Lines Matching defs:fr
2197 /* fr(I) - pointer to filter rule */
2206 ipf_check_ipf(fin, fr, portcmp)
2208 frentry_t *fr;
2217 fri = fr->fr_ipf;
2250 if (fr->fr_satype == FRI_LOOKUP) {
2251 i = (*fr->fr_srcfunc)(fin->fin_main_soft, fr->fr_srcptr,
2281 i ^= (fr->fr_flags & FR_NOTSRCIP) >> 6;
2289 if (fr->fr_datype == FRI_LOOKUP) {
2290 i = (*fr->fr_dstfunc)(fin->fin_main_soft, fr->fr_dstptr,
2320 i ^= (fr->fr_flags & FR_NOTDSTIP) >> 7;
2344 if (!ipf_tcpudpchk(&fin->fin_fi, &fr->fr_tuc))
2347 if (fr->fr_dcmp || fr->fr_scmp ||
2348 fr->fr_tcpf || fr->fr_tcpfm)
2350 if (fr->fr_icmpm || fr->fr_icmp) {
2355 else if ((fin->fin_data[0] & fr->fr_icmpm) !=
2356 fr->fr_icmp) {
2359 fr->fr_icmpm, fr->fr_icmp));
2392 struct frentry *fr, *fnext;
2401 fr = fin->fin_fr;
2406 if (fr == NULL)
2418 for (rulen = 0; fr; fr = fnext, rulen++) {
2419 fnext = fr->fr_next;
2421 FR_VERBOSE(("SKIP %d (%#x)\n", skip, fr->fr_flags));
2433 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2443 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2448 switch (fr->fr_type)
2452 if (ipf_check_ipf(fin, fr, portcmp))
2464 if (fin->fin_family != fr->fr_family)
2468 if (!bpf_filter(fr->fr_data, mc, wlen, 0))
2477 f = (*fr->fr_func)(fin, &pass);
2479 fr = f;
2487 if (fin->fin_family != fr->fr_family)
2489 if (ipf_fr_matcharray(fin, fr->fr_data) == 0)
2497 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
2500 if (ipf_matchtag(&fr->fr_nattag, fin->fin_nattag) == 0)
2503 FR_VERBOSE(("=%d/%d.%d *", fr->fr_grhead, fr->fr_group, rulen));
2505 passt = fr->fr_flags;
2516 ATOMIC_INC64(fr->fr_hits);
2517 if ((fr->fr_func == NULL) ||
2518 (fr->fr_func == (ipfunc_t)-1))
2522 fin->fin_fr = fr;
2523 fr = (*fr->fr_func)(fin, &passt);
2524 if (fr == NULL) {
2528 passt = fr->fr_flags;
2530 fin->fin_fr = fr;
2548 MUTEX_ENTER(&fr->fr_lock);
2549 fr->fr_bytes += (U_QUAD_T)fin->fin_plen;
2550 fr->fr_hits++;
2551 MUTEX_EXIT(&fr->fr_lock);
2556 skip = fr->fr_arg;
2564 fin->fin_icode = fr->fr_icode;
2566 if (fr->fr_group != -1) {
2568 FR_NAME(fr, fr_group),
2569 strlen(FR_NAME(fr, fr_group)));
2576 if (fr->fr_grphead != NULL) {
2577 fin->fin_fr = fr->fr_grphead->fg_start;
2578 FR_VERBOSE(("group %s\n", FR_NAME(fr, fr_grhead)));
2581 passt = ipf_decaps(fin, pass, fr->fr_icode);
2587 if (fr->fr_group != -1)
2589 fr->fr_names +
2590 fr->fr_group,
2591 strlen(fr->fr_names +
2592 fr->fr_group));
2593 fin->fin_fr = fr;
2611 fin->fin_fr = fr;
2647 frentry_t *fr, *frsave;
2651 fr = softc->ipf_acct[fin->fin_out][softc->ipf_active];
2653 if (fr != NULL) {
2657 fin->fin_fr = fr;
2689 frentry_t *fr;
2707 fr = fin->fin_fr;
2712 if ((fr != NULL) && (fr->fr_pps != 0) &&
2713 !ppsratecheck(&fr->fr_lastpkt, &fr->fr_curpps, fr->fr_pps)) {
2714 DT2(frb_ppsrate, fr_info_t *, fin, frentry_t *, fr);
2738 if ((fr != NULL) && (fr->fr_func != NULL) &&
2739 (fr->fr_func != (ipfunc_t)-1) && !(pass & FR_CALLNOW))
2740 (void) (*fr->fr_func)(fin, &pass);
2768 fr = fin->fin_fr;
2771 return fr;
2828 frentry_t *fr = NULL;
3020 fr = ipf_auth_check(fin, &pass);
3021 if (!out && (fr == NULL))
3024 if (fr == NULL) {
3026 fr = ipf_frag_known(fin, &pass);
3028 if (fr == NULL)
3029 fr = ipf_state_check(fin, &pass);
3032 if ((pass & FR_NOMATCH) || (fr == NULL))
3033 fr = ipf_firewall(fin, &pass);
3055 fin->fin_fr = fr;
3056 if ((fr != NULL) && !(fin->fin_flx & FI_STATE)) {
3057 fin->fin_dif = &fr->fr_dif;
3058 fin->fin_tif = &fr->fr_tifs[fin->fin_rev];
3118 if (fr != NULL) {
3119 MUTEX_ENTER(&fr->fr_lock);
3120 fr->fr_ref++;
3121 MUTEX_EXIT(&fr->fr_lock);
3181 * the 'current' rule fr is not NULL), then we may have some extra
3186 if (fr != NULL) {
3217 (void) ipf_derefrule(softc, &fr);
3588 /* fr(I) - filter rule from which group is referenced */
3593 /* the reference count reaches zero. Passing in fr is really for the sole */
3597 ipf_group_del(softc, group, fr)
3600 frentry_t *fr;
3603 if (group->fg_head == fr)
3675 frentry_t *fr;
3681 for (fr = fg->fg_start; fr && n; fr = fr->fr_next, n--)
3685 return fr;
3819 frentry_t *fr, **frp;
3831 while ((removed == 0) && ((fr = *frp) != NULL)) {
3832 if ((fr->fr_flags & flags) == 0) {
3833 frp = &fr->fr_next;
3835 if (fr->fr_next != NULL)
3836 fr->fr_next->fr_pnext = fr->fr_pnext;
3837 *frp = fr->fr_next;
3838 fr->fr_pnext = NULL;
3839 fr->fr_next = NULL;
3840 (void) ipf_derefrule(softc, &fr);
3983 /* Parameters: fr(I) - start of filter list to sync interface names for */
3997 ipf_synclist(softc, fr, ifp)
3999 frentry_t *fr;
4002 frentry_t *frt, *start = fr;
4011 for (; fr; fr = fr->fr_next) {
4012 if (fr->fr_family == AF_INET)
4014 else if (fr->fr_family == AF_INET6)
4022 for (i = 0; i < FR_NUM(fr->fr_ifas); i++) {
4023 if ((ifp != NULL) && (fr->fr_ifas[i] != ifp))
4025 if (fr->fr_ifnames[i] == -1)
4027 name = FR_NAME(fr, fr_ifnames[i]);
4028 fr->fr_ifas[i] = ipf_resolvenic(softc, name, v);
4031 if ((fr->fr_type & ~FR_T_BUILTIN) == FR_T_IPF) {
4032 if (fr->fr_satype != FRI_NORMAL &&
4033 fr->fr_satype != FRI_LOOKUP) {
4034 ifa = ipf_resolvenic(softc, fr->fr_names +
4035 fr->fr_sifpidx, v);
4036 ipf_ifpaddr(softc, v, fr->fr_satype, ifa,
4037 &fr->fr_src6, &fr->fr_smsk6);
4039 if (fr->fr_datype != FRI_NORMAL &&
4040 fr->fr_datype != FRI_LOOKUP) {
4041 ifa = ipf_resolvenic(softc, fr->fr_names +
4042 fr->fr_sifpidx, v);
4043 ipf_ifpaddr(softc, v, fr->fr_datype, ifa,
4044 &fr->fr_dst6, &fr->fr_dmsk6);
4048 fdp = &fr->fr_tifs[0];
4050 error = ipf_resolvedest(softc, fr->fr_names, fdp, v);
4055 fdp = &fr->fr_tifs[1];
4057 error = ipf_resolvedest(softc, fr->fr_names, fdp, v);
4062 fdp = &fr->fr_dif;
4064 error = ipf_resolvedest(softc, fr->fr_names, fdp, v);
4069 if (((fr->fr_type & ~FR_T_BUILTIN) == FR_T_IPF) &&
4070 (fr->fr_satype == FRI_LOOKUP) && (fr->fr_srcptr == NULL)) {
4071 fr->fr_srcptr = ipf_lookup_res_num(softc,
4072 fr->fr_srctype,
4074 fr->fr_srcnum,
4075 &fr->fr_srcfunc);
4077 if (((fr->fr_type & ~FR_T_BUILTIN) == FR_T_IPF) &&
4078 (fr->fr_datype == FRI_LOOKUP) && (fr->fr_dstptr == NULL)) {
4079 fr->fr_dstptr = ipf_lookup_res_num(softc,
4080 fr->fr_dsttype,
4082 fr->fr_dstnum,
4083 &fr->fr_dstfunc);
4089 for (frt = start; frt != fr; fr = fr->fr_next) {
5265 frentry_t *fr;
5271 for (fr = softc->ipf_rule_explist[set]; fr != NULL;
5272 fr = fr->fr_dnext) {
5273 if (f->fr_die < fr->fr_die)
5275 if (fr->fr_dnext == NULL) {
5281 fr->fr_dnext = f;
5282 f->fr_pdnext = &fr->fr_dnext;
5283 fr = NULL;
5291 } else if (fr != NULL) {
5292 f->fr_dnext = fr;
5293 f->fr_pdnext = fr->fr_pdnext;
5294 fr->fr_pdnext = &f->fr_dnext;
5315 ipf_findlookup(softc, unit, fr, addrp, maskp)
5318 frentry_t *fr;
5333 if (addrp->iplookupname >= fr->fr_namelen)
5336 fr->fr_names + addrp->iplookupname,
5351 /* fr(I) - pointer to filter rule */
5357 ipf_funcinit(softc, fr)
5359 frentry_t *fr;
5368 if (ft->ipfu_addr == fr->fr_func) {
5371 err = (*ft->ipfu_init)(softc, fr);
5382 /* fr(I) - pointer to filter rule */
5389 ipf_funcfini(softc, fr)
5391 frentry_t *fr;
5396 if (ft->ipfu_addr == fr->fr_func) {
5398 (void) (*ft->ipfu_fini)(softc, fr);
5531 /* Parameters: fr(I) - pointer to filter rule */
5541 frentry_t *fr;
5544 fr = *frp;
5547 MUTEX_ENTER(&fr->fr_lock);
5548 fr->fr_ref--;
5549 if (fr->fr_ref == 0) {
5550 MUTEX_EXIT(&fr->fr_lock);
5551 MUTEX_DESTROY(&fr->fr_lock);
5553 ipf_funcfini(softc, fr);
5555 fdp = &fr->fr_tif;
5559 fdp = &fr->fr_rif;
5563 fdp = &fr->fr_dif;
5567 if ((fr->fr_type & ~FR_T_BUILTIN) == FR_T_IPF &&
5568 fr->fr_satype == FRI_LOOKUP)
5569 ipf_lookup_deref(softc, fr->fr_srctype, fr->fr_srcptr);
5570 if ((fr->fr_type & ~FR_T_BUILTIN) == FR_T_IPF &&
5571 fr->fr_datype == FRI_LOOKUP)
5572 ipf_lookup_deref(softc, fr->fr_dsttype, fr->fr_dstptr);
5574 if (fr->fr_grp != NULL)
5575 ipf_group_del(softc, fr->fr_grp, fr);
5577 if (fr->fr_grphead != NULL)
5578 ipf_group_del(softc, fr->fr_grphead, fr);
5580 if (fr->fr_icmpgrp != NULL)
5581 ipf_group_del(softc, fr->fr_icmpgrp, fr);
5583 if ((fr->fr_flags & FR_COPIED) != 0) {
5584 if (fr->fr_dsize) {
5585 KFREES(fr->fr_data, fr->fr_dsize);
5587 KFREES(fr, fr->fr_size);
5592 MUTEX_EXIT(&fr->fr_lock);
5601 /* Parameters: fr(I) - pointer to rule to find hash table for */
5607 ipf_grpmapinit(softc, fr)
5609 frentry_t *fr;
5615 SNPRINTF(name, sizeof(name), "%d", fr->fr_arg);
5617 (void) sprintf(name, "%d", fr->fr_arg);
5624 if ((iph->iph_flags & FR_INOUT) != (fr->fr_flags & FR_INOUT)) {
5629 fr->fr_ptr = iph;
5638 /* fr(I) - pointer to rule to release hash table for */
5644 ipf_grpmapfini(softc, fr)
5646 frentry_t *fr;
5649 iph = fr->fr_ptr;
7849 /* fr(I) - pointer to filter rule */
7852 /* Starting with "fr", find the next rule to visit. This includes visiting */
7853 /* the list of rule groups if either fr is NULL (empty list) or it is the */
7858 ipf_nextrule(softc, active, unit, fr, out)
7861 frentry_t *fr;
7867 if (fr != NULL && fr->fr_group != -1) {
7868 fg = ipf_findgroup(softc, fr->fr_names + fr->fr_group,
7915 frentry_t *fr, *next, zero;
7951 fr = t->ipt_data;
7962 if (fr == NULL) {
7981 next = fr->fr_next;
7984 fr, out);
7994 if (fr != NULL)
7995 (void) ipf_derefrule(softc, &fr);
8036 if ((fr != NULL) && (next == &zero))
8037 (void) ipf_derefrule(softc, &fr);
9778 frentry_t *fr;
9786 while ((fr = softc->ipf_rule_explist[0]) != NULL) {
9791 if (fr->fr_die > softc->ipf_ticks)
9793 ipf_rule_delete(softc, fr, IPL_LOGIPF, 0);
9796 while ((fr = softc->ipf_rule_explist[1]) != NULL) {
9801 if (fr->fr_die > softc->ipf_ticks)
9803 ipf_rule_delete(softc, fr, IPL_LOGIPF, 1);