Lines Matching defs:pd
1001 struct pf_pdesc pd;
1065 memset(&pd, 0, sizeof(pd));
1066 pd.pf_mtag = pf_find_mtag(m);
1096 pf_normalize_ip(u_short *reason, struct pf_pdesc *pd)
1099 struct ip *h = mtod(pd->m, struct ip *);
1125 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot)
1127 else if (r->direction && r->direction != pd->dir)
1135 r->src.neg, pd->kif, M_GETFIB(pd->m)))
1139 r->dst.neg, NULL, M_GETFIB(pd->m)))
1141 else if (r->match_tag && !pf_match_tag(pd->m, r, &tag,
1142 pd->pf_mtag ? pd->pf_mtag->tag : 0))
1155 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1);
1156 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len);
1158 pf_rule_to_actions(r, &pd->act);
1219 verdict = pf_reassemble(&pd->m, pd->dir, reason);
1225 if (pd->m == NULL)
1228 h = mtod(pd->m, struct ip *);
1229 pd->tot_len = htons(h->ip_len);
1248 PFLOG_PACKET(PF_DROP, *reason, r, NULL, NULL, pd, 1);
1257 struct pf_pdesc *pd)
1278 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot)
1280 else if (r->direction && r->direction != pd->dir)
1284 else if (r->proto && r->proto != pd->proto)
1287 (struct pf_addr *)&pd->src, AF_INET6,
1288 r->src.neg, pd->kif, M_GETFIB(pd->m)))
1291 (struct pf_addr *)&pd->dst, AF_INET6,
1292 r->dst.neg, NULL, M_GETFIB(pd->m)))
1305 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1);
1306 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len);
1308 pf_rule_to_actions(r, &pd->act);
1311 if (!pf_pull_hdr(pd->m, off, &frag, sizeof(frag), NULL, reason, AF_INET6))
1317 if (pd->virtual_proto == PF_VPROTO_FRAGMENT) {
1320 if (pf_reassemble6(&pd->m, &frag, off, pd->extoff, reason) != PF_PASS)
1322 if (pd->m == NULL)
1324 h = mtod(pd->m, struct ip6_hdr *);
1325 pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr);
1333 pf_normalize_tcp(struct pf_pdesc *pd)
1336 struct tcphdr *th = &pd->hdr.tcp;
1340 sa_family_t af = pd->af;
1351 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot)
1353 else if (r->direction && r->direction != pd->dir)
1357 else if (r->proto && r->proto != pd->proto)
1359 else if (PF_MISMATCHAW(&r->src.addr, pd->src, af,
1360 r->src.neg, pd->kif, M_GETFIB(pd->m)))
1365 else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af,
1366 r->dst.neg, NULL, M_GETFIB(pd->m)))
1372 pf_osfp_fingerprint(pd, th),
1388 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1);
1389 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len);
1391 pf_rule_to_actions(rm, &pd->act);
1395 pd->flags |= PFDESC_TCP_NORM;
1431 th->th_sum = pf_proto_cksum_fixup(pd->m, th->th_sum, ov, nv, 0);
1437 th->th_sum = pf_proto_cksum_fixup(pd->m, th->th_sum, th->th_urp,
1445 m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th);
1452 PFLOG_PACKET(PF_DROP, reason, r, NULL, NULL, pd, 1);
1457 pf_normalize_tcp_init(struct pf_pdesc *pd, struct tcphdr *th,
1471 switch (pd->af) {
1474 struct ip *h = mtod(pd->m, struct ip *);
1481 struct ip6_hdr *h = mtod(pd->m, struct ip6_hdr *);
1496 pf_pull_hdr(pd->m, pd->off, hdr, th->th_off << 2, NULL, NULL, pd->af)) {
1547 pf_normalize_sctp_init(struct pf_pdesc *pd, struct pf_state_peer *src,
1560 dst->scrub->pfss_v_tag = pd->sctp_initiate_tag;
1566 pf_normalize_tcp_stateful(struct pf_pdesc *pd,
1587 switch (pd->af) {
1591 struct ip *h = mtod(pd->m, struct ip *);
1602 struct ip6_hdr *h = mtod(pd->m, struct ip6_hdr *);
1615 pf_pull_hdr(pd->m, pd->off, hdr, th->th_off << 2, NULL, NULL, pd->af)) {
1651 pf_patch_32_unaligned(pd->m,
1669 pf_patch_32_unaligned(pd->m,
1689 m_copyback(pd->m, pd->off + sizeof(struct tcphdr),
1854 || pd->p_len > 0 || (tcp_get_flags(th) & TH_SYN)) &&
1884 if (pd->p_len > 0 && (src->scrub->pfss_flags & PFSS_DATA_TS)) {
