Changeset View
Changeset View
Standalone View
Standalone View
website/content/en/status/report-2022-04-2022-06/pf.adoc
- This file was added.
=== pf status update | |||||
Contact: Kristof Provost <kp@FreeBSD.org> | |||||
Contact: Reid Linnemann <rlinnemann@netgate.com> | |||||
==== Ethernet | |||||
pf recently grew support for filtering on Ethernet layer. | |||||
See the 2021q2 pf_ethernet report. | |||||
Since then the Ethernet layer filtering has been extended with: | |||||
* anchor support | |||||
* ability to look into the layer 3 header, for matching with source/destination IP(v4/v6) addresses | |||||
* table support for IP address matching | |||||
* direct dispatch to dummynet | |||||
* pass Ethernet layer packets directly to dummynet, rather than tagging the packets and relying on layer 3 to handle dummynet | |||||
==== Dummynet | |||||
pf recently started being able to use dummynet for packet scheduling. | |||||
This support has been extended and improved, and is now believed to be ready for production. | |||||
One notable fix is that reply-to/route-to'd traffic is now subject to dummynet scheduling as well. | |||||
==== Last match timestamp | |||||
pf now tracks when a rule was last matched. | |||||
Similar to ipfw rule timestamps, these timestamps internally are uint32_t snaps of the system "wall time" clock in seconds. (See time(9).) | |||||
The timestamp is CPU local and updated each time a rule or a state is matched. | |||||
Sponsor: Rubicon Communications, LLC ("Netgate") |