Lines Matching defs:rule
90 /* NAT policy (optional), rule procedure and subset. */
96 * Dynamic group: rule subset and a group list entry.
104 * Dynamic rule: priority, parent group and next rule.
113 /* Rule ID, name and the optional key. */
188 * npf_ruleset_insert: insert the rule into the specified ruleset.
201 KASSERTMSG(rl->r_parent == NULL, "cannot be dynamic rule");
228 * npf_ruleset_add: insert dynamic rule into the (active) ruleset.
244 /* Dynamic rule - assign a unique ID and save the parent. */
249 * Rule priority: (highest) 1, 2 ... n (lowest).
258 * rule is set, then our rule becomes globally visible and active.
304 * npf_ruleset_remove: remove the dynamic rule given the rule ID.
330 * npf_ruleset_remkey: remove the dynamic rule given the rule key.
377 nvlist_t *rule;
382 if ((rule = npf_rule_export(npf, rl)) == NULL) {
385 nvlist_append_nvlist_array(rlset_nvl, "rules", rule);
386 nvlist_destroy(rule);
449 nvlist_t *rule;
451 rule = npf_rule_export(npf, rl);
452 if (!rule) {
456 if (natp && (error = npf_natpolicy_export(natp, rule)) != 0) {
457 nvlist_destroy(rule);
460 nvlist_append_nvlist_array(npf_nv, key, rule);
461 nvlist_destroy(rule);
504 * We can safely migrate to the new all-rule list and
505 * reset the parent rule, though.
534 /* Does the rule have a NAT policy associated? */
559 * Finally, mark the active rule to not destroy its NAT
560 * policy later as we inherited it (but the rule must be
606 * npf_rule_alloc: allocate a rule and initialise it.
609 npf_rule_alloc(npf_t *npf, const nvlist_t *rule)
616 /* Allocate a rule structure and keep the information. */
618 info = dnvlist_get_binary(rule, "info", &rl->r_info_len, NULL, 0);
626 if ((rname = dnvlist_get_string(rule, "name", NULL)) != NULL) {
633 rl->r_attr = dnvlist_get_number(rule, "attr", 0);
637 /* Priority of the dynamic rule. */
638 rl->r_priority = (int)dnvlist_get_number(rule, "prio", 0);
641 rl->r_skip_to = dnvlist_get_number(rule, "skip-to", 0);
645 if ((rname = dnvlist_get_string(rule, "ifname", NULL)) != NULL) {
655 if ((key = dnvlist_get_binary(rule, "key", &len, NULL, 0)) != NULL) {
678 nvlist_t *rule = nvlist_create(0);
682 nvlist_add_number(rule, "attr", rl->r_attr);
683 nvlist_add_number(rule, "prio", rl->r_priority);
687 nvlist_add_number(rule, "skip-to", skip_to);
688 nvlist_add_number(rule, "code-type", rl->r_type);
690 nvlist_add_binary(rule, "code", rl->r_code, rl->r_clen);
695 nvlist_add_string(rule, "ifname", ifname);
697 nvlist_add_number(rule, "id", rl->r_id);
700 nvlist_add_string(rule, "name", rl->r_name);
703 nvlist_add_binary(rule, "key", rl->r_key, NPF_RULE_MAXKEYLEN);
706 nvlist_add_binary(rule, "info", rl->r_info, rl->r_info_len);
709 npf_rid_export(rule, rl->uid, "r_user");
712 npf_rid_export(rule, rl->gid, "r_group");
716 nvlist_add_string(rule, "rproc", rname);
719 return rule;
723 * npf_rule_setcode: assign filter code to the rule.
758 * npf_rule_setrproc: assign a rule procedure and hold a reference on it.
768 * npf_rule_free: free the specified rule.
781 /* Release rule procedure. */
799 * npf_rule_getid: return the unique ID of a rule.
800 * npf_rule_getrproc: acquire a reference and return rule procedure, if any.
801 * npf_rule_getnat: get NAT policy assigned to the rule.
829 * npf_rule_setnat: assign NAT policy to the rule and insert into the
841 * Returns true if rule matches and false otherwise.
868 * npf_rule_reinspect: re-inspect the dynamic rule by iterating its list.
896 * Loop through the rules in the set and run the byte-code of each rule
941 /* Main inspection of the rule. */
949 * If this is a dynamic rule, re-inspect the subrules.
950 * If it has any matching rule, then it is final.
964 /* Set the matching rule and check for "final". */
1042 /* if both uid and gid are set on rule, both must be matching to agree */
Indexes created Tue Sep 30 07:10:03 GMT 2025