crypto/krb5/src/lib/krb5/os/localauth_rule.c
145
char *newstr, *rule = NULL, *repl = NULL, *current = NULL;
crypto/krb5/src/lib/krb5/os/localauth_rule.c
169
free(rule);
crypto/krb5/src/lib/krb5/os/localauth_rule.c
170
rule = k5memdup0(cp + 2, ep - (cp + 2), &ret);
crypto/krb5/src/lib/krb5/os/localauth_rule.c
171
if (rule == NULL)
crypto/krb5/src/lib/krb5/os/localauth_rule.c
184
ret = do_replacement(rule, repl, doglobal, current, &newstr);
crypto/krb5/src/lib/krb5/os/localauth_rule.c
196
free(rule);
crypto/krb5/src/lib/krb5/os/localauth_rule.c
273
const char *rule, krb5_const_principal aname, char **lname_out)
crypto/krb5/src/lib/krb5/os/localauth_rule.c
280
if (rule == NULL)
crypto/krb5/src/lib/krb5/os/localauth_rule.c
284
current = rule;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
254
const char **rule,
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
271
if (strncmp(*rule, kw->value, kw->length) == 0) {
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
274
*rule += kw->length;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
281
__FUNCTION__, *rule);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
303
nk = strchr(*rule, '<');
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
320
len = (nk - *rule);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
336
memcpy(value, *rule, len);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
338
*rule += len;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
379
const char *rule;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
388
rule = rule_in;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
389
remaining = strlen(rule);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
399
if (rule[0] == '&' && rule[1] == '&') {
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
401
rule += 2;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
405
rule +=2;
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
416
ret = parse_rule_component(context, &rule, &remaining, &rc);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_matching.c
422
__FUNCTION__, remaining, rule);
crypto/krb5/src/plugins/preauth/pkinit/pkinit_trace.h
148
#define TRACE_PKINIT_CERT_RULE(c, rule) \
crypto/krb5/src/plugins/preauth/pkinit/pkinit_trace.h
149
TRACE(c, "PKINIT client matching rule '{str}' against certificates", rule)
crypto/krb5/src/plugins/preauth/pkinit/pkinit_trace.h
150
#define TRACE_PKINIT_CERT_RULE_INVALID(c, rule) \
crypto/krb5/src/plugins/preauth/pkinit/pkinit_trace.h
151
TRACE(c, "PKINIT client ignoring invalid rule '{str}'", rule)
crypto/openssh/ssh.c
391
struct allowed_cname *rule;
crypto/openssh/ssh.c
407
rule = options.permitted_cnames + i;
crypto/openssh/ssh.c
408
if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
crypto/openssh/ssh.c
409
match_pattern_list(cname, rule->target_list, 1) != 1)
crypto/openssl/ssl/ssl_ciph.c
1027
if (rule == CIPHER_SPECIAL) {
crypto/openssl/ssl/ssl_ciph.c
1172
if (rule == CIPHER_SPECIAL) { /* special command */
crypto/openssl/ssl/ssl_ciph.c
1200
min_tls, algo_strength, rule, -1, head_p,
crypto/openssl/ssl/ssl_ciph.c
768
uint32_t algo_strength, int rule,
crypto/openssl/ssl/ssl_ciph.c
780
rule, (unsigned int)alg_mkey, (unsigned int)alg_auth,
crypto/openssl/ssl/ssl_ciph.c
785
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
crypto/openssl/ssl/ssl_ciph.c
855
BIO_printf(trc_out, "Action = %d\n", rule);
crypto/openssl/ssl/ssl_ciph.c
858
if (rule == CIPHER_ADD) {
crypto/openssl/ssl/ssl_ciph.c
866
else if (rule == CIPHER_ORD) {
crypto/openssl/ssl/ssl_ciph.c
871
} else if (rule == CIPHER_DEL) {
crypto/openssl/ssl/ssl_ciph.c
882
} else if (rule == CIPHER_BUMP) {
crypto/openssl/ssl/ssl_ciph.c
885
} else if (rule == CIPHER_KILL) {
crypto/openssl/ssl/ssl_ciph.c
963
int j, multi, found, rule, retval, ok, buflen;
crypto/openssl/ssl/ssl_ciph.c
975
rule = CIPHER_DEL;
crypto/openssl/ssl/ssl_ciph.c
978
rule = CIPHER_ORD;
crypto/openssl/ssl/ssl_ciph.c
981
rule = CIPHER_KILL;
crypto/openssl/ssl/ssl_ciph.c
984
rule = CIPHER_SPECIAL;
crypto/openssl/ssl/ssl_ciph.c
987
rule = CIPHER_ADD;
lib/libipsec/policy_parse.y
135
| rules rule {
lib/libipsec/policy_parse.y
146
rule
lib/libpfctl/libpfctl.c
1005
pfctl_nveth_rule_to_eth_rule(nvl, rule);
lib/libpfctl/libpfctl.c
1449
uint32_t ruleset, struct pfctl_rule *rule, char *anchor_call)
lib/libpfctl/libpfctl.c
1451
return (pfctl_get_clear_rule_h(h, nr, ticket, anchor, ruleset, rule,
lib/libpfctl/libpfctl.c
1457
uint32_t ruleset, struct pfctl_rule *rule, char *anchor_call)
lib/libpfctl/libpfctl.c
1459
return (pfctl_get_clear_rule(dev, nr, ticket, anchor, ruleset, rule,
lib/libpfctl/libpfctl.c
1725
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libpfctl/libpfctl.c
1762
memcpy(rule, &attrs.r, sizeof(attrs.r));
lib/libpfctl/libpfctl.c
1770
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libpfctl/libpfctl.c
1791
pf_nvrule_to_rule(nvlist_get_nvlist(nvl, "rule"), rule);
lib/libpfctl/libpfctl.c
1944
{ .type = PF_ST_RULE, .off = _OUT(rule), .cb = snl_attr_get_uint32 },
lib/libpfctl/libpfctl.c
3398
{ .type = PF_SN_RULE_NR, .off = _OUT(rule), .cb = snl_attr_get_uint32 },
lib/libpfctl/libpfctl.c
703
pf_nvdivert_to_divert(const nvlist_t *nvl, struct pfctl_rule *rule)
lib/libpfctl/libpfctl.c
705
pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "addr"), &rule->divert.addr);
lib/libpfctl/libpfctl.c
706
rule->divert.port = nvlist_get_number(nvl, "port");
lib/libpfctl/libpfctl.c
710
pf_nvrule_to_rule(const nvlist_t *nvl, struct pfctl_rule *rule)
lib/libpfctl/libpfctl.c
716
rule->nr = nvlist_get_number(nvl, "nr");
lib/libpfctl/libpfctl.c
718
pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "src"), &rule->src);
lib/libpfctl/libpfctl.c
719
pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "dst"), &rule->dst);
lib/libpfctl/libpfctl.c
725
rule->skip[i].nr = skip[i];
lib/libpfctl/libpfctl.c
730
strlcpy(rule->label[i], labels[i], PF_RULE_LABEL_SIZE);
lib/libpfctl/libpfctl.c
731
rule->ridentifier = nvlist_get_number(nvl, "ridentifier");
lib/libpfctl/libpfctl.c
732
strlcpy(rule->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ);
lib/libpfctl/libpfctl.c
733
strlcpy(rule->qname, nvlist_get_string(nvl, "qname"), PF_QNAME_SIZE);
lib/libpfctl/libpfctl.c
734
strlcpy(rule->pqname, nvlist_get_string(nvl, "pqname"), PF_QNAME_SIZE);
lib/libpfctl/libpfctl.c
735
strlcpy(rule->tagname, nvlist_get_string(nvl, "tagname"),
lib/libpfctl/libpfctl.c
737
strlcpy(rule->match_tagname, nvlist_get_string(nvl, "match_tagname"),
lib/libpfctl/libpfctl.c
740
strlcpy(rule->overload_tblname, nvlist_get_string(nvl, "overload_tblname"),
lib/libpfctl/libpfctl.c
743
pf_nvpool_to_pool(nvlist_get_nvlist(nvl, "rpool"), &rule->rdr);
lib/libpfctl/libpfctl.c
745
rule->evaluations = nvlist_get_number(nvl, "evaluations");
lib/libpfctl/libpfctl.c
746
pf_nvuint_64_array(nvl, "packets", 2, rule->packets, NULL);
lib/libpfctl/libpfctl.c
747
pf_nvuint_64_array(nvl, "bytes", 2, rule->bytes, NULL);
lib/libpfctl/libpfctl.c
750
rule->last_active_timestamp = nvlist_get_number(nvl, "timestamp");
lib/libpfctl/libpfctl.c
753
rule->os_fingerprint = nvlist_get_number(nvl, "os_fingerprint");
lib/libpfctl/libpfctl.c
755
rule->rtableid = nvlist_get_number(nvl, "rtableid");
lib/libpfctl/libpfctl.c
756
pf_nvuint_32_array(nvl, "timeout", PFTM_MAX, rule->timeout, NULL);
lib/libpfctl/libpfctl.c
757
rule->max_states = nvlist_get_number(nvl, "max_states");
lib/libpfctl/libpfctl.c
758
rule->max_src_nodes = nvlist_get_number(nvl, "max_src_nodes");
lib/libpfctl/libpfctl.c
759
rule->max_src_states = nvlist_get_number(nvl, "max_src_states");
lib/libpfctl/libpfctl.c
760
rule->max_src_conn = nvlist_get_number(nvl, "max_src_conn");
lib/libpfctl/libpfctl.c
761
rule->max_src_conn_rate.limit =
lib/libpfctl/libpfctl.c
763
rule->max_src_conn_rate.seconds =
lib/libpfctl/libpfctl.c
765
rule->qid = nvlist_get_number(nvl, "qid");
lib/libpfctl/libpfctl.c
766
rule->pqid = nvlist_get_number(nvl, "pqid");
lib/libpfctl/libpfctl.c
767
rule->dnpipe = nvlist_get_number(nvl, "dnpipe");
lib/libpfctl/libpfctl.c
768
rule->dnrpipe = nvlist_get_number(nvl, "dnrpipe");
lib/libpfctl/libpfctl.c
769
rule->free_flags = nvlist_get_number(nvl, "dnflags");
lib/libpfctl/libpfctl.c
770
rule->prob = nvlist_get_number(nvl, "prob");
lib/libpfctl/libpfctl.c
771
rule->cuid = nvlist_get_number(nvl, "cuid");
lib/libpfctl/libpfctl.c
772
rule->cpid = nvlist_get_number(nvl, "cpid");
lib/libpfctl/libpfctl.c
774
rule->return_icmp = nvlist_get_number(nvl, "return_icmp");
lib/libpfctl/libpfctl.c
775
rule->return_icmp6 = nvlist_get_number(nvl, "return_icmp6");
lib/libpfctl/libpfctl.c
776
rule->max_mss = nvlist_get_number(nvl, "max_mss");
lib/libpfctl/libpfctl.c
777
rule->scrub_flags = nvlist_get_number(nvl, "scrub_flags");
lib/libpfctl/libpfctl.c
779
pf_nvrule_uid_to_rule_uid(nvlist_get_nvlist(nvl, "uid"), &rule->uid);
lib/libpfctl/libpfctl.c
781
(struct pf_rule_uid *)&rule->gid);
lib/libpfctl/libpfctl.c
783
rule->rule_flag = nvlist_get_number(nvl, "rule_flag");
lib/libpfctl/libpfctl.c
784
rule->action = nvlist_get_number(nvl, "action");
lib/libpfctl/libpfctl.c
785
rule->direction = nvlist_get_number(nvl, "direction");
lib/libpfctl/libpfctl.c
786
rule->log = nvlist_get_number(nvl, "log");
lib/libpfctl/libpfctl.c
787
rule->logif = nvlist_get_number(nvl, "logif");
lib/libpfctl/libpfctl.c
788
rule->quick = nvlist_get_number(nvl, "quick");
lib/libpfctl/libpfctl.c
789
rule->ifnot = nvlist_get_number(nvl, "ifnot");
lib/libpfctl/libpfctl.c
790
rule->match_tag_not = nvlist_get_number(nvl, "match_tag_not");
lib/libpfctl/libpfctl.c
791
rule->natpass = nvlist_get_number(nvl, "natpass");
lib/libpfctl/libpfctl.c
793
rule->keep_state = nvlist_get_number(nvl, "keep_state");
lib/libpfctl/libpfctl.c
794
rule->af = nvlist_get_number(nvl, "af");
lib/libpfctl/libpfctl.c
795
rule->proto = nvlist_get_number(nvl, "proto");
lib/libpfctl/libpfctl.c
796
rule->type = nvlist_get_number(nvl, "type");
lib/libpfctl/libpfctl.c
797
rule->code = nvlist_get_number(nvl, "code");
lib/libpfctl/libpfctl.c
798
rule->flags = nvlist_get_number(nvl, "flags");
lib/libpfctl/libpfctl.c
799
rule->flagset = nvlist_get_number(nvl, "flagset");
lib/libpfctl/libpfctl.c
800
rule->min_ttl = nvlist_get_number(nvl, "min_ttl");
lib/libpfctl/libpfctl.c
801
rule->allow_opts = nvlist_get_number(nvl, "allow_opts");
lib/libpfctl/libpfctl.c
802
rule->rt = nvlist_get_number(nvl, "rt");
lib/libpfctl/libpfctl.c
803
rule->return_ttl = nvlist_get_number(nvl, "return_ttl");
lib/libpfctl/libpfctl.c
804
rule->tos = nvlist_get_number(nvl, "tos");
lib/libpfctl/libpfctl.c
805
rule->set_tos = nvlist_get_number(nvl, "set_tos");
lib/libpfctl/libpfctl.c
806
rule->anchor_relative = nvlist_get_number(nvl, "anchor_relative");
lib/libpfctl/libpfctl.c
807
rule->anchor_wildcard = nvlist_get_number(nvl, "anchor_wildcard");
lib/libpfctl/libpfctl.c
809
rule->flush = nvlist_get_number(nvl, "flush");
lib/libpfctl/libpfctl.c
810
rule->prio = nvlist_get_number(nvl, "prio");
lib/libpfctl/libpfctl.c
811
pf_nvuint_8_array(nvl, "set_prio", 2, rule->set_prio, NULL);
lib/libpfctl/libpfctl.c
813
pf_nvdivert_to_divert(nvlist_get_nvlist(nvl, "divert"), rule);
lib/libpfctl/libpfctl.c
815
rule->states_cur = nvlist_get_number(nvl, "states_cur");
lib/libpfctl/libpfctl.c
816
rule->states_tot = nvlist_get_number(nvl, "states_tot");
lib/libpfctl/libpfctl.c
817
rule->src_nodes = nvlist_get_number(nvl, "src_nodes");
lib/libpfctl/libpfctl.c
858
pfctl_nveth_rule_to_eth_rule(const nvlist_t *nvl, struct pfctl_eth_rule *rule)
lib/libpfctl/libpfctl.c
863
rule->nr = nvlist_get_number(nvl, "nr");
lib/libpfctl/libpfctl.c
864
rule->quick = nvlist_get_bool(nvl, "quick");
lib/libpfctl/libpfctl.c
865
strlcpy(rule->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ);
lib/libpfctl/libpfctl.c
866
rule->ifnot = nvlist_get_bool(nvl, "ifnot");
lib/libpfctl/libpfctl.c
867
rule->direction = nvlist_get_number(nvl, "direction");
lib/libpfctl/libpfctl.c
868
rule->proto = nvlist_get_number(nvl, "proto");
lib/libpfctl/libpfctl.c
869
strlcpy(rule->match_tagname, nvlist_get_string(nvl, "match_tagname"),
lib/libpfctl/libpfctl.c
871
rule->match_tag = nvlist_get_number(nvl, "match_tag");
lib/libpfctl/libpfctl.c
872
rule->match_tag_not = nvlist_get_bool(nvl, "match_tag_not");
lib/libpfctl/libpfctl.c
877
strlcpy(rule->label[i], labels[i], PF_RULE_LABEL_SIZE);
lib/libpfctl/libpfctl.c
878
rule->ridentifier = nvlist_get_number(nvl, "ridentifier");
lib/libpfctl/libpfctl.c
881
&rule->src);
lib/libpfctl/libpfctl.c
883
&rule->dst);
lib/libpfctl/libpfctl.c
886
&rule->ipsrc);
lib/libpfctl/libpfctl.c
888
&rule->ipdst);
lib/libpfctl/libpfctl.c
890
rule->evaluations = nvlist_get_number(nvl, "evaluations");
lib/libpfctl/libpfctl.c
891
rule->packets[0] = nvlist_get_number(nvl, "packets-in");
lib/libpfctl/libpfctl.c
892
rule->packets[1] = nvlist_get_number(nvl, "packets-out");
lib/libpfctl/libpfctl.c
893
rule->bytes[0] = nvlist_get_number(nvl, "bytes-in");
lib/libpfctl/libpfctl.c
894
rule->bytes[1] = nvlist_get_number(nvl, "bytes-out");
lib/libpfctl/libpfctl.c
897
rule->last_active_timestamp = nvlist_get_number(nvl, "timestamp");
lib/libpfctl/libpfctl.c
900
strlcpy(rule->qname, nvlist_get_string(nvl, "qname"), PF_QNAME_SIZE);
lib/libpfctl/libpfctl.c
901
strlcpy(rule->tagname, nvlist_get_string(nvl, "tagname"),
lib/libpfctl/libpfctl.c
904
rule->dnpipe = nvlist_get_number(nvl, "dnpipe");
lib/libpfctl/libpfctl.c
905
rule->dnflags = nvlist_get_number(nvl, "dnflags");
lib/libpfctl/libpfctl.c
907
rule->anchor_relative = nvlist_get_number(nvl, "anchor_relative");
lib/libpfctl/libpfctl.c
908
rule->anchor_wildcard = nvlist_get_number(nvl, "anchor_wildcard");
lib/libpfctl/libpfctl.c
910
strlcpy(rule->bridge_to, nvlist_get_string(nvl, "bridge_to"),
lib/libpfctl/libpfctl.c
913
rule->action = nvlist_get_number(nvl, "action");
lib/libpfctl/libpfctl.c
989
const char *path, struct pfctl_eth_rule *rule, bool clear,
lib/libpfctl/libpfctl.h
381
uint32_t rule;
lib/libpfctl/libpfctl.h
433
int rule;
lib/libpfctl/libpfctl.h
471
const char *path, struct pfctl_eth_rule *rule, bool clear,
lib/libpfctl/libpfctl.h
481
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libpfctl/libpfctl.h
484
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libpfctl/libpfctl.h
487
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libpfctl/libpfctl.h
490
const char *anchor, uint32_t ruleset, struct pfctl_rule *rule,
lib/libugidfw/ugidfw.c
1008
bsde_parse_rule(int argc, char *argv[], struct mac_bsdextended_rule *rule,
lib/libugidfw/ugidfw.c
1016
bzero(rule, sizeof(*rule));
lib/libugidfw/ugidfw.c
1060
argv + subject_elements, &rule->mbr_subject, buflen, errstr);
lib/libugidfw/ugidfw.c
1065
argv + object_elements, &rule->mbr_object, buflen, errstr);
lib/libugidfw/ugidfw.c
1070
&rule->mbr_mode, buflen, errstr);
lib/libugidfw/ugidfw.c
1078
bsde_parse_rule_string(const char *string, struct mac_bsdextended_rule *rule,
lib/libugidfw/ugidfw.c
109
rule->mbr_subject.mbs_uid_min);
lib/libugidfw/ugidfw.c
1096
error = bsde_parse_rule(argc, argv, rule, buflen, errstr);
lib/libugidfw/ugidfw.c
115
if (rule->mbr_subject.mbs_uid_min !=
lib/libugidfw/ugidfw.c
116
rule->mbr_subject.mbs_uid_max) {
lib/libugidfw/ugidfw.c
117
pwd = getpwuid(rule->mbr_subject.mbs_uid_max);
lib/libugidfw/ugidfw.c
1189
bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t errlen,
lib/libugidfw/ugidfw.c
1207
size = sizeof(*rule);
lib/libugidfw/ugidfw.c
1210
error = sysctl(name, len, rule, &size, NULL, 0);
lib/libugidfw/ugidfw.c
1217
} else if (size != sizeof(*rule)) {
lib/libugidfw/ugidfw.c
1229
struct mac_bsdextended_rule rule;
lib/libugidfw/ugidfw.c
1248
error = sysctl(name, len, NULL, NULL, &rule, 0);
lib/libugidfw/ugidfw.c
1259
bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
lib/libugidfw/ugidfw.c
127
rule->mbr_subject.mbs_uid_max);
lib/libugidfw/ugidfw.c
1280
error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));
lib/libugidfw/ugidfw.c
1291
bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
lib/libugidfw/ugidfw.c
1320
error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));
lib/libugidfw/ugidfw.c
141
if (!notdone && (rule->mbr_subject.mbs_neg & MBO_GID_DEFINED)) {
lib/libugidfw/ugidfw.c
148
if (rule->mbr_subject.mbs_flags & MBO_GID_DEFINED) {
lib/libugidfw/ugidfw.c
149
grp = getgrgid(rule->mbr_subject.mbs_gid_min);
lib/libugidfw/ugidfw.c
159
rule->mbr_subject.mbs_gid_min);
lib/libugidfw/ugidfw.c
165
if (rule->mbr_subject.mbs_gid_min !=
lib/libugidfw/ugidfw.c
166
rule->mbr_subject.mbs_gid_max) {
lib/libugidfw/ugidfw.c
167
grp = getgrgid(rule->mbr_subject.mbs_gid_max);
lib/libugidfw/ugidfw.c
177
rule->mbr_subject.mbs_gid_max);
lib/libugidfw/ugidfw.c
191
if (!notdone && (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)) {
lib/libugidfw/ugidfw.c
198
if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) {
lib/libugidfw/ugidfw.c
200
rule->mbr_subject.mbs_prison);
lib/libugidfw/ugidfw.c
213
if (rule->mbr_object.mbo_flags) {
lib/libugidfw/ugidfw.c
214
if (rule->mbr_object.mbo_neg == MBO_ALL_FLAGS) {
lib/libugidfw/ugidfw.c
225
if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)) {
lib/libugidfw/ugidfw.c
232
if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) {
lib/libugidfw/ugidfw.c
233
pwd = getpwuid(rule->mbr_object.mbo_uid_min);
lib/libugidfw/ugidfw.c
243
rule->mbr_object.mbo_uid_min);
lib/libugidfw/ugidfw.c
249
if (rule->mbr_object.mbo_uid_min !=
lib/libugidfw/ugidfw.c
250
rule->mbr_object.mbo_uid_max) {
lib/libugidfw/ugidfw.c
251
pwd = getpwuid(rule->mbr_object.mbo_uid_max);
lib/libugidfw/ugidfw.c
261
rule->mbr_object.mbo_uid_max);
lib/libugidfw/ugidfw.c
275
if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)) {
lib/libugidfw/ugidfw.c
282
if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) {
lib/libugidfw/ugidfw.c
283
grp = getgrgid(rule->mbr_object.mbo_gid_min);
lib/libugidfw/ugidfw.c
293
rule->mbr_object.mbo_gid_min);
lib/libugidfw/ugidfw.c
299
if (rule->mbr_object.mbo_gid_min !=
lib/libugidfw/ugidfw.c
300
rule->mbr_object.mbo_gid_max) {
lib/libugidfw/ugidfw.c
301
grp = getgrgid(rule->mbr_object.mbo_gid_max);
lib/libugidfw/ugidfw.c
311
rule->mbr_object.mbo_gid_max);
lib/libugidfw/ugidfw.c
325
if (!notdone && (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)) {
lib/libugidfw/ugidfw.c
332
if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {
lib/libugidfw/ugidfw.c
335
if (fsidcmp(&rule->mbr_object.mbo_fsid,
lib/libugidfw/ugidfw.c
345
if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) {
lib/libugidfw/ugidfw.c
352
if (rule->mbr_object.mbo_flags & MBO_SUID) {
lib/libugidfw/ugidfw.c
359
if (!notdone && (rule->mbr_object.mbo_neg & MBO_SGID)) {
lib/libugidfw/ugidfw.c
366
if (rule->mbr_object.mbo_flags & MBO_SGID) {
lib/libugidfw/ugidfw.c
373
if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)) {
lib/libugidfw/ugidfw.c
380
if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) {
lib/libugidfw/ugidfw.c
387
if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)) {
lib/libugidfw/ugidfw.c
394
if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) {
lib/libugidfw/ugidfw.c
401
if (!notdone && (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)) {
lib/libugidfw/ugidfw.c
408
if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) {
lib/libugidfw/ugidfw.c
410
if (rule->mbr_object.mbo_type & MBO_TYPE_REG)
lib/libugidfw/ugidfw.c
412
if (rule->mbr_object.mbo_type & MBO_TYPE_DIR)
lib/libugidfw/ugidfw.c
414
if (rule->mbr_object.mbo_type & MBO_TYPE_BLK)
lib/libugidfw/ugidfw.c
416
if (rule->mbr_object.mbo_type & MBO_TYPE_CHR)
lib/libugidfw/ugidfw.c
418
if (rule->mbr_object.mbo_type & MBO_TYPE_LNK)
lib/libugidfw/ugidfw.c
420
if (rule->mbr_object.mbo_type & MBO_TYPE_SOCK)
lib/libugidfw/ugidfw.c
422
if (rule->mbr_object.mbo_type & MBO_TYPE_FIFO)
lib/libugidfw/ugidfw.c
424
if (rule->mbr_object.mbo_type == MBO_ALL_TYPE) {
lib/libugidfw/ugidfw.c
443
anymode = (rule->mbr_mode & MBI_ALLPERM);
lib/libugidfw/ugidfw.c
444
unknownmode = (rule->mbr_mode & ~MBI_ALLPERM);
lib/libugidfw/ugidfw.c
446
if (rule->mbr_mode & MBI_ADMIN) {
lib/libugidfw/ugidfw.c
454
if (rule->mbr_mode & MBI_READ) {
lib/libugidfw/ugidfw.c
462
if (rule->mbr_mode & MBI_STAT) {
lib/libugidfw/ugidfw.c
470
if (rule->mbr_mode & MBI_WRITE) {
lib/libugidfw/ugidfw.c
478
if (rule->mbr_mode & MBI_EXEC) {
lib/libugidfw/ugidfw.c
62
bsde_rule_to_string(struct mac_bsdextended_rule *rule, char *buf, size_t buflen)
lib/libugidfw/ugidfw.c
67
char *cur, type[sizeof(rule->mbr_object.mbo_type) * CHAR_BIT + 1];
lib/libugidfw/ugidfw.c
79
if (rule->mbr_subject.mbs_flags) {
lib/libugidfw/ugidfw.c
80
if (rule->mbr_subject.mbs_neg == MBS_ALL_FLAGS) {
lib/libugidfw/ugidfw.c
91
if (!notdone && (rule->mbr_subject.mbs_neg & MBO_UID_DEFINED)) {
lib/libugidfw/ugidfw.c
98
if (rule->mbr_subject.mbs_flags & MBO_UID_DEFINED) {
lib/libugidfw/ugidfw.c
99
pwd = getpwuid(rule->mbr_subject.mbs_uid_min);
lib/libugidfw/ugidfw.h
38
int bsde_rule_to_string(struct mac_bsdextended_rule *rule, char *buf,
lib/libugidfw/ugidfw.h
43
struct mac_bsdextended_rule *rule, size_t buflen, char *errstr);
lib/libugidfw/ugidfw.h
45
struct mac_bsdextended_rule *rule, size_t buflen, char *errstr);
lib/libugidfw/ugidfw.h
49
int bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule,
lib/libugidfw/ugidfw.h
52
int bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule,
lib/libugidfw/ugidfw.h
54
int bsde_add_rule(int *rulename, struct mac_bsdextended_rule *rule,
sbin/ipf/common/ipf_y.y
208
line: rule { while ((fr = frtop) != NULL) {
sbin/ipf/common/ipf_y.y
239
rule: inrule eol
sbin/ipf/ipfstat/ipfstat.c
768
ipfruleiter_t rule;
sbin/ipf/ipfstat/ipfstat.c
777
rule.iri_inout = out;
sbin/ipf/ipfstat/ipfstat.c
778
rule.iri_active = set;
sbin/ipf/ipfstat/ipfstat.c
779
rule.iri_rule = &fb;
sbin/ipf/ipfstat/ipfstat.c
780
rule.iri_nrules = 1;
sbin/ipf/ipfstat/ipfstat.c
782
strncpy(rule.iri_group, group, FR_GROUPLEN);
sbin/ipf/ipfstat/ipfstat.c
784
rule.iri_group[0] = '\0';
sbin/ipf/ipfstat/ipfstat.c
791
obj.ipfo_size = sizeof(rule);
sbin/ipf/ipfstat/ipfstat.c
792
obj.ipfo_ptr = &rule;
sbin/ipf/ipfstat/ipfstat.c
794
while (rule.iri_rule != NULL) {
sbin/ipf/ipfstat/ipfstat.c
799
rule.iri_rule = fp;
sbin/ipf/ipfstat/ipfstat.c
808
if (rule.iri_rule == NULL)
sbin/ipf/ipmon/ipmon_y.y
127
| rule { $$ = $1; }
sbin/ipf/ipmon/ipmon_y.y
214
rule: IPM_RULE '=' YY_NUMBER { $$ = new_opt(IPM_RULE);
sbin/ipf/ipmon/ipmon_y.y
76
%type <opt> protocol result rule srcip srcport logtag matching
sbin/ipf/ipnat/ipnat_y.y
129
line: xx rule { int err;
sbin/ipf/ipnat/ipnat_y.y
167
rule: map eol
sbin/ipfw/ipfw2.c
1604
struct ip_fw_rule *rule;
sbin/ipfw/ipfw2.c
1617
init_show_state(struct show_state *state, struct ip_fw_rule *rule)
sbin/ipfw/ipfw2.c
1620
state->printed = calloc(rule->cmd_len, sizeof(uint8_t));
sbin/ipfw/ipfw2.c
1623
state->rule = rule;
sbin/ipfw/ipfw2.c
1642
return (state->printed[cmd - state->rule->cmd]);
sbin/ipfw/ipfw2.c
1649
state->printed[cmd - state->rule->cmd] = 1;
sbin/ipfw/ipfw2.c
2016
for (l = state->rule->act_ofs, cmd = state->rule->cmd;
sbin/ipfw/ipfw2.c
2285
for (l = state->rule->cmd_len - state->rule->act_ofs,
sbin/ipfw/ipfw2.c
2286
cmd = ACTION_PTR(state->rule); l > 0;
sbin/ipfw/ipfw2.c
2306
for (l = state->rule->act_ofs, cmd = state->rule->cmd;
sbin/ipfw/ipfw2.c
2370
for (l = state->rule->act_ofs, cmd = state->rule->cmd;
sbin/ipfw/ipfw2.c
2386
for (l = state->rule->act_ofs, cmd = state->rule->cmd;
sbin/ipfw/ipfw2.c
2400
for (l = state->rule->act_ofs, cmd = state->rule->cmd, pf = 0;
sbin/ipfw/ipfw2.c
2446
struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr)
sbin/ipfw/ipfw2.c
2454
if ((fo->set_mask & (1 << rule->set)) == 0) {
sbin/ipfw/ipfw2.c
2461
if (init_show_state(&state, rule) != 0) {
sbin/ipfw/ipfw2.c
2466
bprintf(bp, RULENUM_FORMAT " ", rule->rulenum);
sbin/ipfw/ipfw2.c
2502
bprintf(bp, "set %d ", rule->set);
sbin/ipfw/ipfw2.c
2531
if (rule->flags & IPFW_RULE_JUSTOPTS) {
sbin/ipfw/ipfw2.c
2536
if (memchr(state.printed, 0, rule->act_ofs) == NULL) {
sbin/ipfw/ipfw2.c
2544
if (co->do_compact != 0 && (rule->flags & IPFW_RULE_NOOPT))
sbin/ipfw/ipfw2.c
4262
struct ip_fw_rule *rule;
sbin/ipfw/ipfw2.c
4286
rule = (struct ip_fw_rule *)rbuf;
sbin/ipfw/ipfw2.c
4303
rule->rulenum = atoi(*av);
sbin/ipfw/ipfw2.c
4312
rule->set = set;
sbin/ipfw/ipfw2.c
4948
rule->flags |= IPFW_RULE_JUSTOPTS;
sbin/ipfw/ipfw2.c
5027
rule->flags |= IPFW_RULE_NOOPT;
sbin/ipfw/ipfw2.c
5654
dst = (ipfw_insn *)rule->cmd;
sbin/ipfw/ipfw2.c
5721
rule->act_ofs = dst - rule->cmd;
sbin/ipfw/ipfw2.c
5753
rule->cmd_len = (uint32_t *)dst - (uint32_t *)(rule->cmd);
sbin/ipfw/ipfw2.c
5754
*rbufsize = (char *)dst - (char *)rule;
sbin/ipfw/ipfw2.c
5882
struct ip_fw_rule *rule;
sbin/ipfw/ipfw2.c
5895
rule = (struct ip_fw_rule *)(ctlv + 1);
sbin/ipfw/ipfw2.c
5898
compile_rule(av, (uint32_t *)rule, &rbufsize, &ts);
sbin/ipfw/ipfw2.c
5927
memcpy(ctlv + 1, rule, rbufsize);
sbin/ipfw/ipfw2.c
5947
show_static_rule(&g_co, &sfo, &bp, rule, NULL);
sbin/pfctl/pf_print_state.c
359
if (s->rule != -1)
sbin/pfctl/pf_print_state.c
360
printf(", rule %u", s->rule);
sbin/pfctl/pfctl.c
1164
pfctl_print_eth_rule_counters(struct pfctl_eth_rule *rule, int opts)
sbin/pfctl/pfctl.c
1169
(unsigned long long)rule->evaluations,
sbin/pfctl/pfctl.c
