Lines Matching refs:ifs
116 int ipldetach(ifs)
117 ipf_stack_t *ifs;
120 ASSERT(rw_read_locked(&ifs->ifs_ipf_global.ipf_lk) == 0);
124 if (ifs->ifs_fr_control_forwarding & 2) {
140 RWLOCK_EXIT(&ifs->ifs_ipf_global);
144 if (ifs->_f != NULL) { \
145 if (ifs->_b) { \
146 ifs->_b = (net_hook_unregister(ifs->_f, \
147 _e, ifs->_h) != 0); \
148 if (!ifs->_b) { \
149 hook_free(ifs->_h); \
150 ifs->_h = NULL; \
152 } else if (ifs->_h != NULL) { \
153 hook_free(ifs->_h); \
154 ifs->_h = NULL; \
163 if (ifs->ifs_ipf_ipv6 != NULL) {
175 if (net_protocol_release(ifs->ifs_ipf_ipv6) != 0)
177 ifs->ifs_ipf_ipv6 = NULL;
183 if (ifs->ifs_ipf_ipv4 != NULL) {
195 if (net_protocol_release(ifs->ifs_ipf_ipv4) != 0)
197 ifs->ifs_ipf_ipv4 = NULL;
206 WRITE_ENTER(&ifs->ifs_ipf_global);
207 fr_deinitialise(ifs);
209 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
210 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
212 if (ifs->ifs_ipf_locks_done == 1) {
213 MUTEX_DESTROY(&ifs->ifs_ipf_timeoutlock);
214 MUTEX_DESTROY(&ifs->ifs_ipf_rw);
215 RW_DESTROY(&ifs->ifs_ipf_tokens);
216 RW_DESTROY(&ifs->ifs_ipf_ipidfrag);
217 ifs->ifs_ipf_locks_done = 0;
220 if (ifs->ifs_hook4_physical_in || ifs->ifs_hook4_physical_out ||
221 ifs->ifs_hook4_nic_events || ifs->ifs_hook4_loopback_in ||
222 ifs->ifs_hook4_loopback_out || ifs->ifs_hook6_nic_events ||
223 ifs->ifs_hook6_physical_in || ifs->ifs_hook6_physical_out ||
224 ifs->ifs_hook6_loopback_in || ifs->ifs_hook6_loopback_out)
230 WRITE_ENTER(&ifs->ifs_ipf_global);
234 int iplattach(ifs)
235 ipf_stack_t *ifs;
240 netid_t id = ifs->ifs_netid;
246 ASSERT(rw_read_locked(&ifs->ifs_ipf_global.ipf_lk) == 0);
247 ifs->ifs_fr_flags = IPF_LOGGING;
249 ifs->ifs_fr_update_ipid = 0;
251 ifs->ifs_fr_update_ipid = 1;
253 ifs->ifs_fr_minttl = 4;
254 ifs->ifs_fr_icmpminfragmtu = 68;
256 ifs->ifs_fr_pass = FR_BLOCK|FR_NOMATCH;
258 ifs->ifs_fr_pass = (IPF_DEFAULT_PASS)|FR_NOMATCH;
261 bzero((char *)ifs->ifs_frcache, sizeof(ifs->ifs_frcache));
262 MUTEX_INIT(&ifs->ifs_ipf_rw, "ipf rw mutex");
263 MUTEX_INIT(&ifs->ifs_ipf_timeoutlock, "ipf timeout lock mutex");
264 RWLOCK_INIT(&ifs->ifs_ipf_ipidfrag, "ipf IP NAT-Frag rwlock");
265 RWLOCK_INIT(&ifs->ifs_ipf_tokens, "ipf token rwlock");
266 ifs->ifs_ipf_locks_done = 1;
268 if (fr_initialise(ifs) < 0)
271 HOOK_INIT(ifs->ifs_ipfhook4_nicevents, ipf_nic_event_v4,
272 "ipfilter_hook4_nicevents", ifs);
273 HOOK_INIT(ifs->ifs_ipfhook4_in, ipf_hook4_in,
274 "ipfilter_hook4_in", ifs);
275 HOOK_INIT(ifs->ifs_ipfhook4_out, ipf_hook4_out,
276 "ipfilter_hook4_out", ifs);
