Date: Thu, 13 Oct 2016 20:34:44 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r307235 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf Message-ID: <201610132034.u9DKYi07016276@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Thu Oct 13 20:34:44 2016 New Revision: 307235 URL: https://svnweb.freebsd.org/changeset/base/307235 Log: pf: port extended DSCP support from OpenBSD Ignore the ECN bits on 'tos' and 'set-tos' and allow to use DCSP names instead of having to embed their TOS equivalents as plain numbers. Obtained from: OpenBSD Sponsored by: OPNsense Differential Revision: https://reviews.freebsd.org/D8165 Modified: head/sbin/pfctl/parse.y head/share/man/man5/pf.conf.5 head/sys/netpfil/pf/pf.c head/sys/netpfil/pf/pf_norm.c Modified: head/sbin/pfctl/parse.y ============================================================================== --- head/sbin/pfctl/parse.y Thu Oct 13 20:15:47 2016 (r307234) +++ head/sbin/pfctl/parse.y Thu Oct 13 20:34:44 2016 (r307235) @@ -351,6 +351,8 @@ void decide_address_family(struct node_ void remove_invalid_hosts(struct node_host **, sa_family_t *); int invalid_redirect(struct node_host *, sa_family_t); u_int16_t parseicmpspec(char *, sa_family_t); +int kw_casecmp(const void *, const void *); +int map_tos(char *string, int *); static TAILQ_HEAD(loadanchorshead, loadanchors) loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead); @@ -3584,15 +3586,17 @@ icmp6type : STRING { ; tos : STRING { - if (!strcmp($1, "lowdelay")) - $$ = IPTOS_LOWDELAY; - else if (!strcmp($1, "throughput")) - $$ = IPTOS_THROUGHPUT; - else if (!strcmp($1, "reliability")) - $$ = IPTOS_RELIABILITY; - else if ($1[0] == '0' && $1[1] == 'x') - $$ = strtoul($1, NULL, 16); - else + int val; + char *end; + + if (map_tos($1, &val)) + $$ = val; + else if ($1[0] == '0' && $1[1] == 'x') { + errno = 0; + $$ = strtoul($1, &end, 16); + if (errno || *end != '\0') + $$ = 256; + } else $$ = 256; /* flag bad argument */ if ($$ < 0 || $$ > 255) { yyerror("illegal tos value %s", $1); @@ -6250,6 +6254,57 @@ pfctl_load_anchors(int dev, struct pfctl } int +kw_casecmp(const void *k, const void *e) +{ + return (strcasecmp(k, ((const struct keywords *)e)->k_name)); +} + +int +map_tos(char *s, int *val) +{ + /* DiffServ Codepoints and other TOS mappings */ + const struct keywords toswords[] = { + { "af11", IPTOS_DSCP_AF11 }, + { "af12", IPTOS_DSCP_AF12 }, + { "af13", IPTOS_DSCP_AF13 }, + { "af21", IPTOS_DSCP_AF21 }, + { "af22", IPTOS_DSCP_AF22 }, + { "af23", IPTOS_DSCP_AF23 }, + { "af31", IPTOS_DSCP_AF31 }, + { "af32", IPTOS_DSCP_AF32 }, + { "af33", IPTOS_DSCP_AF33 }, + { "af41", IPTOS_DSCP_AF41 }, + { "af42", IPTOS_DSCP_AF42 }, + { "af43", IPTOS_DSCP_AF43 }, + { "critical", IPTOS_PREC_CRITIC_ECP }, + { "cs0", IPTOS_DSCP_CS0 }, + { "cs1", IPTOS_DSCP_CS1 }, + { "cs2", IPTOS_DSCP_CS2 }, + { "cs3", IPTOS_DSCP_CS3 }, + { "cs4", IPTOS_DSCP_CS4 }, + { "cs5", IPTOS_DSCP_CS5 }, + { "cs6", IPTOS_DSCP_CS6 }, + { "cs7", IPTOS_DSCP_CS7 }, + { "ef", IPTOS_DSCP_EF }, + { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, + { "lowdelay", IPTOS_LOWDELAY }, + { "netcontrol", IPTOS_PREC_NETCONTROL }, + { "reliability", IPTOS_RELIABILITY }, + { "throughput", IPTOS_THROUGHPUT } + }; + const struct keywords *p; + + p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]), + sizeof(toswords[0]), kw_casecmp); + + if (p) { + *val = p->k_val; + return (1); + } + return (0); +} + +int rt_tableid_max(void) { #ifdef __FreeBSD__ Modified: head/share/man/man5/pf.conf.5 ============================================================================== --- head/share/man/man5/pf.conf.5 Thu Oct 13 20:15:47 2016 (r307234) +++ head/share/man/man5/pf.conf.5 Thu Oct 13 20:34:44 2016 (r307235) @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd September 28, 2016 +.Dd October 6, 2016 .Dt PF.CONF 5 .Os .Sh NAME @@ -648,9 +648,16 @@ for matching IP packets. .Em TOS may be given as one of +.Ar critical , +.Ar inetcontrol , .Ar lowdelay , +.Ar netcontrol , .Ar throughput , .Ar reliability , +or one of the DiffServ Code Points: +.Ar ef , +.Ar af11 No ... Ar af43 , +.Ar cs0 No ... Ar cs7 ; or as either hex or decimal. .It Ar random-id Replaces the IP identification field with random values to compensate @@ -1697,9 +1704,16 @@ bits set. .Em TOS may be given as one of +.Ar critical , +.Ar inetcontrol , .Ar lowdelay , +.Ar netcontrol , .Ar throughput , .Ar reliability , +or one of the DiffServ Code Points: +.Ar ef , +.Ar af11 No ... Ar af43 , +.Ar cs0 No ... Ar cs7 ; or as either hex or decimal. .Pp For example, the following rules are identical: @@ -1803,7 +1817,6 @@ pass in proto tcp to port 25 set prio 2 pass in proto tcp to port 22 set prio (2, 5) .Ed .Pp - .It Ar tag Aq Ar string Packets matching this rule will be tagged with the specified string. Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Thu Oct 13 20:15:47 2016 (r307234) +++ head/sys/netpfil/pf/pf.c Thu Oct 13 20:34:44 2016 (r307235) @@ -5893,7 +5893,7 @@ pf_test(int dir, struct ifnet *ifp, stru pd.sidx = (dir == PF_IN) ? 0 : 1; pd.didx = (dir == PF_IN) ? 1 : 0; pd.af = AF_INET; - pd.tos = h->ip_tos; + pd.tos = h->ip_tos & ~IPTOS_ECN_MASK; pd.tot_len = ntohs(h->ip_len); /* handle fragments that didn't get reassembled by normalization */ Modified: head/sys/netpfil/pf/pf_norm.c ============================================================================== --- head/sys/netpfil/pf/pf_norm.c Thu Oct 13 20:15:47 2016 (r307234) +++ head/sys/netpfil/pf/pf_norm.c Thu Oct 13 20:34:44 2016 (r307235) @@ -1811,7 +1811,7 @@ pf_scrub_ip(struct mbuf **m0, u_int32_t u_int16_t ov, nv; ov = *(u_int16_t *)h; - h->ip_tos = tos; + h->ip_tos = tos | (h->ip_tos & IPTOS_ECN_MASK); nv = *(u_int16_t *)h; h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610132034.u9DKYi07016276>