Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for scrub anchors and rules #112

Merged
merged 5 commits into from
Sep 4, 2024
Merged

Add support for scrub anchors and rules #112

merged 5 commits into from
Sep 4, 2024

Conversation

dlon
Copy link
Member

@dlon dlon commented Sep 3, 2024
edited
Loading

Essentially, this PR adds scrub anchors (AnchorKind::Scrub), as well as scrub rules (ScrubRule), which may be added to such anchors. This is useful for evaluating rules only packet reassembly instead of evaluating them for each fragment.

Most options have not been included here. Extending the builder is non-breaking, so this should be fine.

Here is the result of running (some of) the examples (with irrelevant parts omitted):

$ ./target/debug/examples/add_anchor "test.anchor"
$ ./target/debug/examples/add_rules
$ pfctl -sr
...
scrub-anchor "test.anchor" all fragment reassemble
...
$ pfctl -sr -a test.anchor
...
scrub all fragment reassemble
...

This change is Reviewable

@dlon dlon requested a review from faern September 3, 2024 14:53
@dlon dlon marked this pull request as ready for review September 3, 2024 14:54
faern
faern requested changes Sep 4, 2024
View reviewed changes
Copy link
Member

@faern faern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

https://www.youtube.com/watch?v=FrLequ6dUdM

Reviewed 13 of 13 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @dlon)

CHANGELOG.md line 18 at r1 (raw file):

### Added
- Add support for scrub anchors and rules. Since this modifies public enums, it is a breaking
  change.

Please add that AnchorKind and RulesetKind is marked non_exhaustive to mitigate future breaking changes also.

tests/transaction.rs line 38 at r1 (raw file):

            .unwrap()
            .try_remove_anchor(anchor_name, pfctl::AnchorKind::Scrub)
            .unwrap();

Nit. But maybe place this last, so the order is the same everywhere.

@dlon dlon requested a review from faern September 4, 2024 10:41
dlon
dlon commented Sep 4, 2024
View reviewed changes
Copy link
Member Author

@dlon dlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:D

Reviewable status: 11 of 13 files reviewed, 1 unresolved discussion (waiting on @faern)

CHANGELOG.md line 18 at r1 (raw file):

Previously, faern (Linus Färnstrand) wrote…

Please add that AnchorKind and RulesetKind is marked non_exhaustive to mitigate future breaking changes also.

Done!

tests/transaction.rs line 38 at r1 (raw file):

Previously, faern (Linus Färnstrand) wrote…

Nit. But maybe place this last, so the order is the same everywhere.

Done. (Though I do prefer to remove filters in reverse order.)

@dlon dlon mentioned this pull request Sep 4, 2024
Merged
faern
faern approved these changes Sep 4, 2024
View reviewed changes
Copy link
Member

@faern faern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 2 files at r3, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

tests/transaction.rs line 38 at r1 (raw file):

Previously, dlon (David Lönnhager) wrote…

Done. (Though I do prefer to remove filters in reverse order.)

Okay! Would be fine if it was fully reverse order IMO. But that would force you to move redirect removal to before filter removal also.

@dlon dlon merged commit ce047a2 into main Sep 4, 2024
9 checks passed
@dlon dlon deleted the add-scrub-anchors branch September 4, 2024 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faern faern faern approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dlon @faern