Flowspec RFC 8955 and 8956 allows to propegate traffic filtering rules
to other routers. The main use case is to drop DDoS traffic further
upstream and by that reducing the impact of such denial of service
attacks.
This diff only adds the needed plumbing to announce the MP capability for
On Mon, Apr 03, 2023 at 10:41:15AM +0200, Claudio Jeker wrote:
> Flowspec RFC 8955 and 8956 allows to propegate traffic filtering rules
> to other routers. The main use case is to drop DDoS traffic further
> upstream and by that reducing the impact of such denial of service
> attacks.
>
> This
> I'm fine with removing this. Just wonder if this was ever implemented
> for one of the architectures that we no longer support and whether
> there was any effect on performance.
Nope, never implemented anywhere. If you want to see a pmap_copy()
implementation, look at FreeBSD.
Hi,
In ARP we have a queue of packets that should be sent after name
resolution. In ND6 we only hold a single packet. I would like to
unify the logic. As a bonus we limit the mbufs and get MP safe
mbuf queue.
The new function if_mqoutput() has common code for ARP and ND6.
ln_saddr6 holds the
> Date: Sun, 2 Apr 2023 19:29:02 +
> From: Miod Vallat
>
> pmap_copy() is an optional pmap interface which has never been
> implemented. In pure Mary Kondo style, we should thank it for the joy it
> brought to CSRG people, and move it to the recycling bin - it's not
> going to be implemented
On Sat, Apr 01, 2023 at 09:08:49PM +0200, Otto Moerbeek wrote:
> Hi,
>
> by default an allocation isn't fully written with junk bytes, only at
> certain spots. This introduces variations in the spot, so we have a
> bigger chance of catching write-after-frees in specific spots.
>
> After a remark
On Mon, Apr 03, 2023 at 02:12:45PM +0200, Alexander Bluhm wrote:
> Hi,
>
> The arp mbuf queue la_mq has its own mutex, la_hold_total uses
> atomic operations. So they don't need the global arp mutex.
>
> Pull them out of arp_mtx blocks to make clear what the scope of
> arp_mtx protection is.
>
Hi,
The arp mbuf queue la_mq has its own mutex, la_hold_total uses
atomic operations. So they don't need the global arp mutex.
Pull them out of arp_mtx blocks to make clear what the scope of
arp_mtx protection is.
ok?
bluhm
Index: netinet/if_ether.c
For Raspberry Pis the installer puts various file onto the ESP, assuming
root disk and boot disk are the same.
With root on softraid(4) that's not true; loop over possible chunks if any
or the single disk as before, just like installboot(8) works.
This means no behaviour change for plain
On Mon, Apr 03, 2023 at 05:45:43PM +0300, Vitaliy Makkoveev wrote:
> On Mon, Apr 03, 2023 at 02:12:45PM +0200, Alexander Bluhm wrote:
> > Hi,
> >
> > The arp mbuf queue la_mq has its own mutex, la_hold_total uses
> > atomic operations. So they don't need the global arp mutex.
> >
> > Pull them
03.04.2023 15:03, Klemens Nanni пишет:
> This means no behaviour change for plain installs, but working boot for
> softraid installs.
>
> 'cvs diff -b -U0':
>
> @@ -39 +39 @@ md_installboot() {
> - local _disk=$1 _mdec _plat
> + local _disk=$1 _chunks _bootdisk
Hi,
When sending IP packets to userland with divert-packet rules, the
checksum may be wrong. Locally generated packets diverted by pf
out rules may have no checksum due to to hardware offloading.
IDS/IPS systems may complain about that.
Calculate the checksum in that case.
ok?
bluhm
Index:
i did this when i was trying to figure out why TX wasn't working on the
nanopi r5s before figuring out that problem was because we didn't have
rkiovd.
at the very least it should future proof dwqe against more phy setups,
and provides a decent example of how to interpret those fdt properties.
13 matches
Mail list logo
