Page MenuHomeFreeBSD
Differential D50779

pf: Prevent infinite looping over tables in round-robin pools
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Jun 10 2025, 3:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jun 4, 2:33 PM
Unknown Object (File)
Thu, Jun 4, 2:33 PM
Unknown Object (File)
Thu, Jun 4, 6:15 AM
Unknown Object (File)
Thu, Jun 4, 3:07 AM
Unknown Object (File)
Sun, May 31, 12:35 AM
Unknown Object (File)
Fri, May 22, 9:42 PM
Unknown Object (File)
May 14 2026, 11:06 AM
Unknown Object (File)
May 14 2026, 9:40 AM
View All 74 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rG04dcbb44340f: pf: Prevent infinite looping over tables in round-robin pools
Summary

In FreeBSD each redirection pool (struct pf_kpool) consists of multiple
hosts (struct pf_addr_wrap). In OpenBSD that is not the case, and a
round-robin pool having a table as a host loops infinitely only over
that single table.

In FreeBSD once all addresses from a table are returned the pool must
iterate to the next host. Add a custom flag to have pfr_pool_get() break
its loop once it reaches the last index. Use this flag in round-robin
pools. When changing pool's host set index to 0 to always start
iterating each table from beginning.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
net/
2 lines
netpfil/
pf/
16 lines
4 lines
tests/
sys/
netpfil/
pf/
82 lines

Diff 158409

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_lb.c

Loading...
View Options

sys/netpfil/pf/pf_table.c

Loading...
View Options

tests/sys/netpfil/pf/route_to.sh

Loading...