From owner-freebsd-net Sun May 9 1: 6:45 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 2825A14E36 for ; Sun, 9 May 1999 01:06:42 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA09000 for net@freebsd.org; Sun, 9 May 1999 07:57:59 +0200 From: Luigi Rizzo Message-Id: <199905090557.HAA09000@labinfo.iet.unipi.it> Subject: ifconfig/route not deelting old entries ? To: net@freebsd.org Date: Sun, 9 May 1999 07:57:58 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1250 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, on a 3.1 system, i noticed the following: 1 if i do an "ifconfig de0 delete" (or whatever the interface is), the routes associated with that interface do not go away, even if the associated "Refs" field is 0. 2 if i do a "route -n flush", routes which are cloned from some of the flushed ones (eg. one that has RTF_CLONING/RTF_PRCLONING set) do not get flushed even if their refcount is 0. Is there an easy fix for that (especially #1, maybe #2 is difficult if cloned routes do not have a reference to their parent) ? The problem is not very common I agree, except when you have a multihomed machine and do testing with it by switching cables/interfaces, and nothing works until you manually hunt & delete all the old routes, or (glob!) reboot... cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 9 16:44: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from scotch.merit.edu (scotch.merit.edu [198.108.60.195]) by hub.freebsd.org (Postfix) with ESMTP id 90E2D15D07 for ; Sun, 9 May 1999 16:43:48 -0700 (PDT) (envelope-from chopps@scotch.merit.edu) Received: (from chopps@localhost) by scotch.merit.edu (8.8.8/8.8.8) id TAA00738; Sun, 9 May 1999 19:43:45 -0400 (EDT) To: freebsd-net@freebsd.org Subject: osi layer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: chopps@merit.edu (Christian E. Hopps) Date: 09 May 1999 19:43:44 -0400 Message-ID: Lines: 23 User-Agent: Gnus/5.07008 (Pterodactyl Gnus v0.80) Emacs/20.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It would appear that FreeBSD removed the OSI code at some point in the past. I'm working on IP in IS-IS in GateD. For this to function I must have access to the OSI stack. I have it working under BSDI and NetBSD, but for obvious reasons it won't run under FreeBSD. IS-IS only needs a portion of the networking layer present and nothing above that. I need to be able to send packets on the Raw like OSI sockets (AF_ISO, SOCK_DGRAM, ISOPROTO_ESIS and ISOPROTO_CLTP). I do not need OSI routing to work. I don't actually need ES-IS (which is in kernel in BSD4.4) but if its not there I need some way to join the OSI physical layer multicast addresses. IP in IS-IS is actually fairly popular, so the removal of the OSI code may be worth reconsidering. Regards, Chris. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 9 17:46:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 9B40B14CA4 for ; Sun, 9 May 1999 17:46:09 -0700 (PDT) (envelope-from louie@whizzo.transsys.com) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.9.3/8.9.1) with ESMTP id UAA66648; Sun, 9 May 1999 20:46:02 -0400 (EDT) (envelope-from louie@whizzo.transsys.com) Message-Id: <199905100046.UAA66648@whizzo.transsys.com> X-Mailer: exmh version 2.0.2 2/24/98 To: freebsd-net@FreeBSD.ORG Cc: chopps@merit.edu (Christian E. Hopps) From: "Louis A. Mamakos" Subject: Re: osi layer References: In-reply-to: Your message of "09 May 1999 19:43:44 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 09 May 1999 20:46:02 -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > It would appear that FreeBSD removed the OSI code at some point > in the past. > > I'm working on IP in IS-IS in GateD. For this to function I must > have access to the OSI stack. I have it working under BSDI and > NetBSD, but for obvious reasons it won't run under FreeBSD. > > IS-IS only needs a portion of the networking layer present > and nothing above that. I need to be able to send packets on the > Raw like OSI sockets (AF_ISO, SOCK_DGRAM, ISOPROTO_ESIS and > ISOPROTO_CLTP). I do not need OSI routing to work. I don't > actually need ES-IS (which is in kernel in BSD4.4) but if its not > there I need some way to join the OSI physical layer multicast > addresses. > > IP in IS-IS is actually fairly popular, so the removal of the OSI > code may be worth reconsidering. Actually, it's not so much IP in IS-IS, but being able to run the Integrated IS-IS interior routing protocol for the purposes of routing IP traffic. To be clear, there's nothing different happening with the encapsulation or carriage of any IP datagrams. For a variety of historic and interesting reasons, most major backbone tier-1 backbone networks on the Internet use the Integrated IS-IS routing protocol. When one IS-IS capable router exchanges routing protocol messages with it's neighbor, the PDU's (packets for us Internet folk) are not carried inside of IP, since they're not IP datagrams. Thus the interest in physical layer ISO encapsulation to carry this traffic. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 9 18:14:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from scotch.merit.edu (scotch.merit.edu [198.108.60.195]) by hub.freebsd.org (Postfix) with ESMTP id 2D622154E3 for ; Sun, 9 May 1999 18:14:13 -0700 (PDT) (envelope-from chopps@scotch.merit.edu) Received: (from chopps@localhost) by scotch.merit.edu (8.8.8/8.8.8) id VAA02322; Sun, 9 May 1999 21:14:10 -0400 (EDT) To: "Louis A. Mamakos" Cc: freebsd-net@FreeBSD.ORG Subject: Re: osi layer References: <199905100046.UAA66648@whizzo.transsys.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: chopps@merit.edu (Christian E. Hopps) Date: 09 May 1999 21:14:10 -0400 In-Reply-To: "Louis A. Mamakos"'s message of "Sun, 09 May 1999 20:46:02 -0400" Message-ID: Lines: 56 User-Agent: Gnus/5.07008 (Pterodactyl Gnus v0.80) Emacs/20.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Louis A. Mamakos" writes: > > > > It would appear that FreeBSD removed the OSI code at some point > > in the past. > > > > I'm working on IP in IS-IS in GateD. For this to function I must > > have access to the OSI stack. I have it working under BSDI and > > NetBSD, but for obvious reasons it won't run under FreeBSD. > > > > IS-IS only needs a portion of the networking layer present > > and nothing above that. I need to be able to send packets on the > > Raw like OSI sockets (AF_ISO, SOCK_DGRAM, ISOPROTO_ESIS and > > ISOPROTO_CLTP). I do not need OSI routing to work. I don't > > actually need ES-IS (which is in kernel in BSD4.4) but if its not > > there I need some way to join the OSI physical layer multicast > > addresses. > > > > IP in IS-IS is actually fairly popular, so the removal of the OSI > > code may be worth reconsidering. > > Actually, it's not so much IP in IS-IS, but being able to run the > Integrated IS-IS interior routing protocol for the purposes of routing > IP traffic. To be clear, there's nothing different happening with the > encapsulation or carriage of any IP datagrams. > > For a variety of historic and interesting reasons, most major backbone > tier-1 backbone networks on the Internet use the Integrated IS-IS routing > protocol. When one IS-IS capable router exchanges routing protocol > messages with it's neighbor, the PDU's (packets for us Internet folk) > are not carried inside of IP, since they're not IP datagrams. Thus > the interest in physical layer ISO encapsulation to carry this traffic. Thanks for the resummary. I guess ``IP in IS-IS'' wasn't exactly clear; although, the concept of forwarding IP datagrams in IS-IS packets seems fairly weird :). I've been calling it IP in IS-IS becuase its short. Indeed IS-IS is an OSI routing protocol using OSI PDUs the IP routing information is stored in optional TLVs (type-length-values) and used in the routers to build the appropriate routing table (forward information base in OSI talk :) The protocol is very similar to OSPF but simpler. It is capable of doing both OSI and IP; however, my implementation will only support IP routing. In any case I believe very little OSI support is actually needed. The main things I'm using are the ISOPROTO_ESIS socket handling (i.e., handling sockaddr_dl destination addresses and 802.3 frame encapsulation) and the physical mcast joining. I may have forgotten something else in the kernel-code path, but I don't believe so. I've only heard one primary reason for the teir-1 networks using IS-IS, and yes I thought it was interesting. :) Thanks, Chris. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 9 23:32:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 9491B155B9 for ; Sun, 9 May 1999 23:32:50 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id GAA12226; Mon, 10 May 1999 06:24:22 +0200 From: Luigi Rizzo Message-Id: <199905100424.GAA12226@labinfo.iet.unipi.it> Subject: ipfw misc... To: net@freebsd.org Date: Mon, 10 May 1999 06:24:22 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1384 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i have been implementing some additional rules for ipfw to match ethernet header fields. For my purposes, that would mainly be used to block non-ip-related traffic (ie IP and ARP), but it might have some uses for those trying to limit traffic basing on the MAC address, or whatever. Is there any interest for bringing that into the main source tree ? Syntax would be something like ipfw add ether from 12.34.56.78.90 to ... ipfw add ether from type 0x800 to ... etc. On passing, i don't totally like the ipfw approach of deleting the packet in case of a deny rule. For bridging at least, this means we need to make an additional copy just for ipfw purposes (bridged packets may have multiple destinations). If there are no objections, i will move the deletion of the packet outside the ipfw_chk function, so that modules using the code can reuse the packet if they need to. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 10 1: 6:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from lion.butya.kz (butya-gw.butya.kz [194.87.112.252]) by hub.freebsd.org (Postfix) with ESMTP id C6FD914C08 for ; Mon, 10 May 1999 01:06:48 -0700 (PDT) (envelope-from bp@butya.kz) Received: from bp (helo=localhost) by lion.butya.kz with local-esmtp (Exim 2.12 #1) id 10gl4t-000GJW-00; Mon, 10 May 1999 15:06:19 +0700 Date: Mon, 10 May 1999 15:06:19 +0700 (ALMST) From: Boris Popov To: Luigi Rizzo Cc: net@FreeBSD.ORG Subject: Re: ipfw misc... In-Reply-To: <199905100424.GAA12226@labinfo.iet.unipi.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 10 May 1999, Luigi Rizzo wrote: > i have been implementing some additional rules for ipfw to match > ethernet header fields. For my purposes, that would mainly be used to > block non-ip-related traffic (ie IP and ARP), but it might have some uses > for those trying to limit traffic basing on the MAC address, or > whatever. Very nice. Also syntax 'ether type xxx' are very useful. The only question - how 802.3 frame can be filtered (it doesn't have 'type' field)? -- Boris Popov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 10 1:28:52 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 864291581E for ; Mon, 10 May 1999 01:28:38 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id IAA12419; Mon, 10 May 1999 08:19:51 +0200 From: Luigi Rizzo Message-Id: <199905100619.IAA12419@labinfo.iet.unipi.it> Subject: Re: ipfw misc... To: bp@butya.kz (Boris Popov) Date: Mon, 10 May 1999 08:19:51 +0200 (MET DST) Cc: net@FreeBSD.ORG In-Reply-To: from "Boris Popov" at May 10, 99 03:06:00 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 745 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, 10 May 1999, Luigi Rizzo wrote: > > > i have been implementing some additional rules for ipfw to match > > ethernet header fields. For my purposes, that would mainly be used to > > block non-ip-related traffic (ie IP and ARP), but it might have some uses > > for those trying to limit traffic basing on the MAC address, or > > whatever. > > Very nice. Also syntax 'ether type xxx' are very useful. The only sorry, yes, this was what i meant with ipfw add ether from type xxx ... since clearly there is only one ether type in the header... > question - how 802.3 frame can be filtered (it doesn't have 'type' field)? it must be somewhere.. i wonder actually if FreeBSD does handle IP packets in 802.3! cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 10 2:58:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from lion.butya.kz (butya-gw.butya.kz [194.87.112.252]) by hub.freebsd.org (Postfix) with ESMTP id 88CDB14DEA for ; Mon, 10 May 1999 02:58:49 -0700 (PDT) (envelope-from bp@butya.kz) Received: from bp (helo=localhost) by lion.butya.kz with local-esmtp (Exim 2.12 #1) id 10gmpE-000GRD-00; Mon, 10 May 1999 16:58:16 +0700 Date: Mon, 10 May 1999 16:58:16 +0700 (ALMST) From: Boris Popov To: Luigi Rizzo Cc: net@FreeBSD.ORG Subject: Re: ipfw misc... In-Reply-To: <199905100619.IAA12419@labinfo.iet.unipi.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 10 May 1999, Luigi Rizzo wrote: > > Very nice. Also syntax 'ether type xxx' are very useful. The only > > sorry, yes, this was what i meant with > > ipfw add ether from type xxx ... > > since clearly there is only one ether type in the header... > > > question - how 802.3 frame can be filtered (it doesn't have 'type' field)? > > it must be somewhere.. i wonder actually if FreeBSD does handle IP > packets in 802.3! Definetly, not IP but IPX or XNS :). Look at the code in ether_input() that process XNS family (same things used for IPX). As I understand by specifying 'ether' keyword we should get rid of higher level protocols and use only ethernet header for filtering. -- Boris Popov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 10 9:25:32 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by hub.freebsd.org (Postfix) with ESMTP id E9ABD14F5F for ; Mon, 10 May 1999 09:25:19 -0700 (PDT) (envelope-from justin@rhapture.apple.com) Received: from mailgate2.apple.com ([17.129.100.225]) by mail-out2.apple.com (8.8.5/8.8.5) with ESMTP id JAA33280 for ; Mon, 10 May 1999 09:25:19 -0700 Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com (mailgate2.apple.com- SMTPRS 2.0.15) with ESMTP id ; Mon, 10 May 1999 09:25:10 -0700 Received: from rhapture.apple.com (rhapture.apple.com [17.202.40.59]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id JAA30420; Mon, 10 May 1999 09:25:09 -0700 Received: by rhapture.apple.com (8.9.1/8.9.1) id JAA00648; Mon, 10 May 1999 09:25:06 -0700 (PDT) Message-Id: <199905101625.JAA00648@rhapture.apple.com> To: net@freebsd.org Subject: Re: ipfw misc... Cc: bp@butya.kz (Boris Popov), Luigi Rizzo In-Reply-To: Date: Mon, 10 May 1999 09:25:01 -0700 From: "Justin C. Walker" Reply-To: justin@apple.com X-Mailer: by Apple MailViewer (2.105.dev) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: Luigi Rizzo > Date: 1999-05-10 01:28:54 -0700 > To: bp@butya.kz (Boris Popov) > Subject: Re: ipfw misc... > Cc: net@FreeBSD.ORG > In-reply-to: > X-Mailer: ELM [version 2.4 PL23] > Delivered-to: freebsd-net@freebsd.org > X-Loop: FreeBSD.org > > > On Mon, 10 May 1999, Luigi Rizzo wrote: > > > > > i have been implementing some additional rules for ipfw to match > > > ethernet header fields. For my purposes, that would mainly be used to > > > block non-ip-related traffic (ie IP and ARP), but it might have some uses > > > for those trying to limit traffic basing on the MAC address, or > > > whatever. > > > > Very nice. Also syntax 'ether type xxx' are very useful. The only > > sorry, yes, this was what i meant with > > ipfw add ether from type xxx ... > > since clearly there is only one ether type in the header... > > > question - how 802.3 frame can be filtered (it doesn't have 'type' field)? > > it must be somewhere.. i wonder actually if FreeBSD does handle IP > packets in 802.3! IP on ethernet is not typically carried in 802.2 packets, although for legacy reasons (old HP equipment), other systems do support this (802.3 doesn't actually prescribe the headers; that's in 802.2, if memory serves). Note that Token Ring, for example, will require IP-in-802.2, though, so i f the ipfw scheme wants to work with other than ethernet, it should deal with 802.2. On ethernet, 802.2 packets are distinguished from ethernet-2 packets by the value in the "ethertype" field. If the value is larger than the MTU (1500 bytes), it's an ethernet-2 packet, and the value is an ethertype. If the value is less than or equal the MTU, it's an 802.2 packet, and the software needs to look inside the frame data to find what's called a SNAP header, which gives 5 bytes of "type" info. For AppleTalk, for example, the type header is 0x080009809b; for AARP, it's 0x00000080f3. The SNAP header, with this info, is 8 bytes. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | When crypto is outlawed, Apple Computer, Inc. | Only outlaws will have crypto. 2 Infinite Loop | Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 10 13:54:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.worldstream.com (unknown [209.67.109.18]) by hub.freebsd.org (Postfix) with ESMTP id CE5E514C1A for ; Mon, 10 May 1999 13:54:19 -0700 (PDT) (envelope-from shannond@worldstream.com) Received: by MAIL with Internet Mail Service (5.5.2448.0) id ; Mon, 10 May 1999 13:52:51 -0700 Message-ID: <433B85999388D2118B2C00104B66E4354B71D0@MAIL> From: shannond@worldstream.com To: freebsd-net@freebsd.org Subject: IP Tuning Date: Mon, 10 May 1999 13:52:51 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How can I go about tuning the IP stack in FreeBSD? In particular I need to adjust size to maximize performance in handling of very small packets. Thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 11 3: 8:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from patriot.wipinfo.soft.net (patriot.wipinfo.soft.net [164.164.6.21]) by hub.freebsd.org (Postfix) with ESMTP id E996D15973 for ; Tue, 11 May 1999 03:08:45 -0700 (PDT) (envelope-from ajit@wipinfo.soft.net) Received: from voyager.wipinfo.soft.net (ajit@voyager [192.168.151.87]) by patriot.wipinfo.soft.net (8.9.2/8.9.2) with ESMTP id PAA27897 for ; Tue, 11 May 1999 15:41:01 -0500 (GMT) Received: from localhost (ajit@localhost) by voyager.wipinfo.soft.net (8.9.1/8.8.5) with ESMTP id PAA22267 for ; Tue, 11 May 1999 15:42:50 +0530 X-Authentication-Warning: voyager.wipinfo.soft.net: ajit owned process doing -bs Date: Tue, 11 May 1999 15:42:50 +0530 (IST) From: Ajit Shimpi To: freebsd-net@FreeBSD.ORG Subject: socket close() Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I am going through socket layer implementation of close() system call (4.4BSD Lite-2 sources). In the function soclose() (file : kern/uipc_socket.c), sofree() is called. In sofree(), one of the first checks made is whether so->so_pcb field of socket structure (so) is NULL. This, I feel, is non-null, since soclose() calls PRU_DISCONNECT and then PRU_DETACH user requests. The tcp_usrreq() function handles these requests by calling tcp_disconnect() for connection in ESTABLISHED state. If the "so_pcb" field is non-null, sofree() returns without freeing socket structure (so). Can anyone explain if the PCB associated with the socket is freed for ESABLISHED connections? Or is it a defect? [ Btw, tcp_close() does all the freeing job; but is never called for TCP connections in ESTABLISHED state.] Thanks in advance, Ajit. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 11 4:32:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from dwarpal.wipsys.soft.net (dwarpal.wipsys.soft.net [164.164.127.8]) by hub.freebsd.org (Postfix) with SMTP id 18A2C14D85 for ; Tue, 11 May 1999 04:32:39 -0700 (PDT) (envelope-from abhire@wipro.wipsys.soft.net) Received: by dwarpal.wipsys.soft.net (SMI-8.6/SMI-SVR4) id RAA00451; Tue, 11 May 1999 17:00:28 +0530 Received: from benz.wipsys.soft.net(164.164.27.140) by dwarpal via smap (V2.0) id xma000421; Tue, 11 May 99 17:00:14 +0530 Received: from sidcgw.wipsys.soft.net (localhost [127.0.0.1]) by benz.wipsys.soft.net (8.9.1/8.9.1) with ESMTP id QAA09982; Tue, 11 May 1999 16:47:00 -0500 (GMT) Received: from wipro.wipsys.sequent.com (wipro.wipsys.sequent.com [192.84.36.6]) by sidcgw.wipsys.soft.net (8.8.5/8.8.5) with ESMTP id QAA09324; Tue, 11 May 1999 16:57:53 +0530 Received: (from abhire@localhost) by wipro.wipsys.sequent.com (8.8.5/8.8.5) id RAA04307; Tue, 11 May 1999 17:10:37 +0530 (IST) From: Abhinandan R Ekande Message-Id: <199905111140.RAA04307@wipro.wipsys.sequent.com> Subject: Re: socket close() To: ajit@wipinfo.soft.net (Ajit Shimpi) Date: Tue, 11 May 1999 17:10:37 +0530 (IST) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: from "Ajit Shimpi" at May 11, 1999 03:42:50 PM X-Mailer: ELM [version 2.5 PL0b1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, When we do a close on socket in established state, we enter TCPS_FIN_WAIT_1 state. From there we have to reach TCPS_TIME_WAIT state either directly or after TCPS_FIN_WAIT_2. Please refer TCP state diagram TCP/IP Illustrated Vol. 2. Connection remains in TIME_WAIT state for 2 * MSL time. When this timer fires, we enter the following code fragment : File : netinet/tcp_timer.c case TCPT_2MSL: if (tp->t_state != TCPS_TIME_WAIT && tp->t_idle <= tcp_maxidle) tp->t_timer[TCPT_2MSL] = tcp_keepintvl; else tp = tcp_close(tp); break; Here tcp_close() is called and it does all the freeing stuff. Thanks, - Abhi. . Hi, . . I am going through socket layer implementation of close() system call . (4.4BSD Lite-2 sources). In the function soclose() . (file : kern/uipc_socket.c), sofree() is called. In sofree(), one . of the first checks made is whether so->so_pcb field of socket structure . (so) is NULL. This, I feel, is non-null, since soclose() calls . PRU_DISCONNECT and then PRU_DETACH user requests. The tcp_usrreq() . function handles these requests by calling tcp_disconnect() for . connection in ESTABLISHED state. . . If the "so_pcb" field is non-null, sofree() returns without freeing . socket structure (so). . . Can anyone explain if the PCB associated with the socket is freed for . ESABLISHED connections? Or is it a defect? . . [ Btw, tcp_close() does all the freeing job; but is never called for TCP . connections in ESTABLISHED state.] . . Thanks in advance, . . Ajit. . . . . To Unsubscribe: send mail to majordomo@FreeBSD.org . with "unsubscribe freebsd-net" in the body of the message . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 11 19:49:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from web706.mail.yahoo.com (web706.mail.yahoo.com [128.11.23.26]) by hub.freebsd.org (Postfix) with SMTP id 8B2E014E80 for ; Tue, 11 May 1999 19:49:49 -0700 (PDT) (envelope-from boardyan@yahoo.com) Message-ID: <19990512025000.29712.rocketmail@web706.mail.yahoo.com> Received: from [131.228.20.20] by web706.mail.yahoo.com; Tue, 11 May 1999 19:50:00 PDT Date: Tue, 11 May 1999 19:50:00 -0700 (PDT) From: boards yan Subject: Why not response? To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, In a program, I have to implement a function. That is, (not a hacker's idea) A--------------R----------------B 1,A tries to make a tcp connection to B. 2,R is A's default router. 3,When R receive A's ip packet, it just changes the ip source address by the address of itself. Then R sends the packets. R pretends that it is him that wants to establish a tcp connection with B. 4,B receives the packets, and responds to R... The issue is B does response icmp packets(ping), but does not response tcp packets as if it regards them illegal packets and therefore discards them. Did I miss something? Any explanation is helpful. Thanks in advance. Board _________________________________________________________ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 12 6: 4:39 1999 Delivered-To: freebsd-net@freebsd.org Received: from mailhub.scl.ameslab.gov (mailhub.scl.ameslab.gov [147.155.137.127]) by hub.freebsd.org (Postfix) with ESMTP id 461D714BFE for ; Wed, 12 May 1999 06:04:37 -0700 (PDT) (envelope-from ghelmer@scl.ameslab.gov) Received: from demios.ether.scl.ameslab.gov ([147.155.137.54]) by mailhub.scl.ameslab.gov with esmtp (Exim 1.90 #1) id 10hYhP-0007QH-00; Wed, 12 May 1999 08:05:23 -0500 Date: Wed, 12 May 1999 08:04:34 -0500 From: Guy Helmer To: boards yan Cc: freebsd-net@FreeBSD.ORG Subject: Re: Why not response? In-Reply-To: <19990512025000.29712.rocketmail@web706.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 11 May 1999, boards yan wrote: > hi, > In a program, I have to implement a function. > That is, (not a hacker's idea) > > A--------------R----------------B > 1,A tries to make a tcp connection to B. > 2,R is A's default router. > 3,When R receive A's ip packet, it just changes the ip source address > by the address of itself. > Then R sends the packets. > R pretends that it is him that wants to establish a tcp connection > with B. > 4,B receives the packets, and responds to R... > > The issue is B does response icmp packets(ping), > but does not response tcp packets > as if it regards them illegal packets and therefore discards them. This sounds a lot like what the FreeBSD natd (network address translation daemon) can do... I think we could use the output from tcpdump running on B to help you diagnose this problem. Guy Guy Helmer, Ph.D. Candidate, Iowa State University Dept. of Computer Science Research Assistant, Ames Laboratory --- ghelmer@scl.ameslab.gov Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 12 7:39:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from databus.databus.com (databus.databus.com [198.186.154.34]) by hub.freebsd.org (Postfix) with SMTP id 9939515D06 for ; Wed, 12 May 1999 07:39:37 -0700 (PDT) (envelope-from barney@databus.databus.com) From: Barney Wolff To: freebsd-net@FreeBSD.ORG, boards yan Date: Wed, 12 May 1999 10:38 EDT Subject: Re: Why not response? Content-Length: 108 Content-Type: text/plain Message-ID: <373992a60.6769@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did you recompute the tcp checksum when you changed the source address? Barney Wolff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 14 5:32:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from ns1.tu-graz.ac.at (ns1.tu-graz.ac.at [129.27.2.3]) by hub.freebsd.org (Postfix) with ESMTP id 9C111154B6 for ; Fri, 14 May 1999 05:31:55 -0700 (PDT) (envelope-from mkamm@fcggsg06.icg.tu-graz.ac.at) Received: from fcggsg06.icg.tu-graz.ac.at (fcggsg06.icg.tu-graz.ac.at [129.27.201.15]) by ns1.tu-graz.ac.at (8.8.6/8.8.6) with ESMTP id TAA12049; Fri, 9 Apr 1999 19:20:38 +0200 (MET DST) Received: (from mkamm@localhost) by fcggsg06.icg.tu-graz.ac.at (8.9.2/8.9.2) id TAA29204; Fri, 9 Apr 1999 19:20:27 +0200 (MDT) Date: Fri, 9 Apr 1999 19:20:27 +0200 (MDT) From: Martin Kammerhofer To: Julian Elischer Cc: Martin Kammerhofer , freebsd-net@FreeBSD.ORG Subject: Re: Coping with 1000s of W95 clients. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 8 Apr 1999, Julian Elischer wrote: > > Now when the server closes the > > connection after no further request came in for 15sec a FIN will be sent > > and acknowledged from the browser's OS. After that the server's TCP is in > > FIN_WAIT_2 state and the browser's in CLOSE_WAIT. > > This is unfortunatly ok, and indistinguishable from the case where > rsh (for example) has closed the input to a remote 'sort' (to allow it to Not quite. Rsh does only a shutdown(how=1) to signal EOF but continues reading. Apache eventually does a full close (after a short delay). While TCP states are the same in both cases rsh would still have the socket open and therefore the FDREF flag set on the socket. After a full close there is no descriptor to the socket left and CANT*MORE flags are both set. This does make a difference when input (other than a FIN only) arrives. Without FDREF (after full close) the connection will we RST by tcp_input(), otherwise input will be acknowledged and queued or discarded. (Input is discarded if SOCANTRCVMORE is set, but it's still acknowledged.) > > The problem is well known, those having installed apache from the FreeBSD > > ports collection can read about it in > > file:/usr/local/share/doc/apache/manual/misc/fin_wait_2.html . > > I don't have this unfortunatly.. > It's also available online on http://www.apache.org/docs/misc/fin_wait_2.html > > The easy solution to shorten FIN_WAIT_2 is simple: > > > > sysctl -w net.inet.tcp.keepintvl=27 > Making it even shorter should cause no problems. The 2MSL is set in finwait2 state only after a full close. In finwait2 our FIN is already acknowledged so the peer knows we are done with our output. If the FIN we are waiting for should arrive there's nobody (no process) who takes note of it. Only the socket is going to TIME_WAIT and times out to CLOSED after 2 MSL. Should there really more than a FIN arrive the connection will be RST anyway. Right know I don't see any problems setting finwait2idle to e.g. 10 sec. The only difference I see is, that those idling clients get RST instead of a last ack when they eventually close their socket. Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 17 14:10:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.go2france.com (go2france.com [209.51.193.70]) by hub.freebsd.org (Postfix) with SMTP id BCB2415381 for ; Mon, 17 May 1999 14:10:40 -0700 (PDT) (envelope-from lconrad@Go2France.com) Received: from dell01 [195.68.3.43] by mail.go2france.com (SMTPD32-4.03) id A1F75A100F2; Mon, 17 May 1999 15:45:59 EST5EDT Message-Id: <4.1.19990517230711.025dee70@mail.go2france.com> X-Sender: lconrad@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 17 May 1999 23:07:44 +0200 To: freebsd-net@FreeBSD.ORG From: Len Conrad Subject: subscribe freebsd-net Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 0:22:52 1999 Delivered-To: freebsd-net@freebsd.org Received: from mgo.iij.ad.jp (mgo.iij.ad.jp [202.232.15.6]) by hub.freebsd.org (Postfix) with ESMTP id 42A9414D9C for ; Tue, 18 May 1999 00:22:50 -0700 (PDT) (envelope-from kazu@iijlab.net) Received: from ns.iij.ad.jp (root@ns.iij.ad.jp [192.168.2.8]) by mgo.iij.ad.jp (8.8.8/MGO1.0) with ESMTP id QAA07491 for ; Tue, 18 May 1999 16:22:49 +0900 (JST) Received: from fs.iij.ad.jp (root@fs.iij.ad.jp [192.168.2.9]) by ns.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA23236 for ; Tue, 18 May 1999 16:22:49 +0900 (JST) Received: from localhost (mine.iij.ad.jp [192.168.4.209]) by fs.iij.ad.jp (8.8.5/3.5Wpl7) with ESMTP id QAA20455 for ; Tue, 18 May 1999 16:22:49 +0900 (JST) Subject: An official release of KAME IPv6/IPsec software From: core@kame.net To: net@FreeBSD.ORG X-Mailer: Mew version 1.94b26 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19990518162244O.kazu@iijlab.net> Date: Tue, 18 May 1999 16:22:44 +0900 X-Dispatcher: imput version 990425(IM115) Lines: 14 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The KAME Project is happy to inform you that the first offical release of KAME's IPv6/IPsec network code has been available for FreeBSD 2.2.8/3.1, NetBSD 1.3.3, and BSD/OS 3.1. Thanks to the TAHI Project(http://www.tahi.org), our products have been well-tested. These packages are free of charge but absolutely no warranty. They are avaiable from the following web site: http://www.kame.net/ NOTE: IF YOU GAIN ACCESS TO THIS WEB PAGE OVER IPv6, THE TURTLE WILL DANCE. // The core team, KAME Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 0:29:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 14A1414D9C for ; Tue, 18 May 1999 00:29:45 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id QAA01347; Tue, 18 May 1999 16:59:44 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA07606; Tue, 18 May 1999 17:00:34 +0930 Date: Tue, 18 May 1999 17:00:34 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: core@kame.net Cc: net@freebsd.org Subject: Re: An official release of KAME IPv6/IPsec software In-Reply-To: <19990518162244O.kazu@iijlab.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 18 May 1999 core@kame.net wrote: > The KAME Project is happy to inform you that the first offical release > of KAME's IPv6/IPsec network code has been available for FreeBSD > 2.2.8/3.1, NetBSD 1.3.3, and BSD/OS 3.1. Thanks to the TAHI > Project(http://www.tahi.org), our products have been well-tested. > > These packages are free of charge but absolutely no warranty. They are > avaiable from the following web site: > > http://www.kame.net/ Congratulations! Whoo! > NOTE: IF YOU GAIN ACCESS TO THIS WEB PAGE OVER IPv6, THE TURTLE WILL > DANCE. :-) Kris > > // The core team, KAME Project > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ----- "That suit's sharper than a page of Oscar Wilde witticisms that's been rolled up into a point, sprinkled with lemon juice and jabbed into someone's eye" "Wow, that's sharp!" - Ace Rimmer and the Cat, _Red Dwarf_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 1:45:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from jisong.cc.gatech.edu (acmex.gatech.edu [130.207.165.22]) by hub.freebsd.org (Postfix) with ESMTP id 17BEA1550C for ; Tue, 18 May 1999 01:45:44 -0700 (PDT) (envelope-from yschae@cc.gatech.edu) Received: from cc.gatech.edu (localhost [127.0.0.1]) by jisong.cc.gatech.edu (8.9.1/8.9.1) with ESMTP id EAA01512; Tue, 18 May 1999 04:44:05 -0400 (EDT) (envelope-from yschae@cc.gatech.edu) Message-ID: <37412853.439D35A5@cc.gatech.edu> Date: Tue, 18 May 1999 04:44:04 -0400 From: Youngsu Chae Organization: College of Computing, Georgia Tech X-Mailer: Mozilla 4.51 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: ko, en MIME-Version: 1.0 To: net@freebsd.org Subject: RAW IP socket for IGMP packet.. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I've been struggling with raw ip socket to pick up IP/IGMP packet. As I understand from the 'raw_ip.c' source code, if the following three conditions are satisfied 1) open a raw ip socket with protocol value as IPPROTO_IGMP, 2) do not bind local address, 3) do not specify foreign address, then, the socket should get all the IP/IGMP packets with whatever destination group addresses. But, I couldn't get any IGMP packets.. The only way I can get the IP/IGMP packet is to subscribe to a specific group. That gives me only the IGMP packets destined to the group. How can I get all IGMP packets with raw ip socket? I've also tested with protocol value IPPROTO_IP(0). In this case it should pick up all IP packets except TCP/UDP (those packets are handled only in kernel). It picks up ICMP packets but not IGMPs. The following is the code for opening raw IP socket for IGMP.. /* get an IGMP socket */ if ((igmp_socket = socket(AF_INET,SOCK_RAW,IPPROTO_IGMP)) < 0){ panic ("socket() failed!"); } k_hdr_include(TRUE); /* turn on header include option */ k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering */ k_set_ttl(1); /* restrict multicasts to one hop */ k_set_loop(FALSE); /* disable multicast loopback */ Thanks, Y.Chae To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 1:49:35 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 5523D1550C for ; Tue, 18 May 1999 01:49:27 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id IAA01058; Tue, 18 May 1999 08:43:28 +0200 From: Luigi Rizzo Message-Id: <199905180643.IAA01058@labinfo.iet.unipi.it> Subject: dummynet-type thing for linux... To: net@freebsd.org Date: Tue, 18 May 1999 08:43:28 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 773 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, browsing around i found the following emulator which has some of the features of dummynet, and possibly some more... http://www.antd.nist.gov/itg/nistnet/ i wasn't aware of NISTNET, apparently they weren't aware of dummynet, evidently we both need to learn how to advertise things! cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 4:21:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id C17B815581 for ; Tue, 18 May 1999 04:21:23 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id LAA01270; Tue, 18 May 1999 11:15:17 +0200 From: Luigi Rizzo Message-Id: <199905180915.LAA01270@labinfo.iet.unipi.it> Subject: Re: RAW IP socket for IGMP packet.. To: yschae@cc.gatech.edu (Youngsu Chae) Date: Tue, 18 May 1999 11:15:16 +0200 (MET DST) Cc: net@FreeBSD.ORG In-Reply-To: <37412853.439D35A5@cc.gatech.edu> from "Youngsu Chae" at May 18, 99 04:43:45 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1706 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi all, > > I've been struggling with raw ip socket to pick up IP/IGMP packet. > As I understand from the 'raw_ip.c' source code, if the following three > conditions are satisfied > > 1) open a raw ip socket with protocol value as IPPROTO_IGMP, > 2) do not bind local address, > 3) do not specify foreign address, > > then, the socket should get all the IP/IGMP packets with whatever > destination group addresses. > But, I couldn't get any IGMP packets.. > The only way I can get the IP/IGMP packet is to subscribe to a specific > group. this is because the interface will only receive multicast pkts for the groups that you have done a JOIN for. if you don't join (or you are only a sender, you don't need IGMP!) > How can I get all IGMP packets with raw ip socket? one option could be to put the interface in ALLMULTI or PROMISC mode. > I've also tested with protocol value IPPROTO_IP(0). > In this case it should pick up all IP packets except TCP/UDP (those > packets are handled only in kernel). > It picks up ICMP packets but not IGMPs. the reason you cannot intercept TCP&UDP is that the IPPROTO_RAW entry in in_proto.c is after those for udp and tcp. Move it before and you can override tcp & udp as well. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 4:41:16 1999 Delivered-To: freebsd-net@freebsd.org Received: from smtprtp (smtprtp.NortelNetworks.com [192.122.117.66]) by hub.freebsd.org (Postfix) with ESMTP id 57B7D1580B for ; Tue, 18 May 1999 04:40:16 -0700 (PDT) (envelope-from andcha@nortelnetworks.com) Received: from smtprich (actually zrchs148) by smtprtp; Tue, 18 May 1999 07:39:45 -0400 Received: from zrtpd004.us.nortel.com (actually nrtpd004) by smtprich; Tue, 18 May 1999 06:39:21 -0500 Received: by zrtpd004.us.nortel.com with Internet Mail Service (5.5.2448.0) id ; Tue, 18 May 1999 07:39:21 -0400 Message-ID: From: "Andrew Chalupka" To: net@freebsd.org Subject: RE: RAW IP socket for IGMP packet.. Date: Tue, 18 May 1999 07:39:17 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The problem here is that IGMP packets (and any other IP packets addressed to a multicast group), are also addressed to a group address *at the data link layer*. Normally, the kernel takes care of telling the data link layer to accept group-addressed frames when you join a mcast group. However, simply creating a raw socket with IPPROTO_IGMP is probably not sufficient to do that. Your best bet is to use libpcap to grab the IGMP packets. Andrew > -----Original Message----- > From: Youngsu Chae [SMTP:yschae@cc.gatech.edu] > Sent: Tuesday, May 18, 1999 4:44 AM > To: net@freebsd.org > Subject: RAW IP socket for IGMP packet.. > > Hi all, > > I've been struggling with raw ip socket to pick up IP/IGMP packet. > As I understand from the 'raw_ip.c' source code, if the following three > conditions are satisfied > > 1) open a raw ip socket with protocol value as IPPROTO_IGMP, > 2) do not bind local address, > 3) do not specify foreign address, > > then, the socket should get all the IP/IGMP packets with whatever > destination group addresses. > But, I couldn't get any IGMP packets.. > The only way I can get the IP/IGMP packet is to subscribe to a specific > group. > That gives me only the IGMP packets destined to the group. > How can I get all IGMP packets with raw ip socket? > I've also tested with protocol value IPPROTO_IP(0). > In this case it should pick up all IP packets except TCP/UDP (those > packets are handled only in kernel). > It picks up ICMP packets but not IGMPs. > > > The following is the code for opening raw IP socket for IGMP.. > /* get an IGMP socket */ > if ((igmp_socket = socket(AF_INET,SOCK_RAW,IPPROTO_IGMP)) < 0){ > panic ("socket() failed!"); > } > > k_hdr_include(TRUE); /* turn on header include option */ > k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering */ > k_set_ttl(1); /* restrict multicasts to one hop */ > k_set_loop(FALSE); /* disable multicast loopback */ > > > Thanks, > > Y.Chae > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 7: 2: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id AE5A614DA2 for ; Tue, 18 May 1999 07:00:58 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Tue, 18 May 1999 14:56:49 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.8.8/8.8.8) with SMTP id OAA13872 for ; Tue, 18 May 1999 14:58:31 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Tue, 18 May 1999 14:58:31 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: netbooting a freebsd kernel with 3c905B Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm currently doing a FreeBSD installation from network, a bit like jumpstart. So,I need to find a freeware to netboot a freebsd kernel with 3c905B Ken Yap from the etherboot site, told me about a special etherboot that freebsd people had done to make etherboot boot freebsd kernel. A complete RFC 1048 support would be great, because it could allow me to secure the installation by mfs mounting the R/W partitions and NFS export the Read only ones. Every piece of information interest me can someone help me?? Thanks a lot Bye To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 11:21:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from valis.worldgate.com (valis.worldgate.com [198.161.84.2]) by hub.freebsd.org (Postfix) with ESMTP id 73BC014EF8 for ; Tue, 18 May 1999 11:21:53 -0700 (PDT) (envelope-from skafte@gras-varg.worldgate.com) Received: from gras-varg.worldgate.com (skafte@gras-varg.worldgate.com [198.161.84.12]) by valis.worldgate.com (8.9.1a/8.9.1) with ESMTP id MAA28885; Tue, 18 May 1999 12:21:52 -0600 (MDT) Received: (from skafte@localhost) by gras-varg.worldgate.com (8.9.1a/8.9.1) id MAA26567; Tue, 18 May 1999 12:21:51 -0600 (MDT) Date: Tue, 18 May 1999 12:21:51 -0600 From: Greg Skafte To: Sebastien Maraux Cc: freebsd-net@FreeBSD.ORG Subject: Re: netbooting a freebsd kernel with 3c905B Message-ID: <19990518122150.B26166@gras-varg.worldgate.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from Sebastien Maraux on Tue, May 18, 1999 at 02:58:31PM +0100 Organization: WorldGate Inc. X-PGP-Fingerprint: 42 9C 2C A8 4D 2B C9 C4 7D B6 00 B0 50 47 20 97 X-URL: http://gras-varg.worldgate.com/~skafte Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org checkout /usr/ports/net/etherboot I'm using it right now with the intel cards.... Quoting Sebastien Maraux (smaraux@cpc.westminster.ac.uk) On Subject: netbooting a freebsd kernel with 3c905B Date: Tue, May 18, 1999 at 02:58:31PM +0100 > I'm currently doing a FreeBSD installation from network, a bit like > jumpstart. > So,I need to find a freeware to netboot a freebsd kernel with 3c905B > Ken Yap from the etherboot site, told me about a special etherboot that > freebsd people had done to make etherboot boot freebsd kernel. > A complete RFC 1048 support would be great, because it could allow me to > secure the installation by mfs mounting the R/W partitions and NFS export > the Read only ones. > Every piece of information interest me > can someone help me?? > Thanks a lot > Bye > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- Email: skafte@worldgate.com Voice: +780 413 1910 Fax: +780 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 15:18:31 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rdc1.bc.home.com (ha1.rdc1.bc.wave.home.com [24.2.10.66]) by hub.freebsd.org (Postfix) with ESMTP id 1E7BF14D72 for ; Tue, 18 May 1999 15:18:29 -0700 (PDT) (envelope-from pangolin@home.com) Received: from cr1003333-a.crdva1.bc.wave.home.com ([24.113.51.240]) by mail.rdc1.bc.home.com (InterMail v4.00.03 201-229-104) with ESMTP id <19990518221829.CSIZ24551.mail.rdc1.bc.home.com@cr1003333-a.crdva1.bc.wave.home.com> for ; Tue, 18 May 1999 15:18:29 -0700 Content-Length: 723 X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Tue, 18 May 1999 15:18:29 -0700 (PDT) Reply-To: Jonathan Hanna Organization: Pangolin Systems From: Jonathan Hanna To: freebsd-net@freebsd.org Subject: Redirects and expire times Message-Id: <19990518221829.CSIZ24551.mail.rdc1.bc.home.com@cr1003333-a.crdva1.bc.wave.home.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What is the proper way of handling ICMP redirects? I expected host routes to be added with an expire time, but apparently they are permanent. I found one old reference to this, but no reply. > Date: Mon, 11 Mar 1996 15:09:15 -0600 (CST) > From: Scott Mace > To: hackers@freebsd.org > Subject: Redirects and expire times... > Message-ID: <199603112109.PAA15480@metal.ops.neosoft.com> > > I think it is a bug to add a host route after receiving a ICMP redirect > and NOT having any expire set on the route. If you have a default routed > host in a complex topology you can get into trouble when the topology changes. > > Scott Jonathan Hanna To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 21: 3:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 7135314C0B for ; Tue, 18 May 1999 21:03:08 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id WAA13602; Tue, 18 May 1999 22:00:50 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <37423772.2B5BEF98@softweyr.com> Date: Tue, 18 May 1999 22:00:50 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Jonathan Hanna Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redirects and expire times References: <19990518221829.CSIZ24551.mail.rdc1.bc.home.com@cr1003333-a.crdva1.bc.wave.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jonathan Hanna wrote: > > What is the proper way of handling ICMP redirects? I expected > host routes to be added with an expire time, but apparently > they are permanent. > > I found one old reference to this, but no reply. > > > Date: Mon, 11 Mar 1996 15:09:15 -0600 (CST) > > From: Scott Mace > > To: hackers@freebsd.org > > Subject: Redirects and expire times... > > Message-ID: <199603112109.PAA15480@metal.ops.neosoft.com> > > > > I think it is a bug to add a host route after receiving a ICMP redirect > > and NOT having any expire set on the route. If you have a default routed > > host in a complex topology you can get into trouble when the topology changes. I agree. At Xylan, we had numerous customer complaints about redirects filling the routing table and the only way to clear them (4.2 BSD based stack) was to reboot the switch. We added a 10-minute timeout on all redirect routes, figuring that redirects SHOULD be the exception rather than the rule. YMMV. We've had no customer complaints since then. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 21:12: 3 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by hub.freebsd.org (Postfix) with ESMTP id 3757814E07 for ; Tue, 18 May 1999 21:12:01 -0700 (PDT) (envelope-from justin@walker3.apple.com) Received: from mailgate2.apple.com ([17.129.100.225]) by mail-out1.apple.com (8.8.5/8.8.5) with ESMTP id VAA54104 for ; Tue, 18 May 1999 21:12:01 -0700 Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com (mailgate2.apple.com- SMTPRS 2.0.15) with ESMTP id for ; Tue, 18 May 1999 21:11:51 -0700 Received: from walker3.apple.com (walker3.apple.com [17.219.24.201]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id VAA12514 for ; Tue, 18 May 1999 21:11:50 -0700 Received: by walker3.apple.com (8.9.1/8.9.1) id VAA00649 for freebsd-net@FreeBSD.ORG; Tue, 18 May 1999 21:11:49 -0700 (PDT) Message-Id: <199905190411.VAA00649@walker3.apple.com> To: freebsd-net@freebsd.org Subject: Re: Redirects and expire times Date: Tue, 18 May 1999 21:11:47 -0700 From: "Justin C. Walker" Reply-To: justin@apple.com X-Mailer: by Apple MailViewer (2.105.dev) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I don't have a lot of detailed experience with redirects, so I'm kind of flying without a net (so to speak :-}): > From: Wes Peters > Date: 1999-05-18 21:03:23 -0700 > To: Jonathan Hanna > Subject: Re: Redirects and expire times > Jonathan Hanna wrote: > > > > What is the proper way of handling ICMP redirects? I expected > > host routes to be added with an expire time, but apparently > > they are permanent. > > > > I found one old reference to this, but no reply. > > > > > Date: Mon, 11 Mar 1996 15:09:15 -0600 (CST) > > > From: Scott Mace > > > To: hackers@freebsd.org > > > Subject: Redirects and expire times... > > > Message-ID: <199603112109.PAA15480@metal.ops.neosoft.com> > > > > > > I think it is a bug to add a host route after receiving a ICMP redirect > > > and NOT having any expire set on the route. If you have a default routed > > > host in a complex topology you can get into trouble when the topology changes. > > I agree. At Xylan, we had numerous customer complaints about redirects > filling the routing table and the only way to clear them (4.2 BSD based > stack) was to reboot the switch. We added a 10-minute timeout on all > redirect routes, figuring that redirects SHOULD be the exception rather > than the rule. YMMV. We've had no customer complaints since then. ;^) Seems to me that redirects would be used for a variety of reasons: (1) bad configuration; (2) multiple subnets on a single "wire" [so a router *might* want to use redirects to avoid duplicating traffic on the wire]; and mobility. If so, none of these seem to be especially "exceptions", but more like "rules". Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | Manager, CoreOS Networking | Men are from Earth. Apple Computer, Inc. | Women are from Earth. 2 Infinite Loop | Deal with it. Cupertino, CA 95014 | *-------------------------------------*-------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 18 22:34:18 1999 Delivered-To: freebsd-net@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id C9D6315129 for ; Tue, 18 May 1999 22:34:13 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id XAA13724; Tue, 18 May 1999 23:34:08 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <37424D4F.D9259DBA@softweyr.com> Date: Tue, 18 May 1999 23:34:07 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: justin@apple.com Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redirects and expire times References: <199905190411.VAA00649@walker3.apple.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Justin C. Walker" wrote: > > I don't have a lot of detailed experience with redirects, so I'm > kind of flying without a net (so to speak :-}): > > > From: Wes Peters > > Date: 1999-05-18 21:03:23 -0700 > > To: Jonathan Hanna > > Subject: Re: Redirects and expire times > > Jonathan Hanna wrote: > > > > > > What is the proper way of handling ICMP redirects? I expected > > > host routes to be added with an expire time, but apparently > > > they are permanent. > > > > > > I found one old reference to this, but no reply. > > > > > > > Date: Mon, 11 Mar 1996 15:09:15 -0600 (CST) > > > > From: Scott Mace > > > > To: hackers@freebsd.org > > > > Subject: Redirects and expire times... > > > > Message-ID: <199603112109.PAA15480@metal.ops.neosoft.com> > > > > > > > > I think it is a bug to add a host route after receiving a ICMP > redirect > > > > and NOT having any expire set on the route. If you have a > default routed > > > > host in a complex topology you can get into trouble when the > topology changes. > > > > I agree. At Xylan, we had numerous customer complaints about redirects > > filling the routing table and the only way to clear them (4.2 BSD based > > stack) was to reboot the switch. We added a 10-minute timeout on all > > redirect routes, figuring that redirects SHOULD be the exception rather > > than the rule. YMMV. We've had no customer complaints since > then. ;^) > Seems to me that redirects would be used for a variety of reasons: > (1) bad configuration; (2) multiple subnets on a single "wire" [so a > router *might* want to use redirects to avoid duplicating traffic on > the wire]; and mobility. > > If so, none of these seem to be especially "exceptions", but more > like "rules". Both (2) and (mobility) fall away as "rules" when you have VLANs and Group Mobility - the ability to move to different physical ports and have the VLAN follow you. ;^) (Pardon the advertising, it is a valid point. Switched LANs are very different creatures than the tradition hub/ethernet environment.) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 20 1:10:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from widefw.csl.sony.co.jp (widefw.csl.sony.co.jp [133.138.1.1]) by hub.freebsd.org (Postfix) with ESMTP id EEFDF14EBD for ; Thu, 20 May 1999 01:09:53 -0700 (PDT) (envelope-from kjc@csl.sony.co.jp) Received: from hotaka.csl.sony.co.jp (root@hotaka.csl.sony.co.jp [43.27.100.57]) by widefw.csl.sony.co.jp (8.9.3/3.7Wwidefw/99041417) with ESMTP id RAA08478; Thu, 20 May 1999 17:09:37 +0900 (JST) Received: from localhost (kjc@[127.0.0.1]) by hotaka.csl.sony.co.jp (8.8.8/3.6W/hotaka/98122515) with ESMTP id RAA20240; Thu, 20 May 1999 17:09:36 +0900 (JST) Message-Id: <199905200809.RAA20240@hotaka.csl.sony.co.jp> To: altq@csl.sony.co.jp Cc: freebsd-net@freebsd.org, end2end-interest@isi.edu Subject: altq-1.2 now available Date: Thu, 20 May 1999 17:09:35 +0900 From: Kenjiro Cho Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org altq-1.2 is now available from http://www.csl.sony.co.jp/person/kjc/software.html or ftp://ftp.csl.sony.co.jp/pub/kjc/altq-1.2.tar.gz ALTQ is a traffic management package for FreeBSD. More information is availble from the above URL. What's New since version 1.1.3: - FreeBSD-3.2R based. 2.2.8R and 3.1R are also supported. - Kernel installation procedure has been changed. Please read the INSTALL document. - KLD support for FreeBSD-3.x each altq discipline can be loaded/unloaded at run time. - ATM driver update ALTQ (and bpf) now works on each pvc interface - WFQ improvement - Flowvalve update - Ethernet Bridging support - additional driver support for fast ethernet adapters rl, pn, mx, wb, vr, ax - ECN support for TCP is separated from the altq kernel patch. ALTQ Mailing-list: I have finally set up a mailing-list for ALTQ . It is a forum for technical discussions related to ALTQ and the list is for both the ALTQ users and the developers. To subscribe to the altq mailing-list, send mail to and include subscribe altq [] in the body of your message. Also, I'll be talking about ALTQ at USENIX Freenix track. http://www.usenix.org/events/usenix99/ --- Kenjiro Cho Sony Computer Science Laboratories, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 22 10:56:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from super-g.inch.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 2243F14D93 for ; Sat, 22 May 1999 10:56:26 -0700 (PDT) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id NAA07345 for ; Sat, 22 May 1999 13:56:26 -0400 (EDT) Date: Sat, 22 May 1999 13:56:26 -0400 (EDT) From: spork X-Sender: spork@super-g.inch.com To: freebsd-net@freebsd.org Subject: NetBSD Security Advisory 1999-010 (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I've noticed this same behaviour in the 2.2 branch, is this fixed in 3.x? I discovered it on a firewall machine when someone on the public network brought up a machine with a 192.168.x address and knocked a nat'd machine behind the firewall off the net. Even trying to set a static entry would not hold the proper mapping... Thanks, Charles ---------- Forwarded message ---------- Date: Fri, 21 May 1999 23:02:25 +1000 From: matthew green Reply-To: tech-security@netbsd.org To: BUGTRAQ@netspace.org Subject: NetBSD Security Advisory 1999-010 -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-010 ================================= Topic: ARP table vulnerability Version: NetBSD-1.3* Severity: Denial of service or traffic hijacking from local network cable is possible Abstract ======== The implementation of ARP packet reception is vulnerable two attacks: - on multihomed hosts, ARP packets from cable A can overwrite ARP entries for cable B. - for all hosts, ARP packets can overwrite ARP entries marked as static. Technical Details ================= ARP is a protocol used to dynamically obtain IPv4 to Link level address translation, used for Ethernet, FDDI, Token ring, and ARCnet cables, described in RFC 826. The first vulnerability is specific to hosts with more than one ARP capable network attached. The address information of incoming ARP packets is not checked to ensure that it corresponds to one of the addresses of the interface on which the packet arrived. Thus, it would be able to suppress or redirect traffic from the attacked host to a different destination. The second vulnerability is related to so-called "static" arp entries. The original NetBSD ARP implementation (as that of most other vendors) allows the creation of "static" or "permanent" ARP entries. They are typically used for two reasons: - as a security measure, to disallow the redirection of traffic addressed to priviledged hosts by rogue hosts on the cable to themselves or elsewhere, - as a cheap routing protocol ("proxy ARP"), mostly when connecting single hosts through point to point links. To the outside, they occur as if they where on the (e.g.) Ethernet, but traffic destined for them is redirected by the ARP mechanism to the routing host. The 2nd usage doesn't create specific denial of service possibilities as the ARP protocol is insecure in itself. However, if static ARP entries are used to prevent D.O.S. attacks, they need to be protected from overwriting. Solutions and Workarounds ========================= NetBSD-1.4, and NetBSD-1.4_BETA after 1999-05-05, are fixed. A patch is available for NetBSD 1.3.3 to fix this problem. You may find this patch on the NetBSD ftp server: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990505-arp NetBSD-current since 19990506 is not vulnerable. Users of NetBSD-current should upgrade to a source tree later than 19990506. Thanks To ========= Both vulnerabilities were reported by Olaf "Rhialto" Seibert in NetBSD PR 7489 and PR 7490. A fix was provided by Zdenek Salvet in PR 7497, and integrated into NetBSD by Ignatios Souvatzis. Revision History ================ 1999/05/21 - initial version More Information ================ Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 1999, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA1999-010.txt,v 1.3 1999/05/21 12:47:00 mrg Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBN0VV2j5Ru2/4N2IFAQHDLwQAht39y0fw6s9lve+8L+LDaH5LPDHXkj3X YlPtGQAmqKOy/qf8sRbnHYQOm4uxmLpUv5KJznL37o5C8PvA/YZSU5Yq2S7Modkk Po0fxKeacwwf6y4gkT3s6TNOl1W6vxg3P2Ruir6dRbC5FNS4G6PCboa4yUjA0pg2 MSU393S0GV8= =b765 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 5:22:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from babelbrox.axion.bt.co.uk (babelbrox.axion.bt.co.uk [132.146.16.6]) by hub.freebsd.org (Postfix) with ESMTP id EDE1A14D35 for ; Tue, 25 May 1999 05:22:36 -0700 (PDT) (envelope-from graeme.n.brown@bt.com) Received: from cbtlipnt02.btlabs.bt.co.uk by babelbrox.axion.bt.co.uk (local) with ESMTP; Tue, 25 May 1999 13:20:26 +0100 Received: by cbtlipnt02.btlabs.bt.co.uk with Internet Mail Service (5.5.2448.0) id ; Tue, 25 May 1999 13:20:23 +0100 Message-ID: <71DA16F18D32D2119A1D0000F8FE9A9402B5A229@mbtlipnt01.btlabs.bt.co.uk> From: graeme.n.brown@bt.com To: freebsd-net@freebsd.org Subject: Is there 3.2 RELEASE support for xDSL and cable modems ? Date: Tue, 25 May 1999 13:20:17 +0100 X-Mailer: Internet Mail Service (5.5.2448.0) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear List Can anyone enlighten as to whether there is support under FreeBSD 3.2R for (i) xDSL (ADSL, VDSL etc) interface cards (ii) Cable Modems Thanks for any info returned. Graeme Brown Internet Futures BT Labs, UK email: graeme.brown@bt.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 5:46:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from web4-1.ability.net (web4-1.ability.net [216.32.69.9]) by hub.freebsd.org (Postfix) with ESMTP id 86C1B14EE6 for ; Tue, 25 May 1999 05:46:29 -0700 (PDT) (envelope-from rich@f2sys.net) Received: from ppp-rich.ari.net (ppp-rich.ari.net [198.69.193.148]) by web4-1.ability.net (8.9.1/8.9.1/Pub) with ESMTP id IAA15431 for ; Tue, 25 May 1999 08:34:31 -0400 (EDT) Date: Tue, 25 May 1999 08:53:12 -0400 (EDT) From: Rich Fox X-Sender: rich@ppp-rich.ari.net To: freebsd-net@FreeBSD.ORG Subject: socks5 problems (auth) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have sent this through the freebsd-questions channel, and received helpful, but not definitive, information. I have socks5 running (v1.0r9) on a freeBSD 3.1 box. The problem I am having is that I have never been able to configure it to accept a connection without requiring authorization from the client, (alas, I have never been able to configure it to accept a connection and actually act as a proxy--authroization or not!). I understand the risk of leaving the proxy wide open, but I can't get anything to work anyways. In any case here is my *.conf file... # Authentication entries auth - - - # Access entries permit - - 0.0.0.0/0.0.0.0 - - # route entries route 192.168.1. - 192.168.1.1 route - - 123.456.789.123 This is a multi-homed host (IP aliasing), I simply want to allow a connection from 192.168.1.n to a server on the other side. The other side's interface is at 123.456.789.123 and obviously 192.168.1.n's interface is at 192.168.1.1. The system is running ip aliasing and IPFW, however, IPFW has been wide open for these tests. Following is a copy of the perpetual errors that I receive with this... ppp-rich# socks5 -d 3 -s ppp-rich# 44235: Socks5 starting at Tue May 25 08:26:54 1999 in normal mode 44399: TCP Connection Request: Connect (192.168.1.2:2057 to 160.43.252.59:554) f or user 44399: TCP Setup: Authorization failed 44399: TCP Connection Terminated: Abnormal (192.168.1.2:2057 to 160.43.252.59:55 4) for user : 0 bytes out, 0 bytes in 44576: TCP Connection Request: Connect (192.168.1.2:2059 to 160.43.252.59:554) f or user 44576: TCP Setup: Authorization failed 44576: TCP Connection Terminated: Abnormal (192.168.1.2:2059 to 160.43.252.59:55 4) for user : 0 bytes out, 0 bytes in The client app, Quicktime Player (For qt pro) provides no means for authorization, but that shouldn't matter since I am trying to tell socks5 to forget authentication and just do *something*! In this case, I am talking about the client as a Mac, on the other hand, I get roughly similar results from Socksified Win32 (The socksifier log however, contains some interesting info, particularly that it requests the connection, auth is accepted then sends a proxy command and the auth is suddenly rejected.) (On a side note, Quicktime Streaming Media is using RTP-RTSP. If so, then why does streaming media from RealNetworks, which also uses RTSP, work just fine through NAT, whereas, Quicktime doesn't?) Clues would be most helpful... Thanks, Rich. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 8: 6:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from gateway.schneider.com (mailgate1.schneider.com [207.67.105.2]) by hub.freebsd.org (Postfix) with SMTP id 7C5FB1579E for ; Tue, 25 May 1999 08:06:47 -0700 (PDT) (envelope-from WAYNEK@SCHNEIDER.COM) Received: from SMTPGW1.schneider.com by gateway.schneider.com via smtpd (for hub.FreeBSD.ORG [204.216.27.18]) with SMTP; 25 May 1999 14:15:30 UT Date: Tue, 25 May 1999 9:46 -0600 From: "Wayne, Ken" To: freebsd-net@freebsd.org Subject: Fragmentation Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've only been using FreeBSD for about 6 months now so excuse the question if there is an easy answer or if it has been recently covered. When I boot up, BSD reports somewhere between 1% and 5% fragmentation. Do I need to be worried about this? Is this something the OS takes care of or is there a utility I can use to degrag the volume? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 8:21: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 75BAE14CA7 for ; Tue, 25 May 1999 08:20:57 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id LAA11146; Tue, 25 May 1999 11:20:53 -0400 (EDT) (envelope-from wollman) Date: Tue, 25 May 1999 11:20:53 -0400 (EDT) From: Garrett Wollman Message-Id: <199905251520.LAA11146@khavrinen.lcs.mit.edu> To: "Wayne, Ken" Cc: freebsd-net@FreeBSD.ORG Subject: Fragmentation In-Reply-To: References: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > When I boot up, BSD reports somewhere between 1% and 5% fragmentation. Do I > need to be worried about this? Is this something the OS takes care of or is > there a utility I can use to degrag the volume? This question doesn't belong on FreeBSD-net; there is nothing network-related here. However, I'm a nice guy and will answer your question anyway. The answer is no. The filesystem is set up to automatically defragment files as they are extended, and in any case even fairly high levels of fragmentation do not have a large impact on everyday filesystem performance. (There are certain access patterns which can cause problems, however.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 10:40:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from oak.iea-software.com (oak.iea-software.com [207.53.165.4]) by hub.freebsd.org (Postfix) with ESMTP id 97C1715241 for ; Tue, 25 May 1999 10:40:12 -0700 (PDT) (envelope-from sworkman@iea-software.com) Received: from sycamore (unverified [207.53.165.36]) by oak.iea-software.com (Rockliffe SMTPRA 3.3.0) with SMTP id for ; Tue, 25 May 1999 10:29:09 -0700 Message-ID: <00b001bea6d4$3402aa20$24a535cf@ieasoftware.com> From: "Shawn Workman" To: Subject: Just a question Date: Tue, 25 May 1999 10:29:54 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00AD_01BEA699.878E7560" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00AD_01BEA699.878E7560 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I just built a FreeBSD box that has 2 Intel pro 100b cards in it (fxp0, = fxp1) I have rebuilt my kernel and enabled the firewall, bridging, and = dummynet. fxp1 is the interface to the internet and fxp0 is the interface to the = LAN. I am getting ready to put this thing on line and was just wondering if = anyone knew of anything I should watch out for? I am running NATD in the following manner natd -interface fxp0 if I run it on fxp1 then I can no longer get to the internet. These may seems stupid, but I have never dealt with a FreeBSD box with 2 = NIC's, this box will be replacing MS proxy and Exchange(internet email = only), and I am very anxious to get this running.. Thanks in advance.. -------------------------------------------------------------------------= ------- Shawn Workman - sworkman@iea-software.com Support Engineer - IEA Software, Inc. http://www.iea-software.com ------=_NextPart_000_00AD_01BEA699.878E7560 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I just built a FreeBSD box that has 2 Intel pro 100b = cards in=20 it (fxp0, fxp1)
 
I have rebuilt my kernel and enabled the firewall, = bridging,=20 and dummynet.
