Lines Matching defs:rules
42 /* The size at which a table becomes faster than individual rules */
66 * A superblock is a block of adjacent rules of similar action. If there
67 * are five PASS rules in a row, they all become members of a superblock.
68 * Once we have a superblock, we are free to re-order any rules within it
86 BREAK, /* the field may not differ between rules in a superblock */
87 NOMERGE, /* the field may not differ between rules when combined */
88 COMBINED, /* the field may itself be combined with other rules */
119 * These fields must be the same between all rules in the same superblock.
120 * These rules are allowed to be re-ordered but only among like rules.
121 * For instance we can re-order all 'tag "foo"' rules because they have the
149 * These fields must not differ when we merge two rules together but
150 * their difference isn't enough to put the rules in different superblocks.
151 * There are no problems re-ordering any rules with these fields.
279 old_rules = rs->rules[PF_RULESET_FILTER].active.ptr;
280 rs->rules[PF_RULESET_FILTER].active.ptr =
281 rs->rules[PF_RULESET_FILTER].inactive.ptr;
282 rs->rules[PF_RULESET_FILTER].inactive.ptr = old_rules;
288 while ((r = TAILQ_FIRST(rs->rules[PF_RULESET_FILTER].inactive.ptr))
290 TAILQ_REMOVE(rs->rules[PF_RULESET_FILTER].inactive.ptr, r,
346 rs->rules[PF_RULESET_FILTER].active.ptr,
389 * 1) remove duplicate rules or rules that are a subset of other
390 * rules
391 * 2) combine otherwise identical rules with different IP addresses
393 * 3) re-order the rules to improve kernel skip steps
394 * 4) re-order the 'quick' rules based on feedback from the
397 * XXX combine_rules() doesn't combine v4 and v6 rules. would just
415 * out rules.
460 * Optimization pass #1: remove identical rules
501 * Optimization pass #2: combine similar rules with different addresses
515 /* First we make a pass to combine the rules. O(n log n) */
531 DEBUG("can combine rules nr%d = nr%d",
553 DEBUG("can combine rules nr%d = nr%d",
576 * insert the name into the rules.
652 * Optimization pass #3: re-order rules to improve skip steps
665 * of other rules with common fields
691 * all of the rules in the superblock and those fields which differ
698 DEBUG("(%d) original skipstep '%s' is all rules",
745 * Nothing useful left. Leave remaining rules in order.
755 * There is commonality. Extract those common rules
772 * rules. So we'll split them off into they're own
785 DEBUG("(%d) splitting off %d rules from superblock @ #%d",
825 * Optimization pass #4: re-order 'quick' rules based on feedback from the
837 * Walk through all of the profiled superblock's rules and copy
838 * the counters onto our rules.
858 * Now we pull all of the rules off the superblock and re-insert them
870 /* XXX I should sort all of the unused rules based on skip steps */
901 struct pfctl_rules_info rules;
908 if (pfctl_get_rules_info_h(pf->h, &rules, PF_PASS, "")) {
912 mnr = rules.nr;
914 DEBUG("Loading %d active rules for a feedback profile", mnr);
922 if (pfctl_get_rule_h(pf->h, nr, rules.ticket, "", PF_PASS,
1065 /* Compare two rules AF field for skiplist construction */
1074 /* Compare two rules DIRECTION field for skiplist construction */
1083 /* Compare two rules DST Address field for skiplist construction */
1123 /* Compare two rules DST port field for skiplist construction */
1139 /* Compare two rules IFP field for skiplist construction */
1148 /* Compare two rules PROTO field for skiplist construction */
1155 /* Compare two rules SRC addr field for skiplist construction */
1195 /* Compare two rules SRC port field for skiplist construction */
1408 * Are we allowed to combine these two rules
1446 * rules:
1563 * Remove superset information from two rules so we can directly compare them