Wed, Jan 10
This looks like noop for me, so I have no objection.
Mon, Jan 8
- bump MIB version
- return error code from string_save()
- fix comment wording
- add the check for community string uniqueness. It is ambiguous if we would have several the same community strings with different access rights.
Sat, Jan 6
Can you please update the patch with additional context according to https://wiki.freebsd.org/Phabricator#Create_a_Revision_via_Web_Interface
Wed, Jan 3
Can you please update the diff according to https://wiki.freebsd.org/Phabricator#Create_a_Revision_via_Web_Interface
Fri, Dec 29
Sun, Dec 24
Thu, Dec 21
Dec 16 2017
Dec 15 2017
Dec 14 2017
From quick look, it seems ifa_rtrequest does not release this reference and the change is correct.
Dec 13 2017
It would be nice if you describe why this leak happens, i.e. where leaked reference was acquired.
Dec 11 2017
Dec 8 2017
Dec 5 2017
Dec 4 2017
Dec 1 2017
Nov 30 2017
Nov 28 2017
Kristof and Olivier, can you test this patch?
Nov 26 2017
I'm not familiar with SCTP, from other side seems good to me, except some style issues.
Nov 24 2017
Nov 23 2017
Nov 22 2017
Nov 17 2017
Nov 10 2017
Nov 3 2017
Nov 2 2017
If it restores the old behavior, I have no objection
Oct 31 2017
Oct 30 2017
I have not plan to merge this into stable/10.
Also I'm not sure about committing this as is, because I'm not sure ConcurrencyKit is supported on all platforms.
Probably I will modify ip_fw_dynamic.c to be KPI compatible with this code, and then make it conditionally buildable.
Also CK is not merged into stable/11 yet, but cognet@ said that he will merge it into stable/11 if it will become needed.
Oct 26 2017
Also now you can try your 5000000 flows test :)
You can set
sysctl net.inet.ip.fw.dyn_max=5000000 sysctl net.inet.ip.fw.dyn_buckets=5000000
Oct 25 2017
r324972 with D12770 fbsd 11.1 OK NOK: netstat display "packets dropped; no transform" on destination
Oct 24 2017
Oct 23 2017
- Fix build with VIMAGE and remove mismerged chunks.
- Replace ip_fw_dynamic in sys/conf/files.
Oct 20 2017
- Switch the default hash algorithm to jenkins hash.
Some whitespace fixes and blank lines.
In dyn_export_data() fix typo in bytes counter calculation
The ipfw_send_pkt() function was not changed, it just moved from ip_fw_dynamic.c into ip_fw2.c. I can remove keep-alive related functionality from this function if you prefer this.
The new dynamic states implementation uses own keep-alive functions that are in ip_fw_dynamic2.c (is is hidden in phabricator and should be expanded via "Show File Contents").
I am planning to rework ipfw_send_pkt() to use some deferred sending (e.g. taskq). I don't like the fact that we are reentering the firewall when we sending RST. This produces high stack usage.
Thanks for testing! Actually you get a far better improvement than I observed!
Just curious, which hardware have you used for the test?
Oct 19 2017
I finally played a bit with this patch. I used if_ipsec(4) tunnel between two hosts and iperf TCP test. With disabled async_crypto I have ~720Mbit/s, with enabled async_crypto it is 5.2Gbit/s.
Oct 18 2017
Oct 17 2017
Oct 16 2017
- Restore support for 'check-state :any'.
Oct 13 2017
Oct 12 2017
Hence my comment on the proposed commit message (get more people testing and see if it can stay on for 12). If a lot of people find they'll lose 20% the next days this will not go in, or if they find in two months, this can be reverted quite easily if the overhead can't be removed.
Oct 10 2017
Oct 9 2017
Oct 4 2017
Probably you need to modify netipsec/ipsec_pcb.c too.
Sep 29 2017
Sep 27 2017
Sep 24 2017
Sep 20 2017
Sep 19 2017
It would be good to note also about the error when you can not modify partition table until it will be recovered.
This is frequent problem when GPT is marked as CORRUPT.
Sep 14 2017
I'm not sure about GPT volume labels. What will be if you do something like this?
MD=`mdconfig -s 100m` gpart create -s GPT $MD gpart add -t freebsd-ufs $MD for i in `seq 0 100`; do gpart modify -i 0 -l LABEL$i $MD done
Sep 12 2017
Sep 6 2017
Sep 1 2017
Aug 28 2017
Aug 25 2017
Aug 23 2017
Aug 21 2017
Aug 17 2017
Perhaps a rename of the new files to reflect the technology/enhancement you are proposing? Most people won't associate Yandex with VLANs. Regardless, to really benefit FreeBSD in general, you should probably include patches to other drivers as well, since VLANs are not specific to Intel devices.
Aug 16 2017
Why not? I'm going to use ck library in ipfw, and put related code here to reduce diffs.
perhaps you can avoid ck/atomic: protect yndx_vlan_set() call with IXGBE_RX_LOCK()