636 	struct pf_rule          *rule;  in pf_get_pool()  local
653 			rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,  in pf_get_pool()
656 			rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);  in pf_get_pool()
664 			rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,  in pf_get_pool()
667 			rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr);  in pf_get_pool()
671 		while ((rule != NULL) && (rule->nr != rule_number)) {  in pf_get_pool()
672 			rule = TAILQ_NEXT(rule, entries);  in pf_get_pool()
675 	if (rule == NULL) {  in pf_get_pool()
679 	return &rule->rpool;  in pf_get_pool()
708 pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)  in pf_rm_rule()  argument
711 		if (rule->states <= 0) {  in pf_rm_rule()
717 			pf_tbladdr_remove(&rule->src.addr);  in pf_rm_rule()
718 			pf_tbladdr_remove(&rule->dst.addr);  in pf_rm_rule()
719 			if (rule->overload_tbl) {  in pf_rm_rule()
720 				pfr_detach_table(rule->overload_tbl);  in pf_rm_rule()
723 		TAILQ_REMOVE(rulequeue, rule, entries);  in pf_rm_rule()
724 		rule->entries.tqe_prev = NULL;  in pf_rm_rule()
725 		rule->nr = -1;  in pf_rm_rule()
728 	if (rule->states > 0 || rule->src_nodes > 0 ||  in pf_rm_rule()
729 	    rule->entries.tqe_prev != NULL) {  in pf_rm_rule()
732 	pf_tag_unref(rule->tag);  in pf_rm_rule()
733 	pf_tag_unref(rule->match_tag);  in pf_rm_rule()
734 	pf_rtlabel_remove(&rule->src.addr);  in pf_rm_rule()
735 	pf_rtlabel_remove(&rule->dst.addr);  in pf_rm_rule()
736 	pfi_dynaddr_remove(&rule->src.addr);  in pf_rm_rule()
737 	pfi_dynaddr_remove(&rule->dst.addr);  in pf_rm_rule()
739 		pf_tbladdr_remove(&rule->src.addr);  in pf_rm_rule()
740 		pf_tbladdr_remove(&rule->dst.addr);  in pf_rm_rule()
741 		if (rule->overload_tbl) {  in pf_rm_rule()
742 			pfr_detach_table(rule->overload_tbl);  in pf_rm_rule()
745 	pfi_kif_unref(rule->kif, PFI_KIF_REF_RULE);  in pf_rm_rule()
746 	pf_anchor_remove(rule);  in pf_rm_rule()
747 	pf_empty_pool(&rule->rpool.list);  in pf_rm_rule()
748 	pool_put(&pf_rule_pl, rule);  in pf_rm_rule()
903 	struct pf_rule          *rule;  in pf_begin_rules()  local
912 	while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {  in pf_begin_rules()
913 		pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);  in pf_begin_rules()
925 	struct pf_rule          *rule;  in pf_rollback_rules()  local
935 	while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {  in pf_rollback_rules()
936 		pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);  in pf_rollback_rules()
997 pf_hash_rule(MD5_CTX *ctx, struct pf_rule *rule)  in pf_hash_rule()  argument
1002 	pf_hash_rule_addr(ctx, &rule->src, rule->proto);  in pf_hash_rule()
1003 	pf_hash_rule_addr(ctx, &rule->dst, rule->proto);  in pf_hash_rule()
1004 	PF_MD5_UPD_STR(rule, label);  in pf_hash_rule()
1005 	PF_MD5_UPD_STR(rule, ifname);  in pf_hash_rule()
1006 	PF_MD5_UPD_STR(rule, match_tagname);  in pf_hash_rule()
1007 	PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */  in pf_hash_rule()
