summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2003-04-05 21:44:47 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2003-04-05 21:44:47 +0000
commit8600f783b20ec65384a2030322218e128bb30ef2 (patch)
tree21591b2d848acb919fb81ce390dad8d1fe7cdfd0 /sbin/pfctl
parent8028ebca95530ef0b179a1d9b6b25aff46dffc7a (diff)
allow queue specs to be limited to certain interfaces.
altq on { $if0 $if1 $if2 $if3 } priq bandwidth 10Mb queue { one two } queue one priority 1 priq(default) queue two on $if0 priority 15 queue two on ! $if0 priority 0 ok dhartmei@
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/parse.y200
-rw-r--r--sbin/pfctl/pfctl.h4
-rw-r--r--sbin/pfctl/pfctl_altq.c9
3 files changed, 115 insertions, 98 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 356ca6d3768..f015a5d54a3 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.350 2003/04/05 21:04:53 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.351 2003/04/05 21:44:45 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -237,7 +237,7 @@ void expand_rule(struct pf_rule *, struct node_if *, struct node_host *,
struct node_gid *, struct node_icmp *);
int expand_altq(struct pf_altq *, struct node_if *, struct node_queue *,
struct node_queue_bw bwspec);
-int expand_queue(struct pf_altq *, struct node_queue *,
+int expand_queue(struct pf_altq *, struct node_if *, struct node_queue *,
struct node_queue_bw);
int check_rulestate(int);
@@ -847,7 +847,7 @@ altqif : ALTQ interface queue_opts QUEUE qassign {
}
;
-queuespec : QUEUE STRING queue_opts qassign {
+queuespec : QUEUE STRING interface queue_opts qassign {
struct pf_altq a;
if (check_rulestate(PFCTL_STATE_QUEUE))
@@ -861,30 +861,30 @@ queuespec : QUEUE STRING queue_opts qassign {
"%d chars)", PF_QNAME_SIZE-1);
YYERROR;
}
- if ($3.tbrsize) {
+ if ($4.tbrsize) {
yyerror("cannot specify tbrsize for queue");
YYERROR;
}
- if ($3.priority > 255) {
+ if ($4.priority > 255) {
yyerror("priority out of range: max 255");
YYERROR;
}
- a.priority = $3.priority;
- a.qlimit = $3.qlimit;
- a.scheduler = $3.scheduler.qtype;
+ a.priority = $4.priority;
+ a.qlimit = $4.qlimit;
+ a.scheduler = $4.scheduler.qtype;
switch (a.scheduler) {
case ALTQT_CBQ:
a.pq_u.cbq_opts =
- $3.scheduler.data.cbq_opts;
+ $4.scheduler.data.cbq_opts;
break;
case ALTQT_PRIQ:
a.pq_u.priq_opts =
- $3.scheduler.data.priq_opts;
+ $4.scheduler.data.priq_opts;
break;
default:
break;
}
- if (expand_queue(&a, $4, $3.queue_bwspec))
+ if (expand_queue(&a, $3, $5, $4.queue_bwspec))
YYERROR;
}
;
@@ -3160,10 +3160,10 @@ expand_altq(struct pf_altq *a, struct node_if *interfaces,
}
int
-expand_queue(struct pf_altq *a, struct node_queue *nqueues,
- struct node_queue_bw bwspec)
+expand_queue(struct pf_altq *a, struct node_if *interfaces,
+ struct node_queue *nqueues, struct node_queue_bw bwspec)
{
- struct node_queue *n;
+ struct node_queue *n, *nq;
struct pf_altq pa;
u_int8_t found = 0;
u_int8_t errs = 0;
@@ -3179,96 +3179,110 @@ expand_queue(struct pf_altq *a, struct node_queue *nqueues,
return (1);
}
- LOOP_THROUGH(struct node_queue, tqueue, queues,
- if (!strncmp(a->qname, tqueue->queue, PF_QNAME_SIZE)) {
- /* found ourselve in queues */
- found++;
