[Bug 254577] [PATCH] pf: Implement the NAT source port selection of MAP-E Customer Edge

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Mar 26 21:05:53 UTC 2021


--- Comment #1 from Kristof Provost <kp at freebsd.org> ---
I need to read up on MAP-E before I can say much sensible, but on first glance
this looks like a pretty solid patch.

It appears to date from before the split-up of pf_pool / pf_kpool, but that's a
minor issue.

A somewhat bigger issue is that it changes the definition of pf_pool, which
means that it breaks the userspace API.
That's pretty much inevitable when adding new functionality, but it's still

I'm currently working on introducing nvlist based alternatives, which would fix
that problem. Right now only DIOCADDRULE/DIOCGETRULE, but that's most of what's
needed here. I'll try to push that work somewhere when it's closer to being
usable. Hopefully in a week or two.

In the mean time it'd also be nice to have a test or two for this. Even if all
it does is configure the functionality and run a few packets through it. (More
is better, of course). There are a number of example tests in

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-pf mailing list