pf: Add a sysctl to limit work done for rdr source port rewriting
ClosedPublic
Actions

Authored by markj on Aug 30 2024, 5:30 PM.

Details

Reviewers

kp
ltning-freebsd_anduin.net

Commits

rG339a1977c324: pf: Add a sysctl to limit work done for rdr source port rewriting

Summary

It was pointed out that the current approach of exhaustively searching
for a free source port might be very time consuming. Limit the amount
of work that we might do before giving up.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Aug 30 2024, 5:30 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptAug 30 2024, 5:30 PM

markj requested review of this revision.Aug 30 2024, 5:30 PM

Harbormaster completed remote builds in B59252: Diff 142636.Aug 30 2024, 5:30 PM

markj added a reviewer: ltning-freebsd_anduin.net.Aug 30 2024, 5:30 PM

We should probably document this in pf(4).
And I should see about adding the others that are missing from that too.

This revision is now accepted and ready to land.Aug 30 2024, 7:58 PM

Mention the sysctl in pf.4 and pf.conf.5.

This revision now requires review to proceed.Sep 9 2024, 5:42 PM

Harbormaster completed remote builds in B59407: Diff 143149.Sep 9 2024, 5:42 PM

I know I'm listed as a reviewer, but I can't assess the code change here. The gist of it looks good, though. I'd be a lot less worried about enabling the feature with this limiter in place.

It may want a man page date update.

This revision is now accepted and ready to land.Sep 9 2024, 5:55 PM

Closed by commit rG339a1977c324: pf: Add a sysctl to limit work done for rdr source port rewriting (authored by markj). · Explain WhySep 10 2024, 2:59 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG339a1977c324: pf: Add a sysctl to limit work done for rdr source port rewriting.