From owner-freebsd-net@FreeBSD.ORG Sun Dec 10 13:20:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C611A16A416 for ; Sun, 10 Dec 2006 13:20:17 +0000 (UTC) (envelope-from seditaniedi@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE55643CB5 for ; Sun, 10 Dec 2006 13:19:02 +0000 (GMT) (envelope-from seditaniedi@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so993569uge for ; Sun, 10 Dec 2006 05:20:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=f+tqELyYEHc0/r1lUxPqrdJqwuRFZQeP6Wy0lFAB5dLt2dP2KvvNJEp5oLvL7XRbWPd57vsVDie0DLB6gEzoI0eL53l0T+YnQQl/1NblUZnF0FVDziC0NS073AQ+TQ9rlYr4X6gryd8lQt1c2c5AFy9ZFnv0ccwzhbPZos40fjA= Received: by 10.67.19.13 with SMTP id w13mr1987937ugi.1165756811773; Sun, 10 Dec 2006 05:20:11 -0800 (PST) Received: by 10.66.234.11 with HTTP; Sun, 10 Dec 2006 05:20:11 -0800 (PST) Message-ID: <2d8af7bc0612100520g5672bfebh32c7a08de2db81c3@mail.gmail.com> Date: Sun, 10 Dec 2006 14:20:11 +0100 From: "qoska kotfare" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2006 13:20:17 -0000 Can anybody give a status if we have any p4 or any effort on supporting/importing this from KAME?! OpenBSD and lately NetBSD have imported these and i remeber a post from ~2005 where andre@ and Marko(Virtual Stacks implementor on 4.X) discussed how to implement something similar to these days, and they where discussing to implement something similar like Cisco VRF. Any effort going on this?! Regards From owner-freebsd-net@FreeBSD.ORG Sun Dec 10 13:38:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0E60E16A403 for ; Sun, 10 Dec 2006 13:38:41 +0000 (UTC) (envelope-from zec@tel.fer.hr) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50BDB43C9E for ; Sun, 10 Dec 2006 13:37:29 +0000 (GMT) (envelope-from zec@tel.fer.hr) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 19AEC9B654; Sun, 10 Dec 2006 14:38:38 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.7 Received: from localhost (zec1.tel.fer.hr [161.53.19.78]) by xaqua.tel.fer.hr (Postfix) with ESMTP id DC84E9B64F; Sun, 10 Dec 2006 14:38:37 +0100 (CET) From: Marko Zec To: freebsd-net@freebsd.org Date: Sun, 10 Dec 2006 14:38:32 +0100 User-Agent: KMail/1.9.1 References: <2d8af7bc0612100520g5672bfebh32c7a08de2db81c3@mail.gmail.com> In-Reply-To: <2d8af7bc0612100520g5672bfebh32c7a08de2db81c3@mail.gmail.com> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200612101438.33014.zec@tel.fer.hr> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Cc: qoska kotfare Subject: Re: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2006 13:38:41 -0000 On Sunday 10 December 2006 14:20, qoska kotfare wrote: > Can anybody give a status if we have any p4 or any effort on > supporting/importing this from KAME?! > > OpenBSD and lately NetBSD have imported these and i remeber a post > from ~2005 where andre@ and Marko(Virtual Stacks implementor on 4.X) > discussed how to implement something similar to these days, and they > where discussing to implement something similar like Cisco VRF. > Any effort going on this?! I'm working on virtualizing the network stack for -CURRENT in p4, but this project is focused primarily on virtualizing the existing networking state / code, not on introducing new features like multipath routing. Marko From owner-freebsd-net@FreeBSD.ORG Sun Dec 10 21:35:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE68E16A416 for ; Sun, 10 Dec 2006 21:35:21 +0000 (UTC) (envelope-from seditaniedi@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99D9A43CBD for ; Sun, 10 Dec 2006 21:34:07 +0000 (GMT) (envelope-from seditaniedi@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1057289uge for ; Sun, 10 Dec 2006 13:35:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mGGg+952AIMDXRTBDZEUzTku0Kb0UekL/O0c99e2NQT4xIQWcZvkC2IusnjVYq9ila6z0QIYbbZJf/IKeLe4HsuaOBn/v5iIipBWe2EogYDtwfYy5E2vY1tAtK2KmQHOPX8snVBxY776xb3GGJ99bh+Gg0FGzUcTQPt26LkSo4g= Received: by 10.67.19.20 with SMTP id w20mr8819809ugi.1165786518603; Sun, 10 Dec 2006 13:35:18 -0800 (PST) Received: by 10.66.234.11 with HTTP; Sun, 10 Dec 2006 13:35:18 -0800 (PST) Message-ID: <2d8af7bc0612101335r74644527ucfa2d696cdde84b7@mail.gmail.com> Date: Sun, 10 Dec 2006 22:35:18 +0100 From: "qoska kotfare" To: "Marko Zec" In-Reply-To: <200612101438.33014.zec@tel.fer.hr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2d8af7bc0612100520g5672bfebh32c7a08de2db81c3@mail.gmail.com> <200612101438.33014.zec@tel.fer.hr> Cc: freebsd-net@freebsd.org Subject: Re: Multipath Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2006 21:35:21 -0000 On 12/10/06, Marko Zec wrote: > On Sunday 10 December 2006 14:20, qoska kotfare wrote: > > Can anybody give a status if we have any p4 or any effort on > > supporting/importing this from KAME?! > > > > OpenBSD and lately NetBSD have imported these and i remeber a post > > from ~2005 where andre@ and Marko(Virtual Stacks implementor on 4.X) > > discussed how to implement something similar to these days, and they > > where discussing to implement something similar like Cisco VRF. > > Any effort going on this?! > > I'm working on virtualizing the network stack for -CURRENT in p4, but this > project is focused primarily on virtualizing the existing networking state / > code, not on introducing new features like multipath routing. > > Marko > Well glad your continuing to support these tools. But my focus was more toward routing table virtualization cause it seems a must nowdays! Even in router requirements as requested by RFC/STD. More MultiWan would be a lot easier if such features exist if you don't wanna have the hassles with BFP or other routing protocols. Anyway i hope any other report will show up on such thing :-). From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 00:46:12 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18B4E16A4A0 for ; Mon, 11 Dec 2006 00:46:12 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail4out.barnet.com.au (mail4.barnet.com.au [202.83.178.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F85043D9B for ; Mon, 11 Dec 2006 00:42:53 +0000 (GMT) (envelope-from edwin@mavetju.org) Received: by mail4out.barnet.com.au (Postfix, from userid 1001) id B984F37BAE4; Mon, 11 Dec 2006 11:44:04 +1100 (EST) X-Viruscan-Id: <457CA9D4000149ECE70DBB@BarNet> Received: from mail4auth.barnet.com.au (mail4.barnet.com.au [202.83.178.125]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail4.barnet.com.au (Postfix) with ESMTP id 8944442250A for ; Mon, 11 Dec 2006 11:44:04 +1100 (EST) Received: from k7.mavetju (k7.mavetju.org [10.251.1.18]) by mail4auth.barnet.com.au (Postfix) with ESMTP id 43E7D37BAFD for ; Mon, 11 Dec 2006 11:44:04 +1100 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id E4AA212D; Mon, 11 Dec 2006 11:44:03 +1100 (EST) Date: Mon, 11 Dec 2006 11:44:03 +1100 From: Edwin Groothuis To: freebsd-net@freebsd.org Message-ID: <20061211004403.GA90167@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: resolver inside a jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 00:46:12 -0000 I am not sure if this is the right group for it, but I think that this one is a good first step. Please see http://weblog.barnet.com.au/edwin/000153.html: /etc/resolv.conf in jails I have been plagued by this error in some of my jails for a long time: $ dig foo.bar ;; reply from unexpected source: 202.83.178.125#53, expected 127.0.0.1#53 telnet itself works fine, it's just that dig and friends give this strange error. What is also strange is that the tcpdump output doesn't reflect the settings in /etc/resolv.conf: $ cat /etc/resolv.conf search barnet.com.au server 202.83.176.1 # tcpdump -ni lo0 port 53 11:28:45.204241 IP 202.83.178.125.57276 > 202.83.178.125.53: 15750 A? www.ibm.com. (29) 11:28:45.218305 IP 202.83.178.125.53 > 202.83.178.125.57276: 15750- 0/4/4 (203) Of course this was a configuration issue. In /etc/resolv.conf, the right statement is nameserver, not server. But the resolver in the jail looked through the /etc/resolv.conf of the host which contains 127.0.0.1. But the final question is: Where does it get 202.83.178.125 from? It is the IP address of the jail, to which 127.0.0.1 silently gets translated to. But the resolver still expects it to come from the 127.0.0.1 number, and is for that reason throwing the warning. Is this something I should open a bug report for? Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/ From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 09:35:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 026F916A407 for ; Mon, 11 Dec 2006 09:35:29 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CD0643CA3 for ; Mon, 11 Dec 2006 09:33:59 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id B2BAC2002A6; Mon, 11 Dec 2006 10:35:12 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 455852002A2; Mon, 11 Dec 2006 10:35:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0A24B444885; Mon, 11 Dec 2006 09:34:22 +0000 (UTC) Date: Mon, 11 Dec 2006 09:34:22 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Edwin Groothuis In-Reply-To: <20061211004403.GA90167@k7.mavetju> Message-ID: <20061211093258.N91892@maildrop.int.zabbadoz.net> References: <20061211004403.GA90167@k7.mavetju> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: resolver inside a jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 09:35:29 -0000 On Mon, 11 Dec 2006, Edwin Groothuis wrote: [loopback address in jail] > Is this something I should open a bug report for? No, it's a well known "feature" of jails that INADDR_LOOPBACK gets translated to the jails address. There is no INADDR_LOOPBACK inside a jail - check ifconfig ;) -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 11:14:48 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C5F2C16A6A7 for ; Mon, 11 Dec 2006 11:14:48 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 562F143CAF for ; Mon, 11 Dec 2006 11:07:26 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBBB8gvL022933 for ; Mon, 11 Dec 2006 11:08:42 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBBB8dSh022922 for freebsd-net@FreeBSD.org; Mon, 11 Dec 2006 11:08:39 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 Dec 2006 11:08:39 GMT Message-Id: <200612111108.kBBB8dSh022922@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 11:14:48 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/38554 net changing interface ipaddress doesn't seem to work s kern/39937 net ipstealth issue o kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/95665 net [if_tun] "ping: sendto: No buffer space available" wit 4 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/19875 net A new protocol family, PF_IPOPTION, to handle IP optio o conf/23063 net [PATCH] for static ARP tables in rc.network s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr o kern/54383 net [nfs] [patch] NFS root configurations without dynamic s kern/60293 net FreeBSD arp poison patch o kern/95267 net packet drops periodically appear f kern/95277 net [netinet] IP Encapsulation mask_match() returns wrong o kern/102035 net [plip] plip networking disables parallel port printing o conf/102502 net [patch] ifconfig name does't rename netgraph node in n 9 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 21:39:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5CD7B16A4C2 for ; Mon, 11 Dec 2006 21:39:18 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail4out.barnet.com.au (mail4.barnet.com.au [202.83.178.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DF1744C09 for ; Mon, 11 Dec 2006 21:04:07 +0000 (GMT) (envelope-from edwin@mavetju.org) Received: by mail4out.barnet.com.au (Postfix, from userid 1001) id EBAFE37BAE7; Tue, 12 Dec 2006 08:05:24 +1100 (EST) X-Viruscan-Id: <457DC81400014E740912E3@BarNet> Received: from mail4auth.barnet.com.au (mail4.barnet.com.au [202.83.178.125]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail4.barnet.com.au (Postfix) with ESMTP id B2B034235A6; Tue, 12 Dec 2006 08:05:24 +1100 (EST) Received: from k7.mavetju (k7.mavetju.org [10.251.1.18]) by mail4auth.barnet.com.au (Postfix) with ESMTP id 7605237B936; Tue, 12 Dec 2006 08:05:24 +1100 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id 52983136; Tue, 12 Dec 2006 08:05:24 +1100 (EST) Date: Tue, 12 Dec 2006 08:05:24 +1100 From: Edwin Groothuis To: "Bjoern A. Zeeb" Message-ID: <20061211210524.GB90167@k7.mavetju> References: <20061211004403.GA90167@k7.mavetju> <20061211093258.N91892@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061211093258.N91892@maildrop.int.zabbadoz.net> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: resolver inside a jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 21:39:18 -0000 On Mon, Dec 11, 2006 at 09:34:22AM +0000, Bjoern A. Zeeb wrote: > On Mon, 11 Dec 2006, Edwin Groothuis wrote: > > [loopback address in jail] > >Is this something I should open a bug report for? > > No, it's a well known "feature" of jails that INADDR_LOOPBACK gets > translated to the jails address. There is no INADDR_LOOPBACK inside a > jail - check ifconfig ;) It's more that it looks like the resolver is taking the configuration from /etc/resolv.conf on the hostmachine instead of saying "I can't translate the name foo.bar into an IP address". Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/ From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 21:52:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A9BFC16A492 for ; Mon, 11 Dec 2006 21:52:07 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outI.internet-mail-service.net (outI.internet-mail-service.net [216.240.47.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D299446E0 for ; Mon, 11 Dec 2006 21:26:33 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Mon, 11 Dec 2006 13:12:59 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBBLRiFj035768 for ; Mon, 11 Dec 2006 13:27:44 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <457DCD47.5090004@elischer.org> Date: Mon, 11 Dec 2006 13:27:35 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 21:52:07 -0000 in ipfw layer 2 processing, the packet is passed to the firewall as if it was a layer 3 IP packet but the ether header is also made available. I would like to add something similar in the case where a vlan tag is also on the packet.. basically I have a change where: If we are processing layer 2 packets (in ether or bridge code) AND a sysctl says to do it, and it is a vlan packet, Then the vlan header is also held back so that the packet can be processed and examined as an IP packet. It is (in the same way the ether header is) reattached when the packet is accepted. This allows me to filter packets that are traversing my bridge, even though they are encapsulated in a vlan. I have patches to allow this. I need this function. does anyone else? Julian From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 22:15:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1D7BD16A50E for ; Mon, 11 Dec 2006 22:15:29 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C09B43E7F for ; Mon, 11 Dec 2006 22:05:15 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 51220 invoked from network); 11 Dec 2006 21:53:52 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 11 Dec 2006 21:53:52 -0000 Message-ID: <457DD658.7010707@freebsd.org> Date: Mon, 11 Dec 2006 23:06:16 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Julian Elischer References: <457DCD47.5090004@elischer.org> In-Reply-To: <457DCD47.5090004@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 22:15:29 -0000 Julian Elischer wrote: > > in ipfw layer 2 processing, the packet is passed to the firewall > as if it was a layer 3 IP packet but the ether header is also made > available. > > I would like to add something similar in the case where a vlan tag > is also on the packet.. > > basically I have a change where: > > If we are processing layer 2 packets (in ether or bridge code) > AND a sysctl says to do it, > and it is a vlan packet, > > Then the vlan header is also held back so that the packet can be > processed and examined as an IP packet. It is > (in the same way the ether header is) reattached when the packet is > accepted. > > This allows me to filter packets that are traversing my bridge, > even though they are encapsulated in a vlan. > > I have patches to allow this. I need this function. does anyone else? Please have the ipfw code examine the vlan tag in the mbuf instead of fiddling with the mbuf contents. -- Andre From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 22:58:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6EE1316A4FB for ; Mon, 11 Dec 2006 22:58:59 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outC.internet-mail-service.net [216.240.47.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECD9C43D2D for ; Mon, 11 Dec 2006 22:57:08 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Mon, 11 Dec 2006 14:43:42 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBBMwP5w057192; Mon, 11 Dec 2006 14:58:26 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <457DE28D.1010106@elischer.org> Date: Mon, 11 Dec 2006 14:58:21 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Andre Oppermann References: <457DCD47.5090004@elischer.org> <457DD658.7010707@freebsd.org> In-Reply-To: <457DD658.7010707@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 22:58:59 -0000 Andre Oppermann wrote: > Julian Elischer wrote: >> >> in ipfw layer 2 processing, the packet is passed to the firewall >> as if it was a layer 3 IP packet but the ether header is also made >> available. >> >> I would like to add something similar in the case where a vlan tag >> is also on the packet.. >> >> basically I have a change where: >> >> If we are processing layer 2 packets (in ether or bridge code) >> AND a sysctl says to do it, >> and it is a vlan packet, >> >> Then the vlan header is also held back so that the packet can be >> processed and examined as an IP packet. It is >> (in the same way the ether header is) reattached when the packet is >> accepted. >> >> This allows me to filter packets that are traversing my bridge, >> even though they are encapsulated in a vlan. >> >> I have patches to allow this. I need this function. does anyone else? > > Please have the ipfw code examine the vlan tag in the mbuf instead of > fiddling with the mbuf contents. The ipfw will be ignoring the vlan contents.. the patch is to move the 'start of ip header' pointer past the vlan header.. (if asked) so that it can identifu the IP packet. part of the patch is to make sure all the code uses this pointer instead of the case now where some code uses it and some uses mtod(). This could be used in conjunction with vlan keyword that would look at the vlan header, but that is a different feature.. From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 23:31:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E58A116A407 for ; Mon, 11 Dec 2006 23:31:59 +0000 (UTC) (envelope-from smw2010@gmail.com) Received: from nz-out-0102.google.com (nz-out-0506.google.com [64.233.162.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2291643DFA for ; Mon, 11 Dec 2006 23:27:00 +0000 (GMT) (envelope-from smw2010@gmail.com) Received: by nz-out-0102.google.com with SMTP id i11so862317nzh for ; Mon, 11 Dec 2006 15:27:56 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Go3guwIShJU9B4MqDKBF908JKts7SViWF+ehdJAV5Ovw9XX0ptwPir8tGPS3wtTF+Etp5WkRi9Yw7QXVwMDmEuxC8C5iInDFNWE8z7visEvHS/VY82oK0cR+hv+9fE6XtzN/nU2LCegiNLVfVL5pcIX1tbPbdnBJNxE59mEv4+c= Received: by 10.65.234.3 with SMTP id l3mr11932825qbr.1165879675615; Mon, 11 Dec 2006 15:27:55 -0800 (PST) Received: by 10.65.204.12 with HTTP; Mon, 11 Dec 2006 15:27:55 -0800 (PST) Message-ID: Date: Tue, 12 Dec 2006 10:27:55 +1100 From: "Sam Wun" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Adding a new VPN connection X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 23:32:00 -0000 Hi, In a FreeBSD router (5.4-stable), there are currently 50 IPSEC VPN connections running with 50 remote sites, now I need to add one more (new) vpn to it without resetting the existing VPN connection. Therefore I have created a script (new-vpn.sh): #!/bin/sh # Tunnel to kgportsmith /sbin/ifconfig gif108 destroy /sbin/ifconfig gif108 create /sbin/ifconfig gif108 tunnel 10.152.34.74 10.154.3.74 /sbin/ifconfig gif108 inet 10.1.1.1 10.1.1.33 netmask 255.255.255.0 /sbin/route delete 10.1.33.1/24 /sbin/route delete 172.17.33.0/24 /sbin/route add 10.1.33.1/24 10.1.1.33 /sbin/route add 172.17.33.0/24 10.1.1.33 setkey -c << EOF # Setup policies with kgportsmith spdadd 10.152.34.74 10.154.3.74 any -P out ipsec esp/tunnel/10.152.34.74- 10.154.3.74/require ; spdadd 10.154.3.74 10.152.34.74 any -P in ipsec esp/tunnel/10.154.3.74- 10.152.34.74/require ; add 10.152.34.74 10.154.3.74 esp 2797 -m tunnel -E blowfish-cbc 0x11205611340CCEA4C816670A4A8DD2A67403F46A08169850DC0B8E2989C3C2094CEF174297ECCF39644B6C4E28D5A3BD4C0861DD7094E398 -A hmac-sha1 0x2C49F538BAF74917311382F7EE42CC43FBDBDA4B ; add 10.154.3.74 10.152.34.74 esp 4074 -m tunnel -E blowfish-cbc 0x82A7C78A8C1F8B0DF8EE75F4BEEA5A26D987C6237D43ED98EF3E2A18D2B7F2C94674E1E4B1FAFE645CCB2C18603646E20EB925B06AEC4F6B -A hmac-sha1 0xCE1D85113D11D43C061E499CFFECCD81D50A3530 ; EOF ### END OF SCRIPT ### Will this script (especially the command setkey -c) erase (reset) the existing VPN connection and security keys)? If it does, I will lose the connectino with all other sites. Thanks S From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 23:46:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B015516A4D4; Mon, 11 Dec 2006 23:46:25 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0C6043CAC; Mon, 11 Dec 2006 23:44:36 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.66.34.19] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1Gtuq60r6F-0007UR; Tue, 12 Dec 2006 00:45:43 +0100 From: Max Laier Organization: FreeBSD To: Julian Elischer Date: Tue, 12 Dec 2006 00:45:35 +0100 User-Agent: KMail/1.9.4 References: <457DCD47.5090004@elischer.org> <457DD658.7010707@freebsd.org> <457DE28D.1010106@elischer.org> In-Reply-To: <457DE28D.1010106@elischer.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1206538.0GP4lc3s94"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200612120045.41425.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 23:46:25 -0000 --nextPart1206538.0GP4lc3s94 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 11 December 2006 23:58, Julian Elischer wrote: > Andre Oppermann wrote: > > Julian Elischer wrote: > >> in ipfw layer 2 processing, the packet is passed to the firewall > >> as if it was a layer 3 IP packet but the ether header is also made > >> available. > >> > >> I would like to add something similar in the case where a vlan tag > >> is also on the packet.. > >> > >> basically I have a change where: > >> > >> If we are processing layer 2 packets (in ether or bridge code) > >> AND a sysctl says to do it, > >> and it is a vlan packet, > >> > >> Then the vlan header is also held back so that the packet can be > >> processed and examined as an IP packet. It is > >> (in the same way the ether header is) reattached when the packet is > >> accepted. > >> > >> This allows me to filter packets that are traversing my bridge, > >> even though they are encapsulated in a vlan. > >> > >> I have patches to allow this. I need this function. does anyone > >> else? > > > > Please have the ipfw code examine the vlan tag in the mbuf instead of > > fiddling with the mbuf contents. > > The ipfw will be ignoring the vlan contents.. the patch is to move the > 'start of ip header' pointer past the vlan header.. (if asked) so that > it can identifu the IP packet. > > part of the patch is to make sure all the code uses this pointer > instead of the case now where some code uses it and some uses mtod(). > > This could be used in conjunction with vlan keyword that would look at > the vlan header, but that is a different feature.. I understand you do have a patch? Let's see it, so we are clear what we=20 are talking about. I think that w/o a ipfw feature to identify the vlan=20 number, it is pretty useless. Of course, it would enable you to do some=20 basic sanity checks, but real filtering needs to know the vlan it is=20 concerned with. BTW, what speaks against plugging the bridge into the=20 vlan on either side and bridge the vlan interfaces together? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1206538.0GP4lc3s94 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFfe2lXyyEoT62BG0RAjDpAJ0WPXFRL+CwM5CqxTie7hMUXPpC9QCdGhvP NVUq7tM6Io50kXpUpnmFYq8= =G3HE -----END PGP SIGNATURE----- --nextPart1206538.0GP4lc3s94-- From owner-freebsd-net@FreeBSD.ORG Mon Dec 11 23:59:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 29B0E16A417 for ; Mon, 11 Dec 2006 23:59:59 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outB.internet-mail-service.net (outB.internet-mail-service.net [216.240.47.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FB3843DAC for ; Mon, 11 Dec 2006 23:56:49 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Mon, 11 Dec 2006 15:43:21 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBBNw53w031252; Mon, 11 Dec 2006 15:58:06 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <457DF081.2050306@elischer.org> Date: Mon, 11 Dec 2006 15:57:53 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Max Laier References: <457DCD47.5090004@elischer.org> <457DD658.7010707@freebsd.org> <457DE28D.1010106@elischer.org> <200612120045.41425.max@love2party.net> In-Reply-To: <200612120045.41425.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2006 23:59:59 -0000 Max Laier wrote: > On Monday 11 December 2006 23:58, Julian Elischer wrote: >> Andre Oppermann wrote: >>> Julian Elischer wrote: >>>> in ipfw layer 2 processing, the packet is passed to the firewall >>>> as if it was a layer 3 IP packet but the ether header is also made >>>> available. >>>> >>>> I would like to add something similar in the case where a vlan tag >>>> is also on the packet.. >>>> >>>> basically I have a change where: >>>> >>>> If we are processing layer 2 packets (in ether or bridge code) >>>> AND a sysctl says to do it, >>>> and it is a vlan packet, >>>> >>>> Then the vlan header is also held back so that the packet can be >>>> processed and examined as an IP packet. It is >>>> (in the same way the ether header is) reattached when the packet is >>>> accepted. >>>> >>>> This allows me to filter packets that are traversing my bridge, >>>> even though they are encapsulated in a vlan. >>>> >>>> I have patches to allow this. I need this function. does anyone >>>> else? >>> Please have the ipfw code examine the vlan tag in the mbuf instead of >>> fiddling with the mbuf contents. >> The ipfw will be ignoring the vlan contents.. the patch is to move the >> 'start of ip header' pointer past the vlan header.. (if asked) so that >> it can identifu the IP packet. >> >> part of the patch is to make sure all the code uses this pointer >> instead of the case now where some code uses it and some uses mtod(). >> >> This could be used in conjunction with vlan keyword that would look at >> the vlan header, but that is a different feature.. > > I understand you do have a patch? Let's see it, so we are clear what we > are talking about. I think that w/o a ipfw feature to identify the vlan > number, it is pretty useless. Of course, it would enable you to do some > basic sanity checks, but real filtering needs to know the vlan it is > concerned with. BTW, what speaks against plugging the bridge into the > vlan on either side and bridge the vlan interfaces together? Actually I HAD a patch on Friday but lost it due to a raid crash (grrr mfi card on a dell 2950).. but I'm 'retyping it in' and hope to have one to show in a day or so.. At least no-one has said "That's a stupid idea" which is what I was looking for. From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 00:10:18 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 26B6416A412 for ; Tue, 12 Dec 2006 00:10:18 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outP.internet-mail-service.net (outP.internet-mail-service.net [216.240.47.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id A24CE43FA1 for ; Tue, 12 Dec 2006 00:03:36 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Mon, 11 Dec 2006 15:50:05 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBC04k10040414; Mon, 11 Dec 2006 16:04:49 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <457DF210.10403@elischer.org> Date: Mon, 11 Dec 2006 16:04:32 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Max Laier References: <457DCD47.5090004@elischer.org> <457DD658.7010707@freebsd.org> <457DE28D.1010106@elischer.org> <200612120045.41425.max@love2party.net> In-Reply-To: <200612120045.41425.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 00:10:18 -0000 Max Laier wrote: > On Monday 11 December 2006 23:58, Julian Elischer wrote: >> Andre Oppermann wrote: >>> Julian Elischer wrote: >>>> in ipfw layer 2 processing, the packet is passed to the firewall >>>> as if it was a layer 3 IP packet but the ether header is also made >>>> available. >>>> >>>> I would like to add something similar in the case where a vlan tag >>>> is also on the packet.. >>>> >>>> basically I have a change where: >>>> >>>> If we are processing layer 2 packets (in ether or bridge code) >>>> AND a sysctl says to do it, >>>> and it is a vlan packet, >>>> >>>> Then the vlan header is also held back so that the packet can be >>>> processed and examined as an IP packet. It is >>>> (in the same way the ether header is) reattached when the packet is >>>> accepted. >>>> >>>> This allows me to filter packets that are traversing my bridge, >>>> even though they are encapsulated in a vlan. >>>> >>>> I have patches to allow this. I need this function. does anyone >>>> else? >>> Please have the ipfw code examine the vlan tag in the mbuf instead of >>> fiddling with the mbuf contents. >> The ipfw will be ignoring the vlan contents.. the patch is to move the >> 'start of ip header' pointer past the vlan header.. (if asked) so that >> it can identifu the IP packet. >> >> part of the patch is to make sure all the code uses this pointer >> instead of the case now where some code uses it and some uses mtod(). >> >> This could be used in conjunction with vlan keyword that would look at >> the vlan header, but that is a different feature.. > > I understand you do have a patch? Let's see it, so we are clear what we > are talking about. I think that w/o a ipfw feature to identify the vlan > number, it is pretty useless. Of course, it would enable you to do some > basic sanity checks, but real filtering needs to know the vlan it is > concerned with. BTW, what speaks against plugging the bridge into the > vlan on either side and bridge the vlan interfaces together? The ability to look inside a vlan is separate from the ability to select ON the vlan. This is for a device that wants to appear as a bump on the wire. It just wants to filter out packets that have some characteristics.. If you can select on a vlan with another command (e.g. a skipto) then the two are orthogonal. I don't know ahead of time what vlans are in use across the trunk I'm filtering and there may be many.. So making a separate vlan interface for each vlan that I find (what all 4096 of them?) and filtering that separatly is not feasible. From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 04:07:27 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E3EB16A416 for ; Tue, 12 Dec 2006 04:07:27 +0000 (UTC) (envelope-from maillist.ifiaas@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09B5A43CB8 for ; Tue, 12 Dec 2006 04:06:04 +0000 (GMT) (envelope-from maillist.ifiaas@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so108569nfc for ; Mon, 11 Dec 2006 20:07:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Iyf3mcU1Fce4Tb/Su39ibCjCXbAMPmIfikIf2Rj/RsxDmWcFDDwd8eDLsYs4Io8kk0oXdvqHX22+JzCS9A/gqN8SnQsIR5CH8n4ri2fnMBzHxe8NLbIQMaushs+ZIpQQqJYwsQXDVlKvWOiGTC3Pswf18B8bBtVFneXIsw35beY= Received: by 10.48.245.17 with SMTP id s17mr2722nfh.1165896444456; Mon, 11 Dec 2006 20:07:24 -0800 (PST) Received: by 10.49.64.1 with HTTP; Mon, 11 Dec 2006 20:07:24 -0800 (PST) Message-ID: <161d69110612112007j5d545b33qd18c6b6306f93bca@mail.gmail.com> Date: Tue, 12 Dec 2006 12:07:24 +0800 From: "maillist ifiaas" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: TCP payload size and throughput X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 04:07:27 -0000 Hi friends, I know there is some relationship between the packet size and the TCP throughput. But what if two TCP Sack flows have the same MTU size, but different header size (hence different payload size) ? Is there any work that model this issue before? Thank you! gavin From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 04:41:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 80FEE16A403 for ; Tue, 12 Dec 2006 04:41:20 +0000 (UTC) (envelope-from chirisum@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7626043C9D for ; Tue, 12 Dec 2006 04:39:59 +0000 (GMT) (envelope-from chirisum@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1405601uge for ; Mon, 11 Dec 2006 20:41:19 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Prt0KCMqtI2zfiGYYuQYwR0X+LTuGhYo0Yup6w1CW13Ncea4kJLgtl0yOROt7QRNC1HtrOTj10HuP+U/vnxQFj/XZHmqtrlJ2w1GvVdPygi9x8izcN5SQEtEwllBC5Q21h8ve6HXqbPEGo9wMZovgV81b7ci+VlwO5a1jk41CmY= Received: by 10.78.158.11 with SMTP id g11mr1945833hue.1165898478412; Mon, 11 Dec 2006 20:41:18 -0800 (PST) Received: by 10.78.196.16 with HTTP; Mon, 11 Dec 2006 20:41:18 -0800 (PST) Message-ID: Date: Tue, 12 Dec 2006 10:11:18 +0530 From: "Srini vasa" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: VLAN implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 04:41:20 -0000 Hi, I had a question regarding routing in freeBSD for VLAN enabled packets. Looks like freeBSD does not include VLAN information into the routing table. My question is, when we have two remote hosts connected through two different VLANs (probably on two different physical interfaces on the local host) with same IP addresses, how is the routing information stored for each of them in a distinct manner???? Regards, Shreeni From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 09:25:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0291B16A47C for ; Tue, 12 Dec 2006 09:25:47 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACF3F43CC7 for ; Tue, 12 Dec 2006 09:24:22 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 74398577C for ; Tue, 12 Dec 2006 12:25:38 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 347502623 for freebsd-net@freebsd.org; Tue, 12 Dec 2006 12:25:37 +0300 Date: Tue, 12 Dec 2006 12:27:46 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <166800308.20061212122746@sovetnik.org> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 09:25:47 -0000 Hello world. My provider give me access to the net via pppoe, so I decided to use mpd as a client. I've compiled into the kernel some netgraph modules, edited a little default mpd config and started it via rc.d. Everything looked ok, connection established, but no packets walked throw interface. When I tried to stop mpd, it didn't. It looked like 'Waiting for pids: 1234, 1234, 1234, 1234' ets.. So I had to use kill -9 and ngctl shutdown to stop mpd. What should I do to make mpd work fine? Some logs and configs below: (I've corre #mpd.log Dec 11 22:55:05 sys mpd: mpd: pid 4959, version 3.18 (root@sys.42-club.ru 22:53 11-Dec-2006) Dec 11 22:55:05 sys mpd: [PPPoE] ppp node is "mpd4959-PPPoE" Dec 11 22:55:05 sys mpd: [PPPoE] exec: /sbin/ifconfig fxp1 up Dec 11 22:55:05 sys mpd: [PPPoE] using interface ng0 Dec 11 22:55:05 sys mpd: [PPPoE] the max MTU on type "pppoe" links is 1492 Dec 11 22:55:05 sys mpd: [PPPoE] IPCP: peer address cannot be zero Dec 11 22:55:05 sys mpd: [PPPoE] IFACE: Open event Dec 11 22:55:05 sys mpd: [PPPoE] IPCP: Open event Dec 11 22:55:05 sys mpd: [PPPoE] IPCP: state change Initial --> Starting Dec 11 22:55:05 sys mpd: [PPPoE] IPCP: LayerStart Dec 11 22:55:05 sys mpd: [PPPoE] bundle: OPEN event in state CLOSED Dec 11 22:55:05 sys mpd: [PPPoE] opening link "PPPoE"... Dec 11 22:55:05 sys mpd: [PPPoE] link: OPEN event Dec 11 22:55:05 sys mpd: [PPPoE] LCP: Open event Dec 11 22:55:05 sys mpd: [PPPoE] LCP: state change Initial --> Starting Dec 11 22:55:05 sys mpd: [PPPoE] LCP: LayerStart Dec 11 22:55:05 sys mpd: [PPPoE] device: OPEN event in state DOWN Dec 11 22:55:05 sys mpd: [PPPoE] device is now in state OPENING Dec 11 22:55:05 sys mpd: [PPPoE] rec'd ACNAME "auth" Dec 11 22:55:05 sys mpd: [PPPoE] PPPoE connection successful Dec 11 22:55:05 sys mpd: [PPPoE] device: UP event in state OPENING Dec 11 22:55:05 sys mpd: [PPPoE] device is now in state UP Dec 11 22:55:05 sys mpd: [PPPoE] link: UP event Dec 11 22:55:05 sys mpd: [PPPoE] link: origination is local Dec 11 22:55:05 sys mpd: [PPPoE] LCP: Up event Dec 11 22:55:05 sys mpd: [PPPoE] LCP: state change Starting --> Req-Sent Dec 11 22:55:05 sys mpd: [PPPoE] LCP: phase shift DEAD --> ESTABLISH Dec 11 22:55:05 sys mpd: [PPPoE] LCP: SendConfigReq #1 Dec 11 22:55:05 sys mpd: MRU 1492 Dec 11 22:55:05 sys mpd: MAGICNUM 5664c401 Dec 11 22:55:05 sys mpd: [PPPoE] LCP: rec'd Configure Request #1 link 0 (Req-Sent) Dec 11 22:55:05 sys mpd: AUTHPROTO CHAP MD5 Dec 11 22:55:05 sys mpd: MAGICNUM d409f15d Dec 11 22:55:05 sys mpd: [PPPoE] LCP: SendConfigAck #1 Dec 11 22:55:05 sys mpd: AUTHPROTO CHAP MD5 Dec 11 22:55:05 sys mpd: MAGICNUM d409f15d Dec 11 22:55:05 sys mpd: [PPPoE] LCP: state change Req-Sent --> Ack-Sent Dec 11 22:55:07 sys mpd: [PPPoE] LCP: SendConfigReq #2 Dec 11 22:55:07 