Lines Matching refs:ifs
946 ipf_stack_t *ifs = fin->fin_ifs;
997 if (icmp->icmp_nextmtu < ifs->ifs_fr_icmpminfragmtu)
1679 ipf_stack_t *ifs = fin->fin_ifs;
1718 i = (*fr->fr_srcfunc)(fr->fr_srcptr, fi->fi_v, lip, fin, ifs);
1761 i = (*fr->fr_dstfunc)(fr->fr_dstptr, fi->fi_v, lip, fin, ifs);
1867 ipf_stack_t *ifs = fin->fin_ifs;
2017 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_skip);
2019 IPF_BUMP(ifs->ifs_frstats[fin->fin_out].fr_pkl);
2059 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2061 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2095 ipf_stack_t *ifs = fin->fin_ifs;
2100 fr = ifs->ifs_ipacct6[fin->fin_out][ifs->ifs_fr_active];
2103 fr = ifs->ifs_ipacct[fin->fin_out][ifs->ifs_fr_active];
2112 IPF_BUMP(ifs->ifs_frstats[0].fr_acct);
2143 ipf_stack_t *ifs = fin->fin_ifs;
2150 fin->fin_fr = ifs->ifs_ipfilter6[out][ifs->ifs_fr_active];
2153 fin->fin_fr = ifs->ifs_ipfilter[out][ifs->ifs_fr_active];
2161 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2167 fc = &ifs->ifs_frcache[out][CACHE_HASH(fin)];
2168 READ_ENTER(&ifs->ifs_ipf_frcache);
2174 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2175 IPF_BUMP(ifs->ifs_frstats[out].fr_chit);
2183 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2185 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2189 WRITE_ENTER(&ifs->ifs_ipf_frcache);
2191 RWLOCK_EXIT(&ifs->ifs_ipf_frcache);
2198 IPF_BUMP(ifs->ifs_frstats[out].fr_nom);
2208 IPF_BUMP(ifs->ifs_frstats[out].fr_ppshit);
2239 if ((fin->fin_fr = ifs->ifs_ipauth) != NULL)
2240 pass = fr_scanlist(fin, ifs->ifs_fr_pass);
2250 IPF_BUMP(ifs->ifs_frstats[out].fr_bnfr);
2252 IPF_BUMP(ifs->ifs_frstats[out].fr_nfr);
2255 IPF_BUMP(ifs->ifs_frstats[out].fr_cfr);
2264 IPF_BUMP(ifs->ifs_frstats[out].fr_ads);
2266 IPF_BUMP(ifs->ifs_frstats[out].fr_bads);
2314 , qif, mp, ifs)
2317 , mp, ifs)
2324 ipf_stack_t *ifs;
2346 pass = ifs->ifs_fr_pass;
2362 if (ifs->ifs_fr_running <= 0) {
2424 fin->fin_ifs = ifs;
2430 IPF_BUMP(ifs->ifs_frstats[out].fr_ipv6);
2439 READ_ENTER(&ifs->ifs_ipf_mutex);
2455 READ_ENTER(&ifs->ifs_ipf_mutex);
2470 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2471 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2475 if (fin->fin_ip->ip_ttl < ifs->ifs_fr_minttl) {
2476 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2484 if (ifs->ifs_fr_chksrc && !fr_verifysrc(fin)) {
2485 IPF_BUMP(ifs->ifs_frstats[0].fr_badsrc);
2489 if (ip6->ip6_hlim < ifs->ifs_fr_minttl) {
2490 IPF_BUMP(ifs->ifs_frstats[0].fr_badttl);
2498 IPF_BUMP(ifs->ifs_frstats[out].fr_short);
2501 READ_ENTER(&ifs->ifs_ipf_mutex);
2516 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2523 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2557 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2564 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2573 if ((ifs->ifs_fr_update_ipid != 0) && (v == 4)) {
2575 IPF_BUMP(ifs->ifs_frstats[1].fr_ipud);
2579 IPF_BUMP(ifs->ifs_frstats[0].fr_ipud);
2585 if ((ifs->ifs_fr_flags & FF_LOGGING) || (pass & FR_LOGMASK)) {
2647 ifs->ifs_frstats[out].fr_ret);
2659 ifs->ifs_frstats[out].fr_block);
