481 pf_nvrule_to_krule(const nvlist_t *nvl, struct pf_krule *rule)
487 	PFNV_CHK(pf_nvuint32(nvl, "nr", &rule->nr));
493 	    &rule->src);
501 	    &rule->dst));
504 		PFNV_CHK(pf_nvstring(nvl, "label", rule->label[0],
505 		    sizeof(rule->label[0])));
516 			ret = strlcpy(rule->label[i], strs[i],
517 			    sizeof(rule->label[0]));
518 			if (ret >= sizeof(rule->label[0]))
523 	PFNV_CHK(pf_nvstring(nvl, "ifname", rule->ifname,
524 	    sizeof(rule->ifname)));
525 	PFNV_CHK(pf_nvstring(nvl, "qname", rule->qname, sizeof(rule->qname)));
526 	PFNV_CHK(pf_nvstring(nvl, "pqname", rule->pqname,
527 	    sizeof(rule->pqname)));
528 	PFNV_CHK(pf_nvstring(nvl, "tagname", rule->tagname,
529 	    sizeof(rule->tagname)));
530 	PFNV_CHK(pf_nvstring(nvl, "match_tagname", rule->match_tagname,
531 	    sizeof(rule->match_tagname)));
532 	PFNV_CHK(pf_nvstring(nvl, "overload_tblname", rule->overload_tblname,
533 	    sizeof(rule->overload_tblname)));
538 	    &rule->rpool));
540 	PFNV_CHK(pf_nvuint32(nvl, "os_fingerprint", &rule->os_fingerprint));
542 	PFNV_CHK(pf_nvint(nvl, "rtableid", &rule->rtableid));
543 	PFNV_CHK(pf_nvuint32_array(nvl, "timeout", rule->timeout, PFTM_MAX, NULL));
544 	PFNV_CHK(pf_nvuint32(nvl, "max_states", &rule->max_states));
545 	PFNV_CHK(pf_nvuint32(nvl, "max_src_nodes", &rule->max_src_nodes));
546 	PFNV_CHK(pf_nvuint32(nvl, "max_src_states", &rule->max_src_states));
547 	PFNV_CHK(pf_nvuint32(nvl, "max_src_conn", &rule->max_src_conn));
549 	    &rule->max_src_conn_rate.limit));
551 	    &rule->max_src_conn_rate.seconds));
552 	PFNV_CHK(pf_nvuint32(nvl, "prob", &rule->prob));
553 	PFNV_CHK(pf_nvuint32(nvl, "cuid", &rule->cuid));
554 	PFNV_CHK(pf_nvuint32(nvl, "cpid", &rule->cpid));
556 	PFNV_CHK(pf_nvuint16(nvl, "return_icmp", &rule->return_icmp));
557 	PFNV_CHK(pf_nvuint16(nvl, "return_icmp6", &rule->return_icmp6));
559 	PFNV_CHK(pf_nvuint16(nvl, "max_mss", &rule->max_mss));
560 	PFNV_CHK(pf_nvuint16(nvl, "scrub_flags", &rule->scrub_flags));
565 	    &rule->uid));
570 	    &rule->gid));
572 	PFNV_CHK(pf_nvuint32(nvl, "rule_flag", &rule->rule_flag));
573 	PFNV_CHK(pf_nvuint8(nvl, "action", &rule->action));
574 	PFNV_CHK(pf_nvuint8(nvl, "direction", &rule->direction));
575 	PFNV_CHK(pf_nvuint8(nvl, "log", &rule->log));
576 	PFNV_CHK(pf_nvuint8(nvl, "logif", &rule->logif));
577 	PFNV_CHK(pf_nvuint8(nvl, "quick", &rule->quick));
578 	PFNV_CHK(pf_nvuint8(nvl, "ifnot", &rule->ifnot));
579 	PFNV_CHK(pf_nvuint8(nvl, "match_tag_not", &rule->match_tag_not));
580 	PFNV_CHK(pf_nvuint8(nvl, "natpass", &rule->natpass));
582 	PFNV_CHK(pf_nvuint8(nvl, "keep_state", &rule->keep_state));
583 	PFNV_CHK(pf_nvuint8(nvl, "af", &rule->af));
584 	PFNV_CHK(pf_nvuint8(nvl, "proto", &rule->proto));
585 	PFNV_CHK(pf_nvuint8(nvl, "type", &rule->type));
586 	PFNV_CHK(pf_nvuint8(nvl, "code", &rule->code));
587 	PFNV_CHK(pf_nvuint8(nvl, "flags", &rule->flags));
588 	PFNV_CHK(pf_nvuint8(nvl, "flagset", &rule->flagset));
589 	PFNV_CHK(pf_nvuint8(nvl, "min_ttl", &rule->min_ttl));
590 	PFNV_CHK(pf_nvuint8(nvl, "allow_opts", &rule->allow_opts));
591 	PFNV_CHK(pf_nvuint8(nvl, "rt", &rule->rt));
592 	PFNV_CHK(pf_nvuint8(nvl, "return_ttl", &rule->return_ttl));
593 	PFNV_CHK(pf_nvuint8(nvl, "tos", &rule->tos));
594 	PFNV_CHK(pf_nvuint8(nvl, "set_tos", &rule->set_tos));
595 	PFNV_CHK(pf_nvuint8(nvl, "anchor_relative", &rule->anchor_relative));
596 	PFNV_CHK(pf_nvuint8(nvl, "anchor_wildcard", &rule->anchor_wildcard));
598 	PFNV_CHK(pf_nvuint8(nvl, "flush", &rule->flush));
599 	PFNV_CHK(pf_nvuint8(nvl, "prio", &rule->prio));
601 	PFNV_CHK(pf_nvuint8_array(nvl, "set_prio", &rule->prio, 2, NULL));
609 		    &rule->divert.addr));
610 		PFNV_CHK(pf_nvuint16(nvldivert, "port", &rule->divert.port));
615 	if (rule->af == AF_INET)
619 	if (rule->af == AF_INET6)
623 	PFNV_CHK(pf_check_rule_addr(&rule->src));
624 	PFNV_CHK(pf_check_rule_addr(&rule->dst));
634 pf_divert_to_nvdivert(const struct pf_krule *rule)
643 	tmp = pf_addr_to_nvaddr(&rule->divert.addr);
648 	nvlist_add_number(nvl, "port", rule->divert.port);
658 pf_krule_to_nvrule(const struct pf_krule *rule)
666 	nvlist_add_number(nvl, "nr", rule->nr);
667 	tmp = pf_rule_addr_to_nvrule_addr(&rule->src);
672 	tmp = pf_rule_addr_to_nvrule_addr(&rule->dst);
680 		    rule->skip[i].ptr ? rule->skip[i].ptr->nr : -1);
684 		nvlist_append_string_array(nvl, "labels", rule->label[i]);
686 	nvlist_add_string(nvl, "label", rule->label[0]);
687 	nvlist_add_string(nvl, "ifname", rule->ifname);
688 	nvlist_add_string(nvl, "qname", rule->qname);
689 	nvlist_add_string(nvl, "pqname", rule->pqname);
690 	nvlist_add_string(nvl, "tagname", rule->tagname);
691 	nvlist_add_string(nvl, "match_tagname", rule->match_tagname);
692 	nvlist_add_string(nvl, "overload_tblname", rule->overload_tblname);
694 	tmp = pf_pool_to_nvpool(&rule->rpool);
701 	    counter_u64_fetch(rule->evaluations));
704 		    counter_u64_fetch(rule->packets[i]));
706 		    counter_u64_fetch(rule->bytes[i]));
709 	nvlist_add_number(nvl, "os_fingerprint", rule->os_fingerprint);
711 	nvlist_add_number(nvl, "rtableid", rule->rtableid);
712 	pf_uint32_array_nv(nvl, "timeout", rule->timeout, PFTM_MAX);
713 	nvlist_add_number(nvl, "max_states", rule->max_states);
714 	nvlist_add_number(nvl, "max_src_nodes", rule->max_src_nodes);
715 	nvlist_add_number(nvl, "max_src_states", rule->max_src_states);
716 	nvlist_add_number(nvl, "max_src_conn", rule->max_src_conn);
718 	    rule->max_src_conn_rate.limit);
720 	    rule->max_src_conn_rate.seconds);
721 	nvlist_add_number(nvl, "qid", rule->qid);
722 	nvlist_add_number(nvl, "pqid", rule->pqid);
723 	nvlist_add_number(nvl, "prob", rule->prob);
724 	nvlist_add_number(nvl, "cuid", rule->cuid);
725 	nvlist_add_number(nvl, "cpid", rule->cpid);
728 	    counter_u64_fetch(rule->states_cur));
730 	    counter_u64_fetch(rule->states_tot));
732 	    counter_u64_fetch(rule->src_nodes));
734 	nvlist_add_number(nvl, "return_icmp", rule->return_icmp);
735 	nvlist_add_number(nvl, "return_icmp6", rule->return_icmp6);
737 	nvlist_add_number(nvl, "max_mss", rule->max_mss);
738 	nvlist_add_number(nvl, "scrub_flags", rule->scrub_flags);
740 	tmp = pf_rule_uid_to_nvrule_uid(&rule->uid);
745 	tmp = pf_rule_uid_to_nvrule_uid((const struct pf_rule_uid *)&rule->gid);
751 	nvlist_add_number(nvl, "rule_flag", rule->rule_flag);
752 	nvlist_add_number(nvl, "action", rule->action);
753 	nvlist_add_number(nvl, "direction", rule->direction);
754 	nvlist_add_number(nvl, "log", rule->log);
755 	nvlist_add_number(nvl, "logif", rule->logif);
756 	nvlist_add_number(nvl, "quick", rule->quick);
757 	nvlist_add_number(nvl, "ifnot", rule->ifnot);
758 	nvlist_add_number(nvl, "match_tag_not", rule->match_tag_not);
759 	nvlist_add_number(nvl, "natpass", rule->natpass);
761 	nvlist_add_number(nvl, "keep_state", rule->keep_state);
762 	nvlist_add_number(nvl, "af", rule->af);
763 	nvlist_add_number(nvl, "proto", rule->proto);
764 	nvlist_add_number(nvl, "type", rule->type);
765 	nvlist_add_number(nvl, "code", rule->code);
766 	nvlist_add_number(nvl, "flags", rule->flags);
767 	nvlist_add_number(nvl, "flagset", rule->flagset);
768 	nvlist_add_number(nvl, "min_ttl", rule->min_ttl);
769 	nvlist_add_number(nvl, "allow_opts", rule->allow_opts);
770 	nvlist_add_number(nvl, "rt", rule->rt);
771 	nvlist_add_number(nvl, "return_ttl", rule->return_ttl);
772 	nvlist_add_number(nvl, "tos", rule->tos);
773 	nvlist_add_number(nvl, "set_tos", rule->set_tos);
774 	nvlist_add_number(nvl, "anchor_relative", rule->anchor_relative);
775 	nvlist_add_number(nvl, "anchor_wildcard", rule->anchor_wildcard);
777 	nvlist_add_number(nvl, "flush", rule->flush);
778 	nvlist_add_number(nvl, "prio", rule->prio);
780 	pf_uint8_array_nv(nvl, "set_prio", &rule->prio, 2);
782 	tmp = pf_divert_to_nvdivert(rule);
969 	nvlist_add_number(nvl, "rule", s->rule.ptr ? s->rule.ptr->nr : -1);

Indexes created Fri Jul 05 22:58:02 MDT 2024