On Tue, 7 Oct 2014 18:17:18 +0400 "Andrey V. Elsukov" <a...@freebsd.org> wrote:
> On 07.10.2014 18:04, Marko Zec wrote: > > On Tue, 7 Oct 2014 13:31:05 +0000 > > "Andrey V. Elsukov" <a...@freebsd.org> wrote: > > > >> Author: ae > >> Date: Tue Oct 7 13:31:04 2014 > >> New Revision: 272695 > >> URL: https://svnweb.freebsd.org/changeset/base/272695 > >> > >> Log: > >> Our packet filters use mbuf's rcvif pointer to determine incoming > >> interface. Change mbuf's rcvif to enc0 and restore it after pfil > >> processing. > > > > Will this work / was this tested with options VIMAGE, where > > m_pkthdr.rcvif->if_vnet will no longer match curvnet, except in > > vnet0? > > I tested only without VIMAGE. ipfw and pf use if_xname field to > compare interfaces. So will this work? I have no idea whether this would work now, but this change implies that no pfil consumer should reference m_pkthdr.rcvif->if_vnet from now on, ever. Which doesn't seem right to me. If changing m_pkthdr.rcvif to enc0 in ipsec_filter() is really unavoidable, perhaps we could introduce enc0 for each vnet, maybe in a similar manner how hrs@ virtualized gif (271917) and gre (271918) cloners, which (gif) apparently seem to be at the root of the PR 110959 referenced here. Marko _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
