Lines Matching refs:pd
975 struct pf_pdesc pd; in pf_refragment6() local
1039 memset(&pd, 0, sizeof(pd)); in pf_refragment6()
1040 pd.pf_mtag = pf_find_mtag(m); in pf_refragment6()
1070 pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) in pf_normalize_ip() argument
1073 struct ip *h = mtod(pd->m, struct ip *); in pf_normalize_ip()
1099 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot) in pf_normalize_ip()
1101 else if (r->direction && r->direction != pd->dir) in pf_normalize_ip()
1109 r->src.neg, pd->kif, M_GETFIB(pd->m))) in pf_normalize_ip()
1113 r->dst.neg, NULL, M_GETFIB(pd->m))) in pf_normalize_ip()
1115 else if (r->match_tag && !pf_match_tag(pd->m, r, &tag, in pf_normalize_ip()
1116 pd->pf_mtag ? pd->pf_mtag->tag : 0)) in pf_normalize_ip()
1129 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); in pf_normalize_ip()
1130 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); in pf_normalize_ip()
1132 pf_rule_to_actions(r, &pd->act); in pf_normalize_ip()
1193 verdict = pf_reassemble(&pd->m, pd->dir, reason); in pf_normalize_ip()
1199 if (pd->m == NULL) in pf_normalize_ip()
1202 h = mtod(pd->m, struct ip *); in pf_normalize_ip()
1203 pd->tot_len = htons(h->ip_len); in pf_normalize_ip()
1222 PFLOG_PACKET(PF_DROP, *reason, r, NULL, NULL, pd, 1, NULL); in pf_normalize_ip()
1231 struct pf_pdesc *pd) in pf_normalize_ip6() argument
1252 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot) in pf_normalize_ip6()
1254 else if (r->direction && r->direction != pd->dir) in pf_normalize_ip6()
1258 else if (r->proto && r->proto != pd->proto) in pf_normalize_ip6()
1261 (struct pf_addr *)&pd->src, AF_INET6, in pf_normalize_ip6()
1262 r->src.neg, pd->kif, M_GETFIB(pd->m))) in pf_normalize_ip6()
1265 (struct pf_addr *)&pd->dst, AF_INET6, in pf_normalize_ip6()
1266 r->dst.neg, NULL, M_GETFIB(pd->m))) in pf_normalize_ip6()
1279 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); in pf_normalize_ip6()
1280 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); in pf_normalize_ip6()
1282 pf_rule_to_actions(r, &pd->act); in pf_normalize_ip6()
1285 if (!pf_pull_hdr(pd->m, off, &frag, sizeof(frag), NULL, reason, AF_INET6)) in pf_normalize_ip6()
1291 if (pd->virtual_proto == PF_VPROTO_FRAGMENT) { in pf_normalize_ip6()
1294 if (pf_reassemble6(&pd->m, &frag, off, pd->extoff, reason) != PF_PASS) in pf_normalize_ip6()
1296 if (pd->m == NULL) in pf_normalize_ip6()
1298 h = mtod(pd->m, struct ip6_hdr *); in pf_normalize_ip6()
1299 pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr); in pf_normalize_ip6()
1307 pf_normalize_tcp(struct pf_pdesc *pd) in pf_normalize_tcp() argument
1310 struct tcphdr *th = &pd->hdr.tcp; in pf_normalize_tcp()
1314 sa_family_t af = pd->af; in pf_normalize_tcp()
1325 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot) in pf_normalize_tcp()
1327 else if (r->direction && r->direction != pd->dir) in pf_normalize_tcp()
1331 else if (r->proto && r->proto != pd->proto) in pf_normalize_tcp()
1333 else if (PF_MISMATCHAW(&r->src.addr, pd->src, af, in pf_normalize_tcp()
1334 r->src.neg, pd->kif, M_GETFIB(pd->m))) in pf_normalize_tcp()
1339 else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, in pf_normalize_tcp()
1340 r->dst.neg, NULL, M_GETFIB(pd->m))) in pf_normalize_tcp()
1346 pf_osfp_fingerprint(pd, th), in pf_normalize_tcp()
1362 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); in pf_normalize_tcp()
1363 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); in pf_normalize_tcp()
1365 pf_rule_to_actions(rm, &pd->act); in pf_normalize_tcp()
1369 pd->flags |= PFDESC_TCP_NORM; in pf_normalize_tcp()
1405 th->th_sum = pf_proto_cksum_fixup(pd->m, th->th_sum, ov, nv, 0); in pf_normalize_tcp()
1411 th->th_sum = pf_proto_cksum_fixup(pd->m, th->th_sum, th->th_urp, in pf_normalize_tcp()
1419 m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th); in pf_normalize_tcp()
1426 PFLOG_PACKET(PF_DROP, reason, r, NULL, NULL, pd, 1, NULL); in pf_normalize_tcp()
1431 pf_normalize_tcp_init(struct pf_pdesc *pd, struct tcphdr *th, in pf_normalize_tcp_init() argument
1445 switch (pd->af) { in pf_normalize_tcp_init()
1448 struct ip *h = mtod(pd->m, struct ip *); in pf_normalize_tcp_init()
1455 struct ip6_hdr *h = mtod(pd->m, struct ip6_hdr *); in pf_normalize_tcp_init()
1470 pf_pull_hdr(pd->m, pd->off, hdr, th->th_off << 2, NULL, NULL, pd->af)) { in pf_normalize_tcp_init()
1521 pf_normalize_sctp_init(struct pf_pdesc *pd, struct pf_state_peer *src, in pf_normalize_sctp_init() argument
1534 dst->scrub->pfss_v_tag = pd->sctp_initiate_tag; in pf_normalize_sctp_init()
1540 pf_normalize_tcp_stateful(struct pf_pdesc *pd, in pf_normalize_tcp_stateful() argument
1561 switch (pd->af) { in pf_normalize_tcp_stateful()
1565 struct ip *h = mtod(pd->m, struct ip *); in pf_normalize_tcp_stateful()
1576 struct ip6_hdr *h = mtod(pd->m, struct ip6_hdr *); in pf_normalize_tcp_stateful()
1589 pf_pull_hdr(pd->m, pd->off, hdr, th->th_off << 2, NULL, NULL, pd->af)) { in pf_normalize_tcp_stateful()
1625 pf_patch_32_unaligned(pd->m, in pf_normalize_tcp_stateful()
1643 pf_patch_32_unaligned(pd->m, in pf_normalize_tcp_stateful()
1663 m_copyback(pd->m, pd->off + sizeof(struct tcphdr), in pf_normalize_tcp_stateful()
1828 || pd->p_len > 0 || (tcp_get_flags(th) & TH_SYN)) && in pf_normalize_tcp_stateful()
1858 if (pd->p_len > 0 && (src->scrub->pfss_flags & PFSS_DATA_TS)) { in pf_normalize_tcp_stateful()
1883 if (pd->p_len > 0 && src->scrub && (src->scrub->pfss_flags & in pf_normalize_tcp_stateful()
1935 pf_normalize_mss(struct pf_pdesc *pd) in pf_normalize_mss() argument
1937 struct tcphdr *th = &pd->hdr.tcp; in pf_normalize_mss()
1948 if (cnt <= 0 || cnt > MAX_TCPOPTLEN || !pf_pull_hdr(pd->m, in pf_normalize_mss()
1949 pd->off + sizeof(*th), opts, cnt, NULL, NULL, pd->af)) in pf_normalize_mss()
1969 if ((ntohs(*mss)) > pd->act.max_mss) { in pf_normalize_mss()
1970 pf_patch_16_unaligned(pd->m, in pf_normalize_mss()
1972 mss, htons(pd->act.max_mss), in pf_normalize_mss()
1975 m_copyback(pd->m, pd->off + sizeof(*th), in pf_normalize_mss()
1977 m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th); in pf_normalize_mss()
1989 pf_scan_sctp(struct pf_pdesc *pd) in pf_scan_sctp() argument
1996 while (pd->off + chunk_off < pd->tot_len) { in pf_scan_sctp()
1997 if (!pf_pull_hdr(pd->m, pd->off + chunk_off, &ch, sizeof(ch), NULL, in pf_scan_sctp()
1998 NULL, pd->af)) in pf_scan_sctp()
2013 if (!pf_pull_hdr(pd->m, pd->off + chunk_start, &init, in pf_scan_sctp()
2014 sizeof(init), NULL, NULL, pd->af)) in pf_scan_sctp()
2035 pd->hdr.sctp.v_tag != 0) in pf_scan_sctp()
2038 pd->sctp_initiate_tag = init.init.initiate_tag; in pf_scan_sctp()
2041 pd->sctp_flags |= PFDESC_SCTP_INIT; in pf_scan_sctp()
2043 pd->sctp_flags |= PFDESC_SCTP_INIT_ACK; in pf_scan_sctp()
2045 ret = pf_multihome_scan_init(pd->off + chunk_start, in pf_scan_sctp()
2046 ntohs(init.ch.chunk_length), pd); in pf_scan_sctp()
2053 pd->sctp_flags |= PFDESC_SCTP_ABORT; in pf_scan_sctp()
2057 pd->sctp_flags |= PFDESC_SCTP_SHUTDOWN; in pf_scan_sctp()
2060 pd->sctp_flags |= PFDESC_SCTP_SHUTDOWN_COMPLETE; in pf_scan_sctp()
2063 pd->sctp_flags |= PFDESC_SCTP_COOKIE; in pf_scan_sctp()
2066 pd->sctp_flags |= PFDESC_SCTP_COOKIE_ACK; in pf_scan_sctp()
2069 pd->sctp_flags |= PFDESC_SCTP_DATA; in pf_scan_sctp()
2072 pd->sctp_flags |= PFDESC_SCTP_HEARTBEAT; in pf_scan_sctp()
2075 pd->sctp_flags |= PFDESC_SCTP_HEARTBEAT_ACK; in pf_scan_sctp()
2078 pd->sctp_flags |= PFDESC_SCTP_ASCONF; in pf_scan_sctp()
2080 ret = pf_multihome_scan_asconf(pd->off + chunk_start, in pf_scan_sctp()
2081 ntohs(ch.chunk_length), pd); in pf_scan_sctp()
2086 pd->sctp_flags |= PFDESC_SCTP_OTHER; in pf_scan_sctp()
2092 if (pd->off + chunk_off != pd->tot_len) in pf_scan_sctp()
2099 if ((pd->sctp_flags & PFDESC_SCTP_INIT) && in pf_scan_sctp()
2100 (pd->sctp_flags & ~PFDESC_SCTP_INIT)) in pf_scan_sctp()
2102 if ((pd->sctp_flags & PFDESC_SCTP_INIT_ACK) && in pf_scan_sctp()
2103 (pd->sctp_flags & ~PFDESC_SCTP_INIT_ACK)) in pf_scan_sctp()
2105 if ((pd->sctp_flags & PFDESC_SCTP_SHUTDOWN_COMPLETE) && in pf_scan_sctp()
2106 (pd->sctp_flags & ~PFDESC_SCTP_SHUTDOWN_COMPLETE)) in pf_scan_sctp()
2108 if ((pd->sctp_flags & PFDESC_SCTP_ABORT) && in pf_scan_sctp()
2109 (pd->sctp_flags & PFDESC_SCTP_DATA)) { in pf_scan_sctp()
2121 pf_normalize_sctp(struct pf_pdesc *pd) in pf_normalize_sctp() argument
2124 struct sctphdr *sh = &pd->hdr.sctp; in pf_normalize_sctp()
2126 sa_family_t af = pd->af; in pf_normalize_sctp()
2137 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot) in pf_normalize_sctp()
2139 else if (r->direction && r->direction != pd->dir) in pf_normalize_sctp()
2143 else if (r->proto && r->proto != pd->proto) in pf_normalize_sctp()
2145 else if (PF_MISMATCHAW(&r->src.addr, pd->src, af, in pf_normalize_sctp()
2146 r->src.neg, pd->kif, M_GETFIB(pd->m))) in pf_normalize_sctp()
2151 else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, in pf_normalize_sctp()
2152 r->dst.neg, NULL, M_GETFIB(pd->m))) in pf_normalize_sctp()
2170 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1); in pf_normalize_sctp()
2171 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len); in pf_normalize_sctp()
2176 if ((pd->tot_len - pd->off - sizeof(struct sctphdr)) % 4) in pf_normalize_sctp()
2180 if (pd->sctp_flags & PFDESC_SCTP_INIT) in pf_normalize_sctp()
2181 if (pd->sctp_flags & ~PFDESC_SCTP_INIT) in pf_normalize_sctp()
2189 PFLOG_PACKET(PF_DROP, reason, r, NULL, NULL, pd, in pf_normalize_sctp()
2197 pf_scrub(struct pf_pdesc *pd) in pf_scrub() argument
2200 struct ip *h = mtod(pd->m, struct ip *); in pf_scrub()
2202 struct ip6_hdr *h6 = mtod(pd->m, struct ip6_hdr *); in pf_scrub()
2206 if (pd->af == AF_INET && pd->act.flags & PFSTATE_NODF && in pf_scrub()
2216 if (pd->af == AF_INET && pd->act.min_ttl && in pf_scrub()
2217 h->ip_ttl < pd->act.min_ttl) { in pf_scrub()
2220 h->ip_ttl = pd->act.min_ttl; in pf_scrub()
2225 if (pd->af == AF_INET6 && pd->act.min_ttl && in pf_scrub()
2226 h6->ip6_hlim < pd->act.min_ttl) in pf_scrub()
2227 h6->ip6_hlim = pd->act.min_ttl; in pf_scrub()
2230 if (pd->act.flags & PFSTATE_SETTOS) { in pf_scrub()
2231 switch (pd->af) { in pf_scrub()
2236 h->ip_tos = pd->act.set_tos | (h->ip_tos & IPTOS_ECN_MASK); in pf_scrub()
2245 h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6)) << 20); in pf_scrub()
2253 if (pd->af == AF_INET && in pf_scrub()
2254 pd->act.flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) { in pf_scrub()