2660 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2667 IPF_BUMP(ifs->ifs_frstats[out].fr_ret);
2684 ifs->ifs_frstats[out].fr_ret);
2696 ifs->ifs_frstats[out].fr_block);
2697 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2703 IPF_BUMP(ifs->ifs_frstats[1].fr_ret);
2766 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2770 IPF_BUMP(ifs->ifs_frstats[out].fr_block);
2776 IPF_BUMP(ifs->ifs_frstats[out].fr_pass);
2846 ipf_stack_t *ifs = fin->fin_ifs;
2851 if ((ifs->ifs_fr_flags & FF_LOGNOMATCH) && (pass & FR_NOMATCH)) {
2853 IPF_BUMP(ifs->ifs_frstats[out].fr_npkl);
2856 (FR_ISPASS(pass) && (ifs->ifs_fr_flags & FF_LOGPASS))) {
2859 IPF_BUMP(ifs->ifs_frstats[out].fr_ppkl);
2862 (FR_ISBLOCK(pass) && (ifs->ifs_fr_flags & FF_LOGBLOCK))) {
2865 IPF_BUMP(ifs->ifs_frstats[out].fr_bpkl);
2868 IPF_BUMP(ifs->ifs_frstats[out].fr_skip);
3320 frgroup_t *fr_findgroup(group, unit, set, fgpp, ifs)
3325 ipf_stack_t *ifs;
3333 fgp = &ifs->ifs_ipfgroups[unit][set];
3361 frgroup_t *fr_addgroup(group, head, flags, unit, set, ifs)
3367 ipf_stack_t *ifs;
3381 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3415 void fr_delgroup(group, unit, set, ifs)
3419 ipf_stack_t *ifs;
3423 fg = fr_findgroup(group, unit, set, &fgp, ifs);
3446 frentry_t *fr_getrulen(unit, group, n, ifs)
3450 ipf_stack_t *ifs;
3455 fg = fr_findgroup(group, unit, ifs->ifs_fr_active, NULL, ifs);
3474 int fr_rulen(unit, fr, ifs)
3477 ipf_stack_t *ifs;
3485 fg = fr_findgroup(fr->fr_group, unit, ifs->ifs_fr_active, NULL, ifs);
3516 static int frflushlist(set, unit, nfreedp, listp, ifs)
3521 ipf_stack_t *ifs;
3534 (void) frflushlist(set, unit, nfreedp, fp->fr_grp, ifs);
3538 fr_delgroup(fp->fr_grhead, unit, set, ifs);
3544 if (fr_derefrule(&fp, ifs) == 0)
3561 int frflush(unit, proto, flags, ifs)
3564 ipf_stack_t *ifs;
3568 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3569 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
3571 set = ifs->ifs_fr_active;
3578 &flushed, &ifs->ifs_ipfilter6[1][set], ifs);
3580 &flushed, &ifs->ifs_ipacct6[1][set], ifs);
3584 &flushed, &ifs->ifs_ipfilter[1][set], ifs);
3586 &flushed, &ifs->ifs_ipacct[1][set], ifs);
3592 &flushed, &ifs->ifs_ipfilter6[0][set], ifs);
3594 &flushed, &ifs->ifs_ipacct6[0][set], ifs);
3598 &flushed, &ifs->ifs_ipfilter[0][set], ifs);
3600 &flushed, &ifs->ifs_ipacct[0][set], ifs);
3603 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
3608 tmp = frflush(IPL_LOGCOUNT, proto, flags, ifs);
3748 /* ifs - pointer to IPF stack instance */
3787 static void *fr_ifsync(action, v, newname, oldname, newifp, oldifp, ifs)
3791 ipf_stack_t *ifs;
3799 rval = fr_resolvenic(oldname, v, ifs);
3830 /* ifs - pointer to IPF stack instance */
3838 static void frsynclist(action, v, ifp, ifname, fr, ifs)
3843 ipf_stack_t *ifs;
3860 ifs);
3865 ifp, fdp->fd_ifp, ifs);
3869 ifp, fdp->fd_ifp, ifs);
3873 ifp, fdp->fd_ifp, ifs);
3884 ifs);
3891 ifs);
3900 &fr->fr_srcfunc, ifs);
3906 &fr->fr_dstfunc, ifs);
3932 void frsync(action, v, ifp, name, ifs)
3936 ipf_stack_t *ifs;
3940 WRITE_ENTER(&ifs->ifs_ipf_mutex);
3941 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[0][ifs->ifs_fr_active], ifs);
3942 frsynclist(action, v, ifp, name, ifs->ifs_ipacct[1][ifs->ifs_fr_active], ifs);
3943 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[0][ifs->ifs_fr_active], ifs);
3944 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter[1][ifs->ifs_fr_active], ifs);
3945 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[0][ifs->ifs_fr_active], ifs);
3946 frsynclist(action, v, ifp, name, ifs->ifs_ipacct6[1][ifs->ifs_fr_active], ifs);
3947 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[0][ifs->ifs_fr_active], ifs);
3948 frsynclist(action, v, ifp, name, ifs->ifs_ipfilter6[1][ifs->ifs_fr_active], ifs);
3953 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
3954 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3955 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
3956 frsynclist(action, v, ifp, name, g->fg_start, ifs);
3958 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4003 /* ifs - IPF's stack */
4021 void fr_ifindexsync(ifp, newifp, ifs)
4024 ipf_stack_t *ifs;
4030 rule_lists[0] = ifs->ifs_ipacct[0][ifs->ifs_fr_active];
4031 rule_lists[1] = ifs->ifs_ipacct[1][ifs->ifs_fr_active];
4032 rule_lists[2] = ifs->ifs_ipfilter[0][ifs->ifs_fr_active];
4033 rule_lists[3] = ifs->ifs_ipfilter[1][ifs->ifs_fr_active];
4034 rule_lists[4] = ifs->ifs_ipacct6[0][ifs->ifs_fr_active];
4035 rule_lists[5] = ifs->ifs_ipacct6[1][ifs->ifs_fr_active];
4036 rule_lists[6] = ifs->ifs_ipfilter6[0][ifs->ifs_fr_active];
4037 rule_lists[7] = ifs->ifs_ipfilter6[1][ifs->ifs_fr_active];
4049 for (g = ifs->ifs_ipfgroups[i][0]; g != NULL; g = g->fg_next)
4051 for (g = ifs->ifs_ipfgroups[i][1]; g != NULL; g = g->fg_next)
4157 void fr_getstat(fiop, ifs)
4159 ipf_stack_t *ifs;
4163 bcopy((char *)&ifs->ifs_frstats, (char *)fiop->f_st,
4165 fiop->f_locks[IPL_LOGSTATE] = ifs->ifs_fr_state_lock;
4166 fiop->f_locks[IPL_LOGNAT] = ifs->ifs_fr_nat_lock;
4167 fiop->f_locks[IPL_LOGIPF] = ifs->ifs_fr_frag_lock;
4168 fiop->f_locks[IPL_LOGAUTH] = ifs->ifs_fr_auth_lock;
4172 fiop->f_ipf[i][j] = ifs->ifs_ipfilter[i][j];
4173 fiop->f_acct[i][j] = ifs->ifs_ipacct[i][j];
4174 fiop->f_ipf6[i][j] = ifs->ifs_ipfilter6[i][j];
4175 fiop->f_acct6[i][j] = ifs->ifs_ipacct6[i][j];
4178 fiop->f_ticks = ifs->ifs_fr_ticks;
4179 fiop->f_active = ifs->ifs_fr_active;
4180 fiop->f_froute[0] = ifs->ifs_fr_frouteok[0];
4181 fiop->f_froute[1] = ifs->ifs_fr_frouteok[1];
4183 fiop->f_running = ifs->ifs_fr_running;
4185 fiop->f_groups[i][0] = ifs->ifs_ipfgroups[i][0];
4186 fiop->f_groups[i][1] = ifs->ifs_ipfgroups[i][1];
4193 fiop->f_defpass = ifs->ifs_fr_pass;
4304 /* ifs - ipf stack instance */
4311 static void *fr_resolvelookup(type, number, funcptr, ifs)
4314 ipf_stack_t *ifs;
4327 READ_ENTER(&ifs->ifs_ip_poolrw);
4336 ipo = ip_pool_find(IPL_LOGIPF, name, ifs);
4345 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
4357 RWLOCK_EXIT(&ifs->ifs_ip_poolrw);
4381 int frrequest(unit, req, data, set, makecopy, ifs)
4386 ipf_stack_t *ifs;
4440 error = fr_funcinit(fp, ifs);
4460 fg = fr_findgroup(group, unit, set, NULL, ifs);
