Lines Matching refs:fin
408 /* Parameters: fin(I) - pointer to packet information */
417 ipf_pr_short6(fr_info_t *fin, int xmin)
420 if (fin->fin_dlen < xmin)
421 fin->fin_flx |= FI_SHORT;
428 /* Parameters: fin(I) - pointer to packet information */
437 ipf_pr_ipv6hdr(fr_info_t *fin)
439 ip6_t *ip6 = (ip6_t *)fin->fin_ip;
441 fr_ip_t *fi = &fin->fin_fi;
443 fin->fin_off = 0;
451 fin->fin_crc = p;
454 fin->fin_crc += fi->fi_src.i6[0];
455 fin->fin_crc += fi->fi_src.i6[1];
456 fin->fin_crc += fi->fi_src.i6[2];
457 fin->fin_crc += fi->fi_src.i6[3];
459 fin->fin_crc += fi->fi_dst.i6[0];
460 fin->fin_crc += fi->fi_dst.i6[1];
461 fin->fin_crc += fi->fi_dst.i6[2];
462 fin->fin_crc += fi->fi_dst.i6[3];
463 fin->fin_id = 0;
465 fin->fin_flx |= FI_MULTICAST|FI_MBCAST;
468 while (go && !(fin->fin_flx & FI_SHORT)) {
472 ipf_pr_udp6(fin);
477 ipf_pr_tcp6(fin);
482 ipf_pr_icmp6(fin);
487 ipf_pr_gre6(fin);
492 p = ipf_pr_hopopts6(fin);
496 p = ipf_pr_mobility6(fin);
500 p = ipf_pr_dstopts6(fin);
504 p = ipf_pr_routing6(fin);
508 p = ipf_pr_ah6(fin);
512 ipf_pr_esp6(fin);
519 fin->fin_flx |= ip6exthdr[i].ol_bit;
530 p = ipf_pr_fragment6(fin);
537 if (fin->fin_off != 0)
557 (ipf_pr_pullup(fin, 0) == -1)) {
568 if (fin->fin_m == NULL) {
569 ipf_main_softc_t *softc = fin->fin_main_soft;
571 LBUMPD(ipf_stats[fin->fin_out], fr_v6_bad);
581 if ((go != 0) && (fin->fin_flx & FI_FRAG) && (fin->fin_off == 0)) {
582 ipf_main_softc_t *softc = fin->fin_main_soft;
584 fin->fin_flx |= FI_BAD;
585 DT2(ipf_fi_bad_ipv6_frag_1, fr_info_t *, fin, int, go);
586 LBUMPD(ipf_stats[fin->fin_out], fr_v6_badfrag);
587 LBUMP(ipf_stats[fin->fin_out].fr_v6_bad);
596 /* Parameters: fin(I) - pointer to packet information */
608 ipf_pr_ipv6exthdr(fr_info_t *fin, int multiple, int proto)
610 ipf_main_softc_t *softc = fin->fin_main_soft;
615 fin->fin_flx |= FI_V6EXTHDR;
618 if ((fin->fin_dlen - 8) < 0) {
619 fin->fin_flx |= FI_SHORT;
620 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_short);
624 if (ipf_pr_pullup(fin, 8) == -1) {
625 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_pullup);
629 hdr = fin->fin_dp;
640 if (shift > fin->fin_dlen) { /* Nasty extension header length? */
641 fin->fin_flx |= FI_BAD;
642 DT3(ipf_fi_bad_pr_ipv6exthdr_len, fr_info_t *, fin, u_short, shift, u_short, fin->fin_dlen);
643 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_hlen);
647 fin->fin_dp = (char *)fin->fin_dp + shift;
648 fin->fin_dlen -= shift;
655 if (fin->fin_flx & FI_FRAG)
664 ((fin->fin_optmsk & ip6exthdr[i].ol_bit) != 0)) {
665 fin->fin_flx |= FI_BAD;
666 DT2(ipf_fi_bad_ipv6exthdr_once, fr_info_t *, fin, u_int, (fin->fin_optmsk & ip6exthdr[i].ol_bit));
668 fin->fin_optmsk |= ip6exthdr[i].ol_bit;
679 /* Parameters: fin(I) - pointer to packet information */
685 ipf_pr_hopopts6(fr_info_t *fin)
689 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_HOPOPTS);
699 /* Parameters: fin(I) - pointer to packet information */
705 ipf_pr_mobility6(fr_info_t *fin)
709 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_MOBILITY);
719 /* Parameters: fin(I) - pointer to packet information */
725 ipf_pr_routing6(fr_info_t *fin)
729 hdr = (struct ip6_routing *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_ROUTING);
741 ipf_main_softc_t *softc = fin->fin_main_soft;
743 fin->fin_flx |= FI_BAD;
744 DT1(ipf_fi_bad_routing6, fr_info_t *, fin);
745 LBUMPD(ipf_stats[fin->fin_out], fr_v6_rh_bad);
761 /* Parameters: fin(I) - pointer to packet information */
788 ipf_pr_fragment6(fr_info_t *fin)
790 ipf_main_softc_t *softc = fin->fin_main_soft;
