src - OpenBSD base system

diff options


context:
space:
mode:

author	Cedric Berger <cedric@cvs.openbsd.org>	2003-01-03 21:37:45 +0000
committer	Cedric Berger <cedric@cvs.openbsd.org>	2003-01-03 21:37:45 +0000
commit	53b24bf74006b8fe01c11b5912d6fdd335766f47 (patch)
tree	808cc224a9a0a135b48997ef94f531d0af7be38d /sbin
parent	18e3159b84731971d6a6fd04b186575959c2ea35 (diff)

Bring in userland code for accessing PF radix tables.

ok dhartmei@ mcbride@

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/pfctl/Makefile

-rw-r--r--

sbin/pfctl/parse.y

-rw-r--r--

sbin/pfctl/pf_print_state.c

-rw-r--r--

sbin/pfctl/pfctl.8

-rw-r--r--

sbin/pfctl/pfctl.c

-rw-r--r--

sbin/pfctl/pfctl_radix.c

378

-rw-r--r--

sbin/pfctl/pfctl_radix.h

-rw-r--r--

sbin/pfctl/pfctl_table.c

591

-rw-r--r--

sbin/pfctl/pfctl_table.h

9 files changed, 1177 insertions, 9 deletions

diff --git a/sbin/pfctl/Makefile b/sbin/pfctl/Makefile
index 4dfe8b38e6b..73c1a969f0a 100644
--- a/sbin/pfctl/Makefile
+++ b/sbin/pfctl/Makefile

@@ -1,7 +1,8 @@

-# $OpenBSD: Makefile,v 1.10 2002/12/06 16:16:15 henning Exp $

+# $OpenBSD: Makefile,v 1.11 2003/01/03 21:37:44 cedric Exp $

PROG= pfctl

SRCS= pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c

+SRCS+= pfctl_radix.c pfctl_table.c

CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized

CFLAGS+= -Wstrict-prototypes

YFLAGS=

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index a5d44e0ab29..e492ca7b282 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.272 2003/01/02 11:34:59 mcbride Exp $ */

+/* $OpenBSD: parse.y,v 1.273 2003/01/03 21:37:44 cedric Exp $ */

@@ -56,6 +56,7 @@

#include "pf_print_state.h"

#include "pfctl_parser.h"

+#include "pfctl_radix.h"

#include "pfctl_altq.h"

static struct pfctl *pf = NULL;

@@ -1477,6 +1478,25 @@ xhost : '!' host {

host : address

| STRING '/' number { $$ = host($1, $3); }

+ | PORTUNARY STRING PORTUNARY {

+ struct pfr_table tbl;

+ int exists = 0;

+ if ($1 != PF_OP_LT || $3 != PF_OP_GT)

+ YYERROR;

+ $$ = calloc(1, sizeof(struct node_host));

+ if ($$ == NULL)

+ err(1, "host: calloc");

+ $$->af = 0;

+ bzero(&tbl, sizeof(tbl));

+ strlcpy(tbl.pfrt_name, $2, sizeof(tbl.pfrt_name));

+ if (pfr_wrap_table(&tbl, &$$->addr, &exists, 0))

+ err(1, "pfr_wrap_table");

+ if (!exists)

+ fprintf(stderr, "warning: %s "

+ "table is not currently defined\n",

+ tbl.pfrt_name);

+ }

;

number : STRING {

diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c
index 6f43cc3cf74..f6d8fe02e32 100644
--- a/sbin/pfctl/pf_print_state.c
+++ b/sbin/pfctl/pf_print_state.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_print_state.c,v 1.14 2002/12/18 16:09:25 dhartmei Exp $ */

+/* $OpenBSD: pf_print_state.c,v 1.15 2003/01/03 21:37:44 cedric Exp $ */

@@ -53,6 +53,7 @@

#include <err.h>

#include "pfctl_parser.h"

+#include "pfctl_radix.h"

#include "pf_print_state.h"

void print_name(struct pf_addr *, struct pf_addr *, sa_family_t);

@@ -62,6 +63,15 @@ print_addr(struct pf_addr_wrap *addr, sa_family_t af)

{

char buf[48];

+ if (addr->mask.addr32[0] == PF_TABLE_MASK) {

+ struct pfr_table tbl = { "?" };

+ if (pfr_unwrap_table(&tbl, addr, 0))

+ printf("<0x%08X>", addr->addr.addr32[0]);

+ else

+ printf("<%s>", tbl.pfrt_name);

+ return;

+ }

if (addr->addr_dyn != NULL)

printf("(%s)", addr->addr.pfa.ifname);

else {

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 3da745ffc7b..e77dd31c123 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: pfctl.8,v 1.60 2002/12/15 16:52:35 margarida Exp $

+.\" $OpenBSD: pfctl.8,v 1.61 2003/01/03 21:37:44 cedric Exp $

.\"

@@ -39,6 +39,8 @@

.Op Fl k Ar host

.Op Fl s Ar modifier

.Op Fl x Ar level

+.Op Fl t Ar table

+.Op Fl T Ar command

.Sh DESCRIPTION

The

.Nm

@@ -120,7 +122,7 @@ rules, in that order.

