Eric Faurot writes:
> The api user should not have to care about normalizing the io input
> buffer (i.e. resetting the read/write pos in the buffer).
> Do it internally when reloading the io event.
>
> Eric.
Ok sunil@
>
> Index: bounce.c
> ===
at the moment pages can be freed on a pool_put call and from the gc.
it is a bit unfair that pool_get may end up doing the heavy lifting
of allocating a pool page and pool_put wont have to do an equivalent
free, but we should try and minimise the amount of work done in
these hot paths.
ok?
Index
right now pools that make up mbufs are each limited individually.
the following diff instead has the mbuf layer have a global limit
on the amount of memory that can be allocated to the pools. this
is enforced by wrapping the multi page pool allocator with something
that checks the mbuf memory limi
Hi tech@,
Here's an indentation fix for libcrypto (the while in the context is actually
a do/while) and a spelling fix for a comment in pf.
Index: lib/libcrypto/bn/bn_sqrt.c
===
RCS file: /cvs/src/lib/libcrypto/bn/bn_sqrt.c,v
retrie
On Mon, Nov 21, 2016 at 05:34:35PM -0500, sven falempin wrote:
> Ansible is already managing pkg and service of openBSD , cool
>
> If one want to manage pf with it, and push or modify a few files,
> on must run - command: /sbin/pfctl -f {{ dank.config }}
>
> Yet - service could be use, if this gl
Ansible is already managing pkg and service of openBSD , cool
If one want to manage pf with it, and push or modify a few files,
on must run - command: /sbin/pfctl -f {{ dank.config }}
Yet - service could be use, if this glue was in the rc.d directory :
# cat /etc/rc.d/pf
#!/bin/sh
#
daemon="/sb
Thu, 17 Nov 2016 17:00:52 +0200 li...@wrant.com
> Thu, 17 Nov 2016 09:20:56 -0500 Okan Demirmen
> > On Thu 2016.11.17 at 03:30 +0200, li...@wrant.com wrote:
> > > Fri, 11 Nov 2016 20:47:49 +0200 li...@wrant.com
> > > > Fri, 11 Nov 2016 10:42:42 -0500 Okan Demirmen
> > > > > Hi,
> > > >
On 21 November 2016 at 22:38, Alexandr Nedvedicky
wrote:
> I don't have my test bed ready to play with NAT-64 + PBR. The only think
> I've
> tried is the parser and it seems to me NAT-64 + PBR is problematic:
>
> echo 'pass in on net1 inet af-to inet6 from 2001:db8::1 to
> 2001:d
On Mon, Nov 21, 2016 at 07:11:23PM +0100, Mike Belopuhov wrote:
> On Mon, Nov 14, 2016 at 16:38 +0100, Alexander Bluhm wrote:
> > Hi,
> >
> > The !r->rt case is only used by af-to. pf_route6() calls ip6_output()
> > to do the work while pf_route() has some custom implementation for
> > that. It
On Mon, Nov 21, 2016 at 08:46:32PM +0100, Eric Faurot wrote:
> The api user should not have to care about normalizing the io input
> buffer (i.e. resetting the read/write pos in the buffer).
> Do it internally when reloading the io event.
>
yes please, ok gilles@
> Index: bounce.c
> ===
The api user should not have to care about normalizing the io input
buffer (i.e. resetting the read/write pos in the buffer).
Do it internally when reloading the io event.
Eric.
Index: bounce.c
===
RCS file: /cvs/src/usr.sbin/smtpd/b
On Mon, Nov 21, 2016 at 11:35:07AM +0100, Martin Pieuchot wrote:
> These are more entry points that I'd like to always call at IPL_SOFTNET.
>
> With that we can get rid of most of the splsoftnet() dances in our tree.
>
> ok?
NFS hits you again. nfs_boot_init() calls ifioctl(). Perhaps put
the
On Mon, Nov 21, 2016 at 18:16 +0100, Alexander Bluhm wrote:
> Hi,
>
> Path MTU discovery and traceroute does not always work with pf
> af-to. If an incoming packet is directly put into the output path,
> sending the icmp error packet is never done. As this is basically
> forwarding, calling ip_f
On Mon, Nov 14, 2016 at 16:38 +0100, Alexander Bluhm wrote:
> Hi,
>
> The !r->rt case is only used by af-to. pf_route6() calls ip6_output()
> to do the work while pf_route() has some custom implementation for
> that. It is simpler to call ip_output() or ip6_output() from
> pf_test() directly.
>
Hi,
Path MTU discovery and traceroute does not always work with pf
af-to. If an incoming packet is directly put into the output path,
sending the icmp error packet is never done. As this is basically
forwarding, calling ip_forward() for such packets does everything
that is needed.
ok?
bluhm
I
Dear tech,
I guessed it better to add the message "permit persist" to checkconfig().
For example,
$ cat doas.conf.test
permit nopass puffy as root cmd pkg_add
permit persist puffy as root cmd adduser
permit puffy as root cmd mg
$ doas -C doas.conf.test pkg_add
permit nopass
$ doas -C doas.conf.t
On Mon, Nov 21, 2016 at 10:58:43AM +0100, Alexander Bluhm wrote:
> On Fri, Nov 18, 2016 at 11:33:33PM +0100, Alexandr Nedvedicky wrote:
> > how about using 'goto free_ipv6_frag' ? It better explains, what's
> > going to happen.
>
> makes sense
thanks a lot, I'm O.K. with it.
regards
sash
On Mon, Nov 21, 2016 at 04:03:51PM +0100, Martin Pieuchot wrote:
> On 21/11/16(Mon) 15:17, Alexander Bluhm wrote:
> > [...]
> > There are a bunch of calls to sosetopt() in bfd and nfs that are
> > not protected by splsoftnet().
>
> Indeed. Then I believe putting the splsoftnet() inside sosetopt(
On 21/11/16(Mon) 15:17, Alexander Bluhm wrote:
> [...]
> There are a bunch of calls to sosetopt() in bfd and nfs that are
> not protected by splsoftnet().
Indeed. Then I believe putting the splsoftnet() inside sosetopt() is
a better solution.
Index: kern/uipc_socket.c
==
On Mon, Nov 21, 2016 at 12:29:04PM +0100, Martin Pieuchot wrote:
> @@ -1034,8 +1036,11 @@ sys_getsockopt(struct proc *p, void *v,
> goto out;
> } else
> valsize = 0;
> - if ((error = sogetopt(fp->f_data, SCARG(uap, level),
> - SCARG(uap, name),
Previously reported by bluhm@, the code paths in so{s,g}etopt() also
need to be executed at IPL_SOFTNET in order to get rid of the recursive
splsoftnet/splx dances in other places.
ok?
Index: kern/uipc_syscalls.c
===
RCS file: /cvs/s
These are more entry points that I'd like to always call at IPL_SOFTNET.
With that we can get rid of most of the splsoftnet() dances in our tree.
ok?
Index: kern/sys_socket.c
===
RCS file: /cvs/src/sys/kern/sys_socket.c,v
retrieving
On Sat, Nov 19, 2016 at 09:07:11PM +1300, Richard Procter wrote:
> Note, pf_route() calls pf_test() only if (pd->kif->pfik_ifp != ifp).
> (I read this as 'pf changed the packet's interface'.)
This check was added in the commit:
revision 1.218
date: 2002/06/07 21:46:0
On Fri, Nov 18, 2016 at 11:33:33PM +0100, Alexandr Nedvedicky wrote:
> how about using 'goto free_ipv6_frag' ? It better explains, what's
> going to happen.
makes sense
bluhm
Index: net/pf_norm.c
===
RCS file: /data/mirror/o
On Mon, Nov 21, 2016 at 10:35:58AM +0100, Martin Pieuchot wrote:
> This stub exists since the original import, time to kill it?
ok jsg@
There was a #ifndef COMPAT_43 here added in '88 and removed in '93
for back when there was no routing socket.
ifndef removed in
commit ff756c89e159c005b14cedd2
This stub exists since the original import, time to kill it?
Index: net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.338
diff -u -p -r1.338 route.c
--- net/route.c 15 Nov 2016 10:09:28 - 1.338
+++ ne
On 18/11/16(Fri) 17:26, David Gwynne wrote:
> On Fri, Nov 18, 2016 at 03:30:48PM +1000, David Gwynne wrote:
> > i didnt even know these existed.
> >
> > turns out you can see them with netstat -sr
> [...]
> @@ -191,6 +191,8 @@ TAILQ_HEAD(rt_labels, rt_label) rt_label
> void
> route_init(void)
27 matches
Mail list logo
