Date: Mon, 24 Oct 2016 05:08:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 213736] pf: hardcoded if_output skips ip[6]_output and pfil order Message-ID: <bug-213736-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213736 Bug ID: 213736 Summary: pf: hardcoded if_output skips ip[6]_output and pfil order Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: franco@opnsense.org Hi, Up until now pf_route[6] uses code copied from ip_output[6] to push packets to their destination for the tags route-to, reply-to and dup-to. The packet is consumed on the spot. >From an architectural standpoint of pfil, this undermines its consistency: Packets must either be consumed when they are dropped or when they are delayed (dummynet). In case of ipfw, PACKET_TAG_FORWARD is used to store the hext hop for the forward tag and evaluated properly outside the pfil hooks. The same could be done for pf, but it's not a crucial requirement. Skipping the full ip_output[6] code in favour of a stub has other side effects and fixing it would help align the packet processing consistency. Of prime interest are productive combinations of ipfw+pf that in case of route-to et al simply stop working as pf consumes all its traffic up front. Cheers, Franco -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213736-8>