♟ kp

pf tests: verify checksum offload handling

pf tests: add missing atf_test_case lines for nat tests

dummynet: SDT probe dropped packets

pf tests: give rules_counter:4G more time

pf tests: give inetd some time to start

pf tests: make syncookie:loopback more robust

pf.conf.5: 'address' is mandatory with route-to

pfctl: check if the anchor exists before we attempt to flush anything from it

pfctl: store correct ticket type

pf tests: fix intermittent mld test failures

atf_python: allow test scripts to pass jail options

pf: return PF_PASS/PF_DROP from pf_setup_pdesc()

pf: fix possibe SCTP panic

In D52852#1208672, @zlei wrote:

I've ever considered this approach, but this adds too many headaches. Well I'd propose to use vlxan(4) + bridge(4) + epair(4) if the underlay network is in different VNET.

For example, how can the admin change the tunnel parameters ( vni / vxlanlocal / vxlanremote / ports ) when the vxlan(4) interface is vmoved to another VNET ?

pf: return PF_PASS/PF_DROP from pf_setup_pdesc()

pf: fix possibe SCTP panic

sys/netinet6: fix memory corruption in in6_ifadd

netinet6 tests: accept an RA on an interface without /64 address

In D52852#1207545, @glebius wrote:

if_vmove bites again? I'm fine with adding more kludges around this problem as long as we all agree that eventually this thing needs to be removed and interfaces shall be fully destroyed and fully instantiated in a different jail.

pf: mark pf_match_translation() static

Revert "IfAPI: Added missing accessor for if_home_vnet"

libpfctl: fix memory leak in pfctl_get_status()

pf tests: fix intermittent mld test failures

atf_python: allow test scripts to pass jail options

IfAPI: Added missing accessor for if_home_vnet

I'm not qualified to review this in depth, but with the prerequisite patch included this works and is very, very useful.

I may be holding it wrong, but it still breaks for me:
It's a panic in vnet shutdown, so perhaps it's related to that:

pf: export expiration time as time_t

pfctl: refactor 'rule_numbers' variable

pf tests: basic 'once' test

pf tests: test once rule inside an anchor

pfctl: print once shot rule expiration time

pfctl: fix anchor handling for nat/rdr/binat anchors

pfctl.8/pf.conf.5: Improve "once" bits

pf: simplify expiration of 'once' rules.

pfctl: reduce duplicate code

pfctl: fix once rules

pf: print 'once' rule expire time

pfctl: deny "once" flags for match rules

pf.conf.5: Document a "once" filter option used to create one shot rules.

pfctl tests: basic 'once' rule test

pf: support one shot rules

pfctl: One shot rules can be used in pf.conf by specifying a "once" filter…

pf: fix rules_counter:keepcounters test

pf: pass pre-NAT addresses to dummynet

pf: check if a group has a kif before dereferencing it

pf: fix rules_counter:keepcounters test

pf.conf.5: rephrase macro section

pfctl.8: -z honours -a (reset rule stats per anchor)

pf: allows TCP RST packets in the backwards window if ACK matches

pf tests: test set limit

pf: set limits before rules

pf: Count m_gethdr() failures in PFRES_MEMORY counter

pfctl.8: omit preceding flag from command/modifier lists to get tags

pf tests: declare a table inside an anchor

pfctl: allow tables to be defined inside anchors

ifconfig: also fix removing IPv6 addresses without netlink

pf tests: verify rule numbers in pflog output

pfctl: remove prototypes with no matching function

pf: sync_ifp doesn't exist, remove externs

pfctl: ctime(3) and ctime_r(3) can fail when timestamps are way off.

pf tests: test fragment counters

pf: Show pf fragment reassembly counters.

pf.conf.5: hint how to set tcp timeout collectively

pfctl: add af-to and other missing action types in print_rule()

pfctl: fix anchortypes bounds test

pf.conf.5: document tcp.tsdiff

pf: fix possible pd->pcksum NULL deref

if_ovpn tests: skip float and linklocal test on < 2.7

ifconfig: also fix removing IPv6 addresses without netlink

pf tests: test state killing by source and destination address

pfctl: fix killing state by source and destination address

kp (Kristof Provost)
Troubleshooter

Projects (6)
View All

User Details

Recent Activity
View All

Yesterday

Sat, Oct 11

Fri, Oct 10

Tue, Oct 7

Mon, Oct 6

Sun, Oct 5

Sat, Oct 4

Thu, Oct 2

Wed, Oct 1

Tue, Sep 30

Mon, Sep 29

Sun, Sep 28

Sat, Sep 27

Thu, Sep 25

Wed, Sep 24

Fri, Sep 19

Thu, Sep 18

Wed, Sep 17

Mon, Sep 15

Sep 13 2025

Sep 12 2025

Sep 10 2025

kp (Kristof Provost)Troubleshooter

Projects (6)View All