diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2011-07-08 18:52:48 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2011-07-08 18:52:48 +0000 |
| commit | 1ff79293deb8c64da65610ee35f8102123c898fc (patch) | |
| tree | 344ee5eb43964680ef6587cb4f63b64402a08a32 /sbin/pfctl | |
| parent | ababbfcbe00d392c9fa49ca2d72b32e2a9646411 (diff) | |
allow rules to specify "prio X" or "prio (X, Y)" to assign priority levels
for the new priority queueing implementation. valid range is 0 to 7. the old
trick for priorizing empty ACKs etc remains thru the latter notation
ok ryan mpf sthen plus pea testing and halex and claudio reading
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 47 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 8 |
2 files changed, 51 insertions, 4 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index adf3f2ac929..72593e6c361 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.603 2011/07/07 00:47:19 mcbride Exp $ */ +/* $OpenBSD: parse.y,v 1.604 2011/07/08 18:52:47 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -230,6 +230,7 @@ struct filter_opts { #define FOM_MAXMSS 0x0040 #define FOM_SETTOS 0x0100 #define FOM_SCRUB_TCP 0x0200 +#define FOM_PRIO 0x0400 struct node_uid *uid; struct node_gid *gid; struct node_if *rcv; @@ -254,6 +255,7 @@ struct filter_opts { char *match_tag; u_int8_t match_tag_not; u_int rtableid; + u_int8_t prio[2]; struct { struct node_host *addr; u_int16_t port; @@ -451,7 +453,7 @@ int parseport(char *, struct range *r, int); %token BITMASK RANDOM SOURCEHASH ROUNDROBIN LEASTSTATES STATICPORT PROBABILITY %token ALTQ CBQ PRIQ HFSC BANDWIDTH TBRSIZE LINKSHARE REALTIME UPPERLIMIT %token QUEUE PRIORITY QLIMIT RTABLE RDOMAIN -%token LOAD RULESET_OPTIMIZATION +%token LOAD RULESET_OPTIMIZATION RTABLE RDOMAIN PRIO %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW %token TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS @@ -466,7 +468,7 @@ int parseport(char *, struct range *r, int); %type <v.i> dir af optimizer %type <v.i> sourcetrack flush unaryop statelock %type <v.b> action -%type <v.b> flags flag blockspec +%type <v.b> flags flag blockspec prio %type <v.range> portplain portstar portrange %type <v.hashkey> hashkey %type <v.proto> proto proto_list proto_item @@ -870,6 +872,11 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } r.match_tag_not = $9.match_tag_not; + if ($9.marker & FOM_PRIO) { + r.prio[0] = $9.prio[0]; + r.prio[1] = $9.prio[1]; + } else + r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; decide_address_family($8.src.host, &r.af); decide_address_family($8.dst.host, &r.af); @@ -1001,6 +1008,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { r.logif = $2.logif; r.quick = $2.quick; r.af = $4; + r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; if (rule_label(&r, $5.label)) YYERROR; r.rtableid = $5.rtableid; @@ -1665,6 +1673,11 @@ pfrule : action dir logquick interface af proto fromto } if ($8.marker & FOM_SCRUB_TCP) r.scrub_flags |= PFSTATE_SCRUB_TCP; + if ($8.marker & FOM_PRIO) { + r.prio[0] = $8.prio[0]; + r.prio[1] = $8.prio[1]; + } else + r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; r.af = $5; if ($8.tag) @@ -2266,6 +2279,33 @@ filter_opt : USER uids { } filter_opts.rcv = $2; } + | prio { + if (filter_opts.marker & FOM_PRIO) { + yyerror("prio cannot be redefined"); + YYERROR; + } + filter_opts.marker |= FOM_PRIO; + filter_opts.prio[0] = $1.b1; + filter_opts.prio[1] = $1.b2; + } + ; + +prio : PRIO NUMBER { + if ($2 < 0 || $2 > IFQ_MAXPRIO) { + yyerror("prio must be 0 - %u", IFQ_MAXPRIO); + YYERROR; + } + $$.b1 = $$.b2 = $2; + } + | PRIO '(' NUMBER comma NUMBER ')' { + if ($3 < 0 || $3 > IFQ_MAXPRIO || + $5 < 0 || $5 > IFQ_MAXPRIO) { + yyerror("prio must be 0 - %u", IFQ_MAXPRIO); + YYERROR; + } + $$.b1 = $3; + $$.b2 = $5; + } ; probability : STRING { @@ -5046,6 +5086,7 @@ lookup(char *s) { "pass", PASS}, { "pflow", PFLOW}, { "port", PORT}, + { "prio", PRIO}, { "priority", PRIORITY}, { "priq", PRIQ}, { "probability", PROBABILITY}, diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 02b8c0de2e3..3e6d1064779 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.277 2011/07/07 02:00:25 mcbride Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.278 2011/07/08 18:52:47 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1070,6 +1070,12 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) printf(" "); print_pool(&r->route, 0, 0, r->af, PF_POOL_ROUTE, verbose); } + if (r->prio[0] != PF_PRIO_NOTSET) { + if (r->prio[0] == r->prio[1]) + printf(" prio %u", r->prio[0]); + else + printf(" prio(%u, %u)", r->prio[0], r->prio[1]); + } } void |