Lines Matching refs:sk
434 #define STATE_ADDR_TRANSLATE(sk) \ argument
435 (sk)->lan.addr.addr32[0] != (sk)->gwy.addr.addr32[0] || \
436 ((sk)->af_lan == AF_INET6 && \
437 ((sk)->lan.addr.addr32[1] != (sk)->gwy.addr.addr32[1] || \
438 (sk)->lan.addr.addr32[2] != (sk)->gwy.addr.addr32[2] || \
439 (sk)->lan.addr.addr32[3] != (sk)->gwy.addr.addr32[3]))
441 #define STATE_TRANSLATE(sk) \ argument
442 ((sk)->af_lan != (sk)->af_gwy || \
443 STATE_ADDR_TRANSLATE(sk) || \
444 (sk)->lan.xport.port != (sk)->gwy.xport.port)
446 #define STATE_GRE_TRANSLATE(sk) \ argument
447 (STATE_ADDR_TRANSLATE(sk) || \
448 (sk)->lan.xport.call_id != (sk)->gwy.xport.call_id)
1097 struct pf_state_key *sk = NULL; in pf_find_state() local
1104 sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, in pf_find_state()
1108 sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, in pf_find_state()
1114 if (sk == NULL) { in pf_find_state()
1115 sk = RB_FIND(pf_state_tree_lan_ext, in pf_find_state()
1118 if (sk && sk->af_lan == sk->af_gwy) { in pf_find_state()
1119 sk = NULL; in pf_find_state()
1128 if (sk != NULL) { in pf_find_state()
1129 TAILQ_FOREACH(s, &sk->states, next) in pf_find_state()
1141 struct pf_state_key *sk = NULL; in pf_find_state_all() local
1148 sk = RB_FIND(pf_state_tree_lan_ext, in pf_find_state_all()
1152 sk = RB_FIND(pf_state_tree_ext_gwy, in pf_find_state_all()
1158 if ((sk == NULL) && pf_nat64_configured) { in pf_find_state_all()
1159 sk = RB_FIND(pf_state_tree_lan_ext, in pf_find_state_all()
1162 if (sk && sk->af_lan == sk->af_gwy) { in pf_find_state_all()
1163 sk = NULL; in pf_find_state_all()
1171 if (sk != NULL) { in pf_find_state_all()
1172 ret = TAILQ_FIRST(&sk->states); in pf_find_state_all()
1177 TAILQ_FOREACH(s, &sk->states, next) in pf_find_state_all()
1272 struct pf_state_key *sk; in pf_src_connlimit() local
1277 sk = st->state_key; in pf_src_connlimit()
1283 if (sk->af_lan == in pf_src_connlimit()
1288 &sk->lan.addr, sk->af_lan)) || in pf_src_connlimit()
1291 &sk->ext_lan.addr, sk->af_lan))) && in pf_src_connlimit()
1388 struct pf_state_key *sk = s->state_key; in pf_stateins_err() local
1392 switch (sk->proto) { in pf_stateins_err()
1406 printf("PROTO=%u", sk->proto); in pf_stateins_err()
1410 pf_print_sk_host(&sk->lan, sk->af_lan, sk->proto, in pf_stateins_err()
1411 sk->proto_variant); in pf_stateins_err()
1413 pf_print_sk_host(&sk->gwy, sk->af_gwy, sk->proto, in pf_stateins_err()
1414 sk->proto_variant); in pf_stateins_err()
1416 pf_print_sk_host(&sk->ext_lan, sk->af_lan, sk->proto, in pf_stateins_err()
1417 sk->proto_variant); in pf_stateins_err()
1419 pf_print_sk_host(&sk->ext_gwy, sk->af_gwy, sk->proto, in pf_stateins_err()
1420 sk->proto_variant); in pf_stateins_err()
1915 struct pf_state_key *sk = s->state_key; in pf_print_state() local
1916 switch (sk->proto) { in pf_print_state()
1921 printf("GRE%u ", sk->proto_variant); in pf_print_state()
1936 printf("%u ", sk->proto); in pf_print_state()
