377 			errx(1, "pf already enabled");  in pfctl_enable()
384 		fprintf(stderr, "pf enabled\n");  in pfctl_enable()
400 			errx(1, "pf not enabled");  in pfctl_disable()
405 		fprintf(stderr, "pf disabled\n");  in pfctl_disable()
421 		fprintf(stderr, "pf: statistics cleared\n");  in pfctl_clear_stats()
464 pfctl_adjust_skip_ifaces(struct pfctl *pf)  in pfctl_adjust_skip_ifaces()  argument
473 		pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);  in pfctl_adjust_skip_ifaces()
483 					pfctl_set_interface_flags(pf,  in pfctl_adjust_skip_ifaces()
494 		pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);  in pfctl_adjust_skip_ifaces()
510 			fprintf(stderr, "pf: interface flags reset\n");  in pfctl_clear_interface_flags()
1838 pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, int which)  in pfctl_add_pool()  argument
1844 		memcpy(&pf->paddr.addr, pa, sizeof(struct pfctl_pooladdr));  in pfctl_add_pool()
1845 		pf->paddr.af = pa->af;  in pfctl_add_pool()
1846 		if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_add_pool()
1847 			if ((ret = pfctl_add_addr(pf->h, &pf->paddr, which)) != 0)  in pfctl_add_pool()
1864 pfctl_append_rule(struct pfctl *pf, struct pfctl_rule *r)  in pfctl_append_rule()  argument
1874 	rs = &pf->anchor->ruleset;  in pfctl_append_rule()
1890 pfctl_append_eth_rule(struct pfctl *pf, struct pfctl_eth_rule *r,  in pfctl_append_eth_rule()  argument
1897 	rs = &pf->eanchor->ruleset;  in pfctl_append_eth_rule()
1931 pfctl_eth_ruleset_trans(struct pfctl *pf, char *path,  in pfctl_eth_ruleset_trans()  argument
1934 	int osize = pf->trans->pfrb_size;  in pfctl_eth_ruleset_trans()
1936 	if ((pf->loadopt & PFCTL_FLAG_ETH) != 0) {  in pfctl_eth_ruleset_trans()
1937 		if (pfctl_add_trans(pf->trans, PF_RULESET_ETH, path))  in pfctl_eth_ruleset_trans()
1940 	if (pfctl_trans(pf->dev, pf->trans, DIOCXBEGIN, osize))  in pfctl_eth_ruleset_trans()
1947 pfctl_ruleset_trans(struct pfctl *pf, char *path, struct pfctl_anchor *a, bool do_eth)  in pfctl_ruleset_trans()  argument
1949 	int osize = pf->trans->pfrb_size;  in pfctl_ruleset_trans()
1951 	if ((pf->loadopt & PFCTL_FLAG_ETH) != 0 && do_eth) {  in pfctl_ruleset_trans()
1952 		if (pfctl_add_trans(pf->trans, PF_RULESET_ETH, path))  in pfctl_ruleset_trans()
1955 	if ((pf->loadopt & PFCTL_FLAG_NAT) != 0) {  in pfctl_ruleset_trans()
1956 		if (pfctl_add_trans(pf->trans, PF_RULESET_NAT, path) ||  in pfctl_ruleset_trans()
1957 		    pfctl_add_trans(pf->trans, PF_RULESET_BINAT, path) ||  in pfctl_ruleset_trans()
1958 		    pfctl_add_trans(pf->trans, PF_RULESET_RDR, path))  in pfctl_ruleset_trans()
1961 	if (a == pf->astack[0] && ((altqsupport &&  in pfctl_ruleset_trans()
1962 	    (pf->loadopt & PFCTL_FLAG_ALTQ) != 0))) {  in pfctl_ruleset_trans()
1963 		if (pfctl_add_trans(pf->trans, PF_RULESET_ALTQ, path))  in pfctl_ruleset_trans()
1966 	if ((pf->loadopt & PFCTL_FLAG_FILTER) != 0) {  in pfctl_ruleset_trans()
1967 		if (pfctl_add_trans(pf->trans, PF_RULESET_SCRUB, path) ||  in pfctl_ruleset_trans()
1968 		    pfctl_add_trans(pf->trans, PF_RULESET_FILTER, path))  in pfctl_ruleset_trans()
1971 	if (pf->loadopt & PFCTL_FLAG_TABLE)  in pfctl_ruleset_trans()
1972 		if (pfctl_add_trans(pf->trans, PF_RULESET_TABLE, path))  in pfctl_ruleset_trans()
1974 	if (pfctl_trans(pf->dev, pf->trans, DIOCXBEGIN, osize))  in pfctl_ruleset_trans()
1981 pfctl_load_eth_ruleset(struct pfctl *pf, char *path,  in pfctl_load_eth_ruleset()  argument
1988 	pf->eanchor = rs->anchor;  in pfctl_load_eth_ruleset()
1990 		snprintf(&path[len], MAXPATHLEN - len, "/%s", pf->eanchor->name);  in pfctl_load_eth_ruleset()
1992 		snprintf(&path[len], MAXPATHLEN - len, "%s", pf->eanchor->name);  in pfctl_load_eth_ruleset()
1997 			if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_eth_ruleset()
1999 			if ((pf->opts & PF_OPT_NOACTION) == 0 &&  in pfctl_load_eth_ruleset()
2000 			    (error = pfctl_eth_ruleset_trans(pf,  in pfctl_load_eth_ruleset()
2006 		} else if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_eth_ruleset()
2013 		error = pfctl_load_eth_rule(pf, path, r, depth);  in pfctl_load_eth_ruleset()
2018 			if ((error = pfctl_load_eth_ruleset(pf, path,  in pfctl_load_eth_ruleset()
2021 		} else if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_eth_ruleset()
2025 	if (brace && pf->opts & PF_OPT_VERBOSE) {  in pfctl_load_eth_ruleset()
2026 		INDENT(depth - 1, (pf->opts & PF_OPT_VERBOSE));  in pfctl_load_eth_ruleset()
2038 pfctl_load_eth_rule(struct pfctl *pf, char *path, struct pfctl_eth_rule *r,  in pfctl_load_eth_rule()  argument
2063 	if ((pf->opts & PF_OPT_NOACTION) == 0)  in pfctl_load_eth_rule()
2064 		if ((ret = pfctl_add_eth_rule(pf->dev, r, anchor, name,  in pfctl_load_eth_rule()
2065 		    pf->eth_ticket)) != 0)  in pfctl_load_eth_rule()
2068 	if (pf->opts & PF_OPT_VERBOSE) {  in pfctl_load_eth_rule()
2069 		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));  in pfctl_load_eth_rule()
2071 		    pf->opts & (PF_OPT_VERBOSE2 | PF_OPT_DEBUG));  in pfctl_load_eth_rule()
2080 pfctl_load_tables(struct pfctl *pf, char *path, struct pfctl_anchor *a,  in pfctl_load_tables()  argument
2101 		    pf->anchor->ruleset.tticket,  in pfctl_load_tables()
2115 pfctl_load_ruleset(struct pfctl *pf, char *path, struct pfctl_ruleset *rs,  in pfctl_load_ruleset()  argument
2122 	pf->anchor = rs->anchor;  in pfctl_load_ruleset()
2125 		snprintf(&path[len], MAXPATHLEN - len, "/%s", pf->anchor->name);  in pfctl_load_ruleset()
2127 		snprintf(&path[len], MAXPATHLEN - len, "%s", pf->anchor->name);  in pfctl_load_ruleset()
2132 			if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_ruleset()
2134 			if ((pf->opts & PF_OPT_NOACTION) == 0 &&  in pfctl_load_ruleset()
2135 			    (error = pfctl_ruleset_trans(pf,  in pfctl_load_ruleset()
2141 		} else if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_ruleset()
2145 	if (pf->optimize && rs_num == PF_RULESET_FILTER)  in pfctl_load_ruleset()
2146 		pfctl_optimize_ruleset(pf, rs);  in pfctl_load_ruleset()
2156 		if ((error = pfctl_load_rule(pf, path, r, depth)))  in pfctl_load_ruleset()
2159 			if ((error = pfctl_load_ruleset(pf, path,  in pfctl_load_ruleset()
2162 			if ((error = pfctl_load_tables(pf, path, r->anchor, rs_num)))  in pfctl_load_ruleset()
2164 		} else if (pf->opts & PF_OPT_VERBOSE)  in pfctl_load_ruleset()
2168 	if (brace && pf->opts & PF_OPT_VERBOSE) {  in pfctl_load_ruleset()
2169 		INDENT(depth - 1, (pf->opts & PF_OPT_VERBOSE));  in pfctl_load_ruleset()
2182 pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth)  in pfctl_load_rule()  argument
2193 	if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_load_rule()
2194 		if (pf->trans == NULL)  in pfctl_load_rule()
2196 		ticket = pfctl_get_ticket(pf->trans, rs_num, path);  in pfctl_load_rule()
2198 			 pf->anchor->ruleset.tticket = ticket;  in pfctl_load_rule()
2218 	if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_load_rule()
2219 		if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_load_rule()
2220 			if ((error = pfctl_begin_addrs(pf->h,  in pfctl_load_rule()
2221 			    &pf->paddr.ticket)) != 0)  in pfctl_load_rule()
2225 		if (pfctl_add_pool(pf, &r->rdr, PF_RDR))  in pfctl_load_rule()
2227 		if (pfctl_add_pool(pf, &r->nat, PF_NAT))  in pfctl_load_rule()
2229 		if (pfctl_add_pool(pf, &r->route, PF_RT))  in pfctl_load_rule()
2231 		error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket,  in pfctl_load_rule()
2232 		    pf->paddr.ticket);  in pfctl_load_rule()
2246 	if (pf->opts & PF_OPT_VERBOSE) {  in pfctl_load_rule()
2247 		INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));  in pfctl_load_rule()
2249 		    pf->opts & PF_OPT_VERBOSE2,  in pfctl_load_rule()
2250 		    pf->opts & PF_OPT_NUMERIC);  in pfctl_load_rule()
2261 pfctl_add_altq(struct pfctl *pf, struct pf_altq *a)  in pfctl_add_altq()  argument
2265 		memcpy(&pf->paltq->altq, a, sizeof(struct pf_altq));  in pfctl_add_altq()
2266 		if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_add_altq()
2267 			if (ioctl(pf->dev, DIOCADDALTQ, pf->paltq)) {  in pfctl_add_altq()
2277 		pfaltq_store(&pf->paltq->altq);  in pfctl_add_altq()
2291 	struct pfctl		 pf;  in pfctl_rules()  local
2301 	memset(&pf, 0, sizeof(pf));  in pfctl_rules()
2312 		pf.trans = &buf;  in pfctl_rules()
2322 	memset(&pf, 0, sizeof(pf));  in pfctl_rules()
2329 	pf.dev = dev;  in pfctl_rules()
2330 	pf.h = pfh;  in pfctl_rules()
2331 	pf.opts = opts;  in pfctl_rules()
2332 	pf.optimize = optimize;  in pfctl_rules()
2333 	pf.loadopt = loadopt;  in pfctl_rules()
2336 	if ((pf.anchor = calloc(1, sizeof(*pf.anchor))) == NULL)  in pfctl_rules()
2338 	rs = &pf.anchor->ruleset;  in pfctl_rules()
2340 	rs->anchor = pf.anchor;  in pfctl_rules()
2341 	if (strlcpy(pf.anchor->path, anchorname,  in pfctl_rules()
2342 	    sizeof(pf.anchor->path)) >= sizeof(pf.anchor->path))  in pfctl_rules()
2344 	if (strlcpy(pf.anchor->name, anchorname,  in pfctl_rules()
2345 	    sizeof(pf.anchor->name)) >= sizeof(pf.anchor->name))  in pfctl_rules()
2349 	pf.astack[0] = pf.anchor;  in pfctl_rules()
2350 	pf.asd = 0;  in pfctl_rules()
2352 		pf.loadopt &= ~PFCTL_FLAG_ALTQ;  in pfctl_rules()
2353 	pf.paltq = &pa;  in pfctl_rules()
2354 	pf.trans = t;  in pfctl_rules()
2355 	pfctl_init_options(&pf);  in pfctl_rules()
2358 	if ((pf.eanchor = calloc(1, sizeof(*pf.eanchor))) == NULL)  in pfctl_rules()
2361 	if (strlcpy(pf.eanchor->path, anchorname,  in pfctl_rules()
2362 	    sizeof(pf.eanchor->path)) >= sizeof(pf.eanchor->path))  in pfctl_rules()
2364 	if (strlcpy(pf.eanchor->name, anchorname,  in pfctl_rules()
2365 	    sizeof(pf.eanchor->name)) >= sizeof(pf.eanchor->name))  in pfctl_rules()
2368 	ethrs = &pf.eanchor->ruleset;  in pfctl_rules()
2370 	ethrs->anchor = pf.eanchor;  in pfctl_rules()
2371 	pf.eastack[0] = pf.eanchor;  in pfctl_rules()
2379 		if (pfctl_ruleset_trans(&pf, anchorname, pf.anchor, true))  in pfctl_rules()
2381 		if (pf.loadopt & PFCTL_FLAG_ETH)  in pfctl_rules()
2382 			pf.eth_ticket = pfctl_get_ticket(t, PF_RULESET_ETH, anchorname);  in pfctl_rules()
2383 		if (altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ))  in pfctl_rules()
2386 		if (pf.loadopt & PFCTL_FLAG_TABLE)  in pfctl_rules()
2387 			pf.astack[0]->ruleset.tticket =  in pfctl_rules()
2391 	if (parse_config(filename, &pf) < 0) {  in pfctl_rules()
2394 			    "pf rules not loaded");  in pfctl_rules()
2399 		pfctl_adjust_skip_ifaces(&pf);  in pfctl_rules()
2401 	if ((pf.loadopt & PFCTL_FLAG_FILTER &&  in pfctl_rules()
2402 	    (pfctl_load_ruleset(&pf, path, rs, PF_RULESET_SCRUB, 0))) ||  in pfctl_rules()
2403 	    (pf.loadopt & PFCTL_FLAG_ETH &&  in pfctl_rules()
2404 	    (pfctl_load_eth_ruleset(&pf, path, ethrs, 0))) ||  in pfctl_rules()
2405 	    (pf.loadopt & PFCTL_FLAG_NAT &&  in pfctl_rules()
2406 	    (pfctl_load_ruleset(&pf, path, rs, PF_RULESET_NAT, 0) ||  in pfctl_rules()
2407 	    pfctl_load_ruleset(&pf, path, rs, PF_RULESET_RDR, 0) ||  in pfctl_rules()
2408 	    pfctl_load_ruleset(&pf, path, rs, PF_RULESET_BINAT, 0))) ||  in pfctl_rules()
2409 	    (pf.loadopt & PFCTL_FLAG_FILTER &&  in pfctl_rules()
2410 	    pfctl_load_ruleset(&pf, path, rs, PF_RULESET_FILTER, 0))) {  in pfctl_rules()
2417 	if ((altqsupport && (pf.loadopt & PFCTL_FLAG_ALTQ) != 0))  in pfctl_rules()
2423 		if (pfctl_load_anchors(dev, &pf) == -1)  in pfctl_rules()
2427 			if (!anchorname[0] && pfctl_load_options(&pf))  in pfctl_rules()
2473 pfctl_init_options(struct pfctl *pf)  in pfctl_init_options()  argument
2476 	pf->timeout[PFTM_TCP_FIRST_PACKET] = PFTM_TCP_FIRST_PACKET_VAL;  in pfctl_init_options()
2477 	pf->timeout[PFTM_TCP_OPENING] = PFTM_TCP_OPENING_VAL;  in pfctl_init_options()
2478 	pf->timeout[PFTM_TCP_ESTABLISHED] = PFTM_TCP_ESTABLISHED_VAL;  in pfctl_init_options()
2479 	pf->timeout[PFTM_TCP_CLOSING] = PFTM_TCP_CLOSING_VAL;  in pfctl_init_options()
2480 	pf->timeout[PFTM_TCP_FIN_WAIT] = PFTM_TCP_FIN_WAIT_VAL;  in pfctl_init_options()
2481 	pf->timeout[PFTM_TCP_CLOSED] = PFTM_TCP_CLOSED_VAL;  in pfctl_init_options()
2482 	pf->timeout[PFTM_SCTP_FIRST_PACKET] = PFTM_TCP_FIRST_PACKET_VAL;  in pfctl_init_options()
2483 	pf->timeout[PFTM_SCTP_OPENING] = PFTM_TCP_OPENING_VAL;  in pfctl_init_options()
2484 	pf->timeout[PFTM_SCTP_ESTABLISHED] = PFTM_TCP_ESTABLISHED_VAL;  in pfctl_init_options()
2485 	pf->timeout[PFTM_SCTP_CLOSING] = PFTM_TCP_CLOSING_VAL;  in pfctl_init_options()
2486 	pf->timeout[PFTM_SCTP_CLOSED] = PFTM_TCP_CLOSED_VAL;  in pfctl_init_options()
2487 	pf->timeout[PFTM_UDP_FIRST_PACKET] = PFTM_UDP_FIRST_PACKET_VAL;  in pfctl_init_options()
2488 	pf->timeout[PFTM_UDP_SINGLE] = PFTM_UDP_SINGLE_VAL;  in pfctl_init_options()
2489 	pf->timeout[PFTM_UDP_MULTIPLE] = PFTM_UDP_MULTIPLE_VAL;  in pfctl_init_options()
2490 	pf->timeout[PFTM_ICMP_FIRST_PACKET] = PFTM_ICMP_FIRST_PACKET_VAL;  in pfctl_init_options()
2491 	pf->timeout[PFTM_ICMP_ERROR_REPLY] = PFTM_ICMP_ERROR_REPLY_VAL;  in pfctl_init_options()
2492 	pf->timeout[PFTM_OTHER_FIRST_PACKET] = PFTM_OTHER_FIRST_PACKET_VAL;  in pfctl_init_options()
2493 	pf->timeout[PFTM_OTHER_SINGLE] = PFTM_OTHER_SINGLE_VAL;  in pfctl_init_options()
2494 	pf->timeout[PFTM_OTHER_MULTIPLE] = PFTM_OTHER_MULTIPLE_VAL;  in pfctl_init_options()
2495 	pf->timeout[PFTM_FRAG] = PFTM_FRAG_VAL;  in pfctl_init_options()
2496 	pf->timeout[PFTM_INTERVAL] = PFTM_INTERVAL_VAL;  in pfctl_init_options()
2497 	pf->timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL;  in pfctl_init_options()
2498 	pf->timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL;  in pfctl_init_options()
2499 	pf->timeout[PFTM_ADAPTIVE_START] = PFSTATE_ADAPT_START;  in pfctl_init_options()
2500 	pf->timeout[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END;  in pfctl_init_options()
2502 	pf->limit[PF_LIMIT_STATES] = PFSTATE_HIWAT;  in pfctl_init_options()
2503 	pf->limit[PF_LIMIT_FRAGS] = PFFRAG_FRENT_HIWAT;  in pfctl_init_options()
2505 	pf->limit[PF_LIMIT_SRC_NODES] = (limit_curr[PF_LIMIT_SRC_NODES] == 0) ?  in pfctl_init_options()
2507 	pf->limit[PF_LIMIT_TABLE_ENTRIES] =  in pfctl_init_options()
2510 	pf->limit[PF_LIMIT_ANCHORS] = (limit_curr[PF_LIMIT_ANCHORS] == 0) ?  in pfctl_init_options()
2513 	pf->debug = PF_DEBUG_URGENT;  in pfctl_init_options()
2514 	pf->reassemble = 0;  in pfctl_init_options()
2516 	pf->syncookies = false;  in pfctl_init_options()
2517 	pf->syncookieswat[0] = PF_SYNCOOKIES_LOWATPCT;  in pfctl_init_options()
2518 	pf->syncookieswat[1] = PF_SYNCOOKIES_HIWATPCT;  in pfctl_init_options()
2522 pfctl_load_options(struct pfctl *pf)  in pfctl_load_options()  argument
2531 		if ((pf->opts & PF_OPT_MERGE) && !pf->limit_set[i])  in pfctl_load_options()
2533 		if (pfctl_load_limit(pf, i, pf->limit[i]))  in pfctl_load_options()
2541 	if (pf->limit_set[PF_LIMIT_STATES] &&  in pfctl_load_options()
2542 	    !pf->timeout_set[PFTM_ADAPTIVE_START] &&  in pfctl_load_options()
2543 	    !pf->timeout_set[PFTM_ADAPTIVE_END]) {  in pfctl_load_options()
2544 		pf->timeout[PFTM_ADAPTIVE_START] =  in pfctl_load_options()
2545 			(pf->limit[PF_LIMIT_STATES] / 10) * 6;  in pfctl_load_options()
2546 		pf->timeout_set[PFTM_ADAPTIVE_START] = 1;  in pfctl_load_options()
2547 		pf->timeout[PFTM_ADAPTIVE_END] =  in pfctl_load_options()
2548 			(pf->limit[PF_LIMIT_STATES] / 10) * 12;  in pfctl_load_options()
2549 		pf->timeout_set[PFTM_ADAPTIVE_END] = 1;  in pfctl_load_options()
2554 		if ((pf->opts & PF_OPT_MERGE) && !pf->timeout_set[i])  in pfctl_load_options()
2556 		if (pfctl_load_timeout(pf, i, pf->timeout[i]))  in pfctl_load_options()
2561 	if (!(pf->opts & PF_OPT_MERGE) || pf->debug_set)  in pfctl_load_options()
2562 		if (pfctl_load_debug(pf, pf->debug))  in pfctl_load_options()
