Lines Matching full:pf
370 errx(1, "pf already enabled"); in pfctl_enable()
377 fprintf(stderr, "pf enabled\n"); in pfctl_enable()
393 errx(1, "pf not enabled"); in pfctl_disable()
398 fprintf(stderr, "pf disabled\n"); in pfctl_disable()
414 fprintf(stderr, "pf: statistics cleared\n"); in pfctl_clear_stats()
457 pfctl_adjust_skip_ifaces(struct pfctl *pf) in pfctl_adjust_skip_ifaces() argument
466 pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0); in pfctl_adjust_skip_ifaces()
476 pfctl_set_interface_flags(pf, in pfctl_adjust_skip_ifaces()
487 pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0); in pfctl_adjust_skip_ifaces()
503 fprintf(stderr, "pf: interface flags reset\n"); in pfctl_clear_interface_flags()
1797 pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af, int which) in pfctl_add_pool() argument
1802 pf->paddr.af = af; in pfctl_add_pool()
1804 memcpy(&pf->paddr.addr, pa, sizeof(struct pf_pooladdr)); in pfctl_add_pool()
1805 if ((pf->opts & PF_OPT_NOACTION) == 0) { in pfctl_add_pool()
1806 if ((ret = pfctl_add_addr(pf->h, &pf->paddr, which)) != 0) in pfctl_add_pool()
1823 pfctl_append_rule(struct pfctl *pf, struct pfctl_rule *r, in pfctl_append_rule() argument
1835 rs = &pf->anchor->ruleset; in pfctl_append_rule()
1875 pfctl_append_eth_rule(struct pfctl *pf, struct pfctl_eth_rule *r, in pfctl_append_eth_rule() argument
1882 rs = &pf->eanchor->ruleset; in pfctl_append_eth_rule()
1916 pfctl_eth_ruleset_trans(struct pfctl *pf, char *path, in pfctl_eth_ruleset_trans() argument
1919 int osize = pf->trans->pfrb_size; in pfctl_eth_ruleset_trans()
1921 if ((pf->loadopt & PFCTL_FLAG_ETH) != 0) { in pfctl_eth_ruleset_trans()
1922 if (pfctl_add_trans(pf->trans, PF_RULESET_ETH, path)) in pfctl_eth_ruleset_trans()
1925 if (pfctl_trans(pf->dev, pf->trans, DIOCXBEGIN, osize)) in pfctl_eth_ruleset_trans()
1932 pfctl_ruleset_trans(struct pfctl *pf, char *path, struct pfctl_anchor *a, bool do_eth) in pfctl_ruleset_trans() argument
1934 int osize = pf->trans->pfrb_size; in pfctl_ruleset_trans()
1936 if ((pf->loadopt & PFCTL_FLAG_ETH) != 0 && do_eth) { in pfctl_ruleset_trans()
1937 if (pfctl_add_trans(pf->trans, PF_RULESET_ETH, path)) in pfctl_ruleset_trans()
1940 if ((pf->loadopt & PFCTL_FLAG_NAT) != 0) { in pfctl_ruleset_trans()
1941 if (pfctl_add_trans(pf->trans, PF_RULESET_NAT, path) || in pfctl_ruleset_trans()
1942 pfctl_add_trans(pf->trans, PF_RULESET_BINAT, path) || in pfctl_ruleset_trans()
1943 pfctl_add_trans(pf->trans, PF_RULESET_RDR, path)) in pfctl_ruleset_trans()
1946 if (a == pf->astack[0] && ((altqsupport && in pfctl_ruleset_trans()
1947 (pf->loadopt & PFCTL_FLAG_ALTQ) != 0))) { in pfctl_ruleset_trans()
1948 if (pfctl_add_trans(pf->trans, PF_RULESET_ALTQ, path)) in pfctl_ruleset_trans()
1951 if ((pf->loadopt & PFCTL_FLAG_FILTER) != 0) { in pfctl_ruleset_trans()
1952 if (pfctl_add_trans(pf->trans, PF_RULESET_SCRUB, path) || in pfctl_ruleset_trans()
1953 pfctl_add_trans(pf->trans, PF_RULESET_FILTER, path)) in pfctl_ruleset_trans()
1956 if (pf->loadopt & PFCTL_FLAG_TABLE) in pfctl_ruleset_trans()
1957 if (pfctl_add_trans(pf->trans, PF_RULESET_TABLE, path)) in pfctl_ruleset_trans()
1959 if (pfctl_trans(pf->dev, pf->trans, DIOCXBEGIN, osize)) in pfctl_ruleset_trans()
1966 pfctl_load_eth_ruleset(struct pfctl *pf, char *path, in pfctl_load_eth_ruleset() argument
1973 pf->eanchor = rs->anchor; in pfctl_load_eth_ruleset()
1975 snprintf(&path[len], MAXPATHLEN - len, "/%s", pf->eanchor->name); in pfctl_load_eth_ruleset()
1977 snprintf(&path[len], MAXPATHLEN - len, "%s", pf->eanchor->name); in pfctl_load_eth_ruleset()
1982 if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_eth_ruleset()
1984 if ((pf->opts & PF_OPT_NOACTION) == 0 && in pfctl_load_eth_ruleset()
1985 (error = pfctl_eth_ruleset_trans(pf, in pfctl_load_eth_ruleset()
1991 } else if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_eth_ruleset()
1998 error = pfctl_load_eth_rule(pf, path, r, depth); in pfctl_load_eth_ruleset()
2003 if ((error = pfctl_load_eth_ruleset(pf, path, in pfctl_load_eth_ruleset()
2006 } else if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_eth_ruleset()
2010 if (brace && pf->opts & PF_OPT_VERBOSE) { in pfctl_load_eth_ruleset()
2011 INDENT(depth - 1, (pf->opts & PF_OPT_VERBOSE)); in pfctl_load_eth_ruleset()
2023 pfctl_load_eth_rule(struct pfctl *pf, char *path, struct pfctl_eth_rule *r, in pfctl_load_eth_rule() argument
2048 if ((pf->opts & PF_OPT_NOACTION) == 0) in pfctl_load_eth_rule()
2049 if ((ret = pfctl_add_eth_rule(pf->dev, r, anchor, name, in pfctl_load_eth_rule()
2050 pf->eth_ticket)) != 0) in pfctl_load_eth_rule()
2053 if (pf->opts & PF_OPT_VERBOSE) { in pfctl_load_eth_rule()
2054 INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); in pfctl_load_eth_rule()
2056 pf->opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG)); in pfctl_load_eth_rule()
2065 pfctl_load_ruleset(struct pfctl *pf, char *path, struct pfctl_ruleset *rs, in pfctl_load_ruleset() argument
2072 pf->anchor = rs->anchor; in pfctl_load_ruleset()
2075 snprintf(&path[len], MAXPATHLEN - len, "/%s", pf->anchor->name); in pfctl_load_ruleset()
2077 snprintf(&path[len], MAXPATHLEN - len, "%s", pf->anchor->name); in pfctl_load_ruleset()
2082 if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_ruleset()
2084 if ((pf->opts & PF_OPT_NOACTION) == 0 && in pfctl_load_ruleset()
2085 (error = pfctl_ruleset_trans(pf, in pfctl_load_ruleset()
2091 } else if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_ruleset()
2095 if (pf->optimize && rs_num == PF_RULESET_FILTER) in pfctl_load_ruleset()
2096 pfctl_optimize_ruleset(pf, rs); in pfctl_load_ruleset()
2106 if ((error = pfctl_load_rule(pf, path, r, depth))) in pfctl_load_ruleset()
2109 if ((error = pfctl_load_ruleset(pf, path, in pfctl_load_ruleset()
