Page MenuHomeFreeBSD
Differential D35158

pf: also apply dummynet to route-to/dup-to packets
ClosedPublic
Actions

Authored by kp on May 10 2022, 8:53 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 13, 2:40 PM
Unknown Object (File)
Wed, May 6, 2:37 AM
Unknown Object (File)
Thu, Apr 30, 6:04 PM
Unknown Object (File)
Wed, Apr 29, 10:12 PM
Unknown Object (File)
Tue, Apr 28, 7:31 AM
Unknown Object (File)
Mon, Apr 27, 3:44 PM
Unknown Object (File)
Mon, Apr 27, 2:41 PM
Unknown Object (File)
Sat, Apr 25, 6:42 AM
View All Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rG37c452292132: pf: also apply dummynet to route-to/dup-to packets
Summary

If packets are processed by a route-to/dup-to/reply-to rule (i.e. they
pass through pf_route(6)) dummynet was not applied to them.
This is because pf_route(6) passes packets directly to ifp->if_output(),
so the dummynet functions were never called.

Factor out the dummynet code and call dummynet prior to
ifp->if_output(). This has a secondary benefit of reducing some code
duplication between the IPv4 and IPv6 paths.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.May 10 2022, 8:53 AM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptMay 10 2022, 8:53 AM
kp requested review of this revision.May 10 2022, 8:53 AM
kp added a child revision: D35159: pf: tag dummynet'd route-to packets with their real destination.
Harbormaster completed remote builds in B45507: Diff 105802.May 10 2022, 8:53 AM
glebius added a comment.May 10 2022, 9:45 PM

The new function is bool, to tell if the packet was consumed. Let's call this modern FreeBSD style. You also pass a pointer to pointer, so function can NULL-ify to express same fact of consumed mbuf. This matches classic OpenBSD/pf style. In one case you use FreeBSD style and in two cases OpenBSD.

IMHO, the new function should be used consistently using either return value or the pointer. Personally I prefer FreeBSD style over OpenBSD/pf.

kp added a comment.May 11 2022, 8:47 AM
In D35158#797201, @glebius wrote:

The new function is bool, to tell if the packet was consumed. Let's call this modern FreeBSD style. You also pass a pointer to pointer, so function can NULL-ify to express same fact of consumed mbuf. This matches classic OpenBSD/pf style. In one case you use FreeBSD style and in two cases OpenBSD.

IMHO, the new function should be used consistently using either return value or the pointer. Personally I prefer FreeBSD style over OpenBSD/pf.

That's not quite right. The return value indicates an error. For example when we fail to allocate the tag, or if we're configured to shape the packet (i.e. dnpipe/dnrpipe != 0) but dummynet is not loaded.

We can return 'true' and yet not have eaten the mbuf. I'll change the return type to an int (and return ENOMEM on error) to make it a bit clearer.

kp updated this revision to Diff 105853.May 11 2022, 8:48 AM

Change return type to int, to clarify that this is an error return.

Harbormaster completed remote builds in B45525: Diff 105853.May 11 2022, 8:48 AM
This revision was not accepted when it landed; it landed in state Needs Review.May 12 2022, 7:58 PM
Closed by commit rG37c452292132: pf: also apply dummynet to route-to/dup-to packets (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG37c452292132: pf: also apply dummynet to route-to/dup-to packets.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
144 lines

Diff 105898

View Options

sys/netpfil/pf/pf.c

Loading...