From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 09:20:44 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DC1016A4CF for ; Mon, 7 Feb 2005 09:20:44 +0000 (GMT) Received: from daemon.kr.FreeBSD.org (www.kr.freebsd.org [211.115.73.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5739243D8C for ; Mon, 7 Feb 2005 09:20:41 +0000 (GMT) (envelope-from cjh@kr.FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id B1EC61A7A7 for ; Mon, 7 Feb 2005 18:20:34 +0900 (KST) Received: from daemon.kr.FreeBSD.org ([127.0.0.1]) by localhost (daemon.kr.freebsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96700-08 for ; Mon, 7 Feb 2005 18:20:20 +0900 (KST) Received: from gradius.saturnsoft.net (daemon [211.115.73.199]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id 5E62D1A7A5 for ; Mon, 7 Feb 2005 18:20:20 +0900 (KST) Received: from localhost (localhost [127.0.0.1]) by gradius.saturnsoft.net (8.13.1/8.13.1) with ESMTP id j179KL4Y065380 for ; Mon, 7 Feb 2005 18:20:22 +0900 (KST) (envelope-from cjh@kr.FreeBSD.org) Date: Mon, 07 Feb 2005 18:20:21 +0900 (KST) Message-Id: <20050207.182021.68162131.cjh@kr.FreeBSD.org> To: freebsd-net@freebsd.org From: CHOI Junho Organization: Korea FreeBSD Users Group X-URL: http://www.kr.FreeBSD.org/~cjh X-Mailer: Mew version 4.2rc1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at kr.FreeBSD.org Subject: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 09:20:44 -0000 Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux of linuxI searched several times but failed. -- CHOI Junho cjh@[kr.]FreeBSD.org Key fingerprint = 1369 7374 A45F F41A F3C0 07E3 4A01 C020 E602 60F5 From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 11:01:47 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD36B16A4DC for ; Mon, 7 Feb 2005 11:01:47 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78B7643D55 for ; Mon, 7 Feb 2005 11:01:47 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j17B1lqC059332 for ; Mon, 7 Feb 2005 11:01:47 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j17B1k8A059326 for freebsd-net@freebsd.org; Mon, 7 Feb 2005 11:01:46 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 7 Feb 2005 11:01:46 GMT Message-Id: <200502071101.j17B1k8A059326@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 11:01:47 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 12:20:04 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABF6716A4CE for ; Mon, 7 Feb 2005 12:20:04 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28B6A43D4C for ; Mon, 7 Feb 2005 12:20:02 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Cy7s0-0005Md-00; Mon, 07 Feb 2005 13:20:00 +0100 Received: from [84.128.142.85] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Cy7rz-0004s9-00; Mon, 07 Feb 2005 13:20:00 +0100 From: Max Laier To: freebsd-net@freebsd.org Date: Mon, 7 Feb 2005 13:19:45 +0100 User-Agent: KMail/1.7.2 References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> In-Reply-To: <20050207.182021.68162131.cjh@kr.FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart11094761.d8MM0qn8HZ"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200502071319.57331.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: CHOI Junho Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 12:20:04 -0000 --nextPart11094761.d8MM0qn8HZ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 07 February 2005 10:20, CHOI Junho wrote: > Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux > of linuxI searched several times but failed. No there is not. In my humble opinion it's a *really* bad idea to implemen= t=20 something that vulnarable to external attacks and buffer overflows inside t= he=20 kernel. The often claimed performance benefit can as easily be achieved wi= th=20 accept filters (see esp. accf_http(9)) and kqueue(9). There is really no=20 need to put this into the kernel. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart11094761.d8MM0qn8HZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD4DBQBCB1ztXyyEoT62BG0RAjIUAJixL35S86m5SEXeTlA9gAmBHxf/AJ9u89b4 CFWZZ+6FkfWTU3FHfcecGQ== =3r00 -----END PGP SIGNATURE----- --nextPart11094761.d8MM0qn8HZ-- From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 12:46:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEBB916A4CE for ; Mon, 7 Feb 2005 12:46:41 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 305BF43D1D for ; Mon, 7 Feb 2005 12:46:41 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j17CkcGm023863 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 7 Feb 2005 15:46:39 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j17CkcgI092390 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Feb 2005 15:46:38 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j17Ckbsp092389; Mon, 7 Feb 2005 15:46:37 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Mon, 7 Feb 2005 15:46:37 +0300 From: Gleb Smirnoff To: Darcy Buskermolen Message-ID: <20050207124637.GE91619@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Darcy Buskermolen , freebsd-net@freebsd.org References: <200501250834.11393.darcy@wavefire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200501250834.11393.darcy@wavefire.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org Subject: Re: ng_nat revisited X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 12:46:42 -0000 Darcy, On Tue, Jan 25, 2005 at 08:34:11AM -0800, Darcy Buskermolen wrote: D> It's been a while since the subject of ng_nat appeared on-list, I'm wondering D> if there has been anymore work done on this? Now I'm trying to work on this. I don't guarantee any success in recent future. The first step is porting libalias to be a kernel module. I have already patches to make it compilable as kernel module, however with some features disabled - alias monitoring, sockets, and ipfw punching. The first two can be abandoned, but ipfw punching needs to be reimplemented in kernel. The next step is to write ng_nat using libalias interface :) -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 13:03:05 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDB2C16A4CE; Mon, 7 Feb 2005 13:03:05 +0000 (GMT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C66043D60; Mon, 7 Feb 2005 13:03:02 +0000 (GMT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])j17D2vAo064760; Mon, 7 Feb 2005 20:02:57 +0700 (KRAT) (envelope-from eugen@kuzbass.ru) Message-ID: <420766FF.714B372D@kuzbass.ru> Date: Mon, 07 Feb 2005 20:02:55 +0700 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: Gleb Smirnoff References: <200501250834.11393.darcy@wavefire.com> <20050207124637.GE91619@cell.sick.ru> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Darcy Buskermolen Subject: Re: ng_nat revisited X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 13:03:05 -0000 > D> It's been a while since the subject of ng_nat appeared on-list, I'm wondering > D> if there has been anymore work done on this? > > Now I'm trying to work on this. I don't guarantee any success in recent future. > > The first step is porting libalias to be a kernel module. I have already > patches to make it compilable as kernel module, however with some features > disabled - alias monitoring, sockets, and ipfw punching. The first two can > be abandoned, but ipfw punching needs to be reimplemented in kernel. Why do you think alias monitoring may be abadoned? Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Mon Feb 7 13:11:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B548A16A4CE for ; Mon, 7 Feb 2005 13:11:52 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5FBB43D49 for ; Mon, 7 Feb 2005 13:11:51 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j17DBodU024241 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 7 Feb 2005 16:11:50 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j17DBnll092660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Feb 2005 16:11:50 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j17DBmjT092658; Mon, 7 Feb 2005 16:11:49 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Mon, 7 Feb 2005 16:11:48 +0300 From: Gleb Smirnoff To: Eugene Grosbein Message-ID: <20050207131148.GA92617@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Eugene Grosbein , Darcy Buskermolen , freebsd-net@freebsd.org References: <200501250834.11393.darcy@wavefire.com> <20050207124637.GE91619@cell.sick.ru> <420766FF.714B372D@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <420766FF.714B372D@kuzbass.ru> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org cc: Darcy Buskermolen Subject: Re: ng_nat revisited X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2005 13:11:52 -0000 On Mon, Feb 07, 2005 at 08:02:55PM +0700, Eugene Grosbein wrote: E> > D> It's been a while since the subject of ng_nat appeared on-list, I'm wondering E> > D> if there has been anymore work done on this? E> > E> > Now I'm trying to work on this. I don't guarantee any success in recent future. E> > E> > The first step is porting libalias to be a kernel module. I have already E> > patches to make it compilable as kernel module, however with some features E> > disabled - alias monitoring, sockets, and ipfw punching. The first two can E> > be abandoned, but ipfw punching needs to be reimplemented in kernel. E> E> Why do you think alias monitoring may be abadoned? It does logging into file. It is difficult to implement same thing in kernel. May be it will be substituted with bare log(9). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 01:30:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4598A16A4CE for ; Tue, 8 Feb 2005 01:30:34 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FC9B43D41 for ; Tue, 8 Feb 2005 01:30:34 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 11CB37A423; Mon, 7 Feb 2005 17:30:34 -0800 (PST) Message-ID: <4208163A.8010607@elischer.org> Date: Mon, 07 Feb 2005 17:30:34 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Max Laier References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> In-Reply-To: <200502071319.57331.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: CHOI Junho Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 01:30:34 -0000 Max Laier wrote: >On Monday 07 February 2005 10:20, CHOI Junho wrote: > > >>Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux >> of linuxI searched several times but failed. >> >> > >No there is not. In my humble opinion it's a *really* bad idea to implement >something that vulnarable to external attacks and buffer overflows inside the >kernel. The often claimed performance benefit can as easily be achieved with >accept filters (see esp. accf_http(9)) and kqueue(9). There is really no >need to put this into the kernel. > actually there is.. it was written by ummm umm jpd I think.. (unless it was imp) but it is not released. > > > From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 01:33:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71D5E16A4CE; Tue, 8 Feb 2005 01:33:34 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56D7E43D1F; Tue, 8 Feb 2005 01:33:34 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 459BC7A423; Mon, 7 Feb 2005 17:33:34 -0800 (PST) Message-ID: <420816EE.5080906@elischer.org> Date: Mon, 07 Feb 2005 17:33:34 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Gleb Smirnoff References: <200501250834.11393.darcy@wavefire.com> <20050207124637.GE91619@cell.sick.ru> <420766FF.714B372D@kuzbass.ru> <20050207131148.GA92617@cell.sick.ru> In-Reply-To: <20050207131148.GA92617@cell.sick.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Darcy Buskermolen cc: Eugene Grosbein Subject: Re: ng_nat revisited X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 01:33:34 -0000 Gleb Smirnoff wrote: >On Mon, Feb 07, 2005 at 08:02:55PM +0700, Eugene Grosbein wrote: >E> > D> It's been a while since the subject of ng_nat appeared on-list, I'm wondering >E> > D> if there has been anymore work done on this? >E> > >E> > Now I'm trying to work on this. I don't guarantee any success in recent future. >E> > >E> > The first step is porting libalias to be a kernel module. I have already >E> > patches to make it compilable as kernel module, however with some features >E> > disabled - alias monitoring, sockets, and ipfw punching. The first two can >E> > be abandoned, but ipfw punching needs to be reimplemented in kernel. >E> >E> Why do you think alias monitoring may be abadoned? > >It does logging into file. It is difficult to implement same thing in kernel. >May be it will be substituted with bare log(9). > or have "monitor" hook.. > > > From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 06:17:27 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96BF616A4CE for ; Tue, 8 Feb 2005 06:17:27 +0000 (GMT) Received: from mail0.yrp.nttdocomo.co.jp (mail0.yrp.nttdocomo.co.jp [202.245.184.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id C735543D54 for ; Tue, 8 Feb 2005 06:17:26 +0000 (GMT) (envelope-from osuga@nim.yrp.nttdocomo.co.jp) Received: from nim.yrp.nttdocomo.co.jp (nim.yrp.nttdocomo.co.jp [172.21.88.12])id j186HPdM030450 for ; Tue, 8 Feb 2005 15:17:25 +0900 Received: (qmail 8158 invoked from network); 8 Feb 2005 15:17:25 +0900 Received: from unknown (HELO osugaGX270) (172.21.235.91) by nim.yrp.nttdocomo.co.jp with SMTP; 8 Feb 2005 15:17:25 +0900 Message-ID: <003901c50da5$8a9f7c80$5beb15ac@mig.yrp.nttdocomo.co.jp> From: "Daikichi Osuga" To: Date: Tue, 8 Feb 2005 15:15:09 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: SACK retransmits multiple segments respond to single dupack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 06:17:27 -0000 Hello, I had experiments with FreeBSD SACK implementation. FreeBSD SACK retransmits multiple segments respond to single dupack. It breaks "packet conservation principle". In OpenBSD SACK implementation, retransmission from SACK hole is limited to single segment. "sack_rxmit" and "sendalot" are exclusive. I think solution is introducing mechanism to estimate amount of outstanding segments. For example, "pipe" alogorithm is well known. http://www.icir.org/floyd/talks/sf-sacks-96.pdf Regards, -- Daikichi Osuga From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 06:21:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 649D316A4CE for ; Tue, 8 Feb 2005 06:21:42 +0000 (GMT) Received: from home.dino.sk (home.dino.sk [213.215.74.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 472A343D2F for ; Tue, 8 Feb 2005 06:21:39 +0000 (GMT) (envelope-from milan@bluegrass.sk) Received: from [127.0.0.1] ([127.0.0.1]) by home.dino.sk with esmtp; Tue, 08 Feb 2005 07:21:33 +0100 id 0000E90D.42085A6E.000040C8 From: Milan Obuch To: freebsd-net@freebsd.org Date: Tue, 8 Feb 2005 07:21:29 +0100 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200502080721.30013.milan@bluegrass.sk> Subject: [MAIL TEST] Please ignore X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 06:21:42 -0000 I just noticed some problem with my mail server. Please ignore. Milan From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 13:42:40 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59CA616A4CE for ; Tue, 8 Feb 2005 13:42:40 +0000 (GMT) Received: from daemon.kr.FreeBSD.org (www.kr.freebsd.org [211.115.73.