Lines Matching defs:fin
443 /* Parameters: fin(I) - pointer to packet information */
452 ipf_pr_short6(fr_info_t *fin, int xmin)
455 if (fin->fin_dlen < xmin)
456 fin->fin_flx |= FI_SHORT;
463 /* Parameters: fin(I) - pointer to packet information */
472 ipf_pr_ipv6hdr(fr_info_t *fin)
474 ip6_t *ip6 = (ip6_t *)fin->fin_ip;
476 fr_ip_t *fi = &fin->fin_fi;
478 fin->fin_off = 0;
486 fin->fin_crc = p;
489 fin->fin_crc += fi->fi_src.i6[0];
490 fin->fin_crc += fi->fi_src.i6[1];
491 fin->fin_crc += fi->fi_src.i6[2];
492 fin->fin_crc += fi->fi_src.i6[3];
494 fin->fin_crc += fi->fi_dst.i6[0];
495 fin->fin_crc += fi->fi_dst.i6[1];
496 fin->fin_crc += fi->fi_dst.i6[2];
497 fin->fin_crc += fi->fi_dst.i6[3];
498 fin->fin_id = 0;
500 fin
503 while (go && !(fin->fin_flx & FI_SHORT)) {
507 ipf_pr_udp6(fin);
512 ipf_pr_tcp6(fin);
517 ipf_pr_icmp6(fin);
522 ipf_pr_gre6(fin);
527 p = ipf_pr_hopopts6(fin);
531 p = ipf_pr_mobility6(fin);
535 p = ipf_pr_dstopts6(fin);
539 p = ipf_pr_routing6(fin);
543 p = ipf_pr_ah6(fin);
547 ipf_pr_esp6(fin);
554 fin->fin_flx |= ip6exthdr[i].ol_bit;
565 p = ipf_pr_fragment6(fin);
572 if (fin->fin_off != 0)
592 (ipf_pr_pullup(fin, 0) == -1)) {
603 if (fin->fin_m == NULL) {
604 ipf_main_softc_t *softc = fin->fin_main_soft;
606 LBUMPD(ipf_stats[fin->fin_out], fr_v6_bad);
616 if ((go != 0) && (fin->fin_flx & FI_FRAG) && (fin->fin_off == 0)) {
617 ipf_main_softc_t *softc = fin->fin_main_soft;
619 fin->fin_flx |= FI_BAD;
620 DT2(ipf_fi_bad_ipv6_frag_1, fr_info_t *, fin, int, go);
621 LBUMPD(ipf_stats[fin->fin_out], fr_v6_badfrag);
622 LBUMP(ipf_stats[fin->fin_out].fr_v6_bad);
631 /* Parameters: fin(I) - pointer to packet information */
643 ipf_pr_ipv6exthdr(fr_info_t *fin, int multiple, int proto)
645 ipf_main_softc_t *softc = fin->fin_main_soft;
650 fin->fin_flx |= FI_V6EXTHDR;
653 if ((fin->fin_dlen - 8) < 0) {
654 fin->fin_flx |= FI_SHORT;
655 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_short);
659 if (ipf_pr_pullup(fin, 8) == -1) {
660 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_pullup);
664 hdr = fin->fin_dp;
675 if (shift > fin->fin_dlen) { /* Nasty extension header length? */
676 fin->fin_flx |= FI_BAD;
677 DT3(ipf_fi_bad_pr_ipv6exthdr_len, fr_info_t *, fin, u_short, shift, u_short, fin->fin_dlen);
678 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ext_hlen);
682 fin->fin_dp = (char *)fin->fin_dp + shift;
683 fin->fin_dlen -= shift;
690 if (fin->fin_flx & FI_FRAG)
699 ((fin->fin_optmsk & ip6exthdr[i].ol_bit) != 0)) {
700 fin->fin_flx |= FI_BAD;
701 DT2(ipf_fi_bad_ipv6exthdr_once, fr_info_t *, fin, u_int, (fin->fin_optmsk & ip6exthdr[i].ol_bit));
703 fin->fin_optmsk |= ip6exthdr[i].ol_bit;
714 /* Parameters: fin(I) - pointer to packet information */
720 ipf_pr_hopopts6(fr_info_t *fin)
724 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_HOPOPTS);
734 /* Parameters: fin(I) - pointer to packet information */
740 ipf_pr_mobility6(fr_info_t *fin)
744 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_MOBILITY);
754 /* Parameters: fin(I) - pointer to packet information */
760 ipf_pr_routing6(fr_info_t *fin)
764 hdr = (struct ip6_routing *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_ROUTING);
776 ipf_main_softc_t *softc = fin->fin_main_soft;
778 fin->fin_flx |= FI_BAD;
779 DT1(ipf_fi_bad_routing6, fr_info_t *, fin);
780 LBUMPD(ipf_stats[fin->fin_out], fr_v6_rh_bad);
796 /* Parameters: fin(I) - pointer to packet information */
823 ipf_pr_fragment6(fr_info_t *fin)
825 ipf_main_softc_t *softc = fin->fin_main_soft;
828 fin->fin_flx |= FI_FRAG;
