Author: kp
Date: Wed May 30 07:11:33 2018
New Revision: 334375
URL: https://svnweb.freebsd.org/changeset/base/334375
Log:
pf: Replace rwlock on PF_RULES_LOCK with rmlock
Given that PF_RULES_LOCK is a mostly read lock, replace the rwlock with
rmlock.
This change improves packet processing
On 30 May 2018, at 14:13, Hartmann, O. wrote:
> On Wed, 30 May 2018 07:11:34 + (UTC)
> Kristof Provost wrote:
>
>> Author: kp
>> Date: Wed May 30 07:11:33 2018
>> New Revision: 334375
>> URL: https://svnweb.freebsd.org/changeset/base/334375
>>
>>
Author: kp
Date: Wed May 30 12:40:37 2018
New Revision: 334379
URL: https://svnweb.freebsd.org/changeset/base/334379
Log:
pf: Add missing include statement
rmlocks require as well as .
Unbreak mips build.
Modified:
head/sys/net/pfvar.h
Modified: head/sys/net/pfvar.h
=
On 30 May 2018, at 14:33, Hartmann, O. wrote:
> On Wed, 30 May 2018 14:17:30 +0200
> "Kristof Provost" wrote:
>
>> On 30 May 2018, at 14:13, Hartmann, O. wrote:
>>> On Wed, 30 May 2018 07:11:34 + (UTC)
>>> Kristof Provost wrote:
>>>
On 30 May 2018, at 17:43, Conrad Meyer wrote:
On Wed, May 30, 2018 at 5:41 AM, Kristof Provost
wrote:
Odd. The other reports I got were mips only. I did test amd64.
Are you using gcc to build perhaps?
r334379 should fix it.
Hi Kristof,
Oliver uses a non-GENERIC kernel, which often catches
Author: kp
Date: Wed Jun 6 19:36:37 2018
New Revision: 334726
URL: https://svnweb.freebsd.org/changeset/base/334726
Log:
pf: Return non-zero from 'status' if pf is not enabled
In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf
onestatus` always provided an exit st
Author: kp
Date: Thu Jun 7 13:14:09 2018
New Revision: 334781
URL: https://svnweb.freebsd.org/changeset/base/334781
Log:
ipfw: fix whitespace
No functional changes.
Modified:
head/etc/rc.d/ipfw
Modified: head/etc/rc.d/ipfw
===
Author: kp
Date: Thu Jun 7 13:16:53 2018
New Revision: 334782
URL: https://svnweb.freebsd.org/changeset/base/334782
Log:
ipfw: fix status if ipfw.ko is not loaded
If the ipfw module is not loaded the net.inet.ip.fw.enable OID does not exist,
which leads the script to report errors and in
Author: kp
Date: Sat Jun 9 14:17:06 2018
New Revision: 334876
URL: https://svnweb.freebsd.org/changeset/base/334876
Log:
pf: Fix deadlock with route-to
If a locally generated packet is routed (with route-to/reply-to/dup-to) out of
a different interface it's passed through the firewall ag
Author: kp
Date: Sat Jun 9 14:21:07 2018
New Revision: 334877
URL: https://svnweb.freebsd.org/changeset/base/334877
Log:
pf tests: Basic route-to tests
Very basic route-to tests. These tests attempt to provoke PR 228782 for IPv4
and IPv6. A test failure will panic the machine.
Added:
Author: kp
Date: Fri Jun 22 21:59:30 2018
New Revision: 335569
URL: https://svnweb.freebsd.org/changeset/base/335569
Log:
pf: Support "return" statements in passing rules when they fail.
Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be
Author: kp
Date: Sun Dec 3 13:52:35 2017
New Revision: 326497
URL: https://svnweb.freebsd.org/changeset/base/326497
Log:
Add IPSec tests in tunnel mode
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations. These tests are reusing the jail/vnet scripts from pf
tests
Author: kp
Date: Sun Dec 3 18:35:07 2017
New Revision: 326500
URL: https://svnweb.freebsd.org/changeset/base/326500
Log:
tests: ipsec: Don't load/unload aesni.ko in the test header
We can't kldunload in the test head as Kyua interprets any output from
them. This would lead to syntax erro
On 3 Dec 2017, at 19:20, Alan Somers wrote:
> On Sun, Dec 3, 2017 at 6:52 AM, Kristof Provost wrote:
>
>> Author: kp
>> Date: Sun Dec 3 13:52:35 2017
>> New Revision: 326497
>> URL: https://svnweb.freebsd.org/changeset/base/326497
>>
>> Log:
>> A
Author: kp
Date: Sun Dec 31 10:01:31 2017
New Revision: 327433
URL: https://svnweb.freebsd.org/changeset/base/327433
Log:
pf: Clean all fragments on shutdown
When pf is unloaded, or a vnet jail using pf is stopped we need to
ensure we clean up all fragments, not just the expired ones.
Mo
On 28 Dec 2017, at 5:33, Warner Losh wrote:
> Author: imp
> Date: Thu Dec 28 05:33:54 2017
> New Revision: 327270
> URL: https://svnweb.freebsd.org/changeset/base/327270
>
> Log:
> Free path before returnig.
>
> CID: 977827
>
Thanks!
Kristof
___
svn-
Author: kp
Date: Sun Dec 31 16:18:13 2017
New Revision: 327434
URL: https://svnweb.freebsd.org/changeset/base/327434
Log:
pf: Allow the module to be unloaded
pf can now be safely unloaded. Most of this code is exercised on vnet
jail shutdown.
Don't block unloading.
Modified:
head/
Author: kp
Date: Sun Jan 7 13:21:01 2018
New Revision: 327674
URL: https://svnweb.freebsd.org/changeset/base/327674
Log:
Introduce mallocarray() in the kernel
Similar to calloc() the mallocarray() function checks for integer
overflows before allocating memory.
It does not zero memory,
Author: kp
Date: Sun Jan 7 13:35:15 2018
New Revision: 327675
URL: https://svnweb.freebsd.org/changeset/base/327675
Log:
pf: Avoid integer overflow issues by using mallocarray() iso. malloc()
pfioctl() handles several ioctl that takes variable length input, these
include:
- DIOCRADDTAB
Author: kp
Date: Sun Jan 7 13:39:12 2018
New Revision: 327676
URL: https://svnweb.freebsd.org/changeset/base/327676
Log:
linuxkpi: Implement kcalloc() based on mallocarray()
This means we now get integer overflow protection, which Linux code
might expect as it is also provided by kcalloc
Author: kp
Date: Sun Jan 7 13:41:06 2018
New Revision: 327677
URL: https://svnweb.freebsd.org/changeset/base/327677
Log:
vchiq: Use mallocarray() to provide kcalloc()
This means we now also provide integer overflow protection, like the
Linux kcalloc().
Modified:
head/sys/contrib/vchiq
On 7 Jan 2018, at 15:44, Konstantin Belousov wrote:
On Sun, Jan 07, 2018 at 01:35:15PM +, Kristof Provost wrote:
Author: kp
Date: Sun Jan 7 13:35:15 2018
New Revision: 327675
URL: https://svnweb.freebsd.org/changeset/base/327675
Log:
pf: Avoid integer overflow issues by using
On 7 Jan 2018, at 18:55, Rodney W. Grimes wrote:
[ Charset UTF-8 unsupported, converting... ]
Author: kp