793 fin->fin_flx |= FI_FRAG;
795 frag = (struct ip6_frag *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_FRAGMENT);
797 LBUMPD(ipf_stats[fin->fin_out], fr_v6_frag_bad);
806 if ((fin->fin_plen & 7) != 0) {
807 fin->fin_flx |= FI_BAD;
808 DT2(ipf_fi_bad_frag_not_8, fr_info_t *, fin, u_int, (fin->fin_plen & 7));
812 fin->fin_fraghdr = frag;
813 fin->fin_id = frag->ip6f_ident;
814 fin->fin_off = ntohs(frag->ip6f_offlg & IP6F_OFF_MASK);
815 if (fin->fin_off != 0)
816 fin->fin_flx |= FI_FRAGBODY;
821 if ((fin->fin_off << 3) + fin->fin_dlen > 65535) {
822 fin->fin_flx |= FI_BAD;
823 DT2(ipf_fi_bad_jumbogram, fr_info_t *, fin, u_int, ((fin->fin_off << 3) + fin->fin_dlen));
840 /* Parameters: fin(I) - pointer to packet information */
846 ipf_pr_dstopts6(fr_info_t *fin)
848 ipf_main_softc_t *softc = fin->fin_main_soft;
851 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_DSTOPTS);
853 LBUMPD(ipf_stats[fin->fin_out], fr_v6_dst_bad);
863 /* Parameters: fin(I) - pointer to packet information */
870 ipf_pr_icmp6(fr_info_t *fin)
875 if (ipf_pr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1) {
876 ipf_main_softc_t *softc = fin->fin_main_soft;
878 LBUMPD(ipf_stats[fin->fin_out], fr_v6_icmp6_pullup);
882 if (fin->fin_dlen > 1) {
885 icmp6 = fin->fin_dp;
887 fin->fin_data[0] = *(u_short *)icmp6;
890 fin->fin_flx |= FI_ICMPQUERY;
896 if (fin->fin_dlen >= 6)
897 fin->fin_data[1] = icmp6->icmp6_id;
905 fin->fin_flx |= FI_ICMPERR;
907 if (fin->fin_plen < ICMP6ERR_IPICMPHLEN)
910 if (M_LEN(fin->fin_m) < fin->fin_plen) {
911 if (ipf_coalesce(fin) != 1)
915 if (ipf_pr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
923 icmp6 = fin->fin_dp;
925 if (IP6_NEQ(&fin->fin_fi.fi_dst,
927 fin->fin_flx |= FI_BAD;
928 DT1(ipf_fi_bad_icmp6, fr_info_t *, fin);
936 ipf_pr_short6(fin, minicmpsz);
937 if ((fin->fin_flx & (FI_SHORT|FI_BAD)) == 0) {
938 u_char p = fin->fin_p;
940 fin->fin_p = IPPROTO_ICMPV6;
941 ipf_checkv6sum(fin);
942 fin->fin_p = p;
950 /* Parameters: fin(I) - pointer to packet information */
957 ipf_pr_udp6(fr_info_t *fin)
960 if (ipf_pr_udpcommon(fin) == 0) {
961 u_char p = fin->fin_p;
963 fin->fin_p = IPPROTO_UDP;
964 ipf_checkv6sum(fin);
965 fin->fin_p = p;
973 /* Parameters: fin(I) - pointer to packet information */
980 ipf_pr_tcp6(fr_info_t *fin)
983 if (ipf_pr_tcpcommon(fin) == 0) {
984 u_char p = fin->fin_p;
986 fin->fin_p = IPPROTO_TCP;
987 ipf_checkv6sum(fin);
988 fin->fin_p = p;
996 /* Parameters: fin(I) - pointer to packet information */
1006 ipf_pr_esp6(fr_info_t *fin)
1009 if ((fin->fin_off == 0) && (ipf_pr_pullup(fin, 8) == -1)) {
1010 ipf_main_softc_t *softc = fin->fin_main_soft;
1012 LBUMPD(ipf_stats[fin->fin_out], fr_v6_esp_pullup);
1021 /* Parameters: fin(I) - pointer to packet information */
1029 ipf_pr_ah6(fr_info_t *fin)
1033 fin->fin_flx |= FI_AH;
1035 ah = (authhdr_t *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_HOPOPTS);
1037 ipf_main_softc_t *softc = fin->fin_main_soft;
1039 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ah_bad);
1043 ipf_pr_short6(fin, sizeof(*ah));
1056 /* Parameters: fin(I) - pointer to packet information */
1061 ipf_pr_gre6(fr_info_t *fin)
1065 if (ipf_pr_pullup(fin, sizeof(grehdr_t)) == -1) {
1066 ipf_main_softc_t *softc = fin->fin_main_soft;
1068 LBUMPD(ipf_stats[fin->fin_out], fr_v6_gre_pullup);
1072 gre = fin->fin_dp;
1074 fin->fin_data[0] = gre->gr_call;
1082 /* Parameters: fin(I) - pointer to packet information */
1098 ipf_pr_pullup(fr_info_t *fin, int plen)
1100 ipf_main_softc_t *softc = fin->fin_main_soft;
