Home | History | Annotate | Download | only in pfctl

Lines Matching refs:binat

412 %token	ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
495  * what that is: pf or nat or binat or rdr
843 					    " not supported in binat-anchor");
853 				    " in binat-anchor");
3665 binatrule	: no BINAT natpasslog interface af proto FROM host TO ipspec tag
3668 			struct pf_rule		binat;
3674 			    "permitted as a binat destination"))
3677 			memset(&binat, 0, sizeof(binat));
3684 				binat.action = PF_NOBINAT;
3686 				binat.action = PF_BINAT;
3687 			binat.natpass = $3.b1;
3688 			binat.log = $3.b2;
3689 			binat.logif = $3.w2;
3690 			binat.af = $5;
3691 			if (!binat.af && $8 != NULL && $8->af)
3692 				binat.af = $8->af;
3693 			if (!binat.af && $10 != NULL && $10->af)
3694 				binat.af = $10->af;
3696 			if (!binat.af && $14 != NULL && $14->host)
3697 				binat.af = $14->host->af;
3698 			if (!binat.af) {
3705 				memcpy(binat.ifname, $4->ifname,
3706 				    sizeof(binat.ifname));
3707 				binat.ifnot = $4->not;
3712 				if (strlcpy(binat.tagname, $11,
3719 				if (strlcpy(binat.match_tagname, $12.name,
3725 			binat.match_tag_not = $12.neg;
3726 			binat.rtableid = $13;
3729 				binat.proto = $6->proto;
3734 			    "table <%s> as the source address of a binat rule"))
3737 			    "interface (%s) as the source address of a binat "
3742 			    "redirect address of a binat rule"))
3746 			    "redirect address of a binat rule"))
3751 					yyerror("multiple binat ip addresses");
3755 					$8->af = binat.af;
3756 				if ($8->af != binat.af) {
3757 					yyerror("binat ip versions must match");
3760 				if (check_netmask($8, binat.af))
3762 				memcpy(&binat.src.addr, &$8->addr,
3763 				    sizeof(binat.src.addr));
3768 					yyerror("multiple binat ip addresses");
3771 				if ($10->af != binat.af && $10->af) {
3772 					yyerror("binat ip versions must match");
3775 				if (check_netmask($10, binat.af))
3777 				memcpy(&binat.dst.addr, &$10->addr,
3778 				    sizeof(binat.dst.addr));
3779 				binat.dst.neg = $10->not;
3783 			if (binat.action == PF_NOBINAT) {
3785 					yyerror("'no binat' rule does not need"
3791 					yyerror("'binat' rule requires"
3796 				remove_invalid_hosts(&$14->host, &binat.af);
3797 				if (invalid_redirect($14->host, binat.af))
3800 					yyerror("binat rule must redirect to "
3804 				if (check_netmask($14->host, binat.af))
3807 				if (!PF_AZERO(&binat.src.addr.v.a.mask,
3808 				    binat.af) &&
3809 				    !PF_AEQ(&binat.src.addr.v.a.mask,
3810 				    &$14->host->addr.v.a.mask, binat.af)) {
3811 					yyerror("'binat' source mask and "
3816 				TAILQ_INIT(&binat.rpool.list);
3819 					err(1, "binat: calloc");
3822 				TAILQ_INSERT_TAIL(&binat.rpool.list,
3828 			pfctl_add_rule(pf, &binat, "");
4897 		{ "binat",		BINAT},
4898 		{ "binat-anchor",	BINATANCHOR},