Page MenuHomeFreeBSD

kp (Kristof Provost)
Troubleshooter

Projects (6)

User Details

User Since
Sep 28 2014, 7:22 PM (614 w, 3 d)

Recent Activity

Today

kp committed rG8a14fcd23a20: pf: fix a crash on sendfile() (authored by takahiro.kurosawa_gmail.com).
pf: fix a crash on sendfile()
Wed, Jul 8, 7:53 AM
kp committed rG2039fe8ea421: tests/sendfile_helper: support remote connection (authored by takahiro.kurosawa_gmail.com).
tests/sendfile_helper: support remote connection
Wed, Jul 8, 7:53 AM
kp committed rG6a5ba658dd48: tests/sendfile: move the helper program to common (authored by takahiro.kurosawa_gmail.com).
tests/sendfile: move the helper program to common
Wed, Jul 8, 7:53 AM
kp committed rGc38abd64dbc1: if_epair: support IFCAP_MEXTPG (authored by kp).
if_epair: support IFCAP_MEXTPG
Wed, Jul 8, 7:53 AM
kp closed D58021: pf: fix a crash on sendfile().
Wed, Jul 8, 7:53 AM
kp closed D58054: if_epair: support IFCAP_MEXTPG.
Wed, Jul 8, 7:52 AM
kp closed D58041: tests/sendfile_helper: support remote connection.
Wed, Jul 8, 7:52 AM
kp closed D58040: tests/sendfile: move the helper program to common.
Wed, Jul 8, 7:52 AM

Yesterday

kp committed rG3e3752ce73b7: if_bridge: Remove unused disable parameter in bridge_stop (authored by acesp25).
if_bridge: Remove unused disable parameter in bridge_stop
Tue, Jul 7, 1:24 PM
kp accepted D58021: pf: fix a crash on sendfile().

I'll give Gleb a few more days to take another look and then I'll commit the entire series.
Thanks for the fix!

Tue, Jul 7, 8:53 AM
kp accepted D58040: tests/sendfile: move the helper program to common.
Tue, Jul 7, 8:49 AM

Mon, Jul 6

kp added inline comments to D58021: pf: fix a crash on sendfile().
Mon, Jul 6, 2:06 PM
kp requested review of D58054: if_epair: support IFCAP_MEXTPG.
Mon, Jul 6, 2:05 PM
kp added inline comments to D58021: pf: fix a crash on sendfile().
Mon, Jul 6, 12:07 PM
kp added inline comments to D58021: pf: fix a crash on sendfile().
Mon, Jul 6, 12:06 PM
kp added inline comments to D58021: pf: fix a crash on sendfile().
Mon, Jul 6, 9:23 AM
kp added inline comments to D58021: pf: fix a crash on sendfile().
Mon, Jul 6, 7:40 AM

Sun, Jul 5

kp committed rGfa50691ecf87: libsysdecode: decode PF Generic Netlink commands (authored by iagrawal9990_gmail.com).
libsysdecode: decode PF Generic Netlink commands
Sun, Jul 5, 2:17 PM
kp committed rGc268c80fc3d5: libsysdecode: cache Generic Netlink family IDs (authored by iagrawal9990_gmail.com).
libsysdecode: cache Generic Netlink family IDs
Sun, Jul 5, 2:16 PM
kp committed rG8a1576dc26b9: truss: track Netlink socket protocols (authored by iagrawal9990_gmail.com).
truss: track Netlink socket protocols
Sun, Jul 5, 2:16 PM
kp committed rG80586e853674: libsysdecode: decode Generic Netlink controller messages (authored by iagrawal9990_gmail.com).
libsysdecode: decode Generic Netlink controller messages
Sun, Jul 5, 2:16 PM

Fri, Jul 3

kp added inline comments to D58021: pf: fix a crash on sendfile().
Fri, Jul 3, 12:36 PM
kp added a comment to D58021: pf: fix a crash on sendfile().