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7A8043D41 for ; Tue, 8 Feb 2005 13:42:39 +0000 (GMT) (envelope-from cjh@kr.FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id B734F1A7AF; Tue, 8 Feb 2005 22:42:32 +0900 (KST) Received: from daemon.kr.FreeBSD.org ([127.0.0.1]) by localhost (daemon.kr.freebsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88226-14; Tue, 8 Feb 2005 22:42:27 +0900 (KST) Received: from gradius.saturnsoft.net (daemon [211.115.73.199]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id B933F1A7AD; Tue, 8 Feb 2005 22:42:27 +0900 (KST) Received: from localhost (localhost [127.0.0.1])j18DgSsj075440; Tue, 8 Feb 2005 22:42:31 +0900 (KST) (envelope-from cjh@kr.FreeBSD.org) Date: Tue, 08 Feb 2005 22:42:27 +0900 (KST) Message-Id: <20050208.224227.27773191.cjh@kr.FreeBSD.org> To: max@love2party.net From: CHOI Junho In-Reply-To: <200502071319.57331.max@love2party.net> References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> Organization: Korea FreeBSD Users Group X-URL: http://www.kr.FreeBSD.org/~cjh X-Mailer: Mew version 4.2rc1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at kr.FreeBSD.org cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 13:42:40 -0000 From: Max Laier Subject: Re: kernel mode httpd/ftpd for FreeBSD? Date: Mon, 7 Feb 2005 13:19:45 +0100 > On Monday 07 February 2005 10:20, CHOI Junho wrote: > > Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux > > of linuxI searched several times but failed. > > No there is not. In my humble opinion it's a *really* bad idea to implement > something that vulnarable to external attacks and buffer overflows inside the > kernel. The often claimed performance benefit can as easily be achieved with > accept filters (see esp. accf_http(9)) and kqueue(9). There is really no > need to put this into the kernel. I understand what you mean. If so, why serious network server like nfs is still in kernel? Of course it is a fat job to implement http/ftp in kernel, but it can be a good experiment... -- CHOI Junho cjh@[kr.]FreeBSD.org Key fingerprint = 1369 7374 A45F F41A F3C0 07E3 4A01 C020 E602 60F5 From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 15:46:12 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A54416A4CE; Tue, 8 Feb 2005 15:46:12 +0000 (GMT) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5633443D45; Tue, 8 Feb 2005 15:46:11 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id AACA0BC098; Tue, 8 Feb 2005 17:46:09 +0200 (EET) Received: from R3B (unknown [62.38.168.185])by smtp.freemail.gr (Postfix) with ESMTP id B8386BC023;Tue, 8 Feb 2005 17:46:08 +0200 (EET) Message-ID: <000a01c50df5$4a4435e0$3c00000a@R3B> From: "Chris Dionissopoulos" To: Date: Tue, 8 Feb 2005 17:45:59 +0200 MIME-Version: 1.0 Content-Type: text/plain;format=flowed;charset="iso-8859-7"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 cc: freebsd-net@freebsd.org Subject: Sticky pf(4)-like feature in ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 15:46:12 -0000 Hi, I think of adding a new feature in (my local copy) ipfw (releng5) so that it makes also sticky match when forwarding broken protocols like ftp, h.323, sip, etc. Its inspired from pf(4) sticky feature as is.The general usage will be for "skipto" forwarding rules as shown in example below: Network ASCII-ART: Gateway1 Gateway2 | | ---------------- 192.168.1.0/24 | [Freebsd-ipfw] | ---------------- 192.168.3.0/24 ipfw.sh: ~~~~~~~~~~~~~~~~~~~~~~ #!/bin/sh fwcmd="/sbin/ipfw" pass="skipto 65535" gateway_mac1 ="00:0e:2e:03:36:23" gateway_mac2 ="00:0e:2e:03:37:23" gateway1="192.168.1.2" gateway2 ="192.168.1.1" lan_network = "192.168.3.0/24" broken="20,21,1720,6667,4600-4700" #CHECK STATES. ${fwcmd} add 100 check-state # INCOMING TRAFFIC ${fwcmd} add 1100 skipto 10100 ip from any to any mac any ${gateway_mac1}in recv rl0 keep-state ${fwcmd} add 1200 skipto 10200 ip from any to any mac any ${gateway_mac1}in recv rl0 keep-state #OUTGOING + NOT-YET-STATED PACKETS BROKEN PROTOCOLS [LB 50%-50%] ${fwcmd} add 2000 prob 0.5 skipto 10101 tcp from ${lan_network}to not ${lan_network} dst-port ${broken} in recv rl1 keep-sticky ${fwcmd} add 2001 skipto 10201 tcp from ${lan_network}to not ${lan_network}dst-port ${broken} in recv rl1 keep-sticky #OUTGOING + NOT-YET-STATED PACKETS (BALANCE) [LB 50%-50%] ${fwcmd} add 2100 prob 0.5 skipto 10101 ip from ${lan_network}to not ${lan_network}in recv rl1 keep-state ${fwcmd} add 2101 skipto 10201 ip from ${lan_network}to not ${lan_network}in recv rl1 keep-state #DRIVE OUTGOING TRAFFIC TO GATEWAY1. JUST PASS OTHER ${fwcmd} add 10100 fwd ${gateway1} ip from ${lan_network} to not ${lan_network} in recv rl1 ${fwcmd} add 10110 ${pass} ip from any to any #DRIVE OUTGOING TRAFFIC TO GATEWAY2. JUST PASS OTHER ${fwcmd} add 10200 fwd ${gateway2} ip from ${lan_network} to not ${lan_network} in recv rl1 ${fwcmd} add 10210 ${pass} ip from any to any ~~~~~~~~~~~~~~~~~~~~~~ "keep-sticky" main difference with "keep-state" is just relaxed state matching using only proto+(src_ip+dst_ip) and proto+reversed(src_ip+dst_ip), and not (scr_ip:src_port + dst_ip:dst_port) straight and reversed (=keep-state/limit). My question : Does anyone has already working on such feature? Cause its pretty easy to implement(*) "keep-sticky", does any of ipfw developers planning to add such feature in near future? Thanks, Chris. (*) 1. TOK_KEEPSTICKY in /usr/src/sbin/ipfw/ipfw2.c O_KEEP_STICKY in /usr/src/sys/netinet/ip_fw.h and copy TOK_KEEPSTATE+O_KEEPSTATE code as a new case of cmd+rule argument. 2. Some changes in "lookup_dyn_rule_locked" function of /usr/src/sys/netinet/ip_fw2.c to make a more relaxed state when "keep-sticky" is enabled. ____________________________________________________________________ http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 18:48:34 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E74616A4CE for ; Tue, 8 Feb 2005 18:48:34 +0000 (GMT) Received: from web80602.mail.yahoo.com (web80602.mail.yahoo.com [66.218.79.91]) by mx1.FreeBSD.org (Postfix) with SMTP id 186BD43D3F for ; Tue, 8 Feb 2005 18:48:34 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050208184834.24690.qmail@web80602.mail.yahoo.com> Received: from [64.172.45.63] by web80602.mail.yahoo.com via HTTP; Tue, 08 Feb 2005 10:48:33 PST Date: Tue, 8 Feb 2005 10:48:33 -0800 (PST) From: Mohan Srinivasan To: Daikichi Osuga , freebsd-net@freebsd.org In-Reply-To: <003901c50da5$8a9f7c80$5beb15ac@mig.yrp.nttdocomo.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: SACK retransmits multiple segments respond to single dupack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 18:48:34 -0000 Hi, Which release are you experimenting with ? There was a bug in 5.3 that would cause SACK to burst multiple segments on a dupack reception. But that was fixed both in -current and in RELENG_5 (1.100.2.3 and 1.102). From what I see, the fix was never MFC'ed to RELENG_5_3. Referencing the code in -current, dupack handling starts at line tcp_input.c:1797. When SACK recovery is first set up, upon reception of 3 dupacks, we set cwnd to 3 (line 1867) and call tcp_output(), which would cause 3 segments from the scoreboard to be retransmitted. BTW, this value can be changed (to 1) with the sysctl tcp_sack_recovery_initburst. Once SACK recovery is set up, subsequent reception of dupacks will goto line 1826, which should cause just one segment to be transmitted. If you look at tcp_output(), you'll notice that before sending data (while in sack recovery), we compute the amount of retransmitted data in the scoreboard and the amount of new data sent in the recovery phase and use this value to adjust cwnd down. This is the change that I referenced above that's missing in RELENG_5_3. mohan --- Daikichi Osuga wrote: > Hello, > > I had experiments with FreeBSD SACK implementation. > FreeBSD SACK retransmits multiple segments respond to single dupack. > It breaks "packet conservation principle". > > In OpenBSD SACK implementation, > retransmission from SACK hole is limited to single segment. > "sack_rxmit" and "sendalot" are exclusive. > > I think solution is introducing mechanism to estimate amount of outstanding segments. > For example, "pipe" alogorithm is well known. > http://www.icir.org/floyd/talks/sf-sacks-96.pdf > > Regards, > -- > Daikichi Osuga > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 19:21:58 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3EA916A4CE for ; Tue, 8 Feb 2005 19:21:57 +0000 (GMT) Received: from wyvern.icir.org (wyvern.icir.org [192.150.187.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA91643D45 for ; Tue, 8 Feb 2005 19:21:57 +0000 (GMT) (envelope-from mallman@icir.org) Received: from guns.icir.org (adsl-68-76-113-50.dsl.bcvloh.ameritech.net [68.76.113.50]) by wyvern.icir.org (8.12.9p1/8.12.8) with ESMTP id j18JLnuM092345; Tue, 8 Feb 2005 11:21:50 -0800 (PST) (envelope-from mallman@guns.icir.org) Received: from guns.icir.org (localhost [127.0.0.1]) by guns.icir.org (Postfix) with ESMTP id 1DD4177A6A5; Tue, 8 Feb 2005 14:21:46 -0500 (EST) To: "Daikichi Osuga" From: Mark Allman In-Reply-To: <003901c50da5$8a9f7c80$5beb15ac@mig.yrp.nttdocomo.co.jp> Organization: ICSI Center for Internet Research (ICIR) Song-of-the-Day: Rocket Man MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Tue, 08 Feb 2005 14:21:46 -0500 Sender: mallman@icir.org Message-Id: <20050208192146.1DD4177A6A5@guns.icir.org> cc: Ethan Blanton cc: freebsd-net@freebsd.org Subject: Re: SACK retransmits multiple segments respond to single dupack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mallman@icir.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 19:21:58 -0000 --=-=-= Content-Type: text/plain > I had experiments with FreeBSD SACK implementation. FreeBSD SACK > retransmits multiple segments respond to single dupack. It breaks > "packet conservation principle". > > In OpenBSD SACK implementation, > retransmission from SACK hole is limited to single segment. > "sack_rxmit" and "sendalot" are exclusive. > > I think solution is introducing mechanism to estimate amount of > outstanding segments. For example, "pipe" alogorithm is well known. > http://www.icir.org/floyd/talks/sf-sacks-96.pdf Note that in RFC3517 we explicitly allow sending multiple retransmits on a "dupack". Basically, SACK allows for robustness in the face of ACK loss and so as long as the total amount of data sent is in line with the congestion control algorithms this is fine. The downside is that there is the potential for increased burstiness. We don't think this is a terribly big deal. We have recent results that say that small scale bursting doesn't hurt the connection all that much. See: Ethan Blanton, Mark Allman. On the Impact of Bursting on TCP Performance. Proceedings of the Workshop for Passive and Active Measurement, March 2005. To appear. http://www.icir.org/mallman/papers/burst-pam05.ps allman -- Mark Allman -- ICIR -- http://www.icir.org/mallman/ --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCCRFKWyrrWs4yIs4RAsVUAJ9LfSzOHJlKpgtij0SnqFFXpG6nawCeNm0X ag09NZHDSG0DpLKlZDUiw5Q= =DkRs -----END PGP SIGNATURE----- --=-=-=-- From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 19:22:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4595116A4CE for ; Tue, 8 Feb 2005 19:22:06 +0000 (GMT) Received: from wyvern.icir.org (wyvern.icir.org [192.150.187.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2121B43D49 for ; Tue, 8 Feb 2005 19:22:06 +0000 (GMT) (envelope-from mallman@icir.org) Received: from guns.icir.org (adsl-68-76-113-50.dsl.bcvloh.ameritech.net [68.76.113.50]) by wyvern.icir.org (8.12.9p1/8.12.8) with ESMTP id j18JLxuM092349; Tue, 8 Feb 2005 11:22:00 -0800 (PST) (envelope-from mallman@guns.icir.org) Received: from guns.icir.org (localhost [127.0.0.1]) by guns.icir.org (Postfix) with ESMTP id 6262377A6A5; Tue, 8 Feb 2005 14:21:56 -0500 (EST) To: Mohan Srinivasan From: Mark Allman In-Reply-To: <20050208184834.24690.qmail@web80602.mail.yahoo.com> Organization: ICSI Center for Internet Research (ICIR) Song-of-the-Day: Rocket Man MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Date: Tue, 08 Feb 2005 14:21:56 -0500 Sender: mallman@icir.org Message-Id: <20050208192156.6262377A6A5@guns.icir.org> cc: Ethan Blanton cc: freebsd-net@freebsd.org cc: Daikichi Osuga Subject: Re: SACK retransmits multiple segments respond to single dupack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mallman@icir.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 19:22:06 -0000 --=-=-= Content-Type: text/plain > Which release are you experimenting with ? There was a bug > in 5.3 that would cause SACK to burst multiple segments on > a dupack reception. But that was fixed both in -current > and in RELENG_5 (1.100.2.3 and 1.102). From what I see, > the fix was never MFC'ed to RELENG_5_3. > > Referencing the code in -current, > > dupack handling starts at line tcp_input.c:1797. When SACK > recovery is first set up, upon reception of 3 dupacks, we > set cwnd to 3 (line 1867) and call tcp_output(), which would > cause 3 segments from the scoreboard to be retransmitted. I do not understand why receiving 3 dupacks would cause a retransmit of 3 segments. One retransmit I can understand. But, then we shouldn't be in packet conservation for a bit while some of the segments drain from the network to effectively halve the sending rate (because we noted congestion). allman -- Mark Allman -- ICIR -- http://www.icir.org/mallman/ --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFCCRFUWyrrWs4yIs4RApp5AJ9nMx9QcYy8sRegfzOLrv088TvDuwCePJSM tuM27qCnMhj1i/xJMEuhIdw= =IMBD -----END PGP SIGNATURE----- --=-=-=-- From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 23:01:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4EE016A4CE; Tue, 8 Feb 2005 23:01:51 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41A6D43D31; Tue, 8 Feb 2005 23:01:51 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.8) with ESMTP id j18N1oOg028464; Tue, 8 Feb 2005 15:01:50 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id j18N1ohb028463; Tue, 8 Feb 2005 15:01:50 -0800 (PST) (envelope-from rizzo) Date: Tue, 8 Feb 2005 15:01:50 -0800 From: Luigi Rizzo To: Chris Dionissopoulos Message-ID: <20050208150150.C28282@xorpc.icir.org> References: <000a01c50df5$4a4435e0$3c00000a@R3B> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000a01c50df5$4a4435e0$3c00000a@R3B>; from dionch@freemail.gr on Tue, Feb 08, 2005 at 05:45:59PM +0200 cc: freebsd-ipfw@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Sticky pf(4)-like feature in ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 23:01:51 -0000 the 'state only based on the 3-tuple' as you describe it is certainly an interesting feature. It is slightly more expensive to implement than what i thought at first, because you should do two hash computations and lookups (one on the 5-tuple, one on the 3-tuple) on each packet trying to match a dynamic rule. i just wonder why it is named 'sticky' in pf which is not really very indicative of what the function does. cheers luigi On Tue, Feb 08, 2005 at 05:45:59PM +0200, Chris Dionissopoulos wrote: > Hi, > I think of adding a new feature in (my local copy) ipfw (releng5) so that it > makes also sticky match when forwarding broken protocols like ftp, h.323, > sip, etc. > Its inspired from pf(4) sticky feature as is.The general usage will be for > "skipto" forwarding rules as shown in example below: > > Network ASCII-ART: > > Gateway1 Gateway2 > | | > ---------------- 192.168.1.0/24 > | > [Freebsd-ipfw] > | > ---------------- 192.168.3.0/24 > > ipfw.sh: > ~~~~~~~~~~~~~~~~~~~~~~ > #!