Lines Matching refs:fin
1311 /* fin(I) - pointer to packet information */
1327 ipf_state_add(ipf_main_softc_t *softc, fr_info_t *fin, ipstate_t **stsave,
1348 fin->fin_error = EAGAIN;
1352 if (fin->fin_flx & (FI_SHORT|FI_STATE|FI_FRAGBODY|FI_BAD)) {
1357 if ((fin->fin_flx & FI_OOW) && !(fin->fin_tcpf & TH_SYN)) {
1377 fr = fin->fin_fr;
1401 out = fin->fin_out;
1410 is->is_v = fin->fin_v;
1411 is->is_sec = fin->fin_secmsk;
1413 is->is_auth = fin->fin_auth;
1415 is->is_family = fin->fin_family;
1416 is->is_opt[0] = fin->fin_optmsk;
1426 hv = (is->is_p = fin->fin_fi.fi_p);
1427 is->is_src = fin->fin_fi.fi_src;
1429 is->is_dst = fin->fin_fi.fi_dst;
1432 if (fin->fin_v == 6) {
1460 if ((fin->fin_v == 4) &&
1461 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
1470 ic = fin->fin_dp;
1490 ic = fin->fin_dp;
1509 gre = fin->fin_dp;
1514 is->is_call[0] = fin->fin_data[0];
1515 is->is_call[1] = fin->fin_data[1];
1521 tcp = fin->fin_dp;
1534 is->is_sport = htons(fin->fin_data[0]);
1535 is->is_dport = htons(fin->fin_data[1]);
1553 if ((fin->fin_flx & FI_IGNORE) == 0) {
1554 is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
1567 if (ipf_tcpoptions(softs, fin, tcp,
1569 fin->fin_flx |= FI_BAD;
1570 DT1(ipf_fi_bad_tcpoptions_th_fin_ack_ecnall, fr_info_t *, fin);
1574 if ((fin->fin_out != 0) && (pass & FR_NEWISN) != 0) {
1575 ipf_checknewisn(fin, is);
1576 ipf_fixoutisn(fin, is);
1597 tcp = fin->fin_dp;
1599 is->is_sport = htons(fin->fin_data[0]);
1600 is->is_dport = htons(fin->fin_data[1]);
1642 is->is_rulen = fin->fin_rule;
1687 if ((fin->fin_flx & FI_IGNORE) == 0) {
1689 fin->fin_pktnum = 1;
1690 is->is_bytes[out] = fin->fin_plen;
1691 is->is_flx[out][0] = fin->fin_flx & FI_CMP;
1709 if (ipf_state_insert(softc, is, fin->fin_rev) == -1) {
1742 if ((fin->fin_ifp == NULL) ||
1751 is->is_ifp[out << 1] = fin->fin_ifp;
1752 COPYIFNAME(fin->fin_v, fin->fin_ifp,
1777 if (fin->fin_ifp != NULL) {
1778 is->is_ifp[out << 1] = fin->fin_ifp;
1779 COPYIFNAME(fin->fin_v, fin->fin_ifp,
1784 if (fin->fin_p == IPPROTO_TCP) {
1790 (void) ipf_tcp_age(&is->is_sti, fin, softs->ipf_state_tcptq,
1795 is->is_sync = ipf_sync_new(softc, SMC_STATE, fin, is);
1801 fin->fin_flx |= FI_STATE;
1802 if (fin->fin_flx & FI_FRAG)
1803 (void) ipf_frag_new(softc, fin, pass);
1807 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1815 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1820 fin->fin_tif = &is->is_tifs[fin->fin_rev];
1824 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL,
1829 fin->fin_dif = &is->is_dif;
1840 /* fin(I) - pointer to packet information */
1848 ipf_tcpoptions(ipf_state_softc_t *softs, fr_info_t *fin, tcphdr_t *tcp,
1856 if (fin->fin_dlen < len) {
1862 off = fin->fin_plen - fin->fin_dlen + sizeof(*tcp) + fin->fin_ipoff;
1864 m = fin->fin_m;
1943 /* fin(I) - pointer to packet information */
1953 fr_info_t *fin, tcphdr_t *tcp, ipstate_t *is)
1958 source = !fin->fin_rev;
1960 (ntohs(is->is_sport) != fin->fin_data[0]))
1988 ret = ipf_state_tcpinwindow(fin, fdata, tdata, tcp,
