Lines Matching defs:rules
190 static MALLOC_DEFINE(M_PFRULE, "pf_rule", "pf(4) rules");
402 * defult. In FreeBSD we expect people to still use scrub rules and
449 ruleset->rules[rs_num].active.ticket)
452 rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
455 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
458 ruleset->rules[rs_num].inactive.ticket)
461 rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
464 rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr);
783 /* Purge old inactive rules. */
784 TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries,
786 TAILQ_REMOVE(rs->inactive.rules, rule,
830 /* Purge old inactive rules. */
831 TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries,
833 TAILQ_REMOVE(rs->inactive.rules, rule, entries);
853 pf_eth_calc_skip_steps(struct pf_keth_ruleq *rules)
858 cur = TAILQ_FIRST(rules);
890 struct pf_keth_ruleq *rules;
904 pf_eth_calc_skip_steps(rs->inactive.rules);
906 rules = rs->active.rules;
907 ck_pr_store_ptr(&rs->active.rules, rs->inactive.rules);
908 rs->inactive.rules = rules;
911 /* Clean up inactive rules (i.e. previously active rules), only when
1237 pf_rule_tree_free(rs->rules[rs_num].inactive.tree);
1238 rs->rules[rs_num].inactive.tree = tree;
1240 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
1241 pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule);
1242 rs->rules[rs_num].inactive.rcount--;
1244 *ticket = ++rs->rules[rs_num].inactive.ticket;
1245 rs->rules[rs_num].inactive.open = 1;
1260 if (rs == NULL || !rs->rules[rs_num].inactive.open ||
1261 rs->rules[rs_num].inactive.ticket != ticket)
1263 while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
1264 pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule);
1265 rs->rules[rs_num].inactive.rcount--;
1267 rs->rules[rs_num].inactive.open = 0;
1390 if (rs == NULL || !rs->rules[rs_num].inactive.open ||
1391 ticket != rs->rules[rs_num].inactive.ticket)
1401 /* Swap rules, keep the old. */
1402 old_rules = rs->rules[rs_num].active.ptr;
1403 old_rcount = rs->rules[rs_num].active.rcount;
1404 old_array = rs->rules[rs_num].active.ptr_array;
1405 old_tree = rs->rules[rs_num].active.tree;
1407 rs->rules[rs_num].active.ptr =
1408 rs->rules[rs_num].inactive.ptr;
1409 rs->rules[rs_num].active.ptr_array =
1410 rs->rules[rs_num].inactive.ptr_array;
1411 rs->rules[rs_num].active.tree =
1412 rs->rules[rs_num].inactive.tree;
1413 rs->rules[rs_num].active.rcount =
1414 rs->rules[rs_num].inactive.rcount;
1418 TAILQ_FOREACH(rule, rs->rules[rs_num].active.ptr,
1439 rs->rules[rs_num].inactive.ptr = old_rules;
1440 rs->rules[rs_num].inactive.ptr_array = old_array;
1441 rs->rules[rs_num].inactive.tree = NULL; /* important for pf_ioctl_addrule */
1442 rs->rules[rs_num].inactive.rcount = old_rcount;
1444 rs->rules[rs_num].active.ticket =
1445 rs->rules[rs_num].inactive.ticket;
1446 pf_calc_skip_steps(rs->rules[rs_num].active.ptr);
1453 if (rs->rules[rs_num].inactive.ptr_array)
1454 free(rs->rules[rs_num].inactive.ptr_array, M_TEMP);
1455 rs->rules[rs_num].inactive.ptr_array = NULL;
1456 rs->rules[rs_num].inactive.rcount = 0;
1457 rs->rules[rs_num].inactive.open = 0;
1478 if (rs->rules[rs_cnt].inactive.ptr_array)
1479 free(rs->rules[rs_cnt].inactive.ptr_array, M_TEMP);
1480 rs->rules[rs_cnt].inactive.ptr_array = NULL;
1482 if (rs->rules[rs_cnt].inactive.rcount) {
1483 rs->rules[rs_cnt].inactive.ptr_array =
1484 mallocarray(rs->rules[rs_cnt].inactive.rcount,
1488 if (!rs->rules[rs_cnt].inactive.ptr_array)
1492 TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr,
1495 (rs->rules[rs_cnt].inactive.ptr_array)[rule->nr] = rule;
2071 tail = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
2077 pr->ticket = ruleset->rules[rs_num].active.ticket;
2134 if (ticket != ruleset->rules[rs_num].inactive.ticket) {
2137 ruleset->rules[rs_num].inactive.ticket));
2153 if (ruleset->rules[rs_num].inactive.tree == NULL) {
2157 tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
2258 TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
2260 ruleset->rules[rs_num].inactive.rcount++;
2264 if (RB_INSERT(pf_krule_global, ruleset->rules[rs_num].inactive.tree, rule) != NULL) {
2266 TAILQ_REMOVE(ruleset->rules[rs_num].inactive.ptr, rule, entries);
2267 ruleset->rules[rs_num].inactive.rcount--;
2436 if (! TAILQ_EMPTY(V_pf_keth->active.rules))
2990 tail = TAILQ_LAST(rs->active.rules, pf_keth_ruleq);
3076 rule = TAILQ_FIRST(rs->active.rules);
3231 tail = TAILQ_LAST(ruleset->inactive.rules, pf_keth_ruleq);
3237 TAILQ_INSERT_TAIL(ruleset->inactive.rules, rule, entries);
3569 ruleset->rules[rs_num].active.ticket) {
3579 rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
3715 if (ruleset->rules[rs_num].active.tree == NULL) {
3716 ruleset->rules[rs_num].active.tree = pf_rule_tree_alloc(M_NOWAIT);
3717 if (ruleset->rules[rs_num].active.tree == NULL) {
3723 pcr->ticket = ++ruleset->rules[rs_num].active.ticket;
3726 ruleset->rules[rs_num].active.ticket)
3823 ruleset->rules[rs_num].active.ptr);
3826 ruleset->rules[rs_num].active.ptr, pf_krulequeue);
3829 ruleset->rules[rs_num].active.ptr);
3843 pf_unlink_rule(ruleset->rules[rs_num].active.ptr,
3846 ruleset->rules[rs_num].active.tree, oldrule);
3847 ruleset->rules[rs_num].active.rcount--;
3851 ruleset->rules[rs_num].active.tree, newrule) != NULL) {
3861 ruleset->rules[rs_num].active.ptr,
3868 ruleset->rules[rs_num].active.ptr,
3870 ruleset->rules[rs_num].active.rcount++;
3875 ruleset->rules[rs_num].active.ptr, entries)
3878 ruleset->rules[rs_num].active.ticket++;
3880 pf_calc_skip_steps(ruleset->rules[rs_num].active.ptr);
4217 ruleset->rules[PF_RULESET_FILTER].active.ptr, entries) {
5182 /* Ensure there's no more ethernet rules to clean up. */
5402 !rs->rules[ioe->rs_num].inactive.open ||
5403 rs->rules[ioe->rs_num].inactive.ticket !=
5459 /* Only hook into EtherNet taffic if we've got rules for it. */
5460 if (! TAILQ_EMPTY(V_pf_keth->active.rules))
6367 /* Unlink rules of all user defined anchors */
6371 * without rules. It leads to anchor.refcnt=0, and the
6391 /* Unlink rules of all user defined ether anchors */
6396 * without rules. It leads to anchor.refcnt=0, and the
6808 /* Make sure we've cleaned up ethernet rules before we continue. */