That looks pretty good to me, but I'd like to give Gleb some time to look as well. He's a lot more familiar with unmapped buffers than I am.

Fri, Jul 3, 12:35 PM
kp committed rGc9d98c013486: netlink: add const variants of NLA iteration macros (authored by iagrawal9990_gmail.com).
netlink: add const variants of NLA iteration macros
Fri, Jul 3, 8:40 AM

Wed, Jul 1

kp accepted D57866: pf: revert netlink commands back to enum.
Wed, Jul 1, 12:25 PM

Tue, Jun 30

kp committed rGb8c6f5811b2a: pflog: run VNET_SYSUNINIT in SI_SUB_PROTO_FIREWALL (authored by kp).
pflog: run VNET_SYSUNINIT in SI_SUB_PROTO_FIREWALL
Tue, Jun 30, 1:58 PM

Sun, Jun 28

kp committed rGe4f3ab161a9e: pflog: create bpf tapping points without ifnet(9) (authored by kp).
pflog: create bpf tapping points without ifnet(9)
Sun, Jun 28, 2:31 PM
kp closed D57851: pflog: create bpf tapping points without ifnet(9).
Sun, Jun 28, 2:31 PM

Fri, Jun 26

kp committed rG9de06f27b140: libpfctl: fix memory leak (authored by kp).
libpfctl: fix memory leak
Fri, Jun 26, 11:02 PM
kp committed rGf95439f6c9d0: libpfctl: retrieve family id only once (authored by kp).
libpfctl: retrieve family id only once
Fri, Jun 26, 11:02 PM
kp added a comment to D57851: pflog: create bpf tapping points without ifnet(9).
In D57851#1327098, @kp wrote:

Do you happen to know of a way to get an interface (struct ifnet) without AF_INET6? I used to use pflog0 for this, and now clearly can't any more. (The test for PR 288263 does that.)
Ideally I'd like to not remove the test, but without such an interface there's no point to it.

The whole point of the change, that now (after pfsync0 de-ifnetting) you can assert that any interface has IPv6 context. Lots of checks for that in netinet6 go away.

Fri, Jun 26, 10:17 PM
kp updated the diff for D57851: pflog: create bpf tapping points without ifnet(9).

Remove epoch cleanup.
Update failing test case to use pfsync0 iso. pflog0 (for now).

Fri, Jun 26, 10:16 PM
kp updated the diff for D57851: pflog: create bpf tapping points without ifnet(9).

mtx -> sx

Fri, Jun 26, 5:59 PM
kp added a comment to D57851: pflog: create bpf tapping points without ifnet(9).

Do you happen to know of a way to get an interface (struct ifnet) without AF_INET6? I used to use pflog0 for this, and now clearly can't any more. (The test for PR 288263 does that.)
Ideally I'd like to not remove the test, but without such an interface there's no point to it.

Fri, Jun 26, 5:56 PM
kp accepted D57865: libsysdecode: parse enums.
Fri, Jun 26, 2:58 PM
kp accepted D57866: pf: revert netlink commands back to enum.
Fri, Jun 26, 1:43 PM
kp added inline comments to D57865: libsysdecode: parse enums.
Fri, Jun 26, 1:04 PM
kp updated the diff for D57851: pflog: create bpf tapping points without ifnet(9).
  • locking fixes
  • man page improvement
  • fix pflogd to not look for a network interface
  • have /etc/rc.d/pflogd create extra log devices if required
Fri, Jun 26, 12:40 PM
kp added a comment to D57851: pflog: create bpf tapping points without ifnet(9).

My only concern is racyness of sysctl vs sysctl. The node and proc are marked CTLFLAG_MPSAFE, so they can execute in parallel. bpf_attach() doesn't have protection against duplicates, so we will leak one.

Ah, yeah, that's an issue.
I could remove the MPSAFE, but we probably don't want to rely on Giant, so that's not great either.

Fri, Jun 26, 8:28 AM

Thu, Jun 25

kp committed rGefcc183f9b0d: pflog: remove unused argument from pflogattach() (authored by kp).
pflog: remove unused argument from pflogattach()
Thu, Jun 25, 7:35 PM
kp requested review of D57851: pflog: create bpf tapping points without ifnet(9).
Thu, Jun 25, 7:32 PM

Wed, Jun 24

kp committed rG6c744621c720: truss: add AF_NETLINK syscall argument decoding support (authored by Ishan Agrawal <iagrawal9990@gmail.com>).
truss: add AF_NETLINK syscall argument decoding support
Wed, Jun 24, 2:51 PM
kp committed rG4c932a4d45fb: netlink: decode netlink message flags symbolically (authored by Ishan Agrawal <iagrawal9990@gmail.com>).
netlink: decode netlink message flags symbolically
Wed, Jun 24, 12:17 PM

Tue, Jun 23

kp committed rGf4e2f07f0cbc: pfsync: remove invalid panic (authored by kp).
pfsync: remove invalid panic
Tue, Jun 23, 6:47 AM
kp committed rG26a94ad8fb31: pfsync: remove invalid panic (authored by kp).
pfsync: remove invalid panic
Tue, Jun 23, 6:47 AM

Mon, Jun 22

kp added a comment to D57737: libpfctl: reset the snl(3) arena per netlink transaction.

Oh, thank you somehow I have missed it.

Thanks!

Mon, Jun 22, 11:15 AM
kp added a comment to D57737: libpfctl: reset the snl(3) arena per netlink transaction.

Yes. that's indeed a bug, but I fixed it two weeks ago: https://cgit.freebsd.org/src/commit/?id=fcb31b57112425a4eb64241651a0206108105298

Mon, Jun 22, 10:58 AM

Sat, Jun 20

kp accepted D57696: if_ovpn: Fix a lock leak in an error path.
Sat, Jun 20, 3:57 AM

Wed, Jun 17

kp abandoned D52851: vxlan: support VNET.
Wed, Jun 17, 7:59 PM
kp abandoned D52852: vxlan: support moving to a different vnet.
Wed, Jun 17, 7:58 PM
kp abandoned D52853: vxlan tests: move a vxlan interface into a jail.
Wed, Jun 17, 7:58 PM
kp accepted D57550: iflib: handle transient errors from isc_txd_encap().
Wed, Jun 17, 7:45 PM
kp committed rGe2903636a069: iflib: Fix mbufs leaked by 0 len packets emitted from the if driver (authored by linnemannr_gmail.com).
iflib: Fix mbufs leaked by 0 len packets emitted from the if driver
Wed, Jun 17, 7:31 PM
kp closed D57537: iflib: Fix mbufs leaked by 0 len packets emitted from the if driver.
Wed, Jun 17, 7:31 PM · network
kp added a comment to D57537: iflib: Fix mbufs leaked by 0 len packets emitted from the if driver.

@gallatin Do you want to commit this, or should I? (Reid doesn't have a bit, so someone else needs to.)

If you could push it, that would be great.

Will do.

Wed, Jun 17, 6:12 PM · network
kp added a comment to D57537: iflib: Fix mbufs leaked by 0 len packets emitted from the if driver.

It took me a while, but I think your patch is correct.

Wed, Jun 17, 4:54 PM · network

Tue, Jun 16

kp accepted D57608: pfctl: pfctl_get_astats() doesn't set errno.
Tue, Jun 16, 4:49 PM

Fri, Jun 12

kp committed rGfcb31b571124: libpfctl: fix memory leak (authored by kp).
libpfctl: fix memory leak
Fri, Jun 12, 11:54 AM
kp committed rG2a478dfc7f9c: libpfctl: retrieve family id only once (authored by kp).
libpfctl: retrieve family id only once
Fri, Jun 12, 11:54 AM

Thu, Jun 11

kp committed rGa9ebef44a473: pf: switch to getmicro(up)time() (authored by kp).
pf: switch to getmicro(up)time()
Thu, Jun 11, 8:29 PM

Wed, Jun 10

kp committed rGb0f75189f6cb: pfdenied: fix checking root anchor (authored by kp).
pfdenied: fix checking root anchor
Wed, Jun 10, 7:49 AM
kp committed rG4df539cc3864: pfdenied: fix checking root anchor (authored by kp).
pfdenied: fix checking root anchor
Wed, Jun 10, 7:49 AM

Jun 8 2026

kp committed rG035e87247f84: pfsync: remove invalid panic (authored by kp).
pfsync: remove invalid panic
Jun 8 2026, 9:08 AM

Jun 5 2026

kp accepted D57408: tests/pf/route_to: check_random: rely on test timeout to fail.
Jun 5 2026, 12:10 PM

Jun 3 2026

kp committed rG3d9cd10b2857: pfdenied: fix checking root anchor (authored by kp).
pfdenied: fix checking root anchor
Jun 3 2026, 1:16 PM
kp committed rG017690e50913: netpfil: add PF netlink command decoding support (authored by Ishan Agrawal <iagrawal9990@gmail.com>).
netpfil: add PF netlink command decoding support
Jun 3 2026, 1:16 PM

May 28 2026

kp committed rG45aaba521c3b: pf: fix incorrect table decoding in netlink (authored by kp).
pf: fix incorrect table decoding in netlink
May 28 2026, 11:38 AM

May 26 2026

kp committed rGfda33ae0a1ac: snmp_pf: fix refresh (authored by kp).
snmp_pf: fix refresh
May 26 2026, 9:07 AM
kp committed rGe0d4064bcae3: snmp_pf: fix refresh (authored by kp).
snmp_pf: fix refresh
May 26 2026, 9:01 AM

May 21 2026

kp committed rG64327f769cee: pf: fix incorrect table decoding in netlink (authored by kp).
pf: fix incorrect table decoding in netlink
May 21 2026, 9:20 PM
kp committed rGe4130ac13d2f: pf: switch to getmicro(up)time() (authored by kp).
pf: switch to getmicro(up)time()
May 21 2026, 9:20 PM

May 16 2026

kp committed rG9d0b771caa49: pfctl: relax interface name requirement (authored by kp).
pfctl: relax interface name requirement
May 16 2026, 4:45 PM
kp committed rGe5536b061033: pfctl: relax interface name requirement (authored by kp).
pfctl: relax interface name requirement
May 16 2026, 4:45 PM

May 12 2026

kp committed rG91d1c1c2b1e7: pfsync: reject invalid SCTP states (authored by kp).
pfsync: reject invalid SCTP states
May 12 2026, 4:46 PM
kp committed rG8d583858e499: pfsync: reject invalid SCTP states (authored by kp).
pfsync: reject invalid SCTP states
May 12 2026, 4:45 PM

May 9 2026

kp committed rGfab9bfc92751: pf: do not reject rules with colliding hashes (authored by kp).
pf: do not reject rules with colliding hashes
May 9 2026, 1:31 PM
kp committed rG0cd655f71b46: pf: do not reject rules with colliding hashes (authored by kp).
pf: do not reject rules with colliding hashes
May 9 2026, 1:31 PM

May 7 2026

kp committed rG4e7c1ff95a51: pfctl: relax interface name requirement (authored by kp).
pfctl: relax interface name requirement
May 7 2026, 4:24 PM
kp committed rG726ff260ecfa: pfctl: optionally print the rule in the state overview (authored by kp).
pfctl: optionally print the rule in the state overview
May 7 2026, 4:24 PM

