From owner-freebsd-net@FreeBSD.ORG Sun Aug 13 02:00:15 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C4AF16A4DD for ; Sun, 13 Aug 2006 02:00:15 +0000 (UTC) (envelope-from mikej@rogers.com) Received: from H43.C18.B96.tor.eicat.ca (H43.C18.B96.tor.eicat.ca [66.96.18.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0255E43D45 for ; Sun, 13 Aug 2006 02:00:14 +0000 (GMT) (envelope-from mikej@rogers.com) Received: from [127.0.0.1] (desktop.home.local [172.16.0.200]) by H43.C18.B96.tor.eicat.ca (Postfix) with ESMTP id 0CF5A11518; Sat, 12 Aug 2006 22:00:39 -0400 (EDT) Message-ID: <44DE87B7.8030201@rogers.com> Date: Sat, 12 Aug 2006 22:00:23 -0400 From: Mike Jakubik User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Anton Yuzhaninov References: <44DE0208.2010101@rogers.com> <17410703353.20060812225405@citrin.ru> In-Reply-To: <17410703353.20060812225405@citrin.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-SpamToaster-Information: This messages has been scanned by SpamToaster http://www.digitalprogression.ca X-SpamToaster: Found to be clean X-SpamToaster-SpamCheck: not spam, SpamAssassin (not cached, score=-2.49, required 3.5, ALL_TRUSTED -1.80, AWL 0.00, BAYES_00 -2.60, DK_POLICY_SIGNSOME 0.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71) X-SpamToaster-From: mikej@rogers.com X-Spam-Status: No Cc: net@freebsd.org Subject: Re: CARP howto X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Aug 2006 02:00:15 -0000 Anton Yuzhaninov wrote: > Saturday, August 12, 2006, 8:30:00 PM, Mike Jakubik wrote: > > MJ> Does anyone know a good CARP howto for FreeBSD? I've googled around, but > MJ> i cant find anything specific to FreeBSD. > > You can use CARP howto for OpenBSD. > > Yup, that and the FreeBSD man page gave me all the information i needed. Its easy as pie and works fantastic! From owner-freebsd-net@FreeBSD.ORG Sun Aug 13 16:24:42 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E7AD16A4DD for ; Sun, 13 Aug 2006 16:24:42 +0000 (UTC) (envelope-from archie@dellroad.org) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id E164F43D4C for ; Sun, 13 Aug 2006 16:24:41 +0000 (GMT) (envelope-from archie@dellroad.org) Received: from [127.0.0.1] (c-24-23-130-81.hsd1.mn.comcast.net [24.23.130.81]) by smtp-relay.omnis.com (Postfix) with ESMTP id A0B1E1880C3A; Sun, 13 Aug 2006 09:24:40 -0700 (PDT) Message-ID: <44DF51C1.8000306@dellroad.org> Date: Sun, 13 Aug 2006 09:22:25 -0700 From: Archie Cobbs User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Julian Elischer References: <7.0.1.0.2.20060810201735.067258b0@lariat.net> <44DBF2BB.5080202@micom.mng.net> <7.0.1.0.2.20060810212047.073f0078@lariat.net> <44DBFC05.6080804@elischer.org> <7.0.1.0.2.20060810220804.08de8568@lariat.net> <44DCB4D8.4020901@elischer.org> In-Reply-To: <44DCB4D8.4020901@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Brett Glass , Ganbold , net@freebsd.org Subject: Re: Big PPTP server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Aug 2006 16:24:42 -0000 Julian Elischer wrote: >> Julian, as I recall you were one of the original employees of Whistle >> Communications, correct? Perhaps you can explain this: Why does mpd >> require all of those link configurations? Was mpd originally intended >> to be used as a client only? I'm struggling here because I can't find >> a PPP/PPTP implementation that's completely BSD licensed and really >> designed to be a large scale server. >> >> --Brett Glass > > That's more a question for archie as he wrote it, bit it was written to > be a server on small appliance. > > Some people have been working on imporving mpd but I don't know much > about it. It was not originally intended as a large scale server. It could be adapted to that fairly easily but no one has done so yet. -Archie From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 00:29:22 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A1CF16A4DF for ; Mon, 14 Aug 2006 00:29:22 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B82A043D4C for ; Mon, 14 Aug 2006 00:29:21 +0000 (GMT) (envelope-from brett@lariat.net) Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id SAA15662; Sun, 13 Aug 2006 18:28:23 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <7.0.1.0.2.20060813182130.06f54060@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Sun, 13 Aug 2006 18:23:33 -0600 To: Archie Cobbs , Julian Elischer From: Brett Glass In-Reply-To: <44DF51C1.8000306@dellroad.org> References: <7.0.1.0.2.20060810201735.067258b0@lariat.net> <44DBF2BB.5080202@micom.mng.net> <7.0.1.0.2.20060810212047.073f0078@lariat.net> <44DBFC05.6080804@elischer.org> <7.0.1.0.2.20060810220804.08de8568@lariat.net> <44DCB4D8.4020901@elischer.org> <44DF51C1.8000306@dellroad.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Ganbold , net@freebsd.org Subject: Re: Big PPTP server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 00:29:22 -0000 At 10:22 AM 8/13/2006, Archie Cobbs wrote: >>That's more a question for archie as he wrote it, bit it was written to >>be a server on small appliance. >>Some people have been working on imporving mpd but I don't know >>much about it. > >It was not originally intended as a large scale server. It could be >adapted to that fairly easily but no one has done so yet. I might be motivated to try; however, I would need to understand more about its architecture (and about Netgraph, whose mysteries I haven't plumbed). Also, I understand that at least some of the code is from a very old implementation of PPP that was written in Japan many years ago. Have you thought about how such modifications might be made? --Brett Glass From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 07:28:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C54216A4DF for ; Mon, 14 Aug 2006 07:28:04 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB25743D86 for ; Mon, 14 Aug 2006 07:28:00 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7E7S023038527 for ; Mon, 14 Aug 2006 07:28:00 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7E7RxQ5038521 for freebsd-net@FreeBSD.org; Mon, 14 Aug 2006 07:27:59 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 14 Aug 2006 07:27:59 GMT Message-Id: <200608140727.k7E7RxQ5038521@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 07:28:04 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/92552 net A serious bug in most network drivers from 5.X to 6.X f kern/93220 net [inet6] nd6_lookup: failed to add route for a neighbor o kern/100172 net [arp] Transfer of large file fails with host is down m 3 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/19875 net A new protocol family, PF_IPOPTION, to handle IP optio o conf/23063 net [PATCH] for static ARP tables in rc.network s kern/31686 net Problem with the timestamp option when flag equals zer o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear 6 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 10:51:34 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C0BF16A4E2 for ; Mon, 14 Aug 2006 10:51:34 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7DE043D7C for ; Mon, 14 Aug 2006 10:51:25 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id k7EApL5b007037 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Aug 2006 14:51:21 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id k7EApKBj007036; Mon, 14 Aug 2006 14:51:20 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 14 Aug 2006 14:51:20 +0400 From: Gleb Smirnoff To: mark Message-ID: <20060814105120.GT96644@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , mark , freebsd-net@freebsd.org References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <44DC9A51.3030303@immermail.com> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 10:51:34 -0000 On Fri, Aug 11, 2006 at 07:55:13AM -0700, mark wrote: m> >On Wed, Aug 02, 2006 at 02:22:13PM -0700, mark wrote: m> >m> I cannot get netgraph to work with 10Gig interfaces m> >m> on FreeBSD 6.1. No errors, but no traffic seen. m> >m> Config works with 1 Gig interfaces. Anyone know why? m> >m> m> >m> ngctl mkpeer . eiface hook ether m> >m> ngctl mkpeer ngeth0: one2many lower one m> >m> ngctl connect $if1: ngeth0:lower lower many0 m> >m> ngctl connect $if2: ngeth0:lower lower many1 m> >m> ifconfig ngeth0 -arp up m> > m> >And where is interface here? Either 10Gig or 1 Gig? I don't m> >see one. m> m> This snippet is from a script, and the variables '$if1' and '$if2' m> are set to the interfaces. In effect, the 'connect' lines above m> are actually (for Neterion 10Gig driver): m> m> ngctl connect xge0: ngeth0:lower lower many0 m> ngctl connect xge1: ngeth0:lower lower many0 Never heard about xge(4) driver. What is it? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 12:45:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8FE716A596; Mon, 14 Aug 2006 12:45:42 +0000 (UTC) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14BB343D6D; Mon, 14 Aug 2006 12:45:31 +0000 (GMT) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0J3Z009S5NFTQ7@ms-dienst.rz.rwth-aachen.de>; Mon, 14 Aug 2006 14:45:30 +0200 (MEST) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Mon, 14 Aug 2006 14:45:29 +0200 (MEST) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by smarthost.rwth-aachen.de (8.13.7/8.13.1/1) with ESMTP id k7ECjStH029470; Mon, 14 Aug 2006 14:45:28 +0200 Received: from haakonia.hitnet.rwth-aachen.de ([137.226.181.92]) by bigboss.hitnet.rwth-aachen.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1GCbov-0007Ha-2B; Mon, 14 Aug 2006 14:45:29 +0200 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id 9A6503F41B; Mon, 14 Aug 2006 14:45:28 +0200 (CEST) Date: Mon, 14 Aug 2006 14:45:28 +0200 From: Christian Brueffer In-reply-to: <20060814105120.GT96644@FreeBSD.org> To: Gleb Smirnoff , mark , freebsd-net@freebsd.org Message-id: <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> MIME-version: 1.0 Content-type: multipart/signed; boundary=uZ3hkaAS1mZxFaxD; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.1-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> Cc: Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 12:45:42 -0000 --uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 14, 2006 at 02:51:20PM +0400, Gleb Smirnoff wrote: > On Fri, Aug 11, 2006 at 07:55:13AM -0700, mark wrote: > m> >On Wed, Aug 02, 2006 at 02:22:13PM -0700, mark wrote: > m> >m> I cannot get netgraph to work with 10Gig interfaces > m> >m> on FreeBSD 6.1. No errors, but no traffic seen. > m> >m> Config works with 1 Gig interfaces. Anyone know why? > m> >m>=20 > m> >m> ngctl mkpeer . eiface hook ether > m> >m> ngctl mkpeer ngeth0: one2many lower one > m> >m> ngctl connect $if1: ngeth0:lower lower many0 > m> >m> ngctl connect $if2: ngeth0:lower lower many1 > m> >m> ifconfig ngeth0 -arp up > m> > > m> >And where is interface here? Either 10Gig or 1 Gig? I don't > m> >see one. > m>=20 > m> This snippet is from a script, and the variables '$if1' and '$if2' > m> are set to the interfaces. In effect, the 'connect' lines above > m> are actually (for Neterion 10Gig driver): > m>=20 > m> ngctl connect xge0: ngeth0:lower lower many0 > m> ngctl connect xge1: ngeth0:lower lower many0 >=20 > Never heard about xge(4) driver. What is it? >=20 http://www.neterion.com/support/drivers/relnotes-fbsd_beta.txt FYI, the OpenBSD guys have a driver in their tree if someone wants to take a look. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE4HBobHYXjKDtmC0RAjamAKCa7uWOn67fywoBOOe2db3ujHpsoQCfZw/z vgtV8tfmk+DuaKwRJumb0fQ= =J373 -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD-- From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 12:48:19 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 155D216A4F6; Mon, 14 Aug 2006 12:48:19 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C487F43D5F; Mon, 14 Aug 2006 12:48:17 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id k7ECmBHq008004 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Aug 2006 16:48:12 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id k7ECmBfJ008003; Mon, 14 Aug 2006 16:48:11 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 14 Aug 2006 16:48:10 +0400 From: Gleb Smirnoff To: Christian Brueffer Message-ID: <20060814124810.GB96644@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Christian Brueffer , mark , freebsd-net@FreeBSD.org References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org, mark Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 12:48:19 -0000 On Mon, Aug 14, 2006 at 02:45:28PM +0200, Christian Brueffer wrote: C> > m> >m> ngctl mkpeer . eiface hook ether C> > m> >m> ngctl mkpeer ngeth0: one2many lower one C> > m> >m> ngctl connect $if1: ngeth0:lower lower many0 C> > m> >m> ngctl connect $if2: ngeth0:lower lower many1 C> > m> >m> ifconfig ngeth0 -arp up C> > m> > C> > m> >And where is interface here? Either 10Gig or 1 Gig? I don't C> > m> >see one. C> > m> C> > m> This snippet is from a script, and the variables '$if1' and '$if2' C> > m> are set to the interfaces. In effect, the 'connect' lines above C> > m> are actually (for Neterion 10Gig driver): C> > m> C> > m> ngctl connect xge0: ngeth0:lower lower many0 C> > m> ngctl connect xge1: ngeth0:lower lower many0 C> > C> > Never heard about xge(4) driver. What is it? C> C> http://www.neterion.com/support/drivers/relnotes-fbsd_beta.txt C> C> FYI, the OpenBSD guys have a driver in their tree if someone wants to C> take a look. Well, we need at least one developer with at least one NIC. Or we need very responsive contact in Neterion and their willingness to maintain driver in FreeBSD tree. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 13:05:30 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 311B516A4DF; Mon, 14 Aug 2006 13:05:30 +0000 (UTC) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFE5743D82; Mon, 14 Aug 2006 13:04:58 +0000 (GMT) (envelope-from chris@hitnet.RWTH-Aachen.DE) Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0J3Z009YMOC5R3@ms-dienst.rz.rwth-aachen.de>; Mon, 14 Aug 2006 15:04:53 +0200 (MEST) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Mon, 14 Aug 2006 15:04:53 +0200 (MEST) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by smarthost.rwth-aachen.de (8.13.7/8.13.1/1) with ESMTP id k7ED4qTb032530; Mon, 14 Aug 2006 15:04:52 +0200 Received: from haakonia.hitnet.rwth-aachen.de ([137.226.181.92]) by bigboss.hitnet.rwth-aachen.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1GCc7g-0007Ub-Sw; Mon, 14 Aug 2006 15:04:52 +0200 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id 8B5AD3F41B; Mon, 14 Aug 2006 15:04:52 +0200 (CEST) Date: Mon, 14 Aug 2006 15:04:52 +0200 From: Christian Brueffer In-reply-to: <20060814124810.GB96644@cell.sick.ru> To: Gleb Smirnoff , mark , freebsd-net@FreeBSD.org Message-id: <20060814130452.GD1763@haakonia.hitnet.RWTH-Aachen.DE> MIME-version: 1.0 Content-type: multipart/signed; boundary="GZVR6ND4mMseVXL/"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.1-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> <20060814124810.GB96644@cell.sick.ru> Cc: Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 13:05:30 -0000 --GZVR6ND4mMseVXL/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 14, 2006 at 04:48:10PM +0400, Gleb Smirnoff wrote: > On Mon, Aug 14, 2006 at 02:45:28PM +0200, Christian Brueffer wrote: > C> > m> >m> ngctl mkpeer . eiface hook ether > C> > m> >m> ngctl mkpeer ngeth0: one2many lower one > C> > m> >m> ngctl connect $if1: ngeth0:lower lower many0 > C> > m> >m> ngctl connect $if2: ngeth0:lower lower many1 > C> > m> >m> ifconfig ngeth0 -arp up > C> > m> > > C> > m> >And where is interface here? Either 10Gig or 1 Gig? I don't > C> > m> >see one. > C> > m>=20 > C> > m> This snippet is from a script, and the variables '$if1' and '$if2' > C> > m> are set to the interfaces. In effect, the 'connect' lines above > C> > m> are actually (for Neterion 10Gig driver): > C> > m>=20 > C> > m> ngctl connect xge0: ngeth0:lower lower many0 > C> > m> ngctl connect xge1: ngeth0:lower lower many0 > C> >=20 > C> > Never heard about xge(4) driver. What is it? > C>=20 > C> http://www.neterion.com/support/drivers/relnotes-fbsd_beta.txt > C>=20 > C> FYI, the OpenBSD guys have a driver in their tree if someone wants to > C> take a look. >=20 > Well, we need at least one developer with at least one NIC. Or we need > very responsive contact in Neterion and their willingness to maintain > driver in FreeBSD tree. >=20 Right. BTW, small clarification of my words above: The driver first appeared in NetBSD and was ported to OpenBSD afterwards. Unfortunately the CVS logs don't indicate whether or not they had support from Neterion. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --GZVR6ND4mMseVXL/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE4HT0bHYXjKDtmC0RAvSJAJsEZvoYwCwgUCGDGAz/g5TLCC8vRwCfcMKy f6wOH58vMolBRSt83r4GsH0= =OFcN -----END PGP SIGNATURE----- --GZVR6ND4mMseVXL/-- From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 13:10:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA53A16A4DF for ; Mon, 14 Aug 2006 13:10:37 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE14D43D5E for ; Mon, 14 Aug 2006 13:10:36 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 44DCF84428 for ; Mon, 14 Aug 2006 15:10:35 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 56006-10 for ; Mon, 14 Aug 2006 15:10:15 +0200 (CEST) Received: from [IPv6:::1] (unknown [192.168.2.3]) by people.fsn.hu (Postfix) with ESMTP id 918BF84408 for ; Mon, 14 Aug 2006 15:10:15 +0200 (CEST) Message-ID: <44E07636.4090403@fsn.hu> Date: Mon, 14 Aug 2006 15:10:14 +0200 From: Attila Nagy User-Agent: Thunderbird 1.5.0.5 (X11/20060731) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Subject: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 13:10:37 -0000 Hello, I would like to run diskless clients (they are actually servers) from FreeBSD, but I don't like having a SPoF at the NFS server level and don't want to use expensive out of the box solutions, like a NAS with a SAN behind it. The scenario of one master server and one (or more) slave(s) are enough for me, as the mounts would be read only. So in theory, having two FreeBSD boxes, both with the NFS service on a CARP-based virtual IP would perfectly fit my needs. The only problem is that NFS encodes some information in the filehandles, so when I'm doing a failover with the NFS clients (bringing the carp interface down on the master server), I get "Stale NFS file handle". Linux has an fsid option, which can be specified in exports, but as far as I can understand what's going under the hood it's only part of the problem. Due to inode numbers (and maybe other reasons) I need to have a common, shared file system between the NFS servers to have file handles in sync. Do you see any possible solutions, which could satisfy this (thought to be) simple need of having a master and slave NFS servers with a virtual IP without client side support? As for the client side, Solaris has the capability of doing NFS client failover (reported to have some problems, but for now I would have only FreeBSD clients), and AMD has multiple server support, but I don't know how does that work with FreeBSD diskless boots yet. (root FS on NFS) Thanks, -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone: +3630 306 6758 http://www.fsn.hu/ From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 15:20:28 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6BDE16A4DF; Mon, 14 Aug 2006 15:20:28 +0000 (UTC) (envelope-from mark@immermail.com) Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10CAC43D49; Mon, 14 Aug 2006 15:20:28 +0000 (GMT) (envelope-from mark@immermail.com) Received: from mta1.lbl.gov (localhost [127.0.0.1]) by mta1.lbl.gov (8.13.7/8.13.7) with ESMTP id k7EFKQnM025217; Mon, 14 Aug 2006 08:20:26 -0700 (PDT) Received: from [172.16.1.37] ([71.141.151.6]) by mta1.lbl.gov (8.13.7/8.13.7) with ESMTP id k7EFKP77025211 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Aug 2006 08:20:25 -0700 (PDT) Message-ID: <44E094B9.1090303@immermail.com> Date: Mon, 14 Aug 2006 08:20:25 -0700 From: mark User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: Christian Brueffer References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> <20060814124810.GB96644@cell.sick.ru> <20060814130452.GD1763@haakonia.hitnet.RWTH-Aachen.DE> In-Reply-To: <20060814130452.GD1763@haakonia.hitnet.RWTH-Aachen.DE> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.4/1659/Mon Aug 14 01:44:22 2006 on mta1 X-Virus-Status: Clean Cc: freebsd-net@FreeBSD.org, Gleb Smirnoff Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 15:20:28 -0000 Christian Brueffer wrote: > On Mon, Aug 14, 2006 at 04:48:10PM +0400, Gleb Smirnoff wrote: >> On Mon, Aug 14, 2006 at 02:45:28PM +0200, Christian Brueffer wrote: >> C> > m> >m> ngctl mkpeer . eiface hook ether >> C> > m> >m> ngctl mkpeer ngeth0: one2many lower one >> C> > m> >m> ngctl connect $if1: ngeth0:lower lower many0 >> C> > m> >m> ngctl connect $if2: ngeth0:lower lower many1 >> C> > m> >m> ifconfig ngeth0 -arp up >> C> > m> > >> C> > m> >And where is interface here? Either 10Gig or 1 Gig? I don't >> C> > m> >see one. >> C> > m> >> C> > m> This snippet is from a script, and the variables '$if1' and '$if2' >> C> > m> are set to the interfaces. In effect, the 'connect' lines above >> C> > m> are actually (for Neterion 10Gig driver): >> C> > m> >> C> > m> ngctl connect xge0: ngeth0:lower lower many0 >> C> > m> ngctl connect xge1: ngeth0:lower lower many0 >> C> > >> C> > Never heard about xge(4) driver. What is it? >> C> >> C> http://www.neterion.com/support/drivers/relnotes-fbsd_beta.txt >> C> >> C> FYI, the OpenBSD guys have a driver in their tree if someone wants to >> C> take a look. >> >> Well, we need at least one developer with at least one NIC. Or we need >> very responsive contact in Neterion and their willingness to maintain >> driver in FreeBSD tree. >> > > Right. BTW, small clarification of my words above: > > The driver first appeared in NetBSD and was ported to OpenBSD afterwards. > Unfortunately the CVS logs don't indicate whether or not they had > support from Neterion. It sounds like there's an assumption it's a driver problem. Note that the intel 10Gig driver (from Interl's website) also does not work with netgraph (works fine otherwise though) Is there something that drivers need to do to support netgraph? Mark From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 15:27:38 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FABC16A4E1; Mon, 14 Aug 2006 15:27:38 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 252BD43D77; Mon, 14 Aug 2006 15:27:29 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id k7EFRRkO009306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Aug 2006 19:27:27 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id k7EFRQpY009305; Mon, 14 Aug 2006 19:27:26 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 14 Aug 2006 19:27:26 +0400 From: Gleb Smirnoff To: mark Message-ID: <20060814152726.GE96644@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , mark , Christian Brueffer , freebsd-net@FreeBSD.org References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> <20060814124810.GB96644@cell.sick.ru> <20060814130452.GD1763@haakonia.hitnet.RWTH-Aachen.DE> <44E094B9.1090303@immermail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <44E094B9.1090303@immermail.com> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org, Christian Brueffer Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 15:27:38 -0000 On Mon, Aug 14, 2006 at 08:20:25AM -0700, mark wrote: m> It sounds like there's an assumption it's a driver problem. Note m> that the intel 10Gig driver (from Interl's website) also does not work m> with netgraph (works fine otherwise though) m> m> Is there something that drivers need to do to support netgraph? All Ethernet interfaces should instantly be supported by ng_ether(4). ATM, I have no idea why you have problems with Neterion and Intel interfaces. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 15:43:39 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D863116A4DE; Mon, 14 Aug 2006 15:43:39 +0000 (UTC) (envelope-from mark@immermail.com) Received: from mta2.lbl.gov (mta2.lbl.gov [128.3.41.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B02643D45; Mon, 14 Aug 2006 15:43:39 +0000 (GMT) (envelope-from mark@immermail.com) Received: from mta2.lbl.gov (localhost [127.0.0.1]) by mta2.lbl.gov (8.13.7/8.13.7) with ESMTP id k7EFhc17028833; Mon, 14 Aug 2006 08:43:38 -0700 (PDT) Received: from [172.16.1.37] ([71.141.151.6]) by mta2.lbl.gov (8.13.7/8.13.7) with ESMTP id k7EFhbbx028830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Aug 2006 08:43:38 -0700 (PDT) Message-ID: <44E09A29.2010909@immermail.com> Date: Mon, 14 Aug 2006 08:43:37 -0700 From: mark User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: Gleb Smirnoff , Christian Brueffer , freebsd-net@FreeBSD.org References: <44D11785.1080107@immermail.com> <20060811111541.GE96644@FreeBSD.org> <44DC9A51.3030303@immermail.com> <20060814105120.GT96644@FreeBSD.org> <20060814124528.GC1763@haakonia.hitnet.RWTH-Aachen.DE> <20060814124810.GB96644@cell.sick.ru> <20060814130452.GD1763@haakonia.hitnet.RWTH-Aachen.DE> <44E094B9.1090303@immermail.com> <20060814152726.GE96644@cell.sick.ru> In-Reply-To: <20060814152726.GE96644@cell.sick.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.4/1659/Mon Aug 14 01:44:22 2006 on mta2 X-Virus-Status: Clean Cc: Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 15:43:39 -0000 Gleb Smirnoff wrote: > On Mon, Aug 14, 2006 at 08:20:25AM -0700, mark wrote: > m> It sounds like there's an assumption it's a driver problem. Note > m> that the intel 10Gig driver (from Interl's website) also does not work > m> with netgraph (works fine otherwise though) > m> > m> Is there something that drivers need to do to support netgraph? > > All Ethernet interfaces should instantly be supported by ng_ether(4). > ATM, I have no idea why you have problems with Neterion and Intel > interfaces. That's what I thought. Is there anything I can send along that would be of use, such as ngctl output with debug on? Mark From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 15:55:19 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF09D16A4DA for ; Mon, 14 Aug 2006 15:55:19 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C7F243D45 for ; Mon, 14 Aug 2006 15:55:19 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: (qmail 19499 invoked from network); 15 Aug 2006 01:55:18 +1000 Received: from 203-217-35-114.dyn.iinet.net.au (HELO localhost) (203.217.35.114) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 15 Aug 2006 01:55:18 +1000 Date: Tue, 15 Aug 2006 01:55:13 +1000 From: Norberto Meijome To: Brett Glass Message-ID: <20060815015513.7992473c@localhost> In-Reply-To: <7.0.1.0.2.20060810212047.073f0078@lariat.net> References: <7.0.1.0.2.20060810201735.067258b0@lariat.net> <44DBF2BB.5080202@micom.mng.net> <7.0.1.0.2.20060810212047.073f0078@lariat.net> X-Mailer: Sylpheed-Claws 2.4.0 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Ganbold , net@freebsd.org Subject: Re: Big PPTP server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 15:55:19 -0000 On Thu, 10 Aug 2006 21:32:22 -0600 Brett Glass wrote: > This company hasn't been using a RADIUS server. They have an Active > Directory server (yuck!), but I don't know if it would be useful > for this purpose. As much as it's a MS solution, why reinvent the wheel / kill yourself over complexities. in MS World, IAS (Internet Authentication Service) provides Radius services. It obviously talks to AD. some more info : google for 'radius server active directory' eg... http://www.enterasys.com/support/manuals/Pol_Mgr1_8-web/docs/p_win2000_config.html Beto From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 15:55:53 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3F6216A4DD for ; Mon, 14 Aug 2006 15:55:53 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 498F343D6D for ; Mon, 14 Aug 2006 15:55:51 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (mdazwt@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k7EFtiUu092648 for ; Mon, 14 Aug 2006 17:55:49 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k7EFthXw092647; Mon, 14 Aug 2006 17:55:43 +0200 (CEST) (envelope-from olli) Date: Mon, 14 Aug 2006 17:55:43 +0200 (CEST) Message-Id: <200608141555.k7EFthXw092647@lurza.secnetix.de> From: Oliver Fromme To: freebsd-net@FreeBSD.ORG In-Reply-To: <44E07636.4090403@fsn.hu> X-Newsgroups: list.freebsd-net User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Mon, 14 Aug 2006 17:55:49 +0200 (CEST) Cc: Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@FreeBSD.ORG List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 15:55:53 -0000 Attila Nagy wrote: > I would like to run diskless clients (they are actually servers) from > FreeBSD, but I don't like having a SPoF at the NFS server level and > don't want to use expensive out of the box solutions, like a NAS with a > SAN behind it. We use NetApp Filer clusters (NAS) for that purpose. They aren't cheap, but they work very well. > So in theory, having two FreeBSD boxes, both with the NFS service on a > CARP-based virtual IP would perfectly fit my needs. > > The only problem is that NFS encodes some information in the > filehandles, so when I'm doing a failover with the NFS clients (bringing > the carp interface down on the master server), I get "Stale NFS file > handle". That's to be expected. NFS file handles are based on the inode number. That means if you want to have a fail-over that's transparent for the client, your NFS servers would need to have the same inode numebrs for their files. Normally, the only way to achieve that is to duplicate the file system from the master to the slaves using dd(1). However, dd(1) has several drawbacks: First, it takes a long time, because it copies everything, including blocks that aren't allocated at all. Second (and most important), if you copy a live file system (i.e. one that is mounted read+write) with dd(1), the copy won't be in a consistent state and will at the very least need to be fsck(8)ed (and If you're unlucky, even fsck(8) won't be able to fix it). One solution to the latter problem might be to take a snapshot of the filesystem (see mksnap_ffs(8)) and the copy that snapshot (which is read-only) with dd(1). If the contents of the NFS exported file system don't change very often, that might be a workable solution. There's another possibility, but I haven't tried it for myself, so it's just theory. :-) You can try to put geom_mirror (see gmirror(8)) on top of geom_gate (see ggated(8), ggatec(8)). Then you will have a RAID1 with one component local and the other component remote. However, I think it only works reliably in read-only mode. > As for the client side, Solaris has the capability of doing NFS client > failover (reported to have some problems, but for now I would have only > FreeBSD clients), and AMD has multiple server support, but I don't know > how does that work with FreeBSD diskless boots yet. (root FS on NFS) I don't know if this is an option for you, but you can also put a minimal root file system into the kernel (md file system), just sufficient to get networking + AMD running, and mount everything else via NFS. Another possibility is to put a CompactFlash card to boot from into the machines (could be read-only). CF cards and CF-IDE/ATA adapters are fairly cheap nowadays. 512 MB cards are about 20 Euros over here, and that's more than enough to contain a root FS and even a bit more for convenience. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "That's what I love about GUIs: They make simple tasks easier, and complex tasks impossible." -- John William Chambless From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 18:40:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E3D816A4E1 for ; Mon, 14 Aug 2006 18:40:53 +0000 (UTC) (envelope-from simonw@matteworld.com) Received: from pop-siberian.atl.sa.earthlink.net (pop-siberian.atl.sa.earthlink.net [207.69.195.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57CE343D76 for ; Mon, 14 Aug 2006 18:40:49 +0000 (GMT) (envelope-from simonw@matteworld.com) Received: from user-119bq9k.biz.mindspring.com ([66.149.233.52] helo=matteworld.com) by pop-siberian.atl.sa.earthlink.net with esmtp (Exim 3.36 #1) id 1GChMk-0004Qx-00; Mon, 14 Aug 2006 14:40:47 -0400 Message-ID: <44E0C3AC.7030603@matteworld.com> Date: Mon, 14 Aug 2006 11:40:44 -0700 From: Simon Walton User-Agent: Mozilla/5.0 (X11; U; IRIX IP32; en-US; rv:1.6) Gecko/20040505 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mike Silbersack References: <44DD1909.40703@matteworld.com> <20060811203041.E44075@odysseus.silby.com> In-Reply-To: <20060811203041.E44075@odysseus.silby.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Long keepidle time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 18:40:53 -0000 Mike Silbersack wrote: > > On Fri, 11 Aug 2006, Simon Walton wrote: > >> Is there any reason why the default initial timeout for keep alive >> packets needs to be as long as two hours? This period causes the >> dynamic rules in my firewall filter to timeout. >> >> Is there a major objection to reducing the default idle time to >> say 3 to 5 minutes? >> >> Simon Walton > > > On reason behind a 2 hour keepalive is so that you don't have a 2 minute > network outage that causes all your connections to timeout. > > Of course, as you point out, in the modern age of firewalls, more > frequent keepalives can be a good thing. > > I don't forsee us changing FreeBSD's default keepalive setting, but > you're more than welcome to change the setting on your own system. > > Also note that ipfw2 sends keepalive packets on its own, maybe you could > switch to it and/or add that functionality to your favorite firewall > package. :) Thanks. I did not go with ipfw2 partly because of concerns about whether it was stable enough (this is on 4.10) and also because it requires rebuilding part of userland. Perhaps this would be the way to go after all. Note that the probes are retransmitted a few times (I think eight times) before the connection is considered dead, so it would take longer than two minutes. Simon Walton From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 18:43:53 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0914816A4DA for ; Mon, 14 Aug 2006 18:43:53 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71DBF43D45 for ; Mon, 14 Aug 2006 18:43:52 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 2CD0584408 for ; Mon, 14 Aug 2006 20:43:50 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 80823-06 for ; Mon, 14 Aug 2006 20:43:30 +0200 (CEST) Received: from [172.16.164.68] (fw.axelero.hu [195.228.243.120]) by people.fsn.hu (Postfix) with ESMTP id 46D3A84426 for ; Mon, 14 Aug 2006 20:43:30 +0200 (CEST) Message-ID: <44E0C450.8050602@fsn.hu> Date: Mon, 14 Aug 2006 20:43:28 +0200 From: Attila Nagy User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG References: <200608141555.k7EFthXw092647@lurza.secnetix.de> In-Reply-To: <200608141555.k7EFthXw092647@lurza.secnetix.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Cc: Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 18:43:53 -0000 On 2006. 08. 14. 17:55, Oliver Fromme wrote: > We use NetApp Filer clusters (NAS) for that purpose. > They aren't cheap, but they work very well. I don't like blackboxes with nice GUIs. :) > NFS file handles are based on the inode number. That means > if you want to have a fail-over that's transparent for the > client, your NFS servers would need to have the same inode > numebrs for their files. Normally, the only way to achieve > that is to duplicate the file system from the master to the > slaves using dd(1). I've already did that (a vnode backed md), but that's not too comfortable in the long run. > There's another possibility, but I haven't tried it for > myself, so it's just theory. :-) You can try to put > geom_mirror (see gmirror(8)) on top of geom_gate (see > ggated(8), ggatec(8)). Then you will have a RAID1 with > one component local and the other component remote. > However, I think it only works reliably in read-only > mode. Yes, both of them must be read only, several years ago I've used a similar setup, but with a shared SCSI disk. Read only on the client side is OK for me, but is hard to maintain on the server side. I guess it would be possible to do this RW, mounted only on the master and if it fails, remounted (fscked, etc) on the slave, but I consider that a little bit hackish. I can solve this problem with Linux, but I would like to do it with FreeBSD, that's why I'm asking. Maybe somebody has a clever idea, which can make it possible on FreeBSD, without the above hassles. Of course what is really needed here is a cluster filesystem, or an NFS server/file system which can solve this problem at its level. > I don't know if this is an option for you, but you can > also put a minimal root file system into the kernel > (md file system), just sufficient to get networking + > AMD running, and mount everything else via NFS. Another Yes, I've also thought of that, but that has drawbacks too. Thanks for the ideas. -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone: +3630 306 6758 http://www.fsn.hu/ From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 18:45:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B2AA16A4DA for ; Mon, 14 Aug 2006 18:45:32 +0000 (UTC) (envelope-from nayak_purushotham@yahoo.com) Received: from web56114.mail.re3.yahoo.com (web56114.mail.re3.yahoo.com [216.252.110.208]) by mx1.FreeBSD.org (Postfix) with SMTP id 885EC43D45 for ; Mon, 14 Aug 2006 18:45:31 +0000 (GMT) (envelope-from nayak_purushotham@yahoo.com) Received: (qmail 14157 invoked by uid 60001); 14 Aug 2006 18:45:30 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Lyd+IZtQoS4Kzrh6LREUsmPM/vyQOYvJkkg2fj88iE1i6hQQSVI6oqXg5j1LEPj6Oo+SgfMjpnbvE34u/MP3F6Sfd6yVQgVtI7XCA939ihLpajsmqUybki4E4fMqAXAweXGJvD6PGCzXSLh/H3KYYdZzxJzfWHoduTr667HxZnw= ; Message-ID: <20060814184530.14155.qmail@web56114.mail.re3.yahoo.com> Received: from [209.136.0.128] by web56114.mail.re3.yahoo.com via HTTP; Mon, 14 Aug 2006 11:45:30 PDT Date: Mon, 14 Aug 2006 11:45:30 -0700 (PDT) From: Purushotham Nayak To: freebsd-net@freebsd.org In-Reply-To: <20060804120040.D657A16A5C4@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: freebsd-net Digest, Vol 175, Issue 5 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 18:45:32 -0000 Hi Jax, Thanks for the info. Do you know any place that might have more on the bridge interface. It's supposed to work according to the documentation, but I just can't see what I'm doing wrong. -Nayak Message: 6 Date: Thu, 03 Aug 2006 20:07:08 +0200 From: Jax Subject: Re: ethernet bridge and dhcpd To: freebsd-net@freebsd.org Message-ID: <44D23B4C.6060202@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Purushotham Nayak wrote: > Hi All, > > Hey! Sorry you dind't get my answer first because I sent in wrong format, so i post it again: Here is a thought, don't setup dhcp server on a bridge. I tried to use firewalling on this but it works differently than in linux where you can control the traffic with --physdev-in -out, you can't determine that which card where the traffic come from and which where it goes, i read something in a handbook but dont remember atm so try to accept all packet on the firewall. You can try to tell dhcpd which interface you want to use but it's possible it won't work. > I have a routerboard with two ethernet ports (sis0 and sis1). I've been trying top setup a bridge and also run the dhcpd server on it. I've setup sis0 with an IP address and sis1 is just marked up in rc.conf. The bridge seems to work because if I statically assign an IP address to a laptop and connect it to sis1 I can ping the routers IP which is what is assigned to sis0. But the laptop cannot get an IP using DHCP. tcpdumping on sis0 doesn't show me the DHCPREQUEST from the laptop that's coming in through sis1 (but it doesn't show me any traffic during ping request either but that's not broadcast so I guess that's expected). > > Here's my rc.conf > > ------------------------------------------------------------------------------------- > inetd_enable="YES" > ifconfig_sis0="inet 10.1.1.1 netmask 255.255.255.0" > broadcast parameter? > ifconfig_sis1="up" > ifconfig_ath0="down" > > gateway_enable="YES" > > this not requied for a bridge > dhcpd_enable="YES" > dhcpd_flags="-q" > try to setup the interface as i told > dhcpd_conf=/usr/local/etc/dhcpd.conf" > ----------------------------------------------------------------------- > > And here is my dhcpd.conf > > ------------------------------------------------------------------------- > ddns-update-style ad-hoc; > default-lease-time 600; > max-lease-time 7200; > > subnet 10.1.1.0 netmask 255.255.255.0 { > range 10.1.1.64 10.1.1.250; > option routers 10.1.1.1; > } > ------------------------------------------------------------------- > > Can anyone please let me know if there is something I'm doing wrong. > > nayak > > I hope it will help. Regards, JaX --------------------------------- Stay in the know. Pulse on the new Yahoo.com. Check it out. From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 20:23:03 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3A1116A4DA for ; Mon, 14 Aug 2006 20:23:03 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id D57CA43D5A for ; Mon, 14 Aug 2006 20:23:02 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 5294184434 for ; Mon, 14 Aug 2006 22:23:01 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 87595-03 for ; Mon, 14 Aug 2006 22:20:45 +0200 (CEST) Received: from [192.168.1.100] (catv-5063ae1e.catv.broadband.hu [80.99.174.30]) by people.fsn.hu (Postfix) with ESMTP id E41D284408 for ; Mon, 14 Aug 2006 22:20:44 +0200 (CEST) Message-ID: <44E0DB19.7030903@fsn.hu> Date: Mon, 14 Aug 2006 22:20:41 +0200 From: Attila Nagy User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> In-Reply-To: <44E0C450.8050602@fsn.hu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Cc: Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 20:23:03 -0000 On 2006. 08. 14. 20:43, Attila Nagy wrote: > that a little bit hackish. I can solve this problem with Linux, but I > would like to do it with FreeBSD, that's why I'm asking. Maybe somebody > has a clever idea, which can make it possible on FreeBSD, without the > above hassles. BTW, is there a feature, like Solaris client side NFS failover planned or in the works? See: http://docs.sun.com/app/docs/doc/816-4555/6maoquib7?a=view#rfsrefer-51 and http://cvs.opensolaris.org/source/search?q=failover&path=%2Fon%2Fusr%2Fsrc%2Futs%2Fcommon%2Ffs%2Fnfs http://cvs.opensolaris.org/source/xref/on/usr/src/uts/common/fs/nfs/nfs_subr.c I don't want to use more than one IP on the client side, because I'm serving from a virtual IP (but it's possible to have two virtual IPs with the same machines :), but it's perfectly OK if the client would do a remap in the case of a stale handle, or anything else, this failover stuff does. Thanks, -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone: +3630 306 6758 http://www.fsn.hu/ From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 21:43:23 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56E1816A4DA; Mon, 14 Aug 2006 21:43:23 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12F1943D46; Mon, 14 Aug 2006 21:43:23 +0000 (GMT) (envelope-from brooks@FreeBSD.org) Received: from freefall.freebsd.org (brooks@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7ELhMWR030335; Mon, 14 Aug 2006 21:43:22 GMT (envelope-from brooks@freefall.freebsd.org) Received: (from brooks@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7ELhM6M030331; Mon, 14 Aug 2006 21:43:22 GMT (envelope-from brooks) Date: Mon, 14 Aug 2006 21:43:22 GMT From: Brooks Davis Message-Id: <200608142143.k7ELhM6M030331@freefall.freebsd.org> To: brooks@FreeBSD.org, freebsd-rc@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/102035: [plip] plip networking disables parallel port printing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 21:43:23 -0000 Old Synopsis: [plip] [patch] plip networking disables parallel port printing New Synopsis: [plip] plip networking disables parallel port printing Responsible-Changed-From-To: freebsd-rc->freebsd-net Responsible-Changed-By: brooks Responsible-Changed-When: Mon Aug 14 21:42:04 UTC 2006 Responsible-Changed-Why: The patch involving the rc system is a red herring. The actual bug is in the plip interface. http://www.freebsd.org/cgi/query-pr.cgi?pr=102035 From owner-freebsd-net@FreeBSD.ORG Mon Aug 14 21:50:21 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F59E16A4DA for ; Mon, 14 Aug 2006 21:50:21 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B258D43D4C for ; Mon, 14 Aug 2006 21:50:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7ELoKPS030739 for ; Mon, 14 Aug 2006 21:50:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7ELoK2Q030738; Mon, 14 Aug 2006 21:50:20 GMT (envelope-from gnats) Date: Mon, 14 Aug 2006 21:50:20 GMT Message-Id: <200608142150.k7ELoK2Q030738@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Brooks Davis Cc: Subject: Re: misc/102035: plip networking disables parallel port printing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Brooks Davis List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Aug 2006 21:50:21 -0000 The following reply was made to PR kern/102035; it has been noted by GNATS. From: Brooks Davis To: George Mitchell Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: misc/102035: plip networking disables parallel port printing Date: Mon, 14 Aug 2006 16:41:17 -0500 If the included patch works, the plip interface is buggy. Interfaces should not enter the up state unless the administrator causes them to do so and thus this patch should have no effect. -- Brooks From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 12:25:42 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECAB216A4DE for ; Tue, 15 Aug 2006 12:25:42 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86E5243D8E for ; Tue, 15 Aug 2006 12:25:36 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 1A1567C222; Tue, 15 Aug 2006 08:25:58 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id BD6487C16A; Tue, 15 Aug 2006 08:25:56 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GCxzB-000NNm-6i; Tue, 15 Aug 2006 13:25:33 +0100 Date: Tue, 15 Aug 2006 13:25:33 +0100 From: Brian Candler To: Attila Nagy Message-ID: <20060815122533.GB89848@uk.tiscali.com> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44E0C450.8050602@fsn.hu> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 12:25:43 -0000 On Mon, Aug 14, 2006 at 08:43:28PM +0200, Attila Nagy wrote: > >We use NetApp Filer clusters (NAS) for that purpose. > >They aren't cheap, but they work very well. > I don't like blackboxes with nice GUIs. :) They have a command-line interface too :) Seriously, these are really excellent devices. > >There's another possibility, but I haven't tried it for > >myself, so it's just theory. :-) You can try to put > >geom_mirror (see gmirror(8)) on top of geom_gate (see > >ggated(8), ggatec(8)). Then you will have a RAID1 with > >one component local and the other component remote. > >However, I think it only works reliably in read-only > >mode. > Yes, both of them must be read only, several years ago I've used a > similar setup, but with a shared SCSI disk. > Read only on the client side is OK for me, but is hard to maintain on > the server side. > I guess it would be possible to do this RW, mounted only on the master > and if it fails, remounted (fscked, etc) on the slave, but I consider > that a little bit hackish. The filesystems would have to be mounted RO on both NFS servers, in other words be entirely static content. This is because both boxes have local caches. If an update were to occur on box 1, and be propagated to box 2 via ggated, then even if box 2 has the filesystem mounted RO it will then have stale data in its local caches of disk blocks and inodes, because the blocks on disk have changed under its feet. At best, the wrong data will be served. At worst, the whole filesystem will crash due to inconsistencies. So to make an update, you would have to unmount from box 2, remount RW on box 1, make the change, remount RO on box 1, and mount RO again on box 2. > I can solve this problem with Linux How? > Of course what is really needed here is a cluster filesystem, or an NFS > server/file system which can solve this problem at its level. Indeed. This was discussed at some length before, and the same answers were given. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 12:30:45 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3391016A4DE for ; Tue, 15 Aug 2006 12:30:45 +0000 (UTC) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65D0643D72 for ; Tue, 15 Aug 2006 12:30:38 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (moof.catpipe.net [195.249.214.130]) by localhost.catpipe.net (Postfix) with ESMTP id BAD3863489C; Tue, 15 Aug 2006 14:30:36 +0200 (CEST) Received: from moof.catpipe.net ([195.249.214.130]) by localhost (moof.catpipe.net [195.249.214.130]) (amavisd-new, port 10024) with ESMTP id 09280-08; Tue, 15 Aug 2006 14:30:36 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id DDDD163474C; Tue, 15 Aug 2006 14:30:35 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id E0C0978C31; Tue, 15 Aug 2006 14:30:32 +0200 (CEST) Date: Tue, 15 Aug 2006 14:30:32 +0200 From: Phil Regnauld To: Brian Candler Message-ID: <20060815123032.GR8503@catpipe.net> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060815122533.GB89848@uk.tiscali.com> X-Operating-System: FreeBSD 6.1-PRERELEASE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.11 X-Virus-Scanned: amavisd-new at catpipe.net Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 12:30:45 -0000 Brian Candler (B.Candler) writes: > > So to make an update, you would have to unmount from box 2, remount RW on > box 1, make the change, remount RO on box 1, and mount RO again on box 2. To make it short: if you want a reliable NFS head, you need NetApp. If you want to make failover, you'll need something like WAFL that has virtual inodes and allows for concurrent access from multiple writers. This is more of a freebsd-fs discussion. From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 12:45:16 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66BF616A4DA for ; Tue, 15 Aug 2006 12:45:16 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id E636C43D5F for ; Tue, 15 Aug 2006 12:45:15 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 570AD84453; Tue, 15 Aug 2006 14:45:13 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 57999-07; Tue, 15 Aug 2006 14:44:54 +0200 (CEST) Received: from [IPv6:::1] (unknown [192.168.2.3]) by people.fsn.hu (Postfix) with ESMTP id 62FF384452; Tue, 15 Aug 2006 14:44:53 +0200 (CEST) Message-ID: <44E1C1C4.5030407@fsn.hu> Date: Tue, 15 Aug 2006 14:44:52 +0200 From: Attila Nagy User-Agent: Thunderbird 1.5.0.5 (X11/20060731) MIME-Version: 1.0 To: Brian Candler References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> In-Reply-To: <20060815122533.GB89848@uk.tiscali.com> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 12:45:16 -0000 On 08/15/06 14:25, Brian Candler wrote: > On Mon, Aug 14, 2006 at 08:43:28PM +0200, Attila Nagy wrote: >>> We use NetApp Filer clusters (NAS) for that purpose. >>> They aren't cheap, but they work very well. >> I don't like blackboxes with nice GUIs. :) > They have a command-line interface too :) Seriously, these are really > excellent devices. I know, but I would like to solve this problem without buying (or using our existing) NAS boxes. >> I can solve this problem with Linux > How? With a shared filesystem of course. BTW, I'm much more interested in the Solaris NFS failover mode now. Any chance that the NFS guys can take a look at it? It's a pretty old feature and can be very useful in any scenarios, where RO NFS mounts are enough. Thanks, -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone: +3630 306 6758 http://www.fsn.hu/ From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 14:47:21 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D586916A4DF for ; Tue, 15 Aug 2006 14:47:21 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4002143D46 for ; Tue, 15 Aug 2006 14:47:21 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 692CF28D89; Tue, 15 Aug 2006 10:47:42 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 3A3F95EE0D; Tue, 15 Aug 2006 10:47:41 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GD0CL-000NUK-Oe; Tue, 15 Aug 2006 15:47:18 +0100 Date: Tue, 15 Aug 2006 15:47:17 +0100 From: Brian Candler To: Attila Nagy Message-ID: <20060815144717.GB90256@uk.tiscali.com> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> <44E1C1C4.5030407@fsn.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44E1C1C4.5030407@fsn.hu> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 14:47:21 -0000 On Tue, Aug 15, 2006 at 02:44:52PM +0200, Attila Nagy wrote: > >>I can solve this problem with Linux > >How? > With a shared filesystem of course. Specifically, which one? If there is a good filesystem for this application perhaps it could be ported. From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 15:32:11 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFEB916A4DE for ; Tue, 15 Aug 2006 15:32:11 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEA9743D7E for ; Tue, 15 Aug 2006 15:32:09 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id DAEAD8445C; Tue, 15 Aug 2006 17:32:07 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 69923-06; Tue, 15 Aug 2006 17:31:49 +0200 (CEST) Received: from [IPv6:::1] (unknown [192.168.2.3]) by people.fsn.hu (Postfix) with ESMTP id 5900184454; Tue, 15 Aug 2006 17:31:49 +0200 (CEST) Message-ID: <44E1E8E4.8010307@fsn.hu> Date: Tue, 15 Aug 2006 17:31:48 +0200 From: Attila Nagy User-Agent: Thunderbird 1.5.0.5 (X11/20060731) MIME-Version: 1.0 To: Brian Candler References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> <44E1C1C4.5030407@fsn.hu> <20060815144717.GB90256@uk.tiscali.com> In-Reply-To: <20060815144717.GB90256@uk.tiscali.com> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 15:32:11 -0000 On 08/15/06 16:47, Brian Candler wrote: > On Tue, Aug 15, 2006 at 02:44:52PM +0200, Attila Nagy wrote: >>>> I can solve this problem with Linux >>> How? >> With a shared filesystem of course. > Specifically, which one? If there is a good filesystem for this application > perhaps it could be ported. Any of them would do for read only shares. For read write ones, lock coherence would be the major issue I think. Specifically having OCFS2 or GFS would be as cool as having ZFS for FreeBSD. :) -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone: +3630 306 6758 http://www.fsn.hu/ From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 18:21:01 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09B4116A4E1 for ; Tue, 15 Aug 2006 18:21:01 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23E2343D73 for ; Tue, 15 Aug 2006 18:20:53 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/8.12.11/smtpout03/MantshX 4.0) with ESMTP id k7FIKpiO013057; Tue, 15 Aug 2006 11:20:51 -0700 (PDT) Received: from [17.214.14.142] (a17-214-14-142.apple.com [17.214.14.142]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id k7FIKmUs002794; Tue, 15 Aug 2006 11:20:50 -0700 (PDT) In-Reply-To: <20060815123032.GR8503@catpipe.net> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> <20060815123032.GR8503@catpipe.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <6FAF95DA-76D5-4D72-A3C5-88AEA6F13267@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Tue, 15 Aug 2006 11:20:47 -0700 To: Phil Regnauld X-Mailer: Apple Mail (2.752.2) Cc: freebsd-net@FreeBSD.ORG, Brian Candler Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 18:21:01 -0000 On Aug 15, 2006, at 5:30 AM, Phil Regnauld wrote: > Brian Candler (B.Candler) writes: >> So to make an update, you would have to unmount from box 2, >> remount RW on >> box 1, make the change, remount RO on box 1, and mount RO again on >> box 2. > > To make it short: if you want a reliable NFS head, you need NetApp. > If you want to make failover, you'll need something like WAFL that > has virtual inodes and allows for concurrent access from multiple > writers. This is more of a freebsd-fs discussion. I think Solaris also makes a reliable NFS platform, and it even supports failover and replication for read-only mounts. For read/ write replicated filesystems, you're probably looking at AFS (Andrew File System, but an opensource version is at www.openafs.org from IBM, who apparently bought out Transarc) or maybe Coda. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 18:50:31 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C4AD16A4DE for ; Tue, 15 Aug 2006 18:50:31 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 481F643D7C for ; Tue, 15 Aug 2006 18:50:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7FIoOW3056323 for ; Tue, 15 Aug 2006 18:50:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7FIoO1J056322; Tue, 15 Aug 2006 18:50:24 GMT (envelope-from gnats) Date: Tue, 15 Aug 2006 18:50:24 GMT Message-Id: <200608151850.k7FIoO1J056322@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: George Mitchell Cc: Subject: Re: kern/102035: [plip] plip networking disables parallel port printing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: George Mitchell List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 18:50:31 -0000 The following reply was made to PR kern/102035; it has been noted by GNATS. From: George Mitchell To: bug-followup@FreeBSD.org, george@m5p.com Cc: Subject: Re: kern/102035: [plip] plip networking disables parallel port printing Date: Tue, 15 Aug 2006 11:48:19 -0700 Originally submitted patch does not work; please ignore. -- George From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 19:19:33 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB8E716A4DD for ; Tue, 15 Aug 2006 19:19:33 +0000 (UTC) (envelope-from archie@dellroad.org) Received: from flpvm23.prodigy.net (flpvm23.prodigy.net [207.115.20.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 976A343D45 for ; Tue, 15 Aug 2006 19:19:33 +0000 (GMT) (envelope-from archie@dellroad.org) X-ORBL: [75.2.139.61] Received: from [192.168.1.100] (adsl-75-2-139-61.dsl.pltn13.sbcglobal.net [75.2.139.61]) by flpvm23.prodigy.net (8.13.7 out spool5000 dk/8.13.7) with ESMTP id k7FJJxol008263; Tue, 15 Aug 2006 12:20:00 -0700 Message-ID: <44E21E38.1060901@dellroad.org> Date: Tue, 15 Aug 2006 14:19:20 -0500 From: Archie Cobbs User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Brett Glass References: <7.0.1.0.2.20060810201735.067258b0@lariat.net> <44DBF2BB.5080202@micom.mng.net> <7.0.1.0.2.20060810212047.073f0078@lariat.net> <44DBFC05.6080804@elischer.org> <7.0.1.0.2.20060810220804.08de8568@lariat.net> <44DCB4D8.4020901@elischer.org> <44DF51C1.8000306@dellroad.org> <7.0.1.0.2.20060813182130.06f54060@lariat.net> In-Reply-To: <7.0.1.0.2.20060813182130.06f54060@lariat.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Ganbold , Julian Elischer , net@freebsd.org Subject: Re: Big PPTP server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 19:19:33 -0000 Brett Glass wrote: >> It was not originally intended as a large scale server. It could be >> adapted to that fairly easily but no one has done so yet. > > I might be motivated to try; however, I would need to understand more about its architecture (and about Netgraph, whose mysteries I haven't plumbed). Also, I understand that at least some of the code is from a very old implementation of PPP that was written in Japan many years ago. That's true.. it was based on the original "ppp" program. > Have you thought about how such modifications might be made? Not really.. it's been about 10 years since I was last really hacking on mpd :-) -Archie From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 19:37:24 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1322116A4DD for ; Tue, 15 Aug 2006 19:37:24 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAF9F43D8E for ; Tue, 15 Aug 2006 19:37:09 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 33E547C71A; Tue, 15 Aug 2006 15:37:31 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id C1F8F7B831; Tue, 15 Aug 2006 15:37:28 -0400 (EDT) Received: from brian by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GD4il-000Nhx-TG; Tue, 15 Aug 2006 20:37:03 +0100 Date: Tue, 15 Aug 2006 20:37:03 +0100 From: Brian Candler To: Chuck Swiger Message-ID: <20060815193703.GA91105@uk.tiscali.com> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> <20060815123032.GR8503@catpipe.net> <6FAF95DA-76D5-4D72-A3C5-88AEA6F13267@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6FAF95DA-76D5-4D72-A3C5-88AEA6F13267@mac.com> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 19:37:24 -0000 On Tue, Aug 15, 2006 at 11:20:47AM -0700, Chuck Swiger wrote: > On Aug 15, 2006, at 5:30 AM, Phil Regnauld wrote: > >Brian Candler (B.Candler) writes: > >>So to make an update, you would have to unmount from box 2, > >>remount RW on > >>box 1, make the change, remount RO on box 1, and mount RO again on > >>box 2. > > > > To make it short: if you want a reliable NFS head, you need NetApp. > > If you want to make failover, you'll need something like WAFL that > > has virtual inodes and allows for concurrent access from multiple > > writers. This is more of a freebsd-fs discussion. > > I think Solaris also makes a reliable NFS platform, and it even > supports failover and replication for read-only mounts. For read/ > write replicated filesystems, you're probably looking at AFS (Andrew > File System, but an opensource version is at www.openafs.org from > IBM, who apparently bought out Transarc) or maybe Coda. Hmm, I'm not sure I'd want to run Maildir on either of those, or at least Coda. When I looked at Coda, ISTR you could have conflicting updates in disconnected operation which required manual intervention to fix. Admittedly this was a few years ago, maybe things have moved on since then. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Tue Aug 15 19:45:06 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5F3516A4DF for ; Tue, 15 Aug 2006 19:45:06 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7273B43D62 for ; Tue, 15 Aug 2006 19:44:59 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) by smtpout.mac.com (Xserve/8.12.11/smtpout02/MantshX 4.0) with ESMTP id k7FJivtk005245; Tue, 15 Aug 2006 12:44:57 -0700 (PDT) Received: from [17.214.14.142] (a17-214-14-142.apple.com [17.214.14.142]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id k7FJipuj009657; Tue, 15 Aug 2006 12:44:52 -0700 (PDT) In-Reply-To: <20060815193703.GA91105@uk.tiscali.com> References: <200608141555.k7EFthXw092647@lurza.secnetix.de> <44E0C450.8050602@fsn.hu> <20060815122533.GB89848@uk.tiscali.com> <20060815123032.GR8503@catpipe.net> <6FAF95DA-76D5-4D72-A3C5-88AEA6F13267@mac.com> <20060815193703.GA91105@uk.tiscali.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Tue, 15 Aug 2006 12:44:50 -0700 To: Brian Candler X-Mailer: Apple Mail (2.752.2) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 19:45:06 -0000 On Aug 15, 2006, at 12:37 PM, Brian Candler wrote: >> I think Solaris also makes a reliable NFS platform, and it even >> supports failover and replication for read-only mounts. For read/ >> write replicated filesystems, you're probably looking at AFS (Andrew >> File System, but an opensource version is at www.openafs.org from >> IBM, who apparently bought out Transarc) or maybe Coda. > > Hmm, I'm not sure I'd want to run Maildir on either of those, or at > least > Coda. When I looked at Coda, ISTR you could have conflicting > updates in > disconnected operation which required manual intervention to fix. > Admittedly > this was a few years ago, maybe things have moved on since then. I'm not sure about Coda & Maildir, but AFS has been used with Maildir for more than fifteen years with sites with tens of thousands of user accounts... -- -Chuck From owner-freebsd-net@FreeBSD.ORG Wed Aug 16 00:33:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D7C016A4EA for ; Wed, 16 Aug 2006 00:33:13 +0000 (UTC) (envelope-from herriojr@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id B025B43D5C for ; Wed, 16 Aug 2006 00:33:11 +0000 (GMT) (envelope-from herriojr@gmail.com) Received: by nf-out-0910.google.com with SMTP id n15so504408nfc for ; Tue, 15 Aug 2006 17:33:10 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ogAL9NvROMRE+RUbTj2c5ZiyrqutmEF1YcMVkDRzNKc6im2mDuUdVYtbD9kR57Rcx2n8eE6vzr5M2qTloTz+Nbtx/UILrwGDk/HJ97fsEQdw1ZLUC4aaKGD8mbT5odwn0k4yEPhfx2YfeJLUsosXwN8N5vySRAqOzWmlRGJnsjw= Received: by 10.49.10.3 with SMTP id n3mr39513nfi; Tue, 15 Aug 2006 17:33:10 -0700 (PDT) Received: by 10.78.143.11 with HTTP; Tue, 15 Aug 2006 17:33:09 -0700 (PDT) Message-ID: <6a56d69c0608151733x48746a04lfcae0ebe352ff35e@mail.gmail.com> Date: Tue, 15 Aug 2006 20:33:10 -0400 From: "Jonathan Herriott" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: ipw-firmware (Intel Pro/Wireless 2100 Driver) Help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 00:33:13 -0000 Hi All, I am having issues with the ipw-firmware working correctly. Under my windows partition, I see lots of wireless networks around my apartment, but when I get on my FreeBSD partition and do an ifconfig ipw0 scan, nothing shows up. Here's how I've been trying to check it (as root): # ipwcontrol -i ipw0 -r Radio is ON # ifconfig ipw0 scan SSID BSSID CHAN RATE S:N INT CAPS RONJON 00:13:46:a9:6d:30 6 54M 60:0 100 EPS Ulia 00:0d:88:eb:c5:f6 9 54M 26:0 100 EPS baba 00:09:5b:fb:c2:a8 11 54M 19:0 100 EPS Rainear21 00:0f:66:4c:1e:8f 11 54M 15:0 100 EP ASHOK 00:04:e2:a6:92:c9 6 54M 15:0 100 EPS 2WIRE550 00:12:88:dd:2e:e9 6 54M 23:0 100 EPS Then I configure for RONJON with the following: #ifconfig ipw0 ipw0: flags=8843 mtu 1500 inet6 fe80::204:23ff:fe6b:37ad%ipw0 prefixlen 64 scopeid 0x5 inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:04:23:6b:37:ad media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps) status: no carrier ssid RONJON channel 6 authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit txpowmax 100 bintval 100 I used dhclient to set everything up beyond the encryption stuff. I have also tried disabling wep encryption on my wireless router to make sure wlan_wep is not the problem. Here's the outcome of pings: # ping www.google.com ping: cannot resolve www.google.com: Host name lookup failure # ping 66.102.7.99 PING 66.102.7.99 (66.102.7.99): 56 data bytes ^C --- 66.102.7.99 ping statistics --- 133 packets transmitted, 0 packets received, 100% packet loss The last ping was waited on for about 5 minutes before I gave up. # ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ^C --- 192.168.0.1 ping statistics --- 17 packets transmitted, 0 packets received, 100% packet loss The last ping is for my router. I know it can communicate with the router as this is what I get via a dhclient: # dhclient ipw0 DHCPREQUEST on ipw0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.1 bound to 192.168.0.100 -- renewal in 302400 seconds. Any other type of traffic seems to wig out the connection. Anyone have any ideas on what's going on? I have been at this for quite some time, and I can't get it figured out. Any help on any other ways of debugging would be most appreciated. Thanks! Jon From owner-freebsd-net@FreeBSD.ORG Wed Aug 16 13:57:05 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A3A016A4E0 for ; Wed, 16 Aug 2006 13:57:05 +0000 (UTC) (envelope-from thomas@FreeBSD.ORG) Received: from melamine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [82.225.155.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA29A43D5F for ; Wed, 16 Aug 2006 13:57:04 +0000 (GMT) (envelope-from thomas@FreeBSD.ORG) Received: by melamine.cuivre.fr.eu.org (Postfix, from userid 1000) id 02D235C66F; Wed, 16 Aug 2006 15:57:04 +0200 (CEST) Date: Wed, 16 Aug 2006 15:57:03 +0200 From: Thomas Quinot To: freebsd-net@freebsd.org Message-ID: <20060816135703.GA84151@melamine.cuivre.fr.eu.org> References: <20060811211854.GA76597@melamine.cuivre.fr.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060811211854.GA76597@melamine.cuivre.fr.eu.org> X-message-flag: WARNING! Using Outlook can damage your computer. User-Agent: Mutt/1.5.11 Subject: Re: RFReview: remove aync IO from yppush X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 13:57:05 -0000 * Thomas Quinot, 2006-08-11 : > unsafe and unnecessary use of asynchronous I/O (F_ASYNC, SIGIO) on RPC This is now PR bin/102143. > Index: yppush_main.c > =================================================================== > RCS file: /space/mirror/ncvs/src/usr.sbin/yppush/yppush_main.c,v > retrieving revision 1.20 > diff -u -r1.20 yppush_main.c > --- yppush_main.c 12 Apr 2005 15:02:57 -0000 1.20 > +++ yppush_main.c 11 Aug 2006 21:17:21 -0000 Patch committed (with some changes) as yppush_main.c rev. 1.22. Thomas. From owner-freebsd-net@FreeBSD.ORG Wed Aug 16 15:33:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CC7316A4DF for ; Wed, 16 Aug 2006 15:33:33 +0000 (UTC) (envelope-from lysergius2001@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB59643D6E for ; Wed, 16 Aug 2006 15:33:27 +0000 (GMT) (envelope-from lysergius2001@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so211637uge for ; Wed, 16 Aug 2006 08:33:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Ls0H4iJCSl3gGM7KyVgtAcR+JbsrJsSBSmmyVrCBmzUXSpu9YDTQ2al+2Oke2bTReF8Vypuc9H3R4IobGWIbqqGl+HAv2+2KNqjKSjdh5dO/m2qk0Eef69PhTysZgIdyoccOzrTTjMprOZy2sL0k6knVE2ohMZmos0YuqxLEVrs= Received: by 10.67.101.8 with SMTP id d8mr409342ugm; Wed, 16 Aug 2006 08:33:26 -0700 (PDT) Received: by 10.66.237.2 with HTTP; Wed, 16 Aug 2006 08:33:26 -0700 (PDT) Message-ID: Date: Wed, 16 Aug 2006 16:33:26 +0100 From: lysergius2001 To: "Fabian Keil" In-Reply-To: <20060326162934.32d87841@localhost> MIME-Version: 1.0 References: <20060325101440.S31710@volatile.chemikals.org> <20060325181246.09a6ad58@localhost> <20060326011024.Y31710@volatile.chemikals.org> <20060326162934.32d87841@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, Wesley Morgan Subject: Re: Intel 3945ABG with NDIS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 15:33:33 -0000 > > I have the same problem with a Belkin F5D7000 card on 6.0. Seems to be no > way to change the settings via rc.conf or wicontrol. No idea what is > happening. I have never managed to get it to work, although I was able to > change settings in rc.conf once upon a time. -- Lysergius says, "Stay light, but trust gravity" From owner-freebsd-net@FreeBSD.ORG Wed Aug 16 21:32:23 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80AE116A4E5 for ; Wed, 16 Aug 2006 21:32:23 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from shrew.net (shrew.net [200.46.204.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C15A43D5D for ; Wed, 16 Aug 2006 21:32:21 +0000 (GMT) (envelope-from mgrooms@shrew.net) Received: from localhost (unknown [200.46.204.128]) by shrew.net (Postfix) with ESMTP id 9CD7A627960 for ; Wed, 16 Aug 2006 16:32:20 -0500 (CDT) Received: from shrew.net ([200.46.204.197]) by localhost (mx1.hub.org [200.46.204.128]) (amavisd-new, port 10024) with ESMTP id 66464-06 for ; Wed, 16 Aug 2006 21:32:19 +0000 (UTC) Received: from hole.shrew.net (24-155-109-240.dyn.grandenetworks.net [24.155.109.240]) by shrew.net (Postfix) with ESMTP id D758762795F for ; Wed, 16 Aug 2006 16:32:18 -0500 (CDT) Received: from [10.22.200.21] ([10.22.200.21]) by hole.shrew.net (8.13.6/8.13.6) with ESMTP id k7GEXGTq007082 for ; Wed, 16 Aug 2006 14:33:16 GMT (envelope-from mgrooms@shrew.net) Message-ID: <44E38F74.6080604@shrew.net> Date: Wed, 16 Aug 2006 16:34:44 -0500 From: Matthew Grooms User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Free Win32 VPN Client for use with FreeBSD ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 21:32:23 -0000 All, If anyone is interested in a free IPSEC client that can be used to connect Win2K/XP hosts to a FreeBSD IPSEC server using ipsec-tools, please visit the following url ... http://www.shrew.net/?page=software The software is intended to offer similar functionality to commercial packages by providing features like NAT traversal, split tunneling, specialized fragmentation, hybrid user authentication, modecfg for dynamic client configuration and much more. The 1.0 stable version is in release candidate status and 1.1 ( which adds DPD, SplitDNS and Dialup Adapter support ) is in alpha but is already quite usable. Feedback and comments are welcome off the freebsd list. Thanks, -Matthew From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 04:30:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCE5A16A4DE for ; Thu, 17 Aug 2006 04:30:40 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB55643D58 for ; Thu, 17 Aug 2006 04:30:39 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so613522pyc for ; Wed, 16 Aug 2006 21:30:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=f5tgsaAzWnqLlZjwmNfS3T6eVyw9mfcENJX2ZxCyDQeQ+6mM3riUs+TK32OjFBlPynOjYO6B8JrDpaNR2fOR4YvXlFfinFQnn7VZ86YNwzrSmZb3jaA91Thj99wG/XTWMEDeQDRkcMrsuW48CcgqxWOkiykaew2xUDRyIm5p0cQ= Received: by 10.35.128.1 with SMTP id f1mr2868186pyn; Wed, 16 Aug 2006 21:30:39 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 20sm55047nzp.2006.08.16.21.30.36; Wed, 16 Aug 2006 21:30:38 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k7H4WiSX051687 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Aug 2006 13:32:44 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k7H4Wgnd051686; Thu, 17 Aug 2006 13:32:42 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Thu, 17 Aug 2006 13:32:42 +0900 From: Pyun YongHyeon To: Daniel Ryslink Message-ID: <20060817043242.GF49739@cdnetworks.co.kr> References: <20060811100536.V80282@k2.vol.cz> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="8nsIa27JVQLqB7/C" Content-Disposition: inline In-Reply-To: <20060811100536.V80282@k2.vol.cz> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Problems with em interfaces on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 04:30:40 -0000 --8nsIa27JVQLqB7/C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Aug 11, 2006 at 10:06:00AM +0200, Daniel Ryslink wrote: > > Hello, > > We have currently upgraded one of our routers to Gigabit connectivity and > FreeBSD 6.1 Release. > > The hardware is Supermicro SuperServer 5015M-T - we have tried both the > integrated NIC and yet another external Intel NIC - specifically > > Intel PRO/1000 MT Dual Port Server Adapter > PWLA8492MT > > The problem is that several times a day, the following appears in > messages: > > Aug 11 08:41:44 b2 kernel: em0: watchdog timeout -- resetting > > accompanied with a loss of connectivity lasting for several seconds. > > We have tried using both the default driver that came with the FreeBSD > installation as well as the newest driver from Intel dated 2th April 2006 > compiled as a module, but the problem still persists. > > If anyone encountered the problem and has a solution, I would be very > grateful. > Because I can't reproduce it here and I failed to find a possible cause of the issue. As a last resort would you give attached patch a try? The patch was generated against latest stable. -- Regards, Pyun YongHyeon --8nsIa27JVQLqB7/C Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="em.debug.patch" --- if_em.c.orig Fri Aug 11 10:56:10 2006 +++ if_em.c Thu Aug 17 13:27:43 2006 @@ -943,6 +943,15 @@ return; } + /* Relaim pending Tx descriptors */ + em_txeof(adapter); + if (adapter->num_tx_desc_avail == adapter->num_tx_desc) { + device_printf(adapter->dev, + "Missing Tx completion interrupt!\n"); + EM_UNLOCK(adapter); + return; + } + if (em_check_for_link(&adapter->hw) == 0) device_printf(adapter->dev, "watchdog timeout -- resetting\n"); --8nsIa27JVQLqB7/C-- From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 07:45:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 992E116A4E0 for ; Thu, 17 Aug 2006 07:45:55 +0000 (UTC) (envelope-from daniel.ryslink@col.cz) Received: from k2.vol.cz (k2.vol.cz [195.250.128.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFB0B43D5A for ; Thu, 17 Aug 2006 07:45:54 +0000 (GMT) (envelope-from daniel.ryslink@col.cz) Received: from k2.vol.cz (k2.vol.cz [195.250.128.82]) by k2.vol.cz (8.12.11/8.12.9) with ESMTP id k7H7joQH093221; Thu, 17 Aug 2006 09:45:50 +0200 (CEST) (envelope-from daniel.ryslink@col.cz) Date: Thu, 17 Aug 2006 09:45:50 +0200 (CEST) From: Daniel Ryslink X-X-Sender: kamamura@k2.vol.cz To: Pyun YongHyeon In-Reply-To: <20060817043242.GF49739@cdnetworks.co.kr> Message-ID: <20060817094018.P92593@k2.vol.cz> References: <20060811100536.V80282@k2.vol.cz> <20060817043242.GF49739@cdnetworks.co.kr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-SpamTest-Info: Profile: Formal (496/060815) X-SpamTest-Info: Profile: Detect Standard (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking Spam - Subject (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release Cc: freebsd-net@freebsd.org Subject: Re: Problems with em interfaces on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 07:45:55 -0000 Hello, Thank you very much for your assistance. I am happy to report that we have been able to fix this problem. I just wanted to wait a day or two to be sure that it won't resurface again. The last steps we did were: 1) Upgrade SuperMicro SS5015M-T BIOS from version 1.1 to version 1.1a 2) Inclusion of 'debug.mpsafenet=0' into /boot/loader.conf suggested in this mailing list. I would guess that the step 2 was what really solved the problem. Best Regards Daniel Ryslink On Thu, 17 Aug 2006, Pyun YongHyeon wrote: > On Fri, Aug 11, 2006 at 10:06:00AM +0200, Daniel Ryslink wrote: > > > > Hello, > > > > We have currently upgraded one of our routers to Gigabit connectivity and > > FreeBSD 6.1 Release. > > > > The hardware is Supermicro SuperServer 5015M-T - we have tried both the > > integrated NIC and yet another external Intel NIC - specifically > > > > Intel PRO/1000 MT Dual Port Server Adapter > > PWLA8492MT > > > > The problem is that several times a day, the following appears in > > messages: > > > > Aug 11 08:41:44 b2 kernel: em0: watchdog timeout -- resetting > > > > accompanied with a loss of connectivity lasting for several seconds. > > > > We have tried using both the default driver that came with the FreeBSD > > installation as well as the newest driver from Intel dated 2th April 2006 > > compiled as a module, but the problem still persists. > > > > If anyone encountered the problem and has a solution, I would be very > > grateful. > > > > Because I can't reproduce it here and I failed to find a possible > cause of the issue. > As a last resort would you give attached patch a try? > The patch was generated against latest stable. > > -- > Regards, > Pyun YongHyeon > From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 07:52:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67C3816A4DA for ; Thu, 17 Aug 2006 07:52:49 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id D194C43D4C for ; Thu, 17 Aug 2006 07:52:48 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so690522pyc for ; Thu, 17 Aug 2006 00:52:48 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=CfCGm7gCxBgtIzWIHMpz8l+Bvw8EcYuXHddCR1yrMdYwVIImrMvA1mD0EK0kOmhjGkebWuBiiSsy21s/JsPjaedQUG5pZ75AqOu4HNE5yQDJWtq8oWZl7jWly8gAC7uwf9Y0sYTjgsUuwVq2edeekNYWV4vVhTL2eYHEFZeSUU0= Received: by 10.35.61.2 with SMTP id o2mr3118800pyk; Thu, 17 Aug 2006 00:52:48 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 20sm548544nzp.2006.08.17.00.52.45; Thu, 17 Aug 2006 00:52:47 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k7H7srYX052427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Aug 2006 16:54:54 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k7H7sq3O052426; Thu, 17 Aug 2006 16:54:52 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Thu, 17 Aug 2006 16:54:52 +0900 From: Pyun YongHyeon To: Daniel Ryslink Message-ID: <20060817075452.GK49739@cdnetworks.co.kr> References: <20060811100536.V80282@k2.vol.cz> <20060817043242.GF49739@cdnetworks.co.kr> <20060817094018.P92593@k2.vol.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060817094018.P92593@k2.vol.cz> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Problems with em interfaces on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 07:52:49 -0000 On Thu, Aug 17, 2006 at 09:45:50AM +0200, Daniel Ryslink wrote: > > Hello, > > Thank you very much for your assistance. > > I am happy to report that we have been able to fix this problem. I just > wanted to wait a day or two to be sure that it won't resurface again. > > The last steps we did were: > > 1) Upgrade SuperMicro SS5015M-T BIOS from version 1.1 to version 1.1a > 2) Inclusion of 'debug.mpsafenet=0' into /boot/loader.conf suggested in > this mailing list. > > I would guess that the step 2 was what really solved the problem. > Hmm... I'd like to know whether my patch help or not. Step 2 you mentioned is not the way to go. We're trying very hard to remove giant locks in every places on FreeBSD. > Best Regards > Daniel Ryslink > > On Thu, 17 Aug 2006, Pyun YongHyeon wrote: > > >On Fri, Aug 11, 2006 at 10:06:00AM +0200, Daniel Ryslink wrote: > >> > >> Hello, > >> > >> We have currently upgraded one of our routers to Gigabit connectivity and > >> FreeBSD 6.1 Release. > >> > >> The hardware is Supermicro SuperServer 5015M-T - we have tried both the > >> integrated NIC and yet another external Intel NIC - specifically > >> > >> Intel PRO/1000 MT Dual Port Server Adapter > >> PWLA8492MT > >> > >> The problem is that several times a day, the following appears in > >> messages: > >> > >> Aug 11 08:41:44 b2 kernel: em0: watchdog timeout -- resetting > >> > >> accompanied with a loss of connectivity lasting for several seconds. > >> > >> We have tried using both the default driver that came with the FreeBSD > >> installation as well as the newest driver from Intel dated 2th April 2006 > >> compiled as a module, but the problem still persists. > >> > >> If anyone encountered the problem and has a solution, I would be very > >> grateful. > >> > > > >Because I can't reproduce it here and I failed to find a possible > >cause of the issue. > >As a last resort would you give attached patch a try? > >The patch was generated against latest stable. > > > >-- > >Regards, > >Pyun YongHyeon > > -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 07:59:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A656D16A4DE for ; Thu, 17 Aug 2006 07:59:39 +0000 (UTC) (envelope-from daniel.ryslink@col.cz) Received: from k2.vol.cz (k2.vol.cz [195.250.128.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 310AB43D49 for ; Thu, 17 Aug 2006 07:59:38 +0000 (GMT) (envelope-from daniel.ryslink@col.cz) Received: from k2.vol.cz (k2.vol.cz [195.250.128.82]) by k2.vol.cz (8.12.11/8.12.9) with ESMTP id k7H7xbt1094221; Thu, 17 Aug 2006 09:59:37 +0200 (CEST) (envelope-from daniel.ryslink@col.cz) Date: Thu, 17 Aug 2006 09:59:37 +0200 (CEST) From: Daniel Ryslink X-X-Sender: kamamura@k2.vol.cz To: Pyun YongHyeon In-Reply-To: <20060817075452.GK49739@cdnetworks.co.kr> Message-ID: <20060817095541.C92593@k2.vol.cz> References: <20060811100536.V80282@k2.vol.cz> <20060817043242.GF49739@cdnetworks.co.kr> <20060817094018.P92593@k2.vol.cz> <20060817075452.GK49739@cdnetworks.co.kr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-SpamTest-Info: Profile: Formal (496/060815) X-SpamTest-Info: Profile: Detect Standard (4/030526) X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking Spam - Subject (2/030321) X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release Cc: freebsd-net@freebsd.org Subject: Re: Problems with em interfaces on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 07:59:39 -0000 I really appreciate your help, but since the machine in question is a mission critical router in a production environment, with many housed customers connected, I cannot really experiment with its settings anymore. Both my superiors and the customers are quite upset by the recent problems, I am sure you will understand. We tried to reproduce the problem with identical HW and SW installation in a lab environment, but we were not successful. I apologize, but I cannot test your patch on our production router. Best Regards Daniel Ryslink On Thu, 17 Aug 2006, Pyun YongHyeon wrote: > On Thu, Aug 17, 2006 at 09:45:50AM +0200, Daniel Ryslink wrote: > > > > Hello, > > > > Thank you very much for your assistance. > > > > I am happy to report that we have been able to fix this problem. I just > > wanted to wait a day or two to be sure that it won't resurface again. > > > > The last steps we did were: > > > > 1) Upgrade SuperMicro SS5015M-T BIOS from version 1.1 to version 1.1a > > 2) Inclusion of 'debug.mpsafenet=0' into /boot/loader.conf suggested in > > this mailing list. > > > > I would guess that the step 2 was what really solved the problem. > > > > Hmm... I'd like to know whether my patch help or not. > Step 2 you mentioned is not the way to go. We're trying very hard to > remove giant locks in every places on FreeBSD. > > > Best Regards > > Daniel Ryslink > > > > On Thu, 17 Aug 2006, Pyun YongHyeon wrote: > > > > >On Fri, Aug 11, 2006 at 10:06:00AM +0200, Daniel Ryslink wrote: > > >> > > >> Hello, > > >> > > >> We have currently upgraded one of our routers to Gigabit connectivity and > > >> FreeBSD 6.1 Release. > > >> > > >> The hardware is Supermicro SuperServer 5015M-T - we have tried both the > > >> integrated NIC and yet another external Intel NIC - specifically > > >> > > >> Intel PRO/1000 MT Dual Port Server Adapter > > >> PWLA8492MT > > >> > > >> The problem is that several times a day, the following appears in > > >> messages: > > >> > > >> Aug 11 08:41:44 b2 kernel: em0: watchdog timeout -- resetting > > >> > > >> accompanied with a loss of connectivity lasting for several seconds. > > >> > > >> We have tried using both the default driver that came with the FreeBSD > > >> installation as well as the newest driver from Intel dated 2th April 2006 > > >> compiled as a module, but the problem still persists. > > >> > > >> If anyone encountered the problem and has a solution, I would be very > > >> grateful. > > >> > > > > > >Because I can't reproduce it here and I failed to find a possible > > >cause of the issue. > > >As a last resort would you give attached patch a try? > > >The patch was generated against latest stable. > > > > > >-- > > >Regards, > > >Pyun YongHyeon > > > > > -- > Regards, > Pyun YongHyeon > From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 08:06:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7F8916A50D for ; Thu, 17 Aug 2006 08:06:22 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14C9043D5C for ; Thu, 17 Aug 2006 08:06:18 +0000 (GMT) (envelope-from pyunyh@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so695672pyc for ; Thu, 17 Aug 2006 01:06:18 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=tEKMu/ZbU3+eOmpGKjmnS8O0i29fqh7PHS4KB2IQyEIjrxtzJ6RYHU27XqpyOUuC6+r5eueIYKKz1iX579BwR5n/vEqRj986StrrGAfdLJmsvdRGIwRU/bp5EMUW8vlJ+M86AFAv+jnJgS1zLllLE2cWfOIMInDfCI3xrKF22QA= Received: by 10.35.78.9 with SMTP id f9mr3089638pyl; Thu, 17 Aug 2006 01:06:18 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.gmail.com with ESMTP id 10sm593965nzo.2006.08.17.01.06.16; Thu, 17 Aug 2006 01:06:18 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id k7H88P38052488 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Aug 2006 17:08:25 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id k7H88Oxl052487; Thu, 17 Aug 2006 17:08:24 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Thu, 17 Aug 2006 17:08:24 +0900 From: Pyun YongHyeon To: Daniel Ryslink Message-ID: <20060817080824.GL49739@cdnetworks.co.kr> References: <20060811100536.V80282@k2.vol.cz> <20060817043242.GF49739@cdnetworks.co.kr> <20060817094018.P92593@k2.vol.cz> <20060817075452.GK49739@cdnetworks.co.kr> <20060817095541.C92593@k2.vol.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060817095541.C92593@k2.vol.cz> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Problems with em interfaces on FreeBSD 6.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 08:06:23 -0000 On Thu, Aug 17, 2006 at 09:59:37AM +0200, Daniel Ryslink wrote: > > I really appreciate your help, but since the machine in question is a > mission critical router in a production environment, with many housed > customers connected, I cannot really experiment with its settings anymore. > > Both my superiors and the customers are quite upset by the recent > problems, I am sure you will understand. > > We tried to reproduce the problem with identical HW and SW installation > in a lab environment, but we were not successful. > Yes, that's the problem. It's hard to reproduce it. > I apologize, but I cannot test your patch on our production router. > Ok, I understand. :-) If you have any chance to test it please let us know the result. Thanks. -- Regards, Pyun YongHyeon From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 12:51:51 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A73B016A4DE; Thu, 17 Aug 2006 12:51:51 +0000 (UTC) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (wip-ectls-mx1.wipro.com [203.91.193.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 572B443D62; Thu, 17 Aug 2006 12:51:50 +0000 (GMT) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 952782208F2; Thu, 17 Aug 2006 18:21:54 +0530 (IST) Received: from blr-ec-bh02.wipro.com (blr-ec-bh02.wipro.com [10.201.50.92]) by wip-ectls-mx1.wipro.com (Postfix) with ESMTP id 88B1622018F; Thu, 17 Aug 2006 18:21:54 +0530 (IST) Received: from blr-m3-msg.wipro.com ([10.114.50.99]) by blr-ec-bh02.wipro.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 17 Aug 2006 18:21:48 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 17 Aug 2006 18:21:50 +0530 Message-ID: In-Reply-To: <44E09A29.2010909@immermail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: netgraph with 10Gig interfaces Thread-Index: Aca/t/eC/AG+RAr6TTe4QrDmyjfKNwCQu1ug From: To: , , , X-OriginalArrivalTime: 17 Aug 2006 12:51:48.0127 (UTC) FILETIME=[E6E3AAF0:01C6C1FB] Cc: Subject: RE: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 12:51:51 -0000 Hi Mark, I have bge and fxp interface on the system. I enabled the NETGRAPH by enabling the NETGRAPH in the config file and compiled the new kernel. Then, booted with the new kernel. fxp0: flags=3D8843 mtu 1500 options=3D8 inet6 fe80::290:27ff:fe85:8b8c%fxp0 prefixlen 64 scopeid 0x1 inet 17.1.1.150 netmask 0xff000000 broadcast 17.255.255.255 ether 00:90:27:85:8b:8c media: Ethernet autoselect (none) status: no carrier bge0: flags=3D8843 mtu 1500 options=3D1a inet6 fe80::2e0:81ff:fe29:f38d%bge0 prefixlen 64 scopeid 0x3 inet 10.114.52.152 netmask 0xffffff00 broadcast 10.114.52.255 ether 00:e0:81:29:f3:8d media: Ethernet autoselect (100baseTX ) status: active Even then I could not see the above interfaces listed in the output of the list command of ngctl. + list -l There are 2 total nodes: Name: ngctl1088 Type: socket ID: 00000007 Num hooks: 0 Name: Type: eiface ID: 00000004 Num hooks: 0 + list -n There are 1 total named nodes: Name: ngctl1088 Type: socket ID: 00000007 Num hooks: 0 + But as per the document in the below link it is mentioned that network interface by default should be listed in the output.=0D http://ezine.daemonnews.org/200003/netgraph.html Is that means these drivers are not supporting the netgraph? Thanks, ~Siva -----Original Message----- From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org] On Behalf Of mark Sent: Monday, August 14, 2006 9:14 PM To: Gleb Smirnoff; Christian Brueffer; freebsd-net@FreeBSD.org Subject: Re: netgraph with 10Gig interfaces Gleb Smirnoff wrote: > On Mon, Aug 14, 2006 at 08:20:25AM -0700, mark wrote: > m> It sounds like there's an assumption it's a driver problem. Note > m> that the intel 10Gig driver (from Interl's website) also does not work > m> with netgraph (works fine otherwise though) > m>=0D > m> Is there something that drivers need to do to support netgraph? >=0D > All Ethernet interfaces should instantly be supported by ng_ether(4). > ATM, I have no idea why you have problems with Neterion and Intel > interfaces. That's what I thought. Is there anything I can send along that would be of use, such as ngctl output with debug on? Mark _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.=0D WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email. =0D www.wipro.com From owner-freebsd-net@FreeBSD.ORG Thu Aug 17 18:00:31 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 927D016A504 for ; Thu, 17 Aug 2006 18:00:31 +0000 (UTC) (envelope-from g.cardone@unidata.it) Received: from ecity.it (mail.ecity.it [217.72.96.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 680CA43D49 for ; Thu, 17 Aug 2006 18:00:30 +0000 (GMT) (envelope-from g.cardone@unidata.it) Received: from [217.72.97.131] (HELO [192.168.97.131]) by ecity.it (CommuniGate Pro SMTP 5.0.9) with ESMTP id 36285737 for freebsd-net@freebsd.org; Thu, 17 Aug 2006 20:00:29 +0200 Message-ID: <44E4AEBC.20400@unidata.it> Date: Thu, 17 Aug 2006 20:00:28 +0200 From: Giuseppe Cardone User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: udp drops due to no socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2006 18:00:31 -0000 Hi, I am struggling with udp drops that show up with netstat -s -p udp as 'dropped due to no socket' and 'dropped due to full socket buffers'. I am encountering such drops to various degrees on virtually all the FreeBSD servers I'm testing for a VoIP platform. For example, the RTP proxy (running FreeBSD 6.1-RELEASE (SMP) on Intel Xeon3.06GHz, 1 GB RAM) shows continous drops, e.g. udp: 942021483 datagrams received 0 with incomplete header 21 with bad data length field 20989 with bad checksum 1766131960 with no checksum 452839372 dropped due to no socket 236582 broadcast/multicast datagrams dropped due to no socket 108 dropped due to full socket buffers 0 not for hashed pcb 488924411 delivered 447518941 datagrams output After approx 1 minute, datagrams received has increased by 125557 and 'dropped due to no socket' by 4864, nearly 4 % loss rate Readings after 1 minute udp: 942147040 datagrams received 0 with incomplete header 21 with bad data length field 20989 with bad checksum 1766216220 with no checksum 452844236 dropped due to no socket 236586 broadcast/multicast datagrams dropped due to no socket 108 dropped due to full socket buffers 0 not for hashed pcb 489045100 delivered 447639187 datagrams output Top shows the RTP proxy is running at an averaga cpu utilization of less than 4% and plenty of RAM 22 processes: 2 running, 20 sleeping CPU states: 0.2% user, 0.0% nice, 0.6% system, 2.1% interrupt, 97.1% idle Mem: 14M Active, 492M Inact, 173M Wired, 111M Buf, 317M Free Traffic is low, running at 1.6 Mb/s on em0 Strangely buffer allocation also seems ok: netstat -m 514/2696/3210 mbufs in use (current/cache/total) 512/1664/2176/25600 mbuf clusters in use (current/cache/total/max) 512/1444 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 1152K/4002K/5154K bytes allocated to network (current/cache/total) 2798233895/2339189811/2411392867 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/7/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 232 calls to protocol drain routines I'm not too sure what to make of the mbufs denied - other discussions on the list seem to indicate it as just an erroneous counter update and in fact the denies don't grow with the udp drops, i.e. the two seem uncorrelated. Also, below are my current sysctl settings: kern.ipc.nmbclusters: 25600 net.inet.udp.checksum: 1 net.inet.udp.maxdgram: 9216 net.inet.udp.recvspace: 42080 net.inet.udp.log_in_vain: 0 net.inet.udp.blackhole: 0 net.inet.udp.strict_mcast_mship: 0 Any ideas as to how I could fix this problem ? Thanks, Giuseppe . From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 04:43:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0745D16A4DD for ; Fri, 18 Aug 2006 04:43:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88FA043D45 for ; Fri, 18 Aug 2006 04:43:39 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so1135961pyc for ; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=extLhXgQHSvwLXEwc6PWeuwsnJAesBe34m3P4Pszz3eJmyNEyY8GQQ29BAzq5liA4Ajg7KU7ltcesd9Ru7f0ZWd0M9DcmWKFSUpBr8V0WlVeSVe11V412WIldMbmgaLDwfszX7HBXDh9MVMvyfTFYaV23lB5KKd6FQRgRrtexaQ= Received: by 10.35.107.20 with SMTP id j20mr5010332pym; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) Received: by 10.35.29.20 with HTTP; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) Message-ID: <3aaaa3a0608172143l103dafe0hf4c0fbc8044b0d01@mail.gmail.com> Date: Fri, 18 Aug 2006 05:43:38 +0100 From: Chris To: "Mike Silbersack" In-Reply-To: <20060811203041.E44075@odysseus.silby.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44DD1909.40703@matteworld.com> <20060811203041.E44075@odysseus.silby.com> Cc: freebsd-net@freebsd.org, Simon Walton Subject: Re: Long keepidle time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 04:43:40 -0000 On 12/08/06, Mike Silbersack wrote: > > On Fri, 11 Aug 2006, Simon Walton wrote: > > > Is there any reason why the default initial timeout for keep alive > > packets needs to be as long as two hours? This period causes the dynamic > > rules in my firewall filter to timeout. > > > > Is there a major objection to reducing the default idle time to > > say 3 to 5 minutes? > > > > Simon Walton > > On reason behind a 2 hour keepalive is so that you don't have a 2 minute > network outage that causes all your connections to timeout. > > Of course, as you point out, in the modern age of firewalls, more frequent > keepalives can be a good thing. > > I don't forsee us changing FreeBSD's default keepalive setting, but you're > more than welcome to change the setting on your own system. > > Also note that ipfw2 sends keepalive packets on its own, maybe you could > switch to it and/or add that functionality to your favorite firewall > package. :) > > Mike "Silby" Silbersack > _______________________________________________ whats the point of keeping a connection alive (hung) to a dead network for 2 hours tho? That I dont understand either. Chris From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 06:19:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D40C16A4DA for ; Fri, 18 Aug 2006 06:19:39 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAE4A43D53 for ; Fri, 18 Aug 2006 06:19:38 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so460642nzd for ; Thu, 17 Aug 2006 23:19:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=do2f0gpeXv4vhudb09cUu3LUBHc9VRQ+KgpGNJwRukB9fKzwzSqDhTu2ZX4UZDbIxSTEp32rf+1xWZ6NFazH51qTcFKcdRiGom1e9+Bog44a+tZcvHL9Ji5N6l9UpYkb4qlY9IrYCMx98uU1eLY9wDyBq+/LGjy05ZIMSETuUSc= Received: by 10.64.241.3 with SMTP id o3mr3282116qbh; Thu, 17 Aug 2006 23:19:38 -0700 (PDT) Received: by 10.65.248.1 with HTTP; Thu, 17 Aug 2006 23:19:38 -0700 (PDT) Message-ID: <64de5c8b0608172319q63497574ue416409bb8b7fa42@mail.gmail.com> Date: Fri, 18 Aug 2006 11:49:38 +0530 From: "Rajkumar S" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: netgraph to userspace? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 06:19:39 -0000 Hi, Is it possible to take a packet from netgraph to userspace and drop it there? ie, can I insert some netgraph node between say lower and upper of a ng_ether push the packets to userspace [snort] for some processing and possibly either drop it there? I know that NgSendData and NgRecvData can be used to sent and receive data using ng_socket, but what I want to confirm is that does these work like a man in the middle, receiving from one end and sent it to next? And if I receive a packet and forgets to sent, it's effectievly dropped? With warm regards, raj From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 07:50:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAF1516A4E0 for ; Fri, 18 Aug 2006 07:50:41 +0000 (UTC) (envelope-from prvs=julian=37832580e@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EA6043D98 for ; Fri, 18 Aug 2006 07:50:37 +0000 (GMT) (envelope-from prvs=julian=37832580e@elischer.org) Received: from unknown (HELO [192.168.2.6]) ([10.251.60.70]) by a50.ironport.com with ESMTP; 18 Aug 2006 00:50:27 -0700 Message-ID: <44E57142.5050809@elischer.org> Date: Fri, 18 Aug 2006 00:50:26 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rajkumar S References: <64de5c8b0608172319q63497574ue416409bb8b7fa42@mail.gmail.com> In-Reply-To: <64de5c8b0608172319q63497574ue416409bb8b7fa42@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: netgraph to userspace? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 07:50:41 -0000 Rajkumar S wrote: > Hi, > > Is it possible to take a packet from netgraph to userspace and drop it > there? ie, can I > insert some netgraph node between say lower and upper of a ng_ether > push the packets to > userspace [snort] for some processing and possibly either drop it there? of course.. man ng_socket that's one of the main Features of netgraph > > I know that NgSendData and NgRecvData can be used to sent and receive > data using > ng_socket, but what I want to confirm is that does these work like a > man in the middle, > receiving from one end and sent it to next? And if I receive a packet you can use two sockets.. attach one to lower and the other to upper. > and forgets to > sent, it's effectievly dropped? yes > > With warm regards, > > raj > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:14:13 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24DDC16A4DA for ; Fri, 18 Aug 2006 09:14:13 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A46943D49 for ; Fri, 18 Aug 2006 09:14:11 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (gpkdap@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k7I9E46L004518 for ; Fri, 18 Aug 2006 11:14:10 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k7I9E47p004517; Fri, 18 Aug 2006 11:14:04 +0200 (CEST) (envelope-from olli) Date: Fri, 18 Aug 2006 11:14:04 +0200 (CEST) Message-Id: <200608180914.k7I9E47p004517@lurza.secnetix.de> From: Oliver Fromme To: freebsd-net@FreeBSD.ORG In-Reply-To: <44E0C450.8050602@fsn.hu> X-Newsgroups: list.freebsd-net User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 18 Aug 2006 11:14:10 +0200 (CEST) Cc: Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@FreeBSD.ORG List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:14:13 -0000 Attila Nagy wrote: > Oliver Fromme wrote: > > We use NetApp Filer clusters (NAS) for that purpose. > > They aren't cheap, but they work very well. > > I don't like blackboxes with nice GUIs. :) But they do exactly what you need. I doubt that you can build the same functionality with Linux. BTW, I never use the GUI. I just log into them with ssh; works perfectly fine. It's only seldomly required anyway, once the boxes are set up and running. BTW, as far as I know, they run a BSD-derived embedded OS (with micro kernel?), so there's at least a little bit of BSD in that "blackbox". ;-) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. cat man du : where Unix geeks go when they die From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:55:47 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C51A16A4DD for ; Fri, 18 Aug 2006 09:55:47 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05D6243D45 for ; Fri, 18 Aug 2006 09:55:46 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 236C692FDD5 for ; Fri, 18 Aug 2006 11:55:43 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 36065-07 for ; Fri, 18 Aug 2006 11:55:42 +0200 (CEST) Message-ID: <44E58E9E.1030401@FreeBSD.org> Date: Fri, 18 Aug 2006 11:55:42 +0200 From: Remko Lodder User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: net@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain Cc: Subject: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: remko@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:55:47 -0000 Hi friends, I was looking around for using IPsec services instead of OpenVPN services, but I found out that with our current implementation of IPsec, we cannot actually route packets through the various IPsec hops [1]. OpenBSD adds IPsec flows in their routing table, making it possible to route traffic between IPsec tunnels. Can someone either confirm my above statement that FreeBSD is indeed not capable of doing this? In the case that does not exist yet, are there others that also like this feature? And is there someone who can do the coding in that case? (I am not skilled enough to do this). I hope to get some good feedbacks :-) Please keep me CC'ed since I am not subscribed to the list. Thanks a lot! Cheers, Remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:55:58 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD14A16A4DA; Fri, 18 Aug 2006 09:55:58 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB5BE43D46; Fri, 18 Aug 2006 09:55:57 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id k7I9ttvH042662 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Aug 2006 13:55:55 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id k7I9tsOs042661; Fri, 18 Aug 2006 13:55:54 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 18 Aug 2006 13:55:54 +0400 From: Gleb Smirnoff To: sivakumar.subramani@wipro.com Message-ID: <20060818095554.GM96644@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , sivakumar.subramani@wipro.com, mark@immermail.com, brueffer@FreeBSD.org, freebsd-net@FreeBSD.org References: <44E09A29.2010909@immermail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org, brueffer@FreeBSD.org, mark@immermail.com Subject: Re: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:55:58 -0000 On Thu, Aug 17, 2006 at 06:21:50PM +0530, sivakumar.subramani@wipro.com wrote: s> I have bge and fxp interface on the system. I enabled the NETGRAPH by s> enabling the NETGRAPH in the config file and compiled the new kernel. s> Then, booted with the new kernel. s> s> s> fxp0: flags=8843 mtu 1500 s> options=8 s> inet6 fe80::290:27ff:fe85:8b8c%fxp0 prefixlen 64 scopeid 0x1 s> inet 17.1.1.150 netmask 0xff000000 broadcast 17.255.255.255 s> ether 00:90:27:85:8b:8c s> media: Ethernet autoselect (none) s> status: no carrier s> s> bge0: flags=8843 mtu 1500 s> options=1a s> inet6 fe80::2e0:81ff:fe29:f38d%bge0 prefixlen 64 scopeid 0x3 s> inet 10.114.52.152 netmask 0xffffff00 broadcast 10.114.52.255 s> ether 00:e0:81:29:f3:8d s> media: Ethernet autoselect (100baseTX ) s> status: active s> s> Even then I could not see the above interfaces listed in the output of s> the list command of ngctl. s> s> + list -l s> There are 2 total nodes: s> Name: ngctl1088 Type: socket ID: 00000007 Num hooks: s> 0 s> Name: Type: eiface ID: 00000004 Num hooks: s> 0 s> + list -n s> There are 1 total named nodes: s> Name: ngctl1088 Type: socket ID: 00000007 Num hooks: s> 0 s> + s> s> s> But as per the document in the below link it is mentioned that network s> interface by default should be listed in the output. s> http://ezine.daemonnews.org/200003/netgraph.html s> s> Is that means these drivers are not supporting the netgraph? No. You need either kldload ng_ether or add NETGRAPH_ETHER to kernel config. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:58:54 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E13516A4E1; Fri, 18 Aug 2006 09:58:54 +0000 (UTC) (envelope-from regnauld@macbook.catpipe.net) Received: from macbook.catpipe.net (flow.catpipe.net [195.249.214.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44AA143D9A; Fri, 18 Aug 2006 09:58:44 +0000 (GMT) (envelope-from regnauld@macbook.catpipe.net) Received: by macbook.catpipe.net (Postfix, from userid 1001) id 8B43B15AFBD; Fri, 18 Aug 2006 11:58:41 +0200 (CEST) Date: Fri, 18 Aug 2006 11:58:41 +0200 From: Phil Regnauld To: Remko Lodder Message-ID: <20060818095840.GA29866@catpipe.net> References: <44E58E9E.1030401@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44E58E9E.1030401@FreeBSD.org> X-Operating-System: Darwin 8.7.1 i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.11 Cc: net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:58:54 -0000 Remko Lodder (remko) writes: > > Can someone either confirm my above statement that FreeBSD > is indeed not capable of doing this? FreeBSD does not yet have an "ipsec" or "enc" interface type dynamically associated to IPsec tunnels, no. But you can achieve pretty much the same thing by using gif tunnels and transport encryption. From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:59:46 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833B816A4DD; Fri, 18 Aug 2006 09:59:46 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id B034F43D7C; Fri, 18 Aug 2006 09:59:40 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id B596E92FDD5; Fri, 18 Aug 2006 11:59:39 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 36065-09; Fri, 18 Aug 2006 11:59:39 +0200 (CEST) Message-ID: <44E58F8B.5@FreeBSD.org> Date: Fri, 18 Aug 2006 11:59:39 +0200 From: Remko Lodder User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: remko@FreeBSD.org References: <44E58E9E.1030401@FreeBSD.org> In-Reply-To: <44E58E9E.1030401@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain Cc: net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: remko@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:59:46 -0000 Remko Lodder wrote: > Hi friends, > > I was looking around for using IPsec services instead of > OpenVPN services, but I found out that with our current > implementation of IPsec, we cannot actually route packets > through the various IPsec hops [1]. OpenBSD adds IPsec > flows in their routing table, making it possible to route > traffic between IPsec tunnels. > > Can someone either confirm my above statement that FreeBSD > is indeed not capable of doing this? > > In the case that does not exist yet, are there others that > also like this feature? And is there someone who can do > the coding in that case? (I am not skilled enough to do > this). > > I hope to get some good feedbacks :-) > > Please keep me CC'ed since I am not subscribed to the > list. > > Thanks a lot! > Cheers, > Remko > Oh, Ofcourse I should do the [1] trick: I want to do the following; I have three IPsec endpoints at this moment, one at home, one in my personal colo environment and one in another colo environment. The machine(s) in the personal colo environment are the point to where all the others connect to. So the other colo env connects to the personal colo environment, and my home also connects to the personal colo environment. I would like to be able to: Other colo -- ipsec tunnel -- personal colo -- ipsec -- home Have these communications possible, and ofcourse the other way around. In the event that another tunnel will be attaching, I would like to be able to route these packets to the other host as well (so that I can reach all the IPsec tunneled hosts from the IPsec network, from where-ever I will be, either road -warrior, or just at home, or at one of the colo machine's). Sorry that I did not mention this in my previous email. Cheers, Remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 11:30:13 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A0A016A4DF; Fri, 18 Aug 2006 11:30:13 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id A994A43D60; Fri, 18 Aug 2006 11:30:12 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 6DABA1FFDFD; Fri, 18 Aug 2006 13:30:10 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id B47BC1FFDFC; Fri, 18 Aug 2006 13:30:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D65194448D6; Fri, 18 Aug 2006 11:27:04 +0000 (UTC) Date: Fri, 18 Aug 2006 11:27:04 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Remko Lodder In-Reply-To: <44E58F8B.5@FreeBSD.org> Message-ID: <20060818111809.H46402@maildrop.int.zabbadoz.net> References: <44E58E9E.1030401@FreeBSD.org> <44E58F8B.5@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 11:30:13 -0000 On Fri, 18 Aug 2006, Remko Lodder wrote: > I want to do the following; I have three IPsec endpoints > at this moment, one at home, one in my personal colo environment > and one in another colo environment. > > The machine(s) in the personal colo environment are the point > to where all the others connect to. So the other colo env > connects to the personal colo environment, and my home also > connects to the personal colo environment. > > I would like to be able to: > > Other colo -- ipsec tunnel -- personal colo -- ipsec -- home No, you really want to do: home / \ pcolo ------ ocolo > Have these communications possible, and ofcourse the other way > around. In the event that another tunnel will be attaching, > I would like to be able to route these packets to the other > host as well (so that I can reach all the IPsec tunneled hosts > from the IPsec network, from where-ever I will be, either road > -warrior, or just at home, or at one of the colo machine's). You do not "route" IPsec traffic. You define apropriate policies and be done. You only need gif(4) if you really want to route and use a link-state protocol. You of course can do: home ---- pcolo ---- ocolo theat means policies (I'll leave the reverse direction to you): home policies: from home to pcolo, tunnel endpoints home/pcolo from home to ocolo, tunnel endpoints home/pcolo pcolo: from pcolo to home, tunnel endpoints pcolo/home from pcolo to ocolo, tunnel endpoints pcolo/ocolo from home to ocolo, tunnel endpoints pcolo/ocolo from ocolo to home, tunnel endpoints pcolo/home ocolo: from ocolo to pcolo, tunnel endpoints ocolo/pcolo from ocolo to home, tunnel endpoints ocolo/pcolo The only thing that needs to be routed somehow are the tunnel endpoints but you usally have a default route on all of the boxes which would be enough. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 11:34:11 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31E0916A4E0; Fri, 18 Aug 2006 11:34:11 +0000 (UTC) (envelope-from regnauld@macbook.catpipe.net) Received: from macbook.catpipe.net (flow.catpipe.net [195.249.214.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 110B843D7D; Fri, 18 Aug 2006 11:33:49 +0000 (GMT) (envelope-from regnauld@macbook.catpipe.net) Received: by macbook.catpipe.net (Postfix, from userid 1001) id 7D46715B4D0; Fri, 18 Aug 2006 13:33:47 +0200 (CEST) Date: Fri, 18 Aug 2006 13:33:47 +0200 From: Phil Regnauld To: "Bjoern A. Zeeb" Message-ID: <20060818113347.GF29866@catpipe.net> References: <44E58E9E.1030401@FreeBSD.org> <44E58F8B.5@FreeBSD.org> <20060818111809.H46402@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060818111809.H46402@maildrop.int.zabbadoz.net> X-Operating-System: Darwin 8.7.1 i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.11 Cc: Remko Lodder , net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 11:34:11 -0000 Bjoern A. Zeeb (bzeeb-lists) writes: > > You do not "route" IPsec traffic. You define apropriate policies and > be done. You only need gif(4) if you really want to route and use a > link-state protocol. ... and want to do egress filtering, prioritization, and other things you can only really do for packets that travel in and out of an interface. The problem with the triangle home - pcolo - ocolo is that it doesn't scale. Hub-and-spoke is easier but then you need interfaces to route on. From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 11:45:14 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06AE616A4DD; Fri, 18 Aug 2006 11:45:14 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B38E43D7E; Fri, 18 Aug 2006 11:45:10 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 910891FFDFC; Fri, 18 Aug 2006 13:45:09 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 8C2F11FFDFA; Fri, 18 Aug 2006 13:45:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id B8F774448D6; Fri, 18 Aug 2006 11:41:22 +0000 (UTC) Date: Fri, 18 Aug 2006 11:41:22 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Phil Regnauld In-Reply-To: <20060818095840.GA29866@catpipe.net> Message-ID: <20060818113833.Y46402@maildrop.int.zabbadoz.net> References: <44E58E9E.1030401@FreeBSD.org> <20060818095840.GA29866@catpipe.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: Remko Lodder , net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 11:45:14 -0000 On Fri, 18 Aug 2006, Phil Regnauld wrote: > Remko Lodder (remko) writes: >> >> Can someone either confirm my above statement that FreeBSD >> is indeed not capable of doing this? > > FreeBSD does not yet have an "ipsec" or "enc" interface type enc(4) is there - at least in HEAD. I haven't tracked if it got MFCed. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 12:43:58 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61B9816A4DF for ; Fri, 18 Aug 2006 12:43:58 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.embarqhsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DAAF43D45 for ; Fri, 18 Aug 2006 12:43:57 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.13.7/8.13.1) with ESMTP id k7IChroF014833 for ; Fri, 18 Aug 2006 08:43:53 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.13.7/8.13.1/Submit) id k7IChmbD014832 for freebsd-net@freebsd.org; Fri, 18 Aug 2006 08:43:48 -0400 (EDT) (envelope-from bv) Date: Fri, 18 Aug 2006 08:43:48 -0400 From: Bill Vermillion To: freebsd-net@freebsd.org Message-ID: <20060818124348.GB14668@wjv.com> References: <44E0C450.8050602@fsn.hu> <200608180914.k7I9E47p004517@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200608180914.k7I9E47p004517@lurza.secnetix.de> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00, SPF_HELO_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on bilver.wjv.com Subject: Re: Redundant/failover NFS servers - stale NFS file handle X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 12:43:58 -0000 While humming that old rock song Yackety Yacc - Dont Awk Back Oliver Fromme on Fri, Aug 18, 2006 at 11:14 sang or SED something like this: > Attila Nagy wrote: > > Oliver Fromme wrote: > > > We use NetApp Filer clusters (NAS) for that purpose. > > > They aren't cheap, but they work very well. > > > > I don't like blackboxes with nice GUIs. :) > > But they do exactly what you need. I doubt that you can > build the same functionality with Linux. BTW, I never use > the GUI. I just log into them with ssh; works perfectly > fine. It's only seldomly required anyway, once the boxes > are set up and running. > BTW, as far as I know, they run a BSD-derived embedded OS > (with micro kernel?), so there's at least a little bit of > BSD in that "blackbox". ;-) > > Best regards > Oliver And one nice box is from GTA - Global Technology Associates. They are here in Orlando and I've watched them grow from nothing to being highly respected. They were the first NCSA certified firewall in software, and they are BSD derived. The GUI interface is more like a curses interface - the last time I saw one - so you can easily manipulate them in text mode remotely. As above, they aren't cheap but they work well. I had a pair that a customer from a long way away with a matched on in our colo used to update their servers remotely and securlty. It was a 3-step process of machines, with a Sun Netra at the first entry point, going to Mac G4's for the Web Objects for the the web apps, connected to a mutli-CPU Solaris machine for the Oracale database. The nice thing about their boxes, that some don't have is three NICs so you can have a DMZ in the middle and the private network is fully protected. I have no financial interest in them, but I have know Paul for ages. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 13:21:40 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81D8616A4DE; Fri, 18 Aug 2006 13:21:40 +0000 (UTC) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (wip-ectls-mx1.wipro.com [203.91.193.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 748BF43D49; Fri, 18 Aug 2006 13:21:39 +0000 (GMT) (envelope-from sivakumar.subramani@wipro.com) Received: from wip-ectls-mx1.wipro.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 97F692203F3; Fri, 18 Aug 2006 18:51:41 +0530 (IST) Received: from blr-ec-bh01.wipro.com (blr-ec-bh01.wipro.com [10.201.50.91]) by wip-ectls-mx1.wipro.com (Postfix) with ESMTP id 8C284220092; Fri, 18 Aug 2006 18:51:41 +0530 (IST) Received: from blr-m3-msg.wipro.com ([10.114.50.99]) by blr-ec-bh01.wipro.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 18 Aug 2006 18:51:34 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 18 Aug 2006 18:51:37 +0530 Message-ID: In-Reply-To: <20060818095554.GM96644@cell.sick.ru> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: netgraph with 10Gig interfaces Thread-Index: AcbCrAVxYzAS0ovRR4++Zhqp9usvUQAHNcbQ From: To: , X-OriginalArrivalTime: 18 Aug 2006 13:21:34.0797 (UTC) FILETIME=[3A3D9FD0:01C6C2C9] Cc: freebsd-net@FreeBSD.org, brueffer@FreeBSD.org Subject: RE: netgraph with 10Gig interfaces X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 13:21:40 -0000 Hi Mark, >>This snippet is from a script, and the variables '$if1' and '$if2' >>are set to the interfaces. In effect, the 'connect' lines above are actually (for Neterion 10Gig driver): >>ngctl connect xge0: ngeth0:lower lower many0 ngctl connect xge1: ngeth0:lower lower many0 Can You please send me the steps/command that you used to test the Neterion card. I means what are the argument that you gave for msg command. Info on how did you verify the traffic flow? Thanks, ~Siva -----Original Message----- From: Gleb Smirnoff [mailto:glebius@FreeBSD.org]=0D Sent: Friday, August 18, 2006 3:26 PM To: SIVAKUMAR SUBRAMANI (WT01 - Computing Systems & Storage) Cc: mark@immermail.com; brueffer@FreeBSD.org; freebsd-net@FreeBSD.org Subject: Re: netgraph with 10Gig interfaces On Thu, Aug 17, 2006 at 06:21:50PM +0530, sivakumar.subramani@wipro.com wrote: s> I have bge and fxp interface on the system. I enabled the NETGRAPH by s> enabling the NETGRAPH in the config file and compiled the new kernel. s> Then, booted with the new kernel. s>=0D s>=0D s> fxp0: flags=3D8843 mtu 1500 s> options=3D8 s> inet6 fe80::290:27ff:fe85:8b8c%fxp0 prefixlen 64 scopeid 0x1 s> inet 17.1.1.150 netmask 0xff000000 broadcast 17.255.255.255 s> ether 00:90:27:85:8b:8c s> media: Ethernet autoselect (none) s> status: no carrier s>=0D s> bge0: flags=3D8843 mtu 1500 s> options=3D1a s> inet6 fe80::2e0:81ff:fe29:f38d%bge0 prefixlen 64 scopeid 0x3 s> inet 10.114.52.152 netmask 0xffffff00 broadcast 10.114.52.255 s> ether 00:e0:81:29:f3:8d s> media: Ethernet autoselect (100baseTX ) s> status: active s>=0D s> Even then I could not see the above interfaces listed in the output=0D s> of the list command of ngctl. s>=0D s> + list -l s> There are 2 total nodes: s> Name: ngctl1088 Type: socket ID: 00000007 Num hooks: s> 0 s> Name: Type: eiface ID: 00000004 Num hooks: s> 0 s> + list -n s> There are 1 total named nodes: s> Name: ngctl1088 Type: socket ID: 00000007 Num hooks: s> 0 s> + s>=0D s>=0D s> But as per the document in the below link it is mentioned that=0D s> network interface by default should be listed in the output. s> http://ezine.daemonnews.org/200003/netgraph.html s>=0D s> Is that means these drivers are not supporting the netgraph? No. You need either kldload ng_ether or add NETGRAPH_ETHER to kernel config. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.=0D WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email. =0D www.wipro.com From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 15:28:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4094016A4DA for ; Fri, 18 Aug 2006 15:28:13 +0000 (UTC) (envelope-from julienabeille@yahoo.fr) Received: from web26608.mail.ukl.yahoo.com (web26608.mail.ukl.yahoo.com [217.146.176.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 8356443D58 for ; Fri, 18 Aug 2006 15:28:12 +0000 (GMT) (envelope-from julienabeille@yahoo.fr) Received: (qmail 54304 invoked by uid 60001); 18 Aug 2006 15:28:11 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=Message-ID:Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=V6gnkxHK1pY+l4c8MwyY3naQ0IwoNFLcQt7es9XJudYUjJLaaetqFgmlsliZ126ezwA8QOdnp0tE/x1HlTMMUNYNeHylaYnX/IekKbt/k54c1sfZRnerCoYFtL5teU5no9eCGx8uCCLoNq0YpuUwyUpR/L24KfCVylPceWiS2UY= ; Message-ID: <20060818152811.54302.qmail@web26608.mail.ukl.yahoo.com> Received: from [195.37.70.39] by web26608.mail.ukl.yahoo.com via HTTP; Fri, 18 Aug 2006 15:28:11 GMT Date: Fri, 18 Aug 2006 15:28:11 +0000 (GMT) From: =?iso-8859-1?q?Julien=20Abeill=E9?= To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipv6 in ipv6 tunnel with FreeBSD 4.11 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?iso-8859-1?q?Julien=20Abeill=E9?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 15:28:13 -0000 Hi, I am using freebsd 4.11 and trying to setup ipv6 in ipv6 tunnels. I have the following testbed 4 machines connected in line: M1-----------M2--------FreeBSD-------M3 c::1---c::2 | b::2----b::1 | a::1---a::2 I want to create a tunnel between FreeBSD (b::1) and M2 (b::2) Here is my configuration on the FreeBSD machine: em0 : a::1/64 em1 b::1/64 I do the folllowing to setup the tunnel: ifconfig gif0 create ifconfig gif0 tunnel b::1 b::2 ifconfig gif0 d::1/64 route add -inet6 -host c::1 -interface gif0 I am not sure about what is the gif0 address d::1/64 used for. the problem is: when i ping or send any traffic from a::2 to c::1, the FreeBSD machine adds an ipv6 header with b::1 as source, b::2 as destination, but with hop count limit=0 Is my configuration ok? Thanks a lot, Julien From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 16:58:27 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2182C16A4DD; Fri, 18 Aug 2006 16:58:27 +0000 (UTC) (envelope-from yushunwa@ISI.EDU) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4DB543D5A; Fri, 18 Aug 2006 16:58:26 +0000 (GMT) (envelope-from yushunwa@ISI.EDU) Received: from [128.9.168.94] (max.isi.edu [128.9.168.94]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k7IGw4Y00278; Fri, 18 Aug 2006 09:58:04 -0700 (PDT) Message-ID: <44E5F19E.9070600@isi.edu> Date: Fri, 18 Aug 2006 09:58:06 -0700 From: Yu-Shun Wang User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: remko@FreeBSD.org, net@FreeBSD.org References: <44E58E9E.1030401@FreeBSD.org> In-Reply-To: <44E58E9E.1030401@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: yushunwa@isi.edu Cc: Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 16:58:27 -0000 Remko Lodder wrote: > Hi friends, > > I was looking around for using IPsec services instead of > OpenVPN services, but I found out that with our current > implementation of IPsec, we cannot actually route packets > through the various IPsec hops [1]. OpenBSD adds IPsec > flows in their routing table, making it possible to route > traffic between IPsec tunnels. > > Can someone either confirm my above statement that FreeBSD > is indeed not capable of doing this? It's not an implementation issue, but a design problem with IPsec tunnel mode. See RFC3884: The proposed solution is to use IP-IP tunnel (gif iface in FreeBSD, which you can route) then apply IPsec transport mode on the outer header. Refer to the rfc for more detail. The policy will be different, but we've verified long ago with FreeBSD that it works. The packets on the wire is compatible with regular tunnel mode IPsec. yushun > In the case that does not exist yet, are there others that > also like this feature? And is there someone who can do > the coding in that case? (I am not skilled enough to do > this). > > I hope to get some good feedbacks :-) > > Please keep me CC'ed since I am not subscribed to the > list. > > Thanks a lot! > Cheers, > Remko > From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 18:02:02 2006 Return-Path: X-Original-To: net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 993AA16A4DE; Fri, 18 Aug 2006 18:02:02 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38A6443D5D; Fri, 18 Aug 2006 18:02:02 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 6D47A29A8B; Fri, 18 Aug 2006 14:02:23 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 349CE6D7C7; Fri, 18 Aug 2006 14:02:22 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GE8fO-0000Ft-KC; Fri, 18 Aug 2006 19:01:58 +0100 Date: Fri, 18 Aug 2006 19:01:58 +0100 From: Brian Candler To: Remko Lodder Message-ID: <20060818180158.GB931@uk.tiscali.com> References: <44E58E9E.1030401@FreeBSD.org> <44E58F8B.5@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44E58F8B.5@FreeBSD.org> User-Agent: Mutt/1.4.2.1i Cc: net@FreeBSD.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 18:02:02 -0000 On Fri, Aug 18, 2006 at 11:59:39AM +0200, Remko Lodder wrote: > Ofcourse I should do the [1] trick: > > I want to do the following; I have three IPsec endpoints > at this moment, one at home, one in my personal colo environment > and one in another colo environment. > > The machine(s) in the personal colo environment are the point > to where all the others connect to. So the other colo env > connects to the personal colo environment, and my home also > connects to the personal colo environment. > > I would like to be able to: > > Other colo -- ipsec tunnel -- personal colo -- ipsec -- home > > Have these communications possible, and ofcourse the other way > around. In the event that another tunnel will be attaching, > I would like to be able to route these packets to the other > host as well (so that I can reach all the IPsec tunneled hosts > from the IPsec network, from where-ever I will be, either road > -warrior, or just at home, or at one of the colo machine's). That's fine, you just have to set up your SA's properly. For example, if you are using 10.* private addresses everywhere, then on the 'spoke' machines you set up an SA that looks like 10.0.1.0/24 -> 10.0.0.0/8 (if 10.0.1.0/24 is the address range assigned to this particular client). All other 10.* addresses will be routed down the tunnel. Or, you can always set up multiple SAs. e.g. at the 'other colo' side you could set up SAs for 10.0.1.0/24 -> 10.0.2.0/24 10.0.1.0/24 -> 10.0.3.0/24 both with a tunnel IP of the 'personal colo' server. Here, I'm assuming that 10.0.2.0/24 is the 'personal colo' space, and 10.0.3.0/24 is the 'home' space. Regards, Brian. From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 19:36:02 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7143C16A4DE for ; Fri, 18 Aug 2006 19:36:02 +0000 (UTC) (envelope-from mendonan@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9084E43D45 for ; Fri, 18 Aug 2006 19:36:01 +0000 (GMT) (envelope-from mendonan@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1524243nfc for ; Fri, 18 Aug 2006 12:36:00 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=YMtpd5Ir38MhCOptIpku/cfhQpySpPj0fvvFH/TUu3uzA5MWfHFnOjokMIahf+fZEtE/LvXFoljzdY/td9Idb8AR4rV2ZFl+c4acBWc2Wir8CmtM8iCLrpkX6lKFTY7tCa05D7BoAv/m34fEEsFK6cVO5Jk4W0t5JaaYlHxUJjM= Received: by 10.48.220.15 with SMTP id s15mr4484718nfg; Fri, 18 Aug 2006 12:36:00 -0700 (PDT) Received: by 10.78.173.7 with HTTP; Fri, 18 Aug 2006 12:36:00 -0700 (PDT) Message-ID: <94c7120b0608181236j2475301ds1379510f94b12d34@mail.gmail.com> Date: Sat, 19 Aug 2006 03:36:00 +0800 From: "Senandung Mendonan" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Problem with IBM NetXtreme 1000-T GigaEthernet Adapter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 19:36:02 -0000 Dear list, I'm running the latest FreeBSD 6.1-RELEASE-p3 on the following piece of hardware:- IBM xSeries 336 - 1 add-on PCI dual-port NIC (IBM Netxtreme Dualpt Ethernet adapter) matching the Broadcom BCM5704C Dual Gigabit Ethernet chipset (detected as bge0 and bge1) - 2 internal built-in NICs matching the Broadcom BCM5721 Gigabit Ethernet chipset. (detected as bge2 and bge3) The internal NICs work fine (bge2 and bge3), however the add-on PCI NIC has the following issues:- On a GB Ethernet switchport (I am using Cisco Catalyst C3750G):- - When set to auto-detect, or forced 1000baseTX on both sides (switchport and server), the LED on both switchport and NIC dies the moment FreeBSD OS is booting (i.e. when FreeBSD bge driver activated). Previously, it was working fine at BIOS level. - The only working setup is forced 100baseTX full-duplex on both sides (switchport and server), however with intermittent link (ping yields packet loss every 2-3 out of 10 packets or so). I tried to use a FE version of the switch (Cisco Catalyst C3750), and a single-port version of the said NIC, with the same results (auto detect fails, and can only live with intermittent forced 100baseTX full-duplex). Any pointers would be appreciated -- thanks. :) --mendonan "Yang mimpikan secangkir kopi panas dengan selimut.." (Dreaming of a cup of hot coffee, and a blanket..") From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 19:36:32 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D48BC16A4FC for ; Fri, 18 Aug 2006 19:36:32 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1BFB43D49 for ; Fri, 18 Aug 2006 19:36:31 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so1248203pye for ; Fri, 18 Aug 2006 12:36:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=s2zrr49rLEF72YG+goE44xvGSM86odAlXW1oIzw6/Wq9yYgCLu2rAlVsMMeNvOWG37qxe3Vo1UfXJTm4uzPMIMfGj2Xr80iHf1UdW/ZviE/BkQwhNMfCVUOtUDz+gSLd7ZtxLmuQWQSILr0vf3aXLMAhbgCewpt4NVFD1Dkc8ag= Received: by 10.35.49.4 with SMTP id b4mr6563166pyk; Fri, 18 Aug 2006 12:36:30 -0700 (PDT) Received: by 10.35.105.10 with HTTP; Fri, 18 Aug 2006 12:36:30 -0700 (PDT) Message-ID: Date: Fri, 18 Aug 2006 23:36:30 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Yu-Shun Wang" In-Reply-To: <44E5F19E.9070600@isi.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu> X-Google-Sender-Auth: 6c5fbe9ec8e8af5b Cc: remko@freebsd.org, net@freebsd.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 19:36:32 -0000 On 8/18/06, Yu-Shun Wang wrote: > Remko Lodder wrote: > > Hi friends, > > > > I was looking around for using IPsec services instead of > > OpenVPN services, but I found out that with our current > > implementation of IPsec, we cannot actually route packets > > through the various IPsec hops [1]. OpenBSD adds IPsec > > flows in their routing table, making it possible to route > > traffic between IPsec tunnels. > > > > Can someone either confirm my above statement that FreeBSD > > is indeed not capable of doing this? > > It's not an implementation issue, but a design problem with > IPsec tunnel mode. See RFC3884: > > > > The proposed solution is to use IP-IP tunnel (gif iface in > FreeBSD, which you can route) then apply IPsec transport mode > on the outer header. Refer to the rfc for more detail. > > The policy will be different, but we've verified long ago > with FreeBSD that it works. The packets on the wire is > compatible with regular tunnel mode IPsec. Eh? gif(4) says: BUGS There are many tunnelling protocol specifications, all defined differ- ently from each other. The gif device may not interoperate with peers which are based on different specifications, and are picky about outer header fields. For example, you cannot usually use gif to talk with IPsec devices that use IPsec tunnel mode. From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 19:37:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85DCA16A4DE for ; Fri, 18 Aug 2006 19:37:13 +0000 (UTC) (envelope-from mendonan@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFC8443D53 for ; Fri, 18 Aug 2006 19:37:12 +0000 (GMT) (envelope-from mendonan@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1524494nfc for ; Fri, 18 Aug 2006 12:37:11 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Uo/C3gn7iORKtc7QkbGy1Q7EJYWuOBvr4UzqpwTciQ6TbVtASIPF43X2gQAZAh3U4YlUIZSD/b8Cjv8CgSGIi7CIXQIIs7jF9fnofJW9Xgp4tdsUUvWUthgtxfHS7XkDY3F+Zq+iAWlDK+xG/DJCEN4UCrllocp9AcamHvOEvg8= Received: by 10.49.94.20 with SMTP id w20mr4471814nfl; Fri, 18 Aug 2006 12:37:11 -0700 (PDT) Received: by 10.78.173.7 with HTTP; Fri, 18 Aug 2006 12:37:11 -0700 (PDT) Message-ID: <94c7120b0608181237h75d63432n2f9e3f328c0ac720@mail.gmail.com> Date: Sat, 19 Aug 2006 03:37:11 +0800 From: "Senandung Mendonan" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: if_bridge: Assigning IP Address to Bridge Interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 19:37:13 -0000 Hi, I'm running the latest FreeBSD 6.1-RELEASE-p3 on the following piece of hardware:- IBM xSeries 336 - 1 add-on PCI dual-port NIC (IBM Netxtreme Dualpt Ethernet adapter) matching the Broadcom BCM5704C Dual Gigabit Ethernet chipset (detected as bge0 and bge1) - 2 internal built-in NICs matching the Broadcom BCM5721 Gigabit Ethernet chipset. (detected as bge2 and bge3) I run bridging on bge2 and bge3 as follows:- ROUTER o--o C650x o----- bge2 + bge3 -----o C3750G (SERVERS) *C650x = Cisco Catalyst C650x core switch *C3750G = Cisco Catalyst C3750G distribution switch In /etc/rc.conf:- ifconfig_bge2="up" ifconfig_bge3="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm bge2 addm bge3 up" The bridge works OK:- bridge0: flags=8043 mtu 1500 ether ac:de:48:b0:96:99 priority 32768 hellotime 2 fwddelay 15 maxage 20 member: bge3 flags=3 member: bge2 flags=3 My servers can reach the router via the server, and tcpdump on bridge0 confirms traffic being passed through OK. I had earlier planned to assign IP address to either bge0 or bge1 for SSH remote access and running other services, but due to another problem (on a separate thread) I am left with bge2 and bge3 as the only usable interfaces. So I tried to assign IP on the bridge interface as follows:- $ ifconfig bridge0 inet 192.168.1.18 netmask 255.255.255.0 broadcast 192.168.1.255 (192.168.1.0/24 is the subnet active on the particular VLAN I'm on in the Cisco switchports). The IP got assigned OK in bridge0, I can ping to it from inside the box. However when I tried to ping my other servers on bge3 side as well as the router on bge2 side, I get request timed out, i.e. the IP address is not reachable. Would appreciate any assistance.. thanks. :) --mendonan "Yang mimpikan secangkir kopi panas dengan selimut.." (Dreaming of a cup of hot coffee, and a blanket..") From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 19:50:40 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D92D616A4DF; Fri, 18 Aug 2006 19:50:40 +0000 (UTC) (envelope-from yushunwa@ISI.EDU) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F20743D53; Fri, 18 Aug 2006 19:50:40 +0000 (GMT) (envelope-from yushunwa@ISI.EDU) Received: from [128.9.168.94] (max.isi.edu [128.9.168.94]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k7IJoEY24114; Fri, 18 Aug 2006 12:50:14 -0700 (PDT) Message-ID: <44E619F7.7030300@isi.edu> Date: Fri, 18 Aug 2006 12:50:15 -0700 From: Yu-Shun Wang User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: Andrew Pantyukhin References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: yushunwa@isi.edu Cc: remko@freebsd.org, net@freebsd.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 19:50:40 -0000 Andrew Pantyukhin wrote: > On 8/18/06, Yu-Shun Wang wrote: >> Remko Lodder wrote: >> > I was looking around for using IPsec services instead of >> > OpenVPN services, but I found out that with our current >> > implementation of IPsec, we cannot actually route packets >> > through the various IPsec hops [1]. OpenBSD adds IPsec >> > flows in their routing table, making it possible to route >> > traffic between IPsec tunnels. >> > >> > Can someone either confirm my above statement that FreeBSD >> > is indeed not capable of doing this? >> It's not an implementation issue, but a design problem with >> IPsec tunnel mode. See RFC3884: >> >> >> >> The proposed solution is to use IP-IP tunnel (gif iface in >> FreeBSD, which you can route) then apply IPsec transport mode >> on the outer header. Refer to the rfc for more detail. >> >> The policy will be different, but we've verified long ago >> with FreeBSD that it works. The packets on the wire is >> compatible with regular tunnel mode IPsec. > > Eh? gif(4) says: > > BUGS > There are many tunnelling protocol specifications, all defined differ- > ently from each other. The gif device may not interoperate with peers > which are based on different specifications, and are picky about outer > header fields. For example, you cannot usually use gif to talk with > IPsec devices that use IPsec tunnel mode. You won't have any problem is you are using IP-IP with IPsec transport mode on both end. It's been a while, but we did try one end with IP-IP+IPsec transport and the other with IPsec tunnel mode. (Of course, you will need to make sure everything matches, SPI, inner/outer addresses, keys, etc.) The rfc is dated Sep. 2004, we probably tried it long before that, so it had to be some older FreeBSD versions. We even tested with Linux (FreeSWAN back then) as the other end. I haven't been tracking the gif code, it SHOULD work, but if something did changed the packets on the wire, then all bets are off. Hope this clarified a bit. yushun From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 19:58:12 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A079B16A4DE for ; Fri, 18 Aug 2006 19:58:12 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEF0243D45 for ; Fri, 18 Aug 2006 19:58:11 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by nz-out-0102.google.com with SMTP id x3so604497nzd for ; Fri, 18 Aug 2006 12:58:10 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=GF3X2opyNU22GcLivbfJFrfJTx7XkrNUNHenzGcGlkVOlEE9w6owAbNFVH98bD0yQdLfWMqRwTVPJv9qOhjvCSBN9P3Bv1VIbMxZ9+pXgq8l+KylCVhijmSB4mxfi8TSgPFSA48r3BDVrwt4OxTHyrQrah0jICs8d9pcFoFQIrs= Received: by 10.35.51.19 with SMTP id d19mr796021pyk; Fri, 18 Aug 2006 12:58:09 -0700 (PDT) Received: by 10.35.105.10 with HTTP; Fri, 18 Aug 2006 12:58:08 -0700 (PDT) Message-ID: Date: Fri, 18 Aug 2006 23:58:08 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "Yu-Shun Wang" In-Reply-To: <44E619F7.7030300@isi.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu> <44E619F7.7030300@isi.edu> X-Google-Sender-Auth: d520f6d632a97760 Cc: remko@freebsd.org, net@freebsd.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 19:58:12 -0000 On 8/18/06, Yu-Shun Wang wrote: > Andrew Pantyukhin wrote: > > On 8/18/06, Yu-Shun Wang wrote: > >> Remko Lodder wrote: > >> > I was looking around for using IPsec services instead of > >> > OpenVPN services, but I found out that with our current > >> > implementation of IPsec, we cannot actually route packets > >> > through the various IPsec hops [1]. OpenBSD adds IPsec > >> > flows in their routing table, making it possible to route > >> > traffic between IPsec tunnels. > >> > > >> > Can someone either confirm my above statement that FreeBSD > >> > is indeed not capable of doing this? > > >> It's not an implementation issue, but a design problem with > >> IPsec tunnel mode. See RFC3884: > >> > >> > >> > >> The proposed solution is to use IP-IP tunnel (gif iface in > >> FreeBSD, which you can route) then apply IPsec transport mode > >> on the outer header. Refer to the rfc for more detail. > >> > >> The policy will be different, but we've verified long ago > >> with FreeBSD that it works. The packets on the wire is > >> compatible with regular tunnel mode IPsec. > > > > Eh? gif(4) says: > > > > BUGS > > There are many tunnelling protocol specifications, all defined differ- > > ently from each other. The gif device may not interoperate with peers > > which are based on different specifications, and are picky about outer > > header fields. For example, you cannot usually use gif to talk with > > IPsec devices that use IPsec tunnel mode. > > You won't have any problem is you are using IP-IP with IPsec > transport mode on both end. It's been a while, but we did > try one end with IP-IP+IPsec transport and the other with > IPsec tunnel mode. (Of course, you will need to make sure > everything matches, SPI, inner/outer addresses, keys, etc.) > The rfc is dated Sep. 2004, we probably tried it long before > that, so it had to be some older FreeBSD versions. We even > tested with Linux (FreeSWAN back then) as the other end. > > I haven't been tracking the gif code, it SHOULD work, but > if something did changed the packets on the wire, then > all bets are off. > > Hope this clarified a bit. Yep, thanks. I'm actually trying to marry FreeBSD to PIX. The latter only supports IPSec (tunnel/transport). I'm still struggling with firewalls on both sides, but tunnel-tunnel works right now. I'm a bit puzzled because the howto I see (http://www.bshell.com/projects/freebsd_pix/) uses gif(4) with tunnel-mode IPSec. Either something is wrong with the way things work or the author doesn't understand what he's doing (or both). The bitter thing is that we have a similar setup in our handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 20:00:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A01E016A572 for ; Fri, 18 Aug 2006 20:00:22 +0000 (UTC) (envelope-from amit.freebsd@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBB1043D45 for ; Fri, 18 Aug 2006 20:00:21 +0000 (GMT) (envelope-from amit.freebsd@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so1254699pye for ; Fri, 18 Aug 2006 13:00:21 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=d6C2WafBPGwCoBkOqKt71nxGyjBdnwQh4hrjPWAqEY6rxa597cZR4nF9Fho1CacPQE4+R6kKR9jC3s5LboR683EPFZZ71k0yJllsl8DjaEuFd86IQqQOcQOVHB8eBdzKVldQvwY985TD1S+FXhU/dWXQ7x4zr4BU+K+UjftTEvQ= Received: by 10.35.61.14 with SMTP id o14mr6587937pyk; Fri, 18 Aug 2006 13:00:21 -0700 (PDT) Received: by 10.35.101.8 with HTTP; Fri, 18 Aug 2006 13:00:20 -0700 (PDT) Message-ID: Date: Fri, 18 Aug 2006 15:00:21 -0500 From: "Amit Mondal" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Adding new timer in FreeBSD TCP..help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 20:00:22 -0000 Hi all, I am a newbie in FreeBSD. I am modifying TCP to add a new timer for some security ehancement purpose. I stuck with the following issue. For my case, I need to associate a timer for each incoming packet. But adding timer for each incoming packet will significantly degrade the performance of TCP. So what I decided to do, is that whenever a packet is received, i start a timer with the appropriate value. Now when the next packet comes, instead of starting another timer immediately I wanna reuse the earlier time. So, I wanna note down when the packet came and if I had started the timer immediately when would it have expried. Now when the timer associated the first packet expires, I reassociate the timer with the next packet with re-adjusted timer value. Now, the problem is that, in TCP all timer values are in *ticks* and how do I convert the timestamps/duratuion in ticks. Also, my timer value is a function of SRTT (which is in ticks, I guess). Again how do I convert ticks into time duration. I need the time stamp, when the packet is received? Could anyone pls give some insight? Rgds, -Amit From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 20:27:44 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7295C16A4E1; Fri, 18 Aug 2006 20:27:44 +0000 (UTC) (envelope-from yushunwa@ISI.EDU) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07C6843D49; Fri, 18 Aug 2006 20:27:43 +0000 (GMT) (envelope-from yushunwa@ISI.EDU) Received: from [128.9.168.94] (max.isi.edu [128.9.168.94]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k7IKQPY05338; Fri, 18 Aug 2006 13:26:25 -0700 (PDT) Message-ID: <44E62273.1030402@isi.edu> Date: Fri, 18 Aug 2006 13:26:27 -0700 From: Yu-Shun Wang User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: Andrew Pantyukhin References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu> <44E619F7.7030300@isi.edu> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: yushunwa@isi.edu Cc: remko@freebsd.org, net@freebsd.org Subject: Re: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 20:27:44 -0000 Andrew Pantyukhin wrote: > On 8/18/06, Yu-Shun Wang wrote: >> Andrew Pantyukhin wrote: >> > On 8/18/06, Yu-Shun Wang wrote: <... snip the orig Q, rfc3884 bits, and the gif stuff...> >> You won't have any problem is you are using IP-IP with IPsec >> transport mode on both end. It's been a while, but we did >> try one end with IP-IP+IPsec transport and the other with >> IPsec tunnel mode. (Of course, you will need to make sure >> everything matches, SPI, inner/outer addresses, keys, etc.) >> The rfc is dated Sep. 2004, we probably tried it long before >> that, so it had to be some older FreeBSD versions. We even >> tested with Linux (FreeSWAN back then) as the other end. >> >> I haven't been tracking the gif code, it SHOULD work, but >> if something did changed the packets on the wire, then >> all bets are off. >> >> Hope this clarified a bit. > > Yep, thanks. > > I'm actually trying to marry FreeBSD to PIX. The latter only > supports IPSec (tunnel/transport). I'm still struggling with > firewalls on both sides, but tunnel-tunnel works right now. Yeah, I forgot to say, if you don't need to do routing over the tunnels, I'd just use IPsec tunnel mode at both ends, especially if you use IKE. We were trying to make secure IP overlay networks to support dynamic routing *within* overlays when we found the problem. > I'm a bit puzzled because the howto I see > (http://www.bshell.com/projects/freebsd_pix/) uses gif(4) > with tunnel-mode IPSec. Either something is wrong with > the way things work or the author doesn't understand what > he's doing (or both). The bitter thing is that we have a > similar setup in our handbook: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html *NOTE: I haven't read that link, so below could be way off.* It's a common hack people used to get around the fact that IPsec is not integrated in anyway with IP routing. But if you think about it, IPsec tunnel mode is adding a type of *links* only it's outside the routing tables of the hosts. Adding a gif is just a way of putting in the corresponding routes in the routing table. I am not sure if it's necessary if you are only doing static routes. Though I suppose it depends on the topology and what you really want to do. Also have to do with whether you are using FreeBSD/Linux vs. commercial routers. We tried to cover different types of boxes in that rfc, but I wouldn't be surprised if we miss some different configs. yushun From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 20:58:24 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B3EA16A4E1 for ; Fri, 18 Aug 2006 20:58:24 +0000 (UTC) (envelope-from rosti.bsd@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id B408043D45 for ; Fri, 18 Aug 2006 20:58:23 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1545011nfc for ; Fri, 18 Aug 2006 13:58:22 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:subject:message-id:x-mailer:mime-version:content-type:content-transfer-encoding; b=ZKcvJjYC10nCvPbVhWgwvbkySSdtbtNdMdFfmOW/zHq4g25gJOJoFQBUomahzqTZectomiOCQJ67MkfCwINNIerSD8XJY4wy3m+KII4KKaZbDULP0igI1zBmZDuvv0EyftlwmgWcPwX64VK2qS9T/JtI1tLjfE+sC0uzmYUmnlo= Received: by 10.49.43.2 with SMTP id v2mr4536913nfj; Fri, 18 Aug 2006 13:58:22 -0700 (PDT) Received: from saturn.lan ( [212.143.154.227]) by mx.gmail.com with ESMTP id 39sm87780hug.2006.08.18.13.58.20; Fri, 18 Aug 2006 13:58:21 -0700 (PDT) Date: Fri, 18 Aug 2006 23:57:56 +0300 From: Rostislav Krasny To: freebsd-net@freebsd.org Message-Id: <20060818235756.25f72db4.rosti.bsd@gmail.com> X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: PF or "traceroute -e -P TCP" bug? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 20:58:24 -0000 Hi, I've tried the new "-e" traceroute option on today's RELENG_6 and found following problem: > traceroute -nq 1 -e -P TCP -p 80 216.136.204.117 traceroute to 216.136.204.117 (216.136.204.117), 64 hops max, 52 bytepackets 1 192.168.1.1 0.619 ms 2 10.0.0.138 2.108 ms 3 192.168.1.1 0.481 ms !H > The 192.168.1.1 is other 6.1-STABLE machine which is used as a NAT router. It's one or two days older RELENG_6. The NATing is done by PF. The 10.0.0.138 is my ADSL modem which I use in "DHCP spoofing" mode, i.e. it gives to the router an external IP address from my ISP. I've fixed the bug by following patch: --- traceroute.c.orig Fri Aug 18 19:19:23 2006 +++ traceroute.c Fri Aug 18 22:05:08 2006 @@ -1355,7 +1355,7 @@ { struct tcphdr *const tcp = (struct tcphdr *) outp; - tcp->th_sport = htons(ident); + tcp->th_sport = htons(ident + (fixedPort ? outdata->seq : 0)); tcp->th_dport = htons(port + (fixedPort ? 0 : outdata->seq)); tcp->th_seq = (tcp->th_sport << 16) | (tcp->th_dport + (fixedPort ? outdata->seq : 0)); @@ -1375,7 +1375,7 @@ { struct tcphdr *const tcp = (struct tcphdr *) data; - return (ntohs(tcp->th_sport) == ident + return (ntohs(tcp->th_sport) == ident + (fixedPort ? seq : 0) && ntohs(tcp->th_dport) == port + (fixedPort ? 0 : seq)) && tcp->th_seq == (ident << 16) | (port + seq); } However this patch isn't complete or it is just a workaround of completely different bug in the router, because sometimes the new traceroute produced a similar problem: > traceroute -nq 1 -e -P TCP -p 12345 216.136.204.117 traceroute to 216.136.204.117 (216.136.204.117), 64 hops max, 52 byte packets 1 192.168.1.1 1.414 ms 2 10.0.0.138 4.584 ms 3 212.143.208.128 203.325 ms 4 212.143.208.126 101.073 ms 5 212.143.10.65 175.442 ms ^C > traceroute -nq 1 -e -P TCP -p 12345 216.136.204.117 traceroute to 216.136.204.117 (216.136.204.117), 64 hops max, 52 byte packets 1 192.168.1.1 0.740 ms 2 192.168.1.1 0.718 ms !H > traceroute -nq 1 -e -P TCP -p 12345 216.136.204.117 traceroute to 216.136.204.117 (216.136.204.117), 64 hops max, 52 byte packets 1 192.168.1.1 0.692 ms 2 192.168.1.1 0.770 ms !H > After waiting enough time I can successfully repeat the command. Is it actually a PF bug? Finally I made other version of my patch: --- traceroute.c.orig Fri Aug 18 19:19:23 2006 +++ traceroute.c Fri Aug 18 23:40:43 2006 @@ -471,6 +471,7 @@ register int lsrr = 0; register u_short off = 0; struct ifaddrlist *al; + struct timespec time_sp; char errbuf[132]; int requestPort = -1; int sump = 0; @@ -721,7 +722,8 @@ outip->ip_dst = to->sin_addr; outip->ip_hl = (outp - (u_char *)outip) >> 2; - ident = (getpid() & 0xffff) | 0x8000; + clock_gettime(CLOCK_REALTIME, &time_sp); + ident = ((u_short)time_sp.tv_nsec & 0xffff) | 0x8000; if (pe == NULL) { Fprintf(stderr, "%s: unknown protocol %s\n", prog, cp); @@ -1355,7 +1357,7 @@ { struct tcphdr *const tcp = (struct tcphdr *) outp; - tcp->th_sport = htons(ident); + tcp->th_sport = htons(ident + (fixedPort ? outdata->seq : 0)); tcp->th_dport = htons(port + (fixedPort ? 0 : outdata->seq)); tcp->th_seq = (tcp->th_sport << 16) | (tcp->th_dport + (fixedPort ? outdata->seq : 0)); @@ -1375,7 +1377,7 @@ { struct tcphdr *const tcp = (struct tcphdr *) data; - return (ntohs(tcp->th_sport) == ident + return (ntohs(tcp->th_sport) == ident + (fixedPort ? seq : 0) && ntohs(tcp->th_dport) == port + (fixedPort ? 0 : seq)) && tcp->th_seq == (ident << 16) | (port + seq); } Now traceroute works fine. But I'm still suspecting PF. From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 21:14:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18C9B16A4DA for ; Fri, 18 Aug 2006 21:14:40 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout3.yahoo.com (mrout3.yahoo.com [216.145.54.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD1D543D49 for ; Fri, 18 Aug 2006 21:14:39 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout3.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k7ILE8ZG053293; Fri, 18 Aug 2006 14:14:08 -0700 (PDT) Date: Fri, 18 Aug 2006 17:14:05 -0400 Message-ID: From: gnn@freebsd.org To: Julien =?ISO-8859-1?Q?Abeill=E9?= In-Reply-To: <20060818152811.54302.qmail@web26608.mail.ukl.yahoo.com> References: <20060818152811.54302.qmail@web26608.mail.ukl.yahoo.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.6.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: ipv6 in ipv6 tunnel with FreeBSD 4.11 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 21:14:40 -0000 At Fri, 18 Aug 2006 15:28:11 +0000 (GMT), Julien Abeill=E9 wrote: > Hi, > =20 > I am using freebsd 4.11 and trying to setup ipv6 in ipv6 tunnels. All my stuff is on HEAD and 6 so I don't know if this applies but I think it should. > I have the following testbed > 4 machines connected in line: > =20 > M1-----------M2--------FreeBSD-------M3 > c::1---c::2 | b::2----b::1 | a::1---a::2 > =20 > I want to create a tunnel between FreeBSD (b::1) and M2 (b::2) > =20 > Here is my configuration on the FreeBSD machine: > em0 : a::1/64 > em1 b::1/64 > =20 > I do the folllowing to setup the tunnel: > =20 > ifconfig gif0 create > ifconfig gif0 tunnel b::1 b::2 > ifconfig gif0 d::1/64 > route add -inet6 -host c::1 -interface gif0 > =20 > I am not sure about what is the gif0 address d::1/64 used for. > =20 Nor am I. What directions are you following? I believe that may be there because the gif tunnel instructions talked about setting up IPv4 tunnels for IPv6. > the problem is: when i ping or send any traffic from a::2 to c::1, > the FreeBSD machine adds an ipv6 header with b::1 as source, b::2 as des= tination, but with hop count limit=3D0 > =20 > Is my configuration ok?=20 A few things to note: 1) You need to have ipv6_gateway_enable=3D"YES" set to forward packets. 2) Are you trying to tunnel between two interfaces on the same machine? It's hard to tell from your description. If the FreeBSD box is a router between two tunnels then you need two tunnel endpoints. One pointing at M2 and one pointing at M3. Best, George From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 21:15:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0434E16A4E0 for ; Fri, 18 Aug 2006 21:15:07 +0000 (UTC) (envelope-from davidch@broadcom.com) Received: from mms1.broadcom.com (mms1.broadcom.com [216.31.210.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B2F943D55 for ; Fri, 18 Aug 2006 21:15:01 +0000 (GMT) (envelope-from davidch@broadcom.com) Received: from 10.10.64.154 by mms1.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.2.0)); Fri, 18 Aug 2006 14:14:52 -0700 X-Server-Uuid: F962EFE0-448C-40EE-8100-87DF498ED0EA Received: by mail-irva-10.broadcom.com (Postfix, from userid 47) id 284112AF; Fri, 18 Aug 2006 14:14:52 -0700 (PDT) Received: from mail-irva-8.broadcom.com (mail-irva-8 [10.10.64.221]) by mail-irva-10.broadcom.com (Postfix) with ESMTP id 06AA92AE; Fri, 18 Aug 2006 14:14:52 -0700 (PDT) Received: from mail-irva-12.broadcom.com (mail-irva-12.broadcom.com [10.10.64.146]) by mail-irva-8.broadcom.com (MOS 3.7.5a-GA) with ESMTP id ECY77926; Fri, 18 Aug 2006 14:14:51 -0700 (PDT) Received: from NT-IRVA-0750.brcm.ad.broadcom.com (nt-irva-0750 [10.8.194.64]) by mail-irva-12.broadcom.com (Postfix) with ESMTP id 96ACD69CA3; Fri, 18 Aug 2006 14:14:51 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 18 Aug 2006 14:14:50 -0700 Message-ID: <09BFF2FA5EAB4A45B6655E151BBDD90301D42713@NT-IRVA-0750.brcm.ad.broadcom.com> In-Reply-To: <94c7120b0608181236j2475301ds1379510f94b12d34@mail.gmail.com> Thread-Topic: Problem with IBM NetXtreme 1000-T GigaEthernet Adapter Thread-Index: AcbC/bxMOI/R+HRfSCqSQMkgd5M+BgADLPKw From: "David Christensen" To: "Senandung Mendonan" , freebsd-net@freebsd.org X-TMWD-Spam-Summary: SEV=1.1; DFV=A2006081809; IFV=2.0.6,4.0-7; RPD=4.00.0004; RPDID=303030312E30413031303230332E34344536324344462E303032432D412D; ENG=IBF; TS=20060818211452; CAT=NONE; CON=NONE; X-MMS-Spam-Filter-ID: A2006081809_4.00.0004_2.0.6,4.0-7 X-WSS-ID: 68F8F2463CC267733-01-01 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: Subject: RE: Problem with IBM NetXtreme 1000-T GigaEthernet Adapter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 21:15:08 -0000 =20 > Dear list, > I'm running the latest FreeBSD 6.1-RELEASE-p3 on the=20 > following piece of > hardware:- > IBM xSeries 336 > - 1 add-on PCI dual-port NIC (IBM Netxtreme Dualpt Ethernet adapter) > matching the Broadcom BCM5704C Dual Gigabit Ethernet chipset (detected > as bge0 and bge1) > - 2 internal built-in NICs matching the Broadcom BCM5721 Gigabit > Ethernet chipset. (detected as bge2 and bge3) >=20 > The internal NICs work fine (bge2 and bge3), however the=20 > add-on PCI NIC > has the following issues:- > On a GB Ethernet switchport (I am using Cisco Catalyst C3750G):- > - When set to auto-detect, or forced 1000baseTX on both sides > (switchport and server), the LED on both switchport and NIC dies the > moment FreeBSD OS is booting (i.e. when FreeBSD bge driver activated). > Previously, it was working fine at BIOS level. > - The only working setup is forced 100baseTX full-duplex on both sides > (switchport and server), however with intermittent link (ping yields > packet loss every 2-3 out of 10 packets or so). >=20 > I tried to use a FE version of the switch (Cisco Catalyst=20 > C3750), and a > single-port version of the said NIC, with the same results=20 > (auto detect > fails, and can only live with intermittent forced 100baseTX > full-duplex). There isn't a single port version of the 5704, it must be a different controller (maybe the 5703?). Which one is it exactly? Do either the=20 LOM devices or the add-in boards support remote management (such as=20 Serial-over-LAN or IPMI)? If so does disabling the feature change the problem? >=20 > Any pointers would be appreciated -- thanks. :) >=20 If you could attach a dump of dmesg that shows the messages from the driver that might help too. > --mendonan > "Yang mimpikan secangkir kopi panas dengan selimut.." > (Dreaming of a cup of hot coffee, and a blanket..") > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 >=20 From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 00:03:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6876416A4DD for ; Sat, 19 Aug 2006 00:03:14 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F39F43D46 for ; Sat, 19 Aug 2006 00:03:13 +0000 (GMT) (envelope-from pp@pp.dyndns.biz) Received: from gatekeeper.pp.dyndns.biz ([85.224.219.119] [85.224.219.119]) by mxfep02.bredband.com with ESMTP id <20060819000311.FFPI11843.mxfep02.bredband.com@gatekeeper.pp.dyndns.biz> for ; Sat, 19 Aug 2006 02:03:11 +0200 Received: from phobos ([192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.13.6/8.13.6) with ESMTP id k7J035dG061282 for ; Sat, 19 Aug 2006 02:03:09 +0200 (CEST) (envelope-from pp@pp.dyndns.biz) From: "Morgan" Sender: "pp" To: Date: Sat, 19 Aug 2006 02:02:54 +0200 Message-ID: <021a01c6c322$d52bf510$4345a8c0@phobos> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 thread-index: AcbDItGmsw0T9BD8Rey3euvXnvO11Q== Subject: dhclient and multiple addresses on single interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 00:03:14 -0000 Hi list. My current ISP allows me 5 dynamically assigned IP addresses. Is there any way to trick dhclient to allocate more than one address to a single interface so I could use bidirectional NAT for some of the PCs on my LAN? Regards Morgan From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 02:56:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 138D216A4DD for ; Sat, 19 Aug 2006 02:56:27 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from sccmmhc91.asp.att.net (sccmmhc91.asp.att.net [204.127.203.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92B2F43D49 for ; Sat, 19 Aug 2006 02:56:26 +0000 (GMT) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net ([12.207.12.9]) by sccmmhc91.asp.att.net (sccmmhc91) with ESMTP id <20060819025625m910086k8ve>; Sat, 19 Aug 2006 02:56:25 +0000 Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.6/8.13.6) with ESMTP id k7J2uGsH012237; Fri, 18 Aug 2006 21:56:16 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.6/8.13.6/Submit) id k7J2uE9g012236; Fri, 18 Aug 2006 21:56:14 -0500 (CDT) (envelope-from brooks) Date: Fri, 18 Aug 2006 21:56:13 -0500 From: Brooks Davis To: Morgan Message-ID: <20060819025613.GB11181@lor.one-eyed-alien.net> References: <021a01c6c322$d52bf510$4345a8c0@phobos> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh" Content-Disposition: inline In-Reply-To: <021a01c6c322$d52bf510$4345a8c0@phobos> User-Agent: Mutt/1.5.11 Cc: freebsd-net@freebsd.org Subject: Re: dhclient and multiple addresses on single interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 02:56:27 -0000 --0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 19, 2006 at 02:02:54AM +0200, Morgan wrote: > Hi list. >=20 > My current ISP allows me 5 dynamically assigned IP addresses. Is there any > way to trick dhclient to allocate more than one address to a single > interface so I could use bidirectional NAT for some of the PCs on my LAN? Not easily. If you could create some virtual ethernet interfaces, bridge them to the real one and run dhclient on them I think that would work, but I can't think of a suitable virtual interface at the moment. -- Brooks --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE5n3MXY6L6fI4GtQRAlymAJ44l1kddgKi8CpD+UVl1X+WXoMR5ACeI8fO 3HuJQ3TfVEIZXnhl7ZgpG0I= =Ia6r -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh-- From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 12:14:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69BFE16A4E0 for ; Sat, 19 Aug 2006 12:14:49 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39AF443D73 for ; Sat, 19 Aug 2006 12:14:39 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so1558414pye for ; Sat, 19 Aug 2006 05:14:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=YJ5n0JEVmhKH+HGJsmtpYXQDUuIdF3RsrtsL5EQgPPe7HjVd22hspNnLDWjL1zLU9KlIeFXqV45sb+oerlJkhaqfvd2CZhhL4Ljr+bYy4MBXUxmK2CsX8RPZ7ok8cWfNNctQhDrZUfXzcvKz4bbzPCKxHnZWRrDSDbJNh9thdJA= Received: by 10.65.84.4 with SMTP id m4mr4792360qbl; Sat, 19 Aug 2006 05:14:39 -0700 (PDT) Received: by 10.65.248.1 with HTTP; Sat, 19 Aug 2006 05:14:38 -0700 (PDT) Message-ID: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> Date: Sat, 19 Aug 2006 17:44:39 +0530 From: "Rajkumar S" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 12:14:49 -0000 Hi, The man page states DESCRIPTION The ip_input node type takes all received packets and queues them into the IP in input processing subsystem. Can some one elaborate where does this come in ip stack and what does this node do? I am not able to understand this just by reading the man page raj From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 12:41:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E3B516A4DA for ; Sat, 19 Aug 2006 12:41:34 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE42443D4C for ; Sat, 19 Aug 2006 12:41:33 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout2-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id k7JCfQRo046479; Sat, 19 Aug 2006 05:41:27 -0700 (PDT) Date: Sat, 19 Aug 2006 08:41:22 -0400 Message-ID: From: gnn@freebsd.org To: Julien =?ISO-8859-1?Q?Abeill=E9?= In-Reply-To: <20060819114513.39092.qmail@web26611.mail.ukl.yahoo.com> References: <20060819114513.39092.qmail@web26611.mail.ukl.yahoo.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.50 (i386-apple-darwin8.6.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: Re : ipv6 in ipv6 tunnel with FreeBSD 4.11 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 12:41:34 -0000 At Sat, 19 Aug 2006 11:45:13 +0000 (GMT), Julien Abeill=E9 wrote: >=20 > Hi George, > =20 > thanks for your answer. A few precisions then: I do two setups in > fact, one on IMUNES network emulator (this is why I use FreeBSD > 4.11), one with 4 real machines. The one with four real machines has > no tunnel endpoint. I know it is a bit weard, but the other machines > are linux machines, and I did not want to go in compatibility > problems (if there are some?). I don't know if there are compatability issues with Linux but I doubt it as the same people developed the protocol stacks, at least initially. > On this testbed (with the real machines), I just send trafic from M3 > through the FreeBSD machine. I did not set > ipv6_gateway_enable=3D"YES", but use sysctl. I do not have a BSD here > (internet cafe) so i do not remember the exact parameter > (net.inet6.ip6.forwarding?) but i set ipv6 forwarding to one and > without tunnels I can ping from one end to the other. One question: > are the two tunnel endpoints supposed to negociate something? If > yes, I do need another endpoint. Nope, they don't need to negotiate anything, the machines are just acting as routers. You also need to have appropriate routes set. > In the IMUNES simulation, I have the 4 machines inline the same way > (M1 M2 M3 M4 ) and setup the tunnel on M2 and M3 (between b::1 and > b::2). It works but with hop count limit=3D0. I did the same setup > with 5 machines inline (M1 M2 M3 M4 M5) and a tunnel between M2 and > M4. It does not work anymore: if i send trafic through the tunnel > from M2 to M4, M3 discards the packets and sends an icmpv6 "time > exceeded..." message to M2. > =20 That is odd, but it may be that one of the machines is considering the next hop address to be link local, and not global, in which case it might set the hop limit to be 1, and then it would be decremented to 0 at the other end of the tunnel. Make sure you're not using link local addresses on your tunnel endpoints. > I will try on monday without giving an IPv6 address to the gif > interface. Indeed I followed the instructions on the FreeBSD > handbook section IPv6 for IPv6 in IPv4 tunnels. The problem is I did > not find any instructions for IPv6 in IPv6. The only thing I found > in kame was: "be careful with IPv6 in IPv6 and IPv4 in IPv4 tunnels > which often result in infinite routing in the kernel". Maybe it is > what is happening here. It could be, but I don't have a setup like that to test. You might also ask on the kame-snap@kame.net mailing list as well. Also, keep freebsd-net@freebsd.org cc'd as someone else might be able to answer this better than I. Later, George From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 12:55:50 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A4D716A4DA for ; Sat, 19 Aug 2006 12:55:50 +0000 (UTC) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (relay0.rambler.ru [81.19.66.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id A436343D49 for ; Sat, 19 Aug 2006 12:55:49 +0000 (GMT) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (localhost [127.0.0.1]) by relay0.rambler.ru (Postfix) with ESMTP id 6238D5C5B; Sat, 19 Aug 2006 16:55:48 +0400 (MSD) Received: from edoofus.park.rambler.ru (unknown [81.19.65.108]) by relay0.rambler.ru (Postfix) with ESMTP id 402A95C4F; Sat, 19 Aug 2006 16:55:48 +0400 (MSD) Received: (from ru@localhost) by edoofus.park.rambler.ru (8.13.6/8.13.6) id k7JCtol0008952; Sat, 19 Aug 2006 16:55:50 +0400 (MSD) (envelope-from ru) Date: Sat, 19 Aug 2006 16:55:50 +0400 From: Ruslan Ermilov To: Rajkumar S Message-ID: <20060819125550.GA8879@rambler-co.ru> References: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> User-Agent: Mutt/1.5.12-2006-07-14 X-Virus-Scanned: No virus found Cc: freebsd-net@FreeBSD.org Subject: Re: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 12:55:50 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 19, 2006 at 05:44:39PM +0530, Rajkumar S wrote: > The man page states >=20 > DESCRIPTION > The ip_input node type takes all received packets and queues them into > the IP in input processing subsystem. >=20 > Can some one elaborate where does this come in ip stack and what does > this node do? I am not able to understand this just by reading the man > page >=20 It does this simple thing: > netisr_dispatch(NETISR_IP, m); which means putting the mbuf pointed to by "m" into the IP input queue and scheduling a call to ip_input(). Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE5wpWqRfpzJluFF4RAqe3AJ0Ty6eTPnQXn4eJnL0MexvXl3HkjACfVyxu hayo3Ma++wFqJsfhF6MTcp0= =HDIu -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6-- From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 13:35:50 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1CE616A4E1 for ; Sat, 19 Aug 2006 13:35:50 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7543143D49 for ; Sat, 19 Aug 2006 13:35:50 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so1587657pye for ; Sat, 19 Aug 2006 06:35:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MYRwjphqVmoxZ7RGd30UhyFnhQoYkP8zBeWY+PZJ3fjhr9jvNXRXAi2zE3CFMNTioHXK654IQjgAqTBN+65WdpXSfZgjuYKw9Ydg1cp0NLJfMlqjXa+mAER5SjezvXrCfl/J76G2mNT8gDK+zGTqoTPpBIY8un7MOjWM7/ZY3Z0= Received: by 10.65.239.13 with SMTP id q13mr4862009qbr; Sat, 19 Aug 2006 06:35:49 -0700 (PDT) Received: by 10.65.248.1 with HTTP; Sat, 19 Aug 2006 06:35:49 -0700 (PDT) Message-ID: <64de5c8b0608190635q1fe2c0c5oe5d258748c1c5c95@mail.gmail.com> Date: Sat, 19 Aug 2006 19:05:49 +0530 From: "Rajkumar S" To: freebsd-net@freebsd.org In-Reply-To: <20060819125550.GA8879@rambler-co.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> <20060819125550.GA8879@rambler-co.ru> Subject: Re: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 13:35:51 -0000 On 8/19/06, Ruslan Ermilov wrote: > On Sat, Aug 19, 2006 at 05:44:39PM +0530, Rajkumar S wrote: > > The man page states > > > > DESCRIPTION > > The ip_input node type takes all received packets and queues them into > > the IP in input processing subsystem. > It does this simple thing: > > > netisr_dispatch(NETISR_IP, m); > > which means putting the mbuf pointed to by "m" into the IP > input queue and scheduling a call to ip_input(). Thanks a lot for your answer. So this is used to inject packets into the ip stack? also, normally packets received from ethernet is passed into the same point, right? Any points to docs to read about a packet's traversal in FreeBSD ip stack? (especially wrt pf) raj From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 13:51:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E3E616A4DA for ; Sat, 19 Aug 2006 13:51:34 +0000 (UTC) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (relay0.rambler.ru [81.19.66.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9421243D4C for ; Sat, 19 Aug 2006 13:51:32 +0000 (GMT) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (localhost [127.0.0.1]) by relay0.rambler.ru (Postfix) with ESMTP id ACE2A5E87; Sat, 19 Aug 2006 17:51:31 +0400 (MSD) Received: from edoofus.park.rambler.ru (unknown [81.19.65.108]) by relay0.rambler.ru (Postfix) with ESMTP id 8B48B5E68; Sat, 19 Aug 2006 17:51:31 +0400 (MSD) Received: (from ru@localhost) by edoofus.park.rambler.ru (8.13.6/8.13.6) id k7JDpXaT009405; Sat, 19 Aug 2006 17:51:33 +0400 (MSD) (envelope-from ru) Date: Sat, 19 Aug 2006 17:51:33 +0400 From: Ruslan Ermilov To: Rajkumar S Message-ID: <20060819135133.GC9271@rambler-co.ru> References: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> <20060819125550.GA8879@rambler-co.ru> <64de5c8b0608190635q1fe2c0c5oe5d258748c1c5c95@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mvpLiMfbWzRoNl4x" Content-Disposition: inline In-Reply-To: <64de5c8b0608190635q1fe2c0c5oe5d258748c1c5c95@mail.gmail.com> User-Agent: Mutt/1.5.12-2006-07-14 X-Virus-Scanned: No virus found Cc: freebsd-net@freebsd.org Subject: Re: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 13:51:34 -0000 --mvpLiMfbWzRoNl4x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 19, 2006 at 07:05:49PM +0530, Rajkumar S wrote: > On 8/19/06, Ruslan Ermilov wrote: > >On Sat, Aug 19, 2006 at 05:44:39PM +0530, Rajkumar S wrote: > >> The man page states > >> > >> DESCRIPTION > >> The ip_input node type takes all received packets and queues them= =20 > >into > >> the IP in input processing subsystem. >=20 > >It does this simple thing: > > > >> netisr_dispatch(NETISR_IP, m); > > > >which means putting the mbuf pointed to by "m" into the IP > >input queue and scheduling a call to ip_input(). >=20 > Thanks a lot for your answer. >=20 > So this is used to inject packets into the ip stack? > Yes. > also, normally > packets received from ethernet is passed into the same point, right? >=20 Normally, yes. By sys/net/if_ethersubr.c::ether_demux(). > Any points to docs to read about a packet's traversal in FreeBSD ip > stack? (especially wrt pf) >=20 What level of detalization do you need? Filters, such as pf(4), are embedded into the normal processing using the pfil(9) API. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --mvpLiMfbWzRoNl4x Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE5xdlqRfpzJluFF4RAjq+AJ0WSk4NpfUbT94fIjMTY585veHrRwCfS4rH koSN68ytc1h4EaynmyA8H3M= =1dSx -----END PGP SIGNATURE----- --mvpLiMfbWzRoNl4x-- From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 14:28:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B80316A4DE for ; Sat, 19 Aug 2006 14:28:04 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9A6643D49 for ; Sat, 19 Aug 2006 14:28:03 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so1604477pye for ; Sat, 19 Aug 2006 07:28:03 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=C/GPyWYJ478GLq3mlecAMOW4zZz7Kt7tz0MWNcESVH6eXvot7Nxti8qBnctqMXxA/4QTTwgT1Qlem8ptRC63vF/3zQP7+CjuFG/OXTXmkSdqlECJaOCHBxBuraxS70gmX7FVKTjX6kSdDPaRFmirFrC5cjCzyVqYNKRrLYXoFMQ= Received: by 10.65.119.14 with SMTP id w14mr4842860qbm; Sat, 19 Aug 2006 07:28:03 -0700 (PDT) Received: by 10.65.248.1 with HTTP; Sat, 19 Aug 2006 07:28:03 -0700 (PDT) Message-ID: <64de5c8b0608190728k47c9dd50kfaf8b94096aa128e@mail.gmail.com> Date: Sat, 19 Aug 2006 19:58:03 +0530 From: "Rajkumar S" To: freebsd-net@freebsd.org In-Reply-To: <20060819135133.GC9271@rambler-co.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> <20060819125550.GA8879@rambler-co.ru> <64de5c8b0608190635q1fe2c0c5oe5d258748c1c5c95@mail.gmail.com> <20060819135133.GC9271@rambler-co.ru> Subject: Re: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 14:28:04 -0000 On 8/19/06, Ruslan Ermilov wrote: > On Sat, Aug 19, 2006 at 07:05:49PM +0530, Rajkumar S wrote: > > Any points to docs to read about a packet's traversal in FreeBSD ip > > stack? (especially wrt pf) > > > What level of detalization do you need? Filters, such as pf(4), are > embedded into the normal processing using the pfil(9) API. I am a relative newbie learning freebsd. A broad overview with pointers to manpages are ideal. like the the simple pointer to pfil(9) you gave along with a small description of where it appears. raj From owner-freebsd-net@FreeBSD.ORG Sat Aug 19 15:42:14 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFE4C16A4DA for ; Sat, 19 Aug 2006 15:42:14 +0000 (UTC) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (relay0.rambler.ru [81.19.66.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62FC543D4C for ; Sat, 19 Aug 2006 15:42:14 +0000 (GMT) (envelope-from ru@rambler-co.ru) Received: from relay0.rambler.ru (localhost [127.0.0.1]) by relay0.rambler.ru (Postfix) with ESMTP id 7ECD85D92; Sat, 19 Aug 2006 19:42:13 +0400 (MSD) Received: from edoofus.park.rambler.ru (unknown [81.19.65.108]) by relay0.rambler.ru (Postfix) with ESMTP id 5D7FD5D8B; Sat, 19 Aug 2006 19:42:13 +0400 (MSD) Received: (from ru@localhost) by edoofus.park.rambler.ru (8.13.6/8.13.6) id k7JFgFJn009987; Sat, 19 Aug 2006 19:42:15 +0400 (MSD) (envelope-from ru) Date: Sat, 19 Aug 2006 19:42:15 +0400 From: Ruslan Ermilov To: Rajkumar S Message-ID: <20060819154215.GB9883@rambler-co.ru> References: <64de5c8b0608190514l1c2241edj57b114997e01a8b2@mail.gmail.com> <20060819125550.GA8879@rambler-co.ru> <64de5c8b0608190635q1fe2c0c5oe5d258748c1c5c95@mail.gmail.com> <20060819135133.GC9271@rambler-co.ru> <64de5c8b0608190728k47c9dd50kfaf8b94096aa128e@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s2ZSL+KKDSLx8OML" Content-Disposition: inline In-Reply-To: <64de5c8b0608190728k47c9dd50kfaf8b94096aa128e@mail.gmail.com> User-Agent: Mutt/1.5.12-2006-07-14 X-Virus-Scanned: No virus found Cc: freebsd-net@FreeBSD.org Subject: Re: ng_ip_input ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2006 15:42:15 -0000 --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 19, 2006 at 07:58:03PM +0530, Rajkumar S wrote: > On 8/19/06, Ruslan Ermilov wrote: > >On Sat, Aug 19, 2006 at 07:05:49PM +0530, Rajkumar S wrote: > >> Any points to docs to read about a packet's traversal in FreeBSD ip > >> stack? (especially wrt pf) > >> > >What level of detalization do you need? Filters, such as pf(4), are > >embedded into the normal processing using the pfil(9) API. >=20 > I am a relative newbie learning freebsd. A broad overview with > pointers to manpages are ideal. like the the simple pointer to > pfil(9) you gave along with a small description of where it appears. >=20 Then you can always start from reading the source code. It's been written by human beings. :-) Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE5zFXqRfpzJluFF4RAlZLAJ9iKwi8GYcRX20BB6tO5Svdutt+1ACeMY0x djoZkPSj9k46/J5FNmoApEE= =pzh3 -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML--