From owner-freebsd-net Sun Nov 26 7:17: 5 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.allnet.ne.jp (mailr.allnet.ne.jp [210.228.1.19]) by hub.freebsd.org (Postfix) with ESMTP id 3008637B4CF for ; Sun, 26 Nov 2000 07:16:57 -0800 (PST) Received: from dorei (www.graycastle.com [210.228.3.165]) by mail.allnet.ne.jp (8.9.3/mail_980908.001/99072202) with SMTP id AAA28763 for ; Mon, 27 Nov 2000 00:16:52 +0900 (JST) Message-ID: <017801c057bb$f2523ab0$0200a8c0@dorei> From: "shawn" To: Subject: ATAPI CD-R drive... Supported? Date: Mon, 27 Nov 2000 00:17:09 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a Ricoh ATAPI CD-R drive that I have just stuck into my fbsd box. I read on the cdrecord page (http://www.fokus.gmd.de/research/cc/glone/employees/joerg.schilling/private /man/README/README.ATAPI) that ATAPI is not supported. I am hoping that this info is old and that I can somehow use this ATAPI drive. dmesg shows the drive information detected correctly... Can anyone out there tell me for sure? Thanks, Shawn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Nov 26 9:40:28 2000 Delivered-To: freebsd-net@freebsd.org Received: from VL-MS-MR003.sc1.videotron.ca (relais.videotron.ca [24.201.245.36]) by hub.freebsd.org (Postfix) with ESMTP id CACB437B479 for ; Sun, 26 Nov 2000 09:40:26 -0800 (PST) Received: from kerijan.davitron.qc.ca ([207.253.209.72]) by VL-MS-MR003.sc1.videotron.ca (Netscape Messaging Server 4.15) with SMTP id G4N7RD01.B4W for ; Sun, 26 Nov 2000 12:40:25 -0500 From: David Comeau Reply-To: davitron@vl.videotron.ca Organization: DaviTronique Date: Wed, 29 Nov 2000 12:42:18 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" To: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Message-Id: <00112912421804.16214@kerijan.davitron.qc.ca> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 12:51: 9 2000 Delivered-To: freebsd-net@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id 415AB37B479 for ; Mon, 27 Nov 2000 12:51:02 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.0/ignatz) with ESMTP id eARKoiJ22185; Mon, 27 Nov 2000 12:50:45 -0800 (PST) Date: Mon, 27 Nov 2000 12:50:44 -0800 (PST) From: "f.johan.beisser" To: shawn Cc: freebsd-net@FreeBSD.ORG Subject: Re: ATAPI CD-R drive... Supported? In-Reply-To: <017801c057bb$f2523ab0$0200a8c0@dorei> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hey shawn, first: take a look at the hardware.txt file, or the supported hardware list on www.freebsd.org. second: this is the wrong mailing list for this question, you should post it to freebsd-questions. thanks much, and good luck. -- jan On Mon, 27 Nov 2000, shawn wrote: > I have a Ricoh ATAPI CD-R drive that I have just stuck into my fbsd box. I > read on the cdrecord page > (http://www.fokus.gmd.de/research/cc/glone/employees/joerg.schilling/private > /man/README/README.ATAPI) that ATAPI is not supported. I am hoping that this > info is old and that I can somehow use this ATAPI drive. > > dmesg shows the drive information detected correctly... > > Can anyone out there tell me for sure? > > Thanks, > > Shawn > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "Never laugh at someone until you've walked a mile in their shoes. Then laugh. For you are a mile away, and you have their shoes." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 13:40: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from alijku04.edvz.uni-linz.ac.at (alijku04.edvz.uni-linz.ac.at [140.78.182.1]) by hub.freebsd.org (Postfix) with ESMTP id 6DF0837B479 for ; Mon, 27 Nov 2000 13:39:55 -0800 (PST) Received: from sondermuell.oeh.uni-linz.ac.at (root@sondermuell.oeh.uni-linz.ac.at [140.78.214.105]) by alijku04.edvz.uni-linz.ac.at (8.8.8/8.8.8) with ESMTP id WAA83854 for ; Mon, 27 Nov 2000 22:39:53 +0100 Received: from atommuell.oeh.uni-linz.ac.at (root@atommuell.oeh.uni-linz.ac.at [140.78.214.101]) by sondermuell.oeh.uni-linz.ac.at (8.9.3/8.9.3) with ESMTP id WAA05993 for ; Mon, 27 Nov 2000 22:39:49 +0100 Received: from localhost (ferdl@localhost) by atommuell.oeh.uni-linz.ac.at (8.9.3/8.9.3) with ESMTP id WAA90788 for ; Mon, 27 Nov 2000 22:40:03 +0100 (CET) (envelope-from ferdl@atommuell.oeh.uni-linz.ac.at) Date: Mon, 27 Nov 2000 22:40:03 +0100 (CET) From: Ferdinand Goldmann To: freebsd-net@freebsd.org Subject: Strange lockups with Dummynet Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I am experiencing strange crashes on a machine which is being heavily used as a traffic shaper serving about 300 clients. The machine itsself is just an old Pentium machine, NICs are: tx0: port 0x6200-0x62ff mem 0xe1000000-0xe1000fff irq 11 at device 18.0 on pci0 miibus0: on tx0 nsphy0: on miibus0 nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto tx0: address 00:e0:29:39:bb:ab, type SMC9432BTX xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x6300-0x637f mem 0xe1001000-0xe100107f irq 9 at device 19.0 on pci0 xl0: Ethernet address: 00:50:da:0d:a8:a7 miibus1: on xl0 xlphy0: <3c905C 10/100 internal PHY> on miibus1 xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Occasionally, I see these in the logs: (I hear this is due to hardware being too slow to respond to feed the NIC, which could be possible (P166)) xl0: transmission error: 90 xl0: tx underrun, increasing tx start threshold to 120 bytes I have set the following kernel parameters: maxusers 96 options NMBCLUSTERS=4096 I beefed up NMBCLUSTERS because FreeBSD ran out of them with the default setting. Currently: # netstat -m 637/1472/16384 mbufs in use (current/peak/max): 187 mbufs allocated to data 450 mbufs allocated to packet headers 186/934/4096 mbuf clusters in use (current/peak/max) 2236 Kbytes allocated to network (23% in use) I have configured between 3 and 4 pipes on this machine and declared a small ruleset which should shape the traffic according to my expectations. Today, I experienced the following: Upon adding a new pipe definition, the machine locked maybe an eyeblink after the command was set off. I.e., the machine was not ping'able anymore, and the console was dead. However, the activity LEDs of the NICs were still flashing. No kernel entries, nothing... This has happened already once after rising the NMBCLUSTERS value. Being paranoid, I have been logging this value to a file, but it does not seem to rise significantly before the crash. [Q]: Can the change of NMBCLUSTERS be the cause for my lockup problem, or could this be a dummynet problem? How do people running sites with lots of traffic setting the values of maxusers and NMBCLUSTERS to be safe, and what would be the maximum value for maxusers (I heard long it is instable > 128)? General question, how stable is dummynet under heavy load, any experiences there? BTW, the machine is also doing port forwarding of HTTP connects to a proxy. TIA for any hints, Ferdinand Goldmann To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 15:27:52 2000 Delivered-To: freebsd-net@freebsd.org Received: from smtp.alacritech.com (smtp.alacritech.com [209.10.208.82]) by hub.freebsd.org (Postfix) with ESMTP id 47A7637B479; Mon, 27 Nov 2000 15:27:51 -0800 (PST) Received: from [10.1.10.18] by smtp.alacritech.com (NTMail 4.30.0012/NY3553.00.2884f51f) with ESMTP id kcjlaaaa for ; Mon, 27 Nov 2000 15:24:33 -0800 From: "Christopher Harrer" To: "Freebsd-Net" , "Owner-Freebsd-Net" Subject: NETPERF Date: Mon, 27 Nov 2000 18:24:58 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone ever compiled and used Netperf on a FreeBSD system? If so, would you be willing to share your makefile and directions you used to compile it? Thanks! Chris Chris Harrer Alacritech, Inc. 403 West Lincoln Hwy. Suite 108 Exton, PA 19341 w-(484)875-9520 c-(484)433-5767 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 15:28:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from falla.videotron.net (falla.videotron.net [205.151.222.106]) by hub.freebsd.org (Postfix) with ESMTP id C12F037B479 for ; Mon, 27 Nov 2000 15:28:07 -0800 (PST) Received: from modemcable213.3-201-24.mtl.mc.videotron.ca ([24.201.3.213]) by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8) with ESMTP id <0G4P00AJXIITBV@falla.videotron.net> for freebsd-net@FreeBSD.ORG; Mon, 27 Nov 2000 18:28:05 -0500 (EST) Date: Mon, 27 Nov 2000 18:28:39 -0500 (EST) From: Bosko Milekic Subject: Re: Strange lockups with Dummynet In-reply-to: To: Ferdinand Goldmann Cc: freebsd-net@FreeBSD.ORG Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Ferdinand, A fix for this was recently committed to -CURRENT and yesterday to -STABLE. A related fix is about to be committed but yesterday's fix should fix the problems you describe below alone. I am not 100% certain that this "lockup" you describe is exactly the problem I'm referring to, because this problem usually results in a page fault. If it isn't, I'd appreciate it if you could make sure your kernel is compiled with debugging support and try and get a crash dump. If it's a complete lockup, you're likely to not get anything and in that case, I would begin by checking the hardware. On Mon, 27 Nov 2000, Ferdinand Goldmann wrote: > Hello. > > I am experiencing strange crashes on a machine which is being heavily used > as a traffic shaper serving about 300 clients. The machine itsself is just > an old Pentium machine, NICs are: > > tx0: port 0x6200-0x62ff mem 0xe1000000-0xe1000fff irq 11 at device 18.0 on pci0 > miibus0: on tx0 > nsphy0: on miibus0 > nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > tx0: address 00:e0:29:39:bb:ab, type SMC9432BTX > xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x6300-0x637f mem 0xe1001000-0xe100107f irq 9 at device 19.0 on pci0 > xl0: Ethernet address: 00:50:da:0d:a8:a7 > miibus1: on xl0 > xlphy0: <3c905C 10/100 internal PHY> on miibus1 > xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > > Occasionally, I see these in the logs: (I hear this is due to hardware being > too slow to respond to feed the NIC, which could be possible (P166)) > > xl0: transmission error: 90 > xl0: tx underrun, increasing tx start threshold to 120 bytes > > I have set the following kernel parameters: > maxusers 96 > options NMBCLUSTERS=4096 > > I beefed up NMBCLUSTERS because FreeBSD ran out of them with the default > setting. > > Currently: > # netstat -m > 637/1472/16384 mbufs in use (current/peak/max): > 187 mbufs allocated to data > 450 mbufs allocated to packet headers > 186/934/4096 mbuf clusters in use (current/peak/max) > 2236 Kbytes allocated to network (23% in use) > > I have configured between 3 and 4 pipes on this machine and declared > a small ruleset which should shape the traffic according to my > expectations. > > Today, I experienced the following: Upon adding a new pipe definition, > the machine locked maybe an eyeblink after the command was set off. > I.e., the machine was not ping'able anymore, and the console was > dead. However, the activity LEDs of the NICs were still flashing. > No kernel entries, nothing... > This has happened already once after rising the NMBCLUSTERS value. > Being paranoid, I have been logging this value to a file, but it does not > seem to rise significantly before the crash. > > [Q]: Can the change of NMBCLUSTERS be the cause for my lockup > problem, or could this be a dummynet problem? How do people running > sites with lots of traffic setting the values of maxusers and > NMBCLUSTERS to be safe, and what would be the maximum value for > maxusers (I heard long it is instable > 128)? > General question, how stable is dummynet under heavy load, any experiences > there? > BTW, the machine is also doing port forwarding of HTTP connects to a proxy. > > TIA for any hints, > Ferdinand Goldmann Regards, Bosko Milekic bmilekic@technokratis.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 15:33:51 2000 Delivered-To: freebsd-net@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id D72BA37B479 for ; Mon, 27 Nov 2000 15:33:49 -0800 (PST) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id eARNWFP22703; Mon, 27 Nov 2000 15:32:15 -0800 Date: Mon, 27 Nov 2000 15:32:15 -0800 From: Brooks Davis To: Christopher Harrer Cc: Freebsd-Net Subject: Re: NETPERF Message-ID: <20001127153215.A22544@Odin.AC.HMC.Edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from charrer@alacritech.com on Mon, Nov 27, 2000 at 06:24:58PM -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 27, 2000 at 06:24:58PM -0500, Christopher Harrer wrote: > Has anyone ever compiled and used Netperf on a FreeBSD system? If so, would > you be willing to share your makefile and directions you used to compile it? cd /usr/ports/benchmarks/netperf/ make install clean The port is a bit annoying in that it installs in /usr/local/netperf/, but it works just fine. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 15:40:29 2000 Delivered-To: freebsd-net@freebsd.org Received: from smtp.alacritech.com (smtp.alacritech.com [209.10.208.82]) by hub.freebsd.org (Postfix) with ESMTP id C0B0D37B479 for ; Mon, 27 Nov 2000 15:40:26 -0800 (PST) Received: from [10.1.10.18] by smtp.alacritech.com (NTMail 4.30.0012/NY3553.00.2884f51f) with ESMTP id fdjlaaaa for ; Mon, 27 Nov 2000 15:37:10 -0800 From: "Christopher Harrer" To: "Brooks Davis" Cc: "Freebsd-Net" Subject: RE: NETPERF Date: Mon, 27 Nov 2000 18:37:35 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20001127153215.A22544@Odin.AC.HMC.Edu> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks a lot Brooks! -----Original Message----- From: Brooks Davis [mailto:brooks@one-eyed-alien.net] Sent: Monday, November 27, 2000 6:32 PM To: Christopher Harrer Cc: Freebsd-Net Subject: Re: NETPERF On Mon, Nov 27, 2000 at 06:24:58PM -0500, Christopher Harrer wrote: > Has anyone ever compiled and used Netperf on a FreeBSD system? If so, would > you be willing to share your makefile and directions you used to compile it? cd /usr/ports/benchmarks/netperf/ make install clean The port is a bit annoying in that it installs in /usr/local/netperf/, but it works just fine. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 16:35: 7 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail2.mco.bellsouth.net (mail2.mco.bellsouth.net [205.152.111.14]) by hub.freebsd.org (Postfix) with ESMTP id 6C84B37B4C5 for ; Mon, 27 Nov 2000 16:35:05 -0800 (PST) Received: from bellsouth.net (host-216-78-93-15.jax.bellsouth.net [216.78.93.15]) by mail2.mco.bellsouth.net (3.3.5alt/0.75.2) with ESMTP id TAA16239 for ; Mon, 27 Nov 2000 19:27:36 -0500 (EST) Message-ID: <3A22FDB5.AABFE093@bellsouth.net> Date: Mon, 27 Nov 2000 19:35:01 -0500 From: Ted Knight Reply-To: efknight@bellsouth.net X-Mailer: Mozilla 4.76 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: 3Com At Home PCI Internal DSL "modem" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org DSL has now become available to me through Bellsouth.net, my ISP. They are now primarily providing the 3Com at home PCI internal DSL modem for self-install. From what I read most Baby Bells are switching to this card. It appears they are using PPPoA. Is there, by any chance, work being done to develop a driver for this device for FreeBSD? I have spoken to Bellsouth.net about getting an Alcatel Speed Touch external to use with a NIC, they won't do it. Thanks, Ted Knight To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 17:54:23 2000 Delivered-To: freebsd-net@freebsd.org Received: from cwcsun41.cwc.nus.edu.sg (cwcsun41.cwc.nus.edu.sg [137.132.163.102]) by hub.freebsd.org (Postfix) with ESMTP id 9106B37B479 for ; Mon, 27 Nov 2000 17:54:20 -0800 (PST) Received: from Beyond.cwc.nus.edu.sg ([172.16.3.32]) by cwcsun41.cwc.nus.edu.sg (8.9.3/8.9.3) with ESMTP id JAA12326 for ; Tue, 28 Nov 2000 09:53:29 +0800 (SGT) Message-Id: <5.0.2.1.0.20001128095340.00a4a5c0@postman.cwc.nus.edu.sg> X-Sender: yipmf@postman.cwc.nus.edu.sg X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 28 Nov 2000 09:54:16 +0800 To: freebsd-net@freebsd.org From: Yip Mann Fai Subject: 6to4 problem Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Hi all, > >I've a machine running FreeBSD 4.1 and I want to use it to connect to the >6bone using 6to4 encapsulation. However, I've yet to succeed and am >encountering problems or sorts also. I'm using the KAME stack that comes >with the FreeBSD 4.1 distribution. > >The following is the configuration that I have in my /etc/rc.conf file... > >ipv6_enable="YES" >ipv6_gateway_enable="YES" >ipv6_router_enable="NO" >ipv6_network_interfaces="lo0 xl0" >ipv6_prefix_xl0="2002:8984:a376:0" >ipv6_static_route="default" >ipv6_route_default="default 6to4.ipv6.microsoft.com" >stf_interface_ipv4addr="137.132.163.118" > >I've also recompiled my kernel with the "pseudo-device stf 1" option. > >Now the problem... > >After all the above has been done, rebooted the machine and when I tried >to "ping6 6to4.ipv6.microsoft.com" or any other 6to4 or 6bone address, I >couldn't get a reply at all. It just waits indefinitely for a reply. > >When I do a ifconfig stf0, it showed > >stf0: flags=1 mtu 1280 >inet6 2002:8984:a376::1 prefixlen 16 > >stf0 is only UP but not RUNNING and it also does not have a link local >address attached to it. Is this what is causing the problem that I'm facing? > >I've been trying to solve this problem for a week without any progress and >its getting really frustrating. >Please advise. Thanks. > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 18:18:13 2000 Delivered-To: freebsd-net@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id CDF7837B4C5 for ; Mon, 27 Nov 2000 18:18:10 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id VAA00201; Mon, 27 Nov 2000 21:17:55 -0500 (EST) (envelope-from wollman) Date: Mon, 27 Nov 2000 21:17:55 -0500 (EST) From: Garrett Wollman Message-Id: <200011280217.VAA00201@khavrinen.lcs.mit.edu> To: Yip Mann Fai Cc: freebsd-net@FreeBSD.ORG Subject: 6to4 problem In-Reply-To: <5.0.2.1.0.20001128095340.00a4a5c0@postman.cwc.nus.edu.sg> References: <5.0.2.1.0.20001128095340.00a4a5c0@postman.cwc.nus.edu.sg> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> When I do a ifconfig stf0, it showed >> >> stf0: flags=1 mtu 1280 >> inet6 2002:8984:a376::1 prefixlen 16 This looks normal. My home machine (that I'm typing this on right now) looks like: stf0: flags=1 mtu 1280 inet6 2002:1217:b62::1 prefixlen 16 Routing seems to work in my office network: wollman@khavrinen(37)$ traceroute6 6to4.ipv6.microsoft.com traceroute to 6to4.ipv6.microsoft.com (2002:836b:9820::836b:9820), 30 hops max, 12 byte packets 1 2002:121a:12:180a:280:c8ff:feca:a765 0.552 ms 0.365 ms 0.323 ms 2 2002:836b:9820::836b:9820 145.199 ms * 158.539 ms (The office network is running 4.2-STABLE as of last Friday. Hopefully some time this week we'll start advertising 2002:1200::/24 to the 6bone.) >> stf0 is only UP but not RUNNING and it also does not have a link local >> address attached to it. Is this what is causing the problem that I'm facing? Link-local addresses don't make sense over 6to4, whose ``link'' is the entire IPv4 Internet. >> I've been trying to solve this problem for a week without any progress and >> its getting really frustrating. The only problem I've had was rather similar to yours except that I got ``host is down'' errors from ping6 et al. In that case, the problem was a mismatch between the configured 2002:foo:bar prefix on my local Ethernet and the actual 2002:baz:quux prefix which was appropriate for my IP address. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 20:49:46 2000 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 90C5137B4E5 for ; Mon, 27 Nov 2000 20:49:43 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id UAA04458; Mon, 27 Nov 2000 20:49:43 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id eAS4ndB81957; Mon, 27 Nov 2000 20:49:39 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200011280449.eAS4ndB81957@curve.dellroad.org> Subject: Re: mpd 3.2 connection issue In-Reply-To: <3A204656.92F4095C@twopoint.com> "from Hamilton Hoover at Nov 25, 2000 05:08:06 pm" To: Hamilton Hoover Date: Mon, 27 Nov 2000 20:49:38 -0800 (PST) Cc: "freebsd-net@freebsd.org" X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hamilton Hoover writes: > I am trying to use mpd for a vpn connection, it is half working. The > remote machine is connecting but the problem I am having is that the > remote machine can not ping or browse the local network. It can however > resolve names via DNS, ftp and telnet to local hosts on the network. I This doesn't make sense. If remote machines can telnet to local hosts on the network but not ping, then there must be some firewall issue or something like that. Try running tcpdump(1) and see where packets are (not) flowing.. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Nov 27 23:52:29 2000 Delivered-To: freebsd-net@freebsd.org Received: from graf.priv.at (TK212017119140.teleweb.at [212.17.119.140]) by hub.freebsd.org (Postfix) with SMTP id 615FB37B699 for ; Mon, 27 Nov 2000 23:52:26 -0800 (PST) Received: (qmail 30196 invoked by uid 1000); 28 Nov 2000 07:52:24 -0000 Date: Tue, 28 Nov 2000 08:52:24 +0100 From: Georg Graf To: freebsd-net@freebsd.org Subject: Re: mpd 3.2 connection issue Message-ID: <20001128085224.B29024@graf.priv.at> References: <3A204656.92F4095C@twopoint.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3A204656.92F4095C@twopoint.com>; from hamilton@twopoint.com on Sat, Nov 25, 2000 at 05:08:06PM -0600 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Nov 25, 2000 at 05:08:06PM -0600, Hamilton Hoover wrote: > Hi all, > > I am trying to use mpd for a vpn connection, it is half working. The > remote machine is connecting but the problem I am having is that the > remote machine can not ping or browse the local network. It can however Do you NAT the pptp-clients? Maybe this is the reason why samba domain browsing does not work. If this is the case, I would direct you to the proxy-arp stuff ... mth, -- Georg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 0:33:51 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 459A937B69B for ; Tue, 28 Nov 2000 00:33:48 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id RAA17552; Tue, 28 Nov 2000 17:33:24 +0900 (JST) To: Yip Mann Fai Cc: freebsd-net@freebsd.org In-reply-to: yipmf's message of Tue, 28 Nov 2000 09:54:16 +0800. <5.0.2.1.0.20001128095340.00a4a5c0@postman.cwc.nus.edu.sg> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: 6to4 problem From: itojun@iijlab.net Date: Tue, 28 Nov 2000 17:33:23 +0900 Message-ID: <17550.975400403@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>ipv6_gateway_enable="YES" >>ipv6_router_enable="NO" >>ipv6_network_interfaces="lo0 xl0" >>ipv6_prefix_xl0="2002:8984:a376:0" >>ipv6_static_route="default" >>ipv6_route_default="default 6to4.ipv6.microsoft.com" >>stf_interface_ipv4addr="137.132.163.118" >>stf0: flags=1 mtu 1280 >>inet6 2002:8984:a376::1 prefixlen 16 i'd suggest you to stop using the same /64 prefix for stf0, and xl0. (2002:8984:a376:0::/64) itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 4: 3:54 2000 Delivered-To: freebsd-net@freebsd.org Received: from geoffb.films.redbus.co.uk (unknown [216.200.119.141]) by hub.freebsd.org (Postfix) with ESMTP id 5C15D37B400 for ; Tue, 28 Nov 2000 04:03:51 -0800 (PST) Received: (from geoffb@localhost) by geoffb.films.redbus.co.uk (8.11.1/8.11.1) id eASC3qs92463; Tue, 28 Nov 2000 12:03:52 GMT (envelope-from geoff@filmgroup.co.uk) X-Authentication-Warning: geoffb.films.redbus.co.uk: geoffb set sender to geoff@filmgroup.co.uk using -f Date: Tue, 28 Nov 2000 12:03:52 +0000 From: geoff buckingham To: jsmith_118@hotmail.com Cc: tim@filmgroup.co.uk, freebsd-net@freebsd.org Subject: Fastfowarding (ip_flow.c) Message-ID: <20001128120352.H83281@geoffb.films.redbus.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did you ever resolve this? We may be seeing a similar problem, or it could be something else entirely :-) We're using ip_fastfowarding, on a system routing 20k-30k packets per second between two intel pro/100+ cards. When we enable it, it causes strange system behaviour; System gets sluggish, pauses from time to time. It may be because IPFLOW_MAX is set to 256. We attempted to change it to 8192, but the system halts immediately after enabling fastforward. Can anyone advise how we can properly adjust varables in ip_flow.c? (IPFLOW_MAX, IPFLOW_HASHBITS, IPFLOW_HASHSIZE, IPFLOW_TIMER, etc). (We're using FreeBSD 3.4-STABLE, running BGP4 with 72,000 routes in kernel). Any help would be appreicated! ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 4:33:12 2000 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id AE4CE37B402 for ; Tue, 28 Nov 2000 04:32:59 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id eASCWWZ29345; Tue, 28 Nov 2000 14:32:32 +0200 (EET) (envelope-from ru) Date: Tue, 28 Nov 2000 14:32:31 +0200 From: Ruslan Ermilov To: geoff buckingham Cc: jsmith_118@hotmail.com, tim@filmgroup.co.uk, freebsd-net@FreeBSD.ORG Subject: Re: Fastfowarding (ip_flow.c) Message-ID: <20001128143231.B29061@sunbay.com> Mail-Followup-To: geoff buckingham , jsmith_118@hotmail.com, tim@filmgroup.co.uk, freebsd-net@FreeBSD.ORG References: <20001128120352.H83281@geoffb.films.redbus.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001128120352.H83281@geoffb.films.redbus.co.uk>; from geoff@filmgroup.co.uk on Tue, Nov 28, 2000 at 12:03:52PM +0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Nov 28, 2000 at 12:03:52PM +0000, geoff buckingham wrote: > > Did you ever resolve this? We may be seeing a similar problem, or it > could be something else entirely :-) > > > > We're using ip_fastfowarding, on a system routing 20k-30k packets per > second between two intel pro/100+ cards. When we enable it, it causes > strange system behaviour; System gets sluggish, pauses from time > to time. It may be because IPFLOW_MAX is set to 256. We attempted > to change it to 8192, but the system halts immediately after > enabling fastforward. > > Can anyone advise how we can properly adjust varables in ip_flow.c? > (IPFLOW_MAX, IPFLOW_HASHBITS, IPFLOW_HASHSIZE, IPFLOW_TIMER, etc). > > (We're using FreeBSD 3.4-STABLE, running BGP4 with 72,000 routes in > kernel). > This code was obtained from NetBSD, and they have so far improved it a bit. Look at what they did. This is on my TODO list but too deep in the stack... Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 5:30:52 2000 Delivered-To: freebsd-net@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id B916E37B400 for ; Tue, 28 Nov 2000 05:30:49 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id eASDUO247786; Tue, 28 Nov 2000 05:30:24 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200011281330.eASDUO247786@iguana.aciri.org> Subject: Re: Strange lockups with Dummynet In-Reply-To: from Ferdinand Goldmann at "Nov 27, 2000 10:40: 3 pm" To: ferdl@atommuell.oeh.uni-linz.ac.at (Ferdinand Goldmann) Date: Tue, 28 Nov 2000 05:30:24 -0800 (PST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What OS version are you using, what ipfw/dummynet configuration, how much memory is on the system. cheers luigi > > I am experiencing strange crashes on a machine which is being heavily used > as a traffic shaper serving about 300 clients. The machine itsself is just > an old Pentium machine, NICs are: > > tx0: port 0x6200-0x62ff mem 0xe1000000-0xe1000fff irq 11 at device 18.0 on pci0 > miibus0: on tx0 > nsphy0: on miibus0 > nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > tx0: address 00:e0:29:39:bb:ab, type SMC9432BTX > xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x6300-0x637f mem 0xe1001000-0xe100107f irq 9 at device 19.0 on pci0 > xl0: Ethernet address: 00:50:da:0d:a8:a7 > miibus1: on xl0 > xlphy0: <3c905C 10/100 internal PHY> on miibus1 > xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > > Occasionally, I see these in the logs: (I hear this is due to hardware being > too slow to respond to feed the NIC, which could be possible (P166)) > > xl0: transmission error: 90 > xl0: tx underrun, increasing tx start threshold to 120 bytes > > I have set the following kernel parameters: > maxusers 96 > options NMBCLUSTERS=4096 > > I beefed up NMBCLUSTERS because FreeBSD ran out of them with the default > setting. > > Currently: > # netstat -m > 637/1472/16384 mbufs in use (current/peak/max): > 187 mbufs allocated to data > 450 mbufs allocated to packet headers > 186/934/4096 mbuf clusters in use (current/peak/max) > 2236 Kbytes allocated to network (23% in use) > > I have configured between 3 and 4 pipes on this machine and declared > a small ruleset which should shape the traffic according to my > expectations. > > Today, I experienced the following: Upon adding a new pipe definition, > the machine locked maybe an eyeblink after the command was set off. > I.e., the machine was not ping'able anymore, and the console was > dead. However, the activity LEDs of the NICs were still flashing. > No kernel entries, nothing... > This has happened already once after rising the NMBCLUSTERS value. > Being paranoid, I have been logging this value to a file, but it does not > seem to rise significantly before the crash. > > [Q]: Can the change of NMBCLUSTERS be the cause for my lockup > problem, or could this be a dummynet problem? How do people running > sites with lots of traffic setting the values of maxusers and > NMBCLUSTERS to be safe, and what would be the maximum value for > maxusers (I heard long it is instable > 128)? > General question, how stable is dummynet under heavy load, any experiences > there? > BTW, the machine is also doing port forwarding of HTTP connects to a proxy. > > TIA for any hints, > Ferdinand Goldmann > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 10:45: 3 2000 Delivered-To: freebsd-net@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 7617137B402 for ; Tue, 28 Nov 2000 10:44:56 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id PAA33955 for freebsd-net@freebsd.org; Tue, 28 Nov 2000 15:48:08 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011281848.PAA33955@ns1.via-net-works.net.ar> Subject: Bridging on wi interfaces To: freebsd-net@freebsd.org Date: Tue, 28 Nov 2000 15:48:08 -0300 (ART) Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello: Does anybody know is bridging works on wi (WaveLan) interfaces? TIA! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 14: 4: 6 2000 Delivered-To: freebsd-net@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 9AE8C37B400 for ; Tue, 28 Nov 2000 14:04:03 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id TAA38612; Tue, 28 Nov 2000 19:07:10 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011282207.TAA38612@ns1.via-net-works.net.ar> Subject: Re: Bridging on wi interfaces In-Reply-To: <3A242159.14BB67A6@nu.cuk.nu> "from Marko Cuk at Nov 28, 2000 10:19:21 pm" To: Marko Cuk Date: Tue, 28 Nov 2000 19:07:10 -0300 (ART) Cc: freebsd-net@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Marko Cuk escribió: [ Charset ISO-8859-2 unsupported, converting... ] > I think, that it wi driver cannot bridge. Thanks! I saw after my posting that 4.2-R _can_ do that. Thanks anyway! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 20:19:15 2000 Delivered-To: freebsd-net@freebsd.org Received: from tomts5-srv.bellnexxia.net (tomts5.bellnexxia.net [209.226.175.25]) by hub.freebsd.org (Postfix) with ESMTP id A9C1437B402; Tue, 28 Nov 2000 20:19:10 -0800 (PST) Received: from johnny5 ([64.229.47.198]) by tomts5-srv.bellnexxia.net (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20001129041909.SALC22808.tomts5-srv.bellnexxia.net@johnny5>; Tue, 28 Nov 2000 23:19:09 -0500 Message-ID: <002d01c059ba$f55d5ea0$0100000a@johnny5> Reply-To: "John Telford" From: "John Telford" To: , Subject: Natd redirect_address bug ? Date: Tue, 28 Nov 2000 23:15:07 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is in reference to my post earlier this month "Natd redirect address not working in 4.1.1 Help Please ??" and how I got it resolved. Credit for the solution goes to Daniel Charboneau. I'm posting this to help others who may encounter the same problem and also ask the seasoned pro's if this might be a bug, or is it just how natd works ? The brief story: Using the redirect_address option with natd would not work to access a box inside the firewall with a certain set of ip numbers. However it worked fine using a different set of ip numbers. I re-created the problem on some spare equipment. If anyone wants to investigate further drop me a note for the numbers I was using. This was resolved by Daniel's suggestion that I alias the address on my public side, then redirect it to the private side address. This is what went into my /etc./rc.conf: natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. natd_flags="-f /etc/natd.conf" #External Interface... the aliasing allows it to listen and respond to multiple ip's on one NIC. ifconfig_fxp0_alias0="inet 216.xxx.xxx.1 netmask 255.255.255.224" #public natd interface ifxonfig_fxp0_alias1="inet 216.xxx.xxx.2 netmask 255.255.255.224" #public ip to be redirected in. #Internal Interface ifconfig_fxp1="inet 10.130.25.9 netmask 255.255.0.0" And in /etc/natd.conf redirect_address 10.130.5.2 216.xxx.xxx.2 Regards, John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 22:55:23 2000 Delivered-To: freebsd-net@freebsd.org Received: from piranha.amis.net (piranha.amis.net [212.18.32.3]) by hub.freebsd.org (Postfix) with ESMTP id 96ACE37B6A5 for ; Tue, 28 Nov 2000 22:55:21 -0800 (PST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by piranha.amis.net (Postfix) with ESMTP id B4BDC5D10; Wed, 29 Nov 2000 07:55:15 +0100 (CET) Date: Wed, 29 Nov 2000 07:55:15 +0100 (CET) From: Blaz Zupan X-Sender: blaz@titanic.medinet.si To: Fernando Schapachnik Cc: freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces In-Reply-To: <200011282207.TAA38612@ns1.via-net-works.net.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I think, that it wi driver cannot bridge. > Thanks! I saw after my posting that 4.2-R _can_ do that. No, it can not. See the mailing list archives on the reasons why it can't or ask Bill Paul. Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 23:26:41 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.flashnet.it (ems.flashnet.it [194.247.160.44]) by hub.freebsd.org (Postfix) with ESMTP id 905AE37B69F for ; Tue, 28 Nov 2000 23:26:37 -0800 (PST) Received: from smtp.flashnet.it (ip070.pool-173.cyb.it [195.191.181.71]) by relay.flashnet.it (EMS-RELAY/8.10.0) with SMTP id eAT7QY115055 for ; Wed, 29 Nov 2000 08:26:34 +0100 Message-Id: <200011290726.eAT7QY115055@relay.flashnet.it> To: freebsd-net@freebsd.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Wed, 29 Nov 2000 08:26:32 EST From: Andrea Venturoli Reply-To: Andrea Venturoli Subject: ppp server & windows Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I set up a ppp server on a 4.1.1-R system; the modem answers correctly, but when I try connecting from a Windows (both 98 and 2000) machine they can't agree on the connection parameters. I get the following in /var/log/ppp.log: Phase: Using interface: tun1 Phase: deflink: Created in closed state Phase: PPP Started (direct mode). Phase: bundle: Establish Phase: deflink: closed -> opening Phase: deflink: Connected! Phase: deflink: opening -> carrier Phase: deflink: carrier -> lcp Phase: Unknown protocol 0x007d (reserved (Control Escape)) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x007d (reserved (Control Escape)) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x007d (reserved (Control Escape)) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x007d (reserved (Control Escape)) Phase: Unknown protocol 0x7eff (unrecognised protocol) Phase: Unknown protocol 0x2275 (unrecognised protocol) Phase: deflink: Disconnected! Phase: deflink: Connect time: 16 secs: 328 octets in, 543 octets out Phase: deflink: : 12 packets in, 17 packets out Phase: total 54 bytes/sec, peak 97 bytes/sec on Fri Nov 24 20:23:03 2000 Phase: deflink: lcp -> closed Phase: bundle: Dead Phase: PPP Terminated (normal). Any one has any idea on what's going on? I tried searching the Internet for info on how to make a Win machine connect to a UNIX one, but wasn't lucky. If anyone has such a pointer, I'd be glad to know. Bye & Thanks av. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Nov 28 23:46: 6 2000 Delivered-To: freebsd-net@freebsd.org Received: from mailhub.iastate.edu (mailhub.iastate.edu [129.186.1.102]) by hub.freebsd.org (Postfix) with ESMTP id 0745537B400 for ; Tue, 28 Nov 2000 23:46:04 -0800 (PST) Received: from iastate.edu ([129.186.232.231]) by mailhub.iastate.edu (8.9.3/8.9.3) with ESMTP id BAA20289; Wed, 29 Nov 2000 01:45:54 -0600 Message-ID: <3A24B432.CCDBE8C4@iastate.edu> Date: Wed, 29 Nov 2000 07:45:54 +0000 From: Chris X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik Cc: freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces References: <200011281848.PAA33955@ns1.via-net-works.net.ar> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > > Hello: > Does anybody know is bridging works on wi (WaveLan) > interfaces? You cannot do bridging on WaveLan interfaces, but there is a way that you can work around it that we are now using to good effect. I guess the question is--what do you need to do with it? If all the boxes that you want to do bridging between are FreeBSD, then you might try this out. The way it works for us, is that WaveLan network is configured as a private internal network, that is used primarily for tunneling. Once you have this, you can set up ksocket tunnels with netgraph, and then enable bridging between the tunnels, and the public interfaces. Our current setup is only bridging between two boxes, but in theory, it should work for more. ngctl -f - <; Wed, 29 Nov 2000 03:48:06 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id IAA05473; Wed, 29 Nov 2000 08:51:04 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011291151.IAA05473@ns1.via-net-works.net.ar> Subject: Re: Bridging on wi interfaces In-Reply-To: "from Blaz Zupan at Nov 29, 2000 07:55:15 am" To: Blaz Zupan Date: Wed, 29 Nov 2000 08:51:04 -0300 (ART) Cc: Fernando Schapachnik , freebsd-net@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Blaz Zupan escribió: > > > I think, that it wi driver cannot bridge. > > Thanks! I saw after my posting that 4.2-R _can_ do that. > > No, it can not. See the mailing list archives on the reasons why it can't or > ask Bill Paul. Could you please provide a search key that would make me find it? "wi driver" and "wi AND bridging" don't throw anything useful. Also, I found on CVS: Revision 1.18.2.2 / (download) - annotate - [select for diffs], Wed May 24 01:47:51 2000 UTC (6 months ago) by archie Branch: RELENG_4 Changes since 1.18.2.1: +2 -15 lines Diff to previous 1.18.2.1 (colored) to branchpoint 1.18 (colored) MFC: Move BPF and bridging code into ether_input() Are you sure you are talking about a recent 4.2-R? Thanks! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 3:57:53 2000 Delivered-To: freebsd-net@freebsd.org Received: from piranha.amis.net (piranha.amis.net [212.18.32.3]) by hub.freebsd.org (Postfix) with ESMTP id 3068837B402 for ; Wed, 29 Nov 2000 03:57:49 -0800 (PST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by piranha.amis.net (Postfix) with ESMTP id E0A325D30; Wed, 29 Nov 2000 12:57:39 +0100 (CET) Date: Wed, 29 Nov 2000 12:57:39 +0100 (CET) From: Blaz Zupan X-Sender: blaz@titanic.medinet.si To: Fernando Schapachnik Cc: freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces In-Reply-To: <200011291151.IAA05473@ns1.via-net-works.net.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Could you please provide a search key that would make me find it? "wi > driver" and "wi AND bridging" don't throw anything useful. > > Also, I found on CVS: > Revision 1.18.2.2 / (download) - annotate - [select for diffs], Wed > May 24 01:47:51 2000 UTC (6 months ago) > by archie > Branch: RELENG_4 > Changes since 1.18.2.1: +2 -15 lines > Diff to previous 1.18.2.1 (colored) to branchpoint 1.18 (colored) > > MFC: Move BPF and bridging code into ether_input() > > Are you sure you are talking about a recent 4.2-R? I'm talking about *any* version of *any* driver on *any* operating system. I searched through the mailing list archives and didn't find it, then I found out that it was a personal mail from Bill Paul (the author of the WaveLan driver). Quote: > Forget it. Just forget it. Put the whole idea out of your mind. The > WaveLAN firmware will not let you transmit a frame who's origin MAC > address does not match its own. If you attempt to retransmit a packet > from another interface with a different origin MAC address, the NIC > will silently discard it. The origin MAC address plays an important > part in the 802.11 protocol and you're not allowed to screw with it > like you can on ethernet. Since bridging depends on being able to > alter the origin MAC address (at least in the current implementation), > this means you're out of luck. Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 4: 1:59 2000 Delivered-To: freebsd-net@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 135E637B69C for ; Wed, 29 Nov 2000 04:01:49 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA10068; Wed, 29 Nov 2000 09:04:49 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011291204.JAA10068@ns1.via-net-works.net.ar> Subject: Re: Bridging on wi interfaces In-Reply-To: <3A24B432.CCDBE8C4@iastate.edu> "from Chris at Nov 29, 2000 07:45:54 am" To: Chris Date: Wed, 29 Nov 2000 09:04:49 -0300 (ART) Cc: Fernando Schapachnik , freebsd-net@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Chris escribió: > Fernando Schapachnik wrote: > > > > Hello: > > Does anybody know is bridging works on wi (WaveLan) > > interfaces? > > You cannot do bridging on WaveLan interfaces, but there is a > way that you can work around it that we are now using to good > effect. I guess the question is--what do you need to do > with it? If all the boxes that you want to do bridging between > are FreeBSD, then you might try this out. What I need to do is: | router |-eth-| FBSD w/wi |-wireless link-| FBSD w/wi |-eth-|router| I need the routers to be "directly connected". Is this possible? Thanks and regards! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 4:25:40 2000 Delivered-To: freebsd-net@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id D3BA737B404 for ; Wed, 29 Nov 2000 04:25:31 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA20115; Wed, 29 Nov 2000 09:28:47 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011291228.JAA20115@ns1.via-net-works.net.ar> Subject: Re: Bridging on wi interfaces In-Reply-To: "from Blaz Zupan at Nov 29, 2000 12:57:39 pm" To: Blaz Zupan Date: Wed, 29 Nov 2000 09:28:47 -0300 (ART) Cc: Fernando Schapachnik , freebsd-net@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Blaz Zupan escribió: > I'm talking about *any* version of *any* driver on *any* operating > system. > > I searched through the mailing list archives and didn't find it, then I found > out that it was a personal mail from Bill Paul (the author of the WaveLan > driver). Quote: > > > Forget it. Just forget it. Put the whole idea out of your mind. The > > WaveLAN firmware will not let you transmit a frame who's origin MAC > > address does not match its own. If you attempt to retransmit a packet > > from another interface with a different origin MAC address, the NIC > > will silently discard it. The origin MAC address plays an important > > part in the 802.11 protocol and you're not allowed to screw with it > > like you can on ethernet. Since bridging depends on being able to > > alter the origin MAC address (at least in the current implementation), > > this means you're out of luck. Ok, got it. Thanks for the info! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 5:18: 8 2000 Delivered-To: freebsd-net@freebsd.org Received: from tech.pcx.si (tech.pcx.si [212.18.46.56]) by hub.freebsd.org (Postfix) with ESMTP id BD32B37B401 for ; Wed, 29 Nov 2000 05:18:06 -0800 (PST) Received: from nu.cuk.nu (unknown [192.168.1.50]) by tech.pcx.si (Postfix) with ESMTP id 9501CF909B; Wed, 29 Nov 2000 14:18:22 +0100 (CET) Message-ID: <3A250265.CB902E1@nu.cuk.nu> Date: Wed, 29 Nov 2000 14:19:33 +0100 From: Marko Cuk Organization: Pcx computers d.o.o., Tehnika X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik , freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces References: <200011291204.JAA10068@ns1.via-net-works.net.ar> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > > What I need to do is: > > | router |-eth-| FBSD w/wi |-wireless link-| FBSD w/wi |-eth-|router| > > I need the routers to be "directly connected". Is this possible? Use two Access Points and connect them. You need to enter MAC adresses and that's it. APoints can bridge LAN-TO-LAN. It's expensiver idea, but it works as you want to. Cuk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 7:55:39 2000 Delivered-To: freebsd-net@freebsd.org Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by hub.freebsd.org (Postfix) with SMTP id 40FE437B404 for ; Wed, 29 Nov 2000 07:55:36 -0800 (PST) Received: (qmail 49980 invoked from network); 29 Nov 2000 15:53:39 -0000 Received: from unknown (HELO telehouse.ch) ([62.48.0.139]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 29 Nov 2000 15:53:39 -0000 Message-ID: <3A2526DA.4E57B0D4@telehouse.ch> Date: Wed, 29 Nov 2000 16:55:06 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Blaz Zupan Cc: Fernando Schapachnik , freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Blaz Zupan wrote: -snip- > I'm talking about *any* version of *any* driver on *any* operating > system. > > I searched through the mailing list archives and didn't find it, then I found > out that it was a personal mail from Bill Paul (the author of the WaveLan > driver). Quote: > > > Forget it. Just forget it. Put the whole idea out of your mind. The > > WaveLAN firmware will not let you transmit a frame who's origin MAC > > address does not match its own. If you attempt to retransmit a packet > > from another interface with a different origin MAC address, the NIC > > will silently discard it. The origin MAC address plays an important > > part in the 802.11 protocol and you're not allowed to screw with it > > like you can on ethernet. Since bridging depends on being able to > > alter the origin MAC address (at least in the current implementation), > > this means you're out of luck. There must be a way. For Lucent the Access Point uses exactly the same card with the same firmware as any client. The point is it is not known how to program the card to do it. -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 8: 2:41 2000 Delivered-To: freebsd-net@freebsd.org Received: from piranha.amis.net (piranha.amis.net [212.18.32.3]) by hub.freebsd.org (Postfix) with ESMTP id 3446537B699 for ; Wed, 29 Nov 2000 08:02:40 -0800 (PST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by piranha.amis.net (Postfix) with ESMTP id F2B665D47; Wed, 29 Nov 2000 17:02:38 +0100 (CET) Date: Wed, 29 Nov 2000 17:02:38 +0100 (CET) From: Blaz Zupan X-Sender: blaz@titanic.medinet.si To: Andre Oppermann Cc: freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces In-Reply-To: <3A2526DA.4E57B0D4@telehouse.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Nov 2000, Andre Oppermann wrote: > There must be a way. For Lucent the Access Point uses exactly the same > card with the same firmware as any client. The point is it is not known > how to program the card to do it. Yes exactly. But if you don't know how to program the card to do it, then you can't do it. So it is not possible :) Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 8:53: 3 2000 Delivered-To: freebsd-net@freebsd.org Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by hub.freebsd.org (Postfix) with ESMTP id 6D21537B401 for ; Wed, 29 Nov 2000 08:52:54 -0800 (PST) Received: from fokus.gmd.de (thatrel [193.175.132.249]) by mailhub.fokus.gmd.de (8.8.8/8.8.8) with ESMTP id RAA29013; Wed, 29 Nov 2000 17:52:45 +0100 (MET) Message-ID: <3A25345D.FD3649CC@fokus.gmd.de> Date: Wed, 29 Nov 2000 17:52:45 +0100 From: Falco Krepel Organization: GMD FOKUS - CATS Group X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.6 sun4m) X-Accept-Language: en, de-DE MIME-Version: 1.0 To: Julian Elischer Cc: "freebsd-net@FreeBSD.ORG" Subject: Re: New Protocol over Ethernet References: <3A142E0C.1B1D18DD@fokus.gmd.de> <3A14701F.4CF92AFB@elischer.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Julian Elischer wrote: > > Hi, > > > > I want to implement my own protocol on top of ethernet. This protocol > > should should not influence other protocols running on the system. So I > > must distinguish my own frames from other frames. > > > > If I understood it right, three approaches exists: > > > > 1. I creat with netgraph a hook over ther ethernet interface. With this > > solution I am not shure how much overhead this adds because it could be > > possible that this runs into timing problems. > > > > There will be no more timing load that any other scheme you can think > of. > Netgraph is very efficient. > > it would help a bit if you gave more specific information as to the > characterisitics of the protocol you want. OK, I give you a short description about my project. The goal is to realize a wireless link simulation over ethernet. This is done by using 100MBit/s full duplex point to point links between the terminal and the simulation box (PC). The box contains a four port ethernet card, so it is possible to connect four terminals. Each packet receiving on one port must be forwarded to at least one other port. Between receive and send some bit level modifications are done depending on a channel error model. My idea was to encapsulate the wireless link frames in ethernet frames to reduce any further overhead. A timer give an indication for each frame. To synchronize the stations I will use the NTP protocol running over an extra ethernet card. So I receive my ethernet frames, do some modifications and send them out. I think netgraph is the best way to do this because it is possible to implement the protocol in user space and no kernel modifications are required. I create a hook on each ethernet port and get the ethernet frames and send them out through the hooks. Is it right that I get the raw ethernet frames through this hooks and is it possible to set a filter for special frames? > > Now my questions: > > > > - Does exist an implementation which could help me to find the solution? > > - Has anybody experience with such an implementation? > > > > many people have done this.. Great. It is possible that anybody share his implementation? This will be very helpful for me. Also links to implementations or implementation examples are useful for me. -- Falco Krepel Phone: +49-(0)30 - 34 63 - 7 276 GMD-FOKUS Fax: +49-(0)30 - 34 63 - 8 276 Kaiserin-Augusta-Allee 31 e-mail: krepel@fokus.gmd.de 10589 Berlin WWW: http://www.fokus.gmd.de/usr/krepel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 9:34:38 2000 Delivered-To: freebsd-net@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id A641B37B400 for ; Wed, 29 Nov 2000 09:34:30 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id OAA63994; Wed, 29 Nov 2000 14:37:38 -0300 (ART) From: Fernando Schapachnik Message-Id: <200011291737.OAA63994@ns1.via-net-works.net.ar> Subject: Re: Bridging on wi interfaces In-Reply-To: <3A2526DA.4E57B0D4@telehouse.ch> "from Andre Oppermann at Nov 29, 2000 04:55:06 pm" To: Andre Oppermann Date: Wed, 29 Nov 2000 14:37:38 -0300 (ART) Cc: Blaz Zupan , Fernando Schapachnik , freebsd-net@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Andre Oppermann escribió: > There must be a way. For Lucent the Access Point uses exactly the same > card with the same firmware as any client. The point is it is not known > how to program the card to do it. I think this is because the WavePoint uses 8 Mb (not IEEE 802.11) cards. Regards! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 9:46: 4 2000 Delivered-To: freebsd-net@freebsd.org Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by hub.freebsd.org (Postfix) with SMTP id B46EC37B404 for ; Wed, 29 Nov 2000 09:46:01 -0800 (PST) Received: (qmail 55354 invoked from network); 29 Nov 2000 17:44:05 -0000 Received: from unknown (HELO telehouse.ch) ([62.48.0.139]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 29 Nov 2000 17:44:05 -0000 Message-ID: <3A2540BC.FD084DCE@telehouse.ch> Date: Wed, 29 Nov 2000 18:45:32 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik Cc: Blaz Zupan , freebsd-net@freebsd.org Subject: Re: Bridging on wi interfaces References: <200011291737.OAA63994@ns1.via-net-works.net.ar> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > > En un mensaje anterior, Andre Oppermann escribió: > > There must be a way. For Lucent the Access Point uses exactly the same > > card with the same firmware as any client. The point is it is not known > > how to program the card to do it. > > I think this is because the WavePoint uses 8 Mb (not IEEE 802.11) > cards. Nope, I've just swapped cards from my notebook to the Orinoco Access Point and vice-versa. This message is sent over that link. -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 11:57:59 2000 Delivered-To: freebsd-net@freebsd.org Received: from nu.nu.cuk.nu (node.050.lc.link.si [212.30.95.50]) by hub.freebsd.org (Postfix) with ESMTP id 3E8AC37B401 for ; Wed, 29 Nov 2000 11:57:52 -0800 (PST) Received: from nu.cuk.nu (cuk.localnet [192.168.6.11]) by nu.nu.cuk.nu (Postfix) with ESMTP id A36A91AB65 for ; Wed, 29 Nov 2000 20:58:02 +0100 (CET) Message-ID: <3A255FAC.75400D44@nu.cuk.nu> Date: Wed, 29 Nov 2000 20:57:32 +0100 From: Marko Cuk X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: New Protocol over Ethernet References: <3A142E0C.1B1D18DD@fokus.gmd.de> <3A14701F.4CF92AFB@elischer.org> <3A25345D.FD3649CC@fokus.gmd.de> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms469E0EEB54E4B9A9F4A7A94F" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. --------------ms469E0EEB54E4B9A9F4A7A94F Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Hmm...good, but I'm interested in sometging similar.... I have some experiences with hamradio AX.25 protocols...but it's slow. Check http://www.hamradio.si/hid.html You have interesting idea on sync stations, but you think, that it will work ? How can I put two Lucent IEEE 802.11 cards into one BSD box and make them like one interface, to double speed of 11Mbit/s ?? Actual spped through one wireless link is about 500KBytes/s what is around half speed of 10mbit ethernet. So, how can i achieve it , full 10Mbit speed with two wireless cards in one maschine ? Or, how to "merge" two 100Mbit ethernets to achieve 200Mbit/s ?? Tnx, Cuk Falco Krepel wrote: > Julian Elischer wrote: > > > Hi, > > > > > > I want to implement my own protocol on top of ethernet. This protocol > > > should should not influence other protocols running on the system. So I > > > must distinguish my own frames from other frames. > > > > > > If I understood it right, three approaches exists: > > > > > > 1. I creat with netgraph a hook over ther ethernet interface. With this > > > solution I am not shure how much overhead this adds because it could be > > > possible that this runs into timing problems. > > > > > > > There will be no more timing load that any other scheme you can think > > of. > > Netgraph is very efficient. > > > > it would help a bit if you gave more specific information as to the > > characterisitics of the protocol you want. > > OK, I give you a short description about my project. The goal is to > realize a wireless link simulation over ethernet. This is done by using > 100MBit/s full duplex point to point links between the terminal and the > simulation box (PC). The box contains a four port ethernet card, so it > is possible to connect four terminals. > > Each packet receiving on one port must be forwarded to at least one > other port. Between receive and send some bit level modifications are > done depending on a channel error model. > > My idea was to encapsulate the wireless link frames in ethernet frames > to reduce any further overhead. A timer give an indication for each > frame. To synchronize the stations I will use the NTP protocol running > over an extra ethernet card. > > So I receive my ethernet frames, do some modifications and send them > out. I think netgraph is the best way to do this because it is possible > to implement the protocol in user space and no kernel modifications are > required. I create a hook on each ethernet port and get the ethernet > frames and send them out through the hooks. Is it right that I get the > raw ethernet frames through this hooks and is it possible to set a > filter for special frames? > > > > Now my questions: > > > > > > - Does exist an implementation which could help me to find the solution? > > > - Has anybody experience with such an implementation? > > > > > > > many people have done this.. > > Great. It is possible that anybody share his implementation? This will > be very helpful for me. Also links to implementations or implementation > examples are useful for me. > > -- > Falco Krepel Phone: +49-(0)30 - 34 63 - 7 276 > GMD-FOKUS Fax: +49-(0)30 - 34 63 - 8 276 > Kaiserin-Augusta-Allee 31 e-mail: krepel@fokus.gmd.de > 10589 Berlin WWW: http://www.fokus.gmd.de/usr/krepel > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --------------ms469E0EEB54E4B9A9F4A7A94F Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIILRwYJKoZIhvcNAQcCoIILODCCCzQCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CUkwggJWMIIBv6ADAgECAgsBAAAAAADi6OMbGjANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQG EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTETMBEGA1UECxMKQ2xhc3MgMSBDQTEe MBwGA1UEAxMVR2xvYmFsU2lnbiBDbGFzcyAxIENBMB4XDTAwMTExODE3NTAwNloXDTAwMTIx OTE3NTAwNlowNjEWMBQGA1UEAxQNY3VrQG51LmN1ay5udTEcMBoGCSqGSIb3DQEJARYNY3Vr QG51LmN1ay5udTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuIuBAERjucydC5Dh3ubP ROY/sx0YtaiO0r6/6xJHfDlp7iJ6xpdj2PCK/MflRL2iUzQNODn8ng7hsa7+h8eURs7cXZIq