1102 if (fin->fin_m != NULL) {
1103 if (fin->fin_dp != NULL)
1104 plen += (char *)fin->fin_dp -
1105 ((char *)fin->fin_ip + fin->fin_hlen);
1106 plen += fin->fin_hlen;
1107 if (M_LEN(fin->fin_m) < plen + fin->fin_ipoff) {
1109 if (ipf_pullup(fin->fin_m, fin, plen) == NULL) {
1110 DT1(ipf_pullup_fail, fr_info_t *, fin);
1111 LBUMP(ipf_stats[fin->fin_out].fr_pull[1]);
1112 fin->fin_reason = FRB_PULLUP;
1113 fin->fin_flx |= FI_BAD;
1116 LBUMP(ipf_stats[fin->fin_out].fr_pull[0]);
1118 LBUMP(ipf_stats[fin->fin_out].fr_pull[1]);
1122 fin->fin_reason = FRB_PULLUP;
1123 *fin->fin_mp = NULL;
1124 fin->fin_m = NULL;
1125 fin->fin_ip = NULL;
1126 fin->fin_flx |= FI_BAD;
1138 /* Parameters: fin(I) - pointer to packet information */
1148 ipf_pr_short(fr_info_t *fin, int xmin)
1151 if (fin->fin_off == 0) {
1152 if (fin->fin_dlen < xmin)
1153 fin->fin_flx |= FI_SHORT;
1154 } else if (fin->fin_off < xmin) {
1155 fin->fin_flx |= FI_SHORT;
1163 /* Parameters: fin(I) - pointer to packet information */
1174 ipf_pr_icmp(fr_info_t *fin)
1176 ipf_main_softc_t *softc = fin->fin_main_soft;
1181 ipf_pr_short(fin, ICMPERR_ICMPHLEN);
1183 if (fin->fin_off != 0) {
1184 LBUMPD(ipf_stats[fin->fin_out], fr_v4_icmp_frag);
1188 if (ipf_pr_pullup(fin, ICMPERR_ICMPHLEN) == -1) {
1189 LBUMPD(ipf_stats[fin->fin_out], fr_v4_icmp_pullup);
1193 icmp = fin->fin_dp;
1195 fin->fin_data[0] = *(u_short *)icmp;
1196 fin->fin_data[1] = icmp->icmp_id;
1205 fin->fin_flx |= FI_ICMPQUERY;
1214 fin->fin_flx |= FI_ICMPQUERY;
1225 fin->fin_flx |= FI_ICMPQUERY;
1235 fin->fin_flx |= FI_BAD;
1236 DT3(ipf_fi_bad_icmp_nextmtu, fr_info_t *, fin, u_int, icmp->icmp_nextmtu, u_int, softc->ipf_icmpminfragmtu);
1245 fin->fin_flx |= FI_ICMPERR;
1246 if (ipf_coalesce(fin) != 1) {
1247 LBUMPD(ipf_stats[fin->fin_out], fr_icmp_coalesce);
1256 oip = (ip_t *)((char *)fin->fin_dp + ICMPERR_ICMPHLEN);
1258 fin->fin_flx |= FI_BAD;
1259 DT2(ipf_fi_bad_icmp_err, fr_info_t, fin, u_int, (ntohs(oip->ip_off) & IP_OFFMASK));
1267 if (oip->ip_src.s_addr != fin->fin_daddr) {
1268 fin->fin_flx |= FI_BAD;
1269 DT1(ipf_fi_bad_src_ne_dst, fr_info_t *, fin);
1276 ipf_pr_short(fin, minicmpsz);
1278 ipf_checkv4sum(fin);
1285 /* Parameters: fin(I) - pointer to packet information */
1293 ipf_pr_tcpcommon(fr_info_t *fin)
1295 ipf_main_softc_t *softc = fin->fin_main_soft;
1299 fin->fin_flx |= FI_TCPUDP;
1300 if (fin->fin_off != 0) {
1301 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_frag);
1305 if (ipf_pr_pullup(fin, sizeof(*tcp)) == -1) {
1306 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_pullup);
1310 tcp = fin->fin_dp;
1311 if (fin->fin_dlen > 3) {
1312 fin->fin_sport = ntohs(tcp->th_sport);
1313 fin->fin_dport = ntohs(tcp->th_dport);
1316 if ((fin->fin_flx & FI_SHORT) != 0) {
1317 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_short);
1327 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_small);
1328 fin->fin_flx |= FI_BAD;
1329 DT3(ipf_fi_bad_tlen, fr_info_t, fin, u_int, tlen, u_int, sizeof(tcphdr_t));
1334 fin->fin_tcpf = tcp->th_flags;
1342 fin->fin_flx |= FI_BAD;
1343 DT3(ipf_fi_bad_th_urg, fr_info_t*, fin, u_int, (flags & TH_URG), u_int, tcp->th_urp);
1350 fin->fin_flx |= FI_BAD;
1351 DT3(ipf_fi_bad_th_urg0, fr_info_t *, fin, u_int, (flags & TH_URG), u_int, tcp->th_urp);
1356 fin->fin_flx |= FI_BAD;
1357 DT1(ipf_fi_bad_th_fin_rst_ack, fr_info_t, fin);
1365 fin->fin_flx |= FI_BAD;
1366 DT1(ipf_fi_bad_th_syn_urg_psh, fr_info_t *, fin);
1384 /*fin->fin_flx |= FI_BAD*/;
1385 /*DT1(ipf_fi_bad_th_syn_ack, fr_info_t *, fin);*/
