Lines Matching refs:ifs
179 int fr_natinit(ifs) in fr_natinit() argument
180 ipf_stack_t *ifs; in fr_natinit()
184 KMALLOCS(ifs->ifs_nat_table[0], nat_t **,
185 sizeof(nat_t *) * ifs->ifs_ipf_nattable_sz);
186 if (ifs->ifs_nat_table[0] != NULL)
187 bzero((char *)ifs->ifs_nat_table[0],
188 ifs->ifs_ipf_nattable_sz * sizeof(nat_t *));
192 KMALLOCS(ifs->ifs_nat_table[1], nat_t **,
193 sizeof(nat_t *) * ifs->ifs_ipf_nattable_sz);
194 if (ifs->ifs_nat_table[1] != NULL)
195 bzero((char *)ifs->ifs_nat_table[1],
196 ifs->ifs_ipf_nattable_sz * sizeof(nat_t *));
200 KMALLOCS(ifs->ifs_nat_rules, ipnat_t **,
201 sizeof(ipnat_t *) * ifs->ifs_ipf_natrules_sz);
202 if (ifs->ifs_nat_rules != NULL)
203 bzero((char *)ifs->ifs_nat_rules,
204 ifs->ifs_ipf_natrules_sz * sizeof(ipnat_t *));
208 KMALLOCS(ifs->ifs_rdr_rules, ipnat_t **,
209 sizeof(ipnat_t *) * ifs->ifs_ipf_rdrrules_sz);
210 if (ifs->ifs_rdr_rules != NULL)
211 bzero((char *)ifs->ifs_rdr_rules,
212 ifs->ifs_ipf_rdrrules_sz * sizeof(ipnat_t *));
216 KMALLOCS(ifs->ifs_maptable, hostmap_t **,
217 sizeof(hostmap_t *) * ifs->ifs_ipf_hostmap_sz);
218 if (ifs->ifs_maptable != NULL)
219 bzero((char *)ifs->ifs_maptable,
220 sizeof(hostmap_t *) * ifs->ifs_ipf_hostmap_sz);
224 ifs->ifs_ipf_hm_maplist = NULL;
226 KMALLOCS(ifs->ifs_nat_stats.ns_bucketlen[0], u_long *,
227 ifs->ifs_ipf_nattable_sz * sizeof(u_long));
228 if (ifs->ifs_nat_stats.ns_bucketlen[0] == NULL)
230 bzero((char *)ifs->ifs_nat_stats.ns_bucketlen[0],
231 ifs->ifs_ipf_nattable_sz * sizeof(u_long));
233 KMALLOCS(ifs->ifs_nat_stats.ns_bucketlen[1], u_long *,
234 ifs->ifs_ipf_nattable_sz * sizeof(u_long));
235 if (ifs->ifs_nat_stats.ns_bucketlen[1] == NULL)
237 bzero((char *)ifs->ifs_nat_stats.ns_bucketlen[1],
238 ifs->ifs_ipf_nattable_sz * sizeof(u_long));
240 if (ifs->ifs_fr_nat_maxbucket == 0) {
241 for (i = ifs->ifs_ipf_nattable_sz; i > 0; i >>= 1)
242 ifs->ifs_fr_nat_maxbucket++;
243 ifs->ifs_fr_nat_maxbucket *= 2;
246 fr_sttab_init(ifs->ifs_nat_tqb, ifs);
251 ifs->ifs_nat_tqb[IPF_TCPS_CLOSED].ifq_ttl = ifs->ifs_fr_tcplastack;
252 ifs->ifs_nat_tqb[IPF_TCP_NSTATES - 1].ifq_next = &ifs->ifs_nat_udptq;
253 ifs->ifs_nat_udptq.ifq_ttl = ifs->ifs_fr_defnatage;
254 ifs->ifs_nat_udptq.ifq_ref = 1;
255 ifs->ifs_nat_udptq.ifq_head = NULL;
256 ifs->ifs_nat_udptq.ifq_tail = &ifs->ifs_nat_udptq.ifq_head;
257 MUTEX_INIT(&ifs->ifs_nat_udptq.ifq_lock, "nat ipftq udp tab");
258 ifs->ifs_nat_udptq.ifq_next = &ifs->ifs_nat_icmptq;
259 ifs->ifs_nat_icmptq.ifq_ttl = ifs->ifs_fr_defnaticmpage;
260 ifs->ifs_nat_icmptq.ifq_ref = 1;
261 ifs->ifs_nat_icmptq.ifq_head = NULL;
262 ifs->ifs_nat_icmptq.ifq_tail = &ifs->ifs_nat_icmptq.ifq_head;
263 MUTEX_INIT(&ifs->ifs_nat_icmptq.ifq_lock, "nat icmp ipftq tab");
264 ifs->ifs_nat_icmptq.ifq_next = &ifs->ifs_nat_iptq;
265 ifs->ifs_nat_iptq.ifq_ttl = ifs->ifs_fr_defnatipage;
266 ifs->ifs_nat_iptq.ifq_ref = 1;
267 ifs->ifs_nat_iptq.ifq_head = NULL;
268 ifs->ifs_nat_iptq.ifq_tail = &ifs->ifs_nat_iptq.ifq_head;
269 MUTEX_INIT(&ifs->ifs_nat_iptq.ifq_lock, "nat ip ipftq tab");
270 ifs->ifs_nat_iptq.ifq_next = NULL;
