Lines Matching defs:ifs
142 #define DOUBLE_HASH(x, ifs) \
143 (((x) + ifs->ifs_ips_seed[(x) % ifs->ifs_fr_statesize]) % ifs->ifs_fr_statesize)
149 /* Parameters: ifs - ipf stack instance */
154 int fr_stateinit(ifs)
155 ipf_stack_t *ifs;
162 KMALLOCS(ifs->ifs_ips_table, ipstate_t **,
163 ifs->ifs_fr_statesize * sizeof(ipstate_t *));
164 if (ifs->ifs_ips_table == NULL)
166 bzero((char *)ifs->ifs_ips_table,
167 ifs->ifs_fr_statesize * sizeof(ipstate_t *));
169 KMALLOCS(ifs->ifs_ips_seed, u_long *,
170 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_seed));
171 if (ifs->ifs_ips_seed == NULL)
177 for (i = 0; i < ifs->ifs_fr_statesize; i++) {
182 ifs->ifs_ips_seed[i] = ipf_random();
184 ifs->ifs_ips_seed[i] = ((u_long)ifs->ifs_ips_seed + i) *
185 ifs->ifs_fr_statesize;
186 ifs->ifs_ips_seed[i] += tv.tv_sec;
187 ifs->ifs_ips_seed[i] *= (u_long)ifs->ifs_ips_seed;
188 ifs->ifs_ips_seed[i] ^= 0x5a5aa5a5;
189 ifs->ifs_ips_seed[i] *= ifs->ifs_fr_statemax;
211 KMALLOCS(ifs->ifs_ips_stats.iss_bucketlen, u_long *,
212 ifs->ifs_fr_statesize * sizeof(u_long));
213 if (ifs->ifs_ips_stats.iss_bucketlen == NULL)
215 bzero((char *)ifs->ifs_ips_stats.iss_bucketlen,
216 ifs->ifs_fr_statesize * sizeof(u_long));
218 if (ifs->ifs_fr_state_maxbucket == 0) {
219 for (i = ifs->ifs_fr_statesize; i > 0; i >>= 1)
220 ifs->ifs_fr_state_maxbucket++;
221 ifs->ifs_fr_state_maxbucket *= 2;
224 fr_sttab_init(ifs->ifs_ips_tqtqb, ifs);
225 ifs->ifs_ips_tqtqb[IPF_TCP_NSTATES - 1].ifq_next = &ifs->ifs_ips_udptq;
226 ifs->ifs_ips_udptq.ifq_ttl = (u_long)ifs->ifs_fr_udptimeout;
227 ifs->ifs_ips_udptq.ifq_ref = 1;
228 ifs->ifs_ips_udptq.ifq_head = NULL;
229 ifs->ifs_ips_udptq.ifq_tail = &ifs->ifs_ips_udptq.ifq_head;
230 MUTEX_INIT(&ifs->ifs_ips_udptq.ifq_lock, "ipftq udp tab");
231 ifs->ifs_ips_udptq.ifq_next = &ifs->ifs_ips_udpacktq;
232 ifs->ifs_ips_udpacktq.ifq_ttl = (u_long)ifs->ifs_fr_udpacktimeout;
233 ifs->ifs_ips_udpacktq.ifq_ref = 1;
234 ifs->ifs_ips_udpacktq.ifq_head = NULL;
235 ifs->ifs_ips_udpacktq.ifq_tail = &ifs->ifs_ips_udpacktq.ifq_head;
236 MUTEX_INIT(&ifs->ifs_ips_udpacktq.ifq_lock, "ipftq udpack tab");
237 ifs->ifs_ips_udpacktq.ifq_next = &ifs->ifs_ips_icmptq;
238 ifs->ifs_ips_icmptq.ifq_ttl = (u_long)ifs->ifs_fr_icmptimeout;
239 ifs->ifs_ips_icmptq.ifq_ref = 1;
240 ifs->ifs_ips_icmptq.ifq_head = NULL;
241 ifs->ifs_ips_icmptq.ifq_tail = &ifs->ifs_ips_icmptq.ifq_head;
242 MUTEX_INIT(&ifs->ifs_ips_icmptq.ifq_lock, "ipftq icmp tab");
243 ifs->ifs_ips_icmptq.ifq_next = &ifs->ifs_ips_icmpacktq;
244 ifs->ifs_ips_icmpacktq.ifq_ttl = (u_long)ifs->ifs_fr_icmpacktimeout;
245 ifs->ifs_ips_icmpacktq.ifq_ref = 1;
246 ifs->ifs_ips_icmpacktq.ifq_head = NULL;
247 ifs->ifs_ips_icmpacktq.ifq_tail = &ifs->ifs_ips_icmpacktq.ifq_head;
