Lines Matching refs:ifs
947 ipf_stack_t *ifs = fin->fin_ifs;
998 if (icmp->icmp_nextmtu < ifs->ifs_fr_icmpminfragmtu)
1680 ipf_stack_t *ifs = fin->fin_ifs;
1719 i = (*fr->fr_srcfunc)(fr->fr_srcptr, fi->fi_v, lip, fin, ifs);
1762 i = (*fr->fr_dstfunc)(fr->fr_dstptr, fi->fi_v, lip, fin, ifs);
1868 ipf_stack_t *ifs = fin->fin_ifs;
2018 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_skip);
2020 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_pkl);
2060 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2062 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2096 ipf_stack_t *ifs = fin->fin_ifs;
2101 fr = ifs->ifs_ipacct6[fin->fin_out][ifs->ifs_fr_active];
2104 fr = ifs->ifs_ipacct[fin->fin_out][ifs->ifs_fr_active];
2113 IPF_BUMP(ifs->ifs_frstats[0].fr_acct);
2145 ipf_stack_t *ifs = fin->fin_ifs;
2152 fin->fin_fr = ifs->ifs_ipfilter6[out][ifs->ifs_fr_active];
2155 fin->fin_fr = ifs->ifs_ipfilter[out][ifs->ifs_fr_active];
2163 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2169 fc = &ifs->ifs_frcache[out][CACHE_HASH(fin)];
2170 READ_ENTER(&ifs->ifs_ipf_frcache);
2176 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2177 IPF_BUMP(ifs->ifs_frstats[out].fr_chit);
2185 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2187 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2192 WRITE_ENTER(&ifs->ifs_ipf_frcache);
2194 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2201 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2211 IPF_BUMP(ifs->ifs_frstats[out].fr_ppshit);
2242 if ((fin->fin_fr = ifs->ifs_ipauth) != NULL)
2243 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2253 IPF_BUMP(ifs->ifs_frstats[out].fr_bnfr);
2255 IPF_BUMP(ifs->ifs_frstats[out].fr_nfr);
2258 IPF_BUMP(ifs->ifs_frstats[out].fr_cfr);
2267 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2269 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2317 , qif, mp, ifs)
2320 , mp, ifs)
2327 ipf_stack_t *ifs;
2349 pass = ifs->ifs_fr_pass;
2365 if (ifs->ifs_fr_running <= 0) {
2427 fin->fin_ifs = ifs;
2433 IPF_BUMP(ifs->ifs_frstats[out].fr_ipv6);
2442 READ_ENTER(&ifs->ifs_ipf_mutex);
2458 READ_ENTER(&ifs->ifs_ipf_mutex);
2473 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2474 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2478 if (fin->fin_ip->ip_ttl < ifs->ifs_fr_minttl) {
2479 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2487 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2488 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2492 if (ip6->ip6_hlim < ifs->ifs_fr_minttl) {
2493 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2501 IPF_BUMP(ifs->ifs_frstats[out].fr_short);
2504 READ_ENTER(&ifs->ifs_ipf_mutex);
2519 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2526 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2560 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2567 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2576 if ((ifs->ifs_fr_update_ipid != 0) && (v == 4)) {
2578 IPF_BUMP(ifs->ifs_frstats[1].fr_ipud);
2582 IPF_BUMP(ifs->ifs_frstats[0].fr_ipud);
2588 if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
