upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/net
History
Kajetan Staszkiewicz 07e070ef08 pf: Add support for multiple source node types 
For every state pf creates up to two source nodes: a limiting one
struct pf_kstate -> src_node and a NAT one struct pf_kstate -> nat_src_node.
The limiting source node is tracking information needed for limits using
max-src-states and max-src-nodes and the NAT source node is tracking NAT
rules only.

On closer inspection some issues emerge:
- For route-to rules the redirection decision is stored in the limiting source
  node. Thus sticky-address and source limiting can't be used separately.
- Global source tracking, as promised in the man page, is totally absent from
  the code. Pfctl is capable of setting flags PFRULE_SRCTRACK (enable source
  tracking) and PFRULE_RULESRCTRACK (make source tracking per rule). The kernel
  code checks PFRULE_SRCTRACK but ignores PFRULE_RULESRCTRACK. That makes
  source tracking work per-rule only.

This patch is based on OpenBSD approach where source nodes have a type and each
state has an array of source node pointers indexed by source node type
instead of just two pointers. The conditions for limiting are applied
only to source nodes of PF_SN_LIMIT type. For global limit tracking
source nodes are attached to the default rule.

Reviewed by:		kp
Approved by:		kp (mentor)
Sponsored by:		InnoGames GmbH
Differential Revision:	https://reviews.freebsd.org/D39880
2025-02-13 15:59:12 +01:00
..
altq altq: Stop checking for failures from malloc(M_WAITOK) 2024-09-03 18:25:19 +08:00
route routing: Use NULL for VNET_SYS[UN]INIT's last arg, which is a pointer type 2024-12-10 01:14:08 +08:00
bpf.c ifnet: Detach BPF descriptors on interface vmove event 2025-02-04 23:04:59 +08:00
bpf.h ifnet: Detach BPF descriptors on interface vmove event 2025-02-04 23:04:59 +08:00
bpf_buffer.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
bpf_buffer.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
bpf_filter.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
bpf_jitter.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
bpf_jitter.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
bpf_zerocopy.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
bpf_zerocopy.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
bpfdesc.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
bridgestp.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
bridgestp.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
debugnet.c debugnet: Use precise types when accessing mbuf contents 2024-10-11 13:23:25 +00:00
debugnet.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
debugnet_inet.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
debugnet_int.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
dlt.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
dummymbuf.c dummymbuf: add 'enlarge' 2025-01-17 17:00:08 +01:00
ethernet.h ethernet: Retire M_HASFCS 2024-07-05 00:53:51 +08:00
firewire.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ieee8023ad_lacp.c net: if_media for 100BASE-BX 2025-02-08 16:49:46 -07:00
ieee8023ad_lacp.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ieee_oui.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if.c ifnet: Fix build without BPF 2025-02-07 02:32:05 +08:00
if.h ifnet: Add handling for toggling IFF_ALLMULTI in ifhwioctl() 2024-09-06 16:58:44 +00:00
if_arp.h Support ARP for 802 networks 2024-04-23 12:30:53 -04:00
if_bridge.c if_bridge: Mask MEXTPG if some members don't support it 2024-10-28 15:14:21 +00:00
if_bridgevar.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_clone.c if_clone: Allow maxunit to be zero 2024-07-03 21:14:08 +08:00
if_clone.h if_clone: Allow maxunit to be zero 2024-07-03 21:14:08 +08:00
if_dead.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
if_disc.c net: Remove unneeded NULL check for the allocated ifnet 2024-06-28 18:16:29 +08:00
if_dl.h ifnet: make sa_dl_equal() a static function 2024-12-09 08:18:56 -08:00
if_edsc.c net: Remove unneeded NULL check for the allocated ifnet 2024-06-28 18:16:29 +08:00
if_enc.c if_enc(4): Use new KPI to create enc interface 2024-10-12 21:37:53 +08:00
if_enc.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_epair.c net: Remove unneeded NULL check for the allocated ifnet 2024-06-28 18:16:29 +08:00
if_ethersubr.c sys/net: fix several sysinit_cfunc_t signature mismatches 2025-01-16 10:10:09 -08:00
if_fwsubr.c net: bandaid for plugging a fw_com leak in fwip_detach() 2024-02-15 01:00:49 +00:00
if_gif.c bpf: Make BPF interop consistent with if_loop 2024-04-19 14:48:37 -04:00
if_gif.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
if_gre.c bpf: Make BPF interop consistent with if_loop 2024-04-19 14:48:37 -04:00
if_gre.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
if_infiniband.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
if_ipsec.c ipsec: allow it to work with unmapped mbufs 2025-01-13 21:29:32 +02:00
