Contributed by jj on from the it's all a bunch of tubes dept.
As a starter, I cleaned up some code in the IPv4 and IPv6 network stack. A hackathon is a great time to work as the other developers are around. You get fast OKs and can ask questions while doing the review. So I also looked into rtadvd, UTF-8 locale support, pf, IPv4 checksum calculation and IPv4 source routing.
To make pf states and IP sockets cooperate better, I added a tighter linking between TCP sockets and pf states. The goal is to delete pf divert-to states when the socket gets closed for all protocols. This is necessary to allow fast reconnects to relayd. This feature must be added in small steps. There are some bugs lurking under the surface.
There were some corner cases with pf divert-to and divert-reply that did not work as expected. So I wrote a test framework for that feature in /usr/src/regress/sys/net/pf_divert/. On the master machine the tests are executed. On a second machine the kernel with the pf being tested is running. This target machine is controlled via an ssh connection. Network client and server are started on both machines to excange the IP packets. The pf divert rule is installed on the target machine automatically. My tests check in the client and server logs that the packets have been sent and received as expected. Summing up, I test TCP, UDP, raw IP, ICMP, both for IPv4 and IPv6 with divert-to and divert-reply.
After all this preparation, it was easy to add divert-to for raw IPv6 and ICMP. While doing that, my tests found an independent bug in pf, which I fixed quickly.
To prevent regression, I added another test to my relayd test framework. It explicitly checks for the HTTP keepalive filter bug that reyk@ fixed during the hackathon.
To relax, I reviewed and updated some perl modules in ports on the final hacking day.
Thank you, Alexander for the work and the report!
(Comments are closed)