Lines Matching defs:pass
2372 /* pass(I) - default result to return for filtering */
2385 ipf_scanlist(fin, pass)
2387 u_32_t pass;
2398 return pass;
2406 return pass;
2437 FR_VERBOSE(("%c", FR_ISSKIP(pass) ? 's' :
2438 FR_ISPASS(pass) ? 'p' :
2439 FR_ISACCOUNT(pass) ? 'A' :
2440 FR_ISAUTH(pass) ? 'a' :
2441 (pass & FR_NOMATCH) ? 'n' :'b'));
2476 f = (*fr->fr_func)(fin, &pass);
2553 passo = pass;
2559 pass = passt;
2573 FR_DEBUG(("pass %#x/%#x/%x\n", passo, pass, passt));
2580 passt = ipf_decaps(fin, pass, fr->fr_icode);
2582 passt = ipf_scanlist(fin, pass);
2593 passt = pass;
2595 pass = passt;
2598 if (pass & FR_QUICK) {
2606 if ((pass & FR_KEEPSTATE) && !FR_ISAUTH(pass) &&
2615 pass = passo;
2623 return pass;
2647 u_32_t pass, rulen;
2657 pass = ipf_scanlist(fin, FR_NOMATCH);
2658 if (FR_ISACCOUNT(pass)) {
2689 u_32_t pass;
2693 pass = *passp;
2701 pass = ipf_scanlist(fin, softc->ipf_pass);
2703 if ((pass & FR_NOMATCH)) {
2714 pass &= ~(FR_CMDMASK|FR_RETICMP|FR_RETRST);
2715 pass |= FR_BLOCK;
2725 if (FR_ISAUTH(pass)) {
2738 (fr->fr_func != (ipfunc_t)-1) && !(pass & FR_CALLNOW))
2739 (void) (*fr->fr_func)(fin, &pass);
2745 * is treated as "not a pass", hence the packet is blocked.
2747 if (FR_ISPREAUTH(pass)) {
2748 pass = ipf_auth_pre_scanlist(softc, fin, pass);
2755 if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
2757 if (ipf_frag_new(softc, fin, pass) == -1) {
2768 *passp = pass;
2825 u_32_t pass = softc->ipf_pass;
2940 pass = FR_BLOCK|FR_NOMATCH;
2953 pass = FR_BLOCK|FR_NOMATCH;
2996 if (ipf_nat_checkin(fin, &pass) == -1) {
3002 if (ipf_nat6_checkin(fin, &pass) == -1) {
3017 * not pass it through accounting (again), lest it be counted twice.
3019 fr = ipf_auth_check(fin, &pass);
3025 fr = ipf_frag_known(fin, &pass);
3028 fr = ipf_state_check(fin, &pass);
3031 if ((pass & FR_NOMATCH) || (fr == NULL))
3032 fr = ipf_firewall(fin, &pass);
3039 if ((pass & FR_KEEPSTATE) && (fin->fin_m != NULL) &&
3045 if (FR_ISPASS(pass)) {
3047 pass &= ~FR_CMDMASK;
3048 pass |= FR_BLOCK;
3064 if (out && FR_ISPASS(pass)) {
3070 if (ipf_nat_checkout(fin, &pass) == -1) {
3076 pass &= ~FR_CMDMASK;
3077 pass |= FR_BLOCK;
3086 (void) ipf_nat6_checkout(fin, &pass);
3096 if ((softc->ipf_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
3097 (void) ipf_dolog(fin, &pass);
3126 if ((pass & FR_RETMASK) != 0) {
3136 if (pass & FR_RETICMP) {
3139 if ((pass & FR_RETMASK) == FR_FAKEICMP)
3146 } else if (((pass & FR_RETMASK) == FR_RETRST) &&
3158 if (FR_ISAUTH(pass) && (fin->fin_m != NULL)) {
3165 if (pass & FR_RETRST) {
3175 if (FR_ISBLOCK(pass) && (fin->fin_flx & FI_NEWNAT))
3201 if (!out && (pass & FR_FASTROUTE)) {
3204 * so pass NULL as the frdest_t parameter
3224 if (!FR_ISPASS(pass)) {
3245 if (FR_ISPASS(pass))
3253 FR_VERBOSE(("fin_flx %#x pass %#x ", fin->fin_flx, pass));
3254 /*if ((pass & FR_CMDMASK) == (softc->ipf_pass & FR_CMDMASK))*/
3255 if ((pass & FR_NOMATCH) != 0)
3258 if ((pass & FR_RETMASK) != 0)
3259 switch (pass & FR_RETMASK)
3269 switch (pass & FR_CMDMASK)
3303 u_32_t pass;
3307 pass = *passp;
3309 if ((softc->ipf_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
3310 pass |= FF_LOGNOMATCH;
3314 } else if (((pass & FR_LOGMASK) == FR_LOGP) ||
3315 (FR_ISPASS(pass) && (softc->ipf_flags & FF_LOGPASS))) {
3316 if ((pass & FR_LOGMASK) != FR_LOGP)
3317 pass |= FF_LOGPASS;
3321 } else if (((pass & FR_LOGMASK) == FR_LOGB) ||
3322 (FR_ISBLOCK(pass) && (softc->ipf_flags & FF_LOGBLOCK))) {
3323 if ((pass & FR_LOGMASK) != FR_LOGB)
3324 pass |= FF_LOGBLOCK;
3328 if (ipf_log_pkt(fin, pass) == -1) {
3333 if ((pass & FR_LOGORBLOCK) && FR_ISPASS(pass)) {
3334 DT1(frb_logfail2, u_int, pass);
3335 pass &= ~FR_CMDMASK;
3336 pass |= FR_BLOCK;
3340 *passp = pass;
8395 /* pass(I) - IP protocol version to match */
8405 ipf_decaps(fin, pass, l5proto)
8407 u_32_t pass;
8556 pass &= ~FR_CMDMASK;
8557 pass |= FR_BLOCK|FR_QUICK;
8562 pass = ipf_scanlist(fin, pass);
8587 return pass;