Date: Tue, 7 Oct 2014 17:13:55 +0200 From: Marko Zec <zec@fer.hr> To: "Andrey V. Elsukov" <ae@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r272695 - head/sys/net Message-ID: <20141007171355.6e4da644@x23> In-Reply-To: <5433F5EE.3010006@FreeBSD.org> References: <201410071331.s97DV5hB088377@svn.freebsd.org> <20141007160405.35f52792@x23> <5433F5EE.3010006@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On Tue, 7 Oct 2014 18:17:18 +0400 "Andrey V. Elsukov" <ae@freebsd.org> wrote: > On 07.10.2014 18:04, Marko Zec wrote: > > On Tue, 7 Oct 2014 13:31:05 +0000 > > "Andrey V. Elsukov" <ae@freebsd.org> wrote: > > > >> Author: ae > >> Date: Tue Oct 7 13:31:04 2014 > >> New Revision: 272695 > >> URL: https://svnweb.freebsd.org/changeset/base/272695 > >> > >> Log: > >> Our packet filters use mbuf's rcvif pointer to determine incoming > >> interface. Change mbuf's rcvif to enc0 and restore it after pfil > >> processing. > > > > Will this work / was this tested with options VIMAGE, where > > m_pkthdr.rcvif->if_vnet will no longer match curvnet, except in > > vnet0? > > I tested only without VIMAGE. ipfw and pf use if_xname field to > compare interfaces. So will this work? I have no idea whether this would work now, but this change implies that no pfil consumer should reference m_pkthdr.rcvif->if_vnet from now on, ever. Which doesn't seem right to me. If changing m_pkthdr.rcvif to enc0 in ipsec_filter() is really unavoidable, perhaps we could introduce enc0 for each vnet, maybe in a similar manner how hrs@ virtualized gif (271917) and gre (271918) cloners, which (gif) apparently seem to be at the root of the PR 110959 referenced here. Markohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141007171355.6e4da644>