rzOJK6Gzn57ij0hWAfv7+JFXl6EpxiadzeK9yW8sHUCiIn/3SpRmGqXtBDDfs1wmX67fzRQH 6bfAcv0CAwEAAaNDMEEwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIE8DAfBgNVHSME GDAWgBQO3PC7Ejzd+mCnjycKm6cufnNpmjANBgkqhkiG9w0BAQUFAAOBgQIQ/OPaTYl3kAPP tJ33aHsVW91+3JiFc72B5ObZFSewd/UXTxSpVfG14SnTYhkUKuiF7ZQMF+ZlQW/jsi/uoxHx 9t5gSzum946riO+C+meKCvukspxXCswYGm45G98/5iqEX+FLU0Y3o8wwq6yLyCVMZ5LUO2Wm 68ATDWEKUM2IrDCCAzswggIjoAMCAQICCwIAAAAAANZ4ujryMA0GCSqGSIb3DQEBBAUAMG0x CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRswGQYDVQQLExJQcmlt YXJ5IENsYXNzIDEgQ0ExJjAkBgNVBAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAxIENB MB4XDTk4MDkxNjEyMDAwMFoXDTA0MDEyODEyMDAwMFowXTELMAkGA1UEBhMCQkUxGTAXBgNV BAoTEEdsb2JhbFNpZ24gbnYtc2ExEzARBgNVBAsTCkNsYXNzIDEgQ0ExHjAcBgNVBAMTFUds b2JhbFNpZ24gQ2xhc3MgMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmjJY7csS PqvryFdmTEK8cIBgADYB7t/9/V7xcuHMqjPYhGIlL+AuKyJiIq+OXl1pRW0NQ6J3a5uaMfHy EAKH4YqBnPmMYrK8ZImHVZZWfCkDtezp9llOzLi9FLEHFl6l1GfQTUmr/1nPx7Kh+2EbmYcw NY8q1a30osItFfv+23kCAwEAAaNwMG4wCwYDVR0PBAQDAgAGMB0GA1UdDgQWBBQO3PC7Ejzd +mCnjycKm6cufnNpmjAfBgNVHSMEGDAWgBT84Gb2WjWZ60Ae0rgeQ7yYjh+KwzARBglghkgB hvhCAQEEBAMCAAcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAQEAJSGOw9tLJwJO 6BczAJXaTkYeqdcWCpt+H8YA6+z535Vy8ZbeZodRv+VR0vn0WEnwIBYj82jooZzjHuiAPJDv JscCeodgNZ8s5J9OKnJyaV+EY3FoBzFytnnj6+e2LjqQVJo7hGjsohyU3pjHjAwUrbmnBQ2/ TQiFY6827nLlNZOKv42LBI6qwOlrqhfZVhs1yGReZAT9sUI89/TDLcfn5WqALpQ6b9NYaWsD YReIp8l6/wCAooLeOj6eq4fgVk6BhbNpxYYW6Yk/uIQ3dKgwS6mbmDet1ksx6gx+z9RdvB6e RBy2CwAfZy6acD9872USMbSnpMtdWyeaAed5n10o4jCCA6wwggKUoAMCAQICCwIAAAAAANZ4 uDfPMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0Ew HhcNOTgwOTE1MTIwMDAwWhcNMDkwMTI4MTIwMDAwWjBtMQswCQYDVQQGEwJCRTEZMBcGA1UE ChMQR2xvYmFsU2lnbiBudi1zYTEbMBkGA1UECxMSUHJpbWFyeSBDbGFzcyAxIENBMSYwJAYD VQQDEx1HbG9iYWxTaWduIFByaW1hcnkgQ2xhc3MgMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAL0gNUfRKNYIoxI5I0cNvXAhUg5XMZWmNFdr7H5DecMGUkjNvLWhmb3Y HzK8z9ducm0udyKQgk5Lj5oMAUKa2XBZtp0f5mPRDK0dTviFgfmu75+mUmFEeRp1ReBhVkVt Qow9csumpBK3mvXWYNBgULOOpqbstPQSzX+ozu+z4YUw/nLE5ud3s55YQdZRg4gHxrZpTzbe 0QtIP73WnyF0ZG8nBj5L/Q6mm7+kSFeMkO6JGAsCgRi+Z/5TYIgnuqNzNEtaVrTecwXtmJZd 7ErnQPxLCWLr0OMxT4XReqtZZyv7iA/rqoO9Nf1hJ+xmDkJX92nCDO/8asJuSdqPQTiuSKkC AwEAAaNjMGEwDgYDVR0PAQH/BAQDAgAGMB0GA1UdDgQWBBT84Gb2WjWZ60Ae0rgeQ7yYjh+K wzAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBBAUAA4IBAQCbowhEzvKQnXHzMrMFarXqzymY3lU+oBZ9BnpE1q/S+hNYjPgc x6sdtBvvaWiYXAg5j+D3+0jMIee4M9sFqjQkbErl6Xtg3oOzHwq+QXX8zDBIt8EmHQQzqrZ4 7SrLulaXMm73MZUuRvIU7ifH92KJuVxa0ziKZPU3tPGzNHLV1SE9S9d4k9cxZjUeo9hHSW8c reGAf/iYJGxzrA7CGncCoyYHt8drXbyC1SpIHWPPUDKm+xwYRxUKWwxcOCSaBJioCEhffDSH Y6stjUwAd5Qbdrr1FhijFa8vlPYpAHbBFRfT6TdNdtTLSylZJKzaSqDqY95fVLH689FFy8Vk tHMhMYIBxjCCAcICAQEwbDBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu di1zYTETMBEGA1UECxMKQ2xhc3MgMSBDQTEeMBwGA1UEAxMVR2xvYmFsU2lnbiBDbGFzcyAx IENBAgsBAAAAAADi6OMbGjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTAwMTEyOTE5NTczMlowIwYJKoZIhvcNAQkEMRYEFCNNw5Ur 0BFBtNEWLb0o+ttBnG1jMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcN AwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3 DQEBAQUABIGAs1asy7VqyZOW9Qq/zwXeBkyQ0SpXsXWb/DEawHfIngfWRJBL2N/Q3wx7Dh3r 8MvFVvsYzBhK51bawmc5blTIM+YQvf98MbzwuGgUEKgRuVNSI97JGAs/yivNCfg7mxC/aGBf wqUxAwm65cziebYNn6NLuTRYLrF1Gr48RPhTAqo= --------------ms469E0EEB54E4B9A9F4A7A94F-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 12:28:43 2000 Delivered-To: freebsd-net@freebsd.org Received: from ams1.aignet.ro (ams1.aignet.ro [194.176.168.1]) by hub.freebsd.org (Postfix) with ESMTP id DAA2D37B404 for ; Wed, 29 Nov 2000 12:28:34 -0800 (PST) Received: from aignet.ro (mgmt.aignet.ro [194.176.168.4]) by ams1.aignet.ro (8.11.0/8.11.0) with ESMTP id eATLSVX05231 for ; Wed, 29 Nov 2000 23:28:31 +0200 Message-ID: <3A2566EC.3B6E6306@aignet.ro> Date: Wed, 29 Nov 2000 22:28:28 +0200 From: Mihai Claudiu Capatina X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-22 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: NGCTL Content-Type: multipart/alternative; boundary="------------F2B137D6110B3162BE62F2EB" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------F2B137D6110B3162BE62F2EB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Can somebody explain what is the "path" parameter in ngctl... I am trying to do something like : ngctl mkpeer fxp0: eiface divert ether ....and I get ngctl: send msg: No such file or directory.... Mick -- Mihai Claudiu Capatina Wireless Network Manager & Network Administrator AIG S.A. ( http://www.aignet.ro ) Phone : +40 95 102862 / +40 1 3102895 Fax : +40 1 3102896 --------------F2B137D6110B3162BE62F2EB Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi
Can somebody explain what is the "path" parameter in ngctl...
I am trying to do something like :
ngctl mkpeer fxp0: eiface divert ether
....and I get ngctl: send msg: No such file or directory....

Mick
 

-- 
Mihai Claudiu Capatina
Wireless Network Manager & Network Administrator

AIG S.A. ( http://www.aignet.ro )

Phone : +40 95 102862 / +40 1 3102895
Fax   : +40 1 3102896
  --------------F2B137D6110B3162BE62F2EB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 22:17: 4 2000 Delivered-To: freebsd-net@freebsd.org Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169]) by hub.freebsd.org (Postfix) with ESMTP id 88A4C37B400; Wed, 29 Nov 2000 22:16:54 -0800 (PST) Received: (from ken@localhost) by panzer.kdm.org (8.9.3/8.9.1) id XAA01540; Wed, 29 Nov 2000 23:16:53 -0700 (MST) (envelope-from ken) Date: Wed, 29 Nov 2000 23:16:53 -0700 From: "Kenneth D. Merry" To: arch@FreeBSD.org Cc: gallatin@FreeBSD.org Subject: zero copy code review Message-ID: <20001129231653.A1503@panzer.kdm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ -net and -current BCCed for wider coverage, this is probably best handled on -arch ] I would like to request reviews of the zero copy sockets and NFS code I've been posting about for months: http://people.FreeBSD.org/~ken/zero_copy There are diffs posted above against -current as of early November 28th, along with a FAQ, and change log. These diffs include changes in: - the socket code - NFS code - VM code - ti(4) driver - sendfile code Much of the code was written by Drew Gallatin , but I wrote a lot of the ti(4) driver mods and cleaned things up a fair bit. The code is stable, and I don't know of any bugs at the moment. I have run with it enabled on one of my main development boxes for months without any problems. The way things are currently configured, it is not turned on by default. You need two kernel options and a sysctl to turn it on. The zero copy NFS code can be turned on with gdb, although it might be better to make that into a sysctl. (I haven't played with the zero copy NFS code much, Drew has done much more with that.) How to turn the code on is covered in the web page, above. Anyway, I'd like to commit this code sometime next week, if no one comes up with any issues or problems. Comments, bug reports, etc., are welcome. Thanks! Ken -- Kenneth Merry ken@kdm.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 22:18: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2]) by hub.freebsd.org (Postfix) with ESMTP id CEC7837B402 for ; Wed, 29 Nov 2000 22:17:57 -0800 (PST) Received: from localhost (localhost [[UNIX: localhost]]) by phalse.2600.com (8.8.8/8.8.8) with ESMTP id BAA00198; Thu, 30 Nov 2000 01:17:56 -0500 (EST) Date: Thu, 30 Nov 2000 01:17:56 -0500 (EST) From: Dominick LaTrappe To: freebsd-net@freebsd.org Cc: Cy Schubert - ITSD Open Systems Group , Gerhard Sittig Subject: Re: filtering ipsec traffic (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm moving this thread from freebsd-security to freebsd-net, because this is where it belongs. Rather than forwarding a message, I'm going to re-state what we've been talking about as succinctly as possible. With KAME IPsec in transport mode, and packet filtering (ipfilter or ipfw), on FreeBSD 4, packets seem to be processed like: INPUT -> filters -> ipsec -> rest of ip stack rest of ipstack -> ipsec -> filters -> OUTPUT In this configuration, the transport-layer protocol appears to the filters as ESP(50) or AH(51). As such, the filters perform no inspection of the underlying transport's parameters -- such as TCP port or ICMP message type -- because they are encrypted, and/or because they are 'hidden' behind the AH header. This is a significant limitation. IIRC, the OpenBSD and FreeS/WAN implementations of IPsec present the same limitation to outside packet filters (ipfilter or ipchains), but compensate with their own packet-filtering options, which apply to a pre-IPsec'd (outbound) or de-IPsec'd (inbound) packet. KAME provides no such packet filtering. The only solution right now is to make each packet pass through two interfaces, once in its IPsec'd state, and once not, and perform packet filtering on both. This is natural with pipsecd or KAME tunnel mode, but not in KAME transport mode. The order of packet processing cannot just be changed to fix this, because NAT is part of filtering, and NAT has to happen before IPsec (other reasons anyone?). Perhaps two passes of packet filtering (pre-IPsec and post-IPsec) are appropriate as an option...? Or perhaps KAME transport mode just has this inherent limitation...? Help! ;-) ||| Dominick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Nov 29 22:40:45 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id A6B9537B401 for ; Wed, 29 Nov 2000 22:40:42 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id PAA20720; Thu, 30 Nov 2000 15:40:09 +0900 (JST) To: Dominick LaTrappe Cc: freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig In-reply-to: seraf's message of Thu, 30 Nov 2000 01:17:56 EST. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: filtering ipsec traffic (fwd) From: itojun@iijlab.net Date: Thu, 30 Nov 2000 15:40:09 +0900 Message-ID: <20718.975566409@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >The order of packet processing cannot just be changed to fix this, because >NAT is part of filtering, and NAT has to happen before IPsec (other >reasons anyone?). Perhaps two passes of packet filtering (pre-IPsec and >post-IPsec) are appropriate as an option...? Or perhaps KAME transport >mode just has this inherent limitation...? Help! ;-) basically, the problem is not that simple. - relationship between packet filters and tunelling some people would like to filter before decapsulation, some would like to do it after decapsulation - relationship between filters and encryption/authentication ditto. some wants to filter before decryption, some wants to filter after decryption. - NAT and filters - NAT and IPsec they are fundamentally unfriendly, I believe. there are couple of ways to make it better: - enhance packet filters so that we can differentiate between multiple filtering points (make it possible to specify "this filter should be applied here"). - integrate all packet-filter-like mechanism into one. make ipsec processing invoked via packet filter. this still leaves question regarding to NAT and some other mechanisms. again, there's no clear solution. some change may make you happy while it makes others unhappy. itojun@kame To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 1:41:13 2000 Delivered-To: freebsd-net@freebsd.org Received: from bjapp4.163.net (unknown [202.108.255.214]) by hub.freebsd.org (Postfix) with ESMTP id 501AE37B400 for ; Thu, 30 Nov 2000 01:41:10 -0800 (PST) Received: by bjapp4.163.net (Postfix, from userid 1005) id E3E421D47D402; Thu, 30 Nov 2000 17:40:14 +0800 (CST) MIME-Version: 1.0 Message-Id: <3A26207E.16096@bjapp4.163.net> Date: Thu, 30 Nov 2000 17:40:14 +0800 (CST) From: oscar@163.net To: freebsd-net@freebsd.org Subject: HELP!!! two modem and natd X-Priority: 3 X-Originating-IP: [61.130.54.73] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have two modem and two account from isp. I use freebsd as a server. my local LAN (192.168.0.1/24) is linked to Internet via my freebsd box(192.168.0.1) and I WANT same machine connect to Internet via modem1 and others via modem2. I use those commands: /sbin/ppp -nat -ddial modem1 /sbin/ppp -nat -ddial modem2 in ppp.conf I had add "add default HISADDR " to modem1 and not to modem2 /sbin/ifconfig -a tun0: flags=8051 mtu 1500 inet 61.130.54.73 --> 202.96.108.46 netmask 0xffffff00 Opened by PID 4450 tun1: flags=8010 mtu 1500 inet 61.130.62.76 --> 202.96.108.53 netmask 0xffffff00 Opened by PID 4480 /sbin/ipfw add 1000 fwd 202.96.108.53 ip from 192.168.0.3 to any /sbin/ipfw add 8000 allow ip from any to any this work well,the 192.168.0.3 connect to Internet via tun1's ip and other's use tun0's ip. only But when the 192.168.0.3 and other computer connect to same ip. (such as on a same chatroom,or download file from the same website) the other computer will got a Errer:the connect is reset. what's is it.and how can i resolve it ? I want to someone to help me. oscar oscar@163.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ¡°200¼ÒÁ¬ËøÍøÕ¾£¬ÈÃÑÛ¾¦³¢³¢ÏÊ¡± http://www.chinese.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 163µç×ÓÓʾ֣¬¸øÄú¸üÍêÃÀEmail·þÎñ£¡ http://www.163.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 2:28:35 2000 Delivered-To: freebsd-net@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id 80F5437B400 for ; Thu, 30 Nov 2000 02:28:33 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.0/ignatz) with ESMTP id eAUASMD30310; Thu, 30 Nov 2000 02:28:22 -0800 (PST) Date: Thu, 30 Nov 2000 02:28:22 -0800 (PST) From: "f.johan.beisser" To: itojun@iijlab.net Cc: Dominick LaTrappe , freebsd-net@FreeBSD.ORG, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig Subject: Re: filtering ipsec traffic (fwd) In-Reply-To: <20718.975566409@coconut.itojun.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000 itojun@iijlab.net wrote: > there are couple of ways to make it better: > - enhance packet filters so that we can differentiate between multiple > filtering points (make it possible to specify "this filter should > be applied here"). couldn't you just add a set of commands in IPFW to recognise IPSec packets? this may not work, right off the bat, since the packet has passed through the filterset already, but, i don't see why it couldn't be recognised right off hand.. 1. the IP packet comes in. 2. it passes through filterset A (NAT, etc) 3. the Packet either matches IPSec (AH/ESP flags are set) 4. if it matches, it is forwarded to filterset B. 5. packet now is set through alternate ruleset. this does slow things down a bit, but it allows for some more fine grained filtering. within IPFilter you can set match rules, i don't know how difficult it would be to set them to recognise IPSec packets. If you match this flag, then jump to rule set XXXX. i think that's about the best solution i can think of, at 2:30 in the morning.. tear it apart. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "Never laugh at someone until you've walked a mile in their shoes. Then laugh. For you are a mile away, and you have their shoes." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 3:51: 0 2000 Delivered-To: freebsd-net@freebsd.org Received: from hq1.tyfon.net (hq1.tyfon.net [213.212.29.17]) by hub.freebsd.org (Postfix) with ESMTP id 50E4837B400 for ; Thu, 30 Nov 2000 03:50:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 4A4D01C5CA for ; Thu, 30 Nov 2000 12:50:56 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 29D0B1C5C1 for ; Thu, 30 Nov 2000 12:50:53 +0100 (CET) Date: Thu, 30 Nov 2000 12:50:53 +0100 (CET) From: Dan Larsson To: freebsd-net@freebsd.org Subject: mpd-netgraph and samba Message-ID: Organization: Tyfon Svenska AB X-NCC-NIC: DL1999-RIPE X-NCC-RegID: se.tyfon MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by hq1.tyfon.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How can I use mpd's pptp facility to allow remote clients access to a internal samba server acting as a PDC for a M$ NT domain. The box with mpd-netgraph is a FreeBSD-4.2 STABLE machine. Theories/Ideas/Comments? Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 7: 2:17 2000 Delivered-To: freebsd-net@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id F365937B400 for ; Thu, 30 Nov 2000 07:02:13 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA21844; Thu, 30 Nov 2000 07:01:03 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21840; Thu Nov 30 07:00:48 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eAUF0fd07972; Thu, 30 Nov 2000 07:00:41 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdKt7970; Thu Nov 30 07:00:25 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id eAUF0Ol40955; Thu, 30 Nov 2000 07:00:24 -0800 (PST) Message-Id: <200011301500.eAUF0Ol40955@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdz40944; Thu Nov 30 07:00:09 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cy To: itojun@iijlab.net Cc: Dominick LaTrappe , freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig Subject: Re: filtering ipsec traffic (fwd) In-reply-to: Your message of "Thu, 30 Nov 2000 15:40:09 +0900." <20718.975566409@coconut.itojun.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 30 Nov 2000 07:00:09 -0800 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20718.975566409@coconut.itojun.org>, itojun@iijlab.net writes: > >The order of packet processing cannot just be changed to fix this, because > >NAT is part of filtering, and NAT has to happen before IPsec (other > >reasons anyone?). Perhaps two passes of packet filtering (pre-IPsec and > >post-IPsec) are appropriate as an option...? Or perhaps KAME transport > >mode just has this inherent limitation...? Help! ;-) > > basically, the problem is not that simple. > - relationship between packet filters and tunelling > some people would like to filter before decapsulation, > some would like to do it after decapsulation > - relationship between filters and encryption/authentication > ditto. some wants to filter before decryption, > some wants to filter after decryption. > - NAT and filters > - NAT and IPsec > they are fundamentally unfriendly, I believe. > > there are couple of ways to make it better: > - enhance packet filters so that we can differentiate between multiple > filtering points (make it possible to specify "this filter should > be applied here"). > - integrate all packet-filter-like mechanism into one. make ipsec > processing invoked via packet filter. this still leaves question > regarding to NAT and some other mechanisms. Could we just borrow a something from the pipsecd model? Pipsecd uses a tun device to present itself to system. A network that is associated via a pipsecd IPSec tunnel is defined in the routing table to route packets through the tun interface. Once packets enter the tun interface pipsecd encapsulates them and spits them out through the external interface. Packets coming back in go in reverse order. E.g., tun0 input ----> IPNAT/IPF/IPFW (out on tun0) ----> tun0 output ----> pipsecd ----> xl0 input ----> IPNAT/IPF/IPFW (out on xl0) ----> xl0 output ----> Internet ----> xl0 input ----> IPNAT/IPF/IPFW (in on xl0) ----> xl0 output ----> pipsecd ----> tun0 input ----> IPNAT/IPF/IPFW (in on tun0) ----> tun0 output Now all I need to do is add entries to my routing table defining the remote pipsecd gateway as a router for packets destined for a the specified networks. In the above example I perform NAT to translate my ARPA addresses at home not only to the outside world but also to my pipsecd gateway at work, so packets destined for my employers network get encapsulated and are NATted twice. NAT works in this double NAT situation, however IP Filter's FTP proxy does not, but considering what the packets have to go through to get there I'm happy without the FTP proxy in this case. I have placed my network at home directly on my employers network at one time using an IP alias on my pipsecd/NAT box at work with an IP Filter bimap, however I got all of the broadcasts from my employers routers as well. Without the bimap my network at home is further insulated from my employer's network mitigating my personal exposure in case of anything unfortunate happening there. My point being that what I've described above is extremely flexible. All in all, this approach has been quite successful for me. > > again, there's no clear solution. some change may make you happy > while it makes others unhappy. > > itojun@kame I suppose a simple IP over IP tunnel over the IPSec tunnel implemented using ip-tun from the ports collection might add the extra interface on which to build another packet filter on, similar to the pipsecd approach I described above. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 7:32:40 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 1531737B402 for ; Thu, 30 Nov 2000 07:32:36 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id AAA26652; Fri, 1 Dec 2000 00:31:12 +0900 (JST) To: Cy Schubert - ITSD Open Systems Group Cc: Dominick LaTrappe , freebsd-net@freebsd.org, Gerhard Sittig In-reply-to: Cy.Schubert's message of Thu, 30 Nov 2000 07:00:09 PST. <200011301500.eAUF0Ol40955@cwsys.cwsent.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: filtering ipsec traffic (fwd) From: itojun@iijlab.net Date: Fri, 01 Dec 2000 00:31:12 +0900 Message-ID: <26650.975598272@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Could we just borrow a something from the pipsecd model? Pipsecd uses >a tun device to present itself to system. A network that is associated >via a pipsecd IPSec tunnel is defined in the routing table to route >packets through the tun interface. Once packets enter the tun >interface pipsecd encapsulates them and spits them out through the >external interface. Packets coming back in go in reverse order. E.g., from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra interface like tun0. IPv6 has scoped address, and if we add extra interface in IP stack we will change the address semantics. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 8: 7:55 2000 Delivered-To: freebsd-net@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 61B2537B698 for ; Thu, 30 Nov 2000 08:07:51 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA22298; Thu, 30 Nov 2000 08:06:28 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda22296; Thu Nov 30 08:06:09 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eAUG63o08298; Thu, 30 Nov 2000 08:06:03 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdzL8290; Thu Nov 30 08:05:26 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id eAUG5PL41238; Thu, 30 Nov 2000 08:05:25 -0800 (PST) Message-Id: <200011301605.eAUG5PL41238@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdr41234; Thu Nov 30 08:05:22 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cy To: itojun@iijlab.net Cc: Cy Schubert - ITSD Open Systems Group , Dominick LaTrappe , freebsd-net@freebsd.org, Gerhard Sittig Subject: Re: filtering ipsec traffic (fwd) In-reply-to: Your message of "Fri, 01 Dec 2000 00:31:12 +0900." <26650.975598272@coconut.itojun.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 30 Nov 2000 08:05:21 -0800 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <26650.975598272@coconut.itojun.org>, itojun@iijlab.net writes: > >Could we just borrow a something from the pipsecd model? Pipsecd uses > >a tun device to present itself to system. A network that is associated > >via a pipsecd IPSec tunnel is defined in the routing table to route > >packets through the tun interface. Once packets enter the tun > >interface pipsecd encapsulates them and spits them out through the > >external interface. Packets coming back in go in reverse order. E.g., > > from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra > interface like tun0. IPv6 has scoped address, and if we add extra > interface in IP stack we will change the address semantics. Then only solutions I can think of is to have IPF/IPFW inspect the packets before and after they are encapsulated/decapsulated or IP-IP tunnelling within the IPSec tunnel. Given your prior comments in this thread, an IP-IP tunnel which uses tun(4) will give IPv4 users some additional functionality without having to re-engineer the IPv6 stack. Of course this will once again become an issue once the whole world goes IPv6 or for current IPv6 users. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 8:23:27 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.interware.hu (mail.interware.hu [195.70.32.130]) by hub.freebsd.org (Postfix) with ESMTP id 7CEC037B401 for ; Thu, 30 Nov 2000 08:23:24 -0800 (PST) Received: from luanda-16.budapest.interware.hu ([195.70.51.16] helo=elischer.org) by mail.interware.hu with esmtp (Exim 3.16 #1 (Debian)) id 141WUS-0001y8-00; Thu, 30 Nov 2000 17:23:20 +0100 Message-ID: <3A265EBC.225C1241@elischer.org> Date: Thu, 30 Nov 2000 06:05:48 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: Dan Larsson Cc: freebsd-net@freebsd.org Subject: Re: mpd-netgraph and samba References: Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dan Larsson wrote: > > How can I use mpd's pptp facility to allow remote clients access > to a internal samba server acting as a PDC for a M$ NT domain. > > The box with mpd-netgraph is a FreeBSD-4.2 STABLE machine. mpd as a server can supply the address of the microsoft namserver to any clients that ask for the inflormation. You'll have to talk to archie to get more detailed information. > > Theories/Ideas/Comments? > > Regards > +------ > Dan Larsson | Tel: +46 8 550 120 21 > Tyfon Svenska AB | Fax: +46 8 550 120 02 > GPG and PGP keys | finger dl@hq1.tyfon.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ---> X_.---._/ presently in: Budapest v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 8:46:55 2000 Delivered-To: freebsd-net@freebsd.org Received: from hq1.tyfon.net (hq1.tyfon.net [213.212.29.17]) by hub.freebsd.org (Postfix) with ESMTP id D004037B400 for ; Thu, 30 Nov 2000 08:46:52 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 0782B1C5C7 for ; Thu, 30 Nov 2000 17:46:51 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id C269F1C5C1 for ; Thu, 30 Nov 2000 17:46:47 +0100 (CET) Date: Thu, 30 Nov 2000 17:46:47 +0100 (CET) From: Dan Larsson To: freebsd-net@freebsd.org Subject: mpd-netgraph authentication Message-ID: Organization: Tyfon Svenska AB X-NCC-NIC: DL1999-RIPE X-NCC-RegID: se.tyfon MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by hq1.tyfon.net Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are there any patches for mpd-netgraph v3.2 out there that allows it to authenticate users against local accounts? (That is like the asterisk (*) feature of ppp.secret) Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 12: 0:51 2000 Delivered-To: freebsd-net@freebsd.org Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2]) by hub.freebsd.org (Postfix) with ESMTP id 7652037B400 for ; Thu, 30 Nov 2000 12:00:48 -0800 (PST) Received: from localhost (localhost [[UNIX: localhost]]) by phalse.2600.com (8.8.8/8.8.8) with ESMTP id PAA08800; Thu, 30 Nov 2000 15:00:29 -0500 (EST) Date: Thu, 30 Nov 2000 15:00:29 -0500 (EST) From: Dominick LaTrappe To: itojun@iijlab.net Cc: freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig Subject: Re: filtering ipsec traffic (fwd) In-Reply-To: <26650.975598272@coconut.itojun.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 1 Dec 2000 itojun@iijlab.net wrote: > from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra > interface like tun0. IPv6 has scoped address, and if we add extra > interface in IP stack we will change the address semantics. I take this to mean that in KAME an IPv6 address's scope cannot span multiple interfaces, which is in itself a big limitation that will prevent a lot of code from being IPv6-enabled. Given that, I think a sysctl like net.inet.ipsec.filter would be a good solution -- to cause a pass over the filter rules to be called from inside KAME, when the packet is in its non-IPsec state. Address scope will be preserved because no additional interface is required. If the rules are written efficiently (with groups or skipto's to distinguish between IPsec and non-IPsec packets), the overhead will be little -- certainly no more than filtering built-into other IPsec implementations. Alternatively, this could be introduced as an SPD flag. So far, just one limitation comes to mind, which is that the packet filters cannot discriminate between a naturally non-IPsec packet, and a non-IPsec packet which 'was' or 'will be' an IPsec one. I don't think this is a big problem though. ||| Dominick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 13:12:20 2000 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id DF1B437B400 for ; Thu, 30 Nov 2000 13:12:15 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.1/8.11.1) with ESMTP id eAUL6r818447; Thu, 30 Nov 2000 21:06:53 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eAUL8oD97226; Thu, 30 Nov 2000 21:08:50 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200011302108.eAUL8oD97226@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Andrea Venturoli Cc: freebsd-net@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: ppp server & windows In-Reply-To: Message from Andrea Venturoli of "Wed, 29 Nov 2000 08:26:32 EST." <200011290726.eAT7QY115055@relay.flashnet.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 30 Nov 2000 21:08:50 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I believe this is fixed in -current. If you're not in a position to upgrade ppp, figure out what CCP compression you're using and explicitly disable all others. I suspect this means you're using predictor 1 and have deflate enabled (the default), so try disable deflate deny deflate Hopefully this'll make the problem go away ! > Hello. > I set up a ppp server on a 4.1.1-R system; the modem answers correctly, but when I try > connecting from a Windows (both 98 and 2000) machine they can't agree on the connection > parameters. > I get the following in /var/log/ppp.log: > > Phase: Using interface: tun1 > Phase: deflink: Created in closed state > Phase: PPP Started (direct mode). > Phase: bundle: Establish > Phase: deflink: closed -> opening > Phase: deflink: Connected! > Phase: deflink: opening -> carrier > Phase: deflink: carrier -> lcp > Phase: Unknown protocol 0x007d (reserved (Control Escape)) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x007d (reserved (Control Escape)) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x007d (reserved (Control Escape)) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x007d (reserved (Control Escape)) > Phase: Unknown protocol 0x7eff (unrecognised protocol) > Phase: Unknown protocol 0x2275 (unrecognised protocol) > Phase: deflink: Disconnected! > Phase: deflink: Connect time: 16 secs: 328 octets in, 543 octets out > Phase: deflink: : 12 packets in, 17 packets out > Phase: total 54 bytes/sec, peak 97 bytes/sec on Fri Nov 24 20:23:03 2000 > Phase: deflink: lcp -> closed > Phase: bundle: Dead > Phase: PPP Terminated (normal). > > > Any one has any idea on what's going on? > I tried searching the Internet for info on how to make a Win machine connect to a UNIX one, > but wasn't lucky. If anyone has such a pointer, I'd be glad to know. > > Bye & Thanks > av. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 14:19:10 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.flashnet.it (ems.flashnet.it [194.247.160.44]) by hub.freebsd.org (Postfix) with ESMTP id BD73437B402 for ; Thu, 30 Nov 2000 14:19:07 -0800 (PST) Received: from smtp.flashnet.it (ip043.pool-173.cyb.it [195.191.181.44]) by relay.flashnet.it (EMS-RELAY/8.10.0) with SMTP id eAUMJ5n11538 for ; Thu, 30 Nov 2000 23:19:05 +0100 Message-Id: <200011302219.eAUMJ5n11538@relay.flashnet.it> To: freebsd-net@freebsd.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 30 Nov 2000 23:19:09 EST From: Andrea Venturoli Subject: ppp filters Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Routing note from: Andrea Venturoli 11/25/00 04:20pm Hello. I'd like to have ppp work in auto mode; however I'd like to control exactly when it should dial-up or hang, so I put the following in /etc/ppp/ppp.conf: set filter dial 0 permit udp dst eq 8081 set filter alive 0 permit udp dst eq 8081 set filter out 0 deny udp dst eq 8081 set filter out 1 permit 0 0 set timeout 30 set mode auto Then I wrote a small program that sends every 10 seconds an UDP packet to port 8081 to an host outside my network. When I start up this program ppp dials (as I expect), however blocking the packet with the "out" filter prevents it from keeping the connection alive. Is there a way to correct whis? Bye & Thanks av. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 14:19:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.flashnet.it (ems.flashnet.it [194.247.160.44]) by hub.freebsd.org (Postfix) with ESMTP id EEB5437B699 for ; Thu, 30 Nov 2000 14:19:10 -0800 (PST) Received: from smtp.flashnet.it (ip043.pool-173.cyb.it [195.191.181.44]) by relay.flashnet.it (EMS-RELAY/8.10.0) with SMTP id eAUMJ2n11526 for ; Thu, 30 Nov 2000 23:19:02 +0100 Message-Id: <200011302219.eAUMJ2n11526@relay.flashnet.it> To: freebsd-net@freebsd.org X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 30 Nov 2000 23:19:04 EST From: Andrea Venturoli Reply-To: Andrea Venturoli Subject: ppp server help Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm trying to set up a ppp server on a 4.1.1-R system; the modem answers correctly, but I get the following in /var/log/ppp.log: Phase: Using interface: tun1 tun1: Phase: PPP Started (direct mode). tun1: Debug: Select changes time: no tun1: Phase: bundle: Establish tun1: Phase: deflink: closed -> opening tun1: Debug: deflink: Input is a tty (/dev/ttyd2) tun1: Debug: deflink: tty_Create: physical (get): fd = 0, iflag = 0, oflag = 6, cflag = 34b00 tun1: Debug: deflink: physical (put): iflag = 201, oflag = 6, cflag = 3cb00 tun1: Phase: deflink: Connected! tun1: Phase: deflink: opening -> carrier tun1: Debug: deflink: Entering tty_Raw tun1: Phase: deflink: carrier -> lcp tun1: LCP: FSM: Using "deflink" as a transport tun1: LCP: deflink: State change Initial --> Closed tun1: LCP: deflink: State change Closed --> Stopped tun1: Physical: read tun1: Physical: 7d 21 7d 21 7d 20 7d 37 7d 22 7d 26 7d 20 7d 2a }!}!} }7}"}&} }* tun1: Physical: 7d 20 7d 20 7d 25 7d 26 7d 20 7d 39 b6 74 7d 27 } } }%}&} }9.t}' tun1: Physical: 7d 22 7d 28 7d 22 7d 2d 7d 23 7d 26 d8 ff 7e }"}(}"}-}#}&..~ tun1: Debug: deflink: DescriptorRead: read 47/2048 from 0 tun1: Sync: Read tun1: Sync: 7d 21 7d 21 7d 20 7d 37 7d 22 7d 26 7d 20 7d 2a }!}!} }7}"}&} }* tun1: Sync: 7d 20 7d 20 7d 25 7d 26 7d 20 7d 39 b6 74 7d 27 } } }%}&} }9.t}' tun1: Sync: 7d 22 7d 28 7d 22 7d 2d 7d 23 7d 26 d8 ff 7e }"}(}"}-}#}&..~ tun1: Debug: proto_LayerPull: unknown -> 0x007d tun1: Debug: link_PullPacket: Despatch proto 0x007d tun1: Phase: Unknown protocol 0x007d (reserved (Control Escape)) tun1: LCP: deflink: SendProtocolRej(1) state = Stopped tun1: Debug: fsm_Output tun1: Debug: 08 01 00 34 00 7d 21 7d 21 7d 20 7d 37 7d 22 7d ...4.}!}!} }7}"} tun1: Debug: 26 7d 20 7d 2a 7d 20 7d 20 7d 25 7d 26 7d 20 7d &} }*} } }%}&} } tun1: Debug: 39 b6 74 7d 27 7d 22 7d 28 7d 22 7d 2d 7d 23 7d 9.t}'}"}(}"}-}#} tun1: Debug: 26 d8 ff 7e &..~ tun1: Debug: proto_LayerPush: Using 0xc021 tun1: Sync: Write tun1: Sync: ff 03 c0 21 08 01 00 34 00 7d 21 7d 21 7d 20 7d ...!...4.}!}!} } tun1: Sync: 37 7d 22 7d 26 7d 20 7d 2a 7d 20 7d 20 7d 25 7d 7}"}&} }*} } }%} tun1: Sync: 26 7d 20 7d 39 b6 74 7d 27 7d 22 7d 28 7d 22 7d &} }9.t}'}"}(}"} tun1: Sync: 2d 7d 23 7d 26 d8 ff 7e -}#}&..~ tun1: Debug: link_PushPacket: Transmit proto 0xc021 tun1: Debug: m_enqueue: len = 1 tun1: Debug: m_dequeue: queue len = 1 .. and so on. Obviously no connection can get established. I've also tried different clients, but the result is roughly the same. Can anyone help me? Bye & Thanks av. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 14:47:20 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.flashnet.it (ems.flashnet.it [194.247.160.44]) by hub.freebsd.org (Postfix) with ESMTP id 81DF037B400 for ; Thu, 30 Nov 2000 14:47:18 -0800 (PST) Received: from smtp.flashnet.it (ip043.pool-173.cyb.it [195.191.181.44]) by relay.flashnet.it (EMS-RELAY/8.10.0) with SMTP id eAUMlFn18912 for ; Thu, 30 Nov 2000 23:47:16 +0100 Message-Id: <200011302247.eAUMlFn18912@relay.flashnet.it> To: freebsd-net@FreeBSD.ORG X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Thu, 30 Nov 2000 23:47:19 EST From: Andrea Venturoli Reply-To: Andrea Venturoli Subject: Re: ppp server & windows Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ** Reply to note from Brian Somers Thu, 30 Nov 2000 21:08:50 +0000 > I believe this is fixed in -current. If you're not in a position to > upgrade ppp, figure out what CCP compression you're using and > explicitly disable all others. I suspect this means you're using > predictor 1 and have deflate enabled (the default), so try > > disable deflate > deny deflate > > Hopefully this'll make the problem go away ! No, it didn't. I think the problem is on a lower level: I suspect, in fact, that the serial link might not be set up correctly, however, it works if I dial in with a terminal. I've found out the problem arises also with other clients and I resent my message to the list with more detailed logs. Thanks a lot Andrea Venturoli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 16:34:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 91F2737B402 for ; Thu, 30 Nov 2000 16:34:10 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id JAA03713; Fri, 1 Dec 2000 09:33:59 +0900 (JST) To: Dominick LaTrappe Cc: freebsd-net@freebsd.org, Cy Schubert - ITSD Open Systems Group , Gerhard Sittig In-reply-to: seraf's message of Thu, 30 Nov 2000 15:00:29 EST. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: filtering ipsec traffic (fwd) From: itojun@iijlab.net Date: Fri, 01 Dec 2000 09:33:59 +0900 Message-ID: <3711.975630839@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra >> interface like tun0. IPv6 has scoped address, and if we add extra >> interface in IP stack we will change the address semantics. >I take this to mean that in KAME an IPv6 address's scope cannot span >multiple interfaces, which is in itself a big limitation that will prevent >a lot of code from being IPv6-enabled. yes, spec-wise, scope can span across multiple interfaces. i know of no "link can span across multiple interface" implementation to date. "scope across multiple interfaces" does not really help you in this story. if you have multiple ethernet cards (under different scope) and single tunnelling device for ipsec (let us assume that it has its own scope), you aggregate traffic from two different scopes into single scope. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 16:57:40 2000 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 3F4C537B400 for ; Thu, 30 Nov 2000 16:57:36 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.1/8.11.1) with ESMTP id eB10tR819838; Fri, 1 Dec 2000 00:55:27 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eB10vLD23149; Fri, 1 Dec 2000 00:57:21 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200012010057.eB10vLD23149@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Andrea Venturoli Cc: freebsd-net@FreeBSD.org, brian@Awfulhak.org Subject: Re: ppp server & windows In-Reply-To: Message from Andrea Venturoli of "Thu, 30 Nov 2000 23:47:19 EST." <200011302247.eAUMlFn18912@relay.flashnet.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Dec 2000 00:57:21 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, If your modem is using software flow control, you may need set crtscts off set accmap 000a0000 in your config, but this isn't ideal. You're better off using hardware flow control if at all possible. > ** Reply to note from Brian Somers Thu, 30 Nov 2000 21:08:50 +0000 > > > > I believe this is fixed in -current. If you're not in a position to > > upgrade ppp, figure out what CCP compression you're using and > > explicitly disable all others. I suspect this means you're using > > predictor 1 and have deflate enabled (the default), so try > > > > disable deflate > > deny deflate > > > > Hopefully this'll make the problem go away ! > > No, it didn't. I think the problem is on a lower level: I suspect, in fact, that the serial > link might not be set up correctly, however, it works if I dial in with a terminal. > I've found out the problem arises also with other clients and I resent my message to the > list with more detailed logs. > > Thanks a lot > Andrea Venturoli -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 16:58: 3 2000 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id DA31037B699 for ; Thu, 30 Nov 2000 16:57:52 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.1/8.11.1) with ESMTP id eB10s2819821; Fri, 1 Dec 2000 00:54:02 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eB10ttD23111; Fri, 1 Dec 2000 00:55:55 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200012010055.eB10ttD23111@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Andrea Venturoli Cc: freebsd-net@FreeBSD.org, brian@Awfulhak.org Subject: Re: ppp filters In-Reply-To: Message from Andrea Venturoli of "Thu, 30 Nov 2000 23:19:09 EST." <200011302219.eAUMJ5n11538@relay.flashnet.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Dec 2000 00:55:54 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, If the aim is to have a program that actively keeps the connection alive without sending anything, I'd advise using ``set server'' (perhaps ``set server /tmp/mysocket "" 0177'' to listen for diagnostic connections and have a program/script that does pppctl /tmp/mysocket set timeout 30 as setting the timeout value will also reset the idle timer. > Routing note from: Andrea Venturoli 11/25/00 04:20pm > > Hello. > I'd like to have ppp work in auto mode; however I'd like to control exactly when it should > dial-up or hang, so I put the following in /etc/ppp/ppp.conf: > > set filter dial 0 permit udp dst eq 8081 > set filter alive 0 permit udp dst eq 8081 > set filter out 0 deny udp dst eq 8081 > set filter out 1 permit 0 0 > set timeout 30 > set mode auto > > > Then I wrote a small program that sends every 10 seconds an UDP packet to port 8081 to an > host outside my network. > When I start up this program ppp dials (as I expect), however blocking the packet with the > "out" filter prevents it from keeping the connection alive. > Is there a way to correct whis? > > Bye & Thanks > av. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Nov 30 19:16:47 2000 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id B9CE637B400 for ; Thu, 30 Nov 2000 19:16:45 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id TAA26485; Thu, 30 Nov 2000 19:16:42 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id eB13Gff94348; Thu, 30 Nov 2000 19:16:41 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200012010316.eB13Gff94348@curve.dellroad.org> Subject: Re: New Protocol over Ethernet In-Reply-To: <3A255FAC.75400D44@nu.cuk.nu> "from Marko Cuk at Nov 29, 2000 08:57:32 pm" To: Marko Cuk Date: Thu, 30 Nov 2000 19:16:41 -0800 (PST) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Marko Cuk writes: > Or, how to "merge" two 100Mbit ethernets to achieve 200Mbit/s ?? See ng_one2many(4) for an example.. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 1 5:36:37 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay2.flashnet.it (libra.cyb.it [212.11.95.209]) by hub.freebsd.org (Postfix) with ESMTP id 2AEF137B400 for ; Fri, 1 Dec 2000 05:36:34 -0800 (PST) Received: from smtp.flashnet.it (ip173.pool-173.cyb.it [195.191.181.174]) by relay2.flashnet.it (EMS-RELAY/8.10.0) with SMTP id eB1DaVD12353 for ; Fri, 1 Dec 2000 14:36:32 +0100 Message-Id: <200012011336.eB1DaVD12353@relay2.flashnet.it> To: freebsd-net@FreeBSD.ORG X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0) Date: Fri, 1 Dec 2000 14:36:30 EST From: Andrea Venturoli Reply-To: Andrea Venturoli Subject: Re: ppp server & windows Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ** Reply to note from Brian Somers Fri, 01 Dec 2000 00:57:21 +0000 > If your modem is using software flow control, you may need > > set crtscts off > set accmap 000a0000 This is not it. > in your config, but this isn't ideal. You're better off using > hardware flow control if at all possible. I think I am. Thanks a lot anyway av. cc: freebsd-net@FreeBSD.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 1 6:25:43 2000 Delivered-To: freebsd-net@freebsd.org Received: from osku.suutari.iki.fi (osku.syncrontech.com [213.28.98.4]) by hub.freebsd.org (Postfix) with ESMTP id 4101337B400 for ; Fri, 1 Dec 2000 06:25:40 -0800 (PST) Received: from coffee (adsl-nat.syncrontech.com [213.28.98.3]) by osku.suutari.iki.fi (8.9.3/8.9.3) with SMTP id QAA70071 for ; Fri, 1 Dec 2000 16:25:38 +0200 (EET) (envelope-from ari@suutari.iki.fi) Message-ID: <006901c05ba2$93d715b0$0e05a8c0@intranet.syncrontech.com> From: "Ari Suutari" To: Subject: Re: filtering ipsec traffic (fwd) Date: Fri, 1 Dec 2000 16:25:38 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > > So far, just one limitation comes to mind, which is that the packet > filters cannot discriminate between a naturally non-IPsec packet, and a > non-IPsec packet which 'was' or 'will be' an IPsec one. I don't think > this is a big problem though. > But what if we are running in IPsec tunnel mode ? For example, I could use an IPsec tunnel to connect two 192.168.x.x networks together. In such setup, I would allow IPsec packets between tunnel endpoints and packets between 192.168.x.x networks but *only* if they are coming from the tunnel. Last time I tried that adding on 'ipfw pass any from 192.168.x.x .....' also allowed non-ipsec traffic between these nodes. This is a security hole, which allows someone to send packets with spoofed source address to your system. Ari S. -- Ari Suutari Lemi, Finland To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Dec 1 8: 2:19 2000 Delivered-To: freebsd-net@freebsd.org Received: from gatekeeper.streamflo.com (gatekeeper.streamflo.com [204.209.251.6]) by hub.freebsd.org (Postfix) with ESMTP id 4E9ED37B400; Fri, 1 Dec 2000 08:02:13 -0800 (PST) Received: by gatekeeper.streamflo.com (8.9.3) id JAA35944; Fri, 1 Dec 2000 09:01:56 -0700 (MST) Received: from gatekeeper.streamflo.com by gatekeeper.streamflo.com via SMTP id xma035936; Fri, 1 Dec 00 09:01:29 -0700 Received: from mailhub.streamflo.com by mailhub.streamflo.com id eB1G1Ta38119; Fri, 1 Dec 2000 09:01:29 -0700 (MST) From: "Craig W. Penner" Organization: Stream-Flo Industries Ltd. To: Jim Flowers Date: Fri, 1 Dec 2000 09:01:10 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: SKIP port on 4.x (prize offer) Reply-To: cpenner@streamflo.com Cc: Archie Cobbs , freebsd-questions@freebsd.org, freebsd-net@freebsd.org Message-ID: <3A2768D6.19178.87E3A26@localhost> References: <200011301942.eAUJgcK92874@curve.dellroad.org> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jim, > What about it? Anyone with skills in this area interested in figuring > out what changed between 4.1 and 4.1.1 probably in the crypto changes > that prevents the MD5 authentication of a skip partner. I spent a couple of hours yesterday looking at the code, and while my C skills are a little rusty, here's how it looks to me: 1. SKIP contains its own built-in crypto functions, including its own MD5 routines. It doesn't appear to link against any of the system crypto libraries, and I don't think there's any chance of it using the wrong md5.h header file (most of SKIP's own MD5 functions are named slightly differently than the OS versions). So I don't think SKIP's brokenness results from changes in the FreeBSD crypto stuff (at least not directly). 2. A 4.2-STABLE SKIP kernel still properly signs outgoing packets, because they are correctly authenticated when received as incoming packets on a pre-4.1.1 system. 3. The problem appears to be with incoming packets on post 4.1-RELEASE systems. Is it possible that incoming packets are being changed slightly before SKIP gets a chance to process them, thereby causing a failure in the MD5 authentication? SKIP appears to ignore the ip_sum, ip_ttl, ip_tos and ip_off fields in the IP header when signing and authenticating packets, presumably because these fields are expected to change; is there some other field in an IP packet that now falls into this same category that didn't before? Maybe something related to IP options processing? (Now I'm totally guessing.) At this point, if I had to guess, I would guess that the problem is that the FreeBSD TCP/IP stack changed in some very subtle way with respect to incoming packets only. By looking at the CVS logs, it appears that there were some changes made during the time between 4.1-RELEASE and 4.1.1-RELEASE to the way IP packets are processed, but nothing that looks to my untrained eye to be obviously problematic. Unfortunately, I don't know enough about SKIP's internals, kernel networking internals, or how SKIP and the TCP/IP stack interact to go any further with this. Maybe I'm way off-base, but I thought I'd throw this out there in case it helps to point someone in the right direction. If I'm totally out to lunch, just disregard everything I've said. Regards, Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 12: 4:17 2000 Delivered-To: freebsd-net@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id ABA2137B401 for ; Sat, 2 Dec 2000 12:04:13 -0800 (PST) Received: (qmail 8181 invoked by uid 1000); 2 Dec 2000 20:04:12 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 2 Dec 2000 20:04:12 -0000 Date: Sat, 2 Dec 2000 14:04:12 -0600 (CST) From: Mike Silbersack To: net@freebsd.org Subject: Re: kern/23240: Proposed enhancement to icmp/rst rate limiting code in verbosity and functionality (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've now filed a PR for the enhanced rst/icmp rate limiting patch I posted here a few weeks ago. It has passed my testing, and a quick review by green / bosko. I'd appreciate it if someone could perform a final review and get it committed. Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 2 Dec 2000 12:00:02 -0800 (PST) From: gnats-admin@FreeBSD.org To: silby@silby.com Subject: Re: kern/23240: Proposed enhancement to icmp/rst rate limiting code in verbosity and functionality Thank you very much for your problem report. It has the internal identification `kern/23240'. The individual assigned to look at your report is: freebsd-bugs. You can access the state of your problem report at any time via this link: http://www.freebsd.org/cgi/query-pr.cgi?pr=23240 >Category: kern >Responsible: freebsd-bugs >Synopsis: Proposed enhancement to icmp/rst rate limiting code in verbosity and functionality >Arrival-Date: Sat Dec 02 12:00:02 PST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 12:11:54 2000 Delivered-To: freebsd-net@freebsd.org Received: from haali.cs.msu.ru (haali.po.cs.msu.su [158.250.16.1]) by hub.freebsd.org (Postfix) with ESMTP id 30EDF37B401 for ; Sat, 2 Dec 2000 12:11:51 -0800 (PST) Received: (from mike@localhost) by haali.cs.msu.ru (8.9.3/8.9.3) id XAA04096 for freebsd-net@FreeBSD.ORG; Sat, 2 Dec 2000 23:11:39 +0300 (MSK) (envelope-from mike) Date: Sat, 2 Dec 2000 23:11:39 +0300 From: "Mike E. Matsnev" To: freebsd-net@FreeBSD.ORG Subject: TCP sockets connecting to tmeselves Message-ID: <20001202231139.A4050@haali.cs.msu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While developing an application on linux we discovered that sometimes a tcp socket would connect to itself on the localhost without any listen calls. I checked this on different systems and found out that solaris, tru64 and win2k don't connect the socket to itself, while freebsd and linux exhibit such strange behaviour. I searched the PR database and found the pr (kern/10826), describing this very problem. The PR was closed with the words that it's ok and doesnt break anything. But this feature is actually annoying because sometimes we want to connect to a server (it can also be localhost), and sometimes when the imlicit bind() chooses a port number that we want to connect to, the connection succeeds even when there is no server running. The socket appears to be connected to itself. Currently we have to do getsockname()+getpeername() after each connect and check that the addresses are different. Can we change this behaviour to disallow connects to the same socket on localhost when bind() is done implicitly by connect()? Currently i don't see any way to use the feature, even if it is specified in some rfc. Also what rfc specifies this strange behaviour? I looked through rfc793 and didnt find any info about "symmetric opens". I also tried tcpdump -i lo0, and saw only 2 packets exchanged: one SYN and one ACK, no SYN+ACK was sent. /Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 13:10: 6 2000 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id CDB8337B400 for ; Sat, 2 Dec 2000 13:10:02 -0800 (PST) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.1/8.11.0) with ESMTP id eB2L9p580245; Sat, 2 Dec 2000 16:09:51 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200012022109.eB2L9p580245@whizzo.transsys.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: "Mike E. Matsnev" Cc: freebsd-net@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: TCP sockets connecting to tmeselves References: <20001202231139.A4050@haali.cs.msu.ru> In-reply-to: Your message of "Sat, 02 Dec 2000 23:11:39 +0300." <20001202231139.A4050@haali.cs.msu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 02 Dec 2000 16:09:51 -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The TCP protocol spec specifically allows for simultaneous opens. That is, both connection endpoints can start the TCP state machine in SYN-SENT state and neither starting in LISTEN state. The behavior that you're seeing is an effect of that. 20 years ago, there were a number of "ECHO" hosts on the ARPANET at the time; all these things did was swap the IP source and destination addresses, and send the packet back at you. I was a hand way to test (then new) TCP protocol implementations without needing another host. > Also what rfc specifies this strange behaviour? I looked through rfc793 and didnt > find any info about "symmetric opens". I also tried tcpdump -i lo0, and saw only > 2 packets exchanged: one SYN and one ACK, no SYN+ACK was sent. So the SYN was sent, and an ACK returned for the SYN. Since both "ends" are the same, that's all you need. As far as the TCP stack is concerned, it's SYN has been acked, and the connection is open. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 17:29: 3 2000 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id C33B737B6A4 for ; Sat, 2 Dec 2000 17:28:58 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id RAA39728; Sat, 2 Dec 2000 17:28:58 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id eB31SvK03188; Sat, 2 Dec 2000 17:28:57 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200012030128.eB31SvK03188@curve.dellroad.org> Subject: Re: mpd-netgraph and samba In-Reply-To: <3A265EBC.225C1241@elischer.org> "from Julian Elischer at Nov 30, 2000 06:05:48 am" To: Julian Elischer Date: Sat, 2 Dec 2000 17:28:56 -0800 (PST) Cc: Dan Larsson , freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Julian Elischer writes: > > How can I use mpd's pptp facility to allow remote clients access > > to a internal samba server acting as a PDC for a M$ NT domain. > > > > The box with mpd-netgraph is a FreeBSD-4.2 STABLE machine. > > mpd as a server can supply the address of the microsoft namserver > to any clients that ask for the inflormation. > You'll have to talk to archie to get more detailed information. Right.. use the "set ipcp nbns ..." command. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 21:29:54 2000 Delivered-To: freebsd-net@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 7847C37B400 for ; Sat, 2 Dec 2000 21:29:51 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id eB35ToB424446 for ; Sun, 3 Dec 2000 00:29:50 -0500 (EST) Received: from enigma ([198.82.102.76]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G4Z004IB8LOZ3@gkar.cc.vt.edu> for freebsd-net@freebsd.org; Sun, 3 Dec 2000 00:29:49 -0500 (EST) Date: Sun, 03 Dec 2000 00:29:49 -0500 From: George Morgan Subject: Problems with SMC tx driver?? To: freebsd-net@freebsd.org Message-id: <3A2993FD.5852.DC59E9@localhost> MIME-version: 1.0 X-Mailer: Pegasus Mail for Win32 (v3.12c) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just installed FreeBSD 4.2 Release on my brother's computer with a working SMC 9432TX PCI ethernet adapter. When the adapter is probed a message is given that indicates that the kernel could not allocate the memory/resources for this device. Please let me know what I can do to debug this problem. Thanks. George Morgan Virginia Tech Electrical Engineering Class of 2000! (Graduating in 2001, Co-op) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Dec 2 22:26:59 2000 Delivered-To: freebsd-net@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 0CE9D37B400 for ; Sat, 2 Dec 2000 22:26:58 -0800 (PST) Received: (qmail 8659 invoked by uid 1000); 3 Dec 2000 06:26:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Dec 2000 06:26:56 -0000 Date: Sun, 3 Dec 2000 00:26:56 -0600 (CST) From: Mike Silbersack To: George Morgan Cc: freebsd-net@freebsd.org Subject: Re: Problems with SMC tx driver?? In-Reply-To: <3A2993FD.5852.DC59E9@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 3 Dec 2000, George Morgan wrote: > I just installed FreeBSD 4.2 Release on my brother's computer with a > working SMC 9432TX PCI ethernet adapter. When the adapter is probed > a message is given that indicates that the kernel could not allocate > the memory/resources for this device. > > Please let me know what I can do to debug this problem. Go into the BIOS and turn off the option "plug and play OS". That fixed the problem on the compaq which I saw exhibit similiar behavior. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message