summaryrefslogtreecommitdiff
path: root/share/man/man9
diff options
context:
space:
mode:
authorPedro Martelletto <pedro@cvs.openbsd.org>2006-09-30 14:32:00 +0000
committerPedro Martelletto <pedro@cvs.openbsd.org>2006-09-30 14:32:00 +0000
commit37d9a40ffc5930c28240e0af7cddd9b670b930e9 (patch)
tree33d04aad402e1f1ef530543162a311d5802a2873 /share/man/man9
parent12bfcae2ed1cdb31c7ecb3fd76b9fffc07f68239 (diff)
Better description of PF mbuf tags, from Diego Casati
Tweaks by jmc@, okay henning@
Diffstat (limited to 'share/man/man9')
-rw-r--r--share/man/man9/mbuf_tags.954
1 files changed, 25 insertions, 29 deletions
diff --git a/share/man/man9/mbuf_tags.9 b/share/man/man9/mbuf_tags.9
index 953e835200d..5121b76715a 100644
--- a/share/man/man9/mbuf_tags.9
+++ b/share/man/man9/mbuf_tags.9
@@ -1,4 +1,4 @@
-.\" $OpenBSD: mbuf_tags.9,v 1.18 2003/12/08 07:07:35 mcbride Exp $
+.\" $OpenBSD: mbuf_tags.9,v 1.19 2006/09/30 14:31:59 pedro Exp $
.\"
.\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu)
.\"
@@ -165,38 +165,34 @@ the packet.
Used by network cards that can compute complete packet checksums to
pass that information to higher-level protocols.
The tag contains the 2 byte checksum of the packet.
-.It PACKET_TAG_PF_GENERATED
-Used to mark packets generated by the packet filter
-.Xr pf 4 .
-Packets with this tag are not tested by pf but passed unconditionally.
-Contains no data.
-.It PACKET_TAG_PF_ROUTED
-Used to mark packets routed by the packet filter
-.Xr pf 4 .
-Packets with this tag are not tested by pf more than once to prevent
-loops caused by subsequent matching routing rules.
-Contains no data.
-.It PACKET_TAG_PF_FRAGCACHE
-Used to mark fragmented packets cached by the packet filter
-.Xr pf 4 .
-Packets with this tag have been cached by the fragment cache already
-and will short circuit it if processed again.
-If they were to re-enter the fragcache, they would be indistinguishable
-from a duplicate of a previous packet and would be dropped.
-Contains no data.
-.It PACKET_TAG_PF_QID
-Used by
-.Xr pf 4
-for queueing.
-The tag contains the ID of the queue this packet should go to.
.It PACKET_TAG_PF_TAG
Used by
.Xr pf 4
-to tag packets and filtering on those later on.
-.It PACKET_TAG_PF_TRANSLATE_LOCALHOST
-Used by
+to tag packets based on their purpose/behavior.
+Packets could be generated by the packet filter cached as
+fragmented, marked for queueing, or redirected to localhost.
+Packets generated, routed, or stored due to fragmentation
+by the packet filter contain no data.
+When generated by
+.Xr pf 4
+they are not tested and thus passed unconditionally.
+.Pp
+In order to prevent loops caused by subsequent matching
+routing rules, packets routed by
.Xr pf 4
-to mark TCP and UDP packets redirected to loopback addresses.
+are not tested more than once.
+.Pp
+Packets that have been cached by the fragment cache will do
+a short circuit if processed again.
+If they were to re-enter the fragcache,
+they would be indistinguishable from a
+duplicate of a previous packet and would be dropped.
+.Pp
+When queueing happens the tag will contain the ID of the
+queue this packet should go to.
+.Pp
+Another scenario takes place when TCP and UDP packets are to
+be redirected to loopback addresses.
The functions tcp_input() and udp_input() reverse the order of
lookups in in_pcblookup_listen(), when this tag is present, so
unspecific listeners are matched before specific ones.