define the function that appends a queue to a rule

Emmankoko · Emmankoko · commit e06168a11d52 · 2025-02-04T13:26:23.000Z
checks:
first checks if the queue obeys best practices(having a default queue etc)
checks if the referenced queue is defined in the queues
then sets the queue to queue nvpair in the rules nvlist.
diff --git a/distrib/sets/lists/comp/mi b/distrib/sets/lists/comp/mi
@@ -2762,6 +2762,7 @@
 ./usr/include/net/net_stats.h			comp-c-include
 ./usr/include/net/netisr.h			comp-obsolete		obsolete
 ./usr/include/net/npf.h				comp-c-include
+./usr/include/net/npf_altq.h			comp-c-include
 ./usr/include/net/npf_ncode.h			comp-obsolete		obsolete
 ./usr/include/net/pfil.h			comp-c-include
 ./usr/include/net/pfkeyv2.h			comp-c-include
diff --git a/lib/libnpf/npf.c b/lib/libnpf/npf.c
@@ -735,6 +735,13 @@ npf_rule_setproc(nl_rule_t *rl, const char *name)
 	return nvlist_error(rl->rule_dict);
 }
 
+int
+npf_rule_setqueue(nl_rule_t *rl, const char *qname)
+{
+	nvlist_add_string(rl->rule_dict, "queue", qname);
+	return nvlist_error(rl->rule_dict);
+}
+
 void *
 npf_rule_export(nl_rule_t *rl, size_t *length)
 {
diff --git a/lib/libnpf/npf.expsym b/lib/libnpf/npf.expsym
@@ -75,6 +75,7 @@ npf_rule_setinfo
 npf_rule_setkey
 npf_rule_setprio
 npf_rule_setproc
+npf_rule_setqueue
 npf_ruleset_add
 npf_ruleset_flush
 npf_ruleset_remkey
diff --git a/lib/libnpf/npf.h b/lib/libnpf/npf.h
@@ -108,6 +108,7 @@ int		npf_rule_setprio(nl_rule_t *, int);
 int		npf_rule_setproc(nl_rule_t *, const char *);
 int		npf_rule_setkey(nl_rule_t *, const void *, size_t);
 int		npf_rule_setinfo(nl_rule_t *, const void *, size_t);
+int		npf_rule_setqueue(nl_rule_t *, const char *);
 const char *	npf_rule_getname(nl_rule_t *);
 uint32_t	npf_rule_getattr(nl_rule_t *);
 const char *	npf_rule_getinterface(nl_rule_t *);
diff --git a/usr.sbin/npf/npfctl/npf_build.c b/usr.sbin/npf/npfctl/npf_build.c
@@ -702,7 +702,7 @@ npfctl_build_group_end(void)
 void
 npfctl_build_rule(uint32_t attr, const char *ifname, sa_family_t family,
     const npfvar_t *popts, const filt_opts_t *fopts,
-    const char *pcap_filter, const char *rproc)
+    const char *pcap_filter, const char *rproc, struct node_qassign queue)
 {
 	nl_rule_t *rl;
 
@@ -719,6 +719,17 @@ npfctl_build_rule(uint32_t attr, const char *ifname, sa_family_t family,
 		npf_rule_setproc(rl, rproc);
 	}
 
+	/* first ensure a queue is set on rule */
+	if (queue.qname != NULL ) {
+		/* ensure altq config obeys best practices */
+		if (check_commit_altq())
+			errx(EXIT_FAILURE, "error in altq config");
+		/*	ensure the referenced queue is defined */
+		if (npf_rule_qnames_exists(queue.qname))
+			if (npf_rule_setqueue(rl, queue.qname))
+				errx(EXIT_FAILURE, "rule queue %s cannot be set", queue.qname);
+	}
+
 	if (npf_conf) {
 		nl_rule_t *cg = current_group[rule_nesting_level];
 
diff --git a/usr.sbin/npf/npfctl/npfctl.h b/usr.sbin/npf/npfctl/npfctl.h
@@ -294,7 +294,7 @@ void		npfctl_build_group(const char *, int, const char *, bool);
 void		npfctl_build_group_end(void);
 void		npfctl_build_rule(uint32_t, const char *, sa_family_t,
 		    const npfvar_t *, const filt_opts_t *,
-		    const char *, const char *);
+		    const char *, const char *, struct node_qassign);
 void		npfctl_build_natseg(int, int, unsigned, const char *,
 		    const addr_port_t *, const addr_port_t *,
 		    const npfvar_t *, const filt_opts_t *, unsigned);
@@ -327,6 +327,7 @@ uint32_t	 qname_to_qid(const char *);
 struct npf_altq *npfaltq_lookup(const char *ifname);
 char		*rate2str(double);
 int check_commit_altq(void);
+int npf_rule_qnames_exists(const char *);
 
 /*
  * For the systems which do not define TH_ECE and TW_CRW.
diff --git a/usr.sbin/npf/npfctl/npfctl_altq.c b/usr.sbin/npf/npfctl/npfctl_altq.c
@@ -1289,3 +1289,23 @@ check_commit_hfsc(struct npf_altq *pa)
 	}
 	return error;
 }
+
+/* this checks for undefined queues appended on a rule */
+int
+npf_rule_qnames_exists(const char *qname)
+{
+	int found = 0;
+	struct npf_altq* a;
+	TAILQ_FOREACH(a, &altqs, entries) {
+		if (a->qname[0] != 0){
+			if (strcmp(a->qname, qname) == 0){
+				found = 1;
+				break;
+			}
+		}
+	}
+	if (!found)
+		yyerror("no qname named '%s' defined\n", qname);
+
+	return found;
+}

Original file line number	Diff line number	Diff line change
`@@ -735,6 +735,13 @@ npf_rule_setproc(nl_rule_t rl, const char name)`
`735`	`735`	`return nvlist_error(rl->rule_dict);`
`736`	`736`	`}`
`737`	`737`
	`738`	`+int`
	`739`	`+npf_rule_setqueue(nl_rule_t rl, const char qname)`
	`740`	`+{`
	`741`	`+ nvlist_add_string(rl->rule_dict, "queue", qname);`
	`742`	`+ return nvlist_error(rl->rule_dict);`
	`743`	`+}`
	`744`	`+`
`738`	`745`	`void *`
`739`	`746`	`npf_rule_export(nl_rule_t rl, size_t length)`
`740`	`747`	`{`