273 if (ifs->ifs_nat_tqb[i].ifq_ttl < ifs->ifs_fr_defnaticmpage)
274 ifs->ifs_nat_tqb[i].ifq_ttl = ifs->ifs_fr_defnaticmpage;
276 else if (ifs->ifs_nat_tqb[i].ifq_ttl > ifs->ifs_fr_defnatage)
277 ifs->ifs_nat_tqb[i].ifq_ttl = ifs->ifs_fr_defnatage;
286 ifs->ifs_nat_tqb[IPF_TCPS_CLOSED].ifq_ttl =
287 ifs->ifs_nat_tqb[IPF_TCPS_LAST_ACK].ifq_ttl;
289 RWLOCK_INIT(&ifs->ifs_ipf_nat, "ipf IP NAT rwlock");
290 RWLOCK_INIT(&ifs->ifs_ipf_natfrag, "ipf IP NAT-Frag rwlock");
291 MUTEX_INIT(&ifs->ifs_ipf_nat_new, "ipf nat new mutex");
292 MUTEX_INIT(&ifs->ifs_ipf_natio, "ipf nat io mutex");
294 ifs->ifs_fr_nat_init = 1;
295 ifs->ifs_nat_last_force_flush = ifs->ifs_fr_ticks;
309 static void nat_addrdr(n, ifs) in nat_addrdr() argument
311 ipf_stack_t *ifs;
320 ifs->ifs_rdr_masks |= 1 << k;
322 hv = NAT_HASH_FN(j, 0, ifs->ifs_ipf_rdrrules_sz);
323 np = ifs->ifs_rdr_rules + hv;
342 static void nat_addnat(n, ifs) in nat_addnat() argument
344 ipf_stack_t *ifs;
353 ifs->ifs_nat_masks |= 1 << k;
355 hv = NAT_HASH_FN(j, 0, ifs->ifs_ipf_natrules_sz);
356 np = ifs->ifs_nat_rules + hv;
412 static struct hostmap *nat_hostmap(np, src, dst, map, port, ifs) in nat_hostmap() argument
418 ipf_stack_t *ifs;
427 for (hm = ifs->ifs_maptable[hv]; hm; hm = hm->hm_next)
441 hm->hm_hnext = ifs->ifs_ipf_hm_maplist;
442 hm->hm_phnext = &ifs->ifs_ipf_hm_maplist;
443 if (ifs->ifs_ipf_hm_maplist != NULL)
444 ifs->ifs_ipf_hm_maplist->hm_phnext = &hm->hm_hnext;
445 ifs->ifs_ipf_hm_maplist = hm;
447 hm->hm_next = ifs->ifs_maptable[hv];
448 hm->hm_pnext = ifs->ifs_maptable + hv;
449 if (ifs->ifs_maptable[hv] != NULL)
450 ifs->ifs_maptable[hv]->hm_pnext = &hm->hm_next;
451 ifs->ifs_maptable[hv] = hm;
600 int fr_nat_ioctl(data, cmd, mode, uid, ctx, ifs) in fr_nat_ioctl() argument
605 ipf_stack_t *ifs;
656 MUTEX_ENTER(&ifs->ifs_ipf_natio);
657 for (np = &ifs->ifs_nat_list; ((n = *np) != NULL);
679 token = ipf_findtoken(iter.igi_type, uid, ctx, ifs);
681 error = nat_iterator(token, &iter, ifs);
684 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
695 tmp = ipflog_clear(IPL_LOGNAT, ifs);
708 (char *)&ifs->ifs_nat_logging,
709 sizeof(ifs->ifs_nat_logging));
715 error = BCOPYOUT((char *)&ifs->ifs_nat_logging, (char *)data,
716 sizeof(ifs->ifs_nat_logging));
721 arg = ifs->ifs_iplused[IPL_LOGNAT];
736 MUTEX_EXIT(&ifs->ifs_ipf_natio);
740 error = nat_siocaddnat(nt, np, getlock, ifs);
741 MUTEX_EXIT(&ifs->ifs_ipf_natio);
754 MUTEX_EXIT(&ifs->ifs_ipf_natio);
757 nat_siocdelnat(n, np, getlock, ifs);
759 MUTEX_EXIT(&ifs->ifs_ipf_natio);
763 ifs->ifs_nat_stats.ns_table[0] = ifs->ifs_nat_table[0];
764 ifs->ifs_nat_stats.ns_table[1] = ifs->ifs_nat_table[1];
765 ifs->ifs_nat_stats.ns_list = ifs->ifs_nat_list;
766 ifs->ifs_nat_stats.ns_maptable = ifs->ifs_maptable;
767 ifs->ifs_nat_stats.ns_maplist = ifs->ifs_ipf_hm_maplist;
768 ifs->ifs_nat_stats.ns_nattab_max = ifs->ifs_ipf_nattable_max;
769 ifs->ifs_nat_stats.ns_nattab_sz = ifs->ifs_ipf_nattable_sz;
770 ifs->ifs_nat_stats.ns_rultab_sz = ifs->ifs_ipf_natrules_sz;
771 ifs->ifs_nat_stats.ns_rdrtab_sz = ifs->ifs_ipf_rdrrules_sz;
