Page MenuHomeFreeBSD
Differential D29048

pf: Retrieve DSCP value from the IPv6 header
ClosedPublic
Actions

Authored by kp on Mar 3 2021, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 3, 11:50 PM
Unknown Object (File)
Thu, May 2, 4:03 AM
Unknown Object (File)
Tue, Apr 30, 8:19 PM
Unknown Object (File)
Tue, Apr 30, 8:06 PM
Unknown Object (File)
Tue, Apr 30, 8:03 PM
Unknown Object (File)
Tue, Apr 30, 8:03 PM
Unknown Object (File)
Tue, Apr 30, 6:13 PM
Unknown Object (File)
Tue, Apr 23, 10:18 AM
View All 39 Files
Subscribers
ae
donner
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rGe7e1836a0efa: pf: Retrieve DSCP value from the IPv6 header
rG3756d591f758: pf: Retrieve DSCP value from the IPv6 header
rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header
Summary

Teach pf to read the DSCP value from the IPv6 header so that we can
match on them.

MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 37548
Build 34437: arc lint + arc unit

Event Timeline

kp created this revision.Mar 3 2021, 8:39 PM
Herald added subscribers: melifaro, farrokhi, imp. · View Herald TranscriptMar 3 2021, 8:39 PM
kp requested review of this revision.Mar 3 2021, 8:39 PM
Harbormaster completed remote builds in B37548: Diff 85073.Mar 3 2021, 8:41 PM
donner accepted this revision as: donner.Mar 4 2021, 7:46 AM
donner added a subscriber: donner.
donner added inline comments.
sys/netpfil/pf/pf.c
6433

So you are extracting "DSCP" and "Currently unused" but you mask out the unused bits without shifting them away? If the CU bits are kept, but masked, that is fine.

It might be more easily readable by

pd.tos = (ntohl(h->ip6_flow) >> 20) & 0xfc;
This revision is now accepted and ready to land.Mar 4 2021, 7:46 AM
kp added inline comments.Mar 4 2021, 8:51 AM
sys/netpfil/pf/pf.c
6433

Grabbing the DSCP bits and ignoring the ECN bits, yes.

I think I agree that your way is more readable. so I'll update that.

ae added a subscriber: ae.Mar 4 2021, 8:54 AM
ae added inline comments.
sys/netpfil/pf/pf.c
6433

This variant of

6433

We have several places in the code where the same expression are used, probably it would be good to add some macros to get and set this value.

kp updated this revision to Diff 85115.Mar 4 2021, 9:59 AM

Simplify retrieving the DSCP bits

This revision now requires review to proceed.Mar 4 2021, 9:59 AM
Harbormaster completed remote builds in B37566: Diff 85115.Mar 4 2021, 10:00 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 4 2021, 7:57 PM
Closed by commit rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGf19323847ca8: pf: Retrieve DSCP value from the IPv6 header.
kp added a commit: rG3756d591f758: pf: Retrieve DSCP value from the IPv6 header.Mar 20 2021, 10:00 AM
kp added a commit: rGe7e1836a0efa: pf: Retrieve DSCP value from the IPv6 header.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
2 lines

Diff 85073

View Options

sys/netpfil/pf/pf.c

Loading...