2 * Copyright (C) 1995-1998 by Darren Reed.
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
9 static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
10 /*static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.3.2.9 1999/10/21 14:31:09 darrenr Exp $";*/
11 static const char rcsid[] = "@(#)$FreeBSD$";
14 #include <sys/errno.h>
15 #include <sys/types.h>
16 #include <sys/param.h>
18 #if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
20 # include "opt_ipfilter_log.h"
22 #if !defined(_KERNEL) && !defined(KERNEL) && !defined(__KERNEL__)
28 # include <linux/kernel.h>
29 # include <linux/module.h>
32 #if defined(KERNEL) && (__FreeBSD_version >= 220000)
33 # include <sys/filio.h>
34 # include <sys/fcntl.h>
35 # if (__FreeBSD_version >= 300000) && !defined(IPFILTER_LKM)
36 # include "opt_ipfilter.h"
39 # include <sys/ioctl.h>
44 # include <sys/protosw.h>
46 #include <sys/socket.h>
47 #if defined(_KERNEL) && !defined(linux)
48 # include <sys/systm.h>
50 #if !defined(__SVR4) && !defined(__svr4__)
52 # include <sys/mbuf.h>
55 # include <sys/filio.h>
56 # include <sys/byteorder.h>
58 # include <sys/dditypes.h>
60 # include <sys/stream.h>
61 # include <sys/kmem.h>
68 #include <net/route.h>
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/tcp.h>
74 # include <netinet/ip_var.h>
75 # include <netinet/tcp_fsm.h>
77 #include <netinet/udp.h>
78 #include <netinet/ip_icmp.h>
79 #include "netinet/ip_compat.h"
80 #include <netinet/tcpip.h>
81 #include "netinet/ip_fil.h"
82 #include "netinet/ip_nat.h"
83 #include "netinet/ip_frag.h"
84 #include "netinet/ip_proxy.h"
85 #include "netinet/ip_state.h"
86 #if (__FreeBSD_version >= 300000)
87 # include <sys/malloc.h>
88 # if (defined(_KERNEL) || defined(KERNEL)) && !defined(IPFILTER_LKM)
89 # include <sys/libkern.h>
90 # include <sys/systm.h>
95 # define MIN(a,b) (((a)<(b))?(a):(b))
98 #define TCP_CLOSE (TH_FIN|TH_RST)
100 static ipstate_t **ips_table = NULL;
101 static int ips_num = 0;
102 static ips_stat_t ips_stats;
103 #if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
104 extern KRWLOCK_T ipf_state, ipf_mutex;
105 extern kmutex_t ipf_rw;
108 static int fr_matchsrcdst __P((ipstate_t *, struct in_addr, struct in_addr,
109 fr_info_t *, tcphdr_t *));
110 static frentry_t *fr_checkicmpmatchingstate __P((ip_t *, fr_info_t *));
111 static int fr_state_flush __P((int));
112 static ips_stat_t *fr_statetstats __P((void));
113 static void fr_delstate __P((ipstate_t *));
116 #define FIVE_DAYS (2 * 5 * 86400) /* 5 days: half closed session */
118 #define TCP_MSL 240 /* 2 minutes */
119 u_long fr_tcpidletimeout = FIVE_DAYS,
120 fr_tcpclosewait = 2 * TCP_MSL,
121 fr_tcplastack = 2 * TCP_MSL,
122 fr_tcptimeout = 2 * TCP_MSL,
125 fr_icmptimeout = 120;
126 int fr_statemax = IPSTATE_MAX,
127 fr_statesize = IPSTATE_SIZE;
128 int fr_state_doflush = 0;
133 KMALLOCS(ips_table, ipstate_t **, fr_statesize * sizeof(ipstate_t *));
134 if (ips_table != NULL)
135 bzero((char *)ips_table, fr_statesize * sizeof(ipstate_t *));
142 static ips_stat_t *fr_statetstats()
144 ips_stats.iss_active = ips_num;
145 ips_stats.iss_table = ips_table;
151 * flush state tables. two actions currently defined:
152 * which == 0 : flush all state table entries
153 * which == 1 : flush TCP connections which have started to close but are
154 * stuck for some reason.
156 static int fr_state_flush(which)
160 register ipstate_t *is, **isp;
161 #if defined(_KERNEL) && !SOLARIS
164 int delete, removed = 0;
167 WRITE_ENTER(&ipf_state);
168 for (i = fr_statesize - 1; i >= 0; i--)
169 for (isp = &ips_table[i]; (is = *isp); ) {
178 if ((is->is_p == IPPROTO_TCP) &&
179 (((is->is_state[0] <= TCPS_ESTABLISHED) &&
180 (is->is_state[1] > TCPS_ESTABLISHED)) ||
181 ((is->is_state[1] <= TCPS_ESTABLISHED) &&
182 (is->is_state[0] > TCPS_ESTABLISHED))))
189 if (is->is_p == IPPROTO_TCP)
192 ips_stats.iss_expire++;
193 if (ips_table[i] == NULL)
194 ips_stats.iss_inuse--;
196 ipstate_log(is, ISL_FLUSH);
204 if (fr_state_doflush) {
205 (void) fr_state_flush(1);
206 fr_state_doflush = 0;
208 RWLOCK_EXIT(&ipf_state);
214 int fr_state_ioctl(data, cmd, mode)
216 #if defined(__NetBSD__) || defined(__OpenBSD__)
223 int arg, ret, error = 0;
228 IRCOPY(data, (caddr_t)&arg, sizeof(arg));
229 if (arg == 0 || arg == 1) {
230 ret = fr_state_flush(arg);
231 IWCOPY((caddr_t)&ret, data, sizeof(ret));
236 IWCOPY((caddr_t)fr_statetstats(), data, sizeof(ips_stat_t));
240 IWCOPY((caddr_t)&iplused[IPL_LOGSTATE], (caddr_t)data,
241 sizeof(iplused[IPL_LOGSTATE]));
253 * Create a new ipstate structure and hang it off the hash table.
255 ipstate_t *fr_addstate(ip, fin, flags)
260 register ipstate_t *is;
265 if ((ip->ip_off & IP_OFFMASK) || (fin->fin_fi.fi_fl & FI_SHORT))
267 if (ips_num == fr_statemax) {
269 fr_state_doflush = 1;
273 bzero((char *)is, sizeof(*is));
278 * Copy and calculate...
280 hv = (is->is_p = ip->ip_p);
281 hv += (is->is_src.s_addr = ip->ip_src.s_addr);
282 hv += (is->is_dst.s_addr = ip->ip_dst.s_addr);
288 struct icmp *ic = (struct icmp *)fin->fin_dp;
290 switch (ic->icmp_type)
293 is->is_icmp.ics_type = ICMP_ECHOREPLY; /* XXX */
294 hv += (is->is_icmp.ics_id = ic->icmp_id);
295 hv += (is->is_icmp.ics_seq = ic->icmp_seq);
300 is->is_icmp.ics_type = ic->icmp_type + 1;
305 ATOMIC_INC(ips_stats.iss_icmp);
306 is->is_age = fr_icmptimeout;
311 register tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
314 * The endian of the ports doesn't matter, but the ack and
315 * sequence numbers do as we do mathematics on them later.
