Page MenuHomeFreeBSD

ae (Andrey V. Elsukov)
User

Projects

User Details

User Since
Jun 4 2014, 7:25 AM (262 w, 5 d)

Recent Activity

Fri, Jun 14

ae committed rS349033: MFC r348774:.
MFC r348774:
Fri, Jun 14, 10:39 AM

Wed, Jun 12

ae added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..

Only if the firewall needs to read/write actual packet data. Protocol headers (TCP, IP, etc.) are always stored in a normal mbuf at the start of a packet's mbuf chain. Unmapped mbufs only hold payload data that is stored in a socket buffer, so most of the filters I can think of off the top of my head as well as things like NAT should only operate on the normal mbuf holding the headers.

Okay, thanks. That should indeed just work. The 'pf_check_proto_cksum()' flow, assuming there's no hardware assist, might break. I suspect that hardware which uses unmapped mbufs is always going to have checksum offload, so that's probably not an issue either.

Wed, Jun 12, 6:08 PM
ae committed rS348997: MFC r348682:.
MFC r348682:
Wed, Jun 12, 4:34 PM
ae committed rS348984: MFC r348682:.
MFC r348682:
Wed, Jun 12, 10:50 AM

Fri, Jun 7

ae committed rS348774: Use underscores for internal variable name to avoid conflicts..
Use underscores for internal variable name to avoid conflicts.
Fri, Jun 7, 8:30 AM
ae committed rS348773: MFC r348235:.
MFC r348235:
Fri, Jun 7, 8:21 AM

Thu, Jun 6

ae created D20534: Add to NAT64LSN ability to swap runtime configuration between instances.
Thu, Jun 6, 11:08 AM

Wed, Jun 5

ae committed rS348682: Initialize V_nat64out methods explicitly..
Initialize V_nat64out methods explicitly.
Wed, Jun 5, 9:26 AM

Fri, May 31

ae committed rS348470: MFC r348236:.
MFC r348236:
Fri, May 31, 5:18 PM
ae committed rS348455: MFC r348236:.
MFC r348236:
Fri, May 31, 11:21 AM

Tue, May 28

ae committed rS348324: Rework r348303 to reduce the time of holding global BPF lock..
Rework r348303 to reduce the time of holding global BPF lock.
Tue, May 28, 11:45 AM

Mon, May 27

ae committed rS348303: Fix possible NULL pointer dereference..
Fix possible NULL pointer dereference.
Mon, May 27, 12:42 PM
ae committed rS348301: Remove unused token that was added in r348235..
Remove unused token that was added in r348235.
Mon, May 27, 6:34 AM

Fri, May 24

ae committed rS348236: Restore IPV6_NEXTHOP option support that seem was partially broken.
Restore IPV6_NEXTHOP option support that seem was partially broken
Fri, May 24, 11:45 AM
ae committed rS348235: Add `missing` and `or-flush` options to "ipfw table <NAME> create".
Add `missing` and `or-flush` options to "ipfw table <NAME> create"
Fri, May 24, 11:06 AM
ae closed D18339: Add two new options to "ipfw table <NAME> create" to simplify firewall reload.
Fri, May 24, 11:06 AM
ae committed rS348234: Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET()..
Fix the build. Use NET_EPOCH_ENTER_ET() and NET_EPOCH_EXIT_ET().
Fri, May 24, 9:02 AM
ae committed rS348233: MFC r346630:.
MFC r346630:
Fri, May 24, 8:42 AM
ae committed rS348232: MFC r347383:.
MFC r347383:
Fri, May 24, 8:40 AM

Wed, May 22

ae added a comment to D20340: Add deprecation warnings for IPsec algorithms deprecated in RFC 8221..

I think it would be good to have this committed into 11.3 release. So you will be able to see how many users will complain that they need this support, if any.

Wed, May 22, 6:55 AM

Tue, May 21

ae accepted D20328: Fix gateway setup for the interface routes..

LGTM.

Tue, May 21, 8:29 AM

Sun, May 19

ae added a comment to D20290: Update Intel XL710 PF and VF drivers to version ixl-1.11.9 and ixlv-1.5.8.

Can you also update ixv driver? We discovered problems with ixv+VLANs on some KVM hosts with the stock driver, but the driver 1.5.15 from Intel's site works well.

Sun, May 19, 8:46 AM

May 14 2019

ae committed rS347563: Remove bpf interface lock, it is no longer exist..
Remove bpf interface lock, it is no longer exist.
May 14 2019, 10:21 AM

May 13 2019

ae committed rS347549: Avoid possible recursion on BPF_LOCK() in bpfwrite()..
Avoid possible recursion on BPF_LOCK() in bpfwrite().
May 13 2019, 8:18 PM
ae committed rS347527: Do not leak memory used for binary filter..
Do not leak memory used for binary filter.
May 13 2019, 2:07 PM
ae committed rS347526: Rework locking in BPF code to remove rwlock from fast path..
Rework locking in BPF code to remove rwlock from fast path.
May 13 2019, 1:45 PM
ae closed D20224: Eliminate rwlock from fast path processing in BPF code.
May 13 2019, 1:45 PM
ae committed rS347519: Revert r347402. After r347429 symlink is no longer needed..
Revert r347402. After r347429 symlink is no longer needed.
May 13 2019, 8:34 AM
ae committed rS347518: MFC r347178:.
MFC r347178:
May 13 2019, 8:29 AM
ae committed rS347517: MFC r346885:.
MFC r346885:
May 13 2019, 8:28 AM
ae committed rS347516: MFC r346885:.
MFC r346885:
May 13 2019, 8:26 AM

May 12 2019

ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 5:25 PM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.
  • s/bpf_epoch_buffer/bpf_program_buffer/g
  • update some comments
  • add copyright line
  • add refcount to bpf_d and use it in bpfwrite
May 12 2019, 5:23 PM
ae updated the summary of D20224: Eliminate rwlock from fast path processing in BPF code.
May 12 2019, 9:50 AM

May 11 2019

ae added reviewers for D20224: Eliminate rwlock from fast path processing in BPF code: olivier, gallatin, glebius.
May 11 2019, 9:33 AM
ae updated the diff for D20224: Eliminate rwlock from fast path processing in BPF code.

move bpf_updated() into bpf_setf() to reduce BPF_LOCK() flipping

May 11 2019, 9:31 AM
ae added a comment to D20224: Eliminate rwlock from fast path processing in BPF code.

There is at least one problem that with this patch becomes easy reproducible. With default optimize_writers=0 bpt_mtap() can catch several packets in the time between bpf_setif() and bpf_setf(), because empty filter means "accept all" by bpf_filter(). Maybe it is time to remove optimize_writers variable and use this behavior by default? I.e. by default link new bpf_if into writers only list, and re-link it into readers list when application sets filter? Or change its value to be 1 by default?

May 11 2019, 8:58 AM

May 10 2019

ae created D20224: Eliminate rwlock from fast path processing in BPF code.
May 10 2019, 8:52 AM

May 9 2019

ae closed D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 9 2019, 6:06 PM
ae committed rS347402: Add if_ipsec.ko symlink to ipsec.ko kernel module..
Add if_ipsec.ko symlink to ipsec.ko kernel module.
May 9 2019, 6:06 PM
ae committed rS347383: In mld_v2_cancel_link_timers() check number of references and disconnect.
In mld_v2_cancel_link_timers() check number of references and disconnect
May 9 2019, 7:57 AM

May 8 2019

ae added a comment to D19886: Fix numerous refcount bugs in multicast ....
May 8 2019, 5:28 PM
ae accepted D20070: Fix mutual exclusion issues in multicast socket option handling..

I have no objection. This subsystem is currently broken, but nobody wants to fix it. So, if you tested this patch and it helps to solve your problem, I'm ok, since description looks reasonable.

May 8 2019, 5:16 PM
ae committed rS347333: MFC r346884:.
MFC r346884:
May 8 2019, 3:17 PM
ae committed rS347330: MFC r346884:.
MFC r346884:
May 8 2019, 3:14 PM

May 6 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.
In D20163#434567, @jhb wrote:

FWIW, my limited testing of IPsec doesn't use if_ipsec, but instead I used setkey. I think having the rc.d scripts for 'ipsec_enable' autoloading ipsec.ko is reasonable.

May 6 2019, 6:51 PM
ae committed rS347178: Add ipsec.ko to required_modules for rc.d/ipsec script..
Add ipsec.ko to required_modules for rc.d/ipsec script.
May 6 2019, 8:31 AM
ae created D20169: Make if_enc and if_ipsec kernel modules loadable by ifconfig(8).
May 6 2019, 8:09 AM

May 5 2019

ae added a comment to D20163: Remove IPSEC from GENERIC due to performance issues.

I think there are too few users of if_ipsec, to make assumption that all users who use IPsec will use ifconfig(8). AFAIR, it is not the problem, you can just add symlink if_ipsec.ko -> ipsec.ko. But you also need some tweaks that will load ipsec,ko when ipsec_enable is "YES".

May 5 2019, 10:47 PM

May 2 2019

ae added inline comments to D20117: Restructure mbuf send tags to provide stronger guarantees..
May 2 2019, 8:37 PM
ae committed rS347026: MFC r345798:.
MFC r345798:
May 2 2019, 5:43 PM
ae committed rS347025: MFC r345798:.
MFC r345798:
May 2 2019, 5:41 PM
ae accepted D20117: Restructure mbuf send tags to provide stronger guarantees..
May 2 2019, 3:05 PM

May 1 2019

ae added a comment to D20117: Restructure mbuf send tags to provide stronger guarantees..

I'm sorry, I completely missed this change in the past. But it looks like it can break ipfw firewall rules, since rcvif is now union with snd_tag. And this means, rcvif can be initialized for packets that were not actually received on specified interface. ipfw uses rcvif in rules to check that a packet was received on specified interface, and this check was correct even for outgoing packets. Now it looks like such checks can be incorrect.

May 1 2019, 10:13 AM
ae added reviewers for D20117: Restructure mbuf send tags to provide stronger guarantees.: network, melifaro, glebius, rgrimes.
May 1 2019, 10:08 AM
ae committed rS346988: MFC r345843:.
MFC r345843:
May 1 2019, 9:06 AM
ae committed rS346987: MFC r345797:.
MFC r345797:
May 1 2019, 9:04 AM

Apr 30 2019

ae added a comment to D20109: Need to wait for epoch callbacks to complete before detaching network interface.

The epoch_call_drain() function is indeed needed (at least to fix such panic https://reviews.freebsd.org/F4491011).
But your example shows that epoch based reclamation is just wrongly used. The right solution should be keeping ifnet detached until all possible consumers stop reference it, and only then it will be safe to free ifnet pointer.

Apr 30 2019, 1:34 PM

Apr 29 2019

ae added a comment to D20070: Fix mutual exclusion issues in multicast socket option handling..

I'm not quite familiar with this code. Is it safe enough to make INP_WUNLOCK(); /* some code */ INP_WLOCK(); without holding extra reference to PCB? Is is it impossible, that another thread can destroy PCB when we release lock?

Sorry, I don't see where the question is coming from. In general, no, you have to acquire a reference before dropping the lock. That's what the old version of the diff did, in order to acquire the sleepable IN_MULTI lock. But dropping the PCB lock introduces races. I changed the code to acquire the IN_MULTI lock first, so we don't have to drop the PCB lock anymore.

Apr 29 2019, 1:28 PM
ae added inline comments to D20076: Streamline ifa selection when adding a route..
Apr 29 2019, 11:29 AM
ae added inline comments to D20076: Streamline ifa selection when adding a route..
Apr 29 2019, 11:23 AM
ae committed rS346885: Handle HAVE_PROTO flag and print "proto" keyword for O_IP4 and O_IP6.
Handle HAVE_PROTO flag and print "proto" keyword for O_IP4 and O_IP6
Apr 29 2019, 9:53 AM
ae committed rS346884: Add IPv6 support for O_IPLEN opcode..
Add IPv6 support for O_IPLEN opcode.
Apr 29 2019, 9:33 AM

Apr 26 2019

ae added a comment to D20070: Fix mutual exclusion issues in multicast socket option handling..

I'm not quite familiar with this code. Is it safe enough to make INP_WUNLOCK(); /* some code */ INP_WLOCK(); without holding extra reference to PCB? Is is it impossible, that another thread can destroy PCB when we release lock?

Apr 26 2019, 10:20 AM

Apr 24 2019

ae accepted D20027: tun/tap: close race between destroy/ioctl handler.

LGTM.

Apr 24 2019, 9:59 AM
ae committed rS346630: Add GRE-in-UDP encapsulation support as defined in RFC8086..
Add GRE-in-UDP encapsulation support as defined in RFC8086.
Apr 24 2019, 9:06 AM
ae closed D19921: Add GRE-in-UDP encapsulation support.
Apr 24 2019, 9:06 AM

Apr 23 2019

ae added inline comments to D19921: Add GRE-in-UDP encapsulation support.
Apr 23 2019, 3:52 PM
ae added inline comments to D19921: Add GRE-in-UDP encapsulation support.
Apr 23 2019, 10:36 AM

Apr 22 2019

ae accepted D20006: ipoib: assign link-local address according to RFC.
Apr 22 2019, 9:38 PM
ae added a comment to D20006: ipoib: assign link-local address according to RFC.
In D20006#430085, @kib wrote:

Well, I can take only 8bytes. But what I see on Linux (not me, this is copy/paste from somebody else actions):

# ifconfig ib5
Ifconfig uses the ioctl access method to get the full address information, which limits hardware addresses to 8 bytes.
Because Infiniband address has 20 bytes, only the first 8 bytes are displayed correctly.
Ifconfig is obsolete! For replacement check ip.
ib5       Link encap:InfiniBand  HWaddr 80:00:08:87:FE:80:00:00:00:00:00:00:00:00:00:00:00:00:00:00
          inet addr:16.7.5.140  Bcast:16.7.255.255  Mask:255.255.0.0
          inet6 addr: fe80::ee0d:9a03:43:f7bd/64 Scope:Link
Apr 22 2019, 6:26 PM
ae added a comment to D20006: ipoib: assign link-local address according to RFC.
In D20006#430051, @kib wrote:

Hm, from my reading of RFC, there is a very explicit requirement to form 20-byte link-local address as [0:qpn:GID], and the 16-byte l/l should be formed by truncating. I also verified that after the patch, l/l address on the ibX is same as configured by Linux.
Are you worrying about the embedded scope id ? If scope is implanted before the call, I can preserve it ?

Apr 22 2019, 5:19 PM
ae added a comment to D20006: ipoib: assign link-local address according to RFC.

I'm not sure that is correct. in6_get_hw_ifid() is used by in6_ifattach_linklocal() via get_ifid() to generate IPv6 link local address. IPv6 link local address has already filled first 8 bytes. And in this change you override them. Note in the line 238 says that first 8 bytes should be preserved.

Apr 22 2019, 3:54 PM
ae added a comment to D20006: ipoib: assign link-local address according to RFC.

It looks like INFINIBAND_ALEN defines link address length for infiniband. It is 20 bytes. It seems the check if (addrlen != 16) will be always successful.

Apr 22 2019, 3:13 PM
ae updated the diff for D19921: Add GRE-in-UDP encapsulation support.
  • remove RSS-related chunks.
  • allow use any port number within [V_ipport_hifirstauto, V_ipport_hilastauto] range.
Apr 22 2019, 11:16 AM
ae added a comment to D19754: cxgbe(4): Integrate with PNP PCIID-based autoload.

We have single machine, that after automatic firmware upgrade fails to attache the driver:

Apr 22 2019, 11:10 AM

Apr 20 2019

ae abandoned D19925: Add epoch_call_drain() function to wait until scheduled epoch_call() requests will be finished..

It seems this is not enough to prevent panics. Simple kernel module to reproduce the panic.

Apr 20 2019, 9:24 AM

Apr 19 2019

ae added inline comments to D19921: Add GRE-in-UDP encapsulation support.
Apr 19 2019, 4:36 PM
ae updated the summary of D19921: Add GRE-in-UDP encapsulation support.
Apr 19 2019, 10:58 AM

Apr 16 2019

ae created D19925: Add epoch_call_drain() function to wait until scheduled epoch_call() requests will be finished..
Apr 16 2019, 4:09 PM
ae updated the summary of D19921: Add GRE-in-UDP encapsulation support.
Apr 16 2019, 3:25 PM
ae updated the diff for D19921: Add GRE-in-UDP encapsulation support.

Document GRE-in-UDP in gre(4).

Apr 16 2019, 12:52 PM
ae created D19921: Add GRE-in-UDP encapsulation support.
Apr 16 2019, 11:14 AM

Apr 14 2019

ae committed rS346214: MFC r345319:.
MFC r345319:
Apr 14 2019, 1:18 PM
ae committed rS346213: MFC r345293:.
MFC r345293:
Apr 14 2019, 1:08 PM
ae committed rS346212: MFC r345264:.
MFC r345264:
Apr 14 2019, 12:39 PM
ae committed rS346211: MFC r345263:.
MFC r345263:
Apr 14 2019, 12:36 PM
ae committed rS346210: MFC r345262:.
MFC r345262:
Apr 14 2019, 12:34 PM
ae committed rS346209: MFC r339542:.
MFC r339542:
Apr 14 2019, 12:28 PM
ae committed rS346208: MFC r344709 (by ygy):.
MFC r344709 (by ygy):
Apr 14 2019, 12:14 PM
ae committed rS346207: MFC r344665 (by trhodes):.
MFC r344665 (by trhodes):
Apr 14 2019, 12:11 PM
ae committed rS346206: MFC r344665 (by trhodes):.
MFC r344665 (by trhodes):
Apr 14 2019, 12:10 PM
ae committed rS346205: MFC r341471:.
MFC r341471:
Apr 14 2019, 12:05 PM
ae committed rS346204: MFC r340792 (by ygy):.
MFC r340792 (by ygy):
Apr 14 2019, 11:52 AM
ae committed rS346203: MFC r340717 (by ygy):.
MFC r340717 (by ygy):
Apr 14 2019, 11:50 AM
ae committed rS346202: Fix the build. Include net/pfil.h to be able use IPFW_WLOCK()..
Fix the build. Include net/pfil.h to be able use IPFW_WLOCK().
Apr 14 2019, 11:19 AM
ae committed rS346201: MFC r342908:.
MFC r342908:
Apr 14 2019, 11:06 AM
ae committed rS346200: MFC r345264:.
MFC r345264:
Apr 14 2019, 10:44 AM
ae committed rS346199: MFC r345263:.
MFC r345263:
Apr 14 2019, 10:41 AM
ae committed rS346198: MFC r345262:.
MFC r345262:
Apr 14 2019, 10:38 AM