248 MUTEX_INIT(&ifs->ifs_ips_icmpacktq.ifq_lock, "ipftq icmpack tab");
249 ifs->ifs_ips_icmpacktq.ifq_next = &ifs->ifs_ips_iptq;
250 ifs->ifs_ips_iptq.ifq_ttl = (u_long)ifs->ifs_fr_iptimeout;
251 ifs->ifs_ips_iptq.ifq_ref = 1;
252 ifs->ifs_ips_iptq.ifq_head = NULL;
253 ifs->ifs_ips_iptq.ifq_tail = &ifs->ifs_ips_iptq.ifq_head;
254 MUTEX_INIT(&ifs->ifs_ips_iptq.ifq_lock, "ipftq ip tab");
255 ifs->ifs_ips_iptq.ifq_next = &ifs->ifs_ips_deletetq;
257 ifs->ifs_ips_deletetq.ifq_ttl = (u_long) 1;
258 ifs->ifs_ips_deletetq.ifq_ref = 1;
259 ifs->ifs_ips_deletetq.ifq_head = NULL;
260 ifs->ifs_ips_deletetq.ifq_tail = &ifs->ifs_ips_deletetq.ifq_head;
261 MUTEX_INIT(&ifs->ifs_ips_deletetq.ifq_lock, "state delete queue");
262 ifs->ifs_ips_deletetq.ifq_next = NULL;
264 RWLOCK_INIT(&ifs->ifs_ipf_state, "ipf IP state rwlock");
265 MUTEX_INIT(&ifs->ifs_ipf_stinsert, "ipf state insert mutex");
266 ifs->ifs_fr_state_init = 1;
268 ifs->ifs_ips_last_force_flush = ifs->ifs_fr_ticks;
276 /* Parameters: ifs - ipf stack instance */
281 void fr_stateunload(ifs)
282 ipf_stack_t *ifs;
287 while ((is = ifs->ifs_ips_list) != NULL)
288 (void) fr_delstate(is, 0, ifs);
297 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifqnext) {
301 fr_freetimeoutqueue(ifq, ifs);
304 ifs->ifs_ips_stats.iss_inuse = 0;
305 ifs->ifs_ips_num = 0;
307 if (ifs->ifs_fr_state_init == 1) {
308 fr_sttab_destroy(ifs->ifs_ips_tqtqb);
309 MUTEX_DESTROY(&ifs->ifs_ips_udptq.ifq_lock);
310 MUTEX_DESTROY(&ifs->ifs_ips_icmptq.ifq_lock);
311 MUTEX_DESTROY(&ifs->ifs_ips_udpacktq.ifq_lock);
312 MUTEX_DESTROY(&ifs->ifs_ips_icmpacktq.ifq_lock);
313 MUTEX_DESTROY(&ifs->ifs_ips_iptq.ifq_lock);
314 MUTEX_DESTROY(&ifs->ifs_ips_deletetq.ifq_lock);
317 if (ifs->ifs_ips_table != NULL) {
318 KFREES(ifs->ifs_ips_table,
319 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_table));
320 ifs->ifs_ips_table = NULL;
323 if (ifs->ifs_ips_seed != NULL) {
324 KFREES(ifs->ifs_ips_seed,
325 ifs->ifs_fr_statesize * sizeof(*ifs->ifs_ips_seed));
326 ifs->ifs_ips_seed = NULL;
329 if (ifs->ifs_ips_stats.iss_bucketlen != NULL) {
330 KFREES(ifs->ifs_ips_stats.iss_bucketlen,
331 ifs->ifs_fr_statesize * sizeof(u_long));
332 ifs->ifs_ips_stats.iss_bucketlen = NULL;
335 if (ifs->ifs_fr_state_maxbucket_reset == 1)
336 ifs->ifs_fr_state_maxbucket = 0;
338 if (ifs->ifs_fr_state_init == 1) {
339 ifs->ifs_fr_state_init = 0;
340 RW_DESTROY(&ifs->ifs_ipf_state);
341 MUTEX_DESTROY(&ifs->ifs_ipf_stinsert);
354 static ips_stat_t *fr_statetstats(ifs)
355 ipf_stack_t *ifs;
357 ifs->ifs_ips_stats.iss_active = ifs->ifs_ips_num;
358 ifs->ifs_ips_stats.iss_statesize = ifs->ifs_fr_statesize;
359 ifs->ifs_ips_stats.iss_statemax = ifs->ifs_fr_statemax;
360 ifs->ifs_ips_stats.iss_table = ifs->ifs_ips_table;
361 ifs->ifs_ips_stats.iss_list = ifs->ifs_ips_list;
362 ifs->ifs_ips_stats.iss_ticks = ifs->ifs_fr_ticks;
363 return &ifs->ifs_ips_stats;
370 /* ifs - ipf stack instance */
375 static int fr_state_remove(data, ifs)
377 ipf_stack_t *ifs;
387 WRITE_ENTER(&ifs->ifs_ipf_state);
388 for (sp = ifs->ifs_ips_list; sp; sp = sp->is_next)
396 (void) fr_delstate(sp, ISL_REMOVE, ifs);
397 RWLOCK_EXIT(&ifs->ifs_ipf_state);
400 RWLOCK_EXIT(&ifs->ifs_ipf_state);
413 /* ifs - ipf stack instance */
417 int fr_state_ioctl(data, cmd, mode, uid, ctx, ifs)
422 ipf_stack_t *ifs;
432 error = fr_state_remove(data, ifs);
443 WRITE_ENTER(&ifs->ifs_ipf_state);
444 ret = fr_state_flush(arg, 4, ifs);
445 RWLOCK_EXIT(&ifs->ifs_ipf_state);
463 WRITE_ENTER(&ifs->ifs_ipf_state);
464 ret = fr_state_flush(arg, 6, ifs);
465 RWLOCK_EXIT(&ifs->ifs_ipf_state);
486 tmp = ipflog_clear(IPL_LOGSTATE, ifs);
500 (char *)&ifs->ifs_ipstate_logging,
501 sizeof(ifs->ifs_ipstate_logging));
510 error = BCOPYOUT((char *)&ifs->ifs_ipstate_logging,
512 sizeof(ifs->ifs_ipstate_logging));
520 arg = ifs->ifs_iplused[IPL_LOGSTATE]; /* returned in an int */
530 error = fr_outobj(data, fr_statetstats(ifs), IPFOBJ_STATESTAT);
540 error = fr_lock(data, &ifs->ifs_fr_state_lock);
547 if (!ifs->ifs_fr_state_lock || !(mode & FWRITE)) {
551 error = fr_stputent(data, ifs);
557 if (!ifs->ifs_fr_state_lock) {
561 error = fr_stgetent(data, ifs);
573 token = ipf_findtoken(IPFGENITER_STATE, uid, ctx, ifs);
575 error = fr_stateiter(token, &iter, ifs);
578 RWLOCK_EXIT(&ifs->ifs_ipf_tokens);
587 error = ipf_deltoken(arg, uid, ctx, ifs);
610 int fr_stgetent(data, ifs)
612 ipf_stack_t *ifs;
624 isn = ifs->ifs_ips_list;
636 for (is = ifs->ifs_ips_list; is; is = is->is_next)
659 /* ifs - ipf stack instance */
666 int fr_stputent(data, ifs)
668 ipf_stack_t *ifs;
684 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
685 ifs->ifs_fr_state_doflush = 1;
691 if (ifs->ifs_ips_num >= ifs->ifs_fr_statemax) {
692 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
714 READ_ENTER(&ifs->ifs_ipf_state);
715 fr_stinsert(isn, 0, ifs);
717 RWLOCK_EXIT(&ifs->ifs_ipf_state);
738 fr->fr_ifas[i] = fr_resolvenic(name, fr->fr_v, ifs);
740 isn->is_ifp[i] = fr_resolvenic(name, isn->is_v, ifs);
748 fr_resolvedest(&fr->fr_tif, fr->fr_v, ifs);
749 fr_resolvedest(&fr->fr_dif, fr->fr_v, ifs);
750 fr_resolvedest(&fr->fr_rif, fr->fr_v, ifs);
763 READ_ENTER(&ifs->ifs_ipf_state);
764 fr_stinsert(isn, 0, ifs);
766 RWLOCK_EXIT(&ifs->ifs_ipf_state);
769 READ_ENTER(&ifs->ifs_ipf_state);
770 for (is = ifs->ifs_ips_list; is; is = is->is_next)
772 fr_stinsert(isn, 0, ifs);
781 RWLOCK_EXIT(&ifs->ifs_ipf_state);
803 void fr_stinsert(is, rev, ifs)
806 ipf_stack_t *ifs;
828 is->is_ifp[i] = fr_resolvenic(is->is_ifname[i], is->is_v, ifs);
