From owner-freebsd-net@FreeBSD.ORG Sun Jul 9 00:09:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21A0216A4DE for ; Sun, 9 Jul 2006 00:09:34 +0000 (UTC) (envelope-from thompsa@freebsd.org) Received: from grunt13.ihug.co.nz (grunt13.ihug.co.nz [203.109.254.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id B78C743D46 for ; Sun, 9 Jul 2006 00:09:33 +0000 (GMT) (envelope-from thompsa@freebsd.org) Received: from 203-109-251-39.static.bliink.ihug.co.nz (heff.fud.org.nz) [203.109.251.39] by grunt13.ihug.co.nz with esmtp (Exim 3.35 #1 (Debian)) id 1FzMrc-00086Q-00; Sun, 09 Jul 2006 12:09:32 +1200 Received: by heff.fud.org.nz (Postfix, from userid 1001) id E5FFD1CC22; Sun, 9 Jul 2006 12:09:33 +1200 (NZST) Date: Sun, 9 Jul 2006 12:09:33 +1200 From: Andrew Thompson To: Sanford Owings Message-ID: <20060709000933.GA7559@heff.fud.org.nz> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: Services on bridging host? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2006 00:09:34 -0000 On Sat, Jul 08, 2006 at 11:29:21AM -0700, Sanford Owings wrote: > Hello. > > I'm looking for some assistance (or at least some more understanding) > regarding a connectivity issue with a bridging host. In short, I have > a host with two interfaces, using the "options BRIDGE" type of > bridging. One interface has an IP assigned, and the other does not > (as suggested by the FBSD handbook). Hosts on the "IP enabled" side > of the bridging host can connect to that IP (ssh, SMB shares, etc), > but not to hosts on the other side of the bridge. In addition, the > bridging host itself cannot connect to services on the "non-IP > enabled" side of itself. [...] > I'd be happy to switch to if_bridge, but I had no luck with that at > all in my first attempt. What you want to do is much easier with if_bridge as you can assign the IP directly to it. What problem did you have? it should be pretty easy to get going, the most common hurdle is forgetting to 'up' the bridge and its members. Andrew From owner-freebsd-net@FreeBSD.ORG Sun Jul 9 01:27:52 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C7AC16A4DD for ; Sun, 9 Jul 2006 01:27:52 +0000 (UTC) (envelope-from paulo@nlink.com.br) Received: from smtp.nlink.com.br (smtp.nlink.com.br [201.12.59.3]) by mx1.FreeBSD.org (Postfix) with SMTP id E20A643D45 for ; Sun, 9 Jul 2006 01:27:50 +0000 (GMT) (envelope-from paulo@nlink.com.br) Received: (qmail 69303 invoked from network); 9 Jul 2006 01:27:48 -0000 Received: from foker.nlink.com.br (HELO ?192.168.2.2?) (paulo@intra.nlink.com.br@201.12.60.146) by smtp.nlink.com.br with SMTP; 9 Jul 2006 01:27:48 -0000 Message-ID: <44B05B8E.8040404@nlink.com.br> Date: Sat, 08 Jul 2006 22:27:42 -0300 From: Paulo Fragoso User-Agent: Thunderbird 1.5.0.2 (X11/20060509) MIME-Version: 1.0 To: Paulo Fragoso References: <44AFBFF0.9050809@nlink.com.br> In-Reply-To: <44AFBFF0.9050809@nlink.com.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org Subject: Re: if_bridge problem in hostap (ath)? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2006 01:27:52 -0000 Excuse-me my poor english, but I will try to correct... This machine have three WiFi cards DWL-G520 (chipset Atheros, ath0, ath1 and ath2), all WiFi cards are running in hostap mode and all works fine. One time per day happen a crash, I suspect there are any problem with if_bridge, because all crashes I can found a backtrace related with nve0, ath1 or ath2, all nics joint to bridge0 interface, how showed in last crash: kgdb kernel.debug /var/crash/vmcore.3 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: ============================================================ Fatal trap 12: page fault while in kernel mode fault virtual address = 0xbfc00d00 fault code = supervisor read, page not present instruction pointer = 0x20:0xc06c07ef stack pointer = 0x28:0xd325eb1c frame pointer = 0x28:0xd325eb7c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 20 (irq20: nve0) trap number = 12 panic: page fault Uptime: 1d0h21m32s Dumping 255 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 255MB (65264 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) backlist Undefined command: "backlist". Try "help". (kgdb) backtrace #0 doadump () at pcpu.h:165 #1 0xc05288fd in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:402 #2 0xc0528b94 in panic (fmt=0xc06fa922 "%s") at /usr/src/sys/kern/kern_shutdown.c:558 #3 0xc06d32f4 in trap_fatal (frame=0xd325eadc, eva=3217034496) at /usr/src/sys/i386/i386/trap.c:836 #4 0xc06d305b in trap_pfault (frame=0xd325eadc, usermode=0, eva=3217034496) at /usr/src/sys/i386/i386/trap.c:744 #5 0xc06d2cb9 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1019245940, tf_esi = -1019245944, tf_ebp = -752489604, tf_isp = -752489720, tf_ebx = 0, tf_edx = 3407872, tf_ecx = 3407872, tf_eax = 832, tf_trapno = 12, tf_err = 0, tf_eip = -1066661905, tf_cs = 32, tf_eflags = 590354, tf_esp = -1018302464, tf_ss = 3409989}) at /usr/src/sys/i386/i386/trap.c:434 #6 0xc06c2b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc06c07ef in bus_dmamap_load_mbuf (dmat=0xc343e100, map=0xc349e100, m0=0xc3452600, callback=0xc06aa9e8 , callback_arg=0xc33f8a9c, flags=1) at pmap.h:200 #8 0xc06ac9b0 in nve_osallocrxbuf (ctx=0xc340f400, mem=0xd325ebd0, id=0x340) at /usr/src/sys/dev/nve/if_nve.c:1439 #9 0xc069660f in CreateReceiveDescriptor () #10 0xc340f400 in ?? () #11 0xd325ebd0 in ?? () #12 0xd325ebcc in ?? () #13 0xc363ab00 in ?? () #14 0xc33f8a88 in ?? () #15 0xc3449800 in ?? () #16 0x0000061e in ?? () #17 0xd5480000 in ?? () #18 0xd548e0d8 in ?? () #19 0xd5480000 in ?? () #20 0xc069571f in UpdateReceiveDescRingData () #21 0x00000000 in ?? () (kgdb) ============================================================ What is happening? Paulo. Paulo Fragoso wrote, On 08/07/2006 11:23: > Hi, > > Are there any problem with if_bridge in hostap mode? We have a FreeBSD > 6.1 runnig with 03 atheros cards (all atheros cards are in hostap mode) > where 02 cards are bridged: > > bridge0: flags=8043 mtu 1500 > ether ac:de:48:0f:31:2a > priority 32768 hellotime 2 fwddelay 15 maxage 20 > member: nve0 flags=3 > member: ath1 flags=3 > member: ath2 flags=3 > > In this server are happing some crahses like this: > > ============================================================ > kgdb kernel.debug /var/crash/vmcore.2 > [GDB will not be able to debug user-mode threads: > /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and > you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for > details. > This GDB was configured as "i386-marcel-freebsd". > > Unread portion of the kernel message buffer: > > > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); > (kgdb) backtrace > #0 doadump () at pcpu.h:165 > #1 0xc05288fd in boot (howto=260) at > /usr/src/sys/kern/kern_shutdown.c:402 > #2 0xc0528b94 in panic (fmt=0xc06fa922 "%s") > at /usr/src/sys/kern/kern_shutdown.c:558 > #3 0xc06d32f4 in trap_fatal (frame=0xd0fe9ae8, eva=12) > at /usr/src/sys/i386/i386/trap.c:836 > #4 0xc06d305b in trap_pfault (frame=0xd0fe9ae8, usermode=0, eva=12) > at /usr/src/sys/i386/i386/trap.c:744 > #5 0xc06d2cb9 in trap (frame= > {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1017680556, tf_esi = > 320, tf_ebp = -788620468, tf_isp = -788620524, tf_ebx = -1017680640, > tf_edx = 0, tf_ecx = -1013202928, tf_eax = 0, tf_trapno = 12, tf_err = > 0, tf_eip = -1068114357, tf_cs = 32, tf_eflags = 590338, tf_esp = 0, > tf_ss = -788620464}) > at /usr/src/sys/i386/i386/trap.c:434 > #6 0xc06c2b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > #7 0xc055de4b in m_copym (m=0x0, off0=1500, len=1480, wait=1) > at /usr/src/sys/kern/uipc_mbuf.c:400 > #8 0xc05d0d08 in ip_fragment (ip=0xc39bc010, m_frag=0xd0fe9c08, > mtu=-1017680640, if_hwassist_flags=0, sw_csum=1) > at /usr/src/sys/netinet/ip_output.c:975 > #9 0xc05d09af in ip_output (m=0xc399cd00, opt=0xc3449800, ro=0xd0fe9bd4, > flags=1, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:804 > #10 0xc05cfd98 in ip_forward (m=0xc399cd00, srcrt=0) > at /usr/src/sys/netinet/ip_input.c:1907 > #11 0xc05ce907 in ip_input (m=0xc399cd00) > at /usr/src/sys/netinet/ip_input.c:689 > #12 0xc05a5243 in netisr_processqueue (ni=0xc0797458) > at /usr/src/sys/net/netisr.c:236 > #13 0xc05a53f6 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343 > #14 0xc0513129 in ithread_execute_handlers (p=0xc3329830, ie=0xc338c300) > at /usr/src/sys/kern/kern_intr.c:684 > #15 0xc0513240 in ithread_loop (arg=0xc330f640) > at /usr/src/sys/kern/kern_intr.c:767 > #16 0xc0512098 in fork_exit (callout=0xc05131ec , > arg=0xc330f640, frame=0xd0fe9d38) at /usr/src/sys/kern/kern_fork.c:805 > #17 0xc06c2b7c in fork_trampoline () at > /usr/src/sys/i386/i386/exception.s:208 > ============================================================ > > Our /etc/sysctl.conf is: > > net.link.ether.ipfw=1 > kern.maxfiles=32768 > net.inet.ip.fw.dyn_max=10240 > kern.ipc.nmbclusters=32768 > kern.ipc.somaxconn=38400 > > and /boot/loader.conf: > kern.ipc.nmbclusters=32768 > kern.ipc.maxpipekva=6553600 > if_ath_load="YES" > ath_hal_load="YES" > ath_rate_load="YES" > kern.maxusers=512 > debug.mpsafenet=0 > > and dmesg: > Copyright (c) 1992-2006 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 6.1-RELEASE-p2 #0: Thu Jul 6 08:59:27 GMT+3 2006 > paulo@***:/usr/obj/usr/src/sys/KERNEL4 > WARNING: MPSAFE network stack disabled, expect reduced performance. > Timecounter "i8254" frequency 1193182 Hz quality 0 > CPU: AMD Sempron(tm) Processor 3000+ (1808.81-MHz 686-class CPU) > Origin = "AuthenticAMD" Id = 0x20fc0 Stepping = 0 > > Features=0x78bfbff > OV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2> > Features2=0x1 > AMD Features=0xe2500800 > AMD Features2=0x1 > real memory = 268369920 (255 MB) > avail memory = 252715008 (241 MB) > ACPI APIC Table: > ioapic0 irqs 0-23 on motherboard > ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, > RF5413) > acpi0: on motherboard > acpi0: Power Button (fixed) > Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 > acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 > cpu0: on acpi0 > acpi_button0: on acpi0 > pcib0: port 0xcf8-0xcff,0xcf0-0xcf3 on acpi0 > pci0: on pcib0 > agp0: mem 0xf8000000-0xf9ffffff at > device 0. > 0 on pci0 > isab0: at device 1.0 on pci0 > isa0: on isab0 > pci0: at device 1.1 (no driver attached) > nve0: port 0xcc00-0xcc07 mem > 0xfd002000- > 0xfd002fff irq 20 at device 5.0 on pci0 > nve0: Ethernet address 00:0f:ea:ae:d7:44 > miibus0: on nve0 > ukphy0: on miibus0 > ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > nve0: Ethernet address: 00:0f:ea:ae:d7:44 > nve0: [GIANT-LOCKED] > atapci0: port > 0x1f0-0x1f7,0x3f6,0x170-0x > 177,0x376,0xf000-0xf00f at device 8.0 on pci0 > ata0: on atapci0 > ata1: on atapci0 > atapci1: port > 0x9f0-0x9f7,0xbf0-0xbf3,0x > 970-0x977,0xb70-0xb73,0xe800-0xe80f,0xec00-0xec7f irq 21 at device 10.0 > on pci0 > ata2: on atapci1 > ata3: on atapci1 > pcib1: at device 11.0 on pci0 > pci1: on pcib1 > pcib2: at device 14.0 on pci0 > pci2: on pcib2 > ath0: mem 0xfc040000-0xfc04ffff irq 18 at device 6.0 on > pci2 > ath0: [GIANT-LOCKED] > ath0: Ethernet address: 00:13:46:93:b6:13 > ath0: mac 7.9 phy 4.5 radio 5.6 > ath1: mem 0xfc020000-0xfc02ffff irq 19 at device 7.0 on > pci2 > ath1: [GIANT-LOCKED] > ath1: Ethernet address: 00:13:46:93:b8:5b > ath1: mac 7.9 phy 4.5 radio 5.6 > ath2: mem 0xfc030000-0xfc03ffff irq 16 at device 8.0 on > pci2 > ath2: [GIANT-LOCKED] > ath2: Ethernet address: 00:13:46:93:b6:01 > ath2: mac 7.9 phy 4.5 radio 5.6 > pci2: at device 9.0 (no driver attached) > sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on > acpi0 > sio0: type 16550A > sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 > sio1: type 16550A > atkbdc0: port 0x60,0x64 irq 1 on acpi0 > atkbd0: irq 1 on atkbdc0 > kbd0 at atkbd0 > atkbd0: [GIANT-LOCKED] > pmtimer0 on isa0 > orm0: at iomem 0xc0000-0xc7fff on isa0 > ppc0: parallel port not found. > sc0: at flags 0x100 on isa0 > sc0: VGA <16 virtual consoles, flags=0x300> > vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 > Timecounter "TSC" frequency 1808812915 Hz quality 800 > Timecounters tick every 1.000 msec > ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding > enabled, defau > lt to accept, logging unlimited > ad0: 38203MB at ata0-master UDMA100 > Trying to mount root from ufs:/dev/ad0s1a > WARNING: / was not properly dismounted > bridge0: Ethernet address: ac:de:48:0f:31:2a > > Can anyone help us? > > Thanks, > Paulo. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Sun Jul 9 09:50:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D687516A4DE for ; Sun, 9 Jul 2006 09:50:26 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C8C943D46 for ; Sun, 9 Jul 2006 09:50:26 +0000 (GMT) (envelope-from rrs@cisco.com) Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 09 Jul 2006 02:50:26 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id k699oQLE010205; Sun, 9 Jul 2006 02:50:26 -0700 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k699oPsT023630; Sun, 9 Jul 2006 02:50:25 -0700 (PDT) Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 9 Jul 2006 02:50:25 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 9 Jul 2006 02:50:24 -0700 Message-ID: <44B0D157.8070503@cisco.com> Date: Sun, 09 Jul 2006 05:50:15 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Yann Berthier References: <44A552FA.2030302@cisco.com> <20060703094806.689f33ae@marcin> <44A90031.9010308@cisco.com> <44AE4814.2020706@cisco.com> <20060708104718.GA1632@bashibuzuk.net> In-Reply-To: <20060708104718.GA1632@bashibuzuk.