Lines Matching refs:in
4 * Redistribution and use in source and binary forms, with or without
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
57 #include <netinet/in.h>
94 * XXX This one should go in sys/mbuf.h. It is used to avoid that
107 * Rules in set RESVD_SET can only be deleted explicitly.
127 static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */
157 * Dynamic rules are stored in lists accessed through a hash table
166 * against the entries in the corresponding list.
170 * + in-kernel NAT (not implemented yet)
173 * measured in seconds and depending on the flags.
175 * The total number of dynamic rules is stored in dyn_count.
195 * Timeouts for various events in handing dynamic rules.
206 * dyn_keepalive_period seconds, in the last dyn_keepalive_interval
217 static u_int32_t static_len; /* size in bytes of static rules */
323 ev_msg.dv[1].data_length = 100; /* bug in kern_post_msg, it can't handle size > 256-msghdr */
355 * bits that we want set or clear, respectively. They are in the
513 * or Unicast Reverse Path Forwarding (Unicast RFP) in Cisco-ese. The
733 action, proto, oif ? "out" : "in",
753 * in source and destination (ip,port), because rules are bidirectional
754 * and we want to find both in the same bucket.
825 * them in a second pass.
839 * handle parent in the second pass,
938 if ( prev != NULL) { /* found and not in front */
1257 * Assume we are sending a RST (or a keepalive in the reverse
1326 /* We need the IP header in host order for icmp_error(). */
1352 * target (for skipto instructions) or the next one in the list (in
1354 * The result is also written in the "next_rule" field of the rule.
1358 * This never returns NULL -- in case we do not have an exact match,
1369 /* look for action, in case it is a skipto */
1386 * All arguments are in args so we can modify them and return them
1391 * args->m (in/out) The packet; we set to NULL when/if we nuke it.
1393 * args->eh (in) Mac header if present, or NULL for layer3 packet.
1395 * The incoming interface is in the mbuf. (in)
1396 * args->divert_rule (in/out)
1400 * args->rule Pointer to the last matching rule (in/out)
1409 * in the latter case, *m is equal to NULL upon return.
1440 * in sync with it (the packet is supposed to start with
1479 * src_port, dst_port port numbers, in HOST format. Only
1482 * src_ip, dst_ip ip addresses, in NETWORK format.
1600 * XXX should not happen here, but optimized out in
1665 * F_OR bit set in all but the last instruction.
1802 case O_IN: /* "out" is "not in" */
2025 * outer loop (would be a 'break 3' in some language,
2038 * These opcodes try to install an entry in the
2069 * with the result being stored in dyn_dir.
2204 * When a rule is added/deleted, clear the next_rule pointers in all rules.
2247 * Update the rule_number in the input struct so the caller knows it as well.
2302 * Now insert the new rule in the right place in the sorted list.
2328 * The caller is in charge of clearing rule pointers to avoid
2466 * Deletes all rules from a chain (except rules in set RESVD_SET
2481 * deleted while pointer is still in use elsewhere
2551 * deleted while pointer is still in use elsewhere
2569 * deleted while pointer is still in use elsewhere
2897 * Disallow modifications in really-really secure mode, but still allow
2926 * The last dynamic rule has NULL in the "next" field.
2971 * store a non-null value in "next".
3178 /* there is only a simple rule passed in
3234 /* there is only a simple rule passed in