Bug 148686 - [patch] ftp-proxy(8): ftp-proxy -T tag patch for FBSD
Summary: [patch] ftp-proxy(8): ftp-proxy -T tag patch for FBSD
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 8.1-PRERELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-16 17:10 UTC by Mario Lobo
Modified: 2018-01-03 05:13 UTC (History)
0 users

See Also:


Attachments
file.diff (5.32 KB, patch)
2010-07-16 17:10 UTC, Mario Lobo
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mario Lobo 2010-07-16 17:10:07 UTC
I felt sorry the -T tag option was present in Linux and not on FBSD because I 
got to a situation where it would really be useful for me. So I decided to 
stuff my hands on the grease can.

What this does is to give the option to put a tag instead of a queue, to the 
dynamic rules that ftp-proxy creates on the fly. The option to put a queue is 
nice but it confines the rule to THAT queue only, and you cannot create queues 
with the same name on different interfaces. You could specify 2 interfaces on 
the same altq rule, but then again, both interfaces will be confined to the 
same queue tunings.

The -T "tag" option  however, besides tagging the packets for the rule, takes 
the "quick" keyword out of it, so rule processing can continue, to later find 
a rule that has the keyword "tagged tag", and be sent to any queue you want. A 
really welcomed flexibility.

The lines bellow were taken during an ftp session to ftp.openbsd.com from a 
LAN client station.

================================
# Server [20:14:03]
[~]>pfctl -vv -sA
  ftp-proxy
  ftp-proxy/15780.1

# Server [20:15:01]
[~]> pfctl -vv -a ftp-proxy/15780.1 -sr
@0 pass in log inet proto tcp from 172.16.3.145 to 129.128.5.191 port = 61076 
flags S/SA keep state (max 1) tag ftp_proxy rtable 0
  [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     
]
  [ Inserted: uid 62 pid 15780 ]
@1 pass out log inet proto tcp from 189.12.120.67 to 129.128.5.191 port = 
61076 flags S/SA keep state (max 1) tag ftp_proxy rtable 0
  [ Evaluations: 4         Packets: 0         Bytes: 0           States: 0     
]
  [ Inserted: uid 62 pid 15780 ]

# Server [20:15:11]
[~]>pfctl -vv -sA
  ftp-proxy
  ftp-proxy/15780.1

# Server [20:15:16]
[~]> pfctl -vv -a ftp-proxy/15780.1 -sn
@0 nat inet proto tcp from 172.16.3.145 to 129.128.5.191 port = 61076 rtable 0 
-> 189.12.120.67
  [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     
]
  [ Inserted: uid 62 pid 15780 ]
@0 rdr inet proto tcp from 172.16.3.145 to 129.128.5.191 port = 51973 rtable 0 
-> 129.128.5.191 port 61076
  [ Evaluations: 6         Packets: 8         Bytes: 1485        States: 0     
]
  [ Inserted: uid 62 pid 15780 ]

# Server [20:15:23]
[~]> pfctl -vv -a ftp-proxy/15780.1 -sn
pfctl: DIOCGETRULES: Invalid argument

# Server [20:16:12]
[~]>pfctl -vv -sA
  ftp-proxy

================================
The nat, rdr and pass rules are correctly created and tagged.
Observe the times to see that ftp-proxy removes the rule really fast.

To apply the patch, copy it to 
/usr/src/contrib/pf/ftp-proxy/
then,
cd /usr/src/usr.sbin/ftp-proxy/ftp-proxy

make [clean]
make install

Fix: Patch attached with submission follows:
How-To-Repeat: NA
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:58:22 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped