From owner-freebsd-net Sun Jan 19 2: 9:37 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C568937B401 for ; Sun, 19 Jan 2003 02:09:35 -0800 (PST) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1F5743ED8 for ; Sun, 19 Jan 2003 02:09:34 -0800 (PST) (envelope-from sten.daniel.sorsdal@wan.no) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: PPTP tunneling over PPPoE link X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Sun, 19 Jan 2003 11:09:33 +0100 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07D2D2@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PPTP tunneling over PPPoE link Thread-Index: AcK+YP/b+PnBsIvpQ9eutBTvzWInugBQbNCg From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Brett Glass" , Cc: "Archie Cobbs" , "Julian Elischer" , Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think the community would love that! Im having the exact same problem as you do when it comes to adding=20 scripts :) Just mail me if you need anything - like testing. Im no C wiz though :P ---------------------------------------=20 Med vennlig hilsen / Best regards=20 Sten Daniel S=F8rsdal=20 Wireless Manager WAN Norway AS=20 sten.daniel.sorsdal@wan.no=20 http://www.wan.no | http://www.wan-international.com=20 Tel.: +47 69 21 13 00=20 Mobile: +47 40 80 03 06 Dir.tel: +47 69 21 13 06 ---------------------------------------=20 -----Original Message----- From: Brett Glass [mailto:brett@lariat.org]=20 Sent: 17. januar 2003 20:45 To: past@noc.ntua.gr Cc: Archie Cobbs; Julian Elischer; freebsd-net@FreeBSD.org Subject: Re: PPTP tunneling over PPPoE link At 07:59 AM 1/17/2003, Panagiotis Astithas wrote: >I ran into the same problem using mpd and it proved to be caused by the = >blocking of gre traffic. I control the upstream router, and we're not blocking GRE. What's more, = even if I connect from inside that router, we still have trouble. I'd be willing to hack on mpd to add variables, variable=20 interpolation, shell commands, etc.=20 --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 19 7: 2:51 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7CA937B405 for ; Sun, 19 Jan 2003 07:02:49 -0800 (PST) Received: from mandarin.fruitsalad.org (pc117.net160.koping.net [81.16.160.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3AB043ED8 for ; Sun, 19 Jan 2003 07:02:43 -0800 (PST) (envelope-from mdouhan@fruitsalad.org) Received: from [192.168.15.240] (helo=192.168.15.240) by mandarin.fruitsalad.org with esmtp (Exim 4.10) id 18aGy2-000Ju3-00 for freebsd-net@freebsd.org; Sun, 19 Jan 2003 16:02:34 +0100 From: Matt Douhan To: freebsd-net@freebsd.org Subject: ipfilter/ipnat problems Date: Sun, 19 Jan 2003 16:02:05 +0000 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200301191602.13233.mdouhan@fruitsalad.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I am hoping this is the right forum for my question I am running 4.7-STABLE as of 18th Jan 2003, usinf ipf/ipnat for firewall, during normal loads (ipnat -l showing about 1000 connections) everything works fine, but during higher loads ipnat -l showing over 3000 conns, the firewalls get into a state where they drop connections, and users fall off IRC, web pages gets connection refused messages and mailservers start to have timeout problems. I have recompiled the kernel with LARGE_NAT defined that did not help, I have changed the values in ip_state.h as per darrens suggestions on the web, this does not help, I have changed tcp idle timers using sysctl to try and tear down connections faster but none of this helps. Anyone have any ideas? Please reply direct to my email as I am not subscribed to this list normally - -- - ------------------------------------------------------------------------------------ Matt Douhan www.fruitsalad.org CCIE #4004 *** ping elvis *** *** elvis is alive *** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+KswCkU5PITZniCURAp41AKCGJyI5m96HmaNeYqvWsFgE0m9eRwCeLBdA GIhv55njFeqXmSNmhAftOoU= =EeQ6 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 19 17:21:14 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC17237B401 for ; Sun, 19 Jan 2003 17:21:12 -0800 (PST) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33B4243ED8 for ; Sun, 19 Jan 2003 17:21:11 -0800 (PST) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 72866 invoked from network); 20 Jan 2003 01:35:04 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 20 Jan 2003 01:35:04 -0000 Received: (nullmailer pid 39494 invoked by uid 136); Mon, 20 Jan 2003 01:22:29 -0000 Subject: Re: ipfilter/ipnat problems X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <200301191602.13233.mdouhan@fruitsalad.org> To: Matt Douhan Date: Mon, 20 Jan 2003 04:22:29 +0300 (MSK) From: "."@babolo.ru Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1043025749.163878.39493.nullmailer@cicuta.babolo.ru> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I am hoping this is the right forum for my question > > I am running 4.7-STABLE as of 18th Jan 2003, usinf ipf/ipnat for firewall, > during normal loads (ipnat -l showing about 1000 connections) everything > works fine, but during higher loads ipnat -l showing over 3000 conns, the > firewalls get into a state where they drop connections, and users fall off > IRC, web pages gets connection refused messages and mailservers start to have > timeout problems. > > I have recompiled the kernel with LARGE_NAT defined that did not help, I have > changed the values in ip_state.h as per darrens suggestions on the web, this > does not help, I have changed tcp idle timers using sysctl to try and tear > down connections faster but none of this helps. > > Anyone have any ideas? I use ipfw and a lot of natd daemons: 0sw~(3)>ps -axww | grep nat 917 ?? Is 14:22,03 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.100.pid -a X.Y.70.127 -i 100 -o 101 -d 919 ?? Ss 17:55,51 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.102.pid -a X.Y.69.127 -i 102 -o 103 -d 921 ?? Ss 27:40,81 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.104.pid -a X.Y.70.192 -i 104 -o 105 -d 923 ?? Ss 48:48,86 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.106.pid -a X.Y.71.127 -i 106 -o 107 -d 925 ?? Ss 9:24,32 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.108.pid -a X.Y.71.192 -i 108 -o 109 -d 927 ?? Ss 11:59,76 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.110.pid -a X.Y.71.63 -i 110 -o 111 -d 929 ?? Is 0:00,64 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.114.pid -a X.Y.70.191 -i 114 -o 115 -d 931 ?? Is 0:00,08 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.200.pid -a X.Y.71.128 -i 200 -o 201 -d 933 ?? Is 1:28,27 /sbin/natd -f /var/net/conf/nat.base -P /var/run/natd.98.pid -a X.Y.69.192 -i 98 -o 99 -d to share load and IPs. But it need patch http://free.babolo.ru/patch/src.sbin.natd.patch for -P flag. May be I filled PR for this feature sometime ago... .. found: bin/37159 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sun Jan 19 17:34:43 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CD9A37B401 for ; Sun, 19 Jan 2003 17:34:42 -0800 (PST) Received: from mercury.gennex.com.au (CPE-144-132-31-160.vic.bigpond.net.au [144.132.31.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 586DB43F1E for ; Sun, 19 Jan 2003 17:34:35 -0800 (PST) (envelope-from scott.penno@gennex.com.au) Received: from jupiter (jupiter.gennex.com.au [192.168.40.1]) by mercury.gennex.com.au (8.12.3/8.12.3) with SMTP id h0K1YRNP010575 for ; Mon, 20 Jan 2003 12:34:28 +1100 (EST) (envelope-from scott.penno@gennex.com.au) Message-ID: <001601c2c024$11edada0$0128a8c0@jupiter> From: "Scott Penno" To: Subject: Problems with IPSec Date: Mon, 20 Jan 2003 12:34:26 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, Wasn't sure where I should ask for help with this problem, so I'm starting here. If there's a more appropriate place, please let me know. I have a FreeBSD box running -STABLE which has had IPSec working with other hosts for quite some time without a problem. I've just setup another FreeBSD box running 5.0-RC1 and am trying to establish a VPN tunnel but am not getting too far. I'm using racoon and when attempting the negotiation with debugging enabled, the following message appears: 2003-01-20 12:00:23: ERROR: pfkey.c:207:pfkey_handler(): pfkey ADD failed: Invalid argument and the following message is logged via syslog: Jan 20 12:00:23 atlas kernel: key_mature: invalid AH key length 160 (128-128 allowed) The relevant section of racoon.conf which is identical on both boxes is: sainfo anonymous { pfs_group 1; lifetime time 86400 sec; encryption_algorithm 3des ; authentication_algorithm hmac_sha1 ; compression_algorithm deflate ; } The box running -STABLE has been working fine with this configuration so I'm assuming the problem is with the box running 5.0-RC1. Interestingly, I've also tried using des as the encryption algorithm and hmac_md5 as the authentication algorithm and I receive the following error message: racoon: failed to parse configuration file. If anyone has any suggestions for a fix, or how I go about further diagnosing this problem, I'd love to hear from you. Regards, Scott. PS: Please CC replies as I'm not subscribed to the list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 14:11: 3 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44A7037B401; Mon, 20 Jan 2003 14:10:58 -0800 (PST) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D71943F13; Mon, 20 Jan 2003 14:10:57 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc02.attbi.com (sccrmhc02) with ESMTP id <2003012022105500200mnn6ie>; Mon, 20 Jan 2003 22:10:56 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0KMAteq035390; Mon, 20 Jan 2003 14:10:55 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0KMAs8O035389; Mon, 20 Jan 2003 14:10:54 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 20 Jan 2003 14:10:54 -0800 From: "Crist J. Clark" To: security@freebsd.org, net@freebsd.org Subject: ftpd.c DoS Fix Message-ID: <20030120221054.GB34751@blossom.cjclark.org> Reply-To: "Crist J. Clark" Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The current design of the FTP daemon leaves it open to denial of service attacks where an attacker can lock out all other users from making PORT (active) data connections. This DoS is mitigated by the fact the attacker must have a valid login on the server (although anonymous access will do) and that PASV (passive) mode is not affected. The problem lies in the way in which the server fails when it tries to open a data connection in active mode. If the connection attempt fails with an EADDRINUSE error, the server waits and tries the connection again. Durning this wait period, 90 seconds is the hard-coded value, the process is bound to port 20, using the bind() call. This is an exclusive bind(). No other processes may bind() to port 20 for this 90 second wait. This locks all other processes from setting up active data connections during this 90 second wait. Once the 90 seconds is up, the attacker can easily start another 90 second wait. The result is that an attacker with limited resources can prevent all other users from making data connections rendering the server almost useless. I will describe an example of how to attack. It is trivial to automate with a Perl script, but I will not be providing such a tool on a public list. 1) Using a telnet client, log into the test victim FTP server (obviously, this should be your server and it's availability should not be critical). 2) Set up a data connection to your attacker host. 3) Set up a listening process on the attacker on the right port for the data connection. 4) Do a LIST command. 5) Using the same port you used in (2), repeat (2), (3), and (4). (You can't wait to long between (4) and (5) in this example, since we are choking things up by trying to run over our previous connection still in the TIME_WAIT state.) That's it. You will have locked out all other data connections. During the 90 seconds, try firing up another FTP session to the host and try to do anything involving an active data connection (make sure you're not using passive mode, in FreeBSD's ftp client, type 'pass'). I have a quick fix for this. Instead of holding onto our bind() of 20 while we wait, we release, and bind() again at our next try. The inline patch below shows the diff without whitespace changes. A complete diff is attached. The diffs are from HEAD, but it should apply to any RELENG_* branch fine. Unless anyone has some objections, I plan to commit this to HEAD and RELENG_4 today and see about re@ and security-officer@ approval for other branches. As a final note, I came across this bug in a different vendor's FTP daemon before checking if FreeBSD was vulnerable. You might want to check you favorite FTP daemon today. Index: ftpd.c =================================================================== RCS file: /export/freebsd/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.132 diff -u -b -r1.132 ftpd.c --- ftpd.c 16 Jan 2003 14:25:32 -0000 1.132 +++ ftpd.c 20 Jan 2003 21:26:39 -0000 @@ -1772,7 +1772,7 @@ { char sizebuf[32]; FILE *file; - int retry = 0, tos; + int retry = 0, tos, conerrno; file_size = size; byte_count = 0; @@ -1840,6 +1840,7 @@ if (usedefault) data_dest = his_addr; usedefault = 1; + do { file = getdatasock(mode); if (file == NULL) { char hostbuf[BUFSIZ], portbuf[BUFSIZ]; @@ -1852,16 +1853,22 @@ return (NULL); } data = fileno(file); - while (connect(data, (struct sockaddr *)&data_dest, - data_dest.su_len) < 0) { - if (errno == EADDRINUSE && retry < swaitmax) { + conerrno = 0; + if (connect(data, (struct sockaddr *)&data_dest, + data_dest.su_len) == 0) + break; + conerrno = errno; + (void) fclose(file); + data = -1; + if (conerrno == EADDRINUSE) { sleep((unsigned) swaitint); retry += swaitint; - continue; + } else { + break; } + } while (retry <= swaitmax); + if (conerrno != 0) { perror_reply(425, "Can't build data connection"); - (void) fclose(file); - data = -1; return (NULL); } reply(150, "Opening %s mode data connection for '%s'%s.", -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ftpd.diff" Index: ftpd.c =================================================================== RCS file: /export/freebsd/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.132 diff -u -r1.132 ftpd.c --- ftpd.c 16 Jan 2003 14:25:32 -0000 1.132 +++ ftpd.c 20 Jan 2003 21:26:39 -0000 @@ -1772,7 +1772,7 @@ { char sizebuf[32]; FILE *file; - int retry = 0, tos; + int retry = 0, tos, conerrno; file_size = size; byte_count = 0; @@ -1840,28 +1840,35 @@ if (usedefault) data_dest = his_addr; usedefault = 1; - file = getdatasock(mode); - if (file == NULL) { - char hostbuf[BUFSIZ], portbuf[BUFSIZ]; - getnameinfo((struct sockaddr *)&data_source, - data_source.su_len, hostbuf, sizeof(hostbuf) - 1, - portbuf, sizeof(portbuf), - NI_NUMERICHOST|NI_NUMERICSERV); - reply(425, "Can't create data socket (%s,%s): %s.", - hostbuf, portbuf, strerror(errno)); - return (NULL); - } - data = fileno(file); - while (connect(data, (struct sockaddr *)&data_dest, - data_dest.su_len) < 0) { - if (errno == EADDRINUSE && retry < swaitmax) { + do { + file = getdatasock(mode); + if (file == NULL) { + char hostbuf[BUFSIZ], portbuf[BUFSIZ]; + getnameinfo((struct sockaddr *)&data_source, + data_source.su_len, hostbuf, sizeof(hostbuf) - 1, + portbuf, sizeof(portbuf), + NI_NUMERICHOST|NI_NUMERICSERV); + reply(425, "Can't create data socket (%s,%s): %s.", + hostbuf, portbuf, strerror(errno)); + return (NULL); + } + data = fileno(file); + conerrno = 0; + if (connect(data, (struct sockaddr *)&data_dest, + data_dest.su_len) == 0) + break; + conerrno = errno; + (void) fclose(file); + data = -1; + if (conerrno == EADDRINUSE) { sleep((unsigned) swaitint); retry += swaitint; - continue; + } else { + break; } + } while (retry <= swaitmax); + if (conerrno != 0) { perror_reply(425, "Can't build data connection"); - (void) fclose(file); - data = -1; return (NULL); } reply(150, "Opening %s mode data connection for '%s'%s.", --HcAYCG3uE/tztfnV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 15:59:57 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FBDD37B401 for ; Mon, 20 Jan 2003 15:59:56 -0800 (PST) Received: from web10005.mail.yahoo.com (web10005.mail.yahoo.com [216.136.130.41]) by mx1.FreeBSD.org (Postfix) with SMTP id 31BF743F5B for ; Mon, 20 Jan 2003 15:59:56 -0800 (PST) (envelope-from kstailey@yahoo.com) Message-ID: <20030120235956.66063.qmail@web10005.mail.yahoo.com> Received: from [198.80.171.28] by web10005.mail.yahoo.com via HTTP; Mon, 20 Jan 2003 15:59:56 PST Date: Mon, 20 Jan 2003 15:59:56 -0800 (PST) From: Kenneth Stailey Subject: How to use proxy ARP for tun device? To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Seems that if I set up a tun device I can't proxy arp for the "remote" end. bsdlab# sysctl net.link.ether.inet.proxyall=1 net.link.ether.inet.proxyall: 0 -> 1 (set to 1 or 0 the same failure occurs) bsdlab# ifconfig tun0 tun0: flags=8051 mtu 1500 inet6 fe80::2a0:c9ff:fe31:f067%tun0 prefixlen 64 scopeid 0x5 inet 64.93.1.35 --> 10.134.198.236 netmask 0xff000000 Opened by PID 89567 bsdlab# /usr/sbin/arp -s 10.134.198.236 0:a0:c9:31:f0:67 pub cannot intuit interface index and type for 10.134.198.236 What should I do to make arp work? Thanks, Ken __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 16:31:53 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54A7537B401 for ; Mon, 20 Jan 2003 16:31:52 -0800 (PST) Received: from fever.boogie.com (cpe-66-87-52-132.co.sprintbbd.net [66.87.52.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98BD443F43 for ; Mon, 20 Jan 2003 16:31:51 -0800 (PST) (envelope-from durian@boogie.com) Received: from man.boogie.com (man.boogie.com [192.168.1.3]) by fever.boogie.com (8.12.6/8.12.6) with ESMTP id h0L0VoS4001481; Mon, 20 Jan 2003 17:31:51 -0700 (MST) (envelope-from durian@boogie.com) Content-Type: text/plain; charset="us-ascii" From: Mike Durian To: Pekka Nikander Subject: Question about IPsec and double ipfilter processing Date: Mon, 20 Jan 2003 17:31:49 -0700 User-Agent: KMail/1.4.3 Cc: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200301201731.49942.durian@boogie.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was looking through the FreeBSD mailing list archives trying to figure out why ipfilter is filtering on both encapsulated ESP packets and the decrypted packets (NetBSD says it should only filter on the line packets)= , when I saw a relevent posting. It looks like other people are frustrated= by this double processing too. In a message Pekka Nikander says: =09From the security point of view this does not matter so much, =09since the IPsec code is taking care of the protection and =09dropping those packets. Can you clarify on this. In order to allow a peer network, 192.168.2.0/2= 4, to connect to my network via a VPN, I need to pass ESP (fine) and then also 192.168.2.0/24 packets (I'm not so happy about this). Does your statement above imply the IPsec code will somehow filter non-ESP encapsulated packets from 192.168.2.0/24 thus protecting me from spoof attacks even though the firewall would appear to allow it? Thanks, mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 16:34:55 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4134837B401 for ; Mon, 20 Jan 2003 16:34:54 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2BFB43F13 for ; Mon, 20 Jan 2003 16:34:53 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by rwcrmhc52.attbi.com (rwcrmhc52) with ESMTP id <2003012100344705200901jme>; Tue, 21 Jan 2003 00:34:47 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0L0Yleq036242; Mon, 20 Jan 2003 16:34:47 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0L0YkHO036241; Mon, 20 Jan 2003 16:34:46 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 20 Jan 2003 16:34:46 -0800 From: "Crist J. Clark" To: Kenneth Stailey Cc: freebsd-net@freebsd.org Subject: Re: How to use proxy ARP for tun device? Message-ID: <20030121003446.GG34751@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20030120235956.66063.qmail@web10005.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030120235956.66063.qmail@web10005.mail.yahoo.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jan 20, 2003 at 03:59:56PM -0800, Kenneth Stailey wrote: > Seems that if I set up a tun device I can't proxy arp for the "remote" end. > > bsdlab# sysctl net.link.ether.inet.proxyall=1 > net.link.ether.inet.proxyall: 0 -> 1 > > (set to 1 or 0 the same failure occurs) > > bsdlab# ifconfig tun0 > tun0: flags=8051 mtu 1500 > inet6 fe80::2a0:c9ff:fe31:f067%tun0 prefixlen 64 scopeid 0x5 > inet 64.93.1.35 --> 10.134.198.236 netmask 0xff000000 > Opened by PID 89567 > > bsdlab# /usr/sbin/arp -s 10.134.198.236 0:a0:c9:31:f0:67 pub > cannot intuit interface index and type for 10.134.198.236 > > What should I do to make arp work? $ man ppp ... proxyall Default: Disabled. Enabling this will tell ppp to add proxy arp entries for every IP address in all class C or smaller subnets routed via the tun interface. Proxy arp entries are only made for sticky routes that are added using the ``add'' command. No proxy arp entries are made for the interface address itself (as created by the ``set ifaddr'' com- mand). -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 16:55:17 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 190B337B405 for ; Mon, 20 Jan 2003 16:55:16 -0800 (PST) Received: from web10001.mail.yahoo.com (web10001.mail.yahoo.com [216.136.130.37]) by mx1.FreeBSD.org (Postfix) with SMTP id B7F6543F18 for ; Mon, 20 Jan 2003 16:55:15 -0800 (PST) (envelope-from kstailey@yahoo.com) Message-ID: <20030121005515.16320.qmail@web10001.mail.yahoo.com> Received: from [198.80.171.28] by web10001.mail.yahoo.com via HTTP; Mon, 20 Jan 2003 16:55:15 PST Date: Mon, 20 Jan 2003 16:55:15 -0800 (PST) From: Kenneth Stailey Subject: Re: How to use proxy ARP for tun device? To: freebsd-net@freebsd.org In-Reply-To: <20030121003446.GG34751@blossom.cjclark.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- "Crist J. Clark" wrote: > On Mon, Jan 20, 2003 at 03:59:56PM -0800, Kenneth Stailey wrote: > > Seems that if I set up a tun device I can't proxy arp for the "remote" end. > > > > bsdlab# sysctl net.link.ether.inet.proxyall=1 > > net.link.ether.inet.proxyall: 0 -> 1 > > > > (set to 1 or 0 the same failure occurs) > > > > bsdlab# ifconfig tun0 > > tun0: flags=8051 mtu 1500 > > inet6 fe80::2a0:c9ff:fe31:f067%tun0 prefixlen 64 scopeid 0x5 > > inet 64.93.1.35 --> 10.134.198.236 netmask 0xff000000 > > Opened by PID 89567 > > > > bsdlab# /usr/sbin/arp -s 10.134.198.236 0:a0:c9:31:f0:67 pub > > cannot intuit interface index and type for 10.134.198.236 > > > > What should I do to make arp work? > > $ man ppp I'm not using ppp or pppd. I'm using KLH10's dpimp driver. http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/klh10/ __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Mon Jan 20 22:35: 2 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 530E837B401 for ; Mon, 20 Jan 2003 22:35:01 -0800 (PST) Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 777D743F1E for ; Mon, 20 Jan 2003 22:35:00 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc03.attbi.com (sccrmhc03) with ESMTP id <200301210634590030005dhme>; Tue, 21 Jan 2003 06:34:59 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0L6Yreq037797; Mon, 20 Jan 2003 22:34:57 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0L6YpEW037796; Mon, 20 Jan 2003 22:34:51 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 20 Jan 2003 22:34:51 -0800 From: "Crist J. Clark" To: Mike Durian Cc: Pekka Nikander , freebsd-net@freebsd.org Subject: Re: Question about IPsec and double ipfilter processing Message-ID: <20030121063451.GB37009@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <200301201731.49942.durian@boogie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301201731.49942.durian@boogie.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jan 20, 2003 at 05:31:49PM -0700, Mike Durian wrote: > I was looking through the FreeBSD mailing list archives trying to figure > out why ipfilter is filtering on both encapsulated ESP packets and the > decrypted packets (NetBSD says it should only filter on the line packets), > when I saw a relevent posting. It looks like other people are frustrated by > this double processing too. I don't see this. I have one rule on my external interface, block in log quick on de0 all head 2000 ... pass in quick proto esp from any to 12.234.89.252/32 group 2000 That allows in ESP traffic from any host. No other rules are required on this interface for the IPsec tunnel to work. Obviously, I need a rule on the internal interface to let the unecrypted traffic pass this interface. But since all of the interesting filtering of traffic from the outside world happens on the external interface, pass out quick on fxp0 all -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 5: 9: 3 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20ED137B401 for ; Tue, 21 Jan 2003 05:09:02 -0800 (PST) Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CD2443F18 for ; Tue, 21 Jan 2003 05:09:01 -0800 (PST) (envelope-from pekka.nikander@nomadiclab.com) Received: from nomadiclab.com (polle.local.nikander.com [192.168.0.193]) by n97.nomadiclab.com (Postfix) with ESMTP id C30931C; Tue, 21 Jan 2003 15:17:37 +0200 (EET) Message-ID: <3E2D4656.6000805@nomadiclab.com> Date: Tue, 21 Jan 2003 15:08:38 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3b) Gecko/20030117 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Durian Cc: freebsd-net@freebsd.org Subject: Re: Question about IPsec and double ipfilter processing References: <200301201731.49942.durian@boogie.com> In-Reply-To: <200301201731.49942.durian@boogie.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Durian wrote: > I was looking through the FreeBSD mailing list archives trying to figure > out why ipfilter is filtering on both encapsulated ESP packets and the > decrypted packets (NetBSD says it should only filter on the line packets), > when I saw a relevent posting. It looks like other people are frustrated by > this double processing too. > > In a message Pekka Nikander says: > > From the security point of view this does not matter so much, > since the IPsec code is taking care of the protection and > dropping those packets. > > Can you clarify on this. In order to allow a peer network, 192.168.2.0/24, > to connect to my network via a VPN, I need to pass ESP (fine) and > then also 192.168.2.0/24 packets (I'm not so happy about this). Does > your statement above imply the IPsec code will somehow filter non-ESP > encapsulated packets from 192.168.2.0/24 thus protecting me from spoof > attacks even though the firewall would appear to allow it? Exactly, if you have the SPD settings right. If you have an SPD setting like 192.168.2.0/24 0.0.0.0/0 any in ipsec esp/tunnel/XXX.XXX.XXX.XXX-YYY.YYY.YYY.YYY/require; then the IPsec code *requires* than any received packet that has a source address within 192.168.2.0/24 was indeed protected by the specified tunnel, and if it wasn't, it drops the packet. From netinet/ip_input.c: #ifdef IPSEC /* * enforce IPsec policy checking if we are seeing last header. * note that we do not visit this with protocols with pcb layer * code - like udp/tcp/raw ip. */ if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && ipsec4_in_reject(m, NULL)) { ipsecstat.in_polvio++; goto bad; } #endif ipsec4_in_reject then calls ipsec_in_reject with the corresponding policy, and ipsec_in_reject returns non-zero if the packet was not protected by ESP. --Pekka To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 5:16:46 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D0BA37B401; Tue, 21 Jan 2003 05:16:45 -0800 (PST) Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id E858443F43; Tue, 21 Jan 2003 05:16:44 -0800 (PST) (envelope-from pekka.nikander@nomadiclab.com) Received: from nomadiclab.com (polle.local.nikander.com [192.168.0.193]) by n97.nomadiclab.com (Postfix) with ESMTP id 31D531C; Tue, 21 Jan 2003 15:25:27 +0200 (EET) Message-ID: <3E2D482C.9030700@nomadiclab.com> Date: Tue, 21 Jan 2003 15:16:28 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3b) Gecko/20030117 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Crist J. Clark" Cc: Mike Durian , freebsd-net@freebsd.org Subject: Re: Question about IPsec and double ipfilter processing References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> In-Reply-To: <20030121063451.GB37009@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Crist, Crist J. Clark wrote: > I don't see this. I have one rule on my external interface, > > block in log quick on de0 all head 2000 > ... > pass in quick proto esp from any to 12.234.89.252/32 group 2000 > > That allows in ESP traffic from any host. No other rules are required > on this interface for the IPsec tunnel to work. > > Obviously, I need a rule on the internal interface to let the > unecrypted traffic pass this interface. But since all of the > interesting filtering of traffic from the outside world happens on the > external interface, > > pass out quick on fxp0 all > I don't quite understand. Firstly, are you saying that you *only* accept IPsec and nothing else from your external interface? That is not the case with Mike or me; at least I need to use my external interface for generic Internet traffic, too, so I can't block all other traffic. Secondly, are you using ipfw2? I thought it was only available in -CURRENT or 5.0, not in 4.7-STABLE? Or am I wrong? --Pekka To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 5:16:55 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D52F37B401 for ; Tue, 21 Jan 2003 05:16:53 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9898F43F18 for ; Tue, 21 Jan 2003 05:16:52 -0800 (PST) (envelope-from nectar@celabo.org) Received: from opus.celabo.org (opus.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id F2C356A; Tue, 21 Jan 2003 07:16:51 -0600 (CST) Received: by opus.celabo.org (Postfix, from userid 1001) id 3E97F5E34; Tue, 21 Jan 2003 07:14:42 -0600 (CST) Date: Tue, 21 Jan 2003 07:14:42 -0600 From: "Jacques A. Vidrine" To: freebsd-net@FreeBSD.org Cc: Alex , karaul@ngs.ru Subject: possible DoS in dc driver Message-ID: <20030121131442.GA59186@opus.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-net@FreeBSD.org, Alex , karaul@ngs.ru Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Looooong, loooong ago, someone reported a dc driver bug. However, a couple of us have tried and failed to reproduce the problem. I thought I'd bounce the issue here before completely forgetting about it. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se ----- Forwarded message from Alex ----- Date: Mon, 01 Jul 2002 15:21:16 +0600 From: Alex To: security-officer@FreeBSD.org, karaul@ngs.ru Subject: Bug report From: karaul@ngs.ru, Alex S. Kabakaev, Tomsk Polytechnic University, Russia To: FreeBSD bug team I got the problem: FreeBSD computers freezes when i "ping -f -s 50000 any.freebsd.box" from linux box. And only reset can help to unfreeze them. There is no errors on screen or in logs. There is a number of tested configurations and realises: FreeBSD 4.4 on: 1. Duron 650, MB=epox(VIA KT133), Network Card=Matronix MX 3191(dc0 kernel module), 10 MBit per second Hub 2. K6-2 333, Mother Board = VIA MVP3, Network Card=Davicom Semiconductor DM9102AM(dc0 kernel module), 10 MBit per second Hub With FreeBSD 4.6 on K6-2 333, Mother Board = VIA MVP3, Network Card=Matronix MX 3191(dc0 kernel module), 10 MBit per second Hub And Any time i ping with flood and packet size >=30000 all this configurations get freeze. IMHO there is a bug with "dc0" kernel module. To make sure i prodused this test with FreeBSD 4.6 on MB=Lucky Star (VIA 8601T MVP3), integrated network card (Realtek RTL 8139) with another network kernel module. And there was no errors, freezes or bugs. That's why i think it's a bug with "dc" module. Thanks for attention. Mailto: karaul@ngs.ru CC: kas592@ic.tsu.ru ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 6:11:16 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89E7637B401 for ; Tue, 21 Jan 2003 06:11:12 -0800 (PST) Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 261FA43F43 for ; Tue, 21 Jan 2003 06:11:09 -0800 (PST) (envelope-from bvi@moria.org) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 18azBE-0007Gc-00 for freebsd-net@freebsd.org; Tue, 21 Jan 2003 16:15:08 +0200 Received: from devco.net ([196.15.188.2] helo=Beastie) by mx1.dev.itouchnet.net with smtp (Exim 3.35 #1) id 18azBE-0007GK-00; Tue, 21 Jan 2003 16:15:08 +0200 Message-ID: <018501c2c156$959feef0$0b01a8c0@Beastie> Reply-To: "Barry Irwin" From: "Barry Irwin" To: "Jacques A. Vidrine" , Cc: "Alex" , References: <20030121131442.GA59186@opus.celabo.org> Subject: Re: possible DoS in dc driver Date: Tue, 21 Jan 2003 16:08:07 +0200 Organization: Moria Research MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 27932-1043158508-14982@unconfigured version $Name: REL_2_0_4 $ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, For what it is worth, I just tried it on a 4.3 box running the DLINK 570TX quad port cards From linux box [root@web1 labsadmin]# ping -s 5000 victim PING victim (10.10.10.1 ) from 192.168.7.7 : 5000(5028) bytes of data. 5008 bytes from devco.net (196.15.188.2): icmp_seq=0 ttl=255 time=2.596 msec 5008 bytes from devco.net (196.15.188.2): icmp_seq=1 ttl=255 time=2.552 msec 5008 bytes from devco.net (196.15.188.2): icmp_seq=2 ttl=255 time=2.536 msec On the BSD system #uname -a FreeBSD victim 4.3-RELEASE-p14 FreeBSD 4.3-RELEASE-p14 #4: Thu Aug 23 08:42:48 SAST 2001 bvi@XXXXX i386 from dmesg.boot dc0: port 0xc000-0xc07f mem 0xe5000000-0xe50003ff irq 11 at device 4.0 on pci2 dc0: Ethernet address: 00:80:c8:cd:20:95 miibus0: on dc0 ukphy0: on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc1: port 0xc400-0xc47f mem 0xe5001000-0xe50013ff irq 5 at device 5.0 on pci2 dc1: Ethernet address: 00:80:c8:cd:20:96 miibus1: on dc1 ukphy1: on miibus1 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc2: port 0xc800-0xc87f mem 0xe5002000-0xe50023ff irq 12 at device 6.0 on pci2 dc2: Ethernet address: 00:80:c8:cd:20:97 miibus2: on dc2 ukphy2: on miibus2 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc3: port 0xcc00-0xcc7f mem 0xe5003000-0xe50033ff irq 10 at device 7.0 on pci2 dc3: Ethernet address: 00:80:c8:cd:20:98 miibus3: on dc3 ukphy3: on miibus3 ukphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Box is happy with no errors. Been running the dlink cards on a number of boxes round the world for near on 2 years with no trouble. Barry -- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "Jacques A. Vidrine" To: Cc: "Alex" ; Sent: Tuesday, January 21, 2003 3:14 PM Subject: possible DoS in dc driver > Looooong, loooong ago, someone reported a dc driver bug. However, > a couple of us have tried and failed to reproduce the problem. I > thought I'd bounce the issue here before completely forgetting about > it. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > ----- Forwarded message from Alex ----- > Date: Mon, 01 Jul 2002 15:21:16 +0600 > From: Alex > To: security-officer@FreeBSD.org, karaul@ngs.ru > Subject: Bug report > > From: karaul@ngs.ru, Alex S. Kabakaev, Tomsk Polytechnic University, > Russia > To: FreeBSD bug team > I got the problem: > FreeBSD computers freezes when i "ping -f -s 50000 any.freebsd.box" from > linux box. > And only reset can help to unfreeze them. There is no errors on screen > or in logs. > There is a number of tested configurations and realises: > FreeBSD 4.4 on: > 1. Duron 650, MB=epox(VIA KT133), Network Card=Matronix MX 3191(dc0 > kernel module), 10 MBit per second Hub > 2. K6-2 333, Mother Board = VIA MVP3, Network Card=Davicom Semiconductor > DM9102AM(dc0 kernel module), 10 MBit per second Hub > > With FreeBSD 4.6 on K6-2 333, Mother Board = VIA MVP3, Network > Card=Matronix MX 3191(dc0 kernel module), 10 MBit per second Hub > And Any time i ping with flood and packet size >=30000 all this > configurations get freeze. > IMHO there is a bug with "dc0" kernel module. > > To make sure i prodused this test with FreeBSD 4.6 on MB=Lucky Star (VIA > 8601T MVP3), integrated network card (Realtek RTL 8139) with another > network kernel module. And there was no errors, freezes or bugs. That's > why i think it's a bug with "dc" module. > > Thanks for attention. > Mailto: karaul@ngs.ru > CC: kas592@ic.tsu.ru > > > > ----- End forwarded message ----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 7:50:14 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A91F37B401; Tue, 21 Jan 2003 07:50:13 -0800 (PST) Received: from fever.boogie.com (cpe-66-87-52-132.co.sprintbbd.net [66.87.52.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0426643F18; Tue, 21 Jan 2003 07:50:12 -0800 (PST) (envelope-from durian@boogie.com) Received: from man.boogie.com (man.boogie.com [192.168.1.3]) by fever.boogie.com (8.12.6/8.12.6) with ESMTP id h0LFo3S4009805; Tue, 21 Jan 2003 08:50:03 -0700 (MST) (envelope-from durian@boogie.com) Content-Type: text/plain; charset="iso-8859-1" From: Mike Durian To: "Crist J. Clark" , "Crist J. Clark" Subject: Re: Question about IPsec and double ipfilter processing Date: Tue, 21 Jan 2003 08:50:03 -0700 User-Agent: KMail/1.4.3 Cc: Pekka Nikander , freebsd-net@FreeBSD.ORG References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> In-Reply-To: <20030121063451.GB37009@blossom.cjclark.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200301210850.03390.durian@boogie.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote: > > I don't see this. I have one rule on my external interface, > > block in log quick on de0 all head 2000 > ... > pass in quick proto esp from any to 12.234.89.252/32 = =20 > group 2000 First, let me point out that I'm running -current (as of 2 days ago). I don't know if that is revelent to this discussion or not. The behavior you state is the behavior I was expecting and hoping for, but not what I experienced. When I study my ipmon and ipfstat output, I see the "pass esp" rule matching packets, but then I also see the decoded packets being dropped. I observed the same behavior when I was using ipfw instead of ipfilter. I am a bit surprised that the packet count is not the same for the ESP packets and the un-encapsulated packets. 41 @5 block in log quick on rl0 from 192.168.0.0/16 to any 27 @15 pass in quick on rl0 proto esp from 64.139.19.166/32 to 66.87.52.1= 32/32 > Obviously, I need a rule on the internal interface to let the > unecrypted traffic pass this interface. But since all of the > interesting filtering of traffic from the outside world happens on the > external interface, I my case the packets are being dropped on the outside interface, as show= n above. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 7:54:29 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C46A37B436 for ; Tue, 21 Jan 2003 07:54:28 -0800 (PST) Received: from fever.boogie.com (cpe-66-87-52-132.co.sprintbbd.net [66.87.52.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAEA943F18 for ; Tue, 21 Jan 2003 07:54:27 -0800 (PST) (envelope-from durian@boogie.com) Received: from man.boogie.com (man.boogie.com [192.168.1.3]) by fever.boogie.com (8.12.6/8.12.6) with ESMTP id h0LFsRS4009846; Tue, 21 Jan 2003 08:54:27 -0700 (MST) (envelope-from durian@boogie.com) Content-Type: text/plain; charset="iso-8859-1" From: Mike Durian To: Pekka Nikander Subject: Re: Question about IPsec and double ipfilter processing Date: Tue, 21 Jan 2003 08:54:26 -0700 User-Agent: KMail/1.4.3 Cc: freebsd-net@FreeBSD.ORG References: <200301201731.49942.durian@boogie.com> <3E2D4656.6000805@nomadiclab.com> In-Reply-To: <3E2D4656.6000805@nomadiclab.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200301210854.26902.durian@boogie.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 21 January 2003 06:08 am, Pekka Nikander wrote: > > then the IPsec code *requires* than any received packet > that has a source address within 192.168.2.0/24 was > indeed protected by the specified tunnel, and if it wasn't, > it drops the packet. That's good news. I'll feel better about relaxing my rules a bit until I can figure out why I'm seeing different behavior than Crist and what is described in the ipfilter documentation (http://coombs.anu.edu.au/~avalon/ipfil-flow.html - note the final bullet item). mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 8:35:57 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67FCF37B401; Tue, 21 Jan 2003 08:35:56 -0800 (PST) Received: from out1.mx.nwbl.wi.voyager.net (out1.mx.nwbl.wi.voyager.net [169.207.3.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id D024D43F18; Tue, 21 Jan 2003 08:35:55 -0800 (PST) (envelope-from silby@silby.com) Received: from [10.1.1.6] (d110.as8.nwbl0.wi.voyager.net [169.207.132.110]) by out1.mx.nwbl.wi.voyager.net (Postfix) with ESMTP id 990D1E65A4; Tue, 21 Jan 2003 10:35:53 -0600 (CST) Date: Tue, 21 Jan 2003 10:43:32 -0600 (CST) From: Mike Silbersack To: "Jacques A. Vidrine" Cc: freebsd-net@FreeBSD.org, Alex , "" Subject: Re: possible DoS in dc driver In-Reply-To: <20030121131442.GA59186@opus.celabo.org> Message-ID: <20030121104213.H2194-100000@patrocles.silby.com> References: <20030121131442.GA59186@opus.celabo.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 Jan 2003, Jacques A. Vidrine wrote: > Looooong, loooong ago, someone reported a dc driver bug. However, > a couple of us have tried and failed to reproduce the problem. I > thought I'd bounce the issue here before completely forgetting about > it. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ FWIW, I froze a dc card in "increasing TX size" or some similar message loop the other day. However, I have no clue what part of the load testing I was doing caused it, and I have no idea how to repeat it. I bet that this exploit might be limited to a small subset of dc supported chipsets. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 9:18:36 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EC7237B401 for ; Tue, 21 Jan 2003 09:18:34 -0800 (PST) Received: from supergeer.shunda.com (h24-86-153-117.ed.shawcable.net [24.86.153.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29F1543F13 for ; Tue, 21 Jan 2003 09:18:33 -0800 (PST) (envelope-from robert.martin@shunda.com) Received: from 127.0.0.1 (oppy [172.16.60.100]) by supergeer.shunda.com (8.11.1/8.11.1) with ESMTP id h0LHIRA11623 for ; Tue, 21 Jan 2003 10:18:27 -0700 (MST) (envelope-from robert.martin@shunda.com) Date: Tue, 21 Jan 2003 10:18:22 -0700 From: Robert Martin X-Mailer: The Bat! (v1.60c) Reply-To: Robert Martin X-Priority: 3 (Normal) Message-ID: <092443616.20030121101822@shunda.com> To: freebsd-net@FreeBSD.org Subject: PPTP passthrough on FreeBSD 4.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org First of all, I hope that this isn't something obvious that I've missed. I've searched everything I can think of, but have come up empty so far. Maybe somebody here will be able to help. If this is the wrong mailing list, sorry, and please let me know which one I should post to. I am trying to get a FreeBSD ipfw firewall to pass Windows PPTP client traffic through to a Windows NT box behind the firewall. I have successfully used the pptpalias command in natd on a FreeBSD 3.4 box over the last couple of years to pass through PPTP traffic to both NT and 2000 servers. However I now have a client with a FreeBSD 4.4 box that wants to do the same thing, and unfortunately pptpalias has not been included in natd since 4.0. If I am correct, all I should need to do is put a redirect_proto line in natd.conf instead of the pptpalias line, like below: redirect_proto 47 192.168.0.51 redirect_port tcp 192.168.0.51:1723 1723 I think I have the redirect_proto line correct. But, I might not. I've tried it with GRE instead of 47, but that didn't work either. The thing that bothers me is that when I run ethereal on the Windows server behind the firewall, I see 0 GRE packets and 0 1723 packets. So that makes me think it's the firewall. Is there a problem with my natd.conf, or do I need a firewall rule? Or is it because of the funky combination of XP PPTP clients, FreeBSD PPTP passthrough and NT PPTP severs? Or is it something more serious like needing to recompile the kernel? Any and all help will be greatly appreciated. Regards, Robert Martin robert.martin@shunda.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 10:54:35 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B0E137B401 for ; Tue, 21 Jan 2003 10:54:34 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7428F43F13 for ; Tue, 21 Jan 2003 10:54:33 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2003012118543200100hoo43e>; Tue, 21 Jan 2003 18:54:32 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0LIsVeq007253; Tue, 21 Jan 2003 10:54:31 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0LIsVr1007252; Tue, 21 Jan 2003 10:54:31 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Tue, 21 Jan 2003 10:54:30 -0800 From: "Crist J. Clark" To: Mike Durian Cc: Pekka Nikander , freebsd-net@FreeBSD.ORG Subject: Re: Question about IPsec and double ipfilter processing Message-ID: <20030121185430.GD6871@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> <200301210850.03390.durian@boogie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301210850.03390.durian@boogie.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jan 21, 2003 at 08:50:03AM -0700, Mike Durian wrote: > On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote: > > > > I don't see this. I have one rule on my external interface, > > > > block in log quick on de0 all head 2000 > > ... > > pass in quick proto esp from any to 12.234.89.252/32 > > group 2000 > > First, let me point out that I'm running -current (as of 2 days ago). > I don't know if that is revelent to this discussion or not. I'm running RELENG_4_5. Could revision 1.214 to ip_input.c have something to do with this? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 11: 2:49 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 532EC37B401 for ; Tue, 21 Jan 2003 11:02:47 -0800 (PST) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83E8E43E4A for ; Tue, 21 Jan 2003 11:02:46 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc02.attbi.com (sccrmhc02) with ESMTP id <2003012119024500200mmsk1e>; Tue, 21 Jan 2003 19:02:45 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0LJ2ieq007304; Tue, 21 Jan 2003 11:02:44 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0LJ2iJW007303; Tue, 21 Jan 2003 11:02:44 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Tue, 21 Jan 2003 11:02:44 -0800 From: "Crist J. Clark" To: Pekka Nikander Cc: Mike Durian , freebsd-net@freebsd.org Subject: Re: Question about IPsec and double ipfilter processing Message-ID: <20030121190244.GE6871@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> <3E2D482C.9030700@nomadiclab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E2D482C.9030700@nomadiclab.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jan 21, 2003 at 03:16:28PM +0200, Pekka Nikander wrote: > Crist, > > Crist J. Clark wrote: > >I don't see this. I have one rule on my external interface, > > > > block in log quick on de0 all head 2000 > > ... > > pass in quick proto esp from any to 12.234.89.252/32 > > group 2000 > > > >That allows in ESP traffic from any host. No other rules are required > >on this interface for the IPsec tunnel to work. > > > >Obviously, I need a rule on the internal interface to let the > >unecrypted traffic pass this interface. But since all of the > >interesting filtering of traffic from the outside world happens on the > >external interface, > > > > pass out quick on fxp0 all > > > > I don't quite understand. Firstly, are you saying that you > *only* accept IPsec and nothing else from your external > interface? That is not the case with Mike or me; at least I > need to use my external interface for generic Internet traffic, > too, so I can't block all other traffic. I do accept some other very limited incoming traffic. Here's the full list for the external interface if it helps, # External in block in log quick on PUB_IF all head 2000 # Nothing funny coming in block in log quick all with ipopts group 2000 block in log quick all with short group 2000 block in log quick from PRIV_NET to any group 2000 # Allow SSH pass in log first quick proto tcp from OFFICE to BLOSSOM port = ssh flags S keep state group 2000 # Allow DHCP pass in quick proto udp from any port = 67 to any port = 68 group 2000 # Allow IKE and ESP pass in log quick proto udp from any to PUB_IP port = 500 group 2000 pass in quick proto esp from any to PUB_IP group 2000 All I let in is ssh, 22/tcp, from a single external host, DHCP, 68/udp, and stuff for IPsec, 500/udp and ESP. > Secondly, are you using ipfw2? I thought it was only available > in -CURRENT or 5.0, not in 4.7-STABLE? Or am I wrong? I'm using IPFilter not ipfw[12]. But good news, you are wrong, ipfw2 is available in RELENG_4. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 11:31:26 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58BA137B401 for ; Tue, 21 Jan 2003 11:31:25 -0800 (PST) Received: from n97.nomadiclab.com (teldanex.hiit.fi [212.68.5.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60AD143EB2 for ; Tue, 21 Jan 2003 11:31:24 -0800 (PST) (envelope-from pekka.nikander@nomadiclab.com) Received: from nomadiclab.com (polle.local.nikander.com [192.168.0.193]) by n97.nomadiclab.com (Postfix) with ESMTP id F03B61C; Tue, 21 Jan 2003 21:39:59 +0200 (EET) Message-ID: <3E2D9FF4.1000601@nomadiclab.com> Date: Tue, 21 Jan 2003 21:31:00 +0200 From: Pekka Nikander User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.3b) Gecko/20030117 X-Accept-Language: en-us, en MIME-Version: 1.0 To: cjclark@alum.mit.edu Cc: Mike Durian , freebsd-net@FreeBSD.ORG Subject: Re: Question about IPsec and double ipfilter processing References: <200301201731.49942.durian@boogie.com> <20030121063451.GB37009@blossom.cjclark.org> <200301210850.03390.durian@boogie.com> <20030121185430.GD6871@blossom.cjclark.org> In-Reply-To: <20030121185430.GD6871@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Crist J. Clark wrote: > I'm running RELENG_4_5. Could revision 1.214 to ip_input.c have > something to do with this? That is definitely a possibility. I didn't see this behaviour on my kernel build from Oct 11 sources, but I do see it on later ones. However, there was a long time after Oct 11 before I upgraded my kernel. --Pekka To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 12:37:56 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D534337B401 for ; Tue, 21 Jan 2003 12:37:55 -0800 (PST) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28A1E43ED8 for ; Tue, 21 Jan 2003 12:37:50 -0800 (PST) (envelope-from trish@bsdunix.net) Received: from femme.sapphite.org (pcp02268182pcs.longhl01.md.comcast.net [68.50.99.190]) by mtaout05.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.09 (built Jan 7 2003)) with ESMTP id <0H920067YZY6AJ@mtaout05.icomcast.net> for net@freebsd.org; Tue, 21 Jan 2003 15:37:19 -0500 (EST) Received: from localhost (trish@localhost [127.0.0.1]) by femme.sapphite.org (8.12.6/8.12.6) with ESMTP id h0LKYZia096078 for ; Tue, 21 Jan 2003 15:34:35 -0500 (EST envelope-from trish@bsdunix.net) Date: Tue, 21 Jan 2003 15:34:35 -0500 (EST) From: Trish Lynch Subject: strange behaviour on ipsec tunnels and copying medium sized files. X-X-Sender: To: net@freebsd.org Message-id: <20030121153223.X9843-100000@femme> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org we have an ipsec tunnel where one endpoint is a ravlin, the other endpoint is FreeBSD/KAME. Its extremely stable except for this one thing... if you scp a file of about 3M, it hangs at between 400-600k. and it breaks the entire tunnel. I don;t really have much more clues, nothing in the logs or anything like that give any indication its broken. Has anyone seen this before? -Trish -- Trish Lynch trish@bsdunix.net Ecartis Core Team trish@listmistress.org EFNet IRC Operator @ efnet.demon.co.uk AilleCat@EFNet Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 22:18:34 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FC2E37B401 for ; Tue, 21 Jan 2003 22:18:32 -0800 (PST) Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEF4443E4A for ; Tue, 21 Jan 2003 22:18:28 -0800 (PST) (envelope-from bvi@moria.org) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 18bEHI-000Jxl-00 for freebsd-net@freebsd.org; Wed, 22 Jan 2003 08:22:24 +0200 Received: from devco.net ([196.15.188.2] helo=Beastie) by mx1.dev.itouchnet.net with smtp (Exim 3.35 #1) id 18bEHI-000JxS-00; Wed, 22 Jan 2003 08:22:24 +0200 Message-ID: <003701c2c1dd$b4a26530$4508a8c0@Beastie> Reply-To: "Barry Irwin" From: "Barry Irwin" To: "Matthew Zahorik" , References: Subject: Re: possible DoS in dc driver Date: Wed, 22 Jan 2003 08:15:47 +0200 Organization: Moria Research MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 76735-1043216544-17696@unconfigured version $Name: REL_2_0_4 $ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi ran this again with larger values, still no problem. Tried a variety of tests, pining an interface on the DC card, pinging through the BSD box as a gateway. all seems fine (well on 4.3) . To the original reporters, any chances of a dmesg output for the chipsets that are given to exhibiting the problem ? [root@]# ping -s 50000 192.168.8.1 PING 192.168.8.1 (192.168.8.1) from 192.168.7.7 : 50000(50028) bytes of data. 50008 bytes from 192.168.8.1: icmp_seq=0 ttl=255 time=11.330 msec 50008 bytes from 192.168.8.1: icmp_seq=1 ttl=255 time=11.030 msec 50008 bytes from 192.168.8.1: icmp_seq=2 ttl=255 time=19.903 msec 50008 bytes from 192.168.8.1: icmp_seq=3 ttl=255 time=11.038 msec 50008 bytes from 192.168.8.1: icmp_seq=4 ttl=255 time=11.016 msec 50008 bytes from 192.168.8.1: icmp_seq=5 ttl=255 time=11.058 msec [snip] --- 192.168.8.1 ping statistics --- 17 packets transmitted, 17 packets received, 0% packet loss round-trip min/avg/max/mdev = 10.651/11.575/19.903/2.089 ms [root@]# ping -s 80000 192.168.8.1 Error: packet size 80000 is too large. Maximum is 65507 [root@]# ping -s 65507 192.168.8.1 PING 192.168.8.1 (192.168.8.1) from 192.168.7.7 : 65507(65535) bytes of data. 65515 bytes from 192.168.8.1: icmp_seq=0 ttl=255 time=14.406 msec 65515 bytes from 192.168.8.1: icmp_seq=1 ttl=255 time=13.901 msec 65515 bytes from 192.168.8.1: icmp_seq=2 ttl=255 time=13.090 msec 65515 bytes from 192.168.8.1: icmp_seq=3 ttl=255 time=13.842 msec 65515 bytes from 192.168.8.1: icmp_seq=4 ttl=255 time=13.067 msec 65515 bytes from 192.168.8.1: icmp_seq=5 ttl=255 time=13.870 msec 65515 bytes from 192.168.8.1: icmp_seq=6 ttl=255 time=13.048 msec --- 192.168.8.1 ping statistics --- 7 packets transmitted, 7 packets received, 0% packet loss round-trip min/avg/max/mdev = 13.048/13.603/14.406/0.507 ms -- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "Matthew Zahorik" To: "Barry Irwin" Sent: Tuesday, January 21, 2003 4:44 PM Subject: Re: possible DoS in dc driver > On Tue, 21 Jan 2003, Barry Irwin wrote: > > > [root@web1 labsadmin]# ping -s 5000 victim > > Add another zero there and see if it's still happy. The bug report said > anything more then 30KB. > > - Matt > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Tue Jan 21 23: 2:12 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C5D337B401; Tue, 21 Jan 2003 23:02:10 -0800 (PST) Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E22C43F3F; Tue, 21 Jan 2003 23:02:08 -0800 (PST) (envelope-from jeff@unixconsults.com) Received: from boris.st.hmc.edu (localhost [127.0.0.1]) by boris.st.hmc.edu (8.12.3/8.12.3) with ESMTP id h0M722Oo007849; Tue, 21 Jan 2003 23:02:02 -0800 (PST) Received: from localhost (jeff@localhost) by boris.st.hmc.edu (8.12.3/8.12.3/Submit) with ESMTP id h0M722qw007846; Tue, 21 Jan 2003 23:02:02 -0800 (PST) (envelope-from jeff@unixconsults.com) X-Authentication-Warning: boris.st.hmc.edu: jeff owned process doing -bs Date: Tue, 21 Jan 2003 23:02:02 -0800 (PST) From: Jeff Jirsa X-X-Sender: jeff@boris.st.hmc.edu To: "Jacques A. Vidrine" Cc: freebsd-net@FreeBSD.ORG Subject: Re: possible DoS in dc driver In-Reply-To: <20030121131442.GA59186@opus.celabo.org> Message-ID: <20030121225345.V7823-100000@boris.st.hmc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter on boris.st.hmc.edu Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 Jan 2003, Jacques A. Vidrine wrote: > Looooong, loooong ago, someone reported a dc driver bug. However, > a couple of us have tried and failed to reproduce the problem. I > thought I'd bounce the issue here before completely forgetting about > it. I'm not seeing it on 4.5. MBUF exhaustion: yes, lockup: no. ( From a different machine) [10:51pm] jeff@snip (~) # sudo ping -f -s 50000 snip Password: PING snip (snip): 50000 data bytes .................................................... .................................................... .................................................... .................................................... .................................................... ^C (On the 4.5 machine) [10:52pm] jeff@snip (~) # ifconfig dc0 dc0: flags=8843 mtu 1500 inet snip netmask 0xfffff800 broadcast snip.255 ether 00:a0:cc:37:50:fa media: Ethernet autoselect (100baseTX ) status: active [10:52pm] jeff@snip (~) # uname -a FreeBSD snip 4.5-RELEASE-p1 FreeBSD 4.5-RELEASE-p1 #0: Fri Mar 1 15:09:01 GMT 2002 jeff@snip:/usr/src/sys/compile/snip_4_5 i386 [10:52pm] jeff@snip (~) dmesg -a | tail m_clalloc failed, consider increase NMBCLUSTERS value m_clalloc failed, consider increase NMBCLUSTERS value m_clalloc failed, consider increase NMBCLUSTERS value m_retry failed, consider increase mbuf value m_clalloc failed, consider increase NMBCLUSTERS value m_clalloc failed, consider increase NMBCLUSTERS value m_clalloc failed, consider increase NMBCLUSTERS value m_clalloc failed, consider increase NMBCLUSTERS value m_retry failed, consider increase mbuf value m_retryhdr failed, consider increase mbuf value The system does drop icmp echo requests, if that matters. - Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 22 13:12:12 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BD8437B401; Wed, 22 Jan 2003 13:12:11 -0800 (PST) Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2F5D43F13; Wed, 22 Jan 2003 13:12:10 -0800 (PST) (envelope-from winter@jurai.net) Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by sasami.jurai.net (8.12.6/8.12.5) with ESMTP id h0MLC7vA016892; Wed, 22 Jan 2003 16:12:08 -0500 (EST) (envelope-from winter@jurai.net) Date: Wed, 22 Jan 2003 16:12:07 -0500 (EST) From: "Matthew N. Dodd" To: Vincent Jardin Cc: freebsd-atm@FreeBSD.ORG, Subject: Re: New OC3 ATM driver In-Reply-To: <3E075B1B003E24DE@mel-rta7.wanadoo.fr> (added by postmaster@wanadoo.fr) Message-ID: <20030122161111.S59276-100000@sasami.jurai.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This driver is based on the IDT Nicstar driver by Richard Hodges; I'll do some diffs and see if there is anything we need from it but we should already support the IDT chips in -CURRENT. On Fri, 3 Jan 2003, Vincent Jardin wrote: > Prosum just releases an ATM driver for FreeBSD 3.x and 4.x It has some nice > features: > - CBR support > - VBR support > > It supports the HARP stack. > > The last release of the driver is available on their web site: > http://www.prosum.fr/atm155_E.html > > It works very well with the Prosum's OC3 board ;-) > > Regards, > Vincent > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-atm" in the body of the message > -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 22 13:54:33 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27B4837B401; Wed, 22 Jan 2003 13:54:32 -0800 (PST) Received: from mel-rto4.wanadoo.fr (smtp-out-4.wanadoo.fr [193.252.19.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22A4E43E4A; Wed, 22 Jan 2003 13:54:31 -0800 (PST) (envelope-from vjardin@wanadoo.fr) Received: from mel-rta10.wanadoo.fr (193.252.19.193) by mel-rto4.wanadoo.fr (6.7.015) id 3E0C33FD010369DB; Wed, 22 Jan 2003 22:54:23 +0100 Received: from there (193.253.220.11) by mel-rta10.wanadoo.fr (6.7.015) id 3E26DAA6003F851F; Wed, 22 Jan 2003 22:54:23 +0100 Message-ID: <3E26DAA6003F851F@mel-rta10.wanadoo.fr> (added by postmaster@wanadoo.fr) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: "Matthew N. Dodd" Subject: Re: New OC3 ATM driver Date: Wed, 22 Jan 2003 23:14:15 +0100 X-Mailer: KMail [version 1.3.2] Cc: freebsd-atm@FreeBSD.ORG, References: <20030122161111.S59276-100000@sasami.jurai.net> In-Reply-To: <20030122161111.S59276-100000@sasami.jurai.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le Mercredi 22 Janvier 2003 22:12, Matthew N. Dodd a écrit : > This driver is based on the IDT Nicstar driver by Richard Hodges; I'll do > some diffs and see if there is anything we need from it but we should > already support the IDT chips in -CURRENT. However, the Richard Hodges' IDT driver only supports the old IDT 77211 Nicstar that is not produced anymore by IDT. Only ATM boards with the 77254 SAR IDT can be found. Moreover they have more features. According to me, both SAR cannot be supported by a same driver because there are too much differences between the two in order to be integrated within the same driver. Regards, Vincent > > On Fri, 3 Jan 2003, Vincent Jardin wrote: > > Prosum just releases an ATM driver for FreeBSD 3.x and 4.x It has some > > nice features: > > - CBR support > > - VBR support > > > > It supports the HARP stack. > > > > The last release of the driver is available on their web site: > > http://www.prosum.fr/atm155_E.html > > > > It works very well with the Prosum's OC3 board ;-) > > > > Regards, > > Vincent > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-atm" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 22 13:59:19 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4107937B401; Wed, 22 Jan 2003 13:59:18 -0800 (PST) Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B76643EB2; Wed, 22 Jan 2003 13:59:17 -0800 (PST) (envelope-from winter@jurai.net) Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by sasami.jurai.net (8.12.6/8.12.5) with ESMTP id h0MLxFvA034444; Wed, 22 Jan 2003 16:59:15 -0500 (EST) (envelope-from winter@jurai.net) Date: Wed, 22 Jan 2003 16:59:15 -0500 (EST) From: "Matthew N. Dodd" To: Vincent Jardin Cc: freebsd-atm@FreeBSD.ORG, Subject: Re: New OC3 ATM driver In-Reply-To: <3E26DAA6003F851F@mel-rta10.wanadoo.fr> (added by postmaster@wanadoo.fr) Message-ID: <20030122165721.L59276-100000@sasami.jurai.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 22 Jan 2003, Vincent Jardin wrote: > According to me, both SAR cannot be supported by a same driver because > there are too much differences between the two in order to be integrated > within the same driver. Humm... I had not noticed. Abstracting out the differences would still be worthwhile though. -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 22 14:14:53 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF65F37B405; Wed, 22 Jan 2003 14:14:51 -0800 (PST) Received: from mel-rto4.wanadoo.fr (smtp-out-4.wanadoo.fr [193.252.19.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAAFE43F5B; Wed, 22 Jan 2003 14:14:50 -0800 (PST) (envelope-from vjardin@wanadoo.fr) Received: from mel-rta9.wanadoo.fr (193.252.19.69) by mel-rto4.wanadoo.fr (6.7.015) id 3E0C33FD01039224; Wed, 22 Jan 2003 23:14:44 +0100 Received: from there (193.253.220.11) by mel-rta9.wanadoo.fr (6.7.015) id 3E26DA8D003F648B; Wed, 22 Jan 2003 23:14:44 +0100 Message-ID: <3E26DA8D003F648B@mel-rta9.wanadoo.fr> (added by postmaster@wanadoo.fr) Content-Type: text/plain; charset="iso-8859-1" From: Vincent Jardin To: "Matthew N. Dodd" Subject: Re: New OC3 ATM driver Date: Wed, 22 Jan 2003 23:34:37 +0100 X-Mailer: KMail [version 1.3.2] Cc: freebsd-atm@FreeBSD.ORG, References: <20030122165721.L59276-100000@sasami.jurai.net> In-Reply-To: <20030122165721.L59276-100000@sasami.jurai.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le Mercredi 22 Janvier 2003 22:59, Matthew N. Dodd a écrit : > On Wed, 22 Jan 2003, Vincent Jardin wrote: > > According to me, both SAR cannot be supported by a same driver because > > there are too much differences between the two in order to be integrated > > within the same driver. > > Humm... I had not noticed. Abstracting out the differences would still > be worthwhile though. I agree, however it looks to be quite impossible ;-( For example, Linux has 2 drivers too : one for the Nicstar and one for the IDT77252. Regards, Vincent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Wed Jan 22 14:34:24 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A927437B401 for ; Wed, 22 Jan 2003 14:34:23 -0800 (PST) Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id B037043ED8 for ; Wed, 22 Jan 2003 14:34:21 -0800 (PST) (envelope-from pfeifer@dbai.tuwien.ac.at) Received: from [128.130.111.39] (acrux [128.130.111.39]) by vexpert.dbai.tuwien.ac.at (8.12.6/8.12.6) with ESMTP id h0MMYJB5028579 for ; Wed, 22 Jan 2003 23:34:20 +0100 (CET) Date: Wed, 22 Jan 2003 23:34:26 +0100 (CET) From: Gerald Pfeifer To: freebsd-net@freebsd.org Subject: PATCH: /usr/include/netipx/ipx.h and Linux compatibility Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In /usr/include/netipx/ipx.h we already have #defined sipx_port, presumably for compatibility with Linux. Could we please also add two other #defines as per the patch below? (This would have reduced my head-ache maintaining ports/emulators/wine resp. feeding patches upstream quite a bit.) Gerald -- gerald@FreeBSD.org, but I'd need a src committer for this Index: ipx.h =================================================================== RCS file: /sw/FreeBSD/CVSUP/src/sys/netipx/ipx.h,v retrieving revision 1.17 diff -u -3 -p -r1.17 ipx.h --- ipx.h 20 Mar 2002 02:39:13 -0000 1.17 +++ ipx.h 22 Jan 2003 12:14:05 -0000 @@ -130,7 +130,9 @@ struct sockaddr_ipx { struct ipx_addr sipx_addr; char sipx_zero[2]; }; -#define sipx_port sipx_addr.x_port +#define sipx_port sipx_addr.x_port +#define sipx_network sipx_addr.x_net +#define sipx_node sipx_addr.x_host.c_host /* * Definitions for IPX Internetwork Packet Exchange Protocol To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 23 8:23: 5 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7C4237B401; Thu, 23 Jan 2003 08:23:04 -0800 (PST) Received: from crufty.research.bell-labs.com (ns2.research.bell-labs.com [204.178.16.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 406E943F13; Thu, 23 Jan 2003 08:23:00 -0800 (PST) (envelope-from dong@research.bell-labs.com) Received: from scummy.research.bell-labs.com (H-135-104-2-10.research.bell-labs.com [135.104.2.10]) by crufty.research.bell-labs.com (8.12.5/8.12.5) with ESMTP id h0NGMoLI072400; Thu, 23 Jan 2003 11:22:50 -0500 (EST) Received: from char.research.bell-labs.com (char.research.bell-labs.com [135.104.52.83]) by scummy.research.bell-labs.com (8.11.6/8.11.6) with ESMTP id h0NGMiI16591; Thu, 23 Jan 2003 11:22:44 -0500 (EST) Received: from char.research.bell-labs.com (localhost [127.0.0.1]) by char.research.bell-labs.com (8.12.6/8.12.6) with ESMTP id h0NGMhut011888; Thu, 23 Jan 2003 11:22:44 -0500 (EST) (envelope-from dong@research.bell-labs.com) Message-Id: <200301231622.h0NGMhut011888@char.research.bell-labs.com> To: current@freebsd.org, net@freebsd.org Subject: help: can't boot 5.0 diskless Date: Thu, 23 Jan 2003 11:22:43 -0500 From: Dong Lin Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I have been running etherboot/diskless machines successfully with several 4.x releases. Now I have trouble bringing up 5.0 diskless x86 machines. The same dhcp/nfs/etherboot setup works for 4.x. But the 5.0 kernel freezes and eventually crashes without printing anything on the console. I am pretty sure it has passed the etherboot stage, network traces showed that init was loaded via NFS. If I replace the 5.0 kernel with a 4.7 image, it simply works. Can someone tell me what different things I have to do in a diskless 5.0 kernel? I do have the BOOTP, BOOTP_* and NFS_ROOT options enabled. Thanks for your help, Dong Lin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 23 16:50:18 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E16C37B401; Thu, 23 Jan 2003 16:50:17 -0800 (PST) Received: from pop017.verizon.net (pop017pub.verizon.net [206.46.170.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id D07A343ED8; Thu, 23 Jan 2003 16:50:16 -0800 (PST) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net ([138.88.50.143]) by pop017.verizon.net (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with ESMTP id <20030124005016.ULWZ10203.pop017.verizon.net@kokeb.ambesa.net>; Thu, 23 Jan 2003 18:50:16 -0600 Date: Thu, 23 Jan 2003 19:50:12 -0500 From: Mike Makonnen To: Dong Lin Cc: current@FreeBSD.org, net@FreeBSD.org Subject: Re: help: can't boot 5.0 diskless In-Reply-To: <200301231622.h0NGMhut011888@char.research.bell-labs.com> References: <200301231622.h0NGMhut011888@char.research.bell-labs.com> X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary=":+H=.Lz3,b?1y6X0" X-Authentication-Info: Submitted using SMTP AUTH at pop017.verizon.net from [138.88.50.143] at Thu, 23 Jan 2003 18:50:12 -0600 Message-Id: <20030124005016.ULWZ10203.pop017.verizon.net@kokeb.ambesa.net> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --:+H=.Lz3,b?1y6X0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Do you have device.hints in /boot of your diskless tree? -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 --:+H=.Lz3,b?1y6X0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+MI3E2uHir9vMaLkRAuZlAKCkVAgVUWxN0ibFuWDp+2fXj9c3xgCgyFwQ cP9tZPGzUMsXpnqQnehc/t0= =5KPC -----END PGP SIGNATURE----- --:+H=.Lz3,b?1y6X0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Thu Jan 23 23:52: 6 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3E2637B401; Thu, 23 Jan 2003 23:52:05 -0800 (PST) Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id B6CE943F18; Thu, 23 Jan 2003 23:52:04 -0800 (PST) (envelope-from marks@ripe.net) Received: from laptop.6bone.nl (cow.ripe.net [193.0.1.239]) by birch.ripe.net (8.12.5/8.11.6) with SMTP id h0O7q3Aq019615; Fri, 24 Jan 2003 08:52:03 +0100 Received: (nullmailer pid 1118 invoked by uid 1000); Fri, 24 Jan 2003 06:50:17 -0000 Date: Fri, 24 Jan 2003 07:50:17 +0100 From: Mark Santcroos To: Mike Makonnen Cc: Dong Lin , current@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: help: can't boot 5.0 diskless Message-ID: <20030124065017.GC623@laptop.6bone.nl> References: <200301231622.h0NGMhut011888@char.research.bell-labs.com> <20030124005016.ULWZ10203.pop017.verizon.net@kokeb.ambesa.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030124005016.ULWZ10203.pop017.verizon.net@kokeb.ambesa.net> User-Agent: Mutt/1.4i X-Handles: MS6-6BONE, MS18417-RIPE Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jan 23, 2003 at 07:50:12PM -0500, Mike Makonnen wrote: > Do you have device.hints in /boot of your diskless tree? I think you have to statically link your hints into the kernel. Mark -- Mark Santcroos RIPE Network Coordination Centre http://www.ripe.net/home/mark/ New Projects Group/TTM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 0:24:29 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F0E637B401 for ; Fri, 24 Jan 2003 00:24:28 -0800 (PST) Received: from hotmail.com (f117.law15.hotmail.com [64.4.23.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDDC43F1E for ; Fri, 24 Jan 2003 00:24:28 -0800 (PST) (envelope-from soheil_hh@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 24 Jan 2003 00:20:50 -0800 Received: from 81.12.18.2 by lw15fd.law15.hotmail.msn.com with HTTP; Fri, 24 Jan 2003 08:20:49 GMT X-Originating-IP: [81.12.18.2] From: "soheil soheil" To: freebsd-net@freebsd.org Subject: The socket sendto INVALID ARGUMENT ERROR returned Date: Fri, 24 Jan 2003 08:20:49 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 24 Jan 2003 08:20:50.0274 (UTC) FILETIME=[81076C20:01C2C381] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear all I wrote a code to send a tcp packet on a raw socket, but the sendto function return some errors on argument what can make this error occur ??? thanx the code : char datagram[4096]; ..... socket(s, SOCK_RAW, IPPROTO_TCP); .....//filling the tcp/ip header int one = 1; const int *val = &one; if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0) printf("Warning: Cannot set HDRINCL!\n"); if(sendto(s,datagram, sizeof(struct tcphdr), 0,(struct sockaddr *)&sin, sizeof(sin)) < 0) perror("error on send"); _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 0:54: 7 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA78837B401 for ; Fri, 24 Jan 2003 00:54:06 -0800 (PST) Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A872E43F18 for ; Fri, 24 Jan 2003 00:54:05 -0800 (PST) (envelope-from vlm@netli.com) Received: (qmail 30045 invoked by uid 84); 24 Jan 2003 08:53:56 -0000 Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.116836 secs); 24 Jan 2003 08:53:56 -0000 Received: from unknown (HELO netli.com) (192.168.238.32) by mx01-pal-lan.netli.lan with SMTP; 24 Jan 2003 08:53:56 -0000 Message-ID: <3E30FF0A.9000504@netli.com> Date: Fri, 24 Jan 2003 00:53:30 -0800 From: Lev Walkin Organization: Netli, Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021117 X-Accept-Language: en-us, en MIME-Version: 1.0 To: soheil soheil Cc: freebsd-net@freebsd.org Subject: Re: The socket sendto INVALID ARGUMENT ERROR returned References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org soheil soheil wrote: > Dear all > I wrote a code to send a tcp packet on a raw socket, > but the sendto function return some errors on argument > what can make this error occur ??? > thanx > the code : > char datagram[4096]; > ..... > socket(s, SOCK_RAW, IPPROTO_TCP); s = socket(AF_INET, ........); -- Lev Walkin vlm@netli.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 1:48:54 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49E9B37B401 for ; Fri, 24 Jan 2003 01:48:52 -0800 (PST) Received: from ns.neurolution.com (w246.z064003144.sjc-ca.dsl.cnc.net [64.3.144.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65FF243F13 for ; Fri, 24 Jan 2003 01:48:50 -0800 (PST) (envelope-from federico@liquilan.com) Received: from ntt-fedelap.liquilan.com (dhcp229.nttmcl.com [216.69.69.229]) by ns.neurolution.com (8.12.6/8.12.6) with ESMTP id h0O9mVo4006906 for ; Fri, 24 Jan 2003 01:48:32 -0800 (PST) (envelope-from federico@liquilan.com) Message-Id: <5.1.0.14.2.20030124012414.00a9fb88@alicia.nttmcl.com> X-Sender: federico@liquilan.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 24 Jan 2003 01:44:11 -0800 To: freebsd-net@freebsd.org From: Federico Andrade Subject: Adding bridge table lookup via sysctl() Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I am doing some work based on the FreeBSD 4.7 bridge code, and want to add some "userland" table lookup capabilities. Right now I did this for a sysctl call: (BTW, sorry if the code aesthetics are not the best, I promise to clean that up later): ############################################################################## #define LOG(x) x : : Stuff in between... : static int sysctl_bridge_tl(SYSCTL_HANDLER_ARGS) { if (do_bridge) { int i,error,index; char str_line[1024]; for (i=0; iif_name, (bdg_t[index].name <= BDG_FORWARD) ? 0 : bdg_t[index].name->if_unit,bdg_t[index].used); error = SYSCTL_OUT(req, str_line, sizeof(str_line)); LOG(log(LOG_DEBUG,str_line);) LOG(log(LOG_DEBUG,"Error code = %d\n",error);) if (error) return (error); } } } } } SYSCTL_DECL(_net_link_ether); SYSCTL_PROC(_net_link_ether, OID_AUTO, bridge_table, CTLTYPE_STRING|CTLFLAG_RD, NULL, 0, &sysctl_bridge_tl, "A", "Bridge table"); ############################################################################## The point is, if I do a "sysctl net.link.ether.bridge_table" on a terminal that is not the console, I don't get any result to this command, but I can see via the log (var/log/messages and the main console) something like this (from the log function): Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: IDX# MAC IF USED for CLUSTER: 256 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: 292 00:60:ef:20:6e:04 vlan20 0 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: 306 00:60:ef:20:6e:12 vlan40 1 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: 1373 00:60:ef:20:aa:7d vlan10 1 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: 4820 00:50:73:46:61:92 fxp1 1 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: 5471 00:60:ef:20:9a:7f vlan30 1 Jan 24 01:00:04 eacs6 /kernel.BGE_FW2: IDX# MAC IF USED for CLUSTER: 256 (The 256 I guess is because of the htons(), I'll check it later...) The problem appears to be the function I am using for sending the results to the stdout of the user, but I am not that familiar with sysctl macros and functions... Any suggestions will be appreciated. Regards, Federico. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 3:57: 0 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48ED237B401 for ; Fri, 24 Jan 2003 03:56:59 -0800 (PST) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id C200243E4A for ; Fri, 24 Jan 2003 03:56:57 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163]) by mail.econolodgetulsa.com (8.12.3/8.12.3) with ESMTP id h0OBusZb066296 for ; Fri, 24 Jan 2003 03:56:54 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Date: Fri, 24 Jan 2003 03:56:54 -0800 (PST) From: Josh Brooks To: freebsd-net@freebsd.org Subject: catching bad ICMP errors - very odd Message-ID: <20030124035318.O64423-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have inserted this ipfw rule, based on guidance from the archives: count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 Now, I am watching that count rule, and it keeps growing. This means that people are sending me packets other than types 0,3,8,11. So I wanted to see what they were: tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded and I let that run for hours and hours and hours - and during that time, the counter continued to grow and grow, but my screen where I was running tcpdump stayed blank - I never saw a single packet. So how is it that the counter for the above rule can grow and grow and grow, but I never see a single ICMP message that says anything besides "echo", "unreach" or "exceeded" ? thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 6:42: 1 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E6C637B401 for ; Fri, 24 Jan 2003 06:42:00 -0800 (PST) Received: from hotmail.com (f16.law15.hotmail.com [64.4.23.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F07843F7E for ; Fri, 24 Jan 2003 06:42:00 -0800 (PST) (envelope-from soheil_hh@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 24 Jan 2003 06:41:34 -0800 Received: from 62.60.130.14 by lw15fd.law15.hotmail.msn.com with HTTP; Fri, 24 Jan 2003 14:41:34 GMT X-Originating-IP: [62.60.130.14] From: "soheil soheil" To: vlm@netli.com Cc: freebsd-net@freebsd.org Subject: Re: The socket sendto INVALID ARGUMENT ERROR returned Date: Fri, 24 Jan 2003 14:41:34 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 24 Jan 2003 14:41:34.0664 (UTC) FILETIME=[B158B480:01C2C3B6] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm afraid I made a mistake ;) But what is the error about THANX >From: Lev Walkin >To: soheil soheil >CC: freebsd-net@freebsd.org >Subject: Re: The socket sendto INVALID ARGUMENT ERROR returned >Date: Fri, 24 Jan 2003 00:53:30 -0800 > >soheil soheil wrote: >>Dear all >>I wrote a code to send a tcp packet on a raw socket, >>but the sendto function return some errors on argument >>what can make this error occur ??? >>thanx >>the code : >>char datagram[4096]; >>..... >>socket(s, SOCK_RAW, IPPROTO_TCP); > >s = socket(AF_INET, ........); > > >-- >Lev Walkin >vlm@netli.com _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 6:50:44 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA71637B401; Fri, 24 Jan 2003 06:50:43 -0800 (PST) Received: from sunct0.jinr.ru (sunct0.jinr.ru [159.93.17.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10F7D43F1E; Fri, 24 Jan 2003 06:50:42 -0800 (PST) (envelope-from linas@unix1.jinr.dubna.su) Received: from unix1.jinr.dubna.su (unix1.jinr.ru [159.93.17.121]) by sunct0.jinr.ru (8.12.2/8.12.2) with ESMTP id h0OEoZsL019422; Fri, 24 Jan 2003 17:50:36 +0300 (MSK) Received: (from linas@localhost) by unix1.jinr.dubna.su (8.11.6/8.11.6) id h0OEojP05330; Fri, 24 Jan 2003 17:50:45 +0300 (MSK) (envelope-from linas) Message-Id: <200301241450.h0OEojP05330@unix1.jinr.dubna.su> Subject: problem with fxp interface in promisc mode To: freebsd-net@freebsd.org Date: Fri, 24 Jan 2003 17:50:45 +0300 (MSK) Cc: freebsd-stable@freebsd.org From: soloviova@stroimontazh.spb.ru X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! Can anybody help me? Please, look at send-pr: http://www.freebsd.org/cgi/query-pr.cgi?pr=47432 Shortly, my problem is: FreeBSD 4.7-RELEASE-p2 with fxp and xl interface. Running tcpdump or trafshow on fxp interface causes the fatal trap 12 message, and system goes down. It happens on fxp interface, but not on xl interface If someone have any ideas about it or similar symptoms, please, tell me. Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 10: 7:21 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A03B137B401 for ; Fri, 24 Jan 2003 10:07:20 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20EAC43F3F for ; Fri, 24 Jan 2003 10:07:20 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.3/8.12.3) with ESMTP id h0OI7ENU014991; Fri, 24 Jan 2003 10:07:14 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.3/8.12.3/Submit) id h0OI7ET9014990; Fri, 24 Jan 2003 10:07:14 -0800 (PST) (envelope-from rizzo) Date: Fri, 24 Jan 2003 10:07:14 -0800 From: Luigi Rizzo To: Josh Brooks Cc: freebsd-net@FreeBSD.ORG Subject: Re: catching bad ICMP errors - very odd Message-ID: <20030124100714.B14895@xorpc.icir.org> References: <20030124035318.O64423-100000@mail.econolodgetulsa.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030124035318.O64423-100000@mail.econolodgetulsa.com>; from user@mail.econolodgetulsa.com on Fri, Jan 24, 2003 at 03:56:54AM -0800 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is this with ipfw1 or ipfw2 or both ? cheers luigi On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote: > > I have inserted this ipfw rule, based on guidance from the archives: > > count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 > > Now, I am watching that count rule, and it keeps growing. This means that > people are sending me packets other than types 0,3,8,11. > > So I wanted to see what they were: > > tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded > > and I let that run for hours and hours and hours - and during that time, > the counter continued to grow and grow, but my screen where I was running > tcpdump stayed blank - I never saw a single packet. > > So how is it that the counter for the above rule can grow and grow and > grow, but I never see a single ICMP message that says anything besides > "echo", "unreach" or "exceeded" ? > > thanks. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 11: 6: 0 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B727137B401 for ; Fri, 24 Jan 2003 11:05:58 -0800 (PST) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5971443E4A for ; Fri, 24 Jan 2003 11:05:58 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163]) by mail.econolodgetulsa.com (8.12.3/8.12.3) with ESMTP id h0OJ5rZb073916; Fri, 24 Jan 2003 11:05:53 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Date: Fri, 24 Jan 2003 11:05:53 -0800 (PST) From: Josh Brooks To: Luigi Rizzo Cc: freebsd-net@FreeBSD.ORG Subject: Re: catching bad ICMP errors - very odd In-Reply-To: <20030124100714.B14895@xorpc.icir.org> Message-ID: <20030124110547.U64423-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ipfw1 On Fri, 24 Jan 2003, Luigi Rizzo wrote: > is this with ipfw1 or ipfw2 or both ? > > cheers > luigi > > On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote: > > > > I have inserted this ipfw rule, based on guidance from the archives: > > > > count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 > > > > Now, I am watching that count rule, and it keeps growing. This means that > > people are sending me packets other than types 0,3,8,11. > > > > So I wanted to see what they were: > > > > tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded > > > > and I let that run for hours and hours and hours - and during that time, > > the counter continued to grow and grow, but my screen where I was running > > tcpdump stayed blank - I never saw a single packet. > > > > So how is it that the counter for the above rule can grow and grow and > > grow, but I never see a single ICMP message that says anything besides > > "echo", "unreach" or "exceeded" ? > > > > thanks. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 12:29: 3 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3546E37B401 for ; Fri, 24 Jan 2003 12:29:01 -0800 (PST) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 828F143EB2 for ; Fri, 24 Jan 2003 12:29:00 -0800 (PST) (envelope-from dart@nersc.gov) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id AF3D47788; Fri, 24 Jan 2003 12:28:54 -0800 (PST) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 60362777D; Fri, 24 Jan 2003 12:28:54 -0800 (PST) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id E42E13B1AE; Fri, 24 Jan 2003 12:28:53 -0800 (PST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Luigi Rizzo Cc: Josh Brooks , freebsd-net@FreeBSD.ORG Subject: Re: catching bad ICMP errors - very odd In-Reply-To: Message from Luigi Rizzo of "Fri, 24 Jan 2003 10:07:14 PST." <20030124100714.B14895@xorpc.icir.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1729541048P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 24 Jan 2003 12:28:53 -0800 From: Eli Dart Message-Id: <20030124202853.E42E13B1AE@gemini.nersc.gov> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-1729541048P Content-Type: text/plain; charset=us-ascii In reply to Luigi Rizzo : > is this with ipfw1 or ipfw2 or both ? > > cheers > luigi > > On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote: > > > > I have inserted this ipfw rule, based on guidance from the archives: > > > > count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 > > > > Now, I am watching that count rule, and it keeps growing. This means that > > people are sending me packets other than types 0,3,8,11. > > > > So I wanted to see what they were: > > > > tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded Are you sure tcpdump is attaching to the correct interface? --eli > > > > and I let that run for hours and hours and hours - and during that time, > > the counter continued to grow and grow, but my screen where I was running > > tcpdump stayed blank - I never saw a single packet. > > > > So how is it that the counter for the above rule can grow and grow and > > grow, but I never see a single ICMP message that says anything besides > > "echo", "unreach" or "exceeded" ? > > > > thanks. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --==_Exmh_-1729541048P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE+MaIFLTFEeF+CsrMRAqxBAJ4u0fWjf7EazS52svFkqBNTbXBiEwCg3+sB TDM2s3UvBbTvye9JpEEMEhQ= =Cdwl -----END PGP SIGNATURE----- --==_Exmh_-1729541048P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Fri Jan 24 14:49:23 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9AE737B401 for ; Fri, 24 Jan 2003 14:49:21 -0800 (PST) Received: from smtp.hotbox.ru (smtp.hotbox.ru [80.68.244.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2446B43E4A for ; Fri, 24 Jan 2003 14:49:20 -0800 (PST) (envelope-from lexxmail@front.ru) Received: from duron.lexxhome.net (lexx.korolev-net.ru [212.188.65.77]) (authenticated bits=0) by smtp.hotbox.ru (8.12.6/8.12.6) with ESMTP id h0OMjK31095379; Sat, 25 Jan 2003 01:45:21 +0300 (MSK) (envelope-from lexxmail@front.ru) Date: Sat, 25 Jan 2003 01:49:25 +0300 From: "Vadim A. Shklyaev" X-Mailer: The Bat! (v1.61) Reply-To: "Vadim A. Shklyaev" X-Priority: 3 (Normal) Message-ID: <18174609192.20030125014925@front.ru> To: Josh Brooks Cc: freebsd-net@freebsd.org Subject: Re: catching bad ICMP errors - very odd In-Reply-To: <20030124035318.O64423-100000@mail.econolodgetulsa.com> References: <20030124035318.O64423-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Josh. You wrote 24 January 2003, 14:56:54: JB> I have inserted this ipfw rule, based on guidance from the archives: JB> count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 JB> Now, I am watching that count rule, and it keeps growing. This means that JB> people are sending me packets other than types 0,3,8,11. JB> So I wanted to see what they were: JB> tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded JB> and I let that run for hours and hours and hours - and during that time, JB> the counter continued to grow and grow, but my screen where I was running JB> tcpdump stayed blank - I never saw a single packet. JB> So how is it that the counter for the above rule can grow and grow and JB> grow, but I never see a single ICMP message that says anything besides JB> "echo", "unreach" or "exceeded" ? JB> thanks. You should better write this, due to possible buffered output of grep. tcpdump -vvvni iface0 'icmp and icmp[icmptype]!=icmp-echo and \ icmp[icmptype]!=icmp-echoreply and icmp[icmptype]!=icmp-unreach \ and icmp[icmptype]!=icmp-timxceed' -- Best regards, Vadim mailto:lexxmail@front.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message From owner-freebsd-net Sat Jan 25 5:55: 4 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C56AF37B405 for ; Sat, 25 Jan 2003 05:55:02 -0800 (PST) Received: from morphy.iki.fi (baana-pppoes-213-139-166-84.suomi.net [213.139.166.84]) by mx1.FreeBSD.org (Postfix) with SMTP id E852243F13 for ; Sat, 25 Jan 2003 05:54:59 -0800 (PST) (envelope-from morphy@morphy.iki.fi) Received: (qmail 19869 invoked by uid 1000); 25 Jan 2003 13:54:51 -0000 Date: Sat, 25 Jan 2003 15:54:51 +0200 From: "Mikko S. Hyvarinen" To: freebsd-net@freebsd.org, freebsd-current@freebsd.org Cc: obrien@freebsd.org Subject: Re: [PATCH] Asus A7N8X Deluxe, nForce2 and 3com MAC, Broadcom/Altima PHY Message-ID: <20030125135451.GA91809@morphy.iki.fi> References: <20030112190731.GB14895@morphy.iki.fi> <20030112210430.GA63537@dragon.nuxi.com> <20030113163101.GA714@morphy.iki.fi> <20030118164640.GD36580@morphy.iki.fi> <20030118224638.GL70151@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030118224638.GL70151@dragon.nuxi.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jan 18, 2003 at 02:46:38PM -0800, David O'Brien wrote: > On Sat, Jan 18, 2003 at 06:46:40PM +0200, Mikko Hyvarinen wrote: > > Hi again,O > > > > I find it outright odd that the partial patch that didn't help much got > > committed quickly but the final fix that makes things work didn't. > > > > Is there something wrong with the patch or did it just slip through the > > cracks somewhere? > > I got busy last week. I just happen to have a few free minutes when the > 1st patch came in, and I have a big interest in AMD platforms. I've got > too many things on my plate for today to probably get to the 2nd patch. > Other committers, please don't think I feel ownership of this patch. Thank you for the commit. Now the support for this board is on a good basic level. I suppose there is not much hope of getting support for the nVidia MAC integrated to the MCP (southbridge) since even the Linux drivers are binary-only with a thin glue layer, and no specs seem to be available on nVidia website, not even in the developer sections. Regards, MSH -- All opinions expressed above are mine alone and do not express the views of my employer or any other organizations that I am affiliated with. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message