Lines Matching defs:ifs
941 ipf_stack_t *ifs = fin->fin_ifs;
992 if (icmp->icmp_nextmtu < ifs->ifs_fr_icmpminfragmtu)
1674 ipf_stack_t *ifs = fin->fin_ifs;
1713 i = (*fr->fr_srcfunc)(fr->fr_srcptr, fi->fi_v, lip, fin, ifs);
1756 i = (*fr->fr_dstfunc)(fr->fr_dstptr, fi->fi_v, lip, fin, ifs);
1862 ipf_stack_t *ifs = fin->fin_ifs;
2012 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_skip);
2014 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_pkl);
2054 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2056 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2090 ipf_stack_t *ifs = fin->fin_ifs;
2095 fr = ifs->ifs_ipacct6[fin->fin_out][ifs->ifs_fr_active];
2098 fr = ifs->ifs_ipacct[fin->fin_out][ifs->ifs_fr_active];
2107 IPF_BUMP(ifs->ifs_frstats[0].fr_acct);
2138 ipf_stack_t *ifs = fin->fin_ifs;
2145 fin->fin_fr = ifs->ifs_ipfilter6[out][ifs->ifs_fr_active];
2148 fin->fin_fr = ifs->ifs_ipfilter[out][ifs->ifs_fr_active];
2156 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2162 fc = &ifs->ifs_frcache[out][CACHE_HASH(fin)];
2163 READ_ENTER(&ifs->ifs_ipf_frcache);
2169 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2170 IPF_BUMP(ifs->ifs_frstats[out].fr_chit);
2178 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2180 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2184 WRITE_ENTER(&ifs->ifs_ipf_frcache);
2186 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2193 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2203 IPF_BUMP(ifs->ifs_frstats[out].fr_ppshit);
2234 if ((fin->fin_fr = ifs->ifs_ipauth) != NULL)
2235 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2245 IPF_BUMP(ifs->ifs_frstats[out].fr_bnfr);
2247 IPF_BUMP(ifs->ifs_frstats[out].fr_nfr);
2250 IPF_BUMP(ifs->ifs_frstats[out].fr_cfr);
2259 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2261 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2309 , qif, mp, ifs)
2312 , mp, ifs)
2319 ipf_stack_t *ifs;
2341 pass = ifs->ifs_fr_pass;
2357 if (ifs->ifs_fr_running <= 0) {
2419 fin->fin_ifs = ifs;
2425 IPF_BUMP(ifs->ifs_frstats[out].fr_ipv6);
2434 READ_ENTER(&ifs->ifs_ipf_mutex);
2450 READ_ENTER(&ifs->ifs_ipf_mutex);
2465 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2466 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2470 if (fin->fin_ip->ip_ttl < ifs->ifs_fr_minttl) {
2471 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2479 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2480 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2484 if (ip6->ip6_hlim < ifs->ifs_fr_minttl) {
2485 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2493 IPF_BUMP(ifs->ifs_frstats[out].fr_short);
2496 READ_ENTER(&ifs->ifs_ipf_mutex);
2511 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2518 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2552 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2559 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2568 if ((ifs->ifs_fr_update_ipid != 0) && (v == 4)) {
2570 IPF_BUMP(ifs->ifs_frstats[1].fr_ipud);
2574 IPF_BUMP(ifs->ifs_frstats[0].fr_ipud);
2580 if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
2642 ifs->ifs_frstats[out].fr_ret);
2654 ifs->ifs_frstats[out].fr_block);
2655 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2662 IPF_BUMP(ifs->ifs_frstats[out].fr_ret);
2679 ifs->ifs_frstats[out].fr_ret);
2691 ifs->ifs_frstats[out].fr_block);
2692 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2698 IPF_BUMP(ifs->ifs_frstats[1].fr_ret);
2761 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2765 IPF_BUMP(ifs->ifs_frstats[out].fr_block);
2771 IPF_BUMP(ifs->ifs_frstats[out].fr_pass);
2841 ipf_stack_t *ifs = fin->fin_ifs;
2846 if ((ifs->ifs_fr_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
2848 IPF_BUMP(ifs->ifs_frstats[out].fr_npkl);
2851 (FR_ISPASS(pass) && (ifs->ifs_fr_flags & FF_LOGPASS))) {
2854 IPF_BUMP(ifs->ifs_frstats[out].fr_ppkl);
2857 (FR_ISBLOCK(pass) && (ifs->ifs_fr_flags & FF_LOGBLOCK))) {
2860 IPF_BUMP(ifs->ifs_frstats[out].fr_bpkl);
2863 IPF_BUMP(ifs->ifs_frstats[out].fr_skip);
3315 frgroup_t *fr_findgroup(group, unit, set, fgpp, ifs)
3320 ipf_stack_t *ifs;
3328 fgp = &ifs->ifs_ipfgroups[unit][set];
3356 frgroup_t *fr_addgroup(group, head, flags, unit, set, ifs)
3362 ipf_stack_t *ifs;
3376 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3410 void fr_delgroup(group, unit, set, ifs)
3414 ipf_stack_t *ifs;
3418 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3441 frentry_t *fr_getrulen(unit, group, n, ifs)
3445 ipf_stack_t *ifs;
3450 fg = fr_findgroup(group, unit, ifs->ifs_fr_active, NULL, ifs);
3469 int fr_rulen(unit, fr, ifs)
3472 ipf_stack_t *ifs;
3480 fg = fr_findgroup(fr->fr_group, unit, ifs->ifs_fr_active, NULL, ifs);
3511 static int frflushlist(set, unit, nfreedp, listp, ifs)
3516 ipf_stack_t *ifs;
3529 (void) frflushlist(set, unit, nfreedp, fp->fr_grp, ifs);
3533 fr_delgroup(fp->fr_grhead, unit, set, ifs);
3539 if (fr_derefrule(&fp, ifs) == 0)
3556 int frflush(unit, proto, flags, ifs)
3559 ipf_stack_t *ifs;
3563 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3564 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
3566 set = ifs->ifs_fr_active;
3573 &flushed, &ifs->ifs_ipfilter6[1][set], ifs);
3575 &flushed, &ifs->ifs_ipacct6[1][set], ifs);
3579 &flushed, &ifs->ifs_ipfilter[1][set], ifs);
3581 &flushed, &ifs->ifs_ipacct[1][set], ifs);
3587 &flushed, &ifs->ifs_ipfilter6[0][set], ifs);
3589 &flushed, &ifs->ifs_ipacct6[0][set], ifs);
3593 &flushed, &ifs->ifs_ipfilter[0][set], ifs);
3595 &flushed, &ifs->ifs_ipacct[0][set], ifs);
3598 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
3603 tmp = frflush(IPL_LOGCOUNT, proto, flags, ifs);
3743 /* ifs - pointer to IPF stack instance */
3782 static void *fr_ifsync(action, v, newname, oldname, newifp, oldifp, ifs)
3786 ipf_stack_t *ifs;
3794 rval = fr_resolvenic(oldname, v, ifs);
3825 /* ifs - pointer to IPF stack instance */
3833 static void frsynclist(action, v, ifp, ifname, fr, ifs)
3838 ipf_stack_t *ifs;
3855 ifs);
3860 ifp, fdp->fd_ifp, ifs);
3864 ifp, fdp->fd_ifp, ifs);
3868 ifp, fdp->fd_ifp, ifs);
3879 ifs);
3886 ifs);
3895 &fr->fr_srcfunc, ifs);
3901 &fr->fr_dstfunc, ifs);
3927 void frsync(action, v, ifp, name, ifs)
