User Details
User Details
- User Since
- Sep 28 2014, 7:22 PM (594 w, 4 d)
Yesterday
Yesterday
kp committed rG4d0186cd12a7: libpfctl: Sort order of snl attribute parser (authored by eborisch_gmail.com).
libpfctl: Sort order of snl attribute parser
pf tests: verify blocked count on log interface
(Not tested, but that just seems sensible.)
Wed, Feb 18
Wed, Feb 18
pf: avoid NULL deref on purged states
Tue, Feb 17
Tue, Feb 17
pf: fix use of uninitialised variable
Mon, Feb 16
Mon, Feb 16
pf: convert DIOCRTSTADDRS to netlink
Thu, Feb 12
Thu, Feb 12
kp committed rG363b57d579ba: libpfctl: Sort order of snl attribute parser (authored by eborisch_gmail.com).
libpfctl: Sort order of snl attribute parser
pf tests: verify blocked count on log interface
libpfctl: verify all parsers
pf: fix pcounters array size
Tue, Feb 10
Tue, Feb 10
pf: remove unused variable from pf_test_ctx
Mon, Feb 9
Mon, Feb 9
net/libpfctl: add 14.4 version
Tue, Feb 3
Tue, Feb 3
pf: fix use of uninitialised variable
Wed, Jan 28
Wed, Jan 28
if_ovpn: add interface counters
pfctl: allow new page character (^L) in pf.conf
if_ovpn: add interface counters
pfctl: allow new page character (^L) in pf.conf
Tue, Jan 27
Tue, Jan 27
Sat, Jan 24
Sat, Jan 24
Fri, Jan 23
Fri, Jan 23
Jan 20 2026
Jan 20 2026
pf: fix min-ttl and set-tos for nat64
Jan 19 2026
Jan 19 2026
kp committed rG2e0e45a516b9: pfctl(8): change default limiter action from no-match to block (authored by kp).
pfctl(8): change default limiter action from no-match to block
Jan 15 2026
Jan 15 2026
if_ovpn: add interface counters
Jan 14 2026
Jan 14 2026
pfctl: allow new page character (^L) in pf.conf
kp added a comment to D54695: pf: tests: Introduce wait_for_process().
I'm not sure this is sufficient. It is still possible for tcpdump to have started, but not gotten to the point of actually opening the pflog device.
pf: remove unused function
pf tests: test block/no-match limiters
kp committed rGe28dfd6b5557: pfctl: make the source limiter output match the input (authored by kp).
pfctl: make the source limiter output match the input
pf: configurable action on limiter exceeded
kp committed rG1ee4405a00d7: pf: avoid a shadowed variable in the pf_create_state() source limiter handling (authored by kp).
pf: avoid a shadowed variable in the pf_create_state() source limiter handling
kp committed rG393243a38d74: pfctl: ifa_load() in pfctl_parser.c may attempt to read beyond the buffer. (authored by kp).
pfctl: ifa_load() in pfctl_parser.c may attempt to read beyond the buffer.
pf.conf.5: s/State Limiter/&s/ in .Ss
pfctl: distinguish broadcast and PPP peer addresses
pf: state/source limiter finishing touches
pf: remove redundant range checks
pf.conf.5: spelling
pf tests: basic state limiters test case
pf tests: extend the source limiter test
pf tests: basic source limiters test case
pf tests: state limiter rate test
pfctl tests: basic source and state limiter tests
pfctl.8: mention -k source -k <IP>
pfctl: improve limiters printing
pfctl: resolve '-s' ambiguity
pf: convert state limiter interface to netlink
pf: introduce source and state limiters
Jan 10 2026
Jan 10 2026
pf: don't reject route-to'd too-large packets
Jan 8 2026
Jan 8 2026
pf: handle nlattr_add_nested() failure
pf: remove redundant zeroing
Jan 6 2026
Jan 6 2026
Jan 3 2026
Jan 3 2026
kp added a comment to D54382: MFC sys/netinet6: Implement RFC 7217 (private stable addresses).
Jan 2 2026
Jan 2 2026
pf: sprinkle const over pf_addr_cmp()
Dec 30 2025
Dec 30 2025
pfctl: remove duplicate "va" entry
pf tests: avoid cleanup failures on skipped tests
pf: convert DIOCRCLRASTATS to netlink
pf: move DIOCRCLRASTATS into libpfctl
kp committed rG190c1f3d9326: pfctl: allow network programs select DSCP_VA for network ToS (authored by kp).
pfctl: allow network programs select DSCP_VA for network ToS
Dec 29 2025
Dec 29 2025
pf: handle TTL expired during nat64
Dec 26 2025
Dec 26 2025
kp committed rGeaa424e3bde8: snmp_pf: remove errno usage after pfctl_get_status_h change (authored by rootnode_freebsd_wollwage.com).
snmp_pf: remove errno usage after pfctl_get_status_h change
pf: don't reject route-to'd too-large packets
Dec 22 2025
Dec 22 2025
atf_python: support setting interface mtu
Dec 21 2025
Dec 21 2025
kp requested review of D54333: atf_python: support setting interface mtu.
pf: fix pcounters array size
kp committed rG823ebd7c4f89: libpfctl: export a get states variant that takes a pfctl_handle (authored by kp).
libpfctl: export a get states variant that takes a pfctl_handle
Dec 20 2025
Dec 20 2025
Dec 19 2025
Dec 19 2025
DIOCGETRULENV takes the write lock as well but I believe this is only
required when clearing rule counters. (It might not be required even
then, on platforms where counter increment is done atomically.) Acquire
the read lock if that is not the case.
Dec 18 2025
Dec 18 2025
snmp_pf: fix refresh
libpfctl: fix tstats address count
Dec 17 2025
Dec 17 2025
if_ovpn: use epoch to free peers
if_ovpn: use epoch to free peers
Dec 15 2025
Dec 15 2025
kp added inline comments to D54105: kyua: Add flaky metadata.
pf: fix min-ttl and set-tos for nat64
Dec 13 2025
Dec 13 2025
pfctl: report ICMP states consistently for IPv4/IPv6
Dec 11 2025
Dec 11 2025
kp added a comment to D54175: if_ovpn: fix memory leak in VNET.
I believe that was accidentally broken by 96b29c7f0cffd377a757ad8ccc0cdd8fcb96d0dd, which fixed the issue of jails being unable to go away while they still had ovpn interfaces in them. It fixed that, but also removed the VNET_SYSUNINIT that prevented this leak.
pf: handle TTL expired during nat64
pf: relax sctp v_tag verification
pf: relax sctp v_tag verification
libpfctl: improve error handling
pf: relax sctp v_tag verification
Dec 10 2025
Dec 10 2025
kp requested review of D54166: pf: handle TTL expired during nat64.
kp added a reviewer for D54163: pfsync: Avoid zeroing the state export union: vegeta_tuxpowered.net.
Dec 9 2025
Dec 9 2025
kp added a comment to D54148: netlink: Don't overwrite existing data in a linear buffer in snl_writer.
Ah, thanks. With the original patch reverted this applies and works as expected.
I'm not all that familiar with this code, but it works and I don't see any obvious problems (and it addresses the problem CHERI found, being that we used more than 'new_size' from 'new_base'.)
if_ovpn: use epoch to free peers
pfsync: fix incorrect unlock during destroy
pfctl: restore '-Tload -f pf.conf' functionality
pfsync: fix incorrect unlock during destroy
pfsync: fix incorrect unlock during destroy
kp added a comment to D54148: netlink: Don't overwrite existing data in a linear buffer in snl_writer.
What's this based on? It doesn't seem to want to apply to FreeBSD main (f9500e75791cf793904c80ca4a52433afd585a23).
Dec 8 2025
Dec 8 2025
Dec 5 2025
Dec 5 2025
snmp_pf: use the libpfctl wrapper to retrieve astats
pf: convert DIOCRGETASTATS to netlink
pfctl: move astats query into libpfctl