diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/inet/ipf/fil.c | 74 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_auth.c | 3 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_frag.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_log.c | 3 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_nat.c | 15 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_state.c | 20 |
6 files changed, 77 insertions, 43 deletions
diff --git a/usr/src/uts/common/inet/ipf/fil.c b/usr/src/uts/common/inet/ipf/fil.c index ec754c4031..2799cc787a 100644 --- a/usr/src/uts/common/inet/ipf/fil.c +++ b/usr/src/uts/common/inet/ipf/fil.c @@ -6010,6 +6010,78 @@ tune_lookup(ipf_stack_t *ifs, char *name) extern dev_info_t *ipf_dev_info; extern int ipf_property_update __P((dev_info_t *, ipf_stack_t *)); #endif + +/* -------------------------------------------------------------------- */ +/* Function: ipftuneable_setdefs() */ +/* Returns: void */ +/* Parameters: ifs - pointer to newly allocated IPF instance */ +/* assigned to IP instance */ +/* */ +/* Function initializes IPF instance variables. Function is invoked */ +/* from ipftuneable_alloc(). ipftuneable_alloc() is called only one */ +/* time during IP instance lifetime - at the time of IP instance */ +/* creation. Anytime IP instance is being created new private IPF */ +/* instance is allocated and assigned to it. The moment of IP */ +/* instance creation is the right time to initialize those IPF */ +/* variables. */ +/* */ +/* -------------------------------------------------------------------- */ +static void ipftuneable_setdefs(ipf_stack_t *ifs) +{ + ifs->ifs_ipfr_size = IPFT_SIZE; + ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */ + + /* it comes from fr_authinit() in IPF auth */ + ifs->ifs_fr_authsize = FR_NUMAUTH; + ifs->ifs_fr_defaultauthage = 600; + + /* it comes from fr_stateinit() in IPF state */ + ifs->ifs_fr_tcpidletimeout = IPF_TTLVAL(3600 * 24 * 5); /* five days */ + ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL); + ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL); + ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL); + ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60); + ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */ + ifs->ifs_fr_udptimeout = IPF_TTLVAL(120); + ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12); + ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60); + ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6); + ifs->ifs_fr_iptimeout = IPF_TTLVAL(60); + ifs->ifs_fr_statemax = IPSTATE_MAX; + ifs->ifs_fr_statesize = IPSTATE_SIZE; + ifs->ifs_fr_state_maxbucket_reset = 1; + + /* it comes from fr_natinit() in ipnat */ + ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ; + ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX; + ifs->ifs_ipf_natrules_sz = NAT_SIZE; + ifs->ifs_ipf_rdrrules_sz = RDR_SIZE; + ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE; + ifs->ifs_fr_nat_maxbucket_reset = 1; + ifs->ifs_fr_defnatage = DEF_NAT_AGE; + ifs->ifs_fr_defnatipage = 120; /* 60 seconds */ + ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */ + +#ifdef IPFILTER_LOG + /* it comes from fr_loginit() in IPF log */ + ifs->ifs_ipl_suppress = 1; + ifs->ifs_ipl_logmax = IPL_LOGMAX; + ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE; + + /* from fr_natinit() */ + ifs->ifs_nat_logging = 1; + + /* from fr_stateinit() */ + ifs->ifs_ipstate_logging = 1; +#else + /* from fr_natinit() */ + ifs->ifs_nat_logging = 0; + + /* from fr_stateinit() */ + ifs->ifs_ipstate_logging = 0; +#endif + +} /* * Allocate a per-stack tuneable and copy in the names. Then * set it to point to each of the per-stack tunables. @@ -6078,6 +6150,8 @@ ipftuneable_alloc(ipf_stack_t *ifs) #endif #undef TUNE_SET + ipftuneable_setdefs(ifs); + #ifdef _KERNEL (void) ipf_property_update(ipf_dev_info, ifs); #endif diff --git a/usr/src/uts/common/inet/ipf/ip_auth.c b/usr/src/uts/common/inet/ipf/ip_auth.c index f733c6b55a..b589fb5734 100644 --- a/usr/src/uts/common/inet/ipf/ip_auth.c +++ b/usr/src/uts/common/inet/ipf/ip_auth.c @@ -140,9 +140,6 @@ int fr_authgeniter __P((ipftoken_t *, ipfgeniter_t *, ipf_stack_t *)); int fr_authinit(ifs) ipf_stack_t *ifs; { - ifs->ifs_fr_authsize = FR_NUMAUTH; - ifs->ifs_fr_defaultauthage = 600; - KMALLOCS(ifs->ifs_fr_auth, frauth_t *, ifs->ifs_fr_authsize * sizeof(*ifs->ifs_fr_auth)); if (ifs->ifs_fr_auth != NULL) diff --git a/usr/src/uts/common/inet/ipf/ip_frag.c b/usr/src/uts/common/inet/ipf/ip_frag.c index 7748b6175c..2d6a2e7709 100644 --- a/usr/src/uts/common/inet/ipf/ip_frag.c +++ b/usr/src/uts/common/inet/ipf/ip_frag.c @@ -126,8 +126,9 @@ ipf_stack_t *ifs; ifs->ifs_ipfr_tail = &ifs->ifs_ipfr_list; ifs->ifs_ipfr_nattail = &ifs->ifs_ipfr_natlist; ifs->ifs_ipfr_ipidtail = &ifs->ifs_ipfr_ipidlist; - ifs->ifs_ipfr_size = IPFT_SIZE; - ifs->ifs_fr_ipfrttl = 120; /* 60 seconds */ + /* the IP frag related variables are set in ipftuneable_setdefs() to + * their default values + */ KMALLOCS(ifs->ifs_ipfr_heads, ipfr_t **, ifs->ifs_ipfr_size * sizeof(ipfr_t *)); diff --git a/usr/src/uts/common/inet/ipf/ip_log.c b/usr/src/uts/common/inet/ipf/ip_log.c index 8f5ed7be9d..57251901aa 100644 --- a/usr/src/uts/common/inet/ipf/ip_log.c +++ b/usr/src/uts/common/inet/ipf/ip_log.c @@ -165,9 +165,6 @@ ipf_stack_t *ifs; { int i; - ifs->ifs_ipl_suppress = 1; - ifs->ifs_ipl_logmax = IPL_LOGMAX; - ifs->ifs_ipl_logsize = IPFILTER_LOGSIZE; for (i = IPL_LOGMAX; i >= 0; i--) { ifs->ifs_iplt[i] = NULL; ifs->ifs_ipll[i] = NULL; diff --git a/usr/src/uts/common/inet/ipf/ip_nat.c b/usr/src/uts/common/inet/ipf/ip_nat.c index 8ea6f48d7a..f96783841e 100644 --- a/usr/src/uts/common/inet/ipf/ip_nat.c +++ b/usr/src/uts/common/inet/ipf/ip_nat.c @@ -187,21 +187,6 @@ ipf_stack_t *ifs; { int i; - ifs->ifs_ipf_nattable_sz = NAT_TABLE_SZ; - ifs->ifs_ipf_nattable_max = NAT_TABLE_MAX; - ifs->ifs_ipf_natrules_sz = NAT_SIZE; - ifs->ifs_ipf_rdrrules_sz = RDR_SIZE; - ifs->ifs_ipf_hostmap_sz = HOSTMAP_SIZE; - ifs->ifs_fr_nat_maxbucket_reset = 1; -#ifdef IPFILTER_LOG - ifs->ifs_nat_logging = 1; -#else - ifs->ifs_nat_logging = 0; -#endif - ifs->ifs_fr_defnatage = DEF_NAT_AGE; - ifs->ifs_fr_defnatipage = 120; /* 60 seconds */ - ifs->ifs_fr_defnaticmpage = 6; /* 3 seconds */ - KMALLOCS(ifs->ifs_nat_table[0], nat_t **, sizeof(nat_t *) * ifs->ifs_ipf_nattable_sz); if (ifs->ifs_nat_table[0] != NULL) diff --git a/usr/src/uts/common/inet/ipf/ip_state.c b/usr/src/uts/common/inet/ipf/ip_state.c index 4392746761..23bdc348b8 100644 --- a/usr/src/uts/common/inet/ipf/ip_state.c +++ b/usr/src/uts/common/inet/ipf/ip_state.c @@ -159,26 +159,6 @@ ipf_stack_t *ifs; { int i; - ifs->ifs_fr_tcpidletimeout = FIVE_DAYS; - ifs->ifs_fr_tcpclosewait = IPF_TTLVAL(TCP_MSL); - ifs->ifs_fr_tcplastack = IPF_TTLVAL(TCP_MSL); - ifs->ifs_fr_tcptimeout = IPF_TTLVAL(TCP_MSL); - ifs->ifs_fr_tcpclosed = IPF_TTLVAL(60); - ifs->ifs_fr_tcphalfclosed = IPF_TTLVAL(2 * 3600); /* 2 hours */ - ifs->ifs_fr_udptimeout = IPF_TTLVAL(120); - ifs->ifs_fr_udpacktimeout = IPF_TTLVAL(12); - ifs->ifs_fr_icmptimeout = IPF_TTLVAL(60); - ifs->ifs_fr_icmpacktimeout = IPF_TTLVAL(6); - ifs->ifs_fr_iptimeout = IPF_TTLVAL(60); - ifs->ifs_fr_statemax = IPSTATE_MAX; - ifs->ifs_fr_statesize = IPSTATE_SIZE; - ifs->ifs_fr_state_maxbucket_reset = 1; -#ifdef IPFILTER_LOG - ifs->ifs_ipstate_logging = 1; -#else - ifs->ifs_ipstate_logging = 0; -#endif - KMALLOCS(ifs->ifs_ips_table, ipstate_t **, ifs->ifs_fr_statesize * sizeof(ipstate_t *)); if (ifs->ifs_ips_table == NULL) |