Lines Matching defs:ifs
140 #define DOUBLE_HASH(x, ifs) \
141 (((x) + ifs->ifs_ips_seed[(x) % ifs->ifs_fr_statesize]) % ifs->ifs_fr_statesize)
147 /* Parameters: ifs - ipf stack instance */
152 int fr_stateinit(ifs)
153 ipf_stack_t *ifs;
160 KMALLOCS(ifs->ifs_ips_table, ipstate_t **,
161 ifs->ifs_fr_statesize * sizeof(ipstate_t *));
162 if (ifs->ifs_ips_table == NULL)
164 bzero((char *)ifs->ifs_ips_table,
165 ifs->ifs_fr_statesize * sizeof(ipstate_t *));
167 KMALLOCS(ifs->ifs_ips_seed, u_long *,
168 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_seed));
169 if (ifs->ifs_ips_seed == NULL)
175 for (i = 0; i < ifs->ifs_fr_statesize; i++) {
180 ifs->ifs_ips_seed[i] = ipf_random();
182 ifs->ifs_ips_seed[i] = ((u_long)ifs->ifs_ips_seed + i) *
183 ifs->ifs_fr_statesize;
184 ifs->ifs_ips_seed[i] += tv.tv_sec;
185 ifs->ifs_ips_seed[i] *= (u_long)ifs->ifs_ips_seed;
186 ifs->ifs_ips_seed[i] ^= 0x5a5aa5a5;
187 ifs->ifs_ips_seed[i] *= ifs->ifs_fr_statemax;
209 KMALLOCS(ifs->ifs_ips_stats.iss_bucketlen, u_long *,
210 ifs->ifs_fr_statesize * sizeof(u_long));
211 if (ifs->ifs_ips_stats.iss_bucketlen == NULL)
213 bzero((char *)ifs->ifs_ips_stats.iss_bucketlen,
214 ifs->ifs_fr_statesize * sizeof(u_long));
216 if (ifs->ifs_fr_state_maxbucket == 0) {
217 for (i = ifs->ifs_fr_statesize; i > 0; i >>= 1)
218 ifs->ifs_fr_state_maxbucket++;
219 ifs->ifs_fr_state_maxbucket *= 2;
222 fr_sttab_init(ifs->ifs_ips_tqtqb, ifs);
223 ifs->ifs_ips_tqtqb[IPF_TCP_NSTATES - 1].ifq_next = &ifs->ifs_ips_udptq;
224 ifs->ifs_ips_udptq.ifq_ttl = (u_long)ifs->ifs_fr_udptimeout;
225 ifs->ifs_ips_udptq.ifq_ref = 1;
226 ifs->ifs_ips_udptq.ifq_head = NULL;
227 ifs->ifs_ips_udptq.ifq_tail = &ifs->ifs_ips_udptq.ifq_head;
228 MUTEX_INIT(&ifs->ifs_ips_udptq.ifq_lock, "ipftq udp tab");
229 ifs->ifs_ips_udptq.ifq_next = &ifs->ifs_ips_udpacktq;
230 ifs->ifs_ips_udpacktq.ifq_ttl = (u_long)ifs->ifs_fr_udpacktimeout;
231 ifs->ifs_ips_udpacktq.ifq_ref = 1;
232 ifs->ifs_ips_udpacktq.ifq_head = NULL;
233 ifs->ifs_ips_udpacktq.ifq_tail = &ifs->ifs_ips_udpacktq.ifq_head;
234 MUTEX_INIT(&ifs->ifs_ips_udpacktq.ifq_lock, "ipftq udpack tab");
235 ifs->ifs_ips_udpacktq.ifq_next = &ifs->ifs_ips_icmptq;
236 ifs->ifs_ips_icmptq.ifq_ttl = (u_long)ifs->ifs_fr_icmptimeout;
237 ifs->ifs_ips_icmptq.ifq_ref = 1;
238 ifs->ifs_ips_icmptq.ifq_head = NULL;
239 ifs->ifs_ips_icmptq.ifq_tail = &ifs->ifs_ips_icmptq.ifq_head;
240 MUTEX_INIT(&ifs->ifs_ips_icmptq.ifq_lock, "ipftq icmp tab");
241 ifs->ifs_ips_icmptq.ifq_next = &ifs->ifs_ips_icmpacktq;
242 ifs->ifs_ips_icmpacktq.ifq_ttl = (u_long)ifs->ifs_fr_icmpacktimeout;
243 ifs->ifs_ips_icmpacktq.ifq_ref = 1;
244 ifs->ifs_ips_icmpacktq.ifq_head = NULL;
245 ifs->ifs_ips_icmpacktq.ifq_tail = &ifs->ifs_ips_icmpacktq.ifq_head;
246 MUTEX_INIT(&ifs->ifs_ips_icmpacktq.ifq_lock, "ipftq icmpack tab");
247 ifs->ifs_ips_icmpacktq.ifq_next = &ifs->ifs_ips_iptq;
248 ifs->ifs_ips_iptq.ifq_ttl = (u_long)ifs->ifs_fr_iptimeout;
249 ifs->ifs_ips_iptq.ifq_ref = 1;
250 ifs->ifs_ips_iptq.ifq_head = NULL;
251 ifs->ifs_ips_iptq.ifq_tail = &ifs->ifs_ips_iptq.ifq_head;
252 MUTEX_INIT(&ifs->ifs_ips_iptq.ifq_lock, "ipftq ip tab");
253 ifs->ifs_ips_iptq.ifq_next = &ifs->ifs_ips_deletetq;
255 ifs->ifs_ips_deletetq.ifq_ttl = (u_long) 1;
256 ifs->ifs_ips_deletetq.ifq_ref = 1;
257 ifs->ifs_ips_deletetq.ifq_head = NULL;
258 ifs->ifs_ips_deletetq.ifq_tail = &ifs->ifs_ips_deletetq.ifq_head;
259 MUTEX_INIT(&ifs->ifs_ips_deletetq.ifq_lock, "state delete queue");
260 ifs->ifs_ips_deletetq.ifq_next = NULL;
262 RWLOCK_INIT(&ifs->ifs_ipf_state, "ipf IP state rwlock");
263 MUTEX_INIT(&ifs->ifs_ipf_stinsert, "ipf state insert mutex");
264 ifs->ifs_fr_state_init = 1;
266 ifs->ifs_ips_last_force_flush = ifs->ifs_fr_ticks;
274 /* Parameters: ifs - ipf stack instance */
279 void fr_stateunload(ifs)
280 ipf_stack_t *ifs;
285 while ((is = ifs->ifs_ips_list) != NULL)
286 (void) fr_delstate(is, 0, ifs);
295 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifqnext) {
299 fr_freetimeoutqueue(ifq, ifs);
302 ifs->ifs_ips_stats.iss_inuse = 0;
303 ifs->ifs_ips_num = 0;
305 if (ifs->ifs_fr_state_init == 1) {
306 fr_sttab_destroy(ifs->ifs_ips_tqtqb);
307 MUTEX_DESTROY(&ifs->ifs_ips_udptq.ifq_lock);
308 MUTEX_DESTROY(&ifs->ifs_ips_icmptq.ifq_lock);
309 MUTEX_DESTROY(&ifs->ifs_ips_udpacktq.ifq_lock);
310 MUTEX_DESTROY(&ifs->ifs_ips_icmpacktq.ifq_lock);
311 MUTEX_DESTROY(&ifs->ifs_ips_iptq.ifq_lock);
312 MUTEX_DESTROY(&ifs->ifs_ips_deletetq.ifq_lock);
315 if (ifs->ifs_ips_table != NULL) {
316 KFREES(ifs->ifs_ips_table,
317 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_table));
318 ifs->ifs_ips_table = NULL;
321 if (ifs->ifs_ips_seed != NULL) {
322 KFREES(ifs->ifs_ips_seed,
323 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_seed));
324 ifs->ifs_ips_seed = NULL;
327 if (ifs->ifs_ips_stats.iss_bucketlen != NULL) {
328 KFREES(ifs->ifs_ips_stats.iss_bucketlen,
329 ifs->ifs_fr_statesize * sizeof(u_long));
330 ifs->ifs_ips_stats.iss_bucketlen = NULL;
333 if (ifs->ifs_fr_state_maxbucket_reset == 1)
334 ifs->ifs_fr_state_maxbucket = 0;
336 if (ifs->ifs_fr_state_init == 1) {
337 ifs->ifs_fr_state_init = 0;
338 RW_DESTROY(&ifs->ifs_ipf_state);
339 MUTEX_DESTROY(&ifs->ifs_ipf_stinsert);
352 static ips_stat_t *fr_statetstats(ifs)
353 ipf_stack_t *ifs;
355 ifs->ifs_ips_stats.iss_active = ifs->ifs_ips_num;
356 ifs->ifs_ips_stats.iss_statesize = ifs->ifs_fr_statesize;
357 ifs->ifs_ips_stats.iss_statemax = ifs->ifs_fr_statemax;
358 ifs->ifs_ips_stats.iss_table = ifs->ifs_ips_table;
