♟ kp

if_ovpn: fix module load in NOINET6 kernels

pf: add 'allow-related' to always allow SCTP multihome extra connections

pf: verify SCTP v_tag before updating connection state

pf: verify that ABORT chunks are not mixed with DATA chunks

pf: add extra SCTP multihoming probe points

netinet: enter epoch in garp_rexmit()

pf: remove PFLOGIFS_MAX

pf: make reply-to work with nat64

pf: ignore/preserve ECN bits on ToS matching and scrubbing

pf: cope with route-to on af-to rules

pf: add a dedicated pf pool for route options

pfctl: allow an implicit address family for af-to rules

carp: don't unintentionally revert to multicast mode

pf: check rather than assert pool type

pfctl: improve NAT pool handling

pfctl: follow rpool -> rdr rename

pf: fix IPv6 route lookup for nat64

pf: avoid use-after-free on reassembly

netinet tests: basic garp test

netinet: enter epoch in garp_rexmit()

netinet: virtualize net.link.ether.inet.garp_rexmit_count

pf: allow ICMP messages related to an SCTP state to pass

pf tests: reproduce use-after-free in fragment reassembly

dummymbuf: add 'enlarge'

pf: clean up mbuf passing for reassembly

pf: verify SCTP v_tag before updating connection state

pf: add 'allow-related' to always allow SCTP multihome extra connections

pf: verify that ABORT chunks are not mixed with DATA chunks

pf tests: check cleared time when zeroing stats for table addresses

In D48477#1106107, @glebius wrote:

Note for @kp . Even without this change there is a lot of bad copy & paste in libpfctl and lack of result checking. The change is not expected to break anything beyond current level of brokenness. Once we accept this revision, and maybe a couple future ones, I promise to do a sweep over libpfctl. It is too early to do it now, since I might find more potential malloc failures not propagated to API user as well as general API pitfalls.

libpfctl: use snl_f_p_empty instead of declaring own empty array

pf: add extra SCTP multihoming probe points

pf: minor fixes for pf_walk_header6()

pf: reset index if it's outside the table

pf: pass struct pf_pdesc to pf_walk_option6() and pf_walk_header6()

pf: do not keep state when dropping overlapping IPv6 fragments

pf.conf.5: fix description for tcp.opening timeout

pfctl: convert an snprintf to strlcpy

pf: drop IPv6 packets built from overlapping fragments in pf reassembly

pf.conf.5: make "self" a bit more visible

pf: remove pf_remove_fragment()

pf: simplify state key setup

pf improve the icmp direction check

pfctl: unbreak rule optimizer

pf: fixup af-to regression with match rules

pfctl: pfctl_set_hostid always returns 0

pf: convert DIOCRCLRTABLES to netlink

umtx: handle allocation failire in umtx_pi_alloc()

pf: allow ICMP messages related to an SCTP state to pass

That looks good. Nice little tidy-up.

pf tests: check cleared time when zeroing stats for table addresses

pf: fix double free in pf_state_key_attach()

if_ovpn: improve reconnect handling

pf: fix double free in pf_state_key_attach()

pf: initialise addresses in pf_get_transaddr_af()

pf: deduplicate IPPROTO_ICMPV6 and IPPROTO_ICMP handling

pf: sprinkle const over function arguments

pf: remove impossible condition

I assume you're not entirely serious about the 'Sponsored by:' line?
I'm happy to credit any organisation for your work, but um .. it raises questions?

pf: Set cleared time when zeroing stats for table addresses

pf: fix potential NULL dereference in SCTP multihome handling

pfctl: add -T `reset` to touch pfras_tzero only for non-zero entries

pf: fix potential NULL dereference in SCTP multihome handling

pfctl: add -T `reset` to touch pfras_tzero only for non-zero entries

net/libpfctl: update main version

if_ovpn: improve reconnect handling

pf: fix double free in pf_state_key_attach()

pf: SCTP abort messages fully close the connection

pf tests: test dummynet on nat64 rules

pf: teach nat64 to handle 0 UDP checksums

pf: give the correct address family to dummynet after nat64

pf: fix dummynet + route-to for IPv6

pf tests: test using an address range inside a table for nat64

pf tests: test address range as nat64 from address

pfctl: do not allow af-to tables without round-robin

pf tests: test not having an IPv4 address to nat64 to

pf tests: validate ToS translation with nat64

pf: preserve TOS with nat64

pf tests: check packet reassembly with nat64

pf: handle fragmentation for nat64

pf: update pd->tot_len after reassembly

kp (Kristof Provost)
Troubleshooter

Projects (6)
View All

User Details

Recent Activity
View All

Thu, Jan 30

Mon, Jan 27

Fri, Jan 24

Thu, Jan 23

Mon, Jan 20

Sat, Jan 18

Fri, Jan 17

Thu, Jan 16

Wed, Jan 15

Tue, Jan 14

Sun, Jan 12

Sun, Jan 5

Sat, Jan 4

Fri, Jan 3

Jan 2 2025

Dec 30 2024

Dec 29 2024

Dec 27 2024

Dec 24 2024

Dec 21 2024

Dec 20 2024

Dec 18 2024

Dec 17 2024

kp (Kristof Provost)Troubleshooter

Projects (6)View All

User Details

Recent ActivityView All

Thu, Jan 30

Mon, Jan 27

Fri, Jan 24

Thu, Jan 23

Mon, Jan 20

Sat, Jan 18

Fri, Jan 17

Thu, Jan 16

Wed, Jan 15

Tue, Jan 14

Sun, Jan 12

Sun, Jan 5

Sat, Jan 4

Fri, Jan 3

Jan 2 2025

Dec 30 2024

Dec 29 2024

Dec 27 2024

Dec 24 2024

Dec 21 2024

Dec 20 2024

Dec 18 2024

Dec 17 2024

kp (Kristof Provost)
Troubleshooter

Projects (6)
View All

Recent Activity
View All