1994 ret = ipf_tcp_age(&is->is_sti, fin, softs->ipf_state_tcptq,
1998 DT2(iss_tcp_fsm, fr_info_t *, fin, ipstate_t *, is);
2019 if (ipf_tcpoptions(softs, fin, tcp,
2021 fin->fin_flx |= FI_BAD;
2022 DT1(ipf_fi_bad_winscale_syn_ack, fr_info_t *, fin);
2025 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
2026 ipf_checknewisn(fin, is);
2030 if (ipf_tcpoptions(softs, fin, tcp,
2032 fin->fin_flx |= FI_BAD;
2033 DT1(ipf_fi_bad_winscale_syn, fr_info_t *, fin);
2037 if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN))
2038 ipf_checknewisn(fin, is);
2043 DT2(iss_tcp_oow, fr_info_t *, fin, ipstate_t *, is);
2055 /* Parameters: fin(I) - pointer to packet information */
2065 ipf_checknewisn(fr_info_t *fin, ipstate_t *is)
2071 i = fin->fin_rev;
2072 tcp = fin->fin_dp;
2077 new = ipf_newisn(fin);
2090 /* Parameters: fin(I) - pointer to packet information */
2100 ipf_state_tcpinwindow(fr_info_t *fin, tcpdata_t *fdata, tcpdata_t *tdata,
2103 ipf_main_softc_t *softc = fin->fin_main_soft;
2127 dsize = fin->fin_dlen - (TCP_OFF(tcp) << 2) +
2177 fin->fin_flx |= FI_OOW;
2212 i = (fin->fin_rev << 1) + fin->fin_out;
2267 fin->fin_flx |= FI_OOW;
2276 /* Parameters: fin(I) - pointer to packet information */
2283 ipf_state_clone(fr_info_t *fin, tcphdr_t *tcp, ipstate_t *is)
2285 ipf_main_softc_t *softc = fin->fin_main_soft;
2315 send = ntohl(tcp->th_seq) + fin->fin_dlen - (TCP_OFF(tcp) << 2) +
2319 if (fin->fin_rev == 1) {
2339 if (ipf_state_insert(softc, clone, fin->fin_rev) == -1) {
2346 (void) ipf_tcp_age(&clone->is_sti, fin, softs->ipf_state_tcptq,
2351 clone->is_sync = ipf_sync_new(softc, SMC_STATE, fin, clone);
2361 /* Parameters: fin(I) - pointer to packet information */
2373 ipf_matchsrcdst(fr_info_t *fin, ipstate_t *is, i6addr_t *src, i6addr_t *dst,
2376 ipf_main_softc_t *softc = fin->fin_main_soft;
2391 ifp = fin->fin_ifp;
2392 out = fin->fin_out;
2398 sp = htons(fin->fin_sport);
2399 dp = ntohs(fin->fin_dport);
2422 DT2(iss_lookup_badifp, fr_info_t *, fin, ipstate_t *, is);
2460 DT2(iss_lookup_badport, fr_info_t *, fin, ipstate_t *, is);
2480 fr_ip_t *fi = &fin->fin_fi;
2487 if (!(fin->fin_flx & (FI_MULTICAST|FI_MBCAST))){
2494 if (!(fin->fin_flx & (FI_MULTICAST|FI_MBCAST))){
2508 flx = fin->fin_flx & cmask;
2515 ((fin->fin_optmsk & is->is_optmsk[rev]) != is->is_opt[rev]) ||
2516 ((fin->fin_secmsk & is->is_secmsk) != is->is_sec) ||
2517 ((fin->fin_auth & is->is_authmsk) != is->is_auth)) {
2522 if ((fin->fin_flx & FI_IGNORE) != 0) {
2523 fin->fin_rev = rev;
2536 clone = ipf_state_clone(fin, tcp, is);
2573 is->is_opt[1] = fin->fin_optmsk;
2589 COPYIFNAME(fin->fin_v, ifp, is->is_ifname[idx]);
2591 fin->fin_rev = rev;
2599 /* Parameters: fin(I) - pointer to packet information */
2608 ipf_checkicmpmatchingstate(fr_info_t *fin)
2610 ipf_main_softc_t *softc = fin->fin_main_soft;
2630 if ((fin->fin_v != 4) || (fin->fin_hlen != sizeof(ip_t)) ||
2631 (fin->fin_plen < ICMPERR_MINPKTLEN) ||
2632 !(fin->fin_flx & FI_ICMPERR)) {
2636 ic = fin->fin_dp;
2644 if (fin->fin_plen < ICMPERR_MAXPKTLEN + ((IP_HL(oip) - 5) << 2)) {
2652 len = fin->fin_dlen - ICMPERR_ICMPHLEN;
2654 DT2(iss_icmp_len, fr_info_t *, fin, struct ip*, oip);
2672 m = fin->fin_m;
2679 if ((char *)oip + len > (char *)fin->fin_ip + m->m_len) {
2687 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
2698 * we make an fin entry to be able to feed it to
2717 ofin.fin_ifp = fin->fin_ifp;
2718 ofin.fin_out = !fin->fin_out;
2773 if ((is != NULL) && !ipf_allowstateicmp(fin, is, &src))
2808 if (ipf_allowstateicmp(fin, is, &src) == 0)
2821 /* Parameters: fin(I) - pointer to packet information */
2830 ipf_allowstateicmp(fr_info_t *fin, ipstate_t *is, i6addr_t *src)
2832 ipf_main_softc_t *softc = fin->fin_main_soft;
2843 savefr = fin->fin_fr;
2844 fin->fin_fr = fr->fr_icmpgrp->fg_start;
2846 ipass = ipf_scanlist(fin, softc->ipf_pass);
2847 fin->fin_fr = savefr;
2862 fin->fin_rev = !backward;
2863 i = (!backward << 1) + fin->fin_out;
2864 oi = (backward << 1) + !fin->fin_out;
2875 DT2(iss_icmp_hits, fr_info_t *, fin, ipstate_t *, is);
2942 /* Parameters: fin(I) - pointer to packet information */
2947 /* the contents of *fin. For certain protocols, when a match is found the */
2954 ipf_state_lookup(fr_info_t *fin, tcphdr_t *tcp, ipftq_t **ifqp)
2956 ipf_main_softc_t *softc = fin->fin_main_soft;
2968 tcp = fin->fin_dp;
2970 hv = (pr = fin->fin_fi.fi_p);
2971 src = fin->fin_fi.fi_src;
2972 dst = fin->fin_fi.fi_dst;
2976 v = fin->fin_fi.fi_v;
2979 hv += fin->fin_fi.fi_src.i6[1];
2980 hv += fin->fin_fi.fi_src.i6[2];
2981 hv += fin->fin_fi.fi_src.i6[3];
2983 if ((fin->fin_p == IPPROTO_ICMPV6) &&
2984 IN6_IS_ADDR_MULTICAST(&fin->fin_fi.fi_dst.in6)) {
2987 hv += fin->fin_fi.fi_dst.i6[1];
2988 hv += fin->fin_fi.fi_dst.i6[2];
2989 hv += fin->fin_fi.fi_dst.i6[3];
2994 (fin->fin_flx & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST))) {
2995 if (fin->fin_out == 0) {
3026 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3029 ic, fin->fin_rev)) {
3030 if (fin->fin_rev)
3040 hv += fin->fin_fi.fi_src.i6[0];
3041 hv += fin->fin_fi.fi_src.i6[1];
3042 hv += fin->fin_fi.fi_src.i6[2];
3043 hv += fin->fin_fi.fi_src.i6[3];
3062 ((fin->fin_flx & FI_NOWILD) == 0) &&
3064 hv -= fin->fin_fi.fi_src.i6[0];
3065 hv -= fin->fin_fi.fi_src.i6[1];
3066 hv -= fin->fin_fi.fi_src.i6[2];
3067 hv -= fin->fin_fi.fi_src.i6[3];
3073 is = ipf_checkicmp6matchingstate(fin);
3090 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3094 ic, fin->fin_rev)) {
3095 if (fin->fin_rev)
3110 sport = htons(fin->fin_data[0]);
3112 dport = htons(fin->fin_data[1]);
3127 fin->fin_flx &= ~FI_OOW;
3128 is = ipf_matchsrcdst(fin, is, &src, &dst, tcp, FI_CMP);
3131 if (!ipf_state_tcp(softc, softs, fin,
3133 oow |= fin->fin_flx & FI_OOW;
3153 ((fin->fin_flx & FI_NOWILD) == 0)) {
3158 hv = fin->fin_fi.fi_p;
3165 if (fin->fin_out == 0) {
3179 fin->fin_flx |= oow;
3184 gre = fin->fin_dp;
3199 is = ipf_matchsrcdst(fin, is, &src, &dst, NULL, FI_CMP);
3213 (is->is_tqehead[fin->fin_rev] != NULL))
3214 ifq = is->is_tqehead[fin->fin_rev];