277 HOOK_INIT(ifs->ifs_ipfhook4_loop_in, ipf_hook4_loop_in,
278 "ipfilter_hook4_loop_in", ifs);
279 HOOK_INIT(ifs->ifs_ipfhook4_loop_out, ipf_hook4_loop_out,
280 "ipfilter_hook4_loop_out", ifs);
288 RWLOCK_EXIT(&ifs->ifs_ipf_global);
293 ifs->ifs_ipf_ipv4 = net_protocol_lookup(id, NHF_INET);
294 if (ifs->ifs_ipf_ipv4 == NULL)
297 ifs->ifs_hook4_nic_events = (net_hook_register(ifs->ifs_ipf_ipv4,
298 NH_NIC_EVENTS, ifs->ifs_ipfhook4_nicevents) == 0);
299 if (!ifs->ifs_hook4_nic_events)
302 ifs->ifs_hook4_physical_in = (net_hook_register(ifs->ifs_ipf_ipv4,
303 NH_PHYSICAL_IN, ifs->ifs_ipfhook4_in) == 0);
304 if (!ifs->ifs_hook4_physical_in)
307 ifs->ifs_hook4_physical_out = (net_hook_register(ifs->ifs_ipf_ipv4,
308 NH_PHYSICAL_OUT, ifs->ifs_ipfhook4_out) == 0);
309 if (!ifs->ifs_hook4_physical_out)
312 if (ifs->ifs_ipf_loopback) {
313 ifs->ifs_hook4_loopback_in = (net_hook_register(
314 ifs->ifs_ipf_ipv4, NH_LOOPBACK_IN,
315 ifs->ifs_ipfhook4_loop_in) == 0);
316 if (!ifs->ifs_hook4_loopback_in)
319 ifs->ifs_hook4_loopback_out = (net_hook_register(
320 ifs->ifs_ipf_ipv4, NH_LOOPBACK_OUT,
321 ifs->ifs_ipfhook4_loop_out) == 0);
322 if (!ifs->ifs_hook4_loopback_out)
328 ifs->ifs_ipf_ipv6 = net_protocol_lookup(id, NHF_INET6);
329 if (ifs->ifs_ipf_ipv6 == NULL)
332 HOOK_INIT(ifs->ifs_ipfhook6_nicevents, ipf_nic_event_v6,
333 "ipfilter_hook6_nicevents", ifs);
334 HOOK_INIT(ifs->ifs_ipfhook6_in, ipf_hook6_in,
335 "ipfilter_hook6_in", ifs);
336 HOOK_INIT(ifs->ifs_ipfhook6_out, ipf_hook6_out,
337 "ipfilter_hook6_out", ifs);
338 HOOK_INIT(ifs->ifs_ipfhook6_loop_in, ipf_hook6_loop_in,
339 "ipfilter_hook6_loop_in", ifs);
340 HOOK_INIT(ifs->ifs_ipfhook6_loop_out, ipf_hook6_loop_out,
341 "ipfilter_hook6_loop_out", ifs);
343 ifs->ifs_hook6_nic_events = (net_hook_register(ifs->ifs_ipf_ipv6,
344 NH_NIC_EVENTS, ifs->ifs_ipfhook6_nicevents) == 0);
345 if (!ifs->ifs_hook6_nic_events)
348 ifs->ifs_hook6_physical_in = (net_hook_register(ifs->ifs_ipf_ipv6,
349 NH_PHYSICAL_IN, ifs->ifs_ipfhook6_in) == 0);
350 if (!ifs->ifs_hook6_physical_in)
353 ifs->ifs_hook6_physical_out = (net_hook_register(ifs->ifs_ipf_ipv6,
354 NH_PHYSICAL_OUT, ifs->ifs_ipfhook6_out) == 0);
355 if (!ifs->ifs_hook6_physical_out)
358 if (ifs->ifs_ipf_loopback) {
359 ifs->ifs_hook6_loopback_in = (net_hook_register(
360 ifs->ifs_ipf_ipv6, NH_LOOPBACK_IN,
361 ifs->ifs_ipfhook6_loop_in) == 0);
362 if (!ifs->ifs_hook6_loopback_in)
365 ifs->ifs_hook6_loopback_out = (net_hook_register(
366 ifs->ifs_ipf_ipv6, NH_LOOPBACK_OUT,
367 ifs->ifs_ipfhook6_loop_out) == 0);
368 if (!ifs->ifs_hook6_loopback_out)
375 WRITE_ENTER(&ifs->ifs_ipf_global);
418 if (ifs->ifs_fr_control_forwarding & 1) {
431 WRITE_ENTER(&ifs->ifs_ipf_global);
435 static int fr_setipfloopback(set, ifs)
437 ipf_stack_t *ifs;
439 if (ifs->ifs_ipf_ipv4 == NULL || ifs->ifs_ipf_ipv6 == NULL)
442 if (set && !ifs->ifs_ipf_loopback) {
443 ifs->ifs_ipf_loopback = 1;
445 ifs->ifs_hook4_loopback_in = (net_hook_register(
446 ifs->ifs_ipf_ipv4, NH_LOOPBACK_IN,
447 ifs->ifs_ipfhook4_loop_in) == 0);
448 if (!ifs->ifs_hook4_loopback_in)
451 ifs->ifs_hook4_loopback_out = (net_hook_register(
452 ifs->ifs_ipf_ipv4, NH_LOOPBACK_OUT,
453 ifs->ifs_ipfhook4_loop_out) == 0);
454 if (!ifs->ifs_hook4_loopback_out)
457 ifs->ifs_hook6_loopback_in = (net_hook_register(
458 ifs->ifs_ipf_ipv6, NH_LOOPBACK_IN,
459 ifs->ifs_ipfhook6_loop_in) == 0);
460 if (!ifs->ifs_hook6_loopback_in)
463 ifs->ifs_hook6_loopback_out = (net_hook_register(
464 ifs->ifs_ipf_ipv6, NH_LOOPBACK_OUT,
465 ifs->ifs_ipfhook6_loop_out) == 0);
466 if (!ifs->ifs_hook6_loopback_out)
469 } else if (!set && ifs->ifs_ipf_loopback) {
470 ifs->ifs_ipf_loopback = 0;
472 ifs->ifs_hook4_loopback_in =
473 (net_hook_unregister(ifs->ifs_ipf_ipv4,
474 NH_LOOPBACK_IN, ifs->ifs_ipfhook4_loop_in) != 0);
475 if (ifs->ifs_hook4_loopback_in)
478 ifs->ifs_hook4_loopback_out =
479 (net_hook_unregister(ifs->ifs_ipf_ipv4,
480 NH_LOOPBACK_OUT, ifs->ifs_ipfhook4_loop_out) != 0);
481 if (ifs->ifs_hook4_loopback_out)
484 ifs->ifs_hook6_loopback_in =
485 (net_hook_unregister(ifs->ifs_ipf_ipv6,
486 NH_LOOPBACK_IN, ifs->ifs_ipfhook4_loop_in) != 0);
487 if (ifs->ifs_hook6_loopback_in)
490 ifs->ifs_hook6_loopback_out =
491 (net_hook_unregister(ifs->ifs_ipf_ipv6,
492 NH_LOOPBACK_OUT, ifs->ifs_ipfhook6_loop_out) != 0);
493 if (ifs->ifs_hook6_loopback_out)
520 ipf_stack_t *ifs;
535 ifs = ipf_find_stack(crgetzoneid(cp));
536 ASSERT(ifs != NULL);
538 if (ifs->ifs_fr_running <= 0) {
549 READ_ENTER(&ifs->ifs_ipf_global);
550 if (ifs->ifs_fr_enable_active != 0) {
551 RWLOCK_EXIT(&ifs->ifs_ipf_global);
556 curproc, ifs);
558 RWLOCK_EXIT(&ifs->ifs_ipf_global);
576 RWLOCK_EXIT(&ifs->ifs_ipf_global);
577 WRITE_ENTER(&ifs->ifs_ipf_global);
584 if (ifs->ifs_fr_enable_active == 0) {
585 ifs->ifs_fr_enable_active = 1;
586 error = fr_enableipf(ifs, enable);
587 ifs->ifs_fr_enable_active = 0;
599 error = fr_ipftune(cmd, (void *)data, ifs);
606 (caddr_t)&ifs->ifs_fr_flags,
607 sizeof(ifs->ifs_fr_flags));
618 error = fr_setipfloopback(tmp, ifs);
621 error = COPYOUT((caddr_t)&ifs->ifs_fr_flags, (caddr_t)data,
622 sizeof(ifs->ifs_fr_flags));
637 ifs->ifs_fr_active, 1, ifs);
646 1 - ifs->ifs_fr_active, 1, ifs);
652 WRITE_ENTER(&ifs->ifs_ipf_mutex);
653 bzero((char *)ifs->ifs_frcache,
654 sizeof (ifs->ifs_frcache));
655 error = COPYOUT((caddr_t)&ifs->ifs_fr_active,
657 sizeof(ifs->ifs_fr_active));
661 ifs->ifs_fr_active = 1 - ifs->ifs_fr_active;
662 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
666 fr_getstat(&fio, ifs);
673 error = fr_zerostats((caddr_t)data, ifs);
682 tmp = frflush(unit, 4, tmp, ifs);
699 tmp = frflush(unit, 6, tmp, ifs);
712 ifs->ifs_fr_state_lock = tmp;
713 ifs->ifs_fr_nat_lock = tmp;
714 ifs->ifs_fr_frag_lock = tmp;
715 ifs->ifs_fr_auth_lock = tmp;
724 tmp = ipflog_clear(unit, ifs);
736 RWLOCK_EXIT(&ifs->ifs_ipf_global);
737 WRITE_ENTER(&ifs->ifs_ipf_global);
739 frsync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
740 fr_natifpsync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
741 fr_nataddrsync(0, NULL, NULL, ifs);
742 fr_statesync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
747 error = fr_outobj((void *)data, fr_fragstats(ifs),
752 tmp = (int)ifs->ifs_iplused[IPL_LOGIPF];
761 curproc, ifs);
766 curproc, ifs);
774 error = ipf_deltoken(tmp, crgetuid(cp), curproc, ifs);
786 RWLOCK_EXIT(&ifs->ifs_ipf_global);
791 static int fr_enableipf(ifs, enable)
792 ipf_stack_t *ifs;
798 error = ipldetach(ifs);
800 ifs->ifs_fr_running = -1;
804 if (ifs->ifs_fr_running > 0)
807 error = iplattach(ifs);
809 if (ifs->ifs_fr_timer_id == NULL) {
812 ifs->ifs_fr_timer_id = timeout(fr_slowtimer,
813 (void *)ifs,
816 ifs->ifs_fr_running = 1;
818 (void) ipldetach(ifs);
824 phy_if_t get_unit(name, v, ifs)
827 ipf_stack_t *ifs;
832 nif = ifs->ifs_ipf_ipv4;
834 nif = ifs->ifs_ipf_ipv6;
892 ipf_stack_t *ifs;
900 ifs = ipf_find_stack(crgetzoneid(cp));
901 ASSERT(ifs != NULL);
907 if (ifs->ifs_fr_running < 1) {
917 ret = ipflog_read(getminor(dev), uio, ifs);
934 ipf_stack_t *ifs;
941 ifs = ipf_find_stack(crgetzoneid(cp));
942 ASSERT(ifs != NULL);
948 if (ifs->ifs_fr_running < 1) {
1070 ipf_stack_t *ifs = fin->fin_ifs;
1091 if (net_getpmtuenabled(ifs->ifs_ipf_ipv4) == 1)
1157 ipf_stack_t *ifs = fin->fin_ifs;
1221 icmp->icmp_nextmtu = net_getmtu(ifs->ifs_ipf_ipv4, phy,0 );
1229 ipf_stack_t *ifs = fin->fin_ifs;
1232 (void *)&dst6, NULL, ifs) == -1) {
1259 ipf_stack_t *ifs = fin->fin_ifs;
1262 (void *)&dst4, NULL, ifs) == -1) {
1301 static void rate_limit_message(ipf_stack_t *ifs,
1313 ASSERT(MUTEX_NOT_HELD(&(ifs->ifs_ipf_rw.ipf_lk)));
1314 MUTEX_ENTER(&ifs->ifs_ipf_rw);
1319 MUTEX_EXIT(&ifs->ifs_ipf_rw);
1341 int fr_ifpaddr(v, atype, ifptr, inp, inpmask, ifs)
1345 ipf_stack_t *ifs;
1357 net_data = ifs->ifs_ipf_ipv4;
1361 net_data = ifs->ifs_ipf_ipv6;
1425 ipf_stack_t *ifs = fin->fin_ifs;
1439 MD5Update(&ctx, ifs->ifs_ipf_iss_secret, sizeof(ifs->ifs_ipf_iss_secret));
1470 ipf_stack_t *ifs = fin->fin_ifs;
1472 MUTEX_ENTER(&ifs->ifs_ipf_rw);
1478 MUTEX_EXIT(&ifs->ifs_ipf_rw);
1519 ipf_stack_t *ifs = arg;
1521 READ_ENTER(&ifs->ifs_ipf_global);
1522 if (ifs->ifs_fr_running != 1) {
1523 ifs->ifs_fr_timer_id = NULL;
1524 RWLOCK_EXIT(&ifs->ifs_ipf_global);
1527 ipf_expiretokens(ifs);
1528 fr_fragexpire(ifs);
1529 fr_timeoutstate(ifs);
1530 fr_natexpire(ifs);
1531 fr_authexpire(ifs);
1532 ifs->ifs_fr_ticks++;
1533 if (ifs->ifs_fr_running == 1)
1534 ifs->ifs_fr_timer_id = timeout(fr_slowtimer, arg,
1537 ifs->ifs_fr_timer_id = NULL;
1538 RWLOCK_EXIT(&ifs->ifs_ipf_global);
1569 ipf_stack_t *ifs = fin->fin_ifs;
1627 ATOMIC_INCL(ifs->ifs_frstats[out].fr_pull[1]);
1647 ATOMIC_INCL(ifs->ifs_frstats[out].fr_pull[0]);
1673 ipf_stack_t *ifs = fin->fin_ifs;
1676 net_data_p = ifs->ifs_ipf_ipv4;
1678 net_data_p = ifs->ifs_ipf_ipv6;
1729 ipf_stack_t *ifs = fin->fin_ifs;
1735 net_data_p = ifs->ifs_ipf_ipv4;
1737 net_data_p = ifs->ifs_ipf_ipv6;
1853 ifs->ifs_fr_frouteok[0]++;
1859 ifs->ifs_fr_frouteok[1]++;
1955 ipf_stack_t *ifs;
1962 ifs = arg;
1985 &qpi, fw->hpe_mp, ifs);
2055 ipf_stack_t *ifs = arg;
2058 if (ifs->ifs_fr_running <= 0)
2067 ifs);
2069 hn->hne_data, ifs);
2071 hn->hne_data, ifs);
2075 frsync(IPFSYNC_OLDIFP, 4, (void *)hn->hne_nic, NULL, ifs);
2077 ifs);
2078 fr_statesync(IPFSYNC_OLDIFP, 4, (void *)hn->hne_nic, NULL, ifs);
2091 ifs);
2094 ifs);
2100 WRITE_ENTER(&ifs->ifs_ipf_mutex);
2120 fr_ifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2121 fr_natifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2122 fr_stateifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2124 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2149 ipf_stack_t *ifs = arg;
2152 if (ifs->ifs_fr_running <= 0)
2161 hn->hne_data, ifs);
2163 hn->hne_data, ifs);
2165 hn->hne_data, ifs);
2169 frsync(IPFSYNC_OLDIFP, 6, (void *)hn->hne_nic, NULL, ifs);
2171 ifs);
2172 fr_statesync(IPFSYNC_OLDIFP, 6, (void *)hn->hne_nic, NULL, ifs);
2179 ifs);
2185 WRITE_ENTER(&ifs->ifs_ipf_mutex);
2204 fr_ifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2205 fr_natifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2206 fr_stateifindexsync((void *)hn->hne_nic, new_ifp, ifs);
2208 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);