Lines Matching refs:rule

436 	struct pf_krule		*rule;  in pf_get_kpool()  local
452 rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr, in pf_get_kpool()
455 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr); in pf_get_kpool()
461 rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr, in pf_get_kpool()
464 rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr); in pf_get_kpool()
467 while ((rule != NULL) && (rule->nr != rule_number)) in pf_get_kpool()
468 rule = TAILQ_NEXT(rule, entries); in pf_get_kpool()
470 if (rule == NULL) in pf_get_kpool()
475 return (&rule->rdr); in pf_get_kpool()
477 return (&rule->nat); in pf_get_kpool()
479 return (&rule->route); in pf_get_kpool()
520 pf_unlink_rule_locked(struct pf_krulequeue *rulequeue, struct pf_krule *rule) in pf_unlink_rule_locked() argument
526 TAILQ_REMOVE(rulequeue, rule, entries); in pf_unlink_rule_locked()
528 rule->rule_ref |= PFRULE_REFS; in pf_unlink_rule_locked()
529 TAILQ_INSERT_TAIL(&V_pf_unlinked_rules, rule, entries); in pf_unlink_rule_locked()
533 pf_unlink_rule(struct pf_krulequeue *rulequeue, struct pf_krule *rule) in pf_unlink_rule() argument
539 pf_unlink_rule_locked(rulequeue, rule); in pf_unlink_rule()
544 pf_free_eth_rule(struct pf_keth_rule *rule) in pf_free_eth_rule() argument
548 if (rule == NULL) in pf_free_eth_rule()
551 if (rule->tag) in pf_free_eth_rule()
552 tag_unref(&V_pf_tags, rule->tag); in pf_free_eth_rule()
553 if (rule->match_tag) in pf_free_eth_rule()
554 tag_unref(&V_pf_tags, rule->match_tag); in pf_free_eth_rule()
556 pf_qid_unref(rule->qid); in pf_free_eth_rule()
559 if (rule->bridge_to) in pf_free_eth_rule()
560 pfi_kkif_unref(rule->bridge_to); in pf_free_eth_rule()
561 if (rule->kif) in pf_free_eth_rule()
562 pfi_kkif_unref(rule->kif); in pf_free_eth_rule()
564 if (rule->ipsrc.addr.type == PF_ADDR_TABLE) in pf_free_eth_rule()
565 pfr_detach_table(rule->ipsrc.addr.p.tbl); in pf_free_eth_rule()
566 if (rule->ipdst.addr.type == PF_ADDR_TABLE) in pf_free_eth_rule()
567 pfr_detach_table(rule->ipdst.addr.p.tbl); in pf_free_eth_rule()
569 counter_u64_free(rule->evaluations); in pf_free_eth_rule()
571 counter_u64_free(rule->packets[i]); in pf_free_eth_rule()
572 counter_u64_free(rule->bytes[i]); in pf_free_eth_rule()
574 uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp); in pf_free_eth_rule()
575 pf_keth_anchor_remove(rule); in pf_free_eth_rule()
577 free(rule, M_PFRULE); in pf_free_eth_rule()
581 pf_free_rule(struct pf_krule *rule) in pf_free_rule() argument
587 if (rule->tag) in pf_free_rule()
588 tag_unref(&V_pf_tags, rule->tag); in pf_free_rule()
589 if (rule->match_tag) in pf_free_rule()
590 tag_unref(&V_pf_tags, rule->match_tag); in pf_free_rule()
592 if (rule->pqid != rule->qid) in pf_free_rule()
593 pf_qid_unref(rule->pqid); in pf_free_rule()
594 pf_qid_unref(rule->qid); in pf_free_rule()
596 switch (rule->src.addr.type) { in pf_free_rule()
598 pfi_dynaddr_remove(rule->src.addr.p.dyn); in pf_free_rule()
601 pfr_detach_table(rule->src.addr.p.tbl); in pf_free_rule()
604 switch (rule->dst.addr.type) { in pf_free_rule()
606 pfi_dynaddr_remove(rule->dst.addr.p.dyn); in pf_free_rule()
609 pfr_detach_table(rule->dst.addr.p.tbl); in pf_free_rule()
612 if (rule->overload_tbl) in pf_free_rule()
613 pfr_detach_table(rule->overload_tbl); in pf_free_rule()
614 if (rule->kif) in pf_free_rule()
615 pfi_kkif_unref(rule->kif); in pf_free_rule()
616 if (rule->rcv_kif) in pf_free_rule()
617 pfi_kkif_unref(rule->rcv_kif); in pf_free_rule()
618 pf_kanchor_remove(rule); in pf_free_rule()
619 pf_empty_kpool(&rule->rdr.list); in pf_free_rule()
620 pf_empty_kpool(&rule->nat.list); in pf_free_rule()
621 pf_empty_kpool(&rule->route.list); in pf_free_rule()
623 pf_krule_free(rule); in pf_free_rule()
774 struct pf_keth_rule *rule, *tmp; in pf_begin_eth() local
784 TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries, in pf_begin_eth()
786 TAILQ_REMOVE(rs->inactive.rules, rule, in pf_begin_eth()
788 pf_free_eth_rule(rule); in pf_begin_eth()
800 struct pf_keth_rule *rule, *tmp; in pf_rollback_eth() local
814 TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries, in pf_rollback_eth()
816 TAILQ_REMOVE(rs->inactive.rules, rule, entries); in pf_rollback_eth()
817 pf_free_eth_rule(rule); in pf_rollback_eth()
1203 struct pf_krule *rule; in pf_begin_rules() local
1220 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) { in pf_begin_rules()
1221 pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule); in pf_begin_rules()
1233 struct pf_krule *rule; in pf_rollback_rules() local
1243 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) { in pf_rollback_rules()
1244 pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule); in pf_rollback_rules()
1293 pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) in pf_hash_rule_rolling() argument
1298 pf_hash_rule_addr(ctx, &rule->src); in pf_hash_rule_rolling()
1299 pf_hash_rule_addr(ctx, &rule->dst); in pf_hash_rule_rolling()
1301 PF_MD5_UPD_STR(rule, label[i]); in pf_hash_rule_rolling()
1302 PF_MD5_UPD_STR(rule, ifname); in pf_hash_rule_rolling()
1303 PF_MD5_UPD_STR(rule, rcv_ifname); in pf_hash_rule_rolling()
1304 PF_MD5_UPD_STR(rule, match_tagname); in pf_hash_rule_rolling()
1305 PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ in pf_hash_rule_rolling()
1306 PF_MD5_UPD_HTONL(rule, os_fingerprint, y); in pf_hash_rule_rolling()
1307 PF_MD5_UPD_HTONL(rule, prob, y); in pf_hash_rule_rolling()
1308 PF_MD5_UPD_HTONL(rule, uid.uid[0], y); in pf_hash_rule_rolling()
1309 PF_MD5_UPD_HTONL(rule, uid.uid[1], y); in pf_hash_rule_rolling()
1310 PF_MD5_UPD(rule, uid.op); in pf_hash_rule_rolling()
1311 PF_MD5_UPD_HTONL(rule, gid.gid[0], y); in pf_hash_rule_rolling()
1312 PF_MD5_UPD_HTONL(rule, gid.gid[1], y); in pf_hash_rule_rolling()
1313 PF_MD5_UPD(rule, gid.op); in pf_hash_rule_rolling()
1314 PF_MD5_UPD_HTONL(rule, rule_flag, y); in pf_hash_rule_rolling()
1315 PF_MD5_UPD(rule, action); in pf_hash_rule_rolling()
1316 PF_MD5_UPD(rule, direction); in pf_hash_rule_rolling()
1317 PF_MD5_UPD(rule, af); in pf_hash_rule_rolling()
1318 PF_MD5_UPD(rule, quick); in pf_hash_rule_rolling()
1319 PF_MD5_UPD(rule, ifnot); in pf_hash_rule_rolling()
1320 PF_MD5_UPD(rule, rcvifnot); in pf_hash_rule_rolling()
1321 PF_MD5_UPD(rule, match_tag_not); in pf_hash_rule_rolling()
1322 PF_MD5_UPD(rule, natpass); in pf_hash_rule_rolling()
1323 PF_MD5_UPD(rule, keep_state); in pf_hash_rule_rolling()
1324 PF_MD5_UPD(rule, proto); in pf_hash_rule_rolling()
1325 PF_MD5_UPD(rule, type); in pf_hash_rule_rolling()
1326 PF_MD5_UPD(rule, code); in pf_hash_rule_rolling()
1327 PF_MD5_UPD(rule, flags); in pf_hash_rule_rolling()
1328 PF_MD5_UPD(rule, flagset); in pf_hash_rule_rolling()
1329 PF_MD5_UPD(rule, allow_opts); in pf_hash_rule_rolling()
1330 PF_MD5_UPD(rule, rt); in pf_hash_rule_rolling()
1331 PF_MD5_UPD(rule, tos); in pf_hash_rule_rolling()
1332 PF_MD5_UPD(rule, scrub_flags); in pf_hash_rule_rolling()
1333 PF_MD5_UPD(rule, min_ttl); in pf_hash_rule_rolling()
1334 PF_MD5_UPD(rule, set_tos); in pf_hash_rule_rolling()
1335 if (rule->anchor != NULL) in pf_hash_rule_rolling()
1336 PF_MD5_UPD_STR(rule, anchor->path); in pf_hash_rule_rolling()
1340 pf_hash_rule(struct pf_krule *rule) in pf_hash_rule() argument
1345 pf_hash_rule_rolling(&ctx, rule); in pf_hash_rule()
1346 MD5Final(rule->md5sum, &ctx); in pf_hash_rule()
1360 struct pf_krule *rule, **old_array, *old_rule; in pf_commit_rules() local
1399 TAILQ_FOREACH(rule, rs->rules[rs_num].active.ptr, in pf_commit_rules()
1401 old_rule = RB_FIND(pf_krule_global, old_tree, rule); in pf_commit_rules()
1406 pf_counter_u64_rollup_protected(&rule->evaluations, in pf_commit_rules()
1408 pf_counter_u64_rollup_protected(&rule->packets[0], in pf_commit_rules()
1410 pf_counter_u64_rollup_protected(&rule->packets[1], in pf_commit_rules()
1412 pf_counter_u64_rollup_protected(&rule->bytes[0], in pf_commit_rules()
1414 pf_counter_u64_rollup_protected(&rule->bytes[1], in pf_commit_rules()
1431 while ((rule = TAILQ_FIRST(old_rules)) != NULL) in pf_commit_rules()
1432 pf_unlink_rule_locked(old_rules, rule); in pf_commit_rules()
1449 struct pf_krule *rule; in pf_setup_pfsync_matching() local
1473 TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr, in pf_setup_pfsync_matching()
1475 pf_hash_rule_rolling(&ctx, rule); in pf_setup_pfsync_matching()
1476 (rs->rules[rs_cnt].inactive.ptr_array)[rule->nr] = rule; in pf_setup_pfsync_matching()
1547 if (in->rule != NULL) in pf_src_node_copy()
1548 out->rule.nr = in->rule->nr; in pf_src_node_copy()
1818 struct pf_krule *rule; in pf_krule_alloc() local
1820 rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO); in pf_krule_alloc()
1821 mtx_init(&rule->nat.mtx, "pf_krule_nat_pool", NULL, MTX_DEF); in pf_krule_alloc()
1822 mtx_init(&rule->rdr.mtx, "pf_krule_rdr_pool", NULL, MTX_DEF); in pf_krule_alloc()
1823 mtx_init(&rule->route.mtx, "pf_krule_route_pool", NULL, MTX_DEF); in pf_krule_alloc()
1824 rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, in pf_krule_alloc()
1826 return (rule); in pf_krule_alloc()
1830 pf_krule_free(struct pf_krule *rule) in pf_krule_free() argument
1836 if (rule == NULL) in pf_krule_free()
