Page MenuHomeFreeBSD

ae (Andrey V. Elsukov)
User

Projects

User Details

User Since
Jun 4 2014, 7:25 AM (271 w, 5 d)

Recent Activity

Fri, Aug 16

ae committed rS351117: MFC r350816:.
MFC r350816:
Fri, Aug 16, 12:28 PM
ae committed rS351116: MFC r350816:.
MFC r350816:
Fri, Aug 16, 12:27 PM

Thu, Aug 15

ae committed rS351071: Fix rule truncation on external action module unloading..
Fix rule truncation on external action module unloading.
Thu, Aug 15, 1:44 PM

Tue, Aug 13

ae committed rS350974: Save ip_ttl value and restore it after checksum calculation..
Save ip_ttl value and restore it after checksum calculation.
Tue, Aug 13, 12:48 PM

Sun, Aug 11

ae added a comment to D21209: Wrap a vlan's parent's if_output in a separate function..

If you know that the problem occurs only with BPF, bpfwrite() invokes if_output() already in epoch section.

Sun, Aug 11, 9:45 AM

Fri, Aug 9

ae committed rS350816: Add missing new line in several log messages..
Add missing new line in several log messages.
Fri, Aug 9, 8:58 AM

Mon, Aug 5

ae committed rS350583: MFC r350417:.
MFC r350417:
Mon, Aug 5, 7:50 AM
ae committed rS350582: MFC r350417:.
MFC r350417:
Mon, Aug 5, 7:49 AM

Fri, Aug 2

D21128: ipfw: fix jail option is now accepted and ready to land.
Fri, Aug 2, 8:32 AM

Mon, Jul 29

ae committed rS350417: dd ipfw_get_action() function to get the pointer to action opcode..
dd ipfw_get_action() function to get the pointer to action opcode.
Mon, Jul 29, 3:09 PM
ae committed rS350413: Avoid possible lock leaking..
Avoid possible lock leaking.
Mon, Jul 29, 12:56 PM
ae added a comment to D21086: pf: Remove partial RFC2675 support.

Does this mean that you concluded in the IETF mailing list to drop this support?

Mon, Jul 29, 10:21 AM

Tue, Jul 23

ae committed rS350240: Eliminate rmlock from ipfw's BPF code..
Eliminate rmlock from ipfw's BPF code.
Tue, Jul 23, 12:53 PM

Jul 19 2019

ae committed rS350138: MFC r349940:.
MFC r349940:
Jul 19 2019, 3:24 PM
ae committed rS350137: MFC r349940:.
MFC r349940:
Jul 19 2019, 3:18 PM

Jul 12 2019

ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 1:46 PM
ae committed rS349941: Do not modify cmd pointer if it is already last opcode in the rule..
Do not modify cmd pointer if it is already last opcode in the rule.
Jul 12 2019, 9:59 AM
ae committed rS349940: Correctly truncate the rule in case when it has several action opcodes..
Correctly truncate the rule in case when it has several action opcodes.
Jul 12 2019, 9:48 AM
ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 9:40 AM
ae added inline comments to D20936: Fix a race in udp6_output.
Jul 12 2019, 9:37 AM

Jul 7 2019

ae added a comment to D20868: epair: Fix shutdown race.

What happens ifp->if_softc will become NULL just after this 'if (sc == NULL)' check? It looks like epair_remove_ifp_from_draining(ifp) also uses if_softc field.

Jul 7 2019, 10:57 AM

Jul 3 2019

ae committed rS349648: MFC r349366:.
MFC r349366:
Jul 3 2019, 9:52 AM
ae committed rS349647: MFC r349365:.
MFC r349365:
Jul 3 2019, 9:49 AM
ae committed rS349646: MFC r349364:.
MFC r349364:
Jul 3 2019, 9:48 AM
ae committed rS349644: MFC r349366:.
MFC r349366:
Jul 3 2019, 9:46 AM
ae committed rS349643: MFC r349365:.
MFC r349365:
Jul 3 2019, 9:45 AM
ae committed rS349642: MFC r349364:.
MFC r349364:
Jul 3 2019, 9:43 AM

Jul 1 2019

ae committed rS349575: MFC r348235:.
MFC r348235:
Jul 1 2019, 10:16 AM
ae committed rS349574: MFC r348774:.
MFC r348774:
Jul 1 2019, 10:09 AM
ae committed rS349573: MFC r349267:.
MFC r349267:
Jul 1 2019, 10:03 AM
ae committed rS349572: MFC r349267:.
MFC r349267:
Jul 1 2019, 10:01 AM

Jun 26 2019

ae committed rS349429: Merge from stable/11:.
Merge from stable/11:
Jun 26 2019, 5:21 PM
ae committed rS349411: Fix the uninitialized use of source IPv6 address in NAT64LSN..
Fix the uninitialized use of source IPv6 address in NAT64LSN.
Jun 26 2019, 12:27 PM

Jun 25 2019

ae committed rS349366: Follow the RFC 3128 and drop short TCP fragments with offset = 1..
Follow the RFC 3128 and drop short TCP fragments with offset = 1.
Jun 25 2019, 11:40 AM
ae committed rS349365: Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in.
Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in
Jun 25 2019, 9:11 AM
ae committed rS349364: Restore ipfw(8)'s compact output support broken after r331668..
Restore ipfw(8)'s compact output support broken after r331668.
Jun 25 2019, 9:08 AM

Jun 24 2019

D20742: netipsec key_register: check for M_NOWAIT alloc failure is now accepted and ready to land.
Jun 24 2019, 4:38 PM

Jun 21 2019

ae added a comment to D20712: Add to ipfw tcpmss opcode that matches MSS values or ranges..

Committed in https://svnweb.freebsd.org/changeset/base/349267
Forgot to specify phabricator URL...

Jun 21 2019, 11:02 AM
ae committed rS349267: Add "tcpmss" opcode to match the TCP MSS value..
Add "tcpmss" opcode to match the TCP MSS value.
Jun 21 2019, 10:55 AM

Jun 20 2019

ae created D20712: Add to ipfw tcpmss opcode that matches MSS values or ranges..
Jun 20 2019, 7:01 PM

Jun 14 2019

ae committed rS349033: MFC r348774:.
MFC r348774:
Jun 14 2019, 10:39 AM

Jun 12 2019

ae added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..

Only if the firewall needs to read/write actual packet data. Protocol headers (TCP, IP, etc.) are always stored in a normal mbuf at the start of a packet's mbuf chain. Unmapped mbufs only hold payload data that is stored in a socket buffer, so most of the filters I can think of off the top of my head as well as things like NAT should only operate on the normal mbuf holding the headers.

Okay, thanks. That should indeed just work. The 'pf_check_proto_cksum()' flow, assuming there's no hardware assist, might break. I suspect that hardware which uses unmapped mbufs is always going to have checksum offload, so that's probably not an issue either.

Jun 12 2019, 6:08 PM
ae committed rS348997: MFC r348682:.
MFC r348682:
Jun 12 2019, 4:34 PM
ae committed rS348984: MFC r348682:.
MFC r348682:
Jun 12 2019, 10:50 AM

Jun 7 2019

ae committed rS348774: Use underscores for internal variable name to avoid conflicts..
Use underscores for internal variable name to avoid conflicts.
Jun 7 2019, 8:30 AM
ae committed rS348773: MFC r348235:.
MFC r348235:
Jun 7 2019, 8:21 AM

Jun 6 2019

ae created D20534: Add to NAT64LSN ability to swap runtime configuration between instances.
Jun 6 2019, 11:08 AM

Jun 5 2019

ae committed rS348682: Initialize V_nat64out methods explicitly..
Initialize V_nat64out methods explicitly.
Jun 5 2019, 9:26 AM

May 31 2019

ae committed rS348470: MFC r348236:.
MFC r348236:
May 31 2019, 5:18 PM
ae committed rS348455: MFC r348236:.
MFC r348236:
May 31 2019, 11:21 AM

May 28 2019

ae committed rS348324: Rework r348303 to reduce the time of holding global BPF lock..
Rework r348303 to reduce the time of holding global BPF lock.
May 28 2019, 11:45 AM

May 27 2019

ae committed rS348303: Fix possible NULL pointer dereference..
Fix possible NULL pointer dereference.
May 27 2019, 12:42 PM
ae committed rS348301: Remove unused token that was added in r348235..
Remove unused token that was added in r348235.
May 27 2019, 6:34 AM

May 24 2019

ae committed rS348236: Restore IPV6_NEXTHOP option support that seem was partially broken.
Restore IPV6_NEXTHOP option support that seem was partially broken
May 24 2019, 11:45 AM
ae committed rS348235: Add `missing` and `or-flush` options to "ipfw table <NAME> create".
Add `missing` and `or-flush` options to "ipfw table <NAME> create"
May 24 2019, 11:06 AM
ae closed D18339: Add two new options to "ipfw table <NAME> create" to simplify firewall reload.
May 24 2019, 11:06 AM
ae committed rS348234: Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET()..
Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET().
May 24 2019, 9:02 AM
ae committed rS348233: MFC r346630:.
MFC r346630:
May 24 2019, 8:42 AM
ae committed rS348232: MFC r347383:.
MFC r347383:
May 24 2019, 8:40 AM

May 22 2019

ae added a comment to D20340: Add deprecation warnings for IPsec algorithms deprecated in RFC 8221..

I think it would be good to have this committed into 11.3 release. So you will be able to see how many users will complain that they need this support, if any.

May 22 2019, 6:55 AM

May 21 2019

ae accepted D20328: Fix gateway setup for the interface routes..

LGTM.

May 21 2019, 8:29 AM

May 19 2019

ae added a comment to D20290: Update Intel XL710 PF and VF drivers to version ixl-1.11.9 and ixlv-1.5.8.

Can you also update ixv driver? We discovered problems with ixv+VLANs on some KVM hosts with the stock driver, but the driver 1.5.15 from Intel's site works well.

May 19 2019, 8:46 AM

May 14 2019

ae committed rS347563: Remove bpf interface lock, it is no longer exist..
Remove bpf interface lock, it is no longer exist.
May 14 2019, 10:21 AM

May 13 2019

ae committed rS347549: Avoid possible recursion on BPF_LOCK() in bpfwrite()..
Avoid possible recursion on BPF_LOCK() in bpfwrite().
May 13 2019, 8:18 PM
ae committed rS347527: Do not leak memory used for binary filter..
Do not leak memory used for binary filter.
May 13 2019, 2:07 PM
ae committed rS347526: Rework locking in BPF code to remove rwlock from fast path..
Rework locking in BPF code to remove rwlock from fast path.
May 13 2019, 1:45 PM
ae closed D20224: Eliminate rwlock from fast path processing in BPF code.
May 13 2019, 1:45 PM
ae committed rS347519: Revert r347402. After r347429 symlink is no longer needed..
Revert r347402. After r347429 symlink is no longer needed.
May 13 2019, 8:34 AM
ae committed rS347518: MFC r347178:.
MFC r347178:
May 13 2019, 8:29 AM
ae committed rS347517: MFC r346885:.
MFC r346885:
May 13 2019, 8:28 AM
ae committed rS347516: MFC r346885:.
MFC r346885:
May 13 2019, 8:26 AM

May 12 2019

ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 5:25 PM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.
  • s/bpf_epoch_buffer/bpf_program_buffer/g
  • update some comments
  • add copyright line
  • add refcount to bpf_d and use it in bpfwrite
May 12 2019, 5:23 PM
ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 9:50 AM

May 11 2019

ae added reviewers for D20224: Eliminate rwlock from fast path processing in BPF code: olivier, gallatin, glebius.
May 11 2019, 9:33 AM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.

move bpf_updated() into bpf_setf() to reduce BPF_LOCK() flipping

May 11 2019, 9:31 AM
ae added a comment to D20224: Eliminate rwlock from fast path processing in BPF code.

There is at least one problem that with this patch becomes easy reproducible. With default optimize_writers=0 bpt_mtap() can catch several packets in the time between bpf_setif() and bpf_setf(), because empty filter means "accept all" by bpf_filter(). Maybe it is time to remove optimize_writers variable and use this behavior by default? I.e. by default link new bpf_if into writers only list, and re-link it into readers list when application sets filter? Or change its value to be 1 by default?

May 11 2019, 8:58 AM

May 10 2019

ae created D20224: Eliminate rwlock from fast path processing in BPF code.
May 10 2019, 8:52 AM

May 9 2019

ae closed D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 9 2019, 6:06 PM
ae committed rS347402: Add if_ipsec.ko symlink to ipsec.ko kernel module..
Add if_ipsec.ko symlink to ipsec.ko kernel module.
May 9 2019, 6:06 PM
ae committed rS347383: In mld_v2_cancel_link_timers() check number of references and disconnect.
In mld_v2_cancel_link_timers() check number of references and disconnect
May 9 2019, 7:57 AM

May 8 2019

ae added a comment to D19886: Fix numerous refcount bugs in multicast ....
May 8 2019, 5:28 PM
ae accepted D20070: Fix mutual exclusion issues in multicast socket option handling..

I have no objection. This subsystem is currently broken, but nobody wants to fix it. So, if you tested this patch and it helps to solve your problem, I'm ok, since description looks reasonable.

May 8 2019, 5:16 PM
ae committed rS347333: MFC r346884:.
MFC r346884:
May 8 2019, 3:17 PM
ae committed rS347330: MFC r346884:.
MFC r346884:
May 8 2019, 3:14 PM

May 6 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.
In D20163#434567, @jhb wrote:

FWIW, my limited testing of IPsec doesn't use if_ipsec, but instead I used setkey. I think having the rc.d scripts for 'ipsec_enable' autoloading ipsec.ko is reasonable.

May 6 2019, 6:51 PM
ae committed rS347178: Add ipsec.ko to required_modules for rc.d/ipsec script..
Add ipsec.ko to required_modules for rc.d/ipsec script.
May 6 2019, 8:31 AM
ae created D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 6 2019, 8:09 AM

May 5 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.

I think there are too few users of if_ipsec, to make assumption that all users who use IPsec will use ifconfig(8). AFAIR, it is not the problem, you can just add symlink if_ipsec.ko -> ipsec.ko. But you also need some tweaks that will load ipsec,ko when ipsec_enable is "YES".

May 5 2019, 10:47 PM

May 2 2019

ae added inline comments to D20117: Restructure mbuf send tags to provide stronger guarantees..
May 2 2019, 8:37 PM
ae committed rS347026: MFC r345798:.
MFC r345798:
May 2 2019, 5:43 PM
ae committed rS347025: MFC r345798:.
MFC r345798:
May 2 2019, 5:41 PM
ae accepted D20117: Restructure mbuf send tags to provide stronger guarantees..
May 2 2019, 3:05 PM

May 1 2019

ae added a comment to D20117: Restructure mbuf send tags to provide stronger guarantees..

I'm sorry, I completely missed this change in the past. But it looks like it can break ipfw firewall rules, since rcvif is now union with snd_tag. And this means, rcvif can be initialized for packets that were not actually received on specified interface. ipfw uses rcvif in rules to check that a packet was received on specified interface, and this check was correct even for outgoing packets. Now it looks like such checks can be incorrect.

May 1 2019, 10:13 AM
ae added reviewers for D20117: Restructure mbuf send tags to provide stronger guarantees.: network, melifaro, glebius, rgrimes.
May 1 2019, 10:08 AM
ae committed rS346988: MFC r345843:.
MFC r345843:
May 1 2019, 9:06 AM
ae committed rS346987: MFC r345797:.
MFC r345797:
May 1 2019, 9:04 AM

Apr 30 2019

ae added a comment to D20109: Need to wait for epoch callbacks to complete before detaching network interface.

The epoch_call_drain() function is indeed needed (at least to fix such panic https://reviews.freebsd.org/F4491011).
But your example shows that epoch based reclamation is just wrongly used. The right solution should be keeping ifnet detached until all possible consumers stop reference it, and only then it will be safe to free ifnet pointer.

Apr 30 2019, 1:34 PM

Apr 29 2019

ae added a comment to D20070: Fix mutual exclusion issues in multicast socket option handling..

I'm not quite familiar with this code. Is it safe enough to make INP_WUNLOCK(); /* some code */ INP_WLOCK(); without holding extra reference to PCB? Is is it impossible, that another thread can destroy PCB when we release lock?

Sorry, I don't see where the question is coming from. In general, no, you have to acquire a reference before dropping the lock. That's what the old version of the diff did, in order to acquire the sleepable IN_MULTI lock. But dropping the PCB lock introduces races. I changed the code to acquire the IN_MULTI lock first, so we don't have to drop the PCB lock anymore.

Apr 29 2019, 1:28 PM
ae added inline comments to D20076: Streamline ifa selection when adding a route..
Apr 29 2019, 11:29 AM