 
fxp1 is the interface to the internet and fxp0 is = the=20 interface to the LAN.
 
I am getting ready to put this thing on line and was = just=20 wondering if anyone knew of anything I should watch out = for?
 
I am running NATD in the following = manner
 
natd -interface fxp0
 
if I run it on fxp1 then I can no longer get to the=20 internet.
 
These may seems stupid, but I have never dealt with = a FreeBSD=20 box with 2 NIC's, this box will be replacing MS proxy and = Exchange(internet=20 email only), and I am very anxious to get this running..
 
 
Thanks in advance..
 

Shawn Workman - sworkman@iea-software.comSupport=20 Engineer - IEA Software, Inc.
http://www.iea-software.com
<= /DIV> ------=_NextPart_000_00AD_01BEA699.878E7560-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 14:32:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 975601567E for ; Tue, 25 May 1999 14:32:21 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id XAA29163 for freebsd-net@freebsd.org; Tue, 25 May 1999 23:32:10 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id A05C287AE; Tue, 25 May 1999 23:13:06 +0200 (CEST) (envelope-from roberto) Date: Tue, 25 May 1999 23:13:06 +0200 From: Ollivier Robert To: freebsd-net@freebsd.org Subject: Re: Is there 3.2 RELEASE support for xDSL and cable modems ? Message-ID: <19990525231306.A67378@keltia.freenix.fr> Mail-Followup-To: freebsd-net@freebsd.org References: <71DA16F18D32D2119A1D0000F8FE9A9402B5A229@mbtlipnt01.btlabs.bt.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.5i In-Reply-To: <71DA16F18D32D2119A1D0000F8FE9A9402B5A229@mbtlipnt01.btlabs.bt.co.uk>; from graeme.n.brown@bt.com on Tue, May 25, 1999 at 01:20:17PM +0100 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5322 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to graeme.n.brown@bt.com: > Can anyone enlighten as to whether there is support under FreeBSD 3.2R > for > > (i) xDSL (ADSL, VDSL etc) interface cards > (ii) Cable Modems Most of them just have an ethernet interface on your side. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #71: Sun May 9 20:16:32 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 17:46:42 1999 Delivered-To: freebsd-net@freebsd.org Received: from astcorp.com (madcow.astcorp.com [207.3.92.239]) by hub.freebsd.org (Postfix) with ESMTP id 4271014C4C for ; Tue, 25 May 1999 17:46:38 -0700 (PDT) (envelope-from jbeley@astcorp.com) Received: (from jbeley@localhost) by astcorp.com (8.9.3/8.9.3/Debian/GNU) id TAA32406 for freebsd-net@FreeBSD.ORG; Tue, 25 May 1999 19:45:51 -0500 Date: Tue, 25 May 1999 19:45:50 -0500 From: Jeff Beley To: freebsd-net@FreeBSD.ORG Subject: bridging Message-ID: <19990525194550.A32387@ns1.astcorp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there a howto for bridiging under FreeBSD? I have a Linux bridge and would like to implement a BSD bridge, using ipfw as well. Thanks --Jeff -- ------------------------------- Jeff Beley Network Administrator PGP Key Available upon request To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 18:35:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail5.globalserve.net (mail5.globalserve.net [209.90.128.165]) by hub.freebsd.org (Postfix) with ESMTP id 050D014CB8 for ; Tue, 25 May 1999 18:35:54 -0700 (PDT) (envelope-from pierre@globalserve.net) Received: from globalserve.net (dialin2013.toronto.globalserve.net [209.90.137.234]) by mail5.globalserve.net (8.9.1/8.9.1) with ESMTP id VAA05304 for ; Tue, 25 May 1999 21:35:52 -0400 (EDT) Message-ID: <374B4FEE.38763715@globalserve.net> Date: Tue, 25 May 1999 21:35:43 -0400 From: Pierre Reply-To: pierre@globalserve.net Organization: ObjTech Corporation X-Mailer: Mozilla 4.51 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Can't set Full Duplex on 3COM 3C905B-TX Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am having difficulty to make my nic using Duplex. The nic setting is autodetect, but even I tried to force it to full duplex, freeBSD still showing half-duplex during boot time. Can someone point out what I am missing here? Here is some information of my box. OS: FreeBSD 3.1 NIC: 3COM 3C905B-TX (setting is autodetect) pollo:/opt/openssl-0.9.3# ifconfig -a xl0: flags=8843 mtu 1500 inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:10:5a:1b:d8:3d media: 100baseTX supported media: autoselect 100baseTX 100baseTX 100baseTX 10baseT/UTP 10baseT/UTP 10baseT/UTP lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010 mtu 1500 sl0: flags=c010 mtu 552 tun0: flags=8151 mtu 1500 inet 209.90.137.234 --> 209.90.128.100 netmask 0xffffff00 -- Best Regards, Pierre \\|// (o o) -----------oOOo-(_)-oOOo------------------ mailto:pierre(at)globalserve(dot)net ========================================== Dodge: Dead Or Dying Garbage Emitter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 19:25:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail6.globalserve.net (mail6.globalserve.net [209.90.128.166]) by hub.freebsd.org (Postfix) with ESMTP id EEA1014D27 for ; Tue, 25 May 1999 19:25:29 -0700 (PDT) (envelope-from pierre@globalserve.net) Received: from globalserve.net (dialin2013.toronto.globalserve.net [209.90.137.234]) by mail6.globalserve.net (8.9.3/8.9.3) with ESMTP id WAA01224 for ; Tue, 25 May 1999 22:28:49 -0400 (EDT) Message-ID: <374B5B8E.FC4AF9D8@globalserve.net> Date: Tue, 25 May 1999 22:25:18 -0400 From: Pierre Reply-To: pierre@globalserve.net Organization: ObjTech Corporation X-Mailer: Mozilla 4.51 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: [Fwd: Can't set Full Duplex on 3COM 3C905B-TX] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am using a 3COM TP400 Hub. Thanks Darcy for the quick response :) Darcy Buskermolen wrote: > 1st off, are you plugging it into a full duplex device at the other end? > like a full duplex switch ? > > At 09:35 PM 5/25/99 -0400, you wrote: > >I am having difficulty to make my nic using Duplex. The nic setting is > >autodetect, but even I tried to force it to full duplex, freeBSD still > >showing half-duplex during boot time. > > > >Can someone point out what I am missing here? > > > >Here is some information of my box. > > > >OS: FreeBSD 3.1 > >NIC: 3COM 3C905B-TX (setting is autodetect) > > > >pollo:/opt/openssl-0.9.3# ifconfig -a > >xl0: flags=8843 mtu 1500 > > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 > > ether 00:10:5a:1b:d8:3d > > media: 100baseTX > > supported media: autoselect 100baseTX 100baseTX > > 100baseTX 10baseT/UTP 10baseT/UTP > > 10baseT/UTP > >lo0: flags=8049 mtu 16384 > > inet 127.0.0.1 netmask 0xff000000 > >ppp0: flags=8010 mtu 1500 > >sl0: flags=c010 mtu 552 > >tun0: flags=8151 mtu 1500 > > inet 209.90.137.234 --> 209.90.128.100 netmask 0xffffff00 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 19:32:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from i.caniserv.com (i.caniserv.com [139.142.95.1]) by hub.freebsd.org (Postfix) with SMTP id 44E9714D27 for ; Tue, 25 May 1999 19:32:29 -0700 (PDT) (envelope-from Darcy@ok-connect.com) Received: (qmail 17657 invoked from network); 26 May 1999 02:32:35 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by 139.142.95.10 with SMTP; 26 May 1999 02:32:35 -0000 Message-Id: <3.0.32.19990525193418.0221cec0@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 25 May 1999 19:34:18 -0700 To: freebsd-net@freebsd.org From: Darcy Buskermolen Subject: Re: [Fwd: Can't set Full Duplex on 3COM 3C905B-TX] Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to 3com's site that deveice does not look like a full duplex product, there go why you can't make it go full duplex. http://www.3com.com/products/dsheets/400317a.html#Fast //DB At 10:25 PM 5/25/99 -0400, you wrote: >I am using a 3COM TP400 Hub. Thanks Darcy for the quick response :) > >Darcy Buskermolen wrote: > >> 1st off, are you plugging it into a full duplex device at the other end? >> like a full duplex switch ? >> >> At 09:35 PM 5/25/99 -0400, you wrote: >> >I am having difficulty to make my nic using Duplex. The nic setting is >> >autodetect, but even I tried to force it to full duplex, freeBSD still >> >showing half-duplex during boot time. >> > >> >Can someone point out what I am missing here? >> > >> >Here is some information of my box. >> > >> >OS: FreeBSD 3.1 >> >NIC: 3COM 3C905B-TX (setting is autodetect) >> > >> >pollo:/opt/openssl-0.9.3# ifconfig -a >> >xl0: flags=8843 mtu 1500 >> > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 >> > ether 00:10:5a:1b:d8:3d >> > media: 100baseTX >> > supported media: autoselect 100baseTX 100baseTX >> > 100baseTX 10baseT/UTP 10baseT/UTP >> > 10baseT/UTP >> >lo0: flags=8049 mtu 16384 >> > inet 127.0.0.1 netmask 0xff000000 >> >ppp0: flags=8010 mtu 1500 >> >sl0: flags=c010 mtu 552 >> >tun0: flags=8151 mtu 1500 >> > inet 209.90.137.234 --> 209.90.128.100 netmask 0xffffff00 >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 22:53:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from SIMULTAN.CH (eunet-gw.simultan.ch [194.191.191.82]) by hub.freebsd.org (Postfix) with ESMTP id A879C14FC6 for ; Tue, 25 May 1999 22:53:13 -0700 (PDT) (envelope-from tseidmann@simultan.ch) Received: from simultan.ch (wsaltis-053.SIMULTAN.CH [192.92.128.53]) by SIMULTAN.CH (8.9.3/8.9.2) with ESMTP id HAA05166; Wed, 26 May 1999 07:53:07 +0200 (CEST) (envelope-from tseidmann@simultan.ch) Message-ID: <374B8C2A.A15D1591@simultan.ch> Date: Wed, 26 May 1999 07:52:42 +0200 From: Thomas Seidmann X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Shawn Workman Cc: freebsd-net@FreeBSD.ORG Subject: Re: Just a question References: <00b001bea6d4$3402aa20$24a535cf@ieasoftware.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Shawn Workman wrote: > > I just built a FreeBSD box that has 2 Intel pro 100b cards in it > (fxp0, fxp1) > > I have rebuilt my kernel and enabled the firewall, bridging, and > dummynet. > > fxp1 is the interface to the internet and fxp0 is the interface to the > LAN. > > I am getting ready to put this thing on line and was just wondering if > anyone knew of anything I should watch out for? > > I am running NATD in the following manner > > natd -interface fxp0 > > if I run it on fxp1 then I can no longer get to the internet. From where can't you get to the Internet? From the FreeBSD host or from the internal network? Basically, you should run 'natd -interface fxp1', since fxp1 is the public interface. Od course fxp1 has got to have a valid IP address. You should provide more details in order to get help. I can assure you NAT works perfectly in both -stable and -current. > Shawn Workman - sworkman@iea-software.com Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue May 25 23:32: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from lanfear.nidlink.com (lanfear.nidlink.com [216.18.128.7]) by hub.freebsd.org (Postfix) with ESMTP id 1B41D14C09 for ; Tue, 25 May 1999 23:32:01 -0700 (PDT) (envelope-from sworkman@nidlink.com) Received: from enaila.nidlink.com (root@enaila.nidlink.com [216.18.128.8]) by lanfear.nidlink.com (8.9.0/8.9.0) with ESMTP id XAA05891; Tue, 25 May 1999 23:31:59 -0700 (PDT) Received: from hal.nidlink.com (tnt132-87.nidlink.com [216.18.132.87]) by enaila.nidlink.com (8.9.0/8.9.0) with ESMTP id XAA24177; Tue, 25 May 1999 23:31:57 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <374B8C2A.A15D1591@simultan.ch> Date: Tue, 25 May 1999 23:35:56 -0700 (PDT) Reply-To: sworkman@nidlink.com From: Shawn Workman To: Thomas Seidmann Subject: Re: Just a question Cc: freebsd-net@FreeBSD.ORG, Shawn Workman Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>From where can't you get to the Internet? From the FreeBSD host or from > the internal network? From the FreeBSD host. > Basically, you should run 'natd -interface fxp1', since fxp1 is the > public interface. Od course fxp1 has got to have a valid IP address. You > should provide more details in order to get help. I can assure you NAT > works perfectly in both -stable and -current. I was running NAT on fxp1 and it had a valid address. As soon as I ran natd -interface fxp1 I could no longer access the Internet.. Hmm. I have a telnet session going with that machine right now so I will give it a shot. another question, Does natd start at boot? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 0:16:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from SIMULTAN.CH (eunet-gw.simultan.ch [194.191.191.82]) by hub.freebsd.org (Postfix) with ESMTP id 7C363152EE for ; Wed, 26 May 1999 00:16:48 -0700 (PDT) (envelope-from tseidmann@simultan.ch) Received: from simultan.ch (wsaltis-053.SIMULTAN.CH [192.92.128.53]) by SIMULTAN.CH (8.9.3/8.9.2) with ESMTP id JAA07108; Wed, 26 May 1999 09:16:43 +0200 (CEST) (envelope-from tseidmann@simultan.ch) Message-ID: <374B9FC2.6D1078CD@simultan.ch> Date: Wed, 26 May 1999 09:16:18 +0200 From: Thomas Seidmann X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: sworkman@nidlink.com Cc: freebsd-net@FreeBSD.ORG Subject: Re: Just a question References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Shawn Workman wrote: > >From the FreeBSD host. > > > Basically, you should run 'natd -interface fxp1', since fxp1 is the > > public interface. Od course fxp1 has got to have a valid IP address. You > > should provide more details in order to get help. I can assure you NAT > > works perfectly in both -stable and -current. > > I was running NAT on fxp1 and it had a valid address. As soon as I ran > natd -interface fxp1 > I could no longer access the Internet.. OK, in this case the ipfw rules must be missing. Be sure they look like this (obtained with 'ipfw l'): 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 divert 8668 ip from any to any via fxp1 65000 allow ip from any to any 65535 deny ip from any to any The numbers can be different, and rule 65000 can be replaced by more specific firewall rules. > another question, Does natd start at boot? Yes, if you specify in rc.conf the following: natd_enable="YES" natd_interface="fxp1" Regards, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 0:20:10 1999 Delivered-To: freebsd-net@freebsd.org Received: from lanfear.nidlink.com (lanfear.nidlink.com [216.18.128.7]) by hub.freebsd.org (Postfix) with ESMTP id F01401502A for ; Wed, 26 May 1999 00:20:07 -0700 (PDT) (envelope-from sworkman@nidlink.com) Received: from enaila.nidlink.com (root@enaila.nidlink.com [216.18.128.8]) by lanfear.nidlink.com (8.9.0/8.9.0) with ESMTP id AAA24872; Wed, 26 May 1999 00:20:07 -0700 (PDT) Received: from hal.nidlink.com (tnt132-87.nidlink.com [216.18.132.87]) by enaila.nidlink.com (8.9.0/8.9.0) with ESMTP id AAA15701; Wed, 26 May 1999 00:20:04 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <374B9FC2.6D1078CD@simultan.ch> Date: Wed, 26 May 1999 00:24:03 -0700 (PDT) Reply-To: sworkman@nidlink.com From: Shawn Workman To: Thomas Seidmann Subject: Re: Just a question Cc: freebsd-net@FreeBSD.ORG Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for the info.. I am assuming that rule number 300 is the important one(for natd). I will go ahead and make the necessary mods and have some fun.. Thanks again.. On 26-May-99 Thomas Seidmann wrote: > Shawn Workman wrote: >> >From the FreeBSD host. >> >> > Basically, you should run 'natd -interface fxp1', since fxp1 is the >> > public interface. Od course fxp1 has got to have a valid IP address. You >> > should provide more details in order to get help. I can assure you NAT >> > works perfectly in both -stable and -current. >> >> I was running NAT on fxp1 and it had a valid address. As soon as I ran >> natd -interface fxp1 >> I could no longer access the Internet.. > > OK, in this case the ipfw rules must be missing. Be sure they look like > this (obtained with 'ipfw l'): > > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 divert 8668 ip from any to any via fxp1 > 65000 allow ip from any to any > 65535 deny ip from any to any > > The numbers can be different, and rule 65000 can be replaced by more > specific firewall rules. > >> another question, Does natd start at boot? > > Yes, if you specify in rc.conf the following: > > natd_enable="YES" > natd_interface="fxp1" > > Regards, > Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 3:37:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from www.inx.de (www.inx.de [195.21.255.251]) by hub.freebsd.org (Postfix) with ESMTP id 245FB15237 for ; Wed, 26 May 1999 03:37:35 -0700 (PDT) (envelope-from jnickelsen@acm.org) Received: from n31-87.berlin.snafu.de ([195.21.31.87] helo=goting.jn.berlin.snafu.de) by www.inx.de with esmtp (Exim 2.12 #2) id 10mb42-0006yi-00; Wed, 26 May 1999 12:37:34 +0200 Received: from ockholm.jn.berlin.snafu.de (ockholm.jn.berlin.snafu.de [10.0.0.3]) by goting.jn.berlin.snafu.de (Postfix) with ESMTP id D769C13D; Wed, 26 May 1999 01:31:34 +0200 (CEST) Date: Wed, 26 May 1999 01:31:44 +0200 From: Juergen Nickelsen To: Shawn Workman Cc: freebsd-net@FreeBSD.ORG Subject: Re: Just a question Message-ID: <491041.3136671104@ockholm.jn.berlin.snafu.de> In-Reply-To: <00b001bea6d4$3402aa20$24a535cf@ieasoftware.com> Originator-Info: login-id=nickel; server=goting.jn.berlin.snafu.de X-Mailer: Mulberry (MacOS) [1.4.2.1, s/n U-301240] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --On Die, 25. Mai 1999 10:29 -0700 Shawn Workman wrote: > I just built a FreeBSD box that has 2 Intel pro 100b cards in it > (fxp0, fxp1) > > I have rebuilt my kernel and enabled the firewall, bridging, and > dummynet. Do you really need bridging and dummynet? For a router with NAT, you usually don't. > fxp1 is the interface to the internet and fxp0 is the interface to > the LAN. [...] > I am running NATD in the following manner > > natd -interface fxp0 > > if I run it on fxp1 then I can no longer get to the internet. The NATd should actually run on the outer interface. Have you set up your firewall rules right? Look into /etc/rc.firewall; start with the "simple" setup and adapt it to your needs. Either do it the hard way like I did (guess what you need, set up the rules, and learn from your mistakes) or read the firewall book from O'Reilly ("Build Internet Firewalls" or the like); it is said yo be quite helpful. Greetings, Juergen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 4:52:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id C302F14D76 for ; Wed, 26 May 1999 04:52:22 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id LAA07876; Wed, 26 May 1999 11:24:13 +0200 From: Luigi Rizzo Message-Id: <199905260924.LAA07876@labinfo.iet.unipi.it> Subject: Re: bridging To: jbeley@astcorp.com (Jeff Beley) Date: Wed, 26 May 1999 11:24:12 +0200 (MET DST) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <19990525194550.A32387@ns1.astcorp.com> from "Jeff Beley" at May 25, 99 07:45:31 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 764 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Is there a howto for bridiging under FreeBSD? I have > a Linux bridge and would like to implement a BSD > bridge, using ipfw as well. erm... bridges "just work" usually, you don't need very sophisticated configuration. man bridge(4) ipfw(4) dummynet(4) is probably all you need. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 5:38:25 1999 Delivered-To: freebsd-net@freebsd.org Received: from ikhala.tcimet.net (ikhala.tcimet.net [198.109.166.215]) by hub.freebsd.org (Postfix) with ESMTP id C2E60150EA for ; Wed, 26 May 1999 05:38:22 -0700 (PDT) (envelope-from dervish@ikhala.tcimet.net) Received: (from dervish@localhost) by ikhala.tcimet.net (8.9.3/8.9.3) id JAA18297; Wed, 26 May 1999 09:00:52 -0400 (EDT) (envelope-from dervish) Date: Wed, 26 May 1999 09:00:52 -0400 From: Natty Rebel To: Pierre Cc: freebsd-net@freebsd.org Subject: Re: Can't set Full Duplex on 3COM 3C905B-TX Message-ID: <19990526090032.A18244@ikhala.tcimet.net> References: <374B4FEE.38763715@globalserve.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <374B4FEE.38763715@globalserve.net>; from Pierre on Tue, May 25, 1999 at 09:35:43PM -0400 X-Operating-System: FreeBSD 4.0-CURRENT i386 X-PGP-Fingerprint: 2C CE A5 D7 FA 4D D5 FD 9A CC 2B 23 04 46 48 F8 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting Pierre (pierre@globalserve.net): > I am having difficulty to make my nic using Duplex. The nic setting is > autodetect, but even I tried to force it to full duplex, freeBSD still > showing half-duplex during boot time. > > Can someone point out what I am missing here? A couple of things did you try using the 'mediaopt full-duplex' in your /etc/rc.conf? (i.e. ifconfig_xl0="inet nnn.nnn.nnn.nnn netmask nnn.nnn.nnn.nnn mediaopt full-duplex") The other thing is to check that the hub or switch you're connecting to supports full duplex. Don't forget 'man xl' hth ... > > Here is some information of my box. > > OS: FreeBSD 3.1 > NIC: 3COM 3C905B-TX (setting is autodetect) > > pollo:/opt/openssl-0.9.3# ifconfig -a > xl0: flags=8843 mtu 1500 > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 > ether 00:10:5a:1b:d8:3d > media: 100baseTX > supported media: autoselect 100baseTX 100baseTX > 100baseTX 10baseT/UTP 10baseT/UTP > 10baseT/UTP > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > ppp0: flags=8010 mtu 1500 > sl0: flags=c010 mtu 552 > tun0: flags=8151 mtu 1500 > inet 209.90.137.234 --> 209.90.128.100 netmask 0xffffff00 > > > -- > Best Regards, > > > Pierre \\|// > (o o) > -----------oOOo-(_)-oOOo------------------ > mailto:pierre(at)globalserve(dot)net > ========================================== > Dodge: Dead Or Dying Garbage Emitter > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message #;^) -- natty rebel harder than the rest ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 6:18:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from web4-1.ability.net (web4-1.ability.net [216.32.69.9]) by hub.freebsd.org (Postfix) with ESMTP id C45E514A2E for ; Wed, 26 May 1999 06:18:51 -0700 (PDT) (envelope-from rich@f2sys.net) Received: from ppp-rich.ari.net (ppp-rich.ari.net [198.69.193.148]) by web4-1.ability.net (8.9.1/8.9.1/Pub) with ESMTP id JAA15773 for ; Wed, 26 May 1999 09:06:38 -0400 (EDT) Date: Wed, 26 May 1999 09:22:29 -0400 (EDT) From: Rich Fox X-Sender: rich@ppp-rich.ari.net To: freebsd-net@FreeBSD.ORG Subject: Re: socks5 problems (auth) [Solved] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Thanks for the responses... The problem simply appeared to be that I hadn't 'completed' my configuration, that is, I needed to change the permit line to permit machines from the 192.168.1. network to access the socks server. [d'oh!] For some reason, I assumed that the permit line would work as in this configuration, which it didn't. When I changed the permit line to read: permit - - 192.168.1. - - - It started working fine. (Incidentally I know from the socks5 lists that other platforms running IP Aliasing and socks5 simultaneously caused problems, in this case [FreeBSD 3.1] it 'seems' to work, (that is, the quality of the stream is rather low, but that may be attributable to the youth of the Quicktime Streaming Media implementation). Turning off IP Aliasing in the kernel is *not* an option since our subnet workstations are MacOS, whose apps are either non-socks5 capable (e.g. Netscape 4.08 MacPPC appears to be only socks4 compatible, or at least that's what the socks log seems to suggest), nor is there a SocksCAP application available in any case. The only reason that we really need socks5 is because we work a lot with QT (which appears to be the only pertinent media type that we can't get through kernel IP Aliasing) and expect to be working with QT4 streaming media, if we can't see it coming off the net, we're gonna be in trouble with our clients. I am still interested in why RealAudio via RTSP works well through kernel IP Aliasing while Quicktime Streaming via RTP-RTSP doesn't work at all, I guess it's the RTP part ;) Thanks again, Rich. On Tue, 25 May 1999, Rich Fox wrote: > Hi, > > I have sent this through the freebsd-questions channel, and received > helpful, but not definitive, information. I have socks5 running (v1.0r9) > on a freeBSD 3.1 box. The problem I am having is that I have never been > able to configure it to accept a connection without requiring > authorization from the client, (alas, I have never been able to configure > it to accept a connection and actually act as a proxy--authroization or > not!). > I understand the risk of leaving the proxy wide open, but I can't get > anything to work anyways. In any case here is my *.conf file... > > # Authentication entries > auth - - - > > # Access entries > permit - - 0.0.0.0/0.0.0.0 - - > > # route entries > route 192.168.1. - 192.168.1.1 > route - - 123.456.789.123 > > This is a multi-homed host (IP aliasing), I simply want to allow a > connection from 192.168.1.n to a server on the other side. The other > side's interface is at 123.456.789.123 and obviously 192.168.1.n's > interface is at 192.168.1.1. The system is running ip aliasing and IPFW, > however, IPFW has been wide open for these tests. > [snip] > Thanks, > Rich. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 10:36:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by hub.freebsd.org (Postfix) with ESMTP id 1213415512 for ; Wed, 26 May 1999 10:36:31 -0700 (PDT) (envelope-from fenner@research.att.com) Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26]) by mail-blue.research.att.com (Postfix) with ESMTP id 48E6D4CE1D; Wed, 26 May 1999 13:36:28 -0400 (EDT) Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46]) by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id NAA18595; Wed, 26 May 1999 13:36:27 -0400 (EDT) From: Bill Fenner Received: (from fenner@localhost) by windsor.research.att.com (8.8.7/8.8.5) id NAA09437; Wed, 26 May 1999 13:36:26 -0400 (EDT) Message-Id: <199905261736.NAA09437@windsor.research.att.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII To: spork@super-g.com Subject: Re: NetBSD Security Advisory 1999-010 (fwd) Cc: freebsd-net@freebsd.org Date: Wed, 26 May 1999 10:36:26 -0700 Versions: dmail (solaris) 2.2c/makemail 2.8t Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yup, this is fixed in 3.0. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 10:51:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from cs.CS.NMSU.Edu (cs.CS.NMSU.Edu [128.123.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 64A8E15675 for ; Wed, 26 May 1999 10:51:49 -0700 (PDT) (envelope-from fzhang@cs.CS.NMSU.Edu) Received: from budvar (budvar [128.123.64.142]) by cs.CS.NMSU.Edu (8.8.6/8.8.6) with SMTP id LAA06367 for ; Wed, 26 May 1999 11:51:11 -0600 (MDT) Message-Id: <199905261751.LAA06367@cs.CS.NMSU.Edu> Date: Wed, 26 May 1999 11:51:00 -0600 (MDT) From: Fusie Zhang Reply-To: Fusie Zhang Subject: pnp Boca modem set-up To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: UqZh72h0b49EbFYuFLeG7w== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.3.2 SunOS 5.7 sun4u sparc Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i have a plug and play Boca 56k flex modem i am trying to setup to work with freebsd. however, so far i have no luck. i have modified the file /sys/i386/isa/sio.c to add the identification string for the modem and recompiled a new kernel. but still could not get it up. if kernel configuration and probe results are required pls let me know. i'm at work and do not have them handy. Fujie Zhang 2217 Hagarty Road #12, Las Cruces, NM 88001. (505)532-8307 131 Science Hall, NMSU, Las Cruces, NM 88003. 646-6229 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed May 26 11:19:10 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id 7995014DF8 for ; Wed, 26 May 1999 11:19:07 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Wed, 26 May 1999 19:16:58 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id TAA07042 for ; Wed, 26 May 1999 19:18:56 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Wed, 26 May 1999 19:18:56 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: 3c905b and FreeBSD3.x/ELF kernel netbooting Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there somebody in this world that can boot a ELF kernel with a 3c905b NIC via netboot, etherboot or any other freeware? I'm looking for this for a while, but nobody answered me exactly what I can do. Thanks Sebastien - French student in Networking and telecommunications To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 27 9:30:58 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id E1ED514FA8 for ; Thu, 27 May 1999 09:30:41 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Thu, 27 May 1999 17:18:46 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id RAA12397 for ; Thu, 27 May 1999 17:20:39 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Thu, 27 May 1999 17:20:39 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: Netbooting-freebsd kernel and 3c905b Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does someone know how to boot a FreeBSD kernel with a 3c905b NIC from the network - I 'm looking for a software that supports bootp/tftp/NFS. I posted a such message a few days ago, but I resolved the problem of booting ELF kernel by compiling my kernel with KERNFORMAT=aout option when I do the make. I realy need it. Thanks seb, without the reply (sorry for that) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 27 11:11:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from lapsnarf (tcs.rli.net [209.141.195.35]) by hub.freebsd.org (Postfix) with ESMTP id 68BC315977 for ; Thu, 27 May 1999 11:10:52 -0700 (PDT) (envelope-from rfogle@sirinet.net) Received: from sirinet.net (localhost [127.0.0.1]) by lapsnarf (8.9.1a/8.9.1) with ESMTP id IAA00184 for ; Thu, 27 May 1999 08:14:56 -0500 Message-ID: <374D4550.647A9F9D@sirinet.net> Date: Thu, 27 May 1999 13:14:56 +0000 From: rfogle X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.9 i586) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Bridge Prob Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Help!! I'm trying to set up a 100baseT->10baseT bridge utilizing FreeBSD for obvious reasons, and I'm running into stumbling blocks. I was using dual tulip 21143's for this, and I couldn't get it to work. I read the tulip driver code and it stated that 21140 was supported, so I dug up dual 21140's, still nada. What I _really_ need is bridging with filtering capabilities; I have a shop with a 10+ box network going to our forward provider's gateways; one gateway is for dynamic IPs and the other for static. Can't masq/nat the packets, we need the ability to assign static IPs from our forward to our LAN when the need arises. Normally, a bridge would be perfect, but I also need the filtering capablities to keep other subnets out. I had a bridge working under linux for awhile, worked great, but no filters. This made me look elsewhere, and it eventually made me try new things and now I'm running my servers, except for my news, on FreeBSD. The performance is quite noticable, and I even put FreeBSD 3.1 on my laptop with pleasant results. I'm very happy so far, but this prob is causing late hours and major headaches, anyone have something similiar? I know that a bridge works or it doesn't, just a sysctl line with the option in the kernel, but I can't !#$#! figure this out. Right now i'm maintaing connectivity using natd for masqing on FreeBSD 3.1. What other information do I need to post? Do I need to upgrade to 3.2? Richard Fogle rfogle@sirinet.net TCS Network Administrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 27 12:49:45 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id F393914E17 for ; Thu, 27 May 1999 12:49:37 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id TAA11678; Thu, 27 May 1999 19:22:51 +0200 From: Luigi Rizzo Message-Id: <199905271722.TAA11678@labinfo.iet.unipi.it> Subject: Re: Bridge Prob To: rfogle@sirinet.net (rfogle) Date: Thu, 27 May 1999 19:22:51 +0200 (MET DST) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <374D4550.647A9F9D@sirinet.net> from "rfogle" at May 27, 99 01:14:37 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1338 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > Help!! I'm trying to set up a 100baseT->10baseT bridge utilizing > FreeBSD for obvious reasons, and I'm running into stumbling blocks. I ... > results. I'm very happy so far, but this prob is causing late hours and > major headaches, anyone have something similiar? I know that a bridge > works or it doesn't, just a sysctl line with the option in the kernel, > but I can't !