Lines Matching refs:fin
1357 /* fin(I) - pointer to packet information */
1373 ipf_state_add(softc, fin, stsave, flags)
1375 fr_info_t *fin;
1397 fin->fin_error = EAGAIN;
1401 if (fin->fin_flx & (FI_SHORT|FI_STATE|FI_FRAGBODY|FI_BAD)) {
1406 if ((fin->fin_flx & FI_OOW) && !(fin->fin_tcpf & TH_SYN)) {
1426 fr = fin->fin_fr;
1450 out = fin->fin_out;
1459 is->is_v = fin->fin_v;
1460 is->is_sec = fin->fin_secmsk;
1462 is->is_auth = fin->fin_auth;
1464 is->is_family = fin->fin_family;
1465 is->is_opt[0] = fin->fin_optmsk;
1475 hv = (is->is_p = fin->fin_fi.fi_p);
1476 is->is_src = fin->fin_fi.fi_src;
1478 is->is_dst = fin->fin_fi.fi_dst;
1481 if (fin->fin_v == 6) {
1509 if ((fin->fin_v == 4) &&
1510 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
1519 ic = fin->fin_dp;
1539 ic = fin->fin_dp;
1558 gre = fin->fin_dp;
1563 is->is_call[0] = fin->fin_data[0];
1564 is->is_call[1] = fin->fin_data[1];
1570 tcp = fin->fin_dp;
1583 is->is_sport = htons(fin->fin_data[0]);
1584 is->is_dport = htons(fin->fin_data[1]);
1602 if ((fin->fin_flx & FI_IGNORE) == 0) {
1603 is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
1616 if (ipf_tcpoptions(softs, fin, tcp,
1618 fin->fin_flx |= FI_BAD;
1619 DT1(ipf_fi_bad_tcpoptions_th_fin_ack_ecnall, fr_info_t *, fin);
1623 if ((fin->fin_out != 0) && (pass & FR_NEWISN) != 0) {
1624 ipf_checknewisn(fin, is);
1625 ipf_fixoutisn(fin, is);
1646 tcp = fin->fin_dp;
1648 is->is_sport = htons(fin->fin_data[0]);
1649 is->is_dport = htons(fin->fin_data[1]);
1691 is->is_rulen = fin->fin_rule;
1736 if ((fin->fin_flx & FI_IGNORE) == 0) {
1738 fin->fin_pktnum = 1;
1739 is->is_bytes[out] = fin->fin_plen;
1740 is->is_flx[out][0] = fin->fin_flx & FI_CMP;
1758 if (ipf_state_insert(softc, is, fin->fin_rev) == -1) {
1791 if ((fin->fin_ifp == NULL) ||
1800 is->is_ifp[out << 1] = fin->fin_ifp;
1801 COPYIFNAME(fin->fin_v, fin->fin_ifp,
1826 if (fin->fin_ifp != NULL) {
1827 is->is_ifp[out << 1] = fin->fin_ifp;
1828 COPYIFNAME(fin->fin_v, fin->fin_ifp,
1833 if (fin->fin_p == IPPROTO_TCP) {
1839 (void) ipf_tcp_age(&is->is_sti, fin, softs->ipf_state_tcptq,
1844 is->is_sync = ipf_sync_new(softc, SMC_STATE, fin, is);
1850 fin->fin_flx |= FI_STATE;
1851 if (fin->fin_flx & FI_FRAG)
1852 (void) ipf_frag_new(softc, fin, pass);
1856 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1864 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1869 fin->fin_tif = &is->is_tifs[fin->fin_rev];
1873 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1878 fin->fin_dif = &is->is_dif;
1889 /* fin(I) - pointer to packet information */
1897 ipf_tcpoptions(softs, fin, tcp, td)
1899 fr_info_t *fin;
1908 if (fin->fin_dlen < len) {
1914 off = fin->fin_plen - fin->fin_dlen + sizeof(*tcp) + fin->fin_ipoff;
1916 m = fin->fin_m;
1995 /* fin(I) - pointer to packet information */
2004 ipf_state_tcp(softc, softs, fin, tcp, is)
2007 fr_info_t *fin;
2014 source = !fin->fin_rev;
2016 (ntohs(is->is_sport) != fin->fin_data[0]))
2044 ret = ipf_state_tcpinwindow(fin, fdata, tdata, tcp,
2050 ret = ipf_tcp_age(&is->is_sti, fin, softs->ipf_state_tcptq,
2054 DT2(iss_tcp_fsm, fr_info_t *, fin, ipstate_t *, is);
2075 if (ipf_tcpoptions(softs, fin, tcp,
2077 fin->fin_flx |= FI_BAD;
2078 DT1(ipf_fi_bad_winscale_syn_ack, fr_info_t *, fin);
2081 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
2082 ipf_checknewisn(fin, is);
2086 if (ipf_tcpoptions(softs, fin, tcp,
2088 fin->fin_flx |= FI_BAD;
2089 DT1(ipf_fi_bad_winscale_syn, fr_info_t *, fin);
2093 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
2094 ipf_checknewisn(fin, is);
2099 DT2(iss_tcp_oow, fr_info_t *, fin, ipstate_t *, is);
2111 /* Parameters: fin(I) - pointer to packet information */
2121 ipf_checknewisn(fin, is)
2122 fr_info_t *fin;
2129 i = fin->fin_rev;
2130 tcp = fin->fin_dp;
2135 new = ipf_newisn(fin);
2148 /* Parameters: fin(I) - pointer to packet information */
2158 ipf_state_tcpinwindow(fin, fdata, tdata, tcp, flags)
2159 fr_info_t *fin;
2164 ipf_main_softc_t *softc = fin->fin_main_soft;
2188 dsize = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
2238 fin->fin_flx |= FI_OOW;
2273 i = (fin->fin_rev << 1) + fin->fin_out;
2328 fin->fin_flx |= FI_OOW;
2337 /* Parameters: fin(I) - pointer to packet information */
2344 ipf_state_clone(fin, tcp, is)
2345 fr_info_t *fin;
2349 ipf_main_softc_t *softc = fin->fin_main_soft;
2379 send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
2383 if (fin->fin_rev == 1) {
2403 if (ipf_state_insert(softc, clone, fin->fin_rev) == -1) {
2410 (void) ipf_tcp_age(&clone->is_sti, fin, softs->ipf_state_tcptq,
2415 clone->is_sync = ipf_sync_new(softc, SMC_STATE, fin, clone);
2425 /* Parameters: fin(I) - pointer to packet information */
2437 ipf_matchsrcdst(fin, is, src, dst, tcp, cmask)
2438 fr_info_t *fin;
2444 ipf_main_softc_t *softc = fin->fin_main_soft;
2459 ifp = fin->fin_ifp;
2460 out = fin->fin_out;
2466 sp = htons(fin->fin_sport);
2467 dp = ntohs(fin->fin_dport);
2490 DT2(iss_lookup_badifp, fr_info_t *, fin, ipstate_t *, is);
2528 DT2(iss_lookup_badport, fr_info_t *, fin, ipstate_t *, is);
2548 fr_ip_t *fi = &fin->fin_fi;
2555 if (!(fin->fin_flx & (FI_MULTICAST|FI_MBCAST))){
2562 if (!(fin->fin_flx & (FI_MULTICAST|FI_MBCAST))){
2576 flx = fin->fin_flx & cmask;
2583 ((fin->fin_optmsk & is->is_optmsk[rev]) != is->is_opt[rev]) ||
2584 ((fin->fin_secmsk & is->is_secmsk) != is->is_sec) ||
2585 ((fin->fin_auth & is->is_authmsk) != is->is_auth)) {
2590 if ((fin->fin_flx & FI_IGNORE) != 0) {
2591 fin->fin_rev = rev;
2604 clone = ipf_state_clone(fin, tcp, is);
2641 is->is_opt[1] = fin->fin_optmsk;
2657 COPYIFNAME(fin->fin_v, ifp, is->is_ifname[idx]);
2659 fin->fin_rev = rev;
2667 /* Parameters: fin(I) - pointer to packet information */
2676 ipf_checkicmpmatchingstate(fin)
2677 fr_info_t *fin;
2679 ipf_main_softc_t *softc = fin->fin_main_soft;
2699 if ((fin->fin_v != 4) || (fin->fin_hlen != sizeof(ip_t)) ||
2700 (fin->fin_plen < ICMPERR_MINPKTLEN) ||
2701 !(fin->fin_flx & FI_ICMPERR)) {
2705 ic = fin->fin_dp;
2713 if (fin->fin_plen < ICMPERR_MAXPKTLEN + ((IP_HL(oip) - 5) << 2)) {
2721 len = fin->fin_dlen - ICMPERR_ICMPHLEN;
2723 DT2(iss_icmp_len, fr_info_t *, fin, struct ip*, oip);
2741 m = fin->fin_m;
2748 if ((char *)oip + len > (char *)fin->fin_ip + m->m_len) {
2756 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
2767 * we make an fin entry to be able to feed it to
2786 ofin.fin_ifp = fin->fin_ifp;
2787 ofin.fin_out = !fin->fin_out;
2842 if ((is != NULL) && !ipf_allowstateicmp(fin, is, &src))
2877 if (ipf_allowstateicmp(fin, is, &src) == 0)
2890 /* Parameters: fin(I) - pointer to packet information */
2899 ipf_allowstateicmp(fin, is, src)
2900 fr_info_t *fin;
2904 ipf_main_softc_t *softc = fin->fin_main_soft;
2915 savefr = fin->fin_fr;
2916 fin->fin_fr = fr->fr_icmpgrp->fg_start;
2918 ipass = ipf_scanlist(fin, softc->ipf_pass);
2919 fin->fin_fr = savefr;
2934 fin->fin_rev = !backward;
2935 i = (!backward << 1) + fin->fin_out;
2936 oi = (backward << 1) + !fin->fin_out;
2947 DT2(iss_icmp_hits, fr_info_t *, fin, ipstate_t *, is);
3017 /* Parameters: fin(I) - pointer to packet information */
3022 /* the contents of *fin. For certain protocols, when a match is found the */
3029 ipf_state_lookup(fin, tcp, ifqp)
3030 fr_info_t *fin;
3034 ipf_main_softc_t *softc = fin->fin_main_soft;
3046 tcp = fin->fin_dp;
3048 hv = (pr = fin->fin_fi.fi_p);
3049 src = fin->fin_fi.fi_src;
3050 dst = fin->fin_fi.fi_dst;
3054 v = fin->fin_fi.fi_v;
3057 hv += fin->fin_fi.fi_src.i6[1];
3058 hv += fin->fin_fi.fi_src.i6[2];
3059 hv += fin->fin_fi.fi_src.i6[3];
3061 if ((fin->fin_p == IPPROTO_ICMPV6) &&
3062 IN6_IS_ADDR_MULTICAST(&fin->fin_fi.fi_dst.in6)) {
3065 hv += fin->fin_fi.fi_dst.i6[1];
3066 hv += fin->fin_fi.fi_dst.i6[2];
3067 hv += fin->fin_fi.fi_dst.i6[3];
3072 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
3073 if (fin->fin_out == 0) {
3104 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3107 ic, fin->fin_rev)) {
3108 if (fin->fin_rev)
3118 hv += fin->fin_fi.fi_src.i6[0];
3119 hv += fin->fin_fi.fi_src.i6[1];
3120 hv += fin->fin_fi.fi_src.i6[2];
3121 hv += fin->fin_fi.fi_src.i6[3];
3140 ((fin->fin_flx & FI_NOWILD) == 0) &&
3142 hv -= fin->fin_fi.fi_src.i6[0];
3143 hv -= fin->fin_fi.fi_src.i6[1];
3144 hv -= fin->fin_fi.fi_src.i6[2];
3145 hv -= fin->fin_fi.fi_src.i6[3];
3151 is = ipf_checkicmp6matchingstate(fin);
3168 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3172 ic, fin->fin_rev)) {
3173 if (fin->fin_rev)
3188 sport = htons(fin->fin_data[0]);
3190 dport = htons(fin->fin_data[1]);
3205 fin->fin_flx &= ~FI_OOW;
3206 is = ipf_matchsrcdst(fin, is, &src, &dst, tcp, FI_CMP);
3209 if (!ipf_state_tcp(softc, softs, fin,
3211 oow |= fin->fin_flx & FI_OOW;
3231 ((fin->fin_flx & FI_NOWILD) == 0)) {
3236 hv = fin->fin_fi.fi_p;
3243 if (fin->fin_out == 0) {
3257 fin->fin_flx |= oow;
3262 gre = fin->fin_dp;
3277 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3291 (is->is_tqehead[fin->fin_rev] != NULL))
3292 ifq = is->is_tqehead[fin->fin_rev];
3306 /* Parameters: fin(I) - pointer to packet information */
3312 ipf_state_check(fin, passp)
3313 fr_info_t *fin;
3316 ipf_main_softc_t *softc = fin->fin_main_soft;
3329 if (fin->fin_flx & (FI_SHORT|FI_FRAGBODY|FI_BAD)) {
3334 if ((fin->fin_flx & FI_TCPUDP) ||
3335 (fin->fin_fi.fi_p == IPPROTO_ICMP)
3337 || (fin->fin_fi.fi_p == IPPROTO_ICMPV6)
3340 tcp = fin->fin_dp;
3348 is = ipf_state_lookup(fin, tcp, &ifq);
3350 switch (fin->fin_p)
3356 if (fin->fin_v == 6) {
3357 is = ipf_checkicmp6matchingstate(fin);
3368 is = ipf_checkicmpmatchingstate(fin);
3376 if (fin->fin_out == 0)
3377 ipf_fixinisn(fin, is);
3378 else if (fin->fin_out == 1)
3379 ipf_fixoutisn(fin, is);
3383 if (fin->fin_rev)
3396 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
3397 if (fin->fin_nattag == NULL) {
3402 if (ipf_matchtag(&fr->fr_nattag, fin->fin_nattag)!=0) {
3408 (void) strncpy(fin->fin_group, FR_NAME(fr, fr_group),
3410 fin->fin_icode = fr->fr_icode;
3413 fin->fin_rule = is->is_rulen;
3414 fin->fin_fr = fr;
3420 if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
3422 (void) ipf_frag_new(softc, fin, is->is_pass);
3430 ifq = is->is_tqehead[fin->fin_rev];
3437 inout = (fin->fin_rev << 1) + fin->fin_out;
3439 is->is_bytes[inout] += fin->fin_plen;
3440 fin->fin_pktnum = is->is_pkts[inout] + is->is_icmppkts[inout];
3447 ipf_sync_update(softc, SMC_STATE, fin, is->is_sync);
3453 fin->fin_dif = &is->is_dif;
3454 fin->fin_tif = &is->is_tifs[fin->fin_rev];
3455 fin->fin_flx |= FI_STATE;
3466 /* Parameters: fin(I) - pointer to packet information */
3473 ipf_fixoutisn(fin, is)
3474 fr_info_t *fin;
3481 tcp = fin->fin_dp;
3482 rev = fin->fin_rev;
3484 if ((rev == 0) && (fin->fin_cksum < FI_CK_L4PART)) {
3492 if ((rev == 1) && (fin->fin_cksum < FI_CK_L4PART)) {
3505 /* Parameters: fin(I) - pointer to packet information */
3512 ipf_fixinisn(fin, is)
3513 fr_info_t *fin;
3520 tcp = fin->fin_dp;
3521 rev = fin->fin_rev;
3523 if ((rev == 1) && (fin->fin_cksum < FI_CK_L4PART)) {
3531 if ((rev == 0) && (fin->fin_cksum < FI_CK_L4PART)) {
3993 /* fin(I) - pointer to packet information */
4040 ipf_tcp_age(tqe, fin, tqtab, flags, ok)
4042 fr_info_t *fin;
4046 ipf_main_softc_t *softc = fin->fin_main_soft;
4051 tcp = fin->fin_dp;
4054 dir = fin->fin_rev;
4056 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
4444 /* Parameters: fin(I) - pointer to packet information */
4451 ipf_checkicmp6matchingstate(fin)
4452 fr_info_t *fin;
4454 ipf_main_softc_t *softc = fin->fin_main_soft;
4475 if ((fin->fin_v != 6) || (fin->fin_plen < ICMP6ERR_MINPKTLEN) ||
4476 !(fin->fin_flx & FI_ICMPERR)) {
4481 ic6 = fin->fin_dp;
4485 if (fin->fin_plen < sizeof(*oip6)) {
4490 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
4492 ofin.fin_ifp = fin->fin_ifp;
4493 ofin.fin_out = !fin->fin_out;
4498 * We make a fin entry to be able to feed it to
4508 oip6->ip6_plen = htons(fin->fin_dlen - ICMPERR_ICMPHLEN);
4571 if (!ipf_allowstateicmp(fin, is, &src))
4632 if ((is != NULL) && (ipf_allowstateicmp(fin, is, &src) == 0))