On 05.10.2012 15:47, Gleb Smirnoff wrote:
Hello,
once the pfil(9) API was introduced in FreeBSD, our main packet filter,
the ipfw(4) worked in host byte order, that's why the pfil(9) API was
violated: the AF_INET hooks were entered with packet in host byte order.
Moreover, when we put packets into the NETISR_IP queue, we put them
in different byte order: those that have M_FASTFWD_OURS flag are in
host byte order, while all others are in net.
divert and ng_ipfw are another places where we play these games, too.
Attached patch does the following:
- all packets in NETISR_IP queue are in net byte order
- ip_input() is entered in net byte order and converts packet
to host byte order right _after_ processing pfil(9) hooks
- ip_output() is entered in host byte order and converts packet
to net byte order right _before_ processing pfil(9) hooks
- ip_fragment() accepts and emits packet in net byte order
- ip_forward(), ip_mloopback() use host byte order (untouched actually)
- ip_fastforward() no longer modifies packet at all (except ip_ttl)
- swapping of byte order there and back removed from the following modules:
pf(4), ipfw(4), enc(4), if_bridge(4)
- swapping of byte order added to ipfilter(4), based on __FreeBSD_version
- __FreeBSD_version bumped
- manual page updated
That's great!
Unified approach for host/network fields in entire kernel will help
greatly in making/debugging complex (netgraph, pfil or divert) paths.
Additionally, this is a good step to make mbuf entirely r/o (which can
help in some cases like transparent firewalling, for example).
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
--
WBR, Alexander
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
