Lines Matching refs:args
564 send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6)
568 m = args->m;
569 if (code == ICMP6_UNREACH_RST && args->f_id.proto == IPPROTO_TCP) {
575 m0 = ipfw_send_pkt(args->m, &(args->f_id),
593 if (args->L3offset)
594 m_adj(m, args->L3offset);
600 args->m = NULL;
610 send_reject(struct ip_fw_args *args, int code, int iplen, struct ip *ip)
620 if (args->L3offset)
621 m_adj(m, args->L3offset);
624 icmp_error(args->m, ICMP_UNREACH, code, 0L, 0);
625 } else if (args->f_id.proto == IPPROTO_TCP) {
627 L3HDR(struct tcphdr, mtod(args->m, struct ip *));
630 m = ipfw_send_pkt(args->m, &(args->f_id),
636 FREE_PKT(args->m);
638 FREE_PKT(args->m);
639 args->m = NULL;
653 check_uidgid(ipfw_insn_u32 *insn, struct ip_fw_args *args, int *ugid_lookupp,
673 id = &args->f_id;
674 inp = args->inp;
675 oif = args->oif;
714 lookupflags, oif, args->m);
719 lookupflags, oif, args->m);
731 lookupflags, oif, args->m);
736 lookupflags, oif, args->m);
765 * Helper function to set args with info on the rule after the matching
770 set_match(struct ip_fw_args *args, int slot,
773 args->rule.chain_id = chain->id;
774 args->rule.slot = slot + 1; /* we use 0 as a marker */
775 args->rule.rule_id = 1 + chain->map[slot]->id;
776 args->rule.rulenum = chain->map[slot]->rulenum;
838 * All arguments are in args so we can modify them and return them
843 * args->m (in/out) The packet; we set to NULL when/if we nuke it.
845 * args->eh (in) Mac header if present, NULL for layer3 packet.
846 * args->L3offset Number of bytes bypassed if we came from L2.
848 * args->oif Outgoing interface, NULL if packet is incoming.
850 * args->divert_rule (in/out)
854 * args->rule Pointer to the last matching rule (in/out)
855 * args->next_hop Socket we are forwarding to (out).
856 * args->next_hop6 IPv6 next hop we are forwarding to (out).
857 * args->f_id Addresses grabbed from the packet (out)
858 * args->rule.info a cookie depending on rule action
866 * IP_FW_DUMMYNET to dummynet, pipe in args->cookie
867 * IP_FW_NETGRAPH into netgraph, cookie args->cookie
868 * args->rule contains the matching rule,
869 * args->rule.info has additional information.
873 ipfw_chk(struct ip_fw_args *args)
885 * args->eh The MAC header. It is non-null for a layer2
888 * args->L3offset Offset in the packet to the L3 (IP or equiv.) header.
890 * m | args->m Pointer to the mbuf, as received from the caller.
900 struct mbuf *m = args->m;
918 * oif | args->oif If NULL, ipfw_chk has been called on the
923 struct ifnet *oif = args->oif;
1002 args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */
1003 proto = args->f_id.proto = 0; /* mark f_id invalid */
1017 args->m = m = m_pullup(m, x); \
1027 if (args->eh)
1028 etype = ntohs(args->eh->ether_type);
1032 (args->eh == NULL || etype == ETHERTYPE_IPV6) && ip->ip_v == 6) {
1035 args->f_id.addr_type = 6;
1052 args->f_id._flags = TCP(ulp)->th_flags;
1118 args->f_id.extra =
1196 args->f_id.src_ip6 = ip6->ip6_src;
1197 args->f_id.dst_ip6 = ip6->ip6_dst;
1198 args->f_id.src_ip = 0;
1199 args->f_id.dst_ip = 0;
1200 args->f_id.flow_id6 = ntohl(ip6->ip6_flow);
1202 (args->eh == NULL || etype == ETHERTYPE_IP) && ip->ip_v == 4) {
1205 args->f_id.addr_type = 4;
1224 args->f_id._flags = TCP(ulp)->th_flags;
1241 //args->f_id.flags = ICMP(ulp)->icmp_type;
1250 args->f_id.src_ip = ntohl(src_ip.s_addr);
1251 args->f_id.dst_ip = ntohl(dst_ip.s_addr);
1255 args->f_id.proto = proto;
1256 args->f_id.src_port = src_port = ntohs(src_port);
1257 args->f_id.dst_port = dst_port = ntohs(dst_port);
1265 if (args->rule.slot) {
1268 * match on rule args->rule aka args->rule_id (PIPE, QUEUE,
1273 f_pos = (args->rule.chain_id == chain->id) ?
