There's no need to overwrite original flow ID assigned on
input so that it remains stable throughout the life of a
packet. The rationale is that output processing may split,
encapsulate or obfuscate a single stream which makes the
changed flow ID useless for purposes of flow control, for
instance fair sharing of bandwidth, etc.
Is the diff below OK?
diff --git sys/net/pf.c sys/net/pf.c
index f64fdc4c80d..f3a5717be4a 100644
--- sys/net/pf.c
+++ sys/net/pf.c
@@ -6779,11 +6779,11 @@ done:
pd.m->m_pkthdr.pf.inp->inp_pf_sk =
pf_state_key_ref(s->key[PF_SK_STACK]);
s->key[PF_SK_STACK]->inp = pd.m->m_pkthdr.pf.inp;
}
- if (s) {
+ if (s && (pd.m->m_pkthdr.ph_flowid & M_FLOWID_VALID) == 0) {
pd.m->m_pkthdr.ph_flowid = M_FLOWID_VALID |
(M_FLOWID_MASK & bemtoh64(&s->id));
}
/*
