From owner-freebsd-net@FreeBSD.ORG Sun Dec 4 22:10:46 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3488716A41F for ; Sun, 4 Dec 2005 22:10:46 +0000 (GMT) (envelope-from juan.fco.rodriguez@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 458A743D5C for ; Sun, 4 Dec 2005 22:10:44 +0000 (GMT) (envelope-from juan.fco.rodriguez@gmail.com) Received: by nproxy.gmail.com with SMTP id q29so360637nfc for ; Sun, 04 Dec 2005 14:10:43 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o2og2Ddb63t20OYd2CmZzX+GIMFVj8z+oP7eRUnh374zYDKX0RxoQaktXV8LA5YPhMFTiCguNpI9HegwvxQMlXAPqdCSSMnEPbm+pDCuD3gl0HXEOhPCwzzmDQyYnC2h4rfH8dSMWvEHLdeu3PShWQneqQKYY2wULWuLz9dO81A= Received: by 10.48.209.4 with SMTP id h4mr472765nfg; Sun, 04 Dec 2005 14:10:43 -0800 (PST) Received: by 10.49.1.15 with HTTP; Sun, 4 Dec 2005 14:10:43 -0800 (PST) Message-ID: <96b30c400512041410q647b9925y9f073eec400f88f4@mail.gmail.com> Date: Sun, 4 Dec 2005 23:10:43 +0100 From: Juan Rodriguez To: freebsd-net@freebsd.org In-Reply-To: <96b30c400512020937r42d1bec2t4e8ca9527b635603@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <96b30c400512020937r42d1bec2t4e8ca9527b635603@mail.gmail.com> Subject: Re: Does Zyxel ZyAIR-B100 works on FreeBSD-6.0 ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Dec 2005 22:10:46 -0000 On 12/2/05, Juan Rodriguez wrote: > I'm going to buy it because it's very chip (and a bit old). > I've found on the web that it's based on Prims-3.0 chipset, but I haven't > found it listed on the wi man page.... > > -- > JFRH > > Yes, it works very well, thanks anyway. -- JFRH From owner-freebsd-net@FreeBSD.ORG Sun Dec 4 23:59:41 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4BB516A41F for ; Sun, 4 Dec 2005 23:59:41 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: from web51605.mail.yahoo.com (web51605.mail.yahoo.com [206.190.38.210]) by mx1.FreeBSD.org (Postfix) with SMTP id A5EA643D5E for ; Sun, 4 Dec 2005 23:59:40 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 28713 invoked by uid 60001); 4 Dec 2005 23:59:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6TdUC2m4K4tnhQlPtHmsL+GkfgvqIUDDnhLa1nZ03f9cUpA7EAjMCfiY3cFXDM5Z1+gbuv+k/EggRrW02++/ZBpaa8ft89N/oQMosn4gj2lDIjhkhnGGvnxcQkvZxN/YtjzHbuzA7ROoy2BdmCeeF639YpXcmmjcMXVKCkUs3TQ= ; Message-ID: <20051204235939.28711.qmail@web51605.mail.yahoo.com> Received: from [202.90.128.27] by web51605.mail.yahoo.com via HTTP; Sun, 04 Dec 2005 15:59:39 PST Date: Sun, 4 Dec 2005 15:59:39 -0800 (PST) From: Mark Jayson Alvarez To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: How does carp computes the MAC address of the a certain Virtual IP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Dec 2005 23:59:41 -0000 Hi, How does carp computes the MAC address of the a certain Virtual IP? Perhaps I can set up a route for the virtual IP address manually because the kernel keeps on complaining: "arp_trequest: bad gateway (!AF_LINK). This is weired because my carp setup is working for the past 4 days and it suddenly stopped with the above error. Any idea? Thanks --------------------------------- Yahoo! Personals Single? There's someone we'd like you to meet. Lots of someones, actually. Try Yahoo! Personals From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 02:37:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF65816A455 for ; Mon, 5 Dec 2005 02:37:29 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: from web51610.mail.yahoo.com (web51610.mail.yahoo.com [206.190.38.215]) by mx1.FreeBSD.org (Postfix) with SMTP id A487243D5D for ; Mon, 5 Dec 2005 02:37:22 +0000 (GMT) (envelope-from jay2xra@yahoo.com) Received: (qmail 90615 invoked by uid 60001); 5 Dec 2005 02:37:20 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=piwpU5d2yagA4zrhu3cMT3JRT7sbFGDJ/sYyxnakSY/hgpEbSmcdlHxnIqrd6qivUIN/akhaBK7L5LB97gCP4VCt6JO9HVunPEPMJQn3w6WIcG0ChOHD/MjKIV4nBCASdjL8BeQIkVCFj6bXwFX7mIM25iMkOF3QdNWodDVNAew= ; Message-ID: <20051205023720.90613.qmail@web51610.mail.yahoo.com> Received: from [202.90.128.27] by web51610.mail.yahoo.com via HTTP; Sun, 04 Dec 2005 18:37:20 PST Date: Sun, 4 Dec 2005 18:37:20 -0800 (PST) From: Mark Jayson Alvarez To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Strange carp problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 02:37:30 -0000 Hi, How does carp computes the MAC address of the a certain Virtual IP? Perhaps I can set up a route for the virtual IP address manually because the kernel keeps on complaining: "arp_trequest: bad gateway (!AF_LINK). This is weired because my carp setup is working for the past 4 days and it suddenly stopped with the above error. Any idea? Thanks --------------------------------- Yahoo! Personals Single? There's someone we'd like you to meet. Lots of someones, actually. Try Yahoo! Personals From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 11:02:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B32CC16A41F for ; Mon, 5 Dec 2005 11:02:14 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C97E443D8F for ; Mon, 5 Dec 2005 11:02:05 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB5B25Q3023964 for ; Mon, 5 Dec 2005 11:02:05 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB5B24mX023957 for freebsd-net@freebsd.org; Mon, 5 Dec 2005 11:02:04 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 5 Dec 2005 11:02:04 GMT Message-Id: <200512051102.jB5B24mX023957@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 11:02:14 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2005/11/03] kern/88450 net SYN+ACK reports strange size of window 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 11:39:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4528216A41F for ; Mon, 5 Dec 2005 11:39:14 +0000 (GMT) (envelope-from lysergius2001@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FFC843D4C for ; Mon, 5 Dec 2005 11:39:13 +0000 (GMT) (envelope-from lysergius2001@gmail.com) Received: by nproxy.gmail.com with SMTP id g2so123188nfe for ; Mon, 05 Dec 2005 03:39:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=rmJcbxqgFsEFrl6Ay+K9ewyDv30usDi7GP3ZmHUCk4ImwOBiXe251KAGU+lmoQuivE/dfA0GDe6b6PhEgzjwcabHK7JABLN7W1KUVWWkeRhC9uB+bbydXAkhDLFX23QkLF+johhdZ5UVPqUVPCVTnvC1SHHlKVNym6AYwjyIA1s= Received: by 10.48.31.18 with SMTP id e18mr1031364nfe; Mon, 05 Dec 2005 03:39:12 -0800 (PST) Received: by 10.48.249.6 with HTTP; Mon, 5 Dec 2005 03:39:12 -0800 (PST) Message-ID: Date: Mon, 5 Dec 2005 11:39:12 +0000 From: lysergius2001 To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Belkin F5D7000 and FreeBSD 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 11:39:14 -0000 Has anyone had any success getting this Wireless card to work with FreeBSD 6.0? Any gotchas to look out for? Thanks -- Lysergius says, "Stay light, but trust gravity" From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 12:45:51 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F5F816A41F for ; Mon, 5 Dec 2005 12:45:51 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from mr1.dcs.gla.ac.uk (mr1.dcs.gla.ac.uk [130.209.249.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5031943D58 for ; Mon, 5 Dec 2005 12:45:50 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from ex1.ad.dcs.gla.ac.uk ([130.209.249.157]:25526) by mr1.dcs.gla.ac.uk with esmtp (Exim 4.42) id 1EjFj2-0005GL-De for freebsd-net@freebsd.org; Mon, 05 Dec 2005 12:45:48 +0000 Received: from [130.209.254.20] ([130.209.254.20]) by ex1.ad.dcs.gla.ac.uk over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Dec 2005 12:45:48 +0000 Mime-Version: 1.0 (Apple Message framework v746.2) Content-Transfer-Encoding: 7bit Message-Id: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-net@freebsd.org From: Alvaro Saurin Date: Mon, 5 Dec 2005 12:51:56 +0000 X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 05 Dec 2005 12:45:48.0331 (UTC) FILETIME=[D118E7B0:01C5F999] Subject: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 12:45:51 -0000 Hi, I was wondering if someone could help me with a small problem with dummynet. I have a typical dumbbell configuration where I have a FreeBSD 6.0 machine with dummynet. It is something like this: *----- ubuntu6 | 10.10.3.6 10.10.1.3 10.10.1.4 | ubuntu2 ---[hub]--- ubuntu3------- BSD4------[hub]--- ubuntu5 10.10.2.2 | 10.10.2.3 10.10.3.4 10.10.3.5 | ubuntu1 -----* 10.10.2.1 I want to set the delay, bandwidth, etc. limit in BSD4, using something like > sudo ipfw add 3 pipe 3 all from ubuntu2 to ubuntu6 > sudo ipfw add 4 pipe 4 all from ubuntu6 to ubuntu2 > sudo ipfw pipe 3 config bw 12000Kbit/s queue 17500bytes delay 5ms > sudo ipfw pipe 4 config bw 12000Kbit/s queue 17500bytes delay 5ms for a limit between 'ubuntu2' and 'ubuntu6', leading to a new rule set like > sudo ipfw -a list 00003 0 0 pipe 3 ip from 10.10.2.2 to 10.10.3.6 00004 0 0 pipe 4 ip from 10.10.3.6 to 10.10.2.2 00100 1862 144376 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 118952 53165334 allow ip from any to any 65100 0 0 deny log logamount 5000 ip from any to any frag 65535 8 512 deny ip from any to any > sudo ipfw pipe show 00003: 12.000 Mbit/s 5 ms 17 KB 0 queues (1 buckets) droptail 00004: 12.000 Mbit/s 5 ms 17 KB 0 queues (1 buckets) droptail The problem comes here: if I 'ping' between these two machines, everything is fine, but if I 'ping' with a packet size of, ie, 2000, no packets arrive at the receiver. Does it have to do with fragmented packets? Do I have to include any other rule for dealing with fragments? And another question: why do I need to specify a 5ms delay for a total RTT of 40ms? Thanks in advance Alvaro -- Alvaro Saurin From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 14:41:15 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FE3316A41F for ; Mon, 5 Dec 2005 14:41:15 +0000 (GMT) (envelope-from spadge@fromley.net) Received: from mta09-winn.ispmail.ntl.com (mta09-winn.ispmail.ntl.com [81.103.221.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F34243D76 for ; Mon, 5 Dec 2005 14:41:10 +0000 (GMT) (envelope-from spadge@fromley.net) Received: from aamta12-winn.ispmail.ntl.com ([81.103.221.35]) by mta09-winn.ispmail.ntl.com with ESMTP id <20051205144109.DUXU8609.mta09-winn.ispmail.ntl.com@aamta12-winn.ispmail.ntl.com>; Mon, 5 Dec 2005 14:41:09 +0000 Received: from tobermory.home ([82.18.8.27]) by aamta12-winn.ispmail.ntl.com with ESMTP id <20051205144109.JALC18425.aamta12-winn.ispmail.ntl.com@tobermory.home>; Mon, 5 Dec 2005 14:41:09 +0000 Received: from [192.168.124.185] (unknown [192.168.124.185]) by tobermory.home (Postfix) with ESMTP id 4FAEFA6C99; Mon, 5 Dec 2005 14:41:06 +0000 (GMT) Message-ID: <4394518C.1030104@fromley.net> Date: Mon, 05 Dec 2005 14:41:16 +0000 From: Spadge User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alvaro Saurin References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> In-Reply-To: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 14:41:15 -0000 Alvaro Saurin wrote: > The problem comes here: if I 'ping' between these two machines, > everything is fine, but if I 'ping' with a packet size of, ie, 2000, no > packets arrive at the receiver. Does it have to do with fragmented > packets? Do I have to include any other rule for dealing with fragments? 