1939 pf_print_sk_host(&sk->lan, sk->af_lan, sk->proto, sk->proto_variant); in pf_print_state()
1941 pf_print_sk_host(&sk->gwy, sk->af_gwy, sk->proto, sk->proto_variant); in pf_print_state()
1943 pf_print_sk_host(&sk->ext_lan, sk->af_lan, sk->proto, in pf_print_state()
1944 sk->proto_variant); in pf_print_state()
1946 pf_print_sk_host(&sk->ext_gwy, sk->af_gwy, sk->proto, in pf_print_state()
1947 sk->proto_variant); in pf_print_state()
2093 pf_calc_state_key_flowhash(struct pf_state_key *sk) in pf_calc_state_key_flowhash() argument
2099 if (PF_ALEQ(&sk->lan.addr, &sk->ext_lan.addr, sk->af_lan)) { in pf_calc_state_key_flowhash()
2100 bcopy(&sk->lan.addr, &fh.ap1.addr, sizeof(fh.ap1.addr)); in pf_calc_state_key_flowhash()
2101 bcopy(&sk->ext_lan.addr, &fh.ap2.addr, sizeof(fh.ap2.addr)); in pf_calc_state_key_flowhash()
2103 bcopy(&sk->ext_lan.addr, &fh.ap1.addr, sizeof(fh.ap1.addr)); in pf_calc_state_key_flowhash()
2104 bcopy(&sk->lan.addr, &fh.ap2.addr, sizeof(fh.ap2.addr)); in pf_calc_state_key_flowhash()
2106 if (sk->lan.xport.spi <= sk->ext_lan.xport.spi) { in pf_calc_state_key_flowhash()
2107 fh.ap1.xport.spi = sk->lan.xport.spi; in pf_calc_state_key_flowhash()
2108 fh.ap2.xport.spi = sk->ext_lan.xport.spi; in pf_calc_state_key_flowhash()
2110 fh.ap1.xport.spi = sk->ext_lan.xport.spi; in pf_calc_state_key_flowhash()
2111 fh.ap2.xport.spi = sk->lan.xport.spi; in pf_calc_state_key_flowhash()
2113 fh.af = sk->af_lan; in pf_calc_state_key_flowhash()
2114 fh.proto = sk->proto; in pf_calc_state_key_flowhash()
3468 struct pf_state_key *sk = s->state_key; in pf_get_sport() local
3469 if (!sk) { in pf_get_sport()
3475 if (sk->proto != IPPROTO_UDP || in pf_get_sport()
3476 sk->af_lan != af) { in pf_get_sport()
3479 if (sk->lan.xport.port != sxport->port) { in pf_get_sport()
3482 if (PF_ANEQ(&sk->lan.addr, saddr, af)) { in pf_get_sport()
3486 PF_ANEQ(&sk->ext_lan.addr, daddr, af)) { in pf_get_sport()
3497 nxport->port = sk->gwy.xport.port; in pf_get_sport()
3509 struct pf_state_key* sk = s->state_key; in pf_get_sport() local
3510 if (!sk) { in pf_get_sport()
3516 if (sk->proto != IPPROTO_TCP || sk->af_lan != af) { in pf_get_sport()
3519 if (sk->lan.xport.port != sxport->port) { in pf_get_sport()
3522 if (!(PF_AEQ(&sk->lan.addr, saddr, af))) { in pf_get_sport()
3532 nxport->port = sk->gwy.xport.port; in pf_get_sport()
4306 pf_attach_state(struct pf_state_key *sk, struct pf_state *s, int tail) in pf_attach_state() argument
4308 s->state_key = sk; in pf_attach_state()
4309 sk->refcnt++; in pf_attach_state()
4313 TAILQ_INSERT_TAIL(&sk->states, s, next); in pf_attach_state()
4315 TAILQ_INSERT_HEAD(&sk->states, s, next); in pf_attach_state()
4322 struct pf_state_key *sk = s->state_key; in pf_detach_state() local
4324 if (sk == NULL) { in pf_detach_state()
4329 TAILQ_REMOVE(&sk->states, s, next); in pf_detach_state()
4330 if (--sk->refcnt == 0) { in pf_detach_state()
4333 &pf_statetbl_ext_gwy, sk); in pf_detach_state()
4337 &pf_statetbl_lan_ext, sk); in pf_detach_state()
4339 if (sk->app_state) { in pf_detach_state()
4340 pool_put(&pf_app_state_pl, sk->app_state); in pf_detach_state()
4342 pool_put(&pf_state_key_pl, sk); in pf_detach_state()
4349 struct pf_state_key *sk; in pf_alloc_state_key() local
4351 if ((sk = pool_get(&pf_state_key_pl, PR_WAITOK)) == NULL) { in pf_alloc_state_key()
4354 bzero(sk, sizeof(*sk)); in pf_alloc_state_key()
4355 TAILQ_INIT(&sk->states); in pf_alloc_state_key()
4356 pf_attach_state(sk, s, 0); in pf_alloc_state_key()
4360 bcopy(&psk->lan, &sk->lan, sizeof(sk->lan)); in pf_alloc_state_key()
4361 bcopy(&psk->gwy, &sk->gwy, sizeof(sk->gwy)); in pf_alloc_state_key()
4362 bcopy(&psk->ext_lan, &sk->ext_lan, sizeof(sk->ext_lan)); in pf_alloc_state_key()
4363 bcopy(&psk->ext_gwy, &sk->ext_gwy, sizeof(sk->ext_gwy)); in pf_alloc_state_key()
4364 sk->af_lan = psk->af_lan; in pf_alloc_state_key()
4365 sk->af_gwy = psk->af_gwy; in pf_alloc_state_key()
4366 sk->proto = psk->proto; in pf_alloc_state_key()
4367 sk->direction = psk->direction; in pf_alloc_state_key()
4368 sk->proto_variant = psk->proto_variant; in pf_alloc_state_key()
4370 sk->flowsrc = psk->flowsrc; in pf_alloc_state_key()
4371 sk->flowhash = psk->flowhash; in pf_alloc_state_key()
4375 return sk; in pf_alloc_state_key()
5640 struct pf_state_key *sk = NULL; in pf_test_rule() local
5733 if (sk != NULL) { in pf_test_rule()
5734 if (sk->app_state) { in pf_test_rule()
5736 sk->app_state); in pf_test_rule()
5738 pool_put(&pf_state_key_pl, sk); in pf_test_rule()
5866 if ((sk = pf_alloc_state_key(s, &psk)) == NULL) { in pf_test_rule()
5880 if (sk->app_state == 0) { in pf_test_rule()
5884 sk->ext_gwy.xport.port : sk->gwy.xport.port; in pf_test_rule()
5903 sk->app_state = as; in pf_test_rule()
5928 sk->app_state = as; in pf_test_rule()
5964 int ua = (sk->af_lan == sk->af_gwy) ? 1 : 0; in pf_test_rule()
5994 if (sk->app_state && sk->app_state->handler) { in pf_test_rule()
6010 sk->app_state->handler(s, direction, offx, in pf_test_rule()
6472 struct pf_state_key *sk; in pf_pptp_handler() local
6476 sk = s->state_key; in pf_pptp_handler()
6477 pptps = &sk->app_state->u.pptp; in pf_pptp_handler()
6561 memcpy(&gsk->lan, &sk->lan, sizeof(gsk->lan)); in pf_pptp_handler()
6562 memcpy(&gsk->gwy, &sk->gwy, sizeof(gsk->gwy)); in pf_pptp_handler()
6563 memcpy(&gsk->ext_lan, &sk->ext_lan, sizeof(gsk->ext_lan)); in pf_pptp_handler()
6564 memcpy(&gsk->ext_gwy, &sk->ext_gwy, sizeof(gsk->ext_gwy)); in pf_pptp_handler()
6565 gsk->af_lan = sk->af_lan; in pf_pptp_handler()
6566 gsk->af_gwy = sk->af_gwy; in pf_pptp_handler()
6586 switch (sk->direction) { in pf_pptp_handler()
6781 pf_set_rt_ifp(gs, &sk->lan.addr, sk->af_lan); in pf_pptp_handler()
6848 pf_do_nat64(struct pf_state_key *sk, struct pf_pdesc *pd, pbuf_t *pbuf, in pf_do_nat64() argument
6852 if (pd->af != sk->af_lan) { in pf_do_nat64()
6853 pd->ndaddr = sk->lan.addr; in pf_do_nat64()
6854 pd->naddr = sk->ext_lan.addr; in pf_do_nat64()
6856 pd->naddr = sk->gwy.addr; in pf_do_nat64()
6857 pd->ndaddr = sk->ext_gwy.addr; in pf_do_nat64()
6861 if (pd->af != sk->af_lan) { in pf_do_nat64()
6862 pd->ndaddr = sk->lan.addr; in pf_do_nat64()
6863 pd->naddr = sk->ext_lan.addr; in pf_do_nat64()
6865 pd->naddr = sk->gwy.addr; in pf_do_nat64()
6866 pd->ndaddr = sk->ext_gwy.addr; in pf_do_nat64()
6887 struct pf_state_key *sk; in pf_test_state_tcp() local
6918 sk = (*state)->state_key; in pf_test_state_tcp()
6924 if ((direction == sk->direction) && (pd->af == sk->af_lan)) { in pf_test_state_tcp()
6933 if (direction != sk->direction) { in pf_test_state_tcp()
6966 psrc = &sk->gwy; in pf_test_state_tcp()
6967 pdst = &sk->ext_gwy; in pf_test_state_tcp()
6969 psrc = &sk->ext_lan; in pf_test_state_tcp()
6970 pdst = &sk->lan; in pf_test_state_tcp()
6972 if (direction == sk->direction) { in pf_test_state_tcp()
7322 direction == sk->direction ? in pf_test_state_tcp()
7387 direction == sk->direction ? in pf_test_state_tcp()
7405 if (sk->app_state && in pf_test_state_tcp()
7406 sk->app_state->handler) { in pf_test_state_tcp()
7407 sk->app_state->handler(*state, direction, in pf_test_state_tcp()
7417 if (STATE_TRANSLATE(sk)) { in pf_test_state_tcp()
7418 pd->naf = (pd->af == sk->af_lan) ? sk->af_gwy : sk->af_lan; in pf_test_state_tcp()
7422 pd->ip_sum, &th->th_sum, &sk->gwy.addr, in pf_test_state_tcp()
7423 sk->gwy.xport.port, 0, pd->af, pd->naf, 1); in pf_test_state_tcp()
7426 if (pd->af == sk->af_gwy) { in pf_test_state_tcp()
7429 &th->th_sum, &sk->lan.addr, in pf_test_state_tcp()
7430 sk->lan.xport.port, 0, in pf_test_state_tcp()
7435 &th->th_sum, &sk->ext_lan.addr, in pf_test_state_tcp()
7441 &th->th_sum, &sk->ext_gwy.addr, in pf_test_state_tcp()
7447 &th->th_sum, &sk->gwy.addr, in pf_test_state_tcp()
7448 sk->gwy.xport.port, 0, pd->af, in pf_test_state_tcp()
7454 &th->th_sum, &sk->lan.addr, in pf_test_state_tcp()
7455 sk->lan.xport.port, 0, pd->af, in pf_test_state_tcp()
7472 if (sk->af_lan != sk->af_gwy) { in pf_test_state_tcp()
7473 return pf_do_nat64(sk, pd, pbuf, off); in pf_test_state_tcp()
7486 struct pf_state_key *sk; in pf_test_state_udp() local
7578 sk = (*state)->state_key; in pf_test_state_udp()
7585 if ((direction == sk->direction) && (pd->af == sk->af_lan)) { in pf_test_state_udp()
7609 extfilter = sk->proto_variant; in pf_test_state_udp()
7612 sk->ext_lan.xport.port = key.ext_lan.xport.port; in pf_test_state_udp()
7614 PF_ACPY(&sk->ext_lan.addr, &key.ext_lan.addr, in pf_test_state_udp()
7618 sk->ext_gwy.xport.port = key.ext_gwy.xport.port; in pf_test_state_udp()
7620 PF_ACPY(&sk->ext_gwy.addr, &key.ext_gwy.addr, in pf_test_state_udp()
7626 if (sk->app_state && sk->app_state->handler) { in pf_test_state_udp()
7627 sk->app_state->handler(*state, direction, off + uh->uh_ulen, in pf_test_state_udp()
7637 if (STATE_TRANSLATE(sk)) { in pf_test_state_udp()
7643 pd->naf = (pd->af == sk->af_lan) ? sk->af_gwy : sk->af_lan; in pf_test_state_udp()
7647 pd->ip_sum, &uh->uh_sum, &sk->gwy.addr, in pf_test_state_udp()
7648 sk->gwy.xport.port, 1, pd->af, pd->naf, 1); in pf_test_state_udp()
7651 if (pd->af == sk->af_gwy) { in pf_test_state_udp()
7654 &uh->uh_sum, &sk->lan.addr, in pf_test_state_udp()
7655 sk->lan.xport.port, 1, in pf_test_state_udp()
7660 &uh->uh_sum, &sk->ext_lan.addr, in pf_test_state_udp()
7666 &uh->uh_sum, &sk->ext_gwy.addr, in pf_test_state_udp()
7672 &uh->uh_sum, &sk->gwy.addr, in pf_test_state_udp()
7673 sk->gwy.xport.port, 1, pd->af, in pf_test_state_udp()
7679 &uh->uh_sum, &sk->lan.addr, in pf_test_state_udp()
7680 sk->lan.xport.port, 1, in pf_test_state_udp()
7686 if (sk->af_lan != sk->af_gwy) { in pf_test_state_udp()
7687 return pf_do_nat64(sk, pd, pbuf, off); in pf_test_state_udp()
7704 struct pf_state_key *sk; in pf_test_state_icmp() local
7761 sk = (*state)->state_key; in pf_test_state_icmp()
7766 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
7767 pd->naf = (pd->af == sk->af_lan) ? in pf_test_state_icmp()
7768 sk->af_gwy : sk->af_lan; in pf_test_state_icmp()
7775 sk->gwy.addr.v4addr.s_addr, 0); in pf_test_state_icmp()
7779 sk->gwy.xport.port, 0); in pf_test_state_icmp()
7781 sk->gwy.xport.port; in pf_test_state_icmp()
7793 &sk->gwy.addr, 0); in pf_test_state_icmp()
7818 sk->lan.addr.v4addr.s_addr, 0); in pf_test_state_icmp()
7823 icmpid, sk->lan.xport.port, 0); in pf_test_state_icmp()
7826 sk->lan.xport.port; in pf_test_state_icmp()
7835 if (sk->af_lan != sk->af_gwy) { in pf_test_state_icmp()
7836 return pf_do_nat64(sk, pd, in pf_test_state_icmp()
7852 &sk->lan.addr, 0); in pf_test_state_icmp()
7862 if (sk->af_lan != sk->af_gwy) { in pf_test_state_icmp()
7863 return pf_do_nat64(sk, pd, in pf_test_state_icmp()
8015 sk = (*state)->state_key; in pf_test_state_icmp()
8016 if ((direction == sk->direction) && in pf_test_state_icmp()
8017 ((sk->af_lan == sk->af_gwy) || in pf_test_state_icmp()
8018 (pd2.af == sk->af_lan))) { in pf_test_state_icmp()
8057 pd->naf = pd2.naf = (pd2.af == sk->af_lan) ? in pf_test_state_icmp()
8058 sk->af_gwy : sk->af_lan; in pf_test_state_icmp()
8060 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
8062 if (sk->af_lan != sk->af_gwy) { in pf_test_state_icmp()
8065 if (pd2.naf == sk->af_lan) { in pf_test_state_icmp()
8066 saddr2 = &sk->lan; in pf_test_state_icmp()
8067 daddr2 = &sk->ext_lan; in pf_test_state_icmp()
8069 saddr2 = &sk->ext_gwy; in pf_test_state_icmp()
8070 daddr2 = &sk->gwy; in pf_test_state_icmp()
8140 daddr, &sk->lan.addr, in pf_test_state_icmp()
8141 sk->lan.xport.port, NULL, in pf_test_state_icmp()
8146 saddr, &sk->gwy.addr, in pf_test_state_icmp()
8147 sk->gwy.xport.port, NULL, in pf_test_state_icmp()
8265 sk = (*state)->state_key; in pf_test_state_icmp()
8266 pd->naf = pd2.naf = (pd2.af == sk->af_lan) ? in pf_test_state_icmp()
8267 sk->af_gwy : sk->af_lan; in pf_test_state_icmp()
8269 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
8271 if (sk->af_lan != sk->af_gwy) { in pf_test_state_icmp()
8274 if (pd2.naf == sk->af_lan) { in pf_test_state_icmp()
8275 saddr2 = &sk->lan; in pf_test_state_icmp()
8276 daddr2 = &sk->ext_lan; in pf_test_state_icmp()
8278 saddr2 = &sk->ext_gwy; in pf_test_state_icmp()
8279 daddr2 = &sk->gwy; in pf_test_state_icmp()
8349 daddr, &sk->lan.addr, in pf_test_state_icmp()
8350 sk->lan.xport.port, &uh.uh_sum, in pf_test_state_icmp()
8355 saddr, &sk->gwy.addr, in pf_test_state_icmp()
8356 sk->gwy.xport.port, &uh.uh_sum, in pf_test_state_icmp()
8415 sk = (*state)->state_key; in pf_test_state_icmp()
8416 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
8419 daddr, &sk->lan.addr, in pf_test_state_icmp()
8420 sk->lan.xport.port, NULL, in pf_test_state_icmp()
8425 saddr, &sk->gwy.addr, in pf_test_state_icmp()
8426 sk->gwy.xport.port, NULL, in pf_test_state_icmp()
8471 sk = (*state)->state_key; in pf_test_state_icmp()
8472 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
8475 daddr, &sk->lan.addr, in pf_test_state_icmp()
8476 sk->lan.xport.port, NULL, in pf_test_state_icmp()
8481 saddr, &sk->gwy.addr, in pf_test_state_icmp()
8482 sk->gwy.xport.port, NULL, in pf_test_state_icmp()
8518 sk = (*state)->state_key; in pf_test_state_icmp()
8519 if (STATE_TRANSLATE(sk)) { in pf_test_state_icmp()
8522 &sk->lan.addr, 0, NULL, in pf_test_state_icmp()
8527 &sk->gwy.addr, 0, NULL, in pf_test_state_icmp()
8713 struct pf_state_key *sk = s->state_key; in pf_test_state_esp() local
8716 &pf_statetbl_ext_gwy, sk); in pf_test_state_esp()
8717 sk->lan.xport.spi = sk->gwy.xport.spi = in pf_test_state_esp()
8721 &pf_statetbl_ext_gwy, sk)) { in pf_test_state_esp()
8732 struct pf_state_key *sk = s->state_key; in pf_test_state_esp() local
8735 &pf_statetbl_lan_ext, sk); in pf_test_state_esp()
8736 sk->ext_lan.xport.spi = esp->spi; in pf_test_state_esp()
8739 &pf_statetbl_lan_ext, sk)) { in pf_test_state_esp()
9541 struct pf_state_key *sk = NULL; in pf_test() local
10006 sk = s->state_key; in pf_test()
10019 dirndx = (dir == sk->direction) ? 0 : 1; in pf_test()
10034 x = (sk == NULL || sk->direction == dir) ? in pf_test()
10037 x = (sk == NULL || sk->direction == dir) ? in pf_test()
10050 pfr_update_stats(tr->src.addr.p.tbl, (sk == NULL || in pf_test()
10051 sk->direction == dir) ? in pf_test()
10057 pfr_update_stats(tr->dst.addr.p.tbl, (sk == NULL || in pf_test()
10058 sk->direction == dir) ? pd.dst : pd.src, pd.af, in pf_test()
10138 struct pf_state_key *sk = NULL; in pf_test6() local
10656 sk = s->state_key; in pf_test6()
10669 dirndx = (dir == sk->direction) ? 0 : 1; in pf_test6()
10684 x = (s == NULL || sk->direction == dir) ? in pf_test6()
10687 x = (s == NULL || sk->direction == dir) ? in pf_test6()
10699 pfr_update_stats(tr->src.addr.p.tbl, (sk == NULL || in pf_test6()
10700 sk->direction == dir) ? pd.src : pd.dst, pd.af, in pf_test6()
10705 pfr_update_stats(tr->dst.addr.p.tbl, (sk == NULL || in pf_test6()
10706 sk->direction == dir) ? pd.dst : pd.src, pd.af, in pf_test6()