1170
(unsigned long long)(rule->packets[0] +
sbin/pfctl/pfctl.c
1171
rule->packets[1]),
sbin/pfctl/pfctl.c
1172
(unsigned long long)(rule->bytes[0] +
sbin/pfctl/pfctl.c
1173
rule->bytes[1]));
sbin/pfctl/pfctl.c
1178
if (rule->last_active_timestamp != 0) {
sbin/pfctl/pfctl.c
1179
bcopy(ctime(&rule->last_active_timestamp), timestr,
sbin/pfctl/pfctl.c
1190
pfctl_print_rule_counters(struct pfctl_rule *rule, int opts)
sbin/pfctl/pfctl.c
1199
if (rule->skip[i].nr == rule->nr + 1)
sbin/pfctl/pfctl.c
1202
if (rule->skip[i].nr == -1)
sbin/pfctl/pfctl.c
1205
printf("%u ", rule->skip[i].nr);
sbin/pfctl/pfctl.c
1210
rule->qname, rule->qid, rule->pqname, rule->pqid);
sbin/pfctl/pfctl.c
1211
if (rule->rule_flag & PFRULE_EXPIRED)
sbin/pfctl/pfctl.c
1213
(long long)(time(NULL) - rule->exptime));
sbin/pfctl/pfctl.c
1218
(unsigned long long)rule->evaluations,
sbin/pfctl/pfctl.c
1219
(unsigned long long)(rule->packets[0] +
sbin/pfctl/pfctl.c
1220
rule->packets[1]),
sbin/pfctl/pfctl.c
1221
(unsigned long long)(rule->bytes[0] +
sbin/pfctl/pfctl.c
1222
rule->bytes[1]), (uintmax_t)rule->states_cur);
sbin/pfctl/pfctl.c
1228
(uintmax_t)rule->src_nodes,
sbin/pfctl/pfctl.c
1229
(uintmax_t)rule->src_nodes_type[PF_SN_LIMIT],
sbin/pfctl/pfctl.c
1230
(uintmax_t)rule->src_nodes_type[PF_SN_NAT],
sbin/pfctl/pfctl.c
1231
(uintmax_t)rule->src_nodes_type[PF_SN_ROUTE]);
sbin/pfctl/pfctl.c
1235
(unsigned)rule->cuid, (unsigned)rule->cpid,
sbin/pfctl/pfctl.c
1236
(uintmax_t)rule->states_tot);
sbin/pfctl/pfctl.c
1240
if (rule->last_active_timestamp != 0) {
sbin/pfctl/pfctl.c
1241
bcopy(ctime(&rule->last_active_timestamp), timestr,
sbin/pfctl/pfctl.c
1499
struct pfctl_eth_rule rule;
sbin/pfctl/pfctl.c
1547
pfctl_print_eth_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1571
if ((ret = pfctl_get_eth_rule(dev, nr, info.ticket, path, &rule,
sbin/pfctl/pfctl.c
1590
print_eth_rule(&rule, anchor_call,
sbin/pfctl/pfctl.c
1596
pfctl_print_eth_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1599
p, depth + 1, rule.anchor_wildcard);
sbin/pfctl/pfctl.c
1614
struct pfctl_rule rule;
sbin/pfctl/pfctl.c
1691
&rule, anchor_call, opts & PF_OPT_CLRRULECTRS)) != 0) {
sbin/pfctl/pfctl.c
1696
if (pfctl_get_pool(dev, &rule.rdr,
sbin/pfctl/pfctl.c
1700
if (pfctl_get_pool(dev, &rule.nat,
sbin/pfctl/pfctl.c
1704
if (pfctl_get_pool(dev, &rule.route,
sbin/pfctl/pfctl.c
1712
if (rule.label[0][0] && (opts & PF_OPT_SHOWALL))
sbin/pfctl/pfctl.c
1714
print_rule(&rule, anchor_call, opts, numeric);
sbin/pfctl/pfctl.c
1719
if (!(rule.rule_flag & PFRULE_EXPIRED) ||
sbin/pfctl/pfctl.c
1722
pfctl_print_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1727
pfctl_clear_pool(&rule.rdr);
sbin/pfctl/pfctl.c
1728
pfctl_clear_pool(&rule.nat);
sbin/pfctl/pfctl.c
1729
pfctl_clear_pool(&rule.route);
sbin/pfctl/pfctl.c
1738
&rule, anchor_call, opts & PF_OPT_CLRRULECTRS)) != 0) {
sbin/pfctl/pfctl.c
1743
if (pfctl_get_pool(dev, &rule.rdr,
sbin/pfctl/pfctl.c
1747
if (pfctl_get_pool(dev, &rule.nat,
sbin/pfctl/pfctl.c
1751
if (pfctl_get_pool(dev, &rule.route,
sbin/pfctl/pfctl.c
1760
while (rule.label[i][0]) {
sbin/pfctl/pfctl.c
1761
printf("%s ", rule.label[i++]);
sbin/pfctl/pfctl.c
1768
(unsigned long long)rule.evaluations,
sbin/pfctl/pfctl.c
1769
(unsigned long long)(rule.packets[0] +
sbin/pfctl/pfctl.c
1770
rule.packets[1]),
sbin/pfctl/pfctl.c
1771
(unsigned long long)(rule.bytes[0] +
sbin/pfctl/pfctl.c
1772
rule.bytes[1]),
sbin/pfctl/pfctl.c
1773
(unsigned long long)rule.packets[0],
sbin/pfctl/pfctl.c
1774
(unsigned long long)rule.bytes[0],
sbin/pfctl/pfctl.c
1775
(unsigned long long)rule.packets[1],
sbin/pfctl/pfctl.c
1776
(unsigned long long)rule.bytes[1],
sbin/pfctl/pfctl.c
1777
(uintmax_t)rule.states_tot);
sbin/pfctl/pfctl.c
1785
anchor_call, depth, rule.anchor_wildcard);
sbin/pfctl/pfctl.c
1790
if (rule.label[0][0] && (opts & PF_OPT_SHOWALL))
sbin/pfctl/pfctl.c
1793
print_rule(&rule, anchor_call, opts, numeric);
sbin/pfctl/pfctl.c
1805
pfctl_print_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1808
rule.anchor_wildcard);
sbin/pfctl/pfctl.c
1813
pfctl_print_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1819
pfctl_clear_pool(&rule.rdr);
sbin/pfctl/pfctl.c
1820
pfctl_clear_pool(&rule.nat);
sbin/pfctl/pfctl.c
1833
struct pfctl_rule rule;
sbin/pfctl/pfctl.c
1905
nattype[i], &rule, anchor_call)) != 0) {
sbin/pfctl/pfctl.c
1909
if (pfctl_get_pool(dev, &rule.rdr, nr,
sbin/pfctl/pfctl.c
1912
if (pfctl_get_pool(dev, &rule.nat, nr,
sbin/pfctl/pfctl.c
1915
if (pfctl_get_pool(dev, &rule.route, nr,
sbin/pfctl/pfctl.c
1923
print_rule(&rule, anchor_call,
sbin/pfctl/pfctl.c
1930
pfctl_print_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
1932
depth + 1, rule.anchor_wildcard);
sbin/pfctl/pfctl.c
1937
pfctl_print_rule_counters(&rule, opts);
sbin/pfctl/pfctl.c
2166
struct pfctl_rule *rule;
sbin/pfctl/pfctl.c
2175
if ((rule = calloc(1, sizeof(*rule))) == NULL)
sbin/pfctl/pfctl.c
2177
bcopy(r, rule, sizeof(*rule));
sbin/pfctl/pfctl.c
2178
TAILQ_INIT(&rule->rdr.list);
sbin/pfctl/pfctl.c
2179
pfctl_move_pool(&r->rdr, &rule->rdr);
sbin/pfctl/pfctl.c
2180
TAILQ_INIT(&rule->nat.list);
sbin/pfctl/pfctl.c
2181
pfctl_move_pool(&r->nat, &rule->nat);
sbin/pfctl/pfctl.c
2182
TAILQ_INIT(&rule->route.list);
sbin/pfctl/pfctl.c
2183
pfctl_move_pool(&r->route, &rule->route);
sbin/pfctl/pfctl.c
2185
TAILQ_INSERT_TAIL(rs->rules[rs_num].active.ptr, rule, entries);
sbin/pfctl/pfctl.c
2192
struct pfctl_eth_rule *rule;
sbin/pfctl/pfctl.c
2208
sizeof(rule->anchor->path)) >= sizeof(rule->anchor->path))
sbin/pfctl/pfctl.c
2217
sizeof(rule->anchor->name)) >= sizeof(rule->anchor->name))
sbin/pfctl/pfctl.c
2221
if ((rule = calloc(1, sizeof(*rule))) == NULL)
sbin/pfctl/pfctl.c
2223
bcopy(r, rule, sizeof(*rule));
sbin/pfctl/pfctl.c
2225
TAILQ_INSERT_TAIL(&rs->rules, rule, entries);
sbin/pfctl/pfctl_optimize.c
894
struct pfctl_rule a, b, rule;
sbin/pfctl/pfctl_optimize.c
915
&rule, anchor_call)) {
sbin/pfctl/pfctl_optimize.c
920
memcpy(&por->por_rule, &rule, sizeof(por->por_rule));
sbin/pfctl/pfctl_parser.c
718
if (sn->rule != -1)
sbin/pfctl/pfctl_parser.c
719
printf(", nat rule %u", sn->rule);
sbin/pfctl/pfctl_parser.c
722
if (sn->rule != -1)
sbin/pfctl/pfctl_parser.c
723
printf(", rdr rule %u", sn->rule);
sbin/pfctl/pfctl_parser.c
727
if (sn->rule != -1)
sbin/pfctl/pfctl_parser.c
728
printf(", filter rule %u", sn->rule);
sys/compat/linuxkpi/common/include/net/cfg80211.h
1396
struct ieee80211_reg_rule *rule)
sys/dev/cxgbe/t4_ioctl.h
426
struct offload_rule *rule;
sys/dev/cxgbe/t4_main.c
12764
r = &op->rule[0];
sys/dev/cxgbe/t4_main.c
12768
free(op->rule, M_CXGBE);
sys/dev/cxgbe/t4_main.c
12797
op->rule = malloc(len, M_CXGBE, M_ZERO | M_WAITOK);
sys/dev/cxgbe/t4_main.c
12798
rc = copyin(uop->rule, op->rule, len);
sys/dev/cxgbe/t4_main.c
12800
free(op->rule, M_CXGBE);
sys/dev/cxgbe/t4_main.c
12805
r = &op->rule[0];
sys/dev/cxgbe/tom/t4_tom.c
1754
r = &op->rule[0];
sys/dev/ice/ice_lib.c
650
struct ice_mir_rule_buf rule = { };
sys/dev/ice/ice_lib.c
658
rule.vsi_idx = ice_get_hw_vsi_num(hw, vsi->mirror_src_vsi);
sys/dev/ice/ice_lib.c
659
rule.add = true;
sys/dev/ice/ice_lib.c
664
dest_vsi, count, &rule, NULL,
sys/dev/ice/ice_lib.c
669
rule.vsi_idx, dest_vsi, ice_status_str(status),
sys/dev/ice/ice_lib.c
678
dest_vsi, count, &rule, NULL, &rule_id);
sys/dev/ice/ice_lib.c
682
rule.vsi_idx, dest_vsi, ice_status_str(status),
sys/dev/mlx4/device.h
1431
struct mlx4_net_trans_rule *rule, u64 *reg_id);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1012
rule);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1019
rule);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1024
rule);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1027
mlx4_err_rule(dev, "Fail to register network rule.\n", rule);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1057
struct mlx4_net_trans_rule rule = {
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1066
rule.port = port;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1067
rule.qpn = qpn;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1068
rule.priority = prio;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1069
INIT_LIST_HEAD(&rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1078
list_add_tail(&spec_eth_outer.list, &rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1079
list_add_tail(&spec_vxlan.list, &rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1080
list_add_tail(&spec_eth_inner.list, &rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1082
err = mlx4_flow_attach(dev, &rule, reg_id);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1376
struct mlx4_net_trans_rule rule = {
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1383
rule.allow_loopback = !block_mcast_loopback;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1384
rule.port = port;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1385
rule.qpn = qp->qpn;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1386
INIT_LIST_HEAD(&rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1403
list_add_tail(&spec.list, &rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1405
return mlx4_flow_attach(dev, &rule, reg_id);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1468
struct mlx4_net_trans_rule rule = {
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1490
rule.promisc_mode = mode;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1491
rule.port = port;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1492
rule.qpn = qpn;
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1493
INIT_LIST_HEAD(&rule.list);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
1496
return mlx4_flow_attach(dev, &rule, regid_p);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
903
struct mlx4_net_trans_rule *rule)
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
913
rule->port, rule->priority, rule->qpn);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
915
list_for_each_entry(cur, &rule->list, list) {
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
984
struct mlx4_net_trans_rule *rule, u64 *reg_id)
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
995
trans_rule_ctrl_to_hw(rule, mailbox->buf);
sys/dev/mlx4/mlx4_core/mlx4_mcg.c
999
list_for_each_entry(cur, &rule->list, list) {
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
160
struct mlx4_net_trans_rule rule = {
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
161
.list = LIST_HEAD_INIT(rule.list),
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
177
list_add_tail(&spec_eth.list, &rule.list);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
178
list_add_tail(&spec_ip.list, &rule.list);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
179
list_add_tail(&spec_tcp_udp.list, &rule.list);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
181
rule.qpn = priv->rss_map.qps[filter->rxq_index].qpn;
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
193
rc = mlx4_flow_attach(priv->mdev->dev, &rule, &filter->reg_id);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
498
struct mlx4_net_trans_rule rule = {
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
506
rule.port = priv->port;
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
507
rule.qpn = *qpn;
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
508
INIT_LIST_HEAD(&rule.list);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
513
list_add_tail(&spec_eth.list, &rule.list);
sys/dev/mlx4/mlx4_en/mlx4_en_netdev.c
515
err = mlx4_flow_attach(dev, &rule, reg_id);
sys/dev/mlx5/fs.h
322
typedef int (*rule_event_fn)(struct mlx5_flow_rule *rule,
sys/dev/mlx5/fs.h
335
int mlx5_set_rule_private_data(struct mlx5_flow_rule *rule, struct
sys/dev/mlx5/fs.h
352
struct mlx5_flow_rule *rule);
sys/dev/mlx5/fs.h
355
struct mlx5_flow_rule *rule);
sys/dev/mlx5/fs.h
357
u8 mlx5_get_match_criteria_enable(struct mlx5_flow_rule *rule);
sys/dev/mlx5/mlx5_accel/ipsec.h
139
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
110
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1126
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1142
rule = mlx5_add_flow_rules(tx->ft.sa_kspi, spec, flow_act, dest, num_dest);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1143
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1144
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1148
ipsec_rule->kspi_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
116
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1166
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1183
rule = mlx5_add_flow_rules(tx->ft.sa, spec, flow_act, dest, num_dest);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1184
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1185
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1189
ipsec_rule->reqid_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1204
rule = mlx5_add_flow_rules(tx->ft.sa, spec, flow_act, dest, num_dest);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1205
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1206
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1210
ipsec_rule->rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1296
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
134
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1348
rule = mlx5_add_flow_rules(ft, spec, &flow_act, dest, dstn);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1349
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1350
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1356
pol_entry->ipsec_rule.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1377
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1426
rule = mlx5_add_flow_rules(ft, spec, &flow_act, dest, dstn);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1427
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1428
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1433
pol_entry->ipsec_rule.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1439
rule = mlx5_add_flow_rules(ft, spec, &flow_act, dest, dstn);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1440
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1441
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1447
pol_entry->ipsec_rule.vid_zero_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1454
if (pol_entry->ipsec_rule.rule != NULL)
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1455
mlx5_del_flow_rules(&pol_entry->ipsec_rule.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1552
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1584
rule = mlx5_add_flow_rules(rx->ft.status, spec, &flow_act, dest, 2);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1585
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1586
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1592
rx->status.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1608
mlx5_del_flow_rules(&rx_roce->roce_miss.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1609
mlx5_del_flow_rules(&rx_roce->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1617
mlx5_del_flow_rules(&rx->sa.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1620
mlx5_del_flow_rules(&rx->pol.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1623
mlx5_del_flow_rules(&rx->status.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1643
mlx5_del_flow_rules(&rx_ip_type->miss.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1653
mlx5_del_flow_rules(&rx->pol.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1675
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1690
rule = mlx5_add_flow_rules(roce->ft, spec, &flow_act, &dst, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1691
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1692
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1698
roce->rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1700
rule = mlx5_add_flow_rules(roce->ft, NULL, &flow_act, default_dst, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1701
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1702
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1708
roce->roce_miss.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1714
mlx5_del_flow_rules(&roce->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1831
mlx5_del_flow_rules(&rx->pol.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1835
mlx5_del_flow_rules(&rx->status.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1887
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1901
rule = mlx5_add_flow_rules(ipsec->rx_ip_type->ft, spec, &flow_act, &dst, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1902
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1903
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1908
ipsec->rx_ip_type->ipv4_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1913
rule = mlx5_add_flow_rules(ipsec->rx_ip_type->ft, spec, &flow_act, &dst, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1914
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1915
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
1920
ipsec->rx_ip_type->ipv6_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
2070
mlx5_del_flow_rules(&ipsec_rule->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
2100
mlx5_del_flow_rules(&ipsec_rule->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
336
miss->rule = mlx5_add_flow_rules(ft, NULL, &flow_act, dest, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
337
if (IS_ERR(miss->rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
339
err = PTR_ERR(miss->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
526
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
589
rule = mlx5_add_flow_rules(rx->ft.sa, spec, &flow_act, dest, 2);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
590
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
591
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
595
ipsec_rule->rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
601
rule = mlx5_add_flow_rules(rx->ft.sa, spec, &flow_act, dest, 2);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
602
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
603
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
609
ipsec_rule->vid_zero_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
620
if (ipsec_rule->rule != NULL)
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
621
mlx5_del_flow_rules(&ipsec_rule->rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
668
tx->status.rule = fte;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
679
mlx5_del_flow_rules(&tx->roce.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
692
mlx5_del_flow_rules(&tx->pol.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
697
mlx5_del_flow_rules(&tx->kspi_miss.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
699
mlx5_del_flow_rules(&tx->kspi_bypass_rule.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
702
mlx5_del_flow_rules(&tx->status.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
711
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
717
rule = mlx5_add_flow_rules(tx->roce.ft, NULL, &flow_act, &dst, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
718
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
719
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
724
tx->roce.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
800
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
813
rule = mlx5_add_flow_rules(tx->ft.sa_kspi, spec, &flow_act_kspi,
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
815
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
816
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
821
tx->kspi_bypass_rule.kspi_rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
827
rule = mlx5_add_flow_rules(tx->ft.sa_kspi, spec, &flow_act, &dest, 1);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
828
if (IS_ERR(rule)) {
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
829
err = PTR_ERR(rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
833
tx->kspi_bypass_rule.rule = rule;
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
923
mlx5_del_flow_rules(&tx->status.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
925
mlx5_del_flow_rules(&tx->kspi_bypass_rule.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
933
mlx5_del_flow_rules(&tx->pol.rule);
sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
940
mlx5_del_flow_rules(&tx->kspi_miss.rule);
sys/dev/mlx5/mlx5_core/fs_core.h
166
struct mlx5_flow_rule *rule[];
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1002
fs_get_obj(fte, rule->node.parent);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1009
memcpy(&rule->dest_attr, dest, sizeof(*dest));
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1027
return _mlx5_modify_rule_destination(handle->rule[0],
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1032
if (mlx5_flow_dests_cmp(new_dest, &handle->rule[i]->dest_attr))
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1033
return _mlx5_modify_rule_destination(handle->rule[i],
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1311
struct mlx5_flow_rule *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1313
rule = kzalloc(sizeof(*rule), GFP_KERNEL);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1314
if (!rule)
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1317
INIT_LIST_HEAD(&rule->next_ft);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1318
rule->node.type = FS_TYPE_FLOW_DEST;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1320
memcpy(&rule->dest_attr, dest, sizeof(*dest));
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1322
rule->dest_attr.type = MLX5_FLOW_DESTINATION_TYPE_NONE;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1324
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1331
handle = kzalloc(struct_size(handle, rule, num_rules), GFP_KERNEL);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1346
if (refcount_dec_and_test(&handle->rule[i]->node.refcount)) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1348
list_del(&handle->rule[i]->node.list);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1349
kfree(handle->rule[i]);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1363
struct mlx5_flow_rule *rule = NULL;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1375
rule = find_flow_rule(fte, dest + i);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1376
if (rule) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1377
refcount_inc(&rule->node.refcount);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1383
rule = alloc_rule(dest + i);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1384
if (!rule)
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1390
tree_init_node(&rule->node, NULL, del_sw_hw_rule);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1393
list_add(&rule->node.list, &fte->node.children);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1395
list_add_tail(&rule->node.list, &fte->node.children);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1407
handle->rule[i] = rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1586
struct mlx5_flow_rule *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1588
list_for_each_entry(rule, &fte->node.children, node.list) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1589
if (mlx5_flow_dests_cmp(&rule->dest_attr, dest))
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1590
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1694
if (refcount_read(&handle->rule[i]->node.refcount) == 1) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1695
tree_add_node(&handle->rule[i]->node, &fte->node);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1853
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1878
rule = add_rule_fg(g, spec, flow_act, dest, dest_num, fte_tmp);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1883
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1895
rule = ERR_PTR(-EAGAIN);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1930
rule = add_rule_fg(g, spec, flow_act, dest, dest_num, fte);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1932
if (IS_ERR(rule))
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1934
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1936
rule = ERR_PTR(-ENOENT);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1939
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1951
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1990
rule = try_add_to_existing_fg(ft, &match_head.list, spec, flow_act, dest,
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1993
if (!IS_ERR(rule) ||
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1994
(PTR_ERR(rule) != -ENOENT && PTR_ERR(rule) != -EAGAIN)) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
1997
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2005
if (PTR_ERR(rule) == -EAGAIN ||
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2011
rule = ERR_CAST(g);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2013
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2036
