[pfil loop prevention experiment 4/5] pfil: Provide looping prevention mechanism
Needs ReviewPublic
Actions

Authored by vegeta_tuxpowered.net on Thu, Aug 7, 4:56 PM.

Details

Reviewers

glebius
kp

Summary

Packets might be consumed by dummynet and reinjected later. In such case they pass through the network stack again and are send to the same pfil hooks (i.e. pf or ipfw) which must deal with loop protection (unconditionally passing the packets) on their own. Move the loop protection to pfil itself by using a custom mtag. Store pointer to the last hook in the mtag, when going over hooks skip the hooks which have been already ran.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

vegeta_tuxpowered.net created this revision.Thu, Aug 7, 4:56 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptThu, Aug 7, 4:56 PM

vegeta_tuxpowered.net requested review of this revision.Thu, Aug 7, 4:56 PM

vegeta_tuxpowered.net added inline comments.Thu, Aug 7, 5:17 PM

sys/net/pfil.c
231	Alternatively we could not always allocate the mtag in `pfil.c` but only check it here, but allocate it in the pfil hook when it is expected that looping would happen. kp@ has reported this causing a degradation in pps performance.