1008 	PF_MD5_UPD_HTONL(rule, os_fingerprint, y);  in pf_hash_rule()
1009 	PF_MD5_UPD_HTONL(rule, prob, y);  in pf_hash_rule()
1010 	PF_MD5_UPD_HTONL(rule, uid.uid[0], y);  in pf_hash_rule()
1011 	PF_MD5_UPD_HTONL(rule, uid.uid[1], y);  in pf_hash_rule()
1012 	PF_MD5_UPD(rule, uid.op);  in pf_hash_rule()
1013 	PF_MD5_UPD_HTONL(rule, gid.gid[0], y);  in pf_hash_rule()
1014 	PF_MD5_UPD_HTONL(rule, gid.gid[1], y);  in pf_hash_rule()
1015 	PF_MD5_UPD(rule, gid.op);  in pf_hash_rule()
1016 	PF_MD5_UPD_HTONL(rule, rule_flag, y);  in pf_hash_rule()
1017 	PF_MD5_UPD(rule, action);  in pf_hash_rule()
1018 	PF_MD5_UPD(rule, direction);  in pf_hash_rule()
1019 	PF_MD5_UPD(rule, af);  in pf_hash_rule()
1020 	PF_MD5_UPD(rule, quick);  in pf_hash_rule()
1021 	PF_MD5_UPD(rule, ifnot);  in pf_hash_rule()
1022 	PF_MD5_UPD(rule, match_tag_not);  in pf_hash_rule()
1023 	PF_MD5_UPD(rule, natpass);  in pf_hash_rule()
1024 	PF_MD5_UPD(rule, keep_state);  in pf_hash_rule()
1025 	PF_MD5_UPD(rule, proto);  in pf_hash_rule()
1026 	PF_MD5_UPD(rule, type);  in pf_hash_rule()
1027 	PF_MD5_UPD(rule, code);  in pf_hash_rule()
1028 	PF_MD5_UPD(rule, flags);  in pf_hash_rule()
1029 	PF_MD5_UPD(rule, flagset);  in pf_hash_rule()
1030 	PF_MD5_UPD(rule, allow_opts);  in pf_hash_rule()
1031 	PF_MD5_UPD(rule, rt);  in pf_hash_rule()
1032 	PF_MD5_UPD(rule, tos);  in pf_hash_rule()
1039 	struct pf_rule          *rule, **old_array, *r;  in pf_commit_rules()  local
1100 	while ((rule = TAILQ_FIRST(old_rules)) != NULL) {  in pf_commit_rules()
1101 		pf_rm_rule(old_rules, rule);  in pf_commit_rules()
1197 	sp->rule = s->rule.ptr->nr;  in pf_state_export()
1254 	s->rule.ptr = &pf_default_rule;  in pf_state_import()
1293 	struct pf_rule          *rule;  in pf_setup_pfsync_matching()  local
1316 		TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr,  in pf_setup_pfsync_matching()
1318 			pf_hash_rule(&ctx, rule);  in pf_setup_pfsync_matching()
1319 			(rs->rules[rs_cnt].inactive.ptr_array)[rule->nr] = rule;  in pf_setup_pfsync_matching()
1729 		struct pf_rule          *rule;  in pfioctl()  local
1731 		TAILQ_FOREACH(rule,  in pfioctl()
1733 			rule->evaluations = 0;  in pfioctl()
1734 			rule->packets[0] = rule->packets[1] = 0;  in pfioctl()
1735 			rule->bytes[0] = rule->bytes[1] = 0;  in pfioctl()
2376 pf_expire_states_and_src_nodes(struct pf_rule *rule)  in pf_expire_states_and_src_nodes()  argument
2385 		if (state->rule.ptr == rule) {  in pf_expire_states_and_src_nodes()
2394 		if (sn->rule.ptr != rule) {  in pf_expire_states_and_src_nodes()
2419     struct pf_rule *rule)  in pf_delete_rule_from_ruleset()  argument
2424 	pf_expire_states_and_src_nodes(rule);  in pf_delete_rule_from_ruleset()
2426 	pf_rm_rule(ruleset->rules[rs_num].active.ptr, rule);  in pf_delete_rule_from_ruleset()
2455 	struct pf_rule          *rule = NULL;  in pf_delete_rule_by_ticket()  local
2462 	    pr->rule.owner, is_anchor, &error)) == NULL) {  in pf_delete_rule_by_ticket()
