Page MenuHomeFreeBSD
Differential D48821

pf: Use pf_map_addr() only once when choosing source port and address
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Feb 3 2025, 7:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 14, 12:18 AM
Unknown Object (File)
Fri, Nov 7, 5:41 AM
Unknown Object (File)
Thu, Nov 6, 10:27 PM
Unknown Object (File)
Oct 31 2025, 11:12 PM
Unknown Object (File)
Oct 29 2025, 9:35 AM
Unknown Object (File)
Oct 29 2025, 9:35 AM
Unknown Object (File)
Oct 29 2025, 9:34 AM
Unknown Object (File)
Oct 29 2025, 9:16 AM
View All 75 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address
Summary

When choosing source port and address for NAT operations the proper order of
operations is:

  1. Try to get them from udp_mapping if rule has PF_POOL_ENDPI. This might be enough to return.
  2. Get IP address from pf_map_addr_sn()
  3. Look for free ports for the IP address
  4. Get another IP address from pf_map_addr() if no ports are free

Calling pf_map_addr_sn() before checking udp_mappings is not necessary,
remove the first call. Since now a rule can have multiple pools, don't
hardcode pools anymore, always use the pool given in pf_get_sport() call.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

vegeta_tuxpowered.net created this revision.Feb 3 2025, 7:13 PM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptFeb 3 2025, 7:13 PM
vegeta_tuxpowered.net requested review of this revision.Feb 3 2025, 7:13 PM
kp accepted this revision.Feb 4 2025, 5:00 PM

Approved too, but make sure to use your @FreeBSD.org e-mail address as author, otherwise the pre-commit triggers will complain.

This revision is now accepted and ready to land.Feb 4 2025, 5:00 PM
Closed by commit rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address (authored by vegeta_tuxpowered.net). · Explain WhyFeb 6 2025, 1:19 PM
This revision was automatically updated to reflect the committed changes.
vegeta_tuxpowered.net added a commit: rGdaea703963f5: pf: Use pf_map_addr() only once when choosing source port and address.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
25 lines

Diff 150619

View Options

sys/netpfil/pf/pf_lb.c

Loading...