kristof (Kristof Provost)
User

Projects

User Details

User Since
Sep 28 2014, 7:22 PM (172 w, 3 d)

Recent Activity

Thu, Jan 11

kristof added a comment to D13766: Introduce mallocarray() in the kernel.
In D13766#290617, @erj wrote:

Is this going to be MFC'd into stable/10 and/or stable/11?

Thu, Jan 11, 10:11 PM

Wed, Jan 10

kristof accepted D13834: Make use of mallocarray in sys/netpfil/ipfw.

ae@ is probably the best person to talk to about ipfw, so you may want to cc him too.

Wed, Jan 10, 8:40 PM

Sat, Jan 6

kristof added a comment to D13715: netpfil: Introduce PFIL_FWD.
In D13715#288702, @eri wrote:

While this is needed i do not agree that the modifications on the stack and packet filters should be so hackish.

Sat, Jan 6, 8:20 PM · network
kristof updated the diff for D13715: netpfil: Introduce PFIL_FWD.

More context. No changes to the diff.

Sat, Jan 6, 8:17 PM · network
kristof updated the diff for D13766: Introduce mallocarray() in the kernel.

Use the OpenBSD mallocarray implementation.

Sat, Jan 6, 3:11 PM
kristof updated the diff for D13766: Introduce mallocarray() in the kernel.

Add __alloc_size attributes.

Sat, Jan 6, 10:48 AM
kristof added inline comments to D13766: Introduce mallocarray() in the kernel.
Sat, Jan 6, 10:34 AM

Thu, Jan 4

kristof updated the diff for D13766: Introduce mallocarray() in the kernel.

Update malloc.9 man page.

Thu, Jan 4, 8:50 PM
kristof added inline comments to D13766: Introduce mallocarray() in the kernel.
Thu, Jan 4, 4:38 PM
kristof added a comment to D13766: Introduce mallocarray() in the kernel.

I have to admit I initially wanted to call it calloc(), but it turns out ZFS already has calloc(size_t, size_t) in sys/cddl/compat/opensolaris/sys/kmem.h, so that failed to build.

Thu, Jan 4, 4:34 PM
kristof updated the diff for D13766: Introduce mallocarray() in the kernel.

Removed incorrect __alloc_size attribute.

Thu, Jan 4, 1:18 PM
kristof created D13766: Introduce mallocarray() in the kernel.
Thu, Jan 4, 1:08 PM

Sun, Dec 31

kristof created D13715: netpfil: Introduce PFIL_FWD.
Sun, Dec 31, 4:38 PM · network

Nov 30 2017

kristof added a comment to D13017: Add IPSec tests in tunnel mode.
aes_cbc_128_hmac_sha1:v4  ->  passed  [1.642s]
aes_cbc_128_hmac_sha1:v6  ->  passed  [1.619s]
aes_cbc_256_hmac_sha2_256:v4  ->  passed  [1.617s]
aes_cbc_256_hmac_sha2_256:v6  ->  passed  [1.680s]
aes_gcm_128:v4  ->  passed  [1.605s]
aes_gcm_128:v6  ->  passed  [1.616s]
aes_gcm_256:v4  ->  passed  [1.844s]
aes_gcm_256:v6  ->  passed  [1.793s]
aesni_aes_cbc_128_hmac_sha1:v4  ->  passed  [1.579s]
aesni_aes_cbc_128_hmac_sha1:v6  ->  passed  [1.742s]
aesni_aes_cbc_256_hmac_sha2_256:v4  ->  passed  [1.601s]
aesni_aes_cbc_256_hmac_sha2_256:v6  ->  passed  [1.611s]
aesni_aes_gcm_128:v4  ->  passed  [1.602s]
aesni_aes_gcm_128:v6  ->  expected_failure: PR 201447: atf-check failed; see the output of the test for details  [12.928s]
aesni_aes_gcm_256:v4  ->  passed  [1.835s]
aesni_aes_gcm_256:v6  ->  expected_failure: PR 201447: atf-check failed; see the output of the test for details  [12.773s]
empty:v4  ->  passed  [1.577s]
empty:v6  ->  passed  [1.593s]
Nov 30 2017, 4:01 PM

Nov 28 2017

kristof added a comment to D13017: Add IPSec tests in tunnel mode.