1387 fin->fin_flx |= FI_BAD;
1388 DT1(ipf_fi_bad_th_rst_syn, fr_info_t *, fin);
1390 fin->fin_flx |= FI_BAD;
1391 DT1(ipf_fi_bad_th_urg_push_fin, fr_info_t *, fin);
1394 if (fin->fin_flx & FI_BAD) {
1395 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_bad_flags);
1411 if (ipf_pr_pullup(fin, tlen) == -1) {
1412 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_pullup);
1417 tcp = fin->fin_dp;
1418 ip = fin->fin_ip;
1422 if (fin->fin_mp != NULL) {
1423 mb_t *m = *fin->fin_mp;
1463 /* Parameters: fin(I) - pointer to packet information */
1469 ipf_pr_udpcommon(fr_info_t *fin)
1473 fin->fin_flx |= FI_TCPUDP;
1475 if (!fin->fin_off && (fin->fin_dlen > 3)) {
1476 if (ipf_pr_pullup(fin, sizeof(*udp)) == -1) {
1477 ipf_main_softc_t *softc = fin->fin_main_soft;
1479 fin->fin_flx |= FI_SHORT;
1480 LBUMPD(ipf_stats[fin->fin_out], fr_udp_pullup);
1484 udp = fin->fin_dp;
1486 fin->fin_sport = ntohs(udp->uh_sport);
1487 fin->fin_dport = ntohs(udp->uh_dport);
1497 /* Parameters: fin(I) - pointer to packet information */
1503 ipf_pr_tcp(fr_info_t *fin)
1506 ipf_pr_short(fin, sizeof(tcphdr_t));
1508 if (ipf_pr_tcpcommon(fin) == 0)
1509 ipf_checkv4sum(fin);
1516 /* Parameters: fin(I) - pointer to packet information */
1522 ipf_pr_udp(fr_info_t *fin)
1525 ipf_pr_short(fin, sizeof(udphdr_t));
1527 if (ipf_pr_udpcommon(fin) == 0)
1528 ipf_checkv4sum(fin);
1535 /* Parameters: fin(I) - pointer to packet information */
1544 ipf_pr_esp(fr_info_t *fin)
1547 if (fin->fin_off == 0) {
1548 ipf_pr_short(fin, 8);
1549 if (ipf_pr_pullup(fin, 8) == -1) {
1550 ipf_main_softc_t *softc = fin->fin_main_soft;
1552 LBUMPD(ipf_stats[fin->fin_out], fr_v4_esp_pullup);
1561 /* Parameters: fin(I) - pointer to packet information */
1568 ipf_pr_ah(fr_info_t *fin)
1570 ipf_main_softc_t *softc = fin->fin_main_soft;
1574 fin->fin_flx |= FI_AH;
1575 ipf_pr_short(fin, sizeof(*ah));
1577 if (((fin->fin_flx & FI_SHORT) != 0) || (fin->fin_off != 0)) {
1578 LBUMPD(ipf_stats[fin->fin_out], fr_v4_ah_bad);
1582 if (ipf_pr_pullup(fin, sizeof(*ah)) == -1) {
1584 LBUMP(ipf_stats[fin->fin_out].fr_v4_ah_pullup);
1588 ah = (authhdr_t *)fin->fin_dp;
1591 ipf_pr_short(fin, len);
1592 if (ipf_pr_pullup(fin, len) == -1) {
1594 LBUMP(ipf_stats[fin->fin_out].fr_v4_ah_pullup);
1602 fin->fin_dp = (char *)fin->fin_dp + len;
1603 fin->fin_dlen -= len;
1611 /* Parameters: fin(I) - pointer to packet information */
1616 ipf_pr_gre(fr_info_t *fin)
1618 ipf_main_softc_t *softc = fin->fin_main_soft;
1621 ipf_pr_short(fin, sizeof(grehdr_t));
1623 if (fin->fin_off != 0) {
1624 LBUMPD(ipf_stats[fin->fin_out], fr_v4_gre_frag);
1628 if (ipf_pr_pullup(fin, sizeof(grehdr_t)) == -1) {
1629 LBUMPD(ipf_stats[fin->fin_out], fr_v4_gre_pullup);
1633 gre = fin->fin_dp;
1635 fin->fin_data[0] = gre->gr_call;
1642 /* Parameters: fin(I) - pointer to packet information */
1649 ipf_pr_ipv4hdr(fr_info_t *fin)
1659 fi = &fin->fin_fi;
1660 hlen = fin->fin_hlen;
1662 ip = fin->fin_ip;
1665 fin->fin_crc = p;
1667 fin->fin_id = ntohs(ip->ip_id);
1683 fin->fin_crc += fi->fi_saddr;
1685 fin->fin_crc += fi->fi_daddr;
1687 fin->fin_flx |= FI_MULTICAST|FI_MBCAST;
1700 fin->fin_flx |= FI_SHORT; /* RFC 3128 */
1701 DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
1704 fin->fin_flx |= FI_FRAGBODY;
1706 if ((off + fin->fin_dlen > 65535) ||
1707 (fin->fin_dlen == 0) ||
1708 ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
1719 DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
1723 fin->fin_off = off;
1733 p = ipf_pr_ah(fin);
1739 ipf_pr_udp(fin);
