Page MenuHomeFreeBSD

pf: Retrieve DSCP value from the IPv6 header
ClosedPublic

Authored by kp on Mar 3 2021, 8:39 PM.

Details

Summary

Teach pf to read the DSCP value from the IPv6 header so that we can
match on them.

MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kp requested review of this revision.Mar 3 2021, 8:39 PM
donner added a subscriber: donner.
donner added inline comments.
sys/netpfil/pf/pf.c
6387

So you are extracting "DSCP" and "Currently unused" but you mask out the unused bits without shifting them away? If the CU bits are kept, but masked, that is fine.

It might be more easily readable by

pd.tos = (ntohl(h->ip6_flow) >> 20) & 0xfc;
This revision is now accepted and ready to land.Mar 4 2021, 7:46 AM
sys/netpfil/pf/pf.c
6387

Grabbing the DSCP bits and ignoring the ECN bits, yes.

I think I agree that your way is more readable. so I'll update that.

ae added inline comments.
sys/netpfil/pf/pf.c
6387

This variant of

6387

We have several places in the code where the same expression are used, probably it would be good to add some macros to get and set this value.

Simplify retrieving the DSCP bits

This revision now requires review to proceed.Mar 4 2021, 9:59 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 4 2021, 7:57 PM
This revision was automatically updated to reflect the committed changes.