2650 ifs->ifs_frstats[out].fr_ret);
2662 ifs->ifs_frstats[out].fr_block);
2663 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2670 IPF_BUMP(ifs->ifs_frstats[out].fr_ret);
2687 ifs->ifs_frstats[out].fr_ret);
2699 ifs->ifs_frstats[out].fr_block);
2700 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2706 IPF_BUMP(ifs->ifs_frstats[1].fr_ret);
2769 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2773 IPF_BUMP(ifs->ifs_frstats[out].fr_block);
2779 IPF_BUMP(ifs->ifs_frstats[out].fr_pass);
2849 ipf_stack_t *ifs = fin->fin_ifs;
2854 if ((ifs->ifs_fr_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
2856 IPF_BUMP(ifs->ifs_frstats[out].fr_npkl);
2859 (FR_ISPASS(pass) && (ifs->ifs_fr_flags & FF_LOGPASS))) {
2862 IPF_BUMP(ifs->ifs_frstats[out].fr_ppkl);
2865 (FR_ISBLOCK(pass) && (ifs->ifs_fr_flags & FF_LOGBLOCK))) {
2868 IPF_BUMP(ifs->ifs_frstats[out].fr_bpkl);
2871 IPF_BUMP(ifs->ifs_frstats[out].fr_skip);
3323 frgroup_t *fr_findgroup(group, unit, set, fgpp, ifs)
3328 ipf_stack_t *ifs;
3336 fgp = &ifs->ifs_ipfgroups[unit][set];
3364 frgroup_t *fr_addgroup(group, head, flags, unit, set, ifs)
3370 ipf_stack_t *ifs;
3384 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3418 void fr_delgroup(group, unit, set, ifs)
3422 ipf_stack_t *ifs;
3426 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3449 frentry_t *fr_getrulen(unit, group, n, ifs)
3453 ipf_stack_t *ifs;
3458 fg = fr_findgroup(group, unit, ifs->ifs_fr_active, NULL, ifs);
3477 int fr_rulen(unit, fr, ifs)
3480 ipf_stack_t *ifs;
3488 fg = fr_findgroup(fr->fr_group, unit, ifs->ifs_fr_active, NULL, ifs);
3519 static int frflushlist(set, unit, nfreedp, listp, ifs)
3524 ipf_stack_t *ifs;
3537 (void) frflushlist(set, unit, nfreedp, fp->fr_grp, ifs);
3541 fr_delgroup(fp->fr_grhead, unit, set, ifs);
3547 if (fr_derefrule(&fp, ifs) == 0)
3564 int frflush(unit, proto, flags, ifs)
3567 ipf_stack_t *ifs;
3571 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3572 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
3574 set = ifs->ifs_fr_active;
3581 &flushed, &ifs->ifs_ipfilter6[1][set], ifs);
3583 &flushed, &ifs->ifs_ipacct6[1][set], ifs);
3587 &flushed, &ifs->ifs_ipfilter[1][set], ifs);
3589 &flushed, &ifs->ifs_ipacct[1][set], ifs);
3595 &flushed, &ifs->ifs_ipfilter6[0][set], ifs);
3597 &flushed, &ifs->ifs_ipacct6[0][set], ifs);
3601 &flushed, &ifs->ifs_ipfilter[0][set], ifs);
3603 &flushed, &ifs->ifs_ipacct[0][set], ifs);
3606 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
3611 tmp = frflush(IPL_LOGCOUNT, proto, flags, ifs);
3751 /* ifs - pointer to IPF stack instance */
3790 static void *fr_ifsync(action, v, newname, oldname, newifp, oldifp, ifs)
3794 ipf_stack_t *ifs;
3802 rval = fr_resolvenic(oldname, v, ifs);
3833 /* ifs - pointer to IPF stack instance */
3841 static void frsynclist(action, v, ifp, ifname, fr, ifs)
3846 ipf_stack_t *ifs;
3863 ifs);
3868 ifp, fdp->fd_ifp, ifs);
3872 ifp, fdp->fd_ifp, ifs);
3876 ifp, fdp->fd_ifp, ifs);
3887 ifs);
3894 ifs);
3903 &fr->fr_srcfunc, ifs);
3909 &fr->fr_dstfunc, ifs);
3935 void frsync(action, v, ifp, name, ifs)