2566 	if (!(pf->opts & PF_OPT_MERGE) || pf->ifname_set)  in pfctl_load_options()
2567 		if (pfctl_load_logif(pf, pf->ifname))  in pfctl_load_options()
2571 	if (!(pf->opts & PF_OPT_MERGE) || pf->hostid_set)  in pfctl_load_options()
2572 		if (pfctl_load_hostid(pf, pf->hostid))  in pfctl_load_options()
2576 	if (!(pf->opts & PF_OPT_MERGE) || pf->reass_set)  in pfctl_load_options()
2577 		if (pfctl_load_reassembly(pf, pf->reassemble))  in pfctl_load_options()
2581 	if (pfctl_set_keepcounters(pf->dev, pf->keep_counters))  in pfctl_load_options()
2585 	if (pfctl_load_syncookies(pf, pf->syncookies))  in pfctl_load_options()
2592 pfctl_apply_limit(struct pfctl *pf, const char *opt, unsigned int limit)  in pfctl_apply_limit()  argument
2599 			pf->limit[pf_limits[i].index] = limit;  in pfctl_apply_limit()
2600 			pf->limit_set[pf_limits[i].index] = 1;  in pfctl_apply_limit()
2609 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_apply_limit()
2612 	if ((pf->opts & PF_OPT_NOACTION) == 0)  in pfctl_apply_limit()
2613 		pfctl_load_options(pf);  in pfctl_apply_limit()
2619 pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)  in pfctl_load_limit()  argument
2623 	if (pfctl_set_limit(pf->h, index, limit)) {  in pfctl_load_limit()
2639 pfctl_apply_timeout(struct pfctl *pf, const char *opt, int seconds, int quiet)  in pfctl_apply_timeout()  argument
2648 			pf->timeout[pf_timeouts[i].timeout] = seconds;  in pfctl_apply_timeout()
2649 			pf->timeout_set[pf_timeouts[i].timeout] = 1;  in pfctl_apply_timeout()
2660 	if (pf->opts & PF_OPT_VERBOSE && ! quiet)  in pfctl_apply_timeout()
2667 pfctl_load_timeout(struct pfctl *pf, unsigned int timeout, unsigned int seconds)  in pfctl_load_timeout()  argument
2669 	if (pfctl_set_timeout(pf->h, timeout, seconds)) {  in pfctl_load_timeout()
2677 pfctl_set_reassembly(struct pfctl *pf, int on, int nodf)  in pfctl_set_reassembly()  argument
2682 	pf->reass_set = 1;  in pfctl_set_reassembly()
2684 		pf->reassemble = PF_REASS_ENABLED;  in pfctl_set_reassembly()
2686 			pf->reassemble |= PF_REASS_NODF;  in pfctl_set_reassembly()
2688 		pf->reassemble = 0;  in pfctl_set_reassembly()
2691 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_set_reassembly()
2699 pfctl_set_optimization(struct pfctl *pf, const char *opt)  in pfctl_set_optimization()  argument
2718 		if ((r = pfctl_apply_timeout(pf, hint[i].name,  in pfctl_set_optimization()
2722 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_set_optimization()
2729 pfctl_set_logif(struct pfctl *pf, char *ifname)  in pfctl_set_logif()  argument
2736 		free(pf->ifname);  in pfctl_set_logif()
2737 		pf->ifname = NULL;  in pfctl_set_logif()
2739 		pf->ifname = strdup(ifname);  in pfctl_set_logif()
2740 		if (!pf->ifname)  in pfctl_set_logif()
2743 	pf->ifname_set = 1;  in pfctl_set_logif()
2745 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_set_logif()
2752 pfctl_load_logif(struct pfctl *pf, char *ifname)  in pfctl_load_logif()  argument
2762 pfctl_set_hostid(struct pfctl *pf, u_int32_t hostid)  in pfctl_set_hostid()  argument
2769 	pf->hostid = hostid;  in pfctl_set_hostid()
2770 	pf->hostid_set = 1;  in pfctl_set_hostid()
2772 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_set_hostid()
2777 pfctl_load_hostid(struct pfctl *pf, u_int32_t hostid)  in pfctl_load_hostid()  argument
2787 pfctl_load_reassembly(struct pfctl *pf, u_int32_t reassembly)  in pfctl_load_reassembly()  argument
2797 pfctl_load_syncookies(struct pfctl *pf, u_int8_t val)  in pfctl_load_syncookies()  argument
2804 	cookies.lowwater = pf->syncookieswat[0];  in pfctl_load_syncookies()
2805 	cookies.highwater = pf->syncookieswat[1];  in pfctl_load_syncookies()
2815 pfctl_cfg_syncookies(struct pfctl *pf, uint8_t val, struct pfctl_watermarks *w)  in pfctl_cfg_syncookies()  argument
2830 		pf->syncookieswat[0] = w->lo;  in pfctl_cfg_syncookies()
2831 		pf->syncookieswat[1] = w->hi;  in pfctl_cfg_syncookies()
2832 		pf->syncookieswat_set = 1;  in pfctl_cfg_syncookies()
2835 	if (pf->opts & PF_OPT_VERBOSE) {  in pfctl_cfg_syncookies()
2841 			if (pf->syncookieswat_set)  in pfctl_cfg_syncookies()
2843 				    "end %u%%)\n", pf->syncookieswat[1],  in pfctl_cfg_syncookies()
2844 				    pf->syncookieswat[0]);  in pfctl_cfg_syncookies()
2853 	pf->syncookies = val;  in pfctl_cfg_syncookies()
2858 pfctl_do_set_debug(struct pfctl *pf, char *d)  in pfctl_do_set_debug()  argument
2867 		pf->debug = PF_DEBUG_NONE;  in pfctl_do_set_debug()
2869 		pf->debug = PF_DEBUG_URGENT;  in pfctl_do_set_debug()
2871 		pf->debug = PF_DEBUG_MISC;  in pfctl_do_set_debug()
2873 		pf->debug = PF_DEBUG_NOISY;  in pfctl_do_set_debug()
2879 	pf->debug_set = 1;  in pfctl_do_set_debug()
2880 	level = pf->debug;  in pfctl_do_set_debug()
2882 	if ((pf->opts & PF_OPT_NOACTION) == 0)  in pfctl_do_set_debug()
2886 	if (pf->opts & PF_OPT_VERBOSE)  in pfctl_do_set_debug()
2893 pfctl_load_debug(struct pfctl *pf, unsigned int level)  in pfctl_load_debug()  argument
2895 	if (pfctl_set_debug(pf->h, level)) {  in pfctl_load_debug()
2903 pfctl_set_interface_flags(struct pfctl *pf, char *ifname, int flags, int how)  in pfctl_set_interface_flags()  argument
2919 		pfctl_set_interface_flags(pf, n->ifname, flags, how);  in pfctl_set_interface_flags()
2925 	if ((pf->opts & PF_OPT_NOACTION) == 0) {  in pfctl_set_interface_flags()
2927 			if (ioctl(pf->dev, DIOCCLRIFFLAG, &pi))  in pfctl_set_interface_flags()
2928 				pfctl_err(pf->opts, 1, "DIOCCLRIFFLAG");  in pfctl_set_interface_flags()
2930 			if (ioctl(pf->dev, DIOCSETIFFLAG, &pi))  in pfctl_set_interface_flags()
3215 	struct pfctl pf;  in pfctl_reset()  local
3219 	memset(&pf, 0, sizeof(pf));  in pfctl_reset()
3220 	pf.dev = dev;  in pfctl_reset()
3221 	pf.h = pfh;  in pfctl_reset()
3222 	pfctl_init_options(&pf);  in pfctl_reset()
3225 	pf.debug_set = 1;  in pfctl_reset()
3226 	pf.reass_set = 1;  in pfctl_reset()
3227 	pf.syncookieswat_set = 1;  in pfctl_reset()
3228 	pf.ifname = strdup("none");  in pfctl_reset()
3229 	if (pf.ifname == NULL)  in pfctl_reset()
3231 	pf.ifname_set = 1;  in pfctl_reset()
3239 		pf.limit_set[pf_limits[i].index] = 1;  in pfctl_reset()
3242 		pf.timeout_set[pf_timeouts[i].timeout] = 1;  in pfctl_reset()
3244 	pfctl_load_options(&pf);  in pfctl_reset()
3735 	 * pf(4) options settings on successful exit.  in main()