Page MenuHomeFreeBSD

ipfw: fix matching and setting DSCP value for IPv6
ClosedPublic

Authored by ae on Apr 6 2022, 7:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 14 2022, 3:49 AM
Unknown Object (File)
Dec 11 2022, 7:30 AM

Details

Summary

Matching for DSCP codes used incorrect bits. It used both
cached in f_id value and stored in the IPv6 header value,
thus it did not always work after setdscp action, since
cached value was not updated. Now we always use value stored
in the header via IPV6_DSCP() macro. Also added logging support
for O_SETDSCP opcode.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ae held this revision as a draft.
ae published this revision for review.Apr 6 2022, 7:20 PM
ae added reviewers: network, kp, melifaro.

To the extent that I understand ipfw this looks good to me.
Now that we update both the IP header and the cached value we arguably don't need the first two hunks of diff (to look at the header rather than the cached value), but it is shorter and easier to read this way.

This revision is now accepted and ready to land.Apr 7 2022, 7:18 AM