835 hv = is->is_hv % ifs->ifs_fr_statesize;
844 MUTEX_ENTER(&ifs->ifs_ipf_stinsert);
849 if (ifs->ifs_ips_list != NULL)
850 ifs->ifs_ips_list->is_pnext = &is->is_next;
851 is->is_pnext = &ifs->ifs_ips_list;
852 is->is_next = ifs->ifs_ips_list;
853 ifs->ifs_ips_list = is;
855 if (ifs->ifs_ips_table[hv] != NULL)
856 ifs->ifs_ips_table[hv]->is_phnext = &is->is_hnext;
858 ifs->ifs_ips_stats.iss_inuse++;
859 is->is_phnext = ifs->ifs_ips_table + hv;
860 is->is_hnext = ifs->ifs_ips_table[hv];
861 ifs->ifs_ips_table[hv] = is;
862 ifs->ifs_ips_stats.iss_bucketlen[hv]++;
863 ifs->ifs_ips_num++;
864 MUTEX_EXIT(&ifs->ifs_ipf_stinsert);
866 fr_setstatequeue(is, rev, ifs);
1126 ipf_stack_t *ifs = fin->fin_ifs;
1128 if (ifs->ifs_fr_state_lock ||
1139 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
1140 ifs->ifs_fr_state_doflush = 1;
1160 if ((ifs->ifs_ips_num >= ifs->ifs_fr_statemax) &&
1162 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
1167 ATOMIC_INCL(ifs->ifs_ips_stats.iss_maxref);
1168 ifs->ifs_fr_state_doflush = 1;
1180 pass = ifs->ifs_fr_flags;
1186 is->is_die = 1 + ifs->ifs_fr_ticks;
1281 ATOMIC_INCL(ifs->ifs_ips_stats.iss_icmp);
1300 ATOMIC_INCL(ifs->ifs_ips_stats.iss_icmp);
1380 ATOMIC_INCL(ifs->ifs_ips_stats.iss_tcp);
1392 ATOMIC_INCL(ifs->ifs_ips_stats.iss_udp);
1398 hv = DOUBLE_HASH(hv, ifs);
1406 for (is = ifs->ifs_ips_table[is->is_hv % ifs->ifs_fr_statesize];
1420 if (ifs->ifs_ips_stats.iss_bucketlen[hv] >= ifs->ifs_fr_state_maxbucket) {
1421 ATOMIC_INCL(ifs->ifs_ips_stats.iss_bucketfull);
1426 ATOMIC_INCL(ifs->ifs_ips_stats.iss_nomem);
1437 fr_addtimeoutqueue(&ifs->ifs_ips_utqe,
1438 fr->fr_age[0], ifs);
1443 fr_addtimeoutqueue(&ifs->ifs_ips_utqe,
1444 fr->fr_age[1], ifs);
1491 ATOMIC_INCL(ifs->ifs_ips_stats.iss_wild);
1499 READ_ENTER(&ifs->ifs_ipf_state);
1502 fr_stinsert(is, fin->fin_rev, ifs);
1510 (void) fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
1524 if (ifs->ifs_ipstate_logging)
1525 ipstate_log(is, ISL_NEW, ifs);
1527 RWLOCK_EXIT(&ifs->ifs_ipf_state);
1652 ipf_stack_t *ifs = fin->fin_ifs;
1681 if (is->is_sti.tqe_ifq != &ifs->ifs_ips_deletetq)
1705 ret = fr_tcp_age(&is->is_sti, fin, ifs->ifs_ips_tqtqb,
2017 ipf_stack_t *ifs = fin->fin_ifs;
2023 if (ST_TAB_WATER_LEVEL(ifs) > ifs->ifs_state_flush_level_hi)
2024 ifs->ifs_fr_state_doflush = 1;
2031 if (ifs->ifs_ips_num >= ifs->ifs_fr_statemax) {
2032 ATOMIC_INCL(ifs->ifs_ips_stats.iss_max);
2043 clone->is_die = ONE_DAY + ifs->ifs_fr_ticks;
2070 fr_stinsert(clone, fin->fin_rev, ifs);
2073 (void) fr_tcp_age(&clone->is_sti, fin, ifs->ifs_ips_tqtqb,
2112 ipf_stack_t *ifs = fin->fin_ifs;
2249 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
2291 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
2314 if ((flags & SI_CLONED) && ifs->ifs_ipstate_logging)
2315 ipstate_log(is, ISL_CLONE, ifs);
2379 ipf_stack_t *ifs = fin->fin_ifs;
2502 hv = DOUBLE_HASH(hv, ifs);
2504 READ_ENTER(&ifs->ifs_ipf_state);
2505 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2515 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2533 ifs->ifs_ips_stats.iss_hits++;
2538 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2558 hv = DOUBLE_HASH(hv, ifs);
2560 READ_ENTER(&ifs->ifs_ipf_state);
2561 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2590 ifs->ifs_ips_stats.iss_hits++;
2600 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2614 static void fr_ipsmove(is, hv, ifs)
2617 ipf_stack_t *ifs;
2622 ASSERT(rw_read_locked(&ifs->ifs_ipf_state.ipf_lk) == 0);
2632 if (ifs->ifs_ips_table[hvm] == NULL)
2633 ifs->ifs_ips_stats.iss_inuse--;
2634 ifs->ifs_ips_stats.iss_bucketlen[hvm]--;
2639 hvm = DOUBLE_HASH(hv, ifs);
2641 isp = &ifs->ifs_ips_table[hvm];
2645 ifs->ifs_ips_stats.iss_inuse++;
2646 ifs->ifs_ips_stats.iss_bucketlen[hvm]++;
2678 ipf_stack_t *ifs = fin->fin_ifs;
2730 READ_ENTER(&ifs->ifs_ipf_state);
2732 hvm = DOUBLE_HASH(hv, ifs);
2733 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2742 ifq = &ifs->ifs_ips_icmpacktq;
2744 ifq = &ifs->ifs_ips_icmptq;
2755 fr_ipsmove(is, hv, ifs);
2756 MUTEX_DOWNGRADE(&ifs->ifs_ipf_state);
2760 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2772 if ((ifs->ifs_ips_stats.iss_wild != 0) && (v == 6) && (tryagain == 0) &&
2779 WRITE_ENTER(&ifs->ifs_ipf_state);
2793 hv = DOUBLE_HASH(hv, ifs);
2794 READ_ENTER(&ifs->ifs_ipf_state);
2795 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
2804 ifq = &ifs->ifs_ips_icmpacktq;
2806 ifq = &ifs->ifs_ips_icmptq;
2811 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2824 READ_ENTER(&ifs->ifs_ipf_state);
2826 hvm = DOUBLE_HASH(hv, ifs);
2827 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2848 fr_ipsmove(is, hv, ifs);
2849 MUTEX_DOWNGRADE(&ifs->ifs_ipf_state);
2853 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2855 if (ifs->ifs_ips_stats.iss_wild) {
2877 WRITE_ENTER(&ifs->ifs_ipf_state);
2894 hvm = DOUBLE_HASH(hv, ifs);
2895 READ_ENTER(&ifs->ifs_ipf_state);
2896 for (isp = &ifs->ifs_ips_table[hvm]; ((is = *isp) != NULL); ) {
2902 ifq = &ifs->ifs_ips_iptq;
2907 RWLOCK_EXIT(&ifs->ifs_ipf_state);
2938 ipf_stack_t *ifs = fin->fin_ifs;
2952 fr_movequeue(tqe, tqe->tqe_ifq, ifq, ifs);
2964 ATOMIC_INCL(ifs->ifs_ips_stats.iss_hits);
2996 ipf_stack_t *ifs = fin->fin_ifs;
2998 if (ifs->ifs_fr_state_lock || (ifs->ifs_ips_list == NULL) ||
3055 ifq = &ifs->ifs_ips_udpacktq;
3057 ifq = &ifs->ifs_ips_udptq;
3061 ATOMIC_INCL(ifs->ifs_ips_stats.iss_miss);
3070 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3074 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3086 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3186 void fr_statesync(action, v, ifp, name, ifs)
3190 ipf_stack_t *ifs;
3195 if (ifs->ifs_fr_running <= 0)
3198 WRITE_ENTER(&ifs->ifs_ipf_state);
3200 if (ifs->ifs_fr_running <= 0) {
3201 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3208 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3216 is->is_v, ifs);
3221 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3235 for (is = ifs->ifs_ips_list; is; is = is->is_next) {
3248 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3258 /* ifs - pointer to IPF stack */
3265 void fr_stateifindexsync(ifp, newifp, ifs)
3268 ipf_stack_t *ifs;
3273 WRITE_ENTER(&ifs->ifs_ipf_state);
3275 for (is = ifs->ifs_ips_list; is != NULL; is = is->is_next) {
3283 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3292 /* ifs - ipf stack instance */
3299 int fr_delstate(is, why, ifs)
3302 ipf_stack_t *ifs;
3306 ASSERT(rw_write_held(&ifs->ifs_ipf_global.ipf_lk) == 0 ||
3307 rw_write_held(&ifs->ifs_ipf_state.ipf_lk) == 0);
3321 if (ifs->ifs_ips_table[is->is_hv] == NULL)
3322 ifs->ifs_ips_stats.iss_inuse--;
3323 ifs->ifs_ips_stats.iss_bucketlen[is->is_hv]--;
3330 * Because ifs->ifs_ips_stats.iss_wild is a count of entries in the state
3336 ATOMIC_DECL(ifs->ifs_ips_stats.iss_wild);
3357 ifs->ifs_ips_stats.iss_orphans++;
3369 ifs->ifs_ips_stats.iss_orphans--;
3397 if (ifs->ifs_ipstate_logging != 0 && why != 0)
3398 ipstate_log(is, why, ifs);
3402 (void)fr_derefrule(&is->is_rule, ifs);
3407 ifs->ifs_ips_num--;
3416 /* Parameters: ifs - ipf stack instance */
3423 void fr_timeoutstate(ifs)
3424 ipf_stack_t *ifs;
3432 WRITE_ENTER(&ifs->ifs_ipf_state);
3433 for (ifq = ifs->ifs_ips_tqtqb; ifq != NULL; ifq = ifq->ifq_next)
3435 if (tqe->tqe_die > ifs->ifs_fr_ticks)
3439 (void) fr_delstate(is, ISL_EXPIRE, ifs);
3442 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifq->ifq_next) {
3444 if (tqe->tqe_die > ifs->ifs_fr_ticks)
3448 (void) fr_delstate(is, ISL_EXPIRE, ifs);
3452 for (ifq = ifs->ifs_ips_utqe; ifq != NULL; ifq = ifqnext) {
3457 fr_freetimeoutqueue(ifq, ifs);
3461 if (ifs->ifs_fr_state_doflush) {
3462 (void) fr_state_flush(FLUSH_TABLE_EXTRA, 0, ifs);
3463 ifs->ifs_fr_state_doflush = 0;
3465 RWLOCK_EXIT(&ifs->ifs_ipf_state);
3475 /* ifs - ipf stack instance */
3491 static int fr_state_flush(flush_option, proto, ifs)
3493 ipf_stack_t *ifs;
3505 isn = ifs->ifs_ips_list;
3510 if (fr_delstate(is, ISL_FLUSH, ifs) == 0)
3518 ifs->ifs_ips_tqtqb,
3519 ifs->ifs_ips_utqe,
3520 ifs);
3526 ifs->ifs_ips_tqtqb,
3527 ifs->ifs_ips_utqe,
3528 ifs);
3533 if (ifs->ifs_fr_ticks - ifs->ifs_ips_last_force_flush <
3536 ifs->ifs_ips_last_force_flush = ifs->ifs_fr_ticks;
3538 &ifs->ifs_ips_tqtqb[IPF_TCPS_ESTABLISHED],
3539 ifs->ifs_ips_utqe,
3540 ifs);
3591 ipf_stack_t *ifs = fin->fin_ifs;
3927 fr_movequeue(tqe, tqe->tqe_ifq, tqtab + nstate, ifs);
3944 void ipstate_log(is, type, ifs)
3947 ipf_stack_t *ifs;
3997 if (ipllog(IPL_LOGSTATE, NULL, items, sizes, types, 1, ifs)) {
3998 ATOMIC_INCL(ifs->ifs_ips_stats.iss_logged);
4000 ATOMIC_INCL(ifs->ifs_ips_stats.iss_logfail);
4032 ipf_stack_t *ifs = fin->fin_ifs;
4098 hv = DOUBLE_HASH(hv, ifs);
4100 READ_ENTER(&ifs->ifs_ipf_state);
4101 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
4118 ifs->ifs_ips_stats.iss_hits++;
4127 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4151 hv = DOUBLE_HASH(hv, ifs);
4153 READ_ENTER(&ifs->ifs_ipf_state);
4154 for (isp = &ifs->ifs_ips_table[hv]; ((is = *isp) != NULL); ) {
4168 ifs->ifs_ips_stats.iss_hits++;
4181 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4194 void fr_sttab_init(tqp, ifs)
4196 ipf_stack_t *ifs;
4209 tqp[IPF_TCPS_CLOSED].ifq_ttl = ifs->ifs_fr_tcpclosed;
4210 tqp[IPF_TCPS_LISTEN].ifq_ttl = ifs->ifs_fr_tcptimeout;
4211 tqp[IPF_TCPS_SYN_SENT].ifq_ttl = ifs->ifs_fr_tcptimeout;
4212 tqp[IPF_TCPS_SYN_RECEIVED].ifq_ttl = ifs->ifs_fr_tcptimeout;
4213 tqp[IPF_TCPS_ESTABLISHED].ifq_ttl = ifs->ifs_fr_tcpidletimeout;
4214 tqp[IPF_TCPS_CLOSE_WAIT].ifq_ttl = ifs->ifs_fr_tcphalfclosed;
4215 tqp[IPF_TCPS_FIN_WAIT_1].ifq_ttl = ifs->ifs_fr_tcphalfclosed;
4216 tqp[IPF_TCPS_CLOSING].ifq_ttl = ifs->ifs_fr_tcptimeout;
4217 tqp[IPF_TCPS_LAST_ACK].ifq_ttl = ifs->ifs_fr_tcplastack;
4218 tqp[IPF_TCPS_FIN_WAIT_2].ifq_ttl = ifs->ifs_fr_tcpclosewait;
4219 tqp[IPF_TCPS_TIME_WAIT].ifq_ttl = ifs->ifs_fr_tcptimeout;
4220 tqp[IPF_TCPS_HALF_ESTAB].ifq_ttl = ifs->ifs_fr_tcptimeout;
4246 /* ifs - ipf stack instance */
4255 void fr_statederef(isp, ifs)
4257 ipf_stack_t *ifs;
4271 (void) fr_delstate(is, ISL_ORPHAN, ifs);
4278 WRITE_ENTER(&ifs->ifs_ipf_state);
4279 (void) fr_delstate(is, ISL_EXPIRE, ifs);
4280 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4294 void fr_setstatequeue(is, rev, ifs)
4297 ipf_stack_t *ifs;
4313 nifq = &ifs->ifs_ips_icmpacktq;
4315 nifq = &ifs->ifs_ips_icmptq;
4320 nifq = &ifs->ifs_ips_icmpacktq;
4322 nifq = &ifs->ifs_ips_icmptq;
4325 nifq = ifs->ifs_ips_tqtqb + is->is_state[rev];
4330 nifq = &ifs->ifs_ips_udpacktq;
4332 nifq = &ifs->ifs_ips_udptq;
4336 nifq = &ifs->ifs_ips_iptq;
4347 fr_movequeue(&is->is_sti, oifq, nifq, ifs);
4349 fr_queueappend(&is->is_sti, nifq, is, ifs);
4363 static int fr_stateiter(token, itp, ifs)
4366 ipf_stack_t *ifs;
4383 READ_ENTER(&ifs->ifs_ipf_state);
4390 next = ifs->ifs_ips_list;
4415 RWLOCK_EXIT(&ifs->ifs_ipf_state);
4424 ipf_freetoken(token, ifs);
4428 fr_statederef(&is, ifs);
4430 ipf_freetoken(token, ifs);
4438 READ_ENTER(&ifs->ifs_ipf_state);