May 5 2026

kp committed rGc24b1d9359b8: pfctl: handle errors from PFNL_CMD_GETSTATES (authored by kp).
pfctl: handle errors from PFNL_CMD_GETSTATES
May 5 2026, 9:26 PM
kp committed rGa0e4c65f1814: pf: do not reject rules with colliding hashes (authored by kp).
pf: do not reject rules with colliding hashes
May 5 2026, 9:26 PM
kp closed D56745: pf: do not reject rules with colliding hashes.
May 5 2026, 9:26 PM
kp committed rG730fb48f1387: pf: improve ASCONF chunk validation (authored by kp).
pf: improve ASCONF chunk validation
May 5 2026, 4:26 PM
kp committed rG9fe189c79a81: pf: improve ASCONF chunk validation (authored by kp).
pf: improve ASCONF chunk validation
May 5 2026, 4:26 PM
kp accepted D56778: if_vlan: Use the exclusive lock everywhere.
May 5 2026, 9:12 AM
kp committed rGbf6d00afdb61: pfsync: reject invalid SCTP states (authored by kp).
pfsync: reject invalid SCTP states
May 5 2026, 8:35 AM

May 1 2026

kp committed R11:a1f2cc4491c3: net/libpfctl: add 15.1, remove 13.5 (authored by kp).
net/libpfctl: add 15.1, remove 13.5
May 1 2026, 9:13 PM

Apr 30 2026

kp requested review of D56745: pf: do not reject rules with colliding hashes.
Apr 30 2026, 11:44 AM

Apr 29 2026

kp committed rGbf1529d83918: netlink: fix LINT-NOVIMAGE build (authored by kp).
netlink: fix LINT-NOVIMAGE build
Apr 29 2026, 7:58 AM

Apr 28 2026

kp committed rG47c12f20bf58: pf: only allow a subset of netlink calls when securelevel is set (authored by kp).
pf: only allow a subset of netlink calls when securelevel is set
Apr 28 2026, 4:05 PM
kp committed rGff141ea17cb7: pf: do not allow flags to be changed with securelevel set (authored by kp).
pf: do not allow flags to be changed with securelevel set
Apr 28 2026, 4:05 PM
kp committed rGafbda5806304: pf: do not allow flags to be changed with securelevel set (authored by kp).
pf: do not allow flags to be changed with securelevel set
Apr 28 2026, 4:05 PM
kp committed rGbea1c2fcd783: pf: improve ASCONF chunk validation (authored by kp).
pf: improve ASCONF chunk validation
Apr 28 2026, 1:31 PM

Apr 26 2026

kp committed rGfdcc60f52841: pf: fix duplicate rule detection for automatic tables (authored by kp).
pf: fix duplicate rule detection for automatic tables
Apr 26 2026, 10:13 AM
kp committed rG4fc1503f8617: pf: fix duplicate rule detection for automatic tables (authored by kp).
pf: fix duplicate rule detection for automatic tables
Apr 26 2026, 10:13 AM

Apr 25 2026

kp committed rG4001613878fe: pfsync: rename unused variable (authored by kp).
pfsync: rename unused variable
Apr 25 2026, 12:48 PM
kp added inline comments to D56564: offload: Compute and insert checksums as late as possible.
Apr 25 2026, 12:32 PM

Apr 23 2026

kp committed rGfb8383527517: pf: fix duplicate rule detection for automatic tables (authored by kp).
pf: fix duplicate rule detection for automatic tables
Apr 23 2026, 11:47 AM
kp accepted D56559: pf: Document broadcast/multicast forwarding through route-to.

I suppose we could spell the example rules like this too:
block out quick on $wan from any to { 255.255.255.255, ($wan:broadcast), 224.0.0.0/4, ff00::/8 } received-on any
but they're fine as they are. They result in the same rules in the kernel anyway.

Apr 23 2026, 9:00 AM · pfsense
kp committed rG3103d39cd99f: netlink: fix LINT-NOVIMAGE build (authored by kp).
netlink: fix LINT-NOVIMAGE build
Apr 23 2026, 7:38 AM