65100 0 0 deny log logamount 5000 ip from any to any frag Does this not effectively kill all frags? Are your unreceived packets showing up in the log? And if not, are you sure that it's BSD4 that's losing them, and not ubuntu3? Here's how my firewall handles frags: # Allow IP fragments to pass through /sbin/ipfw add pass all from any to any frag You may also want to set up something similar to handle ICMP. I've not used dummynet pipes in ages, I wonder if setting a larger queue would help with my disconnect problems, or whether I really do just need to give up and reinstall the entire OS. -- Spadge "Intoccabile" www.fromley.com From owner-freebsd-net@FreeBSD.ORG Mon Dec 5 15:50:32 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A443416A41F for ; Mon, 5 Dec 2005 15:50:32 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from mr1.dcs.gla.ac.uk (mr1.dcs.gla.ac.uk [130.209.249.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3348043D60 for ; Mon, 5 Dec 2005 15:50:32 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from ex1.ad.dcs.gla.ac.uk ([130.209.249.157]:31756) by mr1.dcs.gla.ac.uk with esmtp (Exim 4.42) id 1EjIbn-0001fk-4R; Mon, 05 Dec 2005 15:50:31 +0000 Received: from [130.209.254.20] ([130.209.254.20]) by ex1.ad.dcs.gla.ac.uk over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Dec 2005 15:50:31 +0000 In-Reply-To: <4394518C.1030104@fromley.net> References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> <4394518C.1030104@fromley.net> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> Content-Transfer-Encoding: 7bit From: Alvaro Saurin Date: Mon, 5 Dec 2005 15:56:44 +0000 To: Spadge X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 05 Dec 2005 15:50:31.0088 (UTC) FILETIME=[9EEF6B00:01C5F9B3] Cc: freebsd-net@freebsd.org Subject: Re: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 15:50:32 -0000 On 5 Dec 2005, at 14:41, Spadge wrote: > Alvaro Saurin wrote: > >> The problem comes here: if I 'ping' between these two machines, >> everything is fine, but if I 'ping' with a packet size of, ie, >> 2000, no packets arrive at the receiver. Does it have to do with >> fragmented packets? Do I have to include any other rule for >> dealing with fragments? > > 65100 0 0 deny log logamount 5000 ip from any to any frag > > Does this not effectively kill all frags? Are your unreceived > packets showing up in the log? And if not, are you sure that it's > BSD4 that's losing them, and not ubuntu3? > > Here's how my firewall handles frags: > > # Allow IP fragments to pass through > /sbin/ipfw add pass all from any to any frag > > You may also want to set up something similar to handle ICMP. > > I've not used dummynet pipes in ages, I wonder if setting a larger > queue would help with my disconnect problems, or whether I really > do just need to give up and reinstall the entire OS. Thank you, you're right, but adding something like 'pass all from any to any frag' does not put the IICMP packets through the dummynet pipe. I am not specially interested in 'ping's, but it happens the same for UDP traffic... The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it doesn't work when packets are fragmented. And letting fragments out of the pipe does not improve things... Any idea? Thanks. Alvaro -- Alvaro Saurin From owner-freebsd-net@FreeBSD.ORG Tue Dec 6 09:09:59 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9645516A41F for ; Tue, 6 Dec 2005 09:09:59 +0000 (GMT) (envelope-from xds@LanGame.Net) Received: from netmail.langame.net (netmail.langame.net [80.80.128.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB1BF43D6B for ; Tue, 6 Dec 2005 09:09:44 +0000 (GMT) (envelope-from xds@LanGame.Net) Received: (qmail 18258 invoked by uid 0); 6 Dec 2005 06:13:07 -0000 Received: from xds@LanGame.Net by netmail.langame.net by uid 0 with qmail-scanner-1.22 (clamdscan: 0.72. Clear:RC:1(80.80.128.68):. Processed in 0.040938 secs); 06 Dec 2005 06:13:07 -0000 X-Qmail-Scanner-Mail-From: xds@LanGame.Net via netmail.langame.net X-Qmail-Scanner: 1.22 (Clear:RC:1(80.80.128.68):. Processed in 0.040938 secs) Received: from unknown (HELO ?80.80.128.68?) (xds%langame.net@80.80.128.68) by netmail.langame.net with SMTP; 6 Dec 2005 06:13:07 -0000 Message-ID: <4395555C.90407@LanGame.Net> Date: Tue, 06 Dec 2005 11:09:48 +0200 From: Atanas Yankov User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050729) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alvaro Saurin , freebsd-net@freebsd.org References: <79336124-B4D5-43A3-88D2-9FE0D4A4D120@dcs.gla.ac.uk> <4394518C.1030104@fromley.net> <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> In-Reply-To: <88B4FA57-0A01-410C-9DCF-67E1F23DD827@dcs.gla.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Dummynet Broke fragmets in 5.x and 6.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 09:09:59 -0000 This problem exist in 5.x and 6.x implementations i wrote the email to luiggi for this problem but no answer yet , there is a problem with fragmented traffic that going throut pipes, dummynet whithout a problem change the ids of the framents and with this prevent reassembling of the fragments , this is true not only for icmp udp icmp its true for all ip traffic. br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. Alvaro Saurin wrote: > > On 5 Dec 2005, at 14:41, Spadge wrote: > >> Alvaro Saurin wrote: >> >>> The problem comes here: if I 'ping' between these two machines, >>> everything is fine, but if I 'ping' with a packet size of, ie, >>> 2000, no packets arrive at the receiver. Does it have to do with >>> fragmented packets? Do I have to include any other rule for >>> dealing with fragments? >> >> >> 65100 0 0 deny log logamount 5000 ip from any to any frag >> >> Does this not effectively kill all frags? Are your unreceived >> packets showing up in the log? And if not, are you sure that it's >> BSD4 that's losing them, and not ubuntu3? >> >> Here's how my firewall handles frags: >> >> # Allow IP fragments to pass through >> /sbin/ipfw add pass all from any to any frag >> >> You may also want to set up something similar to handle ICMP. >> >> I've not used dummynet pipes in ages, I wonder if setting a larger >> queue would help with my disconnect problems, or whether I really do >> just need to give up and reinstall the entire OS. > > > Thank you, you're right, but adding something like 'pass all from any > to any frag' does not put the IICMP packets through the dummynet > pipe. I am not specially interested in 'ping's, but it happens the > same for UDP traffic... > > The problem is that, if I put ICMP/UDP/etc traffic through a pipe, it > doesn't work when packets are fragmented. And letting fragments out > of the pipe does not improve things... > > Any idea? Thanks. > > Alvaro > From owner-freebsd-net@FreeBSD.ORG Tue Dec 6 12:52:38 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E54D16A422 for ; Tue, 6 Dec 2005 12:52:38 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from yam.park.rambler.ru (yam.park.rambler.ru [81.19.64.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id B663443D7E for ; Tue, 6 Dec 2005 12:52:33 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by yam.park.rambler.ru (8.13.3/8.13.3) with ESMTP id jB6CqV9C044170 for ; Tue, 6 Dec 2005 15:52:31 +0300 (MSK) (envelope-from is@rambler-co.ru) Date: Tue, 6 Dec 2005 15:52:31 +0300 (MSK) From: Igor Sysoev X-X-Sender: is@is.park.rambler.ru To: freebsd-net@freebsd.org In-Reply-To: <20051201120928.N32133@is.park.rambler.ru> Message-ID: <20051206154450.L67178@is.park.rambler.ru> References: <20050901140051.G11484@is.park.rambler.ru> <20050901182115.F11484@is.park.rambler.ru> <20051201120928.N32133@is.park.rambler.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: strange timeout error returned by kevent() in 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 12:52:38 -0000 On Thu, 1 Dec 2005, Igor Sysoev wrote: > On Thu, 1 Sep 2005, Igor Sysoev wrote: > >> On Thu, 1 Sep 2005, Igor Sysoev wrote: >> >>> I found strange timeout errors returned by kevent() in 6.0 using >>> my http server named nginx. The nginx's run on three machines: >>> two 4.10-RELEASE and one 6.0-BETA3. All machines serve the same >>> content (simple cluster) and each handles about 200 requests/second. >>> >>> On 6.0 sometimes (2 or 3 times per hour) in the daytime kevent() >>> returns EV_EOF in flags and ETIMEDOUT in fflags, nevertheless: >>> >>> 1) nginx does not set any kernel timeout for sockets; >>> 2) the total request time for such failed requests is small, 30 and so >>> seconds. >> >> I have changed code to ignore the ETIMEDOUT error returned by kevent() >> and found that subsequent sendfile() returned the ENOTCONN. >> >> By the way, why sendfile() may return ENOTCONN ? >> I saw this error code on 4.x too. > > Recently I've found that kevent() in FreeBSD 5.4 may return wrong > the ETIMEDOUT too. > > Also I've found that recv() on FreeBSD 6.0 may return wrong ETIMEDOUT > error for socket that has no any kernel timeout. It seems this > ETIMEDOUT error masks another error. It's seems that this ETIMEDOUT is caused by a retransmit failure, when data were retransmited 12 times with backoff timeout. The whole timeout is small, 30-50 seconds, because the initial RTO is very small: 5-10 ms. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Tue Dec 6 18:36:55 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97E5F16A41F for ; Tue, 6 Dec 2005 18:36:55 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (gate.funkthat.com [69.17.45.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4244943D7C for ; Tue, 6 Dec 2005 18:36:52 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (localhost.funkthat.com [127.0.0.1]) by hydrogen.funkthat.com (8.13.3/8.13.3) with ESMTP id jB6IaorD092069; Tue, 6 Dec 2005 10:36:50 -0800 (PST) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.13.3/8.13.3/Submit) id jB6Iamjd092068; Tue, 6 Dec 2005 10:36:48 -0800 (PST) (envelope-from jmg) Date: Tue, 6 Dec 2005 10:36:48 -0800 From: John-Mark Gurney To: Igor Sysoev Message-ID: <20051206183648.GG55657@funkthat.com> Mail-Followup-To: Igor Sysoev , freebsd-net@freebsd.org References: <20050901140051.G11484@is.park.rambler.ru> <20050901182115.F11484@is.park.rambler.