Page MenuHomeFreeBSD

ae (Andrey V. Elsukov)
User

Projects

User Details

User Since
Jun 4 2014, 7:25 AM (280 w, 3 d)

Recent Activity

Yesterday

ae committed rS353723: MFC r353545:.
MFC r353545:
Fri, Oct 18, 9:09 AM

Tue, Oct 15

ae committed rS353545: Explicitly initialize the memory buffer to store O_ICMP6TYPE opcode..
Explicitly initialize the memory buffer to store O_ICMP6TYPE opcode.
Tue, Oct 15, 9:50 AM

Tue, Oct 1

ae added a comment to D21853: Check for ipv6_zoneid in tcp_hc_lookup() alongside inc6_faddr.

I'm agree with the change, but I have doubts that we have fixed all places in the kernel, where zone id is checked and properly initialized. Usually we keep zone id embedded in the address. Do you have some tests to check this code?

Tue, Oct 1, 1:11 PM

Aug 26 2019

ae committed rS351507: MFC r351214:.
MFC r351214:
Aug 26 2019, 9:29 AM

Aug 23 2019

ae committed rS351420: MFC r350974:.
MFC r350974:
Aug 23 2019, 10:12 AM
ae committed rS351419: MFC r350974:.
MFC r350974:
Aug 23 2019, 10:11 AM

Aug 22 2019

ae committed rS351387: MFC r351071:.
MFC r351071:
Aug 22 2019, 8:49 AM
ae committed rS351386: MFC r351071:.
MFC r351071:
Aug 22 2019, 8:47 AM

Aug 19 2019

ae committed rS351214: Use TAILQ_FOREACH_SAFE() macro to avoid use after free in soclose()..
Use TAILQ_FOREACH_SAFE() macro to avoid use after free in soclose().
Aug 19 2019, 12:42 PM
ae added reviewers for D21306: Document IPFW's in-kernel NAT: eugen_grosbein.net, lev.
Aug 19 2019, 12:13 PM

Aug 16 2019

ae committed rS351117: MFC r350816:.
MFC r350816:
Aug 16 2019, 12:28 PM
ae committed rS351116: MFC r350816:.
MFC r350816:
Aug 16 2019, 12:27 PM

Aug 15 2019

ae committed rS351071: Fix rule truncation on external action module unloading..
Fix rule truncation on external action module unloading.
Aug 15 2019, 1:44 PM

Aug 13 2019

ae committed rS350974: Save ip_ttl value and restore it after checksum calculation..
Save ip_ttl value and restore it after checksum calculation.
Aug 13 2019, 12:48 PM

Aug 11 2019

ae added a comment to D21209: Wrap a vlan's parent's if_output in a separate function..

If you know that the problem occurs only with BPF, bpfwrite() invokes if_output() already in epoch section.

Aug 11 2019, 9:45 AM

Aug 9 2019

ae committed rS350816: Add missing new line in several log messages..
Add missing new line in several log messages.
Aug 9 2019, 8:58 AM

Aug 5 2019

ae committed rS350583: MFC r350417:.
MFC r350417:
Aug 5 2019, 7:50 AM
ae committed rS350582: MFC r350417:.
MFC r350417:
Aug 5 2019, 7:49 AM

Aug 2 2019

D21128: ipfw: fix jail option is now accepted and ready to land.
Aug 2 2019, 8:32 AM

Jul 29 2019

ae committed rS350417: dd ipfw_get_action() function to get the pointer to action opcode..
dd ipfw_get_action() function to get the pointer to action opcode.
Jul 29 2019, 3:09 PM
ae committed rS350413: Avoid possible lock leaking..
Avoid possible lock leaking.
Jul 29 2019, 12:56 PM
ae added a comment to D21086: pf: Remove partial RFC2675 support.

Does this mean that you concluded in the IETF mailing list to drop this support?

