Lines Matching defs:in
62 #include <netinet/in.h>
387 * fields in the fr_info_t structure passed based on properties of the
613 /* big enough for it to be in, checking if it is repeated and setting a */
780 /* Fragments in IPv6 are extraordinarily difficult to deal with - much more */
781 /* so than in IPv4. There are 5 cases of fragments with IPv6 that all */
794 /* scenario in which they happen is in extreme circumstances that are most */
798 /* headers must always be in a packet that has the offset field set to 0 */
1045 /* The minimum length is taken to be the combination of all fields in the */
1109 /* consecutively in the packet buffer. */
1347 * Use of the TCP data offset *must* result in a value that is at
1372 * Ignore this case (#if 0) as it shows up in "real"
1373 * traffic with bogus values in the urgent pointer field.
1427 * are most interested in is the TCP window scale. This is only in
1593 /* The minimum length is taken to be the combination of all fields in the */
1676 /* Analyze the IPv4 header and set fields in the fr_info_t structure. */
1706 /* Zero out bits not used in IPv6 address */
1925 /* value found in the fr_info_t structure. */
1970 * Tag numbers 0, 1, 2, 5 are laid out in the CIPSO Internet
2030 /* in the fr_info_t structure pointer to by fin. At present, it is assumed */
2079 /* structure with compare information stored in it. */
2156 * Both ports should *always* be in the first fragment.
2202 /* port numbers, etc, for "standard" IPFilter rules are all orchestrated in */
2234 * are present (if any) in this packet.
2404 * If there are no rules in this list, return now.
2427 * In all checks below, a null (zero) value in the
2509 * in the rule, if it exists and use the results from that.
2638 /* functions called from the IPFilter "mainline" in ipf_check(). */
2679 /* in the cache. If not, then search an appropriate list of rules. Once a */
2743 * If a rule is a pre-auth rule, check again in the list of rules
2788 /* out(I) - 0 == packet going in, 1 == packet going out */
2836 * the an attempt to ensure the buffer the packet is in is big enough
3014 * If a packet is found in the auth table, then skip checking
3017 * found in the auth table means it has been seen before, so do
3115 * the filter rule just in case someone decides to remove or flush it
3116 * in the meantime.
3132 * ONLY be sent in repsonse to incoming packets. Sending
3133 * them in response to outbound packets can result in a
3347 /* len(I) - length of buffer in bytes */
3384 /* Calculates the TCP checksum for the packet held in "m", using the data */
3385 /* in the IP header "ip" to seed it. */
3388 /* and the TCP header. We also assume that data blocks aren't allocated in */
3391 /* Expects ip_len and ip_off to be in network byte order when called. */
3503 * Which list of groups to search in is dependent on which list of
3593 /* the reference count reaches zero. Passing in fr is really for the sole */
3661 /* flags(I) - which set of rules to find the rule in */
3665 /* Find rule # n in group # g and return a pointer to it. Return NULl if */
3666 /* group # g doesn't exist or there are less than n rules in the group. */
3807 /* of those that match the flags passed in. The for loop here is bit more */
3858 /* dlen(I) - length available to search in */
3885 /* rp(I) - rule added/removed with skip in it. */
3890 /* Adjust all the rules in a list which would have skip'd past the position */
3917 /* Returns: int - >= 0 - number of consecutive bits in input */
3921 /* count consecutive 1's in bit mask. If the mask generated by counting */
3952 /* Returns: int - >= 0 - number of consecutive bits in input */
3956 /* count consecutive 1's in bit mask. */
3989 /* used in the rule. The interface pointer is used to limit the lookups to */
4148 * copied _from_ in this instance is a pointer to a char buf (which could
4158 /* Copy a block of data in from user space, given a pointer to the pointer */
4224 /* in *lockp. */
4251 /* Stores a copy of current pointers, counters, etc, in the friostat */
4375 /* reply to one as described by what's in ic. If it is a match, return 1, */
4391 * If we matched its type on the way in, then when going out
4418 * IFNAMES are located in the variable length field starting at
4464 * the same interfaces but in a different order will compare
4465 * differently. But since multiple interfaces in a rule doesn't
4468 * revisited in ipf_y.y. While the other issue, recognition
4469 * of only the first interface in a list of interfaces will
4506 /* in kernel space & hence doesn't need copying. */
4523 int error = 0, in, family, need_free = 0;
4623 * into kernel space, then do not trust the function pointer in the
4659 * Check that each group name in the rule has a start index that
4693 * Allow loading rules that are in groups to cause
4722 * not matter whether it is an in or out rule, but if it
4723 * isn't in a group, then it does...
4731 in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
4750 fprev = &softc->ipf_acct[in][set];
4752 fprev = &softc->ipf_rules[in][set];
4764 * Copy in extra data for the rule.
4966 * next or interface pointer in the comparison (fr_next, fr_ifa).
5017 * pointer to be what it was in user space.
5051 * For SIOCAD*FR, this should be the last rule in the group of
5214 /* But in the end, removing a rule can only drop the reference count - we */
5305 /* addrp(I) - pointer to lookup information in address struct */
5308 /* When using pools and hash tables to store addresses for matching in */
5385 /* is using a known function that would have resulted in the "init" being */
5409 /* Look for a function in the table of known functions. */
5429 /* Copy in a ipfunc_resolve_t structure and then fill in the missing field. */
5431 /* function pointer if the name is set. When found, fill in the other one */
5507 * we do increment *curpps even in *curpps < maxpps case, as some may
5603 /* Looks for group hash table fr_arg and stores a pointer to it in fr_ptr. */
5662 /* Look for a rule group head in a hash table, using the source address as */
5692 /* Look for a rule group head in a hash table, using the destination */
5720 * It is expected that a lock is held in the domain in which the queue
5733 /* seconds(I) - timeout value in seconds for this queue. */
5742 /* held (exclusively) in the domain that encompases 'parent'. */
5824 /* held (exclusively) in the domain that encompases the callers "domain". */
5827 /* Remove a user defined timeout queue from the list of queues it is in and */
5845 * Remove from its position in the list.
6037 * queue and one not, could end up with things in a bizarre state.
6068 * delete in case it can now be freed.
6101 /* a fragment, then store the 'new' IPid in the fragment cache and look up */
6103 /* has no match in the cache, return an error. */
6149 /* Constructs an interface name in the buffer passed. The buffer passed is */
6150 /* expected to be at least LIFNAMSIZ in bytes big. If buffer is passed in */
6200 /* for the device in order to execute the ioctl. A special case is made */
6201 /* SIOCIPFINTERROR so that the same code isn't required in every handler. */
6345 /* Copy in the contents of what the ipfobj_t points to. In future, we */
6349 /* in the ipfobj_t structure being copied in. As an example, this can tell */
6417 /* ptr(I) - pointer to store real data in */
6421 /* As per ipf_inobj, except the size of the object to copy in is passed in */
6424 /* that sz must match the size of the object being passed in - this is not */
6425 /* not possible nor required in ipf_inobj(). */
6480 /* ptr(I) - pointer to store real data in */
6484 /* As per ipf_outobj, except the size of the object to copy out is passed in*/
6487 /* that sz must match the size of the object being passed in - this is not */
6488 /* not possible nor required in ipf_outobj(). */
6543 /* ptr(I) - pointer to store real data in */
6614 /* is no point in validating information that comes from the kernel with */
6666 /* not possible, return without indicating a failure or success but in a */
6770 /* netmask update is performed unless FRI_NETMASKED is passed as atype, in */
6810 /* netmask update is performed unless FRI_NETMASKED is passed as atype, in */
6937 * in the table below is as follows:
6972 * If the next entry in the array has a name
7030 /* Appends tune structures from the array passed in (newtune) to the end of */
7141 /* In the array template, ipftp_offset is the offset (in bytes) of the */
7144 /* we add base to the copy's ipftp_offset, copy ends up with a pointer in */
7177 /* Appends tune structures from the array passed in (newtune) to the end of */
7209 /* Search for the tune structure, by pointer, in the list of those that are */
7243 /* Remove each tuneable entry in the array from the list of "dynamic" */
7246 /* An entry with a NULL name is used as the indicator of the last entry in */
7306 * pointer to the next one after it. The last entry in the
7309 * if we come in with cookie set to NULL, we are starting anew
7322 * row fit in what we can return?
