From owner-freebsd-net@FreeBSD.ORG Thu May 20 00:59:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D290216A4CE for ; Thu, 20 May 2004 00:59:30 -0700 (PDT) Received: from mails.tsinghua.edu.cn (mails.tsinghua.edu.cn [166.111.8.16]) by mx1.FreeBSD.org (Postfix) with SMTP id CE6B043D49 for ; Thu, 20 May 2004 00:59:29 -0700 (PDT) (envelope-from lguohan00@mails.tsinghua.edu.cn) Received: (eyou send program); Thu, 20 May 2004 15:54:35 +0800 Message-ID: <285039675.14715@mails.tsinghua.edu.cn> Received: from unknown (HELO mails.tsinghua.edu.cn) (unknown@127.0.0.1) by 127.0.0.1 with SMTP; Thu, 20 May 2004 15:54:35 +0800 X-scanvirus: By Symantec Scan Engine X-scanresult: CLEAN Received: (eqmail ); 20 May 2004 07:54:33 -0000 Received: from unknown (HELO garfield) (lguohan00@210.25.128.102) by mails.tsinghua.edu.cn with SMTP; 20 May 2004 07:54:33 -0000 From: "Guohan Lu" To: "'kwl02r'" Message-ID: <002c01c43e40$40b7e880$668019d2@garfield> MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <284957134.04599@mails.tsinghua.edu.cn> Importance: Normal X-Mailman-Approved-At: Thu, 20 May 2004 05:00:46 -0700 cc: freebsd-net@freebsd.org Subject: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 20 May 2004 07:59:30 -0000 X-Original-Date: Thu, 20 May 2004 15:58:34 +0800 X-List-Received-Date: Thu, 20 May 2004 07:59:30 -0000 > 3. Did TCP timer (detect 200 or 500 ms each time) doing the same job > under the LINUX kernel? > 4. Any web or book can find detail describe at source code about TCP > timer under both FreeBSD and Linux kernel? Pasi Sarolahti and Alexey Kuznetsov, "Congestion Control in Linux TCP", 2002 USENIX Annual Technical Conference. says a little about TCP timers in Linux Kernel. > > Thanks > > Calvin > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To > unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Guohan From owner-freebsd-net@FreeBSD.ORG Sun Jun 27 10:26:49 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE01E16A4CE for ; Sun, 27 Jun 2004 10:26:48 +0000 (GMT) Received: from mx.noos.fr (pm-mx1.mgn.net [195.46.220.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BF1243D39 for ; Sun, 27 Jun 2004 10:26:48 +0000 (GMT) (envelope-from spe@selectbourse.net) Received: from noos.fr (pm-mnet1 [195.46.220.220]) by mx.noos.fr (Postfix) with SMTP id 9CD8026CF7; Sun, 27 Jun 2004 12:26:21 +0200 (MEST) X-Mailbox-Line: From spe@selectbourse.net Sun Jun 27 12:26:21 2004 Received: from vbfh36k0ylxwllv (vbfh36k0ylxwllv [212.198.51.64]) by pm-mnet1.mgn.net with ESMTP; Sun, 27 Jun 2004 12:26:21 (MEST) Message-ID: <002b01c45c31$3c4e16c0$6400a8c0@vbfh36k0ylxwllv> From: "Sebastien Petit" To: "Bruno Afonso" , References: <40DA5A12.6080106@dequim.ist.utl.pt> Date: Sun, 27 Jun 2004 12:26:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2739.300 cc: spe@bsdfr.org Subject: Re: FreeVRRPD problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2004 10:26:49 -0000 Hi Bruno, Perhaps rls interfaces doesn't support monitored circuits. Try to add this option : monitoredcircuits = no If this does not work, try to set useVMAC to no and sendgratuitousarp to yes. Regards, Sebastien. -- spe@selectbourse.net ----- Original Message ----- From: "Bruno Afonso" To: Cc: Sent: Thursday, June 24, 2004 6:35 AM Subject: FreeVRRPD problem > Hello, > > I'm trying to have failover with a couple boxes and they're basically > doing NAT and firewalling. 1 box has a couple fxp and the other a couple > rls. Is this supposed to be a problem for freevrrpd? > > Only fxp box actually can use the fail-over ips. The backup box cannot > use them if we start freevrrp deamon without starting on the master > first and it's impossible to have network access to. > > Further more, if we have master and start backup, it all goes ok. If > master goes down, backup never takes over and backup is from now one > impossible to access. > > Main box: 5.2.1-p5 > backup box: 5.0 > > Config for the fxp box: > > [VRID] > serverid = 2 > interface = fxp0 > priority = 255 > addr = 10.10.0.1/32 > password = passie > useVMAC = yes > carriertimeout = 10 > spanningtreelatency = 40 > #sendgratuitousarp = yes > #masterscript = "/usr/local/bin/master_script.sh" > #backupscript = "/usr/local/bin/backup_script.sh" > vridsdep = 1 > > [VRID] > serverid = 1 > interface = fxp1 > priority = 255 > addr = x.x.x.253/32 > password = passie > useVMAC = yes > carriertimeout = 10 > spanningtreelatency = 40 > #sendgratuitousarp = yes > #masterscript = "/usr/local/bin/master_script.sh" > #backupscript = "/usr/local/bin/backup_script.sh" > vridsdep = 2 > > > backup box: > > [VRID] > serverid = 2 > interface = rl0 > priority = 250 > addr = 10.10.0.1/32 > password = passie > useVMAC = yes > carriertimeout = 10 > spanningtreelatency = 40 > #sendgratuitousarp = yes > #masterscript = "/usr/local/bin/master_script.sh" > #backupscript = "/usr/local/bin/backup_script.sh" > vridsdep = 1 > > [VRID] > serverid = 1 > interface = rl1 > priority = 250 > addr = x.x.x.253/32 > password = passie > useVMAC = yes > carriertimeout = 10 > spanningtreelatency = 40 > #sendgratuitousarp = yes > #masterscript = "/usr/local/bin/master_script.sh" > #backupscript = "/usr/local/bin/backup_script.sh" > vridsdep = 2 > > > I'm using freevrrpd from CVS. > > On both machines, I get in /var/log/messages, gazillions of > > "all errors are cleared on interface xxx" > > There's not any particular information in backup box saying something > went wrong... > > Any ideas ? > > BA > > -- > Bruno Miguel Afonso > Biological Eng. student > D.E.Q. @ I.S.T. - Portugal > GnuPG Public key: http://dequim.ist.utl.pt/~bruno/gpg > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 00:25:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DF4B16A4CE for ; Mon, 28 Jun 2004 00:25:52 +0000 (GMT) Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12C3F43D1F for ; Mon, 28 Jun 2004 00:25:52 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from [10.10.59.250] (unknown [81.84.198.170]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gecea.ist.utl.pt (Postfix) with ESMTP id B222440BB; Mon, 28 Jun 2004 01:25:36 +0100 (WEST) Message-ID: <40DF6571.7050406@dequim.ist.utl.pt> Date: Mon, 28 Jun 2004 01:25:21 +0100 From: Bruno Afonso User-Agent: Mozilla Thunderbird 0.7 (X11/20040619) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sebastien Petit References: <40DA5A12.6080106@dequim.ist.utl.pt> <002b01c45c31$3c4e16c0$6400a8c0@vbfh36k0ylxwllv> In-Reply-To: <002b01c45c31$3c4e16c0$6400a8c0@vbfh36k0ylxwllv> X-Enigmail-Version: 0.84.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPD problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 00:25:52 -0000 Sebastien Petit wrote: > Hi Bruno, > > Perhaps rls interfaces doesn't support monitored circuits. Try to add this > option : monitoredcircuits = no > If this does not work, try to set useVMAC to no and sendgratuitousarp to > yes. Ok, disabling monitoredcircuits seems to be working fine. I'll do some more experiments to confirm it when I can. :-) thanks -- Bruno Miguel Afonso Biological Eng. student D.E.Q. @ I.S.T. - Portugal GnuPG Public key: http://dequim.ist.utl.pt/~bruno/gpg From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 11:02:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E93016A4CF for ; Mon, 28 Jun 2004 11:02:48 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 413D143D2F for ; Mon, 28 Jun 2004 11:02:48 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i5SB2Ex6003906 for ; Mon, 28 Jun 2004 11:02:14 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5SB2EZV003900 for freebsd-net@freebsd.org; Mon, 28 Jun 2004 11:02:14 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 28 Jun 2004 11:02:14 GMT Message-Id: <200406281102.i5SB2EZV003900@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 11:02:48 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [1999/11/26] kern/15095 net TCP's advertised window is not scaled imm o [2001/02/08] kern/24959 net proper TCP_NOPUSH/TCP_CORK compatibility o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 3 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 11:04:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4791B16A4CE for ; Mon, 28 Jun 2004 11:04:51 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C5FE43D3F for ; Mon, 28 Jun 2004 11:04:51 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i5SB3Xv8005209 for ; Mon, 28 Jun 2004 11:03:33 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5SB3WGB005203 for net@freebsd.org; Mon, 28 Jun 2004 11:03:32 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 28 Jun 2004 11:03:32 GMT Message-Id: <200406281103.i5SB3WGB005203@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 11:04:51 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2000/12/09] kern/23400 net IPsec transport mode precludes filtering 1 problem total. Non-critical problems From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 21:40:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1C0416A4CE for ; Mon, 28 Jun 2004 21:40:25 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A984043D2D for ; Mon, 28 Jun 2004 21:40:25 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i5SLeP15087348 for ; Mon, 28 Jun 2004 21:40:25 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5SLeNxL087321; Mon, 28 Jun 2004 21:40:23 GMT (envelope-from gnats) Date: Mon, 28 Jun 2004 21:40:23 GMT Message-Id: <200406282140.i5SLeNxL087321@freefall.freebsd.org> To: net@FreeBSD.org From: "Bjoern A. Zeeb" Subject: Re: kern/23400: IPsec transport mode precludes filtering onunderlying transport header X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 21:40:25 -0000 The following reply was made to PR kern/23400; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: freebsd-gnats-submit@FreeBSD.org, seraf@2600.com Cc: Subject: Re: kern/23400: IPsec transport mode precludes filtering on underlying transport header Date: Mon, 28 Jun 2004 21:25:28 +0000 (UTC) > o [2000/12/09] kern/23400 net IPsec transport mode precludes filtering I think this one can be closed. We can do filtering of IP encapsulated in IPSec since http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.34 resp. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.51 with the ipsec flag. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 22:10:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CD0D16A4D0; Mon, 28 Jun 2004 22:10:21 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CABB43D31; Mon, 28 Jun 2004 22:10:21 +0000 (GMT) (envelope-from andre@FreeBSD.org) Received: from freefall.freebsd.org (andre@localhost [127.0.0.1]) i5SMALDl092443; Mon, 28 Jun 2004 22:10:21 GMT (envelope-from andre@freefall.freebsd.org) Received: (from andre@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i5SMALfT092439; Mon, 28 Jun 2004 22:10:21 GMT (envelope-from andre) Date: Mon, 28 Jun 2004 22:10:21 GMT From: Andre Oppermann Message-Id: <200406282210.i5SMALfT092439@freefall.freebsd.org> To: seraf@2600.com, andre@FreeBSD.org, net@FreeBSD.org Subject: Re: kern/23400: IPsec transport mode precludes filtering on underlying transport header X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 22:10:21 -0000 Synopsis: IPsec transport mode precludes filtering on underlying transport header State-Changed-From-To: open->closed State-Changed-By: andre State-Changed-When: Mon Jun 28 22:07:07 GMT 2004 State-Changed-Why: The functionality requested has been implemented in ip_fw2 and is available to 4-STABLE users as kernel compile time option. http://www.freebsd.org/cgi/query-pr.cgi?pr=23400 From owner-freebsd-net@FreeBSD.ORG Mon Jun 28 22:11:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7424816A4CE for ; Mon, 28 Jun 2004 22:11:17 +0000 (GMT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id B03CE43D1D for ; Mon, 28 Jun 2004 22:11:16 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 58355 invoked from network); 28 Jun 2004 22:11:15 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 28 Jun 2004 22:11:15 -0000 Message-ID: <40E09784.C91C6466@freebsd.org> Date: Tue, 29 Jun 2004 00:11:16 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <200406282140.i5SLeNxL087321@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: net@FreeBSD.org Subject: Re: kern/23400: IPsec transport mode precludes filtering onunderlyingtransport header X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2004 22:11:17 -0000 "Bjoern A. Zeeb" wrote: > > The following reply was made to PR kern/23400; it has been noted by GNATS. > > From: "Bjoern A. Zeeb" > To: freebsd-gnats-submit@FreeBSD.org, seraf@2600.com > Cc: > Subject: Re: kern/23400: IPsec transport mode precludes filtering on underlying > transport header > Date: Mon, 28 Jun 2004 21:25:28 +0000 (UTC) > > > o [2000/12/09] kern/23400 net IPsec transport mode precludes filtering > > I think this one can be closed. > > We can do filtering of IP encapsulated in IPSec since > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.34 > resp. > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c#rev1.51 > > with the ipsec flag. Thanks Bjoern! I have closed the PR according to your message. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 07:02:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E987716A4CE for ; Tue, 29 Jun 2004 07:02:53 +0000 (GMT) Received: from web53304.mail.yahoo.com (web53304.mail.yahoo.com [206.190.39.233]) by mx1.FreeBSD.org (Postfix) with SMTP id 85F4643D2D for ; Tue, 29 Jun 2004 07:02:51 +0000 (GMT) (envelope-from non_secure@yahoo.com) Message-ID: <20040629070251.91716.qmail@web53304.mail.yahoo.com> Received: from [63.196.240.93] by web53304.mail.yahoo.com via HTTP; Tue, 29 Jun 2004 00:02:51 PDT Date: Tue, 29 Jun 2004 00:02:51 -0700 (PDT) From: Joe Schmoe To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: concurrent scp sessions - testing methodology ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 07:02:54 -0000 I have read several documents on the number of concurrent https sessions a FreeBSD system is capable of. However, I wonder how well this relates to how many ssh sessions (scp file transfers, specifically) that a FreeBSD server can handle. Can anyone throw out some basic numbers for this ? Assuming a 1ghz p3 and 2gigs of RAM, and assuming that everyone is transferring a totally different file. (so there is no amount of cache hits - everything comes straight off the drives) I would think the major bottleneck would be disk - you would start chugging the disks far before you used up all the CPU on a 1ghz p3 ... but what is the second bottleneck ? Is it cpu, or is it ram (or mbufs, etc.) Would it be a reasonable test to just start up scp sessions from the machine to itself and then divide the number of sessions you can acceptably create by the number 2 ? Or is this somehow a flawed test ? Any additional comments (kernel tunes, settings, war stories) are greatly appreciated. __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 11:55:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4135816A4CE for ; Tue, 29 Jun 2004 11:55:52 +0000 (GMT) Received: from orion.erdves.lt (ns2.lrtc.net [217.9.240.98]) by mx1.FreeBSD.org (Postfix) with SMTP id BB9BF43D39 for ; Tue, 29 Jun 2004 11:55:50 +0000 (GMT) (envelope-from Donatas_Gendvilas/LRTC@lrtc.net) Received: (qmail 84911 invoked from network); 29 Jun 2004 11:55:36 -0000 Received: from unknown (HELO www.lrtc.net) (217.9.240.99) by orion.erdves.lt with SMTP; 29 Jun 2004 11:55:36 -0000 From: Donatas_G./LRTC@lrtc.net MIME-Version: 1.0 To: freebsd-net@freebsd.org Sender: Donatas_Gendvilas/LRTC@lrtc.net Importance: X-Priority: Sensitivity: Date: Tue, 29 Jun 2004 14:49:21 +0300 Message-ID: X-MIMETrack: Serialize by Router on lotus/LRTC(Release 6.0|September 26, 2002) at 06/29/2004 02:49:21 PM Content-type: text/plain; charset=US-ASCII Subject: problems in NATM0 and NG0 interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 11:55:52 -0000 we have HE155 Series ForeRunner adapters used with intel rack systems. hatm0 driver is not supported by harp, so in order to use atm interfaces, we've decided to configure hetgraph interfaces (ng) on FreeBsd 5.2.1 interfaces are needed to split common internet flow to the national and world flows. Also different interfaces are needed to support different types of clients. We've tried to attach iface type ng nodes (inet or atm hooks) to hatm0, but no atm parametres was possible to set to ng interfaces. can anyone tell a short way in crating different ng atm interfaces? thanx From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 12:19:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3298616A4CE for ; Tue, 29 Jun 2004 12:19:31 +0000 (GMT) Received: from n33.kp.t-systems-sfr.com (n33.kp.t-systems-sfr.com [129.247.16.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C23D43D5A for ; Tue, 29 Jun 2004 12:19:30 +0000 (GMT) (envelope-from harti@freebsd.org) Received: from n81.sp.op.dlr.de (n81g.sp.op.dlr.de [129.247.163.1]) i5TCJQj125444; Tue, 29 Jun 2004 14:19:27 +0200 Received: from zeus.nt.op.dlr.de (zeus.nt.op.dlr.de [129.247.173.3]) i5TCJQD112516; Tue, 29 Jun 2004 14:19:26 +0200 Received: from beagle.kn.op.dlr.de (opkndnwsbsd178 [129.247.173.178]) by zeus.nt.op.dlr.de (8.11.7+Sun/8.9.1) with ESMTP id i5TCJQV10366; Tue, 29 Jun 2004 14:19:26 +0200 (MET DST) Date: Tue, 29 Jun 2004 15:30:53 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt@beagle.kn.op.dlr.de To: Donatas_G./LRTC@lrtc.net In-Reply-To: Message-ID: <20040629151941.S16097@beagle.kn.op.dlr.de> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-net@freebsd.org Subject: Re: problems in NATM0 and NG0 interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Harti Brandt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 12:19:31 -0000 On Tue, 29 Jun 2004 Donatas_G./LRTC@lrtc.net wrote: > we have HE155 Series ForeRunner adapters used with intel rack systems. > hatm0 driver is not supported by harp, so in order to use atm interfaces, > we've decided to configure hetgraph interfaces (ng) on FreeBsd 5.2.1 You CAN use hatm with harp. Just list your interfaces in the natm_interfaces variable in /etc/rc.conf. For example: natm_interfaces="hatm0 hatm1" will load the if_harp driver (that is the glue between the NgATM drivers and harp, and it will issue an ifconfig up for both hatm0 and hatm1. You'll then find physical HARP interfaces with the same names. > interfaces are needed to split common internet flow to the national and > world flows. Also different interfaces are needed to support different > types of clients. I can't parse this. Do you mean you need several virtual interfaces on top of a physical interface? > We've tried to attach iface type ng nodes (inet or atm hooks) to hatm0, but > no atm parametres was possible to set to ng interfaces. > can anyone tell a short way in crating different ng atm interfaces? Generally this is done with the atmconfig tool (see natmip(4) and the natm sub-command of atmconfig(8)). It is also possible to put virtual interfaces on top of single ATM PVCs, although there is no single configuration tool for this yet: you just connect your interface NG node to any hook of the ATM node (use any name except the four fixed in ng_atm(4)). Then you issue an cpcsinit command to the ng_atm node to initialize the PVC. This goes something like this: ngctl connect hatm0: iface: foo link (given that the hook 'link' of the node 'iface:' is the lower end of the virtual interface). ngctl msg hatm0: cpcsinit '{aal=5 vci=77 name="foo"} you can also specify traffic parameters. See ng_atm(4). ng_eiface might be a candidate node type for the virtual interface although I didn't try this. harti From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 13:13:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA74516A4D0 for ; Tue, 29 Jun 2004 13:13:39 +0000 (GMT) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 6E5DB43D49 for ; Tue, 29 Jun 2004 13:13:39 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 29 Jun 2004 14:13:38 +0100 (BST) To: freebsd-net@freebsd.org X-Request-Do: Date: Tue, 29 Jun 2004 14:13:38 +0100 From: David Malone Message-ID: <200406291413.ab33924@salmon.maths.tcd.ie> Subject: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 13:13:40 -0000 It seems to me that RANDOM_IP_ID might be better as a sysctl rather than a kernel option. Would anyone mind if I changed this? David. From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 13:40:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77B7616A4CE for ; Tue, 29 Jun 2004 13:40:26 +0000 (GMT) Received: from mail.FreeBSD.