.It Fl F Ar modifier

Flush one of the following.

Modifier name may be abbreviated:

-.Bl -tag -width "F rules " -compact

+.Bl -tag -width "F tables " -compact

.It Fl F Ar nat

Flush the NAT rules.

.It Fl F Ar queue

@@ -131,6 +133,8 @@ Flush the filter rules.

Flush the state table (NAT and filter).

.It Fl F Ar info

Flush the filter information (statistics that are not bound to rules).

+.It Fl F Ar Tables

+Flush the radix tables.

.It Fl F Ar all

Flush all of the above.

.El

@@ -168,7 +172,7 @@ Other rules and options are ignored.

.It Fl s Ar modifier

Show filter parameters.

Modifier names may be abbreviated:

-.Bl -tag -width "s rules " -compact

+.Bl -tag -width "s timeouts " -compact

.It Fl s Ar nat

Show the currently loaded NAT rules.

.It Fl s Ar queue

@@ -199,9 +203,35 @@ useful for accounting.

Show the current global timeouts.

.It Fl s Ar memory

Show the current pool memory hard limits.

+.It Fl s Ar Tables

+Show the list of radix tables.

.It Fl s Ar all

Show all of the above.

.El

+.It Fl t Ar table

+Specify the name of the radix table.

+.It Fl T Ar command

+Specify the command to apply to the table. commands include:

+.Bl -tag -width "T Replace " -compact

+.It Fl T Ar create

+Create a new table.

+.It Fl T Ar kill

+Kill a table.

+.It Fl T Ar flush

+Flush all addresses of a table.

+.It Fl T Ar add

+Add one or more addresses in a table.

+.It Fl T Ar delete

+Delete one or more addresses from a table.

+.It Fl T Ar replace

+Replace the addresses of the table.

+.It Fl T Ar show

+Show the content (addresses) of a table.

+.It Fl T Ar test

+Test if the given addresses match a table.

+.It Fl T Ar zero

+Clear all the statistics of a table.

+.El

.It Fl v

Produce more verbose output. A second use of

.Fl v

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 5615aa50575..2f1115908d1 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfctl.c,v 1.117 2003/01/01 17:20:14 henning Exp $ */

+/* $OpenBSD: pfctl.c,v 1.118 2003/01/03 21:37:44 cedric Exp $ */

@@ -53,6 +53,8 @@

#include "pfctl_parser.h"

#include "pf_print_state.h"

#include "pfctl_altq.h"

+#include "pfctl_table.h"

+#include "pfctl_radix.h"

void usage(void);

int pfctl_enable(int, int);

@@ -85,6 +87,8 @@ char *rulesopt;

char *showopt;

char *debugopt;

char *anchoropt;

+char *tableopt;

+char *tblcmdopt;

int state_killers;

char *state_kill[2];

int loadopt = PFCTL_FLAG_ALL;

@@ -166,6 +170,8 @@ usage(void)

fprintf(stderr, "[-a anchor:ruleset] [-f file]\n");

fprintf(stderr, " ");

fprintf(stderr, "[-F modifier] [-k host] [-s modifier] [-x level]\n");

+ fprintf(stderr, " ");

+ fprintf(stderr, "[-t table [-T command [addresses]*]]\n");

exit(1);

}

@@ -1240,11 +1246,13 @@ main(int argc, char *argv[])

int ch;

int mode = O_RDONLY;

int opts = 0;

+ int dummy = 0;

if (argc < 2)

usage();

- while ((ch = getopt(argc, argv, "a:Adeqf:F:hk:nNOrRs:vx:z")) != -1) {

+ while ((ch = getopt(argc, argv, "a:Adeqf:F:hk:nNOrRs:t:T:vx:z")) !=

+ -1) {

switch (ch) {

case 'a':

anchoropt = optarg;

@@ -1302,6 +1310,12 @@ main(int argc, char *argv[])

case 's':

showopt = optarg;

break;

+ case 't':

+ tableopt = optarg;

+ break;

+ case 'T':

+ tblcmdopt = optarg;

+ break;

case 'v':

if (opts & PF_OPT_VERBOSE)

opts |= PF_OPT_VERBOSE2;

@@ -1323,7 +1337,16 @@ main(int argc, char *argv[])

