From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 10:48:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5E6F37B401 for ; Sun, 3 Aug 2003 10:48:42 -0700 (PDT) Received: from appleisp.net (mail.appleisp.net [63.120.72.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35A8843FA3 for ; Sun, 3 Aug 2003 10:48:42 -0700 (PDT) (envelope-from freebsd@hardcoremods.com) Received: from [67.74.249.167] (account photovor@qwickconnect.net HELO hardc0rM0dz) by appleisp.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 10751708 for freebsd-net@freebsd.org; Sun, 03 Aug 2003 10:47:30 -0700 From: "Nick" To: Date: Sun, 3 Aug 2003 13:48:40 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Changing out network card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 17:48:42 -0000 I have a server running DHCPD, FTP, DNS (namedb), and OpenSSH. My current network card is a 3Com 10mbit. I want to change it out for another network card, but make it a 3com 100mbit. Am I going to have to reconfigure my DHCP, DNS and OpenSSH to use this new interface, or is there another way of getting around all of that? -Photovor From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 12:37:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A45937B401 for ; Sun, 3 Aug 2003 12:37:24 -0700 (PDT) Received: from out006.verizon.net (out006pub.verizon.net [206.46.170.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F8D643FB1 for ; Sun, 3 Aug 2003 12:37:23 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([151.205.189.55]) by out006.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030803193722.LKZE16647.out006.verizon.net@mac.com>; Sun, 3 Aug 2003 14:37:22 -0500 Message-ID: <3F2D646F.7020500@mac.com> Date: Sun, 03 Aug 2003 15:37:19 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nick References: In-Reply-To: X-Enigmail-Version: 0.76.4.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [151.205.189.55] at Sun, 3 Aug 2003 14:37:22 -0500 cc: freebsd-net@freebsd.org Subject: Re: Changing out network card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 19:37:24 -0000 Nick wrote: > I have a server running DHCPD, FTP, DNS (namedb), and OpenSSH. My current > network card is a 3Com 10mbit. I want to change it out for another network > card, but make it a 3com 100mbit. Am I going to have to reconfigure my > DHCP, DNS and OpenSSH to use this new interface, or is there another way of > getting around all of that? Services usually care about IP addresses, not interface names. You will need to change the interface name in /etc/rc.conf, but that should be it. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 13:57:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFFFE37B401 for ; Sun, 3 Aug 2003 13:57:16 -0700 (PDT) Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0414F43F93 for ; Sun, 3 Aug 2003 13:57:16 -0700 (PDT) (envelope-from ryan@sasknow.com) Received: from earl.sasknow.net (earl.sasknow.net [207.195.92.130]) by ren.sasknow.com (8.12.6p2/8.12.6) with ESMTP id h73KvFvT078060; Sun, 3 Aug 2003 14:57:15 -0600 (CST) (envelope-from ryan@sasknow.com) Received: from ren (ren.sasknow.com [207.195.92.131]) by earl.sasknow.net (8.12.6p2/8.12.6) with ESMTP id h73KvENn069880; Sun, 3 Aug 2003 14:57:14 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 3 Aug 2003 14:57:14 -0600 (CST) From: Ryan Thompson To: Chuck Swiger In-Reply-To: <3F2D646F.7020500@mac.com> Message-ID: <20030803144559.V62366-100000@ren.sasknow.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Audit: Email processed by earl.sasknow.com filter X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org cc: Nick Subject: Re: Changing out network card X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 20:57:17 -0000 Chuck Swiger wrote to Nick: > Nick wrote: > > I have a server running DHCPD, FTP, DNS (namedb), and OpenSSH. My > > current network card is a 3Com 10mbit. I want to change it out for > > another network card, but make it a 3com 100mbit. Am I going to > > have to reconfigure my DHCP, DNS and OpenSSH to use this new > > interface, or is there another way of getting around all of that? > > Services usually care about IP addresses, not interface names. You > will need to change the interface name in /etc/rc.conf, but that > should be it. Actually, dhcpd cares about interfaces, too.. as does natd, if you're running that. See dhcpd_interface in /usr/local/etc/rc.isc-dhcpd.conf, and the "interface" parameter for natd, which could be in /etc/rc.conf as natd_interface, or passed manually in /etc/rc.conf natd_flags, or perhaps buried in a configuration file specified with the -f parameter to natd. Also, you might want to try this as root: grep -IR if0 /etc /usr/local/etc Where if0 is the name of your current interface. For most systems, that should catch just about everything.. but it'd be better to maintain a list of places where you've had to enter your interface. - Ryan -- Ryan Thompson SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 16:53:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7558337B401 for ; Sun, 3 Aug 2003 16:53:41 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12F9A43FBD for ; Sun, 3 Aug 2003 16:53:41 -0700 (PDT) (envelope-from hmp@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1072) id 683B120F00; Sun, 3 Aug 2003 16:53:40 -0700 (PDT) Date: Sun, 3 Aug 2003 16:53:40 -0700 From: Hiten Pandya To: Paolo Pisati Message-ID: <20030803235340.GA93205@perrin.int.nxad.com> References: <20030731211452.GA210@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030731211452.GA210@newluxor.skynet.org> X-Operating-System: FreeBSD FreeBSD 4.7-STABLE User-Agent: Mutt/1.5.4i cc: freebsd-net@freebsd.org Subject: Re: Netgraph node, first steps in kernel land and a bloody crash dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 23:53:41 -0000 On Thu, Jul 31, 2003 at 11:14:52PM +0200, Paolo Pisati wrote: > #5 0xc0204f63 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, > tf_edi = -856166976, tf_esi = 0, tf_ebp = -856167184, > tf_isp = -856167216, tf_ebx = 69, tf_edx = 0, tf_ecx = 0, > tf_eax = -6422529, tf_trapno = 12, tf_err = 0, tf_eip = 784, tf_cs = 8, > tf_eflags = 66118, tf_esp = -1071208512, tf_ss = 1861}) > at /usr/src/sys/i386/i386/trap.c:466 > #6 0x310 in ?? () > > Ok, i'm not a guru, but it looks like the culprit is printf in kernel > land, or at least, a bad use of it from myself... (see #9). The culprit is most definitely frame #6. > > I would like to fill the missing ?? in this dump, but i couldn't > find how to load the symbols from my node (and yes, i've > tried what's written in the handbook about the modules and > it didn't work). Well, you are going to panic one way or the other; so I advise you to compile your Netgraph module in the kernel itself. It will save you *A LOT* of hassle that one has to go through debugging KLDs (kmods). Also, in order to study the problem, the source code is the key, and without that, not much can be done. > [flag@newluxor flag]$ man 9 printf > No entry for printf in section 9 of the manual > [flag@newluxor flag]$ > > what's happened to the man page? The manual page has not been added to 4.x series. Cheers. > -- Hiten M. Pandya hmp@FreeBSD.ORG, hmp@nxad.com http://hmp.serverninjas.com/ From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 22:13:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D7E937B4DD; Sun, 3 Aug 2003 22:13:32 -0700 (PDT) Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB3D543FA3; Sun, 3 Aug 2003 22:13:29 -0700 (PDT) (envelope-from grog@lemis.com) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 806B9526AA; Mon, 4 Aug 2003 14:43:26 +0930 (CST) Date: Mon, 4 Aug 2003 14:43:26 +0930 From: Greg 'groggy' Lehey To: Paolo Pisati Message-ID: <20030804051326.GY95375@wantadilla.lemis.com> References: <20030731211452.GA210@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Fn23agWlbbdZ3cy5" Content-Disposition: inline In-Reply-To: <20030731211452.GA210@newluxor.skynet.org> User-Agent: Mutt/1.4i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 cc: FreeBSD_Hackers cc: FreeBSD_Net Subject: Re: Netgraph node, first steps in kernel land and a bloody crash dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 05:13:33 -0000 --Fn23agWlbbdZ3cy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thursday, 31 July 2003 at 23:14:52 +0200, Paolo Pisati wrote: > > Hi guys, > > still here with my netgraph node. > > Today, after a couple of nice days without a problem, > i spent the last 4 hours trying to understand why the hell, > my module crash my stable box. > ... > #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 > 487 if (dumping++) { > (kgdb) where > #5 0xc0204f63 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16, > tf_edi =3D -856166976, tf_esi =3D 0, tf_ebp =3D -856167184, > tf_isp =3D -856167216, tf_ebx =3D 69, tf_edx =3D 0, tf_ecx =3D 0, > tf_eax =3D -6422529, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D 784= , tf_cs =3D 8, > tf_eflags =3D 66118, tf_esp =3D -1071208512, tf_ss =3D 1861}) > at /usr/src/sys/i386/i386/trap.c:466 > #6 0x310 in ?? () > #7 0xc0163e70 in putchar (c=3D69, arg=3D0xccf7edc0) > at /usr/src/sys/kern/subr_prf.c:355 > #8 0xc0164086 in kvprintf (fmt=3D0xc0e24baa "AF NODE\n", > func=3D0xc0163dd0 , arg=3D0xccf7edc0, radix=3D10, ap=3D0xccf= 7edd8 "") > at /usr/src/sys/kern/subr_prf.c:532 > #9 0xc0163d4c in printf (fmt=3D0xc0e24ba8 "LEAF NODE\n") > at /usr/src/sys/kern/subr_prf.c:305 > #10 0xc0e2348a in ?? () > #11 0xc0e23354 in ?? () > > Ok, i'm not a guru, but it looks like the culprit is printf in > kernel land, or at least, a bad use of it from myself... (see #9). Hmm. Is this a kld? > I would like to fill the missing ?? in this dump, but i couldn't > find how to load the symbols from my node (and yes, i've tried > what's written in the handbook about the modules and it didn't > work). OK, what we see here is that the printf call calls putchar() to print the individual characters. The one it's printing now is 0x69 (frame 7), lowercase 'i'. That's not in the (first) string passed to printf(), but it could be in another parameter, or in the format string. You can't get the address of frame 6 because it's not a valid address. Kernel code sits above 0xc0000000, and this address is 0x310, which suggests to me that you've smashed a stack or something. I'd guess that you've overflowed the buffer. > on a side note: > [flag@newluxor flag]$ man 9 printf > No entry for printf in section 9 of the manual > [flag@newluxor flag]$ > > what's happened to the man page? Hasn't been written. Do you feel like doing it? Greg --=20 See complete headers for address and phone numbers --Fn23agWlbbdZ3cy5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE/Let2IubykFB6QiMRAmjJAJ9XywQ11NJVrqWVHnwbTIzdHK6YhQCcC0R8 +GmdJHu3uZ6aH3Ps11gxOxs= =9YnD -----END PGP SIGNATURE----- --Fn23agWlbbdZ3cy5-- From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 07:42:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 305F437B404 for ; Mon, 4 Aug 2003 07:42:03 -0700 (PDT) Received: from insourcery.net (ns1.insourcery.net [198.93.171.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD26443FB1 for ; Mon, 4 Aug 2003 07:41:57 -0700 (PDT) (envelope-from fbsdquestions@worldinternet.org) Received: from localhost (localhost [127.0.0.1]) (uid 80) by insourcery.net with local; Mon, 04 Aug 2003 07:41:57 -0700 Received: from customer-200-79-7-13.uninet.net.mx (customer-200-79-7-13.uninet.net.mx [200.79.7.13]) by mail.worldinternet.org (Horde) with HTTP for ; Mon, 4 Aug 2003 07:41:57 -0700 Message-ID: <1060008117.a01537208ba27@mail.worldinternet.org> X-Priority: 3 (Normal) Date: Mon, 4 Aug 2003 07:41:57 -0700 From: fbsdquestions@worldinternet.org To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 200.79.7.13 Subject: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 14:42:03 -0000 We have a perfectly functional but saturated ds0 with our telco that is very expensive. We have squid running with transparent proxy for our LAN that consists of about 10-15 users. [ fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 ] It works fine but still not enough bandwidth so we contracted a much less expensive connection with a cable company that we plan to use for all outgoing requests for port 80 from squid. The problem is that I don't know how to get the outgoing requests from squid to use the nic that is connected to the cable company. Squid is setup to use the Cable companies IP tcp_outgoing_address 10.24.194.163 but since the default gateway is to the telco interface, the request is sent to the telco. I'm not sure how to make this work. Our three nic's are set up as follows rl1 192.168.5.0/24 --- Internal Network \ \ rl0 [TelCo] ------ 200.79.x.0/28 --- INTERNET / natd-ipfw-squid rl2 / routing: default 200.79.x.1 10.24.194.163/20 --- Cable Network Our firewall configuration has been reduced to the following until we can get this to work. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 65100 divert 8668 ip from any to any via rl0 65500 allow ip from any to any 65535 allow ip from any to any Everything works great with rl1 -> rl0 but rl2 is basically useless for now. I have tried many different approaches and none have worked. I'm probably complicating it too much, I hope. Any help or suggestions will be appreciated. Ed -- ------------------------------------------------- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" ------------------------------------------------- From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 10:26:43 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C28037B401 for ; Mon, 4 Aug 2003 10:26:43 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2BB743F85 for ; Mon, 4 Aug 2003 10:26:42 -0700 (PDT) (envelope-from kkonaka@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id h74HQgRM025142 for ; Mon, 4 Aug 2003 10:26:42 -0700 (PDT) Received: from localhost.localdomain.tcsamerica.com ([216.130.131.138]) (authenticated bits=0) by mac.com (Xserve/8.12.9/MantshX 2.0) with ESMTP id h74HQb9d021879; Mon, 4 Aug 2003 10:26:40 -0700 (PDT) Date: Mon, 04 Aug 2003 13:27:11 -0400 Message-ID: From: kkonaka@mac.com To: freebsd-net@freebsd.org User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Subject: coexsiting two network (addresses) on a single ivp4 link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 17:26:43 -0000 howdy, what kind of things go wrong if I'd put two ipv4 networks on a single ethernet link? eg., put 192.168.1/24 and 192.168.3/24 on a single segment. kenji From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 10:47:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34CF137B401 for ; Mon, 4 Aug 2003 10:47:47 -0700 (PDT) Received: from pursued-with.net (adsl-66-125-9-242.dsl.sndg02.pacbell.net [66.125.9.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79EC143F75 for ; Mon, 4 Aug 2003 10:47:46 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Received: from babelfish.pursued-with.net (babelfish.pursued-with.net [192.168.168.42]) by pursued-with.net (8.12.8p1/8.12.8) with ESMTP id h74HnAqB038034; Mon, 4 Aug 2003 10:49:10 -0700 (PDT) (envelope-from Kevin_Stevens@pursued-with.net) Date: Mon, 4 Aug 2003 10:49:10 -0700 (PDT) From: Kevin Stevens To: kkonaka@mac.com In-Reply-To: Message-ID: <20030804104551.U37975@babelfish.pursued-with.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: coexsiting two network (addresses) on a single ivp4 link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Kevin_Stevens@pursued-with.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 17:47:47 -0000 On Mon, 4 Aug 2003 kkonaka@mac.com wrote: > what kind of things go wrong if I'd put two ipv4 networks > on a single ethernet link? eg., put 192.168.1/24 and 192.168.3/24 > on a single segment. If you just mean on the same segment; nothing goes wrong. If you mean on the same interface on a FreeBSD box, you get a lot of ARP warning messages. Then when you post here as to how to turn the warning messages off (there's a sysctl for it), you get a bunch of people grilling you as to why you want to do that, even though it's a perfectly legitimate design. At least that was my experience. ;) KeS From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 10:58:31 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6934037B401 for ; Mon, 4 Aug 2003 10:58:31 -0700 (PDT) Received: from smtpout.mac.com (A17-250-248-86.apple.com [17.250.248.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id E562343F75 for ; Mon, 4 Aug 2003 10:58:30 -0700 (PDT) (envelope-from kkonaka@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id h74HwUKl024220; Mon, 4 Aug 2003 10:58:30 -0700 (PDT) Received: from localhost.localdomain.tcsamerica.com ([216.130.131.138]) (authenticated bits=0) by mac.com (Xserve/8.12.9/MantshX 2.0) with ESMTP id h74HwR9d013596; Mon, 4 Aug 2003 10:58:28 -0700 (PDT) Date: Mon, 04 Aug 2003 13:59:02 -0400 Message-ID: From: kkonaka@mac.com To: Kevin_Stevens@pursued-with.net In-Reply-To: <20030804104551.U37975@babelfish.pursued-with.net> References: <20030804104551.U37975@babelfish.pursued-with.net> User-Agent: Wanderlust/2.8.1 (Something) Emacs/21.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: kkonaka@mac.com cc: freebsd-net@freebsd.org Subject: Re: coexsiting two network (addresses) on a single ivp4 link X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 17:58:31 -0000 - thanks KeS > If you just mean on the same segment; nothing goes wrong. yes this is what I've ment --> okay thanks! :) > If you mean on > the same interface on a FreeBSD box, you get a lot of ARP warning > messages. Then when you post here as to how to turn the warning messages > off (there's a sysctl for it), you get a bunch of people grilling you as > to why you want to do that, even though it's a perfectly legitimate > design. At least that was my experience. ;) I think I have seen this (at least several times) :) cheers, kenji From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 11:01:28 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E42A37B401 for ; Mon, 4 Aug 2003 11:01:28 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEAB243FD7 for ; Mon, 4 Aug 2003 11:01:22 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h74I1MUp066087 for ; Mon, 4 Aug 2003 11:01:22 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h74I1M3Q066081 for freebsd-net@freebsd.org; Mon, 4 Aug 2003 11:01:22 -0700 (PDT) Date: Mon, 4 Aug 2003 11:01:22 -0700 (PDT) Message-Id: <200308041801.h74I1M3Q066081@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 18:01:28 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/05/04] kern/37761 net process exits but socket is still ESTABLI 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 13:05:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7905337B401 for ; Mon, 4 Aug 2003 13:05:29 -0700 (PDT) Received: from csmail.commserv.ucsb.edu (cspdc.commserv.ucsb.edu [128.111.251.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2ED543F3F for ; Mon, 4 Aug 2003 13:05:28 -0700 (PDT) (envelope-from steve@expertcity.com) Received: from expertcity.com ([68.111.37.3]) by csmail.commserv.ucsb.edu (Netscape Messaging Server 3.62) with ESMTP id 416; Mon, 4 Aug 2003 13:05:26 -0700 Message-ID: <3F2EBC8F.7090307@expertcity.com> Date: Mon, 04 Aug 2003 13:05:35 -0700 From: Steve Francis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030612 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bosko Milekic References: <3F2AC3F5.3010804@expertcity.com> <20030801152510.J2165@odysseus.silby.com> <20030802180558.GA16831@technokratis.com> In-Reply-To: <20030802180558.GA16831@technokratis.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 20:05:29 -0000 Bosko Milekic wrote: > Actually, he's not running out of address space here; he's probably > > run out of free pages and could not block to wait for them. > > > So is there anything to tune, I guess in the VM subsystem, to prevent this recurring? Or is the advice still ignore it, as its only 50 denied requests? We are planning on scaling up the memory requirements of the processes we run in the near future, so I would like to know when I need to start tuning, and how I would do so, if possible. Thanks much From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 13:14:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 448C537B404 for ; Mon, 4 Aug 2003 13:14:44 -0700 (PDT) Received: from godel.mtl.distributel.net (nat.MTL.distributel.NET [66.38.181.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17C2943FA3 for ; Mon, 4 Aug 2003 13:14:43 -0700 (PDT) (envelope-from bmilekic@technokratis.com) Received: from godel.mtl.distributel.net (localhost [127.0.0.1]) h74GEbXJ005245; Mon, 4 Aug 2003 16:14:37 GMT (envelope-from bmilekic@technokratis.com) Received: (from bmilekic@localhost) by godel.mtl.distributel.net (8.12.9/8.12.9/Submit) id h74GEb5m005244; Mon, 4 Aug 2003 16:14:37 GMT X-Authentication-Warning: godel.mtl.distributel.net: bmilekic set sender to bmilekic@technokratis.com using -f Date: Mon, 4 Aug 2003 16:14:37 +0000 From: Bosko Milekic To: Steve Francis Message-ID: <20030804161437.GA5227@technokratis.com> References: <3F2AC3F5.3010804@expertcity.com> <20030801152510.J2165@odysseus.silby.com> <20030802180558.GA16831@technokratis.com> <3F2EBC8F.7090307@expertcity.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F2EBC8F.7090307@expertcity.com> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: mbuf clusters exhausted w/o reaching max? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 20:14:44 -0000 On Mon, Aug 04, 2003 at 01:05:35PM -0700, Steve Francis wrote: > Bosko Milekic wrote: > > >Actually, he's not running out of address space here; he's probably > > > > run out of free pages and could not block to wait for them. > > > > > > > So is there anything to tune, I guess in the VM subsystem, to prevent > this recurring? > > Or is the advice still ignore it, as its only 50 denied requests? > > We are planning on scaling up the memory requirements of the processes > we run in the near future, so I would like to know when I need to start > tuning, and how I would do so, if possible. > > Thanks much My advice is to ignore it unless it keeps reoccuring. -- Bosko Milekic * bmilekic@technokratis.com * bmilekic@FreeBSD.org TECHNOkRATIS Consulting Services * http://www.technokratis.com/ From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 18:04:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFAB137B401 for ; Mon, 4 Aug 2003 18:04:27 -0700 (PDT) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id EED6A43F3F for ; Mon, 4 Aug 2003 18:04:25 -0700 (PDT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.12.3/8.9.3) with ESMTP id h7514KEH073836; Tue, 5 Aug 2003 08:04:21 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.8.5/8.8.5) id IAA01216; Tue, 5 Aug 2003 08:06:19 +0700 (ICT) Date: Tue, 5 Aug 2003 08:06:19 +0700 (ICT) Message-Id: <200308050106.IAA01216@banyan.cs.ait.ac.th> X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f From: Olivier Nicole To: fbsdquestions@worldinternet.org In-reply-to: <1060008117.a01537208ba27@mail.worldinternet.org> (fbsdquestions@worldinternet.org) References: <1060008117.a01537208ba27@mail.worldinternet.org> X-Virus-Scanned: by amavisd-milter (http://amavis.org/) cc: net@freebsd.org Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 01:04:28 -0000 > The problem is that I don't know how to get the outgoing > requests from squid to use the nic that is connected to the cable company. I think that at least would need quite some twisting of the set-up. Is the outgoing bandwidth a problem (usually that is the incoming bandwidth that is saturated and the outgoing is pretty empty). Olivier From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 19:08:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C941337B401 for ; Mon, 4 Aug 2003 19:08:10 -0700 (PDT) Received: from m249b.studby.ntnu.no (m249b.studby.ntnu.no [129.241.129.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id C850143FBD for ; Mon, 4 Aug 2003 19:08:09 -0700 (PDT) (envelope-from notsane@sveitt.org) Received: from localhost (localhost [127.0.0.1]) by m249b.studby.ntnu.no (Postfix) with ESMTP id 8C3F06CC; Tue, 5 Aug 2003 04:08:21 +0200 (CEST) Received: from m249b.studby.ntnu.no ([127.0.0.1]) by localhost (m249b.studby.ntnu.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 72458-09; Tue, 5 Aug 2003 04:08:07 +0200 (CEST) Received: from sveitt.org (m085b.studby.ntnu.no [129.241.129.85]) by m249b.studby.ntnu.no (Postfix) with ESMTP id CBD606CA; Tue, 5 Aug 2003 04:08:06 +0200 (CEST) Message-ID: <3F2F1178.8060106@sveitt.org> Date: Tue, 05 Aug 2003 04:07:52 +0200 From: "Asbjorn L. Johansen" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030716 Debian/1.4-2.he-1 X-Accept-Language: en MIME-Version: 1.0 To: Olivier Nicole References: <1060008117.a01537208ba27@mail.worldinternet.org> <200308050106.IAA01216@banyan.cs.ait.ac.th> In-Reply-To: <200308050106.IAA01216@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at m249b.studby.ntnu.no X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: net@freebsd.org Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 02:08:11 -0000 Olivier Nicole wrote: >>The problem is that I don't know how to get the outgoing >>requests from squid to use the nic that is connected to the cable company. > > > I think that at least would need quite some twisting of the set-up. > > Is the outgoing bandwidth a problem (usually that is the incoming > bandwidth that is saturated and the outgoing is pretty empty). Not only outgoing traffic for squid will be traversing that link, but also the answers to those requests sent out. So even thought your not really interested in the outgoing traffic as such, you have to send it out on that link to get responses back on the same link. -- Asbjørn L. Johansen notsane@sveitt.org From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 19:15:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A252B37B401 for ; Mon, 4 Aug 2003 19:15:57 -0700 (PDT) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFAEE43F93 for ; Mon, 4 Aug 2003 19:15:55 -0700 (PDT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.12.3/8.9.3) with ESMTP id h752FpEH079337; Tue, 5 Aug 2003 09:15:52 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.8.5/8.8.5) id JAA01320; Tue, 5 Aug 2003 09:17:50 +0700 (ICT) Date: Tue, 5 Aug 2003 09:17:50 +0700 (ICT) Message-Id: <200308050217.JAA01320@banyan.cs.ait.ac.th> X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f From: Olivier Nicole To: notsane@sveitt.org In-reply-to: <3F2F1178.8060106@sveitt.org> (notsane@sveitt.org) References: <1060008117.a01537208ba27@mail.worldinternet.org> <200308050106.IAA01216@banyan.cs.ait.ac.th> <3F2F1178.8060106@sveitt.org> X-Virus-Scanned: by amavisd-milter (http://amavis.org/) cc: net@freebsd.org Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 02:15:57 -0000 > Not only outgoing traffic for squid will be traversing that link, but > also the answers to those requests sent out. So even thought your not > really interested in the outgoing traffic as such, you have to send it > out on that link to get responses back on the same link. Not always true, and on another hand, when you are multihomed, it becomes almost impossible to decide what interface the incoming traffic will come through. You are not responsible of the way others route the traffic to you (well you have very little leverage on that at least). As it was mentionned in the original mail, he had set-up his squid to use the IP of the second ISP (cable), so hopefully the incoming will be router through that ISP. It will be even more true if that interface is not advertised on the other interface. Olivier From owner-freebsd-net@FreeBSD.ORG Mon Aug 4 23:04:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCA0F37B401 for ; Mon, 4 Aug 2003 23:04:41 -0700 (PDT) Received: from cocoa.syncrontech.com (cocoa-e0.syncrontech.com [62.71.8.