summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2015-02-10 06:45:56 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2015-02-10 06:45:56 +0000
commita589dc5a7f5e9f672419d53357dc098e1868a60b (patch)
tree3c7f0893999a9b0ad99289401c1b05d76a4f2f89
parent30d20b716e66b1f85838cb182cf559a5dbb74f8d (diff)
since we inherit prio (as in, the queuing priority) from outside sources,
i. e. on vlan interfaces, it is useful to be able to match on it - effectively matching on classification done elsewhere. i thought i had long implemented that, but chrisz@ asking for it made me notice that wasn't the case. tests by chrisz, ok phessler pelikan
-rw-r--r--sbin/pfctl/parse.y24
-rw-r--r--sbin/pfctl/pfctl_parser.c4
-rw-r--r--sys/net/pf.c5
-rw-r--r--sys/net/pf_ioctl.c3
-rw-r--r--sys/net/pfvar.h5
5 files changed, 35 insertions, 6 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index bf2dbbce540..5901e7255e4 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.644 2015/01/16 06:40:00 deraadt Exp $ */
+/* $OpenBSD: parse.y,v 1.645 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -230,6 +230,7 @@ struct filter_opts {
#define FOM_SCRUB_TCP 0x0200
#define FOM_SETPRIO 0x0400
#define FOM_ONCE 0x1000
+#define FOM_PRIO 0x2000
struct node_uid *uid;
struct node_gid *gid;
struct node_if *rcv;
@@ -254,6 +255,7 @@ struct filter_opts {
char *match_tag;
u_int8_t match_tag_not;
u_int rtableid;
+ u_int8_t prio;
u_int8_t set_prio[2];
struct {
struct node_host *addr;
@@ -881,6 +883,10 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto
YYERROR;
}
r.match_tag_not = $9.match_tag_not;
+ if ($9.marker & FOM_PRIO)
+ r.prio = $9.prio;
+ else
+ r.prio = 0xff;
if ($9.marker & FOM_SETPRIO) {
r.set_prio[0] = $9.set_prio[0];
r.set_prio[1] = $9.set_prio[1];
@@ -1484,6 +1490,10 @@ pfrule : action dir logquick interface af proto fromto
}
if ($8.marker & FOM_SCRUB_TCP)
r.scrub_flags |= PFSTATE_SCRUB_TCP;
+ if ($8.marker & FOM_PRIO)
+ r.prio = $8.prio;
+ else
+ r.prio = 0xff;
if ($8.marker & FOM_SETPRIO) {
r.set_prio[0] = $8.set_prio[0];
r.set_prio[1] = $8.set_prio[1];
@@ -1914,6 +1924,18 @@ filter_opt : USER uids {
filter_opts.marker |= FOM_ICMP;
filter_opts.icmpspec = $1;
}
+ | PRIO NUMBER {
+ if (filter_opts.marker & FOM_PRIO) {
+ yyerror("prio cannot be redefined");
+ YYERROR;
+ }
+ if ($2 < 0 || $2 > IFQ_MAXPRIO) {
+ yyerror("prio must be 0 - %u", IFQ_MAXPRIO);
+ YYERROR;
+ }
+ filter_opts.marker |= FOM_PRIO;
+ filter_opts.prio = $2;
+ }
| TOS tos {
if (filter_opts.marker & FOM_TOS) {
yyerror("tos cannot be redefined");
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index fdf631936b3..0a5b96088b3 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.302 2015/02/07 23:35:27 tedu Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.303 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -853,6 +853,8 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts)
}
if (r->tos)
printf(" tos 0x%2.2x", r->tos);
+ if (r->prio != 0xff)
+ printf(" prio %u", r->prio);
if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) {
char *comma = "";
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 657b571976b..6ffab243aba 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.902 2015/02/09 19:14:48 markus Exp $ */
+/* $OpenBSD: pf.c,v 1.903 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3228,6 +3228,9 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
PF_TEST_ATTRIB((r->rcv_kif && pf_match_rcvif(pd->m, r) ==
r->rcvifnot),
TAILQ_NEXT(r, entries));
+ PF_TEST_ATTRIB((r->prio != 0xff &&
+ r->prio != pd->m->m_pkthdr.pf.prio),
+ TAILQ_NEXT(r, entries));
/* FALLTHROUGH */
if (r->tag)
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 5ec608c7681..27237b74f45 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.281 2015/01/24 00:29:06 deraadt Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.282 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2459,6 +2459,7 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to,
to->divert.port = from->divert.port;
to->divert_packet.addr = from->divert_packet.addr;
to->divert_packet.port = from->divert_packet.port;
+ to->prio = from->prio;
to->set_prio[0] = from->set_prio[0];
to->set_prio[1] = from->set_prio[1];
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ba41509a5ce..e93bad57d3a 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.409 2015/02/07 06:27:46 pelikan Exp $ */
+/* $OpenBSD: pfvar.h,v 1.410 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -644,10 +644,11 @@ struct pf_rule {
#define PF_FLUSH 0x01
#define PF_FLUSH_GLOBAL 0x02
u_int8_t flush;
+ u_int8_t prio;
u_int8_t set_prio[2];
sa_family_t naf;
u_int8_t rcvifnot;
- u_int8_t pad[3];
+ u_int8_t pad[2];
struct {
struct pf_addr addr;