From owner-svn-src-all@FreeBSD.ORG Tue Nov 25 13:33:31 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D6AB129; Tue, 25 Nov 2014 13:33:31 +0000 (UTC) Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48C87B76; Tue, 25 Nov 2014 13:33:31 +0000 (UTC) Received: by mail-pa0-f46.google.com with SMTP id lj1so582938pab.33 for ; Tue, 25 Nov 2014 05:33:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=q1IEwz0G4iNF3kFWfwIP2tf5Wv5fyON9YBGz4NnTbY8=; b=Vr8O2paSDZVtZvvXahi7zoPFHZg2+GLb59ShNDjp7+03uLd1U2G4jglbDcMftmc36g RTVcC9B9YIxGCEx6JJCW2UEP/TT1PSGau5+znyUSLFFLi2mKT9smN/dI4sopp3NYC0kG 1Nsv3PZPpBvzWK0OeI9SpXduUXkeNUmT6M2ZJw7lBKxs4dgnMK0lJ2o0LoGul+htUcph TZczWprZ4bznI+YvG0Kq0et2kXPrTveisJKHKYIGL6B/P6UfekFQ/J0jDgJDeuBRnzaj cH7EXH6P7T/4U8D1DiCXWEesItC5TujK291TAJngweruuggHfzadPxGQWLtfX/cLtmeH keJA== MIME-Version: 1.0 X-Received: by 10.70.131.199 with SMTP id oo7mr43749593pdb.138.1416922410795; Tue, 25 Nov 2014 05:33:30 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.70.91.232 with HTTP; Tue, 25 Nov 2014 05:33:30 -0800 (PST) In-Reply-To: <86ioi3y0gb.fsf@nine.des.no> References: <201411191331.sAJDV9bH092190@svn.freebsd.org> <86tx1nvcy4.fsf@nine.des.no> <86ppcbvb04.fsf@nine.des.no> <86ioi3y0gb.fsf@nine.des.no> Date: Tue, 25 Nov 2014 14:33:30 +0100 X-Google-Sender-Auth: O6BWEGxviD_T8itGtCJcJCEOA1o Message-ID: Subject: Re: svn commit: r274709 - head/sys/netpfil/pf From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2014 13:33:31 -0000 Hello Dag, if its working for you i have no issues. For me these changes are taken into consideration during policy routing on pf(4). If you check the pf_route() call it does the same checks as outgoing processing of the modules. If they need to be considered after pf(4) does it internal processing probably should be after the call to pf_test6. There is no reason to have different behaviour for ipv6 from ipv4 internally in pf(4). Also this only affects the traffic sourced by the host itself and not forwarded traffic and i think this patch will provide a regression for the issues that the committed patch does. On Tue, Nov 25, 2014 at 12:38 PM, Dag-Erling Sm=C3=B8rgrav wro= te: > Here's a patch that doesn't crash and tries not to break TSO. > > Index: sys/netpfil/pf/pf_ioctl.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/netpfil/pf/pf_ioctl.c (revision 274791) > +++ sys/netpfil/pf/pf_ioctl.c (working copy) > @@ -3576,9 +3576,10 @@ > int chk; > > /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ > - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { > + if ((*m)->m_pkthdr.csum_flags & > + ((CSUM_DELAY_IP|CSUM_DELAY_DATA) & ~ifp->if_hwassist)) { > in_delayed_cksum(*m); > - (*m)->m_pkthdr.csum_flags &=3D ~CSUM_DELAY_DATA; > + (*m)->m_pkthdr.csum_flags &=3D > ~(CSUM_DELAY_IP|CSUM_DELAY_DATA); > } > > chk =3D pf_test(PF_OUT, ifp, m, inp); > @@ -3620,12 +3621,14 @@ > int chk; > > /* We need a proper CSUM before we start (s. OpenBSD ip_output) *= / > - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { > + if ((*m)->m_pkthdr.csum_flags & > + (CSUM_DELAY_DATA_IPV6 & ~ifp->if_hwassist)) { > in6_delayed_cksum(*m, > (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), > sizeof(struct ip6_hdr)); > (*m)->m_pkthdr.csum_flags &=3D ~CSUM_DELAY_DATA_IPV6; > } > + > CURVNET_SET(ifp->if_vnet); > chk =3D pf_test6(PF_OUT, ifp, m, inp); > CURVNET_RESTORE(); > > DES > -- > Dag-Erling Sm=C3=B8rgrav - des@des.no > --=20 Ermal