Lines Matching refs:ifs
947 ipf_stack_t *ifs = fin->fin_ifs; local
998 if (icmp->icmp_nextmtu < ifs->ifs_fr_icmpminfragmtu)
1680 ipf_stack_t *ifs = fin->fin_ifs; local
1719 i = (*fr->fr_srcfunc)(fr->fr_srcptr, fi->fi_v, lip, fin, ifs);
1762 i = (*fr->fr_dstfunc)(fr->fr_dstptr, fi->fi_v, lip, fin, ifs);
1868 ipf_stack_t *ifs = fin->fin_ifs; local
2018 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_skip);
2020 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_pkl);
2060 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2062 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2096 ipf_stack_t *ifs = fin->fin_ifs; local
2101 fr = ifs->ifs_ipacct6[fin->fin_out][ifs->ifs_fr_active];
2104 fr = ifs->ifs_ipacct[fin->fin_out][ifs->ifs_fr_active];
2113 IPF_BUMP(ifs->ifs_frstats[0].fr_acct);
2144 ipf_stack_t *ifs = fin->fin_ifs; local
2151 fin->fin_fr = ifs->ifs_ipfilter6[out][ifs->ifs_fr_active];
2154 fin->fin_fr = ifs->ifs_ipfilter[out][ifs->ifs_fr_active];
2162 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2168 fc = &ifs->ifs_frcache[out][CACHE_HASH(fin)];
2169 READ_ENTER(&ifs->ifs_ipf_frcache);
2175 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2176 IPF_BUMP(ifs->ifs_frstats[out].fr_chit);
2184 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2186 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2190 WRITE_ENTER(&ifs->ifs_ipf_frcache);
2192 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2199 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2209 IPF_BUMP(ifs->ifs_frstats[out].fr_ppshit);
2240 if ((fin->fin_fr = ifs->ifs_ipauth) != NULL)
2241 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2251 IPF_BUMP(ifs->ifs_frstats[out].fr_bnfr);
2253 IPF_BUMP(ifs->ifs_frstats[out].fr_nfr);
2256 IPF_BUMP(ifs->ifs_frstats[out].fr_cfr);
2265 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2267 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2315 , qif, mp, ifs) in fr_check() argument
2318 , mp, ifs)
2325 ipf_stack_t *ifs;
2347 pass = ifs->ifs_fr_pass;
2363 if (ifs->ifs_fr_running <= 0) {
2425 fin->fin_ifs = ifs;
2431 IPF_BUMP(ifs->ifs_frstats[out].fr_ipv6);
2440 READ_ENTER(&ifs->ifs_ipf_mutex);
2456 READ_ENTER(&ifs->ifs_ipf_mutex);
2471 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2472 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2476 if (fin->fin_ip->ip_ttl < ifs->ifs_fr_minttl) {
2477 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2485 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2486 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2490 if (ip6->ip6_hlim < ifs->ifs_fr_minttl) {
2491 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2499 IPF_BUMP(ifs->ifs_frstats[out].fr_short);
2502 READ_ENTER(&ifs->ifs_ipf_mutex);
2517 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2524 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2558 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2565 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2574 if ((ifs->ifs_fr_update_ipid != 0) && (v == 4)) {
2576 IPF_BUMP(ifs->ifs_frstats[1].fr_ipud);
2580 IPF_BUMP(ifs->ifs_frstats[0].fr_ipud);
2586 if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
2648 ifs->ifs_frstats[out].fr_ret);
2660 ifs->ifs_frstats[out].fr_block);
2661 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2668 IPF_BUMP(ifs->ifs_frstats[out].fr_ret);
2685 ifs->ifs_frstats[out].fr_ret);
2697 ifs->ifs_frstats[out].fr_block);
2698 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2704 IPF_BUMP(ifs->ifs_frstats[1].fr_ret);
