- User Since
- Feb 5 2016, 2:19 PM (84 w, 6 d)
Fri, Sep 15
Small comestic proposal (check my 2 comments).
Wed, Sep 13
It's okay, portlint is just an helper tool and didn't catch this port complexity.
Tue, Sep 12
Fri, Sep 8
Don't know what is a "mad64" arch, but it's okay :)-
Thu, Sep 7
Wed, Sep 6
Tue, Sep 5
Mon, Sep 4
Fri, Sep 1
I didn't rebuild the full doc for testing error syntax, but by reading all of your changes it seems okay.
Wed, Aug 30
Does a "LICENSE= NONE" valid in this case ? (avoid complains from portlint -A)
Mmm… your email is not updated into the MAINTAINER field on this port: Your commit r448911 correctly updated all your email: Does this mean your are working on a non-updated local source tree ?
Tue, Aug 29
Good: You correctly used the good capitalization rule for "FreeBSD" :-)
Mon, Aug 28
How do you measure the 25% performance increase ?
Aug 14 2017
About 30% performance drop regression (from 2.8Mpps to 1.8Mpps) during forwarding of smallest packet:
Jul 21 2017
Jul 20 2017
Jul 19 2017
Jul 17 2017
Jul 6 2017
Jul 5 2017
On the first platform: PC Engines APU2C4 (quad core AMD GX-412T Processor 1 GHz), 3 Intel i210AT Gigabit Ethernet ports
- LRO/TSO disabled
- 2000 flows of smallest UDP packets
- Traffic load at 1.448Mpps (Gigabit line-rate)
Jul 3 2017
Jul 2 2017
I've tested this patch on a setup where this feature is usefull: Using Mediation (NAT hole punching) feature of Strongswan for connecting 2 sites with IPSec, each site behind a NAT box (https://bsdrp.net/documentation/examples/strongswan_ipsec_mediation_feature).
Previously I had to use nat keyword "static-port" into pf line configuration for "helping" pf to keept original UDP source port, then allowing this feature to work.
With this patch, a standard pf nat (without any option) allow to create NAT hole: I don't think it's a "security downgrade" problem, because NAT was never desing for security.
Jun 29 2017
I like it: It's work :-)
Some potential improvement:
- allowing to configure just the rule number (01000) in place of having to declaring the full rule line
- Cosmetic: Setting a name to the ksocket, like export-flow or something like that (it just help to describe a little-better the graphiz).
Jun 19 2017
Jun 14 2017
Jun 4 2017
May 31 2017
May 29 2017
May 10 2017
May 9 2017
The updated code should answer to all remarks.
About the sys/modules/Makefile diff: I've synced my FreeBSD src tree to the last revision which updated this file, and when I've updated this review it had included by mistake the change.
May 8 2017
Author update his patch and addressed most of the phabricator comments and update it for supporting APU1,2 and 3 boards.
Apr 27 2017
Apr 20 2017
Apr 13 2017
Apr 10 2017
Apr 3 2017
Ok then with one stateless rules:
Mar 31 2017
With a simple ipfw.conf file:
Mar 24 2017
Mar 8 2017
Good catch about only reassembling IPv4 traffic.
Mar 7 2017
More information about this problem created with local_unbound (that add DNSSEC support to DNS query) AND "firewall workstation" mode.
Mar 6 2017
Mar 5 2017
I was sending 2000 UDP flows at gigabit line rate (1.48Mpps):
Mar 4 2017
With netisr is enabled on this 64bits platform, performance decrease about 22%:
Here is the benefit on standard server:
Mar 3 2017
Feb 14 2017
On a router/firewall use case: About -13% performance drop (4 cores Intel Xeon L5630 with Intel 82599EB NIC)
Feb 6 2017
This patch correctly fix the buildworld with WITHOUT_ZFS=