- User Since
- Jun 15 2015, 5:39 PM (415 w, 6 d)
Apr 20 2023
Yes, 1:1 alias name assignment would be desirable and sidestep constraints with interface name length for descriptive interfaces (QinQ is too much actually) as well as avoid renaming interfaces when a VLAN ID changes for example. Just change alias and done (possibly with more character support).
I wonder why adding a new field is needed when IFDATA_DRIVERNAME via if_dname/if_dunit exists? It's also exposed via libifconfig but sadly not via ifconfig command. I only noticed recently by looking at ifinfo command which we use in OPNsense because it provides better interface overview than ifconfig, but is not built in the base system.
Apr 5 2023
Could this be the same as https://reviews.freebsd.org/D38065#875109 eventually resulting in:
Mar 29 2023
The use case: a number of VPN software solutions like OpenVPN use this driver so the idea was to be able to grab traffic off of the interface before encryption/after decryption. It looks like tun may not be worth the effort, but it could work for tap mode without further constraints?
Feb 9 2023
Jan 19 2023
For this to make sense from the user perspective attaching to a bridge should capture all packets associated with the bridge as e.g. seen by bpf (although here for now bpf might be circumvented). The reason for that is we don't want to modify user programs and restart and instead simply reconfigure bridge device akin to how lagg netmap works now.
Dec 14 2022
@oshogbo I've updated the documentation and also described the caveats with the current implementation of restart_precmd which is pretty dangerous when not using restart_cmd ... but running the setup there prior to running it again during start seems silly just to pass a potential failure of restart_precmd. A number of ports seem to be using this override but a "proper" config file should be present if we assume that start was ran successfully first?
- update documentation on internals and caveats
Oct 18 2022
change setup/precmd order so when precmd checks config file it won't fail
Oct 10 2022
I don't have any intention to debug this as I don't have a setup at hand that causes this. It should, however, be considered to revert the commit before 13.2 or 14.0 is released with it for the sole purpose of fixing a theoretical issue vs. breaking existing setups.
Oct 5 2022
From what we can tell if the other end prohibits auto-negotiation forcing a particular media setting the NIC ends up in "no carrier" status with this patch, see https://www.reddit.com/r/opnsense/comments/xw4oiz/comment/ir4mxb0/?utm_source=reddit&utm_medium=web2x&context=3 and https://forum.opnsense.org/index.php?topic=30274
Sep 1 2022
rc: extend NAME_setup, redefining commands escapes all structure
Aug 19 2022
Aug 17 2022
I reverted the change in question although I don't agree with the rationale. NAME_prepend remains a fragile construct, not being used in visible code in ports/src and prepending command(s) would imply that either ";" or "&&" is being used by default to separate the argument, which the user will not know because the documentation is not complete or the concept involved is not well-designed.
- revert prepend wording
Aug 16 2022
Aug 8 2022
Updated revision to address requirement to only skip known modifiers. Minimal code change, but more convoluted with the cont pointer being passed down additionally.
- Revert "pf: stop resolving hosts as dns that use ":" modifier"
- pfctl: stop resolving hosts as DNS that use internal ":" modifiers
Aug 5 2022
Aug 2 2022
@oshogbo I don't have the means to commit so if you would pick that up when you have some time that'd be highly appreciated
Aug 1 2022
Jun 10 2022
D35117 looks reasonable, let me abandon this then :)
I don't have a crash core and this only happened once on a customer device in FreeBSD 12.
Jun 8 2022
Something like "ovpnc0:network" is hardly a domain name as one user noted seeing these pop up and chasing it to lookups in pfctl. host_if() implements these special markers and we could argue that pfctl-specific markers have priority and shouldn't be handled elsewhere.
Since I don't have a commit bit... anyone willing to commit this? Thanks in advance.
Jun 2 2022
May 12 2022
Feb 28 2022
update as mentioned
created new review instead of update
Feb 21 2022
Feb 14 2022
thanks a lot :)
Jan 31 2022
We have multiple reports that this causes throughput regressions when in use on 13-STABLE as opposed to 13.0-RELEASE where it is not present. We have had this commit reverted and speeds are back to normal for our OPNsense users. For more info see https://forum.opnsense.org/index.php?topic=26364.0
Jan 27 2022
fqpie_callout_cleanup() should exhibit the same issue
Jan 4 2022
Dec 14 2021
I was thinking the same at first but the locking introduced in https://cgit.freebsd.org/src/commit/sys/netpfil/ipfw/dn_aqm_pie.c?id=12be18c7d594 looks arbitrary and isn't anywhere else in those two files. It was added to "protect" the ref_count manipulation, but if you look at the other ref_count modification in that file these are also done without (obvious) locks.
Dec 10 2021
Nov 18 2021
Just as a comment: With all these ties to RSS defines I'm not sure where that leaves the RSS feature with regard to its multiple hardware/software use cases but there's no point in blocking this with no visible consumers. I'll make sure to give this a test once it hits main.
Oct 28 2021
Sep 27 2021
Thanks for the find! Looks reasonable to bring in. I will try to get more test coverage from our users, though feedback was low on this particular hang ;(
Sep 15 2021
Added motivation for checking for untagged priority to the filter program comments.
add comment about need to test for VID 0 presence
Sep 14 2021
Not sure about omitting the match on a NAT rule, but doing it inside the log code was definitely wrong.
void REASON_SET by directly passing PFRES_MATCH
Sep 8 2021
But to be fair both rules are matching accounting-wise unless we assume that only "pass" can account for "match".
Sep 2 2021
There is an older discussion about it here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224961
Aug 19 2021
- skip to end on vlanid != 0 and add comments
Aug 18 2021
Correct. Here is the test:
- lease declaration skip fixes
Use EVL_VLID_MASK as suggested
OpenBSD added the single htons() while adding write filter, but nowhere else. I suspect the fragmentation check is mostly correct so this doesn't matter in the real world.
constify filters and avoid static length variables
Appreciate the reviews :) Unfortunately I'm not a committer so is someone willing to help out? Thanks in advance.
Aug 17 2021
fixed partial length on tx
Another one refactored
Aug 16 2021
Aug 14 2021
That would be great, thanks!
Aug 13 2021
The only other script is the DNS script and it looks like -u already does append the sender address to that script's data.