3228 /* Parameters: fin(I) - pointer to packet information */
3234 ipf_state_check(fr_info_t *fin, u_32_t *passp)
3236 ipf_main_softc_t *softc = fin->fin_main_soft;
3249 if (fin->fin_flx & (FI_SHORT|FI_FRAGBODY|FI_BAD)) {
3254 if ((fin->fin_flx & FI_TCPUDP) ||
3255 (fin->fin_fi.fi_p == IPPROTO_ICMP)
3257 || (fin->fin_fi.fi_p == IPPROTO_ICMPV6)
3260 tcp = fin->fin_dp;
3268 is = ipf_state_lookup(fin, tcp, &ifq);
3270 switch (fin->fin_p)
3276 if (fin->fin_v == 6) {
3277 is = ipf_checkicmp6matchingstate(fin);
3288 is = ipf_checkicmpmatchingstate(fin);
3296 if (fin->fin_out == 0)
3297 ipf_fixinisn(fin, is);
3298 else if (fin->fin_out == 1)
3299 ipf_fixoutisn(fin, is);
3303 if (fin->fin_rev)
3316 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
3317 if (fin->fin_nattag == NULL) {
3322 if (ipf_matchtag(&fr->fr_nattag, fin->fin_nattag)!=0) {
3328 (void) strncpy(fin->fin_group, FR_NAME(fr, fr_group),
3330 fin->fin_icode = fr->fr_icode;
3333 fin->fin_rule = is->is_rulen;
3334 fin->fin_fr = fr;
3340 if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
3342 (void) ipf_frag_new(softc, fin, is->is_pass);
3350 ifq = is->is_tqehead[fin->fin_rev];
3357 inout = (fin->fin_rev << 1) + fin->fin_out;
3359 is->is_bytes[inout] += fin->fin_plen;
3360 fin->fin_pktnum = is->is_pkts[inout] + is->is_icmppkts[inout];
3367 ipf_sync_update(softc, SMC_STATE, fin, is->is_sync);
3373 fin->fin_dif = &is->is_dif;
3374 fin->fin_tif = &is->is_tifs[fin->fin_rev];
3375 fin->fin_flx |= FI_STATE;
3386 /* Parameters: fin(I) - pointer to packet information */
3393 ipf_fixoutisn(fr_info_t *fin, ipstate_t *is)
3399 tcp = fin->fin_dp;
3400 rev = fin->fin_rev;
3402 if ((rev == 0) && (fin->fin_cksum < FI_CK_L4PART)) {
3410 if ((rev == 1) && (fin->fin_cksum < FI_CK_L4PART)) {
3423 /* Parameters: fin(I) - pointer to packet information */
3430 ipf_fixinisn(fr_info_t *fin, ipstate_t *is)
3436 tcp = fin->fin_dp;
3437 rev = fin->fin_rev;
3439 if ((rev == 1) && (fin->fin_cksum < FI_CK_L4PART)) {
3447 if ((rev == 0) && (fin->fin_cksum < FI_CK_L4PART)) {
3899 /* fin(I) - pointer to packet information */
3946 ipf_tcp_age(ipftqent_t *tqe, fr_info_t *fin, ipftq_t *tqtab, int flags, int ok)
3948 ipf_main_softc_t *softc = fin->fin_main_soft;
3953 tcp = fin->fin_dp;
3956 dir = fin->fin_rev;
3958 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
4343 /* Parameters: fin(I) - pointer to packet information */
4350 ipf_checkicmp6matchingstate(fr_info_t *fin)
4352 ipf_main_softc_t *softc = fin->fin_main_soft;
4373 if ((fin->fin_v != 6) || (fin->fin_plen < ICMP6ERR_MINPKTLEN) ||
4374 !(fin->fin_flx & FI_ICMPERR)) {
4379 ic6 = fin->fin_dp;
4383 if (fin->fin_plen < sizeof(*oip6)) {
4388 bcopy((char *)fin, (char *)&ofin, sizeof(*fin));
4390 ofin.fin_ifp = fin->fin_ifp;
4391 ofin.fin_out = !fin->fin_out;
4396 * We make a fin entry to be able to feed it to
4406 oip6->ip6_plen = htons(fin->fin_dlen - ICMPERR_ICMPHLEN);
4469 if (!ipf_allowstateicmp(fin, is, &src))
4530 if ((is != NULL) && (ipf_allowstateicmp(fin, is, &src) == 0))