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2248A43F3F for ; Mon, 4 Aug 2003 23:04:40 -0700 (PDT) (envelope-from ari.suutari@syncrontech.com) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.19])h7564PsV057310; Tue, 5 Aug 2003 09:04:25 +0300 (EEST) (envelope-from ari.suutari@syncrontech.com) Received: from coffee.syncrontech.com (coffee.syncrontech.com [62.71.8.37]) h7564Nk6068232; Tue, 5 Aug 2003 09:04:24 +0300 (EEST) (envelope-from ari.suutari@syncrontech.com) From: Ari Suutari Organization: Syncron Tech Oy To: fbsdquestions@worldinternet.org, net@freebsd.org Date: Tue, 5 Aug 2003 09:04:23 +0300 User-Agent: KMail/1.5.2 References: <1060008117.a01537208ba27@mail.worldinternet.org> In-Reply-To: <1060008117.a01537208ba27@mail.worldinternet.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200308050904.23153.ari.suutari@syncrontech.com> X-Scanned-By: MIMEDefang 2.24 (www . roaringpenguin . com / mimedefang) Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 06:04:42 -0000 Hi, On Monday 04 August 2003 17:41, fbsdquestions@worldinternet.org wrote: > tcp_outgoing_address 10.24.194.163 > but since the default gateway is to the telco interface, the request is > sent to the telco. Maybe something like ipfw add fwd ggg.ggg.ggg.ggg tcp from 10.24.194.163 to any where ggg.ggg.ggg.ggg is the gateway address on the cable company network. Incoming packets should be routed automatically ok, if they originate from ip address give by cable company. Ari S. From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 06:39:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF2D337B401 for ; Tue, 5 Aug 2003 06:39:27 -0700 (PDT) Received: from topaz.ad1810.com (topaz.ad1810.com [212.204.230.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id F006743FA3 for ; Tue, 5 Aug 2003 06:39:26 -0700 (PDT) (envelope-from edwin@mavetju.org) Received: from localhost ([127.0.0.1] helo=k7.mavetju ident=edwin) by topaz.ad1810.com with esmtp (Exim 3.35 #1 (Debian)) id 19k229-0002bc-00 for ; Tue, 05 Aug 2003 15:39:26 +0200 Received: by k7.mavetju (Postfix, from userid 1001) id 0899A6A7101; Tue, 5 Aug 2003 23:39:23 +1000 (EST) Date: Tue, 5 Aug 2003 23:39:23 +1000 From: Edwin Groothuis To: freebsd-net@freebsd.org Message-ID: <20030805133922.GA7713@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 13:39:28 -0000 Greetings, This afternoon I ran into the ever lasting of "bpf runs before ipfw" problem again: when you run tcpdump and you get all the rubbish coming from the public internet into an interface, while all I wanted to see was how much traffic was actually going past the ipfw rules. Looking through the code of sys/net/if_ethersubr.c, I thought this could be solved pretty easy: The second thing ether_input() does is checking for ifp->ip_bpf and calling bpf_mtap(). If that call could be repeated in ether_demux() after ether_ipfw_chk() is checked, and bpf_mtap() did have a way to determine wether it should print the first or the second one[*], this would solve the problem for the incoming packets. For outgoing packets, the call to bpf_mtap() is done in the driver of the cards, but the check for ipfw is done in ether_output_frame(), so it could be done in that routine anyway. [*] During the opening of the bpf-device, it could check for a sysctl-setting or something so it knows wether it has to print the before-ipfw or the behind-ipfw packets. Further bpf_mtap() should have a third parameter, stating whether it was a before-ipfw packet or an behind-ipfw or a I-don't-care-about-ipfw packet so that the function knows if it has to do something with them. For non ethernet-driver I'm not sure how to do this yet, but I'm sure there is a way to figure it out. Now my question to you guys is, does what I want or what I describe here make a little bit sense? Or am I totally going the wrong way? Or has this topic already been discussed multiple times and decided not to do it? Maybe there is somebody thinks this is a cool thing and wants to help me with adding it to the system? Edwin -- Edwin Groothuis edwin@freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 07:31:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A007637B401; Tue, 5 Aug 2003 07:31:03 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5EDA43F93; Tue, 5 Aug 2003 07:31:02 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h75EV12A052192; Tue, 5 Aug 2003 10:31:01 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h75EV1nx052191; Tue, 5 Aug 2003 10:31:01 -0400 (EDT) (envelope-from barney) Date: Tue, 5 Aug 2003 10:31:01 -0400 From: Barney Wolff To: Edwin Groothuis Message-ID: <20030805143100.GA52099@pit.databus.com> References: <20030805133922.GA7713@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030805133922.GA7713@k7.mavetju> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.35 cc: freebsd-net@freebsd.org Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 14:31:03 -0000 On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote: > > Now my question to you guys is, does what I want or what I describe > here make a little bit sense? Or am I totally going the wrong way? > Or has this topic already been discussed multiple times and decided > not to do it? Maybe there is somebody thinks this is a cool thing > and wants to help me with adding it to the system? Seems to me that with ipfw logging and tcpdump packet selection this is largely a non-issue. We should be wary of adding complexity to what's already at the limits of human comprehension. Now if somebody wanted to add the ability to dump the complete packet to ipfw ... :) -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 08:39:01 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 896C537B401 for ; Tue, 5 Aug 2003 08:39:01 -0700 (PDT) Received: from insourcery.net (ns1.insourcery.net [198.93.171.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDE8843FA3 for ; Tue, 5 Aug 2003 08:39:00 -0700 (PDT) (envelope-from fbsdquestions@worldinternet.org) Received: from localhost (localhost [127.0.0.1]) (uid 80) by insourcery.net with local; Tue, 05 Aug 2003 08:39:00 -0700 Received: from customer-200-79-7-14.uninet.net.mx (customer-200-79-7-14.uninet.net.mx [200.79.7.14]) by mail.worldinternet.org (Horde) with HTTP for ; Tue, 5 Aug 2003 08:39:00 -0700 Message-ID: <1060097940.46e955c1c60ab@mail.worldinternet.org> X-Priority: 3 (Normal) Date: Tue, 5 Aug 2003 08:39:00 -0700 From: fbsdquestions@worldinternet.org To: freebsd-net@freebsd.org References: <1060008117.a01537208ba27@mail.worldinternet.org> <200308050106.IAA01216@banyan.cs.ait.ac.th> In-Reply-To: <200308050106.IAA01216@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 200.79.7.14 Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 15:39:01 -0000 Quoting Olivier Nicole : | > The problem is that I don't know how to get the outgoing | > requests from squid to use the nic that is connected to the cable company. | | I think that at least would need quite some twisting of the set-up. | | Is the outgoing bandwidth a problem (usually that is the incoming | bandwidth that is saturated and the outgoing is pretty empty). Olivier, Thanks for your comments and help. I meant outgoing requests for webpages that would then become incomming traffic, I think ;-) The problem was solved with a fwd in the right place. Thanks, ed | | Olivier | _______________________________________________ | freebsd-net@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-net | To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" | -- ------------------------------------------------- From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 11:08:36 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B474837B404; Tue, 5 Aug 2003 11:08:36 -0700 (PDT) Received: from fed1mtao03.cox.net (fed1mtao03.cox.net [68.6.19.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7559E43F85; Tue, 5 Aug 2003 11:08:35 -0700 (PDT) (envelope-from brently@bjwcs.com) Received: from samba ([68.98.26.35]) by fed1mtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20030805180833.XCNV23233.fed1mtao03.cox.net@samba>; Tue, 5 Aug 2003 14:08:33 -0400 From: "Brent Wiese" To: "'Donald Burr of Borg'" , "'FreeBSD Questions'" Date: Tue, 5 Aug 2003 11:08:32 -0700 Message-ID: <018301c35b7c$96621af0$0a0114ac@home.bjwcs.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <20030718171119.Y78744@borg-cube.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Importance: Normal cc: freebsd-net@freebsd.org Subject: RE: Setting up a multi-platform VPN? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 18:08:37 -0000 Make your life much easier and buy a Snapgear box to act as your = gateway. The VPN support is great and easy to set up. It does both PPTP and IPSEC = so you're covered on all o/s. It runs linux (freeswan for ipsec and poptop for pptp) so is very configurable if you're familiar, although unlikely you'll want/need to = do much configuring. At their pricepoints, its just not worth the time trying to get a = regular pc set up as the gateway/vpn. http://www.snapgear.com Cheers, Brent > -----Original Message----- > From: owner-freebsd-questions@freebsd.org=20 > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of=20 > Donald Burr of Borg > Sent: Friday, July 18, 2003 5:12 PM > To: FreeBSD Questions > Cc: freebsd-net@freebsd.org > Subject: Setting up a multi-platform VPN? >=20 >=20 > I am in business with a couple of friends of mine, and to=20 > that end we are sharing an office with a single high-speed=20 > DSL connection. We are using FreeBSD (4.8-RELEASE, soon to=20 > be upgraded to -STABLE) as our gateway for the ineternal=20 > network, as well as serving e-mail, Web, etc. >=20 > Some of us like to work at home sometmes, and in fact there=20 > are even days when NO ONE is in the office and we're all=20 > working from our various homes. >=20 > To that end, we would like to be able to set up a VPN, so=20 > that those people who are working from home can access the=20 > office network directly. >=20 > Now here's the problem: all of us are using different OS's. =20 > I use FreeBSD on my desktop, but sometimes I like to work on=20 > the couch, in which case I use my Titanium PowerBook running=20 > Mac OS X (which is of course based on FreeBSD). My boss uses=20 > OS X on his iBook, and my other friend uses a Linux box. >=20 > Now, with my (admittedly virtually nonexistant) knowledge of=20 > VPN, I know that Linux boxen tend to use FreeSWAN. FreeBSD,=20 > on the other hand, seems to use something called RACOON. And=20 > lord knows what OS X uses (although, since it's FreeBSD=20 > based, maybe RACOON can be compiled/adapted to use on it=20 > too?) (although I just did a Google search, and according to=20 > this O'Reilly Network article, it seesm that OS X has its own=20 > built-in PPTP > implementation:=20 > http://www.macdevcenter.com/pub/a/mac/2002/12/20/vpn.> html) >=20 >=20 > Can anyone more knowledgable than I help me figure=20 > out how to get this multi-platform VPN monster going? Help! =20 > I need some backup!! >=20 > Thanks, > Donald > dburr@borg-cube.com > --=20 > Donald Burr of Borg | FreeBSD: The=20 > Power to Serve! > Website: http://www.borg-cube.com/ | http://www.freebsd.org/ > PO Box 91212, Santa Barbara CA 93190-1212=20 > \----------------------------- > Tel: (805)563-0672 ICQ# 16997506 Present Day...=20 > Present Time! > _______________________________________________ > freebsd-questions@freebsd.org mailing list=20 > http://lists.freebsd.org/mailman/listinfo/freebsd-> questions >=20 > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 >=20 From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 11:17:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0041137B401; Tue, 5 Aug 2003 11:17:13 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DACF43FA3; Tue, 5 Aug 2003 11:17:12 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h75IH7Xc012178 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 11:17:07 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h75IH7jb006622; Tue, 5 Aug 2003 11:17:07 -0700 (PDT) (envelope-from jdp) Date: Tue, 5 Aug 2003 11:17:07 -0700 (PDT) Message-Id: <200308051817.h75IH7jb006622@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <20030805133922.GA7713@k7.mavetju> References: <20030805133922.GA7713@k7.mavetju> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.499856, version=0.11.2 cc: edwin@freebsd.org Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 18:17:14 -0000 In article <20030805133922.GA7713@k7.mavetju>, Edwin Groothuis wrote: > This afternoon I ran into the ever lasting of "bpf runs before ipfw" > problem again: when you run tcpdump and you get all the rubbish > coming from the public internet into an interface, while all I > wanted to see was how much traffic was actually going past the ipfw > rules. Tcpdump has always shown traffic _at_ the network interface. That's why it has the "-i" option. I would not like to see that behavior changed. > Looking through the code of sys/net/if_ethersubr.c, I thought this > could be solved pretty easy: The second thing ether_input() does > is checking for ifp->ip_bpf and calling bpf_mtap(). If that call > could be repeated in ether_demux() after ether_ipfw_chk() is checked, > and bpf_mtap() did have a way to determine wether it should print > the first or the second one[*], this would solve the problem for > the incoming packets. > > For outgoing packets, the call to bpf_mtap() is done in the driver > of the cards, but the check for ipfw is done in ether_output_frame(), > so it could be done in that routine anyway. This would add additional delays to the code path for both ingress and egress. In a world where gigabit ethernet is becoming the norm, every nanosecond counts. I don't think the benefits of your proposal would justify the performance loss. At the very least, I'd want the extra calls to bpf_mtap to be present in the code only if enabled by an option in the kernel config file. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 12:19:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ADDC37B401; Tue, 5 Aug 2003 12:19:45 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF60643F85; Tue, 5 Aug 2003 12:19:43 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from PETEX31 (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with SMTP id h75JJfsL072969; Tue, 5 Aug 2003 22:19:42 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <01ca01c35b86$83c75590$812a40c1@PETEX31> From: "Petri Helenius" To: , "John Polstra" References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> Date: Tue, 5 Aug 2003 22:19:38 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: edwin@freebsd.org Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 19:19:45 -0000 > > This would add additional delays to the code path for both ingress > and egress. In a world where gigabit ethernet is becoming the norm, > every nanosecond counts. I don't think the benefits of your proposal > would justify the performance loss. At the very least, I'd want the > extra calls to bpf_mtap to be present in the code only if enabled by > an option in the kernel config file. > bpf is slow by design because the design mandates a packet copy. It´s not a justification to make it slower but gigabit performance out of bpf is just not there until memory speeds increase a lot or the copying goes away. Pete From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 13:33:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB2C637B401 for ; Tue, 5 Aug 2003 13:33:17 -0700 (PDT) Received: from imf22aec.mail.bellsouth.net (imf22aec.mail.bellsouth.net [205.152.59.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id E686143FAF for ; Tue, 5 Aug 2003 13:33:11 -0700 (PDT) (envelope-from dngor@bellsouth.net) Received: from eyrie.homenet ([68.213.211.142]) by imf22aec.mail.bellsouth.netESMTP <20030805203311.NAUW12990.imf22aec.mail.bellsouth.net@eyrie.homenet> for ; Tue, 5 Aug 2003 16:33:11 -0400 Received: from eyrie.homenet (abuse@localhost [127.0.0.1]) by eyrie.homenet (8.12.9/8.12.9) with ESMTP id h75KXAnD004736 for ; Tue, 5 Aug 2003 16:33:10 -0400 (EDT) (envelope-from troc@eyrie.homenet) Received: (from troc@localhost) by eyrie.homenet (8.12.9/8.12.9/Submit) id h75KXAe9004735 for freebsd-net@freebsd.org; Tue, 5 Aug 2003 16:33:10 -0400 (EDT) (envelope-from troc) Date: Tue, 5 Aug 2003 16:33:10 -0400 From: Rocco Caputo To: freebsd-net@freebsd.org Message-ID: <20030805203309.GB550@eyrie.homenet> References: <20030730191530.GD36116@eyrie.homenet> <20030730213229.GA37634@eyrie.homenet> <20030731082103.GA17861@carpediem.epita.fr> <20030731143331.GD37634@eyrie.homenet> <20030731195450.GB17861@carpediem.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030731195450.GB17861@carpediem.epita.fr> User-Agent: Mutt/1.4.1i Subject: Re: pppoe, can't ping tun0, ipfnat ftp proxy "doesn't work" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 20:33:17 -0000 On Thu, Jul 31, 2003 at 09:54:50PM +0200, jeremie le-hen wrote: > Your problem looks very strange. I didn't succeed in reproducing the same > behaviour on my personal gateway. > > But I noticed that, although you use ipnat(8), nat is also enabled in your > ppp(8) configuration, this *may* explains some of your problems, such as > seeing double packets. Try to remove all "nat*" lines. Thanks for looking at the problem and for the advice. After much more reading, especially on the way packets flow through the various firewalls and NAT systems FreeBSD provides, I sat down and really thought things through. I couldn't wrap my head around the flow when NAT was used in the firewalls, so I dropped back and enabled in in ppp(8). This bugs me slightly because my local network lives in the 10/8 address space, and I must let 10/8 packets through tun0. Oh well. At least I can do it statefully. I moved the firewall rules from ipf(8) to ipfw(8). I disabled ipnat since ppp(8) takes care of it now. Combining stateful rules and dummynet in ipfw(8) was interesting. The trick I settled on was to use stateful skipto rules that pass "good" packets to one-pass dummynet rules. Everything else is denied by default. This cleared up the ping problems, and it cleared up the problems with NATted machines connecting to the outside world. It doesn't fix active FTP, but I've given up on that. Passive seems to work well enough. Thanks again. -- Rocco Caputo - rcaputo@pobox.com - http://poe.perl.org/ From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 14:01:34 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B8AC37B401 for ; Tue, 5 Aug 2003 14:01:34 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 840FE43F93 for ; Tue, 5 Aug 2003 14:01:33 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h75L1WXc017816 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 14:01:32 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h75L1WR1006787; Tue, 5 Aug 2003 14:01:32 -0700 (PDT) (envelope-from jdp) Date: Tue, 5 Aug 2003 14:01:32 -0700 (PDT) Message-Id: <200308052101.h75L1WR1006787@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <01ca01c35b86$83c75590$812a40c1@PETEX31> References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> <01ca01c35b86$83c75590$812a40c1@PETEX31> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.500000, version=0.11.2 Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 21:01:34 -0000 In article <01ca01c35b86$83c75590$812a40c1@PETEX31>, Petri Helenius wrote: > > > > This would add additional delays to the code path for both ingress > > and egress. In a world where gigabit ethernet is becoming the norm, > > every nanosecond counts. I don't think the benefits of your proposal > > would justify the performance loss. At the very least, I'd want the > > extra calls to bpf_mtap to be present in the code only if enabled by > > an option in the kernel config file. > > > bpf is slow by design because the design mandates a packet copy. > > It´s not a justification to make it slower but gigabit performance out of bpf > is just not there until memory speeds increase a lot or the copying goes away. My point is that the extra calls to bpf_mtap would harm performance even when bpf wasn't being used. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 16:42:59 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DDE237B404 for ; Tue, 5 Aug 2003 16:42:59 -0700 (PDT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C3E843F93 for ; Tue, 5 Aug 2003 16:42:58 -0700 (PDT) (envelope-from sam@errno.com) Received: from melange.errno.com (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.9) with ESMTP id h75Ngt7N028153 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 16:42:57 -0700 (PDT) (envelope-from sam@errno.com) Date: Tue, 05 Aug 2003 16:42:55 -0700 From: Sam Leffler To: John Polstra , net@freebsd.org Message-ID: <1564916751.1060101774@melange.errno.com> In-Reply-To: <200308052101.h75L1WR1006787@strings.polstra.com> References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> <01ca01c35b86$83c75590$812a40c1@PETEX31> <200308052101.h75L1WR1006787@strings.polstra.com> X-Mailer: Mulberry/3.0.3 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 23:42:59 -0000 > In article <01ca01c35b86$83c75590$812a40c1@PETEX31>, > Petri Helenius wrote: >> > >> > This would add additional delays to the code path for both ingress >> > and egress. In a world where gigabit ethernet is becoming the norm, >> > every nanosecond counts. I don't think the benefits of your proposal >> > would justify the performance loss. At the very least, I'd want the >> > extra calls to bpf_mtap to be present in the code only if enabled by >> > an option in the kernel config file. >> > >> bpf is slow by design because the design mandates a packet copy. >> >> It=B4s not a justification to make it slower but gigabit performance out >> of bpf is just not there until memory speeds increase a lot or the >> copying goes away. > > My point is that the extra calls to bpf_mtap would harm performance > even when bpf wasn't being used. In -current I believe all the calls are prefixed with a check for=20 ifp->if_bpf or similar. So any slow down should only happen when BPF is=20 active. Sam From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 16:53:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E565B37B401 for ; Tue, 5 Aug 2003 16:53:09 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6BCC43F85 for ; Tue, 5 Aug 2003 16:53:08 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h75Nr31w001083 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 16:53:03 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h75Nr2qC007206; Tue, 5 Aug 2003 16:53:02 -0700 (PDT) (envelope-from jdp) Date: Tue, 5 Aug 2003 16:53:02 -0700 (PDT) Message-Id: <200308052353.h75Nr2qC007206@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <1564916751.1060101774@melange.errno.com> References: <20030805133922.GA7713@k7.mavetju> <01ca01c35b86$83c75590$812a40c1@PETEX31> <200308052101.h75L1WR1006787@strings.polstra.com> <1564916751.1060101774@melange.errno.com> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.499862, version=0.11.2 cc: sam@errno.com Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 23:53:10 -0000 In article <1564916751.1060101774@melange.errno.com>, Sam Leffler wrote: > > My point is that the extra calls to bpf_mtap would harm performance > > even when bpf wasn't being used. > > In -current I believe all the calls are prefixed with a check for > ifp->if_bpf or similar. So any slow down should only happen when BPF is > active. That does not follow, because the check of ifp->if_bpf itself takes time. There is no way to avoid the performance penalty except at compile time. Yes, branch prediction helps, but it doesn't eliminate the problem. Even with gigabit ethernet those individual nanoseconds add up quickly to the point where they matter. With 10 Gb ethernet on the way, it will only get worse. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 16:54:16 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B15B37B401 for ; Tue, 5 Aug 2003 16:54:16 -0700 (PDT) Received: from topaz.ad1810.com (topaz.ad1810.com [212.204.230.