2466 	for (i = 0; i < PF_RULESET_MAX && rule == NULL; i++) {  in pf_delete_rule_by_ticket()
2467 		rule = TAILQ_FIRST(ruleset->rules[i].active.ptr);  in pf_delete_rule_by_ticket()
2468 		while (rule && (rule->ticket != pr->rule.ticket)) {  in pf_delete_rule_by_ticket()
2469 			rule = TAILQ_NEXT(rule, entries);  in pf_delete_rule_by_ticket()
2472 	if (rule == NULL) {  in pf_delete_rule_by_ticket()
2478 	if (strcmp(rule->owner, pr->rule.owner)) {  in pf_delete_rule_by_ticket()
2483 	if (rule->anchor && (ruleset != &pf_main_ruleset) &&  in pf_delete_rule_by_ticket()
2487 		struct pf_rule *delete_rule = rule;  in pf_delete_rule_by_ticket()
2497 		rule = TAILQ_FIRST(ruleset->rules[i].active.ptr);  in pf_delete_rule_by_ticket()
2498 		while (rule &&  in pf_delete_rule_by_ticket()
2499 		    (rule->anchor != delete_ruleset->anchor)) {  in pf_delete_rule_by_ticket()
2500 			rule = TAILQ_NEXT(rule, entries);  in pf_delete_rule_by_ticket()
2502 		if (rule == NULL) {  in pf_delete_rule_by_ticket()
2511 		if ((rule->rule_flag & PFRULE_PFM) ^ req_dev) {  in pf_delete_rule_by_ticket()
2512 			if (rule->ticket != pr->rule.ticket) {  in pf_delete_rule_by_ticket()
2533 		if ((rule->rule_flag & PFRULE_PFM) ^ req_dev) {  in pf_delete_rule_by_ticket()
2536 		if (rule->rule_flag & PFRULE_PFM) {  in pf_delete_rule_by_ticket()
2540 		    rule);  in pf_delete_rule_by_ticket()
2555 	struct pf_rule          *rule, *next;  in pf_delete_rule_by_owner()  local
2559 		rule = TAILQ_FIRST(pf_main_ruleset.rules[rs].active.ptr);  in pf_delete_rule_by_owner()
2561 		while (rule) {  in pf_delete_rule_by_owner()
2562 			next = TAILQ_NEXT(rule, entries);  in pf_delete_rule_by_owner()
2567 			if ((rule->rule_flag & PFRULE_PFM) ^ req_dev) {  in pf_delete_rule_by_owner()
2568 				rule = next;  in pf_delete_rule_by_owner()
2571 			if (rule->anchor) {  in pf_delete_rule_by_owner()
2572 				if (((strcmp(rule->owner, owner)) == 0) ||  in pf_delete_rule_by_owner()
2573 				    ((strcmp(rule->owner, "")) == 0)) {  in pf_delete_rule_by_owner()
2574 					if (rule->anchor->ruleset.rules[rs].active.rcount > 0) {  in pf_delete_rule_by_owner()
2581 						    &rule->anchor->ruleset;  in pf_delete_rule_by_owner()
2582 						rule = TAILQ_FIRST(ruleset->rules[rs].active.ptr);  in pf_delete_rule_by_owner()
2585 						if (rule->rule_flag &  in pf_delete_rule_by_owner()
2589 						pf_delete_rule_from_ruleset(ruleset, rs, rule);  in pf_delete_rule_by_owner()
2591 						rule = next;  in pf_delete_rule_by_owner()
2594 					rule = next;  in pf_delete_rule_by_owner()
2597 				if (((strcmp(rule->owner, owner)) == 0)) {  in pf_delete_rule_by_owner()
2599 					if (rule->rule_flag & PFRULE_PFM) {  in pf_delete_rule_by_owner()
2603 					    rs, rule);  in pf_delete_rule_by_owner()
2606 				rule = next;  in pf_delete_rule_by_owner()
2608 			if (rule == NULL) {  in pf_delete_rule_by_owner()
2615 					    rs, &rule);  in pf_delete_rule_by_owner()
2627 	struct pf_rule *rule = *rule_ptr;  in pf_deleterule_anchor_step_out()  local
2634 	rule = TAILQ_FIRST(ruleset->rules[rs].active.ptr);  in pf_deleterule_anchor_step_out()
2635 	while (rule && (rule->anchor != rs_copy->anchor)) {  in pf_deleterule_anchor_step_out()
2636 		rule = TAILQ_NEXT(rule, entries);  in pf_deleterule_anchor_step_out()
2638 	if (rule == NULL) {  in pf_deleterule_anchor_step_out()
2641 	if (rule->anchor->ruleset.rules[rs].active.rcount > 0) {  in pf_deleterule_anchor_step_out()
2642 		rule = TAILQ_NEXT(rule, entries);  in pf_deleterule_anchor_step_out()
2646 	*rule_ptr = rule;  in pf_deleterule_anchor_step_out()
2657 pf_rule_setup(struct pfioc_rule *pr, struct pf_rule *rule,  in pf_rule_setup()  argument
2663 	if (rule->ifname[0]) {  in pf_rule_setup()
2664 		rule->kif = pfi_kif_get(rule->ifname);  in pf_rule_setup()
2665 		if (rule->kif == NULL) {  in pf_rule_setup()
2666 			pool_put(&pf_rule_pl, rule);  in pf_rule_setup()
2669 		pfi_kif_ref(rule->kif, PFI_KIF_REF_RULE);  in pf_rule_setup()
2671 	if (rule->tagname[0]) {  in pf_rule_setup()
2672 		if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0) {  in pf_rule_setup()
2676 	if (rule->match_tagname[0]) {  in pf_rule_setup()
2677 		if ((rule->match_tag =  in pf_rule_setup()
2678 		    pf_tagname2tag(rule->match_tagname)) == 0) {  in pf_rule_setup()
2682 	if (rule->rt && !rule->direction) {  in pf_rule_setup()
2686 	if (!rule->log) {  in pf_rule_setup()
2687 		rule->logif = 0;  in pf_rule_setup()
2689 	if (rule->logif >= PFLOGIFS_MAX) {  in pf_rule_setup()
2693 	pf_addrwrap_setup(&rule->src.addr);  in pf_rule_setup()
2694 	pf_addrwrap_setup(&rule->dst.addr);  in pf_rule_setup()
2695 	if (pf_rtlabel_add(&rule->src.addr) ||  in pf_rule_setup()
2696 	    pf_rtlabel_add(&rule->dst.addr)) {  in pf_rule_setup()
2699 	if (pfi_dynaddr_setup(&rule->src.addr, rule->af)) {  in pf_rule_setup()
2702 	if (pfi_dynaddr_setup(&rule->dst.addr, rule->af)) {  in pf_rule_setup()
2705 	if (pf_tbladdr_setup(ruleset, &rule->src.addr)) {  in pf_rule_setup()
2708 	if (pf_tbladdr_setup(ruleset, &rule->dst.addr)) {  in pf_rule_setup()
2711 	if (pf_anchor_setup(rule, ruleset, pr->anchor_call)) {  in pf_rule_setup()
2719 	if (rule->overload_tblname[0]) {  in pf_rule_setup()
2720 		if ((rule->overload_tbl = pfr_attach_table(ruleset,  in pf_rule_setup()
2721 		    rule->overload_tblname)) == NULL) {  in pf_rule_setup()
2724 			rule->overload_tbl->pfrkt_flags |=  in pf_rule_setup()
2729 	pf_mv_pool(&pf_pabuf, &rule->rpool.list);  in pf_rule_setup()
2731 	if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) ||  in pf_rule_setup()
2732 	    (rule->action == PF_BINAT) || (rule->action == PF_NAT64)) &&  in pf_rule_setup()
2733 	    rule->anchor == NULL) ||  in pf_rule_setup()
2734 	    (rule->rt > PF_FASTROUTE)) &&  in pf_rule_setup()
2735 	    (TAILQ_FIRST(&rule->rpool.list) == NULL)) {  in pf_rule_setup()
2740 		pf_rm_rule(NULL, rule);  in pf_rule_setup()
2746 	rule->rpool.af = (rule->action == PF_NAT64) ? AF_INET: rule->af;  in pf_rule_setup()
2747 	rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);  in pf_rule_setup()
2748 	rule->evaluations = rule->packets[0] = rule->packets[1] =  in pf_rule_setup()
2749 	    rule->bytes[0] = rule->bytes[1] = 0;  in pf_rule_setup()
2763 		struct pf_rule          *rule, *tail;  in pfioctl_ioc_rule()  local
2773 		rs_num = pf_get_ruleset_number(pr->rule.action);  in pfioctl_ioc_rule()
2778 		if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {  in pfioctl_ioc_rule()
2790 		rule = pool_get(&pf_rule_pl, PR_WAITOK);  in pfioctl_ioc_rule()
2791 		if (rule == NULL) {  in pfioctl_ioc_rule()
2795 		pf_rule_copyin(&pr->rule, rule, p, minordev);  in pfioctl_ioc_rule()
2797 		if (rule->af == AF_INET) {  in pfioctl_ioc_rule()
2798 			pool_put(&pf_rule_pl, rule);  in pfioctl_ioc_rule()
2806 			rule->nr = tail->nr + 1;  in pfioctl_ioc_rule()
2808 			rule->nr = 0;  in pfioctl_ioc_rule()
2811 		if ((error = pf_rule_setup(pr, rule, ruleset))) {  in pfioctl_ioc_rule()
2816 		    rule, entries);  in pfioctl_ioc_rule()
2818 		if (rule->rule_flag & PFRULE_PFM) {  in pfioctl_ioc_rule()
2822 		if (rule->action == PF_NAT64) {  in pfioctl_ioc_rule()
2828 			if (rule->rule_flag & PFRULE_PFM) {  in pfioctl_ioc_rule()
2834 		if (rule->action == PF_DUMMYNET) {  in pfioctl_ioc_rule()
2841 			if (rule->direction == PF_IN) {  in pfioctl_ioc_rule()
2843 			} else if (rule->direction == PF_OUT) {  in pfioctl_ioc_rule()
2848 			dn_event.dn_event_rule_config.af = rule->af;  in pfioctl_ioc_rule()
2849 			dn_event.dn_event_rule_config.proto = rule->proto;  in pfioctl_ioc_rule()
2850 			dn_event.dn_event_rule_config.src_port = rule->src.xport.range.port[0];  in pfioctl_ioc_rule()
2851 			dn_event.dn_event_rule_config.dst_port = rule->dst.xport.range.port[0];  in pfioctl_ioc_rule()
2852 			strlcpy(dn_event.dn_event_rule_config.ifname, rule->ifname,  in pfioctl_ioc_rule()
2873 		rs_num = pf_get_ruleset_number(pr->rule.action);  in pfioctl_ioc_rule()
2891 		struct pf_rule          *rule;  in pfioctl_ioc_rule()  local
2901 		rs_num = pf_get_ruleset_number(pr->rule.action);  in pfioctl_ioc_rule()
2910 		rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);  in pfioctl_ioc_rule()
2911 		while ((rule != NULL) && (rule->nr != pr->nr)) {  in pfioctl_ioc_rule()
2912 			rule = TAILQ_NEXT(rule, entries);  in pfioctl_ioc_rule()
2914 		if (rule == NULL) {  in pfioctl_ioc_rule()
2918 		pf_rule_copyout(rule, &pr->rule);  in pfioctl_ioc_rule()
2919 		if (pf_anchor_copyout(ruleset, rule, pr)) {  in pfioctl_ioc_rule()
2923 		pfi_dynaddr_copyout(&pr->rule.src.addr);  in pfioctl_ioc_rule()
2924 		pfi_dynaddr_copyout(&pr->rule.dst.addr);  in pfioctl_ioc_rule()
2925 		pf_tbladdr_copyout(&pr->rule.src.addr);  in pfioctl_ioc_rule()
2926 		pf_tbladdr_copyout(&pr->rule.dst.addr);  in pfioctl_ioc_rule()
2927 		pf_rtlabel_copyout(&pr->rule.src.addr);  in pfioctl_ioc_rule()
2928 		pf_rtlabel_copyout(&pr->rule.dst.addr);  in pfioctl_ioc_rule()
2930 			if (rule->skip[i].ptr == NULL) {  in pfioctl_ioc_rule()
2931 				pr->rule.skip[i].nr = -1;  in pfioctl_ioc_rule()
2933 				pr->rule.skip[i].nr =  in pfioctl_ioc_rule()
2934 				    rule->skip[i].ptr->nr;  in pfioctl_ioc_rule()
2939 			rule->evaluations = 0;  in pfioctl_ioc_rule()
2940 			rule->packets[0] = rule->packets[1] = 0;  in pfioctl_ioc_rule()
2941 			rule->bytes[0] = rule->bytes[1] = 0;  in pfioctl_ioc_rule()
2973 		rs_num = pf_get_ruleset_number(pcr->rule.action);  in pfioctl_ioc_rule()
2988 			if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {  in pfioctl_ioc_rule()
3000 			pf_rule_copyin(&pcr->rule, newrule, p, minordev);  in pfioctl_ioc_rule()
3159 		struct pf_rule          *rule, *tail, *r;  in pfioctl_ioc_rule()  local
3168 		    pr->rule.owner, is_anchor, &error)) == NULL) {  in pfioctl_ioc_rule()
3172 		rs_num = pf_get_ruleset_number(pr->rule.action);  in pfioctl_ioc_rule()
3177 		if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {  in pfioctl_ioc_rule()
3189 					if (((strcmp(pr->rule.owner,  in pfioctl_ioc_rule()
3205 		rule = pool_get(&pf_rule_pl, PR_WAITOK);  in pfioctl_ioc_rule()
3206 		if (rule == NULL) {  in pfioctl_ioc_rule()
3210 		pf_rule_copyin(&pr->rule, rule, p, minordev);  in pfioctl_ioc_rule()
3212 		if (rule->af == AF_INET) {  in pfioctl_ioc_rule()
3213 			pool_put(&pf_rule_pl, rule);  in pfioctl_ioc_rule()
3219 		while ((r != NULL) && (rule->priority >= (unsigned)r->priority)) {  in pfioctl_ioc_rule()
3226 				rule->nr = tail->nr + 1;  in pfioctl_ioc_rule()
3228 				rule->nr = 0;  in pfioctl_ioc_rule()
3231 			rule->nr = r->nr;  in pfioctl_ioc_rule()
3234 		if ((error = pf_rule_setup(pr, rule, ruleset))) {  in pfioctl_ioc_rule()
3238 		if (rule->anchor != NULL) {  in pfioctl_ioc_rule()
3239 			strlcpy(rule->anchor->owner, rule->owner,  in pfioctl_ioc_rule()
3244 			TAILQ_INSERT_BEFORE(r, rule, entries);  in pfioctl_ioc_rule()
3250 			    rule, entries);  in pfioctl_ioc_rule()
3260 		rule->ticket = VM_KERNEL_ADDRPERM((u_int64_t)(uintptr_t)rule);  in pfioctl_ioc_rule()
3262 		pr->rule.ticket = rule->ticket;  in pfioctl_ioc_rule()
3263 		pf_rule_copyout(rule, &pr->rule);  in pfioctl_ioc_rule()
3264 		if (rule->rule_flag & PFRULE_PFM) {  in pfioctl_ioc_rule()
3267 		if (rule->action == PF_NAT64) {  in pfioctl_ioc_rule()
3273 			if (rule->rule_flag & PFRULE_PFM) {  in pfioctl_ioc_rule()
3288 		if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {  in pfioctl_ioc_rule()
3298 		if (pr->rule.ticket) {  in pfioctl_ioc_rule()
3303 			pf_delete_rule_by_owner(pr->rule.owner, req_dev);  in pfioctl_ioc_rule()
3306 		if (pr->rule.action == PF_NAT64) {  in pfioctl_ioc_rule()
3358 			    ((NULL == s->rule.ptr) ||  in pfioctl_ioc_state_kill()
3359 			    strcmp(psk->psk_ownername, s->rule.ptr->owner))) {  in pfioctl_ioc_state_kill()
3400 			    ((NULL == s->rule.ptr) ||  in pfioctl_ioc_state_kill()
3401 			    strcmp(psk->psk_ownername, s->rule.ptr->owner))) {  in pfioctl_ioc_state_kill()
4333 			if (n->rule.ptr != NULL) {  in pfioctl_ioc_src_nodes()
4334 				pstore->rule.nr = n->rule.ptr->nr;  in pfioctl_ioc_src_nodes()