Date: Tue, 25 Nov 2014 14:33:30 +0100 From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r274709 - head/sys/netpfil/pf Message-ID: <CAPBZQG3i2h-wUQa16d0gt%2BfpsfNEBHgZsvtryvnwtrPVZsw8YA@mail.gmail.com> In-Reply-To: <86ioi3y0gb.fsf@nine.des.no> References: <201411191331.sAJDV9bH092190@svn.freebsd.org> <86tx1nvcy4.fsf@nine.des.no> <86ppcbvb04.fsf@nine.des.no> <86ioi3y0gb.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Dag,
if its working for you i have no issues.
For me these changes are taken into consideration during policy routing on
pf(4).
If you check the pf_route() call it does the same checks as outgoing
processing of the modules.
If they need to be considered after pf(4) does it internal processing
probably should be after the call to pf_test6.
There is no reason to have different behaviour for ipv6 from ipv4
internally in pf(4).
Also this only affects the traffic sourced by the host itself and not
forwarded traffic and
i think this patch will provide a regression for the issues that the
committed patch does.
On Tue, Nov 25, 2014 at 12:38 PM, Dag-Erling Sm=C3=B8rgrav <des@des.no> wro=
te:
> Here's a patch that doesn't crash and tries not to break TSO.
>
> Index: sys/netpfil/pf/pf_ioctl.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/netpfil/pf/pf_ioctl.c (revision 274791)
> +++ sys/netpfil/pf/pf_ioctl.c (working copy)
> @@ -3576,9 +3576,10 @@
> int chk;
>
> /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */
> - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
> + if ((*m)->m_pkthdr.csum_flags &
> + ((CSUM_DELAY_IP|CSUM_DELAY_DATA) & ~ifp->if_hwassist)) {
> in_delayed_cksum(*m);
> - (*m)->m_pkthdr.csum_flags &=3D ~CSUM_DELAY_DATA;
> + (*m)->m_pkthdr.csum_flags &=3D
> ~(CSUM_DELAY_IP|CSUM_DELAY_DATA);
> }
>
> chk =3D pf_test(PF_OUT, ifp, m, inp);
> @@ -3620,12 +3621,14 @@
> int chk;
>
> /* We need a proper CSUM before we start (s. OpenBSD ip_output) *=
/
> - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
> + if ((*m)->m_pkthdr.csum_flags &
> + (CSUM_DELAY_DATA_IPV6 & ~ifp->if_hwassist)) {
> in6_delayed_cksum(*m,
> (*m)->m_pkthdr.len - sizeof(struct ip6_hdr),
> sizeof(struct ip6_hdr));
> (*m)->m_pkthdr.csum_flags &=3D ~CSUM_DELAY_DATA_IPV6;
> }
> +
> CURVNET_SET(ifp->if_vnet);
> chk =3D pf_test6(PF_OUT, ifp, m, inp);
> CURVNET_RESTORE();
>
> DES
> --
> Dag-Erling Sm=C3=B8rgrav - des@des.no
>
--=20
Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG3i2h-wUQa16d0gt%2BfpsfNEBHgZsvtryvnwtrPVZsw8YA>