Page MenuHomeFreeBSD

franco_opnsense.org (Franco Fichtner)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 15 2015, 5:39 PM (217 w, 5 d)

Recent Activity

Oct 24 2018

franco_opnsense.org accepted D17633: pf: Make ':0' ignore link-local v6 addresses too.
Oct 24 2018, 5:34 AM

Oct 22 2018

franco_opnsense.org accepted D17646: net/intel-{ix,em}-kmod: freeze PORTREVISION and PORTEPOCH.

@skozlov feel free to take maintainership of net/intel-em-kmod and thanks for working on these modules! :)

Oct 22 2018, 11:31 AM · Intel Networking

Oct 21 2018

franco_opnsense.org requested changes to D17633: pf: Make ':0' ignore link-local v6 addresses too.

"if:0" and "(if:0)" have separate implementations. the one for "if:0" is missing, see ifa_lookup() in sbin/pfctl/pfctl_parser.c

Oct 21 2018, 4:16 PM

Oct 12 2018

franco_opnsense.org accepted D17533: net/intel-ixl-kmod: Remove -Werror from CFLAGS.
Oct 12 2018, 2:41 PM · Intel Networking

Oct 7 2018

franco_opnsense.org accepted D17440: net/intel-em-kmod: Update to 7.7.4, enable netmap on 11.

Looks good, thanks!

Oct 7 2018, 1:07 PM · Intel Networking

Jul 23 2018

franco_opnsense.org accepted D16366: Update security/suricata to 4.0.5.

We all invest time so thank you for the offer. Yes, I am OK with that.

Jul 23 2018, 2:58 PM
franco_opnsense.org added a comment to D16366: Update security/suricata to 4.0.5.

I do not wish to acknowledge the advertising in the commit message.

Jul 23 2018, 2:47 PM
franco_opnsense.org added a comment to D16366: Update security/suricata to 4.0.5.

I'm sorry, I'm playing by the rules that FreeBSD imposes on its external contributors.

Jul 23 2018, 2:34 PM
franco_opnsense.org added a comment to D16366: Update security/suricata to 4.0.5.

There's a PR here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229904

Jul 23 2018, 2:18 PM

Feb 13 2018

franco_opnsense.org added a comment to D9270: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE.

Any news on this? :)

Feb 13 2018, 4:36 PM

Jan 31 2018

franco_opnsense.org added a comment to D13825: Rename php-xdebug to pecl-xdebug.

Seeing this after migration...

Jan 31 2018, 8:07 AM

Aug 29 2017

franco_opnsense.org accepted D9270: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE.

this one is stable, thank you @ale

Aug 29 2017, 3:44 PM

Aug 22 2017

franco_opnsense.org added a comment to D9270: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE.

No, I'm not asking for support that would take a few weeks of ping pong in a bug tracker, if any. This is real world feedback for this review. Take it or leave it. :)

Aug 22 2017, 8:18 AM
franco_opnsense.org added a comment to D9270: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE.

Thanks, but we've narrowed it down to this commit.

Aug 22 2017, 8:09 AM
franco_opnsense.org added a comment to D9270: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE.

We do seem to have a persistent problem with this patch in some PPPoE environments that will cause a crash in ng_pppoe_rcvdata_ether():

Aug 22 2017, 4:39 AM

Jul 13 2017

franco_opnsense.org accepted D11139: security/suricata: Add REDIS option.

Nevermind, now it displays correctly. Please commit. :)

Jul 13 2017, 3:44 PM
franco_opnsense.org added a comment to D11139: security/suricata: Add REDIS option.

can you rebase this patch? it looks off with the update to 3.2.2 and no OPTIONS_DEFINE like it was already applied

Jul 13 2017, 3:43 PM

Jun 16 2017

franco_opnsense.org added a comment to D11139: security/suricata: Add REDIS option.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220025
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220026

Jun 16 2017, 5:09 AM
franco_opnsense.org added a comment to D11139: security/suricata: Add REDIS option.

So FWIW I stand by the approval of the previous version that does not use REDIS_CONFIGURE_ENABLE.

Jun 16 2017, 4:50 AM

Jun 14 2017

franco_opnsense.org added inline comments to D11139: security/suricata: Add REDIS option.
Jun 14 2017, 4:49 AM

Jun 13 2017

franco_opnsense.org requested changes to D11139: security/suricata: Add REDIS option.
Jun 13 2017, 10:01 AM

Jun 12 2017

franco_opnsense.org added inline comments to D11139: security/suricata: Add REDIS option.
Jun 12 2017, 12:27 PM
franco_opnsense.org added inline comments to D11139: security/suricata: Add REDIS option.
Jun 12 2017, 12:01 PM
franco_opnsense.org accepted D11139: security/suricata: Add REDIS option.
Jun 12 2017, 4:36 AM

Jun 11 2017

franco_opnsense.org added a comment to D11139: security/suricata: Add REDIS option.

looks good, will accept after typo fix :)

Jun 11 2017, 8:42 AM

Apr 9 2017

franco_opnsense.org added inline comments to D10327: Implement basic flavors.
Apr 9 2017, 4:07 PM
franco_opnsense.org added inline comments to D10327: Implement basic flavors.
Apr 9 2017, 3:52 PM
franco_opnsense.org added inline comments to D10327: Implement basic flavors.
Apr 9 2017, 3:36 PM
franco_opnsense.org added inline comments to D10327: Implement basic flavors.
Apr 9 2017, 3:25 PM
franco_opnsense.org added inline comments to D10327: Implement basic flavors.
Apr 9 2017, 3:16 PM

Jan 2 2017

franco_opnsense.org added a reviewer for D8299: Convert igb(4), em(4) and lem(4) to iflib: franco_opnsense.org.
Jan 2 2017, 4:30 PM

Dec 26 2016

franco_opnsense.org updated the diff for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
  • correctly build against GENERIC
Dec 26 2016, 10:21 AM

Dec 22 2016

franco_opnsense.org added a comment to D8813: OpenVPN 2.4 preview.

I've updated the TUNNELBLICK patch to work with 2.4, it was just a clash with the new code formatting. Looks good so far, runtime test is pending.

Dec 22 2016, 7:39 AM

Dec 21 2016

franco_opnsense.org added inline comments to D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
Dec 21 2016, 2:41 PM
franco_opnsense.org updated the diff for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
  • omit empty reads for ip[6]_get_fwdtag
  • error out safely on failure
Dec 21 2016, 2:39 PM
franco_opnsense.org added inline comments to D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
Dec 21 2016, 2:05 PM
franco_opnsense.org updated the diff for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
  • use else if
Dec 21 2016, 1:58 PM
franco_opnsense.org added inline comments to D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
Dec 21 2016, 1:54 PM
franco_opnsense.org updated the diff for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
  • complete conversion
Dec 21 2016, 1:47 PM
franco_opnsense.org updated the diff for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
  • requested changes
Dec 21 2016, 12:06 PM
franco_opnsense.org added a reviewer for D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers: ae.
Dec 21 2016, 8:34 AM
franco_opnsense.org retitled D8877: netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers from to netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers.
Dec 21 2016, 8:33 AM

Dec 20 2016

franco_opnsense.org added a comment to D8840: Very simplistic and minimal initial version of flavors.

I've answered in the mail thread, but asking here specifically again: why not make it even simpler?

Dec 20 2016, 8:45 AM

Nov 14 2016

franco_opnsense.org abandoned D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

Closing for a fresh start on this with a KBI suggested by @ae

Nov 14 2016, 2:13 PM

Nov 9 2016

franco_opnsense.org added a comment to D7386: devel/hyperscan: Install shared library, Modernize.

I'm not doubting these changes, I just saw that enabling hyperscan for suricata is problematic for non SSE3 archs and there's no way around this :/

Nov 9 2016, 8:56 AM
franco_opnsense.org added a comment to D7386: devel/hyperscan: Install shared library, Modernize.

From what we can tell, especially the "illegal instruction trouble" (see below), we need a suricata-hs package that adds hyperscan without tainting the original package and make the new one amd64 only.

Nov 9 2016, 6:42 AM

Nov 8 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

Still looking for actionable advice. Thanks in advance.

Nov 8 2016, 3:19 PM

Nov 2 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

Where are we on this? Within the scope of this specific code up for review: what else should be done?

Nov 2 2016, 6:15 PM

Oct 24 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

There's two things here:

Oct 24 2016, 5:12 AM

Oct 23 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

@eri This is *not* about dummynet at all. This patch doesn't even cover anything other than making PACKET_TAG_IPFORWARD usable from a non-ipfw perspective, one could also call it "universally reusable".

Oct 23 2016, 10:17 AM

Oct 21 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

Almost, because ip[6]_output also skips the pending pfil hooks in the direction :/

Oct 21 2016, 4:15 PM
franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

Maybe to elaborate just a bit more:

Oct 21 2016, 3:56 PM
franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

I'm not sure I understand.

Oct 21 2016, 3:39 PM
franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

I've only adhered to the Phabricator wiki guideline "Please make sure that your changeset does one thing (and one thing only) so that the review process goes smoothly. Small and self-contained changes are much easier to review!".

Oct 21 2016, 5:21 AM

Oct 17 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

@eri Asking for feedback.

Oct 17 2016, 4:51 AM

Oct 10 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

@eri I'm kindly requesting the required input :)

Oct 10 2016, 7:49 AM

Oct 6 2016

franco_opnsense.org updated D8165: pf: port extended DSCP support from OpenBSD.
Oct 6 2016, 3:49 PM
franco_opnsense.org retitled D8165: pf: port extended DSCP support from OpenBSD from to pf: port extended DSCP support from OpenBSD.
Oct 6 2016, 3:40 PM

Oct 1 2016

franco_opnsense.org added a comment to D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.

@eri which change are you requesting?

Oct 1 2016, 8:29 PM
franco_opnsense.org updated D8109: ipfw: prepare ipfw for cooperation inside the pfil hook.
Oct 1 2016, 10:29 AM
franco_opnsense.org retitled D8109: ipfw: prepare ipfw for cooperation inside the pfil hook from to ipfw: prepare ipfw for cooperation inside the pfil hook.
Oct 1 2016, 10:24 AM
franco_opnsense.org retitled D8108: rtsold: lower log level of spurious message from to rtsold: lower log level of spurious message.
Oct 1 2016, 9:50 AM
franco_opnsense.org updated the diff for D8058: pf: remove fastroute tag.
  • pf: keep fastroute compat stubs, don't break ABI
Oct 1 2016, 9:47 AM

Sep 28 2016

franco_opnsense.org retitled D8058: pf: remove fastroute tag from to pf: remove fastroute tag.
Sep 28 2016, 11:33 AM

Mar 20 2016

franco_opnsense.org added a comment to D3855: Properly drain callouts in the IPFW subsystem.

Ok, I'll open a bug report for the MFC.

Mar 20 2016, 5:22 PM
franco_opnsense.org added a comment to D3855: Properly drain callouts in the IPFW subsystem.

I just hit this and noticed it was never MFC'd. Can this be pushed to STABLE?

Mar 20 2016, 9:24 AM

Jul 3 2015

franco_opnsense.org added a comment to D2978: Make passwd and group write operations sync.

Thanks! Are there any plans to MFC this to stable/10 as well?

Jul 3 2015, 6:20 AM

Jun 15 2015

franco_opnsense.org added a comment to D2828: ARP request proper locking handling.

It's highly likely that LLE_EXCLUSIVE is always set since la_preempt is being modified. The other code branch of arpresolve() calling arprequest() is modifying/unlocking la in the same way. Cheers for tracking this down.

Jun 15 2015, 9:03 PM