Lines Matching full:pd
130 pf_match_translation(struct pf_pdesc *pd, in pf_match_translation() argument
144 if (r->action == PF_BINAT && pd->dir == PF_IN) { in pf_match_translation()
154 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot) in pf_match_translation()
156 else if (r->direction && r->direction != pd->dir) in pf_match_translation()
158 else if (r->af && r->af != pd->af) in pf_match_translation()
160 else if (r->proto && r->proto != pd->proto) in pf_match_translation()
162 else if (PF_MISMATCHAW(&src->addr, &pd->nsaddr, pd->af, in pf_match_translation()
163 src->neg, pd->kif, M_GETFIB(pd->m))) in pf_match_translation()
167 src->port[0], src->port[1], pd->nsport)) in pf_match_translation()
171 PF_MISMATCHAW(&dst->addr, &pd->ndaddr, pd->af, dst->neg, NULL, in pf_match_translation()
172 M_GETFIB(pd->m))) in pf_match_translation()
174 else if (xdst != NULL && PF_MISMATCHAW(xdst, &pd->ndaddr, pd->af, in pf_match_translation()
175 0, NULL, M_GETFIB(pd->m))) in pf_match_translation()
179 dst->port[1], pd->ndport)) in pf_match_translation()
181 else if (r->match_tag && !pf_match_tag(pd->m, r, &tag, in pf_match_translation()
182 pd->pf_mtag ? pd->pf_mtag->tag : 0)) in pf_match_translation()
184 else if (r->os_fingerprint != PF_OSFP_ANY && (pd->proto != in pf_match_translation()
185 IPPROTO_TCP || !pf_osfp_match(pf_osfp_fingerprint(pd, in pf_match_translation()
186 &pd->hdr.tcp), r->os_fingerprint))) in pf_match_translation()
210 if (tag > 0 && pf_tag_packet(pd, tag)) in pf_match_translation()
213 M_SETFIB(pd->m, rtableid); in pf_match_translation()
219 pf_get_sport(struct pf_pdesc *pd, struct pf_krule *r, in pf_get_sport() argument
239 if (pd->proto == IPPROTO_UDP && (rpool->opts & PF_POOL_ENDPI)) { in pf_get_sport()
243 udp_source.af = pd->af; in pf_get_sport()
244 PF_ACPY(&udp_source.addr, &pd->nsaddr, pd->af); in pf_get_sport()
245 udp_source.port = pd->nsport; in pf_get_sport()
249 PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, pd->af); in pf_get_sport()
254 *sn = pf_find_src_node(&pd->nsaddr, r, in pf_get_sport()
255 pd->af, sh, sn_type, false); in pf_get_sport()
260 *udp_mapping = pf_udp_mapping_create(pd->af, &pd->nsaddr, in pf_get_sport()
261 pd->nsport, &init_addr, 0); in pf_get_sport()
268 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, NULL, &init_addr, in pf_get_sport()
272 if (pd->proto == IPPROTO_ICMP) { in pf_get_sport()
280 if (pd->proto == IPPROTO_ICMPV6) { in pf_get_sport()
290 key.af = pd->naf; in pf_get_sport()
291 key.proto = pd->proto; in pf_get_sport()
292 key.port[0] = pd->ndport; in pf_get_sport()
293 PF_ACPY(&key.addr[0], &pd->ndaddr, key.af); in pf_get_sport()
298 PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, pd->af); in pf_get_sport()
304 if (pd->proto == IPPROTO_SCTP) { in pf_get_sport()
305 key.port[1] = pd->nsport; in pf_get_sport()
307 *nport = pd->nsport; in pf_get_sport()
312 } else if (!(pd->proto == IPPROTO_TCP || pd->proto == IPPROTO_UDP || in pf_get_sport()
313 pd->proto == IPPROTO_ICMP) || (low == 0 && high == 0)) { in pf_get_sport()
318 key.port[1] = pd->nsport; in pf_get_sport()
320 *nport = pd->nsport; in pf_get_sport()
366 if (pd->proto == IPPROTO_UDP && in pf_get_sport()
392 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, NULL, in pf_get_sport()
402 } while (! PF_AEQ(&init_addr, naddr, pd->naf) ); in pf_get_sport()
422 pf_get_mape_sport(struct pf_pdesc *pd, struct pf_krule *r, in pf_get_mape_sport() argument
444 if (!pf_get_sport(pd, r, in pf_get_mape_sport()
451 if (!pf_get_sport(pd, r, in pf_get_mape_sport()
765 pf_get_translation(struct pf_pdesc *pd, int off, in pf_get_translation() argument
784 if (pd->dir == PF_OUT) { in pf_get_translation()
785 r = pf_match_translation(pd, PF_RULESET_BINAT, anchor_stack); in pf_get_translation()
787 r = pf_match_translation(pd, PF_RULESET_NAT, anchor_stack); in pf_get_translation()
789 r = pf_match_translation(pd, PF_RULESET_RDR, anchor_stack); in pf_get_translation()
791 r = pf_match_translation(pd, PF_RULESET_BINAT, anchor_stack); in pf_get_translation()
804 if (pf_state_key_setup(pd, pd->nsport, pd->ndport, skp, nkp)) in pf_get_translation()
812 if (pd->proto == IPPROTO_ICMP) { in pf_get_translation()
820 if (pf_get_mape_sport(pd, r, naddr, nportp, &sn, in pf_get_translation()
831 } else if (pf_get_sport(pd, r, naddr, nportp, low, high, &sn, in pf_get_translation()
841 switch (pd->dir) { in pf_get_translation()
844 switch (pd->af) { in pf_get_translation()
856 pfid_mask4, &pd->nsaddr, AF_INET); in pf_get_translation()
870 pfid_mask6, &pd->nsaddr, AF_INET6); in pf_get_translation()
877 &r->rdr.cur->addr.v.a.mask, &pd->nsaddr, in pf_get_translation()
878 pd->af); in pf_get_translation()
882 switch (pd->af) { in pf_get_translation()
892 &pd->ndaddr, AF_INET); in pf_get_translation()
904 &pd->ndaddr, AF_INET6); in pf_get_translation()
910 &r->src.addr.v.a.mask, &pd->ndaddr, pd->af); in pf_get_translation()
919 reason = pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, NULL, in pf_get_translation()
925 &pd->ndaddr, pd->af); in pf_get_translation()
928 if (pd->proto == IPPROTO_SCTP) in pf_get_translation()
934 tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) % in pf_get_translation()
945 nport = pd->ndport; in pf_get_translation()
959 key.af = pd->af; in pf_get_translation()
960 key.proto = pd->proto; in pf_get_translation()
961 key.port[0] = pd->nsport; in pf_get_translation()
962 PF_ACPY(&key.addr[0], &pd->nsaddr, key.af); in pf_get_translation()
1009 ntohs(pd->nsport), ntohs((*nkp)->port[0]))); in pf_get_translation()
1032 pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd) in pf_get_transaddr_af() argument
1046 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1048 pf_print_host(&pd->nsaddr, pd->nsport, pd->af); in pf_get_transaddr_af()
1050 pf_print_host(&pd->ndaddr, pd->ndport, pd->af); in pf_get_transaddr_af()
1058 if (pf_get_sport(pd, r, &nsaddr, &nport, in pf_get_transaddr_af()
1067 if (pd->proto == IPPROTO_ICMPV6 && pd->naf == AF_INET) { in pf_get_transaddr_af()
1068 NTOHS(pd->ndport); in pf_get_transaddr_af()
1069 if (pd->ndport == ICMP6_ECHO_REQUEST) in pf_get_transaddr_af()
1070 pd->ndport = ICMP_ECHO; in pf_get_transaddr_af()
1071 else if (pd->ndport == ICMP6_ECHO_REPLY) in pf_get_transaddr_af()
1072 pd->ndport = ICMP_ECHOREPLY; in pf_get_transaddr_af()
1073 HTONS(pd->ndport); in pf_get_transaddr_af()
1074 } else if (pd->proto == IPPROTO_ICMP && pd->naf == AF_INET6) { in pf_get_transaddr_af()
1075 NTOHS(pd->ndport); in pf_get_transaddr_af()
1076 if (pd->ndport == ICMP_ECHO) in pf_get_transaddr_af()
1077 pd->ndport = ICMP6_ECHO_REQUEST; in pf_get_transaddr_af()
1078 else if (pd->ndport == ICMP_ECHOREPLY) in pf_get_transaddr_af()
1079 pd->ndport = ICMP6_ECHO_REPLY; in pf_get_transaddr_af()
1080 HTONS(pd->ndport); in pf_get_transaddr_af()
1085 if (pf_map_addr_sn(pd->naf, r, &nsaddr, &naddr, NULL, NULL, in pf_get_transaddr_af()
1089 pd->ndport = htons(r->rdr.proxy_port[0]); in pf_get_transaddr_af()
1091 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1095 inet_nat46(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1101 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1105 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1111 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &pd->ndaddr, in pf_get_transaddr_af()
1116 * (that was stored in pd->nsaddr) in pf_get_transaddr_af()
1122 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &nsaddr, in pf_get_transaddr_af()
1127 PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf); in pf_get_transaddr_af()
1128 PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf); in pf_get_transaddr_af()
1132 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1134 pf_print_host(&pd->nsaddr, pd->nsport, pd->naf); in pf_get_transaddr_af()
1136 pf_print_host(&pd->ndaddr, pd->ndport, pd->naf); in pf_get_transaddr_af()