1742 ipf_pr_tcp(fin);
1745 ipf_pr_icmp(fin);
1748 ipf_pr_esp(fin);
1751 ipf_pr_gre(fin);
1755 ip = fin->fin_ip;
1802 fin->fin_flx |= FI_BAD;
1803 DT2(ipf_fi_bad_ipopt_security, fr_info_t *, fin, u_short, (optmsk & op->ol_bit));
1814 fin->fin_flx |= FI_BAD;
1815 DT2(ipf_fi_bad_ipopt_cipso, fr_info_t *, fin, u_short, (optmsk & op->ol_bit));
1817 doi = ipf_checkcipso(fin,
1886 /* Parameters: fin(IO) - pointer to packet information */
1899 ipf_checkcipso(fr_info_t *fin, u_char *s, int ol)
1901 ipf_main_softc_t *softc = fin->fin_main_soft;
1908 LBUMPD(ipf_stats[fin->fin_out], fr_v4_cipso_bad);
1909 fin->fin_flx |= FI_BAD;
1910 DT2(ipf_fi_bad_checkcipso_ol, fr_info_t *, fin, u_int, ol);
1914 fi = &fin->fin_fi;
1926 LBUMPD(ipf_stats[fin->fin_out], fr_v4_cipso_tlen);
1927 fin->fin_flx |= FI_BAD;
1928 DT2(ipf_fi_bad_checkcipso_tlen, fr_info_t *, fin, u_int, tlen);
1938 fin->fin_flx |= FI_BAD;
1939 DT2(ipf_fi_bad_checkcipso_tag, fr_info_t *, fin, u_int, tag);
1943 fin->fin_flx |= FI_BAD;
1944 DT2(ipf_fi_bad_checkcipso_tag1_t2, fr_info_t *, fin, u_int, (*t + 2));
1952 fin->fin_flx |= FI_BAD;
1953 DT2(ipf_fi_bad_checkcipso_tag4_t2, fr_info_t *, fin, u_int, (*t + 2));
1961 fin->fin_flx |= FI_BAD;
1962 DT2(ipf_fi_bad_checkcipso_tag5_t2, fr_info_t *, fin, u_int, (*t + 2));
1972 fin->fin_flx |= FI_BAD;
1973 DT2(ipf_fi_bad_checkcipso_tag127, fr_info_t *, fin, u_int, tag);
1990 /* fin(IO) - pointer to packet information */
1994 /* in the fr_info_t structure pointer to by fin. At present, it is assumed */
1998 ipf_makefrip(int hlen, ip_t *ip, fr_info_t *fin)
2000 ipf_main_softc_t *softc = fin->fin_main_soft;
2003 fin->fin_depth = 0;
2004 fin->fin_hlen = (u_short)hlen;
2005 fin->fin_ip = ip;
2006 fin->fin_rule = 0xffffffff;
2007 fin->fin_group[0] = -1;
2008 fin->fin_group[1] = '\0';
2009 fin->fin_dp = (char *)ip + hlen;
2011 v = fin->fin_v;
2013 fin->fin_plen = ntohs(ip->ip_len);
2014 fin->fin_dlen = fin->fin_plen - hlen;
2015 ipf_pr_ipv4hdr(fin);
2018 fin->fin_plen = ntohs(((ip6_t *)ip)->ip6_plen);
2019 fin->fin_dlen = fin->fin_plen;
2020 fin->fin_plen += hlen;
2022 ipf_pr_ipv6hdr(fin);
2025 if (fin->fin_ip == NULL) {
2026 LBUMP(ipf_stats[fin->fin_out].fr_ip_freed);
2153 /* Parameters: fin(I) - pointer to packet information */
2163 ipf_check_ipf(fr_info_t *fin, frentry_t *fr, int portcmp)
2170 fi = &fin->fin_fi;
2205 i = (*fr->fr_srcfunc)(fin->fin_main_soft, fr->fr_srcptr,
2206 fi->fi_v, lip, fin->fin_plen);
2244 i = (*fr->fr_dstfunc)(fin->fin_main_soft, fr->fr_dstptr,
2245 fi->fi_v, lip, fin->fin_plen);
2298 if (!ipf_tcpudpchk(&fin->fin_fi, &fr->fr_tuc))
2307 fin->fin_off || (fin->fin_dlen < 2))
2309 else if ((fin->fin_data[0] & fr->fr_icmpm) !=
2312 fin->fin_data[0],
2326 /* Parameters: fin(I) - pointer to packet information */
2331 /* return value and fin->fin_fr points to the matched rule. */
2340 ipf_scanlist(fr_info_t *fin, u_32_t pass)
2342 ipf_main_softc_t *softc = fin->fin_main_soft;
2350 if (fin->fin_depth >= 16)
2353 fr = fin->fin_fr;
2363 fin->fin_depth++;
2364 fin->fin_fr = NULL;
2365 off = fin->fin_off;
2367 if ((fin->fin_flx & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
2385 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2395 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2404 if (ipf_check_ipf(fin, fr, portcmp))
2414 if (*fin->fin_mp == NULL)
2416 if (fin->fin_family != fr->fr_family)
2418 mc = (u_char *)fin->fin_m;
2419 wlen = fin->fin_dlen + fin->fin_hlen;
2429 f = (*fr->fr_func)(fin, &pass);
2439 if (fin->fin_family != fr->fr_family)