2767 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2771 IPF_BUMP(ifs->ifs_frstats[out].fr_block);
2777 IPF_BUMP(ifs->ifs_frstats[out].fr_pass);
2847 ipf_stack_t *ifs = fin->fin_ifs; local
2852 if ((ifs->ifs_fr_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
2854 IPF_BUMP(ifs->ifs_frstats[out].fr_npkl);
2857 (FR_ISPASS(pass) && (ifs->ifs_fr_flags & FF_LOGPASS))) {
2860 IPF_BUMP(ifs->ifs_frstats[out].fr_ppkl);
2863 (FR_ISBLOCK(pass) && (ifs->ifs_fr_flags & FF_LOGBLOCK))) {
2866 IPF_BUMP(ifs->ifs_frstats[out].fr_bpkl);
2869 IPF_BUMP(ifs->ifs_frstats[out].fr_skip);
3321 frgroup_t *fr_findgroup(group, unit, set, fgpp, ifs) in fr_findgroup() argument
3326 ipf_stack_t *ifs;
3334 fgp = &ifs->ifs_ipfgroups[unit][set];
3362 frgroup_t *fr_addgroup(group, head, flags, unit, set, ifs) in fr_addgroup() argument
3368 ipf_stack_t *ifs;
3382 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3416 void fr_delgroup(group, unit, set, ifs) in fr_delgroup() argument
3420 ipf_stack_t *ifs;
3424 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3447 frentry_t *fr_getrulen(unit, group, n, ifs) in fr_getrulen() argument
3451 ipf_stack_t *ifs;
3456 fg = fr_findgroup(group, unit, ifs->ifs_fr_active, NULL, ifs);
3475 int fr_rulen(unit, fr, ifs) in fr_rulen() argument
3478 ipf_stack_t *ifs;
3486 fg = fr_findgroup(fr->fr_group, unit, ifs->ifs_fr_active, NULL, ifs);
3517 static int frflushlist(set, unit, nfreedp, listp, ifs) in frflushlist() argument
3522 ipf_stack_t *ifs;
3535 (void) frflushlist(set, unit, nfreedp, fp->fr_grp, ifs);
3539 fr_delgroup(fp->fr_grhead, unit, set, ifs);
3545 if (fr_derefrule(&fp, ifs) == 0)
3562 int frflush(unit, proto, flags, ifs) in frflush() argument
3565 ipf_stack_t *ifs;
3569 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3570 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
3572 set = ifs->ifs_fr_active;
3579 &flushed, &ifs->ifs_ipfilter6[1][set], ifs);
3581 &flushed, &ifs->ifs_ipacct6[1][set], ifs);
3585 &flushed, &ifs->ifs_ipfilter[1][set], ifs);
3587 &flushed, &ifs->ifs_ipacct[1][set], ifs);
3593 &flushed, &ifs->ifs_ipfilter6[0][set], ifs);
3595 &flushed, &ifs->ifs_ipacct6[0][set], ifs);
3599 &flushed, &ifs->ifs_ipfilter[0][set], ifs);
3601 &flushed, &ifs->ifs_ipacct[0][set], ifs);
3604 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
3609 tmp = frflush(IPL_LOGCOUNT, proto, flags, ifs);
3788 static void *fr_ifsync(action, v, newname, oldname, newifp, oldifp, ifs) in fr_ifsync() argument
3792 ipf_stack_t *ifs;
3800 rval = fr_resolvenic(oldname, v, ifs);
3839 static void frsynclist(action, v, ifp, ifname, fr, ifs) in frsynclist() argument
3844 ipf_stack_t *ifs;
3861 ifs);
3866 ifp, fdp->fd_ifp, ifs);
3870 ifp, fdp->fd_ifp, ifs);
3874 ifp, fdp->fd_ifp, ifs);
3885 ifs);
3892 ifs);
3901 &fr->fr_srcfunc, ifs);
3907 &fr->fr_dstfunc, ifs);
3933 void frsync(action, v, ifp, name, ifs) in frsync() argument
3937 ipf_stack_t *ifs;
3941 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3942 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[0][ifs->ifs_fr_active], ifs);
3943 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[1][ifs->ifs_fr_active], ifs);
3944 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[0][ifs->ifs_fr_active], ifs);
3945 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[1][ifs->ifs_fr_active], ifs);
3946 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[0][ifs->ifs_fr_active], ifs);
3947 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[1][ifs->ifs_fr_active], ifs);
3948 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[0][ifs->ifs_fr_active], ifs);
3949 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[1][ifs->ifs_fr_active], ifs);
3954 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
3955 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3956 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
3957 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3959 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4022 void fr_ifindexsync(ifp, newifp, ifs) in fr_ifindexsync() argument
4025 ipf_stack_t *ifs;
4031 rule_lists[0] = ifs->ifs_ipacct[0][ifs->ifs_fr_active];
4032 rule_lists[1] = ifs->ifs_ipacct[1][ifs->ifs_fr_active];
4033 rule_lists[2] = ifs->ifs_ipfilter[0][ifs->ifs_fr_active];
4034 rule_lists[3] = ifs->ifs_ipfilter[1][ifs->ifs_fr_active];
4035 rule_lists[4] = ifs->ifs_ipacct6[0][ifs->ifs_fr_active];
4036 rule_lists[5] = ifs->ifs_ipacct6[1][ifs->ifs_fr_active];
4037 rule_lists[6] = ifs->ifs_ipfilter6[0][ifs->ifs_fr_active];
4038 rule_lists[7] = ifs->ifs_ipfilter6[1][ifs->ifs_fr_active];
4050 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
4052 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
4158 void fr_getstat(fiop, ifs) in fr_getstat() argument
4160 ipf_stack_t *ifs;
4164 bcopy((char *)&ifs->ifs_frstats, (char *)fiop->f_st,
4166 fiop->f_locks[IPL_LOGSTATE] = ifs->ifs_fr_state_lock;
4167 fiop->f_locks[IPL_LOGNAT] = ifs->ifs_fr_nat_lock;
4168 fiop->f_locks[IPL_LOGIPF] = ifs->ifs_fr_frag_lock;
4169 fiop->f_locks[IPL_LOGAUTH] = ifs->ifs_fr_auth_lock;
4173 fiop->f_ipf[i][j] = ifs->ifs_ipfilter[i][j];
4174 fiop->f_acct[i][j] = ifs->ifs_ipacct[i][j];
4175 fiop->f_ipf6[i][j] = ifs->ifs_ipfilter6[i][j];
4176 fiop->f_acct6[i][j] = ifs->ifs_ipacct6[i][j];
4179 fiop->f_ticks = ifs->ifs_fr_ticks;
4180 fiop->f_active = ifs->ifs_fr_active;
4181 fiop->f_froute[0] = ifs->ifs_fr_frouteok[0];
4182 fiop->f_froute[1] = ifs->ifs_fr_frouteok[1];
4184 fiop->f_running = ifs->ifs_fr_running;
4186 fiop->f_groups[i][0] = ifs->ifs_ipfgroups[i][0];
4187 fiop->f_groups[i][1] = ifs->ifs_ipfgroups[i][1];
4194 fiop->f_defpass = ifs->ifs_fr_pass;
4312 static void *fr_resolvelookup(type, number, funcptr, ifs) in fr_resolvelookup() argument
4315 ipf_stack_t *ifs;
4328 READ_ENTER(&ifs->ifs_ip_poolrw);
4337 ipo = ip_pool_find(IPL_LOGIPF, name, ifs);
4346 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
4358 RWLOCK_EXIT(&ifs->ifs_ip_poolrw);
4382 int frrequest(unit, req, data, set, makecopy, ifs) in frrequest() argument
4387 ipf_stack_t *ifs;
4441 error = fr_funcinit(fp, ifs);
4461 fg = fr_findgroup(group, unit, set, NULL, ifs);
4478 fprev = &ifs->ifs_ipauth;
4481 fprev = &ifs->ifs_ipacct[in][set];
4483 fprev = &ifs->ifs_ipfilter[in][set];
4486 fprev = &ifs->ifs_ipacct6[in][set];
4488 fprev = &ifs->ifs_ipfilter6[in][set];
4494 if (!fg && !(fg = fr_findgroup(group, unit, set, NULL, ifs)))
4585 &fp->fr_srcfunc, ifs);
4610 &fp->fr_dstfunc, ifs);
4633 frsynclist(0, 0, NULL, NULL, fp, ifs);
4650 WRITE_ENTER(&ifs->ifs_ipf_mutex);
4651 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
4703 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4779 error = fr_preauthcmd(req, f, ftail, ifs);
4783 fr_delgroup(f->fr_grhead, unit, set, ifs);
4787 (void)fr_derefrule(&f, ifs);
4797 error = fr_preauthcmd(req, fp, ftail, ifs);
4827 unit, set, ifs);
4836 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4852 static int fr_funcinit(fr, ifs) in fr_funcinit() argument
4854 ipf_stack_t *ifs;
4865 err = (*ft->ipfu_init)(fr, ifs);
4997 int fr_derefrule(frp, ifs) in fr_derefrule() argument
4999 ipf_stack_t *ifs;
5013 ip_lookup_deref(fr->fr_srctype, fr->fr_srcptr, ifs);
5015 ip_lookup_deref(fr->fr_dsttype, fr->fr_dstptr, ifs);
5043 static int fr_grpmapinit(fr, ifs) in fr_grpmapinit() argument
5045 ipf_stack_t *ifs;
5055 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
5081 ipf_stack_t *ifs = fin->fin_ifs; local
5083 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_src, ifs);
5110 ipf_stack_t *ifs = fin->fin_ifs; local
5112 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_dst, ifs);
5151 ipftq_t *fr_addtimeoutqueue(parent, seconds, ifs) in fr_addtimeoutqueue() argument
5154 ipf_stack_t *ifs;
5161 MUTEX_ENTER(&ifs->ifs_ipf_timeoutlock);
5172 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5188 ifs->ifs_fr_userifqs++;
5192 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5238 void fr_freetimeoutqueue(ifq, ifs) in fr_freetimeoutqueue() argument
5240 ipf_stack_t *ifs;
5260 ifs->ifs_fr_userifqs--;
5344 void fr_queueback(tqe, ifs) in fr_queueback() argument
5346 ipf_stack_t *ifs;
5353 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5387 void fr_queueappend(tqe, ifq, parent, ifs) in fr_queueappend() argument
5391 ipf_stack_t *ifs;
5401 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5419 void fr_movequeue(tqe, oifq, nifq, ifs) in fr_movequeue() argument
5422 ipf_stack_t *ifs;
5428 if (oifq == nifq && tqe->tqe_touched == ifs->ifs_fr_ticks)
5435 tqe->tqe_touched = ifs->ifs_fr_ticks;
5436 tqe->tqe_die = ifs->ifs_fr_ticks + nifq->ifq_ttl;
5601 INLINE int fr_ioctlswitch(unit, data, cmd, mode, uid, ctx, ifs) in fr_ioctlswitch() argument
5605 ipf_stack_t *ifs;
5615 if (ifs->ifs_fr_running > 0)
5616 error = fr_nat_ioctl(data, cmd, mode, uid, ctx, ifs);
5621 if (ifs->ifs_fr_running > 0)
5622 error = fr_state_ioctl(data, cmd, mode, uid, ctx, ifs);
5627 if (ifs->ifs_fr_running > 0) {
5634 ifs->ifs_fr_active, 1, ifs);
5637 error = fr_auth_ioctl(data, cmd, mode, uid, ctx, ifs);
5644 if (ifs->ifs_fr_running > 0)
5645 error = fr_sync_ioctl(data, cmd, mode, ifs);
5652 if (ifs->ifs_fr_running > 0)
5653 error = fr_scan_ioctl(data, cmd, mode, ifs);
5660 if (ifs->ifs_fr_running > 0)
5661 error = ip_lookup_ioctl(data, cmd, mode, uid, ctx, ifs);
5979 ipf_stack_t *ifs = fin->fin_ifs; local
5984 net_data_p = ifs->ifs_ipf_ipv4;
5986 net_data_p = ifs->ifs_ipf_ipv6;
6201 ipf_stack_t *ifs = fin->fin_ifs; local
6214 IPF_BUMP(ifs->ifs_fr_badcoalesces[fin->fin_out]);
6354 tune_lookup(ipf_stack_t *ifs, char *name) in tune_lookup() argument
6358 for (i = 0; ifs->ifs_ipf_tuneables[i].ipft_name != NULL; i++) { in tune_lookup()
6359 if (strcmp(ifs->ifs_ipf_tuneables[i].ipft_name, name) == 0) in tune_lookup()
6360 return (&ifs->ifs_ipf_tuneables[i]); in tune_lookup()
6385 static void ipftuneable_setdefs(ipf_stack_t *ifs) in ipftuneable_setdefs() argument
6387 ifs->ifs_ipfr_size = IPFT_SIZE; in ipftuneable_setdefs()
6388 ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */ in ipftuneable_setdefs()
6391 ifs->ifs_fr_authsize = FR_NUMAUTH; in ipftuneable_setdefs()
6392 ifs->ifs_fr_defaultauthage = 600; in ipftuneable_setdefs()
6395 ifs->ifs_fr_tcpidletimeout = IPF_TTLVAL(3600 * 24 * 5); /* five days */ in ipftuneable_setdefs()
6396 ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL); in ipftuneable_setdefs()
6397 ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL); in ipftuneable_setdefs()
6398 ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL); in ipftuneable_setdefs()
6399 ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60); in ipftuneable_setdefs()
6400 ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */ in ipftuneable_setdefs()
6401 ifs->ifs_fr_udptimeout = IPF_TTLVAL(120); in ipftuneable_setdefs()
6402 ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12); in ipftuneable_setdefs()
6403 ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60); in ipftuneable_setdefs()
6404 ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6); in ipftuneable_setdefs()
6405 ifs->ifs_fr_iptimeout = IPF_TTLVAL(60); in ipftuneable_setdefs()
6406 ifs->ifs_fr_statemax = IPSTATE_MAX; in ipftuneable_setdefs()
6407 ifs->ifs_fr_statesize = IPSTATE_SIZE; in ipftuneable_setdefs()
6408 ifs->ifs_fr_state_maxbucket_reset = 1; in ipftuneable_setdefs()
6409 ifs->ifs_state_flush_level_hi = ST_FLUSH_HI; in ipftuneable_setdefs()
6410 ifs->ifs_state_flush_level_lo = ST_FLUSH_LO; in ipftuneable_setdefs()
6413 ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ; in ipftuneable_setdefs()
6414 ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX; in ipftuneable_setdefs()
6415 ifs->ifs_ipf_natrules_sz = NAT_SIZE; in ipftuneable_setdefs()
6416 ifs->ifs_ipf_rdrrules_sz = RDR_SIZE; in ipftuneable_setdefs()
6417 ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE; in ipftuneable_setdefs()
6418 ifs->ifs_fr_nat_maxbucket_reset = 1; in ipftuneable_setdefs()
6419 ifs->ifs_fr_defnatage = DEF_NAT_AGE; in ipftuneable_setdefs()
6420 ifs->ifs_fr_defnatipage = 120; /* 60 seconds */ in ipftuneable_setdefs()
6421 ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */ in ipftuneable_setdefs()
6422 ifs->ifs_nat_flush_level_hi = NAT_FLUSH_HI; in ipftuneable_setdefs()
6423 ifs->ifs_nat_flush_level_lo = NAT_FLUSH_LO; in ipftuneable_setdefs()
6427 ifs->ifs_ipl_suppress = 1; in ipftuneable_setdefs()
6428 ifs->ifs_ipl_logmax = IPL_LOGMAX; in ipftuneable_setdefs()
6429 ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE; in ipftuneable_setdefs()
6432 ifs->ifs_nat_logging = 1; in ipftuneable_setdefs()
6435 ifs->ifs_ipstate_logging = 1; in ipftuneable_setdefs()
6438 ifs->ifs_nat_logging = 0; in ipftuneable_setdefs()
6441 ifs->ifs_ipstate_logging = 0; in ipftuneable_setdefs()
6443 ifs->ifs_ipf_loopback = 0; in ipftuneable_setdefs()
6451 ipftuneable_alloc(ipf_stack_t *ifs) in ipftuneable_alloc() argument
6455 KMALLOCS(ifs->ifs_ipf_tuneables, ipftuneable_t *, in ipftuneable_alloc()
6457 bcopy(lcl_ipf_tuneables, ifs->ifs_ipf_tuneables, in ipftuneable_alloc()
6467 TUNE_SET(ifs, "fr_flags", ifs_fr_flags); in ipftuneable_alloc()
6468 TUNE_SET(ifs, "fr_active", ifs_fr_active); in ipftuneable_alloc()
6469 TUNE_SET(ifs, "fr_control_forwarding", ifs_fr_control_forwarding); in ipftuneable_alloc()
6470 TUNE_SET(ifs, "fr_update_ipid", ifs_fr_update_ipid); in ipftuneable_alloc()
6471 TUNE_SET(ifs, "fr_chksrc", ifs_fr_chksrc); in ipftuneable_alloc()
6472 TUNE_SET(ifs, "fr_minttl", ifs_fr_minttl); in ipftuneable_alloc()
6473 TUNE_SET(ifs, "fr_icmpminfragmtu", ifs_fr_icmpminfragmtu); in ipftuneable_alloc()
6474 TUNE_SET(ifs, "fr_pass", ifs_fr_pass); in ipftuneable_alloc()
6475 TUNE_SET(ifs, "fr_tcpidletimeout", ifs_fr_tcpidletimeout); in ipftuneable_alloc()
6476 TUNE_SET(ifs, "fr_tcpclosewait", ifs_fr_tcpclosewait); in ipftuneable_alloc()
6477 TUNE_SET(ifs, "fr_tcplastack", ifs_fr_tcplastack); in ipftuneable_alloc()
6478 TUNE_SET(ifs, "fr_tcptimeout", ifs_fr_tcptimeout); in ipftuneable_alloc()
6479 TUNE_SET(ifs, "fr_tcpclosed", ifs_fr_tcpclosed); in ipftuneable_alloc()
6480 TUNE_SET(ifs, "fr_tcphalfclosed", ifs_fr_tcphalfclosed); in ipftuneable_alloc()
6481 TUNE_SET(ifs, "fr_udptimeout", ifs_fr_udptimeout); in ipftuneable_alloc()
6482 TUNE_SET(ifs, "fr_udpacktimeout", ifs_fr_udpacktimeout); in ipftuneable_alloc()
6483 TUNE_SET(ifs, "fr_icmptimeout", ifs_fr_icmptimeout); in ipftuneable_alloc()
6484 TUNE_SET(ifs, "fr_icmpacktimeout", ifs_fr_icmpacktimeout); in ipftuneable_alloc()
6485 TUNE_SET(ifs, "fr_iptimeout", ifs_fr_iptimeout); in ipftuneable_alloc()
6486 TUNE_SET(ifs, "fr_statemax", ifs_fr_statemax); in ipftuneable_alloc()
6487 TUNE_SET(ifs, "fr_statesize", ifs_fr_statesize); in ipftuneable_alloc()
6488 TUNE_SET(ifs, "fr_state_lock", ifs_fr_state_lock); in ipftuneable_alloc()
6489 TUNE_SET(ifs, "fr_state_maxbucket", ifs_fr_state_maxbucket); in ipftuneable_alloc()
6490 TUNE_SET(ifs, "fr_state_maxbucket_reset", ifs_fr_state_maxbucket_reset); in ipftuneable_alloc()
6491 TUNE_SET(ifs, "ipstate_logging", ifs_ipstate_logging); in ipftuneable_alloc()
6492 TUNE_SET(ifs, "fr_nat_lock", ifs_fr_nat_lock); in ipftuneable_alloc()
6493 TUNE_SET(ifs, "ipf_nattable_sz", ifs_ipf_nattable_sz); in ipftuneable_alloc()
6494 TUNE_SET(ifs, "ipf_nattable_max", ifs_ipf_nattable_max); in ipftuneable_alloc()
6495 TUNE_SET(ifs, "ipf_natrules_sz", ifs_ipf_natrules_sz); in ipftuneable_alloc()
6496 TUNE_SET(ifs, "ipf_rdrrules_sz", ifs_ipf_rdrrules_sz); in ipftuneable_alloc()
6497 TUNE_SET(ifs, "ipf_hostmap_sz", ifs_ipf_hostmap_sz); in ipftuneable_alloc()
6498 TUNE_SET(ifs, "fr_nat_maxbucket", ifs_fr_nat_maxbucket); in ipftuneable_alloc()
6499 TUNE_SET(ifs, "fr_nat_maxbucket_reset", ifs_fr_nat_maxbucket_reset); in ipftuneable_alloc()
6500 TUNE_SET(ifs, "nat_logging", ifs_nat_logging); in ipftuneable_alloc()
6501 TUNE_SET(ifs, "fr_defnatage", ifs_fr_defnatage); in ipftuneable_alloc()
6502 TUNE_SET(ifs, "fr_defnatipage", ifs_fr_defnatipage); in ipftuneable_alloc()
6503 TUNE_SET(ifs, "fr_defnaticmpage", ifs_fr_defnaticmpage); in ipftuneable_alloc()
6504 TUNE_SET(ifs, "nat_flush_level_hi", ifs_nat_flush_level_hi); in ipftuneable_alloc()
6505 TUNE_SET(ifs, "nat_flush_level_lo", ifs_nat_flush_level_lo); in ipftuneable_alloc()
6506 TUNE_SET(ifs, "state_flush_level_hi", ifs_state_flush_level_hi); in ipftuneable_alloc()
6507 TUNE_SET(ifs, "state_flush_level_lo", ifs_state_flush_level_lo); in ipftuneable_alloc()
6508 TUNE_SET(ifs, "ipfr_size", ifs_ipfr_size); in ipftuneable_alloc()
6509 TUNE_SET(ifs, "fr_ipfrttl", ifs_fr_ipfrttl); in ipftuneable_alloc()
6510 TUNE_SET(ifs, "ipf_loopback", ifs_ipf_loopback); in ipftuneable_alloc()
6512 TUNE_SET(ifs, "ipl_suppress", ifs_ipl_suppress); in ipftuneable_alloc()
6513 TUNE_SET(ifs, "ipl_buffer_sz", ifs_ipl_buffer_sz); in ipftuneable_alloc()
6514 TUNE_SET(ifs, "ipl_logmax", ifs_ipl_logmax); in ipftuneable_alloc()
6515 TUNE_SET(ifs, "ipl_logall", ifs_ipl_logall); in ipftuneable_alloc()
6516 TUNE_SET(ifs, "ipl_logsize", ifs_ipl_logsize); in ipftuneable_alloc()
6520 ipftuneable_setdefs(ifs); in ipftuneable_alloc()
6523 (void) ipf_property_update(ipf_dev_info, ifs); in ipftuneable_alloc()
6528 ipftuneable_free(ipf_stack_t *ifs) in ipftuneable_free() argument
6530 KFREES(ifs->ifs_ipf_tuneables, sizeof (lcl_ipf_tuneables)); in ipftuneable_free()
6531 ifs->ifs_ipf_tuneables = NULL; in ipftuneable_free()
6546 static ipftuneable_t *fr_findtunebycookie(cookie, next, ifs) in fr_findtunebycookie() argument
6548 ipf_stack_t * ifs;
6552 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6566 *next = &ifs->ifs_ipf_tunelist;
6571 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6593 static ipftuneable_t *fr_findtunebyname(name, ifs) in fr_findtunebyname() argument
6595 ipf_stack_t *ifs;
6599 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6604 for (ta = ifs->ifs_ipf_tunelist; ta != NULL; ta = ta->ipft_next)
6622 int fr_addipftune(newtune, ifs) in fr_addipftune() argument
6624 ipf_stack_t *ifs;
6628 ta = fr_findtunebyname(newtune->ipft_name, ifs);
6632 for (tap = &ifs->ifs_ipf_tunelist; *tap != NULL; tap = &(*tap)->ipft_next)
6651 int fr_delipftune(oldtune, ifs) in fr_delipftune() argument
6653 ipf_stack_t *ifs;
6657 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6681 int fr_ipftune(cmd, data, ifs) in fr_ipftune() argument
6684 ipf_stack_t *ifs;
6712 ta = fr_findtunebycookie(cookie, &tu.ipft_cookie, ifs);
6714 ta = ifs->ifs_ipf_tuneables;
6754 ta = fr_findtunebycookie(cookie, NULL, ifs);
6758 ta = fr_findtunebyname(tu.ipft_name, ifs);
6794 (ifs->ifs_fr_running > 0)) {
6840 int fr_initialise(ifs) in fr_initialise() argument
6841 ipf_stack_t *ifs; in fr_initialise()
6846 i = fr_loginit(ifs);
6850 i = fr_natinit(ifs);
6854 i = fr_stateinit(ifs);
6858 i = fr_authinit(ifs);
6862 i = fr_fraginit(ifs);
6866 i = appr_init(ifs);
6871 i = ipfsync_init(ifs);
6876 i = ipsc_init(ifs);
6881 i = ip_lookup_init(ifs);
6886 ipfrule_add(ifs);
6902 void fr_deinitialise(ifs) in fr_deinitialise() argument
6903 ipf_stack_t *ifs; in fr_deinitialise()
6905 fr_fragunload(ifs);
6906 fr_authunload(ifs);
6907 fr_natunload(ifs);
6908 fr_stateunload(ifs);
6910 fr_scanunload(ifs);
6912 appr_unload(ifs);
6915 ipfrule_remove(ifs);
6918 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6919 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
6920 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6921 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE, ifs);
6924 ip_lookup_unload(ifs);
6928 fr_logunload(ifs);
6942 int fr_zerostats(data, ifs) in fr_zerostats() argument
6944 ipf_stack_t *ifs;
6949 fr_getstat(&fio, ifs);
6954 WRITE_ENTER(&ifs->ifs_ipf_mutex);
6955 bzero((char *)ifs->ifs_frstats, sizeof(*ifs->ifs_frstats) * 2);
6956 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
6975 void fr_resolvedest(fdp, v, ifs) in fr_resolvedest() argument
6978 ipf_stack_t *ifs;
6983 fdp->fd_ifp = GETIFP(fdp->fd_ifname, v, ifs);
7013 void *fr_resolvenic(name, v, ifs) in fr_resolvenic() argument
7016 ipf_stack_t *ifs;
7029 nic = GETIFP(name, v, ifs);
7044 void ipf_expiretokens(ifs) in ipf_expiretokens() argument
7045 ipf_stack_t *ifs; in ipf_expiretokens()
7049 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7050 while ((it = ifs->ifs_ipftokenhead) != NULL) {
7051 if (it->ipt_die > ifs->ifs_fr_ticks)
7054 ipf_freetoken(it, ifs);
7056 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7072 int ipf_deltoken(type, uid, ptr, ifs) in ipf_deltoken() argument
7075 ipf_stack_t *ifs;
7080 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7081 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next)
7084 ipf_freetoken(it, ifs);
7088 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7104 static void ipf_unlinktoken(token, ifs) in ipf_unlinktoken() argument
7106 ipf_stack_t *ifs;
7109 if (ifs->ifs_ipftokentail == &token->ipt_next)
7110 ifs->ifs_ipftokentail = token->ipt_pnext;
7134 ipftoken_t *ipf_findtoken(type, uid, ptr, ifs) in ipf_findtoken() argument
