Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf.c
| Show First 20 Lines • Show All 494 Lines • ▼ Show 20 Lines | |||||
| static __inline void | static __inline void | ||||
| pf_set_protostate(struct pf_kstate *s, int which, u_int8_t newstate) | pf_set_protostate(struct pf_kstate *s, int which, u_int8_t newstate) | ||||
| { | { | ||||
| if (which == PF_PEER_DST || which == PF_PEER_BOTH) | if (which == PF_PEER_DST || which == PF_PEER_BOTH) | ||||
| s->dst.state = newstate; | s->dst.state = newstate; | ||||
| if (which == PF_PEER_DST) | if (which == PF_PEER_DST) | ||||
| return; | return; | ||||
| if (s->src.state == newstate) | |||||
| return; | |||||
| if (s->creatorid == V_pf_status.hostid && | |||||
| s->key[PF_SK_STACK] != NULL && | |||||
| s->key[PF_SK_STACK]->proto == IPPROTO_TCP && | |||||
| !(TCPS_HAVEESTABLISHED(s->src.state) || | |||||
| s->src.state == TCPS_CLOSED) && | |||||
| (TCPS_HAVEESTABLISHED(newstate) || newstate == TCPS_CLOSED)) | |||||
| atomic_add_32(&V_pf_status.states_halfopen, -1); | |||||
| s->src.state = newstate; | s->src.state = newstate; | ||||
| } | } | ||||
| #ifdef INET6 | #ifdef INET6 | ||||
| void | void | ||||
| pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) | pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) | ||||
| { | { | ||||
| ▲ Show 20 Lines • Show All 1,415 Lines • ▼ Show 20 Lines | pf_unlink_state(struct pf_kstate *s, u_int flags) | ||||
| if (V_pfsync_delete_state_ptr != NULL) | if (V_pfsync_delete_state_ptr != NULL) | ||||
| V_pfsync_delete_state_ptr(s); | V_pfsync_delete_state_ptr(s); | ||||
| STATE_DEC_COUNTERS(s); | STATE_DEC_COUNTERS(s); | ||||
| s->timeout = PFTM_UNLINKED; | s->timeout = PFTM_UNLINKED; | ||||
| /* Ensure we remove it from the list of halfopen states, if needed. */ | |||||
| if (s->key[PF_SK_STACK] != NULL && | |||||
| s->key[PF_SK_STACK]->proto == IPPROTO_TCP) | |||||
| pf_set_protostate(s, PF_PEER_BOTH, TCPS_CLOSED); | |||||
| PF_HASHROW_UNLOCK(ih); | PF_HASHROW_UNLOCK(ih); | ||||
| pf_detach_state(s); | pf_detach_state(s); | ||||
| /* pf_state_insert() initialises refs to 2 */ | /* pf_state_insert() initialises refs to 2 */ | ||||
| return (pf_release_staten(s, 2)); | return (pf_release_staten(s, 2)); | ||||
| } | } | ||||
| struct pf_kstate * | struct pf_kstate * | ||||
| ▲ Show 20 Lines • Show All 2,088 Lines • ▼ Show 20 Lines | case IPPROTO_TCP: | ||||
| } | } | ||||
| if (th->th_flags & TH_FIN) | if (th->th_flags & TH_FIN) | ||||
| s->src.seqhi++; | s->src.seqhi++; | ||||
| s->dst.seqhi = 1; | s->dst.seqhi = 1; | ||||
| s->dst.max_win = 1; | s->dst.max_win = 1; | ||||
| pf_set_protostate(s, PF_PEER_SRC, TCPS_SYN_SENT); | pf_set_protostate(s, PF_PEER_SRC, TCPS_SYN_SENT); | ||||
| pf_set_protostate(s, PF_PEER_DST, TCPS_CLOSED); | pf_set_protostate(s, PF_PEER_DST, TCPS_CLOSED); | ||||
| s->timeout = PFTM_TCP_FIRST_PACKET; | s->timeout = PFTM_TCP_FIRST_PACKET; | ||||
| atomic_add_32(&V_pf_status.states_halfopen, 1); | |||||
| break; | break; | ||||
| case IPPROTO_UDP: | case IPPROTO_UDP: | ||||
| pf_set_protostate(s, PF_PEER_SRC, PFUDPS_SINGLE); | pf_set_protostate(s, PF_PEER_SRC, PFUDPS_SINGLE); | ||||
| pf_set_protostate(s, PF_PEER_DST, PFUDPS_NO_TRAFFIC); | pf_set_protostate(s, PF_PEER_DST, PFUDPS_NO_TRAFFIC); | ||||
| s->timeout = PFTM_UDP_FIRST_PACKET; | s->timeout = PFTM_UDP_FIRST_PACKET; | ||||
| break; | break; | ||||
| case IPPROTO_ICMP: | case IPPROTO_ICMP: | ||||
| #ifdef INET6 | #ifdef INET6 | ||||
| ▲ Show 20 Lines • Show All 3,219 Lines • Show Last 20 Lines | |||||