User Details
- User Since
- Jun 4 2014, 7:25 AM (345 w, 5 d)
Today
We already have IP_SENDONES flag for ip_output, that should serve for this purpose. Maybe is it not safe enough to allow this feature for all protocols?
Sat, Jan 16
I think the patch in D28187 is better. You need to release reference to SP when error occurs before ipsec4_process_packet().
It seems part of this is already in D28160
Dec 13 2020
Nov 18 2020
Nov 16 2020
It seems I found how to reproduce it on test system:
- Load systemt without any unneeded modules
- kldload dtraceall
- Run
# dtrace -n 'fbt::ip_input:entry { printf("%s", stringof(args[0]->m_pkthdr.rcvif->if_xname)); }' dtrace: description 'fbt::ip_input:entry ' matched 1 probe CPU ID FUNCTION:NAME 2 49220 ip_input:entry ix0 2 49220 ip_input:entry ix0 6 49220 ip_input:entry ix0 ^C # kldunload dtraceall # kldload ipfw # kldload dtraceall # dtrace -n 'fbt::ip_input:entry { printf("%s", stringof(args[0]->m_pkthdr.rcvif->if_xname)); }' dtrace: invalid probe specifier fbt::ip_input:entry { printf("%s", stringof(args[0]->m_pkthdr.rcvif->if_xname)); }: in action list: m_pkthdr is not a member of struct mbuf
Recently I faced with this problem on some machines:
# dtrace -n 'fbt::ip_input:entry { printf("%s", stringof(args[0]->m_pkthdr.rcvif->if_xname)); }' dtrace: invalid probe specifier fbt::ip_input:entry { printf("%s", stringof(args[0]->m_pkthdr.rcvif->if_xname)); }: in action list: m_pkthdr is not a member of struct mbuf
Nov 13 2020
Nov 12 2020
Nov 11 2020
Nov 10 2020
Oct 29 2020
Oct 21 2020
Move provider and probe definitions into ipfw2.c
Oct 20 2020
Oct 17 2020
LGTM. However it would be nice, if you consider my comments :)
It seems the only solution here is taking ifnet reference. I'm not sure about PCB, probably it can not disappear here.
Oct 16 2020
Oct 14 2020
Oct 13 2020
Looks correct to me.
Oct 12 2020
The code refers what you named "processing actions" as "policy levels". Take a look at netipsec/ipsec.h
Oct 9 2020
Oct 8 2020
Oct 5 2020
Yes. But I don't think the patch is heavy. Lets try to look from a different point.
SO_REUSEPORT_LB was introduced in D11003 with several fixes later, it has the same purpose - extend scalability of user space programs, that was used for example by DNS server.
The kernel should provide useful features for applications. Your app can use simple sockets API to send data, but also it can use more productive sendfile(2) syscall, etc.
OpenVPN is free opensource application that is widely used and supports different OSes. When all employee in your company are going work remotely, you can buy some hardware and thousands of licenses or can just use relatively small patch. This patch helps to extend scalability of OpenVPN for us, but it can be used for another apps that we don't use. I'm not forcing to commit it into base system, just share our experience and ask for comments.
Oct 2 2020
I think IF_ADDR_WLOCK() is not required for this ioctl. It is enough to use NET_EPOCH_ENTER().
Sep 23 2020
It seems you missed hash calculation for udp[6]_output(), when socket isn't connected and destination address is specified by caller.
Sep 15 2020
Sep 11 2020
Committed as rS365628.
Sep 10 2020
I think this patch is too complicated. Can you properly test this patch instead? https://people.freebsd.org/~ae/ipfw_frag.diff
Sep 8 2020
Aug 12 2020
Aug 11 2020
Aug 5 2020
Aug 3 2020
I sent a more generic patch in the reply to your email a week ago, can you check your spam folder and test it?
Jul 30 2020
LGTM.
Jul 27 2020
I think it should be possible solve the problem without introducing extra configuration parameter. I'll take a look.
Jul 13 2020
LGTM.
Jun 25 2020
LGTM.
Jun 10 2020
Jun 9 2020
Jun 5 2020
Jun 3 2020
Jun 1 2020
How many subscribers do you expect? I think you will replace some existing. Maybe it would be better to have separate list for each subscription type?
May 29 2020
You can just use another option name to specify excludes.
May 26 2020
May 25 2020
May 22 2020
I have no objection against this. Just one test case to test - create several EBR partitions (e.g. s5, s6, s7), then remove one from the middle (i.e. s6), then create two smaller in this free space (and then optionally reboot, and see what we will have after reboot).
May 20 2020
I'll try to test this and commit with small modifications after weekend. Thanks!
May 14 2020
May 6 2020
It seems rt_pktsent is already unused in head/, thus its removal is reasonable. According to your calculations for offsets, this change can give some performance boost, and I'll try to measure it in the lab, but I'm not sure this will happen very soon. Also maybe is it worth to add some explicit alignment requirements to rtentry structure or some of its fields? We can use __aligned(CACHE_LINE_SIZE)
I also agree that these messages should be removed. But moving them to nd6 debugging seems wrong.