In D23091#507459, @lutz_donnerhacke.de wrote:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jan 13 2020
Jan 13 2020
eugen_grosbein.net added a comment to D23091: netgraph/ng_nat: Prevent crash by malformated packets.
eugen_grosbein.net requested changes to D23091: netgraph/ng_nat: Prevent crash by malformated packets.
eugen_grosbein.net added a reviewer for D23091: netgraph/ng_nat: Prevent crash by malformated packets: eugen_grosbein.net.
eugen_grosbein.net added a comment to D23091: netgraph/ng_nat: Prevent crash by malformated packets.
In D23091#507447, @lutz_donnerhacke.de wrote:Add an explanation to the man page.
Dec 4 2019
Dec 4 2019
Could you please supply use case? Why do we need another virtual ethernet interface? We already have many kinds of them.
Oct 2 2019
Oct 2 2019
In D21724#477488, @kaktus wrote:Wouldn't /usr/libexec be a better place for it, like for many other such daemons (like fingerd etc…)?
Sep 20 2019
Sep 20 2019
Sep 16 2019
Sep 16 2019
Sometimes I suffer from being unable to bring the interface to "administratively shutdown" state as opposed to "operative shutdown". It would be nice if ifconfig(8) "down" was able to update status of the interface with "admindown" string or similar, and "up" was able to auto-remove such note.
Aug 21 2019
Aug 21 2019
In D21306#464409, @driesm.michiels_gmail.com wrote:Thanks for the feedback Eugen, that will take a bit more time to restructure / add some of your comments.
I have one remark regarding 1), rc.firewall creates the NAT rule at number 50, although I think the example in the handbook and the ruleset rc.firewall creates are different. rc.firewall only has one NAT rule and does not have all stateful rules. So I don't feel too strong about renumbering the existing ruleset in the handbook just to match the NAT rule at number 50.
Aug 19 2019
Aug 19 2019
There is also one subtle difference between "ipfw divert" command used with natd and "ipfw nat" command.
Thank you very much for starting this work. We really need updates to the Handbook.
Apr 23 2019
Apr 23 2019
Apr 19 2019
Apr 19 2019
I like the idea.
eugen_grosbein.net added a reviewer for D19921: Add GRE-in-UDP encapsulation support: eugen_grosbein.net.
Feb 20 2019
Feb 20 2019
eugen_grosbein.net added inline comments to D19271: Define a constant for the maximum number of GEOM_CTL arguments..
Feb 12 2019
Feb 12 2019
Dec 30 2018
Dec 30 2018
In D18382#391348, @sobomax wrote:o Due to popular request rename "erase" into "trim".
Dec 14 2018
Dec 14 2018
eugen_grosbein.net accepted D18546: dhclient(8) issues unneeded ioctl(SIOCSIFMTU) on every lease renew.
That makes sense, thanks.
eugen_grosbein.net added a comment to D18546: dhclient(8) issues unneeded ioctl(SIOCSIFMTU) on every lease renew.
In D18546#395642, @sobomax wrote:
eugen_grosbein.net added a comment to D18546: dhclient(8) issues unneeded ioctl(SIOCSIFMTU) on every lease renew.
In D18546#395596, @sobomax wrote:In D18546#395445, @eugen_grosbein.net wrote:Hmm, there was https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229432 and corresponding commit https://svnweb.freebsd.org/base?view=revision&revision=336195 fixing the problem.
Was it insufficient or your tree does not have that fix?
Yes, you are right. We were looking at the FreeBSD 11.2 code here, I have not noticed there is another change in a trunk to fix the same issue. :(
eugen_grosbein.net added a comment to D18546: dhclient(8) issues unneeded ioctl(SIOCSIFMTU) on every lease renew.
Hmm, there was https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229432 and corresponding commit https://svnweb.freebsd.org/base?view=revision&revision=336195 fixing the problem.
eugen_grosbein.net added a comment to D18535: Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4) and such.
In D18535#395370, @sobomax wrote:In D18535#395273, @eugen_grosbein.net wrote:Yes, it requires corruption of private node memory. As owner of multiple routers mass servicing thousands of customers using multiple NETGRAPH nodes I can assure you that panic is not appropriatie action. Appropriate action is some form of block for traffic flow trough the node in question (with logging) leaving other nodes working.
Well, that's where I respectively disagree. As an owner of hundreds of FreeBSD systems servicing many millions of customers I think that rebooting the system immediately after any slight kernel heap/stack memory corruption is detected is not just appropriate but the only sane action available. Shutting down particular netgraph node and hope for the best would just leave the service down indefinitely with no hope for any sorts of automatic recovery.
Dec 13 2018
Dec 13 2018
eugen_grosbein.net added a comment to D18535: Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4) and such.
Looks good with one exception: additional plain panic(). Can it be replaced with KASSERT?
IDK, there is no way this option to be set to anything but DLT_RAW or DLT_EN10MB in the course of normal operation of the node. So it would require some form of memory corruption to actually happen. IDK, panic(9) seems an appropriate action in that case. There are other panic(9) call in the code in similar situations.
eugen_grosbein.net added a reviewer for D18535: Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4) and such: eugen_grosbein.net.
Looks good with one exception: additional plain panic(). Can it be replaced with KASSERT?
Dec 1 2018
Dec 1 2018
In D18380#391441, @imp wrote:I'm pissed this was committed. It wasn't ready and in total breach of protocol.
This matter is *NOT* settled and you're lucky I don't just remove it from the tree.
Closed prematurely.
Nov 30 2018
Nov 30 2018
In D18380#391343, @cem wrote:In D18380#391248, @eugen_grosbein.net wrote:First, DIOCGDELETE is not GEOM-specific ioctl()
I don't know why you say that. It was created specifically for GEOM (r169284). That's what the 'G' in the name represents, along with other similar ioctls (r92698).
I strongly disagree against GEOM'ifying or CAM'ifyng such simple code.
Nov 29 2018
Nov 29 2018
I'm fine with rest of changes.
The check for CHR and SBLK is to issue nice and correct error message in case of pilot error instead of generic and obscure error after ioctl() so I'd prefer to keep it.
The operation in question is dangerous and can easily result in loss of data if used by unexperienced root. This is why I want it to NOT defaults to -f but instead defaults to verbose dry-run mode. Hence the need for -f and -q.
Nov 26 2018
Nov 26 2018
Oct 28 2018
Oct 28 2018
eugen_grosbein.net updated the diff for D17719: Improve ipfw.8 manual page with more clear layer2 processing documentation.
Use .Cm instead of .Nm for keyword. Begin sentences with new line.
Oct 27 2018
Oct 27 2018
eugen_grosbein.net updated the summary of D17719: Improve ipfw.8 manual page with more clear layer2 processing documentation.
Oct 21 2018
Oct 21 2018
Oct 18 2018
Oct 18 2018
eugen_grosbein.net added inline comments to D17598: Properly handle case when system is out of network interface numbers.
Oct 16 2018
Oct 16 2018
eugen_grosbein.net added a comment to D17575: pw: file == NULL check in read_userconfig() is always false.
Looks good. While you are here, please also replace last "/etc" literal in the pw.c's main() function with _PATH_PWD used with all other places of pw(1) sources.
Oct 15 2018
Oct 15 2018
In D17566#374928, @yuripv wrote:In D17566#374923, @eugen_grosbein.net wrote:While the change seems to be semantically right, I don't really like we have more and more places with hard-coded "pw.conf" in the pw(8) sources.
Could you please to add #define _PW_CONF "pw.conf" to pw.h and use "%s/" _PW_CONF (concatenation of C string literals) instead of "%s/pw.conf" ? And make same change to pw_utils.c' get_userconfig() function too, while you are here.
Sure, done.
While the change seems to be semantically right, I don't really like we have more and more places with hard-coded "pw.conf" in the pw(8) sources.
eugen_grosbein.net added a reviewer for D17566: PR231653: pw doesn't respect -V when writing pw.conf: bapt.
Sep 30 2018
Sep 30 2018
eugen_grosbein.net added a reviewer for D17299: PR231649: pw: make checks in boolean_str() match reality: eugen_grosbein.net.
eugen_grosbein.net added a comment to D17299: PR231649: pw: make checks in boolean_str() match reality.
Just as a comment: boolean_str() problem seems to be a left-over after my change r326848 that changed magic values -2 .. 1 to symbols P_NONE etc. but missed a change for boolean_str().
Sep 10 2018
Sep 10 2018
Why is it acceptable to break KBI here adding new member to struct inpcblbgroup not to its end?
eugen_grosbein.net added a comment to D17100: Extend ifaddr_event to pass ifaddr and event type to handler.
This also needs an update for share/man/man9/EVENTHANDLER.9
Sep 5 2018
Sep 5 2018
eugen_grosbein.net added a reviewer for D17039: Implement "ipfw fwd" for incoming IPv4 packets on fast forwarding path: ae.
eugen_grosbein.net updated the diff for D17039: Implement "ipfw fwd" for incoming IPv4 packets on fast forwarding path.
Same code, more context.
Aug 30 2018
Aug 30 2018
Aug 20 2018
Aug 20 2018
eugen_grosbein.net added a comment to D16789: lang/go: flavorize; add -nosse2 flavor for older i386 CPUs lacking SSE2 support.
In D16789#357757, @mat wrote:In D16789#357745, @dg_syrec.org wrote:In D16789#357744, @mat wrote:The flavor does not make much sense.
First because it is only needed for i386 processors before pentium 4, so it only concerns on i386 architecture, so having a flavor on all other archs is bogus.
I was also wondering if it would be possible to somehow declare this flavor arch-specific (i386-only).
I think you could get away with doing something like this:
FLAVORS= ${FLAVORS_${ARCH}} FLAVORS_i386= blah FLAVOR?= ${FLAVORS:[1]}But I am still not sure this is a good idea to begin with.
Second, do you have real example of people actually running Go on machines from last century?
That is completely insane.
Jul 31 2018
Jul 31 2018
This was fixed long time ago, please close.
eugen_grosbein.net added a comment to D13426: Extend stripeoffset and stripesize of GEOMs from u_int to off_t.
I'm going to commit this soon unless an objection is raised.
I'm going to commit latest revision soon unless an objection is raised.
Jul 28 2018
Jul 28 2018
eugen_grosbein.net updated the diff for D16459: bsnmpd(1): optimize interface description processing.
The only change comparing with previous revision is added truncation of interface description obtained with sysctl(3) if it appears longer than 64 octets.
Jul 27 2018
Jul 27 2018
In D16459#349483, @avg wrote:Well, the standard says (0 ..64) and that means from zero to 64.
Also, my impression is that, according to the RFC, ifAlias is something that should be settable over SNMP and it should be persistent.
In D16459#349416, @bz wrote:
Jul 26 2018
Jul 26 2018
In D16459#349396, @bz wrote:Hmm RFC 2863 says:
ifAlias OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..64))
eugen_grosbein.net updated the diff for D16459: bsnmpd(1): optimize interface description processing.
Style changes.
eugen_grosbein.net added inline comments to D16459: bsnmpd(1): optimize interface description processing.
May 19 2018
May 19 2018
eugen_grosbein.net added a comment to D15488: If reading the routing table fails, retry up to 10 times.
While the intention is good, I'm curious why someone would want to use "netstat -rn" these days for BGPv4 full view having about 700 thousands prefixes?
May 17 2018
May 17 2018
May 13 2018
May 13 2018
It seems that rc.shutdown.8 is just an alias for rc.8, do we add a cross-references in such a case?
NAME
rc - command scripts for auto-reboot and daemon startup
May 11 2018
May 11 2018
Looks just fine.