1840 if (rule->allrulelinked) { in pf_krule_free()
1844 LIST_REMOVE(rule, allrulelist); in pf_krule_free()
1851 pf_counter_u64_deinit(&rule->evaluations); in pf_krule_free()
1853 pf_counter_u64_deinit(&rule->packets[i]); in pf_krule_free()
1854 pf_counter_u64_deinit(&rule->bytes[i]); in pf_krule_free()
1856 counter_u64_free(rule->states_cur); in pf_krule_free()
1857 counter_u64_free(rule->states_tot); in pf_krule_free()
1859 counter_u64_free(rule->src_nodes[sn_type]); in pf_krule_free()
1860 uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp); in pf_krule_free()
1862 mtx_destroy(&rule->nat.mtx); in pf_krule_free()
1863 mtx_destroy(&rule->rdr.mtx); in pf_krule_free()
1864 mtx_destroy(&rule->route.mtx); in pf_krule_free()
1865 free(rule, M_PFRULE); in pf_krule_free()
1869 pf_krule_clear_counters(struct pf_krule *rule) in pf_krule_clear_counters() argument
1871 pf_counter_u64_zero(&rule->evaluations); in pf_krule_clear_counters()
1873 pf_counter_u64_zero(&rule->packets[i]); in pf_krule_clear_counters()
1874 pf_counter_u64_zero(&rule->bytes[i]); in pf_krule_clear_counters()
1876 counter_u64_zero(rule->states_tot); in pf_krule_clear_counters()
1918 pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) in pf_rule_to_krule() argument
1923 if (rule->af == AF_INET) { in pf_rule_to_krule()
1928 if (rule->af == AF_INET6) { in pf_rule_to_krule()
1933 ret = pf_check_rule_addr(&rule->src); in pf_rule_to_krule()
1936 ret = pf_check_rule_addr(&rule->dst); in pf_rule_to_krule()
1940 bcopy(&rule->src, &krule->src, sizeof(rule->src)); in pf_rule_to_krule()
1941 bcopy(&rule->dst, &krule->dst, sizeof(rule->dst)); in pf_rule_to_krule()
1943 ret = pf_user_strcpy(krule->label[0], rule->label, sizeof(rule->label)); in pf_rule_to_krule()
1946 ret = pf_user_strcpy(krule->ifname, rule->ifname, sizeof(rule->ifname)); in pf_rule_to_krule()
1949 ret = pf_user_strcpy(krule->qname, rule->qname, sizeof(rule->qname)); in pf_rule_to_krule()
1952 ret = pf_user_strcpy(krule->pqname, rule->pqname, sizeof(rule->pqname)); in pf_rule_to_krule()
1955 ret = pf_user_strcpy(krule->tagname, rule->tagname, in pf_rule_to_krule()
1956 sizeof(rule->tagname)); in pf_rule_to_krule()
1959 ret = pf_user_strcpy(krule->match_tagname, rule->match_tagname, in pf_rule_to_krule()
1960 sizeof(rule->match_tagname)); in pf_rule_to_krule()
1963 ret = pf_user_strcpy(krule->overload_tblname, rule->overload_tblname, in pf_rule_to_krule()
1964 sizeof(rule->overload_tblname)); in pf_rule_to_krule()
1968 pf_pool_to_kpool(&rule->rpool, &krule->rdr); in pf_rule_to_krule()
1973 krule->os_fingerprint = rule->os_fingerprint; in pf_rule_to_krule()
1975 krule->rtableid = rule->rtableid; in pf_rule_to_krule()
1977 bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout)); in pf_rule_to_krule()
1978 krule->max_states = rule->max_states; in pf_rule_to_krule()
1979 krule->max_src_nodes = rule->max_src_nodes; in pf_rule_to_krule()
1980 krule->max_src_states = rule->max_src_states; in pf_rule_to_krule()
1981 krule->max_src_conn = rule->max_src_conn; in pf_rule_to_krule()
1982 krule->max_src_conn_rate.limit = rule->max_src_conn_rate.limit; in pf_rule_to_krule()
1983 krule->max_src_conn_rate.seconds = rule->max_src_conn_rate.seconds; in pf_rule_to_krule()
1984 krule->qid = rule->qid; in pf_rule_to_krule()
1985 krule->pqid = rule->pqid; in pf_rule_to_krule()
1986 krule->nr = rule->nr; in pf_rule_to_krule()
1987 krule->prob = rule->prob; in pf_rule_to_krule()
1988 krule->cuid = rule->cuid; in pf_rule_to_krule()
1989 krule->cpid = rule->cpid; in pf_rule_to_krule()
1991 krule->return_icmp = rule->return_icmp; in pf_rule_to_krule()
1992 krule->return_icmp6 = rule->return_icmp6; in pf_rule_to_krule()
1993 krule->max_mss = rule->max_mss; in pf_rule_to_krule()
1994 krule->tag = rule->tag; in pf_rule_to_krule()
1995 krule->match_tag = rule->match_tag; in pf_rule_to_krule()
1996 krule->scrub_flags = rule->scrub_flags; in pf_rule_to_krule()
1998 bcopy(&rule->uid, &krule->uid, sizeof(krule->uid)); in pf_rule_to_krule()
1999 bcopy(&rule->gid, &krule->gid, sizeof(krule->gid)); in pf_rule_to_krule()
2001 krule->rule_flag = rule->rule_flag; in pf_rule_to_krule()
2002 krule->action = rule->action; in pf_rule_to_krule()
2003 krule->direction = rule->direction; in pf_rule_to_krule()
2004 krule->log = rule->log; in pf_rule_to_krule()
2005 krule->logif = rule->logif; in pf_rule_to_krule()
2006 krule->quick = rule->quick; in pf_rule_to_krule()
2007 krule->ifnot = rule->ifnot; in pf_rule_to_krule()
2008 krule->match_tag_not = rule->match_tag_not; in pf_rule_to_krule()
2009 krule->natpass = rule->natpass; in pf_rule_to_krule()
2011 krule->keep_state = rule->keep_state; in pf_rule_to_krule()
2012 krule->af = rule->af; in pf_rule_to_krule()
2013 krule->proto = rule->proto; in pf_rule_to_krule()
2014 krule->type = rule->type; in pf_rule_to_krule()
2015 krule->code = rule->code; in pf_rule_to_krule()
2016 krule->flags = rule->flags; in pf_rule_to_krule()
2017 krule->flagset = rule->flagset; in pf_rule_to_krule()
2018 krule->min_ttl = rule->min_ttl; in pf_rule_to_krule()
2019 krule->allow_opts = rule->allow_opts; in pf_rule_to_krule()
2020 krule->rt = rule->rt; in pf_rule_to_krule()
2021 krule->return_ttl = rule->return_ttl; in pf_rule_to_krule()
2022 krule->tos = rule->tos; in pf_rule_to_krule()
2023 krule->set_tos = rule->set_tos; in pf_rule_to_krule()
2025 krule->flush = rule->flush; in pf_rule_to_krule()
2026 krule->prio = rule->prio; in pf_rule_to_krule()
2027 krule->set_prio[0] = rule->set_prio[0]; in pf_rule_to_krule()
2028 krule->set_prio[1] = rule->set_prio[1]; in pf_rule_to_krule()
2030 bcopy(&rule->divert, &krule->divert, sizeof(krule->divert)); in pf_rule_to_krule()
2048 rs_num = pf_get_ruleset_number(pr->rule.action); in pf_ioctl_getrules()
2066 pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, in pf_ioctl_addrule() argument
2077 if ((rule->return_icmp >> 8) > ICMP_MAXTYPE) { in pf_ioctl_addrule()
2084 if (rule->ifname[0]) in pf_ioctl_addrule()
2086 if (rule->rcv_ifname[0]) in pf_ioctl_addrule()
2088 pf_counter_u64_init(&rule->evaluations, M_WAITOK); in pf_ioctl_addrule()
2090 pf_counter_u64_init(&rule->packets[i], M_WAITOK); in pf_ioctl_addrule()
2091 pf_counter_u64_init(&rule->bytes[i], M_WAITOK); in pf_ioctl_addrule()
2093 rule->states_cur = counter_u64_alloc(M_WAITOK); in pf_ioctl_addrule()
2094 rule->states_tot = counter_u64_alloc(M_WAITOK); in pf_ioctl_addrule()
2096 rule->src_nodes[sn_type] = counter_u64_alloc(M_WAITOK); in pf_ioctl_addrule()
2097 rule->cuid = uid; in pf_ioctl_addrule()
2098 rule->cpid = pid; in pf_ioctl_addrule()
2099 TAILQ_INIT(&rule->rdr.list); in pf_ioctl_addrule()
2100 TAILQ_INIT(&rule->nat.list); in pf_ioctl_addrule()
2101 TAILQ_INIT(&rule->route.list); in pf_ioctl_addrule()
2106 LIST_INSERT_HEAD(&V_pf_allrulelist, rule, allrulelist); in pf_ioctl_addrule()
2107 MPASS(!rule->allrulelinked); in pf_ioctl_addrule()
2108 rule->allrulelinked = true; in pf_ioctl_addrule()
2114 rs_num = pf_get_ruleset_number(rule->action); in pf_ioctl_addrule()
2143 rule->nr = tail->nr + 1; in pf_ioctl_addrule()
2145 rule->nr = 0; in pf_ioctl_addrule()
2146 if (rule->ifname[0]) { in pf_ioctl_addrule()
2147 rule->kif = pfi_kkif_attach(kif, rule->ifname); in pf_ioctl_addrule()
2149 pfi_kkif_ref(rule->kif); in pf_ioctl_addrule()
2151 rule->kif = NULL; in pf_ioctl_addrule()
2153 if (rule->rcv_ifname[0]) { in pf_ioctl_addrule()
2154 rule->rcv_kif = pfi_kkif_attach(rcv_kif, rule->rcv_ifname); in pf_ioctl_addrule()
2156 pfi_kkif_ref(rule->rcv_kif); in pf_ioctl_addrule()
2158 rule->rcv_kif = NULL; in pf_ioctl_addrule()
2160 if (rule->rtableid > 0 && rule->rtableid >= rt_numfibs) in pf_ioctl_addrule()
2165 if (rule->qname[0] != 0) { in pf_ioctl_addrule()
2166 if ((rule->qid = pf_qname2qid(rule->qname)) == 0) in pf_ioctl_addrule()
2168 else if (rule->pqname[0] != 0) { in pf_ioctl_addrule()
2169 if ((rule->pqid = in pf_ioctl_addrule()
2170 pf_qname2qid(rule->pqname)) == 0) in pf_ioctl_addrule()
2173 rule->pqid = rule->qid; in pf_ioctl_addrule()
2176 if (rule->tagname[0]) in pf_ioctl_addrule()
2177 if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0) in pf_ioctl_addrule()
2179 if (rule->match_tagname[0]) in pf_ioctl_addrule()
2180 if ((rule->match_tag = in pf_ioctl_addrule()
2181 pf_tagname2tag(rule->match_tagname)) == 0) in pf_ioctl_addrule()
2183 if (rule->rt && !rule->direction) in pf_ioctl_addrule()
2185 if (!rule->log) in pf_ioctl_addrule()
2186 rule->logif = 0; in pf_ioctl_addrule()
2187 if (pf_addr_setup(ruleset, &rule->src.addr, rule->af)) in pf_ioctl_addrule()
2189 if (pf_addr_setup(ruleset, &rule->dst.addr, rule->af)) in pf_ioctl_addrule()
2191 if (pf_kanchor_setup(rule, ruleset, anchor_call)) in pf_ioctl_addrule()
2193 if (rule->scrub_flags & PFSTATE_SETPRIO && in pf_ioctl_addrule()
2194 (rule->set_prio[0] > PF_PRIO_MAX || in pf_ioctl_addrule()
2195 rule->set_prio[1] > PF_PRIO_MAX)) in pf_ioctl_addrule()
2207 rule->overload_tbl = NULL; in pf_ioctl_addrule()
2208 if (rule->overload_tblname[0]) { in pf_ioctl_addrule()
2209 if ((rule->overload_tbl = pfr_attach_table(ruleset, in pf_ioctl_addrule()
2210 rule->overload_tblname)) == NULL) in pf_ioctl_addrule()
2213 rule->overload_tbl->pfrkt_flags |= in pf_ioctl_addrule()
