Importing pfSense patch divert.RELENG_10.diff

2 files changed, 28 insertions, 2 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 75e7e99..a32bbb1 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -162,6 +162,7 @@ struct node_icmp {
 enum	{ PF_STATE_OPT_MAX, PF_STATE_OPT_NOSYNC, PF_STATE_OPT_SRCTRACK,
 	    PF_STATE_OPT_MAX_SRC_STATES, PF_STATE_OPT_MAX_SRC_CONN,
 	    PF_STATE_OPT_MAX_SRC_CONN_RATE, PF_STATE_OPT_MAX_SRC_NODES,
+	    PF_STATE_OPT_MAX_PACKETS,
 	    PF_STATE_OPT_OVERLOAD, PF_STATE_OPT_STATELOCK,
 	    PF_STATE_OPT_TIMEOUT, PF_STATE_OPT_SLOPPY, };
 
@@ -173,6 +174,7 @@ struct node_state_opt {
 		u_int32_t	 max_states;
 		u_int32_t	 max_src_states;
 		u_int32_t	 max_src_conn;
+		u_int32_t	 max_packets;
 		struct {
 			u_int32_t	limit;
 			u_int32_t	seconds;
@@ -472,7 +474,7 @@ int	parseport(char *, struct range *r, int);
 %token	LOAD RULESET_OPTIMIZATION
 %token	STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE
 %token	MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY
-%token	TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS
+%token	TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS MAXPCKT
 %token	IEEE8021QPCP IEEE8021QSETPCP
 %token	DIVERTTO DIVERTREPLY
 %token	<v.string>		STRING
@@ -2132,6 +2134,14 @@ pfrule		: action dir logquick interface route af proto fromto
 					}
 					r.rule_flag |= PFRULE_NOSYNC;
 					break;
+				case PF_STATE_OPT_MAX_PACKETS:
+					if (o->data.max_packets == 0) {
+						yyerror("max_packets must be"
+							"greater than 0");
+						YYERROR;
+					}
+					r.spare2 = o->data.max_packets;
+					break;
 				case PF_STATE_OPT_SRCTRACK:
 					if (srctrack) {
 						yyerror("state option "
@@ -3839,6 +3849,15 @@ state_opt_item	: MAXIMUM NUMBER		{
 			$$->next = NULL;
 			$$->tail = $$;
 		}
+		| MAXPCKT NUMBER			{
+			$$ = calloc(1, sizeof(struct node_state_opt));
+			if ($$ == NULL)
+				err(1, "state_opt_item: calloc");
+			$$->type = PF_STATE_OPT_MAX_PACKETS;
+			$$->data.max_packets = $2;
+			$$->next = NULL;
+			$$->tail = $$;
+		}
 		| MAXSRCCONN NUMBER			{
 			if ($2 < 0 || $2 > UINT_MAX) {
 				yyerror("only positive values permitted");
@@ -5667,6 +5686,7 @@ lookup(char *s)
 		{ "match",		MATCH},
 		{ "max",		MAXIMUM},
 		{ "max-mss",		MAXMSS},
+		{ "max-packets",	MAXPCKT},
 		{ "max-src-conn",	MAXSRCCONN},
 		{ "max-src-conn-rate",	MAXSRCCONNRATE},
 		{ "max-src-nodes",	MAXSRCNODES},
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index ab20398..b4fe20a 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -922,7 +922,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
 		printf(" probability %s%%", buf);
 	}
 	opts = 0;
-	if (r->max_states || r->max_src_nodes || r->max_src_states)
+	if (r->max_states || r->max_src_nodes || r->max_src_states || r->spare2)
 		opts = 1;
 	if (r->rule_flag & PFRULE_NOSYNC)
 		opts = 1;
@@ -969,6 +969,12 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric)
 			printf("max-src-conn %u", r->max_src_conn);
 			opts = 0;
 		}
+		if (r->spare2) {
+			if (!opts)
+				printf(", ");
+			printf("max-packets %u", r->spare2);
+			opts = 0;
+		}
 		if (r->max_src_conn_rate.limit) {
 			if (!opts)
 				printf(", ");