Lines Matching refs:pd
140 struct pf_pdesc *pd = ctx->pd; in pf_match_translation_rule() local
148 if (r->action == PF_BINAT && pd->dir == PF_IN) { in pf_match_translation_rule()
158 PF_TEST_ATTRIB(pfi_kkif_match(r->kif, pd->kif) == r->ifnot, in pf_match_translation_rule()
160 PF_TEST_ATTRIB(r->direction && r->direction != pd->dir, in pf_match_translation_rule()
162 PF_TEST_ATTRIB(r->af && r->af != pd->af, in pf_match_translation_rule()
164 PF_TEST_ATTRIB(r->proto && r->proto != pd->proto, in pf_match_translation_rule()
166 PF_TEST_ATTRIB(PF_MISMATCHAW(&src->addr, &pd->nsaddr, pd->af, in pf_match_translation_rule()
167 src->neg, pd->kif, M_GETFIB(pd->m)), in pf_match_translation_rule()
171 src->port[0], src->port[1], pd->nsport), in pf_match_translation_rule()
175 PF_MISMATCHAW(&dst->addr, &pd->ndaddr, pd->af, dst->neg, NULL, in pf_match_translation_rule()
176 M_GETFIB(pd->m)), in pf_match_translation_rule()
178 PF_TEST_ATTRIB(xdst != NULL && PF_MISMATCHAW(xdst, &pd->ndaddr, pd->af, in pf_match_translation_rule()
179 0, NULL, M_GETFIB(pd->m)), in pf_match_translation_rule()
183 dst->port[1], pd->ndport), in pf_match_translation_rule()
185 PF_TEST_ATTRIB(r->match_tag && !pf_match_tag(pd->m, r, &ctx->tag, in pf_match_translation_rule()
186 pd->pf_mtag ? pd->pf_mtag->tag : 0), in pf_match_translation_rule()
188 PF_TEST_ATTRIB(r->os_fingerprint != PF_OSFP_ANY && (pd->proto != in pf_match_translation_rule()
189 IPPROTO_TCP || !pf_osfp_match(pf_osfp_fingerprint(pd, in pf_match_translation_rule()
190 &pd->hdr.tcp), r->os_fingerprint)), in pf_match_translation_rule()
230 if (ctx->tag > 0 && pf_tag_packet(pd, ctx->tag)) in pf_match_translation_rule()
233 M_SETFIB(pd->m, rtableid); in pf_match_translation_rule()
291 pf_get_sport(struct pf_pdesc *pd, struct pf_krule *r, struct pf_addr *naddr, in pf_get_sport() argument
297 int dir = (pd->dir == PF_IN) ? PF_OUT : PF_IN; in pf_get_sport()
298 int sidx = pd->sidx; in pf_get_sport()
299 int didx = pd->didx; in pf_get_sport()
312 if (pd->proto == IPPROTO_UDP && (rpool->opts & PF_POOL_ENDPI)) { in pf_get_sport()
316 udp_source.af = pd->af; in pf_get_sport()
317 pf_addrcpy(&udp_source.addr, &pd->nsaddr, pd->af); in pf_get_sport()
318 udp_source.port = pd->nsport; in pf_get_sport()
326 pd->af); in pf_get_sport()
334 sn = pf_find_src_node(&pd->nsaddr, r, in pf_get_sport()
335 pd->af, &sh, sn_type, false); in pf_get_sport()
340 *udp_mapping = pf_udp_mapping_create(pd->af, &pd->nsaddr, in pf_get_sport()
341 pd->nsport, &init_addr, 0); in pf_get_sport()
348 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, &(pd->naf), NULL, in pf_get_sport()
352 if (pd->proto == IPPROTO_ICMP) { in pf_get_sport()
353 if (pd->ndport == htons(ICMP_ECHO)) { in pf_get_sport()
360 if (pd->proto == IPPROTO_ICMPV6) { in pf_get_sport()
361 if (pd->ndport == htons(ICMP6_ECHO_REQUEST)) { in pf_get_sport()
370 key.af = pd->naf; in pf_get_sport()
371 key.proto = pd->proto; in pf_get_sport()
374 pf_addrcpy(&key.addr[didx], &pd->ndaddr, key.af); in pf_get_sport()
376 key.port[didx] = pd->ndport; in pf_get_sport()
380 pd->af); in pf_get_sport()
386 if (pd->proto == IPPROTO_SCTP) { in pf_get_sport()
387 key.port[sidx] = pd->nsport; in pf_get_sport()
389 *nport = pd->nsport; in pf_get_sport()
394 } else if (!(pd->proto == IPPROTO_TCP || pd->proto == IPPROTO_UDP || in pf_get_sport()
395 pd->proto == IPPROTO_ICMP) || (low == 0 && high == 0)) { in pf_get_sport()
400 key.port[sidx] = pd->nsport; in pf_get_sport()
402 *nport = pd->nsport; in pf_get_sport()
448 if (pd->proto == IPPROTO_UDP && in pf_get_sport()
473 if (pf_map_addr_sn(pd->naf, r, &pd->nsaddr, naddr, in pf_get_sport()
474 &(pd->naf), NULL, &init_addr, rpool, sn_type)) in pf_get_sport()
483 } while (! PF_AEQ(&init_addr, naddr, pd->naf) ); in pf_get_sport()
503 pf_get_mape_sport(struct pf_pdesc *pd, struct pf_krule *r, in pf_get_mape_sport() argument
524 if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, in pf_get_mape_sport()
