Page MenuHomeFreeBSD

pf: Retrieve DSCP value from the IPv6 header
ClosedPublic

Authored by kp on Mar 3 2021, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 23 2024, 5:31 PM
Unknown Object (File)
Feb 22 2024, 8:59 PM
Unknown Object (File)
Feb 13 2024, 11:07 PM
Unknown Object (File)
Dec 30 2023, 11:03 PM
Unknown Object (File)
Dec 29 2023, 12:36 AM
Unknown Object (File)
Dec 20 2023, 5:06 AM
Unknown Object (File)
Dec 14 2023, 10:42 PM
Unknown Object (File)
Nov 7 2023, 10:52 PM

Details

Summary

Teach pf to read the DSCP value from the IPv6 header so that we can
match on them.

MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 37548
Build 34437: arc lint + arc unit

Event Timeline

kp requested review of this revision.Mar 3 2021, 8:39 PM
donner added a subscriber: donner.
donner added inline comments.
sys/netpfil/pf/pf.c
6433

So you are extracting "DSCP" and "Currently unused" but you mask out the unused bits without shifting them away? If the CU bits are kept, but masked, that is fine.

It might be more easily readable by

pd.tos = (ntohl(h->ip6_flow) >> 20) & 0xfc;
This revision is now accepted and ready to land.Mar 4 2021, 7:46 AM
sys/netpfil/pf/pf.c
6433

Grabbing the DSCP bits and ignoring the ECN bits, yes.

I think I agree that your way is more readable. so I'll update that.

ae added inline comments.
sys/netpfil/pf/pf.c
6433

This variant of

6433

We have several places in the code where the same expression are used, probably it would be good to add some macros to get and set this value.

Simplify retrieving the DSCP bits

This revision now requires review to proceed.Mar 4 2021, 9:59 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 4 2021, 7:57 PM
This revision was automatically updated to reflect the committed changes.