git: e7e1836a0efa - stable/12 - pf: Retrieve DSCP value from the IPv6 header
Kristof Provost
kp at FreeBSD.org
Sat Mar 20 09:59:41 UTC 2021
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=e7e1836a0efadfdb5f8e8e4c7ad41f1211f55f2d
commit e7e1836a0efadfdb5f8e8e4c7ad41f1211f55f2d
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-03-03 20:33:42 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-03-19 22:38:50 +0000
pf: Retrieve DSCP value from the IPv6 header
Teach pf to read the DSCP value from the IPv6 header so that we can
match on them.
Reviewed by: donner
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29048
(cherry picked from commit f19323847ca894af8a58839f6a2a41691a8e2245)
---
sys/netpfil/pf/pf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index d4101aab9332..625b1d6e32ca 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6481,7 +6481,7 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
pd.sidx = (dir == PF_IN) ? 0 : 1;
pd.didx = (dir == PF_IN) ? 1 : 0;
pd.af = AF_INET6;
- pd.tos = 0;
+ pd.tos = (ntohl(h->ip6_flow) >> 20) & 0xfc;
pd.tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr);
off = ((caddr_t)h - m->m_data) + sizeof(struct ip6_hdr);
More information about the dev-commits-src-all
mailing list