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 09 Jul 2006 09:50:25.0050 (UTC) FILETIME=[19F5A7A0:01C6A33D] DKIM-Signature: a=rsa-sha1; q=dns; l=1117; t=1152438626; x=1153302626; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20 |Subject:Re=3A=20SCTP; X=v=3Dcisco.com=3B=20h=3DeFwn8yHouLxYzxwWS0cbAORTlr0=3D; b=XZSGXMfP3midsQPFJiEnFnnbCqoiSkd33pcmOa8gDRRI06BMWySQdj1qHKCfBjHJhPN66mkJ ByqG6CsYHRqQzSJMrESX+i/rJqYs2TMHWrsr9mS+x9b4fVxkOzuLBw8V; Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; ); Cc: freebsd-net@freebsd.org Subject: Re: SCTP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2006 09:50:26 -0000 Yann Berthier wrote: > Hello, > > On Fri, 07 Jul 2006, at 07:40, Randall Stewart wrote: > > >>George V. Neville-Neil wrote: >> >> >>>I already sent the pointer to my version of NetPIPE (the pounder you >>>mention) and their new release should have SCTP in it by default. >>> >>>Later, >>>George >>> >> >> >>Ok, no doc's just stuff >> >>http://www.sctp.org/app.tar.bz2 > > > fyi: i've collected netflow records for a couple of days over sctp, > from a cisco router to my test machine - i used ntop on the receiver > side (the only netflow-related app i found sporting sctp) > > worked fine - many things i wanted to test i have not - i'll see that > after my holidays > > any patch for netstat and all floating around to display state of > sctp sockets ? Well... Kozuka-san did do a patch to netstat a while ago... I have not tried to compile it in a while... let me try to get this up on sctp.org as well :-D R > > thanks, > > - yan > -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 815-342-5222 (cell) From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 07:45:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86AA916A500 for ; Mon, 10 Jul 2006 07:45:52 +0000 (UTC) (envelope-from rdenis@simphalempin.com) Received: from 25.mail-out.ovh.net (25.mail-out.ovh.net [213.186.37.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E30043D81 for ; Mon, 10 Jul 2006 07:45:15 +0000 (GMT) (envelope-from rdenis@simphalempin.com) Received: (qmail 4538 invoked by uid 503); 10 Jul 2006 06:53:14 -0000 Received: (QMFILT: 1.0); 10 Jul 2006 06:53:14 -0000 Received: from b6.ovh.net (HELO mail87.ha.ovh.net) (213.186.33.56) by 25.mail-out.ovh.net with SMTP; 10 Jul 2006 06:53:14 -0000 Received: from b0.ovh.net (HELO queue-out) (213.186.33.50) by b0.ovh.net with SMTP; 10 Jul 2006 07:45:13 -0000 Received: from esprx01x.nokia.com (esprx01x.nokia.com [192.100.124.218]) by ssl0.ovh.net (IMP) with HTTP for ; Mon, 10 Jul 2006 10:45:13 +0300 Message-ID: <1152517513.44b20589e1bbc@ssl0.ovh.net> Date: Mon, 10 Jul 2006 10:45:13 +0300 From: Remi Denis-Courmont To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 192.100.124.218 Subject: Interface name or ID of /dev/tun tunnels X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 07:45:52 -0000 Hello, Is there any clean way to find out the name, or better yet the ID (since ID are immutable while names are not), of a tunnel device allocated from /dev/tun ? The question was already raised here, but I could find no answer: http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003338.html If not, would it be possible to add, say, an ioctl() on tun/tap devices to return their ID (which could be converted to a name via if_indextoname()), or something similar? That should retain full backward compatibility... Or maybe there is another way to configure the tunnel a la ifconfig with only the file descriptor?? Thanks, -- Remi Denis-Courmont http://www.simphalempin.com/home/ From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 11:03:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A2D816A570 for ; Mon, 10 Jul 2006 11:03:13 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A80743D73 for ; Mon, 10 Jul 2006 11:03:11 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k6AB3Bgj055705 for ; Mon, 10 Jul 2006 11:03:11 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k6AB39UL055701 for freebsd-net@freebsd.org; Mon, 10 Jul 2006 11:03:09 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 10 Jul 2006 11:03:09 GMT Message-Id: <200607101103.k6AB39UL055701@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 11:03:13 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2006/01/30] kern/92552 net A serious bug in most network drivers fro f [2006/02/12] kern/93220 net [inet6] nd6_lookup: failed to add route f 2 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations wit o [2006/04/03] kern/95267 net packet drops periodically appear 2 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 11:27:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B93B916A4DA for ; Mon, 10 Jul 2006 11:27:19 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F2D643D55 for ; Mon, 10 Jul 2006 11:27:19 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9359546C25; Mon, 10 Jul 2006 07:27:18 -0400 (EDT) Date: Mon, 10 Jul 2006 12:27:18 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Remi Denis-Courmont In-Reply-To: <1152517513.44b20589e1bbc@ssl0.ovh.net> Message-ID: <20060710122628.C83829@fledge.watson.org> References: <1152517513.44b20589e1bbc@ssl0.ovh.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: Interface name or ID of /dev/tun tunnels X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 11:27:19 -0000 On Mon, 10 Jul 2006, Remi Denis-Courmont wrote: > Is there any clean way to find out the name, or better yet the ID (since ID > are immutable while names are not), of a tunnel device allocated from > /dev/tun ? > > The question was already raised here, but I could find no answer: > http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003338.html > > If not, would it be possible to add, say, an ioctl() on tun/tap devices to > return their ID (which could be converted to a name via if_indextoname()), > or something similar? That should retain full backward compatibility... > > Or maybe there is another way to configure the tunnel a la ifconfig with > only the file descriptor?? Take a look at devname(3), which includes an example of how to identify which device was opened via /dev/tun. Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 14:07:11 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C904716A4DD; Mon, 10 Jul 2006 14:07:11 +0000 (UTC) (envelope-from iang@iang.org) Received: from mx1.sonance.net (mx1.sonance.net [62.116.45.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C13043D46; Mon, 10 Jul 2006 14:07:11 +0000 (GMT) (envelope-from iang@iang.org) Received: from localhost (mf1 [127.0.0.1]) by mx1.sonance.net (Postfix) with ESMTP id A801513EC7; Mon, 10 Jul 2006 16:07:17 +0200 (CEST) Received: from mx1.sonance.net ([127.0.0.1]) by localhost (mf1 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30551-09; Mon, 10 Jul 2006 16:07:16 +0200 (CEST) Received: from postix.sonance.net (zentrix [192.168.0.223]) by mx1.sonance.net (Postfix) with ESMTP id 7995E13EC3; Mon, 10 Jul 2006 16:07:16 +0200 (CEST) Received: from localhost (zentrix [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id 3DA7417B52E; Mon, 10 Jul 2006 16:07:05 +0200 (CEST) Received: from postix.sonance.net ([127.0.0.1]) by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05225-08; Mon, 10 Jul 2006 16:07:04 +0200 (CEST) Received: from [127.0.0.1] (zentrix [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id BC9D817B51D; Mon, 10 Jul 2006 16:07:04 +0200 (CEST) Message-ID: <44B25F0A.5040709@iang.org> Date: Mon, 10 Jul 2006 16:07:06 +0200 From: Iang User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <200607072030.01999.mi+mx@aldan.algebra.com> <20060708213932.GA41178@uk.tiscali.com> In-Reply-To: <20060708213932.GA41178@uk.tiscali.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled spam X-Virus-Scanned: sonance network anti-spam amavisd-new-20030616-p10 controlled spam Cc: freebsd-security@freebsd.org, Mikhail Teterin , imp@freebsd.org, net@freebsd.org Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: iang@iang.