Page MenuHomeFreeBSD
Differential D35159

pf: tag dummynet'd route-to packets with their real destination
ClosedPublic
Actions

Authored by kp on May 10 2022, 8:53 AM.
Tags
None
Referenced Files
F115652141: D35159.id105854.diff
Sat, Apr 26, 2:31 PM
Unknown Object (File)
Fri, Apr 25, 2:04 AM
Unknown Object (File)
Sun, Apr 20, 11:46 AM
Unknown Object (File)
Mar 5 2025, 1:20 PM
Unknown Object (File)
Mar 3 2025, 4:39 PM
Unknown Object (File)
Feb 28 2025, 7:11 PM
Unknown Object (File)
Feb 25 2025, 7:04 PM
Unknown Object (File)
Feb 22 2025, 1:08 AM
View All 66 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination
Summary

If we delay route-to/dup-to/reply-to through dummynet we are eventually
returned to pf_test(). At that point we no longer have the context for
the route-to destination. We'd just skip the pf_test() and continue
processing. This means that route-to did not work as expected.

Extend pf_mtag to carry the route-to destination so we can apply it when
we re-enter pf_test().

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.May 10 2022, 8:53 AM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptMay 10 2022, 8:53 AM
kp requested review of this revision.May 10 2022, 8:53 AM
kp added a parent revision: D35158: pf: also apply dummynet to route-to/dup-to packets.
kp added a child revision: D35160: pf tests: factor out common dummynet check.
Harbormaster completed remote builds in B45508: Diff 105803.May 10 2022, 8:53 AM
glebius added inline comments.May 10 2022, 9:53 PM
sys/netpfil/pf/pf.c
6871

Can we assert network epoch here?

7427

What do you think about changing ifnet_byindexgen() to never return IFF_DYING interfaces?

P.S. I desire the need for this flag to be eliminated.

kp added inline comments.May 11 2022, 7:58 AM
sys/netpfil/pf/pf.c
6871

Yeah, that makes sense.

Pretty much all of pf runs under net_epoch, but an assert will make it more obvious that it's safe to access these fields here.

7427

That would make sense to me, yes.

kp updated this revision to Diff 105854.May 11 2022, 8:48 AM
  • add NET_EPOCH_ASSERT
  • return 'int' for errors rather than 'bool'
Harbormaster completed remote builds in B45526: Diff 105854.May 11 2022, 8:48 AM
This revision was not accepted when it landed; it landed in state Needs Review.May 12 2022, 7:58 PM
Closed by commit rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
67 lines
5 lines

Diff 105899

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_mtag.h

Loading...