From owner-freebsd-net@FreeBSD.ORG Sun May 31 04:18:23 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B568B1065672; Sun, 31 May 2009 04:18:23 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8A96E8FC0A; Sun, 31 May 2009 04:18:23 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4V4IN9I023375; Sun, 31 May 2009 04:18:23 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4V4INQa023371; Sun, 31 May 2009 04:18:23 GMT (envelope-from linimon) Date: Sun, 31 May 2009 04:18:23 GMT Message-Id: <200905310418.n4V4INQa023371@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2009 04:18:24 -0000 Synopsis: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Sun May 31 04:18:00 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=135091 From owner-freebsd-net@FreeBSD.ORG Sun May 31 05:00:06 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAA0F1065675 for ; Sun, 31 May 2009 05:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6F8358FC0A for ; Sun, 31 May 2009 05:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4V5060G053263 for ; Sun, 31 May 2009 05:00:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4V506Qi053262; Sun, 31 May 2009 05:00:06 GMT (envelope-from gnats) Date: Sun, 31 May 2009 05:00:06 GMT Message-Id: <200905310500.n4V506Qi053262@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: smallpox Cc: Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: smallpox List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2009 05:00:07 -0000 The following reply was made to PR kern/135091; it has been noted by GNATS. From: smallpox To: bug-followup@FreeBSD.org, hunreal@gmail.com, Harti Brandt Cc: Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE Date: Sat, 30 May 2009 21:27:01 -0700 i actually complained about this a few days ago and harti was helping me.. http://lists.freebsd.org/pipermail/freebsd-net/2009-May/022131.html hunreal, can you verify any packet loss? i'm having 0.5% to 2% i just got the identical system up at the office, it's running 7.1-stable.. numbers look good but it was on 100mbit, i ran there to put it on gigabit. thanks. From owner-freebsd-net@FreeBSD.ORG Sun May 31 13:50:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73AC61065672 for ; Sun, 31 May 2009 13:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2CAC78FC15 for ; Sun, 31 May 2009 13:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DF71441C648; Sun, 31 May 2009 15:50:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id hDZ1jX6Lk-DW; Sun, 31 May 2009 15:50:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 439E241C67B; Sun, 31 May 2009 15:50:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 1A3204448E6; Sun, 31 May 2009 13:46:53 +0000 (UTC) Date: Sun, 31 May 2009 13:46:52 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Scott Ullrich In-Reply-To: Message-ID: <20090531134541.H3234@maildrop.int.zabbadoz.net> References: <4A205679.5030406@zirakzigil.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Giulio Ferro Subject: Re: NAT-T on current 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2009 13:50:07 -0000 On Fri, 29 May 2009, Scott Ullrich wrote: Hi Giulio, > On Fri, May 29, 2009 at 5:41 PM, Giulio Ferro wrote: >> As far as I know the natt patch hasn't been included in the source tree yet. >> This fact notwithstanding, is there a patch I can download and apply >> manually? I need it rather badly... > > There sure is. bz@ sent this over for testing and we are using it in > pfSense.. Works great! > > http://people.freebsd.org/~bz/20090523-04-natt.diff ... Please do > follow up with feedback after you deploy. > > You will most likely also want the latest ipsec-tools cvs port + a few > patches that we are also testing in pfSense... works great! > > http://cvs.pfsense.com/~sullrich/ipsec-tools-devel.zip ... This is a > port file of a recent ipsec-tools cvs checkout + a few patches > provided by vanhu@, extract to /usr/ports/security/ and make install. > > The NATT patch is slated to hit the FreeBSD tree soon so please do > report back your findings. Yes, in case you find any positiv or negative things we'd be happy to hear back from you - or anyone else who's going to give it a try. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 05:33:32 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0AA671065670; Mon, 1 Jun 2009 05:33:32 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D2D8E8FC1E; Mon, 1 Jun 2009 05:33:31 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (delphij@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n515XVRM028231; Mon, 1 Jun 2009 05:33:31 GMT (envelope-from delphij@freefall.freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n515XVge028227; Mon, 1 Jun 2009 05:33:31 GMT (envelope-from delphij) Date: Mon, 1 Jun 2009 05:33:31 GMT Message-Id: <200906010533.n515XVge028227@freefall.freebsd.org> To: hunreal@gmail.com, delphij@FreeBSD.org, freebsd-net@FreeBSD.org, delphij@FreeBSD.org From: delphij@FreeBSD.org Cc: Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 05:33:32 -0000 Synopsis: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE State-Changed-From-To: open->feedback State-Changed-By: delphij State-Changed-When: Mon Jun 1 05:32:22 UTC 2009 State-Changed-Why: This seems to be a known issue. I have replied with a patch and waiting for feedback. Responsible-Changed-From-To: freebsd-net->delphij Responsible-Changed-By: delphij Responsible-Changed-When: Mon Jun 1 05:32:22 UTC 2009 Responsible-Changed-Why: Grab. (Hopefully I can close this soon as I believe that it was patched in -STABLE). http://www.freebsd.org/cgi/query-pr.cgi?pr=135091 From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 06:06:52 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0EDBA1065670 for ; Mon, 1 Jun 2009 06:06:52 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: from mail-gx0-f218.google.com (mail-gx0-f218.google.com [209.85.217.218]) by mx1.freebsd.org (Postfix) with ESMTP id B9D3B8FC18 for ; Mon, 1 Jun 2009 06:06:51 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: by gxk18 with SMTP id 18so3401674gxk.19 for ; Sun, 31 May 2009 23:06:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=folGfeXULSz8/EiHbeVJUaVZxRv1qkp3/B4Byv7V1IQ=; b=BgRmAZSuaxWW0u8iEN46/8yatYCr2Lk1gPU8WBmii8GP+mDWKbMRV8RIXpvd86zral EcuNvzMs89DB+BiJPM/1P8H5ukWVGaVtCg154EI9DmKsjvmPi3/fEB7/6rUDF6GsNYgJ daLj+ygUsyPAAIR755kpGuNTk6ZwctuzZB0ec= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=QjrWlQPP4N29k/RLHvwHfMfKeQ1cCDcexeWU8aLaZ5obt02zBN6pwdNdgrL2e3J6eJ U5TuusiUrdx+pNy8x8kTtUdDUhX2MWMH6q+KL28wq6VNI9R9Q4G2f+azrvrF4kFqM89w Xu6AbMpxdpgTpy27lguzAcJchdLhYGpc25tS0= Received: by 10.90.98.12 with SMTP id v12mr3695889agb.81.1243836410959; Sun, 31 May 2009 23:06:50 -0700 (PDT) Received: from ?192.168.2.2? (24-180-16-19.dhcp.mtpk.ca.charter.com [24.180.16.19]) by mx.google.com with ESMTPS id 39sm6767814agb.31.2009.05.31.23.06.49 (version=SSLv3 cipher=RC4-MD5); Sun, 31 May 2009 23:06:50 -0700 (PDT) Message-ID: <4A236FF6.1020200@gmail.com> Date: Sun, 31 May 2009 23:06:46 -0700 From: smallpox User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: delphij@FreeBSD.org References: <200906010533.n515XVge028227@freefall.freebsd.org> In-Reply-To: <200906010533.n515XVge028227@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 06:06:52 -0000 delphij, i just tried it again and earlier today or last night i had tried -STABLE, didn't work. if you would like, i'll give you access to the second server, it's in the office.. i'm using it as a test machine because the production machine is unbelievably important. thanks. delphij@FreeBSD.org wrote: > Synopsis: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE > > State-Changed-From-To: open->feedback > State-Changed-By: delphij > State-Changed-When: Mon Jun 1 05:32:22 UTC 2009 > State-Changed-Why: > This seems to be a known issue. I have replied with a patch > and waiting for feedback. > > > Responsible-Changed-From-To: freebsd-net->delphij > Responsible-Changed-By: delphij > Responsible-Changed-When: Mon Jun 1 05:32:22 UTC 2009 > Responsible-Changed-Why: > Grab. (Hopefully I can close this soon as I believe that it > was patched in -STABLE). > > http://www.freebsd.org/cgi/query-pr.cgi?pr=135091 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 06:25:59 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B24DC1065672; Mon, 1 Jun 2009 06:25:59 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 540CC8FC0C; Mon, 1 Jun 2009 06:25:59 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 74CBC5C024; Mon, 1 Jun 2009 14:25:58 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 2358455CDB44; Mon, 1 Jun 2009 14:25:58 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id FSsfkVEt1Rg8; Mon, 1 Jun 2009 14:25:07 +0800 (CST) Received: from charlie.delphij.net (c-67-188-2-183.hsd1.ca.comcast.net [67.188.2.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id EC89155CDB2F; Mon, 1 Jun 2009 14:25:00 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=kGtICVC+P/KIE9Y9HkTxBuLdoPBAn1GDFzZl2rNaoSIl6rhYFTUKb4AQ93ztFAdqj s7lK4iZnEBXFXiaENkzbg== Message-ID: <4A237428.8040204@delphij.net> Date: Sun, 31 May 2009 23:24:40 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.21 (X11/20090408) MIME-Version: 1.0 To: smallpox References: <200906010533.n515XVge028227@freefall.freebsd.org> <4A236FF6.1020200@gmail.com> In-Reply-To: <4A236FF6.1020200@gmail.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org, delphij@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 06:25:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 smallpox wrote: > delphij, i just tried it again and earlier today or last night i had > tried -STABLE, didn't work. > > if you would like, i'll give you access to the second server, it's in > the office.. i'm using it as a test machine because the production > machine is unbelievably important. Could you please use 'ident /sys/dev/bce/if_bce.c' and tell me the result? For me the change fixed the problem... Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkojdCgACgkQi+vbBBjt66D4RQCgkNTZXJWS8D4W6e7Vl5lyVDXQ Of4AoIzIRLzD2/1iFTgyrZb1TeUNiylw =at+t -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 06:27:38 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA5BF106564A; Mon, 1 Jun 2009 06:27:38 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.31]) by mx1.freebsd.org (Postfix) with ESMTP id 8711B8FC0C; Mon, 1 Jun 2009 06:27:38 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so3916182ywe.13 for ; Sun, 31 May 2009 23:27:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=5Yj+9GVBjvFYVOzk/p+CE0/XcNEzPdlS3/MqQZxX7fc=; b=ef0XC7lwBYjr++x/hlSiwB7HX+7bemS4126a/iCsIFQ6s+6hEh3ZaIGZ3kKbX85ePi LeyTQsawk+N7KUxUcIXLmzNMTjTH07MsKumLwzwrqnu4MUfSPN/N2OqMxKSS0W61xdgt Zs9WWB8WkAOB5/RgsbmaXK3mxl6n2Pv2nTjG0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=C+2yNsJ4Tm9ghC2fOyUg7I6y6qjTF8Zqg5eWgZk3qZrVR40faapcaIuw7LroGHVqWe xmYx4vJBWYKgHVHnFS++jbw24JT1PUXFkgx7EtLJeKr3SrqpMhckb5opEqorb9oUoCMh 51jjJM4ABO+meZVWhSmsYGbXODK4721oe7ryk= Received: by 10.90.79.4 with SMTP id c4mr4920091agb.120.1243837657748; Sun, 31 May 2009 23:27:37 -0700 (PDT) Received: from ?192.168.2.2? (24-180-16-19.dhcp.mtpk.ca.charter.com [24.180.16.19]) by mx.google.com with ESMTPS id 38sm6772678agd.9.2009.05.31.23.27.36 (version=SSLv3 cipher=RC4-MD5); Sun, 31 May 2009 23:27:37 -0700 (PDT) Message-ID: <4A2374D6.4040005@gmail.com> Date: Sun, 31 May 2009 23:27:34 -0700 From: smallpox User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: d@delphij.net References: <200906010533.n515XVge028227@freefall.freebsd.org> <4A236FF6.1020200@gmail.com> <4A237428.8040204@delphij.net> In-Reply-To: <4A237428.8040204@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org, delphij@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 06:27:39 -0000 /sys/dev/bce/if_bce.c: $FreeBSD: src/sys/dev/bce/if_bce.c,v 1.34.2.8 2009/05/20 21:13:49 delphij Exp $ Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > smallpox wrote: > >> delphij, i just tried it again and earlier today or last night i had >> tried -STABLE, didn't work. >> >> if you would like, i'll give you access to the second server, it's in >> the office.. i'm using it as a test machine because the production >> machine is unbelievably important. >> > > Could you please use 'ident /sys/dev/bce/if_bce.c' and tell me the > result? For me the change fixed the problem... > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.11 (FreeBSD) > > iEYEARECAAYFAkojdCgACgkQi+vbBBjt66D4RQCgkNTZXJWS8D4W6e7Vl5lyVDXQ > Of4AoIzIRLzD2/1iFTgyrZb1TeUNiylw > =at+t > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 06:48:54 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3259106564A; Mon, 1 Jun 2009 06:48:54 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 43EF18FC1A; Mon, 1 Jun 2009 06:48:54 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 6C21F5C06F; Mon, 1 Jun 2009 14:48:53 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 0715F55CDB35; Mon, 1 Jun 2009 14:48:53 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id 3cF40BYXlhms; Mon, 1 Jun 2009 14:48:01 +0800 (CST) Received: from charlie.delphij.net (c-67-188-2-183.hsd1.ca.comcast.net [67.188.2.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 1089055CDB2F; Mon, 1 Jun 2009 14:47:54 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=m/CgvbD0vYZb3NsifjnH93Rp8yd3MJdhYuh33HOIdKhFJRcs8weMuuhZD6onoSyUJ OSS9UqANN3s/DJhSwVrzA== Message-ID: <4A237988.5020401@delphij.net> Date: Sun, 31 May 2009 23:47:36 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.21 (X11/20090408) MIME-Version: 1.0 To: smallpox References: <200906010533.n515XVge028227@freefall.freebsd.org> <4A236FF6.1020200@gmail.com> <4A237428.8040204@delphij.net> <4A2374D6.4040005@gmail.com> In-Reply-To: <4A2374D6.4040005@gmail.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, d@delphij.net, delphij@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 06:48:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 smallpox wrote: > /sys/dev/bce/if_bce.c: > $FreeBSD: src/sys/dev/bce/if_bce.c,v 1.34.2.8 2009/05/20 21:13:49 > delphij Exp $ Em... This would be weird, are you really sure that your kernel is built against this source? Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkojeYgACgkQi+vbBBjt66Ah5gCfXNMC/orZOQmJ0OZdEwMzdWfD D/MAn0L57kBou3uHOZL9tRvStyexrQmi =bNmo -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 07:06:18 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 550421065670; Mon, 1 Jun 2009 07:06:18 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: from mail-gx0-f218.google.com (mail-gx0-f218.google.com [209.85.217.218]) by mx1.freebsd.org (Postfix) with ESMTP id E68778FC27; Mon, 1 Jun 2009 07:06:17 +0000 (UTC) (envelope-from smallpox@gmail.com) Received: by gxk18 with SMTP id 18so3433780gxk.19 for ; Mon, 01 Jun 2009 00:06:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=lSbJPEdlYe42DGnvvtjX6gCE2s+PNOuJCbBzn2zYqJk=; b=P/veecWSK3GwTn5TXQ5xfS/v4+6C0kV0rOPniAHJ+0oQS+0oTUZRB9ysHDUSHSYFhw ZIYdgaPTOugrUSIx0pyXLHdpEtvj2zyIo1tQCb2AA4r94oIaW3l7ZdP9VGJR6bI/pXSK V85gh/rPjtxISgMdsKNMNsb9sfxToyKKTh9zE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=IpLZbJm67oPu4l99r0D/StIJIaPafvX5KTwzpok+EvhgD2LlM1yX+np5wZGYvmgtOm XMKfAZm8zTdhxXs7Hw9vtmBqmgf4lYovjGgUYMEm41haDlQ37SRnffL6z8Wx1PXOFkUt G37wPgI4NwSkauAM5XzPDi6ZvCCsHipQJNbAM= Received: by 10.90.33.15 with SMTP id g15mr5013624agg.9.1243839977153; Mon, 01 Jun 2009 00:06:17 -0700 (PDT) Received: from ?192.168.2.2? (24-180-16-19.dhcp.mtpk.ca.charter.com [24.180.16.19]) by mx.google.com with ESMTPS id 9sm6920881agb.35.2009.06.01.00.06.16 (version=SSLv3 cipher=RC4-MD5); Mon, 01 Jun 2009 00:06:16 -0700 (PDT) Message-ID: <4A237DE5.2060308@gmail.com> Date: Mon, 01 Jun 2009 00:06:13 -0700 From: smallpox User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: d@delphij.net References: <200906010533.n515XVge028227@freefall.freebsd.org> <4A236FF6.1020200@gmail.com> <4A237428.8040204@delphij.net> <4A2374D6.4040005@gmail.com> <4A237988.5020401@delphij.net> In-Reply-To: <4A237988.5020401@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, delphij@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 07:06:18 -0000 yea, i'm sorry. what i did was cd /usr/src/sys/modules/bce;make clean;make;make install and reboot.. but apparently that's not enough? thanks though. Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > smallpox wrote: > >> /sys/dev/bce/if_bce.c: >> $FreeBSD: src/sys/dev/bce/if_bce.c,v 1.34.2.8 2009/05/20 21:13:49 >> delphij Exp $ >> > > Em... This would be weird, are you really sure that your kernel is > built against this source? > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.11 (FreeBSD) > > iEYEARECAAYFAkojeYgACgkQi+vbBBjt66Ah5gCfXNMC/orZOQmJ0OZdEwMzdWfD > D/MAn0L57kBou3uHOZL9tRvStyexrQmi > =bNmo > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 07:12:03 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF701106566C; Mon, 1 Jun 2009 07:12:03 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 4DB2B8FC0C; Mon, 1 Jun 2009 07:12:03 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id 6DEA65C025; Mon, 1 Jun 2009 15:12:02 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 3297155CDB3E; Mon, 1 Jun 2009 15:12:02 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id OsMH+H9GRbE0; Mon, 1 Jun 2009 15:11:21 +0800 (CST) Received: from charlie.delphij.net (c-67-188-2-183.hsd1.ca.comcast.net [67.188.2.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 9990055CDB38; Mon, 1 Jun 2009 15:11:14 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=we14FyjsNr2IbZeoWAFPiiwGUculJDWlilV2awXAIb0me6Tji9mxU6m90LlTaz1i1 4reLMFmfk72DPPNzDtlYw== Message-ID: <4A237F01.4060203@delphij.net> Date: Mon, 01 Jun 2009 00:10:57 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.21 (X11/20090408) MIME-Version: 1.0 To: smallpox References: <200906010533.n515XVge028227@freefall.freebsd.org> <4A236FF6.1020200@gmail.com> <4A237428.8040204@delphij.net> <4A2374D6.4040005@gmail.com> <4A237988.5020401@delphij.net> <4A237DE5.2060308@gmail.com> In-Reply-To: <4A237DE5.2060308@gmail.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, d@delphij.net, delphij@FreeBSD.org Subject: Re: kern/135091: [bce] if_bce inbound traffic bytes counter is incorrect in 7.2-RELEASE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 07:12:03 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 smallpox wrote: > yea, i'm sorry. what i did was cd /usr/src/sys/modules/bce;make > clean;make;make install and reboot.. but apparently that's not enough? Not enough if you have bce(4) built into kernel, which is what the default (GENERIC) kernel do... Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkojfwEACgkQi+vbBBjt66CdHQCeMZGJsyupxo3aTl09E8Vh8gX7 MqAAn0mR7l210LTDj5Hv/P+fJENUdWra =NNup -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 08:12:51 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A14031065670 for ; Mon, 1 Jun 2009 08:12:51 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id C42278FC14 for ; Mon, 1 Jun 2009 08:12:50 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: by ey-out-2122.google.com with SMTP id 22so337116eye.7 for ; Mon, 01 Jun 2009 01:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:subject:references :organization:from:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=ILhx7CsoQnGsURiAobuyJk1PbfYYrq/+YHnqKLkdhMI=; b=RMnrDpY8kEaqfeao+s16DpEp1S4iqyWWbVlA9V9kMiDBBmd5P0/qSRA1KBQ6i/eaU1 ZxywP/nlfT+oaVS7nIjPpcrMc/5k/+Ao6YQ6z+bO0hdqIHyw8L0nWnMDhXUH0wTQ2qar oRubv0meTv/Hvkwzjuwsi2ZHUa3/gNu2tu290= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:subject:references:organization:from:date:in-reply-to:message-id :user-agent:mime-version:content-type; b=EMbsaRQHbDoNdpO1phiKszA0Phxs6nkqbDJTFoYiiOV+XMpIc2OG+VREmpdemeRRSK EUnLvdT46oUuKzuf/vrEJWCrIhxzAzpUcBn6qHZrX7YFl/uL5/l6UTQx3jQWhcFD5dsn VSknNo0TrMBYKkKMFA2FpFrE0dxJhsCoQT0M0= Received: by 10.210.51.10 with SMTP id y10mr5676129eby.28.1243843969440; Mon, 01 Jun 2009 01:12:49 -0700 (PDT) Received: from localhost (ms.singlescrowd.net [80.85.90.67]) by mx.google.com with ESMTPS id 7sm6984306eyb.5.2009.06.01.01.12.47 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 01 Jun 2009 01:12:47 -0700 (PDT) To: freebsd-net@FreeBSD.org References: <864ov9htgq.fsf@kopusha.onet> Organization: TOA Ukraine From: Mikolaj Golub Date: Mon, 01 Jun 2009 11:12:45 +0300 In-Reply-To: <864ov9htgq.fsf@kopusha.onet> (Mikolaj Golub's message of "Mon\, 25 May 2009 22\:29\:25 +0300") Message-ID: <81bpp8l6de.fsf@zhuzha.ua1> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 08:12:51 -0000 --=-=-= On Mon, 25 May 2009 22:29:25 +0300 Mikolaj Golub wrote: > Hi, > > Some times ago it has been posted to fido7.ru.unix.bsd about panics when using > ipfw + ng_ipfw + ng_car. > > http://groups.google.com/group/fido7.ru.unix.bsd/browse_thread/thread/5907d1ba4e76675d > > For those who haven't learnt Russian yet ;-) here are some details. Max > Irgiznov reported that when ng_ipf+ng_car construction was used and > net.inet.ip.fw.one_pass=0 was set, the system reliably panicked on ipfw rules > reload if there was some traffic through ng_car. > > The problem here is in the following. When the packet is returning back from > ng_car queue to ipfw_chk and one_pass is turned off the next rule is being > tried. But if the rules were reloaded while the packet was sitting in ng_car, > the next rule pointer might be dangling and the kernel will panic. > > (kgdb) bt > #0 doadump () at pcpu.h:196 > #1 0xc07e1f7e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 > #2 0xc07e2252 in panic (fmt=Variable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:574 > #3 0xc0495eb7 in db_panic (addr=Could not find the frame base for "db_panic". > ) at /usr/src/sys/ddb/db_command.c:446 > #4 0xc04968bc in db_command (last_cmdp=0xc0c97514, cmd_table=0x0, dopager=1) > at /usr/src/sys/ddb/db_command.c:413 > #5 0xc04969ca in db_command_loop () at /usr/src/sys/ddb/db_command.c:466 > #6 0xc04981bd in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:228 > #7 0xc080ec76 in kdb_trap (type=12, code=0, tf=0xe6945774) at /usr/src/sys/kern/subr_kdb.c:524 > #8 0xc0ad9e4f in trap_fatal (frame=0xe6945774, eva=3735929068) at /usr/src/sys/i386/i386/trap.c:930 > #9 0xc0ada790 in trap (frame=0xe6945774) at /usr/src/sys/i386/i386/trap.c:320 > #10 0xc0abeaab in calltrap () at /usr/src/sys/i386/i386/exception.s:159 > #11 0xc903328c in ipfw_chk (args=0xe6945acc) at /usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2516 > #12 0xc90373f7 in ipfw_check_in (arg=0x0, m0=0xe6945bd0, ifp=0xc41f9000, dir=1, inp=0x0) > at /usr/src/sys/modules/ipfw/../../netinet/ip_fw_pfil.c:125 > #13 0xc088d6e8 in pfil_run_hooks (ph=0xc0d1f620, mp=0xe6945c24, ifp=0xc41f9000, dir=1, inp=0x0) > at /usr/src/sys/net/pfil.c:78 > #14 0xc08c766d in ip_input (m=0xc409ad00) at /usr/src/sys/netinet/ip_input.c:416 > #15 0xc9011c39 in ng_ipfw_rcvdata (hook=0xc61a1780, item=0xc8fe5090) > at /usr/src/sys/modules/netgraph/ipfw/../../../netgraph/ng_ipfw.c:250 > #16 0xc68b80af in ng_apply_item (node=0xc7054c00, item=0xc8fe5090, rw=0) > at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:2336 > #17 0xc68b939f in ngthread (arg=0x0) at /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:3304 > #18 0xc07be4c8 in fork_exit (callout=0xc68b91f0 , arg=0x0, frame=0xe6945d38) > at /usr/src/sys/kern/kern_fork.c:810 > #19 0xc0abeb20 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264 > (kgdb) frame 11 > #11 0xc903328c in ipfw_chk (args=0xe6945acc) at /usr/src/sys/modules/ipfw/../../netinet/ip_fw2.c:2516 > warning: Source file is more recent than executable. > > 2516 if (set_disable & (1 << f->set) ) > (kgdb) list > 2511 ipfw_insn *cmd; > 2512 uint32_t tablearg = 0; > 2513 int l, cmdlen, skip_or; /* skip rest of OR block */ > 2514 > 2515 again: > 2516 if (set_disable & (1 << f->set) ) > 2517 continue; > 2518 > 2519 skip_or = 0; > 2520 for (l = f->cmd_len, cmd = f->cmd ; l > 0 ; > (kgdb) p f > $1 = (struct ip_fw *) 0xdeadc0de > (kgdb) > > DUMMYNET does not have such problems as ip_dn_ruledel_ptr(rule) is called when > the rule is removed in reap_rules(). The first thought was to do the same here > i.e. to broadcast "remove the rule" message to netgraph nodes, but glancing > through the netgraph man I haven't figured out how it could be done if it is > possible at all. > > So the other solution is to have some counter that increases every time when > any rules are removed. When the packet is directed by ipfw to netgraph > subsystem, the current value of the counter is stored in mtag. When the packet > is coming back the current value of the counter is compared with one from the > mtag and if they differ the packet is dropped. > > Just to prove the concept I have modified ip_fw2.c for 7.2-STABLE accordingly > and it works for me. The patch is attached. It looks the problem has not drawn much attention :-). Anyway, another version of the patch is attached. This time almost all of the necessary modifications are done in ng_ipfw module. Only the small changes have been made in ip_fw module and I tried to make them in the same manner as it is done for dummynet. The main logic is the same as in the previous patch: have internal counter ng_ipfw_rdcnt that is increased every time when some rule is deleted from the chain and compare it with one stored in ng_ipfw_tag when a packet passes ng_ipfw_rcvdata(). The patch is against 8-CURRENT but it is applied (and has been tested) to 7-STABLE too. Actually with this version of patch it looks like there is still small chance of race when ng_ipfw_rdcnt is going to be increased and in the same time the current value is stored in packet arrived to ng_ipfw. But running attached test script in loop I was not able to crash patched system while without the patch the system reliably crashes on the second run of the script. It would be nice to have this patch at least in CURRENT. Although I think that some generic mechanism should be developed in ipfw to validate rule pointers of second pass packets to have net.inet.ip.fw.one_pass=0 feature safe. AFAIK ipfw improvements is this year Summer of Code project so this problem could be addressed there. At least it should be documented in ipfw in BUGS section that the currrent implementation of net.inet.ip.fw.one_pass=0 could panic the system when is used with netgraph. -- Mikolaj Golub --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=ng_ipfw.patch --- sys/netinet/ip_fw2.c.orig 2009-06-01 10:28:33.000000000 +0300 +++ sys/netinet/ip_fw2.c 2009-06-01 10:29:33.000000000 +0300 @@ -3616,6 +3616,8 @@ reap_rules(struct ip_fw *head) head = head->next; if (DUMMYNET_LOADED) ip_dn_ruledel_ptr(rule); + if (NG_IPFW_LOADED) + ng_ipfw_ruledel_p(rule); free(rule, M_IPFW); } } --- sys/netinet/ip_fw_pfil.c.orig 2009-06-01 10:28:33.000000000 +0300 +++ sys/netinet/ip_fw_pfil.c 2009-06-01 10:29:33.000000000 +0300 @@ -85,6 +85,7 @@ ip_divert_packet_t *ip_divert_ptr = NULL /* ng_ipfw hooks. */ ng_ipfw_input_t *ng_ipfw_input_p = NULL; +ng_ipfw_ruledel_t *ng_ipfw_ruledel_p = NULL; /* Forward declarations. */ static int ipfw_divert(struct mbuf **, int, int); --- sys/netgraph/ng_ipfw.c.orig 2009-06-01 10:28:12.000000000 +0300 +++ sys/netgraph/ng_ipfw.c 2009-06-01 10:29:33.000000000 +0300 @@ -84,6 +84,25 @@ static struct ng_type ng_ipfw_typestruct NETGRAPH_INIT(ipfw, &ng_ipfw_typestruct); MODULE_DEPEND(ng_ipfw, ipfw, 2, 2, 2); +extern struct ip_fw *ip_fw_default_rule; + +/* + * ng_ipfw_rdcnt is a counter that is increased every time when some + * rule is deleted from ipfw chain. When a packet passes ng_ipfw_rcvdata() + * the current value of ng_ipfw_rdcnt is compared with the old one stored + * in ng_ipfw_tag. If they are not the same then some rules were removed + * from the firewall while the packet was in netgraph so it is not safe to + * use rule pointer as it might point to the removed rule and it is replaced + * with ip_fw_default_rule. + */ + +static int ng_ipfw_rdcnt; + +static void +ng_ipfw_ruledel(void* r __unused) { + ng_ipfw_rdcnt++; +} + /* Information we store for each hook */ struct ng_ipfw_hook_priv { hook_p hook; @@ -118,6 +137,7 @@ ng_ipfw_mod_event(module_t mod, int even /* Register hook */ ng_ipfw_input_p = ng_ipfw_input; + ng_ipfw_ruledel_p = ng_ipfw_ruledel; break; case MOD_UNLOAD: @@ -232,6 +252,9 @@ ng_ipfw_rcvdata(hook_p hook, item_p item return (EINVAL); /* XXX: find smth better */ }; + if (ngit->ipfw_rdcnt != ng_ipfw_rdcnt) + ngit->rule = ip_fw_default_rule; + switch (ngit->dir) { case NG_IPFW_OUT: { @@ -293,6 +316,7 @@ ng_ipfw_input(struct mbuf **m0, int dir, return (ENOMEM); } ngit->rule = fwa->rule; + ngit->ipfw_rdcnt = ng_ipfw_rdcnt; ngit->dir = dir; ngit->ifp = fwa->oif; m_tag_prepend(m, &ngit->mt); @@ -324,6 +348,7 @@ ng_ipfw_shutdown(node_p node) * 'kldunload ng_ipfw.ko' */ ng_ipfw_input_p = NULL; + ng_ipfw_ruledel_p = NULL; NG_NODE_UNREF(node); return (0); } --- sys/netgraph/ng_ipfw.h.orig 2009-06-01 10:28:12.000000000 +0300 +++ sys/netgraph/ng_ipfw.h 2009-06-01 10:29:33.000000000 +0300 @@ -34,10 +34,13 @@ typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int); extern ng_ipfw_input_t *ng_ipfw_input_p; #define NG_IPFW_LOADED (ng_ipfw_input_p != NULL) +typedef void ng_ipfw_ruledel_t(void *); /* ip_fw.c */ +extern ng_ipfw_ruledel_t *ng_ipfw_ruledel_p; struct ng_ipfw_tag { struct m_tag mt; /* tag header */ struct ip_fw *rule; /* matching rule */ + int ipfw_rdcnt; /* value of ng_ipfw_rdcnt counter when tag was attached */ struct ifnet *ifp; /* interface, for ip_output */ int dir; #define NG_IPFW_OUT 0 --=-=-=-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 11:06:57 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E3E71065673 for ; Mon, 1 Jun 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 03C618FC1E for ; Mon, 1 Jun 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n51B6u9F021174 for ; Mon, 1 Jun 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n51B6uKN021170 for freebsd-net@FreeBSD.org; Mon, 1 Jun 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Jun 2009 11:06:56 GMT Message-Id: <200906011106.n51B6uKN021170@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-net@FreeBSD.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 11:07:02 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/135067 net [patch] [fib] Incorrect KASSERTs in sys/net/route.c o kern/134931 net [route] [fib] Route messages sent to all socket listen o amd64/134788 net [bce] failure to set ip address in amd64 if_bce.c, i38 o kern/134658 net [bce] bce driver fails on PowerEdge m610 blade. o kern/134557 net [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp o kern/134531 net [route] [panic] kernel crash related to routes/zebra o kern/134401 net [msk] [panic] Kernel Fatal trap 12: page fault while i o kern/134369 net [route] [ip6] IPV6 in Head broken for routing table up o kern/134168 net [ral] ral driver problem on RT2525 2.4GHz transceiver o kern/134157 net [dummynet] dummynet loads cpu for 100% and make a syst o kern/134079 net [em] "em0: Invalid MAC address" in FreeBSD-Current ( 8 o kern/133969 net [dummynet] [panic] Fatal trap 12: page fault while in o kern/133968 net [dummynet] [panic] dummynet kernel panic o kern/133902 net [tun] Killing tun0 iface ssh tunnel causes Panic Strin o kern/133736 net [udp] ip_id not protected ... o kern/133613 net [wpi] [panic] kernel panic in wpi(4) o kern/133595 net [panic] Kernel Panic at pcpu.h:195 o kern/133572 net [ppp] [hang] incoming PPTP connection hangs the system o kern/133490 net [bpf] [panic] 'kmem_map too small' panic on Dell r900 o kern/133328 net [bge] [panic] Kernel panics with Windows7 client o kern/133235 net [netinet] [patch] Process SIOCDLIFADDR command incorre o kern/133218 net [carp] [hang] use of carp(4) causes system to freeze o kern/133204 net [msk] msk driver timeouts o kern/133060 net [ipsec] [pfsync] [panic] Kernel panic with ipsec + pfs o kern/132991 net [bge] if_bge low performance problem o kern/132984 net [netgraph] swi1: net 100% cpu usage f bin/132911 net ip6fw(8): argument type of fill_icmptypes is wrong and o kern/132889 net [ndis] [panic] NDIS kernel crash on load BCM4321 AGN d o kern/132885 net [wlan] 802.1x broken after SVN rev 189592 o conf/132851 net [fib] [patch] allow to setup fib for service running f o kern/132832 net [netinet] [patch] tcp_output() might generate invalid o bin/132798 net [patch] ggatec(8): ggated/ggatec connection slowdown p o kern/132734 net [ifmib] [panic] panic in net/if_mib.c o kern/132722 net [ath] Wifi ath0 associates fine with AP, but DHCP or I o kern/132715 net [lagg] [panic] Panic when creating vlan's on lagg inte o kern/132705 net [libwrap] [patch] libwrap - infinite loop if hosts.all o kern/132672 net [ndis] [panic] ndis with rt2860.sys causes kernel pani o kern/132669 net [xl] 3c905-TX send DUP! in reply on ping (sometime) o kern/132625 net [iwn] iwn drivers don't support setting country o kern/132554 net [ipl] There is no ippool start script/ipfilter magic t o kern/132354 net [nat] Getting some packages to ipnat(8) causes crash o kern/132285 net [carp] alias gives incorrect hash in dmesg o kern/132277 net [crypto] [ipsec] poor performance using cryptodevice f o conf/132179 net [patch] /etc/network.subr: ipv6 rtsol on incorrect wla o kern/132107 net [carp] carp(4) advskew setting ignored when carp IP us o kern/131781 net [ndis] ndis keeps dropping the link o kern/131776 net [wi] driver fails to init o kern/131753 net [altq] [panic] kernel panic in hfsc_dequeue o bin/131567 net [socket] [patch] Update for regression/sockets/unix_cm o kern/131549 net ifconfig(8) can't clear 'monitor' mode on the wireless o kern/131536 net [netinet] [patch] kernel does allow manipulation of su o bin/131365 net route(8): route add changes interpretation of network o kern/131162 net [ath] Atheros driver bugginess and kernel crashes o kern/131153 net [iwi] iwi doesn't see a wireless network f kern/131087 net [ipw] [panic] ipw / iwi - no sent/received packets; iw f kern/130820 net [ndis] wpa_supplicant(8) returns 'no space on device' o kern/130628 net [nfs] NFS / rpc.lockd deadlock on 7.1-R o conf/130555 net [rc.d] [patch] No good way to set ipfilter variables a o kern/130525 net [ndis] [panic] 64 bit ar5008 ndisgen-erated driver cau o kern/130311 net [wlan_xauth] [panic] hostapd restart causing kernel pa o kern/130109 net [ipfw] Can not set fib for packets originated from loc f kern/130059 net [panic] Leaking 50k mbufs/hour o kern/129750 net [ath] Atheros AR5006 exits on "cannot map register spa f kern/129719 net [nfs] [panic] Panic during shutdown, tcp_ctloutput: in o kern/129580 net [ndis] Netgear WG311v3 (ndis) causes kenel trap at boo o kern/129517 net [ipsec] [panic] double fault / stack overflow o kern/129508 net [carp] [panic] Kernel panic with EtherIP (may be relat o kern/129352 net [xl] [patch] xl0 watchdog timeout o kern/129219 net [ppp] Kernel panic when using kernel mode ppp o kern/129197 net [panic] 7.0 IP stack related panic o kern/129135 net [vge] vge driver on a VIA mini-ITX not working o bin/128954 net ifconfig(8) deletes valid routes o kern/128917 net [wpi] [panic] if_wpi and wpa+tkip causing kernel panic o kern/128884 net [msk] if_msk page fault while in kernel mode o kern/128840 net [igb] page fault under load with igb/LRO o bin/128602 net [an] wpa_supplicant(8) crashes with an(4) o kern/128598 net [bluetooth] WARNING: attempt to net_add_domain(bluetoo o kern/128448 net [nfs] 6.4-RC1 Boot Fails if NFS Hostname cannot be res o conf/128334 net [request] use wpa_cli in the "WPA DHCP" situation o bin/128295 net [patch] ifconfig(8) does not print TOE4 or TOE6 capabi o bin/128001 net wpa_supplicant(8), wlan(4), and wi(4) issues o kern/127928 net [tcp] [patch] TCP bandwidth gets squeezed every time t o kern/127834 net [ixgbe] [patch] wrong error counting o kern/127826 net [iwi] iwi0 driver has reduced performance and connecti o kern/127815 net [gif] [patch] if_gif does not set vlan attributes from o kern/127724 net [rtalloc] rtfree: 0xc5a8f870 has 1 refs f bin/127719 net [arp] arp: Segmentation fault (core dumped) s kern/127587 net [bge] [request] if_bge(4) doesn't support BCM576X fami f kern/127528 net [icmp]: icmp socket receives icmp replies not owned by o bin/127192 net routed(8) removes the secondary alias IP of interface f kern/127145 net [wi]: prism (wi) driver crash at bigger traffic o kern/127102 net [wpi] Intel 3945ABG low throughput o kern/127057 net [udp] Unable to send UDP packet via IPv6 socket to IPv o kern/127050 net [carp] ipv6 does not work on carp interfaces [regressi o kern/126945 net [carp] CARP interface destruction with ifconfig destro o kern/126924 net [an] [patch] printf -> device_printf and simplify prob o kern/126895 net [patch] [ral] Add antenna selection (marked as TBD) o kern/126874 net [vlan]: Zebra problem if ifconfig vlanX destroy o bin/126822 net wpa_supplicant(8): WPA PSK does not work in adhoc mode o kern/126714 net [carp] CARP interface renaming makes system no longer o kern/126695 net rtfree messages and network disruption upon use of if_ o kern/126688 net [ixgbe] [patch] 1.4.7 ixgbe driver panic with 4GB and o kern/126475 net [ath] [panic] ath pcmcia card inevitably panics under o kern/126339 net [ipw] ipw driver drops the connection o kern/126214 net [ath] txpower problem with Atheros wifi card o kern/126075 net [inet] [patch] internet control accesses beyond end of o bin/125922 net [patch] Deadlock in arp(8) o kern/125920 net [arp] Kernel Routing Table loses Ethernet Link status o kern/125845 net [netinet] [patch] tcp_lro_rx() should make use of hard o kern/125816 net [carp] [if_bridge] carp stuck in init when using bridg f kern/125502 net [ral] ifconfig ral0 scan produces no output unless in o kern/125258 net [socket] socket's SO_REUSEADDR option does not work o kern/125239 net [gre] kernel crash when using gre o kern/125195 net [fxp] fxp(4) driver failed to initialize device Intel o kern/124904 net [fxp] EEPROM corruption with Compaq NC3163 NIC o kern/124767 net [iwi] Wireless connection using iwi0 driver (Intel 220 o kern/124753 net [ieee80211] net80211 discards power-save queue packets o kern/124341 net [ral] promiscuous mode for wireless device ral0 looses o kern/124160 net [libc] connect(2) function loops indefinitely o kern/124127 net [msk] watchdog timeout (missed Tx interrupts) -- recov o kern/124021 net [ip6] [panic] page fault in nd6_output() o kern/123968 net [rum] [panic] rum driver causes kernel panic with WPA. p kern/123961 net [vr] [patch] Allow vr interface to handle vlans o kern/123892 net [tap] [patch] No buffer space available o kern/123890 net [ppp] [panic] crash & reboot on work with PPP low-spee o kern/123858 net [stf] [patch] stf not usable behind a NAT o kern/123796 net [ipf] FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not o bin/123633 net ifconfig(8) doesn't set inet and ether address in one f kern/123617 net [tcp] breaking connection when client downloading file o kern/123603 net [tcp] tcp_do_segment and Received duplicate SYN o kern/123559 net [iwi] iwi periodically disassociates/associates [regre o bin/123465 net [ip6] route(8): route add -inet6 -interfac o kern/123463 net [ipsec] [panic] repeatable crash related to ipsec-tool o kern/123429 net [nfe] [hang] "ifconfig nfe up" causes a hard system lo o kern/123347 net [bge] bge1: watchdog timeout -- linkstate changed to D o conf/123330 net [nsswitch.conf] Enabling samba wins in nsswitch.conf c o kern/123256 net [wpi] panic: blockable sleep lock with wpi(4) f kern/123172 net [bce] Watchdog timeout problems with if_bce o kern/123160 net [ip] Panic and reboot at sysctl kern.polling.enable=0 o kern/122989 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/122954 net [lagg] IPv6 EUI64 incorrectly chosen for lagg devices o kern/122928 net [em] interface watchdog timeouts and stops receiving p f kern/122839 net [multicast] FreeBSD 7 multicast routing problem p kern/122794 net [lagg] Kernel panic after brings lagg(8) up if NICs ar o kern/122780 net [lagg] tcpdump on lagg interface during high pps wedge o kern/122772 net [em] em0 taskq panic, tcp reassembly bug causes radix o kern/122743 net [mbuf] [panic] vm_page_unwire: invalid wire count: 0 o kern/122697 net [ath] Atheros card is not well supported o kern/122685 net It is not visible passing packets in tcpdump(1) o kern/122551 net [bge] Broadcom 5715S no carrier on HP BL460c blade usi o kern/122319 net [wi] imposible to enable ad-hoc demo mode with Orinoco o kern/122290 net [netgraph] [panic] Netgraph related "kmem_map too smal f kern/122252 net [ipmi] [bge] IPMI problem with BCM5704 (does not work o kern/122195 net [ed] Alignment problems in if_ed o kern/122058 net [em] [panic] Panic on em1: taskq o kern/122033 net [ral] [lor] Lock order reversal in ral0 at bootup [reg o kern/121983 net [fxp] fxp0 MBUF and PAE o bin/121895 net [patch] rtsol(8)/rtsold(8) doesn't handle managed netw o kern/121872 net [wpi] driver fails to attach on a fujitsu-siemens s711 s kern/121774 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/121706 net [netinet] [patch] "rtfree: 0xc4383870 has 1 refs" emit o kern/121624 net [em] [regression] Intel em WOL fails after upgrade to o kern/121555 net [panic] Fatal trap 12: current process = 12 (swi1: net o kern/121443 net [gif] [lor] icmp6_input/nd6_lookup o kern/121437 net [vlan] Routing to layer-2 address does not work on VLA o bin/121359 net [patch] ppp(8): fix local stack overflow in ppp o kern/121298 net [em] [panic] Fatal trap 12: page fault while in kernel o kern/121257 net [tcp] TSO + natd -> slow outgoing tcp traffic o kern/121181 net [panic] Fatal trap 3: breakpoint instruction fault whi o kern/121080 net [bge] IPv6 NUD problem on multi address config on bge0 o kern/120966 net [rum] kernel panic with if_rum and WPA encryption p docs/120945 net [patch] ip6(4) man page lacks documentation for TCLASS o kern/120566 net [request]: ifconfig(8) make order of arguments more fr o kern/120304 net [netgraph] [patch] netgraph source assumes 32-bit time o kern/120266 net [udp] [panic] gnugk causes kernel panic when closing U o kern/120232 net [nfe] [patch] Bring in nfe(4) to RELENG_6 o kern/120130 net [carp] [panic] carp causes kernel panics in any conste o bin/120060 net routed(8) deletes link-level routes in the presence of o kern/119945 net [rum] [panic] rum device in hostap mode, cause kernel o kern/119791 net [nfs] UDP NFS mount of aliased IP addresses from a Sol o kern/119617 net [nfs] nfs error on wpa network when reseting/shutdown f kern/119516 net [ip6] [panic] _mtx_lock_sleep: recursed on non-recursi o kern/119432 net [arp] route add -host -iface causes arp e o kern/119225 net [wi] 7.0-RC1 no carrier with Prism 2.5 wifi card [regr a bin/118987 net ifconfig(8): ifconfig -l (address_family) does not wor o sparc/118932 net [panic] 7.0-BETA4/sparc-64 kernel panic in rip_output a kern/118879 net [bge] [patch] bge has checksum problems on the 5703 ch o kern/118727 net [netgraph] [patch] [request] add new ng_pf module a kern/118238 net [bce] [patch] bce driver shows "no carrier" on Intel S s kern/117717 net [panic] Kernel panic with Bittorrent client. o kern/117448 net [carp] 6.2 kernel crash [regression] o kern/117423 net [vlan] Duplicate IP on different interfaces o bin/117339 net [patch] route(8): loading routing management commands o kern/117271 net [tap] OpenVPN TAP uses 99% CPU on releng_6 when if_tap o kern/117043 net [em] Intel PWLA8492MT Dual-Port Network adapter EEPROM o kern/116837 net [tun] [panic] [patch] ifconfig tunX destroy: panic o kern/116747 net [ndis] FreeBSD 7.0-CURRENT crash with Dell TrueMobile o bin/116643 net [patch] [request] fstat(1): add INET/INET6 socket deta o kern/116328 net [bge]: Solid hang with bge interface o kern/116185 net [iwi] if_iwi driver leads system to reboot o kern/115239 net [ipnat] panic with 'kmem_map too small' using ipnat o kern/115019 net [netgraph] ng_ether upper hook packet flow stops on ad o kern/115002 net [wi] if_wi timeout. failed allocation (busy bit). ifco o kern/114915 net [patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f o kern/114839 net [fxp] fxp looses ability to speak with traffic o kern/113895 net [xl] xl0 fails on 6.2-RELEASE but worked fine on 5.5-R o kern/112722 net [ipsec] [udp] IP v4 udp fragmented packet reject o kern/112686 net [patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o kern/112570 net [bge] packet loss with bge driver on BCM5704 chipset o bin/112557 net [patch] ppp(8) lock file should not use symlink name o kern/112528 net [nfs] NFS over TCP under load hangs with "impossible p o kern/111457 net [ral] ral(4) freeze o kern/110140 net [ipw] ipw fails under load o kern/109733 net [bge] bge link state issues [regression] o kern/109470 net [wi] Orinoco Classic Gold PC Card Can't Channel Hop o kern/109308 net [pppd] [panic] Multiple panics kernel ppp suspected [r o kern/109251 net [re] [patch] if_re cardbus card won't attach o bin/108895 net pppd(8): PPPoE dead connections on 6.2 [regression] o kern/108542 net [bce] Huge network latencies with 6.2-RELEASE / STABLE o kern/107944 net [wi] [patch] Forget to unlock mutex-locks o kern/107850 net [bce] bce driver link negotiation is faulty o conf/107035 net [patch] bridge(8): bridge interface given in rc.conf n o kern/106438 net [ipf] ipfilter: keep state does not seem to allow repl o kern/106316 net [dummynet] dummynet with multipass ipfw drops packets o kern/106243 net [nve] double fault panic in if_nve.c on high loads o kern/105945 net Address can disappear from network interface s kern/105943 net Network stack may modify read-only mbuf chain copies o bin/105925 net problems with ifconfig(8) and vlan(4) [regression] o kern/105348 net [ath] ath device stopps TX o kern/104851 net [inet6] [patch] On link routes not configured when usi o kern/104751 net [netgraph] kernel panic, when getting info about my tr o kern/104485 net [bge] Broadcom BCM5704C: Intermittent on newer chip ve o kern/103191 net Unpredictable reboot o kern/103135 net [ipsec] ipsec with ipfw divert (not NAT) encodes a pac o conf/102502 net [netgraph] [patch] ifconfig name does't rename netgrap o kern/102035 net [plip] plip networking disables parallel port printing o kern/101948 net [ipf] [panic] Kernel Panic Trap No 12 Page Fault - cau o kern/100709 net [libc] getaddrinfo(3) should return TTL info o kern/100519 net [netisr] suggestion to fix suboptimal network polling o kern/98978 net [ipf] [patch] ipfilter drops OOW packets under 6.1-Rel o kern/98597 net [inet6] Bug in FreeBSD 6.1 IPv6 link-local DAD procedu o bin/98218 net wpa_supplicant(8) blacklist not working f bin/97392 net ppp(8) hangs instead terminating o kern/97306 net [netgraph] NG_L2TP locks after connection with failed f kern/96268 net [socket] TCP socket performance drops by 3000% if pack o kern/96030 net [bfe] [patch] Install hangs with Broadcomm 440x NIC in o kern/95519 net [ral] ral0 could not map mbuf o kern/95288 net [pppd] [tty] [panic] if_ppp panic in sys/kern/tty_subr o kern/95277 net [netinet] [patch] IP Encapsulation mask_match() return o kern/95267 net packet drops periodically appear s kern/94863 net [bge] [patch] hack to get bge(4) working on IBM e326m o kern/94162 net [bge] 6.x kenel stale with bge(4) o kern/93886 net [ath] Atheros/D-Link DWL-G650 long delay to associate f kern/93378 net [tcp] Slow data transfer in Postfix and Cyrus IMAP (wo o kern/93019 net [ppp] ppp and tunX problems: no traffic after restarti o kern/92880 net [libc] [patch] almost rewritten inet_network(3) functi f kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/92279 net [dc] Core faults everytime I reboot, possible NIC issu o kern/92090 net [bge] bge0: watchdog timeout -- resetting o kern/91859 net [ndis] if_ndis does not work with Asus WL-138 s kern/91777 net [ipf] [patch] wrong behaviour with skip rule inside an o kern/91594 net [em] FreeBSD > 5.4 w/ACPI fails to detect Intel Pro/10 o kern/91364 net [ral] [wep] WF-511 RT2500 Card PCI and WEP o kern/91311 net [aue] aue interface hanging o kern/90890 net [vr] Problems with network: vr0: tx shutdown timeout s kern/90086 net [hang] 5.4p8 on supermicro P8SCT hangs during boot if f kern/88082 net [ath] [panic] cts protection for ath0 causes panic o kern/87521 net [ipf] [panic] using ipfilter "auth" keyword leads to k o kern/87506 net [vr] [patch] Fix alias support on vr interfaces o kern/87194 net [fxp] fxp(4) promiscuous mode seems to corrupt hw-csum s kern/86920 net [ndis] ifconfig: SIOCS80211: Invalid argument [regress o kern/86103 net [ipf] Illegal NAT Traversal in IPFilter o kern/85780 net 'panic: bogus refcnt 0' in routing/ipv6 o bin/85445 net ifconfig(8): deprecated keyword to ifconfig inoperativ o kern/85266 net [xe] [patch] xe(4) driver does not recognise Xircom XE o kern/84202 net [ed] [patch] Holtek HT80232 PCI NIC recognition on Fre o bin/82975 net route change does not parse classfull network as given o kern/82497 net [vge] vge(4) on AMD64 only works when loaded late, not f kern/81644 net [vge] vge(4) does not work properly when loaded as a K s kern/81147 net [net] [patch] em0 reinitialization while adding aliase o kern/80853 net [ed] [patch] add support for Compex RL2000/ISA in PnP o kern/79895 net [ipf] 5.4-RC2 breaks ipfilter NAT when using netgraph f kern/79262 net [dc] Adaptec ANA-6922 not fully supported o bin/79228 net [patch] extend arp(8) to be able to create blackhole r o kern/78090 net [ipf] ipf filtering on bridged packets doesn't work if p kern/77913 net [wi] [patch] Add the APDL-325 WLAN pccard to wi(4) o kern/77341 net [ip6] problems with IPV6 implementation o kern/77273 net [ipf] ipfilter breaks ipv6 statefull filtering on 5.3 s kern/77195 net [ipf] [patch] ipfilter ioctl SIOCGNATL does not match o kern/75873 net Usability problem with non-RFC-compliant IP spoof prot s kern/75407 net [an] an(4): no carrier after short time f kern/73538 net [bge] problem with the Broadcom BCM5788 Gigabit Ethern o kern/71469 net default route to internet magically disappears with mu o kern/70904 net [ipf] ipfilter ipnat problem with h323 proxy support o kern/64556 net [sis] if_sis short cable fix problems with NetGear FA3 s kern/60293 net [patch] FreeBSD arp poison patch o kern/54383 net [nfs] [patch] NFS root configurations without dynamic f i386/45773 net [bge] Softboot causes autoconf failure on Broadcom 570 s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr s kern/39937 net ipstealth issue a kern/38554 net [patch] changing interface ipaddress doesn't seem to w o kern/35442 net [sis] [patch] Problem transmitting runts in if_sis dri o kern/34665 net [ipf] [hang] ipfilter rcmd proxy "hangs". o kern/31647 net [libc] socket calls can return undocumented EINVAL o kern/30186 net [libc] getaddrinfo(3) does not handle incorrect servna o kern/27474 net [ipf] [ppp] Interactive use of user PPP and ipfilter c o conf/23063 net [arp] [patch] for static ARP tables in rc.network 307 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 11:08:53 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58EF9106568D; Mon, 1 Jun 2009 11:08:53 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206192061.chello.pl [87.206.192.61]) by mx1.freebsd.org (Postfix) with ESMTP id E57428FC0A; Mon, 1 Jun 2009 11:08:52 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 9093845CDC; Mon, 1 Jun 2009 12:50:26 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 9380045CA6; Mon, 1 Jun 2009 12:50:21 +0200 (CEST) Date: Mon, 1 Jun 2009 12:50:25 +0200 From: Pawel Jakub Dawidek To: freebsd-net@FreeBSD.org Message-ID: <20090601105024.GC1542@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xo44VMWPx7vlQ2+2" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: mlaier@FreeBSD.org Subject: PF's divert-to and divert-reply functionality. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 11:08:53 -0000 --xo44VMWPx7vlQ2+2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi there. I ported PF changes to make IP_BINDANY option usable on FreeBSD. I didn't port kernel changes from OpenBSD (except for extending this functionality for RAW IP sockets), because we had most of the code in place already used by ipfw forward code (IPFIREWALL_FORWARD option). I still had to implement it for UDP, because IPFIREWALL_FORWARD option changes address and port and I one to be able to find original destination when using IP_RECVDSTADDR in conjunction with recvmsg(2). The patch is here: http://people.freebsd.org/~pjd/patches/transparent_proxy.patch I'm looking for reviewers and testers. PS. IPv6 support is partially implemented (it isn't also for IPFIREWALL_FORWARD option). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --xo44VMWPx7vlQ2+2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFKI7JwForvXbEpPzQRAgNjAJ47ZqGs6re8ozEc3fycqyuW49U61wCg1VyV AqfiTlv0ca6Ae8NST1OCSK0= =4dTH -----END PGP SIGNATURE----- --xo44VMWPx7vlQ2+2-- From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 14:50:03 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E356810656B1 for ; Mon, 1 Jun 2009 14:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B6C708FC1C for ; Mon, 1 Jun 2009 14:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n51Eo3Ci095321 for ; Mon, 1 Jun 2009 14:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n51Eo3Wp095320; Mon, 1 Jun 2009 14:50:03 GMT (envelope-from gnats) Date: Mon, 1 Jun 2009 14:50:03 GMT Message-Id: <200906011450.n51Eo3Wp095320@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: DutchDaemon Cc: Subject: Re: kern/134658: [bce] bce driver fails on PowerEdge m610 blade. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: DutchDaemon List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 14:50:04 -0000 The following reply was made to PR kern/134658; it has been noted by GNATS. From: DutchDaemon To: bug-followup@FreeBSD.org, harald_jensas@dell.com Cc: Subject: Re: kern/134658: [bce] bce driver fails on PowerEdge m610 blade. Date: Mon, 01 Jun 2009 16:21:59 +0200 http://forums.freebsd.org/showthread.php?t=3804 From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 22:28:29 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E81DF1065670 for ; Mon, 1 Jun 2009 22:28:29 +0000 (UTC) (envelope-from l.ribet@vdm-publishing-house.com) Received: from h1414586.stratoserver.net (h1414586.stratoserver.net [85.214.50.21]) by mx1.freebsd.org (Postfix) with ESMTP id 6C2E88FC08 for ; Mon, 1 Jun 2009 22:28:29 +0000 (UTC) (envelope-from l.ribet@vdm-publishing-house.com) Received: from static.88-198-49-102.clients.your-server.de ([88.198.49.102] helo=contact) by h1414586.stratoserver.net with esmtpa (Exim 4.63) (envelope-from ) id 1MBFIb-0004rK-Gt; Mon, 01 Jun 2009 23:44:06 +0200 Date: Mon, 1 Jun 2009 23:46:48 +0200 (CEST) From: l.ribet@vdm-publishing-house.com To: freebsd-net@freebsd.org Message-ID: <20251546.3482.1243892808444.JavaMail.root@contact> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailer: VDM-Mailing X-Spam-Score: -0.9 X-Spam-Report: Software zur Erkennung von "Spam" auf dem Rechner h1414586.stratoserver.net hat die eingegangene E-mail als mögliche "Spam"-Nachricht identifiziert. Die ursprüngliche Nachricht wurde an diesen Bericht angehängt, so dass Sie sie anschauen können (falls es doch eine legitime E-Mail ist) oder ähnliche unerwünschte Nachrichten in Zukunft markieren können. Bei Fragen zu diesem Vorgang wenden Sie sich bitte an the administrator of that system Vorschau: Dear Paul M Bielecki, I am writing on behalf of the German publishing house, VDM Verlag Dr. Müller AG & Co. KG. In the course of a research at Ohio University, I came across a reference to your thesis on "Rethinking Baudrys Apparatus Theory In Light Of DVD Technology". As we would like to make your work available to a larger audience, I am wondering if you may be interested in publishing your thesis in the form of a printed book. [...] Inhaltsanalyse im Detail: (-0.9 Punkte, 5.0 benötigt) Pkte Regelname Beschreibung ---- ---------------------- -------------------------------------------------- 0.6 NO_REAL_NAME Kein vollständiger Name in Absendeadresse -1.4 ALL_TRUSTED Nachricht wurde nur über vertrauenswürdige Rechner weitergeleitet 0.0 AWL AWL: From: address is in the auto white-list X-Spam-Bar: / Subject: Academic Publication X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 22:28:30 -0000 Dear Paul M Bielecki, I am writing on behalf of the German publishing house, VDM Verlag Dr. M=C3= =BCller AG & Co. KG. In the course of a research at Ohio University, I came across a reference t= o your thesis on "Rethinking Baudrys Apparatus Theory In Light Of DVD Techn= ology". As we would like to make your work available to a larger audience, I am won= dering if you may be interested in publishing your thesis in the form of a printed book. Your reply including an e-mail address to which I can send an e-mail with f= urther information in an attachment will be greatly appreciated. I am looking forward to hearing from you. Kind regards, Laurent Ribet Acquisition Editor VDM Publishing House Ltd. =20 17, Meldrum Str. | Beau-Bassin | Mauritius Tel / Fax: +230 467-5601 l.ribet@vdm-publishing-house.com | www.vdm-publishing.com Business Registration No.: C07072290 Board of Directors: Katalin Bontenakels, Benoit Novel In coorperation with: VDM Verlag Dr. M=C3=BCller AG & CoKG (www.vdm-verlag.de) LAP Lambert Academic Publishing AG & CoKG (www.lap-publishing.com) SVH S=C3=BCdwestdeutscher Verlag f=C3=BCr Hochschulschriften AG & CoKG (www= .svh-verlag.de) From owner-freebsd-net@FreeBSD.ORG Tue Jun 2 03:37:52 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D7B0106566B for ; Tue, 2 Jun 2009 03:37:52 +0000 (UTC) (envelope-from cmb@pfsense.org) Received: from mail.pfsense.org (mail.pfsense.org [69.64.6.29]) by mx1.freebsd.org (Postfix) with ESMTP id 6099F8FC12 for ; Tue, 2 Jun 2009 03:37:52 +0000 (UTC) (envelope-from cmb@pfsense.org) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.pfsense.org (Postfix) with ESMTP id B849323E17 for ; Mon, 1 Jun 2009 22:19:56 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.pfsense.org Received: from mail.pfsense.org ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaErR6+1Zrjh for ; Mon, 1 Jun 2009 22:19:55 -0500 (EST) Received: from [10.0.64.15] (96-28-38-25.dhcp.insightbb.com [96.28.38.25]) by mail.pfsense.org (Postfix) with ESMTP id E372223DB8 for ; Mon, 1 Jun 2009 22:19:54 -0500 (EST) Message-ID: <4A249A57.1070900@pfsense.org> Date: Mon, 01 Jun 2009 23:19:51 -0400 From: Chris Buechler User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ath(4) randomly changes MTU to 2290 after explicitly set to 1500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2009 03:37:52 -0000 In FreeBSD 7.1 using this patch: http://people.freebsd.org/~sam/ath_hal-releng7.patch and 7.2 with stock ath(4) (the above does not cleanly apply to 7.2), there are numerous pfsense users seeing problems with ath when bridging. This did not occur in 7.0. Upon investigation of a few systems, though we explicitly configure the interface with MTU 1500 twice (once when bringing up the ath interface, and again when setting up the bridge interface), somehow it ends up switching MTU to 2290 when we never configure it as such. This breaks bridging to an Ethernet interface because if_bridge requires the MTU to be the same on both interfaces. None of the commands we're running to setup ath or the bridge will replicate it, no matter what I do to the interface it stays to 1500 unless it sits there for a while ("a while" might be hours or days). There isn't anything that runs in the background to touch interfaces, a completely idle untouched box will change its configuration. It is setup fine and works initially, but given time, it'll switch to 2290 and stop working. example bridge setup commands: /sbin/ifconfig bridge0 destroy /sbin/ifconfig bridge0 create /sbin/ifconfig ath0 mtu 1500 /sbin/ifconfig vr1 mtu 1500 /sbin/ifconfig ath0 up /sbin/ifconfig vr1 up /sbin/ifconfig bridge0 addm ath0 addm vr1 up example ath setup commands: /sbin/ifconfig ath0 down /sbin/ifconfig ath0 mode '11g' /sbin/ifconfig ath0 channel any /sbin/ifconfig ath0 -mediaopt turbo /sbin/ifconfig ath0 ssid 'cmb' /sbin/ifconfig ath0 -hidessid /sbin/ifconfig ath0 -mediaopt adhoc /sbin/ifconfig ath0 protmode 'off' /sbin/ifconfig ath0 -pureg /sbin/ifconfig ath0 apbridge /sbin/ifconfig ath0 -wme /sbin/ifconfig ath0 authmode open wepmode off /sbin/ifconfig ath0 txpower '99' /sbin/ifconfig ath0 mediaopt hostap /sbin/ifconfig ath0 mtu 1500 /sbin/ifconfig ath0 up /usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf $ dmesg|grep ath ath0: mem 0xe00c0000-0xe00cffff irq 9 at device 12.0 on pci0 ath0: [ITHREAD] ath0: WARNING: using obsoleted if_watchdog interface ath0: Ethernet address: 00:0b:6b:84:3d:7c ath0: mac 5.9 phy 4.3 radio 3.6 ath0: promiscuous mode enabled another that can replicate it is: ath0: mem 0x80000000-0x8000ffff irq 12 at device 13.0 on pci0 $ sysctl -a hw.ath hw.ath.txbuf: 200 hw.ath.rxbuf: 40 hw.ath.regdomain: 0 hw.ath.countrycode: 0 hw.ath.xchanmode: 1 hw.ath.outdoor: 1 hw.ath.calibrate: 30 hw.ath.hal.swba_backoff: 0 hw.ath.hal.sw_brt: 10 hw.ath.hal.dma_brt: 2 I have access to several systems that can replicate this, please let me know if any further information would be helpful. thanks, Chris From owner-freebsd-net@FreeBSD.ORG Tue Jun 2 04:58:17 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BD81106564A for ; Tue, 2 Jun 2009 04:58:17 +0000 (UTC) (envelope-from cmb@pfsense.org) Received: from mail.pfsense.org (mail.pfsense.org [69.64.6.29]) by mx1.freebsd.org (Postfix) with ESMTP id DFB6E8FC1B for ; Tue, 2 Jun 2009 04:58:16 +0000 (UTC) (envelope-from cmb@pfsense.org) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.pfsense.org (Postfix) with ESMTP id 307012363E for ; Mon, 1 Jun 2009 23:58:16 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.pfsense.org Received: from mail.pfsense.org ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYtCipq8qVjQ for ; Mon, 1 Jun 2009 23:58:15 -0500 (EST) Received: from [10.0.64.15] (96-28-38-25.dhcp.insightbb.com [96.28.38.25]) by mail.pfsense.org (Postfix) with ESMTP id 130B123D58 for ; Mon, 1 Jun 2009 23:58:15 -0500 (EST) Message-ID: <4A24B166.7020000@pfsense.org> Date: Tue, 02 Jun 2009 00:58:14 -0400 From: Chris Buechler User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <4A249A57.1070900@pfsense.org> In-Reply-To: <4A249A57.1070900@pfsense.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ath(4) randomly changes MTU to 2290 after explicitly set to 1500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2009 04:58:17 -0000 Chris Buechler wrote: > In FreeBSD 7.1 using this patch: > http://people.freebsd.org/~sam/ath_hal-releng7.patch > > and 7.2 with stock ath(4) (the above does not cleanly apply to 7.2), > there are numerous pfsense users seeing problems with ath when > bridging. This did not occur in 7.0. Upon investigation of a few > systems, though we explicitly configure the interface with MTU 1500 > twice (once when bringing up the ath interface, and again when setting > up the bridge interface), somehow it ends up switching MTU to 2290 > when we never configure it as such. This breaks bridging to an > Ethernet interface because if_bridge requires the MTU to be the same > on both interfaces. > > None of the commands we're running to setup ath or the bridge will > replicate it, no matter what I do to the interface it stays to 1500 > unless it sits there for a while ("a while" might be hours or days). > There isn't anything that runs in the background to touch interfaces, > a completely idle untouched box will change its configuration. It is > setup fine and works initially, but given time, it'll switch to 2290 > and stop working. > > example bridge setup commands: > > /sbin/ifconfig bridge0 destroy > /sbin/ifconfig bridge0 create > /sbin/ifconfig ath0 mtu 1500 > /sbin/ifconfig vr1 mtu 1500 > /sbin/ifconfig ath0 up > /sbin/ifconfig vr1 up > /sbin/ifconfig bridge0 addm ath0 addm vr1 up > > example ath setup commands: > > /sbin/ifconfig ath0 down > /sbin/ifconfig ath0 mode '11g' > /sbin/ifconfig ath0 channel any > /sbin/ifconfig ath0 -mediaopt turbo > /sbin/ifconfig ath0 ssid 'cmb' > /sbin/ifconfig ath0 -hidessid > /sbin/ifconfig ath0 -mediaopt adhoc > /sbin/ifconfig ath0 protmode 'off' > /sbin/ifconfig ath0 -pureg > /sbin/ifconfig ath0 apbridge > /sbin/ifconfig ath0 -wme > /sbin/ifconfig ath0 authmode open wepmode off > /sbin/ifconfig ath0 txpower '99' > /sbin/ifconfig ath0 mediaopt hostap > /sbin/ifconfig ath0 mtu 1500 > /sbin/ifconfig ath0 up > /usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf > > $ dmesg|grep ath > ath0: mem 0xe00c0000-0xe00cffff irq 9 at device 12.0 on > pci0 > ath0: [ITHREAD] > ath0: WARNING: using obsoleted if_watchdog interface > ath0: Ethernet address: 00:0b:6b:84:3d:7c > ath0: mac 5.9 phy 4.3 radio 3.6 > ath0: promiscuous mode enabled > > another that can replicate it is: > ath0: mem 0x80000000-0x8000ffff irq 12 at device 13.0 > on pci0 > > $ sysctl -a hw.ath > hw.ath.txbuf: 200 > hw.ath.rxbuf: 40 > hw.ath.regdomain: 0 > hw.ath.countrycode: 0 > hw.ath.xchanmode: 1 > hw.ath.outdoor: 1 > hw.ath.calibrate: 30 > hw.ath.hal.swba_backoff: 0 > hw.ath.hal.sw_brt: 10 > hw.ath.hal.dma_brt: 2 A little more related info on two additional boxes I now have access to with similar problems. In this case, every time hostapd is started it sets the MTU to 2290. I'm not sure if hostapd is the only thing causing difficulties, as these two behave differently from the others where initially MTU is 1500 and it changes on its own at some point. I see no mention of MTU in hostapd.conf(5). The hostapd.conf being used follows: interface=ath0 driver=bsd logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 dump_file=/tmp/hostapd_ath0.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=fw2 debug= auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP wpa_group_rekey=60 wpa_gmk_rekey=3600 wpa_strict_rekey= wpa_passphrase=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ieee8021x= From owner-freebsd-net@FreeBSD.ORG Wed Jun 3 17:18:47 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7293E1065670 for ; Wed, 3 Jun 2009 17:18:47 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 2B4328FC1B for ; Wed, 3 Jun 2009 17:18:46 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: by lath.rinet.ru (Postfix, from userid 222) id 8E00E700B; Wed, 3 Jun 2009 21:03:11 +0400 (MSD) Date: Wed, 3 Jun 2009 21:03:11 +0400 From: Oleg Bulyzhin To: Mikolaj Golub Message-ID: <20090603170311.GA18104@lath.rinet.ru> References: <864ov9htgq.fsf@kopusha.onet> <81bpp8l6de.fsf@zhuzha.ua1> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <81bpp8l6de.fsf@zhuzha.ua1> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-net@FreeBSD.org Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 17:18:47 -0000 On Mon, Jun 01, 2009 at 11:12:45AM +0300, Mikolaj Golub wrote: > It looks the problem has not drawn much attention :-). I was on vacation so did not reply in time. Dummynet like solution is not enough, dummynet is affected by this problem too. I'll send patch to you for testing tomorrow. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-net@FreeBSD.ORG Wed Jun 3 22:21:55 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28F09106566C for ; Wed, 3 Jun 2009 22:21:55 +0000 (UTC) (envelope-from pisymbol@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id D92448FC29 for ; Wed, 3 Jun 2009 22:21:54 +0000 (UTC) (envelope-from pisymbol@gmail.com) Received: by an-out-0708.google.com with SMTP id c3so156670ana.13 for ; Wed, 03 Jun 2009 15:21:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=xMh1dG5D4TIjwBul8lM4Kynf7yc7yhlRTUNU2L7X65A=; b=ult6NBMC9W3hFZawgoCPF7SGK8IuZh6Vo882KRkponoHmWXT2HOTSqv1c78avk/2HF XjSLiMA0FfPw8wVaXZZR4Ti4M2JeCvyuvDtRX+TQ8QMC41R9z4pNiWCB8TY1/ulxtIXB 16CV86k6S/7RJMl4L4KgsvuXfbj6UFrwGQ65s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=toOIASn8x9IyZDb9SnPDTjdEq3ZKB3k1x0g7Fc3k61I8B9PB4EM83jH5QZyysW7Xk1 TPR/r4RMsB2VsPSWDIui6MnZ/nzil9jVg37uPGDz+v7nD9RZr6oMkQ06co6N0p9gnQI4 vZBmNoUHtVfWnJ2aekq/5uFqmc1y75RnjQDgg= MIME-Version: 1.0 Received: by 10.100.166.10 with SMTP id o10mr1774125ane.126.1244066210193; Wed, 03 Jun 2009 14:56:50 -0700 (PDT) Date: Wed, 3 Jun 2009 17:56:50 -0400 Message-ID: <3c0b01820906031456h6db0e2e0w1becc6835c11c723@mail.gmail.com> From: Alexander Sack To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: bge(4) input errors and LINK_LOST condition problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 22:21:55 -0000 Hello: I'm running FreeBSD-6.1-amd64 on an Intel motherboard with an Intel Core 2 processor (6400 I believe) with 8GB of RAM. I'm using bge(4) as a monitoring port listening to traffic from a GIGE switch. The traffic is a pcap replay and its running at 2% utilization through a switch. The card auto-negotiates to the right speed as shown below. The problem is the following: input (bge3) output packets errs bytes packets errs bytes colls 32800 0 6933920 0 0 0 0 32800 0 6933920 0 0 0 0 32560 0 6883184 0 0 0 0 32800 0 6933920 0 0 0 0 32503 2 6871316 0 0 0 0 32639 0 6899718 0 0 0 0 32960 0 6967744 0 0 0 0 32880 0 6950832 0 0 0 0 32720 0 6917008 0 0 0 0 32720 0 6917008 0 0 0 0 32720 0 6917008 0 0 0 0 32437 1 6857197 0 0 0 0 32550 0 6881070 0 0 0 0 32400 0 6849360 0 0 0 0 32760 1 6925081 0 0 0 0 32832 0 6940316 0 0 0 0 32467 0 6863408 0 0 0 0 32640 0 6900096 0 0 0 0 32480 0 6866272 0 0 0 0 32668 0 6905617 0 0 0 0 32828 0 6939889 0 0 0 0 I am seeing ifp->ierrors because these receive bd descriptors are marked with the LINK_LOST bit in the bd_error_flag after some instrumentation. # ifconfig bge3 bge3: flags=48943 mtu 9000 options=1b inet6 fe80::2e0:edff:fe11:90b3%bge3 prefixlen 64 scopeid 0x4 ether 00:e0:ed:11:90:b3 media: Ethernet autoselect (1000baseTX ) status: active # pciconf -l | grep bge3 bge3@pci8:6:1: class=0x020000 card=0x164814e4 chip=0x164814e4 rev=0x10 hdr=0x00 I took the stats stuff off of CURRENT and backported it to my 6.1 kernel and I see: # sysctl -a | grep bge.3 dev.bge.3.%desc: Broadcom BCM5704 B0, ASIC rev. 0x2100 dev.bge.3.%driver: bge dev.bge.3.%location: slot=6 function=1 dev.bge.3.%pnpinfo: vendor=0x14e4 device=0x1648 subvendor=0x14e4 subdevice=0x1648 class=0x020000 dev.bge.3.%parent: pci8 dev.bge.3.rx_coal_ticks: 150 dev.bge.3.tx_coal_ticks: 1000000 dev.bge.3.rx_max_coal_bds: 16 dev.bge.3.tx_max_coal_bds: 32 dev.bge.3.debug_info: -1 dev.bge.3.reg_read: -1172242433 dev.bge.3.mem_read: -1172242433 dev.bge.3.stat_IfHcInOctets: 1824848515 dev.bge.3.stat_IfHcOutOctets: 0 dev.bge.3.stats.FramesDroppedDueToFilters: 0 dev.bge.3.stats.DmaWriteQueueFull: 0 dev.bge.3.stats.DmaWriteHighPriQueueFull: 0 dev.bge.3.stats.NoMoreRxBDs: 0 dev.bge.3.stats.InputDiscards: 0 dev.bge.3.stats.InputErrors: 3 dev.bge.3.stats.RecvThresholdHit: 1501751 dev.bge.3.stats.DmaReadQueueFull: 0 dev.bge.3.stats.DmaReadHighPriQueueFull: 0 dev.bge.3.stats.SendDataCompQueueFull: 0 dev.bge.3.stats.RingSetSendProdIndex: 0 dev.bge.3.stats.RingStatusUpdate: 1502233 dev.bge.3.stats.Interrupts: 544091 dev.bge.3.stats.AvoidedInterrupts: 958142 dev.bge.3.stats.SendThresholdHit: 0 dev.bge.3.stats.rx.Octets: 1825744579 dev.bge.3.stats.rx.Fragments: 0 dev.bge.3.stats.rx.UcastPkts: 8476045 dev.bge.3.stats.rx.MulticastPkts: 0 dev.bge.3.stats.rx.FCSErrors: 3 dev.bge.3.stats.rx.AlignmentErrors: 0 dev.bge.3.stats.rx.xonPauseFramesReceived: 0 dev.bge.3.stats.rx.xoffPauseFramesReceived: 0 dev.bge.3.stats.rx.ControlFramesReceived: 0 dev.bge.3.stats.rx.xoffStateEntered: 0 dev.bge.3.stats.rx.FramesTooLong: 0 dev.bge.3.stats.rx.Jabbers: 0 dev.bge.3.stats.rx.UndersizePkts: 0 dev.bge.3.stats.rx.inRangeLengthError: 0 dev.bge.3.stats.rx.outRangeLengthError: 0 dev.bge.3.stats.tx.Octets: 0 dev.bge.3.stats.tx.Collisions: 0 dev.bge.3.stats.tx.XonSent: 0 dev.bge.3.stats.tx.XoffSent: 0 dev.bge.3.stats.tx.flowControlDone: 0 dev.bge.3.stats.tx.InternalMacTransmitErrors: 0 dev.bge.3.stats.tx.SingleCollisionFrames: 0 dev.bge.3.stats.tx.MultipleCollisionFrames: 0 dev.bge.3.stats.tx.DeferredTransmissions: 0 dev.bge.3.stats.tx.ExcessiveCollisions: 0 dev.bge.3.stats.tx.LateCollisions: 0 dev.bge.3.stats.tx.UcastPkts: 0 dev.bge.3.stats.tx.MulticastPkts: 0 dev.bge.3.stats.tx.BroadcastPkts: 0 dev.bge.3.stats.tx.CarrierSenseErrors: 0 dev.bge.3.stats.tx.Discards: 0 dev.bge.3.stats.tx.Errors: 0 A colleague mentioned that because I am using bge(4) as a monitoring card it is passively listening and unable to send back a Ethernet clock resync if the GIGE frame clock gets out of sync which could cause micro drops during the window in which the clocks are trying to get back on track. I can believe that though I feel that after trying multiple switches I find this very odd. Do other folks who use bge(4) see this same behavior? I noticed that my FCSErrors == InputERrors which makes sense since I had 3 packets with FCS errors (CRC32 check fail I believe). Yet my input errors via LINK_LOST are constant, tiny, and random. What's more interesting is I don't even see a drop. If I record and dump the pcap, the traffic looks fine to me through Wireshark (I am going to look again but I don't see sequence out of order or lost messages anyway, its very simple TCP/IP traffic). Are these frames retried auto-magically? If so, then aren't LINK_LOST errors potentially not real drops in the monitoring case and should not be reported as such? Can someone please define causes of the LINK_LOST condition (bd_error_flag = 0x4)? Thanks! -aps From owner-freebsd-net@FreeBSD.ORG Wed Jun 3 22:38:15 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6CB91065673; Wed, 3 Jun 2009 22:38:15 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B56718FC18; Wed, 3 Jun 2009 22:38:15 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (delphij@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n53McFjX038142; Wed, 3 Jun 2009 22:38:15 GMT (envelope-from delphij@freefall.freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n53McFuV038138; Wed, 3 Jun 2009 22:38:15 GMT (envelope-from delphij) Date: Wed, 3 Jun 2009 22:38:15 GMT Message-Id: <200906032238.n53McFuV038138@freefall.freebsd.org> To: pblowers@safarivideonetworks.com, delphij@FreeBSD.org, freebsd-net@FreeBSD.org, delphij@FreeBSD.org From: delphij@FreeBSD.org Cc: Subject: Re: amd64/134788: [bce] failure to set ip address in amd64 if_bce.c, i386 seems OK X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 22:38:16 -0000 Synopsis: [bce] failure to set ip address in amd64 if_bce.c, i386 seems OK State-Changed-From-To: open->feedback State-Changed-By: delphij State-Changed-When: Wed Jun 3 22:35:55 UTC 2009 State-Changed-Why: Dear submitter, David has committed a fix 1 day ago which should fixed this issue. Could you please give it a test? (7-STABLE). If you can't use 7-STABLE, please obtain the patch here: http://svn.freebsd.org/viewvc/base/stable/7/sys/dev/mii/brgphy.c?r1=181897&r2=193358&view=patch Please let us know if this has solved your problem, thanks! Responsible-Changed-From-To: freebsd-net->delphij Responsible-Changed-By: delphij Responsible-Changed-When: Wed Jun 3 22:35:55 UTC 2009 Responsible-Changed-Why: Take so I can receive feedbacks. http://www.freebsd.org/cgi/query-pr.cgi?pr=134788 From owner-freebsd-net@FreeBSD.ORG Thu Jun 4 08:44:06 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C7BF1065672 for ; Thu, 4 Jun 2009 08:44:06 +0000 (UTC) (envelope-from auryn@zirakzigil.org) Received: from mail.giulioferro.it (mail.giulioferro.it [85.18.102.52]) by mx1.freebsd.org (Postfix) with ESMTP id 089A38FC27 for ; Thu, 4 Jun 2009 08:44:06 +0000 (UTC) (envelope-from auryn@zirakzigil.org) Received: from localhost (localhost [127.0.0.1]) by mail.giulioferro.it (Postfix) with ESMTP id 0792B33C3A; Thu, 4 Jun 2009 10:46:34 +0200 (CEST) X-Virus-Scanned: amavisd-new at giulioferro.it Received: from mail.giulioferro.it ([127.0.0.1]) by localhost (aurynwork1sv1.giulioferro.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLyp80cwf84W; Thu, 4 Jun 2009 10:46:31 +0200 (CEST) Received: from aurynmob2.giulioferro.it (localhost [127.0.0.1]) (Authenticated sender: gferro@giulioferro.it) by mail.giulioferro.it (Postfix) with ESMTP id 4C2C233C18; Thu, 4 Jun 2009 10:46:31 +0200 (CEST) Message-ID: <4A278950.8010802@zirakzigil.org> Date: Thu, 04 Jun 2009 10:44:00 +0200 From: Giulio Ferro User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <4A205679.5030406@zirakzigil.org> <20090531134541.H3234@maildrop.int.zabbadoz.net> In-Reply-To: <20090531134541.H3234@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Scott Ullrich Subject: Re: NAT-T on current 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 08:44:06 -0000 Bjoern A. Zeeb wrote: >> >> The NATT patch is slated to hit the FreeBSD tree soon so please do >> report back your findings. > > Yes, in case you find any positiv or negative things we'd be happy to > hear back from you - or anyone else who's going to give it a try. > Sorry for late feedback, very little time on my hands... I've tried to interoperate with an old version of ipsec-tools (0.6.7) and it takes a long time to start working, but it does in the end. I didn't have much time to try anything more in-depth, but I'll keep you posted. Thanks again. From owner-freebsd-net@FreeBSD.ORG Thu Jun 4 09:29:09 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15D9B106566C for ; Thu, 4 Jun 2009 09:29:09 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id C68F98FC16 for ; Thu, 4 Jun 2009 09:29:08 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from astro.zen.inc (astro.zen.inc [192.168.1.239]) by smtp.zeninc.net (smtpd) with ESMTP id 0C5C02798B8; Thu, 4 Jun 2009 11:13:13 +0200 (CEST) Received: by astro.zen.inc (Postfix, from userid 1000) id 6291F17052; Thu, 4 Jun 2009 11:32:04 +0200 (CEST) Date: Thu, 4 Jun 2009 11:32:04 +0200 From: VANHULLEBUS Yvan To: Giulio Ferro Message-ID: <20090604093204.GA94385@zeninc.net> References: <4A205679.5030406@zirakzigil.org> <20090531134541.H3234@maildrop.int.zabbadoz.net> <4A278950.8010802@zirakzigil.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A278950.8010802@zirakzigil.org> User-Agent: All mail clients suck. This one just sucks less. Cc: "Bjoern A. Zeeb" , Scott Ullrich , freebsd-net@freebsd.org Subject: Re: NAT-T on current 8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 09:29:09 -0000 On Thu, Jun 04, 2009 at 10:44:00AM +0200, Giulio Ferro wrote: [....] > Sorry for late feedback, very little time on my hands... Hi. > I've tried to interoperate with an old version of ipsec-tools (0.6.7) > and it takes a long time to start working, but it does in the end. > I didn't have much time to try anything more in-depth, but I'll keep > you posted. Do you mean "with an ipsec-tools 0.6.7 as the peer" ? It should work, as changes are only in the kernel/userland interface, and as (AFAIR) no changes have been done in the way NAT-T is negociated with the peer between ipsec-tools 0.6 and 0.7. Could you please give us more informations about that ? And what do you mean by "it takes some time to start working" ??? Thanks, Yvan. From owner-freebsd-net@FreeBSD.ORG Thu Jun 4 20:47:22 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8FB8106564A for ; Thu, 4 Jun 2009 20:47:22 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id EBC028FC0A for ; Thu, 4 Jun 2009 20:47:21 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: by lath.rinet.ru (Postfix, from userid 222) id 74E7A700B; Fri, 5 Jun 2009 00:47:20 +0400 (MSD) Date: Fri, 5 Jun 2009 00:47:20 +0400 From: Oleg Bulyzhin To: Mikolaj Golub Message-ID: <20090604204720.GA49677@lath.rinet.ru> References: <864ov9htgq.fsf@kopusha.onet> <81bpp8l6de.fsf@zhuzha.ua1> <20090603170311.GA18104@lath.rinet.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline In-Reply-To: <20090603170311.GA18104@lath.rinet.ru> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-net@FreeBSD.org Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 20:47:23 -0000 --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jun 03, 2009 at 09:03:11PM +0400, Oleg Bulyzhin wrote: > On Mon, Jun 01, 2009 at 11:12:45AM +0300, Mikolaj Golub wrote: > > > It looks the problem has not drawn much attention :-). > > I was on vacation so did not reply in time. > Dummynet like solution is not enough, dummynet is affected by this problem > too. > I'll send patch to you for testing tomorrow. Please test attached patch and let me know results. Patch made for -current and it changes ABI, so rebuilding ipfw with new headers required. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ --wRRV7LY7NUeQGEoC Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="one_pass.diff" Index: sys/netinet/ip_dummynet.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_dummynet.c,v retrieving revision 1.120 diff -u -r1.120 ip_dummynet.c --- sys/netinet/ip_dummynet.c 9 Apr 2009 12:46:00 -0000 1.120 +++ sys/netinet/ip_dummynet.c 4 Jun 2009 20:38:12 -0000 @@ -1399,6 +1399,8 @@ * Build and enqueue packet + parameters. */ pkt->rule = fwa->rule; + pkt->rule_id = fwa->rule_id; + pkt->chain_id = fwa->chain_id; pkt->dn_dir = dir; pkt->ifp = fwa->oif; Index: sys/netinet/ip_dummynet.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_dummynet.h,v retrieving revision 1.44 diff -u -r1.44 ip_dummynet.h --- sys/netinet/ip_dummynet.h 4 Jun 2009 12:27:57 -0000 1.44 +++ sys/netinet/ip_dummynet.h 4 Jun 2009 20:38:12 -0000 @@ -113,6 +113,8 @@ */ struct dn_pkt_tag { struct ip_fw *rule; /* matching rule */ + uint32_t rule_id; /* matching rule id */ + uint32_t chain_id; /* ruleset id */ int dn_dir; /* action when packet comes out. */ #define DN_TO_IP_OUT 1 #define DN_TO_IP_IN 2 @@ -382,16 +384,16 @@ #define DUMMYNET_LOADED (ip_dn_io_ptr != NULL) /* - * Return the IPFW rule associated with the dummynet tag; if any. + * Return the dummynet tag; if any. * Make sure that the dummynet tag is not reused by lower layers. */ -static __inline struct ip_fw * -ip_dn_claim_rule(struct mbuf *m) +static __inline struct dn_pkt_tag * +ip_dn_claim_tag(struct mbuf *m) { struct m_tag *mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL); if (mtag != NULL) { mtag->m_tag_id = PACKET_TAG_NONE; - return (((struct dn_pkt_tag *)(mtag+1))->rule); + return ((struct dn_pkt_tag *)(mtag + 1)); } else return (NULL); } Index: sys/netinet/ip_fw.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v retrieving revision 1.127 diff -u -r1.127 ip_fw.h --- sys/netinet/ip_fw.h 2 May 2009 08:16:26 -0000 1.127 +++ sys/netinet/ip_fw.h 4 Jun 2009 20:38:12 -0000 @@ -453,17 +453,18 @@ struct ip_fw *next_rule; /* ptr to next [skipto] rule */ /* 'next_rule' is used to pass up 'set_disable' status */ - u_int16_t act_ofs; /* offset of action in 32-bit units */ - u_int16_t cmd_len; /* # of 32-bit words in cmd */ - u_int16_t rulenum; /* rule number */ - u_int8_t set; /* rule set (0..31) */ + uint16_t act_ofs; /* offset of action in 32-bit units */ + uint16_t cmd_len; /* # of 32-bit words in cmd */ + uint16_t rulenum; /* rule number */ + uint8_t set; /* rule set (0..31) */ #define RESVD_SET 31 /* set for default and persistent rules */ - u_int8_t _pad; /* padding */ + uint8_t _pad; /* padding */ + uint32_t id; /* rule id */ /* These fields are present in all rules. */ - u_int64_t pcnt; /* Packet counter */ - u_int64_t bcnt; /* Byte counter */ - u_int32_t timestamp; /* tv_sec of last match */ + uint64_t pcnt; /* Packet counter */ + uint64_t bcnt; /* Byte counter */ + uint32_t timestamp; /* tv_sec of last match */ ipfw_insn cmd[1]; /* storage for commands */ }; @@ -607,10 +608,12 @@ struct ifnet *oif; /* output interface */ struct sockaddr_in *next_hop; /* forward address */ struct ip_fw *rule; /* matching rule */ + uint32_t rule_id; /* matching rule id */ + uint32_t chain_id; /* ruleset id */ struct ether_header *eh; /* for bridged packets */ struct ipfw_flow_id f_id; /* grabbed from IP header */ - u_int32_t cookie; /* a cookie depending on rule action */ + uint32_t cookie; /* a cookie depending on rule action */ struct inpcb *inp; struct _ip6dn_args dummypar; /* dummynet->ip6_output */ @@ -658,6 +661,7 @@ LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ struct radix_node_head *tables[IPFW_TABLES_MAX]; struct rwlock rwmtx; + uint32_t id; /* ruleset id */ }; #ifdef IPFW_INTERNAL Index: sys/netinet/ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.223 diff -u -r1.223 ip_fw2.c --- sys/netinet/ip_fw2.c 18 May 2009 22:34:44 -0000 1.223 +++ sys/netinet/ip_fw2.c 4 Jun 2009 20:38:13 -0000 @@ -134,6 +134,16 @@ #endif static uma_zone_t ipfw_dyn_rule_zone; +/** + * dummynet needs a reference to the default rule, because rules can be + * deleted while packets hold a reference to them. When this happens, + * dummynet changes the reference to the default rule (it could well be a + * NULL pointer, but this way we do not need to check for the special + * case, plus here he have info on the default behaviour). + */ +struct ip_fw *ip_fw_default_rule; + + /* * Data structure to cache our ucred related * information. This structure only gets used if @@ -2522,9 +2532,22 @@ if (args->rule) { /* * Packet has already been tagged. Look for the next rule - * to restart processing. + * to restart processing. Make sure that args->rule still + * exists and not changed. */ - f = args->rule->next_rule; + if (chain->id != args->chain_id) { + for (f = chain->rules; f != NULL; f = f->next) + if (f == args->rule && f->id == args->rule_id) + break; + + if (f != NULL) + f = f->next_rule; + else + f = ip_fw_default_rule; + + } else + f = args->rule->next_rule; + if (f == NULL) f = lookup_next_rule(args->rule, 0); } else { @@ -3236,6 +3259,8 @@ case O_PIPE: case O_QUEUE: args->rule = f; /* report matching rule */ + args->rule_id = f->id; + args->chain_id = chain->id; if (cmd->arg1 == IP_FW_TABLEARG) args->cookie = tablearg; else @@ -3344,6 +3369,8 @@ case O_NETGRAPH: case O_NGTEE: args->rule = f; /* report matching rule */ + args->rule_id = f->id; + args->chain_id = chain->id; if (cmd->arg1 == IP_FW_TABLEARG) args->cookie = tablearg; else @@ -3366,6 +3393,8 @@ if (IPFW_NAT_LOADED) { args->rule = f; /* Report matching rule. */ + args->rule_id = f->id; + args->chain_id = chain->id; t = ((ipfw_insn_nat *)cmd)->nat; if (t == NULL) { nat_id = (cmd->arg1 == IP_FW_TABLEARG) ? @@ -3424,6 +3453,8 @@ ip->ip_sum = in_cksum(m, hlen); retval = IP_FW_REASS; args->rule = f; + args->rule_id = f->id; + args->chain_id = chain->id; goto done; } else { retval = IP_FW_DENY; @@ -3482,6 +3513,8 @@ IPFW_WLOCK_ASSERT(chain); + chain->id++; + for (rule = chain->rules; rule; rule = rule->next) rule->next_rule = NULL; } @@ -3518,6 +3551,7 @@ if (chain->rules == NULL) { /* default rule */ chain->rules = rule; + rule->id = ++chain->id; goto done; } @@ -3559,6 +3593,8 @@ } } flush_rule_ptrs(chain); + /* chain->id incremented inside flush_rule_ptrs() */ + rule->id = chain->id; done: V_static_count++; V_static_len += l; @@ -3614,8 +3650,6 @@ while ((rule = head) != NULL) { head = head->next; - if (DUMMYNET_LOADED) - ip_dn_ruledel_ptr(rule); free(rule, M_IPFW); } } @@ -3632,7 +3666,7 @@ IPFW_WLOCK_ASSERT(chain); - flush_rule_ptrs(chain); /* more efficient to do outside the loop */ + flush_rule_ptrs(chain); /* more efficient to do outside the loop */ for (prev = NULL, rule = chain->rules; rule ; ) if (kill_default || rule->set != RESVD_SET) rule = remove_rule(chain, rule, prev); @@ -4517,15 +4551,6 @@ #undef RULE_MAXSIZE } -/** - * dummynet needs a reference to the default rule, because rules can be - * deleted while packets hold a reference to them. When this happens, - * dummynet changes the reference to the default rule (it could well be a - * NULL pointer, but this way we do not need to check for the special - * case, plus here he have info on the default behaviour). - */ -struct ip_fw *ip_fw_default_rule; - /* * This procedure is only used to handle keepalives. It is invoked * every dyn_keepalive_period Index: sys/netinet/ip_fw_pfil.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw_pfil.c,v retrieving revision 1.36 diff -u -r1.36 ip_fw_pfil.c --- sys/netinet/ip_fw_pfil.c 30 Apr 2009 13:36:26 -0000 1.36 +++ sys/netinet/ip_fw_pfil.c 4 Jun 2009 20:38:13 -0000 @@ -116,6 +116,8 @@ KASSERT(ng_tag->dir == NG_IPFW_IN, ("ng_ipfw tag with wrong direction")); args.rule = ng_tag->rule; + args.rule_id = ng_tag->rule_id; + args.chain_id = ng_tag->chain_id; m_tag_delete(*m0, (struct m_tag *)ng_tag); } @@ -126,6 +128,8 @@ dt = (struct dn_pkt_tag *)(dn_tag+1); args.rule = dt->rule; + args.rule_id = dt->rule_id; + args.chain_id = dt->chain_id; m_tag_delete(*m0, dn_tag); } @@ -246,6 +250,8 @@ KASSERT(ng_tag->dir == NG_IPFW_OUT, ("ng_ipfw tag with wrong direction")); args.rule = ng_tag->rule; + args.rule_id = ng_tag->rule_id; + args.chain_id = ng_tag->chain_id; m_tag_delete(*m0, (struct m_tag *)ng_tag); } @@ -256,6 +262,8 @@ dt = (struct dn_pkt_tag *)(dn_tag+1); args.rule = dt->rule; + args.rule_id = dt->rule_id; + args.chain_id = dt->chain_id; m_tag_delete(*m0, dn_tag); } Index: sys/net/if_bridge.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_bridge.c,v retrieving revision 1.125 diff -u -r1.125 if_bridge.c --- sys/net/if_bridge.c 1 May 2009 19:46:42 -0000 1.125 +++ sys/net/if_bridge.c 4 Jun 2009 20:38:13 -0000 @@ -3041,11 +3041,19 @@ if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { INIT_VNET_INET(curvnet); + struct dn_pkt_tag *dn_tag; error = -1; - args.rule = ip_dn_claim_rule(*mp); - if (args.rule != NULL && V_fw_one_pass) - goto ipfwpass; /* packet already partially processed */ + dn_tag = ip_dn_claim_tag(*mp); + if (dn_tag != NULL) { + if (dn_tag->rule != NULL && V_fw_one_pass) + /* packet already partially processed */ + goto ipfwpass; + args.rule = dn_tag->rule; /* matching rule to restart */ + args.rule_id = dn_tag->rule_id; + args.chain_id = dn_tag->chain_id; + } else + args.rule = NULL; args.m = *mp; args.oif = ifp; Index: sys/net/if_ethersubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.260 diff -u -r1.260 if_ethersubr.c --- sys/net/if_ethersubr.c 5 May 2009 10:56:12 -0000 1.260 +++ sys/net/if_ethersubr.c 4 Jun 2009 20:38:13 -0000 @@ -147,8 +147,7 @@ #if defined(INET) || defined(INET6) int -ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, - struct ip_fw **rule, int shared); +ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, int shared); #ifdef VIMAGE_GLOBALS static int ether_ipfw; #endif @@ -430,10 +429,9 @@ { #if defined(INET) || defined(INET6) INIT_VNET_NET(ifp->if_vnet); - struct ip_fw *rule = ip_dn_claim_rule(m); if (IPFW_LOADED && V_ether_ipfw != 0) { - if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { + if (ether_ipfw_chk(&m, ifp, 0) == 0) { if (m) { m_freem(m); return EACCES; /* pkt dropped */ @@ -457,8 +455,7 @@ * ether_output_frame. */ int -ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, - struct ip_fw **rule, int shared) +ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, int shared) { INIT_VNET_INET(dst->if_vnet); struct ether_header *eh; @@ -466,9 +463,19 @@ struct mbuf *m; int i; struct ip_fw_args args; + struct dn_pkt_tag *dn_tag; - if (*rule != NULL && V_fw_one_pass) - return 1; /* dummynet packet, already partially processed */ + dn_tag = ip_dn_claim_tag(*m0); + + if (dn_tag != NULL) { + if (dn_tag->rule != NULL && V_fw_one_pass) + /* dummynet packet, already partially processed */ + return (1); + args.rule = dn_tag->rule; /* matching rule to restart */ + args.rule_id = dn_tag->rule_id; + args.chain_id = dn_tag->chain_id; + } else + args.rule = NULL; /* * I need some amt of data to be contiguous, and in case others need @@ -489,7 +496,6 @@ args.m = m; /* the packet we are looking at */ args.oif = dst; /* destination, if any */ - args.rule = *rule; /* matching rule to restart */ args.next_hop = NULL; /* we do not support forward yet */ args.eh = &save_eh; /* MAC header for bridged/MAC packets */ args.inp = NULL; /* used by ipfw uid/gid/jail rules */ @@ -510,7 +516,6 @@ ETHER_HDR_LEN); } *m0 = m; - *rule = args.rule; if (i == IP_FW_DENY) /* drop */ return 0; @@ -767,9 +772,7 @@ * Do not do this for PROMISC frames in case we are re-entered. */ if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { - struct ip_fw *rule = ip_dn_claim_rule(m); - - if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { + if (ether_ipfw_chk(&m, NULL, 0) == 0) { if (m) m_freem(m); /* dropped; free mbuf chain */ return; /* consumed */ Index: sys/netgraph/ng_ipfw.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ipfw.c,v retrieving revision 1.11 diff -u -r1.11 ng_ipfw.c --- sys/netgraph/ng_ipfw.c 10 Dec 2008 23:12:39 -0000 1.11 +++ sys/netgraph/ng_ipfw.c 4 Jun 2009 20:38:13 -0000 @@ -293,6 +293,8 @@ return (ENOMEM); } ngit->rule = fwa->rule; + ngit->rule_id = fwa->rule_id; + ngit->chain_id = fwa->chain_id; ngit->dir = dir; ngit->ifp = fwa->oif; m_tag_prepend(m, &ngit->mt); Index: sys/netgraph/ng_ipfw.h =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ipfw.h,v retrieving revision 1.2 diff -u -r1.2 ng_ipfw.h --- sys/netgraph/ng_ipfw.h 17 Feb 2006 09:42:49 -0000 1.2 +++ sys/netgraph/ng_ipfw.h 4 Jun 2009 20:38:14 -0000 @@ -38,6 +38,8 @@ struct ng_ipfw_tag { struct m_tag mt; /* tag header */ struct ip_fw *rule; /* matching rule */ + uint32_t rule_id; /* matching rule id */ + uint32_t chain_id; /* ruleset id */ struct ifnet *ifp; /* interface, for ip_output */ int dir; #define NG_IPFW_OUT 0 --wRRV7LY7NUeQGEoC-- From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 00:14:06 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 856A5106566B for ; Fri, 5 Jun 2009 00:14:06 +0000 (UTC) (envelope-from juli@clockworksquid.com) Received: from mail-gx0-f207.google.com (mail-gx0-f207.google.com [209.85.217.207]) by mx1.freebsd.org (Postfix) with ESMTP id 4D5558FC0C for ; Fri, 5 Jun 2009 00:14:06 +0000 (UTC) (envelope-from juli@clockworksquid.com) Received: by gxk3 with SMTP id 3so676626gxk.19 for ; Thu, 04 Jun 2009 17:14:05 -0700 (PDT) MIME-Version: 1.0 Sender: juli@clockworksquid.com Received: by 10.90.66.14 with SMTP id o14mr2321487aga.94.1244159503201; Thu, 04 Jun 2009 16:51:43 -0700 (PDT) From: Juli Mallett Date: Thu, 4 Jun 2009 16:51:22 -0700 X-Google-Sender-Auth: ffb2b9b81c971de7 Message-ID: To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: bge(4) ASF problem report... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jmallett@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 00:14:06 -0000 Hey there, On my HP DL360 G4 with bge interfaces identified as "NC7782 Gigabit Server Adapter, ASIC rev. 0x2100", I find that having ASF enabled results in a total system freeze. Is anyone else running this hardware on either 7.x or 8-CURRENT? If so, I'd love to hear whether hw.bge.allow_asf=1 (the default on 8-CURRENT) is problematic for you and whether setting it to 0 instead fixes it. I'd like to disallow ASF by device ID if this reliably affects this hardware, but this is the only DL360 G4 I've got. Any objections? Or is there anyone who cares about bge who would be interested in trying to figure out what the actual problem is? Note that I haven't tried enabling the iLO shared network port stuff, so I don't know if that would have any unfortunate interactions with ASF support or lack thereof. Thanks, Juli. From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 11:27:04 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB3E71065686 for ; Fri, 5 Jun 2009 11:27:04 +0000 (UTC) (envelope-from barney_cordoba@yahoo.com) Received: from web63902.mail.re1.yahoo.com (web63902.mail.re1.yahoo.com [69.147.97.117]) by mx1.freebsd.org (Postfix) with SMTP id 20C368FC0C for ; Fri, 5 Jun 2009 11:27:01 +0000 (UTC) (envelope-from barney_cordoba@yahoo.com) Received: (qmail 89796 invoked by uid 60001); 5 Jun 2009 11:27:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1244201221; bh=HiumZkvSzG5KS+dmZNaokgtdJQyed0sj3/gdg+xcf+Q=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=1ZAW6eO/vUqMBpz7D5sdQllH1uy1+EaMdGfhl60JzLcIvmgLH5oJPkcvM+Ro45+D3hd/9lbzb4SmhNbpniqEFwPs5jIMH2RHnXamxppX9ZcgaMNG/FwzhyKCTVO+ynxzsZGEEBnd9+BV1v9owvtTy+y8aTb1ny+CVHt71pgW4lQ= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=nVdxtRMzaTbfenmU89zYUYUsqyw2VbDEKw1HC9Lz8qHv4PZyDjKr1ynLcZ6fIuYg/oyMYQgQGFh6tiopR98IQL3UELM4/CxsMhfjuG6dIFqmFAx3eVOIjtGhsAFi+8NKIdK70pblwWor8gX+xvmyJm68JuHH/UAcK2YgO6gopbg=; Message-ID: <11451.10207.qm@web63902.mail.re1.yahoo.com> X-YMail-OSG: LhTyklcVM1mv6OBTpbqfTtX2dL2P3NJMVHaTOeVfrlZK_0vIP5Uzco6aJ0qw8uUdnBlbB0dxwsyY1G8eXFhhYzyX6T1deYY.8OGqg4Ge1dgNAUDRxvlD42dn17ky0MkhJ.dIC_h2zRpGS.oCfRt1jCPan1GD.DBBI_bafK.YBhb0ebKq2GMrzVPJa5chgBSQu_eAO6ZKfZm5wjuQ0D_p0CplbPI.JdGjxHLRqpqn_Pe0F5f4k1YR7yeAtbJwWix9mFhknZdenG603mkAFw-- Received: from [66.176.162.245] by web63902.mail.re1.yahoo.com via HTTP; Fri, 05 Jun 2009 04:27:00 PDT X-Mailer: YahooMailClassic/5.3.9 YahooMailWebService/0.7.289.15 Date: Fri, 5 Jun 2009 04:27:00 -0700 (PDT) From: Barney Cordoba To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Subject: panic in sbflush X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 11:27:05 -0000 I'm getting a panic in sbflush where mbcnt is 0 and sb_mb is not empty. Any clues as to what might cause this? It happening during a load test. Barney From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 13:02:48 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB220106566C; Fri, 5 Jun 2009 13:02:47 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id 9FD9C8FC17; Fri, 5 Jun 2009 13:02:47 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by k7.mavetju.org (Postfix, from userid 1001) id 9390E45094; Fri, 5 Jun 2009 22:44:28 +1000 (EST) Date: Fri, 5 Jun 2009 22:44:28 +1000 From: Edwin Groothuis To: freebsd-net@freebsd.org, roberto@freebsd.org Message-ID: <20090605124428.GA85576@mavetju.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Cc: Subject: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 13:02:48 -0000 After pondering at conf/58595, I came with this text. The ntpd is not enabled by default, so the fact that the servers are commented out should not be an issue. Any objections against adding it to the tree? Index: etc/ntp.conf =================================================================== --- etc/ntp.conf (revision 0) +++ etc/ntp.conf (revision 0) @@ -0,0 +1,28 @@ +# +# $FreeBSD$ +# +# Default NTP servers for the FreeBSD operating system. +# +# Don't forget to enable ntpd in /etc/rc.conf with: +# ntpd_enable="YES" +# + +driftfile /var/db/ntpd.drift + +# +# Uncomment the following three lines to sync against three "local" +# public NTP servers. +# +# server pool.ntp.org +# server pool.ntp.org +# server pool.ntp.org + +# +# If you want to pick yourself which country's public NTP server +# you want sync against, comment out the above servers, uncomment +# the next ones and replace CC with the country's abbrevation. +# +# server CC.pool.ntp.org +# server CC.pool.ntp.org +# server CC.pool.ntp.org +# Index: etc/Makefile =================================================================== --- etc/Makefile (revision 193485) +++ etc/Makefile (working copy) @@ -14,7 +14,7 @@ hosts hosts.allow hosts.equiv \ inetd.conf libalias.conf login.access login.conf mac.conf motd \ netconfig network.subr networks newsyslog.conf nsswitch.conf \ - phones profile protocols \ + ntpd.conf phones profile protocols \ rc rc.bsdextended rc.firewall rc.firewall6 rc.initdiskless \ rc.sendmail rc.shutdown \ rc.subr remote rpc services shells \ -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 13:47:34 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFAE9106566C; Fri, 5 Jun 2009 13:47:34 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.freenix.fr (keltia.freenix.org [IPv6:2001:660:330f:f820:213:72ff:fe15:f44]) by mx1.freebsd.org (Postfix) with ESMTP id 89F138FC0C; Fri, 5 Jun 2009 13:47:34 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from localhost (localhost [127.0.0.1]) by keltia.freenix.fr (Postfix/TLS) with ESMTP id 44A0D3BE0A; Fri, 5 Jun 2009 15:47:33 +0200 (CEST) X-Virus-Scanned: amavisd-new at keltia.freenix.fr Received: from keltia.freenix.fr ([127.0.0.1]) by localhost (keltia.freenix.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHgKB5w6Szhk; Fri, 5 Jun 2009 15:47:32 +0200 (CEST) Received: from roberto-al.eurocontrol.fr (aran.keltia.net [88.191.250.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.freenix.fr (Postfix/TLS) with ESMTPSA id 3E8B73BBCF; Fri, 5 Jun 2009 15:47:32 +0200 (CEST) Date: Fri, 5 Jun 2009 15:47:27 +0200 From: Ollivier Robert To: Edwin Groothuis Message-ID: <20090605134727.GA480@roberto-al.eurocontrol.fr> References: <20090605124428.GA85576@mavetju.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090605124428.GA85576@mavetju.org> X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7.2 / Dell D820 SMP User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-net@freebsd.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 13:47:35 -0000 According to Edwin Groothuis: > After pondering at conf/58595, I came with this text. > > The ntpd is not enabled by default, so the fact that the servers > are commented out should not be an issue. > > Any objections against adding it to the tree? None from me. Go for it thanks. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 13:52:06 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58AA01065678; Fri, 5 Jun 2009 13:52:06 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from mail.farley.org (mail.farley.org [IPv6:2001:470:1f0f:20:2::11]) by mx1.freebsd.org (Postfix) with ESMTP id C10EC8FC1B; Fri, 5 Jun 2009 13:52:03 +0000 (UTC) (envelope-from scf@FreeBSD.org) Received: from thor.farley.org (HPooka@thor.farley.org [IPv6:2001:470:1f0f:20:1::5]) by mail.farley.org (8.14.3/8.14.3) with ESMTP id n55Dq1Qn031368; Fri, 5 Jun 2009 08:52:01 -0500 (CDT) (envelope-from scf@FreeBSD.org) Date: Fri, 5 Jun 2009 08:52:01 -0500 (CDT) From: "Sean C. Farley" To: Edwin Groothuis In-Reply-To: <20090605124428.GA85576@mavetju.org> Message-ID: References: <20090605124428.GA85576@mavetju.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.farley.org Cc: Ollivier Robert , freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 13:52:07 -0000 On Fri, 5 Jun 2009, Edwin Groothuis wrote: > After pondering at conf/58595, I came with this text. > > The ntpd is not enabled by default, so the fact that the servers > are commented out should not be an issue. > > Any objections against adding it to the tree? I like it. I would also add restrict lines to it since ntp defaults to being open to all packets. These would ignore everything except the pools (restricted) and localhost (open): restrict default ignore restrict pool.ntp.org nomodify nopeer noquery notrap restrict pool.ntp.org nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 > Index: etc/ntp.conf > =================================================================== > --- etc/ntp.conf (revision 0) > +++ etc/ntp.conf (revision 0) > @@ -0,0 +1,28 @@ > +# > +# $FreeBSD$ > +# > +# Default NTP servers for the FreeBSD operating system. > +# > +# Don't forget to enable ntpd in /etc/rc.conf with: > +# ntpd_enable="YES" > +# > + > +driftfile /var/db/ntpd.drift > + > +# > +# Uncomment the following three lines to sync against three "local" > +# public NTP servers. > +# > +# server pool.ntp.org > +# server pool.ntp.org > +# server pool.ntp.org > + > +# > +# If you want to pick yourself which country's public NTP server > +# you want sync against, comment out the above servers, uncomment > +# the next ones and replace CC with the country's abbrevation. > +# > +# server CC.pool.ntp.org > +# server CC.pool.ntp.org > +# server CC.pool.ntp.org > +# > Index: etc/Makefile > =================================================================== > --- etc/Makefile (revision 193485) > +++ etc/Makefile (working copy) > @@ -14,7 +14,7 @@ > hosts hosts.allow hosts.equiv \ > inetd.conf libalias.conf login.access login.conf mac.conf motd \ > netconfig network.subr networks newsyslog.conf nsswitch.conf \ > - phones profile protocols \ > + ntpd.conf phones profile protocols \ ntpd.conf or ntp.conf? Sean -- scf@FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 13:58:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E336310656BF for ; Fri, 5 Jun 2009 13:58:07 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by mx1.freebsd.org (Postfix) with ESMTP id 688A38FC13 for ; Fri, 5 Jun 2009 13:58:07 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: by fg-out-1718.google.com with SMTP id e12so218758fga.12 for ; Fri, 05 Jun 2009 06:58:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:cc:subject:references :organization:from:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=FVvwnTGu/YmAb+mjp28Fx306v5nmX/EOfSQUsw9zISo=; b=WX32XSy5K40Fff2CNv5YrljVlKVDyAYnS45eM/a/wYIDPUd7ocAhcD2AXYt4OCUIR9 ZZNrXExHS8CaBUmGN4luPcKqIJavAQTrjhBH6ba8+EZ7673E1OcyULCv9OGnqfnXInKL lDSXP+sV0IkdrZ4XU0F2NTfNYD9KkoIuGe6kY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:subject:references:organization:from:date:in-reply-to :message-id:user-agent:mime-version:content-type; b=TmgVCt1TBdh4yAdwdoiGiwL5I1bacl1hGqcKiKwPldSBTjVBJ939vPA+wUhC73f7ls vrBM0kgY+8NriE3hRGEaVa+2JzhHp8XXaN9laxJgQWayDL+8jJLaQeES3n/2hjb4b5P6 bfdEMR6SdSN/mSToE3Z/E3DCRmEdqDmjopoWY= Received: by 10.86.57.9 with SMTP id f9mr3868482fga.57.1244210286396; Fri, 05 Jun 2009 06:58:06 -0700 (PDT) Received: from localhost (ms.singlescrowd.net [80.85.90.67]) by mx.google.com with ESMTPS id 3sm1995404fge.4.2009.06.05.06.57.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 05 Jun 2009 06:57:54 -0700 (PDT) To: Oleg Bulyzhin References: <864ov9htgq.fsf@kopusha.onet> <81bpp8l6de.fsf@zhuzha.ua1> <20090603170311.GA18104@lath.rinet.ru> <20090604204720.GA49677@lath.rinet.ru> Organization: TOA Ukraine From: Mikolaj Golub Date: Fri, 05 Jun 2009 16:57:52 +0300 In-Reply-To: <20090604204720.GA49677@lath.rinet.ru> (Oleg Bulyzhin's message of "Fri\, 5 Jun 2009 00\:47\:20 +0400") Message-ID: <81hbyuvl3z.fsf@zhuzha.ua1> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-net@FreeBSD.org Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 13:58:09 -0000 On Fri, 5 Jun 2009 00:47:20 +0400 Oleg Bulyzhin wrote: > On Wed, Jun 03, 2009 at 09:03:11PM +0400, Oleg Bulyzhin wrote: >> On Mon, Jun 01, 2009 at 11:12:45AM +0300, Mikolaj Golub wrote: >> >> > It looks the problem has not drawn much attention :-). >> >> I was on vacation so did not reply in time. >> Dummynet like solution is not enough, dummynet is affected by this problem >> too. >> I'll send patch to you for testing tomorrow. > > Please test attached patch and let me know results. > Patch made for -current and it changes ABI, so rebuilding ipfw with new > headers required. It works for me. With the patch I has not managed to crash the system using my test. Some notes: - only ng_ipfw/ng_car subsystem has been tested (not dummynet). - my -current box is under qemu (I don't have real server running -current to test this). If you are interesting in some testing of dummynet before commiting this to current, let me know. I could try some tests but only the next week. If you are going to commit this to -current could you please fix ng_ipfw(4) man page too? Index: share/man/man4/ng_ipfw.4 =================================================================== --- share/man/man4/ng_ipfw.4 (revision 193478) +++ share/man/man4/ng_ipfw.4 (working copy) @@ -84,11 +84,12 @@ struct ng_ipfw_tag { struct m_tag mt; /* tag header */ struct ip_fw *rule; /* matching rule */ + uint32_t rule_id; /* matching rule id */ + uint32_t chain_id; /* ruleset id */ struct ifnet *ifp; /* interface, for ip_output */ int dir; /* packet direction */ #define NG_IPFW_OUT 0 #define NG_IPFW_IN 1 - int flags; /* flags, for ip_output() */ }; .Ed .Pp -- Mikolaj Golub From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 14:06:12 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07D4B106564A; Fri, 5 Jun 2009 14:06:12 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.freenix.fr (keltia.freenix.org [IPv6:2001:660:330f:f820:213:72ff:fe15:f44]) by mx1.freebsd.org (Postfix) with ESMTP id 9350E8FC08; Fri, 5 Jun 2009 14:06:11 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from localhost (localhost [127.0.0.1]) by keltia.freenix.fr (Postfix/TLS) with ESMTP id 6F5093BE0A; Fri, 5 Jun 2009 16:06:10 +0200 (CEST) X-Virus-Scanned: amavisd-new at keltia.freenix.fr Received: from keltia.freenix.fr ([127.0.0.1]) by localhost (keltia.freenix.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLugAEaksTFj; Fri, 5 Jun 2009 16:06:09 +0200 (CEST) Received: from roberto-al.eurocontrol.fr (aran.keltia.net [88.191.250.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.freenix.fr (Postfix/TLS) with ESMTPSA id 47AFC3BBCF; Fri, 5 Jun 2009 16:06:09 +0200 (CEST) Date: Fri, 5 Jun 2009 16:06:04 +0200 From: Ollivier Robert To: "Sean C. Farley" Message-ID: <20090605140604.GA693@roberto-al.eurocontrol.fr> References: <20090605124428.GA85576@mavetju.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7.2 / Dell D820 SMP User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-net@FreeBSD.org, Edwin Groothuis Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 14:06:12 -0000 According to Sean C. Farley: > I would also add restrict lines to it since ntp defaults to being open > to all packets. Now that I think of it, please add also the following lines, which helps when losing the sync on the remote servers. server 127.127.1.0 fudge 127.127.1.0 stratum 10 That adds a local clock as a fallback. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 14:24:27 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF9F81065673; Fri, 5 Jun 2009 14:24:27 +0000 (UTC) (envelope-from frank@ilse.behrens.de) Received: from post.behrens.de (post.behrens.de [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id 132248FC15; Fri, 5 Jun 2009 14:24:26 +0000 (UTC) (envelope-from frank@ilse.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:cc:in-reply-to:content-type:content-transfer-encoding:content-description; s=pinky1; t=1244211864; i=frank@ilse.behrens.de; bh=ql+JrweJJhXLHstyuNs8cJVtEkIRiJSpQLYCH9B9IZ0=; b=a8+AA22KbR4AI8W53S/dVbozqF7J0zkTIQHbe2R8H5cszYrkmYgzHmDLNp6nCX/Eefz/uYajAleKzj/GMlhTBw== Received: from sun.behrens ([IPv6:2a01:170:1023:0:81b4:e42b:a3af:7497]) by post.behrens.de (8.14.3/8.14.2) with ESMTP(MSA) id n55EOIrM012619; Fri, 5 Jun 2009 16:24:18 +0200 (CEST) (envelope-from frank@ilse.behrens.de) Message-Id: <200906051424.n55EOIrM012619@post.behrens.de> From: "Frank Behrens" To: Edwin Groothuis Date: Fri, 05 Jun 2009 16:24:18 +0200 MIME-Version: 1.0 Priority: normal In-reply-to: <20090605124428.GA85576@mavetju.org> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:23:090605:roberto@freebsd.org::JmmWyfKqK2n3AfLY:7sIO X-Hashcash: 1:23:090605:freebsd-net@freebsd.org::VcAFkjsar9qg6kdL:0000000000TJri X-Hashcash: 1:23:090605:edwin@freebsd.org::dcJGV6xUmT1OUvqH:57k+ Cc: freebsd-net@freebsd.org, roberto@freebsd.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 14:24:28 -0000 Edwin Groothuis wrote on 5 Jun 2009 22:44: > After pondering at conf/58595, I came with this text. > > The ntpd is not enabled by default, so the fact that the servers > are commented out should not be an issue. >... > +# server pool.ntp.org > +# server pool.ntp.org > +# server pool.ntp.org Isn't it better to use different entries? server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org To be sure that the IP addresses are different. See http://www.pool.ntp.org/en/use.html -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available. From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 14:27:28 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF20B1065675; Fri, 5 Jun 2009 14:27:28 +0000 (UTC) (envelope-from valentin.bud@gmail.com) Received: from mail-bw0-f217.google.com (mail-bw0-f217.google.com [209.85.218.217]) by mx1.freebsd.org (Postfix) with ESMTP id C59138FC17; Fri, 5 Jun 2009 14:27:27 +0000 (UTC) (envelope-from valentin.bud@gmail.com) Received: by bwz17 with SMTP id 17so419881bwz.43 for ; Fri, 05 Jun 2009 07:27:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=tTTXWDU9IpuyLzpMGxXjsFbVNxW6HQbRUOn34cQX4Gk=; b=TuTasg1t1/h4NUUaTFnosHxz5rR0oZgbvXIdinQDiGYMWiOuLcZsdGM6aA4aoe9utD zzgYCI2VpCeWujfWKSIk1dYmfetjbmkhqnMeUvT88UdIrTL60zs6ym137NfY08Gio5Vd KSnas/WEc7ffan46VrV+gsW//Xo62jpsW3caI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=I3utt5EifN+K4clTL3UbWNl1o3rv0Slzx0OAb0g6PY2sBI5n7dgtM5bnKJZCH9ilxy iZpNnJIE+TfefjhMOOlzG9yizUL8yP40E3owIrZQbbmivli4GuqOdavm5Gy2uvntB7k9 56Jn0hQZfB/lOVKP8Eq7RnS91EhWcr7ShwwLg= MIME-Version: 1.0 Received: by 10.103.168.12 with SMTP id v12mr2166720muo.130.1244210193127; Fri, 05 Jun 2009 06:56:33 -0700 (PDT) In-Reply-To: References: <20090605124428.GA85576@mavetju.org> From: Valentin Bud Date: Fri, 5 Jun 2009 16:56:13 +0300 Message-ID: <139b44430906050656pe72d107mfa23561f8f706461@mail.gmail.com> To: "Sean C. Farley" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Ollivier Robert , freebsd-net@freebsd.org, Edwin Groothuis Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 14:27:29 -0000 On Fri, Jun 5, 2009 at 4:52 PM, Sean C. Farley wrote: > On Fri, 5 Jun 2009, Edwin Groothuis wrote: > > After pondering at conf/58595, I came with this text. >> >> The ntpd is not enabled by default, so the fact that the servers >> are commented out should not be an issue. >> >> Any objections against adding it to the tree? >> > > I like it. > > I would also add restrict lines to it since ntp defaults to being open to > all packets. > > These would ignore everything except the pools (restricted) and localhost > (open): > restrict default ignore > restrict pool.ntp.org nomodify nopeer noquery notrap > restrict pool.ntp.org nomodify nopeer noquery notrap > restrict 127.0.0.1 > restrict -6 ::1 > > > Index: etc/ntp.conf >> =================================================================== >> --- etc/ntp.conf (revision 0) >> +++ etc/ntp.conf (revision 0) >> @@ -0,0 +1,28 @@ >> +# >> +# $FreeBSD$ >> +# >> +# Default NTP servers for the FreeBSD operating system. >> +# >> +# Don't forget to enable ntpd in /etc/rc.conf with: >> +# ntpd_enable="YES" >> +# >> + >> +driftfile /var/db/ntpd.drift >> + >> +# >> +# Uncomment the following three lines to sync against three "local" >> +# public NTP servers. >> +# >> +# server pool.ntp.org >> +# server pool.ntp.org >> +# server pool.ntp.org >> + >> +# >> +# If you want to pick yourself which country's public NTP server >> +# you want sync against, comment out the above servers, uncomment >> +# the next ones and replace CC with the country's abbrevation. >> +# >> +# server CC.pool.ntp.org >> +# server CC.pool.ntp.org >> +# server CC.pool.ntp.org >> +# >> Index: etc/Makefile >> =================================================================== >> --- etc/Makefile (revision 193485) >> +++ etc/Makefile (working copy) >> @@ -14,7 +14,7 @@ >> hosts hosts.allow hosts.equiv \ >> inetd.conf libalias.conf login.access login.conf mac.conf motd \ >> netconfig network.subr networks newsyslog.conf nsswitch.conf \ >> - phones profile protocols \ >> + ntpd.conf phones profile protocols \ >> > > ntpd.conf or ntp.conf? I guess it's a typo and should be ntp.conf. > > > Sean > -- > scf@FreeBSD.org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > That's a very good idea. It provides a starting point for new users of ntpd. my 7c, v -- network warrior since 2005 From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 18:18:09 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 097B910656D3; Fri, 5 Jun 2009 18:18:09 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from fallbackmx07.syd.optusnet.com.au (fallbackmx07.syd.optusnet.com.au [211.29.132.9]) by mx1.freebsd.org (Postfix) with ESMTP id 7983A8FC23; Fri, 5 Jun 2009 18:18:08 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail02.syd.optusnet.com.au (mail02.syd.optusnet.com.au [211.29.132.183]) by fallbackmx07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n55FtpqH019251; Sat, 6 Jun 2009 01:55:51 +1000 Received: from c122-106-151-9.carlnfd1.nsw.optusnet.com.au (c122-106-151-9.carlnfd1.nsw.optusnet.com.au [122.106.151.9]) by mail02.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n55Ftl0w003194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 6 Jun 2009 01:55:48 +1000 Date: Sat, 6 Jun 2009 01:55:47 +1000 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: "Sean C. Farley" In-Reply-To: Message-ID: <20090606015013.Q15911@delplex.bde.org> References: <20090605124428.GA85576@mavetju.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Ollivier Robert , freebsd-net@freebsd.org, Edwin Groothuis Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 18:18:09 -0000 On Fri, 5 Jun 2009, Sean C. Farley wrote: > On Fri, 5 Jun 2009, Edwin Groothuis wrote: > >> Index: etc/ntp.conf >> =================================================================== >> --- etc/ntp.conf (revision 0) >> +++ etc/ntp.conf (revision 0) >> @@ -0,0 +1,28 @@ >> +# >> +# $FreeBSD$ >> +# >> +# Default NTP servers for the FreeBSD operating system. >> +# >> +# Don't forget to enable ntpd in /etc/rc.conf with: >> +# ntpd_enable="YES" >> +# >> + >> +driftfile /var/db/ntpd.drift ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> Index: etc/Makefile >> =================================================================== >> --- etc/Makefile (revision 193485) >> +++ etc/Makefile (working copy) >> @@ -14,7 +14,7 @@ >> hosts hosts.allow hosts.equiv \ >> inetd.conf libalias.conf login.access login.conf mac.conf motd \ >> netconfig network.subr networks newsyslog.conf nsswitch.conf \ >> - phones profile protocols \ >> + ntpd.conf phones profile protocols \ > > ntpd.conf or ntp.conf? Similarly, the drift file is named ntp.drift except in poorly configured FreeBSD installations. ntp sources in contrib have 80 lines matching ntp\.drift and 2 lines matching ntpd.drift. FreeBSD should only change the directory containing the drift file from /etc to /var/db or /var/db/ntp, not the file name. Bruce From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 18:56:48 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCD42106564A for ; Fri, 5 Jun 2009 18:56:48 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 9795B8FC14 for ; Fri, 5 Jun 2009 18:56:48 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: by lath.rinet.ru (Postfix, from userid 222) id A0B78700B; Fri, 5 Jun 2009 22:56:47 +0400 (MSD) Date: Fri, 5 Jun 2009 22:56:47 +0400 From: Oleg Bulyzhin To: Mikolaj Golub Message-ID: <20090605185647.GA76962@lath.rinet.ru> References: <864ov9htgq.fsf@kopusha.onet> <81bpp8l6de.fsf@zhuzha.ua1> <20090603170311.GA18104@lath.rinet.ru> <20090604204720.GA49677@lath.rinet.ru> <81hbyuvl3z.fsf@zhuzha.ua1> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <81hbyuvl3z.fsf@zhuzha.ua1> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-net@FreeBSD.org Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 18:56:49 -0000 On Fri, Jun 05, 2009 at 04:57:52PM +0300, Mikolaj Golub wrote: > It works for me. With the patch I has not managed to crash the system using my > test. Some notes: > > - only ng_ipfw/ng_car subsystem has been tested (not dummynet). > - my -current box is under qemu (I don't have real server running -current to > test this). > > If you are interesting in some testing of dummynet before commiting this to > current, let me know. I could try some tests but only the next week. I did some testing of dummynet though extra testing would not hurt. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 19:19:02 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A967A106564A for ; Fri, 5 Jun 2009 19:19:02 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 5CD3A8FC13 for ; Fri, 5 Jun 2009 19:19:02 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 0773719E081; Fri, 5 Jun 2009 21:18:59 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 99C3319E080; Fri, 5 Jun 2009 21:18:55 +0200 (CEST) Message-ID: <4A296FA0.2050601@quip.cz> Date: Fri, 05 Jun 2009 21:18:56 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Bruce Evans References: <20090605124428.GA85576@mavetju.org> <20090606015013.Q15911@delplex.bde.org> In-Reply-To: <20090606015013.Q15911@delplex.bde.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Ollivier Robert , Edwin Groothuis , "Sean C. Farley" , freebsd-net@freebsd.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 19:19:03 -0000 Bruce Evans wrote: > On Fri, 5 Jun 2009, Sean C. Farley wrote: > >> On Fri, 5 Jun 2009, Edwin Groothuis wrote: >> >>> Index: etc/ntp.conf >>> =================================================================== >>> --- etc/ntp.conf (revision 0) >>> +++ etc/ntp.conf (revision 0) >>> @@ -0,0 +1,28 @@ >>> +# >>> +# $FreeBSD$ >>> +# >>> +# Default NTP servers for the FreeBSD operating system. >>> +# >>> +# Don't forget to enable ntpd in /etc/rc.conf with: >>> +# ntpd_enable="YES" >>> +# >>> + >>> +driftfile /var/db/ntpd.drift > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >>> Index: etc/Makefile >>> =================================================================== >>> --- etc/Makefile (revision 193485) >>> +++ etc/Makefile (working copy) >>> @@ -14,7 +14,7 @@ >>> hosts hosts.allow hosts.equiv \ >>> inetd.conf libalias.conf login.access login.conf mac.conf motd \ >>> netconfig network.subr networks newsyslog.conf nsswitch.conf \ >>> - phones profile protocols \ >>> + ntpd.conf phones profile protocols \ >> >> >> ntpd.conf or ntp.conf? > > > Similarly, the drift file is named ntp.drift except in poorly configured > FreeBSD installations. ntp sources in contrib have 80 lines matching > ntp\.drift and 2 lines matching ntpd.drift. FreeBSD should only change > the directory containing the drift file from /etc to /var/db or > /var/db/ntp, > not the file name. Also note that /var/db/ntpd.drift is specified as flags in defaults/rc.conf (I don't know if it is good or bad thing :]) # grep drift /etc/defaults/rc.conf ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" Miroslav Lachman From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 20:39:59 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A183106566B for ; Fri, 5 Jun 2009 20:39:59 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id 810CE8FC1A for ; Fri, 5 Jun 2009 20:39:58 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 26270 invoked by uid 399); 5 Jun 2009 20:10:30 -0000 Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 5 Jun 2009 20:10:30 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4A297BB4.80002@FreeBSD.org> Date: Fri, 05 Jun 2009 13:10:28 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.21 (X11/20090423) MIME-Version: 1.0 To: Edwin Groothuis References: <200906051424.n55EOIrM012619@post.behrens.de> In-Reply-To: <200906051424.n55EOIrM012619@post.behrens.de> X-Enigmail-Version: 0.95.7 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Frank Behrens , freebsd-net@freebsd.org, roberto@freebsd.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 20:39:59 -0000 Frank Behrens wrote: > Edwin Groothuis wrote on 5 Jun 2009 22:44: >> After pondering at conf/58595, I came with this text. >> >> The ntpd is not enabled by default, so the fact that the servers >> are commented out should not be an issue. >> ... >> +# server pool.ntp.org >> +# server pool.ntp.org >> +# server pool.ntp.org > > Isn't it better to use different entries? > server 0.pool.ntp.org > server 1.pool.ntp.org > server 2.pool.ntp.org > > To be sure that the IP addresses are different. > See > http://www.pool.ntp.org/en/use.html I agree with this suggestion, as well as the others about adding the default restrictions and the fallback local clock. Bruce is right about the ntp.drift file name, however we already have existing stuff that mentions ntpd.drift, and since it's specified on the command line in rc.conf the problems of what it says in the code are bypassed. OTOH, we should use ntp.conf (no d) since that is what is referenced in the man page for ntpd, and the man page for the conf file is ntp.conf. (It's currently wrong in the Makefile in your patch.) One more thing, it was said some time ago that due to a quirk in how ntpd works on our system that adding the following to the server line makes it work more efficiently: server foo iburst maxpoll 9 If someone smarter than me could confirm that it would be great. :) hth, Doug -- This .signature sanitized for your protection From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 23:44:22 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B05B11065675; Fri, 5 Jun 2009 23:44:22 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id 5C17B8FC19; Fri, 5 Jun 2009 23:44:22 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by k7.mavetju.org (Postfix, from userid 1001) id 17032450AA; Sat, 6 Jun 2009 09:42:42 +1000 (EST) Date: Sat, 6 Jun 2009 09:42:42 +1000 From: Edwin Groothuis To: "Sean C. Farley" Message-ID: <20090605234242.GA3235@mavetju.org> References: <20090605124428.GA85576@mavetju.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: Ollivier Robert , freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 23:44:22 -0000 First thanks to everybody who replied, I've read it all. The ntpd.conf in the etc/Makefile was a typo of me. On Fri, Jun 05, 2009 at 08:52:01AM -0500, Sean C. Farley wrote: > On Fri, 5 Jun 2009, Edwin Groothuis wrote: > > >After pondering at conf/58595, I came with this text. > > > >The ntpd is not enabled by default, so the fact that the servers > >are commented out should not be an issue. > > > >Any objections against adding it to the tree? > > I like it. > > I would also add restrict lines to it since ntp defaults to being open > to all packets. > > These would ignore everything except the pools (restricted) and > localhost (open): > restrict default ignore > restrict pool.ntp.org nomodify nopeer noquery notrap > restrict pool.ntp.org nomodify nopeer noquery notrap > restrict 127.0.0.1 > restrict -6 ::1 I'm a little bit worried about the functionality of this in combination with the round-robin DNS approach of pool.ntp.org: I have "server 0.pool.ntp.org" in my NTP configuration, which still only gives me one NTP server in its internals ("dig 0.pool.ntp.org" gives me five answers, "ntpq -p" gives me one server). Having the "server 0.pool.ntp.org" in my configuration twice will give it two NTP servers in its internals. So every hostname gives a different NTP server IP address. Now we end up at the restrictions, where it resolves 0.pool.ntp.org again to a different IP address than the previous two, making it not willing to accept any traffic from the earlier two hosts in the server statements. I don't know yet how to overcome this, except for not adding the restrict statements when using the pool.ntp.org servers :-/ Suggestions are welcome. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/ From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 23:52:57 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E15FC106564A; Fri, 5 Jun 2009 23:52:57 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id 987298FC12; Fri, 5 Jun 2009 23:52:57 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by k7.mavetju.org (Postfix, from userid 1001) id CA764450A8; Sat, 6 Jun 2009 09:51:17 +1000 (EST) Date: Sat, 6 Jun 2009 09:51:17 +1000 From: Edwin Groothuis To: Frank Behrens Message-ID: <20090605235117.GB3235@mavetju.org> References: <20090605124428.GA85576@mavetju.org> <200906051424.n55EOIrM012619@post.behrens.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200906051424.n55EOIrM012619@post.behrens.de> User-Agent: Mutt/1.4.2.3i Cc: freebsd-net@freebsd.org, roberto@freebsd.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 23:52:58 -0000 Hello Frank, On Fri, Jun 05, 2009 at 04:24:18PM +0200, Frank Behrens wrote: > Edwin Groothuis wrote on 5 Jun 2009 22:44: > > After pondering at conf/58595, I came with this text. > > > > The ntpd is not enabled by default, so the fact that the servers > > are commented out should not be an issue. > >... > > +# server pool.ntp.org > > +# server pool.ntp.org > > +# server pool.ntp.org > > Isn't it better to use different entries? > server 0.pool.ntp.org > server 1.pool.ntp.org > server 2.pool.ntp.org > > To be sure that the IP addresses are different. > See > http://www.pool.ntp.org/en/use.html You are right, I was under the impression that 0, 1, 2 would give a single A record. I only checked for the geographical closeness of the pool.ntp.org results. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/ From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 02:01:56 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C1951065678 for ; Sat, 6 Jun 2009 02:01:56 +0000 (UTC) (envelope-from randy@psg.com) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by mx1.freebsd.org (Postfix) with ESMTP id 748EE8FC1A for ; Sat, 6 Jun 2009 02:01:56 +0000 (UTC) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=rmac.psg.com) by ran.psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MClEI-0005Ov-KR; Sat, 06 Jun 2009 02:01:54 +0000 Received: from rmac.local.psg.com (localhost [127.0.0.1]) by rmac.psg.com (Postfix) with ESMTP id 23DB61F29721; Sat, 6 Jun 2009 11:01:54 +0900 (JST) Date: Sat, 06 Jun 2009 11:01:53 +0900 Message-ID: From: Randy Bush To: Edwin Groothuis In-Reply-To: <20090605234242.GA3235@mavetju.org> References: <20090605124428.GA85576@mavetju.org> <20090605234242.GA3235@mavetju.org> User-Agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.7 Emacs/22.3 (i386-apple-darwin9.6.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 02:01:57 -0000 > I have "server 0.pool.ntp.org" in my NTP configuration, which still > only gives me one NTP server in its internals ("dig 0.pool.ntp.org" > gives me five answers, "ntpq -p" gives me one server). Having the > "server 0.pool.ntp.org" in my configuration twice will give it two > NTP servers in its internals. So every hostname gives a different > NTP server IP address. i believe that you may relying on a behavior of a dns resolver which is not specified randy From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 02:14:53 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 352C2106564A for ; Sat, 6 Jun 2009 02:14:53 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from k7.mavetju.org (ppp113-58.static.internode.on.net [150.101.113.58]) by mx1.freebsd.org (Postfix) with ESMTP id E099A8FC08 for ; Sat, 6 Jun 2009 02:14:52 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by k7.mavetju.org (Postfix, from userid 1001) id B318045093; Sat, 6 Jun 2009 12:14:51 +1000 (EST) Date: Sat, 6 Jun 2009 12:14:51 +1000 From: Edwin Groothuis To: Randy Bush Message-ID: <20090606021451.GC3235@mavetju.org> References: <20090605124428.GA85576@mavetju.org> <20090605234242.GA3235@mavetju.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 02:14:53 -0000 On Sat, Jun 06, 2009 at 11:01:53AM +0900, Randy Bush wrote: > > I have "server 0.pool.ntp.org" in my NTP configuration, which still > > only gives me one NTP server in its internals ("dig 0.pool.ntp.org" > > gives me five answers, "ntpq -p" gives me one server). Having the > > "server 0.pool.ntp.org" in my configuration twice will give it two > > NTP servers in its internals. So every hostname gives a different > > NTP server IP address. > > i believe that you may relying on a behavior of a dns resolver which is > not specified While it might not be specified, it is being observed and therefore an issue when we want to restrict traffic specified by hostname. Edwin -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/ From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 02:17:07 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45A9C106566B for ; Sat, 6 Jun 2009 02:17:07 +0000 (UTC) (envelope-from randy@psg.com) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by mx1.freebsd.org (Postfix) with ESMTP id 2813F8FC13 for ; Sat, 6 Jun 2009 02:17:07 +0000 (UTC) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=rmac.psg.com) by ran.psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MClT0-0005RQ-Rn; Sat, 06 Jun 2009 02:17:07 +0000 Received: from rmac.local.psg.com (localhost [127.0.0.1]) by rmac.psg.com (Postfix) with ESMTP id 5D8741F2ABC6; Sat, 6 Jun 2009 11:17:06 +0900 (JST) Date: Sat, 06 Jun 2009 11:17:06 +0900 Message-ID: From: Randy Bush To: Edwin Groothuis In-Reply-To: <20090606021451.GC3235@mavetju.org> References: <20090605124428.GA85576@mavetju.org> <20090605234242.GA3235@mavetju.org> <20090606021451.GC3235@mavetju.org> User-Agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.7 Emacs/22.3 (i386-apple-darwin9.6.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 02:17:07 -0000 >> i believe that you may relying on a behavior of a dns resolver which >> is not specified > While it might not be specified, it is being observed and therefore > an issue when we want to restrict traffic specified by hostname. i do not disagree. randy From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 06:25:29 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0C2C1065673; Sat, 6 Jun 2009 06:25:29 +0000 (UTC) (envelope-from joel@FreeBSD.org) Received: from mail.vnode.se (mail.vnode.se [62.119.52.82]) by mx1.freebsd.org (Postfix) with ESMTP id 87FAE8FC13; Sat, 6 Jun 2009 06:25:29 +0000 (UTC) (envelope-from joel@FreeBSD.org) Received: from iMac.local (pgw.vnode.se [77.110.37.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.vnode.se (Postfix) with ESMTPSA id 0BDB9E9F42B; Sat, 6 Jun 2009 08:09:16 +0200 (CEST) Message-ID: <4A2A080C.1040402@FreeBSD.org> Date: Sat, 06 Jun 2009 08:09:16 +0200 From: Joel Dahl User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Doug Barton References: <200906051424.n55EOIrM012619@post.behrens.de> <4A297BB4.80002@FreeBSD.org> In-Reply-To: <4A297BB4.80002@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Frank Behrens , freebsd-net@freebsd.org, roberto@freebsd.org, Edwin Groothuis Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 06:25:30 -0000 Doug Barton skrev: > Frank Behrens wrote: >> Edwin Groothuis wrote on 5 Jun 2009 22:44: >>> After pondering at conf/58595, I came with this text. >>> >>> The ntpd is not enabled by default, so the fact that the servers >>> are commented out should not be an issue. >>> ... >>> +# server pool.ntp.org >>> +# server pool.ntp.org >>> +# server pool.ntp.org >> Isn't it better to use different entries? >> server 0.pool.ntp.org >> server 1.pool.ntp.org >> server 2.pool.ntp.org >> >> To be sure that the IP addresses are different. >> See >> http://www.pool.ntp.org/en/use.html > > I agree with this suggestion, as well as the others about adding the > default restrictions and the fallback local clock. Bruce is right > about the ntp.drift file name, however we already have existing stuff > that mentions ntpd.drift, and since it's specified on the command line > in rc.conf the problems of what it says in the code are bypassed. > > OTOH, we should use ntp.conf (no d) since that is what is referenced > in the man page for ntpd, and the man page for the conf file is > ntp.conf. (It's currently wrong in the Makefile in your patch.) > > One more thing, it was said some time ago that due to a quirk in how > ntpd works on our system that adding the following to the server line > makes it work more efficiently: > > server foo iburst maxpoll 9 I've read the same somewhere and I've been using "iburst maxpoll 9" for a long time. If this is correct, I think it should go into the default ntp.conf. -- Joel From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 07:25:12 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0909C1065670 for ; Sat, 6 Jun 2009 07:25:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id D92BC8FC19 for ; Sat, 6 Jun 2009 07:25:11 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 7D50C46B29; Sat, 6 Jun 2009 03:25:11 -0400 (EDT) Date: Sat, 6 Jun 2009 08:25:11 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Barney Cordoba In-Reply-To: <11451.10207.qm@web63902.mail.re1.yahoo.com> Message-ID: References: <11451.10207.qm@web63902.mail.re1.yahoo.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: net@freebsd.org Subject: Re: panic in sbflush X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 07:25:12 -0000 On Fri, 5 Jun 2009, Barney Cordoba wrote: > I'm getting a panic in sbflush where mbcnt is 0 and sb_mb is not empty. Any > clues as to what might cause this? It happening during a load test. sbflush() panics are typically symptoms of bugs elsewhere in the network stack or kernel, often race conditions. In essence, sbflush() is called when a socket is closed and packets have to be drained from the receive socket buffer. During that draining, we sanity check that the cached length of the data in the socket buffer (sb_cc) matches the actual length of data in the buffer. If sb_cc, sb_mb, or sb_mbcnt is non-zero at the end of the function, we panic. Most of the time, it's a driver race condition where an mbuf has been injected into the stack using ifp->if_input(), but the driver has then modified the mbuf after injection (perhaps by setting a length, clearing a pointer, etc). We had a spate of them after we moved to direct dispatch because the timing changed, leading to packets being processed before the return of if_input() rather than "some time later". Once in a while it's a bug in TCP or socket buffer handling, or in some intermediate encapsulation/decapsulation layer along similar lines to the driver race scenario. I think the most recent case I'm aware of was actually a socket buffer bug, but that's fairly unusual in the history of reports of this panic. There is a kernel debugging option to perform run-time sanity checking of the sockbuf structure so that the corruption is found earlier, called "options SOCKBUF_DEBUG". My experience is that it's good for finding deterministic socket buffer corruption bugs, but that it changes the timing significantly so tends to mask narrow race conditions involving "inject the packet and then change it". Hope that helps, Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 07:46:40 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 88E96106564A; Sat, 6 Jun 2009 07:46:40 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail06.syd.optusnet.com.au (mail06.syd.optusnet.com.au [211.29.132.187]) by mx1.freebsd.org (Postfix) with ESMTP id 062698FC0A; Sat, 6 Jun 2009 07:46:39 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from c122-106-151-9.carlnfd1.nsw.optusnet.com.au (c122-106-151-9.carlnfd1.nsw.optusnet.com.au [122.106.151.9]) by mail06.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n567kTn0007483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 6 Jun 2009 17:46:32 +1000 Date: Sat, 6 Jun 2009 17:46:29 +1000 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <4A296FA0.2050601@quip.cz> Message-ID: <20090606174545.A16690@delplex.bde.org> References: <20090605124428.GA85576@mavetju.org> <20090606015013.Q15911@delplex.bde.org> <4A296FA0.2050601@quip.cz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Ollivier Robert , Edwin Groothuis , "Sean C. Farley" , freebsd-net@FreeBSD.org Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 07:46:40 -0000 On Fri, 5 Jun 2009, Miroslav Lachman wrote: > Bruce Evans wrote: >> Similarly, the drift file is named ntp.drift except in poorly configured >> FreeBSD installations. ntp sources in contrib have 80 lines matching > > Also note that /var/db/ntpd.drift is specified as flags in defaults/rc.conf > (I don't know if it is good or bad thing :]) That is the cause of many poorly configured FreeBSD installations :-). Bruce From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 08:25:21 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BC4A106566B; Sat, 6 Jun 2009 08:25:21 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail10.syd.optusnet.com.au (mail10.syd.optusnet.com.au [211.29.132.191]) by mx1.freebsd.org (Postfix) with ESMTP id 98FDC8FC0A; Sat, 6 Jun 2009 08:25:20 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from c122-106-151-9.carlnfd1.nsw.optusnet.com.au (c122-106-151-9.carlnfd1.nsw.optusnet.com.au [122.106.151.9]) by mail10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n568PGuO007993 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 6 Jun 2009 18:25:17 +1000 Date: Sat, 6 Jun 2009 18:25:16 +1000 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: Doug Barton In-Reply-To: <4A297BB4.80002@FreeBSD.org> Message-ID: <20090606174642.I16690@delplex.bde.org> References: <200906051424.n55EOIrM012619@post.behrens.de> <4A297BB4.80002@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Frank Behrens , freebsd-net@FreeBSD.org, roberto@FreeBSD.org, Edwin Groothuis Subject: Re: NTP - default /etc/ntp.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 08:25:21 -0000 On Fri, 5 Jun 2009, Doug Barton wrote: > Frank Behrens wrote: >> Edwin Groothuis wrote on 5 Jun 2009 22:44: >>> After pondering at conf/58595, I came with this text. >>> >>> The ntpd is not enabled by default, so the fact that the servers >>> are commented out should not be an issue. >>> ... >>> +# server pool.ntp.org >>> +# server pool.ntp.org >>> +# server pool.ntp.org >> >> Isn't it better to use different entries? >> server 0.pool.ntp.org >> server 1.pool.ntp.org >> server 2.pool.ntp.org >> >> To be sure that the IP addresses are different. >> See >> http://www.pool.ntp.org/en/use.html > > I agree with this suggestion, as well as the others about adding the > default restrictions and the fallback local clock. I use 1 hard-coded server (= a local server for all machines except 1) (plus fallback to the local clock for all machines) and have never had any problems using only 1 (except if the server is not up at boot time then ntpdate (which is configured separately anyway) fails and ntpd -x takes too long to sync so I sync manually. too long:= more than 30 seconds, and I use -x since any slew except ones done at boot time by ntpdate is considered an error, and I use ntpdate instead of ntpd -g[q] since ntpdate works perfectly while at least old versions of ntpd -q are very broken). > Bruce is right > about the ntp.drift file name, however we already have existing stuff > that mentions ntpd.drift, and since it's specified on the command line > in rc.conf the problems of what it says in the code are bypassed. This is a bug in rc.conf. The drift file name is also extensively documented to be ntp.drift (in /etc even) in ntpd's man page: from "man ntpd | col -bx": % -f driftfile % Specify the name and path of the frequency file, default ^^^^^^^ % /etc/ntp.drift. This is the same operation as the driftfile ^^^^ ^^^^^^^^^ % driftfile configuration command. No, the default is not in /etc and is not named ntp.drift (even if the above is ntpd's default when a driftfile is configured without specifying a pathname to it (is this possible?) this is confusing. % outside the acceptable range, ntpd enters the same state as when the % ntp.drift file is not present. The intent of this behavior is to quickly ^^^^^^^^^ No need for a pathname here. % Frequency Discipline % The ntpd behavior at startup depends on whether the frequency file, usu- % ally ntp.drift, exists. This file contains the latest estimate of clock ^^^^ ^^^^^^^^^ "usually" instead of "default" is fine. % FILES % /etc/ntp.conf the default name of the configuration file % /etc/ntp.drift the default name of the drift file ^^^ ^^^^^^^^^ ^^^ ^^^^^^^ As above. /var/db/ntpd.drift is not documented anywhere in $(find /usr/share/man) of course. > ... > One more thing, it was said some time ago that due to a quirk in how > ntpd works on our system that adding the following to the server line > makes it work more efficiently: > > server foo iburst maxpoll 9 > > If someone smarter than me could confirm that it would be great. :) I use iburst maxpoll 6 and used to use a different maxpoll and complicated settings when I had a dialup internet connection (was 120 ms ping latency; now 8; 0.150 ms to the local server). These settings probably don't matter with fast connections. Bruce From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 14:10:06 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A44B1065680 for ; Sat, 6 Jun 2009 14:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 481CE8FC15 for ; Sat, 6 Jun 2009 14:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n56EA6GE095051 for ; Sat, 6 Jun 2009 14:10:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n56EA68v095050; Sat, 6 Jun 2009 14:10:06 GMT (envelope-from gnats) Date: Sat, 6 Jun 2009 14:10:06 GMT Message-Id: <200906061410.n56EA68v095050@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Motomichi Matsuzaki Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Motomichi Matsuzaki List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 14:10:06 -0000 The following reply was made to PR kern/134557; it has been noted by GNATS. From: Motomichi Matsuzaki To: bug-followup@FreeBSD.org, mav@FreeBSD.org Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem Date: Sat, 06 Jun 2009 22:53:08 +0900 Here is the same problem. I'm using mpd 4.4.1, which is configured to keep PPPoE connection to ISP. Mpd is also configured as a PPTP server, and it has worked fine on 7.1R; no problems both on normal PPPoE operation and incoming PPTP connection. However, upgrading to 7.2R (by freebsd-update) has changed the situation. -- Motomichi Matsuzaki, PhD From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 16:33:21 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9756C106566C for ; Sat, 6 Jun 2009 16:33:21 +0000 (UTC) (envelope-from bohdan200@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 220FD8FC20 for ; Sat, 6 Jun 2009 16:33:20 +0000 (UTC) (envelope-from bohdan200@gmail.com) Received: by fg-out-1718.google.com with SMTP id e12so443641fga.12 for ; Sat, 06 Jun 2009 09:33:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to :content-type:organization:date:message-id:mime-version:x-mailer :content-transfer-encoding; bh=HQ5msjmfJcOnIMKHwcI2RnwRQP7OF9ia3qeXrI3egLw=; b=slsqd868W4Znvx8UXI72CvMwImMq/7k3X5ePTX8a2TCfJeMvDqV2AFNTvvMmns546+ D89FgODryFYAvRkIpshb4DFewbkB3aVM2gtAMmiaPEF8IMfoS6+FFAvgIlMhFezivdgE 9dWh+1T+7rMmXsjxwGOHm3FoP434WKHz82EO4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:reply-to:to:content-type:organization:date:message-id :mime-version:x-mailer:content-transfer-encoding; b=ByCRqo9k1zb0xDWEKpNHSpb8qzOBdhYtbP3bbT+ZPndW7BHSGJCz7ye6A/Fx036iTm lV17j/IKdxkC8bgrHRru47FkKWGPCAVQSMjLRD54fWVXoI896t77gbP50dhE4ixX00b/ LAFmnmYkUUgzGntBuQCaChzn0mYCoK6BV/NAY= Received: by 10.86.1.18 with SMTP id 18mr5178703fga.19.1244304472182; Sat, 06 Jun 2009 09:07:52 -0700 (PDT) Received: from ?10.0.254.5? (void.liniacom.net [193.43.223.16]) by mx.google.com with ESMTPS id 12sm2631476fgg.25.2009.06.06.09.07.51 (version=SSLv3 cipher=RC4-MD5); Sat, 06 Jun 2009 09:07:51 -0700 (PDT) From: Bohdan Tymkiv To: freebsd-net@FreeBSD.org Content-Type: text/plain Organization: Home Date: Sat, 06 Jun 2009 19:07:36 +0300 Message-Id: <1244304456.16706.38.camel@void-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohdan200@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 16:33:22 -0000 I can confirm this issue. I have a FreeBSD 7.2-STABLE box with mpd 5.3 configured as PPPoE client that connects to my ISP. If I make any PPTP VPN connection that goes through this PPPoE link my server hangs. I made some investigations and found that deadlock occurs only when pptp connection goes via pppoe link, connection from local network works fine. Deadlock occurs exactly when first data packet is sent through pptp connection. mpd can be configured as server that listens on my external pppoe interface or it can be configured as client that connects to other server in internet. In both cases it hangs. -- Bohdan Tymkiv Home From owner-freebsd-net@FreeBSD.ORG Sat Jun 6 16:40:03 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D62301065673 for ; Sat, 6 Jun 2009 16:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C39448FC14 for ; Sat, 6 Jun 2009 16:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n56Ge361013275 for ; Sat, 6 Jun 2009 16:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n56Ge3Ph013274; Sat, 6 Jun 2009 16:40:03 GMT (envelope-from gnats) Date: Sat, 6 Jun 2009 16:40:03 GMT Message-Id: <200906061640.n56Ge3Ph013274@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Bohdan Tymkiv Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bohdan Tymkiv List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 16:40:04 -0000 The following reply was made to PR kern/134557; it has been noted by GNATS. From: Bohdan Tymkiv To: bug-followup@FreeBSD.org, sergei.cherveni@gmail.com Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem Date: Sat, 06 Jun 2009 19:01:14 +0300 I can confirm this issue. I have a FreeBSD 7.2-STABLE box with mpd 5.3 configured as PPPoE client that connects to my ISP. If I make any PPTP VPN connection that goes through this PPPoE link my server hangs. I made some investigations and found that deadlock occurs only when pptp connection goes via pppoe link, connection from local network works fine. Deadlock occurs exactly when first data packet is sent through pptp connection. mpd can be configured as server that listens on my external pppoe interface or it can be configured as client that connects to other server in internet. In both cases it hangs. -- Bohdan Tymkiv