Differential D50579

pf: rework anchor handling to recurse
ClosedPublic
Actions

Authored by kp on May 28 2025, 7:33 PM.

Details

Reviewers

None

Group Reviewers

pfsense

Commits

rGfe96610ba943: pf: rework anchor handling to recurse

Summary

percpu anchor stacks we actually don't need to pre-allocate per_anchor_stack[], if we use a 'natural' recursion, when doing anchor tree traversal.

O.K. mikeb@, mpi@

Extended because FreeBSD pf still has separate NAT rules processing, which also
needed this change.

Obtained from: OpenBSD, sashan <sashan@openbsd.org>, e236f0fa7b
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 5e4ad307dc
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.May 28 2025, 7:33 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptMay 28 2025, 7:33 PM

kp requested review of this revision.May 28 2025, 7:33 PM

Harbormaster completed remote builds in B64510: Diff 156214.May 28 2025, 7:33 PM

kp added a parent revision: D50580: pf: convert NAT rule handling to PF_TEST_ATTRIB as well.May 28 2025, 7:34 PM

vegeta_tuxpowered.net added inline comments.May 30 2025, 5:23 PM

sys/netpfil/pf/pf.c
5892–5895	One of benefits of pf_test_ctx is that it provides a central point to access all those variables from functions. So it would be better to only pass ctx to pf_create_state and other functions and modify those functions to access the members of ctx.

kp added inline comments.May 31 2025, 8:53 AM

sys/netpfil/pf/pf.c
5892–5895	That is a good idea. In fact, I thought I had already done that, but I don't seem to have that in my stack of pending patches. I would like to keep it out of this change though.