Page MenuHomeFreeBSD

franco_opnsense.org (Franco Fichtner)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 15 2015, 5:39 PM (470 w, 6 d)

Recent Activity

Wed, May 29

franco_opnsense.org updated the summary of D8877: pf|ipfw|netinet6?: shared IP forwarding.
Wed, May 29, 7:01 PM
franco_opnsense.org retitled D8877: pf|ipfw|netinet6?: shared IP forwarding from netinet[6]: KPI for opaque fwd_tag handling for PFIL consumers to pf|ipfw|netinet6?: shared IP forwarding.
Wed, May 29, 6:55 PM
franco_opnsense.org updated the diff for D8877: pf|ipfw|netinet6?: shared IP forwarding.

Update the downstream code and adapt for main

Wed, May 29, 6:51 PM

Tue, May 28

franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

In principle this only changes the user side setup (rc.conf), not the ports side. There is no direct ports consumer of this feature and it tries to hook into all services in order to automate configuration changes when service commands are dispatched.

Tue, May 28, 2:39 PM · rc
franco_opnsense.org closed D36259: rc: also run NAME_setup on NAME_reload.

Yes I just need to wrap up testing for the updated GH PR

Tue, May 28, 2:10 PM · rc
franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

This won't merge, I'm talking to @imp at https://github.com/freebsd/freebsd-src/pull/1258

Tue, May 28, 2:07 PM · rc

Sat, May 25

franco_opnsense.org abandoned D42717: dhclient: remove unused primary_address.
Sat, May 25, 6:18 AM

May 24 2024

franco_opnsense.org abandoned D41572: pf: fix failure to log correct action through default rule.

Maybe fixed, who knows ;)

May 24 2024, 4:08 PM

Mar 26 2024

franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

No takers? This has been in a half-working state in FreeBSD 14 for quite some time. :/

Mar 26 2024, 1:56 PM · rc

Dec 20 2023

franco_opnsense.org added a comment to D42485: libnetmap: change interface name character exclusion approach.

@vmaffione yes I am not a committer

Dec 20 2023, 9:50 AM

Dec 1 2023

franco_opnsense.org updated the summary of D42485: libnetmap: change interface name character exclusion approach.
Dec 1 2023, 7:36 AM
franco_opnsense.org updated the diff for D42485: libnetmap: change interface name character exclusion approach.
  • libnetmap: different approach as discussed on GitHub upstream
Dec 1 2023, 7:35 AM

Nov 22 2023

franco_opnsense.org updated the summary of D42717: dhclient: remove unused primary_address.
Nov 22 2023, 7:30 AM
franco_opnsense.org requested review of D42717: dhclient: remove unused primary_address.
Nov 22 2023, 7:29 AM

Nov 21 2023

franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

Maybe to add to that: the main motivation was a user-side precmd type hook support since the precmd is hard or impossible to overwrite (being used in the rc scripts defined by the ports) and name_setup=path/to/file seemed to be the easiest solution.

Nov 21 2023, 10:17 AM · rc
franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

Set up script variable:

Nov 21 2023, 10:14 AM · rc
franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

@oshogbo I've updated this again fixing a remaining issue with restart_precmd -- if you can find the time to review I'd appreciate it.

Nov 21 2023, 9:58 AM · rc
franco_opnsense.org updated the summary of D36259: rc: also run NAME_setup on NAME_reload.
Nov 21 2023, 9:57 AM · rc
franco_opnsense.org updated the diff for D36259: rc: also run NAME_setup on NAME_reload.

update to latest

Nov 21 2023, 9:53 AM · rc

Nov 8 2023

franco_opnsense.org added a comment to D42485: libnetmap: change interface name character exclusion approach.

Updated as requested and also pushed here for review https://github.com/luigirizzo/netmap/pull/940

Nov 8 2023, 8:53 AM
franco_opnsense.org updated the diff for D42485: libnetmap: change interface name character exclusion approach.
  • libnetmap: also add '{' and '}'
Nov 8 2023, 8:45 AM

Nov 6 2023

franco_opnsense.org updated the summary of D41572: pf: fix failure to log correct action through default rule.
Nov 6 2023, 8:47 PM
franco_opnsense.org updated the diff for D41572: pf: fix failure to log correct action through default rule.

switch to OpenBSD approach

Nov 6 2023, 8:44 PM
franco_opnsense.org updated the summary of D42485: libnetmap: change interface name character exclusion approach.
Nov 6 2023, 8:40 PM
franco_opnsense.org added a reviewer for D42485: libnetmap: change interface name character exclusion approach: vmaffione.
Nov 6 2023, 8:39 PM
franco_opnsense.org requested review of D42485: libnetmap: change interface name character exclusion approach.
Nov 6 2023, 8:38 PM

Oct 19 2023

franco_opnsense.org added a comment to D41572: pf: fix failure to log correct action through default rule.

OpenBSD fix: https://github.com/openbsd/src/commit/7b8683a1743e7

Oct 19 2023, 8:15 AM

Oct 9 2023

franco_opnsense.org added inline comments to D42045: security/ca_root_nss: Use certctl instead of a symlink..
Oct 9 2023, 10:46 AM
franco_opnsense.org added a comment to D42039: ftp/curl: Always use the default trust store instead of ca_root_nss..

Why do we remove default option and all of its support in one go? Why not remove the default selection from the port and see what happens? What is the mechanism for curl to find the trust store now? How are users supposed to replace the previous behaviour if desired?

Oct 9 2023, 10:26 AM
franco_opnsense.org added a comment to D41517: Draft: pf: Switch pf_route() to PACKET_TAG_IPFORWARD tag.

A more complete version of this change is https://reviews.freebsd.org/D8877 which has been in OPNsense for many years. The most problems we have is not being in the FreeBSD tree and subtle breakage due to related changes in the netinet code. If anyone wants to review and commit I'm happy to update it, but I need a commitment and you will have mine. :)

Oct 9 2023, 6:51 AM

Sep 26 2023

franco_opnsense.org added a comment to D41572: pf: fix failure to log correct action through default rule.

@kp when you said "Supporting opnsense is your job, not mine. You don’t get to just throw bugs over the wall without doing any actual testing on freebsd."[1] I'm unsure if you really meant this or if you simply don't react because it's not important to you or FreeBSD?

Sep 26 2023, 5:47 AM

Aug 24 2023

franco_opnsense.org updated the diff for D41572: pf: fix failure to log correct action through default rule.

style update

Aug 24 2023, 9:39 AM
franco_opnsense.org added a reviewer for D41572: pf: fix failure to log correct action through default rule: kp.
Aug 24 2023, 9:35 AM
franco_opnsense.org requested review of D41572: pf: fix failure to log correct action through default rule.
Aug 24 2023, 9:34 AM

Jun 12 2023

franco_opnsense.org added a comment to D40442: wpa_supplicant: Enable receiving priority tagged (VID 0) frames.

For emphasis: I said for clarity it's beneficial to read the VLAN ID and at least show it. Doing it here assuming it's zero but giving no way to verify is simply risky.

Jun 12 2023, 7:16 PM · pfsense
franco_opnsense.org added a comment to D40442: wpa_supplicant: Enable receiving priority tagged (VID 0) frames.

For the print alone it's beneficial to read the VLAN ID and show it. The way it is now it just pushes the maintenance cost to a future point/individual if the PCAP implementation doesn't do what is assumed here (and not even correctly documented as a comment).

Jun 12 2023, 7:09 PM · pfsense
franco_opnsense.org added inline comments to D40442: wpa_supplicant: Enable receiving priority tagged (VID 0) frames.
Jun 12 2023, 2:29 PM · pfsense

Jun 7 2023

franco_opnsense.org abandoned D40465: test for phabircator.
Jun 7 2023, 2:09 PM
franco_opnsense.org updated the diff for D40465: test for phabircator.

sorry

Jun 7 2023, 2:07 PM
franco_opnsense.org updated the diff for D40465: test for phabircator.

a small update

Jun 7 2023, 2:07 PM
franco_opnsense.org requested review of D40465: test for phabircator.
Jun 7 2023, 2:03 PM

Apr 20 2023

franco_opnsense.org added a comment to D39689: if: store original ifname.

Yes, 1:1 alias name assignment would be desirable and sidestep constraints with interface name length for descriptive interfaces (QinQ is too much actually) as well as avoid renaming interfaces when a VLAN ID changes for example. Just change alias and done (possibly with more character support).

Apr 20 2023, 9:39 AM
franco_opnsense.org added a comment to D39689: if: store original ifname.

Sure. The only thing actually used in if_mib in base is exactly this IFDATA_DRIVERNAME functionality. It is undocumented (and wrong for tunap/epair/soem other devices). I'm going to deprecate the module by providing this missing piece of functionality via Netlink ( D39659 ).

Apr 20 2023, 9:33 AM
franco_opnsense.org added a comment to D39689: if: store original ifname.

I wonder why adding a new field is needed when IFDATA_DRIVERNAME via if_dname/if_dunit exists? It's also exposed via libifconfig but sadly not via ifconfig command. I only noticed recently by looking at ifinfo command which we use in OPNsense because it provides better interface overview than ifconfig, but is not built in the base system.

Apr 20 2023, 6:48 AM

Apr 5 2023

franco_opnsense.org added a comment to D39426: netmap: Handle packet batches in generic mode.

Could this be the same as https://reviews.freebsd.org/D38065#875109 eventually resulting in:

Apr 5 2023, 7:57 PM

Mar 29 2023

franco_opnsense.org added a comment to D39015: tuntap: Add netmap support for both tap(4) and tun(4) interfaces.

The use case: a number of VPN software solutions like OpenVPN use this driver so the idea was to be able to grab traffic off of the interface before encryption/after decryption. It looks like tun may not be worth the effort, but it could work for tap mode without further constraints?

Mar 29 2023, 6:09 AM

Feb 9 2023

franco_opnsense.org added a comment to D38065: netmap: Fix queue stalls on generic interfaces.

Can I ask what kind of tests you performed? I guess you have set sysctl dev.netmap.admode=2 (see netmap(4)) and tried on a vtnet0 interface.
If not done yet, could you please perform some tests on an em0 interface (e.g. emulated by qemu or bhyve)?

Feb 9 2023, 7:15 AM

Jan 19 2023

franco_opnsense.org added a comment to D38066: bridge: Add support for emulated netmap mode.

For this to make sense from the user perspective attaching to a bridge should capture all packets associated with the bridge as e.g. seen by bpf (although here for now bpf might be circumvented). The reason for that is we don't want to modify user programs and restart and instead simply reconfigure bridge device akin to how lagg netmap works now.

Jan 19 2023, 8:39 AM

Dec 14 2022

franco_opnsense.org added a comment to D36259: rc: also run NAME_setup on NAME_reload.

@oshogbo I've updated the documentation and also described the caveats with the current implementation of restart_precmd which is pretty dangerous when not using restart_cmd ... but running the setup there prior to running it again during start seems silly just to pass a potential failure of restart_precmd. A number of ports seem to be using this override but a "proper" config file should be present if we assume that start was ran successfully first?

Dec 14 2022, 10:47 AM · rc
franco_opnsense.org updated the diff for D36259: rc: also run NAME_setup on NAME_reload.
  • update documentation on internals and caveats
Dec 14 2022, 10:40 AM · rc

Oct 18 2022

franco_opnsense.org updated the diff for D36259: rc: also run NAME_setup on NAME_reload.

merge issue

Oct 18 2022, 11:43 AM · rc
franco_opnsense.org updated the diff for D36259: rc: also run NAME_setup on NAME_reload.

change setup/precmd order so when precmd checks config file it won't fail

Oct 18 2022, 11:35 AM · rc

Oct 10 2022

franco_opnsense.org added a comment to D34449: Allow em(4) to particpate in auto-negotiation for fixed 100b or 10b configuration.

I don't have any intention to debug this as I don't have a setup at hand that causes this. It should, however, be considered to revert the commit before 13.2 or 14.0 is released with it for the sole purpose of fixing a theoretical issue vs. breaking existing setups.

Oct 10 2022, 8:05 AM

Oct 5 2022

franco_opnsense.org added a comment to D34449: Allow em(4) to particpate in auto-negotiation for fixed 100b or 10b configuration.

From what we can tell if the other end prohibits auto-negotiation forcing a particular media setting the NIC ends up in "no carrier" status with this patch, see https://www.reddit.com/r/opnsense/comments/xw4oiz/comment/ir4mxb0/?utm_source=reddit&utm_medium=web2x&context=3 and https://forum.opnsense.org/index.php?topic=30274

Oct 5 2022, 10:03 AM

Sep 1 2022

franco_opnsense.org updated the diff for D36259: rc: also run NAME_setup on NAME_reload.

rc: extend NAME_setup, redefining commands escapes all structure

Sep 1 2022, 6:40 AM · rc

Aug 19 2022

franco_opnsense.org added reviewers for D36259: rc: also run NAME_setup on NAME_reload: oshogbo, 0mp.
Aug 19 2022, 6:25 AM · rc
franco_opnsense.org requested review of D36259: rc: also run NAME_setup on NAME_reload.
Aug 19 2022, 6:24 AM · rc

Aug 17 2022

franco_opnsense.org added a comment to D36210: rc: add a manual entry for ${name}_setup.

I reverted the change in question although I don't agree with the rationale. NAME_prepend remains a fragile construct, not being used in visible code in ports/src and prepending command(s) would imply that either ";" or "&&" is being used by default to separate the argument, which the user will not know because the documentation is not complete or the concept involved is not well-designed.

Aug 17 2022, 2:09 PM · rc
franco_opnsense.org updated the diff for D36210: rc: add a manual entry for ${name}_setup.
  • revert prepend wording
Aug 17 2022, 2:06 PM · rc

Aug 16 2022

franco_opnsense.org added a reviewer for D36210: rc: add a manual entry for ${name}_setup: oshogbo.
Aug 16 2022, 8:11 AM · rc
franco_opnsense.org closed D36006: rc: add ${name}_setup script support.
Aug 16 2022, 8:10 AM · rc
franco_opnsense.org requested review of D36210: rc: add a manual entry for ${name}_setup.
Aug 16 2022, 8:10 AM · rc

Aug 8 2022

franco_opnsense.org added a comment to D35429: pf: stop resolving hosts as dns that use ":" modifier.

Updated revision to address requirement to only skip known modifiers. Minimal code change, but more convoluted with the cont pointer being passed down additionally.

Aug 8 2022, 10:10 AM
franco_opnsense.org updated the diff for D35429: pf: stop resolving hosts as dns that use ":" modifier.
  • Revert "pf: stop resolving hosts as dns that use ":" modifier"
  • pfctl: stop resolving hosts as DNS that use internal ":" modifiers
Aug 8 2022, 10:06 AM

Aug 5 2022

franco_opnsense.org requested review of D36050: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.
Aug 5 2022, 11:41 AM

Aug 2 2022

franco_opnsense.org added a comment to D36006: rc: add ${name}_setup script support.

@oshogbo I don't have the means to commit so if you would pick that up when you have some time that'd be highly appreciated

Aug 2 2022, 6:43 AM · rc

Aug 1 2022

franco_opnsense.org added a reviewer for D36006: rc: add ${name}_setup script support: oshogbo.
Aug 1 2022, 9:38 AM · rc
franco_opnsense.org requested review of D36006: rc: add ${name}_setup script support.
Aug 1 2022, 9:36 AM · rc

Jun 10 2022

franco_opnsense.org abandoned D35430: netinet6: prevent a crash on empty ifp.

D35117 looks reasonable, let me abandon this then :)

Jun 10 2022, 9:06 AM
franco_opnsense.org added a comment to D35430: netinet6: prevent a crash on empty ifp.

I don't have a crash core and this only happened once on a customer device in FreeBSD 12.

Jun 10 2022, 7:49 AM

Jun 8 2022

franco_opnsense.org added a comment to D35429: pf: stop resolving hosts as dns that use ":" modifier.

Something like "ovpnc0:network" is hardly a domain name as one user noted seeing these pop up and chasing it to lookups in pfctl. host_if() implements these special markers and we could argue that pfctl-specific markers have priority and shouldn't be handled elsewhere.

Jun 8 2022, 4:34 PM
franco_opnsense.org added a comment to D34393: debugnet: remove spurious message on boot.

Since I don't have a commit bit... anyone willing to commit this? Thanks in advance.

Jun 8 2022, 12:42 PM
franco_opnsense.org updated the summary of D35430: netinet6: prevent a crash on empty ifp.
Jun 8 2022, 12:08 PM
franco_opnsense.org requested review of D35430: netinet6: prevent a crash on empty ifp.
Jun 8 2022, 12:03 PM
franco_opnsense.org requested review of D35429: pf: stop resolving hosts as dns that use ":" modifier.
Jun 8 2022, 7:14 AM

Jun 2 2022

franco_opnsense.org updated the test plan for D35385: pf: still one leak in here so switch all to M_NVLIST.
Jun 2 2022, 12:58 PM
franco_opnsense.org requested review of D35385: pf: still one leak in here so switch all to M_NVLIST.
Jun 2 2022, 12:54 PM

May 12 2022

franco_opnsense.org accepted D35178: Add end to end tests for dhclient.

LGTM, thanks!

May 12 2022, 6:26 AM

Feb 28 2022

franco_opnsense.org updated the diff for D34393: debugnet: remove spurious message on boot.

update as mentioned

Feb 28 2022, 6:32 PM
franco_opnsense.org abandoned D34397: debugnet: remove spurious message on boot.

created new review instead of update

Feb 28 2022, 6:31 PM
franco_opnsense.org requested review of D34397: debugnet: remove spurious message on boot.
Feb 28 2022, 6:30 PM
franco_opnsense.org updated the summary of D34393: debugnet: remove spurious message on boot.
Feb 28 2022, 11:34 AM
franco_opnsense.org added a reviewer for D34393: debugnet: remove spurious message on boot: cem.
Feb 28 2022, 11:33 AM
franco_opnsense.org requested review of D34393: debugnet: remove spurious message on boot.
Feb 28 2022, 11:33 AM

Feb 21 2022

franco_opnsense.org added inline comments to D34329: stand: add EFI support for mmio serial consoles.
Feb 21 2022, 4:49 PM
franco_opnsense.org added inline comments to D34329: stand: add EFI support for mmio serial consoles.
Feb 21 2022, 3:59 PM
franco_opnsense.org added a reviewer for D34329: stand: add EFI support for mmio serial consoles: imp.
Feb 21 2022, 2:02 PM
franco_opnsense.org requested review of D34329: stand: add EFI support for mmio serial consoles.
Feb 21 2022, 2:01 PM

Feb 14 2022

franco_opnsense.org added a comment to D31515: dhclient: support VID 0 (no vlan) decapsulation.

thanks a lot :)

Feb 14 2022, 7:21 PM
franco_opnsense.org added a comment to D31515: dhclient: support VID 0 (no vlan) decapsulation.

Sorry for the delay. I have no objections to the change and the implementation looks fine. I am a little wary of committing it without some wider approval: could I ask you to post a short note to freebsd-net@ linking this diff and soliciting opinions? If there are no objections after a week or so I will commit this.

Feb 14 2022, 11:16 AM
franco_opnsense.org added a reviewer for D34266: pf: fix set_prio after nv conversion: kp.
Feb 14 2022, 8:33 AM
franco_opnsense.org requested review of D34266: pf: fix set_prio after nv conversion.
Feb 14 2022, 8:32 AM

Jan 31 2022

franco_opnsense.org added a comment to D29075: Hyper-V: hn: Enable vSwitch RSC support in hn netvsc driver.

We have multiple reports that this causes throughput regressions when in use on 13-STABLE as opposed to 13.0-RELEASE where it is not present. We have had this commit reverted and speeds are back to normal for our OPNsense users. For more info see https://forum.opnsense.org/index.php?topic=26364.0

Jan 31 2022, 6:44 AM

Jan 27 2022

franco_opnsense.org abandoned D33432: dummynet: remove locks causing panics during callout.
Jan 27 2022, 11:13 AM
franco_opnsense.org added a comment to D34053: dummynet: use atomics to maintain pie_desc.ref_count.

fqpie_callout_cleanup() should exhibit the same issue

Jan 27 2022, 9:45 AM

Jan 4 2022

franco_opnsense.org added a comment to D33432: dummynet: remove locks causing panics during callout.
In D33432#755856, @kp wrote:

I was thinking the same at first but the locking introduced in https://cgit.freebsd.org/src/commit/sys/netpfil/ipfw/dn_aqm_pie.c?id=12be18c7d594 looks arbitrary and isn't anywhere else in those two files. It was added to "protect" the ref_count manipulation, but if you look at the other ref_count modification in that file these are also done without (obvious) locks.

Maybe these ref_count modifications should receive atomic updates without locks to avoid the locking overhead completely?

Perhaps, yes.

Although it looks like the ref_count is only read in unload_dn_aqm(), under the sched_mtx lock. That lock lives only in ip_dummynet.c, so I wonder if we shouldn't just move the updating of the reference count to dn_aqm_ref()/dn_aqm_unref() and protect it with the sched_mtx lock. That doesn't need vnet, so we don't have to worry about setting the context (because it's about a global setting, so using a vnet-ed lock is wrong anyway) and we actually clean the locking up a little.

Jan 4 2022, 9:23 AM

Dec 14 2021

franco_opnsense.org added a comment to D33432: dummynet: remove locks causing panics during callout.

I was thinking the same at first but the locking introduced in https://cgit.freebsd.org/src/commit/sys/netpfil/ipfw/dn_aqm_pie.c?id=12be18c7d594 looks arbitrary and isn't anywhere else in those two files. It was added to "protect" the ref_count manipulation, but if you look at the other ref_count modification in that file these are also done without (obvious) locks.

Dec 14 2021, 1:09 PM
franco_opnsense.org added a comment to D33432: dummynet: remove locks causing panics during callout.
In D33432#755816, @kp wrote:

Do you have a description on how to trigger this panic?

Dec 14 2021, 10:21 AM
franco_opnsense.org added a reviewer for D33429: dummynet: drop unused definitions: kp.
Dec 14 2021, 9:39 AM
franco_opnsense.org added a reviewer for D33432: dummynet: remove locks causing panics during callout: kp.
Dec 14 2021, 9:38 AM