3931 ipf_stack_t *ifs;
3935 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3936 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[0][ifs->ifs_fr_active], ifs);
3937 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[1][ifs->ifs_fr_active], ifs);
3938 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[0][ifs->ifs_fr_active], ifs);
3939 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[1][ifs->ifs_fr_active], ifs);
3940 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[0][ifs->ifs_fr_active], ifs);
3941 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[1][ifs->ifs_fr_active], ifs);
3942 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[0][ifs->ifs_fr_active], ifs);
3943 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[1][ifs->ifs_fr_active], ifs);
3948 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
3949 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3950 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
3951 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3953 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
3998 /* ifs - IPF's stack */
4016 void fr_ifindexsync(ifp, newifp, ifs)
4019 ipf_stack_t *ifs;
4025 rule_lists[0] = ifs->ifs_ipacct[0][ifs->ifs_fr_active];
4026 rule_lists[1] = ifs->ifs_ipacct[1][ifs->ifs_fr_active];
4027 rule_lists[2] = ifs->ifs_ipfilter[0][ifs->ifs_fr_active];
4028 rule_lists[3] = ifs->ifs_ipfilter[1][ifs->ifs_fr_active];
4029 rule_lists[4] = ifs->ifs_ipacct6[0][ifs->ifs_fr_active];
4030 rule_lists[5] = ifs->ifs_ipacct6[1][ifs->ifs_fr_active];
4031 rule_lists[6] = ifs->ifs_ipfilter6[0][ifs->ifs_fr_active];
4032 rule_lists[7] = ifs->ifs_ipfilter6[1][ifs->ifs_fr_active];
4044 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
4046 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
4152 void fr_getstat(fiop, ifs)
4154 ipf_stack_t *ifs;
4158 bcopy((char *)&ifs->ifs_frstats, (char *)fiop->f_st,
4160 fiop->f_locks[IPL_LOGSTATE] = ifs->ifs_fr_state_lock;
4161 fiop->f_locks[IPL_LOGNAT] = ifs->ifs_fr_nat_lock;
4162 fiop->f_locks[IPL_LOGIPF] = ifs->ifs_fr_frag_lock;
4163 fiop->f_locks[IPL_LOGAUTH] = ifs->ifs_fr_auth_lock;
4167 fiop->f_ipf[i][j] = ifs->ifs_ipfilter[i][j];
4168 fiop->f_acct[i][j] = ifs->ifs_ipacct[i][j];
4169 fiop->f_ipf6[i][j] = ifs->ifs_ipfilter6[i][j];
4170 fiop->f_acct6[i][j] = ifs->ifs_ipacct6[i][j];
4173 fiop->f_ticks = ifs->ifs_fr_ticks;
4174 fiop->f_active = ifs->ifs_fr_active;
4175 fiop->f_froute[0] = ifs->ifs_fr_frouteok[0];
4176 fiop->f_froute[1] = ifs->ifs_fr_frouteok[1];
4178 fiop->f_running = ifs->ifs_fr_running;
4180 fiop->f_groups[i][0] = ifs->ifs_ipfgroups[i][0];
4181 fiop->f_groups[i][1] = ifs->ifs_ipfgroups[i][1];
4188 fiop->f_defpass = ifs->ifs_fr_pass;
4299 /* ifs - ipf stack instance */
4306 static void *fr_resolvelookup(type, number, funcptr, ifs)
4309 ipf_stack_t *ifs;
4322 READ_ENTER(&ifs->ifs_ip_poolrw);
4331 ipo = ip_pool_find(IPL_LOGIPF, name, ifs);
4340 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
4352 RWLOCK_EXIT(&ifs->ifs_ip_poolrw);
4376 int frrequest(unit, req, data, set, makecopy, ifs)
4381 ipf_stack_t *ifs;
4435 error = fr_funcinit(fp, ifs);
4455 fg = fr_findgroup(group, unit, set, NULL, ifs);
4472 fprev = &ifs->ifs_ipauth;
4475 fprev = &ifs->ifs_ipacct[in][set];
4477 fprev = &ifs->ifs_ipfilter[in][set];
4480 fprev = &ifs->ifs_ipacct6[in][set];
4482 fprev = &ifs->ifs_ipfilter6[in][set];
4488 if (!fg && !(fg = fr_findgroup(group, unit, set, NULL, ifs)))
4579 &fp->fr_srcfunc, ifs);
4604 &fp->fr_dstfunc, ifs);
4627 frsynclist(0, 0, NULL, NULL, fp, ifs);
4644 WRITE_ENTER(&ifs->ifs_ipf_mutex);
4645 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
4697 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4773 error = fr_preauthcmd(req, f, ftail, ifs);
4777 fr_delgroup(f->fr_grhead, unit, set, ifs);
4781 (void)fr_derefrule(&f, ifs);
4791 error = fr_preauthcmd(req, fp, ftail, ifs);
4821 unit, set, ifs);
4830 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4846 static int fr_funcinit(fr, ifs)
4848 ipf_stack_t *ifs;
4859 err = (*ft->ipfu_init)(fr, ifs);
4991 int fr_derefrule(frp, ifs)
4993 ipf_stack_t *ifs;
5007 ip_lookup_deref(fr->fr_srctype, fr->fr_srcptr, ifs);
5009 ip_lookup_deref(fr->fr_dsttype, fr->fr_dstptr, ifs);
5037 static int fr_grpmapinit(fr, ifs)
5039 ipf_stack_t *ifs;
5049 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
5075 ipf_stack_t *ifs = fin->fin_ifs;
5077 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_src, ifs);
5104 ipf_stack_t *ifs = fin->fin_ifs;
5106 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_dst, ifs);
5145 ipftq_t *fr_addtimeoutqueue(parent, seconds, ifs)
5148 ipf_stack_t *ifs;
5155 MUTEX_ENTER(&ifs->ifs_ipf_timeoutlock);
5166 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5182 ifs->ifs_fr_userifqs++;
5186 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5232 void fr_freetimeoutqueue(ifq, ifs)
5234 ipf_stack_t *ifs;
5254 ifs->ifs_fr_userifqs--;
5338 void fr_queueback(tqe, ifs)
5340 ipf_stack_t *ifs;
5347 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5381 void fr_queueappend(tqe, ifq, parent, ifs)
5385 ipf_stack_t *ifs;
5395 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5407 /* ifs - ipf stack instance */
5413 void fr_movequeue(tqe, oifq, nifq, ifs)
5416 ipf_stack_t *ifs;
5422 if (oifq == nifq && tqe->tqe_touched == ifs->ifs_fr_ticks)
5429 tqe->tqe_touched = ifs->ifs_fr_ticks;
5430 tqe->tqe_die = ifs->ifs_fr_ticks + nifq->ifq_ttl;
5595 INLINE int fr_ioctlswitch(unit, data, cmd, mode, uid, ctx, ifs)
5599 ipf_stack_t *ifs;
5609 if (ifs->ifs_fr_running > 0)
5610 error = fr_nat_ioctl(data, cmd, mode, uid, ctx, ifs);
5615 if (ifs->ifs_fr_running > 0)
5616 error = fr_state_ioctl(data, cmd, mode, uid, ctx, ifs);
5621 if (ifs->ifs_fr_running > 0) {
5628 ifs->ifs_fr_active, 1, ifs);
5631 error = fr_auth_ioctl(data, cmd, mode, uid, ctx, ifs);
5638 if (ifs->ifs_fr_running > 0)
5639 error = fr_sync_ioctl(data, cmd, mode, ifs);
5646 if (ifs->ifs_fr_running > 0)
5647 error = fr_scan_ioctl(data, cmd, mode, ifs);
5654 if (ifs->ifs_fr_running > 0)
5655 error = ip_lookup_ioctl(data, cmd, mode, uid, ctx, ifs);
5925 ipf_stack_t *ifs = fin->fin_ifs;
5930 net_data_p = ifs->ifs_ipf_ipv4;
5932 net_data_p = ifs->ifs_ipf_ipv6;
6147 ipf_stack_t *ifs = fin->fin_ifs;
6160 IPF_BUMP(ifs->ifs_fr_badcoalesces[fin->fin_out]);
6300 tune_lookup(ipf_stack_t *ifs, char *name)
6304 for (i = 0; ifs->ifs_ipf_tuneables[i].ipft_name != NULL; i++) {
6305 if (strcmp(ifs->ifs_ipf_tuneables[i].ipft_name, name) == 0)
6306 return (&ifs->ifs_ipf_tuneables[i]);
6319 /* Parameters: ifs - pointer to newly allocated IPF instance */
6331 static void ipftuneable_setdefs(ipf_stack_t *ifs)
6333 ifs->ifs_ipfr_size = IPFT_SIZE;
6334 ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */
6337 ifs->ifs_fr_authsize = FR_NUMAUTH;
6338 ifs->ifs_fr_defaultauthage = 600;
6341 ifs->ifs_fr_tcpidletimeout = IPF_TTLVAL(3600 * 24 * 5); /* five days */
6342 ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL);
6343 ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL);
6344 ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL);
6345 ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60);
6346 ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */
6347 ifs->ifs_fr_udptimeout = IPF_TTLVAL(120);
6348 ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12);
6349 ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60);
6350 ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6);
6351 ifs->ifs_fr_iptimeout = IPF_TTLVAL(60);
6352 ifs->ifs_fr_statemax = IPSTATE_MAX;
6353 ifs->ifs_fr_statesize = IPSTATE_SIZE;
6354 ifs->ifs_fr_state_maxbucket_reset = 1;
6355 ifs->ifs_state_flush_level_hi = ST_FLUSH_HI;
6356 ifs->ifs_state_flush_level_lo = ST_FLUSH_LO;
6359 ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ;
6360 ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX;
6361 ifs->ifs_ipf_natrules_sz = NAT_SIZE;
6362 ifs->ifs_ipf_rdrrules_sz = RDR_SIZE;
6363 ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE;
6364 ifs->ifs_fr_nat_maxbucket_reset = 1;
6365 ifs->ifs_fr_defnatage = DEF_NAT_AGE;
6366 ifs->ifs_fr_defnatipage = 120; /* 60 seconds */
6367 ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */
6368 ifs->ifs_nat_flush_level_hi = NAT_FLUSH_HI;
6369 ifs->ifs_nat_flush_level_lo = NAT_FLUSH_LO;
6373 ifs->ifs_ipl_suppress = 1;
6374 ifs->ifs_ipl_logmax = IPL_LOGMAX;
6375 ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE;
6378 ifs->ifs_nat_logging = 1;
6381 ifs->ifs_ipstate_logging = 1;
6384 ifs->ifs_nat_logging = 0;
6387 ifs->ifs_ipstate_logging = 0;
6389 ifs->ifs_ipf_loopback = 0;
6397 ipftuneable_alloc(ipf_stack_t *ifs)
6401 KMALLOCS(ifs->ifs_ipf_tuneables, ipftuneable_t *,
6403 bcopy(lcl_ipf_tuneables, ifs->ifs_ipf_tuneables,
6413 TUNE_SET(ifs, "fr_flags", ifs_fr_flags);
6414 TUNE_SET(ifs, "fr_active", ifs_fr_active);
6415 TUNE_SET(ifs, "fr_control_forwarding", ifs_fr_control_forwarding);
6416 TUNE_SET(ifs, "fr_update_ipid", ifs_fr_update_ipid);
6417 TUNE_SET(ifs, "fr_chksrc", ifs_fr_chksrc);
6418 TUNE_SET(ifs, "fr_minttl", ifs_fr_minttl);
6419 TUNE_SET(ifs, "fr_icmpminfragmtu", ifs_fr_icmpminfragmtu);
6420 TUNE_SET(ifs, "fr_pass", ifs_fr_pass);
6421 TUNE_SET(ifs, "fr_tcpidletimeout", ifs_fr_tcpidletimeout);
6422 TUNE_SET(ifs, "fr_tcpclosewait", ifs_fr_tcpclosewait);
