• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /macosx-10.5.8/xnu-1228.15.4/bsd/netinet6/

Lines Matching defs:rule

538  *	*cookie Skip up to the first rule past this rule number;
555 	struct ip6_fw *rule = NULL;
574 	 * If we've been asked to start at a given rule immediatly, do so.
582 		while (chain && (chain->rule->fw_number <= skipto)) {
589 		struct ip6_fw *const f = chain->rule;
607 		/* If src-addr doesn't match, not this rule. */
612 		/* If dest-addr doesn't match, not this rule. */
676 				 * packet -- if this rule specified either one,
677 				 * we consider the rule a non-match.
703 				 * rule specifies a port, we consider the rule
749 		/* Ignore divert/tee rule if socket port is "ignport" */
754 				continue;       /* ignore this rule */
794 			    && chain->chain.le_next->rule->fw_number
797 			while (chain->chain.le_next->rule->fw_number
804 		/* Deny/reject this packet using this rule */
805 		rule = f;
819 	 * - The packet matched a reject rule
823 	if ((rule->fw_flg & IPV6_FW_F_COMMAND) == IPV6_FW_F_REJECT
827 		switch (rule->fw_reject_code) {
879 			    rule->fw_reject_code, 0);
918 	fwc->rule = ftmp;
930 		dprintf(("%s bad rule number\n", err_prefix));
934 	/* If entry number is 0, find highest numbered rule and add 100 */
937 			if (fcp->rule->fw_number != (u_short)-1)
938 				nbr = fcp->rule->fw_number;
949 		if (fcp->rule->fw_number > ftmp->fw_number) {
976 			if (fcp->rule->fw_number == number) {
979 				FREE(fcp->rule, M_IP6FW);
1003 		if (!frwl || frwl->fw_number == 0 || frwl->fw_number == fcp->rule->fw_number) {
1004 			fcp->rule->fw_bcnt = fcp->rule->fw_pcnt = 0;
1005 			fcp->rule->timestamp = 0;
1074 		dprintf(("%s port(s) specified for non TCP/UDP rule\n",
1081 	 *	we reject this rule and require user level utilities
1092 		dprintf(("%s rule never matches\n", err_prefix));
1153 		if (sizeof *(fcp->rule) > MLEN) {
1161 			bcopy(fcp->rule, m->m_data, sizeof *(fcp->rule));
1162 			m->m_len = sizeof *(fcp->rule);
1169 			if (sizeof *(fcp->rule) > MLEN) {
1191 		    ip6_fw_chain.lh_first->rule->fw_number != (u_short)-1) {
1196 			FREE(fcp->rule, M_IP6FW);
1237 			dprintf(("%s can't delete rule 65535\n", err_prefix));
1281 	struct ip6_fw rule;
1287 	/* We ALWAYS expect the client to pass in a rule structure so that we can
1289 	 * IPV6_FW_GET operation, the first rule of the output buffer passed to us
1291 	if (!sopt->sopt_val || sopt->sopt_valsize < sizeof rule) return EINVAL;
1295 	if ((error = sooptcopyin(sopt, &rule, sizeof(rule), sizeof(rule))))
1298 	if (rule.version != IPV6_FW_CURRENT_API_VERSION) return EINVAL;
1299 	rule.version = 0xFFFFFFFF;	/* version is meaningless once rules "make it in the door". */
1320 					bcopy(fcp->rule, bp, sizeof *bp);
1340 				ip6_fw_chain.lh_first->rule->fw_number != (u_short)-1)
1344 				FREE(fcp->rule, M_IP6FW);
1352 			error = zero_entry6(&rule);
1356 			if (check_ip6fw_struct(&rule)) {
1357 				error = add_entry6(&ip6_fw_chain, &rule);
1365 			if (rule.fw_number == (u_short)-1)
1367 				dprintf(("%s can't delete rule 65535\n", err_prefix));
1371 				error = del_entry6(&ip6_fw_chain, rule.fw_number);