kern/148260: [pf] [patch] pf rdr incompatible with dummynet
Marcin Wiśnicki
mwisnicki at gmail.com
Fri Mar 25 22:30:14 UTC 2011
The following reply was made to PR kern/148260; it has been noted by GNATS.
From: =?UTF-8?Q?Marcin_Wi=C5=9Bnicki?= <mwisnicki at gmail.com>
To: bug-followup <bug-followup at FreeBSD.org>, adg <adg at a-real.ru>
Cc:
Subject: Re: kern/148260: [pf] [patch] pf rdr incompatible with dummynet
Date: Fri, 25 Mar 2011 22:52:22 +0100
How about a more generic solution:
Add new mbuf tag PACKET_TAG_PFIL_RESUME_FROM that contains address of
a function registered with pfil_add_hook (ipfw_check_hook in this
case) and modify pfil_run_hooks() to skip all hooks until that one (if
such tag is present).
Before reinjecting packet into ip_output by dummynet, prepend this
m_tag to mbuf (also strip that tag if it ever comes back?).
I don't know if mbuf api allows it but such tag could theoretically
have just one instance (created on dummynet module load) to avoid
allocation costs.
This way you don't have to put ugly workaround in every pfil consumer.
More information about the freebsd-pf
mailing list