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 516D843FB1 for ; Tue, 5 Aug 2003 16:54:15 -0700 (PDT) (envelope-from edwin@mavetju.org) Received: from localhost ([127.0.0.1] helo=k7.mavetju ident=edwin) by topaz.ad1810.com with esmtp (Exim 3.35 #1 (Debian)) id 19kBd7-0000ST-00 for ; Wed, 06 Aug 2003 01:54:14 +0200 Received: by k7.mavetju (Postfix, from userid 1001) id A63796A7101; Wed, 6 Aug 2003 09:54:11 +1000 (EST) Date: Wed, 6 Aug 2003 09:54:11 +1000 From: Edwin Groothuis To: freebsd-net@freebsd.org Message-ID: <20030805235411.GA558@k7.mavetju> References: <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030805143100.GA52099@pit.databus.com> User-Agent: Mutt/1.4.1i Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 23:54:16 -0000 On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote: > On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote: > > > > Now my question to you guys is, does what I want or what I describe > > here make a little bit sense? Or am I totally going the wrong way? > > Or has this topic already been discussed multiple times and decided > > not to do it? Maybe there is somebody thinks this is a cool thing > > and wants to help me with adding it to the system? > > Seems to me that with ipfw logging and tcpdump packet selection this > is largely a non-issue. We should be wary of adding complexity to > what's already at the limits of human comprehension. Could you explain that first line a little bit more verbose? About the second one, given the fact that I could find out how it works (more or less) and where to add the statements, makes me think that despite the complexity of the thing being achieved, the implementation in the code is pretty neat and structured. Edwin -- Edwin Groothuis edwin@freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:05:47 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F25F537B401 for ; Tue, 5 Aug 2003 17:05:46 -0700 (PDT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20E9C43FDD for ; Tue, 5 Aug 2003 17:05:46 -0700 (PDT) (envelope-from sam@errno.com) Received: from melange.errno.com (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.9) with ESMTP id h7605g7N028235 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 17:05:45 -0700 (PDT) (envelope-from sam@errno.com) Date: Tue, 05 Aug 2003 17:05:42 -0700 From: Sam Leffler To: John Polstra , net@freebsd.org Message-ID: <1566283957.1060103142@melange.errno.com> In-Reply-To: <200308052353.h75Nr2qC007206@strings.polstra.com> References: <20030805133922.GA7713@k7.mavetju> <01ca01c35b86$83c75590$812a40c1@PETEX31> <200308052101.h75L1WR1006787@strings.polstra.com> <1564916751.1060101774@melange.errno.com> <200308052353.h75Nr2qC007206@strings.polstra.com> X-Mailer: Mulberry/3.0.3 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:05:47 -0000 > In article <1564916751.1060101774@melange.errno.com>, > Sam Leffler wrote: >> > My point is that the extra calls to bpf_mtap would harm performance >> > even when bpf wasn't being used. >> >> In -current I believe all the calls are prefixed with a check for >> ifp->if_bpf or similar. So any slow down should only happen when BPF is >> active. > > That does not follow, because the check of ifp->if_bpf itself takes > time. There is no way to avoid the performance penalty except at > compile time. Yes, branch prediction helps, but it doesn't eliminate > the problem. Even with gigabit ethernet those individual nanoseconds > add up quickly to the point where they matter. With 10 Gb ethernet on > the way, it will only get worse. You said there were calls to bpf_mtag and they would add noticeable overhead even when BPF was not in use. I said these are only made when BPF is in use. What doesn't follow? I'm not arguing about keeping up with 10Gb media... Sam From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:15:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 666F137B401 for ; Tue, 5 Aug 2003 17:15:05 -0700 (PDT) Received: from topaz.ad1810.com (topaz.ad1810.com [212.204.230.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BFB743F85 for ; Tue, 5 Aug 2003 17:15:04 -0700 (PDT) (envelope-from edwin@mavetju.org) Received: from localhost ([127.0.0.1] helo=k7.mavetju ident=edwin) by topaz.ad1810.com with esmtp (Exim 3.35 #1 (Debian)) id 19kBxG-0000ZU-00 for ; Wed, 06 Aug 2003 02:15:03 +0200 Received: by k7.mavetju (Postfix, from userid 1001) id CCA8B6A7101; Wed, 6 Aug 2003 10:14:59 +1000 (EST) Date: Wed, 6 Aug 2003 10:14:59 +1000 From: Edwin Groothuis To: freebsd-net@freebsd.org Message-ID: <20030806001459.GB558@k7.mavetju> References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200308051817.h75IH7jb006622@strings.polstra.com> User-Agent: Mutt/1.4.1i Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:15:05 -0000 On Tue, Aug 05, 2003 at 11:17:07AM -0700, John Polstra wrote: > In article <20030805133922.GA7713@k7.mavetju>, > Edwin Groothuis wrote: > > > This afternoon I ran into the ever lasting of "bpf runs before ipfw" > > problem again: when you run tcpdump and you get all the rubbish > > coming from the public internet into an interface, while all I > > wanted to see was how much traffic was actually going past the ipfw > > rules. > > Tcpdump has always shown traffic _at_ the network interface. That's > why it has the "-i" option. I would not like to see that behavior > changed. I totally agree with the idea that it is _at_ the network interface, but if you think about what people are actually using it for you realise that most of the output you're interested in is at the IP or the TCP layer. Another thing which argues for the case is that the ipfw checks (for ethernet at least) are done on the network layer too, just after the packet would have been pushed through bpf. > > Looking through the code of sys/net/if_ethersubr.c, I thought this > > could be solved pretty easy: The second thing ether_input() does > > is checking for ifp->ip_bpf and calling bpf_mtap(). If that call > > could be repeated in ether_demux() after ether_ipfw_chk() is checked, > > and bpf_mtap() did have a way to determine wether it should print > > the first or the second one[*], this would solve the problem for > > the incoming packets. > > > > For outgoing packets, the call to bpf_mtap() is done in the driver > > of the cards, but the check for ipfw is done in ether_output_frame(), > > so it could be done in that routine anyway. > > This would add additional delays to the code path for both ingress > and egress. In a world where gigabit ethernet is becoming the norm, > every nanosecond counts. I don't think the benefits of your proposal > would justify the performance loss. At the very least, I'd want the > extra calls to bpf_mtap to be present in the code only if enabled by > an option in the kernel config file. If you want it to be enabled via a kernel option, fine with me. I'm not sure what the performance loss would be, since if you are running without having a bpf opened, it would be one single additional if statement ("if (ifp->if_bpf != NULL)"). If the bpf device is opened, it would be one additional call to bpf_mtap() and a check there if this is the right place for the packet to be processed, there will be no double processing of the bpf-filters. Edwin -- Edwin Groothuis edwin@freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:16:40 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9D4737B404 for ; Tue, 5 Aug 2003 17:16:40 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FF2043F75 for ; Tue, 5 Aug 2003 17:16:39 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h760GY1w001210 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 17:16:35 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h760GYYC007306; Tue, 5 Aug 2003 17:16:34 -0700 (PDT) (envelope-from jdp) Date: Tue, 5 Aug 2003 17:16:34 -0700 (PDT) Message-Id: <200308060016.h760GYYC007306@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <1566283957.1060103142@melange.errno.com> References: <20030805133922.GA7713@k7.mavetju> <1564916751.1060101774@melange.errno.com> <200308052353.h75Nr2qC007206@strings.polstra.com> <1566283957.1060103142@melange.errno.com> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.500535, version=0.11.2 cc: sam@errno.com Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:16:41 -0000 In article <1566283957.1060103142@melange.errno.com>, Sam Leffler wrote: > > In article <1564916751.1060101774@melange.errno.com>, > > Sam Leffler wrote: > >> > My point is that the extra calls to bpf_mtap would harm performance > >> > even when bpf wasn't being used. > >> > >> In -current I believe all the calls are prefixed with a check for > >> ifp->if_bpf or similar. So any slow down should only happen when BPF is > >> active. > > > > That does not follow, because the check of ifp->if_bpf itself takes > > time. There is no way to avoid the performance penalty except at > > compile time. Yes, branch prediction helps, but it doesn't eliminate > > the problem. Even with gigabit ethernet those individual nanoseconds > > add up quickly to the point where they matter. With 10 Gb ethernet on > > the way, it will only get worse. > > You said there were calls to bpf_mtag and they would add noticeable > overhead even when BPF was not in use. I said these are only made when BPF > is in use. What doesn't follow? What doesn't follow is, "So any slow down should only happen when BPF is active." John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:29:50 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30A0637B401; Tue, 5 Aug 2003 17:29:50 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 446C543F75; Tue, 5 Aug 2003 17:29:49 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h760Tj2A058056; Tue, 5 Aug 2003 20:29:45 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h760TjUc058055; Tue, 5 Aug 2003 20:29:45 -0400 (EDT) (envelope-from barney) Date: Tue, 5 Aug 2003 20:29:45 -0400 From: Barney Wolff To: Edwin Groothuis Message-ID: <20030806002945.GA57865@pit.databus.com> References: <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com> <20030805235411.GA558@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030805235411.GA558@k7.mavetju> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.35 cc: freebsd-net@freebsd.org Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:29:50 -0000 On Wed, Aug 06, 2003 at 09:54:11AM +1000, Edwin Groothuis wrote: > On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote: > > Seems to me that with ipfw logging and tcpdump packet selection this > > is largely a non-issue. We should be wary of adding complexity to > > what's already at the limits of human comprehension. > > Could you explain that first line a little bit more verbose? ipfw can log packets, giving source ip/port, dest ip/port, proto and interface which is at least some of the info that tcpdump would supply. tcpdump can take quite complex selection criteria to determine whether to log a packet. So your complaint that tcpdump logs stuff that ipfw is going to drop can be substantially mitigated. > About the second one, given the fact that I could find out how it > works (more or less) and where to add the statements, makes me think > that despite the complexity of the thing being achieved, the > implementation in the code is pretty neat and structured. The issue is not that the addition would be complex, but that every addition to a system already very complex must be carefully weighed against the claimed benefits. Does the expression "creeping featurism" sound familiar? Every feature of the Win32 API, OS/360 and the US Federal Tax Code was added because somebody thought it was a good idea. "Perfection in design is achieved not when there is nothing left to add, but when there is nothing left to take away." -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:35:14 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A5437B401; Tue, 5 Aug 2003 17:35:14 -0700 (PDT) Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9F7D43FAF; Tue, 5 Aug 2003 17:35:12 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (strings.polstra.com [206.213.73.20]) by wall.polstra.com (8.12.3p2/8.12.3) with ESMTP id h760ZB1w001288 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Aug 2003 17:35:12 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.6/8.12.6/Submit) id h760ZBwU007379; Tue, 5 Aug 2003 17:35:11 -0700 (PDT) (envelope-from jdp) Date: Tue, 5 Aug 2003 17:35:11 -0700 (PDT) Message-Id: <200308060035.h760ZBwU007379@strings.polstra.com> To: net@freebsd.org From: John Polstra In-Reply-To: <20030806001459.GB558@k7.mavetju> References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> <20030806001459.GB558@k7.mavetju> Organization: Polstra & Co., Seattle, WA X-Bogosity: No, tests=bogofilter, spamicity=0.377706, version=0.11.2 cc: edwin@freebsd.org Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:35:14 -0000 In article <20030806001459.GB558@k7.mavetju>, Edwin Groothuis wrote: > On Tue, Aug 05, 2003 at 11:17:07AM -0700, John Polstra wrote: > > Tcpdump has always shown traffic _at_ the network interface. That's > > why it has the "-i" option. I would not like to see that behavior > > changed. > > I totally agree with the idea that it is _at_ the network interface, > but if you think about what people are actually using it for you > realise that most of the output you're interested in is at the IP > or the TCP layer. Different people use tcpdump for different things. I myself typically use it when I'm debugging ethernet drivers. When I use it to look at the IP or TCP layer, I generally specify a filter on the command line so that I only see what I'm interested in. Given that tcpdump has been around for so long, and that it can be used for so many different purposes, and that it allows the specification of a packet filter on its command line, it doesn't make sense to move its packet hooks to somewhere else by default. > If you want it to be enabled via a kernel option, fine with me. Great. That's all I'm asking for. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying From owner-freebsd-net@FreeBSD.ORG Tue Aug 5 17:50:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0719D37B401 for ; Tue, 5 Aug 2003 17:50:32 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2762D43F93 for ; Tue, 5 Aug 2003 17:50:31 -0700 (PDT) (envelope-from sloach@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LHL5D>; Tue, 5 Aug 2003 20:50:30 -0400 Message-ID: From: Scot Loach To: "'freebsd-net@freebsd.org'" Date: Tue, 5 Aug 2003 20:50:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: TCP socket shutdown race condition X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 00:50:32 -0000 So I instrumented the kernel source, and ui_ref isn't going very high at all. Just to be sure I changed it to a 32-bit number though. maxsockets is only 12K for my test program. I managed to reproduce it again, this one is slightly different, my theory is this is the other side of the race where a timer has first deleted the socket. This time the tcpcb state is TCPS_FIN_WAIT_2, last time it was TIME_WAIT. I'm working on making this easier to reproduce. Once I've found the formula to quickly reproduce it I'll post some code. #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:493 #1 0xc01bd148 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:322 #2 0xc01bd671 in panic (fmt=0xc032a6d9 "%s") at /usr/src/sys/kern/kern_shutdown.c:608 #3 0xc02d6bfe in trap_fatal (frame=0xff807b5c, eva=48) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc02d682d in trap_pfault (frame=0xff807b5c, usermode=0, eva=48) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc02d62cf in trap (frame={tf_fs = -1016528872, tf_es = 16, tf_ds = -8388592, tf_edi = 0, tf_esi = -1070268932, tf_ebp = -8356956, tf_isp = -8356984, tf_ebx = -1, tf_edx = 1778434048, tf_ecx = -533147840, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071174995, tf_cs = 8, tf_eflags = 66054, tf_esp = -1016487936, tf_ss = -1016487936}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc0272aad in acquire_lock (lk=0xc034fdfc) at machine/globals.h:114 #7 0xc0277494 in softdep_update_inodeblock (ip=0xc369a000, bp=0xcfc98fa0, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3813 #8 0xc0271aea in ffs_update (vp=0xe038cf40, waitfor=0) at /usr/src/sys/ufs/ffs/ffs_inode.c:106 #9 0xc027aee7 in ffs_sync (mp=0xc35e3e00, waitfor=2, cred=0xc2053700, p=0xc037b740) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1025 #10 0xc01f48cb in sync (p=0xc037b740, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:577 #11 0xc01bcebb in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:241 #12 0xc01bd671 in panic (fmt=0xc032a6d9 "%s") at /usr/src/sys/kern/kern_shutdown.c:608 #13 0xc02d6bfe in trap_fatal (frame=0xff807d38, eva=8) at /usr/src/sys/i386/i386/trap.c:974 #14 0xc02d682d in trap_pfault (frame=0xff807d38, usermode=0, eva=8) at /usr/src/sys/i386/i386/trap.c:867 #15 0xc02d62cf in trap (frame={tf_fs = -1070202856, tf_es = 16, tf_ds = -1071906800, tf_edi = 0, tf_esi = 2147483647, tf_ebp = -8356472, tf_isp = -8356508, tf_ebx = -1, tf_edx = 1644167168, tf_ecx = 0, tf_eax = 1644167168, tf_trapno = 12, tf_err = 0, tf_eip = -1071920291, tf_cs = 8, tf_eflags = 66054, tf_esp = -570891728, tf_ss = -570891840}) at /usr/src/sys/i386/i386/trap.c:466 #16 0xc01bcb5d in chgsbsize (uip=0x0, hiwat=0xddf8e234, to=0, max=9223372036854775807) at /usr/src/sys/kern/kern_resource.c:780 #17 0xc01e2ba3 in sbrelease (sb=0xddf8e230, so=0xddf8e1c0) at /usr/src/sys/kern/uipc_socket2.c:441 #18 0xc01dfdb7 in sofree (so=0xddf8e1c0) at /usr/src/sys/kern/uipc_socket.c:262 #19 0xc020fe5c in in_pcbdetach (inp=0xde6f0260) at /usr/src/sys/netinet/in_pcb.c:567 #20 0xc02213aa in tcp_close (tp=0xde6f0320) at /usr/src/sys/netinet/tcp_subr.c:754 #21 0xc021e9be in tcp_input (m=0xc21f3000, off0=20, proto=6) at /usr/src/sys/netinet/tcp_input.c:1512 #22 0xc021938a in ip_input (m=0xc21f3000) at /usr/src/sys/netinet/ip_input.c:834 #23 0xc0219427 in ipintr () at /usr/src/sys/netinet/ip_input.c:858 -----Original Message----- From: Mike Silbersack [mailto:silby@silby.com] Sent: Saturday, August 02, 2003 1:43 PM To: Scot Loach Cc: 'freebsd-net@freebsd.org' Subject: RE: TCP socket shutdown race condition On Sat, 2 Aug 2003, Scot Loach wrote: > I don't think that's the problem, although it does seem suspicious. > > Here's the struct ucred pointed to by the socket: > > (kgdb) p *so.so_cred > $2 = {cr_ref = 3279453304, cr_uid = 3486088556, cr_ngroups = 1, cr_groups = > { > 0, 3276863080, 3277717504, 21162, 0, 0, 0, 0, 0, 4294967295, 4294967295, > 0, 0, 0, 0, 3279496516}, cr_uidinfo = 0x0} > > This looks like garbage, but the cr_uidinfo pointer is null, and the cr_ref > of _this_ structure is 32 bits. > > This doesn't look to me like a problem with the uidinfo, it looks to me like > the ucred structure has already been freed. > > scot. Well, as ui_ref is the best bet, redoing your tests with it expanded to ui_int is where we need to start before looking further. :) I believe that a uidinfo->ui_ref over/underflow could cause random memory corruption, so maybe the panic you're seeing comes about after a bunch of memory has already been trashed. So anyway, promote ui_ref to a u_int and retest. Tell us what happens. Mike "Silby" Silbersack From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 00:09:25 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 317C237B401; Wed, 6 Aug 2003 00:09:25 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5B3843F85; Wed, 6 Aug 2003 00:09:24 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h7679LkN059061; Wed, 6 Aug 2003 00:09:21 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h7679L3D059060; Wed, 6 Aug 2003 00:09:21 -0700 (PDT) (envelope-from rizzo) Date: Wed, 6 Aug 2003 00:09:21 -0700 From: Luigi Rizzo To: Barney Wolff Message-ID: <20030806000921.A50665@xorpc.icir.org> References: <20030805133922.GA7713@k7.mavetju> <20030805143100.GA52099@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030805143100.GA52099@pit.databus.com>; from barney@databus.com on Tue, Aug 05, 2003 at 10:31:01AM -0400 cc: freebsd-net@freebsd.org cc: Edwin Groothuis Subject: Re: bpf, ipfw and before-and-after X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 07:09:25 -0000 one thing one could do is to add special 'interface names' to the list recognised by /dev/bpf (e.g. "ipfw", "ipf", etc) in bpf_setif(), and insert calls to bpf_mtap() at the end of ipfw_check() and friends. Now the question is, of course, do you want only 'accept'ed packets, or all of them ? In the end, i kind-of agree that it is probably better to make judicious use of bpf filtering and ipfw logging to see in detail what is going on... cheers luigi On Tue, Aug 05, 2003 at 10:31:01AM -0400, Barney Wolff wrote: > On Tue, Aug 05, 2003 at 11:39:23PM +1000, Edwin Groothuis wrote: > > > > Now my question to you guys is, does what I want or what I describe > > here make a little bit sense? Or am I totally going the wrong way? > > Or has this topic already been discussed multiple times and decided > > not to do it? Maybe there is somebody thinks this is a cool thing > > and wants to help me with adding it to the system? > > Seems to me that with ipfw logging and tcpdump packet selection this > is largely a non-issue. We should be wary of adding complexity to > what's already at the limits of human comprehension. > > Now if somebody wanted to add the ability to dump the complete packet > to ipfw ... :) > > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 08:25:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94AC837B401 for ; Wed, 6 Aug 2003 08:25:07 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEF3343FB1 for ; Wed, 6 Aug 2003 08:25:06 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from root@localhost) by lariat.org (8.9.3/8.9.3) id JAA07305 for net@freebsd.org; Wed, 6 Aug 2003 09:25:04 -0600 (MDT) Date: Wed, 6 Aug 2003 09:25:04 -0600 (MDT) From: Brett Glass Message-Id: <200308061525.JAA07305@lariat.org> To: net@freebsd.org Subject: Port mapping services X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 15:25:07 -0000 I'm doing some research on port mapping services -- services that map protocol and program names to IP port numbers -- and have come up with a question I'm having trouble answering. What is the difference between the "portmap" service (generally offered on TCP port 111) and the "loc-srv" (or "epmap") service that many machines seem to offer on TCP port 135? Are they merely the same service offered on different ports? Is the service offered on port 135 an enhanced or proprietary version of the one offered on 111? --Brett Glass From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 09:34:22 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE23737B401 for ; Wed, 6 Aug 2003 09:34:22 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0226243F3F for ; Wed, 6 Aug 2003 09:34:22 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA08080; Wed, 6 Aug 2003 10:34:14 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030806103126.0280ac00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 06 Aug 2003 10:34:09 -0600 To: alex@pilosoft.com From: Brett Glass In-Reply-To: References: <200308061525.JAA07305@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: net@freebsd.org Subject: Re: Port mapping services X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 16:34:23 -0000 Are the two actually the same protocol? Or is Microsoft's a case of "embrace and extend?" Why do they use different port numbers? (The idea of having multiple port numbers for port mapping seems to defeat the very purpose of having a mapping service in the first place.) Also, I'm looking for examples of firewalls that monitor traffic to and from an RPC server to determine what traffic to allow through. (They obviously have to do this, since one can't rely on "well known" ports.) --Brett Glass At 09:05 AM 8/6/2003, alex@pilosoft.com wrote: >111 is Sun-RPC >135 is MS-RPC From owner-freebsd-net@FreeBSD.ORG Wed Aug 6 14:40:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B339A37B404 for ; Wed, 6 Aug 2003 14:40:21 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id E3D1A43F3F for ; Wed, 6 Aug 2003 14:40:20 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 5455 invoked by uid 5013); 6 Aug 2003 21:37:43 -0000 Date: Wed, 6 Aug 2003 22:37:43 +0100 From: Bruce M Simpson To: net@freebsd.org Message-ID: <20030806213743.GD31845@spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Organization: SPC Subject: IP over DVB X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 21:40:22 -0000 Good news, I have acquired IP-over-DVB hardware, dish and LNB. Bad news, the Adaptec (pre-Broadlogic) ABA-1040 is ancient, and would appear to have *nothing* in the way of available documentation, or drivers; unless anyone can help... ? Regards BMS From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 00:56:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A76537B401 for ; Thu, 7 Aug 2003 00:56:02 -0700 (PDT) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30B8B43FA3 for ; Thu, 7 Aug 2003 00:56:01 -0700 (PDT) (envelope-from ar@g23.org) Received: from localhost (localhost [127.0.0.1]) by juergen.edv-winter.de (8.12.9/8.12.9) with ESMTP id h777xIm6087432 for ; Thu, 7 Aug 2003 09:59:18 +0200 (CEST) (envelope-from ar@g23.org) Date: Thu, 7 Aug 2003 09:59:18 +0200 (CEST) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: freebsd-net@freebsd.org Message-ID: <20030807094647.X77217@juergen.edv-winter.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Firewall with RFC1918 transfer network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 07:56:02 -0000 Hi, I set up a Firewall for our official Network and use a RFC1918 conform transfer network to communicate to the router. Here are my interfaces: fxp0: flags=8843 mtu 1500 inet 192.168.55.74 netmask 0xfffffffc broadcast 192.168.55.75 fxp1: flags=8943 mtu 1500 inet 195.226.65.125 netmask 0xffffffc0 broadcast 195.226.65.127 vr0: flags=8843 mtu 1500 inet 10.0.0.126 netmask 0xffffff00 broadcast 10.0.0.255 My routing table: default 192.168.55.73 UGSc 1 822551 fxp0 10/24 link#3 UC 2 0 vr0 10.0.0.65 00:50:ba:fb:dc:13 UHLW 1 42895 vr0 473 10.0.0.254 00:60:b0:6b:08:f3 UHLW 1 1428 vr0 694 127.0.0.1 127.0.0.1 UH 0 2904 lo0 192.168.55.72/30 link#1 UC 3 0 fxp0 192.168.55.73 00:0c:ce:6c:de:53 UHLW 1 0 fxp0 1023 192.168.55.74 00:60:b0:67:e8:01 UHLW 0 2 lo0 192.168.55.75 ff:ff:ff:ff:ff:ff UHLWb 0 4 fxp0 195.226.65.64 ff:ff:ff:ff:ff:ff UHLWb 0 53 fxp1 => 195.226.65.64/26 link#2 UC 19 0 fxp1 195.226.65.65 00:60:97:b8:7f:89 UHLW 0 48419 fxp1 1098 195.226.65.66 00:60:97:b8:7f:89 UHLW 0 133 fxp1 160 195.226.65.67 00:60:97:b8:7f:89 UHLW 0 6 fxp1 161 .... fxp1 fxp0 |DMZ|--------|Firewall|-------------|Router|-----------|INET| | | | vr0 | | - back network _ Everything works fine from my official network to the outside and from the outside to my onet, except the firewall itself.She uses the ip 192.168.55.74 to communicate to the outside. Is there any way to tell her that she have to use her oip 195.226.65.125 from fxp1? greetings Andre Rein -- "And some greetings from the Toaster" From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 02:15:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D5B37B401 for ; Thu, 7 Aug 2003 02:15:27 -0700 (PDT) Received: from rambo.401.cx (rambo.401.cx [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8F1B43F75 for ; Thu, 7 Aug 2003 02:15:25 -0700 (PDT) (envelope-from listsub@401.cx) Received: from 401.cx (132.dairy.twenty4help.se [80.65.195.132]) by rambo.401.cx (8.12.9/8.12.9) with ESMTP id h779FM7P066690; Thu, 7 Aug 2003 11:15:22 +0200 (CEST) (envelope-from listsub@401.cx) Message-ID: <3F3218A2.3040802@401.cx> Date: Thu, 07 Aug 2003 11:15:14 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030723 Thunderbird/0.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Rein References: <20030807094647.X77217@juergen.edv-winter.de> In-Reply-To: <20030807094647.X77217@juergen.edv-winter.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Firewall with RFC1918 transfer network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 09:15:27 -0000 Andre Rein wrote: >Hi, > >I set up a Firewall for our official Network and use a RFC1918 conform >transfer network to communicate to the router. > >Here are my interfaces: > >fxp0: flags=8843 mtu 1500 > inet 192.168.55.74 netmask 0xfffffffc broadcast 192.168.55.75 >fxp1: flags=8943 mtu 1500 > inet 195.226.65.125 netmask 0xffffffc0 broadcast 195.226.65.127 >vr0: flags=8843 mtu 1500 > inet 10.0.0.126 netmask 0xffffff00 broadcast 10.0.0.255 > >My routing table: > >default 192.168.55.73 UGSc 1 822551 fxp0 >10/24 link#3 UC 2 0 vr0 >10.0.0.65 00:50:ba:fb:dc:13 UHLW 1 42895 vr0 473 >10.0.0.254 00:60:b0:6b:08:f3 UHLW 1 1428 vr0 694 >127.0.0.1 127.0.0.1 UH 0 2904 lo0 >192.168.55.72/30 link#1 UC 3 0 fxp0 >192.168.55.73 00:0c:ce:6c:de:53 UHLW 1 0 fxp0 1023 >192.168.55.74 00:60:b0:67:e8:01 UHLW 0 2 lo0 >192.168.55.75 ff:ff:ff:ff:ff:ff UHLWb 0 4 fxp0 >195.226.65.64 ff:ff:ff:ff:ff:ff UHLWb 0 53 fxp1 => >195.226.65.64/26 link#2 UC 19 0 fxp1 >195.226.65.65 00:60:97:b8:7f:89 UHLW 0 48419 fxp1 1098 >195.226.65.66 00:60:97:b8:7f:89 UHLW 0 133 fxp1 160 >195.226.65.67 00:60:97:b8:7f:89 UHLW 0 6 fxp1 161 >.... > > fxp1 fxp0 >|DMZ|--------|Firewall|-------------|Router|-----------|INET| > | > | > | vr0 > | > | > - > back network > _ > > >Everything works fine from my official network to the outside and from the >outside to my onet, except the firewall itself.She uses the ip >192.168.55.74 to communicate to the outside. > >Is there any way to tell her that she have to use her oip 195.226.65.125 >from fxp1? > >greetings > >Andre Rein > > > Set your default route to something that is not in the 192.168.x.x range. The system automatically uses the interface from which it can reach the default gateway as its "primary" interface. -- R From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 02:53:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8B5C37B401 for ; Thu, 7 Aug 2003 02:53:12 -0700 (PDT) Received: from elephant.ru.ac.za (elephant.ru.ac.za [146.231.128.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B31343FA3 for ; Thu, 7 Aug 2003 02:53:06 -0700 (PDT) (envelope-from bvi@lair.moria.org) Received: from segv.ict.ru.ac.za ([146.231.122.34] helo=segv) by elephant.ru.ac.za with smtp (Exim 4.20) id 19khRZ-000Gi4-Lq; Thu, 07 Aug 2003 11:52:25 +0200 Message-ID: <015401c35cc9$9aa65600$227ae792@ict.ru.ac.za> From: "Barry Irwin" To: "Roger 'Rocky' Vetterberg" , "Andre Rein" References: <20030807094647.X77217@juergen.edv-winter.de> <3F3218A2.3040802@401.cx> Date: Thu, 7 Aug 2003 11:52:21 +0200 Organization: Moria Research MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Score: -1.0 (-) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19khRZ-000Gi4-Lq*4XiCpes.WOs* cc: freebsd-net@freebsd.org Subject: Re: Firewall with RFC1918 transfer network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 09:53:13 -0000 > >Is there any way to tell her that she have to use her oip 195.226.65.125 > >from fxp1? > > > >greetings > > > >Andre Rein > > > > > > > Set your default route to something that is not in the 192.168.x.x range. > The system automatically uses the interface from which it can reach the > default gateway as its "primary" interface. > AS to solutions you could try the following: 1 - set up NAT on the firewall to re-write outgoing traffic NOT destined for the private network, or your other internal nets 2- possibly set up NAT on the router for the specific FW IP, this would really only affect outgoing traffic, as I understand all the incoming traffic is routed to the FW's 192.168 IP ? Barry -- Barry Irwin bvi@moria.org From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 09:12:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E67E37B401; Thu, 7 Aug 2003 09:12:04 -0700 (PDT) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6056C43F93; Thu, 7 Aug 2003 09:12:03 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 7E4ED20099; Thu, 7 Aug 2003 11:12:00 -0500 (CDT) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (duey.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 24224-02-3; Thu, 7 Aug 2003 11:11:50 -0500 (CDT) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id 239D21FEEB; Thu, 7 Aug 2003 11:11:50 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 21F7B1BA17; Thu, 7 Aug 2003 11:11:50 -0500 (CDT) Date: Thu, 7 Aug 2003 11:11:50 -0500 (CDT) From: Chris Dillon To: Bill Paul In-Reply-To: <200308070700.h7770UCi046852@repoman.freebsd.org> Message-ID: <20030807105932.F24257@duey.wolves.k12.mo.us> References: <200308070700.h7770UCi046852@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/pci if_rl.c if_rlreg.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 16:12:04 -0000 Copied to -net rather than the cvs lists... On Thu, 7 Aug 2003, Bill Paul wrote: > Tested with the Xterasys XN-152 NIC (hard to beat $29 for a gigE > NIC). That's definately not a bad price. Do the remarks about the earlier rl cards still apply to the newer generation of rl chips, or has RealTek improved them to the point where they are actually on par with their peers? In other words, what's your take on their performance and reliability compared to the Intel or Broadcom chipsets? -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest and most stable server OS on the planet - Available for IA32, IA64, PC98, Alpha, and UltraSPARC architectures - x86-64, PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 10:27:12 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id ADB9937B401; Thu, 7 Aug 2003 10:27:12 -0700 (PDT) In-Reply-To: <20030807105932.F24257@duey.wolves.k12.mo.us> from Chris Dillon at "Aug 7, 2003 11:11:50 am" To: cdillon@wolves.k12.mo.us (Chris Dillon) Date: Thu, 7 Aug 2003 10:27:12 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20030807172712.ADB9937B401@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) cc: freebsd-net@FreeBSD.ORG Subject: Re: cvs commit: src/sys/pci if_rl.c if_rlreg.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 17:27:13 -0000 > Copied to -net rather than the cvs lists... > > On Thu, 7 Aug 2003, Bill Paul wrote: > > > Tested with the Xterasys XN-152 NIC (hard to beat $29 for a gigE > > NIC). > > That's definately not a bad price. Do the remarks about the earlier > rl cards still apply to the newer generation of rl chips, or has > RealTek improved them to the point where they are actually on par with > their peers? In other words, what's your take on their performance > and reliability compared to the Intel or Broadcom chipsets? The 8139C+ has much better performance than the older 8139 series. The main problem with the 8139 isn't so much throughput as it is frame rate. With a fast enough CPU, you might get 100Mbps out of it, but it has trouble sustaining that bandwidth as frame size decreases. The 8139C+ has a very straightforward descriptor-based DMA mechanism, and with the on-board timer you can do some pretty effective TX interrupt moderation. With my Athlon 900Mhz test box at home, I was able to generate 120,000 frames/sec with my very simpleminded raw transmit test (UDP blasting with ttcp). The older 8139 is lucky if it can do 40,000 frames/sec on the same box. I haven't had a chance to properly benchmark the 8169 gigE chip yet. I need to sneak it into one of the lab machines at work to really compare it head-to-head with the Intel and Broadcom NICs. Unfortunately, the Xterasys XN-152 is a 32-bit 'desktop' card, and all the other sample gigE NICs I have are 64-bit 'server class' cards, so it automatically has a strike against it. (I could probably level the playing field by putting the other NICs into 32-bit slots though.) Pros: - The 8169 is very easy to program. RealTek has been very peculiar in how it's releasing documentation for it though. They had the manual on their site for a while, then took it down. I have a copy at: http://www.freebsd.org/~wpaul/RealTek. Note that it has almost exactly the same API as the 8139C+. - There doesn't appear to be any alignment restrictions for data buffers on either RX or TX (so no copies on RX needed). - Has TCP, UDP and IP checksum offload, TCP large send, jumbo frame and VLAN tagging/stripping support (all the usual gigE features). - Has normal and high priority TX rings (rl(4) currently uses just one ring). - Dirt cheap. The NIC costs $26.50, plus shipping. (Shipping via U.S. Mail to SF cost only a couple dollars more.) This is way less than even the cheapest National Semiconductor DP83820-based card. Cons: - Finding an 8169-based NIC in the U.S. market is ridiculously difficult. I ordered my card from www.mrtechus.com, which appears to be based in Los Angeles. I have yet to see either an 8169 or 8139C+ card in a retail store (although I have not been to Fry's lately). - The Intel and Broadcom NICs have more advanced interrupt moderation features. I was able to achieve some TX interrupt moderation using the 8139C+/8160's on-board timer, but haven't figured out a proper way of doing RX interrupt moderation yet. - High-end Broadcom NICs can have up to 4 TX rings rather than 2. - High-end Broadcom NIC also has a very sofisticated RX filtering mechanism that can be use to prioritize traffic into different RX queues. - Retains the same RX filtering mechanism as the original 8139 (1 perfect filter for station address, 64-bit multicast hash table). Based on what I know so far, I would definitely recommend it over a board with a NatSemi DP83820: it's much, much cheaper and doesn't have the 83820's requirement for 64-bit-aligned RX buffers. I can't really compare it to the Intel or Broadcom devices until I run some benchmarks on it. -Bill -- ============================================================================= -Bill Paul (510) 749-2329 | Senior Engineer, Master of Unix-Fu wpaul@windriver.com | Wind River Systems ============================================================================= "If stupidity were a handicap, you'd have the best parking spot." ============================================================================= From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 11:35:10 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6316637B401; Thu, 7 Aug 2003 11:35:09 -0700 (PDT) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id C803B43FB1; Thu, 7 Aug 2003 11:35:08 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 40E0420099; Thu, 7 Aug 2003 13:35:08 -0500 (CDT) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (duey.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 25572-01; Thu, 7 Aug 2003 13:34:57 -0500 (CDT) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id 92BA91FEEB; Thu, 7 Aug 2003 13:34:57 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 8EB1A1BCA7; Thu, 7 Aug 2003 13:34:57 -0500 (CDT) Date: Thu, 7 Aug 2003 13:34:57 -0500 (CDT) From: Chris Dillon To: Bill Paul In-Reply-To: <20030807172712.ADB9937B401@hub.freebsd.org> Message-ID: <20030807125217.B25373@duey.wolves.k12.mo.us> References: <20030807172712.ADB9937B401@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-net@FreeBSD.ORG Subject: Re: cvs commit: src/sys/pci if_rl.c if_rlreg.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 18:35:10 -0000 On Thu, 7 Aug 2003, Bill Paul wrote: > Pros: > > - The 8169 is very easy to program. RealTek has been very peculiar > in how it's releasing documentation for it though. They had the > manual on their site for a while, then took it down. I have a > copy at: http://www.freebsd.org/~wpaul/RealTek. Note that it has > almost exactly the same API as the 8139C+. It is good to know that they released the programming information at least once, even if on accident. Releasing it out into the open just one time is all it takes, and it is forever available as long as somebody has a copy of it. :-) > - There doesn't appear to be any alignment restrictions for data > buffers on either RX or TX (so no copies on RX needed). This is good, I know the fxp has a couple of alignment constraints, at least on receive on the Alpha, and I thought I remember discussion about being able to fix that by uploading the right microcode, but we don't have any info on how to do that. I assume the bge and em drivers don't have to deal with alignment issues either. > Cons: > > - Finding an 8169-based NIC in the U.S. market is ridiculously difficult. > I ordered my card from www.mrtechus.com, which appears to be based in > Los Angeles. I have yet to see either an 8169 or 8139C+ card in a > retail store (although I have not been to Fry's lately). I'm sure given its price it will soon find its way embedded onto many low to mid-range desktop motherboards, if not in add-in cards. The way ASUS and other vendors have been using the RTL8100 NIC and now the RTL8201 PHYs quite a bit I'm suprised the RTL8169 isn't already on some of their boards. > - The Intel and Broadcom NICs have more advanced interrupt moderation > features. I was able to achieve some TX interrupt moderation using > the 8139C+/8160's on-board timer, but haven't figured out a proper > way of doing RX interrupt moderation yet. > - High-end Broadcom NICs can have up to 4 TX rings rather than 2. > - High-end Broadcom NIC also has a very sofisticated RX filtering > mechanism that can be use to prioritize traffic into different > RX queues. > - Retains the same RX filtering mechanism as the original 8139 (1 perfect > filter for station address, 64-bit multicast hash table). So, the 8169 should do fine for the average desktop, just as the 8xx9 family has done in the past, but a high-traffic server should more than likely use a bge or em chipset. I'm not sure how many of the advanced features you mention we actually take advantage of in the Broadcom chipset, but having so many TX and RX rings could be a boon for QoS applications and routers when it comes to traffic prioritization. Thank you for such an in-depth insight! -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest and most stable server OS on the planet - Available for IA32, IA64, PC98, Alpha, and UltraSPARC architectures - x86-64, PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 13:05:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id 2749237B401; Thu, 7 Aug 2003 13:05:04 -0700 (PDT) In-Reply-To: <20030807125217.B25373@duey.wolves.k12.mo.us> from Chris Dillon at "Aug 7, 2003 01:34:57 pm" To: cdillon@wolves.k12.mo.us (Chris Dillon) Date: Thu, 7 Aug 2003 13:05:04 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20030807200504.2749237B401@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) cc: freebsd-net@FreeBSD.ORG Subject: Re: cvs commit: src/sys/pci if_rl.c if_rlreg.