Date: Sun Jan 7 13:21:01 2018
New Revision: 327674
URL: https://svnweb.freebsd.org/changeset/base/327674
Log:
Introduce mallocarray() in the kernel
Similar to calloc() the mallocarr
On 7 Jan 2018, at 19:02, Rodney W. Grimes wrote:
[ Charset UTF-8 unsupported, converting... ]
Author: kp
Date: Sun Jan 7 13:39:12 2018
New Revision: 327676
URL: https://svnweb.freebsd.org/changeset/base/327676
Log:
linuxkpi: Implement kcalloc() based on mallocarray()
This means we now get
On 7 Jan 2018, at 19:37, Rodney W. Grimes wrote:
On 7 Jan 2018, at 19:02, Rodney W. Grimes wrote:
Author: kp
Date: Sun Jan 7 13:39:12 2018
New Revision: 327676
URL: https://svnweb.freebsd.org/changeset/base/327676
Log:
linuxkpi: Implement kcalloc() based on mallocarray()
This means we now
Author: kp
Date: Tue Jan 9 19:02:42 2018
New Revision: 327735
URL: https://svnweb.freebsd.org/changeset/base/327735
Log:
pf tests: Fix pft_ping.py to work with scapy 2.3.3
Scapy requires the Raw payload to be a string, which was not the case. This
caused the pft_ping.py script to fail, w
On 18 Jan 2018, at 0:37, Gleb Smirnoff wrote:
On Sun, Jan 07, 2018 at 04:44:23PM +0200, Konstantin Belousov wrote:
K> On Sun, Jan 07, 2018 at 01:35:15PM +0000, Kristof Provost wrote:
K> > Author: kp
K> > Date: Sun Jan 7 13:35:15 2018
K> > New Revision: 3
Author: kp
Date: Wed Jan 24 04:29:16 2018
New Revision: 328313
URL: https://svnweb.freebsd.org/changeset/base/328313
Log:
pf: States have at least two references
pf_unlink_state() releases a reference to the state without checking if
this is the last reference. It can't be, because pf_sta
On 25 Jan 2018, at 11:13, Gleb Smirnoff wrote:
On Wed, Jan 24, 2018 at 04:29:17AM +, Kristof Provost wrote:
K> Author: kp
K> Date: Wed Jan 24 04:29:16 2018
K> New Revision: 328313
K> URL: https://svnweb.freebsd.org/changeset/base/328313
K>
K> Log:
K> pf: States have at
On 25 Jan 2018, at 11:34, Ian Lepore wrote:
On Wed, 2018-01-24 at 16:13 -0800, Gleb Smirnoff wrote:
(r328313)
K> @@ -1613,6 +1613,7 @@ int
K> pf_unlink_state(struct pf_state *s, u_int flags)
K> {
K> struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)];
K> + int last;
K>
K> if ((flags & PF_E
On 25 Jan 2018, at 12:08, Kristof Provost wrote:
On 25 Jan 2018, at 11:34, Ian Lepore wrote:
On Wed, 2018-01-24 at 16:13 -0800, Gleb Smirnoff wrote:
(r328313)
K> @@ -1613,6 +1613,7 @@ int
K> pf_unlink_state(struct pf_state *s, u_int flags)
K> {
K> struct pf_idhash *ih =
Author: kp
Date: Fri Mar 23 16:56:44 2018
New Revision: 331436
URL: https://svnweb.freebsd.org/changeset/base/331436
Log:
netpfil: Introduce PFIL_FWD flag
Forwarded packets passed through PFIL_OUT, which made it difficult for
firewalls to figure out if they were forwarding or producing pa
Author: kp
Date: Mon Mar 26 09:36:22 2018
New Revision: 331546
URL: https://svnweb.freebsd.org/changeset/base/331546
Log:
pf: reload and resync do the same thing
The reload and resync commands for the startup script do exactly the same
thing, so implement one as a call to the other.
On 3 Apr 2018, at 0:04, Gleb Smirnoff wrote:
I just want to note that this is a huge change of behaviour
of pf(4) for a user. Over a decade everybody has been used
to the difference between "reload" and "resync".
