diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 52cd0ed7f36c..524e2472238e 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -1,877 +1,855 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright (c) 2021 Rubicon Communications, LLC (Netgate)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *    - Redistributions of source code must retain the above copyright
  *      notice, this list of conditions and the following disclaimer.
  *    - Redistributions in binary form must reproduce the above
  *      copyright notice, this list of conditions and the following
  *      disclaimer in the documentation and/or other materials provided
  *      with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
  * $FreeBSD$
  */
 
 #include <sys/cdefs.h>
 
 #include <sys/ioctl.h>
 #include <sys/nv.h>
 #include <sys/queue.h>
 #include <sys/types.h>
 
 #include <net/if.h>
 #include <net/pfvar.h>
 #include <netinet/in.h>
 
 #include <assert.h>
 #include <err.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include "libpfctl.h"
 
 static int	_pfctl_clear_states(int , const struct pfctl_kill *,
 		    unsigned int *, uint64_t);
 
 static void
 pf_nvuint_8_array(const nvlist_t *nvl, const char *name, size_t maxelems,
     u_int8_t *numbers, size_t *nelems)
 {
 	const uint64_t *tmp;
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
 	assert(elems <= maxelems);
 
 	for (size_t i = 0; i < elems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)
 		*nelems = elems;
 }
 
 static void
 pf_nvuint_16_array(const nvlist_t *nvl, const char *name, size_t maxelems,
     u_int16_t *numbers, size_t *nelems)
 {
 	const uint64_t *tmp;
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
 	assert(elems <= maxelems);
 
 	for (size_t i = 0; i < elems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)
 		*nelems = elems;
 }
 
 static void
 pf_nvuint_32_array(const nvlist_t *nvl, const char *name, size_t maxelems,
     u_int32_t *numbers, size_t *nelems)
 {
 	const uint64_t *tmp;
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
 	assert(elems <= maxelems);
 
 	for (size_t i = 0; i < elems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)
 		*nelems = elems;
 }
 
 static void
 pf_nvuint_64_array(const nvlist_t *nvl, const char *name, size_t maxelems,
     u_int64_t *numbers, size_t *nelems)
 {
 	const uint64_t *tmp;
 	size_t elems;
 
 	tmp = nvlist_get_number_array(nvl, name, &elems);
 	assert(elems <= maxelems);
 
 	for (size_t i = 0; i < elems; i++)
 		numbers[i] = tmp[i];
 
 	if (nelems)
 		*nelems = elems;
 }
 
 static void
 pfctl_nv_add_addr(nvlist_t *nvparent, const char *name,
     const struct pf_addr *addr)
 {
 	nvlist_t *nvl = nvlist_create(0);
 
 	nvlist_add_binary(nvl, "addr", addr, sizeof(*addr));
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvaddr_to_addr(const nvlist_t *nvl, struct pf_addr *addr)
 {
 	size_t len;
 	const void *data;
 
 	data = nvlist_get_binary(nvl, "addr", &len);
 	assert(len == sizeof(struct pf_addr));
 	memcpy(addr, data, len);
 }
 
 static void
 pfctl_nv_add_addr_wrap(nvlist_t *nvparent, const char *name,
     const struct pf_addr_wrap *addr)
 {
 	nvlist_t *nvl = nvlist_create(0);
 
 	nvlist_add_number(nvl, "type", addr->type);
 	nvlist_add_number(nvl, "iflags", addr->iflags);
 	if (addr->type == PF_ADDR_DYNIFTL)
 		nvlist_add_string(nvl, "ifname", addr->v.ifname);
 	if (addr->type == PF_ADDR_TABLE)
 		nvlist_add_string(nvl, "tblname", addr->v.tblname);
 	pfctl_nv_add_addr(nvl, "addr", &addr->v.a.addr);
 	pfctl_nv_add_addr(nvl, "mask", &addr->v.a.mask);
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvaddr_wrap_to_addr_wrap(const nvlist_t *nvl, struct pf_addr_wrap *addr)
 {
 	addr->type = nvlist_get_number(nvl, "type");
 	addr->iflags = nvlist_get_number(nvl, "iflags");
 	if (addr->type == PF_ADDR_DYNIFTL)
 		strlcpy(addr->v.ifname, nvlist_get_string(nvl, "ifname"),
 		    IFNAMSIZ);
 	if (addr->type == PF_ADDR_TABLE)
 		strlcpy(addr->v.tblname, nvlist_get_string(nvl, "tblname"),
 		    PF_TABLE_NAME_SIZE);
 
 	pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "addr"), &addr->v.a.addr);
 	pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "mask"), &addr->v.a.mask);
 }
 
 static void
 pfctl_nv_add_rule_addr(nvlist_t *nvparent, const char *name,
     const struct pf_rule_addr *addr)
 {
 	u_int64_t ports[2];
 	nvlist_t *nvl = nvlist_create(0);
 
 	pfctl_nv_add_addr_wrap(nvl, "addr", &addr->addr);
 	ports[0] = addr->port[0];
 	ports[1] = addr->port[1];
 	nvlist_add_number_array(nvl, "port", ports, 2);
 	nvlist_add_number(nvl, "neg", addr->neg);
 	nvlist_add_number(nvl, "port_op", addr->port_op);
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr)
 {
 	pf_nvaddr_wrap_to_addr_wrap(nvlist_get_nvlist(nvl, "addr"), &addr->addr);
 
 	pf_nvuint_16_array(nvl, "port", 2, addr->port, NULL);
 	addr->neg = nvlist_get_number(nvl, "neg");
 	addr->port_op = nvlist_get_number(nvl, "port_op");
 }
 
 static void
 pfctl_nv_add_mape(nvlist_t *nvparent, const char *name,
     const struct pf_mape_portset *mape)
 {
 	nvlist_t *nvl = nvlist_create(0);
 
 	nvlist_add_number(nvl, "offset", mape->offset);
 	nvlist_add_number(nvl, "psidlen", mape->psidlen);
 	nvlist_add_number(nvl, "psid", mape->psid);
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
     const struct pfctl_pool *pool)
 {
 	u_int64_t ports[2];
 	nvlist_t *nvl = nvlist_create(0);
 
 	nvlist_add_binary(nvl, "key", &pool->key, sizeof(pool->key));
 	pfctl_nv_add_addr(nvl, "counter", &pool->counter);
 	nvlist_add_number(nvl, "tblidx", pool->tblidx);
 
 	ports[0] = pool->proxy_port[0];
 	ports[1] = pool->proxy_port[1];
 	nvlist_add_number_array(nvl, "proxy_port", ports, 2);
 	nvlist_add_number(nvl, "opts", pool->opts);
 	pfctl_nv_add_mape(nvl, "mape", &pool->mape);
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvmape_to_mape(const nvlist_t *nvl, struct pf_mape_portset *mape)
 {
 	mape->offset = nvlist_get_number(nvl, "offset");
 	mape->psidlen = nvlist_get_number(nvl, "psidlen");
 	mape->psid = nvlist_get_number(nvl, "psid");
 }
 
 static void
 pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool)
 {
 	size_t len;
 	const void *data;
 
 	data = nvlist_get_binary(nvl, "key", &len);
 	assert(len == sizeof(pool->key));
 	memcpy(&pool->key, data, len);
 
 	pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "counter"), &pool->counter);
 
 	pool->tblidx = nvlist_get_number(nvl, "tblidx");
 	pf_nvuint_16_array(nvl, "proxy_port", 2, pool->proxy_port, NULL);
 	pool->opts = nvlist_get_number(nvl, "opts");
 
 	if (nvlist_exists_nvlist(nvl, "mape"))
 		pf_nvmape_to_mape(nvlist_get_nvlist(nvl, "mape"), &pool->mape);
 }
 
 static void
 pfctl_nv_add_uid(nvlist_t *nvparent, const char *name,
     const struct pf_rule_uid *uid)
 {
 	u_int64_t uids[2];
 	nvlist_t *nvl = nvlist_create(0);
 
 	uids[0] = uid->uid[0];
 	uids[1] = uid->uid[1];
 	nvlist_add_number_array(nvl, "uid", uids, 2);
 	nvlist_add_number(nvl, "op", uid->op);
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvrule_uid_to_rule_uid(const nvlist_t *nvl, struct pf_rule_uid *uid)
 {
 	pf_nvuint_32_array(nvl, "uid", 2, uid->uid, NULL);
 	uid->op = nvlist_get_number(nvl, "op");
 }
 
 static void
 pfctl_nv_add_divert(nvlist_t *nvparent, const char *name,
     const struct pfctl_rule *r)
 {
 	nvlist_t *nvl = nvlist_create(0);
 
 	pfctl_nv_add_addr(nvl, "addr", &r->divert.addr);
 	nvlist_add_number(nvl, "port", r->divert.port);
 
 	nvlist_add_nvlist(nvparent, name, nvl);
 	nvlist_destroy(nvl);
 }
 
 static void
 pf_nvdivert_to_divert(const nvlist_t *nvl, struct pfctl_rule *rule)
 {
 	pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "addr"), &rule->divert.addr);
 	rule->divert.port = nvlist_get_number(nvl, "port");
 }
 
 static void
 pf_nvrule_to_rule(const nvlist_t *nvl, struct pfctl_rule *rule)
 {
 	const uint64_t *skip;
 	const char *const *labels;
 	size_t skipcount, labelcount;
 
 	rule->nr = nvlist_get_number(nvl, "nr");
 
 	pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "src"), &rule->src);
 	pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "dst"), &rule->dst);
 
 	skip = nvlist_get_number_array(nvl, "skip", &skipcount);
 	assert(skip);
 	assert(skipcount == PF_SKIP_COUNT);
 	for (int i = 0; i < PF_SKIP_COUNT; i++)
 		rule->skip[i].nr = skip[i];
 
 	labels = nvlist_get_string_array(nvl, "labels", &labelcount);
 	assert(labelcount <= PF_RULE_MAX_LABEL_COUNT);
 	for (size_t i = 0; i < labelcount; i++)
 		strlcpy(rule->label[i], labels[i], PF_RULE_LABEL_SIZE);
 	strlcpy(rule->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ);
 	strlcpy(rule->qname, nvlist_get_string(nvl, "qname"), PF_QNAME_SIZE);
 	strlcpy(rule->pqname, nvlist_get_string(nvl, "pqname"), PF_QNAME_SIZE);
 	strlcpy(rule->tagname, nvlist_get_string(nvl, "tagname"),
 	    PF_TAG_NAME_SIZE);
 	strlcpy(rule->match_tagname, nvlist_get_string(nvl, "match_tagname"),
 	    PF_TAG_NAME_SIZE);
 
 	strlcpy(rule->overload_tblname, nvlist_get_string(nvl, "overload_tblname"),
 	    PF_TABLE_NAME_SIZE);
 
 	pf_nvpool_to_pool(nvlist_get_nvlist(nvl, "rpool"), &rule->rpool);
 
 	rule->evaluations = nvlist_get_number(nvl, "evaluations");
 	pf_nvuint_64_array(nvl, "packets", 2, rule->packets, NULL);
 	pf_nvuint_64_array(nvl, "bytes", 2, rule->bytes, NULL);
 
 	rule->os_fingerprint = nvlist_get_number(nvl, "os_fingerprint");
 
 	rule->rtableid = nvlist_get_number(nvl, "rtableid");
 	pf_nvuint_32_array(nvl, "timeout", PFTM_MAX, rule->timeout, NULL);
 	rule->max_states = nvlist_get_number(nvl, "max_states");
 	rule->max_src_nodes = nvlist_get_number(nvl, "max_src_nodes");
 	rule->max_src_states = nvlist_get_number(nvl, "max_src_states");
 	rule->max_src_conn = nvlist_get_number(nvl, "max_src_conn");
 	rule->max_src_conn_rate.limit =
 	    nvlist_get_number(nvl, "max_src_conn_rate.limit");
 	rule->max_src_conn_rate.seconds =
 	    nvlist_get_number(nvl, "max_src_conn_rate.seconds");
 	rule->qid = nvlist_get_number(nvl, "qid");
 	rule->pqid = nvlist_get_number(nvl, "pqid");
 	rule->prob = nvlist_get_number(nvl, "prob");
 	rule->cuid = nvlist_get_number(nvl, "cuid");
 	rule->cpid = nvlist_get_number(nvl, "cpid");
 
 	rule->return_icmp = nvlist_get_number(nvl, "return_icmp");
 	rule->return_icmp6 = nvlist_get_number(nvl, "return_icmp6");
 	rule->max_mss = nvlist_get_number(nvl, "max_mss");
 	rule->scrub_flags = nvlist_get_number(nvl, "scrub_flags");
 
 	pf_nvrule_uid_to_rule_uid(nvlist_get_nvlist(nvl, "uid"), &rule->uid);
 	pf_nvrule_uid_to_rule_uid(nvlist_get_nvlist(nvl, "gid"),
 	    (struct pf_rule_uid *)&rule->gid);
 
 	rule->rule_flag = nvlist_get_number(nvl, "rule_flag");
 	rule->action = nvlist_get_number(nvl, "action");
 	rule->direction = nvlist_get_number(nvl, "direction");
 	rule->log = nvlist_get_number(nvl, "log");
 	rule->logif = nvlist_get_number(nvl, "logif");
 	rule->quick = nvlist_get_number(nvl, "quick");
 	rule->ifnot = nvlist_get_number(nvl, "ifnot");
 	rule->match_tag_not = nvlist_get_number(nvl, "match_tag_not");
 	rule->natpass = nvlist_get_number(nvl, "natpass");
 
 	rule->keep_state = nvlist_get_number(nvl, "keep_state");
 	rule->af = nvlist_get_number(nvl, "af");
 	rule->proto = nvlist_get_number(nvl, "proto");
 	rule->type = nvlist_get_number(nvl, "type");
 	rule->code = nvlist_get_number(nvl, "code");
 	rule->flags = nvlist_get_number(nvl, "flags");
 	rule->flagset = nvlist_get_number(nvl, "flagset");
 	rule->min_ttl = nvlist_get_number(nvl, "min_ttl");
 	rule->allow_opts = nvlist_get_number(nvl, "allow_opts");
 	rule->rt = nvlist_get_number(nvl, "rt");
 	rule->return_ttl  = nvlist_get_number(nvl, "return_ttl");
 	rule->tos = nvlist_get_number(nvl, "tos");
 	rule->set_tos = nvlist_get_number(nvl, "set_tos");
 	rule->anchor_relative = nvlist_get_number(nvl, "anchor_relative");
 	rule->anchor_wildcard = nvlist_get_number(nvl, "anchor_wildcard");
 
 	rule->flush = nvlist_get_number(nvl, "flush");
 	rule->prio = nvlist_get_number(nvl, "prio");
 	pf_nvuint_8_array(nvl, "set_prio", 2, rule->set_prio, NULL);
 
 	pf_nvdivert_to_divert(nvlist_get_nvlist(nvl, "divert"), rule);
 
 	rule->states_cur = nvlist_get_number(nvl, "states_cur");
 	rule->states_tot = nvlist_get_number(nvl, "states_tot");
 	rule->src_nodes = nvlist_get_number(nvl, "src_nodes");
 }
 
 int
 pfctl_add_rule(int dev, const struct pfctl_rule *r, const char *anchor,
     const char *anchor_call, u_int32_t ticket, u_int32_t pool_ticket)
 {
 	struct pfioc_nv nv;
 	u_int64_t timeouts[PFTM_MAX];
 	u_int64_t set_prio[2];
 	nvlist_t *nvl, *nvlr;
 	size_t labelcount;
 	int ret;
 
 	nvl = nvlist_create(0);
 	nvlr = nvlist_create(0);
 
 	nvlist_add_number(nvl, "ticket", ticket);
 	nvlist_add_number(nvl, "pool_ticket", pool_ticket);
 	nvlist_add_string(nvl, "anchor", anchor);
 	nvlist_add_string(nvl, "anchor_call", anchor_call);
 
 	nvlist_add_number(nvlr, "nr", r->nr);
 	pfctl_nv_add_rule_addr(nvlr, "src", &r->src);
 	pfctl_nv_add_rule_addr(nvlr, "dst", &r->dst);
 
 	labelcount = 0;
 	while (r->label[labelcount][0] != 0 &&
 	    labelcount < PF_RULE_MAX_LABEL_COUNT) {
 		nvlist_append_string_array(nvlr, "labels",
 		    r->label[labelcount]);
 		labelcount++;
 	}
 
 	nvlist_add_string(nvlr, "ifname", r->ifname);
 	nvlist_add_string(nvlr, "qname", r->qname);
 	nvlist_add_string(nvlr, "pqname", r->pqname);
 	nvlist_add_string(nvlr, "tagname", r->tagname);
 	nvlist_add_string(nvlr, "match_tagname", r->match_tagname);
 	nvlist_add_string(nvlr, "overload_tblname", r->overload_tblname);
 
 	pfctl_nv_add_pool(nvlr, "rpool", &r->rpool);
 
 	nvlist_add_number(nvlr, "os_fingerprint", r->os_fingerprint);
 
 	nvlist_add_number(nvlr, "rtableid", r->rtableid);
 	for (int i = 0; i < PFTM_MAX; i++)
 		timeouts[i] = r->timeout[i];
 	nvlist_add_number_array(nvlr, "timeout", timeouts, PFTM_MAX);
 	nvlist_add_number(nvlr, "max_states", r->max_states);
 	nvlist_add_number(nvlr, "max_src_nodes", r->max_src_nodes);
 	nvlist_add_number(nvlr, "max_src_states", r->max_src_states);
 	nvlist_add_number(nvlr, "max_src_conn", r->max_src_conn);
 	nvlist_add_number(nvlr, "max_src_conn_rate.limit",
 	    r->max_src_conn_rate.limit);
 	nvlist_add_number(nvlr, "max_src_conn_rate.seconds",
 	    r->max_src_conn_rate.seconds);
 	nvlist_add_number(nvlr, "prob", r->prob);
 	nvlist_add_number(nvlr, "cuid", r->cuid);
 	nvlist_add_number(nvlr, "cpid", r->cpid);
 
 	nvlist_add_number(nvlr, "return_icmp", r->return_icmp);
 	nvlist_add_number(nvlr, "return_icmp6", r->return_icmp6);
 
 	nvlist_add_number(nvlr, "max_mss", r->max_mss);
 	nvlist_add_number(nvlr, "scrub_flags", r->scrub_flags);
 
 	pfctl_nv_add_uid(nvlr, "uid", &r->uid);
 	pfctl_nv_add_uid(nvlr, "gid", (const struct pf_rule_uid *)&r->gid);
 
 	nvlist_add_number(nvlr, "rule_flag", r->rule_flag);
 	nvlist_add_number(nvlr, "action", r->action);
 	nvlist_add_number(nvlr, "direction", r->direction);
 	nvlist_add_number(nvlr, "log", r->log);
 	nvlist_add_number(nvlr, "logif", r->logif);
 	nvlist_add_number(nvlr, "quick", r->quick);
 	nvlist_add_number(nvlr, "ifnot", r->ifnot);
 	nvlist_add_number(nvlr, "match_tag_not", r->match_tag_not);
 	nvlist_add_number(nvlr, "natpass", r->natpass);
 
 	nvlist_add_number(nvlr, "keep_state", r->keep_state);
 	nvlist_add_number(nvlr, "af", r->af);
 	nvlist_add_number(nvlr, "proto", r->proto);
 	nvlist_add_number(nvlr, "type", r->type);
 	nvlist_add_number(nvlr, "code", r->code);
 	nvlist_add_number(nvlr, "flags", r->flags);
 	nvlist_add_number(nvlr, "flagset", r->flagset);
 	nvlist_add_number(nvlr, "min_ttl", r->min_ttl);
 	nvlist_add_number(nvlr, "allow_opts", r->allow_opts);
 	nvlist_add_number(nvlr, "rt", r->rt);
 	nvlist_add_number(nvlr, "return_ttl", r->return_ttl);
 	nvlist_add_number(nvlr, "tos", r->tos);
 	nvlist_add_number(nvlr, "set_tos", r->set_tos);
 	nvlist_add_number(nvlr, "anchor_relative", r->anchor_relative);
 	nvlist_add_number(nvlr, "anchor_wildcard", r->anchor_wildcard);
 
 	nvlist_add_number(nvlr, "flush", r->flush);
 
 	nvlist_add_number(nvlr, "prio", r->prio);
 	set_prio[0] = r->set_prio[0];
 	set_prio[1] = r->set_prio[1];
 	nvlist_add_number_array(nvlr, "set_prio", set_prio, 2);
 
 	pfctl_nv_add_divert(nvlr, "divert", r);
 
 	nvlist_add_nvlist(nvl, "rule", nvlr);
 	nvlist_destroy(nvlr);
 
 	/* Now do the call. */
 	nv.data = nvlist_pack(nvl, &nv.len);
 	nv.size = nv.len;
 
 	ret = ioctl(dev, DIOCADDRULENV, &nv);
 
 	free(nv.data);
 	nvlist_destroy(nvl);
 
 	return (ret);
 }
 
 int
 pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor,
     u_int32_t ruleset, struct pfctl_rule *rule, char *anchor_call)
 {
 	return (pfctl_get_clear_rule(dev, nr, ticket, anchor, ruleset, rule,
 	    anchor_call, false));
 }
 
 int	pfctl_get_clear_rule(int dev, u_int32_t nr, u_int32_t ticket,
 	    const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule,
 	    char *anchor_call, bool clear)
 {
 	struct pfioc_nv nv;
 	nvlist_t *nvl;
 	void *nvlpacked;
 	int ret;
 
 	nvl = nvlist_create(0);
 	if (nvl == 0)
 		return (ENOMEM);
 
 	nvlist_add_number(nvl, "nr", nr);
 	nvlist_add_number(nvl, "ticket", ticket);
 	nvlist_add_string(nvl, "anchor", anchor);
 	nvlist_add_number(nvl, "ruleset", ruleset);
 
 	if (clear)
 		nvlist_add_bool(nvl, "clear_counter", true);
 
 	nvlpacked = nvlist_pack(nvl, &nv.len);
 	if (nvlpacked == NULL) {
 		nvlist_destroy(nvl);
 		return (ENOMEM);
 	}
 	nv.data = malloc(8182);
 	nv.size = 8192;
 	assert(nv.len <= nv.size);
 	memcpy(nv.data, nvlpacked, nv.len);
 	nvlist_destroy(nvl);
 	nvl = NULL;
 	free(nvlpacked);
 
 	ret = ioctl(dev, DIOCGETRULENV, &nv);
 	if (ret != 0) {
 		free(nv.data);
 		return (ret);
 	}
 
 	nvl = nvlist_unpack(nv.data, nv.len, 0);
 	if (nvl == NULL) {
 		free(nv.data);
 		return (EIO);
 	}
 
 	pf_nvrule_to_rule(nvlist_get_nvlist(nvl, "rule"), rule);
 
 	if (anchor_call)
 		strlcpy(anchor_call, nvlist_get_string(nvl, "anchor_call"),
 		    MAXPATHLEN);
 
 	free(nv.data);
 	nvlist_destroy(nvl);
 
 	return (0);
 }
 
 int
 pfctl_set_keepcounters(int dev, bool keep)
 {
 	struct pfioc_nv	 nv;
 	nvlist_t	*nvl;
 	int		 ret;
 
 	nvl = nvlist_create(0);
 
 	nvlist_add_bool(nvl, "keep_counters", keep);
 
 	nv.data = nvlist_pack(nvl, &nv.len);
 	nv.size = nv.len;
 
 	nvlist_destroy(nvl);
 
 	ret = ioctl(dev, DIOCKEEPCOUNTERS, &nv);
 
 	free(nv.data);
 	return (ret);
 }
 
 static void
 pfctl_nv_add_state_cmp(nvlist_t *nvl, const char *name,
     const struct pfctl_state_cmp *cmp)
 {
 	nvlist_t	*nv;
 
 	nv = nvlist_create(0);
 
 	nvlist_add_number(nv, "id", cmp->id);
 	nvlist_add_number(nv, "creatorid", cmp->creatorid);
 	nvlist_add_number(nv, "direction", cmp->direction);
 
 	nvlist_add_nvlist(nvl, name, nv);
 	nvlist_destroy(nv);
 }
 
-static void
-pf_nvstate_scrub_to_state_scrub(const nvlist_t *nvl,
-    struct pfctl_state_scrub *scrub)
-{
-	bzero(scrub, sizeof(*scrub));
-
-	scrub->timestamp = nvlist_get_bool(nvl, "timestamp");
-	scrub->ttl = nvlist_get_number(nvl, "ttl");
-	scrub->ts_mod = nvlist_get_number(nvl, "ts_mod");
-}
-
 static void
 pf_nvstate_peer_to_state_peer(const nvlist_t *nvl,
     struct pfctl_state_peer *peer)
 {
 	bzero(peer, sizeof(*peer));
 
-	if (nvlist_exists_nvlist(nvl, "scrub")) {
-		peer->scrub = malloc(sizeof(*peer->scrub));
-		pf_nvstate_scrub_to_state_scrub(
-		    nvlist_get_nvlist(nvl, "scrub"),
-		    peer->scrub);
-	}
-
 	peer->seqlo = nvlist_get_number(nvl, "seqlo");
 	peer->seqhi = nvlist_get_number(nvl, "seqhi");
 	peer->seqdiff = nvlist_get_number(nvl, "seqdiff");
-	peer->max_win = nvlist_get_number(nvl, "max_win");
-	peer->mss = nvlist_get_number(nvl, "mss");
 	peer->state = nvlist_get_number(nvl, "state");
 	peer->wscale = nvlist_get_number(nvl, "wscale");
 }
 
 static void
 pf_nvstate_key_to_state_key(const nvlist_t *nvl, struct pfctl_state_key *key)
 {
 	const nvlist_t * const *tmp;
 	size_t count;
 
 	bzero(key, sizeof(*key));
 
 	tmp = nvlist_get_nvlist_array(nvl, "addr", &count);
 	assert(count == 2);
 
 	for (int i = 0; i < 2; i++)
 		pf_nvaddr_to_addr(tmp[i], &key->addr[i]);
 
 	pf_nvuint_16_array(nvl, "port", 2, key->port, NULL);
 
 	key->af = nvlist_get_number(nvl, "af");
 	key->proto = nvlist_get_number(nvl, "proto");
 }
 
 static void
 pf_nvstate_to_state(const nvlist_t *nvl, struct pfctl_state *s)
 {
 	bzero(s, sizeof(*s));
 
 	s->id = nvlist_get_number(nvl, "id");
 	s->creatorid = nvlist_get_number(nvl, "creatorid");
 	s->direction = nvlist_get_number(nvl, "direction");
 
 	pf_nvstate_peer_to_state_peer(nvlist_get_nvlist(nvl, "src"), &s->src);
 	pf_nvstate_peer_to_state_peer(nvlist_get_nvlist(nvl, "dst"), &s->dst);
 
 	pf_nvstate_key_to_state_key(nvlist_get_nvlist(nvl, "stack_key"),
 	    &s->key[0]);
 	pf_nvstate_key_to_state_key(nvlist_get_nvlist(nvl, "wire_key"),
 	    &s->key[1]);
 
 	strlcpy(s->ifname, nvlist_get_string(nvl, "ifname"),
 	    sizeof(s->ifname));
 	strlcpy(s->orig_ifname, nvlist_get_string(nvl, "orig_ifname"),
 	    sizeof(s->orig_ifname));
 
 	pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "rt_addr"), &s->rt_addr);
 	s->rule = nvlist_get_number(nvl, "rule");
 	s->anchor = nvlist_get_number(nvl, "anchor");
 	s->nat_rule = nvlist_get_number(nvl, "nat_rule");
 	s->creation = nvlist_get_number(nvl, "creation");
 	s->expire = nvlist_get_number(nvl, "expire");
 
 	pf_nvuint_64_array(nvl, "packets", 2, s->packets, NULL);
 	pf_nvuint_64_array(nvl, "bytes", 2, s->bytes, NULL);
 
-	s->log = nvlist_get_number(nvl, "log");
 	s->state_flags = nvlist_get_number(nvl, "state_flags");
-	s->timeout = nvlist_get_number(nvl, "timeout");
 	s->sync_flags = nvlist_get_number(nvl, "sync_flags");
 }
 
 int
 pfctl_get_states(int dev, struct pfctl_states *states)
 {
 	struct pfioc_nv		 nv;
 	nvlist_t		*nvl = NULL;
 	const nvlist_t * const	*slist;
 	size_t			 found_count;
 	int			 error = 0;
 
 	bzero(states, sizeof(*states));
 	TAILQ_INIT(&states->states);
 
 	/* Just enough to get a number, and we'll grow from there. */
 	nv.data = malloc(64);
 	nv.len = nv.size = 64;
 
 	for (;;) {
 		if (ioctl(dev, DIOCGETSTATESNV, &nv)) {
 			error = errno;
 			goto out;
 		}
 
 		nvl = nvlist_unpack(nv.data, nv.len, 0);
 		if (nvl == NULL) {
 			error = EIO;
 			goto out;
 		}
 
 		states->count = nvlist_get_number(nvl, "count");
 
 		/* Are there any states? */
 		if (states->count == 0)
 			break;
 
 		if (nvlist_exists_nvlist_array(nvl, "states"))
 			slist = nvlist_get_nvlist_array(nvl, "states", &found_count);
 		else
 			found_count = 0;
 
 		if (found_count < states->count) {
 			size_t new_size = nv.size +
 			    (nv.size * states->count / (found_count + 1) * 2);
 
 			/* Our buffer is too small. Estimate what we need based
 			 * on how many states fit in the previous allocation
 			 * and how many states there are. Doubled for margin.
 			 * */
 			nv.data = realloc(nv.data, new_size);
 			nv.size = new_size;
 
 			if (nv.data == NULL) {
 				error = ENOMEM;
 				goto out;
 			}
 			continue;
 		}
 
 		for (size_t i = 0; i < found_count; i++) {
 			struct pfctl_state *s = malloc(sizeof(*s));
 			if (s == NULL) {
 				pfctl_free_states(states);
 				error = ENOMEM;
 				goto out;
 			}
 
 			pf_nvstate_to_state(slist[i], s);
 			TAILQ_INSERT_TAIL(&states->states, s, entry);
 		}
 		break;
 	}
 
 out:
 	nvlist_destroy(nvl);
 	free(nv.data);
 
 	return (error);
 }
 
 void
 pfctl_free_states(struct pfctl_states *states)
 {
 	struct pfctl_state *s, *tmp;
 
 	TAILQ_FOREACH_SAFE(s, &states->states, entry, tmp) {
 		free(s);
 	}
 
 	bzero(states, sizeof(*states));
 }
 
 static int
 _pfctl_clear_states(int dev, const struct pfctl_kill *kill,
     unsigned int *killed, uint64_t ioctlval)
 {
 	struct pfioc_nv	 nv;
 	nvlist_t	*nvl;
 	int		 ret;
 
 	nvl = nvlist_create(0);
 
 	pfctl_nv_add_state_cmp(nvl, "cmp", &kill->cmp);
 	nvlist_add_number(nvl, "af", kill->af);
 	nvlist_add_number(nvl, "proto", kill->proto);
 	pfctl_nv_add_rule_addr(nvl, "src", &kill->src);
 	pfctl_nv_add_rule_addr(nvl, "dst", &kill->dst);
 	pfctl_nv_add_rule_addr(nvl, "rt_addr", &kill->rt_addr);
 	nvlist_add_string(nvl, "ifname", kill->ifname);
 	nvlist_add_string(nvl, "label", kill->label);
 	nvlist_add_bool(nvl, "kill_match", kill->kill_match);
 
 	nv.data = nvlist_pack(nvl, &nv.len);
 	nv.size = nv.len;
 	nvlist_destroy(nvl);
 	nvl = NULL;
 
 	ret = ioctl(dev, ioctlval, &nv);
 	if (ret != 0) {
 		free(nv.data);
 		return (ret);
 	}
 
 	nvl = nvlist_unpack(nv.data, nv.len, 0);
 	if (nvl == NULL) {
 		free(nv.data);
 		return (EIO);
 	}
 
 	if (killed)
 		*killed = nvlist_get_number(nvl, "killed");
 
 	nvlist_destroy(nvl);
 	free(nv.data);
 
 	return (ret);
 }
 
 int
 pfctl_clear_states(int dev, const struct pfctl_kill *kill,
     unsigned int *killed)
 {
 	return (_pfctl_clear_states(dev, kill, killed, DIOCCLRSTATESNV));
 }
 
 int
 pfctl_kill_states(int dev, const struct pfctl_kill *kill, unsigned int *killed)
 {
 	return (_pfctl_clear_states(dev, kill, killed, DIOCKILLSTATESNV));
 }
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index a54ee9db6ec7..62866e17f904 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -1,276 +1,264 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright (c) 2021 Rubicon Communications, LLC (Netgate)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *    - Redistributions of source code must retain the above copyright
  *      notice, this list of conditions and the following disclaimer.
  *    - Redistributions in binary form must reproduce the above
  *      copyright notice, this list of conditions and the following
  *      disclaimer in the documentation and/or other materials provided
  *      with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
  * $FreeBSD$
  */
 
 #ifndef _PFCTL_IOCTL_H_
 #define _PFCTL_IOCTL_H_
 
 #include <netpfil/pf/pf.h>
 
 struct pfctl_anchor;
 
 struct pfctl_pool {
 	struct pf_palist	 list;
 	struct pf_pooladdr	*cur;
 	struct pf_poolhashkey	 key;
 	struct pf_addr		 counter;
 	struct pf_mape_portset	 mape;
 	int			 tblidx;
 	u_int16_t		 proxy_port[2];
 	u_int8_t		 opts;
 };
 
 struct pfctl_rule {
 	struct pf_rule_addr	 src;
 	struct pf_rule_addr	 dst;
 	union pf_rule_ptr	 skip[PF_SKIP_COUNT];
 	char			 label[PF_RULE_MAX_LABEL_COUNT][PF_RULE_LABEL_SIZE];
 	char			 ifname[IFNAMSIZ];
 	char			 qname[PF_QNAME_SIZE];
 	char			 pqname[PF_QNAME_SIZE];
 	char			 tagname[PF_TAG_NAME_SIZE];
 	char			 match_tagname[PF_TAG_NAME_SIZE];
 
 	char			 overload_tblname[PF_TABLE_NAME_SIZE];
 
 	TAILQ_ENTRY(pfctl_rule)	 entries;
 	struct pfctl_pool	 rpool;
 
 	u_int64_t		 evaluations;
 	u_int64_t		 packets[2];
 	u_int64_t		 bytes[2];
 
 	struct pfi_kif		*kif;
 	struct pfctl_anchor	*anchor;
 	struct pfr_ktable	*overload_tbl;
 
 	pf_osfp_t		 os_fingerprint;
 
 	int			 rtableid;
 	u_int32_t		 timeout[PFTM_MAX];
 	u_int32_t		 max_states;
 	u_int32_t		 max_src_nodes;
 	u_int32_t		 max_src_states;
 	u_int32_t		 max_src_conn;
 	struct {
 		u_int32_t		limit;
 		u_int32_t		seconds;
 	}			 max_src_conn_rate;
 	u_int32_t		 qid;
 	u_int32_t		 pqid;
 	u_int32_t		 nr;
 	u_int32_t		 prob;
 	uid_t			 cuid;
 	pid_t			 cpid;
 
 	uint64_t		 states_cur;
 	uint64_t		 states_tot;
 	uint64_t		 src_nodes;
 
 	u_int16_t		 return_icmp;
 	u_int16_t		 return_icmp6;
 	u_int16_t		 max_mss;
 	u_int16_t		 tag;
 	u_int16_t		 match_tag;
 	u_int16_t		 scrub_flags;
 
 	struct pf_rule_uid	 uid;
 	struct pf_rule_gid	 gid;
 
 	u_int32_t		 rule_flag;
 	u_int8_t		 action;
 	u_int8_t		 direction;
 	u_int8_t		 log;
 	u_int8_t		 logif;
 	u_int8_t		 quick;
 	u_int8_t		 ifnot;
 	u_int8_t		 match_tag_not;
 	u_int8_t		 natpass;
 
 	u_int8_t		 keep_state;
 	sa_family_t		 af;
 	u_int8_t		 proto;
 	u_int8_t		 type;
 	u_int8_t		 code;
 	u_int8_t		 flags;
 	u_int8_t		 flagset;
 	u_int8_t		 min_ttl;
 	u_int8_t		 allow_opts;
 	u_int8_t		 rt;
 	u_int8_t		 return_ttl;
 	u_int8_t		 tos;
 	u_int8_t		 set_tos;
 	u_int8_t		 anchor_relative;
 	u_int8_t		 anchor_wildcard;
 
 	u_int8_t		 flush;
 	u_int8_t		 prio;
 	u_int8_t		 set_prio[2];
 
 	struct {
 		struct pf_addr		addr;
 		u_int16_t		port;
 	}			divert;
 };
 
 TAILQ_HEAD(pfctl_rulequeue, pfctl_rule);
 
 struct pfctl_ruleset {
 	struct {
 		struct pfctl_rulequeue	 queues[2];
 		struct {
 			struct pfctl_rulequeue	*ptr;
 			struct pfctl_rule	**ptr_array;
 			u_int32_t		 rcount;
 			u_int32_t		 ticket;
 			int			 open;
 		}			 active, inactive;
 	}			 rules[PF_RULESET_MAX];
 	struct pfctl_anchor	*anchor;
 	u_int32_t		 tticket;
 	int			 tables;
 	int			 topen;
 };
 
 RB_HEAD(pfctl_anchor_global, pfctl_anchor);
 RB_HEAD(pfctl_anchor_node, pfctl_anchor);
 struct pfctl_anchor {
 	RB_ENTRY(pfctl_anchor)	 entry_global;
 	RB_ENTRY(pfctl_anchor)	 entry_node;
 	struct pfctl_anchor	*parent;
 	struct pfctl_anchor_node children;
 	char			 name[PF_ANCHOR_NAME_SIZE];
 	char			 path[MAXPATHLEN];
 	struct pfctl_ruleset	 ruleset;
 	int			 refcnt;	/* anchor rules */
 	int			 match;	/* XXX: used for pfctl black magic */
 };
 RB_PROTOTYPE(pfctl_anchor_global, pfctl_anchor, entry_global,
     pf_anchor_compare);
 RB_PROTOTYPE(pfctl_anchor_node, pfctl_anchor, entry_node,
     pf_anchor_compare);
 
 struct pfctl_state_cmp {
 	uint64_t	id;
 	uint32_t	creatorid;
 	uint8_t		direction;
 };
 
 struct pfctl_kill {
 	struct pfctl_state_cmp	cmp;
 	sa_family_t		af;
 	int			proto;
 	struct pf_rule_addr	src;
 	struct pf_rule_addr	dst;
 	struct pf_rule_addr	rt_addr;
 	char			ifname[IFNAMSIZ];
 	char			label[PF_RULE_LABEL_SIZE];
 	bool			kill_match;
 };
 
-struct pfctl_state_scrub {
-	bool		timestamp;
-	uint8_t		ttl;
-	uint32_t	ts_mod;
-};
-
 struct pfctl_state_peer {
-	struct pfctl_state_scrub	*scrub;
 	uint32_t			 seqlo;
 	uint32_t			 seqhi;
 	uint32_t			 seqdiff;
-	uint16_t			 max_win;
-	uint16_t			 mss;
 	uint8_t				 state;
 	uint8_t				 wscale;
 };
 
 struct pfctl_state_key {
 	struct pf_addr	 addr[2];
 	uint16_t	 port[2];
 	sa_family_t	 af;
 	uint8_t	 	 proto;
 };
 
 struct pfctl_state {
 	TAILQ_ENTRY(pfctl_state)	entry;
 
 	uint64_t		 id;
 	uint32_t		 creatorid;
 	uint8_t		 	 direction;
 
 	struct pfctl_state_peer	 src;
 	struct pfctl_state_peer	 dst;
 
 	uint32_t		 rule;
 	uint32_t		 anchor;
 	uint32_t		 nat_rule;
 	struct pf_addr		 rt_addr;
 	struct pfctl_state_key	 key[2];	/* addresses stack and wire  */
 	char			 ifname[IFNAMSIZ];
 	char			 orig_ifname[IFNAMSIZ];
 	uint64_t		 packets[2];
 	uint64_t		 bytes[2];
 	uint32_t		 creation;
 	uint32_t		 expire;
 	uint32_t		 pfsync_time;
-	uint16_t		 tag;
-	uint8_t			 log;
 	uint8_t			 state_flags;
-	uint8_t			 timeout;
 	uint32_t		 sync_flags;
 };
 
 TAILQ_HEAD(pfctl_statelist, pfctl_state);
 struct pfctl_states {
 	struct pfctl_statelist	states;
 	size_t 			count;
 };
 
 int	pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket,
 	    const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule,
 	    char *anchor_call);
 int	pfctl_get_clear_rule(int dev, u_int32_t nr, u_int32_t ticket,
 	    const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule,
 	    char *anchor_call, bool clear);
 int	pfctl_add_rule(int dev, const struct pfctl_rule *r,
 	    const char *anchor, const char *anchor_call, u_int32_t ticket,
 	    u_int32_t pool_ticket);
 int	pfctl_set_keepcounters(int dev, bool keep);
 int	pfctl_get_states(int dev, struct pfctl_states *states);
 void	pfctl_free_states(struct pfctl_states *states);
 int	pfctl_clear_states(int dev, const struct pfctl_kill *kill,
 	    unsigned int *killed);
 int	pfctl_kill_states(int dev, const struct pfctl_kill *kill,
 	    unsigned int *killed);
 
 #endif
diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c
index 553290c88586..e52d52642eab 100644
--- a/sys/netpfil/pf/pf_nv.c
+++ b/sys/netpfil/pf/pf_nv.c
@@ -1,1006 +1,974 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
  *
  * Copyright (c) 2021 Rubicon Communications, LLC (Netgate)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
  */
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
 #include "opt_inet.h"
 #include "opt_inet6.h"
 
 #include <sys/param.h>
 #include <sys/errno.h>
 #include <sys/limits.h>
 #include <sys/queue.h>
 #include <sys/systm.h>
 
 #include <netpfil/pf/pf_nv.h>
 
 #define	PF_NV_IMPL_UINT(fnname, type, max)					\
 	int									\
 	pf_nv ## fnname ## _opt(const nvlist_t *nvl, const char *name,		\
 	    type *val, type dflt)						\
 	{									\
 		uint64_t raw;							\
 		if (! nvlist_exists_number(nvl, name)) {			\
 			*val = dflt;						\
 			return (0);						\
 		}								\
 		raw = nvlist_get_number(nvl, name);				\
 		if (raw > max)							\
 			return (ERANGE);					\
 		*val = (type)raw;						\
 		return (0);							\
 	}									\
 	int									\
 	pf_nv ## fnname(const nvlist_t *nvl, const char *name, type *val)	\
 	{									\
 		uint64_t raw;							\
 		if (! nvlist_exists_number(nvl, name))				\
 			return (EINVAL);					\
 		raw = nvlist_get_number(nvl, name);				\
 		if (raw > max)							\
 			return (ERANGE);					\
 		*val = (type)raw;						\
 		return (0);							\
 	}									\
 	int									\
 	pf_nv ## fnname ## _array(const nvlist_t *nvl, const char *name,	\
 	    type *array, size_t maxelems, size_t *nelems)			\
 	{									\
 		const uint64_t *n;						\
 		size_t nitems;							\
 		bzero(array, sizeof(type) * maxelems);				\
 		if (! nvlist_exists_number_array(nvl, name))			\
 			return (EINVAL);					\
 		n = nvlist_get_number_array(nvl, name, &nitems);		\
 		if (nitems != maxelems)						\
 			return (E2BIG);						\
 		if (nelems != NULL)						\
 			*nelems = nitems;					\
 		for (size_t i = 0; i < nitems; i++) {				\
 			if (n[i] > max)						\
 				return (ERANGE);				\
 			array[i] = (type)n[i];					\
 		}								\
 		return (0);							\
 	}									\
 	void									\
 	pf_ ## fnname ## _array_nv(nvlist_t *nvl, const char *name,		\
 	    const type *numbers, size_t count)					\
 	{									\
 		uint64_t tmp;							\
 		for (size_t i = 0; i < count; i++) {				\
 			tmp = numbers[i];					\
 			nvlist_append_number_array(nvl, name, tmp);		\
 		}								\
 	}
 
 int
 pf_nvbinary(const nvlist_t *nvl, const char *name, void *data,
     size_t expected_size)
 {
 	const uint8_t *nvdata;
 	size_t len;
 
 	bzero(data, expected_size);
 
 	if (! nvlist_exists_binary(nvl, name))
 		return (EINVAL);
 
 	nvdata = (const uint8_t *)nvlist_get_binary(nvl, name, &len);
 	if (len > expected_size)
 		return (EINVAL);
 
 	memcpy(data, nvdata, len);
 
 	return (0);
 }
 
 PF_NV_IMPL_UINT(uint8, uint8_t, UINT8_MAX);
 PF_NV_IMPL_UINT(uint16, uint16_t, UINT16_MAX);
 PF_NV_IMPL_UINT(uint32, uint32_t, UINT32_MAX);
 PF_NV_IMPL_UINT(uint64, uint64_t, UINT64_MAX);
 
 int
 pf_nvint(const nvlist_t *nvl, const char *name, int *val)
 {
 	int64_t raw;
 
 	if (! nvlist_exists_number(nvl, name))
 		return (EINVAL);
 
 	raw = nvlist_get_number(nvl, name);
 	if (raw > INT_MAX || raw < INT_MIN)
 		return (ERANGE);
 
 	*val = (int)raw;
 
 	return (0);
 }
 
 int
 pf_nvstring(const nvlist_t *nvl, const char *name, char *str, size_t maxlen)
 {
 	int ret;
 
 	if (! nvlist_exists_string(nvl, name))
 		return (EINVAL);
 
 	ret = strlcpy(str, nvlist_get_string(nvl, name), maxlen);
 	if (ret >= maxlen)
 		return (EINVAL);
 
 	return (0);
 }
 
 static int
 pf_nvaddr_to_addr(const nvlist_t *nvl, struct pf_addr *paddr)
 {
 	return (pf_nvbinary(nvl, "addr", paddr, sizeof(*paddr)));
 }
 
 static nvlist_t *
 pf_addr_to_nvaddr(const struct pf_addr *paddr)
 {
 	nvlist_t *nvl;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	nvlist_add_binary(nvl, "addr", paddr, sizeof(*paddr));
 
 	return (nvl);
 }
 
 static int
 pf_nvmape_to_mape(const nvlist_t *nvl, struct pf_mape_portset *mape)
 {
 	int error = 0;
 
 	bzero(mape, sizeof(*mape));
 	PFNV_CHK(pf_nvuint8(nvl, "offset", &mape->offset));
 	PFNV_CHK(pf_nvuint8(nvl, "psidlen", &mape->psidlen));
 	PFNV_CHK(pf_nvuint16(nvl, "psid", &mape->psid));
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_mape_to_nvmape(const struct pf_mape_portset *mape)
 {
 	nvlist_t *nvl;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	nvlist_add_number(nvl, "offset", mape->offset);
 	nvlist_add_number(nvl, "psidlen", mape->psidlen);
 	nvlist_add_number(nvl, "psid", mape->psid);
 
 	return (nvl);
 }
 
 static int
 pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_kpool *kpool)
 {
 	int error = 0;
 
 	bzero(kpool, sizeof(*kpool));
 
 	PFNV_CHK(pf_nvbinary(nvl, "key", &kpool->key, sizeof(kpool->key)));
 
 	if (nvlist_exists_nvlist(nvl, "counter")) {
 		PFNV_CHK(pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "counter"),
 		    &kpool->counter));
 	}
 
 	PFNV_CHK(pf_nvint(nvl, "tblidx", &kpool->tblidx));
 	PFNV_CHK(pf_nvuint16_array(nvl, "proxy_port", kpool->proxy_port, 2,
 	    NULL));
 	PFNV_CHK(pf_nvuint8(nvl, "opts", &kpool->opts));
 
 	if (nvlist_exists_nvlist(nvl, "mape")) {
 		PFNV_CHK(pf_nvmape_to_mape(nvlist_get_nvlist(nvl, "mape"),
 		    &kpool->mape));
 	}
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_pool_to_nvpool(const struct pf_kpool *pool)
 {
 	nvlist_t *nvl;
 	nvlist_t *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	nvlist_add_binary(nvl, "key", &pool->key, sizeof(pool->key));
 	tmp = pf_addr_to_nvaddr(&pool->counter);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "counter", tmp);
 	nvlist_destroy(tmp);
 
 	nvlist_add_number(nvl, "tblidx", pool->tblidx);
 	pf_uint16_array_nv(nvl, "proxy_port", pool->proxy_port, 2);
 	nvlist_add_number(nvl, "opts", pool->opts);
 
 	tmp = pf_mape_to_nvmape(&pool->mape);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "mape", tmp);
 	nvlist_destroy(tmp);
 
 	return (nvl);
 
 error:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
 static int
 pf_nvaddr_wrap_to_addr_wrap(const nvlist_t *nvl, struct pf_addr_wrap *addr)
 {
 	int error = 0;
 
 	bzero(addr, sizeof(*addr));
 
 	PFNV_CHK(pf_nvuint8(nvl, "type", &addr->type));
 	PFNV_CHK(pf_nvuint8(nvl, "iflags", &addr->iflags));
 	if (addr->type == PF_ADDR_DYNIFTL)
 		PFNV_CHK(pf_nvstring(nvl, "ifname", addr->v.ifname,
 		    sizeof(addr->v.ifname)));
 	if (addr->type == PF_ADDR_TABLE)
 		PFNV_CHK(pf_nvstring(nvl, "tblname", addr->v.tblname,
 		    sizeof(addr->v.tblname)));
 
 	if (! nvlist_exists_nvlist(nvl, "addr"))
 		return (EINVAL);
 	PFNV_CHK(pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "addr"),
 	    &addr->v.a.addr));
 
 	if (! nvlist_exists_nvlist(nvl, "mask"))
 		return (EINVAL);
 	PFNV_CHK(pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "mask"),
 	    &addr->v.a.mask));
 
 	switch (addr->type) {
 	case PF_ADDR_DYNIFTL:
 	case PF_ADDR_TABLE:
 	case PF_ADDR_RANGE:
 	case PF_ADDR_ADDRMASK:
 	case PF_ADDR_NOROUTE:
 	case PF_ADDR_URPFFAILED:
 		break;
 	default:
 		return (EINVAL);
 	}
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_addr_wrap_to_nvaddr_wrap(const struct pf_addr_wrap *addr)
 {
 	nvlist_t *nvl;
 	nvlist_t *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	nvlist_add_number(nvl, "type", addr->type);
 	nvlist_add_number(nvl, "iflags", addr->iflags);
 	if (addr->type == PF_ADDR_DYNIFTL)
 		nvlist_add_string(nvl, "ifname", addr->v.ifname);
 	if (addr->type == PF_ADDR_TABLE)
 		nvlist_add_string(nvl, "tblname", addr->v.tblname);
 
 	tmp = pf_addr_to_nvaddr(&addr->v.a.addr);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "addr", tmp);
 	nvlist_destroy(tmp);
 	tmp = pf_addr_to_nvaddr(&addr->v.a.mask);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "mask", tmp);
 	nvlist_destroy(tmp);
 
 	return (nvl);
 
 error:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
 static int
 pf_validate_op(uint8_t op)
 {
 	switch (op) {
 	case PF_OP_NONE:
 	case PF_OP_IRG:
 	case PF_OP_EQ:
 	case PF_OP_NE:
 	case PF_OP_LT:
 	case PF_OP_LE:
 	case PF_OP_GT:
 	case PF_OP_GE:
 	case PF_OP_XRG:
 	case PF_OP_RRG:
 		break;
 	default:
 		return (EINVAL);
 	}
 
 	return (0);
 }
 
 static int
 pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr)
 {
 	int error = 0;
 
 	if (! nvlist_exists_nvlist(nvl, "addr"))
 		return (EINVAL);
 
 	PFNV_CHK(pf_nvaddr_wrap_to_addr_wrap(nvlist_get_nvlist(nvl, "addr"),
 	    &addr->addr));
 	PFNV_CHK(pf_nvuint16_array(nvl, "port", addr->port, 2, NULL));
 	PFNV_CHK(pf_nvuint8(nvl, "neg", &addr->neg));
 	PFNV_CHK(pf_nvuint8(nvl, "port_op", &addr->port_op));
 
 	PFNV_CHK(pf_validate_op(addr->port_op));
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_rule_addr_to_nvrule_addr(const struct pf_rule_addr *addr)
 {
 	nvlist_t *nvl;
 	nvlist_t *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	tmp = pf_addr_wrap_to_nvaddr_wrap(&addr->addr);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "addr", tmp);
 	nvlist_destroy(tmp);
 	pf_uint16_array_nv(nvl, "port", addr->port, 2);
 	nvlist_add_number(nvl, "neg", addr->neg);
 	nvlist_add_number(nvl, "port_op", addr->port_op);
 
 	return (nvl);
 
 error:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
 static int
 pf_nvrule_uid_to_rule_uid(const nvlist_t *nvl, struct pf_rule_uid *uid)
 {
 	int error = 0;
 
 	bzero(uid, sizeof(*uid));
 
 	PFNV_CHK(pf_nvuint32_array(nvl, "uid", uid->uid, 2, NULL));
 	PFNV_CHK(pf_nvuint8(nvl, "op", &uid->op));
 
 	PFNV_CHK(pf_validate_op(uid->op));
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_rule_uid_to_nvrule_uid(const struct pf_rule_uid *uid)
 {
 	nvlist_t *nvl;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	pf_uint32_array_nv(nvl, "uid", uid->uid, 2);
 	nvlist_add_number(nvl, "op", uid->op);
 
 	return (nvl);
 }
 
 static int
 pf_nvrule_gid_to_rule_gid(const nvlist_t *nvl, struct pf_rule_gid *gid)
 {
 	/* Cheat a little. These stucts are the same, other than the name of
 	 * the first field. */
 	return (pf_nvrule_uid_to_rule_uid(nvl, (struct pf_rule_uid *)gid));
 }
 
 int
 pf_check_rule_addr(const struct pf_rule_addr *addr)
 {
 
 	switch (addr->addr.type) {
 	case PF_ADDR_ADDRMASK:
 	case PF_ADDR_NOROUTE:
 	case PF_ADDR_DYNIFTL:
 	case PF_ADDR_TABLE:
 	case PF_ADDR_URPFFAILED:
 	case PF_ADDR_RANGE:
 		break;
 	default:
 		return (EINVAL);
 	}
 
 	if (addr->addr.p.dyn != NULL) {
 		return (EINVAL);
 	}
 
 	return (0);
 }
 
 
 int
 pf_nvrule_to_krule(const nvlist_t *nvl, struct pf_krule *rule)
 {
 	int error = 0;
 
 #define	ERROUT(x)	ERROUT_FUNCTION(errout, x)
 
 	PFNV_CHK(pf_nvuint32(nvl, "nr", &rule->nr));
 
 	if (! nvlist_exists_nvlist(nvl, "src"))
 		ERROUT(EINVAL);
 
 	error = pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "src"),
 	    &rule->src);
 	if (error != 0)
 		ERROUT(error);
 
 	if (! nvlist_exists_nvlist(nvl, "dst"))
 		ERROUT(EINVAL);
 
 	PFNV_CHK(pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "dst"),
 	    &rule->dst));
 
 	if (nvlist_exists_string(nvl, "label")) {
 		PFNV_CHK(pf_nvstring(nvl, "label", rule->label[0],
 		    sizeof(rule->label[0])));
 	} else if (nvlist_exists_string_array(nvl, "labels")) {
 		const char *const *strs;
 		size_t items;
 		int ret;
 
 		strs = nvlist_get_string_array(nvl, "labels", &items);
 		if (items > PF_RULE_MAX_LABEL_COUNT)
 			ERROUT(E2BIG);
 
 		for (size_t i = 0; i < items; i++) {
 			ret = strlcpy(rule->label[i], strs[i],
 			    sizeof(rule->label[0]));
 			if (ret >= sizeof(rule->label[0]))
 				ERROUT(E2BIG);
 		}
 	}
 
 	PFNV_CHK(pf_nvstring(nvl, "ifname", rule->ifname,
 	    sizeof(rule->ifname)));
 	PFNV_CHK(pf_nvstring(nvl, "qname", rule->qname, sizeof(rule->qname)));
 	PFNV_CHK(pf_nvstring(nvl, "pqname", rule->pqname,
 	    sizeof(rule->pqname)));
 	PFNV_CHK(pf_nvstring(nvl, "tagname", rule->tagname,
 	    sizeof(rule->tagname)));
 	PFNV_CHK(pf_nvstring(nvl, "match_tagname", rule->match_tagname,
 	    sizeof(rule->match_tagname)));
 	PFNV_CHK(pf_nvstring(nvl, "overload_tblname", rule->overload_tblname,
 	    sizeof(rule->overload_tblname)));
 
 	if (! nvlist_exists_nvlist(nvl, "rpool"))
 		ERROUT(EINVAL);
 	PFNV_CHK(pf_nvpool_to_pool(nvlist_get_nvlist(nvl, "rpool"),
 	    &rule->rpool));
 
 	PFNV_CHK(pf_nvuint32(nvl, "os_fingerprint", &rule->os_fingerprint));
 
 	PFNV_CHK(pf_nvint(nvl, "rtableid", &rule->rtableid));
 	PFNV_CHK(pf_nvuint32_array(nvl, "timeout", rule->timeout, PFTM_MAX, NULL));
 	PFNV_CHK(pf_nvuint32(nvl, "max_states", &rule->max_states));
 	PFNV_CHK(pf_nvuint32(nvl, "max_src_nodes", &rule->max_src_nodes));
 	PFNV_CHK(pf_nvuint32(nvl, "max_src_states", &rule->max_src_states));
 	PFNV_CHK(pf_nvuint32(nvl, "max_src_conn", &rule->max_src_conn));
 	PFNV_CHK(pf_nvuint32(nvl, "max_src_conn_rate.limit",
 	    &rule->max_src_conn_rate.limit));
 	PFNV_CHK(pf_nvuint32(nvl, "max_src_conn_rate.seconds",
 	    &rule->max_src_conn_rate.seconds));
 	PFNV_CHK(pf_nvuint32(nvl, "prob", &rule->prob));
 	PFNV_CHK(pf_nvuint32(nvl, "cuid", &rule->cuid));
 	PFNV_CHK(pf_nvuint32(nvl, "cpid", &rule->cpid));
 
 	PFNV_CHK(pf_nvuint16(nvl, "return_icmp", &rule->return_icmp));
 	PFNV_CHK(pf_nvuint16(nvl, "return_icmp6", &rule->return_icmp6));
 
 	PFNV_CHK(pf_nvuint16(nvl, "max_mss", &rule->max_mss));
 	PFNV_CHK(pf_nvuint16(nvl, "scrub_flags", &rule->scrub_flags));
 
 	if (! nvlist_exists_nvlist(nvl, "uid"))
 		ERROUT(EINVAL);
 	PFNV_CHK(pf_nvrule_uid_to_rule_uid(nvlist_get_nvlist(nvl, "uid"),
 	    &rule->uid));
 
 	if (! nvlist_exists_nvlist(nvl, "gid"))
 		ERROUT(EINVAL);
 	PFNV_CHK(pf_nvrule_gid_to_rule_gid(nvlist_get_nvlist(nvl, "gid"),
 	    &rule->gid));
 
 	PFNV_CHK(pf_nvuint32(nvl, "rule_flag", &rule->rule_flag));
 	PFNV_CHK(pf_nvuint8(nvl, "action", &rule->action));
 	PFNV_CHK(pf_nvuint8(nvl, "direction", &rule->direction));
 	PFNV_CHK(pf_nvuint8(nvl, "log", &rule->log));
 	PFNV_CHK(pf_nvuint8(nvl, "logif", &rule->logif));
 	PFNV_CHK(pf_nvuint8(nvl, "quick", &rule->quick));
 	PFNV_CHK(pf_nvuint8(nvl, "ifnot", &rule->ifnot));
 	PFNV_CHK(pf_nvuint8(nvl, "match_tag_not", &rule->match_tag_not));
 	PFNV_CHK(pf_nvuint8(nvl, "natpass", &rule->natpass));
 
 	PFNV_CHK(pf_nvuint8(nvl, "keep_state", &rule->keep_state));
 	PFNV_CHK(pf_nvuint8(nvl, "af", &rule->af));
 	PFNV_CHK(pf_nvuint8(nvl, "proto", &rule->proto));
 	PFNV_CHK(pf_nvuint8(nvl, "type", &rule->type));
 	PFNV_CHK(pf_nvuint8(nvl, "code", &rule->code));
 	PFNV_CHK(pf_nvuint8(nvl, "flags", &rule->flags));
 	PFNV_CHK(pf_nvuint8(nvl, "flagset", &rule->flagset));
 	PFNV_CHK(pf_nvuint8(nvl, "min_ttl", &rule->min_ttl));
 	PFNV_CHK(pf_nvuint8(nvl, "allow_opts", &rule->allow_opts));
 	PFNV_CHK(pf_nvuint8(nvl, "rt", &rule->rt));
 	PFNV_CHK(pf_nvuint8(nvl, "return_ttl", &rule->return_ttl));
 	PFNV_CHK(pf_nvuint8(nvl, "tos", &rule->tos));
 	PFNV_CHK(pf_nvuint8(nvl, "set_tos", &rule->set_tos));
 	PFNV_CHK(pf_nvuint8(nvl, "anchor_relative", &rule->anchor_relative));
 	PFNV_CHK(pf_nvuint8(nvl, "anchor_wildcard", &rule->anchor_wildcard));
 
 	PFNV_CHK(pf_nvuint8(nvl, "flush", &rule->flush));
 	PFNV_CHK(pf_nvuint8(nvl, "prio", &rule->prio));
 
 	PFNV_CHK(pf_nvuint8_array(nvl, "set_prio", &rule->prio, 2, NULL));
 
 	if (nvlist_exists_nvlist(nvl, "divert")) {
 		const nvlist_t *nvldivert = nvlist_get_nvlist(nvl, "divert");
 
 		if (! nvlist_exists_nvlist(nvldivert, "addr"))
 			ERROUT(EINVAL);
 		PFNV_CHK(pf_nvaddr_to_addr(nvlist_get_nvlist(nvldivert, "addr"),
 		    &rule->divert.addr));
 		PFNV_CHK(pf_nvuint16(nvldivert, "port", &rule->divert.port));
 	}
 
 	/* Validation */
 #ifndef INET
 	if (rule->af == AF_INET)
 		ERROUT(EAFNOSUPPORT);
 #endif /* INET */
 #ifndef INET6
 	if (rule->af == AF_INET6)
 		ERROUT(EAFNOSUPPORT);
 #endif /* INET6 */
 
 	PFNV_CHK(pf_check_rule_addr(&rule->src));
 	PFNV_CHK(pf_check_rule_addr(&rule->dst));
 
 	return (0);
 
 #undef ERROUT
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_divert_to_nvdivert(const struct pf_krule *rule)
 {
 	nvlist_t *nvl;
 	nvlist_t *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	tmp = pf_addr_to_nvaddr(&rule->divert.addr);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "addr", tmp);
 	nvlist_destroy(tmp);
 	nvlist_add_number(nvl, "port", rule->divert.port);
 
 	return (nvl);
 
 error:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
 nvlist_t *
 pf_krule_to_nvrule(const struct pf_krule *rule)
 {
 	nvlist_t *nvl, *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (nvl);
 
 	nvlist_add_number(nvl, "nr", rule->nr);
 	tmp = pf_rule_addr_to_nvrule_addr(&rule->src);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "src", tmp);
 	nvlist_destroy(tmp);
 	tmp = pf_rule_addr_to_nvrule_addr(&rule->dst);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "dst", tmp);
 	nvlist_destroy(tmp);
 
 	for (int i = 0; i < PF_SKIP_COUNT; i++) {
 		nvlist_append_number_array(nvl, "skip",
 		    rule->skip[i].ptr ? rule->skip[i].ptr->nr : -1);
 	}
 
 	for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) {
 		nvlist_append_string_array(nvl, "labels", rule->label[i]);
 	}
 	nvlist_add_string(nvl, "label", rule->label[0]);
 	nvlist_add_string(nvl, "ifname", rule->ifname);
 	nvlist_add_string(nvl, "qname", rule->qname);
 	nvlist_add_string(nvl, "pqname", rule->pqname);
 	nvlist_add_string(nvl, "tagname", rule->tagname);
 	nvlist_add_string(nvl, "match_tagname", rule->match_tagname);
 	nvlist_add_string(nvl, "overload_tblname", rule->overload_tblname);
 
 	tmp = pf_pool_to_nvpool(&rule->rpool);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "rpool", tmp);
 	nvlist_destroy(tmp);
 
 	nvlist_add_number(nvl, "evaluations",
 	    counter_u64_fetch(rule->evaluations));
 	for (int i = 0; i < 2; i++) {
 		nvlist_append_number_array(nvl, "packets",
 		    counter_u64_fetch(rule->packets[i]));
 		nvlist_append_number_array(nvl, "bytes",
 		    counter_u64_fetch(rule->bytes[i]));
 	}
 
 	nvlist_add_number(nvl, "os_fingerprint", rule->os_fingerprint);
 
 	nvlist_add_number(nvl, "rtableid", rule->rtableid);
 	pf_uint32_array_nv(nvl, "timeout", rule->timeout, PFTM_MAX);
 	nvlist_add_number(nvl, "max_states", rule->max_states);
 	nvlist_add_number(nvl, "max_src_nodes", rule->max_src_nodes);
 	nvlist_add_number(nvl, "max_src_states", rule->max_src_states);
 	nvlist_add_number(nvl, "max_src_conn", rule->max_src_conn);
 	nvlist_add_number(nvl, "max_src_conn_rate.limit",
 	    rule->max_src_conn_rate.limit);
 	nvlist_add_number(nvl, "max_src_conn_rate.seconds",
 	    rule->max_src_conn_rate.seconds);
 	nvlist_add_number(nvl, "qid", rule->qid);
 	nvlist_add_number(nvl, "pqid", rule->pqid);
 	nvlist_add_number(nvl, "prob", rule->prob);
 	nvlist_add_number(nvl, "cuid", rule->cuid);
 	nvlist_add_number(nvl, "cpid", rule->cpid);
 
 	nvlist_add_number(nvl, "states_cur",
 	    counter_u64_fetch(rule->states_cur));
 	nvlist_add_number(nvl, "states_tot",
 	    counter_u64_fetch(rule->states_tot));
 	nvlist_add_number(nvl, "src_nodes",
 	    counter_u64_fetch(rule->src_nodes));
 
 	nvlist_add_number(nvl, "return_icmp", rule->return_icmp);
 	nvlist_add_number(nvl, "return_icmp6", rule->return_icmp6);
 
 	nvlist_add_number(nvl, "max_mss", rule->max_mss);
 	nvlist_add_number(nvl, "scrub_flags", rule->scrub_flags);
 
 	tmp = pf_rule_uid_to_nvrule_uid(&rule->uid);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "uid", tmp);
 	nvlist_destroy(tmp);
 	tmp = pf_rule_uid_to_nvrule_uid((const struct pf_rule_uid *)&rule->gid);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "gid", tmp);
 	nvlist_destroy(tmp);
 
 	nvlist_add_number(nvl, "rule_flag", rule->rule_flag);
 	nvlist_add_number(nvl, "action", rule->action);
 	nvlist_add_number(nvl, "direction", rule->direction);
 	nvlist_add_number(nvl, "log", rule->log);
 	nvlist_add_number(nvl, "logif", rule->logif);
 	nvlist_add_number(nvl, "quick", rule->quick);
 	nvlist_add_number(nvl, "ifnot", rule->ifnot);
 	nvlist_add_number(nvl, "match_tag_not", rule->match_tag_not);
 	nvlist_add_number(nvl, "natpass", rule->natpass);
 
 	nvlist_add_number(nvl, "keep_state", rule->keep_state);
 	nvlist_add_number(nvl, "af", rule->af);
 	nvlist_add_number(nvl, "proto", rule->proto);
 	nvlist_add_number(nvl, "type", rule->type);
 	nvlist_add_number(nvl, "code", rule->code);
 	nvlist_add_number(nvl, "flags", rule->flags);
 	nvlist_add_number(nvl, "flagset", rule->flagset);
 	nvlist_add_number(nvl, "min_ttl", rule->min_ttl);
 	nvlist_add_number(nvl, "allow_opts", rule->allow_opts);
 	nvlist_add_number(nvl, "rt", rule->rt);
 	nvlist_add_number(nvl, "return_ttl", rule->return_ttl);
 	nvlist_add_number(nvl, "tos", rule->tos);
 	nvlist_add_number(nvl, "set_tos", rule->set_tos);
 	nvlist_add_number(nvl, "anchor_relative", rule->anchor_relative);
 	nvlist_add_number(nvl, "anchor_wildcard", rule->anchor_wildcard);
 
 	nvlist_add_number(nvl, "flush", rule->flush);
 	nvlist_add_number(nvl, "prio", rule->prio);
 
 	pf_uint8_array_nv(nvl, "set_prio", &rule->prio, 2);
 
 	tmp = pf_divert_to_nvdivert(rule);
 	if (tmp == NULL)
 		goto error;
 	nvlist_add_nvlist(nvl, "divert", tmp);
 	nvlist_destroy(tmp);
 
 	return (nvl);
 
 error:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
 static int
 pf_nvstate_cmp_to_state_cmp(const nvlist_t *nvl, struct pf_state_cmp *cmp)
 {
 	int error = 0;
 
 	bzero(cmp, sizeof(*cmp));
 
 	PFNV_CHK(pf_nvuint64(nvl, "id", &cmp->id));
 	PFNV_CHK(pf_nvuint32(nvl, "creatorid", &cmp->creatorid));
 	PFNV_CHK(pf_nvuint8(nvl, "direction", &cmp->direction));
 
 errout:
 	return (error);
 }
 
 int
 pf_nvstate_kill_to_kstate_kill(const nvlist_t *nvl,
     struct pf_kstate_kill *kill)
 {
 	int error = 0;
 
 	bzero(kill, sizeof(*kill));
 
 	if (! nvlist_exists_nvlist(nvl, "cmp"))
 		return (EINVAL);
 
 	PFNV_CHK(pf_nvstate_cmp_to_state_cmp(nvlist_get_nvlist(nvl, "cmp"),
 	    &kill->psk_pfcmp));
 	PFNV_CHK(pf_nvuint8(nvl, "af", &kill->psk_af));
 	PFNV_CHK(pf_nvint(nvl, "proto", &kill->psk_proto));
 
 	if (! nvlist_exists_nvlist(nvl, "src"))
 		return (EINVAL);
 	PFNV_CHK(pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "src"),
 	    &kill->psk_src));
 	if (! nvlist_exists_nvlist(nvl, "dst"))
 		return (EINVAL);
 	PFNV_CHK(pf_nvrule_addr_to_rule_addr(nvlist_get_nvlist(nvl, "dst"),
 	    &kill->psk_dst));
 	if (nvlist_exists_nvlist(nvl, "rt_addr")) {
 		PFNV_CHK(pf_nvrule_addr_to_rule_addr(
 		    nvlist_get_nvlist(nvl, "rt_addr"), &kill->psk_rt_addr));
 	}
 
 	PFNV_CHK(pf_nvstring(nvl, "ifname", kill->psk_ifname,
 	    sizeof(kill->psk_ifname)));
 	PFNV_CHK(pf_nvstring(nvl, "label", kill->psk_label,
 	    sizeof(kill->psk_label)));
 	if (nvlist_exists_bool(nvl, "kill_match"))
 		kill->psk_kill_match = nvlist_get_bool(nvl, "kill_match");
 
 errout:
 	return (error);
 }
 
 static nvlist_t *
 pf_state_key_to_nvstate_key(const struct pf_state_key *key)
 {
 	nvlist_t	*nvl, *tmp;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	for (int i = 0; i < 2; i++) {
 		tmp = pf_addr_to_nvaddr(&key->addr[i]);
 		if (tmp == NULL)
 			goto errout;
 		nvlist_append_nvlist_array(nvl, "addr", tmp);
 		nvlist_destroy(tmp);
 		nvlist_append_number_array(nvl, "port", key->port[i]);
 	}
 	nvlist_add_number(nvl, "af", key->af);
 	nvlist_add_number(nvl, "proto", key->proto);
 
 	return (nvl);
 
 errout:
 	nvlist_destroy(nvl);
 	return (NULL);
 }
 
-static nvlist_t *
-pf_state_scrub_to_nvstate_scrub(const struct pf_state_scrub *scrub)
-{
-	nvlist_t *nvl;
-
-	nvl = nvlist_create(0);
-	if (nvl == NULL)
-		return (NULL);
-
-	nvlist_add_bool(nvl, "timestamp", scrub->pfss_flags & PFSS_TIMESTAMP);
-	nvlist_add_number(nvl, "ttl", scrub->pfss_ttl);
-	nvlist_add_number(nvl, "ts_mod", scrub->pfss_ts_mod);
-
-	return (nvl);
-}
-
 static nvlist_t *
 pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer)
 {
-	nvlist_t *nvl, *tmp;
+	nvlist_t *nvl;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
-	if (peer->scrub) {
-		tmp = pf_state_scrub_to_nvstate_scrub(peer->scrub);
-		if (tmp == NULL)
-			goto errout;
-		nvlist_add_nvlist(nvl, "scrub", tmp);
-		nvlist_destroy(tmp);
-	}
-
 	nvlist_add_number(nvl, "seqlo", peer->seqlo);
 	nvlist_add_number(nvl, "seqhi", peer->seqhi);
 	nvlist_add_number(nvl, "seqdiff", peer->seqdiff);
-	nvlist_add_number(nvl, "max_win", peer->max_win);
-	nvlist_add_number(nvl, "mss", peer->mss);
 	nvlist_add_number(nvl, "state", peer->state);
 	nvlist_add_number(nvl, "wscale", peer->wscale);
 
 	return (nvl);
-
-errout:
-	nvlist_destroy(nvl);
-	return (NULL);
 }
 
 nvlist_t *
 pf_state_to_nvstate(const struct pf_state *s)
 {
 	nvlist_t	*nvl, *tmp;
 	uint32_t	 expire, flags = 0;
 
 	nvl = nvlist_create(0);
 	if (nvl == NULL)
 		return (NULL);
 
 	nvlist_add_number(nvl, "id", s->id);
 	nvlist_add_string(nvl, "ifname", s->kif->pfik_name);
 	nvlist_add_string(nvl, "orig_ifname", s->orig_kif->pfik_name);
 
 	tmp = pf_state_key_to_nvstate_key(s->key[PF_SK_STACK]);
 	if (tmp == NULL)
 		goto errout;
 	nvlist_add_nvlist(nvl, "stack_key", tmp);
 	nvlist_destroy(tmp);
 
 	tmp = pf_state_key_to_nvstate_key(s->key[PF_SK_WIRE]);
 	if (tmp == NULL)
 		goto errout;
 	nvlist_add_nvlist(nvl, "wire_key", tmp);
 	nvlist_destroy(tmp);
 
 	tmp = pf_state_peer_to_nvstate_peer(&s->src);
 	if (tmp == NULL)
 		goto errout;
 	nvlist_add_nvlist(nvl, "src", tmp);
 	nvlist_destroy(tmp);
 
 	tmp = pf_state_peer_to_nvstate_peer(&s->dst);
 	if (tmp == NULL)
 		goto errout;
 	nvlist_add_nvlist(nvl, "dst", tmp);
 	nvlist_destroy(tmp);
 
 	tmp = pf_addr_to_nvaddr(&s->rt_addr);
 	if (tmp == NULL)
 		goto errout;
 	nvlist_add_nvlist(nvl, "rt_addr", tmp);
 	nvlist_destroy(tmp);
 
 	nvlist_add_number(nvl, "rule", s->rule.ptr ? s->rule.ptr->nr : -1);
 	nvlist_add_number(nvl, "anchor",
 	    s->anchor.ptr ? s->anchor.ptr->nr : -1);
 	nvlist_add_number(nvl, "nat_rule",
 	    s->nat_rule.ptr ? s->nat_rule.ptr->nr : -1);
 	nvlist_add_number(nvl, "creation", s->creation);
 
 	expire = pf_state_expires(s);
 	if (expire <= time_uptime)
 		expire = 0;
 	else
 		expire = expire - time_uptime;
 	nvlist_add_number(nvl, "expire", expire);
 
 	for (int i = 0; i < 2; i++) {
 		nvlist_append_number_array(nvl, "packets",
 		    s->packets[i]);
 		nvlist_append_number_array(nvl, "bytes",
 		    s->bytes[i]);
 	}
 
 	nvlist_add_number(nvl, "creatorid", s->creatorid);
 	nvlist_add_number(nvl, "direction", s->direction);
-	nvlist_add_number(nvl, "log", s->log);
 	nvlist_add_number(nvl, "state_flags", s->state_flags);
-	nvlist_add_number(nvl, "timeout", s->timeout);
 	if (s->src_node)
 		flags |= PFSYNC_FLAG_SRCNODE;
 	if (s->nat_src_node)
 		flags |= PFSYNC_FLAG_NATSRCNODE;
 	nvlist_add_number(nvl, "sync_flags", flags);
 
 	return (nvl);
 
 errout:
 	nvlist_destroy(nvl);
 	return (NULL);
 }