rule = add_rule_fg(g, spec, flow_act, dest, dest_num, fte);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2038
if (IS_ERR(rule))
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2041
return rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2108
if (list_empty(&handle->rule[num_dest - 1]->next_ft)) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2110
list_add(&handle->rule[num_dest - 1]->next_ft,
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2113
handle->rule[num_dest - 1]->sw_action = sw_action;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2114
handle->rule[num_dest - 1]->ft = ft;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2146
fs_get_obj(fte, handle->rule[0]->node.parent);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
2149
tree_remove_node(&handle->rule[i]->node, true);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
581
struct mlx5_flow_rule *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
584
fs_get_obj(rule, node);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
585
fs_get_obj(fte, rule->node.parent);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
586
if (is_fwd_next_action(rule->sw_action)) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
587
mutex_lock(&rule->dest_attr.ft->lock);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
588
list_del(&rule->next_ft);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
589
mutex_unlock(&rule->dest_attr.ft->lock);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
592
if (rule->dest_attr.type == MLX5_FLOW_DESTINATION_TYPE_COUNTER) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
601
if (rule->dest_attr.type == MLX5_FLOW_DESTINATION_TYPE_PORT) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
608
if (is_fwd_dest_type(rule->dest_attr.type)) {
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
620
kfree(rule);
sys/dev/mlx5/mlx5_core/mlx5_fs_core.c
992
static int _mlx5_modify_rule_destination(struct mlx5_flow_rule *rule,
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
176
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
198
rule = mlx5_add_flow_rules(fs_tcp->tables[type].t, &spec, &flow_act,
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
200
if (IS_ERR(rule))
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
201
return (PTR_ERR(rule));
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
203
fs_tcp->default_rules[type] = rule;
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
84
mlx5e_accel_fs_del_inpcb(struct mlx5_flow_handle *rule)
sys/dev/mlx5/mlx5_core/mlx5_fs_tcp.c
86
mlx5_del_flow_rules(&rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib.h
173
struct mlx5_flow_handle *rule;
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2075
mlx5_del_flow_rules(&iter->rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2081
mlx5_del_flow_rules(&handler->rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2218
handler->rule = mlx5_add_flow_rules(ft, spec, &flow_act, dst, 1);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2220
if (IS_ERR(handler->rule)) {
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2221
err = PTR_ERR(handler->rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2249
mlx5_del_flow_rules(&handler->rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2312
mlx5_del_flow_rules(&handler->rule);
sys/dev/mlx5/mlx5_ib/mlx5_ib_main.c
2355
mlx5_del_flow_rules(&handler_rx->rule);
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4185
const struct dbg_idle_chk_rule *rule,
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4198
regs = &((const union dbg_idle_chk_reg *)s_dbg_arrays[BIN_BUF_DBG_IDLE_CHK_REGS].ptr)[rule->reg_offset];
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4200
info_regs = ®s[rule->num_cond_regs].info_reg;
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4207
hdr->severity = rule->severity;
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4208
hdr->num_dumped_cond_regs = rule->num_cond_regs;
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4214
for (reg_id = 0; reg_id < rule->num_cond_regs; reg_id++) {
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4239
for (reg_id = 0; reg_id < rule->num_info_regs; reg_id++) {
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4281
SET_FIELD(reg_hdr->data, DBG_IDLE_CHK_RESULT_REG_HDR_REG_ID, rule->num_cond_regs + reg_id);
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4310
const struct dbg_idle_chk_rule *rule;
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4316
rule = &input_rules[i];
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4317
regs = &((const union dbg_idle_chk_reg *)s_dbg_arrays[BIN_BUF_DBG_IDLE_CHK_REGS].ptr)[rule->reg_offset];
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4319
imm_values = &s_dbg_arrays[BIN_BUF_DBG_IDLE_CHK_IMMS].ptr[rule->imm_offset];
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4325
for (reg_id = 0; reg_id < rule->num_cond_regs && check_rule; reg_id++) {
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4342
u32 entry_dump_size = ecore_idle_chk_dump_failure(p_hwfn, p_ptt, dump_buf + offset, false, rule->rule_id, rule, 0, OSAL_NULL);
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4356
for (reg_id = 0; reg_id < rule->num_cond_regs; reg_id++) {
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4381
if ((*cond_arr[rule->cond_id])(cond_reg_values, imm_values)) {
sys/dev/qlnx/qlnxe/ecore_dbg_fw_funcs.c
4382
offset += ecore_idle_chk_dump_failure(p_hwfn, p_ptt, dump_buf + offset, dump, rule->rule_id, rule, entry_id, cond_reg_values);
sys/kern/kern_rctl.c
1006
struct rctl_rule *rule;
sys/kern/kern_rctl.c
1010
rule = uma_zalloc(rctl_rule_zone, flags);
sys/kern/kern_rctl.c
1011
if (rule == NULL)
sys/kern/kern_rctl.c
1013
rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
sys/kern/kern_rctl.c
1014
rule->rr_subject.rs_proc = NULL;
sys/kern/kern_rctl.c
1015
rule->rr_subject.rs_uip = NULL;
sys/kern/kern_rctl.c
1016
rule->rr_subject.rs_loginclass = NULL;
sys/kern/kern_rctl.c
1017
rule->rr_subject.rs_prison_racct = NULL;
sys/kern/kern_rctl.c
1018
rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
sys/kern/kern_rctl.c
1019
rule->rr_resource = RACCT_UNDEFINED;
sys/kern/kern_rctl.c
1020
rule->rr_action = RCTL_ACTION_UNDEFINED;
sys/kern/kern_rctl.c
1021
rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
sys/kern/kern_rctl.c
1022
refcount_init(&rule->rr_refcount, 1);
sys/kern/kern_rctl.c
1024
return (rule);
sys/kern/kern_rctl.c
1028
rctl_rule_duplicate(const struct rctl_rule *rule, int flags)
sys/kern/kern_rctl.c
1037
copy->rr_subject_type = rule->rr_subject_type;
sys/kern/kern_rctl.c
1038
copy->rr_subject.rs_proc = rule->rr_subject.rs_proc;
sys/kern/kern_rctl.c
1039
copy->rr_subject.rs_uip = rule->rr_subject.rs_uip;
sys/kern/kern_rctl.c
1040
copy->rr_subject.rs_loginclass = rule->rr_subject.rs_loginclass;
sys/kern/kern_rctl.c
1041
copy->rr_subject.rs_prison_racct = rule->rr_subject.rs_prison_racct;
sys/kern/kern_rctl.c
1042
copy->rr_per = rule->rr_per;
sys/kern/kern_rctl.c
1043
copy->rr_resource = rule->rr_resource;
sys/kern/kern_rctl.c
1044
copy->rr_action = rule->rr_action;
sys/kern/kern_rctl.c
1045
copy->rr_amount = rule->rr_amount;
sys/kern/kern_rctl.c
1053
rctl_rule_acquire(struct rctl_rule *rule)
sys/kern/kern_rctl.c
1057
KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
sys/kern/kern_rctl.c
1059
refcount_acquire(&rule->rr_refcount);
sys/kern/kern_rctl.c
1065
struct rctl_rule *rule;
sys/kern/kern_rctl.c
1067
rule = (struct rctl_rule *)context;
sys/kern/kern_rctl.c
1070
KASSERT(rule->rr_refcount == 0, ("rule->rr_refcount != 0"));
sys/kern/kern_rctl.c
1076
rctl_rule_release_subject(rule);
sys/kern/kern_rctl.c
1077
uma_zfree(rctl_rule_zone, rule);
sys/kern/kern_rctl.c
1081
rctl_rule_release(struct rctl_rule *rule)
sys/kern/kern_rctl.c
1085
KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0"));
sys/kern/kern_rctl.c
1087
if (refcount_release(&rule->rr_refcount)) {
sys/kern/kern_rctl.c
1095
TASK_INIT(&rule->rr_task, 0, rctl_rule_free, rule);
sys/kern/kern_rctl.c
1096
taskqueue_enqueue(taskqueue_thread, &rule->rr_task);
sys/kern/kern_rctl.c
1101
rctl_rule_fully_specified(const struct rctl_rule *rule)
sys/kern/kern_rctl.c
1106
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
1110
if (rule->rr_subject.rs_proc == NULL)
sys/kern/kern_rctl.c
1114
if (rule->rr_subject.rs_uip == NULL)
sys/kern/kern_rctl.c
1118
if (rule->rr_subject.rs_loginclass == NULL)
sys/kern/kern_rctl.c
1122
if (rule->rr_subject.rs_prison_racct == NULL)
sys/kern/kern_rctl.c
1127
rule->rr_subject_type);
sys/kern/kern_rctl.c
1129
if (rule->rr_resource == RACCT_UNDEFINED)
sys/kern/kern_rctl.c
1131
if (rule->rr_action == RCTL_ACTION_UNDEFINED)
sys/kern/kern_rctl.c
1133
if (rule->rr_amount == RCTL_AMOUNT_UNDEFINED)
sys/kern/kern_rctl.c
1135
if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED)
sys/kern/kern_rctl.c
1144
struct rctl_rule *rule;
sys/kern/kern_rctl.c
1152
rule = rctl_rule_alloc(M_WAITOK);
sys/kern/kern_rctl.c
1162
rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED;
sys/kern/kern_rctl.c
1164
error = str2value(subjectstr, &rule->rr_subject_type, subjectnames);
sys/kern/kern_rctl.c
1170
rule->rr_subject.rs_proc = NULL;
sys/kern/kern_rctl.c
1171
rule->rr_subject.rs_uip = NULL;
sys/kern/kern_rctl.c
1172
rule->rr_subject.rs_loginclass = NULL;
sys/kern/kern_rctl.c
1173
rule->rr_subject.rs_prison_racct = NULL;
sys/kern/kern_rctl.c
1175
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
1184
rule->rr_subject.rs_proc = pfind(id);
sys/kern/kern_rctl.c
1185
if (rule->rr_subject.rs_proc == NULL) {
sys/kern/kern_rctl.c
1189
PROC_UNLOCK(rule->rr_subject.rs_proc);
sys/kern/kern_rctl.c
1195
rule->rr_subject.rs_uip = uifind(id);
sys/kern/kern_rctl.c
1198
rule->rr_subject.rs_loginclass =
sys/kern/kern_rctl.c
1200
if (rule->rr_subject.rs_loginclass == NULL) {
sys/kern/kern_rctl.c
1206
rule->rr_subject.rs_prison_racct =
sys/kern/kern_rctl.c
1208
if (rule->rr_subject.rs_prison_racct == NULL) {
sys/kern/kern_rctl.c
1215
rule->rr_subject_type);
sys/kern/kern_rctl.c
1220
rule->rr_resource = RACCT_UNDEFINED;
sys/kern/kern_rctl.c
1222
error = str2value(resourcestr, &rule->rr_resource,
sys/kern/kern_rctl.c
1229
rule->rr_action = RCTL_ACTION_UNDEFINED;
sys/kern/kern_rctl.c
1231
error = str2value(actionstr, &rule->rr_action, actionnames);
sys/kern/kern_rctl.c
1237
rule->rr_amount = RCTL_AMOUNT_UNDEFINED;
sys/kern/kern_rctl.c
1239
error = str2int64(amountstr, &rule->rr_amount);
sys/kern/kern_rctl.c
1242
if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) {
sys/kern/kern_rctl.c
1243
if (rule->rr_amount > INT64_MAX / 1000000) {
sys/kern/kern_rctl.c
1247
rule->rr_amount *= 1000000;
sys/kern/kern_rctl.c
1252
rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED;
sys/kern/kern_rctl.c
1254
error = str2value(perstr, &rule->rr_per, subjectnames);
sys/kern/kern_rctl.c
1261
*rulep = rule;
sys/kern/kern_rctl.c
1263
rctl_rule_release(rule);
sys/kern/kern_rctl.c
1272
rctl_rule_add(struct rctl_rule *rule)
sys/kern/kern_rctl.c
1284
KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
sys/kern/kern_rctl.c
1292
if (rule->rr_action == RCTL_ACTION_DENY &&
sys/kern/kern_rctl.c
1293
!RACCT_IS_DENIABLE(rule->rr_resource) &&
sys/kern/kern_rctl.c
1294
rule->rr_resource != RACCT_RSS &&
sys/kern/kern_rctl.c
1295
rule->rr_resource != RACCT_PCTCPU) {
sys/kern/kern_rctl.c
1299
if (rule->rr_action == RCTL_ACTION_THROTTLE &&
sys/kern/kern_rctl.c
1300
!RACCT_IS_DECAYING(rule->rr_resource)) {
sys/kern/kern_rctl.c
1304
if (rule->rr_action == RCTL_ACTION_THROTTLE &&
sys/kern/kern_rctl.c
1305
rule->rr_resource == RACCT_PCTCPU) {
sys/kern/kern_rctl.c
1309
if (rule->rr_per == RCTL_SUBJECT_TYPE_PROCESS &&
sys/kern/kern_rctl.c
1310
RACCT_IS_SLOPPY(rule->rr_resource)) {
sys/kern/kern_rctl.c
1318
if (rule->rr_action == RCTL_ACTION_DENY) {
sys/kern/kern_rctl.c
1319
rule2 = rctl_rule_duplicate(rule, M_WAITOK);
sys/kern/kern_rctl.c
1324
rctl_rule_remove(rule);
sys/kern/kern_rctl.c
1326
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
1328
p = rule->rr_subject.rs_proc;
sys/kern/kern_rctl.c
1331
rctl_racct_add_rule(p->p_racct, rule);
sys/kern/kern_rctl.c
1339
uip = rule->rr_subject.rs_uip;
sys/kern/kern_rctl.c
1341
rctl_racct_add_rule(uip->ui_racct, rule);
sys/kern/kern_rctl.c
1345
lc = rule->rr_subject.rs_loginclass;
sys/kern/kern_rctl.c
1347
rctl_racct_add_rule(lc->lc_racct, rule);
sys/kern/kern_rctl.c
1351
prr = rule->rr_subject.rs_prison_racct;
sys/kern/kern_rctl.c
1353
rctl_racct_add_rule(prr->prr_racct, rule);
sys/kern/kern_rctl.c
1358
rule->rr_subject_type);
sys/kern/kern_rctl.c
1368
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
1370
if (cred->cr_uidinfo == rule->rr_subject.rs_uip ||
sys/kern/kern_rctl.c
1371
cred->cr_ruidinfo == rule->rr_subject.rs_uip)
sys/kern/kern_rctl.c
1375
if (cred->cr_loginclass == rule->rr_subject.rs_loginclass)
sys/kern/kern_rctl.c
1381
if (pr->pr_prison_racct == rule->rr_subject.rs_prison_racct) {
sys/kern/kern_rctl.c
1391
rule->rr_subject_type);
sys/kern/kern_rctl.c
1394
rctl_racct_add_rule(p->p_racct, rule);
sys/kern/kern_rctl.c
1476
rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule)
sys/kern/kern_rctl.c
1482
sbuf_printf(sb, "%s:", rctl_subject_type_name(rule->rr_subject_type));
sys/kern/kern_rctl.c
1484
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
1486
if (rule->rr_subject.rs_proc == NULL)
sys/kern/kern_rctl.c
1490
rule->rr_subject.rs_proc->p_pid);
sys/kern/kern_rctl.c
1493
if (rule->rr_subject.rs_uip == NULL)
sys/kern/kern_rctl.c
1497
rule->rr_subject.rs_uip->ui_uid);
sys/kern/kern_rctl.c
1500
if (rule->rr_subject.rs_loginclass == NULL)
sys/kern/kern_rctl.c
1504
rule->rr_subject.rs_loginclass->lc_name);
sys/kern/kern_rctl.c
1507
if (rule->rr_subject.rs_prison_racct == NULL)
sys/kern/kern_rctl.c
1511
rule->rr_subject.rs_prison_racct->prr_name);
sys/kern/kern_rctl.c
1515
rule->rr_subject_type);
sys/kern/kern_rctl.c
1518
amount = rule->rr_amount;
sys/kern/kern_rctl.c
1520
RACCT_IS_IN_MILLIONS(rule->rr_resource))
sys/kern/kern_rctl.c
1524
rctl_resource_name(rule->rr_resource),
sys/kern/kern_rctl.c
1525
rctl_action_name(rule->rr_action),
sys/kern/kern_rctl.c
1528
if (rule->rr_per != rule->rr_subject_type)
sys/kern/kern_rctl.c
1529
sbuf_printf(sb, "/%s", rctl_subject_type_name(rule->rr_per));
sys/kern/kern_rctl.c
1876
struct rctl_rule *rule;
sys/kern/kern_rctl.c
1892
error = rctl_string_to_rule(inputstr, &rule);
sys/kern/kern_rctl.c
1901
if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED &&
sys/kern/kern_rctl.c
1902
rule->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED)
sys/kern/kern_rctl.c
1903
rule->rr_per = rule->rr_subject_type;
sys/kern/kern_rctl.c
1905
if (!rctl_rule_fully_specified(rule)) {
sys/kern/kern_rctl.c
1910
error = rctl_rule_add(rule);
sys/kern/kern_rctl.c
1913
rctl_rule_release(rule);
sys/kern/kern_rctl.c
2108
struct rctl_rule *rule;
sys/kern/kern_rctl.c
2126
rule = rctl_rule_duplicate(link->rrl_rule, M_NOWAIT);
sys/kern/kern_rctl.c
2127
if (rule == NULL)
sys/kern/kern_rctl.c
2129
KASSERT(rule->rr_subject.rs_proc == parent,
sys/kern/kern_rctl.c
2131
rule->rr_subject.rs_proc = child;
sys/kern/kern_rctl.c
2133
rule);
sys/kern/kern_rctl.c
2134
rctl_rule_release(rule);
sys/kern/kern_rctl.c
218
static int rctl_rule_fully_specified(const struct rctl_rule *rule);
sys/kern/kern_rctl.c
219
static void rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule);
sys/kern/kern_rctl.c
331
rctl_proc_rule_to_racct(const struct proc *p, const struct rctl_rule *rule)
sys/kern/kern_rctl.c
338
switch (rule->rr_per) {
sys/kern/kern_rctl.c
348
panic("%s: unknown per %d", __func__, rule->rr_per);
sys/kern/kern_rctl.c
357
rctl_available_resource(const struct proc *p, const struct rctl_rule *rule)
sys/kern/kern_rctl.c
365
racct = rctl_proc_rule_to_racct(p, rule);
sys/kern/kern_rctl.c
366
available = rule->rr_amount - racct->r_resources[rule->rr_resource];
sys/kern/kern_rctl.c
381
struct rctl_rule *rule;
sys/kern/kern_rctl.c
391
rule = link->rrl_rule;
sys/kern/kern_rctl.c
393
if (rule->rr_resource != resource)
sys/kern/kern_rctl.c
395
if (rule->rr_action != RCTL_ACTION_THROTTLE)
sys/kern/kern_rctl.c
398
if (rule->rr_amount < minavailable)
sys/kern/kern_rctl.c
399
minavailable = rule->rr_amount;
sys/kern/kern_rctl.c
424
struct rctl_rule *rule;
sys/kern/kern_rctl.c
435
rule = link->rrl_rule;
sys/kern/kern_rctl.c
436
if (rule->rr_resource != RACCT_PCTCPU)
sys/kern/kern_rctl.c
438
if (rule->rr_action != RCTL_ACTION_DENY)
sys/kern/kern_rctl.c
440
available = rctl_available_resource(p, rule);
sys/kern/kern_rctl.c
443
limit = rule->rr_amount;
sys/kern/kern_rctl.c
498
struct rctl_rule *rule;
sys/kern/kern_rctl.c
514
rule = link->rrl_rule;
sys/kern/kern_rctl.c
515
if (rule->rr_resource != resource)
sys/kern/kern_rctl.c
518
available = rctl_available_resource(p, rule);
sys/kern/kern_rctl.c
524
switch (rule->rr_action) {
sys/kern/kern_rctl.c
556
rctl_rule_to_sbuf(&sb, rule);
sys/kern/kern_rctl.c
584
rctl_rule_to_sbuf(&sb, rule);
sys/kern/kern_rctl.c
599
if (rule->rr_amount == 0) {
sys/kern/kern_rctl.c
625
if (sleep_ms < rctl_throttle_min * rule->rr_amount)
sys/kern/kern_rctl.c
626
sleep_ms = rctl_throttle_min * rule->rr_amount;
sys/kern/kern_rctl.c
638
sleep_ratio = -available / rule->rr_amount;
sys/kern/kern_rctl.c
648
sleep_ms /= rule->rr_amount;
sys/kern/kern_rctl.c
656
rule->rr_amount, (uintmax_t)sleep_ms,
sys/kern/kern_rctl.c
671
KASSERT(rule->rr_action > 0 &&
sys/kern/kern_rctl.c
672
rule->rr_action <= RCTL_ACTION_SIGNAL_MAX,
sys/kern/kern_rctl.c
674
rule->rr_action));
sys/kern/kern_rctl.c
680
kern_psignal(p, rule->rr_action);
sys/kern/kern_rctl.c
700
struct rctl_rule *rule;
sys/kern/kern_rctl.c
712
rule = link->rrl_rule;
sys/kern/kern_rctl.c
713
if (rule->rr_resource != resource)
sys/kern/kern_rctl.c
715
if (rule->rr_action != RCTL_ACTION_DENY)
sys/kern/kern_rctl.c
717
if (rule->rr_amount < amount)
sys/kern/kern_rctl.c
718
amount = rule->rr_amount;
sys/kern/kern_rctl.c
727
struct rctl_rule *rule;
sys/kern/kern_rctl.c
741
rule = link->rrl_rule;
sys/kern/kern_rctl.c
742
if (rule->rr_resource != resource)
sys/kern/kern_rctl.c
744
if (rule->rr_action != RCTL_ACTION_DENY)
sys/kern/kern_rctl.c
746
available = rctl_available_resource(p, rule);
sys/kern/kern_rctl.c
764
rctl_rule_matches(const struct rctl_rule *rule, const struct rctl_rule *filter)
sys/kern/kern_rctl.c
770
if (rule->rr_subject_type != filter->rr_subject_type)
sys/kern/kern_rctl.c
776
rule->rr_subject.rs_proc !=
sys/kern/kern_rctl.c
782
rule->rr_subject.rs_uip !=
sys/kern/kern_rctl.c
788
rule->rr_subject.rs_loginclass !=
sys/kern/kern_rctl.c
794
rule->rr_subject.rs_prison_racct !=
sys/kern/kern_rctl.c
805
if (rule->rr_resource != filter->rr_resource)
sys/kern/kern_rctl.c
810
if (rule->rr_action != filter->rr_action)
sys/kern/kern_rctl.c
815
if (rule->rr_amount != filter->rr_amount)
sys/kern/kern_rctl.c
820
if (rule->rr_per != filter->rr_per)
sys/kern/kern_rctl.c
882
rctl_racct_add_rule(struct racct *racct, struct rctl_rule *rule)
sys/kern/kern_rctl.c
887
KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
sys/kern/kern_rctl.c
889
rctl_rule_acquire(rule);
sys/kern/kern_rctl.c
891
link->rrl_rule = rule;
sys/kern/kern_rctl.c
900
rctl_racct_add_rule_locked(struct racct *racct, struct rctl_rule *rule)
sys/kern/kern_rctl.c
905
KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified"));
sys/kern/kern_rctl.c
911
rctl_rule_acquire(rule);
sys/kern/kern_rctl.c
912
link->rrl_rule = rule;
sys/kern/kern_rctl.c
948
rctl_rule_acquire_subject(struct rctl_rule *rule)
sys/kern/kern_rctl.c
953
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
958
if (rule->rr_subject.rs_prison_racct != NULL)
sys/kern/kern_rctl.c
959
prison_racct_hold(rule->rr_subject.rs_prison_racct);
sys/kern/kern_rctl.c
962
if (rule->rr_subject.rs_uip != NULL)
sys/kern/kern_rctl.c
963
uihold(rule->rr_subject.rs_uip);
sys/kern/kern_rctl.c
966
if (rule->rr_subject.rs_loginclass != NULL)
sys/kern/kern_rctl.c
967
loginclass_hold(rule->rr_subject.rs_loginclass);
sys/kern/kern_rctl.c
971
rule->rr_subject_type);
sys/kern/kern_rctl.c
976
rctl_rule_release_subject(struct rctl_rule *rule)
sys/kern/kern_rctl.c
981
switch (rule->rr_subject_type) {
sys/kern/kern_rctl.c
986
if (rule->rr_subject.rs_prison_racct != NULL)
sys/kern/kern_rctl.c
987
prison_racct_free(rule->rr_subject.rs_prison_racct);
sys/kern/kern_rctl.c
990
if (rule->rr_subject.rs_uip != NULL)
sys/kern/kern_rctl.c
991
uifree(rule->rr_subject.rs_uip);
sys/kern/kern_rctl.c
994
if (rule->rr_subject.rs_loginclass != NULL)
sys/kern/kern_rctl.c
995
loginclass_free(rule->rr_subject.rs_loginclass);
sys/kern/kern_rctl.c
999
rule->rr_subject_type);
sys/net/dummymbuf.c
144
#define FEEDBACK_RULE(rule, msg) \
sys/net/dummymbuf.c
147
(rule).syntax_len, (rule).syntax_begin \
sys/net/dummymbuf.c
150
#define FEEDBACK_PFIL(pfil_type, pfil_flags, ifp, rule, msg) \
sys/net/dummymbuf.c
159
(rule).syntax_len, (rule).syntax_begin \
sys/net/dummymbuf.c
166
struct rule;
sys/net/dummymbuf.c
179
dmb_m_pull_head(struct mbuf *m, struct rule *rule)
sys/net/dummymbuf.c
184
count = (int)strtol(rule->opargs, NULL, 10);
sys/net/dummymbuf.c
213
dmb_m_enlarge(struct mbuf *m, struct rule *rule)
sys/net/dummymbuf.c
218
size = (int)strtol(rule->opargs, NULL, 10);
sys/net/dummymbuf.c
244
read_rule(const char **cur, struct rule *rule, bool *eof)
sys/net/dummymbuf.c
248
rule->syntax_begin = NULL;
sys/net/dummymbuf.c
249
rule->syntax_len = 0;
sys/net/dummymbuf.c
257
rule->syntax_begin = *cur;
sys/net/dummymbuf.c
258
rule->syntax_len = strlen(rule->syntax_begin);
sys/net/dummymbuf.c
264
rule->syntax_len = (int)(delim - *cur + 1);
sys/net/dummymbuf.c
268
rule->pfil_type = PFIL_TYPE_IP6;
sys/net/dummymbuf.c
271
rule->pfil_type = PFIL_TYPE_IP4;
sys/net/dummymbuf.c
274
rule->pfil_type = PFIL_TYPE_ETHERNET;
sys/net/dummymbuf.c
284
rule->pfil_dir = PFIL_IN;
sys/net/dummymbuf.c
287
rule->pfil_dir = PFIL_OUT;
sys/net/dummymbuf.c
300
if (len >= sizeof(rule->ifname))
sys/net/dummymbuf.c
302
strncpy(rule->ifname, *cur, len);
sys/net/dummymbuf.c
303
rule->ifname[len] = 0;
sys/net/dummymbuf.c
310
rule->op = dmb_m_pull_head;
sys/net/dummymbuf.c
313
rule->op = dmb_m_enlarge;
sys/net/dummymbuf.c
324
rule->opargs = *cur;
sys/net/dummymbuf.c
340
struct rule rule;
sys/net/dummymbuf.c
345
while (!eof && (parsed = read_rule(&cursor, &rule, &eof))) {
sys/net/dummymbuf.c
350
FEEDBACK_RULE(rule, "rule parsing failed");
sys/net/dummymbuf.c
364
struct rule rule;
sys/net/dummymbuf.c
369
while (!eof && (parsed = read_rule(&cursor, &rule, &eof))) {
sys/net/dummymbuf.c
370
if (rule.pfil_type == pfil_type &&
sys/net/dummymbuf.c
371
rule.pfil_dir == (flags & rule.pfil_dir) &&
sys/net/dummymbuf.c
372
strcmp(rule.ifname, ifp->if_xname) == 0) {
sys/net/dummymbuf.c
373
m = rule.op(m, &rule);
sys/net/dummymbuf.c
375
FEEDBACK_PFIL(pfil_type, flags, ifp, rule,
sys/net/dummymbuf.c
383
FEEDBACK_PFIL(pfil_type, flags, ifp, rule,
sys/net/pfvar.h
1081
uint32_t rule;
sys/net/pfvar.h
1188
struct pf_krule *rule;
sys/net/pfvar.h
1486
u_int32_t rule;
sys/net/pfvar.h
1513
u_int32_t rule;
sys/net/pfvar.h
1552
u_int32_t rule;
sys/net/pfvar.h
2271
struct pf_rule rule;
sys/net/pfvar.h
934
struct pf_krule *rule;
sys/netgraph/ng_ipfw.c
294
(hook = ng_ipfw_findhook1(fw_node, fwa->rule.info & IPFW_INFO_MASK)) == NULL)
sys/netgraph/ng_ipfw.c
315
*r = fwa->rule;
sys/netinet/ip_fw.h
784
#define ACTION_PTR(rule) \
sys/netinet/ip_fw.h
785
((ipfw_insn *)( (uint32_t *)((rule)->cmd) + ((rule)->act_ofs) ))
sys/netinet/ip_fw.h
787
#define RULESIZE(rule) (sizeof(*(rule)) + (rule)->cmd_len * 4 - 4)
sys/netinet/libalias/alias_db.c
2369
struct ip_fw *rule = (struct ip_fw *)buf;
sys/netinet/libalias/alias_db.c
2370
ipfw_insn *cmd = (ipfw_insn *)rule->cmd;
sys/netinet/libalias/alias_db.c
2373
rule->rulenum = rulenum;
sys/netinet/libalias/alias_db.c
2381
rule->act_ofs = (u_int32_t *)cmd - (u_int32_t *)rule->cmd;
sys/netinet/libalias/alias_db.c
2384
rule->cmd_len = (u_int32_t *)cmd - (u_int32_t *)rule->cmd;
sys/netinet/libalias/alias_db.c
2422
struct ip_fw rule; /* On-the-fly built rule */
sys/netinet/libalias/alias_db.c
2433
memset(&rule, 0, sizeof rule);
sys/netinet/libalias/alias_db.c
2501
struct ip_fw rule;
sys/netinet/libalias/alias_db.c
2506
memset(&rule, 0, sizeof rule); /* useless for ipfw2 */
sys/netinet/libalias/alias_db.c
2518
struct ip_fw rule; /* On-the-fly built rule */
sys/netinet/libalias/alias_db.c
2524
memset(&rule, 0, sizeof rule);
sys/netpfil/ipfw/ip_dn_io.c
884
dt->rule = fwa->rule;
sys/netpfil/ipfw/ip_dn_io.c
886
dt->rule.info &= (IPFW_ONEPASS | IPFW_IS_DUMMYNET);
sys/netpfil/ipfw/ip_dn_io.c
914
fs_id = (fwa->rule.info & IPFW_INFO_MASK) +
sys/netpfil/ipfw/ip_dn_io.c
915
((fwa->rule.info & IPFW_IS_PIPE) ? 2*DN_MAX_ID : 0);
sys/netpfil/ipfw/ip_dn_private.h
369
struct ipfw_rule_ref rule; /* matching rule */
sys/netpfil/ipfw/ip_fw2.c
1227
args->rule.chain_id = chain->id;
sys/netpfil/ipfw/ip_fw2.c
1228
args->rule.slot = slot + 1; /* we use 0 as a marker */
sys/netpfil/ipfw/ip_fw2.c
1229
args->rule.rule_id = 1 + chain->map[slot]->id;
sys/netpfil/ipfw/ip_fw2.c
1230
args->rule.rulenum = chain->map[slot]->rulenum;
sys/netpfil/ipfw/ip_fw2.c
1896
f_pos = (args->rule.chain_id == chain->id) ?