2112 } else if (pf->opts & PF_OPT_VERBOSE) in pfctl_load_ruleset()
2116 if (brace && pf->opts & PF_OPT_VERBOSE) { in pfctl_load_ruleset()
2117 INDENT(depth - 1, (pf->opts & PF_OPT_VERBOSE)); in pfctl_load_ruleset()
2130 pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) in pfctl_load_rule() argument
2141 if ((pf->opts & PF_OPT_NOACTION) == 0) in pfctl_load_rule()
2142 ticket = pfctl_get_ticket(pf->trans, rs_num, path); in pfctl_load_rule()
2161 if ((pf->opts & PF_OPT_NOACTION) == 0) { in pfctl_load_rule()
2162 if ((pf->opts & PF_OPT_NOACTION) == 0) { in pfctl_load_rule()
2163 if ((error = pfctl_begin_addrs(pf->h, in pfctl_load_rule()
2164 &pf->paddr.ticket)) != 0) in pfctl_load_rule()
2168 if (pfctl_add_pool(pf, &r->rdr, r->af, PF_RDR)) in pfctl_load_rule()
2170 if (pfctl_add_pool(pf, &r->nat, r->naf ? r->naf : r->af, PF_NAT)) in pfctl_load_rule()
2172 if (pfctl_add_pool(pf, &r->route, r->af, PF_RT)) in pfctl_load_rule()
2174 error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket, in pfctl_load_rule()
2175 pf->paddr.ticket); in pfctl_load_rule()
2189 if (pf->opts & PF_OPT_VERBOSE) { in pfctl_load_rule()
2190 INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); in pfctl_load_rule()
2192 pf->opts & PF_OPT_VERBOSE2, in pfctl_load_rule()
2193 pf->opts & PF_OPT_NUMERIC); in pfctl_load_rule()
2204 pfctl_add_altq(struct pfctl *pf, struct pf_altq *a) in pfctl_add_altq() argument
2208 memcpy(&pf->paltq->altq, a, sizeof(struct pf_altq)); in pfctl_add_altq()
2209 if ((pf->opts & PF_OPT_NOACTION) == 0) { in pfctl_add_altq()
2210 if (ioctl(pf->dev, DIOCADDALTQ, pf->paltq)) { in pfctl_add_altq()
2220 pfaltq_store(&pf->paltq->altq); in pfctl_add_altq()
2234 struct pfctl pf; in pfctl_rules() local
2262 memset(&pf, 0, sizeof(pf)); in pfctl_rules()
2269 pf.dev = dev; in pfctl_rules()
2270 pf.h = pfh; in pfctl_rules()
2271 pf.opts = opts; in pfctl_rules()
2272 pf.optimize = optimize; in pfctl_rules()
2273 pf.loadopt = loadopt; in pfctl_rules()
2276 if ((pf.anchor = calloc(1, sizeof(*pf.anchor))) == NULL) in pfctl_rules()
2278 rs = &pf.anchor->ruleset; in pfctl_rules()
2280 rs->anchor = pf.anchor; in pfctl_rules()
2281 if (strlcpy(pf.anchor->path, anchorname, in pfctl_rules()
2282 sizeof(pf.anchor->path)) >= sizeof(pf.anchor->path)) in pfctl_rules()
2284 if (strlcpy(pf.anchor->name, anchorname, in pfctl_rules()
2285 sizeof(pf.anchor->name)) >= sizeof(pf.anchor->name)) in pfctl_rules()
2289 pf.astack[0] = pf.anchor; in pfctl_rules()
2290 pf.asd = 0; in pfctl_rules()
2292 pf.loadopt &= ~PFCTL_FLAG_ALTQ; in pfctl_rules()
2293 pf.paltq = &pa; in pfctl_rules()
2294 pf.trans = t; in pfctl_rules()
2295 pfctl_init_options(&pf); in pfctl_rules()
2298 if ((pf.eanchor = calloc(1, sizeof(*pf.eanchor))) == NULL) in pfctl_rules()
2301 if (strlcpy(pf.eanchor->path, anchorname, in pfctl_rules()
2302 sizeof(pf.eanchor->path)) >= sizeof(pf.eanchor->path)) in pfctl_rules()
2304 if (strlcpy(pf.eanchor->name, anchorname, in pfctl_rules()
2305 sizeof(pf.eanchor->name)) >= sizeof(pf.eanchor->name)) in pfctl_rules()
2308 ethrs = &pf.eanchor->ruleset; in pfctl_rules()
2310 ethrs->anchor = pf.eanchor; in pfctl_rules()
2311 pf.eastack[0] = pf.eanchor; in pfctl_rules()
2319 if (pfctl_ruleset_trans(&pf, anchorname, pf.anchor, true)) in pfctl_rules()
2321 if (pf.loadopt & PFCTL_FLAG_ETH) in pfctl_rules()
2322 pf.eth_ticket = pfctl_get_ticket(t, PF_RULESET_ETH, anchorname); in pfctl_rules()
2323 if (altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ)) in pfctl_rules()
2326 if (pf.loadopt & PFCTL_FLAG_TABLE) in pfctl_rules()
2327 pf.astack[0]->ruleset.tticket = in pfctl_rules()
2331 if (parse_config(filename, &pf) < 0) { in pfctl_rules()
2334 "pf rules not loaded"); in pfctl_rules()
2339 pfctl_adjust_skip_ifaces(&pf); in pfctl_rules()
2341 if ((pf.loadopt & PFCTL_FLAG_FILTER && in pfctl_rules()
2342 (pfctl_load_ruleset(&pf, path, rs, PF_RULESET_SCRUB, 0))) || in pfctl_rules()
2343 (pf.loadopt & PFCTL_FLAG_ETH && in pfctl_rules()
2344 (pfctl_load_eth_ruleset(&pf, path, ethrs, 0))) || in pfctl_rules()
2345 (pf.loadopt & PFCTL_FLAG_NAT && in pfctl_rules()
2346 (pfctl_load_ruleset(&pf, path, rs, PF_RULESET_NAT, 0) || in pfctl_rules()
2347 pfctl_load_ruleset(&pf, path, rs, PF_RULESET_RDR, 0) || in pfctl_rules()
2348 pfctl_load_ruleset(&pf, path, rs, PF_RULESET_BINAT, 0))) || in pfctl_rules()
2349 (pf.loadopt & PFCTL_FLAG_FILTER && in pfctl_rules()
2350 pfctl_load_ruleset(&pf, path, rs, PF_RULESET_FILTER, 0))) { in pfctl_rules()
2357 if ((altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ) != 0)) in pfctl_rules()
2363 if (pfctl_load_anchors(dev, &pf, t) == -1) in pfctl_rules()
2367 if (!anchorname[0] && pfctl_load_options(&pf)) in pfctl_rules()
2413 pfctl_init_options(struct pfctl *pf) in pfctl_init_options() argument
2416 pf->timeout[PFTM_TCP_FIRST_PACKET] = PFTM_TCP_FIRST_PACKET_VAL; in pfctl_init_options()
2417 pf->timeout[PFTM_TCP_OPENING] = PFTM_TCP_OPENING_VAL; in pfctl_init_options()
2418 pf->timeout[PFTM_TCP_ESTABLISHED] = PFTM_TCP_ESTABLISHED_VAL; in pfctl_init_options()
2419 pf->timeout[PFTM_TCP_CLOSING] = PFTM_TCP_CLOSING_VAL; in pfctl_init_options()
2420 pf->timeout[PFTM_TCP_FIN_WAIT] = PFTM_TCP_FIN_WAIT_VAL; in pfctl_init_options()
2421 pf->timeout[PFTM_TCP_CLOSED] = PFTM_TCP_CLOSED_VAL; in pfctl_init_options()
2422 pf->timeout[PFTM_SCTP_FIRST_PACKET] = PFTM_TCP_FIRST_PACKET_VAL; in pfctl_init_options()
2423 pf->timeout[PFTM_SCTP_OPENING] = PFTM_TCP_OPENING_VAL; in pfctl_init_options()
2424 pf->timeout[PFTM_SCTP_ESTABLISHED] = PFTM_TCP_ESTABLISHED_VAL; in pfctl_init_options()
2425 pf->timeout[PFTM_SCTP_CLOSING] = PFTM_TCP_CLOSING_VAL; in pfctl_init_options()
2426 pf->timeout[PFTM_SCTP_CLOSED] = PFTM_TCP_CLOSED_VAL; in pfctl_init_options()
2427 pf->timeout[PFTM_UDP_FIRST_PACKET] = PFTM_UDP_FIRST_PACKET_VAL; in pfctl_init_options()
2428 pf->timeout[PFTM_UDP_SINGLE] = PFTM_UDP_SINGLE_VAL; in pfctl_init_options()
2429 pf->timeout[PFTM_UDP_MULTIPLE] = PFTM_UDP_MULTIPLE_VAL; in pfctl_init_options()
2430 pf->timeout[PFTM_ICMP_FIRST_PACKET] = PFTM_ICMP_FIRST_PACKET_VAL; in pfctl_init_options()
2431 pf->timeout[PFTM_ICMP_ERROR_REPLY] = PFTM_ICMP_ERROR_REPLY_VAL; in pfctl_init_options()
2432 pf->timeout[PFTM_OTHER_FIRST_PACKET] = PFTM_OTHER_FIRST_PACKET_VAL; in pfctl_init_options()
2433 pf->timeout[PFTM_OTHER_SINGLE] = PFTM_OTHER_SINGLE_VAL; in pfctl_init_options()
2434 pf->timeout[PFTM_OTHER_MULTIPLE] = PFTM_OTHER_MULTIPLE_VAL; in pfctl_init_options()
2435 pf->timeout[PFTM_FRAG] = PFTM_FRAG_VAL; in pfctl_init_options()
2436 pf->timeout[PFTM_INTERVAL] = PFTM_INTERVAL_VAL; in pfctl_init_options()
2437 pf->timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL; in pfctl_init_options()
2438 pf->timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL; in pfctl_init_options()
2439 pf->timeout[PFTM_ADAPTIVE_START] = PFSTATE_ADAPT_START; in pfctl_init_options()
2440 pf->timeout[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END; in pfctl_init_options()
2442 pf->limit[PF_LIMIT_STATES] = PFSTATE_HIWAT; in pfctl_init_options()
2443 pf->limit[PF_LIMIT_FRAGS] = PFFRAG_FRENT_HIWAT; in pfctl_init_options()
2444 pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT; in pfctl_init_options()
2445 pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT; in pfctl_init_options()
2447 pf->debug = PF_DEBUG_URGENT; in pfctl_init_options()
2448 pf->reassemble = 0; in pfctl_init_options()
2450 pf->syncookies = false; in pfctl_init_options()
2451 pf->syncookieswat[0] = PF_SYNCOOKIES_LOWATPCT; in pfctl_init_options()
2452 pf->syncookieswat[1] = PF_SYNCOOKIES_HIWATPCT; in pfctl_init_options()
2456 pfctl_load_options(struct pfctl *pf) in pfctl_load_options() argument
2465 if ((pf->opts & PF_OPT_MERGE) && !pf->limit_set[i]) in pfctl_load_options()
2467 if (pfctl_load_limit(pf, i, pf->limit[i])) in pfctl_load_options()
2475 if (pf->limit_set[PF_LIMIT_STATES] && in pfctl_load_options()
2476 !pf->timeout_set[PFTM_ADAPTIVE_START] && in pfctl_load_options()
2477 !pf->timeout_set[PFTM_ADAPTIVE_END]) { in pfctl_load_options()
2478 pf->timeout[PFTM_ADAPTIVE_START] = in pfctl_load_options()
2479 (pf->limit[PF_LIMIT_STATES] / 10) * 6; in pfctl_load_options()
2480 pf->timeout_set[PFTM_ADAPTIVE_START] = 1; in pfctl_load_options()
2481 pf->timeout[PFTM_ADAPTIVE_END] = in pfctl_load_options()
2482 (pf->limit[PF_LIMIT_STATES] / 10) * 12; in pfctl_load_options()
2483 pf->timeout_set[PFTM_ADAPTIVE_END] = 1; in pfctl_load_options()
2488 if ((pf->opts & PF_OPT_MERGE) && !pf->timeout_set[i]) in pfctl_load_options()
2490 if (pfctl_load_timeout(pf, i, pf->timeout[i])) in pfctl_load_options()
2495 if (!(pf->opts & PF_OPT_MERGE) || pf->debug_set) in pfctl_load_options()
2496 if (pfctl_load_debug(pf, pf->debug)) in pfctl_load_options()
2500 if (!(pf->opts & PF_OPT_MERGE) || pf->ifname_set) in pfctl_load_options()
2501 if (pfctl_load_logif(pf, pf->ifname)) in pfctl_load_options()
2505 if (!(pf->opts & PF_OPT_MERGE) || pf->hostid_set) in pfctl_load_options()
2506 if (pfctl_load_hostid(pf, pf->hostid)) in pfctl_load_options()
2510 if (!(pf->opts & PF_OPT_MERGE) || pf->reass_set) in pfctl_load_options()
2511 if (pfctl_load_reassembly(pf, pf->reassemble)) in pfctl_load_options()
2515 if (pfctl_set_keepcounters(pf->dev, pf->keep_counters)) in pfctl_load_options()
2519 if (pfctl_load_syncookies(pf, pf->syncookies)) in pfctl_load_options()
2526 pfctl_apply_limit(struct pfctl *pf, const char *opt, unsigned int limit) in pfctl_apply_limit() argument
2533 pf->limit[pf_limits[i].index] = limit; in pfctl_apply_limit()
2534 pf->limit_set[pf_limits[i].index] = 1; in pfctl_apply_limit()
2543 if (pf->opts & PF_OPT_VERBOSE) in pfctl_apply_limit()
2550 pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit) in pfctl_load_limit() argument
2552 if (pfctl_set_limit(pf->h, index, limit)) { in pfctl_load_limit()
2565 pfctl_apply_timeout(struct pfctl *pf, const char *opt, int seconds, int quiet) in pfctl_apply_timeout() argument
2574 pf->timeout[pf_timeouts[i].timeout] = seconds; in pfctl_apply_timeout()
2575 pf->timeout_set[pf_timeouts[i].timeout] = 1; in pfctl_apply_timeout()
2586 if (pf->opts & PF_OPT_VERBOSE && ! quiet) in pfctl_apply_timeout()
2593 pfctl_load_timeout(struct pfctl *pf, unsigned int timeout, unsigned int seconds) in pfctl_load_timeout() argument
2595 if (pfctl_set_timeout(pf->h, timeout, seconds)) { in pfctl_load_timeout()
2603 pfctl_set_reassembly(struct pfctl *pf, int on, int nodf) in pfctl_set_reassembly() argument
2608 pf->reass_set = 1; in pfctl_set_reassembly()
2610 pf->reassemble = PF_REASS_ENABLED; in pfctl_set_reassembly()
2612 pf->reassemble |= PF_REASS_NODF; in pfctl_set_reassembly()
2614 pf->reassemble = 0; in pfctl_set_reassembly()
2617 if (pf->opts & PF_OPT_VERBOSE) in pfctl_set_reassembly()
2625 pfctl_set_optimization(struct pfctl *pf, const char *opt) in pfctl_set_optimization() argument
2644 if ((r = pfctl_apply_timeout(pf, hint[i].name, in pfctl_set_optimization()
2648 if (pf->opts & PF_OPT_VERBOSE) in pfctl_set_optimization()
2655 pfctl_set_logif(struct pfctl *pf, char *ifname) in pfctl_set_logif() argument
2662 free(pf->ifname); in pfctl_set_logif()
2663 pf->ifname = NULL; in pfctl_set_logif()
2665 pf->ifname = strdup(ifname); in pfctl_set_logif()
2666 if (!pf->ifname) in pfctl_set_logif()
2669 pf->ifname_set = 1; in pfctl_set_logif()
2671 if (pf->opts & PF_OPT_VERBOSE) in pfctl_set_logif()
2678 pfctl_load_logif(struct pfctl *pf, char *ifname) in pfctl_load_logif() argument
2688 pfctl_set_hostid(struct pfctl *pf, u_int32_t hostid) in pfctl_set_hostid() argument
2695 pf->hostid = hostid; in pfctl_set_hostid()
2696 pf->hostid_set = 1; in pfctl_set_hostid()
2698 if (pf->opts & PF_OPT_VERBOSE) in pfctl_set_hostid()
2703 pfctl_load_hostid(struct pfctl *pf, u_int32_t hostid) in pfctl_load_hostid() argument
2713 pfctl_load_reassembly(struct pfctl *pf, u_int32_t reassembly) in pfctl_load_reassembly() argument
2723 pfctl_load_syncookies(struct pfctl *pf, u_int8_t val) in pfctl_load_syncookies() argument
2730 cookies.lowwater = pf->syncookieswat[0]; in pfctl_load_syncookies()
2731 cookies.highwater = pf->syncookieswat[1]; in pfctl_load_syncookies()
2741 pfctl_cfg_syncookies(struct pfctl *pf, uint8_t val, struct pfctl_watermarks *w) in pfctl_cfg_syncookies() argument
2756 pf->syncookieswat[0] = w->lo; in pfctl_cfg_syncookies()
2757 pf->syncookieswat[1] = w->hi; in pfctl_cfg_syncookies()
2758 pf->syncookieswat_set = 1; in pfctl_cfg_syncookies()
2761 if (pf->opts & PF_OPT_VERBOSE) { in pfctl_cfg_syncookies()
2767 if (pf->syncookieswat_set) in pfctl_cfg_syncookies()
2769 "end %u%%)\n", pf->syncookieswat[1], in pfctl_cfg_syncookies()
2770 pf->syncookieswat[0]); in pfctl_cfg_syncookies()
2779 pf->syncookies = val; in pfctl_cfg_syncookies()
2784 pfctl_do_set_debug(struct pfctl *pf, char *d) in pfctl_do_set_debug() argument
2793 pf->debug = PF_DEBUG_NONE; in pfctl_do_set_debug()
2795 pf->debug = PF_DEBUG_URGENT; in pfctl_do_set_debug()
2797 pf->debug = PF_DEBUG_MISC; in pfctl_do_set_debug()
2799 pf->debug = PF_DEBUG_NOISY; in pfctl_do_set_debug()
2805 pf->debug_set = 1; in pfctl_do_set_debug()
2806 level = pf->debug; in pfctl_do_set_debug()
2808 if ((pf->opts & PF_OPT_NOACTION) == 0) in pfctl_do_set_debug()
2812 if (pf->opts & PF_OPT_VERBOSE) in pfctl_do_set_debug()
2819 pfctl_load_debug(struct pfctl *pf, unsigned int level) in pfctl_load_debug() argument
2821 if (pfctl_set_debug(pf->h, level)) { in pfctl_load_debug()
2829 pfctl_set_interface_flags(struct pfctl *pf, char *ifname, int flags, int how) in pfctl_set_interface_flags() argument
2845 pfctl_set_interface_flags(pf, n->ifname, flags, how); in pfctl_set_interface_flags()
2851 if ((pf->opts & PF_OPT_NOACTION) == 0) { in pfctl_set_interface_flags()
2853 if (ioctl(pf->dev, DIOCCLRIFFLAG, &pi)) in pfctl_set_interface_flags()
2854 pfctl_err(pf->opts, 1, "DIOCCLRIFFLAG"); in pfctl_set_interface_flags()
2856 if (ioctl(pf->dev, DIOCSETIFFLAG, &pi)) in pfctl_set_interface_flags()
3135 struct pfctl pf; in pfctl_reset() local
3139 pf.dev = dev; in pfctl_reset()
3140 pf.h = pfh; in pfctl_reset()
3141 pfctl_init_options(&pf); in pfctl_reset()
3144 pf.debug_set = 1; in pfctl_reset()
3145 pf.reass_set = 1; in pfctl_reset()
3146 pf.syncookieswat_set = 1; in pfctl_reset()
3147 pf.ifname = strdup("none"); in pfctl_reset()
3148 if (pf.ifname == NULL) in pfctl_reset()
3150 pf.ifname_set = 1; in pfctl_reset()
3158 pf.limit_set[pf_limits[i].index] = 1; in pfctl_reset()
3161 pf.timeout_set[pf_timeouts[i].timeout] = 1; in pfctl_reset()
3163 pfctl_load_options(&pf); in pfctl_reset()