2217 pf_mv_kpool(&V_pf_pabuf[0], &rule->nat.list); in pf_ioctl_addrule()
2218 pf_mv_kpool(&V_pf_pabuf[1], &rule->rdr.list); in pf_ioctl_addrule()
2219 pf_mv_kpool(&V_pf_pabuf[2], &rule->route.list); in pf_ioctl_addrule()
2220 if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) || in pf_ioctl_addrule()
2221 (rule->action == PF_BINAT)) && rule->anchor == NULL) || in pf_ioctl_addrule()
2222 (rule->rt > PF_NOPFROUTE)) && in pf_ioctl_addrule()
2223 (TAILQ_FIRST(&rule->rdr.list) == NULL && in pf_ioctl_addrule()
2224 TAILQ_FIRST(&rule->route.list) == NULL)) in pf_ioctl_addrule()
2227 if (rule->action == PF_PASS && rule->rdr.opts & PF_POOL_STICKYADDR && in pf_ioctl_addrule()
2228 !rule->keep_state) { in pf_ioctl_addrule()
2233 pf_free_rule(rule); in pf_ioctl_addrule()
2234 rule = NULL; in pf_ioctl_addrule()
2238 rule->nat.cur = TAILQ_FIRST(&rule->nat.list); in pf_ioctl_addrule()
2239 rule->rdr.cur = TAILQ_FIRST(&rule->rdr.list); in pf_ioctl_addrule()
2240 rule->route.cur = TAILQ_FIRST(&rule->route.list); in pf_ioctl_addrule()
2242 rule, entries); in pf_ioctl_addrule()
2246 pf_hash_rule(rule); in pf_ioctl_addrule()
2247 if (RB_INSERT(pf_krule_global, ruleset->rules[rs_num].inactive.tree, rule) != NULL) { in pf_ioctl_addrule()
2249 TAILQ_REMOVE(ruleset->rules[rs_num].inactive.ptr, rule, entries); in pf_ioctl_addrule()
2251 pf_free_rule(rule); in pf_ioctl_addrule()
2252 rule = NULL; in pf_ioctl_addrule()
2266 pf_krule_free(rule); in pf_ioctl_addrule()
2271 pf_label_match(const struct pf_krule *rule, const char *label) in pf_label_match() argument
2275 while (*rule->label[i]) { in pf_label_match()
2276 if (strcmp(rule->label[i], label) == 0) in pf_label_match()
2365 ! pf_label_match(s->rule, psk->psk_label)) in pf_killstates_row()
3007 struct pf_keth_rule *rule = NULL; in pfioctl() local
3059 rule = TAILQ_FIRST(rs->active.rules); in pfioctl()
3060 while ((rule != NULL) && (rule->nr != nr)) in pfioctl()
3061 rule = TAILQ_NEXT(rule, entries); in pfioctl()
3062 if (rule == NULL) { in pfioctl()
3069 nvl = pf_keth_rule_to_nveth_rule(rule); in pfioctl()
3070 if (pf_keth_anchor_nvcopyout(rs, rule, nvl)) { in pfioctl()
3089 counter_u64_zero(rule->evaluations); in pfioctl()
3091 counter_u64_zero(rule->packets[i]); in pfioctl()
3092 counter_u64_zero(rule->bytes[i]); in pfioctl()
3107 struct pf_keth_rule *rule = NULL, *tail = NULL; in pfioctl() local
3147 rule = malloc(sizeof(*rule), M_PFRULE, M_WAITOK); in pfioctl()
3148 rule->timestamp = NULL; in pfioctl()
3150 error = pf_nveth_rule_to_keth_rule(nvl, rule); in pfioctl()
3154 if (rule->ifname[0]) in pfioctl()
3156 if (rule->bridge_to_name[0]) in pfioctl()
3158 rule->evaluations = counter_u64_alloc(M_WAITOK); in pfioctl()
3160 rule->packets[i] = counter_u64_alloc(M_WAITOK); in pfioctl()
3161 rule->bytes[i] = counter_u64_alloc(M_WAITOK); in pfioctl()
3163 rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, in pfioctl()
3168 if (rule->ifname[0]) { in pfioctl()
3169 rule->kif = pfi_kkif_attach(kif, rule->ifname); in pfioctl()
3170 pfi_kkif_ref(rule->kif); in pfioctl()
