From owner-freebsd-pf@FreeBSD.ORG Sun Feb 22 23:54:29 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 02D4E64C; Sun, 22 Feb 2015 23:54:29 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7F57B933; Sun, 22 Feb 2015 23:54:28 +0000 (UTC) Received: from moby.local ([88.66.138.174]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LezI3-1Xkox21WcJ-00qgCo; Mon, 23 Feb 2015 00:54:19 +0100 Message-ID: <54EA6C1B.60701@gmx.com> Date: Mon, 23 Feb 2015 00:54:03 +0100 From: Nikos Vassiliadis User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Gleb Smirnoff , Craig Rodrigues Subject: Re: svn commit: r276747 - head/sys/netpfil/pf References: <201501060903.t06934qp081875@svn.freebsd.org> <20150122012709.GM15484@FreeBSD.org> <54C16715.6060701@gmx.com> <20150122222314.GO15484@FreeBSD.org> <20150215190100.GQ15484@FreeBSD.org> <20150216012528.GA15484@FreeBSD.org> <20150216074656.GE15484@FreeBSD.org> In-Reply-To: <20150216074656.GE15484@FreeBSD.org> Content-Type: multipart/mixed; boundary="------------060104020605000009090808" X-Provags-ID: V03:K0:xSeuf4gTgF06F9vUVRDAjNqFocwpWj0A2DgTu4YnBObUftd/uOF YYZPscskYQwYtkjDb+vuUY47HcGiuJOmzr/use8NhdcHMoROv5G8/WdYm+B0V4mu1poaJPh pyVVno/p1Xu4LgOrMqGGMMBMIwJVOxeQ7sZCGx12fOehFuAnVMeibmCkH7G2CZ27+cb2Cmw qhvmUYCiIjkE/lx4auBoA== X-UI-Out-Filterresults: notjunk:1; Cc: "freebsd-virtualization@freebsd.org" , freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2015 23:54:29 -0000 This is a multi-part message in MIME format. --------------060104020605000009090808 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Hi, Please review this. It is mostly the changes from project/pf plus VNET_(SYSINIT,UNINIT) and pf_(load,unload). Unloading the module is almost there, it works for GENERIC. We need to fix the event handlers registration in order to unload with a VIMAGE kernel. I will continue with this. Phabricator: https://reviews.freebsd.org/D1944 Best regards, Nikos --------------060104020605000009090808 Content-Type: text/plain; charset=us-ascii; name="pf.patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="pf.patch.txt" Index: sys/net/pfvar.h =================================================================== --- sys/net/pfvar.h (revision 279103) +++ sys/net/pfvar.h (working copy) @@ -1495,7 +1495,7 @@ VNET_DECLARE(struct pf_altqqueue *, pf_altqs_inac VNET_DECLARE(struct pf_rulequeue, pf_unlinked_rules); #define V_pf_unlinked_rules VNET(pf_unlinked_rules) -void pf_initialize(void); +void pf_vnet_initialize(void); void pf_mtag_initialize(void); void pf_mtag_cleanup(void); void pf_cleanup(void); @@ -1592,7 +1592,7 @@ int pf_match_addr_range(struct pf_addr *, struct p struct pf_addr *, sa_family_t); int pf_match_port(u_int8_t, u_int16_t, u_int16_t, u_int16_t); -void pf_normalize_init(void); +void pf_vnet_normalize_init(void); void pf_normalize_cleanup(void); int pf_normalize_tcp(int, struct pfi_kif *, struct mbuf *, int, int, void *, struct pf_pdesc *); @@ -1650,7 +1650,7 @@ MALLOC_DECLARE(PFI_MTYPE); VNET_DECLARE(struct pfi_kif *, pfi_all); #define V_pfi_all VNET(pfi_all) -void pfi_initialize(void); +void pfi_vnet_initialize(void); void pfi_cleanup(void); void pfi_kif_ref(struct pfi_kif *); void pfi_kif_unref(struct pfi_kif *); Index: sys/netpfil/pf/pf.c =================================================================== --- sys/netpfil/pf/pf.c (revision 279103) +++ sys/netpfil/pf/pf.c (working copy) @@ -151,6 +151,7 @@ static VNET_DEFINE(struct pf_send_head, pf_sendque #define V_pf_sendqueue VNET(pf_sendqueue) static struct mtx pf_sendqueue_mtx; +MTX_SYSINIT(pf_sendqueue_mtx, &pf_sendqueue_mtx, "pf send queue", MTX_DEF); #define PF_SENDQ_LOCK() mtx_lock(&pf_sendqueue_mtx) #define PF_SENDQ_UNLOCK() mtx_unlock(&pf_sendqueue_mtx) @@ -172,11 +173,16 @@ static VNET_DEFINE(struct task, pf_overloadtask); #define V_pf_overloadtask VNET(pf_overloadtask) static struct mtx pf_overloadqueue_mtx; +MTX_SYSINIT(pf_overloadqueue_mtx, &pf_overloadqueue_mtx, + "pf overload/flush queue", MTX_DEF); + #define PF_OVERLOADQ_LOCK() mtx_lock(&pf_overloadqueue_mtx) #define PF_OVERLOADQ_UNLOCK() mtx_unlock(&pf_overloadqueue_mtx) VNET_DEFINE(struct pf_rulequeue, pf_unlinked_rules); struct mtx pf_unlnkdrules_mtx; +MTX_SYSINIT(pf_unlnkdrules_mtx, &pf_unlnkdrules_mtx, "pf unlinked rules", + MTX_DEF); static VNET_DEFINE(uma_zone_t, pf_sources_z); #define V_pf_sources_z VNET(pf_sources_z) @@ -767,7 +773,7 @@ pf_mtag_initialize() /* Per-vnet data storage structures initialization. */ void -pf_initialize() +pf_vnet_initialize() { struct pf_keyhash *kh; struct pf_idhash *ih; @@ -827,13 +833,9 @@ void STAILQ_INIT(&V_pf_sendqueue); SLIST_INIT(&V_pf_overloadqueue); TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, curvnet); - mtx_init(&pf_sendqueue_mtx, "pf send queue", NULL, MTX_DEF); - mtx_init(&pf_overloadqueue_mtx, "pf overload/flush queue", NULL, - MTX_DEF); /* Unlinked, but may be referenced rules. */ TAILQ_INIT(&V_pf_unlinked_rules); - mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF); } void @@ -876,10 +878,6 @@ pf_cleanup() free(pfse, M_PFTEMP); } - mtx_destroy(&pf_sendqueue_mtx); - mtx_destroy(&pf_overloadqueue_mtx); - mtx_destroy(&pf_unlnkdrules_mtx); - uma_zdestroy(V_pf_sources_z); uma_zdestroy(V_pf_state_z); uma_zdestroy(V_pf_state_key_z); Index: sys/netpfil/pf/pf_if.c =================================================================== --- sys/netpfil/pf/pf_if.c (revision 279103) +++ sys/netpfil/pf/pf_if.c (working copy) @@ -103,9 +103,11 @@ LIST_HEAD(pfi_list, pfi_kif); static VNET_DEFINE(struct pfi_list, pfi_unlinked_kifs); #define V_pfi_unlinked_kifs VNET(pfi_unlinked_kifs) static struct mtx pfi_unlnkdkifs_mtx; +MTX_SYSINIT(pfi_unlnkdkifs_mtx, &pfi_unlnkdkifs_mtx, "pf unlinked interfaces", + MTX_DEF); void -pfi_initialize(void) +pfi_vnet_initialize(void) { struct ifg_group *ifg; struct ifnet *ifp; @@ -115,8 +117,6 @@ void V_pfi_buffer = malloc(V_pfi_buffer_max * sizeof(*V_pfi_buffer), PFI_MTYPE, M_WAITOK); - mtx_init(&pfi_unlnkdkifs_mtx, "pf unlinked interfaces", NULL, MTX_DEF); - kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); V_pfi_all = pfi_kif_attach(kif, IFG_ALL); @@ -166,8 +166,6 @@ pfi_cleanup(void) free(p, PFI_MTYPE); } - mtx_destroy(&pfi_unlnkdkifs_mtx); - free(V_pfi_buffer, PFI_MTYPE); } Index: sys/netpfil/pf/pf_ioctl.c =================================================================== --- sys/netpfil/pf/pf_ioctl.c (revision 279103) +++ sys/netpfil/pf/pf_ioctl.c (working copy) @@ -87,7 +87,8 @@ __FBSDID("$FreeBSD$"); #include #endif -static int pfattach(void); +static int pf_vnet_init(void); +static int pf_vnet_uninit(void); static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); @@ -205,17 +206,15 @@ pfsync_defer_t *pfsync_defer_ptr = NULL; pflog_packet_t *pflog_packet_ptr = NULL; static int -pfattach(void) +pf_vnet_init(void) { u_int32_t *my_timeout = V_pf_default_rule.timeout; int error; - if (IS_DEFAULT_VNET(curvnet)) - pf_mtag_initialize(); - pf_initialize(); + pf_vnet_initialize(); pfr_initialize(); - pfi_initialize(); - pf_normalize_init(); + pfi_vnet_initialize(); + pf_vnet_normalize_init(); V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT; V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT; @@ -287,7 +286,55 @@ static int return (0); } +VNET_SYSINIT(pf_vnet_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 255, + pf_vnet_init, NULL); +static int +pf_vnet_uninit(void) +{ + int error = 0; + int number_of_vnets = 0; + VNET_ITERATOR_DECL(vnet_iter); + + V_pf_status.running = 0; + swi_remove(V_pf_swi_cookie); + error = dehook_pf(); + if (error) { + /* + * Should not happen! + * XXX Due to error code ESRCH, kldunload will show + * a message like 'No such process'. + */ + printf("%s : pfil unregisteration fail\n", __FUNCTION__); + return error; + } + PF_RULES_WLOCK(); + shutdown_pf(); + pf_normalize_cleanup(); + pfi_cleanup(); + pfr_cleanup(); + pf_osfp_flush(); + pf_cleanup(); + + /* + * For the last VNET we perform the final cleanup + */ + VNET_FOREACH(vnet_iter) + number_of_vnets++; + if (number_of_vnets == 1) + pf_mtag_cleanup(); + PF_RULES_WUNLOCK(); + if (number_of_vnets == 1) { + destroy_dev(pf_dev); + rw_destroy(&pf_rules_lock); + sx_destroy(&pf_ioctl_lock); + } + + return (error); +} +VNET_SYSUNINIT(pf_vnet_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 255, + pf_vnet_uninit, NULL); + static struct pf_pool * pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action, u_int32_t rule_number, u_int8_t r_last, u_int8_t active, @@ -3715,27 +3762,11 @@ dehook_pf(void) static int pf_load(void) { - int error; - VNET_ITERATOR_DECL(vnet_iter); - - VNET_LIST_RLOCK(); - VNET_FOREACH(vnet_iter) { - CURVNET_SET(vnet_iter); - V_pf_pfil_hooked = 0; - V_pf_end_threads = 0; - TAILQ_INIT(&V_pf_tags); - TAILQ_INIT(&V_pf_qids); - CURVNET_RESTORE(); - } - VNET_LIST_RUNLOCK(); - rw_init(&pf_rules_lock, "pf rulesets"); sx_init(&pf_ioctl_lock, "pf ioctl"); - pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME); - if ((error = pfattach()) != 0) - return (error); + pf_mtag_initialize(); return (0); } @@ -3743,40 +3774,16 @@ pf_load(void) static int pf_unload(void) { - int error = 0; - V_pf_status.running = 0; - swi_remove(V_pf_swi_cookie); - error = dehook_pf(); - if (error) { - /* - * Should not happen! - * XXX Due to error code ESRCH, kldunload will show - * a message like 'No such process'. - */ - printf("%s : pfil unregisteration fail\n", __FUNCTION__); - return error; - } + V_pf_end_threads = 1; PF_RULES_WLOCK(); - shutdown_pf(); - V_pf_end_threads = 1; while (V_pf_end_threads < 2) { wakeup_one(pf_purge_thread); rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0); } - pf_normalize_cleanup(); - pfi_cleanup(); - pfr_cleanup(); - pf_osfp_flush(); - pf_cleanup(); - if (IS_DEFAULT_VNET(curvnet)) - pf_mtag_cleanup(); PF_RULES_WUNLOCK(); - destroy_dev(pf_dev); - rw_destroy(&pf_rules_lock); - sx_destroy(&pf_ioctl_lock); - return (error); + return (0); } static int Index: sys/netpfil/pf/pf_norm.c =================================================================== --- sys/netpfil/pf/pf_norm.c (revision 279103) +++ sys/netpfil/pf/pf_norm.c (working copy) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include "opt_pf.h" #include +#include #include #include #include @@ -107,6 +108,7 @@ struct pf_fragment_tag { }; static struct mtx pf_frag_mtx; +MTX_SYSINIT(pf_frag_mtx, &pf_frag_mtx, "pf fragments", MTX_DEF); #define PF_FRAG_LOCK() mtx_lock(&pf_frag_mtx) #define PF_FRAG_UNLOCK() mtx_unlock(&pf_frag_mtx) #define PF_FRAG_ASSERT() mtx_assert(&pf_frag_mtx, MA_OWNED) @@ -180,7 +182,7 @@ pf_ip2key(struct ip *ip, int dir, struct pf_fragme #endif /* INET */ void -pf_normalize_init(void) +pf_vnet_normalize_init(void) { V_pf_frag_z = uma_zcreate("pf frags", sizeof(struct pf_fragment), @@ -196,8 +198,6 @@ void uma_zone_set_max(V_pf_frent_z, PFFRAG_FRENT_HIWAT); uma_zone_set_warning(V_pf_frent_z, "PF frag entries limit reached"); - mtx_init(&pf_frag_mtx, "pf fragments", NULL, MTX_DEF); - TAILQ_INIT(&V_pf_fragqueue); TAILQ_INIT(&V_pf_cachequeue); } @@ -209,8 +209,6 @@ pf_normalize_cleanup(void) uma_zdestroy(V_pf_state_scrub_z); uma_zdestroy(V_pf_frent_z); uma_zdestroy(V_pf_frag_z); - - mtx_destroy(&pf_frag_mtx); } static int --------------060104020605000009090808-- From owner-freebsd-pf@FreeBSD.ORG Mon Feb 23 06:54:57 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B0C2954 for ; Mon, 23 Feb 2015 06:54:57 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFCB7382 for ; Mon, 23 Feb 2015 06:54:56 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6su71064159 for ; Mon, 23 Feb 2015 06:54:56 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6suO7064158; Mon, 23 Feb 2015 06:54:56 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:54:56 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Changed Subscribers] D1944: PF and VIMAGE fixes Message-ID: X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzsA= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 06:54:57 -0000 rodrigc added subscribers: freebsd-net, freebsd-pf. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, rodrigc Cc: freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Mon Feb 23 06:55:30 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DB8B3B07 for ; Mon, 23 Feb 2015 06:55:30 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BB6CE3C8 for ; Mon, 23 Feb 2015 06:55:30 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6tUDI064768 for ; Mon, 23 Feb 2015 06:55:30 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6tUZO064767; Mon, 23 Feb 2015 06:55:30 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:55:30 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Changed Subscribers] D1944: PF and VIMAGE fixes Message-ID: X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzuI= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 06:55:30 -0000 rodrigc added a subscriber: freebsd-virtualization. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, rodrigc Cc: freebsd-virtualization, freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Mon Feb 23 06:55:43 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B4CBCC20 for ; Mon, 23 Feb 2015 06:55:43 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 92B493DB for ; Mon, 23 Feb 2015 06:55:43 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6thcH064827 for ; Mon, 23 Feb 2015 06:55:43 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6thYT064826; Mon, 23 Feb 2015 06:55:43 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:55:43 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Updated] D1944: PF and VIMAGE fixes Message-ID: <6f1f3e6e7c2ee1adbeb6e4d8fbee1b83@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzu8= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 06:55:43 -0000 rodrigc added a reviewer: gnn. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, rodrigc, gnn Cc: freebsd-virtualization, freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Mon Feb 23 06:56:17 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AFD37D56 for ; Mon, 23 Feb 2015 06:56:17 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8CF2F403 for ; Mon, 23 Feb 2015 06:56:17 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6uHeg065087 for ; Mon, 23 Feb 2015 06:56:17 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6uHWB065086; Mon, 23 Feb 2015 06:56:17 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:56:17 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Updated] D1944: PF and VIMAGE fixes Message-ID: <0baa89b3ef9ef49f4bb70a35cab3eb33@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzxE= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 06:56:17 -0000 rodrigc added reviewers: bz, zec, trociny. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, rodrigc, gnn, bz, zec, trociny Cc: freebsd-virtualization, freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Mon Feb 23 06:57:03 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 61ABFEAA for ; Mon, 23 Feb 2015 06:57:03 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3D46D5F8 for ; Mon, 23 Feb 2015 06:57:03 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6v2fN065917 for ; Mon, 23 Feb 2015 06:57:02 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6v2lZ065914; Mon, 23 Feb 2015 06:57:02 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:57:02 +0000 To: freebsd-pf@freebsd.org From: "rodrigc (Craig Rodrigues)" Subject: [Differential] [Updated] D1944: PF and VIMAGE fixes Message-ID: X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzz4= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 06:57:03 -0000 rodrigc added a comment. Nikos has posted these patches to improve VIMAGE support in PF. If some of the folks who are experienced with PF and VIMAGE could take a look, that would be really great. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, gnn, bz, zec, trociny, rodrigc Cc: freebsd-virtualization, freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Fri Feb 27 19:28:06 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 03321E49 for ; Fri, 27 Feb 2015 19:28:06 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D4259CFC for ; Fri, 27 Feb 2015 19:28:05 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1RJS5no032569 for ; Fri, 27 Feb 2015 19:28:05 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1RJS5Yp032568; Fri, 27 Feb 2015 19:28:05 GMT (envelope-from root) Date: Fri, 27 Feb 2015 19:28:05 +0000 To: freebsd-pf@freebsd.org From: "glebius (Gleb Smirnoff)" Subject: [Differential] [Updated] D1944: PF and VIMAGE fixes Message-ID: <5ca9c7c21f732405c1744df6ff483765@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTwxUU= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2015 19:28:06 -0000 glebius added a comment. Nikos, acking that I see the patches. Right now I'm waiting for pf to stablize after recent patches to fragment handling. Kristof is working on the known problem. Meanwhile you can finish your patch moving from "almost there" to "there" :) If you got any questions about pf or FreeBSD kernel interfaces, feel free to ask me via email. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, gnn, bz, zec, trociny, rodrigc, glebius Cc: freebsd-virtualization, freebsd-pf, freebsd-net From owner-freebsd-pf@FreeBSD.ORG Sat Feb 28 14:10:15 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 45CC9ADC for ; Sat, 28 Feb 2015 14:10:15 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 230579C2 for ; Sat, 28 Feb 2015 14:10:15 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1SEAExe069784 for ; Sat, 28 Feb 2015 14:10:14 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1SEAEnG069783; Sat, 28 Feb 2015 14:10:14 GMT (envelope-from root) Date: Sat, 28 Feb 2015 14:10:14 +0000 To: freebsd-pf@freebsd.org From: "nvass-gmx.com (Nikos Vassiliadis)" Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes Message-ID: <6da6fdc1478733afbf767b445a934e6f@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTxzEY= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2015 14:10:15 -0000 nvass-gmx.com added a comment. >>! In D1944#8, @glebius wrote: > Nikos, > > acking that I see the patches. Right now I'm waiting for pf to stablize after > recent patches to fragment handling. Kristof is working on the known problem. > Meanwhile you can finish your patch moving from "almost there" to "there" :) Yes, currently working on it. > If you got any questions about pf or FreeBSD kernel interfaces, feel free > to ask me via email. Sure, thanks! REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, gnn, bz, zec, trociny, rodrigc, glebius Cc: freebsd-virtualization, freebsd-pf, freebsd-net