#$#! figure this out. Right now i'm maintaing connectivity > using natd for masqing on FreeBSD 3.1. What other information do > I need to post? Do I need to upgrade to 3.2? bridging in 3.1 does not work because i forgot to add a few bits -- somr recent 3.1S or 3.2 do work. In case you can probably fetch the picobsd floppy from my web site http://www.iet.unipi.it/~luigi/ip_dummynet/ in a couple of days (the one there now needs manual editing of /etc/rc.conf ...) cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 27 23: 5: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from rodent.crp.com.au (rodent.ringtail.com.au [203.13.222.1]) by hub.freebsd.org (Postfix) with ESMTP id 4F7FF14CED for ; Thu, 27 May 1999 23:04:39 -0700 (PDT) (envelope-from pedro@crp.com.au) Received: from crp.com.au (pedro.ringtail.com.au [203.13.222.13]) by rodent.crp.com.au (8.8.5/8.8.3) with ESMTP id RAA03122 for ; Fri, 28 May 1999 17:05:46 GMT Message-ID: <374E31D4.F870C999@crp.com.au> Date: Fri, 28 May 1999 16:04:04 +1000 From: pedro X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd Subject: Connection Speed Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there a command that I can run to find out what speed a client is connected at? Dave Peterson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu May 27 23:40:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id F0D2814D8C for ; Thu, 27 May 1999 23:40:22 -0700 (PDT) (envelope-from andreas@klemm.gtn.com) Received: from klemm.gtn.com (pppak04.gtn.com [194.231.123.169]) by picalon.gun.de (8.8.6/8.8.6) with ESMTP id IAA19592; Fri, 28 May 1999 08:40:12 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.3) id IAA41671; Fri, 28 May 1999 08:40:02 +0200 (CEST) (envelope-from andreas) Date: Fri, 28 May 1999 08:40:02 +0200 From: Andreas Klemm To: freebsd-net@freebsd.org, zebra@zebra.org Cc: Kunihiro Ishiguro Subject: OSPF eequal-cost paths, which algorithm, how exactly load balancing ? Message-ID: <19990528084002.A41138@titan.klemm.gtn.com> Reply-To: andreas@klemm.gtn.com, andreas.klemm.ak@bayer-ag.de, freebsd-net@freebsd.org, zebra@zebra.org, Kunihiro Ishiguro Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i X-Operating-System: FreeBSD 3.2-STABLE SMP X-Disclaimer: A free society is one where it is safe to be unpopular Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi ! I'm looking for the algorithm how OSPF does a routing decision and what kind of load balancing is been done, between the two 4 MBit leased lines, when OSPF has equal-cost paths like this. Cisco IOS 11.2 or 11.3. Rstart |e0 |10MBit | -----------+---------------- |10MBit |10MBit |e0 |e0 | | R1 R3 || || s0||s1 s0||s1 load balancing between 2 serial ||2x2=4MBit ||2x2=4MBit (4 MBit, process switching to get || || load balancing between 2 serial || || R2 R4 | | |10MBit |10MBit |e0 |e0 -----------+----------------- | |10 MBit |e0 Rdest All I read in the OSPF V2 RFC is, that OSPF creates one routing entry for the interface Rstart e0, that has to destinations R1 and R3 and that it does a load sharing between the two ways, but how ? How is the routing decision being done. What impact does load have on a routing decision and how often it is re-calculated ??? When is perhaps only one route used between R1-R2 or R3-R4 ? The question is, in an redundant environment, how well does OSPF scale when it comes to the point of question, are and how well are the links shared. Do users get 2 x 4 = 8 MBit throughput or only 1 x 4 MBit ??? Thanks a lot, if you could help me on this one. -- Andreas Klemm http://www.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 0:34:50 1999 Delivered-To: freebsd-net@freebsd.org Received: from shonan.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.140.7]) by hub.freebsd.org (Postfix) with ESMTP id 606E714D86 for ; Fri, 28 May 1999 00:34:41 -0700 (PDT) (envelope-from yasu@sfc.wide.ad.jp) Received: from localhost (xroads.sfc.wide.ad.jp [203.178.139.169]) by shonan.sfc.wide.ad.jp (8.9.3+3.2W/3.7Wpl2-shonan) with ESMTP id QAA14179; Fri, 28 May 1999 16:34:16 +0900 (JST) (envelope-from yasu@sfc.wide.ad.jp) To: andreas@klemm.gtn.com, andreas.klemm.ak@bayer-ag.de, freebsd-net@freebsd.org, zebra@zebra.org, kunihiro@zebra.org Subject: Re: [zebra 553] OSPF eequal-cost paths, which algorithm, how exactly load balancing ? From: Yasuhiro Ohara In-Reply-To: Your message of "Fri, 28 May 1999 08:40:02 +0200" <19990528084002.A41138@titan.klemm.gtn.com> References: <19990528084002.A41138@titan.klemm.gtn.com> X-Face: '}9D4L7xP}'_"lLu}d@}aw.]0ySJGBmYU[@f*r]H@|uFZDq]UYOaG@ec(LWwn<"F]<'&^T/ vFePwoo'S)#eKh(+o/W&~F3U.adkeR*6*XNVvEK$Q*SEHmhab+MD X-Mailer: Mew version 1.93 on XEmacs 20.4 (Emerald) X-URL: http://www.sfc.wide.ad.jp/~yasu/ Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19990528163305R.yasu@sfc.wide.ad.jp> Date: Fri, 28 May 1999 16:33:05 +0900 X-Dispatcher: imput version 980905(IM100) Lines: 67 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think... From: Andreas Klemm Subject: [zebra 553] OSPF eequal-cost paths, which algorithm, how exactly load balancing ? Date: Fri, 28 May 1999 08:40:02 +0200 andreas> Hi ! andreas> andreas> I'm looking for the algorithm how OSPF does a routing decision and andreas> what kind of load balancing is been done, between the two 4 MBit andreas> leased lines, when OSPF has equal-cost paths like this. andreas> Cisco IOS 11.2 or 11.3. andreas> andreas> Rstart andreas> |e0 andreas> |10MBit andreas> | andreas> -----------+---------------- andreas> |10MBit |10MBit andreas> |e0 |e0 andreas> | | andreas> R1 R3 andreas> || || andreas> s0||s1 s0||s1 load balancing between 2 serial andreas> ||2x2=4MBit ||2x2=4MBit (4 MBit, process switching to get andreas> || || load balancing between 2 serial andreas> || || andreas> R2 R4 andreas> | | andreas> |10MBit |10MBit andreas> |e0 |e0 andreas> -----------+----------------- andreas> | andreas> |10 MBit andreas> |e0 andreas> Rdest andreas> andreas> All I read in the OSPF V2 RFC is, that OSPF creates one routing andreas> entry for the interface Rstart e0, that has to destinations andreas> R1 and R3 and that it does a load sharing between the two ways, andreas> but how ? OSPF V2 RFC only says "it can". Don't touch anything about how to share loads, because that is not routing protocol matter. How to share loads depends on how to lookup nexthop from routing table.So this is a issue of implementing routing table lookup function. andreas> How is the routing decision being done. What impact does load andreas> have on a routing decision and how often it is re-calculated ??? Again, this is a seperate matter, so the re-calculation will not be happen. andreas> When is perhaps only one route used between R1-R2 or R3-R4 ? andreas> andreas> The question is, in an redundant environment, how well does OSPF andreas> scale when it comes to the point of question, are and how well andreas> are the links shared. Do users get 2 x 4 = 8 MBit throughput or andreas> only 1 x 4 MBit ??? "How well" depends on algorithm to decide which way really to use. OSPF just makes multiple ways that can be used. yasu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 0:57: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from sapphire.noc.gxn.net (sapphire.noc.gxn.net [194.143.161.5]) by hub.freebsd.org (Postfix) with ESMTP id 103F214DC6 for ; Fri, 28 May 1999 00:56:59 -0700 (PDT) (envelope-from amb@gxn.net) Received: from localhost ([127.0.0.1] helo=gxn.net) by sapphire.noc.gxn.net with esmtp (Exim 2.05 #2) id 10nHVI-0005YN-00; Fri, 28 May 1999 08:56:32 +0100 X-Mailer: exmh version 2.0.2 2/24/98 From: Alex Bligh To: andreas@klemm.gtn.com, andreas.klemm.ak@bayer-ag.de, freebsd-net@freebsd.org, zebra@zebra.org, Kunihiro Ishiguro Subject: Re: [zebra 553] OSPF eequal-cost paths, which algorithm, how exactly load balancing ? In-reply-to: Your message of "Fri, 28 May 1999 08:40:02 +0200." <19990528084002.A41138@titan.klemm.gtn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 28 May 1999 08:56:32 +0200 Message-Id: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andreas, > I'm looking for the algorithm how OSPF does a routing decision and > what kind of load balancing is been done, between the two 4 MBit > leased lines, when OSPF has equal-cost paths like this. > Cisco IOS 11.2 or 11.3. Roughly: When Cisco has (by any meothod) two equal cost routes installed in the RIB (i.e. routing table), both get installed in the FIB (i.e. forwarding table). When a packet comes to be forwarded, generally some form of route cache is used, which is normally just a hash of the destination IP being routed to (+/- hardware accellerated routing on higher end boxes, CEF etc. etc.). However, occasionally (normally the first packet *to* a given host) this caching algorithm will miss, and a lookup will be made in the FIB. Where there is more than one entry, these algorithm round-robbins between each of them (well actually I think it may chose randomly between them, which is the same thing in practice). So if you enter "no ip route-cache" on the interface, you will find packets (whereever they are to) round robin between the equal cost routes, thus load sharing. But when you have route-caching switched on (normally), you will find all the traffic to a given destination goes the same way, but providing you have traffic to a large number of destinations, in practice you get good load sharing (don't try putting 2 newsfeeds down 2 2Mb lines this way though). The situation is more complex when you have protocols like EIGRP which will on later IOS versions do *non* equal load sharing. I believe what they do then is tag the relevant load sharing weight onto the RIB entry which propagates to the FIB and modifies the round robin algorithm. However I have not tested this in practice. -- Alex Bligh GX Networks (formerly Xara Networks) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 3:47:32 1999 Delivered-To: freebsd-net@freebsd.org Received: from bayer2.bayer-ag.de (bayer2.bayer-ag.de [194.120.191.2]) by hub.freebsd.org (Postfix) with SMTP id 98BD514C87 for ; Fri, 28 May 1999 03:47:28 -0700 (PDT) (envelope-from ANDREAS.KLEMM.AK@bayer-ag.de) Received: from BYE473.BAYER-AG.DE (bye473.bayer-ag.com) by bayer2.bayer-ag.de with SMTP id MAA24178 (SMTP Gateway 4.2 for ); Fri, 28 May 1999 12:45:29 +0200 Received: by BYE473.BAYER-AG.DE (Soft-Switch LMS 3.2) with snapi via MT0044 id 0006800011799121; Fri, 28 May 1999 12:46:56 +0200 From: ANDREAS.KLEMM.AK@bayer-ag.de To: " - *yasu@sfc.wide.ad.jp" Cc: " - *andreas@klemm.gtn.com" , " - *freebsd-net@freebsd.org" , " - *zebra@zebra.org" , " - *kunihiro@zebra.org" Subject: Antwort: Re: [zebra 553] OSPF eequal-cost paths, which algor Message-Id: <0006800011799121000002L012*@MHS> Date: Fri, 28 May 1999 12:46:56 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org =0AHi ! [sorry for junk characters, only have Lotus notes here, no better maile= r] Thanks for answering. O.K. this would explain why the OSPF V2 RFC only explains, that there will be one routing entries with 2 paths in the OSPF routing table ... Do you perhaps know, how CISCO*%s use that information ? Do I get 4 or 8 MBit throughput in one direction ? Andreas /// yasu@sfc.wide.ad.jp on 28.05.99 10:54:54 An: kunihiro@zebra.org @ INTERNET, zebra@zebra.org @ INTERNET, freebsd-net@freebsd.org @ INTERNET, Andreas Klemm@BAYERNOTES, andreas@klemm.gtn.com @ INTERNET Kopie: Thema: Re: [zebra 553] OSPF eequal-cost paths, which algorithm, how I think... From: Andreas Klemm Subject: [zebra 553] OSPF eequal-cost paths, which algorithm, how exact= ly load balancing ? Date: Fri, 28 May 1999 08:40:02 +0200 andreas> Hi ! andreas> andreas> I'm looking for the algorithm how OSPF does a routing decision= and andreas> what kind of load balancing is been done, between the two 4 MB= it andreas> leased lines, when OSPF has equal-cost paths like this. andreas> Cisco IOS 11.2 or 11.3. andreas> andreas> **Rstart andreas> **|e0 andreas> **|10MBit andreas> **| andreas> -----------+---------------- andreas> *|10MBit**|10MBit andreas> *|e0**|e0 andreas> |**| andreas> *R1**R3 andreas> ||**|| andreas> s0||s1 s0||s1**load balancing between 2 serial andreas> *||2x2=3D4MBit*||2x2=3D4MBit*(4 MBit, process switching to get= andreas> *||**||**load balancing between 2 serial andreas> *||**|| andreas> *R2**R4 andreas> |**| andreas> *|10MBit**|10MBit andreas> *|e0**|e0 andreas> -----------+----------------- andreas> **| andreas> **|10 MBit andreas> **|e0 andreas> **Rdest andreas> andreas> All I read in the OSPF V2 RFC is, that OSPF creates one routin= g andreas> entry for the interface Rstart e0, that has to destinations andreas> R1 and R3 and that it does a load sharing between the two ways= , andreas> but how ? OSPF V2 RFC only says "it can". Don't touch anything about how to share loads, because that is not routing protocol matter. How to share loads depends on how to lookup nexthop from routing table.So this is a issue of implementing routing table lookup function.= andreas> How is the routing decision being done. What impact does load andreas> have on a routing decision and how often it is re-calculated ?= ?? Again, this is a seperate matter, so the re-calculation will not be happen. andreas> When is perhaps only one route used between R1-R2 or R3-R4 ? andreas> andreas> The question is, in an redundant environment, how well does OS= PF andreas> scale when it comes to the point of question, are and how well= andreas> are the links shared. Do users get 2 x 4 =3D 8 MBit throughput= or andreas> only 1 x 4 MBit ??? "How well" depends on algorithm to decide which way really to use. OSPF just makes multiple ways that can be used. *yasu = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 4: 4:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from shonan.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.140.7]) by hub.freebsd.org (Postfix) with ESMTP id A4B6714C87 for ; Fri, 28 May 1999 04:04:42 -0700 (PDT) (envelope-from yasu@sfc.wide.ad.jp) Received: from localhost (xroads.sfc.wide.ad.jp [203.178.139.169]) by shonan.sfc.wide.ad.jp (8.9.3+3.2W/3.7Wpl2-shonan) with ESMTP id UAA19853; Fri, 28 May 1999 20:04:07 +0900 (JST) (envelope-from yasu@sfc.wide.ad.jp) To: ANDREAS.KLEMM.AK@bayer-ag.de Cc: andreas@klemm.gtn.com, freebsd-net@freebsd.org, zebra@zebra.org, kunihiro@zebra.org Subject: Re: Antwort: Re: [zebra 553] OSPF eequal-cost paths, which algor From: Yasuhiro Ohara In-Reply-To: Your message of "Fri, 28 May 1999 12:46:56 +0200" <0006800011799121000002L012*@MHS> References: <0006800011799121000002L012*@MHS> X-Face: '}9D4L7xP}'_"lLu}d@}aw.]0ySJGBmYU[@f*r]H@|uFZDq]UYOaG@ec(LWwn<"F]<'&^T/ vFePwoo'S)#eKh(+o/W&~F3U.adkeR*6*XNVvEK$Q*SEHmhab+MD X-Mailer: Mew version 1.93 on XEmacs 20.4 (Emerald) X-URL: http://www.sfc.wide.ad.jp/~yasu/ Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19990528200257W.yasu@sfc.wide.ad.jp> Date: Fri, 28 May 1999 20:02:57 +0900 X-Dispatcher: imput version 980905(IM100) Lines: 105 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm sorry I don't know, but Mr. Alex Bligh have answered this... yasu From: ANDREAS.KLEMM.AK@bayer-ag.de Subject: Antwort: Re: [zebra 553] OSPF eequal-cost paths, which algor Date: Fri, 28 May 1999 12:46:56 +0200 ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Hi ! ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> [sorry for junk characters, only have Lotus notes here, no better mailer] ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Thanks for answering. O.K. this would explain why the OSPF V2 RFC only ANDREAS.KLEMM.AK> explains, that there will be ANDREAS.KLEMM.AK> one routing entries with 2 paths in the OSPF routing table ... ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Do you perhaps know, how CISCO*%s use that information ? ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Do I get 4 or 8 MBit throughput in one direction ? ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Andreas /// ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> yasu@sfc.wide.ad.jp on 28.05.99 10:54:54 ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> An: kunihiro@zebra.org @ INTERNET, zebra@zebra.org @ INTERNET, ANDREAS.KLEMM.AK> freebsd-net@freebsd.org @ INTERNET, Andreas Klemm@BAYERNOTES, ANDREAS.KLEMM.AK> andreas@klemm.gtn.com @ INTERNET ANDREAS.KLEMM.AK> Kopie: ANDREAS.KLEMM.AK> Thema: Re: [zebra 553] OSPF eequal-cost paths, which algorithm, how ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> I think... ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> From: Andreas Klemm ANDREAS.KLEMM.AK> Subject: [zebra 553] OSPF eequal-cost paths, which algorithm, how exactly load ANDREAS.KLEMM.AK> balancing ? Date: Fri, 28 May 1999 08:40:02 +0200 ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> andreas> Hi ! ANDREAS.KLEMM.AK> andreas> ANDREAS.KLEMM.AK> andreas> I'm looking for the algorithm how OSPF does a routing decision and ANDREAS.KLEMM.AK> andreas> what kind of load balancing is been done, between the two 4 MBit ANDREAS.KLEMM.AK> andreas> leased lines, when OSPF has equal-cost paths like this. ANDREAS.KLEMM.AK> andreas> Cisco IOS 11.2 or 11.3. ANDREAS.KLEMM.AK> andreas> ANDREAS.KLEMM.AK> andreas> **Rstart ANDREAS.KLEMM.AK> andreas> **|e0 ANDREAS.KLEMM.AK> andreas> **|10MBit ANDREAS.KLEMM.AK> andreas> **| ANDREAS.KLEMM.AK> andreas> -----------+---------------- ANDREAS.KLEMM.AK> andreas> *|10MBit**|10MBit ANDREAS.KLEMM.AK> andreas> *|e0**|e0 ANDREAS.KLEMM.AK> andreas> |**| ANDREAS.KLEMM.AK> andreas> *R1**R3 ANDREAS.KLEMM.AK> andreas> ||**|| ANDREAS.KLEMM.AK> andreas> s0||s1 s0||s1**load balancing between 2 serial ANDREAS.KLEMM.AK> andreas> *||2x2=4MBit*||2x2=4MBit*(4 MBit, process switching to get ANDREAS.KLEMM.AK> andreas> *||**||**load balancing between 2 serial ANDREAS.KLEMM.AK> andreas> *||**|| ANDREAS.KLEMM.AK> andreas> *R2**R4 ANDREAS.KLEMM.AK> andreas> |**| ANDREAS.KLEMM.AK> andreas> *|10MBit**|10MBit ANDREAS.KLEMM.AK> andreas> *|e0**|e0 ANDREAS.KLEMM.AK> andreas> -----------+----------------- ANDREAS.KLEMM.AK> andreas> **| ANDREAS.KLEMM.AK> andreas> **|10 MBit ANDREAS.KLEMM.AK> andreas> **|e0 ANDREAS.KLEMM.AK> andreas> **Rdest ANDREAS.KLEMM.AK> andreas> ANDREAS.KLEMM.AK> andreas> All I read in the OSPF V2 RFC is, that OSPF creates one routing ANDREAS.KLEMM.AK> andreas> entry for the interface Rstart e0, that has to destinations ANDREAS.KLEMM.AK> andreas> R1 and R3 and that it does a load sharing between the two ways, ANDREAS.KLEMM.AK> andreas> but how ? ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> OSPF V2 RFC only says "it can". Don't touch anything about how to ANDREAS.KLEMM.AK> share loads, because that is not routing protocol matter. ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> How to share loads depends on how to lookup nexthop from routing ANDREAS.KLEMM.AK> table.So this is a issue of implementing routing table lookup function. ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> andreas> How is the routing decision being done. What impact does load ANDREAS.KLEMM.AK> andreas> have on a routing decision and how often it is re-calculated ??? ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> Again, this is a seperate matter, so the re-calculation will not be ANDREAS.KLEMM.AK> happen. ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> andreas> When is perhaps only one route used between R1-R2 or R3-R4 ? ANDREAS.KLEMM.AK> andreas> ANDREAS.KLEMM.AK> andreas> The question is, in an redundant environment, how well does OSPF ANDREAS.KLEMM.AK> andreas> scale when it comes to the point of question, are and how well ANDREAS.KLEMM.AK> andreas> are the links shared. Do users get 2 x 4 = 8 MBit throughput or ANDREAS.KLEMM.AK> andreas> only 1 x 4 MBit ??? ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> "How well" depends on algorithm to decide which way really to use. ANDREAS.KLEMM.AK> OSPF just makes multiple ways that can be used. ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> *yasu ANDREAS.KLEMM.AK> ANDREAS.KLEMM.AK> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 4: 9:25 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id BC47D14C87 for ; Fri, 28 May 1999 04:09:20 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Fri, 28 May 1999 12:06:11 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id MAA18251 for ; Fri, 28 May 1999 12:08:10 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Fri, 28 May 1999 12:08:10 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: EXPORTMFS and net install security Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org has someone ever tried to use EXPORTMFS ? I plan to use this to export MFS space via NFS. I would like to use it to export the files that are needed to be exported in R/W mode, such as /dev and /var, for my network installation The server would have a huge swap space, like 2x its RAM add to 20M per client ( clients are 486, 8MB RAM) It could avoid having a swap file for each client and simplify the management of it. My clients are not real diskless clients, but it's only for 30 minutes, while I'm installing FreeBSD from the network (home made project). So It could avoid me to create a swap.IP# file for each station I install. I only use 3 or 4 file directories in read write mode, so I woulld like to mount it on a memory system and export the others in read only, so that my installation would be more secured. If someone have information on export MFS,vnconfig and using MFS, or a comment on this strategy that I didn't test yet, please, email me. Thanks bye Sebastien MARAUX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 4:15:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from bayer2.bayer-ag.de (bayer2.bayer-ag.de [194.120.191.2]) by hub.freebsd.org (Postfix) with SMTP id 721B515A0F for ; Fri, 28 May 1999 04:15:21 -0700 (PDT) (envelope-from ANDREAS.KLEMM.AK@bayer-ag.de) Received: from BYE473.BAYER-AG.DE (bye473.bayer-ag.com) by bayer2.bayer-ag.de with SMTP id NAA28510 (SMTP Gateway 4.2 for ); Fri, 28 May 1999 13:13:12 +0200 Received: by BYE473.BAYER-AG.DE (Soft-Switch LMS 3.2) with snapi via MT0044 id 0006800011799081; Fri, 28 May 1999 13:15:05 +0200 From: ANDREAS.KLEMM.AK@bayer-ag.de To: " - *amb@gxn.net" Cc: " - *andreas@klemm.gtn.com" , " - *freebsd-net@freebsd.org" , " - *zebra@zebra.org" , " - *kunihiro@zebra.org" Subject: Antwort: Re: [zebra 553] OSPF eequal-cost paths, which algor Message-Id: <0006800011799081000002L012*@MHS> Date: Fri, 28 May 1999 13:15:05 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org =0AHi Alex, first of all: sorry, if you get some dirty characters, Lotus Notes cann= ot be configured, to be pretty 7Bit ASCII compliant and readable :-/ Thanks for your nice answer. Could you perhaps point out, what actually= happens. Do I have 2 x 2 x 2 Mbit =3D 8 Mbit throughput for IP traffic ? Or does the router decide to choose one route over one router pair ? If the latter is the case, what criterium the router chooses, which pat= h to use ? The roundrobin functionaliy you mention I know from having _one_ router= and two interfaces then turning on the fast cache, so doing processor switching= . But here the question is, _how_ do the packets or sessions flow when having to r= outer _pairs_ ?! Does OSPF really do something like roundrobin packet for packet (1st pa= cket uses route over R1-R2, 2nd packet uses the other equal-cost path). Another question is, when routing IPX, Appletalk and also turning on br= idging, it might happen, that one path is more loaded then the other (spanning = tree). Then the paths have the same OSPF cost, but are differently loaded, wha= t happens then ? Is one path preferred and after what algorithm ? Thanks Andreas /// amb@gxn.net on 28.05.99 11:00:07 An: kunihiro@zebra.org @ INTERNET, zebra@zebra.org @ INTERNET, freebsd-net@freebsd.org @ INTERNET, Andreas Klemm@BAYERNOTES, andreas@klemm.gtn.com @ INTERNET Kopie: Thema: Re: [zebra 553] OSPF eequal-cost paths, which algorithm, how Andreas, > I'm looking for the algorithm how OSPF does a routing decision and > what kind of load balancing is been done, between the two 4 MBit > leased lines, when OSPF has equal-cost paths like this. > Cisco IOS 11.2 or 11.3. Roughly: When Cisco has (by any meothod) two equal cost routes installed in the RIB (i.e. routing table), both get installed in the FIB (i.e. forwarding table). When a packet comes to be forwarded, generally some form of route cache= is used, which is normally just a hash of the destination IP being routed to (+/- hardware accellerated routing on higher end boxes, CEF etc. etc.). However, occasionally (normally the first packet *to* a given host) this caching algorithm will miss, and a lookup will be made in the FIB. Where there is more than one entry, these algorithm round-robbins between each of them (well actually I think it may chose randomly between them, which is the same thing in practice). So if you enter "no ip route-cache" on the interface, you will find packets (whereever they are to) round robin between the equal cost routes, thus load sharing. But when you have route-caching switched on (normally), you will find all the traffic to a given destination goes the same way, but providing= you have traffic to a large number of destinations, in practice you get good load sharing (don't try putting 2 newsfeeds down 2 2Mb lines this way though). The situation is more complex when you have protocols like EIGRP which will on later IOS versions do *non* equal load sharing. I believe what they do then is tag the relevant load sharing weight onto the RIB entry which propagates to the FIB and modifies the round robin algorith= m. However I have not tested this in practice. -- Alex Bligh GX Networks (formerly Xara Networks) = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 4:20:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from millennium.stealth.net (millennium.stealth.net [206.252.192.5]) by hub.freebsd.org (Postfix) with ESMTP id 7BF6914FCB for ; Fri, 28 May 1999 04:19:57 -0700 (PDT) (envelope-from digital@millennium.stealth.net) Received: (from digital@localhost) by millennium.stealth.net (8.8.7/8.7.3) id HAA08029 for freebsd-net@freebsd.org; Fri, 28 May 1999 07:19:56 -0400 (EDT) Received: from yebisu.digital-magic.co.jp (yebisu.digital-magic.co.jp [202.227.9.98]) by millennium.stealth.net (8.8.7/8.7.3) with ESMTP id FAA06648 for ; Fri, 28 May 1999 05:27:47 -0400 (EDT) Received: (from majordom@localhost) by yebisu.digital-magic.co.jp (8.9.1a/3.7W) id SAA31563; Fri, 28 May 1999 18:20:32 +0900 Received: from planet.ge.org (root@ge.org [194.152.164.1]) by yebisu.digital-magic.co.jp (8.9.1a/3.7W) with ESMTP id SAA31559 for ; Fri, 28 May 1999 18:20:30 +0900 Received: from localhost (georg@localhost [127.0.0.1]) by planet.ge.org (8.9.3/8.9.3/Debian/GNU) with ESMTP id LAA15270 for ; Fri, 28 May 1999 11:20:28 +0200 Date: Fri, 28 May 1999 11:20:28 +0200 (CEST) From: Georg Hitsch To: zebra@zebra.org In-Reply-To: <19990528084002.A41138@titan.klemm.gtn.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-To: zebra@digital-magic.co.jp X-Distribute: distribute [version 2.1 (Alpha) patchlevel=19] X-Sequence: zebra 557 Subject: [zebra 557] Re: OSPF eequal-cost paths, which algorithm, how exactly load balancing ? Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 28 May 1999, Andreas Klemm wrote: > Hi ! > > I'm looking for the algorithm how OSPF does a routing decision and > what kind of load balancing is been done, between the two 4 MBit > leased lines, when OSPF has equal-cost paths like this. > Cisco IOS 11.2 or 11.3. I dont know the algorithm, but Linux has in the 2.2-Kernel an Option "equal cost multipath"; propably this could be interessting (?) Georg -- Georg Hitsch ++ mail: georg@atnet.at ripe: gh231-ripe ++ web: http://ge.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 6:25:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from gateway.schneider.com (mailgate1.schneider.com [207.67.105.2]) by hub.freebsd.org (Postfix) with SMTP id 67EF214CAC for ; Fri, 28 May 1999 06:25:29 -0700 (PDT) (envelope-from WAYNEK@SCHNEIDER.COM) Received: from SMTPGW1.schneider.com by gateway.schneider.com via smtpd (for hub.FreeBSD.ORG [204.216.27.18]) with SMTP; 28 May 1999 12:33:22 UT Date: Fri, 28 May 1999 8:21 -0600 From: "Wayne, Ken" To: freebsd-net@FreeBSD.ORG Subject: FreeBSD: Firewall Message-ID: <47FF6BD08413D311A35900805F31EA72@SCHNEIDER.COM> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I apologies if there is a better list to send this question to. I think this is a network question. I want to limit who gets from my internal network to the Internet to a few static IP addresses. I also want to prevent people on the Internet from getting access to my FreeBSD box or workstations. I'm running FreeBSD 2.2.8 with the included Firewall (IPFW) and NAT. The NIC in my FreeBSD box (ed0) is set to 172.16.1.1 and the modem is dynamically assigned when connecting to the Internet. My workstation's (Win '95) NIC is set to 172.16.1.5 and it's DNS and gateway is set to 172.16.1.1 With the following firewall rules, I can get access to the internet via workstation or FreeBSD. allow all from any to any deny all When I have any of the following rule combinations it dosn't allow access to the internet from a workstation or my FreeBSD box. allow ip from 172.16.1.1 to any allow ip from 172.16.1.5 to any deny all allow ip from 172.16.1.1 to any via any allow ip from 172.16.1.5 to any via any deny all allow ip from 172.16.1.1 to any via tun0 allow ip from 172.16.1.5 to any via tun0 deny all allow ip from 172.16.0.0:255.255.255.0 to any deny all allow ip from 172.16.0.0:255.255.255.0 to any via any deny all allow ip from 172.16.1.0:255.255.255.0 to any deny all allow ip from 172.16.1.0:255.255.255.0 to any via any deny all allow ip from 172.16.1.1:255.255.255.0 to any allow ip from 172.16.1.5:255.255.255.0 to any deny all allow ip from 172.16.1.1:255.255.255.0 to any via any allow ip from 172.16.1.5:255.255.255.0 to any via any deny all Any help is greatly appreciated! Thanks, -Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 6:45: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id 112AF14BE3 for ; Fri, 28 May 1999 06:45:02 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Fri, 28 May 1999 14:35:22 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id OAA19312 for ; Fri, 28 May 1999 14:37:13 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Fri, 28 May 1999 14:37:13 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: RIPng routing with IPv4 Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would just like to know if RIPng can route IPv4 and IPv6 at the same time, or if it's just done to route IPv6? Particularly the ndpd-router -s Which comes with the inria distribution for FreeBSD 3.x (New.tar.gz) Thanks bye To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 6:55:17 1999 Delivered-To: freebsd-net@freebsd.org Received: from web4-1.ability.net (web4-1.ability.net [216.32.69.9]) by hub.freebsd.org (Postfix) with ESMTP id A9C5A14BE9 for ; Fri, 28 May 1999 06:55:15 -0700 (PDT) (envelope-from rich@f2sys.net) Received: from ppp-rich.ari.net (ppp-rich.ari.net [198.69.193.148]) by web4-1.ability.net (8.9.1/8.9.1/Pub) with ESMTP id JAA10353; Fri, 28 May 1999 09:43:04 -0400 (EDT) Date: Fri, 28 May 1999 09:59:34 -0400 (EDT) From: Rich Fox X-Sender: rich@ppp-rich.ari.net To: "Wayne, Ken" Cc: freebsd-net@FreeBSD.ORG Subject: Re: FreeBSD: Firewall In-Reply-To: <47FF6BD08413D311A35900805F31EA72@SCHNEIDER.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, From what I understand you need to reciprocate your access in also, that is: With this configuration: > allow ip from 172.16.1.1 to any > allow ip from 172.16.1.5 to any > deny all You're letting any packet out from ~.1 & ~.5 but you're not letting any packets back in. So if you change this to read: allow ip from 172.16.1.1 to any allow ip from any too 172.16.1.1 allow ip from 172.16.1.5 to any allow ip from any to 172.16.1.5 deny all These boxes will now be able to send *and* recieve packets to the other side of the firewall. (Actually the first box .1 may only be able to handle transmitting and receiving packets via it's interface, assuming this is the gateway box). I have this same setup with Macs on the inside, so I can just let anything to or from the client boxes. I am not sure how best to handle dynamic IP addresses (I have static) when creating firewall rules, but at the very least, I would drop a script into ppp.linkup that adds an 'IPFW add' rule as soon as the box makes a successful connection (a rule that restricts packets from the outside to your freebsd box.) Perhaps someone will suggest a better method. Rich. On Fri, 28 May 1999, Wayne, Ken wrote: > I apologies if there is a better list to send this question to. I think this > is a network question. > > I want to limit who gets from my internal network to the Internet to a few > static IP addresses. I also want to prevent people on the Internet from > getting access to my FreeBSD box or workstations. > > I'm running FreeBSD 2.2.8 with the included Firewall (IPFW) and NAT. > > The NIC in my FreeBSD box (ed0) is set to 172.16.1.1 and the modem is > dynamically assigned when connecting to the Internet. > > My workstation's (Win '95) NIC is set to 172.16.1.5 and it's DNS and gateway > is set to 172.16.1.1 > > With the following firewall rules, I can get access to the internet via > workstation or FreeBSD. > allow all from any to any > deny all > > When I have any of the following rule combinations it dosn't allow access to > the internet from a workstation or my FreeBSD box. > > allow ip from 172.16.1.1 to any > allow ip from 172.16.1.5 to any > deny all > > allow ip from 172.16.1.1 to any via any > allow ip from 172.16.1.5 to any via any > deny all > > allow ip from 172.16.1.1 to any via tun0 > allow ip from 172.16.1.5 to any via tun0 > deny all > > allow ip from 172.16.0.0:255.255.255.0 to any > deny all > > allow ip from 172.16.0.0:255.255.255.0 to any via any > deny all > > allow ip from 172.16.1.0:255.255.255.0 to any > deny all > > allow ip from 172.16.1.0:255.255.255.0 to any via any > deny all > > allow ip from 172.16.1.1:255.255.255.0 to any > allow ip from 172.16.1.5:255.255.255.0 to any > deny all > > allow ip from 172.16.1.1:255.255.255.0 to any via any > allow ip from 172.16.1.5:255.255.255.0 to any via any > deny all > > Any help is greatly appreciated! > > Thanks, -Ken > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 7:22:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from SIMULTAN.CH (eunet-gw.simultan.ch [194.191.191.82]) by hub.freebsd.org (Postfix) with ESMTP id 9D7E314DBF for ; Fri, 28 May 1999 07:22:23 -0700 (PDT) (envelope-from tseidmann@simultan.ch) Received: from simultan.ch (wsaltis-053.SIMULTAN.CH [192.92.128.53]) by SIMULTAN.CH (8.9.3/8.9.2) with ESMTP id QAA70866; Fri, 28 May 1999 16:20:47 +0200 (CEST) (envelope-from tseidmann@simultan.ch) Message-ID: <374EA626.F1F9B2CA@simultan.ch> Date: Fri, 28 May 1999 16:20:22 +0200 From: Thomas Seidmann X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Sebastien Maraux Cc: freebsd-net@FreeBSD.ORG Subject: Re: RIPng routing with IPv4 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sebastien Maraux wrote: > > I would just like to know if RIPng can route IPv4 and IPv6 at the same > time, or if it's just done to route IPv6? > Particularly the > ndpd-router -s > Which comes with the inria distribution for FreeBSD 3.x (New.tar.gz) ndpd-router is capable of IPv6 routing only. Cheers, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 13:20:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id B54E515446 for ; Fri, 28 May 1999 13:20:08 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id WAA27785 for freebsd-net@freebsd.org; Fri, 28 May 1999 22:20:08 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 633B787AE; Fri, 28 May 1999 19:52:58 +0200 (CEST) (envelope-from roberto) Date: Fri, 28 May 1999 19:52:58 +0200 From: Ollivier Robert To: freebsd-net@freebsd.org Subject: Re: RIPng routing with IPv4 Message-ID: <19990528195258.A93022@keltia.freenix.fr> Mail-Followup-To: freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.5i In-Reply-To: ; from Sebastien Maraux on Fri, May 28, 1999 at 02:37:13PM +0100 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5322 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Sebastien Maraux: > ndpd-router -s > Which comes with the inria distribution for FreeBSD 3.x (New.tar.gz) Neighbour Discovery (the nd in ndpd-router) protocole is IPv6 only. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #71: Sun May 9 20:16:32 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 14:45:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id C6E1A151DF for ; Fri, 28 May 1999 14:45:54 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Fri, 28 May 1999 22:43:49 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id WAA21847 for ; Fri, 28 May 1999 22:45:36 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Fri, 28 May 1999 22:45:36 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: IPv6 addresses test Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm looking for IPv6 sites connected to the 6bone, in order to test my installation. I'm looking for: - some addresses to ping6 ( really I NEED it) - it would be great to have both aggregate and provider based addresses to ping6 - HTTP / FTP sites to test my browsers Thanks bye To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 15:35:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id D36D214BE2 for ; Fri, 28 May 1999 15:35:16 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id AAA04432; Sat, 29 May 1999 00:33:32 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id DB5978837; Sat, 29 May 1999 00:15:02 +0200 (CEST) (envelope-from roberto) Date: Sat, 29 May 1999 00:15:02 +0200 From: Ollivier Robert To: Sebastien Maraux Cc: freebsd-net@freebsd.org Subject: Re: IPv6 addresses test Message-ID: <19990529001502.A96939@keltia.freenix.fr> Mail-Followup-To: Sebastien Maraux , freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.5i In-Reply-To: ; from Sebastien Maraux on Fri, May 28, 1999 at 10:45:36PM +0100 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5322 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Sebastien Maraux: > I'm looking for: > - some addresses to ping6 ( really I NEED it) - it would be great to have > both aggregate and provider based addresses to ping6 r6.ipv6.eurocontrol.fr and various sites on the 6bone. Ever tried www.6bone.net ? :-) www.ipv6.imag.fr www.ipv6.enst.fr What's yours BTW ? What is your prefix ? > - HTTP / FTP sites to test my browsers See above. You can try also www.kame.net (and see the turtle move). -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #71: Sun May 9 20:16:32 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 19: 4:31 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id 03C3415295 for ; Fri, 28 May 1999 19:04:25 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id WAA26061; Fri, 28 May 1999 22:04:24 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14159.19240.129931.14715@trooper.velocet.ca> Date: Fri, 28 May 1999 22:04:24 -0400 (EDT) To: freebsd-net@freebsd.org Subject: Linux and Solaris tcp beating FreeBSD 4:1 X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Certainly a troll in the header, but let me explain. We've been deploying ADSL... and our own office is well beyond the limit of what should work from our main pop. However, the equipment comes up with a minimal speed link... with one caveat... About 10% (or more) of the packets are corrupted or lost in transit over the link. At the far end of the link are a 4 FreeBSD boxes, a Solaris 2.5 box and a linux 2.2.something box. At the near end of the link, there are FreeBSD, Linux and Windoze boxes. Now the following table: FreeBSD <--> FreeBSD 10K/s FreeBSD <--> Linux 10K/s Solaris <--> Linux 30K/s Solaris <--> FreeBSD 20K/s Linux <--> FreeBSD 40K/s Linux <--> Linux 40K/s It would appear that linux boxes that are 2.0.x exhibit the same speed as FreeBSD --- it would appear that speed depends largely on the sender. I havn't done a packet dump yet... but why is Linux beating FreeBSD 4:1 and what can I do about it? Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 19:51:15 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D956114EED for ; Fri, 28 May 1999 19:51:10 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id WAA24826; Fri, 28 May 1999 22:50:54 -0400 (EDT) (envelope-from wollman) Date: Fri, 28 May 1999 22:50:54 -0400 (EDT) From: Garrett Wollman Message-Id: <199905290250.WAA24826@khavrinen.lcs.mit.edu> To: David Gilbert Cc: freebsd-net@FreeBSD.ORG Subject: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <14159.19240.129931.14715@trooper.velocet.ca> References: <14159.19240.129931.14715@trooper.velocet.ca> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I havn't done a packet dump yet... but why is Linux beating FreeBSD > 4:1 and what can I do about it? You don't say anything about the latency of the link, but here's my guess: The TCP retransmit timer is initialized to min(2, srtt + 4*rttvar). If your link is lossy, you'll probably be in retransmit a lot. Unfortunately, the TCP timers in -current are measured in 1/2-second intervals (a remnant from the VAX implementation), which means that the minimum retransmit timeout in FreeBSD is one second. This is probably an order of magnitude greater than the round-trip time. Linux and Solaris use different TCP timer implementations which have much higher-resolution timers. I have some work in progress which will fix this, and allow us to have retransmit timeouts measured in timer ticks. Unfortunately, it needs about 12 hours more work and I don't have the time or resources for that right now. (I'm also waiting on Warner to finish the PC-Card de-klugery so that I can update my laptop to -current again.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 21: 6:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from etri.re.kr (mail.etri.re.kr [129.254.9.28]) by hub.freebsd.org (Postfix) with ESMTP id 6FC2B14F65 for ; Fri, 28 May 1999 21:06:50 -0700 (PDT) (envelope-from kimch@etri.re.kr) Received: from etri.re.kr (kimch.etri.re.kr [129.254.191.142]) by etri.re.kr (8.8.8+Sun/8.8.8) with ESMTP id NAA00316 for ; Sat, 29 May 1999 13:02:52 +0900 (KST) Message-ID: <374F68DD.FF336F75@etri.re.kr> Date: Sat, 29 May 1999 13:11:09 +0900 From: Changhoon Kim X-Mailer: Mozilla 4.5 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Net Subject: Searching DiffServ Implementaion over FreeBSD ! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, folks . Currently, I've been searching for DiffServ implementation over FreeBSD, and I've found that ALTQ(Alternate Queueing) can be one of the solution. Unfortunately, since ALTQ does not support FORE's PCA-200E ATM PCI card, I need another DiffServ implementation. My kernel version is 3.1 Release and ALTQ version is 1.2 . Are there any other DiffServ implementation over FreeBSD available ? Or are there some practical information for me to change ALTQ to support PCA-200E ? Thanks in advance ! -- ========================================================== Changhoon Kim Internet Technology Research Dept. Switching & Transmission Technology Lab. Electronics and Telecommunications Research Institute(ETRI) 161 Kajong-dong, Yusong-gu, Taejon, 305-350, KOREA Tel: (Office) +82-42-860-5801, (Cell) +82-19-226-6305 E-mail: kimch@etri.re.kr * All Smiles, Everywhere and Everytime ! =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri May 28 21:52:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from thrall.infernious.net (unknown [209.83.158.6]) by hub.freebsd.org (Postfix) with ESMTP id 183B0153E9 for ; Fri, 28 May 1999 21:52:22 -0700 (PDT) (envelope-from ruiner@infernious.net) Received: (from uucp@localhost) by thrall.infernious.net (8.9.3/8.9.3) id XAA10469 for ; Fri, 28 May 1999 23:50:25 -0500 (CDT) (envelope-from ruiner@infernious.net) Received: from UNKNOWN(192.168.66.4), claiming to be "inferno" via SMTP by thrall.infernious.net, id smtpdx10273; Fri May 28 23:50:21 1999 Message-ID: <004301bea98f$1743f660$0442a8c0@inferno.infernious.net> From: "the.ruiner" To: Subject: ipfw, natd and IRC DCC Chat Date: Fri, 28 May 1999 23:52:44 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0040_01BEA965.2E2ACAE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0040_01BEA965.2E2ACAE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable We have successfully set up ipfw and natd using our dial-up (static IP), = but IRC DCC connections still fail. IPFW rules are: divert natd allow all deny all (default) natd command line is: natd -s -n tun0 All other internet protocols (FTP, DNS lookups, POP, SMTP, etc) work. Any ideas? Need more info? jc ------=_NextPart_000_0040_01BEA965.2E2ACAE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
We have successfully set up ipfw and = natd using=20 our dial-up (static IP), but IRC DCC connections still = fail.
 
IPFW rules are:
   divert = natd
   = allow=20 all
   deny all (default)
 
natd command line is:
   natd -s -n tun0
 
All other internet protocols (FTP, DNS lookups, POP, = SMTP,=20 etc) work.
Any ideas?  Need more info?
 
jc
 
------=_NextPart_000_0040_01BEA965.2E2ACAE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 29 4:12:13 1999 Delivered-To: freebsd-net@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id C1E3914C44 for ; Sat, 29 May 1999 04:12:10 -0700 (PDT) (envelope-from andreas@klemm.gtn.com) Received: from klemm.gtn.com (pppak04.gtn.com [194.231.123.169]) by picalon.gun.de (8.8.6/8.8.6) with ESMTP id NAA08678; Sat, 29 May 1999 13:11:54 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.3) id NAA09712; Sat, 29 May 1999 13:11:31 +0200 (CEST) (envelope-from andreas) Date: Sat, 29 May 1999 13:11:31 +0200 From: Andreas Klemm To: freebsd-net@FreeBSD.ORG, zebra@zebra.org, Kunihiro Ishiguro Subject: Re: OSPF eequal-cost paths, which algorithm, how exactly load balancing ? Message-ID: <19990529131131.A8802@titan.klemm.gtn.com> References: <19990528084002.A41138@titan.klemm.gtn.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <19990528084002.A41138@titan.klemm.gtn.com>; from Andreas Klemm on Fri, May 28, 1999 at 08:40:02AM +0200 X-Operating-System: FreeBSD 3.2-STABLE SMP X-Disclaimer: A free society is one where it is safe to be unpopular Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, thanks for the many people answering. I learned the following: a) turning off the fast cache on a Cisco Router with two 2 MBit serial lines puts too much load on the CPU and isn't suggested. b) The routing protocol only fills the routing table with two paths for the destination router / network. How the packets travel to the dstination network is a matter of the router operating system (IOS)... c) If the first packet arrives on the source router (the one who sits on the backbone from which two equal-cost paths lead to the destination router) the router doesn't find an entry in the fast cache and has to look up the routing-table. When finding a route it makes a "random" decision, which path to use, transmits the packet and makes an entry in the fast cache. d) the entry of the fast cache usually has a lifetime of about 10-15 seconds. Subsequent packets will choose the path which is in the fast cache which, and the fast cache will life for another 10-15 seconds. e) If no subsequent packets arrive the fast-cache times out. If a new packet arrives for the destination it starts again at c)... So my initial question wasn't correct, assuming the routing protocol had something to do with the transport through path 1 or 2 ... I thought I should give you something back, after increasing my learning courve ;-) Thanks again Andreas /// -- Andreas Klemm http://www.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 29 8:15:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id E026514CFD for ; Sat, 29 May 1999 08:15:50 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id LAA18902; Sat, 29 May 1999 11:15:41 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14160.1181.137755.84641@trooper.velocet.ca> Date: Sat, 29 May 1999 11:15:41 -0400 (EDT) To: Garrett Wollman Cc: David Gilbert , freebsd-net@FreeBSD.ORG Subject: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905290250.WAA24826@khavrinen.lcs.mit.edu> References: <14159.19240.129931.14715@trooper.velocet.ca> <199905290250.WAA24826@khavrinen.lcs.mit.edu> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Garrett" == Garrett Wollman writes: Garrett> < said: >> I havn't done a packet dump yet... but why is Linux beating FreeBSD >> 4:1 and what can I do about it? Garrett> The TCP retransmit timer is initialized to min(2, srtt + Garrett> 4*rttvar). If your link is lossy, you'll probably be in Garrett> retransmit a lot. Unfortunately, the TCP timers in -current Garrett> are measured in 1/2-second intervals (a remnant from the VAX Garrett> implementation), which means that the minimum retransmit Garrett> timeout in FreeBSD is one second. This is probably an order Garrett> of magnitude greater than the round-trip time. Linux and Garrett> Solaris use different TCP timer implementations which have Garrett> much higher-resolution timers. Since the real solution for this is some time in the future, what can I hack on quickly? If I can't change the timeout speed, can I change some other parameter that will help here? I'm taking a lot of flack that netcat port forwarding on a Sparc 1+ can beat our FreeBSD K6-2/400 Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat May 29 12:20:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id E115D14C97 for ; Sat, 29 May 1999 12:20:22 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id SAA15653; Sat, 29 May 1999 18:54:30 +0200 From: Luigi Rizzo Message-Id: <199905291654.SAA15653@labinfo.iet.unipi.it> Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 To: dgilbert@velocet.ca (David Gilbert) Date: Sat, 29 May 1999 18:54:30 +0200 (MET DST) Cc: wollman@khavrinen.lcs.mit.edu, dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG In-Reply-To: <14160.1181.137755.84641@trooper.velocet.ca> from "David Gilbert" at May 29, 99 11:15:22 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 978 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Since the real solution for this is some time in the future, what can > I hack on quickly? If I can't change the timeout speed, can I change > some other parameter that will help here? I'm taking a lot of flack > that netcat port forwarding on a Sparc 1+ can beat our FreeBSD > K6-2/400 one wonders what is your config and why you have high losses (congestion or what ?). Lowering the MTU in some cases might help because it keeps more packets in flight and lets fast retransmit act earlier. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 10:31:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id 6B9161508F for ; Sun, 30 May 1999 10:31:46 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id NAA25832; Sun, 30 May 1999 13:31:40 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14161.30204.750053.989577@trooper.velocet.ca> Date: Sun, 30 May 1999 13:31:40 -0400 (EDT) To: Luigi Rizzo Cc: dgilbert@velocet.ca (David Gilbert), wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905291654.SAA15653@labinfo.iet.unipi.it> References: <14160.1181.137755.84641@trooper.velocet.ca> <199905291654.SAA15653@labinfo.iet.unipi.it> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Luigi" == Luigi Rizzo writes: >> Since the real solution for this is some time in the future, what >> can I hack on quickly? If I can't change the timeout speed, can I >> change some other parameter that will help here? I'm taking a lot >> of flack that netcat port forwarding on a Sparc 1+ can beat our >> FreeBSD K6-2/400 Luigi> one wonders what is your config and why you have high losses Luigi> (congestion or what ?). Lowering the MTU in some cases might Luigi> help because it keeps more packets in flight and lets fast Luigi> retransmit act earlier. As I explained in my first message, we're providing our selves with ADSL. Since we are further than we should be from the other end, we only barely get a connection. However, this gives us 816K up and 680K down for about $10/month. It is worth some optimization on the link. Fast retransmit is an something that reacts in less than a second? Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 11:25:23 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 8B1FB14A2D for ; Sun, 30 May 1999 11:25:21 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id RAA17069; Sun, 30 May 1999 17:59:46 +0200 From: Luigi Rizzo Message-Id: <199905301559.RAA17069@labinfo.iet.unipi.it> Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 To: dgilbert@velocet.ca (David Gilbert) Date: Sun, 30 May 1999 17:59:46 +0200 (MET DST) Cc: dgilbert@velocet.ca, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG In-Reply-To: <14161.30204.750053.989577@trooper.velocet.ca> from "David Gilbert" at May 30, 99 01:31:21 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2104 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Luigi> one wonders what is your config and why you have high losses > Luigi> (congestion or what ?). Lowering the MTU in some cases might > Luigi> help because it keeps more packets in flight and lets fast > Luigi> retransmit act earlier. > > As I explained in my first message, we're providing our selves with > ADSL. Since we are further than we should be from the other end, we either i did not see it or i missed that part -- sorry. > only barely get a connection. However, this gives us 816K up and 680K > down for about $10/month. It is worth some optimization on the link. > Fast retransmit is an something that reacts in less than a second? it reacts at the third duplicate ack, meaning 3 good packets after a loss. If you manage to have st least 4-5 pkts in flight you have a chance to trigger fast restransmit. Furthermore short packets in your case might reduce the pkt loss rate (for a given BER). In your case all standard TCP mechanisms will help very little, because they are end-2-end and furthermore they assume congestion-related loss, not noise-related loss. SACK probably won't help you because SACK need support on both sides (which is actually end-to-end for the way they work). short timeouts might be a solution in your case, but only in one direction unless you have access to _both_ sides of the ADSL link. If you have access to both sides of the adsl link, i think you might more effectively implement link-level retransmits (i am not sure, but it might be that ppp already does this). It could be a relatively simple project to implement within a FreeBSD-based router or bridge cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 17:18: 0 1999 Delivered-To: freebsd-net@freebsd.org Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (Postfix) with ESMTP id 8127A14F42 for ; Sun, 30 May 1999 17:17:53 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.3/8.9.3) id RAA14008; Sun, 30 May 1999 17:17:45 -0700 (PDT) Message-Id: <199905310017.RAA14008@stennis.ca.sandia.gov> X-Mailer: exmh version 2.1.0 04/14/1999 To: Luigi Rizzo Cc: dgilbert@velocet.ca (David Gilbert), wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: Your message of "Sun, 30 May 1999 17:59:46 +0200." <199905301559.RAA17069@labinfo.iet.unipi.it> From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1604981672P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sun, 30 May 1999 17:17:45 -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_1604981672P Content-Type: text/plain; charset=us-ascii If memory serves me right, Luigi Rizzo wrote: > If you have access to both sides of the adsl link, i think you might > more effectively implement link-level retransmits (i am not sure, but > it might be that ppp already does this). > > It could be a relatively simple project to implement within a > FreeBSD-based router or bridge Some of my former colleagues at UC Berkeley did some rather nifty work (IMHO) in this area. Although originally designed for use with (lossy) wireless LANs, it sounds applicable in this environment: http://www.cs.berkeley.edu/~hari/papers/snoop.html It's designed for the case of TCP segments passing over a lossy link, where you have control of the router/gateway/base station on the far ("upstream") side. "Snoop" is aware of the contents of TCP segments passing through the router, and performs local retransmissions of segments according to some criteria (that I used to remember but can't now). The high-order-bit is that the snoop agent can detect (and initiate) retransmission faster than the normal end-to-end TCP algorithms would. No modification is necessary to the endpoints. They have code for BSD/OS 3.0 and 2.1. Having never looked at the code, it'd be pure speculation on my part to venture an opinion on how portable it is. Hope this helps, Bruce. --==_Exmh_1604981672P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBN1HVKajOOi0j7CY9AQFF+QP/eDF4TubKhrRURpUsmxPgykBtjc2wPYgp xFEOLvpuPAvqVLtQL9oMjkJT406xM8NITg8ZRTIAJUNKRJUIaOWdQR6BDIYuVbFM pPR3sYoS2LngaZ/UF7FlzmMJlPPSSPh7gV9XL5SPOWguzjlMe2WLVEaBaEgN1IX+ sKgf05TYheg= =IgO1 -----END PGP MESSAGE----- --==_Exmh_1604981672P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 17:46:43 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 489BD14CB1 for ; Sun, 30 May 1999 17:46:39 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id UAA08480; Sun, 30 May 1999 20:46:38 -0400 (EDT) (envelope-from wollman) Date: Sun, 30 May 1999 20:46:38 -0400 (EDT) From: Garrett Wollman Message-Id: <199905310046.UAA08480@khavrinen.lcs.mit.edu> To: bmah@CA.Sandia.GOV Cc: freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905310017.RAA14008@stennis.ca.sandia.gov> References: <199905301559.RAA17069@labinfo.iet.unipi.it> <199905310017.RAA14008@stennis.ca.sandia.gov> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < Some of my former colleagues at UC Berkeley did some rather nifty > work (IMHO) in this area. Although originally designed for use with > (lossy) wireless LANs, it sounds applicable in this environment: > http://www.cs.berkeley.edu/~hari/papers/snoop.html Hari is now here at LCS; see for some of his current research. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 20:14:10 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id ED47214CD5 for ; Sun, 30 May 1999 20:13:55 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id XAA01592; Sun, 30 May 1999 23:13:49 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14161.65132.912907.525115@trooper.velocet.ca> Date: Sun, 30 May 1999 23:13:48 -0400 (EDT) To: Luigi Rizzo Cc: dgilbert@velocet.ca (David Gilbert), wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905301559.RAA17069@labinfo.iet.unipi.it> References: <14161.30204.750053.989577@trooper.velocet.ca> <199905301559.RAA17069@labinfo.iet.unipi.it> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Luigi" == Luigi Rizzo writes: >> Fast retransmit is an something that reacts in less than a second? Luigi> it reacts at the third duplicate ack, meaning 3 good packets Luigi> after a loss. If you manage to have st least 4-5 pkts in flight Luigi> you have a chance to trigger fast restransmit. Furthermore Luigi> short packets in your case might reduce the pkt loss rate (for Luigi> a given BER). Luigi> In your case all standard TCP mechanisms will help very little, Luigi> because they are end-2-end and furthermore they assume Luigi> congestion-related loss, not noise-related loss. I tried using a -mtu on the route in question of 500 and 100. 100 was very slow. 500 was about the same as the default. Luigi> If you have access to both sides of the adsl link, i think you Luigi> might more effectively implement link-level retransmits (i am Luigi> not sure, but it might be that ppp already does this). Luigi> It could be a relatively simple project to implement within a Luigi> FreeBSD-based router or bridge Unfortunately, I don't have access to the link layer. The routers are ascend --- but I do have control of both ends. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 22:25:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 853A914D9B for ; Sun, 30 May 1999 22:25:48 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id FAA18044; Mon, 31 May 1999 05:00:18 +0200 From: Luigi Rizzo Message-Id: <199905310300.FAA18044@labinfo.iet.unipi.it> Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 To: dgilbert@velocet.ca (David Gilbert) Date: Mon, 31 May 1999 05:00:18 +0200 (MET DST) Cc: dgilbert@velocet.ca, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG In-Reply-To: <14161.65132.912907.525115@trooper.velocet.ca> from "David Gilbert" at May 30, 99 11:13:29 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1074 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Luigi> If you have access to both sides of the adsl link, i think you > Luigi> might more effectively implement link-level retransmits (i am > Luigi> not sure, but it might be that ppp already does this). > > Luigi> It could be a relatively simple project to implement within a > Luigi> FreeBSD-based router or bridge > > Unfortunately, I don't have access to the link layer. The routers are > ascend --- but I do have control of both ends. so you can still do the job -- just put two FBSD bridges next to the ethernet port of the ascend's and let them implement the local retransmit. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun May 30 22:35:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id A136014EF4 for ; Sun, 30 May 1999 22:35:33 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id FAA18066; Mon, 31 May 1999 05:09:59 +0200 From: Luigi Rizzo Message-Id: <199905310309.FAA18066@labinfo.iet.unipi.it> Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 To: bmah@CA.Sandia.GOV Date: Mon, 31 May 1999 05:09:58 +0200 (MET DST) Cc: dgilbert@velocet.ca, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG In-Reply-To: <199905310017.RAA14008@stennis.ca.sandia.gov> from "Bruce A. Mah" at May 30, 99 05:17:26 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1936 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > If memory serves me right, Luigi Rizzo wrote: > > > If you have access to both sides of the adsl link, i think you might > > more effectively implement link-level retransmits (i am not sure, but > > it might be that ppp already does this). > > > > It could be a relatively simple project to implement within a > > FreeBSD-based router or bridge > > Some of my former colleagues at UC Berkeley did some rather nifty > work (IMHO) in this area. Although originally designed for use with > (lossy) wireless LANs, it sounds applicable in this environment: yes, i did have hari's work in mind when i wrote the msg, although this case is simpler in a sense, but also might need one to deal with UDP traffic as well. The trivial way to implement this is by encapsulating pkts, with the disadvantage that in some cases one might hit against the MTU of the path. As an alternative one could periodically (but frequently) send an extra pkt with the headher (or some checksum) of the transmitted pkt, and the receiver ought to reply with same info for received packets. very short timeouts (0.1s or so) should be used to recover missing link-acks, or missing packets. I remember long ago we had a pair of Wellfleet routers which could do local retransmission on the point-to-point link, i think much like error-correcting modems do these days (except that such modems operate only on the last-sent packet, whereas i guess you want a slightly larger window. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 6:35: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id 053B614BF1 for ; Mon, 31 May 1999 06:34:59 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id JAA18546; Mon, 31 May 1999 09:34:43 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14162.36850.611680.632521@trooper.velocet.ca> Date: Mon, 31 May 1999 09:34:42 -0400 (EDT) To: Luigi Rizzo Cc: bmah@CA.Sandia.GOV, dgilbert@velocet.ca, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905310309.FAA18066@labinfo.iet.unipi.it> References: <199905310017.RAA14008@stennis.ca.sandia.gov> <199905310309.FAA18066@labinfo.iet.unipi.it> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Luigi" == Luigi Rizzo writes: [trying to improve my packet-loss performance] Luigi> The trivial way to implement this is by encapsulating pkts, Luigi> with the disadvantage that in some cases one might hit against Luigi> the MTU of the path. As an alternative one could periodically One problem with the MTU-type solutions is that the other machine in question is only 12ms away. 36 packets transmitted, 35 packets received, 2% packet loss round-trip min/avg/max/stddev = 12.418/12.798/16.146/0.732 ms ... so there's not a lot of room for several packets to be in transit. I had a look at the code mentioned, but it's beyond me (at least at my current amount of business) to modify that code. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 6:38:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id D734714BF1 for ; Mon, 31 May 1999 06:38:44 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id JAA18669; Mon, 31 May 1999 09:38:24 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14162.37071.546060.298675@trooper.velocet.ca> Date: Mon, 31 May 1999 09:38:23 -0400 (EDT) To: Luigi Rizzo Cc: dgilbert@velocet.ca (David Gilbert), wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 In-Reply-To: <199905310300.FAA18044@labinfo.iet.unipi.it> References: <14161.65132.912907.525115@trooper.velocet.ca> <199905310300.FAA18044@labinfo.iet.unipi.it> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Luigi" == Luigi Rizzo writes: Luigi> If you have access to both sides of the adsl link, i think you Luigi> might more effectively implement link-level retransmits (i am Luigi> not sure, but it might be that ppp already does this). >> Luigi> It could be a relatively simple project to implement within a Luigi> FreeBSD-based router or bridge >> Unfortunately, I don't have access to the link layer. The routers >> are ascend --- but I do have control of both ends. Luigi> so you can still do the job -- just put two FBSD bridges next Luigi> to the ethernet port of the ascend's and let them implement the Luigi> local retransmit. I'm not positive how to do this. PPP does do retransmits, but it will only (AFAIK) use TCP as it's own transport --- which would suck. You'd need some udp transport for tunnels --- which would be writing your own retransmit code --- which would be rather like fixing the problem. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 9: 3: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 0AC9114D17 for ; Mon, 31 May 1999 09:02:22 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id PAA19176; Mon, 31 May 1999 15:36:21 +0200 From: Luigi Rizzo Message-Id: <199905311336.PAA19176@labinfo.iet.unipi.it> Subject: Re: Linux and Solaris tcp beating FreeBSD 4:1 To: dgilbert@velocet.ca (David Gilbert) Date: Mon, 31 May 1999 15:36:20 +0200 (MET DST) Cc: dgilbert@velocet.ca, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG In-Reply-To: <14162.37071.546060.298675@trooper.velocet.ca> from "David Gilbert" at May 31, 99 09:38:04 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 406 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Luigi> so you can still do the job -- just put two FBSD bridges next > Luigi> to the ethernet port of the ascend's and let them implement the > Luigi> local retransmit. ... > You'd need some udp transport for tunnels --- which would be writing > your own retransmit code --- which would be rather like fixing the > problem. yes, unfortunately there is not an out-of-the-box solution... cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 11:20:47 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 224D414D09 for ; Mon, 31 May 1999 11:20:44 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id RAA19371; Mon, 31 May 1999 17:55:32 +0200 From: Luigi Rizzo Message-Id: <199905311555.RAA19371@labinfo.iet.unipi.it> Subject: natd question To: net@freebsd.org Date: Mon, 31 May 1999 17:55:32 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2191 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, there is one thing i don't fully understand about natd. I have a machine ("WIND") acting as a firewall between a local unregistered net (interface fxp0) and the rest of the internet (interface de0, using WIND as main address and MASQ as alias on de0). I can manage to make natd work by setting net.inet.ip.forwarding=1 on WIND. However, i thought i could achieve the same goal by setting net.inet.ip.forwarding=0, and just using the following sequence # incoming pkts for private hosts ipfw add 1000 skipto 2000 ip from PRIVATENET to MASQ recv de0 in # outgoing packets for external hosts ipfw add 1100 skipto 2000 ip from PRIVATENET to not PRIVATENET ipfw add 2000 divert natd ip from any to any ipfw add 2010 allow ip from any to any however running natd -verbose, i see that rule 1000 is matched, but the packet retains its original source IP, e.g. In [ICMP] 10.114.15.228 -> 131.114.9.5 aliased to 10.114.15.228 -> 131.114.9.5 and so when the packet is reinjected the local stack on WIND will drop it. When i set forwarding on, the input rule does the same thing, fortunately the pkt still goes out because there is a valid route entry on WIND, and then on the _outgoing_ path natd actually changes the src address. If i get it right, it seems that natd (i.e. libalias) will only change the SRC_IP on outgoing packets, and the DST_IP on incoming pkts. This is also consistent with the documentation, and it is obvious why (we would need to tell natd which one of the addresses to replace). But i wonder, is there a way to tell NATD to act straight on incoming packets, instead of forcing forwarding on, and having another pass through the firewall and the protocol stack ? cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 12:57:36 1999 Delivered-To: freebsd-net@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [209.167.225.226]) by hub.freebsd.org (Postfix) with ESMTP id 97AAE15332 for ; Mon, 31 May 1999 12:57:30 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id PAA00368; Mon, 31 May 1999 15:57:20 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14162.59808.260640.720788@trooper.velocet.ca> Date: Mon, 31 May 1999 15:57:20 -0400 (EDT) To: Luigi Rizzo Cc: net@FreeBSD.ORG Subject: natd question In-Reply-To: <199905311555.RAA19371@labinfo.iet.unipi.it> References: <199905311555.RAA19371@labinfo.iet.unipi.it> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Luigi" == Luigi Rizzo writes: Luigi> But i wonder, is there a way to tell NATD to act straight on Luigi> incoming packets, instead of forcing forwarding on, and having Luigi> another pass through the firewall and the protocol stack ? We realized this pretty early on because our firewall sees a large amount of traffic (800 or more K/s) only 10-20K/s of which needs natd. With a standard configuration, natd can consume a large amount of CPU to accomplish it's task. What we do is make natd run on an aliased interface (such that traffic would not normally go to/from it). Here's the relavant config: [I have abbreviated some of the output. tx0 external, tx1 internal] [1:25:325]root@hadrian:/u/dgilbert> ifconfig -a tx0: flags=8843 mtu 1500 inet ext.addr netmask 0xfffffff0 broadcast tx1: flags=8843 mtu 1500 inet int.addr1 netmask 0xfffffff0 broadcast inet int.addr2 netmask 0xfffffff0 broadcast [1:31:331]root@hadrian:/u/dgilbert> ipfw show | grep diver 10000 1540557 461442293 divert 8668 ip from 192.168.0.0/16 to any out xmit tx0 10002 172667 29213136 divert 8668 ip from 172.17.0.0/16 to any out xmit tx0 10010 2309105 2227895942 divert 8668 ip from any to int.addr2 in recv tx0 Then I run... natd -alias_address int.addr2 Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 13:10:21 1999 Delivered-To: freebsd-net@freebsd.org Received: from lanfear.nidlink.com (lanfear.nidlink.com [216.18.128.7]) by hub.freebsd.org (Postfix) with ESMTP id EC17915537 for ; Mon, 31 May 1999 13:10:18 -0700 (PDT) (envelope-from sworkman@nidlink.com) Received: from enaila.nidlink.com (root@enaila.nidlink.com [216.18.128.8]) by lanfear.nidlink.com (8.9.0/8.9.0) with ESMTP id NAA16193 for ; Mon, 31 May 1999 13:10:18 -0700 (PDT) Received: from hal.nidlink.com (tnt132-142.nidlink.com [216.18.132.142]) by enaila.nidlink.com (8.9.0/8.9.0) with ESMTP id NAA06565 for ; Mon, 31 May 1999 13:10:16 -0700 (PDT) Received: from hal.nidlink.com (localhost.nidlink.com [127.0.0.1]) by hal.nidlink.com (8.9.3/8.9.2) with ESMTP id NAA18109 for ; Mon, 31 May 1999 13:14:21 -0700 (PDT) (envelope-from sworkman@nidlink.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 31 May 1999 13:14:20 -0700 (PDT) Reply-To: sworkman@nidlink.com From: Shawn Workman To: freebsd-net@freebsd.org Subject: Dlink DFE-530TX Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am building another firewall/NATD box from spare parts. So far I have an AMD K6 233 MMX with 32 MB of Ram, 18 GB of disk space, FreeBSD 3.2 Stable and a Graphics Blaster Extreme 4 BM PCI Graphics card. I am now down to actually having to buy some parts :(, the network cards. I understand the 'You get what you pay for' theory but this box is not going to be on some corporate network just my network at home. The cards I am looking at are the D-Link DFE-530 TX cards. I plan on buying 2 of them for this particulay box. Does anyone know of any issues when using these cards? The last IPFW/NATD box I built used the Intel Pro 100 cards (fxp0), and they work very well, but I am not willing to lay out that kind of cash for cards in this box that will be mostly used for NATD on my private network. I noticed on the Hardware list from the FreeBSD site that the D-Link 530 cards are supported and there is no mention about them being un-reliable so I am thinking that there is no problem with these cards but I wanted to get some opinions from the list about these cards.. Thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 13:10:29 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 25B951554F for ; Mon, 31 May 1999 13:10:26 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id TAA19533; Mon, 31 May 1999 19:45:13 +0200 From: Luigi Rizzo Message-Id: <199905311745.TAA19533@labinfo.iet.unipi.it> Subject: Re: natd question To: dgilbert@velocet.ca (David Gilbert) Date: Mon, 31 May 1999 19:45:12 +0200 (MET DST) Cc: net@FreeBSD.ORG In-Reply-To: <14162.59808.260640.720788@trooper.velocet.ca> from "David Gilbert" at May 31, 99 03:57:01 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1388 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Luigi> But i wonder, is there a way to tell NATD to act straight on > Luigi> incoming packets, instead of forcing forwarding on, and having > Luigi> another pass through the firewall and the protocol stack ? > > We realized this pretty early on because our firewall sees a large > amount of traffic (800 or more K/s) only 10-20K/s of which needs > natd. With a standard configuration, natd can consume a large amount > of CPU to accomplish it's task. > > What we do is make natd run on an aliased interface (such that traffic > would not normally go to/from it). Here's the relavant config: yes, i already did that, and in fact at least natd only sees useful pkts now. However there is still a couple of useless passes through the firewall code (once a pkt is diverted, you know what to do with it, no need to do further analysis), plus having forwarding enabled makes me feel a bit uncomfortable... cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 14: 7: 3 1999 Delivered-To: freebsd-net@freebsd.org Received: from homer.web-ex.com (homer.web-ex.com [209.54.66.254]) by hub.freebsd.org (Postfix) with ESMTP id A351114A2E for ; Mon, 31 May 1999 14:07:00 -0700 (PDT) (envelope-from jim@web-ex.com) Received: from localhost (jim@localhost) by homer.web-ex.com (8.9.3/8.9.3) with ESMTP id SAA22245 for ; Mon, 31 May 1999 18:01:31 GMT (envelope-from jim@web-ex.com) X-Authentication-Warning: homer.web-ex.com: jim owned process doing -bs Date: Mon, 31 May 1999 18:01:31 +0000 (GMT) From: Jim Cassata To: net@FreeBSD.ORG Subject: Re: natd question In-Reply-To: <199905311745.TAA19533@labinfo.iet.unipi.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > yes, i already did that, and in fact at least natd only sees useful > pkts now. However there is still a couple of useless passes through the > firewall code (once a pkt is diverted, you know what to do with it, no > need to do further analysis), plus having forwarding enabled makes > me feel a bit uncomfortable... > IP forwarding is no risk when you are running "unroutable IPs" on the private side. Jim Cassata 516.421.6000 jim@web-ex.com Web Express 20 Broadhollow Road Suite 3011 Melville, NY 11747 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 17:25: 0 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rdc1.on.home.com (ha1.rdc1.on.wave.home.com [24.2.9.66]) by hub.freebsd.org (Postfix) with ESMTP id A016314DDE for ; Mon, 31 May 1999 17:24:58 -0700 (PDT) (envelope-from svetzal@icom.ca) Received: from blazer ([24.112.98.34]) by mail.rdc1.on.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <19990601002457.GRHG23601.mail.rdc1.on.home.com@blazer>; Mon, 31 May 1999 17:24:57 -0700 From: "Steven Vetzal" To: "'Jim Cassata'" , Subject: RE: natd question Date: Mon, 31 May 1999 20:28:47 -0400 Message-ID: <000501beabc5$b6f0e460$7ffea8c0@blazer.pr1.on.wave.home.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I tend to disagree with Jim's comment on "unroutable IPs" being no risk. They're no risk if you're positive the _other_ side of your link is clean, but there are far too many mismanaged routers out there that don't have unroutable ranges blocked, and if you're really paranoid, how do you know the router you're talking to hasn't been compromised and is handing you packets disguised as your own? Everything not in your control is suspect, and even all things you _think_ are in your control should be considered suspect. I agree with Luigi's (forgive me) paranoid approach... Steve -----Original Message----- From: owner-freebsd-net@FreeBSD.ORG [mailto:owner-freebsd-net@FreeBSD.ORG]On Behalf Of Jim Cassata Sent: May 31, 1999 2:02 PM To: net@FreeBSD.ORG Subject: Re: natd question > yes, i already did that, and in fact at least natd only sees useful > pkts now. However there is still a couple of useless passes through the > firewall code (once a pkt is diverted, you know what to do with it, no > need to do further analysis), plus having forwarding enabled makes > me feel a bit uncomfortable... > IP forwarding is no risk when you are running "unroutable IPs" on the private side. Jim Cassata 516.421.6000 jim@web-ex.com Web Express 20 Broadhollow Road Suite 3011 Melville, NY 11747 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon May 31 19:37: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 3059014BF1 for ; Mon, 31 May 1999 19:36:57 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id MAA27249 for net@freebsd.org; Tue, 1 Jun 1999 12:36:55 +1000 (EST) From: Darren Reed Message-Id: <199906010236.MAA27249@cheops.anu.edu.au> Subject: dummynet & bridging To: net@freebsd.org Date: Tue, 1 Jun 1999 12:36:54 +1000 (EST) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone run a system using dummynet with bridging in place and running at 100MBps ? i.e. briding two 100BaseT segments running at full speed. If so, what sort of performance problems (if any) did you see ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jun 1 11:41:55 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 2694714ED3 for ; Tue, 1 Jun 1999 11:41:50 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id SAA01772; Tue, 1 Jun 1999 18:12:04 +0200 From: Luigi Rizzo Message-Id: <199906011612.SAA01772@labinfo.iet.unipi.it> Subject: Re: dummynet & bridging To: avalon@coombs.anu.edu.au (Darren Reed) Date: Tue, 1 Jun 1999 18:12:04 +0200 (MET DST) Cc: net@FreeBSD.ORG In-Reply-To: <199906010236.MAA27249@cheops.anu.edu.au> from "Darren Reed" at Jun 1, 99 12:36:35 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1287 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Has anyone run a system using dummynet with bridging in place and running > at 100MBps ? i.e. briding two 100BaseT segments running at full speed. > If so, what sort of performance problems (if any) did you see ? bridging just throws away unwanted packets before passing through the firewall, and generally does not make additional copies of the packets (except perhaps for an m_pullup() which is also needed by the ip_fw code). So if a given machine can receive at full speed from one (or more) interfaces, while at the same time send at full speed on another one, then it can also bridge at full speed. dummynet overhead is constant per-packet, and i think the biggest part is the ipfw overhead. I once measured it on an old P90 (with slow memory) as some 4-6us entry time plus some 0.5us per rule. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jun 1 12: 5:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id AC65A14D5B for ; Tue, 1 Jun 1999 12:05:52 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id SAA01905; Tue, 1 Jun 1999 18:35:58 +0200 From: Luigi Rizzo Message-Id: <199906011635.SAA01905@labinfo.iet.unipi.it> Subject: Re: natd question To: svetzal@cujo2.icom.ca (Steven Vetzal) Date: Tue, 1 Jun 1999 18:35:58 +0200 (MET DST) Cc: jim@web-ex.com, net@FreeBSD.ORG In-Reply-To: <000501beabc5$b6f0e460$7ffea8c0@blazer.pr1.on.wave.home.com> from "Steven Vetzal" at May 31, 99 08:28:28 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 924 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I tend to disagree with Jim's comment on "unroutable IPs" being no risk. > They're no risk if you're positive the _other_ side of your link is clean, ... and the firewall machine itself, requires much tighter rules when forwarding is enable than when it is not. > I agree with Luigi's (forgive me) paranoid approach... i am usually not, but on one side we have an engineering students' lab with over 100 machines, shouldn't i be worried :) cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) http://www.iet.unipi.it/~luigi/ngc99/ ==== First International Workshop on Networked Group Communication ==== -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jun 1 16:52:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from mullian.ee.mu.OZ.AU (mullian.ee.mu.OZ.AU [128.250.77.2]) by hub.freebsd.org (Postfix) with ESMTP id 30CBA14D20 for ; Tue, 1 Jun 1999 16:52:14 -0700 (PDT) (envelope-from m.summerfield@ee.mu.oz.au) Received: from m-summerfield.ee.mu.oz.au (m-summerfield.ee.mu.OZ.AU [128.250.79.188]) by mullian.ee.mu.OZ.AU (8.9.1a/8.9.1) with SMTP id JAA15035 for ; Wed, 2 Jun 1999 09:52:13 +1000 (EST) Message-Id: <199906012352.JAA15035@mullian.ee.mu.OZ.AU> X-Sender: summer@mullian.ee.mu.oz.au X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 02 Jun 1999 09:51:55 +1000 To: freebsd-net@freebsd.org From: Mark Summerfield Subject: Interface implementation and ARP under FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi freebsd-net'ers, I'm developing a driver for an experimental network interface. Currently my development system is running FreeBSD 2.2.7. The system has an Ethernet interface (xl0) and the experimental interface (exp0). I'm having real trouble getting address resolution going for my interface. I know that the BSD implementation of ARP is fairly "ethernet-centric", but I also know that it does work for networks that have ethernet-like addressing (e.g. FDDI). Incoming packets are OK -- I can e.g. construct an ICMP packet addressed to a host on the local ethernet, send it into the experimental interface, and, with ipforwarding enabled, "see" (with tcpdump on another host) it emerge from the Ethernet interface. This implies that the packet is correctly received on exp0, passed up the IP stack, and routed out of xl0 intact. Sending IP packets out of the experimental interface is another matter. If I configure exp0 with "inet 10.0.0.1 netmask 255.255.255.0" then "ping 10.0.0.2" my output code calls arpresolve(), and I expect my output function to be called again, by arprequest(), since the address is not yet resolved. Instead I get the message "arpresolve: can't allocate llinfo". I've looked at the source, and consulted the bible (Wright and Stevens), and I believe that what it's really telling me is that it can't infer the route (i.e. interface exp0) to 10.0.0.2, and hence can't work out which interface to send the ARP request on -- it's not an actual allocation failure, nor is it one of the conditions explicitly trapped and reported by arplookup(). I think I must have misconfigured something, either in my interface initialisation, or via "ifconfig". I *can* "ping 10.0.0.255" and generate broadcast echo-requests with a correct source address of 10.0.0.1 on the experimental interface (since arpresolve() automatically resolves packets with the M_BCAST flag set to the ethernet broadcast address). The (duplex) experimental interface then receives an echo-request and passes it up -- and the attempt to generate a (unicast) echo-reply then results in the error above. The relevant output of "netstat -r -n", "ifconfig xl0" and "ifconfig exp0" is (note that tcpdump is running, so the PROMISC flag on xl0 is set): Routing tables Internet: Destination Gateway Flags Refs Use Netif default 128.250.79.129 UGSc 2 0 xl0 10/24 10.0.0.1 Uc 0 0 exp0 127.0.0.1 127.0.0.1 UH 0 0 lo0 128.250.79.128/25 link#3 UC 0 0 xl0: flags=8943 mtu 1500 inet 128.250.79.184 netmask 0xffffff80 broadcast 128.250.79.255 ether 00:60:97:8a:37:b9 exp0: flags=3 mtu 9180 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 lladdr 00:60:97:8a:37:b9 Note that my link-level addresses are Ethernet compatible (this was done specifically to try to get ARP to work with a minimum of fuss). I have, in fact, just used the address of the Ethernet interface on each host, since the choice is essentially arbitrary and this makes identifying the source of packets easy. The difference is that ifconfig reports the Ethernet address as "ether" (since it's of type IFT_ETHER), and the experimental LL address as "lladdr", since it's type IFT_OTHER. Any hints as to what it is I'm doing wrong would be greatly appreciated. Thanks, Mark ---- Dr. Mark Summerfield Australian Photonics Cooperative Research Centre Photonics Research Laboratory Dept. of Electrical and Electronic Engineering The University of Melbourne Parkville, 3052 AUSTRALIA Phone: +61 3 9344 7419 Fax: +61 3 9344 6678 Email: m.summerfield@ieee.org WWW: http://www.ee.mu.oz.au/staff/summer/index.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jun 1 17:15: 5 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id C1688157D6 for ; Tue, 1 Jun 1999 17:15:01 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id UAA18887; Tue, 1 Jun 1999 20:14:55 -0400 (EDT) (envelope-from wollman) Date: Tue, 1 Jun 1999 20:14:55 -0400 (EDT) From: Garrett Wollman Message-Id: <199906020014.UAA18887@khavrinen.lcs.mit.edu> To: Mark Summerfield Cc: freebsd-net@FreeBSD.ORG Subject: Interface implementation and ARP under FreeBSD In-Reply-To: <199906012352.JAA15035@mullian.ee.mu.OZ.AU> References: <199906012352.JAA15035@mullian.ee.mu.OZ.AU> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I'm developing a driver for an experimental network interface. Currently > my development system is running FreeBSD 2.2.7. That is a really ancient release. You should consider upgrading to a more modern system. > Sending IP packets out of the experimental interface is another matter. > If I configure exp0 with "inet 10.0.0.1 netmask 255.255.255.0" then > "ping 10.0.0.2" my output code calls arpresolve(), and I expect my output > Instead I get the message "arpresolve: can't allocate llinfo". I've > 10/24 10.0.0.1 Uc 0 0 exp0 > 128.250.79.128/25 link#3 UC 0 0 This is actually the one important part of the information you provided. Note the difference between the two lines. This indicates that the correct flavor of route is not being constructed to represent your experimental interface. Both of these lines should look the same. In particular note the erroneous type of the destination address (AF_INET and not AF_LINK) and the absence of the RTF_CLONING flag on the route. This suggests that you are not correctly initializing ARP on your interface; this is done by the arp_ifinit() function which I introduced in rev. 1.9 of netinet/if_ether.c on 1994/12/22 and has been in every release since 2.0.5. See any Ethernet driver for details. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jun 1 17:33: 4 1999 Delivered-To: freebsd-net@freebsd.org Received: from grizzly.fas.com (cc69528-a.mtpls1.sc.home.com [24.6.61.166]) by hub.freebsd.org (Postfix) with ESMTP id 79DFB14E63 for ; Tue, 1 Jun 1999 17:32:54 -0700 (PDT) (envelope-from stanb@awod.com) Received: by grizzly.fas.com ($Revision: 1.37.109.23 $/16.2) id AA190363564; Tue, 1 Jun 1999 20:32:45 -0400 Subject: Netscape with SOCKS proxy, help please. To: freebsd-net@FreeBSD.ORG (FreBSD networking list) Date: Tue, 1 Jun 1999 20:32:43 -0400 (EDT) From: "Stan Brown" X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 5124 Message-Id: <19990602003257.79DFB14E63@hub.freebsd.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a laptop that dual boots into FreeBSD 3.2, and windoze NT 4.0 It uses the exact same IP address in both OS'es. Under NT I can use Netscape 4 to access the outside wordl via a corportae SOCKS server. I have configure Netscape identicly on the FreeBSD side (Just SOCKS host and port no.), But it does not work. In an effort to aid in troubleshooting this I have built the SOCKS port. Beleow are the results of some test I conducted using this: Script started on Tue Jun 1 12:43:44 1999 ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ cat /usr/local/etc/libsocks5.conf socks4 - - - - 170.85.17.10:1080 noproxy - 170.85. - - ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ set | grep SOC SOCKS5_DEBUG=3 SOCKS5_LOG_STDERR=TRUE SOCKS5_USER=SDBROWN SOCKS_DEBUG=3 ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ nslookup fw.westvaco.com Server: ns.westvaco.com Address: 170.85.11.12 Name: fw.westvaco.com Address: 170.85.17.10 ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ telnet fw.westvaco.com 1080 Trying 170.85.17.10... Connected to fw.westvaco.com. Escape character is '^]'. ^] telnet> quit Connection closed. ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ runsocks telnet www.netcom.com 80 00873: NEC NWSL Socks5 v1.0r8 library Trying 206.217.29.11... 00873: lsReadResponse: read: Can't assign requested address telnet: Unable to connect to remote host: Connection refused ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ rftp ftp.netcom.com 00881: NEC NWSL Socks5 v1.0r8 library 00881: lsReadResponse: read: Can't assign requested address ftp: connect: Connection refused ftp> quit ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ rftp netcom.com 00882: NEC NWSL Socks5 v1.0r8 library 00882: lsReadResponse: read: Can't assign requested address ftp: connect to address 192.100.81.131: Connection refused Trying 192.100.81.132... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.132: Connection refused Trying 192.100.81.100... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.100: Connection refused Trying 192.100.81.108... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.108: Connection refused Trying 192.100.81.103... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.103: Connection refused Trying 192.100.81.107... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.107: Connection refused Trying 192.100.81.114... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.114: Connection refused Trying 192.100.81.117... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.117: Connection refused Trying 192.100.81.119... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.119: Connection refused Trying 192.100.81.120... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.120: Connection refused Trying 192.100.81.121... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.121: Connection refused Trying 192.100.81.124... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.124: Connection refused Trying 192.100.81.125... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.125: Connection refused Trying 192.100.81.126... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.126: Connection refused Trying 192.100.81.128... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.128: Connection refused Trying 192.100.81.129... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect to address 192.100.81.129: Connection refused Trying 192.100.81.130... 00882: lsReadResponse: read: Socket operation on non-socket ftp: connect: Connection refused ftp> quit ]0;stan@brown.westvaco.com;/home/stanstan@brown.westvaco.com:/home/stan $ Script done on Tue Jun 1 12:45:56 1999 I would really like to get this working, since this is the last remaining reason to reboot inot NT to preform my job. This is all new ground to me, and I would appreciate any and all advice and help. Thanks. -- Stan Brown stanb@netcom.com 843-745-3154 Westvaco Charleston SC. -- Windows 98: n. useless extension to a minor patch release for 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition. - (c) 1999 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 8:48:31 1999 Delivered-To: freebsd-net@freebsd.org Received: from lyonnet.dtr.fr (lyonnet.dtr.fr [194.51.33.100]) by hub.freebsd.org (Postfix) with ESMTP id 0311714BE7 for ; Wed, 2 Jun 1999 08:46:45 -0700 (PDT) (envelope-from david.robert@mail.dotcom.fr) Received: from gw.admin.hexaflux.loc (lsi168.dtr.fr [195.6.83.168]) by lyonnet.dtr.fr (8.8.5/8.8.5) with ESMTP id RAA13421 for ; Wed, 2 Jun 1999 17:46:44 +0200 Received: from mail.dotcom.fr (netsante1.agence.toulouse.hexaflux.loc [192.168.30.50]) by gw.admin.hexaflux.loc (8.8.7/8.8.7) with ESMTP id RAA32407 for ; Wed, 2 Jun 1999 17:52:49 +0200 Message-ID: <375552C1.53DB4726@mail.dotcom.fr> Date: Wed, 02 Jun 1999 17:50:25 +0200 From: David ROBERT X-Mailer: Mozilla 4.5 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Problem with dummynet Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I use dummynet to limit ftp transferts bandwith : # Une bp de 50kbits/s ipfw pipe 1 config bw 50Kbit/s # Filtrage du ftp ipfw add pipe 1 tcp from any 20 to any ipfw add pipe 1 udp from any 20 to any 50Kbits/s is pretty slow but I use LL at 64Kbit/s. It works, not as good as I wish because when I look how me file (using ftp) is tranmitted (hash fonctionnality of any ftp client), it looks like my file is uploaded using big blocks of data with a delay between. So even if the file takes more time to be uploaded, my telnet session are slow. Maybe I should use the buffer functionnality, but I don't understand what is this functionnality. I have another problem I've seen today because I was doing some tests. I used the BW restiction as show before (the ipfw commands). But when I want to test my uploads without the pipes, I do a "ipfw flush" and after my upload is really slower, not usable... It looks like the rules are flushed (ipfw list) but my ftp data goes somewhere else... Any Idea ? David ROBERT (sorry for my english). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 10:17:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id 6C27D14A09 for ; Wed, 2 Jun 1999 10:17:47 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id QAA03752; Wed, 2 Jun 1999 16:47:47 +0200 From: Luigi Rizzo Message-Id: <199906021447.QAA03752@labinfo.iet.unipi.it> Subject: Re: Problem with dummynet To: david.robert@mail.dotcom.fr (David ROBERT) Date: Wed, 2 Jun 1999 16:47:46 +0200 (MET DST) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <375552C1.53DB4726@mail.dotcom.fr> from "David ROBERT" at Jun 2, 99 05:50:06 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1548 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I use dummynet to limit ftp transferts bandwith : > > # Une bp de 50kbits/s > ipfw pipe 1 config bw 50Kbit/s > > # Filtrage du ftp > ipfw add pipe 1 tcp from any 20 to any > ipfw add pipe 1 udp from any 20 to any > > 50Kbits/s is pretty slow but I use LL at 64Kbit/s. > > It works, not as good as I wish because when I look > how me file (using ftp) is tranmitted (hash fonctionnality > of any ftp client), it looks like my file is uploaded > using big blocks of data with a delay between. So even if it depends on the MTU of your interface. if it is 1500 bytes as usually is, you have these 12000 bits packets to flush (0.2s) and telnet looks slow. You'd have to reduce the mtu to 576 or so to get better interactive performance. > the file takes more time to be uploaded, my telnet session are > slow. Maybe I should use the buffer functionnality, but I don't > understand what is this functionnality. > > I have another problem I've seen today because I was doing > some tests. I used the BW restiction as show before (the ipfw > commands). But when I want to test my uploads without the pipes, > I do a "ipfw flush" and after my upload is really slower, not > usable... It looks like the rules are flushed (ipfw list) but > my ftp data goes somewhere else... > > Any Idea ? not on this one... sorry. cheers luigi > > David ROBERT > (sorry for my english). your english is ok, don't need to apologise luigi > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 10:27: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from scoisntc02.Scott.af.mil (scoisntc02.scott.af.mil [140.175.36.48]) by hub.freebsd.org (Postfix) with ESMTP id 47FA614C30 for ; Wed, 2 Jun 1999 10:26:40 -0700 (PDT) (envelope-from Joel.Clark@scott.af.mil) Received: by scoisntc02.scott.af.mil with Internet Mail Service (5.5.2232.9) id ; Wed, 2 Jun 1999 12:27:49 -0500 Message-ID: From: Clark Joel A1C AMC CSS To: "'net@freebsd.org'" Subject: Routers and such Date: Wed, 2 Jun 1999 12:27:32 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org When does a router become necessary? I assume since our private TCP/IP works fine (firewall, natd, etc), that it isn't always necessary. jc -- A1C Joel S. Clark Rapid Applications Developer 01010101010100110100000101000110 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 10:44: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from poboxer.pobox.com (unknown [208.149.16.30]) by hub.freebsd.org (Postfix) with ESMTP id 74E2815108 for ; Wed, 2 Jun 1999 10:43:45 -0700 (PDT) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id MAA17961; Wed, 2 Jun 1999 12:43:43 -0500 (CDT) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Wed, 2 Jun 1999 12:43:42 -0500 (CDT) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: freebsd-net@FreeBSD.ORG Subject: Re: Problem with dummynet References: <375552C1.53DB4726@mail.dotcom.fr> <199906021447.QAA03752@labinfo.iet.unipi.it> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14165.27852.312794.365576@avalon.east> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoth Luigi Rizzo on Wed, 2 June: : : You'd have to reduce the mtu to 576 or so to get better : interactive performance. : I find that when I lower an MTU, the interface no longer will support UDP NFS. Not surprising, that, but worth noting before you do it, at least, to avoid any subsequent puzzlement. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 22:56:28 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id D7A9114C8B for ; Wed, 2 Jun 1999 22:56:24 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id WAA17638; Wed, 2 Jun 1999 22:56:22 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id WAA29594; Wed, 2 Jun 1999 22:56:22 -0700 Received: from softweyr.com ([204.68.178.39]) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA18547; Wed, 2 Jun 99 22:56:17 PDT Message-Id: <37561900.31438124@softweyr.com> Date: Wed, 02 Jun 1999 23:56:16 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Clark Joel A1C AMC CSS Cc: "'net@freebsd.org'" Subject: Re: Routers and such References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Clark Joel A1C AMC CSS wrote: > > When does a router become necessary? I assume since our private TCP/IP > works fine (firewall, natd, etc), that it isn't always necessary. A router is necessary when the machine you're using becomes to slow to handle the load. There's no reason why you can't just grab another FreeBSD machine and build a router on it. Even a P100 can easily keep up with DSL, Cable Modem, or T1 speeds. ISDN or analog modems are no problem, as long as you get good serial ports. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jun 2 23:34:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (Postfix) with ESMTP id 0F54514E7A for ; Wed, 2 Jun 1999 23:34:20 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.3/8.9.3) id XAA15154; Wed, 2 Jun 1999 23:34:12 -0700 (PDT) Message-Id: <199906030634.XAA15154@stennis.ca.sandia.gov> X-Mailer: exmh version 2.1.0 04/14/1999 To: Wes Peters Cc: Clark Joel A1C AMC CSS , "'net@freebsd.org'" Subject: Re: Routers and such In-Reply-To: Your message of "Wed, 02 Jun 1999 23:56:16 MDT." <37561900.31438124@softweyr.com> From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1999846389P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 02 Jun 1999 23:34:11 -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_-1999846389P Content-Type: text/plain; charset=us-ascii If memory serves me right, Wes Peters wrote: > Clark Joel A1C AMC CSS wrote: > > > > When does a router become necessary? I assume since our private TCP/IP > > works fine (firewall, natd, etc), that it isn't always necessary. > > A router is necessary when the machine you're using becomes to slow > to handle the load. There's no reason why you can't just grab another > FreeBSD machine and build a router on it. Even a P100 can easily keep > up with DSL, Cable Modem, or T1 speeds. ISDN or analog modems are no > problem, as long as you get good serial ports. That's true for one particular environment (small network attached to a consumer ISP, where everything goes through a single gateway). When I first read this question, however, I thought, "When you can't put all your hosts on a single subnet and you need to build an internetwork." I'm thinking of a campus network setting, and it's not clear to me which environment the original question was addressing. Cheers, Bruce. --==_Exmh_-1999846389P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBN1Yh46jOOi0j7CY9AQFSoAQAihzzd9yfoySxDMvIYghGlXnv0rZ1lVm8 snvy6js2GkmR3elTEIT1Fr/FlAjkDziNHvGHqI+BVwBHjTzdELbLJfrumXFV5uO5 SERw1BHENpXldJWfPpODMThUlC4muPgU4GXXcySenbJvDQWDVB1Q/L+AyEV1dc9P CZqpbFZXlKY= =RdDb -----END PGP MESSAGE----- --==_Exmh_-1999846389P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 4:37: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id D04AF14C20 for ; Thu, 3 Jun 1999 04:37:04 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Thu, 3 Jun 1999 12:34:17 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id MAA01252 for ; Thu, 3 Jun 1999 12:36:23 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Thu, 3 Jun 1999 12:36:23 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: IPv6 browser Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Which browsers are IPv6 capable? I only know Mozilla which required Motif (not free) and mmm which is not very simple to install ( need ocaml, ocamltk41, tcl, tk, XFree86.3.3.3 ) Do you know a best one or a simpler way to have an Ipv6 compatible browser? - I'm currently using netscape 4.5 on freebsd 3.1 / XFree - A patch to this browser would be the best for me. thanks seb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 6:22:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from etri.re.kr (mail.etri.re.kr [129.254.9.28]) by hub.freebsd.org (Postfix) with ESMTP id 63DDE15272 for ; Thu, 3 Jun 1999 06:22:23 -0700 (PDT) (envelope-from kimch@etri.re.kr) Received: from etri.re.kr (kimch.etri.re.kr [129.254.191.142]) by etri.re.kr (8.8.8+Sun/8.8.8) with ESMTP id WAA15184 for ; Thu, 3 Jun 1999 22:18:19 +0900 (KST) Message-ID: <37568294.1AF6876E@etri.re.kr> Date: Thu, 03 Jun 1999 22:26:45 +0900 From: Changhoon Kim X-Mailer: Mozilla 4.5 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Net Subject: Problematic behavior of FTPD or Fast Ethernet Driver ... Content-Type: text/plain; charset=EUC-KR Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, folks ! I have a network which can be simply modelized into a diagram below. +----+ (A) --------- | | |HUB|--------(C)========== [B]--------- | | +-- -+ (A) and (C) is FreeBSD 3.1, is Redhat Linux 6.0, and (B) is Windows 98 machine respectively. Lines denoted as "---------" are Fast Ethernet, and the other line denoted as "========" is ATM 155M PVC. Therefore, (C) has two NICs, one is for Fast Ethernet, and the other is Fore's PCA-200E ATM PCI NIC. Of course, the HUB is capable of transmitting packets at up to 100 Mbps. It has been observed that user can transfer files at about 40 Mbps from [B] to by means of FTP. During this process, (C) plays a role of router. Therefore, It seem like that (C) does not access HDD during this process. However, file transfer speed between (C) to (A) could NOT surpass 0.3 Mbps when the two end points of the FTP process are (A) and (C). Meanwhile, [B] - Win98 host - could transfer files at about 20 Mbps or over between (C) and itself. Isn't this situation problematic ? Any good remedis for this unreasonable situation of host (C) and (A) ? Where is the origin of this abnormal behavior ? FTPD, Fast Ethernet Driver, or TCP/IP stack implementation ? I'm using SMC's EZ 1211 Fast Ethernet card. and the physical device name detected by FreeBSD kernel is "rl0". But, I have no idea about this card has some relation with RealTek chipset ... Wish your replies. TIA ! -- ========================================================== Changhoon Kim Internet Technology Research Dept. Switching & Transmission Technology Lab. Electronics and Telecommunications Research Institute(ETRI) 161 Kajong-dong, Yusong-gu, Taejon, 305-350, KOREA Tel: (Office) +82-42-860-5801, (Cell) +82-19-226-6305 E-mail: kimch@etri.re.kr * All Smiles, Everywhere and Everytime ! =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 6:43:25 1999 Delivered-To: freebsd-net@freebsd.org Received: from scoisntc02.Scott.af.mil (scoisntc02.scott.af.mil [140.175.36.48]) by hub.freebsd.org (Postfix) with ESMTP id 5599B14DCF for ; Thu, 3 Jun 1999 06:43:21 -0700 (PDT) (envelope-from Joel.Clark@scott.af.mil) Received: by scoisntc02.scott.af.mil with Internet Mail Service (5.5.2232.9) id ; Thu, 3 Jun 1999 08:44:35 -0500 Message-ID: From: Clark Joel A1C AMC CSS To: "'bmah@CA.Sandia.GOV'" , Wes Peters Cc: Clark Joel A1C AMC CSS , "'net@freebsd.org'" Subject: RE: Routers and such Date: Thu, 3 Jun 1999 08:44:08 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Right now it is only one subnet, fed from an 56Kbps ISP connection. But if I understand you correctly, I WILL need one if I need to bring up another subnet. And if so, I assume routed will suffice for low-bandwidth applications? jc > A router is necessary when the machine you're using becomes to slow > to handle the load. There's no reason why you can't just grab another > FreeBSD machine and build a router on it. Even a P100 can easily keep > up with DSL, Cable Modem, or T1 speeds. ISDN or analog modems are no > problem, as long as you get good serial ports. That's true for one particular environment (small network attached to a consumer ISP, where everything goes through a single gateway). When I first read this question, however, I thought, "When you can't put all your hosts on a single subnet and you need to build an internetwork." I'm thinking of a campus network setting, and it's not clear to me which environment the original question was addressing. Cheers, Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 8:13:35 1999 Delivered-To: freebsd-net@freebsd.org Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (Postfix) with ESMTP id 4EE5A14D1F for ; Thu, 3 Jun 1999 08:13:32 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.3/8.9.3) id IAA16487; Thu, 3 Jun 1999 08:13:28 -0700 (PDT) Message-Id: <199906031513.IAA16487@stennis.ca.sandia.gov> X-Mailer: exmh version 2.1.0 04/14/1999 To: Clark Joel A1C AMC CSS Cc: "'bmah@CA.Sandia.GOV'" , Wes Peters , "'net@freebsd.org'" Subject: Re: Routers and such In-Reply-To: Your message of "Thu, 03 Jun 1999 08:44:08 CDT." From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-870266364P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Thu, 03 Jun 1999 08:13:27 -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_-870266364P Content-Type: text/plain; charset=us-ascii If memory serves me right, Clark Joel A1C AMC CSS wrote: > Right now it is only one subnet, fed from an 56Kbps ISP connection. OK. > But if I understand you correctly, I WILL need one if I need to bring up > another subnet. Yep. From the standpoint of IP, a router is basically a host with multiple network interfaces, that sits on multiple subnets. > And if so, I assume routed will suffice for low-bandwidth > applications? routed is used for exchanging routing information with other routers (e.g. "if I need to send a packet addressed to W.X.Y.Z, where does it go next?"). It doesn't have anything to do with actually forwarding packets between interfaces. For a FreeBSD host to act as a router, it doesn't even need to be running routed...having IP forwarding enabled and having appropriate routing table entries configured on the machine will suffice. But if the question you were asking is "Can a FreeBSD box act as a router for low-bandwidth applications?" I'd handwave and say "yes". Hope my original answer wasn't confusing, but I just wanted to make sure you had the complete picture. Bruce. --==_Exmh_-870266364P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBN1abl6jOOi0j7CY9AQHC4AP+JaQJ8FFBSGmmknvw5TLbyWwfhh4hfGRp cKzNKomm1Pu+H5ZqkOKZ1Sr1FBzeBx/L2IhXy5O0E2VIvi1/IHTeg9y/AddMS9j0 8t1sXukTCixTgzEOYqx3MLxBjY+322JlLHA8r2yi4OlqOcEb0EKC2lEnSBoe8X4e Vo8LBhIn78k= =JmeM -----END PGP MESSAGE----- --==_Exmh_-870266364P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 9: 5: 1 1999 Delivered-To: freebsd-net@freebsd.org Received: from SIMULTAN.CH (eunet-gw.simultan.ch [194.191.191.82]) by hub.freebsd.org (Postfix) with ESMTP id 1DF9614FF8 for ; Thu, 3 Jun 1999 09:04:57 -0700 (PDT) (envelope-from tseidmann@simultan.ch) Received: from simultan.ch ([192.92.128.242]) by SIMULTAN.CH (8.9.3/8.9.2) with ESMTP id SAA68367; Thu, 3 Jun 1999 18:03:30 +0200 (CEST) (envelope-from tseidmann@simultan.ch) Message-ID: <3756A80C.1E4CCB07@simultan.ch> Date: Thu, 03 Jun 1999 18:06:36 +0200 From: Thomas Seidmann X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Sebastien Maraux Cc: freebsd-net@freebsd.org Subject: Re: IPv6 browser References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sebastien Maraux wrote: > > Which browsers are IPv6 capable? > > I only know Mozilla which required Motif (not free) and mmm which is not > very simple to install ( need ocaml, ocamltk41, tcl, tk, XFree86.3.3.3 ) > > Do you know a best one or a simpler way to have an Ipv6 compatible > browser? You can try lynx, which is text-only. Diffs are contained in the INRIA distribution. Also there should be a patch for NCSA Mosaic somewhere, perhaps try www.6bone.net for applications links. > - I'm currently using netscape 4.5 on freebsd 3.1 / XFree - > > A patch to this browser would be the best for me. Unfortunately, there is none. Regards, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 9:40:45 1999 Delivered-To: freebsd-net@freebsd.org Received: from qatar.net.qa (qatar.net.qa [194.133.33.11]) by hub.freebsd.org (Postfix) with ESMTP id CD36E14CBF for ; Thu, 3 Jun 1999 09:40:25 -0700 (PDT) (envelope-from Arabian@DAL.NET) Received: from qatar (ddfh.qatar.net.qa [194.133.35.147]) by qatar.net.qa (8.8.8/Internet-Qatar) with SMTP id TAA27995; Thu, 3 Jun 1999 19:33:26 +0300 (GMT) Message-Id: <3.0.6.32.19990603193058.007c1b10@qatar.net.qa> X-Sender: anmh@qatar.net.qa (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Thu, 03 Jun 1999 19:30:58 +0300 To: Joel.Clark@scott.af.mil From: Arabian Subject: Re: Routers and such Cc: bmah@california.sandia.gov, wes@softweyr.com, net@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello folks, My server on ISP powered by FreeBSD also my own server is P II 333 with 128 MB SDRAM my NIC is Intel EtherExpress Pro 10/100B Ethernet FreeBSD 3.2-STABLE, the router where my server connected to on the ISP is also P II 333 powered by FreeBSD. Could that router being problem and causing any latency for my serverand I should ask them to connect it to the Core directly ? What is the different between half and full duplex lans ? Thanks in advance, Truley. -Arabian aka Abdullah Admin arabian.ca.us.dal.net http://www.dal.net/ http://users.dal.net/ Try /server irc.dal.net 7000 ,,))))))));, DALnet West Coast Routing Server ()))))))))))))), A R A B I A N . D A L . N E T (((((`````((((((, ((('' . `))))), .,;;,, )| o ;-. `((((( ,;;;;;;;;,,;' (' | / ) )))))), %%' ';;;;;;;' ) | | | )))((((`--------------------.%% ';;;, o_|/ ; ((((( % '' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 12:46:56 1999 Delivered-To: freebsd-net@freebsd.org Received: from cbrune.cpsgroup.com (dallas-pix.bjke.com [144.210.8.25]) by hub.freebsd.org (Postfix) with ESMTP id 53468159B5 for ; Thu, 3 Jun 1999 12:46:27 -0700 (PDT) (envelope-from corey@cpsgroup.com) Received: from cbrune.cpsgroup.com (cbrune.cpsgroup.com [144.210.12.19]) by cbrune.cpsgroup.com (8.8.8/8.8.8) with SMTP id OAA02258 for ; Thu, 3 Jun 1999 14:46:14 -0500 (CDT) (envelope-from corey@cpsgroup.com) Date: Thu, 3 Jun 1999 14:46:14 -0500 (CDT) From: Corey Brune Reply-To: cbrune@cpsgroup.com To: freebsd-net@FreeBSD.ORG Subject: Yet another ipfw question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I tried several different rule sets and I read the FAQ and the old mailing lists but I could not find the answer. I have the following rule sets in ipfw: # ipfw list 00100 allow ip from any to any via lo0 00200 allow ip from 144.210.12.19 to any via any 00300 allow ip from any to 144.210.12.19 via any 65000 allow ip from any to any 65200 allow tcp from any to any established 65535 deny ip from any to any but I cannot go outside the LAN. I would think that the rule "allow tcp from any to any established" would pass everything through, or even the rules 200 and 300 would allow me out. Does anyone know where I am going wrong? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 16:29: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id C3F8614D7D for ; Thu, 3 Jun 1999 16:29:01 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id IAA11356; Fri, 4 Jun 1999 08:59:00 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA32160; Fri, 4 Jun 1999 09:00:05 +0930 Date: Fri, 4 Jun 1999 09:00:04 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Sebastien Maraux Cc: freebsd-net@freebsd.org Subject: Re: IPv6 browser In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Jun 1999, Sebastien Maraux wrote: > I only know Mozilla which required Motif (not free) and mmm which is not > very simple to install ( need ocaml, ocamltk41, tcl, tk, XFree86.3.3.3 ) Doesn't Mozilla use GTK thesedays? > - I'm currently using netscape 4.5 on freebsd 3.1 / XFree - > > A patch to this browser would be the best for me. Not likely :/ Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 18:28: 8 1999 Delivered-To: freebsd-net@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 624E914E2B for ; Thu, 3 Jun 1999 18:28:05 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id SAA13551; Thu, 3 Jun 1999 18:28:00 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id SAA13010; Thu, 3 Jun 1999 18:28:01 -0700 Received: from softweyr.com (dyn7.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA10045; Thu, 3 Jun 99 18:27:58 PDT Message-Id: <3756AD89.CC656884@softweyr.com> Date: Thu, 03 Jun 1999 10:30:01 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Clark Joel A1C AMC CSS Cc: "'bmah@CA.Sandia.GOV'" , "'net@freebsd.org'" Subject: Re: Routers and such References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Clark Joel A1C AMC CSS wrote: > Bruce Mah wrote: > > Wes Peters wrote: > > > A router is necessary when the machine you're using becomes to slow > > > to handle the load. There's no reason why you can't just grab another > > > FreeBSD machine and build a router on it. Even a P100 can easily keep > > > up with DSL, Cable Modem, or T1 speeds. ISDN or analog modems are no > > > problem, as long as you get good serial ports. > > > > That's true for one particular environment (small network attached to a > > consumer ISP, where everything goes through a single gateway). > > > > When I first read this question, however, I thought, "When you can't put > > all your hosts on a single subnet and you need to build an > > internetwork." I'm thinking of a campus network setting, and it's not > > clear to me which environment the original question was addressing. Joel, please place your reply at the bottom and don't lose the quotations on the messages you're replying to, it makes it difficult to follow the conversation. I know you're crippled with a Microsnot mailer, but neatness counts. > Right now it is only one subnet, fed from an 56Kbps ISP connection. > > But if I understand you correctly, I WILL need one if I need to bring up > another subnet. And if so, I assume routed will suffice for low-bandwidth > applications? Most of the routers in this world are based on the Berkeley TCP/IP stack, and on routing software that runs on BSD. If you manage to surpass the capabilities of a FreeBSD-based router, you don't need a router, you need a switch. ;^) Routing between two, three, or even four 100base-TX networks and an internet connection is something that a reasonably good FreeBSD box is very capable of. You will want to pay attention to network design, avoiding making the router a bottleneck, but you would want to do that with a commercial router also. If you have a busy server that needs access to two or more of the internal networks, give it an interface on each of the networks instead of running traffic bound for the server through the router. If you have multiple EXTERNAL network connections, you will need a somewhat more sophisticated routing setup. Gated, included with FreeBSD, is the tool you use to solve this problem. FreeBSD is as capable as any router of handling multiple-path routing. You will need to learn a lot about routing to use it effectively, but the same is true for any commercial router or routing switch. Rest assured that FreeBSD will handle your needs for some time to come. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 18:58:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 5736E159FA for ; Thu, 3 Jun 1999 18:58:26 -0700 (PDT) (envelope-from mike@sentex.net) Received: from ospf-wat.sentex.net (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA04178 for ; Thu, 3 Jun 1999 21:58:16 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: freebsd-net@freebsd.org Subject: Re: Routers and such Date: Fri, 04 Jun 1999 02:09:18 GMT Message-ID: <375732f7.1115240380@mail.sentex.net> References: In-Reply-To: X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >Rest assured that FreeBSD will handle your needs for some time to >come. I think the major place where FreeBSD falls down in terms of routing is software. Although gateD does the job, you dont nearly have the same features as you would with a higher end Cisco. However, that being said, you can get fairly decent performance, and the critical features with a decent amount of reliability. Still, it can be a challenge getting it all working since the documentation and support is sparse. There is lots for Cisco gear, which is helpful to learn the concepts, but you need to take that into the gateD world and things initially can get lost in the transition so to speak. But like I said, it will work. We use a pair of PIIs for our border routers connected to two upstreams taking a full view, and one connection to another peer exchanging only a few routes. Internally we use OSPF for our dynamic routing needs... All on full duplex 100BT Full Duplex ethernet. At peak times, we pull in a good 4Mb in one link and 1Mb out another and a not that much out the private peer. No problems, no latency, no packet loss. This compared to a Cisco 4500 that fell over when it brought up one full view. But as the poster said, you want a good ethernet switch connecting it all together. The Cisco Catalyst series works quite well with FreeBSD and the fxp cards... ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 20: 3:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from int-gw.staff.apnic.net (guardian.apnic.net [203.37.255.100]) by hub.freebsd.org (Postfix) with ESMTP id 512F715A74 for ; Thu, 3 Jun 1999 20:02:21 -0700 (PDT) (envelope-from bc-freebsd@vicious.dropbear.id.au) Received: (from mail@localhost) by int-gw.staff.apnic.net (8.9.1a/8.9.1) id DAA26467; Fri, 4 Jun 1999 03:02:14 GMT Received: from julubu.staff.apnic.net(192.168.1.37) by rex.apnic.net via smap (V2.1) id xma026465; Fri, 4 Jun 99 13:02:03 +1000 Received: (from bc@localhost) by julubu.staff.apnic.net (8.8.7/SCO5) id NAA23962; Fri, 4 Jun 1999 13:02:03 +1000 (EST) X-Authentication-Warning: julubu.staff.apnic.net: bc set sender to bc-freebsd@vicious.dropbear.id.au using -f Date: Fri, 4 Jun 1999 13:02:03 +1000 (EST) From: Bruce Campbell To: Mike Tancsa Cc: freebsd-net@FreeBSD.ORG Subject: Re: Routers and such In-Reply-To: <375732f7.1115240380@mail.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 4 Jun 1999, Mike Tancsa wrote: mike> >Rest assured that FreeBSD will handle your needs for some time to mike> >come. mike> mike> I think the major place where FreeBSD falls down in terms of routing is mike> software. Although gateD does the job, you dont nearly have the same mike> features as you would with a higher end Cisco. If you want an expensive reliable black box with a few blinking lights, buy a Cisco. If you want a Cisco-like features on an intel platform, choose mrt or zebra, both in the ports collection I believe. Gated ain't the only PC-routing game in town. (Not that I've got any but passing knowledge with either, and my cisco experience consists of replacing at short notice the core Bay router of my previous employment) If you're serious about shifting data, get a serious router. Anything with moving parts is not 'serious' enough. --==-- Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 20:23:52 1999 Delivered-To: freebsd-net@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 7103215036 for ; Thu, 3 Jun 1999 20:23:48 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id XAA18929; Thu, 3 Jun 1999 23:23:46 -0400 (EDT) Message-Id: <4.1.19990603232221.04383030@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Thu, 03 Jun 1999 23:34:47 -0400 To: freebsd-net@FreeBSD.ORG From: Mike Tancsa Subject: Re: Routers and such Cc: bc-freebsd@vicious.dropbear.id.au In-Reply-To: References: <375732f7.1115240380@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:02 PM 6/3/99 , Bruce Campbell wrote: >On Fri, 4 Jun 1999, Mike Tancsa wrote: > >mike> >Rest assured that FreeBSD will handle your needs for some time to >mike> >come. >mike> >mike> I think the major place where FreeBSD falls down in terms of routing is >mike> software. Although gateD does the job, you dont nearly have the same >mike> features as you would with a higher end Cisco. > >If you want an expensive reliable black box with a few blinking lights, >buy a Cisco. If you want a Cisco-like features on an intel platform, >choose mrt or zebra, both in the ports collection I believe. Gated ain't >the only PC-routing game in town. I think Zerbra has some potential in the future, but even the author would not recomend putting it into full production.... yet! MRT looks fairly stable, but the focus of the software is more for R&D as opposed to stability, at least thats what I was told. In terms of hardware 'reliability', we have at any given time enough parts to rebuild our border routers 3 times over. I would not be able to keep 3 let alone 1 Ciscos on standby for economic reasons. >(Not that I've got any but passing knowledge with either, and my cisco > experience consists of replacing at short notice the core Bay router of > my previous employment) > >If you're serious about shifting data, get a serious router. Anything with >moving parts is not 'serious' enough. Depends how much you want to move, and how much you want to spend, and what sort of knowledge base you have to draw on. $2K for a pair of PEECEE routers, v.s. $20K, and then service contracts, IOS revs is a lot of money to spend if you dont need to. I have been to customer sites where they have 4700s with IP+ to move data across a fractional T1. That was serious... Serious waste of money. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jun 3 23:34:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (Postfix) with ESMTP id 4C79D1509E for ; Thu, 3 Jun 1999 23:34:08 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.3/8.9.3) id XAA20315; Thu, 3 Jun 1999 23:33:52 -0700 (PDT) Message-Id: <199906040633.XAA20315@stennis.ca.sandia.gov> X-Mailer: exmh version 2.1.0 04/14/1999 To: Arabian Cc: Joel.Clark@scott.af.mil, bmah@california.sandia.gov, wes@softweyr.com, net@FreeBSD.ORG Subject: Re: Routers and such In-reply-to: Your message of "Thu, 03 Jun 1999 19:30:58 +0300." <3.0.6.32.19990603193058.007c1b10@qatar.net.qa> From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 03 Jun 1999 23:33:52 -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If memory serves me right, Arabian wrote: > My server on ISP powered by FreeBSD also my own server is P II 333 with 128 > MB SDRAM my NIC is Intel EtherExpress Pro 10/100B Ethernet FreeBSD > 3.2-STABLE, the router where my server connected to on the ISP is also P II > 333 powered by FreeBSD. > > Could that router being problem and causing any latency for my serverand I > should ask them to connect it to the Core directly ? I'll try to answer this, but I have to admit that I'm not completely understanding the situation. I think you have a server of some sort running FreeBSD. It sounds like it's collocated at your ISP, and you have another FreeBSD machine acting as a router between your server and some subnet that's run by the ISP. You want to know if having that router in the middle is adding excessive latency, and if the server should consequently be attached directly to the ISP's subnet. Is that right? Without some more details, it's difficult to answer your question. For example, what kind of services are you providing? Where are the clients? Are the networks 10Mbps or 100Mbps? Is the router doing anything other than routing packets? What other hosts are the networks on each side of your router? Why is the router there in the first place? The big questions: Do you think you are actually experiencing any performance problems, and if so, could you quantify this? If I understand your environment correctly, I think that having the router in between shouldn't be a problem at all for you. For sake of argument, if your server is serving Web pages to random clients on the Internet, it's a fair guess that there's going to be a lot more latency between the clients and your ISP than there's going to be through your router. (For something to try, login to your server and ping random hosts on the Internet, observing the round-trip time statistics. Then login to your router and do the same. Compare the round-trip times in both cases.) > What is the different between half and full duplex lans ? In the context of full-duplex vs. half-duplex 10baseT or 100baseTX Ethernet: In half-duplex, only one system on a cable can be transmitting a packet at a time. In the common case of a host attached to a hub, this means that the host can only either be transmitting a packet or receiving a packet but not both. This situation is analogous to the original thick and thin Ethernets, which were long coaxial cables. Access to transmit on the cables was (is) shared between all the attached hosts. An important part of the Ethernet standard is the algorithm by which hosts contend for access to this shared network. With Ethernet switches, you have the option of full-duplex Ethernet transmission. This basically means that a host can be both transmitting a packet and receiving a packet on the cable at the same time. Hope this helps... Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 5:51:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from qatar.net.qa (qatar.net.qa [194.133.33.11]) by hub.freebsd.org (Postfix) with ESMTP id 1D3E115259 for ; Fri, 4 Jun 1999 05:51:43 -0700 (PDT) (envelope-from Arabian@DAL.NET) Received: from ddeh.qatar.net.qa (Arabian@ddeh.qatar.net.qa [194.133.35.121]) by qatar.net.qa (8.8.8/Internet-Qatar) with SMTP id PAA27913; Fri, 4 Jun 1999 15:49:17 +0300 (GMT) Received: by ddeh.qatar.net.qa with Microsoft Mail id <01BEAEA2.85CEA540@ddeh.qatar.net.qa>; Fri, 4 Jun 1999 15:54:26 +-300 Message-ID: <01BEAEA2.85CEA540@ddeh.qatar.net.qa> From: Arabian To: "'Bruce A. Mah'" Cc: "'Arabian'" , "'bmah@california.sandia.gov'" , "'net@FreeBSD.ORG'" Date: Fri, 4 Jun 1999 15:54:10 +-300 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bruce wrote: If memory serves me right, Arabian wrote:=20 >> My server on ISP powered by FreeBSD also my own server is P II 333 = with 128 MB SDRAM my NIC is >>IntelEtherExpress Pro 10/100B Ethernet = FreeBSD 3.2-STABLE, the router where my server connected to on the ISP = is also >>P II 333 powered by FreeBSD. Could that router being problem = and causing any latency for my server and I should ask >>them to connect = it to the Core directly ?=20 >I'll try to answer this, but I have to admit that I'm not completely = understanding the situation. I think you have a server of some >sort = running FreeBSD. It sounds like it's collocated at your ISP, and you = have another FreeBSD machine acting as a router >between your server and = some subnet that's run by the ISP.=20 _Very_ true, this what I'm having now. That machine acting like router = between my server and the ISP DS3s backbones and as firewall to proect = the server connected to it from attacks ICMPs ...etc. :) >You want to know if having that router in the middle is adding = excessive latency, and if the server should consequently be >attached = directly to the ISP's subnet. Is that right?=20 Right. >Without some more details, it's difficult to answer your question. For = example, what kind of services are you providing?=20 I'm runing IRC server. >Where are the clients? IRC users. >Are the networks 10Mbps or 100Mbps? 100 Mpbs Full Duplex. >Is the router doing anything other than routing packets? Just routing packets, and as firewall to proect the server connected to = it from attacks ICMPs ...etc. What other hosts are the networks on each side of your router?