6423 TUNE_SET(ifs, "fr_tcplastack", ifs_fr_tcplastack);
6424 TUNE_SET(ifs, "fr_tcptimeout", ifs_fr_tcptimeout);
6425 TUNE_SET(ifs, "fr_tcpclosed", ifs_fr_tcpclosed);
6426 TUNE_SET(ifs, "fr_tcphalfclosed", ifs_fr_tcphalfclosed);
6427 TUNE_SET(ifs, "fr_udptimeout", ifs_fr_udptimeout);
6428 TUNE_SET(ifs, "fr_udpacktimeout", ifs_fr_udpacktimeout);
6429 TUNE_SET(ifs, "fr_icmptimeout", ifs_fr_icmptimeout);
6430 TUNE_SET(ifs, "fr_icmpacktimeout", ifs_fr_icmpacktimeout);
6431 TUNE_SET(ifs, "fr_iptimeout", ifs_fr_iptimeout);
6432 TUNE_SET(ifs, "fr_statemax", ifs_fr_statemax);
6433 TUNE_SET(ifs, "fr_statesize", ifs_fr_statesize);
6434 TUNE_SET(ifs, "fr_state_lock", ifs_fr_state_lock);
6435 TUNE_SET(ifs, "fr_state_maxbucket", ifs_fr_state_maxbucket);
6436 TUNE_SET(ifs, "fr_state_maxbucket_reset", ifs_fr_state_maxbucket_reset);
6437 TUNE_SET(ifs, "ipstate_logging", ifs_ipstate_logging);
6438 TUNE_SET(ifs, "fr_nat_lock", ifs_fr_nat_lock);
6439 TUNE_SET(ifs, "ipf_nattable_sz", ifs_ipf_nattable_sz);
6440 TUNE_SET(ifs, "ipf_nattable_max", ifs_ipf_nattable_max);
6441 TUNE_SET(ifs, "ipf_natrules_sz", ifs_ipf_natrules_sz);
6442 TUNE_SET(ifs, "ipf_rdrrules_sz", ifs_ipf_rdrrules_sz);
6443 TUNE_SET(ifs, "ipf_hostmap_sz", ifs_ipf_hostmap_sz);
6444 TUNE_SET(ifs, "fr_nat_maxbucket", ifs_fr_nat_maxbucket);
6445 TUNE_SET(ifs, "fr_nat_maxbucket_reset", ifs_fr_nat_maxbucket_reset);
6446 TUNE_SET(ifs, "nat_logging", ifs_nat_logging);
6447 TUNE_SET(ifs, "fr_defnatage", ifs_fr_defnatage);
6448 TUNE_SET(ifs, "fr_defnatipage", ifs_fr_defnatipage);
6449 TUNE_SET(ifs, "fr_defnaticmpage", ifs_fr_defnaticmpage);
6450 TUNE_SET(ifs, "nat_flush_level_hi", ifs_nat_flush_level_hi);
6451 TUNE_SET(ifs, "nat_flush_level_lo", ifs_nat_flush_level_lo);
6452 TUNE_SET(ifs, "state_flush_level_hi", ifs_state_flush_level_hi);
6453 TUNE_SET(ifs, "state_flush_level_lo", ifs_state_flush_level_lo);
6454 TUNE_SET(ifs, "ipfr_size", ifs_ipfr_size);
6455 TUNE_SET(ifs, "fr_ipfrttl", ifs_fr_ipfrttl);
6456 TUNE_SET(ifs, "ipf_loopback", ifs_ipf_loopback);
6458 TUNE_SET(ifs, "ipl_suppress", ifs_ipl_suppress);
6459 TUNE_SET(ifs, "ipl_buffer_sz", ifs_ipl_buffer_sz);
6460 TUNE_SET(ifs, "ipl_logmax", ifs_ipl_logmax);
6461 TUNE_SET(ifs, "ipl_logall", ifs_ipl_logall);
6462 TUNE_SET(ifs, "ipl_logsize", ifs_ipl_logsize);
6466 ipftuneable_setdefs(ifs);
6469 (void) ipf_property_update(ipf_dev_info, ifs);
6474 ipftuneable_free(ipf_stack_t *ifs)
6476 KFREES(ifs->ifs_ipf_tuneables, sizeof (lcl_ipf_tuneables));
6477 ifs->ifs_ipf_tuneables = NULL;
6492 static ipftuneable_t *fr_findtunebycookie(cookie, next, ifs)
6494 ipf_stack_t * ifs;
6498 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6512 *next = &ifs->ifs_ipf_tunelist;
6517 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6539 static ipftuneable_t *fr_findtunebyname(name, ifs)
6541 ipf_stack_t *ifs;
6545 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6550 for (ta = ifs->ifs_ipf_tunelist; ta != NULL; ta = ta->ipft_next)
6568 int fr_addipftune(newtune, ifs)
6570 ipf_stack_t *ifs;
6574 ta = fr_findtunebyname(newtune->ipft_name, ifs);
6578 for (tap = &ifs->ifs_ipf_tunelist; *tap != NULL; tap = &(*tap)->ipft_next)
6597 int fr_delipftune(oldtune, ifs)
6599 ipf_stack_t *ifs;
6603 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6627 int fr_ipftune(cmd, data, ifs)
6630 ipf_stack_t *ifs;
6658 ta = fr_findtunebycookie(cookie, &tu.ipft_cookie, ifs);
6660 ta = ifs->ifs_ipf_tuneables;
6700 ta = fr_findtunebycookie(cookie, NULL, ifs);
6704 ta = fr_findtunebyname(tu.ipft_name, ifs);
6740 (ifs->ifs_fr_running > 0)) {
6786 int fr_initialise(ifs)
6787 ipf_stack_t *ifs;
6792 i = fr_loginit(ifs);
6796 i = fr_natinit(ifs);
6800 i = fr_stateinit(ifs);
6804 i = fr_authinit(ifs);
6808 i = fr_fraginit(ifs);
6812 i = appr_init(ifs);
6817 i = ipfsync_init(ifs);
6822 i = ipsc_init(ifs);
6827 i = ip_lookup_init(ifs);
6832 ipfrule_add(ifs);
6848 void fr_deinitialise(ifs)
6849 ipf_stack_t *ifs;
6851 fr_fragunload(ifs);
6852 fr_authunload(ifs);
6853 fr_natunload(ifs);
6854 fr_stateunload(ifs);
6856 fr_scanunload(ifs);
6858 appr_unload(ifs);
6861 ipfrule_remove(ifs);
6864 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6865 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
6866 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6867 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE, ifs);
6870 ip_lookup_unload(ifs);
6874 fr_logunload(ifs);
6888 int fr_zerostats(data, ifs)
6890 ipf_stack_t *ifs;
6895 fr_getstat(&fio, ifs);
6900 WRITE_ENTER(&ifs->ifs_ipf_mutex);
6901 bzero((char *)ifs->ifs_frstats, sizeof(*ifs->ifs_frstats) * 2);
6902 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
6921 void fr_resolvedest(fdp, v, ifs)
6924 ipf_stack_t *ifs;
6929 fdp->fd_ifp = GETIFP(fdp->fd_ifname, v, ifs);
6959 void *fr_resolvenic(name, v, ifs)
6962 ipf_stack_t *ifs;
6975 nic = GETIFP(name, v, ifs);
6985 /* Parameters: ifs - ipf stack instance */
6990 void ipf_expiretokens(ifs)
6991 ipf_stack_t *ifs;
6995 WRITE_ENTER(&ifs->ifs_ipf_tokens);
6996 while ((it = ifs->ifs_ipftokenhead) != NULL) {
6997 if (it->ipt_die > ifs->ifs_fr_ticks)
7000 ipf_freetoken(it, ifs);
7002 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7012 /* ifs - ipf stack instance */
7018 int ipf_deltoken(type, uid, ptr, ifs)
7021 ipf_stack_t *ifs;
7026 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7027 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next)
7030 ipf_freetoken(it, ifs);
7034 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7044 /* ifs - ipf stack instance */
7050 static void ipf_unlinktoken(token, ifs)
7052 ipf_stack_t *ifs;
7055 if (ifs->ifs_ipftokentail == &token->ipt_next)
7056 ifs->ifs_ipftokentail = token->ipt_pnext;
7070 /* ifs - ipf stack instance */
7080 ipftoken_t *ipf_findtoken(type, uid, ptr, ifs)
7083 ipf_stack_t *ifs;
7089 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7090 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next) {
7115 ipf_unlinktoken(it, ifs);
7117 it->ipt_pnext = ifs->ifs_ipftokentail;
7118 *ifs->ifs_ipftokentail = it;
7119 ifs->ifs_ipftokentail = &it->ipt_next;
7122 it->ipt_die = ifs->ifs_fr_ticks + 2;
7124 MUTEX_DOWNGRADE(&ifs->ifs_ipf_tokens);
7134 /* ifs - ipf stack instance */
