Lines Matching defs:rule
238 /* default rule should never be garbage collected */
332 pf_rule_free(struct pf_rule *rule)
334 if (rule == NULL)
337 pfi_kif_free(rule->kif);
338 pfi_kif_free(rule->rcv_kif);
339 pfi_kif_free(rule->rdr.kif);
340 pfi_kif_free(rule->nat.kif);
341 pfi_kif_free(rule->route.kif);
343 pool_put(&pf_rule_pl, rule);
347 pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)
350 if (rule->states_cur == 0 && rule->src_nodes == 0) {
353 * the rule to make sure the table code does not delete
356 pf_tbladdr_remove(&rule->src.addr);
357 pf_tbladdr_remove(&rule->dst.addr);
358 pf_tbladdr_remove(&rule->rdr.addr);
359 pf_tbladdr_remove(&rule->nat.addr);
360 pf_tbladdr_remove(&rule->route.addr);
361 if (rule->overload_tbl)
362 pfr_detach_table(rule->overload_tbl);
364 TAILQ_REMOVE(rulequeue, rule, entries);
365 rule->entries.tqe_prev = NULL;
366 rule->nr = (u_int32_t)-1;
369 if (rule->states_cur > 0 || rule->src_nodes > 0 ||
370 rule->entries.tqe_prev != NULL)
372 pf_tag_unref(rule->tag);
373 pf_tag_unref(rule->match_tag);
374 pf_rtlabel_remove(&rule->src.addr);
375 pf_rtlabel_remove(&rule->dst.addr);
376 pfi_dynaddr_remove(&rule->src.addr);
377 pfi_dynaddr_remove(&rule->dst.addr);
378 pfi_dynaddr_remove(&rule->rdr.addr);
379 pfi_dynaddr_remove(&rule->nat.addr);
380 pfi_dynaddr_remove(&rule->route.addr);
382 pf_tbladdr_remove(&rule->src.addr);
383 pf_tbladdr_remove(&rule->dst.addr);
384 pf_tbladdr_remove(&rule->rdr.addr);
385 pf_tbladdr_remove(&rule->nat.addr);
386 pf_tbladdr_remove(&rule->route.addr);
387 if (rule->overload_tbl)
388 pfr_detach_table(rule->overload_tbl);
390 pfi_kif_unref(rule->rcv_kif, PFI_KIF_REF_RULE);
391 pfi_kif_unref(rule->kif, PFI_KIF_REF_RULE);
392 pfi_kif_unref(rule->rdr.kif, PFI_KIF_REF_RULE);
393 pfi_kif_unref(rule->nat.kif, PFI_KIF_REF_RULE);
394 pfi_kif_unref(rule->route.kif, PFI_KIF_REF_RULE);
395 pf_remove_anchor(rule);
396 pool_put(&pf_rule_pl, rule);
556 struct pf_rule *rule;
560 while ((rule = TAILQ_FIRST(rs->rules.inactive.ptr)) != NULL) {
561 pf_rm_rule(rs->rules.inactive.ptr, rule);
573 struct pf_rule *rule;
579 while ((rule = TAILQ_FIRST(rs->rules.inactive.ptr)) != NULL) {
580 pf_rm_rule(rs->rules.inactive.ptr, rule);
816 pf_hash_rule(MD5_CTX *ctx, struct pf_rule *rule)
821 pf_hash_rule_addr(ctx, &rule->src);
822 pf_hash_rule_addr(ctx, &rule->dst);
823 PF_MD5_UPD_STR(rule, label);
824 PF_MD5_UPD_STR(rule, ifname);
825 PF_MD5_UPD_STR(rule, rcv_ifname);
826 PF_MD5_UPD_STR(rule, match_tagname);
827 PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
828 PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
829 PF_MD5_UPD_HTONL(rule, prob, y);
830 PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
831 PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
832 PF_MD5_UPD(rule, uid.op);
833 PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
834 PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
835 PF_MD5_UPD(rule, gid.op);
836 PF_MD5_UPD_HTONL(rule, rule_flag, y);
837 PF_MD5_UPD(rule, action);
838 PF_MD5_UPD(rule, direction);
839 PF_MD5_UPD(rule, af);
840 PF_MD5_UPD(rule, quick);
841 PF_MD5_UPD(rule, ifnot);
842 PF_MD5_UPD(rule, rcvifnot);
843 PF_MD5_UPD(rule, match_tag_not);
844 PF_MD5_UPD(rule, keep_state);
845 PF_MD5_UPD(rule, proto);
846 PF_MD5_UPD(rule, type);
847 PF_MD5_UPD(rule, code);
848 PF_MD5_UPD(rule, flags);
849 PF_MD5_UPD(rule, flagset);
850 PF_MD5_UPD(rule, allow_opts);
851 PF_MD5_UPD(rule, rt);
852 PF_MD5_UPD(rule, tos);
859 struct pf_rule *rule;
886 /* Purge the old rule list. */
887 while ((rule = TAILQ_FIRST(old_rules)) != NULL)
888 pf_rm_rule(old_rules, rule);
903 struct pf_rule *rule;
909 TAILQ_FOREACH(rule, rs->rules.inactive.ptr, entries) {
910 pf_hash_rule(&ctx, rule);
1362 struct pf_rule *rule, *tail;
1364 rule = pool_get(&pf_rule_pl, PR_WAITOK|PR_LIMITFAIL|PR_ZERO);
1365 if (rule == NULL) {
1370 if ((error = pf_rule_copyin(&pr->rule, rule))) {
1371 pf_rule_free(rule);
1372 rule = NULL;
1376 if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
1378 pf_rule_free(rule);
1379 rule = NULL;
1382 if ((error = pf_rule_checkaf(rule))) {
1383 pf_rule_free(rule);
1384 rule = NULL;
1387 if (rule->src.addr.type == PF_ADDR_NONE ||
1388 rule->dst.addr.type == PF_ADDR_NONE) {
1390 pf_rule_free(rule);
1391 rule = NULL;
1395 if (rule->rt && !rule->direction) {
1397 pf_rule_free(rule);
1398 rule = NULL;
1410 pf_rule_free(rule);
1417 pf_rule_free(rule);
1420 rule->cuid = p->p_ucred->cr_ruid;
1421 rule->cpid = p->p_p->ps_pid;
1426 rule->nr = tail->nr + 1;
1428 rule->nr = 0;
1430 rule->kif = pf_kif_setup(rule->kif);
1431 rule->rcv_kif = pf_kif_setup(rule->rcv_kif);
1432 rule->rdr.kif = pf_kif_setup(rule->rdr.kif);
1433 rule->nat.kif = pf_kif_setup(rule->nat.kif);
1434 rule->route.kif = pf_kif_setup(rule->route.kif);
1436 if (rule->overload_tblname[0]) {
1437 if ((rule->overload_tbl = pfr_attach_table(ruleset,
1438 rule->overload_tblname, PR_WAITOK)) == NULL)
1441 rule->overload_tbl->pfrkt_flags |= PFR_TFLAG_ACTIVE;
1444 if (pf_addr_setup(ruleset, &rule->src.addr, rule->af))
1446 if (pf_addr_setup(ruleset, &rule->dst.addr, rule->af))
1448 if (pf_addr_setup(ruleset, &rule->rdr.addr, rule->af))
1450 if (pf_addr_setup(ruleset, &rule->nat.addr, rule->af))
1452 if (pf_addr_setup(ruleset, &rule->route.addr, rule->af))
1454 if (pf_anchor_setup(rule, ruleset, pr->anchor_call))
1458 pf_rm_rule(NULL, rule);
1464 rule, entries);
1474 struct pf_rule *rule;
1488 rule = TAILQ_LAST(ruleset->rules.active.ptr, pf_rulequeue);
1489 if (rule)
1490 pr->nr = rule->nr + 1;
1495 rule = TAILQ_FIRST(ruleset->rules.active.ptr);
1504 pf_init_tgetrule(t, ruleset->anchor, ruleset_version, rule);
1513 struct pf_rule *rule;
1538 rule = t->pftgr_rule;
1539 if (rule == NULL) {
1545 memcpy(&pr->rule, rule, sizeof(struct pf_rule));
1546 memset(&pr->rule.entries, 0, sizeof(pr->rule.entries));
1547 pr->rule.kif = NULL;
1548 pr->rule.nat.kif = NULL;
1549 pr->rule.rdr.kif = NULL;
1550 pr->rule.route.kif = NULL;
1551 pr->rule.rcv_kif = NULL;
1552 pr->rule.anchor = NULL;
1553 pr->rule.overload_tbl = NULL;
1554 pr->rule.pktrate.limit /= PF_THRESHOLD_MULT;
1555 if (pf_anchor_copyout(ruleset, rule, pr)) {
1561 pf_addr_copyout(&pr->rule.src.addr);
1562 pf_addr_copyout(&pr->rule.dst.addr);
1563 pf_addr_copyout(&pr->rule.rdr.addr);
1564 pf_addr_copyout(&pr->rule.nat.addr);
1565 pf_addr_copyout(&pr->rule.route.addr);
1567 if (rule->skip[i].ptr == NULL)
1568 pr->rule.skip[i].nr = (u_int32_t)-1;
1570 pr->rule.skip[i].nr =
1571 rule->skip[i].ptr->nr;
1574 rule->evaluations = 0;
1575 rule->packets[0] = rule->packets[1] = 0;
1576 rule->bytes[0] = rule->bytes[1] = 0;
1577 rule->states_tot = 0;
1579 pr->nr = rule->nr;
1580 t->pftgr_rule = TAILQ_NEXT(rule, entries);
1621 if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
1626 error = pf_rule_copyin(&pcr->rule, newrule);
1891 (!psk->psk_label[0] || (st->rule.ptr->label[0] &&
1892 !strcmp(psk->psk_label, st->rule.ptr->label))) &&
2846 pstore->rule.ptr = NULL;
2848 pstore->rule.nr = n->rule.ptr->nr;