830 frag = (struct ip6_frag *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_FRAGMENT);
832 LBUMPD(ipf_stats[fin->fin_out], fr_v6_frag_bad);
841 if ((fin->fin_plen & 7) != 0) {
842 fin->fin_flx |= FI_BAD;
843 DT2(ipf_fi_bad_frag_not_8, fr_info_t *, fin, u_int, (fin->fin_plen & 7));
847 fin->fin_fraghdr = frag;
848 fin->fin_id = frag->ip6f_ident;
849 fin->fin_off = ntohs(frag->ip6f_offlg & IP6F_OFF_MASK);
850 if (fin->fin_off != 0)
851 fin->fin_flx |= FI_FRAGBODY;
856 if ((fin->fin_off << 3) + fin->fin_dlen > 65535) {
857 fin->fin_flx |= FI_BAD;
858 DT2(ipf_fi_bad_jumbogram, fr_info_t *, fin, u_int, ((fin->fin_off << 3) + fin->fin_dlen));
875 /* Parameters: fin(I) - pointer to packet information */
881 ipf_pr_dstopts6(fr_info_t *fin)
883 ipf_main_softc_t *softc = fin->fin_main_soft;
886 hdr = ipf_pr_ipv6exthdr(fin, 0, IPPROTO_DSTOPTS);
888 LBUMPD(ipf_stats[fin->fin_out], fr_v6_dst_bad);
898 /* Parameters: fin(I) - pointer to packet information */
905 ipf_pr_icmp6(fr_info_t *fin)
910 if (ipf_pr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1) {
911 ipf_main_softc_t *softc = fin->fin_main_soft;
913 LBUMPD(ipf_stats[fin->fin_out], fr_v6_icmp6_pullup);
917 if (fin->fin_dlen > 1) {
920 icmp6 = fin->fin_dp;
922 fin->fin_data[0] = *(u_short *)icmp6;
925 fin->fin_flx |= FI_ICMPQUERY;
931 if (fin->fin_dlen >= 6)
932 fin->fin_data[1] = icmp6->icmp6_id;
940 fin->fin_flx |= FI_ICMPERR;
942 if (fin->fin_plen < ICMP6ERR_IPICMPHLEN)
945 if (M_LEN(fin->fin_m) < fin->fin_plen) {
946 if (ipf_coalesce(fin) != 1)
950 if (ipf_pr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
958 icmp6 = fin->fin_dp;
960 if (IP6_NEQ(&fin->fin_fi.fi_dst,
962 fin->fin_flx |= FI_BAD;
963 DT1(ipf_fi_bad_icmp6, fr_info_t *, fin);
971 ipf_pr_short6(fin, minicmpsz);
972 if ((fin->fin_flx & (FI_SHORT|FI_BAD)) == 0) {
973 u_char p = fin->fin_p;
975 fin->fin_p = IPPROTO_ICMPV6;
976 ipf_checkv6sum(fin);
977 fin->fin_p = p;
985 /* Parameters: fin(I) - pointer to packet information */
992 ipf_pr_udp6(fr_info_t *fin)
995 if (ipf_pr_udpcommon(fin) == 0) {
996 u_char p = fin->fin_p;
998 fin->fin_p = IPPROTO_UDP;
999 ipf_checkv6sum(fin);
1000 fin->fin_p = p;
1008 /* Parameters: fin(I) - pointer to packet information */
1015 ipf_pr_tcp6(fr_info_t *fin)
1018 if (ipf_pr_tcpcommon(fin) == 0) {
1019 u_char p = fin->fin_p;
1021 fin->fin_p = IPPROTO_TCP;
1022 ipf_checkv6sum(fin);
1023 fin->fin_p = p;
1031 /* Parameters: fin(I) - pointer to packet information */
1041 ipf_pr_esp6(fr_info_t *fin)
1044 if ((fin->fin_off == 0) && (ipf_pr_pullup(fin, 8) == -1)) {
1045 ipf_main_softc_t *softc = fin->fin_main_soft;
1047 LBUMPD(ipf_stats[fin->fin_out], fr_v6_esp_pullup);
1056 /* Parameters: fin(I) - pointer to packet information */
1064 ipf_pr_ah6(fr_info_t *fin)
1068 fin->fin_flx |= FI_AH;
1070 ah = (authhdr_t *)ipf_pr_ipv6exthdr(fin, 0, IPPROTO_HOPOPTS);
1072 ipf_main_softc_t *softc = fin->fin_main_soft;
1074 LBUMPD(ipf_stats[fin->fin_out], fr_v6_ah_bad);
1078 ipf_pr_short6(fin, sizeof(*ah));
1091 /* Parameters: fin(I) - pointer to packet information */
1096 ipf_pr_gre6(fr_info_t *fin)
1100 if (ipf_pr_pullup(fin, sizeof(grehdr_t)) == -1) {
1101 ipf_main_softc_t *softc = fin->fin_main_soft;
1103 LBUMPD(ipf_stats[fin->fin_out], fr_v6_gre_pullup);
1107 gre = fin->fin_dp;
1109 fin->fin_data[0] = gre->gr_call;
1117 /* Parameters: fin(I) - pointer to packet information */
1133 ipf_pr_pullup(fr_info_t *fin, int plen)
1135 ipf_main_softc_t *softc = fin->fin_main_soft;
1137 if (fin->fin_m != NULL) {
1138 if (fin->fin_dp != NULL)
1139 plen += (char *)fin->fin_dp -
1140 ((char *)fin->fin_ip + fin->fin_hlen);
1141 plen += fin->fin_hlen;
1142 if (M_LEN(fin->fin_m) < plen + fin->fin_ipoff) {
1144 if (ipf_pullup(fin->fin_m, fin, plen) == NULL) {
1145 DT1(ipf_pullup_fail, fr_info_t *, fin);
1146 LBUMP(ipf_stats[fin->fin_out].fr_pull[1]);
1147 fin->fin_reason = FRB_PULLUP;
1148 fin->fin_flx |= FI_BAD;
1151 LBUMP(ipf_stats[fin->fin_out].fr_pull[0]);
1153 LBUMP(ipf_stats[fin->fin_out].fr_pull[1]);
1157 fin->fin_reason = FRB_PULLUP;
1158 *fin->fin_mp = NULL;
1159 fin->fin_m = NULL;
1160 fin->fin_ip = NULL;
1161 fin->fin_flx |= FI_BAD;
1173 /* Parameters: fin(I) - pointer to packet information */
1183 ipf_pr_short(fr_info_t *fin, int xmin)
1186 if (fin->fin_off == 0) {
1187 if (fin->fin_dlen < xmin)
1188 fin->fin_flx |= FI_SHORT;
1189 } else if (fin->fin_off < xmin) {
1190 fin->fin_flx |= FI_SHORT;
1198 /* Parameters: fin(I) - pointer to packet information */
1209 ipf_pr_icmp(fr_info_t *fin)
1211 ipf_main_softc_t *softc = fin->fin_main_soft;
1216 ipf_pr_short(fin, ICMPERR_ICMPHLEN);
1218 if (fin->fin_off != 0) {
1219 LBUMPD(ipf_stats[fin->fin_out], fr_v4_icmp_frag);
1223 if (ipf_pr_pullup(fin, ICMPERR_ICMPHLEN) == -1) {
1224 LBUMPD(ipf_stats[fin->fin_out], fr_v4_icmp_pullup);
1228 icmp = fin->fin_dp;
1230 fin->fin_data[0] = *(u_short *)icmp;
1231 fin->fin_data[1] = icmp->icmp_id;
1240 fin->fin_flx |= FI_ICMPQUERY;
1249 fin->fin_flx |= FI_ICMPQUERY;
1260 fin->fin_flx |= FI_ICMPQUERY;
1270 fin->fin_flx |= FI_BAD;
1271 DT3(ipf_fi_bad_icmp_nextmtu, fr_info_t *, fin, u_int, icmp->icmp_nextmtu, u_int, softc->ipf_icmpminfragmtu);
1280 fin->fin_flx |= FI_ICMPERR;
1281 if (ipf_coalesce(fin) != 1) {
1282 LBUMPD(ipf_stats[fin->fin_out], fr_icmp_coalesce);
1291 oip = (ip_t *)((char *)fin->fin_dp + ICMPERR_ICMPHLEN);
1293 fin->fin_flx |= FI_BAD;
1294 DT2(ipf_fi_bad_icmp_err, fr_info_t, fin, u_int, (ntohs(oip->ip_off) & IP_OFFMASK));
1302 if (oip->ip_src.s_addr != fin->fin_daddr) {
1303 fin->fin_flx |= FI_BAD;
1304 DT1(ipf_fi_bad_src_ne_dst, fr_info_t *, fin);
1311 ipf_pr_short(fin, minicmpsz);
1313 ipf_checkv4sum(fin);
1320 /* Parameters: fin(I) - pointer to packet information */
1328 ipf_pr_tcpcommon(fr_info_t *fin)
1330 ipf_main_softc_t *softc = fin->fin_main_soft;
1334 fin->fin_flx |= FI_TCPUDP;
1335 if (fin->fin_off != 0) {
1336 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_frag);
1340 if (ipf_pr_pullup(fin, sizeof(*tcp)) == -1) {
1341 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_pullup);
1345 tcp = fin->fin_dp;
1346 if (fin->fin_dlen > 3) {
1347 fin->fin_sport = ntohs(tcp->th_sport);
1348 fin->fin_dport = ntohs(tcp->th_dport);
1351 if ((fin->fin_flx & FI_SHORT) != 0) {
1352 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_short);
1362 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_small);
1363 fin->fin_flx |= FI_BAD;
1364 DT3(ipf_fi_bad_tlen, fr_info_t, fin, u_int, tlen, u_int, sizeof(tcphdr_t));
1369 fin->fin_tcpf = tcp->th_flags;
1377 fin->fin_flx |= FI_BAD;
1378 DT3(ipf_fi_bad_th_urg, fr_info_t*, fin, u_int, (flags & TH_URG), u_int, tcp->th_urp);
1385 fin->fin_flx |= FI_BAD;
1386 DT3(ipf_fi_bad_th_urg0, fr_info_t *, fin, u_int, (flags & TH_URG), u_int, tcp->th_urp);
1391 fin->fin_flx |= FI_BAD;
1392 DT1(ipf_fi_bad_th_fin_rst_ack, fr_info_t, fin);
1400 fin->fin_flx |= FI_BAD;
1401 DT1(ipf_fi_bad_th_syn_urg_psh, fr_info_t *, fin);
1408 * not set and if URG, PSH or FIN are set, consdier
1419 /*fin->fin_flx |= FI_BAD*/;
1420 /*DT1(ipf_fi_bad_th_syn_ack, fr_info_t *, fin);*/