3939 ipf_stack_t *ifs;
3943 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3944 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[0][ifs->ifs_fr_active], ifs);
3945 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[1][ifs->ifs_fr_active], ifs);
3946 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[0][ifs->ifs_fr_active], ifs);
3947 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[1][ifs->ifs_fr_active], ifs);
3948 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[0][ifs->ifs_fr_active], ifs);
3949 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[1][ifs->ifs_fr_active], ifs);
3950 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[0][ifs->ifs_fr_active], ifs);
3951 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[1][ifs->ifs_fr_active], ifs);
3956 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
3957 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3958 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
3959 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3961 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4006 /* ifs - IPF's stack */
4024 void fr_ifindexsync(ifp, newifp, ifs)
4027 ipf_stack_t *ifs;
4033 rule_lists[0] = ifs->ifs_ipacct[0][ifs->ifs_fr_active];
4034 rule_lists[1] = ifs->ifs_ipacct[1][ifs->ifs_fr_active];
4035 rule_lists[2] = ifs->ifs_ipfilter[0][ifs->ifs_fr_active];
4036 rule_lists[3] = ifs->ifs_ipfilter[1][ifs->ifs_fr_active];
4037 rule_lists[4] = ifs->ifs_ipacct6[0][ifs->ifs_fr_active];
4038 rule_lists[5] = ifs->ifs_ipacct6[1][ifs->ifs_fr_active];
4039 rule_lists[6] = ifs->ifs_ipfilter6[0][ifs->ifs_fr_active];
4040 rule_lists[7] = ifs->ifs_ipfilter6[1][ifs->ifs_fr_active];
4052 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
4054 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
4160 void fr_getstat(fiop, ifs)
4162 ipf_stack_t *ifs;
4166 bcopy((char *)&ifs->ifs_frstats, (char *)fiop->f_st,
4168 fiop->f_locks[IPL_LOGSTATE] = ifs->ifs_fr_state_lock;
4169 fiop->f_locks[IPL_LOGNAT] = ifs->ifs_fr_nat_lock;
4170 fiop->f_locks[IPL_LOGIPF] = ifs->ifs_fr_frag_lock;
4171 fiop->f_locks[IPL_LOGAUTH] = ifs->ifs_fr_auth_lock;
4175 fiop->f_ipf[i][j] = ifs->ifs_ipfilter[i][j];
4176 fiop->f_acct[i][j] = ifs->ifs_ipacct[i][j];
4177 fiop->f_ipf6[i][j] = ifs->ifs_ipfilter6[i][j];
4178 fiop->f_acct6[i][j] = ifs->ifs_ipacct6[i][j];
4181 fiop->f_ticks = ifs->ifs_fr_ticks;
4182 fiop->f_active = ifs->ifs_fr_active;
4183 fiop->f_froute[0] = ifs->ifs_fr_frouteok[0];
4184 fiop->f_froute[1] = ifs->ifs_fr_frouteok[1];
4186 fiop->f_running = ifs->ifs_fr_running;
4188 fiop->f_groups[i][0] = ifs->ifs_ipfgroups[i][0];
4189 fiop->f_groups[i][1] = ifs->ifs_ipfgroups[i][1];
4196 fiop->f_defpass = ifs->ifs_fr_pass;
4307 /* ifs - ipf stack instance */
4314 static void *fr_resolvelookup(type, number, funcptr, ifs)
4317 ipf_stack_t *ifs;
4330 READ_ENTER(&ifs->ifs_ip_poolrw);
4339 ipo = ip_pool_find(IPL_LOGIPF, name, ifs);
4348 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
4360 RWLOCK_EXIT(&ifs->ifs_ip_poolrw);
4384 int frrequest(unit, req, data, set, makecopy, ifs)
4389 ipf_stack_t *ifs;
4443 error = fr_funcinit(fp, ifs);
4463 fg = fr_findgroup(group, unit, set, NULL, ifs);
4480 fprev = &ifs->ifs_ipauth;
4483 fprev = &ifs->ifs_ipacct[in][set];
4485 fprev = &ifs->ifs_ipfilter[in][set];
4488 fprev = &ifs->ifs_ipacct6[in][set];
4490 fprev = &ifs->ifs_ipfilter6[in][set];
4496 if (!fg && !(fg = fr_findgroup(group, unit, set, NULL, ifs)))
4587 &fp->fr_srcfunc, ifs);
4612 &fp->fr_dstfunc, ifs);
4635 frsynclist(0, 0, NULL, NULL, fp, ifs);
4652 WRITE_ENTER(&ifs->ifs_ipf_mutex);
4653 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
4705 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4781 error = fr_preauthcmd(req, f, ftail, ifs);
4785 fr_delgroup(f->fr_grhead, unit, set, ifs);
4789 (void)fr_derefrule(&f, ifs);
4799 error = fr_preauthcmd(req, fp, ftail, ifs);
4829 unit, set, ifs);
4838 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4854 static int fr_funcinit(fr, ifs)
4856 ipf_stack_t *ifs;
4867 err = (*ft->ipfu_init)(fr, ifs);
4999 int fr_derefrule(frp, ifs)
5001 ipf_stack_t *ifs;
5015 ip_lookup_deref(fr->fr_srctype, fr->fr_srcptr, ifs);
5017 ip_lookup_deref(fr->fr_dsttype, fr->fr_dstptr, ifs);
5045 static int fr_grpmapinit(fr, ifs)
5047 ipf_stack_t *ifs;
5057 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
5083 ipf_stack_t *ifs = fin->fin_ifs;
5085 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_src, ifs);
5112 ipf_stack_t *ifs = fin->fin_ifs;
5114 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_dst, ifs);
5153 ipftq_t *fr_addtimeoutqueue(parent, seconds, ifs)
5156 ipf_stack_t *ifs;
5163 MUTEX_ENTER(&ifs->ifs_ipf_timeoutlock);
5174 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5190 ifs->ifs_fr_userifqs++;
5194 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5240 void fr_freetimeoutqueue(ifq, ifs)
5242 ipf_stack_t *ifs;
5262 ifs->ifs_fr_userifqs--;
5346 void fr_queueback(tqe, ifs)
5348 ipf_stack_t *ifs;
5355 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5389 void fr_queueappend(tqe, ifq, parent, ifs)
5393 ipf_stack_t *ifs;
5403 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5415 /* ifs - ipf stack instance */
5421 void fr_movequeue(tqe, oifq, nifq, ifs)
5424 ipf_stack_t *ifs;
5430 if (oifq == nifq && tqe->tqe_touched == ifs->ifs_fr_ticks)
5437 tqe->tqe_touched = ifs->ifs_fr_ticks;
5438 tqe->tqe_die = ifs->ifs_fr_ticks + nifq->ifq_ttl;
5603 INLINE int fr_ioctlswitch(unit, data, cmd, mode, uid, ctx, ifs)
5607 ipf_stack_t *ifs;
5617 if (ifs->ifs_fr_running > 0)
5618 error = fr_nat_ioctl(data, cmd, mode, uid, ctx, ifs);
5623 if (ifs->ifs_fr_running > 0)
5624 error = fr_state_ioctl(data, cmd, mode, uid, ctx, ifs);
5629 if (ifs->ifs_fr_running > 0) {
5636 ifs->ifs_fr_active, 1, ifs);
5639 error = fr_auth_ioctl(data, cmd, mode, uid, ctx, ifs);
5646 if (ifs->ifs_fr_running > 0)
5647 error = fr_sync_ioctl(data, cmd, mode, ifs);
5654 if (ifs->ifs_fr_running > 0)
5655 error = fr_scan_ioctl(data, cmd, mode, ifs);
5662 if (ifs->ifs_fr_running > 0)
5663 error = ip_lookup_ioctl(data, cmd, mode, uid, ctx, ifs);
5981 ipf_stack_t *ifs = fin->fin_ifs;
5986 net_data_p = ifs->ifs_ipf_ipv4;
5988 net_data_p = ifs->ifs_ipf_ipv6;