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 14:07:11 -0000 Brian Candler wrote: > Note that only root can bind to reserved ports. ... > This mechanism is only valid for trusted hosts, of course. If you allow a > random person to put their own PC on the network, they can of course send > packets from privileged ports (either by installing Unix with their own root > password, or by installing DOS and sending packets which come from > privileged ports) I gather that it is now possible to disable the privileged ports thing on FreeBSD at least. (Thank heavens, I say :) iang From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 14:17:33 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1221816A4DA; Mon, 10 Jul 2006 14:17:33 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89DF943D5C; Mon, 10 Jul 2006 14:17:31 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id CB8222D4905; Mon, 10 Jul 2006 14:17:30 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 79E851142D; Mon, 10 Jul 2006 16:17:30 +0200 (CEST) Date: Mon, 10 Jul 2006 16:17:30 +0200 From: "Simon L. Nielsen" To: Iang Message-ID: <20060710141729.GF1101@zaphod.nitro.dk> References: <200607072030.01999.mi+mx@aldan.algebra.com> <20060708213932.GA41178@uk.tiscali.com> <44B25F0A.5040709@iang.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YToU2i3Vx8H2dn7O" Content-Disposition: inline In-Reply-To: <44B25F0A.5040709@iang.org> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, Mikhail Teterin , net@freebsd.org, imp@freebsd.org, Brian Candler Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 14:17:33 -0000 --YToU2i3Vx8H2dn7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.07.10 16:07:06 +0200, Iang wrote: > Brian Candler wrote: >=20 > >Note that only root can bind to reserved ports. >=20 > ... >=20 > >This mechanism is only valid for trusted hosts, of course. If you allow a > >random person to put their own PC on the network, they can of course send > >packets from privileged ports (either by installing Unix with their own= =20 > >root > >password, or by installing DOS and sending packets which come from > >privileged ports) >=20 > I gather that it is now possible to disable the > privileged ports thing on FreeBSD at least. >=20 > (Thank heavens, I say :) Actually it is, but it would obviously be a stupid idea to do so any place where privileged ports are required... [simon@zaphod:~] sysctl net.inet.ip.portrange.reservedhigh net.inet.ip.port= range.reservedlow net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.reservedlow: 0 --=20 Simon L. Nielsen --YToU2i3Vx8H2dn7O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEsmF5h9pcDSc1mlERAq7RAJ9mpDSX+M8NDrC5jMScYITwB0eyCwCfd1jp R9tCljciXvIJNmsUKHWtdJU= =R23T -----END PGP SIGNATURE----- --YToU2i3Vx8H2dn7O-- From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 15:47:36 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EB6816A4DA; Mon, 10 Jul 2006 15:47:36 +0000 (UTC) (envelope-from mi+kde@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id E88C843D45; Mon, 10 Jul 2006 15:47:35 +0000 (GMT) (envelope-from mi+kde@aldan.algebra.com) Received: from aldan.algebra.com (aldan [127.0.0.1]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6AFlYiO062987 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Jul 2006 11:47:34 -0400 (EDT) (envelope-from mi+kde@aldan.algebra.com) Received: from localhost (localhost [[UNIX: localhost]]) by aldan.algebra.com (8.13.6/8.13.6/Submit) id k6AFlYOl062986; Mon, 10 Jul 2006 11:47:34 -0400 (EDT) (envelope-from mi+kde@aldan.algebra.com) From: Mikhail Teterin To: "Simon L. Nielsen" , Brian Candler Date: Mon, 10 Jul 2006 11:47:33 -0400 User-Agent: KMail/1.9.1 References: <200607072030.01999.mi+mx@aldan.algebra.com> <44B25F0A.5040709@iang.org> <20060710141729.GF1101@zaphod.nitro.dk> In-Reply-To: <20060710141729.GF1101@zaphod.nitro.dk> X-Face: %UW#n0|w>ydeGt/b@1-.UFP=K^~-:0f#O:D7whJ5G_<5143Bb3kOIs9XpX+"V+~$adGP:J|SLieM31VIhqXeLBli" Cc: Brian Candler , Mikhail Teterin , freebsd-security@freebsd.org, net@freebsd.org, imp@freebsd.org, Iang Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 15:47:36 -0000 On Monday 10 July 2006 10:17, Simon L. Nielsen wrote: = Actually it is, but it would obviously be a stupid idea to do so any = place where privileged ports are required... It would be. But where they are NOT required, it is stupid to check the geteuid() inside the client's rcmd :-) Thank you very much for your explanation, Brian, rsh being an SUID is something I overlooked. What I remain upset about, though, is that the rcmdsh(), which is used by rcmd() ignores the fd2p parameter making it impossible to capture the remote's stderr... Yours, -mi From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 17:51:08 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAA2416A4DD; Mon, 10 Jul 2006 17:51:08 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87CD443D46; Mon, 10 Jul 2006 17:51:08 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 6571D23937; Mon, 10 Jul 2006 13:51:07 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id D905D61F46; Mon, 10 Jul 2006 13:51:00 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1FzzuN-0000cO-1F; Mon, 10 Jul 2006 18:50:59 +0100 Date: Mon, 10 Jul 2006 18:50:59 +0100 From: Brian Candler To: Mikhail Teterin Message-ID: <20060710175059.GA2325@uk.tiscali.com> References: <200607072030.01999.mi+mx@aldan.algebra.com> <44B25F0A.5040709@iang.org> <20060710141729.GF1101@zaphod.nitro.dk> <200607101147.34530@aldan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607101147.34530@aldan> User-Agent: Mutt/1.4.2.1i Cc: Mikhail Teterin , "Simon L. Nielsen" , freebsd-security@freebsd.org, net@freebsd.org, imp@freebsd.org, Iang Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 17:51:09 -0000 On Mon, Jul 10, 2006 at 11:47:33AM -0400, Mikhail Teterin wrote: > What I remain upset about, though, is that the rcmdsh(), which is used by > rcmd() ignores the fd2p parameter making it impossible to capture the > remote's stderr... Well, it's probably worth send-pr'ing it. I'd first test whether rsh itself forwards stderr properly. Maybe there's some underlying reason why rcmdsh doesn't have an fd2p argument. From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 18:09:57 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0819016A4DE; Mon, 10 Jul 2006 18:09:57 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19E1943D45; Mon, 10 Jul 2006 18:09:56 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6AI9pRM082047 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 10 Jul 2006 14:09:52 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6AI9jtF079185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Jul 2006 14:09:46 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: Brian Candler Date: Mon, 10 Jul 2006 14:09:39 -0400 User-Agent: KMail/1.9.1 References: <200607072030.01999.mi+mx@aldan.algebra.com> <200607101147.34530@aldan> <20060710175059.GA2325@uk.tiscali.com> In-Reply-To: <20060710175059.GA2325@uk.tiscali.com> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200607101409.40651.mi+mx@aldan.algebra.com> Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV 0.88/1590/Mon Jul 10 01:34:09 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: "Simon L. Nielsen" , freebsd-security@freebsd.org, Mikhail Teterin , net@freebsd.org, imp@freebsd.org, Iang Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 18:09:57 -0000 понед╕лок 10 липень 2006 13:50, Brian Candler написав: > Well, it's probably worth send-pr'ing it. The rcmdsh() is taken from OpenBSD, I think, and has no room for the stderr. One would need to reimplement something like rcmdsh2() first :-) > I'd first test whether rsh itself forwards stderr properly. Maybe there's > some underlying reason why rcmdsh doesn't have an fd2p argument. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. ssh seems compliant too. The signal-handling is different, though: Interrupt, quit and terminate signals are propagated to the remote command; Whereas with rcmd one just writes the signal number (any signal number) into the fd2 descriptor... I think, rcmd() should just try to connect and leave it to the remote to reject it based on the too-low port number or anything. Another approach would be to use a separate suid utility (Linux has rcmd(1), for example), with semantics more closely matching those of rcmd(3). The reason I like rcmd() is that it lets me send data to a remote machine a) _directly_ from my program; and b) without also implementing the server side. I could achieve both of these with a non-root process by disabling the "isroot" checks inside the rcmd and by configuring the server to accept rcmd from any port. Other approaches require the root's setuid bit on the program, or abandoning the _directness_ of the a) by copying many gigabytes through the client's memory buffers a couple of extra times. -mi From owner-freebsd-net@FreeBSD.ORG Mon Jul 10 22:40:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FC8416A580 for ; Mon, 10 Jul 2006 22:40:54 +0000 (UTC) (envelope-from user@dhp.com) Received: from shell.dhp.com (shell.dhp.com [199.245.105.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BC5D43D53 for ; Mon, 10 Jul 2006 22:40:53 +0000 (GMT) (envelope-from user@dhp.com) Received: by shell.dhp.com (Postfix, from userid 896) id DA0B53132A; Mon, 10 Jul 2006 18:40:50 -0400 (EDT) Date: Mon, 10 Jul 2006 18:40:50 -0400 (EDT) From: Ensel Sharon To: freebsd-net@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: counting (not) blocks of IPs in ipfw - please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 22:40:54 -0000 I can't seem to get ipfw to handle a rule like this: ipfw add 00100 count ip from any not { 10.20.0.0/16 or 10.30.0.0/16 } to any via em0 in The error is: ipfw: missing ``to'' ipfw: unrecognised option [-1] 10.20.0.0/16 So if I remove the curlys and try just one IP block: ipfw add 00100 count ip from any not 10.20.0.0/16 to any via em0 in The error is: ipfw: invalid separator <.> in <10.20.0.0/16> Any help appreciated. Thanks. From owner-freebsd-net@FreeBSD.ORG Tue Jul 11 07:48:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E33316A4DF; Tue, 11 Jul 2006 07:48:15 +0000 (UTC) (envelope-from plk@in.nextra.sk) Received: from fw.nextra.sk (fw.nextra.sk [195.168.29.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 486D043D49; Tue, 11 Jul 2006 07:48:12 +0000 (GMT) (envelope-from plk@in.nextra.sk) Received: from plk.in.nextra.sk (localhost [127.0.0.1]) by fw.nextra.sk (8.13.4/8.13.4) with ESMTP id k6B7mAGi029232; Tue, 11 Jul 2006 09:48:10 +0200 Received: (from plk@localhost) by plk.in.nextra.sk (8.13.4/8.13.4/Submit) id k6B7mAZs029231; Tue, 11 Jul 2006 09:48:10 +0200 Date: Tue, 11 Jul 2006 09:48:10 +0200 From: Bohuslav Plucinsky To: freebsd-net@freebsd.org Message-ID: <20060711074810.GE24299@gtsnextra.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: NEXTRA, Bratislava, SLOVAKIA X-NCC-RegID: sk.nextra User-Agent: Mutt/1.5.11 Cc: mlaier@freebsd.org Subject: Conflict between CARP and multicast routing on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohuslav.plucinsky@gtsnextra.sk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2006 07:48:15 -0000 Hello, a few days ago I've sent a message about a problem running CARP and XORP together on the same machine. Thanks a hint from Pavlin Radoslavov now I know the problem is not in Xorp but conflict between CARP implementation and mutlicast routing. Description of problem: After multicast routing is started, the CARP starts send packets with wrong source IP addresss. How to repeat the problem: I've FreeBSD 6.1-RELEASE box (kernel config is attached at the end) with 2 NICs (em0, em1) : ifconfig em0 10.0.0.1 netmask 255.255.255.0 ifconfig em1 192.168.61.1 netmask 255.255.255.0 I've configured CARP interface: ifconfig carp1 create ifconfig carp1 vhid 10 pass blabla advskew 50 192.168.61.3 255.255.255.0 (Make sure the CARP is allowed) sysctl -a | grep carp net.inet.ip.same_prefix_carp_only: 0 net.inet.carp.allow: 1 net.inet.carp.preempt: 1 net.inet.carp.log: 1 net.inet.carp.arpbalance: 0 net.inet.carp.suppress_preempt: 0 After multicast routing is started (setsockopt(socket, IPPROTO_IP, MRT_INIT, ...) and vif is added to the vif table (setsockopt(socket, IPPROTO_IP, MRT_ADD_VIF, ...) the CARP starts send packets with wrong source IP address. (The short dirty C code to start multicast routing is attached) Here is the tcpdump on em1 interface. Until mrouter is not started, the CARP sends packets with correct IP address (192.168.61.1) after that the source IP address is changed to IP address of first VIF added to vif_table. When the mrouter terminates, the source IP address comes back: # tcpdump -n -i em1 proto 112 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes 08:54:14.724536 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:15.921662 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:17.118790 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:18.315948 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:19.513083 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:20.710212 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:21.907341 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:23.104471 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:24.301610 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:25.498738 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:26.695899 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:27.893029 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:29.090169 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:30.287288 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 08:54:31.484411 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36 ^C Can somebody help me to find a solution of this problem? Thanks, Bohus C code to start multicast routing: --------------------------------- /* mrouter_start.c Dirty code to start mrouter. */ #include #include #include #include #include #include #include #include #define MRT_INIT 100 #define