Lines Matching refs:rule
199 static void cp_to_user_64( struct ip6_fw_64 *userrule_64, struct ip6_fw *rule);
200 static void cp_from_user_64( struct ip6_fw_64 *userrule_64, struct ip6_fw *rule);
201 static void cp_to_user_32( struct ip6_fw_32 *userrule_32, struct ip6_fw *rule);
202 static void cp_from_user_32( struct ip6_fw_32 *userrule_32, struct ip6_fw *rule);
545 * *cookie Skip up to the first rule past this rule number;
562 struct ip6_fw *rule = NULL;
581 * If we've been asked to start at a given rule immediatly, do so.
589 while (chain && (chain->rule->fw_number <= skipto)) {
596 struct ip6_fw *const f = chain->rule;
614 /* If src-addr doesn't match, not this rule. */
619 /* If dest-addr doesn't match, not this rule. */
683 * packet -- if this rule specified either one,
684 * we consider the rule a non-match.
710 * rule specifies a port, we consider the rule
756 /* Ignore divert/tee rule if socket port is "ignport" */
761 continue; /* ignore this rule */
801 && chain->chain.le_next->rule->fw_number
804 while (chain->chain.le_next->rule->fw_number
811 /* Deny/reject this packet using this rule */
812 rule = f;
826 * - The packet matched a reject rule
830 if ((rule->fw_flg & IPV6_FW_F_COMMAND) == IPV6_FW_F_REJECT
834 switch (rule->fw_reject_code) {
884 rule->fw_reject_code, 0);
922 fwc->rule = ftmp;
934 dprintf(("%s bad rule number\n", err_prefix));
938 /* If entry number is 0, find highest numbered rule and add 100 */
941 if (fcp->rule->fw_number != (u_short)-1)
942 nbr = fcp->rule->fw_number;
953 if (fcp->rule->fw_number > ftmp->fw_number) {
981 if (fcp->rule->fw_number == number) {
984 FREE(fcp->rule, M_IP6FW);
1008 if (!frwl || frwl->fw_number == 0 || frwl->fw_number == fcp->rule->fw_number) {
1009 fcp->rule->fw_bcnt = fcp->rule->fw_pcnt = 0;
1010 fcp->rule->timestamp = 0;
1079 dprintf(("%s port(s) specified for non TCP/UDP rule\n",
1086 * we reject this rule and require user level utilities
1097 dprintf(("%s rule never matches\n", err_prefix));
1163 cp_to_user_64( struct ip6_fw_64 *userrule_64, struct ip6_fw *rule)
1165 userrule_64->version = rule->version;
1166 userrule_64->context = CAST_USER_ADDR_T(rule->context);
1167 userrule_64->fw_pcnt = rule->fw_pcnt;
1168 userrule_64->fw_bcnt = rule->fw_bcnt;
1169 userrule_64->fw_src = rule->fw_src;
1170 userrule_64->fw_dst = rule->fw_dst;
1171 userrule_64->fw_smsk = rule->fw_smsk;
1172 userrule_64->fw_dmsk = rule->fw_dmsk;
1173 userrule_64->fw_number = rule->fw_number;
1174 userrule_64->fw_flg = rule->fw_flg;
1175 userrule_64->fw_ipflg = rule->fw_ipflg;
1176 bcopy( rule->fw_pts, userrule_64->fw_pts, IPV6_FW_MAX_PORTS);
1177 userrule_64->fw_ip6opt= rule->fw_ip6opt;
1178 userrule_64->fw_ip6nopt = rule->fw_ip6nopt;
1179 userrule_64->fw_tcpf = rule->fw_tcpf;
1180 userrule_64->fw_tcpnf = rule->fw_tcpnf;
1181 bcopy( rule->fw_icmp6types, userrule_64->fw_icmp6types, sizeof(userrule_64->fw_icmp6types));
1182 userrule_64->fw_in_if = rule->fw_in_if;
1183 userrule_64->fw_out_if = rule->fw_out_if;
1184 userrule_64->timestamp = rule->timestamp;
1185 userrule_64->fw_un.fu_divert_port = rule->fw_un.fu_divert_port;
1186 userrule_64->fw_prot = rule->fw_prot;
1187 userrule_64->fw_nports = rule->fw_nports;
1192 cp_from_user_64( struct ip6_fw_64 *userrule_64, struct ip6_fw *rule)
1194 rule->version = userrule_64->version;
1195 rule->context = CAST_DOWN(void *, userrule_64->context);
1196 rule->fw_pcnt = userrule_64->fw_pcnt;
1197 rule->fw_bcnt = userrule_64->fw_bcnt;
1198 rule->fw_src = userrule_64->fw_src;
1199 rule->fw_dst = userrule_64->fw_dst;
1200 rule->fw_smsk = userrule_64->fw_smsk;
1201 rule->fw_dmsk = userrule_64->fw_dmsk;
1202 rule->fw_number = userrule_64->fw_number;
1203 rule->fw_flg = userrule_64->fw_flg;
1204 rule->fw_ipflg = userrule_64->fw_ipflg;
1205 bcopy( userrule_64->fw_pts, rule->fw_pts, IPV6_FW_MAX_PORTS);
1206 rule->fw_ip6opt = userrule_64->fw_ip6opt;
1207 rule->fw_ip6nopt = userrule_64->fw_ip6nopt;
1208 rule->fw_tcpf = userrule_64->fw_tcpf;
1209 rule->fw_tcpnf = userrule_64->fw_tcpnf;
1210 bcopy( userrule_64->fw_icmp6types, rule->fw_icmp6types, sizeof(userrule_64->fw_icmp6types));
1211 rule->fw_in_if = userrule_64->fw_in_if;
1212 rule->fw_out_if = userrule_64->fw_out_if;
1213 rule->timestamp = CAST_DOWN( long, userrule_64->timestamp);
1214 rule->fw_un.fu_divert_port = userrule_64->fw_un.fu_divert_port;
1215 rule->fw_prot = userrule_64->fw_prot;
1216 rule->fw_nports = userrule_64->fw_nports;
1221 cp_to_user_32( struct ip6_fw_32 *userrule_32, struct ip6_fw *rule)
1223 userrule_32->version = rule->version;
1224 userrule_32->context = CAST_DOWN_EXPLICIT( user32_addr_t, rule->context);
1225 userrule_32->fw_pcnt = rule->fw_pcnt;
1226 userrule_32->fw_bcnt = rule->fw_bcnt;
1227 userrule_32->fw_src = rule->fw_src;
1228 userrule_32->fw_dst = rule->fw_dst;
1229 userrule_32->fw_smsk = rule->fw_smsk;
1230 userrule_32->fw_dmsk = rule->fw_dmsk;
1231 userrule_32->fw_number = rule->fw_number;
1232 userrule_32->fw_flg = rule->fw_flg;
1233 userrule_32->fw_ipflg = rule->fw_ipflg;
1234 bcopy( rule->fw_pts, userrule_32->fw_pts, IPV6_FW_MAX_PORTS);
1235 userrule_32->fw_ip6opt = rule->fw_ip6opt ;
1236 userrule_32->fw_ip6nopt = rule->fw_ip6nopt;
1237 userrule_32->fw_tcpf = rule->fw_tcpf;
1238 userrule_32->fw_tcpnf = rule->fw_tcpnf;
1239 bcopy( rule->fw_icmp6types, userrule_32->fw_icmp6types, sizeof(rule->fw_icmp6types));
1240 userrule_32->fw_in_if = rule->fw_in_if;
1241 userrule_32->fw_out_if = rule->fw_out_if;
1242 userrule_32->timestamp = rule->timestamp;
1243 userrule_32->fw_un.fu_divert_port = rule->fw_un.fu_divert_port;
1244 userrule_32->fw_prot = rule->fw_prot;
1245 userrule_32->fw_nports = rule->fw_nports;
1250 cp_from_user_32( struct ip6_fw_32 *userrule_32, struct ip6_fw *rule)
1252 rule->version = userrule_32->version;
1253 rule->context = CAST_DOWN(void *, userrule_32->context);
1254 rule->fw_pcnt = userrule_32->fw_pcnt;
1255 rule->fw_bcnt = userrule_32->fw_bcnt;
1256 rule->fw_src = userrule_32->fw_src;
1257 rule->fw_dst = userrule_32->fw_dst;
1258 rule->fw_smsk = userrule_32->fw_smsk;
1259 rule->fw_dmsk = userrule_32->fw_dmsk;
1260 rule->fw_number = userrule_32->fw_number;
1261 rule->fw_flg = userrule_32->fw_flg;
1262 rule->fw_ipflg = userrule_32->fw_ipflg;
1263 bcopy( userrule_32->fw_pts, rule->fw_pts, IPV6_FW_MAX_PORTS);
1264 rule->fw_ip6opt = userrule_32->fw_ip6opt;
1265 rule->fw_ip6nopt = userrule_32->fw_ip6nopt;
1266 rule->fw_tcpf = userrule_32->fw_tcpf;
1267 rule->fw_tcpnf = userrule_32->fw_tcpnf;
1268 bcopy( userrule_32->fw_icmp6types, rule->fw_icmp6types, sizeof(userrule_32->fw_icmp6types));
1269 rule->fw_in_if = userrule_32->fw_in_if;
1270 rule->fw_out_if = userrule_32->fw_out_if;
1271 rule->timestamp = CAST_DOWN(long, userrule_32->timestamp);
1272 rule->fw_un.fu_divert_port = userrule_32->fw_un.fu_divert_port;
1273 rule->fw_prot = userrule_32->fw_prot;
1274 rule->fw_nports = userrule_32->fw_nports;
1283 struct ip6_fw rule;
1297 /* We ALWAYS expect the client to pass in a rule structure so that we can
1299 * IPV6_FW_GET operation, the first rule of the output buffer passed to us
1312 cp_from_user_64( &userrule_64, &rule );
1320 cp_from_user_32( &userrule_32, &rule );
1323 if (rule.version != IPV6_FW_CURRENT_API_VERSION) return EINVAL;
1324 rule.version = 0xFFFFFFFF; /* version is meaningless once rules "make it in the door". */
1354 //bcopy(fcp->rule, bp, sizeof *bp);
1356 cp_to_user_64( (struct ip6_fw_64*)bp, fcp->rule);
1359 cp_to_user_32( (struct ip6_fw_32*)bp, fcp->rule);
1382 ip6_fw_chain.lh_first->rule->fw_number != (u_short)-1)
1386 FREE(fcp->rule, M_IP6FW);
1394 error = zero_entry6(&rule);
1398 if (check_ip6fw_struct(&rule)) {
1399 error = add_entry6(&ip6_fw_chain, &rule);
1407 cp_to_user_64( &userrule_64, &rule);
1412 cp_to_user_32( &userrule_32, &rule);
1418 if (rule.fw_number == (u_short)-1)
1420 dprintf(("%s can't delete rule 65535\n", err_prefix));
1424 error = del_entry6(&ip6_fw_chain, rule.fw_number);