User Details
User Details
- User Since
- Sep 28 2014, 7:22 PM (554 w, 4 d)
Wed, May 14
Wed, May 14
We don't follow MISRA-C, but style(9) does also require this, so the change should be made anyway.
Tue, May 13
Tue, May 13
It'll want an entry in UPDATING too. I have no strong views about doing this in this commit or a subsequent one.
Fri, May 9
Fri, May 9
pf tests: test killing states by key
kp committed rGf5f71f729a5f: pfctl: don't require port numbers when killing by key (authored by kp).
pfctl: don't require port numbers when killing by key
pfctl: support killing states by key
kp committed rG138e34cffe3e: pfctl: rather than printing the wrong function name, dont print it at all (authored by kp).
pfctl: rather than printing the wrong function name, dont print it at all
pf.conf.5: "hosts" is optional
pfctl: clean up TAILQ use in symset()/symget()
kp committed rG94db776fa234: pf: use __func__ rather than hardcoded function names (authored by kp).
pf: use __func__ rather than hardcoded function names
pf: be more strict about IPv6 fragments
Thu, May 8
Thu, May 8
aft_python: fix incorrect ndp use
kp committed rG1f8b1a3fac5f: authpf: use libpfctl to add or remove addresses to/from a table (authored by kp).
authpf: use libpfctl to add or remove addresses to/from a table
pf: fix dealing with 0 limits
pf: fix incorrect list use in pflow_jail_remove()
pf: convert DIOCRCLRADDRS to netlink
kp committed rG681a04dbda0e: pf tests: verify we accept exactly one hop-by-hop header (authored by kp).
pf tests: verify we accept exactly one hop-by-hop header
kp committed rG3bb82353b528: pf: reject hop-by-hop if it's not the first extension header (authored by kp).
pf: reject hop-by-hop if it's not the first extension header
pf: use pd->m in pf_route() and pf_route6()
libpfct: remove incorrect __unused annotation
pf: add missing braces
Mon, May 5
Mon, May 5
Sat, May 3
Sat, May 3
kp committed rG4f642f569b47: pfctl: match broadcast address behaviour to the kernel (authored by kp).
pfctl: match broadcast address behaviour to the kernel
pf tests: verify that we send an ack challenge
kp committed rG9485d2228660: pf: send a challenge ACK for SYN's matching existing states (authored by kp).
pf: send a challenge ACK for SYN's matching existing states
Fri, May 2
Fri, May 2
net/libpfctl: add 14.3 version
Thu, May 1
Thu, May 1
kp committed rG4e3a6fe0134e: Make sure the memory region definitions are zeroed before use. (authored by loos).
Make sure the memory region definitions are zeroed before use.
kp committed rGd2c2d6d6b09e: igmp: apply net.inet.igmp.default_version to existing interfaces (authored by Olivier BLANC <etihwo@outlook.com>).
igmp: apply net.inet.igmp.default_version to existing interfaces
kp committed rG720fabb36f15: netinet tests: ensure we send IGMPv2 messages if net.inet.igmp.default_version=2 (authored by kp).
netinet tests: ensure we send IGMPv2 messages if net.inet.igmp.default_version=2
Wed, Apr 30
Wed, Apr 30
kp added a comment to D50083: Make sure the memory region definitions are zeroed before use..
(Work by Luiz Souza <luiz@netgate.com>)
kp requested review of D50083: Make sure the memory region definitions are zeroed before use..
Tue, Apr 29
Tue, Apr 29
kp requested review of D50071: igmp: apply net.inet.igmp.default_version to existing interfaces.
kp abandoned D49221: pf: Add modern NAT syntax.
Mon, Apr 28
Mon, Apr 28
kp accepted D49221: pf: Add modern NAT syntax.
LGTM. Ship it!
Approved. Commit it before I import more patches and force you to rebase again ;)
Thu, Apr 24
Thu, Apr 24
kp added a comment to D49995: bridge: allow IP addresses on members to be disabled.
https://docs.freebsd.org/en/books/handbook/advanced-networking/
"If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces."
I'm very happy to see this work, not so much for the performance improvement (although we're not going to say no to that!), but because users keep getting caught out when they assign addresses to bridge member interfaces. That breaks multicast, for example, which is bad for IPv4 and catastrophic for IPv6. This has been documented for a long time, but users keep doing it anyway. Making it impossible will save a lot of frustration.
Wed, Apr 23
Wed, Apr 23
kp added a comment to D49221: pf: Add modern NAT syntax.
Oh, and I'd prefix the title with 'pf:' rather than 'pfctl:', because it includes kernel changes as well as pfctl changes.
kp added a comment to D49221: pf: Add modern NAT syntax.
I think we're about ready to have users try to break this.
Please fix the man page typo and date, and then it's approved to commit.
kp committed rGfa6330030b93: pf: move pf_change_icmp_af() call for TCP/UDP in ICMP (authored by kp).
pf: move pf_change_icmp_af() call for TCP/UDP in ICMP
pf.conf.5: improve af-to example
kp committed rGfe0807ad3368: pf.conf.5: make it clearer that log options require () (authored by kp).
pf.conf.5: make it clearer that log options require ()
kp committed rG17ed12dc476d: pf: push 'field changed' guards into 'change field' functions (authored by kp).
pf: push 'field changed' guards into 'change field' functions
pf: deduplicate code
Mon, Apr 21
Mon, Apr 21
kp committed rG461b79d8ee58: pfctl: also remove incorrect counter print for rule anchors (authored by kp).
pfctl: also remove incorrect counter print for rule anchors
pfctl: fix crash on "pfctl -a '*' -vvsr"
pf: explicitly NULL state key pointers
pf: don't use state keys after pf_state_insert()
pf: improve pf_state_key_attach() error handling
kp committed rG5b182c68c0f5: pfctl: also remove incorrect counter print for rule anchors (authored by kp).
pfctl: also remove incorrect counter print for rule anchors
pfctl: fix crash on "pfctl -a '*' -vvsr"
pf: don't use state keys after pf_state_insert()
pf: improve pf_state_key_attach() error handling
pf: explicitly NULL state key pointers
pf: add extra unhandled_af() assertions
pf: use struct pf_pdesc for pf_change_ap()
pf: pull icmp-nested headers into struct pf_pdesc
pf: fix ICMP pcksum pointers
kp added a comment to D49936: link_addr: only accept '.' and ':' as separators.
in this case ifconfig(8) defaults to the 'link' address family instead of the 'inet' address family.
Fri, Apr 18
Fri, Apr 18
Wed, Apr 16
Wed, Apr 16
kp committed rG435e9214478c: pf: remove _unaligned from pf_patch_(16|32)_unaligned() (authored by kp).
pf: remove _unaligned from pf_patch_(16|32)_unaligned()
pf: simplify pf_patch* arguments
pf: remove unused macros
kp committed rG3f39713e4e34: pf: log reused states in addition to failed state insertions (authored by kp).
pf: log reused states in addition to failed state insertions
pf: allow pf_get_sport() to work on in rules
pf tests: test includes inside anchors
pfctl: allow include in inline anchors
pf: Don't convert arc4random() to host byte order
pfctl: Remove NULL-checks before free(). ok tb@
kp committed rGcfdc4f6d0647: pf: g/c unneeded af (address family) params to pf_change_ap (authored by kp).
pf: g/c unneeded af (address family) params to pf_change_ap
pfctl: fix recursive printing of NAT rules
pfctl: fix recursive printing of NAT rules
Apr 15 2025
Apr 15 2025
sys/net: add DOT1Q_VID_{MIN,MAX}
sys/net: add a new ether_vlanid_t type
kp committed rG0fc3c29fb3dd: pfctl: also remove incorrect counter print for rule anchors (authored by kp).
pfctl: also remove incorrect counter print for rule anchors
pf: add SDT on REASON_SET()
pf: pass struct pf_pdesc to pf_change_ap()
kp committed rG9c68e37d96b9: pf: share reason between pf_test() and pf_test_rule() (authored by kp).
pf: share reason between pf_test() and pf_test_rule()
if_ovpn: fix use-after-free of mbuf
pfctl: fix crash on "pfctl -a '*' -vvsr"
Apr 12 2025
Apr 12 2025
kp added inline comments to D28530: Widen ifnet_detach_sxlock coverage.
Apr 10 2025
Apr 10 2025
bridge: define VLANTAGOF correctly
net/if_bridgevar.h: add include guard
pf: fix pf_ioctl_add_addr() validation
Apr 9 2025
Apr 9 2025
pf: rename pf_unlink_state() to pf_remove_state()
pf.conf.5: remove incorrect performance comparison
pf.conf.5: improve indentation in list block.
kp committed rG0a376f7e7e03: pfctl: route-to, dup-to, reply-to should not override the block action (authored by kp).
pfctl: route-to, dup-to, reply-to should not override the block action
kp committed rGa4bd4e4b5632: pf tests: verify that we generate an ICMP6 packet too big error on route-to (authored by kp).
pf tests: verify that we generate an ICMP6 packet too big error on route-to
pf: emit ICMPv6 packet too big for route-to
kp committed rGf132e8b4c7d9: net tests: enable if_lagg_test:lacp_linkstate_destroy_stress (authored by K Rin <rin@sandb0x.tw>).
net tests: enable if_lagg_test:lacp_linkstate_destroy_stress
kp committed rG747483038e6f: netinet6 tests: fix typo in the test (authored by K Rin <rin@sandb0x.tw>).
netinet6 tests: fix typo in the test
kp committed rG8e7d333f9207: pf: added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ... (authored by kp).
pf: added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ...
pf: unused arguments at pf_normalize_tcp_init()