}

- if (argc != optind) {

+ if (tableopt != NULL || tblcmdopt != NULL) {

+ argc -= optind;

+ argv += optind;

+ ch = (tblcmdopt != NULL) ? *tblcmdopt : 0;

+ mode = strchr("acdfkrz", ch) ? O_RDWR : O_RDONLY;

+ if (opts & PF_OPT_NOACTION) {

+ opts &= ~PF_OPT_NOACTION;

+ dummy = PF_OPT_NOACTION;

+ }

+ } else if (argc != optind) {

warnx("unknown command line argument: %s ...", argv[optind]);

usage();

/* NOTREACHED */

@@ -1367,6 +1390,7 @@ main(int argc, char *argv[])

if (dev == -1)

err(1, "open(\"/dev/pf\")");

altqsupport = pfctl_test_altqsupport(dev);

+ pfr_set_fd(dev);

} else {

/* turn off options */

opts &= ~ (PF_OPT_DISABLE | PF_OPT_ENABLE);

@@ -1401,6 +1425,10 @@ main(int argc, char *argv[])

pfctl_clear_altq(dev, opts);

pfctl_clear_states(dev, opts);

pfctl_clear_stats(dev, opts);

+ pfctl_clear_tables(opts);

+ break;

+ case 'T':

+ pfctl_clear_tables(opts);

break;

default:

warnx("Unknown flush modifier '%s'", clearopt);

@@ -1410,6 +1438,12 @@ main(int argc, char *argv[])

if (state_killers)

pfctl_kill_states(dev, opts);

+ if (tableopt != NULL || tblcmdopt != NULL) {

+ error = pfctl_command_tables(argc, argv, tableopt,

+ tblcmdopt, rulesopt, opts | dummy);

+ rulesopt = NULL;

+ }

if (rulesopt != NULL)

if (pfctl_rules(dev, rulesopt, opts))

error = 1;

@@ -1452,6 +1486,10 @@ main(int argc, char *argv[])

pfctl_show_rules(dev, opts, 1);

pfctl_show_timeouts(dev);

pfctl_show_limits(dev);

+ pfctl_show_tables(opts);

+ break;

+ case 'T':

+ pfctl_show_tables(opts);

break;

default:

warnx("Unknown show modifier '%s'", showopt);

diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
new file mode 100644
index 00000000000..d84cb433c7b
--- /dev/null
+++ b/sbin/pfctl/pfctl_radix.c

@@ -0,0 +1,378 @@

+/* $OpenBSD: pfctl_radix.c,v 1.1 2003/01/03 21:37:44 cedric Exp $ */

+/*

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * - Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

+ * - Redistributions in binary form must reproduce the above

+ * copyright notice, this list of conditions and the following

+ * disclaimer in the documentation and/or other materials provided

+ * with the distribution.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

+ * POSSIBILITY OF SUCH DAMAGE.

+ *

+ */

+#include <sys/types.h>

+#include <sys/ioctl.h>

+#include <sys/socket.h>

+#include <net/if.h>

+#include <netinet/in.h>

+#include <net/pfvar.h>

+#include <string.h>

+#include <errno.h>

+#include <unistd.h>

+#include <fcntl.h>

+#include "pfctl_radix.h"

+#define RETURN_EINVAL \

+ do { \

+ errno = EINVAL; \

+ return (-1); \

+ } while (0)

+static int _pfr_dev = -1;

+static int

+_pfr_ioctl(unsigned long op, void *buf)

+ if (_pfr_dev < 0)

+ return (_pfr_dev);

+ return (ioctl(_pfr_dev, op, buf));

+void

+pfr_set_fd(int fd)

+ _pfr_dev = fd;

+int

+pfr_get_fd(void)

+ return _pfr_dev;

+int

+pfr_clr_tables(int *ndel, int flags)

+ struct pfioc_table io;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ if (_pfr_ioctl(DIOCRCLRTABLES, &io))

+ return (-1);

+ if (ndel != NULL)

+ *ndel = io.pfrio_ndel;

+ return (0);

+int

+pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)

+ struct pfioc_table io;

+ if (size < 0 || (size && tbl == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = tbl;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRADDTABLES, &io))

+ return (-1);

+ if (nadd != NULL)

+ *nadd = io.pfrio_nadd;

+ return (0);

+int

+pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)

+ struct pfioc_table io;

+ if (size < 0 || (size && tbl == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = tbl;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRDELTABLES, &io))

+ return (-1);

+ if (ndel != NULL)

+ *ndel = io.pfrio_ndel;

+ return (0);

+int

+pfr_get_tables(struct pfr_table *tbl, int *size, int flags)

+ struct pfioc_table io;

+ if (size == NULL || *size < 0 || (*size && tbl == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = tbl;

