diff options
| -rw-r--r-- | sbin/pfctl/parse.y | 9 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 16 | ||||
| -rw-r--r-- | share/man/man5/pf.conf.5 | 22 |
3 files changed, 29 insertions, 18 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index bf2e7923f2c..359d1a97b63 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.620 2012/10/18 15:18:57 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.621 2013/01/16 01:49:20 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2372,6 +2372,13 @@ filter_set : prio { filter_opts.set_prio[0] = $1.b1; filter_opts.set_prio[1] = $1.b2; } + | QUEUE qname { + if (filter_opts.queues.qname) { + yyerror("queue cannot be redefined"); + YYERROR; + } + filter_opts.queues = $2; + } | TOS tos { if (filter_opts.marker & FOM_SETTOS) { yyerror("tos cannot be respecified"); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index c21dec4ac43..f7c46661789 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.291 2012/12/04 02:24:46 deraadt Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.292 2013/01/16 01:49:20 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -841,7 +841,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) if (r->tos) printf(" tos 0x%2.2x", r->tos); - if (r->scrub_flags & PFSTATE_SETMASK) { + if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) { char *comma = ""; printf(" set ("); if (r->scrub_flags & PFSTATE_SETPRIO) { @@ -852,6 +852,14 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) r->set_prio[1]); comma = ","; } + if (r->qname[0]) { + if (r->pqname[0]) + printf("%s queue(%s, %s)", comma, r->qname, + r->pqname); + else + printf("%s queue %s", comma, r->qname); + comma = ","; + } if (r->scrub_flags & PFSTATE_SETTOS) { printf("%s tos 0x%2.2x", comma, r->set_tos); comma = ","; @@ -1035,10 +1043,6 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) printf(" label \"%s\"", r->label); if (r->rule_flag & PFRULE_ONCE) printf(" once"); - if (r->qname[0] && r->pqname[0]) - printf(" queue(%s, %s)", r->qname, r->pqname); - else if (r->qname[0]) - printf(" queue %s", r->qname); if (r->tagname[0]) printf(" tag %s", r->tagname); if (r->match_tagname[0]) { diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index d88dcab1b02..345762a8384 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.523 2012/10/18 15:18:56 reyk Exp $ +.\" $OpenBSD: pf.conf.5,v 1.524 2013/01/16 01:49:20 henning Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 18 2012 $ +.Dd $Mdocdate: January 16 2013 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -622,7 +622,7 @@ For example, the following rule will drop 20% of incoming ICMP packets: .Pp .Dl block in proto icmp probability 20% .Pp -.It Xo Ar queue Aq Ar queue +.It Xo Ar set queue Aq Ar queue .No \*(Ba ( Aq Ar queue , .Aq Ar queue ) .Xc @@ -636,8 +636,8 @@ for setup details. .Pp For example: .Bd -literal -offset indent -pass in proto tcp to port 25 queue mail -pass in proto tcp to port 22 queue(ssh_bulk, ssh_prio) +pass in proto tcp to port 25 set queue mail +pass in proto tcp to port 22 set queue(ssh_bulk, ssh_prio) .Ed .Pp .It Ar received-on Aq Ar interface @@ -1697,15 +1697,15 @@ queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk } queue ssh_interactive bandwidth 50% priority 7 cbq(borrow) queue ssh_bulk bandwidth 50% priority 0 cbq(borrow) -block return out on dc0 inet all queue std +block return out on dc0 inet all set queue std pass out on dc0 inet proto tcp from $developerhosts to any port 80 \e - queue developers + set queue developers pass out on dc0 inet proto tcp from $employeehosts to any port 80 \e - queue employees + set queue employees pass out on dc0 inet proto tcp from any to any port 22 \e - queue(ssh_bulk, ssh_interactive) + set queue(ssh_bulk, ssh_interactive) pass out on dc0 inet proto tcp from any to any port 25 \e - queue mail + set queue mail .Ed .Sh TABLES Tables are named structures which can hold a collection of addresses and @@ -2797,7 +2797,7 @@ filteropt = user | group | flags | icmp-type | icmp6-type | "divert-to" host "port" port | "label" string | "tag" string | [ ! ] "tagged" string | "set prio" ( number | "(" number [ [ "," ] number ] ")" ) | - "queue" ( string | "(" string [ [ "," ] string ] ")" ) | + "set queue" ( string | "(" string [ [ "," ] string ] ")" ) | "rtable" number | "probability" number"%" | "af-to" af "from" ( redirhost | "{" redirhost-list "}" ) [ "to" ( redirhost | "{" redirhost-list "}" ) ] | |