Lines Matching +full:tlv +full:- +full:layout
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
138 #define CTL3_SMALLBUF 4096 /* small page-size write buffer */
206 rule->cntr = uma_zalloc_pcpu(V_ipfw_cntr_zone, M_WAITOK | M_ZERO); in ipfw_alloc_rule()
207 rule->refcnt = 1; in ipfw_alloc_rule()
222 if (rule->refcnt > 1) in ipfw_free_rule()
224 uma_zfree_pcpu(V_ipfw_cntr_zone, rule->cntr); in ipfw_free_rule()
238 for (lo = 0, hi = chain->n_rules - 1; lo < hi;) { in ipfw_find_rule()
240 r = chain->map[i]; in ipfw_find_rule()
241 if (r->rulenum < key) in ipfw_find_rule()
243 else if (r->rulenum > key) in ipfw_find_rule()
245 else if (r->id < id) in ipfw_find_rule()
247 else /* r->id >= id */ in ipfw_find_rule()
265 rulenum = map[mi]->rulenum; in update_skipto_cache()
266 smap = chain->idxmap_back; in update_skipto_cache()
277 rulenum = map[++mi]->rulenum; in update_skipto_cache()
279 rulenum = map[++mi]->rulenum; in update_skipto_cache()
294 map = chain->idxmap; in swap_skipto_cache()
295 chain->idxmap = chain->idxmap_back; in swap_skipto_cache()
296 chain->idxmap_back = map; in swap_skipto_cache()
313 * provide valid chain->idxmap on return in ipfw_init_skipto_cache()
317 if (chain->idxmap != NULL) { in ipfw_init_skipto_cache()
325 chain->idxmap_back = idxmap_back; in ipfw_init_skipto_cache()
326 update_skipto_cache(chain, chain->map); in ipfw_init_skipto_cache()
328 /* It is now safe to set chain->idxmap ptr */ in ipfw_init_skipto_cache()
329 chain->idxmap = idxmap; in ipfw_init_skipto_cache()
342 if (chain->idxmap != NULL) in ipfw_destroy_skipto_cache()
343 free(chain->idxmap, M_IPFW); in ipfw_destroy_skipto_cache()
344 if (chain->idxmap != NULL) in ipfw_destroy_skipto_cache()
345 free(chain->idxmap_back, M_IPFW); in ipfw_destroy_skipto_cache()
362 i = chain->n_rules + extra; in get_map()
370 if (i >= chain->n_rules + extra) /* good */ in get_map()
388 chain->id++; in swap_map()
389 chain->n_rules = new_len; in swap_map()
390 old_map = chain->map; in swap_map()
391 chain->map = new_map; in swap_map()
402 cntr->size = sizeof(*cntr); in export_cntr1_base()
404 if (krule->cntr != NULL) { in export_cntr1_base()
405 cntr->pcnt = counter_u64_fetch(krule->cntr); in export_cntr1_base()
406 cntr->bcnt = counter_u64_fetch(krule->cntr + 1); in export_cntr1_base()
407 cntr->timestamp = krule->timestamp; in export_cntr1_base()
409 if (cntr->timestamp > 0) { in export_cntr1_base()
411 cntr->timestamp += boottime.tv_sec; in export_cntr1_base()
420 if (krule->cntr != NULL) { in export_cntr0_base()
421 cntr->pcnt = counter_u64_fetch(krule->cntr); in export_cntr0_base()
422 cntr->bcnt = counter_u64_fetch(krule->cntr + 1); in export_cntr0_base()
423 cntr->timestamp = krule->timestamp; in export_cntr0_base()
425 if (cntr->timestamp > 0) { in export_cntr0_base()
427 cntr->timestamp += boottime.tv_sec; in export_cntr0_base()
442 urule = (struct ip_fw_rule *)ci->urule; in import_rule1()
443 krule = (struct ip_fw *)ci->krule; in import_rule1()
446 krule->act_ofs = urule->act_ofs; in import_rule1()
447 krule->cmd_len = urule->cmd_len; in import_rule1()
448 krule->rulenum = urule->rulenum; in import_rule1()
449 krule->set = urule->set; in import_rule1()
450 krule->flags = urule->flags; in import_rule1()
453 ci->urule_numoff = offsetof(struct ip_fw_rule, rulenum); in import_rule1()
456 memcpy(krule->cmd, urule->cmd, krule->cmd_len * sizeof(uint32_t)); in import_rule1()
461 * Layout:
473 ipfw_obj_tlv *tlv; in export_rule1() local
475 /* Fill in TLV header */ in export_rule1()
476 tlv = (ipfw_obj_tlv *)data; in export_rule1()
477 tlv->type = IPFW_TLV_RULE_ENT; in export_rule1()
478 tlv->length = len; in export_rule1()
482 cntr = (struct ip_fw_bcounter *)(tlv + 1); in export_rule1()
486 urule = (struct ip_fw_rule *)(tlv + 1); in export_rule1()
489 urule->act_ofs = krule->act_ofs; in export_rule1()
490 urule->cmd_len = krule->cmd_len; in export_rule1()
491 urule->rulenum = krule->rulenum; in export_rule1()
492 urule->set = krule->set; in export_rule1()
493 urule->flags = krule->flags; in export_rule1()
494 urule->id = krule->id; in export_rule1()
497 memcpy(urule->cmd, krule->cmd, krule->cmd_len * sizeof(uint32_t)); in export_rule1()
515 urule = (struct ip_fw_rule0 *)ci->urule; in import_rule0()
516 krule = (struct ip_fw *)ci->krule; in import_rule0()
519 krule->act_ofs = urule->act_ofs; in import_rule0()
520 krule->cmd_len = urule->cmd_len; in import_rule0()
521 krule->rulenum = urule->rulenum; in import_rule0()
522 krule->set = urule->set; in import_rule0()
523 if ((urule->_pad & 1) != 0) in import_rule0()
524 krule->flags |= IPFW_RULE_NOOPT; in import_rule0()
527 ci->urule_numoff = offsetof(struct ip_fw_rule0, rulenum); in import_rule0()
530 memcpy(krule->cmd, urule->cmd, krule->cmd_len * sizeof(uint32_t)); in import_rule0()
540 l = krule->cmd_len; in import_rule0()
541 cmd = krule->cmd; in import_rule0()
544 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in import_rule0()
547 switch (cmd->opcode) { in import_rule0()
560 if (cmd->arg1 == IP_FW_TABLEARG) in import_rule0()
561 cmd->arg1 = IP_FW_TARG; in import_rule0()
562 else if (cmd->arg1 == 0) in import_rule0()
563 cmd->arg1 = IP_FW_NAT44_GLOBAL; in import_rule0()
569 if (cmd->arg1 == IP_FW_TABLEARG) in import_rule0()
570 cmd->arg1 = IP_FW_TARG; in import_rule0()
572 cmd->arg1 |= 0x8000; in import_rule0()
576 if (lcmd->conn_limit == IP_FW_TABLEARG) in import_rule0()
577 lcmd->conn_limit = IP_FW_TARG; in import_rule0()
585 if (cmdif->name[0] != '\1') in import_rule0()
588 cmdif->p.kidx = (uint16_t)cmdif->p.glob; in import_rule0()
607 urule->act_ofs = krule->act_ofs; in export_rule0()
608 urule->cmd_len = krule->cmd_len; in export_rule0()
609 urule->rulenum = krule->rulenum; in export_rule0()
610 urule->set = krule->set; in export_rule0()
611 if ((krule->flags & IPFW_RULE_NOOPT) != 0) in export_rule0()
612 urule->_pad |= 1; in export_rule0()
615 memcpy(urule->cmd, krule->cmd, krule->cmd_len * sizeof(uint32_t)); in export_rule0()
618 export_cntr0_base(krule, (struct ip_fw_bcounter0 *)&urule->pcnt); in export_rule0()
626 l = urule->cmd_len; in export_rule0()
627 cmd = urule->cmd; in export_rule0()
630 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in export_rule0()
633 switch (cmd->opcode) { in export_rule0()
646 if (cmd->arg1 == IP_FW_TARG) in export_rule0()
647 cmd->arg1 = IP_FW_TABLEARG; in export_rule0()
648 else if (cmd->arg1 == IP_FW_NAT44_GLOBAL) in export_rule0()
649 cmd->arg1 = 0; in export_rule0()
655 if (cmd->arg1 == IP_FW_TARG) in export_rule0()
656 cmd->arg1 = IP_FW_TABLEARG; in export_rule0()
658 cmd->arg1 &= ~0x8000; in export_rule0()
662 if (lcmd->conn_limit == IP_FW_TARG) in export_rule0()
663 lcmd->conn_limit = IP_FW_TABLEARG; in export_rule0()
671 if (cmdif->name[0] != '\1') in export_rule0()
674 cmdif->p.glob = cmdif->p.kidx; in export_rule0()
697 if (ci->object_opcodes == 0) in commit_rules()
702 * We need to find (and create non-existing) in commit_rules()
720 ci--; in commit_rules()
721 if (ci->object_opcodes == 0) in commit_rules()
723 unref_rule_objects(chain,ci->krule); in commit_rules()
741 if (ci->object_opcodes == 0) in commit_rules()
744 unref_rule_objects(chain, ci->krule); in commit_rules()
759 krule = ci->krule; in commit_rules()
760 rulenum = krule->rulenum; in commit_rules()
767 bcopy(chain->map, map, i * sizeof(struct ip_fw *)); in commit_rules()
770 bcopy(chain->map + i, map + i + 1, in commit_rules()
771 sizeof(struct ip_fw *) *(chain->n_rules - i)); in commit_rules()
774 rulenum = i > 0 ? map[i-1]->rulenum : 0; in commit_rules()
775 if (rulenum < IPFW_DEFAULT_RULE - V_autoinc_step) in commit_rules()
777 krule->rulenum = rulenum; in commit_rules()
779 pnum = (uint16_t *)((caddr_t)ci->urule + ci->urule_numoff); in commit_rules()
783 krule->id = chain->id + 1; in commit_rules()
785 map = swap_map(chain, map, chain->n_rules + 1); in commit_rules()
786 chain->static_len += RULEUSIZE0(krule); in commit_rules()
802 if (chain->n_rules > 0) in ipfw_add_protected_rule()
803 bcopy(chain->map, map, in ipfw_add_protected_rule()
804 chain->n_rules * sizeof(struct ip_fw *)); in ipfw_add_protected_rule()
805 map[chain->n_rules] = rule; in ipfw_add_protected_rule()
806 rule->rulenum = IPFW_DEFAULT_RULE; in ipfw_add_protected_rule()
807 rule->set = RESVD_SET; in ipfw_add_protected_rule()
808 rule->id = chain->id + 1; in ipfw_add_protected_rule()
810 map = swap_map(chain, map, chain->n_rules + 1); in ipfw_add_protected_rule()
811 chain->static_len += RULEUSIZE0(rule); in ipfw_add_protected_rule()
830 rule->next = *head; in ipfw_reap_add()
845 head = head->next; in ipfw_reap_rules()
854 * default ::= (rule->rulenum == IPFW_DEFAULT_RULE)
857 * reserved ::= (cmd == 0 && n == 0 && rule->set == RESVD_SET)
860 * match_set ::= (cmd == 0 || rule->set == set)
863 * match_number ::= (cmd == 1 || n == 0 || n == rule->rulenum)
872 if (rule->rulenum == IPFW_DEFAULT_RULE && in ipfw_match_range()
873 (rt->flags & IPFW_RCFLAG_DEFAULT) == 0) in ipfw_match_range()
877 if ((rt->flags & IPFW_RCFLAG_ALL) != 0 && rule->set == RESVD_SET) in ipfw_match_range()
881 if ((rt->flags & IPFW_RCFLAG_SET) != 0 && rule->set != rt->set) in ipfw_match_range()
884 if ((rt->flags & IPFW_RCFLAG_RANGE) != 0 && in ipfw_match_range()
885 (rule->rulenum < rt->start_rule || rule->rulenum > rt->end_rule)) in ipfw_match_range()
903 if (no->set == (uint8_t)args->set) in swap_sets_cb()
904 no->set = args->new_set; in swap_sets_cb()
905 else if (no->set == args->new_set) in swap_sets_cb()
906 no->set = (uint8_t)args->set; in swap_sets_cb()
917 if (no->set == (uint8_t)args->set) in move_sets_cb()
918 no->set = args->new_set; in move_sets_cb()
929 if (no->set != (uint8_t)args->set) in test_sets_cb()
931 if (ipfw_objhash_lookup_name_type(ni, args->new_set, in test_sets_cb()
932 no->etlv, no->name) != NULL) in test_sets_cb()
962 * When @new_set is zero - reset object counter, in ipfw_obj_manage_sets()
967 no->ocnt++; in ipfw_obj_manage_sets()
969 no->ocnt = 0; in ipfw_obj_manage_sets()
979 * to some going-to-be-added rules. Since we don't know in ipfw_obj_manage_sets()
983 if (no->ocnt != no->refcnt) in ipfw_obj_manage_sets()
986 no->name) != NULL) in ipfw_obj_manage_sets()
992 no->set = new_set; in ipfw_obj_manage_sets()
1016 * Range is half-inclusive, e.g [start, end). in delete_range()