I'll try again once I see a commit go by that looks like it'd fix that. Do feel free to remind me if I manage to miss it (or forget).

Nov 28 2017, 4:56 PM
kristof added a comment to D13017: Add IPSec tests in tunnel mode.

It looks like something's still wrong:

Nov 28 2017, 11:28 AM

Nov 22 2017

kristof added a comment to D13017: Add IPSec tests in tunnel mode.

Well, I suppose this is good, in that it shows why these tests are useful:

Nov 22 2017, 10:12 PM

Nov 18 2017

kristof added inline comments to D13017: Add IPSec tests in tunnel mode.
Nov 18 2017, 10:21 AM

Nov 11 2017

kristof added a comment to D13017: Add IPSec tests in tunnel mode.

Oh, also: if some of the tests are known to fail we should mark them as such until the issue is fixed.
See 'atf_expect_fail'

Nov 11 2017, 1:56 AM
kristof added a comment to D13017: Add IPSec tests in tunnel mode.

How to add the case of with and without AESNI without rewriting all these tests?

Nov 11 2017, 1:47 AM

Nov 3 2017

kristof added a comment to D12747: loopback route needs RTF_PINNED flag.

I suspect this will also address PR 222647.

Nov 3 2017, 10:22 PM

Oct 25 2017

kristof updated the diff for D12779: Evaluate packet size after the firewall had its chance in the ip6 fast path.
Oct 25 2017, 10:53 AM
kristof added inline comments to D12779: Evaluate packet size after the firewall had its chance in the ip6 fast path.
Oct 25 2017, 8:38 AM

Oct 24 2017

kristof created D12779: Evaluate packet size after the firewall had its chance in the ip6 fast path.
Oct 24 2017, 7:50 PM

Oct 23 2017

kristof added a comment to D12771: epair: Fix panic on unload.

This is similar to how I fixed this problem for pf.

Oct 23 2017, 8:31 PM
kristof created D12771: epair: Fix panic on unload.
Oct 23 2017, 8:29 PM

Oct 14 2017

kristof added a comment to D12639: Enable VIMAGE by default.

Similar results for v6:

Oct 14 2017, 1:40 PM
kristof added a comment to D12639: Enable VIMAGE by default.

With a larger file (102400 bytes) the difference indeed shrinks:

Oct 14 2017, 12:38 PM
kristof added a comment to D12639: Enable VIMAGE by default.

I found some crusty old hardware to run a test on. This is nginx serving its default index page (612 bytes of data).
Test client is wrk. I played around with the number of connections and threads briefly, but didn't see a major difference (in the non-vimage performance, I've not compared vimage there).

Oct 14 2017, 10:11 AM

Oct 12 2017

kristof added a comment to D12639: Enable VIMAGE by default.
In D12639#262598, @bz wrote:

@jtl I am not aware of anyone done a end-host, e.g., webserver kind of performance measurement. No one wanted to volunteer so far.

Oct 12 2017, 12:19 PM

Oct 11 2017

kristof accepted D12639: Enable VIMAGE by default.

Thumbs up. Let's do this.

Oct 11 2017, 9:31 PM

Oct 6 2017

kristof updated the diff for D12580: pf: Basic automated test using VIMAGE.

Sorry, I missed that remark.

Oct 6 2017, 7:36 PM
kristof updated the diff for D12581: pf: Very basic forwarding test.
Oct 6 2017, 6:50 PM

Oct 5 2017

kristof updated the diff for D12581: pf: Very basic forwarding test.
Oct 5 2017, 6:10 PM
kristof added inline comments to D12580: pf: Basic automated test using VIMAGE.
Oct 5 2017, 6:09 PM
kristof updated the diff for D12580: pf: Basic automated test using VIMAGE.

This should address all of the review remarks.

Oct 5 2017, 6:07 PM
kristof abandoned D9429: bridge: Release bridge lock when calling iflladdr_event handler.
Oct 5 2017, 6:00 PM

Oct 3 2017

kristof added inline comments to D12581: pf: Very basic forwarding test.
Oct 3 2017, 9:46 PM
kristof created D12581: pf: Very basic forwarding test.
Oct 3 2017, 8:28 PM
kristof created D12580: pf: Basic automated test using VIMAGE.
Oct 3 2017, 8:26 PM

Sep 21 2017

kristof added a comment to D12433: bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour.

This builds on r323390, right?

Sep 21 2017, 2:00 PM

Sep 8 2017

kristof added a comment to D11401: Kernel pf tests.

I've made a change which I'm testing currently, running pkg with the -r
flag instead of chrooting. Will commit if it works.

Yes, that's even better.

Sep 8 2017, 9:02 PM
kristof added a comment to D11401: Kernel pf tests.

While looking at this I also noticed that this file is (mostly) intended with spaces. FreeBSD style is to use tabs.

Sep 8 2017, 1:33 PM
kristof added inline comments to D11401: Kernel pf tests.
Sep 8 2017, 11:48 AM

Aug 12 2017

kristof added a comment to D12011: Correct multicast address used in pfsync(4).
In D12011#248956, @bcr wrote:

Adding Kristof for confirming that this is the actual address in the code.

Aug 12 2017, 8:42 PM

Aug 9 2017

kristof closed D3272: Add ALTQ(9) CoDel algorithm support.

yes please!

Aug 9 2017, 8:01 AM

Aug 6 2017

kristof updated the summary of D11782: bpf: Fix incorrect cleanup.
Aug 6 2017, 9:33 AM · network

Aug 3 2017

kristof added a comment to D11782: bpf: Fix incorrect cleanup.

I've done a bit more testing, and these debug traces tell the story:

Aug 3 2017, 8:05 PM · network

Jul 31 2017

kristof added a comment to D11782: bpf: Fix incorrect cleanup.

Hmm, good question. I thought I understood the failure flow fully, but now I'm not so sure.

Jul 31 2017, 8:02 PM · network

Jul 30 2017

kristof added a comment to D11782: bpf: Fix incorrect cleanup.
In D11782#244283, @bz wrote:

Is this a consequence of https://svnweb.freebsd.org/base?view=revision&revision=297816 or independent of it?

Jul 30 2017, 8:35 PM · network
kristof created D11782: bpf: Fix incorrect cleanup.
Jul 30 2017, 12:01 PM · network

Jul 22 2017

kristof added a comment to D11629: Handle WITH/WITHOUT_PF in libsysdecode.

I've fixed that style remark and commit it. Thanks for the review!

Jul 22 2017, 12:54 PM

Jul 21 2017

kristof updated the diff for D11629: Handle WITH/WITHOUT_PF in libsysdecode.

Update patch after mkioctls was changed.

Jul 21 2017, 9:42 AM

Jul 18 2017

kristof added a comment to D11629: Handle WITH/WITHOUT_PF in libsysdecode.

Ideally, yes, but it looks like the headers from sys/net (pfvar.h and if_pfsync.h) do get installed, so including those files leads to build failures.

Jul 18 2017, 9:20 PM
kristof added a comment to D11629: Handle WITH/WITHOUT_PF in libsysdecode.

If WITHOUT_PF is set we don't install pf.h (from sys/netpfil/pf), which means the generated file won't compile.
I suppose we could install it, but it's a little odd having pf.h installed if the user explicitly asked not to have pf.

Jul 18 2017, 8:50 PM

Jul 17 2017

kristof created D11629: Handle WITH/WITHOUT_PF in libsysdecode.
Jul 17 2017, 7:12 PM

Jul 13 2017

kristof added a comment to D11322: Tests for pfctl.

I ran into issues with 'install world' with this patch. I think you also want the following:

Jul 13 2017, 10:19 AM · GSoC Students

Jul 12 2017

kristof added a comment to D11322: Tests for pfctl.

I think you're also missing the connection in the pfctl makefile. I've been looking at sbin/mdconfig as an example and it has this:

Jul 12 2017, 8:45 PM · GSoC Students

Jul 10 2017

kristof added a comment to D11322: Tests for pfctl.

This also appears to be missing the integration with the other tests. It can only be used by running it directly from the tests/sbin/pfctl directory.

Jul 10 2017, 1:33 PM · GSoC Students

Jul 9 2017

kristof added inline comments to D11322: Tests for pfctl.
Jul 9 2017, 9:10 AM · GSoC Students

Jul 8 2017

kristof added a comment to D11322: Tests for pfctl.

Cleaned-up version, with improved test descriptions.

Jul 8 2017, 9:10 AM · GSoC Students

Jul 1 2017

kristof added a comment to D11401: Kernel pf tests.

We're intermingling two sets of changes here.

Jul 1 2017, 12:55 PM

Jun 28 2017

kristof added a comment to D11322: Tests for pfctl.

It'd also be good to include the changes required to hook up the sbin/pfctl/Kyuafile to the tests Kyuafile.
Your GitHub repo has a symlink to get recursive behaviour out of Kyua, but there's basically no other symlinks in the repo, so let's avoid that. I'd add a simple include Kyuafile, like ./contrib/atf/Kyuafile does.

Jun 28 2017, 8:14 PM · GSoC Students

Jun 25 2017

kristof added a comment to D11322: Tests for pfctl.

It might also be worth seeing if you can add a couple of tests for ALTQ.
That's also interesting to consider because ALTQ is an optional feature and might not be available in the running kernel.
That'd mean you'd have to have test metadata to figure out if you can sensibly run the test on this system or not (presumably kyua understands the concept of a skipped test).

Jun 25 2017, 1:49 PM · GSoC Students

Jun 21 2017

kristof updated the diff for D11137: PF: implement RFC 4787 REQ 1 and 3 (full cone NAT).

Damjan has updated the patch to fix the style issues and address a panic with non-udp traffic.

Jun 21 2017, 8:56 PM

Jun 10 2017

kristof created D11137: PF: implement RFC 4787 REQ 1 and 3 (full cone NAT).
Jun 10 2017, 5:26 PM

May 11 2017

kristof accepted D10678: Fix panic in persistent hardware MAC storage.

I've just done a quick test. The box no longer panics with this patch.

May 11 2017, 6:33 AM
kristof added a comment to D10678: Fix panic in persistent hardware MAC storage.

I think this is correct, but I think you should skip the {}. The rest of the function does not use them for single-line if statements either.

May 11 2017, 6:20 AM

May 3 2017

kristof abandoned D7528: Merge ifgroup and interface name namespaces.
May 3 2017, 8:21 PM
kristof created D10592: pf: Fix vnet initialisation.
May 3 2017, 8:20 PM

May 2 2017

kristof accepted D10543: ifconfig displays ND6_IFF_NO_DAD as "IGNORELOOP".
May 2 2017, 8:05 PM

Apr 6 2017

kristof updated the diff for D10025: pf: Fix panic on unload.

Use SYSUNINIT() to ensure pf_load() isn't called until after all vnet_pf_uninit()s have been called

Apr 6 2017, 8:31 PM

Mar 21 2017

kristof updated the diff for D10026: pf: Fix possible shutdown race.

Ensure pf_unload() can't continue until pf_purge_thread() is fully done.

Mar 21 2017, 4:29 PM
kristof added a comment to D10026: pf: Fix possible shutdown race.

I see your point about the remaining race and will try to work up a fix according to your suggestion.

Mar 21 2017, 11:42 AM

Mar 18 2017

kristof updated the diff for D10025: pf: Fix panic on unload.

I think you have a point, but I don't want to move pf_load(), because that can fail.

Mar 18 2017, 8:56 AM

Mar 17 2017

kristof added reviewers for D10040: pf: Fix memory leak on vnet shutdown or unload: network, eri.
Mar 17 2017, 5:54 AM
kristof created D10040: pf: Fix memory leak on vnet shutdown or unload.
Mar 17 2017, 5:37 AM
kristof added a comment to D10026: pf: Fix possible shutdown race.

You don't need sx here as you don't need to hold a lock around all cycle. You need to hold lock only when you update pf_end_threads and sleep/wakeup.

Mar 17 2017, 4:12 AM
kristof added a comment to D10025: pf: Fix panic on unload.
In D10025#207198, @eri wrote:

It feels a lot like a hack.
Shouldn't the proper VNET accessor be called on creation and teardown?

Mar 17 2017, 1:40 AM

Mar 16 2017

kristof added reviewers for D10026: pf: Fix possible shutdown race: glebius, eri, jhb, network.
Mar 16 2017, 12:49 PM
kristof created D10026: pf: Fix possible shutdown race.
Mar 16 2017, 12:49 PM
kristof added a reviewer for D10025: pf: Fix panic on unload: network.
Mar 16 2017, 8:16 AM
kristof created D10025: pf: Fix panic on unload.
Mar 16 2017, 8:16 AM

Feb 24 2017

kristof accepted D9782: Remove control+r handling from geliboot's pwgets().
Feb 24 2017, 10:59 AM

Feb 16 2017

kristof accepted D9625: Remove inet_ntoa(); use inet_ntoa_r() instead.

pf bits look good to me.

Feb 16 2017, 6:52 AM

Feb 3 2017

kristof retitled D9429: bridge: Release bridge lock when calling iflladdr_event handler from to bridge: Release bridge lock when calling iflladdr_event handler.
Feb 3 2017, 4:38 PM

Jan 24 2017

kristof updated the diff for D9290: bridge: Release the bridge lock when calling bridge_set_ifcap().

Add the suggested BRIDGE_UNLOCK_ASSERT(), because that's a good idea.

Jan 24 2017, 2:46 PM · network
kristof updated the diff for D9290: bridge: Release the bridge lock when calling bridge_set_ifcap().

Fix a really stupid typo.

Jan 24 2017, 7:39 AM · network

Jan 23 2017

kristof added a member for network: kristof.
Jan 23 2017, 11:31 PM

Jan 22 2017

kristof added reviewers for D9290: bridge: Release the bridge lock when calling bridge_set_ifcap(): hrs, glebius, hselasky, network.
Jan 22 2017, 8:00 PM · network
kristof retitled D9290: bridge: Release the bridge lock when calling bridge_set_ifcap() from to bridge: Release the bridge lock when calling bridge_set_ifcap().
Jan 22 2017, 10:44 AM · network

Jan 14 2017

kristof retitled D9187: Ensure arswitch is always locked when calling arswitch_modifyreg() from to Ensure arswitch is always locked when calling arswitch_modifyreg().
Jan 14 2017, 11:44 PM

Oct 6 2016

kristof added a reviewer for D8165: pf: port extended DSCP support from OpenBSD: kristof.

Looks sane at first glance. I'll try to find time for a second glance in the next few days.

Oct 6 2016, 3:50 PM

Oct 4 2016

kristof accepted D8082: Make 502.pfdenied find blacklistd/* filter names dynamically.
Oct 4 2016, 9:06 PM
kristof added inline comments to D8082: Make 502.pfdenied find blacklistd/* filter names dynamically.
Oct 4 2016, 8:14 PM

Oct 3 2016

kristof accepted D8058: pf: remove fastroute tag.

I'll try to commit this soon.

Oct 3 2016, 1:03 PM

Sep 28 2016

kristof added inline comments to D8058: pf: remove fastroute tag.
Sep 28 2016, 1:00 PM

Sep 22 2016

kristof added a reviewer for D7780: Fix bridge_fragment(): rwatson.

Gnn suggested that Robert had ideas about this. Include him in the review.

Sep 22 2016, 8:37 AM

Sep 6 2016

kristof added a reviewer for D7780: Fix bridge_fragment(): thompsa.
Sep 6 2016, 1:57 PM

Sep 5 2016

kristof added a comment to D7780: Fix bridge_fragment().

Just so we don't lose track of this: I think you've indeed identified the source of the problem with the bridge.

Sep 5 2016, 7:26 PM