530 if (!pf_get_sport(pd, r, naddr, nport, low, low | highmask, in pf_get_mape_sport()
874 if (ctx->pd->dir == PF_OUT) { in pf_get_translation()
905 struct pf_pdesc *pd = ctx->pd; in pf_get_transaddr() local
916 if (pf_state_key_setup(pd, pd->nsport, pd->ndport, &ctx->sk, in pf_get_transaddr()
926 if (pd->proto == IPPROTO_ICMP) { in pf_get_transaddr()
934 if (pf_get_mape_sport(pd, r, naddr, nportp, in pf_get_transaddr()
945 } else if (pf_get_sport(pd, r, naddr, nportp, low, high, in pf_get_transaddr()
955 switch (pd->dir) { in pf_get_transaddr()
958 switch (pd->af) { in pf_get_transaddr()
969 &pd->nsaddr, AF_INET); in pf_get_transaddr()
982 &pd->nsaddr, AF_INET6); in pf_get_transaddr()
989 &rpool->cur->addr.v.a.mask, &pd->nsaddr, in pf_get_transaddr()
990 pd->af); in pf_get_transaddr()
994 switch (pd->af) { in pf_get_transaddr()
1004 &pd->ndaddr, AF_INET); in pf_get_transaddr()
1016 &pd->ndaddr, AF_INET6); in pf_get_transaddr()
1022 &r->src.addr.v.a.mask, &pd->ndaddr, pd->af); in pf_get_transaddr()
1031 reason = pf_map_addr_sn(pd->af, r, &pd->nsaddr, naddr, in pf_get_transaddr()
1032 &(pd->naf), NULL, NULL, rpool, PF_SN_NAT); in pf_get_transaddr()
1038 &pd->ndaddr, pd->af); in pf_get_transaddr()
1041 if (pd->proto == IPPROTO_SCTP) in pf_get_transaddr()
1051 tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) % div) + in pf_get_transaddr()
1061 nport = pd->ndport; in pf_get_transaddr()
1075 key.af = pd->af; in pf_get_transaddr()
1076 key.proto = pd->proto; in pf_get_transaddr()
1077 key.port[0] = pd->nsport; in pf_get_transaddr()
1078 pf_addrcpy(&key.addr[0], &pd->nsaddr, key.af); in pf_get_transaddr()
1125 ntohs(pd->nsport), ntohs(ctx->nk->port[0])); in pf_get_transaddr()
1147 pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd) in pf_get_transaddr_af() argument
1159 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1161 pf_print_host(&pd->nsaddr, pd->nsport, pd->af); in pf_get_transaddr_af()
1163 pf_print_host(&pd->ndaddr, pd->ndport, pd->af); in pf_get_transaddr_af()
1171 if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0], in pf_get_transaddr_af()
1179 if (pd->proto == IPPROTO_ICMPV6 && pd->naf == AF_INET) { in pf_get_transaddr_af()
1180 pd->ndport = ntohs(pd->ndport); in pf_get_transaddr_af()
1181 if (pd->ndport == ICMP6_ECHO_REQUEST) in pf_get_transaddr_af()
1182 pd->ndport = ICMP_ECHO; in pf_get_transaddr_af()
1183 else if (pd->ndport == ICMP6_ECHO_REPLY) in pf_get_transaddr_af()
1184 pd->ndport = ICMP_ECHOREPLY; in pf_get_transaddr_af()
1185 pd->ndport = htons(pd->ndport); in pf_get_transaddr_af()
1186 } else if (pd->proto == IPPROTO_ICMP && pd->naf == AF_INET6) { in pf_get_transaddr_af()
1187 pd->nsport = ntohs(pd->nsport); in pf_get_transaddr_af()
1188 if (pd->ndport == ICMP_ECHO) in pf_get_transaddr_af()
1189 pd->ndport = ICMP6_ECHO_REQUEST; in pf_get_transaddr_af()
1190 else if (pd->ndport == ICMP_ECHOREPLY) in pf_get_transaddr_af()
1191 pd->ndport = ICMP6_ECHO_REPLY; in pf_get_transaddr_af()
1192 pd->nsport = htons(pd->nsport); in pf_get_transaddr_af()
1197 if (pf_map_addr_sn(pd->naf, r, &nsaddr, &naddr, &(pd->naf), in pf_get_transaddr_af()
1201 pd->ndport = htons(r->rdr.proxy_port[0]); in pf_get_transaddr_af()
1203 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1207 inet_nat46(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1213 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &naddr, in pf_get_transaddr_af()
1217 if (pd->naf == AF_INET) { in pf_get_transaddr_af()
1223 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &pd->ndaddr, in pf_get_transaddr_af()
1234 inet_nat64(pd->naf, &pd->ndaddr, &ndaddr, &nsaddr, in pf_get_transaddr_af()
1239 pf_addrcpy(&pd->nsaddr, &nsaddr, pd->naf); in pf_get_transaddr_af()
1240 pf_addrcpy(&pd->ndaddr, &ndaddr, pd->naf); in pf_get_transaddr_af()
1244 pd->naf == AF_INET ? "inet" : "inet6", in pf_get_transaddr_af()
1246 pf_print_host(&pd->nsaddr, pd->nsport, pd->naf); in pf_get_transaddr_af()
1248 pf_print_host(&pd->ndaddr, pd->ndport, pd->naf); in pf_get_transaddr_af()