Track (and display) the interface that created a state, even if it's a
floating state (and thus uses virtual interface 'all').
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Why can't you move the interface 'all' to be a flag and just always track the interface the packet came in originally?
| sbin/pfctl/pf_print_state.c | ||
|---|---|---|
| 355 | Is the whitespace here intentional? | |
| 359 | Can you avoid strcmp even though existing code has it? | |
| sys/net/pfvar.h | ||
| 525 | Is this an ABI change? If yes, would recommend to note this somewhere or even better add this to the end of pf_state to avoid the breakage. | |
| sbin/pfctl/pf_print_state.c | ||
|---|---|---|
| 355 | Yes. There was more whitespace there than there was supposed to be (it's on the same line as id / creatorid) so I'm removing that while we're here. | |
| 359 | I don't follow. The intent here is to only display 'origif' if it's different from the ifname we've already printed. I.e. when we're a floating state. | |
| sys/net/pfvar.h | ||
| 525 | It's a pf-internal change. The state structure is guarded by #ifdef _KERNEL. Although that's somewhat recent, the pf_state structure hasn't been directly accessible to userspace for many years. We do share this data as part of pfsync, but there's a separate export function to convert it, which isn't changed. | |