1422 fin->fin_flx |= FI_BAD;
1423 DT1(ipf_fi_bad_th_rst_syn, fr_info_t *, fin);
1425 fin->fin_flx |= FI_BAD;
1426 DT1(ipf_fi_bad_th_urg_push_fin, fr_info_t *, fin);
1429 if (fin->fin_flx & FI_BAD) {
1430 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_bad_flags);
1446 if (ipf_pr_pullup(fin, tlen) == -1) {
1447 LBUMPD(ipf_stats[fin->fin_out], fr_tcp_pullup);
1452 tcp = fin->fin_dp;
1453 ip = fin->fin_ip;
1457 if (fin->fin_mp != NULL) {
1458 mb_t *m = *fin->fin_mp;
1498 /* Parameters: fin(I) - pointer to packet information */
1504 ipf_pr_udpcommon(fr_info_t *fin)
1508 fin->fin_flx |= FI_TCPUDP;
1510 if (!fin->fin_off && (fin->fin_dlen > 3)) {
1511 if (ipf_pr_pullup(fin, sizeof(*udp)) == -1) {
1512 ipf_main_softc_t *softc = fin->fin_main_soft;
1514 fin->fin_flx |= FI_SHORT;
1515 LBUMPD(ipf_stats[fin->fin_out], fr_udp_pullup);
1519 udp = fin->fin_dp;
1521 fin->fin_sport = ntohs(udp->uh_sport);
1522 fin->fin_dport = ntohs(udp->uh_dport);
1532 /* Parameters: fin(I) - pointer to packet information */
1538 ipf_pr_tcp(fr_info_t *fin)
1541 ipf_pr_short(fin, sizeof(tcphdr_t));
1543 if (ipf_pr_tcpcommon(fin) == 0)
1544 ipf_checkv4sum(fin);
1551 /* Parameters: fin(I) - pointer to packet information */
1557 ipf_pr_udp(fr_info_t *fin)
1560 ipf_pr_short(fin, sizeof(udphdr_t));
1562 if (ipf_pr_udpcommon(fin) == 0)
1563 ipf_checkv4sum(fin);
1570 /* Parameters: fin(I) - pointer to packet information */
1579 ipf_pr_esp(fr_info_t *fin)
1582 if (fin->fin_off == 0) {
1583 ipf_pr_short(fin, 8);
1584 if (ipf_pr_pullup(fin, 8) == -1) {
1585 ipf_main_softc_t *softc = fin->fin_main_soft;
1587 LBUMPD(ipf_stats[fin->fin_out], fr_v4_esp_pullup);
1596 /* Parameters: fin(I) - pointer to packet information */
1603 ipf_pr_ah(fr_info_t *fin)
1605 ipf_main_softc_t *softc = fin->fin_main_soft;
1609 fin->fin_flx |= FI_AH;
1610 ipf_pr_short(fin, sizeof(*ah));
1612 if (((fin->fin_flx & FI_SHORT) != 0) || (fin->fin_off != 0)) {
1613 LBUMPD(ipf_stats[fin->fin_out], fr_v4_ah_bad);
1617 if (ipf_pr_pullup(fin, sizeof(*ah)) == -1) {
1619 LBUMP(ipf_stats[fin->fin_out].fr_v4_ah_pullup);
1623 ah = (authhdr_t *)fin->fin_dp;
1626 ipf_pr_short(fin, len);
1627 if (ipf_pr_pullup(fin, len) == -1) {
1629 LBUMP(ipf_stats[fin->fin_out].fr_v4_ah_pullup);
1637 fin->fin_dp = (char *)fin->fin_dp + len;
1638 fin->fin_dlen -= len;
1646 /* Parameters: fin(I) - pointer to packet information */
1651 ipf_pr_gre(fr_info_t *fin)
1653 ipf_main_softc_t *softc = fin->fin_main_soft;
1656 ipf_pr_short(fin, sizeof(grehdr_t));
1658 if (fin->fin_off != 0) {
1659 LBUMPD(ipf_stats[fin->fin_out], fr_v4_gre_frag);
1663 if (ipf_pr_pullup(fin, sizeof(grehdr_t)) == -1) {
1664 LBUMPD(ipf_stats[fin->fin_out], fr_v4_gre_pullup);
1668 gre = fin->fin_dp;
1670 fin->fin_data[0] = gre->gr_call;
1677 /* Parameters: fin(I) - pointer to packet information */
1684 ipf_pr_ipv4hdr(fr_info_t *fin)
1694 fi = &fin->fin_fi;
1695 hlen = fin->fin_hlen;
1697 ip = fin->fin_ip;
1700 fin->fin_crc = p;
1702 fin->fin_id = ntohs(ip->ip_id);
1718 fin->fin_crc += fi->fi_saddr;
1720 fin->fin_crc += fi->fi_daddr;
1722 fin->fin_flx |= FI_MULTICAST|FI_MBCAST;
1735 fin->fin_flx |= FI_SHORT; /* RFC 3128 */
1736 DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
1739 fin->fin_flx |= FI_FRAGBODY;
1741 if ((off + fin->fin_dlen > 65535) ||
1742 (fin->fin_dlen == 0) ||
1743 ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
1754 DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
1758 fin->fin_off = off;
1768 p = ipf_pr_ah(fin);
1774 ipf_pr_udp(fin);
1777 ipf_pr_tcp(fin);
1780 ipf_pr_icmp(fin);
