On Tue, May 30, 2017 at 14:46 +0200, Alexandr Nedvedicky wrote:
> oh, not again...
>
> I'm sorry for not attaching patch to the first email
>
> On Tue, May 30, 2017 at 02:34:32PM +0200, Alexandr Nedvedicky wrote:
> > Hello,
> >
> > patch delivers two changes to PF:
> >
> > it adds PF_LOCK()
This is a first stab at HFSC and FQ-CoDel integration via extending
PF queueing operations (pfq_ops) interface. With this FQ-CoDel can
be attached directly to an interface as well as serve as a replacement
for the HFSC queue to improve its characteristics. In essence, in
many setups (router behin
On Tue, May 23, 2017 at 17:41 +0200, Mark Kettenis wrote:
> So here is a diff that implements what I proposed recently. This
> recognizes that atomic instructions on amd64 already include an
> implicit memory barrier and allows us to write optimized code that
> avoids a redundant memory barrier.
>
On Tue, May 23, 2017 at 11:51 +0100, Stuart Henderson wrote:
> (replying to an old mail),
>
> On 2017/03/16 18:07, Claudio Jeker wrote:
> > On Thu, Mar 16, 2017 at 03:46:38PM +0100, Eric JACQUOT wrote:
> > > Hi all,
> > >
> > > I had some problems with dlna server (minidlna) and a lot of cuts and
On 22 May 2017 at 21:02, Alexander Bluhm wrote:
>
> Hi,
>
> In the IPv4 input path the IPsec policy is checked by
> ip_input_ipsec_ours_check(). This is missing in the IPv6 case. So
> call this function also from ip6_local().
>
> ok?
>
> bluhm
>
This looks good, but please consider moving these
On Mon, May 15, 2017 at 20:13 +0200, Mike Belopuhov wrote:
> Here are some bits to display flow queues alongside H-FSC ones.
> It's a bit hackish in a way I switch the "bandwidth" field to
> the "bandwidth or flows" and then use node->qstats.data.period
ong with your patch, Mike.
>
>
> ----
> On Mon, 5/15/17, Mike Belopuhov wrote:
>
> Subject: Re: pf queue definition: bandwidth resolution problem
> To: "Carl Mascott"
> Cc: "Theo Buehler" , tech@openbsd.org
> Date: Monday, May 15, 2
jmc@ has pointed out some inconsistencies in how bandwidth parameters
are parsed and printed out. I agree that we can fix or improve this:
1) Bit/B/bit/b are parsed incorrectly. Ditching them is another option.
2) Should we make lowercase K, M and G parseable as well? I'd like that.
3) Avoid an
On Sun, May 14, 2017 at 21:08 +, Carl Mascott wrote:
> OK, I was indeed missing something. Thanks, Theo and Mike.
>
> I think I see another very minor problem, though.
> Let the pf BW be 9,999,999.
> Shift right 3 digits (divide by 1000) : yields 9,999K.
> (If we were doing floating point arit
Here are some bits to display flow queues alongside H-FSC ones.
It's a bit hackish in a way I switch the "bandwidth" field to
the "bandwidth or flows" and then use node->qstats.data.period
because I'm too lazy to change the pfctl_queue_node to include
a union... This will require changes in the who
On Mon, May 15, 2017 at 15:19 +0200, Alexandr Nedvedicky wrote:
> Hello,
>
> > Now *is* the time to commit the first step, the refactoring. Once
> > that's done we can discuss the introduction of the context.
> >
> > Could you come up with such diff?
>
> first of all: I have not managed to
On Sun, May 07, 2017 at 18:59 -0500, Matthew Martin wrote:
> RFC 4861 specifies ReachableTime "should be a uniformly distributed
> random value between MIN_RANDOM_FACTOR and MAX_RANDOM_FACTOR times
> BaseReachableTime milliseconds." I think the author intended to do the
> multiplication by (x>>10)
on Tuesday.
>
> Yes, I understand that systat can display only 4 digits for BW.
