Required modification for round robin napt with ip address prefixes
Steven Crangle
Steven at stream-technologies.com
Fri Mar 16 09:33:17 UTC 2018
Hi,
Thanks to both of you for your responses. I'm currently working on a reduced test case that will hopefully reproduce the issue.
I'll also reach out to glebius@ too, as it would be great to get a bit more insight into how to approach a fix for the issue.
Hopefully they can point me in the right direction and I can work on a fix!
Regards
Steven
________________________________
From: Kristof Provost <kristof at sigsegv.be>
Sent: 15 March 2018 19:50:45
To: Steven Crangle
Cc: freebsd-pf at freebsd.org
Subject: Re: Required modification for round robin napt with ip address prefixes
On 14 Mar 2018, at 18:30, Steven Crangle wrote:
> I was looking for some advice on the type of locking required to stop
> a box panicking that utilises both napt and ip address prefixes.
>
> My colleague made a post a while ago, and we ended up getting
> distracted fixing other panics that showed up. But we've now returned
> to try and figure out the issue.
>
>
> The relevant code is in pf_lb.c : 424
>
I’d recommend talking to glebius at . He did the locking code and wrote
the comment block discussing the locking choices around
PF_POOL_ROUNDROBIN.
I suspect it’s a bit more complicated that a straightforward
PF_RULES_WLOCK() would fix. The locking model for pf is pretty complex.
I’ve not had the time to really dig into this, so I can’t give more
advice right now.
Regards,
Kristof
More information about the freebsd-pf
mailing list