Page MenuHomeFreeBSD

kp (Kristof Provost)
User

Projects

User Details

User Since
Sep 28 2014, 7:22 PM (268 w, 3 d)

Recent Activity

Tue, Nov 19

kp accepted D22443: Reduce the vnet_set module size of ip_mroute to allow loading as a module..
Tue, Nov 19, 2:38 PM
kp added inline comments to D22443: Reduce the vnet_set module size of ip_mroute to allow loading as a module..
Tue, Nov 19, 2:02 PM

Wed, Nov 13

kp accepted D22327: RISC-V: Print SBI info at startup.
Wed, Nov 13, 10:05 AM
kp accepted D22326: RISC-V: add support for SBI spec v0.2.
Wed, Nov 13, 10:04 AM

Tue, Nov 12

kp requested changes to D22326: RISC-V: add support for SBI spec v0.2.
Tue, Nov 12, 12:12 PM
kp added inline comments to D22327: RISC-V: Print SBI info at startup.
Tue, Nov 12, 11:54 AM
kp accepted D22325: RISC-V: pass arg6 in sbi_call.
Tue, Nov 12, 10:43 AM

Fri, Oct 25

kp accepted D22151: RISC-V: skip cpu-map when parsing elf_hwcap.
Fri, Oct 25, 3:11 PM

Oct 17 2019

pi renamed kp from kristof to kp.
Oct 17 2019, 4:18 AM

Oct 15 2019

kp added a reviewer for D22035: Generalize ARM specific comments in devmap: manu.
Oct 15 2019, 12:51 AM

Oct 13 2019

kp added inline comments to D22003: Add lle_event handler to ARP.
Oct 13 2019, 6:06 PM

Oct 12 2019

kp added inline comments to D22003: Add lle_event handler to ARP.
Oct 12 2019, 8:22 PM
kp accepted D21998: RISC-V: Call devmap_print_table() on bootverbose.

Minor nit: Mention where this is mentioned (i.e. the comments to the function).
Other than that this looks like a good idea to me.

Oct 12 2019, 5:39 PM

Oct 5 2019

kp abandoned D18679: libxo: Fix XML output if a container name is a number.
Oct 5 2019, 1:21 PM

Oct 4 2019

kp added a comment to D21897: mountroot: Run statfs after mounting devfs.

This happens on a riscv machine, running from an mdroot (although I'm not sure if that's relevant to trigger it), not running devd during the aio_test:md_waitcomplete regression test.
That test opens /dev/mdX and tries to perform an aio write on it, which ends up failing. I'm not sure I fully understand the intent behind the test, but it revealed that the aio code considered that to be an unsafe. The safety check code thinks that mp->mnt_stat.f_iosize is relevant, and because of the lack of VFS_STATFS call that was still set to 0 for devfs.

Oct 4 2019, 7:16 PM
kp created D21897: mountroot: Run statfs after mounting devfs.
Oct 4 2019, 5:18 PM

Sep 25 2019

kp accepted D21772: Style cleanup in elf_machdep.c.
Sep 25 2019, 9:05 AM

Sep 11 2019

kp accepted D21576: Small fix to CPU Compatibility Identification.
Sep 11 2019, 4:13 PM

Sep 8 2019

kp added a comment to D20568: Add a section to blacklistd to the PF chapter of the handbook.

Other than the typo this looks good to me.

Sep 8 2019, 2:54 AM

Sep 5 2019

kp created D21538: riscv: Ensure that BSS is 8-byte aligned.
Sep 5 2019, 7:09 PM
kp created D21537: csu: Add the riscv .init call sequence.
Sep 5 2019, 7:05 PM

Sep 4 2019

kp accepted D21521: pkgbase: pfctl: tests: Put tests files in the FreeBSD-tests package.
Sep 4 2019, 3:53 PM

Aug 16 2019

D21276: Move pft_ping.py and sniffer.py to the common test directory is now accepted and ready to land.
Aug 16 2019, 2:03 PM
kp added a comment to D21276: Move pft_ping.py and sniffer.py to the common test directory.

This probably also wants this:

Aug 16 2019, 9:29 AM

Aug 15 2019

D21267: pf tests: Fix accidental duplication of content is now accepted and ready to land.
Aug 15 2019, 11:24 AM

Aug 14 2019

kp accepted D21199: NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf.
Aug 14 2019, 12:21 PM

Aug 12 2019

kp added a comment to D21199: NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf.

