Revision tags: vendor/llvm-project/llvmorg-18.1.5-0-g617a15a9eac9, vendor/NetBSD/bmake/20240430, vendor/libcbor/0.11.0 |
|
#
221d459f |
| 29-Apr-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert(
pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert().
pflow exports states from pf_detach_state(), so it can get called on such states, but did not account for this and could end up dereferencing a NULL state key.
Check for this in export_pflow() and do not export unattached states.
See also: https://redmine.pfsense.org/issues/15446 Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18.1.4-0-ge6c3289804a6, vendor/device-tree/6.8, vendor/device-tree/6.7, vendor/llvm-project/llvmorg-18.1.3-0-gc13b7485b879, vendor/device-tree/6.5, vendor/openssh/9.7p1, vendor/unbound/1.19.3, vendor/NetBSD/bmake/20240309, vendor/sqlite3/sqlite-3450100, vendor/llvm-project/llvmorg-18.1.1-0-gdba2a75e9c7e, vendor/got/diff/2023-09-15, release/13.3.0, vendor/libucl/20240206, vendor/xz/5.6.0, vendor/llvm-project/llvmorg-18.1.0-rc3-0-g6c90f8dd5463, vendor/llvm-project/llvmorg-18.1.0-rc2-53-gc7b0a6ecd442, vendor/arm-optimized-routines/v24.01, vendor/zlib/1.3.1, vendor/expat/2.6.0, vendor/unbound/1.19.1, vendor/tzcode/tzcode2024a, vendor/llvm-project/llvmorg-18.1.0-rc2-0-gc6c86965d967, vendor/tzdata/tzdata2024a, vendor/sendmail/8.18.1, vendor/acpica/20230628, vendor/acpica/20230331, vendor/llvm-project/llvmorg-18-init-18361-g22683463740e, vendor/libcxxrt/2024-01-25-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6 |
|
#
e95025ed |
| 25-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: show socket status in verbose mode
Introduce a verbose output mode to pflowctl, and expose the status of the socket to userspace. This can be helpful in debugging configuration errors.
Spons
pflow: show socket status in verbose mode
Introduce a verbose output mode to pflowctl, and expose the status of the socket to userspace. This can be helpful in debugging configuration errors.
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18-init-18359-g93248729cfae |
|
#
63a5fe83 |
| 22-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: limit to no more than 128 flow exporters
While there are no inherent limits to the number of exporters we're likely to scale rather badly to very large numbers. There's also no obvious use ca
pflow: limit to no more than 128 flow exporters
While there are no inherent limits to the number of exporters we're likely to scale rather badly to very large numbers. There's also no obvious use case for more than a handful. Limit to 128 exporters to prevent foot-shooting.
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/sqlite3/sqlite-3450000, vendor/NetBSD/bmake/20240108, vendor/llvm-project/llvmorg-18-init-16864-g3b3ee1f53424, vendor/llvm-project/llvmorg-18-init-16595-g7c00a5be5cde, vendor/llvm-project/llvmorg-18-init-16003-gfc5f51cf5af4, vendor/bc/6.7.4, vendor/ena-com/2.7.0, vendor/llvm-project/llvmorg-18-init-15692-g007ed0dccd6a, vendor/tzdata/tzdata2023d, vendor/openssh/9.6p1, vendor/llvm-project/llvmorg-18-init-15088-gd14ee76181fb |
|
#
2be6f757 |
| 14-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe.
The weird interactions around `pflow_flows' and `sc_gcounter' replaced by simple `pflow_flows' increment. Sinc
pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe.
The weird interactions around `pflow_flows' and `sc_gcounter' replaced by simple `pflow_flows' increment. Since the flow sequence is the 32 bits integer, the `sc_gcounter' type replaced by the type of uint32_t.
Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43116
show more ...
|
#
fc6e5069 |
| 13-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: add RFC8158 NAT support
Extend pflow(4) to send NAT44 Session Create and Delete events. This applies only to IPFIX (i.e. proto version 10), and requires no user configuration.
Sponsored by:
pflow: add RFC8158 NAT support
Extend pflow(4) to send NAT44 Session Create and Delete events. This applies only to IPFIX (i.e. proto version 10), and requires no user configuration.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43114
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18-init-14265-ga17671084db1 |
|
#
85b71dcf |
| 08-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: allow observation domain to be configured
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43113
|
#
04932601 |
| 07-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf: store state creation/expiration timestamps with milisecond precision
The primary beneficiary is pflow(4), which expects milisecond precision in timestamps.
Sponsored by: Rubicon Communications,
pf: store state creation/expiration timestamps with milisecond precision
The primary beneficiary is pflow(4), which expects milisecond precision in timestamps.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43112
show more ...
|
#
baf9b6d0 |
| 01-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf: allow pflow to be activated per rule
Only generate ipfix/netflow reports (through pflow) for the rules where this is enabled. Reports can also be enabled globally through 'set state-default pflo
pf: allow pflow to be activated per rule
Only generate ipfix/netflow reports (through pflow) for the rules where this is enabled. Reports can also be enabled globally through 'set state-default pflow'.
Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43108
show more ...
|
#
5dea523b |
| 06-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: netstat statistics
Expose pflow counters via netstat.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43107
|
Revision tags: vendor/llvm-project/llvmorg-17.0.6-0-g6009708b4367 |
|
#
f92d9b1a |
| 28-Nov-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: import from OpenBSD
pflow is a pseudo device to export flow accounting data over UDP. It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. St
pflow: import from OpenBSD
pflow is a pseudo device to export flow accounting data over UDP. It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once they are removed.
Reviewed by: melifaro Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43106
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18.1.5-0-g617a15a9eac9, vendor/NetBSD/bmake/20240430, vendor/libcbor/0.11.0 |
|
#
221d459f |
| 29-Apr-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert(
pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert().
pflow exports states from pf_detach_state(), so it can get called on such states, but did not account for this and could end up dereferencing a NULL state key.
Check for this in export_pflow() and do not export unattached states.
See also: https://redmine.pfsense.org/issues/15446 Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18.1.4-0-ge6c3289804a6, vendor/device-tree/6.8, vendor/device-tree/6.7, vendor/llvm-project/llvmorg-18.1.3-0-gc13b7485b879, vendor/device-tree/6.5, vendor/openssh/9.7p1, vendor/unbound/1.19.3, vendor/NetBSD/bmake/20240309, vendor/sqlite3/sqlite-3450100, vendor/llvm-project/llvmorg-18.1.1-0-gdba2a75e9c7e, vendor/got/diff/2023-09-15, release/13.3.0, vendor/libucl/20240206, vendor/xz/5.6.0, vendor/llvm-project/llvmorg-18.1.0-rc3-0-g6c90f8dd5463, vendor/llvm-project/llvmorg-18.1.0-rc2-53-gc7b0a6ecd442, vendor/arm-optimized-routines/v24.01, vendor/zlib/1.3.1, vendor/expat/2.6.0, vendor/unbound/1.19.1, vendor/tzcode/tzcode2024a, vendor/llvm-project/llvmorg-18.1.0-rc2-0-gc6c86965d967, vendor/tzdata/tzdata2024a, vendor/sendmail/8.18.1, vendor/acpica/20230628, vendor/acpica/20230331, vendor/llvm-project/llvmorg-18-init-18361-g22683463740e, vendor/libcxxrt/2024-01-25-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6 |
|
#
e95025ed |
| 25-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: show socket status in verbose mode
Introduce a verbose output mode to pflowctl, and expose the status of the socket to userspace. This can be helpful in debugging configuration errors.
Spons
pflow: show socket status in verbose mode
Introduce a verbose output mode to pflowctl, and expose the status of the socket to userspace. This can be helpful in debugging configuration errors.
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18-init-18359-g93248729cfae |
|
#
63a5fe83 |
| 22-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pflow: limit to no more than 128 flow exporters
While there are no inherent limits to the number of exporters we're likely to scale rather badly to very large numbers. There's also no obvious use ca
pflow: limit to no more than 128 flow exporters
While there are no inherent limits to the number of exporters we're likely to scale rather badly to very large numbers. There's also no obvious use case for more than a handful. Limit to 128 exporters to prevent foot-shooting.
Sponsored by: Rubicon Communications, LLC ("Netgate")
show more ...
|
Revision tags: vendor/sqlite3/sqlite-3450000, vendor/NetBSD/bmake/20240108, vendor/llvm-project/llvmorg-18-init-16864-g3b3ee1f53424, vendor/llvm-project/llvmorg-18-init-16595-g7c00a5be5cde, vendor/llvm-project/llvmorg-18-init-16003-gfc5f51cf5af4, vendor/bc/6.7.4, vendor/ena-com/2.7.0, vendor/llvm-project/llvmorg-18-init-15692-g007ed0dccd6a, vendor/tzdata/tzdata2023d, vendor/openssh/9.6p1, vendor/llvm-project/llvmorg-18-init-15088-gd14ee76181fb |
|
#
2be6f757 |
| 14-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe.
The weird interactions around `pflow_flows' and `sc_gcounter' replaced by simple `pflow_flows' increment. Sinc
pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe.
The weird interactions around `pflow_flows' and `sc_gcounter' replaced by simple `pflow_flows' increment. Since the flow sequence is the 32 bits integer, the `sc_gcounter' type replaced by the type of uint32_t.
Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43116
show more ...
|
#
fc6e5069 |
| 13-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: add RFC8158 NAT support
Extend pflow(4) to send NAT44 Session Create and Delete events. This applies only to IPFIX (i.e. proto version 10), and requires no user configuration.
Sponsored by:
pflow: add RFC8158 NAT support
Extend pflow(4) to send NAT44 Session Create and Delete events. This applies only to IPFIX (i.e. proto version 10), and requires no user configuration.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43114
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-18-init-14265-ga17671084db1 |
|
#
85b71dcf |
| 08-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: allow observation domain to be configured
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43113
|
#
04932601 |
| 07-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf: store state creation/expiration timestamps with milisecond precision
The primary beneficiary is pflow(4), which expects milisecond precision in timestamps.
Sponsored by: Rubicon Communications,
pf: store state creation/expiration timestamps with milisecond precision
The primary beneficiary is pflow(4), which expects milisecond precision in timestamps.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43112
show more ...
|
#
baf9b6d0 |
| 01-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf: allow pflow to be activated per rule
Only generate ipfix/netflow reports (through pflow) for the rules where this is enabled. Reports can also be enabled globally through 'set state-default pflo
pf: allow pflow to be activated per rule
Only generate ipfix/netflow reports (through pflow) for the rules where this is enabled. Reports can also be enabled globally through 'set state-default pflow'.
Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43108
show more ...
|
#
5dea523b |
| 06-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: netstat statistics
Expose pflow counters via netstat.
Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43107
|
Revision tags: vendor/llvm-project/llvmorg-17.0.6-0-g6009708b4367 |
|
#
f92d9b1a |
| 28-Nov-2023 |
Kristof Provost <kp@FreeBSD.org> |
pflow: import from OpenBSD
pflow is a pseudo device to export flow accounting data over UDP. It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. St
pflow: import from OpenBSD
pflow is a pseudo device to export flow accounting data over UDP. It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once they are removed.
Reviewed by: melifaro Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43106
show more ...
|