3172 rule->kif = NULL; in pfioctl()
3173 if (rule->bridge_to_name[0]) { in pfioctl()
3174 rule->bridge_to = pfi_kkif_attach(bridge_to_kif, in pfioctl()
3175 rule->bridge_to_name); in pfioctl()
3176 pfi_kkif_ref(rule->bridge_to); in pfioctl()
3178 rule->bridge_to = NULL; in pfioctl()
3182 if (rule->qname[0] != 0) { in pfioctl()
3183 if ((rule->qid = pf_qname2qid(rule->qname)) == 0) in pfioctl()
3186 rule->qid = rule->qid; in pfioctl()
3189 if (rule->tagname[0]) in pfioctl()
3190 if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0) in pfioctl()
3192 if (rule->match_tagname[0]) in pfioctl()
3193 if ((rule->match_tag = pf_tagname2tag( in pfioctl()
3194 rule->match_tagname)) == 0) in pfioctl()
3197 if (error == 0 && rule->ipdst.addr.type == PF_ADDR_TABLE) in pfioctl()
3198 error = pf_eth_addr_setup(ruleset, &rule->ipdst.addr); in pfioctl()
3199 if (error == 0 && rule->ipsrc.addr.type == PF_ADDR_TABLE) in pfioctl()
3200 error = pf_eth_addr_setup(ruleset, &rule->ipsrc.addr); in pfioctl()
3203 pf_free_eth_rule(rule); in pfioctl()
3208 if (pf_keth_anchor_setup(rule, ruleset, anchor_call)) { in pfioctl()
3209 pf_free_eth_rule(rule); in pfioctl()
3216 rule->nr = tail->nr + 1; in pfioctl()
3218 rule->nr = 0; in pfioctl()
3220 TAILQ_INSERT_TAIL(ruleset->inactive.rules, rule, entries); in pfioctl()
3407 struct pf_krule *rule = NULL; in pfioctl() local
3436 rule = pf_krule_alloc(); in pfioctl()
3438 rule); in pfioctl()
3451 error = pf_ioctl_addrule(rule, ticket, pool_ticket, anchor, in pfioctl()
3460 pf_krule_free(rule); in pfioctl()
3468 struct pf_krule *rule; in pfioctl() local
3470 rule = pf_krule_alloc(); in pfioctl()
3471 error = pf_rule_to_krule(&pr->rule, rule); in pfioctl()
3473 pf_krule_free(rule); in pfioctl()
3480 error = pf_ioctl_addrule(rule, pr->ticket, pr->pool_ticket, in pfioctl()
3501 struct pf_krule *rule; in pfioctl() local
3562 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr); in pfioctl()
3563 while ((rule != NULL) && (rule->nr != nr)) in pfioctl()
3564 rule = TAILQ_NEXT(rule, entries); in pfioctl()
3565 if (rule == NULL) { in pfioctl()
3570 nvrule = pf_krule_to_nvrule(rule); in pfioctl()
3582 if (pf_kanchor_nvcopyout(ruleset, rule, nvl)) { in pfioctl()
3604 pf_krule_clear_counters(rule); in pfioctl()
3635 if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) { in pfioctl()
3642 error = pf_rule_to_krule(&pcr->rule, newrule); in pfioctl()
3686 rs_num = pf_get_ruleset_number(pcr->rule.action); in pfioctl()
4197 struct pf_krule *rule; in pfioctl() local
4200 TAILQ_FOREACH(rule, in pfioctl()
4202 pf_counter_u64_zero(&rule->evaluations); in pfioctl()
4204 pf_counter_u64_zero(&rule->packets[i]); in pfioctl()
4205 pf_counter_u64_zero(&rule->bytes[i]); in pfioctl()
5694 if (st->rule == NULL) in pfsync_state_export()
5695 sp->pfs_1301.rule = htonl(-1); in pfsync_state_export()
5697 sp->pfs_1301.rule = htonl(st->rule->nr); in pfsync_state_export()
5759 if (st->rule == NULL) in pf_state_export()
5760 sp->rule = htonl(-1); in pf_state_export()
5762 sp->rule = htonl(st->rule->nr); in pf_state_export()