Page MenuHomeFreeBSD

pf: Track the original kif for floating states
ClosedPublic

Authored by kp on May 13 2021, 11:49 AM.

Details

Summary

Track (and display) the interface that created a state, even if it's a
floating state (and thus uses virtual interface 'all').

MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kp requested review of this revision.May 13 2021, 11:49 AM
eri requested changes to this revision.May 13 2021, 3:21 PM
eri added a subscriber: eri.

Why can't you move the interface 'all' to be a flag and just always track the interface the packet came in originally?

sbin/pfctl/pf_print_state.c
355

Is the whitespace here intentional?

358

Can you avoid strcmp even though existing code has it?

sys/net/pfvar.h
524

Is this an ABI change? If yes, would recommend to note this somewhere or even better add this to the end of pf_state to avoid the breakage.

This revision now requires changes to proceed.May 13 2021, 3:21 PM
sbin/pfctl/pf_print_state.c
355

Yes. There was more whitespace there than there was supposed to be (it's on the same line as id / creatorid) so I'm removing that while we're here.

358

I don't follow. The intent here is to only display 'origif' if it's different from the ifname we've already printed. I.e. when we're a floating state.

sys/net/pfvar.h
524

It's a pf-internal change. The state structure is guarded by #ifdef _KERNEL. Although that's somewhat recent, the pf_state structure hasn't been directly accessible to userspace for many years. We do share this data as part of pfsync, but there's a separate export function to convert it, which isn't changed.

This revision was not accepted when it landed; it landed in state Needs Revision.May 20 2021, 11:55 AM
This revision was automatically updated to reflect the committed changes.