sys mpd: MRU 1492 Dec 11 22:55:07 sys mpd: MAGICNUM 5664c401 Dec 11 22:55:07 sys mpd: [PPPoE] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent) Dec 11 22:55:07 sys mpd: MRU 1492 Dec 11 22:55:07 sys mpd: MAGICNUM 5664c401 Dec 11 22:55:07 sys mpd: [PPPoE] LCP: state change Ack-Sent --> Opened Dec 11 22:55:07 sys mpd: [PPPoE] LCP: phase shift ESTABLISH --> AUTHENTICATE Dec 11 22:55:07 sys mpd: [PPPoE] LCP: auth: peer wants CHAP, I want nothing Dec 11 22:55:07 sys mpd: [PPPoE] LCP: LayerUp Dec 11 22:55:07 sys mpd: [PPPoE] CHAP: rec'd CHALLENGE #167 Dec 11 22:55:07 sys mpd: Name: "auth4" Dec 11 22:55:07 sys mpd: Using authname "my-correct-login" Dec 11 22:55:07 sys mpd: [PPPoE] CHAP: sending RESPONSE Dec 11 22:55:07 sys mpd: [PPPoE] CHAP: rec'd SUCCESS #167 Dec 11 22:55:07 sys mpd: MESG: Access granted Dec 11 22:55:07 sys mpd: [PPPoE] LCP: authorization successful Dec 11 22:55:07 sys mpd: [PPPoE] LCP: phase shift AUTHENTICATE --> NETWORK Dec 11 22:55:07 sys mpd: [PPPoE] setting interface ng0 MTU to 1492 bytes Dec 11 22:55:07 sys mpd: [PPPoE] up: 1 link, total bandwidth 64000 bps Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: Up event Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: state change Starting --> Req-Sent Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: SendConfigReq #1 Dec 11 22:55:07 sys mpd: IPADDR 0.0.0.0 Dec 11 22:55:07 sys mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: rec'd Configure Request #1 link 0 (Req-Sent) Dec 11 22:55:07 sys mpd: IPADDR 81.88.208.255 Dec 11 22:55:07 sys mpd: 81.88.208.255 is OK Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: SendConfigAck #1 Dec 11 22:55:07 sys mpd: IPADDR 81.88.208.255 Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: state change Req-Sent --> Ack-Sent Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: rec'd Configure Reject #1 link 0 (Ack-Sent) Dec 11 22:55:07 sys mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: SendConfigReq #2 Dec 11 22:55:07 sys mpd: IPADDR 0.0.0.0 Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: rec'd Configure Nak #2 link 0 (Ack-Sent) Dec 11 22:55:07 sys mpd: IPADDR 81.88.209.42 Dec 11 22:55:07 sys mpd: 81.88.209.42 is OK Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: SendConfigReq #3 Dec 11 22:55:07 sys mpd: IPADDR 81.88.209.42 Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent) Dec 11 22:55:07 sys mpd: IPADDR 81.88.209.42 Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: state change Ack-Sent --> Opened Dec 11 22:55:07 sys mpd: [PPPoE] IPCP: LayerUp Dec 11 22:55:07 sys mpd: 81.88.209.42 -> 81.88.208.255 Dec 11 22:55:07 sys mpd: [PPPoE] IFACE: Up event Dec 11 22:55:07 sys mpd: [PPPoE] setting interface ng0 MTU to 1492 bytes Dec 11 22:55:07 sys mpd: [PPPoE] exec: /sbin/ifconfig ng0 81.88.209.42 81.88.208.255 netmask 0xffffffff -link0 Dec 11 22:55:07 sys mpd: [PPPoE] exec: /sbin/route add 81.88.209.42 -iface lo0 Dec 11 22:55:07 sys mpd: [PPPoE] exec: /sbin/route add 0.0.0.0 81.88.208.255 Dec 11 22:55:07 sys mpd: [PPPoE] exec: /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 mylogin # mpd.conf default: load maryno maryno: new -i ng0 PPPoE PPPoE set iface route default set iface up-script "/usr/local/etc/mpd/inet-up.sh" set iface disable on-demand set iface idle 0 set bundle disable multilink set bundle authname my-corrext-login set bundle password my-cool-pass set link no acfcomp protocomp set link disable pap chap set link accept chap set link mtu 1498 set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 open #mpd.links PPPoE: set link type pppoe set pppoe iface fxp1 set pppoe service "" set pppoe disable incoming set pppoe enable originate #kernel device smbus options NETGRAPH options NETGRAPH_ASYNC options NETGRAPH_BPF options NETGRAPH_CISCO options NETGRAPH_ECHO options NETGRAPH_ETHER options NETGRAPH_FRAME_RELAY options NETGRAPH_HOLE options NETGRAPH_IFACE options NETGRAPH_KSOCKET options NETGRAPH_L2TP options NETGRAPH_LMI options NETGRAPH_MPPC_ENCRYPTION options NETGRAPH_ONE2MANY options NETGRAPH_PPP options NETGRAPH_PPPOE options NETGRAPH_PPTPGRE options NETGRAPH_RFC1490 options NETGRAPH_SOCKET options NETGRAPH_TEE options NETGRAPH_TTY options NETGRAPH_UI options DEVICE_POLLING options DUMMYNET options HZ=1000 options IPFILTER options IPFILTER_LOG options IPFIREWALL options IPFIREWALL_FORWARD_EXTENDED options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPSEC options IPSEC_ESP options MAXFILES=65000 options MAXUSERS=512 options MROUTING options NETGRAPH options NETGRAPH_BPF options NETGRAPH_ETHER options NETGRAPH_IFACE options NETGRAPH_PPP options NETGRAPH_PPPOE options NETGRAPH_SOCKET options NETGRAPH_VJC options NMBCLUSTERS=65536 options PIM options TCP_DROP_SYNFIN -- Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 10:24:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1227B16A415 for ; Tue, 12 Dec 2006 10:24:57 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1A0B43CA4 for ; Tue, 12 Dec 2006 10:23:24 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBCAOSu7016313; Tue, 12 Dec 2006 12:24:28 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Tue, 12 Dec 2006 12:24:46 +0200 (EET) Message-ID: <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> In-Reply-To: <166800308.20061212122746@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> Date: Tue, 12 Dec 2006 12:24:46 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 10:24:57 -0000 > Hello world. > > My provider give me access to the net via pppoe, so I decided to use > mpd as a client. I've compiled into the kernel some netgraph modules, > edited a little default mpd config and started it via rc.d. > Everything looked ok, connection established, but no packets walked > throw interface. When I tried to stop mpd, it didn't. It looked like > 'Waiting for pids: 1234, 1234, 1234, 1234' ets.. So I had to use kill > -9 and ngctl shutdown to stop mpd. > What should I do to make mpd work fine? > > # mpd.conf > > default: > load maryno > > > maryno: > new -i ng0 PPPoE PPPoE > set iface route default > set iface up-script "/usr/local/etc/mpd/inet-up.sh" > set iface disable on-demand > set iface idle 0 > set bundle disable multilink > set bundle authname my-corrext-login > set bundle password my-cool-pass > set link no acfcomp protocomp > set link disable pap chap > set link accept chap > set link mtu 1498 ^^^^^^^^^^^^^^^^^^^^^^^^^ first, check this > set link keep-alive 10 60 > set ipcp yes vjcomp > set ipcp ranges 0.0.0.0/0 0.0.0.0/0 > open > also check your firewall. -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 10:39:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CDE0F16A40F for ; Tue, 12 Dec 2006 10:39:25 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8402A43CC8 for ; Tue, 12 Dec 2006 10:38:01 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id CAE5915E5B; Tue, 12 Dec 2006 13:39:17 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 347733551; Tue, 12 Dec 2006 13:39:17 +0300 Date: Tue, 12 Dec 2006 13:41:38 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <1553703324.20061212134138@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re[2]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 10:39:25 -0000 Hello. >> set link mtu 1498 > ^^^^^^^^^^^^^^^^^^^^^^^^^ > first, check this What should I put there? BTW, how can it make mpd ignore rc.d stop command? > also check your firewall. Nothing prevents it + ppp works fine. (But I don't like it for high cpu load) -- Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 10:48:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9187516A500 for ; Tue, 12 Dec 2006 10:48:19 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2EC043C9E for ; Tue, 12 Dec 2006 10:46:55 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBCAm8QG017187; Tue, 12 Dec 2006 12:48:08 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Tue, 12 Dec 2006 12:48:25 +0200 (EET) Message-ID: <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> In-Reply-To: <1553703324.20061212134138@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> Date: Tue, 12 Dec 2006 12:48:25 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[2]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 10:48:19 -0000 > Hello. > >>> set link mtu 1498 >> ^^^^^^^^^^^^^^^^^^^^^^^^^ >> first, check this > > What should I put there? BTW, how can it make mpd ignore rc.d stop > command? > set link mtu 1492 check with ps command in which state mpd is when issuing rc.d stop command. mine config: new -i ng0 PPPoE PPPoE set iface addrs 1.1.1.1 2.2.2.2 set iface disable on-demand set iface idle 0 set iface enable tcpmssfix set bundle disable multilink set bundle disable compression set bundle authname "XXXXXXXXXX" set bundle password "YYYYYYYYYY" set link no acfcomp protocomp set link disable pap chap set link accept chap set link mtu 1492 set link mru 1492 set link keep-alive 10 60 set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 open iface and in mpd.links: PPPoE: set link type pppoe set pppoe iface rl0 set pppoe service "ProviderName" set pppoe disable incoming set pppoe enable originate works fine > >> also check your firewall. > > Nothing prevents it + ppp works fine. (But I don't like it for high > cpu load) much better to show your rulebase -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 10:49:59 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6B85E16A4FD for ; Tue, 12 Dec 2006 10:49:59 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 598E643CC8 for ; Tue, 12 Dec 2006 10:48:25 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBCAndWL017245; Tue, 12 Dec 2006 12:49:39 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Tue, 12 Dec 2006 12:49:56 +0200 (EET) Message-ID: <59109.217.12.197.82.1165920596.squirrel@sigma.interami.com> In-Reply-To: <1553703324.20061212134138@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> Date: Tue, 12 Dec 2006 12:49:56 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[2]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 10:49:59 -0000 > Hello. > >>> set link mtu 1498 >> ^^^^^^^^^^^^^^^^^^^^^^^^^ >> first, check this > > What should I put there? BTW, how can it make mpd ignore rc.d stop > command? > > >> also check your firewall. > > Nothing prevents it + ppp works fine. (But I don't like it for high > cpu load) > BTW, user-level ppp performs TCP MSS fix. MPD does not in client mode. Use your firewall to correct this. -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 11:16:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7EAF316A407 for ; Tue, 12 Dec 2006 11:16:53 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id A944B43EC5 for ; Tue, 12 Dec 2006 11:02:30 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 7B27BB0A6; Tue, 12 Dec 2006 14:02:47 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 347810687; Tue, 12 Dec 2006 14:02:44 +0300 Date: Tue, 12 Dec 2006 14:05:10 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <1346165314.20061212140510@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re[4]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 11:16:53 -0000 Hello. > set link mtu 1492 > check with ps command in which state mpd is when issuing rc.d stop > command. Ok, I'll try it when I'm at home (probably this evening). >> Nothing prevents it + ppp works fine. (But I don't like it for high >> cpu load) > much better to show your rulebase 00003 11030 3231606 count ip from table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 00004 13117 1969687 count ip from { me or 192.168.42.0/24 } to table(1) out via tun1 00005 1273820 1279717924 count ip from not table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 00006 1507468 446055133 count ip from { me or 192.168.42.0/24 } to not table(1) out via tun1 00009 44 2296 reset tcp from any to me dst-port 1080,3128,8000,8080 00011 38793 4293064 allow ip from me to any via fxp0 00011 24488 1695925 allow ip from any to me via fxp0 00012 926 72148 allow ip from any to any via lo0 00013 0 0 allow ip from 192.168.42.0/24 to 192.168.0.0/24 00013 0 0 allow ip from 192.168.0.0/24 to 192.168.42.0/24 00014 0 0 allow ip from 192.168.42.0/24 to 192.168.11.0/24 00014 0 0 allow ip from 192.168.11.0/24 to 192.168.42.0/24 00015 0 0 allow ip from 192.168.42.0/24 to 192.168.12.0/24 00015 0 0 allow ip from 192.168.12.0/24 to 192.168.42.0/24 00016 8609 760802 allow ip from any to 192.168.0.0/24 00016 58 20512 allow ip from 192.168.0.0/24 to any 00020 1520516 448026327 allow ip from me to any 00022 0 0 allow ip from 10.176.204.0/24 to me dst-port 22,2345 00030 1118 73065 allow ip from { 217.78.xx.xx or 87.240.xx.xx } to me dst-port 4444 00051 16153 901778 allow ip from 85.94.xx.xx to me 00100 13 1732 deny ip from any to me dst-port 22,4242,2345,4444 00101 1730 180253 deny ip from any to any dst-port 137,138,139,5000,445 00200 353792 78897431 allow ip from any to 192.168.42.2 00200 467364 392901222 allow ip from 192.168.42.2 to any 00201 80648 14398889 allow ip from any to 192.168.43.2 00201 81229 4285726 allow ip from 192.168.43.2 to any 01001 1267514 1281969619 allow ip from any to me 65535 43 5654 deny ip from any to any -- Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 11:28:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1B78616A47E for ; Tue, 12 Dec 2006 11:28:14 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6D0D440CA for ; Tue, 12 Dec 2006 11:05:10 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id AC1A916B6B; Tue, 12 Dec 2006 14:06:12 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 347824957; Tue, 12 Dec 2006 14:06:07 +0300 Date: Tue, 12 Dec 2006 14:08:35 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <448803773.20061212140835@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <59109.217.12.197.82.1165920596.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59109.217.12.197.82.1165920596.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re[4]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 11:28:14 -0000 Hello. > BTW, user-level ppp performs TCP MSS fix. > MPD does not in client mode. > Use your firewall to correct this. Wo'nt ``set iface enable tcpmssfix'' in mpd.conf do it? -- Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 11:40:50 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34E0716A4FB for ; Tue, 12 Dec 2006 11:40:50 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6579643F4A for ; Tue, 12 Dec 2006 11:33:21 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBCBYQWn018772; Tue, 12 Dec 2006 13:34:26 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Tue, 12 Dec 2006 13:34:43 +0200 (EET) Message-ID: <51732.217.12.197.82.1165923283.squirrel@sigma.interami.com> In-Reply-To: <448803773.20061212140835@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59109.217.12.197.82.1165920596.squirrel@sigma.interami.com> <448803773.20061212140835@sovetnik.org> Date: Tue, 12 Dec 2006 13:34:43 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[4]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 11:40:50 -0000 > Hello. > >> BTW, user-level ppp performs TCP MSS fix. >> MPD does not in client mode. > >> Use your firewall to correct this. > > Wo'nt ``set iface enable tcpmssfix'' in mpd.conf do it? no, sorry, it occasionally remains there... should be removed. > > -- > Grats, > Alexei mailto:root@sovetnik.org > > > -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 11:41:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5679F16A4B3 for ; Tue, 12 Dec 2006 11:41:14 +0000 (UTC) (envelope-from chirisum@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id E60E8441D8 for ; Tue, 12 Dec 2006 11:35:14 +0000 (GMT) (envelope-from chirisum@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1478219uge for ; Tue, 12 Dec 2006 03:36:35 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=aHa5FYJcK3VvVWJqIY80/l1jpAUynDIwASo20F79YE1cEaGgQYiyn513HwG6PrPuEq1sMwl1lo59VkWygA93ZQk2uGqSYFopVeLiu72zxR3+o2/OZ3G1/xFZiPujY6Hzo7ZSnyrgXUuN4VbQr7FydlMoYPEYJi8dFvPVve/R+p4= Received: by 10.78.170.17 with SMTP id s17mr2098563hue.1165923395442; Tue, 12 Dec 2006 03:36:35 -0800 (PST) Received: by 10.78.196.16 with HTTP; Tue, 12 Dec 2006 03:36:35 -0800 (PST) Message-ID: Date: Tue, 12 Dec 2006 17:06:35 +0530 From: "Srini vasa" To: vova@fbsd.ru In-Reply-To: <1165914094.1187.3.camel@localhost> MIME-Version: 1.0 References: <1165914094.1187.3.camel@localhost> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: base64 Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: VLAN implementation X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 11:41:14 -0000 VGhhbmtzIGEgbG90LiBJIGhhZCBhbm90aGVyIHJlbGF0ZWQgcXVlc3Rpb24uCgpJbiB0aGUgYWZv cmUgbWVudGlvbmVkIGNhc2Ugb2YgdHdvIFZMQU5zICh2bGFuMSBhbmQgdmxhbjIpLCBpZiB3ZSBy ZWNlaXZlIGEKVkxBTiBlbmFibGVkIGZyYW1lIG9uIHZsYW4xIChlLmcuIElDTVAgZWNobykgYW5k IHdlIG5lZWQgdG8gZ2VuZXJhdGUgYW4gQVJQCnJlcXVlc3QgdG8gZmlndXJlIG91dCB0aGUgTUFD IG9mIHRoZSBzb3VyY2UgKHdobyBzZW50IHRoZSBvcmlnaW5hbCBmcmFtZSksCndoaWNoIGludGVy ZmFjZSB3aWxsIHRoZSBBUlAgcmVxdWVzdCBnbyBvbj8/PwoKRG9lcyB0aGUgQVJQIG1vZHVsZSBr ZWVwIHRyYWNrIG9mIHdoaWNoIHZsYW4gaW50ZXJmYWNlIHRoZSBvcmlnaW5hbCBmcmFtZQpjYW1l IGluPz8/IEkgZG8gbm90IHNlZSB0aGF0IGFueXdoZXJlIGluIHRoZSBjb2RlLgoKUmVnYXJkcywK U2hyZWVuaQoKCgpPbiAxMi8xMi8wNiwgVmxhZGltaXIgR3JlYmVuc2NoaWtvdiA8dm92YUBmYnNk LnJ1PiB3cm90ZToKPgo+IPcg19QsIDEyLzEyLzIwMDYg1yAxMDoxMSArMDUzMCwgU3JpbmkgdmFz YSDQydvF1DoKPgo+ID4gSSBoYWQgYSBxdWVzdGlvbiByZWdhcmRpbmcgcm91dGluZyBpbiBmcmVl QlNEIGZvciBWTEFOIGVuYWJsZWQgcGFja2V0cy4KPiA+Cj4gPiBMb29rcyBsaWtlIGZyZWVCU0Qg ZG9lcyBub3QgaW5jbHVkZSBWTEFOIGluZm9ybWF0aW9uIGludG8gdGhlIHJvdXRpbmcKPiB0YWJs ZS4KPiA+IE15IHF1ZXN0aW9uIGlzLCB3aGVuIHdlIGhhdmUgdHdvIHJlbW90ZSBob3N0cyBjb25u ZWN0ZWQgdGhyb3VnaCB0d28KPiA+IGRpZmZlcmVudCBWTEFOcyAocHJvYmFibHkgb24gdHdvIGRp ZmZlcmVudCBwaHlzaWNhbCBpbnRlcmZhY2VzIG9uIHRoZQo+IGxvY2FsCj4gPiBob3N0KSB3aXRo IHNhbWUgSVAgYWRkcmVzc2VzLCBob3cgaXMgdGhlIHJvdXRpbmcgaW5mb3JtYXRpb24gc3RvcmVk IGZvcgo+IGVhY2gKPiA+IG9mIHRoZW0gaW4gYSBkaXN0aW5jdCBtYW5uZXI/Pz8/Cj4KPiBWTEFO cyBhcmUgcmVwcmVzZW50ZWQgaW4gaG9zdCBhcyBkaWZmZXJlbnQgbmV0d29yayBpbnRlcmZhY2Vz LCByb3V0aW5nCj4gZW50cnkgbWF5IGhhdmUgYSByZWZlcmVuY2Ugb24gc3BlY2lmaWMgbmV0d29y ayBpbnRlcmZhY2UsIGluY2x1ZGluZyBzb21lCj4gdmxhbiBpbnRlcmZhY2UuCj4KPiA+IFJlZ2Fy ZHMsCj4gPiBTaHJlZW5pCj4KPiAtLQo+IFZsYWRpbWlyIEIuIEdyZWJlbnNjaGlrb3YKPiB2b3Zh QGZic2QucnUKPgo= From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 12:25:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 76CDA16A416 for ; Tue, 12 Dec 2006 12:25:29 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA10B43CB8 for ; Tue, 12 Dec 2006 12:23:55 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 535A420029C for ; Tue, 12 Dec 2006 13:25:12 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id AE0B31FFE7E; Tue, 12 Dec 2006 13:25:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7C286444885 for ; Tue, 12 Dec 2006 12:22:12 +0000 (UTC) Date: Tue, 12 Dec 2006 12:22:12 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: freebsd-net@freebsd.org Message-ID: <20061212111134.J91892@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Subject: ip6_sprintf patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 12:25:29 -0000 Hi, I have a patch sitting around for quite some time that I'd like to commit if noone has any objections. It tries to print the addresses in a more common/readable format eliminating leading zeros like in :0001 -> :1. You can also fetch it from here: http://sources.zabbadoz.net/freebsd/ipv6/patches/20060611-01.diff ! ! http://perforce.freebsd.org/chv.cgi?CH=98978 ! ==== //depot/user/bz/fast_ipsec/src/sys/netinet6/in6.c#4 - /local/building/freebsd/p4/v6_fast_ipsec/src/sys/netinet6/in6.c ==== --- /tmp/tmp.47236.0 Sun Jun 11 11:48:05 2006 +++ /local/building/freebsd/p4/v6_fast_ipsec/src/sys/netinet6/in6.c Sun Jun 11 11:47:16 2006 @@ -1852,7 +1852,7 @@ char *cp; const u_int16_t *a = (const u_int16_t *)addr; const u_int8_t *d; - int dcolon = 0; + int dcolon = 0, zero = 0; cp = ip6buf; @@ -1880,14 +1880,31 @@ continue; } d = (const u_char *)a; - *cp++ = digits[*d >> 4]; - *cp++ = digits[*d++ & 0xf]; - *cp++ = digits[*d >> 4]; - *cp++ = digits[*d & 0xf]; + /* Try to eliminate leading zeros in printout like in :0001. */ + zero = 1; + *cp = digits[*d >> 4]; + if (*cp != '0') { + zero = 0; + cp++; + } + *cp = digits[*d++ & 0xf]; + if (zero == 0 || (*cp != '0')) { + zero = 0; + cp++; + } + *cp = digits[*d >> 4]; + if (zero == 0 || (*cp != '0')) { + zero = 0; + cp++; + } + *cp = digits[*d & 0xf]; + if (zero == 0 || (*cp != '0')) + cp++; *cp++ = ':'; a++; } *--cp = '\0'; + return (ip6buf); } -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 14:00:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7D4A816A4A7 for ; Tue, 12 Dec 2006 14:00:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BCC543CF5 for ; Tue, 12 Dec 2006 13:57:16 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.181.169] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1Gu89H1MNF-0006pS; Tue, 12 Dec 2006 14:58:26 +0100 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Tue, 12 Dec 2006 14:58:15 +0100 User-Agent: KMail/1.9.4 References: <20061212111134.J91892@maildrop.int.zabbadoz.net> In-Reply-To: <20061212111134.J91892@maildrop.int.zabbadoz.net> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2462898.WnuSPXM266"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200612121458.21401.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: "Bjoern A. Zeeb" Subject: Re: ip6_sprintf patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 14:00:32 -0000 --nextPart2462898.WnuSPXM266 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 12 December 2006 13:22, Bjoern A. Zeeb wrote: > Hi, > > I have a patch sitting around for quite some time that I'd like to > commit if noone has any objections. It tries to print the addresses > in a more common/readable format eliminating leading zeros like > in :0001 -> :1. > > You can also fetch it from here: > http://sources.zabbadoz.net/freebsd/ipv6/patches/20060611-01.diff > > ! > ! http://perforce.freebsd.org/chv.cgi?CH=3D98978 > ! > =3D=3D=3D=3D //depot/user/bz/fast_ipsec/src/sys/netinet6/in6.c#4 - > /local/building/freebsd/p4/v6_fast_ipsec/src/sys/netinet6/in6.c =3D=3D=3D= =3D > --- /tmp/tmp.47236.0 Sun Jun 11 11:48:05 2006 > +++ /local/building/freebsd/p4/v6_fast_ipsec/src/sys/netinet6/in6.c Sun > Jun 11 11:47:16 2006 @@ -1852,7 +1852,7 @@ > char *cp; > const u_int16_t *a =3D (const u_int16_t *)addr; > const u_int8_t *d; > - int dcolon =3D 0; > + int dcolon =3D 0, zero =3D 0; > > cp =3D ip6buf; > > @@ -1880,14 +1880,31 @@ > continue; > } > d =3D (const u_char *)a; > - *cp++ =3D digits[*d >> 4]; > - *cp++ =3D digits[*d++ & 0xf]; > - *cp++ =3D digits[*d >> 4]; > - *cp++ =3D digits[*d & 0xf]; > + /* Try to eliminate leading zeros in printout like in :0001. */ > + zero =3D 1; > + *cp =3D digits[*d >> 4]; > + if (*cp !=3D '0') { > + zero =3D 0; > + cp++; > + } > + *cp =3D digits[*d++ & 0xf]; > + if (zero =3D=3D 0 || (*cp !=3D '0')) { > + zero =3D 0; > + cp++; > + } > + *cp =3D digits[*d >> 4]; > + if (zero =3D=3D 0 || (*cp !=3D '0')) { > + zero =3D 0; > + cp++; > + } > + *cp =3D digits[*d & 0xf]; > + if (zero =3D=3D 0 || (*cp !=3D '0')) > + cp++; This last if is redundant as we check for "(u_int16_t)0" at the very=20 begining. If we didn't, you should still get rid of the if-check here as=20 we might otherwise have more than one "::" in the address. > *cp++ =3D ':'; > a++; > } > *--cp =3D '\0'; > + > return (ip6buf); > } Otherwise the diff seems fine. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2462898.WnuSPXM266 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFfrV9XyyEoT62BG0RAlodAJ9Rc85Wk4q+0wLAXUwlsNxA4+Q0LgCfan/6 /0WWaZ/rhMHN3Oi8bgE1t5k= =BSp+ -----END PGP SIGNATURE----- --nextPart2462898.WnuSPXM266-- From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 15:04:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3F1816A534 for ; Tue, 12 Dec 2006 15:04:39 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5047C43DD7 for ; Tue, 12 Dec 2006 15:01:23 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBCF2dm1021363; Tue, 12 Dec 2006 17:02:39 +0200 From: Nikos Vassiliadis To: freebsd-net@freebsd.org, Alexei Date: Tue, 12 Dec 2006 17:02:22 +0200 User-Agent: KMail/1.9.1 References: <166800308.20061212122746@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <1346165314.20061212140510@sovetnik.org> In-Reply-To: <1346165314.20061212140510@sovetnik.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612121702.23014.nvass@teledomenet.gr> Cc: Subject: Re: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 15:04:39 -0000 On Tuesday 12 December 2006 13:05, Alexei wrote: > Hello. > > > set link mtu 1492 > > check with ps command in which state mpd is when issuing rc.d stop > > command. > > Ok, I'll try it when I'm at home (probably this evening). > > >> Nothing prevents it + ppp works fine. (But I don't like it for high > >> cpu load) > > > much better to show your rulebase > > 00003 11030 3231606 count ip from table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 > 00004 13117 1969687 count ip from { me or 192.168.42.0/24 } to table(1) out via tun1 > 00005 1273820 1279717924 count ip from not table(1) to { me or dst-ip 192.168.42.0/24 } in via tun1 > 00006 1507468 446055133 count ip from { me or 192.168.42.0/24 } to not table(1) out via tun1 > 00009 44 2296 reset tcp from any to me dst-port 1080,3128,8000,8080 > 00011 38793 4293064 allow ip from me to any via fxp0 > 00011 24488 1695925 allow ip from any to me via fxp0 > 00012 926 72148 allow ip from any to any via lo0 > 00013 0 0 allow ip from 192.168.42.0/24 to 192.168.0.0/24 > 00013 0 0 allow ip from 192.168.0.0/24 to 192.168.42.0/24 > 00014 0 0 allow ip from 192.168.42.0/24 to 192.168.11.0/24 > 00014 0 0 allow ip from 192.168.11.0/24 to 192.168.42.0/24 > 00015 0 0 allow ip from 192.168.42.0/24 to 192.168.12.0/24 > 00015 0 0 allow ip from 192.168.12.0/24 to 192.168.42.0/24 > 00016 8609 760802 allow ip from any to 192.168.0.0/24 > 00016 58 20512 allow ip from 192.168.0.0/24 to any > 00020 1520516 448026327 allow ip from me to any > 00022 0 0 allow ip from 10.176.204.0/24 to me dst-port 22,2345 > 00030 1118 73065 allow ip from { 217.78.xx.xx or 87.240.xx.xx } to me dst-port 4444 > 00051 16153 901778 allow ip from 85.94.xx.xx to me > 00100 13 1732 deny ip from any to me dst-port 22,4242,2345,4444 > 00101 1730 180253 deny ip from any to any dst-port 137,138,139,5000,445 > 00200 353792 78897431 allow ip from any to 192.168.42.2 > 00200 467364 392901222 allow ip from 192.168.42.2 to any > 00201 80648 14398889 allow ip from any to 192.168.43.2 > 00201 81229 4285726 allow ip from 192.168.43.2 to any > 01001 1267514 1281969619 allow ip from any to me > 65535 43 5654 deny ip from any to any > Your firewall rules are somehow obscure. Please do explicitly allow everything from your host to the world and back, early in your ruleset(something like "add 1 allow ip from me to any keep-state"). Test it and then fix your rules as wanted. Nikos From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 16:43:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6DA0416A47E for ; Tue, 12 Dec 2006 16:43:46 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D3FE43E19 for ; Tue, 12 Dec 2006 16:40:01 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 8C5CD2921; Tue, 12 Dec 2006 19:35:47 +0300 (MSK) Received: from [81.88.209.42] (account root@sovetnik.org) by backend4.aha.ru (CommuniGate Pro WebUser 4.3.12) with HTTP id 348724528; Tue, 12 Dec 2006 19:35:46 +0300 From: "Alexei" To: "Artyom Viklenko" X-Mailer: CommuniGate Pro WebUser Interface v.4.3.12 Date: Tue, 12 Dec 2006 19:35:46 +0300 Message-ID: In-Reply-To: <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Re[2]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 16:43:46 -0000 On Tue, 12 Dec 2006 12:48:25 +0200 (EET) "Artyom Viklenko" wrote: Changed mtu & mru, nothing changed. # /usr/local/etc/rc.d/mpd.sh stop Stopping mpd. Waiting for PIDS: 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927^C ## (before i interrupted rc.d script) dmn@sys$ ps -auxww | grep mpd root 47927 0,0 0,4 2720 1492 ?? Is 19:26 0:00,01 /usr/local/sbin/mpd -b root 47936 0,0 0,3 1644 1080 ?? I 19:26 0:00,00 sh -c /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 mylogin >/dev/null 2>&1 root 47937 0,0 0,3 1644 1076 ?? I 19:26 0:00,01 /bin/sh /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 nylogin dmn 48208 0,0 0,2 1452 832 p0 R+ 19:28 0:00,00 grep mpd root 48062 0,0 0,3 1764 1220 p1 S+ 19:27 0:00,05 /bin/sh /usr/local/etc/rc.d/mpd.sh stop dmn@sys$ top -n 500 | grep 47927 47927 root 1 8 0 2720K 1492K wait 0:00 0.00% mpd -- Grats, Alexei, root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 16:48:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 993DE16A509 for ; Tue, 12 Dec 2006 16:48:54 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9124A43CAD for ; Tue, 12 Dec 2006 16:46:37 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 3F3E4160; Tue, 12 Dec 2006 19:42:07 +0300 (MSK) Received: from [81.88.209.42] (account root@sovetnik.org) by backend4.aha.ru (CommuniGate Pro WebUser 4.3.12) with HTTP id 348734339; Tue, 12 Dec 2006 19:42:07 +0300 From: "Alexei" To: Nikos Vassiliadis ,freebsd-net@freebsd.org X-Mailer: CommuniGate Pro WebUser Interface v.4.3.12 Date: Tue, 12 Dec 2006 19:42:07 +0300 Message-ID: In-Reply-To: <200612121702.23014.nvass@teledomenet.gr> References: <166800308.20061212122746@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <1346165314.20061212140510@sovetnik.org> <200612121702.23014.nvass@teledomenet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Cc: Subject: Re: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 16:48:54 -0000 On Tue, 12 Dec 2006 17:02:22 +0200 Nikos Vassiliadis wrote: > Your firewall rules are somehow obscure. Please do > explicitly allow everything > from your host to the world and back, early in your > ruleset(something like > "add 1 allow ip from me to any keep-state"). Test it and > then fix your rules as > wanted. I've tried to add allow all from any to any in the beginning (#7), it didn't help. I'm going to fix ruleset and make it more readable, but a little later.. -- Grats, Alexei, root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 23:03:48 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 262B316A4C9 for ; Tue, 12 Dec 2006 23:03:48 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2CEA43DAA for ; Tue, 12 Dec 2006 22:29:02 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 65716 invoked from network); 12 Dec 2006 22:17:51 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 12 Dec 2006 22:17:51 -0000 Message-ID: <457F2D82.6000905@freebsd.org> Date: Tue, 12 Dec 2006 23:30:26 +0100 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 23:03:48 -0000 This is a patch adding automatic TCP send and receive socket buffer sizing. Normally the socket buffers are static (either derived from global defaults or set with setsockopt) and do not adapt to real network conditions. Two things happen: a) your socket buffers are too small and you can't reach the full potential of the network between both hosts; b) your socket buffers are too big and you waste a lot of kernel memory for data just sitting around. With automatic TCP send and receive socket buffers we can start with a small buffer and quickly grow it in parallel with the TCP congestion window to match real network conditions. FreeBSD has a default 32K send socket buffer. This supports a maximal transfer rate of only slightly more than 2Mbit/s on a 100ms RTT trans- continental link. Or at 200ms just above 1Mbit/s. With TCP send buffer auto scaling and the default values below it supports 20Mbit/s at 100ms and 10Mbit/s at 200ms. That's an improvement of factor 10, or 1000%. For the receive side it looks slightly better with a default of 64K buffer size. The automatic send buffer sizing patch is currently running on one half of the FTP.FreeBSD.ORG cluster w/o any problems so far. Against this machine with the automatic receive buffer sizing patch I can download at 5.7MBytes per second. Without patch it maxed out at 1.6MBytes per second as the delay bandwidth product became equal to the static socket buffer size without hitting the limits of the physical link between the machines. My test machine is about 35ms from that FTP.FreeBSD.ORG and connected through a moderately loaded 100Mbit Internet link. New sysctl's are: net.inet.tcp.sendbuf_auto=1 (enabled) net.inet.tcp.sendbuf_inc=8192 (8K, step size) net.inet.tcp.sendbuf_max=262144 (256K, growth limit) net.inet.tcp.recvbuf_auto=1 (enabled) net.inet.tcp.recvbuf_inc=16384 (16K, step size) net.inet.tcp.recvbuf_max=262144 (256K, growth limit) The patch is available here (it may apply with some fuzz): http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff Any tests and test reports are very welcome. -- Andre From owner-freebsd-net@FreeBSD.ORG Tue Dec 12 23:09:55 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40C5916A522; Tue, 12 Dec 2006 23:09:55 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7857E4518E; Tue, 12 Dec 2006 22:42:58 +0000 (GMT) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (localhost [127.0.0.1]) by lath.rinet.ru (8.13.8/8.13.8) with ESMTP id kBCMhpEK095105 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 13 Dec 2006 01:43:51 +0300 (MSK) (envelope-from oleg@lath.rinet.ru) Received: (from oleg@localhost) by lath.rinet.ru (8.13.8/8.13.8/Submit) id kBCMhpoW095104; Wed, 13 Dec 2006 01:43:51 +0300 (MSK) (envelope-from oleg) Date: Wed, 13 Dec 2006 01:43:51 +0300 From: Oleg Bulyzhin To: Gleb Smirnoff Message-ID: <20061212224351.GE91560@lath.rinet.ru> References: <20061206085401.GH32700@cell.sick.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061206085401.GH32700@cell.sick.ru> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: MQ , net@freebsd.org Subject: Re: [antinvidia@gmail.com: some questions about bge(4)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 23:09:55 -0000 On Wed, Dec 06, 2006 at 11:54:01AM +0300, Gleb Smirnoff wrote: > Forwarding to net@ list and to Oleg, who has made polling > support for bge(4). > > ----- Forwarded message from MQ ----- > > From: MQ > To: glebius@freebsd.org, davidch@broadcom.com > Subject: some questions about bge(4) > Date: Sat, 2 Dec 2006 09:32:27 +0000 > Delivered-To: glebius@freebsd.org > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > s=beta; d=gmail.com; > h=received:message-id:date:from:to:subject:mime-version:content-type; > b=ZL3ZZ1zR0mt4LaUN2Rr+jXTPSzQgJYRwLiwKnv95r2UCEids5Wl7oA2BNgicJ2QRG8OalJ7DqY7lM1HBgv0OVTlXOhGQ9aFmKQAuTNi6ueZA817XUacXyViEepnj0oNyYgAnkbaaBO1+nl2Fpb3IxV+MIe575WRlqbglF8kdOek= > > Hi David and Gleb, > I'm using several chips whose driver is bge(4). And now I have some > questions about the driver, would you please an answer for me? > My confusion is related with some codes in /sys/dev/mii/brgphy.c. The > bge(4) uses the callout to drive the watchdog. And the brgphy_service() is > called once per second. It calls brgphy_mii_phy_auto() every 5 seconds to > autonegotiate the media. Normally, it costs about 0.5ms in the first > function brgphy_service(), and about 5ms when autonegotiation is proceeded. brgphy_mii_phy_auto() is called only if there is no link. > I haven't done streestest on it, consequently I don't know if this delay > will cause packets to be dropped. But I've enabled device polling with the > bge(4) on FreeBSD 6.1-RELEASE. If HZ is set to a high value(e.g. 4000), this > delay will cause the kern.polling.lost_polls to increase by one or two every > second. And for about five seconds, the lost poll will increase by at least > 16 regularly. So I think this behavior has some impact on the systems that > enables device polling. Could we get something to make the bge(4) a bit more > friendly to the device polling? I don't know if autonegotiation is really > needed to be called so frequently when we are connected to a good network > environment. Can I modify the interval between two autonegotiations to have > less lost_polls? However, I have no idea about the long time spent in the > brgphy_service(), please take a look at the problem when you have enough > time. If you have lost poll it does not guarantee packet loss. Packets can be retrieved by next poll or even by idle_poll thread. bge_tick() is doing couple of pci register reads (it's polling phy status and updates some statistic counters), this why it takes some time. Anyway, you are right about too short autonegotiation timer, i'll fix it soon. > > Regards > MQ > > ----- End forwarded message ----- > > -- > Totus tuus, Glebius. > GLEBIUS-RIPN GLEB-RIPE -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 05:46:16 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 69AC516A403 for ; Wed, 13 Dec 2006 05:46:16 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EB1F43C9E for ; Wed, 13 Dec 2006 05:44:47 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBD5k6Fc055185; Wed, 13 Dec 2006 07:46:06 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Wed, 13 Dec 2006 07:46:24 +0200 (EET) Message-ID: <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> In-Reply-To: References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> Date: Wed, 13 Dec 2006 07:46:24 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[2]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 05:46:16 -0000 > On Tue, 12 Dec 2006 12:48:25 +0200 (EET) > "Artyom Viklenko" wrote: > > Changed mtu & mru, nothing changed. > > # /usr/local/etc/rc.d/mpd.sh stop > Stopping mpd. > Waiting for PIDS: 47927, 47927, 47927, 47927, 47927, 47927, > 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, > 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, > 47927, 47927, 47927, 47927, 47927, 47927, 47927, 47927, > 47927, 47927, 47927, 47927, 47927, 47927, 47927^C > > ## (before i interrupted rc.d script) > dmn@sys$ ps -auxww | grep mpd > root 47927 0,0 0,4 2720 1492 ?? Is 19:26 > 0:00,01 /usr/local/sbin/mpd -b > root 47936 0,0 0,3 1644 1080 ?? I 19:26 > 0:00,00 sh -c /usr/local/etc/mpd/inet-up.sh ng0 inet > 81.88.209.42 81.88.208.255 mylogin >/dev/null 2>&1 Would you show us content of your inet-up.sh script? And output of `netstat -inlb`, `netstat -rna` when mpd established connection. > root 47937 0,0 0,3 1644 1076 ?? I 19:26 > 0:00,01 /bin/sh /usr/local/etc/mpd/inet-up.sh ng0 inet > 81.88.209.42 81.88.208.255 nylogin > dmn 48208 0,0 0,2 1452 832 p0 R+ 19:28 > 0:00,00 grep mpd > root 48062 0,0 0,3 1764 1220 p1 S+ 19:27 > 0:00,05 /bin/sh /usr/local/etc/rc.d/mpd.sh stop > dmn@sys$ top -n 500 | grep 47927 > 47927 root 1 8 0 2720K 1492K wait 0:00 > 0.00% mpd > > -- > Grats, Alexei, root@sovetnik.org > -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 07:00:39 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FA7616A403 for ; Wed, 13 Dec 2006 07:00:39 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 065BE43CD0 for ; Wed, 13 Dec 2006 06:59:06 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 34E5C16957; Wed, 13 Dec 2006 09:59:20 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 350284488; Wed, 13 Dec 2006 09:59:18 +0300 Date: Wed, 13 Dec 2006 10:01:22 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <1374382666.20061213100122@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re[4]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 07:00:39 -0000 Hello, Artyom. 13 =D0=B4=D0=B5=D0=BA=D0=B0=D0=B1=D1=80=D1=8F 2006 =D0=B3., 8:46:24 you wro= te: > Would you show us content of your inet-up.sh script? > And output of `netstat -inlb`, `netstat -rna` when mpd > established connection. #!/bin/sh /etc/rc.d/ipnat restart /etc/rc.d/ntpd restart /etc/rc.d/named restart /usr/local/apache/bin/apachectl restart Can't show netstat now, will do it in the evening. --=20 Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 08:25:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 59C7F16A40F for ; Wed, 13 Dec 2006 08:25:35 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 868BF43C9F for ; Wed, 13 Dec 2006 08:24:05 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBD8POf8059878; Wed, 13 Dec 2006 10:25:24 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Wed, 13 Dec 2006 10:25:42 +0200 (EET) Message-ID: <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> In-Reply-To: <1374382666.20061213100122@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> Date: Wed, 13 Dec 2006 10:25:42 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[4]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 08:25:35 -0000 > Hello, Artyom. > > 13 Ð´ÐµÐºÐ°Ð±Ñ€Ñ 2006 г., 8:46:24 you wrote: > >> Would you show us content of your inet-up.sh script? >> And output of `netstat -inlb`, `netstat -rna` when mpd >> established connection. > > #!/bin/sh > /etc/rc.d/ipnat restart > /etc/rc.d/ntpd restart > /etc/rc.d/named restart > /usr/local/apache/bin/apachectl restart Do you really need all this stuff?.. :/ I would try to disable this inet-up.sh script at all and check. It seems that some command in it hangs and mpd waits for the script to finish and so it can't be killed by SIGTERM. Why do you use ipnat and ipfw? May be better to use one firewall? ipfilter itself or ipfw with natd or ng-nat. I'm not shure but ipfilter allow to define rules with interfaces which does not exist at the time of firewall activation (at least PF can). Also, you don't need to restart ntpd each time your interface goes up. Same for named and apache. Typically. May be you have some very interesting requirements to do so?.. > > Can't show netstat now, will do it in the evening. > > -- > Grats, > Alexei mailto:root@sovetnik.org > > > -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 08:36:54 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A04616A501 for ; Wed, 13 Dec 2006 08:36:54 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5501743CFB for ; Wed, 13 Dec 2006 08:34:50 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 6DACE5A990; Wed, 13 Dec 2006 11:33:57 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 350546363; Wed, 13 Dec 2006 11:33:55 +0300 Date: Wed, 13 Dec 2006 11:35:51 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <338990136.20061213113551@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re[6]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 08:36:54 -0000 Hello, Artyom. 13 =D0=B4=D0=B5=D0=BA=D0=B0=D0=B1=D1=80=D1=8F 2006 =D0=B3., 11:25:42 you wr= ote: > Do you really need all this stuff?.. :/ > I would try to disable this inet-up.sh script at all > and check. It seems that some command in it hangs > and mpd waits for the script to finish and so it can't > be killed by SIGTERM. Ok, I'll try. > Why do you use ipnat and ipfw? May be better to > use one firewall? ipfilter itself or ipfw with natd > or ng-nat. I used to use ipfw as a firewall.. and natd makes too heavy cpu load. > I'm not shure but ipfilter allow to define rules with > interfaces which does not exist at the time of > firewall activation (at least PF can). > Also, you don't need to restart ntpd each time > your interface goes up. Same for named and apache. > Typically. May be you have some very interesting > requirements to do so?.. Em.. Well.. After system startup there is no external interface (ng or tun) to bind to. How can I make those applications bind to the new interface after it gone up? --=20 Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 09:30:58 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4D9D016A407 for ; Wed, 13 Dec 2006 09:30:58 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF5AC43CAA for ; Wed, 13 Dec 2006 09:29:26 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id kBD9UjHX062170; Wed, 13 Dec 2006 11:30:45 +0200 (EET) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Wed, 13 Dec 2006 11:31:03 +0200 (EET) Message-ID: <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> In-Reply-To: <338990136.20061213113551@sovetnik.org> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> <338990136.20061213113551@sovetnik.org> Date: Wed, 13 Dec 2006 11:31:03 +0200 (EET) From: "Artyom Viklenko" To: "Alexei" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-0.2 required=8.0 tests=AWL autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on saturn.interami.com X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-net@freebsd.org Subject: Re: Re[6]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 09:30:58 -0000 > Hello, Artyom. > >> Why do you use ipnat and ipfw? May be better to >> use one firewall? ipfilter itself or ipfw with natd >> or ng-nat. > > I used to use ipfw as a firewall.. and natd makes too heavy cpu load. Try to use ipfilter or pf. They do nat in kernel. Or you can use ng_nat with ipfw. > > >> I'm not shure but ipfilter allow to define rules with >> interfaces which does not exist at the time of >> firewall activation (at least PF can). > >> Also, you don't need to restart ntpd each time >> your interface goes up. Same for named and apache. >> Typically. May be you have some very interesting >> requirements to do so?.. > > Em.. Well.. After system startup there is no external interface (ng or > tun) to bind to. How can I make those applications bind to the new > interface after it gone up? Do you really need to bind them to particular interface? If you bind, for example, apache to wildcard address 0.0.0.0, (as in default configuration), it will work with new interfaces and addresses. If you use some kind of ip-based virtualhost configuration, you can bind it to some local private IP, and redirect incoming traffic to that address. This local ip will always be available for apache. natd, as i know, bind itself to ALL ips on system. And it will syncronize well with external time sources when they are beacame available. I have dialup ppp connection at home and I have ntpd. When link is up, it syncronizes with sources, when link is down it lost syncronization until next availability of connection. And I do not restart it every time link does up. Your named, I think, can be binded to your internal address. But it can send queries with any address available at the time of sending this request depending on routing information. Try to keep things as simple as possible! :) -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 09:37:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EB25816A407 for ; Wed, 13 Dec 2006 09:37:14 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7002643CA3 for ; Wed, 13 Dec 2006 09:35:46 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id CF3A72922; Wed, 13 Dec 2006 12:37:07 +0300 (MSK) Received: from [85.94.44.59] (account root@sovetnik.org HELO localhost) by backend4.aha.ru (CommuniGate Pro SMTP 4.3.12) with ESMTPA id 350722328; Wed, 13 Dec 2006 12:37:06 +0300 Date: Wed, 13 Dec 2006 12:38:53 +0300 From: Alexei X-Mailer: The Bat! (v3.85.03) Professional X-Priority: 3 (Normal) Message-ID: <1063086816.20061213123853@sovetnik.org> To: "Artyom Viklenko" In-Reply-To: <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> <338990136.20061213113551@sovetnik.org> <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re[8]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexei List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 09:37:15 -0000 Hello, Artyom. 13 =D0=B4=D0=B5=D0=BA=D0=B0=D0=B1=D1=80=D1=8F 2006 =D0=B3., 12:31:03 you wr= ote: > Do you really need to bind them to particular interface? > If you bind, for example, apache to wildcard address 0.0.0.0, > (as in default configuration), > it will work with new interfaces and addresses. > If you use some kind of ip-based virtualhost configuration, > you can bind it to some local private IP, and redirect > incoming traffic to that address. This local ip will always > be available for apache. > natd, as i know, bind itself to ALL ips on system. And it will > syncronize well with external time sources when they are beacame > available. I have dialup ppp connection at home and I have ntpd. > When link is up, it syncronizes with sources, when link is down > it lost syncronization until next availability of connection. > And I do not restart it every time link does up. > Your named, I think, can be binded to your internal address. > But it can send queries with any address available at the time of > sending this request depending on routing information. > Try to keep things as simple as possible! Em.. well.. maybe :) But ntpd and named don't answer on external interface if it become up after those services were started. And I need them to do it. ;) Anyway, thank you for advice, I will try to simplify that startup script. --=20 Grats, Alexei mailto:root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 11:22:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 02FE416A403; Wed, 13 Dec 2006 11:22:14 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6CA343CBA; Wed, 13 Dec 2006 11:20:44 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged)) by mp2.macomnet.net (8.13.7/8.13.8) with ESMTP id kBDBMBbA010338; Wed, 13 Dec 2006 14:22:11 +0300 (MSK) (envelope-from maxim@macomnet.ru) Date: Wed, 13 Dec 2006 14:22:11 +0300 (MSK) From: Maxim Konovalov To: Andre Oppermann In-Reply-To: <457F2D82.6000905@freebsd.org> Message-ID: <20061213141647.J72584@mp2.macomnet.net> References: <457F2D82.6000905@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 11:22:14 -0000 [...] > Any tests and test reports are very welcome. I saw a question asked several times but no answer: what happens with the sockets when you explicitly call setsockopt() to set a socket buffer size? Is automatic buffer sizing enabled for them? -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 12:40:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D32B916A403 for ; Wed, 13 Dec 2006 12:40:56 +0000 (UTC) (envelope-from cjeker@diehard.n-r-g.com) Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26A2643CBC for ; Wed, 13 Dec 2006 12:39:24 +0000 (GMT) (envelope-from cjeker@diehard.n-r-g.com) Received: (qmail 6796 invoked by uid 1001); 13 Dec 2006 12:40:51 -0000 Date: Wed, 13 Dec 2006 13:40:51 +0100 From: Claudio Jeker To: freebsd-net@freebsd.org Message-ID: <20061213124051.GC7215@diehard.n-r-g.com> Mail-Followup-To: Claudio Jeker , freebsd-net@freebsd.org References: <457F2D82.6000905@freebsd.org> <20061213141647.J72584@mp2.macomnet.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061213141647.J72584@mp2.macomnet.net> User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 12:40:56 -0000 On Wed, Dec 13, 2006 at 02:22:11PM +0300, Maxim Konovalov wrote: > [...] > > Any tests and test reports are very welcome. > > I saw a question asked several times but no answer: what happens with > the sockets when you explicitly call setsockopt() to set a socket > buffer size? Is automatic buffer sizing enabled for them? > It disables the automatic buffer sizing. You want a fixed buffer size you get a fixed buffer size. -- :wq Claudio From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 12:43:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 806E916A403 for ; Wed, 13 Dec 2006 12:43:13 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5796F43CC5 for ; Wed, 13 Dec 2006 12:41:42 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 72394 invoked from network); 13 Dec 2006 12:30:28 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 13 Dec 2006 12:30:28 -0000 Message-ID: <457FF561.4060501@freebsd.org> Date: Wed, 13 Dec 2006 13:43:13 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Maxim Konovalov References: <457F2D82.6000905@freebsd.org> <20061213141647.J72584@mp2.macomnet.net> In-Reply-To: <20061213141647.J72584@mp2.macomnet.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 12:43:13 -0000 Maxim Konovalov wrote: > [...] >> Any tests and test reports are very welcome. > > I saw a question asked several times but no answer: what happens with > the sockets when you explicitly call setsockopt() to set a socket > buffer size? Is automatic buffer sizing enabled for them? No. In that case automatic socket buffer sizing gets disabled. -- Andre From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 12:44:55 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 077B716A416; Wed, 13 Dec 2006 12:44:55 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0698A43CB5; Wed, 13 Dec 2006 12:43:24 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged)) by mp2.macomnet.net (8.13.7/8.13.8) with ESMTP id kBDCip0P016968; Wed, 13 Dec 2006 15:44:52 +0300 (MSK) (envelope-from maxim@macomnet.ru) Date: Wed, 13 Dec 2006 15:44:51 +0300 (MSK) From: Maxim Konovalov To: Andre Oppermann In-Reply-To: <457FF561.4060501@freebsd.org> Message-ID: <20061213154444.S72584@mp2.macomnet.net> References: <457F2D82.6000905@freebsd.org> <20061213141647.J72584@mp2.macomnet.net> <457FF561.4060501@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 12:44:55 -0000 On Wed, 13 Dec 2006, 13:43+0100, Andre Oppermann wrote: > Maxim Konovalov wrote: > > [...] > > > Any tests and test reports are very welcome. > > > > I saw a question asked several times but no answer: what happens with > > the sockets when you explicitly call setsockopt() to set a socket > > buffer size? Is automatic buffer sizing enabled for them? > > No. In that case automatic socket buffer sizing gets disabled. Good, thanks! -- Maxim Konovalov From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 13:21:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8017016A50E for ; Wed, 13 Dec 2006 13:21:19 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7A1B43D7D for ; Wed, 13 Dec 2006 13:18:53 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id F29BA2002D9; Wed, 13 Dec 2006 14:20:12 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 2C79D2002CF; Wed, 13 Dec 2006 14:20:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 9521D444885; Wed, 13 Dec 2006 13:15:26 +0000 (UTC) Date: Wed, 13 Dec 2006 13:15:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Max Laier In-Reply-To: <200612121458.21401.max@love2party.net> Message-ID: <20061213125854.E91892@maildrop.int.zabbadoz.net> References: <20061212111134.J91892@maildrop.int.zabbadoz.net> <200612121458.21401.max@love2party.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: ip6_sprintf patch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 13:21:19 -0000 On Tue, 12 Dec 2006, Max Laier wrote: > On Tuesday 12 December 2006 13:22, Bjoern A. Zeeb wrote: >> + } >> + *cp = digits[*d & 0xf]; > >> + if (zero == 0 || (*cp != '0')) >> + cp++; > > This last if is redundant as we check for "(u_int16_t)0" at the very > begining. If we didn't, you should still get rid of the if-check here as > we might otherwise have more than one "::" in the address. > >> *cp++ = ':'; >> a++; >> } ok looks like .. } *cp++ = digits[*d & 0xf]; *cp++ = ':'; a++; } now. And I have run some tests (in case someone wants to check): http://sources.zabbadoz.net/freebsd/ipv6/ip6_sprintf.c Thanks. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 19:58:34 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2614216A538 for ; Wed, 13 Dec 2006 19:58:34 +0000 (UTC) (envelope-from root@sovetnik.org) Received: from fr4.aha.ru (fr4.aha.ru [62.113.100.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3901144084 for ; Wed, 13 Dec 2006 19:49:41 +0000 (GMT) (envelope-from root@sovetnik.org) Received: from aha.ru (backend4.aha.ru [195.2.83.134]) by elk.zenon.net (Postfix) with ESMTP id 89DA72B14; Wed, 13 Dec 2006 22:50:20 +0300 (MSK) Received: from [81.88.209.42] (account root@sovetnik.org) by backend4.aha.ru (CommuniGate Pro WebUser 4.3.12) with HTTP id 352292940; Wed, 13 Dec 2006 22:50:20 +0300 From: "Alexei" To: "Artyom Viklenko" X-Mailer: CommuniGate Pro WebUser Interface v.4.3.12 Date: Wed, 13 Dec 2006 22:50:20 +0300 Message-ID: In-Reply-To: <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> References: <166800308.20061212122746@sovetnik.org> <50521.217.12.197.82.1165919086.squirrel@sigma.interami.com> <1553703324.20061212134138@sovetnik.org> <59764.217.12.197.82.1165920505.squirrel@sigma.interami.com> <51033.217.12.197.82.1165988784.squirrel@sigma.interami.com> <1374382666.20061213100122@sovetnik.org> <53106.217.12.197.82.1165998342.squirrel@sigma.interami.com> <338990136.20061213113551@sovetnik.org> <60499.217.12.197.82.1166002263.squirrel@sigma.interami.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Re[6]: mpd pppoe client problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 19:58:34 -0000 On Wed, 13 Dec 2006 11:31:03 +0200 (EET) "Artyom Viklenko" wrote: Yeap, you were right. That startup script didn't work out as it should, so ``mpd: [PPPoE] IFACE: Up event'' didn't come. Thats why mpd looked like it hangs. I still can't understand, why that script doesn't work.. It looked like: sys# ps -auxww | grep mpd root 47936 0,0 0,3 1644 1028 ?? I вт19 0:00,00 sh -c /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 **** >/dev/null 2>&1 root 47937 0,0 0,3 1644 1024 ?? I вт19 0:00,01 /bin/sh /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 **** root 49450 0,0 0,3 1644 1028 ?? I вт19 0:00,00 sh -c /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 l**** >/dev/null 2>&1 root 49451 0,0 0,3 1644 1024 ?? I вт19 0:00,01 /bin/sh /usr/local/etc/mpd/inet-up.sh ng0 inet 81.88.209.42 81.88.208.255 **** dmn 98679 0,0 0,1 1200 564 p0 I+ 22:23 0:00,00 tail -f /var/log/mpd.log root 98864 0,0 0,2 1520 940 p1 S+ 22:24 0:00,00 grep mpd sys# ps -auxww | grep mpd | awk '{print "kill -9 " $2}' | sh kill: 98896: No such process sys# ps -auxww | grep mpd root 98913 0,0 0,2 1460 840 p1 R+ 22:24 0:00,00 grep mpd sys# ps -auxww | grep restart root 47959 0,0 0,3 1764 1168 ?? I вт19 0:00,01 /bin/sh /etc/rc.d/ntpd restart root 48299 0,0 0,3 1644 1028 ?? Is вт19 0:00,01 sh -c /etc/rc.d/ntpd restart root 48302 0,0 0,3 1764 1168 ?? I вт19 0:00,01 /bin/sh /etc/rc.d/ntpd restart root 49473 0,0 0,3 1764 1168 ?? I вт19 0:00,01 /bin/sh /etc/rc.d/ntpd restart root 49834 0,0 0,3 1644 1028 ?? Is вт19 0:00,01 sh -c /etc/rc.d/ntpd restart root 49837 0,0 0,3 1764 1168 ?? I вт19 0:00,01 /bin/sh /etc/rc.d/ntpd restart root 99047 0,0 0,1 1440 476 p1 R+ 22:25 0:00,00 grep restart sys# ps -auxww | grep stop root 47965 0,0 0,3 1764 1168 ?? S вт19 0:54,89 /bin/sh /etc/rc.d/ntpd stop root 48318 0,0 0,3 1764 1168 ?? S вт19 0:54,36 /bin/sh /etc/rc.d/ntpd stop root 49479 0,0 0,3 1764 1168 ?? S вт19 0:54,25 /bin/sh /etc/rc.d/ntpd stop root 49865 0,0 0,3 1764 1168 ?? S вт19 0:53,98 /bin/sh /etc/rc.d/ntpd stop root 99179 0,0 0,1 1440 556 p1 R+ 22:25 0:00,00 grep stop -- Grats, Alexei, root@sovetnik.org From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 00:11:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D5F716A571 for ; Thu, 14 Dec 2006 00:11:29 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outL.internet-mail-service.net [216.240.47.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33C8143E41 for ; Thu, 14 Dec 2006 00:03:08 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Wed, 13 Dec 2006 15:49:15 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBE0489E030557 for ; Wed, 13 Dec 2006 16:04:12 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <458094E7.1060806@elischer.org> Date: Wed, 13 Dec 2006 16:03:51 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 00:11:29 -0000 in the ipfw function send_reject6() we go to great length to calculate the sequence number to put into the ack field of the reject packet.. but it's a RESET we are generating.. do we need to go to all the work of setting the ACK value etc? could we do either of: 1/ not set the ACK bit and just not do the extra work. Just send a reset? or 2/ instead of ACKing all the data in the packet we are resetting, how about just ACKing the sequence number it starts with and saving ourselves from doing the work of ACKing all the data up to the current packet end. (which is the packet we are rejecting anyhow) (It takes some calculation to work out the new ack value which seems pointless as we are rejecting it..) From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 00:56:22 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 873A016A4D2 for ; Thu, 14 Dec 2006 00:56:22 +0000 (UTC) (envelope-from antinvidia@gmail.com) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40C7E43CB7 for ; Thu, 14 Dec 2006 00:54:25 +0000 (GMT) (envelope-from antinvidia@gmail.com) Received: by hu-out-0506.google.com with SMTP id 38so252246huc for ; Wed, 13 Dec 2006 16:55:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=r8pbTPLCGC+3dFCjhXBf/u7ft2FFPPPUav3zyBeNRvupjbEabJBt88p9fGNToTQj4tA2xZS9q45UrOwHpa0S3xlM54MVDNWbLOl2VlztiWDjab4IKNKjPJuie/JUt3ZGXLxgOc7+t05EOuv/2t2DXD8WXr0tRMkEjfBex7mjhCk= Received: by 10.78.128.11 with SMTP id a11mr297180hud.1166057751858; Wed, 13 Dec 2006 16:55:51 -0800 (PST) Received: by 10.78.167.2 with HTTP; Wed, 13 Dec 2006 16:55:51 -0800 (PST) Message-ID: Date: Thu, 14 Dec 2006 00:55:51 +0000 From: MQ To: "Oleg Bulyzhin" In-Reply-To: <20061212224351.GE91560@lath.rinet.ru> MIME-Version: 1.0 References: <20061206085401.GH32700@cell.sick.ru> <20061212224351.GE91560@lath.rinet.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: net@freebsd.org Subject: Re: [antinvidia@gmail.com: some questions about bge(4)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 00:56:22 -0000 2006/12/12, Oleg Bulyzhin : > > On Wed, Dec 06, 2006 at 11:54:01AM +0300, Gleb Smirnoff wrote: > > Forwarding to net@ list and to Oleg, who has made polling > > support for bge(4). > > > > ----- Forwarded message from MQ < antinvidia@gmail.com> ----- > > > > From: MQ > > To: glebius@freebsd.org, davidch@broadcom.com > > Subject: some questions about bge(4) > > Date: Sat, 2 Dec 2006 09:32:27 +0000 > > Delivered-To: glebius@freebsd.org > > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > > s=beta; d=gmail.com; > > > h=received:message-id:date:from:to:subject:mime-version:content-type; > > > b=ZL3ZZ1zR0mt4LaUN2Rr+jXTPSzQgJYRwLiwKnv95r2UCEids5Wl7oA2BNgicJ2QRG8OalJ7DqY7lM1HBgv0OVTlXOhGQ9aFmKQAuTNi6ueZA817XUacXyViEepnj0oNyYgAnkbaaBO1+nl2Fpb3IxV+MIe575WRlqbglF8kdOek= > > > > > Hi David and Gleb, > > I'm using several chips whose driver is bge(4). And now I have some > > questions about the driver, would you please an answer for me? > > My confusion is related with some codes in /sys/dev/mii/brgphy.c. The > > > bge(4) uses the callout to drive the watchdog. And the brgphy_service() > is > > called once per second. It calls brgphy_mii_phy_auto() every 5 seconds > to > > autonegotiate the media. Normally, it costs about 0.5ms in the first > > function brgphy_service(), and about 5ms when autonegotiation is > proceeded. > > brgphy_mii_phy_auto() is called only if there is no link. > > > I haven't done streestest on it, consequently I don't know if this > delay > > will cause packets to be dropped. But I've enabled device polling with > the > > bge(4) on FreeBSD 6.1-RELEASE. If HZ is set to a high value(e.g. 4000), > this > > delay will cause the kern.polling.lost_polls to increase by one or two > every > > second. And for about five seconds, the lost poll will increase by at > least > > 16 regularly. So I think this behavior has some impact on the systems > that > > enables device polling. Could we get something to make the bge(4) a bit > more > > friendly to the device polling? I don't know if autonegotiation is > really > > needed to be called so frequently when we are connected to a good > network > > environment. Can I modify the interval between two autonegotiations to > have > > less lost_polls? However, I have no idea about the long time spent in > the > > brgphy_service(), please take a look at the problem when you have enough > > time. > > If you have lost poll it does not guarantee packet loss. > Packets can be retrieved by next poll or even by idle_poll thread. > bge_tick() is doing couple of pci register reads (it's polling phy status > and > updates some statistic counters), this why it takes some time. > > Anyway, you are right about too short autonegotiation timer, i'll fix it > soon. > > > > > Regards > > MQ > > > > ----- End forwarded message ----- > > > > -- > > Totus tuus, Glebius. > > GLEBIUS-RIPN GLEB-RIPE > > -- > Oleg. > > ================================================================ > === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === > ================================================================ > > Oh, I didn't connect to switch in my previous testings, so I didn't notice that the brgphy_mii_phy_auto() is called only there is no link. It's my fault. Therefore there won't be a problem with this. By the way, bge_tick() takes about 0.5ms to finish its work, this results the lost poll every second when HZ is higher. Lower HZ will limit the performance under heavy traffic, and may result packet loss in that situation. And higher HZ will make a confusing situation that whether we have encountered a packet loss? It's really hard to make a decision between these two kinds of situation. From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 01:13:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BE80F16A50A for ; Thu, 14 Dec 2006 01:13:33 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAB4443CA1 for ; Thu, 14 Dec 2006 01:11:52 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so646821nfc for ; Wed, 13 Dec 2006 17:13:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=omtauxkiBokEbv9/uM3Jrb+YHNvfVoQ5HNJYvS78W/6AKNicJYTVaockXbcxKKlMH/l7Pl6bYKdPD8XoHQT18EoHsa+S3f8nVbAQv7XFJCC9JWfCh00bjSTsK3UGjEMHnOvyZmHuymbYYV2PcAilrdoWxpXYZkzFelZMtm9l35o= Received: by 10.82.110.14 with SMTP id i14mr151311buc.1166058381277; Wed, 13 Dec 2006 17:06:21 -0800 (PST) Received: by 10.82.134.15 with HTTP; Wed, 13 Dec 2006 17:06:21 -0800 (PST) Message-ID: <3aaaa3a0612131706w5ae75edcvadd7958274a1e2e2@mail.gmail.com> Date: Thu, 14 Dec 2006 01:06:21 +0000 From: Chris To: "Andre Oppermann" In-Reply-To: <457F2D82.6000905@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 01:13:33 -0000 On 12/12/06, Andre Oppermann wrote: > This is a patch adding automatic TCP send and receive socket buffer sizing. > Normally the socket buffers are static (either derived from global defaults > or set with setsockopt) and do not adapt to real network conditions. Two > things happen: a) your socket buffers are too small and you can't reach the > full potential of the network between both hosts; b) your socket buffers are > too big and you waste a lot of kernel memory for data just sitting around. > > With automatic TCP send and receive socket buffers we can start with a small > buffer and quickly grow it in parallel with the TCP congestion window to match > real network conditions. > > FreeBSD has a default 32K send socket buffer. This supports a maximal > transfer rate of only slightly more than 2Mbit/s on a 100ms RTT trans- > continental link. Or at 200ms just above 1Mbit/s. With TCP send buffer > auto scaling and the default values below it supports 20Mbit/s at 100ms > and 10Mbit/s at 200ms. That's an improvement of factor 10, or 1000%. > For the receive side it looks slightly better with a default of 64K buffer > size. > > The automatic send buffer sizing patch is currently running on one half of > the FTP.FreeBSD.ORG cluster w/o any problems so far. Against this machine > with the automatic receive buffer sizing patch I can download at 5.7MBytes > per second. Without patch it maxed out at 1.6MBytes per second as the delay > bandwidth product became equal to the static socket buffer size without hitting > the limits of the physical link between the machines. My test machine is about > 35ms from that FTP.FreeBSD.ORG and connected through a moderately loaded 100Mbit > Internet link. > > New sysctl's are: > > net.inet.tcp.sendbuf_auto=1 (enabled) > net.inet.tcp.sendbuf_inc=8192 (8K, step size) > net.inet.tcp.sendbuf_max=262144 (256K, growth limit) > net.inet.tcp.recvbuf_auto=1 (enabled) > net.inet.tcp.recvbuf_inc=16384 (16K, step size) > net.inet.tcp.recvbuf_max=262144 (256K, growth limit) > > The patch is available here (it may apply with some fuzz): > > http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff > > Any tests and test reports are very welcome. > > -- > Andre Hi does this patch work on 6.x? I used the send patch on 6.x and works great please make a 6.x patch thank you and I will happily test. Chris From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 07:07:06 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 097DB16A403 for ; Thu, 14 Dec 2006 07:07:06 +0000 (UTC) (envelope-from okazaki@kick.gr.jp) Received: from kick.gr.jp (green.kick.jp [219.165.126.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10E9643CAA for ; Thu, 14 Dec 2006 07:05:31 +0000 (GMT) (envelope-from okazaki@kick.gr.jp) Received: from shadowskill.kick.gr.jp (shadowskill.kick.gr.jp [IPv6:2001:380:12d:1:20e:cff:fe72:9934]) by kick.gr.jp (8.13.8/8.13.8) with ESMTP id kBE773ma012286; Thu, 14 Dec 2006 16:07:03 +0900 (JST) (envelope-from okazaki@kick.gr.jp) Received: from shadowskill.kick.gr.jp (localhost [127.0.0.1]) by shadowskill.kick.gr.jp (8.13.8/8.13.8) with ESMTP id kBE773rf073611; Thu, 14 Dec 2006 16:07:03 +0900 (JST) (envelope-from okazaki@kick.gr.jp) Received: (from okazaki@localhost) by shadowskill.kick.gr.jp (8.13.8/8.13.8/Submit) id kBE773sv073610; Thu, 14 Dec 2006 16:07:03 +0900 (JST) (envelope-from okazaki@kick.gr.jp) X-Authentication-Warning: shadowskill.kick.gr.jp: okazaki set sender to okazaki@kick.gr.jp using -f From: Tomoyuki Okazaki To: net@freebsd.org Date: Thu, 14 Dec 2006 16:07:03 +0900 Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.90 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: camellia-oss-pf@coro.isl.ntt.co.jp, camellia-oss@sec.ms.ntts.co.jp Subject: Camellia patch for -current X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 07:07:06 -0000 Hi all, NTT is pleased to announce releasing the patch for -current, NTT and I would like to merge to -current, and then MFC to 6-stable. What is Camellia is at http://info.isl.ntt.co.jp/crypt/eng/camellia/intro.html. Three patches are available at below. URL: http://info.isl.ntt.co.jp/crypt/eng/camellia/source.html 1. http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/current-src-20061204.diff.gz This patch contains to add support RFC4132 to kernel, /sbin/setkey, /lib/libipsec.so and /lib/libcrypto.so. # openssl-0.9.8d is disabled Camellia for binary compatibility reason, # but 0.9.9-dev is enabled by default. # And because of openssl-0.9.8d Camellia bug, # patch for /lib/libcrypto.so is only for i386 and amd64. # It fix 4th Dec. in snapshot. 2. http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/ports-ipsec-tools.diff.gz This patch is for ipsec-tools 0.6.6. Camellia support is already commit ipsec-tools' CVS HEAD, and will not need it for 0.7. 3. http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/ports-openssl.diff.gz This patch is for openssl-0.9.8d and 0.9.8-snapshots. Thank you. -- Tomoyuki Okazaki okazaki@po.ntts.co.jp (okazaki@kick.gr.jp) From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 08:44:19 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAAE116A47C for ; Thu, 14 Dec 2006 08:44:19 +0000 (UTC) (envelope-from wangxd@hhu.edu.cn) Received: from hhu.edu.cn (mailgw.hhu.edu.cn [202.119.112.49]) by mx1.FreeBSD.org (Postfix) with SMTP id 85D9043CC8 for ; Thu, 14 Dec 2006 08:42:29 +0000 (GMT) (envelope-from wangxd@hhu.edu.cn) X-EYOU-SPAMVALUE: 0 Received: (eyou anti_spam gateway 3.0); Thu, 14 Dec 2006 16:25:23 +0800 Message-ID: <366084723.18343@hhu.edu.cn> X-EYOUMAIL-SMTPAUTH: wangxd@hhu.edu.cn Received: from 202.119.117.45 by 172.16.100.49 with SMTP; Thu, 14 Dec 2006 16:25:23 +0800 From: =?gb2312?B?zfXP/rar?= To: Date: Thu, 14 Dec 2006 16:44:01 +0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcceQSGs7JilIZR8S8Gc+DOdEm37UABGUwMA In-Reply-To: <365964349.05116@hhu.edu.cn> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 08:44:19 -0000 I have applied the patch of automatic send buffer sizing. My log file is: Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 33304, new 41496, sb_cc 30328, snd_wnd 65160, sendwnd 20308 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 41496, new 49688, sb_cc 39680, snd_wnd 66608, sendwnd 20272 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 49688, new 57880, sb_cc 46840, snd_wnd 65160, sendwnd 24616 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 57880, new 66072, sb_cc 54536, snd_wnd 65160, sendwnd 30408 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 66072, new 74264, sb_cc 63848, snd_wnd 65160, sendwnd 33304 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 74264, new 82456, sb_cc 71544, snd_wnd 65160, sendwnd 39096 Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old 82456, new 90648, sb_cc 73944, snd_wnd 66608, sendwnd 43440 Dec 13 21:55:58 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old 33304, new 41496, sb_cc 29818, snd_wnd 64128, sendwnd 15461 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 33580, new 41772, sb_cc 31672, snd_wnd 65535, sendwnd 17520 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 41772, new 49964, sb_cc 37592, snd_wnd 65535, sendwnd 21900 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 49964, new 58156, sb_cc 44324, snd_wnd 65535, sendwnd 23360 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 58156, new 66348, sb_cc 53408, snd_wnd 65535, sendwnd 27740 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 66348, new 74540, sb_cc 62492, snd_wnd 65535, sendwnd 32120 Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old 74540, new 82732, sb_cc 70116, snd_wnd 65535, sendwnd 37960 Dec 13 21:59:29 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old 41496, new 49688, sb_cc 36934, snd_wnd 64128, sendwnd 19101 Dec 13 21:59:29 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old 49688, new 57880, sb_cc 44222, snd_wnd 69888, sendwnd 22976 And 117.45 is XP, 117.245 is Debian, 117.246 is FreeBSD-6-Stable. How to analyze the performance? I need a help. Wangxd From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 09:22:55 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AD21216A412; Thu, 14 Dec 2006 09:22:55 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id B57E843CB7; Thu, 14 Dec 2006 09:21:15 +0000 (GMT) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (localhost [127.0.0.1]) by lath.rinet.ru (8.13.8/8.13.8) with ESMTP id kBE9MmIb021455 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Dec 2006 12:22:48 +0300 (MSK) (envelope-from oleg@lath.rinet.ru) Received: (from oleg@localhost) by lath.rinet.ru (8.13.8/8.13.8/Submit) id kBE9MmNh021454; Thu, 14 Dec 2006 12:22:48 +0300 (MSK) (envelope-from oleg) Date: Thu, 14 Dec 2006 12:22:48 +0300 From: Oleg Bulyzhin To: MQ Message-ID: <20061214092248.GA21394@lath.rinet.ru> References: <20061206085401.GH32700@cell.sick.ru> <20061212224351.GE91560@lath.rinet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) Cc: net@freebsd.org Subject: Re: [antinvidia@gmail.com: some questions about bge(4)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 09:22:55 -0000 On Thu, Dec 14, 2006 at 12:55:51AM +0000, MQ wrote: > 2006/12/12, Oleg Bulyzhin : > > > >On Wed, Dec 06, 2006 at 11:54:01AM +0300, Gleb Smirnoff wrote: > >> Forwarding to net@ list and to Oleg, who has made polling > >> support for bge(4). > >> > >> ----- Forwarded message from MQ < antinvidia@gmail.com> ----- > >> > >> From: MQ > >> To: glebius@freebsd.org, davidch@broadcom.com > >> Subject: some questions about bge(4) > >> Date: Sat, 2 Dec 2006 09:32:27 +0000 > >> Delivered-To: glebius@freebsd.org > >> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > >> s=beta; d=gmail.com; > >> > >h=received:message-id:date:from:to:subject:mime-version:content-type; > >> > >b=ZL3ZZ1zR0mt4LaUN2Rr+jXTPSzQgJYRwLiwKnv95r2UCEids5Wl7oA2BNgicJ2QRG8OalJ7DqY7lM1HBgv0OVTlXOhGQ9aFmKQAuTNi6ueZA817XUacXyViEepnj0oNyYgAnkbaaBO1+nl2Fpb3IxV+MIe575WRlqbglF8kdOek= > > > >> > >> Hi David and Gleb, > >> I'm using several chips whose driver is bge(4). And now I have some > >> questions about the driver, would you please an answer for me? > >> My confusion is related with some codes in /sys/dev/mii/brgphy.c. The > > > >> bge(4) uses the callout to drive the watchdog. And the brgphy_service() > >is > >> called once per second. It calls brgphy_mii_phy_auto() every 5 seconds > >to > >> autonegotiate the media. Normally, it costs about 0.5ms in the first > >> function brgphy_service(), and about 5ms when autonegotiation is > >proceeded. > > > >brgphy_mii_phy_auto() is called only if there is no link. > > > >> I haven't done streestest on it, consequently I don't know if this > >delay > >> will cause packets to be dropped. But I've enabled device polling with > >the > >> bge(4) on FreeBSD 6.1-RELEASE. If HZ is set to a high value(e.g. 4000), > >this > >> delay will cause the kern.polling.lost_polls to increase by one or two > >every > >> second. And for about five seconds, the lost poll will increase by at > >least > >> 16 regularly. So I think this behavior has some impact on the systems > >that > >> enables device polling. Could we get something to make the bge(4) a bit > >more > >> friendly to the device polling? I don't know if autonegotiation is > >really > >> needed to be called so frequently when we are connected to a good > >network > >> environment. Can I modify the interval between two autonegotiations to > >have > >> less lost_polls? However, I have no idea about the long time spent in > >the > >> brgphy_service(), please take a look at the problem when you have enough > >> time. > > > >If you have lost poll it does not guarantee packet loss. > >Packets can be retrieved by next poll or even by idle_poll thread. > >bge_tick() is doing couple of pci register reads (it's polling phy status > >and > >updates some statistic counters), this why it takes some time. > > > >Anyway, you are right about too short autonegotiation timer, i'll fix it > >soon. > > > >> > >> Regards > >> MQ > >> > >> ----- End forwarded message ----- > >> > >> -- > >> Totus tuus, Glebius. > >> GLEBIUS-RIPN GLEB-RIPE > > > >-- > >Oleg. > > > >================================================================ > >=== Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === > >================================================================ > > > > > > Oh, I didn't connect to switch in my previous testings, so I didn't notice > that the brgphy_mii_phy_auto() is called only there is no link. It's my > fault. Therefore there won't be a problem with this. > > By the way, bge_tick() takes about 0.5ms to finish its work, this results > the lost poll every second when HZ is higher. Lower HZ will limit the > performance under heavy traffic, and may result packet loss in that > situation. And higher HZ will make a confusing situation that whether we > have encountered a packet loss? It's really hard to make a decision between > these two kinds of situation. IMO, high HZ would not give perfomance gain if you have idle polling on (sysctl kern.polling.idle_poll=1). So it's better to have HZ=1000 & idle polling, than HZ=10000 and idle polling disabled. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 10:14:17 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ADBA916A492 for ; Thu, 14 Dec 2006 10:14:17 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67B7343C9D for ; Thu, 14 Dec 2006 10:12:42 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout2-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id kBEADqeS099244; Thu, 14 Dec 2006 02:13:53 -0800 (PST) Date: Thu, 14 Dec 2006 19:13:51 +0900 Message-ID: From: gnn@freebsd.org To: Tomoyuki Okazaki In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: camellia-oss-pf@coro.isl.ntt.co.jp, camellia-oss@sec.ms.ntts.co.jp, net@freebsd.org Subject: Re: Camellia patch for -current X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 10:14:17 -0000 At Thu, 14 Dec 2006 16:07:03 +0900, Tomoyuki Okazaki wrote: > > Hi all, > > NTT is pleased to announce releasing the patch for -current, > NTT and I would like to merge to -current, and then MFC to 6-stable. > And, to just chime in, I've been working with the folks at NTT on this and this is the first publicly available patch for this algorithm so having a lot of people look at it and try it would be a great help. Thanks, George From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 10:49:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FA1916A403 for ; Thu, 14 Dec 2006 10:49:33 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF98D43CA7 for ; Thu, 14 Dec 2006 10:47:57 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 81924 invoked from network); 14 Dec 2006 10:36:39 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Dec 2006 10:36:39 -0000 Message-ID: <45812C3F.2060902@freebsd.org> Date: Thu, 14 Dec 2006 11:49:35 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: =?GB2312?B?zfXP/rar?= References: <366084723.18343@hhu.edu.cn> In-Reply-To: <366084723.18343@hhu.edu.cn> Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 10:49:33 -0000 ÍõÏþ¶« wrote: > I have applied the patch of automatic send buffer sizing. > My log file is: > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 33304, new 41496, sb_cc 30328, snd_wnd 65160, sendwnd 20308 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 41496, new 49688, sb_cc 39680, snd_wnd 66608, sendwnd 20272 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 49688, new 57880, sb_cc 46840, snd_wnd 65160, sendwnd 24616 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 57880, new 66072, sb_cc 54536, snd_wnd 65160, sendwnd 30408 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 66072, new 74264, sb_cc 63848, snd_wnd 65160, sendwnd 33304 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 74264, new 82456, sb_cc 71544, snd_wnd 65160, sendwnd 39096 > Dec 13 21:54:25 FreeBSD kernel: tcp_output: 202.119.117.246 inc sockbuf, old > 82456, new 90648, sb_cc 73944, snd_wnd 66608, sendwnd 43440 > Dec 13 21:55:58 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old > 33304, new 41496, sb_cc 29818, snd_wnd 64128, sendwnd 15461 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 33580, new 41772, sb_cc 31672, snd_wnd 65535, sendwnd 17520 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 41772, new 49964, sb_cc 37592, snd_wnd 65535, sendwnd 21900 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 49964, new 58156, sb_cc 44324, snd_wnd 65535, sendwnd 23360 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 58156, new 66348, sb_cc 53408, snd_wnd 65535, sendwnd 27740 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 66348, new 74540, sb_cc 62492, snd_wnd 65535, sendwnd 32120 > Dec 13 21:58:13 FreeBSD kernel: tcp_output: 202.119.117.45 inc sockbuf, old > 74540, new 82732, sb_cc 70116, snd_wnd 65535, sendwnd 37960 > Dec 13 21:59:29 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old > 41496, new 49688, sb_cc 36934, snd_wnd 64128, sendwnd 19101 > Dec 13 21:59:29 FreeBSD kernel: tcp_output: 202.119.117.245 inc sockbuf, old > 49688, new 57880, sb_cc 44222, snd_wnd 69888, sendwnd 22976 > > And 117.45 is XP, 117.245 is Debian, 117.246 is FreeBSD-6-Stable. > > How to analyze the performance? I need a help. The log lines prove that the automatic send buffer sizing was working. On local high speed networks with very low RTT (<1ms) the effect is almost not noticeable. On links with higher bandwidth and larger RTT (>10ms Internet and Corporate WAN) there can be a very large difference. You can perform a test by transferring the same large file twice, once with auto sizing enabled and once without. A good target is the European half of FTP.FreeBSD.ORG [62.243.72.50] as it has a high bandwidth connection and the send buffer auto scaling patch installed. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 10:52:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E214416A4CA for ; Thu, 14 Dec 2006 10:52:14 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C40143CBB for ; Thu, 14 Dec 2006 10:50:38 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 81988 invoked from network); 14 Dec 2006 10:39:18 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Dec 2006 10:39:18 -0000 Message-ID: <45812CDE.7000103@freebsd.org> Date: Thu, 14 Dec 2006 11:52:14 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Chris References: <457F2D82.6000905@freebsd.org> <3aaaa3a0612131706w5ae75edcvadd7958274a1e2e2@mail.gmail.com> In-Reply-To: <3aaaa3a0612131706w5ae75edcvadd7958274a1e2e2@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 10:52:15 -0000 Chris wrote: > On 12/12/06, Andre Oppermann wrote: >> This is a patch adding automatic TCP send and receive socket buffer >> sizing. >> Normally the socket buffers are static (either derived from global >> defaults >> or set with setsockopt) and do not adapt to real network conditions. Two >> things happen: a) your socket buffers are too small and you can't >> reach the >> full potential of the network between both hosts; b) your socket >> buffers are >> too big and you waste a lot of kernel memory for data just sitting >> around. >> >> With automatic TCP send and receive socket buffers we can start with a >> small >> buffer and quickly grow it in parallel with the TCP congestion window >> to match >> real network conditions. >> >> FreeBSD has a default 32K send socket buffer. This supports a maximal >> transfer rate of only slightly more than 2Mbit/s on a 100ms RTT trans- >> continental link. Or at 200ms just above 1Mbit/s. With TCP send buffer >> auto scaling and the default values below it supports 20Mbit/s at 100ms >> and 10Mbit/s at 200ms. That's an improvement of factor 10, or 1000%. >> For the receive side it looks slightly better with a default of 64K >> buffer >> size. >> >> The automatic send buffer sizing patch is currently running on one >> half of >> the FTP.FreeBSD.ORG cluster w/o any problems so far. Against this >> machine >> with the automatic receive buffer sizing patch I can download at >> 5.7MBytes >> per second. Without patch it maxed out at 1.6MBytes per second as the >> delay >> bandwidth product became equal to the static socket buffer size >> without hitting >> the limits of the physical link between the machines. My test machine >> is about >> 35ms from that FTP.FreeBSD.ORG and connected through a moderately >> loaded 100Mbit >> Internet link. >> >> New sysctl's are: >> >> net.inet.tcp.sendbuf_auto=1 (enabled) >> net.inet.tcp.sendbuf_inc=8192 (8K, step size) >> net.inet.tcp.sendbuf_max=262144 (256K, growth limit) >> net.inet.tcp.recvbuf_auto=1 (enabled) >> net.inet.tcp.recvbuf_inc=16384 (16K, step size) >> net.inet.tcp.recvbuf_max=262144 (256K, growth limit) >> >> The patch is available here (it may apply with some fuzz): >> >> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff >> >> Any tests and test reports are very welcome. >> >> -- >> Andre > > Hi does this patch work on 6.x? I used the send patch on 6.x and works > great please make a 6.x patch thank you and I will happily test. No, this patch doesn't work on 6.x. It makes changes to struct tcpcb to add two additional fields. This requires netstat(1) to be recompiled and is a ABI change. However I've got a number of requests for 6.x patch so I may make one anyway. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 10:58:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 71F6F16A4D0 for ; Thu, 14 Dec 2006 10:58:08 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B73D43DA6 for ; Thu, 14 Dec 2006 10:55:29 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 82046 invoked from network); 14 Dec 2006 10:44:08 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Dec 2006 10:44:08 -0000 Message-ID: <45812E01.9060200@freebsd.org> Date: Thu, 14 Dec 2006 11:57:05 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Julian Elischer References: <458094E7.1060806@elischer.org> In-Reply-To: <458094E7.1060806@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 10:58:08 -0000 Julian Elischer wrote: > in the ipfw function send_reject6() we go to great length to calculate > the sequence number to put into the ack field of the reject packet.. > > but it's a RESET we are generating.. > > do we need to go to all the work of setting the ACK value etc? Yes, at least some of it. > could we do either of: > 1/ not set the ACK bit and just not do the extra work. Just send a reset? Doesn't work. > or > 2/ instead of ACKing all the data in the packet we are resetting, > how about just ACKing the sequence number it starts with > and saving ourselves from doing the work of ACKing all the data > up to the current packet end. (which is the packet we are rejecting > anyhow) (It takes some calculation to work out the new ack value > which seems pointless as we are rejecting it..) Section 3 of this document describes the situation and requirements quite accurately: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 11:16:52 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 36A9016A416; Thu, 14 Dec 2006 11:16:52 +0000 (UTC) (envelope-from citrin@citrin.ru) Received: from mail.classis.ru (classis.ru [213.248.60.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FB2D43CAB; Thu, 14 Dec 2006 11:15:16 +0000 (GMT) (envelope-from citrin@citrin.ru) Received: from citrin (unknown [81.19.65.115]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: citrin.citrin.ru) by mail.classis.ru (Postfix) with ESMTP id 3FD3E12221ED; Thu, 14 Dec 2006 14:16:49 +0300 (MSK) Date: Thu, 14 Dec 2006 14:16:29 +0300 From: Anton Yuzhaninov X-Mailer: The Bat! (v3.62.14) Professional Organization: Rambler X-Priority: 3 (Normal) Message-ID: <1299780826.20061214141629@citrin.ru> To: Andre Oppermann In-Reply-To: <457F2D82.6000905@freebsd.org> References: <457F2D82.6000905@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----------335114B6577294" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 11:16:52 -0000 This is a cryptographically signed message in MIME format. ------------335114B6577294 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Wednesday, December 13, 2006, 1:30:26 AM, Andre Oppermann wrote: AO> The patch is available here (it may apply with some fuzz): AO> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff AO> Any tests and test reports are very welcome. Please answer on question from Phil Rosenthal: PR> 1) I've seen in production that some sockets get large very PR> quickly during periods of high latency (eg: when sending to a user PR> downloading from a cablemodem and their headend gets temporarily PR> saturated and has large buffers, which raises the RTT under PR> saturation, which increases the bandwidth delay product), but then PR> as there isn't any code to shrink the buffers. This would probably PR> need to be in the timers to notice the case of the sender PR> temporarily stopping sending - eg in a keepalive http socket (a PR> separate, but related issue). --=20 WBR, Anton Yuzhaninov ------------335114B6577294-- From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 12:26:03 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0C75F16A514 for ; Thu, 14 Dec 2006 12:26:03 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D43043CA0 for ; Thu, 14 Dec 2006 12:24:25 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 82824 invoked from network); 14 Dec 2006 12:13:06 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 14 Dec 2006 12:13:06 -0000 Message-ID: <458142DB.8000002@freebsd.org> Date: Thu, 14 Dec 2006 13:26:03 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Anton Yuzhaninov References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> In-Reply-To: <1299780826.20061214141629@citrin.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 12:26:03 -0000 Anton Yuzhaninov wrote: > Wednesday, December 13, 2006, 1:30:26 AM, Andre Oppermann wrote: > > AO> The patch is available here (it may apply with some fuzz): > AO> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff > AO> Any tests and test reports are very welcome. > > Please answer on question from Phil Rosenthal: > > PR> 1) I've seen in production that some sockets get large very > PR> quickly during periods of high latency (eg: when sending to a user > PR> downloading from a cablemodem and their headend gets temporarily > PR> saturated and has large buffers, which raises the RTT under > PR> saturation, which increases the bandwidth delay product), but then > PR> as there isn't any code to shrink the buffers. This would probably > PR> need to be in the timers to notice the case of the sender > PR> temporarily stopping sending - eg in a keepalive http socket (a > PR> separate, but related issue). The send buffer increasing because of buffering in the network (like a cable headend) is expected. We don't have any way to distinguish this from a normal high latency link. Is is really the job of the router operator (ISP) to configure the buffer memory and interface queues properly and to enable things like RED. Shrinking the send buffer can only be done when it is idle and empty. But then it doesn't consume any kernel memory anyway. The next time you send something it is very likely that the network conditions are roughly the same as before and a large socket buffer makes sense and increases throughput. In the case where the socket buffer is large and filled and the receiver becomes unreachable the socket has to hold on to the data unless the application closes it. There is no way to undo an application write() and to drop data from the send buffer. That would violate all TCP specs and assumptions about the behavior of sockets and reliable data transport. You have to keep in mind that TCP sees the network only as black box and doesn't have any information on delays, bandwidths, network buffering or any other parameter of it. It can only try to discover certain characteristics after a flow of data has been established. Even then there is a lot of variance and uncertainty still going on. It's essentially impossible behave perfectly for all possible network conditions. The automatic send buffer is not perfect either and has some cases where it may allocate too much resources of the host to a particular connection. OTOH it does much better than the small fixed sized buffer we had before. -- Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 12:52:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A683416A523 for ; Thu, 14 Dec 2006 12:52:56 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 221C143E71 for ; Thu, 14 Dec 2006 12:48:57 +0000 (GMT) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=[192.168.0.18]) by publicd.ub.mng.net with esmtpa (Exim 4.63 (FreeBSD)) (envelope-from ) id 1Guq2S-000CRu-RT; Thu, 14 Dec 2006 20:50:16 +0800 Message-ID: <45814888.1060301@micom.mng.net> Date: Thu, 14 Dec 2006 20:50:16 +0800 From: Ganbold User-Agent: Thunderbird 1.5.0.4 (X11/20060612) MIME-Version: 1.0 To: Alexander Motin References: <1159971789.00612536.1159960802@10.7.7.3> <4524055D.7060906@mavhome.dp.ua> <4529C408.5070807@micom.mng.net> <452A008B.8040804@mavhome.dp.ua> <452A0F2A.3000901@micom.mng.net> <452A164A.9080507@mavhome.dp.ua> In-Reply-To: <452A164A.9080507@mavhome.dp.