4477 fprev = &ifs->ifs_ipauth;
4480 fprev = &ifs->ifs_ipacct[in][set];
4482 fprev = &ifs->ifs_ipfilter[in][set];
4485 fprev = &ifs->ifs_ipacct6[in][set];
4487 fprev = &ifs->ifs_ipfilter6[in][set];
4493 if (!fg && !(fg = fr_findgroup(group, unit, set, NULL, ifs)))
4584 &fp->fr_srcfunc, ifs);
4609 &fp->fr_dstfunc, ifs);
4632 frsynclist(0, 0, NULL, NULL, fp, ifs);
4649 WRITE_ENTER(&ifs->ifs_ipf_mutex);
4650 bzero((char *)ifs->ifs_frcache, sizeof (ifs->ifs_frcache));
4702 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4778 error = fr_preauthcmd(req, f, ftail, ifs);
4782 fr_delgroup(f->fr_grhead, unit, set, ifs);
4786 (void)fr_derefrule(&f, ifs);
4796 error = fr_preauthcmd(req, fp, ftail, ifs);
4826 unit, set, ifs);
4835 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
4851 static int fr_funcinit(fr, ifs)
4853 ipf_stack_t *ifs;
4864 err = (*ft->ipfu_init)(fr, ifs);
4996 int fr_derefrule(frp, ifs)
4998 ipf_stack_t *ifs;
5012 ip_lookup_deref(fr->fr_srctype, fr->fr_srcptr, ifs);
5014 ip_lookup_deref(fr->fr_dsttype, fr->fr_dstptr, ifs);
5042 static int fr_grpmapinit(fr, ifs)
5044 ipf_stack_t *ifs;
5054 iph = fr_findhtable(IPL_LOGIPF, name, ifs);
5080 ipf_stack_t *ifs = fin->fin_ifs;
5082 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_src, ifs);
5109 ipf_stack_t *ifs = fin->fin_ifs;
5111 rval = fr_iphmfindgroup(fin->fin_fr->fr_ptr, fin->fin_v, &fin->fin_dst, ifs);
5150 ipftq_t *fr_addtimeoutqueue(parent, seconds, ifs)
5153 ipf_stack_t *ifs;
5160 MUTEX_ENTER(&ifs->ifs_ipf_timeoutlock);
5171 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5187 ifs->ifs_fr_userifqs++;
5191 MUTEX_EXIT(&ifs->ifs_ipf_timeoutlock);
5237 void fr_freetimeoutqueue(ifq, ifs)
5239 ipf_stack_t *ifs;
5259 ifs->ifs_fr_userifqs--;
5343 void fr_queueback(tqe, ifs)
5345 ipf_stack_t *ifs;
5352 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5386 void fr_queueappend(tqe, ifq, parent, ifs)
5390 ipf_stack_t *ifs;
5400 tqe->tqe_die = ifs->ifs_fr_ticks + ifq->ifq_ttl;
5412 /* ifs - ipf stack instance */
5418 void fr_movequeue(tqe, oifq, nifq, ifs)
5421 ipf_stack_t *ifs;
5427 if (oifq == nifq && tqe->tqe_touched == ifs->ifs_fr_ticks)
5434 tqe->tqe_touched = ifs->ifs_fr_ticks;
5435 tqe->tqe_die = ifs->ifs_fr_ticks + nifq->ifq_ttl;
5600 INLINE int fr_ioctlswitch(unit, data, cmd, mode, uid, ctx, ifs)
5604 ipf_stack_t *ifs;
5614 if (ifs->ifs_fr_running > 0)
5615 error = fr_nat_ioctl(data, cmd, mode, uid, ctx, ifs);
5620 if (ifs->ifs_fr_running > 0)
5621 error = fr_state_ioctl(data, cmd, mode, uid, ctx, ifs);
5626 if (ifs->ifs_fr_running > 0) {
5633 ifs->ifs_fr_active, 1, ifs);
5636 error = fr_auth_ioctl(data, cmd, mode, uid, ctx, ifs);
5643 if (ifs->ifs_fr_running > 0)
5644 error = fr_sync_ioctl(data, cmd, mode, ifs);
5651 if (ifs->ifs_fr_running > 0)
5652 error = fr_scan_ioctl(data, cmd, mode, ifs);
5659 if (ifs->ifs_fr_running > 0)
5660 error = ip_lookup_ioctl(data, cmd, mode, uid, ctx, ifs);
5978 ipf_stack_t *ifs = fin->fin_ifs;
5983 net_data_p = ifs->ifs_ipf_ipv4;
5985 net_data_p = ifs->ifs_ipf_ipv6;
6200 ipf_stack_t *ifs = fin->fin_ifs;
