Page MenuHomeFreeBSD
Differential D48821

pf: Use pf_map_addr() only once when choosing source port and address
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Feb 3 2025, 7:13 PM.
Tags
None
Referenced Files
F151157643: D48821.id.diff
Mon, Apr 6, 12:08 PM
Unknown Object (File)
Mon, Apr 6, 3:38 AM
Unknown Object (File)
Thu, Apr 2, 5:20 AM
Unknown Object (File)
Wed, Apr 1, 2:33 AM
Unknown Object (File)
Thu, Mar 19, 1:33 PM
Unknown Object (File)
Feb 27 2026, 10:19 PM
Unknown Object (File)
Jan 23 2026, 11:30 AM
Unknown Object (File)
Dec 20 2025, 2:40 AM
View All 85 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address
Summary

When choosing source port and address for NAT operations the proper order of
operations is:

  1. Try to get them from udp_mapping if rule has PF_POOL_ENDPI. This might be enough to return.
  2. Get IP address from pf_map_addr_sn()
  3. Look for free ports for the IP address
  4. Get another IP address from pf_map_addr() if no ports are free

Calling pf_map_addr_sn() before checking udp_mappings is not necessary,
remove the first call. Since now a rule can have multiple pools, don't
hardcode pools anymore, always use the pool given in pf_get_sport() call.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

vegeta_tuxpowered.net created this revision.Feb 3 2025, 7:13 PM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptFeb 3 2025, 7:13 PM
vegeta_tuxpowered.net requested review of this revision.Feb 3 2025, 7:13 PM
kp accepted this revision.Feb 4 2025, 5:00 PM

Approved too, but make sure to use your @FreeBSD.org e-mail address as author, otherwise the pre-commit triggers will complain.

This revision is now accepted and ready to land.Feb 4 2025, 5:00 PM
Closed by commit rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address (authored by vegeta_tuxpowered.net). · Explain WhyFeb 6 2025, 1:19 PM
This revision was automatically updated to reflect the committed changes.
vegeta_tuxpowered.net added a commit: rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
25 lines

Diff 150619

View Options

sys/netpfil/pf/pf_lb.c

Loading...