/bin/sh > fwcmd="/sbin/ipfw" > pass="skipto 65535" > > gateway_mac1 ="00:0e:2e:03:36:23" > gateway_mac2 ="00:0e:2e:03:37:23" > gateway1="192.168.1.2" > gateway2 ="192.168.1.1" > > lan_network = "192.168.3.0/24" > broken="20,21,1720,6667,4600-4700" > > #CHECK STATES. > ${fwcmd} add 100 check-state > > # INCOMING TRAFFIC > ${fwcmd} add 1100 skipto 10100 ip from any to any mac any ${gateway_mac1}in > recv rl0 keep-state > ${fwcmd} add 1200 skipto 10200 ip from any to any mac any ${gateway_mac1}in > recv rl0 keep-state > > #OUTGOING + NOT-YET-STATED PACKETS BROKEN PROTOCOLS [LB 50%-50%] > ${fwcmd} add 2000 prob 0.5 skipto 10101 tcp from ${lan_network}to not > ${lan_network} dst-port ${broken} in recv rl1 keep-sticky > ${fwcmd} add 2001 skipto 10201 tcp from ${lan_network}to not > ${lan_network}dst-port ${broken} in recv rl1 keep-sticky > > #OUTGOING + NOT-YET-STATED PACKETS (BALANCE) [LB 50%-50%] > ${fwcmd} add 2100 prob 0.5 skipto 10101 ip from ${lan_network}to not > ${lan_network}in recv rl1 keep-state > ${fwcmd} add 2101 skipto 10201 ip from ${lan_network}to not ${lan_network}in > recv rl1 keep-state > > #DRIVE OUTGOING TRAFFIC TO GATEWAY1. JUST PASS OTHER > ${fwcmd} add 10100 fwd ${gateway1} ip from ${lan_network} to not > ${lan_network} in recv rl1 > ${fwcmd} add 10110 ${pass} ip from any to any > > #DRIVE OUTGOING TRAFFIC TO GATEWAY2. JUST PASS OTHER > ${fwcmd} add 10200 fwd ${gateway2} ip from ${lan_network} to not > ${lan_network} in recv rl1 > ${fwcmd} add 10210 ${pass} ip from any to any > > ~~~~~~~~~~~~~~~~~~~~~~ > > > "keep-sticky" main difference with "keep-state" is just relaxed state > matching > using only proto+(src_ip+dst_ip) and proto+reversed(src_ip+dst_ip), and not > (scr_ip:src_port + dst_ip:dst_port) straight and reversed > (=keep-state/limit). > > My question : > Does anyone has already working on such feature? > Cause its pretty easy to implement(*) "keep-sticky", does any of > ipfw developers planning to add such feature in near future? > > > Thanks, > Chris. > > > (*) > 1. TOK_KEEPSTICKY in /usr/src/sbin/ipfw/ipfw2.c > O_KEEP_STICKY in /usr/src/sys/netinet/ip_fw.h > and copy TOK_KEEPSTATE+O_KEEPSTATE code > as a new case of cmd+rule argument. > 2. Some changes in "lookup_dyn_rule_locked" function of > /usr/src/sys/netinet/ip_fw2.c to make a more relaxed state > when "keep-sticky" is enabled. > > > > > > > > ____________________________________________________________________ > http://www.freemail.gr - dwrean upyresia ylektronikou taxudromeiou. > http://www.freemail.gr - free email service for the Greek-speaking. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 23:44:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB5D716A4CE; Tue, 8 Feb 2005 23:44:07 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5629B43D2D; Tue, 8 Feb 2005 23:44:07 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Cyf1a-0004Yl-00; Wed, 09 Feb 2005 00:44:06 +0100 Received: from [217.227.147.152] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Cyf1M-0001vo-00; Wed, 09 Feb 2005 00:44:06 +0100 From: Max Laier To: freebsd-ipfw@freebsd.org Date: Wed, 9 Feb 2005 00:43:18 +0100 User-Agent: KMail/1.7.2 References: <000a01c50df5$4a4435e0$3c00000a@R3B> <20050208150150.C28282@xorpc.icir.org> In-Reply-To: <20050208150150.C28282@xorpc.icir.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart36976067.LvBGxLmmto"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200502090043.30704.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Luigi Rizzo cc: freebsd-net@freebsd.org cc: Chris Dionissopoulos Subject: Re: Sticky pf(4)-like feature in ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 23:44:08 -0000 --nextPart36976067.LvBGxLmmto Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 09 February 2005 00:01, Luigi Rizzo wrote: > the 'state only based on the 3-tuple' as you describe it > is certainly an interesting feature. It is slightly more expensive > to implement than what i thought at first, because you should > do two hash computations and lookups (one on the 5-tuple, one > on the 3-tuple) on each packet trying to match a dynamic rule. > > i just wonder why it is named 'sticky' in pf > which is not really very indicative of what the function does. It's actually called "sticky-address" and applies to all rules that select= =20 addresses from a pool. It is called that way as things work a bit differen= t=20 in PF. You'd have a forwarding rule that selects addresses from a pool as= =20 equivalent to the "prob .5 skip-to" in IPFW. The state matching isn't=20 affected at all (i.e. if you do stateful matching PF still performs 5-tuple= =20 matching). The "sticky-address" option on the pool, however, ensures that= =20 the next time a certain client needs to be forwarded it gets the same=20 translation address. As you said, you have to be careful with only 3-tuple states as it might op= en=20 to injection attacks and thus allow evildoers to bypass the firewall. > cheers > luigi > > On Tue, Feb 08, 2005 at 05:45:59PM +0200, Chris Dionissopoulos wrote: > > Hi, > > I think of adding a new feature in (my local copy) ipfw (releng5) so th= at > > it makes also sticky match when forwarding broken protocols like ftp, > > h.323, sip, etc. > > Its inspired from pf(4) sticky feature as is.The general usage will be > > for "skipto" forwarding rules as shown in example below: > > > > Network ASCII-ART: > > > > Gateway1 Gateway2 > > > > ---------------- 192.168.1.0/24 > > > > [Freebsd-ipfw] > > > > ---------------- 192.168.3.0/24 > > > > ipfw.sh: > > ~~~~~~~~~~~~~~~~~~~~~~ > > #!/bin/sh > > fwcmd=3D"/sbin/ipfw" > > pass=3D"skipto 65535" > > > > gateway_mac1 =3D"00:0e:2e:03:36:23" > > gateway_mac2 =3D"00:0e:2e:03:37:23" > > gateway1=3D"192.168.1.2" > > gateway2 =3D"192.168.1.1" > > > > lan_network =3D "192.168.3.0/24" > > broken=3D"20,21,1720,6667,4600-4700" > > > > #CHECK STATES. > > ${fwcmd} add 100 check-state > > > > # INCOMING TRAFFIC > > ${fwcmd} add 1100 skipto 10100 ip from any to any mac any > > ${gateway_mac1}in recv rl0 keep-state > > ${fwcmd} add 1200 skipto 10200 ip from any to any mac any > > ${gateway_mac1}in recv rl0 keep-state > > > > #OUTGOING + NOT-YET-STATED PACKETS BROKEN PROTOCOLS [LB 50%-50%] > > ${fwcmd} add 2000 prob 0.5 skipto 10101 tcp from ${lan_network}to not > > ${lan_network} dst-port ${broken} in recv rl1 keep-sticky > > ${fwcmd} add 2001 skipto 10201 tcp from ${lan_network}to not > > ${lan_network}dst-port ${broken} in recv rl1 keep-sticky > > > > #OUTGOING + NOT-YET-STATED PACKETS (BALANCE) [LB 50%-50%] > > ${fwcmd} add 2100 prob 0.5 skipto 10101 ip from ${lan_network}to not > > ${lan_network}in recv rl1 keep-state > > ${fwcmd} add 2101 skipto 10201 ip from ${lan_network}to not > > ${lan_network}in recv rl1 keep-state > > > > #DRIVE OUTGOING TRAFFIC TO GATEWAY1. JUST PASS OTHER > > ${fwcmd} add 10100 fwd ${gateway1} ip from ${lan_network} to not > > ${lan_network} in recv rl1 > > ${fwcmd} add 10110 ${pass} ip from any to any > > > > #DRIVE OUTGOING TRAFFIC TO GATEWAY2. JUST PASS OTHER > > ${fwcmd} add 10200 fwd ${gateway2} ip from ${lan_network} to not > > ${lan_network} in recv rl1 > > ${fwcmd} add 10210 ${pass} ip from any to any > > > > ~~~~~~~~~~~~~~~~~~~~~~ > > > > > > "keep-sticky" main difference with "keep-state" is just relaxed state > > matching > > using only proto+(src_ip+dst_ip) and proto+reversed(src_ip+dst_ip), and > > not (scr_ip:src_port + dst_ip:dst_port) straight and reversed > > (=3Dkeep-state/limit). > > > > My question : > > Does anyone has already working on such feature? > > Cause its pretty easy to implement(*) "keep-sticky", does any of > > ipfw developers planning to add such feature in near future? > > > > > > Thanks, > > Chris. > > > > > > (*) > > 1. TOK_KEEPSTICKY in /usr/src/sbin/ipfw/ipfw2.c > > O_KEEP_STICKY in /usr/src/sys/netinet/ip_fw.h > > and copy TOK_KEEPSTATE+O_KEEPSTATE code > > as a new case of cmd+rule argument. > > 2. Some changes in "lookup_dyn_rule_locked" function of > > /usr/src/sys/netinet/ip_fw2.c to make a more relaxed state > > when "keep-sticky" is enabled. > > > > > > > > > > > > > > > > ____________________________________________________________________ > > http://www.freemail.gr - dwrean upyresia ylektronikou taxudromeiou. > > http://www.freemail.gr - free email service for the Greek-speaking. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart36976067.LvBGxLmmto Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCCU6iXyyEoT62BG0RArV4AJ9vT6QQOpEKXqeI2UiKkT3HnCh7FwCeOEVZ ZvZRffmYLbqIPQXJfxn7qGg= =RFGJ -----END PGP SIGNATURE----- --nextPart36976067.LvBGxLmmto-- From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 17:08:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A178E16A4CE for ; Wed, 9 Feb 2005 17:08:06 +0000 (GMT) Received: from eep.lcs.mit.edu (eep.lcs.mit.edu [18.31.0.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B8F143D5A for ; Wed, 9 Feb 2005 17:08:06 +0000 (GMT) (envelope-from dga@eep.lcs.mit.edu) Received: from eep.lcs.mit.edu (localhost.lcs.mit.edu [127.0.0.1]) by eep.lcs.mit.edu (8.13.1/8.12.9) with ESMTP id j19H82p7039580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 9 Feb 2005 12:08:03 -0500 (EST) (envelope-from dga@eep.lcs.mit.edu) Received: (from dga@localhost) by eep.lcs.mit.edu (8.13.1/8.13.1/Submit) id j19H824W039579 for freebsd-net@freebsd.org; Wed, 9 Feb 2005 12:08:02 -0500 (EST) (envelope-from dga) Date: Wed, 9 Feb 2005 12:08:02 -0500 From: "David G. Andersen" To: freebsd-net@freebsd.org Message-ID: <20050209170802.GA39472@lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, hits=-4.9 required=5 tests=BAYES_00 version=FluxMilter1.2 X-Scanned-By: MIMEDefang 2.44 Subject: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 17:08:06 -0000 The last messages I saw in the archives about kern/73129 indicated that it was going to be fixed "shortly" (73129 is the "IPFW misbehavior in RELENG_5 thread" -- it's no longer possible to use ipfw fwd to perform policy routing). This bug is on my critical path for getting my network entirely swapped over to 5.3 (b/c it breaks transparent proxying and other nifty games). Could I beg Andre or someone to commit a fix that restores the old behavior? (Barring that, has anyone patched it in their own system, and if so, would you mind sending me the patch? I dislike running custom kernel code on these machines, but I'm happy to do so to get things working. :) Many thanks, -Dave (please CC:; I'm not subscribed to freebsd-net) -- Dave Andersen dga at cs dot cmu.edu Assistant Professor 412.268.3064 Carnegie Mellon University http://www.cs.cmu.edu/~dga From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 17:33:13 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EA6B16A4CE for ; Wed, 9 Feb 2005 17:33:13 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4623943D2D for ; Wed, 9 Feb 2005 17:33:12 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 22758 invoked from network); 9 Feb 2005 17:11:42 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 9 Feb 2005 17:11:42 -0000 Message-ID: <420A4957.15E0D656@networx.ch> Date: Wed, 09 Feb 2005 18:33:11 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "David G. Andersen" References: <20050209170802.GA39472@lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 17:33:13 -0000 "David G. Andersen" wrote: > > The last messages I saw in the archives about kern/73129 indicated > that it was going to be fixed "shortly" > > (73129 is the "IPFW misbehavior in RELENG_5 thread" -- it's no longer > possible to use ipfw fwd to perform policy routing). > > This bug is on my critical path for getting my network entirely swapped > over to 5.3 (b/c it breaks transparent proxying and other nifty games). > Could I beg Andre or someone to commit a fix that restores the old > behavior? > > (Barring that, has anyone patched it in their own system, and if so, > would you mind sending me the patch? I dislike running custom kernel > code on these machines, but I'm happy to do so to get things working. :) Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to fix it the most correct way. -- Andre From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 18:58:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0894516A4CE for ; Wed, 9 Feb 2005 18:58:31 +0000 (GMT) Received: from eep.lcs.mit.edu (eep.lcs.mit.edu [18.31.0.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id A394743D2D for ; Wed, 9 Feb 2005 18:58:30 +0000 (GMT) (envelope-from dga@eep.lcs.mit.edu) Received: from eep.lcs.mit.edu (localhost.lcs.mit.edu [127.0.0.1]) by eep.lcs.mit.edu (8.13.1/8.12.9) with ESMTP id j19IwSOj040469 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Feb 2005 13:58:29 -0500 (EST) (envelope-from dga@eep.lcs.mit.edu) Received: (from dga@localhost) by eep.lcs.mit.edu (8.13.1/8.13.1/Submit) id j19IwSro040468; Wed, 9 Feb 2005 13:58:28 -0500 (EST) (envelope-from dga) Date: Wed, 9 Feb 2005 13:58:28 -0500 From: "David G. Andersen" To: Andre Oppermann Message-ID: <20050209185828.GD39472@lcs.mit.edu> References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <420A4957.15E0D656@networx.ch> User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, hits=-4.9 required=5 tests=BAYES_00 version=FluxMilter1.2 X-Scanned-By: MIMEDefang 2.44 cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 18:58:31 -0000 On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed: > > > > (Barring that, has anyone patched it in their own system, and if so, > > would you mind sending me the patch? I dislike running custom kernel > > code on these machines, but I'm happy to do so to get things working. :) > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to > fix it the most correct way. Should have CC:'d; sorry. Thanks much for the quick response, Andre. If there's a patch available, or any workaround you can think of, I'd love to know. Also, if you need a beta tester or a test machine, or if there's anything else I can do, please don't hesitate to ask. I'm happy to hack on it if needs be. -Dave -- Dave Andersen dga at cs dot cmu.edu Assistant Professor 412.268.3064 Carnegie Mellon University http://www.cs.cmu.edu/~dga From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 20:35:39 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 498EE16A4CE for ; Wed, 9 Feb 2005 20:35:39 +0000 (GMT) Received: from eep.lcs.mit.edu (eep.lcs.mit.edu [18.31.0.