From owner-freebsd-net@FreeBSD.ORG Sun Aug 24 09:31:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4440B16A4BF for ; Sun, 24 Aug 2003 09:31:13 -0700 (PDT) Received: from xmxpita.excite.com (nn2.excitenetwork.com [207.159.120.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D81443FCB for ; Sun, 24 Aug 2003 09:31:12 -0700 (PDT) (envelope-from jarthel@excite.com) Received: by xmxpita.excite.com (Postfix, from userid 110) id 77577BF88; Sun, 24 Aug 2003 12:31:09 -0400 (EDT) To: freebsd-net@freebsd.org Received: from [203.113.236.52] by xprdmailfe13.nwk.excite.com via HTTP; Sun, 24 Aug 2003 12:31:09 EST X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: ID = 4963894d295cc9272d8a82e74bfc66f8 From: "Jayel" MIME-Version: 1.0 X-Sender: jarthel@excite.com X-Mailer: PHP Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Message-Id: <20030824163109.77577BF88@xmxpita.excite.com> Date: Sun, 24 Aug 2003 12:31:09 -0400 (EDT) Subject: DCC send/receive and FBSD 5.1 using IPF/IPNAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jarthel@excite.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 16:31:13 -0000 well I searched google and several messages came up with the suggestion of using tircproxy. I then installed tircproxy from ports and ran the configure my setup to use transparent proxy. as a test I ran the script (tircproxy -d9 -s 7666 -MILHR -i 10.10.10.254) as suggested by the online manual. The problem with this is that it keeps on saying "CDIR or UDB is not configure in tircproxy.h". I then modified the tircproxy.h to use UDB but I can't compile it. any ideas or maybe suggestions that doesn't involve tircproxy. Thanks jayel _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! From owner-freebsd-net@FreeBSD.ORG Sun Aug 24 10:42:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8601316A4BF for ; Sun, 24 Aug 2003 10:42:23 -0700 (PDT) Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23C4943FD7 for ; Sun, 24 Aug 2003 10:42:22 -0700 (PDT) (envelope-from sub_0@netcabo.pt) Received: from [192.168.1.2] ([213.22.54.110]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.5329); Sun, 24 Aug 2003 18:40:45 +0100 From: Mario Freitas To: jarthel@excite.com In-Reply-To: <20030824163109.77577BF88@xmxpita.excite.com> References: <20030824163109.77577BF88@xmxpita.excite.com> Content-Type: text/plain; charset=iso-8859-15 Message-Id: <1061746950.809.15.camel@suzy.unbreakable.homeunix.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Sun, 24 Aug 2003 18:42:30 +0100 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 24 Aug 2003 17:40:45.0067 (UTC) FILETIME=[D8A905B0:01C36A66] cc: freebsd-net@freebsd.org Subject: Re: DCC send/receive and FBSD 5.1 using IPF/IPNAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sub_0@netcabo.pt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 17:42:23 -0000 On Sun, 2003-08-24 at 17:31, Jayel wrote: > well I searched google and several messages came up with the suggestion o= f using tircproxy. I then installed tircproxy from ports and ran the config= ure my setup to use transparent proxy. >=20 > as a test I ran the script (tircproxy -d9 -s 7666 -MILHR -i 10.10.10.254)= as suggested by the online manual. The problem with this is that it keeps = on saying "CDIR or UDB is not configure in tircproxy.h". I then modified th= e tircproxy.h to use UDB but I can't compile it. >=20 > any ideas or maybe suggestions that doesn't involve tircproxy. Thanks >=20 > jayel >=20 > _______________________________________________ > Join Excite! - http://www.excite.com > The most personalized portal on the Web! > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" Well, you don't need tircproxy at all. You can DCC receive with no problems since you have NAT enabled. What you can do for DCC send is: 1) force your irc clients (such as xchat, irssi, mirc, others) to=20 auto-detect (some clients may not support detect option) or choose yourself your internet address. 2) set a range of DCC ports (some irc clients only support one DCC port). Note: that range will be your maximum DCC send connections. 3) redirect connections from the external interface on your DCC ports (those you've chosen on step 2) to the internal address where the client is running. Something like (pseudo-rule): protocol tcp from any to on port redirect-to on port =20 Hope that works, it works for me :) --=20 M=E1rio Freitas (sub_0@netcabo.pt) N=FAcleo Portugu=EAs de FreeBSD (NPF) From owner-freebsd-net@FreeBSD.ORG Sun Aug 24 11:49:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2083616A4BF for ; Sun, 24 Aug 2003 11:49:50 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 7390543FE3 for ; Sun, 24 Aug 2003 11:49:48 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 31989 invoked by uid 5013); 24 Aug 2003 17:40:08 -0000 Date: Sun, 24 Aug 2003 18:40:08 +0100 From: Bruce M Simpson To: Bill Fenner , freebsd-net@freebsd.org, wes@freebsd.org Message-ID: <20030824174008.GI1417@spc.org> Mail-Followup-To: Bruce M Simpson , Bill Fenner , freebsd-net@freebsd.org, wes@freebsd.org References: <200308221318.h7MDIwW24087@windsor.research.att.com> <20030822183018.GH1417@spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030822183018.GH1417@spc.org> User-Agent: Mutt/1.4.1i Organization: SPC Subject: Re: Receiving INADDR_BROADCAST packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 18:49:50 -0000 On Fri, Aug 22, 2003 at 07:30:18PM +0100, Bruce M Simpson wrote: > I probably wouldn't need to bind sockets to each interface if I were doing > purely broadcast traffic. I'm happy with what works for the time being, > however; I may revisit this if I ever implement IPv6 support for the daemon > I'm currently hacking. IP_ONESBCAST has saved a lot of trouble for me. I take that back, I just rewrote my code to use IP_SETSRCADDR and have seen a corresponding shrink in my interface setup and event dispatch code. This rocks! BMS From owner-freebsd-net@FreeBSD.ORG Sun Aug 24 21:26:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AB5316A4BF for ; Sun, 24 Aug 2003 21:26:38 -0700 (PDT) Received: from xmxpita.excite.com (nn2.excitenetwork.com [207.159.120.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFAE443FB1 for ; Sun, 24 Aug 2003 21:26:37 -0700 (PDT) (envelope-from jarthel@excite.com) Received: by xmxpita.excite.com (Postfix, from userid 110) id C5A2CBFD7; Mon, 25 Aug 2003 00:26:31 -0400 (EDT) To: sub_0@netcabo.pt Received: from [138.80.22.196] by xprdmailfe13.nwk.excite.com via HTTP; Mon, 25 Aug 2003 00:26:31 EST X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: ID = e7a9ac0efcc7ca2a9c193db8afe51341 From: "Jayel" MIME-Version: 1.0 X-Sender: jarthel@excite.com X-Mailer: PHP Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <20030825042631.C5A2CBFD7@xmxpita.excite.com> Date: Mon, 25 Aug 2003 00:26:31 -0400 (EDT) cc: freebsd-net@freebsd.org Subject: Re: DCC send/receive and FBSD 5.1 using IPF/IPNAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jarthel@excite.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 04:26:38 -0000 I have the following rules in ipnat.rules: -------------------- rdr tun0 0/32 port 19995 -> 192.168.2.2 port 19995 rdr tun0 0/32 port 19996 -> 192.168.2.2 port 19996 rdr tun0 0/32 port 19997 -> 192.168.2.2 port 19997 rdr tun0 0/32 port 19998 -> 192.168.2.2 port 19998 rdr tun0 0/32 port 19999 -> 192.168.2.2 port 19999 ------------------- I also have the following rules in ipf.rules: ------------------ pass in quick on tun0 proto tcp from any to 192.168.2.2/32 port 19995 >< 19999 flags S keep state ---------------------- Do those rules looks okay for DCC send/receive? How about setting up a DCC server running on port = 59 on 192.168.2.2/32? Same rules as above but different port number? Thank you jayel _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! From owner-freebsd-net@FreeBSD.ORG Mon Aug 25 05:06:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7BC516A4BF for ; Mon, 25 Aug 2003 05:06:05 -0700 (PDT) Received: from pancake.sggw.waw.pl (pancake.sggw.waw.pl [148.81.130.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE7A43FE0 for ; Mon, 25 Aug 2003 05:06:04 -0700 (PDT) (envelope-from hunter24@pancake.sggw.waw.pl) Received: from pancake.sggw.waw.pl (localhost.localdomain [127.0.0.1]) by pancake.sggw.waw.pl (8.12.8/8.12.5) with ESMTP id h7PBw6eG028871 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 25 Aug 2003 13:58:06 +0200 Received: (from hunter24@localhost) by pancake.sggw.waw.pl (8.12.8/8.12.8/Submit) id h7PBvx36028869 for freebsd-net@freebsd.org; Mon, 25 Aug 2003 13:57:59 +0200 Date: Mon, 25 Aug 2003 13:57:59 +0200 From: Krzysztof Drewicz To: freebsd-net@freebsd.org Message-ID: <20030825115759.GA28840@pancake.sggw.waw.pl> References: <20030724003908.GA15877@raszyn.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20030724003908.GA15877@raszyn.pl> User-Agent: Mutt/1.4.1i Subject: bin/54891 Re: libalias/natd and identd support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 12:06:05 -0000 On Thu, Jul 24, 2003 at 02:39:08AM +0200, Krzysztof Drewicz wrote: > > I've written small patch for that. Natd binds additonal AF_UNIX/DGRAM > socket, and asks libalias about connections. Hi. I've written appropriate os.c for oidentd (tested witch 2.0.5 & 2.0.7) Patch against RELENG_4 & os.c could be found here: http://ofca.pl/bsdident/ Could anyone test it and submit comments? It works for me & my ISP for 12h now without any problems. kd. ps. it should be easy to extend it's possibilities to work with lets say 5 diffrent natds, but natd should use some standard /var/run/natd/dir/ for connections sockets, so utils like oidentd/os.c could easy query any working natd. I'm thinking even about sth like 'ipnat -l' for natd or controling libalias's links ie. reseting, changing expire times etc... -- Krzysztof Drewicz Podsłuchane na pogrzebie: "Wiem, że to niezręcznie pytać o takie rzeczy w tej chwili, ale przypominasz sobie, żeby on kiedykolwiek wspomniał coś o kodzie źródłowym?" --- Charles Addams From owner-freebsd-net@FreeBSD.ORG Mon Aug 25 08:04:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14B3916A4BF for ; Mon, 25 Aug 2003 08:04:44 -0700 (PDT) Received: from aubgsrv2.stud.aubg.bg (mail.aubg.bg [193.68.137.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7C4D43F93 for ; Mon, 25 Aug 2003 08:04:41 -0700 (PDT) (envelope-from SVS000@aubg.bg) Received: from lini ([195.34.115.27]) by aubgsrv2.stud.aubg.bg with Microsoft SMTPSVC(5.0.2195.6713); Mon, 25 Aug 2003 18:03:21 +0300 Message-ID: <002201c36b1a$3408a790$0c00a8c0@lini> From: "Stoyan Stratev" To: Date: Mon, 25 Aug 2003 18:04:37 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-OriginalArrivalTime: 25 Aug 2003 15:03:21.0516 (UTC) FILETIME=[06473EC0:01C36B1A] Subject: the router spams with echo requests X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 15:04:44 -0000 Hello, I am running the latest production release(4.8) for a router/nat and i have a problem with my ISP. The ISP is using a network with hubs therefore we receive echo packets on the outside interface, that are not meant for our machine. The problem is that that the box forwards those packets multiple times and so the ISP thinks we have a virus or are doing portscans. i ran 'tcpdump -p -i rl1| grep echo' and noticed the following: we receive one packet: 20:50:02.596560 some.address.com > machine.on.our.subnet: icmp: echo request [tos 0x80] we send 20 packets very fast: 20:50:02.596851 our.router.com > machine.on.our.subnet: icmp: echo request [tos 0x80] I tried to replicate it by pinging machine.on.our.subnet from an outside looking glass and it behaves the same way(sees the packet for machine.on.our.subnet and pings it another 20-30 times) i ran ifconfig and there is no interface running in promiscos(or whatever) mode. The box has a fresh install of FreeBSD 4.8 mini. The only things I did were to recompile the kernel to enable NAT and then edit the configuration so natd starts at boot time. here is a snippet from rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="rl1" natd_flags="-redirect_port tcp 192.168.0.10:80 80" hostname="our.router.com" ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0" ifconfig_rl1="inet xxx.xx.xxx.27 netmask 255.255.255.224" What did i do wrong? Thanks From owner-freebsd-net@FreeBSD.ORG Mon Aug 25 11:03:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7B7416A4BF for ; Mon, 25 Aug 2003 11:03:08 -0700 (PDT) Received: from out006.verizon.net (out006pub.verizon.net [206.46.170.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39DF843FDD for ; Mon, 25 Aug 2003 11:03:07 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([68.237.14.199]) by out006.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030825180306.WZRW5302.out006.verizon.net@mac.com>; Mon, 25 Aug 2003 13:03:06 -0500 Message-ID: <3F4A4F53.4040504@mac.com> Date: Mon, 25 Aug 2003 14:02:59 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Stoyan Stratev References: <002201c36b1a$3408a790$0c00a8c0@lini> In-Reply-To: <002201c36b1a$3408a790$0c00a8c0@lini> X-Enigmail-Version: 0.76.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [68.237.14.199] at Mon, 25 Aug 2003 13:03:06 -0500 cc: freebsd-net@freebsd.org Subject: Re: the router spams with echo requests X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 18:03:09 -0000 Stoyan Stratev wrote: [ ... ] > The ISP is using a network with hubs therefore we receive echo packets on > the outside interface, that are not meant for our machine. The problem is > that that the box forwards those packets multiple times and so the ISP > thinks we have a virus or are doing portscans. > i ran 'tcpdump -p -i rl1| grep echo' and noticed the following: > we receive one packet: > 20:50:02.596560 some.address.com > machine.on.our.subnet: icmp: echo request > [tos 0x80] > we send 20 packets very fast: > 20:50:02.596851 our.router.com > machine.on.our.subnet: icmp: echo request > [tos 0x80] machine.on.our.subnet isn't your network broadcast address, correct? This smells like a ICMP-amplification based denial-of-service, and I'd double-check your internal machines. Have you sniffed your internal net to see whether the ICMPs are coming from inside (and then being NATed)? Consider blocking ICMP pings ("add deny icmp from any to any icmptypes 0,8") until you've figured out what's going on. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Mon Aug 25 11:04:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5208A16A4C0 for ; Mon, 25 Aug 2003 11:04:07 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5D9D43FE0 for ; Mon, 25 Aug 2003 11:04:00 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h7PI40Up030871 for ; Mon, 25 Aug 2003 11:04:00 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h7PI40Nt030865 for freebsd-net@freebsd.org; Mon, 25 Aug 2003 11:04:00 -0700 (PDT) Date: Mon, 25 Aug 2003 11:04:00 -0700 (PDT) Message-Id: <200308251804.h7PI40Nt030865@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 18:04:07 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Tue Aug 26 20:03:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9270116A4BF for ; Tue, 26 Aug 2003 20:03:19 -0700 (PDT) Received: from pixies.tirloni.org (pixies.tirloni.org [200.203.183.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 007E643FD7 for ; Tue, 26 Aug 2003 20:03:19 -0700 (PDT) (envelope-from tirloni@tirloni.org) Received: by pixies.tirloni.org (Postfix, from userid 1000) id 907871E14FD; Wed, 27 Aug 2003 00:03:16 -0300 (BRT) Date: Wed, 27 Aug 2003 00:03:15 -0300 From: "Giovanni P. Tirloni" To: freebsd-net@freebsd.org Message-ID: <20030827030314.GJ40033@pixies.tirloni.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline X-Info: http://www.tirloni.org User-Agent: Mutt/1.5.3i Subject: mbuf usage for an idle machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 03:03:19 -0000 Hi, I've been reading about mbufs and how they're used for holding network packets and socket buffers and the output of 'netstat -m' for a idle machine I've here made me curious about how FreeBSD handles it in -CURRENT. Why is it using so many mbufs when it's idle? My small kwnowledge doesn't permit me to answer this question yet ;) root@gate:~# netstat -m mbuf usage: GEN cache: 0/0 (in use/in pool) CPU #0 cache: 130/288 (in use/in pool) Total: 130/288 (in use/in pool) Mbuf cache high watermark: 512 Maximum possible: 9856 Allocated mbuf types: 130 mbufs allocated to data 2% of mbuf map consumed mbuf cluster usage: GEN cache: 0/8 (in use/in pool) CPU #0 cache: 128/256 (in use/in pool) Total: 128/264 (in use/in pool) Cluster cache high watermark: 128 Maximum possible: 4928 5% of cluster map consumed 600 KBytes of wired memory reserved (48% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines root@gate:~# sockstat -4c USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS bs2 sshd 2085 4 tcp4 192.168.200.1:22 200.200.200.200:1405 root sshd 2082 4 tcp4 192.168.200.1:22 200.200.200.200:1405 root@gate:~# sockstat -4l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root mpd 635 14 tcp4 192.168.200.1:1723 *:* nobody squid 614 4 udp4 *:49184 *:* nobody squid 614 20 tcp4 127.0.0.1:3128 *:* root dhcpd 469 6 udp4 *:67 *:* root sendmail 432 3 tcp4 127.0.0.1:25 *:* root sshd 426 3 tcp4 *:22 *:* root ntpd 407 4 udp4 *:123 *:* root ntpd 407 5 udp4 192.168.0.254:123 *:* root ntpd 407 6 udp4 192.168.200.1:123 *:* root ntpd 407 7 udp4 127.0.0.1:123 *:* bind named 292 4 udp4 *:49152 *:* bind named 292 20 udp4 192.168.0.254:53 *:* bind named 292 21 tcp4 192.168.0.254:53 *:* bind named 292 22 udp4 127.0.0.1:53 *:* bind named 292 23 tcp4 127.0.0.1:53 *:* FreeBSD gate 5.1-CURRENT FreeBSD 5.1-CURRENT #4: Wed Jul 23 \ 11:22:55 BRT 2003 root@gate:/usr/src/sys/i386/compile/ \ GATE i386 It has 2 ethernet interfaces (192.168.200.1 and 192.168.0.254) I'll be happy to provide any additional information if it's needed. -- Giovanni P. Tirloni http://www.tirloni.org From owner-freebsd-net@FreeBSD.ORG Tue Aug 26 20:56:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C45B816A4BF for ; Tue, 26 Aug 2003 20:56:07 -0700 (PDT) Received: from smtp.nap.net.id (dns3.nap.net.id [202.59.163.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57E8143FCB for ; Tue, 26 Aug 2003 20:56:04 -0700 (PDT) (envelope-from hilman@nap.net.id) Received: from hilman (didyma.nap.net.id [202.59.163.78]) by smtp.nap.net.id (8.12.6/8.11.3) with SMTP id h7R4CJCl042695 for ; Wed, 27 Aug 2003 11:12:21 +0700 (JAVT) (envelope-from hilman@nap.net.id) From: hilman firmansyah Message-ID: <063501c36c4f$f38f8030$4ea33bca@hilman> To: References: <20030827030314.GJ40033@pixies.tirloni.org> Date: Wed, 27 Aug 2003 11:01:51 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Gif IPTunnel networkA-to-networkB not work X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 03:56:07 -0000 Hi, I had a problem with my virtual tunnel here, since i couldnt make 2 separate networks from different location connected via tunnel i made with interface gif. net A ----------------fbsd A --------------------- fbsd B --------- net B 1.1.1.0/24 203.50.166.76 202.53.167.77 2.2.2.0/24 | | |________tunnel gif________| 3.3.3.1/30 3.3.3.2/30 On net A i have PC win2k 1.1.1.2 On fbsd A i have 1.1.1.1 and 203.50.166.76 On net B I have PC win2k 2.2.2.2 On fbsd B I have 2.2.2.1 and 202.53.167.77 I make the gif tunnel in freebsd A with : ---------------------------- ifconfig gif create gifconfig gif0 203.50.166.76 202.53.167.77 ifconfig gif0 inet 3.3.3.1 3.3.3.2 netmask 0xffffffff ipfw add 1 allow ip from any to any via gif0 ---------------------------- Than to reach the others networks : route add -net 2.2.2.0/24 3.3.3.2 I configure freebsd B like freebsd A with opposite . But why I still couldn`t ping from pc A 1.1.1.2 to pc B 2.2.2.2 Indeed.. I couldn`t ping from pc A 1.1.1.2 to the opposite gif tunnel Point to point in freebsd B 3.3.3.2 Anybody could help, regards NB : I still dont touch the IPSEC and encrypted section ,since in the fbsd handbooks said to make an encrypted section i must have the 2 networks connected. Is this right? From owner-freebsd-net@FreeBSD.ORG Tue Aug 26 23:40:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D8DB16A4BF for ; Tue, 26 Aug 2003 23:40:36 -0700 (PDT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id C978943FBD for ; Tue, 26 Aug 2003 23:40:34 -0700 (PDT) (envelope-from Helge.Oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])h7R6eTIO051296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Aug 2003 08:40:30 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: from dehhx004.hbg.de.int.atosorigin.com (dehhx004.hbg.de.int.atosorigin.com [161.90.164.40]) ESMTP id h7R6eTK7007843; Wed, 27 Aug 2003 08:40:29 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Aug 2003 08:40:29 +0200 Message-ID: From: "Oldach, Helge" To: hilman firmansyah , freebsd-net@freebsd.org Date: Wed, 27 Aug 2003 08:40:27 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Gif IPTunnel networkA-to-networkB not work X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 06:40:36 -0000 > From: hilman firmansyah [mailto:hilman@nap.net.id] > NB : I still dont touch the IPSEC and encrypted section > ,since in the fbsd > handbooks said to make an encrypted section i must have the 2 networks > connected. Is this right? You must have the networks connected (on the public side), but when using IPSec your gif tunnel won't really be used. It is just sort of a "placeholder" to get the routing correct. I am using a similar setup to your's (FreeBSD talking IPSec with a Cisco router) using the GIF tunnel pointing to a bogus remote address. You could essentialy achieve the same without GIF using static ARP entries, claiming that the MAC address of your machine's default gateway has the tunnel destination IP. Helge From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 07:06:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FD4D16A4BF for ; Wed, 27 Aug 2003 07:06:08 -0700 (PDT) Received: from mail.cvt.dk (ns.cvt.dk [130.225.95.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE79743FF3 for ; Wed, 27 Aug 2003 07:06:06 -0700 (PDT) (envelope-from cp@cvt.dk) Received: from localhost (localhost [127.0.0.1]) by mail.cvt.dk (Postfix) with ESMTP id 6DC801C3259 for ; Wed, 27 Aug 2003 16:06:04 +0200 (CEST) Received: from cvt.dk (cp.cvt.dk [130.225.95.152]) by mail.cvt.dk (Postfix) with ESMTP id AC2011C3258 for ; Wed, 27 Aug 2003 16:06:03 +0200 (CEST) Message-ID: <3F4CBA6A.5AA7DEB0@cvt.dk> Date: Wed, 27 Aug 2003 16:04:26 +0200 From: Christoffer Pio Organization: Center for Videnteknologi X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS snapshot-20020222 Subject: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 14:06:08 -0000 Is it not possible to subnet a C class into 3 nets, like 0-63 64-191 <-- Offending network (?) 192-255 If so, why is this? Christoffer From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 07:35:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CE3D16A4BF for ; Wed, 27 Aug 2003 07:35:42 -0700 (PDT) Received: from mithrin.mh57.de (mh57.com [217.160.185.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 609A543F93 for ; Wed, 27 Aug 2003 07:35:41 -0700 (PDT) (envelope-from martin@mh57.de) Received: from pd951a27e.dip.t-dialin.net ([217.81.162.126] helo=pegasus.ten.mh57.net) by mithrin.mh57.de with asmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.35 #1) id 19s1Oc-00086n-00; Wed, 27 Aug 2003 16:35:39 +0200 Received: from martin by pegasus.ten.mh57.net with local (Exim 3.35 #1) id 19s1OU-0001jF-00; Wed, 27 Aug 2003 16:35:30 +0200 Date: Wed, 27 Aug 2003 16:35:30 +0200 From: Martin Hermanowski To: Christoffer Pio Message-ID: <20030827143530.GE24978@mh57.de> References: <3F4CBA6A.5AA7DEB0@cvt.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GPJrCs/72TxItFYR" Content-Disposition: inline In-Reply-To: <3F4CBA6A.5AA7DEB0@cvt.dk> User-Agent: Mutt/1.5.4i X-Authenticated-ID: martin cc: freebsd-net@freebsd.org Subject: Re: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 14:35:42 -0000 --GPJrCs/72TxItFYR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 27, 2003 at 04:04:26PM +0200, Christoffer Pio wrote: > Is it not possible to subnet a C class into 3 nets, like >=20 > 0-63 x.x.x.0/26 > 64-191 <-- Offending network (?) x.x.x.64/26 + x.x.x.128/26 This cannot be written as a /25, and there is no netmask that would match. > 192-255 x.x.x.192/26 > If so, why is this? LLAP, Martin --GPJrCs/72TxItFYR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/TMGymGb6Npij0ewRAqa0AJ4ygm9LXhpqZzCIyHD15aZg4fTr2wCfYx+N /7xeiBEDbfcZcI6MSjHplgc= =tAhh -----END PGP SIGNATURE----- --GPJrCs/72TxItFYR-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 08:43:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E99BD16A4BF for ; Wed, 27 Aug 2003 08:43:28 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2266943FD7 for ; Wed, 27 Aug 2003 08:43:28 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h7RFh4rO025603; Wed, 27 Aug 2003 11:43:04 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h7RFh4Ze025600; Wed, 27 Aug 2003 11:43:04 -0400 (EDT) Date: Wed, 27 Aug 2003 11:43:03 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Giovanni P. Tirloni" In-Reply-To: <20030827030314.GJ40033@pixies.tirloni.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mbuf usage for an idle machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 15:43:29 -0000 On Wed, 27 Aug 2003, Giovanni P. Tirloni wrote: > I've been reading about mbufs and how they're used for > holding network packets and socket buffers and the > output of 'netstat -m' for a idle machine I've here > made me curious about how FreeBSD handles it in -CURRENT. > > Why is it using so many mbufs when it's idle? My > small kwnowledge doesn't permit me to answer this > question yet ;) There are a number of situations in which the mbuf allocator is used to allocate non-mbufs -- for example, we use mbufs to hold IP fragment queues, as well as some static packet prototype mbufs, socket options, etc. I'd like to eliminate at least a few of these by replacing the use with the existing kernel allocator, which would reduce the "spurious" mbuf use. The other typical source of mbufs that are never free'd are mbuf leaks, but the allocations you have right now look low enough that it's not that, I suspect. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories > > root@gate:~# netstat -m > mbuf usage: > GEN cache: 0/0 (in use/in pool) > CPU #0 cache: 130/288 (in use/in pool) > Total: 130/288 (in use/in pool) > Mbuf cache high watermark: 512 > Maximum possible: 9856 > Allocated mbuf types: > 130 mbufs allocated to data > 2% of mbuf map consumed > mbuf cluster usage: > GEN cache: 0/8 (in use/in pool) > CPU #0 cache: 128/256 (in use/in pool) > Total: 128/264 (in use/in pool) > Cluster cache high watermark: 128 > Maximum possible: 4928 > 5% of cluster map consumed > 600 KBytes of wired memory reserved (48% in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > root@gate:~# sockstat -4c > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > bs2 sshd 2085 4 tcp4 192.168.200.1:22 200.200.200.200:1405 > root sshd 2082 4 tcp4 192.168.200.1:22 200.200.200.200:1405 > > root@gate:~# sockstat -4l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root mpd 635 14 tcp4 192.168.200.1:1723 *:* > nobody squid 614 4 udp4 *:49184 *:* > nobody squid 614 20 tcp4 127.0.0.1:3128 *:* > root dhcpd 469 6 udp4 *:67 *:* > root sendmail 432 3 tcp4 127.0.0.1:25 *:* > root sshd 426 3 tcp4 *:22 *:* > root ntpd 407 4 udp4 *:123 *:* > root ntpd 407 5 udp4 192.168.0.254:123 *:* > root ntpd 407 6 udp4 192.168.200.1:123 *:* > root ntpd 407 7 udp4 127.0.0.1:123 *:* > bind named 292 4 udp4 *:49152 *:* > bind named 292 20 udp4 192.168.0.254:53 *:* > bind named 292 21 tcp4 192.168.0.254:53 *:* > bind named 292 22 udp4 127.0.0.1:53 *:* > bind named 292 23 tcp4 127.0.0.1:53 *:* > > FreeBSD gate 5.1-CURRENT FreeBSD 5.1-CURRENT #4: Wed Jul 23 \ > 11:22:55 BRT 2003 root@gate:/usr/src/sys/i386/compile/ \ > GATE i386 > > It has 2 ethernet interfaces (192.168.200.1 and 192.168.0.254) > > I'll be happy to provide any additional information if it's > needed. > > -- > Giovanni P. Tirloni > http://www.tirloni.org > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 08:45:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B00C16A4BF for ; Wed, 27 Aug 2003 08:45:17 -0700 (PDT) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id B904843F93 for ; Wed, 27 Aug 2003 08:45:13 -0700 (PDT) (envelope-from larse@ISI.EDU) Received: from isi.edu (c-24-130-112-121.we.client2.attbi.com [24.130.112.121]) by boreas.isi.edu (8.11.6p2/8.11.2) with ESMTP id h7RFiun25685; Wed, 27 Aug 2003 08:44:56 -0700 (PDT) Message-ID: <3F4CD213.40306@isi.edu> Date: Wed, 27 Aug 2003 08:45:23 -0700 From: Lars Eggert Organization: USC Information Sciences Institute User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030718 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Oldach, Helge" References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms050202070709070501000101" cc: freebsd-net@freebsd.org cc: hilman firmansyah Subject: Re: Gif IPTunnel networkA-to-networkB not work X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 15:45:17 -0000 This is a cryptographically signed message in MIME format. --------------ms050202070709070501000101 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Oldach, Helge wrote: > > You must have the networks connected (on the public side), but when > using IPSec your gif tunnel won't really be used. It is just sort of > a "placeholder" to get the routing correct. It is not a good idea to use gifs in parallel with IPsec tunnel mode., to do this routing trick. Please see the "options FAST_IPSEC & tunnels" thread on net@ from circa 4/1/2003. Basically, that approach creates two parallel virtual topologies, one out of IPIP tunnels, and one out of IPsec tunnel mode SAs. People often do this, because they want to route traffic into an IPsec tunnel, and the SA itself doesn't have a route entry, since they aren't devices. When using IPIP tunnels with tunnel mode, they abuse the route created by the gif device for routing, but packets will be hijacked by the tunnel mode SA, so they never actually enter gif processing (IPsec does the IPIP encapsulation internally.) Using IPIP tunnels with transport mode is valid, since packets will actually flow through the gif device, and get IPsec'ed after they are IPIP encapsulated. (In multihop topologies, they'll then need to be IPIP encapsulated again - the virtual network needs both virtual link and network layers.) It doesn't give you the full expressiveness of IPsec selectors, but it's good enough for many VPN schemes (and routing works!) See ftp://ftp.rfc-editor.org/internet-drafts/draft-touch-ipsec-vpn-05.txt. It is currently under in the IESG timeout before going to Informational. Lars -- Lars Eggert USC Information Sciences Institute --------------ms050202070709070501000101 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJtjCC AzgwggKhoAMCAQICEGZFcrfMdPXPY3ZFhNAukQEwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgG A1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vydmlj ZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkG CSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAw MDBaFw0wNDA4MjcyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2Vy dGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw LjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZ gpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqd knWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFp AgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzAS BgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQAxsUtH XfkBceX1U2xdedY9mMAmE2KBIqcS+CKV6BtJtyd7BDm6/ObyJOuR+r3sDSo491BVqGz3Da1M G7wD9LXrokefbKIMWI0xQgkRbLAaadErErJAXWr5edDqLiXdiuT82w0fnQLzWtvKPPZE6iZp h39Ins6ln+eE2MliYq0FxjCCAzkwggKioAMCAQICAwp2bzANBgkqhkiG9w0BAQQFADCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDgwMTE3MjkyOVoX DTA0MDczMTE3MjkyOVowVDEPMA0GA1UEBBMGRWdnZXJ0MQ0wCwYDVQQqEwRMYXJzMRQwEgYD VQQDEwtMYXJzIEVnZ2VydDEcMBoGCSqGSIb3DQEJARYNbGFyc2VAaXNpLmVkdTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMb7PuLXnwV+45vwlkgogdSijd5HVqUB14bWvoK0 MjWPnkLPMDMDEezdsMG1BPiZyNeqXlJJtEgdAK8H2Mc9/qLeJUq3CoAeD6Wrjq4QaxJBXgdS KcGDeQAZSDgwUJS9vx9+cXJVfLyOYxJ+CLBcO/eu8PvSi17lk6oeAbrskSGDu/Xi1o2SC4Qm l69k8xcZQEMQDodkIk/U5SJmsCRGGYdy7opHZb58yXI8eiIGp5MlgryFmmgrp1pg3OYzPOR9 zJjn7Pu1vsd97LM5hLnKrmNuYt02jLNSjr8HmpLyWCDZq4Jlfq1YgNYZZ4KOSxipia7Bxjcs nMOsxEWiolkVVT8CAwEAAaNWMFQwKgYFK2UBBAEEITAfAgEAMBowGAIBBAQTTDJ1TXlmZkJO VWJOSkpjZFoyczAYBgNVHREEETAPgQ1sYXJzZUBpc2kuZWR1MAwGA1UdEwEB/wQCMAAwDQYJ KoZIhvcNAQEEBQADgYEANRaPsUtrdJzTW0AMj/EQamqxOkZnzwnPWGryqskMKIf+OKa+eaXp zlBv8CHdffv9hrYpvzWUxk0WW+YJ2LRdd4fFiVGXZCGU60eYeZGf7Z8ORoexylJpvUuKZCE4 aPGY2/QZXDfOs1NE82Bhgltx59dpWfH2K0dxbpHslO8/IbowggM5MIICoqADAgECAgMKdm8w DQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MDAeFw0wMzA4MDExNzI5MjlaFw0wNDA3MzExNzI5MjlaMFQxDzANBgNVBAQTBkVnZ2VydDEN MAsGA1UEKhMETGFyczEUMBIGA1UEAxMLTGFycyBFZ2dlcnQxHDAaBgkqhkiG9w0BCQEWDWxh cnNlQGlzaS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG+z7i158FfuOb 8JZIKIHUoo3eR1alAdeG1r6CtDI1j55CzzAzAxHs3bDBtQT4mcjXql5SSbRIHQCvB9jHPf6i 3iVKtwqAHg+lq46uEGsSQV4HUinBg3kAGUg4MFCUvb8ffnFyVXy8jmMSfgiwXDv3rvD70ote 5ZOqHgG67JEhg7v14taNkguEJpevZPMXGUBDEA6HZCJP1OUiZrAkRhmHcu6KR2W+fMlyPHoi BqeTJYK8hZpoK6daYNzmMzzkfcyY5+z7tb7HfeyzOYS5yq5jbmLdNoyzUo6/B5qS8lgg2auC ZX6tWIDWGWeCjksYqYmuwcY3LJzDrMRFoqJZFVU/AgMBAAGjVjBUMCoGBStlAQQBBCEwHwIB ADAaMBgCAQQEE0wydU15ZmZCTlViTkpKY2RaMnMwGAYDVR0RBBEwD4ENbGFyc2VAaXNpLmVk dTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBADUWj7FLa3Sc01tADI/xEGpqsTpG Z88Jz1hq8qrJDCiH/jimvnml6c5Qb/Ah3X37/Ya2Kb81lMZNFlvmCdi0XXeHxYlRl2QhlOtH mHmRn+2fDkaHscpSab1LimQhOGjxmNv0GVw3zrNTRPNgYYJbcefXaVnx9itHcW6R7JTvPyG6 MYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MAIDCnZvMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTAzMDgyNzE1NDUyM1owIwYJKoZIhvcNAQkEMRYEFCIMRPgYYbUyDHnwRbZ+ 9iOGUOMEMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3EAQxgZ0w gZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCnZvMIGtBgsq hkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw ZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRp ZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44 LjMwAgMKdm8wDQYJKoZIhvcNAQEBBQAEggEAWjL9jOWV/T928CWhVMQqM4dFd697x+1Rr/8I RJ8SyUxUGPmANYakq58AR2gMFmOaozn0a9PaSRyojOdXWd8nMcQJAMmIcp2mFrfspckDPi5f D1gE4tYeck1uUKAQsQLpdloKRsmJ9vCrAa/qMNIBuaw6KLUcJvCxFK9TYh2fiBLOtiUZwVon asGoy69sYIUxGwlG+2Wgn/K2qi8yuzAVkf9MuGsBf21boYFa7BQI8SwdEceHWsoRoLPk9j0Z HUcsRPPgrwdrvs+WPHACAJDCyqwalMcAd0P56HK0RnsTUD8H02nQp2+E3zel4zm029j3+ArZ 5eItUtDKxPrY2XH6+gAAAAAAAA== --------------ms050202070709070501000101-- From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 09:41:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 120A816A4BF for ; Wed, 27 Aug 2003 09:41:24 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id E800343F3F for ; Wed, 27 Aug 2003 09:41:22 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 69733 invoked from network); 27 Aug 2003 16:41:21 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 27 Aug 2003 16:41:21 -0000 X-pair-Authenticated: 209.68.2.70 Date: Wed, 27 Aug 2003 11:40:17 -0500 (CDT) From: Mike Silbersack To: "Giovanni P. Tirloni" In-Reply-To: <20030827030314.GJ40033@pixies.tirloni.org> Message-ID: <20030827113639.A4269@odysseus.silby.com> References: <20030827030314.GJ40033@pixies.tirloni.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: mbuf usage for an idle machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 16:41:24 -0000 On Wed, 27 Aug 2003, Giovanni P. Tirloni wrote: > Hi, > > I've been reading about mbufs and how they're used for > holding network packets and socket buffers and the > output of 'netstat -m' for a idle machine I've here > made me curious about how FreeBSD handles it in -CURRENT. > > Why is it using so many mbufs when it's idle? My > small kwnowledge doesn't permit me to answer this > question yet ;) The mbufs in question are (mostly) being used as receive buffers by the network drivers. With modern DMA based cards, you pre-allocate the buffers, then hand them over to the card's control. Once they're filled with packet data, the NIC informs the OS, which replaces them with new buffers. A lot of our drivers have 128 (or some power of 2) receive buffers, hence your mbuf usage. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 09:53:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4697016A4BF; Wed, 27 Aug 2003 09:53:15 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id C345243FDF; Wed, 27 Aug 2003 09:53:11 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h7RGrA6X013787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA); Wed, 27 Aug 2003 12:53:10 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h7RGr9BX013784; Wed, 27 Aug 2003 12:53:09 -0400 (EDT) (envelope-from wollman) Date: Wed, 27 Aug 2003 12:53:09 -0400 (EDT) From: Garrett Wollman Message-Id: <200308271653.h7RGr9BX013784@khavrinen.lcs.mit.edu> To: Robert Watson In-Reply-To: References: <20030827030314.GJ40033@pixies.tirloni.org> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org Subject: Re: mbuf usage for an idle machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 16:53:15 -0000 < said: > There are a number of situations in which the mbuf allocator is used to > allocate non-mbufs -- for example, we use mbufs to hold IP fragment > queues, as well as some static packet prototype mbufs, socket options, > etc. You're a few years out of date on that one. Socket options should not be held in mbufs (unless something is broken at the protocol level). I made a sweep a few years back and managed to eliminate most misues of mbufs in the network stack. -GAWollman From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 11:06:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D01016A4BF for ; Wed, 27 Aug 2003 11:06:13 -0700 (PDT) Received: from hotmail.com (law12-oe53.law12.hotmail.com [64.4.18.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DB4743FDF for ; Wed, 27 Aug 2003 11:06:12 -0700 (PDT) (envelope-from company2210@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 27 Aug 2003 11:06:12 -0700 Received: from 81.17.78.11 by law12-oe53.adinternal.hotmail.com with DAV; Wed, 27 Aug 2003 18:06:11 +0000 X-Originating-IP: [81.17.78.11] X-Originating-Email: [company2210@hotmail.com] From: "Company 2210" To: References: <1431209338765.20030826162831@norma.perm.ru> Date: Wed, 27 Aug 2003 19:06:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Message-ID: X-OriginalArrivalTime: 27 Aug 2003 18:06:12.0275 (UTC) FILETIME=[E62FB830:01C36CC5] Subject: Multiple Gateway IPSEC Problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 18:06:13 -0000 Hi all, I have a really really really annoying problem that I'm trying to rectifiy. I have three gateways, and two ipsec (esp encrypted) links, one of which fowards traffic to the internet. I was provided half a class C (/25) which I have split into 4 subnets of 32 addresses (30 usable). I am currently trying to employ only two of the 4 available subnets. The layout is like so: BoxA <=======> BoxB <==========> BoxC <-------> Cisco Router <----> Internet <===> Denotes IPSEC VPN Link <----> Denotes standard ethernet non-encrypted link BoxA: VPN Interface (to BoxB) - 10.0.2.2 Gateway Interface (Public): 91.18.78.33 (91.18.78.32/27 Network) BoxB: VPN Interface (to BoxA) - 10.0.2.1 VPN Interface (to BoxC) - 10.0.0.1 Gateway Interface (Public): 91.18.78.1 (91.18.78.0/27 Network) BoxC: VPN Interface (to BoxB) - 10.0.0.2 Gateway Interface (Private - to Cisco Router): 10.0.1.1 Cisco Router: Gateway Interface (Private to BoxC): 10.0.1.2 Gateway Interface (Public - to World): 91.17.66.69 (91.18.66.68/30 Network) Traffic from BoxA is is supposed to head to Box B, then out to Box C which is conected to a cisco router that routes out to the internet, this works. However, any traffic from Box A to Box B fails to appear, and vice versa. This means that clients locally connected to BoxA can connect to the internet, but not ping/talk to any clients of BoxB and vice versa. To elaborate, any ping attempts from a host using 91.18.78.33 as a gateway to any host using 91.18.78.1 as a gateway result it "TTL exceeded" errors. However, any host using 91.18.78.1 as a gateway, and pinging any host using 91.18.78.33 as a gateway gets a 'ping timeout' error. I'm sure this is a problem with the setkey rules, but I cannot see what it is. I've included my current ruleset (with comments - for each box). BoxA Setkey Rules: --------------------- #delete all existing entries from the SAD and SPD databases (setkey -FP & -F) flush; spdflush; #add the policy to the SPD database # Allow pings amongst local clients spdadd 91.18.78.32/27 91.18.78.32/27 any -P out none; spdadd 91.18.78.32/27 91.18.78.32/27 any -P in none; # Encrypt and direct traffic to 91.18.78.0/27 network spdadd 91.18.78.32/27 91.18.78.0/27 any -P out ipsec esp/tunnel/10.0.2.2-10.0.2.1/require; spdadd 91.18.78.0/27 91.18.78.32/27 any -P in ipsec esp/tunnel/10.0.2.1-10.0.2.2/require; # Encrypt and direct all other traffic (i.e. internet traffic) spdadd 91.18.78.32/27 0.0.0.0/0 any -P out ipsec esp/tunnel/10.0.2.2-10.0.2.1/require; spdadd 0.0.0.0/0 91.18.78.32/27 any -P in ipsec esp/tunnel/10.0.2.1-10.0.2.2/require; BoxB Setkey Rules: ---------------------- # Flush all rules # ---------------- flush; spdflush; # Policys for SPD Database # ------------------------- # 1 - Local Subnet Traffic: Not Encrypted # ---------------------------------------- spdadd 91.18.78.0/27 91.18.78.0/27 any -P out none; spdadd 91.18.78.0/27 91.18.78.0/27 any -P in none; # 2 - Direct flow of traffic between local networks # -------------------------------------------------------------------------- --------------------------------- spdadd 91.18.78.0/27 91.18.78.32/27 any -P out ipsec esp/tunnel/10.0.2.1-10.0.2.2/require; spdadd 91.18.78.32/27 91.18.78.0/27 any -P in ipsec esp/tunnel/10.0.2.2-10.0.2.1/require; # 3 - Other Traffic (i.e. internet) for BoxA or it's clients must be directed through BoxA <====> BoxB tunnel. # -------------------------------------------------------------------------- ------------------------------------------------ spdadd 0.0.0.0/0 91.18.78.32/27 any -P out ipsec esp/tunnel/10.0.2.1-10.0.2.2/require; spdadd 91.18.78.32/27 0.0.0.0/0 any -P in ipsec esp/tunnel/10.0.2.2-10.0.2.1/require; # 4 - All other traffic (i.e. internet) across entire class C/25 network Encrypted & Sent to BoxC # --------------------------------------------------------------- spdadd 91.18.78.0/25 0.0.0.0/0 any -P out ipsec esp/tunnel/10.0.0.1-10.0.0.2/require; spdadd 0.0.0.0/0 91.18.78.0/25 any -P in ipsec esp/tunnel/10.0.0.2-10.0.0.1/require; BoxC Setkey Rules --------------------- # Delete all existing entries from the SAD and SPD databases # ----------------------------------------------------------- flush; spdflush; # Add policys to the SPD database # -------------------------------- # 1 - /25 Network Traffic <-> Internet: Encrypt / Decrypt & Send on it's wicked way. # -------------------------------------------------------------------------- -------- spdadd 0.0.0.0/0 91.18.78.0/25 any -P out ipsec esp/tunnel/10.0.0.2-10.0.0.1/require; spdadd 91.18.78.0/25 0.0.0.0/0 any -P in ipsec esp/tunnel/10.0.0.1-10.0.0.2/require; Well, there we have it. I am sure ipsec is having issues with 0.0.0.0/0 (which is required for directing internet traffic) but I am unable to resolve these. Any advice & / or help would be greatly appericated. Kind Regards Colin Watson. From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 12:41:46 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EB3B16A4BF for ; Wed, 27 Aug 2003 12:41:46 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78FB843FB1 for ; Wed, 27 Aug 2003 12:41:44 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h7RJfTj10339; Wed, 27 Aug 2003 16:41:29 -0300 Message-ID: <3F4D0968.5050800@tcoip.com.br> Date: Wed, 27 Aug 2003 16:41:28 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030702 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Christoffer Pio References: <3F4CBA6A.5AA7DEB0@cvt.dk> In-Reply-To: <3F4CBA6A.5AA7DEB0@cvt.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 19:41:46 -0000 Christoffer Pio wrote: > Is it not possible to subnet a C class into 3 nets, like > > 0-63 > 64-191 <-- Offending network (?) > 192-255 No. > If so, why is this? Because it there is no mask that will fit. In binary, you have: 0 0000 0000 63 0011 1111 64 0100 0000 127 0111 1111 128 1000 0000 191 1011 1111 192 1100 0000 255 1111 1111 Now, how do masks work? Where there are 1's in a mask, the address is supposed to never change. Where there are 0's, any value is accepted. The problem you have is that between 64 and 191 there is absolutely no digits that won't change (in fact, you can see that the 191 is the very opposite of 64 in every bit). So any network that includes both 64 and 191 will necessarily include everything from 0 to 255. Mind you /25 and /26 are just a simplification of the way masks are almost always used. Usually, the left side of the mask is all 1's up to a certain point, and from there to the end there are just 0's. It is _possible_ to use masks in a different way, but I have only seen such configurations as a result of errors. For example, it would be theoretically possible to have a network composed of 0-63 and 128-191. Fortunately, I haven't seen anyone do that intentionally. :-) So /25 means that the first 25 bits of the 32 bits that compose an address are 1's, and the remaining are 0's. (and anyone picking on my usage of "first", please relate it to how people write numbers in oriental languages and arabic -- no sense in setting the bar too low :) -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net We Klingons believe as you do -- the sick should die. Only the strong should live. -- Kras, "Friday's Child", stardate 3497.2 From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 13:56:20 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D845716A4BF for ; Wed, 27 Aug 2003 13:56:20 -0700 (PDT) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C6A543FE5 for ; Wed, 27 Aug 2003 13:56:17 -0700 (PDT) (envelope-from Helge.Oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])h7RKu6IO087322 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Aug 2003 22:56:06 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: from dehhx004.hbg.de.int.atosorigin.com (dehhx004.hbg.de.int.atosorigin.com [161.90.164.40]) ESMTP id h7RKu5K7043144; Wed, 27 Aug 2003 22:56:05 +0200 (CEST) (envelope-from Helge.Oldach@atosorigin.com) Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service (5.5.2653.19) id ; Wed, 27 Aug 2003 22:56:05 +0200 Message-ID: From: "Oldach, Helge" To: "'Lars Eggert'" Date: Wed, 27 Aug 2003 22:56:05 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: freebsd-net@freebsd.org cc: hilman firmansyah Subject: RE: Gif IPTunnel networkA-to-networkB not work X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 20:56:21 -0000 > From: Lars Eggert [mailto:larse@ISI.EDU] > Sent: Mittwoch, 27. August 2003 17:45 > To: Oldach, Helge > Cc: hilman firmansyah; freebsd-net@freebsd.org > Subject: Re: Gif IPTunnel networkA-to-networkB not work > Oldach, Helge wrote: > > You must have the networks connected (on the public side), but when > > using IPSec your gif tunnel won't really be used. It is just sort of > > a "placeholder" to get the routing correct. > > It is not a good idea to use gifs in parallel with IPsec tunnel mode., > to do this routing trick. Fully agreed. The point is that a lot of documents on the web advise to set up a gif tunnel in order to set up a IPSec tunnel. Which is essentially nonsense. Apparently the original poster fell into the same trap. Hence my clarification. Helge From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 14:47:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ECD716A4C0 for ; Wed, 27 Aug 2003 14:47:15 -0700 (PDT) Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0F5143FFD for ; Wed, 27 Aug 2003 14:47:13 -0700 (PDT) (envelope-from cgaylord@vt.edu) Received: from vivi.cc.vt.edu (IDENT:mirapoint@evil-vivi [10.1.1.12]) by lennier.cc.vt.edu (8.12.8/8.12.8) with ESMTP id h7RLlCHh520775; Wed, 27 Aug 2003 17:47:12 -0400 (EDT) Received: from CNSCKGLT (ligeti.cns.vt.edu [128.173.8.161]) by vivi.cc.vt.edu (Mirapoint Messaging Server MOS 3.3.2-CR) with ESMTP id BOR34144; Wed, 27 Aug 2003 17:47:08 -0400 (EDT) From: "Clark Gaylord" To: "'Christoffer Pio'" Date: Wed, 27 Aug 2003 17:47:08 -0400 Message-ID: <715379D39F6E534594B4B3182B6365900302EA2C@fangorn.cc.vt.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-reply-to: <3F4CBA6A.5AA7DEB0@cvt.dk> cc: freebsd-net@freebsd.org Subject: RE: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 21:47:15 -0000 When in doubt, do it in binary: 0 =3D 00000000 64 =3D 01000000 128 =3D 10000000 192 =3D 11000000 As a /26 (taking as given the 24 x's not shown for the other three = octets): xxyyyyyy - y's are the host xx doesn't have the same value from 64-191 As a /25: xyyyyyy - y's are the host x doesn't have the same value from 64-191 A /26 means there are 26 bits of network and 6 bits of host; a /25 means = 25 bits of network and 7 for host. As /26's xx =3D {00, 01, 10, 11} for the four distinct values, with the = other six bits signifying the host address. As /25s x =3D {0, 1} are the two distinct values. Now, you could use 0/25 (as 0-127 all have same first = bit) and 128/26 and 192/26 as each of these network address bits (10 and 11) = stay the same through the respective block of addresses. Hopefully this helps. Clark > -----Original Message----- > From: owner-freebsd-net@freebsd.org=20 > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Christoffer Pio > Sent: Wednesday, August 27, 2003 10:04 AM > To: freebsd-net@freebsd.org > Subject: subnetting C class into /26 /25 /26, why can this be done? >=20 >=20 > Is it not possible to subnet a C class into 3 nets, like >=20 > 0-63 > 64-191 <-- Offending network (?) > 192-255 >=20 > If so, why is this? >=20 > Christoffer > _______________________________________________ > freebsd-net@freebsd.org mailing list=20 > http://lists.freebsd.org/mailman/listinfo/f> reebsd-net > To=20 > unsubscribe, send any mail to=20 > "freebsd-net-unsubscribe@freebsd.org" >=20 From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 19:43:08 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F4F816A4BF for ; Wed, 27 Aug 2003 19:43:08 -0700 (PDT) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B57444005 for ; Wed, 27 Aug 2003 19:43:06 -0700 (PDT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.12.3/8.9.3) with ESMTP id h7S2h14t089777 for ; Thu, 28 Aug 2003 09:43:03 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.8.5/8.8.5) id JAA19927; Thu, 28 Aug 2003 09:45:09 +0700 (ICT) Date: Thu, 28 Aug 2003 09:45:09 +0700 (ICT) Message-Id: <200308280245.JAA19927@banyan.cs.ait.ac.th> X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f From: Olivier Nicole To: freebsd-net@freebsd.org In-reply-to: <3F4D0968.5050800@tcoip.com.br> (dcs@tcoip.com.br) References: <3F4CBA6A.5AA7DEB0@cvt.dk> <3F4D0968.5050800@tcoip.com.br> X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Subject: Re: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 02:43:08 -0000 Christoffer Pio wrote: > Is it not possible to subnet a C class into 3 nets, like > > 0-63 > 64-191 <-- Offending network (?) > 192-255 > > If so, why is this? I think you got explanations on the why. Now it should still be possible to subnet the way you want I think. While I would never recommend it, think routing should go with the most significant mask for a given address. So if you subnet: 1) x.x.x.0/26 2) x.x.x.192/26 3) x.x.x.0/24 you should be able to do the trick. An address in the range 0-63 will match both mask 1) and 3) but mask 1) is most significant (more bits, higer value) so the packet will be routed to subnet 1). Same thing for a packet in the range 192-255, with subnet 2) and 3), it will be router to subnet 2). And a packet in the range 64-191 will only match the subnet 3) so it will go to the subnet 3). IF I AM NOT WRONG, this should work, but it is definitely nasty. If you absolutely need 2 subnets of 64 addresses and one of 128, doing: 1) x.x.x.0/26 2) x.x.x.64/26 3) x.x.x.128/25 is nicer and will result in the ranges 0-64, 64-127 and 128-255. Olivier From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 20:54:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5865F16A4ED for ; Wed, 27 Aug 2003 20:54:40 -0700 (PDT) Received: from smtp.nap.net.id (dns3.nap.net.id [202.59.163.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03DC843F3F for ; Wed, 27 Aug 2003 20:54:37 -0700 (PDT) (envelope-from hilman@nap.net.id) Received: from hilman (didyma.nap.net.id [202.59.163.78]) by smtp.nap.net.id (8.12.6/8.11.3) with SMTP id h7S4AkCl057536 for ; Thu, 28 Aug 2003 11:10:53 +0700 (JAVT) (envelope-from hilman@nap.net.id) From: hilman firmansyah Message-ID: <078d01c36d18$ec90ef70$4ea33bca@hilman> To: References: Date: Thu, 28 Aug 2003 11:00:24 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Gif IPTunnel networkA-to-networkB not work X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 03:54:40 -0000 Hi, I found the problem in : sysctl -w net.inet.ip.forwarding=1 After i fix the problem the routes works fine. But then I know the VPN solutions is not the answer for the questions since lately I know that in real fact the 2 networks I try to connected is a Collide network ! The clients in A side and the servers in B side. A and B is different office in one city, connected via fiber optic in vlan1 ( cant move to other vlan ) that used by many corporate office in same time. [ Client ] -----[ fbsd A ]---------------------[ fbsd B]-------[ Server ]-------- Intrnet 10.0.0.0 |____ fiberoptic__________| 10.0.0.1 Is there any solutions with freebsd to make a Possible to encrypt the packet from fbsd A to fbsd B in transparent / bridging mode , So not internal data visible to other company network in same fiberoptic. regards, nb: I m still trying with IPSEC to make possible but the literatures always said the vpn working on different internal networks subnets ------------------------snip -------------------------------------------- > > It is not a good idea to use gifs in parallel with IPsec tunnel mode., > > to do this routing trick. > > Fully agreed. The point is that a lot of documents on the web advise > to set up a gif tunnel in order to set up a IPSec tunnel. Which > is essentially nonsense. Apparently the original poster fell into the > same trap. Hence my clarification. > > Helge ----------------------------snip ------------------------------------------- - From owner-freebsd-net@FreeBSD.ORG Thu Aug 28 04:50:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C511D16A4BF for ; Thu, 28 Aug 2003 04:50:15 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C318E43FBD for ; Thu, 28 Aug 2003 04:50:11 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h7SBnwj01243; Thu, 28 Aug 2003 08:50:00 -0300 Message-ID: <3F4DEC65.3080808@tcoip.com.br> Date: Thu, 28 Aug 2003 08:49:57 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030702 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Olivier Nicole References: <3F4CBA6A.5AA7DEB0@cvt.dk> <3F4D0968.5050800@tcoip.com.br> <200308280245.JAA19927@banyan.cs.ait.ac.th> In-Reply-To: <200308280245.JAA19927@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: subnetting C class into /26 /25 /26, why can this be done? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 11:50:15 -0000 Olivier Nicole wrote: > Christoffer Pio wrote: > >>Is it not possible to subnet a C class into 3 nets, like >> >>0-63 >>64-191 <-- Offending network (?) >>192-255 >> >>If so, why is this? > > > I think you got explanations on the why. > > Now it should still be possible to subnet the way you want I think. > > While I would never recommend it, think routing should go with the > most significant mask for a given address. > > So if you subnet: > > 1) x.x.x.0/26 > 2) x.x.x.192/26 > 3) x.x.x.0/24 > > you should be able to do the trick. > > An address in the range 0-63 will match both mask 1) and 3) but mask > 1) is most significant (more bits, higer value) so the packet will be > routed to subnet 1). > > Same thing for a packet in the range 192-255, with subnet 2) and 3), > it will be router to subnet 2). > > And a packet in the range 64-191 will only match the subnet 3) so it > will go to the subnet 3). > > IF I AM NOT WRONG, this should work, but it is definitely nasty. > > If you absolutely need 2 subnets of 64 addresses and one of 128, > doing: > > 1) x.x.x.0/26 > 2) x.x.x.64/26 > 3) x.x.x.128/25 > > is nicer and will result in the ranges 0-64, 64-127 and 128-255. Yes, but any host in the 64-191 range will need to be configured with a /24 net mask *and* have static routes for 0-63 and 192-255. And I'm not even completely sure that will work. -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net For there are moments when one can neither think nor feel. And if one can neither think nor feel, she thought, where is one? -- Virginia Woolf, "To the Lighthouse" [Quoted in "VMS Internals and Data Structures", V4.4, when referring to powerfail recovery.] From owner-freebsd-net@FreeBSD.ORG Thu Aug 28 13:01:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76E3916A4BF for ; Thu, 28 Aug 2003 13:01:58 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15B8543FE0 for ; Thu, 28 Aug 2003 13:01:57 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with ESMTP id h7SK1s5L019710 for ; Thu, 28 Aug 2003 23:01:55 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <3F4E5FAF.2080705@he.iki.fi> Date: Thu, 28 Aug 2003 23:01:51 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw parsing bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 20:01:58 -0000 ipfw seems to have developed a bug lately on 5-CURRENT; # ipfw add 2042 allow tcp from 0.0.0.0/0 to me 42 02042 allow tcp from me to me dst-port 42 It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked the notation is also widely used in networking gear for default route which is a "catch any" definition. Pete From owner-freebsd-net@FreeBSD.ORG Thu Aug 28 13:07:11 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA6E916A4C2 for ; Thu, 28 Aug 2003 13:07:11 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C76E43FFD for ; Thu, 28 Aug 2003 13:07:10 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (n0prwcam@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h7SK71O13392278; Fri, 29 Aug 2003 00:07:01 +0400 (MSD) Date: Fri, 29 Aug 2003 00:07:01 +0400 (MSD) From: Maxim Konovalov To: Petri Helenius In-Reply-To: <3F4E5FAF.2080705@he.iki.fi> Message-ID: <20030829000533.K65653@news1.macomnet.ru> References: <3F4E5FAF.2080705@he.iki.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ipfw parsing bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 20:07:11 -0000 On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote: > > ipfw seems to have developed a bug lately on 5-CURRENT; > # ipfw add 2042 allow tcp from 0.0.0.0/0 to me > 42 > 02042 allow tcp from me to me dst-port 42 > > It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked > the notation is also widely used in networking gear for default route which > is a "catch any" definition. Known ipfw2 bug. Try this: Index: ipfw2.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.38 diff -u -r1.38 ipfw2.c --- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38 +++ ipfw2.c 28 Jul 2003 15:51:26 -0000 @@ -2046,7 +2046,7 @@ errx(EX_DATAERR, "not any never matches"); } /* else do nothing and skip this entry */ - continue; + return; } /* A single IP can be stored in an optimized format */ if (d[1] == IP_MASK_ALL && av == NULL && len == 0) { %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Thu Aug 28 13:35:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3BEA16A4C0 for ; Thu, 28 Aug 2003 13:35:38 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 328AB43FDD for ; Thu, 28 Aug 2003 13:35:36 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with ESMTP id h7SKZY5L019955; Thu, 28 Aug 2003 23:35:34 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <3F4E6793.4030101@he.iki.fi> Date: Thu, 28 Aug 2003 23:35:31 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Maxim Konovalov References: <3F4E5FAF.2080705@he.iki.fi> <20030829000533.K65653@news1.macomnet.ru> In-Reply-To: <20030829000533.K65653@news1.macomnet.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: ipfw parsing bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 20:35:38 -0000 Maxim Konovalov wrote: >On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote: > > > >>ipfw seems to have developed a bug lately on 5-CURRENT; >># ipfw add 2042 allow tcp from 0.0.0.0/0 to me >>42 >>02042 allow tcp from me to me dst-port 42 >> >>It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked >>the notation is also widely used in networking gear for default route which >>is a "catch any" definition. >> >> > >Known ipfw2 bug. Try this: > It works, please press the big red COMMIT button! # ipfw add 2043 allow tcp from 0.0.0.0/0 to me dst-port 42 02043 allow tcp from any to me dst-port 42 Thanks, Pete >Index: ipfw2.c >=================================================================== >RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v >retrieving revision 1.38 >diff -u -r1.38 ipfw2.c >--- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38 >+++ ipfw2.c 28 Jul 2003 15:51:26 -0000 >@@ -2046,7 +2046,7 @@ > errx(EX_DATAERR, "not any never matches"); > } > /* else do nothing and skip this entry */ >- continue; >+ return; > } > /* A single IP can be stored in an optimized format */ > if (d[1] == IP_MASK_ALL && av == NULL && len == 0) { >%%% > > > From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 03:23:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FB6216A4BF for ; Fri, 29 Aug 2003 03:23:49 -0700 (PDT) Received: from smtp.clifftop.net (machassociates-6.dsl.easynet.co.uk [217.204.162.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8945E43FF3 for ; Fri, 29 Aug 2003 03:23:44 -0700 (PDT) (envelope-from danny@clifftop.net) Received: from andromeda.clifftop.net (www@localhost.clifftop.net [127.0.0.1]) by smtp.clifftop.net (8.12.9/8.12.9) with ESMTP id h7TANhYG003683 for ; Fri, 29 Aug 2003 11:23:43 +0100 (BST) Received: (from www@localhost) by andromeda.clifftop.net (8.12.9/8.12.2/Submit) id h7TANh9u003682 for freebsd-net@freebsd.org; Fri, 29 Aug 2003 11:23:43 +0100 (BST) X-Authentication-Warning: andromeda.clifftop.net: www set sender to danny@clifftop.net using -f Received: from cassiopeia.clifftop.net (cassiopeia.clifftop.net [192.168.1.10]) by webmail.clifftop.net (Horde) with HTTP for ; Fri, 29 Aug 2003 11:23:42 +0100 Message-ID: <1062152622.4cc1afda45d6f@webmail.clifftop.net> X-Priority: 3 (Normal) Date: Fri, 29 Aug 2003 11:23:42 +0100 From: Danny Horne To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 192.168.1.10 Subject: IPv6 headaches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 10:23:49 -0000 Hi all, Hope someone can clear this up for me. I'm trying to get up to speed on IPv6 & have tried two different tunnel brokers (Freenet6 & BTExact). Both of these suppliers supply scripts to set things up. Problem is, nothing is leaving my Gif interface (to be more exact, when I ping6 anything on the outside world I get 'no route to host'), this is the gif0 output of netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll gif0 1280 0 0 16 16 0 gif0 1280 2001:618:40 2001:618:400::d9c 6 - 6 - - gif0 1280 fe80:4::2d0 fe80:4::2d0:b7ff: 0 - 11 - - Because I'm assuming the supplied scripts set everything up, I haven't touched any IPv6 stuff in rc.conf (should I have?). Lots more information available, just don't know what would be useful to you yet. Thanks for all replies -- To do is to be -- Nietzsche To be is to do -- Sartre Scooby do be do -- Scooby ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 08:09:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B3D316A4BF for ; Fri, 29 Aug 2003 08:09:41 -0700 (PDT) Received: from chimera.noanet.net (chimera.noanet.net [66.119.192.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FC6443F93 for ; Fri, 29 Aug 2003 08:09:40 -0700 (PDT) (envelope-from mksmith@noanet.net) Received: from MKSLaptop (12-230-61-92.client.attbi.com [12.230.61.92]) by chimera.noanet.net (8.12.9/8.12.9) with SMTP id h7TF9S2x029537; Fri, 29 Aug 2003 08:09:28 -0700 (PDT) From: "Michael K. Smith" To: "'Danny Horne'" , Date: Fri, 29 Aug 2003 08:09:36 -0700 Message-ID: <002301c36e3f$8ffe5270$6501a8c0@MKSLaptop> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <1062152622.4cc1afda45d6f@webmail.clifftop.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: IPv6 headaches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 15:09:41 -0000 Do you have a default route for your IPv6 network? Mike -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] On Behalf Of Danny Horne Sent: Friday, August 29, 2003 3:24 AM To: freebsd-net@freebsd.org Subject: IPv6 headaches Hi all, Hope someone can clear this up for me. I'm trying to get up to speed on IPv6 & have tried two different tunnel brokers (Freenet6 & BTExact). Both of these suppliers supply scripts to set things up. Problem is, nothing is leaving my Gif interface (to be more exact, when I ping6 anything on the outside world I get 'no route to host'), this is the gif0 output of netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll gif0 1280 0 0 16 16 0 gif0 1280 2001:618:40 2001:618:400::d9c 6 - 6 - - gif0 1280 fe80:4::2d0 fe80:4::2d0:b7ff: 0 - 11 - - Because I'm assuming the supplied scripts set everything up, I haven't touched any IPv6 stuff in rc.conf (should I have?). Lots more information available, just don't know what would be useful to you yet. Thanks for all replies -- To do is to be -- Nietzsche To be is to do -- Sartre Scooby do be do -- Scooby ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 08:42:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEF7916A4C0; Fri, 29 Aug 2003 08:42:22 -0700 (PDT) Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7B8D43FF7; Fri, 29 Aug 2003 08:42:21 -0700 (PDT) (envelope-from flag@tin.it) Received: from newluxor.skynet.org (80.182.24.252) by vsmtp4.tin.it (7.0.019) id 3F4F1F510001F9C6; Fri, 29 Aug 2003 17:42:19 +0200 Received: by newluxor.skynet.org (Postfix, from userid 1002) id 9FF3C488; Fri, 29 Aug 2003 17:44:01 +0200 (CEST) Date: Fri, 29 Aug 2003 17:44:01 +0200 From: Paolo Pisati To: FreeBSD_Hackers Message-ID: <20030829154401.GA417@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Useless-Header: Look ma, it's a # sign! X-Operating-System: FreeBSD newluxor.skynet.org 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE cc: FreeBSD_Net Subject: Ngctl hangs while it tries to connect to my netgraph node X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 15:42:23 -0000 [cc: net cause it belongs there even] This is my situation now: [root@newluxor n_dimensions]# ngctl msg classifier_mast: stop ^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C and this is ps axl: 0 416 203 0 -20 0 900 440 netgra D+ v1 0:00.01 ngctl msg cl and if i try to kill it: [root@newluxor flag]# kill 416 [root@newluxor flag]# kill 416 [root@newluxor flag]# kill 416 [root@newluxor flag]# kill -9 416 [root@newluxor flag]# kill -9 416 [root@newluxor flag]# kill -9 416 [root@newluxor flag]# kill -9 416 [root@newluxor flag]# kill -9 416 [snip] 0 416 203 0 -20 0 900 440 netgra D+ v1 0:00.01 ngctl msg cl still here, nothing seems to disturb it. Any idea is welcome. [root@newluxor flag]# uname -a FreeBSD newluxor.skynet.org 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #13: Tue Aug 26 11:20:20 CEST 2003 flag@newluxor.skynet.org:/usr/obj/usr/src/sys/NEWLUXOR i386 -- Paolo GUFI: http://www.gufi.org From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 09:17:23 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 244AB16A4C0 for ; Fri, 29 Aug 2003 09:17:23 -0700 (PDT) Received: from handler3.mail.rice.edu (handler3.mail.rice.edu [128.42.58.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BFD343FE1 for ; Fri, 29 Aug 2003 09:17:22 -0700 (PDT) (envelope-from takhoa@rice.edu) Received: from localhost (localhost [127.0.0.1]) by handler3.mail.rice.edu (Postfix) with ESMTP id A5E051DBF4 for ; Fri, 29 Aug 2003 11:17:21 -0500 (CDT) Received: from handler3.mail.rice.edu ([127.0.0.1]) by localhost (handler3.mail.rice.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26381-05 for ; Fri, 29 Aug 2003 11:17:20 -0500 (CDT) Received: from PILLOW (dhcp-68-239.ece.rice.edu [128.42.68.239]) by handler3.mail.rice.edu (Postfix) with SMTP id 40C4B1DB59 for ; Fri, 29 Aug 2003 11:17:20 -0500 (CDT) From: "Khoa A. To" To: "FreeBSD_Net" Date: Fri, 29 Aug 2003 11:17:16 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 In-reply-to: <20030829154401.GA417@newluxor.skynet.org> X-Virus-Scanned: by amavis-20030314-p2 at mail.rice.edu Subject: Reversed MAC lookup inside FreeBSD kernel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 16:17:23 -0000 Hi, I'm new to kernel code, and don't understand the structure of ARP table very well. Could someone please point me to the right direction for the following problem I have: I need to get a translation of MAC addresses to IP addresses in the kernel. I saw some postings about how to translate MAC to IP in the user level, but they seem to require the host to send a packet to that MAC address and some other ways that also require the host to actually send some request packets out. All my MAC-IP addresses are already set statically using "arp -s" in the ARP table. When I'm in the kernel, how do I get a hold of the ARP table and do some kind of reversed search to get the IP address out? Thank you very much, Khoa. From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 11:06:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7348E16A4BF for ; Fri, 29 Aug 2003 11:06:40 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id ED50844057 for ; Fri, 29 Aug 2003 11:05:18 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 25502 invoked by uid 5013); 29 Aug 2003 18:02:06 -0000 Date: Fri, 29 Aug 2003 19:02:06 +0100 From: Bruce M Simpson To: "Khoa A. To" Message-ID: <20030829180206.GK1417@spc.org> Mail-Followup-To: Bruce M Simpson , "Khoa A. To" , FreeBSD_Net References: <20030829154401.GA417@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Organization: SPC cc: FreeBSD_Net Subject: Re: Reversed MAC lookup inside FreeBSD kernel? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 18:06:40 -0000 On Fri, Aug 29, 2003 at 11:17:16AM -0500, Khoa A. To wrote: > I need to get a translation of MAC addresses to IP addresses in the kernel. > I saw some postings about how to translate MAC to IP in the user level, but > they seem to require the host to send a packet to that MAC address and some > other ways that also require the host to actually send some request packets > out. All my MAC-IP addresses are already set statically using "arp -s" in > the ARP table. When I'm in the kernel, how do I get a hold of the ARP table > and do some kind of reversed search to get the IP address out? ARP information is held in the routing table. Look at the output of netstat -arn and look for routes containing the L flag (LLINFO). If you need to walk through the routing table, look at how rtalloc() does it. 'struct rtentry' should be pretty self explanatory... BMS From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 12:18:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5BD316A4BF for ; Fri, 29 Aug 2003 12:18:53 -0700 (PDT) Received: from smtp.clifftop.net (machassociates-6.dsl.easynet.co.uk [217.204.162.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CAAD43F75 for ; Fri, 29 Aug 2003 12:18:52 -0700 (PDT) (envelope-from danny@clifftop.net) Received: from andromeda.clifftop.net (www@localhost.clifftop.net [127.0.0.1]) by smtp.clifftop.net (8.12.9/8.12.9) with ESMTP id h7TJIpnj001764; Fri, 29 Aug 2003 20:18:51 +0100 (BST) Received: (from www@localhost) by andromeda.clifftop.net (8.12.9/8.12.2/Submit) id h7TJImZ4001763; Fri, 29 Aug 2003 20:18:48 +0100 (BST) X-Authentication-Warning: andromeda.clifftop.net: www set sender to danny@clifftop.net using -f Received: from cassiopeia.clifftop.net (cassiopeia.clifftop.net [192.168.1.10]) by webmail.clifftop.net (Horde) with HTTP for ; Fri, 29 Aug 2003 20:18:48 +0100 Message-ID: <1062184728.da48264882b97@webmail.clifftop.net> X-Priority: 3 (Normal) Date: Fri, 29 Aug 2003 20:18:48 +0100 From: Danny Horne To: Ivo Vachkov References: <1062152622.4cc1afda45d6f@webmail.clifftop.net> <3F4F6ED9.2090809@unilans.net> In-Reply-To: <3F4F6ED9.2090809@unilans.net> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 192.168.1.10 cc: freebsd-net@freebsd.org Subject: Re: IPv6 headaches X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:18:53 -0000 Ivo Vachkov was once thought to have said: > try: > =09route add -inet6 default YOUR_TUNNEL_BROKER_ENDPOINT_IPv6 > This is the script I was sent to set things up - #!/bin/sh ifconfig gif create gifconfig gif0 inet 217.204.162.182 193.113.58.80 && ifconfig gif0 inet6 2001:618:400::d9cc:a2b6 prefixlen 128 && route add -inet6 default fe80::%gif0 && ifconfig fxp0 inet6 2001:618:456:: prefixlen 48 && sysctl =96w net.inet6.ip6.forwarding=3D1 && /usr/sbin/rtadvd fxp0 && echo "IPv6 configuration completed" || { echo "IPv6 configuration failed!" 1>&2; exit 1; } This is the result of deleting their default route & applying your suggested= one - andromeda# route add -inet6 default 2001:618:1::a0 route: writing to routing socket: Network is unreachable add net default: gateway 2001:618:1::a0: Network is unreachable Do I need to apply any IPv6 firewall rules to make things work? (preferred f= w is ipf) Do I need to set anything in rc.conf? (I assumed script would do everything) -- To do is to be -- Nietzsche To be is to do -- Sartre Scooby do be do -- Scooby ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 12:29:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A1BC16A4C0 for ; Fri, 29 Aug 2003 12:29:40 -0700 (PDT) Received: from relay2.softcomca.com (relay2.softcomca.com [168.144.1.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BCC443FDD for ; Fri, 29 Aug 2003 12:29:38 -0700 (PDT) (envelope-from akanwar@digitarchy.com) Received: from M2W040.mail2web.com ([168.144.251.146]) by relay2.softcomca.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 29 Aug 2003 15:29:38 -0400 Message-ID: <269620-220038529192937735@M2W040.mail2web.com> X-Priority: 3 X-Originating-IP: 68.111.37.3 X-URL: http://mail2web.com/ From: "akanwar@digitarchy.com" To: freebsd-net@freebsd.org Date: Fri, 29 Aug 2003 15:29:37 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 29 Aug 2003 19:29:38.0145 (UTC) FILETIME=[E2BE5D10:01C36E63] Subject: Device polling support for em and bge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: akanwar@digitarchy.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:29:40 -0000 Hi all, Is there a plan to support device polling for the em or the bge drivers ? Thanks, -ansh -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 12:47:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C4A216A4C0 for ; Fri, 29 Aug 2003 12:47:18 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69FD743FA3 for ; Fri, 29 Aug 2003 12:47:16 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (us47d5kv@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h7TJlCt13814044; Fri, 29 Aug 2003 23:47:12 +0400 (MSD) Date: Fri, 29 Aug 2003 23:47:12 +0400 (MSD) From: Maxim Konovalov To: "akanwar@digitarchy.com" In-Reply-To: <269620-220038529192937735@M2W040.mail2web.com> Message-ID: <20030829234325.L78259@news1.macomnet.ru> References: <269620-220038529192937735@M2W040.mail2web.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Device polling support for em and bge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 19:47:18 -0000 On Fri, 29 Aug 2003, 15:29-0400, akanwar@digitarchy.com wrote: > Hi all, > > Is there a plan to support device polling for the em or the bge drivers ? It is already supported for em(4), see man polling. I was planning to implement polling for bge(4) if I get free time. -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 14:19:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEFB016A4BF for ; Fri, 29 Aug 2003 14:19:51 -0700 (PDT) Received: from aslan.camp.com (portal.camp.com [206.124.12.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F32143F93 for ; Fri, 29 Aug 2003 14:19:50 -0700 (PDT) (envelope-from steve@camp.com) Received: from aslan.camp.com (localhost [127.0.0.1]) by aslan.camp.com (8.12.9/8.12.9) with ESMTP id h7TLE2gI016632 for ; Fri, 29 Aug 2003 15:14:02 -0600 (MDT) Received: (from steve@localhost) by aslan.camp.com (8.12.9/8.12.9/Submit) id h7TLE2UY016631 for freebsd-net@freebsd.org; Fri, 29 Aug 2003 15:14:02 -0600 (MDT) Date: Fri, 29 Aug 2003 15:14:02 -0600 From: Steve Camp To: freebsd-net@freebsd.org Message-ID: <20030829151402.C590@aslan.camp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Subject: HELP! "key_acquire2: invalid sequence number is passed" -- IPSEC VPN down... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 21:19:51 -0000 Hi, [ I have already posted this question to the 'freebsd-questions' mailing list and several newsgroups. I found a question posted to this 'freebsd-net' mailing list back in 2001, but apparently no summary or solution was posted.] I need some help. I am running a VPN between a FreeBSD 4.3 box and another FreeBSD 4.7 box. I am using the IPSEC / Racoon setup that comes with FreeBSD. I have not compiled anything: I inherited sysadmin duties for these boxen from another fellow. They had been working just fine when I first "acquired" them. Since that time, my customer has had two moves when they physically consolidated their two offices into one new office. At that time, the VPN was torn down, as there was only one box. Now they have opened a new "branch" office (actually a "home" office) and have tasked me with re-establishing the VPN to this separate location. I took the second box and re-located it. The only changes made were to the /etc/hosts (new host name(s) and IP addresses), /etc/resolv.conf (new dns servers), and some tweaks to /etc/rc.conf, and IP re-configurations in the /usr/local/etc/rc.d/ipsec.sh startup script. The IPSEC VPN has been up and down, but frustratingly mostly down since this latest "move". However, the VPN *was* working, and working well just two days ago. Today I checked, and it is again down, and the "primary" company server is logging lots and lots of these messages: Aug 28 18:07:00 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 28 18:10:00 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 28 18:13:00 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 28 18:16:30 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 28 18:19:00 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 28 18:22:00 servername /kernel: key_acquire2: invalid sequence number is passed. . . . Aug 29 11:46:36 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 29 11:49:18 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 29 11:50:00 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 29 11:50:47 servername /kernel: key_acquire2: invalid sequence number is passed. Aug 29 11:54:52 servername /kernel: key_acquire2: invalid sequence number is passed. etc etc Any pointers / links / help etc welcome in trying to figure this problem out. Has anyone experienced this problem before? How to resolve / fix it? Could this behaviour be caused by an ISP restricting certain kinds of traffic? More specifically, the last time I checked a few days ago, I was able to ping the public IP address of the remote (e.g. home office) box, but now I get ICMP error messages about ICMP Communication Administratively Prohibited from gateway machine.isp.net (xxx.xx.xxx.xxx) While I have posted this query to the comp.dcom.vpn, and comp.unix.*bsd*.misc newsgroups, any pointers to any other apropos Usenet newsgroups, mailing lists, support websites appreciated. -- Steve Camp steve@camp.com From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 14:21:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7808A16A4BF for ; Fri, 29 Aug 2003 14:21:42 -0700 (PDT) Received: from relay2.softcomca.com (relay2.softcomca.com [168.144.1.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA77443FD7 for ; Fri, 29 Aug 2003 14:21:41 -0700 (PDT) (envelope-from akanwar@digitarchy.com) Received: from M2W042.mail2web.com ([168.144.251.148]) by relay2.softcomca.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 29 Aug 2003 17:21:41 -0400 Message-ID: <114780-22003852921214171@M2W042.mail2web.com> X-Priority: 3 X-Originating-IP: 68.111.37.3 X-URL: http://mail2web.com/ From: "akanwar@digitarchy.com" To: maxim@macomnet.ru Date: Fri, 29 Aug 2003 17:21:41 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 29 Aug 2003 21:21:41.0272 (UTC) FILETIME=[8A0A2180:01C36E73] cc: freebsd-net@freebsd.org Subject: Re: Device polling support for em and bge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: akanwar@digitarchy.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2003 21:21:42 -0000 Sorry I should have given more details=2E=20 I am running 4=2E8-RELEASE and I did not see a _poll function in em driver= source=2E Perhaps my source is out of date ? Thanks, -ansh Original Message: ----------------- From: Maxim Konovalov maxim@macomnet=2Eru Date: Fri, 29 Aug 2003 23:47:12 +0400 (MSD) To: akanwar@digitarchy=2Ecom, freebsd-net@freebsd=2Eorg Subject: Re: Device polling support for em and bge On Fri, 29 Aug 2003, 15:29-0400, akanwar@digitarchy=2Ecom wrote: > Hi all, > > Is there a plan to support device polling for the em or the bge drivers = ? It is already supported for em(4), see man polling=2E I was planning to implement polling for bge(4) if I get free time=2E --=20 Maxim Konovalov, maxim@macomnet=2Eru, maxim@FreeBSD=2Eorg -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From owner-freebsd-net@FreeBSD.ORG Sat Aug 30 11:46:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB2BB16A4C1 for ; Sat, 30 Aug 2003 11:46:38 -0700 (PDT) Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4800443FEC for ; Sat, 30 Aug 2003 11:46:37 -0700 (PDT) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (spzd67z3@news1.macomnet.ru [195.128.64.14]) by relay.macomnet.ru (8.11.6/8.11.6) with ESMTP id h7UIkXt13842274; Sat, 30 Aug 2003 22:46:33 +0400 (MSD) Date: Sat, 30 Aug 2003 22:46:33 +0400 (MSD) From: Maxim Konovalov To: "akanwar@digitarchy.com" In-Reply-To: <114780-22003852921214171@M2W042.mail2web.com> Message-ID: <20030830224605.W22291@news1.macomnet.ru> References: <114780-22003852921214171@M2W042.mail2web.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Device polling support for em and bge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2003 18:46:38 -0000 On Fri, 29 Aug 2003, 17:21-0400, akanwar@digitarchy.com wrote: > Sorry I should have given more details. > > I am running 4.8-RELEASE and I did not see a _poll function in em driver > source. Perhaps my source is out of date ? check http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/em/if_em.c?only_with_tag=RELENG_4 -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org