That's the way how DragonFlyBSD devs solved the problem
https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/451640b7cf6bcf7826b901ac9a51647442adb96b
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Feb 20 2024
Feb 7 2024
Jan 16 2024
Resigning from this; I tried to provide feedback over IRC, but that was seemingly not well-received (and questions unanswered) and I'm not interested in reviewing this as-is. I'd much prefer splitting it into two scripts, one with, e.g., verbs, that manages wireguard interfaces and then the rc script that simply drives that in an obvious way. The last objection I heard was that there's too much state to pass around, but it's not at all clear why unless this is trying to mix way too much rc.conf configuration in with wg config.
Jan 15 2024
Dec 29 2023
In D41318#980524, @pauamma_gundo.com wrote:No manual page to review, yet manpages is a group reviewer. Did a file get accidentally left out?
Dec 12 2023
No manual page to review, yet manpages is a group reviewer. Did a file get accidentally left out?
Oct 16 2023
This is my first review here, I hope to not be stepping on any toes. If I have, please correct me so I might do better next time. Overall your wireguard startup mechanism looks good and my suggestions are strictly cosmetic in nature. I would not be at all disappointed if this patch were committed unaltered.
Sep 13 2023
Aug 23 2023
The interface name restriction function is a judgment call restricting users from creating problematic (for shell scripts) interface names. Applying the same restrictions to existing services like netif and routing could break (partly) working configurations.
Aug 21 2023
Manual page English LGTM.
Aug 18 2023
first pass…
Aug 7 2023
In our repo this is two separate commits, one for adding the enum and a second for the -r option. Anyone who wants to commit this, I'd be happy to provide git format-patch format.
Restructured to use an enum for output formats rather than a bool, making it easier to change the defaults or add additional formats in the future. This was rebased onto 13.2 as a part of our migration; I haven't checked whether it still applies to 14-current.
I rewrote this to use an enum for the format type rather than a boolean, making it more flexible in the future. Will re-upload some day.
Aug 4 2023
May 4 2023
Apr 25 2023
Apr 19 2023
Minor nits, fixable on commit if nothing else requires another round.
Apr 18 2023
Upated ipfw.8, fix some mandoc -T lint warnings.
Apr 17 2023
Mar 26 2023
Mar 15 2023
Mar 14 2023
Mar 2 2023
This patch is no longer needed since I'm trying to use wpa_supplicant(8) on wtap(4). See D38508.
Jan 16 2023
@glebius ?
Nov 30 2022
Nov 25 2022
Ref the wiki of ifnet project: https://wiki.freebsd.org/projects/ifnet
Nov 1 2022
Oct 20 2022
In D37070#841801, @bz wrote:See also https://reviews.freebsd.org/D32847
See also https://reviews.freebsd.org/D32847
Oct 15 2022
Oct 13 2022
In D36691#839695, @kp wrote:What problem does this fix? In other words, what is the motivation for this change?
No known problems.
When I was trying to resolve https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266712, I dug into the privileges design. I checked multiple tunnel interface implementations and found that if_me shares network privilege with if_gre. Intuitively this would confuse consumer. Fortunately there is no other consumers in base system.
Is there a use case for separating the GRE and ME privs? It's conceptually cleaner, but it could (theoretically at least, I doubt anyone actually does this) break existing configurations that rely on granting PRIV_NET_GRE to administer me interfaces.
There is no other consumers (of PRIV_NET_GRE) in base system, except for if_gre and if_me. I have not checked ports yet but it should be easy to fix ( in ports ).
What problem does this fix? In other words, what is the motivation for this change?
Oct 9 2022
Oct 7 2022
Oct 6 2022
The IPv4/IPv6 over IPv6 vxlan looks good after test.
- Rebase
- Update as @bryanv suggested.
Oct 5 2022
Oct 4 2022
I would expect there are other avoidable slowdowns which prevent realizing the benefit.
In D36872#837076, @glebius wrote:Is there any performance increase?
In D36872#837077, @zlei.huang_gmail.com wrote:For 12.x, i386 is Tier 1 supported platform. The counter_u64_add() still has runtime branches.
There is a long trend in FreeBSD to make struct ifnet as less visible to drivers as possible. Ideally make it fully opaque. That will allow to change struct ifnet without breaking KBI of drivers. Some years ago I was really close, see https://svnweb.freebsd.org/base/projects/ifnet/. Actually today we have less drivers and this project is worth resurrecting, if I or somebody else have time for it.
For 12.x, i386 is Tier 1 supported platform. The counter_u64_add() still has runtime branches.
Is there any performance increase?
Oct 2 2022
Sep 30 2022
This looks sane to me. We really do have to make sure there's enough contiguous data before we access it.
Sep 29 2022
Sep 25 2022
Sep 21 2022
Document the change in man pages.
In D34579#828698, @glebius wrote:I can't see how this can be used maliciously, e.g. forcing some application outside of jail to send its SCM_RIGHTS to a jail.
Sep 19 2022
In D32820#824395, @zlei.huang_gmail.com wrote:Hi @melifaro ,
Any chance will this be MFCed into stable/13 ?
Sep 8 2022
I can't see how this can be used maliciously, e.g. forcing some application outside of jail to send its SCM_RIGHTS to a jail. Even if such case exists for a certain application, that would be bug in that application, IMHO. The initial idea of SCM_RIGHTS was actually to grant rights intentionally, so there can be a valid case for a certain application that wants to grant rights to its peer in a jail.
Aug 29 2022
This looks good.
Aug 24 2022
Aug 23 2022
Hi @melifaro ,
Any chance will this be MFCed into stable/13 ?
Aug 20 2022
In D36242#823477, @cy wrote:Will there be a man page update for this at some point?
Aug 19 2022
Will there be a man page update for this at some point?
Aug 18 2022
Aug 17 2022
Aug 14 2022
Aug 4 2022
Jul 29 2022
I like this (and will commit it soon), but there's two epoch_drain_callbacks() in sys/net/if.c that should also be changed. I'll do that as part of the commit.