359 ifs->ifs_ips_stats.iss_list = ifs->ifs_ips_list;
360 ifs->ifs_ips_stats.iss_ticks = ifs->ifs_fr_ticks;
361 return &ifs->ifs_ips_stats;
368 /* ifs - ipf stack instance */
373 static int fr_state_remove(data, ifs)
375 ipf_stack_t *ifs;
385 WRITE_ENTER(&ifs->ifs_ipf_state);
386 for (sp = ifs->ifs_ips_list; sp; sp = sp->is_next)
394 (void) fr_delstate(sp, ISL_REMOVE, ifs);
395 RWLOCK_EXIT(&ifs->ifs_ipf_state);
398 RWLOCK_EXIT(&ifs->ifs_ipf_state);
411 /* ifs - ipf stack instance */
415 int fr_state_ioctl(data, cmd, mode, uid, ctx, ifs)
420 ipf_stack_t *ifs;
430 error = fr_state_remove(data, ifs);
441 WRITE_ENTER(&ifs->ifs_ipf_state);
442 ret = fr_state_flush(arg, 4, ifs);
443 RWLOCK_EXIT(&ifs->ifs_ipf_state);
461 WRITE_ENTER(&ifs->ifs_ipf_state);
462 ret = fr_state_flush(arg, 6, ifs);
463 RWLOCK_EXIT(&ifs->ifs_ipf_state);
484 tmp = ipflog_clear(IPL_LOGSTATE, ifs);
498 (char *)&ifs->ifs_ipstate_logging,
499 sizeof(ifs->ifs_ipstate_logging));
508 error = BCOPYOUT((char *)&ifs->ifs_ipstate_logging,
510 sizeof(ifs->ifs_ipstate_logging));
518 arg = ifs->ifs_iplused[IPL_LOGSTATE]; /* returned in an int */
528 error = fr_outobj(data, fr_statetstats(ifs), IPFOBJ_STATESTAT);
538 error = fr_lock(data, &ifs->ifs_fr_state_lock);
545 if (!ifs->ifs_fr_state_lock || !(mode & FWRITE)) {
549 error = fr_stputent(data, ifs);
555 if (!ifs->ifs_fr_state_lock) {
559 error = fr_stgetent(data, ifs);
571 token = ipf_findtoken(IPFGENITER_STATE, uid, ctx, ifs);
573 error = fr_stateiter(token, &iter, ifs);
576 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
585 error = ipf_deltoken(arg, uid, ctx, ifs);
608 int fr_stgetent(data, ifs)
610 ipf_stack_t *ifs;
622 isn = ifs->ifs_ips_list;
634 for (is = ifs->ifs_ips_list; is; is = is->is_next)
657 /* ifs - ipf stack instance */
664 int fr_stputent(data, ifs)
666 ipf_stack_t *ifs;
682 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
683 ifs->ifs_fr_state_doflush = 1;
689 if (ifs->ifs_ips_num >= ifs->ifs_fr_statemax) {
690 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
712 READ_ENTER(&ifs->ifs_ipf_state);
713 fr_stinsert(isn, 0, ifs);
715 RWLOCK_EXIT(&ifs->ifs_ipf_state);
736 fr->fr_ifas[i] = fr_resolvenic(name, fr->fr_v, ifs);
738 isn->is_ifp[i] = fr_resolvenic(name, isn->is_v, ifs);
746 fr_resolvedest(&fr->fr_tif, fr->fr_v, ifs);
747 fr_resolvedest(&fr->fr_dif, fr->fr_v, ifs);
748 fr_resolvedest(&fr->fr_rif, fr->fr_v, ifs);
761 READ_ENTER(&ifs->ifs_ipf_state);
762 fr_stinsert(isn, 0, ifs);
764 RWLOCK_EXIT(&ifs->ifs_ipf_state);
767 READ_ENTER(&ifs->ifs_ipf_state);
768 for (is = ifs->ifs_ips_list; is; is = is->is_next)
770 fr_stinsert(isn, 0, ifs);
779 RWLOCK_EXIT(&ifs->ifs_ipf_state);
801 void fr_stinsert(is, rev, ifs)
804 ipf_stack_t *ifs;
826 is->is_ifp[i] = fr_resolvenic(is->is_ifname[i], is->is_v, ifs);
833 hv = is->is_hv % ifs->ifs_fr_statesize;
842 MUTEX_ENTER(&ifs->ifs_ipf_stinsert);
847 if (ifs->ifs_ips_list != NULL)
848 ifs->ifs_ips_list->is_pnext = &is->is_next;
849 is->is_pnext = &ifs->ifs_ips_list;
850 is->is_next = ifs->ifs_ips_list;
851 ifs->ifs_ips_list = is;
853 if (ifs->ifs_ips_table[hv] != NULL)
854 ifs->ifs_ips_table[hv]->is_phnext = &is->is_hnext;
856 ifs->ifs_ips_stats.iss_inuse++;
857 is->is_phnext = ifs->ifs_ips_table + hv;
858 is->is_hnext = ifs->ifs_ips_table[hv];
859 ifs->ifs_ips_table[hv] = is;
860 ifs->ifs_ips_stats.iss_bucketlen[hv]++;
861 ifs->ifs_ips_num++;
862 MUTEX_EXIT(&ifs->ifs_ipf_stinsert);
864 fr_setstatequeue(is, rev, ifs);
1124 ipf_stack_t *ifs = fin->fin_ifs;
1126 if (ifs->ifs_fr_state_lock ||
1137 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
1138 ifs->ifs_fr_state_doflush = 1;
1158 if ((ifs->ifs_ips_num >= ifs->ifs_fr_statemax) &&
1160 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
1165 ATOMIC_INCL(ifs->ifs_ips_stats.iss_maxref);
1166 ifs->ifs_fr_state_doflush = 1;
1178 pass = ifs->ifs_fr_flags;
1184 is->is_die = 1 + ifs->ifs_fr_ticks;
1279 ATOMIC_INCL(ifs->ifs_ips_stats.iss_icmp);
1297 ATOMIC_INCL(ifs->ifs_ips_stats.iss_icmp);
1377 ATOMIC_INCL(ifs->ifs_ips_stats.iss_tcp);
1389 ATOMIC_INCL(ifs->ifs_ips_stats.iss_udp);
1395 hv = DOUBLE_HASH(hv, ifs);
1403 for (is = ifs->ifs_ips_table[is->is_hv % ifs->ifs_fr_statesize];
1417 if (ifs->ifs_ips_stats.iss_bucketlen[hv] >= ifs->ifs_fr_state_maxbucket) {
1418 ATOMIC_INCL(ifs->ifs_ips_stats.iss_bucketfull);
1423 ATOMIC_INCL(ifs->ifs_ips_stats.iss_nomem);
1434 fr_addtimeoutqueue(&ifs->ifs_ips_utqe,
1435 fr->fr_age[0], ifs);
1440 fr_addtimeoutqueue(&ifs->ifs_ips_utqe,
1441 fr->fr_age[1], ifs);
1488 ATOMIC_INCL(ifs->ifs_ips_stats.iss_wild);
1496 READ_ENTER(&ifs->ifs_ipf_state);
1499 fr_stinsert(is, fin->fin_rev, ifs);
1507 (void) fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
1521 if (ifs->ifs_ipstate_logging)
1522 ipstate_log(is, ISL_NEW, ifs);
1524 RWLOCK_EXIT(&ifs->ifs_ipf_state);
1649 ipf_stack_t *ifs = fin->fin_ifs;
1678 if (is->is_sti.tqe_ifq != &ifs->ifs_ips_deletetq)
1702 ret = fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
2014 ipf_stack_t *ifs = fin->fin_ifs;
2020 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
2021 ifs->ifs_fr_state_doflush = 1;
2028 if (ifs->ifs_ips_num >= ifs->ifs_fr_statemax) {
2029 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
2040 clone->is_die = ONE_DAY + ifs->ifs_fr_ticks;
2067 fr_stinsert(clone, fin->fin_rev, ifs);
2070 (void) fr_tcp_age(&clone->is_sti, fin, ifs->ifs_ips_tqtqb,
2109 ipf_stack_t *ifs = fin->fin_ifs;
2246 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
2288 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
2311 if ((flags & SI_CLONED) && ifs->ifs_ipstate_logging)
2312 ipstate_log(is, ISL_CLONE, ifs);
2376 ipf_stack_t *ifs = fin->fin_ifs;
2499 hv = DOUBLE_HASH(hv, ifs);
2501 READ_ENTER(&ifs->ifs_ipf_state);
2502 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2512 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2530 ifs->ifs_ips_stats.iss_hits++;
2535 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2555 hv = DOUBLE_HASH(hv, ifs);
2557 READ_ENTER(&ifs->ifs_ipf_state);
2558 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2587 ifs->ifs_ips_stats.iss_hits++;
2597 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2611 static void fr_ipsmove(is, hv, ifs)
2614 ipf_stack_t *ifs;
2619 ASSERT(rw_read_locked(&ifs->ifs_ipf_state.ipf_lk) == 0);
2629 if (ifs->ifs_ips_table[hvm] == NULL)
2630 ifs->ifs_ips_stats.iss_inuse--;
2631 ifs->ifs_ips_stats.iss_bucketlen[hvm]--;
2636 hvm = DOUBLE_HASH(hv, ifs);
2638 isp = &ifs->ifs_ips_table[hvm];
2642 ifs->ifs_ips_stats.iss_inuse++;
2643 ifs->ifs_ips_stats.iss_bucketlen[hvm]++;
2675 ipf_stack_t *ifs = fin->fin_ifs;
2727 READ_ENTER(&ifs->ifs_ipf_state);
2729 hvm = DOUBLE_HASH(hv, ifs);
2730 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2739 ifq = &ifs->ifs_ips_icmpacktq;
2741 ifq = &ifs->ifs_ips_icmptq;
2752 fr_ipsmove(is, hv, ifs);
2753 MUTEX_DOWNGRADE(&ifs->ifs_ipf_state);
2757 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2769 if ((ifs->ifs_ips_stats.iss_wild != 0) && (v == 6) && (tryagain == 0) &&
2776 WRITE_ENTER(&ifs->ifs_ipf_state);
2790 hv = DOUBLE_HASH(hv, ifs);
2791 READ_ENTER(&ifs->ifs_ipf_state);
2792 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2801 ifq = &ifs->ifs_ips_icmpacktq;
2803 ifq = &ifs->ifs_ips_icmptq;
2808 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2821 READ_ENTER(&ifs->ifs_ipf_state);
2823 hvm = DOUBLE_HASH(hv, ifs);
2824 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2845 fr_ipsmove(is, hv, ifs);
2846 MUTEX_DOWNGRADE(&ifs->ifs_ipf_state);
2850 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2852 if (ifs->ifs_ips_stats.iss_wild) {
2874 WRITE_ENTER(&ifs->ifs_ipf_state);
2891 hvm = DOUBLE_HASH(hv, ifs);
2892 READ_ENTER(&ifs->ifs_ipf_state);
2893 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2899 ifq = &ifs->ifs_ips_iptq;
2904 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2935 ipf_stack_t *ifs = fin->fin_ifs;
2949 fr_movequeue(tqe, tqe->tqe_ifq, ifq, ifs);
2961 ATOMIC_INCL(ifs->ifs_ips_stats.iss_hits);
2993 ipf_stack_t *ifs = fin->fin_ifs;
2995 if (ifs->ifs_fr_state_lock || (ifs->ifs_ips_list == NULL) ||
3052 ifq = &ifs->ifs_ips_udpacktq;
3054 ifq = &ifs->ifs_ips_udptq;
3058 ATOMIC_INCL(ifs->ifs_ips_stats.iss_miss);
3067 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3071 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3083 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3183 void fr_statesync(action, v, ifp, name, ifs)
3187 ipf_stack_t *ifs;
3192 if (ifs->ifs_fr_running <= 0)
3195 WRITE_ENTER(&ifs->ifs_ipf_state);
3197 if (ifs->ifs_fr_running <= 0) {
3198 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3205 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3213 is->is_v, ifs);
3218 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3232 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3245 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3255 /* ifs - pointer to IPF stack */
3262 void fr_stateifindexsync(ifp, newifp, ifs)
3265 ipf_stack_t *ifs;
3270 WRITE_ENTER(&ifs->ifs_ipf_state);
3272 for (is = ifs->ifs_ips_list; is != NULL; is = is->is_next) {
3280 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3289 /* ifs - ipf stack instance */
3296 int fr_delstate(is, why, ifs)
3299 ipf_stack_t *ifs;
3303 ASSERT(rw_write_held(&ifs->ifs_ipf_global.ipf_lk) == 0 ||
3304 rw_write_held(&ifs->ifs_ipf_state.ipf_lk) == 0);
3318 if (ifs->ifs_ips_table[is->is_hv] == NULL)
3319 ifs->ifs_ips_stats.iss_inuse--;
3320 ifs->ifs_ips_stats.iss_bucketlen[is->is_hv]--;
3327 * Because ifs->ifs_ips_stats.iss_wild is a count of entries in the state
3333 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
3354 ifs->ifs_ips_stats.iss_orphans++;
3366 ifs->ifs_ips_stats.iss_orphans--;
3394 if (ifs->ifs_ipstate_logging != 0 && why != 0)
3395 ipstate_log(is, why, ifs);
3399 (void)fr_derefrule(&is->is_rule, ifs);
3404 ifs->ifs_ips_num--;
3413 /* Parameters: ifs - ipf stack instance */
3420 void fr_timeoutstate(ifs)
3421 ipf_stack_t *ifs;
3429 WRITE_ENTER(&ifs->ifs_ipf_state);
3430 for (ifq = ifs->ifs_ips_tqtqb; ifq != NULL; ifq = ifq->ifq_next)
3432 if (tqe->tqe_die > ifs->ifs_fr_ticks)
3436 (void) fr_delstate(is, ISL_EXPIRE, ifs);
3439 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifq->ifq_next) {
3441 if (tqe->tqe_die > ifs->ifs_fr_ticks)
3445 (void) fr_delstate(is, ISL_EXPIRE, ifs);
3449 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifqnext) {
3454 fr_freetimeoutqueue(ifq, ifs);
3458 if (ifs->ifs_fr_state_doflush) {
3459 (void) fr_state_flush(FLUSH_TABLE_EXTRA, 0, ifs);
3460 ifs->ifs_fr_state_doflush = 0;
3462 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3472 /* ifs - ipf stack instance */
3488 static int fr_state_flush(flush_option, proto, ifs)
3490 ipf_stack_t *ifs;
3502 isn = ifs->ifs_ips_list;
3507 if (fr_delstate(is, ISL_FLUSH, ifs) == 0)
3515 ifs->ifs_ips_tqtqb,
3516 ifs->ifs_ips_utqe,
3517 ifs);
3523 ifs->ifs_ips_tqtqb,
3524 ifs->ifs_ips_utqe,
3525 ifs);
3530 if (ifs->ifs_fr_ticks - ifs->ifs_ips_last_force_flush <
3533 ifs->ifs_ips_last_force_flush = ifs->ifs_fr_ticks;
3535 &ifs->ifs_ips_tqtqb[IPF_TCPS_ESTABLISHED],
3536 ifs->ifs_ips_utqe,
3537 ifs);
3588 ipf_stack_t *ifs = fin->fin_ifs;
3924 fr_movequeue(tqe, tqe->tqe_ifq, tqtab + nstate, ifs);
3941 void ipstate_log(is, type, ifs)
3944 ipf_stack_t *ifs;
3994 if (ipllog(IPL_LOGSTATE, NULL, items, sizes, types, 1, ifs)) {
3995 ATOMIC_INCL(ifs->ifs_ips_stats.iss_logged);
3997 ATOMIC_INCL(ifs->ifs_ips_stats.iss_logfail);
4029 ipf_stack_t *ifs = fin->fin_ifs;
4095 hv = DOUBLE_HASH(hv, ifs);
4097 READ_ENTER(&ifs->ifs_ipf_state);
4098 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
4115 ifs->ifs_ips_stats.iss_hits++;
4124 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4148 hv = DOUBLE_HASH(hv, ifs);
4150 READ_ENTER(&ifs->ifs_ipf_state);
4151 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
4165 ifs->ifs_ips_stats.iss_hits++;
4178 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4191 void fr_sttab_init(tqp, ifs)
4193 ipf_stack_t *ifs;
4206 tqp[IPF_TCPS_CLOSED].ifq_ttl = ifs->ifs_fr_tcpclosed;
4207 tqp[IPF_TCPS_LISTEN].ifq_ttl = ifs->ifs_fr_tcptimeout;
4208 tqp[IPF_TCPS_SYN_SENT].ifq_ttl = ifs->ifs_fr_tcptimeout;
4209 tqp[IPF_TCPS_SYN_RECEIVED].ifq_ttl = ifs->ifs_fr_tcptimeout;
4210 tqp[IPF_TCPS_ESTABLISHED].ifq_ttl = ifs->ifs_fr_tcpidletimeout;
4211 tqp[IPF_TCPS_CLOSE_WAIT].ifq_ttl = ifs->ifs_fr_tcphalfclosed;
4212 tqp[IPF_TCPS_FIN_WAIT_1].ifq_ttl = ifs->ifs_fr_tcphalfclosed;
4213 tqp[IPF_TCPS_CLOSING].ifq_ttl = ifs->ifs_fr_tcptimeout;
4214 tqp[IPF_TCPS_LAST_ACK].ifq_ttl = ifs->ifs_fr_tcplastack;
4215 tqp[IPF_TCPS_FIN_WAIT_2].ifq_ttl = ifs->ifs_fr_tcpclosewait;
4216 tqp[IPF_TCPS_TIME_WAIT].ifq_ttl = ifs->ifs_fr_tcptimeout;
4217 tqp[IPF_TCPS_HALF_ESTAB].ifq_ttl = ifs->ifs_fr_tcptimeout;
4243 /* ifs - ipf stack instance */
4252 void fr_statederef(isp, ifs)
4254 ipf_stack_t *ifs;
4268 (void) fr_delstate(is, ISL_ORPHAN, ifs);
4275 WRITE_ENTER(&ifs->ifs_ipf_state);
4276 (void) fr_delstate(is, ISL_EXPIRE, ifs);
4277 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4291 void fr_setstatequeue(is, rev, ifs)
4294 ipf_stack_t *ifs;
4310 nifq = &ifs->ifs_ips_icmpacktq;
4312 nifq = &ifs->ifs_ips_icmptq;
4317 nifq = &ifs->ifs_ips_icmpacktq;
4319 nifq = &ifs->ifs_ips_icmptq;
4322 nifq = ifs->ifs_ips_tqtqb + is->is_state[rev];
4327 nifq = &ifs->ifs_ips_udpacktq;
4329 nifq = &ifs->ifs_ips_udptq;
4333 nifq = &ifs->ifs_ips_iptq;
4344 fr_movequeue(&is->is_sti, oifq, nifq, ifs);
4346 fr_queueappend(&is->is_sti, nifq, is, ifs);
4360 static int fr_stateiter(token, itp, ifs)
4363 ipf_stack_t *ifs;
4380 READ_ENTER(&ifs->ifs_ipf_state);
4387 next = ifs->ifs_ips_list;
4412 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4421 ipf_freetoken(token, ifs);
4425 fr_statederef(&is, ifs);
4427 ipf_freetoken(token, ifs);
4435 READ_ENTER(&ifs->ifs_ipf_state);