sys/netpfil/ipfw/ip_fw2.c
1897
args->rule.slot :
sys/netpfil/ipfw/ip_fw2.c
1898
ipfw_find_rule(chain, args->rule.rulenum,
sys/netpfil/ipfw/ip_fw2.c
1899
args->rule.rule_id);
sys/netpfil/ipfw/ip_fw2.c
2090
match = ((args->rule.info & IPFW_IS_MASK) ==
sys/netpfil/ipfw/ip_fw2.c
2092
((args->rule.info & IPFW_INFO_IN) ?
sys/netpfil/ipfw/ip_fw2.c
2267
key.u32 = args->rule.pkt_mark;
sys/netpfil/ipfw/ip_fw2.c
2925
(args->rule.pkt_mark &
sys/netpfil/ipfw/ip_fw2.c
3048
args->rule.info = TARG(cmd->arg1, pipe);
sys/netpfil/ipfw/ip_fw2.c
3050
args->rule.info |= IPFW_IS_PIPE;
sys/netpfil/ipfw/ip_fw2.c
3052
args->rule.info |= IPFW_ONEPASS;
sys/netpfil/ipfw/ip_fw2.c
3068
args->rule.info = TARG(cmd->arg1, divert);
sys/netpfil/ipfw/ip_fw2.c
3355
args->rule.info = TARG(cmd->arg1, netgraph);
sys/netpfil/ipfw/ip_fw2.c
3357
args->rule.info |= IPFW_ONEPASS;
sys/netpfil/ipfw/ip_fw2.c
3420
args->rule.info = 0;
sys/netpfil/ipfw/ip_fw2.c
3473
args->rule.info = 0;
sys/netpfil/ipfw/ip_fw2.c
3482
args->rule.pkt_mark = (
sys/netpfil/ipfw/ip_fw2.c
3544
struct ip_fw *rule = chain->map[f_pos];
sys/netpfil/ipfw/ip_fw2.c
3546
IPFW_INC_RULE_COUNTER(rule, pktlen);
sys/netpfil/ipfw/ip_fw2.c
3553
args, rule);
sys/netpfil/ipfw/ip_fw2.c
3698
struct ip_fw *rule = NULL;
sys/netpfil/ipfw/ip_fw2.c
3729
free(rule, M_IPFW);
sys/netpfil/ipfw/ip_fw2.c
3737
rule = ipfw_alloc_rule(chain, sizeof(struct ip_fw));
sys/netpfil/ipfw/ip_fw2.c
3738
rule->flags |= IPFW_RULE_NOOPT;
sys/netpfil/ipfw/ip_fw2.c
3739
rule->cmd_len = 1;
sys/netpfil/ipfw/ip_fw2.c
3740
rule->cmd[0].len = 1;
sys/netpfil/ipfw/ip_fw2.c
3741
rule->cmd[0].opcode = default_to_accept ? O_ACCEPT : O_DENY;
sys/netpfil/ipfw/ip_fw2.c
3742
chain->default_rule = rule;
sys/netpfil/ipfw/ip_fw2.c
3743
ipfw_add_protected_rule(chain, rule);
sys/netpfil/ipfw/ip_fw_bpf.c
102
ipfw_tap_free(struct ip_fw_chain *ch, uint32_t rule)
sys/netpfil/ipfw/ip_fw_bpf.c
104
struct ipfw_tap *tap, key = { .rule = rule };
sys/netpfil/ipfw/ip_fw_bpf.c
106
MPASS(rule > 0 && rule < IPFW_DEFAULT_RULE);
sys/netpfil/ipfw/ip_fw_bpf.c
127
struct ipfw_tap key = { .rule = rulenum };
sys/netpfil/ipfw/ip_fw_bpf.c
60
uint32_t rule;
sys/netpfil/ipfw/ip_fw_bpf.c
69
return (a->rule != b->rule ? (a->rule < b->rule ? -1 : 1) : 0);
sys/netpfil/ipfw/ip_fw_bpf.c
76
ipfw_tap_alloc(struct ip_fw_chain *ch, uint32_t rule)
sys/netpfil/ipfw/ip_fw_bpf.c
78
struct ipfw_tap *tap, key = { .rule = rule };
sys/netpfil/ipfw/ip_fw_bpf.c
81
MPASS(rule > 0 && rule < IPFW_DEFAULT_RULE);
sys/netpfil/ipfw/ip_fw_bpf.c
86
MPASS(tap->rule == rule);
sys/netpfil/ipfw/ip_fw_bpf.c
91
tap->rule = rule;
sys/netpfil/ipfw/ip_fw_bpf.c
93
n = snprintf(tap->name, sizeof(tap->name), "ipfw%u", rule);
sys/netpfil/ipfw/ip_fw_compat.c
77
struct ip_fw *rule; /* pointer to rule */
sys/netpfil/ipfw/ip_fw_dynamic.c
1132
dyn_lookup_ipv4_parent(const struct ipfw_flow_id *pkt, const void *rule,
sys/netpfil/ipfw/ip_fw_dynamic.c
1150
if (s->limit->parent == rule &&
sys/netpfil/ipfw/ip_fw_dynamic.c
1169
const void *rule, uint32_t ruleid, uint32_t rulenum, uint32_t bucket)
sys/netpfil/ipfw/ip_fw_dynamic.c
1175
if (s->limit->parent == rule &&
sys/netpfil/ipfw/ip_fw_dynamic.c
1282
const void *rule, uint32_t ruleid, uint32_t rulenum, uint32_t hashval)
sys/netpfil/ipfw/ip_fw_dynamic.c
1299
if (s->limit->parent == rule &&
sys/netpfil/ipfw/ip_fw_dynamic.c
1319
const void *rule, uint32_t ruleid, uint32_t rulenum, uint32_t bucket)
sys/netpfil/ipfw/ip_fw_dynamic.c
1325
if (s->limit->parent == rule &&
sys/netpfil/ipfw/ip_fw_dynamic.c
1343
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
1356
rule = V_layer3_chain.map[data->f_pos];
sys/netpfil/ipfw/ip_fw_dynamic.c
1357
cmd = ACTION_PTR(rule);
sys/netpfil/ipfw/ip_fw_dynamic.c
1381
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
1387
rule = NULL;
sys/netpfil/ipfw/ip_fw_dynamic.c
1406
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
1408
rule = data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
1421
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
1423
rule = data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
1461
if (V_layer3_chain.map[data->f_pos] == rule) {
sys/netpfil/ipfw/ip_fw_dynamic.c
1470
if (dyn_handle_orphaned(rule, data) == 0) {
sys/netpfil/ipfw/ip_fw_dynamic.c
1474
rule = NULL;
sys/netpfil/ipfw/ip_fw_dynamic.c
1478
rule = NULL;
sys/netpfil/ipfw/ip_fw_dynamic.c
1481
"invalid in data %p", rule, data->ruleid,
sys/netpfil/ipfw/ip_fw_dynamic.c
1498
if (rule != NULL && (V_set_disable & (1 << rule->set))) {
sys/netpfil/ipfw/ip_fw_dynamic.c
1499
rule = NULL;
sys/netpfil/ipfw/ip_fw_dynamic.c
1503
return (rule);
sys/netpfil/ipfw/ip_fw_dynamic.c
1588
dyn_add_ipv4_parent(void *rule, uint32_t ruleid, uint32_t rulenum,
sys/netpfil/ipfw/ip_fw_dynamic.c
1603
s = dyn_lookup_ipv4_parent_locked(pkt, rule, ruleid,
sys/netpfil/ipfw/ip_fw_dynamic.c
1617
limit = dyn_alloc_parent(rule, ruleid, rulenum, hashval);
sys/netpfil/ipfw/ip_fw_dynamic.c
1719
dyn_add_ipv6_parent(void *rule, uint32_t ruleid, uint32_t rulenum,
sys/netpfil/ipfw/ip_fw_dynamic.c
1734
s = dyn_lookup_ipv6_parent_locked(pkt, zoneid, rule, ruleid,
sys/netpfil/ipfw/ip_fw_dynamic.c
1748
limit = dyn_alloc_parent(rule, ruleid, rulenum, hashval);
sys/netpfil/ipfw/ip_fw_dynamic.c
1823
struct ip_fw *rule, uint32_t hashval, uint32_t limit, uint32_t kidx)
sys/netpfil/ipfw/ip_fw_dynamic.c
1838
s = dyn_lookup_ipv4_parent(pkt, rule, rule->id,
sys/netpfil/ipfw/ip_fw_dynamic.c
1839
rule->rulenum, bucket);
sys/netpfil/ipfw/ip_fw_dynamic.c
1847
s = dyn_add_ipv4_parent(rule, rule->id,
sys/netpfil/ipfw/ip_fw_dynamic.c
1848
rule->rulenum, pkt, hashval, version, kidx);
sys/netpfil/ipfw/ip_fw_dynamic.c
1861
s = dyn_lookup_ipv6_parent(pkt, zoneid, rule, rule->id,
sys/netpfil/ipfw/ip_fw_dynamic.c
1862
rule->rulenum, bucket);
sys/netpfil/ipfw/ip_fw_dynamic.c
1870
s = dyn_add_ipv6_parent(rule, rule->id,
sys/netpfil/ipfw/ip_fw_dynamic.c
1871
rule->rulenum, pkt, zoneid, hashval, version,
sys/netpfil/ipfw/ip_fw_dynamic.c
1892
rule->rulenum);
sys/netpfil/ipfw/ip_fw_dynamic.c
1915
uint16_t fibnum, const void *ulp, int pktlen, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_dynamic.c
1925
ruleid = rule->id;
sys/netpfil/ipfw/ip_fw_dynamic.c
1926
rulenum = rule->rulenum;
sys/netpfil/ipfw/ip_fw_dynamic.c
1957
parent_hashval = hash_parent(&id, rule);
sys/netpfil/ipfw/ip_fw_dynamic.c
1958
rule = dyn_get_parent_state(&id, zoneid, rule, parent_hashval,
sys/netpfil/ipfw/ip_fw_dynamic.c
1960
if (rule == NULL) {
sys/netpfil/ipfw/ip_fw_dynamic.c
1965
"%u drop session", rule->rulenum);
sys/netpfil/ipfw/ip_fw_dynamic.c
1981
ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
sys/netpfil/ipfw/ip_fw_dynamic.c
1985
ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
sys/netpfil/ipfw/ip_fw_dynamic.c
2005
((struct dyn_ipv4_state *)rule)->limit);
sys/netpfil/ipfw/ip_fw_dynamic.c
2009
((struct dyn_ipv6_state *)rule)->limit);
sys/netpfil/ipfw/ip_fw_dynamic.c
2039
ipfw_dyn_install_state(struct ip_fw_chain *chain, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_dynamic.c
2062
0, M_GETFIB(args->m), ulp, pktlen, rule, info, limit,
sys/netpfil/ipfw/ip_fw_dynamic.c
2186
struct ip_fw *rule, uint32_t kidx)
sys/netpfil/ipfw/ip_fw_dynamic.c
2208
rule->refcnt++;
sys/netpfil/ipfw/ip_fw_dynamic.c
2213
struct ip_fw *rule, uint32_t kidx)
sys/netpfil/ipfw/ip_fw_dynamic.c
2226
if (--rule->refcnt == 1)
sys/netpfil/ipfw/ip_fw_dynamic.c
2227
ipfw_free_rule(rule);
sys/netpfil/ipfw/ip_fw_dynamic.c
2242
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
2246
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2247
return (dyn_match_range(s->limit->rulenum, rule->set, rt));
sys/netpfil/ipfw/ip_fw_dynamic.c
2250
rule = s->data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2252
rule = ((struct dyn_ipv4_state *)rule)->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2254
ret = dyn_match_range(s->data->rulenum, rule->set, rt);
sys/netpfil/ipfw/ip_fw_dynamic.c
2258
dyn_acquire_rule(ch, s->data, rule, s->kidx);
sys/netpfil/ipfw/ip_fw_dynamic.c
2267
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
2271
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2272
return (dyn_match_range(s->limit->rulenum, rule->set, rt));
sys/netpfil/ipfw/ip_fw_dynamic.c
2275
rule = s->data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2277
rule = ((struct dyn_ipv6_state *)rule)->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
2279
ret = dyn_match_range(s->data->rulenum, rule->set, rt);
sys/netpfil/ipfw/ip_fw_dynamic.c
2283
dyn_acquire_rule(ch, s->data, rule, s->kidx);
sys/netpfil/ipfw/ip_fw_dynamic.c
2301
void *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
2342
rule = s->data->parent; \
sys/netpfil/ipfw/ip_fw_dynamic.c
2344
rule = ((__typeof(s)) \
sys/netpfil/ipfw/ip_fw_dynamic.c
2345
rule)->limit->parent;\
sys/netpfil/ipfw/ip_fw_dynamic.c
2347
rule, s->kidx); \
sys/netpfil/ipfw/ip_fw_dynamic.c
2868
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
2875
rule = s->data->parent; \
sys/netpfil/ipfw/ip_fw_dynamic.c
2877
rule = ((__typeof(s))rule)->limit->parent; \
sys/netpfil/ipfw/ip_fw_dynamic.c
2878
ipfw_reset_eaction(ch, rule, eaction_id, \
sys/netpfil/ipfw/ip_fw_dynamic.c
2949
ipfw_is_dyn_rule(struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_dynamic.c
2954
l = rule->cmd_len;
sys/netpfil/ipfw/ip_fw_dynamic.c
2955
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_dynamic.c
3019
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
3023
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3024
dyn_export_parent(s->limit, s->kidx, rule->set, dst);
sys/netpfil/ipfw/ip_fw_dynamic.c
3027
rule = s->data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3029
rule = ((struct dyn_ipv4_state *)rule)->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3030
dyn_export_data(s->data, s->kidx, s->type, rule->set, dst);
sys/netpfil/ipfw/ip_fw_dynamic.c
3051
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
3055
rule = s->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3056
dyn_export_parent(s->limit, s->kidx, rule->set, dst);
sys/netpfil/ipfw/ip_fw_dynamic.c
3059
rule = s->data->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3061
rule = ((struct dyn_ipv6_state *)rule)->limit->parent;
sys/netpfil/ipfw/ip_fw_dynamic.c
3062
dyn_export_data(s->data, s->kidx, s->type, rule->set, dst);
sys/netpfil/ipfw/ip_fw_dynamic.c
3158
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_dynamic.c
3163
rule = ipfw_alloc_rule(chain, sizeof(*rule) + sizeof(ipfw_insn) + l);
sys/netpfil/ipfw/ip_fw_dynamic.c
3164
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_dynamic.c
3173
rule->act_ofs = cmd - rule->cmd;
sys/netpfil/ipfw/ip_fw_dynamic.c
3174
rule->cmd_len = rule->act_ofs + 1;
sys/netpfil/ipfw/ip_fw_dynamic.c
3175
ipfw_add_protected_rule(chain, rule);
sys/netpfil/ipfw/ip_fw_dynamic.c
801
hash_parent(const struct ipfw_flow_id *id, const void *rule)
sys/netpfil/ipfw/ip_fw_dynamic.c
804
return (hash_packet(id) ^ ((uintptr_t)rule));
sys/netpfil/ipfw/ip_fw_dynamic.c
897
hash_parent(const struct ipfw_flow_id *id, const void *rule)
sys/netpfil/ipfw/ip_fw_dynamic.c
900
return (jenkins_hash32((const uint32_t *)&rule,
sys/netpfil/ipfw/ip_fw_dynamic.c
901
sizeof(rule) / sizeof(uint32_t), hash_packet(id)));
sys/netpfil/ipfw/ip_fw_eaction.c
382
ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_eaction.c
395
cmd = ipfw_get_action(rule);
sys/netpfil/ipfw/ip_fw_eaction.c
407
l = rule->cmd + rule->cmd_len - cmd;
sys/netpfil/ipfw/ip_fw_eaction.c
422
rule->rulenum, rule->cmd_len,
sys/netpfil/ipfw/ip_fw_eaction.c
423
rule->cmd_len - F_LEN(icmd));
sys/netpfil/ipfw/ip_fw_eaction.c
424
rule->cmd_len -= F_LEN(icmd);
sys/netpfil/ipfw/ip_fw_eaction.c
426
(uint32_t *)rule->cmd) == rule->cmd_len);
sys/netpfil/ipfw/ip_fw_log.c
425
if (args->rule.pkt_mark)
sys/netpfil/ipfw/ip_fw_log.c
427
args->rule.pkt_mark);
sys/netpfil/ipfw/ip_fw_log.c
666
hdr->mark = args->rule.pkt_mark;
sys/netpfil/ipfw/ip_fw_pfil.c
130
args.rule.pkt_mark = 0;
sys/netpfil/ipfw/ip_fw_pfil.c
138
args.rule = *((struct ipfw_rule_ref *)(tag+1));
sys/netpfil/ipfw/ip_fw_pfil.c
140
if (args.rule.info & IPFW_ONEPASS)
sys/netpfil/ipfw/ip_fw_pfil.c
352
args.rule = *((struct ipfw_rule_ref *)(mtag+1));
sys/netpfil/ipfw/ip_fw_pfil.c
354
if (args.rule.info & IPFW_ONEPASS)
sys/netpfil/ipfw/ip_fw_pfil.c
562
*((struct ipfw_rule_ref *)(tag+1)) = args->rule;
sys/netpfil/ipfw/ip_fw_private.h
108
struct ipfw_rule_ref rule; /* match/restart info */
sys/netpfil/ipfw/ip_fw_private.h
212
int ipfw_dyn_install_state(struct ip_fw_chain *chain, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_private.h
220
int ipfw_is_dyn_rule(struct ip_fw *rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
1000
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
1002
clear_counters(rule, log_only);
sys/netpfil/ipfw/ip_fw_sockopt.c
1150
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
1175
rule = chain->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
1176
if (rule->set == (uint8_t)rt->set)
sys/netpfil/ipfw/ip_fw_sockopt.c
1177
rule->set = (uint8_t)rt->new_set;
sys/netpfil/ipfw/ip_fw_sockopt.c
1178
else if (rule->set == (uint8_t)rt->new_set && mv == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
1179
rule->set = (uint8_t)rt->set;
sys/netpfil/ipfw/ip_fw_sockopt.c
1236
ipfw_check_rule(struct ip_fw_rule *rule, size_t size,
sys/netpfil/ipfw/ip_fw_sockopt.c
1241
if (size < sizeof(*rule)) {
sys/netpfil/ipfw/ip_fw_sockopt.c
1247
l = roundup2(RULESIZE(rule), sizeof(uint64_t));
sys/netpfil/ipfw/ip_fw_sockopt.c
1252
if (rule->act_ofs >= rule->cmd_len) {
sys/netpfil/ipfw/ip_fw_sockopt.c
1254
rule->act_ofs, rule->cmd_len - 1);
sys/netpfil/ipfw/ip_fw_sockopt.c
1258
if (rule->rulenum > IPFW_DEFAULT_RULE - 1)
sys/netpfil/ipfw/ip_fw_sockopt.c
1261
return (check_ipfw_rule_body(rule->cmd, rule->cmd_len, ci));
sys/netpfil/ipfw/ip_fw_sockopt.c
150
static int ref_rule_objects(struct ip_fw_chain *ch, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_sockopt.c
154
static void unref_rule_objects(struct ip_fw_chain *chain, struct ip_fw *rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
1849
mark_rule_objects(struct ip_fw_chain *ch, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_sockopt.c
1858
l = rule->cmd_len;
sys/netpfil/ipfw/ip_fw_sockopt.c
1859
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
1896
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
192
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
1937
rule = chain->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
1938
da.rsize += RULEUSIZE1(rule) + sizeof(ipfw_obj_tlv);
sys/netpfil/ipfw/ip_fw_sockopt.c
194
rule = malloc(rulesize, M_IPFW, M_WAITOK | M_ZERO);
sys/netpfil/ipfw/ip_fw_sockopt.c
1941
mark_rule_objects(chain, rule, &da);
sys/netpfil/ipfw/ip_fw_sockopt.c
195
rule->cntr = uma_zalloc_pcpu(V_ipfw_cntr_zone, M_WAITOK | M_ZERO);
sys/netpfil/ipfw/ip_fw_sockopt.c
196
rule->refcnt = 1;
sys/netpfil/ipfw/ip_fw_sockopt.c
198
return (rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
202
ipfw_free_rule(struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_sockopt.c
2103
unref_rule_objects(struct ip_fw_chain *ch, struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_sockopt.c
211
if (rule->refcnt > 1)
sys/netpfil/ipfw/ip_fw_sockopt.c
2114
l = rule->cmd_len;
sys/netpfil/ipfw/ip_fw_sockopt.c
2115
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
213
uma_zfree_pcpu(V_ipfw_cntr_zone, rule->cntr);
sys/netpfil/ipfw/ip_fw_sockopt.c
2137
if (ACTION_PTR(rule)->opcode == O_LOG)
sys/netpfil/ipfw/ip_fw_sockopt.c
2138
ipfw_tap_free(ch, rule->rulenum);
sys/netpfil/ipfw/ip_fw_sockopt.c
214
free(rule, M_IPFW);
sys/netpfil/ipfw/ip_fw_sockopt.c
2200
ref_rule_objects(struct ip_fw_chain *ch, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_sockopt.c
2208
l = rule->cmd_len;
sys/netpfil/ipfw/ip_fw_sockopt.c
2209
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
2228
pidx->off = rule->cmd_len - l;
sys/netpfil/ipfw/ip_fw_sockopt.c
2235
unref_oib_objects(ch, rule->cmd, oib, pidx);
sys/netpfil/ipfw/ip_fw_sockopt.c
2241
error = create_objects_compat(ch, rule->cmd, oib, pidx, ti);
sys/netpfil/ipfw/ip_fw_sockopt.c
524
ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_sockopt.c
534
map[chain->n_rules] = rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
535
rule->rulenum = IPFW_DEFAULT_RULE;
sys/netpfil/ipfw/ip_fw_sockopt.c
536
rule->set = RESVD_SET;
sys/netpfil/ipfw/ip_fw_sockopt.c
537
rule->id = chain->id + 1;
sys/netpfil/ipfw/ip_fw_sockopt.c
550
struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_sockopt.c
556
unref_rule_objects(chain, rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
558
rule->next = *head;
sys/netpfil/ipfw/ip_fw_sockopt.c
559
*head = rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
570
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
572
while ((rule = head) != NULL) {
sys/netpfil/ipfw/ip_fw_sockopt.c
574
ipfw_free_rule(rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
596
ipfw_match_range(struct ip_fw *rule, ipfw_range_tlv *rt)
sys/netpfil/ipfw/ip_fw_sockopt.c
600
if (rule->rulenum == IPFW_DEFAULT_RULE &&
sys/netpfil/ipfw/ip_fw_sockopt.c
605
if ((rt->flags & IPFW_RCFLAG_ALL) != 0 && rule->set == RESVD_SET)
sys/netpfil/ipfw/ip_fw_sockopt.c
609
if ((rt->flags & IPFW_RCFLAG_SET) != 0 && rule->set != rt->set)
sys/netpfil/ipfw/ip_fw_sockopt.c
613
(rule->rulenum < rt->start_rule || rule->rulenum > rt->end_rule))
sys/netpfil/ipfw/ip_fw_sockopt.c
735
struct ip_fw *reap, *rule, **map;
sys/netpfil/ipfw/ip_fw_sockopt.c
778
rule = chain->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
779
if (ipfw_match_range(rule, rt) == 0) {
sys/netpfil/ipfw/ip_fw_sockopt.c
780
map[ofs++] = rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
785
if (ipfw_is_dyn_rule(rule) != 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
800
rule = map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
801
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
803
ipfw_reap_add(chain, &reap, rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
818
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
827
rule = ch->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
828
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
830
if (rule->set == rt->new_set) /* nothing to do */
sys/netpfil/ipfw/ip_fw_sockopt.c
833
for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
854
rule = ch->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
855
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
857
if (rule->set == rt->new_set) /* nothing to do */
sys/netpfil/ipfw/ip_fw_sockopt.c
860
for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
873
rule = ch->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
874
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
876
if (rule->set == rt->new_set) /* nothing to do */
sys/netpfil/ipfw/ip_fw_sockopt.c
879
for (l = rule->cmd_len, cmdlen = 0, cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_sockopt.c
907
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
926
rule = chain->map[i];
sys/netpfil/ipfw/ip_fw_sockopt.c
927
if (ipfw_match_range(rule, rt) == 0)
sys/netpfil/ipfw/ip_fw_sockopt.c
929
rule->set = rt->new_set;
sys/netpfil/ipfw/ip_fw_sockopt.c
942
ipfw_get_action(struct ip_fw *rule)
sys/netpfil/ipfw/ip_fw_sockopt.c
947
cmd = ACTION_PTR(rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
948
l = rule->cmd_len - rule->act_ofs;
sys/netpfil/ipfw/ip_fw_sockopt.c
962
panic("%s: rule (%p) has not action opcode", __func__, rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
972
clear_counters(struct ip_fw *rule, int log_only)
sys/netpfil/ipfw/ip_fw_sockopt.c
974
ipfw_insn_log *l = (ipfw_insn_log *)ACTION_PTR(rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
977
IPFW_ZERO_RULE_COUNTER(rule);
sys/netpfil/ipfw/ip_fw_sockopt.c
990
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_sockopt.c
999
rule = chain->map[i];
sys/netpfil/ipfw/ip_fw_table.c
2468
struct ip_fw *rule;
sys/netpfil/ipfw/ip_fw_table.c
2496
rule = ch->map[i];
sys/netpfil/ipfw/ip_fw_table.c
2498
l = rule->cmd_len;
sys/netpfil/ipfw/ip_fw_table.c
2499
cmd = rule->cmd;
sys/netpfil/ipfw/ip_fw_table.c
2515
if (no->set != 0 || rule->set != 0) {
sys/netpfil/ipfw/ip_fw_table.h
198
int ipfw_mark_table_kidx(struct ip_fw_chain *chain, struct ip_fw *rule,
sys/netpfil/ipfw/ip_fw_table.h
202
void ipfw_unref_rule_tables(struct ip_fw_chain *chain, struct ip_fw *rule);
sys/netpfil/pf/if_pfsync.c
2197
if ((st->rule->rule_flag & PFRULE_NOSYNC) ||
sys/netpfil/pf/if_pfsync.c
600
if (sp->pfs_1301.rule != htonl(-1) && sp->pfs_1301.anchor == htonl(-1) &&
sys/netpfil/pf/if_pfsync.c
601
(flags & (PFSYNC_SI_IOCTL | PFSYNC_SI_CKSUM)) && ntohl(sp->pfs_1301.rule) <
sys/netpfil/pf/if_pfsync.c
605
if (ntohl(sp->pfs_1301.rule) == n++)
sys/netpfil/pf/if_pfsync.c
881
st->rule = r;
sys/netpfil/pf/pf.c
10544
dnflow->rule.info = pd->act.dnrpipe;
sys/netpfil/pf/pf.c
10547
dnflow->rule.info = pd->act.dnpipe;
sys/netpfil/pf/pf.c
10553
dnflow->rule.info |= IPFW_IS_DUMMYNET;
sys/netpfil/pf/pf.c
10555
dnflow->rule.info |= IPFW_IS_PIPE;
sys/netpfil/pf/pf.c
10558
dnflow->f_id.extra = dnflow->rule.info;
sys/netpfil/pf/pf.c
1093
if (state->rule->max_src_conn &&
sys/netpfil/pf/pf.c
1094
state->rule->max_src_conn <
sys/netpfil/pf/pf.c
1100
if (state->rule->max_src_conn_rate.limit &&
sys/netpfil/pf/pf.c
1113
if (state->rule->overload_tbl == NULL)
sys/netpfil/pf/pf.c
1123
pfoe->rule = state->rule;
sys/netpfil/pf/pf.c
11501
dir_out = (pd->naf == s->rule->naf);
sys/netpfil/pf/pf.c
11504
s_dir_rev = (pd->naf == s->rule->af);
sys/netpfil/pf/pf.c
11775
r = s->rule;
sys/netpfil/pf/pf.c
1178
pfr_insert_kentry(pfoe->rule->overload_tbl, &p, time_second);
sys/netpfil/pf/pf.c
11829
r = s->rule;
sys/netpfil/pf/pf.c
11859
r = s->rule;
sys/netpfil/pf/pf.c
1186
if (pfoe->rule->flush == 0) {
sys/netpfil/pf/pf.c
1209
((pfoe->rule->flush & PF_FLUSH_GLOBAL) ||
sys/netpfil/pf/pf.c
1210
pfoe->rule == s->rule) &&
sys/netpfil/pf/pf.c
1234
pf_find_src_node(struct pf_addr *src, struct pf_krule *rule, sa_family_t af,
sys/netpfil/pf/pf.c
1244
if (n->rule == rule && n->af == af && n->type == sn_type &&
sys/netpfil/pf/pf.c
1291
struct pf_srchash *snhs[PF_SN_MAX], struct pf_krule *rule,
sys/netpfil/pf/pf.c
1296
struct pf_krule *r_track = rule;
sys/netpfil/pf/pf.c
1303
KASSERT(sn_type != PF_SN_LIMIT || (rule->rule_flag & PFRULE_SRCTRACK),
sys/netpfil/pf/pf.c
1312
if ( (rule->rule_flag & PFRULE_SRCTRACK) &&
sys/netpfil/pf/pf.c
1313
!(rule->rule_flag & PFRULE_RULESRCTRACK))
sys/netpfil/pf/pf.c
1325
if (sn_type == PF_SN_LIMIT && rule->max_src_nodes &&
sys/netpfil/pf/pf.c
1326
counter_u64_fetch(r_track->src_nodes[sn_type]) >= rule->max_src_nodes) {
sys/netpfil/pf/pf.c
1351
rule->max_src_conn_rate.limit,
sys/netpfil/pf/pf.c
1352
rule->max_src_conn_rate.seconds)) {
sys/netpfil/pf/pf.c
1362
(*sn)->rule = r_track;
sys/netpfil/pf/pf.c
1370
(*sn)->ruletype = rule->action;
sys/netpfil/pf/pf.c
1375
if (sn_type == PF_SN_LIMIT && rule->max_src_states &&
sys/netpfil/pf/pf.c
1376
(*sn)->states >= rule->max_src_states) {
sys/netpfil/pf/pf.c
1399
if (src->rule)
sys/netpfil/pf/pf.c
1400
counter_u64_add(src->rule->src_nodes[src->type], -1);
sys/netpfil/pf/pf.c
2263
if ((s)->rule->pktrate.limit && pd->dir == (s)->direction) {
sys/netpfil/pf/pf.c
2264
if (pf_check_threshold(&(s)->rule->pktrate)) {
sys/netpfil/pf/pf.c
274
struct pf_krule *rule;
sys/netpfil/pf/pf.c
2868
struct pf_krule *rule;
sys/netpfil/pf/pf.c
2886
rule = LIST_NEXT(V_pf_rulemarker, allrulelist);
sys/netpfil/pf/pf.c
2887
if (rule == NULL) {
sys/netpfil/pf/pf.c
2894
LIST_INSERT_AFTER(rule, V_pf_rulemarker, allrulelist);
sys/netpfil/pf/pf.c
2896
pf_counter_u64_periodic(&rule->evaluations);
sys/netpfil/pf/pf.c
2898
pf_counter_u64_periodic(&rule->packets[i]);
sys/netpfil/pf/pf.c
2899
pf_counter_u64_periodic(&rule->bytes[i]);
sys/netpfil/pf/pf.c
3026
timeout = state->rule->timeout[state->timeout];
sys/netpfil/pf/pf.c
3029
start = state->rule->timeout[PFTM_ADAPTIVE_START];
sys/netpfil/pf/pf.c
3030
if (start && state->rule != &V_pf_default_rule) {
sys/netpfil/pf/pf.c
3031
end = state->rule->timeout[PFTM_ADAPTIVE_END];
sys/netpfil/pf/pf.c
3032
states = counter_u64_fetch(state->rule->states_cur);
sys/netpfil/pf/pf.c
3065
} else if (cur->rule != NULL)
sys/netpfil/pf/pf.c
3066
cur->rule->rule_ref |= PFRULE_REFS;
sys/netpfil/pf/pf.c
3080
timeout = s->rule->timeout[PFTM_SRC_NODE] ?