if_ipsec.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_lagg.c lagg: do not advertize support for ipsec offload 2024-12-17 23:49:31 +02:00
if_lagg.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_llatbl.c if_llatbl: Fix a typo in a KASSERT message 2024-01-20 21:00:22 +01:00
if_llatbl.h sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
if_llc.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
if_loop.c net: Remove unneeded NULL check for the allocated ifnet 2024-06-28 18:16:29 +08:00
if_me.c bpf: Make BPF interop consistent with if_loop 2024-04-19 14:48:37 -04:00
if_media.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
if_media.h net: if_media fix syntax/build 2025-02-08 17:10:27 -07:00
if_mib.c sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_mib.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_ovpn.c if_ovpn: fix module load in NOINET6 kernels 2025-01-30 12:07:15 +01:00
if_ovpn.h spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
if_pflog.h pf: remove PFLOGIFS_MAX 2025-01-24 11:20:31 +01:00
if_pfsync.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
if_private.h sys/net: Add IPSEC_OFFLOAD interface cap and methods structure 2024-07-12 06:29:32 +03:00
if_stf.c net: Remove unneeded NULL check for the allocated ifnet 2024-06-28 18:16:29 +08:00
if_stf.h if_stf: make if_stf.h self-contained 2021-12-17 12:38:34 +01:00
if_strings.h sys/net: Add IPSEC_OFFLOAD interface cap and methods structure 2024-07-12 06:29:32 +03:00
if_tap.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
if_tun.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_tuntap.c kern: Make fileops and filterops tables const where possible 2024-11-26 21:04:21 +00:00
if_types.h sys: add MBIM (mobile broadband interface module) interface type. 2025-01-20 23:39:17 +00:00
if_var.h IfAPI: make if_getlladdr() to return char * 2024-12-09 08:18:56 -08:00
if_vlan.c if_vlan: Stop checking for failures from malloc(M_WAITOK) 2024-09-03 18:25:19 +08:00
if_vlan_var.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
if_vxlan.c if_vxlan(4): Prefer SYSCTL_INT over TUNABLE_INT 2025-01-27 23:54:43 +08:00
if_vxlan.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ifdi_if.m iflib: invert default restart on VLAN changes 2023-08-24 13:48:19 -07:00
iflib.c iflib: Simplify CACHE_PTR_NEXT 2025-01-31 15:41:45 -05:00
iflib.h iflib(4): Replace admin taskqueue group with per-interface taskqueues 2025-01-24 14:08:12 -07:00
ifq.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
ifq.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
infiniband.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mp_ring.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
mp_ring.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mppc.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mppcc.c sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mppcd.c sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
netisr.c netisr: fix compilation without VIMAGE 2025-01-16 20:32:53 -08:00
netisr.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
netisr_internal.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
netmap.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
netmap_legacy.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
netmap_user.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
netmap_virt.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
paravirt.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
pfil.c pfil: PFIL_PASS never frees the mbuf 2024-01-29 14:10:19 +01:00
pfil.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
pfkeyv2.h sys/pfkeyv2.h: define extensions for ipsec inline accel control 2024-07-12 06:29:31 +03:00
pflow.h pflow: show socket status in verbose mode 2024-01-25 17:37:51 +01:00
pfvar.h pf: Add support for multiple source node types 2025-02-13 15:59:12 +01:00
ppp_defs.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
radix.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
radix.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rndis.h net: Fix typo (triple S) 2023-12-27 20:24:32 -07:00
route.c net: route: convert routing statistics to a sysctl 2024-10-23 22:15:55 -05:00
route.h net: route: convert routing statistics to a sysctl 2024-10-23 22:15:55 -05:00
rss_config.c sys: Remove $FreeBSD$: two-line .c pattern 2023-08-16 11:54:30 -06:00
rss_config.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
rtsock.c socket: Move SO_SETFIB handling to protocol layers 2025-02-06 14:16:21 +00:00
sff8436.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
sff8472.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
slcompress.c tcp: extend the use of the th_flags accessor function 2024-11-29 09:48:23 +01:00
slcompress.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
toeplitz.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
toeplitz.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
vnet.c vnet: Fix style nits 2025-01-30 23:59:35 +08:00
vnet.h vnet: remove unneeded backslash 2024-03-15 12:17:04 -07:00