MRT_ADD_VIF 102 typedef u_short vifi_t; /* type of a vif index */ struct vifctl { vifi_t vifc_vifi; /* the index of the vif to be added */ u_char vifc_flags; /* VIFF_ flags defined below */ u_char vifc_threshold; /* min ttl required to forward on vif */ u_int vifc_rate_limit; /* max rate */ struct in_addr vifc_lcl_addr; /* local interface address */ struct in_addr vifc_rmt_addr; /* remote address (tunnels only) */ }; int main () { int s, i; int mrouter_version = 1; struct vifctl vc; int num_of_ifs = 2; /* number of interfaces */ char *if_addr[] = {"10.0.0.1", "192.168.61.1" }; if ( (s=socket(PF_INET,SOCK_RAW,IPPROTO_IGMP)) < 0) { perror ("Cannot open socket. Error "); exit (-1); } if (setsockopt(s, IPPROTO_IP, MRT_INIT, (void*)&mrouter_version, sizeof(int)) < 0) { close(s); perror ("Cannot set socket option. Error:"); exit (-1); } memset(&vc, 0, sizeof(vc)); for (i=0; i< num_of_ifs ; i++) { vc.vifc_flags = 0; vc.vifc_vifi = i; vc.vifc_threshold = 1; vc.vifc_rate_limit = 0; vc.vifc_lcl_addr.s_addr = inet_addr(if_addr[i]); if (setsockopt(s, IPPROTO_IP, MRT_ADD_VIF, (void *)&vc, sizeof(vc)) < 0) { close(s); perror ("Cannot add VIF. Error "); exit (-1); } } fprintf (stdout,"Waiting 10s before terminate.\n"); sleep(10); close(s); return (0); } /* End of mrouter_start.c */ Kernel config: ------------- machine i386 cpu I586_CPU cpu I686_CPU ident FW-SMP maxusers 64 makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols makeoptions KERNEL=kernel-fw-20060710-01 options SCHED_4BSD # 4BSD scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking # options INET6 # IPv6 communications protocols options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_GPT # GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~215k to driver. options MROUTING # Multicast routing options PIM options IPSTEALTH #support for stealth forwarding options TCPDEBUG options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options INCLUDE_CONFIG_FILE # Include this file in kernel options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_DEBUG #debug for IP security options DEVICE_POLLING device vlan #VLAN support (needs miibus) device gre #IP over IP tunneling device pf #PF OpenBSD packet-filter firewall device pflog #logging support interface for PF device pfsync #synchronization interface for PF device carp #Common Address Redundancy Protocol options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Detection options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options ALTQ_DEBUG options SMP # Symmetric MultiProcessor Kernel # Devices device apic # I/O APIC ... (I'll send whole config if is it needed) From owner-freebsd-net@FreeBSD.ORG Tue Jul 11 18:27:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE16616A4DA for ; Tue, 11 Jul 2006 18:27:03 +0000 (UTC) (envelope-from linux@giboia.org) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4923843D73 for ; Tue, 11 Jul 2006 18:27:03 +0000 (GMT) (envelope-from linux@giboia.org) Received: by py-out-1112.google.com with SMTP id c63so3820276pyc for ; Tue, 11 Jul 2006 11:27:02 -0700 (PDT) Received: by 10.35.123.10 with SMTP id a10mr6996240pyn; Tue, 11 Jul 2006 11:27:02 -0700 (PDT) Received: by 10.35.57.19 with HTTP; Tue, 11 Jul 2006 11:27:02 -0700 (PDT) Message-ID: <6e6841490607111127l5dc5bcfaif36966bc941afdfe@mail.gmail.com> Date: Tue, 11 Jul 2006 15:27:02 -0300 From: "Gilberto Villani Brito" To: freebsd-net@freebsd.org In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: counting (not) blocks of IPs in ipfw - please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2006 18:27:03 -0000 Try: ipfw add 00100 count ip from not {10.20.0.0/16,10.30.0.0/16} to any via em0 in Gilberto 2006/7/10, Ensel Sharon : > > > > I can't seem to get ipfw to handle a rule like this: > > > ipfw add 00100 count ip from any not { 10.20.0.0/16 or 10.30.0.0/16 } to > any via em0 in > > The error is: > > ipfw: missing ``to'' > ipfw: unrecognised option [-1] 10.20.0.0/16 > > > > So if I remove the curlys and try just one IP block: > > ipfw add 00100 count ip from any not 10.20.0.0/16 to any via em0 in > > The error is: > > ipfw: invalid separator <.> in <10.20.0.0/16> > > > Any help appreciated. Thanks. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 05:27:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7756B16A4DE for ; Wed, 12 Jul 2006 05:27:59 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB1F843D4C for ; Wed, 12 Jul 2006 05:27:57 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [193.71.204.7] ([193.71.204.7]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.6/8.13.6) with ESMTP id k6C5RXn7029367 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Jul 2006 07:27:47 +0200 Message-ID: <44B4882F.6060200@wm-access.no> Date: Wed, 12 Jul 2006 07:27:11 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Dmitry Pryanishnikov References: <20060705125957.T30599@atlantis.atlantis.dp.ua> In-Reply-To: <20060705125957.T30599@atlantis.atlantis.dp.ua> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: if_rl VLAN support in RELENG_4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 05:27:59 -0000 Dmitry Pryanishnikov wrote: >=20 > Hello! >=20 > In RELENG_4, RealTek 8129/8139 driver rl(4) doesn't claim VLAN suppor= t > (when I assign vlandev rl0, my vlan device initially gets mtu 1496). In= > modern (e.g. RELENG_6) systems if_rl claims native VLAN support. I've > tried setting 'ifconfig vlan0 mtu 1500' for rl-based vlan device, and > resulting interface Just Works (TM) (1500-byte packets trasmit and rece= ive > correctly via such a vlan). So is it safe to use vlan with 'vlandev rl0= ' > and 'mtu 1500' in RELENG_4? Has anyone observed any ill-effects in such= > a configuration? Would it be simple enough for if_rl in RELENG_4 to > just announce native VLAN support to the system? >=20 > Sincerely, Dmitry Not necessarily. I would assume, without looking, that you would also need to enable oversized frame support. --=20 Sten Daniel S=F8rsdal From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 06:19:26 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C7F616A4E5 for ; Wed, 12 Jul 2006 06:19:26 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EF0443D45 for ; Wed, 12 Jul 2006 06:19:24 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k6C6JEoU072391; Wed, 12 Jul 2006 09:19:14 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Wed, 12 Jul 2006 09:19:14 +0300 (EEST) From: Dmitry Pryanishnikov To: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= In-Reply-To: <44B4882F.6060200@wm-access.no> Message-ID: <20060712091022.A65006@atlantis.atlantis.dp.ua> References: <20060705125957.T30599@atlantis.atlantis.dp.ua> <44B4882F.6060200@wm-access.no> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: if_rl VLAN support in RELENG_4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 06:19:26 -0000 Hello! On Wed, 12 Jul 2006, Sten Daniel S?rsdal wrote: >> In RELENG_4, RealTek 8129/8139 driver rl(4) doesn't claim VLAN support >> (when I assign vlandev rl0, my vlan device initially gets mtu 1496). In >> modern (e.g. RELENG_6) systems if_rl claims native VLAN support. I've >> tried setting 'ifconfig vlan0 mtu 1500' for rl-based vlan device, and >> resulting interface Just Works (TM) (1500-byte packets trasmit and receive >> correctly via such a vlan). So is it safe to use vlan with 'vlandev rl0' >> and 'mtu 1500' in RELENG_4? Has anyone observed any ill-effects in such >> a configuration? Would it be simple enough for if_rl in RELENG_4 to >> just announce native VLAN support to the system? >> >> Sincerely, Dmitry > > Not necessarily. I would assume, without looking, that you would also > need to enable oversized frame support. I'm curious whether you've missed the following: >> I've >> tried setting 'ifconfig vlan0 mtu 1500' for rl-based vlan device, and >> resulting interface Just Works (TM). So the required support seems to be already enabled (at least for my particular NIC). It isn't question for me whether _my_ NIC works in this mode - it definitely does. My question is whether _any_ rl(4)-supported card will behave in the same way ( = can I _rely_ on rl(4) in RELENG_4 being able to do 1500-byte VLANs). In RELENG_6, e.g., this capability is announced by the rl(4), so I can rely on it. But it seems to be an overkill to upgrade an average not-so-fast router to RELENG_6 just to be sure that rl(4) supports 1500-byte VLANs correctly, isn't it? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 06:31:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9D3716A4DE for ; Wed, 12 Jul 2006 06:31:44 +0000 (UTC) (envelope-from rdenis@simphalempin.com) Received: from 25.mail-out.ovh.net (25.mail-out.ovh.net [213.186.37.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05FE743D66 for ; Wed, 12 Jul 2006 06:31:41 +0000 (GMT) (envelope-from rdenis@simphalempin.com) Received: (qmail 19406 invoked by uid 503); 12 Jul 2006 05:39:16 -0000 Received: (QMFILT: 1.0); 12 Jul 2006 05:39:16 -0000 Received: from b6.ovh.net (HELO mail83.ha.ovh.net) (213.186.33.56) by 25.mail-out.ovh.net with SMTP; 12 Jul 2006 05:39:16 -0000 Received: from b0.ovh.net (HELO queue-out) (213.186.33.50) by b0.ovh.net with SMTP; 12 Jul 2006 06:31:29 -0000 Received: from esprx01x.nokia.com (esprx01x.nokia.com [192.100.124.218]) by ssl0.ovh.net (IMP) with HTTP for ; Wed, 12 Jul 2006 09:31:29 +0300 Message-ID: <1152685889.44b49741482eb@ssl0.ovh.net> Date: Wed, 12 Jul 2006 09:31:29 +0300 From: Remi Denis-Courmont To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 192.100.124.218 Subject: [if_tun] Could tunclose remove all kind of routing infos? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 06:31:44 -0000 Hi, Is there any reason why, when bringing down a tunnel device, tunclose() from src/sys/net/if_tun.c only removes routing entries of the AF_INET family? It seems to be an omission: There is pretty much the same code in tapclose() from src/sys/net/if_tap.c; but that one removes all entries, regardless of the address family. I have problems because of this, as I am using if_tun with IPv6 at the moment, and the kernel does not cleanup routes when the tunneling program dies (PR kern/100080). Would there be any problem in removing the "if (ifa->ifa_addr->sa_family == AF_INET)" line in the TAILQ_FOREACH loop? Regards, -- Remi Denis-Courmont http://www.simphalempin.com/home/ From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 08:30:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7B3216A4DD for ; Wed, 12 Jul 2006 08:30:24 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88ED243D45 for ; Wed, 12 Jul 2006 08:30:24 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 1BBE623934; Wed, 12 Jul 2006 04:30:24 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id D7933601EA; Wed, 12 Jul 2006 04:30:22 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G0a6u-0000gc-80; Wed, 12 Jul 2006 09:30:20 +0100 Date: Wed, 12 Jul 2006 09:30:20 +0100 From: Brian Candler To: Ensel Sharon Message-ID: <20060712083020.GA2607@uk.tiscali.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: counting (not) blocks of IPs in ipfw - please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 08:30:25 -0000 On Mon, Jul 10, 2006 at 06:40:50PM -0400, Ensel Sharon wrote: > I can't seem to get ipfw to handle a rule like this: > > > ipfw add 00100 count ip from any not { 10.20.0.0/16 or 10.30.0.0/16 } to > any via em0 in > > The error is: > > ipfw: missing ``to'' > ipfw: unrecognised option [-1] 10.20.0.0/16 Firstly, "from any XXX" is giving two different 'from' items. I guess you meant "from not { 10.20.0.0/16 or 10.30.0.0/16 }". But that doesn't work either: # ipfw add 00100 count ip from not { 10.20.0.0/16 or 10.30.0.0/16 } to any via fxp0 in ipfw: hostname ``{'' unknown According to the manpage, that syntax is not allowed. Notice: [proto from src to dst] [options] ... src and dst: {addr | { addr or ... }} [[not] ports] ... addr: [not] {any | me | me6 table(number[,value]) | addr-list | addr-set} i.e. "not { x or y }" is not a valid 'src' The obvious boolean transformation doesn't work, since "and" is not allowed either: i.e. # ipfw add 00100 count ip from { not 10.20.0.0/16 and not 10.30.0.0/16 } to any via fxp0 in ipfw: missing ")" I think you need to use a table. Or choose another workaround, e.g. two rules with separate counters, or two rules which jump to another rule which does the counting. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 19:59:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDE9916A4E0 for ; Wed, 12 Jul 2006 19:59:13 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D95343D93 for ; Wed, 12 Jul 2006 19:59:12 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.6/8.13.6) with ESMTP id k6CJx9Lb027497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Jul 2006 21:59:09 +0200 Message-ID: <44B5547D.1070700@wm-access.no> Date: Wed, 12 Jul 2006 21:58:53 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Dmitry Pryanishnikov References: <20060705125957.T30599@atlantis.atlantis.dp.ua> <44B4882F.6060200@wm-access.no> <20060712091022.A65006@atlantis.atlantis.dp.ua> In-Reply-To: <20060712091022.A65006@atlantis.atlantis.dp.ua> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: if_rl VLAN support in RELENG_4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 19:59:14 -0000 Dmitry Pryanishnikov wrote: >=20 > Hello! >=20 > On Wed, 12 Jul 2006, Sten Daniel S?rsdal wrote: >>> In RELENG_4, RealTek 8129/8139 driver rl(4) doesn't claim VLAN supp= ort >>> (when I assign vlandev rl0, my vlan device initially gets mtu 1496). = In >>> modern (e.g. RELENG_6) systems if_rl claims native VLAN support. I've= >>> tried setting 'ifconfig vlan0 mtu 1500' for rl-based vlan device, and= >>> resulting interface Just Works (TM) (1500-byte packets trasmit and >>> receive >>> correctly via such a vlan). So is it safe to use vlan with 'vlandev r= l0' >>> and 'mtu 1500' in RELENG_4? Has anyone observed any ill-effects in su= ch >>> a configuration? Would it be simple enough for if_rl in RELENG_4 to >>> just announce native VLAN support to the system? >>> >>> Sincerely, Dmitry >> >> Not necessarily. I would assume, without looking, that you would also >> need to enable oversized frame support. >=20 > I'm curious