And this is wrong, or at least very confusing, in firewall_init():

Aug 12 2019, 2:41 PM

Aug 11 2019

kp added a comment to D21199: NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf.

I seem to run into issues running the ipfw_basic test:

Aug 11 2019, 5:01 PM

Jul 31 2019

kp added inline comments to D21065: Pass/Block test for three firewalls (pf, ipfw, ipf).
Jul 31 2019, 8:37 AM · GSoC Students

Jul 29 2019

D21065: Pass/Block test for three firewalls (pf, ipfw, ipf) is now accepted and ready to land.

I think I'm happy with this.
I'll give Tom a bit of time to add any more remarks he might have, but I think we can commit this soon.

Jul 29 2019, 8:39 PM · GSoC Students
kp added a comment to D21100: riscv: Fix copyin/copyout.

Full context.

Jul 29 2019, 1:57 PM
kp added a comment to D21086: pf: Remove partial RFC2675 support.
In D21086#457948, @ae wrote:

Does this mean that you concluded in the IETF mailing list to drop this support?

Jul 29 2019, 1:55 PM
kp created D21100: riscv: Fix copyin/copyout.
Jul 29 2019, 12:58 PM

Jul 28 2019

kp added a comment to D21086: pf: Remove partial RFC2675 support.

Remove more bits, as suggested by thj

Jul 28 2019, 7:44 PM

Jul 27 2019

kp added inline comments to D21065: Pass/Block test for three firewalls (pf, ipfw, ipf).
Jul 27 2019, 8:52 PM · GSoC Students
kp added a reviewer for D21086: pf: Remove partial RFC2675 support: thj.
Jul 27 2019, 1:32 PM
kp created D21086: pf: Remove partial RFC2675 support.
Jul 27 2019, 1:32 PM

Jul 26 2019

kp added a comment to D21065: Pass/Block test for three firewalls (pf, ipfw, ipf).

I'd want Tom to have a look too, but I think we're pretty close to something ready to commit.

Jul 26 2019, 4:05 PM · GSoC Students
kp added a comment to D21065: Pass/Block test for three firewalls (pf, ipfw, ipf).

Also, I get 'install: /usr/tests/sys/netpfil/common/pass_block: No such file or directory' trying to install world.
This patch is missing this:

Jul 26 2019, 11:34 AM · GSoC Students

Jul 25 2019

kp added inline comments to D21065: Pass/Block test for three firewalls (pf, ipfw, ipf).
Jul 25 2019, 8:00 PM · GSoC Students

Jul 8 2019

kp added a comment to D20868: epair: Fix shutdown race.

I think I now understand better how the problem happens. It's specific to epair.
It's indeed a race between if_vmove() moving the interface back into its original vnet, and the epair interface getting destroyed. Destruction of epairs is special, because we remove two interfaces at once.
See epair_clone_destroy(). There we if_detach() (through ether_ifdetach()) the other interface as well. If that interface has been moved out of the vnet by then the if_detach() will fail, but this does not return an error (if_detach_internal() does). So we end up freeing the ifp, while if_vmove() is reinserting it in another vnet, leading to the described panic.

Jul 8 2019, 3:27 PM

Jul 7 2019

kp added a reviewer for D20868: epair: Fix shutdown race: mmacy.
Jul 7 2019, 5:18 PM
kp added a comment to D20868: epair: Fix shutdown race.

Good point. While this does make things a lot better (as in, nearly perfectly reliable panic running the pf tests, to being able to loop the tests all night, when combined with D20869), I think you're right that the race is still there.

Jul 7 2019, 5:18 PM

Jul 6 2019

kp added reviewers for D20869: vnet: Fix panic when shutting down jails and deleting interfaces simultaneously: bz, mmacy.
Jul 6 2019, 5:36 PM
kp created D20869: vnet: Fix panic when shutting down jails and deleting interfaces simultaneously.
Jul 6 2019, 5:36 PM
kp added a reviewer for D20868: epair: Fix shutdown race: bz.
Jul 6 2019, 5:35 PM
kp created D20868: epair: Fix shutdown race.
Jul 6 2019, 5:35 PM

Jun 16 2019

kp added a comment to D20568: Add a section to blacklistd to the PF chapter of the handbook.

Given that it's possible to use blacklistd with ipfw as well (at least, I believe it is), it should probably get its own chapter, with pf and ipfw subchapters.

Jun 16 2019, 2:35 PM

Jun 15 2019

kp added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..
In D20616#445627, @jhb wrote:

Is this routine used for transmit or only for receive? In the current patch, unmapped mbufs are only used for transmit. The comments in pf_check_proto_cksum imply it might only apply to receive in which case it should be fine as-is.

Jun 15 2019, 3:28 PM
kp added inline comments to D20568: Add a section to blacklistd to the PF chapter of the handbook.
Jun 15 2019, 2:38 PM

Jun 12 2019

kp added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..
In D20616#445618, @jhb wrote:
In D20616#445537, @kristof wrote:

What happens if a firewall is enabled and an unmapped mbuf is passed through pfil(9)?
I suspect that, if a pfil hook is hit, we'd also have to copy it in, just like when a checksum needs to be updated.

Only if the firewall needs to read/write actual packet data. Protocol headers (TCP, IP, etc.) are always stored in a normal mbuf at the start of a packet's mbuf chain. Unmapped mbufs only hold payload data that is stored in a socket buffer, so most of the filters I can think of off the top of my head as well as things like NAT should only operate on the normal mbuf holding the headers.

Okay, thanks. That should indeed just work. The 'pf_check_proto_cksum()' flow, assuming there's no hardware assist, might break. I suspect that hardware which uses unmapped mbufs is always going to have checksum offload, so that's probably not an issue either.

Jun 12 2019, 5:16 PM
kp added a comment to D20616: Add a new external mbuf type that holds multiple unmapped pages..

What happens if a firewall is enabled and an unmapped mbuf is passed through pfil(9)?
I suspect that, if a pfil hook is hit, we'd also have to copy it in, just like when a checksum needs to be updated.

Jun 12 2019, 6:55 AM

May 15 2019

kp added a comment to D20168: Start testing cloned interfaces.

There are sadly still a lot of panics triggered by these tests.

May 15 2019, 3:45 PM · network

May 6 2019

kp added a comment to D20168: Start testing cloned interfaces.

That seems like a good idea. I'll try to bring it up during the BSDCan devsummit.

May 6 2019, 3:48 PM · network

Apr 18 2019

kp added a comment to D19960: Remove support for RFC2675.

Burn it with fire! This code is not used, and pretty much can't be used, so let's get rid of it.

Apr 18 2019, 5:19 PM
kp added a comment to D19957: devfs: Add 'devfsrules_vnet_jail'.

Rather annoyingly things like ezjail can't directly use the devfsrules_vnet_jail name. They must specify the number. See https://svnweb.freebsd.org/base/head/libexec/rc/rc.d/jail?view=markup#l238
I have no idea how to address that, but this at the very least will hint users in the direction of what they may want for vnet jails.

Apr 18 2019, 3:01 PM
kp created D19957: devfs: Add 'devfsrules_vnet_jail'.
Apr 18 2019, 3:00 PM
kp added a reviewer for D19838: Fix a memory leak in pw when invoked with -V or -R: bapt.

cc bapt who knows more about this code than I do.

Apr 18 2019, 11:02 AM
kp accepted D19952: Add a bugs section to pflog man page.

LGTM. It may be useful to point at 122773 in the commit message for extra context.

Apr 18 2019, 10:42 AM
kp added inline comments to D19939: Some cleanups for the PF chapter in the handbook.
Apr 18 2019, 10:29 AM

Apr 17 2019

kp added a comment to D19838: Fix a memory leak in pw when invoked with -V or -R.

It's not clear to me how this leaks memory. Can you go into a bit more detail about how you found the memory leak, and the codepath it follows?

Apr 17 2019, 11:19 AM

Apr 9 2019

kp accepted D19861: Update and clarify pflog man page.
Apr 9 2019, 12:32 PM

Mar 30 2019

kp accepted D19757: if_bridge(4): Complete bpf auditing of local traffic over the bridge.
Mar 30 2019, 4:53 PM

Mar 23 2019

kp accepted D19614: if_bridge(4): ensure all traffic passing over the bridge is accounted for.
Mar 23 2019, 12:27 PM

Mar 19 2019

kp accepted D19317: Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code.
Mar 19 2019, 7:34 AM

Mar 15 2019

kp added a comment to D19586: if_bridge: Give bpf a shot at packets passed over the bridge.

I don't see any obvious problems, but I don't think I know this part of the code well enough to say for sure.

Mar 15 2019, 2:33 PM
kp added a reviewer for D19586: if_bridge: Give bpf a shot at packets passed over the bridge: philip.
Mar 15 2019, 2:16 PM
kp added a comment to D19111: Summary: widen net_epoch coverage up to all packet processing.
panic: Assertion in_epoch(net_epoch_preempt) failed at /usr/src/sys/netinet6/nd6_rtr.c:874
cpuid = 3
time = 1552657485
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0091c86300
vpanic() at vpanic+0x19d/frame 0xfffffe0091c86350
panic() at panic+0x43/frame 0xfffffe0091c863b0
defrouter_select_fib() at defrouter_select_fib+0x52a/frame 0xfffffe0091c86460
defrouter_del() at defrouter_del+0x15f/frame 0xfffffe0091c864a0
nd6_purge() at nd6_purge+0x1af/frame 0xfffffe0091c864f0
if_detach_internal() at if_detach_internal+0x7f6/frame 0xfffffe0091c86570
if_detach() at if_detach+0x3d/frame 0xfffffe0091c86590
epair_clone_destroy() at epair_clone_destroy+0x98/frame 0xfffffe0091c865e0
if_clone_destroyif() at if_clone_destroyif+0x175/frame 0xfffffe0091c86630
if_clone_destroy() at if_clone_destroy+0x205/frame 0xfffffe0091c86680
ifioctl() at ifioctl+0x3de/frame 0xfffffe0091c86750
kern_ioctl() at kern_ioctl+0x28a/frame 0xfffffe0091c867c0
sys_ioctl() at sys_ioctl+0x15d/frame 0xfffffe0091c86890
amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe0091c869b0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0091c869b0
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004852ca, rsp = 0x7fffffffe228, rbp = 0x7fffffffe240 ---
KDB: enter: panic
[ thread pid 93197 tid 100466 ]
Stopped at      kdb_enter+0x3b: movq    $0,kdb_why
db>

During the sys/netinet/fibs_test:slaac_on_nondefault_fib6 test, I believe.

Mar 15 2019, 1:56 PM

Mar 14 2019

kp accepted D19578: if_bridge(4): Fix module teardown .

Oh yes, of course.

Mar 14 2019, 6:00 PM
kp added a comment to D19578: if_bridge(4): Fix module teardown .

Do we need to virtualise the bridge_rtnode_zone? Doesn't the cleanup call to bridge_rtflush() take care of all of the allocations already?

Mar 14 2019, 5:49 PM
kp added a comment to D19578: if_bridge(4): Fix module teardown .

I'll try to take a more in-depth look later today.

Mar 14 2019, 6:34 AM

Mar 13 2019

kp accepted D19573: ether: centralize fake hwaddr generation.

LGTM.

Mar 13 2019, 7:49 PM
kp updated the diff for D19558: pf :Use counter(9) in pf tables..

Add comment

Mar 13 2019, 4:17 PM

Mar 12 2019

kp updated the summary of D19558: pf :Use counter(9) in pf tables..
Mar 12 2019, 12:47 PM
kp added a reviewer for D19558: pf :Use counter(9) in pf tables.: network.
Mar 12 2019, 12:46 PM
kp created D19558: pf :Use counter(9) in pf tables..
Mar 12 2019, 12:45 PM
kp accepted D19530: Followup to PR231977: Mention that /etc/pf.conf must be created first.
Mar 12 2019, 10:07 AM

Mar 8 2019

kp added a comment to D19459: subversion: update commit message template to allow URLs in PR field.

@bdrewery and I both independently had the same idea. He mentioned it in D19426.

Ah, I hadn't looked at that review yet.

Mar 8 2019, 5:20 PM
kp added a comment to D19459: subversion: update commit message template to allow URLs in PR field.

https://bugs.freebsd.org/12345 redirects to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=12345. Wouldn't the first form be better? It's shorter and likely easier to map to whatever bug tracker we might move to after bugzilla (if we ever do change). It also looks more like the phabricator links.

Mar 8 2019, 9:37 AM

Mar 5 2019

kp updated the summary of D19248: tun: VIMAGE fix for if_tun cloner.
Mar 5 2019, 9:24 AM
kp updated the diff for D19248: tun: VIMAGE fix for if_tun cloner.

'\0'

Mar 5 2019, 9:24 AM

Mar 4 2019

kp added a comment to D19248: tun: VIMAGE fix for if_tun cloner.

If there are no objections I'm going to commit this soon.

Mar 4 2019, 6:34 PM

Feb 27 2019

kp updated the diff for D19248: tun: VIMAGE fix for if_tun cloner.

Fix issues pointed out by hrs.

Feb 27 2019, 2:57 PM
kp updated the diff for D19248: tun: VIMAGE fix for if_tun cloner.

Fix tun_clone_match() to not match on e.g. tunnel.

Feb 27 2019, 2:28 PM
kp added inline comments to D19248: tun: VIMAGE fix for if_tun cloner.
Feb 27 2019, 1:50 PM
kp added inline comments to D19248: tun: VIMAGE fix for if_tun cloner.
Feb 27 2019, 1:34 PM
kp updated the diff for D19248: tun: VIMAGE fix for if_tun cloner.

Remove stray debug lines

Feb 27 2019, 9:52 AM
kp updated the diff for D19248: tun: VIMAGE fix for if_tun cloner.

Ensure that unit numbers are system-unique.

Feb 27 2019, 9:37 AM

Feb 24 2019

kp added a comment to D19317: Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code.

The pf bit is good.
Everything else looks good to me as well, modulo the remark karels had about the XXX comment.

Feb 24 2019, 8:25 PM

Feb 21 2019

kp added a comment to D19111: Summary: widen net_epoch coverage up to all packet processing.

New panic, I suspect while an interface is being moved into or out of a vnet jail.
The pf tests seem to trigger a lot of edge cases, so you may want to see if you can get them to run too. They don't need much setup (basically, pkg install scapy kyua, then kldload pfsync ; cd /usr/tests/sys/netpfil/pf ; sudo kyua test).

Feb 21 2019, 12:50 PM

Feb 20 2019

kp added a comment to D19248: tun: VIMAGE fix for if_tun cloner.

Thanks. The original reporter of the bug discovered that too.

Feb 20 2019, 12:54 PM

Feb 19 2019

kp added reviewers for D19248: tun: VIMAGE fix for if_tun cloner: network, bz.
Feb 19 2019, 6:28 PM
kp created D19248: tun: VIMAGE fix for if_tun cloner.
Feb 19 2019, 6:27 PM

Feb 11 2019

kp added a comment to D19111: Summary: widen net_epoch coverage up to all packet processing.

This one boots, but panics when I kldload pfsync:

Feb 11 2019, 9:44 PM

Feb 10 2019

kp accepted D19131: Decrease the time the kernel takes to install a new PF config with a large number of queues.
Feb 10 2019, 1:46 PM

Feb 9 2019

kp added a comment to D19124: Fix HFSC configuration bug introduced in r343287.

I have no objections to the patch, but I don't know enough about HFSC to meaningfully review this, I'm afraid.

Feb 9 2019, 1:58 PM

Feb 8 2019

kp added a comment to D19111: Summary: widen net_epoch coverage up to all packet processing.

I'm pretty sure that ipv6_activate_all_interfaces="YES" in /etc/rc.conf is the trigger for the previous panic.
That also matches nicely with the backtrace. Presumably nd6_dad_timer() doesn't enter the NET_EPOCH.

Feb 8 2019, 3:15 PM
kp added a comment to D19111: Summary: widen net_epoch coverage up to all packet processing.

This panics my test vm:

Feb 8 2019, 10:43 AM

Feb 2 2019

kp accepted D18924: bridge: Fix spurious warnings about capabilities.

LGTM

Feb 2 2019, 10:10 AM

Jan 29 2019

kp added a comment to D18951: New pfil(9).

Did you happen to do any benchmarking on this? I'd have expected "Sync pfil hooks epoch(9)" to give us a (small) performance improvement, but my initial test shows a small reduction in forwarding performance (with pf loaded).

Jan 29 2019, 8:34 PM