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2182B43D41 for ; Tue, 29 Jun 2004 13:40:25 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 65783 invoked by uid 0); 29 Jun 2004 13:39:03 -0000 Received: from unknown (HELO beastie.frontfree.net) (218.107.145.7) by mail.FreeBSD.org.cn with AES256-SHA encrypted SMTP; 29 Jun 2004 13:39:03 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id 91FA611743; Tue, 29 Jun 2004 21:40:09 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03008-10; Tue, 29 Jun 2004 21:40:09 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id 56CA71172F; Tue, 29 Jun 2004 21:40:08 +0800 (CST) Date: Tue, 29 Jun 2004 21:40:08 +0800 From: Xin LI To: David Malone Message-ID: <20040629134008.GA356@frontfree.net> References: <200406291413.ab33924@salmon.maths.tcd.ie> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <200406291413.ab33924@salmon.maths.tcd.ie> User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #80: Thu Jun 24 17:30:33 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net cc: freebsd-net@freebsd.org Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 13:40:26 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > than a kernel option. Would anyone mind if I changed this? Wouldn't this cause a performance penality? IIRC htons() is currently a macro which is essentially a no-op, while ip_randomid() is a function call. Of course we can convert the call to a uniform hook-alike mechainism, however, given the frequency the function is called, this should be carefully considered. In addition, what's the apparant benefit making it a sysctl rather than being a kernel option? I think there is rarely a sysadmin to enable and disable this runtime. BTW. For security considerations I'd like to see if this is made default in GENERIC kernels :-) Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA4XE4OfuToMruuMARAr77AKCA53P42ZvlM4KyDYVrC6xzX0DFPgCfayWp IKu2UxkwYh/SCPMtej4ZhWg= =/BZ7 -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 14:41:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E658E16A4CE; Tue, 29 Jun 2004 14:41:09 +0000 (GMT) Received: from out-mx1.crosswinds.net (out-mx1.crosswinds.net [216.18.117.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3A0643D55; Tue, 29 Jun 2004 14:41:09 +0000 (GMT) (envelope-from tony@crosswinds.net) Received: from admin.crosswinds.net (out-mx1.crosswinds.net [216.18.117.38]) by out-mx1.crosswinds.net (Postfix) with ESMTP id 3A8F02C9B3; Tue, 29 Jun 2004 10:41:09 -0400 (EDT) Received: by admin.crosswinds.net (Postfix, from userid 1001) id 276DB3F22; Tue, 29 Jun 2004 10:41:09 -0400 (EDT) Date: Tue, 29 Jun 2004 10:41:09 -0400 From: Tony Holmes To: freebsd-isp@freebsd.org, freebsd-net@freebsd.org Message-ID: <20040629144109.GA82968@crosswinds.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Jails, Portmap, Dracd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 14:41:10 -0000 Hi, I'm attempting to set up jails in a 4.9S environment using the newer rpc versions of dracd. I'm encountering no ends of trouble. What I'd like is individual instances of rpc.dracd running to control each jail individually (each is it's own domain). Using the -h flags to portmap, i still get: portmap[68286]: cannot bind udp: Address already in use Portmap is failing to bind against 127.0.0.1. I can sorta "get it to work" if i run portmap in the base system, but then the drac rpc won't work right. If there is a previous instance of rpc.dracd running in another jail, it kills it and starts it in the current jail! It was SOOOO much nicer when dracd was not an rpc service. Does anyone have a solution/patches or can recommend a similar service for postfix in a jailed environment? -- Tony Holmes Founder and Senior Systems Architect Crosswinds Internet Communications Inc. From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 14:46:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4B6616A4CE for ; Tue, 29 Jun 2004 14:46:15 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E12843D1F for ; Tue, 29 Jun 2004 14:46:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BfJsD-0006rP-00; Tue, 29 Jun 2004 16:46:13 +0200 Received: from [217.83.10.36] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BfJsD-0002mP-00; Tue, 29 Jun 2004 16:46:13 +0200 From: Max Laier To: freebsd-net@freebsd.org Date: Tue, 29 Jun 2004 16:43:32 +0200 User-Agent: KMail/1.6.2 References: <200406291413.ab33924@salmon.maths.tcd.ie> <20040629134008.GA356@frontfree.net> In-Reply-To: <20040629134008.GA356@frontfree.net> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_bAY4AQIoaZ5VPgf"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406291643.39705.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: David Malone Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 14:46:16 -0000 --Boundary-02=_bAY4AQIoaZ5VPgf Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 29 June 2004 15:40, Xin LI wrote: > On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > > than a kernel option. Would anyone mind if I changed this? I personally think that RANDOM_IP_ID is something that should be tweakable = on=20 a per-interface basis (at least). I usually want randomized IDs on my uplin= k=20 interface while it could harm my GigE internal network due to faster ID reu= se=20 cycles. =46YI, pf(4) can set randomized IDs on a per interface (and even on a per=20 connection) basis. David, I'd appreciate to review your patches in order to avoid breakage of = pf,=20 thanks. > Wouldn't this cause a performance penality? IIRC htons() is currently > a macro which is essentially a no-op, while ip_randomid() is a function > call. Of course we can convert the call to a uniform hook-alike mechainis= m, > however, given the frequency the function is called, this should be > carefully considered. One would clearly transform the now present "#ifdef" with "if (sysctlvar) .= =2E."=20 and hence this will not incur overhead (one compare is nothing to worry=20 about). > In addition, what's the apparant benefit making it a sysctl rather > than being a kernel option? I think there is rarely a sysadmin to > enable and disable this runtime. One has the freedom to choose without being forced to build its own kernel? > BTW. For security considerations I'd like to see if this is made default > in GENERIC kernels :-) Every user of GigE will tell you else. My vote is clearly against RANDOM_IP= _ID=20 in GENERIC (as it is right now)! All for the sysctl idea, however, if it is= =20 done properly and does not break pf(4). =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_bAY4AQIoaZ5VPgf Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBA4YAbXyyEoT62BG0RAj/OAJ9MgEtt4+HA07BF/zmwOuNjLVgqkgCdEBGL 5VNs/2X7f9OT7afnjfFsuR0= =2eSq -----END PGP SIGNATURE----- --Boundary-02=_bAY4AQIoaZ5VPgf-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 15:35:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6663C16A4CE for ; Tue, 29 Jun 2004 15:35:09 +0000 (GMT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5C3E43D4C for ; Tue, 29 Jun 2004 15:35:08 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 92338 invoked from network); 29 Jun 2004 15:35:06 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 29 Jun 2004 15:35:06 -0000 Message-ID: <40E18C2B.B72825F8@freebsd.org> Date: Tue, 29 Jun 2004 17:35:07 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: David Malone References: <200406291413.ab33924@salmon.maths.tcd.ie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 15:35:09 -0000 David Malone wrote: > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > than a kernel option. Would anyone mind if I changed this? No, but make sure that when the sysctl is disabled that no overhead with random ip_id creation/stepping is incured. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 15:44:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A5AF16A4CE for ; Tue, 29 Jun 2004 15:44:16 +0000 (GMT) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 6B69A43D48 for ; Tue, 29 Jun 2004 15:44:15 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 29 Jun 2004 16:44:14 +0100 (BST) To: Max Laier In-reply-to: Your message of "Tue, 29 Jun 2004 16:43:32 +0200." <200406291643.39705.max@love2party.net> Date: Tue, 29 Jun 2004 16:44:13 +0100 From: David Malone Message-ID: <200406291644.aa85787@salmon.maths.tcd.ie> cc: freebsd-net@freebsd.org Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 15:44:16 -0000 > > On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > > > than a kernel option. Would anyone mind if I changed this? > I personally think that RANDOM_IP_ID is something that should be tweakable on > a per-interface basis (at least). I usually want randomized IDs on my uplink > interface while it could harm my GigE internal network due to faster ID reuse > cycles. Though, on your GigE internal network, you can probably use jumbograms to avoid fragmentation and avoid having to pay any attention to IP IDs ;-) There was code to only bother setting the IP ID for packets with DF set, but that caused certain odd pieces of network kit that ignored DF to be sick... > FYI, pf(4) can set randomized IDs on a per interface (and even on a per > connection) basis. pf is probably the best place for this sort of more flexable IP ID setting. > David, I'd appreciate to review your patches in order to avoid breakage of pf, > thanks. Certainly. > One would clearly transform the now present "#ifdef" with "if (sysctlvar)" > and hence this will not incur overhead (one compare is nothing to worry > about). Yes - this is exactly what I had in mind. I'm certain that the overhead of the extra "if ()" will be lost in the cost of the IP stack. Currently RANDOM_IP_ID also controls other things, such as flow id generation for IPv6. Making it a sysctl would also give us independent control over these things. David. From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 17:09:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8FA216A4CE; Tue, 29 Jun 2004 17:09:18 +0000 (GMT) Received: from totem.fix.no (totem.fix.no [80.91.36.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DEA443D53; Tue, 29 Jun 2004 17:09:18 +0000 (GMT) (envelope-from anders@FreeBSD.org) Received: from localhost (totem.fix.no [80.91.36.20]) by totem.fix.no (Postfix) with ESMTP id 7BDB72ED392; Tue, 29 Jun 2004 19:09:15 +0200 (CEST) Received: from totem.fix.no ([80.91.36.20]) by localhost (totem.fix.no [80.91.36.20]) (amavisd-new, port 10024) with LMTP id 34950-01-9; Tue, 29 Jun 2004 19:09:14 +0200 (CEST) Received: by totem.fix.no (Postfix, from userid 1000) id 0D5422ED38C; Tue, 29 Jun 2004 19:09:14 +0200 (CEST) Date: Tue, 29 Jun 2004 19:09:13 +0200 From: Anders Nordby To: Tony Holmes Message-ID: <20040629170913.GA34938@totem.fix.no> References: <20040629144109.GA82968@crosswinds.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040629144109.GA82968@crosswinds.net> X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 User-Agent: Mutt/1.5.1i cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Jails, Portmap, Dracd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 17:09:18 -0000 Hi, I got tired of dracd's RPC business too. I use ports/mail/pop-before-smtp now, works fine for me. On Tue, Jun 29, 2004 at 10:41:09AM -0400, Tony Holmes wrote: > Hi, > > I'm attempting to set up jails in a 4.9S environment using the newer > rpc versions of dracd. I'm encountering no ends of trouble. > > What I'd like is individual instances of rpc.dracd running to control > each jail individually (each is it's own domain). > > Using the -h flags to portmap, i still get: > > portmap[68286]: cannot bind udp: Address already in use > > Portmap is failing to bind against 127.0.0.1. > > I can sorta "get it to work" if i run portmap in the base system, but then > the drac rpc won't work right. If there is a previous instance of rpc.dracd > running in another jail, it kills it and starts it in the current jail! > > It was SOOOO much nicer when dracd was not an rpc service. > > Does anyone have a solution/patches or can recommend a similar service for > postfix in a jailed environment? > > -- > Tony Holmes > > Founder and Senior Systems Architect > Crosswinds Internet Communications Inc. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Anders. From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 18:04:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6712116A4CE for ; Tue, 29 Jun 2004 18:04:18 +0000 (GMT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA57B43D1F for ; Tue, 29 Jun 2004 18:04:17 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 5731 invoked from network); 29 Jun 2004 18:04:06 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 29 Jun 2004 18:04:06 -0000 Message-ID: <40E1AF17.788540DD@freebsd.org> Date: Tue, 29 Jun 2004 20:04:07 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Max Laier References: <200406291413.ab33924@salmon.maths.tcd.ie> <200406291643.39705.max@love2party.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: David Malone cc: freebsd-net@freebsd.org Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 18:04:18 -0000 Max Laier wrote: > > On Tuesday 29 June 2004 15:40, Xin LI wrote: > > On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > > > than a kernel option. Would anyone mind if I changed this? > > I personally think that RANDOM_IP_ID is something that should be tweakable on > a per-interface basis (at least). I usually want randomized IDs on my uplink > interface while it could harm my GigE internal network due to faster ID reuse > cycles. ip_id is only an issue when you have packet fragmentation going on. Which I doubt for your internal GigE network. > FYI, pf(4) can set randomized IDs on a per interface (and even on a per > connection) basis. > > David, I'd appreciate to review your patches in order to avoid breakage of pf, > thanks. How could random ip_id break pf? -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 20:08:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5917116A4CE for ; Tue, 29 Jun 2004 20:08:11 +0000 (GMT) Received: from mail.FreeBSD.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D43243D48 for ; Tue, 29 Jun 2004 20:08:10 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 70626 invoked by uid 0); 29 Jun 2004 20:06:57 -0000 Received: from unknown (HELO beastie.frontfree.net) (218.107.145.7) by mail.FreeBSD.org.cn with AES256-SHA encrypted SMTP; 29 Jun 2004 20:06:57 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id E18FB11DEF; Wed, 30 Jun 2004 03:43:53 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01269-03; Wed, 30 Jun 2004 03:43:53 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id A1E5411ACD; Wed, 30 Jun 2004 03:43:52 +0800 (CST) Date: Wed, 30 Jun 2004 03:43:52 +0800 From: Xin LI To: Max Laier Message-ID: <20040629194352.GA1684@frontfree.net> References: <200406291413.ab33924@salmon.maths.tcd.ie> <20040629134008.GA356@frontfree.net> <200406291643.39705.max@love2party.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: <200406291643.39705.max@love2party.net> User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #80: Thu Jun 24 17:30:33 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net cc: David Malone cc: freebsd-net@freebsd.org Subject: Re: RANDOM_IP_ID sysctl? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 20:08:11 -0000 --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 29, 2004 at 04:43:32PM +0200, Max Laier wrote: >=20 > On Tuesday 29 June 2004 15:40, Xin LI wrote: > > On Tue, Jun 29, 2004 at 02:13:38PM +0100, David Malone wrote: > > > It seems to me that RANDOM_IP_ID might be better as a sysctl rather > > > than a kernel option. Would anyone mind if I changed this? >=20 > I personally think that RANDOM_IP_ID is something that should be tweakabl= e on=20 > a per-interface basis (at least). I usually want randomized IDs on my upl= ink=20 > interface while it could harm my GigE internal network due to faster ID r= euse=20 > cycles. Hmm... You are right and I concur with your idea now. Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA4cZ4OfuToMruuMARArogAJ43PwjX/ozXfFW5Sp9n2wwHEPLbbwCeJHG5 w9BG8ajiQI9uynR68jMzF2I= =QM64 -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- From owner-freebsd-net@FreeBSD.ORG Tue Jun 29 23:12:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D42D416A4CE for ; Tue, 29 Jun 2004 23:12:45 +0000 (GMT) Received: from beelzebubba.sysabend.org (alcatraz.inna.net [209.201.74.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 430BF43D2F for ; Tue, 29 Jun 2004 23:12:45 +0000 (GMT) (envelope-from xyzzy@moo.sysabend.org) Received: from moo.sysabend.org (moo.sysabend.org [66.111.41.70]) by beelzebubba.sysabend.org (Postfix) with SMTP id 2CB1A14F23 for ; Tue, 29 Jun 2004 19:12:34 -0400 (EDT) Received: (nullmailer pid 51432 invoked by uid 14); Tue, 29 Jun 2004 23:12:15 -0000 Date: Tue, 29 Jun 2004 16:12:15 -0700 From: Tom Arnold To: freebsd-net@freebsd.org Message-ID: <20040629231215.GL94504@moo.sysabend.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: The Sysabend Dump X-Operating-System: CPM2.2 X-Bucket-Brigade-Devices: Rah! X-8-Bit-Samples-And-Analog-Filters: Rah! Subject: ipnat/ipf state problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: xyzzy@sysabend.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 23:12:46 -0000 I'm having a weird ipnat/ipf problem. I think its more ipnat related then ipf. First, the ipf rules : # block anything to our netblock but allow further processing block in on fxp0 from any to 64.74.133.224/27 block in on fxp0 from any to 192.168.0.0/16 # allow everything out and keep state pass out quick on fxp0 proto udp from any to any keep state pass out log quick on fxp0 proto tcp from any to any flags S keep state # see what slips through pass in log quick on fxp0 from any to any Now for ipnat : ( there are far more translations that this, but they are all the same so I'm only showing the machine I did my testing from ) # sc-app1 map fxp0 192.168.19.201/32 -> 64.74.133.242/32 age 30 The machine: The machine has three ethernets, fxp0-2. fxp0 is to the outside world. fxp1 is the inside network. fxp2 is to another set of firewalls. There are several RFC1918 internal networks that use this firewall as their gateway. Now, the problem. IPNat seems to be translating at both fxp0 and fxp1. A packet from the outside in gets translated to its RFC1918 equiv at fxp0 which is expected, but internal machines seem to be translated to their external IPs at fxp1 which I didnt expect. The main result of this is state is never kept. Heres the start of an ssh connection from the above mentioned sc-app1 to a colo box of mine : 29/06/2004 15:11:32.304448 fxp0 @0:2 p 64.74.133.242,4238 -> 66.111.41.70,22 PR tcp len 20 60 -S K-S OUT 29/06/2004 15:11:32.368570 fxp0 @0:20 p 66.111.41.70,22 -> 192.168.19.201,4238 PR tcp len 20 60 -AS IN 29/06/2004 15:11:32.435935 fxp0 @0:20 p 66.111.41.70,22 -> 192.168.19.201,4238 PR tcp len 20 92 -AP IN You can see in the first line the outbound connection has already been NATed before it hit ipf, which puzzles me. Is this a bug or a feature? If this is a feature, how can I convince ipf to keep state when the IPs will never match? -- ------------------------------------------------------------------------ - Tom Arnold - When I was small, I was in love, - - Sysabend - In love with everything. - - CareTaker - And now there's only you... - -------------- -- Thomas Dolby, "Cloudburst At Shingle Street" - From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 07:40:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B989E16A4CE for ; Wed, 30 Jun 2004 07:40:37 +0000 (GMT) Received: from n33.kp.t-systems-sfr.com (n33.kp.t-systems-sfr.com [129.247.16.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE4F043D41 for ; Wed, 30 Jun 2004 07:40:36 +0000 (GMT) (envelope-from harti@freebsd.org) Received: from n81.sp.op.dlr.de (n81g.sp.op.dlr.de [129.247.163.1]) i5U7eMj117968 for ; Wed, 30 Jun 2004 09:40:24 +0200 Received: from zeus.nt.op.dlr.de (zeus.nt.op.dlr.de [129.247.173.3]) i5U7eMD175952 for ; Wed, 30 Jun 2004 09:40:22 +0200 Received: from beagle.kn.op.dlr.de (opkndnwsbsd178 [129.247.173.178]) by zeus.nt.op.dlr.de (8.11.7+Sun/8.9.1) with ESMTP id i5U7eLV22351 for ; Wed, 30 Jun 2004 09:40:21 +0200 (MET DST) Date: Wed, 30 Jun 2004 10:53:50 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt@beagle.kn.op.dlr.de To: net@freebsd.org Message-ID: <20040630105158.F46778@beagle.kn.op.dlr.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: problems in NATM0 and NG0 interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Harti Brandt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 07:40:37 -0000 On Wed, 30 Jun 2004 Donatas_G./LRTC@lrtc.net wrote: Hello, >> You CAN use hatm with harp. Just list your interfaces in the >> natm_interfaces variable in /etc/rc.conf. For example: >> natm_interfaces="hatm0 hatm1" > > hmm....but in NOTES file, there is a comment before describing hatm driver: > > "ATM realated options (Canor version) > This driver cannot be used with HARP ATM stack" > > it seems to be true, as it is not possible to create virtual ATM interfaces > using ATM command. > > Truth, atmconfig seems to be working with hatm driver, but HOW to create > virtual ATM interfaces using that command line?I did not found anything > realated to virtual interfaces it manual of atmcinfig. Well, as I said, you need to load if_harp: kldload if_harp AFTER loading if_hatm. The you will see an hatm0 physical interface via 'atm show interface'. This interface should behave exactly like other HARP interfaces. The comment in NOTES is insofar correct as you cannot directly use hatm with HARP, but you need the if_harp pseudo-driver between. > >>> We've tried to attach iface type ng nodes (inet or atm hooks) to hatm0, > but >>> no atm parametres was possible to set to ng interfaces. >>> can anyone tell a short way in crating different ng atm interfaces? > >> Generally this is done with the atmconfig tool (see natmip(4) and the >> natm sub-command of atmconfig(8)). > > we are now going to try it > > > ps: thanx for netgraph example. It really works fine. But vpi parameter is > not accepted by hatm0 using cpscinit {name="hook" all=5 vpi=5 vci=5} - > interesting why?In ng_atm manual, in cpcsinit explenation there is such > parametter described. Also we cannot create vlan's yet, because IFACE Inet > type nodes are not ethernet nodes. So we'r going to try to use eiface-type > nodes instead of iface. You may want to change HE_CONFIG_VPI_BITS and HE_CONFIG_VCI_BITS in /usr/src/sys/dev/hatm/if_hatmconf.h (the sum must be 12 so you must change both). Currently it is configured for 2 VPI bits. That gives you a maximum VPI of 3. harti PS: your e-mail address seems not to work. Mail sent directly to you is bounced. harti. From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 09:37:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18CD416A4CE; Wed, 30 Jun 2004 09:37:37 +0000 (GMT) Received: from profi.kharkov.ua (as-0-22.ar36-1s.kharkov.ukrtel.net [195.5.17.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0CA243D49; Wed, 30 Jun 2004 09:37:35 +0000 (GMT) (envelope-from greg@profi.kharkov.ua) Received: by profi.kharkov.ua (Postfix, from userid 1002) id B18A521E5; Wed, 30 Jun 2004 12:38:11 +0300 (EEST) Date: Wed, 30 Jun 2004 12:38:11 +0300 From: Gregory Edigarov To: squid-users@squid-cache.org, freebsd-questions@freebsd.org, freebsd-current@freebsd.org, freebsd-net@freebsd.org Message-ID: <20040630093811.GA828@profi.kharkov.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 09:37:37 -0000 squid-users@squid-cache.org,freebsd-questions@freebsd.org,freebsd-net@freebsd.org,freebsd-current@freebsd.org Cc: Bcc: Subject: PPP Multilink, FreeBSD, Squid Reply-To: Hello, I have Squid-2.5 running on FreeBSD 5-Current. We have 2 ppp links, and use them in multilink mode, through userlevel ppp. If one or both links fail and then come up, say, if I just turn the modem power off and on all the web browsing becomes very slow squid. It takes forever for squid to show a page which, in a normal conditions, would take only a few seconds. Pings to those sites I am trying to open are just fine. Taking squid down and then up have no effect. The only thing help is rebooting the whole system. Is there anything I can do? -- With best regards, Gregory Edigarov ------------------------------------------------------------------------------ profi.kharkov.ua Systems Administrator ------------------------------------------------------------------------------ From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 09:42:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 041F516A4CE; Wed, 30 Jun 2004 09:42:30 +0000 (GMT) Received: from profi.kharkov.ua (as-0-22.ar36-1s.kharkov.ukrtel.net [195.5.17.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 901AC43D46; Wed, 30 Jun 2004 09:42:29 +0000 (GMT) (envelope-from greg@profi.kharkov.ua) Received: by profi.kharkov.ua (Postfix, from userid 1002) id E2059222D; Wed, 30 Jun 2004 12:43:14 +0300 (EEST) Date: Wed, 30 Jun 2004 12:43:14 +0300 From: Gregory Edigarov To: squid-users@squid-cache.org, freebsd-questions@freebsd.org, freebsd-current@freebsd.org, freebsd-net@freebsd.org Message-ID: <20040630094314.GA1016@profi.kharkov.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Squid, FreeBSD, Multilink PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 09:42:30 -0000 Hello, I have Squid-2.5 running on FreeBSD 5-Current. We have 2 ppp links, and use them in multilink mode, through userlevel ppp. If one or both links fail and then come up, say, if I just turn the modem power off and on all the web browsing becomes very slow squid. It takes forever for squid to show a page which, in a normal conditions, would take only a few seconds. Pings to those sites I am trying to open are just fine. Taking squid down and then up have no effect. The only thing help is rebooting the whole system. Is there anything I can do? -- With best regards, Gregory Edigarov ------------------------------------------------------------------------------ profi.kharkov.ua Systems Administrator ------------------------------------------------------------------------------ From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 11:41:42 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07AA816A4CE for ; Wed, 30 Jun 2004 11:41:42 +0000 (GMT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1C3D43D3F for ; Wed, 30 Jun 2004 11:41:40 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i5UBc71J031702 for freebsd-net@freebsd.org.checked; (8.12.8/vak/2.1) Wed, 30 Jun 2004 15:38:07 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru with ESMTP id i5UBa5Rm031626 for ; (8.12.8/vak/2.1) Wed, 30 Jun 2004 15:36:05 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <40E2A585.9060501@cronyx.ru> Date: Wed, 30 Jun 2004 15:35:33 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: migration from one server to two X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 11:41:42 -0000 Hi, I plan to split duties from one server to two. Currently one_server is used among other duties as filtering bridge between Internet and Intranet. Internet-one_server-Intranet I wonder, if it is possible to set two servers this way: Internet-S1-S2-Intraner and split duties of one using firewall settings, so that they use the same IP and hostname (I want that from both Internet and Intranet they would look like one machine) but for different services. I want to set this just using ipfw. I didn't set such configuration before so I wonder if some one already use such configuration and what problems I could meet while setting this. rik From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 12:39:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7346516A4CE; Wed, 30 Jun 2004 12:39:09 +0000 (GMT) Received: from Awfulhak.org (awfulhak.demon.co.uk [80.177.173.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD69643D2D; Wed, 30 Jun 2004 12:39:08 +0000 (GMT) (envelope-from brian@Awfulhak.org) Received: from mail.lan.Awfulhak.org (brian@dev.lan.Awfulhak.org [172.16.0.5]) by Awfulhak.org (8.12.11/8.12.11) with SMTP id i5UCdOKi051193; Wed, 30 Jun 2004 13:39:24 +0100 (BST) (envelope-from brian@Awfulhak.org) Date: Wed, 30 Jun 2004 13:39:23 +0100 From: Brian Somers To: Gregory Edigarov Message-Id: <20040630133923.5aedaade@dev.lan.Awfulhak.org> In-Reply-To: <20040630094314.GA1016@profi.kharkov.ua> References: <20040630094314.GA1016@profi.kharkov.ua> X-Mailer: Sylpheed version 0.9.11claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on gw.lan.Awfulhak.org cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: squid-users@squid-cache.org cc: freebsd-questions@freebsd.org Subject: Re: Squid, FreeBSD, Multilink PPP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 12:39:09 -0000 On Wed, 30 Jun 2004 12:43:14 +0300, Gregory Edigarov wrote: > Hello, > > I have Squid-2.5 running on FreeBSD 5-Current. We have 2 ppp links, > and use them in multilink mode, through userlevel ppp. > If one or both links fail and then come up, say, if I just turn the > modem power off and on all the web browsing becomes very slow > squid. > It takes forever for squid to show a page which, in a normal > conditions, would take only a few seconds. Pings to those sites I am > trying to open are just fine. > Taking squid down and then up have no effect. The only thing help is > rebooting > the whole system. > > Is there anything I can do? How does ppp deal with the link loss - does it notice immediately ? I would expect very little latency if it does as it should be able to just trash the existing queued data and continue using the other link. I guess other connections suffer the same problems -- it's not just squid ? It might be interesting doing a ``show mp'' or ``show bundle'' to determine what sort of packet queuing and reassembly is happening after the link is lost. If the queues are large, you might get slightly better performance by reducing the links mtu (set mtu max), but really, things should recover ok even with a ~1500 MTU. -- Brian Don't _EVER_ lose your sense of humour ! From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 17:47:39 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AE7416A4CE for ; Wed, 30 Jun 2004 17:47:39 +0000 (GMT) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 7959D43D2D for ; Wed, 30 Jun 2004 17:47:38 +0000 (GMT) (envelope-from socrel@gmx.net) Received: (qmail 21025 invoked by uid 65534); 30 Jun 2004 17:46:40 -0000 Received: from unknown (EHLO bh99) (61.3.118.1) by mail.gmx.net (mp003) with SMTP; 30 Jun 2004 19:46:40 +0200 X-Authenticated: #23591867 To: From: Date: Wed, 30 Jun 2004 23:17:50 +0530 X-Mailer: Perl script "msmtp" using Mail::Sender 0.8.10 by Jenda Krynicky, Czechlands running on bh99 (192.168.8.3) under account "" Message-ID: <20040630_174750_040174.socrel@gmx.net> Subject: comparision of firewalling on Linux and FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 17:47:39 -0000 Looking for considered comparisions of firewalling on Linux and FreeBSD. I am especially interested in learning about ease of connection tracking and of getting packets into user space for analysis via scripts. Thanks From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 17:57:41 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 118C216A4CE for ; Wed, 30 Jun 2004 17:57:41 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0241243D45 for ; Wed, 30 Jun 2004 17:57:41 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i5UHvUBC029822; Wed, 30 Jun 2004 10:57:30 -0700 (PDT) Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)i5UHvThp000166; Wed, 30 Jun 2004 10:57:30 -0700 (PDT) In-Reply-To: <20040630_174750_040174.socrel@gmx.net> References: <20040630_174750_040174.socrel@gmx.net> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Wed, 30 Jun 2004 13:57:29 -0400 To: socrel@gmx.net X-Mailer: Apple Mail (2.618) cc: freebsd-net@freebsd.org Subject: Re: comparision of firewalling on Linux and FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 17:57:41 -0000 On Jun 30, 2004, at 1:47 PM, socrel@gmx.net wrote: > Looking for considered comparisions of firewalling on Linux and > FreeBSD. Hmm, what you should be considering is whether you want to use pf/IPF, or IPFW. If IPFW makes more sense to you, use FreeBSD. If you want to use IPF, either platform will do, but I'd still recommend FreeBSD. > I am especially interested in learning about ease of connection > tracking Like what, logging packets with the SYN bit set? IPFW gives you that easily. > and of getting packets into user space for analysis via scripts. The BPF + tools like tcpdump, snort, and whatnot... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Wed Jun 30 21:18:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6DAD16A4CE for ; Wed, 30 Jun 2004 21:18:48 +0000 (GMT) Received: from tea.blinkenlights.nl (uplink-1.ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32A5F43D2D for ; Wed, 30 Jun 2004 21:18:48 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id 8B5973A0; Tue, 29 Jun 2004 16:02:33 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id 736231CD; Tue, 29 Jun 2004 16:02:33 +0200 (CEST) Date: Tue, 29 Jun 2004 16:02:33 +0200 (CEST) From: Sten Spans To: Bruno Afonso In-Reply-To: <40DA5A12.6080106@dequim.ist.utl.pt> Message-ID: References: <40DA5A12.6080106@dequim.ist.utl.pt> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: spe@bsdfr.org cc: freebsd-net@freebsd.org Subject: Re: FreeVRRPD problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 21:18:48 -0000 On Thu, 24 Jun 2004, Bruno Afonso wrote: > Hello, > > I'm trying to have failover with a couple boxes and they're basically > doing NAT and firewalling. 1 box has a couple fxp and the other a couple > rls. Is this supposed to be a problem for freevrrpd? > > Only fxp box actually can use the fail-over ips. The backup box cannot > use them if we start freevrrp deamon without starting on the master > first and it's impossible to have network access to. > > Further more, if we have master and start backup, it all goes ok. If > master goes down, backup never takes over and backup is from now one > impossible to access. One simple thing that has bitten me with freevrrpd is the link monitoring. If the link on an interface is unstable ( bge being the usual suspect in our case ) then freevrrpd will stop doing vrrp announcements. This is to stop things like broken utp or duplex mismatches from causing major mischief. However if its normal for your nic's to be borking then you'll have to "fix" the code in some fashion. The current freevrrpd code might be a bit different, but this is what I encountered with fbsd/bge about a year ago. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 08:23:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65E0816A4CF for ; Thu, 1 Jul 2004 08:23:20 +0000 (GMT) Received: from orion.erdves.lt (ns2.lrtc.net [217.9.240.98]) by mx1.FreeBSD.org (Postfix) with SMTP id D724943D58 for ; Thu, 1 Jul 2004 08:23:18 +0000 (GMT) (envelope-from Donatas_Gendvilas/LRTC@lrtc.net) Received: (qmail 58328 invoked from network); 1 Jul 2004 08:22:50 -0000 Received: from unknown (HELO www.lrtc.net) (217.9.240.99) by orion.erdves.lt with SMTP; 1 Jul 2004 08:22:50 -0000 From: Donatas.Gendvilas@lrtc.net MIME-Version: 1.0 To: freebsd-net@freebsd.org Sender: Donatas_Gendvilas/LRTC@lrtc.net Importance: X-Priority: Sensitivity: Date: Thu, 1 Jul 2004 11:16:20 +0300 Message-ID: X-MIMETrack: Serialize by Router on lotus/LRTC(Release 6.0|September 26, 2002) at 07/01/2004 11:16:21 AM Content-type: text/plain; charset=US-ASCII cc: harti@freebsd.org Subject: 2 Harti X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 08:23:20 -0000 Hello, firstly i'd like to apologise for an incorrect reply address - we had some problems with lotus mails, but now it should work fine. Your supplied exampel of connection between two bsd/hatm machines using NG nodes and Inet hooks works fine. But those 2 machines works as an IP Bridge. We need Ethernet bridge. So we've tried to connect hatm<->em adapters through netgraph and this connection also works fine. We have an ethernet bride now. We've extended vpi bits as you suggested, but one problem stil remains. the control message "msg hatm0: cpcsinit {name="sig1" aal=5 vci=5} sets default flag to 0x10. This configuration works between 2 BSD Machines, but doesn't when one of the is for example ATM Switch with RFC 1483 feature. Would you provide us with some information of how to make Ethernet bride connection between FreeBSD and other vendor supporting RFC 1483 (usin netgraph). We've tried to change connection parameter for vcc channel usig: "msg hatm0: cpcsinit {name="sig1" flags=xxxxxx aal=5 vci=5}, where xxxxx was 0x0002, and many others, but found that atmconfig always shows only 0x10. thank you beforehand respectfully Donatas Gendvilas From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 08:45:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52B3E16A4CE for ; Thu, 1 Jul 2004 08:45:06 +0000 (GMT) Received: from n33.kp.t-systems-sfr.com (n33.kp.t-systems-sfr.com [129.247.16.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38B0143D39 for ; Thu, 1 Jul 2004 08:45:05 +0000 (GMT) (envelope-from harti@freebsd.org) Received: from n81.sp.op.dlr.de (n81g.sp.op.dlr.de [129.247.163.1]) i618iWj126234; Thu, 1 Jul 2004 10:44:32 +0200 Received: from zeus.nt.op.dlr.de (zeus.nt.op.dlr.de [129.247.173.3]) i618iWD142512; Thu, 1 Jul 2004 10:44:32 +0200 Received: from beagle.kn.op.dlr.de (opkndnwsbsd178 [129.247.173.178]) by zeus.nt.op.dlr.de (8.11.7+Sun/8.9.1) with ESMTP id i618iUV07865; Thu, 1 Jul 2004 10:44:30 +0200 (MET DST) Date: Thu, 1 Jul 2004 12:00:41 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt@beagle.kn.op.dlr.de To: Donatas.Gendvilas@lrtc.net In-Reply-To: Message-ID: <20040701115027.U81202@beagle.kn.op.dlr.de> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: net@freebsd.org Subject: Re: 2 Harti X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Harti Brandt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 08:45:06 -0000 Hello, On Thu, 1 Jul 2004 Donatas.Gendvilas@lrtc.net wrote: > Your supplied exampel of connection between two bsd/hatm machines using NG > nodes and Inet hooks works fine. > But those 2 machines works as an IP Bridge. We need Ethernet bridge. So > we've tried to connect hatm<->em adapters through netgraph and this > connection also works fine. We have an ethernet bride now. > We've extended vpi bits as you suggested, but one problem stil remains. > the control message > "msg hatm0: cpcsinit {name="sig1" aal=5 vci=5} sets default flag to > 0x10. > This configuration works between 2 BSD Machines, but doesn't when one of > the is for example ATM Switch with RFC 1483 feature. Would you provide us > with some information of how to make Ethernet bride connection between > FreeBSD and other vendor supporting RFC 1483 (usin netgraph). > We've tried to change connection parameter for vcc channel usig: > "msg hatm0: cpcsinit {name="sig1" flags=xxxxxx aal=5 vci=5}, where xxxxx > was 0x0002, and many others, but found that atmconfig always shows only > 0x10. I don't fully understand what you want to do. If you want just to route your traffic through the FreeBSD machine, then that should work without any additional flags: ----------- ------------- If machine1 and ATM-switch speak RFC1483 and you just need to tunnel the traffic through the FreeBSD that you should be fine with just connecting the hooks from the en0 and the hatm0 together and cpcsinit both with aal=5 and no flags. This way the FreeBSD machine transparently moves the AAL5 frames between the two links (think of a poor man's ATM switch with a PVC). The FreeBSD's IP stack doesn't see any of the traffic in this case. The LLC flag comes into the game if you want to pass the AAL5 frames to/from the FreeBSD's IP stack. The LLC encapsulation is done just above the AAL layer and below the IP layer. But in this case you need to route the packets through FreeBSD's IP layer. What you cannot easily do is have the packets transparently routed between machine1 and ATM-switch AND see them in FreeBSD's IP layer. That would be a kind of hub at the AAL layer. If you want to speak with the ATM switch from FreeBSD per RFC 1483: -------------- then you can just use the 'atm natm' command. The LLC flag (0x2) is attached to the route, not the VC in the driver, because the LLC encapsulation is done above the driver (see also natmip(4) byte 0 of the LL address in the route command) so you wont see it in atm's output of the VC table, but you'll see it in netstat -r output. harti From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 09:00:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 673C816A4CE for ; Thu, 1 Jul 2004 09:00:47 +0000 (GMT) Received: from profi.kharkov.ua (as-0-22.ar36-1s.kharkov.ukrtel.net [195.5.17.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC11343D39 for ; Thu, 1 Jul 2004 09:00:46 +0000 (GMT) (envelope-from greg@profi.kharkov.ua) Received: by profi.kharkov.ua (Postfix, from userid 1002) id 6ABBC221B; Thu, 1 Jul 2004 12:01:07 +0300 (EEST) Date: Thu, 1 Jul 2004 12:01:07 +0300 From: Gregory Edigarov To: freebsd-net@freebsd.org Message-ID: <20040701090107.GA964@profi.kharkov.ua> References: <20040630094757.GD1016@profi.kharkov.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040630094757.GD1016@profi.kharkov.ua> User-Agent: Mutt/1.4.2.1i Subject: Squid, FreeBSD, PPP Multilink X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 09:00:47 -0000 > I have Squid-2.5 running on FreeBSD 5-Current. We have 2 ppp links, > and use them in multilink mode, through userlevel ppp. > If one or both links fail and then come up, say, if I just turn the > modem power off and on all the web browsing becomes very slow > squid. > It takes forever for squid to show a page which, in a normal > conditions, would take only a few seconds. Pings to those sites I am > trying to open are just fine. > Taking squid down and then up have no effect. The only thing help is > rebooting > the whole system. > Is there anything I can do? I beg your pardon, I wrote, it works slow, but it doesn't work anyway. Pings, domain name resolution, everything stops working in a situation I describe above. -- With best regards, Gregory Edigarov ------------------------------------------------------------------------------ profi.kharkov.ua Systems Administrator ------------------------------------------------------------------------------ From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 12:35:30 2004 Return-Path: Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1985C16A4CE for ; Thu, 1 Jul 2004 12:35:30 +0000 (GMT) Received: from quick.recoil.org (quick.recoil.org [194.70.3.133]) by mx1.FreeBSD.org (Postfix) with SMTP id 4308343D31 for ; Thu, 1 Jul 2004 12:35:29 +0000 (GMT) (envelope-from anil@recoil.org) Received: (qmail 30790 invoked from network); 1 Jul 2004 12:34:52 -0000 Received: from localhost (HELO ?IPv6:::1?) (127.0.0.1) by quick.recoil.org with SMTP; 1 Jul 2004 12:34:52 -0000 Mime-Version: 1.0 (Apple Message framework v618) Content-Transfer-Encoding: 7bit Message-Id: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@lists.freebsd.org From: Anil Madhavapeddy Date: Thu, 1 Jul 2004 13:35:01 +0100 X-Mailer: Apple Mail (2.618) Subject: Packing netgraph structs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 12:35:30 -0000 I'm creating Netgraph bindings for OCaml in order to play around more easily with various Bluetooth and Ethernet things I'm working on. It's all pretty straightforward except for the problem that the netgraph message structs aren't all packed (e.g. struct ng_mesg). This means that it's very difficult to serialise them in a language other than C. Is there any reason why these aren't packed? If not, I can submit a diff to make them so. thanks, -- Anil Madhavapeddy http://anil.recoil.org University of Cambridge http://www.cl.cam.ac.uk From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 12:54:48 2004 Return-Path: Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8193116A4CE for ; Thu, 1 Jul 2004 12:54:48 +0000 (GMT) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id 784D043D1F for ; Thu, 1 Jul 2004 12:54:48 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 7FA9C55A9A for ; Thu, 1 Jul 2004 12:53:58 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DB0416A4CE for ; Thu, 1 Jul 2004 12:53:58 +0000 (GMT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id C349843D31 for ; Thu, 1 Jul 2004 12:53:57 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i61CpjBl023362 for freebsd-net@lists.freebsd.org.checked; (8.12.8/vak/2.1) Thu, 1 Jul 2004 16:51:45 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru with ESMTP id i61CnRNM023237; (8.12.8/vak/2.1) Thu, 1 Jul 2004 16:49:27 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <40E40839.20500@cronyx.ru> Date: Thu, 01 Jul 2004 16:48:57 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anil Madhavapeddy References: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> In-Reply-To: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@lists.freebsd.org Subject: Re: Packing netgraph structs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 12:54:48 -0000 Anil Madhavapeddy wrote: > I'm creating Netgraph bindings for OCaml in order to play around more > easily with various Bluetooth and Ethernet things I'm working on. > It's all pretty straightforward except for the problem that the > netgraph message structs aren't all packed (e.g. struct ng_mesg). > This means that it's very difficult to serialise them in a language > other than C. If this is a problem why can't you make some wrapper that will pack/unpack written on C, which will be a lib for you? rik > > Is there any reason why these aren't packed? If not, I can submit a > diff to make them so. > > thanks, > > -- > Anil Madhavapeddy > http://anil.recoil.org > University of Cambridge > http://www.cl.cam.ac.uk > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 13:01:37 2004 Return-Path: Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F07E616A4CE for ; Thu, 1 Jul 2004 13:01:37 +0000 (GMT) Received: from quick.recoil.org (quick.recoil.org [194.70.3.133]) by mx1.FreeBSD.org (Postfix) with SMTP id 2825943D1F for ; Thu, 1 Jul 2004 13:01:37 +0000 (GMT) (envelope-from anil@recoil.org) Received: (qmail 30960 invoked from network); 1 Jul 2004 12:59:57 -0000 Received: from localhost (HELO ?IPv6:::1?) (127.0.0.1) by quick.recoil.org with SMTP; 1 Jul 2004 12:59:57 -0000 In-Reply-To: <40E40839.20500@cronyx.ru> References: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> <40E40839.20500@cronyx.ru> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <931572E3-CB5E-11D8-99F8-000A95DA50A6@recoil.org> Content-Transfer-Encoding: 7bit From: Anil Madhavapeddy Date: Thu, 1 Jul 2004 14:00:06 +0100 To: Roman Kurakin X-Mailer: Apple Mail (2.618) cc: freebsd-net@lists.freebsd.org Subject: Re: Packing netgraph structs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 13:01:38 -0000 On 1 Jul 2004, at 13:48, Roman Kurakin wrote: > > If this is a problem why can't you make some wrapper that will > pack/unpack written on C, > which will be a lib for you? Because I want to minimise the size of the foreign bindings - this would require C code for every single Netgraph struct. If they were packed, I could just do it all in OCaml. Isn't this a problem for other language bindings as well, or is everyone doing Netgraph userland hacking in C at the moment? -- Anil Madhavapeddy http://anil.recoil.org University of Cambridge http://www.cl.cam.ac.uk From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 14:11:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0253F16A4CF for ; Thu, 1 Jul 2004 14:11:37 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48E9D43D31 for ; Thu, 1 Jul 2004 14:11:36 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i61EHKof031739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Jul 2004 17:17:21 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i61EAvMa045837; Thu, 1 Jul 2004 17:10:57 +0300 (EEST) (envelope-from ru) Date: Thu, 1 Jul 2004 17:10:56 +0300 From: Ruslan Ermilov To: Anil Madhavapeddy Message-ID: <20040701141056.GA45665@ip.net.ua> References: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> <40E40839.20500@cronyx.ru> <931572E3-CB5E-11D8-99F8-000A95DA50A6@recoil.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline In-Reply-To: <931572E3-CB5E-11D8-99F8-000A95DA50A6@recoil.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: net@FreeBSD.org cc: Roman Kurakin Subject: Re: Packing netgraph structs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 14:11:37 -0000 --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 01, 2004 at 02:00:06PM +0100, Anil Madhavapeddy wrote: > On 1 Jul 2004, at 13:48, Roman Kurakin wrote: > > > >If this is a problem why can't you make some wrapper that will=20 > >pack/unpack written on C, > >which will be a lib for you? >=20 > Because I want to minimise the size of the foreign bindings - this=20 > would require C code for every single Netgraph struct. If they were=20 > packed, I could just do it all in OCaml. >=20 > Isn't this a problem for other language bindings as well, or is=20 > everyone doing Netgraph userland hacking in C at the moment? >=20 We use Netgraph from within Python, using the netgraph(3) library, and we pack/unpack various Netgraph related structs just happily. Speaking of "struct ng_mesg", if you pack it, it will essentially stay the same, because I believe it was created with this in mind, as well as most if not all other user-accessible Netgraph structs. /* A netgraph message */ struct ng_mesg { struct ng_msghdr { u_char version; /* must =3D=3D NG_V= ERSION */ u_char spare; /* pad to 2 bytes */ u_int16_t arglen; /* length of data */ u_int32_t flags; /* message status */ u_int32_t token; /* match with reply= */ u_int32_t typecookie; /* node's type cook= ie */ u_int32_t cmd; /* command identifi= er */ u_char cmdstr[NG_CMDSTRLEN+1]; /* cmd string + \0 = */ } header; char data[0]; /* placeholder for actual data */ }; : $ cat a.c : #include : #include : #include :=20 : int : main(void) : { :=20 : printf("%d %d\n", sizeof(struct ng_mesg), : 2 + sizeof(u_int16_t) + sizeof(u_int32_t) * 4 + (NG_CMDSTRLEN= + 1)); : return (0); : } : $ make a : cc -O -pipe a.c -o a : $ ./a : 36 36 Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA5BtwqRfpzJluFF4RAt/7AJ9/nsMI8OpuFRyDeL4f4a61eeM0fQCghryc 07FxtWyyViY7gen+1Xt+gaQ= =mXDe -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 14:22:17 2004 Return-Path: Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A78C616A4CE for ; Thu, 1 Jul 2004 14:22:17 +0000 (GMT) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E05843D2F for ; Thu, 1 Jul 2004 14:22:17 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 6DC9C5543F for ; Thu, 1 Jul 2004 14:21:12 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C67B16A4CE for ; Thu, 1 Jul 2004 14:21:12 +0000 (GMT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1E8443D2D for ; Thu, 1 Jul 2004 14:21:11 +0000 (GMT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i61EHJaJ027994 for freebsd-net@lists.freebsd.org.checked; (8.12.8/vak/2.1) Thu, 1 Jul 2004 18:17:19 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (hi.cronyx.ru [144.206.181.94]) by hanoi.cronyx.ru with ESMTP id i61EFNDf027915; (8.12.8/vak/2.1) Thu, 1 Jul 2004 18:15:23 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <40E41C5D.6030906@cronyx.ru> Date: Thu, 01 Jul 2004 18:14:53 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anil Madhavapeddy References: <122AE07F-CB5B-11D8-99F8-000A95DA50A6@recoil.org> <40E40839.20500@cronyx.ru> <931572E3-CB5E-11D8-99F8-000A95DA50A6@recoil.org> In-Reply-To: <931572E3-CB5E-11D8-99F8-000A95DA50A6@recoil.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@lists.freebsd.org Subject: Re: Packing netgraph structs X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 14:22:17 -0000 Anil Madhavapeddy wrote: > On 1 Jul 2004, at 13:48, Roman Kurakin wrote: > >> If this is a problem why can't you make some wrapper that will >> pack/unpack written on C, >> which will be a lib for you? > > > Because I want to minimise the size of the foreign bindings - this > would require C code for every single Netgraph struct. If they were > packed, I could just do it all in OCaml. Packing lead to perfomance issues. So it is used only in case of packet specifications were each bit may have its own meaning and there place is fixed by protocol which is lang/arch/etc independant and we cant just add a couple of them. > Isn't this a problem for other language bindings as well, or is > everyone doing Netgraph userland hacking in C at the moment? For Unix programming I do not use other languages than C, except for scripting. And I believe I am not in minority. IMHO perfomace issue is more important than cross language interaction which is in minority. rik > > -- > Anil Madhavapeddy > http://anil.recoil.org > University of Cambridge > http://www.cl.cam.ac.uk > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Thu Jul 1 14:43:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2196E16A4CE for ; Thu, 1 Jul 2004 14:43:18 +0000 (GMT) Received: from frontier.fr (www.frontier.fr [213.161.193.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36CC843D1D for ; Thu, 1 Jul 2004 14:43:17 +0000 (GMT) (envelope-from fz@frontier.fr) Received: from hydralisk.webnext.com (213.161.193.29:4153) by www.frontier.fr with [XMail 1.18 (Win32/Ix86) ESMTP Server] id for from ; Thu, 1 Jul 2004 16:42:25 +0200 From: To: Errors-To: X-Originating-Ip: [213.161.192.232] X-Mailer: WebNextMail v0.9.3.1 Content-Type: text/plain; Content-Transfer-Encoding: 8bit Message-Id: <20040701144317.36CC843D1D@mx1.FreeBSD.org> Date: Thu, 1 Jul 2004 14:43:17 +0000 (GMT) Subject: ipf over bridge strange problem. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fz@frontier.fr List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 14:43:18 -0000 Hi, For technical (and especially customer) reasons, i setted up a firewalling solution based on FreeBSD 4.x (kernel compiled with BRIDGE option) and ipf. No more particular stuff. You'ld find others configuration details at the end of this post (dmesg and more). Now, the problem. Randomly, ipf starts to reject incomming connexions that should be ok (as wrote in the rules file). If i reload ipf, things become nice again. I really get lost with this .. Any Help would be appreciated. Iface are intel cards using fxp or em drivers. /var/run/dmesg.boot: Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.9-STABLE #0: Tue Dec 16 11:22:07 GMT 2003 noc@fhost.frontier.fr:/usr/src/sys/compile/GETSEC Timecounter "i8254" frequency 1193182 Hz CPU: AMD Duron(tm) processor (1300.06-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x671 Stepping = 1 Features=0x383f9ff AMD Features=0xc0400000 real memory = 259981312 (253888K bytes) avail memory = 247152640 (241360K bytes) Preloaded elf kernel "kernel" at 0xc05a9000. Pentium Pro MTRR support enabled md0: Malloc disk Using $PIR table, 6 entries at 0xc00fdc10 npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 agp0: mem 0xd0000000-0xd3ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at 0.0 irq 12 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xc000-0xc00f at device 7.1 on pci0 atapci0: Correcting VIA config for southbridge data corruption bug ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 uhci0: port 0xc400-0xc41f irq 11 at device 7.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: port 0xc800-0xc81f irq 11 at device 7.3 on pci0 usb1: on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered pci0: (vendor=0x1106, dev=0x3057) at 7.4 hip0: port 0xd400-0xd403,0xd000-0xd003,0xcc00-0xccff irq 5 at device 7.5 on pci0 fxp0: port 0xdc00-0xdc1f mem 0xd8000000-0xd80fffff,0xd8201000-0xd8201fff irq 12 at devi ce 8.0 on pci0 fxp0: Ethernet address 00:08:c7:ba:c7:4e inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: port 0xe000-0xe01f mem 0xd8100000-0xd81fffff,0xd8200000-0xd8200fff irq 10 at devi ce 9.0 on pci0 fxp1: Ethernet address 00:60:b0:57:28:56 inphy1: on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: port 0xe400-0xe4ff mem 0xd8202000-0xd82023ff irq 11 at device 15.0 on pci0 dc0: Ethernet address: 00:10:dc:a4:77:e6 miibus2: on dc0 ukphy0: on miibus2 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto orm0: