From owner-freebsd-net Sun Dec 12 6:58:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from cd.mbn.or.jp (cd.mbn.or.jp [202.217.0.53]) by hub.freebsd.org (Postfix) with ESMTP id 2CA5714FBC for ; Sun, 12 Dec 1999 06:58:34 -0800 (PST) (envelope-from mariga@cd.mbn.or.jp) Received: from gateway (cse5-21.kokubunji.mbn.or.jp [210.144.135.137]) by cd.mbn.or.jp (8.9.1/cd.mbn.or.jp-2.0) with SMTP id XAA14424 for ; Sun, 12 Dec 1999 23:58:30 +0900 (JST) Message-ID: <000901bf44b1$4ab8fa00$064ca8c0@gateway> From: "Masahiro Ariga" To: Subject: how to make multicast router Date: Sun, 12 Dec 1999 23:57:50 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My name is Masahiro Ariga. I am rather a novice in FreeBSD,but I am very in a troble with next problem,so I beseech you to help me. We developed a video transfer intra-network system and it is working. But it transfers Unicast IP packet. And there arises the necesity to convert to Multicast transfer. So,I am testing to transfer multicast packets using prototype system connecting a Server(WindowsNT)-Router(FreeBSD version2.2.7)-Client(WindowsNT). NT-Server and NT-Client enters a multicastgroup address 244.0.1.1 using setsockopt.Client binds to wait for multicast packets and server sends packets. Although they use multicastgroup address 244.0.1.1,they individually hold each IP address.(I tried to change IP address in Windows' TCP/IP protocol contorol box but it denied entering 244.0.1.1 so I kept them just as previously.) Client-192.168.79.3. Server-192.168.79.22.(when using router I change this to 192.168.79.38) subnet mask- 255.255.255.224 Without router and directly connecting client and server,they communicate correctly. But if I try to connect them using router,the router does not work correctly. First of all I boot up router machine,then run client and server. It looks like that the multicast packets destined to 244.0.1.1 arrives ip_output routine alright, but after that do look-up routing table(rt_tables[]) and there's no route to host holding matching destination and they are all discarded. It appears there is no key=244.0.1.1 in rt_tables[]. I do not know how correctly create rt_tables[]. Also,I have a concern. I'd like to use FreeBSD version2.2.7 but should I version-up to 3.3 if I use Multicast function.I am worried if there's definite difference between them concerning Multicast function. I honestly implore senior members to drag me out of this predicament. Masahiro Ariga mariga@cd.mbn.or.jp ---------------------------------------------------------------------------- - Next is my rc.conf file. #!/bin/sh # # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. # # All arguments must be in double or single quotes. # # $Id: rc.conf,v 1.1.2.45 1998/06/27 21:23:17 steve Exp $ ############################################################## ### Important initial Boot-time options ##################### ############################################################## swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES if you want APM enabled. pccard_enable="NO" # Set to YES if you want to configure PCCARD devices. pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address. pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO). local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network options: ### #SY# hostname="myname.my.domain" # Set this! hostname="IWU-3" # Set this! nisdomainname="NO" # Set to NIS domain if using NIS (or NO). firewall_enable="NO" # Set to YES to enable firewall functionality firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="fxp0 fxp1 fxp2 lo0" # List of network interfaces (lo0 is loopback ifconfig_fxp0="inet 192.168.79.1 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" # ifconfig_fxp0="inet 192.168.76.4 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_fxp1="inet 192.168.78.5 netmask 255.255.255.224 media 100baseTX mediaopt full-duolex" # ifconfig_fxp1="inet 192.168.76.36 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_fxp2="inet 192.168.79.37 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" # ifconfig_fxp2="inet 192.168.76.68 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="" # Flags to syslogd (if enabled). inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="" # Optional flags to inetd. named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # named program, in case we want bind8 instead. named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). kerberos_server_enable="NO" # Run a kerberos master server (or NO). kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on # a slave kerberos server kerberos_stash="" # Is the kerberos master key stashed? rwhod_enable="NO" # Run the rwho daemon (or NO). amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t 4" # Flags to nfsd (if enabled). mountd_flags="-r" # Flags to mountd (if NFS server enabled). nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). portmap_enable="YES" # Run the portmapper service (or NO). portmap_flags="" # Flags to portmap (if enabled). rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run the ntpdate to sync time (or NO). ntpdate_program="ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="" # Flags to ntpdate (if enabled). xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO). xntpd_program="xntpd" # path to xntpd, if you want a different one. xntpd_flags="-p /var/run/xntpd.pid" # Flags to xntpd (if enabled). tickadj_enable="NO" # Run tickadj (or NO). tickadj_flags="-Aq" # Flags to tickadj (if enabled). # Network Information Services (NIS) options: ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="YSE" # Set to YES if this host will be a gateway. router_enable="YES" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. #SY# router_flags="-q" # Flags for routing daemon. router_flags="-s" # Flags for routing daemon. mrouted_enable="YES" # Do multicast routing (see /etc/mrouted.conf). # mrouted_flags="-d" # Flags for multicast routing daemon. mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us natd_enable="NO" # Enable natd if firewall_enable. natd_interface="fxp0" # Public interface to use with natd if natd_enable. natd_flags="" # Additional flags for natd. ############################################################## ### System console options ################################# ############################################################## keymap="jp.106" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # bell to duration.pitch or normal or visual (or NO). keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: blank/daemon/green/snake/star/NO. moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. ############################################################## ### Miscellaneous administrative options ################### ############################################################## cron_enable="YES" # Run the periodic job daemon. lpd_enable="NO" # Run the line printer daemon. lpd_flags="" # Flags to lpd (if enabled). sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # -bd is pretty mandatory. dumpdev="NO" # Device name to crashdump to (if enabled). check_quotas="NO" # Check quotas (or NO). accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). linux_enable="NO" # Linux emulation loaded at startup (or NO). rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). clear_tmp_enable="NO" # Clear /tmp at startup. ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ############################################################## ### Allow local configuration override at the very end here ## ############################################################## if [ -f /etc/rc.conf.local ]; then . /etc/rc.conf.local fi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 12 17:18:20 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns.cstnet-hf.net.cn (r-ustc-cstnethf.ustc.edu.cn [202.38.64.56]) by hub.freebsd.org (Postfix) with ESMTP id 5F01414E36 for ; Sun, 12 Dec 1999 17:18:13 -0800 (PST) (envelope-from jwlai@mail.ustc.edu.cn) Received: from ustc.edu.cn (hpe25.nic.ustc.edu.cn [202.38.64.1]) by ns.cstnet-hf.net.cn (8.8.7/8.8.6) with SMTP id JAA19367 for ; Mon, 13 Dec 1999 09:15:35 -0800 Received: from mail.ustc.edu.cn by ustc.edu.cn with SMTP (8.6.10/16.2) id JAA09654; Mon, 13 Dec 1999 09:20:36 +0800 Received: (qmail 29697 invoked by uid 1023); 13 Dec 1999 01:18:49 -0000 Date: Mon, 13 Dec 1999 09:18:48 +0800 (CST) From: Junwen Lai To: freebsd-net@freebsd.org Subject: KingMax netcard Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear all: I have just purchased a 10/100 KingMax netcard since a friend of mine keep persuading me into doing that,but now I have some difficulty in setting up, is there anyone who can help me, it is difficult than 10M ISA card. Thanx! ========================================================== Mr Junwen Lai | email: jwlai@mail.ustc.edu.cn Network Center,USTC | phone: (86)-551-3603400-222(Lab) Hefei,Anhui 230026 | phone: (86)-551-3631532(Dorm) P.R.China | phone: (86)-797-5715528(Home) ========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 12 18: 4:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 3CA4814F5E for ; Sun, 12 Dec 1999 18:04:37 -0800 (PST) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 3.03 #3) id 11xKqp-0007AJ-00; Sun, 12 Dec 1999 19:04:35 -0700 Message-ID: <3854546E.4AB0CEA2@softweyr.com> Date: Sun, 12 Dec 1999 19:05:34 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Junwen Lai Cc: freebsd-net@FreeBSD.ORG Subject: Re: KingMax netcard References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Junwen Lai wrote: > > Dear all: > > I have just purchased a 10/100 KingMax netcard since a friend of mine > keep persuading me into doing that,but now I have some difficulty in > setting up, is there anyone who can help me, it is difficult than 10M > ISA card. Tell us what the big chips on the card say on top and we might be able to help. It's unlikely that many of us will have any idea what a KingMax is. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 13 1:47:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from matrix.eurocontrol.fr (matrix.eurocontrol.fr [147.196.254.254]) by hub.freebsd.org (Postfix) with ESMTP id A39B51504F for ; Mon, 13 Dec 1999 01:47:46 -0800 (PST) (envelope-from roberto@eurocontrol.fr) Received: from caerdonn.eurocontrol.fr (caerdonn.eurocontrol.fr [147.196.43.2]) by matrix.eurocontrol.fr (Postfix) with ESMTP id DF593258F for ; Mon, 13 Dec 1999 10:47:45 +0100 (CET) (envelope-from roberto@caerdonn.eurocontrol.fr) Received: by caerdonn.eurocontrol.fr (Postfix, from userid 1193) id E14494E32; Mon, 13 Dec 1999 10:47:44 +0100 (CET) Date: Mon, 13 Dec 1999 10:47:44 +0100 From: Ollivier Robert To: freebsd-net@freebsd.org Subject: NAT setup for vmware ? Message-ID: <19991213104744.B5250@caerdonn.eurocontrol.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i X-Operating-System: FreeBSD 4.0-CURRENT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've read that someone is using NATd to enable the vmware system to talk to the outside (sorry, I don't have the mail right now). Given that: - I'm a complete newbie on the NAT thingy ; - I have my host with 192.168.1.1 and the vmware box at 192.168.1.2 how can I use natd for that ? Thanks, -- Ollivier ROBERT -=- Eurocontrol EEC/TEC -=- Ollivier.Robert@eurocontrol.fr The Postman hits! The Postman hits! You have new mail. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 13 7: 0:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from mgo.iij.ad.jp (mgo.iij.ad.jp [202.232.15.6]) by hub.freebsd.org (Postfix) with ESMTP id 2E37114D7C for ; Mon, 13 Dec 1999 06:59:57 -0800 (PST) (envelope-from core@kame.net) Received: from ns.iij.ad.jp (root@ns.iij.ad.jp [192.168.2.8]) by mgo.iij.ad.jp (8.8.8/MGO1.0) with ESMTP id XAA07660 for ; Mon, 13 Dec 1999 23:59:43 +0900 (JST) From: core@kame.net Received: from fs.iij.ad.jp (root@fs.iij.ad.jp [192.168.2.9]) by ns.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id XAA27854 for ; Mon, 13 Dec 1999 23:59:43 +0900 (JST) Received: from Mew.org (mine.iij.ad.jp [192.168.10.205]) by fs.iij.ad.jp (8.8.5/3.5Wpl7) with SMTP id XAA02632 for ; Mon, 13 Dec 1999 23:59:43 +0900 (JST) Date: Tue, 14 Dec 1999 00:00:41 +0900 (JST) Message-Id: <19991214.000041.104117325.kazu@Mew.org> To: net@FreeBSD.ORG Subject: KAME stable package 19991213 X-Mailer: Mew version 1.95b12 on Emacs 20.5 / Mule 4.0 (HANANOEN) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As usual, KAME Project has released "stable" packages of IPv6/IPsec network code for BSD/OS 3.1, FreeBSD 2.2.8/3.3, NetBSD 1.4.1, and OpenBSD 2.6. These packages have been tested by the TAHI team(http://www.tahi.org). They are free of charge but absolutely no warranty. They are avaiable from the following web site: http://www.kame.net/ NOTE: IF YOU GAIN ACCESS TO THIS WEB PAGE OVER IPv6, THE TURTLE WILL DANCE. To know the changes from the previous stable package, please refer to the CHANGELOG file. --KAME Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 13 9:55:50 1999 Delivered-To: freebsd-net@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id CBCA215553 for ; Mon, 13 Dec 1999 09:55:32 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id JAA18448; Mon, 13 Dec 1999 09:55:23 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id JAA16806; Mon, 13 Dec 1999 09:55:22 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id JAA19500; Mon, 13 Dec 1999 09:55:18 -0800 (PST) From: Don Lewis Message-Id: <199912131755.JAA19500@salsa.gv.tsc.tdk.com> Date: Mon, 13 Dec 1999 09:55:17 -0800 In-Reply-To: venkat venkatsubra "Re: peculiar tcp behavior" (Nov 24, 9:42am) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: venkat venkatsubra , jayanth Subject: Re: peculiar tcp behavior Cc: freebsd-net@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Nov 24, 9:42am, venkat venkatsubra wrote: } Subject: Re: peculiar tcp behavior } This is a multi-part message in MIME format. } --------------83BAB6521073EDFB9822F331 } Content-Type: text/plain; charset=us-ascii } Content-Transfer-Encoding: 7bit } } jayanth wrote: } } > hi, } > I have a tcpdump below. If a Reset segment is received that is greater } > than "last_ack_sent" the FreeBSD 2.2.8 tcpip stack does not process the } > segment and drop the connection. Is the sender(a.b.c.d) of the Reset } > wrong in } > sending a Reset that is within the window but greater than our } > "last_ack_sent "? Yes. The last paragraph on page 36 of RFC 793 says: If the incoming segment has an ACK field, the reset takes its sequence number from the ACK field of the segment, otherwise the reset has sequence number zero and the ACK field is set to the sum of the sequence number and segment length of the incoming segment. The connection remains in the same state. } > Since the connection is not dropped the x.y.z.w host has retransmit } > timeouts. } > What is the correct behavior ? } > } > tcpdump } > -------- } > 13:54:45.130913 a.b.c.d.1038 > x.y.z.w.http: S 2478243840:2478243840(0) } > win 2048 (DF) } > 13:54:45.130969 x.y.z.w.http > a.b.c.d.1038: S 876676280:876676280(0) } > ack 2478243841 win 17520 (DF) } > 13:54:45.131869 a.b.c.d.1038 > x.y.z.w.http: P 1:78(77) ack 1 win 2048 } > (DF) } > 13:54:45.161755 x.y.z.w.http > a.b.c.d.1038: . ack 78 win 17520 (DF) } > 13:54:45.352783 x.y.z.w.http > a.b.c.d.1038: P 1:210(209) ack 78 win } > 17520 (DF) } > 13:54:45.353055 x.y.z.w.http > a.b.c.d.1038: F 210:210(0) ack 78 win } > 17520 (DF) } > } > ???????????? } > 13:54:45.353119 a.b.c.d.1038 > x.y.z.w.http: R 2478261437:2478261437(0) } > } > ^^^^^^^^^^^^^^^^^^^^^ } > win 1 (DF) } > ??????????? } > } > 13:54:46.561619 x.y.z.w.http > a.b.c.d.1038: FP 1:210(209) ack 78 win } > 17520 (DF) } > 13:54:49.561403 x.y.z.w.http > a.b.c.d.1038: FP 1:210(209) ack 78 win } > 17520 (DF) } > 13:54:55.560988 x.y.z.w.http > a.b.c.d.1038: FP 1:210(209) ack 78 win } > 17520 (DF) } > .................. } > } > thanks } > jayanth } > } > To Unsubscribe: send mail to majordomo@FreeBSD.org } > with "unsubscribe freebsd-net" in the body of the message } } --------------83BAB6521073EDFB9822F331 } Content-Type: text/plain; charset=us-ascii; } name="xx1" } Content-Transfer-Encoding: 7bit } Content-Disposition: inline; } filename="xx1" } } Jayanth, } Looking at RFC 793, the RST from a.b.c.d seems a valid RST } since it is within the window. I haven't seen the freebsd code } lately, but i recall that they had added the code from Page 960 } of TCP/IP Illustrated Vol.2 long time back. That introduces a problem } where a RST to a previous incarnation of the same connection could get } accepted by the current connection and get terminated. Is the check about } 'last_ack_sent' as you mentioned is to fix that problem ? } By the way, doesn't RST mostly take the ACK number of the received } segment for the sequence number ? In that case checking with } last_ack_sent will work. But what if the RST is generated due to } retransmission timer connection timeout or the linger period has } expired SO_LINGER), etc. and some of the packets ahead were dropped ? } Then the sequence number in RST segment and the last_ack_sent won't } match. I think that should still be OK. The retransmitted packets may have lower sequence numbers than that of the last packet sent, but they should repeat the same ACK number. It wouldn't make sense to un-ACK data that has already been received. } What platform is a.b.c.d that generates the RST with the sequence } number set to the right edge of the window ? } Venkat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Dec 14 10:50:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from cd.mbn.or.jp (cd.mbn.or.jp [202.217.0.53]) by hub.freebsd.org (Postfix) with ESMTP id 3799714C3F for ; Tue, 14 Dec 1999 10:50:02 -0800 (PST) (envelope-from mariga@cd.mbn.or.jp) Received: from gateway (cse4-31.kokubunji.mbn.or.jp [210.144.135.101]) by cd.mbn.or.jp (8.9.1/cd.mbn.or.jp-2.0) with SMTP id DAA10793 for ; Wed, 15 Dec 1999 03:49:58 +0900 (JST) Message-ID: <002a01bf4663$f3f3a1c0$064ca8c0@gateway> From: "Masahiro Ariga" To: Subject: RE: how to make multicast router Date: Wed, 15 Dec 1999 03:48:33 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Masahiro Ariga again, P.S. I wrote the next mail on 12/13,1999. At that time I appended rc.conf.In it,the next line is mis-spelled "YSE" instead "YES". gateway_enable="YSE" # Set to YES if this host will be a gateway. I guess it happened during I copied it for mailing. So I re-transfer the correct rc.conf. >My name is Masahiro Ariga. >I am rather a novice in FreeBSD,but I am very in a troble with next >problem,so I beseech you to help me. >We developed a video transfer intra-network system and it is working. >But it transfers Unicast IP packet. >And there arises the necesity to convert to Multicast transfer. >So,I am testing to transfer multicast packets using prototype system >connecting a Server(WindowsNT)-Router(FreeBSD >version2.2.7)-Client(WindowsNT). > >NT-Server and NT-Client enters a multicastgroup address 244.0.1.1 using >setsockopt.Client binds to wait for multicast packets and server sends >packets. >Although they use multicastgroup address 244.0.1.1,they individually hold >each IP address.(I tried to change IP address in Windows' TCP/IP protocol >contorol box but it denied entering 244.0.1.1 so I kept them just as >previously.) > Client-192.168.79.3. > Server-192.168.79.22.(when using router I change this to 192.168.79.38) > subnet mask- 255.255.255.224 > >Without router and directly connecting client and server,they communicate >correctly. But if I try to connect them using router,the router does not >work correctly. >First of all I boot up router machine,then run client and server. >It looks like that the multicast packets destined to 244.0.1.1 arrives >ip_output routine alright, but after that do look-up routing >table(rt_tables[]) and there's no route to host holding matching destination >and they are all discarded. >It appears there is no key=244.0.1.1 in rt_tables[]. I do not know how >correctly >create rt_tables[]. > >Also,I have a concern. >I'd like to use FreeBSD version2.2.7 but should I version-up to 3.3 if I >use Multicast function.I am worried if there's definite difference between >them concerning Multicast function. > >I honestly implore senior members to drag me out of this predicament. > Also,after that mail,one more problem happened. I installed tcpdump in order to dump packets. I succeeded the install,but when I tried to run it,next error happened and could not run it. tcpdump:/dev/bfp0:Device not configured. Then,I inserted next line in my config file,and recompiled kernel and tried again to run tcpdump. But it reports the same error . pseudo-device bpf 3 I don't know it is related to my previous multicast problem. And one more thing,I tried netstat command,the result is as follows, #netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.79/27 link#1 UC 0 0 192.168.79.1 0:90:27:3c:84:b5 UHLW 0 88 lo0 192.168.79.32/27 link#3 UC 0 0 --- Corrected rc.conf #!/bin/sh # # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. # # All arguments must be in double or single quotes. # # $Id: rc.conf,v 1.1.2.45 1998/06/27 21:23:17 steve Exp $ ############################################################## ### Important initial Boot-time options ##################### ############################################################## swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES if you want APM enabled. pccard_enable="NO" # Set to YES if you want to configure PCCARD devices. pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address. pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO). local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network options: ### #SY# hostname="myname.my.domain" # Set this! hostname="IWU-3" # Set this! nisdomainname="NO" # Set to NIS domain if using NIS (or NO). firewall_enable="NO" # Set to YES to enable firewall functionality firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="fxp0 fxp1 fxp2 lo0" # List of network interfaces (lo0 is loopback ifconfig_fxp0="inet 192.168.79.1 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" # ifconfig_fxp0="inet 192.168.76.4 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_fxp1="inet 192.168.78.5 netmask 255.255.255.224 media 100baseTX mediaopt full-duolex" # ifconfig_fxp1="inet 192.168.76.36 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_fxp2="inet 192.168.79.37 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" # ifconfig_fxp2="inet 192.168.76.68 netmask 255.255.255.224 media 100baseTX mediaopt full-duplex" ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="" # Flags to syslogd (if enabled). inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="" # Optional flags to inetd. named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # named program, in case we want bind8 instead. named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). kerberos_server_enable="NO" # Run a kerberos master server (or NO). kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on # a slave kerberos server kerberos_stash="" # Is the kerberos master key stashed? rwhod_enable="NO" # Run the rwho daemon (or NO). amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t 4" # Flags to nfsd (if enabled). mountd_flags="-r" # Flags to mountd (if NFS server enabled). nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). portmap_enable="YES" # Run the portmapper service (or NO). portmap_flags="" # Flags to portmap (if enabled). rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run the ntpdate to sync time (or NO). ntpdate_program="ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="" # Flags to ntpdate (if enabled). xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO). xntpd_program="xntpd" # path to xntpd, if you want a different one. xntpd_flags="-p /var/run/xntpd.pid" # Flags to xntpd (if enabled). tickadj_enable="NO" # Run tickadj (or NO). tickadj_flags="-Aq" # Flags to tickadj (if enabled). # Network Information Services (NIS) options: ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="YES" # Set to YES if this host will be a gateway. router_enable="YES" # Set to YES to enable a routing daemon. # router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. #SY# router_flags="-q" # Flags for routing daemon. router_flags="-s" # Flags for routing daemon. mrouted_enable="YES" # Do multicast routing (see /etc/mrouted.conf). # mrouted_flags="-d" # Flags for multicast routing daemon. mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us natd_enable="NO" # Enable natd if firewall_enable. natd_interface="fxp0" # Public interface to use with natd if natd_enable. natd_flags="" # Additional flags for natd. ############################################################## ### System console options ################################# ############################################################## keymap="jp.106" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # bell to duration.pitch or normal or visual (or NO). keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: blank/daemon/green/snake/star/NO. moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. ############################################################## ### Miscellaneous administrative options ################### ############################################################## cron_enable="YES" # Run the periodic job daemon. lpd_enable="NO" # Run the line printer daemon. lpd_flags="" # Flags to lpd (if enabled). sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # -bd is pretty mandatory. dumpdev="NO" # Device name to crashdump to (if enabled). check_quotas="NO" # Check quotas (or NO). accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). linux_enable="NO" # Linux emulation loaded at startup (or NO). rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). clear_tmp_enable="NO" # Clear /tmp at startup. ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ############################################################## ### Allow local configuration override at the very end here ## ############################################################## if [ -f /etc/rc.conf.local ]; then . /etc/rc.conf.local fi ---- end of rc.conf Masahiro Ariga mariga@cd.mbn.or.jp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Dec 15 22:11: 9 1999 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom3.netcom.com [199.183.9.103]) by hub.freebsd.org (Postfix) with ESMTP id 8B3BA14CAB for ; Wed, 15 Dec 1999 22:11:04 -0800 (PST) (envelope-from klh@netcom.com) Received: (from klh@localhost) by netcom.com (8.9.3/8.9.3) id WAA11234; Wed, 15 Dec 1999 22:11:02 -0800 (PST) Date: Wed, 15 Dec 99 22:11:02 PST From: Ken Harrenstien To: freebsd-net@freebsd.org Cc: klh@netcom.com Subject: ipfw feature requests Message-ID: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Trying this list because I'm not sure whether the bug report mechanism should be used for feature requests... IPFW is an amazingly useful and impressive piece of work. Nevertheless, while wrestling a bit trying to write a new ruleset for a 4-interface (!) firewall/gateway, I came up with the following wishlist. A cursory inspection of netinet/ip_fw.c suggests that these might be possible to implement without too much pain, if TPTB decide they are worthy... [1] Provide some way to easily match packets that originate from or are destined for the local host, regardless of the IP address. Some approaches: [a] Add "local" as an acceptable keyword for or . Thus "deny all from not local to local" suppresses attempts to contact the gateway as a host, while allowing packet forwarding to continue. [b] Add "local" as a pseudo-interface name, to match packets that have no interface. Thus "out recv local" would match packets originating from the local host. I wish this could also be used to catch packets destined for the local host, but unfortunately "in xmit local" won't work as "xmit" can only be used/checked with "out" packets, sigh... [c] Allow boolean negation of each interface specification; then you can say "not any" which would be synonymous with "local" per [b]. Note that this feature would be very handy in general as it can be used with all of the existing interface specs. [2] Add a keyword such as "unreg" or "rfc1918" for and that would refer to all RFC1918 "unregistered" addresses, specifically 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. (NATD has something like this, by the way.) [3] Consider allowing more negation possibilities in general, e.g. for and as well as and . and some of the options might also be candidates, but I realize this could get out of hand. "not " per [1c] would be the most useful for me. Obviously none of these add new capabilities per se; they would just reduce the number of rules necessary (and thus gain a slight measure of both efficiency and clarity). If these suggestions would be better sent somewhere else, just let me know where. Thanks! --Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 3: 4:13 1999 Delivered-To: freebsd-net@freebsd.org Received: from expert.com.br (atalaia.expert.com.br [200.242.253.1]) by hub.freebsd.org (Postfix) with SMTP id 02FF01552B for ; Thu, 16 Dec 1999 03:04:09 -0800 (PST) (envelope-from aldrin@americasnet.com) Received: (qmail 50003 invoked from network); 16 Dec 1999 11:03:57 -0000 Received: from bxs20-1-p51.expert.com.br (HELO sixty.expert.com.br) (aldrin@200.242.253.191) by soure.expert.com.br with SMTP; 16 Dec 1999 11:03:57 -0000 Message-ID: <008d01bf47af$6414d900$0200a8c0@expert.com.br> From: "Aldrin Leal" To: Subject: Math Help for IPFW :) Date: Thu, 16 Dec 1999 08:21:56 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello :) I built a FreeBSD 3.3 box for a local ISP, and they asked me for some sorta of mrtg-like stats for some computers on the network. For this, i make a ruleset for each machine which i want to be measured (add pass all from x to any) and made a mrtg module which takes the count and resets it. How could i relate this count, the second one, for packets? For sure it means the number of packets processed. But how long is a packet? That's all i need to put the right number of kBPS/s they're doing. :) Thanks in advance, Aldrin L mailto:aldrin@americasnet.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 8:33:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from euitt.upm.es (haddock.euitt.upm.es [138.100.52.102]) by hub.freebsd.org (Postfix) with ESMTP id 7A3E315488; Thu, 16 Dec 1999 08:33:04 -0800 (PST) (envelope-from pjlobo@euitt.upm.es) Received: from localhost (pjlobo@localhost) by euitt.upm.es (8.9.3/8.9.3) with ESMTP id RAA06300; Thu, 16 Dec 1999 17:30:20 +0100 (MET) Date: Thu, 16 Dec 1999 17:30:19 +0100 (MET) From: "Pedro J. Lobo" To: "Jordan K. Hubbard" Cc: "C. Stephen Gunn" , wollman@LITTLE-CHOCOLATE-DONUTS.MIT.EDU, wpaul@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: 802.1Q VLAN support in FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I have seen today a discussion that took place in freebsd-net a few days ago about VLAN support. Well, I know that you are going to kill me, and that I really deserve it, but I have been reliably running VLANs on my desktop PC since last summer O:-) "Reliably" means not a single problem in about six months, with 8 to 12 hours of use per day. For example: deneb:pjlobo> netstat -ib Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll fxp0 1500 00.a0.c9.e7.09.ca 25337 0 28640604 21968 0 11327081 0 fxp0 1500 none none 25337 0 28640604 21968 0 11327081 0 vlan0 1500 00.a0.c9.e7.09.ca 0 0 113102 0 0 1742 0 vlan0 1500 10.0.52/24 deneb.red 0 0 113102 0 0 1742 0 vlan1 1500 00.a0.c9.e7.09.ca 0 0 27338299 0 0 11304225 0 vlan1 1500 138.100.52/25 deneb 0 0 27338299 0 0 11304225 0 vlan2 1500 00.a0.c9.e7.09.ca 0 0 1026543 0 0 21373 0 vlan2 1500 138.100.52.12 deneb.alumnos 0 0 1026543 0 0 21373 0 vlan3 1500 00.00.00.00.00.00 0 0 0 0 0 0 0 tun0* 1500 0 0 0 0 0 0 0 ppp0* 1500 0 0 0 0 0 0 0 lo0 16384 0 0 0 0 0 0 0 lo0 16384 127 localhost 0 0 0 0 0 0 0 deneb:pjlobo> uptime 5:28PM up 5:45, 4 users, load averages: 0.21, 0.21, 0.21 All this time I've been thinking "hey, I must tell this to someone" since then, but I've been very busy at work, my memory is weak, I'm very lazy... well, I know I have no excuse, but the fact is that I didn't do it. I must say that I was quite impressed when the thing worked. I have no experience with the BSD kernel, although I do have experience in C (and C++, Java, perl, etc, etc) programming. I did what I believed to be a quick and dirty hack (and I still think so), and voila, it worked. I can send you a tarball with the patches relative to -stable. I use a Intel Etherexpress Pro/100 card (fxp driver), and it is the only supported device, but the modifications to the driver are small and they shouldn't be very hard to reproduce in other drivers. Again, I am very sorry for having kept this for myself until now. Regards, Pedro. -- ------------------------------------------------------------------- Pedro José Lobo Perea Tel: +34 91 336 78 19 Centro de Cálculo Fax: +34 91 331 92 29 E.U.I.T. Telecomunicación e-mail: pjlobo@euitt.upm.es Universidad Politécnica de Madrid Ctra. de Valencia, Km. 7 E-28031 Madrid - España / Spain To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 23:13: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id BA40314DB9 for ; Thu, 16 Dec 1999 23:13:05 -0800 (PST) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id CAA02631; Fri, 17 Dec 1999 02:12:56 -0500 Date: Fri, 17 Dec 1999 02:12:56 -0500 (EST) From: Mike Nowlin To: Aldrin Leal Cc: freebsd-net@FreeBSD.ORG Subject: Re: Math Help for IPFW :) In-Reply-To: <008d01bf47af$6414d900$0200a8c0@expert.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > How could i relate this count, the second one, for packets? For sure it > means the number of packets processed. But how long is a packet? That's all > i need to put the right number of kBPS/s they're doing. :) The first problem is that packet size varies greatly -- it could be a single byte (plus header/address information), or quite large, depending on what the interface type/parameters are set for. The best solution I found for this is SNMP, which is what most of the "big boys" (PSI Net, for example) use. I do something similar -- sample the "interfaces.ifTable.ifEntry.ifOutOctets" and "interfaces.ifTable.ifEntry.ifInOctets" entries for each interface periodically, and you can calculate the average bandwidth usage per interface pretty easily: (with two samples, taken x seconds apart) Bandwidth = (sample1 - sample2) / x Not perfect, but it works. The closer in time the samples are, the more accurate your result. Using ucd-snmp, it's pretty easy to write a perl or shell script that will do this for you on a routine basis, and send it to some reporting method. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 23:30:47 1999 Delivered-To: freebsd-net@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id 85ABC14E78 for ; Thu, 16 Dec 1999 23:30:42 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.0) with SMTP id SAA20711; Fri, 17 Dec 1999 18:29:01 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 17 Dec 1999 18:29:01 +1100 (EST) From: Ian Smith To: Mike Nowlin Cc: Aldrin Leal , freebsd-net@FreeBSD.ORG Subject: Re: Math Help for IPFW :) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 17 Dec 1999, Mike Nowlin wrote: Sure you can use SNMP also, or instead, but if you want to do it from your gathered IPFW data, why not just use the byte counters rather than or as well as the packet counters, per rule? (almost) works here .. we're starting to analyse `ipfw -t show >> file` cronned every 5 minutes for 1.5 yrs (and running MRTG for the visuals). Cheers, Ian > > How could i relate this count, the second one, for packets? For sure it > > means the number of packets processed. But how long is a packet? That's all > > i need to put the right number of kBPS/s they're doing. :) > > The first problem is that packet size varies greatly -- it could be a > single byte (plus header/address information), or quite large, depending > on what the interface type/parameters are set for. > > The best solution I found for this is SNMP, which is what most of the "big > boys" (PSI Net, for example) use. I do something similar -- sample the > "interfaces.ifTable.ifEntry.ifOutOctets" and > "interfaces.ifTable.ifEntry.ifInOctets" entries for each interface > periodically, and you can calculate the average bandwidth usage per > interface pretty easily: > > (with two samples, taken x seconds apart) > > Bandwidth = (sample1 - sample2) / x > > Not perfect, but it works. The closer in time the samples are, the more > accurate your result. Using ucd-snmp, it's pretty easy to write a perl or > shell script that will do this for you on a routine basis, and send it to > some reporting method. > > mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 23:37:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id 3353714D5F for ; Thu, 16 Dec 1999 23:37:54 -0800 (PST) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id CAA02835; Fri, 17 Dec 1999 02:37:46 -0500 Date: Fri, 17 Dec 1999 02:37:46 -0500 (EST) From: Mike Nowlin To: Ian Smith Cc: Aldrin Leal , freebsd-net@FreeBSD.ORG Subject: Re: Math Help for IPFW :) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Sure you can use SNMP also, or instead, but if you want to do it from > your gathered IPFW data, why not just use the byte counters rather than > or as well as the packet counters, per rule? Agreed -- the reason I use SNMP is that the program which monitors this stuff is far more involved than I let on -- actually watches lots of different boxes (computers, routers, etc.) from a central monitoring station. Depends on how you want to do it, and what you want to watch... SNMP is pretty hoggish, but it's universal. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 16 23:57:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id 263A314C87 for ; Thu, 16 Dec 1999 23:57:52 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.0) with SMTP id SAA21089; Fri, 17 Dec 1999 18:56:19 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 17 Dec 1999 18:56:19 +1100 (EST) From: Ian Smith To: Mike Nowlin Cc: Aldrin Leal , freebsd-net@FreeBSD.ORG Subject: Re: Math Help for IPFW :) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 17 Dec 1999, Mike Nowlin wrote: > > Sure you can use SNMP also, or instead, but if you want to do it from > > your gathered IPFW data, why not just use the byte counters rather than > > or as well as the packet counters, per rule? > > Agreed -- the reason I use SNMP is that the program which monitors this > stuff is far more involved than I let on -- actually watches lots of > different boxes (computers, routers, etc.) from a central monitoring > station. Way to go for that for sure. > Depends on how you want to do it, and what you want to watch... SNMP is > pretty hoggish, but it's universal. Agreed all round. IPFW stats can be pretty useful for single box analysis though, especially with careful (count) rule design. In retrospect, I have a lot or work to do on it yet :^) Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 17 8:22: 6 1999 Delivered-To: freebsd-net@freebsd.org Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by hub.freebsd.org (Postfix) with ESMTP id F2AEE1578C for ; Fri, 17 Dec 1999 08:21:40 -0800 (PST) (envelope-from rik@cronyx.ru) Received: from cronyx.ru by hanoi.cronyx.ru with ESMTP id TAA05056; (8.9.3/vak/2.1) Fri, 17 Dec 1999 19:21:18 +0300 (MSK) Message-ID: <385A62A0.768BD41@cronyx.ru> Date: Fri, 17 Dec 1999 19:19:44 +0300 From: Kurakin Roman X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Where to get last NETGRAPH Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Where to get last Netgraph sources? I tried to get them from ftp.FreeBSD.org, but I did not found them in ssys.??. Kurakin Roman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 18 8:53:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom14.netcom.com [199.183.9.114]) by hub.freebsd.org (Postfix) with ESMTP id F11E814D0E for ; Sat, 18 Dec 1999 08:53:36 -0800 (PST) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id IAA25336 for freebsd-net@FreeBSD.ORG; Sat, 18 Dec 1999 08:53:36 -0800 (PST) From: Stan Brown Message-Id: <199912181653.IAA25336@netcom.com> Subject: ipfw rule to allow traceroute to include 10.x.x.x addresses? To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Sat, 18 Dec 1999 11:53:36 -0500 (EST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My cablemodem provider uses 10.x.x.x addreses internaly yo thire network. I don;t want to start a flamewar on whether this is a good or bad thing., It's totaly out of my control. However it is causing me problems. Wuth the default "simple" firwall ruleset, the repy packests from the hops are blocked. I am having a bit of a problem designing a rule to place in front of the non-routable network blocking rules to allow these packets back in. I am using natd to tarnslate all the hosts on my local network, so it should allow any host on my network to do a tracerout. The basic problem that i am having is withe the protocal type. Using ip, or icpm seems to generate an error messae when I try to insert the rule. Any sugestions? -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 18 13: 1:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id 5B8BF14D0C for ; Sat, 18 Dec 1999 13:01:55 -0800 (PST) (envelope-from andreas@klemm.gtn.com) Received: from klemm.gtn.com (pppak04.gtn.com [194.231.123.169]) by picalon.gun.de (8.9.3/8.9.3) with ESMTP id WAA21891; Sat, 18 Dec 1999 22:01:41 +0100 (MET) Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.3) id WAA00359; Sat, 18 Dec 1999 22:00:45 +0100 (CET) (envelope-from andreas) Date: Sat, 18 Dec 1999 22:00:44 +0100 From: Andreas Klemm To: Kurakin Roman Cc: freebsd-net@FreeBSD.ORG Subject: Re: Where to get last NETGRAPH Message-ID: <19991218220044.A97641@titan.klemm.gtn.com> References: <385A62A0.768BD41@cronyx.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <385A62A0.768BD41@cronyx.ru>; from rik@cronyx.ru on Fri, Dec 17, 1999 at 07:19:44PM +0300 X-Operating-System: FreeBSD 3.4-STABLE SMP X-Disclaimer: A free society is one where it is safe to be unpopular Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Dec 17, 1999 at 07:19:44PM +0300, Kurakin Roman wrote: > Hello, > Where to get last Netgraph sources? I tried to get them from > ftp.FreeBSD.org, but I did not > found them in ssys.??. It has been merged from -current to -stable last recently. Didn't you know that or is there something different behind your question ? -- Andreas Klemm http://www.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD Get new songs from our band: http://www.freebsd.org/~andreas/64bits/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 18 15:18:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from expert.com.br (atalaia.expert.com.br [200.242.253.1]) by hub.freebsd.org (Postfix) with SMTP id BB4F61500D for ; Sat, 18 Dec 1999 15:18:50 -0800 (PST) (envelope-from aldrin@americasnet.com) Received: (qmail 86842 invoked from network); 18 Dec 1999 23:18:45 -0000 Received: from bxs20-1-p24.expert.com.br (HELO sixty.expert.com.br) (aldrin@200.242.253.164) by soure.expert.com.br with SMTP; 18 Dec 1999 23:18:45 -0000 Message-ID: <007101bf49a8$5eeeb9a0$0200a8c0@expert.com.br> From: "Aldrin Leal" To: "Ian Smith" Cc: References: Subject: Re: Math Help for IPFW :) Date: Sat, 18 Dec 1999 20:36:42 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Sure you can use SNMP also, or instead, but if you want to do it from I really haven't tried to find SMNP agents for Win9x, which are the platform for the computers. > your gathered IPFW data, why not just use the byte counters rather than > or as well as the packet counters, per rule? How to look at the byte counters? :] My source is: ### Cut here #!/usr/bin/suidperl $rule = 2500; if (open(HANDLE, "/sbin/ipfw -q show $rule|")) { if ($line = ) { chomp $line; @values = split(' ', $line); $packets = $values[2]; } close(HANDLE); } system "/sbin/ipfw -q zero $rule"; print "$packets\n$packets\n00:00\nrule $rule\n"; ### Unclip The rule is: 02500 108 11320 allow ip from 200.242.253.6 to any > > The first problem is that packet size varies greatly -- it could be a > > single byte (plus header/address information), or quite large, depending > > on what the interface type/parameters are set for. That's where all my problem starts... and ends. > > The best solution I found for this is SNMP, which is what most of the "big > > boys" (PSI Net, for example) use. I do something similar -- sample the > > "interfaces.ifTable.ifEntry.ifOutOctets" and > > "interfaces.ifTable.ifEntry.ifInOctets" entries for each interface > > periodically, and you can calculate the average bandwidth usage per > > interface pretty easily: Well. I'll try to find an SNMP agent. thanks, anyway. :) done, Aldrin Leal mailto:aldrin@americasnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 19 8:37:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from netcom.com (netcom2.netcom.com [199.183.9.102]) by hub.freebsd.org (Postfix) with ESMTP id 20CEF150C5 for ; Sun, 19 Dec 1999 08:37:56 -0800 (PST) (envelope-from stanb@netcom.com) Received: (from stanb@localhost) by netcom.com (8.9.3/8.9.3) id IAA26258 for freebsd-net@FreeBSD.ORG; Sun, 19 Dec 1999 08:37:55 -0800 (PST) From: Stan Brown Message-Id: <199912191637.IAA26258@netcom.com> Subject: Puzzling ipfw rejections To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Date: Sun, 19 Dec 1999 11:37:54 -0500 (EST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Could some kind soul explain the following to me? Dec 18 11:57:19 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4622 24.6.61.166:113 in via ed1 Dec 18 11:57:40 koala last message repeated 3 times Dec 18 11:58:29 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4658 24.6.61.166:113 in via ed1 Dec 18 11:58:50 koala last message repeated 3 times Dec 18 12:09:12 koala ntpdate[914]: adjust time server 192.5.41.41 offset -0.136201 Dec 18 12:09:34 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:3904 24.6.61.166:23 in via ed1 Dec 18 12:09:51 koala last message repeated 2 times Dec 18 12:10:11 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 Dec 18 12:10:29 koala last message repeated 2 times Dec 18 12:13:16 koala /kernel: ipfw: 1400 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 Dec 18 12:13:57 koala last message repeated 3 times Dec 18 12:14:37 koala last message repeated 2 times Dec 18 12:35:58 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 Dec 18 12:36:16 koala last message repeated 2 times Dec 18 12:36:40 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 Dec 18 12:39:22 koala ftpd[1082]: FTP LOGIN FAILED FROM netcom12.netcom.com, stan Dec 18 12:40:13 koala ntpdate[1091]: adjust time server 128.115.14.97 offset -0.109061 The machine in question is a new gateway machine that I am seting up *3.3 STABLE) using ipfw and natd. I _believe that the rejections are related to a script that I run that makes backups of my accounts on local machines. In this case the machines are netcom.com, and awod.com Thsi script tars up the contents, and then ftps's it back to a machine behind the firewall (kodiak). But I don't understand the port numbers that I am seeing here. can anyone give me a clue? -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 19 11: 4:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id EC77714CE7 for ; Sun, 19 Dec 1999 11:04:29 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.0) with SMTP id CAA09038; Mon, 20 Dec 1999 02:19:01 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 20 Dec 1999 02:19:01 +1100 (EST) From: Ian Smith Reply-To: Ian Smith To: Aldrin Leal Cc: freebsd-net@FreeBSD.ORG Subject: Re: Math Help for IPFW :) In-Reply-To: <007101bf49a8$5eeeb9a0$0200a8c0@expert.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > How to look at the byte counters? :] > > My source is: > > ### Cut here > #!/usr/bin/suidperl > > $rule = 2500; > if (open(HANDLE, "/sbin/ipfw -q show $rule|")) { > if ($line = ) { > chomp $line; > @values = split(' ', $line); > $packets = $values[2]; > } > close(HANDLE); > } > > system "/sbin/ipfw -q zero $rule"; > print "$packets\n$packets\n00:00\nrule $rule\n"; > ### Unclip > > The rule is: 02500 108 11320 allow ip from 200.242.253.6 to any So, 108 is the packet count and 11320 is the byte count. At this point average packet size is 11320 bytes / 108 packets = 104.8 bytes/packet. I know little perl, don't quote me, but it seems likely that adding .. $bytes = $values[3]; .. just below your $packets assignment above, ought to do the job? Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 19 14:14:52 1999 Delivered-To: freebsd-net@freebsd.org Received: from expert.com.br (atalaia.expert.com.br [200.242.253.1]) by hub.freebsd.org (Postfix) with SMTP id E280B15272 for ; Sun, 19 Dec 1999 14:14:46 -0800 (PST) (envelope-from aldrin@americasnet.com) Received: (qmail 41906 invoked from network); 19 Dec 1999 22:14:34 -0000 Received: from bxs20-1-p26.expert.com.br (HELO sixty.expert.com.br) (200.242.253.166) by soure.expert.com.br with SMTP; 19 Dec 1999 22:14:34 -0000 Message-ID: <002101bf4a68$986b8260$0200a8c0@expert.com.br> From: "Aldrin Leal" To: "Ian Smith" Cc: References: Subject: Re: Math Help for IPFW :) Date: Sun, 19 Dec 1999 19:32:44 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > So, 108 is the packet count and 11320 is the byte count. At this point > average packet size is 11320 bytes / 108 packets = 104.8 bytes/packet. Hm... i thought the first one was the number of matches. Fix it fix it. :) Thank you. :) done, Aldrin Leal mailto:aldrin@americasnet.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Dec 19 15:28:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id A59F714D0D for ; Sun, 19 Dec 1999 15:28:34 -0800 (PST) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=ben) by scientia.demon.co.uk with smtp (Exim 3.092 #1) id 11zo74-000OeZ-00; Sun, 19 Dec 1999 21:43:34 +0000 Date: Sun, 19 Dec 1999 21:43:34 +0000 From: Ben Smithurst To: Stan Brown Cc: FreeBSD Networking Subject: Re: Puzzling ipfw rejections Message-ID: <19991219214334.A2246@strontium.scientia.demon.co.uk> References: <199912191637.IAA26258@netcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <199912191637.IAA26258@netcom.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stan Brown wrote: > Could some kind soul explain the following to me? > > > Dec 18 11:57:19 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4622 24.6.61.166:113 in via ed1 > Dec 18 11:58:29 koala /kernel: ipfw: 2300 Deny TCP 208.140.99.1:4658 24.6.61.166:113 in via ed1 > Dec 18 12:09:34 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:3904 24.6.61.166:23 in via ed1 > Dec 18 12:10:11 koala /kernel: ipfw: 1600 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 > Dec 18 12:13:16 koala /kernel: ipfw: 1400 Deny TCP 199.183.9.112:1022 24.6.61.166:22 in via ed1 > Dec 18 12:35:58 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 > Dec 18 12:36:40 koala /kernel: ipfw: 1500 Deny TCP 199.183.9.112:4087 24.6.61.166:21 in via ed1 > > The machine in question is a new gateway machine that I am seting up > *3.3 STABLE) using ipfw and natd. I _believe that the rejections are > related to a script that I run that makes backups of my accounts on > local machines. In this case the machines are netcom.com, and awod.com > Thsi script tars up the contents, and then ftps's it back to a machine > behind the firewall (kodiak). > > But I don't understand the port numbers that I am seeing here. can > anyone give me a clue? Take a look in /etc/services. ftp 21/tcp #File Transfer [Control] ssh 22/tcp #Secure Shell Login telnet 23/tcp auth 113/tcp ident tap #Authentication Service The source ports aren't really important here. -- Ben Smithurst | PGP: 0x99392F7D ben@scientia.demon.co.uk | key available from keyservers and | ben+pgp@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 5: 6: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from euitt.upm.es (haddock.euitt.upm.es [138.100.52.102]) by hub.freebsd.org (Postfix) with ESMTP id 96709151CF for ; Mon, 20 Dec 1999 05:06:02 -0800 (PST) (envelope-from pjlobo@euitt.upm.es) Received: from localhost (pjlobo@localhost) by euitt.upm.es (8.9.3/8.9.3) with ESMTP id OAA27541; Mon, 20 Dec 1999 14:05:40 +0100 (MET) Date: Mon, 20 Dec 1999 14:05:39 +0100 (MET) From: "Pedro J. Lobo" To: Andreas Klemm Cc: freebsd-net@freebsd.org Subject: Re: 802.1Q VLAN support in FreeBSD In-Reply-To: <19991218220304.B97641@titan.klemm.gtn.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 18 Dec 1999, Andreas Klemm wrote: >Cool ! > >Perhaps you could make it available via http or ftp ? >So everybody who wants, can have look at it. I have set up a page for this. You can find it at http://www.euitt.upm.es/~pjlobo/fbsdvlan.html. I am very interested in comments about the code. I've had no time to write an explanation for it, but it should be easy to follow. Regards, Pedro. -- ------------------------------------------------------------------- Pedro José Lobo Perea Tel: +34 91 336 78 19 Centro de Cálculo Fax: +34 91 331 92 29 E.U.I.T. Telecomunicación e-mail: pjlobo@euitt.upm.es Universidad Politécnica de Madrid Ctra. de Valencia, Km. 7 E-28031 Madrid - España / Spain To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 9:19:47 1999 Delivered-To: freebsd-net@freebsd.org Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by hub.freebsd.org (Postfix) with ESMTP id A9D5715347 for ; Mon, 20 Dec 1999 09:19:36 -0800 (PST) (envelope-from rik@cronyx.ru) Received: from cronyx.ru by hanoi.cronyx.ru with ESMTP id UAA17106; (8.9.3/vak/2.1) Mon, 20 Dec 1999 20:18:51 +0300 (MSK) Message-ID: <385E64AE.484EA1DF@cronyx.ru> Date: Mon, 20 Dec 1999 20:17:34 +0300 From: Kurakin Roman X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Klemm Cc: freebsd-net@FreeBSD.ORG Subject: Re: Where to get last NETGRAPH References: <385A62A0.768BD41@cronyx.ru> <19991218220044.A97641@titan.klemm.gtn.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andreas Klemm wrote: > On Fri, Dec 17, 1999 at 07:19:44PM +0300, Kurakin Roman wrote: > > Hello, > > Where to get last Netgraph sources? I tried to get them from > > ftp.FreeBSD.org, but I did not > > found them in ssys.??. > > It has been merged from -current to -stable last recently. > Didn't you know that or is there something different behind > your question ? Thank you for reply. I thought that sources in release. I also expect that there is a place where I can get last NG archive. I working with netgraph sources and it easy for me when all text together. Kurakin Roman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 10:52: 6 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A254D15062 for ; Mon, 20 Dec 1999 10:51:57 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA73090; Mon, 20 Dec 1999 13:51:36 -0500 (EST) (envelope-from wollman) Date: Mon, 20 Dec 1999 13:51:36 -0500 (EST) From: Garrett Wollman Message-Id: <199912201851.NAA73090@khavrinen.lcs.mit.edu> To: "Pedro J. Lobo" Cc: Andreas Klemm , freebsd-net@FreeBSD.ORG Subject: Re: 802.1Q VLAN support in FreeBSD In-Reply-To: References: <19991218220304.B97641@titan.klemm.gtn.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I have set up a page for this. You can find it at > http://www.euitt.upm.es/~pjlobo/fbsdvlan.html. I am very interested in > comments about the code. I've had no time to write an explanation for it, > but it should be easy to follow. I am concerned at the size of the patches. Most of the patch to if_ethersubr.c is bogus -- that's what the code in if_vlan.c is supposed to do. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 12:48:18 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id A7B6B153D9 for ; Mon, 20 Dec 1999 12:48:08 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id MAA22877; Mon, 20 Dec 1999 12:47:28 -0800 (PST) From: Archie Cobbs Message-Id: <199912202047.MAA22877@bubba.whistle.com> Subject: Re: ipfw feature requests In-Reply-To: from Ken Harrenstien at "Dec 15, 1999 10:11:02 pm" To: klh@netcom.com (Ken Harrenstien) Date: Mon, 20 Dec 1999 12:47:28 -0800 (PST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ken Harrenstien writes: > IPFW is an amazingly useful and impressive piece of work. > Nevertheless, while wrestling a bit trying to write a new ruleset for > a 4-interface (!) firewall/gateway, I came up with the following > wishlist. A cursory inspection of netinet/ip_fw.c suggests that these > might be possible to implement without too much pain, if TPTB decide > they are worthy... > > [1] Provide some way to easily match packets that originate from or > are destined for the local host, regardless of the IP address. > Some approaches: > > [a] Add "local" as an acceptable keyword for or . > Thus "deny all from not local to local" suppresses attempts to contact > the gateway as a host, while allowing packet forwarding to continue. > > [b] Add "local" as a pseudo-interface name, to match packets that have > no interface. Thus "out recv local" would match packets > originating from the local host. I wish this could also be used > to catch packets destined for the local host, but unfortunately > "in xmit local" won't work as "xmit" can only be used/checked with > "out" packets, sigh... > > [c] Allow boolean negation of each interface specification; then you can > say "not any" which would be synonymous with "local" per [b]. > Note that this feature would be very handy in general as it can > be used with all of the existing interface specs. I think [b] is best. But note that you don't know an incoming packet is local at the time ipfw looks at it because it hasn't been routed yet. So this would only work for outgoing packets. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 14:52:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from catarina.usc.edu (catarina.usc.edu [128.125.51.47]) by hub.freebsd.org (Postfix) with ESMTP id E51A815276 for ; Mon, 20 Dec 1999 14:52:09 -0800 (PST) (envelope-from pavlin@catarina.usc.edu) Received: from rumi.usc.edu (rumi.usc.edu [128.125.51.41]) by catarina.usc.edu (8.9.3/8.9.3) with ESMTP id OAA22387; Mon, 20 Dec 1999 14:52:08 -0800 (PST) Received: from rumi (localhost [127.0.0.1]) by rumi.usc.edu (8.9.3/8.9.3) with ESMTP id OAA18142; Mon, 20 Dec 1999 14:52:15 -0800 (PST) Message-Id: <199912202252.OAA18142@rumi.usc.edu> To: net@freebsd.org Cc: pavlin@catarina.usc.edu Subject: TTL and FreeBSD-3.4 Date: Mon, 20 Dec 1999 14:52:15 -0800 From: Pavlin Ivanov Radoslavov Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just got the announcement for the FreeBSD-3.4 release and something caught my attention: 1.2. SECURITY CHANGES --------------------- Support has been added for forwarding IP datagrams without inspecting or decreasing the TTL in order to make gateways and firewalls less visible and therefore less exposed to attacks. ====== I understand the security concern and the motivations for adding this feature, but isn't forwarding IP datagrams without decreasing their TTL a violation of one of the requirements for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). By not following this requirement, there is great danger from looping packets infinitely, which could be much worse than someone discovering your gateway IP address. Thanks, Pavlin P.S. I am not on the mailing list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Dec 20 17:33:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from slwangi.bit.net.id (ns1.bit.net.id [202.147.252.2]) by hub.freebsd.org (Postfix) with ESMTP id 7DEF614A18 for ; Mon, 20 Dec 1999 17:33:43 -0800 (PST) (envelope-from darmawamimi@tpj.co.id) Received: from tpjhq02.tpj.co.id (mail.tpj.co.id [202.147.255.210]) by slwangi.bit.net.id (8.8.5/BITNET2) with SMTP id IAA20657 for ; Tue, 21 Dec 1999 08:41:19 +0700 (BBWI) From: darmawamimi@tpj.co.id Received: by tpjhq02.tpj.co.id(Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) id 4725684E.0008534D ; Tue, 21 Dec 1999 08:30:56 +0700 X-Lotus-FromDomain: TPJ To: freebsd-net@freebsd.org Message-ID: <4725684E.000852BE.00@tpjhq02.tpj.co.id> Date: Tue, 21 Dec 1999 08:34:40 +0700 Subject: connection problem Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear colleagues, We have connection between Cisco router 1601 to Cisco router 1601 through ISDN line. This configuration has operated normally for 2 months. Currently this connection could not give us appropriate performance. After I do permanent ping, the connection is unstabile. I ask to telecommunication operator to monitor this connection through their ISDN switch, the result is normal. Please advice us. Thanks Mimi Darmawan Communication Engineer PT Thames Pam Jaya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Dec 21 2:33:41 1999 Delivered-To: freebsd-net@freebsd.org Received: from relay.wplus.net (relay.wplus.net [195.131.52.179]) by hub.freebsd.org (Postfix) with ESMTP id C30691534F for ; Tue, 21 Dec 1999 02:33:37 -0800 (PST) (envelope-from dms@woland.wplus.net) Received: from woland.wplus.net (woland.wplus.net [195.131.0.39]) by relay.wplus.net (8.9.1/8.9.1/wplus.2) with ESMTP id NAA68949; Tue, 21 Dec 1999 13:33:01 +0300 (MSK) X-Real-To: net@FreeBSD.ORG Received: (from dms@localhost) by woland.wplus.net (8.9.3/8.9.1/wplus.2) id NAA80977; Tue, 21 Dec 1999 13:33:35 +0300 (MSK) Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199912202252.OAA18142@rumi.usc.edu> Date: Tue, 21 Dec 1999 13:33:35 +0300 (MSK) From: Dmitry Samersoff To: Pavlin Ivanov Radoslavov Subject: RE: TTL and FreeBSD-3.4 Cc: net@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 20-Dec-1999 Pavlin Ivanov Radoslavov wrote: > I just got the announcement for the FreeBSD-3.4 release and > something caught my attention: > > 1.2. SECURITY CHANGES > --------------------- > > Support has been added for forwarding IP datagrams without > inspecting or > decreasing the TTL in order to make gateways and firewalls less > visible > and therefore less exposed to attacks. > ====== > > I understand the security concern and the motivations for adding > this feature, but isn't forwarding IP datagrams without decreasing > their TTL a violation of one of the requirements > for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). > By not following this requirement, there is great danger from > looping packets infinitely, which could be much worse than > someone discovering your gateway IP address. IMHO, FreeBSD it self is dangerous enough, because all source is available ;-)) All such patches believe that I well know what I'm doing, and save my time because I need not make such patches by hand. -- Dmitry Samersoff, dms@wplus.net, ICQ:3161705 http://devnull.wplus.net * There will come soft rains ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Dec 21 9:26:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from pooh.aist-nara.ac.jp (info29.aist-nara.ac.jp [163.221.130.149]) by hub.freebsd.org (Postfix) with ESMTP id 1512114C45 for ; Tue, 21 Dec 1999 09:26:20 -0800 (PST) (envelope-from demizu@dd.iij4u.or.jp) Received: from localhost by pooh.aist-nara.ac.jp (8.8.7/2.8Wb) id RAA13962; Tue, 21 Dec 1999 17:27:11 GMT From: Noritoshi Demizu To: freebsd-net@freebsd.org Subject: Re: RFC 2140. In-Reply-To: Your message of "Mon, 25 Oct 1999 09:42:21 -0700" References: <048d01bf1f07$e85749d0$1e80000a@avantgo.com> X-Mailer: Mew version 1.69 on Emacs 19.28.1 / Mule 2.3 X-URL: http://infonet.aist-nara.ac.jp/member/nori-d/ Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19991222022710N.demizu@dd.iij4u.or.jp> Date: Wed, 22 Dec 1999 02:27:10 +0900 X-Dispatcher: impost version 0.99i (Apr. 6, 1997) Lines: 10 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We have been modifying TCP code of FreeBSD 3.2R to support RFC2140. The behaviour of our current implementation can be found at http://skywalker.aist-nara.ac.jp/tcp-ikoma/. Our current code is running on this server. Best Regards, Noritoshi Demizu, NAIST ps. apache running on skywalker also can speak T/TCP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Dec 21 11:37:24 1999 Delivered-To: freebsd-net@freebsd.org Received: from adsl-206-170-238-103.dsl.lsan03.pacbell.net (adsl-206-170-238-103.dsl.lsan03.pacbell.net [206.170.238.103]) by hub.freebsd.org (Postfix) with ESMTP id 9E91214E1F for ; Tue, 21 Dec 1999 11:37:20 -0800 (PST) (envelope-from mailsrv@rtscomputer.net) Received: from db (db.rp.com [192.168.1.2]) by adsl-206-170-238-103.dsl.lsan03.pacbell.net (8.9.3/8.9.3) with SMTP id LAA27124 for ; Tue, 21 Dec 1999 11:35:23 -0800 (PST) (envelope-from mailsrv@rtscomputer.net) Message-ID: <005e01bf4beb$b134ab80$0201a8c0@rp.com> From: "Richard" To: Subject: join Date: Tue, 21 Dec 1999 11:43:44 -0800 Organization: rTs Computer Systems MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org join To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Dec 21 22:17:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from srv4-bsb.bsb.nutecnet.com.br (argonio.bsb.nutecnet.com.br [200.252.253.4]) by hub.freebsd.org (Postfix) with ESMTP id 11F6715049; Tue, 21 Dec 1999 22:17:51 -0800 (PST) (envelope-from visi0n@aux-tech.org) Received: from ebola.chinatown.org ([200.252.15.93]) by srv4-bsb.bsb.nutecnet.com.br (8.8.5/SCA-6.6) with ESMTP id FAA26035; Wed, 22 Dec 1999 05:23:55 -0200 (BRV) Date: Wed, 22 Dec 1999 04:16:10 -0200 (EDT) From: visi0n X-Sender: visi0n@ebola.chinatown.org To: freebsd-hackers@FreeBSD.ORG Cc: freebsd-net@freebsd.org Subject: sk_buff vs mbuf Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there someone closer to a linux box, tell me if sk_buff is more fast than mbuf. I was reading these codes but I can't figure out the final result. =============================================================================== visi0n AUX Technologies [www.aux-tech.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Dec 22 0: 4:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from catarina.usc.edu (catarina.usc.edu [128.125.51.47]) by hub.freebsd.org (Postfix) with ESMTP id 1093815042 for ; Wed, 22 Dec 1999 00:04:20 -0800 (PST) (envelope-from pavlin@catarina.usc.edu) Received: from rumi.usc.edu (rumi.usc.edu [128.125.51.41]) by catarina.usc.edu (8.9.3/8.9.3) with ESMTP id AAA28085; Wed, 22 Dec 1999 00:04:19 -0800 (PST) Received: from rumi (localhost [127.0.0.1]) by rumi.usc.edu (8.9.3/8.9.3) with ESMTP id AAA21295; Wed, 22 Dec 1999 00:04:22 -0800 (PST) Message-Id: <199912220804.AAA21295@rumi.usc.edu> To: Dmitry Samersoff Cc: Pavlin Ivanov Radoslavov , net@FreeBSD.ORG Subject: Re: TTL and FreeBSD-3.4 In-reply-to: Your message of "Tue, 21 Dec 1999 13:33:35 +0300." Date: Wed, 22 Dec 1999 00:04:22 -0800 From: Pavlin Ivanov Radoslavov Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I just got the announcement for the FreeBSD-3.4 release and > > something caught my attention: > > > > 1.2. SECURITY CHANGES > > --------------------- > > > > Support has been added for forwarding IP datagrams without > > inspecting or > > decreasing the TTL in order to make gateways and firewalls less > > visible > > and therefore less exposed to attacks. > > ====== > > > > I understand the security concern and the motivations for adding > > this feature, but isn't forwarding IP datagrams without decreasing > > their TTL a violation of one of the requirements > > for the routers (e.g RFC 1812, Section 5.2.1.2 (step 7) and 5.3.1). > > By not following this requirement, there is great danger from > > looping packets infinitely, which could be much worse than > > someone discovering your gateway IP address. > > IMHO, FreeBSD it self is dangerous enough, because all source is available ;-)) > All such patches believe that I well know what I'm doing, and save my time > because I need not make such patches by hand. Well, you don't really need FreeBSD's source, because you can always write your own OS :) After some search in the FreeBSD-current and 3.4 source tree, the only thing I found related is IPSTEALTH. The LINT says: # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. However, IPSTEALTH matters only in the following code (in netinet/ip_input.c): #ifdef IPSTEALTH if (!ipstealth) { #endif if (ip->ip_ttl <= IPTTLDEC) { icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); return; } ip->ip_ttl -= IPTTLDEC; #ifdef IPSTEALTH } #endif So, IPSTEALTH can be used to configure a router such that it will not respond by ICMP "TTL Exceeded" if the ttl of the IP data packet is <= 1, and therefore it will be invisible to traceroute. This is completely different from the explanation in the LINT and from the text in the original annoucement, and is quite harmless, unlike the described there "stealth forwarding". Is this all what IPSTEALTH and "stealth forwarding" is about, or there is something more? If this is all, then probably the explanation text in LINT should be fixed, otherwise it may scare other people as well :) Thanks, Pavlin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Dec 22 0:41:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from databus.databus.com (databus.databus.com [198.186.154.34]) by hub.freebsd.org (Postfix) with SMTP id E4FBA14FA2 for ; Wed, 22 Dec 1999 00:41:23 -0800 (PST) (envelope-from barney@databus.databus.com) From: Barney Wolff To: freebsd-net@freebsd.org Date: Wed, 22 Dec 1999 03:37 EST Subject: Re: TTL and FreeBSD-3.4 Content-Length: 1483 Content-Type: text/plain Message-ID: <38608dcf0.5bdf@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did you not see the line > ip->ip_ttl -= IPTTLDEC; which is skipped when stealth is on? Looks like decrementing the ttl, to me. But a bridge (aka switch, these days) doesn't do it either. It's safe iff two stealthed devices are never directly connected to each other. Barney Wolff > Date: Wed, 22 Dec 1999 00:04:22 -0800 > From: Pavlin Ivanov Radoslavov > > However, IPSTEALTH matters only in the following code (in > netinet/ip_input.c): > > #ifdef IPSTEALTH > if (!ipstealth) { > #endif > if (ip->ip_ttl <= IPTTLDEC) { > icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, > dest, 0); > return; > } > ip->ip_ttl -= IPTTLDEC; > #ifdef IPSTEALTH > } > #endif > > So, IPSTEALTH can be used to configure a router such that it will > not respond by ICMP "TTL Exceeded" if the ttl of the IP data packet > is <= 1, and therefore it will be invisible to traceroute. This is > completely different from the explanation in the LINT and from the > text in the original annoucement, and is quite harmless, unlike the > described there "stealth forwarding". > > Is this all what IPSTEALTH and "stealth forwarding" is about, or > there is something more? > If this is all, then probably the explanation text in LINT should be > fixed, otherwise it may scare other people as well :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Dec 22 20:44:16 1999 Delivered-To: freebsd-net@freebsd.org Received: from srv4-bsb.bsb.nutecnet.com.br (argonio.bsb.nutecnet.com.br [200.252.253.4]) by hub.freebsd.org (Postfix) with ESMTP id 5C14315633; Wed, 22 Dec 1999 20:44:11 -0800 (PST) (envelope-from visi0n@aux-tech.org) Received: from ebola.chinatown.org (dl7089-bsb.bsb.nutecnet.com.br [200.252.208.89]) by srv4-bsb.bsb.nutecnet.com.br (8.8.5/SCA-6.6) with ESMTP id DAA24073; Thu, 23 Dec 1999 03:50:04 -0200 (BRV) Date: Thu, 23 Dec 1999 02:41:56 -0200 (EDT) From: visi0n X-Sender: visi0n@ebola.chinatown.org To: "Ronald F. Guilmette" Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Subject: Re: sk_buff vs mbuf In-Reply-To: <62986.945886346@monkeys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 22 Dec 1999, Ronald F. Guilmette wrote: > > In message , you wr > ote: > > > > > Is there someone closer to a linux box, tell me if sk_buff is more > >fast than mbuf. I was reading these codes but I can't figure out the final > >result. > > I have a Linux system here, but I don't understand you question. > The question is what is more fast the sk_buff method or mbuf method ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 23 3:45:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by hub.freebsd.org (Postfix) with ESMTP id 52090155DE for ; Thu, 23 Dec 1999 03:44:39 -0800 (PST) (envelope-from rik@cronyx.ru) Received: from cronyx.ru by hanoi.cronyx.ru with ESMTP id OAA07999; (8.9.3/vak/2.1) Thu, 23 Dec 1999 14:45:59 +0300 (MSK) Message-ID: <38620B06.C3F3D771@cronyx.ru> Date: Thu, 23 Dec 1999 14:44:07 +0300 From: Kurakin Roman X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Bug in mpd Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I have found a bug in mpd. It can't connect to netgraph based driver for serial card. Problem in file ng.c in function NgOpen(). static void NgOpen(PhysInfo p) { NgInfo const ng = (NgInfo) p->info; char linkHook[NG_HOOKLEN + 1]; + char MyName[NG_NODELEN + 1]; snprintf(linkHook, sizeof(linkHook), "%s%d", NG_PPP_HOOK_LINK_PREFIX, lnk->bundleIndex); +snprintf(MyName,sizeof(MyName), "mpd%d-%s:", getpid(), lnk->bund->name); - if (NgFuncConnect(ng->path, ng->hook, MPD_HOOK_PPP, linkHook) < 0) + if (NgFuncConnect(ng->path, ng->hook, MyName, linkHook) < 0) PhysDown(STR_CON_FAILED0, NULL); else PhysUp(); } Kurakin Roman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 23 8:22:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from web1004.mail.yahoo.com (web1004.mail.yahoo.com [128.11.23.94]) by hub.freebsd.org (Postfix) with SMTP id 6E18A15660 for ; Thu, 23 Dec 1999 08:22:52 -0800 (PST) (envelope-from binxist@yahoo.com) Received: (qmail 11860 invoked by uid 60001); 23 Dec 1999 16:22:50 -0000 Message-ID: <19991223162250.11859.qmail@web1004.mail.yahoo.com> Received: from [216.165.169.210] by web1004.mail.yahoo.com; Thu, 23 Dec 1999 08:22:50 PST Date: Thu, 23 Dec 1999 08:22:50 -0800 (PST) From: Russell Frame Subject: SOCKS wrapper To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I am looking for a utility that will "socksify" network applications that do not natively support SOCKS. An example would be to run a standard telnet session through a SOCKS proxy to outside hosts. The only thing I found in ports was the Perl module and a quick web search didn't pull up anything either. Thanks, Russell Frame __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 23 8:26:32 1999 Delivered-To: freebsd-net@freebsd.org Received: from goliath.siemens.de (goliath.siemens.de [194.138.37.131]) by hub.freebsd.org (Postfix) with ESMTP id 882B215632 for ; Thu, 23 Dec 1999 08:26:27 -0800 (PST) (envelope-from ust@cert.siemens.de) X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer goliath.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by goliath.siemens.de (8.9.3/8.9.3) with ESMTP id RAA13301; Thu, 23 Dec 1999 17:26:20 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.9.3/8.9.3) with ESMTP id RAA22876; Thu, 23 Dec 1999 17:26:19 +0100 (MET) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.9.3/8.9.3/Siemens CERT [ $Revision: 1.9 ]) with ESMTP id RAA15428; Thu, 23 Dec 1999 17:26:19 +0100 (CET) Received: (from ust@localhost) by alaska.cert.siemens.de (8.9.3/8.9.3/alaska [ $Revision: 1.2 ]) id QAA61931; Thu, 23 Dec 1999 16:26:19 GMT (envelope-from ust) Date: Thu, 23 Dec 1999 17:26:19 +0100 From: Udo Schweigert To: Russell Frame Cc: freebsd-net@FreeBSD.ORG Subject: Re: SOCKS wrapper Message-ID: <19991223172619.A54747@alaska.cert.siemens.de> References: <19991223162250.11859.qmail@web1004.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <19991223162250.11859.qmail@web1004.mail.yahoo.com>; from binxist@yahoo.com on Thu, Dec 23, 1999 at 08:22:50AM -0800 X-Operating-System: FreeBSD 3.4-STABLE Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 23, 1999 at 08:22:50 -0800, Russell Frame wrote: > Hello, > > I am looking for a utility that will "socksify" network applications > that do not natively support SOCKS. An example would be to run > a standard telnet session through a SOCKS proxy to outside hosts. > The only thing I found in ports was the Perl module and a quick > web search didn't pull up anything either. > Try "runsocks ". This works if the application is linked dynamically, i.e. using shared libraries. For me it works with (at least): telnet, ftp, cvs, cvsup, fetch, .... Regards ------------------------------------------------------------------------------- Udo Schweigert || Voice : +49 89 636 42170 Siemens AG, Siemens CERT || Fax : +49 89 636 41166 ZT IK 3 || email : Udo.Schweigert@mchp.siemens.de D-81730 Muenchen / Germany || : ust@cert.siemens.de PGP fingerprint || 2A 53 F6 A6 30 59 64 02 6B C4 E0 73 B2 C9 6C E7 ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 23 8:52:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from maybe.csap.af.mil (mudd.csap.af.mil [192.203.1.250]) by hub.freebsd.org (Postfix) with SMTP id 33578156BD for ; Thu, 23 Dec 1999 08:52:23 -0800 (PST) (envelope-from leopold@mailcenter.csap.af.mil) Received: from raider.csap.af.mil(really [192.168.70.17]) by maybe.csap.af.mil via sendmail with esmtp id for ; Thu, 23 Dec 1999 10:32:11 -0600 (CST) (Smail-3.2 1996-Jul-4 #5 built 1999-Sep-4) Message-Id: Content-Length: 1144 X-Mailer: XFMail 1.3.1 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <19991223162250.11859.qmail@web1004.mail.yahoo.com> Date: Thu, 23 Dec 1999 10:32:08 -0600 (CST) From: Corey Leopold To: Russell Frame Subject: RE: SOCKS wrapper Cc: freebsd-net@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- On 23-Dec-99 Russell Frame wrote: > Hello, > > I am looking for a utility that will "socksify" network applications > that do not natively support SOCKS. An example would be to run > a standard telnet session through a SOCKS proxy to outside hosts. > The only thing I found in ports was the Perl module and a quick > web search didn't pull up anything either. > Install the socks5 stuff from the ports tree... /usr/ports/net/socks5 then: export SOCKS5_SERVER=my_socks_server runsocks telnet some.host.net of course in the telnet example it could only be: rtelnet some.host.net Corey - ---------------------------------- Corey Leopold E-Mail: Corey Leopold Phone (210)-925-3459 - ---------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBOGJAeD3+cS8MmLXZAQEEdgQAucB3asE6KxzeiKPUuMRb/Ja9wt/e1by9 E/AmjZgq6VczZ+ZbL53/1GLlKo+RjPmWRwi/GL7MHW2EIEGeYHL6LzsD3I4Dz98X 9GHYgEtifsNCn3wzCx7agJRzLqWWdgZGJckqHAzM7lQZdRG58EmBQRTFuZk8MyLk kYWOozg7nOo= =VTtQ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Dec 23 21:32: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.netcity.ru (ns.netcity.ru [194.186.254.236]) by hub.freebsd.org (Postfix) with SMTP id 8CC95157A0 for ; Thu, 23 Dec 1999 21:31:56 -0800 (PST) (envelope-from dencher@netcity.ru) Received: (qmail 39578 invoked from network); 24 Dec 1999 05:33:58 -0000 Received: from employer.morning.krs.ru (195.161.98.6) by ns.netcity.ru with SMTP; 24 Dec 1999 05:33:58 -0000 Message-ID: <001e01bf4dd0$46b274e0$0662a1c3@morning.krs.ru> From: "Äåíèñ ×åðíûøåâ" To: Subject: IP Traffic Counter Date: Fri, 24 Dec 1999 12:32:30 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001B_01BF4E0A.F20DE6A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_001B_01BF4E0A.F20DE6A0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Hi! What program people may recommends to count IP traffic for users and = leased lines and show it through web-interface? FreeBSD 2.2.8 /Denis Chernyshev Network Administrator ------=_NextPart_000_001B_01BF4E0A.F20DE6A0 Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
Hi!
 
What program people may recommends to = count IP=20 traffic for users and leased lines and show it through web-interface? = FreeBSD=20 2.2.8
 
/Denis Chernyshev
Network = Administrator
------=_NextPart_000_001B_01BF4E0A.F20DE6A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 24 19:58:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from dustdevil.waterspout.com (dial-282.bford.kiva.net [208.233.253.26]) by hub.freebsd.org (Postfix) with ESMTP id AAFDC151F3 for ; Fri, 24 Dec 1999 19:58:25 -0800 (PST) (envelope-from csg@waterspout.com) Received: by dustdevil.waterspout.com (Postfix, from userid 1000) id 1F1C7A7; Fri, 24 Dec 1999 23:05:01 -0500 (EST) Date: Fri, 24 Dec 1999 23:05:01 -0500 From: "C. Stephen Gunn" To: Garrett Wollman Cc: freebsd-net@freebsd.org Subject: Re: 802.1Q VLAN support in FreeBSD Message-ID: <19991224230501.A83392@dustdevil.waterspout.com> References: <19991218220304.B97641@titan.klemm.gtn.com> <199912201851.NAA73090@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <199912201851.NAA73090@khavrinen.lcs.mit.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 20, 1999 at 01:51:36PM -0500, Garrett Wollman wrote: > I am concerned at the size of the patches. Most of the patch to > if_ethersubr.c is bogus -- that's what the code in if_vlan.c is > supposed to do. I agree, the patches to if_ethersubr.c definitely duplicate the code in if_vlan.c. I will try to (after the holidays) read the patches to see what this code actually changes functionally, and graft any improvements into if_vlan.c and subit a patch. - Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 24 20:11: 0 1999 Delivered-To: freebsd-net@freebsd.org Received: from dustdevil.waterspout.com (dial-282.bford.kiva.net [208.233.253.26]) by hub.freebsd.org (Postfix) with ESMTP id 96ECA150F8 for ; Fri, 24 Dec 1999 20:10:53 -0800 (PST) (envelope-from csg@waterspout.com) Received: by dustdevil.waterspout.com (Postfix, from userid 1000) id C74A1A6; Fri, 24 Dec 1999 20:27:01 -0500 (EST) Date: Fri, 24 Dec 1999 20:27:01 -0500 From: "C. Stephen Gunn" To: Julian Elischer Cc: Patrick Bihan-Faou , freebsd-net@freebsd.org Subject: Re: Status of the netatalk stack Message-ID: <19991224202701.A82631@dustdevil.waterspout.com> References: <00c501bf47ec$01fee840$040aa8c0@local.mindstep.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 16, 1999 at 01:05:36PM -0800, Julian Elischer wrote: > the kernel code for appletalk is 'out of date' but it is also > somewhat modified.. > > If you want to work with it, let me know and I can help as I did the > original integration into our tree, I'm deflecting some of the discussion to -NET.... Why don't we look at imporintg the _REAL_ AppleTalk stack that Apple has published under the ASPL. I believe that it's definitely legitimate for inclusion. If we picked up the libcAT bits as well, could more easily port AppleTalk code from the Mac to *BSD. I'm not up to the task of doing an import/patchkit right now, but I'm ripe for testing. - Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message