Lines Matching full:pd
140 struct pf_pdesc *pd = ctx->pd; in pf_match_translation_rule() local
148 if (r->action == PF_BINAT && pd->dir == PF_IN) { in pf_match_translation_rule()
158 PF_TEST_ATTRIB(pfi_kkif_match(r->kif, pd->kif) == r->ifnot, in pf_match_translation_rule()
160 PF_TEST_ATTRIB(r->direction && r->direction != pd->dir, in pf_match_translation_rule()
162 PF_TEST_ATTRIB(r->af && r->af != pd->af, in pf_match_translation_rule()
164 PF_TEST_ATTRIB(r->proto && r->proto != pd->proto, in pf_match_translation_rule()
166 PF_TEST_ATTRIB(PF_MISMATCHAW(&src->addr, &pd->nsaddr, pd->af, in pf_match_translation_rule()
167 src->neg, pd->kif, M_GETFIB(pd->m)), in pf_match_translation_rule()
171 src->port[0], src->port[1], pd->nsport), in pf_match_translation_rule()
175 PF_MISMATCHAW(&dst->addr, &pd->ndaddr, pd->af, dst->neg, NULL, in pf_match_translation_rule()
176 M_GETFIB(pd->m)), in pf_match_translation_rule()
178 PF_TEST_ATTRIB(xdst != NULL && PF_MISMATCHAW(xdst, &pd->ndaddr, pd->af, in pf_match_translation_rule()
179 0, NULL, M_GETFIB(pd->m)), in pf_match_translation_rule()
183 dst->port[1], pd->ndport), in pf_match_translation_rule()
185 PF_TEST_ATTRIB(r->match_tag && !pf_match_tag(pd->m, r, &ctx->tag, in pf_match_translation_rule()
186 pd->pf_mtag ? pd->pf_mtag->tag : 0), in pf_match_translation_rule()
188 PF_TEST_ATTRIB(r->os_fingerprint != PF_OSFP_ANY && (pd->proto != in pf_match_translation_rule()
189 IPPROTO_TCP || !pf_osfp_match(pf_osfp_fingerprint(pd, in pf_match_translation_rule()
190 &pd->hdr.tcp), r->os_fingerprint)), in pf_match_translation_rule()
231 if (ctx->tag > 0 && pf_tag_packet(pd, ctx->tag)) in pf_match_translation_rule()
234 M_SETFIB(pd->m, rtableid); in pf_match_translation_rule()
292 pf_get_sport(struct pf_pdesc *pd, struct pf_krule *r, struct pf_addr *naddr, in pf_get_sport() argument
298 int dir = (pd->dir == PF_IN) ? PF_OUT : PF_IN; in pf_get_sport()
299 int sidx = pd->sidx; in pf_get_sport()
300 int didx = pd->didx; in pf_get_sport()
313 if (pd->proto == IPPROTO_UDP && (rpool->opts & PF_POOL_ENDPI)) { in pf_get_sport()
317 udp_source.af = pd->af; in pf_get_sport()
318 pf_addrcpy(&udp_source.addr, &pd->nsaddr, pd->af); in pf_get_sport()
319 udp_source.port = pd->nsport; in pf_get_sport()
327 pd->af); in pf_get_sport()
335 sn = pf_find_src_node(&pd->nsaddr, r, in pf_get_sport()
336 pd->af, &sh, sn_type, false); in pf_get_sport()
341 *udp_mapping = pf_udp_mapping_create(pd->af, &pd->nsaddr, in pf_get_sport()
342 pd->nsport, &init_addr, 0); in pf_get_sport()
349 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, &(pd->naf), NULL, in pf_get_sport()
353 if (pd->proto == IPPROTO_ICMP) { in pf_get_sport()
354 if (pd->ndport == htons(ICMP_ECHO)) { in pf_get_sport()
361 if (pd->proto == IPPROTO_ICMPV6) { in pf_get_sport()
362 if (pd->ndport == htons(ICMP6_ECHO_REQUEST)) { in pf_get_sport()
371 key.af = pd->naf; in pf_get_sport()
372 key.proto = pd->proto; in pf_get_sport()
375 pf_addrcpy(&key.addr[didx], &pd->ndaddr, key.af); in pf_get_sport()
377 key.port[didx] = pd->ndport; in pf_get_sport()
381 pd->af); in pf_get_sport()
387 if (pd->proto == IPPROTO_SCTP) { in pf_get_sport()
388 key.port[sidx] = pd->nsport; in pf_get_sport()
390 *nport = pd->nsport; in pf_get_sport()
395 } else if (!(pd->proto == IPPROTO_TCP || pd->proto == IPPROTO_UDP || in pf_get_sport()
396 pd->proto == IPPROTO_ICMP) || (low == 0 && high == 0)) { in pf_get_sport()
401 key.port[sidx] = pd->nsport; in pf_get_sport()
403 *nport = pd->nsport; in pf_get_sport()
449 if (pd->proto == IPPROTO_UDP && in pf_get_sport()
474 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, in pf_get_sport()
475 &(pd->naf), NULL, &init_addr, rpool, sn_type)) in pf_get_sport()
484 } while (! PF_AEQ(&init_addr, naddr, pd->naf) ); in pf_get_sport()
504 pf_get_mape_sport(struct pf_pdesc *pd, struct pf_krule *r, in pf_get_mape_sport() argument
525 if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, in pf_get_mape_sport()
531 if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, in pf_get_mape_sport()
944 if (ctx->pd->dir == PF_OUT) { in pf_get_translation()
975 struct pf_pdesc *pd = ctx->pd; in pf_get_transaddr() local
986 if (pf_state_key_setup(pd, pd->nsport, pd->ndport, &ctx->sk, in pf_get_transaddr()
996 if (pd->proto == IPPROTO_ICMP) { in pf_get_transaddr()
1004 if (pf_get_mape_sport(pd, r, naddr, nportp, in pf_get_transaddr()
1015 } else if (pf_get_sport(pd, r, naddr, nportp, low, high, in pf_get_transaddr()
1025 switch (pd->dir) { in pf_get_transaddr()
1028 switch (pd->af) { in pf_get_transaddr()
1039 &pd->nsaddr, AF_INET); in pf_get_transaddr()
1052 &pd->nsaddr, AF_INET6); in pf_get_transaddr()
1059 &rpool->cur->addr.v.a.mask, &pd->nsaddr, in pf_get_transaddr()
1060 pd->af); in pf_get_transaddr()
1064 switch (pd->af) { in pf_get_transaddr()
1074 &pd->ndaddr, AF_INET); in pf_get_transaddr()
1086 &pd->ndaddr, AF_INET6); in pf_get_transaddr()
1092 &r->src.addr.v.a.mask, &pd->ndaddr, pd->af); in pf_get_transaddr()
1101 reason = pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, in pf_get_transaddr()
1102 &(pd->naf), NULL, NULL, rpool, PF_SN_NAT); in pf_get_transaddr()
1108 &pd->ndaddr, pd->af); in pf_get_transaddr()
1111 if (pd->proto == IPPROTO_SCTP) in pf_get_transaddr()
1121 tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) % div) + in pf_get_transaddr()
1131 nport = pd->ndport; in pf_get_transaddr()
1145 key.af = pd->af; in pf_get_transaddr()
1146 key.proto = pd->proto; in pf_get_transaddr()
1147 key.port[0] = pd->nsport; in pf_get_transaddr()
1148 pf_addrcpy(&key.addr[0], &pd->nsaddr, key.af); in pf_get_transaddr()
1195 ntohs(pd->nsport), ntohs(ctx->nk->port[0])); in pf_get_transaddr()
1217 pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd) in pf_get_transaddr_af() argument
1229 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1231 pf_print_host(&pd->nsaddr, pd->nsport, pd->af); in pf_get_transaddr_af()
1233 pf_print_host(&pd->ndaddr, pd->ndport, pd->af); in pf_get_transaddr_af()
1241 if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0], in pf_get_transaddr_af()
1249 if (pd->proto == IPPROTO_ICMPV6 && pd->naf == AF_INET) { in pf_get_transaddr_af()
1250 pd->ndport = ntohs(pd->ndport); in pf_get_transaddr_af()
1251 if (pd->ndport == ICMP6_ECHO_REQUEST) in pf_get_transaddr_af()
1252 pd->ndport = ICMP_ECHO; in pf_get_transaddr_af()
1253 else if (pd->ndport == ICMP6_ECHO_REPLY) in pf_get_transaddr_af()
1254 pd->ndport = ICMP_ECHOREPLY; in pf_get_transaddr_af()
1255 pd->ndport = htons(pd->ndport); in pf_get_transaddr_af()
1256 } else if (pd->proto == IPPROTO_ICMP && pd->naf == AF_INET6) { in pf_get_transaddr_af()
1257 pd->nsport = ntohs(pd->nsport); in pf_get_transaddr_af()
1258 if (pd->ndport == ICMP_ECHO) in pf_get_transaddr_af()
1259 pd->ndport = ICMP6_ECHO_REQUEST; in pf_get_transaddr_af()
1260 else if (pd->ndport == ICMP_ECHOREPLY) in pf_get_transaddr_af()
1261 pd->ndport = ICMP6_ECHO_REPLY; in pf_get_transaddr_af()
1262 pd->nsport = htons(pd->nsport); in pf_get_transaddr_af()
1267 if (pf_map_addr_sn(pd->naf, r, &nsaddr, &naddr, &(pd->naf), in pf_get_transaddr_af()
1271 pd->ndport = htons(r->rdr.proxy_port[0]); in pf_get_transaddr_af()
1273 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1277 inet_nat46(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1283 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1287 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1293 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &pd->ndaddr, in pf_get_transaddr_af()
1298 * (that was stored in pd->nsaddr) in pf_get_transaddr_af()
1304 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &nsaddr, in pf_get_transaddr_af()
1309 pf_addrcpy(&pd->nsaddr, &nsaddr, pd->naf); in pf_get_transaddr_af()
1310 pf_addrcpy(&pd->ndaddr, &ndaddr, pd->naf); in pf_get_transaddr_af()
1314 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1316 pf_print_host(&pd->nsaddr, pd->nsport, pd->naf); in pf_get_transaddr_af()
1318 pf_print_host(&pd->ndaddr, pd->ndport, pd->naf); in pf_get_transaddr_af()