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id A70B543D2F for ; Wed, 9 Feb 2005 20:35:38 +0000 (GMT) (envelope-from dga@eep.lcs.mit.edu) Received: from eep.lcs.mit.edu (localhost.lcs.mit.edu [127.0.0.1]) by eep.lcs.mit.edu (8.13.1/8.12.9) with ESMTP id j19KZYGR041310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Feb 2005 15:35:35 -0500 (EST) (envelope-from dga@eep.lcs.mit.edu) Received: (from dga@localhost) by eep.lcs.mit.edu (8.13.1/8.13.1/Submit) id j19KZYA4041309; Wed, 9 Feb 2005 15:35:34 -0500 (EST) (envelope-from dga) Date: Wed, 9 Feb 2005 15:35:34 -0500 From: "David G. Andersen" To: Andre Oppermann Message-ID: <20050209203534.GA41287@lcs.mit.edu> References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050209185828.GD39472@lcs.mit.edu> User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, hits=-4.9 required=5 tests=BAYES_00 version=FluxMilter1.2 X-Scanned-By: MIMEDefang 2.44 cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 20:35:39 -0000 On Wed, Feb 09, 2005 at 01:58:28PM -0500, David G. Andersen scribed: > On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed: > > > > > > (Barring that, has anyone patched it in their own system, and if so, > > > would you mind sending me the patch? I dislike running custom kernel > > > code on these machines, but I'm happy to do so to get things working. :) > > > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to > > fix it the most correct way. > > Should have CC:'d; sorry. > > Thanks much for the quick response, Andre. If there's a patch available, > or any workaround you can think of, I'd love to know. Also, if you > need a beta tester or a test machine, or if there's anything else I > can do, please don't hesitate to ask. I'm happy to hack on it if > needs be. To answer my own question - I removed the if local checks, and have a functioning kernel again, back to whatever bug Andre's patch was correcting. :) -Dave From owner-freebsd-net@FreeBSD.ORG Wed Feb 9 20:48:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B231F16A4CE for ; Wed, 9 Feb 2005 20:48:20 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C704943D46 for ; Wed, 9 Feb 2005 20:48:19 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 24073 invoked from network); 9 Feb 2005 20:26:48 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 9 Feb 2005 20:26:48 -0000 Message-ID: <420A7712.45001B85@networx.ch> Date: Wed, 09 Feb 2005 21:48:18 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "David G. Andersen" References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 20:48:20 -0000 "David G. Andersen" wrote: > > On Wed, Feb 09, 2005 at 01:58:28PM -0500, David G. Andersen scribed: > > On Wed, Feb 09, 2005 at 06:33:11PM +0100, Andre Oppermann scribed: > > > > > > > > (Barring that, has anyone patched it in their own system, and if so, > > > > would you mind sending me the patch? I dislike running custom kernel > > > > code on these machines, but I'm happy to do so to get things working. :) > > > > > > Sorry, it'll be fixed in 5.4-RELEASE. I have made up my mind how to > > > fix it the most correct way. > > > > Should have CC:'d; sorry. > > > > Thanks much for the quick response, Andre. If there's a patch available, > > or any workaround you can think of, I'd love to know. Also, if you > > need a beta tester or a test machine, or if there's anything else I > > can do, please don't hesitate to ask. I'm happy to hack on it if > > needs be. > > To answer my own question - I removed the if local checks, and have > a functioning kernel again, back to whatever bug Andre's patch was > correcting. :) The problem is with locally generated packets which go the wrong way. This gets nasty when the box has to generate some path MTU discovery ICMP message and such. What I implemented is the correct thing to do and prevents foot-shooting. On the other hand it prevents people from forwarding local ports and such. Both sides of the coin have merit and there is no easy deciding between them or obvious right or wrong choice. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 06:02:31 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4BC716A4CE for ; Thu, 10 Feb 2005 06:02:31 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E0C443D31 for ; Thu, 10 Feb 2005 06:02:31 +0000 (GMT) (envelope-from cristjc@comcast.net) Received: from goku.cjclark.org (c-24-6-187-112.client.comcast.net[24.6.187.112]) by comcast.net (rwcrmhc11) with ESMTP id <2005021006023101300mb20de>; Thu, 10 Feb 2005 06:02:31 +0000 Received: from goku.cjclark.org (localhost. [127.0.0.1]) by goku.cjclark.org (8.12.11/8.12.8) with ESMTP id j1A62S4d078285 for ; Wed, 9 Feb 2005 22:02:29 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by goku.cjclark.org (8.12.11/8.12.11/Submit) id j1A62REa078284 for net@freebsd.org; Wed, 9 Feb 2005 22:02:27 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: goku.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Wed, 9 Feb 2005 22:02:26 -0800 From: "Crist J. Clark" To: net@freebsd.org Message-ID: <20050210060226.GA78120@goku.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-URL: http://people.freebsd.org/~cjc/ Subject: dhclient Not Finding Interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 06:02:31 -0000 Running 4.11-RELEASE. Getting some weirdness from dhclient(1). It keeps reporting "not found" for any interface. This is a notebook PC and at first I thought it was just the wi(4) card, but I tried a "regular" ep(4) NIC and got the same result. The interface is found by pccardd(8) just fine (after all it is what is starts dhclient(8)), and it sure is there in ifconfig(8). I can also manually configure the interfaces, and they work fine. I built a dhclient(8) with debug symbols and ran through it, but after a few hours of trying to understan the ISC code, thought I'd see if anyone here has ideas. It sure looks like the program gets the info on the interface just fine, but I'm not really sure why it is deciding it is not there. Dhclient(8) used to work fine on this PC and I have no idea why it changed. I built a new world and the problem persists. Anyone have any suggestions or things to look for? -- Crist J. Clark | cjclark@alum.mit.edu From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:07:22 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A89EC16A4CE; Thu, 10 Feb 2005 10:07:22 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3BDD43D45; Thu, 10 Feb 2005 10:07:21 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1AA7HVS090033 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 10 Feb 2005 13:07:17 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1AA7GQ5021005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Feb 2005 13:07:17 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1AA7FmP021003; Thu, 10 Feb 2005 13:07:15 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 10 Feb 2005 13:07:15 +0300 From: Gleb Smirnoff To: net@freebsd.org, current@freebsd.org Message-ID: <20050210100715.GB20344@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean Subject: ng_nat: proof of concept X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:07:22 -0000 [pls, remove current@freebsd.org from Cc, when replying] Collegues, I'm glad to announce new and VERY immature node - ng_nat. Actually it is just a proof of concept, not ready for any practical usage. ng_nat is a netgraph node, performing NAT. It works using libalias(3) ported to kernel, that's why it is going to have the same functionality as good old natd(8). But it will work in netgraph, in kernel. Node has two hooks - "in" and "out". Packets to be masqueraded should be sent to "out" hook, packets to be demasqueraded should be sent to "in" hook. Here a sample P.O.C. setup, which is working: kldload ng_ipfw ipfw add 30 netgraph 60 ip from 192.168.0.1 to ${some_host} out via ng1 ipfw add 31 netgraph 61 ip from ${some_host} to ${oif} in via ng1 kldload libalias kldload ng_nat ngctl mkpeer ipfw: nat 60 out ngctl name ipfw:60 nat ngctl connect ipfw: nat: 61 in ngctl msg nat: setaliasaddr ${oif} [on 192.168.0.1 host] ping ${some_host} And it works! :) Well, it is not yet time to call for testers, but patches are already shared. First kernel alias library needs to be built. cd /usr/src/lib/libalias fetch http://people.freebsd.org/~glebius/totest/ng_nat/libalias-kernel.diff patch < libalias-kernel.diff cd /usr/src/sys/modules mkdir libalias cd libalias fetch http://people.freebsd.org/~glebius/totest/ng_nat/Makefile make make install Then ng_nat module can be built: cd /usr/src/sys/netgraph fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.c fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.h cd /usr/src/sys/modules/netgraph mkdir nat cd nat fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat/Makefile make make install The snapshots at http://people.freebsd.org/~glebius/totest/ng_nat are going to be updated several times per weeek. Comments are welcome. Especially I'd be glad for criticism and advices concerning of clean porting libalias to kernel. Make ifdefs and defines more nice, etc. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:19:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A557A16A4CF for ; Thu, 10 Feb 2005 10:19:36 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id A417943D4C for ; Thu, 10 Feb 2005 10:19:35 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1AAJX9j090287 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 10 Feb 2005 13:19:34 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1AAJXpw021120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Feb 2005 13:19:33 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1AAJWnl021119; Thu, 10 Feb 2005 13:19:32 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 10 Feb 2005 13:19:32 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20050210101932.GB21066@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , "David G. Andersen" , freebsd-net@freebsd.org References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> <420A7712.45001B85@networx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <420A7712.45001B85@networx.ch> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:19:36 -0000 On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: A> The problem is with locally generated packets which go the wrong way. A> This gets nasty when the box has to generate some path MTU discovery A> ICMP message and such. What I implemented is the correct thing to do A> and prevents foot-shooting. On the other hand it prevents people from A> forwarding local ports and such. Both sides of the coin have merit A> and there is no easy deciding between them or obvious right or wrong A> choice. If it will fix said PR but break forwarding of local ports, then this is not acceptable. In this case we will have another PRs in short period. All functionality in ipfw fwd must remain present. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:27:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09FDE16A4CF for ; Thu, 10 Feb 2005 10:27:36 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D125B43D1D for ; Thu, 10 Feb 2005 10:27:34 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 28249 invoked from network); 10 Feb 2005 10:05:57 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 10 Feb 2005 10:05:57 -0000 Message-ID: <420B3717.D03BA3EA@networx.ch> Date: Thu, 10 Feb 2005 11:27:35 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> <420A7712.45001B85@networx.ch> <20050210101932.GB21066@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:27:36 -0000 Gleb Smirnoff wrote: > > On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: > A> The problem is with locally generated packets which go the wrong way. > A> This gets nasty when the box has to generate some path MTU discovery > A> ICMP message and such. What I implemented is the correct thing to do > A> and prevents foot-shooting. On the other hand it prevents people from > A> forwarding local ports and such. Both sides of the coin have merit > A> and there is no easy deciding between them or obvious right or wrong > A> choice. > > If it will fix said PR but break forwarding of local ports, then this is > not acceptable. In this case we will have another PRs in short period. I didn't say that, did I? > All functionality in ipfw fwd must remain present. Yes, we get back there. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:35:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3754E16A4CE for ; Thu, 10 Feb 2005 10:35:43 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CB5843D53 for ; Thu, 10 Feb 2005 10:35:42 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1AAZe7U090610 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 10 Feb 2005 13:35:41 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1AAZeUF021262 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Feb 2005 13:35:40 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1AAZeId021261; Thu, 10 Feb 2005 13:35:40 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 10 Feb 2005 13:35:39 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20050210103539.GA21237@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , "David G. Andersen" , freebsd-net@freebsd.org References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> <420A7712.45001B85@networx.ch> <20050210101932.GB21066@cell.sick.ru> <420B3717.D03BA3EA@networx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <420B3717.D03BA3EA@networx.ch> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:35:43 -0000 On Thu, Feb 10, 2005 at 11:27:35AM +0100, Andre Oppermann wrote: A> > On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: A> > A> The problem is with locally generated packets which go the wrong way. A> > A> This gets nasty when the box has to generate some path MTU discovery A> > A> ICMP message and such. What I implemented is the correct thing to do A> > A> and prevents foot-shooting. On the other hand it prevents people from A> > A> forwarding local ports and such. Both sides of the coin have merit A> > A> and there is no easy deciding between them or obvious right or wrong A> > A> choice. A> > A> > If it will fix said PR but break forwarding of local ports, then this is A> > not acceptable. In this case we will have another PRs in short period. A> A> I didn't say that, did I? Pardon, I probably misunderstood "On the other hand it prevents people from forwarding local ports and such". What did you mean here? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:53:21 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7012D16A4CE for ; Thu, 10 Feb 2005 10:53:21 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9280643D4C for ; Thu, 10 Feb 2005 10:53:20 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 28466 invoked from network); 10 Feb 2005 10:31:43 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 10 Feb 2005 10:31:43 -0000 Message-ID: <420B3D21.BB695114@networx.ch> Date: Thu, 10 Feb 2005 11:53:21 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gleb Smirnoff References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> <420A7712.45001B85@networx.ch> <20050210101932.GB21066@cell.sick.ru> <420B3717.D03BA3EA@networx.ch> <20050210103539.GA21237@cell.sick.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:53:21 -0000 Gleb Smirnoff wrote: > > On Thu, Feb 10, 2005 at 11:27:35AM +0100, Andre Oppermann wrote: > A> > On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: > A> > A> The problem is with locally generated packets which go the wrong way. > A> > A> This gets nasty when the box has to generate some path MTU discovery > A> > A> ICMP message and such. What I implemented is the correct thing to do > A> > A> and prevents foot-shooting. On the other hand it prevents people from > A> > A> forwarding local ports and such. Both sides of the coin have merit > A> > A> and there is no easy deciding between them or obvious right or wrong > A> > A> choice. > A> > > A> > If it will fix said PR but break forwarding of local ports, then this is > A> > not acceptable. In this case we will have another PRs in short period. > A> > A> I didn't say that, did I? > > Pardon, I probably misunderstood "On the other hand it prevents people from > forwarding local ports and such". > What did you mean here? The code that is currently in the tree. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 11:34:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17EB416A4CE for ; Thu, 10 Feb 2005 11:34:20 +0000 (GMT) Received: from phantom.cris.net (phantom.cris.net [212.110.130.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9754343D2D for ; Thu, 10 Feb 2005 11:34:18 +0000 (GMT) (envelope-from ml@FreeBSD.org.ua) Received: from phantom.cris.net (ml@localhost [127.0.0.1]) by phantom.cris.net (8.12.10/8.12.10) with ESMTP id j1ABc2r8073357; Thu, 10 Feb 2005 13:38:02 +0200 (EET) (envelope-from ml@FreeBSD.org.ua) Received: (from ml@localhost) by phantom.cris.net (8.12.10/8.12.10/Submit) id j1ABbulW073356; Thu, 10 Feb 2005 13:37:56 +0200 (EET) (envelope-from ml) Date: Thu, 10 Feb 2005 13:37:56 +0200 From: Alexey Zelkin To: Julian Elischer Message-ID: <20050210113756.GA73291@phantom.cris.net> References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> <4208163A.8010607@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4208163A.8010607@elischer.org> X-Operating-System: FreeBSD 4.9-STABLE i386 User-Agent: Mutt/1.5.5.1i cc: Max Laier cc: CHOI Junho cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 11:34:20 -0000 hi, On Mon, Feb 07, 2005 at 05:30:34PM -0800, Julian Elischer wrote: > > Max Laier wrote: > > >On Monday 07 February 2005 10:20, CHOI Junho wrote: > > > > > >>Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux > >>of linuxI searched several times but failed. > >> > >> > > > >No there is not. In my humble opinion it's a *really* bad idea to > >implement something that vulnarable to external attacks and buffer > >overflows inside the kernel. The often claimed performance benefit can as > >easily be achieved with accept filters (see esp. accf_http(9)) and > >kqueue(9). There is really no need to put this into the kernel. Two years ago I did some initial work (more proof of concept, than something for real use) in order to learn netgraph, but realworld issues forced me to switch to other areas. Actually all basic stuff was done, but it was very poor on performance and parallelism. > actually there is.. > it was written by ummm > umm > jpd I think.. (unless it was imp) > > but it is not released. Actually, as John said, it was not pure kernel server able to handle real traffic. It was something like stress testing helper tool. From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 11:36:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2124A16A4CE for ; Thu, 10 Feb 2005 11:36:07 +0000 (GMT) Received: from phantom.cris.net (phantom.cris.net [212.110.130.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FE7E43D1D for ; Thu, 10 Feb 2005 11:36:05 +0000 (GMT) (envelope-from ml@FreeBSD.org.ua) Received: from phantom.cris.net (ml@localhost [127.0.0.1]) by phantom.cris.net (8.12.10/8.12.10) with ESMTP id j1ABe6r8073400; Thu, 10 Feb 2005 13:40:06 +0200 (EET) (envelope-from ml@FreeBSD.org.ua) Received: (from ml@localhost) by phantom.cris.net (8.12.10/8.12.10/Submit) id j1ABe6AM073399; Thu, 10 Feb 2005 13:40:06 +0200 (EET) (envelope-from ml) Date: Thu, 10 Feb 2005 13:40:06 +0200 From: Alexey Zelkin To: Max Laier Message-ID: <20050210114006.GB73291@phantom.cris.net> References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200502071319.57331.max@love2party.net> X-Operating-System: FreeBSD 4.9-STABLE i386 User-Agent: Mutt/1.5.5.1i cc: freebsd-net@freebsd.org cc: CHOI Junho Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 11:36:07 -0000 On Mon, Feb 07, 2005 at 01:19:45PM +0100, Max Laier wrote: > On Monday 07 February 2005 10:20, CHOI Junho wrote: > > Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux > > of linuxI searched several times but failed. > > No there is not. In my humble opinion it's a *really* bad idea to implement > something that vulnarable to external attacks and buffer overflows inside the > kernel. The often claimed performance benefit can as easily be achieved with > accept filters (see esp. accf_http(9)) and kqueue(9). There is really no > need to put this into the kernel. Why not ? Having small and reliable kernel http server able to handle static content only and limited functionality, would be useful in many cases. From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 12:19:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E037916A4CE for ; Thu, 10 Feb 2005 12:19:53 +0000 (GMT) Received: from web25005.mail.ukl.yahoo.com (web25005.mail.ukl.yahoo.com [217.12.10.41]) by mx1.FreeBSD.org (Postfix) with SMTP id 285BB43D5D for ; Thu, 10 Feb 2005 12:19:52 +0000 (GMT) (envelope-from kidjue@yahoo.co.uk) Received: (qmail 72892 invoked by uid 60001); 10 Feb 2005 12:19:52 -0000 Message-ID: <20050210121952.72890.qmail@web25005.mail.ukl.yahoo.com> Received: from [81.199.88.22] by web25005.mail.ukl.yahoo.com via HTTP; Thu, 10 Feb 2005 12:19:51 GMT Date: Thu, 10 Feb 2005 12:19:51 +0000 (GMT) From: Emma Jukie To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: net@freebsd.org Subject: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:19:54 -0000 Hi all, I have created a GUI with the help of Perl scripts and Apache as my web server and this is running off a FreeBSD 4.x platform. The GUI has several menus plus components but the problem is whenever I click on a menu say, 'Submit' after I have made some modifications, a web page comes up with the error, "Internal Server Error, please contact your Systems Administrator." To overcome this and view the page I want, I have to restart apache from command line. Yet at this point in time apache is actually running! My Apache and Perl versions are as below; apache+mod_ssl-1.3.33+2.8.22 mod_perl-1.29_1 Anyone got ideas on how I can go about this? Your quick responses will be highly appreciated. Thanks, Emma. ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 12:19:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EB6716A4CE for ; Thu, 10 Feb 2005 12:19:54 +0000 (GMT) Received: from web25005.mail.ukl.yahoo.com (web25005.mail.ukl.yahoo.com [217.12.10.41]) by mx1.FreeBSD.org (Postfix) with SMTP id A7A8043D60 for ; Thu, 10 Feb 2005 12:19:53 +0000 (GMT) (envelope-from kidjue@yahoo.co.uk) Received: (qmail 72892 invoked by uid 60001); 10 Feb 2005 12:19:52 -0000 Message-ID: <20050210121952.72890.qmail@web25005.mail.ukl.yahoo.com> Received: from [81.199.88.22] by web25005.mail.ukl.yahoo.com via HTTP; Thu, 10 Feb 2005 12:19:51 GMT Date: Thu, 10 Feb 2005 12:19:51 +0000 (GMT) From: Emma Jukie To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-net@freebsd.org cc: net@freebsd.org Subject: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:19:54 -0000 Hi all, I have created a GUI with the help of Perl scripts and Apache as my web server and this is running off a FreeBSD 4.x platform. The GUI has several menus plus components but the problem is whenever I click on a menu say, 'Submit' after I have made some modifications, a web page comes up with the error, "Internal Server Error, please contact your Systems Administrator." To overcome this and view the page I want, I have to restart apache from command line. Yet at this point in time apache is actually running! My Apache and Perl versions are as below; apache+mod_ssl-1.3.33+2.8.22 mod_perl-1.29_1 Anyone got ideas on how I can go about this? Your quick responses will be highly appreciated. Thanks, Emma. ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 12:24:47 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6316A16A4CE; Thu, 10 Feb 2005 12:24:47 +0000 (GMT) Received: from f27.mail.ru (f27.mail.ru [194.67.57.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1192543D53; Thu, 10 Feb 2005 12:24:47 +0000 (GMT) (envelope-from _pppp@mail.ru) Received: from mail by f27.mail.ru with local id 1CzDNF-00055w-00; Thu, 10 Feb 2005 15:24:45 +0300 Received: from [81.200.13.122] by win.mail.ru with HTTP; Thu, 10 Feb 2005 15:24:45 +0300 From: dima <_pppp@mail.ru> To: Emma Jukie Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [81.200.13.122] Date: Thu, 10 Feb 2005 15:24:45 +0300 In-Reply-To: <20050210121952.72890.qmail@web25005.mail.ukl.yahoo.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dima <_pppp@mail.ru> List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:24:47 -0000 > I have created a GUI with the help of Perl scripts and > Apache as my web server and this is running off a > FreeBSD 4.x platform. The GUI has several menus plus > components but the problem is whenever I click on a > menu say, 'Submit' after I have made some > modifications, a web page comes up with the error, > "Internal Server Error, please contact your Systems > Administrator." To overcome this and view the page I > want, I have to restart apache from command line. Yet > at this point in time apache is actually running! > > My Apache and Perl versions are as below; > apache+mod_ssl-1.3.33+2.8.22 > mod_perl-1.29_1 > > Anyone got ideas on how I can go about this? Your > quick responses will be highly appreciated. This must be an error in your perl scripts. What do you actually see in apache error log? > > Thanks, > Emma. From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 12:35:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BB1416A4CF for ; Thu, 10 Feb 2005 12:35:49 +0000 (GMT) Received: from web25001.mail.ukl.yahoo.com (web25001.mail.ukl.yahoo.com [217.12.10.37]) by mx1.FreeBSD.org (Postfix) with SMTP id 7BCC043D54 for ; Thu, 10 Feb 2005 12:35:48 +0000 (GMT) (envelope-from kidjue@yahoo.co.uk) Received: (qmail 37294 invoked by uid 60001); 10 Feb 2005 12:35:47 -0000 Message-ID: <20050210123547.37292.qmail@web25001.mail.ukl.yahoo.com> Received: from [81.199.88.22] by web25001.mail.ukl.yahoo.com via HTTP; Thu, 10 Feb 2005 12:35:47 GMT Date: Thu, 10 Feb 2005 12:35:47 +0000 (GMT) From: Emma Jukie To: rwd@res.lt In-Reply-To: <1108038158.10213.35.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: _pppp@mail.ru cc: freebsd-net@freebsd.org cc: freebsd-isp@freebsd.org Subject: Re: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:35:49 -0000 My apache error logs displays this: test# tail -f /var/log/httpd-error.log [Wed Feb 9 16:49:42 2005] [notice] Accept mutex: flock (Default: flock) [Wed Feb 9 17:55:11 2005] [notice] caught SIGTERM, shutting down [Thu Feb 10 13:15:23 2005] [notice] Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22 OpenSSL/0.9.7d configured -- resuming normal operations [Thu Feb 10 13:15:23 2005] [notice] Accept mutex: flock (Default: flock) [Thu Feb 10 14:22:02 2005] [notice] SIGHUP received. Attempting to restart [Thu Feb 10 14:22:03 2005] [notice] Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22 OpenSSL/0.9.7d configured -- resuming normal operations [Thu Feb 10 14:22:03 2005] [notice] Accept mutex: flock (Default: flock) [Thu Feb 10 14:43:04 2005] [notice] SIGHUP received. Attempting to restart [Thu Feb 10 14:43:06 2005] [notice] Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22 OpenSSL/0.9.7d configured -- resuming normal operations [Thu Feb 10 14:43:06 2005] [notice] Accept mutex: flock (Default: flock) Does this give any indication whatsoever? Rgds, Emma. --- Artþras Lapienì wrote: > On Thu, 2005-02-10 at 12:19 +0000, Emma Jukie wrote: > > Hi all, > > > > I have created a GUI with the help of Perl scripts > and > > Apache as my web server and this is running off a > > FreeBSD 4.x platform. The GUI has several menus > plus > > components but the problem is whenever I click on > a > > menu say, 'Submit' after I have made some > > modifications, a web page comes up with the error, > > "Internal Server Error, please contact your > Systems > > Administrator." To overcome this and view the page > I > > want, I have to restart apache from command line. > Yet > > at this point in time apache is actually running! > > > > My Apache and Perl versions are as below; > > apache+mod_ssl-1.3.33+2.8.22 > > mod_perl-1.29_1 > > > > Anyone got ideas on how I can go about this? Your > > quick responses will be highly appreciated. > see apache error logs, ussaly > /var/log/httpd-error.log ;-) > > -- > ArtÅ«ras > > ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 12:39:53 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6144A16A4CE; Thu, 10 Feb 2005 12:39:53 +0000 (GMT) Received: from mx.res.lt (mx.res.lt [84.32.72.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13D8543D1D; Thu, 10 Feb 2005 12:39:53 +0000 (GMT) (envelope-from rwd@res.lt) Received: from rwd (rwd.unix.lt [84.32.72.90]) by mx.res.lt (Postfix) with ESMTP id 9CB322E013; Thu, 10 Feb 2005 14:34:02 +0200 (EET) From: =?iso-8859-4?Q?Art=FEras_Lapien=EC?= To: Emma Jukie In-Reply-To: <20050210123547.37292.qmail@web25001.mail.ukl.yahoo.com> References: <20050210123547.37292.qmail@web25001.mail.ukl.yahoo.com> Content-Type: text/plain; charset=UTF-8 Organization: Radijo =?iso-8859-4?Q?Elektronin=ECs?= Sistemos Date: Thu, 10 Feb 2005 14:39:46 +0200 Message-Id: <1108039186.10213.38.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 Content-Transfer-Encoding: 8bit X-RES-MailScanner-Information: Please contact the ISP for more information X-RES-MailScanner: Found to be clean X-MailScanner-From: rwd@res.lt cc: _pppp@mail.ru cc: freebsd-net@freebsd.org cc: freebsd-isp@freebsd.org Subject: Re: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rwd@res.lt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 12:39:53 -0000 that virtualhost error log On Thu, 2005-02-10 at 12:35 +0000, Emma Jukie wrote: > My apache error logs displays this: -- ArtÅ«ras LapienÄ— UAB "Radijo ElektroninÄ—s Sistemos" interneto administratorius el. paÅ¡tas: rwd@res.lt mob. nr: +37065092829 From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 13:53:17 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CD8F16A4D3 for ; Thu, 10 Feb 2005 13:53:17 +0000 (GMT) Received: from web25008.mail.ukl.yahoo.com (web25008.mail.ukl.yahoo.com [217.12.10.44]) by mx1.FreeBSD.org (Postfix) with SMTP id 10A0743D53 for ; Thu, 10 Feb 2005 13:53:16 +0000 (GMT) (envelope-from kidjue@yahoo.co.uk) Received: (qmail 37263 invoked by uid 60001); 10 Feb 2005 13:53:15 -0000 Message-ID: <20050210135315.37261.qmail@web25008.mail.ukl.yahoo.com> Received: from [81.199.88.22] by web25008.mail.ukl.yahoo.com via HTTP; Thu, 10 Feb 2005 13:53:14 GMT Date: Thu, 10 Feb 2005 13:53:14 +0000 (GMT) From: Emma Jukie To: rwd@res.lt In-Reply-To: <1108039186.10213.38.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 13:53:17 -0000 What do you mean when you write, "that virtualhost error log?" --- Artþras Lapienì wrote: > that virtualhost error log > > On Thu, 2005-02-10 at 12:35 +0000, Emma Jukie wrote: > > My apache error logs displays this: > > -- > ArtÅ«ras LapienÄ— > UAB "Radijo ElektroninÄ—s Sistemos" > interneto administratorius > el. paÅ¡tas: rwd@res.lt > mob. nr: +37065092829 > > ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 14:31:06 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2C8B16A4CE for ; Thu, 10 Feb 2005 14:31:06 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8202C43D1F for ; Thu, 10 Feb 2005 14:31:04 +0000 (GMT) (envelope-from ethan.giordano@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so118705wra for ; Thu, 10 Feb 2005 06:31:03 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=Zyjwe2+mwpToY/4i7M+5jsdgIkis2QkZh9tIP0pfYSZI2tXPN3W/95MRX087+E/7QHWfNDVez2h9skNG3i9r+BlBKlxTvXkskATHErZPYcumuxzCS+jYPTS7iSXC7yFrpzh5D7eeCDjnPTvrGPz7Ad0qyRhEci6WGMme9FXhiJs= Received: by 10.54.31.8 with SMTP id e8mr103979wre; Thu, 10 Feb 2005 06:31:03 -0800 (PST) Received: by 10.54.23.61 with HTTP; Thu, 10 Feb 2005 06:31:03 -0800 (PST) Message-ID: <22d7585c050210063173171560@mail.gmail.com> Date: Thu, 10 Feb 2005 09:31:03 -0500 From: Ethan Giordano To: freebsd-net@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Well documented source... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Ethan Giordano List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 14:31:06 -0000 Is there a version of the newest TCP code that is well documented? In particular interest is TCP_input.c as I am attempted to implement Multiple Fast Retransmits so as to do some experiments to evaluate performance gain. ~Ethan Giordano University of Delaware From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 15:01:24 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4786116A4CE for ; Thu, 10 Feb 2005 15:01:24 +0000 (GMT) Received: from ns.lucabert.de (ns.lucabert.de [62.75.208.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64B5343D31 for ; Thu, 10 Feb 2005 15:01:23 +0000 (GMT) (envelope-from lucabert@lucabert.de) Received: from localhost.localdomain (ns.lucabert.de [62.75.208.62]) by ns.lucabert.de (Postfix) with SMTP id CF0C43B8471A; Thu, 10 Feb 2005 16:01:21 +0100 (CET) Cc: Content-type: multipart/mixed; boundary="Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD" X-mailer: WebMail 1.0 by Luca Bertoncello 2001-2002 (lucabert@lucabert.com) Date: Thu, 10 Feb 2005 16:01 +0100 Mime-version: 1.0 To: freebsd-net@freebsd.org From: Luca Bertoncello Message-Id: <20050210150121.CF0C43B8471A@ns.lucabert.de> X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Bonding module for FailOver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 15:01:24 -0000 --Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi! I wrote to Archie Cobbs, because I tought he developed ng_fec. He told me to send my source to you too... Here is it, with the E-Mail I wrote to Archie. Greetings Luca Bertoncello (lucabert@lucabert.de) ------------------------------------------- Hi! I had the problem to create an interface bonding as FailOver system for the servers in my firm. I tried your ng_fec module, and it works very good, but unfortunately is not for a FailOver scenario, but for a EtherChannel. The problem is that, if we use this module, we will have problem with the switches (every network card is connected to a separate switch), because they will one at a time both consider themselves responsible for the MAC-Adress of the FEC-Device, as the FEC module always uses all attached network devices to send and receive packets (using a hash algorithm), so the route that packets take through our ethernet switching network constantly changes. This is not acceptable for us. We need just a FailOver scenario, aka: all traffic over one network card and, if it fails, over the other(s). I searched for a module that already does that, but I didn't find anything. I just replaced your cicles to find the used card for this packet so that I always use the first card and, if it fails, the others. It works very good and it solves our problem. I send you my source code (OK, OK! It's YOUR source code, with my patches), maybe you can modify your module to have a parameter to switch to a FailOver scenario. Or you can use this source... I think, it's a useful module for an Internet Provider... --Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD-- From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 19:04:58 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D46E916A4CE for ; Thu, 10 Feb 2005 19:04:58 +0000 (GMT) Received: from bsdhosting.net (bsdhosting.net [65.39.221.113]) by mx1.FreeBSD.org (Postfix) with SMTP id 48D4E43D46 for ; Thu, 10 Feb 2005 19:04:58 +0000 (GMT) (envelope-from jhopper@bsdhosting.net) Received: (qmail 10498 invoked from network); 10 Feb 2005 19:04:24 -0000 Received: from unknown (HELO localhost.localdomain) (jhopper@bsdhosting.net@65.39.221.113) by bsdhosting.net with SMTP; 10 Feb 2005 19:04:24 -0000 From: Justin Hopper To: freebsd-net@freebsd.org In-Reply-To: <20050210135315.37261.qmail@web25008.mail.ukl.yahoo.com> References: <20050210135315.37261.qmail@web25008.mail.ukl.yahoo.com> Content-Type: text/plain Date: Thu, 10 Feb 2005 11:04:44 -0800 Message-Id: <1108062284.685.3002.camel@work.gusalmighty.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit cc: Emma Jukie Subject: Re: Possible Problem With Apache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 19:04:58 -0000 On Thu, 2005-02-10 at 13:53 +0000, Emma Jukie wrote: > What do you mean when you write, "that virtualhost > error log?" He means the error log file for whichever vhost you are running the perl script under. For example, if test.com is configured as a vhost in the Apache configuration, then test.com can have its own error log file. The error that you are looking for would be in that error log. If you are not sure where this log file is, check your Apache configuration file and just search for "ErrorLog" (case-sensitive). There should be more than one of these directives. The directive pointing to "/var/log/httpd-error.log" will be for the default config, and there should be others for each vhost (though not necessarily). Hopefully that helps you on your quest for the error message. The error that you gave could be just about any error with the perl script. Check that the script has the execute bit set for the user that Apache runs under (chmod +x ) -- Justin Hopper UNIX Systems Engineer BSDHosting.net Hosting Division of Digital Oasys Inc. http://www.bsdhosting.net From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 21:15:42 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB98B16A4CF for ; Thu, 10 Feb 2005 21:15:42 +0000 (GMT) Received: from ghoul.scms.waikato.ac.nz (mail.scms.waikato.ac.nz [130.217.241.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 748B143D48 for ; Thu, 10 Feb 2005 21:15:39 +0000 (GMT) (envelope-from sam@meta.net.nz) Received: from mirage.cs.waikato.ac.nz ([130.217.250.103]) by ghoul.scms.waikato.ac.nz with esmtp (Exim 4.43) id 1CzLey-0002ay-Lx for freebsd-net@freebsd.org; Fri, 11 Feb 2005 10:15:37 +1300 Received-SPF: softfail (ghoul: transitioning domain of meta.net.nz does not designate 130.217.250.103 as permitted sender) client-ip=130.217.250.103; envelope-from=sam@meta.net.nz; helo=[130.217.250.103]; Message-ID: <420BCEF7.1080603@meta.net.nz> Date: Fri, 11 Feb 2005 10:15:35 +1300 From: Sam Jansen User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041222 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: SACK problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 21:15:42 -0000 During some testing on an isolated network we have, I found some interesting behaviour from a FreeBSD 5.3 host using TCP SACK. I've detailed this problem fully at: http://www.wand.net.nz/~stj2/nsc/emu_freebsd.html PCAP traces and some screenshots from tcptrace graphs can be found at the above link to show what is happening. It looks to me like SACK blocks are being incorrectly generated in this example. I can't think of any valid reason why a SACK block would SACK from below the current ACK value to above it (which is the problem here). Thoughts, anyone? Am I just wrong here and this is valid, expected behaviour? Cheers, -- Sam Jansen sam@wand.net.nz Wand Network Research Group http://www.wand.net.nz/~stj2 From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 21:28:54 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1656016A4CE for ; Thu, 10 Feb 2005 21:28:54 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id D014643D1F for ; Thu, 10 Feb 2005 21:28:53 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0CF125136F; Thu, 10 Feb 2005 13:28:53 -0800 (PST) Date: Thu, 10 Feb 2005 13:28:52 -0800 From: Kris Kennaway To: Sam Jansen Message-ID: <20050210212852.GA10195@xor.obsecurity.org> References: <420BCEF7.1080603@meta.net.nz> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <420BCEF7.1080603@meta.net.nz> User-Agent: Mutt/1.4.2.1i cc: freebsd-net@freebsd.org Subject: Re: SACK problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 21:28:54 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 11, 2005 at 10:15:35AM +1300, Sam Jansen wrote: > During some testing on an isolated network we have, I found some=20 > interesting behaviour from a FreeBSD 5.3 host using TCP SACK. >=20 > I've detailed this problem fully at: >=20 > http://www.wand.net.nz/~stj2/nsc/emu_freebsd.html >=20 > PCAP traces and some screenshots from tcptrace graphs can be found at=20 > the above link to show what is happening. It looks to me like SACK=20 > blocks are being incorrectly generated in this example. I can't think of= =20 > any valid reason why a SACK block would SACK from below the current ACK= =20 > value to above it (which is the problem here). >=20 > Thoughts, anyone? Am I just wrong here and this is valid, expected=20 > behaviour? A fix to the SACK code was committed yesterday, which may or may not be relevant. Kris --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCC9IUWry0BWjoQKURAnpyAJ9Z8R6ydGjhdKCqpt+zPuCC/0K9qACePnEX D/fZFvFAiL1m8Af2l+pMJjg= =kW8D -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 21:30:58 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E38116A4CE for ; Thu, 10 Feb 2005 21:30:58 +0000 (GMT) Received: from web80606.mail.yahoo.com (web80606.mail.yahoo.com [66.218.79.95]) by mx1.FreeBSD.org (Postfix) with SMTP id F245243D41 for ; Thu, 10 Feb 2005 21:30:57 +0000 (GMT) (envelope-from mohan_srinivasan@yahoo.com) Message-ID: <20050210213057.96467.qmail@web80606.mail.yahoo.com> Received: from [64.172.45.63] by web80606.mail.yahoo.com via HTTP; Thu, 10 Feb 2005 13:30:57 PST Date: Thu, 10 Feb 2005 13:30:57 -0800 (PST) From: Mohan Srinivasan To: Kris Kennaway , Sam Jansen In-Reply-To: <20050210212852.GA10195@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-net@freebsd.org Subject: Re: SACK problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 21:30:58 -0000 No. That fix is not relevant. I'll take a look at this in a bit (after I fix the other SACK issue reported a couple of days ago). mohan --- Kris Kennaway wrote: > On Fri, Feb 11, 2005 at 10:15:35AM +1300, Sam Jansen wrote: > > During some testing on an isolated network we have, I found some > > interesting behaviour from a FreeBSD 5.3 host using TCP SACK. > > > > I've detailed this problem fully at: > > > > http://www.wand.net.nz/~stj2/nsc/emu_freebsd.html > > > > PCAP traces and some screenshots from tcptrace graphs can be found at > > the above link to show what is happening. It looks to me like SACK > > blocks are being incorrectly generated in this example. I can't think of > > any valid reason why a SACK block would SACK from below the current ACK > > value to above it (which is the problem here). > > > > Thoughts, anyone? Am I just wrong here and this is valid, expected > > behaviour? > > A fix to the SACK code was committed yesterday, which may or may not > be relevant. > > Kris > > ATTACHMENT part 2 application/pgp-signature From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 23:05:57 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B99B16A4CE for ; Thu, 10 Feb 2005 23:05:57 +0000 (GMT) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F41A43D45 for ; Thu, 10 Feb 2005 23:05:56 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from [193.64.42.134] (h86.vuokselantie10.fi [193.64.42.134]) by silver.he.iki.fi (8.13.1/8.11.4) with ESMTP id j1AN5oJG058788; Fri, 11 Feb 2005 01:05:50 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <420BE8CF.2070104@he.iki.fi> Date: Fri, 11 Feb 2005 01:05:51 +0200 From: Petri Helenius User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alexey Zelkin References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> <20050210114006.GB73291@phantom.cris.net> In-Reply-To: <20050210114006.GB73291@phantom.cris.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Max Laier cc: CHOI Junho cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 23:05:57 -0000 Alexey Zelkin wrote: > > >Why not ? Having small and reliable kernel http server able to handle static >content only and limited functionality, would be useful in many cases. > > Why? Pete From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 23:55:01 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 389A316A4CE for ; Thu, 10 Feb 2005 23:55:01 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C25543D39 for ; Thu, 10 Feb 2005 23:55:01 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 179247A403; Thu, 10 Feb 2005 15:55:01 -0800 (PST) Message-ID: <420BF454.3040108@elischer.org> Date: Thu, 10 Feb 2005 15:55:00 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Petri Helenius References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> <20050210114006.GB73291@phantom.cris.net> <420BE8CF.2070104@he.iki.fi> In-Reply-To: <420BE8CF.2070104@he.iki.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Max Laier cc: Alexey Zelkin cc: CHOI Junho cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 23:55:01 -0000 Petri Helenius wrote: > Alexey Zelkin wrote: > >> >> >> Why not ? Having small and reliable kernel http server able to >> handle static >> content only and limited functionality, would be useful in many cases. >> >> > Why? able to run without a filesystem, while in single user mode? > > > Pete > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 06:48:47 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40CFC16A4CE for ; Fri, 11 Feb 2005 06:48:47 +0000 (GMT) Received: from silver.he.iki.fi (helenius.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F9FD43D39 for ; Fri, 11 Feb 2005 06:48:46 +0000 (GMT) (envelope-from pete@he.iki.fi) Received: from [193.64.42.134] (h86.vuokselantie10.fi [193.64.42.134]) by silver.he.iki.fi (8.13.1/8.11.4) with ESMTP id j1B6mbsE063128; Fri, 11 Feb 2005 08:48:38 +0200 (EET) (envelope-from pete@he.iki.fi) Message-ID: <420C5547.9040800@he.iki.fi> Date: Fri, 11 Feb 2005 08:48:39 +0200 From: Petri Helenius User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Julian Elischer References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> <20050210114006.GB73291@phantom.cris.net> <420BE8CF.2070104@he.iki.fi> <420BF454.3040108@elischer.org> In-Reply-To: <420BF454.3040108@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Max Laier cc: Alexey Zelkin cc: CHOI Junho cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 06:48:47 -0000 Julian Elischer wrote: > > > Petri Helenius wrote: > >> Alexey Zelkin wrote: >> >>> >>> >>> Why not ? Having small and reliable kernel http server able to >>> handle static >>> content only and limited functionality, would be useful in many cases. >>> >>> >> Why? > > > able to run without a filesystem, while in single user mode? > Didn't think about the web-enabled bootloader and kernel parameter tweaking. I stand corrected. Pete From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 10:43:57 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C809316A4CE for ; Fri, 11 Feb 2005 10:43:57 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07E4643D48 for ; Fri, 11 Feb 2005 10:43:57 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1BAhsXw014222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 11 Feb 2005 13:43:56 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1BAhrCx031378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 11 Feb 2005 13:43:53 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1BAhq3W031377; Fri, 11 Feb 2005 13:43:52 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Fri, 11 Feb 2005 13:43:52 +0300 From: Gleb Smirnoff To: CHOI Junho Message-ID: <20050211104352.GB31252@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , CHOI Junho , freebsd-net@freebsd.org References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> <200502071319.57331.max@love2party.net> <20050208.224227.27773191.cjh@kr.FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20050208.224227.27773191.cjh@kr.FreeBSD.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 10:43:57 -0000 Junho, On Tue, Feb 08, 2005 at 10:42:27PM +0900, CHOI Junho wrote: C> I understand what you mean. If so, why serious network server like nfs C> is still in kernel? Because it is filesystem. Do you want kernel httpd or fast httpd for static content? In case of the latter use nginx from ports, in case of the former install Linux. C> Of course it is a fat job to implement http/ftp in kernel, but it can C> be a good experiment... The experiment is already done. It is called tux. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 10:47:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 915FE16A4CE for ; Fri, 11 Feb 2005 10:47:03 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA78843D31 for ; Fri, 11 Feb 2005 10:47:02 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1BAl0dB014263 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 11 Feb 2005 13:47:01 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1BAkxXm031412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 11 Feb 2005 13:47:00 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1BAksFJ031411; Fri, 11 Feb 2005 13:46:54 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Fri, 11 Feb 2005 13:46:54 +0300 From: Gleb Smirnoff To: Guy Helmer Message-ID: <20050211104654.GC31252@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Guy Helmer , freebsd-net@freebsd.org References: <4203AAE3.4090906@palisadesys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4203AAE3.4090906@palisadesys.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org Subject: Re: Netgraph performance question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 10:47:03 -0000 On Fri, Feb 04, 2005 at 11:03:31AM -0600, Guy Helmer wrote: G> I'm wondering if bumping the recvspace should help, if changing the G> ngsocket hook to queue incoming data should help, if it would be best to G> replace ngsocket with a memory-mapped interface, or if anyone has any G> other ideas that would help performance. You can try to use ng_device as gate between netgraph and userland. May be, it would be better than ng_socket. But it may be not. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 15:23:16 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B686B16A4CE; Fri, 11 Feb 2005 15:23:16 +0000 (GMT) Received: from daemon.kr.FreeBSD.org (www.kr.freebsd.org [211.115.73.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2AF043D39; Fri, 11 Feb 2005 15:23:15 +0000 (GMT) (envelope-from cjh@kr.FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id 8F1741A741; Sat, 12 Feb 2005 00:23:06 +0900 (KST) Received: from daemon.kr.FreeBSD.org ([127.0.0.1]) by localhost (daemon.kr.freebsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92281-07; Sat, 12 Feb 2005 00:22:44 +0900 (KST) Received: from gradius.saturnsoft.net (daemon [211.115.73.199]) by daemon.kr.FreeBSD.org (Postfix) with ESMTP id 02BB31A73B; Sat, 12 Feb 2005 00:22:39 +0900 (KST) Received: from localhost (localhost [127.0.0.1])j1BFMhOo001749; Sat, 12 Feb 2005 00:22:44 +0900 (KST) (envelope-from cjh@kr.FreeBSD.org) Date: Sat, 12 Feb 2005 00:22:43 +0900 (KST) Message-Id: <20050212.002243.41722999.cjh@kr.FreeBSD.org> To: glebius@freebsd.org From: CHOI Junho In-Reply-To: <20050211104352.GB31252@cell.sick.ru> References: <200502071319.57331.max@love2party.net> <20050208.224227.27773191.cjh@kr.FreeBSD.org> <20050211104352.GB31252@cell.sick.ru> Organization: Korea FreeBSD Users Group X-URL: http://www.kr.FreeBSD.org/~cjh X-Mailer: Mew version 4.2rc1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at kr.FreeBSD.org cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 15:23:16 -0000 From: Gleb Smirnoff Subject: Re: kernel mode httpd/ftpd for FreeBSD? Date: Fri, 11 Feb 2005 13:43:52 +0300 > Junho, > > On Tue, Feb 08, 2005 at 10:42:27PM +0900, CHOI Junho wrote: > C> I understand what you mean. If so, why serious network server like nfs > C> is still in kernel? > > Because it is filesystem. Do you want kernel httpd or fast httpd for nfs client is filesystem, yes. but nfs server is not. > static content? In case of the latter use nginx from ports, in case of > the former install Linux. I don't want to install Linux just for tux, and I know at least thttpd(or other kqueue-using equivalents) works very well on FreeBSD. I just want to know the possibility and usefulness compared to many userland ones. And for nfs, old usermode nfsd of linux works nicely on FreeBSD. If we improve usermode nfsd for stability and performance, why don't we compare it with kernel-level nfsd implementation? > C> Of course it is a fat job to implement http/ftp in kernel, but it can > C> be a good experiment... > > The experiment is already done. It is called tux. Again, I know what is tux and why there is no such experiment on FreeBSD. Some people explained why, and I agree with them. -- CHOI Junho cjh@[kr.]FreeBSD.org Key fingerprint = 1369 7374 A45F F41A F3C0 07E3 4A01 C020 E602 60F5 From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 16:02:56 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2812716A4CE for ; Fri, 11 Feb 2005 16:02:56 +0000 (GMT) Received: from ms-dienst.rz.rwth-aachen.de (ms-1.rz.RWTH-Aachen.DE [134.130.3.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68F2C43D2F for ; Fri, 11 Feb 2005 16:02:55 +0000 (GMT) (envelope-from chris@unixpages.org) Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003)) with ESMTP id <0IBR008VO8KTKH@ms-dienst.rz.rwth-aachen.de> for freebsd-net@freebsd.org; Fri, 11 Feb 2005 17:02:54 +0100 (MET) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Fri, 11 Feb 2005 17:02:53 +0100 (MET) Received: from haakonia.hitnet.rwth-aachen.de (haakonia.hitnet.RWTH-Aachen.DE [137.226.181.92])j1BG2qo2017493; Fri, 11 Feb 2005 17:02:52 +0100 (MET) Received: from gondor.middleearth (gondor.middleearth [192.168.1.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))(Postfix) with ESMTP id 4F2392842E; Fri, 11 Feb 2005 17:02:47 +0100 (CET) Received: by gondor.middleearth (Postfix, from userid 1001) id 38EED2285B; Fri, 11 Feb 2005 17:02:46 +0100 (CET) Date: Fri, 11 Feb 2005 17:02:45 +0100 From: Christian Brueffer In-reply-to: <20050207.182021.68162131.cjh@kr.FreeBSD.org> To: CHOI Junho Message-id: <20050211160245.GG77038@unixpages.org> MIME-version: 1.0 Content-type: multipart/signed; boundary=EDJsL2R9iCFAt7IV; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 6.0-CURRENT X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <20050207.182021.68162131.cjh@kr.FreeBSD.org> cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 16:02:56 -0000 --EDJsL2R9iCFAt7IV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 07, 2005 at 06:20:21PM +0900, CHOI Junho wrote: >=20 > Anyone knows about kernel-mode httpd/ftpd for FreeBSD? (just like tux > of linuxI searched several times but failed. >=20 Hiten Pandya played with that a while ago, the outcome is here: http://people.freebsd.org/~hmp/code/fritz.tgz Don't know how usable that is though (needs to be adapted for RELENG_5 or CURRENT for sure). - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --EDJsL2R9iCFAt7IV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCDNclbHYXjKDtmC0RApkdAJ9do0pMQnaJc7k4ud+qz/l1QpAUlACfd5Hr DgC2WsZHA1jm14FFCHKbNX8= =gQ0d -----END PGP SIGNATURE----- --EDJsL2R9iCFAt7IV-- From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 19:04:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7607216A4CE for ; Fri, 11 Feb 2005 19:04:03 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0798743D41 for ; Fri, 11 Feb 2005 19:04:03 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 3AF8D347116; Fri, 11 Feb 2005 20:09:18 +0100 (CET) Date: Fri, 11 Feb 2005 20:09:18 +0100 From: Pawel Malachowski To: freebsd-net@freebsd.org Message-ID: <20050211190918.GA39164@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2i Subject: arp -s auto fails for inet alias subnets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 19:04:03 -0000 Hello, ifconfig fxp0 inet 10.0.0.1/24 ifconfig fxp0 inet add 10.0.1.1/24 both arp -s 10.0.0.2 1:1:1:1:1:1 pub arp -s 10.0.1.2 1:1:1:1:1:1 pub work. however arp -s 10.0.0.2 auto pub works, but arp -s 10.0.1.2 auto pub fails with no interface found for 10.0.1.2. Tested with FreeBSD 4.10-STABLE, 5.3-RELEASE. -- Pawe³ Ma³achowski From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 19:56:38 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 939E616A4CE; Fri, 11 Feb 2005 19:56:38 +0000 (GMT) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5279743D1D; Fri, 11 Feb 2005 19:56:38 +0000 (GMT) (envelope-from qing.li@bluecoat.com) Received: from bcs-mail.bluecoat.com (bcs-mail.bluecoat.com [216.52.23.69]) by whisker.bluecoat.com (8.13.0/8.13.0) with ESMTP id j1BJublg015061; Fri, 11 Feb 2005 11:56:37 -0800 (PST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 11 Feb 2005 11:56:37 -0800 Message-ID: <00CDF9AA240E204FA6E923BD35BC64360879060E@bcs-mail.internal.cacheflow.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: known TCP vulnerability ?? Thread-Index: AcUQc8udbm9aSEDqQdmQxnN2E8WdTA== From: "Li, Qing" To: , X-Scanned-By: MIMEDefang 2.49 on 216.52.23.28 Subject: known TCP vulnerability ?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 19:56:38 -0000 http://www.kb.cert.org/vuls/id/464113 =09 http://www.linuxsecurity.com/content/view/104980/98/ Ran the packet tests against FreeBSD 5.3 and 6-CURRENT and both respond to the SYN+FIN packets with SYN+ACK. Should I file a PR if there isn't one already ?? -- Qing From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 20:19:19 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5813716A4CF for ; Fri, 11 Feb 2005 20:19:19 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BFCE43D39 for ; Fri, 11 Feb 2005 20:19:18 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 41977 invoked from network); 11 Feb 2005 19:57:24 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.54]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 11 Feb 2005 19:57:24 -0000 Message-ID: <420D1344.9DAC70D0@networx.ch> Date: Fri, 11 Feb 2005 21:19:16 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Li, Qing" References: <00CDF9AA240E204FA6E923BD35BC64360879060E@bcs-mail.internal.cacheflow.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: known TCP vulnerability ?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 20:19:19 -0000 "Li, Qing" wrote: > > http://www.kb.cert.org/vuls/id/464113 > > http://www.linuxsecurity.com/content/view/104980/98/ > > Ran the packet tests against FreeBSD 5.3 and 6-CURRENT and both > respond to the SYN+FIN packets with SYN+ACK. This is expected behaviour because of FreeBSD used to implement T/TCP according to RFC1644. I haven't removed this part from TCP because I have a better reincarnation of T/TCP without the previous shortcomings almost ready which uses this again. The CERT article describes how dumb firewalls with poor stateful inspection may get fooled by this and other flag combinations. All I can say is it's not our fault. The SYN+FIN combination is described in RFC1644 and if the firewall gets it wrong... Well, the real world sucks. > Should I file a PR if there isn't one already ?? No action required here. What you could check is whether our firewalls packages in stateful mode (ipfw, pf, ipfilter) can be fooled by this. I doubt it but if you can verify it, that would be great. -- Andre From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 21:14:46 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04E9D16A4CE; Fri, 11 Feb 2005 21:14:46 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7E3B43D2F; Fri, 11 Feb 2005 21:14:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id AA1147A403; Fri, 11 Feb 2005 13:14:45 -0800 (PST) Message-ID: <420D2045.4050209@elischer.org> Date: Fri, 11 Feb 2005 13:14:45 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: CHOI Junho References: <200502071319.57331.max@love2party.net> <20050208.224227.27773191.cjh@kr.FreeBSD.org> <20050211104352.GB31252@cell.sick.ru> <20050212.002243.41722999.cjh@kr.FreeBSD.org> In-Reply-To: <20050212.002243.41722999.cjh@kr.FreeBSD.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: kernel mode httpd/ftpd for FreeBSD? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 21:14:46 -0000 CHOI Junho wrote: > >Again, I know what is tux and why there is no such experiment on >FreeBSD. > As I mentionned earlier. This is not totally true. An in-kernel httpd was implemented using the netgraph ksocket node to open a socket in the kernel. The httpd was I believe implemented as a netgraph module. It should be possible to re-do this work relatively simply, as all the required features were committed back into the standard netgraph ksocket node. From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 21:34:25 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE47516A4CE for ; Fri, 11 Feb 2005 21:34:24 +0000 (GMT) Received: from alicia.nttmcl.com (alicia.nttmcl.com [216.69.69.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D40943D41 for ; Fri, 11 Feb 2005 21:34:22 +0000 (GMT) (envelope-from kelly@nttmcl.com) Received: from alicia.nttmcl.com (localhost [127.0.0.1]) by alicia.nttmcl.com (8.12.11/8.12.11) with ESMTP id j1BLYLQe010670 for ; Fri, 11 Feb 2005 13:34:22 -0800 (PST) (envelope-from kelly@nttmcl.com) Received: from localhost (kelly@localhost)j1BLYLxD010667 for ; Fri, 11 Feb 2005 13:34:21 -0800 (PST) (envelope-from kelly@nttmcl.com) X-Authentication-Warning: alicia.nttmcl.com: kelly owned process doing -bs Date: Fri, 11 Feb 2005 13:34:21 -0800 (PST) From: Kelly Yancey To: freebsd-net@freebsd.org Message-ID: <20050211125850.B9541@alicia.nttmcl.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-182495345-1108157661=:9541" Subject: Patch to set TCP_NOPUSH on libfetch HTTP connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 21:34:25 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-182495345-1108157661=:9541 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed I recently noticed that libfetch often splits HTTP GET requests across multiple packets as a result of calling writev() for each line of the header. A simple request ends up on the wire as: 13:19:42.647461 216.69.71.45.1390 > 216.69.64.149.80: S 1287054177:1287054177(0) win 57344 (DF) 0x0000 4500 003c a6c1 4000 4006 5bad d845 472d E..<..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e361 0000 0000 .E@..n.PL..a.... 0x0020 a002 e000 49b1 0000 0204 05b4 0103 0300 ....I........... 0x0030 0101 080a 0538 adfa 0000 0000 .....8...... 13:19:42.653735 216.69.64.149.80 > 216.69.71.45.1390: S 2666070983:2666070983(0) ack 1287054178 win 17376 (DF) 0x0000 4500 003c 7647 4000 3c06 9027 d845 4095 E.. 216.69.64.149.80: . ack 1 win 57920 (DF) 0x0000 4500 0034 a6c2 4000 4006 5bb4 d845 472d E..4..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e362 9ee9 03c8 .E@..n.PL..b.... 0x0020 8010 e240 e662 0000 0101 080a 0538 adfb ...@.b.......8.. 0x0030 2c8c bd83 ,... 13:19:42.654342 216.69.71.45.1390 > 216.69.64.149.80: P 1:33(32) ack 1 win 57920 (DF) 0x0000 4500 0054 a6c3 4000 4006 5b93 d845 472d E..T..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e362 9ee9 03c8 .E@..n.PL..b.... 0x0020 8018 e240 e42b 0000 0101 080a 0538 adfb ...@.+.......8.. 0x0030 2c8c bd83 4745 5420 2f6e 6f6e 6578 6973 ,...GET./nonexis 0x0040 7465 6e74 2e68 746d 6c20 4854 5450 2f31 tent.html.HTTP/1 0x0050 2e31 0d0a .1.. 13:19:42.851075 216.69.64.149.80 > 216.69.71.45.1390: . ack 33 win 17376 (DF) 0x0000 4500 0034 640f 4000 3c06 a267 d845 4095 E..4d.@.<..g.E@. 0x0010 d845 472d 0050 056e 9ee9 03c8 4cb6 e382 .EG-.P.n....L... 0x0020 8010 43e0 84a3 0000 0101 080a 2c8c bd83 ..C.........,... 0x0030 0538 adfb .8.. 13:19:42.851127 216.69.71.45.1390 > 216.69.64.149.80: P 33:108(75) ack 1 win 57920 (DF) 0x0000 4500 007f a6c4 4000 4006 5b67 d845 472d E.....@.@.[g.EG- 0x0010 d845 4095 056e 0050 4cb6 e382 9ee9 03c8 .E@..n.PL....... 0x0020 8018 e240 51b2 0000 0101 080a 0538 ae0f ...@Q........8.. 0x0030 2c8c bd83 486f 7374 3a20 7777 772e 6e74 ,...Host:.www.nt 0x0040 746d 636c 2e63 6f6d 0d0a 5573 6572 2d41 tmcl.com..User-A 0x0050 6765 6e74 3a20 6665 7463 6820 6c69 6266 gent:.fetch.libf 0x0060 6574 6368 2f32 2e30 0d0a 436f 6e6e 6563 etch/2.0..Connec 0x0070 7469 6f6e 3a20 636c 6f73 650d 0a0d 0a tion:.close.... 13:19:42.857163 216.69.64.149.80 > 216.69.71.45.1390: F 514:514(0) ack 108 win 17376 (DF) 0x0000 4500 0034 323a 4000 3c06 d43c d845 4095 E..42:@.<..<.E@. 0x0010 d845 472d 0050 056e 9ee9 05c9 4cb6 e3cd .EG-.P.n....L... 0x0020 8011 43e0 8242 0000 0101 080a 2c8c bd83 ..C..B......,... 0x0030 0538 ae0f .8.. 13:19:42.857180 216.69.71.45.1390 > 216.69.64.149.80: . ack 1 win 57920 (DF) 0x0000 4500 0034 a6c5 4000 4006 5bb1 d845 472d E..4..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e3cd 9ee9 03c8 .E@..n.PL....... 0x0020 8010 e240 e5e3 0000 0101 080a 0538 ae0f ...@.........8.. 0x0030 2c8c bd83 ,... 13:19:42.859754 216.69.64.149.80 > 216.69.71.45.1390: P 1:514(513) ack 108 win 17376 (DF) [ snip file contents ] 13:19:42.859773 216.69.71.45.1390 > 216.69.64.149.80: . ack 515 win 57407 (DF) 0x0000 4500 0034 a6c6 4000 4006 5bb0 d845 472d E..4..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e3cd 9ee9 05ca .E@..n.PL....... 0x0020 8010 e03f e5e2 0000 0101 080a 0538 ae0f ...?.........8.. 0x0030 2c8c bd83 ,... 13:19:42.860070 216.69.71.45.1390 > 216.69.64.149.80: F 108:108(0) ack 515 win 57920 (DF) 0x0000 4500 0034 a6c7 4000 4006 5baf d845 472d E..4..@.@.[..EG- 0x0010 d845 4095 056e 0050 4cb6 e3cd 9ee9 05ca .E@..n.PL....... 0x0020 8011 e240 e3e0 0000 0101 080a 0538 ae0f ...@.........8.. 0x0030 2c8c bd83 ,... 13:19:42.865699 216.69.64.149.80 > 216.69.71.45.1390: . ack 109 win 17376 (DF) 0x0000 4500 0034 55a4 4000 3c06 b0d2 d845 4095 E..4U.@.<....E@. 0x0010 d845 472d 0050 056e 9ee9 05ca 4cb6 e3ce .EG-.P.n....L... 0x0020 8010 43e0 8241 0000 0101 080a 2c8c bd83 ..C..A......,... 0x0030 0538 ae0f .8.. 13:19:42.871415 216.69.64.149.80 > 216.69.71.45.1390: . ack 109 win 17376 (DF) 0x0000 4500 0034 069a 4000 3c06 ffdc d845 4095 E..4..@.<....E@. 0x0010 d845 472d 0050 056e 9ee9 05ca 4cb6 e3ce .EG-.P.n....L... 0x0020 8010 43e0 8241 0000 0101 080a 2c8c bd83 ..C..A......,... 0x0030 0538 ae0f .8.. 13:19:42.871449 216.69.71.45.1390 > 216.69.64.149.80: R 1287054286:1287054286(0) win 0 0x0000 4500 0028 a6c8 0000 4006 9bba d845 472d E..(....@....EG- 0x0010 d845 4095 056e 0050 4cb6 e3ce 0000 0000 .E@..n.PL....... 0x0020 5004 0000 4150 0000 P...AP.. The attached patch sets the TCP_NOPUSH option on the socket and uses shutdown(conn->sd, SHUT_WR) at the end of the HTTP request in order to force the entire HTTP request to be coelesced into a minimum number of packets. With the attached patch applied, the same request shown above appears on the wire as: 13:17:10.659049 216.69.71.45.2218 > 216.69.64.149.80: S 2067322044:2067322044(0) win 57344 (DF) 0x0000 4500 003c 9c27 4000 4006 6647 d845 472d E..<.'@.@.fG.EG- 0x0010 d845 4095 08aa 0050 7b38 d4bc 0000 0000 .E@....P{8...... 0x0020 a002 e000 61f6 0000 0204 05b4 0103 0300 ....a........... 0x0030 0101 080a 0538 729c 0000 0000 .....8r..... 13:17:10.663461 216.69.64.149.80 > 216.69.71.45.2218: S 3505347452:3505347452(0) ack 2067322045 win 17376 (DF) 0x0000 4500 003c da68 4000 3c06 2c06 d845 4095 E..<.h@.<.,..E@. 0x0010 d845 472d 0050 08aa d0ef 5b7c 7b38 d4bd .EG-.P....[|{8.. 0x0020 a012 43e0 e8b9 0000 0204 05b4 0103 0300 ..C............. 0x0030 0101 080a 2c8c bc53 0538 729c ....,..S.8r. 13:17:10.663510 216.69.71.45.2218 > 216.69.64.149.80: . ack 1 win 57920 (DF) 0x0000 4500 0034 9c28 4000 4006 664e d845 472d E..4.(@.@.fN.EG- 0x0010 d845 4095 08aa 0050 7b38 d4bd d0ef 5b7d .E@....P{8....[} 0x0020 8010 e240 761d 0000 0101 080a 0538 729c ...@v........8r. 0x0030 2c8c bc53 ,..S 13:17:10.664197 216.69.71.45.2218 > 216.69.64.149.80: FP 1:108(107) ack 1 win 57920 (DF) 0x0000 4500 009f 9c29 4000 4006 65e2 d845 472d E....)@.@.e..EG- 0x0010 d845 4095 08aa 0050 7b38 d4bd d0ef 5b7d .E@....P{8....[} 0x0020 8019 e240 df70 0000 0101 080a 0538 729c ...@.p.......8r. 0x0030 2c8c bc53 4745 5420 2f6e 6f6e 6578 6973 ,..SGET./nonexis 0x0040 7465 6e74 2e68 746d 6c20 4854 5450 2f31 tent.html.HTTP/1 0x0050 2e31 0d0a 486f 7374 3a20 7777 772e 6e74 .1..Host:.www.nt 0x0060 746d 636c 2e63 6f6d 0d0a 5573 6572 2d41 tmcl.com..User-A 0x0070 6765 6e74 3a20 6665 7463 6820 6c69 6266 gent:.fetch.libf 0x0080 6574 6368 2f32 2e30 0d0a 436f 6e6e 6563 etch/2.0..Connec 0x0090 7469 6f6e 3a20 636c 6f73 650d 0a0d 0a tion:.close.... 13:17:10.669275 216.69.64.149.80 > 216.69.71.45.2218: . ack 109 win 17269 (DF) 0x0000 4500 0034 8371 4000 3c06 8305 d845 4095 E..4.q@.<....E@. 0x0010 d845 472d 0050 08aa d0ef 5b7d 7b38 d529 .EG-.P....[}{8.) 0x0020 8010 4375 147d 0000 0101 080a 2c8c bc53 ..Cu.}......,..S 0x0030 0538 729c .8r. 13:17:10.670352 216.69.64.149.80 > 216.69.71.45.2218: F 514:514(0) ack 109 win 17376 (DF) 0x0000 4500 0034 ebbd 4000 3c06 1ab9 d845 4095 E..4..@.<....E@. 0x0010 d845 472d 0050 08aa d0ef 5d7e 7b38 d529 .EG-.P....]~{8.) 0x0020 8011 43e0 1210 0000 0101 080a 2c8c bc53 ..C.........,..S 0x0030 0538 729c .8r. 13:17:10.670378 216.69.71.45.2218 > 216.69.64.149.80: . ack 1 win 57920 (DF) 0x0000 4500 0034 9c2a 4000 4006 664c d845 472d E..4.*@.@.fL.EG- 0x0010 d845 4095 08aa 0050 7b38 d529 d0ef 5b7d .E@....P{8.)..[} 0x0020 8010 e240 75b0 0000 0101 080a 0538 729d ...@u........8r. 0x0030 2c8c bc53 ,..S 13:17:10.672885 216.69.64.149.80 > 216.69.71.45.2218: P 1:514(513) ack 109 win 17376 (DF) [ snip file contents ] 13:17:10.672906 216.69.71.45.2218 > 216.69.64.149.80: . ack 515 win 57407 (DF) 0x0000 4500 0034 9c2b 4000 4006 664b d845 472d E..4.+@.@.fK.EG- 0x0010 d845 4095 08aa 0050 7b38 d529 d0ef 5d7f .E@....P{8.)..]. 0x0020 8010 e03f 75af 0000 0101 080a 0538 729d ...?u........8r. 0x0030 2c8c bc53 Thus reducing the number of packets on the wire from 14 to 9. Obviously for larger transfers, the difference gets lost in the noise. Nonetheless, unless someone spots some undesireable side-effect that may be caused by the change, I'll commit the attached patch in a few days. Thanks, Kelly -- Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org} -- kelly@nttmcl.com --0-182495345-1108157661=:9541 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="fetch-nopush.diff" Content-Transfer-Encoding: BASE64 Content-ID: <20050211133421.H9541@alicia.nttmcl.com> Content-Description: Content-Disposition: attachment; filename="fetch-nopush.diff" SW5kZXg6IGh0dHAuYw0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KUkNTIGZp bGU6IC9ob21lL25jdnMvc3JjL2xpYi9saWJmZXRjaC9odHRwLmMsdg0KcmV0 cmlldmluZyByZXZpc2lvbiAxLjc0DQpkaWZmIC11IC1wIC1yMS43NCBodHRw LmMNCi0tLSBodHRwLmMJMjEgU2VwIDIwMDQgMTg6MzU6MjEgLTAwMDAJMS43 NA0KKysrIGh0dHAuYwkxMSBGZWIgMjAwNSAyMTozMDo0MSAtMDAwMA0KQEAg LTc2LDYgKzc2LDkgQEAgX19GQlNESUQoIiRGcmVlQlNEJCIpOw0KICNpbmNs dWRlIDx0aW1lLmg+DQogI2luY2x1ZGUgPHVuaXN0ZC5oPg0KIA0KKyNpbmNs dWRlIDxuZXRpbmV0L2luLmg+DQorI2luY2x1ZGUgPG5ldGluZXQvdGNwLmg+ DQorDQogI2luY2x1ZGUgImZldGNoLmgiDQogI2luY2x1ZGUgImNvbW1vbi5o Ig0KICNpbmNsdWRlICJodHRwZXJyLmgiDQpAQCAtNjcwLDcgKzY3Myw3IEBA IF9odHRwX2Nvbm5lY3Qoc3RydWN0IHVybCAqVVJMLCBzdHJ1Y3QgdXINCiB7 DQogCWNvbm5fdCAqY29ubjsNCiAJaW50IHZlcmJvc2U7DQotCWludCBhZjsN CisJaW50IGFmLCB2YWw7DQogDQogI2lmZGVmIElORVQ2DQogCWFmID0gQUZf VU5TUEVDOw0KQEAgLTcwNSw2ICs3MDgsMTAgQEAgX2h0dHBfY29ubmVjdChz dHJ1Y3QgdXJsICpVUkwsIHN0cnVjdCB1cg0KIAkJX2ZldGNoX3N5c2Vycigp Ow0KIAkJcmV0dXJuIChOVUxMKTsNCiAJfQ0KKw0KKwl2YWwgPSAxOw0KKwlz ZXRzb2Nrb3B0KGNvbm4tPnNkLCBJUFBST1RPX1RDUCwgVENQX05PUFVTSCwg JnZhbCwgc2l6ZW9mKHZhbCkpOw0KKw0KIAlyZXR1cm4gKGNvbm4pOw0KIH0N CiANCkBAIC05MDYsNiArOTEzLDcgQEAgX2h0dHBfcmVxdWVzdChzdHJ1Y3Qg dXJsICpVUkwsIGNvbnN0IGNoYQ0KIAkJCV9odHRwX2NtZChjb25uLCAiUmFu Z2U6IGJ5dGVzPSVsbGQtIiwgKGxvbmcgbG9uZyl1cmwtPm9mZnNldCk7DQog CQlfaHR0cF9jbWQoY29ubiwgIkNvbm5lY3Rpb246IGNsb3NlIik7DQogCQlf aHR0cF9jbWQoY29ubiwgIiIpOw0KKwkJc2h1dGRvd24oY29ubi0+c2QsIFNI VVRfV1IpOw0KIA0KIAkJLyogZ2V0IHJlcGx5ICovDQogCQlzd2l0Y2ggKF9o dHRwX2dldF9yZXBseShjb25uKSkgew0K --0-182495345-1108157661=:9541-- From owner-freebsd-net@FreeBSD.ORG Fri Feb 11 22:59:51 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C767C16A4CE; Fri, 11 Feb 2005 22:59:51 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2814243D3F; Fri, 11 Feb 2005 22:59:51 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id j1BMxdwu013455; Fri, 11 Feb 2005 14:59:43 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200502112259.j1BMxdwu013455@gw.catspoiler.org> Date: Fri, 11 Feb 2005 14:59:39 -0800 (PST) From: Don Lewis To: oppermann@networx.ch In-Reply-To: <420D1344.9DAC70D0@networx.ch> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: freebsd-net@FreeBSD.org cc: qing.li@bluecoat.com cc: freebsd-current@FreeBSD.org Subject: Re: known TCP vulnerability ?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 22:59:52 -0000 On 11 Feb, Andre Oppermann wrote: > "Li, Qing" wrote: >> >> http://www.kb.cert.org/vuls/id/464113 >> >> http://www.linuxsecurity.com/content/view/104980/98/ >> >> Ran the packet tests against FreeBSD 5.3 and 6-CURRENT and both >> respond to the SYN+FIN packets with SYN+ACK. > > This is expected behaviour because of FreeBSD used to implement T/TCP > according to RFC1644. I haven't removed this part from TCP because > I have a better reincarnation of T/TCP without the previous shortcomings > almost ready which uses this again. > > The CERT article describes how dumb firewalls with poor stateful > inspection may get fooled by this and other flag combinations. > All I can say is it's not our fault. The SYN+FIN combination is > described in RFC1644 and if the firewall gets it wrong... Well, > the real world sucks. We won't try to accept a new connection of either RST or ACK bits are set along with the SYN. /* * If the state is LISTEN then ignore segment if it contains * a RST. If the segment contains an ACK then it is bad and * send a RST. If it does not contain a SYN then it is not * interesting; drop it. * * If the state is SYN_RECEIVED (syncache) and seg contains * an ACK, but not for our SYN/ACK, send a RST. If the seg * contains a RST, check the sequence number to see if it * is a valid reset segment. */ if ((thflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) { if ((thflags & (TH_RST|TH_ACK|TH_SYN)) == TH_ACK) { [snip] } /* * Segment's flags are (SYN) or (SYN|FIN). */ The FIN flag should be harmless if it accompanies a SYN, but if it makes you feel more comfortable, you can compile your kernel with the TCP_DROP_SYNFIN option which gives you a sysctl knob that controls whether or not these packets get dropped. Typically this is done to confuse software that attempts to identify a remote host OS by seeing how it responds to various packets. You might find that enabling this option makes a host running FreeBSD look like it is running Microsoft Windows and invite a horde of attempts to exploit various Windows vulnerabilities ;-) From owner-freebsd-net@FreeBSD.ORG Sat Feb 12 13:01:08 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0323A16A4CE for ; Sat, 12 Feb 2005 13:01:08 +0000 (GMT) Received: from mail.iinet.net.au (mail-06.iinet.net.au [203.59.3.38]) by mx1.FreeBSD.org (Postfix) with SMTP id EB65843D41 for ; Sat, 12 Feb 2005 13:01:06 +0000 (GMT) (envelope-from vk3heg@iinet.net.au) Received: (qmail 23300 invoked from network); 12 Feb 2005 13:01:05 -0000 Received: from unknown (HELO curl.ballaratwireless.net) (203.217.42.225) by mail.iinet.net.au with SMTP; 12 Feb 2005 13:01:04 -0000 From: Stephen To: freebsd-net@freebsd.org Date: Sun, 13 Feb 2005 00:01:12 +1100 User-Agent: KMail/1.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200502130001.12885.vk3heg@iinet.net.au> Subject: Network hardware address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2005 13:01:08 -0000 Hello Everyone, I need to know if it's possable to change the network card's mac address on a FreeBSD 4.10 based machine. This machine is a firewall on a cable company's network and they use the mac address for billing etc. (The user's system has a subnet of ip's). The network card is playing up and I need to change it but keep the old cards hardware ethernet address: ie: ether 01:50:08:c1:f9:a1 -- Stephen - vk3heg Ph: 0409149641 From owner-freebsd-net@FreeBSD.ORG Sat Feb 12 13:41:03 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D59FE16A4CE for ; Sat, 12 Feb 2005 13:41:03 +0000 (GMT) Received: from kraid.nerim.net (smtp-106-saturday.nerim.net [62.4.16.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7FB543D49 for ; Sat, 12 Feb 2005 13:41:02 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by kraid.nerim.net (Postfix) with ESMTP id 3C44441A83 for ; Sat, 12 Feb 2005 14:41:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1])745E9C223 for ; Sat, 12 Feb 2005 14:40:59 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02641-05 for ; Sat, 12 Feb 2005 14:40:51 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 1FB84C20E; Sat, 12 Feb 2005 14:40:51 +0100 (CET) To: Mailing List FreeBSD Network From: Eric Masson X-Operating-System: FreeBSD 5.3-STABLE i386 Date: Sat, 12 Feb 2005 14:40:50 +0100 Message-ID: <86is4xj3q5.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Subject: xl(4) & polling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2005 13:41:03 -0000 Hi, Has anyone wip regarding ${subject} area ? I've found this, but the project seem to have stalled : http://listserver.uk.freebsd.org/pipermail/freebsd-users/2002-April/005666.html Thanks in advance Regards Éric Masson -- Bientôt, Apple ne va plus que fournir les plans sous microfilms coincés sur le proc : le but sera de les en déloger avant d'allumer la machine, sinon ça fond ! Comme à Fort Boyard... -+- SP in Guide du Macounet Pervers :The name is Bond, James Bond -+- From owner-freebsd-net@FreeBSD.ORG Sat Feb 12 16:40:15 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C75616A4CE for ; Sat, 12 Feb 2005 16:40:15 +0000 (GMT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6871C43D41 for ; Sat, 12 Feb 2005 16:40:14 +0000 (GMT) (envelope-from marcolz@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mailhost.stack.nl (Postfix) with ESMTP id 74D881F1C5; Sat, 12 Feb 2005 17:40:13 +0100 (CET) Received: by snail.stack.nl (Postfix, from userid 333) id 6695B2287E; Sat, 12 Feb 2005 17:40:13 +0100 (CET) Date: Sat, 12 Feb 2005 17:40:13 +0100 From: Marc Olzheim To: Stephen Message-ID: <20050212164013.GA58238@stack.nl> References: <200502130001.12885.vk3heg@iinet.net.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline In-Reply-To: <200502130001.12885.vk3heg@iinet.net.au> X-Operating-System: FreeBSD snail.stack.nl 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.7i cc: freebsd-net@freebsd.org Subject: Re: Network hardware address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2005 16:40:15 -0000 --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 13, 2005 at 12:01:12AM +1100, Stephen wrote: > The network card is playing up and I need to change it but keep the old c= ards=20 > hardware ethernet address: ie: ether 01:50:08:c1:f9:a1 If the driver of your NIC supports it, you can use: ifconfig ether 01:50:08:c1:f9:a1 Marc --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCDjFtezjnobFOgrERAlpsAKDARLSY0ci5zAh964s0WhJ/zJz1SwCfW/XU ACJDAL4/rSTT+hxcQ8oEoWQ= =WKkg -----END PGP SIGNATURE----- --ibTvN161/egqYuK8-- From owner-freebsd-net@FreeBSD.ORG Sat Feb 12 21:27:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73ABD16A4CF; Sat, 12 Feb 2005 21:27:49 +0000 (GMT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [128.30.28.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12E6A43D49; Sat, 12 Feb 2005 21:27:49 +0000 (GMT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id j1CLRkaa018332 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA); Sat, 12 Feb 2005 16:27:46 -0500 (EST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id j1CLRhJ6018329; Sat, 12 Feb 2005 16:27:43 -0500 (EST) (envelope-from wollman) Date: Sat, 12 Feb 2005 16:27:43 -0500 (EST) From: Garrett Wollman Message-Id: <200502122127.j1CLRhJ6018329@khavrinen.lcs.mit.edu> To: Andre Oppermann In-Reply-To: <420D1344.9DAC70D0@networx.ch> References: <00CDF9AA240E204FA6E923BD35BC64360879060E@bcs-mail.internal.cacheflow.com> <420D1344.9DAC70D0@networx.ch> X-Spam-Score: -19.8 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES X-Scanned-By: MIMEDefang 2.37 cc: freebsd-net@FreeBSD.ORG cc: "Li, Qing" cc: freebsd-current@FreeBSD.ORG Subject: Re: known TCP vulnerability ?? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2005 21:27:49 -0000 < said: > "Li, Qing" wrote: >> Ran the packet tests against FreeBSD 5.3 and 6-CURRENT and both >> respond to the SYN+FIN packets with SYN+ACK. > This is expected behaviour because of FreeBSD used to implement T/TCP > according to RFC1644. Actually, it is expected behavior because FreeBSD used to implement TCP according to RFC 793. -GAWollman