Lines Matching defs:pass
2327 /* pass(I) - default result to return for filtering */
2340 ipf_scanlist(fr_info_t *fin, u_32_t pass)
2351 return (pass);
2359 return (pass);
2390 FR_VERBOSE(("%c", FR_ISSKIP(pass) ? 's' :
2391 FR_ISPASS(pass) ? 'p' :
2392 FR_ISACCOUNT(pass) ? 'A' :
2393 FR_ISAUTH(pass) ? 'a' :
2394 (pass & FR_NOMATCH) ? 'n' :'b'));
2429 f = (*fr->fr_func)(fin, &pass);
2506 passo = pass;
2512 pass = passt;
2526 FR_DEBUG(("pass %#x/%#x/%x\n", passo, pass, passt));
2533 passt = ipf_decaps(fin, pass, fr->fr_icode);
2535 passt = ipf_scanlist(fin, pass);
2546 passt = pass;
2548 pass = passt;
2551 if (pass & FR_QUICK) {
2559 if ((pass & FR_KEEPSTATE) && !FR_ISAUTH(pass) &&
2568 pass = passo;
2576 return (pass);
2598 u_32_t pass, rulen;
2608 pass = ipf_scanlist(fin, FR_NOMATCH);
2609 if (FR_ISACCOUNT(pass)) {
2638 u_32_t pass;
2642 pass = *passp;
2650 pass = ipf_scanlist(fin, softc->ipf_pass);
2652 if ((pass & FR_NOMATCH)) {
2663 pass &= ~(FR_CMDMASK|FR_RETICMP|FR_RETRST);
2664 pass |= FR_BLOCK;
2674 if (FR_ISAUTH(pass)) {
2687 (fr->fr_func != (ipfunc_t)-1) && !(pass & FR_CALLNOW))
2688 (void) (*fr->fr_func)(fin, &pass);
2694 * is treated as "not a pass", hence the packet is blocked.
2696 if (FR_ISPREAUTH(pass)) {
2697 pass = ipf_auth_pre_scanlist(softc, fin, pass);
2704 if (pass & FR_KEEPFRAG) {
2706 if (ipf_frag_new(softc, fin, pass) == -1) {
2717 *passp = pass;
2768 u_32_t pass = softc->ipf_pass;
2882 pass = FR_BLOCK|FR_NOMATCH;
2895 pass = FR_BLOCK|FR_NOMATCH;
2938 if (ipf_nat_checkin(fin, &pass) == -1) {
2944 if (ipf_nat6_checkin(fin, &pass) == -1) {
2959 * not pass it through accounting (again), lest it be counted twice.
2961 fr = ipf_auth_check(fin, &pass);
2967 fr = ipf_frag_known(fin, &pass);
2970 fr = ipf_state_check(fin, &pass);
2973 if ((pass & FR_NOMATCH) || (fr == NULL))
2974 fr = ipf_firewall(fin, &pass);
2981 if ((pass & FR_KEEPSTATE) && (fin->fin_m != NULL) &&
2987 if (FR_ISPASS(pass)) {
2989 pass &= ~FR_CMDMASK;
2990 pass |= FR_BLOCK;
3006 if (out && FR_ISPASS(pass)) {
3012 if (ipf_nat_checkout(fin, &pass) == -1) {
3018 pass &= ~FR_CMDMASK;
3019 pass |= FR_BLOCK;
3028 (void) ipf_nat6_checkout(fin, &pass);
3038 if ((softc->ipf_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
3039 (void) ipf_dolog(fin, &pass);
3068 if ((pass & FR_RETMASK) != 0) {
3078 if (pass & FR_RETICMP) {
3081 if ((pass & FR_RETMASK) == FR_FAKEICMP)
3088 } else if (((pass & FR_RETMASK) == FR_RETRST) &&
3100 if (FR_ISAUTH(pass) && (fin->fin_m != NULL)) {
3107 if (pass & FR_RETRST) {
3117 if (FR_ISBLOCK(pass) && (fin->fin_flx & FI_NEWNAT))
3143 if (!out && (pass & FR_FASTROUTE)) {
3146 * so pass NULL as the frdest_t parameter
3166 if (!FR_ISPASS(pass)) {
3189 if (FR_ISPASS(pass))
3197 FR_VERBOSE(("fin_flx %#x pass %#x ", fin->fin_flx, pass));
3198 /*if ((pass & FR_CMDMASK) == (softc->ipf_pass & FR_CMDMASK))*/
3199 if ((pass & FR_NOMATCH) != 0)
3202 if ((pass & FR_RETMASK) != 0)
3203 switch (pass & FR_RETMASK)
3213 switch (pass & FR_CMDMASK)
3245 u_32_t pass;
3249 pass = *passp;
3251 if ((softc->ipf_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
3252 pass |= FF_LOGNOMATCH;
3256 } else if (((pass & FR_LOGMASK) == FR_LOGP) ||
3257 (FR_ISPASS(pass) && (softc->ipf_flags & FF_LOGPASS))) {
3258 if ((pass & FR_LOGMASK) != FR_LOGP)
3259 pass |= FF_LOGPASS;
3263 } else if (((pass & FR_LOGMASK) == FR_LOGB) ||
3264 (FR_ISBLOCK(pass) && (softc->ipf_flags & FF_LOGBLOCK))) {
3265 if ((pass & FR_LOGMASK) != FR_LOGB)
3266 pass |= FF_LOGBLOCK;
3270 if (ipf_log_pkt(fin, pass) == -1) {
3275 if ((pass & FR_LOGORBLOCK) && FR_ISPASS(pass)) {
3276 DT1(frb_logfail2, u_int, pass);
3277 pass &= ~FR_CMDMASK;
3278 pass |= FR_BLOCK;
3282 *passp = pass;
8189 /* pass(I) - IP protocol version to match */
8199 ipf_decaps(fr_info_t *fin, u_32_t pass, int l5proto)
8347 pass &= ~FR_CMDMASK;
8348 pass |= FR_BLOCK|FR_QUICK;
8353 pass = ipf_scanlist(fin, pass);
8378 return (pass);