7141 void ipf_freetoken(token, ifs)
7143 ipf_stack_t *ifs;
7147 ipf_unlinktoken(token, ifs);
7156 (void)fr_derefrule((frentry_t **)datap, ifs);
7159 WRITE_ENTER(&ifs->ifs_ipf_nat);
7160 fr_ipnatderef((ipnat_t **)datap, ifs);
7161 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7164 fr_natderef((nat_t **)datap, ifs);
7167 fr_statederef((ipstate_t **)datap, ifs);
7170 fr_fragderef((ipfr_t **)datap, &ifs->ifs_ipf_frag, ifs);
7174 &ifs->ifs_ipf_natfrag, ifs);
7177 WRITE_ENTER(&ifs->ifs_ipf_nat);
7179 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7182 (void) ip_lookup_iterderef(token->ipt_type, data, ifs);
7196 /* ifs - ipf stack instance */
7206 int ipf_getnextrule(t, ptr, ifs)
7209 ipf_stack_t *ifs;
7239 READ_ENTER(&ifs->ifs_ipf_mutex);
7254 next = ifs->ifs_ipacct
7257 next = ifs->ifs_ipacct6
7261 next = ifs->ifs_ipfilter
7264 next = ifs->ifs_ipfilter6
7269 it.iri_active, NULL, ifs);
7303 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
7312 ipf_freetoken(t, ifs);
7316 (void) fr_derefrule(&fr, ifs);
7327 ipf_freetoken(t, ifs);
7335 READ_ENTER(&ifs->ifs_ipf_mutex);
7350 /* ifs - ipf stack instance */
7356 int ipf_frruleiter(data, uid, ctx, ifs)
7359 ipf_stack_t *ifs;
7364 token = ipf_findtoken(IPFGENITER_IPF, uid, ctx, ifs);
7366 error = ipf_getnextrule(token, data, ifs);
7369 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7380 /* ifs - ipf stack instance */
7385 int ipf_geniter(token, itp, ifs)
7388 ipf_stack_t *ifs;
7395 error = fr_nextfrag(token, itp, &ifs->ifs_ipfr_list,
7396 &ifs->ifs_ipfr_tail, &ifs->ifs_ipf_frag,
7397 ifs);
7414 /* ifs - ipf stack instance */
7421 int ipf_genericiter(data, uid, ctx, ifs)
7424 ipf_stack_t *ifs;
7434 token = ipf_findtoken(iter.igi_type, uid, ctx, ifs);
7437 error = ipf_geniter(token, &iter, ifs);
7440 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7452 /* ifs - ipf stack instance */
7458 int ipf_earlydrop(flushtype, ifq, idletime, ifs)
7462 ipf_stack_t *ifs;
7480 droptick = ifs->ifs_fr_ticks - idletime;
7488 if (nat_delete((nat_t *)ent, NL_FLUSH, ifs) == 0)
7492 if (fr_delstate((ipstate_t *)ent, ISL_FLUSH, ifs) == 0)
7510 /* ifs - ipf stack instance */
7516 int ipf_flushclosing(flushtype, stateval, ipfqs, userqs, ifs)
7519 ipf_stack_t *ifs;
7536 dropped += ipf_earlydrop(flushtype, ifq, (int)0, ifs);
7556 (nat_delete(nat, NL_EXPIRE, ifs) == 0))
7564 (fr_delstate(is, ISL_EXPIRE, ifs) == 0))
7582 /* ifs - ipf stack instance */
7590 int ipf_extraflush(flushtype, ipfqs, userqs, ifs)
7593 ipf_stack_t *ifs;
7611 if (ifs->ifs_fr_ticks < idletime_tab[0])
7614 if (ifs->ifs_fr_ticks > idletime_tab[idle_idx]) {
7618 (ifs->ifs_fr_ticks < idletime_tab[idle_idx]))
7621 idletime = (ifs->ifs_fr_ticks /
7632 if (NAT_TAB_WATER_LEVEL(ifs) <=
7633 ifs->ifs_nat_flush_level_lo)
7636 if (ST_TAB_WATER_LEVEL(ifs) <=
7637 ifs->ifs_state_flush_level_lo)
7643 removed += ipf_earlydrop(flushtype, ipfqs, idletime, ifs);
7650 if (NAT_TAB_WATER_LEVEL(ifs) <=
7651 ifs->ifs_nat_flush_level_lo)
7654 if (ST_TAB_WATER_LEVEL(ifs) <=
7655 ifs->ifs_state_flush_level_lo)
7661 removed += ipf_earlydrop(flushtype, ifq, idletime, ifs);