772 ifs->ifs_nat_stats.ns_hostmap_sz = ifs->ifs_ipf_hostmap_sz;
773 ifs->ifs_nat_stats.ns_instances = ifs->ifs_nat_instances;
774 ifs->ifs_nat_stats.ns_apslist = ifs->ifs_ap_sess_list;
775 error = fr_outobj(data, &ifs->ifs_nat_stats, IPFOBJ_NATSTAT);
782 READ_ENTER(&ifs->ifs_ipf_nat);
793 ptr = nat_lookupredir(&nl, ifs);
797 ptr = nat6_lookupredir(&nl, ifs);
812 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
822 WRITE_ENTER(&ifs->ifs_ipf_nat);
829 ret = nat_clearlist(ifs);
831 ret = nat_flushtable(arg, ifs);
836 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
845 error = appr_ioctl(data, cmd, mode, ifs);
851 error = fr_lock(data, &ifs->ifs_fr_nat_lock);
856 error = fr_natputent(data, getlock, ifs);
862 if (ifs->ifs_fr_nat_lock) {
864 READ_ENTER(&ifs->ifs_ipf_nat);
866 error = fr_natgetsz(data, ifs);
868 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
874 if (ifs->ifs_fr_nat_lock) {
876 READ_ENTER(&ifs->ifs_ipf_nat);
878 error = fr_natgetent(data, ifs);
880 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
890 error = ipf_deltoken(arg, uid, ctx, ifs);
916 static int nat_siocaddnat(n, np, getlock, ifs) in nat_siocaddnat() argument
919 ipf_stack_t *ifs;
923 if (nat_resolverule(n, ifs) != 0)
1024 WRITE_ENTER(&ifs->ifs_ipf_nat);
1030 n->in_tqehead[0] = fr_addtimeoutqueue(&ifs->ifs_nat_utqe,
1031 n->in_age[0], ifs);
1034 n->in_tqehead[1] = fr_addtimeoutqueue(&ifs->ifs_nat_utqe,
1035 n->in_age[1], ifs);
1042 nat_addrdr(n, ifs);
1046 nat6_addrdr(n, ifs);
1058 nat_addnat(n, ifs);
1062 nat6_addnat(n, ifs);
1070 ifs->ifs_nat_stats.ns_rules++;
1072 RWLOCK_EXIT(&ifs->ifs_ipf_nat); /* WRITE */
1090 static int nat_resolverule(n, ifs) in nat_resolverule() argument
1092 ipf_stack_t *ifs;
1095 n->in_ifps[0] = fr_resolvenic(n->in_ifnames[0], n->in_v, ifs);
1102 n->in_ifps[1] = fr_resolvenic(n->in_ifnames[1], n->in_v, ifs);
1106 n->in_apr = appr_lookup(n->in_p, n->in_plabel, ifs);
1126 static void nat_siocdelnat(n, np, getlock, ifs) in nat_siocdelnat() argument
1129 ipf_stack_t *ifs;
1134 WRITE_ENTER(&ifs->ifs_ipf_nat);
1140 if (ifs->ifs_nat_list == NULL) {
1141 ifs->ifs_nat_masks = 0;
1142 ifs->ifs_rdr_masks = 0;
1144 ifs->ifs_nat6_masks[i] = 0;
1145 ifs->ifs_rdr6_masks[i] = 0;
1151 fr_freetimeoutqueue(n->in_tqehead[0], ifs);
1157 fr_freetimeoutqueue(n->in_tqehead[1], ifs);
1167 ifs->ifs_nat_stats.ns_rules--;
1173 RWLOCK_EXIT(&ifs->ifs_ipf_nat); /* READ/WRITE */
1189 static int fr_natgetsz(data, ifs) in fr_natgetsz() argument
1191 ipf_stack_t *ifs;
1204 nat = ifs->ifs_nat_instances;
1223 for (n = ifs->ifs_nat_instances; n; n = n->nat_next)
1258 static int fr_natgetent(data, ifs) in fr_natgetent() argument
1260 ipf_stack_t *ifs;
1281 nat = ifs->ifs_nat_instances;
1283 if (ifs->ifs_nat_instances == NULL)
1293 for (n = ifs->ifs_nat_instances; n; n = n->nat_next)
1563 static int fr_natputent(data, getlock, ifs) in fr_natputent() argument
1566 ipf_stack_t *ifs;
1584 if (NAT_TAB_WATER_LEVEL(ifs) > ifs->ifs_nat_flush_level_hi)
1585 ifs->ifs_nat_doflush = 1;
1591 if (ifs->ifs_nat_stats.ns_inuse >= ifs->ifs_ipf_nattable_max) {
