Details

Reviewers

Commits

rGd2761422eb0a: pf: Use different address family for source and redirection address

Summary

The function pf_map_addr() and source tracking operate on a single address
family. This made sense before introducing address translation. When
combining af-to with route-to or with sticky-address, the next-hop or the
NAT address are of different address family than the source address. For
example in NAT64 scenario an IPv6 source address is translated to an IPv4
address and routed over IPv4 gateway.

Make source nodes dual-AF, that is have a separate source AF and redirection
AF. Store route AF in struct pf_kstate, export it to pfctl. When loading
rules with redirection pools with pfctl store address family of each
address. When printing states don't deduce next-hop's address family from
af-to, use the one stored in state.

This patch contains parts picked from D50781 (RFC5549 / prefer-ipv6-nexthop) which make sense and fix bugs on their own.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

vegeta_tuxpowered.net created this revision.Thu, Jul 31, 5:54 PM

Herald added subscribers: glebius, melifaro, farrokhi and 2 others. · View Herald TranscriptThu, Jul 31, 5:54 PM

vegeta_tuxpowered.net requested review of this revision.Thu, Jul 31, 5:54 PM

vegeta_tuxpowered.net updated this revision to Diff 159513.

vegeta_tuxpowered.net updated this revision to Diff 159514.Thu, Jul 31, 5:59 PM

Trim too long lines, update comments.

vegeta_tuxpowered.net edited the summary of this revision. (Show Details)Fri, Aug 1, 9:08 AM

kp accepted this revision.Fri, Aug 1, 9:34 AM

This revision is now accepted and ready to land.Fri, Aug 1, 9:34 AM

Closed by commit rGd2761422eb0a: pf: Use different address family for source and redirection address (authored by vegeta_tuxpowered.net). · Explain WhyTue, Aug 5, 10:06 AM

This revision was automatically updated to reflect the committed changes.

vegeta_tuxpowered.net added a commit: rGd2761422eb0a: pf: Use different address family for source and redirection address.

pf: Use different address family for source and redirection address
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 159531

lib/libpfctl/libpfctl.h

lib/libpfctl/libpfctl.c

sbin/pfctl/parse.y

sbin/pfctl/pf_print_state.c

sbin/pfctl/pfctl.c

sbin/pfctl/pfctl_parser.h

sbin/pfctl/pfctl_parser.c

sys/net/pfvar.h

sys/netpfil/pf/if_pfsync.c

sys/netpfil/pf/pf.c

sys/netpfil/pf/pf_ioctl.c

sys/netpfil/pf/pf_lb.c

sys/netpfil/pf/pf_nl.h

sys/netpfil/pf/pf_nl.c

tests/sys/netpfil/pf/nat64.sh

tests/sys/netpfil/pf/src_track.sh

pf: Use different address family for source and redirection addressClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 159531

lib/libpfctl/libpfctl.h

lib/libpfctl/libpfctl.c

sbin/pfctl/parse.y

sbin/pfctl/pf_print_state.c

sbin/pfctl/pfctl.c

sbin/pfctl/pfctl_parser.h

sbin/pfctl/pfctl_parser.c

sys/net/pfvar.h

sys/netpfil/pf/if_pfsync.c

sys/netpfil/pf/pf.c

sys/netpfil/pf/pf_ioctl.c

sys/netpfil/pf/pf_lb.c

sys/netpfil/pf/pf_nl.h

sys/netpfil/pf/pf_nl.c

tests/sys/netpfil/pf/nat64.sh

tests/sys/netpfil/pf/src_track.sh

pf: Use different address family for source and redirection address
ClosedPublic
Actions

Revision Contents
Changeset List