Page MenuHomeFreeBSD

ae (Andrey V. Elsukov)
User

Projects

User Details

User Since
Jun 4 2014, 7:25 AM (576 w, 3 d)

Recent Activity

Thu, Jun 5

ae accepted D50665: route: fix rtentry double free.
Thu, Jun 5, 7:36 AM

Tue, Jun 3

ae added inline comments to D50665: route: fix rtentry double free.
Tue, Jun 3, 3:38 PM

Mon, Jun 2

ae accepted D50597: ipfw: prefixlen segfault bugfix in nptv6.
Mon, Jun 2, 8:54 AM

Sat, May 24

ae closed D50455: carp: fix mbuf_tag usage in carp_macmatch6.
Sat, May 24, 8:24 AM
ae committed rG6a97fbe6fcb3: carp: fix mbuf_tag usage in carp_macmatch6 (authored by ae).
carp: fix mbuf_tag usage in carp_macmatch6
Sat, May 24, 8:24 AM

May 21 2025

ae published D50455: carp: fix mbuf_tag usage in carp_macmatch6 for review.
May 21 2025, 10:06 AM

May 14 2025

ae updated subscribers of D50108: ip6: implement RFC 8981-advised temporary IID generation.
May 14 2025, 4:45 PM

Apr 18 2025

ae committed rGf5a5dd77ea34: ipfw: fix build (authored by ae).
ipfw: fix build
Apr 18 2025, 1:36 PM
ae committed rG3c76623ad553: ipfw: add 'internal monitor' subcommand to capture rtsock messages. (authored by ae).
ipfw: add 'internal monitor' subcommand to capture rtsock messages.
Apr 18 2025, 12:35 PM
ae committed rG2407636ff1cc: ipfw: document logdst opcode (authored by ae).
ipfw: document logdst opcode
Apr 18 2025, 12:35 PM
ae committed rGe26d1cea25cd: ipfw: add IPv6 logging via rtsock support for fwd tablearg opcode (authored by ae).
ipfw: add IPv6 logging via rtsock support for fwd tablearg opcode
Apr 18 2025, 12:35 PM
ae committed rG4a02faa114c5: ipfw: add IPv6 logging support for fwd tablearg opcode (authored by ae).
ipfw: add IPv6 logging support for fwd tablearg opcode
Apr 18 2025, 12:35 PM

Apr 2 2025

ae committed rGf8cd0c8e20b0: tests: fix test for NULL encription (authored by ae).
tests: fix test for NULL encription
Apr 2 2025, 7:55 AM
ae committed rG5b6d576d22bc: tests: fix test for NULL encription (authored by ae).
tests: fix test for NULL encription
Apr 2 2025, 7:55 AM

Mar 25 2025

ae committed rGb67080455907: tests: fix test for NULL encription (authored by ae).
tests: fix test for NULL encription
Mar 25 2025, 7:27 AM

Mar 23 2025

ae added a reviewer for D49459: Make temp option for ndp work: glebius.
Mar 23 2025, 8:28 AM · network

Mar 19 2025

ae added a comment to D49412: ifnet: Remove a redundant check for flag IFF_DYING from ifunit_ref().

I think adding MPASS is better than removing. There is no locking, and it is still possible, that the code you are modifying will first get ifp pointer and then this ifp will be unlinked and marked as DYING :)

Mar 19 2025, 11:22 AM

Mar 18 2025

ae committed rGb297093ebab6: routing: do not allow PINNED routes to be overriden (authored by ae).
routing: do not allow PINNED routes to be overriden
Mar 18 2025, 9:12 AM
ae committed rG01ade56eba14: routing: do not allow PINNED routes to be overriden (authored by ae).
routing: do not allow PINNED routes to be overriden
Mar 18 2025, 9:11 AM

Mar 13 2025

ae committed rG1219a3f40db3: pfkey2: use correct value for a key length (authored by ae).
pfkey2: use correct value for a key length
Mar 13 2025, 10:24 AM
ae committed rG72e2ebf64212: pfkey2: use correct value for a key length (authored by ae).
pfkey2: use correct value for a key length
Mar 13 2025, 10:23 AM
ae committed rGf1929835f76d: ipfw: fix dump_soptcodes() handler (authored by ae).
ipfw: fix dump_soptcodes() handler
Mar 13 2025, 10:19 AM
ae committed rG83c23b6c6630: ipfw: fix dump_soptcodes() handler (authored by ae).
ipfw: fix dump_soptcodes() handler
Mar 13 2025, 10:18 AM

