gre(4) update

this is a big change to gre, with the main motivation of adding support for gre keys. gre keys are supported by the vnetid ioctls, and works much like vxlan (funny that). by default gre doesnt use a key, but you can set one and change you mind and remove it later. the current code simply skips

randomly put pool items on the head or tail of free lists

this is a quick and simple change to add some randomness to pool item allocation patterns. it basically pregenerates 64 * 8 coin flips to see which end of the free list items and pool cache pages should go on. can someone check if there's a performance impact? i dont want to prematurely

handle updates via Adj-RIB-Out

This diff changes the way bgpd does updates. Instead of having its own special update queue/tree it uses a regular RIB (Adj-RIB-Out) to store all updates to be sent. Stuff that has been sent is linked to the prefixes queue. On the peer there are also queues for updates and withdraws. The whole

Re: shorten pppoe output in tcpdump

On 2018/02/07 06:08, David Gwynne wrote: > On Tue, Feb 06, 2018 at 05:19:57PM +1000, David Gwynne wrote: > > if you're tcpdumping on a pppoe(4)s parent, you'll see stuff like this: > > > > 23:43:26.780560 PPPoE-Discovery > > code Initiation, version 1, type 1, id 0x, length 12 > >

Re: Export IPsec flows via snmpd(8)

>> Am 02.01.2018 um 15:23 schrieb Martin Pieuchot : >> >>> On 19/12/17(Tue) 18:06, Marco Pfatschbacher wrote: >>> On Tue, Dec 19, 2017 at 12:43:48PM +0100, Martin Pieuchot wrote: >>> I'd like to see some information about my tunnels in my NMS. >> >> Nice. I would find that

Re: amd64: much earlier Intel microcode loading

On 2018-02-04, Patrick Wildt wrote: >> this diff allows us to load the Intel microcode much earlier. I'm trying to understand the twisty logic here. There are three cases: (1) old rev < update rev => update gets applied (2) old rev == update rev =>

Re: tcp timeout milliseconds

OK dhill@ On Tue, Feb 06, 2018 at 05:10:17PM +0100, Alexander Bluhm wrote: > Hi, > > Historically TCP timeouts were implemented with pr_slowtimo and > pr_fasttimo. That is the reason why we have two timeout mechanisms > with complicated ticks calculation. > > I would like to move to

Re: tcp timeout milliseconds

OK florian@ On Tue, Feb 06, 2018 at 05:10:17PM +0100, Alexander Bluhm wrote: > Hi, > > Historically TCP timeouts were implemented with pr_slowtimo and > pr_fasttimo. That is the reason why we have two timeout mechanisms > with complicated ticks calculation. > > I would like to move to

Re: shorten pppoe output in tcpdump

On Tue, Feb 06, 2018 at 05:19:57PM +1000, David Gwynne wrote: > if you're tcpdumping on a pppoe(4)s parent, you'll see stuff like this: > > 23:43:26.780560 PPPoE-Discovery > code Initiation, version 1, type 1, id 0x, length 12 > tag Service-Name, length 0 > tag

Re: daily(8): don't fail silently if backup disk is unavailable

Hi Theo, Theo Buehler wrote on Mon, Feb 05, 2018 at 12:13:31PM +1300: > After a power failure, my apu2 booted, but its sdmmc controller didn't > attach properly. A few days later I was wondering why I didn't get the > usual dump output from the backup of the root filesystem in my daily > mails.

leave(1): schedule absolute alarm for start of minute

Hi, When I schedule an alarm for an absolute time with minute granularity, I expect the alarm to go off at the beginning of that minute. So, this: leave 1430 should go off at 14:30:00. The two-second sleep in the child of doalarm() confounds this, but I have a subsequent diff that

Re: Export IPsec flows via snmpd(8)

On 19/12/17(Tue) 12:43, Martin Pieuchot wrote: > I'd like to see some information about my tunnels in my NMS. The > problem is that there's not standard MIB for this and most vendor > MIBs are huge and are not easy to implement. > > So here's a diff that export the equivalent of "$ ipsecctl -s

tcp timeout milliseconds

Hi, Historically TCP timeouts were implemented with pr_slowtimo and pr_fasttimo. That is the reason why we have two timeout mechanisms with complicated ticks calculation. I would like to move to milliseconds and merge them eventually. This makes it easier to see the actual values. Let's get

Re: carp_ourether() tweak

On Tue, Feb 06, 2018 at 01:05:44PM +0100, Martin Pieuchot wrote: > > You're right. The current logic is broken since the last refactoring. > > It should read "if it's not my MAC nor the one of my carp(4) children". > > Diff below corrects that in a way that should prevent future refactoring > >

Re: ipsec ah_massage_headers cleanup

On Tue, Feb 06, 2018 at 11:04:51AM +1300, Richard Procter wrote: > > @@ -657,12 +667,13 @@ ah_input(struct mbuf *m, struct tdb *tdb > > m_copyback(m, skip + rplen, ahx->authsize, ipseczeroes, M_NOWAIT); > > > > /* "Massage" the packet headers for crypto processing. */ > > - if ((btsx =

Re: carp_ourether() tweak

On 25/01/18(Thu) 15:29, Martin Pieuchot wrote: > On 24/01/18(Wed) 09:30, Alexander Bluhm wrote: > > On Mon, Jan 22, 2018 at 11:58:30AM +0100, Martin Pieuchot wrote: > > > Check if `if_carp' is empty inside carp_ourether() instead of outside. > > > > > > ok? > > > > Maybe I am confused by the !

Re: ftp: don't close fin or s twice

Stuart Henderson wrote: > Regarding ftp(1), it would be nice to get more eyes on sunil@'s rewrite, > apart from anything else it fixes problems with some servers (like > ftp.tug.org) > that don't work with the existing code.. Hi, For folks on tech@, the latest code is at

Re: ftp: don't close fin or s twice

Regarding ftp(1), it would be nice to get more eyes on sunil@'s rewrite, apart from anything else it fixes problems with some servers (like ftp.tug.org) that don't work with the existing code..