6213 IPF_BUMP(ifs->ifs_fr_badcoalesces[fin->fin_out]);
6353 tune_lookup(ipf_stack_t *ifs, char *name)
6357 for (i = 0; ifs->ifs_ipf_tuneables[i].ipft_name != NULL; i++) {
6358 if (strcmp(ifs->ifs_ipf_tuneables[i].ipft_name, name) == 0)
6359 return (&ifs->ifs_ipf_tuneables[i]);
6372 /* Parameters: ifs - pointer to newly allocated IPF instance */
6384 static void ipftuneable_setdefs(ipf_stack_t *ifs)
6386 ifs->ifs_ipfr_size = IPFT_SIZE;
6387 ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */
6390 ifs->ifs_fr_authsize = FR_NUMAUTH;
6391 ifs->ifs_fr_defaultauthage = 600;
6394 ifs->ifs_fr_tcpidletimeout = IPF_TTLVAL(3600 * 24 * 5); /* five days */
6395 ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL);
6396 ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL);
6397 ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL);
6398 ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60);
6399 ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */
6400 ifs->ifs_fr_udptimeout = IPF_TTLVAL(120);
6401 ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12);
6402 ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60);
6403 ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6);
6404 ifs->ifs_fr_iptimeout = IPF_TTLVAL(60);
6405 ifs->ifs_fr_statemax = IPSTATE_MAX;
6406 ifs->ifs_fr_statesize = IPSTATE_SIZE;
6407 ifs->ifs_fr_state_maxbucket_reset = 1;
6408 ifs->ifs_state_flush_level_hi = ST_FLUSH_HI;
6409 ifs->ifs_state_flush_level_lo = ST_FLUSH_LO;
6412 ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ;
6413 ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX;
6414 ifs->ifs_ipf_natrules_sz = NAT_SIZE;
6415 ifs->ifs_ipf_rdrrules_sz = RDR_SIZE;
6416 ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE;
6417 ifs->ifs_fr_nat_maxbucket_reset = 1;
6418 ifs->ifs_fr_defnatage = DEF_NAT_AGE;
6419 ifs->ifs_fr_defnatipage = 120; /* 60 seconds */
6420 ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */
6421 ifs->ifs_nat_flush_level_hi = NAT_FLUSH_HI;
6422 ifs->ifs_nat_flush_level_lo = NAT_FLUSH_LO;
6426 ifs->ifs_ipl_suppress = 1;
6427 ifs->ifs_ipl_logmax = IPL_LOGMAX;
6428 ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE;
6431 ifs->ifs_nat_logging = 1;
6434 ifs->ifs_ipstate_logging = 1;
6437 ifs->ifs_nat_logging = 0;
6440 ifs->ifs_ipstate_logging = 0;
6442 ifs->ifs_ipf_loopback = 0;
6450 ipftuneable_alloc(ipf_stack_t *ifs)
6454 KMALLOCS(ifs->ifs_ipf_tuneables, ipftuneable_t *,
6456 bcopy(lcl_ipf_tuneables, ifs->ifs_ipf_tuneables,
6466 TUNE_SET(ifs, "fr_flags", ifs_fr_flags);
6467 TUNE_SET(ifs, "fr_active", ifs_fr_active);
6468 TUNE_SET(ifs, "fr_control_forwarding", ifs_fr_control_forwarding);
6469 TUNE_SET(ifs, "fr_update_ipid", ifs_fr_update_ipid);
6470 TUNE_SET(ifs, "fr_chksrc", ifs_fr_chksrc);
6471 TUNE_SET(ifs, "fr_minttl", ifs_fr_minttl);
6472 TUNE_SET(ifs, "fr_icmpminfragmtu", ifs_fr_icmpminfragmtu);
6473 TUNE_SET(ifs, "fr_pass", ifs_fr_pass);
6474 TUNE_SET(ifs, "fr_tcpidletimeout", ifs_fr_tcpidletimeout);
6475 TUNE_SET(ifs, "fr_tcpclosewait", ifs_fr_tcpclosewait);
6476 TUNE_SET(ifs, "fr_tcplastack", ifs_fr_tcplastack);
6477 TUNE_SET(ifs, "fr_tcptimeout", ifs_fr_tcptimeout);
6478 TUNE_SET(ifs, "fr_tcpclosed", ifs_fr_tcpclosed);
6479 TUNE_SET(ifs, "fr_tcphalfclosed", ifs_fr_tcphalfclosed);
6480 TUNE_SET(ifs, "fr_udptimeout", ifs_fr_udptimeout);
6481 TUNE_SET(ifs, "fr_udpacktimeout", ifs_fr_udpacktimeout);
6482 TUNE_SET(ifs, "fr_icmptimeout", ifs_fr_icmptimeout);
6483 TUNE_SET(ifs, "fr_icmpacktimeout", ifs_fr_icmpacktimeout);
6484 TUNE_SET(ifs, "fr_iptimeout", ifs_fr_iptimeout);
6485 TUNE_SET(ifs, "fr_statemax", ifs_fr_statemax);
6486 TUNE_SET(ifs, "fr_statesize", ifs_fr_statesize);
6487 TUNE_SET(ifs, "fr_state_lock", ifs_fr_state_lock);
6488 TUNE_SET(ifs, "fr_state_maxbucket", ifs_fr_state_maxbucket);
6489 TUNE_SET(ifs, "fr_state_maxbucket_reset", ifs_fr_state_maxbucket_reset);
6490 TUNE_SET(ifs, "ipstate_logging", ifs_ipstate_logging);
6491 TUNE_SET(ifs, "fr_nat_lock", ifs_fr_nat_lock);
6492 TUNE_SET(ifs, "ipf_nattable_sz", ifs_ipf_nattable_sz);
6493 TUNE_SET(ifs, "ipf_nattable_max", ifs_ipf_nattable_max);
6494 TUNE_SET(ifs, "ipf_natrules_sz", ifs_ipf_natrules_sz);
6495 TUNE_SET(ifs, "ipf_rdrrules_sz", ifs_ipf_rdrrules_sz);
6496 TUNE_SET(ifs, "ipf_hostmap_sz", ifs_ipf_hostmap_sz);
6497 TUNE_SET(ifs, "fr_nat_maxbucket", ifs_fr_nat_maxbucket);
6498 TUNE_SET(ifs, "fr_nat_maxbucket_reset", ifs_fr_nat_maxbucket_reset);
6499 TUNE_SET(ifs, "nat_logging", ifs_nat_logging);
6500 TUNE_SET(ifs, "fr_defnatage", ifs_fr_defnatage);
6501 TUNE_SET(ifs, "fr_defnatipage", ifs_fr_defnatipage);
6502 TUNE_SET(ifs, "fr_defnaticmpage", ifs_fr_defnaticmpage);
6503 TUNE_SET(ifs, "nat_flush_level_hi", ifs_nat_flush_level_hi);
6504 TUNE_SET(ifs, "nat_flush_level_lo", ifs_nat_flush_level_lo);
6505 TUNE_SET(ifs, "state_flush_level_hi", ifs_state_flush_level_hi);
6506 TUNE_SET(ifs, "state_flush_level_lo", ifs_state_flush_level_lo);
6507 TUNE_SET(ifs, "ipfr_size", ifs_ipfr_size);
6508 TUNE_SET(ifs, "fr_ipfrttl", ifs_fr_ipfrttl);
6509 TUNE_SET(ifs, "ipf_loopback", ifs_ipf_loopback);
6511 TUNE_SET(ifs, "ipl_suppress", ifs_ipl_suppress);
6512 TUNE_SET(ifs, "ipl_buffer_sz", ifs_ipl_buffer_sz);
6513 TUNE_SET(ifs, "ipl_logmax", ifs_ipl_logmax);
6514 TUNE_SET(ifs, "ipl_logall", ifs_ipl_logall);
6515 TUNE_SET(ifs, "ipl_logsize", ifs_ipl_logsize);
6519 ipftuneable_setdefs(ifs);
6522 (void) ipf_property_update(ipf_dev_info, ifs);
6527 ipftuneable_free(ipf_stack_t *ifs)
6529 KFREES(ifs->ifs_ipf_tuneables, sizeof (lcl_ipf_tuneables));
6530 ifs->ifs_ipf_tuneables = NULL;
6545 static ipftuneable_t *fr_findtunebycookie(cookie, next, ifs)
6547 ipf_stack_t * ifs;
6551 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6565 *next = &ifs->ifs_ipf_tunelist;
6570 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6592 static ipftuneable_t *fr_findtunebyname(name, ifs)
6594 ipf_stack_t *ifs;
6598 for (ta = ifs->ifs_ipf_tuneables; ta->ipft_name != NULL; ta++)
6603 for (ta = ifs->ifs_ipf_tunelist; ta != NULL; ta = ta->ipft_next)
6621 int fr_addipftune(newtune, ifs)
6623 ipf_stack_t *ifs;
6627 ta = fr_findtunebyname(newtune->ipft_name, ifs);
6631 for (tap = &ifs->ifs_ipf_tunelist; *tap != NULL; tap = &(*tap)->ipft_next)
6650 int fr_delipftune(oldtune, ifs)
6652 ipf_stack_t *ifs;
6656 for (tap = &ifs->ifs_ipf_tunelist; (ta = *tap) != NULL; tap = &ta->ipft_next)
6680 int fr_ipftune(cmd, data, ifs)
6683 ipf_stack_t *ifs;
6711 ta = fr_findtunebycookie(cookie, &tu.ipft_cookie, ifs);
6713 ta = ifs->ifs_ipf_tuneables;
6753 ta = fr_findtunebycookie(cookie, NULL, ifs);
6757 ta = fr_findtunebyname(tu.ipft_name, ifs);
6793 (ifs->ifs_fr_running > 0)) {
6839 int fr_initialise(ifs)
6840 ipf_stack_t *ifs;
6845 i = fr_loginit(ifs);
6849 i = fr_natinit(ifs);
6853 i = fr_stateinit(ifs);
6857 i = fr_authinit(ifs);
6861 i = fr_fraginit(ifs);
6865 i = appr_init(ifs);
6870 i = ipfsync_init(ifs);
6875 i = ipsc_init(ifs);
6880 i = ip_lookup_init(ifs);
6885 ipfrule_add(ifs);
6901 void fr_deinitialise(ifs)
6902 ipf_stack_t *ifs;
6904 fr_fragunload(ifs);
6905 fr_authunload(ifs);
6906 fr_natunload(ifs);
6907 fr_stateunload(ifs);
6909 fr_scanunload(ifs);
6911 appr_unload(ifs);
6914 ipfrule_remove(ifs);
6917 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6918 (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
6919 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
6920 (void) frflush(IPL_LOGCOUNT, 0, FR_INQUE|FR_OUTQUE, ifs);
6923 ip_lookup_unload(ifs);
6927 fr_logunload(ifs);
6941 int fr_zerostats(data, ifs)
6943 ipf_stack_t *ifs;
6948 fr_getstat(&fio, ifs);
6953 WRITE_ENTER(&ifs->ifs_ipf_mutex);
6954 bzero((char *)ifs->ifs_frstats, sizeof(*ifs->ifs_frstats) * 2);
6955 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
6974 void fr_resolvedest(fdp, v, ifs)
6977 ipf_stack_t *ifs;
6982 fdp->fd_ifp = GETIFP(fdp->fd_ifname, v, ifs);
7012 void *fr_resolvenic(name, v, ifs)
7015 ipf_stack_t *ifs;
7028 nic = GETIFP(name, v, ifs);
7038 /* Parameters: ifs - ipf stack instance */
7043 void ipf_expiretokens(ifs)
7044 ipf_stack_t *ifs;
7048 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7049 while ((it = ifs->ifs_ipftokenhead) != NULL) {
7050 if (it->ipt_die > ifs->ifs_fr_ticks)
7053 ipf_freetoken(it, ifs);
7055 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7065 /* ifs - ipf stack instance */
7071 int ipf_deltoken(type, uid, ptr, ifs)
7074 ipf_stack_t *ifs;
7079 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7080 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next)
7083 ipf_freetoken(it, ifs);
7087 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7097 /* ifs - ipf stack instance */
7103 static void ipf_unlinktoken(token, ifs)
7105 ipf_stack_t *ifs;
7108 if (ifs->ifs_ipftokentail == &token->ipt_next)
7109 ifs->ifs_ipftokentail = token->ipt_pnext;
7123 /* ifs - ipf stack instance */
7133 ipftoken_t *ipf_findtoken(type, uid, ptr, ifs)
7136 ipf_stack_t *ifs;
7142 WRITE_ENTER(&ifs->ifs_ipf_tokens);
7143 for (it = ifs->ifs_ipftokenhead; it != NULL; it = it->ipt_next) {
7168 ipf_unlinktoken(it, ifs);
7170 it->ipt_pnext = ifs->ifs_ipftokentail;
7171 *ifs->ifs_ipftokentail = it;
7172 ifs->ifs_ipftokentail = &it->ipt_next;
7175 it->ipt_die = ifs->ifs_fr_ticks + 2;
7177 MUTEX_DOWNGRADE(&ifs->ifs_ipf_tokens);
7187 /* ifs - ipf stack instance */
7194 void ipf_freetoken(token, ifs)
7196 ipf_stack_t *ifs;
7200 ipf_unlinktoken(token, ifs);
7209 (void)fr_derefrule((frentry_t **)datap, ifs);
7212 WRITE_ENTER(&ifs->ifs_ipf_nat);
7213 fr_ipnatderef((ipnat_t **)datap, ifs);
7214 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7217 fr_natderef((nat_t **)datap, ifs);
7220 fr_statederef((ipstate_t **)datap, ifs);
7223 fr_fragderef((ipfr_t **)datap, &ifs->ifs_ipf_frag, ifs);
7227 &ifs->ifs_ipf_natfrag, ifs);
7230 WRITE_ENTER(&ifs->ifs_ipf_nat);
7232 RWLOCK_EXIT(&ifs->ifs_ipf_nat);
7235 (void) ip_lookup_iterderef(token->ipt_type, data, ifs);
7249 /* ifs - ipf stack instance */
7259 int ipf_getnextrule(t, ptr, ifs)
7262 ipf_stack_t *ifs;
7292 READ_ENTER(&ifs->ifs_ipf_mutex);
7307 next = ifs->ifs_ipacct
7310 next = ifs->ifs_ipacct6
7314 next = ifs->ifs_ipfilter
7317 next = ifs->ifs_ipfilter6
7322 it.iri_active, NULL, ifs);
7356 RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
7365 ipf_freetoken(t, ifs);
7369 (void) fr_derefrule(&fr, ifs);
7380 ipf_freetoken(t, ifs);
7388 READ_ENTER(&ifs->ifs_ipf_mutex);
7403 /* ifs - ipf stack instance */
7409 int ipf_frruleiter(data, uid, ctx, ifs)
7412 ipf_stack_t *ifs;
7417 token = ipf_findtoken(IPFGENITER_IPF, uid, ctx, ifs);
7419 error = ipf_getnextrule(token, data, ifs);
7422 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7433 /* ifs - ipf stack instance */
7438 int ipf_geniter(token, itp, ifs)
7441 ipf_stack_t *ifs;
7448 error = fr_nextfrag(token, itp, &ifs->ifs_ipfr_list,
7449 &ifs->ifs_ipfr_tail, &ifs->ifs_ipf_frag,
7450 ifs);
7467 /* ifs - ipf stack instance */
7474 int ipf_genericiter(data, uid, ctx, ifs)
7477 ipf_stack_t *ifs;
7487 token = ipf_findtoken(iter.igi_type, uid, ctx, ifs);
7490 error = ipf_geniter(token, &iter, ifs);
7493 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
7505 /* ifs - ipf stack instance */
7511 int ipf_earlydrop(flushtype, ifq, idletime, ifs)
7515 ipf_stack_t *ifs;
7533 droptick = ifs->ifs_fr_ticks - idletime;
7541 if (nat_delete((nat_t *)ent, NL_FLUSH, ifs) == 0)
7545 if (fr_delstate((ipstate_t *)ent, ISL_FLUSH, ifs) == 0)
7563 /* ifs - ipf stack instance */
7569 int ipf_flushclosing(flushtype, stateval, ipfqs, userqs, ifs)
7572 ipf_stack_t *ifs;
7589 dropped += ipf_earlydrop(flushtype, ifq, (int)0, ifs);
7609 (nat_delete(nat, NL_EXPIRE, ifs) == 0))
7617 (fr_delstate(is, ISL_EXPIRE, ifs) == 0))
7635 /* ifs - ipf stack instance */
7643 int ipf_extraflush(flushtype, ipfqs, userqs, ifs)
7646 ipf_stack_t *ifs;
7664 if (ifs->ifs_fr_ticks < idletime_tab[0])
7667 if (ifs->ifs_fr_ticks > idletime_tab[idle_idx]) {
7671 (ifs->ifs_fr_ticks < idletime_tab[idle_idx]))
7674 idletime = (ifs->ifs_fr_ticks /
7685 if (NAT_TAB_WATER_LEVEL(ifs) <=
7686 ifs->ifs_nat_flush_level_lo)
7689 if (ST_TAB_WATER_LEVEL(ifs) <=
7690 ifs->ifs_state_flush_level_lo)
7696 removed += ipf_earlydrop(flushtype, ipfqs, idletime, ifs);
7703 if (NAT_TAB_WATER_LEVEL(ifs) <=
7704 ifs->ifs_nat_flush_level_lo)
7707 if (ST_TAB_WATER_LEVEL(ifs) <=
7708 ifs->ifs_state_flush_level_lo)
7714 removed += ipf_earlydrop(flushtype, ifq, idletime, ifs);