+ io.pfrio_size = *size;

+ if (_pfr_ioctl(DIOCRGETTABLES, &io))

+ return (-1);

+ *size = io.pfrio_size;

+ return (0);

+int

+pfr_get_tstats(struct pfr_tstats *tbl, int *size, int flags)

+ struct pfioc_table io;

+ if (size == NULL || *size < 0 || (*size && tbl == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = tbl;

+ io.pfrio_size = *size;

+ if (_pfr_ioctl(DIOCRGETTSTATS, &io))

+ return (-1);

+ *size = io.pfrio_size;

+ return (0);

+int

+pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL)

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ if (_pfr_ioctl(DIOCRSETADDRS, &io))

+ return (-1);

+ if (ndel != NULL)

+ *ndel = io.pfrio_ndel;

+ return (0);

+int

+pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,

+ int *nadd, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size < 0 || (size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRADDADDRS, &io))

+ return (-1);

+ if (nadd != NULL)

+ *nadd = io.pfrio_nadd;

+ return (0);

+int

+pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,

+ int *ndel, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size < 0 || (size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRDELADDRS, &io))

+ return (-1);

+ if (ndel != NULL)

+ *ndel = io.pfrio_ndel;

+ return (0);

+int

+pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,

+ int *size2, int *nadd, int *ndel, int *nchange, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size < 0 || (size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = size;

+ io.pfrio_size2 = (size2 != NULL) ? *size2 : 0;

+ if (_pfr_ioctl(DIOCRSETADDRS, &io))

+ return (-1);

+ if (nadd != NULL)

+ *nadd = io.pfrio_nadd;

+ if (ndel != NULL)

+ *ndel = io.pfrio_ndel;

+ if (nchange != NULL)

+ *nchange = io.pfrio_nchange;

+ if (size2 != NULL)

+ *size2 = io.pfrio_size2;

+ return (0);

+int

+pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,

+ int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size == NULL || *size < 0 || (*size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = *size;

+ if (_pfr_ioctl(DIOCRGETADDRS, &io))

+ return (-1);

+ *size = io.pfrio_size;

+ return (0);

+int

+pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,

+ int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size == NULL || *size < 0 || (*size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = *size;

+ if (_pfr_ioctl(DIOCRGETASTATS, &io))

+ return (-1);

+ *size = io.pfrio_size;

+ return (0);

+int

+pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size,

+ int *nzero, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size < 0 || (size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRCLRTSTATS, &io))

+ return (-1);

+ if (nzero != NULL)

+ *nzero = io.pfrio_nzero;

+ return (0);

+int

+pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)

+ struct pfioc_table io;

+ if (size < 0 || (size && !tbl))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = tbl;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRCLRTSTATS, &io))

+ return (-1);

+ if (nzero)

+ *nzero = io.pfrio_nzero;

+ return (0);

+int

+pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,

+ int *nmatch, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL || size < 0 || (size && addr == NULL))

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = addr;

+ io.pfrio_size = size;

+ if (_pfr_ioctl(DIOCRTSTADDRS, &io))

+ return (-1);

+ if (nmatch)

+ *nmatch = io.pfrio_nmatch;

+ return (0);

+int

+pfr_wrap_table(struct pfr_table *tbl, struct pf_addr_wrap *wrap,

+ int *exists, int flags)

+ struct pfioc_table io;

+ if (tbl == NULL)

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_table = *tbl;

+ io.pfrio_buffer = wrap;

+ io.pfrio_size = wrap ? 1 : 0;

+ io.pfrio_exists = exists ? 1 : 0;

+ if (_pfr_ioctl(DIOCRWRAPTABLE, &io))

+ return (-1);

+ if (exists)

+ *exists = io.pfrio_exists;

+ return (0);

+int

+pfr_unwrap_table(struct pfr_table *tbl, struct pf_addr_wrap *wrap, int flags)

+ struct pfioc_table io;

+ if (wrap == NULL)

+ RETURN_EINVAL;

+ bzero(&io, sizeof io);

+ io.pfrio_flags = flags;

+ io.pfrio_buffer = wrap;

+ io.pfrio_size = 1;

+ if (_pfr_ioctl(DIOCRUNWRTABLE, &io))

+ return (-1);

+ if (tbl != NULL)

+ *tbl = io.pfrio_table;

+ return (0);

diff --git a/sbin/pfctl/pfctl_radix.h b/sbin/pfctl/pfctl_radix.h
new file mode 100644
index 00000000000..084eb87b01d
--- /dev/null
+++ b/sbin/pfctl/pfctl_radix.h

@@ -0,0 +1,58 @@

+/* $OpenBSD: pfctl_radix.h,v 1.1 2003/01/03 21:37:44 cedric Exp $ */