Page MenuHomeFreeBSD
Differential D29048

pf: Retrieve DSCP value from the IPv6 header
ClosedPublic
Actions

Authored by kp on Mar 3 2021, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 29, 8:22 PM
Unknown Object (File)
Thu, Oct 24, 8:29 AM
Unknown Object (File)
Wed, Oct 23, 3:00 PM
Unknown Object (File)
Fri, Oct 18, 8:09 AM
Unknown Object (File)
Fri, Oct 18, 8:08 AM
Unknown Object (File)
Fri, Oct 18, 8:08 AM
Unknown Object (File)
Fri, Oct 18, 8:08 AM
Unknown Object (File)
Fri, Oct 18, 7:48 AM
View All 81 Files
Subscribers
ae
donner
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rGe7e1836a0efa: pf: Retrieve DSCP value from the IPv6 header
rG3756d591f758: pf: Retrieve DSCP value from the IPv6 header
rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header
Summary

Teach pf to read the DSCP value from the IPv6 header so that we can
match on them.

MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Mar 3 2021, 8:39 PM
Herald added subscribers: melifaro, farrokhi, imp. · View Herald TranscriptMar 3 2021, 8:39 PM
kp requested review of this revision.Mar 3 2021, 8:39 PM
Harbormaster completed remote builds in B37548: Diff 85073.Mar 3 2021, 8:41 PM
donner accepted this revision as: donner.Mar 4 2021, 7:46 AM
donner added a subscriber: donner.
donner added inline comments.
sys/netpfil/pf/pf.c
6387

So you are extracting "DSCP" and "Currently unused" but you mask out the unused bits without shifting them away? If the CU bits are kept, but masked, that is fine.

It might be more easily readable by

pd.tos = (ntohl(h->ip6_flow) >> 20) & 0xfc;
This revision is now accepted and ready to land.Mar 4 2021, 7:46 AM
kp added inline comments.Mar 4 2021, 8:51 AM
sys/netpfil/pf/pf.c
6387

Grabbing the DSCP bits and ignoring the ECN bits, yes.

I think I agree that your way is more readable. so I'll update that.

ae added a subscriber: ae.Mar 4 2021, 8:54 AM
ae added inline comments.
sys/netpfil/pf/pf.c
6387

This variant of

6387

We have several places in the code where the same expression are used, probably it would be good to add some macros to get and set this value.

kp updated this revision to Diff 85115.Mar 4 2021, 9:59 AM

Simplify retrieving the DSCP bits

This revision now requires review to proceed.Mar 4 2021, 9:59 AM
Harbormaster completed remote builds in B37566: Diff 85115.Mar 4 2021, 10:00 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 4 2021, 7:57 PM
Closed by commit rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header.
kp added a commit: rG3756d591f758: pf: Retrieve DSCP value from the IPv6 header.Mar 20 2021, 10:00 AM
kp added a commit: rGe7e1836a0efa: pf: Retrieve DSCP value from the IPv6 header.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
2 lines

Diff 85161

View Options

sys/netpfil/pf/pf.c

Loading...