Page MenuHomeFreeBSD
Differential D50798

pf: add a generic packet rate matching filter
Needs ReviewPublic
Actions

Authored by kp on Jun 11 2025, 7:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jul 7, 7:49 AM
Unknown Object (File)
Sat, Jul 5, 10:01 PM
Unknown Object (File)
Fri, Jul 4, 1:23 AM
Unknown Object (File)
Tue, Jul 1, 7:21 PM
Unknown Object (File)
Sun, Jun 29, 4:58 AM
Unknown Object (File)
Sat, Jun 28, 7:04 PM
Unknown Object (File)
Thu, Jun 26, 11:03 PM
Unknown Object (File)
Wed, Jun 25, 7:11 PM
View All 24 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net
ziaee

Details

Reviewers
None
Group Reviewers
pfsense
Summary

allows things like
pass in proto icmp max-pkt-rate 100/10
all packets matching the rule in the direction the state was created are
taken into consideration (typically: requests, but not replies).
Just like with the other max-*, the rule stops matching if the maximum is
reached, so in typical scenarios the default block rule would kick in then.
with input from Holger Mikolon
ok mikeb

Obtained from: OpenBSD, henning <henning@openbsd.org>, 5a4ae9a9cb
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 64766
Build 61650: arc lint + arc unit

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
15 lines
34 lines
sbin/
pfctl/
24 lines
3 lines
share/
man/
man5/
19 lines
sys/
net/
1 line
netpfil/
pf/
11 lines
4 lines
1 line
13 lines

Diff 156838

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...
View Options

sbin/pfctl/parse.y

Loading...
View Options

sbin/pfctl/pfctl_parser.c

Loading...
View Options

share/man/man5/pf.conf.5

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_nl.h

Loading...
View Options

sys/netpfil/pf/pf_nl.c

Loading...