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050901182115.F11484@is.park.rambler.ru> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE-p6 i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html Cc: freebsd-net@freebsd.org Subject: Re: strange timeout error returned by kevent() in 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 18:36:55 -0000 Igor Sysoev wrote this message on Thu, Sep 01, 2005 at 18:26 +0400: > On Thu, 1 Sep 2005, Igor Sysoev wrote: > > >I found strange timeout errors returned by kevent() in 6.0 using > >my http server named nginx. The nginx's run on three machines: > >two 4.10-RELEASE and one 6.0-BETA3. All machines serve the same > >content (simple cluster) and each handles about 200 requests/second. > > > >On 6.0 sometimes (2 or 3 times per hour) in the daytime kevent() > >returns EV_EOF in flags and ETIMEDOUT in fflags, nevertheless: > > > >1) nginx does not set any kernel timeout for sockets; > >2) the total request time for such failed requests is small, 30 and so > >seconds. > > I have changed code to ignore the ETIMEDOUT error returned by kevent() > and found that subsequent sendfile() returned the ENOTCONN. > > By the way, why sendfile() may return ENOTCONN ? > I saw this error code on 4.x too. The reason that you are seeing ETIMEDOUT/ENOTCONN is that the connection probably ETIMEDOUT (aka timed out)... and so is ENOTCONN (no longer connected).. can you also do a read or a write to the socket successfully? and sendfile(3) says: ERRORS [...] [ENOTCONN] The s argument points to an unconnected socket. and a glance at tcp(4) says: ERRORS [...] [ETIMEDOUT] when a connection was dropped due to excessive retransmissions; There's the answers... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@FreeBSD.ORG Tue Dec 6 19:35:08 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56DD116A41F for ; Tue, 6 Dec 2005 19:35:08 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from yam.park.rambler.ru (yam.park.rambler.ru [81.19.64.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2702443D8F for ; Tue, 6 Dec 2005 19:34:50 +0000 (GMT) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by yam.park.rambler.ru (8.13.3/8.13.3) with ESMTP id jB6JYhxw090868; Tue, 6 Dec 2005 22:34:43 +0300 (MSK) (envelope-from is@rambler-co.ru) Date: Tue, 6 Dec 2005 22:34:43 +0300 (MSK) From: Igor Sysoev X-X-Sender: is@is.park.rambler.ru To: John-Mark Gurney In-Reply-To: <20051206183648.GG55657@funkthat.com> Message-ID: <20051206222847.Y73245@is.park.rambler.ru> References: <20050901140051.G11484@is.park.rambler.ru> <20050901182115.F11484@is.park.rambler.ru> <20051206183648.GG55657@funkthat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: strange timeout error returned by kevent() in 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 19:35:08 -0000 On Tue, 6 Dec 2005, John-Mark Gurney wrote: > Igor Sysoev wrote this message on Thu, Sep 01, 2005 at 18:26 +0400: >> On Thu, 1 Sep 2005, Igor Sysoev wrote: >> >>> I found strange timeout errors returned by kevent() in 6.0 using >>> my http server named nginx. The nginx's run on three machines: >>> two 4.10-RELEASE and one 6.0-BETA3. All machines serve the same >>> content (simple cluster) and each handles about 200 requests/second. >>> >>> On 6.0 sometimes (2 or 3 times per hour) in the daytime kevent() >>> returns EV_EOF in flags and ETIMEDOUT in fflags, nevertheless: >>> >>> 1) nginx does not set any kernel timeout for sockets; >>> 2) the total request time for such failed requests is small, 30 and so >>> seconds. >> >> I have changed code to ignore the ETIMEDOUT error returned by kevent() >> and found that subsequent sendfile() returned the ENOTCONN. >> >> By the way, why sendfile() may return ENOTCONN ? >> I saw this error code on 4.x too. > > The reason that you are seeing ETIMEDOUT/ENOTCONN is that the connection > probably ETIMEDOUT (aka timed out)... and so is ENOTCONN (no longer > connected).. can you also do a read or a write to the socket successfully? At least recv() returns ETIMEDOUT. I could not test write() right now. > and sendfile(3) says: > ERRORS > [...] > > [ENOTCONN] The s argument points to an unconnected socket. > > and a glance at tcp(4) says: > ERRORS > [...] > > [ETIMEDOUT] when a connection was dropped due to excessive > retransmissions; > > There's the answers... Yes, it seems that ETIMEDOUT is retransmission failure. I've seen it in experiment. The strangeness is that I did not see this error on 4.10. Only on 6.0 and recenty on 4.11. May be I will upgrade cluster machine from 4.10 to 4.11 to see changes. Igor Sysoev http://sysoev.ru/en/ From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 02:02:38 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5912416A41F for ; Thu, 8 Dec 2005 02:02:38 +0000 (GMT) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9B7843D7D for ; Thu, 8 Dec 2005 02:02:10 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.23.157]) ([10.251.23.157]) by a50.ironport.com with ESMTP; 07 Dec 2005 18:01:55 -0800 X-IronPort-Anti-Spam-Filtered: true Message-ID: <43979412.8020902@elischer.org> Date: Wed, 07 Dec 2005 18:01:54 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: netgraph talk online X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 02:02:38 -0000 join is on IRC at efnet #bafug talk starts at 19:30 San Fraqncisco time (8 hours behind UTC) (in 90 minutes) and watch on one of: rtsp://streaming.uoregon.edu:555/bafug-live.sdp rtsp://stream.psg.com/bafug-live.sdp rtsp://kumr2.lns.com/bafug-live.sdp only one of them will be alive but if something screws up we have two backups :-) From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 02:47:40 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E365E16A422 for ; Thu, 8 Dec 2005 02:47:40 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE8D643D70 for ; Thu, 8 Dec 2005 02:47:28 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so347883wxc for ; Wed, 07 Dec 2005 18:47:27 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Rh/+TYmFpv+4HbFl907n/VPRjS9Z2wlURm8tRXzqUO/CXZUcI89NuYE47So9TxW30xpzDKPbytytlLCH0GtPZi1AhvCn7zR4OY4Z14EepvLj2wmvwjt5OisVPTxNY0KUuezHOvOSioExDuBhGKiKuw+tj08ixy1tOnN41U6p9Pc= Received: by 10.70.69.6 with SMTP id r6mr3037465wxa; Wed, 07 Dec 2005 18:47:27 -0800 (PST) Received: by 10.70.110.4 with HTTP; Wed, 7 Dec 2005 18:47:27 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 04:47:27 +0200 From: Ivo Vachkov To: freebsd-net@freebsd.org In-Reply-To: <43979412.8020902@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43979412.8020902@elischer.org> Subject: Re: netgraph talk online X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 02:47:41 -0000 Could you please post the talk logs somewhere :) 2005/12/8, Julian Elischer : > join is on IRC at efnet #bafug > > talk starts at 19:30 San Fraqncisco time (8 hours behind UTC) (in 90 > minutes) > > and watch on one of: > rtsp://streaming.uoregon.edu:555/bafug-live.sdp > rtsp://stream.psg.com/bafug-live.sdp > rtsp://kumr2.lns.com/bafug-live.sdp > > only one of them will be alive but if something screws up we have two > backups :-) > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." Dennis Ritchie From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 02:55:05 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 255E016A41F for ; Thu, 8 Dec 2005 02:55:05 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92BE643D5A for ; Thu, 8 Dec 2005 02:55:00 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so348665wxc for ; Wed, 07 Dec 2005 18:54:59 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qTatYsj5ps1XrItmt4F745lmc0PetW1V9lpSijGHvfpPG+0dL7fIh+P5b7PGi/DU3CowQBlXj7Usj1w6eXT3BtUSrHL/4ZWJAmMnw/ydMueehnF880VRC8fkhaFxvt3lJa6dAox5gl7EZ1NygnXXFGVCnFSFz5/GSr1elpeVoaQ= Received: by 10.70.65.17 with SMTP id n17mr3147117wxa; Wed, 07 Dec 2005 18:54:59 -0800 (PST) Received: by 10.70.110.4 with HTTP; Wed, 7 Dec 2005 18:54:59 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 04:54:59 +0200 From: Ivo Vachkov To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 02:55:05 -0000 Hello, I'm interested in implementing policy based routing (PBR) for the FreeBSD. First of all, I want to hear what you think about that. If anyone has any ideas I'll be glad if you share them with me. I'm especially interested in the programming details. I've done some research and figured out two ways to implement it, but before discussing them I want to hear other developers/users opinions. Thank you in advance. Ivo Vachkov -- "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." Dennis Ritchie From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 03:04:53 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2392216A41F for ; Thu, 8 Dec 2005 03:04:53 +0000 (GMT) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F31043D7C for ; Thu, 8 Dec 2005 03:04:51 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 45827 invoked from network); 8 Dec 2005 03:01:25 -0000 Received: from c00l3r.networx.ch (HELO freebsd.org) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 8 Dec 2005 03:01:25 -0000 Message-ID: <4397A2D1.452F290A@freebsd.org> Date: Thu, 08 Dec 2005 04:04:49 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Ivo Vachkov References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 03:04:53 -0000 Ivo Vachkov wrote: > > Hello, > > I'm interested in implementing policy based routing (PBR) for the > FreeBSD. First of all, I want to hear what you think about that. If > anyone has any ideas I'll be glad if you share them with me. I'm > especially interested in the programming details. I've done some > research and figured out two ways to implement it, but before > discussing them I want to hear other developers/users opinions. Normally it's the other way around. Why don't you post your ideas first and then we work out whether it is a smart approach wrt. the FreeBSD kernel. Most important is your definition of policy routing. Many people understand many different things under that term. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 05:03:20 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93E3716A41F for ; Thu, 8 Dec 2005 05:03:20 +0000 (GMT) (envelope-from yelgar_priya@yahoo.co.in) Received: from web8513.mail.in.yahoo.com (web8513.mail.in.yahoo.com [202.43.219.106]) by mx1.FreeBSD.org (Postfix) with SMTP id 77B4E43D75 for ; Thu, 8 Dec 2005 05:03:08 +0000 (GMT) (envelope-from yelgar_priya@yahoo.co.in) Received: (qmail 22751 invoked by uid 60001); 8 Dec 2005 05:03:38 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.in; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=hgMovn0xm/2p8GUd8E0S/FrwqkFwvQp2d+OGDLBfGOUHQ8jhEdCKQlfSAp7NSRNlMr4t2/SGTjPRLW7GBLRgMZpacn7p42zFgoA4F11ueJ8y5sGQTrTUc4YRuJ/HQKeNEpZjTC9bwnnZKi31jzrgVtfNvm+p0fqjVZ7HFmknP2w= ; Message-ID: <20051208050338.22749.qmail@web8513.mail.in.yahoo.com> Received: from [202.63.105.146] by web8513.mail.in.yahoo.com via HTTP; Thu, 08 Dec 2005 05:03:38 GMT Date: Thu, 8 Dec 2005 05:03:38 +0000 (GMT) From: priya yelgar To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: racoon with freebsd-4.11 crashes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 05:03:20 -0000 Hi Running racoon on a Freebsd-4.11 machine gives a kernel panic. I am using the racoon from ports directory which comes with the freebsd installation. Steps followed are as shown below: racoon -f /usr/local/etc/racoon/raccon.conf setkey -f ipsec.conf ping -c 1 The ping will lead into a crash. The crash dump looks like for th ping packet it is going to apply a SA. It is going in "key_checkrequest" in key.c file and crashing there. As I know "key_checkrequest" is used to apply a exsiting SA to a outgoing packet. But in case of racoon the first ping packet is used for negotiation with other gateway to establish the SA. I am not understading as to why it is going in key_checkrequest ans crashing. Please anyone who have used racoon with hfreebsd-4.11 can guide me if i am doing something wrong. The config file is given below. I have compiled the kernel with IPSEC ,IPSEC_ESP options. I am using a preshared key file. my configuration file is given below: #!/usr/local/bin/racoon # CONFIGURATION FILE FOR 192.168.190.44 path include "/root"; path pre_shared_key "/root/psk.txt"; log debug2; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } listen { isakmp 192.168.190.43 [500]; } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier address 192.168.190.44; peers_identifier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 08:44:20 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDBE116A424 for ; Thu, 8 Dec 2005 08:44:20 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2843343D5F for ; Thu, 8 Dec 2005 08:44:17 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from [84.247.144.144] (helo=marcin) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1EkHMy-0002hC-Iu; Thu, 08 Dec 2005 09:43:17 +0100 Date: Thu, 8 Dec 2005 09:44:10 +0100 From: Marcin Jessa To: Julian Elischer Message-Id: <20051208094410.78e5f610.lists@yazzy.org> In-Reply-To: <43979412.8020902@elischer.org> References: <43979412.8020902@elischer.org> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.7; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.4 (--) Cc: freebsd-net@freebsd.org Subject: Re: netgraph talk online X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 08:44:21 -0000 On Wed, 07 Dec 2005 18:01:54 -0800 Julian Elischer wrote: > join is on IRC at efnet #bafug > > talk starts at 19:30 San Fraqncisco time (8 hours behind UTC) (in 90 > minutes) > > and watch on one of: > rtsp://streaming.uoregon.edu:555/bafug-live.sdp > rtsp://stream.psg.com/bafug-live.sdp > rtsp://kumr2.lns.com/bafug-live.sdp > > only one of them will be alive but if something screws up we have two > backups :-) Is that recorded and downloadable somewhere? From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 09:16:56 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0ABE516A424 for ; Thu, 8 Dec 2005 09:16:56 +0000 (GMT) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 251CC43DB6 for ; Thu, 8 Dec 2005 09:16:07 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [192.168.2.6]) ([10.251.60.13]) by a50.ironport.com with ESMTP; 08 Dec 2005 01:16:00 -0800 X-IronPort-Anti-Spam-Filtered: true Message-ID: <4397F9CF.3060208@elischer.org> Date: Thu, 08 Dec 2005 01:15:59 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marcin Jessa References: <43979412.8020902@elischer.org> <20051208094410.78e5f610.lists@yazzy.org> In-Reply-To: <20051208094410.78e5f610.lists@yazzy.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: netgraph talk online X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 09:16:56 -0000 Marcin Jessa wrote: >On Wed, 07 Dec 2005 18:01:54 -0800 >Julian Elischer wrote: > > > >>join is on IRC at efnet #bafug >> >>talk starts at 19:30 San Fraqncisco time (8 hours behind UTC) (in 90 >>minutes) >> >>and watch on one of: >>rtsp://streaming.uoregon.edu:555/bafug-live.sdp >>rtsp://stream.psg.com/bafug-live.sdp >>rtsp://kumr2.lns.com/bafug-live.sdp >> >>only one of them will be alive but if something screws up we have two >>backups :-) >> >> > > >Is that recorded and downloadable somewhere? > > I did record it. I will do a quick pass over it and then put it up somewhere. From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 09:45:24 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7F2316A41F; Thu, 8 Dec 2005 09:45:24 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vbook.fbsd.ru (swsoft-mipt-nat.sw.ru [195.214.233.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42A1643D83; Thu, 8 Dec 2005 09:45:23 +0000 (GMT) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1EkIL4-000MR0-G3; Thu, 08 Dec 2005 12:45:22 +0300 From: Vladimir Grebenschikov To: freebsd-net Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: SWsoft Date: Thu, 08 Dec 2005 12:45:21 +0300 Message-Id: <1134035121.1229.22.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 FreeBSD GNOME Team Port Sender: Vladimir Grebenschikov Cc: current Subject: something wrong with either port net/iwi-firmare or iwi driver in tree on current X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 09:45:24 -0000 Hi It is happens on fresh 7-CURRENT. $ man 4 iwi ... This driver requires firmware to be loaded before it will work. You need to install the net/iwi-firmware port before ifconfig(8) will work ... /usr/ports/net/iwi-firmware# make ===> iwi-firmware-2.4 iwi(4) support is already included in your tree. /usr/ports/net/iwi-firmware# $ find /usr/src -name '*iwi*' | fgrep -v iwic /usr/src/share/man/man4/iwi.4 /usr/src/sys/dev/iwi /usr/src/sys/dev/iwi/if_iwi.c /usr/src/sys/dev/iwi/if_iwireg.h /usr/src/sys/dev/iwi/if_iwivar.h /usr/src/sys/modules/iwi /usr/src/tools/tools/iwi /usr/src/tools/tools/iwi/iwistats.c $ What is official way to fetch firmware now ? -- Vladimir B. Grebenschikov SWsoft Inc. vova@swsoft.com From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 11:15:21 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C30CF16A41F for ; Thu, 8 Dec 2005 11:15:21 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id E13F343D6D for ; Thu, 8 Dec 2005 11:15:05 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so401400wxc for ; Thu, 08 Dec 2005 03:15:04 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ON+CghYTW1JrgT3z0ebuR7YAU8dFFrVCnmoevNZdC5FZF14kGirU72hsBW4b01b67m58fO99anHVctpx3CzqzTv5OMVcfypK4t55zdET8nCI4Si6xcjkVbtGKKMhhfgHJEO8rq0vbhhSq4vV278siBZLz8rew3nLf1FyPLbH5/Y= Received: by 10.70.60.2 with SMTP id i2mr3714613wxa; Thu, 08 Dec 2005 03:15:04 -0800 (PST) Received: by 10.70.110.4 with HTTP; Thu, 8 Dec 2005 03:15:04 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 13:15:04 +0200 From: Ivo Vachkov To: Andre Oppermann In-Reply-To: <4397A2D1.452F290A@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4397A2D1.452F290A@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 11:15:22 -0000 > Normally it's the other way around. So be it :) My definition of Policy-Based Routing (PBR): ability make routing decision based on information other than destination IP address in the packet. In my project this "other" information includes source ip address, L4 protocol, tos, packet length. Implementation: Plan 1) This is complex standalone solution implemented entirely in the kernel, plus userland utilities (like the route command). Whole current routing engine will be changed. Instead of Patricia tree I implement a list of data structures, each one including special mask which identifies what field of the IP header are used to match the packet and an AVL tree to store routing information in it. Algorithm is simple: - when user wants to add a rule: pbr_route add -source 192.168.0.0/24 -proto tcp $gateway first thing is to create a generic route mask. This is a bit mask like this= : source address -> 1 destination address -> 0 protocol -> 1 tos -> 0 length -> 0 so, our mask is "10100". Then the kernel's list of routing structures is checked for a structure with that mask. If not found, a new one is created. When found/created a special hash function is used to compute a hash value on the fields, the mask points (in the example - source and protocol). This hash value and the $gateway form a node which is inserted in the AVL tree. - when a packet comes: since the data structures are sorted by their masks in a descending order we have sorted list, most precise matching rules, closest to the head of the list. When a packet is about to be routed, for each of the data structures of the list, we apply the structure's mask to find what combination of characteristics form the routing in this structures. Then we compute the hash and search it in the AVL tree. If we find it -> we find the $gateway where the packet should be routed to. There is one problem however. It is the netmask processing. In this algorithm they're "included" really ugly :) For each structure with source/destination/both type of rules i store one linked list with netmasks only. When a packet processing comes to that structure it enters a new loop -> for each netmask/pair of netmasks, apply the netmask to the source/destination, then compute a hash value and search it in the AVL tree. Plan B) *Somehow very Linuxish* Using some sort of packet classifier (for example packet filter matching code) it marks the packet with a some user defined value. Example: ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 and: pbr_route add -mark 10 $gateway The kernel implementation should check for such marks on every packet and search them in a binary search tree (AVL probably). That's it. Please, excuse my bad english and poor explanations. If you have any questions I'll try to explain better, probably using more examples. Ivo Vachkov From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 11:17:11 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4828216A41F for ; Thu, 8 Dec 2005 11:17:11 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53D4343D81 for ; Thu, 8 Dec 2005 11:17:03 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so401578wxc for ; Thu, 08 Dec 2005 03:17:02 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Mu4gf6vnHk2jqLRijGnoBiHtiA3XcgbalhYpp/U3HOS0bNNSTFP4Ctx/yfMce2O4swmHPXR5Ko3EBCM2YBcN7FsdZspHDhohW86ASQQEjz21IBJrKuvX4wkxcJU/pLurcv4RySokdf8fddZzoqN6vx1G+I/lkUSO/UaZVq8D49I= Received: by 10.70.115.9 with SMTP id n9mr3735469wxc; Thu, 08 Dec 2005 03:17:02 -0800 (PST) Received: by 10.70.110.4 with HTTP; Thu, 8 Dec 2005 03:17:02 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 13:17:02 +0200 From: Ivo Vachkov To: freebsd-net@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4397A2D1.452F290A@freebsd.org> Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 11:17:11 -0000 Both Plans should really be named Plan 1) and Plan 2). Excuse "Plan B)" mis= take. From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 12:06:37 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3E7916A41F; Thu, 8 Dec 2005 12:06:37 +0000 (GMT) (envelope-from baldur@foo.is) Received: from gremlin.foo.is (gremlin.foo.is [194.105.250.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAE2A43D90; Thu, 8 Dec 2005 12:06:16 +0000 (GMT) (envelope-from baldur@foo.is) Received: from 127.0.0.1 (unknown [127.0.0.1]) by injector.foo.is (Postfix) with SMTP id C7AA02842B; Thu, 8 Dec 2005 12:06:09 +0000 (GMT) Received: by gremlin.foo.is (Postfix, from userid 1000) id A41AA28427; Thu, 8 Dec 2005 12:06:05 +0000 (GMT) Date: Thu, 8 Dec 2005 12:06:05 +0000 From: Baldur Gislason To: Ivo Vachkov Message-ID: <20051208120605.GC779@gremlin.foo.is> References: <4397A2D1.452F290A@freebsd.org> In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on gremlin.foo.is X-Spam-Level: X-Spam-Status: No, score=-5.9 required=6.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 X-Sanitizer: Foo MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 12:06:38 -0000 You know you can do policy routing with IPFW. ipfw add fwd 172.20.0.1 ip from 172.20.0.0/24 to not 172.20.0.0/24 for example. Baldur On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: > > Normally it's the other way around. > > So be it :) > > My definition of Policy-Based Routing (PBR): ability make routing > decision based on information other than destination IP address in the > packet. In my project this "other" information includes source ip > address, L4 protocol, tos, packet length. > > Implementation: > > Plan 1) This is complex standalone solution implemented entirely in > the kernel, plus userland utilities (like the route command). Whole > current routing engine will be changed. Instead of Patricia tree I > implement a list of data structures, each one including special mask > which identifies what field of the IP header are used to match the > packet and an AVL tree to store routing information in it. Algorithm > is simple: > - when user wants to add a rule: > pbr_route add -source 192.168.0.0/24 -proto tcp $gateway > first thing is to create a generic route mask. This is a bit mask like this: > source address -> 1 > destination address -> 0 > protocol -> 1 > tos -> 0 > length -> 0 > so, our mask is "10100". Then the kernel's list of routing structures > is checked for a structure with that mask. If not found, a new one is > created. When found/created a special hash function is used to compute > a hash value on the fields, the mask points (in the example - source > and protocol). This hash value and the $gateway form a node which is > inserted in the AVL tree. > - when a packet comes: > since the data structures are sorted by their masks in a > descending order we have sorted list, most precise matching rules, > closest to the head of the list. When a packet is about to be routed, > for each of the data structures of the list, we apply the structure's > mask to find what combination of characteristics form the routing in > this structures. Then we compute the hash and search it in the AVL > tree. If we find it -> we find the $gateway where the packet should be > routed to. > There is one problem however. It is the netmask processing. In this > algorithm they're "included" really ugly :) For each structure with > source/destination/both type of rules i store one linked list with > netmasks only. When a packet processing comes to that structure it > enters a new loop -> for each netmask/pair of netmasks, apply the > netmask to the source/destination, then compute a hash value and > search it in the AVL tree. > > Plan B) *Somehow very Linuxish* Using some sort of packet classifier > (for example packet filter matching code) it marks the packet with a > some user defined value. Example: > ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 > and: > pbr_route add -mark 10 $gateway > The kernel implementation should check for such marks on every packet > and search them in a binary search tree (AVL probably). > > That's it. Please, excuse my bad english and poor explanations. If you > have any questions I'll try to explain better, probably using more > examples. > > Ivo Vachkov > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 14:14:58 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71C7216A41F; Thu, 8 Dec 2005 14:14:58 +0000 (GMT) (envelope-from fgast@howard.only640k.org) Received: from howard.only640k.org (howard.only640k.org [83.120.7.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB22F43D68; Thu, 8 Dec 2005 14:14:51 +0000 (GMT) (envelope-from fgast@howard.only640k.org) Received: from howard.only640k.org (fgast@localhost.only640k.org [127.0.0.1]) by howard.only640k.org (8.13.3/8.13.3) with ESMTP id jB8EEhVk023655 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Dec 2005 15:14:43 +0100 (CET) Received: (from fgast@localhost) by howard.only640k.org (8.13.3/8.13.3/Submit) id jB8EEge1001121; Thu, 8 Dec 2005 15:14:42 +0100 (CET) Date: Thu, 8 Dec 2005 15:14:42 +0100 From: fabian gast To: Vladimir Grebenschikov Message-ID: <20051208141442.GA12414@only640k.org> References: <1134035121.1229.22.camel@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <1134035121.1229.22.camel@localhost> User-Agent: Mutt/1.4.2i X-Virus-Scanned: ClamAV 0.87/1205/Wed Dec 7 15:00:48 2005 on howard.only640k.org X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on howard.only640k.org Cc: current , freebsd-net Subject: Re: something wrong with either port net/iwi-firmare or iwi driver in tree on current X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 14:14:58 -0000 Hi!=20 On Thu, Dec 08, 2005 at 12:45:21PM +0300, Vladimir Grebenschikov wrote: > Hi >=20 > It is happens on fresh 7-CURRENT. >=20 > $ man 4 iwi >=20 > ... > This driver requires firmware to be loaded before it will work. > You need > to install the net/iwi-firmware port before ifconfig(8) will work > ... >=20 i had the same here.=20 i just created /boot/firmeware and copied the firmware-files to it and iwi= =20 worked without iwicontrol. the firmware-path is specified in sys/dev/iwi/if_iwi.c fgast@hagbard:\> pwd /usr/src/sys/dev/iwi fgast@hagbard:\> grep -n boot/firmware * if_iwi.c:2563: snprintf(path, sizeof path, "/boot/firmware/%s.fw", name); hth. fabian=20 --=20 This signature is intentionally left blank. From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 15:25:02 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B470416A41F for ; Thu, 8 Dec 2005 15:25:02 +0000 (GMT) (envelope-from asko_eirampspost@kuusalu.edu.ee) Received: from mail.ultrasoft.ee (ns.ultrasoft.ee [213.35.215.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6452A43D8F for ; Thu, 8 Dec 2005 15:24:28 +0000 (GMT) (envelope-from asko_eirampspost@kuusalu.edu.ee) Received: from localhost (localhost [127.0.0.1]) by mail.ultrasoft.ee (Postfix) with ESMTP id 31F6F5EA7 for ; Thu, 8 Dec 2005 17:24:20 +0200 (EET) Received: from mail.ultrasoft.ee ([127.0.0.1]) by localhost (aidamees.ultrasoft.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 35373-02 for ; Thu, 8 Dec 2005 17:24:19 +0200 (EET) Received: from [192.168.8.25] (unknown [192.168.8.25]) by mail.ultrasoft.ee (Postfix) with ESMTP id 1A8E65EB0 for ; Thu, 8 Dec 2005 17:24:19 +0200 (EET) Message-ID: <43985003.80200@kuusalu.edu.ee> Date: Thu, 08 Dec 2005 17:23:47 +0200 From: asko User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051130) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at ultrasoft.ee Subject: Realtek 8139C+ and watchdog timeouts on 6.0-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 15:25:02 -0000 Hi, I'm getting "re0: watchdog timeout" and "re1: watchdog timeout" errors on one gateway server. That 1U machine has 5 Realtek 8139C+ NIC-s.. When timeout occures, the network stops for about 5-10 seconds and then starts working again. It seems to depend on network load, higher load produces more stops. I found following link: http://groups.google.com/group/muc.lists.freebsd.bugs/browse_thread/thread/ba509d216f6b30e6/e84e76306f6c6249?lnk=st&q=freebsd+watchdog+timeout+re0&rnum=1&hl=en#e84e76306f6c6249 It basically says that 8139C+ works with the older rl driver too. So what's the proper way of forcing system to use rl driver instead on re? What's the probality of getting 8139C+ to work with rl on 6.0 RELEASE? -- asko From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 15:31:05 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED4B816A41F for ; Thu, 8 Dec 2005 15:31:05 +0000 (GMT) (envelope-from meno.abels@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5953843D45 for ; Thu, 8 Dec 2005 15:31:05 +0000 (GMT) (envelope-from meno.abels@gmail.com) Received: by xproxy.gmail.com with SMTP id t12so457546wxc for ; Thu, 08 Dec 2005 07:31:04 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aoAqLxv8WGGQhuddiT2hwgyLv6tgTUN6N1InTUzNJZHqmMUWA1occjdkSqYt+bMl46iYZWvrLZ/0dgqV5JSxVFvyhKsodg0ebmfgHvjTONZl10biEby/JaE+wsq2wNDgUZWH1sVyxN0wPlpX5kyKoIWW3K8XiDlR3VKp4Vh2u7M= Received: by 10.11.100.61 with SMTP id x61mr74083cwb; Thu, 08 Dec 2005 07:31:04 -0800 (PST) Received: by 10.11.122.18 with HTTP; Thu, 8 Dec 2005 07:31:04 -0800 (PST) Message-ID: <344de2870512080731r19c69d2fr@mail.gmail.com> Date: Thu, 8 Dec 2005 16:31:04 +0100 From: Meno Abels To: Mark Jayson Alvarez In-Reply-To: <20051205023720.90613.qmail@web51610.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20051205023720.90613.qmail@web51610.mail.yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: Strange carp problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 15:31:06 -0000 Hi, i worked the last days on non working setup with carp and bridges. And be s= ure that the bad gateway is not your stopping problem. This is only a missing check in the arp code for the virtual carp ethernet addresses. If destroy nothing-:) I had also on strange effect which is something like stopping. I saw that everything is getting to be really slow on the network of one machine. If i say i mean slow so a ping could get a roundtrip time of 10 minutes. I didn't discovered the cause of these but the only solution was to reboot. My feeling is that carp doesn't like to receive packets which have the same vhid but are coming from a different carpxxx than the own one. This is only a idea it is not prooved.... There has to do further investigation to find this problem. I never had the problem if my setup was stable and i stop to play around-:) meno 2005/12/5, Mark Jayson Alvarez : > > Hi, > How does carp computes the MAC address of the a certain Virtual IP? Per= haps I can set up a route for the virtual IP address manually because the k= ernel keeps on complaining: "arp_trequest: bad gateway (!AF_LINK). This is = weired because my carp setup is working for the past 4 days and it suddenly= stopped with the above error. > > Any idea? > Thanks > > > > > > > > --------------------------------- > Yahoo! Personals > Single? There's someone we'd like you to meet. > Lots of someones, actually. Try Yahoo! Personals > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 15:55:41 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5136B16A422 for ; Thu, 8 Dec 2005 15:55:41 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4E3543D79 for ; Thu, 8 Dec 2005 15:55:19 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so439201wxc for ; Thu, 08 Dec 2005 07:55:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KAcFMxZO36RNucryxclxESWTlKaCj+0mbRrWtTTMu3T2Wc0WIOE2d3RTyAZEQgvUf0Jz0egUt8ZEXwG9/qmzdmXKRF6TTSemU81C9/CqWQn38rA8aCq9GOIcGRjLISGuyeE8r+772eAg4NNJHDri7yaO7Z8/XxWVwnIaVGj6mLs= Received: by 10.70.60.13 with SMTP id i13mr3917868wxa; Thu, 08 Dec 2005 07:55:06 -0800 (PST) Received: by 10.70.110.4 with HTTP; Thu, 8 Dec 2005 07:55:06 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 17:55:06 +0200 From: Ivo Vachkov To: freebsd-net@freebsd.org In-Reply-To: <20051208120605.GC779@gremlin.foo.is> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4397A2D1.452F290A@freebsd.org> <20051208120605.GC779@gremlin.foo.is> Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 15:55:42 -0000 2005/12/8, Baldur Gislason : > You know you can do policy routing with IPFW. > ipfw add fwd 172.20.0.1 ip from 172.20.0.0/24 to not 172.20.0.0/24 > for example. > > Baldur > I'm aware that i can do something similar with IPFW, PF and IPF. But this does not means I can do all I want, or even that this is the right way to do it. From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 16:12:54 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFFBC16A423 for ; Thu, 8 Dec 2005 16:12:54 +0000 (GMT) (envelope-from cjeker@diehard.n-r-g.com) Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA83943D4C for ; Thu, 8 Dec 2005 16:12:42 +0000 (GMT) (envelope-from cjeker@diehard.n-r-g.com) Received: (qmail 31093 invoked by uid 1001); 8 Dec 2005 16:12:45 -0000 Date: Thu, 8 Dec 2005 17:12:23 +0100 From: Claudio Jeker To: freebsd-net@freebsd.org Message-ID: <20051208161245.GB19179@diehard.n-r-g.com> Mail-Followup-To: Claudio Jeker , freebsd-net@freebsd.org References: <4397A2D1.452F290A@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.8i Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 16:12:54 -0000 On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: > > Normally it's the other way around. > > So be it :) > > My definition of Policy-Based Routing (PBR): ability make routing > decision based on information other than destination IP address in the > packet. In my project this "other" information includes source ip > address, L4 protocol, tos, packet length. > > Implementation: > > Plan 1) This is complex standalone solution implemented entirely in > the kernel, plus userland utilities (like the route command). Whole > current routing engine will be changed. Instead of Patricia tree I > implement a list of data structures, each one including special mask > which identifies what field of the IP header are used to match the > packet and an AVL tree to store routing information in it. Algorithm > is simple: An AVL tree is far from optimal for route lookups -- think about longest prefix matches. It is even worse than a Patricia tree. Also doing the packet classification as part of the route lookup is IMO a bad idea. Also the linear list that needs to be traversed for every packet is very expensive because you can only do one comparison at a time. > Plan B) *Somehow very Linuxish* Using some sort of packet classifier > (for example packet filter matching code) it marks the packet with a > some user defined value. Example: > ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 > and: > pbr_route add -mark 10 $gateway > The kernel implementation should check for such marks on every packet > and search them in a binary search tree (AVL probably). > > That's it. Please, excuse my bad english and poor explanations. If you > have any questions I'll try to explain better, probably using more > examples. > This is a better approach and much simpler. Pf and IPFW have a powerful classifier and with tables, states, ... it is possible to reduce the classification time significantly. -- :wq Claudio From owner-freebsd-net@FreeBSD.ORG Thu Dec 8 16:43:51 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B87D916A41F for ; Thu, 8 Dec 2005 16:43:51 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A84B143D66 for ; Thu, 8 Dec 2005 16:43:39 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so447257wxc for ; Thu, 08 Dec 2005 08:43:38 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HobI7YvE7frdPmkA6M+IgN8jSgrl+9KV2X1BmlxlV9XDTF11A22Jj2eXsqVbnlF5SWjn/s7CBQeTlP1dP+1qx4W0ZtVAvqz7FJkiXW6Eg+rswJopCfBIaS/WoQxwEpRXGsLY9TtdpLPixtwSVhiw+VdGZpPAYBue6LsrWBBh1FM= Received: by 10.70.59.17 with SMTP id h17mr3373540wxa; Thu, 08 Dec 2005 08:43:38 -0800 (PST) Received: by 10.70.110.4 with HTTP; Thu, 8 Dec 2005 08:43:38 -0800 (PST) Message-ID: Date: Thu, 8 Dec 2005 18:43:38 +0200 From: Ivo Vachkov To: Claudio Jeker , freebsd-net@freebsd.org In-Reply-To: <20051208161245.GB19179@diehard.n-r-g.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4397A2D1.452F290A@freebsd.org> <20051208161245.GB19179@diehard.n-r-g.com> Cc: Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2005 16:43:51 -0000 2005/12/8, Claudio Jeker : > On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: > > > Normally it's the other way around. > > > > So be it :) > > > > My definition of Policy-Based Routing (PBR): ability make routing > > decision based on information other than destination IP address in the > > packet. In my project this "other" information includes source ip > > address, L4 protocol, tos, packet length. > > > > Implementation: > > > > Plan 1) This is complex standalone solution implemented entirely in > > the kernel, plus userland utilities (like the route command). Whole > > current routing engine will be changed. Instead of Patricia tree I > > implement a list of data structures, each one including special mask > > which identifies what field of the IP header are used to match the > > packet and an AVL tree to store routing information in it. Algorithm > > is simple: > > An AVL tree is far from optimal for route lookups -- think about longest > prefix matches. It is even worse than a Patricia tree. > Also doing the packet classification as part of the route lookup is IMO a > bad idea. Also the linear list that needs to be traversed for every packe= t > is very expensive because you can only do one comparison at a time. I am aware that this part sux :) That's why I'm asking for other people's opinions. > > Plan B) *Somehow very Linuxish* Using some sort of packet classifier > > (for example packet filter matching code) it marks the packet with a > > some user defined value. Example: > > ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 > > and: > > pbr_route add -mark 10 $gateway > > The kernel implementation should check for such marks on every packet > > and search them in a binary search tree (AVL probably). > > > > That's it. Please, excuse my bad english and poor explanations. If you > > have any questions I'll try to explain better, probably using more > > examples. > > > > This is a better approach and much simpler. Pf and IPFW have a > powerful classifier and with tables, states, ... it is possible to reduc= e > the classification time significantly. > However this binds the code with some external software. Further more, what should i use to "mark" packets originating from the host ... at some point it get too complex to configure, many rules should be to written just to get it working ... > -- > :wq Claudio > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 05:48:04 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81A4B16A41F for ; Fri, 9 Dec 2005 05:48:04 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from basillia.speedxs.net (basillia.speedxs.net [83.98.255.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFBD143D45 for ; Fri, 9 Dec 2005 05:47:59 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from ongers.net (ongers.speedxs.nl [83.98.237.210]) by basillia.speedxs.net (Postfix) with ESMTP id A0ACF7480; Fri, 9 Dec 2005 06:31:45 +0100 (CET) Received: from (165.146.252.33 [165.146.252.33]) by MailEnable Inbound Mail Agent with ESMTP; Fri, 09 Dec 2005 06:55:39 +0100 Message-ID: <43991AF9.1070804@roamingsolutions.net> Date: Fri, 09 Dec 2005 07:49:45 +0200 From: G Bryant User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en To: Claudio Jeker References: <4397A2D1.452F290A@freebsd.org> <20051208161245.GB19179@diehard.n-r-g.com> In-Reply-To: Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0549-3, 2005/12/07), Outbound message X-Antivirus-Status: Clean MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 05:48:04 -0000 Ivo Vachkov wrote: 2005/12/8, Claudio Jeker [1]: On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: Normally it's the other way around. So be it :) My definition of Policy-Based Routing (PBR): ability make routing decision based on information other than destination IP address in the packet. In my project this "other" information includes source ip address, L4 protocol, tos, packet length. Implementation: Plan 1) This is complex standalone solution implemented entirely in the kernel, plus userland utilities (like the route command). Whole current routing engine will be changed. Instead of Patricia tree I implement a list of data structures, each one including special mask which identifies what field of the IP header are used to match the packet and an AVL tree to store routing information in it. Algorithm is simple: An AVL tree is far from optimal for route lookups -- think about longest prefix matches. It is even worse than a Patricia tree. Also doing the packet classification as part of the route lookup is IMO a bad idea. Also the linear list that needs to be traversed for every packet is very expensive because you can only do one comparison at a time. I am aware that this part sux :) That's why I'm asking for other people's opinions. Plan B) *Somehow very Linuxish* Using some sort of packet classifier (for example packet filter matching code) it marks the packet with a some user defined value. Example: ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 and: pbr_route add -mark 10 $gateway The kernel implementation should check for such marks on every packet and search them in a binary search tree (AVL probably). That's it. Please, excuse my bad english and poor explanations. If you have any questions I'll try to explain better, probably using more examples. This is a better approach and much simpler. Pf and IPFW have a powerful classifier and with tables, states, ... it is possible to reduce the classification time significantly. I am currently using a solution with 5.4 where different packets get routed out different routes. I'm using IPFW and according to protocol or source IP (but IPWF can recognise any IP header criteria you like), I then FWD the packets to the specific gateway required. For this solution to work, you need to make all the gateways available from a single external NIC (or multiple NIC's that have been ng_hook'd). Let me know if you would like an example ipfw script. However this binds the code with some external software. Further more, what should i use to "mark" packets originating from the host ... at some point it get too complex to configure, many rules should be to written just to get it working ... -- :wq Claudio _______________________________________________ [2]freebsd-net@freebsd.org mailing list [3]http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [4]"freebsd-net-unsubscribe@freebsd.org" _______________________________________________ [5]freebsd-net@freebsd.org mailing list [6]http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [7]"freebsd-net-unsubscribe@freebsd.org" References 1. mailto:cjeker@diehard.n-r-g.com 2. mailto:freebsd-net@freebsd.org 3. http://lists.freebsd.org/mailman/listinfo/freebsd-net 4. mailto:freebsd-net-unsubscribe@freebsd.org 5. mailto:freebsd-net@freebsd.org 6. http://lists.freebsd.org/mailman/listinfo/freebsd-net 7. mailto:freebsd-net-unsubscribe@freebsd.org From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 06:08:45 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B64B916A41F for ; Fri, 9 Dec 2005 06:08:45 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from basillia.speedxs.net (basillia.speedxs.net [83.98.255.