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 20:05:04 -0000 > On Thu, 7 Aug 2003, Bill Paul wrote: > > > Pros: > > > > - The 8169 is very easy to program. RealTek has been very peculiar > > in how it's releasing documentation for it though. They had the > > manual on their site for a while, then took it down. I have a > > copy at: http://www.freebsd.org/~wpaul/RealTek. Note that it has > > almost exactly the same API as the 8139C+. > > It is good to know that they released the programming information at > least once, even if on accident. Releasing it out into the open just > one time is all it takes, and it is forever available as long as > somebody has a copy of it. :-) They have another 'datasheet' up now, but it doesn't contain any programming info. Same for the 8110 (which is a lan-on-motherboard version of the 8169, also a slightly newer MAC rev). I have harassed them about this a bit, but haven't gotten a answer back yet. > > - There doesn't appear to be any alignment restrictions for data > > buffers on either RX or TX (so no copies on RX needed). > > This is good, I know the fxp has a couple of alignment constraints, at > least on receive on the Alpha, and I thought I remember discussion > about being able to fix that by uploading the right microcode, but we > don't have any info on how to do that. I assume the bge and em > drivers don't have to deal with alignment issues either. Well... the fxp driver does achieve proper alignment of frames, but it does so at the cost of mis-aligning the RX descriptor. This is because we program the 8255x chips to use what Intel calls 'simple' DMA mode on receive. In simple mode, the RX packet data immediately follows the RX descriptor. If you use 'flexible' RX mode, then the RX data buffers and descriptors are separate from each other, but flexible mode is a bitch to program, from what I've seen. > > Cons: > > > > - Finding an 8169-based NIC in the U.S. market is ridiculously difficult. > > I ordered my card from www.mrtechus.com, which appears to be based in > > Los Angeles. I have yet to see either an 8169 or 8139C+ card in a > > retail store (although I have not been to Fry's lately). > > I'm sure given its price it will soon find its way embedded onto many > low to mid-range desktop motherboards, if not in add-in cards. The > way ASUS and other vendors have been using the RTL8100 NIC and now the > RTL8201 PHYs quite a bit I'm suprised the RTL8169 isn't already on > some of their boards. I'm surprised (and disappointed) that the 8139C+ hasn't turned up either. I have exactly one 8139C+ card, and it's an engineering sample. I'd love nothing more than to see all those older 8139 NICs at CompUSA and so forth to be replaced with 8139C+ cards. At least they perform reasonably well. I've found one place that sells 8139C+ cards. It's in Australia. :( -Bill -- ============================================================================= -Bill Paul (510) 749-2329 | Senior Engineer, Master of Unix-Fu wpaul@windriver.com | Wind River Systems ============================================================================= "If stupidity were a handicap, you'd have the best parking spot." ============================================================================= From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 14:24:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 029B437B401 for ; Thu, 7 Aug 2003 14:24:17 -0700 (PDT) Received: from hotmail.com (law14-f37.law14.hotmail.com [64.4.21.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C43843F85 for ; Thu, 7 Aug 2003 14:24:16 -0700 (PDT) (envelope-from castaz@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 7 Aug 2003 14:24:16 -0700 Received: from 213.114.60.39 by lw14fd.law14.hotmail.msn.com with HTTP; Thu, 07 Aug 2003 21:24:15 GMT X-Originating-IP: [213.114.60.39] X-Originating-Email: [castaz@hotmail.com] From: "Gabriel Cho" To: freebsd-net@freebsd.org Date: Thu, 07 Aug 2003 21:24:15 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Message-ID: X-OriginalArrivalTime: 07 Aug 2003 21:24:16.0242 (UTC) FILETIME=[41522D20:01C35D2A] Subject: mpd: bind: Can't assign requested address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 21:24:17 -0000 Hello, i have followed this howto: http://www.itga.com.au/~gnb/vpn/pptp-serv.html to make a VPN server but i got this failure msg: castaz2# mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 775, version 3.13 (root@castaz2.mine.nu 11:30 1-Aug-2003) mpd: already running as process 756 castaz2# mpd Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 776, version 3.13 (root@castaz2.mine.nu 11:30 1-Aug-2003) [pptp0] ppp node is "mpd776-pptp0" mpd: bind: Can't assign requested address mpd: can't get PPTP listening socket mpd: bind: Can't assign requested address mpd: can't get PPTP listening socket [pptp0] using interface ng0 [pptp1] ppp node is "mpd776-pptp1" mpd: bind: Can't assign requested address mpd: can't get PPTP listening socket mpd: bind: Can't assign requested address mpd: can't get PPTP listening socket mpd: bind: Can't assign requested address mpd: can't get PPTP listening socket [pptp1] using interface ng1 What can be wrong, what havent I done propertly? Please HELP me, this is making me nuts :) _________________________________________________________________ Hitta rätt köpare på MSN Köp & Sälj http://www.msn.se/koposalj From owner-freebsd-net@FreeBSD.ORG Fri Aug 8 02:00:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1B6F37B401 for ; Fri, 8 Aug 2003 02:00:45 -0700 (PDT) Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE72643FDF for ; Fri, 8 Aug 2003 02:00:43 -0700 (PDT) (envelope-from ar@g23.org) Received: from localhost (localhost [127.0.0.1]) by juergen.edv-winter.de (8.12.9/8.12.9) with ESMTP id h77BOYm6088081; Thu, 7 Aug 2003 13:24:34 +0200 (CEST) (envelope-from ar@g23.org) Date: Thu, 7 Aug 2003 13:24:34 +0200 (CEST) From: Andre Rein X-X-Sender: ar@juergen.edv-winter.de To: Barry Irwin In-Reply-To: <015401c35cc9$9aa65600$227ae792@ict.ru.ac.za> Message-ID: <20030807132257.N77217@juergen.edv-winter.de> References: <20030807094647.X77217@juergen.edv-winter.de> <3F3218A2.3040802@401.cx> <015401c35cc9$9aa65600$227ae792@ict.ru.ac.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Roger 'Rocky' Vetterberg Subject: Re: Firewall with RFC1918 transfer network [solved] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 09:00:46 -0000 On Thu, 7 Aug 2003, Barry Irwin wrote: > > > >Is there any way to tell her that she have to use her oip 195.226.65.125 > > >from fxp1? > > > > > >greetings > > > > > >Andre Rein > > > > > > > > > > > Set your default route to something that is not in the 192.168.x.x range. > > The system automatically uses the interface from which it can reach the > > default gateway as its "primary" interface. > > > AS to solutions you could try the following: > 1 - set up NAT on the firewall to re-write outgoing traffic NOT destined > for the private network, or your other internal nets > > 2- possibly set up NAT on the router for the specific FW IP, this would > really only affect outgoing traffic, as I understand all the incoming > traffic is routed to the FW's 192.168 IP ? > > Barry > -- > Barry Irwin > bvi@moria.org > > Thx, problem is solved. Now I'm using NAT at the firewall. greetings Andre Rein -- "And some greetings from the Toaster" From owner-freebsd-net@FreeBSD.ORG Fri Aug 8 02:27:51 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BDF837B401 for ; Fri, 8 Aug 2003 02:27:51 -0700 (PDT) Received: from jawa.at (jawa.at [213.229.17.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE75643FB1 for ; Fri, 8 Aug 2003 02:27:39 -0700 (PDT) (envelope-from mbretter@jawa.at) Received: from dings.jawa.at (dings.jawa.at [192.168.200.60]) by jawa.at (8.12.8p1/8.12.8) with ESMTP id h789ROXe027725; Fri, 8 Aug 2003 11:27:24 +0200 (CEST) (envelope-from mbretter@jawa.at) Date: Fri, 8 Aug 2003 11:27:26 +0200 (=?ISO-8859-15?Q?Westeurop=E4ische_Normalzeit?=) From: Michael Bretterklieber To: Gabriel Cho In-Reply-To: Message-ID: References: X-X-Sender: mbretter@files.jawa.at MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-24.6 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_PINE autolearn=ham version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-net@freebsd.org Subject: Re: mpd: bind: Can't assign requested address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 09:27:51 -0000 Hi, On Thu, 7 Aug 2003, Gabriel Cho wrote: > [pptp0] ppp node is "mpd776-pptp0" > mpd: bind: Can't assign requested address > mpd: can't get PPTP listening socket check whether your link-entry in mpd.links matches one of your local IP's: set pptp self 1.2.3.4 bye, -- ------------------------------- ---------------------------------- Michael Bretterklieber - http://www.bretterklieber.com JAWA Management Software GmbH - http://www.jawa.at Tel: ++43-(0)316-403274-12 - GSM: ++43-(0)676-84 03 15 712 ------------------------------- ---------------------------------- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972 From owner-freebsd-net@FreeBSD.ORG Fri Aug 8 03:17:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D165237B401 for ; Fri, 8 Aug 2003 03:17:07 -0700 (PDT) Received: from unimur.um.es (unimur.um.es [155.54.1.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4453B43FD7 for ; Fri, 8 Aug 2003 03:17:05 -0700 (PDT) (envelope-from yoyes@dif.um.es) Received: from aries.dif.um.es (aries.dif.um.es [155.54.210.253]) by unimur.um.es (8.9.1b+Sun/8.9.1) with ESMTP id MAA08841 for ; Fri, 8 Aug 2003 12:17:04 +0200 (MEST) Received: from IPv6Router (gemela.dif.um.es [155.54.210.45]) by aries.dif.um.es (Postfix) with ESMTP id 647A614426 for ; Fri, 8 Aug 2003 12:06:16 +0200 (MET DST) Content-Type: text/plain; charset="us-ascii" From: Maria Dolores Moral To: freebsd-net@freebsd.org Date: Fri, 8 Aug 2003 13:20:52 +0200 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200308081320.52456.yoyes@dif.um.es> Subject: Setsockopt: Invalid argument X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 10:17:08 -0000 Hello. I am working in a kernel implementation.=20 I try to pass argument from the user to the kernel.=20 I use a socket and the option: setsockopt(socket,IPPROTO_ICMPV6,ICMP6_REPORTAUTH,&ua,sizeof(ua)) in my program Server.c. I have defined ICMP6_REPORTAUTH in in6.h, and I have rebuil the kernel.=20 #> make && make install But when I compile Serv: gcc -DICMP6_REPORTAUTH Server.c -o Serv I obtain Serv: setsockopt(ICMP6_REPORTAUTH): Invalid argument I have read in a articule that it must set in the kernel the option ..., IPPROTO_ICMPV6 in this case, but I do not how. If you know how or a better solution, please help me. Thanks a lot. Best Regards From owner-freebsd-net@FreeBSD.ORG Fri Aug 8 10:54:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CB3937B401 for ; Fri, 8 Aug 2003 10:54:41 -0700 (PDT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DA0643FBD for ; Fri, 8 Aug 2003 10:54:40 -0700 (PDT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:4f8:3:bb:f47f:35ff:7b72:437b]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 492081525D; Sat, 9 Aug 2003 02:54:38 +0900 (JST) Date: Sat, 09 Aug 2003 02:54:34 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Maria Dolores Moral In-Reply-To: <200308081320.52456.yoyes@dif.um.es> References: <200308081320.52456.yoyes@dif.um.es> User-Agent: Wanderlust/2.10.0 (Venus) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Setsockopt: Invalid argument X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 17:54:41 -0000 >>>>> On Fri, 8 Aug 2003 13:20:52 +0200, >>>>> Maria Dolores Moral said: > Hello. I am working in a kernel implementation. > I try to pass argument from the user to the kernel. > I use a socket and the option: > setsockopt(socket,IPPROTO_ICMPV6,ICMP6_REPORTAUTH,&ua,sizeof(ua)) > in my program Server.c. > I have defined ICMP6_REPORTAUTH in in6.h, and I have rebuil the kernel. > #> make && make install > But when I compile Serv: > gcc -DICMP6_REPORTAUTH Server.c -o Serv > I obtain Serv: setsockopt(ICMP6_REPORTAUTH): Invalid argument > I have read in a articule that it must set in the kernel the option ..., > IPPROTO_ICMPV6 in this case, but I do not how. Please show us more details about your implementation. Specifically, we need to know the corresponding kernel implementation (I guess you modified sys/netinet6/icmp6.c:icmp6_ctloutput) and the type of the socketoption argument (variable "ua" in the example above). JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp