diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2015-02-10 06:45:56 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2015-02-10 06:45:56 +0000 |
commit | a589dc5a7f5e9f672419d53357dc098e1868a60b (patch) | |
tree | 3c7f0893999a9b0ad99289401c1b05d76a4f2f89 | |
parent | 30d20b716e66b1f85838cb182cf559a5dbb74f8d (diff) |
since we inherit prio (as in, the queuing priority) from outside sources,
i. e. on vlan interfaces, it is useful to be able to match on it -
effectively matching on classification done elsewhere.
i thought i had long implemented that, but chrisz@ asking for it made
me notice that wasn't the case.
tests by chrisz, ok phessler pelikan
-rw-r--r-- | sbin/pfctl/parse.y | 24 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 4 | ||||
-rw-r--r-- | sys/net/pf.c | 5 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 3 | ||||
-rw-r--r-- | sys/net/pfvar.h | 5 |
5 files changed, 35 insertions, 6 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index bf2dbbce540..5901e7255e4 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.644 2015/01/16 06:40:00 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.645 2015/02/10 06:45:55 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -230,6 +230,7 @@ struct filter_opts { #define FOM_SCRUB_TCP 0x0200 #define FOM_SETPRIO 0x0400 #define FOM_ONCE 0x1000 +#define FOM_PRIO 0x2000 struct node_uid *uid; struct node_gid *gid; struct node_if *rcv; @@ -254,6 +255,7 @@ struct filter_opts { char *match_tag; u_int8_t match_tag_not; u_int rtableid; + u_int8_t prio; u_int8_t set_prio[2]; struct { struct node_host *addr; @@ -881,6 +883,10 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } r.match_tag_not = $9.match_tag_not; + if ($9.marker & FOM_PRIO) + r.prio = $9.prio; + else + r.prio = 0xff; if ($9.marker & FOM_SETPRIO) { r.set_prio[0] = $9.set_prio[0]; r.set_prio[1] = $9.set_prio[1]; @@ -1484,6 +1490,10 @@ pfrule : action dir logquick interface af proto fromto } if ($8.marker & FOM_SCRUB_TCP) r.scrub_flags |= PFSTATE_SCRUB_TCP; + if ($8.marker & FOM_PRIO) + r.prio = $8.prio; + else + r.prio = 0xff; if ($8.marker & FOM_SETPRIO) { r.set_prio[0] = $8.set_prio[0]; r.set_prio[1] = $8.set_prio[1]; @@ -1914,6 +1924,18 @@ filter_opt : USER uids { filter_opts.marker |= FOM_ICMP; filter_opts.icmpspec = $1; } + | PRIO NUMBER { + if (filter_opts.marker & FOM_PRIO) { + yyerror("prio cannot be redefined"); + YYERROR; + } + if ($2 < 0 || $2 > IFQ_MAXPRIO) { + yyerror("prio must be 0 - %u", IFQ_MAXPRIO); + YYERROR; + } + filter_opts.marker |= FOM_PRIO; + filter_opts.prio = $2; + } | TOS tos { if (filter_opts.marker & FOM_TOS) { yyerror("tos cannot be redefined"); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index fdf631936b3..0a5b96088b3 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.302 2015/02/07 23:35:27 tedu Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.303 2015/02/10 06:45:55 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -853,6 +853,8 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) } if (r->tos) printf(" tos 0x%2.2x", r->tos); + if (r->prio != 0xff) + printf(" prio %u", r->prio); if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) { char *comma = ""; diff --git a/sys/net/pf.c b/sys/net/pf.c index 657b571976b..6ffab243aba 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.902 2015/02/09 19:14:48 markus Exp $ */ +/* $OpenBSD: pf.c,v 1.903 2015/02/10 06:45:55 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3228,6 +3228,9 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, PF_TEST_ATTRIB((r->rcv_kif && pf_match_rcvif(pd->m, r) == r->rcvifnot), TAILQ_NEXT(r, entries)); + PF_TEST_ATTRIB((r->prio != 0xff && + r->prio != pd->m->m_pkthdr.pf.prio), + TAILQ_NEXT(r, entries)); /* FALLTHROUGH */ if (r->tag) diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 5ec608c7681..27237b74f45 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.281 2015/01/24 00:29:06 deraadt Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.282 2015/02/10 06:45:55 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2459,6 +2459,7 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to, to->divert.port = from->divert.port; to->divert_packet.addr = from->divert_packet.addr; to->divert_packet.port = from->divert_packet.port; + to->prio = from->prio; to->set_prio[0] = from->set_prio[0]; to->set_prio[1] = from->set_prio[1]; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index ba41509a5ce..e93bad57d3a 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.409 2015/02/07 06:27:46 pelikan Exp $ */ +/* $OpenBSD: pfvar.h,v 1.410 2015/02/10 06:45:55 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -644,10 +644,11 @@ struct pf_rule { #define PF_FLUSH 0x01 #define PF_FLUSH_GLOBAL 0x02 u_int8_t flush; + u_int8_t prio; u_int8_t set_prio[2]; sa_family_t naf; u_int8_t rcvifnot; - u_int8_t pad[3]; + u_int8_t pad[2]; struct { struct pf_addr addr; |