7137 ipf_stack_t *ifs;
7143 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7144 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next) {
7169 ipf_unlinktoken(it, ifs);
7171 it->ipt_pnext = ifs->ifs_ipftokentail;
7172 *ifs->ifs_ipftokentail = it;
7173 ifs->ifs_ipftokentail = &it->ipt_next;
7176 it->ipt_die = ifs->ifs_fr_ticks + 2;
7178 MUTEX_DOWNGRADE(&ifs->ifs_ipf_tokens);
7195 void ipf_freetoken(token, ifs) in ipf_freetoken() argument
7197 ipf_stack_t *ifs;
7201 ipf_unlinktoken(token, ifs);
7210 (void)fr_derefrule((frentry_t **)datap, ifs);
7213 WRITE_ENTER(&ifs->ifs_ipf_nat);
7214 fr_ipnatderef((ipnat_t **)datap, ifs);
7215 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7218 fr_natderef((nat_t **)datap, ifs);
7221 fr_statederef((ipstate_t **)datap, ifs);
7224 fr_fragderef((ipfr_t **)datap, &ifs->ifs_ipf_frag, ifs);
7228 &ifs->ifs_ipf_natfrag, ifs);
7231 WRITE_ENTER(&ifs->ifs_ipf_nat);
7233 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7236 (void) ip_lookup_iterderef(token->ipt_type, data, ifs);
7260 int ipf_getnextrule(t, ptr, ifs) in ipf_getnextrule() argument
7263 ipf_stack_t *ifs;
7293 READ_ENTER(&ifs->ifs_ipf_mutex);
7308 next = ifs->ifs_ipacct
7311 next = ifs->ifs_ipacct6
7315 next = ifs->ifs_ipfilter
7318 next = ifs->ifs_ipfilter6
7323 it.iri_active, NULL, ifs);
7357 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
7366 ipf_freetoken(t, ifs);
7370 (void) fr_derefrule(&fr, ifs);
7381 ipf_freetoken(t, ifs);
7389 READ_ENTER(&ifs->ifs_ipf_mutex);
7410 int ipf_frruleiter(data, uid, ctx, ifs) in ipf_frruleiter() argument
7413 ipf_stack_t *ifs;
7418 token = ipf_findtoken(IPFGENITER_IPF, uid, ctx, ifs);
7420 error = ipf_getnextrule(token, data, ifs);
7423 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7439 int ipf_geniter(token, itp, ifs) in ipf_geniter() argument
7442 ipf_stack_t *ifs;
7449 error = fr_nextfrag(token, itp, &ifs->ifs_ipfr_list,
7450 &ifs->ifs_ipfr_tail, &ifs->ifs_ipf_frag,
7451 ifs);
7475 int ipf_genericiter(data, uid, ctx, ifs) in ipf_genericiter() argument
7478 ipf_stack_t *ifs;
7488 token = ipf_findtoken(iter.igi_type, uid, ctx, ifs);
7491 error = ipf_geniter(token, &iter, ifs);
7494 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7512 int ipf_earlydrop(flushtype, ifq, idletime, ifs) in ipf_earlydrop() argument
7516 ipf_stack_t *ifs;
7534 droptick = ifs->ifs_fr_ticks - idletime;
7542 if (nat_delete((nat_t *)ent, NL_FLUSH, ifs) == 0)
7546 if (fr_delstate((ipstate_t *)ent, ISL_FLUSH, ifs) == 0)
7570 int ipf_flushclosing(flushtype, stateval, ipfqs, userqs, ifs) in ipf_flushclosing() argument
7573 ipf_stack_t *ifs;
7590 dropped += ipf_earlydrop(flushtype, ifq, (int)0, ifs);
7610 (nat_delete(nat, NL_EXPIRE, ifs) == 0))
7618 (fr_delstate(is, ISL_EXPIRE, ifs) == 0))
7644 int ipf_extraflush(flushtype, ipfqs, userqs, ifs) in ipf_extraflush() argument
7647 ipf_stack_t *ifs;
7665 if (ifs->ifs_fr_ticks < idletime_tab[0])
7668 if (ifs->ifs_fr_ticks > idletime_tab[idle_idx]) {
7672 (ifs->ifs_fr_ticks < idletime_tab[idle_idx]))
7675 idletime = (ifs->ifs_fr_ticks /
7686 if (NAT_TAB_WATER_LEVEL(ifs) <=
7687 ifs->ifs_nat_flush_level_lo)
7690 if (ST_TAB_WATER_LEVEL(ifs) <=
7691 ifs->ifs_state_flush_level_lo)
7697 removed += ipf_earlydrop(flushtype, ipfqs, idletime, ifs);
7704 if (NAT_TAB_WATER_LEVEL(ifs) <=
7705 ifs->ifs_nat_flush_level_lo)
7708 if (ST_TAB_WATER_LEVEL(ifs) <=
7709 ifs->ifs_state_flush_level_lo)
7715 removed += ipf_earlydrop(flushtype, ifq, idletime, ifs);