User Details
User Details
- User Since
- Sep 28 2014, 7:22 PM (561 w, 1 d)
Yesterday
Yesterday
kp committed rG5c0eb439cfad: pfctl: Move AF-specific mask logic from callers into set_ipmask() (authored by kp).
pfctl: Move AF-specific mask logic from callers into set_ipmask()
pfctl: Use error label in host_if()
pfctl: Zap bits in host_v4(), use mask parameter
pfctl: Zap v4mask and v6mask in host()
pfctl: Simplify host()
pfctl: Use strtonum in host()
kp committed rG466ac79e47fe: pfctl: Move duplicate code into new helper print_addr_str() (authored by kp).
pfctl: Move duplicate code into new helper print_addr_str()
pfctl: Simplify getaddrinfo() error handling
wg: fix LINT-NOIP build
pfctl: Stop checking table commands for `create'
pfctl: simplify FOM_PRIO handling
pf: trade few 'goto unlock: for 'break' in pf_test()
pf: remove STATE_LOOKUP
kp committed rGe7be8e0026ad: pfctl: use __func__ rather than hardcoding function names for errors (authored by kp).
pfctl: use __func__ rather than hardcoding function names for errors
pf.conf.5: reflect the new state limit
kp committed rGe03181510de2: pfctl: Add "listenrepv2" for MLDv2 Listener Reports from RFC3810 (authored by kp).
pfctl: Add "listenrepv2" for MLDv2 Listener Reports from RFC3810
pf tests: verify max-pkt-rate on anchors
kp committed rG13358e47edbc: pfctl: fix anchor rules with filter opts, introduce filteropts_to_rule() (authored by kp).
pfctl: fix anchor rules with filter opts, introduce filteropts_to_rule()
Fri, Jun 27
Fri, Jun 27
pfctl: Zap dead code
pfctl: clean up allocation warnings
pfctl: fix memory leak
pfctl: plug some memory leaks
kp committed rGc114db294d5d: pf: Refactor the six ways to find TCP options into one new function. (authored by kp).
pf: Refactor the six ways to find TCP options into one new function.
kp committed rGe2d2aadc292a: pfctl tests: test line number reporting in include files (authored by kp).
pfctl tests: test line number reporting in include files
kp committed rGd40166400955: pfctl: fix reporting of line numbers for included files (authored by kp).
pfctl: fix reporting of line numbers for included files
pf: add 'max-pkt-size'
pf: ensure max-pkt-size works on match rules
kp committed rGe7abf8829d8d: pf: fix ICMP ECHO handling of ID conflicts (authored by Damir Bikmuhametov <boco@ufanet.ru>).
pf: fix ICMP ECHO handling of ID conflicts
kp committed rG32f793e22976: pf tests: test handling of ICMP echo requests with the same ID (authored by kp).
pf tests: test handling of ICMP echo requests with the same ID
Thu, Jun 26
Thu, Jun 26
kp committed rG5c2d3093b27f: pfctl: Plug leak in error case of the common 'varset' implementations. (authored by kp).
pfctl: Plug leak in error case of the common 'varset' implementations.
pf: fix regression in pflog output
pf: decrement TTL in pf_route(6)()
pf: Use pf_send_icmp() consistently in pf_route()
pf: disallow IPv6 routing header by default
pfctl: fails to handle nested 'load anchor' properly
kp committed rGa62c14538100: pf: drop neighbor discovery packets with the wrong hop limit (authored by kp).
pf: drop neighbor discovery packets with the wrong hop limit
Wed, Jun 25
Wed, Jun 25
pf: limit extra SCTP states
kp committed rGa7d631f69d3f: pfctl: fix use-after-free and memory leak in pfctl_optimzie.c (authored by kp).
pfctl: fix use-after-free and memory leak in pfctl_optimzie.c
kp committed rG809ba93c689f: pfctl: rule optimizer: anchor name vs. anchor path mix up (authored by kp).
pfctl: rule optimizer: anchor name vs. anchor path mix up
pf tests: basic max-pkt-rate test
pfctl tests: max-pkt-rate test
pfctl: nested anchors vs. pfctl/parse.y
pf.conf.5: tweak max-pkt-rate
pf: add a generic packet rate matching filter
pf: use counter_rate() for rate checking
kp committed rG1cd5c35d136e: counter(9): rate limit periods may be more than 1 second (authored by kp).
counter(9): rate limit periods may be more than 1 second
Mon, Jun 23
Mon, Jun 23
kp added a comment to D50796: counter(9): rate limit periods may be more than 1 second.
Sat, Jun 21
Sat, Jun 21
kp requested review of D50968: pf: limit extra SCTP states.
kp committed rG2fe78d74faa5: pf tests: do not shutdown the sctp server in sctp:related_icmp (authored by kp).
pf tests: do not shutdown the sctp server in sctp:related_icmp
Thu, Jun 19
Thu, Jun 19
kp added a comment to D50796: counter(9): rate limit periods may be more than 1 second.
kp updated the diff for D50796: counter(9): rate limit periods may be more than 1 second.
man page
Mon, Jun 16
Mon, Jun 16
kp added a comment to D50859: pf.4/pf.conf.5: Remove unused sysctl.
Oh sure, blame me for the commit message ;)
The change is good, but I'd rephrase the commit message slightly. We never actually added the sysctl. The limit was implemented, and the sysctl to tune it was documented but never added (so the limit is there, but is always 16 and cannot be changed).
Sat, Jun 14
Sat, Jun 14
kp added inline comments to D50856: pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS.
kp added inline comments to D50856: pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS.
kp added a comment to D50825: libexec/kgdb: Add a new VNET function and add more scaffolding.
While testing I found that this has issues with vnet variables in kernel modules.
Fri, Jun 13
Fri, Jun 13
qlnx: fix panic at startup
Thu, Jun 12
Thu, Jun 12
kp requested review of D50819: qlnx: fix panic at startup.
net/libpfctl: add 14.3 version
Wed, Jun 11
Wed, Jun 11
kp added a comment to D50796: counter(9): rate limit periods may be more than 1 second.
kp requested review of D50798: pf: add a generic packet rate matching filter.
kp requested review of D50797: pf: use counter_rate() for rate checking.
kp requested review of D50796: counter(9): rate limit periods may be more than 1 second.
kp added a comment to D50781: WIP: pf: Add RFC5549 support for route-to.
I'm going to need to take a deeper look later (probably when I'm back home from BSDCan). First impressions are that the implementation is probably good, but I really dislike the 'RFC5549' naming of the flag and variables. Unfortunately I don't immediately have a better suggestion.
Approved.
Tue, Jun 10
Tue, Jun 10
Approved.
sys: add LINT-NOVIMAGE
Approved, but please only commit it along with a test case that uses this setup code.
kp requested review of D50780: sys: add LINT-NOVIMAGE.
kp added inline comments to D50763: pf: Fix error handling when pf_map_addr() fails.
Approved.
Mon, Jun 9
Mon, Jun 9
kp committed rGf96f838114a2: pf tests: frag6.py:TestFrag6_RouteTo::test_too_big requires scapy (authored by kp).
pf tests: frag6.py:TestFrag6_RouteTo::test_too_big requires scapy
kp committed rG54a547fcb47c: pf: split pf_find_or_create_ruleset() into smaller chunks (authored by kp).
pf: split pf_find_or_create_ruleset() into smaller chunks
pf tests: killstate:key requires scapy
pf: reorganise fragment reassembly
pfctl: add option -S (no domain resolution)
pf: use time_uptime rather than time_seconds
Fri, Jun 6
Fri, Jun 6
pf: fix panic in pf_return()
pf: fix panic in pf_return()
kp requested review of D50725: pf: split pf_find_or_create_ruleset() into smaller chunks.
kp requested review of D50724: pfctl: add option -S (no domain resolution).
kp requested review of D50723: pf: reorganise fragment reassembly.
kp requested review of D50722: pf: use time_uptime rather than time_seconds.
pfctl: void functions and exit(3) on error
kp committed rG6ea237c31eff: pf.conf.5: clarify filter evaluation and anchor loading (authored by kp).
pf.conf.5: clarify filter evaluation and anchor loading
pf.conf.5: clarify set prio
UPDATING: document recent pf changes