Lines Matching refs:fin
1113 ipstate_t *fr_addstate(fin, stsave, flags) in fr_addstate() argument
1114 fr_info_t *fin; in fr_addstate()
1126 ipf_stack_t *ifs = fin->fin_ifs;
1129 (fin->fin_flx & (FI_SHORT|FI_STATE|FI_FRAGBODY|FI_BAD)))
1132 if ((fin->fin_flx & FI_OOW) && !(fin->fin_tcpf & TH_SYN))
1158 fr = fin->fin_fr;
1175 out = fin->fin_out;
1193 is->is_v = fin->fin_v;
1194 is->is_opt[0] = fin->fin_optmsk;
1207 is->is_sec = fin->fin_secmsk;
1209 is->is_auth = fin->fin_auth;
1215 hv = (is->is_p = fin->fin_fi.fi_p);
1216 is->is_src = fin->fin_fi.fi_src;
1218 is->is_dst = fin->fin_fi.fi_dst;
1221 if (fin->fin_v == 6) {
1249 if ((fin->fin_v == 4) &&
1250 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
1251 if (fin->fin_out == 0) {
1264 ic = fin->fin_dp;
1285 ic = fin->fin_dp;
1304 gre = fin->fin_dp;
1309 is->is_call[0] = fin->fin_data[0];
1310 is->is_call[1] = fin->fin_data[1];
1315 tcp = fin->fin_dp;
1323 is->is_sport = htons(fin->fin_data[0]);
1324 is->is_dport = htons(fin->fin_data[1]);
1340 if ((fin->fin_flx & FI_IGNORE) == 0) {
1341 is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
1354 if (fr_tcpoptions(fin, tcp,
1356 fin->fin_flx |= FI_BAD;
1360 if ((fin->fin_out != 0) && (pass & FR_NEWISN) != 0) {
1361 fr_checknewisn(fin, is);
1362 fr_fixoutisn(fin, is);
1384 tcp = fin->fin_dp;
1386 is->is_sport = htons(fin->fin_data[0]);
1387 is->is_dport = htons(fin->fin_data[1]);
1467 is->is_ifp[out << 1] = fin->fin_ifp;
1468 if (fin->fin_ifp != NULL) {
1469 COPYIFNAME(fin->fin_ifp, is->is_ifname[out << 1], fin->fin_v);
1477 if ((fin->fin_flx & FI_IGNORE) == 0) {
1479 is->is_bytes[out] = fin->fin_plen;
1480 is->is_flx[out][0] = fin->fin_flx & FI_CMP;
1493 is->is_rulen = fin->fin_rule;
1502 fr_stinsert(is, fin->fin_rev, ifs);
1504 if (fin->fin_p == IPPROTO_TCP) {
1510 (void) fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
1522 is->is_sync = ipfsync_new(SMC_STATE, fin, is);
1528 fin->fin_rev = IP6_NEQ(&is->is_dst, &fin->fin_daddr);
1529 fin->fin_flx |= FI_STATE;
1530 if (fin->fin_flx & FI_FRAG)
1531 (void) fr_newfrag(fin, pass ^ FR_KEEPSTATE);
1547 static int fr_tcpoptions(fin, tcp, td) in fr_tcpoptions() argument
1548 fr_info_t *fin; in fr_tcpoptions()
1557 if (fin->fin_dlen < len)
1561 off = fin->fin_plen - fin->fin_dlen + sizeof(*tcp) + fin->fin_ipoff;
1563 m = fin->fin_m;
1645 static int fr_tcpstate(fin, tcp, is) in fr_tcpstate() argument
1646 fr_info_t *fin; in fr_tcpstate()
1652 ipf_stack_t *ifs = fin->fin_ifs;
1654 source = !fin->fin_rev;
1656 (ntohs(is->is_sport) != fin->fin_data[0]))
1683 &fin->fin_ifs->ifs_ips_deletetq,
1684 fin->fin_ifs);
1691 if (fr_tcpinwindow(fin, fdata, tdata, tcp, is->is_flags)) {
1694 ipsc_packet(fin, is);
1705 ret = fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
1725 (void) fr_tcpoptions(fin, tcp, fdata);
1727 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
1728 fr_checknewisn(fin, is);
1732 (void) fr_tcpoptions(fin, tcp, fdata);
1734 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
1735 fr_checknewisn(fin, is);
1740 fin->fin_flx |= FI_OOW;
1758 static void fr_checknewisn(fin, is) in fr_checknewisn() argument
1759 fr_info_t *fin; in fr_checknewisn()
1766 i = fin->fin_rev;
1767 tcp = fin->fin_dp;
1772 new = fr_newisn(fin);
1794 int fr_tcpinwindow(fin, fdata, tdata, tcp, flags) in fr_tcpinwindow() argument
1795 fr_info_t *fin; in fr_tcpinwindow()
1828 dsize = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
1990 fin->fin_flx |= FI_OOW;
1994 fin->fin_flx |= FI_NEG_OOW;
2011 static ipstate_t *fr_stclone(fin, tcp, is) in fr_stclone() argument
2012 fr_info_t *fin; in fr_stclone()
2018 ipf_stack_t *ifs = fin->fin_ifs;
2047 send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
2051 if (fin->fin_rev == 1) {
2071 fr_stinsert(clone, fin->fin_rev, ifs);
2074 (void) fr_tcp_age(&clone->is_sti, fin, ifs->ifs_ips_tqtqb,
2083 clone->is_sync = ipfsync_new(SMC_STATE, fin, clone);
2102 static ipstate_t *fr_matchsrcdst(fin, is, src, dst, tcp, cmask) in fr_matchsrcdst() argument
2103 fr_info_t *fin; in fr_matchsrcdst()
2113 ipf_stack_t *ifs = fin->fin_ifs;
2116 ifp = fin->fin_ifp;
2117 out = fin->fin_out;
2123 sp = htons(fin->fin_sport);
2124 dp = ntohs(fin->fin_dport);
2198 fr_ip_t *fi = &fin->fin_fi;
2254 flx = fin->fin_flx & cmask;
2261 ((fin->fin_optmsk & is->is_optmsk[rev]) != is->is_opt[rev]) ||
2262 ((fin->fin_secmsk & is->is_secmsk) != is->is_sec) ||
2263 ((fin->fin_auth & is->is_authmsk) != is->is_auth)) {
2267 ((fin->fin_optmsk & is->is_optmsk[rev]) != is->is_opt[rev]),
2268 int, ((fin->fin_secmsk & is->is_secmsk) != is->is_sec),
2269 int, ((fin->fin_auth & is->is_authmsk) != is->is_auth)
2278 if ((fin->fin_flx & FI_IGNORE) != 0) {
2279 fin->fin_rev = rev;
2287 clone = fr_stclone(fin, tcp, is);
2330 is->is_opt[1] = fin->fin_optmsk;
2346 COPYIFNAME(ifp, is->is_ifname[idx], fin->fin_v);
2348 fin->fin_rev = rev;
2364 static ipstate_t *fr_checkicmpmatchingstate(fin) in fr_checkicmpmatchingstate() argument
2365 fr_info_t *fin; in fr_checkicmpmatchingstate()
2380 ipf_stack_t *ifs = fin->fin_ifs;
2388 if ((fin->fin_v != 4) || (fin->fin_hlen != sizeof(ip_t)) ||
2389 (fin->fin_plen < ICMPERR_MINPKTLEN) ||
2390 !(fin->fin_flx & FI_ICMPERR))
2392 ic = fin->fin_dp;
2399 if (fin->fin_plen < ICMPERR_MAXPKTLEN + ((IP_HL(oip) - 5) << 2))
2405 len = fin->fin_dlen - ICMPERR_ICMPHLEN;
2422 m = fin->fin_m;
2427 if ((char *)oip + len > (char *)fin->fin_ip + m->m_len)
2432 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
2462 ofin.fin_plen = fin->fin_dlen - ICMPERR_ICMPHLEN;
2464 ofin.fin_ifp = fin->fin_ifp;
2465 ofin.fin_out = !fin->fin_out;
2529 fin->fin_rev = !backward;
2530 i = (!backward << 1) + fin->fin_out;
2584 fin->fin_rev = !backward;
2585 i = (!backward << 1) + fin->fin_out;
2667 ipstate_t *fr_stlookup(fin, tcp, ifqp) in fr_stlookup() argument
2668 fr_info_t *fin; in fr_stlookup()
2679 ipf_stack_t *ifs = fin->fin_ifs;
2683 tcp = fin->fin_dp;
2685 hv = (pr = fin->fin_fi.fi_p);
2686 src = fin->fin_fi.fi_src;
2687 dst = fin->fin_fi.fi_dst;
2691 v = fin->fin_fi.fi_v;
2694 hv += fin->fin_fi.fi_src.i6[1];
2695 hv += fin->fin_fi.fi_src.i6[2];
2696 hv += fin->fin_fi.fi_src.i6[3];
2698 if ((fin->fin_p == IPPROTO_ICMPV6) &&
2699 IN6_IS_ADDR_MULTICAST(&fin->fin_fi.fi_dst.in6)) {
2702 hv += fin->fin_fi.fi_dst.i6[1];
2703 hv += fin->fin_fi.fi_dst.i6[2];
2704 hv += fin->fin_fi.fi_dst.i6[3];
2709 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
2710 if (fin->fin_out == 0) {
2738 is = fr_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
2741 ic, fin->fin_rev)) {
2742 if (fin->fin_rev)
2752 hv += fin->fin_fi.fi_src.i6[0];
2753 hv += fin->fin_fi.fi_src.i6[1];
2754 hv += fin->fin_fi.fi_src.i6[2];
2755 hv += fin->fin_fi.fi_src.i6[3];
2774 !IN6_IS_ADDR_MULTICAST(&fin->fin_fi.fi_src.in6)) {
2775 hv -= fin->fin_fi.fi_src.i6[0];
2776 hv -= fin->fin_fi.fi_src.i6[1];
2777 hv -= fin->fin_fi.fi_src.i6[2];
2778 hv -= fin->fin_fi.fi_src.i6[3];
2784 is = fr_checkicmp6matchingstate(fin);
2800 is = fr_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
2803 ic, fin->fin_rev)) {
2804 if (fin->fin_rev)
2819 sport = htons(fin->fin_data[0]);
2821 dport = htons(fin->fin_data[1]);
2832 fin->fin_flx &= ~FI_OOW;
2833 is = fr_matchsrcdst(fin, is, &src, &dst, tcp, FI_CMP);
2836 if (!fr_tcpstate(fin, tcp, is)) {
2837 oow |= fin->fin_flx & FI_OOW;
2861 hv = fin->fin_fi.fi_p;
2868 if (fin->fin_out == 0) {
2882 fin->fin_flx |= oow;
2887 gre = fin->fin_dp;
2901 is = fr_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
2914 (is->is_tqehead[fin->fin_rev] != NULL))
2915 ifq = is->is_tqehead[fin->fin_rev];
2932 void fr_updatestate(fin, is, ifq) in fr_updatestate() argument
2933 fr_info_t *fin; in fr_updatestate()
2939 ipf_stack_t *ifs = fin->fin_ifs;
2941 i = (fin->fin_rev << 1) + fin->fin_out;
2950 ifq = is->is_tqehead[fin->fin_rev];
2956 fin->fin_pktnum = is->is_pkts[i] + is->is_icmppkts[i];
2957 is->is_bytes[i] += fin->fin_plen;
2962 ipfsync_update(SMC_STATE, fin, is->is_sync);
2967 fin->fin_fr = is->is_rule;
2974 if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(pass))
2975 (void) fr_newfrag(fin, pass ^ FR_KEEPSTATE);
2988 frentry_t *fr_checkstate(fin, passp) in fr_checkstate() argument
2989 fr_info_t *fin; in fr_checkstate()
2997 ipf_stack_t *ifs = fin->fin_ifs;
3000 (fin->fin_flx & (FI_SHORT|FI_STATE|FI_FRAGBODY|FI_BAD)))
3004 if ((fin->fin_flx & FI_TCPUDP) ||
3005 (fin->fin_fi.fi_p == IPPROTO_ICMP)
3007 || (fin->fin_fi.fi_p == IPPROTO_ICMPV6)
3010 tcp = fin->fin_dp;
3018 is = fr_stlookup(fin, tcp, &ifq);
3019 switch (fin->fin_p)
3025 if (fin->fin_v == 6) {
3026 is = fr_checkicmp6matchingstate(fin);
3039 is = fr_checkicmpmatchingstate(fin);
3048 if (fin->fin_out == 0)
3049 fr_fixinisn(fin, is);
3050 else if (fin->fin_out == 1)
3051 fr_fixoutisn(fin, is);
3055 if (fin->fin_rev)
3069 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
3070 if (fin->fin_nattag == NULL) {
3074 if (fr_matchtag(&fr->fr_nattag, fin->fin_nattag) != 0) {
3079 (void) strncpy(fin->fin_group, fr->fr_group, FR_GROUPLEN);
3080 fin->fin_icode = fr->fr_icode;
3083 fin->fin_rule = is->is_rulen;
3085 fr_updatestate(fin, is, ifq);
3088 fin->fin_flx |= FI_STATE;
3105 static void fr_fixoutisn(fin, is) in fr_fixoutisn() argument
3106 fr_info_t *fin; in fr_fixoutisn()
3113 tcp = fin->fin_dp;
3114 rev = fin->fin_rev;
3143 static void fr_fixinisn(fin, is) in fr_fixinisn() argument
3144 fr_info_t *fin; in fr_fixinisn()
3151 tcp = fin->fin_dp;
3152 rev = fin->fin_rev;
3583 int fr_tcp_age(tqe, fin, tqtab, flags) in fr_tcp_age() argument
3585 fr_info_t *fin;
3592 ipf_stack_t *ifs = fin->fin_ifs;
3594 tcp = fin->fin_dp;
3597 dir = fin->fin_rev;
3599 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
3606 fr_info_t *, fin,
4018 static ipstate_t *fr_checkicmp6matchingstate(fin) in fr_checkicmp6matchingstate() argument
4019 fr_info_t *fin; in fr_checkicmp6matchingstate()
4033 ipf_stack_t *ifs = fin->fin_ifs;
4041 if ((fin->fin_v != 6) || (fin->fin_plen < ICMP6ERR_MINPKTLEN) ||
4042 !(fin->fin_flx & FI_ICMPERR))
4045 ic6 = fin->fin_dp;
4048 if (fin->fin_plen < sizeof(*oip6))
4051 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
4053 ofin.fin_ifp = fin->fin_ifp;
4054 ofin.fin_out = !fin->fin_out;
4069 oip6->ip6_plen = fin->fin_dlen - ICMPERR_ICMPHLEN;
4121 fin->fin_rev = !backward;
4122 i = (backward << 1) + fin->fin_out;
4171 fin->fin_rev = !backward;
4172 i = (backward << 1) + fin->fin_out;