From owner-freebsd-pf@freebsd.org  Wed Sep 28 11:53:59 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 911B3BEBF79
 for <freebsd-pf@mailman.ysv.freebsd.org>; Wed, 28 Sep 2016 11:53:59 +0000 (UTC)
 (envelope-from franco@opnsense.org)
Received: from mail.opnsense.org (mail.opnsense.org [37.48.77.141])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6031A1ADB
 for <freebsd-pf@freebsd.org>; Wed, 28 Sep 2016 11:53:58 +0000 (UTC)
 (envelope-from franco@opnsense.org)
Received: from localhost (localhost [127.0.0.1])
 by mail.opnsense.org (Postfix) with ESMTP id 19BAF1808E85
 for <freebsd-pf@freebsd.org>; Wed, 28 Sep 2016 13:56:39 +0200 (CEST)
From: Franco Fichtner <franco@opnsense.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: pf fastroute tag removal reviewers needed
Message-Id: <022E4530-A6DF-452B-8978-43A9B10DA726@opnsense.org>
Date: Wed, 28 Sep 2016 13:53:47 +0200
To: freebsd-pf@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 11:53:59 -0000

Hi all,

The review can be found here:

https://reviews.freebsd.org/D8058

The larger motivation is to start work to align pf with pfil
packet flow in order to make pf and ipfw more useful in
combination with each other as e.g. pf offers powerful policy-
routing and ipfw offers a multitude of dummynet algorithms.

The main culprit of pfil not working correctly is pf's
route-to and reply-to (and the tag formerly known as fastroute)
as they would call if_output directly on the ifnet and consume
their packets this way.  That transmit code is also copied from
if_output() and should likely not be called from within pf,
especially when there is a pfil hook chain to go through.

The next targets after this review will be M_IP_NEXTHOP and
M_IP6_NEXTHOP, which ipfw uses to redirect packets by adhering
to the pfil hook chain.


Cheers,
Franco