diff options
author | Pedro Martelletto <pedro@cvs.openbsd.org> | 2006-09-30 14:32:00 +0000 |
---|---|---|
committer | Pedro Martelletto <pedro@cvs.openbsd.org> | 2006-09-30 14:32:00 +0000 |
commit | 37d9a40ffc5930c28240e0af7cddd9b670b930e9 (patch) | |
tree | 33d04aad402e1f1ef530543162a311d5802a2873 /share/man/man9 | |
parent | 12bfcae2ed1cdb31c7ecb3fd76b9fffc07f68239 (diff) |
Better description of PF mbuf tags, from Diego Casati
Tweaks by jmc@, okay henning@
Diffstat (limited to 'share/man/man9')
-rw-r--r-- | share/man/man9/mbuf_tags.9 | 54 |
1 files changed, 25 insertions, 29 deletions
diff --git a/share/man/man9/mbuf_tags.9 b/share/man/man9/mbuf_tags.9 index 953e835200d..5121b76715a 100644 --- a/share/man/man9/mbuf_tags.9 +++ b/share/man/man9/mbuf_tags.9 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mbuf_tags.9,v 1.18 2003/12/08 07:07:35 mcbride Exp $ +.\" $OpenBSD: mbuf_tags.9,v 1.19 2006/09/30 14:31:59 pedro Exp $ .\" .\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu) .\" @@ -165,38 +165,34 @@ the packet. Used by network cards that can compute complete packet checksums to pass that information to higher-level protocols. The tag contains the 2 byte checksum of the packet. -.It PACKET_TAG_PF_GENERATED -Used to mark packets generated by the packet filter -.Xr pf 4 . -Packets with this tag are not tested by pf but passed unconditionally. -Contains no data. -.It PACKET_TAG_PF_ROUTED -Used to mark packets routed by the packet filter -.Xr pf 4 . -Packets with this tag are not tested by pf more than once to prevent -loops caused by subsequent matching routing rules. -Contains no data. -.It PACKET_TAG_PF_FRAGCACHE -Used to mark fragmented packets cached by the packet filter -.Xr pf 4 . -Packets with this tag have been cached by the fragment cache already -and will short circuit it if processed again. -If they were to re-enter the fragcache, they would be indistinguishable -from a duplicate of a previous packet and would be dropped. -Contains no data. -.It PACKET_TAG_PF_QID -Used by -.Xr pf 4 -for queueing. -The tag contains the ID of the queue this packet should go to. .It PACKET_TAG_PF_TAG Used by .Xr pf 4 -to tag packets and filtering on those later on. -.It PACKET_TAG_PF_TRANSLATE_LOCALHOST -Used by +to tag packets based on their purpose/behavior. +Packets could be generated by the packet filter cached as +fragmented, marked for queueing, or redirected to localhost. +Packets generated, routed, or stored due to fragmentation +by the packet filter contain no data. +When generated by +.Xr pf 4 +they are not tested and thus passed unconditionally. +.Pp +In order to prevent loops caused by subsequent matching +routing rules, packets routed by .Xr pf 4 -to mark TCP and UDP packets redirected to loopback addresses. +are not tested more than once. +.Pp +Packets that have been cached by the fragment cache will do +a short circuit if processed again. +If they were to re-enter the fragcache, +they would be indistinguishable from a +duplicate of a previous packet and would be dropped. +.Pp +When queueing happens the tag will contain the ID of the +queue this packet should go to. +.Pp +Another scenario takes place when TCP and UDP packets are to +be redirected to loopback addresses. The functions tcp_input() and udp_input() reverse the order of lookups in in_pcblookup_listen(), when this tag is present, so unspecific listeners are matched before specific ones. |