sys/netpfil/pf/pf.c
3081
s->rule->timeout[PFTM_SRC_NODE] :
sys/netpfil/pf/pf.c
3124
pf_send_tcp(s->rule, s->key[PF_SK_WIRE]->af,
sys/netpfil/pf/pf.c
3276
s->rule->rule_ref |= PFRULE_REFS;
sys/netpfil/pf/pf.c
3505
if (s->rule)
sys/netpfil/pf/pf.c
3506
printf(" @%d", s->rule->nr);
sys/netpfil/pf/pf.c
4865
pf_send_tcp(s->rule, pd->af, pd->dst, pd->src,
sys/netpfil/pf/pf.c
4867
src->seqlo, TH_ACK, 0, 0, s->rule->return_ttl, 0, 0, 0,
sys/netpfil/pf/pf.c
4868
s->rule->rtableid, reason);
sys/netpfil/pf/pf.c
5891
dnflow.rule.info = r->dnpipe;
sys/netpfil/pf/pf.c
5892
dnflow.rule.info |= IPFW_IS_DUMMYNET;
sys/netpfil/pf/pf.c
5894
dnflow.rule.info |= IPFW_IS_PIPE;
sys/netpfil/pf/pf.c
5896
dnflow.f_id.extra = dnflow.rule.info;
sys/netpfil/pf/pf.c
6728
s->rule = r;
sys/netpfil/pf/pf.c
720
if (! (st->rule->rule_flag & PFRULE_IFBOUND))
sys/netpfil/pf/pf.c
727
if (st->rule->rt == PF_REPLYTO || (pd->af != pd->naf && st->direction == PF_IN))
sys/netpfil/pf/pf.c
753
counter_u64_add(s->rule->states_cur, 1); \
sys/netpfil/pf/pf.c
754
counter_u64_add(s->rule->states_tot, 1); \
sys/netpfil/pf/pf.c
759
if (s->nat_rule != NULL && s->nat_rule != s->rule) { \
sys/netpfil/pf/pf.c
7600
pf_send_tcp(state->rule, pd->af,
sys/netpfil/pf/pf.c
7604
state->rule->return_ttl, M_SKIP_FIREWALL,
sys/netpfil/pf/pf.c
7726
pf_send_tcp(state->rule, pd->af, pd->dst,
sys/netpfil/pf/pf.c
774
counter_u64_add(s->rule->states_cur, -1); \
sys/netpfil/pf/pf.c
7758
pf_send_tcp(state->rule, pd->af,
sys/netpfil/pf/pf.c
777
if (s->nat_rule != NULL && s->nat_rule != s->rule) \
sys/netpfil/pf/pf.c
7776
pf_send_tcp(state->rule, pd->af, pd->dst,
sys/netpfil/pf/pf.c
7782
pf_send_tcp(state->rule, pd->af,
sys/netpfil/pf/pf.c
7984
(*state)->rule->rule_flag & PFRULE_IFBOUND)
sys/netpfil/pf/pf.c
8264
if (s->rule->rule_flag & PFRULE_ALLOW_RELATED) {
sys/netpfil/pf/pf.c
8265
j->pd.related_rule = s->rule;
sys/netpfil/pf/pf.c
8585
if ((*state)->rule->type &&
sys/netpfil/pf/pf.h
701
union pf_rule_ptr rule;
sys/netpfil/pf/pf_ioctl.c
1277
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
1294
while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
sys/netpfil/pf/pf_ioctl.c
1295
pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule);
sys/netpfil/pf/pf_ioctl.c
1307
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
1317
while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
sys/netpfil/pf/pf_ioctl.c
1318
pf_unlink_rule(rs->rules[rs_num].inactive.ptr, rule);
sys/netpfil/pf/pf_ioctl.c
1407
pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
1412
pf_hash_rule_addr(ctx, &rule->src);
sys/netpfil/pf/pf_ioctl.c
1413
pf_hash_rule_addr(ctx, &rule->dst);
sys/netpfil/pf/pf_ioctl.c
1415
PF_MD5_UPD_STR(rule, label[i]);
sys/netpfil/pf/pf_ioctl.c
1416
PF_MD5_UPD_HTONL(rule, ridentifier, y);
sys/netpfil/pf/pf_ioctl.c
1417
PF_MD5_UPD_STR(rule, ifname);
sys/netpfil/pf/pf_ioctl.c
1418
PF_MD5_UPD_STR(rule, rcv_ifname);
sys/netpfil/pf/pf_ioctl.c
1419
PF_MD5_UPD_STR(rule, qname);
sys/netpfil/pf/pf_ioctl.c
1420
PF_MD5_UPD_STR(rule, pqname);
sys/netpfil/pf/pf_ioctl.c
1421
PF_MD5_UPD_STR(rule, tagname);
sys/netpfil/pf/pf_ioctl.c
1422
PF_MD5_UPD_STR(rule, match_tagname);
sys/netpfil/pf/pf_ioctl.c
1424
PF_MD5_UPD_STR(rule, overload_tblname);
sys/netpfil/pf/pf_ioctl.c
1426
pf_hash_pool(ctx, &rule->nat);
sys/netpfil/pf/pf_ioctl.c
1427
pf_hash_pool(ctx, &rule->rdr);
sys/netpfil/pf/pf_ioctl.c
1428
pf_hash_pool(ctx, &rule->route);
sys/netpfil/pf/pf_ioctl.c
1429
PF_MD5_UPD_HTONL(rule, pktrate.limit, y);
sys/netpfil/pf/pf_ioctl.c
1430
PF_MD5_UPD_HTONL(rule, pktrate.seconds, y);
sys/netpfil/pf/pf_ioctl.c
1432
PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
sys/netpfil/pf/pf_ioctl.c
1434
PF_MD5_UPD_HTONL(rule, rtableid, y);
sys/netpfil/pf/pf_ioctl.c
1436
PF_MD5_UPD_HTONL(rule, timeout[i], y);
sys/netpfil/pf/pf_ioctl.c
1437
PF_MD5_UPD_HTONL(rule, max_states, y);
sys/netpfil/pf/pf_ioctl.c
1438
PF_MD5_UPD_HTONL(rule, max_src_nodes, y);
sys/netpfil/pf/pf_ioctl.c
1439
PF_MD5_UPD_HTONL(rule, max_src_states, y);
sys/netpfil/pf/pf_ioctl.c
1440
PF_MD5_UPD_HTONL(rule, max_src_conn, y);
sys/netpfil/pf/pf_ioctl.c
1441
PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y);
sys/netpfil/pf/pf_ioctl.c
1442
PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y);
sys/netpfil/pf/pf_ioctl.c
1443
PF_MD5_UPD_HTONS(rule, max_pkt_size, y);
sys/netpfil/pf/pf_ioctl.c
1444
PF_MD5_UPD_HTONS(rule, qid, x);
sys/netpfil/pf/pf_ioctl.c
1445
PF_MD5_UPD_HTONS(rule, pqid, x);
sys/netpfil/pf/pf_ioctl.c
1446
PF_MD5_UPD_HTONS(rule, dnpipe, x);
sys/netpfil/pf/pf_ioctl.c
1447
PF_MD5_UPD_HTONS(rule, dnrpipe, x);
sys/netpfil/pf/pf_ioctl.c
1448
PF_MD5_UPD_HTONL(rule, free_flags, y);
sys/netpfil/pf/pf_ioctl.c
1449
PF_MD5_UPD_HTONL(rule, prob, y);
sys/netpfil/pf/pf_ioctl.c
1451
PF_MD5_UPD_HTONS(rule, return_icmp, x);
sys/netpfil/pf/pf_ioctl.c
1452
PF_MD5_UPD_HTONS(rule, return_icmp6, x);
sys/netpfil/pf/pf_ioctl.c
1453
PF_MD5_UPD_HTONS(rule, max_mss, x);
sys/netpfil/pf/pf_ioctl.c
1454
PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */
sys/netpfil/pf/pf_ioctl.c
1455
PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
sys/netpfil/pf/pf_ioctl.c
1456
PF_MD5_UPD_HTONS(rule, scrub_flags, x);
sys/netpfil/pf/pf_ioctl.c
1458
PF_MD5_UPD(rule, uid.op);
sys/netpfil/pf/pf_ioctl.c
1459
PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
sys/netpfil/pf/pf_ioctl.c
1460
PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
sys/netpfil/pf/pf_ioctl.c
1461
PF_MD5_UPD(rule, gid.op);
sys/netpfil/pf/pf_ioctl.c
1462
PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
sys/netpfil/pf/pf_ioctl.c
1463
PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
sys/netpfil/pf/pf_ioctl.c
1465
PF_MD5_UPD_HTONL(rule, rule_flag, y);
sys/netpfil/pf/pf_ioctl.c
1466
PF_MD5_UPD_HTONL(rule, rule_ref, y);
sys/netpfil/pf/pf_ioctl.c
1467
PF_MD5_UPD(rule, action);
sys/netpfil/pf/pf_ioctl.c
1468
PF_MD5_UPD(rule, direction);
sys/netpfil/pf/pf_ioctl.c
1469
PF_MD5_UPD(rule, log);
sys/netpfil/pf/pf_ioctl.c
1470
PF_MD5_UPD(rule, logif);
sys/netpfil/pf/pf_ioctl.c
1471
PF_MD5_UPD(rule, quick);
sys/netpfil/pf/pf_ioctl.c
1472
PF_MD5_UPD(rule, ifnot);
sys/netpfil/pf/pf_ioctl.c
1473
PF_MD5_UPD(rule, match_tag_not);
sys/netpfil/pf/pf_ioctl.c
1474
PF_MD5_UPD(rule, natpass);
sys/netpfil/pf/pf_ioctl.c
1476
PF_MD5_UPD(rule, keep_state);
sys/netpfil/pf/pf_ioctl.c
1477
PF_MD5_UPD(rule, af);
sys/netpfil/pf/pf_ioctl.c
1478
PF_MD5_UPD(rule, proto);
sys/netpfil/pf/pf_ioctl.c
1479
PF_MD5_UPD_HTONS(rule, type, x);
sys/netpfil/pf/pf_ioctl.c
1480
PF_MD5_UPD_HTONS(rule, code, x);
sys/netpfil/pf/pf_ioctl.c
1481
PF_MD5_UPD(rule, flags);
sys/netpfil/pf/pf_ioctl.c
1482
PF_MD5_UPD(rule, flagset);
sys/netpfil/pf/pf_ioctl.c
1483
PF_MD5_UPD(rule, min_ttl);
sys/netpfil/pf/pf_ioctl.c
1484
PF_MD5_UPD(rule, allow_opts);
sys/netpfil/pf/pf_ioctl.c
1485
PF_MD5_UPD(rule, rt);
sys/netpfil/pf/pf_ioctl.c
1486
PF_MD5_UPD(rule, return_ttl);
sys/netpfil/pf/pf_ioctl.c
1487
PF_MD5_UPD(rule, tos);
sys/netpfil/pf/pf_ioctl.c
1488
PF_MD5_UPD(rule, set_tos);
sys/netpfil/pf/pf_ioctl.c
1489
PF_MD5_UPD(rule, anchor_relative);
sys/netpfil/pf/pf_ioctl.c
1490
PF_MD5_UPD(rule, anchor_wildcard);
sys/netpfil/pf/pf_ioctl.c
1492
PF_MD5_UPD(rule, flush);
sys/netpfil/pf/pf_ioctl.c
1493
PF_MD5_UPD(rule, prio);
sys/netpfil/pf/pf_ioctl.c
1494
PF_MD5_UPD(rule, set_prio[0]);
sys/netpfil/pf/pf_ioctl.c
1495
PF_MD5_UPD(rule, set_prio[1]);
sys/netpfil/pf/pf_ioctl.c
1496
PF_MD5_UPD(rule, naf);
sys/netpfil/pf/pf_ioctl.c
1497
PF_MD5_UPD(rule, rcvifnot);
sys/netpfil/pf/pf_ioctl.c
1498
PF_MD5_UPD(rule, statelim.id);
sys/netpfil/pf/pf_ioctl.c
1499
PF_MD5_UPD_HTONL(rule, statelim.limiter_action, y);
sys/netpfil/pf/pf_ioctl.c
1500
PF_MD5_UPD(rule, sourcelim.id);
sys/netpfil/pf/pf_ioctl.c
1501
PF_MD5_UPD_HTONL(rule, sourcelim.limiter_action, y);
sys/netpfil/pf/pf_ioctl.c
1503
PF_MD5_UPD(rule, divert.addr);
sys/netpfil/pf/pf_ioctl.c
1504
PF_MD5_UPD_HTONS(rule, divert.port, x);
sys/netpfil/pf/pf_ioctl.c
1506
if (rule->anchor != NULL)
sys/netpfil/pf/pf_ioctl.c
1507
PF_MD5_UPD_STR(rule, anchor->path);
sys/netpfil/pf/pf_ioctl.c
1511
pf_hash_rule(struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
1516
pf_hash_rule_rolling(&ctx, rule);
sys/netpfil/pf/pf_ioctl.c
1517
MD5Final(rule->md5sum, &ctx);
sys/netpfil/pf/pf_ioctl.c
1531
struct pf_krule *rule, *old_rule;
sys/netpfil/pf/pf_ioctl.c
1571
TAILQ_FOREACH(rule, rs->rules[rs_num].active.ptr,
sys/netpfil/pf/pf_ioctl.c
1573
old_rule = RB_FIND(pf_krule_global, old_tree, rule);
sys/netpfil/pf/pf_ioctl.c
1578
pf_counter_u64_rollup_protected(&rule->evaluations,
sys/netpfil/pf/pf_ioctl.c
1580
pf_counter_u64_rollup_protected(&rule->packets[0],
sys/netpfil/pf/pf_ioctl.c
1582
pf_counter_u64_rollup_protected(&rule->packets[1],
sys/netpfil/pf/pf_ioctl.c
1584
pf_counter_u64_rollup_protected(&rule->bytes[0],
sys/netpfil/pf/pf_ioctl.c
1586
pf_counter_u64_rollup_protected(&rule->bytes[1],
sys/netpfil/pf/pf_ioctl.c
1602
while ((rule = TAILQ_FIRST(old_rules)) != NULL)
sys/netpfil/pf/pf_ioctl.c
1603
pf_unlink_rule_locked(old_rules, rule);
sys/netpfil/pf/pf_ioctl.c
1624
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
1635
TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr,
sys/netpfil/pf/pf_ioctl.c
1637
pf_hash_rule_rolling(&ctx, rule);
sys/netpfil/pf/pf_ioctl.c
2451
if (in->rule != NULL)
sys/netpfil/pf/pf_ioctl.c
2452
out->rule.nr = in->rule->nr;
sys/netpfil/pf/pf_ioctl.c
2719
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
2721
rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO);
sys/netpfil/pf/pf_ioctl.c
2722
mtx_init(&rule->nat.mtx, "pf_krule_nat_pool", NULL, MTX_DEF);
sys/netpfil/pf/pf_ioctl.c
2723
mtx_init(&rule->rdr.mtx, "pf_krule_rdr_pool", NULL, MTX_DEF);
sys/netpfil/pf/pf_ioctl.c
2724
mtx_init(&rule->route.mtx, "pf_krule_route_pool", NULL, MTX_DEF);
sys/netpfil/pf/pf_ioctl.c
2725
rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
sys/netpfil/pf/pf_ioctl.c
2727
return (rule);
sys/netpfil/pf/pf_ioctl.c
2731
pf_krule_free(struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
2737
if (rule == NULL)
sys/netpfil/pf/pf_ioctl.c
2741
if (rule->allrulelinked) {
sys/netpfil/pf/pf_ioctl.c
2745
LIST_REMOVE(rule, allrulelist);
sys/netpfil/pf/pf_ioctl.c
2752
pf_counter_u64_deinit(&rule->evaluations);
sys/netpfil/pf/pf_ioctl.c
2754
pf_counter_u64_deinit(&rule->packets[i]);
sys/netpfil/pf/pf_ioctl.c
2755
pf_counter_u64_deinit(&rule->bytes[i]);
sys/netpfil/pf/pf_ioctl.c
2757
counter_u64_free(rule->states_cur);
sys/netpfil/pf/pf_ioctl.c
2758
counter_u64_free(rule->states_tot);
sys/netpfil/pf/pf_ioctl.c
2760
counter_u64_free(rule->src_nodes[sn_type]);
sys/netpfil/pf/pf_ioctl.c
2761
uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
sys/netpfil/pf/pf_ioctl.c
2763
mtx_destroy(&rule->nat.mtx);
sys/netpfil/pf/pf_ioctl.c
2764
mtx_destroy(&rule->rdr.mtx);
sys/netpfil/pf/pf_ioctl.c
2765
mtx_destroy(&rule->route.mtx);
sys/netpfil/pf/pf_ioctl.c
2766
free(rule, M_PFRULE);
sys/netpfil/pf/pf_ioctl.c
2770
pf_krule_clear_counters(struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
2772
pf_counter_u64_zero(&rule->evaluations);
sys/netpfil/pf/pf_ioctl.c
2774
pf_counter_u64_zero(&rule->packets[i]);
sys/netpfil/pf/pf_ioctl.c
2775
pf_counter_u64_zero(&rule->bytes[i]);
sys/netpfil/pf/pf_ioctl.c
2777
counter_u64_zero(rule->states_tot);
sys/netpfil/pf/pf_ioctl.c
2819
pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
sys/netpfil/pf/pf_ioctl.c
2824
if (rule->af == AF_INET) {
sys/netpfil/pf/pf_ioctl.c
2829
if (rule->af == AF_INET6) {
sys/netpfil/pf/pf_ioctl.c
2834
ret = pf_check_rule_addr(&rule->src);
sys/netpfil/pf/pf_ioctl.c
2837
ret = pf_check_rule_addr(&rule->dst);
sys/netpfil/pf/pf_ioctl.c
2841
bcopy(&rule->src, &krule->src, sizeof(rule->src));
sys/netpfil/pf/pf_ioctl.c
2842
bcopy(&rule->dst, &krule->dst, sizeof(rule->dst));
sys/netpfil/pf/pf_ioctl.c
2844
ret = pf_user_strcpy(krule->label[0], rule->label, sizeof(rule->label));
sys/netpfil/pf/pf_ioctl.c
2847
ret = pf_user_strcpy(krule->ifname, rule->ifname, sizeof(rule->ifname));
sys/netpfil/pf/pf_ioctl.c
2850
ret = pf_user_strcpy(krule->qname, rule->qname, sizeof(rule->qname));
sys/netpfil/pf/pf_ioctl.c
2853
ret = pf_user_strcpy(krule->pqname, rule->pqname, sizeof(rule->pqname));
sys/netpfil/pf/pf_ioctl.c
2856
ret = pf_user_strcpy(krule->tagname, rule->tagname,
sys/netpfil/pf/pf_ioctl.c
2857
sizeof(rule->tagname));
sys/netpfil/pf/pf_ioctl.c
2860
ret = pf_user_strcpy(krule->match_tagname, rule->match_tagname,
sys/netpfil/pf/pf_ioctl.c
2861
sizeof(rule->match_tagname));
sys/netpfil/pf/pf_ioctl.c
2864
ret = pf_user_strcpy(krule->overload_tblname, rule->overload_tblname,
sys/netpfil/pf/pf_ioctl.c
2865
sizeof(rule->overload_tblname));
sys/netpfil/pf/pf_ioctl.c
2869
pf_pool_to_kpool(&rule->rpool, &krule->rdr);
sys/netpfil/pf/pf_ioctl.c
2874
krule->os_fingerprint = rule->os_fingerprint;
sys/netpfil/pf/pf_ioctl.c
2876
krule->rtableid = rule->rtableid;
sys/netpfil/pf/pf_ioctl.c
2878
bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout));
sys/netpfil/pf/pf_ioctl.c
2879
krule->max_states = rule->max_states;
sys/netpfil/pf/pf_ioctl.c
2880
krule->max_src_nodes = rule->max_src_nodes;
sys/netpfil/pf/pf_ioctl.c
2881
krule->max_src_states = rule->max_src_states;
sys/netpfil/pf/pf_ioctl.c
2882
krule->max_src_conn = rule->max_src_conn;
sys/netpfil/pf/pf_ioctl.c
2883
krule->max_src_conn_rate.limit = rule->max_src_conn_rate.limit;
sys/netpfil/pf/pf_ioctl.c
2884
krule->max_src_conn_rate.seconds = rule->max_src_conn_rate.seconds;
sys/netpfil/pf/pf_ioctl.c
2885
krule->qid = rule->qid;
sys/netpfil/pf/pf_ioctl.c
2886
krule->pqid = rule->pqid;
sys/netpfil/pf/pf_ioctl.c
2887
krule->nr = rule->nr;
sys/netpfil/pf/pf_ioctl.c
2888
krule->prob = rule->prob;
sys/netpfil/pf/pf_ioctl.c
2889
krule->cuid = rule->cuid;
sys/netpfil/pf/pf_ioctl.c
2890
krule->cpid = rule->cpid;
sys/netpfil/pf/pf_ioctl.c
2892
krule->return_icmp = rule->return_icmp;
sys/netpfil/pf/pf_ioctl.c
2893
krule->return_icmp6 = rule->return_icmp6;
sys/netpfil/pf/pf_ioctl.c
2894
krule->max_mss = rule->max_mss;
sys/netpfil/pf/pf_ioctl.c
2895
krule->tag = rule->tag;
sys/netpfil/pf/pf_ioctl.c
2896
krule->match_tag = rule->match_tag;
sys/netpfil/pf/pf_ioctl.c
2897
krule->scrub_flags = rule->scrub_flags;
sys/netpfil/pf/pf_ioctl.c
2899
bcopy(&rule->uid, &krule->uid, sizeof(krule->uid));
sys/netpfil/pf/pf_ioctl.c
2900
bcopy(&rule->gid, &krule->gid, sizeof(krule->gid));
sys/netpfil/pf/pf_ioctl.c
2902
krule->rule_flag = rule->rule_flag;
sys/netpfil/pf/pf_ioctl.c
2903
krule->action = rule->action;
sys/netpfil/pf/pf_ioctl.c
2904
krule->direction = rule->direction;
sys/netpfil/pf/pf_ioctl.c
2905
krule->log = rule->log;
sys/netpfil/pf/pf_ioctl.c
2906
krule->logif = rule->logif;
sys/netpfil/pf/pf_ioctl.c
2907
krule->quick = rule->quick;
sys/netpfil/pf/pf_ioctl.c
2908
krule->ifnot = rule->ifnot;
sys/netpfil/pf/pf_ioctl.c
2909
krule->match_tag_not = rule->match_tag_not;
sys/netpfil/pf/pf_ioctl.c
2910
krule->natpass = rule->natpass;
sys/netpfil/pf/pf_ioctl.c
2912
krule->keep_state = rule->keep_state;
sys/netpfil/pf/pf_ioctl.c
2913
krule->af = rule->af;
sys/netpfil/pf/pf_ioctl.c
2914
krule->proto = rule->proto;
sys/netpfil/pf/pf_ioctl.c
2915
krule->type = rule->type;
sys/netpfil/pf/pf_ioctl.c
2916
krule->code = rule->code;
sys/netpfil/pf/pf_ioctl.c
2917
krule->flags = rule->flags;
sys/netpfil/pf/pf_ioctl.c
2918
krule->flagset = rule->flagset;
sys/netpfil/pf/pf_ioctl.c
2919
krule->min_ttl = rule->min_ttl;
sys/netpfil/pf/pf_ioctl.c
2920
krule->allow_opts = rule->allow_opts;
sys/netpfil/pf/pf_ioctl.c
2921
krule->rt = rule->rt;
sys/netpfil/pf/pf_ioctl.c
2922
krule->return_ttl = rule->return_ttl;
sys/netpfil/pf/pf_ioctl.c
2923
krule->tos = rule->tos;
sys/netpfil/pf/pf_ioctl.c
2924
krule->set_tos = rule->set_tos;
sys/netpfil/pf/pf_ioctl.c
2926
krule->flush = rule->flush;
sys/netpfil/pf/pf_ioctl.c
2927
krule->prio = rule->prio;
sys/netpfil/pf/pf_ioctl.c
2928
krule->set_prio[0] = rule->set_prio[0];
sys/netpfil/pf/pf_ioctl.c
2929
krule->set_prio[1] = rule->set_prio[1];
sys/netpfil/pf/pf_ioctl.c
2931
bcopy(&rule->divert, &krule->divert, sizeof(krule->divert));
sys/netpfil/pf/pf_ioctl.c
2950
rs_num = pf_get_ruleset_number(pr->rule.action);
sys/netpfil/pf/pf_ioctl.c
3026
pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
sys/netpfil/pf/pf_ioctl.c
3040
if ((rule->return_icmp >> 8) > ICMP_MAXTYPE)
sys/netpfil/pf/pf_ioctl.c
3043
if ((error = pf_rule_checkaf(rule)))
sys/netpfil/pf/pf_ioctl.c
3045
if (pf_validate_range(rule->src.port_op, rule->src.port))
sys/netpfil/pf/pf_ioctl.c
3047
if (pf_validate_range(rule->dst.port_op, rule->dst.port))
sys/netpfil/pf/pf_ioctl.c
3049
if (pf_chk_limiter_action(rule->statelim.limiter_action) ||
sys/netpfil/pf/pf_ioctl.c
3050
pf_chk_limiter_action(rule->sourcelim.limiter_action))
sys/netpfil/pf/pf_ioctl.c
3053
if (rule->ifname[0])
sys/netpfil/pf/pf_ioctl.c
3055
if (rule->rcv_ifname[0])
sys/netpfil/pf/pf_ioctl.c
3057
pf_counter_u64_init(&rule->evaluations, M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3059
pf_counter_u64_init(&rule->packets[i], M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3060
pf_counter_u64_init(&rule->bytes[i], M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3062
rule->states_cur = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3063
rule->states_tot = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3065
rule->src_nodes[sn_type] = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
3066
rule->cuid = uid;
sys/netpfil/pf/pf_ioctl.c
3067
rule->cpid = pid;
sys/netpfil/pf/pf_ioctl.c
3068
TAILQ_INIT(&rule->rdr.list);
sys/netpfil/pf/pf_ioctl.c
3069
TAILQ_INIT(&rule->nat.list);
sys/netpfil/pf/pf_ioctl.c
3070
TAILQ_INIT(&rule->route.list);
sys/netpfil/pf/pf_ioctl.c
3075
LIST_INSERT_HEAD(&V_pf_allrulelist, rule, allrulelist);
sys/netpfil/pf/pf_ioctl.c
3076
MPASS(!rule->allrulelinked);
sys/netpfil/pf/pf_ioctl.c
3077
rule->allrulelinked = true;
sys/netpfil/pf/pf_ioctl.c
3083
rs_num = pf_get_ruleset_number(rule->action);
sys/netpfil/pf/pf_ioctl.c
3112
rule->nr = tail->nr + 1;
sys/netpfil/pf/pf_ioctl.c
3114
rule->nr = 0;
sys/netpfil/pf/pf_ioctl.c
3115
if (rule->ifname[0]) {
sys/netpfil/pf/pf_ioctl.c
3116
rule->kif = pfi_kkif_attach(kif, rule->ifname);
sys/netpfil/pf/pf_ioctl.c
3118
pfi_kkif_ref(rule->kif);
sys/netpfil/pf/pf_ioctl.c
3120
rule->kif = NULL;
sys/netpfil/pf/pf_ioctl.c
3122
if (rule->rcv_ifname[0]) {
sys/netpfil/pf/pf_ioctl.c
3123
rule->rcv_kif = pfi_kkif_attach(rcv_kif, rule->rcv_ifname);
sys/netpfil/pf/pf_ioctl.c
3125
pfi_kkif_ref(rule->rcv_kif);
sys/netpfil/pf/pf_ioctl.c
3127
rule->rcv_kif = NULL;
sys/netpfil/pf/pf_ioctl.c
3129
if (rule->rtableid > 0 && rule->rtableid >= rt_numfibs)
sys/netpfil/pf/pf_ioctl.c
3133
if (rule->qname[0] != 0) {
sys/netpfil/pf/pf_ioctl.c
3134
if ((rule->qid = pf_qname2qid(rule->qname, true)) == 0)
sys/netpfil/pf/pf_ioctl.c
3136
else if (rule->pqname[0] != 0) {
sys/netpfil/pf/pf_ioctl.c
3137
if ((rule->pqid =
sys/netpfil/pf/pf_ioctl.c
3138
pf_qname2qid(rule->pqname, true)) == 0)
sys/netpfil/pf/pf_ioctl.c
3141
rule->pqid = rule->qid;
sys/netpfil/pf/pf_ioctl.c
3144
if (rule->tagname[0])
sys/netpfil/pf/pf_ioctl.c
3145
if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0)
sys/netpfil/pf/pf_ioctl.c
3147
if (rule->match_tagname[0])
sys/netpfil/pf/pf_ioctl.c
3148
if ((rule->match_tag =
sys/netpfil/pf/pf_ioctl.c
3149
pf_tagname2tag(rule->match_tagname)) == 0)
sys/netpfil/pf/pf_ioctl.c
3151
if (rule->rt && !rule->direction)
sys/netpfil/pf/pf_ioctl.c
3153
if (!rule->log)
sys/netpfil/pf/pf_ioctl.c
3154
rule->logif = 0;
sys/netpfil/pf/pf_ioctl.c
3155
if (! pf_init_threshold(&rule->pktrate, rule->pktrate.limit,
sys/netpfil/pf/pf_ioctl.c
3156
rule->pktrate.seconds))
sys/netpfil/pf/pf_ioctl.c
3158
if (pf_addr_setup(ruleset, &rule->src.addr, rule->af))
sys/netpfil/pf/pf_ioctl.c
3160
if (pf_addr_setup(ruleset, &rule->dst.addr, rule->af))
sys/netpfil/pf/pf_ioctl.c
3162
if (pf_kanchor_setup(rule, ruleset, anchor_call))
sys/netpfil/pf/pf_ioctl.c
3164
if (rule->scrub_flags & PFSTATE_SETPRIO &&
sys/netpfil/pf/pf_ioctl.c
3165
(rule->set_prio[0] > PF_PRIO_MAX ||
sys/netpfil/pf/pf_ioctl.c
3166
rule->set_prio[1] > PF_PRIO_MAX))
sys/netpfil/pf/pf_ioctl.c
3178
rule->overload_tbl = NULL;
sys/netpfil/pf/pf_ioctl.c
3179
if (rule->overload_tblname[0]) {
sys/netpfil/pf/pf_ioctl.c
3180
if ((rule->overload_tbl = pfr_attach_table(ruleset,
sys/netpfil/pf/pf_ioctl.c
3181
rule->overload_tblname)) == NULL)
sys/netpfil/pf/pf_ioctl.c
3184
rule->overload_tbl->pfrkt_flags |=
sys/netpfil/pf/pf_ioctl.c
3188
pf_mv_kpool(&V_pf_pabuf[0], &rule->nat.list);
sys/netpfil/pf/pf_ioctl.c
3195
if (rule->rt > PF_NOPFROUTE && TAILQ_EMPTY(&V_pf_pabuf[2])) {
sys/netpfil/pf/pf_ioctl.c
3196
pf_mv_kpool(&V_pf_pabuf[1], &rule->route.list);
sys/netpfil/pf/pf_ioctl.c
3198
pf_mv_kpool(&V_pf_pabuf[1], &rule->rdr.list);
sys/netpfil/pf/pf_ioctl.c
3199
pf_mv_kpool(&V_pf_pabuf[2], &rule->route.list);
sys/netpfil/pf/pf_ioctl.c
3202
if (((rule->action == PF_NAT) || (rule->action == PF_RDR) ||
sys/netpfil/pf/pf_ioctl.c
3203
(rule->action == PF_BINAT)) && rule->anchor == NULL &&
sys/netpfil/pf/pf_ioctl.c
3204
TAILQ_FIRST(&rule->rdr.list) == NULL) {
sys/netpfil/pf/pf_ioctl.c
3208
if (rule->rt > PF_NOPFROUTE && (TAILQ_FIRST(&rule->route.list) == NULL)) {
sys/netpfil/pf/pf_ioctl.c
3212
if (rule->action == PF_PASS && (rule->rdr.opts & PF_POOL_STICKYADDR ||
sys/netpfil/pf/pf_ioctl.c
3213
rule->nat.opts & PF_POOL_STICKYADDR) && !rule->keep_state) {
sys/netpfil/pf/pf_ioctl.c
3219
rule->nat.cur = TAILQ_FIRST(&rule->nat.list);
sys/netpfil/pf/pf_ioctl.c
3220
rule->rdr.cur = TAILQ_FIRST(&rule->rdr.list);
sys/netpfil/pf/pf_ioctl.c
3221
rule->route.cur = TAILQ_FIRST(&rule->route.list);
sys/netpfil/pf/pf_ioctl.c
3222
rule->route.ipv6_nexthop_af = AF_INET6;
sys/netpfil/pf/pf_ioctl.c
3224
rule, entries);
sys/netpfil/pf/pf_ioctl.c
3228
pf_hash_rule(rule);
sys/netpfil/pf/pf_ioctl.c
3229
if (RB_INSERT(pf_krule_global, ruleset->rules[rs_num].inactive.tree, rule) != NULL) {
sys/netpfil/pf/pf_ioctl.c
3231
TAILQ_REMOVE(ruleset->rules[rs_num].inactive.ptr, rule, entries);
sys/netpfil/pf/pf_ioctl.c
3233
pf_free_rule(rule);
sys/netpfil/pf/pf_ioctl.c
3234
rule = NULL;
sys/netpfil/pf/pf_ioctl.c
3249
pf_krule_free(rule);
sys/netpfil/pf/pf_ioctl.c
3254
pf_label_match(const struct pf_krule *rule, const char *label)
sys/netpfil/pf/pf_ioctl.c
3258
while (*rule->label[i]) {
sys/netpfil/pf/pf_ioctl.c
3259
if (strcmp(rule->label[i], label) == 0)
sys/netpfil/pf/pf_ioctl.c
3350
! pf_label_match(s->rule, psk->psk_label))
sys/netpfil/pf/pf_ioctl.c
4075
struct pf_keth_rule *rule = NULL;
sys/netpfil/pf/pf_ioctl.c
4127
rule = TAILQ_FIRST(rs->active.rules);
sys/netpfil/pf/pf_ioctl.c
4128
while ((rule != NULL) && (rule->nr != nr))
sys/netpfil/pf/pf_ioctl.c
4129
rule = TAILQ_NEXT(rule, entries);
sys/netpfil/pf/pf_ioctl.c
4130
if (rule == NULL) {
sys/netpfil/pf/pf_ioctl.c
4137
nvl = pf_keth_rule_to_nveth_rule(rule);
sys/netpfil/pf/pf_ioctl.c
4138
if (pf_keth_anchor_nvcopyout(rs, rule, nvl)) {
sys/netpfil/pf/pf_ioctl.c
4157
counter_u64_zero(rule->evaluations);
sys/netpfil/pf/pf_ioctl.c
4159
counter_u64_zero(rule->packets[i]);
sys/netpfil/pf/pf_ioctl.c
4160
counter_u64_zero(rule->bytes[i]);
sys/netpfil/pf/pf_ioctl.c
4175
struct pf_keth_rule *rule = NULL, *tail = NULL;
sys/netpfil/pf/pf_ioctl.c
4215
rule = malloc(sizeof(*rule), M_PFRULE, M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
4216
rule->timestamp = NULL;
sys/netpfil/pf/pf_ioctl.c
4218
error = pf_nveth_rule_to_keth_rule(nvl, rule);
sys/netpfil/pf/pf_ioctl.c
4222
if (rule->ifname[0])
sys/netpfil/pf/pf_ioctl.c
4224
if (rule->bridge_to_name[0])
sys/netpfil/pf/pf_ioctl.c
4226
rule->evaluations = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
4228
rule->packets[i] = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
4229
rule->bytes[i] = counter_u64_alloc(M_WAITOK);
sys/netpfil/pf/pf_ioctl.c
4231
rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
sys/netpfil/pf/pf_ioctl.c
4236
if (rule->ifname[0]) {
sys/netpfil/pf/pf_ioctl.c
4237
rule->kif = pfi_kkif_attach(kif, rule->ifname);
sys/netpfil/pf/pf_ioctl.c
4238
pfi_kkif_ref(rule->kif);
sys/netpfil/pf/pf_ioctl.c
4240
rule->kif = NULL;
sys/netpfil/pf/pf_ioctl.c
4241
if (rule->bridge_to_name[0]) {
sys/netpfil/pf/pf_ioctl.c
4242
rule->bridge_to = pfi_kkif_attach(bridge_to_kif,
sys/netpfil/pf/pf_ioctl.c
4243
rule->bridge_to_name);
sys/netpfil/pf/pf_ioctl.c
4244
pfi_kkif_ref(rule->bridge_to);
sys/netpfil/pf/pf_ioctl.c
4246
rule->bridge_to = NULL;
sys/netpfil/pf/pf_ioctl.c
4250
if (rule->qname[0] != 0) {
sys/netpfil/pf/pf_ioctl.c
4251
if ((rule->qid = pf_qname2qid(rule->qname, true)) == 0)
sys/netpfil/pf/pf_ioctl.c
4254
rule->qid = rule->qid;
sys/netpfil/pf/pf_ioctl.c
4257
if (rule->tagname[0])
sys/netpfil/pf/pf_ioctl.c
4258
if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0)
sys/netpfil/pf/pf_ioctl.c
4260
if (rule->match_tagname[0])
sys/netpfil/pf/pf_ioctl.c
4261
if ((rule->match_tag = pf_tagname2tag(
sys/netpfil/pf/pf_ioctl.c
4262
rule->match_tagname)) == 0)
sys/netpfil/pf/pf_ioctl.c
4265
if (error == 0 && rule->ipdst.addr.type == PF_ADDR_TABLE)
sys/netpfil/pf/pf_ioctl.c
4266
error = pf_eth_addr_setup(ruleset, &rule->ipdst.addr);
sys/netpfil/pf/pf_ioctl.c
4267
if (error == 0 && rule->ipsrc.addr.type == PF_ADDR_TABLE)
sys/netpfil/pf/pf_ioctl.c
4268
error = pf_eth_addr_setup(ruleset, &rule->ipsrc.addr);
sys/netpfil/pf/pf_ioctl.c
4271
pf_free_eth_rule(rule);
sys/netpfil/pf/pf_ioctl.c
4276
if (pf_keth_anchor_setup(rule, ruleset, anchor_call)) {
sys/netpfil/pf/pf_ioctl.c
4277
pf_free_eth_rule(rule);
sys/netpfil/pf/pf_ioctl.c
4284
rule->nr = tail->nr + 1;
sys/netpfil/pf/pf_ioctl.c
4286
rule->nr = 0;
sys/netpfil/pf/pf_ioctl.c
4288
TAILQ_INSERT_TAIL(ruleset->inactive.rules, rule, entries);
sys/netpfil/pf/pf_ioctl.c
445
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
4475
struct pf_krule *rule = NULL;
sys/netpfil/pf/pf_ioctl.c
4504
rule = pf_krule_alloc();
sys/netpfil/pf/pf_ioctl.c
4506
rule);
sys/netpfil/pf/pf_ioctl.c
4519
error = pf_ioctl_addrule(rule, ticket, pool_ticket, anchor,
sys/netpfil/pf/pf_ioctl.c
4528
pf_krule_free(rule);
sys/netpfil/pf/pf_ioctl.c
4536
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
4538
rule = pf_krule_alloc();
sys/netpfil/pf/pf_ioctl.c
4539
error = pf_rule_to_krule(&pr->rule, rule);
sys/netpfil/pf/pf_ioctl.c
4541
pf_krule_free(rule);
sys/netpfil/pf/pf_ioctl.c
4548
error = pf_ioctl_addrule(rule, pr->ticket, pr->pool_ticket,
sys/netpfil/pf/pf_ioctl.c
4570
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
461
rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
sys/netpfil/pf/pf_ioctl.c
4633
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
sys/netpfil/pf/pf_ioctl.c
4634
while ((rule != NULL) && (rule->nr != nr))
sys/netpfil/pf/pf_ioctl.c
4635
rule = TAILQ_NEXT(rule, entries);
sys/netpfil/pf/pf_ioctl.c
4636
if (rule == NULL)
sys/netpfil/pf/pf_ioctl.c
4639
nvrule = pf_krule_to_nvrule(rule);
sys/netpfil/pf/pf_ioctl.c
464
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
sys/netpfil/pf/pf_ioctl.c
4649
if (pf_kanchor_nvcopyout(ruleset, rule, nvl))
sys/netpfil/pf/pf_ioctl.c
4663
pf_krule_clear_counters(rule);
sys/netpfil/pf/pf_ioctl.c
4697
if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
sys/netpfil/pf/pf_ioctl.c
470
rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
sys/netpfil/pf/pf_ioctl.c
4704
error = pf_rule_to_krule(&pcr->rule, newrule);
sys/netpfil/pf/pf_ioctl.c
473
rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr);
sys/netpfil/pf/pf_ioctl.c
4752
rs_num = pf_get_ruleset_number(pcr->rule.action);
sys/netpfil/pf/pf_ioctl.c
476
while ((rule != NULL) && (rule->nr != rule_number))
sys/netpfil/pf/pf_ioctl.c
477
rule = TAILQ_NEXT(rule, entries);
sys/netpfil/pf/pf_ioctl.c
479
if (rule == NULL)
sys/netpfil/pf/pf_ioctl.c
484
return (&rule->rdr);
sys/netpfil/pf/pf_ioctl.c
486
return (&rule->nat);
sys/netpfil/pf/pf_ioctl.c
488
return (&rule->route);
sys/netpfil/pf/pf_ioctl.c
5224
struct pf_krule *rule;
sys/netpfil/pf/pf_ioctl.c
5227
TAILQ_FOREACH(rule,
sys/netpfil/pf/pf_ioctl.c
5229
pf_counter_u64_zero(&rule->evaluations);
sys/netpfil/pf/pf_ioctl.c
5231
pf_counter_u64_zero(&rule->packets[i]);
sys/netpfil/pf/pf_ioctl.c
5232
pf_counter_u64_zero(&rule->bytes[i]);
sys/netpfil/pf/pf_ioctl.c
529
pf_unlink_rule_locked(struct pf_krulequeue *rulequeue, struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
535
TAILQ_REMOVE(rulequeue, rule, entries);
sys/netpfil/pf/pf_ioctl.c
537
rule->rule_ref |= PFRULE_REFS;
sys/netpfil/pf/pf_ioctl.c
538
TAILQ_INSERT_TAIL(&V_pf_unlinked_rules, rule, entries);
sys/netpfil/pf/pf_ioctl.c
542
pf_unlink_rule(struct pf_krulequeue *rulequeue, struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
548
pf_unlink_rule_locked(rulequeue, rule);
sys/netpfil/pf/pf_ioctl.c
553
pf_free_eth_rule(struct pf_keth_rule *rule)
sys/netpfil/pf/pf_ioctl.c
557
if (rule == NULL)
sys/netpfil/pf/pf_ioctl.c
560
if (rule->tag)
sys/netpfil/pf/pf_ioctl.c
561
tag_unref(&V_pf_tags, rule->tag);
sys/netpfil/pf/pf_ioctl.c
562
if (rule->match_tag)
sys/netpfil/pf/pf_ioctl.c
563
tag_unref(&V_pf_tags, rule->match_tag);
sys/netpfil/pf/pf_ioctl.c
565
pf_qid_unref(rule->qid);
sys/netpfil/pf/pf_ioctl.c
568
if (rule->bridge_to)
sys/netpfil/pf/pf_ioctl.c
569
pfi_kkif_unref(rule->bridge_to);
sys/netpfil/pf/pf_ioctl.c
570
if (rule->kif)
sys/netpfil/pf/pf_ioctl.c
571
pfi_kkif_unref(rule->kif);
sys/netpfil/pf/pf_ioctl.c
573
if (rule->ipsrc.addr.type == PF_ADDR_TABLE)
sys/netpfil/pf/pf_ioctl.c
574
pfr_detach_table(rule->ipsrc.addr.p.tbl);
sys/netpfil/pf/pf_ioctl.c
575
if (rule->ipdst.addr.type == PF_ADDR_TABLE)
sys/netpfil/pf/pf_ioctl.c
576
pfr_detach_table(rule->ipdst.addr.p.tbl);
sys/netpfil/pf/pf_ioctl.c
578
counter_u64_free(rule->evaluations);
sys/netpfil/pf/pf_ioctl.c
580
counter_u64_free(rule->packets[i]);
sys/netpfil/pf/pf_ioctl.c
581
counter_u64_free(rule->bytes[i]);
sys/netpfil/pf/pf_ioctl.c
583
uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
sys/netpfil/pf/pf_ioctl.c
584
pf_keth_anchor_remove(rule);
sys/netpfil/pf/pf_ioctl.c
586
free(rule, M_PFRULE);
sys/netpfil/pf/pf_ioctl.c
590
pf_free_rule(struct pf_krule *rule)
sys/netpfil/pf/pf_ioctl.c
596
if (rule->tag)
sys/netpfil/pf/pf_ioctl.c
597
tag_unref(&V_pf_tags, rule->tag);
sys/netpfil/pf/pf_ioctl.c
598
if (rule->match_tag)
sys/netpfil/pf/pf_ioctl.c
599
tag_unref(&V_pf_tags, rule->match_tag);
sys/netpfil/pf/pf_ioctl.c
601
if (rule->pqid != rule->qid)
sys/netpfil/pf/pf_ioctl.c
602
pf_qid_unref(rule->pqid);
sys/netpfil/pf/pf_ioctl.c
603
pf_qid_unref(rule->qid);
sys/netpfil/pf/pf_ioctl.c
605
switch (rule->src.addr.type) {
sys/netpfil/pf/pf_ioctl.c
607
pfi_dynaddr_remove(rule->src.addr.p.dyn);
sys/netpfil/pf/pf_ioctl.c
610
pfr_detach_table(rule->src.addr.p.tbl);
sys/netpfil/pf/pf_ioctl.c
613
switch (rule->dst.addr.type) {
sys/netpfil/pf/pf_ioctl.c
615
pfi_dynaddr_remove(rule->dst.addr.p.dyn);
sys/netpfil/pf/pf_ioctl.c
618
pfr_detach_table(rule->dst.addr.p.tbl);
sys/netpfil/pf/pf_ioctl.c
621
if (rule->overload_tbl)
sys/netpfil/pf/pf_ioctl.c
622
pfr_detach_table(rule->overload_tbl);
sys/netpfil/pf/pf_ioctl.c
623
if (rule->kif)
sys/netpfil/pf/pf_ioctl.c
624
pfi_kkif_unref(rule->kif);
sys/netpfil/pf/pf_ioctl.c
625
if (rule->rcv_kif)
sys/netpfil/pf/pf_ioctl.c
626
pfi_kkif_unref(rule->rcv_kif);
sys/netpfil/pf/pf_ioctl.c
627
pf_remove_kanchor(rule);
sys/netpfil/pf/pf_ioctl.c
628
pf_empty_kpool(&rule->rdr.list);
sys/netpfil/pf/pf_ioctl.c
629
pf_empty_kpool(&rule->nat.list);
sys/netpfil/pf/pf_ioctl.c
630
pf_empty_kpool(&rule->route.list);
sys/netpfil/pf/pf_ioctl.c
632
pf_krule_free(rule);
sys/netpfil/pf/pf_ioctl.c
6777
if (st->rule == NULL)
sys/netpfil/pf/pf_ioctl.c
6778
sp->pfs_1301.rule = htonl(-1);
sys/netpfil/pf/pf_ioctl.c
6780
sp->pfs_1301.rule = htonl(st->rule->nr);
sys/netpfil/pf/pf_ioctl.c
6866
if (st->rule == NULL)
sys/netpfil/pf/pf_ioctl.c
6867
sp->rule = htonl(-1);
sys/netpfil/pf/pf_ioctl.c
6869
sp->rule = htonl(st->rule->nr);
sys/netpfil/pf/pf_ioctl.c
848
struct pf_keth_rule *rule, *tmp;
sys/netpfil/pf/pf_ioctl.c
858
TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries,
sys/netpfil/pf/pf_ioctl.c
860
TAILQ_REMOVE(rs->inactive.rules, rule,
sys/netpfil/pf/pf_ioctl.c
862
pf_free_eth_rule(rule);
sys/netpfil/pf/pf_ioctl.c
874
struct pf_keth_rule *rule, *tmp;
sys/netpfil/pf/pf_ioctl.c
888
TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries,
sys/netpfil/pf/pf_ioctl.c
890
TAILQ_REMOVE(rs->inactive.rules, rule, entries);
sys/netpfil/pf/pf_ioctl.c
891
pf_free_eth_rule(rule);
sys/netpfil/pf/pf_nl.c
1000
nlattr_add_u8(nw, PF_RT_IF_NOT, rule->ifnot);
sys/netpfil/pf/pf_nl.c
1001
nlattr_add_u8(nw, PF_RT_MATCH_TAG_NOT, rule->match_tag_not);
sys/netpfil/pf/pf_nl.c
1002
nlattr_add_u8(nw, PF_RT_NATPASS, rule->natpass);
sys/netpfil/pf/pf_nl.c
1003
nlattr_add_u8(nw, PF_RT_KEEP_STATE, rule->keep_state);
sys/netpfil/pf/pf_nl.c
1005
nlattr_add_u8(nw, PF_RT_AF, rule->af);
sys/netpfil/pf/pf_nl.c
1006
nlattr_add_u8(nw, PF_RT_NAF, rule->naf);
sys/netpfil/pf/pf_nl.c
1007
nlattr_add_u8(nw, PF_RT_PROTO, rule->proto);
sys/netpfil/pf/pf_nl.c
1009
nlattr_add_u8(nw, PF_RT_TYPE, rule->type);
sys/netpfil/pf/pf_nl.c
1010
nlattr_add_u8(nw, PF_RT_CODE, rule->code);
sys/netpfil/pf/pf_nl.c
1011
nlattr_add_u16(nw, PF_RT_TYPE_2, rule->type);
sys/netpfil/pf/pf_nl.c
1012
nlattr_add_u16(nw, PF_RT_CODE_2, rule->code);
sys/netpfil/pf/pf_nl.c
1014
nlattr_add_u8(nw, PF_RT_FLAGS, rule->flags);
sys/netpfil/pf/pf_nl.c
1015
nlattr_add_u8(nw, PF_RT_FLAGSET, rule->flagset);
sys/netpfil/pf/pf_nl.c
1016
nlattr_add_u8(nw, PF_RT_MIN_TTL, rule->min_ttl);
sys/netpfil/pf/pf_nl.c
1017
nlattr_add_u8(nw, PF_RT_ALLOW_OPTS, rule->allow_opts);
sys/netpfil/pf/pf_nl.c
1018
nlattr_add_u8(nw, PF_RT_RT, rule->rt);
sys/netpfil/pf/pf_nl.c
1019
nlattr_add_u8(nw, PF_RT_RETURN_TTL, rule->return_ttl);
sys/netpfil/pf/pf_nl.c
1020
nlattr_add_u8(nw, PF_RT_TOS, rule->tos);
sys/netpfil/pf/pf_nl.c
1021
nlattr_add_u8(nw, PF_RT_SET_TOS, rule->set_tos);
sys/netpfil/pf/pf_nl.c
1022
nlattr_add_u8(nw, PF_RT_ANCHOR_RELATIVE, rule->anchor_relative);
sys/netpfil/pf/pf_nl.c
1023
nlattr_add_u8(nw, PF_RT_ANCHOR_WILDCARD, rule->anchor_wildcard);
sys/netpfil/pf/pf_nl.c
1024
nlattr_add_u8(nw, PF_RT_FLUSH, rule->flush);
sys/netpfil/pf/pf_nl.c
1025
nlattr_add_u8(nw, PF_RT_PRIO, rule->prio);
sys/netpfil/pf/pf_nl.c
1026
nlattr_add_u8(nw, PF_RT_SET_PRIO, rule->set_prio[0]);
sys/netpfil/pf/pf_nl.c
1027
nlattr_add_u8(nw, PF_RT_SET_PRIO_REPLY, rule->set_prio[1]);
sys/netpfil/pf/pf_nl.c
1029
nlattr_add_in6_addr(nw, PF_RT_DIVERT_ADDRESS, &rule->divert.addr.v6);
sys/netpfil/pf/pf_nl.c
1030
nlattr_add_u16(nw, PF_RT_DIVERT_PORT, rule->divert.port);
sys/netpfil/pf/pf_nl.c
1032
nlattr_add_u64(nw, PF_RT_PACKETS_IN, pf_counter_u64_fetch(&rule->packets[0]));
sys/netpfil/pf/pf_nl.c
1033
nlattr_add_u64(nw, PF_RT_PACKETS_OUT, pf_counter_u64_fetch(&rule->packets[1]));
sys/netpfil/pf/pf_nl.c
1034
nlattr_add_u64(nw, PF_RT_BYTES_IN, pf_counter_u64_fetch(&rule->bytes[0]));
sys/netpfil/pf/pf_nl.c
1035
nlattr_add_u64(nw, PF_RT_BYTES_OUT, pf_counter_u64_fetch(&rule->bytes[1]));
sys/netpfil/pf/pf_nl.c
1036
nlattr_add_u64(nw, PF_RT_EVALUATIONS, pf_counter_u64_fetch(&rule->evaluations));
sys/netpfil/pf/pf_nl.c
1037
nlattr_add_u64(nw, PF_RT_TIMESTAMP, pf_get_timestamp(rule));
sys/netpfil/pf/pf_nl.c
1038
nlattr_add_u64(nw, PF_RT_STATES_CUR, counter_u64_fetch(rule->states_cur));
sys/netpfil/pf/pf_nl.c
1039
nlattr_add_u64(nw, PF_RT_STATES_TOTAL, counter_u64_fetch(rule->states_tot));
sys/netpfil/pf/pf_nl.c
1041
src_nodes_total += counter_u64_fetch(rule->src_nodes[sn_type]);
sys/netpfil/pf/pf_nl.c
1043
nlattr_add_u64(nw, PF_RT_SRC_NODES_LIMIT, counter_u64_fetch(rule->src_nodes[PF_SN_LIMIT]));
sys/netpfil/pf/pf_nl.c
1044
nlattr_add_u64(nw, PF_RT_SRC_NODES_NAT, counter_u64_fetch(rule->src_nodes[PF_SN_NAT]));
sys/netpfil/pf/pf_nl.c
1045
nlattr_add_u64(nw, PF_RT_SRC_NODES_ROUTE, counter_u64_fetch(rule->src_nodes[PF_SN_ROUTE]));
sys/netpfil/pf/pf_nl.c
1046
nlattr_add_pf_threshold(nw, PF_RT_PKTRATE, &rule->pktrate);
sys/netpfil/pf/pf_nl.c
1047
nlattr_add_time_t(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime));
sys/netpfil/pf/pf_nl.c
1048
nlattr_add_u8(nw, PF_RT_STATE_LIMIT, rule->statelim.id);
sys/netpfil/pf/pf_nl.c
1049
nlattr_add_u32(nw, PF_RT_STATE_LIMIT_ACTION, rule->statelim.limiter_action);
sys/netpfil/pf/pf_nl.c
1050
nlattr_add_u8(nw, PF_RT_SOURCE_LIMIT, rule->sourcelim.id);
sys/netpfil/pf/pf_nl.c
1051
nlattr_add_u32(nw, PF_RT_SOURCE_LIMIT_ACTION, rule->sourcelim.limiter_action);
sys/netpfil/pf/pf_nl.c
1053
error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call));
sys/netpfil/pf/pf_nl.c
1059
pf_krule_clear_counters(rule);
sys/netpfil/pf/pf_nl.c
1785
nlattr_add_u32(nw, PF_SN_RULE_NR, n->rule->nr);
sys/netpfil/pf/pf_nl.c
200
nlattr_add_u32(nw, PF_ST_RULE, s->rule ? s->rule->nr : -1);
sys/netpfil/pf/pf_nl.c
219
if (s->sns[PF_SN_LIMIT]->rule == &V_pf_default_rule)
sys/netpfil/pf/pf_nl.c
795
struct pf_krule *rule;
sys/netpfil/pf/pf_nl.c
807
{ .type = PF_ART_RULE, .off = _OUT(rule), .arg = &rule_parser, .cb = nlattr_get_nested_ptr }
sys/netpfil/pf/pf_nl.c
818
attrs.rule = pf_krule_alloc();
sys/netpfil/pf/pf_nl.c
822
pf_free_rule(attrs.rule);
sys/netpfil/pf/pf_nl.c
826
error = pf_ioctl_addrule(attrs.rule, attrs.ticket, attrs.pool_ticket,
sys/netpfil/pf/pf_nl.c
836
{ .type = PF_GR_ACTION, .off = _OUT(rule.action), .cb = nlattr_get_uint8 },
sys/netpfil/pf/pf_nl.c
904
struct pf_krule *rule;
sys/netpfil/pf/pf_nl.c
940
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
sys/netpfil/pf/pf_nl.c
941
while ((rule != NULL) && (rule->nr != attrs.nr))
sys/netpfil/pf/pf_nl.c
942
rule = TAILQ_NEXT(rule, entries);
sys/netpfil/pf/pf_nl.c
943
if (rule == NULL) {
sys/netpfil/pf/pf_nl.c
949
nlattr_add_rule_addr(nw, PF_RT_SRC, &rule->src);
sys/netpfil/pf/pf_nl.c
950
nlattr_add_rule_addr(nw, PF_RT_DST, &rule->dst);
sys/netpfil/pf/pf_nl.c
951
nlattr_add_u32(nw, PF_RT_RIDENTIFIER, rule->ridentifier);
sys/netpfil/pf/pf_nl.c
952
nlattr_add_labels(nw, PF_RT_LABELS, rule);
sys/netpfil/pf/pf_nl.c
953
nlattr_add_string(nw, PF_RT_IFNAME, rule->ifname);
sys/netpfil/pf/pf_nl.c
954
nlattr_add_string(nw, PF_RT_QNAME, rule->qname);
sys/netpfil/pf/pf_nl.c
955
nlattr_add_string(nw, PF_RT_PQNAME, rule->pqname);
sys/netpfil/pf/pf_nl.c
956
nlattr_add_string(nw, PF_RT_TAGNAME, rule->tagname);
sys/netpfil/pf/pf_nl.c
957
nlattr_add_string(nw, PF_RT_MATCH_TAGNAME, rule->match_tagname);
sys/netpfil/pf/pf_nl.c
958
nlattr_add_string(nw, PF_RT_OVERLOAD_TBLNAME, rule->overload_tblname);
sys/netpfil/pf/pf_nl.c
959
nlattr_add_pool(nw, PF_RT_RPOOL_RDR, &rule->rdr);
sys/netpfil/pf/pf_nl.c
960
nlattr_add_pool(nw, PF_RT_RPOOL_NAT, &rule->nat);
sys/netpfil/pf/pf_nl.c
961
nlattr_add_pool(nw, PF_RT_RPOOL_RT, &rule->route);
sys/netpfil/pf/pf_nl.c
962
nlattr_add_u32(nw, PF_RT_OS_FINGERPRINT, rule->os_fingerprint);
sys/netpfil/pf/pf_nl.c
963
nlattr_add_u32(nw, PF_RT_RTABLEID, rule->rtableid);
sys/netpfil/pf/pf_nl.c
964
nlattr_add_timeout(nw, PF_RT_TIMEOUT, rule->timeout);
sys/netpfil/pf/pf_nl.c
965
nlattr_add_u32(nw, PF_RT_MAX_STATES, rule->max_states);
sys/netpfil/pf/pf_nl.c
966
nlattr_add_u32(nw, PF_RT_MAX_SRC_NODES, rule->max_src_nodes);
sys/netpfil/pf/pf_nl.c
967
nlattr_add_u32(nw, PF_RT_MAX_SRC_STATES, rule->max_src_states);
sys/netpfil/pf/pf_nl.c
968
nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN, rule->max_src_conn);
sys/netpfil/pf/pf_nl.c
969
nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, rule->max_src_conn_rate.limit);
sys/netpfil/pf/pf_nl.c
970
nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, rule->max_src_conn_rate.seconds);
sys/netpfil/pf/pf_nl.c
971
nlattr_add_u16(nw, PF_RT_MAX_PKT_SIZE, rule->max_pkt_size);
sys/netpfil/pf/pf_nl.c
973
nlattr_add_u16(nw, PF_RT_DNPIPE, rule->dnpipe);
sys/netpfil/pf/pf_nl.c
974
nlattr_add_u16(nw, PF_RT_DNRPIPE, rule->dnrpipe);
sys/netpfil/pf/pf_nl.c
975
nlattr_add_u32(nw, PF_RT_DNFLAGS, rule->free_flags);
sys/netpfil/pf/pf_nl.c
977
nlattr_add_u32(nw, PF_RT_NR, rule->nr);
sys/netpfil/pf/pf_nl.c
978
nlattr_add_u32(nw, PF_RT_PROB, rule->prob);
sys/netpfil/pf/pf_nl.c
979
nlattr_add_u32(nw, PF_RT_CUID, rule->cuid);
sys/netpfil/pf/pf_nl.c
980
nlattr_add_u32(nw, PF_RT_CPID, rule->cpid);
sys/netpfil/pf/pf_nl.c
982
nlattr_add_u16(nw, PF_RT_RETURN_ICMP, rule->return_icmp);
sys/netpfil/pf/pf_nl.c
983
nlattr_add_u16(nw, PF_RT_RETURN_ICMP6, rule->return_icmp6);
sys/netpfil/pf/pf_nl.c
984
nlattr_add_u16(nw, PF_RT_RETURN_ICMP6, rule->return_icmp6);
sys/netpfil/pf/pf_nl.c
985
nlattr_add_u16(nw, PF_RT_MAX_MSS, rule->max_mss);
sys/netpfil/pf/pf_nl.c
986
nlattr_add_u16(nw, PF_RT_SCRUB_FLAGS, rule->scrub_flags);
sys/netpfil/pf/pf_nl.c
988
nlattr_add_rule_uid(nw, PF_RT_UID, &rule->uid);
sys/netpfil/pf/pf_nl.c
989
nlattr_add_rule_uid(nw, PF_RT_GID, (const struct pf_rule_uid *)&rule->gid);
sys/netpfil/pf/pf_nl.c
991
nlattr_add_string(nw, PF_RT_RCV_IFNAME, rule->rcv_ifname);
sys/netpfil/pf/pf_nl.c
992
nlattr_add_bool(nw, PF_RT_RCV_IFNOT, rule->rcvifnot);
sys/netpfil/pf/pf_nl.c
994
nlattr_add_u32(nw, PF_RT_RULE_FLAG, rule->rule_flag);
sys/netpfil/pf/pf_nl.c
995
nlattr_add_u8(nw, PF_RT_ACTION, rule->action);
sys/netpfil/pf/pf_nl.c
996
nlattr_add_u8(nw, PF_RT_DIRECTION, rule->direction);
sys/netpfil/pf/pf_nl.c
997
nlattr_add_u8(nw, PF_RT_LOG, rule->log);
sys/netpfil/pf/pf_nl.c
998
nlattr_add_u8(nw, PF_RT_LOGIF, rule->logif);
sys/netpfil/pf/pf_nl.c
999
nlattr_add_u8(nw, PF_RT_QUICK, rule->quick);
sys/netpfil/pf/pf_norm.c
1822
if ((ts_fudge = state->rule->timeout[PFTM_TS_DIFF]) == 0)
sys/netpfil/pf/pf_nv.c
505
pf_nvrule_to_krule(const nvlist_t *nvl, struct pf_krule *rule)
sys/netpfil/pf/pf_nv.c
512
PFNV_CHK(pf_nvuint32(nvl, "nr", &rule->nr));
sys/netpfil/pf/pf_nv.c
518
&rule->src);
sys/netpfil/pf/pf_nv.c
526
&rule->dst));
sys/netpfil/pf/pf_nv.c
529
PFNV_CHK(pf_nvstring(nvl, "label", rule->label[0],
sys/netpfil/pf/pf_nv.c
530
sizeof(rule->label[0])));
sys/netpfil/pf/pf_nv.c
541
ret = strlcpy(rule->label[i], strs[i],
sys/netpfil/pf/pf_nv.c
542
sizeof(rule->label[0]));
sys/netpfil/pf/pf_nv.c
543
if (ret >= sizeof(rule->label[0]))
sys/netpfil/pf/pf_nv.c
548
PFNV_CHK(pf_nvuint32_opt(nvl, "ridentifier", &rule->ridentifier, 0));
sys/netpfil/pf/pf_nv.c
549
PFNV_CHK(pf_nvstring(nvl, "ifname", rule->ifname,
sys/netpfil/pf/pf_nv.c
550
sizeof(rule->ifname)));
sys/netpfil/pf/pf_nv.c
551
PFNV_CHK(pf_nvstring(nvl, "qname", rule->qname, sizeof(rule->qname)));
sys/netpfil/pf/pf_nv.c
552
PFNV_CHK(pf_nvstring(nvl, "pqname", rule->pqname,
sys/netpfil/pf/pf_nv.c
553
sizeof(rule->pqname)));
sys/netpfil/pf/pf_nv.c
554
PFNV_CHK(pf_nvstring(nvl, "tagname", rule->tagname,
sys/netpfil/pf/pf_nv.c
555
sizeof(rule->tagname)));
sys/netpfil/pf/pf_nv.c
556
PFNV_CHK(pf_nvuint16_opt(nvl, "dnpipe", &rule->dnpipe, 0));
sys/netpfil/pf/pf_nv.c
557
PFNV_CHK(pf_nvuint16_opt(nvl, "dnrpipe", &rule->dnrpipe, 0));
sys/netpfil/pf/pf_nv.c
558
PFNV_CHK(pf_nvuint32_opt(nvl, "dnflags", &rule->free_flags, 0));
sys/netpfil/pf/pf_nv.c
559
PFNV_CHK(pf_nvstring(nvl, "match_tagname", rule->match_tagname,
sys/netpfil/pf/pf_nv.c
560
sizeof(rule->match_tagname)));
sys/netpfil/pf/pf_nv.c
561
PFNV_CHK(pf_nvstring(nvl, "overload_tblname", rule->overload_tblname,
sys/netpfil/pf/pf_nv.c
562
sizeof(rule->overload_tblname)));
sys/netpfil/pf/pf_nv.c
567
&rule->rdr));
sys/netpfil/pf/pf_nv.c
569
PFNV_CHK(pf_nvuint32(nvl, "os_fingerprint", &rule->os_fingerprint));
sys/netpfil/pf/pf_nv.c
571
PFNV_CHK(pf_nvint(nvl, "rtableid", &rule->rtableid));
sys/netpfil/pf/pf_nv.c
572
PFNV_CHK(pf_nvuint32_array(nvl, "timeout", rule->timeout, PFTM_MAX, NULL));
sys/netpfil/pf/pf_nv.c
573
PFNV_CHK(pf_nvuint32(nvl, "max_states", &rule->max_states));
sys/netpfil/pf/pf_nv.c
574
PFNV_CHK(pf_nvuint32(nvl, "max_src_nodes", &rule->max_src_nodes));
sys/netpfil/pf/pf_nv.c
575
PFNV_CHK(pf_nvuint32(nvl, "max_src_states", &rule->max_src_states));
sys/netpfil/pf/pf_nv.c
576
PFNV_CHK(pf_nvuint32(nvl, "max_src_conn", &rule->max_src_conn));
sys/netpfil/pf/pf_nv.c
578
&rule->max_src_conn_rate.limit));
sys/netpfil/pf/pf_nv.c
580
&rule->max_src_conn_rate.seconds));
sys/netpfil/pf/pf_nv.c
581
PFNV_CHK(pf_nvuint32(nvl, "prob", &rule->prob));
sys/netpfil/pf/pf_nv.c
582
PFNV_CHK(pf_nvuint32(nvl, "cuid", &rule->cuid));
sys/netpfil/pf/pf_nv.c
583
PFNV_CHK(pf_nvuint32(nvl, "cpid", &rule->cpid));
sys/netpfil/pf/pf_nv.c
585
PFNV_CHK(pf_nvuint16(nvl, "return_icmp", &rule->return_icmp));
sys/netpfil/pf/pf_nv.c
586
PFNV_CHK(pf_nvuint16(nvl, "return_icmp6", &rule->return_icmp6));
sys/netpfil/pf/pf_nv.c
588
PFNV_CHK(pf_nvuint16(nvl, "max_mss", &rule->max_mss));
sys/netpfil/pf/pf_nv.c
589
PFNV_CHK(pf_nvuint16(nvl, "scrub_flags", &rule->scrub_flags));
sys/netpfil/pf/pf_nv.c
594
&rule->uid));
sys/netpfil/pf/pf_nv.c
599
&rule->gid));
sys/netpfil/pf/pf_nv.c
601
PFNV_CHK(pf_nvuint32(nvl, "rule_flag", &rule->rule_flag));
sys/netpfil/pf/pf_nv.c
602
PFNV_CHK(pf_nvuint8(nvl, "action", &rule->action));
sys/netpfil/pf/pf_nv.c
603
PFNV_CHK(pf_nvuint8(nvl, "direction", &rule->direction));
sys/netpfil/pf/pf_nv.c
604
PFNV_CHK(pf_nvuint8(nvl, "log", &rule->log));
sys/netpfil/pf/pf_nv.c
605
PFNV_CHK(pf_nvuint8(nvl, "logif", &rule->logif));
sys/netpfil/pf/pf_nv.c
606
PFNV_CHK(pf_nvuint8(nvl, "quick", &rule->quick));
sys/netpfil/pf/pf_nv.c
607
PFNV_CHK(pf_nvuint8(nvl, "ifnot", &rule->ifnot));
sys/netpfil/pf/pf_nv.c
608
PFNV_CHK(pf_nvuint8(nvl, "match_tag_not", &rule->match_tag_not));
sys/netpfil/pf/pf_nv.c
609
PFNV_CHK(pf_nvuint8(nvl, "natpass", &rule->natpass));
sys/netpfil/pf/pf_nv.c
611
PFNV_CHK(pf_nvuint8(nvl, "keep_state", &rule->keep_state));
sys/netpfil/pf/pf_nv.c
612
PFNV_CHK(pf_nvuint8(nvl, "af", &rule->af));
sys/netpfil/pf/pf_nv.c
613
PFNV_CHK(pf_nvuint8(nvl, "proto", &rule->proto));
sys/netpfil/pf/pf_nv.c
615
rule->type = tmp;
sys/netpfil/pf/pf_nv.c
617
rule->code = tmp;
sys/netpfil/pf/pf_nv.c
618
PFNV_CHK(pf_nvuint8(nvl, "flags", &rule->flags));
sys/netpfil/pf/pf_nv.c
619
PFNV_CHK(pf_nvuint8(nvl, "flagset", &rule->flagset));
sys/netpfil/pf/pf_nv.c
620
PFNV_CHK(pf_nvuint8(nvl, "min_ttl", &rule->min_ttl));
sys/netpfil/pf/pf_nv.c
621
PFNV_CHK(pf_nvuint8(nvl, "allow_opts", &rule->allow_opts));
sys/netpfil/pf/pf_nv.c
622
PFNV_CHK(pf_nvuint8(nvl, "rt", &rule->rt));
sys/netpfil/pf/pf_nv.c
623
PFNV_CHK(pf_nvuint8(nvl, "return_ttl", &rule->return_ttl));
sys/netpfil/pf/pf_nv.c
624
PFNV_CHK(pf_nvuint8(nvl, "tos", &rule->tos));
sys/netpfil/pf/pf_nv.c
625
PFNV_CHK(pf_nvuint8(nvl, "set_tos", &rule->set_tos));
sys/netpfil/pf/pf_nv.c
627
PFNV_CHK(pf_nvuint8(nvl, "flush", &rule->flush));
sys/netpfil/pf/pf_nv.c
628
PFNV_CHK(pf_nvuint8(nvl, "prio", &rule->prio));
sys/netpfil/pf/pf_nv.c
630
PFNV_CHK(pf_nvuint8_array(nvl, "set_prio", rule->set_prio, 2, NULL));
sys/netpfil/pf/pf_nv.c
638
&rule->divert.addr));
sys/netpfil/pf/pf_nv.c
639
PFNV_CHK(pf_nvuint16(nvldivert, "port", &rule->divert.port));
sys/netpfil/pf/pf_nv.c
644
if (rule->af == AF_INET)
sys/netpfil/pf/pf_nv.c
648
if (rule->af == AF_INET6)
sys/netpfil/pf/pf_nv.c
652
PFNV_CHK(pf_check_rule_addr(&rule->src));
sys/netpfil/pf/pf_nv.c
653
PFNV_CHK(pf_check_rule_addr(&rule->dst));
sys/netpfil/pf/pf_nv.c
663
pf_divert_to_nvdivert(const struct pf_krule *rule)
sys/netpfil/pf/pf_nv.c
672
tmp = pf_addr_to_nvaddr(&rule->divert.addr);
sys/netpfil/pf/pf_nv.c
677
nvlist_add_number(nvl, "port", rule->divert.port);
sys/netpfil/pf/pf_nv.c
687
pf_krule_to_nvrule(const struct pf_krule *rule)
sys/netpfil/pf/pf_nv.c
696
nvlist_add_number(nvl, "nr", rule->nr);
sys/netpfil/pf/pf_nv.c
697
tmp = pf_rule_addr_to_nvrule_addr(&rule->src);
sys/netpfil/pf/pf_nv.c
702
tmp = pf_rule_addr_to_nvrule_addr(&rule->dst);
sys/netpfil/pf/pf_nv.c
710
rule->skip[i] ? rule->skip[i]->nr : -1);
sys/netpfil/pf/pf_nv.c
714
nvlist_append_string_array(nvl, "labels", rule->label[i]);
sys/netpfil/pf/pf_nv.c
716
nvlist_add_string(nvl, "label", rule->label[0]);
sys/netpfil/pf/pf_nv.c
717
nvlist_add_number(nvl, "ridentifier", rule->ridentifier);
sys/netpfil/pf/pf_nv.c
718
nvlist_add_string(nvl, "ifname", rule->ifname);
sys/netpfil/pf/pf_nv.c
719
nvlist_add_string(nvl, "qname", rule->qname);
sys/netpfil/pf/pf_nv.c
720
nvlist_add_string(nvl, "pqname", rule->pqname);
sys/netpfil/pf/pf_nv.c
721
nvlist_add_number(nvl, "dnpipe", rule->dnpipe);
sys/netpfil/pf/pf_nv.c
722
nvlist_add_number(nvl, "dnrpipe", rule->dnrpipe);
sys/netpfil/pf/pf_nv.c
723
nvlist_add_number(nvl, "dnflags", rule->free_flags);
sys/netpfil/pf/pf_nv.c
724
nvlist_add_string(nvl, "tagname", rule->tagname);
sys/netpfil/pf/pf_nv.c
725
nvlist_add_string(nvl, "match_tagname", rule->match_tagname);
sys/netpfil/pf/pf_nv.c
726
nvlist_add_string(nvl, "overload_tblname", rule->overload_tblname);
sys/netpfil/pf/pf_nv.c
728
tmp = pf_pool_to_nvpool(&rule->rdr);
sys/netpfil/pf/pf_nv.c
735
pf_counter_u64_fetch(&rule->evaluations));
sys/netpfil/pf/pf_nv.c
738
pf_counter_u64_fetch(&rule->packets[i]));
sys/netpfil/pf/pf_nv.c
740
pf_counter_u64_fetch(&rule->bytes[i]));
sys/netpfil/pf/pf_nv.c
742
nvlist_add_number(nvl, "timestamp", pf_get_timestamp(rule));
sys/netpfil/pf/pf_nv.c
744
nvlist_add_number(nvl, "os_fingerprint", rule->os_fingerprint);
sys/netpfil/pf/pf_nv.c
746
nvlist_add_number(nvl, "rtableid", rule->rtableid);
sys/netpfil/pf/pf_nv.c
747
pf_uint32_array_nv(nvl, "timeout", rule->timeout, PFTM_MAX);
sys/netpfil/pf/pf_nv.c
748
nvlist_add_number(nvl, "max_states", rule->max_states);
sys/netpfil/pf/pf_nv.c
749
nvlist_add_number(nvl, "max_src_nodes", rule->max_src_nodes);
sys/netpfil/pf/pf_nv.c
750
nvlist_add_number(nvl, "max_src_states", rule->max_src_states);
sys/netpfil/pf/pf_nv.c
751
nvlist_add_number(nvl, "max_src_conn", rule->max_src_conn);
sys/netpfil/pf/pf_nv.c
753
rule->max_src_conn_rate.limit);
sys/netpfil/pf/pf_nv.c
755
rule->max_src_conn_rate.seconds);
sys/netpfil/pf/pf_nv.c
756
nvlist_add_number(nvl, "qid", rule->qid);
sys/netpfil/pf/pf_nv.c
757
nvlist_add_number(nvl, "pqid", rule->pqid);
sys/netpfil/pf/pf_nv.c
758
nvlist_add_number(nvl, "prob", rule->prob);
sys/netpfil/pf/pf_nv.c
759
nvlist_add_number(nvl, "cuid", rule->cuid);
sys/netpfil/pf/pf_nv.c
760
nvlist_add_number(nvl, "cpid", rule->cpid);
sys/netpfil/pf/pf_nv.c
763
counter_u64_fetch(rule->states_cur));
sys/netpfil/pf/pf_nv.c
765
counter_u64_fetch(rule->states_tot));
sys/netpfil/pf/pf_nv.c
767
src_nodes_total += counter_u64_fetch(rule->src_nodes[sn_type]);
sys/netpfil/pf/pf_nv.c
770
nvlist_add_number(nvl, "return_icmp", rule->return_icmp);
sys/netpfil/pf/pf_nv.c
771
nvlist_add_number(nvl, "return_icmp6", rule->return_icmp6);
sys/netpfil/pf/pf_nv.c
773
nvlist_add_number(nvl, "max_mss", rule->max_mss);
sys/netpfil/pf/pf_nv.c
774
nvlist_add_number(nvl, "scrub_flags", rule->scrub_flags);
sys/netpfil/pf/pf_nv.c
776
tmp = pf_rule_uid_to_nvrule_uid(&rule->uid);
sys/netpfil/pf/pf_nv.c
781
tmp = pf_rule_uid_to_nvrule_uid((const struct pf_rule_uid *)&rule->gid);
sys/netpfil/pf/pf_nv.c
787
nvlist_add_number(nvl, "rule_flag", rule->rule_flag);
sys/netpfil/pf/pf_nv.c
788
nvlist_add_number(nvl, "action", rule->action);
sys/netpfil/pf/pf_nv.c
789
nvlist_add_number(nvl, "direction", rule->direction);
sys/netpfil/pf/pf_nv.c
790
nvlist_add_number(nvl, "log", rule->log);
sys/netpfil/pf/pf_nv.c
791
nvlist_add_number(nvl, "logif", rule->logif);
sys/netpfil/pf/pf_nv.c
792
nvlist_add_number(nvl, "quick", rule->quick);
sys/netpfil/pf/pf_nv.c
793
nvlist_add_number(nvl, "ifnot", rule->ifnot);
sys/netpfil/pf/pf_nv.c
794
nvlist_add_number(nvl, "match_tag_not", rule->match_tag_not);
sys/netpfil/pf/pf_nv.c
795
nvlist_add_number(nvl, "natpass", rule->natpass);
sys/netpfil/pf/pf_nv.c
797
nvlist_add_number(nvl, "keep_state", rule->keep_state);
sys/netpfil/pf/pf_nv.c
798
nvlist_add_number(nvl, "af", rule->af);
sys/netpfil/pf/pf_nv.c
799
nvlist_add_number(nvl, "proto", rule->proto);
sys/netpfil/pf/pf_nv.c
800
nvlist_add_number(nvl, "type", rule->type);
sys/netpfil/pf/pf_nv.c
801
nvlist_add_number(nvl, "code", rule->code);
sys/netpfil/pf/pf_nv.c
802
nvlist_add_number(nvl, "flags", rule->flags);
sys/netpfil/pf/pf_nv.c
803
nvlist_add_number(nvl, "flagset", rule->flagset);
sys/netpfil/pf/pf_nv.c
804
nvlist_add_number(nvl, "min_ttl", rule->min_ttl);
sys/netpfil/pf/pf_nv.c
805
nvlist_add_number(nvl, "allow_opts", rule->allow_opts);
sys/netpfil/pf/pf_nv.c
806
nvlist_add_number(nvl, "rt", rule->rt);
sys/netpfil/pf/pf_nv.c
807
nvlist_add_number(nvl, "return_ttl", rule->return_ttl);
sys/netpfil/pf/pf_nv.c
808
nvlist_add_number(nvl, "tos", rule->tos);
sys/netpfil/pf/pf_nv.c
809
nvlist_add_number(nvl, "set_tos", rule->set_tos);
sys/netpfil/pf/pf_nv.c
810
nvlist_add_number(nvl, "anchor_relative", rule->anchor_relative);
sys/netpfil/pf/pf_nv.c
811
nvlist_add_number(nvl, "anchor_wildcard", rule->anchor_wildcard);
sys/netpfil/pf/pf_nv.c
813
nvlist_add_number(nvl, "flush", rule->flush);
sys/netpfil/pf/pf_nv.c
814
nvlist_add_number(nvl, "prio", rule->prio);
sys/netpfil/pf/pf_nv.c
816
pf_uint8_array_nv(nvl, "set_prio", rule->set_prio, 2);
sys/netpfil/pf/pf_nv.c
818
tmp = pf_divert_to_nvdivert(rule);
sys/netpfil/pf/pf_nv.c
977
nvlist_add_number(nvl, "rule", s->rule ? s->rule->nr : -1);
sys/netpfil/pf/pflow.c
658
flow1->tos = flow2->tos = st->rule->tos;
sys/netpfil/pf/pflow.c
695
flow1->tos = flow2->tos = st->rule->tos;
sys/netpfil/pf/pflow.c
734
flow1->tos = flow2->tos = st->rule->tos;
sys/security/mac_bsdextended/mac_bsdextended.c
114
ugidfw_rule_valid(struct mac_bsdextended_rule *rule)
sys/security/mac_bsdextended/mac_bsdextended.c
117
if ((rule->mbr_subject.mbs_flags | MBS_ALL_FLAGS) != MBS_ALL_FLAGS)
sys/security/mac_bsdextended/mac_bsdextended.c
119
if ((rule->mbr_subject.mbs_neg | MBS_ALL_FLAGS) != MBS_ALL_FLAGS)
sys/security/mac_bsdextended/mac_bsdextended.c
121
if ((rule->mbr_object.mbo_flags | MBO_ALL_FLAGS) != MBO_ALL_FLAGS)
sys/security/mac_bsdextended/mac_bsdextended.c
123
if ((rule->mbr_object.mbo_neg | MBO_ALL_FLAGS) != MBO_ALL_FLAGS)
sys/security/mac_bsdextended/mac_bsdextended.c
125
if (((rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) != 0) &&
sys/security/mac_bsdextended/mac_bsdextended.c
126
(rule->mbr_object.mbo_type | MBO_ALL_TYPE) != MBO_ALL_TYPE)
sys/security/mac_bsdextended/mac_bsdextended.c
128
if ((rule->mbr_mode | MBI_ALLPERM) != MBI_ALLPERM)
sys/security/mac_bsdextended/mac_bsdextended.c
225
ugidfw_rulecheck(struct mac_bsdextended_rule *rule,
sys/security/mac_bsdextended/mac_bsdextended.c
235
if (rule->mbr_subject.mbs_flags & MBS_UID_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
236
match = ((cred->cr_uid <= rule->mbr_subject.mbs_uid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
237
cred->cr_uid >= rule->mbr_subject.mbs_uid_min) ||
sys/security/mac_bsdextended/mac_bsdextended.c
238
(cred->cr_ruid <= rule->mbr_subject.mbs_uid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
239
cred->cr_ruid >= rule->mbr_subject.mbs_uid_min) ||
sys/security/mac_bsdextended/mac_bsdextended.c
240
(cred->cr_svuid <= rule->mbr_subject.mbs_uid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
241
cred->cr_svuid >= rule->mbr_subject.mbs_uid_min));
sys/security/mac_bsdextended/mac_bsdextended.c
242
if (rule->mbr_subject.mbs_neg & MBS_UID_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
248
if (rule->mbr_subject.mbs_flags & MBS_GID_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
249
match = ((cred->cr_gid <= rule->mbr_subject.mbs_gid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
250
cred->cr_gid >= rule->mbr_subject.mbs_gid_min) ||
sys/security/mac_bsdextended/mac_bsdextended.c
251
(cred->cr_rgid <= rule->mbr_subject.mbs_gid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
252
cred->cr_rgid >= rule->mbr_subject.mbs_gid_min) ||
sys/security/mac_bsdextended/mac_bsdextended.c
253
(cred->cr_svgid <= rule->mbr_subject.mbs_gid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
254
cred->cr_svgid >= rule->mbr_subject.mbs_gid_min));
sys/security/mac_bsdextended/mac_bsdextended.c
258
<= rule->mbr_subject.mbs_gid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
260
>= rule->mbr_subject.mbs_gid_min) {
sys/security/mac_bsdextended/mac_bsdextended.c
266
if (rule->mbr_subject.mbs_neg & MBS_GID_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
272
if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
274
(cred->cr_prison->pr_id == rule->mbr_subject.mbs_prison);
sys/security/mac_bsdextended/mac_bsdextended.c
275
if (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
284
if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
285
match = (vap->va_uid <= rule->mbr_object.mbo_uid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
286
vap->va_uid >= rule->mbr_object.mbo_uid_min);
sys/security/mac_bsdextended/mac_bsdextended.c
287
if (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
293
if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
294
match = (vap->va_gid <= rule->mbr_object.mbo_gid_max &&
sys/security/mac_bsdextended/mac_bsdextended.c
295
vap->va_gid >= rule->mbr_object.mbo_gid_min);
sys/security/mac_bsdextended/mac_bsdextended.c
296
if (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
302
if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
304
&rule->mbr_object.mbo_fsid) == 0);
sys/security/mac_bsdextended/mac_bsdextended.c
305
if (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
311
if (rule->mbr_object.mbo_flags & MBO_SUID) {
sys/security/mac_bsdextended/mac_bsdextended.c
313
if (rule->mbr_object.mbo_neg & MBO_SUID)
sys/security/mac_bsdextended/mac_bsdextended.c
319
if (rule->mbr_object.mbo_flags & MBO_SGID) {
sys/security/mac_bsdextended/mac_bsdextended.c
321
if (rule->mbr_object.mbo_neg & MBO_SGID)
sys/security/mac_bsdextended/mac_bsdextended.c
327
if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) {
sys/security/mac_bsdextended/mac_bsdextended.c
331
if (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)
sys/security/mac_bsdextended/mac_bsdextended.c
337
if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) {
sys/security/mac_bsdextended/mac_bsdextended.c
341
if (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)
sys/security/mac_bsdextended/mac_bsdextended.c
347
if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) {
sys/security/mac_bsdextended/mac_bsdextended.c
350
match = (rule->mbr_object.mbo_type & MBO_TYPE_REG);
sys/security/mac_bsdextended/mac_bsdextended.c
353
match = (rule->mbr_object.mbo_type & MBO_TYPE_DIR);
sys/security/mac_bsdextended/mac_bsdextended.c
356
match = (rule->mbr_object.mbo_type & MBO_TYPE_BLK);
sys/security/mac_bsdextended/mac_bsdextended.c
359
match = (rule->mbr_object.mbo_type & MBO_TYPE_CHR);
sys/security/mac_bsdextended/mac_bsdextended.c
362
match = (rule->mbr_object.mbo_type & MBO_TYPE_LNK);
sys/security/mac_bsdextended/mac_bsdextended.c
365
match = (rule->mbr_object.mbo_type & MBO_TYPE_SOCK);
sys/security/mac_bsdextended/mac_bsdextended.c
368
match = (rule->mbr_object.mbo_type & MBO_TYPE_FIFO);
sys/security/mac_bsdextended/mac_bsdextended.c
373
if (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)
sys/security/mac_bsdextended/mac_bsdextended.c
384
mac_granted = rule->mbr_mode;
sys/security/mac_do/mac_do.c
1014
char *copy, *p, *rule;
sys/security/mac_do/mac_do.c
1036
while ((rule = strsep_noblanks(&p, ";")) != NULL) {
sys/security/mac_do/mac_do.c
1037
if (rule[0] == '\0')
sys/security/mac_do/mac_do.c
1039
error = parse_single_rule(rule, rules, parse_error);
sys/security/mac_do/mac_do.c
1041
(*parse_error)->pos += rule - copy;
sys/security/mac_do/mac_do.c
154
STAILQ_ENTRY(rule) r_entries;
sys/security/mac_do/mac_do.c
1643
rule_grant_supplementary_groups(const struct rule *const rule,
sys/security/mac_do/mac_do.c
165
STAILQ_HEAD(rulehead, rule);
sys/security/mac_do/mac_do.c
1650
const flags_t gid_flags = rule->gid_flags;
sys/security/mac_do/mac_do.c
1718
for (; rule_idx < rule->gids_nb; ++rule_idx) {
sys/security/mac_do/mac_do.c
1719
const struct id_spec is = rule->gids[rule_idx];
sys/security/mac_do/mac_do.c
1772
for (; rule_idx < rule->gids_nb; ++rule_idx) {
sys/security/mac_do/mac_do.c
1773
const struct id_spec is = rule->gids[rule_idx];
sys/security/mac_do/mac_do.c
1784
rule_grant_primary_group(const struct rule *const rule,
sys/security/mac_do/mac_do.c
1791
if ((rule->gid_flags & MDF_ANY) != 0)
sys/security/mac_do/mac_do.c
1795
if ((rule->gid_flags & MDF_CURRENT) != 0 &&
sys/security/mac_do/mac_do.c
1797
error = grant_primary_group_from_flags(rule->gid_flags);
sys/security/mac_do/mac_do.c
1804
found_is = bsearch(&gid_is, rule->gids, rule->gids_nb,
sys/security/mac_do/mac_do.c
1805
sizeof(*rule->gids), id_spec_cmp);
sys/security/mac_do/mac_do.c
1817
rule_grant_primary_groups(const struct rule *const rule,
sys/security/mac_do/mac_do.c
1823
if ((rule->gid_flags & MDF_ANY) != 0)
sys/security/mac_do/mac_do.c
1826
error = rule_grant_primary_group(rule, old_cred, new_cred->cr_gid);
sys/security/mac_do/mac_do.c
1829
error = rule_grant_primary_group(rule, old_cred, new_cred->cr_rgid);
sys/security/mac_do/mac_do.c
1832
error = rule_grant_primary_group(rule, old_cred, new_cred->cr_svgid);
sys/security/mac_do/mac_do.c
1846
rule_grant_user(const struct rule *const rule,
sys/security/mac_do/mac_do.c
1852
if ((rule->uid_flags & MDF_ANY) != 0)
sys/security/mac_do/mac_do.c
1856
if ((rule->uid_flags & MDF_CURRENT) != 0 &&
sys/security/mac_do/mac_do.c
1862
found_is = bsearch(&uid_is, rule->uids, rule->uids_nb,
sys/security/mac_do/mac_do.c
1863
sizeof(*rule->uids), id_spec_cmp);
sys/security/mac_do/mac_do.c
1872
rule_grant_users(const struct rule *const rule,
sys/security/mac_do/mac_do.c
1878
if ((rule->uid_flags & MDF_ANY) != 0)
sys/security/mac_do/mac_do.c
1881
error = rule_grant_user(rule, old_cred, new_cred->cr_uid);
sys/security/mac_do/mac_do.c
1884
error = rule_grant_user(rule, old_cred, new_cred->cr_ruid);
sys/security/mac_do/mac_do.c
1887
error = rule_grant_user(rule, old_cred, new_cred->cr_svuid);
sys/security/mac_do/mac_do.c
1895
rule_grant_setcred(const struct rule *const rule,
sys/security/mac_do/mac_do.c
1900
error = rule_grant_users(rule, old_cred, new_cred);
sys/security/mac_do/mac_do.c
1903
error = rule_grant_primary_groups(rule, old_cred, new_cred);
sys/security/mac_do/mac_do.c
1906
error = rule_grant_supplementary_groups(rule, old_cred, new_cred);
sys/security/mac_do/mac_do.c
1914
rule_applies(const struct rule *const rule, const struct ucred *const cred)
sys/security/mac_do/mac_do.c
1916
if (rule->from_type == IT_UID && rule->from_id == cred->cr_ruid)
sys/security/mac_do/mac_do.c
1918
if (rule->from_type == IT_GID && realgroupmember(rule->from_id, cred))
sys/security/mac_do/mac_do.c
1938
const struct rule *rule;
sys/security/mac_do/mac_do.c
1977
STAILQ_FOREACH(rule, &rules->head, r_entries)
sys/security/mac_do/mac_do.c
1978
if (rule_applies(rule, cred)) {
sys/security/mac_do/mac_do.c
1979
error = rule_grant_setcred(rule, cred, new_cred);
sys/security/mac_do/mac_do.c
319
struct rule *rule, *rule_next;
sys/security/mac_do/mac_do.c
321
STAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) {
sys/security/mac_do/mac_do.c
322
free(rule->uids, M_MAC_DO);
sys/security/mac_do/mac_do.c
323
free(rule->gids, M_MAC_DO);
sys/security/mac_do/mac_do.c
324
free(rule, M_MAC_DO);
sys/security/mac_do/mac_do.c
517
parse_target_clause(char *to, struct rule *const rule,
sys/security/mac_do/mac_do.c
565
nb = &rule->gids_nb;
sys/security/mac_do/mac_do.c
566
tflags = &rule->gid_flags;
sys/security/mac_do/mac_do.c
640
nb = &rule->uids_nb;
sys/security/mac_do/mac_do.c
641
tflags = &rule->uid_flags;
sys/security/mac_do/mac_do.c
677
if (has_clauses(rule->uids_nb, rule->uid_flags) ||
sys/security/mac_do/mac_do.c
678
has_clauses(rule->gids_nb, rule->gid_flags)) {
sys/security/mac_do/mac_do.c
684
rule->uid_flags |= MDF_ANY;
sys/security/mac_do/mac_do.c
685
rule->gid_flags |= MDF_ANY | MDF_ANY_SUPP |
sys/security/mac_do/mac_do.c
861
parse_single_rule(char *rule, struct rules *const rules,
sys/security/mac_do/mac_do.c
864
const char *const start = rule;
sys/security/mac_do/mac_do.c
869
struct rule *new;
sys/security/mac_do/mac_do.c
879
from_type = strsep_noblanks(&rule, "=");
sys/security/mac_do/mac_do.c
894
from_id = strsep_noblanks(&rule, ":>");
sys/security/mac_do/mac_do.c
919
to_list = strsep_noblanks(&rule, ",");
sys/security/mac_do/mac_do.c
932
to_list = strsep_noblanks(&rule, ",");
sys/security/mac_ipacl/mac_ipacl.c
133
struct ip_rule *rule;
sys/security/mac_ipacl/mac_ipacl.c
135
while ((rule = TAILQ_FIRST(head)) != NULL) {
sys/security/mac_ipacl/mac_ipacl.c
136
TAILQ_REMOVE(head, rule, r_entries);
sys/security/mac_ipacl/mac_ipacl.c
137
free(rule, M_IPACL);
sys/security/mac_ipacl/mac_ipacl.c
159
parse_rule_element(char *element, struct ip_rule *rule)
sys/security/mac_ipacl/mac_ipacl.c
171
rule->jid = strtol(tok, &p, 10);
sys/security/mac_ipacl/mac_ipacl.c
177
rule->allow = strtol(tok, &p, 10);
sys/security/mac_ipacl/mac_ipacl.c
184
strlcpy(rule->if_name, tok, strlen(tok) + 1);
sys/security/mac_ipacl/mac_ipacl.c
188
rule->af = (strcmp(tok, "AF_INET") == 0) ? AF_INET :
sys/security/mac_ipacl/mac_ipacl.c
190
if (rule->af == -1)
sys/security/mac_ipacl/mac_ipacl.c
195
if (inet_pton(rule->af, tok, rule->addr.addr32) != 1)
sys/security/mac_ipacl/mac_ipacl.c
205
rule->subnet_apply = false;
sys/security/mac_ipacl/mac_ipacl.c
207
rule->subnet_apply = true;
sys/security/mac_ipacl/mac_ipacl.c
208
switch (rule->af) {
sys/security/mac_ipacl/mac_ipacl.c
215
rule->mask.addr32[0] = htonl(0);
sys/security/mac_ipacl/mac_ipacl.c
217
rule->mask.addr32[0] =
sys/security/mac_ipacl/mac_ipacl.c
219
rule->addr.addr32[0] &= rule->mask.addr32[0];
sys/security/mac_ipacl/mac_ipacl.c
228
rule->mask.addr8[i] = prefix >= 8 ? 0xFF :
sys/security/mac_ipacl/mac_ipacl.c
231
rule->addr.addr8[i] &= rule->mask.addr8[i];
sys/security/mac_ipacl/mac_ipacl.c
320
struct ip_rule *rule;
sys/security/mac_ipacl/mac_ipacl.c
339
TAILQ_FOREACH_REVERSE(rule, &rule_head, rulehead, r_entries) {
sys/security/mac_ipacl/mac_ipacl.c
341
if (cred->cr_prison->pr_id != rule->jid)
sys/security/mac_ipacl/mac_ipacl.c
344
if (strcmp(rule->if_name, "\0") &&
sys/security/mac_ipacl/mac_ipacl.c
345
strcmp(rule->if_name, if_name(ifp)))
sys/security/mac_ipacl/mac_ipacl.c
348
switch (rule->af) {
sys/security/mac_ipacl/mac_ipacl.c
351
if (rule->subnet_apply) {
sys/security/mac_ipacl/mac_ipacl.c
352
if (rule->addr.v4.s_addr !=
sys/security/mac_ipacl/mac_ipacl.c
353
(ip_addr->v4.s_addr & rule->mask.v4.s_addr))
sys/security/mac_ipacl/mac_ipacl.c
356
if (ip_addr->v4.s_addr != rule->addr.v4.s_addr)
sys/security/mac_ipacl/mac_ipacl.c
362
if (rule->subnet_apply) {
sys/security/mac_ipacl/mac_ipacl.c
365
if (rule->addr.v6.s6_addr[i] !=
sys/security/mac_ipacl/mac_ipacl.c
367
rule->mask.v6.s6_addr[i])) {
sys/security/mac_ipacl/mac_ipacl.c
374
if (bcmp(&rule->addr, ip_addr,
sys/security/mac_ipacl/mac_ipacl.c
381
if (rule->allow)
sys/security/mac_portacl/mac_portacl.c
117
TAILQ_ENTRY(rule) r_entries;
sys/security/mac_portacl/mac_portacl.c
133
static TAILQ_HEAD(rulehead, rule) rule_head;
sys/security/mac_portacl/mac_portacl.c
139
struct rule *rule;
sys/security/mac_portacl/mac_portacl.c
141
while ((rule = TAILQ_FIRST(head)) != NULL) {
sys/security/mac_portacl/mac_portacl.c
142
TAILQ_REMOVE(head, rule, r_entries);
sys/security/mac_portacl/mac_portacl.c
143
free(rule, M_PORTACL);
sys/security/mac_portacl/mac_portacl.c
171
parse_rule_element(char *element, struct rule **rule)
sys/security/mac_portacl/mac_portacl.c
174
struct rule *new;
sys/security/mac_portacl/mac_portacl.c
230
*rule = NULL;
sys/security/mac_portacl/mac_portacl.c
232
*rule = new;
sys/security/mac_portacl/mac_portacl.c
239
struct rule *new;
sys/security/mac_portacl/mac_portacl.c
266
rule_printf(struct sbuf *sb, struct rule *rule)
sys/security/mac_portacl/mac_portacl.c
270
switch(rule->r_idtype) {
sys/security/mac_portacl/mac_portacl.c
278
panic("rule_printf: unknown idtype (%d)\n", rule->r_idtype);
sys/security/mac_portacl/mac_portacl.c
281
switch (rule->r_protocol) {
sys/security/mac_portacl/mac_portacl.c
290
rule->r_protocol);
sys/security/mac_portacl/mac_portacl.c
292
sbuf_printf(sb, "%s:%jd:%s:%d", idtype, (intmax_t)rule->r_id,
sys/security/mac_portacl/mac_portacl.c
293
protocol, rule->r_port);
sys/security/mac_portacl/mac_portacl.c
299
struct rule *rule;
sys/security/mac_portacl/mac_portacl.c
307
for (rule = TAILQ_FIRST(&rule_head); rule != NULL;
sys/security/mac_portacl/mac_portacl.c
308
rule = TAILQ_NEXT(rule, r_entries)) {
sys/security/mac_portacl/mac_portacl.c
313
rule_printf(sb, rule);
sys/security/mac_portacl/mac_portacl.c
379
struct rule *rule;
sys/security/mac_portacl/mac_portacl.c
392
for (rule = TAILQ_FIRST(&rule_head);
sys/security/mac_portacl/mac_portacl.c
393
rule != NULL;
sys/security/mac_portacl/mac_portacl.c
394
rule = TAILQ_NEXT(rule, r_entries)) {
sys/security/mac_portacl/mac_portacl.c
395
if (type == SOCK_DGRAM && rule->r_protocol != RULE_PROTO_UDP)
sys/security/mac_portacl/mac_portacl.c
397
if (type == SOCK_STREAM && rule->r_protocol != RULE_PROTO_TCP)
sys/security/mac_portacl/mac_portacl.c
399
if (port != rule->r_port)
sys/security/mac_portacl/mac_portacl.c
401
if (rule->r_idtype == RULE_UID) {
sys/security/mac_portacl/mac_portacl.c
402
if (cred->cr_uid == rule->r_id) {
sys/security/mac_portacl/mac_portacl.c
406
} else if (rule->r_idtype == RULE_GID) {
sys/security/mac_portacl/mac_portacl.c
407
if (cred->cr_gid == rule->r_id) {
sys/security/mac_portacl/mac_portacl.c
410
} else if (groupmember(rule->r_id, cred)) {
sys/security/mac_portacl/mac_portacl.c
416
rule->r_idtype);
sys/sys/rctl.h
137
struct rctl_rule *rctl_rule_duplicate(const struct rctl_rule *rule, int flags);
sys/sys/rctl.h
138
void rctl_rule_acquire(struct rctl_rule *rule);
sys/sys/rctl.h
139
void rctl_rule_release(struct rctl_rule *rule);
sys/sys/rctl.h
140
int rctl_rule_add(struct rctl_rule *rule);
tests/sys/mac/bsdextended/ugidfw_test.c
147
struct mac_bsdextended_rule rule;
tests/sys/mac/bsdextended/ugidfw_test.c
170
error = bsde_parse_rule_string(test_strings[i], &rule,
tests/sys/mac/bsdextended/ugidfw_test.c
179
error = bsde_rule_to_string(&rule, rulestr, sizeof(rulestr));
tests/sys/netpfil/pf/ioctl/validation.c
855
struct pfioc_rule rule;
tests/sys/netpfil/pf/ioctl/validation.c
859
memset(&rule, 0x42, sizeof(rule));
tests/sys/netpfil/pf/ioctl/validation.c
861
rule.ticket = 0;
tests/sys/netpfil/pf/ioctl/validation.c
862
rule.pool_ticket = 0;
tests/sys/netpfil/pf/ioctl/validation.c
863
rule.anchor[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
865
rule.rule.return_icmp = 0;
tests/sys/netpfil/pf/ioctl/validation.c
866
bzero(&rule.rule.src, sizeof(rule.rule.src));
tests/sys/netpfil/pf/ioctl/validation.c
867
bzero(&rule.rule.dst, sizeof(rule.rule.dst));
tests/sys/netpfil/pf/ioctl/validation.c
869
rule.rule.ifname[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
870
rule.rule.action = 0;
tests/sys/netpfil/pf/ioctl/validation.c
871
rule.rule.rtableid = 0;
tests/sys/netpfil/pf/ioctl/validation.c
873
rule.rule.tagname[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
876
ioctl(dev, DIOCADDRULE, &rule);
tests/sys/netpfil/pf/ioctl/validation.c
893
struct pfioc_rule rule;
tests/sys/netpfil/pf/ioctl/validation.c
897
memset(&rule, 0, sizeof(rule));
tests/sys/netpfil/pf/ioctl/validation.c
899
rule.ticket = 0;
tests/sys/netpfil/pf/ioctl/validation.c
900
rule.pool_ticket = 0;
tests/sys/netpfil/pf/ioctl/validation.c
901
rule.anchor[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
903
rule.rule.return_icmp = 0;
tests/sys/netpfil/pf/ioctl/validation.c
904
bzero(&rule.rule.src, sizeof(rule.rule.src));
tests/sys/netpfil/pf/ioctl/validation.c
905
bzero(&rule.rule.dst, sizeof(rule.rule.dst));
tests/sys/netpfil/pf/ioctl/validation.c
907
rule.rule.ifname[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
908
rule.rule.action = 0;
tests/sys/netpfil/pf/ioctl/validation.c
909
rule.rule.rtableid = 0;
tests/sys/netpfil/pf/ioctl/validation.c
911
rule.rule.tagname[0] = 0;
tests/sys/netpfil/pf/ioctl/validation.c
912
rule.rule.action = 42;
tests/sys/netpfil/pf/ioctl/validation.c
914
ioctl(dev, DIOCADDRULE, &rule);
tests/sys/netpfil/pf/ioctl/validation.c
931
struct pfioc_rule rule;
tests/sys/netpfil/pf/ioctl/validation.c
935
memset(&rule, 0, sizeof(rule));
tests/sys/netpfil/pf/ioctl/validation.c
937
rule.pool_ticket = 1000000;
tests/sys/netpfil/pf/ioctl/validation.c
938
rule.action = PF_CHANGE_ADD_HEAD;
tests/sys/netpfil/pf/ioctl/validation.c
939
rule.rule.af = AF_INET;
tests/sys/netpfil/pf/ioctl/validation.c
941
ioctl(dev, DIOCCHANGERULE, &rule);
usr.bin/rctl/rctl.c
110
expand_amount(const char *rule, const char *unexpanded_rule)
usr.bin/rctl/rctl.c
117
tofree = copy = strdup(rule);
usr.bin/rctl/rctl.c
135
copy = strdup(rule);
usr.bin/rctl/rctl.c
175
expand_rule(const char *rule, bool resolve_ids)
usr.bin/rctl/rctl.c
182
tofree = copy = strdup(rule);
usr.bin/rctl/rctl.c
191
warnx("malformed rule '%s': missing subject", rule);
usr.bin/rctl/rctl.c
214
error = parse_user(textid, &id, rule);
usr.bin/rctl/rctl.c
222
error = parse_group(textid, &id, rule);
usr.bin/rctl/rctl.c
240
expanded = expand_amount(resolved, rule);
usr.bin/rctl/rctl.c
247
humanize_ids(char *rule)
usr.bin/rctl/rctl.c
256
subject = strsep(&rule, ":");
usr.bin/rctl/rctl.c
257
textid = strsep(&rule, ":");
usr.bin/rctl/rctl.c
260
if (rule != NULL)
usr.bin/rctl/rctl.c
261
rest = rule;
usr.bin/rctl/rctl.c
305
humanize_amount(char *rule)
usr.bin/rctl/rctl.c
312
tofree = copy = strdup(rule);
usr.bin/rctl/rctl.c
326
return (rule);
usr.bin/rctl/rctl.c
359
char *rule;
usr.bin/rctl/rctl.c
361
while ((rule = strsep(&rules, ",")) != NULL) {
usr.bin/rctl/rctl.c
362
if (rule[0] == '\0')
usr.bin/rctl/rctl.c
365
rule = humanize_ids(rule);
usr.bin/rctl/rctl.c
367
rule = humanize_amount(rule);
usr.bin/rctl/rctl.c
368
printf("%s\n", rule);
usr.bin/rctl/rctl.c
395
add_rule(const char *rule, const char *unexpanded_rule)
usr.bin/rctl/rctl.c
399
error = rctl_add_rule(rule, strlen(rule) + 1, NULL, 0);
usr.bin/rctl/rctl.c
590
char *rule = NULL, *unexpanded_rule;
usr.bin/rctl/rctl.c
628
rule = strdup("::");
usr.bin/rctl/rctl.c
629
show_rules(rule, rule, hflag, nflag);
usr.bin/rctl/rctl.c
648
rule = expand_rule(unexpanded_rule, false);
usr.bin/rctl/rctl.c
650
rule = expand_rule(unexpanded_rule, true);
usr.bin/rctl/rctl.c
652
if (rule == NULL) {
usr.bin/rctl/rctl.c
663
error = add_rule(rule, unexpanded_rule);
usr.bin/rctl/rctl.c
665
error = show_limits(rule, unexpanded_rule,
usr.bin/rctl/rctl.c
668
error = remove_rule(rule, unexpanded_rule);
usr.bin/rctl/rctl.c
670
error = show_usage(rule, unexpanded_rule, hflag);
usr.bin/rctl/rctl.c
672
error = show_rules(rule, unexpanded_rule,
usr.bin/rctl/rctl.c
679
free(rule);
usr.sbin/bhyve/slirp/slirp-helper.c
385
config_one_hostfwd(Slirp *slirp, const char *rule)
usr.sbin/bhyve/slirp/slirp-helper.c
390
error = parse_hostfwd_rule(rule, &is_udp, &hostaddr, &guestaddr);
usr.sbin/bhyve/slirp/slirp-helper.c
392
errx(1, "unable to parse hostfwd rule '%s': %s", rule,
usr.sbin/bhyve/slirp/slirp-helper.c
398
errx(1, "Unable to add hostfwd rule '%s': %s", rule,
usr.sbin/bhyve/slirp/slirp-helper.c
546
const char *rule;
usr.sbin/bhyve/slirp/slirp-helper.c
551
while ((rule = strsep(&rules, ";")) != NULL)
usr.sbin/bhyve/slirp/slirp-helper.c
552
config_one_hostfwd(slirp, rule);
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1491
struct pfctl_rule rule;
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1504
PF_PASS, &rule, anchor_call)) {
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1510
if (rule.label[0][0]) {
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1518
strlcat(e->name, rule.label[0], sizeof(e->name));
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1520
e->evals = rule.evaluations;
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1521
e->bytes[IN] = rule.bytes[IN];
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1522
e->bytes[OUT] = rule.bytes[OUT];
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1523
e->pkts[IN] = rule.packets[IN];
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
1524
e->pkts[OUT] = rule.packets[OUT];
usr.sbin/cxgbetool/cxgbetool.c
3557
pcap_freecode(&op->rule[i].bpf_prog);
usr.sbin/cxgbetool/cxgbetool.c
3559
free(op->rule);
usr.sbin/cxgbetool/cxgbetool.c
3561
op->rule = NULL;
usr.sbin/cxgbetool/cxgbetool.c
3596
op->rule = NULL;
usr.sbin/cxgbetool/cxgbetool.c
3608
r = realloc(op->rule,
usr.sbin/cxgbetool/cxgbetool.c
3616
op->rule = r;
usr.sbin/cxgbetool/cxgbetool.c
3619
r = &op->rule[op->nrules];
usr.sbin/ppp/bundle.c
875
bundle.filter.in.rule[i].f_action = A_NONE;
usr.sbin/ppp/bundle.c
876
bundle.filter.out.rule[i].f_action = A_NONE;
usr.sbin/ppp/bundle.c
877
bundle.filter.dial.rule[i].f_action = A_NONE;
usr.sbin/ppp/bundle.c
878
bundle.filter.alive.rule[i].f_action = A_NONE;
usr.sbin/ppp/filter.c
431
arg->argv + arg->argn + 1, filter->rule);
usr.sbin/ppp/filter.c
517
doShowFilter(filter->rule, arg->prompt);
usr.sbin/ppp/filter.c
530
doShowFilter(filter[f]->rule, arg->prompt);
usr.sbin/ppp/filter.c
567
for (fp = filter->rule, n = 0; n < MAXFILTERS; fp++, n++)
usr.sbin/ppp/filter.h
81
struct filterent rule[MAXFILTERS]; /* incoming packet filter */
usr.sbin/ppp/ip.c
226
const struct filterent *fp = filter->rule;
usr.sbin/ppp/ip.c
451
fp = &filter->rule[n = fp->f_action];
usr.sbin/ugidfw/ugidfw.c
115
error = bsde_get_rule(i, &rule, BUFSIZ, errstr);
usr.sbin/ugidfw/ugidfw.c
126
if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1)
usr.sbin/ugidfw/ugidfw.c
137
struct mac_bsdextended_rule rule;
usr.sbin/ugidfw/ugidfw.c
154
error = bsde_parse_rule(argc - 1, argv + 1, &rule, BUFSIZ, errstr);
usr.sbin/ugidfw/ugidfw.c
160
error = bsde_set_rule(rulenum, &rule, BUFSIZ, errstr);
usr.sbin/ugidfw/ugidfw.c
74
struct mac_bsdextended_rule rule;
usr.sbin/ugidfw/ugidfw.c
77
error = bsde_parse_rule(argc, argv, &rule, BUFSIZ, errstr);
usr.sbin/ugidfw/ugidfw.c
83
error = bsde_add_rule(&rulenum, &rule, BUFSIZ, errstr);
usr.sbin/ugidfw/ugidfw.c
88
if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1)
usr.sbin/ugidfw/ugidfw.c
98
struct mac_bsdextended_rule rule;