There is no difference. r330105 removed the ‘$pf_program -Fnat -Fqueue
-Frules -F
On 3 Apr 2018, at 18:06, Gleb Smirnoff wrote:
On Tue, Apr 03, 2018 at 08:49:09AM +0200, Kristof Provost wrote:
K> On 3 Apr 2018, at 0:04, Gleb Smirnoff wrote:
K> > I just want to note that this is a huge change of behaviour
K> > of pf(4) for a user. Over a decade everybody has be
Author: kp
Date: Fri Apr 6 15:01:45 2018
New Revision: 332101
URL: https://svnweb.freebsd.org/changeset/base/332101
Log:
pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES
The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of
tables at a time, and as such t
(empty, because file is newly added)
+++ head/tests/sys/netpfil/pf/ioctl/validation.cFri Apr 6 15:03:48
2018(r332102)
@@ -0,0 +1,130 @@
+/*-
+ * Copyright (c) 2018 Kristof Provost
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are
Author: kp
Date: Fri Apr 6 15:54:30 2018
New Revision: 332107
URL: https://svnweb.freebsd.org/changeset/base/332107
Log:
pf: Improve ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS,
DIOCRCLRTSTATS and DIOCRSETTFLAGS
These ioctls can process a number of items at a time, which puts us a
Author: kp
Date: Fri Apr 6 15:57:20 2018
New Revision: 332108
URL: https://svnweb.freebsd.org/changeset/base/332108
Log:
pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS,
DIOCRCLRTSTATS and DIOCRSETTFLAGS
Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and
Author: kp
Date: Fri Apr 6 19:20:45 2018
New Revision: 332136
URL: https://svnweb.freebsd.org/changeset/base/332136
Log:
pf: Improve ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT
These ioctls can process a number of items at a time, which puts us at
risk of overflow in mallocarray(
Author: kp
Date: Fri Apr 6 19:21:29 2018
New Revision: 332137
URL: https://svnweb.freebsd.org/changeset/base/332137
Log:
pf tests: Basic ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT
Validate the DIOCIGETIFACES and DIOCXCOMMIT ioctls with invalid values.
MFC after:1 week
Mo
Author: kp
Date: Fri Apr 6 19:22:22 2018
New Revision: 332139
URL: https://svnweb.freebsd.org/changeset/base/332139
Log:
pf tests: Try to provoke a memory leak
There was a memory leak in the DIOCRADDTABLES ioctl() code which could
be triggered by trying to add tables with the same name.
Author: kp
Date: Fri Apr 6 19:37:15 2018
New Revision: 332143
URL: https://svnweb.freebsd.org/changeset/base/332143
Log:
pf tests: Basic ioctl validation
Basic validation tests for DIOCRADDADDRS, DIOCRDELADDRS, DIOCRSETADDRS,
DIOCRGETADDRS, DIOCRGETASTATS, DIOCRCLRASTATS, DIOCRTSTADDRS,
Author: kp
Date: Fri Apr 6 19:36:35 2018
New Revision: 332142
URL: https://svnweb.freebsd.org/changeset/base/332142
Log:
pf: Improve ioctl validation
Ensure that multiplications for memory allocations cannot overflow, and
that we'll not try to allocate M_WAITOK for potentially overly lar
Author: kp
Date: Tue Apr 10 12:45:34 2018
New Revision: 332358
URL: https://svnweb.freebsd.org/changeset/base/332358
Log:
pf tests: Do not build or install if pf is not enabled
Do not build or install pf tests if WITHOUT_PF is set. This fixes the build
failure with WITHOUT_PF=yes.
Re
Author: kp
Date: Wed Apr 11 11:43:12 2018
New Revision: 332404
URL: https://svnweb.freebsd.org/changeset/base/332404
Log:
pf: limit ioctl to a reasonable and tuneable number of elements
pf ioctls frequently take a variable number of elements as argument. This can
potentially allow users t
Author: kp
Date: Sat Apr 28 13:16:58 2018
New Revision: 333084
URL: https://svnweb.freebsd.org/changeset/base/333084
Log:
pfctl: Don't break connections on skipped interfaces on reload
On reload we used to first flush everything, including the list of skipped
interfaces. This can lead to
On 28 Apr 2018, at 15:16, Kristof Provost wrote:
Author: kp
Date: Sat Apr 28 13:16:58 2018
New Revision: 333084
URL: https://svnweb.freebsd.org/changeset/base/333084
Log:
pfctl: Don't break connections on skipped interfaces on reload
On reload we used to first flush everything, incl
Author: kp
Date: Mon Jul 3 20:36:58 2017
New Revision: 320618
URL: https://svnweb.freebsd.org/changeset/base/320618
Log:
Allow rtadvd and bsnmpd to run in vnet jails
Both of these tools are usable in vnet jails, so allow them to run there.
PR: 220431, 220432
Submitted by:
Author: kp
Date: Wed Jul 5 20:00:58 2017
New Revision: 320696
URL: https://svnweb.freebsd.org/changeset/base/320696
Log:
Allow ipsec to run in vnet jails
ipsec is usable in vnet jails, so allow it to run there.
