Page MenuHomeFreeBSD

peter_libassi.se (Peter Libassi)
User

Projects

User does not belong to any projects.

User Details

User Since
Jul 25 2020, 2:06 PM (60 w, 5 d)

Recent Activity

Dec 3 2020

peter_libassi.se added a comment to D27461: net-mgmt/unifi6: Update to 6.0.41.

patched my 6.0.28 in /usr/ports/unifi6. make; make deinstall ; make reinstall. I'm on 6.0.41 now, all seems to be working.

Dec 3 2020, 7:16 PM

Nov 28 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

I'm not seeing those files in 80072.

Nov 28 2020, 10:08 AM
peter_libassi.se added a comment to D26137: Wireguard merge.
  • more dead code GC
  • add header licenses
Nov 28 2020, 6:57 AM

Nov 24 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

moved the test setup to a different machine and after 1 hour and 19 minutes of running the test setup i got a panic here:

Stefan, I'm on r367980 with diff 79843 and I manually removed the mfree line in wg_encap since the latest diff 79919 could not be used. I've run your test for over 6 hours now without any panic. I even added iperf3 --udp and bombarded the server over the wg link for one hour. Only difference what I understand is that i'm on a bare metal server and you run in a bhyve/vale instance. Could what you see now instead be an issue with the virtualization layer?

Nov 24 2020, 7:21 PM

Nov 23 2020

peter_libassi.se added a comment to D26137: Wireguard merge.
  • fix BPF issue
  • avoid socket operations when link is down
  • fix use after free
Nov 23 2020, 8:35 AM

Nov 15 2020

peter_libassi.se added a comment to D26137: Wireguard merge.
  • fix ifwg.c compile
  • avoid enqueueing tasks when link is down
  • wait for tasks to complete before detach
Nov 15 2020, 1:40 PM

Oct 25 2020

peter_libassi.se added a comment to D26137: Wireguard merge.
  • rebase
  • fix WGC_SET priv_check to work in jails
  • mark link down before starting detach
Oct 25 2020, 2:22 PM

Oct 15 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

In order to have working wg in VIMAGE jails:

diff --git a/sys/dev/if_wg/module/module.c b/sys/dev/if_wg/module/module.c
index 6aa4aa52c146..23fda51b4935 100644
--- a/sys/dev/if_wg/module/module.c
+++ b/sys/dev/if_wg/module/module.c
@@ -766,7 +766,7 @@ wg_priv_ioctl(if_ctx_t ctx, u_long command, caddr_t data)
                        return (wgc_get(sc, ifd));
                        break;
                case WGC_SET:
-                       if (priv_check(curthread, PRIV_DRIVER))
+                       if (priv_check(curthread, PRIV_NET_HWIOCTL))
                                return (EPERM);
                        return (wgc_set(sc, ifd));
                        break;

since PRIV_DRIVER is not in the privileges specific to prisons with a virtual network stack.
Or maybe create PRIV_NET_WG after all.

Oct 15 2020, 7:40 AM

Oct 13 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

Can you try this patch:

Did not help. Same results as before.

Oct 13 2020, 2:13 PM

Oct 12 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

It seems that the new wg interface is not completely jail-ready yet. I'm exposing the wg interface in devfs.rules with
[devfsrules_jail_wg=10]
add include $devfsrules_jail_vnet
add path 'wg*' unhide

Oct 12 2020, 10:49 AM

Oct 10 2020

peter_libassi.se added a comment to D26137: Wireguard merge.
  • Don't advertise checksum offload
Oct 10 2020, 4:22 PM

Sep 11 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

Bad news, remember https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247853
comment 6 item2 and comment 8. Local access to wg-host services was early an issue, then with D26137 this issue was solved and do still work.

Now i've found as it seems that issue is the other way around, services on a remote host is not accessible. Below my test setup:

bsd1 em0:172.16.0.150/24 --- bsd2 em0:172.16.0.179/24

bsd2 ue0:172.16.42.1/24 ---bsd22 172.16.42.2

bsd1 wg0:192.168.3.1/24 ----- bsd2 wg0:192.168.3.2/24

ping and traceroute works to all IP addresses
bsd1 ssh to bsd2 192.168.3.2 works
bsd1 ssh to bsd2 172.16.42.1 works
bsd1 ssh to bsd22 172.16.42.2 does not work

I tried these routes over wg0, same result:
route add -inet 172.16.42.0/24 192.168.3.2
route add -inet 172.16.42.0/24 -interface wg0

bsd1 ssh to bsd22 works (of course) if I change the route to
route add -inet 172.16.42.0/24 172.16.0.179
i.e no wireguard, instead via local lan em0

tested on r365550 with Diff 76838

I don't understand the description of your setup. Could you please give me the exact steps for reproducing.

Sep 11 2020, 8:35 PM

Sep 10 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

Bad news, remember https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247853
comment 6 item2 and comment 8. Local access to wg-host services was early an issue, then with D26137 this issue was solved and do still work.

Sep 10 2020, 4:02 PM

Sep 9 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

Hostname in the endpoint directive does not resolve to an IP address:

Sep 9 2020, 10:58 AM

Sep 8 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

In any case, you're seeing 897Mbps, while perfect would be 910Mbps (given my math above) so you're seeing 98.6% of whats possible in-theory.

This should be close enough.

Thanks for the theory session. This helps setting the right expectations.

Sep 8 2020, 8:45 AM
peter_libassi.se added a comment to D26137: Wireguard merge.
  • fix allowedips in peer-list output
Sep 8 2020, 7:47 AM

Sep 7 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

Tested diff 76721 on r365402

Sep 7 2020, 4:30 PM

Sep 4 2020

peter_libassi.se added a comment to D26137: Wireguard merge.

tested on r364973

Sep 4 2020, 9:37 AM