Page MenuHomeFreeBSD
Differential D35159

pf: tag dummynet'd route-to packets with their real destination
ClosedPublic
Actions

Authored by kp on May 10 2022, 8:53 AM.
Tags
None
Referenced Files
F109862573: D35159.diff
Mon, Feb 10, 11:48 AM
Unknown Object (File)
Oct 22 2024, 1:05 PM
Unknown Object (File)
Oct 3 2024, 9:56 PM
Unknown Object (File)
Oct 3 2024, 2:15 PM
Unknown Object (File)
Oct 2 2024, 5:11 AM
Unknown Object (File)
Oct 1 2024, 8:33 AM
Unknown Object (File)
Sep 27 2024, 8:05 PM
Unknown Object (File)
Sep 26 2024, 9:22 PM
View All 54 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination
Summary

If we delay route-to/dup-to/reply-to through dummynet we are eventually
returned to pf_test(). At that point we no longer have the context for
the route-to destination. We'd just skip the pf_test() and continue
processing. This means that route-to did not work as expected.

Extend pf_mtag to carry the route-to destination so we can apply it when
we re-enter pf_test().

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45508
Build 42396: arc lint + arc unit

Event Timeline

kp created this revision.May 10 2022, 8:53 AM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptMay 10 2022, 8:53 AM
kp requested review of this revision.May 10 2022, 8:53 AM
kp added a parent revision: D35158: pf: also apply dummynet to route-to/dup-to packets.
kp added a child revision: D35160: pf tests: factor out common dummynet check.
Harbormaster completed remote builds in B45508: Diff 105803.May 10 2022, 8:53 AM
glebius added inline comments.May 10 2022, 9:53 PM
sys/netpfil/pf/pf.c
6869

Can we assert network epoch here?

7425

What do you think about changing ifnet_byindexgen() to never return IFF_DYING interfaces?

P.S. I desire the need for this flag to be eliminated.

kp added inline comments.May 11 2022, 7:58 AM
sys/netpfil/pf/pf.c
6869

Yeah, that makes sense.

Pretty much all of pf runs under net_epoch, but an assert will make it more obvious that it's safe to access these fields here.

7425

That would make sense to me, yes.

kp updated this revision to Diff 105854.May 11 2022, 8:48 AM
  • add NET_EPOCH_ASSERT
  • return 'int' for errors rather than 'bool'
Harbormaster completed remote builds in B45526: Diff 105854.May 11 2022, 8:48 AM
This revision was not accepted when it landed; it landed in state Needs Review.May 12 2022, 7:58 PM
Closed by commit rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGa908f8f0dc62: pf: tag dummynet'd route-to packets with their real destination.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
65 lines
5 lines

Diff 105803

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_mtag.h

Loading...