Re: svn commit: r307235 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf

2016-10-14 Thread Kristof Provost 

This work was done by franco_opnsense.org
I forgot to credit him in the commit message. Sorry Franco.

Regards,
Kristof

On 13 Oct 2016, at 22:34, Kristof Provost wrote:


Author: kp
Date: Thu Oct 13 20:34:44 2016
New Revision: 307235
URL: https://svnweb.freebsd.org/changeset/base/307235

Log:
  pf: port extended DSCP support from OpenBSD

  Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
  DCSP names instead of having to embed their TOS equivalents
  as plain numbers.

  Obtained from:OpenBSD
  Sponsored by: OPNsense
  Differential Revision:https://reviews.freebsd.org/D8165

Modified:
  head/sbin/pfctl/parse.y
  head/share/man/man5/pf.conf.5
  head/sys/netpfil/pf/pf.c
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sbin/pfctl/parse.y
==
--- head/sbin/pfctl/parse.y Thu Oct 13 20:15:47 2016(r307234)
+++ head/sbin/pfctl/parse.y Thu Oct 13 20:34:44 2016(r307235)
@@ -351,6 +351,8 @@ void decide_address_family(struct node_
 voidremove_invalid_hosts(struct node_host **, sa_family_t *);
 int invalid_redirect(struct node_host *, sa_family_t);
 u_int16_t parseicmpspec(char *, sa_family_t);
+int kw_casecmp(const void *, const void *);
+int map_tos(char *string, int *);

 static TAILQ_HEAD(loadanchorshead, loadanchors)
 loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead);
@@ -3584,15 +3586,17 @@ icmp6type   : STRING{
;

 tos: STRING{
-   if (!strcmp($1, "lowdelay"))
-   $$ = IPTOS_LOWDELAY;
-   else if (!strcmp($1, "throughput"))
-   $$ = IPTOS_THROUGHPUT;
-   else if (!strcmp($1, "reliability"))
-   $$ = IPTOS_RELIABILITY;
-   else if ($1[0] == '0' && $1[1] == 'x')
-   $$ = strtoul($1, NULL, 16);
-   else
+   int val;
+   char *end;
+
+   if (map_tos($1, ))
+   $$ = val;
+   else if ($1[0] == '0' && $1[1] == 'x') {
+   errno = 0;
+   $$ = strtoul($1, , 16);
+   if (errno || *end != '\0')
+   $$ = 256;
+   } else
$$ = 256;   /* flag bad argument */
if ($$ < 0 || $$ > 255) {
yyerror("illegal tos value %s", $1);
@@ -6250,6 +6254,57 @@ pfctl_load_anchors(int dev, struct pfctl
 }

 int
+kw_casecmp(const void *k, const void *e)
+{
+   return (strcasecmp(k, ((const struct keywords *)e)->k_name));
+}
+
+int
+map_tos(char *s, int *val)
+{
+   /* DiffServ Codepoints and other TOS mappings */
+   const struct keywordstoswords[] = {
+   { "af11", IPTOS_DSCP_AF11 },
+   { "af12", IPTOS_DSCP_AF12 },
+   { "af13", IPTOS_DSCP_AF13 },
+   { "af21", IPTOS_DSCP_AF21 },
+   { "af22", IPTOS_DSCP_AF22 },
+   { "af23", IPTOS_DSCP_AF23 },
+   { "af31", IPTOS_DSCP_AF31 },
+   { "af32", IPTOS_DSCP_AF32 },
+   { "af33", IPTOS_DSCP_AF33 },
+   { "af41", IPTOS_DSCP_AF41 },
+   { "af42", IPTOS_DSCP_AF42 },
+   { "af43", IPTOS_DSCP_AF43 },
+   { "critical", IPTOS_PREC_CRITIC_ECP },
+   { "cs0",  IPTOS_DSCP_CS0 },
+   { "cs1",  IPTOS_DSCP_CS1 },
+   { "cs2",  IPTOS_DSCP_CS2 },
+   { "cs3",  IPTOS_DSCP_CS3 },
+   { "cs4",  IPTOS_DSCP_CS4 },
+   { "cs5",  IPTOS_DSCP_CS5 },
+   { "cs6",  IPTOS_DSCP_CS6 },
+   { "cs7",  IPTOS_DSCP_CS7 },
+   { "ef",   IPTOS_DSCP_EF },
+   { "inetcontrol",  IPTOS_PREC_INTERNETCONTROL },
+   { "lowdelay", IPTOS_LOWDELAY },
+   { "netcontrol",   IPTOS_PREC_NETCONTROL },
+   { "reliability",  IPTOS_RELIABILITY },
+   { "throughput",   IPTOS_THROUGHPUT }
+   };
+   const struct keywords   *p;
+
+   p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]),
+   sizeof(toswords[0]), kw_casecmp);
+
+   if (p) {
+   *val = p->k_val;
+   return (1);
+   }
+   return (0);
+}
+
+int
 rt_tableid_max(void)
 {
 #ifdef __FreeBSD__

Modified:

svn commit: r307235 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf

2016-10-13 Thread Kristof Provost 
Author: kp
Date: Thu Oct 13 20:34:44 2016
New Revision: 307235
URL: https://svnweb.freebsd.org/changeset/base/307235

Log:
  pf: port extended DSCP support from OpenBSD
  
  Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
  DCSP names instead of having to embed their TOS equivalents
  as plain numbers.
  
  Obtained from:OpenBSD
  Sponsored by: OPNsense
  Differential Revision:https://reviews.freebsd.org/D8165

Modified:
  head/sbin/pfctl/parse.y
  head/share/man/man5/pf.conf.5
  head/sys/netpfil/pf/pf.c
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sbin/pfctl/parse.y
==
--- head/sbin/pfctl/parse.y Thu Oct 13 20:15:47 2016(r307234)
+++ head/sbin/pfctl/parse.y Thu Oct 13 20:34:44 2016(r307235)
@@ -351,6 +351,8 @@ void decide_address_family(struct node_
 voidremove_invalid_hosts(struct node_host **, sa_family_t *);
 int invalid_redirect(struct node_host *, sa_family_t);
 u_int16_t parseicmpspec(char *, sa_family_t);
+int kw_casecmp(const void *, const void *);
+int map_tos(char *string, int *);
 
 static TAILQ_HEAD(loadanchorshead, loadanchors)
 loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead);
@@ -3584,15 +3586,17 @@ icmp6type   : STRING{
;
 
 tos: STRING{
-   if (!strcmp($1, "lowdelay"))
-   $$ = IPTOS_LOWDELAY;
-   else if (!strcmp($1, "throughput"))
-   $$ = IPTOS_THROUGHPUT;
-   else if (!strcmp($1, "reliability"))
-   $$ = IPTOS_RELIABILITY;
-   else if ($1[0] == '0' && $1[1] == 'x')
-   $$ = strtoul($1, NULL, 16);
-   else
+   int val;
+   char *end;
+
+   if (map_tos($1, ))
+   $$ = val;
+   else if ($1[0] == '0' && $1[1] == 'x') {
+   errno = 0;
+   $$ = strtoul($1, , 16);
+   if (errno || *end != '\0')
+   $$ = 256;
+   } else
$$ = 256;   /* flag bad argument */
if ($$ < 0 || $$ > 255) {
yyerror("illegal tos value %s", $1);
@@ -6250,6 +6254,57 @@ pfctl_load_anchors(int dev, struct pfctl
 }
 
 int
+kw_casecmp(const void *k, const void *e)
+{
+   return (strcasecmp(k, ((const struct keywords *)e)->k_name));
+}
+
+int
+map_tos(char *s, int *val)
+{
+   /* DiffServ Codepoints and other TOS mappings */
+   const struct keywordstoswords[] = {
+   { "af11",   IPTOS_DSCP_AF11 },
+   { "af12",   IPTOS_DSCP_AF12 },
+   { "af13",   IPTOS_DSCP_AF13 },
+   { "af21",   IPTOS_DSCP_AF21 },
+   { "af22",   IPTOS_DSCP_AF22 },
+   { "af23",   IPTOS_DSCP_AF23 },
+   { "af31",   IPTOS_DSCP_AF31 },
+   { "af32",   IPTOS_DSCP_AF32 },
+   { "af33",   IPTOS_DSCP_AF33 },
+   { "af41",   IPTOS_DSCP_AF41 },
+   { "af42",   IPTOS_DSCP_AF42 },
+   { "af43",   IPTOS_DSCP_AF43 },
+   { "critical",   IPTOS_PREC_CRITIC_ECP },
+   { "cs0",IPTOS_DSCP_CS0 },
+   { "cs1",IPTOS_DSCP_CS1 },
+   { "cs2",IPTOS_DSCP_CS2 },
+   { "cs3",IPTOS_DSCP_CS3 },
+   { "cs4",IPTOS_DSCP_CS4 },
+   { "cs5",IPTOS_DSCP_CS5 },
+   { "cs6",IPTOS_DSCP_CS6 },
+   { "cs7",IPTOS_DSCP_CS7 },
+   { "ef", IPTOS_DSCP_EF },
+   { "inetcontrol",IPTOS_PREC_INTERNETCONTROL },
+   { "lowdelay",   IPTOS_LOWDELAY },
+   { "netcontrol", IPTOS_PREC_NETCONTROL },
+   { "reliability",IPTOS_RELIABILITY },
+   { "throughput", IPTOS_THROUGHPUT }
+   };
+   const struct keywords   *p;
+
+   p = bsearch(s, toswords, sizeof(toswords)/sizeof(toswords[0]),
+   sizeof(toswords[0]), kw_casecmp);
+
+   if (p) {
+   *val = p->k_val;
+   return (1);
+   }
+   return (0);
+}
+
+int
 rt_tableid_max(void)
 {
 #ifdef __FreeBSD__

Modified: head/share/man/man5/pf.conf.5
==
--- head/share/man/man5/pf.conf.5   Thu