May 9 2018
May 9 2018
Add reference to rcorder(8) manual page.
eugen_grosbein.net added inline comments to D15329: Improvement for MAC address uniqueness of if_epair(4).
eugen_grosbein.net added a comment to D15329: Improvement for MAC address uniqueness of if_epair(4).
sizeof counts in octets (bytes), not bits
and you do not need complexity of "if (sizeof...)" but simply cast hostid to uint64_t unconditionally first.
In D15247#323710, @julian wrote:Do you have any idea how to mention rc.resume in rc(8) correctly?
as mentioned before, add some cross referencing in the related man pages. Use the "See also" sections.
May 8 2018
May 8 2018
eugen_grosbein.net added a comment to D15329: Improvement for MAC address uniqueness of if_epair(4).
In D15329#323385, @wollman wrote:It's probably worth a little bit of thought as to what is the more common case, a zillion epair interfaces on one host (read: half a zillion vnet jails) or a much smaller number of epairs on a larger number of hosts. It sounds like you are well placed to assign your own addresses, whatever the default may be.
In D15247#323501, @avg wrote:It would be nice to add a mention of rc.resume and the new resume keyword to rc(8) as Julian suggested.
We have only one manual page acpiconf(8) that mentions /etc/rc.resume with exception of ancient apmd(8) page that is installed for i386 systems only. I've added needed description to acpiconf(8).
eugen_grosbein.net added inline comments to D15329: Improvement for MAC address uniqueness of if_epair(4).
May 7 2018
May 7 2018
eugen_grosbein.net added a comment to D15329: Improvement for MAC address uniqueness of if_epair(4).
Well, I have many hosts having over housand of ngXXX interfaces, so yes, two bytes are needed at least.
eugen_grosbein.net added a comment to D15112: In snmp_mibII module assume that virtual interfaces can work at maximum speed available in the system.
In D15112#323137, @harti wrote:How does it do that? The problem is whether a 64-bit increment or add is atomic with regard to a read from another CPU.
eugen_grosbein.net added inline comments to D15329: Improvement for MAC address uniqueness of if_epair(4).
eugen_grosbein.net added a reviewer for D15329: Improvement for MAC address uniqueness of if_epair(4): eugen_grosbein.net.
Using hostid should be fine as it adds protection against inter-jail MAC collisions. Just reuse it when possible instead of calling second time for it.
May 6 2018
May 6 2018
eugen_grosbein.net added a comment to D15329: Improvement for MAC address uniqueness of if_epair(4).
Why do you bother calling getcredhostid (which involves mutex lock/inlock) and arc4random second time while creating second interface?
Can't you just use already computed values from scb->oifp->if_hw_addr ?
May 2 2018
May 2 2018
eugen_grosbein.net added a reviewer for D15249: Security Update to gitlab 10.6.5: eugen_grosbein.net.
eugen_grosbein.net added a reviewer for D15248: Entry for security problem in gitlab: eugen_grosbein.net.
The change passes "make validation" tests.
May 1 2018
May 1 2018
Apr 17 2018
Apr 17 2018
Apr 16 2018
Apr 16 2018
Mar 6 2018
Mar 6 2018
In D14547#306289, @pi wrote:In D14547#306226, @eugen_grosbein.net wrote:Also, why don't you just use "ifconfig em0 x.y.z.A/24 -alias; ifconfig em1 x.y.z.B/24 alias" to perform the switch? It should just work.
This has a short timewindow, during which packets will be rejected. On high-traffic ports this will cause connection drops or losses.
Mar 5 2018
Mar 5 2018
In D14547#306227, @rstone wrote:I don't think that this conversation is going to go anywhere productive.
In D14547#306225, @rstone wrote:In D14547#306224, @eugen_grosbein.net wrote:Care to elaborate what are you trying to achieve by moving subnet route between interfaces?
My customer is using it as a lame form of failover. If the interface with address A goes down, we can fail over the subnet route to address B (on a different interface) and address B remains functional (address A remains down, of course. I did same it was a lame form of failover).
I have no ability to push back on the customer on this point. Their position is that this configuration was supported on previous versions and therefore must remain supported.