diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-28 17:22:17 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-28 17:22:17 +0000 |
| commit | a9414e98d077bb8e241d60f0c3c02855f006ac95 (patch) | |
| tree | 79ab363a95f1faa8ede008cb7ad0c2b3d70f5b18 /share | |
| parent | b5f1212805d3298ee78485aaeb7e56be0c935c00 (diff) | |
pf does not use mbuf tags any more
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man9/mbuf_tags.9 | 39 |
1 files changed, 1 insertions, 38 deletions
diff --git a/share/man/man9/mbuf_tags.9 b/share/man/man9/mbuf_tags.9 index 9003d9e1248..f29c96a6ab7 100644 --- a/share/man/man9/mbuf_tags.9 +++ b/share/man/man9/mbuf_tags.9 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mbuf_tags.9,v 1.22 2007/05/27 13:53:56 jmc Exp $ +.\" $OpenBSD: mbuf_tags.9,v 1.23 2007/05/28 17:22:16 henning Exp $ .\" .\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu) .\" @@ -165,42 +165,6 @@ the packet. Used by network cards that can compute complete packet checksums to pass that information to higher-level protocols. The tag contains the 2 byte checksum of the packet. -.It PACKET_TAG_PF_TAG -Used by -.Xr pf 4 -to tag packets based on their purpose/behavior. -Packets could be generated by the packet filter cached as -fragmented, marked for queueing, or redirected to localhost. -Packets generated, routed, or stored due to fragmentation -by the packet filter contain no data. -When generated by -.Xr pf 4 -they are not tested and thus passed unconditionally. -.Pp -In order to prevent loops caused by subsequent matching -routing rules, packets routed by -.Xr pf 4 -are not tested more than once. -.Pp -Packets that have been cached by the fragment cache will do -a short circuit if processed again. -If they were to re-enter the fragcache, -they would be indistinguishable from a -duplicate of a previous packet and would be dropped. -.Pp -When queueing happens the tag will contain the ID of the -queue this packet should go to. -.Pp -Another scenario takes place when TCP and UDP packets are to -be redirected to loopback addresses. -The functions tcp_input() and udp_input() reverse the order of -lookups in in_pcblookup_listen(), when this tag is present, so -unspecific listeners are matched before specific ones. -This prevents external connections from appearing local to daemons -such as -.Xr portmap 8 -listening on both unspecific and specific loopback sockets in order to -grant higher privileges to local users. .El .Pp .Fn m_tag_find @@ -284,7 +248,6 @@ The tag-manipulating code is contained in the file .Xr gif 4 , .Xr gre 4 , .Xr ipsec 4 , -.Xr pf 4 , .Xr malloc 9 .Sh HISTORY The packet tags first appeared in |