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6387343D79 for ; Fri, 9 Dec 2005 06:08:43 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from ongers.net (ongers.speedxs.nl [83.98.237.210]) by basillia.speedxs.net (Postfix) with ESMTP id 820F17454; Fri, 9 Dec 2005 06:52:38 +0100 (CET) Received: from (165.146.252.33 [165.146.252.33]) by MailEnable Inbound Mail Agent with ESMTP; Fri, 09 Dec 2005 07:16:32 +0100 Message-ID: <43991FDC.3040002@roamingsolutions.net> Date: Fri, 09 Dec 2005 08:10:36 +0200 From: G Bryant User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Claudio Jeker References: <4397A2D1.452F290A@freebsd.org> <20051208161245.GB19179@diehard.n-r-g.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0549-3, 2005/12/07), Outbound message X-Antivirus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 06:08:45 -0000 Sorry - my formatting fell over... I am currently using a solution with FreeBSD 5.4 where different packets get routed out different routes. I'm using IPFW and according to protocol or source IP (but IPWF can recognise any IP header criteria you like), I then FWD the packets to the specific gateway required. For this solution to work, you need to make all the gateways available from a single external NIC (or multiple NIC's that have been ng_hook'd). Let me know if you would like examples. Regards Graham Ivo Vachkov wrote: >2005/12/8, Claudio Jeker : > > >>On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: >> >> >>>>Normally it's the other way around. >>>> >>>> >>>So be it :) >>> >>>My definition of Policy-Based Routing (PBR): ability make routing >>>decision based on information other than destination IP address in the >>>packet. In my project this "other" information includes source ip >>>address, L4 protocol, tos, packet length. >>> >>>Implementation: >>> >>>Plan 1) This is complex standalone solution implemented entirely in >>>the kernel, plus userland utilities (like the route command). Whole >>>current routing engine will be changed. Instead of Patricia tree I >>>implement a list of data structures, each one including special mask >>>which identifies what field of the IP header are used to match the >>>packet and an AVL tree to store routing information in it. Algorithm >>>is simple: >>> >>> >>An AVL tree is far from optimal for route lookups -- think about longest >>prefix matches. It is even worse than a Patricia tree. >>Also doing the packet classification as part of the route lookup is IMO a >>bad idea. Also the linear list that needs to be traversed for every packet >>is very expensive because you can only do one comparison at a time. >> >> > >I am aware that this part sux :) That's why I'm asking for other >people's opinions. > > > >>>Plan B) *Somehow very Linuxish* Using some sort of packet classifier >>>(for example packet filter matching code) it marks the packet with a >>>some user defined value. Example: >>> ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 >>>and: >>> pbr_route add -mark 10 $gateway >>>The kernel implementation should check for such marks on every packet >>>and search them in a binary search tree (AVL probably). >>> >>>That's it. Please, excuse my bad english and poor explanations. If you >>>have any questions I'll try to explain better, probably using more >>>examples. >>> >>> >>> >>This is a better approach and much simpler. Pf and IPFW have a >>powerful classifier and with tables, states, ... it is possible to reduce >>the classification time significantly. >> >> >> > >However this binds the code with some external software. Further more, >what should i use to "mark" packets originating from the host ... at >some point it get too complex to configure, many rules should be to >written just to get it working ... > > > >>-- >>:wq Claudio >>_______________________________________________ >>freebsd-net@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-net >>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> >> >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 09:01:18 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4A5E16A41F for ; Fri, 9 Dec 2005 09:01:18 +0000 (GMT) (envelope-from symao@juniper.net) Received: from borg.juniper.net (borg.juniper.net [207.17.137.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADA5143D70 for ; Fri, 9 Dec 2005 09:01:06 +0000 (GMT) (envelope-from symao@juniper.net) Received: from unknown (HELO alpha.jnpr.net) ([172.24.18.126]) by borg.juniper.net with ESMTP; 09 Dec 2005 01:01:06 -0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="3.99,233,1131350400"; d="scan'208,217"; a="515770325:sNHT47002952" Received: from lepton.jnpr.net ([10.208.0.16]) by alpha.jnpr.net with Microsoft SMTPSVC(6.0.3790.1830); Fri, 9 Dec 2005 01:01:05 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 9 Dec 2005 16:56:29 +0800 Message-ID: <6834BE1811D97C4B8581CE6BD14506800542FD@lepton.jnpr.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Does 4.11 support PCI-E? Thread-Index: AcX8nnHDjRWp9FoXRE2krEimuGa4iw== From: "ShouYan Mao" To: X-OriginalArrivalTime: 09 Dec 2005 09:01:05.0865 (UTC) FILETIME=[1692DB90:01C5FC9F] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Does 4.11 support PCI-E? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 09:01:18 -0000 As the subject suggests! Any information is appreciated! =20 Shouyan Mao From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 09:48:29 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0B6416A41F for ; Fri, 9 Dec 2005 09:48:29 +0000 (GMT) (envelope-from atanas.yankov@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id C030C43D58 for ; Fri, 9 Dec 2005 09:48:23 +0000 (GMT) (envelope-from atanas.yankov@gmail.com) Received: by xproxy.gmail.com with SMTP id s14so580699wxc for ; Fri, 09 Dec 2005 01:48:09 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=kAhlyrVPAhmu0EaRfl4RMvBrWyFJxcIYO8d2yuN6T6PRIUZl7P+6FUK+4x4CQSUnKgNSmudMmJp+SfQ2Oz1oqL4tLebUv+mgMwZNWJElkHKAmm4DnKmbJIwfIPc9L30F3Ie8NLjf5LnMnnCCL0br3MQMGJ1kW8W5kFDC5+bMuOY= Received: by 10.70.37.1 with SMTP id k1mr4367543wxk; Fri, 09 Dec 2005 01:48:08 -0800 (PST) Received: by 10.70.42.3 with HTTP; Fri, 9 Dec 2005 01:48:08 -0800 (PST) Message-ID: <314d88f90512090148m143b0f83u8dbc0c28e3ab9b4c@mail.gmail.com> Date: Fri, 9 Dec 2005 11:48:08 +0200 From: atanas atanas To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 09:48:30 -0000 As i see nobody here answer to me and to other guys i make my own ivestigation of the problem with dummynet and why it's produce broken fragments in 5.x 6.x RELEASES in my debug's i found what couse the problem ;))) , here is my debugs all made on outgoing interaface after they live pipe's My Desktop PC ---- >>> 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 18997:1480@0+) (ttl 64, len 1500) 192.168.135.213 > 195.69.108.254: icmp (frag 18997:528@1480) (ttl 64, len 548) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19000:1480@0+) (ttl 64, len 1500) 192.168.135.213 > 195.69.108.254: icmp (frag 19000:528@1480) (ttl 64, len 548) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19004:1480@0+) (ttl 64, len 1500) 192.168.135.213 > 195.69.108.254: icmp (frag 19004:528@1480) (ttl 64, len 548) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19008:1480@0+) (ttl 64, len 1500) 192.168.135.213 > 195.69.108.254: icmp (frag 19008:528@1480) (ttl 64, len 548) Router-FreeBSD RELEASE-4.11-p13 with pipe's for incoming and outgoing traffic 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 18997:1480@0+) 192.168.135.213 > 195.69.108.254: icmp (frag 18997:528@1480) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19000:1480@0+) 192.168.135.213 > 195.69.108.254: icmp (frag 19000:528@1480) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19004:1480@0+) 192.168.135.213 > 195.69.108.254: icmp (frag 19004:528@1480) 192.168.135.213 > 195.69.108.254: icmp: echo request (frag 19008:1480@0+) 192.168.135.213 > 195.69.108.254: icmp (frag 19008:528@1480) Router-FreeBSD RELEASE-5.4-p8 with pipe's for incoming and outgoing traffic IP (tos 0x0, ttl 62, id 26431, offset 0, flags [+], length: 1500) 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 0 IP (tos 0x0, ttl 62, id 26433, offset 1480, flags [none], length: 548) 192.168.135.213 > 195.69.108.254: icmp IP (tos 0x0, ttl 62, id 36602, offset 0, flags [+], length: 1500) 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 256 IP (tos 0x0, ttl 62, id 36603, offset 1480, flags [none], length: 548) 192.168.135.213 > 195.69.108.254: icmp IP (tos 0x0, ttl 62, id 46610, offset 0, flags [+], length: 1500) 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 512 IP (tos 0x0, ttl 62, id 46611, offset 1480, flags [none], length: 548) 192.168.135.213 > 195.69.108.254: icmp IP (tos 0x0, ttl 62, id 57038, offset 0, flags [+], length: 1500) 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 768 IP (tos 0x0, ttl 62, id 57039, offset 1480, flags [none], length: 548) 192.168.135.213 > 195.69.108.254: icmp the second router 5.x first change id off fragments then broke sequence and destination host can't reasseble all packet this is the reason why ping -s 2000 x.y.z.1 won't work traceroute x.y.z.1 2000 tcptraceroute x.y.z.1 80 2000 too but it's a simple tools for troubleshooting , the baddest in this case is that it's harm real traffic vpn-s , and others ---> Here is a fix of this problem --- ip_output.c Fri Dec 2 13:35:16 2005 +++ ip_output-fix.c Thu Dec 8 17:39:28 2005 @@ -173,7 +173,6 @@ if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) =3D=3D 0) { ip->ip_v =3D IPVERSION; ip->ip_hl =3D hlen >> 2; - ip->ip_id =3D ip_newid(); ipstat.ips_localout++; } else { hlen =3D ip->ip_hl << 2; br, CCNP Atanas Yankov Network Administrator AngelSoft Ltd. From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 10:19:41 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3570016A41F for ; Fri, 9 Dec 2005 10:19:41 +0000 (GMT) (envelope-from misho@interbgc.com) Received: from mail.interbgc.com (mx02.interbgc.com [217.9.224.227]) by mx1.FreeBSD.org (Postfix) with SMTP id 249FA43D77 for ; Fri, 9 Dec 2005 10:19:39 +0000 (GMT) (envelope-from misho@interbgc.com) Received: (qmail 28899 invoked from network); 9 Dec 2005 10:19:31 -0000 Received: from misho@interbgc.com by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.2.40/v4374. spamassassin: 2.63. Clear:SA:0(-5.9/8.0):. Processed in 3.030773 secs); 09 Dec 2005 10:19:31 -0000 X-Spam-Status: No, hits=-5.9 required=8.0 Received: from unknown.interbgc.com (HELO misho) (217.9.224.205) by mx02.interbgc.com with SMTP; 9 Dec 2005 10:19:28 -0000 Message-ID: <000001c5fcaa$0988b040$04030201@misho> From: "Mihail Balikov" To: Date: Fri, 9 Dec 2005 12:09:25 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Cc: Subject: BUG: ip_output.c FreeBSD 4.11 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mihail Balikov List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 10:19:41 -0000 Hello, In FreeBSD 4.x in ip_output.c in part for ipfw local forwarding there's typo that will cause kernel panic: regards, Mihail Balikov --- ip_output.c.orig Fri Dec 9 12:08:26 2005 +++ ip_output.c Fri Dec 9 12:08:43 2005 @@ -889,7 +889,7 @@ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { m->m_pkthdr.csum_flags |= CSUM_DATA_VALID | CSUM_PSEUDO_HDR; - m0->m_pkthdr.csum_data = 0xffff; + m->m_pkthdr.csum_data = 0xffff; } m->m_pkthdr.csum_flags |= CSUM_IP_CHECKED | CSUM_IP_VALID; From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 11:35:24 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3477216A425 for ; Fri, 9 Dec 2005 11:35:24 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from mr1.dcs.gla.ac.uk (mr1.dcs.gla.ac.uk [130.209.249.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 073DB43D53 for ; Fri, 9 Dec 2005 11:35:07 +0000 (GMT) (envelope-from saurin@dcs.gla.ac.uk) Received: from ex1.ad.dcs.gla.ac.uk ([130.209.249.157]:12184) by mr1.dcs.gla.ac.uk with esmtp (Exim 4.42) id 1EkgWn-0002nO-61; Fri, 09 Dec 2005 11:35:05 +0000 Received: from [130.209.254.19] ([130.209.254.19]) by ex1.ad.dcs.gla.ac.uk over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Fri, 9 Dec 2005 11:35:05 +0000 In-Reply-To: <314d88f90512090148m143b0f83u8dbc0c28e3ab9b4c@mail.gmail.com> References: <314d88f90512090148m143b0f83u8dbc0c28e3ab9b4c@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <986A5F8C-52A2-43A5-99F2-5ADDD11AD16A@dcs.gla.ac.uk> Content-Transfer-Encoding: 7bit From: Alvaro Saurin Date: Fri, 9 Dec 2005 11:41:21 +0000 To: atanas atanas X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 09 Dec 2005 11:35:05.0133 (UTC) FILETIME=[999B45D0:01C5FCB4] Cc: freebsd-net@freebsd.org Subject: Re: Dummynet and fragments X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 11:35:24 -0000 Hi, I have tested your patch and it works fine for me. Thanks. Alvaro On 9 Dec 2005, at 09:48, atanas atanas wrote: > As i see nobody here answer to me and to other guys i make my own > ivestigation of the problem with dummynet and why it's produce broken > fragments in 5.x 6.x RELEASES > in my debug's i found what couse the problem ;))) , here is my > debugs all > made on outgoing interaface after they live pipe's > > My Desktop PC ---- >>> > > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 18997:1480@0+) > (ttl 64, len 1500) > 192.168.135.213 > 195.69.108.254: icmp (frag 18997:528@1480) (ttl > 64, len > 548) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19000:1480@0+) > (ttl 64, len 1500) > 192.168.135.213 > 195.69.108.254: icmp (frag 19000:528@1480) (ttl > 64, len > 548) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19004:1480@0+) > (ttl 64, len 1500) > 192.168.135.213 > 195.69.108.254: icmp (frag 19004:528@1480) (ttl > 64, len > 548) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19008:1480@0+) > (ttl 64, len 1500) > 192.168.135.213 > 195.69.108.254: icmp (frag 19008:528@1480) (ttl > 64, len > 548) > > Router-FreeBSD RELEASE-4.11-p13 with pipe's for incoming and outgoing > traffic > > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 18997:1480@0+) > 192.168.135.213 > 195.69.108.254: icmp (frag 18997:528@1480) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19000:1480@0+) > 192.168.135.213 > 195.69.108.254: icmp (frag 19000:528@1480) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19004:1480@0+) > 192.168.135.213 > 195.69.108.254: icmp (frag 19004:528@1480) > 192.168.135.213 > 195.69.108.254: icmp: echo request (frag > 19008:1480@0+) > 192.168.135.213 > 195.69.108.254: icmp (frag 19008:528@1480) > > > Router-FreeBSD RELEASE-5.4-p8 with pipe's for incoming and outgoing > traffic > > IP (tos 0x0, ttl 62, id 26431, offset 0, flags [+], length: 1500) > 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 0 > IP (tos 0x0, ttl 62, id 26433, offset 1480, flags [none], length: > 548) > 192.168.135.213 > 195.69.108.254: icmp > IP (tos 0x0, ttl 62, id 36602, offset 0, flags [+], length: 1500) > 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 256 > IP (tos 0x0, ttl 62, id 36603, offset 1480, flags [none], length: > 548) > 192.168.135.213 > 195.69.108.254: icmp > IP (tos 0x0, ttl 62, id 46610, offset 0, flags [+], length: 1500) > 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 512 > IP (tos 0x0, ttl 62, id 46611, offset 1480, flags [none], length: > 548) > 192.168.135.213 > 195.69.108.254: icmp > IP (tos 0x0, ttl 62, id 57038, offset 0, flags [+], length: 1500) > 192.168.135.213 > 195.69.108.254: icmp 1480: echo request seq 768 > IP (tos 0x0, ttl 62, id 57039, offset 1480, flags [none], length: > 548) > 192.168.135.213 > 195.69.108.254: icmp > > the second router 5.x first change id off fragments then broke > sequence and > destination host can't reasseble all packet this is the reason why > ping -s 2000 x.y.z.1 won't work > traceroute x.y.z.1 2000 > tcptraceroute x.y.z.1 80 2000 too > but it's a simple tools for troubleshooting , the baddest in this > case is > that it's harm real traffic vpn-s , and others > > ---> Here is a fix of this problem > > > --- ip_output.c Fri Dec 2 13:35:16 2005 > +++ ip_output-fix.c Thu Dec 8 17:39:28 2005 > @@ -173,7 +173,6 @@ > if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { > ip->ip_v = IPVERSION; > ip->ip_hl = hlen >> 2; > - ip->ip_id = ip_newid(); > ipstat.ips_localout++; > } else { > hlen = ip->ip_hl << 2; > > > br, > CCNP Atanas Yankov > Network Administrator > AngelSoft Ltd. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Alvaro Saurin From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 18:51:07 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8F9B16A41F for ; Fri, 9 Dec 2005 18:51:07 +0000 (GMT) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9FEB43D6B for ; Fri, 9 Dec 2005 18:51:05 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.23.157]) ([10.251.23.157]) by a50.ironport.com with ESMTP; 09 Dec 2005 10:51:05 -0800 X-IronPort-Anti-Spam-Filtered: true Message-ID: <4399D218.20509@elischer.org> Date: Fri, 09 Dec 2005 10:51:04 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ShouYan Mao References: <6834BE1811D97C4B8581CE6BD14506800542FD@lepton.jnpr.net> In-Reply-To: <6834BE1811D97C4B8581CE6BD14506800542FD@lepton.jnpr.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Does 4.11 support PCI-E? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 18:51:07 -0000 ShouYan Mao wrote: >As the subject suggests! > > The kernel doesn't teat it in any special way. However I have a Dell PE2850 with PCI-E and 4.11 is using it just fine. The existing PCI code doesn't know it's special so it just lets the Bios set it up. >Any information is appreciated! > > > >Shouyan Mao > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 20:33:10 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BB5F16A41F; Fri, 9 Dec 2005 20:33:10 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACB8643D6E; Fri, 9 Dec 2005 20:32:54 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 7B2F71FFAD4; Fri, 9 Dec 2005 21:32:43 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id C1AEE1FFAD3; Fri, 9 Dec 2005 21:32:40 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 446AB444F50; Fri, 9 Dec 2005 20:28:38 +0000 (UTC) Date: Fri, 9 Dec 2005 20:28:38 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: FreeBSD current mailing list Message-ID: <20051209175607.C23668@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de X-Mailman-Approved-At: Fri, 09 Dec 2005 20:39:56 +0000 Cc: Subject: nve(4) patch - please test! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 20:33:10 -0000 Hi, everyone out there who had only seen timeouts like nve0: device timeout (4) on nve and __never got it working at all__ please try this patch[1] which made my nve working from 0 to 99. I still can get timeouts by for example flood pinging another machine on the local LAN but it all recovers on it's own and I can work on that machine and do things like find / over ssh without losing connectivity. Fixing the timeouts will be another problem that needs to be addressed later. Greetings Bjoern A. Zeeb [1] http://sources.zabbadoz.net/freebsd/patchset/nve-20051209-01.diff Index: if_nve.c =================================================================== RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/dev/nve/if_nve.c,v retrieving revision 1.19 diff -u -p -r1.19 if_nve.c --- if_nve.c 7 Dec 2005 17:38:03 -0000 1.19 +++ if_nve.c 9 Dec 2005 17:50:32 -0000 @@ -643,6 +643,10 @@ nve_init_locked(struct nve_softc *sc) nve_stop(sc); DEBUGOUT(NVE_DEBUG_INIT, "nve: do pfnInit\n"); + /* Setup multicast filter */ + nve_setmulti(sc); + nve_ifmedia_upd_locked(ifp); + /* Setup Hardware interface and allocate memory structures */ error = sc->hwapi->pfnInit(sc->hwapi->pADCX, 0, /* force speed */ @@ -661,10 +665,6 @@ nve_init_locked(struct nve_softc *sc) sc->hwapi->pfnEnableInterrupts(sc->hwapi->pADCX); sc->hwapi->pfnStart(sc->hwapi->pADCX); - /* Setup multicast filter */ - nve_setmulti(sc); - nve_ifmedia_upd_locked(ifp); - /* Update interface parameters */ ifp->if_drv_flags |= IFF_DRV_RUNNING; ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Sat Dec 10 15:43:10 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B59B716A41F for ; Sat, 10 Dec 2005 15:43:10 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id E618743D5A for ; Sat, 10 Dec 2005 15:43:07 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id D14E691564; Sat, 10 Dec 2005 10:43:06 -0500 (EST) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 50037-01-28; Sat, 10 Dec 2005 10:43:06 -0500 (EST) Received: from [204.17.195.113] (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 26A6D9155A; Sat, 10 Dec 2005 10:43:03 -0500 (EST) Message-ID: <439AF794.3080909@vineyard.net> Date: Sat, 10 Dec 2005 10:43:16 -0500 From: "Eric W. Bates" Organization: Vineyard.NET, Inc. User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Subject: FBSD 6.0 ipfw weirdness with ssh x-forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2005 15:43:10 -0000 My 6.0 upgrades have been going smoothly. However, I had to add: 121 allow all from me6 to me6 along with my normal: 120 allow all from me to me before I could forward my X applications on a machine with IPSec compiled in. Similar machines with IPv6 but no IPSEC listed in the config options do not exhibit this behavior. I was clued by the following errors in the log: Dec 9 23:15:33 gertrude kernel: ipfw: 510 Deny TCP [::0001]:6010 [::0001]:61310 out via lo0 I was hoping someone smarter than I could point me to any documentation about the change. Has ipfw recently split me and me6 (I never noticed the latter before because I'm not using IPv6 yet [shame])? Is this a change in the way the 6.0 kernel handles lo0 traffic in general? Is this a change in ssh forwarding? Or has there always been IPv6 traffic? Thanks for your time. -- Eric W. Bates