Re: pf fastroute tag removal reviewers needed
On 28 Sep 2016, at 13:53, Franco Fichtner wrote: The main culprit of pfil not working correctly is pf's route-to and reply-to (and the tag formerly known as fastroute) as they would call if_output directly on the ifnet and consume their packets this way. That transmit code is also copied from if_output() and should likely not be called from within pf, especially when there is a pfil hook chain to go through. Agreed, but there’s another culprit: the v6 fragment handling code. It needs to call ip6_output()/ip6_forward() because it generates multiple output packets. Dealing with that has been on my todo list for a while now, but I’ve not even found the time to make a start at it. Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
pf fastroute tag removal reviewers needed
Hi all, The review can be found here: https://reviews.freebsd.org/D8058 The larger motivation is to start work to align pf with pfil packet flow in order to make pf and ipfw more useful in combination with each other as e.g. pf offers powerful policy- routing and ipfw offers a multitude of dummynet algorithms. The main culprit of pfil not working correctly is pf's route-to and reply-to (and the tag formerly known as fastroute) as they would call if_output directly on the ifnet and consume their packets this way. That transmit code is also copied from if_output() and should likely not be called from within pf, especially when there is a pfil hook chain to go through. The next targets after this review will be M_IP_NEXTHOP and M_IP6_NEXTHOP, which ipfw uses to redirect packets by adhering to the pfil hook chain. Cheers, Franco ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