1019 end = chain->n_rules - 1; in delete_range()
1021 if ((rt->flags & IPFW_RCFLAG_RANGE) != 0) { in delete_range()
1022 start = ipfw_find_rule(chain, rt->start_rule, 0); in delete_range()
1024 if (rt->end_rule >= IPFW_DEFAULT_RULE) in delete_range()
1025 rt->end_rule = IPFW_DEFAULT_RULE - 1; in delete_range()
1026 end = ipfw_find_rule(chain, rt->end_rule, UINT32_MAX); in delete_range()
1029 if (rt->flags & IPFW_RCFLAG_DYNAMIC) { in delete_range()
1051 bcopy(chain->map, map, start * sizeof(struct ip_fw *)); in delete_range()
1054 rule = chain->map[i]; in delete_range()
1065 bcopy(chain->map + end, map + ofs, in delete_range()
1066 (chain->n_rules - end) * sizeof(struct ip_fw *)); in delete_range()
1070 map = swap_map(chain, map, chain->n_rules - n); in delete_range()
1079 chain->static_len -= RULEUSIZE0(rule); in delete_range()
1103 for (c = 0, i = 0; i < ch->n_rules - 1; i++) { in move_objects()
1104 rule = ch->map[i]; in move_objects()
1107 if (rule->set == rt->new_set) /* nothing to do */ in move_objects()
1110 for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd; in move_objects()
1111 l > 0; l -= cmdlen, cmd += cmdlen) { in move_objects()
1114 if (rw == NULL || rw->manage_sets == NULL) in move_objects()
1117 * When manage_sets() returns non-zero value to in move_objects()
1122 if (rw->manage_sets(ch, kidx, 1, COUNT_ONE) != 0) in move_objects()
1130 for (c = 0, i = 0; (i < ch->n_rules - 1) && c == 0; i++) { in move_objects()
1131 rule = ch->map[i]; in move_objects()
1134 if (rule->set == rt->new_set) /* nothing to do */ in move_objects()
1137 for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd; in move_objects()
1138 l > 0 && c == 0; l -= cmdlen, cmd += cmdlen) { in move_objects()
1141 if (rw == NULL || rw->manage_sets == NULL) in move_objects()
1144 c = rw->manage_sets(ch, kidx, in move_objects()
1145 (uint8_t)rt->new_set, TEST_ONE); in move_objects()
1149 for (i = 0; i < ch->n_rules - 1; i++) { in move_objects()
1150 rule = ch->map[i]; in move_objects()
1153 if (rule->set == rt->new_set) /* nothing to do */ in move_objects()
1156 for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd; in move_objects()
1157 l > 0; l -= cmdlen, cmd += cmdlen) { in move_objects()
1160 if (rw == NULL || rw->manage_sets == NULL) in move_objects()
1163 rw->manage_sets(ch, kidx, in move_objects()
1168 rw->manage_sets(ch, kidx, in move_objects()
1169 (uint8_t)rt->new_set, MOVE_ONE); in move_objects()
1202 for (i = 0; i < chain->n_rules; i++) { in move_range()
1203 rule = chain->map[i]; in move_range()
1206 rule->set = rt->new_set; in move_range()
1225 l = rule->cmd_len - rule->act_ofs; in ipfw_get_action()
1227 switch (cmd->opcode) { in ipfw_get_action()
1236 l -= cmdlen; in ipfw_get_action()
1255 if (l->o.opcode == O_LOG) in clear_counters()
1256 l->log_left = l->max_log; in clear_counters()
1272 rt->flags |= IPFW_RCFLAG_DEFAULT; in clear_range()
1275 for (i = 0; i < chain->n_rules; i++) { in clear_range()
1276 rule = chain->map[i]; in clear_range()
1291 if (rt->head.length != sizeof(*rt)) in check_range_tlv()
1293 if (rt->start_rule > rt->end_rule) in check_range_tlv()
1295 if (rt->set >= IPFW_MAX_SETS || rt->new_set >= IPFW_MAX_SETS) in check_range_tlv()
1298 if ((rt->flags & IPFW_RCFLAG_USER) != rt->flags) in check_range_tlv()
1306 * Data layout (v0)(current):
1310 * Saves number of deleted rules in ipfw_range_tlv->new_set.
1321 if (sd->valsize != sizeof(*rh)) in del_rules()
1324 rh = (ipfw_range_header *)ipfw_get_sopt_space(sd, sd->valsize); in del_rules()
1326 if (check_range_tlv(&rh->range) != 0) in del_rules()
1330 if ((error = delete_range(chain, &rh->range, &ndel)) != 0) in del_rules()
1334 rh->range.new_set = ndel; in del_rules()
1340 * Data layout (v0)(current):
1351 if (sd->valsize != sizeof(*rh)) in move_rules()
1354 rh = (ipfw_range_header *)ipfw_get_sopt_space(sd, sd->valsize); in move_rules()
1356 if (check_range_tlv(&rh->range) != 0) in move_rules()
1359 return (move_range(chain, &rh->range)); in move_rules()
1364 * Data layout (v0)(current):
1368 * Saves number of cleared rules in ipfw_range_tlv->new_set.
1380 if (sd->valsize != sizeof(*rh)) in clear_rules()
1383 rh = (ipfw_range_header *)ipfw_get_sopt_space(sd, sd->valsize); in clear_rules()
1385 if (check_range_tlv(&rh->range) != 0) in clear_rules()
1388 log_only = (op3->opcode == IP_FW_XRESETLOG); in clear_rules()
1390 num = clear_range(chain, &rh->range, log_only); in clear_rules()
1392 if (rh->range.flags & IPFW_RCFLAG_ALL) in clear_rules()
1404 rh->range.new_set = num; in clear_rules()
1416 v_set = (V_set_disable | rt->set) & ~rt->new_set; in enable_sets()
1432 if (rt->set == rt->new_set) /* nothing to do */ in swap_sets()
1442 if (rw->manage_sets == NULL) in swap_sets()
1444 i = rw->manage_sets(chain, (uint8_t)rt->set, in swap_sets()
1445 (uint8_t)rt->new_set, TEST_ALL); in swap_sets()
1451 for (i = 0; i < chain->n_rules - 1; i++) { in swap_sets()
1452 rule = chain->map[i]; in swap_sets()
1453 if (rule->set == (uint8_t)rt->set) in swap_sets()
1454 rule->set = (uint8_t)rt->new_set; in swap_sets()
1455 else if (rule->set == (uint8_t)rt->new_set && mv == 0) in swap_sets()
1456 rule->set = (uint8_t)rt->set; in swap_sets()
1459 if (rw->manage_sets == NULL) in swap_sets()
1461 rw->manage_sets(chain, (uint8_t)rt->set, in swap_sets()
1462 (uint8_t)rt->new_set, mv != 0 ? MOVE_ALL: SWAP_ALL); in swap_sets()
1469 * Data layout (v0)(current):
1481 if (sd->valsize != sizeof(*rh)) in manage_sets()
1484 rh = (ipfw_range_header *)ipfw_get_sopt_space(sd, sd->valsize); in manage_sets()
1486 if (rh->range.head.length != sizeof(ipfw_range_tlv)) in manage_sets()
1489 if (op3->opcode != IP_FW_SET_ENABLE && in manage_sets()
1490 (rh->range.set >= IPFW_MAX_SETS || in manage_sets()
1491 rh->range.new_set >= IPFW_MAX_SETS)) in manage_sets()
1496 switch (op3->opcode) { in manage_sets()
1499 ret = swap_sets(chain, &rh->range, in manage_sets()
1500 op3->opcode == IP_FW_SET_MOVE); in manage_sets()
1503 enable_sets(chain, &rh->range); in manage_sets()
1632 for (i = 0; i < chain->n_rules; i++) { in zero_entry()
1633 rule = chain->map[i]; in zero_entry()
1635 if (cmd == 1 && rule->set != set) in zero_entry()
1643 for (i = 0; i < chain->n_rules; i++) { in zero_entry()
1644 rule = chain->map[i]; in zero_entry()
1645 if (rule->rulenum == rulenum) { in zero_entry()
1646 if (cmd == 0 || rule->set == set) in zero_entry()
1650 if (rule->rulenum > rulenum) in zero_entry()
1693 if (rule->act_ofs >= rule->cmd_len) { in check_ipfw_rule1()
1695 rule->act_ofs, rule->cmd_len - 1); in check_ipfw_rule1()
1699 if (rule->rulenum > IPFW_DEFAULT_RULE - 1) in check_ipfw_rule1()
1702 return (check_ipfw_rule_body(rule->cmd, rule->cmd_len, ci)); in check_ipfw_rule1()
1721 l = sizeof(*rule) + rule->cmd_len * 4 - 4; in check_ipfw_rule0()
1726 if (rule->act_ofs >= rule->cmd_len) { in check_ipfw_rule0()
1728 rule->act_ofs, rule->cmd_len - 1); in check_ipfw_rule0()
1732 if (rule->rulenum > IPFW_DEFAULT_RULE - 1) in check_ipfw_rule0()
1735 return (check_ipfw_rule_body(rule->cmd, rule->cmd_len, ci)); in check_ipfw_rule0()
1750 for (l = cmd_len; l > 0 ; l -= cmdlen, cmd += cmdlen) { in check_ipfw_rule_body()
1754 cmd->opcode); in check_ipfw_rule_body()
1757 switch (cmd->opcode) { in check_ipfw_rule_body()
1762 ci->object_opcodes++; in check_ipfw_rule_body()
1797 if (cmd->arg1 == 0 || in check_ipfw_rule_body()
1803 ci->object_opcodes++; in check_ipfw_rule_body()
1809 l -= cmdlen; in check_ipfw_rule_body()
1812 if (cmd->opcode == O_EXTERNAL_DATA) in check_ipfw_rule_body()
1814 if (cmd->opcode != O_EXTERNAL_INSTANCE) { in check_ipfw_rule_body()
1817 cmd->opcode); in check_ipfw_rule_body()
1820 if (cmd->arg1 == 0 || in check_ipfw_rule_body()
1826 ci->object_opcodes++; in check_ipfw_rule_body()
1833 if (cmd->arg1 >= rt_numfibs) { in check_ipfw_rule_body()
1835 cmd->arg1); in check_ipfw_rule_body()
1843 if ((cmd->arg1 != IP_FW_TARG) && in check_ipfw_rule_body()
1844 ((cmd->arg1 & 0x7FFF) >= rt_numfibs)) { in check_ipfw_rule_body()
1846 cmd->arg1 & 0x7FFF); in check_ipfw_rule_body()
1867 ci->object_opcodes++; in check_ipfw_rule_body()
1874 ((ipfw_insn_log *)cmd)->log_left = in check_ipfw_rule_body()
1875 ((ipfw_insn_log *)cmd)->max_log; in check_ipfw_rule_body()
1888 if (cmd->arg1 == 0 || cmd->arg1 > 256) { in check_ipfw_rule_body()
1890 cmd->arg1); in check_ipfw_rule_body()
1894 (cmd->arg1+31)/32 ) in check_ipfw_rule_body()
1902 if (cmd->arg1 >= V_fw_tables_max) { in check_ipfw_rule_body()
1904 cmd->arg1); in check_ipfw_rule_body()
1911 ci->object_opcodes++; in check_ipfw_rule_body()
1916 if (cmd->arg1 >= V_fw_tables_max) { in check_ipfw_rule_body()
1918 cmd->arg1); in check_ipfw_rule_body()
1924 ci->object_opcodes++; in check_ipfw_rule_body()
1961 ci->object_opcodes++; in check_ipfw_rule_body()
2005 ci->object_opcodes++; in check_ipfw_rule_body()
2035 cmd->opcode); in check_ipfw_rule_body()
2042 cmd->opcode); in check_ipfw_rule_body()
2056 ((ipfw_insn_u32 *)cmd)->o.arg1) in check_ipfw_rule_body()
2072 switch (cmd->opcode) { in check_ipfw_rule_body()
2090 cmd->opcode); in check_ipfw_rule_body()
2103 cmd->opcode, cmdlen); in check_ipfw_rule_body()
2120 uint16_t act_ofs; /* offset of action in 32-bit units */
2121 uint16_t cmd_len; /* # of 32-bit words in cmd */
2140 ((struct ip_fw7 *)(rule))->cmd_len * 4 - 4)
2163 for (i = 0; i < chain->n_rules; i++) { in ipfw_getrules()
2164 rule = chain->map[i]; in ipfw_getrules()
2184 &(((struct ip_fw7 *)bp)->next_rule), in ipfw_getrules()
2186 if (((struct ip_fw7 *)bp)->timestamp) in ipfw_getrules()
2187 ((struct ip_fw7 *)bp)->timestamp += boot_seconds; in ipfw_getrules()
2210 bcopy(&V_set_disable, &dst->next_rule, sizeof(V_set_disable)); in ipfw_getrules()
2211 if (dst->timestamp) in ipfw_getrules()
2212 dst->timestamp += boot_seconds; in ipfw_getrules()
2217 /* Non-fatal table rewrite error. */ in ipfw_getrules()
2222 rule->rulenum); in ipfw_getrules()
2230 return (bp - (char *)buf); in ipfw_getrules()
2247 ntlv->head.type = no->etlv; in ipfw_export_obj_ntlv()
2248 ntlv->head.length = sizeof(*ntlv); in ipfw_export_obj_ntlv()
2249 ntlv->idx = no->kidx; in ipfw_export_obj_ntlv()
2250 strlcpy(ntlv->name, no->name, sizeof(ntlv->name)); in ipfw_export_obj_ntlv()
2255 * to ipfw_obj_ntlv. TLV is allocated from @sd space.
2283 for (i = 0; i < IPFW_TABLES_MAX && da->tcount > 0; i++) { in export_named_objects()
2284 if ((da->bmask[i / 32] & (1 << (i % 32))) == 0) in export_named_objects()
2288 da->tcount--; in export_named_objects()
2300 MPASS(da->tcount > 0); in dump_named_objects()
2305 ctlv->head.type = IPFW_TLV_TBLNAME_LIST; in dump_named_objects()
2306 ctlv->head.length = da->tcount * sizeof(ipfw_obj_ntlv) + in dump_named_objects()
2308 ctlv->count = da->tcount; in dump_named_objects()
2309 ctlv->objsize = sizeof(ipfw_obj_ntlv); in dump_named_objects()
2316 da->bmask += IPFW_TABLES_MAX / 32; in dump_named_objects()
2338 ctlv->head.type = IPFW_TLV_RULE_LIST; in dump_static_rules()
2339 ctlv->head.length = da->rsize + sizeof(*ctlv); in dump_static_rules()
2340 ctlv->count = da->rcount; in dump_static_rules()
2342 for (i = da->b; i < da->e; i++) { in dump_static_rules()
2343 krule = chain->map[i]; in dump_static_rules()
2346 if (da->rcounters != 0) in dump_static_rules()
2352 export_rule1(krule, dst, l, da->rcounters); in dump_static_rules()
2364 * Maintain separate bitmasks for table and non-table objects. in ipfw_mark_object_kidx()
2390 l = rule->cmd_len; in mark_rule_objects()
2391 cmd = rule->cmd; in mark_rule_objects()
2393 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in mark_rule_objects()
2400 if (ipfw_mark_object_kidx(da->bmask, rw->etlv, kidx)) in mark_rule_objects()
2401 da->tcount++; in mark_rule_objects()
2407 * Data layout (version 0)(current):
2444 if (hdr->flags & (IPFW_CFG_GET_STATIC | IPFW_CFG_GET_STATES)) in dump_config()
2455 da.e = chain->n_rules; in dump_config()
2457 if (hdr->end_rule != 0) { in dump_config()
2459 if ((rnum = hdr->start_rule) > IPFW_DEFAULT_RULE) in dump_config()
2462 rnum = (hdr->end_rule < IPFW_DEFAULT_RULE) ? in dump_config()
2463 hdr->end_rule + 1: IPFW_DEFAULT_RULE; in dump_config()
2467 if (hdr->flags & IPFW_CFG_GET_STATIC) { in dump_config()
2469 rule = chain->map[i]; in dump_config()
2476 if (hdr->flags & IPFW_CFG_GET_COUNTERS) { in dump_config()
2483 if (hdr->flags & IPFW_CFG_GET_STATES) { in dump_config()
2498 hdr->size = sz; in dump_config()
2499 hdr->set_mask = ~V_set_disable; in dump_config()
2500 hdr_flags = hdr->flags; in dump_config()
2503 if (sd->valsize < sz) { in dump_config()
2538 nsize = sizeof(((ipfw_obj_ntlv *)0)->name); in ipfw_check_object_name_generic()
2547 * Creates non-existent objects referenced by rule.
2561 * Compatibility stuff: do actual creation for non-existing, in create_objects_compat()
2565 if (p->kidx != 0) in create_objects_compat()
2568 ti->uidx = p->uidx; in create_objects_compat()
2569 ti->type = p->type; in create_objects_compat()
2570 ti->atype = 0; in create_objects_compat()
2572 rw = find_op_rw(cmd + p->off, NULL, NULL); in create_objects_compat()
2574 (cmd + p->off)->opcode)); in create_objects_compat()
2576 if (rw->create_object == NULL) in create_objects_compat()
2579 error = rw->create_object(ch, ti, &kidx); in create_objects_compat()
2581 p->kidx = kidx; in create_objects_compat()
2621 l = rule->cmd_len; in set_legacy_obj_kidx()
2622 cmd = rule->cmd; in set_legacy_obj_kidx()
2624 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in set_legacy_obj_kidx()
2633 no = rw->find_bykidx(ch, kidx); in set_legacy_obj_kidx()
2637 val = strtol(no->name, &end, 10); in set_legacy_obj_kidx()
2650 rw->update(cmd, uidx); in set_legacy_obj_kidx()
2657 * Unreferences all already-referenced objects in given @cmd rule,
2673 if (p->kidx == 0) in unref_oib_objects()
2676 rw = find_op_rw(cmd + p->off, NULL, NULL); in unref_oib_objects()
2678 (cmd + p->off)->opcode)); in unref_oib_objects()
2681 no = rw->find_bykidx(ch, p->kidx); in unref_oib_objects()
2682 KASSERT(no != NULL, ("Ref'd object %d disappeared", p->kidx)); in unref_oib_objects()
2683 no->refcnt--; in unref_oib_objects()
2703 l = rule->cmd_len; in unref_rule_objects()
2704 cmd = rule->cmd; in unref_rule_objects()
2706 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in unref_rule_objects()
2712 no = rw->find_bykidx(ch, kidx); in unref_rule_objects()
2715 KASSERT(no->subtype == subtype, in unref_rule_objects()
2717 no->subtype, subtype, kidx)); in unref_rule_objects()
2718 KASSERT(no->refcnt > 0, ("refcount for object %d is %d", in unref_rule_objects()
2719 kidx, no->refcnt)); in unref_rule_objects()
2721 if (no->refcnt == 1 && rw->destroy_object != NULL) in unref_rule_objects()
2722 rw->destroy_object(ch, no); in unref_rule_objects()
2724 no->refcnt--; in unref_rule_objects()
2732 * - @unresolved to 1 if object should exists but not found
2734 * Returns non-zero value in case of error.
2745 rw = find_op_rw(cmd, &ti->uidx, &ti->type); in ref_opcode_object()
2750 pidx->uidx = ti->uidx; in ref_opcode_object()
2751 pidx->type = ti->type; in ref_opcode_object()
2754 error = rw->find_byname(ch, ti, &no); in ref_opcode_object()
2770 if (ti->type != no->subtype) in ref_opcode_object()
2774 no->refcnt++; in ref_opcode_object()
2775 rw->update(cmd, no->kidx); in ref_opcode_object()
2781 * Auto-creates non-existing tables.
2795 l = rule->cmd_len; in ref_rule_objects()
2796 cmd = rule->cmd; in ref_rule_objects()
2803 for ( ; l > 0 ; l -= cmdlen, cmd += cmdlen) { in ref_rule_objects()
2812 * prepare to automaitcally create non-existing objects. in ref_rule_objects()
2815 pidx->off = rule->cmd_len - l; in ref_rule_objects()
2822 unref_oib_objects(ch, rule->cmd, oib, pidx); in ref_rule_objects()
2828 /* Perform auto-creation for non-existing objects */ in ref_rule_objects()
2830 error = create_objects_compat(ch, rule->cmd, oib, pidx, ti); in ref_rule_objects()
2833 ci->object_opcodes = (uint16_t)(pidx - oib); in ref_rule_objects()
2841 * Rewrites user-supplied opcode values with kernel ones.
2857 if (ci->object_opcodes <= (sizeof(ci->obuf)/sizeof(ci->obuf[0]))) { in rewrite_rule_uidx()
2859 pidx_first = ci->obuf; in rewrite_rule_uidx()
2862 ci->object_opcodes * sizeof(struct obj_idx), in rewrite_rule_uidx()
2869 ti.set = ci->krule->set; in rewrite_rule_uidx()
2870 if (ci->ctlv != NULL) { in rewrite_rule_uidx()
2871 ti.tlvs = (void *)(ci->ctlv + 1); in rewrite_rule_uidx()
2872 ti.tlen = ci->ctlv->head.length - sizeof(ipfw_obj_ctlv); in rewrite_rule_uidx()
2876 error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti); in rewrite_rule_uidx()
2880 * Note that ref_rule_objects() might have updated ci->object_opcodes in rewrite_rule_uidx()
2886 pidx_last = pidx_first + ci->object_opcodes; in rewrite_rule_uidx()
2888 cmd = ci->krule->cmd + p->off; in rewrite_rule_uidx()
2889 update_opcode_kidx(cmd, p->kidx); in rewrite_rule_uidx()
2893 if (pidx_first != ci->obuf) in rewrite_rule_uidx()
2901 * Data layout (version 0)(current):
2936 op3 = (ip_fw3_opheader *)ipfw_get_sopt_space(sd, sd->valsize); in add_rules()
2945 if (read + sizeof(*ctlv) > sd->valsize) in add_rules()
2948 if (ctlv->head.type == IPFW_TLV_TBLNAME_LIST) { in add_rules()
2949 clen = ctlv->head.length; in add_rules()
2951 if (clen > sd->valsize || clen < sizeof(*ctlv)) in add_rules()
2960 count = (ctlv->head.length - sizeof(*ctlv)) / sizeof(*ntlv); in add_rules()
2961 if (ctlv->count != count || ctlv->objsize != sizeof(*ntlv)) in add_rules()
2965 * Check each TLV. in add_rules()
2969 idx = -1; in add_rules()
2972 if (ntlv->head.length != sizeof(ipfw_obj_ntlv)) in add_rules()
2975 error = ipfw_check_object_name_generic(ntlv->name); in add_rules()
2979 if (ntlv->idx <= idx) in add_rules()
2982 idx = ntlv->idx; in add_rules()
2983 count--; in add_rules()
2988 read += ctlv->head.length; in add_rules()
2989 ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + ctlv->head.length); in add_rules()
2992 if (read + sizeof(*ctlv) > sd->valsize) in add_rules()
2995 if (ctlv->head.type == IPFW_TLV_RULE_LIST) { in add_rules()
2996 clen = ctlv->head.length; in add_rules()
2997 if (clen + read > sd->valsize || clen < sizeof(*ctlv)) in add_rules()
3005 if (ctlv->count != 1) in add_rules()
3008 clen -= sizeof(*ctlv); in add_rules()
3010 if (ctlv->count > clen / sizeof(struct ip_fw_rule)) in add_rules()
3014 if (ctlv->count == 1) { in add_rules()
3018 cbuf = malloc(ctlv->count * sizeof(*ci), M_TEMP, in add_rules()
3033 if (rsize > clen || ctlv->count <= count) { in add_rules()
3038 ci->ctlv = tstate; in add_rules()
3044 if (r->rulenum != 0 && r->rulenum < idx) { in add_rules()
3045 printf("rulenum %d idx %d\n", r->rulenum, idx); in add_rules()
3049 idx = r->rulenum; in add_rules()
3051 ci->urule = (caddr_t)r; in add_rules()
3054 clen -= rsize; in add_rules()
3060 if (ctlv->count != count || error != 0) { in add_rules()
3067 read += ctlv->head.length; in add_rules()
3068 ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + ctlv->head.length); in add_rules()
3071 if (read != sd->valsize || rtlv == NULL || rtlv->count == 0) { in add_rules()
3081 for (i = 0, ci = cbuf; i < rtlv->count; i++, ci++) { in add_rules()
3082 clen = RULEKSIZE1((struct ip_fw_rule *)ci->urule); in add_rules()
3083 ci->krule = ipfw_alloc_rule(chain, clen); in add_rules()
3087 if ((error = commit_rules(chain, cbuf, rtlv->count)) != 0) { in add_rules()
3089 for (i = 0, ci = cbuf; i < rtlv->count; i++, ci++) in add_rules()
3090 ipfw_free_rule(ci->krule); in add_rules()
3101 * Data layout (v0)(current):
3119 if (sd->valsize < olh->size) in dump_soptcodes()
3127 olh->count = count; in dump_soptcodes()
3128 olh->objsize = sizeof(ipfw_sopt_info); in dump_soptcodes()
3130 if (size > olh->size) { in dump_soptcodes()
3131 olh->size = size; in dump_soptcodes()
3135 olh->size = size; in dump_soptcodes()
3141 i->opcode = sh->opcode; in dump_soptcodes()
3142 i->version = sh->version; in dump_soptcodes()
3143 i->refcnt = sh->refcnt; in dump_soptcodes()
3164 if (a->opcode < b->opcode) in compare_opcodes()
3165 return (-1); in compare_opcodes()
3166 else if (a->opcode > b->opcode) in compare_opcodes()
3191 for ( ; lo > ctl3_rewriters && (lo - 1)->opcode == op; lo--) in find_op_rw_range()
3197 for ( ; (hi + 1) < ctl3_max && (hi + 1)->opcode == op; hi++) in find_op_rw_range()
3218 if (find_op_rw_range(cmd->opcode, &lo, &hi) != 0) in find_op_rw()
3222 if (rw->classifier(cmd, &uidx, &subtype) == 0) { in find_op_rw()
3248 KASSERT(rw != NULL, ("No handler to update opcode %d", cmd->opcode)); in update_opcode_kidx()
3249 rw->update(cmd, idx); in update_opcode_kidx()
3325 if (ktmp->classifier != rw[i].classifier) in ipfw_del_obj_rewriter()
3329 sz = (ctl3_max - (ktmp + 1)) * sizeof(*ktmp); in ipfw_del_obj_rewriter()
3331 ctl3_rsize--; in ipfw_del_obj_rewriter()
3364 * Data layout (v0)(current):
3382 hdr->size = sizeof(ipfw_obj_lheader) + count * sizeof(ipfw_obj_ntlv); in dump_srvobjects()
3383 if (sd->valsize < hdr->size) { in dump_srvobjects()
3387 hdr->count = count; in dump_srvobjects()
3388 hdr->objsize = sizeof(ipfw_obj_ntlv); in dump_srvobjects()
3411 if (a->opcode < b->opcode) in compare_sh()
3412 return (-1); in compare_sh()
3413 else if (a->opcode > b->opcode) in compare_sh()
3416 if (a->version < b->version) in compare_sh()
3417 return (-1); in compare_sh()
3418 else if (a->version > b->version) in compare_sh()
3422 if (a->handler == NULL) in compare_sh()
