Lines Matching full:rule

111 struct rule {
117 	TAILQ_ENTRY(rule)	r_entries;
126  * Text format for the rule string is that a rule consists of a
133 static TAILQ_HEAD(rulehead, rule)	rule_head;
139 	struct rule *rule;
141 	while ((rule = TAILQ_FIRST(head)) != NULL) {
142 		TAILQ_REMOVE(head, rule, r_entries);
143 		free(rule, M_PORTACL);
171 parse_rule_element(char *element, struct rule **rule)
174 	struct rule *new;
230 		*rule = NULL;
232 		*rule = new;
239 	struct rule *new;
261  * Instead, the non-canonical user-generated rule string is returned to the
266 rule_printf(struct sbuf *sb, struct rule *rule)
270 	switch(rule->r_idtype) {
278 		panic("rule_printf: unknown idtype (%d)\n", rule->r_idtype);
281 	switch (rule->r_protocol) {
290 		    rule->r_protocol);
292 	sbuf_printf(sb, "%s:%jd:%s:%d", idtype, (intmax_t)rule->r_id,
293 	    protocol, rule->r_port);
299 	struct rule *rule;
307 	for (rule = TAILQ_FIRST(&rule_head); rule != NULL;
308 	    rule = TAILQ_NEXT(rule, r_entries)) {
313 		rule_printf(sb, rule);
379 	struct rule *rule;
392 	for (rule = TAILQ_FIRST(&rule_head);
393 	    rule != NULL;
394 	    rule = TAILQ_NEXT(rule, r_entries)) {
395 		if (type == SOCK_DGRAM && rule->r_protocol != RULE_PROTO_UDP)
397 		if (type == SOCK_STREAM && rule->r_protocol != RULE_PROTO_TCP)
399 		if (port != rule->r_port)
401 		if (rule->r_idtype == RULE_UID) {
402 			if (cred->cr_uid == rule->r_id) {
406 		} else if (rule->r_idtype == RULE_GID) {
407 			if (cred->cr_gid == rule->r_id) {
410 			} else if (groupmember(rule->r_id, cred)) {
415 			panic("rules_check: unknown rule type %d",
416 			    rule->r_idtype);
468 	 * flag exempts port 0 allocation from rule checking as long as a low