From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 02:24:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2AB6D16A407 for ; Sun, 17 Dec 2006 02:24:36 +0000 (UTC) (envelope-from mav@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C3DB43CA5 for ; Sun, 17 Dec 2006 02:24:34 +0000 (GMT) (envelope-from mav@alkar.net) Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 19060472; Sun, 17 Dec 2006 04:24:34 +0200 Message-ID: <4584AA60.5070207@alkar.net> Date: Sun, 17 Dec 2006 04:24:32 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: brian@Awfulhak.org, freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: ppp have bug in CCP negotiation? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 02:24:36 -0000 Hi. While debugging ccp support in mpd I have found strange behaviour in ppp daemon. In rfc1962 written: Configuration Options, in this protocol, indicate algorithms that the receiver is willing or able to use to decompress data sent by the sender. But when ppp negotiates different compression methods on different sides it behaves strictly in opposite way. It uses for decompression method which was requested in ConfigRequest by other side. Here is mpd logs. It negotiated pred1 for compress and mppc for decompress (it is stupid, but possible): [b2] CCP: SendConfigReq #1 MPPC 0x010000e0:MPPE(40, 56, 128 bits), stateless PRED1 [b2] CCP: rec'd Configure Request #7 link 0 (Req-Sent) DEFLATE Not supported PRED1 MPPC 0x000000e0:MPPE(40, 56, 128 bits), [b2] CCP: SendConfigRej #7 DEFLATE MPPC 0x000000e0:MPPE(40, 56, 128 bits), [b2] CCP: rec'd Configure Reject #2 link 0 (Ack-Sent) PRED1 [b2] CCP: SendConfigReq #3 MPPC 0x01000040:MPPE(128 bits), stateless [b2] CCP: rec'd Configure Ack #3 link 0 (Ack-Sent) MPPC 0x01000040:MPPE(128 bits), stateless [b2] CCP: LayerUp Compress using: pred1 () Decompress using: mppc (MPPE(128 bits), stateless) Here is ppp output: PPP ON fish> show ccp deflink: CCP [Opened] My protocol = PRED1, His protocol = MPPE Output: 0 --> 0, Input: 0 --> 0 Input Options: value 0x01000040 (128 bits, stateless) Output Options: (null) When I am trying to send packets from mpd side to ppp side, ppp writes: Error: MPPE: Input: Invalid packet (flags = 0x8000) Error: MPPE: Input: Invalid packet (flags = 0x8000) Error: MPPE: Input: Invalid packet (flags = 0x8000) Error: MPPE: Input: Invalid packet (flags = 0x8000) Error: MPPE: Input: Invalid packet (flags = 0x8000) -- Alexander Motin mav@alkar.net From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 04:56:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 574E716A40F for ; Sun, 17 Dec 2006 04:56:54 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outI.internet-mail-service.net (outI.internet-mail-service.net [216.240.47.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id B64B943CB0 for ; Sun, 17 Dec 2006 04:56:48 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Sat, 16 Dec 2006 20:41:20 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBH4uicB085976; Sat, 16 Dec 2006 20:56:47 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4584CE0C.3020307@elischer.org> Date: Sat, 16 Dec 2006 20:56:44 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Max Laier References: <457DCD47.5090004@elischer.org> <200612120045.41425.max@love2party.net> <4583119B.20608@elischer.org> <200612160446.02644.max@love2party.net> In-Reply-To: <200612160446.02644.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 04:56:54 -0000 Max Laier wrote: > On Friday 15 December 2006 22:20, Julian Elischer wrote: >> Max, further to your comment.. >> >> Max Laier wrote: >>> On Monday 11 December 2006 23:58, Julian Elischer wrote: >>>> Andre Oppermann wrote: >>>>> Julian Elischer wrote: >>>>>> in ipfw layer 2 processing, the packet is passed to the firewall >>>>>> as if it was a layer 3 IP packet but the ether header is also made >>>>>> available. >>>>>> >>>>>> I would like to add something similar in the case where a vlan >>>>>> tag is also on the packet.. >>>>>> >>>>>> basically I have a change where: >>>>>> >>>>>> If we are processing layer 2 packets (in ether or bridge code) >>>>>> AND a sysctl says to do it, >>>>>> and it is a vlan packet, >>>>>> >>>>>> Then the vlan header is also held back so that the packet can be >>>>>> processed and examined as an IP packet. It is >>>>>> (in the same way the ether header is) reattached when the packet >>>>>> is accepted. >>>>>> >>>>>> This allows me to filter packets that are traversing my bridge, >>>>>> even though they are encapsulated in a vlan. >>>>>> >>>>>> I have patches to allow this. I need this function. does anyone >>>>>> else? >>>>> Please have the ipfw code examine the vlan tag in the mbuf instead >>>>> of fiddling with the mbuf contents. >>>> The ipfw will be ignoring the vlan contents.. the patch is to move >>>> the 'start of ip header' pointer past the vlan header.. (if asked) >>>> so that it can identifu the IP packet. >>>> >>>> part of the patch is to make sure all the code uses this pointer >>>> instead of the case now where some code uses it and some uses >>>> mtod(). >>>> >>>> This could be used in conjunction with vlan keyword that would look >>>> at the vlan header, but that is a different feature.. >>> I understand you do have a patch? Let's see it, so we are clear what >>> we are talking about. I think that w/o a ipfw feature to identify >>> the vlan number, it is pretty useless. Of course, it would enable >>> you to do some basic sanity checks, but real filtering needs to know >>> the vlan it is concerned with. BTW, what speaks against plugging the >>> bridge into the vlan on either side and bridge the vlan interfaces >>> together? >> I have placed the following patch files: >> http://www.freebsd.org/~julian/vlstrip-7.diff >> http://www.freebsd.org/~julian/vlstrip-6.diff >> >> which implement the ability to look within vlans when being used >> on a bridge. >> >> I have done SOME testing with this but would certainly appreciate >> another set of eyes.. >> the next change would be lyered on top of this change and would be the >> addition of a rule: >> >> ipfw add 100 {operation} ip from any to any vlan {vlan_id}[-{vlan_id}] >> >> e.g. >> ipfw add 1000 skipto 4000 ip from any to any vlan 100-200 >> >> This, as it is will probably not work for the cases where vlans are >> decoded by the hardware. I'm guessing that at some stage we need to >> add the ability to cope with that too.. I remember that someone added >> some capacity to do that to bpf recently.. (?) I think.. > > There is M_VLANTAG and m_pkthdr.ether_vtag for hardware support. You > could even reuse those for this. i.e. emulate hardware support for ipfw > in the pfil hook. If you want to look at the vlan tag later, you can > always use those then. maybe.. > >> I hope I've found all the places where the old code cared that the ip >> header was teh first thing in the mbuf.. >> if you see any places where that is stil assumed, let me know. > > I don't like the implementation for this reason. It feels hackish to me. > What is the reason that you didn't duplicate the ethernet header approach > in ip_fw_pfil.c? Speed? Did you measure? It is certainly easier to > properly strip off the vlan header in the pfil hook code and reattach it > when done (or trust the hardware to do it - if M_VLANTAG was set in the > first place). The big trick is that the mbuf must nt get midified in the packet filter if there is any chance that it will be taken out and resent. For example in a bridge.. I'm filtering packets.. they are vlan packets traversing the bridge. If I 'allow' the packet then it needs to re-enter the bridge with the same headers etc, that it came in with. so I really want to move to having teh mbuf unchanged and having a pointer saying where the IP header starts. > > As an aside, I agree that the mtod mania isn't that great either and we > should probably do away with it. But that's orthogonal to the vlan > handling - I just don't like that to be pulled into *IP*fw. This might > just be me, however. > >> It's working for my testing here but I'm only using it to monitor >> traffic on a tap, so the packets are discarded anyhow. > From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 04:58:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D4E6416A407 for ; Sun, 17 Dec 2006 04:58:00 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outT.internet-mail-service.net (outT.internet-mail-service.net [216.240.47.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 994F843CB5 for ; Sun, 17 Dec 2006 04:57:59 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Sat, 16 Dec 2006 20:42:32 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBH4vwHd087133; Sat, 16 Dec 2006 20:57:58 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4584CE56.5070606@elischer.org> Date: Sat, 16 Dec 2006 20:57:58 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Andre Oppermann References: <457DCD47.5090004@elischer.org> <200612120045.41425.max@love2party.net> <4583119B.20608@elischer.org> <200612160446.02644.max@love2party.net> <4583B919.8030008@freebsd.org> In-Reply-To: <4583B919.8030008@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Max Laier , freebsd-net@freebsd.org Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 04:58:00 -0000 Andre Oppermann wrote: > Max Laier wrote: >> I don't like the implementation for this reason. It feels hackish to >> me. What is the reason that you didn't duplicate the ethernet header >> approach in ip_fw_pfil.c? Speed? Did you measure? It is certainly >> easier to properly strip off the vlan header in the pfil hook code and >> reattach it when done (or trust the hardware to do it - if M_VLANTAG >> was set in the first place). >> >> As an aside, I agree that the mtod mania isn't that great either and >> we should probably do away with it. But that's orthogonal to the vlan >> handling - I just don't like that to be pulled into *IP*fw. This >> might just be me, however. > > IMO we should split IPFW into two parts (at least logically), one for > *IP* firewalling, as you say, and one for Ethernet firewalling. With > different not-intermixed rulesets. /sbin/ipfw could get a hardlink to > /sbin/efw to do the ethernet rules display and manipulation. Note that > this is a different thing from the etherbridge stuff where a layer 2 > frame is inspected and turned temporarily into a layer 3 IP packet for > inspection on the IP layer. which is what this is for.. I'm inspecting IP packets as they are bridged even if they are in vlans. > From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 09:23:01 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 12FE616A4B3 for ; Sun, 17 Dec 2006 09:23:01 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id B568243C9E for ; Sun, 17 Dec 2006 09:23:00 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout3.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id kBH9MoeJ014134; Sun, 17 Dec 2006 01:22:51 -0800 (PST) Date: Sun, 17 Dec 2006 10:44:18 +0900 Message-ID: From: gnn@FreeBSD.org To: "dave jones" In-Reply-To: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@FreeBSD.org Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 09:23:01 -0000 At Sat, 16 Dec 2006 20:52:10 +0800, dave jones wrote: > > Hi, > > Is anyone working on implementing UDP lite in FreeBSD? If not, > I'd like to work on it. Hi, Can you give us more context on this UDP lite thing? Is this an RFC/IETF thing or??? Thanks, George From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 10:00:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6DC2E16A524; Sun, 17 Dec 2006 10:00:41 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42F6C43DF4; Sun, 17 Dec 2006 10:00:21 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 9252220025A; Sun, 17 Dec 2006 11:00:12 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 02D7C2002DA; Sun, 17 Dec 2006 11:00:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id E0DC5444889; Sun, 17 Dec 2006 09:57:06 +0000 (UTC) Date: Sun, 17 Dec 2006 09:57:06 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: "George V. Neville-Neil" In-Reply-To: Message-ID: <20061217095650.J91892@maildrop.int.zabbadoz.net> References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@FreeBSD.org, dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 10:00:41 -0000 On Sun, 17 Dec 2006, gnn@FreeBSD.org wrote: > At Sat, 16 Dec 2006 20:52:10 +0800, > dave jones wrote: >> >> Is anyone working on implementing UDP lite in FreeBSD? If not, >> I'd like to work on it. > > Can you give us more context on this UDP lite thing? Is this an > RFC/IETF thing or??? ftp://ftp.rfc-editor.org/in-notes/rfc3828.txt -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 12:17:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 246F416A47E for ; Sun, 17 Dec 2006 12:17:49 +0000 (UTC) (envelope-from aburke@nullplusone.net) Received: from alpha.nullplusone.net (sub25-168.member.dsl-only.net [63.105.25.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 674D243D7B for ; Sun, 17 Dec 2006 12:16:51 +0000 (GMT) (envelope-from aburke@nullplusone.net) Received: from leda (leda.int.nullplusone.net [192.168.10.242]) by alpha.nullplusone.net (8.12.9/8.12.9) with ESMTP id kBHCGfKa086361; Sun, 17 Dec 2006 04:16:41 -0800 (PST) (envelope-from aburke@nullplusone.net) From: "Aaron Burke" To: "Sam Wun" , "Freebsd-Net@Freebsd. Org" Date: Sun, 17 Dec 2006 04:17:48 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Importance: Normal In-Reply-To: Cc: Subject: RE: Adding a new VPN connection X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 12:17:49 -0000 SNIP > In a FreeBSD router (5.4-stable), there are currently 50 IPSEC VPN > connections running with 50 remote sites, now I need to add one more (new) > vpn to it without resetting the existing VPN connection. Therefore I have > created a script (new-vpn.sh): > > #!/bin/sh > > # Tunnel to kgportsmith > /sbin/ifconfig gif108 destroy > /sbin/ifconfig gif108 create > /sbin/ifconfig gif108 tunnel 10.152.34.74 10.154.3.74 > /sbin/ifconfig gif108 inet 10.1.1.1 10.1.1.33 netmask 255.255.255.0 > /sbin/route delete 10.1.33.1/24 > /sbin/route delete 172.17.33.0/24 > /sbin/route add 10.1.33.1/24 10.1.1.33 > /sbin/route add 172.17.33.0/24 10.1.1.33 I love the gif interface, you may want to possible increase the default TTL on each gif connection. They default MTU is 1280. My gif tunnels have an MTU of 1472. 1474 requires fragmentation. > > setkey -c << EOF > > # Setup policies with kgportsmith > spdadd 10.152.34.74 10.154.3.74 any -P out ipsec esp/tunnel/10.152.34.74- > 10.154.3.74/require ; > spdadd 10.154.3.74 10.152.34.74 any -P in ipsec esp/tunnel/10.154.3.74- > 10.152.34.74/require ; > add 10.152.34.74 10.154.3.74 esp 2797 -m tunnel -E blowfish-cbc > 0x11205611340CCEA4C816670A4A8DD2A67403F46A08169850DC0B8E2989C3C209 > 4CEF174297ECCF39644B6C4E28D5A3BD4C0861DD7094E398 > -A hmac-sha1 0x2C49F538BAF74917311382F7EE42CC43FBDBDA4B ; > add 10.154.3.74 10.152.34.74 esp 4074 -m tunnel -E blowfish-cbc > 0x82A7C78A8C1F8B0DF8EE75F4BEEA5A26D987C6237D43ED98EF3E2A18D2B7F2C9 > 4674E1E4B1FAFE645CCB2C18603646E20EB925B06AEC4F6B > -A hmac-sha1 0xCE1D85113D11D43C061E499CFFECCD81D50A3530 ; > > EOF > > ### END OF SCRIPT ### I dont see any reference to "spdflush;" or "flush;", therefore your should be fine. > Will this script (especially the command setkey -c) erase (reset) the > existing VPN connection and security keys)? If it does, I will lose the > connectino with all other sites. I dont see any flush commands, therfore the existing keys should be fine. SNIP -- Aaron aburke@nullplusone.net From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 16:28:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2823116A53B; Sun, 17 Dec 2006 16:28:45 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54FA843CB5; Sun, 17 Dec 2006 16:28:17 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-6.cisco.com ([171.68.10.81]) by sj-iport-4.cisco.com with ESMTP; 17 Dec 2006 08:28:07 -0800 Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-6.cisco.com (8.12.11/8.12.11) with ESMTP id kBHGS797027153; Sun, 17 Dec 2006 08:28:07 -0800 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id kBHGS7A4001064; Sun, 17 Dec 2006 08:28:07 -0800 (PST) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 17 Dec 2006 08:28:07 -0800 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 17 Dec 2006 08:28:06 -0800 Message-ID: <45856FE6.6040901@cisco.com> Date: Sun, 17 Dec 2006 11:27:18 -0500 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: gnn@freebsd.org References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Dec 2006 16:28:06.0905 (UTC) FILETIME=[553D8690:01C721F8] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1050; t=1166372887; x=1167236887; c=relaxed/simple; s=sjdkim6002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20UDP=20lite=20for=20FreeBSD |Sender:=20; bh=4A2904xgnDL2QvDtwnn4c8UIzumUIK2YlnTvIY/ZbcY=; b=I9JtE2pdCGKgjrsel34JurU4FLg+d4sPmJFVwIWwsO8Xj0vMSUoZpdchcsLiXTDW/ssSkuka 5wgmd+LuFg7Ncz72IXm7EajGtT0QxfPNCxrG+47yRE4T+jXe/x6Z6hU4; Authentication-Results: sj-dkim-6; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim6002 verified; ); Cc: freebsd-net@freebsd.org, dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 16:28:45 -0000 gnn@freebsd.org wrote: > At Sat, 16 Dec 2006 20:52:10 +0800, > dave jones wrote: > >>Hi, >> >>Is anyone working on implementing UDP lite in FreeBSD? If not, >>I'd like to work on it. > > > Hi, > > Can you give us more context on this UDP lite thing? Is this an > RFC/IETF thing or??? > > Thanks, > George > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > George: It allows you to do a partial checksum on a udp packet.. the idea behind it is for when we have link layers that can delivered damaged packets we can then feed the packets to media players.. that can still use the data.. even though damaged.. I believe the there are a couple of codecs that are of this venue... at one time I even knew a name or two.. but that was a while ago :-) R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell) From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 17:17:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 43EE616A416; Sun, 17 Dec 2006 17:17:13 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66C8843CB3; Sun, 17 Dec 2006 17:17:11 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 64 [XX] (100%) BAYESIAN TRAINING: 100 Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 19073263; Sun, 17 Dec 2006 19:17:08 +0200 Message-ID: <45857B91.7070708@mavhome.dp.ua> Date: Sun, 17 Dec 2006 19:17:05 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: brian@Awfulhak.org, freebsd-net@freebsd.org, brian@freebsd.org References: <1166332985.00655942.1166322604@10.7.7.3> In-Reply-To: <1166332985.00655942.1166322604@10.7.7.3> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: ppp have bug in CCP negotiation? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 17:17:13 -0000 Alexander Motin wrote: > While debugging ccp support in mpd I have found strange behaviour in ppp > daemon. In rfc1962 written: > Configuration Options, in this protocol, indicate algorithms that the > receiver is willing or able to use to decompress data sent by the > sender. > > But when ppp negotiates different compression methods on different sides > it behaves strictly in opposite way. It uses for decompression method > which was requested in ConfigRequest by other side. Sorry. Looks like Windows works in the same way as ppp. Probably I have missunderstood something in that RFC. I will change mpd's behaviour alike ppp's. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 23:03:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1D5FB16A407 for ; Sun, 17 Dec 2006 23:03:07 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id E22F443CA8 for ; Sun, 17 Dec 2006 23:03:05 +0000 (GMT) (envelope-from ermal.luci@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so752104pyh for ; Sun, 17 Dec 2006 15:03:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=q/SZketeSq92M18uxtJQC2jhC0dcRIdZAbPXUDWpFkWPWuAchxNm8UoN+UDiJIeZzgZit2HekESQPaUt6NZhFZGCMqw/8jByCN6B2CTJSBBvVUjPMHcaaFA8xUAx+N3mdn7zkD9k/kIy2vLe6NQd4A/tGQF7okCxX2dfv7kh1u4= Received: by 10.35.45.1 with SMTP id x1mr6471472pyj.1166396585150; Sun, 17 Dec 2006 15:03:05 -0800 (PST) Received: by 10.35.126.2 with HTTP; Sun, 17 Dec 2006 15:03:05 -0800 (PST) Message-ID: <9a542da30612171503r2b032072j2acd1f48537081e1@mail.gmail.com> Date: Mon, 18 Dec 2006 00:03:05 +0100 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: freebsd-pf@freebsd.org Subject: PF - netgraph integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 23:03:07 -0000 Hello, i am writing a netgraph module to make PF communicate with netgraph subsystem and was wondering which method is better of handling PF tags on netgraph part, since they use strings for matching. Is it better patch ng_tag to handle strings too, like setting the type of hook to either PF tags compatible or normal(tag_id/current) one? Or just make an kinda aliasing of tag_id in ng_pf(the module i am writing) so when tags come from PF -> netgraph we assign a tag_id(consistent through netgraph) to the specified PF_tag, user configurable, and then revert to PF_tag when communicating from netgraph -> PF? Another issue is the way to handle rule parsing in PF when packets return from netgraph. Since PF cannot guarantee rule position/number to be the same after a reload of its ruleset. One i have thought about is use reinjecting the packet on the rules with one of M_PROTO[1-5] flags so we can distinguish if the packet have been sent once to netgraph(although i don't know if this is safe since other protocols/applications might use this flags)! Maybe intodruce a M_NETGRAPH_TO_PF flag like M_SKIP_FIREWALL, but i know this is not a preferable one since it inserts a special case to the kernel?! One forced solution is to create a 'static' anchor where rules about such packets can be created?! The last choice, maybe, is to pass the according rule to netgraph and refind it when sending the pakcket back to PF so it continues to the next rule, after the one we saved, but this seems really not efficent?! Please can you help out with these issues i am trying to find a good solution but ideas would be welcomed :). Thanks. From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 02:33:16 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BDD8C16A403; Mon, 18 Dec 2006 02:33:16 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7380243CA5; Mon, 18 Dec 2006 02:33:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.66.57.248] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis), id 0ML29c-1Gw87K2dBY-0007yM; Mon, 18 Dec 2006 03:20:38 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 18 Dec 2006 03:20:30 +0100 User-Agent: KMail/1.9.4 References: <9a542da30612171503r2b032072j2acd1f48537081e1@mail.gmail.com> In-Reply-To: <9a542da30612171503r2b032072j2acd1f48537081e1@mail.gmail.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1357570.rb6ijLCaO4"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200612180320.36956.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org, Ermal =?iso-8859-1?q?Lu=E7i?= Subject: Re: PF - netgraph integration X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 02:33:16 -0000 --nextPart1357570.rb6ijLCaO4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 18 December 2006 00:03, Ermal Lu=E7i wrote: > i am writing a netgraph module to make PF communicate with netgraph > subsystem and was wondering which method is better of handling PF tags > on netgraph part, since they use strings for matching. > > Is it better patch ng_tag to handle strings too, like setting the type > of hook to either PF tags compatible or normal(tag_id/current) one? > Or just make an kinda aliasing of tag_id in ng_pf(the module i am > writing) so when tags come from PF -> netgraph we assign a > tag_id(consistent through netgraph) to the specified PF_tag, user > configurable, and then revert to PF_tag when communicating from > netgraph -> PF? I think names are essential. pf_ioctl.c has all the tools to handle the=20 name -> u_int16_t translation and ref counting, so why not use that? > Another issue is the way to handle rule parsing in PF when packets > return from netgraph. Since PF cannot guarantee rule position/number > to be the same after a reload of its ruleset. There is a big conceptual difference between pf and ipfw in this respect. = =20 In my mind we only want to know that the packet has been through netgraph=20 and pass or deny it - we hardly want to re-evaluate the ruleset. I might=20 be missing a point here, however. > One i have thought about=20 > is use reinjecting the packet on the rules with one of M_PROTO[1-5] > flags so we can distinguish if the packet have been sent once to > netgraph(although i don't know if this is safe since other > protocols/applications might use this flags)! Maybe intodruce a > M_NETGRAPH_TO_PF flag like M_SKIP_FIREWALL, but i know this is not a > preferable one since it inserts a special case to the kernel?! > One forced solution is to create a 'static' anchor where rules about > such packets can be created?! > The last choice, maybe, is to pass the according rule to netgraph and > refind it when sending the pakcket back to PF so it continues to the > next rule, after the one we saved, but this seems really not > efficent?! This is tricky, as it taps into all kind of ref counting trouble. I think= =20 the easiest is to extend "struct pf_tag" (or what ever other m_tag we=20 will be using) to have an additional flags field which can be used to=20 carry the information that the packet has been through netgraph already. One other thing to think about is stateful filtering. I think it can be=20 interesting to pass all packets matchin a certain state to netgraph. In=20 addition you would want to be able to remove a state as netgraph=20 identifies a connection as bad (think bittorrent e.g.). Again the flag=20 field could be used to carry that kind of information. > Please can you help out with these issues i am trying to find a good > solution but ideas would be welcomed :). =46ind me off-list for more discussion, I'm very interested in this. I=20 might want to do one more vendor import before we put FreeBSD centric in,=20 but your work is almost completely orthogonal to this (% pfctl syntax,=20 maybe). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1357570.rb6ijLCaO4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFhfr0XyyEoT62BG0RAunpAJ0YbN4avMH/KLDNtHdt6p0ommyLmQCfR77v RjBlHJ9KH9sf+ohrcuqeyMA= =a+6l -----END PGP SIGNATURE----- --nextPart1357570.rb6ijLCaO4-- From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 05:11:11 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5B6D916A407 for ; Mon, 18 Dec 2006 05:11:11 +0000 (UTC) (envelope-from nbg@stttelkom.ac.id) Received: from smail.stttelkom.ac.id (smail.stttelkom.ac.id [222.124.20.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2471543C9F for ; Mon, 18 Dec 2006 05:11:09 +0000 (GMT) (envelope-from nbg@stttelkom.ac.id) Received: from smail.stttelkom.ac.id (localhost [127.0.0.1]) by smail.stttelkom.ac.id (8.13.6/8.13.3) with ESMTP id kBFAHunc039865 for ; Fri, 15 Dec 2006 17:17:56 +0700 (WIT) (envelope-from nbg@stttelkom.ac.id) From: Nyoman Bogi Aditya Karna Received: (from www@localhost) by smail.stttelkom.ac.id (8.13.6/8.13.3/Submit) id kBFAHtQx039864; Fri, 15 Dec 2006 17:17:55 +0700 (WIT) (envelope-from nbg@stttelkom.ac.id) Message-Id: <200612151017.kBFAHtQx039864@smail.stttelkom.ac.id> X-Authentication-Warning: smail.stttelkom.ac.id: www set sender to using -f To: "freebsd-net@freebsd.org" Date: Fri, 15 Dec 2006 17:17:55 WIT Errors-To: X-Priority: 3 (Normal) User-Agent: NOCC Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV 0.83/2335/Fri Dec 15 06:15:52 2006 on smail.stttelkom.ac.id X-Virus-Status: Clean Subject: maximum connections for mpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nbg@stttelkom.ac.id List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 05:11:11 -0000 our VPN server is using mpd3.18 + freebsd6.1 and currently we provide 250 VPN connections for our students and it works well. but when i try to make 500 connections the mpd failed to run. i suspect it was the freebsd that can not provide ng more than 250. is there anything i should do ? maybe tuning the freebsd ? thanks in advance ___________________________________ STT Telkom, http://www.stttelkom.ac.id From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 05:27:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B23DD16A407 for ; Mon, 18 Dec 2006 05:27:26 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu [140.142.33.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55E4343CA0 for ; Mon, 18 Dec 2006 05:27:26 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7]) by mxout2.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBI5RIgn026217 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sun, 17 Dec 2006 21:27:19 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBI5RGbt015229 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sun, 17 Dec 2006 21:27:18 -0800 Message-ID: <458626B2.9060501@u.washington.edu> Date: Sun, 17 Dec 2006 21:27:14 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.8 (X11/20061217) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <200612151017.kBFAHtQx039864@smail.stttelkom.ac.id> In-Reply-To: <200612151017.kBFAHtQx039864@smail.stttelkom.ac.id> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.12.17.211433 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: maximum connections for mpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 05:27:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nyoman Bogi Aditya Karna wrote: > our VPN server is using mpd3.18 + freebsd6.1 > and currently we provide 250 VPN connections > for our students and it works well. > > but when i try to make 500 connections > the mpd failed to run. > > i suspect it was the freebsd > that can not provide ng more than 250. > > is there anything i should do ? > maybe tuning the freebsd ? > > thanks in advance man tuning(7) and login.conf? limits may help in determining what the ceiling is for your clients in terms of resources. If you do run limits, try checking the user's UID that runs the daemon. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFhiayEnKyINQw/HARAl0/AKCFtS1vNAZ3NtbpUDDSq3lyBxRoNgCfQuwj NXPy2tCRyzgnohDc4H7NVrw= =ub9c -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 07:42:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0195E16A569 for ; Mon, 18 Dec 2006 07:42:47 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout1.yahoo.com (mrout1.yahoo.com [216.145.54.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1E2643CA2 for ; Mon, 18 Dec 2006 07:42:40 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout1.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id kBI7W6SH052120; Sun, 17 Dec 2006 23:32:06 -0800 (PST) Date: Mon, 18 Dec 2006 11:53:57 +0900 Message-ID: From: gnn@freebsd.org To: Randall Stewart In-Reply-To: <45856FE6.6040901@cisco.com> References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> <45856FE6.6040901@cisco.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@freebsd.org, dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 07:42:47 -0000 At Sun, 17 Dec 2006 11:27:18 -0500, randall wrote: > It allows you to do a partial checksum on a udp packet.. the idea > behind it is for when we have link layers that can delivered damaged > packets we can then feed the packets to media players.. that can > still use the data.. even though damaged.. I believe the there are a > couple of codecs that are of this venue... at one time I even knew a > name or two.. but that was a while ago :-) Ah, OK, makes sense. So, Dave, if you're up for working on it I can review patches against HEAD, as can others. I guess I need to add yet another RFC to my incredibly long reading list. Later, George From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 11:08:52 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7C37516A403 for ; Mon, 18 Dec 2006 11:08:52 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3514643CC6 for ; Mon, 18 Dec 2006 11:08:46 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBIB8YMO089983 for ; Mon, 18 Dec 2006 11:08:34 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBIB8XYn089979 for freebsd-net@FreeBSD.org; Mon, 18 Dec 2006 11:08:33 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Dec 2006 11:08:33 GMT Message-Id: <200612181108.kBIB8XYn089979@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 11:08:52 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/38554 net changing interface ipaddress doesn't seem to work s kern/39937 net ipstealth issue o kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/95665 net [if_tun] "ping: sendto: No buffer space available" wit o kern/106722 net [net] [patch] ifconfig may not connect an interface to 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/19875 net A new protocol family, PF_IPOPTION, to handle IP optio o conf/23063 net [PATCH] for static ARP tables in rc.network s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear f kern/95277 net [netinet] IP Encapsulation mask_match() returns wrong o kern/102035 net [plip] plip networking disables parallel port printing o conf/102502 net [patch] ifconfig name does't rename netgraph node in n 9 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 14:58:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8067816A40F for ; Mon, 18 Dec 2006 14:58:20 +0000 (UTC) (envelope-from tanniru.sankar@wipro.com) Received: from wip-ectls-mx1.wipro.com (wip-ectls-mx1.wipro.com [203.91.193.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78E1843CB3 for ; Mon, 18 Dec 2006 14:58:17 +0000 (GMT) (envelope-from tanniru.sankar@wipro.com) Received: from wip-ectls-mx1.wipro.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 6DF962200A1 for ; Mon, 18 Dec 2006 20:09:46 +0530 (IST) Received: from blr-ec-bh02.wipro.com (blr-ec-bh02.wipro.com [10.201.50.92]) by wip-ectls-mx1.wipro.com (Postfix) with ESMTP id 5E7DD22007B for ; Mon, 18 Dec 2006 20:09:46 +0530 (IST) Received: from blr-m3-msg.wipro.com ([10.114.50.99]) by blr-ec-bh02.wipro.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 18 Dec 2006 20:09:46 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 18 Dec 2006 20:05:53 +0530 Message-ID: <8B9F8433B684734581EB519F1A3E5AF436CC6A@blr-m3-msg.wipro.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ' bus_dmamap_load_mbuf_sg ( ) ' function usage problem Thread-Index: AccisdIoYDCSzTgZSPSV9RF83vRtGg== From: To: X-OriginalArrivalTime: 18 Dec 2006 14:39:46.0259 (UTC) FILETIME=[5CF76A30:01C722B2] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ' bus_dmamap_load_mbuf_sg ( ) ' function usage problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 14:58:20 -0000 Hi, =20 I am facing a problem on FreeBSD 7.0 during mapping using ' bus_dmamap_load_mbuf_sg ( ) ' function . Details are below. =20 It is AMD 64 bit machine. I have allocated jumbo buffer memory using ' m_getcl ' function. =20 mp =3D m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, MJUM9BYTES); =20 As it got success here, I am trying to map the buffer as below. =20 err =3D bus_dmamap_load_mbuf_sg(dma_tag_rx, map, mp, &seg, &cnt, BUS_DMA_NOWAIT); =20 Here it is getting error for the mbuf size equal to MJUM9BYTES. The type of error is ' EFBIG '. =20 I have create rx jumbo dma tag with attributes as following. =20 bus_dma_tag_create( NULL, /* Parent */ PAGE_SIZE, /* Alignment */ =20 0, /* Bounds */ BUS_SPACE_MAXADDR, /* Low Address */ =20 BUS_SPACE_MAXADDR, /* High Address */ =20 NULL, /* Filter Function */ NULL, /* Filter Function Arguments */ MJUM9BYTES, /* Maximum Size */ 1 , /* Number of Segments */ MJUM9BYTES, /* Maximum Segment Size */ BUS_DMA_ALLOCNOW, /* Flags */ NULL, /* Lock Function */ NULL, /* Lock Function Arguments */ dma_tag_rx) /* DMA Tag */ I have seen the myri10ge and mxge source code, they are allocating maximum buffer size as MJUMPAGESIZE. is it like this is the maximum size we can dmamap?? =20 could anyone help me on this. =20 =20 Thanks, Sankar. =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 Siva Sankar . T Project Engineer Wipro Technologies No.53/1 Hosur Road,=20 Madivala, Bangalore- 560 068. India Tel:+91-80-25502001 Extn.5056=20 Mobile:9886894429=20 tanniru.sankar@wipro.com www.wipro.com =20 The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.=20 WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email. =20 www.wipro.com From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 21:11:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8B52316A403 for ; Mon, 18 Dec 2006 21:11:52 +0000 (UTC) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (gate.funkthat.com [69.17.45.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52E0143CA3 for ; Mon, 18 Dec 2006 21:11:51 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (uzfgi6uufgz8n3ue@localhost.funkthat.com [127.0.0.1]) by hydrogen.funkthat.com (8.13.6/8.13.3) with ESMTP id kBIKmuZr037222; Mon, 18 Dec 2006 12:48:56 -0800 (PST) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.13.6/8.13.3/Submit) id kBIKmuS5037221; Mon, 18 Dec 2006 12:48:56 -0800 (PST) (envelope-from jmg) Date: Mon, 18 Dec 2006 12:48:56 -0800 From: John-Mark Gurney To: tanniru.sankar@wipro.com Message-ID: <20061218204856.GC1350@funkthat.com> Mail-Followup-To: tanniru.sankar@wipro.com, freebsd-net@freebsd.org References: <8B9F8433B684734581EB519F1A3E5AF436CC6A@blr-m3-msg.wipro.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8B9F8433B684734581EB519F1A3E5AF436CC6A@blr-m3-msg.wipro.com> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE-p6 i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html Cc: freebsd-net@freebsd.org Subject: Re: ' bus_dmamap_load_mbuf_sg ( ) ' function usage problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John-Mark Gurney List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 21:11:52 -0000 tanniru.sankar@wipro.com wrote this message on Mon, Dec 18, 2006 at 20:05 +0530: > I am facing a problem on FreeBSD 7.0 during mapping using ' > bus_dmamap_load_mbuf_sg ( ) ' function . > Details are below. > > It is AMD 64 bit machine. I have allocated jumbo buffer memory using > ' m_getcl ' function. > > mp = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, MJUM9BYTES); > > As it got success here, I am trying to map the buffer as below. > > err = bus_dmamap_load_mbuf_sg(dma_tag_rx, map, mp, &seg, &cnt, > BUS_DMA_NOWAIT); > > Here it is getting error for the mbuf size equal to MJUM9BYTES. > The type of error is ' EFBIG '. > > I have create rx jumbo dma tag with attributes as following. [...] > MJUM9BYTES, /* Maximum Size */ > > 1 , /* Number of Segments */ > > MJUM9BYTES, /* Maximum Segment Size */ This is probably the problem... Most likely the buffer is non-contiguous in memory, and needs 3 segments to satisfy the mapping... Try increasing the number of segments and see what happens... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@FreeBSD.ORG Tue Dec 19 02:12:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B499216A407 for ; Tue, 19 Dec 2006 02:12:27 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DFF143C9F for ; Tue, 19 Dec 2006 02:12:27 +0000 (GMT) (envelope-from bms@FreeBSD.org) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id C481D550B8; Mon, 18 Dec 2006 20:52:55 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by out1.internal (MEProxy); Mon, 18 Dec 2006 20:52:55 -0500 X-Sasl-enc: M2lqgRzFnrHj+cNpfxMBH9bMnzos6AgN7Awnf+634zBf 1166493175 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 9EEF72360C; Mon, 18 Dec 2006 20:52:54 -0500 (EST) Message-ID: <458745F8.4090707@FreeBSD.org> Date: Tue, 19 Dec 2006 01:52:56 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 1.5.0.5 (X11/20060825) MIME-Version: 1.0 To: dave jones References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> In-Reply-To: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 02:12:27 -0000 dave jones wrote: > Hi, > > Is anyone working on implementing UDP lite in FreeBSD? If not, > I'd like to work on it. Nope. I just skimmed the RFC and it sounds like a bit of a hack, though I am sure it can be done cleanly in the source tree without unnecessary code duplication or interference at the user-kernel boundary. I look forward to seeing patches for this. It would be interesting to see if hardware checksum offloading can be taught to do it, cleanly, though I imagine that is something much further down the line. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Tue Dec 19 09:27:45 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1E7F816A403 for ; Tue, 19 Dec 2006 09:27:45 +0000 (UTC) (envelope-from mav@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECCC043CAC for ; Tue, 19 Dec 2006 09:27:41 +0000 (GMT) (envelope-from mav@alkar.net) Received: from [212.86.226.11] (account mav@alkar.net [212.86.226.11] verified) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 19124164; Tue, 19 Dec 2006 10:27:12 +0200 Message-ID: <4587A25F.2040408@alkar.net> Date: Tue, 19 Dec 2006 10:27:11 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8b) Gecko/20051108 MIME-Version: 1.0 To: nbg@stttelkom.ac.id References: <1166430186.00656388.1166419203@10.7.7.3> In-Reply-To: <1166430186.00656388.1166419203@10.7.7.3> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" Subject: Re: maximum connections for mpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 09:27:45 -0000 Hi. Nyoman Bogi Aditya Karna wrote: > our VPN server is using mpd3.18 + freebsd6.1 > and currently we provide 250 VPN connections > for our students and it works well. > > but when i try to make 500 connections > the mpd failed to run. > > i suspect it was the freebsd > that can not provide ng more than 250. > > is there anything i should do ? > maybe tuning the freebsd ? mpd3 uses about 10 file descriptors per bundle. So you should increase file limit via sysctl. Another problem is dependence of mpd and libradius on select() call which will require increase of FD_SETSIZE constant in mpd/system and rebuilding mpd and libradius. But if you whish to reach 1-2K bundles and more, you may need mpd4. There are lot of changes done to remove that kind of limitations in mpd4.0b5. So if you don't use MSCHAP auth (which was broken in mpd4.0b5 and fixed later) I propose you to try mpd4. Or you can try latest CVS version from sourceforge.net which is stable enough for now and moving to release. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Tue Dec 19 14:42:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 08ECA16A407; Tue, 19 Dec 2006 14:42:06 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BB5E43C9F; Tue, 19 Dec 2006 14:38:53 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 19 Dec 2006 05:26:49 -0800 X-IronPort-AV: i="4.12,187,1165219200"; d="scan'208"; a="352762672:sNHT46126388" Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id kBJDQn3D020028; Tue, 19 Dec 2006 05:26:49 -0800 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id kBJDQnZg010496; Tue, 19 Dec 2006 05:26:49 -0800 (PST) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Dec 2006 05:26:49 -0800 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Dec 2006 05:26:49 -0800 Message-ID: <4587E869.90108@cisco.com> Date: Tue, 19 Dec 2006 08:26:01 -0500 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Bruce M. Simpson" References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> <458745F8.4090707@FreeBSD.org> In-Reply-To: <458745F8.4090707@FreeBSD.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 Dec 2006 13:26:49.0136 (UTC) FILETIME=[56693300:01C72371] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1785; t=1166534809; x=1167398809; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20UDP=20lite=20for=20FreeBSD |Sender:=20; bh=dw9wbid97Sp65zOFUxlAm1JU5BW1i4VfQBrZgg0tZGI=; b=gMs6htZU6VS6gNQ6s+P6e/8OCCKcxlQSdLzbjGN6EwdLNRiNaiACP1FACrrO0MpvjGhFslp3 WLvi0XNoFIfi5M2zCVzRxC0PZzGON79L4PPLoPbJLmBFlmdSh1BB9qgB; Authentication-Results: sj-dkim-3; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim3002 verified; ); Cc: freebsd-net@freebsd.org, dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 14:42:06 -0000 Bruce M. Simpson wrote: > dave jones wrote: > >> Hi, >> >> Is anyone working on implementing UDP lite in FreeBSD? If not, >> I'd like to work on it. > > Nope. I just skimmed the RFC and it sounds like a bit of a hack, though > I am sure it can be done cleanly in the source tree without unnecessary > code duplication or interference at the user-kernel boundary. > > I look forward to seeing patches for this. It would be interesting to > see if hardware checksum offloading can be taught to do it, cleanly, > though I imagine that is something much further down the line. > > Regards, > BMS > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Bruce: I have always thought of it as a bit of a hack as well... and there is one really big problem with it.. It has no value unless you can tell your network-interface card to deliver damaged packets. I don't know if some cards have this option now or not.. nor if an API in any driver exists for it... without this you will find very very few packets that are "damaged" that do get through.. since generally the link layer checksum is a MUCH better CRC vs the very weak IP/UDP checksum :-0 If you get the driver mods.. then codecs like (... if my grey cells remember right..) AMR will be able to use the information.. of course that assumes you have something that can do the AMR codec... not sure what media uses this :-) There may be other codecs as well now too... I don't keep up with that side of the IETF :-) R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell) From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 02:31:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8EF9816A492; Wed, 20 Dec 2006 02:31:24 +0000 (UTC) (envelope-from beastie@mra.co.id) Received: from mx3.mra.co.id (fw.mra.co.id [202.57.14.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEBEE43CA0; Wed, 20 Dec 2006 02:31:20 +0000 (GMT) (envelope-from beastie@mra.co.id) Received: from localhost (localhost.mra.co.id [127.0.0.1]) by mx3.mra.co.id (Postfix) with ESMTP id 127E930FE0; Wed, 20 Dec 2006 08:51:19 +0700 (WIT) Received: from mx3.mra.co.id ([127.0.0.1]) by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86639-05; Wed, 20 Dec 2006 08:51:18 +0700 (WIT) Received: from mail.mra.co.id (unknown [172.16.0.224]) by mx3.mra.co.id (Postfix) with ESMTP id D42F230F97; Wed, 20 Dec 2006 08:51:18 +0700 (WIT) Received: from intranet.mra.co.id (unknown [172.16.0.223]) by mail.mra.co.id (Postfix) with ESMTP id 44D906604531; Wed, 20 Dec 2006 09:11:44 +0700 (WIT) Message-ID: <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> Date: Wed, 20 Dec 2006 09:26:55 +0700 (WIT) From: Beastie MRA To: freebsd-questions@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (normal) X-Mailer: OPEN-XCHANGE 0.8.0-6 - WebMail X-Operating-System: FreeBSD 6.0-RELEASE i386 (JVM 1.4.2-p8) Organization: MRAGroup X-Virus-Scanned: by amavisd-new at mra.co.id Cc: Subject: undeliverable mail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 02:31:24 -0000 Dear All. For past few days, my MX receive thousand of undeliverable message destinated for my non existent user at my domain. This message source come from valid and well configured (almost) smtp server on internet. I'ts waste my internet b/w, cause my MX will reject with non existent user message. I'll try spamd on my firewall and greylist on my MX (postfix), but still no effective, and i cannot block undeliverable message as RFC rules Is there any way i can fix this ? Please help regards Reza From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 04:05:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CBE4E16A415; Wed, 20 Dec 2006 04:05:13 +0000 (UTC) (envelope-from beastie@mra.co.id) Received: from mx3.mra.co.id (fw.mra.co.id [202.57.14.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67FAA43CA0; Wed, 20 Dec 2006 04:05:12 +0000 (GMT) (envelope-from beastie@mra.co.id) Received: from localhost (localhost.mra.co.id [127.0.0.1]) by mx3.mra.co.id (Postfix) with ESMTP id 639AA31320; Wed, 20 Dec 2006 10:50:44 +0700 (WIT) Received: from mx3.mra.co.id ([127.0.0.1]) by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88370-10; Wed, 20 Dec 2006 10:50:44 +0700 (WIT) Received: from mail.mra.co.id (unknown [172.16.0.224]) by mx3.mra.co.id (Postfix) with ESMTP id F08243131F; Wed, 20 Dec 2006 10:50:43 +0700 (WIT) Received: from intranet.mra.co.id (unknown [172.16.0.223]) by mail.mra.co.id (Postfix) with ESMTP id 0CDA965F151E; Wed, 20 Dec 2006 11:11:10 +0700 (WIT) Message-ID: <32799464.1431166588781257.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> Date: Wed, 20 Dec 2006 11:26:21 +0700 (WIT) From: Beastie MRA To: bv@wjv.com In-Reply-To: <20061220033159.GA70898@wjv.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Priority: 3 (normal) X-Mailer: OPEN-XCHANGE 0.8.0-6 - WebMail X-Operating-System: FreeBSD 6.0-RELEASE i386 (JVM 1.4.2-p8) Organization: MRAGroup References: <26578114.1081166581615460.OPEN-XCHANGE.WebMail.www@intranet.mra.co.id> <20061220033159.GA70898@wjv.com> X-Virus-Scanned: by amavisd-new at mra.co.id Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: undeliverable mail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 04:05:13 -0000 On Dec 20, 2006 10:31 AM, Bill Vermillion wrote: >It's Wed, Dec 20, 2006 at 09:26 . I'm in a small dim room with >doors labeled "Dungeon" and "Forbidden". There is noise, the door >marked Dungeon flies open and Beastie MRA SHOUTS: > >>Dear All. >> >>For past few days, my MX receive thousand of undeliverable message >>destinated for my non existent user at my domain. >>This message source come from valid and well configured (almost) smtp >>server on internet. >>I'ts waste my internet b/w, cause my MX will reject with non existent >>user message. >>I'll try spamd on my firewall and greylist on my MX (postfix), but >>still >>no effective, and i cannot block undeliverable >>message as RFC rules >> >>Is there any way i can fix this ? >>Please help > >I use the virtusertable in sendmail, and I have my valid addresses, >such as bv@wjv.com bv and then for after that is >a line of @wjv.com nouser. > >And nouser is defined in aliases as nouser: /dev/null > >On one of the mail servers I maintain I just checked and I >had 260,000+ messages routed to "*file*" in the maillog - which >shows up as mailer=3D*file* in the logs. That maillog rotates >every night at midnight. > >Is not really a freebsd-net problem so I removed that from the >reply to line. > >Bill > >-- >Bill Vermillion - bv @ wjv . com Thanks=C2=A0 for response... but this virtusertable will not stop SMTP server in internet to keep send you undeliverable message. I assume someone doing nasty with forged and use my domain email to send his spam message to non existing user. and i got undeliverable message. Is there any clue ?? Oh.. i forget to mention i use 4.11-STABLE for my MX regards Reza From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 08:11:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F0E7A16A403 for ; Wed, 20 Dec 2006 08:11:17 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr2.aha.ru (fr2.aha.ru [62.113.100.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id B378C43CB6 for ; Wed, 20 Dec 2006 08:11:14 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by fly.zenon.net (Postfix) with ESMTP id 0D5DA5BF9 for ; Wed, 20 Dec 2006 10:12:34 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 369975080 for freebsd-net@freebsd.org; Wed, 20 Dec 2006 10:12:33 +0300 Date: Wed, 20 Dec 2006 10:14:24 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <884597862.20061220101424@sovetnik.org> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 08:11:18 -0000 Hello, freebsd-net. I'm going to build some mail system, so I need some advice. There is a network with a 'MS Exchange' as a mail server and 'someintdomain' as an internal mail domain. I also have an internet domain, for example 'mydomain.com'. There is a freebsd box as a gateway for my network, and 'MX' record of 'mydomain.com' will point on it's address. What I need: - when someone sends mail from internet to 'vasya@mydomain.com', my gw replaces vasya@mydomain.com with 'vasya@someintdomain' and sends it to Exchange server - when someone from my internal network (vasya@myintdomain) sends mail to some internet mail address (ie sends it to ms exchange server and exchange sends it to gw), my gw replaces 'From:' and 'Reply-to:' fields vasya@someintdomain -> vasya@mydomain.com Is that real? How can I realise this system? Or, maybe, there is some other way to get the result I need? PS: 'Exchange' server has 'grey' address (192.168.0.0/16) and I don't want allow him connect to the internet directly. PPS: Sorry, if this question is not suitable for this maillist, so advise me please where to ask. -- Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 08:53:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 190F316A407 for ; Wed, 20 Dec 2006 08:53:35 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr2.aha.ru (fr2.aha.ru [62.113.100.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id D453D43CB4 for ; Wed, 20 Dec 2006 08:53:27 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by fly.zenon.net (Postfix) with ESMTP id 667D5AE94; Wed, 20 Dec 2006 11:53:22 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 370256749; Wed, 20 Dec 2006 11:53:20 +0300 Date: Wed, 20 Dec 2006 11:55:31 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <45782659.20061220115531@sovetnik.org> To: "Andrew Pantyukhin" In-Reply-To: References: <884597862.20061220101424@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re[2]: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 08:53:35 -0000 Hello, Andrew. 20 =D0=B4=D0=B5=D0=BA=D0=B0=D0=B1=D1=80=D1=8F 2006 =D0=B3., 11:46:30 you wr= ote: > A couple of pointers: > 1) You are right in not wanting to directly connect a > 192.168.x.x address to the internet, your ISP > wouldn't appreciate that ;) Em.. Sorry, I dont' understand you. > 2) Spamwise, the gw mx should be able to tell a valid > (internal) address from an invalid one. There are > different approaches, from importing aliases db > from Exchange at regular intervals to verifying > addresses over SMTP and what not. gw, exchange and users are in one subnet. So.. gw will see both forward and reverse records. --=20 Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 09:04:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E5C816A416 for ; Wed, 20 Dec 2006 09:04:03 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9791D43CA5 for ; Wed, 20 Dec 2006 09:03:20 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1859772uge for ; Wed, 20 Dec 2006 01:03:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=HnRjh1IEH9F/shdZSXAAkhWer2oqeLWr06SGgem6LuJiu5Vm0AQrQxWMp7jRTdSrm0kvEyOko+9QNezFU7fa903ItB9KmXsHh69HBhD6a8jLM/wBrz+KW/8G67IUy4QKlvNAok9LMX9tcH/uguldx5uyqG6umEsS7TS87P1nB/U= Received: by 10.78.157.8 with SMTP id f8mr4536239hue.1166605392174; Wed, 20 Dec 2006 01:03:12 -0800 (PST) Received: by 10.78.167.16 with HTTP; Wed, 20 Dec 2006 01:03:12 -0800 (PST) Message-ID: Date: Wed, 20 Dec 2006 12:03:12 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: Alexei In-Reply-To: <45782659.20061220115531@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 Content-Disposition: inline References: <884597862.20061220101424@sovetnik.org> <45782659.20061220115531@sovetnik.org> X-Google-Sender-Auth: 2a9018facf6038ae Cc: freebsd-net@freebsd.org Subject: Re: Re[2]: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 09:04:03 -0000 T24gMTIvMjAvMDYsIEFsZXhlaSA8cm9vdEBzb3ZldG5pay5vcmc+IHdyb3RlOgo+IEhlbGxvLCBB bmRyZXcuCgrQnNC+0LbQvdC+INC/0L7QuNC90YLQtdGA0LXRgdC+0LLQsNGC0YzRgdGPLCDQsiDR h9GR0Lwg0LrQsNC50YQg0L/QuNGB0LDRgtGMINCyINC90LXQt9C90LDQutC+0LzRi9C5CtC70LjR gdGCINC90LAg0L3QtdGA0L7QtNC90L7QvCDRj9C30YvQutC1LCDQutC+0LPQtNCwINCy0YHRkSDQ v9C+0LQg0YDRg9C60L7QuSDQuCDQtNC+0YHRgtGD0L/QvdC+PwoK0JzQuNC70L7RgdGC0Lgg0L/R gNC+0YHQuNC8OgoKaHR0cDovL3Bvc3RmaXgucnUvCmh0dHA6Ly93d3cuZWxhbnRlY2gucnUvZG9j cy9wb3N0Zml4LWRvY3MtcnUvCgrQrdGC0L4g0L/RgNC+IFBvc3RmaXgsINC60L7RgtC+0YDRi9C5 INGPINCy0LDQvCDQuNGB0LrRgNC10L3QvdC1INGB0L7QstC10YLRg9GOLCDQvdC+INC/0L4K0LTR gNGD0LPQuNC8INGB0LXRgNCy0LXRgNCw0Lwg0YLQvtC20LUg0LTQvtGB0YLQsNGC0L7Rh9C90L4g 0YDRg9GB0YHQutC+0Y/Qt9GL0YfQvdGL0YUg0YDQtdGB0YPRgNGB0L7Qsi4KCtCj0LTQsNGH0Lgh Cg== From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 09:13:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B19AA16A412 for ; Wed, 20 Dec 2006 09:13:35 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B57743CD2 for ; Wed, 20 Dec 2006 09:12:57 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so2422676nfc for ; Wed, 20 Dec 2006 01:12:56 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Yt43lzmn8G+QNi6i31KzN6b/HLjHXxB3I4KAJSbiIu9YoDAUOCzYbOXLkWeEaiKjLq/TIF0rlMLCS3SK+UVXDfthVg4STcvXpshDMji7Q6KktW8cLX0rwHjCCuzBMODf60DpYBe972n8daNFt4I0Qcj3egyML+zX4T/rkv4e0oQ= Received: by 10.78.205.7 with SMTP id c7mr4874103hug.1166604390382; Wed, 20 Dec 2006 00:46:30 -0800 (PST) Received: by 10.78.167.16 with HTTP; Wed, 20 Dec 2006 00:46:30 -0800 (PST) Message-ID: Date: Wed, 20 Dec 2006 11:46:30 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: Alexei In-Reply-To: <884597862.20061220101424@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <884597862.20061220101424@sovetnik.org> X-Google-Sender-Auth: 56b442b2d2ee94b8 Cc: freebsd-net@freebsd.org Subject: Re: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 09:13:35 -0000 On 12/20/06, Alexei wrote: > Hello, freebsd-net. > > I'm going to build some mail system, so I need some advice. > There is a network with a 'MS Exchange' as a mail server and > 'someintdomain' as an internal mail domain. I also have an internet > domain, for example 'mydomain.com'. There is a freebsd box as a > gateway for my network, and 'MX' record of 'mydomain.com' will point > on it's address. > What I need: > > - when someone sends mail from internet to 'vasya@mydomain.com', my gw > replaces vasya@mydomain.com with 'vasya@someintdomain' and sends it to > Exchange server > - when someone from my internal network (vasya@myintdomain) sends mail > to some internet mail address (ie sends it to ms exchange server and > exchange sends it to gw), my gw replaces 'From:' and 'Reply-to:' > fields vasya@someintdomain -> vasya@mydomain.com > > Is that real? How can I realise this system? Or, maybe, there is some > other way to get the result I need? > > PS: 'Exchange' server has 'grey' address (192.168.0.0/16) and I don't > want allow him connect to the internet directly. > PPS: Sorry, if this question is not suitable for this maillist, so > advise me please where to ask. I would redirect you to another place but most of what you want is discussed in almost any mailserver's manual, even that of Exchange, I'm sure. A couple of pointers: 1) You are right in not wanting to directly connect a 192.168.x.x address to the internet, your ISP wouldn't appreciate that ;) 2) Spamwise, the gw mx should be able to tell a valid (internal) address from an invalid one. There are different approaches, from importing aliases db from Exchange at regular intervals to verifying addresses over SMTP and what not. Good luck! From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 09:33:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 12A8A16A416; Wed, 20 Dec 2006 09:33:27 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 793A843CA7; Wed, 20 Dec 2006 09:33:26 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28]) by postfix1-g20.free.fr (Postfix) with ESMTP id D1F3E5EBAAF; Wed, 20 Dec 2006 09:44:20 +0100 (CET) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp2-g19.free.fr (Postfix) with ESMTP id C20287D09; Wed, 20 Dec 2006 09:44:18 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id C7B579B847; Wed, 20 Dec 2006 08:45:15 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id B996A405B; Wed, 20 Dec 2006 09:45:15 +0100 (CET) Date: Wed, 20 Dec 2006 09:45:15 +0100 From: Jeremie Le Hen To: Andre Oppermann Message-ID: <20061220084515.GK48407@obiwan.tataz.chchile.org> References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <458142DB.8000002@freebsd.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-net@freebsd.org, Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 09:33:27 -0000 Hi Andre, Thank you for your work, it looks very exciting ! On Thu, Dec 14, 2006 at 01:26:03PM +0100, Andre Oppermann wrote: > The > automatic send buffer is not perfect either and has some cases where > it may allocate too much resources of the host to a particular connection. > OTOH it does much better than the small fixed sized buffer we had before. This makes me think it makes easier the way to a DoS. A malicious user with a big pipe may open several TCP connections and then manage each send buffer to reach the maximum size (which is eight time bigger the classical one by default). This would mean it is eight time easier to exhaust kernel memory. In this case, how one could prevent his box from being a potential victim of this ? Thank you. Best regards -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 13:54:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EC7C216A40F; Wed, 20 Dec 2006 13:54:14 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7D1643CA7; Wed, 20 Dec 2006 13:54:01 +0000 (GMT) (envelope-from remko@elvandar.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 52D8B92FE2B; Wed, 20 Dec 2006 14:27:49 +0100 (CET) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 86317-10; Wed, 20 Dec 2006 14:27:42 +0100 (CET) Received: from redqueen.evilcoder-services.org (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 699C792FDD3; Wed, 20 Dec 2006 14:27:42 +0100 (CET) Received: by redqueen.evilcoder-services.org (Postfix, from userid 1001) id 56F2A6597; Wed, 20 Dec 2006 14:27:42 +0100 (CET) Date: Wed, 20 Dec 2006 14:27:42 +0100 From: Remko Lodder To: Andrew Pantyukhin Message-ID: <20061220132742.GD70888@elvandar.org> References: <884597862.20061220101424@sovetnik.org> <45782659.20061220115531@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) X-Virus-Scanned: Maia Mailguard 1.0.1 at elvandar.org Cc: freebsd-net@freebsd.org, Alexei Subject: Re: Re[2]: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 13:54:15 -0000 On Wed, Dec 20, 2006 at 12:03:12PM +0300, Andrew Pantyukhin wrote: > On 12/20/06, Alexei wrote: > >Hello, Andrew. > > ?????????? ????????????????????????????????, ?? ?????? ???????? > ???????????? ?? ???????????????????? > ???????? ???? ???????????????? ??????????, ?????????? ?????? ?????? > ?????????? ?? ????????????????? > > ?????????????? ????????????: > > http://postfix.ru/ > http://www.elantech.ru/docs/postfix-docs-ru/ > > ?????? ?????? Postfix, ?????????????? ?? ?????? ???????????????? > ??????????????, ???? ???? > ???????????? ???????????????? ???????? ???????????????????? > ?????????????????????????? ????????????????. > > ??????????! Great obfuscation, can we keep this in understandable English please so that users who have a similiar question can read this and/or find it via the internet? Thanks -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 14:14:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DA0E416A403 for ; Wed, 20 Dec 2006 14:14:23 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C88043CB5 for ; Wed, 20 Dec 2006 14:13:36 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1939786uge for ; Wed, 20 Dec 2006 06:13:35 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=dYzGl6cQHcpUZVg9Q9/ls6XCXX0Ro+PmB0CtXnjdvEgux7MAuX20f5CmLTOOtj2Hd0V5rZoa1KbrfKFaUZzYOg8rWAo8GO1pIAM47Qncp1m8sJe0ug4YgYtam9rrlIwGOeyN0ilF4lJ+GgvF9GWQ5SoZFtJNWZacHv9hI9Auk/U= Received: by 10.78.150.7 with SMTP id x7mr4792105hud.1166624014903; Wed, 20 Dec 2006 06:13:34 -0800 (PST) Received: by 10.78.167.16 with HTTP; Wed, 20 Dec 2006 06:13:34 -0800 (PST) Message-ID: Date: Wed, 20 Dec 2006 17:13:34 +0300 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Remko Lodder" In-Reply-To: <20061220132742.GD70888@elvandar.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <884597862.20061220101424@sovetnik.org> <45782659.20061220115531@sovetnik.org> <20061220132742.GD70888@elvandar.org> X-Google-Sender-Auth: b30c6d99bf5bdd1a Cc: freebsd-net@freebsd.org, Alexei Subject: Re: Re[2]: border mx X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 14:14:23 -0000 On 12/20/06, Remko Lodder wrote: > On Wed, Dec 20, 2006 at 12:03:12PM +0300, Andrew Pantyukhin wrote: > > On 12/20/06, Alexei wrote: > > >Hello, Andrew. > > > > ?????????? ????????????????????????????????, ?? ?????? ???????? > > ???????????? ?? ???????????????????? > > ???????? ???? ???????????????? ??????????, ?????????? ?????? ?????? > > ?????????? ?? ????????????????? > > > > ?????????????? ????????????: > > > > http://postfix.ru/ > > http://www.elantech.ru/docs/postfix-docs-ru/ > > > > ?????? ?????? Postfix, ?????????????? ?? ?????? ???????????????? > > ??????????????, ???? ???? > > ???????????? ???????????????? ???????? ???????????????????? > > ?????????????????????????? ????????????????. > > > > ??????????! > > Great obfuscation, can we keep this in understandable > English please so that users who have a similar question > can read this and/or find it via the internet? It looks all right in the archives: http://lists.freebsd.org/pipermail/freebsd-net/2006-December/012769.html The message pointed to helpful Russian-language sites, it probably shouldn't have been cc'ed to the list in the first place, sorry about that. Then again, people looking for those sites will find the links here, though any search engine knows about them and net@freebsd.org is not the best place to look for mail server docs :-) From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 15:53:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9EA9016A412 for ; Wed, 20 Dec 2006 15:53:10 +0000 (UTC) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp.sircon.net [85.19.149.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id A18CD43CA4 for ; Wed, 20 Dec 2006 15:52:40 +0000 (GMT) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp [85.19.149.103]) by smtp.sircon.net (8.13.4/8.13.4) with ESMTP id kBKFXEIj091820; Wed, 20 Dec 2006 16:33:14 +0100 (CET) (envelope-from hg@sircon.no) Received: (from root@localhost) by smtp.sircon.net (8.13.4/8.13.4/Submit) id kBKFXER6091819; Wed, 20 Dec 2006 16:33:14 +0100 (CET) (envelope-from hg@sircon.no) Received: from [85.19.149.202] by smtp.sircon.net ESMTP MEsmtpd (v1.04 [2004-11-17] on FreeBSD i386) (c) Martin Edenhofer; Wed Dec 20 16:33:14 2006 X-MEsmtpd-Page: http://martin.edenhofer.de/Projects X-MEsmtpd-Sender: sircon.no/sircon.no on 85.19.149.202 X-MEsmtpd-Abuse: Report spam/abuse to abuse@sircon.no Message-ID: <45895761.9080207@sircon.no> Date: Wed, 20 Dec 2006 16:31:45 +0100 From: =?ISO-8859-1?Q?H=E5kon_Granlund?= User-Agent: Thunderbird 1.5.0.8 (X11/20061212) MIME-Version: 1.0 To: Josh Paetzel References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <20061215022532.GJ1038@gremlin.foo.is> <200612150927.43706.josh@tcbug.org> In-Reply-To: <200612150927.43706.josh@tcbug.org> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Mesmtpd-Mailerfrom: =?ISO-8859-1?Q?H=E5kon_Granlund?= Cc: freebsd-net@freebsd.org, Benjamin Adams Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 15:53:10 -0000 Josh Paetzel wrote: > On Thursday 14 December 2006 20:25, Baldur Gislason wrote: >> Most of the torrent clients do encrypted sessions nowadays so they >> really are impossible to detect by simply parsing the packets. >> >> Baldur >> >> On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote: >>> I'm not familiar with bittorrent protocol but I guess you can >>> always implement simple L7 filter using ipfw rules to divert >>> packets to a custom daemon that can parse the data and drop >>> torrent packets. I did something similar for ICQ several years >>> ago. >>> >>> On 12/14/06, Julian H. Stacey wrote: >>>>> Thus you'd still achieve your ideal of >>>>> avoiding spending money rather than your time on it :-) >>>> Sorry, I wrote that wrongly, I meant: >>>> Thus you'd still spend money & still save spending your own >>>> work time on it. >>>> >>>> -- > > Probably the simplest pain free solution I can think of is to get a > linksys WRT54G-L and flash it with DD-WRT firmware. Comes with a > nifty drop-down menu in the access control page that allows you to > block things by service. Not entirely sure *how* it works, but it > seems to be very effective at blocking at the application > layer....including bt and even skype. I don't know about you, but I would think the easiest way to attack this problem is banning the trackers from your network. Either just DROP them or reroute to your own tracker which spits out the error message "TORRENT IS BAD". You should, of course let useful (and legal) trackers that host ISOs of *NIX distributions pass :-) You could either block the trackers one by one as they pop up on your network, or find a list of them online. This would make your lusers cry in frustration since they can't connect to the trackers. I don't know about trackerless torrents, but anyone using a public tracker wouldn't be able to connect to them, not being unable to establish thousands of connections to peers (connections are high digestive on physical resources). Hope this gives you a backup plan in case you don't find what you're looking for in filtering out the p2p connections. -- Håkon Granlund From owner-freebsd-net@FreeBSD.ORG Thu Dec 21 11:30:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6C77416AB81 for ; Thu, 21 Dec 2006 11:30:01 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout3.cac.washington.edu (mxout3.cac.washington.edu [140.142.32.166]) by mx1.freebsd.org (Postfix) with ESMTP id 3362B13C493 for ; Thu, 21 Dec 2006 11:30:01 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7]) by mxout3.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBL7oAPQ006283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 20 Dec 2006 23:50:11 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBL7oA2P015293 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 20 Dec 2006 23:50:10 -0800 Message-ID: <458A3CB2.6010500@u.washington.edu> Date: Wed, 20 Dec 2006 23:50:10 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.8 (X11/20061220) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.12.20.232933 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Non-accessible NFS share via SMB and NFS lag X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 11:30:01 -0000 Hello, I am having an issue with NFS and SMB on two FreeBSD machines. The particularly strange thing is that this problem didn't occur when I ran Gentoo Linux on PC_2. Setup: 1. PC_1 and PC_2 share with each other via NFS. 2. Both PCs run patched versions of FreeBSD 6.1 RELEASE (see below). 3. PC_1 runs samba and shares NFS shared directories from PC_2 to LAN. 4. PC_1 runs a neutered firewall (basically accepting traffic on all ports, because RPC ports at service start are randomized by rpcbind) with ipf, and PC_2 doesn't have a firewall configured. Problems/Condition: 1. NFS works perfectly fine from PC_1 when transferring _to_ PC_2; in fact it works excellently when transferring files to PC_2. 2. NFS on PC_1 lags under heavy load when transferring large amounts of data from PC_2 to PC_1, but not with other NFS clients. An OSX machine that uses NFS to transfer data to PC_1 works really well in fact. 3. When clients attempt to access and cache data from PC_1's directories, it works near instantaneously. However, when caching data from PC_2's NFS exported directories, the client locks the file but times out when caching large amounts of data. Windows loads up thumbnails, but hangs when opening the file. Machines running smbclient start caching the file but then fail to load the file. The file remains locked until smbd is restarted. TIA! -Garrett PC_1's information: uname: FreeBSD hoover.localdomain 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #17: Tue Dec 19 23:00:01 PST 2006 gcooper@hoover.localdomain:/usr/obj/usr/src/sys/HOOVER i386 /etc/rc.conf (snippet): nfs_client_enable="YES" nfs_client_flags="-n 4" nfs_reserved_port_only="NO" nfs_server_enable="YES" nfs_server_flags="-u -t -n 4" rpcbind_enable="YES" smb.conf: [global] workgroup = WORKGROUP encrypt passwords = yes log file = /var/log/samba/log.%m log level = 6 passdb:3 auth:3 # log level = 5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes preferred master = yes dns proxy = no guest ok = no change notify timeout = 10 [local] path = /store writeable = yes public = yes hosts deny = shiina pinocchio create mask = 0770 [remote] path = /rmt writeable = yes public = yes hosts allow = sexbox hosts deny = shiina pinocchio create mask = 0770 PC_2's information: uname: FreeBSD hoover.localdomain 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #17: Tue Dec 19 23:00:01 PST 2006 gcooper@hoover.localdomain:/usr/obj/usr/src/sys/HOOVER i386 /etc/make.conf: CFLAGS= -O2 -pipe CXXFLAGS= ${CFLAGS} COPTFLAGS= ${CFLAGS} -msse -msse2 -mfpmath=sse,387 /etc/rc.conf (snippet): nfs_client_enable="YES" nfs_client_flags="-n 4" nfs_reserved_port_only="NO" nfs_server_enable="YES" nfs_server_flags="-u -t -n 4" rpcbind_enable="YES" From owner-freebsd-net@FreeBSD.ORG Thu Dec 21 12:22:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B1D3516A416 for ; Thu, 21 Dec 2006 12:22:20 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.freebsd.org (Postfix) with ESMTP id 8992713C4B2 for ; Thu, 21 Dec 2006 12:22:10 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so2834868nfc for ; Thu, 21 Dec 2006 04:22:09 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VbjGJ9SZVMBD6N2LzB8aaNVJdEFAyzK/7XqeDtTgucOMsx3/7tsA+PZl350en8e8m9m5qk3Q3vMDs3sj8KPcF+NTkQEEn1VU15q0NCicprxVItlO22NsUOH7gUUStpQvbQHRuic4hcvFblWnrBI4BkUBFnFs5Esj/h9tKZYGMUo= Received: by 10.82.184.2 with SMTP id h2mr1868863buf.1166694519186; Thu, 21 Dec 2006 01:48:39 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 01:48:38 -0800 (PST) Message-ID: <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> Date: Thu, 21 Dec 2006 09:48:38 +0000 From: Chris To: "Jeremie Le Hen" In-Reply-To: <20061220084515.GK48407@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> Cc: freebsd-net@freebsd.org, Andre Oppermann , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 12:22:20 -0000 On 20/12/06, Jeremie Le Hen wrote: > Hi Andre, > > Thank you for your work, it looks very exciting ! > > On Thu, Dec 14, 2006 at 01:26:03PM +0100, Andre Oppermann wrote: > > The > > automatic send buffer is not perfect either and has some cases where > > it may allocate too much resources of the host to a particular connection. > > OTOH it does much better than the small fixed sized buffer we had before. > > This makes me think it makes easier the way to a DoS. A malicious user > with a big pipe may open several TCP connections and then manage > each send buffer to reach the maximum size (which is eight time bigger > the classical one by default). This would mean it is eight time > easier to exhaust kernel memory. In this case, how one could prevent > his box from being a potential victim of this ? > > Thank you. > Best regards > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > I think the opposite, without this patch my send window set to 256k for 'all' connections to allow decent speeds. With the patch most connections will be just 8k in size and some be 256k. so worst case scenario with patch during a DOS they will all use 256k windows but without the patch they would all use 256k regardless. p.s. waiting still for releng 6 patch :) Chris From owner-freebsd-net@FreeBSD.ORG Thu Dec 21 13:56:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7FB7D16A403; Thu, 21 Dec 2006 13:56:42 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id 2E7B513C464; Thu, 21 Dec 2006 13:56:42 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 02A93EB168B; Thu, 21 Dec 2006 21:29:02 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id 74TedKoMIhay; Thu, 21 Dec 2006 21:28:47 +0800 (CST) Received: from [192.168.1.32] (unknown [61.48.133.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 11AC6EB163B; Thu, 21 Dec 2006 21:28:46 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=oN3/5OeCBIHHhOVtbhnrRaVBcEXtWofJZcDeKqyhTrFjZs6hLpTEDWn92hY63gY5t ha8UxSl7mRqQRryd3pTqg== Message-ID: <458A8BD6.5020004@delphij.net> Date: Thu, 21 Dec 2006 21:27:50 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Chris References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> In-Reply-To: <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enigA301D18CD4068FF06D017A56" Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 13:56:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA301D18CD4068FF06D017A56 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Chris wrote: > I think the opposite, without this patch my send window set to 256k > for 'all' connections to allow decent speeds. >=20 > With the patch most connections will be just 8k in size and some be 256= k. >=20 > so worst case scenario with patch during a DOS they will all use 256k > windows but without the patch they would all use 256k regardless. >=20 > p.s. waiting still for releng 6 patch :) Unofficial backport for andre@'s patch. I am testing it on RELENG_6_2 but the box is not heavily loaded, and please note that this is UNOFFICIAL so it's up to you to decide whether you want it. Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enigA301D18CD4068FF06D017A56 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFiovWOfuToMruuMARAzZGAJ40jJBiz7nTSytkptLOgv/rUF43fgCfYbeY tkmDDq0J0hqokJrwuI3Kalk= =64Zc -----END PGP SIGNATURE----- --------------enigA301D18CD4068FF06D017A56-- From owner-freebsd-net@FreeBSD.ORG Thu Dec 21 14:13:09 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D7FB116A403; Thu, 21 Dec 2006 14:13:09 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id CB11213C442; Thu, 21 Dec 2006 14:13:08 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 630E9EB1841; Thu, 21 Dec 2006 22:13:05 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id SYVS4xDu5fpa; Thu, 21 Dec 2006 22:12:58 +0800 (CST) Received: from [192.168.1.32] (unknown [61.48.133.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 753A6EB0F3C; Thu, 21 Dec 2006 22:12:57 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=Z/d4zdDbzwhRaZ3aLgXwR8NFFCVLXqWWXthWHYqo/fgcwSCUqpqbN5a5gee83HU1B lIs6a6n9ksVwKEd6M9wIA== Message-ID: <458A9633.1060908@delphij.net> Date: Thu, 21 Dec 2006 22:12:03 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: LI Xin References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> In-Reply-To: <458A8BD6.5020004@delphij.net> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enigF70C1B916D22A4D2B4CB660A" Cc: Chris , freebsd-net@freebsd.org, Jeremie Le Hen , Andre Oppermann , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 14:13:09 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF70C1B916D22A4D2B4CB660A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable LI Xin wrote: > Hi, >=20 > Chris wrote: >> I think the opposite, without this patch my send window set to 256k >> for 'all' connections to allow decent speeds. >> >> With the patch most connections will be just 8k in size and some be 25= 6k. >> >> so worst case scenario with patch during a DOS they will all use 256k >> windows but without the patch they would all use 256k regardless. >> >> p.s. waiting still for releng 6 patch :) >=20 > Unofficial backport for andre@'s patch. I am testing it on RELENG_6_2 > but the box is not heavily loaded, and please note that this is > UNOFFICIAL so it's up to you to decide whether you want it. Oops, forgot the patch. http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RELEN= G_6.diff Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enigF70C1B916D22A4D2B4CB660A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFipYzOfuToMruuMARA8qrAJ9h+/UZqI37hShauzmzXrKTJw1EggCeM0h/ yQqiNq+fIi3DTsajYTo/mGg= =F8F/ -----END PGP SIGNATURE----- --------------enigF70C1B916D22A4D2B4CB660A-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 00:28:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6FB3216A403 for ; Fri, 22 Dec 2006 00:28:42 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0814613C465 for ; Fri, 22 Dec 2006 00:28:41 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3026319nfc for ; Thu, 21 Dec 2006 16:28:41 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=q2MhSugqR3acyvbu7BounVA4SlN2B2bhKxYbowD3PEMbhpJ30G0+qF3ffKKtzEFSHBp0TWiup6AQgi0JFzmMTDQYmfFHEqQsQhm7poZhiWAPDl5OsidWSVGzKN3rGXi3lW3KGy4k+kTK5q4pMNG276dLVta+gGYt+KLh9t0hchQ= Received: by 10.82.169.4 with SMTP id r4mr2030842bue.1166745821785; Thu, 21 Dec 2006 16:03:41 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 16:03:41 -0800 (PST) Message-ID: <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> Date: Fri, 22 Dec 2006 00:03:41 +0000 From: Chris To: "LI Xin" In-Reply-To: <458A9633.1060908@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> Cc: Jeremie Le Hen , freebsd-net@freebsd.org, Andre Oppermann , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 00:28:42 -0000 On 21/12/06, LI Xin wrote: > LI Xin wrote: > > Hi, > > > > Chris wrote: > >> I think the opposite, without this patch my send window set to 256k > >> for 'all' connections to allow decent speeds. > >> > >> With the patch most connections will be just 8k in size and some be 256k. > >> > >> so worst case scenario with patch during a DOS they will all use 256k > >> windows but without the patch they would all use 256k regardless. > >> > >> p.s. waiting still for releng 6 patch :) > > > > Unofficial backport for andre@'s patch. I am testing it on RELENG_6_2 > > but the box is not heavily loaded, and please note that this is > > UNOFFICIAL so it's up to you to decide whether you want it. > > Oops, forgot the patch. > > http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RELENG_6.diff > > Cheers, > -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > > > > Thanks will this apply ok against src with the send patch already applied or should I recvsup and then apply this clean? Chris From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 01:14:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9EABF16A412 for ; Fri, 22 Dec 2006 01:14:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outH.internet-mail-service.net (outH.internet-mail-service.net [216.240.47.231]) by mx1.freebsd.org (Postfix) with ESMTP id 8436213C469 for ; Fri, 22 Dec 2006 01:14:13 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Thu, 21 Dec 2006 16:44:19 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBM10MT0082130 for ; Thu, 21 Dec 2006 17:00:24 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458B2E19.2040708@elischer.org> Date: Thu, 21 Dec 2006 17:00:09 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: bridging ethernets containing vlans, X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 01:14:13 -0000 If I bridge two ethernets, one with HW_vlan tagging and the other without, and there are vlans active on that network, am I right in assuming that it requires that the two ethernets need to both have their HW_vlan capabilities on or off, but that it won't work if they are mixed? The bridging code seems to turn on and off promiscuous mode for the interfaces and bridge_mutecaps() seems to turn on the HX Checksup capacity, but there doesn't seem to be any code whereby the VLAN tagging is enabled or disabled. This means that bridging a HW-VLAN interface with one that doesn't support HW vlans will result in just the base packet being transmitted and the vlan header being dropped. Am I reading this right? shouldn't the function bridge_mutecaps() also turn off HW vlan handling? and is it just a case of adding it to BRIDGE_IFCAPS_MASK? From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 02:10:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B38916A403; Fri, 22 Dec 2006 02:10:04 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id C651D13C442; Fri, 22 Dec 2006 02:10:02 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id D6081EB2081; Fri, 22 Dec 2006 10:10:01 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id S-jtiGdrIauL; Fri, 22 Dec 2006 10:09:54 +0800 (CST) Received: from [10.217.12.210] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 8FE33EB08D6; Fri, 22 Dec 2006 10:09:54 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=m9Zh1P0G/0MiWtT574300rBc9hirfI/rx9VrLFA/CBPjKaNiiyaW/AqOWE/Ndx7t+ XO29Mkd5TfgsS37lmdnog== Message-ID: <458B3E39.8080601@delphij.net> Date: Fri, 22 Dec 2006 10:08:57 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Chris References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> In-Reply-To: <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enigC6AEFE1D811791FBB16B9A8D" Cc: Jeremie Le Hen , freebsd-net@freebsd.org, Andre Oppermann , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 02:10:04 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC6AEFE1D811791FBB16B9A8D Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Chris wrote: [...] >> >> p.s. waiting still for releng 6 patch :) >> > >> > Unofficial backport for andre@'s patch. I am testing it on RELENG_6= _2 >> > but the box is not heavily loaded, and please note that this is >> > UNOFFICIAL so it's up to you to decide whether you want it. >> >> Oops, forgot the patch. >> >> http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RE= LENG_6.diff >> >=20 > Thanks will this apply ok against src with the send patch already > applied or should I recvsup and then apply this clean? I think it would not apply, you will need to restore the original revisions. On the other hand I think the send side patch is the same, but I have not checked it... Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enigC6AEFE1D811791FBB16B9A8D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFiz45OfuToMruuMARA32IAJ9rpHSQ+CRIiuGMXXXsvpj2JTGYbQCff0hP mQ5H+1MhcY9IZ7no9Li8DbY= =12l0 -----END PGP SIGNATURE----- --------------enigC6AEFE1D811791FBB16B9A8D-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 02:31:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD7AF16A403 for ; Fri, 22 Dec 2006 02:31:30 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.freebsd.org (Postfix) with ESMTP id 7510513C45B for ; Fri, 22 Dec 2006 02:31:30 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3055127nfc for ; Thu, 21 Dec 2006 18:31:29 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mcJO8EnWYFBHaV6fJ03WPZjmzVCOq5EJW5r1gGxdJE3l5w7e72ZlQOW9QrPSIpAJD836DaJBXHwrTQh+rff71XKVaIX3RdugsWZO+h8RU0dNRffqucKHv6Rq1XTQaos6sd3DOd06dyaAWhsvtaumFGFdk9ESBuOX1R1/492ugO8= Received: by 10.82.135.13 with SMTP id i13mr2035380bud.1166754689277; Thu, 21 Dec 2006 18:31:29 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 18:31:29 -0800 (PST) Message-ID: <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> Date: Fri, 22 Dec 2006 02:31:29 +0000 From: Chris To: "LI Xin" In-Reply-To: <458B3E39.8080601@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> <458B3E39.8080601@delphij.net> Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 02:31:31 -0000 On 22/12/06, LI Xin wrote: > Chris wrote: > [...] > >> >> p.s. waiting still for releng 6 patch :) > >> > > >> > Unofficial backport for andre@'s patch. I am testing it on RELENG_6_2 > >> > but the box is not heavily loaded, and please note that this is > >> > UNOFFICIAL so it's up to you to decide whether you want it. > >> > >> Oops, forgot the patch. > >> > >> http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RELENG_6.diff > >> > > > > Thanks will this apply ok against src with the send patch already > > applied or should I recvsup and then apply this clean? > > I think it would not apply, you will need to restore the original > revisions. On the other hand I think the send side patch is the same, > but I have not checked it... > > Cheers, > -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > > > > I ran cvsup again, unfortenatly there was changes in world since the last cvsup so I have done a new buildworld as well to keep it all synched and then done a unpatched kernel, after that I have patched and using testkernel. So far seems to be working fine. Thanks Chris From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 02:36:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7068B16A403; Fri, 22 Dec 2006 02:36:21 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id D01CE13C44C; Fri, 22 Dec 2006 02:36:20 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 0013AEB20B3; Fri, 22 Dec 2006 10:36:19 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id Bdl+dfWrjCJP; Fri, 22 Dec 2006 10:36:13 +0800 (CST) Received: from [10.217.12.210] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id A1862EB209F; Fri, 22 Dec 2006 10:36:10 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=VePChWCmafSH4GnKu+YSgKszES/M0bsQs8nB1uE29aZD9CAT5TkORVITmX+u3FEFx STNQe8q7u+fUn56owNs5w== Message-ID: <458B4462.2010602@delphij.net> Date: Fri, 22 Dec 2006 10:35:14 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Chris References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> <458B3E39.8080601@delphij.net> <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> In-Reply-To: <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enig44D03D936222A07D4ADF08C1" Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 02:36:21 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig44D03D936222A07D4ADF08C1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Chris wrote: > On 22/12/06, LI Xin wrote: >> Chris wrote: >> [...] >> >> >> p.s. waiting still for releng 6 patch :) >> >> > >> >> > Unofficial backport for andre@'s patch. I am testing it on >> RELENG_6_2 >> >> > but the box is not heavily loaded, and please note that this is >> >> > UNOFFICIAL so it's up to you to decide whether you want it. >> >> >> >> Oops, forgot the patch. >> >> >> >> >> http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RE= LENG_6.diff >> >> >> >> > >> > Thanks will this apply ok against src with the send patch already >> > applied or should I recvsup and then apply this clean? >> >> I think it would not apply, you will need to restore the original >> revisions. On the other hand I think the send side patch is the same,= >> but I have not checked it... >> >=20 > I ran cvsup again, unfortenatly there was changes in world since the > last cvsup so I have done a new buildworld as well to keep it all > synched and then done a unpatched kernel, after that I have patched > and using testkernel. So far seems to be working fine. Thanks Yes, you need to rebuild stuff that depends on TCP in-kernel structures, for instance netstat(1), etc., to pick up with the change. Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig44D03D936222A07D4ADF08C1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFi0RiOfuToMruuMARA/PrAJ9hVtmGyii0NMo4XdoODoFcri0LwQCfcbCV U4O0JetdQ47ECv86vnvrNoY= =5xx0 -----END PGP SIGNATURE----- --------------enig44D03D936222A07D4ADF08C1-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 02:55:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 22B0A16A417 for ; Fri, 22 Dec 2006 02:55:13 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.freebsd.org (Postfix) with ESMTP id 923E813C442 for ; Fri, 22 Dec 2006 02:55:12 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3060175nfc for ; Thu, 21 Dec 2006 18:55:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JKo6sH+HmPYla39HLPVCDGM1vDamLlAZoBLFrdvoWVLWaghxDHsK09Co0c4KhtDED+jmB/dr1oNYaluci3tf8oCjeF9Yh/ej257N4VRM1ghTIvBUJA0xpNTSUBehLHcsVIJdM/nKhWWHmvPopGRisNNM6u79W8L3NviN32jOb9I= Received: by 10.82.120.14 with SMTP id s14mr2046411buc.1166756111219; Thu, 21 Dec 2006 18:55:11 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 18:55:10 -0800 (PST) Message-ID: <3aaaa3a0612211855k16c2e87qdee8d6abfe627a5e@mail.gmail.com> Date: Fri, 22 Dec 2006 02:55:10 +0000 From: Chris To: "LI Xin" In-Reply-To: <458B4462.2010602@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> <458B3E39.8080601@delphij.net> <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> <458B4462.2010602@delphij.net> Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 02:55:13 -0000 On 22/12/06, LI Xin wrote: > Chris wrote: > > On 22/12/06, LI Xin wrote: > >> Chris wrote: > >> [...] > >> >> >> p.s. waiting still for releng 6 patch :) > >> >> > > >> >> > Unofficial backport for andre@'s patch. I am testing it on > >> RELENG_6_2 > >> >> > but the box is not heavily loaded, and please note that this is > >> >> > UNOFFICIAL so it's up to you to decide whether you want it. > >> >> > >> >> Oops, forgot the patch. > >> >> > >> >> > >> http://people.freebsd.org/~delphij/misc/patch-tcp_auto_buf-20061212-RELENG_6.diff > >> > >> >> > >> > > >> > Thanks will this apply ok against src with the send patch already > >> > applied or should I recvsup and then apply this clean? > >> > >> I think it would not apply, you will need to restore the original > >> revisions. On the other hand I think the send side patch is the same, > >> but I have not checked it... > >> > > > > I ran cvsup again, unfortenatly there was changes in world since the > > last cvsup so I have done a new buildworld as well to keep it all > > synched and then done a unpatched kernel, after that I have patched > > and using testkernel. So far seems to be working fine. Thanks > > Yes, you need to rebuild stuff that depends on TCP in-kernel structures, > for instance netstat(1), etc., to pick up with the change. > > Cheers, > -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > > > > Oh so after the patch I have to do another buildworld not just kernel? Chris From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 03:08:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E56FF16A416; Fri, 22 Dec 2006 03:08:41 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id 8B45D13C43E; Fri, 22 Dec 2006 03:08:40 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id AED13EB20E4; Fri, 22 Dec 2006 11:08:39 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id gGooSmoC8pwA; Fri, 22 Dec 2006 11:08:32 +0800 (CST) Received: from [10.217.12.210] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 1F3F5EB20B4; Fri, 22 Dec 2006 11:08:31 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=f1OIa10AkGNoIFtDpWAeFbUJvVNh5oB6kQ0MZqYQ2gdulIZRbJDzdiCujZ+Qzz8O5 1ciJ2j7tcPFwmhC8OswwQ== Message-ID: <458B4BF7.9060603@delphij.net> Date: Fri, 22 Dec 2006 11:07:35 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Chris References: <457F2D82.6000905@freebsd.org> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> <458B3E39.8080601@delphij.net> <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> <458B4462.2010602@delphij.net> <3aaaa3a0612211855k16c2e87qdee8d6abfe627a5e@mail.gmail.com> In-Reply-To: <3aaaa3a0612211855k16c2e87qdee8d6abfe627a5e@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enig70487F99F7D157F8CC190ECD" Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 03:08:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig70487F99F7D157F8CC190ECD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Chris wrote: [...] >> > I ran cvsup again, unfortenatly there was changes in world since the= >> > last cvsup so I have done a new buildworld as well to keep it all >> > synched and then done a unpatched kernel, after that I have patched >> > and using testkernel. So far seems to be working fine. Thanks >> >> Yes, you need to rebuild stuff that depends on TCP in-kernel structure= s, >> for instance netstat(1), etc., to pick up with the change. >=20 > Oh so after the patch I have to do another buildworld not just kernel? It's not strictly required, if you do not use these utilities to get information about TCP connection. However, it's recommended to do buildworld. BTW: The best practice is to do buildworld *before* buildkernel, and do installkernel before installworld. Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig70487F99F7D157F8CC190ECD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFi0v3OfuToMruuMARA2YJAJ4356nUALgUxnJxQobd5NzcD9UMHQCdH/Uf jXTYMVIY055dzFUgRQsNmEI= =nJoO -----END PGP SIGNATURE----- --------------enig70487F99F7D157F8CC190ECD-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 03:37:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34F0616A403 for ; Fri, 22 Dec 2006 03:37:26 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id A90AF13C44B for ; Fri, 22 Dec 2006 03:37:25 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3069076nfc for ; Thu, 21 Dec 2006 19:37:24 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lTXS8zKBJ42EnqiKAUTCz0wWvJWkHfLAT9xVmn+qzmF+aUeA+gJie9ZLUWNKFVWDDPuny3lZz+zyCKU3iVMvsqhhJ4uvJ3JGQErL8qRuCX7n2SRf3Cj23/OD6qZFRP61fH1Nw3OkRX6zDP+NY8Lehl59kyuzseS2EbWGkxPqhpM= Received: by 10.82.167.5 with SMTP id p5mr390263bue.1166758644344; Thu, 21 Dec 2006 19:37:24 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 19:37:24 -0800 (PST) Message-ID: <3aaaa3a0612211937g12d97d5cm1f68ed8b943f9419@mail.gmail.com> Date: Fri, 22 Dec 2006 03:37:24 +0000 From: Chris To: "LI Xin" In-Reply-To: <458B4BF7.9060603@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> <458A8BD6.5020004@delphij.net> <458A9633.1060908@delphij.net> <3aaaa3a0612211603i28111be4ve51ae47ef6c26bcd@mail.gmail.com> <458B3E39.8080601@delphij.net> <3aaaa3a0612211831u420aa76eq7088dcc9901d412b@mail.gmail.com> <458B4462.2010602@delphij.net> <3aaaa3a0612211855k16c2e87qdee8d6abfe627a5e@mail.gmail.com> <458B4BF7.9060603@delphij.net> Cc: freebsd-net@freebsd.org, Andre Oppermann , Jeremie Le Hen , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 03:37:26 -0000 On 22/12/06, LI Xin wrote: > Chris wrote: > [...] > >> > I ran cvsup again, unfortenatly there was changes in world since the > >> > last cvsup so I have done a new buildworld as well to keep it all > >> > synched and then done a unpatched kernel, after that I have patched > >> > and using testkernel. So far seems to be working fine. Thanks > >> > >> Yes, you need to rebuild stuff that depends on TCP in-kernel structures, > >> for instance netstat(1), etc., to pick up with the change. > > > > Oh so after the patch I have to do another buildworld not just kernel? > > It's not strictly required, if you do not use these utilities to get > information about TCP connection. However, it's recommended to do > buildworld. > > BTW: The best practice is to do buildworld *before* buildkernel, and do > installkernel before installworld. > > Cheers, > -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > > > > Sorry I was unaware it needed that as the send patch only needed a kernel. I think only send windows are been adjusted as I noticed poor speeds going 'to' the server. debug.log has many like this. Dec 22 03:35:24 heaven kernel: tcp_output: inc sockbuf, old 156144, new 164336, sb_cc 153464, snd_wnd 127424, sendwnd 108600 which indicates send is been adjusted right? but nothing with recv. Chris From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 05:00:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C895E16A407; Fri, 22 Dec 2006 05:00:59 +0000 (UTC) (envelope-from fernando@gont.com.ar) Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by mx1.freebsd.org (Postfix) with ESMTP id 8140513C44C; Fri, 22 Dec 2006 05:00:59 +0000 (UTC) (envelope-from fernando@gont.com.ar) Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 290C0F0C41B; Fri, 22 Dec 2006 01:31:45 -0300 (ART) Received: from fgont.gont.com.ar (157-184-231-201.fibertel.com.ar [201.231.184.157]) (authenticated bits=0) by venus.xmundo.net (8.12.11.20060308/8.12.11) with ESMTP id kBM4VdkC024975; Fri, 22 Dec 2006 01:31:44 -0300 Message-Id: <7.0.1.0.0.20061220030810.0675daa8@gont.com.ar> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Wed, 20 Dec 2006 03:12:28 -0300 To: Randall Stewart , "Bruce M. Simpson" From: Fernando Gont In-Reply-To: <4587E869.90108@cisco.com> References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> <458745F8.4090707@FreeBSD.org> <4587E869.90108@cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (venus.xmundo.net [201.216.232.56]); Fri, 22 Dec 2006 01:31:44 -0300 (ART) Cc: freebsd-net@freebsd.org, dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 05:00:59 -0000 At 10:26 19/12/2006, Randall Stewart wrote: >I have always thought of it as a bit of a hack as well... and >there is one really big problem with it.. It has no value >unless you can tell your network-interface card to deliver >damaged packets. I don't know if some cards have this option >now or not.. nor if an API in any driver exists for it... without this >you will find very very few packets that are "damaged" that >do get through.. since generally the link layer checksum >is a MUCH better CRC vs the very weak IP/UDP checksum :-0 Each check is meant to detect a different type/source of errors. The CRC is meant to detect burst errors, which are lokely to occur due to, eg, noise. OTOH, the checksum is meant to detect single bit errors, which are more likely to occur in the memory of the processing systems. There'sa paper by Stone and Partridge (in ACM's CCR) in which they show errors that, IIRC, were not caught by the CRC, but *were* caught by the checksum. Kindest regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 08:33:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 055E916A416 for ; Fri, 22 Dec 2006 08:33:18 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.freebsd.org (Postfix) with ESMTP id A399313C45D for ; Fri, 22 Dec 2006 08:33:16 +0000 (UTC) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.3) with ESMTP id kBM8D6lq096756; Fri, 22 Dec 2006 11:13:06 +0300 (MSK) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.3/Submit) id kBM8D55w096755; Fri, 22 Dec 2006 11:13:05 +0300 (MSK) (envelope-from yar) Date: Fri, 22 Dec 2006 11:13:05 +0300 From: Yar Tikhiy To: Julian Elischer Message-ID: <20061222081304.GB92873@comp.chem.msu.su> References: <458B2E19.2040708@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <458B2E19.2040708@elischer.org> User-Agent: Mutt/1.5.9i Cc: FreeBSD Net Subject: Re: bridging ethernets containing vlans, X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 08:33:18 -0000 On Thu, Dec 21, 2006 at 05:00:09PM -0800, Julian Elischer wrote: > If I bridge two ethernets, one with HW_vlan tagging and the other > without, and there are vlans active on that network, am I right in > assuming that it requires that the two ethernets need to both have their > HW_vlan capabilities on or off, but that it won't work if they are mixed? > > The bridging code seems to turn on and off promiscuous mode for the > interfaces and bridge_mutecaps() seems to turn on the HX Checksup > capacity, but there doesn't seem to be any code whereby the > VLAN tagging is enabled or disabled. > > This means that bridging a HW-VLAN interface with one that > doesn't support HW vlans will result in just the base packet being > transmitted and the vlan header being dropped. > > Am I reading this right? > shouldn't the function bridge_mutecaps() also turn off HW vlan handling? > and is it just a case of adding it to BRIDGE_IFCAPS_MASK? I'd rather convert between the in-band and ouf-of-band representation of the VLAN tag in software. The problem with h/w capabilities is that no one can promise you that a particular NIC+driver pair can really control a particular capability; it can just stay always on due to driver incompleteness or firmware bogosity. On the output path, well-tempered network interfaces with VLAN_HWTAG should be able to accept both in-band and ouf-of-band tags, but real-world NICs can fail to operate in such a mixed mode. Many pitfalls lurk in the hardware acceleration of networking operations. -- Yar From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 11:11:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C22A916A49E for ; Fri, 22 Dec 2006 11:11:17 +0000 (UTC) (envelope-from gloomygroup@hotmail.com) Received: from bay0-omc1-s31.bay0.hotmail.com (bay0-omc1-s31.bay0.hotmail.com [65.54.246.103]) by mx1.freebsd.org (Postfix) with ESMTP id AED3B13C46C for ; Fri, 22 Dec 2006 11:11:17 +0000 (UTC) (envelope-from gloomygroup@hotmail.com) Received: from hotmail.com ([65.55.136.113]) by bay0-omc1-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 22 Dec 2006 03:09:18 -0800 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 22 Dec 2006 03:09:18 -0800 Message-ID: Received: from 65.55.136.123 by by131fd.bay131.hotmail.msn.com with HTTP; Fri, 22 Dec 2006 11:09:17 GMT X-Originating-IP: [202.79.53.71] X-Originating-Email: [gloomygroup@hotmail.com] X-Sender: gloomygroup@hotmail.com From: "Gloomy Group" To: freebsd-net@freebsd.org Date: Fri, 22 Dec 2006 11:09:17 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 22 Dec 2006 11:09:18.0088 (UTC) FILETIME=[9FA47080:01C725B9] Subject: FreeBSD PPPoE server and IP Conflict X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 11:11:17 -0000 Hi list, I have setup freebsd pppoe server in 6.0. My ppp.conf server is as follows. Problem I have been facing is server assigns the same ip address to the two different clients and the clients IP get conflicted. I have followed WARTA project papers to do the bandwidth shaping for pppoe server (http://www.hpi.net/whitepapers/warta/) Can anybody tell my why freebsd pppoe server assign to same ip address for different clients. Like when user "abc" connect he get 192.168.2.10 IP and when another user connect at the same time he also gets the same ip address i.e. 192.168.2.10. Any suggestion for freebsd pppoe server with radius authentication. default: enable lqr set lqrperiod 5 enable echo enable lqr echo enable pap #allow users allow mode direct set mru 1480 set mtu 1480 set timeout 7200 set speed sync set ifaddr 202.xx.xx.xxx 202.xx.xx.1-202.xx.xx.254 set radius /etc/radius.conf accept dns _________________________________________________________________ Dave vs. Carl: The Insignificant Championship Series.  Who will win? http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://davevscarl.spaces.live.com/?icid=T001MSN38C07001 From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 12:59:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00CF916A586; Fri, 22 Dec 2006 12:59:26 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mx1.freebsd.org (Postfix) with ESMTP id CC2D213C45A; Fri, 22 Dec 2006 12:59:25 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-5.cisco.com with ESMTP; 22 Dec 2006 04:30:37 -0800 Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11/8.12.11) with ESMTP id kBMCUbC1006306; Fri, 22 Dec 2006 04:30:37 -0800 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id kBMCUbUH013551; Fri, 22 Dec 2006 04:30:37 -0800 (PST) Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 22 Dec 2006 04:30:37 -0800 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 22 Dec 2006 04:30:36 -0800 Message-ID: <458BCFB9.6000207@cisco.com> Date: Fri, 22 Dec 2006 07:29:45 -0500 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Fernando Gont References: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> <458745F8.4090707@FreeBSD.org> <4587E869.90108@cisco.com> <7.0.1.0.0.20061220030810.0675daa8@gont.com.ar> In-Reply-To: <7.0.1.0.0.20061220030810.0675daa8@gont.com.ar> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 22 Dec 2006 12:30:36.0717 (UTC) FILETIME=[FB8825D0:01C725C4] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1902; t=1166790637; x=1167654637; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20UDP=20lite=20for=20FreeBSD |Sender:=20; bh=1vFm7lVVO4druZ98Jja/GDUmexnGfZDYq4iJPrhXllQ=; b=Gca/FBApTgkq5XZ3KunFkJN+rlDB6JsaWX+W9+1LYGK7mZ3MCL8943MXPu7nbh7apvz+sDL6 TUZGPzzl3yrAWexWPumH1yUOCwgaElpoBtJNGX/lLgomjDKV06HkUYCt; Authentication-Results: sj-dkim-5; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim5002 verified; ); Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" , dave jones Subject: Re: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 12:59:26 -0000 Fernando: comments in-line.. Fernando Gont wrote: > At 10:26 19/12/2006, Randall Stewart wrote: > >> I have always thought of it as a bit of a hack as well... and >> there is one really big problem with it.. It has no value >> unless you can tell your network-interface card to deliver >> damaged packets. I don't know if some cards have this option >> now or not.. nor if an API in any driver exists for it... without this >> you will find very very few packets that are "damaged" that >> do get through.. since generally the link layer checksum >> is a MUCH better CRC vs the very weak IP/UDP checksum :-0 > > > Each check is meant to detect a different type/source of errors. The CRC > is meant to detect burst errors, which are lokely to occur due to, eg, > noise. OTOH, the checksum is meant to detect single bit errors, which > are more likely to occur in the memory of the processing systems. > > There'sa paper by Stone and Partridge (in ACM's CCR) in which they show > errors that, IIRC, were not caught by the CRC, but *were* caught by the > checksum. That is not my point, I am well aware of Jonathan's work (we worked together to change SCTP's checksum).. my point is that the whole idea of the udp-lite is so that damaged packets still will arrive at the codec. The encoders would like ALL damaged packets.. not just the ones corrupted by the intervening routers and hosts. So the solution is not complete without a tweak at layer-2 to get the information. Especially since layer-2 is, in most cases, going to have more errors than layer-3/4. Of course we need to be glad of that since the UDP/TCP checksum will pass (on average) bad data every 1 in 10-million packets... if the link layer were not as good it would pass more than that :-0 R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell) From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 15:57:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D1C0916A505 for ; Fri, 22 Dec 2006 15:57:05 +0000 (UTC) (envelope-from fxcabral@yahoo.com.br) Received: from smtp102.mail.mud.yahoo.com (smtp102.mail.mud.yahoo.com [209.191.85.212]) by mx1.freebsd.org (Postfix) with SMTP id 83F3413C41A for ; Fri, 22 Dec 2006 15:57:05 +0000 (UTC) (envelope-from fxcabral@yahoo.com.br) Received: (qmail 63150 invoked from network); 22 Dec 2006 15:43:43 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.br; h=Received:X-YMail-OSG:Subject:From:To:Content-Type:Date:Message-Id:Mime-Version:X-Mailer:Content-Transfer-Encoding; b=F4gxQRSP0HkJcH4uXt//4Wz4KqtW3eNjOb6//K0KKtfK9octv1O+a8dpMn6FRroOcsMrMcmKD6eHssjZS7yNY/g8ugK+cjUJtJSgbndKovm908cZXGL05cVK/M9LhysWrzPl+L0Ar1PMcLRzRCwf1KuQTaJU3bMGXM0aGo38Qn4= ; Received: from unknown (HELO ?10.1.1.2?) (fxcabral@201.79.193.81 with login) by smtp102.mail.mud.yahoo.com with SMTP; 22 Dec 2006 15:43:42 -0000 X-YMail-OSG: aJ0DQKcVM1lbTZ_jEOC7jaH444x_O2bCUv2gyD8iPq_cvzkJ1Y.ZMZNnHj9..wWHdTEqYoBZ8.flcyTMII_FzR26r8HqAfP0.USmPpkaxMmpWKHrn_LBYzOe0EOu64W6imOV8fXLUcEP9Os- From: =?ISO-8859-1?Q?Fabr=EDcio?= Barros Cabral To: freebsd-net@freebsd.org Content-Type: text/plain Date: Fri, 22 Dec 2006 12:43:29 -0300 Message-Id: <1166802209.7642.17.camel@hades.no-ip.org> Mime-Version: 1.0 X-Mailer: Evolution 2.6.3 Content-Transfer-Encoding: 7bit Subject: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 15:57:05 -0000 Hello everybody! I'm developing a network application which needs *to intercept* a packet (not just *copy* a packet, like libpcap does), move this packet into my application (userland), do some checking in the packet and according with some heuristics, the application may change the payload and re-inject the modified packet into the network. Note that sometimes, I'll change the payload, drop the packet or just let it go. So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. Thanks in advance, --fx _______________________________________________________ Yahoo! Mail - Sempre a melhor opção para você! Experimente já e veja as novidades. http://br.yahoo.com/mailbeta/tudonovo/ From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 16:17:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 15E0116A416 for ; Fri, 22 Dec 2006 16:17:00 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id A37A213C44B for ; Fri, 22 Dec 2006 16:16:59 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.179.215] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1GxmsY471E-0003p1; Fri, 22 Dec 2006 17:04:15 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 22 Dec 2006 17:04:04 +0100 User-Agent: KMail/1.9.4 References: <1166802209.7642.17.camel@hades.no-ip.org> In-Reply-To: <1166802209.7642.17.camel@hades.no-ip.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2677091.H2kUGekpqp"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200612221704.09522.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: =?iso-8859-1?q?Fabr=EDcio_Barros_Cabral?= Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 16:17:00 -0000 --nextPart2677091.H2kUGekpqp Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 22 December 2006 16:43, Fabr=EDcio Barros Cabral wrote: > I'm developing a network application which needs *to intercept* a > packet (not just *copy* a packet, like libpcap does), move this packet > into my application (userland), do some checking in the packet and > according with some heuristics, the application may change the payload > and re-inject the modified packet into the network. Note that > sometimes, I'll change the payload, drop the packet or just let it go. > > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. Sounds like you are looking for divert(4) sockets. Look at natd(8) for an= =20 example useage. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2677091.H2kUGekpqp Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFjAH5XyyEoT62BG0RAmtpAJ4tLqDKHGq3HYFj7xkvsOOE12kX6wCfWV52 fCRl1oHJIDJTfGWlpfLSGhw= =5kZq -----END PGP SIGNATURE----- --nextPart2677091.H2kUGekpqp-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 16:22:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 32E5916A403 for ; Fri, 22 Dec 2006 16:22:15 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.freebsd.org (Postfix) with ESMTP id 0826113C457 for ; Fri, 22 Dec 2006 16:22:10 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 21E215EDD; Fri, 22 Dec 2006 11:04:07 -0500 (EST) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Df9Qy2RC7y3n; Fri, 22 Dec 2006 11:04:03 -0500 (EST) Received: from [192.168.1.251] (pool-68-161-114-230.ny325.east.verizon.net [68.161.114.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 3EE355C0F; Fri, 22 Dec 2006 11:04:03 -0500 (EST) Message-ID: <458C01EA.3080207@mac.com> Date: Fri, 22 Dec 2006 11:03:54 -0500 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Fabr=EDcio_Barros_Cabral?= References: <1166802209.7642.17.camel@hades.no-ip.org> In-Reply-To: <1166802209.7642.17.camel@hades.no-ip.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 16:22:15 -0000 Fabrício Barros Cabral wrote: > Hello everybody! > > I'm developing a network application which needs *to intercept* a packet > (not just *copy* a packet, like libpcap does), move this packet into my > application (userland), do some checking in the packet and according > with some heuristics, the application may change the payload and > re-inject the modified packet into the network. Note that sometimes, > I'll change the payload, drop the packet or just let it go. > > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. Use IPFW plus a divert socket, or possibly netgraph. See the sources for natd for an example of a userland app which intercepts and re-injects packets, possibly modified... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 16:29:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C2B6C16A40F for ; Fri, 22 Dec 2006 16:29:49 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 7A43313C46C for ; Fri, 22 Dec 2006 16:29:49 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender:X-Spam-Status:Subject; b=oWvpKC1Y8cvmbtX50uibnXZAk2F5wBCdqDFpZS/c1XeZ09zSxzpne+RyfFItqJvK523cp/uwxPpOb2pQUhXzs+0KHh/1FUWAnBqYpCokvEu5Q7gU0Nyp3a4/ME7tTOurS+h8+xQA9/ZylohHZR7SsNhjWb2ZdS4vLVjM0RGorfE=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1GxmwX-0008Bx-JV; Fri, 22 Dec 2006 19:08:21 +0300 Date: Fri, 22 Dec 2006 19:08:13 +0300 From: Eygene Ryabinkin To: Fabr?cio Barros Cabral Message-ID: <20061222160812.GB31089@codelabs.ru> References: <1166802209.7642.17.camel@hades.no-ip.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <1166802209.7642.17.camel@hades.no-ip.org> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-1.6 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 Cc: freebsd-net@freebsd.org Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 16:29:49 -0000 Fabricio, good day! > I'm developing a network application which needs *to intercept* a packet > (not just *copy* a packet, like libpcap does), move this packet into my > application (userland), do some checking in the packet and according > with some heuristics, the application may change the payload and > re-inject the modified packet into the network. Note that sometimes, > I'll change the payload, drop the packet or just let it go. > > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. Probably you should read the divert(4) manual page and the ipfw(8) manual, looking for the 'divert' directive. The good example of your application is /sbin/natd. The aforementioned facilities are present in FreeBSD at least since 4.x. -- Eygene From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 16:40:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A161F16A40F for ; Fri, 22 Dec 2006 16:40:59 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (grnl-static-02-0046.dsl.iowatelecom.net [69.66.56.110]) by mx1.freebsd.org (Postfix) with ESMTP id 61DE413C447 for ; Fri, 22 Dec 2006 16:40:59 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id kBMG5p81048555; Fri, 22 Dec 2006 10:05:51 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id kBMG5obC048554; Fri, 22 Dec 2006 10:05:50 -0600 (CST) (envelope-from brooks) Date: Fri, 22 Dec 2006 10:05:50 -0600 From: Brooks Davis To: Fabr?cio Barros Cabral Message-ID: <20061222160550.GD47710@lor.one-eyed-alien.net> References: <1166802209.7642.17.camel@hades.no-ip.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W5WqUoFLvi1M7tJE" Content-Disposition: inline In-Reply-To: <1166802209.7642.17.camel@hades.no-ip.org> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 16:40:59 -0000 --W5WqUoFLvi1M7tJE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote: > Hello everybody! >=20 > I'm developing a network application which needs *to intercept* a packet > (not just *copy* a packet, like libpcap does), move this packet into my > application (userland), do some checking in the packet and according > with some heuristics, the application may change the payload and > re-inject the modified packet into the network. Note that sometimes, > I'll change the payload, drop the packet or just let it go. >=20 > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. The feature you're looking for is divert(4) sockets. You use IPFW to decide which packets to divert to userland and can reinject them as needed. -- Brooks --W5WqUoFLvi1M7tJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFjAJeXY6L6fI4GtQRAqb/AKCt0s6N8YLucoERhtW65TesdZMy+ACgyN8T jmhHTlRYgRVLvV8kbShZU8Q= =KfkF -----END PGP SIGNATURE----- --W5WqUoFLvi1M7tJE-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 20:39:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAA5516A403 for ; Fri, 22 Dec 2006 20:39:17 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outC.internet-mail-service.net [216.240.47.226]) by mx1.freebsd.org (Postfix) with ESMTP id A9A5913C43A for ; Fri, 22 Dec 2006 20:39:17 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 22 Dec 2006 12:23:05 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBMKd6YA059969; Fri, 22 Dec 2006 12:39:06 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458C426A.9060604@elischer.org> Date: Fri, 22 Dec 2006 12:39:06 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Julian Elischer References: <457DCD47.5090004@elischer.org> <200612120045.41425.max@love2party.net> <4583119B.20608@elischer.org> <200612160446.02644.max@love2party.net> <4584CE0C.3020307@elischer.org> In-Reply-To: <4584CE0C.3020307@elischer.org> Content-Type: multipart/mixed; boundary="------------000200070908000402080801" Cc: Max Laier , Andre Oppermann , freebsd-net@freebsd.org Subject: Re: [was] addition to ipfw (read vlans from bridge).. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 20:39:17 -0000 This is a multi-part message in MIME format. --------------000200070908000402080801 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Taking to heart comments by Andre and Max (Laier), I have redone this patch in a different manner. The aim is to be able to see inside vlans when bridging. Now, this is a 6.x patch to bridge.c because that is what we are using, but I will make a similar patch to if_bridge.c for 6 and 7 if this meets with approval. Basically if it is a vlan packet, take off the whole vlan header instead of just the ether header, but pass to ipfw, an ether header with the real protocol field substituted in. when finishing put back everything we removed before. The only addition I'd do to this would be to add a sysctl to turn it on if people thought it would be break POLA too much to have it work by default. --------------000200070908000402080801 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="vl.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="vl.diff" Index: bridge.c =================================================================== RCS file: /usr/local/cvsroot/freebsd/src/sys/net/Attic/bridge.c,v retrieving revision 1.93.2.1 diff -u -r1.93.2.1 bridge.c --- bridge.c 25 Aug 2005 05:01:19 -0000 1.93.2.1 +++ bridge.c 22 Dec 2006 20:29:16 -0000 @@ -103,6 +103,7 @@ #include #include /* for struct arpcom */ #include +#include #include #include @@ -932,13 +933,17 @@ bdg_forward(struct mbuf *m0, struct ifnet *dst) { #define EH_RESTORE(_m) do { \ - M_PREPEND((_m), ETHER_HDR_LEN, M_DONTWAIT); \ + M_PREPEND((_m), has_vlan_hdr? sizeof(evl):ETHER_HDR_LEN, M_DONTWAIT); \ if ((_m) == NULL) { \ bdg_dropped++; \ return NULL; \ } \ if (eh != mtod((_m), struct ether_header *)) \ - bcopy(&save_eh, mtod((_m), struct ether_header *), ETHER_HDR_LEN); \ + if (has_vlan_hdr) { \ + bcopy(&save_eh, mtod((_m), struct ether_header *), ETHER_HDR_LEN); \ + } else { \ + bcopy(&evl, mtod((_m), struct ether_header *), sizeof(evl)); \ + } \ else \ bdg_predict++; \ } while (0); @@ -949,6 +954,8 @@ int error; struct ifnet *real_dst = dst; /* real dst from ether_output */ struct ip_fw_args args; + int has_vlan_hdr; + struct ether_vlan_header evl; struct ether_header save_eh; struct mbuf *m; @@ -1022,9 +1029,21 @@ * Furthermore, the mbuf chain might be replaced at various * places. To deal with this we copy the header to a temporary * location, strip the header, and restore it as needed. + * If we have a vlan header we need to synthesize the + * encapsulated ether header and instead store the vlan header + * for replacement later. */ - bcopy(eh, &save_eh, ETHER_HDR_LEN); /* local copy for restore */ - m_adj(m0, ETHER_HDR_LEN); /* temporarily strip header */ + if (eh->ether_type == ETHERTYPE_VLAN) { + bcopy(eh, &evl, sizeof(evl)); /* local copy for restore */ + bcopy(eh, &save_eh, ETHER_HDR_LEN); /* what is passed to ipfw */ + save_eh.ether_type = evl.evl_proto; /* but with the final proto */ + has_vlan_hdr = 1; + m_adj(m0, sizeof(evl)); /* temporarily strip header */ + } else { + bcopy(eh, &save_eh, ETHER_HDR_LEN); /* local copy for restore */ + has_vlan_hdr = 0; + m_adj(m0, ETHER_HDR_LEN); /* temporarily strip header */ + } /* * Check that the IP header is aligned before passing up to the packet --------------000200070908000402080801-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 22:36:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D89BD16A407 for ; Fri, 22 Dec 2006 22:36:15 +0000 (UTC) (envelope-from newroswell@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.freebsd.org (Postfix) with ESMTP id 4A87713C442 for ; Fri, 22 Dec 2006 22:36:15 +0000 (UTC) (envelope-from newroswell@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3330817nfc for ; Fri, 22 Dec 2006 14:36:13 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=gUNusrKJUM/E6l631IOiAFqr5gmBlhEi+azY+ghuC6A7+So1Znst4TH7gk4Wxm9GAZg9hBUiu5HlxHY2j9Oa0nAVVwG/Hq6XhrNXMEjsdvtkTrcyZ28v5B3tXPY1AT1/2jeVtatYdfJJHAoayiOq5Simpbhmt85/KnQ2pDc1QV0= Received: by 10.78.138.6 with SMTP id l6mr1139927hud.1166808726081; Fri, 22 Dec 2006 09:32:06 -0800 (PST) Received: by 10.78.192.15 with HTTP; Fri, 22 Dec 2006 09:32:05 -0800 (PST) Message-ID: <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> Date: Fri, 22 Dec 2006 09:32:05 -0800 From: "Kevin Sanders" To: "Brooks Davis" In-Reply-To: <20061222160550.GD47710@lor.one-eyed-alien.net> MIME-Version: 1.0 References: <1166802209.7642.17.camel@hades.no-ip.org> <20061222160550.GD47710@lor.one-eyed-alien.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, Fabr?cio Barros Cabral Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 22:36:15 -0000 On 12/22/06, Brooks Davis wrote: > > On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote: > > Hello everybody! > > > > I'm developing a network application which needs *to intercept* a packet > > (not just *copy* a packet, like libpcap does), move this packet into my > > application (userland), do some checking in the packet and according > > with some heuristics, the application may change the payload and > > re-inject the modified packet into the network. Note that sometimes, > > I'll change the payload, drop the packet or just let it go. > > > > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. > > The feature you're looking for is divert(4) sockets. You use IPFW to > decide which packets to divert to userland and can reinject them as > needed. > > -- Brooks > > > I'm actually working on something with a similar need. How would this perform compared to a kld module that is using the pfil(9) framework? I'm looking to support very high bandwidth networks, with 400mpbs or more over gig ethernet. In my case I'm looking at HTTP requests and not necessarily every packet once I've done what I need to the actual http request/headers. Obviousely, if I grow or shrink the HTTP request, I then have to "massage" the seq/ack to keep the two talking, but this is only for a small percentage of the sessions, and I didn't want to be hit with a kernel -> user space -> kernel transition for every packet. It's also important for me to be able to see the ethernet header, because I running in a transparent bridge, and sometimes need to send a redirect back to the client making the request, and it needs to appear to come from the server the client is talking to. Yes, this is a content filter. I actually have all this working, and I'm currently working on the user space "service" which talks to the lermel module and makes decisions to allow, block, or modify the request. Performance is pretty good, but my 10 years of Win32 development experience didn't prepare me for UNIX kernel module development! Kevin From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 23:31:28 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E532416A412 for ; Fri, 22 Dec 2006 23:31:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outL.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id BB9B413C45C for ; Fri, 22 Dec 2006 23:31:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 22 Dec 2006 15:15:14 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBMNVPg0095644; Fri, 22 Dec 2006 15:31:25 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458C6ACC.2020605@elischer.org> Date: Fri, 22 Dec 2006 15:31:24 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Kevin Sanders References: <1166802209.7642.17.camel@hades.no-ip.org> <20061222160550.GD47710@lor.one-eyed-alien.net> <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> In-Reply-To: <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Fabr?cio Barros Cabral Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 23:31:29 -0000 Kevin Sanders wrote: > On 12/22/06, Brooks Davis wrote: >> >> On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote: >> > Hello everybody! >> > >> > I'm developing a network application which needs *to intercept* a >> packet >> > (not just *copy* a packet, like libpcap does), move this packet into my >> > application (userland), do some checking in the packet and according >> > with some heuristics, the application may change the payload and >> > re-inject the modified packet into the network. Note that sometimes, >> > I'll change the payload, drop the packet or just let it go. >> > >> > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. >> >> The feature you're looking for is divert(4) sockets. You use IPFW to >> decide which packets to divert to userland and can reinject them as >> needed. >> >> -- Brooks >> >> >> > > I'm actually working on something with a similar need. How would this > perform compared to a kld module that is using the pfil(9) framework? I'm > looking to support very high bandwidth networks, with 400mpbs or more over > gig ethernet. In my case I'm looking at HTTP requests and not necessarily > every packet once I've done what I need to the actual http request/headers. > Obviousely, if I grow or shrink the HTTP request, I then have to "massage" > the seq/ack to keep the two talking, but this is only for a small > percentage > of the sessions, and I didn't want to be hit with a kernel -> user space -> > kernel transition for every packet. Divert is designed for diverting from the IP layer, to the user layer for processing (and returning the packet to be sent out/in). It is fast enough for most WAN applications. I use patches to allow me to divert from a bridge (Ethernet layer) but it's still going to userland. If you want to work in the kernel, then take a look at netgraph. (check the daemonnews article by Archie Cobbs (google is your friend), and man 4 netgraph). It allows you to divert from the Ethernet layer to an arbitrary in-kernel module for processing in any way you want. Look at ng_sample.c to get a skeleton netgraph node that you can use as a starting point for your own processing. Netgraph does have (due to its generality) some overhead, but the code you write to make a netgraph node will be the same code you would write for any other kernel mode processor so getting it running as a netgraph node will allow you to test it quickly. You should then test its performance. If this is fast enough (netgraph CAN be fast so you should test this) then you are done. If you are not getting enough performance, then you will need to write a custom 'pfil' module that puts itself on the pfil processing list. If you still need more peroformance then I suggest you need to start hacking if_ethersubr.c itself and that is not the best way to go for mainatanability. > > It's also important for me to be able to see the ethernet header, because I > running in a transparent bridge, and sometimes need to send a redirect back > to the client making the request, and it needs to appear to come from the > server the client is talking to. Yes, this is a content filter. > > I actually have all this working, and I'm currently working on the user > space "service" which talks to the kernel module and makes decisions to > allow, block, or modify the request. Performance is pretty good, but my 10 > years of Win32 development experience didn't prepare me for UNIX kernel > module development! I have the same thing.. which is why I divert from ethernet layer. There are some tricks that can be done to really speat that up however.. for example you only need to look at the first syn packet.. all the rest don't need to be looked at or diverted. > > Kevin > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Dec 22 23:40:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 37A0416A412 for ; Fri, 22 Dec 2006 23:40:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outJ.internet-mail-service.net (outJ.internet-mail-service.net [216.240.47.233]) by mx1.freebsd.org (Postfix) with ESMTP id 0D80213C41A for ; Fri, 22 Dec 2006 23:40:21 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 22 Dec 2006 15:24:07 -0800 Received: from [192.168.2.4] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBMNeFgw008451; Fri, 22 Dec 2006 15:40:16 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458C6CDF.4010203@elischer.org> Date: Fri, 22 Dec 2006 15:40:15 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Julian Elischer References: <1166802209.7642.17.camel@hades.no-ip.org> <20061222160550.GD47710@lor.one-eyed-alien.net> <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> <458C6ACC.2020605@elischer.org> In-Reply-To: <458C6ACC.2020605@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Kevin Sanders , Fabr?cio Barros Cabral , freebsd-net@freebsd.org Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Dec 2006 23:40:21 -0000 Julian Elischer wrote: > Kevin Sanders wrote: >> On 12/22/06, Brooks Davis wrote: >>> >>> On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote: >>> > Hello everybody! >>> > >>> > I'm developing a network application which needs *to intercept* a >>> packet >>> > (not just *copy* a packet, like libpcap does), move this packet >>> into my >>> > application (userland), do some checking in the packet and according >>> > with some heuristics, the application may change the payload and >>> > re-inject the modified packet into the network. Note that sometimes, >>> > I'll change the payload, drop the packet or just let it go. >>> > >>> > So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version. >>> >>> The feature you're looking for is divert(4) sockets. You use IPFW to >>> decide which packets to divert to userland and can reinject them as >>> needed. >>> >>> -- Brooks >>> >>> >>> >> >> I'm actually working on something with a similar need. How would this >> perform compared to a kld module that is using the pfil(9) framework? >> I'm >> looking to support very high bandwidth networks, with 400mpbs or more >> over >> gig ethernet. In my case I'm looking at HTTP requests and not >> necessarily >> every packet once I've done what I need to the actual http >> request/headers. >> Obviousely, if I grow or shrink the HTTP request, I then have to >> "massage" >> the seq/ack to keep the two talking, but this is only for a small >> percentage >> of the sessions, and I didn't want to be hit with a kernel -> user >> space -> >> kernel transition for every packet. > > Divert is designed for diverting from the IP layer, to the user layer > for processing (and returning the packet to be sent out/in). It is fast > enough for most WAN applications. > > I use patches to allow me to divert from a bridge (Ethernet layer) > but it's still going to userland. BTW I was able to do several hundred Mb/Sec through userland.. (largish packets though) > > > I have the same thing.. which is why I divert from ethernet layer. > There are some tricks that can be done to really speat that up however.. > for example you only need to look at the first syn packet.. all the rest > don't need to be looked at or diverted. just as a reference point, Using ipfw I was able to saturate a Gb bridge (between 2 bge interfaces) while filtereing against a table of 128000 addresses. (in FreeBSD 4.8) using 30% cpu.. machines have gotten faster since then but the OS has slowed a bit. From owner-freebsd-net@FreeBSD.ORG Sat Dec 23 16:14:45 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 305D316A403; Sat, 23 Dec 2006 16:14:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 0C3E513C448; Sat, 23 Dec 2006 16:14:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBNGEirj077534; Sat, 23 Dec 2006 16:14:44 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBNGEieU077530; Sat, 23 Dec 2006 16:14:44 GMT (envelope-from linimon) Date: Sat, 23 Dec 2006 16:14:44 GMT From: Mark Linimon Message-Id: <200612231614.kBNGEieU077530@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/106999: [netgraph] [patch] ng_ksocket fails to clear multicast flag on mbuf before passing to stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Dec 2006 16:14:45 -0000 Synopsis: [netgraph] [patch] ng_ksocket fails to clear multicast flag on mbuf before passing to stack Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Sat Dec 23 16:14:38 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=106999 From owner-freebsd-net@FreeBSD.ORG Sat Dec 23 16:55:06 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D700016A415 for ; Sat, 23 Dec 2006 16:55:06 +0000 (UTC) (envelope-from newroswell@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.freebsd.org (Postfix) with ESMTP id 33C4F13C442 for ; Sat, 23 Dec 2006 16:55:05 +0000 (UTC) (envelope-from newroswell@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so3574655nfc for ; Sat, 23 Dec 2006 08:55:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=sbZbypFBCyUv09KK8HbN8f1gKEFsSco+i/uLG1yuy7RZQSBuyyd20kvg2e5qsw1diG1tOz4jslTGO1d1WEiKzdJSIdevSeidO312h0sKyMOUqkNx9uweYjaOw6r3sngBVgZmMfz7eesbGHj02aW1EjkjGFo8zPQ8lvmcE69Uk74= Received: by 10.78.203.13 with SMTP id a13mr1771326hug.1166892905204; Sat, 23 Dec 2006 08:55:05 -0800 (PST) Received: by 10.78.192.15 with HTTP; Sat, 23 Dec 2006 08:55:04 -0800 (PST) Message-ID: <375baf50612230855o114c4c32gff314327a0b8a05b@mail.gmail.com> Date: Sat, 23 Dec 2006 08:55:04 -0800 From: "Kevin Sanders" To: "Julian Elischer" In-Reply-To: <458C6CDF.4010203@elischer.org> MIME-Version: 1.0 References: <1166802209.7642.17.camel@hades.no-ip.org> <20061222160550.GD47710@lor.one-eyed-alien.net> <375baf50612220932m30f84567jdda28b7fc0e62e61@mail.gmail.com> <458C6ACC.2020605@elischer.org> <458C6CDF.4010203@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, Fabr?cio Barros Cabral Subject: Re: Intercepting a packet, changing it and re-injecting into the network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Dec 2006 16:55:07 -0000 On 12/22/06, Julian Elischer wrote: > > > just as a reference point, > Using ipfw I was able to saturate a Gb bridge > (between 2 bge interfaces) while filtereing against a > table of 128000 addresses. (in FreeBSD 4.8) using 30% cpu.. > machines have gotten faster since then but the OS has slowed a bit. > That's what I'm looking for. Were you using polling or any non-default HZ setting for that? Thanks. Kevin