1274 args->rule.slot :
1275 ipfw_find_rule(chain, args->rule.rulenum,
1276 args->rule.rule_id);
1367 args, &ucred_lookup,
1392 if (args->eh != NULL) { /* have MAC header */
1397 u_int32_t *hdr = (u_int32_t *)args->eh;
1407 if (args->eh != NULL) {
1428 match = (args->eh != NULL);
1433 /* For diverted packets, args->rule.info
1437 uint32_t i = args->rule.info;
1489 args, &ucred_lookup,
1520 &args->f_id.dst_ip6: &args->f_id.src_ip6;
1536 cmd->arg1, 0, &args->f_id, &v);
1568 match= is_ipv6 && ipfw_localip6(&args->f_id.src_ip6);
1578 args->f_id.dst_ip :
1579 args->f_id.src_ip;
1607 match= is_ipv6 && ipfw_localip6(&args->f_id.dst_ip6);
1827 ipfw_log(chain, f, hlen, args, m,
1843 verify_path6(&(args->f_id.src_ip6),
1844 m->m_pkthdr.rcvif, args->f_id.fib) :
1847 args->f_id.fib)));
1855 verify_path6(&(args->f_id.src_ip6),
1856 NULL, args->f_id.fib) :
1858 verify_path(src_ip, NULL, args->f_id.fib)));
1867 in6_localaddr(&(args->f_id.src_ip6)))
1873 &(args->f_id.src_ip6),
1875 args->f_id.fib) :
1879 args->f_id.fib);
1895 IN6_ARE_ADDR_EQUAL(&args->f_id.src_ip6,
1901 IN6_ARE_ADDR_EQUAL(&args->f_id.dst_ip6,
1917 args->f_id.src_ip6:
1918 args->f_id.dst_ip6;
1929 flow6id_match(args->f_id.flow_id6,
1978 if (args->f_id.fib == cmd->arg1)
1984 struct inpcb *inp = args->inp;
2102 (ipfw_insn_limit *)cmd, args, tablearg)) {
2123 (q = ipfw_lookup_dyn_rule(&args->f_id,
2167 set_match(args, f_pos, chain);
2168 args->rule.info = TARG(cmd->arg1, pipe);
2170 args->rule.info |= IPFW_IS_PIPE;
2172 args->rule.info |= IPFW_ONEPASS;
2180 if (args->eh) /* not on layer 2 */
2187 set_match(args, f_pos, chain);
2188 args->rule.info = TARG(cmd->arg1, divert);
2328 send_reject(args, cmd->arg1, iplen, ip);
2329 m = args->m;
2339 !IN6_IS_ADDR_MULTICAST(&args->f_id.dst_ip6)) {
2341 args, cmd->arg1, hlen,
2343 m = args->m;
2354 if (args->eh) /* not valid on layer2 pkts */
2374 sa6 = args->next_hop6 =
2375 &args->hopstore6;
2393 sa = args->next_hop =
2394 &args->hopstore;
2402 args->next_hop = sa;
2412 if (args->eh) /* not valid on layer2 pkts */
2419 args->next_hop6 = sin6;
2429 set_match(args, f_pos, chain);
2430 args->rule.info = TARG(cmd->arg1, netgraph);
2432 args->rule.info |= IPFW_ONEPASS;
2447 args->f_id.fib = fib;
2490 set_match(args, f_pos, chain);
2493 retval = ipfw_nat_ptr(args, NULL, m);
2508 retval = ipfw_nat_ptr(args, t, m);
2522 args->m = m = ip_reass(m);
2540 set_match(args, f_pos, chain);
2547 retval = ipfw_run_eaction(chain, args,