6203 ipf_stack_t *ifs = fin->fin_ifs;
6216 IPF_BUMP(ifs->ifs_fr_badcoalesces[fin->fin_out]);
6356 tune_lookup(ipf_stack_t *ifs, char *name)
6360 for (i = 0; ifs->ifs_ipf_tuneables[i].ipft_name != NULL; i++) {
6361 if (strcmp(ifs->ifs_ipf_tuneables[i].ipft_name, name) == 0)
6362 return (&ifs->ifs_ipf_tuneables[i]);
6375 /* Parameters: ifs - pointer to newly allocated IPF instance */
6387 static void ipftuneable_setdefs(ipf_stack_t *ifs)
6389 ifs->ifs_ipfr_size = IPFT_SIZE;
6390 ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */
6393 ifs->ifs_fr_authsize = FR_NUMAUTH;
6394 ifs->ifs_fr_defaultauthage = 600;
6397 ifs->ifs_fr_tcpidletimeout = IPF_TTLVAL(3600 * 24 * 5); /* five days */
6398 ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL);
6399 ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL);
6400 ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL);
6401 ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60);
6402 ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */
6403 ifs->ifs_fr_udptimeout = IPF_TTLVAL(120);
6404 ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12);
6405 ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60);
6406 ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6);
6407 ifs->ifs_fr_iptimeout = IPF_TTLVAL(60);
6408 ifs->ifs_fr_statemax = IPSTATE_MAX;
6409 ifs->ifs_fr_statesize = IPSTATE_SIZE;
6410 ifs->ifs_fr_state_maxbucket_reset = 1;
6411 ifs->ifs_state_flush_level_hi = ST_FLUSH_HI;
6412 ifs->ifs_state_flush_level_lo = ST_FLUSH_LO;
6415 ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ;
6416 ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX;
6417 ifs->ifs_ipf_natrules_sz = NAT_SIZE;
6418 ifs->ifs_ipf_rdrrules_sz = RDR_SIZE;
6419 ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE;
6420 ifs->ifs_fr_nat_maxbucket_reset = 1;
6421 ifs->ifs_fr_defnatage = DEF_NAT_AGE;
6422 ifs->ifs_fr_defnatipage = 120; /* 60 seconds */
6423 ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */
6424 ifs->ifs_nat_flush_level_hi = NAT_FLUSH_HI;
6425 ifs->ifs_nat_flush_level_lo = NAT_FLUSH_LO;
6429 ifs->ifs_ipl_suppress = 1;
6430 ifs->ifs_ipl_logmax = IPL_LOGMAX;
6431 ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE;
6434 ifs->ifs_nat_logging = 1;
6437 ifs->ifs_ipstate_logging = 1;
6440 ifs->ifs_nat_logging = 0;
6443 ifs->ifs_ipstate_logging = 0;
6445 ifs->ifs_ipf_loopback = 0;
6453 ipftuneable_alloc(ipf_stack_t *ifs)
6457 KMALLOCS(ifs->ifs_ipf_tuneables, ipftuneable_t *,
6459 bcopy(lcl_ipf_tuneables, ifs->ifs_ipf_tuneables,
6469 TUNE_SET(ifs, "fr_flags", ifs_fr_flags);
6470 TUNE_SET(ifs, "fr_active", ifs_fr_active);
6471 TUNE_SET(ifs, "fr_control_forwarding", ifs_fr_control_forwarding);
6472 TUNE_SET(ifs, "fr_update_ipid", ifs_fr_update_ipid);
6473 TUNE_SET(ifs, "fr_chksrc", ifs_fr_chksrc);
6474 TUNE_SET(ifs, "fr_minttl", ifs_fr_minttl);
6475 TUNE_SET(ifs, "fr_icmpminfragmtu", ifs_fr_icmpminfragmtu);
6476 TUNE_SET(ifs, "fr_pass", ifs_fr_pass);
6477 TUNE_SET(ifs, "fr_tcpidletimeout", ifs_fr_tcpidletimeout);
6478 TUNE_SET(ifs, "fr_tcpclosewait", ifs_fr_tcpclosewait);
