[PATCH] freebsd: Implement selection of FIB (routing table) for tunneled packets
Franco Fichtner
franco at opnsense.org
Sat Mar 20 18:59:16 UTC 2021
Hi Frank,
> On 20. Mar 2021, at 6:05 PM, Frank Behrens <frank at harz.behrens.de> wrote:
>
> 3. The setting of special marks, useable in packet filter/firewall
> processing. I guess, that is the meaning for "wg.. fwmark". I'm not
> sure, how best to implement that for FreeBSD. For ipfw(4) there is some
> functionality using socket cookies, as already implemented. For pf(4)
> packet filter the documentation mentions mbuf_tags(9). Apparently
> we need some input from a FreeBSD packet filter developer.
In pf(4) the tags are stored using mtag and that's reachable through
the kernel only for direct tagging (normally it matches through ruleset
and applies tags to packets in fly-by), although it is difficult to look
up the tag name to tag integer from static functions inside pf_ioctl.c
and keeping the index in sync with the tags that could change when the
ruleset changes, see pf_tag_packet() in pf.c for low level tagging using
the tag integer translated from the tag name during the last ruleset apply.
Cheers,
Franco
More information about the WireGuard
mailing list