PR: 211364
Submitted by: Matthias Meyser
Modified:
head/et
Author: kp
Date: Sat Jul 8 09:28:31 2017
New Revision: 320802
URL: https://svnweb.freebsd.org/changeset/base/320802
Log:
Allow more services to run in vnet jails
After some tests, here are the services that run into a vnet jail:
- defaultroute
- dhclient
- ip6addrctl
- natd
Author: kp
Date: Sun Jul 9 17:56:39 2017
New Revision: 320848
URL: https://svnweb.freebsd.org/changeset/base/320848
Log:
pf: Fix vnet purging
pf_purge_thread() breaks up the work of iterating all states (in
pf_purge_expired_states()) and tracks progress in the idx variable.
If multi
Author: kp
Date: Sat Jul 15 19:22:01 2017
New Revision: 321030
URL: https://svnweb.freebsd.org/changeset/base/321030
Log:
pfctl parser tests
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correc
Author: kp
Date: Thu Nov 10 18:41:43 2016
New Revision: 308486
URL: https://svnweb.freebsd.org/changeset/base/308486
Log:
pfctl: fix nested inline anchors
Import the OpenBSD fix for nested inline anchors.
PR: 196314
Submitted by: kri...@cflinux.hu
Obtained from:Op
Author: kp
Date: Mon Dec 5 21:52:10 2016
New Revision: 309563
URL: https://svnweb.freebsd.org/changeset/base/309563
Log:
pflog: Correctly initialise subrulenr
subrulenr is considered unset if it's set to -1, not if it's set to 1.
See contrib/tcpdump/print-pflog.c pflog_print() for a user
Author: kp
Date: Fri Oct 11 17:04:38 2019
New Revision: 353443
URL: https://svnweb.freebsd.org/changeset/base/353443
Log:
mountroot: run statfs after mounting devfs
The usual flow for mounting a file system is to VFS_MOUNT() and then
immediately VFS_STATFS().
That's not done in vfs_m
On 7 Oct 2019, at 15:40, Gleb Smirnoff wrote:
Author: glebius
Date: Mon Oct 7 22:40:05 2019
New Revision: 353292
URL: https://svnweb.freebsd.org/changeset/base/353292
Log:
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existi
On 11 Oct 2019, at 16:29, Kristof Provost wrote:
On 7 Oct 2019, at 15:40, Gleb Smirnoff wrote:
Author: glebius
Date: Mon Oct 7 22:40:05 2019
New Revision: 353292
URL: https://svnweb.freebsd.org/changeset/base/353292
Log:
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network
On 13 Oct 2019, at 8:15, Gleb Smirnoff wrote:
Author: glebius
Date: Sun Oct 13 15:15:09 2019
New Revision: 353467
URL: https://svnweb.freebsd.org/changeset/base/353467
Log:
vlan_config() isn't always called in epoch context.
Reported by: kp
Modified:
head/sys/net/if_vlan.c
Thanks.
I
Author: kp
Date: Tue Oct 15 04:50:08 2019
New Revision: 353542
URL: https://svnweb.freebsd.org/changeset/base/353542
Log:
tests: basic VLAN test
Set up two jails connected by an epair. Create VLAN interfaces in both
jails and check connectivity.
This is a very basic test, but exposed
Author: kp
Date: Tue Oct 15 23:21:52 2019
New Revision: 353600
URL: https://svnweb.freebsd.org/changeset/base/353600
Log:
Generalize ARM specific comments in devmap
The comments in devmap are very ARM specific, this generalizes them for other
architectures.
Submitted by: Nicholas O'B
Author: kp
Date: Fri Oct 18 03:36:26 2019
New Revision: 353715
URL: https://svnweb.freebsd.org/changeset/base/353715
Log:
pf: Must be in NET_EPOCH to call icmp_error
icmp_reflect(), called through icmp_error() requires us to be in NET_EPOCH.
Failure to hold it leads to the following panic
On 2019-10-26 21:19:55 (+), Bjoern A. Zeeb wrote:
> Author: bz
> Date: Sat Oct 26 21:19:55 2019
> New Revision: 354121
> URL: https://svnweb.freebsd.org/changeset/base/354121
>
> Log:
> Upgrade (scapy) py2 tests to work on py3.
