Lines Matching defs:rule
288 /* default rule should never be garbage collected */
481 struct pf_rule *rule;
495 rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
498 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
504 rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
507 rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr);
510 while ((rule != NULL) && (rule->nr != rule_number))
511 rule = TAILQ_NEXT(rule, entries);
513 if (rule == NULL)
516 return (&rule->rpool);
545 pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)
548 if (rule->states <= 0) {
551 * the rule to make sure the table code does not delete
554 pf_tbladdr_remove(&rule->src.addr);
555 pf_tbladdr_remove(&rule->dst.addr);
556 if (rule->overload_tbl)
557 pfr_detach_table(rule->overload_tbl);
559 TAILQ_REMOVE(rulequeue, rule, entries);
560 rule->entries.tqe_prev = NULL;
561 rule->nr = -1;
564 if (rule->states > 0 || rule->src_nodes > 0 ||
565 rule->entries.tqe_prev != NULL)
567 pf_tag_unref(rule->tag);
568 pf_tag_unref(rule->match_tag);
570 if (rule->pqid != rule->qid)
571 pf_qid_unref(rule->pqid);
572 pf_qid_unref(rule->qid);
574 pf_rtlabel_remove(&rule->src.addr);
575 pf_rtlabel_remove(&rule->dst.addr);
576 pfi_dynaddr_remove(&rule->src.addr);
577 pfi_dynaddr_remove(&rule->dst.addr);
579 pf_tbladdr_remove(&rule->src.addr);
580 pf_tbladdr_remove(&rule
581 if (rule->overload_tbl)
582 pfr_detach_table(rule->overload_tbl);
584 pfi_kif_unref(rule->kif, PFI_KIF_REF_RULE);
585 pf_anchor_remove(rule);
586 pf_empty_pool(&rule->rpool.list);
587 pool_put(&pf_rule_pl, rule);
912 struct pf_rule *rule;
919 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
920 pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);
932 struct pf_rule *rule;
940 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
941 pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);
993 pf_hash_rule(MD5_CTX *ctx, struct pf_rule *rule)
998 pf_hash_rule_addr(ctx, &rule->src);
999 pf_hash_rule_addr(ctx, &rule->dst);
1000 PF_MD5_UPD_STR(rule, label);
1001 PF_MD5_UPD_STR(rule, ifname);
1002 PF_MD5_UPD_STR(rule, match_tagname);
1003 PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
1004 PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
1005 PF_MD5_UPD_HTONL(rule, prob, y);
1006 PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
1007 PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
1008 PF_MD5_UPD(rule, uid.op);
1009 PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
1010 PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
1011 PF_MD5_UPD(rule, gid.op);
1012 PF_MD5_UPD_HTONL(rule, rule_flag, y);
1013 PF_MD5_UPD(rule, action);
1014 PF_MD5_UPD(rule, direction);
1015 PF_MD5_UPD(rule, af);
1016 PF_MD5_UPD(rule, quick);
1017 PF_MD5_UPD(rule, ifnot);
1018 PF_MD5_UPD(rule, match_tag_not);
1019 PF_MD5_UPD(rule, natpass);
1020 PF_MD5_UPD(rule, keep_state);
1021 PF_MD5_UPD(rule, proto);
1022 PF_MD5_UPD(rule, type);
1023 PF_MD5_UPD(rule, code);
1024 PF_MD5_UPD(rule, flags);
1025 PF_MD5_UPD(rule, flagset);
1026 PF_MD5_UPD(rule, allow_opts);
1027 PF_MD5_UPD(rule, rt);
1028 PF_MD5_UPD(rule, tos);
1035 struct pf_rule *rule, **old_array;
1075 /* Purge the old rule list. */
1076 while ((rule = TAILQ_FIRST(old_rules)) != NULL)
1077 pf_rm_rule(old_rules, rule);
1113 sp->rule = s->rule.ptr->nr;
1160 s->rule.ptr = &pf_default_rule;
1161 s->rule.ptr->states++;
1216 struct pf_rule *rule;
1240 TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr,
1242 pf_hash_rule(&ctx, rule);
1243 (rs->rules[rs_cnt].inactive.ptr_array)[rule->nr] = rule;
1410 struct pf_rule *rule, *tail;
1419 rs_num = pf_get_ruleset_number(pr->rule.action);
1424 if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
1436 rule = pool_get(&pf_rule_pl, PR_NOWAIT);