317 is->is_dport = tcp->th_dport;
318 is->is_sport = tcp->th_sport;
319 if ((flags & (FI_W_DPORT|FI_W_SPORT)) == 0) {
323 if (tcp->th_seq != 0) {
324 is->is_send = ntohl(tcp->th_seq) + ip->ip_len -
325 fin->fin_hlen - (tcp->th_off << 2) +
326 ((tcp->th_flags & TH_SYN) ? 1 : 0) +
327 ((tcp->th_flags & TH_FIN) ? 1 : 0);
328 is->is_maxsend = is->is_send + 1;
331 is->is_maxswin = ntohs(tcp->th_win);
332 if (is->is_maxswin == 0)
335 * If we're creating state for a starting connection, start the
336 * timer on it as we'll never see an error if it fails to
339 MUTEX_ENTER(&ipf_rw);
341 fr_tcp_age(&is->is_age, is->is_state, ip, fin,
342 tcp->th_sport == is->is_sport);
348 register tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
350 if ((flags & (FI_W_DPORT|FI_W_SPORT)) == 0) {
351 hv += (is->is_dport = tcp->th_dport);
352 hv += (is->is_sport = tcp->th_sport);
354 ATOMIC_INC(ips_stats.iss_udp);
355 is->is_age = fr_udptimeout;
362 KMALLOC(is, ipstate_t *);
364 ATOMIC_INC(ips_stats.iss_nomem);
367 bcopy((char *)&ips, (char *)is, sizeof(*is));
369 RW_UPGRADE(&ipf_mutex);
370 is->is_rule = fin->fin_fr;
371 if (is->is_rule != NULL) {
372 is->is_rule->fr_ref++;
373 pass = is->is_rule->fr_flags;
376 MUTEX_DOWNGRADE(&ipf_mutex);
377 WRITE_ENTER(&ipf_state);
379 is->is_rout = pass & FR_OUTQUE ? 1 : 0;
382 is->is_bytes = ip->ip_len;
384 * We want to check everything that is a property of this packet,
385 * but we don't (automatically) care about it's fragment status as
388 is->is_opt = fin->fin_fi.fi_optmsk;
389 is->is_optmsk = 0xffffffff;
390 is->is_sec = fin->fin_fi.fi_secmsk;
391 is->is_secmsk = 0xffff;
392 is->is_auth = fin->fin_fi.fi_auth;
393 is->is_authmsk = 0xffff;
394 is->is_flags = fin->fin_fi.fi_fl & FI_CMP;
395 is->is_flags |= FI_CMP << 4;
396 is->is_flags |= flags & (FI_W_DPORT|FI_W_SPORT);
400 is->is_next = ips_table[hv];
402 if (is->is_next == NULL)
403 ips_stats.iss_inuse++;
406 is->is_ifpout = fin->fin_ifp;
408 is->is_ifpin = fin->fin_ifp;
409 is->is_ifpout = NULL;
411 if (pass & FR_LOGFIRST)
412 is->is_pass &= ~(FR_LOGFIRST|FR_LOG);
415 ipstate_log(is, ISL_NEW);
417 RWLOCK_EXIT(&ipf_state);
418 fin->fin_rev = (is->is_dst.s_addr != ip->ip_dst.s_addr);
419 if (fin->fin_fi.fi_fl & FI_FRAG)
420 ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
427 * check to see if a packet with TCP headers fits within the TCP window.
428 * change timeout depending on whether new packet is a SYN-ACK returning for a
429 * SYN or a RST or FIN which indicate time to close up shop.
431 int fr_tcpstate(is, fin, ip, tcp)
432 register ipstate_t *is;
437 register tcp_seq seq, ack, end;
438 register int ackskew;
439 tcpdata_t *fdata, *tdata;
445 * Find difference between last checked packet and this packet.
447 source = (ip->ip_src.s_addr == is->is_src.s_addr);
448 fdata = &is->is_tcp.ts_data[!source];
449 tdata = &is->is_tcp.ts_data[source];
450 seq = ntohl(tcp->th_seq);
451 ack = ntohl(tcp->th_ack);
452 win = ntohs(tcp->th_win);
453 end = seq + ip->ip_len - fin->fin_hlen - (tcp->th_off << 2) +
454 ((tcp->th_flags & TH_SYN) ? 1 : 0) +
455 ((tcp->th_flags & TH_FIN) ? 1 : 0);
457 if (fdata->td_end == 0) {
459 * Must be a (outgoing) SYN-ACK in reply to a SYN.
