NULL((void *)0)) {
1113	ln++;
1114	if (buf[0] == '#' \|\| buf[0] == '\n')
1115	continue;
1116
1117	argc = 0;
1118	str = strtok(buf, "\n\t\r ");
1119	while (str != NULL((void *)0) && argc < MAXRULEWORDS32) {
1120	argv[argc++] = str;
1121	str = strtok(NULL((void *)0), "\n\t\r ");
1122	}
1123
1124	/* Rule is too long if there's more. */
1125	if (str != NULL((void *)0)) {
1126	warnx("invalid rule: %d: %s ...", ln, buf);
1127	continue;
1128	}
1129
1130	bridge_rule(argc, argv, ln);
1131	}
1132	fclose(f);
1133	}
1134
1135	void
1136	bridge_badrule(int argc, char *argv[], int ln)
1137	{
1138	extern const char *__progname;
1139	int i;
1140
1141	fprintf(stderr(&__sF[2]), "%s: invalid rule: ", __progname);
1142	if (ln != -1)
1143	fprintf(stderr(&__sF[2]), "%d: ", ln);
1144	for (i = 0; i < argc; i++)
1145	fprintf(stderr(&__sF[2]), "%s ", argv[i]);
1146	fprintf(stderr(&__sF[2]), "\n");
1147	}
1148
1149	#endif