Lines Matching refs:rule
133 struct ip_rule *rule; in destroy_rules() local
135 while ((rule = TAILQ_FIRST(head)) != NULL) { in destroy_rules()
136 TAILQ_REMOVE(head, rule, r_entries); in destroy_rules()
137 free(rule, M_IPACL); in destroy_rules()
159 parse_rule_element(char *element, struct ip_rule *rule) in parse_rule_element() argument
171 rule->jid = strtol(tok, &p, 10); in parse_rule_element()
177 rule->allow = strtol(tok, &p, 10); in parse_rule_element()
184 strlcpy(rule->if_name, tok, strlen(tok) + 1); in parse_rule_element()
188 rule->af = (strcmp(tok, "AF_INET") == 0) ? AF_INET : in parse_rule_element()
190 if (rule->af == -1) in parse_rule_element()
195 if (inet_pton(rule->af, tok, rule->addr.addr32) != 1) in parse_rule_element()
205 rule->subnet_apply = false; in parse_rule_element()
207 rule->subnet_apply = true; in parse_rule_element()
208 switch (rule->af) { in parse_rule_element()
215 rule->mask.addr32[0] = htonl(0); in parse_rule_element()
217 rule->mask.addr32[0] = in parse_rule_element()
219 rule->addr.addr32[0] &= rule->mask.addr32[0]; in parse_rule_element()
228 rule->mask.addr8[i] = prefix >= 8 ? 0xFF : in parse_rule_element()
231 rule->addr.addr8[i] &= rule->mask.addr8[i]; in parse_rule_element()
320 struct ip_rule *rule; in rules_check() local
339 TAILQ_FOREACH_REVERSE(rule, &rule_head, rulehead, r_entries) { in rules_check()
341 if (cred->cr_prison->pr_id != rule->jid) in rules_check()
344 if (strcmp(rule->if_name, "\0") && in rules_check()
345 strcmp(rule->if_name, if_name(ifp))) in rules_check()
348 switch (rule->af) { in rules_check()
351 if (rule->subnet_apply) { in rules_check()
352 if (rule->addr.v4.s_addr != in rules_check()
353 (ip_addr->v4.s_addr & rule->mask.v4.s_addr)) in rules_check()
356 if (ip_addr->v4.s_addr != rule->addr.v4.s_addr) in rules_check()
362 if (rule->subnet_apply) { in rules_check()
365 if (rule->addr.v6.s6_addr[i] != in rules_check()
367 rule->mask.v6.s6_addr[i])) { in rules_check()
374 if (bcmp(&rule->addr, ip_addr, in rules_check()
381 if (rule->allow) in rules_check()