-
- memcpy(&pa, a, sizeof(struct pf_altq));
-
- if (pa.scheduler != ALTQT_NONE &&
- pa.scheduler != tqueue->scheduler) {
- yyerror("exactly one scheduler type per "
- "interface allowed");
- return (1);
- }
- pa.scheduler = tqueue->scheduler;
-
- /* scheduler dependent error checking */
- switch (pa.scheduler) {
- case ALTQT_PRIQ:
- if (nqueues != NULL) {
- yyerror("priq queues cannot have "
- "child queues");
+ LOOP_THROUGH(struct node_if, interface, interfaces,
+ LOOP_THROUGH(struct node_queue, tqueue, queues,
+ if (!strncmp(a->qname, tqueue->queue, PF_QNAME_SIZE) &&
+ (interface->ifname[0] == 0 ||
+ (!interface->not && !strncmp(interface->ifname,
+ tqueue->ifname, IFNAMSIZ)) ||
+ (interface->not && strncmp(interface->ifname,
+ tqueue->ifname, IFNAMSIZ)))) {
+ /* found ourselve in queues */
+ found++;
+
+ memcpy(&pa, a, sizeof(struct pf_altq));
+
+ if (pa.scheduler != ALTQT_NONE &&
+ pa.scheduler != tqueue->scheduler) {
+ yyerror("exactly one scheduler type "
+ "per interface allowed");
return (1);
}
- if (bwspec.bw_absolute > 0 ||
- bwspec.bw_percent < 100) {
- yyerror("priq doesn't take bandwidth");
- return (1);
+ pa.scheduler = tqueue->scheduler;
+
+ /* scheduler dependent error checking */
+ switch (pa.scheduler) {
+ case ALTQT_PRIQ:
+ if (nqueues != NULL) {
+ yyerror("priq queues cannot "
+ "have child queues");
+ return (1);
+ }
+ if (bwspec.bw_absolute > 0 ||
+ bwspec.bw_percent < 100) {
+ yyerror("priq doesn't take "
+ "bandwidth");
+ return (1);
+ }
+ break;
+ default:
+ break;
}
- break;
- default:
- break;
- }
- if (strlcpy(pa.ifname, tqueue->ifname,
- sizeof(pa.ifname)) >= sizeof(pa.ifname))
- errx(1, "expand_queue: strlcpy");
- if (strlcpy(pa.parent, tqueue->parent,
- sizeof(pa.parent)) >= sizeof(pa.parent))
- errx(1, "expand_queue: strlcpy");
+ if (strlcpy(pa.ifname, tqueue->ifname,
+ sizeof(pa.ifname)) >= sizeof(pa.ifname))
+ errx(1, "expand_queue: strlcpy");
+ if (strlcpy(pa.parent, tqueue->parent,
+ sizeof(pa.parent)) >= sizeof(pa.parent))
+ errx(1, "expand_queue: strlcpy");
- if (eval_pfqueue(pf, &pa, bwspec.bw_absolute,
- bwspec.bw_percent))
- errs++;
- else
- if (pfctl_add_altq(pf, &pa))
+ if (eval_pfqueue(pf, &pa, bwspec.bw_absolute,
+ bwspec.bw_percent))
errs++;
+ else
+ if (pfctl_add_altq(pf, &pa))
+ errs++;
- if (nqueues == NULL)
- continue;
-
- LOOP_THROUGH(struct node_queue, queue, nqueues,
- n = calloc(1, sizeof(struct node_queue));
- if (n == NULL)
- err(1, "expand_queue: calloc");
- if (strlcpy(n->parent, a->qname,
- sizeof(n->parent)) >= sizeof(n->parent))
- errx(1, "expand_queue: strlcpy");
- if (strlcpy(n->queue, queue->queue,
- sizeof(n->queue)) >= sizeof(n->queue))
- errx(1, "expand_queue: strlcpy");
- if (strlcpy(n->ifname, tqueue->ifname,
- sizeof(n->ifname)) >= sizeof(n->ifname))
- errx(1, "expand_queue: strlcpy");
- n->scheduler = tqueue->scheduler;
- n->next = NULL;
- n->tail = n;
- if (queues == NULL)
- queues = n;
- else {
- queues->tail->next = n;
- queues->tail = n;
+ for(nq = nqueues; nq != NULL; nq = nq->next) {
+ n = calloc(1,
+ sizeof(struct node_queue));
+ if (n == NULL)
+ err(1, "expand_queue: calloc");
+ if (strlcpy(n->parent, a->qname,
+ sizeof(n->parent)) >=
+ sizeof(n->parent))
+ errx(1, "expand_queue strlcpy");
+ if (strlcpy(n->queue, nq->queue,
+ sizeof(n->queue)) >=
+ sizeof(n->queue))
+ errx(1, "expand_queue strlcpy");
+ if (strlcpy(n->ifname, tqueue->ifname,
+ sizeof(n->ifname)) >=
+ sizeof(n->ifname))
+ errx(1, "expand_queue strlcpy");
+ n->scheduler = tqueue->scheduler;
+ n->next = NULL;
+ n->tail = n;
+ if (queues == NULL)
+ queues = n;
+ else {
+ queues->tail->next = n;
+ queues->tail = n;
+ }
}
- );
- }
+ if ((pf->opts & PF_OPT_VERBOSE) && (
+ (found == 1 && interface->ifname[0] == 0) ||
+ (found > 0 && interface->ifname[0] != 0))) {
+ print_queue(&pf->paltq->altq, 0,
+ bwspec.bw_percent,
+ interface->ifname[0] != 0);
+ if (nqueues && nqueues->tail) {
+ printf("{ ");
+ LOOP_THROUGH(struct node_queue,
+ queue, nqueues,
+ printf("%s ",
+ queue->queue);
+ );
+ printf("}");
+ }
+ printf("\n");
+ }
+ }
+ );
);
- if ((pf->opts & PF_OPT_VERBOSE) && found > 0) {
- print_altq(&pf->paltq->altq, 0, bwspec.bw_percent);
- if (nqueues && nqueues->tail) {
- printf("{ ");
- LOOP_THROUGH(struct node_queue, queue,
- nqueues,
- printf("%s ", queue->queue);
- );
- printf("}");
- }
- printf("\n");
- }
-
FREE_LIST(struct node_queue, nqueues);
+ FREE_LIST(struct node_if, interfaces);
if (!found) {
yyerror("queue %s has no parent", a->qname);
diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index 4a155da3dac..f008751fbb6 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.h,v 1.13 2003/03/27 18:01:57 henning Exp $ */
+/* $OpenBSD: pfctl.h,v 1.14 2003/04/05 21:44:46 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -86,7 +86,7 @@ char *qid_to_qname(u_int32_t, const char *);
char *rate2str(double);
void print_altq(const struct pf_altq *, unsigned, u_int16_t);
-void print_queue(const struct pf_altq *, unsigned, u_int16_t);
+void print_queue(const struct pf_altq *, unsigned, u_int16_t, int);
void print_addr(struct pf_addr_wrap *, sa_family_t, int);
void print_host(struct pf_state_host *, sa_family_t, int);
diff --git a/sbin/pfctl/pfctl_altq.c b/sbin/pfctl/pfctl_altq.c
index 0040f872893..6f30ef3bd70 100644
--- a/sbin/pfctl/pfctl_altq.c
+++ b/sbin/pfctl/pfctl_altq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_altq.c,v 1.49 2003/04/03 14:41:46 henning Exp $ */
+/* $OpenBSD: pfctl_altq.c,v 1.50 2003/04/05 21:44:46 henning Exp $ */
/*
* Copyright (C) 2002
@@ -171,7 +171,7 @@ void
print_altq(const struct pf_altq *a, unsigned level, u_int16_t bwpercent)
{
if (a->qname[0] != NULL) {
- print_queue(a, level, bwpercent);
+ print_queue(a, level, bwpercent, 0);
return;
}
@@ -206,7 +206,8 @@ print_altq(const struct pf_altq *a, unsigned level, u_int16_t bwpercent)
}
void
-print_queue(const struct pf_altq *a, unsigned level, u_int16_t bwpercent)
+print_queue(const struct pf_altq *a, unsigned level, u_int16_t bwpercent,
+ int print_interface)
{
unsigned i;
@@ -214,6 +215,8 @@ print_queue(const struct pf_altq *a, unsigned level, u_int16_t bwpercent)
for (i = 0; i < level; ++i)
printf(" ");
printf("%s ", a->qname);
+ if (print_interface)
+ printf("on %s ", a->ifname);
if (a->scheduler == ALTQT_CBQ || a->scheduler == ALTQT_HFSC) {
if (bwpercent > 0) {
if (bwpercent < 100)