2441 if (ipf_fr_matcharray(fin, fr->fr_data) == 0)
2449 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
2450 if (fin->fin_nattag == NULL)
2452 if (ipf_matchtag(&fr->fr_nattag, fin->fin_nattag) == 0)
2473 frs = fin->fin_fr;
2474 fin->fin_fr = fr;
2475 fr = (*fr->fr_func)(fin, &passt);
2477 fin->fin_fr = frs;
2482 fin->fin_fr = fr;
2489 if (ipf_log_pkt(fin, passt) == -1) {
2494 fin->fin_reason = FRB_LOGFAIL;
2501 fr->fr_bytes += (U_QUAD_T)fin->fin_plen;
2504 fin->fin_rule = rulen;
2516 fin->fin_icode = fr->fr_icode;
2519 (void) strncpy(fin->fin_group,
2523 fin->fin_group[0] = '\0';
2529 fin->fin_fr = fr->fr_grphead->fg_start;
2533 passt = ipf_decaps(fin, pass, fr->fr_icode);
2535 passt = ipf_scanlist(fin, pass);
2537 if (fin->fin_fr == NULL) {
2538 fin->fin_rule = rulen;
2540 (void) strncpy(fin->fin_group,
2545 fin->fin_fr = fr;
2560 !(fin->fin_flx & FI_STATE)) {
2561 int out = fin->fin_out;
2563 fin->fin_fr = fr;
2564 if (ipf_state_add(softc, fin, NULL, 0) == 0) {
2575 fin->fin_depth--;
2583 /* Parameters: fin(I) - pointer to packet information */
2593 ipf_acctpkt(fr_info_t *fin, u_32_t *passp)
2595 ipf_main_softc_t *softc = fin->fin_main_soft;
2601 fr = softc->ipf_acct[fin->fin_out][softc->ipf_active];
2604 frsave = fin->fin_fr;
2605 bcopy(fin->fin_group, group, FR_GROUPLEN);
2606 rulen = fin->fin_rule;
2607 fin->fin_fr = fr;
2608 pass = ipf_scanlist(fin, FR_NOMATCH);
2612 fin->fin_fr = frsave;
2613 bcopy(group, fin->fin_group, FR_GROUPLEN);
2614 fin->fin_rule = rulen;
2624 /* Parameters: fin(I) - pointer to packet information */
2634 ipf_firewall(fr_info_t *fin, u_32_t *passp)
2636 ipf_main_softc_t *softc = fin->fin_main_soft;
2641 out = fin->fin_out;
2648 fin->fin_fr = softc->ipf_rules[out][softc->ipf_active];
2649 if (fin->fin_fr != NULL)
2650 pass = ipf_scanlist(fin, softc->ipf_pass);
2655 fr = fin->fin_fr;
2662 DT2(frb_ppsrate, fr_info_t *, fin, frentry_t *, fr);
2666 fin->fin_reason = FRB_PPSRATE;
2675 if (ipf_auth_new(fin->fin_m, fin) != 0) {
2676 DT1(frb_authnew, fr_info_t *, fin);
2677 fin->fin_m = *fin->fin_mp = NULL;
2678 fin->fin_reason = FRB_AUTHNEW;
2679 fin->fin_error = 0;
2682 fin->fin_error = ENOSPC;
2688 (void) (*fr->fr_func)(fin, &pass);
2697 pass = ipf_auth_pre_scanlist(softc, fin, pass);
2705 if (fin->fin_flx & FI_FRAG) {
2706 if (ipf_frag_new(softc, fin, pass) == -1) {
2716 fr = fin->fin_fr;
2767 fr_info_t *fin = &frinfo;
2796 bzero((char *)fin, sizeof(*fin));
2800 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2802 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2804 fin->fin_qfm = m;
2805 fin->fin_qpi = qpi;
2812 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2816 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2820 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2841 bzero((char *)fin, sizeof(*fin));
2845 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2849 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2853 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2857 fin->fin_v = v;
2858 fin->fin_m = m;
2859 fin->fin_ip = ip;
2860 fin->fin_mp = mp;
2861 fin->fin_out = out;
2862 fin->fin_ifp = ifp;
2863 fin->fin_error = ENETUNREACH;
2864 fin->fin_hlen = (u_short)hlen;
2865 fin->fin_dp = (char *)ip + hlen;
2866 fin->fin_main_soft = softc;
2868 fin->fin_ipoff = (char *)ip - MTOD(m, char *);
2883 fin->fin_reason = FRB_JUMBO;
2886 fin->fin_family = AF_INET6;
2890 fin->fin_family = AF_INET;
2893 if (ipf_makefrip(hlen, ip, fin) == -1) {
2894 DT1(frb_makefrip, fr_info_t *, fin);
2896 fin->fin_reason = FRB_MAKEFRIP;
2904 if (*fin->fin_mp == NULL)
2909 if (softc->ipf_chksrc && !ipf_verifysrc(fin)) {
2911 fin->fin_flx |= FI_BADSRC;
2913 if (fin->fin_ip->ip_ttl < softc->ipf_minttl) {
2915 fin->fin_flx |= FI_LOWTTL;
2922 fin->fin_flx |= FI_LOWTTL;
2928 if (fin->fin_flx & FI_SHORT) {
2935 switch (fin->fin_v)
2938 if (ipf_nat_checkin(fin, &pass) == -1) {
2944 if (ipf_nat6_checkin(fin, &pass) == -1) {
2961 fr = ipf_auth_check(fin, &pass);
2963 (void) ipf_acctpkt(fin, NULL);
2966 if ((fin->fin_flx & FI_FRAG) != 0)
2967 fr = ipf_frag_known(fin, &pass);
2970 fr = ipf_state_check(fin, &pass);
2974 fr = ipf_firewall(fin, &pass);
2981 if ((pass & FR_KEEPSTATE) && (fin->fin_m != NULL) &&
2982 !(fin->fin_flx & FI_STATE)) {
2983 if (ipf_state_add(softc, fin, NULL, 0) == 0) {
2991 fin->fin_reason = FRB_STATEADD;
2996 fin->fin_fr = fr;
2997 if ((fr != NULL) && !(fin->fin_flx & FI_STATE)) {
2998 fin->fin_dif = &fr->fr_dif;
2999 fin->fin_tif = &fr->fr_tifs[fin->fin_rev];
3007 (void) ipf_acctpkt(fin, NULL);
3009 switch (fin->fin_v)
3012 if (ipf_nat_checkout(fin, &pass) == -1) {
3015 if (ipf_updateipid(fin) == -1) {
3020 fin->fin_reason = FRB_UPDATEIPID;
3028 (void) ipf_nat6_checkout(fin, &pass);
3039 (void) ipf_dolog(fin, &pass);
3049 fin->fin_flx &= ~FI_STATE;
3085 (void) ipf_send_icmp_err(ICMP_UNREACH, fin,
3089 !(fin->fin_flx & FI_SHORT)) {
3090 if (((fin->fin_flx & FI_OOW) != 0) ||
3091 (ipf_send_reset(fin) == 0)) {
3100 if (FR_ISAUTH(pass) && (fin->fin_m != NULL)) {
3101 DT1(frb_authcapture, fr_info_t *, fin);
3102 fin->fin_m = *fin->fin_mp = NULL;
3103 fin->fin_reason = FRB_AUTHCAPTURE;
3108 fin->fin_error = ECONNRESET;
3117 if (FR_ISBLOCK(pass) && (fin->fin_flx & FI_NEWNAT))
3118 ipf_nat_uncreate(fin);
3134 fdp = fin->fin_dif;
3137 mc = M_COPY(fin->fin_m);
3139 ipf_fastroute(mc, &mc, fin, fdp);
3142 fdp = fin->fin_tif;
3148 (void) ipf_fastroute(fin->fin_m, mp, fin, NULL);
3153 ipf_fastroute(fin->fin_m, mp, fin, fdp);
3180 if (fin->fin_m == NULL && fin->fin_flx & FI_BAD &&
3181 fin->fin_reason == FRB_PULLUP) {
3183 LBUMP(ipf_stats[out].fr_blocked[fin->fin_reason]);
3191 LBUMP(ipf_stats[out].fr_blocked[fin->fin_reason]);
3192 return (fin->fin_error);
3195 (*mp)->mb_ifp = fin->fin_ifp;
3196 blockreason = fin->fin_reason;
3197 FR_VERBOSE(("fin_flx %#x pass %#x ", fin->fin_flx, pass));
3235 /* Parameters: fin(I) - pointer to packet information */
3242 ipf_dolog(fr_info_t *fin, u_32_t *passp)
3244 ipf_main_softc_t *softc = fin->fin_main_soft;
3248 out = fin->fin_out;
3270 if (ipf_log_pkt(fin, pass) == -1) {
3279 fin->fin_reason = FRB_LOGFAIL2;
3285 return (fin->fin_fr);
3324 /* Parameters: fin(I) - pointer to packet information */
3339 fr_cksum(fr_info_t *fin, ip_t *ip, int l4proto, void *l4hdr)
3370 slen = fin->fin_plen - off;
3376 m = fin->fin_m;
3413 sum2 = ipf_pcksum(fin, off, sum);
5513 /* Parameters: fin(I) - pointer to packet information */
5521 ipf_srcgrpmap(fr_info_t *fin, u_32_t *passp)
5526 rval = ipf_iphmfindgroup(fin->fin_main_soft, fin->fin_fr->fr_ptr,
5527 &fin->fin_src);
5532 fin->fin_fr = fg->fg_start;
5533 (void) ipf_scanlist(fin, *passp);
5534 return (fin->fin_fr);
5541 /* Parameters: fin(I) - pointer to packet information */
5549 ipf_dstgrpmap(fr_info_t *fin, u_32_t *passp)
5554 rval = ipf_iphmfindgroup(fin->fin_main_soft, fin->fin_fr->fr_ptr,
5555 &fin->fin_dst);
5560 fin->fin_fr = fg->fg_start;
5561 (void) ipf_scanlist(fin, *passp);
5562 return (fin->fin_fr);
5929 /* Parameters: fin(I) - pointer to packet information */
5939 ipf_updateipid(fr_info_t *fin)
5945 ip = fin->fin_ip;
5947 if (fin->fin_off != 0) {