462 fdata->td_maxwin = 1;
463 fdata->td_maxend = end + 1;
466 if (!(tcp->th_flags & TH_ACK)) { /* Pretend an ack was sent */
469 } else if (((tcp->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) &&
471 /* gross hack to get around certain broken tcp stacks */
476 seq = end = fdata->td_end;
478 maxwin = tdata->td_maxwin;
479 ackskew = tdata->td_end - ack;
481 #define SEQ_GE(a,b) ((int)((a) - (b)) >= 0)
482 #define SEQ_GT(a,b) ((int)((a) - (b)) > 0)
483 if ((SEQ_GE(fdata->td_maxend, end)) &&
484 (SEQ_GE(seq + maxwin, fdata->td_end - maxwin)) &&
485 /* XXX what about big packets */
486 #define MAXACKWINDOW 66000
487 (ackskew >= -MAXACKWINDOW) &&
488 (ackskew <= MAXACKWINDOW)) {
489 /* if ackskew < 0 then this should be due to fragented
490 * packets. There is no way to know the length of the
491 * total packet in advance.
492 * We do know the total length from the fragment cache though.
493 * Note however that there might be more sessions with
494 * exactly the same source and destination paramters in the
495 * state cache (and source and destination is the only stuff
496 * that is saved in the fragment cache). Note further that
497 * some TCP connections in the state cache are hashed with
498 * sport and dport as well which makes it not worthwhile to
500 * Thus, when ackskew is negative but still seems to belong
501 * to this session, we bump up the destinations end value.
506 /* update max window seen */
507 if (fdata->td_maxwin < win)
508 fdata->td_maxwin = win;
509 if (SEQ_GT(end, fdata->td_end))
511 if (SEQ_GE(ack + win, tdata->td_maxend)) {
512 tdata->td_maxend = ack + win;
517 ATOMIC_INC(ips_stats.iss_hits);
519 is->is_bytes += ip->ip_len;
521 * Nearing end of connection, start timeout.
523 MUTEX_ENTER(&ipf_rw);
524 fr_tcp_age(&is->is_age, is->is_state, ip, fin, source);
532 static int fr_matchsrcdst(is, src, dst, fin, tcp)
534 struct in_addr src, dst;
538 int ret = 0, rev, out, flags;
542 rev = fin->fin_rev = (is->is_dst.s_addr != dst.s_addr);
547 flags = is->is_flags;
558 if (is->is_ifpin == ifp)
561 if (is->is_ifpout == NULL || is->is_ifpout == ifp)
566 if (is->is_ifpin == ifp)
569 if (is->is_ifpout == NULL || is->is_ifpout == ifp)
578 if ((is->is_dst.s_addr == dst.s_addr) &&
579 (is->is_src.s_addr == src.s_addr) &&
580 (!tcp || ((sp == is->is_sport || flags & FI_W_SPORT) &&
581 (dp == is->is_dport || flags & FI_W_DPORT)))) {
585 if ((is->is_dst.s_addr == src.s_addr) &&
586 (is->is_src.s_addr == dst.s_addr) &&
587 (!tcp || ((sp == is->is_dport || flags & FI_W_DPORT) &&
588 (dp == is->is_sport || flags & FI_W_SPORT)))) {
596 * Whether or not this should be here, is questionable, but the aim
597 * is to get this out of the main line.
600 flags = is->is_flags & (FI_CMP|(FI_CMP<<4));
602 if (((fin->fin_fi.fi_fl & (flags >> 4)) != (flags & FI_CMP)) ||
603 ((fin->fin_fi.fi_optmsk & is->is_optmsk) != is->is_opt) ||
604 ((fin->fin_fi.fi_secmsk & is->is_secmsk) != is->is_sec) ||
605 ((fin->fin_fi.fi_auth & is->is_authmsk) != is->is_auth))
608 if ((flags & (FI_W_SPORT|FI_W_DPORT))) {
609 if ((flags & FI_W_SPORT) != 0) {
612 is->is_send = htonl(tcp->th_seq);
615 is->is_send = htonl(tcp->th_ack);
617 is->is_maxsend = is->is_send + 1;
618 } else if ((flags & FI_W_DPORT) != 0) {
621 is->is_dend = htonl(tcp->th_ack);
624 is->is_dend = htonl(tcp->th_seq);
626 is->is_maxdend = is->is_dend + 1;
628 is->is_flags &= ~(FI_W_SPORT|FI_W_DPORT);
632 if (out && (out == is->is_rout)) {
640 if (!out && (out != is->is_rout)) {
651 frentry_t *fr_checkicmpmatchingstate(ip, fin)
655 register struct in_addr dst, src;
656 register ipstate_t *is, **isp;
657 register u_short sport, dport;
668 * Does it at least have the return (basic) IP header ?
669 * Only a basic IP header (no options) should be with
670 * an ICMP error header.
672 if ((ip->ip_hl != 5) || (ip->ip_len < ICMPERR_MINPKTLEN))
674 ic = (struct icmp *)((char *)ip + fin->fin_hlen);
675 type = ic->icmp_type;
677 * If it's not an error type, then return
679 if ((type != ICMP_UNREACH) && (type != ICMP_SOURCEQUENCH) &&
680 (type != ICMP_REDIRECT) && (type != ICMP_TIMXCEED) &&
681 (type != ICMP_PARAMPROB))
684 oip = (ip_t *)((char *)fin->fin_dp + ICMPERR_ICMPHLEN);
685 if (ip->ip_len < ICMPERR_MAXPKTLEN + ((oip->ip_hl - 5) << 2))
687 if ((oip->ip_p != IPPROTO_TCP) && (oip->ip_p != IPPROTO_UDP))
690 tcp = (tcphdr_t *)((char *)oip + (oip->ip_hl << 2));
691 dport = tcp->th_dport;
692 sport = tcp->th_sport;
694 hv = (pr = oip->ip_p);
695 hv += (src.s_addr = oip->ip_src.s_addr);
696 hv += (dst.s_addr = oip->ip_dst.s_addr);
701 * we make an fin entry to be able to feed it to
702 * matchsrcdst note that not all fields are encessary
703 * but this is the cleanest way. Note further we fill
704 * in fin_mp such that if someone uses it we'll get
705 * a kernel panic. fr_matchsrcdst does not use this.
707 * watch out here, as ip is in host order and oip in network
708 * order. Any change we make must be undone afterwards.
710 oip->ip_len = ntohs(oip->ip_len);
711 fr_makefrip(oip->ip_hl << 2, oip, &ofin);
712 oip->ip_len = htons(oip->ip_len);
713 ofin.fin_ifp = fin->fin_ifp;
714 ofin.fin_out = !fin->fin_out;
715 ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
716 READ_ENTER(&ipf_state);
717 for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next) {
719 * Only allow this icmp though if the
720 * encapsulated packet was allowed through the
721 * other way around. Note that the minimal amount
722 * of info present does not allow for checking against
723 * tcp internals such as seq and ack numbers.
725 if ((is->is_p == pr) &&
726 fr_matchsrcdst(is, src, dst, &ofin, tcp)) {
728 ips_stats.iss_hits++;
730 * we must swap src and dst here because the icmp
731 * comes the other way around
733 dest = (is->is_dst.s_addr != src.s_addr);
735 is->is_bytes += ip->ip_len;
737 * we deliberately do not touch the timeouts
738 * for the accompanying state table entry.
739 * It remains to be seen if that is correct. XXX
741 RWLOCK_EXIT(&ipf_state);
745 RWLOCK_EXIT(&ipf_state);
750 * Check if a packet has a registered state.
752 frentry_t *fr_checkstate(ip, fin)
756 register struct in_addr dst, src;
757 register ipstate_t *is, **isp;
759 u_int hv, hvm, hlen, tryagain, pass;
764 if ((ip->ip_off & IP_OFFMASK) || (fin->fin_fi.fi_fl & FI_SHORT))
768 hlen = fin->fin_hlen;
769 tcp = (tcphdr_t *)((char *)ip + hlen);
770 ic = (struct icmp *)tcp;
771 hv = (pr = ip->ip_p);
772 hv += (src.s_addr = ip->ip_src.s_addr);
773 hv += (dst.s_addr = ip->ip_dst.s_addr);
776 * Search the hash table for matching packet header info.
784 READ_ENTER(&ipf_state);
785 for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
786 if ((is->is_p == pr) &&
787 (ic->icmp_id == is->is_icmp.ics_id) &&
788 (ic->icmp_seq == is->is_icmp.ics_seq) &&
789 fr_matchsrcdst(is, src, dst, fin, NULL)) {
790 if ((is->is_type == ICMP_ECHOREPLY) &&
791 (ic->icmp_type == ICMP_ECHO))
793 else if (is->is_type != ic->icmp_type)
795 is->is_age = fr_icmptimeout;
800 RWLOCK_EXIT(&ipf_state);
802 * No matching icmp state entry. Perhaps this is a
803 * response to another state entry.
805 fr = fr_checkicmpmatchingstate(ip, fin);
811 register u_short dport = tcp->th_dport, sport = tcp->th_sport;
815 hvm = hv % fr_statesize;
816 WRITE_ENTER(&ipf_state);
817 for (isp = &ips_table[hvm]; (is = *isp);
819 if ((is->is_p == pr) &&
820 fr_matchsrcdst(is, src, dst, fin, tcp)) {
821 if (fr_tcpstate(is, fin, ip, tcp)) {
824 if (tcp->th_flags & TCP_CLOSE) {
826 isp = &ips_table[hvm];
827 if (ips_table[hvm] == NULL)
828 ips_stats.iss_inuse--;
840 RWLOCK_EXIT(&ipf_state);
851 register u_short dport = tcp->th_dport, sport = tcp->th_sport;
855 hvm = hv % fr_statesize;
857 * Nothing else to match on but ports. and IP#'s
859 READ_ENTER(&ipf_state);
860 for (is = ips_table[hvm]; is; is = is->is_next)
861 if ((is->is_p == pr) &&
862 fr_matchsrcdst(is, src, dst, fin, tcp)) {
863 is->is_age = fr_udptimeout;
868 RWLOCK_EXIT(&ipf_state);
881 ATOMIC_INC(ips_stats.iss_miss);
884 MUTEX_ENTER(&ipf_rw);
885 is->is_bytes += ip->ip_len;
886 ips_stats.iss_hits++;
892 RWLOCK_EXIT(&ipf_state);
893 if (fin->fin_fi.fi_fl & FI_FRAG)
894 ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
899 static void fr_delstate(is)
906 ATOMIC_DEC(fr->fr_ref);
915 * Free memory in use by all state info. kept.
917 void fr_stateunload()
920 register ipstate_t *is, **isp;
922 WRITE_ENTER(&ipf_state);
923 for (i = fr_statesize - 1; i >= 0; i--)
924 for (isp = &ips_table[i]; (is = *isp); ) {
929 ips_stats.iss_inuse = 0;
931 RWLOCK_EXIT(&ipf_state);
932 KFREES(ips_table, fr_statesize * sizeof(ipstate_t *));
938 * Slowly expire held state for thingslike UDP and ICMP. Timeouts are set
939 * in expectation of this being called twice per second.
941 void fr_timeoutstate()
944 register ipstate_t *is, **isp;
945 #if defined(_KERNEL) && !SOLARIS
950 WRITE_ENTER(&ipf_state);
951 for (i = fr_statesize - 1; i >= 0; i--)
952 for (isp = &ips_table[i]; (is = *isp); )
953 if (is->is_age && !--is->is_age) {
955 if (is->is_p == IPPROTO_TCP)
958 ips_stats.iss_expire++;
959 if (ips_table[i] == NULL)
960 ips_stats.iss_inuse--;
962 ipstate_log(is, ISL_EXPIRE);
968 RWLOCK_EXIT(&ipf_state);
974 * Original idea freom Pradeep Krishnan for use primarily with NAT code.
975 * (pkrishna@netcom.com)
977 void fr_tcp_age(age, state, ip, fin, dir)
984 tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
985 u_char flags = tcp->th_flags;
988 ostate = state[1 - dir];
990 dlen = ip->ip_len - fin->fin_hlen - (tcp->th_off << 2);
992 if (flags & TH_RST) {
993 if (!(tcp->th_flags & TH_PUSH) && !dlen) {
995 state[dir] = TCPS_CLOSED;
997 *age = fr_tcpclosewait;
998 state[dir] = TCPS_CLOSE_WAIT;
1003 *age = fr_tcptimeout; /* 1 min */
1008 if ((flags & (TH_FIN|TH_SYN|TH_RST|TH_ACK)) == TH_ACK) {
1009 state[dir] = TCPS_ESTABLISHED;
1010 *age = fr_tcpidletimeout;
1012 case TCPS_FIN_WAIT_2:
1013 if ((flags & TH_OPENING) == TH_OPENING)
1014 state[dir] = TCPS_SYN_RECEIVED;
1015 else if (flags & TH_SYN)
1016 state[dir] = TCPS_SYN_SENT;
1018 case TCPS_SYN_RECEIVED:
1020 if ((flags & (TH_FIN|TH_ACK)) == TH_ACK) {
1021 state[dir] = TCPS_ESTABLISHED;
1022 *age = fr_tcpidletimeout;
1023 } else if ((flags & (TH_FIN|TH_ACK)) == (TH_FIN|TH_ACK)) {
1024 state[dir] = TCPS_CLOSE_WAIT;
1025 if (!(flags & TH_PUSH) && !dlen &&
1026 ostate > TCPS_ESTABLISHED)
1027 *age = fr_tcplastack;
1029 *age = fr_tcpclosewait;
1032 case TCPS_ESTABLISHED:
1033 if (flags & TH_FIN) {
1034 state[dir] = TCPS_CLOSE_WAIT;
1035 if (!(flags & TH_PUSH) && !dlen &&
1036 ostate > TCPS_ESTABLISHED)
1037 *age = fr_tcplastack;
1039 *age = fr_tcpclosewait;
1041 if (ostate < TCPS_CLOSE_WAIT)
1042 *age = fr_tcpidletimeout;
1045 case TCPS_CLOSE_WAIT:
1046 if ((flags & TH_FIN) && !(flags & TH_PUSH) && !dlen &&
1047 ostate > TCPS_ESTABLISHED) {
1048 *age = fr_tcplastack;
1049 state[dir] = TCPS_LAST_ACK;
1051 *age = fr_tcpclosewait;
1054 if (flags & TH_ACK) {
1055 state[dir] = TCPS_FIN_WAIT_2;
1056 if (!(flags & TH_PUSH) && !dlen &&
1057 ostate > TCPS_ESTABLISHED)
1058 *age = fr_tcplastack;
1060 *age = fr_tcpclosewait;
1061 state[dir] = TCPS_CLOSE_WAIT;
1070 void ipstate_log(is, type)
1079 ipsl.isl_type = type;
1080 ipsl.isl_pkts = is->is_pkts;
1081 ipsl.isl_bytes = is->is_bytes;
1082 ipsl.isl_src = is->is_src;
1083 ipsl.isl_dst = is->is_dst;
1084 ipsl.isl_p = is->is_p;
1085 ipsl.isl_flags = is->is_flags;
1086 if (ipsl.isl_p == IPPROTO_TCP || ipsl.isl_p == IPPROTO_UDP) {
1087 ipsl.isl_sport = is->is_sport;
1088 ipsl.isl_dport = is->is_dport;
1089 if (ipsl.isl_p == IPPROTO_TCP) {
1090 ipsl.isl_state[0] = is->is_state[0];
1091 ipsl.isl_state[1] = is->is_state[1];
1093 } else if (ipsl.isl_p == IPPROTO_ICMP)
1094 ipsl.isl_itype = is->is_icmp.ics_type;
1096 ipsl.isl_ps.isl_filler[0] = 0;
1097 ipsl.isl_ps.isl_filler[1] = 0;
1100 sizes[0] = sizeof(ipsl);
1103 (void) ipllog(IPL_LOGSTATE, NULL, items, sizes, types, 1);
projects / FreeBSD / FreeBSD.git / blob