From owner-freebsd-pf@freebsd.org Thu Jul 14 14:26:18 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA70CB99BB0 for ; Thu, 14 Jul 2016 14:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A9D9919D9 for ; Thu, 14 Jul 2016 14:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6EEQHVG012129 for ; Thu, 14 Jul 2016 14:26:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 210924] 10.3-STABLE - PF - possible regression in pf.conf set timeout interval Date: Thu, 14 Jul 2016 14:26:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.3-STABLE X-Bugzilla-Keywords: patch, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2016 14:26:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210924 --- Comment #3 from Kristof Provost --- It's probably a little too late to get away with changing the altq keywords. This has hit 10.3 (and soon 11.0). It should be possible to teach pfctl that both 'set timeout interval 10' and the new interval option are valid. I'm not really good with yacc, but this seems to work, even if it looks a little ugly: diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index e0cfa3d..9457a5b 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4460,6 +4460,19 @@ timeout_spec : STRING NUMBER } free($1); } + | INTERVAL NUMBER + { + if (check_rulestate(PFCTL_STATE_OPTION)) { + YYERROR; + } + if ($2 < 0 || $2 > UINT_MAX) { + yyerror("only positive values permitted"); + YYERROR; + } + if (pfctl_set_timeout(pf, "interval", $2, 0) !=3D 0= ) { + YYERROR; + } + } ; timeout_list : timeout_list comma timeout_spec optnl --=20 You are receiving this mail because: You are the assignee for the bug.=