=20 I'm not sure Iunderstand this. >Why is the router there in the first place?=20 They are using software to control the bandwidth usage this is the = reason, my server has dedicated10 Mbps. >The big questions: Do you think you are actually experiencing any = performance problems, and if so, could you quantify this? If I = >understand your environment correctly, I think that having the router = in between shouldn't be a problem at all for you. For sake >of argument, = if your server is serving Web pages to random clients on the Internet, = it's a fair guess that there's going to be a lot >more latency between = the clients and your ISP than there's going to be through your router. = (For something to try, login to your >server and ping random hosts on = the Internet, observing the round-trip time statistics. Then login to = your router and do the same. >Compare the round-trip times in both = cases.)=20 There is no performance problem actually, I just wanted to make sure I = wont have it on the future, avoiding the problem before it happenes = better than solving it after problems jumped. :) > What is the different between half and full duplex lans ? In the = context of full-duplex vs. half-duplex 10baseT or 100baseTX >Ethernet: = In half-duplex, only one system on a cable can be transmitting a packet = at a time. In the common case of a host >attached to a hub, this means = that the host can only either be transmitting a packet or receiving a = packet but not both. This >situation is analogous to the original thick = and thin Ethernets, which were long coaxial cables. Access to transmit = on the cables >was (is) shared between all the attached hosts. An = important part of the Ethernet standard is the algorithm by which hosts = >contend for access to this shared network. With Ethernet switches, you = have the option of full-duplex Ethernet transmission. This >basically = means that a host can be both transmitting a packet and receiving a = packet on the cable at the same time.=20 Great information they changed it to _Full_ Duplex now, per my request. >Hope this helps...=20 Well, actually you gave me alot of information, very useful, and you are = big help. *smile* Waiting to hear from you again, thanks alot for your time. :) >Bruce.=20 Sincerly, -Arabian aka Abullah To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 9:35:26 1999 Delivered-To: freebsd-net@freebsd.org Received: from qatar.net.qa (qatar.net.qa [194.133.33.11]) by hub.freebsd.org (Postfix) with ESMTP id ADF8E14D77 for ; Fri, 4 Jun 1999 09:35:16 -0700 (PDT) (envelope-from Arabian@DAL.NET) Received: from qatar (dijm.qatar.net.qa [194.133.37.213]) by qatar.net.qa (8.8.8/Internet-Qatar) with SMTP id TAA27158; Fri, 4 Jun 1999 19:33:03 +0300 (GMT) Message-Id: <3.0.6.32.19990604193038.007caa00@qatar.net.qa> X-Sender: anmh@qatar.net.qa (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Fri, 04 Jun 1999 19:30:38 +0300 To: bmah@CA.Sandia.GOV From: Arabian Subject: Re: Routers and such Cc: net@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bruce wrote: >If memory serves me right, Arabian wrote: >> My server on ISP powered by FreeBSD also my own server is P II 333 with 128 >>MB SDRAM my NIC is IntelEtherExpress Pro 10/100B Ethernet FreeBSD 3.2-STABLE, >>the router where my server connected to on the ISP is also P II 333 powered by >>FreeBSD. Could that router being problem and causing any latency for my server >>and I should ask them toconnect it to the Core directly ? >I'll try to answer this, but I have to admit that I'm not completely >understanding the situation. I think you have a server of some sort >running FreeBSD. It sounds like it's collocated at your ISP, and you have >another FreeBSD machine acting as a router between your server and some >subnet that's run by the ISP. _Very_ true, this what I'm having now. That machine acting like router between my server and the ISP DS3s backbones and as firewall to proect the server connected to it from attacks ICMPs ...etc. :) >You want to know if having that router in the middle is adding excessive >latency, and if the server should consequently be attached directly to the ISP's >subnet. Is that right? Right. >Without some more details, it's difficult to answer your question. For example, >what kind of services are you providing? I'm runing an IRC server. >Where are the clients? IRC users. >Are the networks 10Mbps or 100Mbps? 100 Mpbs Full Duplex. >Is the router doing anything other than routing packets? Just routing packets, and as firewall to proect the server connected to it from attacks ICMPs ...etc. >What other hosts are the networks on each side of your router? I'm not sure I nderstand this. >Why is the router there in the first place? They are using software to control the bandwidth usage this is the reason, my server has dedicated10 Mbps. >The big questions: Do you think you are actually experiencing any erformance >problems, and if so, could you quantify this? If I understand our environment >correctly, I think that having the router in between houldn't be a problem at >all for you. For sake of argument, if your server is serving Web pages to random >clients on the Internet, it's a fair guess that there's going to be a lotmore >latency between the clients and your ISP than there's going to be through your >router. (For something to try, login to your server and ping random hosts on >the Internet, observing the round-trip time statistics. Then login to your >router and do the same. Compare the round-trip times in both cases.) There is no performance problem actually, I just wanted to make sure I wont have it on the future, avoiding the problem before it happenes better than solving it after problems jumped. :) > What is the different between half and full duplex lans ? In the context >of full-duplex vs. half-duplex 10baseT or 100baseTX Ethernet: In >half-duplex, only one system on a cable can be transmitting a packet at a >time. In the common case of a host attached to a hub, this means that the >host can only either be transmitting a packet or receiving a packet but not >both. This situation is analogous to the original thick and thin Ethernets, >which were long coaxial cables. Access to transmit on the cables was (is) shared >between all the attached hosts. An important part of the Ethernet standard is >the algorithm by which hosts contend for access to this shared network. With >Ethernet switches, you have the option of full-duplex Ethernet transmission. >This basically means that a host can be both transmitting a packet and receiving >a packet on the cable at the same time. Great information they changed it to _Full_ Duplex now, per my request. >Hope this helps... Well, actually you gave me alot of information, very useful, and you are big help. *smile* Waiting to hear from you again, thanks alot for your time. :) >Bruce. Sincerly, -Arabian aka Abdullah Admin arabian.ca.us.dal.net http://www.dal.net/ http://users.dal.net/ Try /server irc.dal.net 7000 ,,))))))));, DALnet West Coast Routing Server ()))))))))))))), A R A B I A N . D A L . N E T (((((`````((((((, ((('' . `))))), .,;;,, )| o ;-. `((((( ,;;;;;;;;,,;' (' | / ) )))))), %%' ';;;;;;;' ) | | | )))((((`--------------------.%% ';;;, o_|/ ; ((((( % '' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 12: 6:53 1999 Delivered-To: freebsd-net@freebsd.org Received: from puma.wmin.ac.uk (puma.wmin.ac.uk [161.74.92.94]) by hub.freebsd.org (Postfix) with SMTP id D5C8E14D34 for ; Fri, 4 Jun 1999 12:06:50 -0700 (PDT) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Received: from seth.cpc.wmin.ac.uk by puma.wmin.ac.uk with INTERNAL-SMTP (MMTA) with ESMTP; Fri, 4 Jun 1999 20:04:30 +0100 Received: from localhost (smaraux@localhost) by seth.cpc.wmin.ac.uk (8.9.3/8.9.3) with ESMTP id UAA09626 for ; Fri, 4 Jun 1999 20:06:41 +0100 (BST) (envelope-from smaraux@seth.cpc.wmin.ac.uk) Date: Fri, 4 Jun 1999 20:06:41 +0100 (BST) From: Sebastien Maraux To: freebsd-net@freebsd.org Subject: Mozilla installation Message-ID: MIME-Version: 1.0 Content-Type: text/PLAIN; charset="US-ASCII" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did somebody ever try to install Mozilla, with IPv6 support ( the one that can be found on the inria site) I compiled it, but I don't know how to install it after: there is no netscape or mozilla binaries? I saw some mozilla-export and moz-export, but they gave me an error : can't open display Can someone help? Thanks Bye Seb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 16:10: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 4416D14C4E for ; Fri, 4 Jun 1999 16:09:57 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id IAA18728; Sat, 5 Jun 1999 08:08:29 +0900 (JST) To: Sebastien Maraux Cc: freebsd-net@freebsd.org In-reply-to: smaraux's message of Thu, 03 Jun 1999 12:36:23 +0100. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: IPv6 browser From: itojun@iijlab.net Date: Sat, 05 Jun 1999 08:08:29 +0900 Message-ID: <18726.928537709@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Which browsers are IPv6 capable? >I only know Mozilla which required Motif (not free) and mmm which is not >very simple to install ( need ocaml, ocamltk41, tcl, tk, XFree86.3.3.3 ) You may want to try compiling Mozilla with lesstif (freely available motif compatible toolkit). {www,ftp}.kame.net has several patches for IPv6 support, including Mozilla, lynx, and grail (with IPv6 patch for python). itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 16:13:40 1999 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id B021C15B0B for ; Fri, 4 Jun 1999 16:13:37 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id IAA18782; Sat, 5 Jun 1999 08:13:16 +0900 (JST) To: Kris Kennaway Cc: freebsd-net@freebsd.org In-reply-to: kkennawa's message of Fri, 04 Jun 1999 09:00:04 +0930. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: IPv6 browser From: itojun@iijlab.net Date: Sat, 05 Jun 1999 08:13:16 +0900 Message-ID: <18780.928537996@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> I only know Mozilla which required Motif (not free) and mmm which is not >> very simple to install ( need ocaml, ocamltk41, tcl, tk, XFree86.3.3.3 ) >Doesn't Mozilla use GTK thesedays? >> - I'm currently using netscape 4.5 on freebsd 3.1 / XFree - >> A patch to this browser would be the best for me. >Not likely :/ Actually, the easiest way to access IPv6 webpages with your favorite (v4-only) browser is to run IPv4/v6-capable web proxy software on your host (or some node near your host) and use that for protocol translation. You can find IPv6-support patch to apache (it has proxy mode) and squid on ftp://ftp.kame.net/pub/kame/misc/. (even if you use IPv4/v6 web proxy, turtle will dance on www.kame.net) Recent browsers are very big (Java, JavaScript, SSL and more...), and some of them comes with no source code. It is hard to modify such browsers... itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:19: 3 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 5857014C3C; Fri, 4 Jun 1999 17:18:58 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id RAA85167; Fri, 4 Jun 1999 17:18:57 -0700 (PDT) From: Archie Cobbs Message-Id: <199906050018.RAA85167@bubba.whistle.com> Subject: subtle SIOCGIFCONF bug To: freebsd-current@freebsd.org Date: Fri, 4 Jun 1999 17:18:57 -0700 (PDT) Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've noticed that several programs have a subtle problem when scanning the list returned by the SIOCGIFCONF ioctl. The problem is that these programs do this computation to increment the pointer in the list: ifr = (struct ifreq *) ((char *) &ifr->ifr_addr + ifr->ifr_addr.sa_len); There are cases where some elements in the list (e.g., tunnel interfaces) have ifr->ifr_addr.sa_len set to a value LESS than sizeof(ifr->ifr_addr). This causes these programs to fail because the kernel always enforces a minimum length of (IFNAMSIZ + sizeof(ifr->ifr_addr)) for each entry in the list, even if ifr->ifr_addr.sa_len < sizeof(ifr->ifr_addr) (see net/if.c:ifconf()). First question: Should the kernel insure that ifr->ifr_addr.sa_len is always at least sizeof(ifr->ifr_addr), or should the user programs adjust their pointer increment algorithm? At first I assumed the latter answer (patches below) but now am not so sure. Second question: It doesn't appear the net/if.c:ifioctl() function is protected at all by splnet(), even though it is accessing all kinds of networking information. Is this a race condition? Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: usr.sbin/arp/arp.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/arp/arp.c,v retrieving revision 1.15 diff -u -r1.15 arp.c --- arp.c 1999/03/10 10:11:43 1.15 +++ arp.c 1999/06/04 23:45:27 @@ -696,8 +696,8 @@ break; } nextif: - ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len); + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr))); } if (ifr >= ifend) { @@ -725,8 +725,8 @@ printf("\n"); return dla->sdl_alen; } - ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len); + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr))); } return 0; } Index: usr.sbin/pppd/sys-bsd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/pppd/sys-bsd.c,v retrieving revision 1.15 diff -u -r1.15 sys-bsd.c --- sys-bsd.c 1998/06/21 04:47:21 1.15 +++ sys-bsd.c 1999/06/04 23:45:32 @@ -1378,8 +1378,9 @@ * address on the same subnet as `ipaddr'. */ ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) { + for (ifr = ifc.ifc_req; ifr < ifend; + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) { if (ifr->ifr_addr.sa_family == AF_INET) { ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr; strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); @@ -1425,7 +1426,8 @@ BCOPY(dla, hwaddr, dla->sdl_len); return 1; } - ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len); + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr))); } return 0; @@ -1468,8 +1470,9 @@ return mask; } ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *) - ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) { + for (ifr = ifc.ifc_req; ifr < ifend; + ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + + MAX(ifr->ifr_addr.sa_len, sizeof(ifr->ifr_addr)))) { /* * Check the interface's internet address. */ Index: sbin/natd/natd.c =================================================================== RCS file: /home/ncvs/src/sbin/natd/natd.c,v retrieving revision 1.17 diff -u -r1.17 natd.c --- natd.c 1999/05/13 17:09:44 1.17 +++ natd.c 1999/06/04 23:54:32 @@ -762,6 +762,8 @@ } extra = ifPtr->ifr_addr.sa_len - sizeof (struct sockaddr); + if (extra < 0) + extra = 0; ifPtr++; ifPtr = (struct ifreq*) ((char*) ifPtr + extra); Index: sbin/route/route.c =================================================================== RCS file: /home/ncvs/src/sbin/route/route.c,v retrieving revision 1.30 diff -u -r1.30 route.c --- route.c 1999/06/01 13:14:07 1.30 +++ route.c 1999/06/04 23:54:36 @@ -794,7 +794,8 @@ (ifconf.ifc_buf + ifconf.ifc_len); ifr < ifr_end; ifr = (struct ifreq *) ((char *) &ifr->ifr_addr - + ifr->ifr_addr.sa_len)) { + + MAX(ifr->ifr_addr.sa_len, + sizeof(ifr->ifr_addr)))) { dl = (struct sockaddr_dl *)&ifr->ifr_addr; if (ifr->ifr_addr.sa_family == AF_LINK && (ifr->ifr_flags & IFF_POINTOPOINT) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:23:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 35CA115300; Fri, 4 Jun 1999 17:23:53 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id UAA12466; Fri, 4 Jun 1999 20:23:48 -0400 (EDT) (envelope-from wollman) Date: Fri, 4 Jun 1999 20:23:48 -0400 (EDT) From: Garrett Wollman Message-Id: <199906050023.UAA12466@khavrinen.lcs.mit.edu> To: Archie Cobbs Cc: freebsd-current@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: subtle SIOCGIFCONF bug In-Reply-To: <199906050018.RAA85167@bubba.whistle.com> References: <199906050018.RAA85167@bubba.whistle.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Should the kernel insure that ifr->ifr_addr.sa_len is always at > least sizeof(ifr->ifr_addr), or should the user programs adjust > their pointer increment algorithm? At first I assumed the latter > answer (patches below) but now am not so sure. The user programs should not use SIOCGIFCONF. > It doesn't appear the net/if.c:ifioctl() function is protected > at all by splnet(), even though it is accessing all kinds of > networking information. Is this a race condition? No. ifioctl() should only be called from the ioctl syscall or other contexts where preemption is not an issue. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:30: 2 1999 Delivered-To: freebsd-net@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 87EBE14DAA; Fri, 4 Jun 1999 17:29:59 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id RAA85352; Fri, 4 Jun 1999 17:29:27 -0700 (PDT) From: Archie Cobbs Message-Id: <199906050029.RAA85352@bubba.whistle.com> Subject: Re: subtle SIOCGIFCONF bug In-Reply-To: <199906050023.UAA12466@khavrinen.lcs.mit.edu> from Garrett Wollman at "Jun 4, 99 08:23:48 pm" To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Date: Fri, 4 Jun 1999 17:29:27 -0700 (PDT) Cc: freebsd-current@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman writes: > > Should the kernel insure that ifr->ifr_addr.sa_len is always at > > least sizeof(ifr->ifr_addr), or should the user programs adjust > > their pointer increment algorithm? At first I assumed the latter > > answer (patches below) but now am not so sure. > > The user programs should not use SIOCGIFCONF. I was hoping for a little more information than that. OK, imagine a world where you had no choice. THEN what would the answer be? In other words, I'd like to fix the problem but I don't have time to rewrite arp, natd, route, etc. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:37:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from biggusdiskus.flyingfox.com (parker-T1-2-gw.sf3d.best.net [209.157.165.30]) by hub.freebsd.org (Postfix) with ESMTP id D44DC14DAA for ; Fri, 4 Jun 1999 17:37:55 -0700 (PDT) (envelope-from jas@flyingfox.com) Received: (from jas@localhost) by biggusdiskus.flyingfox.com (8.8.8/8.8.5) id SAA04889; Fri, 4 Jun 1999 18:42:03 -0700 (PDT) Date: Fri, 4 Jun 1999 18:42:03 -0700 (PDT) From: Jim Shankland Message-Id: <199906050142.SAA04889@biggusdiskus.flyingfox.com> To: archie@whistle.com, wollman@khavrinen.lcs.mit.edu Subject: Re: subtle SIOCGIFCONF bug Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <199906050023.UAA12466@khavrinen.lcs.mit.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman writes: > The user programs should not use SIOCGIFCONF. Instead, they should .... ? Jim Shankland NLynx Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:43:48 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 4FE131516A for ; Fri, 4 Jun 1999 17:43:42 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id UAA12537; Fri, 4 Jun 1999 20:43:40 -0400 (EDT) (envelope-from wollman) Date: Fri, 4 Jun 1999 20:43:40 -0400 (EDT) From: Garrett Wollman Message-Id: <199906050043.UAA12537@khavrinen.lcs.mit.edu> To: Jim Shankland Cc: archie@whistle.com, wollman@khavrinen.lcs.mit.edu, freebsd-net@FreeBSD.ORG Subject: Re: subtle SIOCGIFCONF bug In-Reply-To: <199906050142.SAA04889@biggusdiskus.flyingfox.com> References: <199906050023.UAA12466@khavrinen.lcs.mit.edu> <199906050142.SAA04889@biggusdiskus.flyingfox.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Garrett Wollman writes: >> The user programs should not use SIOCGIFCONF. > Instead, they should .... ? Use an interface which provides clients with enough information to know when they have retrieved all of the relevant information. Here's an example. #include #include #include #include #include #include #include #include #include #include #include #define satosin(sa) ((struct sockaddr_in *)(sa)) int main(void) { int mib[6], naddrs, ilen; char *buf, *cp; size_t len; struct rt_msghdr *rtm; struct if_msghdr *ifm; struct ifa_msghdr *ifam; struct sockaddr *sa; mib[0] = CTL_NET; mib[1] = PF_ROUTE; mib[2] = 0; mib[3] = AF_INET; mib[4] = NET_RT_IFLIST; mib[5] = 0; len = 0; if (sysctl(mib, 6, 0, &len, 0, 0) < 0) err(1, "sysctl 1"); cp = buf = malloc(len); if (buf == 0) err(1, "malloc: %lu", (u_long)len); if (sysctl(mib, 6, buf, &len, 0, 0) < 0) err(1, "sysctl 2"); ilen = len; cp = buf; while (ilen > 0) { rtm = (struct rt_msghdr *)cp; naddrs = 0; if (rtm->rtm_version != RTM_VERSION) err(1, "unknown routing message version %d", rtm->rtm_version); if (rtm->rtm_type != RTM_IFINFO) err(1, "unknown routing message type %d", rtm->rtm_type); ifm = (struct if_msghdr *)rtm; printf("Interface %d: <%#x,%#x>:\n", ifm->ifm_index, (u_int)ifm->ifm_flags, (u_int)ifm->ifm_addrs); ilen -= ifm->ifm_msglen; cp += ifm->ifm_msglen; rtm = (struct rt_msghdr *)cp; while (ilen > 0 && rtm->rtm_type == RTM_NEWADDR) { ifam = (struct ifa_msghdr *)rtm; printf("\tAddress %d:\n", ++naddrs); ilen -= sizeof(*ifam); cp += sizeof(*ifam); sa = (struct sockaddr *)cp; if (ilen > 0 && ifam->ifam_addrs & RTA_NETMASK) { ilen -= (sa->sa_len + 3) & ~3; cp += (sa->sa_len + 3) & ~3; printf("\t\tnetmask %s\n", inet_ntoa(satosin(sa)->sin_addr)); sa = (struct sockaddr *)cp; } if (ilen > 0 && ifam->ifam_addrs & RTA_IFA) { ilen -= (sa->sa_len + 3) & ~3; cp += (sa->sa_len + 3) & ~3; printf("\t\tIFA %s\n", inet_ntoa(satosin(sa)->sin_addr)); sa = (struct sockaddr *)cp; } if (ilen > 0 && ifam->ifam_addrs & RTA_BRD) { ilen -= (sa->sa_len + 3) & ~3; cp += (sa->sa_len + 3) & ~3; printf("\t\tbroadcast %s\n", inet_ntoa(satosin(sa)->sin_addr)); } rtm = (struct rt_msghdr *)cp; } } return 0; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 17:45:57 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 0F51E1516A; Fri, 4 Jun 1999 17:45:52 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id UAA12551; Fri, 4 Jun 1999 20:45:50 -0400 (EDT) (envelope-from wollman) Date: Fri, 4 Jun 1999 20:45:50 -0400 (EDT) From: Garrett Wollman Message-Id: <199906050045.UAA12551@khavrinen.lcs.mit.edu> To: Archie Cobbs Cc: wollman@khavrinen.lcs.mit.edu (Garrett Wollman), freebsd-current@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: subtle SIOCGIFCONF bug In-Reply-To: <199906050029.RAA85352@bubba.whistle.com> References: <199906050023.UAA12466@khavrinen.lcs.mit.edu> <199906050029.RAA85352@bubba.whistle.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> [I wrote:] >> The user programs should not use SIOCGIFCONF. > I was hoping for a little more information than that. > OK, imagine a world where you had no choice. THEN what would the answer be? 1) Implement sysctl net-route-iflist. 2) The user programs should not use SIOCGIFCONF. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 18:58:12 1999 Delivered-To: freebsd-net@freebsd.org Received: from databus.databus.com (databus.databus.com [198.186.154.34]) by hub.freebsd.org (Postfix) with SMTP id 329CE14C01 for ; Fri, 4 Jun 1999 18:57:59 -0700 (PDT) (envelope-from barney@databus.databus.com) From: Barney Wolff To: freebsd-net@FreeBSD.ORG Date: Fri, 4 Jun 1999 21:19 EDT Subject: Re: subtle SIOCGIFCONF bug Content-Length: 668 Content-Type: text/plain Message-ID: <375884220.6584@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You have not said specifically what about SIOCGIFCONF is bad, that could possibly justify the incredible statement that one should use a non-portable technique when a portable technique is available. SIOGIFCONF works on Unixware, Solaris, HP-UX, Irix and FreeBSD, just to list systems I can access right now. sysctl excludes all of them except FreeBSD. Please explain! Barney Wolff > Date: Fri, 4 Jun 1999 20:43:40 -0400 (EDT) > From: Garrett Wollman > > Use an interface which provides clients with enough information to > know when they have retrieved all of the relevant information. Here's > an example. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 19: 1:11 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EA80014C01 for ; Fri, 4 Jun 1999 19:00:55 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id WAA12746; Fri, 4 Jun 1999 22:00:50 -0400 (EDT) (envelope-from wollman) Date: Fri, 4 Jun 1999 22:00:50 -0400 (EDT) From: Garrett Wollman Message-Id: <199906050200.WAA12746@khavrinen.lcs.mit.edu> To: Barney Wolff Cc: freebsd-net@FreeBSD.ORG Subject: Re: subtle SIOCGIFCONF bug In-Reply-To: <375884220.6584@databus.databus.com> References: <375884220.6584@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > You have not said specifically what about SIOCGIFCONF is bad, that > could possibly justify the incredible statement that one should > use a non-portable technique when a portable technique is available. > SIOGIFCONF works on Unixware, Solaris, HP-UX, Irix and FreeBSD, just > to list systems I can access right now. No, it doesn't work. It just seems to work because you don't have enough interfaces or addresses configured. (And furthermore, compare what contortions an ioctl-based implementation would have to go through to deal with the differences in all those systems. So much for portability!) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 19:15:27 1999 Delivered-To: freebsd-net@freebsd.org Received: from databus.databus.com (databus.databus.com [198.186.154.34]) by hub.freebsd.org (Postfix) with SMTP id 969A514F29 for ; Fri, 4 Jun 1999 19:15:07 -0700 (PDT) (envelope-from barney@databus.databus.com) From: Barney Wolff To: freebsd-net@FreeBSD.ORG Date: Fri, 4 Jun 1999 22:01 EDT Subject: Re: subtle SIOCGIFCONF bug Content-Length: 1636 Content-Type: text/plain Message-ID: <375888260.660a@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gee, I just ran the same .c file on each of them, and it retrieved the interface names, addresses and netmasks of every interface. Same ioctl's on each system, no ifdefs among 'em. Are you saying that SIOCGIFCONF has a fixed maximum number of interfaces it will return, even if you give it a big buffer? Or that you have to get aliases separately? Or that it's buggy - on which systems? Barney > Date: Fri, 4 Jun 1999 22:00:50 -0400 (EDT) > From: Garrett Wollman > Content-Length: 958 > To: Barney Wolff > Cc: freebsd-net@FreeBSD.ORG > Subject: Re: subtle SIOCGIFCONF bug > > < said: > > > You have not said specifically what about SIOCGIFCONF is bad, that > > could possibly justify the incredible statement that one should > > use a non-portable technique when a portable technique is available. > > SIOGIFCONF works on Unixware, Solaris, HP-UX, Irix and FreeBSD, just > > to list systems I can access right now. > > No, it doesn't work. It just seems to work because you don't have > enough interfaces or addresses configured. (And furthermore, compare > what contortions an ioctl-based implementation would have to go > through to deal with the differences in all those systems. So much > for portability!) > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jun 4 19:54:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id B1C3B14BFD for ; Fri, 4 Jun 1999 19:54:03 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id WAA13064; Fri, 4 Jun 1999 22:53:59 -0400 (EDT) (envelope-from wollman) Date: Fri, 4 Jun 1999 22:53:59 -0400 (EDT) From: Garrett Wollman Message-Id: <199906050253.WAA13064@khavrinen.lcs.mit.edu> To: Barney Wolff Cc: freebsd-net@FreeBSD.ORG Subject: Re: subtle SIOCGIFCONF bug In-Reply-To: <375888260.660a@databus.databus.com> References: <375888260.660a@databus.databus.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Gee, I just ran the same .c file on each of them, and it retrieved > the interface names, addresses and netmasks of every interface. > Same ioctl's on each system, no ifdefs among 'em. Obviously you didn't have any other protocols configured. Oh, and what did you do skip the link-layer addresses? Depending on the implementation, long addresses will either be truncated or not, have padding or not, have a way to tell how long they are or not, in short cannot be portably parsed or even skipped past. > Are you saying that SIOCGIFCONF has a fixed maximum number of interfaces > it will return, even if you give it a big buffer? There is no a priori way to know how big a buffer one should use. The interface is fundamentally broken. > Or that you have to get aliases separately? What's an `alias'? -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Jun 5 1: 9:19 1999 Delivered-To: freebsd-net@freebsd.org Received: from lion.butya.kz (butya-gw.butya.kz [194.87.112.252]) by hub.freebsd.org (Postfix) with ESMTP id A621D15035 for ; Sat, 5 Jun 1999 01:09:00 -0700 (PDT) (envelope-from bp@butya.kz) Received: from bp (helo=localhost) by lion.butya.kz with local-esmtp (Exim 2.12 #1) id 10qBVd-0009CN-00 for freebsd-net@freebsd.org; Sat, 5 Jun 1999 15:08:53 +0700 Date: Sat, 5 Jun 1999 15:08:53 +0700 (ALMST) From: Boris Popov To: freebsd-net@freebsd.org Subject: ncplib-1.3b8 is out Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Just want to say that new (mostly bugfix) release is out with following features: - Minor fix to signature code - NLS support extended to support file names recoding. - All programs now check version of the kernel module. - ncplist with '-s' option can list visible servers even if no active connections found. - Fixed bug with file opened in append mode. - Synched with -current as of 26.05.1999. - New 'ncpasswd' utility added. - Misc unvital changes. URL: ftp://ftp.butya.kz/pub/nwlib/ncplib.tar.gz P.S. ncplib have known problems with 3.0-release and early 3.1. With 3.2 and 4.0 it works just fine. -- Boris Popov http://www.butya.kz/~bp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Jun 5 1:18:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id C68CC14EEA for ; Sat, 5 Jun 1999 01:18:14 -0700 (PDT) (envelope-from winter@jurai.net) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.8/8.8.7) with ESMTP id EAA02077; Sat, 5 Jun 1999 04:17:59 -0400 (EDT) Date: Sat, 5 Jun 1999 04:17:59 -0400 (EDT) From: "Matthew N. Dodd" To: Boris Popov Cc: freebsd-net@FreeBSD.ORG Subject: Re: ncplib-1.3b8 is out In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You're my hero Boris! Thanks! On Sat, 5 Jun 1999, Boris Popov wrote: > Just want to say that new (mostly bugfix) release is out with > following features: > > - Minor fix to signature code > - NLS support extended to support file names recoding. > - All programs now check version of the kernel module. > - ncplist with '-s' option can list visible servers even if no active > connections found. > - Fixed bug with file opened in append mode. > - Synched with -current as of 26.05.1999. > - New 'ncpasswd' utility added. > - Misc unvital changes. > > URL: ftp://ftp.butya.kz/pub/nwlib/ncplib.tar.gz > > P.S. ncplib have known problems with 3.0-release and early 3.1. With > 3.2 and 4.0 it works just fine. > -- > Boris Popov > http://www.butya.kz/~bp/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -- | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Jun 5 10: 4:10 1999 Delivered-To: freebsd-net@freebsd.org Received: from SIMULTAN.CH (eunet-gw.simultan.ch [194.191.191.82]) by hub.freebsd.org (Postfix) with ESMTP id D1B2B14C3C for ; Sat, 5 Jun 1999 10:04:06 -0700 (PDT) (envelope-from tseidmann@simultan.ch) Received: from simultan.ch ([192.92.128.242]) by SIMULTAN.CH (8.9.3/8.9.2) with ESMTP id TAA90394; Sat, 5 Jun 1999 19:03:10 +0200 (CEST) (envelope-from tseidmann@simultan.ch) Message-ID: <3759590D.F523BA3A@simultan.ch> Date: Sat, 05 Jun 1999 19:06:21 +0200 From: Thomas Seidmann X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Tomas TPS Ulej Cc: freebsd-net@freebsd.org Subject: Re: natd problem References: <011b01beaf6a$31a76240$231da8c3@tps.tps.sk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tomas TPS Ulej wrote: > > r4 and natd: > > natd -dynamic -verbose -u -n ep1 > > In [UDP] [UDP] 192.168.1.5:127 -> 192.168.1.31:125 aliased to > [UDP] 192.168.1.5:127 -> 192.168.1.31:125 > In [UDP] [UDP] 192.168.1.5:127 -> 192.168.1.31:125 aliased to > [UDP] 192.168.1.5:127 -> 192.168.1.31:125 > In [UDP] [UDP] 192.168.1.6:138 -> 192.168.1.31:138 aliased to > [UDP] 192.168.1.6:138 -> 192.168.1.31:138 > In [UDP] [UDP] 192.168.1.5:127 -> 192.168.1.31:125 aliased to > [UDP] 192.168.1.5:127 -> 192.168.1.31:125 > > ep1 has IP 195.168.78.186, ep0 192.168.1.1 I guess you point at the fact that traffic outgoing from the NAT host is aliased. This has to happen, since incoming (aliased) traffic not matched by any of the aliasing table entries is simply discarded. You better avoid the NAT host to generate any traffic if this bothers you (i.e. use it only for routing and NAT and nothing else). Someone please correct me if I'm wrong. Pozdravuj odo mna prosim Jana Totha. Cheers, Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message