From ea700e0fbc0a885a1c7ddad606a7a9126d4adc9a Mon Sep 17 00:00:00 2001
From: henning <henning@openbsd.org>
Date: Tue, 10 Jul 2018 09:30:49 +0000
Subject: [PATCH] 'set delay' for the generic packet delay mechanism, ok benno
 sashan

---
 sbin/pfctl/parse.y        | 24 ++++++++++++++++++++++--
 sbin/pfctl/pfctl.c        |  4 +++-
 sbin/pfctl/pfctl_parser.c | 27 ++++++++++++++++-----------
 3 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 9d7e179cb5b..707389f8099 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.677 2018/07/10 08:44:55 kn Exp $	*/
+/*	$OpenBSD: parse.y,v 1.678 2018/07/10 09:30:49 henning Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -242,6 +242,7 @@ struct filter_opts {
 #define FOM_SETPRIO	0x0400
 #define FOM_ONCE	0x1000
 #define FOM_PRIO	0x2000
+#define FOM_SETDELAY	0x4000
 	struct node_uid		*uid;
 	struct node_gid		*gid;
 	struct node_if		*rcv;
@@ -268,6 +269,7 @@ struct filter_opts {
 	u_int			 rtableid;
 	u_int8_t		 prio;
 	u_int8_t		 set_prio[2];
+	u_int16_t		 delay;
 	struct divertspec	 divert;
 	struct redirspec	 nat;
 	struct redirspec	 rdr;
@@ -485,7 +487,7 @@ int	parseport(char *, struct range *r, int);
 %token	BITMASK RANDOM SOURCEHASH ROUNDROBIN LEASTSTATES STATICPORT PROBABILITY
 %token	WEIGHT BANDWIDTH FLOWS QUANTUM
 %token	QUEUE PRIORITY QLIMIT RTABLE RDOMAIN MINIMUM BURST PARENT
-%token	LOAD RULESET_OPTIMIZATION RTABLE RDOMAIN PRIO ONCE DEFAULT
+%token	LOAD RULESET_OPTIMIZATION RTABLE RDOMAIN PRIO ONCE DEFAULT DELAY
 %token	STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE
 %token	MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW MAXPKTRATE
 %token	TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE
@@ -2180,6 +2182,19 @@ filter_set	: prio {
 			filter_opts.marker |= FOM_SETTOS;
 			filter_opts.settos = $2;
 		}
+		| DELAY NUMBER {
+			if (filter_opts.delay) {
+				yyerror("delay cannot be respecified");
+				YYERROR;
+			}
+			if ($2 < 0 || $2 > 0xffff) {
+				yyerror("illegal delay value %d (0-%u)", $2,
+				    0xffff);
+				YYERROR;
+			}
+			filter_opts.marker |= FOM_SETDELAY;
+			filter_opts.delay = $2;
+		}
 		;
 
 prio		: PRIO NUMBER {
@@ -4983,6 +4998,7 @@ lookup(char *s)
 		{ "code",		CODE},
 		{ "debug",		DEBUG},
 		{ "default",		DEFAULT},
+		{ "delay",		DELAY},
 		{ "divert-packet",	DIVERTPACKET},
 		{ "divert-reply",	DIVERTREPLY},
 		{ "divert-to",		DIVERTTO},
@@ -5910,6 +5926,10 @@ filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts)
 		else
 			r->prio = opts->prio;
 	}
+	if (opts->marker & FOM_SETDELAY) {
+		r->delay = opts->delay;
+		r->rule_flag |= PFRULE_SETDELAY;
+	}
 	if (opts->marker & FOM_SETPRIO) {
 		r->set_prio[0] = opts->set_prio[0];
 		r->set_prio[1] = opts->set_prio[1];
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 93ca9215bf0..f74d9319e73 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.354 2018/02/08 09:15:46 henning Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.355 2018/07/10 09:30:49 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -145,6 +145,7 @@ static const struct {
 	{ "frags",		PF_LIMIT_FRAGS },
 	{ "tables",		PF_LIMIT_TABLES },
 	{ "table-entries",	PF_LIMIT_TABLE_ENTRIES },
+	{ "pktdelay-pkts",	PF_LIMIT_PKTDELAY_PKTS },
 	{ NULL,			0 }
 };
 
@@ -1765,6 +1766,7 @@ pfctl_init_options(struct pfctl *pf)
 	pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT;
 	pf->limit[PF_LIMIT_TABLES] = PFR_KTABLE_HIWAT;
 	pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT;
+	pf->limit[PF_LIMIT_PKTDELAY_PKTS] = PF_PKTDELAY_MAXPKTS;
 
 	mib[0] = CTL_HW;
 	mib[1] = HW_PHYSMEM64;
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 728dfb9d7c6..801e948e6c8 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.320 2018/07/10 09:05:11 jca Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.321 2018/07/10 09:30:49 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -872,30 +872,35 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts)
 		printf(" max-pkt-rate %u/%u", r->pktrate.limit,
 		    r->pktrate.seconds);
 
-	if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) {
+	if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0] ||
+	    r->rule_flag & PFRULE_SETDELAY) {
 		char *comma = "";
 		printf(" set (");
 		if (r->scrub_flags & PFSTATE_SETPRIO) {
 			if (r->set_prio[0] == r->set_prio[1])
-				printf("%s prio %u", comma, r->set_prio[0]);
+				printf("%sprio %u", comma, r->set_prio[0]);
 			else
-				printf("%s prio(%u, %u)", comma, r->set_prio[0],
+				printf("%sprio(%u, %u)", comma, r->set_prio[0],
 				    r->set_prio[1]);
-			comma = ",";
+			comma = ", ";
 		}
 		if (r->qname[0]) {
 			if (r->pqname[0])
-				printf("%s queue(%s, %s)", comma, r->qname,
+				printf("%squeue(%s, %s)", comma, r->qname,
 				    r->pqname);
 			else
-				printf("%s queue %s", comma, r->qname);
-			comma = ",";
+				printf("%squeue %s", comma, r->qname);
+			comma = ", ";
 		}
 		if (r->scrub_flags & PFSTATE_SETTOS) {
-			printf("%s tos 0x%2.2x", comma, r->set_tos);
-			comma = ",";
+			printf("%stos 0x%2.2x", comma, r->set_tos);
+			comma = ", ";
 		}
-		printf(" )");
+		if (r->rule_flag & PFRULE_SETDELAY) {
+			printf("%sdelay %u", comma, r->delay);
+			comma = ", ";
+		}
+		printf(")");
 	}
 
 	ropts = 0;
-- 
2.20.1