HomeFreeBSD
Diffusion FreeBSD src repository 288bec2b2bd1

pf: fold pf_test_fragment() into pf_test_rule()
288bec2b2bd1
Actions

Description

pf: fold pf_test_fragment() into pf_test_rule()

Reduces code and fixes a bunch of bugs with fragment handling not being in sync
with the rest of the ruleset.

Much feedback from mpf, bluhm & markus
Thanks to Tony Sarendal for help with testing

ok bluhm; various previous versions ok henning, claudio, mpf, markus

Note that while this changes the order of src addr/src port/dst addr/dst port
skips this doesn't actually affect the kernel/userspace ABI. The kernel always
recalculates skip steps. As a result we have to fix one of the pfctl parser
tests. Note that this is an order change that does not affect what packets are
acceppted or dropped.

Obtained from: OpenBSD, mcbride <mcbride@openbsd.org>, 04c69899a7
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46705

Details

Provenance
kpAuthored on Sep 13 2024, 3:07 PM
Differential Revision
D46705: pf: fold pf_test_fragment() into pf_test_rule()
Parents
rGb35f0aa4952c: stdio.h: don't expose rsize_t unless __EXT1_VISIBLE
Branches
Unknown
Tags
Unknown

Changes (6)

PathSize
sbin/
pfctl/
tests/
files/
sys/
net/
netpfil/
pf/

rG288bec2b2bd1

View Options

sbin/pfctl/parse.y

Loading...
View Options

sbin/pfctl/pfctl_optimize.c

Loading...
View Options

sbin/pfctl/tests/files/pf0004.ok

Loading...
View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf.h

Loading...