In D25873#573627, @np wrote:In D25873#573456, @lutz_donnerhacke.de wrote:In D25873#573447, @hselasky wrote:Aren't we soon running out of flag bits in certain integer values?
Given that the inner flags mirror the outer ones, why not use a different variable inner_flags with the same set of flags?
That would work, but it would increase the size of struct mbuf.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jul 30 2020
Jul 30 2020
donner added a comment to D25873: vxlan(4): Support for stateless NIC hardware offloads with VXLAN encapsulated traffic..
donner added a comment to D25873: vxlan(4): Support for stateless NIC hardware offloads with VXLAN encapsulated traffic..
In D25873#573447, @hselasky wrote:Aren't we soon running out of flag bits in certain integer values?
Jul 29 2020
Jul 29 2020
donner added a comment to D25873: vxlan(4): Support for stateless NIC hardware offloads with VXLAN encapsulated traffic..
May you please consider splitting the patch into functional groups?
- VXLAN HW capabilities
- Spelling errors
- Logic cleanup "xxx == 0" vs "!xxx"
- style cleanup
Jul 28 2020
Jul 28 2020
What's the reason behind this proposal?
In D25789#572558, @2khramtsov_gmail.com wrote:Improve test and do the same with kernel module as pf tests do.
Thanks.
Jul 27 2020
Jul 27 2020
Jul 24 2020
Jul 24 2020
donner updated the diff for D22140: netgraph/ng_tag: Variable length data can not be set for all length.
Revert errornous comparsion
donner updated the diff for D22140: netgraph/ng_tag: Variable length data can not be set for all length.
Rebase to current
Good work, thank you.
If possible convert your test into a real test file for regressions.
donner added a comment to D25788: ng_iface(4): Set the current VNET before calling netisr_dispatch()..
In D25788#571362, @markj wrote:In fact, for ng_iface it is possible for the node and ifnet VNETs to become out of sync: if I create two ng_iface interfaces and pass one into a jail, the node's VNET is not updated but the ifnet's VNET is updated.
donner added a comment to D25788: ng_iface(4): Set the current VNET before calling netisr_dispatch()..
In D25788#571336, @markj wrote:In D25788#571211, @lutz_donnerhacke.de wrote:So - in order to handle this problem - the ng_iface node need to validate the incoming data messages and
- supply the missing VNET information
- overwrite(?) a wrong VNET information
Why is it not sufficient for ng_iface to simply set the current vnet in ng_iface_rcvdata()?
Because the ABI break spans the kernel / userland barrier, the update procedure for the FreeBSD base system is harmed.
An old ipfw will send the old TOK_xxx values, which will be misinterpreted by a new kernel.
Please find a way to keep the old ipfw binary working during the upgrade.
Thank you for your contribution, especially for using the documentation prefixes in your examples.
Because your test plan is so detailed, you may consider to write is as a regression test for constant revalidation.
donner requested changes to D25788: ng_iface(4): Set the current VNET before calling netisr_dispatch()..
ng_tty is the wrong place for deciding this question. Almost any netgraph node is able to send data over a hook, most of them are VNET agnostic. The correct vnet depends on the context of the ng_iface node.
Jul 20 2020
Jul 20 2020
donner added inline comments to D25595: When modifying a route, only allow one of RTF_<BLACKHOLE,REJECT,GATEWAY> to be configured.
Jul 17 2020
Jul 17 2020
Jul 16 2020
Jul 16 2020
donner added a comment to D25681: if_spppsubr: Define a few LCP options, Recognize (but still reject) multilink PPP config options.
In D25681#568368, @eugen_grosbein.net wrote:ce(4) for PCI G.703/E1 card,
cp(4) for PCI V.35/RS-232/RS-530/RS-449/X.21/G.703/E1/E3/T3/STS-1 cards,
and cx(4)/ctau(4) for some ISA cards but these do not exist in FreeBSD 13 anymore,
removed by emaste@ recently.Both ce(4) and cp(4) are i386-only drivers at present.
donner added inline comments to D25595: When modifying a route, only allow one of RTF_<BLACKHOLE,REJECT,GATEWAY> to be configured.
Jul 13 2020
Jul 13 2020
donner added inline comments to D25607: libalias: Use switch/case statements to compare IPv4 protocol type (TCP/UDP/ICMP).
Jul 11 2020
Jul 11 2020
donner added a comment to D25607: libalias: Use switch/case statements to compare IPv4 protocol type (TCP/UDP/ICMP).
In D25607#566660, @rgrimes wrote:I also have concerns over any performance claims, though I see the old code is probably at least sub optimal in that it often checks for UDP, then for TCP when the volume of traffic should almost always be mostly TCP.
Jul 10 2020
Jul 10 2020
donner added inline comments to D25607: libalias: Use switch/case statements to compare IPv4 protocol type (TCP/UDP/ICMP).
donner added a comment to D25607: libalias: Use switch/case statements to compare IPv4 protocol type (TCP/UDP/ICMP).
This will bring in a better coding style and improved readability.
But for the speed improvement, I'd like to see some evidence.
donner added inline comments to D25595: When modifying a route, only allow one of RTF_<BLACKHOLE,REJECT,GATEWAY> to be configured.
Jul 9 2020
Jul 9 2020
donner added inline comments to D25595: When modifying a route, only allow one of RTF_<BLACKHOLE,REJECT,GATEWAY> to be configured.
Jul 6 2020
Jul 6 2020
donner added a comment to D25567: PR247718 - incorrectly drops IPv6 packets looping back on p2p interface.
May somebody with commit rights push this into the kernel and may have a kind look on my other open reviews ...
donner added a comment to D23888: ipfw: Allow resolving of IPv6 DNS AAAA records in IPv6 table lookups.
In D23888#565421, @neel_neelc.org wrote:Unbreak build on recent CURRENT by using memcpy.
Jul 5 2020
Jul 5 2020
donner added reviewers for D25567: PR247718 - incorrectly drops IPv6 packets looping back on p2p interface: network, melifaro.
donner requested review of D25567: PR247718 - incorrectly drops IPv6 packets looping back on p2p interface.
Jun 30 2020
Jun 30 2020
From the netgraph part, there is no objection.
Jun 25 2020
Jun 25 2020
donner added inline comments to D25445: Complete the fib<4|6>_lookup_nh_<basic|ext> -> fib<4|6>_lookup() transition.
donner added inline comments to D24011: ipfw: Support [w:x:y::z]:port (bracketed) IPv6 addresses in the fwd command.
Jun 23 2020
Jun 23 2020
donner added a comment to D25075: netinet6: Don't calculate offset on ICMP6 NI query if the copied mbuf is null.
I'd suggest to stop processing at this place.
donner accepted D25227: ipfw(4): make O_IPVER/ipversion match IPv4 or IPv6, not just IPv4 by itself.
Good catch.
In RFC 6437 there is no rule, that flow labels are immutable for a given TCP session. It only notes in section 6.1, that changing the flow label within a TCP stream might be suspicious.
IPv6 flow labels are designed as QoS/routing indicators (like the DCSP field), which (in theory) might vary during the life time of the TCP session.
Jun 9 2020
Jun 9 2020
donner added a comment to D25181: Introduce net.inet6.icmp6.reply_from_interface and net.inet6.icmp6.reply_src sysctls.
May you be so kind as adding some lines into the man page, too?
Otherwise those are some more of the obscure sysctls, which are even not documented in the source code.
Jun 2 2020
Jun 2 2020
If I understand correctly
ifconfig -a -g lagg -G lagg*1
will match all lagg interfaces besides those ending in 1.
May 30 2020
May 30 2020
In D25029#551707, @eugen_grosbein.net wrote:In D25029#551705, @ae wrote:You can just use another option name to specify excludes.
Good point, -G would do it for negation.
May 13 2020
May 13 2020
donner accepted D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
In D24021#546333, @neel_neelc.org wrote:In this patch, "me4" is IPv4-only and "me" is dual-stack. It uses kernel opcodes, however.
May 12 2020
May 12 2020
donner added inline comments to D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
donner added inline comments to D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
May 9 2020
May 9 2020
Can you point to existing implementations of this idea?
Several middle-ware boxes are prone to assumptions like one-port-one-connection.
I doubt, that this will work with i.e. restricted cone NAT (https://en.wikipedia.org/wiki/Network_address_translation)
May 8 2020
May 8 2020
I'm still fine with the netgraph part.
May 6 2020
May 6 2020
donner added a comment to D24427: ipfw: use SLIST_REMOVE_HEAD and SLIST_REMOVE_AFTER for the first and subsequent respective states.
In D24427#544221, @ae wrote:JFYI, this code will be removed when refactoring to the epoch(9) will be finished.
donner added a comment to D24427: ipfw: use SLIST_REMOVE_HEAD and SLIST_REMOVE_AFTER for the first and subsequent respective states.
"del" is a bad name for the running variable. I'd feel "prev" more appropriate.
May 5 2020
May 5 2020
May 4 2020
May 4 2020
I assume, it is common practice to not explicitly assert(be != NULL) in each of the functions.
I tried the code generation with:
int testFP(int i) { return i*0.75; }
In D24620#543377, @aleksandr.fedorov_itglobal.com wrote:
- Change the "path" option to "relpath" to match the ngctl connect command.
May 3 2020
May 3 2020
May 2 2020
May 2 2020
Your test defines a node named "vmbridge".
host# ngctl name ngeth0:ether vmbridge
and then referes to a node "vmbr"
host# sh vmrun.sh -c 4 -m 1024M -t netgraph:socket=vm0:path=vmbr:hook=vm0link:peerhook=link0 -d freebsd-0.img freebsd-0
Apr 30 2020
Apr 30 2020
In D24620#542160, @aleksandr.fedorov_itglobal.com wrote:In D24620#541979, @lutz_donnerhacke.de wrote:If I understand correctly, you are adding code in the VM-setup (copied from ngctl) to create a ng_socket and connect it to a specified node (ng_bridge). Then you are using the data channel of the ng_socket to transmit Ethernet frames.
Yes. This is how bhyve network backends works. The guest OS sends / receives packets through the guest driver, bhyve processes them in user space and redirects them to the appropriate device using read / write / mmap system calls. Bhyve currently supports packet processing through /dev/tapX and /dev/netmap.
This review add support packet processing through ng_socket(4). I only know two useful ways to send/receive packets to/from the Netgraph network from the user space: ng_socket and ng_device (open /dev/ngdN and read/write).
Apr 29 2020
Apr 29 2020
If I understand correctly, you are adding code in the VM-setup (copied from ngctl) to create a ng_socket and connect it to a specified node (ng_bridge). Then you are using the data channel of the ng_socket to transmit Ethernet frames.
donner updated the diff for D23963: netgraph/ng_bridge: Introduce "uplink" ports without MAC learning.
Fix issues in the code, i.e. bitfields are unsigned, spacing style, braces style.
donner updated the diff for D23963: netgraph/ng_bridge: Introduce "uplink" ports without MAC learning.
Fix various man page issues.
Apr 25 2020
Apr 25 2020
Apr 23 2020
Apr 23 2020
Apr 22 2020
Apr 22 2020
Is there really a typical use case for this call?
Apr 16 2020
Apr 16 2020
Apr 14 2020
Apr 14 2020
Apr 1 2020
Apr 1 2020
Mar 31 2020
Mar 31 2020
donner accepted D24234: ipfw(8): Introduce src-ip4/dst-ip4 and src-ipv4/dst-ipv4 specifiers, make src-ip/dst-ip dual-stack.
What about src-ipv4? (for the sake of symmetry)
Somebody may think about "*ip" to accept both address families.
Mar 26 2020
Mar 26 2020
donner added inline comments to D24192: ipfw: add dst-mac/src-mac shorthands to do filtering based on source/destination MAC.
Mar 25 2020
Mar 25 2020
Patch does work with 12-STABLE, too. (removing the NEEDGIANT flag)
Mar 24 2020
Mar 24 2020
Mar 21 2020
Mar 21 2020
Fixed spacing for "if (" statements.
Running the whole source through indent(1) would make a much larger patch.
Mar 16 2020
Mar 16 2020
donner added a comment to D24011: ipfw: Support [w:x:y::z]:port (bracketed) IPv6 addresses in the fwd command.
That would be my approach https://reviews.freebsd.org/differential/diff/69565/
I'd further eliminate the temporary storage "struct sockaddr_storage result", and copy directly from the gai result into the action (with memcpy).
donner requested changes to D23577: divert: Add socket options for divert socket's send and receive buffers.
donner added a comment to D23577: divert: Add socket options for divert socket's send and receive buffers.
I tried to use the already existing socket infrastructure to change the socket buffer values ...
Mar 14 2020
Mar 14 2020
donner added inline comments to D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
Mar 11 2020
Mar 11 2020
donner added a comment to D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
In D24021#528343, @driesm.michiels_gmail.com wrote:Does this mean that for a current dual stack IPFW rule like:
allow tcp from any to me 443It will only match for IPv4 packets, as "me" is only working with IPv4 addresses under the hood with the current behavior?
This is not the current behavior I'm observing since my web server answers IPv6 requests perfectly fine with my above rule.
donner accepted D24021: ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()..
Good catch.
Mar 10 2020
Mar 10 2020
In D23971#528126, @rgrimes wrote:I have no idea why someone thinks a network device should have a minimum MTU of 1280, that is simply the IPv6 value, ethernet is very happy to transfer 64 byte packets. There should be some implementation detail of the in kernel vt driver that can at least go that small, and perhaps smaller as you do not have the collision detection minimum wire time that ethernet has(had).
donner added a comment to D24011: ipfw: Support [w:x:y::z]:port (bracketed) IPv6 addresses in the fwd command.
In D24011#527998, @lutz_donnerhacke.de wrote:How about detecting the port separator first? (i.e. repeatly call strpbrk)
donner added a comment to D24011: ipfw: Support [w:x:y::z]:port (bracketed) IPv6 addresses in the fwd command.
How about detecting the port separator first? (i.e. repeatly call strpbrk)
Then you can easily distinguish between the cases
- starts with '[' -> numeric IPb6
- contains ':' -> numeric IPv6
- contains no letters -> numeric IPv4
- use gai()
Mar 7 2020
Mar 7 2020
Ping?
donner added a comment to D22140: netgraph/ng_tag: Variable length data can not be set for all length.
Ping?
donner added a comment to D21968: netgraph/ng_source: Allow ng_source to inject into any netgraph network.
Ping?
@melifaro Are your concerns resolved?
@hrs Are your concerns resolved?
donner added a reviewer for D23727: netgraph/ng_one2many: Clarification in comments about copy mode: network.
donner added a comment to D22076: netgraph/ng_vlan_rotate: IEEE 802.1ad VLAN manipulation netgraph node type (new type).
@brueffer Are your concerns resolved?
Widen the range of priority classes.
I'm sorry, but I do not see anything functionally connected with the new fib number.
This patch only stores and retrieves the number but does not consider it in its natting process itself.
So the whole fib processing is done in the ipfw ruleset, it has nothing to do with libalias.
What do I miss?
Mar 5 2020
Mar 5 2020
donner added a comment to D23963: netgraph/ng_bridge: Introduce "uplink" ports without MAC learning.
In D23963#526951, @aleksandr.fedorov_itglobal.com wrote:Is it really useful to have multiple uplinks?
Updated to revision 358668.
Mar 4 2020
Mar 4 2020
donner added a reviewer for D23963: netgraph/ng_bridge: Introduce "uplink" ports without MAC learning: network.
The man page needs an update, too.
donner retitled D23954: netgraph/ng_car: Fix spelling from ng_car: Fix spelling to netgraph/ng_car: Fix spelling.
Mar 3 2020
Mar 3 2020
donner added a comment to D23721: ng_one2many: Don't duplicate packets with m_dup() when receiving and re-transmitting.
In D23721#526022, @glebius wrote:This can make sense in certain setups. However, since originally node provided writable copies to each of "many" hooks, we can't change that. This can be configured as a node option, if sysadmin is sure that nodes downstream of "many" hooks are fine with read only mbufs.