1592 ifs->ifs_nat_stats.ns_memfail++;
1659 ATOMIC_INC(ifs->ifs_nat_stats.ns_rules);
1661 if (nat_resolverule(in, ifs) != 0) {
1674 fin.fin_ifs = ifs;
1680 READ_ENTER(&ifs->ifs_ipf_nat);
1702 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
1713 READ_ENTER(&ifs->ifs_ipf_nat);
1734 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
1806 READ_ENTER(&ifs->ifs_ipf_nat);
1808 for (n = ifs->ifs_nat_instances; n; n = n->nat_next)
1818 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
1835 WRITE_ENTER(&ifs->ifs_ipf_nat);
1843 error = nat_insert(nat, nat->nat_rev, ifs);
1847 error = nat6_insert(nat, nat->nat_rev, ifs);
1855 aps->aps_next = ifs->ifs_ap_sess_list;
1856 ifs->ifs_ap_sess_list = aps;
1859 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
1869 (void) fr_derefrule(&fr, ifs);
1903 int nat_delete(nat, logtype, ifs) in nat_delete() argument
1906 ipf_stack_t *ifs;
1911 if (logtype != 0 && ifs->ifs_nat_logging != 0)
1912 nat_log(nat, logtype, ifs);
1924 ifs->ifs_nat_stats.ns_bucketlen[0][nat->nat_hv[0]]--;
1925 ifs->ifs_nat_stats.ns_bucketlen[1][nat->nat_hv[1]]--;
1942 ifs->ifs_nat_stats.ns_wilds--;
1960 ifs->ifs_nat_stats.ns_orphans++;
1972 ifs->ifs_nat_stats.ns_orphans--;
1992 (void)fr_derefrule(&nat->nat_fr, ifs);
2010 ifs->ifs_nat_stats.ns_rules--;
2016 aps_free(nat->nat_aps, ifs);
2017 ifs->ifs_nat_stats.ns_inuse--;
2024 fr_forgetnat((void *)nat, ifs);
2041 static int nat_clearlist(ifs) in nat_clearlist() argument
2042 ipf_stack_t *ifs; in nat_clearlist()
2044 ipnat_t *n, **np = &ifs->ifs_nat_list;
2047 if (ifs->ifs_nat_rules != NULL)
2048 bzero((char *)ifs->ifs_nat_rules,
2049 sizeof(*ifs->ifs_nat_rules) * ifs->ifs_ipf_natrules_sz);
2050 if (ifs->ifs_rdr_rules != NULL)
2051 bzero((char *)ifs->ifs_rdr_rules,
2052 sizeof(*ifs->ifs_rdr_rules) * ifs->ifs_ipf_rdrrules_sz);
2060 ifs->ifs_nat_stats.ns_rules--;
2067 ifs->ifs_nat_masks = 0;
2068 ifs->ifs_rdr_masks = 0;
2070 ifs->ifs_nat6_masks[i] = 0;
2071 ifs->ifs_rdr6_masks[i] = 0;
2103 ipf_stack_t *ifs = fin->fin_ifs; local
2132 in, 0, ifs);
2306 nat->nat_outip, 0, ifs);
2351 ipf_stack_t *ifs = fin->fin_ifs; local
2371 (u_32_t)dport, ifs);
2391 in, (u_32_t)dport, ifs);
2532 ipf_stack_t *ifs = fin->fin_ifs; local
2538 if (NAT_TAB_WATER_LEVEL(ifs) > ifs->ifs_nat_flush_level_hi)
2539 ifs->ifs_nat_doflush = 1;
2545 if (ifs->ifs_nat_stats.ns_inuse >= ifs->ifs_ipf_nattable_max) {
2546 ifs->ifs_nat_stats.ns_memfail++;
2561 ifs->ifs_nat_stats.ns_memfail++;
2568 if (ifs->ifs_ipf_nattable_max > ifs->ifs_ipf_nattable_sz) {
2569 ifs->ifs_ipf_nattable_max = ifs->ifs_nat_stats.ns_inuse - 100;
2571 ifs->ifs_ipf_nattable_max);
2603 MUTEX_ENTER(&ifs->ifs_ipf_nat_new);
2650 nat_addrdr(np, ifs);
2653 nat_addnat(np, ifs);
2664 ifs->ifs_nat_stats.ns_wilds++;
2668 ifs->ifs_nat_stats.ns_badnat++;
2675 MUTEX_EXIT(&ifs->ifs_ipf_nat_new);
2704 ipf_stack_t *ifs = fin->fin_ifs; local
2730 if (nat_insert(nat, fin->fin_rev, ifs) == 0) {
2731 if (ifs->ifs_nat_logging)
2732 nat_log(nat, (u_int)np->in_redir, ifs);
2759 int nat_insert(nat, rev, ifs) in nat_insert() argument
2762 ipf_stack_t *ifs;
2775 ifs->ifs_ipf_nattable_sz);
2779 ifs->ifs_ipf_nattable_sz);
2783 ifs->ifs_ipf_nattable_sz);
2786 ifs->ifs_ipf_nattable_sz);
2789 if (ifs->ifs_nat_stats.ns_bucketlen[0][hv1] >= ifs->ifs_fr_nat_maxbucket ||
2790 ifs->ifs_nat_stats.ns_bucketlen[1][hv2] >= ifs->ifs_fr_nat_maxbucket) {
2807 nat->nat_ifps[0] = fr_resolvenic(nat->nat_ifnames[0], 4, ifs);
2811 nat->nat_ifps[1] = fr_resolvenic(nat->nat_ifnames[1], 4, ifs);
2819 nat->nat_next = ifs->ifs_nat_instances;
2820 nat->nat_pnext = &ifs->ifs_nat_instances;
2821 if (ifs->ifs_nat_instances)
2822 ifs->ifs_nat_instances->nat_pnext = &nat->nat_next;
2823 ifs->ifs_nat_instances = nat;
2825 natp = &ifs->ifs_nat_table[0][hv1];
2831 ifs->ifs_nat_stats.ns_bucketlen[0][hv1]++;
2833 natp = &ifs->ifs_nat_table[1][hv2];
2839 ifs->ifs_nat_stats.ns_bucketlen[1][hv2]++;
2841 fr_setnatqueue(nat, rev, ifs);
2843 ifs->ifs_nat_stats.ns_added++;
2844 ifs->ifs_nat_stats.ns_inuse++;
3277 ipf_stack_t *ifs = fin->fin_ifs; local
3310 hv = NAT_HASH_FN(src.s_addr, hv + sport, ifs->ifs_ipf_nattable_sz);
3311 nat = ifs->ifs_nat_table[1][hv];
3375 if (ifs->ifs_nat_stats.ns_wilds == 0)
3378 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
3381 hv = NAT_HASH_FN(src.s_addr, hv, ifs->ifs_ipf_nattable_sz);
3383 WRITE_ENTER(&ifs->ifs_ipf_nat);
3385 nat = ifs->ifs_nat_table[1][hv];
3415 MUTEX_ENTER(&ifs->ifs_ipf_nat_new);
3416 ifs->ifs_nat_stats.ns_wilds--;
3417 MUTEX_EXIT(&ifs->ifs_ipf_nat_new);
3422 nat_tabmove(nat, ifs);
3427 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
3443 static void nat_tabmove(nat, ifs) in nat_tabmove() argument
3445 ipf_stack_t *ifs;
3459 ifs->ifs_nat_stats.ns_bucketlen[0][nat->nat_hv[0]]--;
3464 ifs->ifs_nat_stats.ns_bucketlen[1][nat->nat_hv[1]]--;
3471 ifs->ifs_ipf_nattable_sz);
3473 natp = &ifs->ifs_nat_table[0][hv];
3479 ifs->ifs_nat_stats.ns_bucketlen[0][hv]++;
3483 ifs->ifs_ipf_nattable_sz);
3485 natp = &ifs->ifs_nat_table[1][hv];
3491 ifs->ifs_nat_stats.ns_bucketlen[1][hv]++;
3531 ipf_stack_t *ifs = fin->fin_ifs; local
3561 hv = NAT_HASH_FN(dst.s_addr, hv + dport, ifs->ifs_ipf_nattable_sz);
3562 nat = ifs->ifs_nat_table[0][hv];
3616 if (ifs->ifs_nat_stats.ns_wilds == 0)
3619 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
3622 hv = NAT_HASH_FN(dst.s_addr, hv, ifs->ifs_ipf_nattable_sz);
3624 WRITE_ENTER(&ifs->ifs_ipf_nat);
3626 nat = ifs->ifs_nat_table[0][hv];
3656 MUTEX_ENTER(&ifs->ifs_ipf_nat_new);
3657 ifs->ifs_nat_stats.ns_wilds--;
3658 MUTEX_EXIT(&ifs->ifs_ipf_nat_new);
3665 nat_tabmove(nat, ifs);
3670 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
3685 nat_t *nat_lookupredir(np, ifs) in nat_lookupredir() argument
3687 ipf_stack_t *ifs;
3707 fi.fin_ifs = ifs;
3733 fin.fin_ifs = ifs;
3821 ipf_stack_t *ifs = fin->fin_ifs; local
3837 (void) fr_tcp_age(&nat->nat_tqe, fin, ifs->ifs_nat_tqb, 0);
3841 ifq2 = &ifs->ifs_nat_udptq;
3843 ifq2 = &ifs->ifs_nat_icmptq;
3845 ifq2 = &ifs->ifs_nat_iptq;
3848 fr_movequeue(tqe, ifq, ifq2, ifs);
3882 ipf_stack_t *ifs = fin->fin_ifs; local
3884 if (ifs->ifs_fr_nat_lock != 0)
3886 if (ifs->ifs_nat_stats.ns_rules == 0 && ifs->ifs_nat_instances == NULL)