7354 * in the tuning paramter table.
7398 u_long in;
7407 in = tu.ipft_vlong;
7408 if (in < ta->ipft_min || in > ta->ipft_max) {
7424 *ta->ipft_plong = in;
7428 *ta->ipft_pint = (u_int)(in & 0xffffffff);
7432 *ta->ipft_pshort = (u_short)(in & 0xffff);
7436 *ta->ipft_pchar = (u_char)(in & 0xff);
7458 /* current ones in the kernel. The lock is only held across the bzero() as */
7459 /* the copyout may result in paging (ie network activity.) */
7494 /* Looks up an interface name in the frdest structure pointed to by fdp and */
7496 /* then store the interface pointer in the frdest struct. If no match is */
7498 /* indicate there is no information at all in the structure. */
7543 /* to that passed in and that is also being used for that IP protocol */
7603 /* of greater than one and in that case the the reference would drop twice */
7629 /* This function looks for a a token in the current list that matches up */
7688 /* This function looks for a live token in the list of current tokens that */
7854 /* last rule in the list. When walking rule lists, it is either input or */
7901 /* This function's first job is to bring in the ipfruleiter_t structure via */
7903 /* return. Once the ipfruleiter_t has been brought in, it then tries to */
7905 /* just be as simple as looking at the 'next' field in the rule structure. */
8052 /* ipf_getnextrule. It's role is to find the right token in the kernel for */
8463 /* This function is called for packets that are wrapt up in other packets, */
8664 /* This function loads in a mathing array through the ipfobj_t struct that */
8666 /* in this function to prevent userspace from trying to load in something */
8669 /* contents of the array are verified before returning. Only in the event */
8729 /* arraysize(I) - number of elements in the array */
8732 /* in it. The actual commands in the array are not verified for */
8747 * (minimum 4 in length) and a trailer, for a total of 6.
8763 * The last opcode in this array should be an IPF_EXP_END.
8795 /* all of the commands in it. */
8953 /* There are two steps in doing this: */
8957 /* candidates for this style of removal. If freeing up entries in */
8964 /* how long ipf has been running (ipf_ticks.) Anything modified in the */
8973 /* - tqe_die is the time, in the future, when entries die. */
8974 /* - tqe_die - ipf_ticks is how long left the connection has to live in ipf */
8982 /* - the pointer passed in as ipfqs should point to an array of timeout */
8986 /* iend (newest) to istart (oldest) in chunks of "interval". If nothing is */
8987 /* found in that range, "interval" is adjusted (so long as it isn't 30) and */
9104 /* This fucntion is used to determine in the address "ipaddr" belongs to */
9141 /* p(I) - pointer to values passed in to apply */
9170 /* seconds(I) - pointer to values passed in to apply */
9266 /* passed in (rather than NULL) to a structure to be initialised. */
9268 /* here instead of in the where might be expected - in the relevant create */
9349 /* A null-op function that exists as a placeholder so that the flow in */
9366 /* Undo everything that we did in ipf_main_soft_create. */
9370 /* value is stored in ipf_dynamic_main. */
9460 /* A null-op function that exists as a placeholder so that the flow in */
9476 /* function for each in an order that won't lead to a crash :) */
9509 /* function for each in an order that won't lead to a crash :) */
9542 /* function for each in an order that won't lead to a crash :) */
9614 /* function for each in an order that won't lead to a crash :) */
9676 /* function for each in an order that won't lead to a crash :) */
9722 /* function for each in an order that won't lead to a crash :) */
9772 /* loaded in. */
9789 * one that dies in the future means no more work to do.
9799 * one that dies in the future means no more work to do.
9830 /* where they are, as long as they're always in the same place. */
9873 /* copy the address passed in into the key structure whilst masking out the */
9946 /* After preparing the key with the address information to find, look in */
10008 /* Try and find the address passed in amongst the leavese on this tree to */
10076 /* Remove all of the nodes in the tree tracking hosts by calling a walker */
10092 /* Slowly expire held state for fragments. Timeouts are set * in */
10156 /* Parameters: bits(I) - number of bits set in the netmask */
10191 /* Parameters: bits(I) - number of bits set in mask */
10237 /* Parameters: bits(I) - number of bits set in mask */