5948 sum = ipf_frag_ipidknown(fin);
5957 if ((fin->fin_flx & FI_FRAG) != 0)
5958 (void) ipf_frag_ipidnew(fin, (u_32_t)id);
6467 /* Parameters: fin(I) - pointer to packet information */
6475 ipf_checkl4sum(fr_info_t *fin)
6486 if ((fin->fin_flx & (FI_FRAG|FI_SHORT|FI_BAD)) != 0)
6489 DT2(l4sumo, int, fin->fin_out, int, (int)fin->fin_p);
6490 if (fin->fin_out == 1) {
6491 fin->fin_cksum = FI_CK_SUMOK;
6500 switch (fin->fin_p)
6503 csump = &((tcphdr_t *)fin->fin_dp)->th_sum;
6508 udp = fin->fin_dp;
6517 csump = &((struct icmp6_hdr *)fin->fin_dp)->icmp6_cksum;
6523 csump = &((struct icmp *)fin->fin_dp)->icmp_cksum;
6534 if (fin->fin_p == IPPROTO_UDP && hdrsum == 0xffff)
6539 sum = fr_cksum(fin, fin->fin_ip, fin->fin_p, fin->fin_dp);
6548 DT3(l4sums, u_short, hdrsum, u_short, sum, fr_info_t *, fin);
6550 if (hdrsum == sum || (sum == 0 && IP_V(fin->fin_ip) == 6)) {
6554 fin->fin_cksum = FI_CK_SUMOK;
6557 fin->fin_cksum = FI_CK_BAD;
6691 /* Parameters: fin(I) - pointer to packet information */
6697 ipf_coalesce(fr_info_t *fin)
6700 if ((fin->fin_flx & FI_COALESCE) != 0)
6707 if (fin->fin_m == NULL || fin->fin_mp == NULL)
6711 if (ipf_pullup(fin->fin_m, fin, fin->fin_plen) == NULL) {
6712 ipf_main_softc_t *softc = fin->fin_main_soft;
6714 DT1(frb_coalesce, fr_info_t *, fin);
6715 LBUMP(ipf_stats[fin->fin_out].fr_badcoalesces);
6717 FREE_MB_T(*fin->fin_mp);
6719 fin->fin_reason = FRB_COALESCE;
6720 *fin->fin_mp = NULL;
6721 fin->fin_m = NULL;
6725 fin = fin; /* LINT */
8188 /* Parameters: fin(I) - pointer to packet information */
8199 ipf_decaps(fr_info_t *fin, u_32_t pass, int l5proto)
8207 if ((fin->fin_flx & FI_COALESCE) == 0)
8208 if (ipf_coalesce(fin) == -1)
8211 m = fin->fin_m;
8212 hlen = fin->fin_hlen;
8214 switch (fin->fin_p)
8221 nh = fin->fin_fr->fr_icode;
8225 bcopy(fin->fin_dp, (char *)&gre, sizeof(gre));
8251 s = fin->fin_dp;
8253 aplen = fin->fin_plen - hlen;
8271 hlen = s - (u_char *)fin->fin_dp;
8295 bcopy((char *)fin, (char *)&fin2, sizeof(fin2));
8296 fino = fin;
8297 fin = &fin2;
8305 fin->fin_plen -= elen;
8307 ip = (ip_t *)((char *)fin->fin_ip + elen);
8322 if (fin->fin_plen < hlen)
8325 fin->fin_dp = (char *)ip + hlen;
8335 if (ipf_makefrip(hlen, ip, fin) == -1) {
8346 DT1(frb_decapfrip, fr_info_t *, fin);
8349 fin->fin_reason = FRB_DECAPFRIP;
8353 pass = ipf_scanlist(fin, pass);
8360 fino->fin_flx = fin->fin_flx;
8361 fino->fin_rev = fin->fin_rev;
8362 fino->fin_icode = fin->fin_icode;
8363 fino->fin_rule = fin->fin_rule;
8364 (void) strncpy(fino->fin_group, fin->fin_group, FR_GROUPLEN);
8365 fino->fin_fr = fin->fin_fr;
8366 fino->fin_error = fin->fin_error;
8367 fino->fin_mp = fin->fin_mp;
8368 fino->fin_m = fin->fin_m;
8369 m = fin->fin_m;
8512 /* Parameters: fin(I) - pointer to packet information */
8520 ipf_fr_matcharray(fr_info_t *fin, int *array)
8542 if ((p != 0) && (p != fin->fin_p))
8549 rv |= (fin->fin_p == e->ipfe_arg0[i]);
8554 if (fin->fin_v != 4)
8557 rv |= ((fin->fin_saddr &
8564 if (fin->fin_v != 4)
8567 rv |= ((fin->fin_daddr &
8574 if (fin->fin_v != 4)
8577 rv |= ((fin->fin_saddr &
8580 ((fin->fin_daddr &
8588 if (fin->fin_v != 6)
8591 rv |= IP6_MASKEQ(&fin->fin_src6,
8598 if (fin->fin_v != 6)
8601 rv |= IP6_MASKEQ(&fin->fin_dst6,
8608 if (fin->fin_v != 6)
8611 rv |= IP6_MASKEQ(&fin->fin_src6,
8614 IP6_MASKEQ(&fin->fin_dst6,
8624 rv |= (fin->fin_sport == e->ipfe_arg0[i]) ||
8625 (fin->fin_dport == e->ipfe_arg0[i]);
8632 rv |= (fin->fin_sport == e->ipfe_arg0[i]);
8639 rv |= (fin->fin_dport == e->ipfe_arg0[i]);
8645 rv |= ((fin->fin_tcpf &