summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/pfctl/parse.y24
-rw-r--r--sbin/pfctl/pfctl_parser.c4
-rw-r--r--sys/net/pf.c5
-rw-r--r--sys/net/pf_ioctl.c3
-rw-r--r--sys/net/pfvar.h5
5 files changed, 35 insertions, 6 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index bf2dbbce540..5901e7255e4 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.644 2015/01/16 06:40:00 deraadt Exp $ */
+/* $OpenBSD: parse.y,v 1.645 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -230,6 +230,7 @@ struct filter_opts {
#define FOM_SCRUB_TCP 0x0200
#define FOM_SETPRIO 0x0400
#define FOM_ONCE 0x1000
+#define FOM_PRIO 0x2000
struct node_uid *uid;
struct node_gid *gid;
struct node_if *rcv;
@@ -254,6 +255,7 @@ struct filter_opts {
char *match_tag;
u_int8_t match_tag_not;
u_int rtableid;
+ u_int8_t prio;
u_int8_t set_prio[2];
struct {
struct node_host *addr;
@@ -881,6 +883,10 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto
YYERROR;
}
r.match_tag_not = $9.match_tag_not;
+ if ($9.marker & FOM_PRIO)
+ r.prio = $9.prio;
+ else
+ r.prio = 0xff;
if ($9.marker & FOM_SETPRIO) {
r.set_prio[0] = $9.set_prio[0];
r.set_prio[1] = $9.set_prio[1];
@@ -1484,6 +1490,10 @@ pfrule : action dir logquick interface af proto fromto
}
if ($8.marker & FOM_SCRUB_TCP)
r.scrub_flags |= PFSTATE_SCRUB_TCP;
+ if ($8.marker & FOM_PRIO)
+ r.prio = $8.prio;
+ else
+ r.prio = 0xff;
if ($8.marker & FOM_SETPRIO) {
r.set_prio[0] = $8.set_prio[0];
r.set_prio[1] = $8.set_prio[1];
@@ -1914,6 +1924,18 @@ filter_opt : USER uids {
filter_opts.marker |= FOM_ICMP;
filter_opts.icmpspec = $1;
}
+ | PRIO NUMBER {
+ if (filter_opts.marker & FOM_PRIO) {
+ yyerror("prio cannot be redefined");
+ YYERROR;
+ }
+ if ($2 < 0 || $2 > IFQ_MAXPRIO) {
+ yyerror("prio must be 0 - %u", IFQ_MAXPRIO);
+ YYERROR;
+ }
+ filter_opts.marker |= FOM_PRIO;
+ filter_opts.prio = $2;
+ }
| TOS tos {
if (filter_opts.marker & FOM_TOS) {
yyerror("tos cannot be redefined");
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index fdf631936b3..0a5b96088b3 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.302 2015/02/07 23:35:27 tedu Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.303 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -853,6 +853,8 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts)
}
if (r->tos)
printf(" tos 0x%2.2x", r->tos);
+ if (r->prio != 0xff)
+ printf(" prio %u", r->prio);
if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) {
char *comma = "";
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 657b571976b..6ffab243aba 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.902 2015/02/09 19:14:48 markus Exp $ */
+/* $OpenBSD: pf.c,v 1.903 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3228,6 +3228,9 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
PF_TEST_ATTRIB((r->rcv_kif && pf_match_rcvif(pd->m, r) ==
r->rcvifnot),
TAILQ_NEXT(r, entries));
+ PF_TEST_ATTRIB((r->prio != 0xff &&
+ r->prio != pd->m->m_pkthdr.pf.prio),
+ TAILQ_NEXT(r, entries));
/* FALLTHROUGH */
if (r->tag)
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 5ec608c7681..27237b74f45 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.281 2015/01/24 00:29:06 deraadt Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.282 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2459,6 +2459,7 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to,
to->divert.port = from->divert.port;
to->divert_packet.addr = from->divert_packet.addr;
to->divert_packet.port = from->divert_packet.port;
+ to->prio = from->prio;
to->set_prio[0] = from->set_prio[0];
to->set_prio[1] = from->set_prio[1];
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ba41509a5ce..e93bad57d3a 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.409 2015/02/07 06:27:46 pelikan Exp $ */
+/* $OpenBSD: pfvar.h,v 1.410 2015/02/10 06:45:55 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -644,10 +644,11 @@ struct pf_rule {
#define PF_FLUSH 0x01
#define PF_FLUSH_GLOBAL 0x02
u_int8_t flush;
+ u_int8_t prio;
u_int8_t set_prio[2];
sa_family_t naf;
u_int8_t rcvifnot;
- u_int8_t pad[3];
+ u_int8_t pad[2];
struct {
struct pf_addr addr;