Required modification for round robin napt with ip address prefixes
Kristof Provost
kristof at sigsegv.be
Thu Mar 15 19:50:24 UTC 2018
On 14 Mar 2018, at 18:30, Steven Crangle wrote:
> I was looking for some advice on the type of locking required to stop
> a box panicking that utilises both napt and ip address prefixes.
>
> My colleague made a post a while ago, and we ended up getting
> distracted fixing other panics that showed up. But we've now returned
> to try and figure out the issue.
>
>
> The relevant code is in pf_lb.c : 424
>
I’d recommend talking to glebius at . He did the locking code and wrote
the comment block discussing the locking choices around
PF_POOL_ROUNDROBIN.
I suspect it’s a bit more complicated that a straightforward
PF_RULES_WLOCK() would fix. The locking model for pf is pretty complex.
I’ve not had the time to really dig into this, so I can’t give more
advice right now.
Regards,
Kristof
More information about the freebsd-pf
mailing list