1783 ipf_pr_esp(fin);
1786 ipf_pr_gre(fin);
1790 ip = fin->fin_ip;
1837 fin->fin_flx |= FI_BAD;
1838 DT2(ipf_fi_bad_ipopt_security, fr_info_t *, fin, u_short, (optmsk & op->ol_bit));
1849 fin->fin_flx |= FI_BAD;
1850 DT2(ipf_fi_bad_ipopt_cipso, fr_info_t *, fin, u_short, (optmsk & op->ol_bit));
1852 doi = ipf_checkcipso(fin,
1921 /* Parameters: fin(IO) - pointer to packet information */
1934 ipf_checkcipso(fr_info_t *fin, u_char *s, int ol)
1936 ipf_main_softc_t *softc = fin->fin_main_soft;
1943 LBUMPD(ipf_stats[fin->fin_out], fr_v4_cipso_bad);
1944 fin->fin_flx |= FI_BAD;
1945 DT2(ipf_fi_bad_checkcipso_ol, fr_info_t *, fin, u_int, ol);
1949 fi = &fin->fin_fi;
1961 LBUMPD(ipf_stats[fin->fin_out], fr_v4_cipso_tlen);
1962 fin->fin_flx |= FI_BAD;
1963 DT2(ipf_fi_bad_checkcipso_tlen, fr_info_t *, fin, u_int, tlen);
1973 fin->fin_flx |= FI_BAD;
1974 DT2(ipf_fi_bad_checkcipso_tag, fr_info_t *, fin, u_int, tag);
1978 fin->fin_flx |= FI_BAD;
1979 DT2(ipf_fi_bad_checkcipso_tag1_t2, fr_info_t *, fin, u_int, (*t + 2));
1987 fin->fin_flx |= FI_BAD;
1988 DT2(ipf_fi_bad_checkcipso_tag4_t2, fr_info_t *, fin, u_int, (*t + 2));
1996 fin->fin_flx |= FI_BAD;
1997 DT2(ipf_fi_bad_checkcipso_tag5_t2, fr_info_t *, fin, u_int, (*t + 2));
2007 DT2(ipf_fi_bad_checkcipso_tag127, fr_info_t *, fin, u_int, tag);
2008 fin->fin_flx |= FI_BAD;
2025 /* fin(IO) - pointer to packet information */
2029 /* in the fr_info_t structure pointer to by fin. At present, it is assumed */
2033 ipf_makefrip(int hlen, ip_t *ip, fr_info_t *fin)
2035 ipf_main_softc_t *softc = fin->fin_main_soft;
2038 fin->fin_depth = 0;
2039 fin->fin_hlen = (u_short)hlen;
2040 fin->fin_ip = ip;
2041 fin->fin_rule = 0xffffffff;
2042 fin->fin_group[0] = -1;
2043 fin->fin_group[1] = '\0';
2044 fin->fin_dp = (char *)ip + hlen;
2046 v = fin->fin_v;
2048 fin->fin_plen = ntohs(ip->ip_len);
2049 fin->fin_dlen = fin->fin_plen - hlen;
2050 ipf_pr_ipv4hdr(fin);
2053 fin->fin_plen = ntohs(((ip6_t *)ip)->ip6_plen);
2054 fin->fin_dlen = fin->fin_plen;
2055 fin->fin_plen += hlen;
2057 ipf_pr_ipv6hdr(fin);
2060 if (fin->fin_ip == NULL) {
2061 LBUMP(ipf_stats[fin->fin_out].fr_ip_freed);
2188 /* Parameters: fin(I) - pointer to packet information */
2198 ipf_check_ipf(fr_info_t *fin, frentry_t *fr, int portcmp)
2205 fi = &fin->fin_fi;
2240 i = (*fr->fr_srcfunc)(fin->fin_main_soft, fr->fr_srcptr,
2241 fi->fi_v, lip, fin->fin_plen);
2279 i = (*fr->fr_dstfunc)(fin->fin_main_soft, fr->fr_dstptr,
2280 fi->fi_v, lip, fin->fin_plen);
2333 if (!ipf_tcpudpchk(&fin->fin_fi, &fr->fr_tuc))
2342 fin->fin_off || (fin->fin_dlen < 2))
2344 else if ((fin->fin_data[0] & fr->fr_icmpm) !=
2347 fin->fin_data[0],
2361 /* Parameters: fin(I) - pointer to packet information */
2366 /* return value and fin->fin_fr points to the matched rule. */
2375 ipf_scanlist(fr_info_t *fin, u_32_t pass)
2377 ipf_main_softc_t *softc = fin->fin_main_soft;
2385 if (fin->fin_depth >= 16)
2388 fr = fin->fin_fr;
2398 fin->fin_depth++;
2399 fin->fin_fr = NULL;
2400 off = fin->fin_off;
2402 if ((fin->fin_flx & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
2420 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2430 if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
2439 if (ipf_check_ipf(fin, fr, portcmp))
2449 if (*fin->fin_mp == NULL)
2451 if (fin->fin_family != fr->fr_family)
2453 mc = (u_char *)fin->fin_m;
2454 wlen = fin->fin_dlen + fin->fin_hlen;
2464 f = (*fr->fr_func)(fin, &pass);
2474 if (fin->fin_family != fr->fr_family)
2476 if (ipf_fr_matcharray(fin, fr->fr_data) == 0)
2484 if ((fin->fin_out == 0) && (fr->fr_nattag.ipt_num[0] != 0)) {
2485 if (fin->fin_nattag == NULL)
2487 if (ipf_matchtag(&fr->fr_nattag, fin->fin_nattag) == 0)
2508 frs = fin->fin_fr;
2509 fin->fin_fr = fr;
2510 fr = (*fr->fr_func)(fin, &passt);
2512 fin->fin_fr = frs;
2517 fin->fin_fr = fr;
2524 if (ipf_log_pkt(fin, passt) == -1) {
2529 fin->fin_reason = FRB_LOGFAIL;
2536 fr->fr_bytes += (U_QUAD_T)fin->fin_plen;
2539 fin->fin_rule = rulen;
2551 fin->fin_icode = fr->fr_icode;
2554 (void) strncpy(fin->fin_group,
2558 fin->fin_group[0] = '\0';
2564 fin->fin_fr = fr->fr_grphead->fg_start;
2568 passt = ipf_decaps(fin, pass, fr->fr_icode);
2570 passt = ipf_scanlist(fin, pass);
2572 if (fin->fin_fr == NULL) {
2573 fin->fin_rule = rulen;
2575 (void) strncpy(fin->fin_group,
2580 fin->fin_fr = fr;
2595 !(fin->fin_flx & FI_STATE)) {
2596 int out = fin->fin_out;
2598 fin->fin_fr = fr;
2599 if (ipf_state_add(softc, fin, NULL, 0) == 0) {
2610 fin->fin_depth--;
2618 /* Parameters: fin(I) - pointer to packet information */
2628 ipf_acctpkt(fr_info_t *fin, u_32_t *passp)
2630 ipf_main_softc_t *softc = fin->fin_main_soft;
2636 fr = softc->ipf_acct[fin->fin_out][softc->ipf_active];
2639 frsave = fin->fin_fr;
2640 bcopy(fin->fin_group, group, FR_GROUPLEN);
2641 rulen = fin->fin_rule;
2642 fin->fin_fr = fr;
2643 pass = ipf_scanlist(fin, FR_NOMATCH);
2647 fin->fin_fr = frsave;
2648 bcopy(group, fin->fin_group, FR_GROUPLEN);
2649 fin->fin_rule = rulen;
2659 /* Parameters: fin(I) - pointer to packet information */
2669 ipf_firewall(fr_info_t *fin, u_32_t *passp)
2671 ipf_main_softc_t *softc = fin->fin_main_soft;
2676 out = fin->fin_out;
2683 fin->fin_fr = softc->ipf_rules[out][softc->ipf_active];
2684 if (fin->fin_fr != NULL)
2685 pass = ipf_scanlist(fin, softc->ipf_pass);
2690 fr = fin->fin_fr;
2697 DT2(frb_ppsrate, fr_info_t *, fin, frentry_t *, fr);
2701 fin->fin_reason = FRB_PPSRATE;
2710 if (ipf_auth_new(fin->fin_m, fin) != 0) {
2711 DT1(frb_authnew, fr_info_t *, fin);
2712 fin->fin_m = *fin->fin_mp = NULL;
2713 fin->fin_reason = FRB_AUTHNEW;
2714 fin->fin_error = 0;
2717 fin->fin_error = ENOSPC;
2723 (void) (*fr->fr_func)(fin, &pass);
2732 pass = ipf_auth_pre_scanlist(softc, fin, pass);
2740 if (fin->fin_flx & FI_FRAG) {
2741 if (ipf_frag_new(softc, fin, pass) == -1) {
2751 fr = fin->fin_fr;
2800 fr_info_t *fin = &frinfo;
2829 bzero((char *)fin, sizeof(*fin));
2833 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2835 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2837 fin->fin_qfm = m;
2838 fin->fin_qpi = qpi;
2845 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2849 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2853 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2875 bzero((char *)fin, sizeof(*fin));
2879 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2883 fin->fin_flx |= FI_MBCAST|FI_MULTICAST;
2887 fin->fin_flx |= FI_MBCAST|FI_BROADCAST;
2891 fin->fin_v = v;
2892 fin->fin_m = m;
2893 fin->fin_ip = ip;
2894 fin->fin_mp = mp;
2895 fin->fin_out = out;
2896 fin->fin_ifp = ifp;
2897 fin->fin_error = ENETUNREACH;
2898 fin->fin_hlen = (u_short)hlen;
2899 fin->fin_dp = (char *)ip + hlen;
2900 fin->fin_main_soft = softc;
2902 fin->fin_ipoff = (char *)ip - MTOD(m, char *);
2917 fin->fin_reason = FRB_JUMBO;
2920 fin->fin_family = AF_INET6;
2924 fin->fin_family = AF_INET;
2927 if (ipf_makefrip(hlen, ip, fin) == -1) {
2928 DT1(frb_makefrip, fr_info_t *, fin);
2930 fin->fin_reason = FRB_MAKEFRIP;
2938 if (*fin->fin_mp == NULL)
2943 if (softc->ipf_chksrc && !ipf_verifysrc(fin)) {
2945 fin->fin_flx |= FI_BADSRC;
2947 if (fin->fin_ip->ip_ttl < softc->ipf_minttl) {
2949 fin->fin_flx |= FI_LOWTTL;
2956 fin->fin_flx |= FI_LOWTTL;
2962 if (fin->fin_flx & FI_SHORT) {
2969 switch (fin->fin_v)
2972 if (ipf_nat_checkin(fin, &pass) == -1) {
2978 if (ipf_nat6_checkin(fin, &pass) == -1) {
2995 fr = ipf_auth_check(fin, &pass);
2997 (void) ipf_acctpkt(fin, NULL);
3000 if ((fin->fin_flx & FI_FRAG) != 0)
3001 fr = ipf_frag_known(fin, &pass);
3004 fr = ipf_state_check(fin, &pass);
3008 fr = ipf_firewall(fin, &pass);
3015 if ((pass & FR_KEEPSTATE) && (fin->fin_m != NULL) &&
3016 !(fin->fin_flx & FI_STATE)) {
3017 if (ipf_state_add(softc, fin, NULL, 0) == 0) {
3025 fin->fin_reason = FRB_STATEADD;
3030 fin->fin_fr = fr;
3031 if ((fr != NULL) && !(fin->fin_flx & FI_STATE)) {
3032 fin->fin_dif = &fr->fr_dif;
3033 fin->fin_tif = &fr->fr_tifs[fin->fin_rev];
3041 (void) ipf_acctpkt(fin, NULL);
3043 switch (fin->fin_v)
3046 if (ipf_nat_checkout(fin, &pass) == -1) {
3049 if (ipf_updateipid(fin) == -1) {
3054 fin->fin_reason = FRB_UPDATEIPID;
3062 (void) ipf_nat6_checkout(fin, &pass);
3073 (void) ipf_dolog(fin, &pass);
3083 fin->fin_flx &= ~FI_STATE;
3119 (void) ipf_send_icmp_err(ICMP_UNREACH, fin,
3123 !(fin->fin_flx & FI_SHORT)) {
3124 if (((fin->fin_flx & FI_OOW) != 0) ||
3125 (ipf_send_reset(fin) == 0)) {
3134 if (FR_ISAUTH(pass) && (fin->fin_m != NULL)) {
3135 DT1(frb_authcapture, fr_info_t *, fin);
3136 fin->fin_m = *fin->fin_mp = NULL;
3137 fin->fin_reason = FRB_AUTHCAPTURE;
3142 fin->fin_error = ECONNRESET;
3151 if (FR_ISBLOCK(pass) && (fin->fin_flx & FI_NEWNAT))
3152 ipf_nat_uncreate(fin);
3168 fdp = fin->fin_dif;
3170 (fdp->fd_ptr != (void *)-1) && (fin->fin_m != NULL)) {
3171 mc = M_COPY(fin->fin_m);
3173 ipf_fastroute(mc, &mc, fin, fdp);
3176 fdp = fin->fin_tif;
3182 (void) ipf_fastroute(fin->fin_m, mp, fin, NULL);
3187 ipf_fastroute(fin->fin_m, mp, fin, fdp);
3211 if ((fin->fin_hbuf != NULL) &&
3212 (mtod(fin->fin_m, struct ip *) != fin->fin_ip)) {
3213 COPYBACK(fin->fin_m, 0, fin->fin_plen, fin->fin_hbuf);
3220 if (fin->fin_m == NULL && fin->fin_flx & FI_BAD &&
3221 fin->fin_reason == FRB_PULLUP) {
3223 LBUMP(ipf_stats[out].fr_blocked[fin->fin_reason]);
3230 LBUMP(ipf_stats[out].fr_blocked[fin->fin_reason]);
3231 return fin->fin_error;
3234 (*mp)->mb_ifp = fin->fin_ifp;
3235 blockreason = fin->fin_reason;
3236 FR_VERBOSE(("fin_flx %#x pass %#x ", fin->fin_flx, pass));
3274 /* Parameters: fin(I) - pointer to packet information */
3281 ipf_dolog(fr_info_t *fin, u_32_t *passp)
3283 ipf_main_softc_t *softc = fin->fin_main_soft;
3287 out = fin->fin_out;
3309 if (ipf_log_pkt(fin, pass) == -1) {
3318 fin->fin_reason = FRB_LOGFAIL2;
3324 return fin->fin_fr;
3363 /* Parameters: fin(I) - pointer to packet information */
3378 fr_cksum(fr_info_t *fin, ip_t *ip, int l4proto, void *l4hdr)
3413 off = ((char *)fin->fin_dp - (char *)fin->fin_ip);
3436 slen = fin->fin_plen - off;
3466 sum2 = ipf_pcksum(fin, off, sum);
5531 /* Parameters: fin(I) - pointer to packet information */
5539 ipf_srcgrpmap(fr_info_t *fin, u_32_t *passp)
5544 rval = ipf_iphmfindgroup(fin->fin_main_soft, fin->fin_fr->fr_ptr,
5545 &fin->fin_src);
5550 fin->fin_fr = fg->fg_start;
5551 (void) ipf_scanlist(fin, *passp);
5552 return fin->fin_fr;
5559 /* Parameters: fin(I) - pointer to packet information */
5567 ipf_dstgrpmap(fr_info_t *fin, u_32_t *passp)
5572 rval = ipf_iphmfindgroup(fin->fin_main_soft, fin->fin_fr->fr_ptr,
5573 &fin->fin_dst);
5578 fin->fin_fr = fg->fg_start;
5579 (void) ipf_scanlist(fin, *passp);
5580 return fin->fin_fr;
5947 /* Parameters: fin(I) - pointer to packet information */
5957 ipf_updateipid(fr_info_t *fin)
5963 if (fin->fin_off != 0) {
5964 sum = ipf_frag_ipidknown(fin);
5970 id = ipf_nextipid(fin);
5971 if (fin->fin_off == 0 && (fin->fin_flx & FI_FRAG) != 0)
5972 (void) ipf_frag_ipidnew(fin, (u_32_t)id);
5975 ip = fin->fin_ip;
6491 /* Parameters: fin(I) - pointer to packet information */
6499 ipf_checkl4sum(fr_info_t *fin)
6510 if ((fin->fin_flx & (FI_FRAG|FI_SHORT|FI_BAD)) != 0)
6518 switch (fin->fin_p)
6521 csump = &((tcphdr_t *)fin->fin_dp)->th_sum;
6526 udp = fin->fin_dp;
6535 csump = &((struct icmp6_hdr *)fin->fin_dp)->icmp6_cksum;
6541 csump = &((struct icmp *)fin->fin_dp)->icmp_cksum;
6552 if (fin->fin_p == IPPROTO_UDP && hdrsum == 0xffff)
6557 sum = fr_cksum(fin, fin->fin_ip, fin->fin_p, fin->fin_dp);
6568 fin->fin_cksum = FI_CK_SUMOK;
6571 fin->fin_cksum = FI_CK_BAD;
6705 /* Parameters: fin(I) - pointer to packet information */
6711 ipf_coalesce(fr_info_t *fin)
6714 if ((fin->fin_flx & FI_COALESCE) != 0)
6721 if (fin->fin_m == NULL || fin->fin_mp == NULL)
6725 fin->fin_m, fin, fin->fin_plen) == NULL) {
6726 ipf_main_softc_t *softc = fin->fin_main_soft;
6728 DT1(frb_coalesce, fr_info_t *, fin);
6729 LBUMP(ipf_stats[fin->fin_out].fr_badcoalesces);
6731 FREE_MB_T(*fin->fin_mp);
6733 fin->fin_reason = FRB_COALESCE;
6734 *fin->fin_mp = NULL;
6735 fin->fin_m = NULL;
6739 fin = fin; /* LINT */
8206 /* Parameters: fin(I) - pointer to packet information */
8217 ipf_decaps(fr_info_t *fin, u_32_t pass, int l5proto)
8225 if ((fin->fin_flx & FI_COALESCE) == 0)
8226 if (ipf_coalesce(fin) == -1)
8229 m = fin->fin_m;
8230 hlen = fin->fin_hlen;
8232 switch (fin->fin_p)
8239 nh = fin->fin_fr->fr_icode;
8243 fin->fin_dp, (char *)&gre, sizeof(gre));
8269 s = fin->fin_dp;
8271 aplen = fin->fin_plen - hlen;
8289 hlen = s - (u_char *)fin->fin_dp;
8313 bcopy((char *)fin, (char *)&fin2, sizeof(fin2));
8314 fino = fin;
8315 fin = &fin2;
8323 fin->fin_plen -= elen;
8325 ip = (ip_t *)((char *)fin->fin_ip + elen);
8340 if (fin->fin_plen < hlen)
8343 fin->fin_dp = (char *)ip + hlen;
8353 if (ipf_makefrip(hlen, ip, fin) == -1) {
8364 DT1(frb_decapfrip, fr_info_t *, fin);
8367 fin->fin_reason = FRB_DECAPFRIP;
8371 pass = ipf_scanlist(fin, pass);
8378 fino->fin_flx = fin->fin_flx;
8379 fino->fin_rev = fin->fin_rev;
8380 fino->fin_icode = fin->fin_icode;
8381 fino->fin_rule = fin->fin_rule;
8382 (void) strncpy(fino->fin_group, fin->fin_group, FR_GROUPLEN);
8383 fino->fin_fr = fin->fin_fr;
8384 fino->fin_error = fin->fin_error;
8385 fino->fin_mp = fin->fin_mp;
8386 fino->fin_m = fin->fin_m;
8387 m = fin->fin_m;
8530 /* Parameters: fin(I) - pointer to packet information */
8538 ipf_fr_matcharray(fr_info_t *fin, int *array)
8560 if ((p != 0) && (p != fin->fin_p))
8567 rv |= (fin->fin_p == e->ipfe_arg0[i]);
8572 if (fin->fin_v != 4)
8575 rv |= ((fin->fin_saddr &
8582 if (fin->fin_v != 4)
8585 rv |= ((fin->fin_daddr &
8592 if (fin->fin_v != 4)
8595 rv |= ((fin->fin_saddr &
8598 ((fin->fin_daddr &
8606 if (fin->fin_v != 6)
8609 rv |= IP6_MASKEQ(&fin->fin_src6,
8616 if (fin->fin_v != 6)
8619 rv |= IP6_MASKEQ(&fin->fin_dst6,
8626 if (fin->fin_v != 6)
8629 rv |= IP6_MASKEQ(&fin->fin_src6,
8632 IP6_MASKEQ(&fin->fin_dst6,
8642 rv |= (fin->fin_sport == e->ipfe_arg0[i]) ||
8643 (fin->fin_dport == e->ipfe_arg0[i]);
8650 rv |= (fin->fin_sport == e->ipfe_arg0[i]);
8657 rv |= (fin->fin_dport == e->ipfe_arg0[i]);
8663 rv |= ((fin->fin_tcpf &
Indexes created Wed Oct 01 15:09:59 GMT 2025