385 	    (((*state)->rule.ptr->rt == PF_ROUTETO &&
386 	    (*state)->rule.ptr->direction == PF_OUT) ||
387 	    ((*state)->rule.ptr->rt == PF_REPLYTO &&
388 	    (*state)->rule.ptr->direction == PF_IN)) &&
429 		s->rule.ptr->states++;				\
430 		VERIFY(s->rule.ptr->states != 0);		\
451 		VERIFY(s->rule.ptr->states > 0);		\
452 		s->rule.ptr->states--;				\
767 	if (a->rule.ptr > b->rule.ptr)
769 	if (a->rule.ptr < b->rule.ptr)
1212 	if ((*state)->rule.ptr->max_src_conn &&
1213 	    (*state)->rule.ptr->max_src_conn <
1219 	if ((*state)->rule.ptr->max_src_conn_rate.limit &&
1228 	if ((*state)->rule.ptr->overload_tbl) {
1256 		pfr_insert_kentry((*state)->rule.ptr->overload_tbl,
1260 		if ((*state)->rule.ptr->flush) {
1269 				 * from the same rule if PF_FLUSH_GLOBAL is not
1281 				    ((*state)->rule.ptr->flush &
1283 				    (*state)->rule.ptr == st->rule.ptr)) {
1304 pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule,
1312 		if (rule->rule_flag & PFRULE_RULESRCTRACK ||
1313 		    rule->rpool.opts & PF_POOL_STICKYADDR)
1314 			k.rule.ptr = rule;
1316 			k.rule.ptr = NULL;
1321 		if (!rule->max_src_nodes ||
1322 		    rule->src_nodes < rule->max_src_nodes)
1331 		    rule->max_src_conn_rate.limit,
1332 		    rule->max_src_conn_rate.seconds);
1335 		if (rule->rule_flag & PFRULE_RULESRCTRACK ||
1336 		    rule->rpool.opts & PF_POOL_STICKYADDR)
1337 			(*sn)->rule.ptr = rule;
1339 			(*sn)->rule.ptr = NULL;
1352 		(*sn)->ruletype = rule->action;
1353 		if ((*sn)->rule.ptr != NULL)
1354 			(*sn)->rule.ptr->src_nodes++;
1358 		if (rule->max_src_states &&
1359 		    (*sn)->states >= rule->max_src_states) {
1554 	t = state->rule.ptr->timeout[state->timeout];
1557 	start = state->rule.ptr->timeout[PFTM_ADAPTIVE_START];
1559 		end = state->rule.ptr->timeout[PFTM_ADAPTIVE_END];
1560 		states = state->rule.ptr->states;
1587 			if (cur->rule.ptr != NULL) {
1588 				cur->rule.ptr->src_nodes--;
1589 				if (cur->rule.ptr->states <= 0 &&
1590 				    cur->rule.ptr->max_src_nodes <= 0)
1591 					pf_rm_rule(NULL, cur->rule.ptr);
1615 			t = s->rule.ptr->timeout[PFTM_SRC_NODE];
1624 			t = s->rule.ptr->timeout[PFTM_SRC_NODE];
1639 		pf_send_tcp(cur->rule.ptr, cur->state_key->af,
1671 	VERIFY(cur->rule.ptr->states > 0);
1672 	if (--cur->rule.ptr->states <= 0 &&
1673 	    cur->rule.ptr->src_nodes <= 0)
1674 		pf_rm_rule(NULL, cur->rule.ptr);
3001 			k.rule.ptr = r;
3003 			k.rule.ptr = NULL;
3886 	struct pf_rule *r = s->rule.ptr;
4768 		/* src node for filter rule */
4775 		/* src node for translation rule */
4811 		s->rule.ptr = r;
5083  * When pf_test_dummynet() returns PF_PASS, the rule matching parameter "rm" 
5084  * remains unchanged, meaning the packet did not match a dummynet rule.
5085  * when the packet does match a dummynet rule, pf_test_dummynet() returns 
5086  * PF_PASS and zero out the mbuf rule as the packet is effectively siphoned 
5223 			 * Need to go past the previous dummynet matching rule	
5724 		if (pf_insert_state(BOUND_IFACE(s->rule.ptr, kif), gs)) {
5839 			pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst,
5878 			pf_send_tcp((*state)->rule.ptr, pd->af, &psrc->addr,
5892 			pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst,
5897 			pf_send_tcp((*state)->rule.ptr, pd->af, &psrc->addr,
6237 				pf_send_tcp((*state)->rule.ptr, pd->af,
6241 				    (*state)->rule.ptr->return_ttl, 1, 0,
8216 			r = s->rule.ptr;
8258 			r = s->rule.ptr;
8293 			r = s->rule.ptr;
8327 			r = s->rule.ptr;
8368 				r = s->rule.ptr;
8400 			r = s->rule.ptr;
8810 			r = s->rule.ptr;
8852 			r = s->rule.ptr;
8887 			r = s->rule.ptr;
8921 			r = s->rule.ptr;
8963 				r = s->rule.ptr;
8995 			r = s->rule.ptr;

Indexes created Wed Sep 11 23:09:49 MDT 2024