Lines Matching defs:and
6 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
232 * hand side to allow for binary searching of the array and include a trailer
327 * for each of IPv4 and IPv6. Adding a new protocol, for which there
329 * a new routine and expanding the frpr_ipinit*() function rather than by
355 /* for IPv6 and marks the packet with FI_SHORT if so. See function comment */
374 /* Copy values from the IPv6 header into the fr_info_t struct and call the */
508 /* points to the start of the extension header and the "protocol" of the */
614 /* Examine the IPv6 fragment header and extract fragment offset information.*/
619 /* upper layer header has been seen (or where it ends) and thus we are not */
811 /* header being present and no authentication data (null algorithm used.) */
935 /* except extrememly bad packets, both type and code will be present. */
1032 /* and make some checks with how they interact with other fields. */
1034 /* valid and mark the packet as bad if not. */
1073 * also be set and vice versa. Good TCP packets do not have
1091 * not set and if URG, PSH or FIN are set, consdier
1113 * marking up which TCP options are and are not present. The one we
1171 /* Extract the UDP source and destination ports, if present. If compiled */
1263 /* header being present and no authentication data (null algorithm used.) */
1312 /* Analyze the IPv4 header and set fields in the fr_info_t structure. */
1313 /* Check all options present and flag their presence if any exist. */
1336 /* Get both TTL and protocol */
1355 * set packet attribute flags based on the offset and
1378 * must have a length greater than 0 and it
1388 * Call per-protocol setup and checking
1429 * list of options present with this packet and set flags to indicate
1430 * which ones are here and which ones are not. For the somewhat out
1431 * of date and obscure security classification options, set a flag to
1506 /* which is useful for comparing IP headers with and store this information */
1559 * Do opposite test to that required and continue if that succeeds.
1853 /* return value and fin->fin_fr points to the matched rule. */
1983 * in the rule, if it exists and use the results from that.
2052 * the rule to "not match" and keep on processing
2158 * If there are no rules loaded skip all checks and return.
2247 * If the rule has "keep frag" and the packet is actually a fragment,
2308 /* directed by firewall rules and of course whether or not to allow the */
2311 /* For packets blocked, the contents of "mp" will be NULL'd and the buffer */
2354 * the packet is distilled, collected into a fr_info_t structure and
2395 * XXX For now, IP Filter and fast-forwarding of cached flows
2465 * becomes NULL and so we have no packet to free.
2642 * packet on loopback and give up any attempt
2680 * packet on loopback and give up any attempt
2716 * If we didn't drop off the bottom of the list of rules (and thus
2935 /* and the TCP header. We also assume that data blocks aren't allocated in */
3058 * Both sum and sum2 are partial sums, so combine them together.
3189 * Redistribution and use in source and binary forms, with or without
3193 * notice, this list of conditions and the following disclaimer.
3195 * notice, this list of conditions and the following disclaimer in the
3196 * documentation and/or other materials provided with the distribution.
3446 /* Find rule # n in group # g and return a pointer to it. Return NULl if */
3511 /* encountered. if a rule is the head of a group and it has lost all its */
3562 /* and IPv6) as defined by the value of flags. */
3627 /* Search dst for a sequence of bytes matching those at src and extend for */
3757 /* the values of newname and newifp are ignored. */
3778 /* The oldname and oldifp parameters are taken from IPF entry (rule, state */
3779 /* table entry, NAT table entry, fragment ...). The newname and newifp */
3836 /* Walk through a list of filter rules and resolve any interface names into */
3927 /* filter rules, NAT entries and the state table and check if anything */
3932 /* - new interface being announced with its name and identifier */
4012 /* with accounting rules (IPv6 and IPv4) */
4013 /* with inbound rules (IPv6 and IPv4) */
4014 /* with outbound rules (IPv6 and IPv4) */
4019 /* and NAT entries. We want to do all these update atomically to keep the */
4063 * end up being unaligned) and on the kernel's local stack.
4073 /* to start copying from (src) and a pointer to where to store it (dst). */
4103 /* to start copying from (src) and a pointer to where to store it (dst). */
4132 /* Get the new value for the lock integer, set it and return the old value */
4380 /* names are resolved here and other sanity checks are made on the content */
4382 /* then make sure they are created and initialised before exiting. */
4450 * Check that the group number does exist and that its use (in/out)
4558 * Allowing a rule with both "keep state" and "with oow" is
4668 * If zero'ing statistics, copy current to caller and zero.
4675 * Copy and reduce lock because of impending copyout.
4677 * this call and the correctness of fr_hits and
4898 /* Copy in a ipfunc_resolve_t structure and then fill in the missing field. */
4997 /* free it and any associated storage space being used by it. */
5042 /* Looks for group hash table fr_arg and stores a pointer to it in fr_ptr. */
5043 /* fr_ptr is later used by fr_srcgrpmap and fr_dstgrpmap. */
5074 /* the key, and descend into that group and continue matching rules against */
5103 /* address as the key, and descend into that group and continue matching */
5145 /* being requested. If it finds one, increments the reference counter and */
5146 /* returns a pointer to it. If none are found, it allocates a new one and */
5168 * gets reused rather than freed and reallocated.
5209 /* check the list of user defined timeout queues and call the free function */
5237 /* Remove a user definde timeout queue from the list of queues it is in and */
5273 /* Remove a tail queue entry from its queue and make it an orphan. */
5387 /* Add a new item to this queue and put it on the very end. */
5418 /* If it notices that the current entry is already last and does not need */
5427 * If the queue isn't changing, and the clock hasn't ticked
5434 * Grab the lock and update the timers.
5466 * old queue and get a lock on the new queue. For user defined queues,
5500 /* a fragment, then store the 'new' IPid in the fragment cache and look up */
5742 * Store the zone ID that to control, and whether it's the
5821 /* but it must not be smaller than the size defined for the type and the */
5872 /* but it must not be smaller than the size defined for the type and the */
5995 * If the TCP packet isn't a fragment, isn't too short and otherwise
6122 i6addr_t *src, *dst, *and, *dmask;
6125 and = (i6addr_t *)&mask->sin6_addr;
6140 dmask->i6[0] = and->i6[0];
6141 dmask->i6[1] = and->i6[1];
6142 dmask->i6[2] = and->i6[2];
6143 dmask->i6[3] = and->i6[3];
6146 dst->i6[0] = src->i6[0] & and->i6[0];
6147 dst->i6[1] = src->i6[1] & and->i6[1];
6148 dst->i6[2] = src->i6[2] & and->i6[2];
6149 dst->i6[3] = src->i6[3] & and->i6[3];
6171 /* comparison. This function should only be called with both tag1 and tag2 */
6382 /* instance is allocated and assigned to it. The moment of IP */
6449 * Allocate a per-stack tuneable and copy in the names. Then
6591 /* Search the static array of tuneables and the list of dynamic tuneables */
6676 /* Implement handling of SIOCIPFGETNEXT, SIOCIPFGET and SIOCIPFSET. These */
6677 /* three ioctls provide the means to access and control global variables */
6678 /* within IPFilter, allowing (for example) timeouts and table sizes to be */
6680 /* and 'destruction' routines of the various components of ipfilter are all */
6706 * entry we looked at, so find it (if possible) and return a
6709 * to NULL and return that, indicating end of list, erstwhile
6790 * getting the new value safely and correctly out of
6940 /* Copies the current statistics out to userspace and then zero's the */
6971 /* Looks up an interface name in the frdest structure pointed to by fdp and */
7001 /* to that passed in and that is also being used for that IP protocol */
7003 /* for both IPv4 and IPv6 on the same physical NIC. */
7007 /* in any number of ways and so long as they all use the same sized array */
7044 /* have been held for too long and need to be freed up. */
7192 /* This function unlinks a token from the linked list and on the path to */
7259 /* When we have found the rule to return, increase its reference count and */
7291 * F_OUT (1) and F_ACOUT (3) mask to out = 1, while
7292 * F_IN (0) and F_ACIN (2) mask to out = 0.
7298 * Retrieve "previous" entry from token and find the next entry.
7342 * If we found an entry, add reference to it and update token.
7343 * Otherwise, zero out data to be returned and NULL out token.
7362 * Copy out data and clean up references and token as needed.
7408 /* This function serves as a stepping stone between fr_ipf_ioctl and */
7410 /* the process doing the ioctl and use that to ask for the next rule. */
7472 /* This function serves as a stepping stone between fr_ipf_ioctl and */
7474 /* token in the kernel for the process using the ioctl, and to use that */
7532 * in. If an entry exists in the queue, and it was touched before
7569 /* process of closing, and have at least reached the state specified by */
7661 * Minimum idle times stored in idletime_tab and indexed by
7662 * idle_idx. Start at upper end of array and work backwards.