Jul 29 2019, 10:21 AM

Jul 23 2019

ae committed rS350240: Eliminate rmlock from ipfw's BPF code..
Eliminate rmlock from ipfw's BPF code.
Jul 23 2019, 12:53 PM

Jul 19 2019

ae committed rS350138: MFC r349940:.
MFC r349940:
Jul 19 2019, 3:24 PM
ae committed rS350137: MFC r349940:.
MFC r349940:
Jul 19 2019, 3:18 PM

Jul 12 2019

ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 1:46 PM
ae committed rS349941: Do not modify cmd pointer if it is already last opcode in the rule..
Do not modify cmd pointer if it is already last opcode in the rule.
Jul 12 2019, 9:59 AM
ae committed rS349940: Correctly truncate the rule in case when it has several action opcodes..
Correctly truncate the rule in case when it has several action opcodes.
Jul 12 2019, 9:48 AM
ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 9:40 AM
ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 9:37 AM

Jul 7 2019

ae added a comment to D20868: epair: Fix shutdown race.

What happens ifp->if_softc will become NULL just after this 'if (sc == NULL)' check? It looks like epair_remove_ifp_from_draining(ifp) also uses if_softc field.

Jul 7 2019, 10:57 AM

Jul 3 2019

ae committed rS349648: MFC r349366:.
MFC r349366:
Jul 3 2019, 9:52 AM
ae committed rS349647: MFC r349365:.
MFC r349365:
Jul 3 2019, 9:49 AM
ae committed rS349646: MFC r349364:.
MFC r349364:
Jul 3 2019, 9:48 AM
ae committed rS349644: MFC r349366:.
MFC r349366:
Jul 3 2019, 9:46 AM
ae committed rS349643: MFC r349365:.
MFC r349365:
Jul 3 2019, 9:45 AM
ae committed rS349642: MFC r349364:.
MFC r349364:
Jul 3 2019, 9:43 AM

Jul 1 2019

ae committed rS349575: MFC r348235:.
MFC r348235:
Jul 1 2019, 10:16 AM
ae committed rS349574: MFC r348774:.
MFC r348774:
Jul 1 2019, 10:09 AM
ae committed rS349573: MFC r349267:.
MFC r349267:
Jul 1 2019, 10:03 AM
ae committed rS349572: MFC r349267:.
MFC r349267:
Jul 1 2019, 10:01 AM

Jun 26 2019

ae committed rS349429: Merge from stable/11:.
Merge from stable/11:
Jun 26 2019, 5:21 PM
ae committed rS349411: Fix the uninitialized use of source IPv6 address in NAT64LSN..
Fix the uninitialized use of source IPv6 address in NAT64LSN.
Jun 26 2019, 12:27 PM

Jun 25 2019

ae committed rS349366: Follow the RFC 3128 and drop short TCP fragments with offset = 1..
Follow the RFC 3128 and drop short TCP fragments with offset = 1.
Jun 25 2019, 11:40 AM
ae committed rS349365: Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in.
Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in
Jun 25 2019, 9:11 AM
ae committed rS349364: Restore ipfw(8)'s compact output support broken after r331668..
Restore ipfw(8)'s compact output support broken after r331668.
Jun 25 2019, 9:08 AM

Jun 24 2019

D20742: netipsec key_register: check for M_NOWAIT alloc failure is now accepted and ready to land.
Jun 24 2019, 4:38 PM

Jun 21 2019

ae added a comment to D20712: Add to ipfw tcpmss opcode that matches MSS values or ranges..

Committed in https://svnweb.freebsd.org/changeset/base/349267
Forgot to specify phabricator URL...

Jun 21 2019, 11:02 AM
ae committed rS349267: Add "tcpmss" opcode to match the TCP MSS value..
Add "tcpmss" opcode to match the TCP MSS value.
Jun 21 2019, 10:55 AM

Jun 20 2019

ae created D20712: Add to ipfw tcpmss opcode that matches MSS values or ranges..
Jun 20 2019, 7:01 PM

Jun 14 2019

ae committed rS349033: MFC r348774:.
MFC r348774:
Jun 14 2019, 10:39 AM

Jun 12 2019

ae added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..
In D20616#445619, @kristof wrote:

Only if the firewall needs to read/write actual packet data. Protocol headers (TCP, IP, etc.) are always stored in a normal mbuf at the start of a packet's mbuf chain. Unmapped mbufs only hold payload data that is stored in a socket buffer, so most of the filters I can think of off the top of my head as well as things like NAT should only operate on the normal mbuf holding the headers.

