From owner-svn-src-user@FreeBSD.ORG Wed Jan 6 11:42:50 2010 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD9491065692; Wed, 6 Jan 2010 11:42:50 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 593478FC12; Wed, 6 Jan 2010 11:42:50 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id A0517730A1; Wed, 6 Jan 2010 12:50:43 +0100 (CET) Date: Wed, 6 Jan 2010 12:50:43 +0100 From: Luigi Rizzo To: Ermal Lu?i Message-ID: <20100106115043.GA6064@onelab2.iet.unipi.it> References: <201001041658.o04GwFfG023749@svn.freebsd.org> <9a542da31001051006r61af058eg715c29ef0d3d2020@mail.gmail.com> <20100105182643.GA93051@onelab2.iet.unipi.it> <9a542da31001051038t9f253fbo79241b11dbba9100@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9a542da31001051038t9f253fbo79241b11dbba9100@mail.gmail.com> User-Agent: Mutt/1.4.2.3i Cc: Luigi Rizzo , src-committers@freebsd.org, svn-src-user@freebsd.org Subject: Re: svn commit: r201517 - in user/luigi/ipfw3-head/sys/netinet: . ipfw X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 11:42:51 -0000 On Tue, Jan 05, 2010 at 07:38:51PM +0100, Ermal Lu?i wrote: > On Tue, Jan 5, 2010 at 7:26 PM, Luigi Rizzo wrote: ... > > I was not aware of pf support -- in fact, i wonder how divert could work > > without ipfw because the function pointer ip_divert_ptr at the moment > > is defined in ip_fw_pfil.c . > > > > There are in fact, I believe, two things that enforce the dependency: > > 1. the ip_divert_ptr above. We should move it elsewhere, in the > > standard ip_* files; > > > > 2. the tag that is attached to the packet to record the reinject cookie > > (I have recently redefined it as MTAG_IPFW_RULE because i was > > not aware of the pf(4) support -- i need to revert/fix this if > > we want divert and pf cooperation (though note that I tried to > > have the same mtag format for all reinjected packets -- dummynet, > > divert, netgraph, ... so once we fix it for one application it > > should work for all with no special code). > > > > cheers > > luigi > > > > Check it out here > http://svn.freebsd.org/viewvc/base/user/eri/pf45/head/ > > The divert support > with the pointer moving is commit 198045 for checking on how i have done in > that branch. If you find a better solution go ahead and i will update the > referenced pf branch as well. very good. moving ip_divert_ptr to ip_input or some other global place is trivial. The other change required is to move the MTAG_IPFW_RULE (and struct ipfw_rule_ref) to some common header instead of the ipfw-specific headers. Renaming the struct or fields is fine. As you see, the tag contains 2 pieces of information: - a rule identifier (in ipfw it is rulenum:rule_id), which can be used for a lookup even if the configuration changes (and we cannot hold a lock or a refcount) as the packet may not come back; - a "quick reference", protected by a version number, to be used to save the cost of a lookup in case the configuration has not changed. I suppose the existing fields should be enough for pf as well, possibly changing 'slot' to uintptr_t so you can put there a pointer instead of a slot number. can you give a try at adapting pf.c to this structure while I move the ipfw_rule_ref to a common header ? cheers luigi