From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 02:46:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28BBD16A4CE for ; Sun, 16 Nov 2003 02:46:12 -0800 (PST) Received: from rubyfalls.dnsrouter.com (rubyfalls.dnsrouter.com [69.61.37.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A36D43FE3 for ; Sun, 16 Nov 2003 02:46:11 -0800 (PST) (envelope-from websehri@rubyfalls.dnsrouter.com) Received: from websehri by rubyfalls.dnsrouter.com with local (Exim 4.24) id 1ALKPw-0002tt-Jp for freebsd-net@freebsd.org; Sun, 16 Nov 2003 05:46:08 -0500 To: freebsd-net@freebsd.org Message-Id: From: websehri@rubyfalls.dnsrouter.com Date: Sun, 16 Nov 2003 05:46:08 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - rubyfalls.dnsrouter.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [32084 32084] / [47 12] X-AntiAbuse: Sender Address Domain - rubyfalls.dnsrouter.com Subject: =?iso-8859-1?q?Websehri=2Ecom_A=E7=FDld=FD?= X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 10:46:12 -0000 www.websehri.com Websehri.com Acildi From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 11:12:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABA0916A4CE; Sun, 16 Nov 2003 11:12:27 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1358C43FE1; Sun, 16 Nov 2003 11:12:25 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hAGJBgUQ093146 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 16 Nov 2003 20:11:42 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hAGJBg35069203; Sun, 16 Nov 2003 20:11:42 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id UAA25957; Sun, 16 Nov 2003 20:11:37 +0100 (MET) Message-Id: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20031115182409.GA2001@blossom.cjclark.org> from "Crist J. Clark" at "Nov 15, 2003 7:24: 9 pm" To: cjclark@alum.mit.edu Date: Sun, 16 Nov 2003 20:11:36 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 19:12:27 -0000 Crist J. Clark: >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote: >> From: Crist J. Clark [mailto:cristjc@comcast.net] >> > Two different ESP end points behind many-to-one NAT connected to >> > a single ESP end point on the other side of the NAT? I'd be very >> > curious to get the documentation on how they are cheating to get >> > that to work. >> You have posted a reference already. W2k SP4 supports UDP >> encapsulation of IPSec. And yes, it works fine, and reliably. >> Further, all of Cisco's and Checkpoints VPN gear support >> IPSec-over-UDP as well. This alone is >70% market share. >Oh, yeah, I know of UDP or TCP encapsulation tricks that work. I have >dealt with several of these implementations too. I thought that you >were implying that there were working NAT implementations that could >deal with ESP in these circumstances. Apologies... I am actually jumping between loosely related topics somewhat. In fact both Cisco and Checkpoint also support many-to-one NAT for ESP and AH protocols. One can indeed have multiple internal VPN devices hidden behind a single public address, and talking to the same outside VPN gateway - without requiring that the VPN devices themselves to tricks to work around NAT (such as UDP encapsulation). As we add Cisco routers (requiring a pretty recent IOS) here, the market share is potentially even higher. To add, there are all sorts of other drafts that amend IPSec functionality (such as XAUTH and Mode Config which are also pretty widely deployed in VPN remote access scenarios) that are missing. FreeBSD lacks features deployed in the market, when acting as a VPN endpoint, as well as when acting as a NAT device in the VPN packet flow. Either is a pity, unfortunately. I am not complaining; I am just stating that we're behind. But FreeS/WAN is in no better shape. Helge From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 11:37:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E75E716A4CE; Sun, 16 Nov 2003 11:37:22 -0800 (PST) Received: from complx.LF.net (complx.LF.net [212.9.190.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2716E43FCB; Sun, 16 Nov 2003 11:37:22 -0800 (PST) (envelope-from lists@complx.LF.net) Received: from lists by complx.LF.net with local (Exim 4.14) id 1ALSi0-000KJC-PE; Sun, 16 Nov 2003 20:37:20 +0100 Date: Sun, 16 Nov 2003 20:37:20 +0100 From: Kurt Jaeger To: freebsd-ipfw@freebsd.org, freebsd-isp@freebsd.org, freebsd-net@freebsd.org Message-ID: <20031116193720.GA61630@complx.LF.net> References: <20031115182409.GA2001@blossom.cjclark.org> <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 19:37:23 -0000 Hi! > FreeBSD lacks features deployed in the market, when acting as a VPN > endpoint, as well as when acting as a NAT device in the VPN packet flow. > Either is a pity, unfortunately. > > I am not complaining; I am just stating that we're behind. But FreeS/WAN > is in no better shape. Who would be willing/capable to add this to the code, if someone else (maybe LF.net?) would pay for the expense ? -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 23:02:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9AE116A4CE for ; Sun, 16 Nov 2003 23:02:27 -0800 (PST) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7240443F93 for ; Sun, 16 Nov 2003 23:02:26 -0800 (PST) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.24; FreeBSD 5.1) id 1ALcy9-00011v-3v; Mon, 17 Nov 2003 09:34:41 +0300 From: "Vladimir B. Grebenschikov" To: Jason Dixon In-Reply-To: <1068831665.2775.33.camel@lappy.fuzzypenguin.net> References: <1068789760.2775.18.camel@lappy.fuzzypenguin.net> <1068813508.814.4.camel@localhost> <1068831665.2775.33.camel@lappy.fuzzypenguin.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Organization: SWsoft Inc. Message-Id: <1069050878.1941.7.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Mon, 17 Nov 2003 09:34:40 +0300 Sender: Vladimir Grebenschikov cc: freebsd-net@freebsd.org Subject: Re: Static route via address, not interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 07:02:27 -0000 =F7 =D0=D4, 14.11.2003, =D7 20:41, Jason Dixon =D0=C9=DB=C5=D4: > On Fri, 2003-11-14 at 07:38, Vladimir B. Grebenschikov wrote: >=20 > > I guess - you already have 192.168.0.0/24 route entry, added by command= : > > ifconfig fxp0 192.168.0.53/24=20 > >=20 > > so now you need: > > remove network route via interface: > > route delete 192.168.0.0/24 > > add interface route (kernel should know how to reach router)=20 > > route add 192.168.0.1/32 -iface fxp0 -cloning > > and then add network route via router > > route add 192.168.0.0/24 192.168.0.1 >=20 > I guess I didn't make it clear enough, let me try again. >=20 > I'm attempting to create a static route for my FreeBSD host so that > *all* local traffic is routed across the gateway firewall, rather than > being delivered on the local network segment, as is the default with > LANs. If you view the routing table (below) again, you'll notice that > traffic from the FreeBSD box (192.168.0.53) to another box on the same > subnet (192.168.0.42) is still being delivered locally, rather than > being routed through the gateway (192.168.0.1). This is *after* I've > added a static route for 192.168.0.0/24 to use 192.168.0.1. I understand you by previous message, so there is transcript of my configuration (I have 172.22.2.0/24 segment attached with router 172.22.2.1 and my address 172.22.2.3) Initial stage: I have directly routed subnet. # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 0 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 link#2 UC 0 0 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 11 279 fxp0 =20 1132 172.22.2.2 00:a0:c9:c7:fc:fa UHLW 1 57286 fxp0 =20 1194 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 172.22.2.255 ff:ff:ff:ff:ff:ff UHLWb 2 163 fxp0 Now I am removing routing of subnet directly via interface: # route delete 172.22.2.0/24 delete net 172.22.2.0 # netstat -rn=20 Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 Now I am adding routing for router address only (kernel need to know how to reach router) # route add 172.22.2.1/32 -iface fxp0 -cloning add net 172.22.2.1: gateway fxp0 # ping -c1 172.22.2.1 PING 172.22.2.1 (172.22.2.1): 56 data bytes 64 bytes from 172.22.2.1: icmp_seq=3D0 ttl=3D64 time=3D0.462 ms --- 172.22.2.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.462/0.462/0.462/0.000 ms # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 0 1 fxp0 =20 1196 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 So, there is only route for router and myself in routing table. No I'll add route for all 172.22.2 network: add net 172.22.2.0: gateway 172.22.2.1 # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 172.22.2.1 UGSc 0 0 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 1 fxp0 =20 1184 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 Look 172.22.2.0/24 via 172.22.2.1, let's check it: # ping -c1 172.22.2.2 PING 172.22.2.2 (172.22.2.2): 56 data bytes 36 bytes from dev (172.22.2.1): Redirect Host(New addr: 172.22.2.2) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 c802 0 0000 40 01 5675 172.22.2.3 172.22.2.2=20 > router complains here about possible direct way, by this can be switched of by sysctl on router 64 bytes from 172.22.2.2: icmp_seq=3D0 ttl=3D64 time=3D0.611 ms --- 172.22.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.611/0.611/0.611/0.000 ms # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 172.22.2.1 UGSc 1 1 fxp0 127.0.0.1 127.0.0.1 UH 1 312 lo0 172.22.2/24 172.22.2.1 UGSc 0 1 fxp0 172.22.2.1 00:a0:c9:04:7d:2c UHLW 1 2 fxp0 =20 1164 =3D> 172.22.2.1/32 link#2 UCS 0 0 fxp0 172.22.2.3 127.0.0.1 UGHS 0 1 lo0 #=20 Anyway all traffic directed through router=20 # ping -n -c1 -R 172.22.2.2 PING 172.22.2.2 (172.22.2.2): 56 data bytes 64 bytes from 172.22.2.2: icmp_seq=3D0 ttl=3D64 time=3D0.659 ms RR: 172.22.2.1 172.22.2.2 172.22.2.3 --- 172.22.2.2 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev =3D 0.659/0.659/0.659/0.000 ms #=20 --=20 Vladimir B. Grebenschikov SWsoft Inc. From owner-freebsd-net@FreeBSD.ORG Sun Nov 16 23:43:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 256BD16A4CE for ; Sun, 16 Nov 2003 23:43:44 -0800 (PST) Received: from jchurch.neville-neil.com (jchurch.neville-neil.com [209.157.133.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 556E643FB1 for ; Sun, 16 Nov 2003 23:43:43 -0800 (PST) (envelope-from gnn@neville-neil.com) Received: from jchurch.neville-neil.com.neville-neil.com (localhost [127.0.0.1])hAH7hgCm032752 for ; Sun, 16 Nov 2003 23:43:42 -0800 (PST) (envelope-from gnn@neville-neil.com) Date: Sun, 16 Nov 2003 23:43:42 -0800 Message-ID: <877k1zjv81.wl@jchurch.neville-neil.com.neville-neil.com> From: "George V. Neville-Neil" To: freebsd-net@freebsd.org User-Agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Subject: Path MTU growth in TCP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 07:43:44 -0000 Howdy, I was wondering if PMTU ever tries to grow the MTU of a connection after a time? I.e. if the path changes it might change away from one where the MTU was particularly small. Thanks, George From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 02:46:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DD5816A4CE for ; Mon, 17 Nov 2003 02:46:19 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03A9A43FE3 for ; Mon, 17 Nov 2003 02:46:18 -0800 (PST) (envelope-from oppermann@pipeline.ch) Received: (qmail 58141 invoked from network); 17 Nov 2003 10:49:16 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Nov 2003 10:49:16 -0000 Message-ID: <3FB8A6F9.25FF1BF3@pipeline.ch> Date: Mon, 17 Nov 2003 11:46:17 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "George V. Neville-Neil" References: <877k1zjv81.wl@jchurch.neville-neil.com.neville-neil.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Path MTU growth in TCP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 10:46:19 -0000 "George V. Neville-Neil" wrote: > > Howdy, > > I was wondering if PMTU ever tries to grow the MTU of a > connection after a time? I.e. if the path changes it might > change away from one where the MTU was particularly small. It doesn't try to that in the strict sense. It only starts over again if the cached entry (currently in routing and soon in tcp hostcache) expires. But it only expires when there is not using it for a certain amount of time. -- Andre From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 07:47:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DE6216A4CE for ; Mon, 17 Nov 2003 07:47:16 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFE8843FA3 for ; Mon, 17 Nov 2003 07:47:14 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id CA28E20D5D for ; Mon, 17 Nov 2003 15:47:11 +0000 (GMT) Received: from nico (nico.trident-uk.co.uk [194.207.93.17]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 189F620D4F for ; Mon, 17 Nov 2003 15:47:11 +0000 (GMT) From: "Jamie Heckford" To: Date: Mon, 17 Nov 2003 15:47:02 -0000 Organization: Trident Microsystems Ltd Message-ID: <002101c3ad22$0b51cf30$115dcfc2@nico> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 X-Virus-Scanned: by AMaViS perl-11 Subject: Problem with Racoon/IPSec/Setkey - Routing to/from multiple networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jamie@tridentmicrosystems.co.uk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 15:47:16 -0000 Hi, Seem to be having a strange problem routing to some of our nets over here using setkey and racoon. Setkey adds all of the below lines fine, and racoon doesn't complain. However, I can only route to the network that I initate the connection to/from first... For example: If I ping 192.168.100.254 from 192.168.102.254 then the tunnel is established after a couple of seconds and it works fine. I can then ping any other 192.168.0.0/16 address as this is what the setkey entry is for. If I then try and ping 194.207.93.254 then I get no reponse in either direction. However, if I restart racoon and ping 194.207.93.254 first, it works fine... But then 192.168.100.254 does not! Could anyone shed any light on why this is happening.. Do I need to do it slightly differently if I am specifying multiple policies with setkey? Any help would be greatly appreciated... Config file and version info below (router at 192.168.102.254 is a Cisco 827 ADSL) FreeBSD 4.9-RELEASE #0: Tue Nov 4 14:10:37 GMT 2003 v 17 12:57:11 perry-gw-vpn1 racoon: INFO: main.c:172:main(): @(#)package version freebsd-20030826a Nov 17 12:57:11 perry-gw-vpn1 racoon: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net Nov 17 12:57:11 perry-gw-vpn1 racoon: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7c 30 Sep 2003 (http://www.openssl.org/) #!/bin/sh #################################################################### LOCAL_NETWORK=194.207.93.0/24 ALLNET_1=192.168.0.0/16 LOCAL_INSIDE=194.207.93.251 LOCAL_OUTSIDE=81.3.89.53 STJUST_NETWORK=192.168.106.0/24 STJUST_INSIDE=192.168.106.254 STJUST_OUTSIDE=81.17.79.72 BENELUX_NETWORK=192.168.102.0/24 BENELUX_INSIDE=192.168.102.254 BENELUX_OUTSIDE=80.126.6.130 #################################################################### /usr/local/sbin/racoon # ST JUST /sbin/ifconfig gif0 destroy /sbin/ifconfig gif0 create /sbin/ifconfig gif0 tunnel ${LOCAL_OUTSIDE} ${STJUST_OUTSIDE} /sbin/ifconfig gif0 inet ${LOCAL_INSIDE} ${STJUST_INSIDE} netmask 255.255.255.255 /sbin/route add -net ${STJUST_NETWORK} ${STJUST_INSIDE} # BENELUX /sbin/ifconfig gif1 destroy /sbin/ifconfig gif1 create /sbin/ifconfig gif1 tunnel ${LOCAL_OUTSIDE} ${BENELUX_OUTSIDE} /sbin/ifconfig gif1 inet ${LOCAL_INSIDE} ${BENELUX_INSIDE} netmask 255.255.255.255 /sbin/route add -net ${BENELUX_NETWORK} ${BENELUX_INSIDE} /usr/sbin/setkey -c << EOF flush; spdflush; spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; EOF -- Jamie Heckford Network Manager Trident Microsystems Ltd. t: +44(0)1737-780790 f: +44(0)1737-771908 w: http://www.tridentmicrosystems.co.uk/ From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 07:58:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 435C016A4CE for ; Mon, 17 Nov 2003 07:58:45 -0800 (PST) Received: from sizone.org (mortar.sizone.org [65.126.154.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CCA943FA3 for ; Mon, 17 Nov 2003 07:58:44 -0800 (PST) (envelope-from dgilbert@daveg.ca) Received: by sizone.org (Postfix, from userid 66) id 936DF3079D; Mon, 17 Nov 2003 10:58:43 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id 4DE2D1D235A; Mon, 17 Nov 2003 10:58:47 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16312.61495.127407.633302@canoe.dclg.ca> Date: Mon, 17 Nov 2003 10:58:47 -0500 To: freebsd-net@freebsd.org X-Mailer: VM 7.17 under 21.4 (patch 14) "Reasonable Discussion" XEmacs Lucid Subject: Knowing a route multiply. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 15:58:45 -0000 We have a problem. We have more than one router routing for a subnet. We use Quaaga (zebra's follow-on) and OSPF to keep everything in sync. And everything is fine if all the interfaces are configured at boot time (before quaaga starts up). The problem occurs if you want to add a routed network. First you add the interface on router A. When you do this, OSPF dutifully recognises this and distributes the route throughout the network ... including router B. Then you go to router B and attempt to ifconfig the interface. It fails because the route already exists in router B. You can't delete the route because OSPF will add it right back. This works on Linux ... and fails miserably on FreeBSD. I would like to change this behaviour to either a) replace the route with the interface route or b) know two routes for a destination and choose one. a) is obviously easier ... but may be troublesome (the same reason the route delete doesn't work may be an issue). b) is obviously more work, but leads us down a road to more useful things (like equal cost multipath). Is anyone working in this direction? Does anyone have strong opinnions? Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 08:41:35 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A094516A4CE for ; Mon, 17 Nov 2003 08:41:35 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id DACD143F75 for ; Mon, 17 Nov 2003 08:41:33 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])hAHGfWUQ079590 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Nov 2003 17:41:32 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id hAHGfW35028216; Mon, 17 Nov 2003 17:41:32 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id RAA29240; Mon, 17 Nov 2003 17:41:31 +0100 (MET) Message-Id: <200311171641.RAA29240@galaxy.hbg.de.ao-srv.com> In-Reply-To: <002101c3ad22$0b51cf30$115dcfc2@nico> from Jamie Heckford at "Nov 17, 2003 4:47: 2 pm" To: jamie@tridentmicrosystems.co.uk Date: Mon, 17 Nov 2003 17:41:30 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 16:41:35 -0000 Jamie Heckford: >/usr/sbin/setkey -c << EOF >flush; >spdflush; >spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec >esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec >esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec >esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec >esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec >esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec >esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >EOF Try using "unique" instead of "require". Helge From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 10:23:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F28616A4CE for ; Mon, 17 Nov 2003 10:23:56 -0800 (PST) Received: from hypernet.hyper.net (hypernet.hyper.net [193.218.1.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C1FF43FDF for ; Mon, 17 Nov 2003 10:23:38 -0800 (PST) (envelope-from dxoch@escape.gr) Received: from froggy (ppp013.hyper.gr [193.218.1.141]) ESMTP id hAHIJOu07195; Mon, 17 Nov 2003 20:19:24 +0200 From: "Jim Xochellis" To: "'Maxim Konovalov'" Date: Mon, 17 Nov 2003 20:22:43 +0200 Message-ID: <000101c3ad37$d5822ab0$8901dac1@froggy> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 cc: net@freebsd.org Subject: Re: ip-up script of pppd no triggered X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 18:23:56 -0000 Hi Maxim, On Saturday, November 15, 2003, at 11:02 PM, Maxim Konovalov wrote: > On Sat, 15 Nov 2003, 22:44+0200, Jim Xochellis wrote: > >> Hi Maxim, >> >> On Friday, November 14, 2003, at 09:13 PM, Maxim Konovalov wrote: >> >>> On Fri, 14 Nov 2003, 16:02+0200, Jim Xochellis wrote: >>> >>>> Hi list, >>>> >>>> I have also posted this mail to the freebsd-questions list a few >>>> days ago, but I had no luck. Hence, I decided to try this list too, >>>> which probably is the most appropriate for my problem. >>>> >>>> I need to persuade pppd to call its ip-up script in order to add a >>>> non-default route as soon as the link is up and running. >>>> Unfortunately it seems that my ip-up script is not being called. >>>> The mode of the file >>>> is rwxr-xr-x and the owner root:wheel. I am calling the pppd from >>>> inside a "/usr/local/etc/rc.d/ppp.sh" script by using the following >>>> command: >>>> "/usr/sbin/pppd /dev/cuaa0 115200 A.A.A.A:B.B.B.B noauth persist >>>> netmask 255.255.255.252" >>>> >>>> I have read all the chapter #18 of the handbook, but I haven't >>>> found anything about the ip-up script. On the contrary the PPPD(8) >>>> man page claims that the /etc/ppp/ip-up is executed when the link >>>> is available >>>> for sending and receiving IP packets. My link becomes available for >>>> sending/receiving IP packets, but ip-up is never executed. Any ideas >>>> why? >>>> By the way, I am using kernel PPP, (on ppp0) if it makes any >>>> difference. >>>> >>>> Am I doing something wrong? >>> >>> Did you look at /usr/share/examples/pppd/ip-up.sample ? >>> >>> ip-up worked for me six months ago. >> >> Yes I have looked at ip-up.sample file. Please note that my problem >> is not what to put inside the script, but the fact that the script >> itself is not being called. On the contrary your are saying that it >> worked for > > Are you sure it isn't called? Did you check pppd logs? Were there > any interesting? Is there '#!/bin/sh' on the top of your script? > /var/log/ppp.log only contains lines like: Nov 15 23:53:15 MyHost /kernel: ppp configured! Yes '#!/bin/sh' is on the top of the file. I have also added the following lines to the script: echo " ppp is up!!!" echo " ppp is up!" >> ip-up.log But no sign :-( >> you and thats great news! Was it in the /etc/ppp/ip-up path? What >> were its file mode? Any other info maybe? > > It was /etc/ppp/ip-up, 0555. Same path, I've tried 0555 too, but no luck :-( My owner is root:wheel, yours? Are you using the "noauth" or "persist" pppd options too? Thanks for the help Jim Xochellis From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 11:02:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98D7816A4CE for ; Mon, 17 Nov 2003 11:02:36 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6075943F85 for ; Mon, 17 Nov 2003 11:02:35 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hAHJ2ZFY006559 for ; Mon, 17 Nov 2003 11:02:35 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hAHJ2Y3S006553 for freebsd-net@freebsd.org; Mon, 17 Nov 2003 11:02:34 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 17 Nov 2003 11:02:34 -0800 (PST) Message-Id: <200311171902.hAHJ2Y3S006553@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 19:02:36 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 13:11:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C60C916A4D6; Mon, 17 Nov 2003 13:11:41 -0800 (PST) Received: from sonic.kks.net (sonic.kks.net [213.161.0.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 200AD43FE1; Mon, 17 Nov 2003 13:11:38 -0800 (PST) (envelope-from andy@kksonline.com) Received: from voyager.kksonline.com (cpe1-5-51.cable.triera.net [213.161.5.51]) by sonic.kks.net (Postfix) with ESMTP id 78A8E4E3; Mon, 17 Nov 2003 22:11:47 +0100 (CET) Message-Id: <6.0.0.22.2.20031117190324.04a91600@pop3.kks.net> X-Sender: arozman@pop3.kks.net X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Mon, 17 Nov 2003 22:09:26 +0100 To: freebsd-current@FreeBSD.ORG, freebsd-net@FreeBSD.ORG From: Aleksander Rozman - Andy Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: named problem (introduced in 5.1) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:11:42 -0000 Hi ! I have been running named for few years now, and I never had any problem with it. Few days ago I upgraded system to 5.1 (Release) and named has gone beserk. It shows errors in named.root file. Error go something like this: check_hints: no A record for address 'Something' class 1 in hints I updated all /etc files with files from source tree (which is cvsuped to 5.1-RELEASE) but it doesn't work? Does anybody have any idea where the problem lies? Andy ************************************************************************** * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, Earthie * * andy@kksonline.com * Sentinel, BH 90210, True's Trooper, * * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, PO5, * * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), Pretender * * ICQ-UIC: 4911125 ********************************************* * PGP key available * http://www.atechnet.dhs.org/~andy/ * ************************************************************************** From owner-freebsd-net@FreeBSD.ORG Mon Nov 17 13:22:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ADE116A4CE; Mon, 17 Nov 2003 13:22:24 -0800 (PST) Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22B5C43F93; Mon, 17 Nov 2003 13:22:23 -0800 (PST) (envelope-from jason@ec.rr.com) Received: from ec.rr.com (cpe-024-211-231-149.ec.rr.com [24.211.231.149]) hAHLMGrp025997; Mon, 17 Nov 2003 16:22:20 -0500 (EST) Message-ID: <3FB93BF6.3020703@ec.rr.com> Date: Mon, 17 Nov 2003 16:21:58 -0500 From: Jason User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031205 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Aleksander Rozman - Andy References: <6.0.0.22.2.20031117190324.04a91600@pop3.kks.net> In-Reply-To: <6.0.0.22.2.20031117190324.04a91600@pop3.kks.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: named problem (introduced in 5.1) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 21:22:24 -0000 Aleksander Rozman - Andy wrote: > > Hi ! > > I have been running named for few years now, and I never had any > problem with it. Few days ago I upgraded system to 5.1 (Release) and > named has gone beserk. It shows errors in named.root file. Error go > something like this: > check_hints: no A record for address 'Something' class 1 in hints > > I updated all /etc files with files from source tree (which is cvsuped > to 5.1-RELEASE) but it doesn't work? Does anybody have any idea where > the problem lies? > > Andy > > > ************************************************************************** > > * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, > Earthie * > * andy@kksonline.com * Sentinel, BH 90210, True's > Trooper, * > * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, > PO5, * > * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), > Pretender * > * ICQ-UIC: 4911125 > ********************************************* > * PGP key available * > http://www.atechnet.dhs.org/~andy/ * > ************************************************************************** > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" > Did you use mergemaster and read /usr/src/updating? From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 01:55:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10DE116A4D0 for ; Tue, 18 Nov 2003 01:55:44 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71D2743FAF for ; Tue, 18 Nov 2003 01:55:42 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id E435220D4F; Tue, 18 Nov 2003 09:55:38 +0000 (GMT) Received: from nico (nico.trident-uk.co.uk [194.207.93.17]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 1DA7820D5F; Tue, 18 Nov 2003 09:55:38 +0000 (GMT) From: "Jamie Heckford" To: "'Helge Oldach'" Date: Tue, 18 Nov 2003 09:55:26 -0000 Organization: Trident Microsystems Ltd Message-ID: <000801c3adba$17a09cb0$115dcfc2@nico> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 Importance: Normal In-Reply-To: <200311171641.RAA29240@galaxy.hbg.de.ao-srv.com> X-Virus-Scanned: by AMaViS perl-11 cc: freebsd-net@freebsd.org Subject: RE: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jamie@tridentmicrosystems.co.uk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 09:55:44 -0000 Helge Oldach wrote: > Jamie Heckford: >> /usr/sbin/setkey -c << EOF >> flush; >> spdflush; >> spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >> spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >> spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >> spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >> spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> EOF > > Try using "unique" instead of "require". > > Helge Thanks a lot Helge, this worked fine :) What does unique do instead of require..? Cheers, Jamie From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 03:47:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D64D16A4CE for ; Tue, 18 Nov 2003 03:47:24 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9248A43FDD for ; Tue, 18 Nov 2003 03:47:23 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id C246565371; Tue, 18 Nov 2003 11:47:22 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 45050-02; Tue, 18 Nov 2003 11:47:22 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 85A8765319; Tue, 18 Nov 2003 11:47:21 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 1A4235; Tue, 18 Nov 2003 11:47:09 +0000 (GMT) Date: Tue, 18 Nov 2003 11:47:09 +0000 From: Bruce M Simpson To: David Gilbert Message-ID: <20031118114709.GG87527@saboteur.dek.spc.org> Mail-Followup-To: David Gilbert , freebsd-net@freebsd.org References: <16312.61495.127407.633302@canoe.dclg.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16312.61495.127407.633302@canoe.dclg.ca> cc: freebsd-net@freebsd.org Subject: Re: Knowing a route multiply. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 11:47:24 -0000 On Mon, Nov 17, 2003 at 10:58:47AM -0500, David Gilbert wrote: > This works on Linux ... and fails miserably on FreeBSD. I would like > to change this behaviour to either a) replace the route with the > interface route or b) know two routes for a destination and choose > one. Have you tried filtering the route on Router B to ensure it doesn't get added in the first place as a workaround? Have you run 'route -nv monitor' during the process and observed what the sequence of events is as far as the routing socket is concerned? a) I'd be curious as to whether an RTM_ADD or an RTM_CHANGE is issued in this case. Strictly speaking, RTM_CHANGE shouldn't work, but it does... according to Keith Sklower's paper on the original 4.2BSD routing implementation, changing the destination/next-hop of a route isn't allowed. b) is the ideal behaviour but we can't implement until after 5.2-RELEASE is out the door. BMS From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 05:02:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B99C16A4CE for ; Tue, 18 Nov 2003 05:02:17 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id F123043FBD for ; Tue, 18 Nov 2003 05:02:15 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id BFD09654C3 for ; Tue, 18 Nov 2003 13:02:14 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 45773-01-2 for ; Tue, 18 Nov 2003 13:02:14 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 41708654C2 for ; Tue, 18 Nov 2003 13:02:14 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 685083C; Tue, 18 Nov 2003 13:02:01 +0000 (GMT) Date: Tue, 18 Nov 2003 13:02:00 +0000 From: Bruce M Simpson To: freebsd-net@freebsd.org Message-ID: <20031118130200.GA87978@saboteur.dek.spc.org> Mail-Followup-To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: Straw poll - All-interface broadcast/multicast X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 13:02:17 -0000 On the subject of hacking the network stack to output broadcast/multicast datagrams on all appropriate interfaces:- Who would like a switch to do this in the kernel? Who would be happier with a userland convenience function to do it? Who would rather roll their own? I have a diff in the works to do this, 'just for the heck of it', but I am very wary of putting anything in the stack 'just for the heck of it' as the current IP_ONESBCAST workaround strikes me as 'good enough'. BMS From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 09:19:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05A2916A4CE for ; Tue, 18 Nov 2003 09:19:02 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAA9643FBD for ; Tue, 18 Nov 2003 09:19:00 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id hAIHJ0Tb029015 for ; Tue, 18 Nov 2003 12:19:00 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id hAIHJ0m3029014 for freebsd-net@freebsd.org; Tue, 18 Nov 2003 12:19:00 -0500 (EST) (envelope-from barney) Date: Tue, 18 Nov 2003 12:19:00 -0500 From: Barney Wolff To: freebsd-net@freebsd.org Message-ID: <20031118171900.GA28864@pit.databus.com> References: <20031118130200.GA87978@saboteur.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031118130200.GA87978@saboteur.dek.spc.org> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 Subject: Re: Straw poll - All-interface broadcast/multicast X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 17:19:02 -0000 On Tue, Nov 18, 2003 at 01:02:00PM +0000, Bruce M Simpson wrote: > On the subject of hacking the network stack to output broadcast/multicast > datagrams on all appropriate interfaces:- > > Who would like a switch to do this in the kernel? > > Who would be happier with a userland convenience function to do it? > > Who would rather roll their own? > > I have a diff in the works to do this, 'just for the heck of it', but I am > very wary of putting anything in the stack 'just for the heck of it' as > the current IP_ONESBCAST workaround strikes me as 'good enough'. Some questions, because I'd like to be an educated voter. 1. How does multicast routing work now? Presumably something takes a mcast packet and sends it out to every interface behind which some host has indicated group membership. Is this kernel or userland? Does it work at all? 2. How is "appropriate" defined - by administrator choice or by some inherent property of the interface hardware type? 3. How do other OS's do it, if at all? 4. How will this interact with IPv6? IPsec? Thanks, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 13:37:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 634EF16A4CE for ; Tue, 18 Nov 2003 13:37:21 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33CCF43FF2 for ; Tue, 18 Nov 2003 13:37:20 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id B944465476; Tue, 18 Nov 2003 21:37:18 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 50703-03-2; Tue, 18 Nov 2003 21:37:18 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id CA0BE65292; Tue, 18 Nov 2003 21:37:17 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 20C931C; Tue, 18 Nov 2003 21:36:59 +0000 (GMT) Date: Tue, 18 Nov 2003 21:36:59 +0000 From: Bruce M Simpson To: Barney Wolff Message-ID: <20031118213659.GE89189@saboteur.dek.spc.org> Mail-Followup-To: Barney Wolff , freebsd-net@freebsd.org References: <20031118130200.GA87978@saboteur.dek.spc.org> <20031118171900.GA28864@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031118171900.GA28864@pit.databus.com> cc: freebsd-net@freebsd.org Subject: Re: Straw poll - All-interface broadcast/multicast X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 21:37:21 -0000 On Tue, Nov 18, 2003 at 12:19:00PM -0500, Barney Wolff wrote: > Some questions, because I'd like to be an educated voter. > > 1. How does multicast routing work now? Presumably something takes a > mcast packet and sends it out to every interface behind which some host > has indicated group membership. Is this kernel or userland? Does it > work at all? Kernel. Works. Right now, the default multicast route is via the interface with the default route; setting a route isn't necessary unless you need to force multicast to go via a particular interface by default, this is done by longest-prefix matching like all other IPv4 routing activities. Only one copy of the multicast datagram is sent. Running an MROUTER is a special case. The vif mechanism is used to forward multicast datagrams on multiple interfaces under mrouted(8) control. > 2. How is "appropriate" defined - by administrator choice or by some > inherent property of the interface hardware type? For the broadcast case, if IFF_BROADCAST is set on the interface, and it has AF_INET address[es] configured. For the multicast case, a membership must exist for the interface in question. [I haven't written the multicast hack yet, but mdodd@ requested it.] > 3. How do other OS's do it, if at all? Some broadcast on all interfaces, some don't. I'm awaiting more feedback on this, I haven't really researched this point. > 4. How will this interact with IPv6? IPsec? This purely affects IPv4. IPSEC encapsulation gets handled at the ip_output() level afterwards. fenner's objection to this has been noted, he suggests re-architecting my current patch to take place at a higher level. BMS From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 14:40:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F48B16A4CE; Tue, 18 Nov 2003 14:40:32 -0800 (PST) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B04243FEA; Tue, 18 Nov 2003 14:40:28 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (12-234-156-182.client.attbi.com[12.234.156.182]) by comcast.net (rwcrmhc13) with ESMTP id <2003111822402701500ovt06e>; Tue, 18 Nov 2003 22:40:27 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hAIMeksb010901; Tue, 18 Nov 2003 14:40:46 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hAIMeiC5010900; Tue, 18 Nov 2003 14:40:44 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 18 Nov 2003 14:40:44 -0800 From: "Crist J. Clark" To: Helge Oldach Message-ID: <20031118224044.GA10828@blossom.cjclark.org> References: <20031115182409.GA2001@blossom.cjclark.org> <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311161911.UAA25957@galaxy.hbg.de.ao-srv.com> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 22:40:32 -0000 On Sun, Nov 16, 2003 at 08:11:36PM +0100, Helge Oldach wrote: > Crist J. Clark: > >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote: > >> From: Crist J. Clark [mailto:cristjc@comcast.net] > >> > Two different ESP end points behind many-to-one NAT connected to > >> > a single ESP end point on the other side of the NAT? I'd be very > >> > curious to get the documentation on how they are cheating to get > >> > that to work. > >> You have posted a reference already. W2k SP4 supports UDP > >> encapsulation of IPSec. And yes, it works fine, and reliably. > >> Further, all of Cisco's and Checkpoints VPN gear support > >> IPSec-over-UDP as well. This alone is >70% market share. > >Oh, yeah, I know of UDP or TCP encapsulation tricks that work. I have > >dealt with several of these implementations too. I thought that you > >were implying that there were working NAT implementations that could > >deal with ESP in these circumstances. > > Apologies... I am actually jumping between loosely related topics > somewhat. > > In fact both Cisco and Checkpoint also support many-to-one NAT for ESP > and AH protocols. One can indeed have multiple internal VPN devices > hidden behind a single public address, and talking to the same outside > VPN gateway - without requiring that the VPN devices themselves to > tricks to work around NAT (such as UDP encapsulation). You can't use AH with NAT. (period) The whole point of AH is to detect someone tampering with the packet. NAT tampers with the packet. If you can do NAT, AH is broken. As for ESP, Cisco uses a trick. Their implementation, 'spi-matching,' ...is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T. I am not aware of this algorithm being published anywhere. If it is freely distributed, we could add that support if there was a call for it. As for Checkpoint, I couldn't find any documentation of this ability and from my experience using NG FP2, this doesn't work. It did not NAT ESP at all, not even for one client behind NAT. If this is a new feature in AI or if there is a hidden knob to activate it, I would appreciate a pointer. > To add, there are all sorts of other drafts that amend IPSec > functionality (such as XAUTH and Mode Config which are also pretty > widely deployed in VPN remote access scenarios) that are missing. That's IKE which is really a whole separate beast. The open source IKE daemons are definately not chock full of bleeding edge or vendor-specific features. And the racoon documentation... But all of these IKE extensions are only useful if the vendors using them publish what they are actually doing with them. Reverse engineering this stuff can be really painful since you can't see the data on the wire. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 15:12:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD21A16A4D0 for ; Tue, 18 Nov 2003 15:12:19 -0800 (PST) Received: from sonic.kks.net (sonic.kks.net [213.161.0.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F56F43F85 for ; Tue, 18 Nov 2003 15:12:18 -0800 (PST) (envelope-from andy@kksonline.com) Received: from voyager.kksonline.com (cpe1-5-51.cable.triera.net [213.161.5.51]) by sonic.kks.net (Postfix) with ESMTP id A1CB94CA for ; Wed, 19 Nov 2003 00:12:28 +0100 (CET) Message-Id: <6.0.0.22.2.20031119001117.02bb6520@pop3.kks.net> X-Sender: arozman@pop3.kks.net X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Wed, 19 Nov 2003 00:11:25 +0100 To: freebsd-net@FreeBSD.ORG From: Aleksander Rozman - Andy Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: named problem (introduced in 5.1) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 23:12:19 -0000 -- Resending this. Since it might got lost. Hi ! I have been running named for few years now, and I never had any problem with it. Few days ago I upgraded system to 5.1 (Release) and named has gone beserk. It shows errors in named.root file. Error go something like this: check_hints: no A record for address 'Something' class 1 in hints I updated all /etc files with files from source tree (which is cvsuped to 5.1-RELEASE) but it doesn't work? Does anybody have any idea where the problem lies? Andy ************************************************************************** * Aleksander Rozman - Andy * Fandoms: E2:EA, SAABer, Trekkie, Earthie * * andy@kksonline.com * Sentinel, BH 90210, True's Trooper, * * andy@atechnet.dhs.org * Heller's Angel, Questie, Legacy, PO5, * * Maribor, Slovenia (Europe) * Profiler, Buffy (Slayerete), Pretender * * ICQ-UIC: 4911125 ********************************************* * PGP key available * http://www.atechnet.dhs.org/~andy/ * ************************************************************************** From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 17:20:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0E8016A4D3 for ; Tue, 18 Nov 2003 17:20:50 -0800 (PST) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1365543F3F for ; Tue, 18 Nov 2003 17:20:48 -0800 (PST) (envelope-from freebsd-net@m.gmane.org) Received: from root by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AMH1S-0006y9-00 for ; Wed, 19 Nov 2003 02:20:46 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AMGoU-0006tT-00 for ; Wed, 19 Nov 2003 02:07:22 +0100 Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AMGoU-00084g-00 for ; Wed, 19 Nov 2003 02:07:22 +0100 From: "William A. Carrel" Date: Tue, 18 Nov 2003 17:07:22 -0800 Lines: 54 Message-ID: References: <20031118130200.GA87978@saboteur.dek.spc.org> <20031118171900.GA28864@pit.databus.com> <20031118213659.GE89189@saboteur.dek.spc.org> X-Complaints-To: usenet@sea.gmane.org Posted-And-Mailed: yes User-Agent: MT-NewsWatcher/3.3b1 (PPC Mac OS X) Sender: news Subject: Re: Straw poll - All-interface broadcast/multicast X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 01:20:50 -0000 In article <20031118213659.GE89189@saboteur.dek.spc.org>, Bruce M Simpson wrote: > On Tue, Nov 18, 2003 at 12:19:00PM -0500, Barney Wolff wrote: > > Some questions, because I'd like to be an educated voter. > > > > 1. How does multicast routing work now? Presumably something takes a > > mcast packet and sends it out to every interface behind which some host > > has indicated group membership. Is this kernel or userland? Does it > > work at all? > > Kernel. Works. Right now, the default multicast route is via the interface > with the default route; setting a route isn't necessary unless you need to > force multicast to go via a particular interface by default, this is done > by longest-prefix matching like all other IPv4 routing activities. > ... An unprivileged userland application is also able to control where it is sending its multicast traffic (without mucking with the routing table) by using the sockopt IP_MULTICAST_IF. It can specify the address (or interface specifier in the case of IPv6) of any interface on the machine. Note that this interface isn't necessarily the one that it has a membership on. It is possible to send to all interfaces at present by repeatedly calling setsockopt() and sending the packet for each interface. In reality, this is a bit of a hassle for the application programmer since you can only send out on one interface at a time. Listening and changing forwarding behavior based on the IGMP membership of other nodes on an interface is handled by mrouted and similar tools. But this only affects forwarding, not initial transmission direction which is in the bailiwick of sending application. > > 2. How is "appropriate" defined - by administrator choice or by some > > inherent property of the interface hardware type? > > ... > For the multicast case, a membership must exist for the interface in question. > [I haven't written the multicast hack yet, but mdodd@ requested it.] This may not jive with above. It is perfectly legitimate at present to be sending multicast traffic out on an interface that has no memberships attached to it. In my own ideal world, sockopt IP_MULTICAST_IF could be set with some magic value (all-ones?) to cause multicast transmission to go to all multicast-capable interfaces. As opposed to needing hit another knob elsewhere, since this one already has the "control where I send stuff out" purpose. (Pardon me ignoring the broadcast case here...) -- William A. Carrel From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 18:15:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFFC016A4CF for ; Tue, 18 Nov 2003 18:15:10 -0800 (PST) Received: from hoemail1.firewall.lucent.com (hoemail1.lucent.com [192.11.226.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19D5B43FE3 for ; Tue, 18 Nov 2003 18:15:09 -0800 (PST) (envelope-from huanliu@lucent.com) Received: from jp0001exch001u.wins.lucent.com (h135-254-9-254.lucent.com [135.254.9.254])ESMTP id hAJ2DqF17738 for ; Tue, 18 Nov 2003 20:14:20 -0600 (CST) Received: by JP0001EXCH001U with Internet Mail Service (5.5.2657.72) id ; Wed, 19 Nov 2003 11:13:49 +0900 Message-ID: <0CBE0287994CD311A6AC00508B0ABDE60FC50E0A@JP0001EXCH001U> From: "Liu, Huan (Huan)" To: "'freebsd-net@FreeBSD.ORG'" Date: Wed, 19 Nov 2003 11:13:47 +0900 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-2022-JP" Subject: re-queue delay line in ip_dummynet.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 02:15:10 -0000 I'd like to give a pipe random delay time and re-queue packets in delay-line according to their output_time, However I always get fatal error when packets go through pipe. I guess the code get match condition when re-queue the delay line while other process may be sending a packet and delete it from delay line at same time. Here is what I modified in ip_dummynet.c float mydelay; /*cast integer random() to float*/ /* added for re-queue delay chain in move_pkt*/ struct dn_pkt *mypkt, *prepkt; static void move_pkt(struct dn_pkt *pkt, struct dn_flow_queue *q, struct dn_pipe *p, int len) { q->head = DN_NEXT(pkt) ; q->len-- ; q->len_bytes -= len ; /* example, delay 9010ms, will delay random interval range 0~10ms*/ if(p->delay >= 9000) { mydelay = random(); pkt->output_time = curr_time + (int)((mydelay/0x7fffffff)*(p->delay-9000)); } else pkt->output_time = curr_time + p->delay; if (p->head == NULL) { p->head = pkt; p->tail = pkt; } else { mypkt = p->head; prepkt = NULL; while(mypkt != NULL) { if(pkt->output_time < mypkt->output_time) { if(prepkt == NULL) { DN_NEXT(pkt) = mypkt; p->head = pkt; } else { DN_NEXT(pkt) = mypkt; DN_NEXT(prepkt) = pkt; } /* printf("no problem in move_pkt, re-chain delay line. \n"); */ break; } prepkt = mypkt; mypkt = DN_NEXT(prepkt); } if(mypkt == NULL) { DN_NEXT(p->tail) = pkt; p->tail = pkt; } } DN_NEXT(p->tail) = NULL; } I set ipfw add 500 pipe 1 icmp from 135.254.62.218 to 135.254.61.230 ipfw add 501 pipe 2 icmp from 135.254.62.230 to 135.254.61.218 ipfw pipe 1 config delay 9020ms ipfw pipe 2 config delay 9020ms Then I ping 135.254.62.218 from 135.254.61.230, the icmp will go through this freeBSD machine, after a well, the machine got page fault error and reboot. Any comment will be appreciated, I'd like to know if it's possible to re-queue delay-line. No problem found if only giving each packet a random delay time without re-queue delay line. Thanks. Huan Liu From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 21:00:26 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6415616A4CE; Tue, 18 Nov 2003 21:00:26 -0800 (PST) Received: from perrin.nxad.com (internal.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 574CC43FBF; Tue, 18 Nov 2003 21:00:25 -0800 (PST) (envelope-from sean@nxad.com) Received: by perrin.nxad.com (Postfix, from userid 1001) id B2CB52106A; Tue, 18 Nov 2003 20:59:46 -0800 (PST) Date: Tue, 18 Nov 2003 20:59:46 -0800 From: Sean Chittenden To: Eugene Message-ID: <20031119045946.GA58883@perrin.nxad.com> References: <200311181553.16274.eugene3@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311181553.16274.eugene3@web.de> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i cc: mobile@FreeBSD.org cc: freebsd-ports@freebsd.org cc: net@FreeBSD.org Subject: Re: bsd-airtools update to 0.3 important for freebsd5 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 05:00:26 -0000 > http://dachb0den.com/users/h1kari/work/.0-day/bsd-airtools-v0.3.tgz > > that one works without any problems so far on my machine # uname -a FreeBSD localhost 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Mon Nov 17 15:08:10 PST 2003 sean@localhost:/usr/obj/usr/src/sys/POSDELLAPTOP i386 # dmesg -a | grep wi0 wi0: at port 0x100-0x13f irq 11 function 0 config 1 on pccard0 wi0: 802.11 address: 00:30:ab:11:f6:88 wi0: using RF:PRISM2 MAC:HFA3841 CARD:HWB3163 rev.A wi0: Intersil Firmware: Primary (0.3.0), Station (0.8.3) wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps # dstumbler wi0 -o [dstumbler fires up and works beautifully] Sweet! Where'd you find this version of bsd-airtools? Regardless, the port has been updated, thank you. -sc ____________________________________ / dstumbler is back in the hizouse!! \ \ (or some such laughable nonsense) / ------------------------------------ \ , , \ /( )` \ \ \___ / | /- _ `-/ ' (/\/ \ \ /\ / / | ` \ O O ) / | `-^--'`< ' (_.) _ ) / `.___/` / `-----' / <----. __ / __ \ <----|====O)))==) \) /==== <----' `--' `.__,' \ | | \ / ______( (_ / \______ ,' ,-----' | \ `--{__________) \/ -- Sean Chittenden From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 23:07:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1544C16A4CE for ; Tue, 18 Nov 2003 23:07:30 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85CFF43FBF for ; Tue, 18 Nov 2003 23:07:28 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (12-234-156-182.client.attbi.com[12.234.156.182]) by comcast.net (sccrmhc12) with ESMTP id <2003111907072701200nvs2ce>; Wed, 19 Nov 2003 07:07:27 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hAJ77ksb012965 for ; Tue, 18 Nov 2003 23:07:46 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hAJ77kSN012964 for net@freebsd.org; Tue, 18 Nov 2003 23:07:46 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Tue, 18 Nov 2003 23:07:45 -0800 From: "Crist J. Clark" To: net@freebsd.org Message-ID: <20031119070745.GE10828@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ Subject: netgraph(3) NGM_KSOCKET_BIND X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 07:07:30 -0000 OK, an easy one. I am trying to do some netgraph(3) coding in userland. From how I read the documentation, this should work. Before I go learn all of the netraph(4) kernel code to understand the error message, could someone tell me how this is supposed to look? I'm sure it's something obvious that I have missed. The attached test program returns, # ./ngtest ngtest: failed to bind ksocket: Invalid argument The program, #include #include #include #include #include #include #include #include #include #include #include #include #include #define DEFAULT_PORT 10000 #define OUR_HOOK_CTL "ctl_hook" int main() { int cs, ds; struct sockaddr_in laddr; struct ngm_mkpeer ngmkp; if (NgMkSockNode(NULL, &cs, &ds) == -1) err(errno, "failed to create netgraph socket"); strcpy(ngmkp.type, NG_KSOCKET_NODE_TYPE); strcpy(ngmkp.ourhook, OUR_HOOK_CTL); strcpy(ngmkp.peerhook, "inet/dgram/udp"); if (NgSendMsg(cs, ".", NGM_GENERIC_COOKIE, NGM_MKPEER, &ngmkp, sizeof ngmkp) == -1) err(errno, "failed to create ksocket node"); bzero(&laddr, sizeof laddr); laddr.sin_family = AF_INET; laddr.sin_addr.s_addr = INADDR_ANY; laddr.sin_port = htons(DEFAULT_PORT); if (NgSendMsg(cs, OUR_HOOK_CTL, NGM_KSOCKET_COOKIE, NGM_KSOCKET_BIND, &laddr, sizeof laddr) == -1) err(errno, "failed to bind ksocket"); return 0; } -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 07:42:30 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C00016A4CE for ; Wed, 19 Nov 2003 07:42:30 -0800 (PST) Received: from globus.sberbank.odtel.net (globus.sberbank.odtel.net [195.138.164.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2397E43FD7 for ; Wed, 19 Nov 2003 07:42:28 -0800 (PST) (envelope-from lipton@mail.od.ua) Date: Wed, 19 Nov 2003 17:47:43 +0200 From: lipton Message-ID: <42236656.20031119174743@mail.od.ua> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: ppp dial-up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: lipton List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 15:42:30 -0000 Hello.Please help me in one question. I have a problem with configuring ppp. when I enter ppp -auto demand it automatically starts to dial. Logs show, that it happens when treating line add 0 0 127.2.2.2 by ICMP packet from port 135. I can block triggering by this type of packets, but if I do that no dialing happens. Commands like this: telnet some.host.in.www give something like host unreachable and modem do not start to dial if unblock packet, dialing start immediatly -- Best regards, lipton mailto:lipton@mail.od.ua From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 13:03:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A456716A4CE for ; Wed, 19 Nov 2003 13:03:18 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id D723043FF3 for ; Wed, 19 Nov 2003 13:03:17 -0800 (PST) (envelope-from ahoff@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Wed, 19 Nov 2003 16:03:13 -0500 Message-ID: From: Alex Hoff To: "'freebsd-net@freebsd.org'" Date: Wed, 19 Nov 2003 16:03:12 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: Multicast stats and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 21:03:18 -0000 So I was doing some counter and general ifMib testing and I set up a bridge with two PCs on either side sending data through the two bridged interfaces. It was working fine until I noticed that the bridge will only count incoming broadcast and multicast pkts. ie they come in if1 and are counted correctly in the stack and bridge stats, but then as they leave, they are no longer counted in the stack as nonunicast packets, but as unicast. They appear as unicast in both the stack and the bridge stats. (the packets that are sent are still multicast, its just the stats that appear wrong) What is the desired behavior of a multicast(and broadcast) pkt traveling through a bridge? Change it to count it going in *and* out? Or is there some reason, that I dont know about, for the current stat counting heuristics? Thanks, Alex Hoff From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 13:14:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53AC716A4CE; Wed, 19 Nov 2003 13:14:25 -0800 (PST) Received: from blake.polstra.com (dsl081-189-066.sea1.dsl.speakeasy.net [64.81.189.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4889843FBF; Wed, 19 Nov 2003 13:14:22 -0800 (PST) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (dsl081-189-067.sea1.dsl.speakeasy.net [64.81.189.67]) by blake.polstra.com (8.12.9p2/8.12.9) with ESMTP id hAJLEL8b087450; Wed, 19 Nov 2003 13:14:21 -0800 (PST) (envelope-from jdp@polstra.com) Message-ID: X-Mailer: XFMail 1.5.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20031119070745.GE10828@blossom.cjclark.org> Date: Wed, 19 Nov 2003 13:14:21 -0800 (PST) From: John Polstra To: "Crist J. Clark" X-Bogosity: No, tests=bogofilter, spamicity=0.326135, version=0.14.5 cc: net@freebsd.org Subject: RE: netgraph(3) NGM_KSOCKET_BIND X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 21:14:25 -0000 On 19-Nov-2003 Crist J. Clark wrote: > OK, an easy one. I am trying to do some netgraph(3) coding in > userland. From how I read the documentation, this should work. Before > I go learn all of the netraph(4) kernel code to understand the error > message, could someone tell me how this is supposed to look? I'm sure > it's something obvious that I have missed. > > The attached test program returns, > > # ./ngtest > ngtest: failed to bind ksocket: Invalid argument [...] > bzero(&laddr, sizeof laddr); > laddr.sin_family = AF_INET; > laddr.sin_addr.s_addr = INADDR_ANY; > laddr.sin_port = htons(DEFAULT_PORT); > if (NgSendMsg(cs, OUR_HOOK_CTL, NGM_KSOCKET_COOKIE, NGM_KSOCKET_BIND, > &laddr, sizeof laddr) == -1) > err(errno, "failed to bind ksocket"); I think the problem might be that you forgot to set the "sin_len" member of the sockaddr_in struct. I don't see anything else glaringly wrong. John From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 13:45:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A915B16A4CE for ; Wed, 19 Nov 2003 13:45:17 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BB6143FCB for ; Wed, 19 Nov 2003 13:45:16 -0800 (PST) (envelope-from ahoff@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Wed, 19 Nov 2003 16:45:15 -0500 Message-ID: From: Alex Hoff To: 'Bruce M Simpson' Date: Wed, 19 Nov 2003 16:45:15 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-net@freebsd.org'" Subject: RE: Multicast stats and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 21:45:17 -0000 well I want my stats to match, so I can follow the data. For example, lets say I send 1000 multicasts packets from pc A through bridge B to pc C. I want the stats for multicasts packets to add up - Incoming 1000 mcast pkts on A-B interface and 1000 outgoing mcasts packets on the B-C interface. (And Im strictly talking about stack counters). Right now they are getting counted as unicast when they leave the bridge. Does that make more sense? Sorry if I was not clear before. -----Original Message----- From: Bruce M Simpson [mailto:bms@spc.org] Sent: Wednesday, November 19, 2003 4:41 PM To: Alex Hoff Cc: 'freebsd-net@freebsd.org' Subject: Re: Multicast stats and bridging On Wed, Nov 19, 2003 at 04:03:12PM -0500, Alex Hoff wrote: > What is the desired behavior of a multicast(and broadcast) pkt traveling > through a bridge? Change it to count it going in *and* out? Or is there some > reason, that I dont know about, for the current stat counting heuristics? The bridge driver doesn't look at the packet destinations after the bdg_forward() call to BDG_STAT(), but it does in bridge_in(). Question is, why would you want to count bridged packets by their class of destination twice? BMS From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 14:00:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB50616A4CF for ; Wed, 19 Nov 2003 14:00:16 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 842F843FA3 for ; Wed, 19 Nov 2003 14:00:15 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id B0C6C6538E; Wed, 19 Nov 2003 21:41:01 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 64631-06-14; Wed, 19 Nov 2003 21:41:01 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 8EE1965292; Wed, 19 Nov 2003 21:41:00 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 7885E11; Wed, 19 Nov 2003 21:40:43 +0000 (GMT) Date: Wed, 19 Nov 2003 21:40:43 +0000 From: Bruce M Simpson To: Alex Hoff Message-ID: <20031119214043.GB80768@saboteur.dek.spc.org> Mail-Followup-To: Alex Hoff , "'freebsd-net@freebsd.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: cc: "'freebsd-net@freebsd.org'" Subject: Re: Multicast stats and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 22:00:16 -0000 On Wed, Nov 19, 2003 at 04:03:12PM -0500, Alex Hoff wrote: > What is the desired behavior of a multicast(and broadcast) pkt traveling > through a bridge? Change it to count it going in *and* out? Or is there some > reason, that I dont know about, for the current stat counting heuristics? The bridge driver doesn't look at the packet destinations after the bdg_forward() call to BDG_STAT(), but it does in bridge_in(). Question is, why would you want to count bridged packets by their class of destination twice? BMS From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 14:50:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF02616A4CE for ; Wed, 19 Nov 2003 14:50:54 -0800 (PST) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22B0643FDD for ; Wed, 19 Nov 2003 14:50:53 -0800 (PST) (envelope-from freebsd-net@m.gmane.org) Received: from root by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AMb9v-0006BZ-00 for ; Wed, 19 Nov 2003 23:50:51 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AMaoO-0005qN-00 for ; Wed, 19 Nov 2003 23:28:36 +0100 Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AMaoO-0003MU-00 for ; Wed, 19 Nov 2003 23:28:36 +0100 From: William Carrel Date: Wed, 19 Nov 2003 14:28:36 -0800 Organization: Infospace Inc. Lines: 28 Message-ID: References: X-Complaints-To: usenet@sea.gmane.org Posted-And-Mailed: yes User-Agent: MT-NewsWatcher/3.3b1 (PPC Mac OS X) Sender: news Subject: Re: Multicast stats and bridging X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2003 22:50:54 -0000 In article , Alex Hoff wrote: > well I want my stats to match, so I can follow the data. For example, lets > say I send 1000 multicasts packets from pc A through bridge B to pc C. I > want the stats for multicasts packets to add up - Incoming 1000 mcast pkts > on A-B interface and 1000 outgoing mcasts packets on the B-C interface. (And > Im strictly talking about stack counters). Right now they are getting > counted as unicast when they leave the bridge. Does that make more sense? > Sorry if I was not clear before. The logic to record these packets differently would be needed to be inserted into src/sys/net/bridge.c:bdg_forward(). >From cursory reading of the code though, the destination is only recorded on incoming packets. All outgoing packets forwarded out an interface are just counted as BDG_OUT. To have BDG_MCAST counted both in and out packets would introduce some complexity to trying to make sense of those numbers. Besides, unless the interface is full or some other error condition all multicast (and broadcast) packets will be bridged. If an error results bdg_dropped will be incremented. In sum, it isn't really "counted as unicast" at all. It's simply counted as an outgoing packet, just like all the other outgoing packets. -- William A. Carrel From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 17:08:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43AC816A4CE; Wed, 19 Nov 2003 17:08:16 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A78E43F3F; Wed, 19 Nov 2003 17:08:14 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1); Thu, 20 Nov 2003 01:04:38 +0000 Message-ID: <01ab01c3af02$caa85250$0b4e1151@blackbox> From: "Colin Watson" To: , Date: Thu, 20 Nov 2003 01:08:21 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: Connecting subnet over PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 01:08:16 -0000 Hi, I am using the userland ppp with pppoe daemon to setup a pppoe server to authenticate incoming clients. I want to route a /29 subnet (81.19.79.24/29) to a client. Now I authenticate via a radius server, which frames the IP, Protocol, and route attributes: Framed-Protocol = PPP Framed-IP-Address = 81.19.79.25 Framed-Route = 81.19.79.24/29 81.19.79.25 1 This appears to assign the connection without problem, and the machines on the clients side of the network, when assigned one of the subnet's IP's have no issue pinging out to all hosts. However, when a remote PC attempts to access one of the public IP's - i.e. ping it - this fails. The FreeBSD Gateway / PPPoE Server shows lots of ARP unable to resolve messages - I presume this means it cannot find a mac address for the client. I have checked the routing table - netstat -ran, and an entry is created for the subnet in question (via the returned radius attributes): Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire: 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0 81.19.79.25 81.19.78.1 UH 0 256 tun0 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients subnet pinging out, shows that the replies are occuring: 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo request 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo reply However, if this role is reversed, and a remote IP - in this case 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC on the client network: 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo request The client uses a D-Link Router which is set to allow all traffic - It is of course possible this is misconfigured, however I would like to know if this configuration *should* be working, or if I have made some grevious error somewhere, which is preventing the traffic reaching the clients network. Many Thanks Colin Watson. From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 18:42:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8BB116A4CF for ; Wed, 19 Nov 2003 18:42:14 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1F1543FDF for ; Wed, 19 Nov 2003 18:42:13 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-24-6-186-224.client.comcast.net[24.6.186.224]) by comcast.net (rwcrmhc12) with ESMTP id <2003112002421301400ejh2ae>; Thu, 20 Nov 2003 02:42:13 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id hAK2gWsb048984; Wed, 19 Nov 2003 18:42:32 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id hAK2gWOX048983; Wed, 19 Nov 2003 18:42:32 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Wed, 19 Nov 2003 18:42:32 -0800 From: "Crist J. Clark" To: John Polstra Message-ID: <20031120024232.GB48914@blossom.cjclark.org> References: <20031119070745.GE10828@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: net@freebsd.org Subject: Re: netgraph(3) NGM_KSOCKET_BIND X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjc@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 02:42:14 -0000 On Wed, Nov 19, 2003 at 01:14:21PM -0800, John Polstra wrote: > On 19-Nov-2003 Crist J. Clark wrote: > > OK, an easy one. I am trying to do some netgraph(3) coding in > > userland. From how I read the documentation, this should work. Before > > I go learn all of the netraph(4) kernel code to understand the error > > message, could someone tell me how this is supposed to look? I'm sure > > it's something obvious that I have missed. > > > > The attached test program returns, > > > > # ./ngtest > > ngtest: failed to bind ksocket: Invalid argument > [...] > > bzero(&laddr, sizeof laddr); > > laddr.sin_family = AF_INET; > > laddr.sin_addr.s_addr = INADDR_ANY; > > laddr.sin_port = htons(DEFAULT_PORT); > > if (NgSendMsg(cs, OUR_HOOK_CTL, NGM_KSOCKET_COOKIE, NGM_KSOCKET_BIND, > > &laddr, sizeof laddr) == -1) > > err(errno, "failed to bind ksocket"); > > I think the problem might be that you forgot to set the "sin_len" > member of the sockaddr_in struct. I don't see anything else > glaringly wrong. Duh. That was it. Thanks. I didn't think I had messed up the sockaddr_in because I stuck a plain ol' bind(2) call in there as a test, and it worked. It didn't seem to care I forgot to set sin_len. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 21:10:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5C6E16A4CE for ; Wed, 19 Nov 2003 21:10:34 -0800 (PST) Received: from mail.colba.net (mail.colba.net [207.107.221.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B54F43FB1 for ; Wed, 19 Nov 2003 21:10:33 -0800 (PST) (envelope-from blauziere@altern.org) Received: from altern.org (bhd3-s7.mtl.colba.net [207.107.153.17]) by mail.colba.net (8.12.10/8.12.10) with ESMTP id hAK5AXfq026962 for ; Thu, 20 Nov 2003 00:10:34 -0500 (EST) Message-ID: <3FBC4CC8.2050903@altern.org> Date: Thu, 20 Nov 2003 00:10:32 -0500 From: =?ISO-8859-1?Q?Benjamin_Lauzi=E8re?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Simple Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 05:10:34 -0000 I just set-up a simple router under FreeBSD 4.9, everything works fine but if I check my logs I have a lot of line similar to this: Nov 19 22:00:20 Blah /kernel: arp: 192.168.1.1 is on lnc0 but got reply from [some mac address] on lnc1 The IP 192.168.1.1 Is a gateway What is the cause of this message ? Regards, Benjamin Lauzière From owner-freebsd-net@FreeBSD.ORG Wed Nov 19 22:31:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4897E16A4CF; Wed, 19 Nov 2003 22:31:24 -0800 (PST) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D79643F3F; Wed, 19 Nov 2003 22:31:21 -0800 (PST) (envelope-from will@unfoldings.net) Received: from [127.0.0.1] (helo=localhost) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AMiLT-000Eqi-9J; Thu, 20 Nov 2003 08:31:15 +0200 Received: from apollo.laserfence.net ([127.0.0.1]) by localhost (apollo.laserfence.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54921-06; Thu, 20 Nov 2003 08:30:58 +0200 (SAST) Received: from [192.168.255.1] (helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.24; FreeBSD) id 1AMiL9-000EqQ-S6; Thu, 20 Nov 2003 08:30:57 +0200 Received: from arista.home.laserfence.net ([192.168.0.10] helo=arista) by prometheus.home.laserfence.net with smtp (Exim 4.10) id 1AMiL3-000Nn0-00; Thu, 20 Nov 2003 08:30:49 +0200 Message-ID: <01e301c3af2f$ee2a2910$0a00a8c0@arista> From: "Willie Viljoen" To: "Colin Watson" , , References: <01ab01c3af02$caa85250$0b4e1151@blackbox> Date: Thu, 20 Nov 2003 08:31:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-new at laserfence.net Subject: Re: Connecting subnet over PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 06:31:24 -0000 If you are seeing ARP requests for a subnet which is routed, it is more than likely that some router somewhere doesn't know it is routed. ARP requests are only sent when a system is trying to contact an IP address *it* believes to be on the same physical network as itself. Make sure routers on your side (before the FreeBSD box) know to route that subnet via the BSD box. Also, make sure the subnet mask on the D-Link router at the client side is configured correctly. If all else fails, you might want to try doing proxyarp with pppoed, this is problematic at best though, and should not be used if there is a router on the other side, only if clients are routing directly via your pppoed, and if the addresses are actually on a physical network on your side, and to be "mirrored" to them. This is the wrong way to do it, but it is supported, as many ISPs did this in the past... it was the only way to do it with Windows NT RAS servers. Will ----- Original Message ----- From: "Colin Watson" To: ; Sent: Thursday, November 20, 2003 3:08 AM Subject: Connecting subnet over PPP > Hi, > I am using the userland ppp with pppoe daemon to setup a pppoe server to > authenticate incoming clients. I want to route a /29 subnet (81.19.79.24/29) > to a client. Now I authenticate via a radius server, which frames the IP, > Protocol, and route attributes: > > Framed-Protocol = PPP > Framed-IP-Address = 81.19.79.25 > Framed-Route = 81.19.79.24/29 81.19.79.25 1 > > This appears to assign the connection without problem, and the machines on > the clients side of the network, when assigned one of the subnet's IP's have > no issue pinging out to all hosts. However, when a remote PC attempts to > access one of the public IP's - i.e. ping it - this fails. The FreeBSD > Gateway / PPPoE Server shows lots of ARP unable to resolve messages - I > presume this means it cannot find a mac address for the client. I have > checked the routing table - netstat -ran, and an entry is created for the > subnet in question (via the returned radius attributes): > > Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire: > > 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0 > 81.19.79.25 81.19.78.1 UH 0 256 tun0 > 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 > > A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients > subnet pinging out, shows that the replies are occuring: > > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo > request > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo reply > > However, if this role is reversed, and a remote IP - in this case > 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC on > the client network: > > 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > request > > The client uses a D-Link Router which is set to allow all traffic - It is of > course possible this is misconfigured, however I would like to know if this > configuration *should* be working, or if I have made some grevious error > somewhere, which is preventing the traffic reaching the clients network. > > Many Thanks > > Colin Watson. > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 04:41:13 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CC0D16A4CE for ; Thu, 20 Nov 2003 04:41:13 -0800 (PST) Received: from mail.alkar.net (mail.alkar.net [195.248.191.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3102C43FD7 for ; Thu, 20 Nov 2003 04:41:11 -0800 (PST) (envelope-from mav@alkar.net) Received: from [212.86.226.11] (HELO alkar.net) by mail.alkar.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 122166898 for freebsd-net@freebsd.org; Thu, 20 Nov 2003 14:39:38 +0200 Message-ID: <3FBCB60A.5040706@alkar.net> Date: Thu, 20 Nov 2003 14:39:38 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5b) Gecko/20030913 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: dummynet & IP fragmentation bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 12:41:13 -0000 Hello. I have one strange problem with dummynet & IP fragmentation. I have FreeBSD 4.8-RELEASE router with few interfaces: em0: flags=8843 mtu 1500 options=3 inet 195.248.191.172 netmask 0xffffffc0 broadcast 195.248.191.191 ether 00:30:48:20:8e:7e media: Ethernet autoselect (1000baseTX ) status: active ng4: flags=88d1 mtu 1492 inet 195.248.191.172 --> 212.86.231.58 netmask 0xffffffff Interface ng4 have MTU 1492 because it is PPPoE link. When I do not use dummynet on router and somebody send a big (>1492bytes) packet to 212.86.231.58 with DontFragment flag set router generates ICMP reply message (Fragmentation Needed). This is correct. But when I use dummynet on that interface: 10170 pipe 10009 ip from any to any out xmit ng4 10175 allow ip from any to any via ng4 10009: 128.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp 195.248.191.65/53 212.86.231.58/1118 50965 28380582 0 0 143 router stops sending that ICMP messages. Pipe is not overflowed at that tme, it is empty. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 06:29:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06BCA16A4CE; Thu, 20 Nov 2003 06:29:52 -0800 (PST) Received: from mail.lambdabroadband.com (mail.lambdabroadband.com [81.17.78.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D45743F75; Thu, 20 Nov 2003 06:29:45 -0800 (PST) (envelope-from sb.mailinglist@lambdabroadband.com) Received: from blackbox ([81.17.78.11]) by mail.lambdabroadband.com (Kerio MailServer 5.7.1); Thu, 20 Nov 2003 14:25:39 +0000 Message-ID: <002a01c3af72$b2dee330$0b4e1151@blackbox> From: "Colin Watson" To: "Willie Viljoen" References: <01ab01c3af02$caa85250$0b4e1151@blackbox> <01e301c3af2f$ee2a2910$0a00a8c0@arista> Date: Thu, 20 Nov 2003 14:29:25 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 cc: freebsd-net@freebsd.org cc: freebsd-questions@FreeBSD.ORG Subject: Re: Connecting subnet over PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Watson List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 14:29:52 -0000 As I understand it, proxy ARP answers ARP requests on behalf of the connected parties - Thus ensuring the PPPoE box collates all traffic from foreign hosts? I have already implemented proxyarp option in ppp, assuming that it would be necessary for all traffic to be directed to the PPPoE server, where it would then decide which tun(nel) interface to stuff it down? - Why is this problematic exactly? Surely, the world will shift traffic to the PPPoE box, that will then look up the routing table to determine how to reach the subnet that is asked for (e.g a /29 of a /24 address block)? Could you explain why this is wrong, and an incorrect way to do it? Not sure I've fully grasped the bad points of PPPoE. And do most ISP's not do it in this way these days then? Is there another way DSL ISP's provide their clients with routed IP ranges over PPPoA/PPPoE ? Many Thanks Colin. ----- Original Message ----- From: "Willie Viljoen" To: "Colin Watson" ; ; Sent: Thursday, November 20, 2003 6:31 AM Subject: Re: Connecting subnet over PPP > If you are seeing ARP requests for a subnet which is routed, it is more than > likely that some router somewhere doesn't know it is routed. ARP requests > are only sent when a system is trying to contact an IP address *it* believes > to be on the same physical network as itself. Make sure routers on your side > (before the FreeBSD box) know to route that subnet via the BSD box. Also, > make sure the subnet mask on the D-Link router at the client side is > configured correctly. > > If all else fails, you might want to try doing proxyarp with pppoed, this is > problematic at best though, and should not be used if there is a router on > the other side, only if clients are routing directly via your pppoed, and if > the addresses are actually on a physical network on your side, and to be > "mirrored" to them. This is the wrong way to do it, but it is supported, as > many ISPs did this in the past... it was the only way to do it with Windows > NT RAS servers. > > Will > ----- Original Message ----- > From: "Colin Watson" > To: ; > Sent: Thursday, November 20, 2003 3:08 AM > Subject: Connecting subnet over PPP > > > > Hi, > > I am using the userland ppp with pppoe daemon to setup a pppoe server > to > > authenticate incoming clients. I want to route a /29 subnet > (81.19.79.24/29) > > to a client. Now I authenticate via a radius server, which frames the IP, > > Protocol, and route attributes: > > > > Framed-Protocol = PPP > > Framed-IP-Address = 81.19.79.25 > > Framed-Route = 81.19.79.24/29 81.19.79.25 1 > > > > This appears to assign the connection without problem, and the machines on > > the clients side of the network, when assigned one of the subnet's IP's > have > > no issue pinging out to all hosts. However, when a remote PC attempts to > > access one of the public IP's - i.e. ping it - this fails. The FreeBSD > > Gateway / PPPoE Server shows lots of ARP unable to resolve messages - I > > presume this means it cannot find a mac address for the client. I have > > checked the routing table - netstat -ran, and an entry is created for the > > subnet in question (via the returned radius attributes): > > > > Internet Dest: Gateway: Flags: Refs: Use: Netif: Expire: > > > > 81.19.79.24/29 81.19.79.25 UGSc 1 147 tun0 > > 81.19.79.25 81.19.78.1 UH 0 256 tun0 > > 81.19.79.25 00:05:5b:71.. UHLS2 0 0 ste1 > > > > A tcpdump of 'ste0' (the PPPoE Daemon Interface) from an IP the clients > > subnet pinging out, shows that the replies are occuring: > > > > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.25 > 81.19.79.34: icmp: echo > > request > > 17:29:28.984831 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > reply > > > > However, if this role is reversed, and a remote IP - in this case > > 81.19.79.34 (on a different /27 (32->63) network) attempts to ping a PC on > > the client network: > > > > 17:37:45.214386 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > > request > > 17:37:45.221413 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > > request > > 17:37:45.223422 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > > request > > 17:37:45.321455 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > > request > > 17:37:45.623212 PPPoE [ses 0x1b] 81.19.79.34 > 81.19.79.25: icmp: echo > > request > > > > The client uses a D-Link Router which is set to allow all traffic - It is > of > > course possible this is misconfigured, however I would like to know if > this > > configuration *should* be working, or if I have made some grevious error > > somewhere, which is preventing the traffic reaching the clients network. > > > > Many Thanks > > > > Colin Watson. > > > > > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 08:43:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6BD216A4D0 for ; Thu, 20 Nov 2003 08:43:45 -0800 (PST) Received: from kraid.nerim.net (smtp-104-thursday.nerim.net [62.4.16.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBB1D43FEC for ; Thu, 20 Nov 2003 08:43:42 -0800 (PST) (envelope-from eberkut@minithins.net) Received: from lotus.plug-it.com (lotus.plug-it.com [62.212.108.163]) by kraid.nerim.net (Postfix) with ESMTP id 77895419B9 for ; Thu, 20 Nov 2003 17:43:40 +0100 (CET) Received: by lotus.plug-it.com (Postfix, from userid 11) id 8B949400E; Thu, 20 Nov 2003 17:45:00 +0100 (CET) X-Scanned-By: Plug-It Antivirus System. Received: from mail.plug-it.com (LOCALHOST [127.0.0.1]) by lotus.plug-it.com (Postfix) with SMTP id 72399401B for ; Thu, 20 Nov 2003 17:44:56 +0100 (CET) Received: from eberkut.adsl.speka.net ([213.41.155.24]) (SquirrelMail authenticated user eberkut) by mail.plug-it.com with HTTP; Thu, 20 Nov 2003 17:44:57 +0100 (CET) Message-ID: <1555.213.41.155.24.1069346697.squirrel@mail.plug-it.com> In-Reply-To: <3FBC4CC8.2050903@altern.org> References: <3FBC4CC8.2050903@altern.org> Date: Thu, 20 Nov 2003 17:44:57 +0100 (CET) From: "eberkut" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal X-Spam-Status: No, hits=-4.9 required=6.0 tests=BAYES_01,IN_REP_TO,MSG_ID_ADDED_BY_MTA_3,PRIORITY_NO_NAME, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES,USER_AGENT version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Re: Simple Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: eberkut@minithins.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 16:43:46 -0000 > I just set-up a simple router under FreeBSD 4.9, everything works fine > but > if I check my logs I have a lot of line similar to this: > > Nov 19 22:00:20 Blah /kernel: arp: 192.168.1.1 is on lnc0 but got reply > from [some mac address] on lnc1 > > The IP 192.168.1.1 Is a gateway > > What is the cause of this message ? hmm it means you have two interfaces connected to the same subnet. AFAIK it's nothing but annoying. You can disable these log messages like this : # sysctl -w net.link.ether.inet.log_arp_wrong_iface=0 --ebk "you can tune a file system but you can't tune a fish" (man 8 tunefs, BUGS) . BUGfr, BSD User Group francophone, http://www.bug-fr.org From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 12:56:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5513616A4CE for ; Thu, 20 Nov 2003 12:56:27 -0800 (PST) Received: from hotmail.com (law15-f111.law15.hotmail.com [64.4.23.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id B800D43F3F for ; Thu, 20 Nov 2003 12:56:26 -0800 (PST) (envelope-from soze_kizer@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 20 Nov 2003 12:56:26 -0800 Received: from 12.41.61.138 by lw15fd.law15.hotmail.msn.com with HTTP; Thu, 20 Nov 2003 20:56:26 GMT X-Originating-IP: [12.41.61.138] X-Originating-Email: [soze_kizer@hotmail.com] From: "charles pelletier" To: freebsd-net@freebsd.org Date: Thu, 20 Nov 2003 14:56:26 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 20 Nov 2003 20:56:26.0671 (UTC) FILETIME=[C38D9BF0:01C3AFA8] Subject: ip addressing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 20:56:27 -0000 I'm hoping someone here can answer this question as regards IPs etc. I realize this is probably a Windows related issue but I was hoping someone here could explain, in terms of networking, what could be occuring.. When connected via PPPoE, this issue occurs: No matter the User/Pass, ipconfig pulls exactly the same IP address along w/ a 255.255.255.255 subnet. The PPPoE connection is a dynamic connection so the IP pulled should never be the same. Could this be a problem with the DHClient? The reason I ask is that a connection is made but no route is able to occur. Thanks for any help, Charlie _________________________________________________________________ >From the hottest toys to tips on keeping fit this winter, you’ll find a range of helpful holiday info here. http://special.msn.com/network/happyholidays.armx From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 14:50:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7261216A4CE for ; Thu, 20 Nov 2003 14:50:14 -0800 (PST) Received: from kozlik.carrier.kiev.ua (kozlik.carrier.kiev.ua [193.193.193.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id A90AE43FCB for ; Thu, 20 Nov 2003 14:50:12 -0800 (PST) (envelope-from mavr@mavhome.dp.ua) Received: from news.lucky.net (IDENT:root@news.lucky.net [193.193.193.102]) by kozlik.carrier.kiev.ua with ESMTP id hBKMo7Jd013195 for ; Fri, 21 Nov 2003 00:50:09 +0200 (EET) (envelope-from mavr@mavhome.dp.ua) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id ARI01195 for freebsd-net@freebsd.org; Fri, 21 Nov 2003 00:45:04 +0200 (envelope-from mavr@mavhome.dp.ua) From: Alexander Motin To: freebsd-net@freebsd.org Date: Fri, 21 Nov 2003 00:16:59 +0200 Organization: Alkar Teleport News Server Message-ID: <3FBD3D5B.8010103@mavhome.dp.ua> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: pandora.alkar.net 1069366618 82915 195.248.178.122 (20 Nov 2003 22:16:58 GMT) X-Complaints-To: abuse@alkar.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030827 X-Accept-Language: ru, uk, en-us, en In-Reply-To: X-Verify-Sender: verified Subject: Re: ip addressing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 22:50:14 -0000 charles pelletier wrote: > I'm hoping someone here can answer this question as regards IPs etc. > > I realize this is probably a Windows related issue but I was hoping > someone here could explain, in terms of networking, what could be > occuring.. > > When connected via PPPoE, this issue occurs: > No matter the User/Pass, ipconfig pulls exactly the same IP address > along w/ a 255.255.255.255 subnet. > The PPPoE connection is a dynamic connection so the IP pulled should > never be the same. > Could this be a problem with the DHClient? The reason I ask is that a > connection is made but no route is able to occur. PPPoE connection as in any other PPP uses not DHCP protocol but uses IPCP protocol to NEGOTIATE connection parameters. Each side of connection can try to give some parameters to other and each other can take/allow them or not. What about same IP - you can try to look in your PPPoE log for IPCP negotiation process and try to find what side offers using of this IP. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 18:39:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E6AF16A4CE for ; Thu, 20 Nov 2003 18:39:54 -0800 (PST) Received: from dukas.upc.es (dukas.upc.es [147.83.2.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EA7343FEA for ; Thu, 20 Nov 2003 18:39:52 -0800 (PST) (envelope-from alexis@asterx.upc.es) Received: from localhost (localhost [127.0.0.1]) by dukas.upc.es (8.12.10/8.12.10) with ESMTP id hAL2dmFT021725 for ; Fri, 21 Nov 2003 03:39:48 +0100 (MET) Received: from dukas.upc.es ([127.0.0.1]) by localhost (dukas [127.0.0.1]) (amavisd-new, port 10023) with LMTP id 20728-02-10 for ; Fri, 21 Nov 2003 03:39:47 +0100 (MET) Received: from asterx.upc.es (asterx.upc.es [147.83.114.186]) by dukas.upc.es (8.12.10/8.12.10) with ESMTP id hAL2bRfm020773 for ; Fri, 21 Nov 2003 03:37:28 +0100 (MET) Received: by asterx.upc.es (Postfix, from userid 2006) id C71F5C4752; Fri, 21 Nov 2003 03:37:26 +0100 (CET) Date: Fri, 21 Nov 2003 03:37:26 +0100 From: ALeXiS AsTeRX To: freebsd-net@freebsd.org Message-ID: <20031121023726.GA98095@asterx.upc.es> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.5.1i Subject: How to make a USB wireless adapter device work in FreeBSD (DWL-120)? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 02:39:54 -0000 Hi, I'm quite new to FreeBSD, and I would like to know how to make a D-Link (DWL-120) USB wireless adapter work in FreeBSD, or at least whether there is any driver supporting that, or something in development currently.. Because in Linux I made it work (with the Atmel driver), but in FreeBSD I don't know how to do that. Could I make something to the Atmel driver I used for Linux and make it work in Free? dmesg says ugen0: D-Link product 0x3200, rev 1.10/1.00, addr 2 ugen0: at uhub1 port 1 (addr 2) disconnected And in /usr/src/sys/dev/usb/usbdevs /* Atmel Comp. products */ product ATMEL UHB124 0x3301 UHB124 hub product ATMEL DWL120 0x7602 DWL-120 Wireless adapter Thank you. Alexis From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 02:07:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78F1516A4CE for ; Fri, 21 Nov 2003 02:07:44 -0800 (PST) Received: from nap.net.id (smtp.nap.net.id [202.59.163.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE77243F3F for ; Fri, 21 Nov 2003 02:07:41 -0800 (PST) (envelope-from hilman@nap.net.id) Received: from hilman (didyma.nap.net.id [202.59.163.78]) by nap.net.id (8.12.6/8.11.3) with SMTP id hALH7cI8051485 for ; Fri, 21 Nov 2003 17:07:38 GMT (envelope-from hilman@nap.net.id) From: hilman firmansyah Message-ID: <05c301c3b018$741eb8e0$4ea33bca@hilman> To: References: <20031121023726.GA98095@asterx.upc.es> Date: Fri, 21 Nov 2003 17:15:56 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Fail OVer routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 10:07:44 -0000 Is there any method for fail over routing ( not dymanic routing protocols ) . 1 Corporate office connetcted via wireless fast link and adsl low speed. IF the wireless down , the routing move to low speed adsl. And when the wireless Up the routing move back to the wireless link regards, Hilman F From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 03:26:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE5A416A4CE; Fri, 21 Nov 2003 03:26:49 -0800 (PST) Received: from kozlik.carrier.kiev.ua (kozlik.carrier.kiev.ua [193.193.193.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A56343FE0; Fri, 21 Nov 2003 03:26:44 -0800 (PST) (envelope-from mav@alkar.net) Received: from news.lucky.net (IDENT:root@news.lucky.net [193.193.193.102]) by kozlik.carrier.kiev.ua with ESMTP id hBLBQdpq017274; Fri, 21 Nov 2003 13:26:40 +0200 (EET) (envelope-from mav@alkar.net) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id NII02277; Fri, 21 Nov 2003 13:21:37 +0200 (envelope-from mav@alkar.net) From: Alexander Motin To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Date: Fri, 21 Nov 2003 12:52:50 +0200 Organization: Alkar Teleport News Server Message-ID: <3FBDEE82.3020504@alkar.net> References: <3FBCCA12.1000906@alkar.net.lucky.freebsd.ipfw> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: pandora.alkar.net 1069411970 68264 212.86.226.11 (21 Nov 2003 10:52:50 GMT) X-Complaints-To: abuse@alkar.net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5b) Gecko/20030913 X-Accept-Language: ru, en-us, en In-Reply-To: <3FBCCA12.1000906@alkar.net.lucky.freebsd.ipfw> X-Verify-Sender: verified Subject: Re: dummynet & IP fragmentation bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 11:26:50 -0000 I successfully reproduced this on few different 4.8 routers. Does anybody knows what is this? How to fix or workaround this problem? Alexander Motin wrote: > I have one strange problem with dummynet & IP fragmentation. > > I have FreeBSD 4.8-RELEASE router with few interfaces: > em0: flags=8843 mtu 1500 > options=3 > inet 195.248.191.172 netmask 0xffffffc0 broadcast 195.248.191.191 > ether 00:30:48:20:8e:7e > media: Ethernet autoselect (1000baseTX ) > status: active > ng4: flags=88d1 mtu 1492 > inet 195.248.191.172 --> 212.86.231.58 netmask 0xffffffff > > Interface ng4 have MTU 1492 because it is PPPoE link. > When I do not use dummynet on router and somebody send a big > (>1492bytes) packet to 212.86.231.58 with DontFragment flag set router > generates ICMP reply message (Fragmentation Needed). This is correct. > > But when I use dummynet on that interface: > 10170 pipe 10009 ip from any to any out xmit ng4 > 10175 allow ip from any to any via ng4 > > 10009: 128.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 udp 195.248.191.65/53 212.86.231.58/1118 50965 28380582 0 > 0 143 > > router stops sending that ICMP messages. Pipe is not overflowed at that > tme, it is empty. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 07:44:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BE6F16A4CE for ; Fri, 21 Nov 2003 07:44:43 -0800 (PST) Received: from e028121.vtacs.vt.edu (e028121.vtacs.vt.edu [63.164.28.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7054443F3F for ; Fri, 21 Nov 2003 07:44:42 -0800 (PST) (envelope-from cgaylord@vt.edu) Received: from vt.edu (toady [10.0.1.3]) by e028121.vtacs.vt.edu (Postfix) with ESMTP id 96A8DEA4F for ; Fri, 21 Nov 2003 10:44:39 -0500 (EST) Message-ID: <3FBE32E7.1080102@vt.edu> Date: Fri, 21 Nov 2003 10:44:39 -0500 From: Clark Gaylord User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20030925 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20031121023726.GA98095@asterx.upc.es> <05c301c3b018$741eb8e0$4ea33bca@hilman> In-Reply-To: <05c301c3b018$741eb8e0$4ea33bca@hilman> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Fail OVer routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 15:44:43 -0000 yes, it is called a dynamic routing protocol. --ckg hilman firmansyah wrote: > Is there any method for fail over routing ( not dymanic routing protocols ) > . > 1 Corporate office connetcted via wireless fast link and adsl low speed. > IF the wireless down , the routing move to low speed adsl. > And when the wireless Up the routing move back to the wireless link > > regards, > > > Hilman F > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 08:15:18 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C10AB16A4CE for ; Fri, 21 Nov 2003 08:15:18 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEFE943FCB for ; Fri, 21 Nov 2003 08:15:17 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng8.kundenserver.de with esmtp (Exim 3.35 #1) id 1ANDvz-0007kW-00; Fri, 21 Nov 2003 17:15:03 +0100 Received: from [217.83.5.34] (helo=max2400) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1ANDvz-00009A-00; Fri, 21 Nov 2003 17:15:03 +0100 Date: Fri, 21 Nov 2003 17:14:58 +0100 From: Max Laier X-Mailer: The Bat! (v2.00) UNREG / CD5BF9353B3B7091 Organization: n/a X-Priority: 3 (Normal) Message-ID: <10511332765.20031121171458@love2party.net> To: hilman firmansyah In-Reply-To: <05c301c3b018$741eb8e0$4ea33bca@hilman> References: <20031121023726.GA98095@asterx.upc.es> <05c301c3b018$741eb8e0$4ea33bca@hilman> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:4b2e7ab3d2b0288c188cf4bdedd09034 cc: freebsd-net@freebsd.org Subject: Re: Fail OVer routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Max Laier List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 16:15:18 -0000 > Is there any method for fail over routing ( not dymanic routing protocols ) > 1 Corporate office connetcted via wireless fast link and adsl low speed. > IF the wireless down , the routing move to low speed adsl. > And when the wireless Up the routing move back to the wireless link You need a userland process to monitor the link-state anyways so you can have it change your routes as well, can't you? -- Best regards, Max mailto:max@love2party.net From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 11:50:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3EAC16A4CE for ; Fri, 21 Nov 2003 11:50:16 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F89643F85 for ; Fri, 21 Nov 2003 11:50:15 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 3077F6520C; Fri, 21 Nov 2003 10:46:14 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 83514-04-5; Fri, 21 Nov 2003 10:46:13 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 9828A651FA; Fri, 21 Nov 2003 10:46:12 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 7C0FA1B; Fri, 21 Nov 2003 10:46:11 +0000 (GMT) Date: Fri, 21 Nov 2003 10:46:10 +0000 From: Bruce M Simpson To: hilman firmansyah Message-ID: <20031121104610.GD88923@saboteur.dek.spc.org> Mail-Followup-To: hilman firmansyah , freebsd-net@freebsd.org References: <20031121023726.GA98095@asterx.upc.es> <05c301c3b018$741eb8e0$4ea33bca@hilman> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <05c301c3b018$741eb8e0$4ea33bca@hilman> cc: freebsd-net@freebsd.org Subject: Re: Fail OVer routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 19:50:16 -0000 On Fri, Nov 21, 2003 at 05:15:56PM +0700, hilman firmansyah wrote: > Is there any method for fail over routing ( not dymanic routing protocols ) > . > 1 Corporate office connetcted via wireless fast link and adsl low speed. > IF the wireless down , the routing move to low speed adsl. > And when the wireless Up the routing move back to the wireless link VRRP might do what you need. If not, you'll need to roll some scripts. BMS From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 11:56:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E80916A4CE for ; Fri, 21 Nov 2003 11:56:50 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 5F9D143FB1 for ; Fri, 21 Nov 2003 11:56:49 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 75665 invoked from network); 21 Nov 2003 19:56:48 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 21 Nov 2003 19:56:48 -0000 Message-ID: <3FBE6DFF.2090208@tenebras.com> Date: Fri, 21 Nov 2003 11:56:47 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <20031121023726.GA98095@asterx.upc.es> <05c301c3b018$741eb8e0$4ea33bca@hilman> <20031121104610.GD88923@saboteur.dek.spc.org> In-Reply-To: <20031121104610.GD88923@saboteur.dek.spc.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Fail OVer routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 19:56:50 -0000 Bruce M Simpson wrote: > On Fri, Nov 21, 2003 at 05:15:56PM +0700, hilman firmansyah wrote: > >>Is there any method for fail over routing ( not dymanic routing protocols ) >>. >> 1 Corporate office connetcted via wireless fast link and adsl low speed. >>IF the wireless down , the routing move to low speed adsl. >>And when the wireless Up the routing move back to the wireless link > > > VRRP might do what you need. If not, you'll need to roll some scripts. VRRP will need help -- you'll need to NAT source addrs appropriately so packets get back to you via the route they leave. And there's no way of preserving open connections. From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 22:36:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F03416A4CE for ; Fri, 21 Nov 2003 22:36:45 -0800 (PST) Received: from dino.dnsalias.com (h24-80-253-172.vc.shawcable.net [24.80.253.172]) by mx1.FreeBSD.org (Postfix) with SMTP id E79E843FE0 for ; Fri, 21 Nov 2003 22:36:41 -0800 (PST) (envelope-from stephen@dino.dnsalias.com) Received: (qmail 31014 invoked from network); 22 Nov 2003 06:36:40 -0000 Received: from unknown (HELO anakin.) (192.168.2.4) by dino.dnsalias.com with SMTP; 22 Nov 2003 06:36:40 -0000 Received: (from stephen@localhost) by anakin. (8.11.6/8.11.6) id hAM6ZsK30178; Fri, 21 Nov 2003 22:35:54 -0800 From: "Stephen J. Bevan" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16319.970.22297.204715@anakin.> Date: Fri, 21 Nov 2003 22:35:54 -0800 To: cjclark@alum.mit.edu In-Reply-To: <20031114201246.GA62521@blossom.cjclark.org> References: <20031114163654.GB61960@blossom.cjclark.org> <200311141722.SAA19138@galaxy.hbg.de.ao-srv.com> <20031114201246.GA62521@blossom.cjclark.org> X-Mailer: VM 7.07 under Emacs 21.2.1 cc: freebsd-isp@freebsd.org cc: freebsd-ipfw@freebsd.org cc: vgoupil@alis.com cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_address) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 06:36:45 -0000 Crist J. Clark writes: > Two different ESP end points behind many-to-one NAT connected to a > single ESP end point on the other side of the NAT? I'd be very curious > to get the documentation on how they are cheating to get that to work. A cheat is to use the sequence number in the ESP header to matchup the SPI on the inbound packet with the SPI on the outbound packet. This only works if the NAT box doesn't have multiple ESP connections all starting at the same time (otherwise there would obviously be no way to tell which outbound SPI a packet with ESP sequence number 1 should match). A workaround for that is to have the NAT box delay the IKE negotiation for one connection if another one has not completed and resulted in traffic being sent. It all has a bit of a bad smell to it but then NAT isn't exactly sweet smelling either. From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 23:56:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BEFE16A4CE for ; Fri, 21 Nov 2003 23:56:02 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0DEC43FBF for ; Fri, 21 Nov 2003 23:56:00 -0800 (PST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAM7tjm5070508; Sat, 22 Nov 2003 02:55:45 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hAM7tjUr034178; Sat, 22 Nov 2003 02:55:45 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.1.1.0.20031121221443.08ed0860@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Sat, 22 Nov 2003 03:00:53 -0500 To: freebsd-net@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new Subject: Broken ppp LQR - FreeBSD or ERX ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 07:56:02 -0000 I have been trying to track down a rather old mystery as to why when using PPPoE via userland PPP the daemon would not be able to detect if the DSL connection was down when the other side was a Juniper ERX. The same machines when using mpd works fine and can detect via LCP echos if the link is down. Also, both mpd and ppp work correctly when talking PPPoE to an SMS. Looking through the logs, it would appear that LQR doesnt work against the ERX (ie the ERX is broken) or FreeBSD's LQR is broken, or the two dont like each other. According to the man page, When LQR is enabled, ppp sends the QUALPROTO option (see ``set lqrperiod'' below) as part of the LCP request. If the peer agrees, both sides will exchange LQR packets at the agreed frequency, allowing detailed link quality monitoring by enabling LQM logging. If the peer doesn't agree, ppp will send ECHO LQR requests instead. These packets pass no information of interest, but they MUST be replied to by the peer. So, there is a sort of "Plan A" and "Plan B". e.g on a session against an ERX Mov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: deflink: Will send LQR every 10.00 secs Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: deflink: Output: Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: Magic: 860c0808 LastOutLQRs: 00000000 Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: LastOutPackets: 00000000 LastOutOctets: 00000000 Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: PeerInLQRs: 00000000 PeerInPackets: 00000006 Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: PeerInDiscards: 00000000 PeerInErrors: 00000000 Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: PeerInOctets: 00000076 PeerOutLQRs: 00000001 Nov 22 02:34:04 datawest3 ppp.prev[52036]: tun0: LQM: PeerOutPackets: 0000000a PeerOutOctets: 00000141 Looking at the source code this implies the LQM_LQR method. Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: deflink: Output (again): Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: Magic: 860c0808 LastOutLQRs: 00000000 Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: LastOutPackets: 00000000 LastOutOctets: 00000000 Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: PeerInLQRs: 00000000 PeerInPackets: 00000011 Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: PeerInDiscards: 00000000 PeerInErrors: 00000000 Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: PeerInOctets: 00000196 PeerOutLQRs: 00000001 Nov 22 02:34:44 datawest3 ppp.prev[52036]: tun0: LQM: PeerOutPackets: 00000017 PeerOutOctets: 000002ef Nov 22 02:34:48 datawest3 ppp.prev[52036]: tun0: LCP: deflink: RecvEchoRequest(4) state = Opened Nov 22 02:34:48 datawest3 ppp.prev[52036]: tun0: LCP: deflink: SendEchoReply(4) state = Opened Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: deflink: Output (again): Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: Magic: 860c0808 LastOutLQRs: 00000000 Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: LastOutPackets: 00000000 LastOutOctets: 00000000 Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: PeerInLQRs: 00000000 PeerInPackets: 00000012 Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: PeerInDiscards: 00000000 PeerInErrors: 00000000 Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: PeerInOctets: 000001a5 PeerOutLQRs: 00000001 Nov 22 02:34:55 datawest3 ppp.prev[52036]: tun0: LQM: PeerOutPackets: 00000019 PeerOutOctets: 00000335 Nov 22 02:34:58 datawest3 ppp.prev[52036]: tun0: LCP: deflink: RecvEchoRequest(5) state = Opened Nov 22 02:34:58 datawest3 ppp.prev[52036]: tun0: LCP: deflink: SendEchoReply(5) state = Opened Nov 22 02:35:05 datawest3 ppp.prev[52036]: tun0: Phase: deflink: ** Too many LQR packets lost ** Nov 22 02:35:05 datawest3 ppp.prev[52036]: tun0: LQM: deflink: Too many LQR packets lost Nov 22 02:35:05 datawest3 ppp.prev[52036]: tun0: CCP: deflink: State change Stopped --> Closed But as you can see from the logs, it doesnt work. The host never responds and ppp hangs up even though it really is connected. This compared to a connection against an SMS Nov 22 02:38:02 gastest ppp[5018]: tun0: LQM: deflink: LQR/ECHO LQR not negotiated Note in this case, ppp reverts to "plan B" where it will just send LCP echos. Now, getting back to the machine that connects to the ERX, if I make the following change to the source code, datawest3# diff -u lcp.c lcp.c.patch --- lcp.c Sat Aug 31 22:12:28 2002 +++ lcp.c.patch Fri Nov 21 19:50:07 2003 @@ -575,6 +575,11 @@ log_Printf(LogLCP, "%s: LayerUp\n", fp->link->name); physical_SetAsyncParams(p, lcp->want_accmap, lcp->his_accmap); lqr_Start(lcp); + + + p->hdlc.lqm.method = LQM_ECHO; + + hdlc_StartTimer(&p->hdlc); fp->more.reqs = fp->more.naks = fp->more.rejs = lcp->cfg.fsm.maxreq * 3; datawest3# i.e. to force "plan b", where it just uses LCP echos everything against the ERX works! It sends and receives LCP echo requests just fine, and if it does not hear 5 back in a row, it determines the links is down. As a work around, is there any way to force the LQM_ECHO method through the ppp.conf ? Has anyone else run into this ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike From owner-freebsd-net@FreeBSD.ORG Sat Nov 22 02:05:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E6B016A4CE for ; Sat, 22 Nov 2003 02:05:45 -0800 (PST) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id D23AD43F93 for ; Sat, 22 Nov 2003 02:05:43 -0800 (PST) (envelope-from fbsdfalacy@shaw.ca) Received: from pd5mr4so.prod.shaw.ca (pd5mr4so-qfe3.prod.shaw.ca [10.0.141.168]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HOR00BBZ01IMK@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 03:05:42 -0700 (MST) Received: from pn2ml8so.prod.shaw.ca (pn2ml8so-qfe0.prod.shaw.ca [10.0.121.152]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HOR00MBT01IR3@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 03:05:42 -0700 (MST) Received: from 192.168.1.101 (h24-82-12-10.vw.shawcable.net [24.82.12.10]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HOR0094O01HS9@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 03:05:42 -0700 (MST) Date: Sat, 22 Nov 2003 02:05:31 +0000 From: falacy To: freebsd-net@freebsd.org Message-id: <200311220205.31860.fBSDfalacy@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: KMail/1.5.2 Subject: 5.1-R plip0 issue (BSD --> Linux) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 10:05:45 -0000 Hello all, Seems that I am unable to do a few a things with the TCP/IP over parallel that I would like to. I have setup my laptop using a linux-linux combo and it pings just nicely, so I know that a plip connection will work on the hardware once I figure it out. Here are my issues, There isn't a plip0 device node in /dev, but device ppc device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device are called in my kernel config. This is rather disturbing. This seems to be the real issue. I went through the handbook and used the 4.x method to setup the parallel port connection, using the lp0 device node, but that simply does not work in 5.1 apperently. I have not had any luck creating a plip0 device node to use either, as the HB only states the 4.x method to creating device nodes. I also understand that use plip (called lp0) with linux under freeBSD 4.x, freeBSD needed to have 'ifconfig_lp0 link0' called, but I am not sure if this is the case for the plip0 too (in freeBSD 5.1). Nor, in either case, am I sure where I would call link0.... My setup in /etc/rc.conf looks like this (and would work in 4.x from what I have read), interfaces="lo0 xl0 lp0" ifconfig_xl0="inet 127.0.0.1 netmask 0xffff0000" ifconfig_lp0="inet 192.168.1.5 192.168.1.9 netmask 0xffffff00" Can we find a way to make this system work with 5.1? Quite frankly, I'm at my wits end when it comes to this. I like FreeBSD, but if I can't figure this out, it would be well worth my while to just go back to slackware, I guess. I don't really want to do that however :) Thanks in advance, Rob. From owner-freebsd-net@FreeBSD.ORG Sat Nov 22 07:08:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AE9716A4CE for ; Sat, 22 Nov 2003 07:08:29 -0800 (PST) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B13A43FAF for ; Sat, 22 Nov 2003 07:08:28 -0800 (PST) (envelope-from fbsdfalacy@shaw.ca) Received: from pd2mr1so.prod.shaw.ca (pd2mr1so-ser.prod.shaw.ca [10.0.141.110])2003)) with ESMTP id <0HOR00EKAE239M@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 08:08:27 -0700 (MST) Received: from pn2ml5so.prod.shaw.ca (pn2ml5so-qfe0.prod.shaw.ca [10.0.121.149]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HOR00DAME23VI@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 08:08:27 -0700 (MST) Received: from 192.168.1.101 (h24-82-12-10.vw.shawcable.net [24.82.12.10]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HOR00392E22NB@l-daemon> for freebsd-net@freebsd.org; Sat, 22 Nov 2003 08:08:27 -0700 (MST) Date: Sat, 22 Nov 2003 07:08:15 +0000 From: falacy To: freebsd-net@freebsd.org Message-id: <200311220708.15262.fBSDfalacy@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: KMail/1.5.2 Subject: 5.1-R plip0 issue (BSD --> Linux) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 15:08:29 -0000 Well... guess what I just did... Anyone who is hooking up a slackware linux box to a freeBSD 5.1 system over the parallel port, skip the hand book all together and add the following lines to your /etc/rc.conf file, interfaces="lo0 xl0 lp0" ifconfig_xl0="inet 127.0.0.1 netmask 0xffff0000" ifconfig_lp0="inet 192.168.1.5 192.168.1.9 netmask 0xffffff00 link0" The 'link0' is the key, as it changes the order in which packets are observed, so that the BSD machine reads em like a linux box! Here's to answering one's own questions by typing 'shutdown -r now' :) Rob. From owner-freebsd-net@FreeBSD.ORG Sat Nov 22 07:37:56 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE8F516A4CE for ; Sat, 22 Nov 2003 07:37:56 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5BA843FE1 for ; Sat, 22 Nov 2003 07:37:52 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 0F849651EE; Sat, 22 Nov 2003 15:37:52 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 01455-02-2; Sat, 22 Nov 2003 15:37:51 +0000 (GMT) Received: from saboteur.dek.spc.org (unknown [82.147.19.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 671CD651EB; Sat, 22 Nov 2003 15:37:51 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 978AC1B; Sat, 22 Nov 2003 15:37:50 +0000 (GMT) Date: Sat, 22 Nov 2003 15:37:50 +0000 From: Bruce M Simpson To: falacy Message-ID: <20031122153750.GC23796@saboteur.dek.spc.org> Mail-Followup-To: falacy , freebsd-net@freebsd.org References: <200311220708.15262.fBSDfalacy@shaw.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200311220708.15262.fBSDfalacy@shaw.ca> cc: freebsd-net@freebsd.org Subject: Re: 5.1-R plip0 issue (BSD --> Linux) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 15:37:56 -0000 On Sat, Nov 22, 2003 at 07:08:15AM +0000, falacy wrote: > Anyone who is hooking up a slackware linux box to a freeBSD 5.1 system over > the parallel port, skip the hand book all together and add the following > lines to your /etc/rc.conf file, The answer has been in the plip(4) man page all along, perhaps encouraging people not to read documentation is a bad thing? BMS From owner-freebsd-net@FreeBSD.ORG Sat Nov 22 07:58:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F7E716A4CE for ; Sat, 22 Nov 2003 07:58:58 -0800 (PST) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 989DA43FD7 for ; Sat, 22 Nov 2003 07:58:54 -0800 (PST) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id hAMFu9vf032941 for freebsd-net@freebsd.org.checked; (8.12.8/vak/2.1) Sat, 22 Nov 2003 18:56:09 +0300 (MSK) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru with ESMTP id hAMFt5Vb032903 for ; (8.12.8/vak/2.1) Sat, 22 Nov 2003 18:55:05 +0300 (MSK) (envelope-from rik@cronyx.ru) Message-ID: <3FBF8792.4070001@cronyx.ru> Date: Sat, 22 Nov 2003 18:58:10 +0300 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4a) Gecko/20030401 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: SPPP netgraph node. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 15:58:58 -0000 Hi, Latest version of sppp-to-netgraph (ng_sppp) node could be found at http://www.inse.ru/~rik/ng_sppp/ng_sppp-1.2.tgz As previous version this package is made as a patch over FreeBSD sources. Only FreeBSD 5.x supported, but if some one wants to use it with other versions, please contact me and I will add support for those versions. PS. Could some one add it to FreeBSD source tree? Best regards, Roman Kurakin From owner-freebsd-net@FreeBSD.ORG Sat Nov 22 10:35:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8B5316A4CE for ; Sat, 22 Nov 2003 10:35:09 -0800 (PST) Received: from mx1.mail.uk.clara.net (mx1.mail.uk.clara.net [195.8.69.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3BB143F85 for ; Sat, 22 Nov 2003 10:35:07 -0800 (PST) (envelope-from david@carter-hitchin.clara.co.uk) Received: from du-028-0191.claranet.co.uk ([195.8.84.191] helo=stoat.clara.net) by mx1.mail.uk.clara.net with esmtp (Exim 4.24) id 1ANcae-000PoE-BC; Sat, 22 Nov 2003 18:34:54 +0000 Received: from stoat.clara.net (localhost [127.0.0.1]) by stoat.clara.net (8.12.8p2/8.12.8) with ESMTP id hAMJQWkQ063752; Sat, 22 Nov 2003 19:26:32 GMT (envelope-from david@carter-hitchin.clara.co.uk) Received: from localhost (david@localhost)hAMJQWVQ063749; Sat, 22 Nov 2003 19:26:32 GMT (envelope-from david@carter-hitchin.clara.co.uk) X-Authentication-Warning: stoat.clara.net: david owned process doing -bs Date: Sat, 22 Nov 2003 19:26:32 +0000 (GMT) From: David Carter-Hitchin X-Sender: david@stoat.clara.net To: lipton In-Reply-To: <42236656.20031119174743@mail.od.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: ppp dial-up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2003 18:35:10 -0000 Hi, I had this exact same problem and tracked it down to IPv6. Exactly what the issue was with IPv6 I don't know, but as I didn't need it I just turned it off in the kernel and that solved the problem. I should get around to submitting a pr but I haven't had a great deal of time... besides it would be good to actually understand why ipv6 interacts with ppp like this on a standard setup. David On Wed, 19 Nov 2003, lipton wrote: > Hello.Please help me in one question. > I have a problem with configuring ppp. when I enter > ppp -auto demand > it automatically starts to dial. Logs show, that it happens when > treating line > add 0 0 127.2.2.2 > by ICMP packet from port 135. > I can block triggering by this type of packets, but if I do that > no dialing happens. Commands like this: > telnet some.host.in.www give something like > > host unreachable > and modem do not start to dial > if unblock packet, dialing start immediatly > > -- > Best regards, > lipton mailto:lipton@mail.od.ua > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >