User Details
- User Since
- Sep 28 2014, 7:22 PM (194 w, 6 d)
Wed, Jun 20
I'm not sure if I object to this change or not, but it's worth noting that SSIDs are not necessarily UTF-8 strings. Unless the SSIDEncoding is set it is 0-32 octets. Having 0 bytes in the middle of the SSID is valid (though I'd be very surprised if that actually worked on more than a handful of devices). If SSIDEncoding is set it is indeed a UTF-8 string.
For additional fun Microsoft got this wrong and several Windows versions interpret the SSID as being Latin1 encoded.
Sat, Jun 9
I'd prefer the sysctl to reject values that are out of range.
What do you think about this: https://people.freebsd.org/~kp/patches/D14536.patch ?
May 20 2018
Looks good at first glance.
I like the move of the sys/rmlock.h include into pfvar.h, so the header becomes more self-contained (i.e. you don't need extra includes to make your include of pfvar.h work). I'm running test builds for that, because I thought it broke when I tried. Perhaps I messed something else up though.
Apr 11 2018
Well, as I said, I have no views on what the value should be. I defaulted to keeping the old value, but if you've got a good reason to change it that's fine by me.
Apr 9 2018
Good catch, I missed it in the first two cases because that used to be a fixed 65k value. Now that it's user configurable it needs the check too.
Fix static / extern mismatch
Add missing WOULD_OVERFLOW checks.
Apr 8 2018
Apr 6 2018
Committed as r332101
Committed as r332102
Apr 1 2018
What problem does this fix?
Mar 26 2018
Mar 19 2018
Keep the old hooks so other pfil users don't need to change. Allow pf to use the new style of hook, with the flags argument.
Mar 18 2018
Looks sane to me.
Mar 16 2018
Mar 6 2018
Mar 3 2018
I have no specific views on what the value should be. The remark mostly comes from the desire to avoid having the kernel enforce policy. It's only a small extra step here for more flexibility.
I think I'd make net.inet.carp.dscp be an integer, with a default value of (the value of) IPTOS_LOWDELAY.
Mar 2 2018
Would it make sense to set the DSCP value to the value configured in 'net.inet.carp.dscp' rather than a hardcoded value?
Feb 3 2018
Feb 2 2018
Jan 31 2018
Now I'm confused. This isn't about loop detection. This is about detecting if a PFIL_OUT packet is being forwarded or output.
Jan 27 2018
I'm not sure I see how this would create confusion. This merely presents more information about the packet, and where the netpfil hook being called from.
Jan 26 2018
Based around a suggestion from Kyle Evans (who also did all of the work), introduce a flags variable to the pfil callbacks. Keep using PFIL_OUT for forwarded packets, but set the PFIL_FWD flag for them. This allows pf to work out if a packet is being forwarded or not, with essentially no changes to other netpfil consumers.
Jan 11 2018
Jan 10 2018
ae@ is probably the best person to talk to about ipfw, so you may want to cc him too.
Jan 6 2018
More context. No changes to the diff.
Use the OpenBSD mallocarray implementation.
Add __alloc_size attributes.
Jan 4 2018
Update malloc.9 man page.
I have to admit I initially wanted to call it calloc(), but it turns out ZFS already has calloc(size_t, size_t) in sys/cddl/compat/opensolaris/sys/kmem.h, so that failed to build.
Removed incorrect __alloc_size attribute.
Dec 31 2017
Nov 30 2017
aes_cbc_128_hmac_sha1:v4 -> passed [1.642s] aes_cbc_128_hmac_sha1:v6 -> passed [1.619s] aes_cbc_256_hmac_sha2_256:v4 -> passed [1.617s] aes_cbc_256_hmac_sha2_256:v6 -> passed [1.680s] aes_gcm_128:v4 -> passed [1.605s] aes_gcm_128:v6 -> passed [1.616s] aes_gcm_256:v4 -> passed [1.844s] aes_gcm_256:v6 -> passed [1.793s] aesni_aes_cbc_128_hmac_sha1:v4 -> passed [1.579s] aesni_aes_cbc_128_hmac_sha1:v6 -> passed [1.742s] aesni_aes_cbc_256_hmac_sha2_256:v4 -> passed [1.601s] aesni_aes_cbc_256_hmac_sha2_256:v6 -> passed [1.611s] aesni_aes_gcm_128:v4 -> passed [1.602s] aesni_aes_gcm_128:v6 -> expected_failure: PR 201447: atf-check failed; see the output of the test for details [12.928s] aesni_aes_gcm_256:v4 -> passed [1.835s] aesni_aes_gcm_256:v6 -> expected_failure: PR 201447: atf-check failed; see the output of the test for details [12.773s] empty:v4 -> passed [1.577s] empty:v6 -> passed [1.593s]
Nov 28 2017
I'll try again once I see a commit go by that looks like it'd fix that. Do feel free to remind me if I manage to miss it (or forget).
It looks like something's still wrong:
Nov 22 2017
Well, I suppose this is good, in that it shows why these tests are useful:
Nov 18 2017
Nov 11 2017
Oh, also: if some of the tests are known to fail we should mark them as such until the issue is fixed.
See 'atf_expect_fail'
How to add the case of with and without AESNI without rewriting all these tests?
Nov 3 2017
I suspect this will also address PR 222647.
Oct 25 2017
Oct 24 2017
Oct 23 2017
This is similar to how I fixed this problem for pf.
Oct 14 2017
Similar results for v6:
With a larger file (102400 bytes) the difference indeed shrinks:
I found some crusty old hardware to run a test on. This is nginx serving its default index page (612 bytes of data).
Test client is wrk. I played around with the number of connections and threads briefly, but didn't see a major difference (in the non-vimage performance, I've not compared vimage there).
Oct 12 2017
Oct 11 2017
Oct 6 2017
Sorry, I missed that remark.
Oct 5 2017
This should address all of the review remarks.
Oct 3 2017
Sep 21 2017
This builds on r323390, right?
Sep 8 2017
While looking at this I also noticed that this file is (mostly) intended with spaces. FreeBSD style is to use tabs.
Aug 12 2017
Aug 9 2017
Aug 6 2017
Aug 3 2017
I've done a bit more testing, and these debug traces tell the story:
Jul 31 2017
Hmm, good question. I thought I understood the failure flow fully, but now I'm not so sure.
Jul 30 2017
Jul 22 2017
I've fixed that style remark and commit it. Thanks for the review!
Jul 21 2017
Update patch after mkioctls was changed.
Jul 18 2017
Ideally, yes, but it looks like the headers from sys/net (pfvar.h and if_pfsync.h) do get installed, so including those files leads to build failures.
If WITHOUT_PF is set we don't install pf.h (from sys/netpfil/pf), which means the generated file won't compile.
I suppose we could install it, but it's a little odd having pf.h installed if the user explicitly asked not to have pf.
Jul 17 2017
Jul 13 2017
I ran into issues with 'install world' with this patch. I think you also want the following:
Jul 12 2017
I think you're also missing the connection in the pfctl makefile. I've been looking at sbin/mdconfig as an example and it has this:
Jul 10 2017
This also appears to be missing the integration with the other tests. It can only be used by running it directly from the tests/sbin/pfctl directory.
Jul 9 2017
Jul 8 2017
Jul 1 2017
We're intermingling two sets of changes here.
Jun 28 2017
It'd also be good to include the changes required to hook up the sbin/pfctl/Kyuafile to the tests Kyuafile.
Your GitHub repo has a symlink to get recursive behaviour out of Kyua, but there's basically no other symlinks in the repo, so let's avoid that. I'd add a simple include Kyuafile, like ./contrib/atf/Kyuafile does.
Jun 25 2017
It might also be worth seeing if you can add a couple of tests for ALTQ.
That's also interesting to consider because ALTQ is an optional feature and might not be available in the running kernel.
That'd mean you'd have to have test metadata to figure out if you can sensibly run the test on this system or not (presumably kyua understands the concept of a skipped test).
Jun 21 2017
Damjan has updated the patch to fix the style issues and address a panic with non-udp traffic.
Jun 10 2017
May 11 2017
I've just done a quick test. The box no longer panics with this patch.
I think this is correct, but I think you should skip the {}. The rest of the function does not use them for single-line if statements either.