Date: Tue, 7 Oct 2014 17:13:55 +0200 From: Marko Zec <zec@fer.hr> To: "Andrey V. Elsukov" <ae@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r272695 - head/sys/net Message-ID: <20141007171355.6e4da644@x23> In-Reply-To: <5433F5EE.3010006@FreeBSD.org> References: <201410071331.s97DV5hB088377@svn.freebsd.org> <20141007160405.35f52792@x23> <5433F5EE.3010006@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Oct 2014 18:17:18 +0400 "Andrey V. Elsukov" <ae@freebsd.org> wrote: > On 07.10.2014 18:04, Marko Zec wrote: > > On Tue, 7 Oct 2014 13:31:05 +0000 > > "Andrey V. Elsukov" <ae@freebsd.org> wrote: > > > >> Author: ae > >> Date: Tue Oct 7 13:31:04 2014 > >> New Revision: 272695 > >> URL: https://svnweb.freebsd.org/changeset/base/272695 > >> > >> Log: > >> Our packet filters use mbuf's rcvif pointer to determine incoming > >> interface. Change mbuf's rcvif to enc0 and restore it after pfil > >> processing. > > > > Will this work / was this tested with options VIMAGE, where > > m_pkthdr.rcvif->if_vnet will no longer match curvnet, except in > > vnet0? > > I tested only without VIMAGE. ipfw and pf use if_xname field to > compare interfaces. So will this work? I have no idea whether this would work now, but this change implies that no pfil consumer should reference m_pkthdr.rcvif->if_vnet from now on, ever. Which doesn't seem right to me. If changing m_pkthdr.rcvif to enc0 in ipsec_filter() is really unavoidable, perhaps we could introduce enc0 for each vnet, maybe in a similar manner how hrs@ virtualized gif (271917) and gre (271918) cloners, which (gif) apparently seem to be at the root of the PR 110959 referenced here. Marko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141007171355.6e4da644>