6479 TUNE_SET(ifs, "fr_tcplastack", ifs_fr_tcplastack);
6480 TUNE_SET(ifs, "fr_tcptimeout", ifs_fr_tcptimeout);
6481 TUNE_SET(ifs, "fr_tcpclosed", ifs_fr_tcpclosed);
6482 TUNE_SET(ifs, "fr_tcphalfclosed", ifs_fr_tcphalfclosed);
6483 TUNE_SET(ifs, "fr_udptimeout", ifs_fr_udptimeout);
6484 TUNE_SET(ifs, "fr_udpacktimeout", ifs_fr_udpacktimeout);
6485 TUNE_SET(ifs, "fr_icmptimeout", ifs_fr_icmptimeout);
6486 TUNE_SET(ifs, "fr_icmpacktimeout", ifs_fr_icmpacktimeout);
6487 TUNE_SET(ifs, "fr_iptimeout", ifs_fr_iptimeout);
6488 TUNE_SET(ifs, "fr_statemax", ifs_fr_statemax);
6489 TUNE_SET(ifs, "fr_statesize", ifs_fr_statesize);
6490 TUNE_SET(ifs, "fr_state_lock", ifs_fr_state_lock);
6491 TUNE_SET(ifs, "fr_state_maxbucket", ifs_fr_state_maxbucket);
6492 TUNE_SET(ifs, "fr_state_maxbucket_reset", ifs_fr_state_maxbucket_reset);
6493 TUNE_SET(ifs, "ipstate_logging", ifs_ipstate_logging);
6494 TUNE_SET(ifs, "fr_nat_lock", ifs_fr_nat_lock);
6495 TUNE_SET(ifs, "ipf_nattable_sz", ifs_ipf_nattable_sz);
6496 TUNE_SET(ifs, "ipf_nattable_max", ifs_ipf_nattable_max);
6497 TUNE_SET(ifs, "ipf_natrules_sz", ifs_ipf_natrules_sz);
6498 TUNE_SET(ifs, "ipf_rdrrules_sz", ifs_ipf_rdrrules_sz);
6499 TUNE_SET(ifs, "ipf_hostmap_sz", ifs_ipf_hostmap_sz);
6500 TUNE_SET(ifs, "fr_nat_maxbucket", ifs_fr_nat_maxbucket);
6501 TUNE_SET(ifs, "fr_nat_maxbucket_reset", ifs_fr_nat_maxbucket_reset);
6502 TUNE_SET(ifs, "nat_logging", ifs_nat_logging);
6503 TUNE_SET(ifs, "fr_defnatage", ifs_fr_defnatage);
6504 TUNE_SET(ifs, "fr_defnatipage", ifs_fr_defnatipage);
6505 TUNE_SET(ifs, "fr_defnaticmpage", ifs_fr_defnaticmpage);
6506 TUNE_SET(ifs, "nat_flush_level_hi", ifs_nat_flush_level_hi);
6507 TUNE_SET(ifs, "nat_flush_level_lo", ifs_nat_flush_level_lo);
6508 TUNE_SET(ifs, "state_flush_level_hi", ifs_state_flush_level_hi);
6509 TUNE_SET(ifs, "state_flush_level_lo", ifs_state_flush_level_lo);
6510 TUNE_SET(ifs, "ipfr_size", ifs_ipfr_size);
6511 TUNE_SET(ifs, "fr_ipfrttl", ifs_fr_ipfrttl);
6512 TUNE_SET(ifs, "ipf_loopback", ifs_ipf_loopback);
6514 TUNE_SET(ifs, "ipl_suppress", ifs_ipl_suppress);
6515 TUNE_SET(ifs, "ipl_buffer_sz", ifs_ipl_buffer_sz);
6516 TUNE_SET(ifs, "ipl_logmax", ifs_ipl_logmax);
6517 TUNE_SET(ifs, "ipl_logall", ifs_ipl_logall);
6518 TUNE_SET(ifs, "ipl_logsize", ifs_ipl_logsize);
6522 ipftuneable_setdefs(ifs);
6525 (void) ipf_property_update(ipf_dev_info, ifs);
6530 ipftuneable_free(ipf_stack_t *ifs)
6532 KFREES(ifs->ifs_ipf_tuneables, sizeof (lcl_ipf_tuneables));
6533 ifs->ifs_ipf_tuneables = NULL;
6548 static ipftuneable_t *fr_findtunebycookie(cookie, next, ifs)
6550 ipf_stack_t * ifs;
6554 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6568 *next = &ifs->ifs_ipf_tunelist;
6573 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6595 static ipftuneable_t *fr_findtunebyname(name, ifs)
6597 ipf_stack_t *ifs;
6601 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6606 for (ta = ifs->ifs_ipf_tunelist; ta != NULL; ta = ta->ipft_next)
6624 int fr_addipftune(newtune, ifs)
6626 ipf_stack_t *ifs;
6630 ta = fr_findtunebyname(newtune->ipft_name, ifs);
6634 for (tap = &ifs->ifs_ipf_tunelist; *tap != NULL; tap = &(*tap)->ipft_next)