3927 READ_ENTER(&ifs->ifs_ipf_nat);
3951 nmsk = ifs->ifs_nat_masks;
3954 hv = NAT_HASH_FN(iph, 0, ifs->ifs_ipf_natrules_sz);
3955 for (np = ifs->ifs_nat_rules[hv]; np; np = npnext) {
3984 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
3985 WRITE_ENTER(&ifs->ifs_ipf_nat);
3990 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
3995 fr_ipnatderef(&np, ifs);
3996 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
4025 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4059 ipf_stack_t *ifs = fin->fin_ifs; local
4070 net_handle_t net_data_p = ifs->ifs_ipf_ipv4;
4171 ifs->ifs_nat_stats.ns_mapped[1]++;
4206 ipf_stack_t *ifs = fin->fin_ifs; local
4208 if (ifs->ifs_fr_nat_lock != 0)
4210 if (ifs->ifs_nat_stats.ns_rules == 0 && ifs->ifs_nat_instances == NULL)
4253 READ_ENTER(&ifs->ifs_ipf_nat);
4276 rmsk = ifs->ifs_rdr_masks;
4280 hv = NAT_HASH_FN(iph, 0, ifs->ifs_ipf_rdrrules_sz);
4281 for (np = ifs->ifs_rdr_rules[hv]; np; np = npnext) {
4310 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4311 WRITE_ENTER(&ifs->ifs_ipf_nat);
4316 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
4321 fr_ipnatderef(&np, ifs);
4322 MUTEX_DOWNGRADE(&ifs->ifs_ipf_nat);
4352 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4386 ipf_stack_t *ifs = fin->fin_ifs; local
4397 net_handle_t net_data_p = ifs->ifs_ipf_ipv4;
4501 ifs->ifs_nat_stats.ns_mapped[0]++;
4593 void fr_natunload(ifs) in fr_natunload() argument
4594 ipf_stack_t *ifs; in fr_natunload()
4598 (void) nat_clearlist(ifs);
4599 (void) nat_flushtable(FLUSH_TABLE_ALL, ifs);
4608 for (ifq = ifs->ifs_nat_utqe; ifq != NULL; ifq = ifqnext) {
4612 fr_freetimeoutqueue(ifq, ifs);
4615 if (ifs->ifs_nat_table[0] != NULL) {
4616 KFREES(ifs->ifs_nat_table[0],
4617 sizeof(nat_t *) * ifs->ifs_ipf_nattable_sz);
4618 ifs->ifs_nat_table[0] = NULL;
4620 if (ifs->ifs_nat_table[1] != NULL) {
4621 KFREES(ifs->ifs_nat_table[1],
4622 sizeof(nat_t *) * ifs->ifs_ipf_nattable_sz);
4623 ifs->ifs_nat_table[1] = NULL;
4625 if (ifs->ifs_nat_rules != NULL) {
4626 KFREES(ifs->ifs_nat_rules,
4627 sizeof(ipnat_t *) * ifs->ifs_ipf_natrules_sz);
4628 ifs->ifs_nat_rules = NULL;
4630 if (ifs->ifs_rdr_rules != NULL) {
4631 KFREES(ifs->ifs_rdr_rules,
4632 sizeof(ipnat_t *) * ifs->ifs_ipf_rdrrules_sz);
4633 ifs->ifs_rdr_rules = NULL;
4635 if (ifs->ifs_maptable != NULL) {
4636 KFREES(ifs->ifs_maptable,
4637 sizeof(hostmap_t *) * ifs->ifs_ipf_hostmap_sz);
4638 ifs->ifs_maptable = NULL;
4640 if (ifs->ifs_nat_stats.ns_bucketlen[0] != NULL) {
4641 KFREES(ifs->ifs_nat_stats.ns_bucketlen[0],
4642 sizeof(u_long *) * ifs->ifs_ipf_nattable_sz);
4643 ifs->ifs_nat_stats.ns_bucketlen[0] = NULL;
4645 if (ifs->ifs_nat_stats.ns_bucketlen[1] != NULL) {
4646 KFREES(ifs->ifs_nat_stats.ns_bucketlen[1],
4647 sizeof(u_long *) * ifs->ifs_ipf_nattable_sz);
4648 ifs->ifs_nat_stats.ns_bucketlen[1] = NULL;
4651 if (ifs->ifs_fr_nat_maxbucket_reset == 1)
4652 ifs->ifs_fr_nat_maxbucket = 0;
4654 if (ifs->ifs_fr_nat_init == 1) {
4655 ifs->ifs_fr_nat_init = 0;
4656 fr_sttab_destroy(ifs->ifs_nat_tqb);
4658 RW_DESTROY(&ifs->ifs_ipf_natfrag);
4659 RW_DESTROY(&ifs->ifs_ipf_nat);
4661 MUTEX_DESTROY(&ifs->ifs_ipf_nat_new);
4662 MUTEX_DESTROY(&ifs->ifs_ipf_natio);
4664 MUTEX_DESTROY(&ifs->ifs_nat_udptq.ifq_lock);
4665 MUTEX_DESTROY(&ifs->ifs_nat_icmptq.ifq_lock);
4666 MUTEX_DESTROY(&ifs->ifs_nat_iptq.ifq_lock);
4679 void fr_natexpire(ifs) in fr_natexpire() argument
4680 ipf_stack_t *ifs; in fr_natexpire()
4688 WRITE_ENTER(&ifs->ifs_ipf_nat);
4689 for (ifq = ifs->ifs_nat_tqb, i = 0; ifq != NULL; ifq = ifq->ifq_next) {
4691 if (tqe->tqe_die > ifs->ifs_fr_ticks)
4694 (void) nat_delete(tqe->tqe_parent, NL_EXPIRE, ifs);
4698 for (ifq = ifs->ifs_nat_utqe; ifq != NULL; ifq = ifqnext) {
4702 if (tqe->tqe_die > ifs->ifs_fr_ticks)
4705 (void) nat_delete(tqe->tqe_parent, NL_EXPIRE, ifs);
4709 for (ifq = ifs->ifs_nat_utqe; ifq != NULL; ifq = ifqnext) {
4714 fr_freetimeoutqueue(ifq, ifs);
4718 if (ifs->ifs_nat_doflush != 0) {
4719 (void) nat_flushtable(FLUSH_TABLE_EXTRA, ifs);
4720 ifs->ifs_nat_doflush = 0;
4723 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4739 void fr_nataddrsync(v, ifp, addr, ifs) in fr_nataddrsync() argument
4743 ipf_stack_t *ifs;
4752 if (ifs->ifs_fr_running <= 0)
4756 WRITE_ENTER(&ifs->ifs_ipf_nat);
4758 if (ifs->ifs_fr_running <= 0) {
4759 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4769 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4810 &in, NULL, ifs) != -1)
4823 (void *)&in6, NULL, ifs) != -1)
4846 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4865 void fr_natifpsync(action, v, ifp, name, ifs) in fr_natifpsync() argument
4869 ipf_stack_t *ifs;
4878 if (ifs->ifs_fr_running <= 0)
4882 WRITE_ENTER(&ifs->ifs_ipf_nat);
4884 if (ifs->ifs_fr_running <= 0) {
4885 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4892 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4899 fr_resolvenic(nat->nat_ifnames[0], nv, ifs);
4905 fr_resolvenic(nat->nat_ifnames[1], nv, ifs);
4909 for (n = ifs->ifs_nat_list; (n != NULL); n = n->in_next) {
4916 fr_resolvenic(n->in_ifnames[0], nv, ifs);
4921 fr_resolvenic(n->in_ifnames[1], nv, ifs);
4926 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4936 for (n = ifs->ifs_nat_list; (n != NULL); n = n->in_next) {
4948 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
4956 for (n = ifs->ifs_nat_list; (n != NULL); n = n->in_next) {
4966 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
4983 void fr_natifindexsync(ifp, newifp, ifs) in fr_natifindexsync() argument
4986 ipf_stack_t *ifs;
4991 WRITE_ENTER(&ifs->ifs_ipf_nat);
4993 for (nat = ifs->ifs_nat_instances; nat != NULL; nat = nat->nat_next) {
5001 for (n = ifs->ifs_nat_list; n != NULL; n = n->in_next) {
5009 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5063 void nat_log(nat, type, ifs) in nat_log() argument
5066 ipf_stack_t *ifs;
5094 for (rulen = 0, np = ifs->ifs_nat_list; np;
5106 (void) ipllog(IPL_LOGNAT, NULL, items, sizes, types, 1, ifs);
5120 void nat_ifdetach(ifp, ifs) in nat_ifdetach() argument
5122 ipf_stack_t *ifs;
5124 frsync(ifp, ifs);
5137 void fr_ipnatderef(inp, ifs) in fr_ipnatderef() argument
5139 ipf_stack_t *ifs;
5150 ifs->ifs_nat_stats.ns_rules--;
5153 if (ifs->ifs_nat_stats.ns_rules == 0)
5154 ifs->ifs_pfil_delayed_copy = 1;
5178 void fr_natderef(natp, ifs) in fr_natderef() argument
5180 ipf_stack_t *ifs;
5195 WRITE_ENTER(&ifs->ifs_ipf_nat);
5196 (void) nat_delete(nat, NL_EXPIRE, ifs);
5197 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5218 ipf_stack_t *ifs = fin->fin_ifs; local
5224 if (NAT_TAB_WATER_LEVEL(ifs) > ifs->ifs_nat_flush_level_hi)
5225 ifs->ifs_nat_doflush = 1;
5231 if (ifs->ifs_nat_stats.ns_inuse >= ifs->ifs_ipf_nattable_max) {
5232 ifs->ifs_nat_stats.ns_memfail++;
5258 if (nat_insert(clone, fin->fin_rev, ifs) == -1) {
5264 if (ifs->ifs_nat_logging)
5265 nat_log(clone, (u_int)np->in_redir, ifs);
5281 (void) fr_tcp_age(&clone->nat_tqe, fin, ifs->ifs_nat_tqb,
5287 if (ifs->ifs_nat_logging)
5288 nat_log(clone, NL_CLONE, ifs);
5434 void fr_setnatqueue(nat, rev, ifs) in fr_setnatqueue() argument
5437 ipf_stack_t *ifs;
5450 nifq = &ifs->ifs_nat_udptq;
5453 nifq = &ifs->ifs_nat_icmptq;
5456 nifq = ifs->ifs_nat_tqb + nat->nat_tqe.tqe_state[rev];
5459 nifq = &ifs->ifs_nat_iptq;
5470 fr_movequeue(&nat->nat_tqe, oifq, nifq, ifs);
5472 fr_queueappend(&nat->nat_tqe, nifq, nat, ifs);
5487 static int nat_getnext(t, itp, ifs) in nat_getnext() argument
5490 ipf_stack_t *ifs;
5501 READ_ENTER(&ifs->ifs_ipf_nat);
5511 nexthm = ifs->ifs_ipf_hm_maplist;
5520 nextipnat = ifs->ifs_nat_list;
5529 nextnat = ifs->ifs_nat_instances;
5535 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5595 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5607 ipf_freetoken(t, ifs);
5612 WRITE_ENTER(&ifs->ifs_ipf_nat);
5614 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5617 ipf_freetoken(t, ifs);
5632 ipf_freetoken(t, ifs);
5637 WRITE_ENTER(&ifs->ifs_ipf_nat);
5638 fr_ipnatderef(&ipn, ifs);
5639 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
5642 ipf_freetoken(t, ifs);
5657 ipf_freetoken(t, ifs);
5662 fr_natderef(&nat, ifs);
5664 ipf_freetoken(t, ifs);
5680 READ_ENTER(&ifs->ifs_ipf_nat);
5698 static int nat_iterator(token, itp, ifs) in nat_iterator() argument
5701 ipf_stack_t *ifs;
5715 error = nat_getnext(token, itp, ifs);
5718 error = fr_nextfrag(token, itp, &ifs->ifs_ipfr_natlist,
5719 &ifs->ifs_ipfr_nattail,
5720 &ifs->ifs_ipf_natfrag, ifs);
5751 static int nat_flushtable(flush_option, ifs) in nat_flushtable() argument
5753 ipf_stack_t *ifs;
5765 natn = ifs->ifs_nat_instances;
5768 if (nat_delete(nat, NL_FLUSH, ifs) == 0)
5776 ifs->ifs_nat_tqb,
5777 ifs->ifs_nat_utqe,
5778 ifs);
5784 ifs->ifs_nat_tqb,
5785 ifs->ifs_nat_utqe,
5786 ifs);
5791 if (ifs->ifs_fr_ticks - ifs->ifs_nat_last_force_flush <
5794 ifs->ifs_nat_last_force_flush = ifs->ifs_fr_ticks;
5796 &ifs->ifs_nat_tqb[IPF_TCPS_ESTABLISHED],
5797 ifs->ifs_nat_utqe,
5798 ifs);
5826 ipf_stack_t *ifs = fin->fin_ifs; local
5843 WRITE_ENTER(&ifs->ifs_ipf_nat);
5854 ifs->ifs_nat_stats.ns_uncreate[fin->fin_out][0]++;
5855 (void) nat_delete(nat, NL_DESTROY, ifs);
5857 ifs->ifs_nat_stats.ns_uncreate[fin->fin_out][1]++;
5860 RWLOCK_EXIT(&ifs->ifs_ipf_nat);