3425 if ((uintptr_t)a->handler < (uintptr_t)b->handler) in compare_sh()
3426 return (-1); in compare_sh()
3427 else if ((uintptr_t)a->handler > (uintptr_t)b->handler) in compare_sh()
3466 sh->refcnt++; in find_ref_sh()
3481 sh = find_sh(psh->opcode, psh->version, NULL); in find_unref_sh()
3483 sh->refcnt--; in find_unref_sh()
3484 ctl3_refct--; in find_unref_sh()
3557 h = find_sh(tmp->opcode, tmp->version, tmp->handler); in ipfw_del_sopt_handler()
3561 sz = (ctl3_handlers + ctl3_hsize - (h + 1)) * sizeof(*h); in ipfw_del_sopt_handler()
3563 ctl3_hsize--; in ipfw_del_sopt_handler()
3590 sz = sd->koff; in ipfw_flush_sopt_data()
3594 sopt = sd->sopt; in ipfw_flush_sopt_data()
3596 if (sopt->sopt_dir == SOPT_GET) { in ipfw_flush_sopt_data()
3597 error = copyout(sd->kbuf, sopt->sopt_val, sz); in ipfw_flush_sopt_data()
3602 memset(sd->kbuf, 0, sd->ksize); in ipfw_flush_sopt_data()
3603 sd->ktotal += sz; in ipfw_flush_sopt_data()
3604 sd->koff = 0; in ipfw_flush_sopt_data()
3605 if (sd->ktotal + sd->ksize < sd->valsize) in ipfw_flush_sopt_data()
3606 sd->kavail = sd->ksize; in ipfw_flush_sopt_data()
3608 sd->kavail = sd->valsize - sd->ktotal; in ipfw_flush_sopt_data()
3611 sopt->sopt_valsize = sd->ktotal; in ipfw_flush_sopt_data()
3612 sopt->sopt_val = sd->sopt_val + sd->ktotal; in ipfw_flush_sopt_data()
3629 if (sd->kavail < needed) { in ipfw_get_sopt_space()
3635 if (sd->kavail < needed || error != 0) in ipfw_get_sopt_space()
3639 addr = sd->kbuf + sd->koff; in ipfw_get_sopt_space()
3640 sd->koff += needed; in ipfw_get_sopt_space()
3641 sd->kavail -= needed; in ipfw_get_sopt_space()
3661 if (sd->kavail > 0) in ipfw_get_sopt_header()
3662 memset(sd->kbuf + sd->koff, 0, sd->kavail); in ipfw_get_sopt_header()
3681 error = priv_check(sopt->sopt_td, PRIV_NETINET_IPFW); in ipfw_ctl3()
3685 if (sopt->sopt_name != IP_FW3) in ipfw_ctl3()
3692 valsize = sopt->sopt_valsize; in ipfw_ctl3()
3699 sopt->sopt_valsize = valsize; in ipfw_ctl3()
3704 error = find_ref_sh(op3->opcode, op3->version, &h); in ipfw_ctl3()
3709 * Disallow modifications in really-really secure mode, but still allow in ipfw_ctl3()
3713 error = securelevel_ge(sopt->sopt_td->td_ucred, 3); in ipfw_ctl3()
3726 /* use on-stack buffer */ in ipfw_ctl3()
3733 * allocate sliding-window buf for data export or in ipfw_ctl3()
3750 error = vslock(sopt->sopt_val, valsize); in ipfw_ctl3()
3763 sdata.sopt_val = sopt->sopt_val; in ipfw_ctl3()
3791 sopt->sopt_val = sdata.sopt_val; in ipfw_ctl3()
3792 sopt->sopt_valsize = sdata.ktotal; in ipfw_ctl3()
3819 opt = sopt->sopt_name; in ipfw_ctl()
3822 * Disallow modifications in really-really secure mode, but still allow in ipfw_ctl()
3826 (sopt->sopt_dir == SOPT_SET && opt != IP_FW_RESETLOG)) { in ipfw_ctl()
3827 error = securelevel_ge(sopt->sopt_td->td_ucred, 3); in ipfw_ctl()
3848 size = chain->static_len; in ipfw_ctl()
3850 if (size >= sopt->sopt_valsize) in ipfw_ctl()
3855 want = chain->static_len + ipfw_dyn_len(); in ipfw_ctl()
3888 size = sopt->sopt_valsize; in ipfw_ctl()
3911 else if (sopt->sopt_dir == SOPT_GET) { in ipfw_ctl()
3943 size = sopt->sopt_valsize; in ipfw_ctl()
3960 if (sopt->sopt_val != 0) { in ipfw_ctl()
3967 sopt->sopt_name == IP_FW_RESETLOG); in ipfw_ctl()
3970 /*--- TABLE opcodes ---*/ in ipfw_ctl()
4039 if (sopt->sopt_valsize < sizeof(*tbl)) { in ipfw_ctl()
4043 size = sopt->sopt_valsize; in ipfw_ctl()
4050 tbl->size = (size - sizeof(*tbl)) / in ipfw_ctl()
4053 ti.uidx = tbl->tbl; in ipfw_ctl()
4066 /*--- NAT operations are protected by the IPFW_LOCK ---*/ in ipfw_ctl()
4108 printf("ipfw: ipfw_ctl invalid option %d\n", sopt->sopt_name); in ipfw_ctl()
4137 //rule7->_pad = tmp->_pad; in convert_rule_to_7()
4138 rule7->set = tmp->set; in convert_rule_to_7()
4139 rule7->rulenum = tmp->rulenum; in convert_rule_to_7()
4140 rule7->cmd_len = tmp->cmd_len; in convert_rule_to_7()
4141 rule7->act_ofs = tmp->act_ofs; in convert_rule_to_7()
4142 rule7->next_rule = (struct ip_fw7 *)tmp->next_rule; in convert_rule_to_7()
4143 rule7->cmd_len = tmp->cmd_len; in convert_rule_to_7()
4144 rule7->pcnt = tmp->pcnt; in convert_rule_to_7()
4145 rule7->bcnt = tmp->bcnt; in convert_rule_to_7()
4146 rule7->timestamp = tmp->timestamp; in convert_rule_to_7()
4149 for (ll = tmp->cmd_len, ccmd = tmp->cmd, dst = rule7->cmd ; in convert_rule_to_7()
4150 ll > 0 ; ll -= ccmdlen, ccmd += ccmdlen, dst += ccmdlen) { in convert_rule_to_7()
4155 if (dst->opcode > O_NAT) in convert_rule_to_7()
4159 dst->opcode--; in convert_rule_to_7()
4163 ccmd->opcode); in convert_rule_to_7()
4190 for (ll = tmp->cmd_len, ccmd = tmp->cmd, dst = rule->cmd ; in convert_rule_to_8()
4191 ll > 0 ; ll -= ccmdlen, ccmd += ccmdlen, dst += ccmdlen) { in convert_rule_to_8()
4196 if (dst->opcode > O_NAT) in convert_rule_to_8()
4200 dst->opcode++; in convert_rule_to_8()
4204 ccmd->opcode); in convert_rule_to_8()
4209 rule->_pad = tmp->_pad; in convert_rule_to_8()
4210 rule->set = tmp->set; in convert_rule_to_8()
4211 rule->rulenum = tmp->rulenum; in convert_rule_to_8()
4212 rule->cmd_len = tmp->cmd_len; in convert_rule_to_8()
4213 rule->act_ofs = tmp->act_ofs; in convert_rule_to_8()
4214 rule->next_rule = (struct ip_fw *)tmp->next_rule; in convert_rule_to_8()
4215 rule->cmd_len = tmp->cmd_len; in convert_rule_to_8()
4216 rule->id = 0; /* XXX see if is ok = 0 */ in convert_rule_to_8()
4217 rule->pcnt = tmp->pcnt; in convert_rule_to_8()
4218 rule->bcnt = tmp->bcnt; in convert_rule_to_8()
4219 rule->timestamp = tmp->timestamp; in convert_rule_to_8()
4234 ch->srvmap = ipfw_objhash_create(IPFW_OBJECTS_DEFAULT); in ipfw_init_srv()
4235 ch->srvstate = malloc(sizeof(void *) * IPFW_OBJECTS_DEFAULT, in ipfw_init_srv()
4243 free(ch->srvstate, M_IPFW); in ipfw_destroy_srv()
4244 ipfw_objhash_destroy(ch->srvmap); in ipfw_destroy_srv()
4283 old_idx = ni->idx_mask; in ipfw_objhash_bitmap_merge()
4284 old_blocks = ni->max_blocks; in ipfw_objhash_bitmap_merge()
4303 old_idx = ni->idx_mask; in ipfw_objhash_bitmap_swap()
4304 old_blocks = ni->max_blocks; in ipfw_objhash_bitmap_swap()
4306 ni->idx_mask = *idx; in ipfw_objhash_bitmap_swap()
4307 ni->max_blocks = *blocks; in ipfw_objhash_bitmap_swap()
4338 ni->nn_size = NAMEDOBJ_HASH_SIZE; in ipfw_objhash_create()
4339 ni->nv_size = NAMEDOBJ_HASH_SIZE; in ipfw_objhash_create()
4341 ni->names = (struct namedobjects_head *)(ni +1); in ipfw_objhash_create()
4342 ni->values = &ni->names[ni->nn_size]; in ipfw_objhash_create()
4344 for (i = 0; i < ni->nn_size; i++) in ipfw_objhash_create()
4345 TAILQ_INIT(&ni->names[i]); in ipfw_objhash_create()
4347 for (i = 0; i < ni->nv_size; i++) in ipfw_objhash_create()
4348 TAILQ_INIT(&ni->values[i]); in ipfw_objhash_create()
4351 ni->hash_f = objhash_hash_name; in ipfw_objhash_create()
4352 ni->cmp_f = objhash_cmp_name; in ipfw_objhash_create()
4355 ipfw_objhash_bitmap_alloc(items, (void*)&ni->idx_mask, &ni->max_blocks); in ipfw_objhash_create()
4364 free(ni->idx_mask, M_IPFW); in ipfw_objhash_destroy()
4373 ni->hash_f = hash_f; in ipfw_objhash_set_funcs()
4374 ni->cmp_f = cmp_f; in ipfw_objhash_set_funcs()
4388 if ((strcmp(no->name, (const char *)name) == 0) && (no->set == set)) in objhash_cmp_name()
4399 v = val % (ni->nv_size - 1); in objhash_hash_idx()
4411 hash = ni->hash_f(ni, name, set) % ni->nn_size; in ipfw_objhash_lookup_name()
4413 TAILQ_FOREACH(no, &ni->names[hash], nn_next) { in ipfw_objhash_lookup_name()
4414 if (ni->cmp_f(no, name, set) == 0) in ipfw_objhash_lookup_name()
4425 * Returns pointer to found TLV or NULL.
4439 l = ntlv->head.length; in ipfw_find_name_tlv_type()
4444 if (ntlv->idx != uidx) in ipfw_find_name_tlv_type()
4447 * When userland has specified zero TLV type, do in ipfw_find_name_tlv_type()
4452 if (ntlv->head.type != 0 && in ipfw_find_name_tlv_type()
4453 ntlv->head.type != (uint16_t)etlv) in ipfw_find_name_tlv_type()
4456 if (ipfw_check_object_name_generic(ntlv->name) != 0) in ipfw_find_name_tlv_type()
4480 if (ti->tlvs == NULL) in ipfw_objhash_find_type()
4483 ntlv = ipfw_find_name_tlv_type(ti->tlvs, ti->tlen, ti->uidx, etlv); in ipfw_objhash_find_type()
4486 name = ntlv->name; in ipfw_objhash_find_type()
4493 set = ti->set; in ipfw_objhash_find_type()
4501 * Find named object by name, considering also its TLV type.
4510 hash = ni->hash_f(ni, name, set) % ni->nn_size; in ipfw_objhash_lookup_name_type()
4512 TAILQ_FOREACH(no, &ni->names[hash], nn_next) { in ipfw_objhash_lookup_name_type()
4513 if (ni->cmp_f(no, name, set) == 0 && in ipfw_objhash_lookup_name_type()
4514 no->etlv == (uint16_t)type) in ipfw_objhash_lookup_name_type()
4529 TAILQ_FOREACH(no, &ni->values[hash], nv_next) { in ipfw_objhash_lookup_kidx()
4530 if (no->kidx == kidx) in ipfw_objhash_lookup_kidx()
4542 if ((strcmp(a->name, b->name) == 0) && a->set == b->set) in ipfw_objhash_same_name()
4553 hash = ni->hash_f(ni, no->name, no->set) % ni->nn_size; in ipfw_objhash_add()
4554 TAILQ_INSERT_HEAD(&ni->names[hash], no, nn_next); in ipfw_objhash_add()
4556 hash = objhash_hash_idx(ni, no->kidx); in ipfw_objhash_add()
4557 TAILQ_INSERT_HEAD(&ni->values[hash], no, nv_next); in ipfw_objhash_add()
4559 ni->count++; in ipfw_objhash_add()
4567 hash = ni->hash_f(ni, no->name, no->set) % ni->nn_size; in ipfw_objhash_del()
4568 TAILQ_REMOVE(&ni->names[hash], no, nn_next); in ipfw_objhash_del()
4570 hash = objhash_hash_idx(ni, no->kidx); in ipfw_objhash_del()
4571 TAILQ_REMOVE(&ni->values[hash], no, nv_next); in ipfw_objhash_del()
4573 ni->count--; in ipfw_objhash_del()
4580 return (ni->count); in ipfw_objhash_count()
4591 for (i = 0; i < ni->nn_size; i++) { in ipfw_objhash_count_type()
4592 TAILQ_FOREACH(no, &ni->names[i], nn_next) { in ipfw_objhash_count_type()
4593 if (no->etlv == type) in ipfw_objhash_count_type()
4610 for (i = 0; i < ni->nn_size; i++) { in ipfw_objhash_foreach()
4611 TAILQ_FOREACH_SAFE(no, &ni->names[i], nn_next, no_tmp) { in ipfw_objhash_foreach()
4631 for (i = 0; i < ni->nn_size; i++) { in ipfw_objhash_foreach_type()
4632 TAILQ_FOREACH_SAFE(no, &ni->names[i], nn_next, no_tmp) { in ipfw_objhash_foreach_type()
4633 if (no->etlv != type) in ipfw_objhash_foreach_type()
4656 if (i >= ni->max_blocks) in ipfw_objhash_free_idx()
4659 mask = &ni->idx_mask[i]; in ipfw_objhash_free_idx()
4668 if (ni->free_off[0] > i) in ipfw_objhash_free_idx()
4669 ni->free_off[0] = i; in ipfw_objhash_free_idx()
4687 off = ni->free_off[0]; in ipfw_objhash_alloc_idx()
4688 mask = &ni->idx_mask[off]; in ipfw_objhash_alloc_idx()
4690 for (i = off; i < ni->max_blocks; i++, mask++) { in ipfw_objhash_alloc_idx()
4695 *mask &= ~ ((u_long)1 << (v - 1)); in ipfw_objhash_alloc_idx()
4697 ni->free_off[0] = i; in ipfw_objhash_alloc_idx()
4699 v = BLOCK_ITEMS * i + v - 1; in ipfw_objhash_alloc_idx()