Lines Matching full:chain
89 static int rewrite_rule_uidx(struct ip_fw_chain *chain,
112 MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
154 static void unref_rule_objects(struct ip_fw_chain *chain, struct ip_fw *rule);
190 ipfw_alloc_rule(struct ip_fw_chain *chain, size_t rulesize) in ipfw_alloc_rule() argument
222 ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id) in ipfw_find_rule() argument
227 for (lo = 0, hi = chain->n_rules - 1; lo < hi;) { in ipfw_find_rule()
229 r = chain->map[i]; in ipfw_find_rule()
246 update_skipto_cache(struct ip_fw_chain *chain, struct ip_fw **map) in update_skipto_cache() argument
251 IPFW_UH_WLOCK_ASSERT(chain); in update_skipto_cache()
255 smap = chain->idxmap_back; in update_skipto_cache()
276 swap_skipto_cache(struct ip_fw_chain *chain) in swap_skipto_cache() argument
280 IPFW_UH_WLOCK_ASSERT(chain); in swap_skipto_cache()
281 IPFW_WLOCK_ASSERT(chain); in swap_skipto_cache()
283 map = chain->idxmap; in swap_skipto_cache()
284 chain->idxmap = chain->idxmap_back; in swap_skipto_cache()
285 chain->idxmap_back = map; in swap_skipto_cache()
292 ipfw_init_skipto_cache(struct ip_fw_chain *chain) in ipfw_init_skipto_cache() argument
304 * provide valid chain->idxmap on return in ipfw_init_skipto_cache()
307 IPFW_UH_WLOCK(chain); in ipfw_init_skipto_cache()
308 if (chain->idxmap != NULL) { in ipfw_init_skipto_cache()
309 IPFW_UH_WUNLOCK(chain); in ipfw_init_skipto_cache()
316 chain->idxmap_back = idxmap_back; in ipfw_init_skipto_cache()
318 update_skipto_cache(chain, chain->map); in ipfw_init_skipto_cache()
319 IPFW_WLOCK(chain); in ipfw_init_skipto_cache()
320 /* It is now safe to set chain->idxmap ptr */ in ipfw_init_skipto_cache()
321 chain->idxmap = idxmap; in ipfw_init_skipto_cache()
322 swap_skipto_cache(chain); in ipfw_init_skipto_cache()
323 IPFW_WUNLOCK(chain); in ipfw_init_skipto_cache()
324 IPFW_UH_WUNLOCK(chain); in ipfw_init_skipto_cache()
331 ipfw_destroy_skipto_cache(struct ip_fw_chain *chain) in ipfw_destroy_skipto_cache() argument
333 free(chain->idxmap, M_IPFW); in ipfw_destroy_skipto_cache()
334 free(chain->idxmap_back, M_IPFW); in ipfw_destroy_skipto_cache()
338 * allocate a new map, returns the chain locked. extra is the number
342 get_map(struct ip_fw_chain *chain, int extra, int locked) in get_map() argument
351 i = chain->n_rules + extra; in get_map()
358 IPFW_UH_WLOCK(chain); in get_map()
359 if (i >= chain->n_rules + extra) /* good */ in get_map()
363 IPFW_UH_WUNLOCK(chain); in get_map()
372 swap_map(struct ip_fw_chain *chain, struct ip_fw **new_map, int new_len) in swap_map() argument
376 IPFW_WLOCK(chain); in swap_map()
377 chain->id++; in swap_map()
378 chain->n_rules = new_len; in swap_map()
379 old_map = chain->map; in swap_map()
380 chain->map = new_map; in swap_map()
381 swap_skipto_cache(chain); in swap_map()
382 IPFW_WUNLOCK(chain); in swap_map()
451 ipfw_commit_rules(struct ip_fw_chain *chain, struct rule_check_info *rci, in ipfw_commit_rules() argument
471 error = rewrite_rule_uidx(chain, ci); in ipfw_commit_rules()
486 IPFW_UH_WLOCK(chain); in ipfw_commit_rules()
491 unref_rule_objects(chain,ci->krule); in ipfw_commit_rules()
494 IPFW_UH_WUNLOCK(chain); in ipfw_commit_rules()
505 map = get_map(chain, count, 0 /* not locked */); in ipfw_commit_rules()
509 IPFW_UH_WLOCK(chain); in ipfw_commit_rules()
514 unref_rule_objects(chain, ci->krule); in ipfw_commit_rules()
516 IPFW_UH_WUNLOCK(chain); in ipfw_commit_rules()
532 krule->id = chain->id + 1; in ipfw_commit_rules()
536 rule_idx = ipfw_find_rule(chain, insert_before, 0); in ipfw_commit_rules()
539 bcopy(chain->map + last_rule_idx, map + last_rule_idx + i, in ipfw_commit_rules()
556 bcopy(chain->map + last_rule_idx, map + last_rule_idx + count, in ipfw_commit_rules()
557 (chain->n_rules - last_rule_idx) * sizeof(struct ip_fw *)); in ipfw_commit_rules()
560 update_skipto_cache(chain, map); in ipfw_commit_rules()
561 map = swap_map(chain, map, chain->n_rules + count); in ipfw_commit_rules()
562 IPFW_UH_WUNLOCK(chain); in ipfw_commit_rules()
569 ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, in ipfw_add_protected_rule() argument
574 map = get_map(chain, 1, locked); in ipfw_add_protected_rule()
577 if (chain->n_rules > 0) in ipfw_add_protected_rule()
578 bcopy(chain->map, map, in ipfw_add_protected_rule()
579 chain->n_rules * sizeof(struct ip_fw *)); in ipfw_add_protected_rule()
580 map[chain->n_rules] = rule; in ipfw_add_protected_rule()
583 rule->id = chain->id + 1; in ipfw_add_protected_rule()
584 /* We add rule in the end of chain, no need to update skipto cache */ in ipfw_add_protected_rule()
585 map = swap_map(chain, map, chain->n_rules + 1); in ipfw_add_protected_rule()
586 IPFW_UH_WUNLOCK(chain); in ipfw_add_protected_rule()
595 ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, in ipfw_reap_add() argument
599 IPFW_UH_WLOCK_ASSERT(chain); in ipfw_reap_add()
602 unref_rule_objects(chain, rule); in ipfw_reap_add()
779 delete_range(struct ip_fw_chain *chain, ipfw_range_tlv *rt, int *ndel) in delete_range() argument
786 IPFW_UH_WLOCK(chain); /* arbitrate writers */ in delete_range()
793 end = chain->n_rules - 1; in delete_range()
796 start = ipfw_find_rule(chain, rt->start_rule, 0); in delete_range()
800 end = ipfw_find_rule(chain, rt->end_rule, UINT32_MAX); in delete_range()
808 ipfw_expire_dyn_states(chain, rt); in delete_range()
809 IPFW_UH_WUNLOCK(chain); in delete_range()
814 map = get_map(chain, 0, 1 /* locked */); in delete_range()
816 IPFW_UH_WUNLOCK(chain); in delete_range()
825 bcopy(chain->map, map, start * sizeof(struct ip_fw *)); in delete_range()
828 rule = chain->map[i]; in delete_range()
839 bcopy(chain->map + end, map + ofs, in delete_range()
840 (chain->n_rules - end) * sizeof(struct ip_fw *)); in delete_range()
842 update_skipto_cache(chain, map); in delete_range()
844 map = swap_map(chain, map, chain->n_rules - n); in delete_range()
847 ipfw_expire_dyn_states(chain, rt); in delete_range()
853 ipfw_reap_add(chain, &reap, rule); in delete_range()
855 IPFW_UH_WUNLOCK(chain); in delete_range()
955 move_range(struct ip_fw_chain *chain, ipfw_range_tlv *rt) in move_range() argument
960 IPFW_UH_WLOCK(chain); in move_range()
969 if ((i = move_objects(chain, rt)) != 0) { in move_range()
970 IPFW_UH_WUNLOCK(chain); in move_range()
975 for (i = 0; i < chain->n_rules; i++) { in move_range()
976 rule = chain->map[i]; in move_range()
982 IPFW_UH_WUNLOCK(chain); in move_range()
1038 clear_range(struct ip_fw_chain *chain, ipfw_range_tlv *rt, int log_only) in clear_range() argument
1047 IPFW_UH_WLOCK(chain); /* arbitrate writers */ in clear_range()
1048 for (i = 0; i < chain->n_rules; i++) { in clear_range()
1049 rule = chain->map[i]; in clear_range()
1055 IPFW_UH_WUNLOCK(chain); in clear_range()
1088 del_rules(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in del_rules() argument
1103 if ((error = delete_range(chain, &rh->range, &ndel)) != 0) in del_rules()
1119 move_rules(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in move_rules() argument
1132 return (move_range(chain, &rh->range)); in move_rules()
1146 clear_rules(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in clear_rules() argument
1163 num = clear_range(chain, &rh->range, log_only); in clear_rules()
1182 enable_sets(struct ip_fw_chain *chain, ipfw_range_tlv *rt) in enable_sets() argument
1186 IPFW_UH_WLOCK_ASSERT(chain); in enable_sets()
1191 IPFW_WLOCK(chain); in enable_sets()
1193 IPFW_WUNLOCK(chain); in enable_sets()
1197 swap_sets(struct ip_fw_chain *chain, ipfw_range_tlv *rt, int mv) in swap_sets() argument
1203 IPFW_UH_WLOCK_ASSERT(chain); in swap_sets()
1217 i = rw->manage_sets(chain, (uint8_t)rt->set, in swap_sets()
1224 for (i = 0; i < chain->n_rules - 1; i++) { in swap_sets()
1225 rule = chain->map[i]; in swap_sets()
1234 rw->manage_sets(chain, (uint8_t)rt->set, in swap_sets()
1248 manage_sets(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in manage_sets() argument
1268 IPFW_UH_WLOCK(chain); in manage_sets()
1272 ret = swap_sets(chain, &rh->range, in manage_sets()
1276 enable_sets(chain, &rh->range); in manage_sets()
1279 IPFW_UH_WUNLOCK(chain); in manage_sets()
1812 dump_static_rules(struct ip_fw_chain *chain, struct dump_args *da, in dump_static_rules() argument
1829 krule = chain->map[i]; in dump_static_rules()
1909 dump_config(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in dump_config() argument
1934 IPFW_UH_RLOCK(chain); in dump_config()
1941 da.e = chain->n_rules; in dump_config()
1947 da.b = ipfw_find_rule(chain, rnum, 0); in dump_config()
1950 da.e = ipfw_find_rule(chain, rnum, UINT32_MAX) + 1; in dump_config()
1955 rule = chain->map[i]; in dump_config()
1959 mark_rule_objects(chain, rule, &da); in dump_config()
1996 error = dump_named_objects(chain, &da, sd); in dump_config()
2002 error = dump_static_rules(chain, &da, sd); in dump_config()
2008 error = ipfw_dump_states(chain, sd); in dump_config()
2011 IPFW_UH_RUNLOCK(chain); in dump_config()
2275 rewrite_rule_uidx(struct ip_fw_chain *chain, struct rule_check_info *ci) in rewrite_rule_uidx() argument
2305 error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti); in rewrite_rule_uidx()
2354 parse_rules_v1(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in parse_rules_v1() argument
2495 import_rule_v1(struct ip_fw_chain *chain, struct rule_check_info *ci) in import_rule_v1() argument
2501 krule = ci->krule = ipfw_alloc_rule(chain, RULEKSIZE1(urule)); in import_rule_v1()
2517 * Adds one or more rules to ipfw @chain.
2520 add_rules(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in add_rules() argument
2530 ret = parse_rules_v1(chain, op3, sd, &rtlv, &nci); in add_rules()
2537 import_rule_v1(chain, ci); in add_rules()
2539 * Try to add new rules to the chain. in add_rules()
2541 if ((ret = ipfw_commit_rules(chain, nci, rtlv->count)) != 0) { in add_rules()
2559 dump_soptcodes(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in dump_soptcodes() argument
2820 dump_srvobjects(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in dump_srvobjects() argument
2830 IPFW_UH_RLOCK(chain); in dump_srvobjects()
2831 count = ipfw_objhash_count(CHAIN_TO_SRV(chain)); in dump_srvobjects()
2834 IPFW_UH_RUNLOCK(chain); in dump_srvobjects()
2840 ipfw_objhash_foreach(CHAIN_TO_SRV(chain), in dump_srvobjects()
2842 IPFW_UH_RUNLOCK(chain); in dump_srvobjects()
2847 ipfw_enable_skipto_cache(struct ip_fw_chain *chain) in ipfw_enable_skipto_cache() argument
2850 IPFW_UH_WLOCK_ASSERT(chain); in ipfw_enable_skipto_cache()
2851 update_skipto_cache(chain, chain->map); in ipfw_enable_skipto_cache()
2853 IPFW_WLOCK(chain); in ipfw_enable_skipto_cache()
2854 swap_skipto_cache(chain); in ipfw_enable_skipto_cache()
2856 IPFW_WUNLOCK(chain); in ipfw_enable_skipto_cache()
2866 manage_skiptocache(struct ip_fw_chain *chain, ip_fw3_opheader *op3, in manage_skiptocache() argument
2879 IPFW_UH_WLOCK(chain); in manage_skiptocache()
2882 ipfw_enable_skipto_cache(chain); in manage_skiptocache()
2885 IPFW_UH_WUNLOCK(chain); in manage_skiptocache()
3178 struct ip_fw_chain *chain; in ipfw_ctl3() local
3191 chain = &V_layer3_chain; in ipfw_ctl3()
3281 error = h.handler(chain, op3, &sdata); in ipfw_ctl3()