Okay, thanks. That should indeed just work. The 'pf_check_proto_cksum()' flow, assuming there's no hardware assist, might break. I suspect that hardware which uses unmapped mbufs is always going to have checksum offload, so that's probably not an issue either.

Jun 12 2019, 6:08 PM
ae committed rS348997: MFC r348682:.
MFC r348682:
Jun 12 2019, 4:34 PM
ae committed rS348984: MFC r348682:.
MFC r348682:
Jun 12 2019, 10:50 AM

Jun 7 2019

ae committed rS348774: Use underscores for internal variable name to avoid conflicts..
Use underscores for internal variable name to avoid conflicts.
Jun 7 2019, 8:30 AM
ae committed rS348773: MFC r348235:.
MFC r348235:
Jun 7 2019, 8:21 AM

Jun 6 2019

ae created D20534: Add to NAT64LSN ability to swap runtime configuration between instances.
Jun 6 2019, 11:08 AM

Jun 5 2019

ae committed rS348682: Initialize V_nat64out methods explicitly..
Initialize V_nat64out methods explicitly.
Jun 5 2019, 9:26 AM

May 31 2019

ae committed rS348470: MFC r348236:.
MFC r348236:
May 31 2019, 5:18 PM
ae committed rS348455: MFC r348236:.
MFC r348236:
May 31 2019, 11:21 AM

May 28 2019

ae committed rS348324: Rework r348303 to reduce the time of holding global BPF lock..
Rework r348303 to reduce the time of holding global BPF lock.
May 28 2019, 11:45 AM

May 27 2019

ae committed rS348303: Fix possible NULL pointer dereference..
Fix possible NULL pointer dereference.
May 27 2019, 12:42 PM
ae committed rS348301: Remove unused token that was added in r348235..
Remove unused token that was added in r348235.
May 27 2019, 6:34 AM

May 24 2019

ae committed rS348236: Restore IPV6_NEXTHOP option support that seem was partially broken.
Restore IPV6_NEXTHOP option support that seem was partially broken
May 24 2019, 11:45 AM
ae committed rS348235: Add `missing` and `or-flush` options to "ipfw table <NAME> create".
Add `missing` and `or-flush` options to "ipfw table <NAME> create"
May 24 2019, 11:06 AM
ae closed D18339: Add two new options to "ipfw table <NAME> create" to simplify firewall reload.
May 24 2019, 11:06 AM
ae committed rS348234: Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET()..
Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET().
May 24 2019, 9:02 AM
ae committed rS348233: MFC r346630:.
MFC r346630:
May 24 2019, 8:42 AM
ae committed rS348232: MFC r347383:.
MFC r347383:
May 24 2019, 8:40 AM

May 22 2019

ae added a comment to D20340: Add deprecation warnings for IPsec algorithms deprecated in RFC 8221..

I think it would be good to have this committed into 11.3 release. So you will be able to see how many users will complain that they need this support, if any.

May 22 2019, 6:55 AM

May 21 2019

ae accepted D20328: Fix gateway setup for the interface routes..

LGTM.

May 21 2019, 8:29 AM

May 19 2019

ae added a comment to D20290: Update Intel XL710 PF and VF drivers to version ixl-1.11.9 and ixlv-1.5.8.

Can you also update ixv driver? We discovered problems with ixv+VLANs on some KVM hosts with the stock driver, but the driver 1.5.15 from Intel's site works well.

May 19 2019, 8:46 AM

May 14 2019

ae committed rS347563: Remove bpf interface lock, it is no longer exist..
Remove bpf interface lock, it is no longer exist.
May 14 2019, 10:21 AM

May 13 2019

ae committed rS347549: Avoid possible recursion on BPF_LOCK() in bpfwrite()..
Avoid possible recursion on BPF_LOCK() in bpfwrite().
May 13 2019, 8:18 PM
ae committed rS347527: Do not leak memory used for binary filter..
Do not leak memory used for binary filter.
May 13 2019, 2:07 PM
ae committed rS347526: Rework locking in BPF code to remove rwlock from fast path..
Rework locking in BPF code to remove rwlock from fast path.
May 13 2019, 1:45 PM
ae closed D20224: Eliminate rwlock from fast path processing in BPF code.
May 13 2019, 1:45 PM
ae committed rS347519: Revert r347402. After r347429 symlink is no longer needed..
Revert r347402. After r347429 symlink is no longer needed.
May 13 2019, 8:34 AM
ae committed rS347518: MFC r347178:.
MFC r347178:
May 13 2019, 8:29 AM
ae committed rS347517: MFC r346885:.
MFC r346885:
May 13 2019, 8:28 AM
ae committed rS347516: MFC r346885:.
MFC r346885:
May 13 2019, 8:26 AM

May 12 2019

ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 5:25 PM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.
  • s/bpf_epoch_buffer/bpf_program_buffer/g
  • update some comments
  • add copyright line
  • add refcount to bpf_d and use it in bpfwrite
May 12 2019, 5:23 PM
ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 9:50 AM

May 11 2019

ae added reviewers for D20224: Eliminate rwlock from fast path processing in BPF code: olivier, gallatin, glebius.
May 11 2019, 9:33 AM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.

move bpf_updated() into bpf_setf() to reduce BPF_LOCK() flipping

May 11 2019, 9:31 AM
ae added a comment to D20224: Eliminate rwlock from fast path processing in BPF code.

There is at least one problem that with this patch becomes easy reproducible. With default optimize_writers=0 bpt_mtap() can catch several packets in the time between bpf_setif() and bpf_setf(), because empty filter means "accept all" by bpf_filter(). Maybe it is time to remove optimize_writers variable and use this behavior by default? I.e. by default link new bpf_if into writers only list, and re-link it into readers list when application sets filter? Or change its value to be 1 by default?

May 11 2019, 8:58 AM

May 10 2019

ae created D20224: Eliminate rwlock from fast path processing in BPF code.
May 10 2019, 8:52 AM

May 9 2019

ae closed D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 9 2019, 6:06 PM
ae committed rS347402: Add if_ipsec.ko symlink to ipsec.ko kernel module..
Add if_ipsec.ko symlink to ipsec.ko kernel module.
May 9 2019, 6:06 PM
ae committed rS347383: In mld_v2_cancel_link_timers() check number of references and disconnect.
In mld_v2_cancel_link_timers() check number of references and disconnect
May 9 2019, 7:57 AM

May 8 2019

ae added a comment to D19886: Fix numerous refcount bugs in multicast ....
May 8 2019, 5:28 PM
ae accepted D20070: Fix mutual exclusion issues in multicast socket option handling..

I have no objection. This subsystem is currently broken, but nobody wants to fix it. So, if you tested this patch and it helps to solve your problem, I'm ok, since description looks reasonable.

May 8 2019, 5:16 PM
ae committed rS347333: MFC r346884:.
MFC r346884:
May 8 2019, 3:17 PM
ae committed rS347330: MFC r346884:.
MFC r346884:
May 8 2019, 3:14 PM

May 6 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.
In D20163#434567, @jhb wrote:

FWIW, my limited testing of IPsec doesn't use if_ipsec, but instead I used setkey. I think having the rc.d scripts for 'ipsec_enable' autoloading ipsec.ko is reasonable.

May 6 2019, 6:51 PM
ae committed rS347178: Add ipsec.ko to required_modules for rc.d/ipsec script..
Add ipsec.ko to required_modules for rc.d/ipsec script.
May 6 2019, 8:31 AM
ae created D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 6 2019, 8:09 AM

May 5 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.

I think there are too few users of if_ipsec, to make assumption that all users who use IPsec will use ifconfig(8). AFAIR, it is not the problem, you can just add symlink if_ipsec.ko -> ipsec.ko. But you also need some tweaks that will load ipsec,ko when ipsec_enable is "YES".

May 5 2019, 10:47 PM

May 2 2019

ae added inline comments to D20117: Restructure mbuf send tags to provide stronger guarantees..
May 2 2019, 8:37 PM