6653 int fr_delipftune(oldtune, ifs)
6655 ipf_stack_t *ifs;
6659 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6683 int fr_ipftune(cmd, data, ifs)
6686 ipf_stack_t *ifs;
6714 ta = fr_findtunebycookie(cookie, &tu.ipft_cookie, ifs);
6716 ta = ifs->ifs_ipf_tuneables;
6756 ta = fr_findtunebycookie(cookie, NULL, ifs);
6760 ta = fr_findtunebyname(tu.ipft_name, ifs);
6796 (ifs->ifs_fr_running > 0)) {
6842 int fr_initialise(ifs)
6843 ipf_stack_t *ifs;
6848 i = fr_loginit(ifs);
6852 i = fr_natinit(ifs);
6856 i = fr_stateinit(ifs);
6860 i = fr_authinit(ifs);
6864 i = fr_fraginit(ifs);
6868 i = appr_init(ifs);
6873 i = ipfsync_init(ifs);
6878 i = ipsc_init(ifs);
6883 i = ip_lookup_init(ifs);
6888 ipfrule_add(ifs);
6904 void fr_deinitialise(ifs)
6905 ipf_stack_t *ifs;
6907 fr_fragunload(ifs);
6908 fr_authunload(ifs);
6909 fr_natunload(ifs);
6910 fr_stateunload(ifs);
6912 fr_scanunload(ifs);
6914 appr_unload(ifs);
6917 ipfrule_remove(ifs);
6920 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6921 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
6922 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6923 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE, ifs);
6926 ip_lookup_unload(ifs);
6930 fr_logunload(ifs);
6944 int fr_zerostats(data, ifs)
6946 ipf_stack_t *ifs;
6951 fr_getstat(&fio, ifs);
6956 WRITE_ENTER(&ifs->ifs_ipf_mutex);
6957 bzero((char *)ifs->ifs_frstats, sizeof(*ifs->ifs_frstats) * 2);
6958 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
6977 void fr_resolvedest(fdp, v, ifs)
6980 ipf_stack_t *ifs;
6985 fdp->fd_ifp = GETIFP(fdp->fd_ifname, v, ifs);
7015 void *fr_resolvenic(name, v, ifs)
7018 ipf_stack_t *ifs;
7031 nic = GETIFP(name, v, ifs);
7041 /* Parameters: ifs - ipf stack instance */
7046 void ipf_expiretokens(ifs)
7047 ipf_stack_t *ifs;
7051 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7052 while ((it = ifs->ifs_ipftokenhead) != NULL) {
7053 if (it->ipt_die > ifs->ifs_fr_ticks)
7056 ipf_freetoken(it, ifs);
7058 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7068 /* ifs - ipf stack instance */
7074 int ipf_deltoken(type, uid, ptr, ifs)
7077 ipf_stack_t *ifs;
7082 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7083 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next)
7086 ipf_freetoken(it, ifs);
7090 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7100 /* ifs - ipf stack instance */
7106 static void ipf_unlinktoken(token, ifs)
7108 ipf_stack_t *ifs;
7111 if (ifs->ifs_ipftokentail == &token->ipt_next)
7112 ifs->ifs_ipftokentail = token->ipt_pnext;
7126 /* ifs - ipf stack instance */
7136 ipftoken_t *ipf_findtoken(type, uid, ptr, ifs)
7139 ipf_stack_t *ifs;
7145 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7146 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next) {
7171 ipf_unlinktoken(it, ifs);
7173 it->ipt_pnext = ifs->ifs_ipftokentail;
7174 *ifs->ifs_ipftokentail = it;
7175 ifs->ifs_ipftokentail = &it->ipt_next;
7178 it->ipt_die = ifs->ifs_fr_ticks + 2;
7180 MUTEX_DOWNGRADE(&ifs->ifs_ipf_tokens);
7190 /* ifs - ipf stack instance */
7197 void ipf_freetoken(token, ifs)
7199 ipf_stack_t *ifs;
7203 ipf_unlinktoken(token, ifs);
7212 (void)fr_derefrule((frentry_t **)datap, ifs);
7215 WRITE_ENTER(&ifs->ifs_ipf_nat);
7216 fr_ipnatderef((ipnat_t **)datap, ifs);
7217 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7220 fr_natderef((nat_t **)datap, ifs);
7223 fr_statederef((ipstate_t **)datap, ifs);
7226 fr_fragderef((ipfr_t **)datap, &ifs->ifs_ipf_frag, ifs);
7230 &ifs->ifs_ipf_natfrag, ifs);
7233 WRITE_ENTER(&ifs->ifs_ipf_nat);
7235 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7238 (void) ip_lookup_iterderef(token->ipt_type, data, ifs);
7252 /* ifs - ipf stack instance */
7262 int ipf_getnextrule(t, ptr, ifs)
7265 ipf_stack_t *ifs;
7295 READ_ENTER(&ifs->ifs_ipf_mutex);
7310 next = ifs->ifs_ipacct
7313 next = ifs->ifs_ipacct6
7317 next = ifs->ifs_ipfilter
7320 next = ifs->ifs_ipfilter6
7325 it.iri_active, NULL, ifs);
7359 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
7368 ipf_freetoken(t, ifs);
7372 (void) fr_derefrule(&fr, ifs);
7383 ipf_freetoken(t, ifs);
7391 READ_ENTER(&ifs->ifs_ipf_mutex);
7406 /* ifs - ipf stack instance */
7412 int ipf_frruleiter(data, uid, ctx, ifs)
7415 ipf_stack_t *ifs;
7420 token = ipf_findtoken(IPFGENITER_IPF, uid, ctx, ifs);
7422 error = ipf_getnextrule(token, data, ifs);
7425 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7436 /* ifs - ipf stack instance */
7441 int ipf_geniter(token, itp, ifs)
7444 ipf_stack_t *ifs;
7451 error = fr_nextfrag(token, itp, &ifs->ifs_ipfr_list,
7452 &ifs->ifs_ipfr_tail, &ifs->ifs_ipf_frag,
7453 ifs);
7470 /* ifs - ipf stack instance */
7477 int ipf_genericiter(data, uid, ctx, ifs)
7480 ipf_stack_t *ifs;
7490 token = ipf_findtoken(iter.igi_type, uid, ctx, ifs);
7493 error = ipf_geniter(token, &iter, ifs);
7496 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7508 /* ifs - ipf stack instance */
7514 int ipf_earlydrop(flushtype, ifq, idletime, ifs)
7518 ipf_stack_t *ifs;
7536 droptick = ifs->ifs_fr_ticks - idletime;
7544 if (nat_delete((nat_t *)ent, NL_FLUSH, ifs) == 0)
7548 if (fr_delstate((ipstate_t *)ent, ISL_FLUSH, ifs) == 0)
7566 /* ifs - ipf stack instance */
7572 int ipf_flushclosing(flushtype, stateval, ipfqs, userqs, ifs)
7575 ipf_stack_t *ifs;
7592 dropped += ipf_earlydrop(flushtype, ifq, (int)0, ifs);
7612 (nat_delete(nat, NL_EXPIRE, ifs) == 0))
7620 (fr_delstate(is, ISL_EXPIRE, ifs) == 0))
7638 /* ifs - ipf stack instance */
7646 int ipf_extraflush(flushtype, ipfqs, userqs, ifs)
7649 ipf_stack_t *ifs;
7667 if (ifs->ifs_fr_ticks < idletime_tab[0])
7670 if (ifs->ifs_fr_ticks > idletime_tab[idle_idx]) {
7674 (ifs->ifs_fr_ticks < idletime_tab[idle_idx]))
7677 idletime = (ifs->ifs_fr_ticks /
7688 if (NAT_TAB_WATER_LEVEL(ifs) <=
7689 ifs->ifs_nat_flush_level_lo)
7692 if (ST_TAB_WATER_LEVEL(ifs) <=
7693 ifs->ifs_state_flush_level_lo)
7699 removed += ipf_earlydrop(flushtype, ipfqs, idletime, ifs);
7706 if (NAT_TAB_WATER_LEVEL(ifs) <=
7707 ifs->ifs_nat_flush_level_lo)
7710 if (ST_TAB_WATER_LEVEL(ifs) <=
7711 ifs->ifs_state_flush_level_lo)
7717 removed += ipf_earlydrop(flushtype, ifq, idletime, ifs);