>
> In order to move python2 out of the test framework to
ests/sys/netpfil/common/pft_ping.py Tue Oct 29 09:47:12 2019
(r354145)
@@ -1,4 +1,30 @@
#!/usr/bin/env python
+#
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2017 Kristof Provost
+#
+# Redistribution and use in source and binary forms, with or without
+# modification,
Thank you!
Kristof
> On 8 Nov 2019, at 19:56, Li-Wen Hsu wrote:
>
> Author: lwhsu
> Date: Fri Nov 8 18:56:02 2019
> New Revision: 354553
> URL: https://svnweb.freebsd.org/changeset/base/354553
>
> Log:
> Reenable netinet6 and netpfil tests on i386, net/scapy 2.4.3_2 contains the
> fix
>
>
Author: kp
Date: Sun Nov 24 13:53:36 2019
New Revision: 355054
URL: https://svnweb.freebsd.org/changeset/base/355054
Log:
pf: Add endline to all DPFPRINTF()
DPFPRINTF() doesn't automatically add an endline, so be consistent and
always add it.
Modified:
head/sys/netpfil/pf/pf.c
head/s
Author: kp
Date: Mon Aug 19 10:48:27 2019
New Revision: 351212
URL: https://svnweb.freebsd.org/changeset/base/351212
Log:
netpfil tests: Move pft_ping.py and sniffer.py to the common test directory
The pft_ping.py and sniffer.py tool is moved from tests/sys/netpfil/pf to
tests/sys/netpfil
Author: kp
Date: Tue Aug 20 14:31:22 2019
New Revision: 351248
URL: https://svnweb.freebsd.org/changeset/base/351248
Log:
netpfil tests: Add the set ToS test for ipfw and pf
This test tests the following:
- The firewall is able to set the tos bits
- The firewall is able to set the
Author: kp
Date: Tue Aug 20 14:46:12 2019
New Revision: 351249
URL: https://svnweb.freebsd.org/changeset/base/351249
Log:
netpfil tests: Add too many fragments test for pf, ipfw and ipf
Add test for checking that the packets are dropped if it is fragmented into
more than the defined value
Author: kp
Date: Fri Aug 23 12:11:46 2019
New Revision: 351421
URL: https://svnweb.freebsd.org/changeset/base/351421
Log:
netpfil tests: Add forward test for the three firewalls
Submitted by: Ahsan Barkati
Reviewed by: kp
Sponsored by: Google, Inc. (GSoC 2019)
Differential Revision:
On 22 Aug 2019, at 14:08, Li-Wen Hsu wrote:
Author: lwhsu
Date: Thu Aug 22 12:08:35 2019
New Revision: 351391
URL: https://svnweb.freebsd.org/changeset/base/351391
Log:
Fix path issues after r351212
This fixes sys.netpfil.pf.forward.v4 and
sys.netpfil.pf.icmp.cve_2019_5598
failures in C
Author: kp
Date: Wed Apr 17 16:42:54 2019
New Revision: 346319
URL: https://svnweb.freebsd.org/changeset/base/346319
Log:
pf: Fix panic on invalid DIOCRSETTFLAGS
If during DIOCRSETTFLAGS pfrio_buffer is NULL copyin() will fault, which we're
not allowed to do with a lock held.
We must co
Author: kp
Date: Wed Apr 17 16:45:35 2019
New Revision: 346320
URL: https://svnweb.freebsd.org/changeset/base/346320
Log:
pf tests: Try to provoke the panic with invalid DIOCRSETTFLAGS
There was an issue with copyin() on DIOCRSETTFLAGS, which would panic if
pfrio_buffer was NULL.
Test f
On 17 Apr 2019, at 22:17, Gleb Smirnoff wrote:
Kristof,
On Wed, Apr 17, 2019 at 04:42:54PM +, Kristof Provost wrote:
K> Modified: head/sys/netpfil/pf/pf_ioctl.c
K>
==
K> --- head/sys/netpfil/pf/pf_ioctl.
Author: kp
Date: Thu Apr 18 11:37:44 2019
New Revision: 346349
URL: https://svnweb.freebsd.org/changeset/base/346349
Log:
pf: No need to M_NOWAIT in DIOCRSETTFLAGS
Now that we don't hold a lock during DIOCRSETTFLAGS memory allocation we can
use M_WAITOK.
MFC after:1 week
Event:
Author: kp
Date: Thu Apr 18 10:54:08 2019
New Revision: 346347
URL: https://svnweb.freebsd.org/changeset/base/346347
Log:
pf tests: Fail the test if we can't set the rules
The test should fail if pf rules can't be set. This is helpful both
while writing tests and to verify that pfctl work
Author: kp
Date: Fri Apr 19 10:52:54 2019
New Revision: 346370
URL: https://svnweb.freebsd.org/changeset/base/346370
Log:
pfctl: Fix ifgroup check
We cannot just assume that any name which ends with a letter is a group
That's not been true since we allowed renaming of network interfaces.
On 22 Apr 2019, at 12:25, Enji Cooper wrote:
Either the sys/netinet/ or sys/netipsec/ tests triggered the panic.
Not sure which right now.
That looks to be happening during a vnet jail teardown, so it’s likely
the sys/netipsec or sys/netpfil/pf tests.
I’ve done a quick test with the pf tests
Author: kp
Date: Thu Sep 5 18:54:46 2019
New Revision: 351884
URL: https://svnweb.freebsd.org/changeset/base/351884
Log:
Set required program for all acl tests
r339782 re-enabled acl test 00 and 02, which were disabled in r336617
due to PR 229930.
When the tests were disabled the code
Author: kp
Date: Mon Sep 9 15:57:24 2019
New Revision: 352071
URL: https://svnweb.freebsd.org/changeset/base/352071
Log:
riscv: Ensure that BSS is 8-byte aligned
This makes clearing it (from locore.S) work without misaligned accesses
(which can trap to machine mode, and be slow).
Re
Author: kp
Date: Mon Sep 9 16:25:09 2019
New Revision: 352073
URL: https://svnweb.freebsd.org/changeset/base/352073
Log:
csu: Add the riscv .init call sequence
Reviewed by: br
Sponsored by: Axiado
Differential Revision:https://reviews.freebsd.org/D21537
Modified:
head/lib/c
Author: kp
Date: Wed Sep 11 16:16:53 2019
New Revision: 352218
URL: https://svnweb.freebsd.org/changeset/base/352218
Log:
riscv: Small fix to CPU compatibility identification
fdt_is_compatible_strict() inspects the first compatible property.
We need to inspect the following properties for
Author: kp
Date: Wed Sep 11 18:07:15 2019
New Revision: 352225
URL: https://svnweb.freebsd.org/changeset/base/352225
Log:
riscv: Add missing header
r352218 missing an include statement, causing the build to fail.
Submitted by: Nicholas O'Brien (nickisobrien_gmail.com)
Sponsored by: A
Author: kp
Date: Fri Jun 21 07:58:08 2019
New Revision: 349266
URL: https://svnweb.freebsd.org/changeset/base/349266
Log:
ip_output: pass PFIL_FWD in the slow path
If we take the slow path for forwarding we should still tell our
firewalls (hooked through pfil(9)) that we're forwarding. Pa
Author: kp
Date: Wed Jul 17 21:25:26 2019
New Revision: 350095
URL: https://svnweb.freebsd.org/changeset/base/350095
Log:
riscv: Return vm_paddr_t in pmap_early_vtophys()
We can't use a u_int to compute the physical address in
pmap_early_vtophys(). Our int is 32-bit, but the physical addr
Author: kp
Date: Fri Jul 26 19:16:02 2019
New Revision: 350364
URL: https://svnweb.freebsd.org/changeset/base/350364
Log:
virtio: Fix running on machines with memory above 0x
We want to allocate a contiguous memory block anywhere in memory, but
expressed this as having to be betwe
Author: kp
Date: Mon Jul 29 13:21:31 2019
New Revision: 350414
URL: https://svnweb.freebsd.org/changeset/base/350414
Log:
pf: Remove partial RFC2675 support
Remove our (very partial) support for RFC2675 Jumbograms. They're not
used, not actually supported and not a good idea.
Reviewe
Author: kp
Date: Mon Jul 29 14:59:14 2019
New Revision: 350416
URL: https://svnweb.freebsd.org/changeset/base/350416
Log:
riscv: Fix copyin/copyout
r343275 introduced a performance optimisation to the copyin/copyout
routines by attempting to copy word-per-word rather than byte-per-byte
Author: kp
Date: Wed Jul 1 19:11:02 2020
New Revision: 362851
URL: https://svnweb.freebsd.org/changeset/base/362851
Log:
riscv: Log missing registers in dump_regs()
If we panic we dump the registers for debugging. This is very useful, but it
missed several registers (ra, sp, gp and tp).
Author: kp
Date: Wed Jul 1 19:12:47 2020
New Revision: 362852
URL: https://svnweb.freebsd.org/changeset/base/362852
Log:
riscv locore.S: load constant prior to loop
A very minor micro-optimization; t0 is not clobbered between the loop top and
bottom and there appear to be no other branch
Author: kp
Date: Wed Jul 1 19:15:43 2020
New Revision: 362853
URL: https://svnweb.freebsd.org/changeset/base/362853
Log:
riscv pmap: zero reserved pte bits in ppn
The top 10 bits of a pte are reserved by specification[1] and are not part of
the PPN.
[1] 'Volume II: RISC-V Privileged
Author: kp
Date: Mon Jul 6 21:29:50 2020
New Revision: 362977
URL: https://svnweb.freebsd.org/changeset/base/362977
Log:
riscv plic: Do not complete interrupts until the interrupt handler has run
We cannot complete the interrupt (i.e. write to the claims/complete register
until the inter
Author: kp
Date: Sat Jul 18 12:43:11 2020
New Revision: 363308
URL: https://svnweb.freebsd.org/changeset/base/363308
Log:
bridge: Don't sleep during epoch
While it doesn't trigger INVARIANTS or WITNESS on head it does in stable/12.
There's also no reason for it, as we can easily report th
On 18 Jul 2020, at 20:47, Konstantin Belousov wrote:
On Sat, Jul 18, 2020 at 12:43:11PM +, Kristof Provost wrote:
Author: kp
Date: Sat Jul 18 12:43:11 2020
New Revision: 363308
URL: https://svnweb.freebsd.org/changeset/base/363308
Log:
bridge: Don't sleep during epoch
Whi
=
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libc/riscv/gen/fpgetmask.c Mon Aug 3 12:48:51 2020
(r363796)
@@ -0,0 +1,41 @@
+/*-
+ * Copyright (c) 2020 Axiado
+ * All rights reserved.
+ *
+ * This software was developed by Kristof Provost under
+ * s
Author: kp
Date: Tue Oct 13 11:04:00 2020
New Revision: 37
URL: https://svnweb.freebsd.org/changeset/base/37
Log:
pf: do not remove kifs that are referenced by rules
Even if a kif doesn't have an ifp or if_group pointer we still can't delete it
if it's referenced by a rule. In oth
Author: kp
Date: Tue Oct 27 12:44:49 2020
New Revision: 367078
URL: https://svnweb.freebsd.org/changeset/base/367078
Log:
riscv: Minor cleanup in startup code
- remove setting of register value which is not used until the next value is
set
- Use the L2_SHIFT constant when setting u
On 4 Nov 2020, at 11:45, Gordon Bergling wrote:
Shouldn't such a commit be approved by someone?
The committer’s guide seems clear that doc committers may fix
comments:
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/committer.types.html
doc committers may commit documen
Author: kp
Date: Fri Nov 20 10:08:33 2020
New Revision: 367867
URL: https://svnweb.freebsd.org/changeset/base/367867
Log:
pf: Fix incorrect assertion
We never set PFRULE_RULESRCTRACK when calling pf_insert_src_node(). We do set
PFRULE_SRCTRACK, so update the assertion to match.
MFC a
@@
+# $FreeBSD$
+#
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2020 Kristof Provost
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code
1 - 100 of 435 matches
Mail list logo