Mar 7 2025

ae committed rG699ed29c4fd8: routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH (authored by ae).
routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH
Mar 7 2025, 9:57 AM
ae committed rG836c8dad4544: routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH (authored by ae).
routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH
Mar 7 2025, 9:56 AM

Mar 6 2025

ae committed rG04207850a9b9: pfkey2: use correct value for a key length (authored by ae).
pfkey2: use correct value for a key length
Mar 6 2025, 12:24 PM

Mar 5 2025

ae committed rGb405250c77e6: ipfw: fix dump_soptcodes() handler (authored by ae).
ipfw: fix dump_soptcodes() handler
Mar 5 2025, 9:33 AM

Mar 4 2025

ae closed D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
Mar 4 2025, 7:10 PM
ae accepted D49227: udp: Do not recursively enter net epoch.
Mar 4 2025, 11:56 AM

Mar 3 2025

ae committed rG4a77657cbc01: ipfw: migrate ipfw to 32-bit size rule numbers (authored by ae).
ipfw: migrate ipfw to 32-bit size rule numbers
Mar 3 2025, 7:01 PM
ae committed rG6ba1c5abb957: ipfw: add UPDATING note and modify __FreeBSD_version (authored by ae).
ipfw: add UPDATING note and modify __FreeBSD_version
Mar 3 2025, 7:01 PM
ae updated the diff for D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
  • Add example of comapt layer.
Mar 3 2025, 9:53 AM

Mar 2 2025

ae updated the diff for D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
  • Rebase
  • Document some features, also reduce the diff.
  • Fix skipto/call arguments parsing.
  • Fix mismerged reass/return opcodes
  • Fix ipfw32 opcode version for NAT44 opcodes.
  • ipfw: rework call action to drop packets on errors
Mar 2 2025, 11:45 AM
ae closed D48650: routing: do not allow PINNED routes to be overridden.
Mar 2 2025, 10:58 AM
ae committed rG361a8395f0b0: routing: do not allow PINNED routes to be overriden (authored by ae).
routing: do not allow PINNED routes to be overriden
Mar 2 2025, 10:58 AM

Feb 28 2025

ae added a comment to D49164: ipsec: add `net.inet.ipsec.random_id` .

It looks a bit confusing when you set net.inet.ipsec.random_id=1 and it does not work because default value of net.inet.random_id is 0.
It should be documented in ipsec(4).
Maybe just make ip_fillid_ex as ip_fillid_ex(struct ip *, bool do_randomid) and set net.inet.ipsec.random_id=0 by default?

Feb 28 2025, 2:35 PM
ae committed rGf2644d64b40f: routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH (authored by ae).
routing: set net.route.multipath=0 when kernel doesn't have ROUTE_MPATH
Feb 28 2025, 2:12 PM

Feb 21 2025

ae committed rG63422982e074: ipfw: make 'ipfw show' output compatible with 'ipfw add' command (authored by ae).
ipfw: make 'ipfw show' output compatible with 'ipfw add' command
Feb 21 2025, 11:20 AM
ae committed rGfd258b6dd15b: ipfw: make 'ipfw show' output compatible with 'ipfw add' command (authored by ae).
ipfw: make 'ipfw show' output compatible with 'ipfw add' command
Feb 21 2025, 11:18 AM

Feb 19 2025

ae added a comment to D49053: carp: Fix checking IPv4 multicast address.

> Do you think a IN_IS_ADDR_MULTICAST akin to IN6_IS_ADDR_MULTICAST is valuable ?

Feb 19 2025, 9:33 AM
ae accepted D49053: carp: Fix checking IPv4 multicast address.
Feb 19 2025, 8:58 AM

Feb 17 2025

ae committed rGff2588f2ac0a: ipfw: add missing initializer for 'limit' table value (authored by ae).
ipfw: add missing initializer for 'limit' table value
Feb 17 2025, 7:42 AM
ae committed rG09def8d654e7: ipfw: add missing initializer for 'limit' table value (authored by ae).
ipfw: add missing initializer for 'limit' table value
Feb 17 2025, 7:35 AM

Feb 11 2025

ae committed rG706a03f61bbb: ipfw: make 'ipfw show' output compatible with 'ipfw add' command (authored by ae).
ipfw: make 'ipfw show' output compatible with 'ipfw add' command
Feb 11 2025, 9:56 AM

Feb 10 2025

ae committed rG95ab7b3223c0: ipfw: add missing initializer for 'limit' table value (authored by ae).
ipfw: add missing initializer for 'limit' table value
Feb 10 2025, 8:02 AM

Feb 4 2025

ae accepted D45727: bpf: Detach descriptors on interface vmove event.
Feb 4 2025, 9:28 AM

Jan 24 2025

ae published D48650: routing: do not allow PINNED routes to be overridden for review.
Jan 24 2025, 9:09 AM

Jan 23 2025

ae added a comment to D47534: Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table..

Sigh, it looks like this commit broke the following test:

# create two interfaces
if1=$(ifconfig epair create)
if2=$(ifconfig epair create)
# assign IP addresses in the same subnet
ifconfig $if1 inet 192.0.2.1/24
ifconfig $if2 inet 192.0.2.2/24
# Verify that the route points to the first interface (fails, as $if2 was added last, it points to $if2)
netstat -r4n | grep 192.0.2.0/24
IMHO, we need to fix this behaviour. 
First PINNED route should have priority and second attempt to add the same route on $if2 should fail with EEXIST.
But then the test will fail, because after address deletion from $if1 there will not be any PINNED routes.
Jan 23 2025, 7:13 PM

Jan 21 2025

ae committed rGedc19f8d0fd0: netlink: restore the ability to delete PINNED routes (authored by ae).
netlink: restore the ability to delete PINNED routes
Jan 21 2025, 11:48 AM
ae committed rGe98f79cc71a3: ipfw: use only needed TCP flags for state tracking (authored by ae).
ipfw: use only needed TCP flags for state tracking
Jan 21 2025, 11:48 AM
ae committed rGe29ffd402d38: netlink: restore the ability to delete PINNED routes (authored by ae).
netlink: restore the ability to delete PINNED routes
Jan 21 2025, 11:39 AM
ae committed rG7dc48056c87b: ipfw: use only needed TCP flags for state tracking (authored by ae).
ipfw: use only needed TCP flags for state tracking
Jan 21 2025, 11:37 AM

Jan 11 2025

ae closed D46301: netlink/route: make route deletion behavior match route(4) socket.
Jan 11 2025, 8:40 AM
ae committed rG3ce003c8b615: netlink: restore the ability to delete PINNED routes (authored by ae).
netlink: restore the ability to delete PINNED routes
Jan 11 2025, 8:40 AM

Dec 24 2024

ae added a comment to D48163: ip: Defer checks for an unspecified dstaddr until after pfil hooks.

I don't quite follow - why is the source address necessarily unspecified? The modified check is looking only at the destination address. An unspecified source address can arise in practice, e.g., DHCP clients will generate such packets.

Dec 24 2024, 9:05 AM

Dec 23 2024

ae added a comment to D48163: ip: Defer checks for an unspecified dstaddr until after pfil hooks.

I guess the concern is that a firewall redirect might turn a packet to 0.0.0.0 into a valid packet?

Dec 23 2024, 10:10 AM

Dec 13 2024

ae accepted D48069: ip_fw: address lock order reversal.

I didn't test the patch, so if it is works for you I have no objection. :-)

Dec 13 2024, 5:33 PM
ae added a comment to D48069: ip_fw: address lock order reversal.

I think this patch should do what you need.

Dec 13 2024, 1:16 PM
ae requested changes to D48069: ip_fw: address lock order reversal.
Dec 13 2024, 12:17 PM

Dec 12 2024

ae committed rG9ea8d692f4cb: ipfw: use only needed TCP flags for state tracking (authored by ae).
ipfw: use only needed TCP flags for state tracking
Dec 12 2024, 1:07 PM

Dec 11 2024

ae accepted D48020: inpcb: Close some SO_REUSEPORT_LB races.
Dec 11 2024, 12:08 PM

Dec 4 2024

ae accepted D47590: inpcb: Factor out parts of in6_pcbbind() and in_pcbbind_setup().
Dec 4 2024, 9:02 AM

Dec 3 2024

ae added a comment to D47585: tests: routing: Add address with same prefix present.

IMHO when we already have an interface route, we should fail on trying to add the same route on different interface. And I think this should fail even before adding route, when an IP address will be configured.
If you want to test the case that was fixed in D47534 you need to add some static route, then configure interface route that will replace this static route, because interface route has higher priority.

Dec 3 2024, 3:53 PM
ae added a comment to D46301: netlink/route: make route deletion behavior match route(4) socket.

I just tested these commands from PR:

ifconfig tun0 create
ifconfig tun0 10.10.10.10 20.20.20.20
route -n delete -host 20.20.20.20 -interface tun0

with this patch:

--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -1010,8 +1010,9 @@ rtnl_handle_delroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
                return (EINVAL);
        }
Dec 3 2024, 2:10 PM
ae added a comment to D46301: netlink/route: make route deletion behavior match route(4) socket.
(attrs.rta_rtflags & RTF_PINNED) ? RTM_F_FORCE : 0
Dec 3 2024, 1:37 PM
ae added a comment to D46301: netlink/route: make route deletion behavior match route(4) socket.

I don't like the idea that you can easily remove PINNED route, but it seems it always worked before.
However as I see, route(8) should pass RTF_PINNED flag to netlink via attrs.rta_rtflags. At least we should reduce use of RTM_F_FORCE only for case when RTF_PINNED was sent from userland.

Dec 3 2024, 12:19 PM

Dec 2 2024

ae committed rG447a1e6914fa: ipfw: fix order of memcpy arguments. (authored by ae).
ipfw: fix order of memcpy arguments.
Dec 2 2024, 10:38 AM
ae committed rG628e76a986b9: ipsec: fix IPv6 over IPv4 tunneling. (authored by ae).
ipsec: fix IPv6 over IPv4 tunneling.
Dec 2 2024, 10:25 AM
ae committed rGa731e69eebc3: ipfw: fix order of memcpy arguments. (authored by ae).
ipfw: fix order of memcpy arguments.
Dec 2 2024, 10:24 AM
ae committed rGff1aec7ccb54: ipfw: do not reset fwmark when one_pass is disabled. (authored by ae).
ipfw: do not reset fwmark when one_pass is disabled.
Dec 2 2024, 9:44 AM

Nov 26 2024

ae added reviewers for D47709: ice(4): allow to turn off/on tx lldp filter: kgalazka, jeffrey.e.pieper_intel.com.
Nov 26 2024, 12:32 PM

Nov 25 2024

ae committed rGc94d6389e428: ipsec: fix IPv6 over IPv4 tunneling. (authored by ae).
ipsec: fix IPv6 over IPv4 tunneling.
Nov 25 2024, 5:51 PM

Nov 23 2024

ae committed rGe012d79c9c73: ipfw: fix order of memcpy arguments. (authored by ae).
ipfw: fix order of memcpy arguments.
Nov 23 2024, 12:58 PM
ae retitled D47709: ice(4): allow to turn off/on tx lldp filter from ice(4): allow to turn off/on for tx lldp filter to ice(4): allow to turn off/on tx lldp filter.
Nov 23 2024, 11:27 AM
ae published D47709: ice(4): allow to turn off/on tx lldp filter for review.
Nov 23 2024, 11:16 AM

Nov 13 2024

ae accepted D47534: Fix failure to add an interface prefix route when route with the same prefix is already presented in the routing table..
Nov 13 2024, 7:50 AM

Sep 26 2024

ae added a comment to D45727: bpf: Detach descriptors on interface vmove event.

You probably can directly call similar to bpf_ifdetach() function from if_vmove(). It is called from ioctl context, so you can make detaching synchronously.

Sep 26 2024, 2:40 PM

Sep 25 2024

ae accepted D46770: if_enc(4): Make enc_add_hhooks() never fail.
Sep 25 2024, 11:01 AM

Sep 5 2024

ae accepted D46529: if_ovpn: ensure it's safe to modify the mbuf.
Sep 5 2024, 7:57 AM

Sep 4 2024

ae added a comment to D46529: if_ovpn: ensure it's safe to modify the mbuf.

Probably for network related code ENOBUFS is better than ENOMEM.

Sep 4 2024, 1:41 PM
ae added a comment to D46525: ifconfig: Add an allmulti verb.

I think you need to modify IFF_CANTCHANGE in sys/net/if.h

Sep 4 2024, 10:39 AM
ae added inline comments to D46524: ifnet: Add handling for toggling IFF_ALLMULTI in ifhwioctl().
Sep 4 2024, 10:33 AM

Aug 1 2024

ae updated the diff for D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
  • Document some features, also reduce the diff.
  • Fix bug in mac:radix table: lookup addr doesn't work due to wrong args order in memcpy
Aug 1 2024, 10:56 AM

Jul 30 2024

ae updated the summary of D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
Jul 30 2024, 1:13 PM
ae updated the diff for D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
  • Document some features, also reduce the diff.
Jul 30 2024, 12:09 PM
ae updated the summary of D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers.
Jul 30 2024, 9:55 AM
ae added a reviewer for D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers: network.
Jul 30 2024, 9:47 AM
ae published D46183: [ipfw] Migrate ipfw to 32-bit size rule numbers for review.
Jul 30 2024, 9:07 AM

Jul 3 2024

ae added a comment to D45854: if_gif(4): Support the IFF_LINK0 flag to change the MTU handling for IPv6.

Maybe it would be better implement such feature via named flag, like ignore_source is implemented? Also if_gre(4) has the same problem.

Jul 3 2024, 10:35 AM
ae added a comment to D45762: if_enc: pullup for ip header if m_len == 0.

I think you should had not abandon this revision. enc(4) creates suboptimal packets, and this should be improved. Hence I suggested to use __predict_false() in the pf(4) review.

Jul 3 2024, 10:27 AM

Jul 2 2024

ae added inline comments to D44219: ipsec_accel: kernel infrastructure.
Jul 2 2024, 11:41 AM

Jun 28 2024

ae added a comment to D45762: if_enc: pullup for ip header if m_len == 0.

I think it is firewall problem when it can not handle some unexpected data. Pfil hook expects that mbus has M_PKTHDR and m->m_pkthdr.len in this case should not be 0, even when m_len is 0. Thus, I think if doesn't work properly, it should be fixed in firewall.

Jun 28 2024, 9:17 AM

May 20 2024

ae requested changes to D44223: ipsec_output(): add outcoming ifp argument.
May 20 2024, 1:08 PM

Mar 5 2024

ae added a comment to D44204: ip6_output: Reduce cache misses on pktopts.

Probably you can simplify some similar checks in in6_src.c too, e.g. IP6PO_VALID_PKTINFO and IP6PO_VALID_NHINFO. Not sure how it impacts your cache misses measurements.

Mar 5 2024, 7:05 AM

Feb 26 2024

ae accepted D44079: ipsec esp: avoid dereferencing freed secasindex.
Feb 26 2024, 2:17 PM
ae accepted D44079: ipsec esp: avoid dereferencing freed secasindex.

Probably we should increase esps_notdb or esps_invalid counter here.

Feb 26 2024, 7:40 AM

Feb 19 2024

ae closed D43956: Add more buffers for ndp in rtsock mode.
Feb 19 2024, 7:54 AM
ae committed rG03cc3489a02d: ndp(8): increase buffer size in rtsock mode (authored by lytboris_gmail.com).
ndp(8): increase buffer size in rtsock mode
Feb 19 2024, 7:54 AM

Dec 15 2023

ae added a comment to D42988: inet6: Use IfAPI helper in in6_ifstat_inc.

I think https://reviews.freebsd.org/D32811, https://reviews.freebsd.org/D33064 also are related.

Dec 15 2023, 9:46 AM
ae added a comment to D42988: inet6: Use IfAPI helper in in6_ifstat_inc.

Do you plan to rework access to if_afdata? There are still several panics related to access to already freed if_afdata[AF_INET6].

Can you please assign those PRs to me? Or send links to information if there is no PR.

Dec 15 2023, 9:44 AM