1437 if (rule == NULL) {
1441 bcopy(&pr->rule, rule, sizeof(struct pf_rule));
1443 rule->cuid = kauth_cred_getuid(l->l_cred);
1444 rule->cpid = l->l_proc->p_pid;
1446 rule->cuid = p->p_cred->p_ruid;
1447 rule->cpid = p->p_pid;
1449 rule->anchor = NULL;
1450 rule->kif = NULL;
1451 TAILQ_INIT(&rule->rpool.list);
1453 rule->states = 0;
1454 rule->src_nodes = 0;
1455 rule->entries.tqe_prev = NULL;
1457 if (rule->af == AF_INET) {
1458 pool_put(&pf_rule_pl, rule);
1464 if (rule->af == AF_INET6) {
1465 pool_put(&pf_rule_pl, rule);
1473 rule->nr = tail->nr + 1;
1475 rule->nr = 0;
1476 if (rule->ifname[0]) {
1477 rule->kif = pfi_kif_get(rule->ifname);
1478 if (rule->kif == NULL) {
1479 pool_put(&pf_rule_pl, rule);
1483 pfi_kif_ref(rule->kif, PFI_KIF_REF_RULE);
1487 if (rule->rtableid > 0 && !rtable_exists(rule->rtableid))
1493 if (rule->qname[0] != 0) {
1494 if ((rule->qid = pf_qname2qid(rule->qname)) == 0)
1496 else if (rule->pqname[0] != 0) {
1497 if ((rule->pqid =
1498 pf_qname2qid(rule->pqname)) == 0)
1501 rule->pqid = rule->qid;
1504 if (rule->tagname[0])
1505 if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0)
1507 if (rule->match_tagname[0])
1508 if ((rule->match_tag =
1509 pf_tagname2tag(rule->match_tagname)) == 0)
1511 if (rule->rt && !rule->direction)
1514 if (!rule->log)
1515 rule->logif = 0;
1516 if (rule->logif >= PFLOGIFS_MAX)
1519 if (pf_rtlabel_add(&rule->src.addr) ||
1520 pf_rtlabel_add(&rule->dst.addr))
1522 if (pfi_dynaddr_setup(&rule->src.addr, rule->af))
1524 if (pfi_dynaddr_setup(&rule->dst.addr, rule->af))
1526 if (pf_tbladdr_setup(ruleset, &rule->src.addr))
1528 if (pf_tbladdr_setup(ruleset, &rule->dst.addr))
1530 if (pf_anchor_setup(rule, ruleset, pr->anchor_call))
1536 rule->overload_tbl = NULL;
1537 if (rule->overload_tblname[0]) {
1538 if ((rule->overload_tbl = pfr_attach_table(ruleset,
1539 rule->overload_tblname)) == NULL)
1542 rule->overload_tbl->pfrkt_flags |=
1546 pf_mv_pool(&pf_pabuf, &rule->rpool.list);
1547 if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) ||
1548 (rule->action == PF_BINAT)) && rule->anchor == NULL) ||
1549 (rule->rt > PF_FASTROUTE)) &&
1550 (TAILQ_FIRST(&rule->rpool.list) == NULL))
1554 pf_rm_rule(NULL, rule);
1557 rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);
1558 rule->evaluations = rule->packets[0] = rule->packets[1] =
1559 rule->bytes[0] = rule->bytes[1] = 0;
1561 rule, entries);
1578 rs_num = pf_get_ruleset_number(pr->rule.action);
1596 struct pf_rule *rule;
1605 rs_num = pf_get_ruleset_number(pr->rule.action);
1614 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
1615 while ((rule != NULL) && (rule->nr != pr->nr))
1616 rule = TAILQ_NEXT(rule, entries);
1617 if (rule == NULL) {
1621 bcopy(rule, &pr->rule, sizeof(struct pf_rule));
1622 if (pf_anchor_copyout(ruleset, rule, pr)) {
1626 pfi_dynaddr_copyout(&pr->rule.src.addr);
1627 pfi_dynaddr_copyout(&pr->rule.dst.addr);
1628 pf_tbladdr_copyout(&pr->rule.src.addr);
1629 pf_tbladdr_copyout(&pr->rule.dst.addr);
1630 pf_rtlabel_copyout(&pr->rule.src.addr);
1631 pf_rtlabel_copyout(&pr->rule.dst.addr);
1633 if (rule->skip[i].ptr == NULL)
1634 pr->rule.skip[i].nr = -1;
1636 pr->rule.skip[i].nr =
1637 rule->skip[i].ptr->nr;
1640 rule->evaluations = 0;
1641 rule->packets[0] = rule->packets[1] = 0;
1642 rule->bytes[0] = rule->bytes[1] = 0;
1671 rs_num = pf_get_ruleset_number(pcr->rule.action);
1686 if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
1698 bcopy(&pcr->rule, newrule, sizeof(struct pf_rule));
2215 struct pf_rule *rule;
2217 TAILQ_FOREACH(rule,
2219 rule->evaluations = 0;
2220 rule->packets[0] = rule->packets[1] = 0;
2221 rule->bytes[0] = rule->bytes[1] = 0;
3126 if (n->rule.ptr != NULL)
3127 pstore->rule.nr = n->rule.ptr->nr;
Indexes created Tue Sep 30 17:09:57 GMT 2025