diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2018-07-10 09:30:50 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2018-07-10 09:30:50 +0000 |
| commit | 51deb0a0d8f57bc997dbad1437b7091100fe64bc (patch) | |
| tree | abc827ddbfb5cd1c2d90622a4c1bea548661b914 /sbin/pfctl | |
| parent | 173cf1e129b8d32f1d5ae66b8296d891d4a8c128 (diff) | |
'set delay' for the generic packet delay mechanism, ok benno sashan
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 24 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 4 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 27 |
3 files changed, 41 insertions, 14 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 9d7e179cb5b..707389f8099 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.677 2018/07/10 08:44:55 kn Exp $ */ +/* $OpenBSD: parse.y,v 1.678 2018/07/10 09:30:49 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -242,6 +242,7 @@ struct filter_opts { #define FOM_SETPRIO 0x0400 #define FOM_ONCE 0x1000 #define FOM_PRIO 0x2000 +#define FOM_SETDELAY 0x4000 struct node_uid *uid; struct node_gid *gid; struct node_if *rcv; @@ -268,6 +269,7 @@ struct filter_opts { u_int rtableid; u_int8_t prio; u_int8_t set_prio[2]; + u_int16_t delay; struct divertspec divert; struct redirspec nat; struct redirspec rdr; @@ -485,7 +487,7 @@ int parseport(char *, struct range *r, int); %token BITMASK RANDOM SOURCEHASH ROUNDROBIN LEASTSTATES STATICPORT PROBABILITY %token WEIGHT BANDWIDTH FLOWS QUANTUM %token QUEUE PRIORITY QLIMIT RTABLE RDOMAIN MINIMUM BURST PARENT -%token LOAD RULESET_OPTIMIZATION RTABLE RDOMAIN PRIO ONCE DEFAULT +%token LOAD RULESET_OPTIMIZATION RTABLE RDOMAIN PRIO ONCE DEFAULT DELAY %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW MAXPKTRATE %token TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE @@ -2180,6 +2182,19 @@ filter_set : prio { filter_opts.marker |= FOM_SETTOS; filter_opts.settos = $2; } + | DELAY NUMBER { + if (filter_opts.delay) { + yyerror("delay cannot be respecified"); + YYERROR; + } + if ($2 < 0 || $2 > 0xffff) { + yyerror("illegal delay value %d (0-%u)", $2, + 0xffff); + YYERROR; + } + filter_opts.marker |= FOM_SETDELAY; + filter_opts.delay = $2; + } ; prio : PRIO NUMBER { @@ -4983,6 +4998,7 @@ lookup(char *s) { "code", CODE}, { "debug", DEBUG}, { "default", DEFAULT}, + { "delay", DELAY}, { "divert-packet", DIVERTPACKET}, { "divert-reply", DIVERTREPLY}, { "divert-to", DIVERTTO}, @@ -5910,6 +5926,10 @@ filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts) else r->prio = opts->prio; } + if (opts->marker & FOM_SETDELAY) { + r->delay = opts->delay; + r->rule_flag |= PFRULE_SETDELAY; + } if (opts->marker & FOM_SETPRIO) { r->set_prio[0] = opts->set_prio[0]; r->set_prio[1] = opts->set_prio[1]; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 93ca9215bf0..f74d9319e73 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.354 2018/02/08 09:15:46 henning Exp $ */ +/* $OpenBSD: pfctl.c,v 1.355 2018/07/10 09:30:49 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -145,6 +145,7 @@ static const struct { { "frags", PF_LIMIT_FRAGS }, { "tables", PF_LIMIT_TABLES }, { "table-entries", PF_LIMIT_TABLE_ENTRIES }, + { "pktdelay-pkts", PF_LIMIT_PKTDELAY_PKTS }, { NULL, 0 } }; @@ -1765,6 +1766,7 @@ pfctl_init_options(struct pfctl *pf) pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT; pf->limit[PF_LIMIT_TABLES] = PFR_KTABLE_HIWAT; pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT; + pf->limit[PF_LIMIT_PKTDELAY_PKTS] = PF_PKTDELAY_MAXPKTS; mib[0] = CTL_HW; mib[1] = HW_PHYSMEM64; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 728dfb9d7c6..801e948e6c8 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.320 2018/07/10 09:05:11 jca Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.321 2018/07/10 09:30:49 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -872,30 +872,35 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) printf(" max-pkt-rate %u/%u", r->pktrate.limit, r->pktrate.seconds); - if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) { + if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0] || + r->rule_flag & PFRULE_SETDELAY) { char *comma = ""; printf(" set ("); if (r->scrub_flags & PFSTATE_SETPRIO) { if (r->set_prio[0] == r->set_prio[1]) - printf("%s prio %u", comma, r->set_prio[0]); + printf("%sprio %u", comma, r->set_prio[0]); else - printf("%s prio(%u, %u)", comma, r->set_prio[0], + printf("%sprio(%u, %u)", comma, r->set_prio[0], r->set_prio[1]); - comma = ","; + comma = ", "; } if (r->qname[0]) { if (r->pqname[0]) - printf("%s queue(%s, %s)", comma, r->qname, + printf("%squeue(%s, %s)", comma, r->qname, r->pqname); else - printf("%s queue %s", comma, r->qname); - comma = ","; + printf("%squeue %s", comma, r->qname); + comma = ", "; } if (r->scrub_flags & PFSTATE_SETTOS) { - printf("%s tos 0x%2.2x", comma, r->set_tos); - comma = ","; + printf("%stos 0x%2.2x", comma, r->set_tos); + comma = ", "; } - printf(" )"); + if (r->rule_flag & PFRULE_SETDELAY) { + printf("%sdelay %u", comma, r->delay); + comma = ", "; + } + printf(")"); } ropts = 0; |