3032 		struct pf_rule          *oldrule = NULL, *newrule = NULL;  in pfioctl_ioc_rule()  local
3078 			newrule = pool_get(&pf_rule_pl, PR_WAITOK);  in pfioctl_ioc_rule()
3079 			if (newrule == NULL) {  in pfioctl_ioc_rule()
3083 			pf_rule_copyin(&pcr->rule, newrule, p, minordev);  in pfioctl_ioc_rule()
3085 			if (newrule->af == AF_INET) {  in pfioctl_ioc_rule()
3086 				pool_put(&pf_rule_pl, newrule);  in pfioctl_ioc_rule()
3091 			if (newrule->ifname[0]) {  in pfioctl_ioc_rule()
3092 				newrule->kif = pfi_kif_get(newrule->ifname);  in pfioctl_ioc_rule()
3093 				if (newrule->kif == NULL) {  in pfioctl_ioc_rule()
3094 					pool_put(&pf_rule_pl, newrule);  in pfioctl_ioc_rule()
3098 				pfi_kif_ref(newrule->kif, PFI_KIF_REF_RULE);  in pfioctl_ioc_rule()
3100 				newrule->kif = NULL;  in pfioctl_ioc_rule()
3103 			if (newrule->tagname[0]) {  in pfioctl_ioc_rule()
3104 				if ((newrule->tag =  in pfioctl_ioc_rule()
3105 				    pf_tagname2tag(newrule->tagname)) == 0) {  in pfioctl_ioc_rule()
3109 			if (newrule->match_tagname[0]) {  in pfioctl_ioc_rule()
3110 				if ((newrule->match_tag = pf_tagname2tag(  in pfioctl_ioc_rule()
3111 					    newrule->match_tagname)) == 0) {  in pfioctl_ioc_rule()
3115 			if (newrule->rt && !newrule->direction) {  in pfioctl_ioc_rule()
3119 			if (!newrule->log) {  in pfioctl_ioc_rule()
3120 				newrule->logif = 0;  in pfioctl_ioc_rule()
3122 			if (newrule->logif >= PFLOGIFS_MAX) {  in pfioctl_ioc_rule()
3126 			pf_addrwrap_setup(&newrule->src.addr);  in pfioctl_ioc_rule()
3127 			pf_addrwrap_setup(&newrule->dst.addr);  in pfioctl_ioc_rule()
3128 			if (pf_rtlabel_add(&newrule->src.addr) ||  in pfioctl_ioc_rule()
3129 			    pf_rtlabel_add(&newrule->dst.addr)) {  in pfioctl_ioc_rule()
3132 			if (pfi_dynaddr_setup(&newrule->src.addr, newrule->af)) {  in pfioctl_ioc_rule()
3135 			if (pfi_dynaddr_setup(&newrule->dst.addr, newrule->af)) {  in pfioctl_ioc_rule()
3138 			if (pf_tbladdr_setup(ruleset, &newrule->src.addr)) {  in pfioctl_ioc_rule()
3141 			if (pf_tbladdr_setup(ruleset, &newrule->dst.addr)) {  in pfioctl_ioc_rule()
3144 			if (pf_anchor_setup(newrule, ruleset, pcr->anchor_call)) {  in pfioctl_ioc_rule()
3152 			if (newrule->overload_tblname[0]) {  in pfioctl_ioc_rule()
3153 				if ((newrule->overload_tbl = pfr_attach_table(  in pfioctl_ioc_rule()
3154 					    ruleset, newrule->overload_tblname)) ==  in pfioctl_ioc_rule()
3158 					newrule->overload_tbl->pfrkt_flags |=  in pfioctl_ioc_rule()
3163 			pf_mv_pool(&pf_pabuf, &newrule->rpool.list);  in pfioctl_ioc_rule()
3164 			if (((((newrule->action == PF_NAT) ||  in pfioctl_ioc_rule()
3165 			    (newrule->action == PF_RDR) ||  in pfioctl_ioc_rule()
3166 			    (newrule->action == PF_BINAT) ||  in pfioctl_ioc_rule()
3167 			    (newrule->rt > PF_FASTROUTE)) &&  in pfioctl_ioc_rule()
3168 			    !newrule->anchor)) &&  in pfioctl_ioc_rule()
3169 			    (TAILQ_FIRST(&newrule->rpool.list) == NULL)) {  in pfioctl_ioc_rule()
3174 				pf_rm_rule(NULL, newrule);  in pfioctl_ioc_rule()
3177 			newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list);  in pfioctl_ioc_rule()
3178 			newrule->evaluations = 0;  in pfioctl_ioc_rule()
3179 			newrule->packets[0] = newrule->packets[1] = 0;  in pfioctl_ioc_rule()
3180 			newrule->bytes[0] = newrule->bytes[1] = 0;  in pfioctl_ioc_rule()
3197 				if (newrule != NULL) {  in pfioctl_ioc_rule()
3198 					pf_rm_rule(NULL, newrule);  in pfioctl_ioc_rule()
3212 					newrule, entries);  in pfioctl_ioc_rule()
3215 				TAILQ_INSERT_BEFORE(oldrule, newrule, entries);  in pfioctl_ioc_rule()
3219 					oldrule, newrule, entries);  in pfioctl_ioc_rule()