Date: Sat, 27 Oct 2012 12:00:51 +0200 From: Andre Oppermann <andre@freebsd.org> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: Re: svn commit: r241966 - user/andre/tcp_workqueue/sys/net Message-ID: <508BB0D3.70205@freebsd.org> In-Reply-To: <CAPBZQG3x-z7QR=3CdJjCT-rgvgmDVyW6o3mhW_dBQZxZZH9G5w@mail.gmail.com> References: <201210231926.q9NJQnqu039908@svn.freebsd.org> <5086F086.6080000@freebsd.org> <CAPBZQG3x-z7QR=3CdJjCT-rgvgmDVyW6o3mhW_dBQZxZZH9G5w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24.10.2012 14:35, Ermal Luçi wrote: > Hello Andre, > > i have since forever wanted to merge this but never got to it. > https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_9_0/pfil.RELENG_9.diff > > This has been used in pfsense quite sucessfully. It allows to reorder > the pfil hooks based on names of registered hooks using sysctl. Thank you. I'm looking into it. -- Andre > On Tue, Oct 23, 2012 at 9:31 PM, Andre Oppermann <andre@freebsd.org> wrote: >> On 23.10.2012 21:26, Andre Oppermann wrote: >>> >>> Author: andre >>> Date: Tue Oct 23 19:26:49 2012 >>> New Revision: 241966 >>> URL: http://svn.freebsd.org/changeset/base/241966 >>> >>> Log: >>> Extend PFIL hooks with explicit hook ordering and reinjecting of >>> packets into the chain after a particular hook. >>> >>> Add pfil_add_hook_order() taking a numerical value between 0-255 >>> to specify the relative position of this hook in the list of all >>> hooks. Lower numbers have higher ordering (ie. will run first). >>> Within a particular order value the last added will be the first >>> to run. Three fixed positions are defined: >>> PFIL_ORDER_FIRST 0 >>> PFIL_ORDER_DEFAULT 200 >>> PFIL_ORDER_LAST 255 >>> >>> Previously the order was non-deterministic and dependent on the >>> ordering of the add hook calls. The last added would always >>> become the first to run. >>> >>> Non-ordering aware pfil consumers using the pfil_add_hook() call >>> get PFIL_ORDER_DEFAULT assigned resulting in the previous ordering. >>> >>> The ordering is determined at hookup time by the pfil consumer >>> and no tool for later manual re-ordering is provided. Most well >>> known pfil consumers are expected to have a predetermined preferred >>> position in the order. A tool or sysctl reporting the order of >>> hooked pfil consumers will be provided later. >>> >>> Add pfil_run_inject() taking an opaque cookie value obtained with >>> pfil_get_cookie() after the hook is added. Processing of the hook >>> chain skips all hooks until after the one with the same cookie. >>> The cookie is valid as long as this hook remains hooked. If no >>> cookie is found processing is started with the first hook again. >>> If the cookie is invalid processing of all hooks is effectively >>> skipped. >>> >>> With this pfil hooks consumers can dequeue packets for further >>> processing and later re-inject them with the next hook. >> >> >> Besides the obvious ordering solution to the exiting pfil consumers >> my idea is to explore converting most of ether_input/output and IPsec >> processing to pfil hooks. This will need some further definitions >> for the default PFIL_ORDER points but that'll happen when there's >> some practical experimenting with running it. >> >> -- >> Andre >> > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?508BB0D3.70205>