> That's 5 digits with my guard digit, which is shifted out (and not displayed)
> at the end.
> So, with the guard digit, 6 digits is too many.
>
>
> --
On Sun, May 14, 2017 at 19:48 +, Carl Mascott wrote:
> I have a suggestion RE your pftop.c patch. You are rounding
> multiple times, after each scale operation. This is known as
> rounding the intermediate results of a calculation and degrades
> accuracy. If you're not familiar with the issu
iodically,
> but if that's not the case then the same fix is needed in systat.
>
>
>
>
> On Sat, 5/13/17, Carl Mascott wrote:
>
> Subject: Re: pf queue definition: bandwidth resolution problem
> To: "Mike Belopu
bandwidth by pfctl. Actual tests with a simple
> queue, as you suggested, could determine whether pf is enforcing the correct
> bandwidth values. To make it easiest to see an error the optimum leaf queue
> max bandwidth to use is 1999K. Then see whether the measured bandwidth is ~2M
I've tried very hard to make it concise and avoided any references to
underlying algorithms.
OK?
---
share/man/man5/pf.conf.5 | 47 ---
1 file changed, 44 insertions(+), 3 deletions(-)
diff --git share/man/man5/pf.conf.5 share/man/man5/pf.conf.5
index
On Fri, Apr 28, 2017 at 19:58 +0200, Mike Belopuhov wrote:
> This is the last bit required in order to actually be able to
> use FQ-CoDel. It might require some polish, but I think there's
> nothing exceptionally ugly barring the statistics interface.
>
> fqcodel_stats is c
On 12 May 2017 at 18:13, Alexander Bluhm wrote:
> On Mon, May 08, 2017 at 05:09:01PM +0200, Alexander Bluhm wrote:
> > Checking for IPv4 mapped addresses is a bit inconsistent in the
> > output path.
>
> I should split the diff to make review easier.
>
> - Use the common switch(af) construct for
On 12 May 2017 at 18:08, Alexander Bluhm wrote:
> On Fri, May 12, 2017 at 05:56:09PM +0200, Mike Belopuhov wrote:
> > No, there's a check just above...
>
> And without the panic? Remove duplicate code, remove if (proto == 0)
> that cannot happen.
>
> bluhm
>
>
Sure.
On 12 May 2017 at 17:28, Alexander Bluhm wrote:
> On Fri, May 12, 2017 at 01:53:12PM +0200, Alexander Bluhm wrote:
> > In bridge_ipsec() tdb comes from
> > gettdb() called with proto. There we goto skiplookup if proto !=
> > IPPROTO_ESP && proto != IPPROTO_AH && proto != IPPROTO_IPCOMP.
>
> Whil
On 12 May 2017 at 15:29, Alexander Bluhm wrote:
> Hi,
>
> IPsec packets are passed through ip_input() a second time after
> they have been decrypted. That means that all the IP header fields
> are checked twice. Also fragment reassembly is tried twice.
>
> In pf incoming packets in tunnel mode
On Thu, May 11, 2017 at 13:11 +0200, Alexander Bluhm wrote:
> Hi,
>
> ipv4_input() checks the IPsec policy for forwarding and local
> delivery. Such code is missing in IPv6, the behavior is different.
>
> Start using the forwarding check also in ip6_input(). While there
> avoid an ugly #ifdef i
On Mon, May 08, 2017 at 20:22 +0200, Alexander Bluhm wrote:
> Hi,
>
> IPv6 IPsec transport mode does not work if pf is enabled. The
> problem is that the decrypted packets in the input path are not
> checked with pf(4). So if you have stateful filtering on enc0 (the
> default) direction aware pr
On Tue, May 09, 2017 at 14:13 +0200, Patrick Wildt wrote:
> On Tue, May 09, 2017 at 01:55:18PM +0200, Mike Belopuhov wrote:
> > On Tue, May 09, 2017 at 10:36 +0200, Patrick Wildt wrote:
> > > On Mon, May 08, 2017 at 02:56:55PM +0200, Patrick Wildt wrote:
> > > > @@ -
On 9 May 2017 at 14:13, Patrick Wildt wrote:
> On Tue, May 09, 2017 at 01:55:18PM +0200, Mike Belopuhov wrote:
> > On Tue, May 09, 2017 at 10:36 +0200, Patrick Wildt wrote:
> > > On Mon, May 08, 2017 at 02:56:55PM +0200, Patrick Wildt wrote:
> > > > @@ -2307,9
On 9 May 2017 at 13:38, Alexander Bluhm wrote:
> Hi,
>
> Remove rip_output() and rip6_output() from inetsw and inet6sw. The
> rip_output() function is never called via the pr_output pointer.
> rip_usrreq(PRU_SEND) calls rip_output() directly. raw_usrreq() is
> never called from inetsw. Situati
On Tue, May 09, 2017 at 10:36 +0200, Patrick Wildt wrote:
> On Mon, May 08, 2017 at 02:56:55PM +0200, Patrick Wildt wrote:
> > @@ -2307,9 +2326,9 @@ pfr_pool_get(struct pf_pool *rpool, struct pf_addr
> > **raddr,
> > rpool->curweight = kt->pfrkt_maxweight;
> > }
> >
> > -
On Mon, May 08, 2017 at 13:38 +0200, Mark Kettenis wrote:
> So the reason mikeb@'s mbuf changes caused issues is that the way we
> define struct mbuf is inherently fragile because it doesn't take
> structure padding into account. Adding an int64_t member to struct
> pkthdr changed the alignment fr
On 7 May 2017 at 15:10, Mike Belopuhov wrote:
> On Sat, May 06, 2017 at 17:35 +0200, Mark Kettenis wrote:
> > > Date: Fri, 5 May 2017 22:09:03 +0200 (CEST)
> > > From: Mark Kettenis
> > >
> > > Just got this panic on armv7; got a very similar panic on
On Sat, May 06, 2017 at 17:35 +0200, Mark Kettenis wrote:
> > Date: Fri, 5 May 2017 22:09:03 +0200 (CEST)
> > From: Mark Kettenis
> >
> > Just got this panic on armv7; got a very similar panic on hppa
> > yesterday that I didn't have time to look into any further. This is
> > completely reproduc
Due to a poorly chosen initial state, we might jump immediately
into a CONTROL state bypassing the DROPPING one when the initial
state is DROPPING. The fix is easy: the initial state must be
something neutral, so that we would transition INITIAL->DROPPING
right off the bat in the beggining of the
On Tue, May 02, 2017 at 19:19 +0200, Mike Belopuhov wrote:
> On Tue, May 02, 2017 at 11:14 -0600, Todd C. Miller wrote:
> > On Tue, 02 May 2017 11:12:58 -0600, "Todd C. Miller" wrote:
> >
> > > On Tue, 02 May 2017 18:59:44 +0200, Mike Belopuhov wrote:
On Tue, May 02, 2017 at 11:14 -0600, Todd C. Miller wrote:
> On Tue, 02 May 2017 11:12:58 -0600, "Todd C. Miller" wrote:
>
> > On Tue, 02 May 2017 18:59:44 +0200, Mike Belopuhov wrote:
> >
> > > After switching the ph_timestamp to int64_t, the implement
On Tue, May 02, 2017 at 10:58 -0600, Theo de Raadt wrote:
> Most important reason to me is less mbuf growth
>
> But what units is this timestamp...
>
Right now it's up to the code using it with a preference for a
nanosecond precision, but once we start using it for more than
one thing, we can fix
On Fri, Apr 28, 2017 at 17:36 +0200, Mike Belopuhov wrote:
> This is an implementation of an FQ-CoDel algorithm that relies
> on Pf for configuration and providing flow information via its
> stateful inspection.
>
Thanks for mpi@, visa@ and sthen@ for looking through the code!
Aft
On Fri, Apr 28, 2017 at 15:31 +0200, Mike Belopuhov wrote:
> One of the prerequisites for FQ_CoDel is ability to track packet
> enqueue time. To avoid allocating per-packet mbuf tags, I'd prefer
> to include the timestamp directly into the packet header structure.
> This can
There are no more encrypt-only keys, so swap_key_prepare loses a flag.
OK?
---
sys/uvm/uvm_swap_encrypt.c | 31 ---
sys/uvm/uvm_swap_encrypt.h | 2 +-
2 files changed, 13 insertions(+), 20 deletions(-)
diff --git sys/uvm/uvm_swap_encrypt.c sys/uvm/uvm_swap_encrypt.c
OK?
---
regress/sys/crypto/cmac/Makefile| 2 +-
regress/sys/crypto/cmac/cmac_test.c | 2 +-
regress/sys/crypto/key_wrap/Makefile| 2 +-
regress/sys/crypto/key_wrap/key_wrap_test.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git regress/sys/crypto/c
OK?
---
sys/crypto/cmac.c| 12 ++--
sys/crypto/cmac.h| 2 +-
sys/crypto/key_wrap.c| 10 +-
sys/crypto/key_wrap.h| 2 +-
sys/net80211/ieee80211_crypto.c | 2 +-
sys/net80211/ieee80211_crypto_bip.c | 2
This is the last bit required in order to actually be able to
use FQ-CoDel. It might require some polish, but I think there's
nothing exceptionally ugly barring the statistics interface.
fqcodel_stats is constructed to have a few fields "compatible"
with the hfsc_class_stats so that byte and pack
OK to remove an unused field?
diff --git usr.bin/systat/pftop.c usr.bin/systat/pftop.c
index 27120174a18..99447b586d7 100644
--- usr.bin/systat/pftop.c
+++ usr.bin/systat/pftop.c
@@ -148,11 +148,10 @@ field_def fields[] = {
{"PEAK", 5, 8, 1, FLD_ALIGN_RIGHT, -1, 0, 0, 0},
{"ANCHOR"
s is not hooked up to the build yet as it lacks Pf bits and
requires an ifq_free diff from dlg@.
OK?
diff --git sys/net/fq_codel.c sys/net/fq_codel.c
new file mode 100644
index 000..96a7cd3beaa
--- /dev/null
+++ sys/net/fq_codel.c
@@ -0,0 +1,691 @@
+/*
+ * Copyright (c) 2017 Mike Belopuhov
By hiding H-FSC behind pfq_ops structure similar to the ifq_ops,
we could provide alternative queueing interfaces for use in Pf.
There are no other functional changes here except that the default
H-FSC qlimit assignment happens in hfsc_class_create so there's no
need to do it in the pf_ioctl code.
On Fri, Apr 28, 2017 at 07:54 -0600, Theo de Raadt wrote:
> > One of the prerequisites for FQ_CoDel is ability to track packet
> > enqueue time. To avoid allocating per-packet mbuf tags, I'd prefer
> > to include the timestamp directly into the packet header structure.
> > This can be later used f
One of the prerequisites for FQ_CoDel is ability to track packet
enqueue time. To avoid allocating per-packet mbuf tags, I'd prefer
to include the timestamp directly into the packet header structure.
This can be later used for other purposes as well if need be. OK?
diff --git sys/sys/mbuf.h sys/
On Tue, Apr 25, 2017 at 13:08 -0600, Todd C. Miller wrote:
> I don't have any objection to this but if it is committed a
> similar change should be made to check_login_epsvall.
>
> - todd
Indeed, it supresses errors from PORT and the like, while
keeping the "530 Please login with USER and PASS."
On Tue, Apr 25, 2017 at 12:27 -0600, Theo de Raadt wrote:
> > > Notice how 530 and 500 were both returned for the TYPE command
> > > that is not valid in this context. Now with the proposed fix:
> > >
> > > kemushi:~% telnet localhost 21
> > > Trying 127.0.0.1...
> > > Connected to lo
form@ has mentioned this bug to me on multiple occasions, so
here it goes: after the USER command has been given, any other
command excluding PASS produces double error. form@ says that
it confuses some clients. I'm not certain why would a client
send something else than a PASS, NOOP or HELP that
On Tue, Apr 25, 2017 at 18:02 +0200, Mike Belopuhov wrote:
> Hi,
>
> Since only leaf queues can have packets assigned to them, H-FSC
> needs a dedicated placeholder root queue. Right now we conjure
> it up behind the user's back, but userland doesn't really have
> t
Hi,
Since only leaf queues can have packets assigned to them, H-FSC
needs a dedicated placeholder root queue. Right now we conjure
it up behind the user's back, but userland doesn't really have
to deal with this and can let kernel take care of it itself.
If you take a look at what troubles pfctl
On Mon, Apr 24, 2017 at 04:36 +0200, Mike Belopuhov wrote:
> Hi,
>
> This is the first diff in series to replace our table-driven AES
> implementation in the crypto framework with a constant time one
> authored by Thomas Pornin. I've been on the lookout for a comp
On Mon, Apr 24, 2017 at 04:39 +0200, Mike Belopuhov wrote:
> AES_Setkey takes key length in bytes rather than bits which makes
> it a bit simpler.
>
The diff below will have to go right after since glxsb depends on
xform.c to do AES-192 and AES-256.
Small regress test fixups.
---
regress/sys/crypto/aesctr/Makefile | 2 +-
regress/sys/crypto/aesctr/aesctr.c | 8 +++-
regress/sys/crypto/aesxts/Makefile | 2 +-
regress/sys/crypto/aesxts/aes_xts.c | 6 +++---
regress/sys/crypto/gmac/Makefile| 2 +-
regress/sys/crypto/gmac/gmac_test.c
AES_Setkey takes key length in bytes rather than bits which makes
it a bit simpler.
---
sys/crypto/cryptosoft.c | 8 +++
sys/crypto/gmac.c | 9
sys/crypto/gmac.h | 5 ++---
sys/crypto/xform.c | 55 +++--
sys/crypto/xform
Adjusts the regress test.
---
regress/sys/crypto/aes/Makefile | 2 +-
regress/sys/crypto/aes/aestest.c | 10 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git regress/sys/crypto/aes/Makefile regress/sys/crypto/aes/Makefile
index 75e88b1a7a6..9120371a07d 100644
--- regress/
(c) 2016 Thomas Pornin
+ *
+ * Modified for OpenBSD by Thomas Pornin and Mike Belopuhov.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restri
On 13 April 2017 at 00:53, Alexander Bluhm wrote:
> Hi,
>
> I would like to pass down the address family through the pr_input
> calls. There are functions like tcp_input() and udp_input() which
> read the version from the IP header. This layer violation could
> be avoided if they know the af. F
On Tue, Apr 04, 2017 at 15:32 +0200, Klemens Nanni wrote:
> Hey,
>
> blocknonip's description is a tad clearer that way, the rest is mostly
> cosmetical but still.
> Index: sbin/ifconfig/ifconfig.8
> ===
> RCS file: /cvs/src/sbin/ifc
On Fri, Mar 24, 2017 at 12:19 +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> I'm attaching patch, which removes stack-as-a-global variable.
> it's updated patch [1] to current tree.
>
> sorry for being pushy advocating my old, rusty patch.
>
I think your diff is the way to go indeed. If we can
On 21 March 2017 at 09:52, Jeremie Courreges-Anglas wrote:
> Stuart Henderson writes:
>
>> On 2017/02/13 09:54, Jason Tubnor wrote:
>>> Hi,
>>>
>>> Upon implementation of etherip(4) over an iked(8) connection, I had issues
>>> with passing etherip traffic over the connection.
>>>
>>> The -current
On 21 March 2017 at 06:21, Stefan Sperling wrote:
> Replace a magic number with the corresponding macro.
>
Sure. OK mikeb
On 7 March 2017 at 11:08, Martin Pieuchot wrote:
> carp(4), as a pseudo-interface, is always executed in the 'softnet'
> thread. Using splnet()/splx() might have been relevant when link-state
> handlers where directly executed from hardware interrupt handlers. But
> nowadays everything is run un
On 13 March 2017 at 15:09, Patrick Wildt wrote:
> On Mon, Mar 13, 2017 at 02:33:02PM +0100, Mike Belopuhov wrote:
>> On Tue, Mar 07, 2017 at 10:36 +0100, Patrick Wildt wrote:
>> > On Tue, Mar 07, 2017 at 10:17:16AM +0100, Patrick Wildt wrote:
>> > > Hi,
>>
On Tue, Mar 07, 2017 at 10:36 +0100, Patrick Wildt wrote:
> On Tue, Mar 07, 2017 at 10:17:16AM +0100, Patrick Wildt wrote:
> > Hi,
> >
> > currently the pf status struct contains the time since pf was enabled as
> > seen on the wall clock. This means when time drifts, or is set to some
> > earlie
On 7 March 2017 at 02:32, David Gwynne wrote:
>
>> On 2 Mar 2017, at 21:19, Mike Belopuhov wrote:
>>
>> On Thu, Mar 02, 2017 at 10:11 +0100, Martin Pieuchot wrote:
>>> On 02/03/17(Thu) 01:16, Mike Belopuhov wrote:
>>>> On 2 March 2017 at 00:56, David Gwy
On 7 March 2017 at 10:13, Martin Pieuchot wrote:
> On 06/03/17(Mon) 23:13, Mike Belopuhov wrote:
>> On Thu, Mar 02, 2017 at 14:23 +0100, Mike Belopuhov wrote:
>> > On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote:
>> > > the current code has been very car
On Thu, Mar 02, 2017 at 14:23 +0100, Mike Belopuhov wrote:
> On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote:
> > the current code has been very careful not to free an mbuf while
> > holding the ifq mutex. i would prefer to keep it that way.
> >
> > the least wo
There's no need to overwrite original flow ID assigned on
input so that it remains stable throughout the life of a
packet. The rationale is that output processing may split,
encapsulate or obfuscate a single stream which makes the
changed flow ID useless for purposes of flow control, for
instance
On Mon, Mar 06, 2017 at 14:46 +0100, Claudio Jeker wrote:
> On Mon, Mar 06, 2017 at 01:04:28PM +0100, Mike Belopuhov wrote:
> > On Fri, Mar 03, 2017 at 16:58 +0100, mathieu.bl...@cea.fr wrote:
> > > Hi,
> > >
> > > here is a patch which fixes an in
On Fri, Mar 03, 2017 at 16:58 +0100, mathieu.bl...@cea.fr wrote:
> Hi,
>
> here is a patch which fixes an integer overflow in the computation of
> adaptive timeouts. The effect of this integer overflow is that
> depending on timeout values, legitimate established connection states
> can be evicted
On Thu, Mar 02, 2017 at 14:23 +0100, Mike Belopuhov wrote:
> On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote:
> > the current code has been very careful not to free an mbuf while
> > holding the ifq mutex. i would prefer to keep it that way.
> >
> > the least wo
On 2 March 2017 at 02:52, Mike Belopuhov wrote:
> no, actually dropping one mbuf on enqueue still holds, but i'll need
> to drop several on dequeue. not sure yet how to properly do that
> outside of an ifq lock though.
I think I've found a non-intrusive solution
On Thu, Mar 02, 2017 at 10:35 +1000, David Gwynne wrote:
> the current code has been very careful not to free an mbuf while
> holding the ifq mutex. i would prefer to keep it that way.
>
> the least worst way to do that would be to return the mbuf to be
> dropped for ifq_enqueue to free. this is c
On Thu, Mar 02, 2017 at 10:11 +0100, Martin Pieuchot wrote:
> On 02/03/17(Thu) 01:16, Mike Belopuhov wrote:
> > On 2 March 2017 at 00:56, David Gwynne wrote:
> > >
> > >> On 2 Mar 2017, at 06:43, Mike Belopuhov wrote:
> > >>
> > >> This conv
On 2 March 2017 at 02:43, Mike Belopuhov wrote:
> On 2 March 2017 at 01:35, David Gwynne wrote:
>> On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
>>> Priority queueing is the default policy in OpenBSD and it
>>> distributes outgoing packets in 8 l
On 2 March 2017 at 01:35, David Gwynne wrote:
> On Wed, Mar 01, 2017 at 10:03:42PM +0100, Mike Belopuhov wrote:
>> Priority queueing is the default policy in OpenBSD and it
>> distributes outgoing packets in 8 lists by priority (0-7) with
>> an aggregate queue depth set by
On 2 March 2017 at 00:56, David Gwynne wrote:
>
>> On 2 Mar 2017, at 06:43, Mike Belopuhov wrote:
>>
>> This convers hand rolled lists into exactly the same mbuf_lists.
>> I need this because of the next diff that uses the ml_len packet
>> counter that mbuf_
I've realised that something like this would be nice for convenience,
but not crucial. I'd prefer not to pass the mbuf pointer, but there's
no decent way around it.
---
sys/net/ifq.c | 12 +---
sys/net/ifq.h | 1 +
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git sys/net/if
Priority queueing is the default policy in OpenBSD and it
distributes outgoing packets in 8 lists by priority (0-7) with
an aggregate queue depth set by the interface: pseudo interfaces
use IFQ_MAXLEN defined equal to 256, hardware device drivers
normally size it by their TX ring minus 1 (therefore
This convers hand rolled lists into exactly the same mbuf_lists.
I need this because of the next diff that uses the ml_len packet
counter that mbuf_lists have. Otherwise there's no functional
change.
---
sys/net/ifq.c | 48 ++--
1 file changed, 18 inse
On 15 February 2017 at 19:08, Alexander Bluhm wrote:
> Hi,
>
> Replace some manual loops with FOREACH macro.
>
> ok?
>
> bluhm
>
Looks good to me, OK mikeb
On 13 February 2017 at 11:42, Martin Pieuchot wrote:
> Like all other pr_sysctl functions, pfkeyv2_sysctl() is called with the
> NET_LOCK() held, so trade splsoftnet()/splx() dances with an assert.
>
> ok?
Go for it, OK mikeb
On 13 February 2017 at 11:56, Martin Pieuchot wrote:
> All code paths below are executed at IPL_SOFTNET, except the timeout that
> I converted to timeout_set_proc(9) in order to grab the NET_LOCK().
>
> ok?
>
LGTM, OK mikeb
On 7 February 2017 at 11:14, Martin Pieuchot wrote:
> On 07/02/17(Tue) 11:03, Mike Belopuhov wrote:
>> On 7 February 2017 at 10:13, Martin Pieuchot wrote:
>> > On 06/02/17(Mon) 17:19, Mike Belopuhov wrote:
>> >> On 6 February 2017 at 17:02, Martin Pieuchot wrot
On 7 February 2017 at 10:12, Martin Pieuchot wrote:
> On 06/02/17(Mon) 17:18, Mike Belopuhov wrote:
>> On 6 February 2017 at 17:02, Martin Pieuchot wrote:
>> > PF has its own home-brewed solution for dealing with CPU hogging. It
>> > has been introduced in r1.88 of ne
On 7 February 2017 at 10:13, Martin Pieuchot wrote:
> On 06/02/17(Mon) 17:19, Mike Belopuhov wrote:
>> On 6 February 2017 at 17:02, Martin Pieuchot wrote:
>> > PF has its own home-brewed solution for dealing with CPU hogging. It
>> > has been introduced in r1.88 of ne
On 6 February 2017 at 17:02, Martin Pieuchot wrote:
> PF has its own home-brewed solution for dealing with CPU hogging. It
> has been introduced in r1.88 of net/pf_table.c and I couldn't find any
> explanation why it is different than the idiom we use in other places.
>
The idea was just to be a
On 6 February 2017 at 17:02, Martin Pieuchot wrote:
> PF has its own home-brewed solution for dealing with CPU hogging. It
> has been introduced in r1.88 of net/pf_table.c and I couldn't find any
> explanation why it is different than the idiom we use in other places.
>
> So let's use the same id
On 26 January 2017 at 01:12, Bertrand Provost
wrote:
> Hi,
>
> Based on feedback from jmc and florian here a new version of the patch
> - Add -V in usage() && __dead usage()
> - Change man
>
> (I hope this time my mail client is well configure)
>
> Regards,
>
> --
> Bertrand Provost
>
Looks good
On 25 January 2017 at 13:12, Alexander Bluhm wrote:
> Hi,
>
> I ran the regression tests with netlock and kern.splassert=2.
>
> panic: sleep: sosplice failed insomnia
> Stopped at Debugger+0x7: leave
> TIDPIDUID PRFLAGS PFLAGS CPU COMMAND
> 165128 1277 0
On Wed, Jan 18, 2017 at 21:23 +0300, Dinar Talypov wrote:
> +void
> +xen_inform_host(struct xen_softc *sc)
> +{
> + char *os_name;
> +
> + /* Fake PV drivers version */
> + xs_setnum(sc, "attr/PVAddons", "MajorVersion", 6);
> + xs_setnum(sc, "attr/PVAddons", "MinorVersion", 2);
On Wed, Jan 18, 2017 at 21:23 +0300, Dinar Talypov wrote:
>
> Hi,
>
Privet, Dinar!
> The patch below fakes pv drivers installation.
> Version numbers are taken from FreeBSD sysutils/xe-guest-utilities.
> With this xen allows reboot or shutdown OpenBSD guest.
>
Which Xen version or what environm
This is enough to probe and initiate I/O to multiple LUNs on mpii(4)
and lets robert@ attach (but not use) his tape library where LUN 0
is an st(4) and LUN 1 is a ch(4). OK?
The reason we limit it to 255 is that LUN numbers larger than 255
need to be encoded in a fairly complicated manner and thi
On 11 January 2017 at 19:33, Martin Pieuchot wrote:
> On 11/01/17(Wed) 18:27, Martin Pieuchot wrote:
>> Mark Patruck reported the following assertion:
>>
>> splassert: pool_put: want 5 have 7
>> Starting stack trace...
>> pool_put() at pool_put+0x4e
>> pf_pkt_unlink_state_k
One of the countermeasures against using Direct Connect Interface
(DCI) to debug CPUs via USB3 mentioned in the "Tapping into the
core" talk at the 33c3 was to identify and disable the Silicon
Debug feature found in Haswell and newer CPUs.
Two machines we have here are Haswell and Skylake, but bot
On 10 January 2017 at 10:17, Martin Pieuchot wrote:
> What guarantee the serialization of access to the bridge(4) data
> structures modified in bridge_rtage() below is the KERNEL_LOCK().
>
> There's no network soft-interrupt context anymore, so remove a
> superfluous splsoftnet()/splx() dance and
On 9 January 2017 at 17:44, Visa Hankala wrote:
> On Mon, Jan 09, 2017 at 04:10:48PM +0100, Martin Pieuchot wrote:
>> As reported by Hrvoje Popovski, these two callbacks also need the
>> NET_LOCK():
>>
>> splassert: ip_output: want 1 have 0
>> Starting stack trace...
>> ip_output
On 9 January 2017 at 16:10, Martin Pieuchot wrote:
> As reported by Hrvoje Popovski, these two callbacks also need the
> NET_LOCK():
>
> splassert: ip_output: want 1 have 0
> Starting stack trace...
> ip_output() at ip_output+0x7d
> pfsync_sendout() at pfsync_sendou
On 3 January 2017 at 20:08, Ted Unangst wrote:
> Martin Pieuchot wrote:
>> It seems that most of the problems exposed by the introduction of the
>> NET_LOCK() are related to the non-recursive nature of the rwlock. Some
>> known issues involve pflow(4), cloning interfaces an NFS.
>>
>> Diff below
101 - 200 of 1074 matches
Mail list logo