whether you've missed the following: >=20 >>> I've >>> tried setting 'ifconfig vlan0 mtu 1500' for rl-based vlan device, and= >>> resulting interface Just Works (TM). >=20 > So the required support seems to be already enabled (at least for my > particular NIC). It isn't question for me whether _my_ NIC works in thi= s > mode - it definitely does. My question is whether _any_ rl(4)-supported= > card will behave in the same way ( =3D can I _rely_ on rl(4) in RELENG_= 4 > being able to do 1500-byte VLANs). In RELENG_6, e.g., this capability i= s > announced by the Aha. I'm not sure i can answer that. I was under the impression that not all realtek cards supported oversized frames (notably 8129 with an external phy) and that 8139 A and B series were a little shakey but C is definitly fine. 8139 had internal PHY so i guess they (a/b/c) are pretty similar. I can however not really give you the answer you are looking for, sorry. --=20 Sten Daniel S=F8rsdal From owner-freebsd-net@FreeBSD.ORG Wed Jul 12 22:53:43 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E91E16A4DA; Wed, 12 Jul 2006 22:53:43 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9B9D43D46; Wed, 12 Jul 2006 22:53:42 +0000 (GMT) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k6CMrggn010808; Wed, 12 Jul 2006 22:53:42 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k6CMrgOK010804; Wed, 12 Jul 2006 22:53:42 GMT (envelope-from linimon) Date: Wed, 12 Jul 2006 22:53:42 GMT From: Mark Linimon Message-Id: <200607122253.k6CMrgOK010804@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/100172: [arp] Transfer of large file fails with host is down message X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 22:53:43 -0000 Synopsis: [arp] Transfer of large file fails with host is down message Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Wed Jul 12 22:53:21 UTC 2006 Responsible-Changed-Why: Perhaps the networking folks can take a look at this, especially because it seems to be repeatable. http://www.freebsd.org/cgi/query-pr.cgi?pr=100172 From owner-freebsd-net@FreeBSD.ORG Thu Jul 13 18:54:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C0CF16A4E2 for ; Thu, 13 Jul 2006 18:54:21 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id E458F43D45 for ; Thu, 13 Jul 2006 18:54:19 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k6DIs46g099577; Thu, 13 Jul 2006 21:54:04 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 13 Jul 2006 21:54:04 +0300 (EEST) From: Dmitry Pryanishnikov To: Brian Candler In-Reply-To: <20060712083020.GA2607@uk.tiscali.com> Message-ID: <20060713214311.T73434@atlantis.atlantis.dp.ua> References: <20060712083020.GA2607@uk.tiscali.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Ensel Sharon Subject: Re: counting (not) blocks of IPs in ipfw - please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 18:54:21 -0000 Hello! On Wed, 12 Jul 2006, Brian Candler wrote: > Firstly, "from any XXX" is giving two different 'from' items. I guess you > meant "from not { 10.20.0.0/16 or 10.30.0.0/16 }". But that doesn't work > either: > > # ipfw add 00100 count ip from not { 10.20.0.0/16 or 10.30.0.0/16 } to any > via fxp0 in > ipfw: hostname ``{'' unknown > > ... > The obvious boolean transformation doesn't work, since "and" is not allowed > either: i.e. > > # ipfw add 00100 count ip from { not 10.20.0.0/16 and not 10.30.0.0/16 } to > any via fxp0 in > ipfw: missing ")" Correct, there is no 'and' keyword in ipfw syntax, since it's redundant: a simple ',' in address list means 'and'. So this can be written as: ipfw add 100 count ip from not 10.20.0.0/16,10.30.0.0/16 to any via fxp0 in since 'not' in the src and dst definitions refers to the whole list: addr: [not] {any | me | me6 table(number[,value]) | addr-list | addr-set} (an '|' is missing between 'me6' and 'table...' here, isn't it?) Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-net@FreeBSD.ORG Thu Jul 13 18:59:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 085FF16A4DD for ; Thu, 13 Jul 2006 18:59:37 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 507FB43D45 for ; Thu, 13 Jul 2006 18:59:36 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k6DIxPCk003155; Thu, 13 Jul 2006 21:59:25 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 13 Jul 2006 21:59:25 +0300 (EEST) From: Dmitry Pryanishnikov To: Brian Candler In-Reply-To: <20060713214311.T73434@atlantis.atlantis.dp.ua> Message-ID: <20060713215647.D73434@atlantis.atlantis.dp.ua> References: <20060712083020.GA2607@uk.tiscali.com> <20060713214311.T73434@atlantis.atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, Ensel Sharon Subject: Re: counting (not) blocks of IPs in ipfw - please help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 18:59:37 -0000 On Thu, 13 Jul 2006, Dmitry Pryanishnikov wrote: >> # ipfw add 00100 count ip from { not 10.20.0.0/16 and not 10.30.0.0/16 } to >> any via fxp0 in >> ipfw: missing ")" > > Correct, there is no 'and' keyword in ipfw syntax, since it's redundant: > a simple ',' in address list means 'and'. So this can be written as: Umm, sorry, of course ',' means 'or': 10.20.0.0/16,10.30.0.0/16 matches 10.20.0.0/16 OR 10.30.0.0/16 > ipfw add 100 count ip from not 10.20.0.0/16,10.30.0.0/16 to any via fxp0 in Yet this construction is correct and means exactly that: packets NOT from ( 10.20.0.0/16 OR 10.30.0.0/16). Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Jul 14 16:35:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A62F216A4DA for ; Fri, 14 Jul 2006 16:35:00 +0000 (UTC) (envelope-from cybercorecentre@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04D1543D45 for ; Fri, 14 Jul 2006 16:34:59 +0000 (GMT) (envelope-from cybercorecentre@gmail.com) Received: by ug-out-1314.google.com with SMTP id m3so858112uge for ; Fri, 14 Jul 2006 09:34:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=tLPIEij+4gY/XlrMOLDWME4c/sjNqXxcSJGAgUXm1PTYpE0/tbejK4Iwh54ScSUMGFmGUts8ltFVMWbFdXTcHYwLwAlR9d3IwGz0RGSTW+X5LJwQ8vhCWq6fz/3biVCYdc8Kh99lW21NQs5A9rOECNFWMJ+3+WGPTnOQegdjG4Y= Received: by 10.67.19.13 with SMTP id w13mr1388930ugi; Fri, 14 Jul 2006 09:34:58 -0700 (PDT) Received: from ?192.0.0.1? ( [62.77.228.138]) by mx.gmail.com with ESMTP id e1sm1240025ugf.2006.07.14.09.34.58; Fri, 14 Jul 2006 09:34:58 -0700 (PDT) Message-ID: <44B7C63D.3000804@gmail.com> Date: Fri, 14 Jul 2006 18:28:45 +0200 From: Jax User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Subject: Traffic shaping part 3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jul 2006 16:35:00 -0000 Hello list! My traffic shaper box seems to be working fine, but I want to see the results of traffic shaping. Any1 know a solution like: http://www.mastershaper.org/tiki-index.php?page=Screenshots ,what can make cool graphs for me from ipfw rules and don't need to be on that computer, or shall I use something with rsh to analyze this. Another question, many p2p app use various port range, and I want to separate them from "bulk" traffic, is there any hack for this? I can mark some packet with netfilter before they reach the freebsd box, could I use marked packets then? Regards, JaX