Page MenuHomeFreeBSD
Differential D46840

pf tests: Add test for max-src-states
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Sep 28 2024, 8:52 PM.
Tags
None
Referenced Files
F102876881: D46840.diff
Mon, Nov 18, 8:10 AM
Unknown Object (File)
Fri, Nov 15, 5:19 PM
Unknown Object (File)
Tue, Nov 12, 1:17 PM
Unknown Object (File)
Tue, Nov 12, 11:19 AM
Unknown Object (File)
Sun, Nov 10, 2:12 PM
Unknown Object (File)
Sun, Nov 10, 12:46 PM
Unknown Object (File)
Sat, Nov 9, 4:21 PM
Unknown Object (File)
Sat, Nov 9, 4:20 PM
View All 59 Files
Subscribers
farrokhi
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rG3ec4fbdd98f2: pf tests: Add test for max-src-states

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

vegeta_tuxpowered.net created this revision.Sep 28 2024, 8:52 PM
Herald added subscribers: glebius, melifaro, farrokhi, imp. · View Herald TranscriptSep 28 2024, 8:52 PM
vegeta_tuxpowered.net requested review of this revision.Sep 28 2024, 8:52 PM
vegeta_tuxpowered.net updated this revision to Diff 143878.Sep 28 2024, 9:09 PM

Add test for another source, describe tests better, check for source nodes in order-independent manner.

vegeta_tuxpowered.net updated this revision to Diff 143879.Sep 28 2024, 9:10 PM
vegeta_tuxpowered.net updated this revision to Diff 143880.
kp added inline comments.Sep 29 2024, 3:50 PM
tests/sys/netpfil/pf/src_track.sh
153

Shouldn't the third connection still succeed (because we set max-src-states 3)?

I haven't looked very closely at this yet, but that jumped out at me.

vegeta_tuxpowered.net added inline comments.Sep 29 2024, 4:13 PM
tests/sys/netpfil/pf/src_track.sh
153

That is how it works, pf stops creating new states after 2. I’ve looked at the code, it’s due to how struct pf_ksrc_node->states is abused for reference counting (or at least that is how I understand it). This counter is increased during source node creation and search, even before the state is really created. And then after increasing it’s compared using the >= operator.

I have a patch which fixes this and multiple other issues, mostly related to unlocked access to source nodes. I hope to upload it soon. All the patches im sending in the last days are picked from that big patch.

I can make another patch only to fix this off by one error, if you want it fixed separately.

This revision was not accepted when it landed; it landed in state Needs Review.Sep 30 2024, 9:06 AM
Closed by commit rG3ec4fbdd98f2: pf tests: Add test for max-src-states (authored by vegeta_tuxpowered.net, committed by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG3ec4fbdd98f2: pf tests: Add test for max-src-states.

Revision Contents
Changeset List

PathSize
tests/
sys/
netpfil/
pf/
66 lines

Diff 143879

View Options

tests/sys/netpfil/pf/src_track.sh

Loading...