1909 if (pd->p_len > 0 && src->scrub && (src->scrub->pfss_flags &
1961 pf_normalize_mss(struct pf_pdesc *pd)
1963 struct tcphdr *th = &pd->hdr.tcp;
1974 if (cnt > 0 && !pf_pull_hdr(pd->m, pd->off + sizeof(*th), opts, cnt,
1975 NULL, NULL, pd->af))
1995 if ((ntohs(*mss)) > pd->act.max_mss) {
1996 pf_patch_16_unaligned(pd->m,
1998 mss, htons(pd->act.max_mss),
2001 m_copyback(pd->m, pd->off + sizeof(*th),
2003 m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th);
2015 pf_scan_sctp(struct pf_pdesc *pd)
2022 while (pd->off + chunk_off < pd->tot_len) {
2023 if (!pf_pull_hdr(pd->m, pd->off + chunk_off, &ch, sizeof(ch), NULL,
2024 NULL, pd->af))
2039 if (!pf_pull_hdr(pd->m, pd->off + chunk_start, &init,
2040 sizeof(init), NULL, NULL, pd->af))
2061 pd->hdr.sctp.v_tag != 0)
2064 pd->sctp_initiate_tag = init.init.initiate_tag;
2067 pd->sctp_flags |= PFDESC_SCTP_INIT;
2069 pd->sctp_flags |= PFDESC_SCTP_INIT_ACK;
2071 ret = pf_multihome_scan_init(pd->off + chunk_start,
2072 ntohs(init.ch.chunk_length), pd);
2079 pd->sctp_flags |= PFDESC_SCTP_ABORT;
2083 pd->sctp_flags |= PFDESC_SCTP_SHUTDOWN;
2086 pd->sctp_flags |= PFDESC_SCTP_SHUTDOWN_COMPLETE;
2089 pd->sctp_flags |= PFDESC_SCTP_COOKIE;
2092 pd->sctp_flags |= PFDESC_SCTP_COOKIE_ACK;
2095 pd->sctp_flags |= PFDESC_SCTP_DATA;
2098 pd->sctp_flags |= PFDESC_SCTP_HEARTBEAT;
2101 pd->sctp_flags |= PFDESC_SCTP_HEARTBEAT_ACK;
2104 pd->sctp_flags |= PFDESC_SCTP_ASCONF;
2106 ret = pf_multihome_scan_asconf(pd->off + chunk_start,
2107 ntohs(ch.chunk_length), pd);
2112 pd->sctp_flags |= PFDESC_SCTP_OTHER;
2118 if (pd->off + chunk_off != pd->tot_len)
2125 if ((pd->sctp_flags & PFDESC_SCTP_INIT) &&
2126 (pd->sctp_flags & ~PFDESC_SCTP_INIT))
2128 if ((pd->sctp_flags & PFDESC_SCTP_INIT_ACK) &&
2129 (pd->sctp_flags & ~PFDESC_SCTP_INIT_ACK))
2131 if ((pd->sctp_flags & PFDESC_SCTP_SHUTDOWN_COMPLETE) &&
2132 (pd->sctp_flags & ~PFDESC_SCTP_SHUTDOWN_COMPLETE))
2134 if ((pd->sctp_flags & PFDESC_SCTP_ABORT) &&
2135 (pd->sctp_flags & PFDESC_SCTP_DATA)) {
2147 pf_normalize_sctp(struct pf_pdesc *pd)
2150 struct sctphdr *sh = &pd->hdr.sctp;
2152 sa_family_t af = pd->af;
2163 if (pfi_kkif_match(r->kif, pd->kif) == r->ifnot)
2165 else if (r->direction && r->direction != pd->dir)
2169 else if (r->proto && r->proto != pd->proto)
2171 else if (PF_MISMATCHAW(&r->src.addr, pd->src, af,
2172 r->src.neg, pd->kif, M_GETFIB(pd->m)))
2177 else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af,
2178 r->dst.neg, NULL, M_GETFIB(pd->m)))
2196 pf_counter_u64_add_protected(&r->packets[pd->dir == PF_OUT], 1);
2197 pf_counter_u64_add_protected(&r->bytes[pd->dir == PF_OUT], pd->tot_len);
2202 if ((pd->tot_len - pd->off - sizeof(struct sctphdr)) % 4)
2206 if (pd->sctp_flags & PFDESC_SCTP_INIT)
2207 if (pd->sctp_flags & ~PFDESC_SCTP_INIT)
2215 PFLOG_PACKET(PF_DROP, reason, r, NULL, NULL, pd,
2223 pf_scrub(struct pf_pdesc *pd)
2226 struct ip *h = mtod(pd->m, struct ip *);
2228 struct ip6_hdr *h6 = mtod(pd->m, struct ip6_hdr *);
2232 if (pd->af == AF_INET && pd->act.flags & PFSTATE_NODF &&
2242 if (pd->af == AF_INET && pd->act.min_ttl &&
2243 h->ip_ttl < pd->act.min_ttl) {
2246 h->ip_ttl = pd->act.min_ttl;
2251 if (pd->af == AF_INET6 && pd->act.min_ttl &&
2252 h6->ip6_hlim < pd->act.min_ttl)
2253 h6->ip6_hlim = pd->act.min_ttl;
2256 if (pd->act.flags & PFSTATE_SETTOS) {
2257 switch (pd->af) {
2262 h->ip_tos = pd->act.set_tos | (h->ip_tos & IPTOS_ECN_MASK);
2271 h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6)) << 20);
2279 if (pd->af == AF_INET &&
2280 pd->act.flags & PFSTATE_RANDOMID && !(h->ip_off & ~htons(IP_DF))) {