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: mpd and vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 12:52:56 -0000 Alexander Motin wrote: > Ganbold wrote: >> OK, so I have to create vlans first on the system and then configure >> mpd.links file accordingly and take out the "set pppoe iface bge1" >> line from mpd.conf. I will try it sometime later and let you know how >> it goes. > > Somebody should strip vlan header. If not a system (if you dont like > to create vlans) and not mpd (this is not its business) then who? > > It will work fine. vlan for mpd is like a usual ethernet interface > without any specifics. > Alexander, Is it possible to give static IP addresses to the users using mpd? How it should be done? User is authenticating with radius server. Right now my mpd.conf is like this: ... server8: new -i ng8 pppoe8 pppoe8 set ipcp ranges 192.168.5.3/32 192.168.5.18/24 load pppoe_standard ... thanks in advance, Ganbold From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 12:53:16 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E57516A47E for ; Thu, 14 Dec 2006 12:53:16 +0000 (UTC) (envelope-from spadge@fromley.net) Received: from mtaout03-winn.ispmail.ntl.com (mtaout03-winn.ispmail.ntl.com [81.103.221.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D43743CA2 for ; Thu, 14 Dec 2006 12:50:24 +0000 (GMT) (envelope-from spadge@fromley.net) Received: from aamtaout03-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout03-winn.ispmail.ntl.com with ESMTP id <20061214125124.DJHN1865.mtaout03-winn.ispmail.ntl.com@aamtaout03-winn.ispmail.ntl.com> for ; Thu, 14 Dec 2006 12:51:24 +0000 Received: from tobermory.home ([86.0.166.176]) by aamtaout03-winn.ispmail.ntl.com with ESMTP id <20061214125123.ILLD26699.aamtaout03-winn.ispmail.ntl.com@tobermory.home> for ; Thu, 14 Dec 2006 12:51:23 +0000 Received: from [192.168.124.185] (jupiter.home [192.168.124.185]) by tobermory.home (Postfix) with ESMTP id D2327A6C9F for ; Thu, 14 Dec 2006 12:51:20 +0000 (GMT) Message-ID: <458148C7.5050607@fromley.net> Date: Thu, 14 Dec 2006 12:51:19 +0000 From: Spadge User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Dummynet pipe causing system to lock up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 12:53:16 -0000 Hi all I'm completely baffled by how to work this problem out that I am having with ipfw/dummynet. I have created some ipfw rules to use a pipe which dummynet then shapes. The problem I appear to be having is that whenever a packet is sent to the pipe, the entire system locks up and I have to reboot the machine using the power switch. Which is completely sub-optimal, I know. I have looked through dummynet manpages, been to the dummynet website ( http://info.iet.unipi.it/~luigi/ip_dummynet/ ), tried google; none of it successfully, other than I found someone who appeared to have had a similar problem a year or so ago, but it looks like his problem either just went away on its own or was never resolved, but no mention of which. ** Background Information ** OS information: spadge@tobermory$ uname -a FreeBSD tobermory.home 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #14: Mon Dec 11 15:08:53 GMT 2006 root@tobermory.home:/usr/obj/usr/src/sys/TOBERMORY i386 The kernconf has the following bits for the ipfw/dummynet stuff: # For ipfw/natd options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE # For DUMMYNET packet shaping options DUMMYNET options HZ=1000 And the following rules are what cause the problem I'm having: /sbin/ipfw add pipe 101 ip from any to any uid 1101 via $WAN in /sbin/ipfw add pipe 102 ip from any to any uid 1101 via $WAN out /sbin/ipfw pipe 101 config bw 4096kbit/s delay 200ms /sbin/ipfw pipe 102 config bw 512kbit/s delay 200ms $WAN is a variable set earlier in the /etc/rc.firewall rules: WAN="xl0" LAN="nge0" The machine is my internet gateway, running my natd, dhcpd, httpd, imapd, smtpd, ircd etc. What I am trying to achieve with this dummynet exercise is to put a delay onto everything that UID 1101 (which only runs mldonkey (multi-network p2p client)) sends/receives so that the rest of my LAN can do what it wants online (like playing online games and browsing the interwebs) and have mldonkey step aside gracefully when someone else wants the bandwidth. I got the idea from the mldonkey wiki page covering how to do this in linux - nice of them to spare us FreeBSD users an afterthought and a couple of lines at the end of the lengthy linux how-to, eh. link: http://mldonkey.sourceforge.net/TrafficShaping Am I missing something *completely* obvious here? What am I doing wrong? How can I find out more about how to do this right? The system runs fine right up until the user in the rules starts sending/receiving stuff, then it's goodbye system - and suddenly enough that I can't find a single error or panic entry in any logs covering it. Any hints or help would be great. Thanks. -- Spadge "Intoccabile" www.fromley.com From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 13:11:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EDB1E16A415 for ; Thu, 14 Dec 2006 13:11:37 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00B2F43D77 for ; Thu, 14 Dec 2006 13:00:33 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 64 [XX] (100%) BAYESIAN TRAINING: 100 Received: from [212.86.226.11] (account mav@alkar.net [212.86.226.11] verified) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 18981533; Thu, 14 Dec 2006 15:01:53 +0200 Message-ID: <45814B40.4080004@mavhome.dp.ua> Date: Thu, 14 Dec 2006 15:01:52 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8b) Gecko/20051108 MIME-Version: 1.0 To: Ganbold References: <1159971789.00612536.1159960802@10.7.7.3> <4524055D.7060906@mavhome.dp.ua> <4529C408.5070807@micom.mng.net> <452A008B.8040804@mavhome.dp.ua> <452A0F2A.3000901@micom.mng.net> <452A164A.9080507@mavhome.dp.ua> <45814888.1060301@micom.mng.net> In-Reply-To: <45814888.1060301@micom.mng.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: mpd and vlan X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 13:11:38 -0000 Hi. Ganbold wrote: > Is it possible to give static IP addresses to the users using mpd? > How it should be done? User is authenticating with radius server. Your RADIUS server should send FRAMED_IP_ADDRESS attribute to mpd specifying required IP address. When mpd will get that attribute it will propose it to client instead of specified in "set ipcp ranges" option. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 11:13:42 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2727016A52E for ; Thu, 14 Dec 2006 11:13:42 +0000 (UTC) (envelope-from wangxd@hhu.edu.cn) Received: from hhu.edu.cn (mailgw.hhu.edu.cn [202.119.112.49]) by mx1.FreeBSD.org (Postfix) with SMTP id D29D043EB9 for ; Thu, 14 Dec 2006 11:09:48 +0000 (GMT) (envelope-from wangxd@hhu.edu.cn) X-EYOU-SPAMVALUE: 0 Received: (eyou anti_spam gateway 3.0); Thu, 14 Dec 2006 18:52:32 +0800 Message-ID: <366093552.20624@hhu.edu.cn> X-EYOUMAIL-SMTPAUTH: wangxd@hhu.edu.cn Received: from 202.119.117.45 by 172.16.100.49 with SMTP; Thu, 14 Dec 2006 18:52:32 +0800 From: =?gb2312?B?zfXP/rar?= To: "'Andre Oppermann'" Date: Thu, 14 Dec 2006 19:11:12 +0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 In-Reply-To: <366093006.18223@hhu.edu.cn> Thread-Index: AccfbK84K/GwmbcFTleH3+WQUnQQnwAAokDA X-Mailman-Approved-At: Thu, 14 Dec 2006 13:37:03 +0000 Cc: freebsd-net@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 11:13:42 -0000 My FTP is 202.119.123.7. From 202.119.117/24 to it, there are two = routers. traceroute to 202.119.123.7 (202.119.123.7), 64 hops max, 40 byte = packets 1 202.119.117.254 (202.119.117.254) 0.794 ms 0.809 ms 0.882 ms 2 172.17.2.14 (172.17.2.14) 0.963 ms 0.736 ms 0.868 ms 3 202.119.123.7 (202.119.123.7) 23.467 ms 23.499 ms 23.228 ms Because the number of anonymous ftp users is unlimited, the FTP is very busy.=20 FreeBSD# w 6:59PM up 16 days, 5:12, 1 user, load averages: 0.84, 0.81, 0.76 USER TTY FROM LOGIN@ IDLE WHAT root p0 202.119.117.45 6:54PM - w My question is why Debian have used the auto-sizing buffer, but FTP's sending buffer for it is under FreeBSD and XP. My FreeBSD do not apply = the patch, it is 6.0-stable. Thanks. Wangxd -----=D3=CA=BC=FE=D4=AD=BC=FE----- =B7=A2=BC=FE=C8=CB: Andre Oppermann [mailto:andre@freebsd.org]=20 =B7=A2=CB=CD=CA=B1=BC=E4: 2006=C4=EA12=D4=C214=C8=D5 18:50 =CA=D5=BC=FE=C8=CB: =CD=F5=CF=FE=B6=AB =B3=AD=CB=CD: freebsd-net@freebsd.org =D6=F7=CC=E2: Re: Automatic TCP send and receive socket buffer sizing The log lines prove that the automatic send buffer sizing was working. On local high speed networks with very low RTT (<1ms) the effect is almost not noticeable. On links with higher bandwidth and larger RTT (>10ms Internet and Corporate WAN) there can be a very large difference. You can perform a test by transferring the same large file twice, once with auto sizing enabled and once without. A good target is the European half of FTP.FreeBSD.ORG [62.243.72.50] as it has a high bandwidth connection and the send buffer auto scaling patch installed. --=20 Andre From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 13:49:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F28116A539 for ; Thu, 14 Dec 2006 13:49:35 +0000 (UTC) (envelope-from mav@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 112F443CAC for ; Thu, 14 Dec 2006 13:47:58 +0000 (GMT) (envelope-from mav@alkar.net) Received: from [212.86.226.11] (account mav@alkar.net [212.86.226.11] verified) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 18985536 for freebsd-net@freebsd.org; Thu, 14 Dec 2006 15:49:32 +0200 Message-ID: <4581566C.5070600@alkar.net> Date: Thu, 14 Dec 2006 15:49:32 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8b) Gecko/20051108 MIME-Version: 1.0 To: FreeBSD Net References: <1166066689.00653827.1166055601@10.7.7.3> In-Reply-To: <1166066689.00653827.1166055601@10.7.7.3> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 13:49:35 -0000 Julian Elischer wrote: > could we do either of: > 1/ not set the ACK bit and just not do the extra work. Just send a reset? Reset packet MUST have valid sequence number. Else it will be rejected as protection from DoS atack. From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 14:08:56 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75A3316A4B3; Thu, 14 Dec 2006 14:08:56 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A33A43DC7; Thu, 14 Dec 2006 14:03:13 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBEE4Qm1020467; Thu, 14 Dec 2006 16:04:26 +0200 From: Nikos Vassiliadis To: freebsd-net@freebsd.org Date: Thu, 14 Dec 2006 16:04:01 +0200 User-Agent: KMail/1.9.1 References: <458148C7.5050607@fromley.net> In-Reply-To: <458148C7.5050607@fromley.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612141604.02106.nvass@teledomenet.gr> Cc: Spadge , net@freebsd.org Subject: Re: Dummynet pipe causing system to lock up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 14:08:56 -0000 On Thursday 14 December 2006 14:51, Spadge wrote: > Hi all > > I'm completely baffled by how to work this problem out that I am having > with ipfw/dummynet. > > I have created some ipfw rules to use a pipe which dummynet then shapes. > The problem I appear to be having is that whenever a packet is sent to > the pipe, the entire system locks up and I have to reboot the machine > using the power switch. Which is completely sub-optimal, I know. > > I have looked through dummynet manpages, been to the dummynet website ( > http://info.iet.unipi.it/~luigi/ip_dummynet/ ), tried google; none of it > successfully, other than I found someone who appeared to have had a > similar problem a year or so ago, but it looks like his problem either > just went away on its own or was never resolved, but no mention of which. > > ** Background Information ** > > OS information: > > spadge@tobermory$ uname -a > FreeBSD tobermory.home 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #14: Mon > Dec 11 15:08:53 GMT 2006 > root@tobermory.home:/usr/obj/usr/src/sys/TOBERMORY i386 > > The kernconf has the following bits for the ipfw/dummynet stuff: > > # For ipfw/natd > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > # For DUMMYNET packet shaping > options DUMMYNET > options HZ=1000 > > And the following rules are what cause the problem I'm having: > > /sbin/ipfw add pipe 101 ip from any to any uid 1101 via $WAN in > /sbin/ipfw add pipe 102 ip from any to any uid 1101 via $WAN out > /sbin/ipfw pipe 101 config bw 4096kbit/s delay 200ms > /sbin/ipfw pipe 102 config bw 512kbit/s delay 200ms > > $WAN is a variable set earlier in the /etc/rc.firewall rules: > > WAN="xl0" > LAN="nge0" > > The machine is my internet gateway, running my natd, dhcpd, httpd, > imapd, smtpd, ircd etc. > > What I am trying to achieve with this dummynet exercise is to put a > delay onto everything that UID 1101 (which only runs mldonkey > (multi-network p2p client)) sends/receives so that the rest of my LAN > can do what it wants online (like playing online games and browsing the > interwebs) and have mldonkey step aside gracefully when someone else > wants the bandwidth. I got the idea from the mldonkey wiki page covering > how to do this in linux - nice of them to spare us FreeBSD users an > afterthought and a couple of lines at the end of the lengthy linux > how-to, eh. > > link: http://mldonkey.sourceforge.net/TrafficShaping > > Am I missing something *completely* obvious here? What am I doing wrong? > How can I find out more about how to do this right? > > The system runs fine right up until the user in the rules starts > sending/receiving stuff, then it's goodbye system - and suddenly enough > that I can't find a single error or panic entry in any logs covering it. > > Any hints or help would be great. > for ipfw man, BUGS section: Rules which use uid, gid or jail based matching should be used only if debug.mpsafenet=0 to avoid possible deadlocks due to layering violations in its implementation. > Thanks. > From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 14:08:56 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75A3316A4B3; Thu, 14 Dec 2006 14:08:56 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A33A43DC7; Thu, 14 Dec 2006 14:03:13 +0000 (GMT) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBEE4Qm1020467; Thu, 14 Dec 2006 16:04:26 +0200 From: Nikos Vassiliadis To: freebsd-net@freebsd.org Date: Thu, 14 Dec 2006 16:04:01 +0200 User-Agent: KMail/1.9.1 References: <458148C7.5050607@fromley.net> In-Reply-To: <458148C7.5050607@fromley.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612141604.02106.nvass@teledomenet.gr> Cc: Spadge , net@freebsd.org Subject: Re: Dummynet pipe causing system to lock up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 14:08:56 -0000 On Thursday 14 December 2006 14:51, Spadge wrote: > Hi all > > I'm completely baffled by how to work this problem out that I am having > with ipfw/dummynet. > > I have created some ipfw rules to use a pipe which dummynet then shapes. > The problem I appear to be having is that whenever a packet is sent to > the pipe, the entire system locks up and I have to reboot the machine > using the power switch. Which is completely sub-optimal, I know. > > I have looked through dummynet manpages, been to the dummynet website ( > http://info.iet.unipi.it/~luigi/ip_dummynet/ ), tried google; none of it > successfully, other than I found someone who appeared to have had a > similar problem a year or so ago, but it looks like his problem either > just went away on its own or was never resolved, but no mention of which. > > ** Background Information ** > > OS information: > > spadge@tobermory$ uname -a > FreeBSD tobermory.home 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #14: Mon > Dec 11 15:08:53 GMT 2006 > root@tobermory.home:/usr/obj/usr/src/sys/TOBERMORY i386 > > The kernconf has the following bits for the ipfw/dummynet stuff: > > # For ipfw/natd > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > # For DUMMYNET packet shaping > options DUMMYNET > options HZ=1000 > > And the following rules are what cause the problem I'm having: > > /sbin/ipfw add pipe 101 ip from any to any uid 1101 via $WAN in > /sbin/ipfw add pipe 102 ip from any to any uid 1101 via $WAN out > /sbin/ipfw pipe 101 config bw 4096kbit/s delay 200ms > /sbin/ipfw pipe 102 config bw 512kbit/s delay 200ms > > $WAN is a variable set earlier in the /etc/rc.firewall rules: > > WAN="xl0" > LAN="nge0" > > The machine is my internet gateway, running my natd, dhcpd, httpd, > imapd, smtpd, ircd etc. > > What I am trying to achieve with this dummynet exercise is to put a > delay onto everything that UID 1101 (which only runs mldonkey > (multi-network p2p client)) sends/receives so that the rest of my LAN > can do what it wants online (like playing online games and browsing the > interwebs) and have mldonkey step aside gracefully when someone else > wants the bandwidth. I got the idea from the mldonkey wiki page covering > how to do this in linux - nice of them to spare us FreeBSD users an > afterthought and a couple of lines at the end of the lengthy linux > how-to, eh. > > link: http://mldonkey.sourceforge.net/TrafficShaping > > Am I missing something *completely* obvious here? What am I doing wrong? > How can I find out more about how to do this right? > > The system runs fine right up until the user in the rules starts > sending/receiving stuff, then it's goodbye system - and suddenly enough > that I can't find a single error or panic entry in any logs covering it. > > Any hints or help would be great. > for ipfw man, BUGS section: Rules which use uid, gid or jail based matching should be used only if debug.mpsafenet=0 to avoid possible deadlocks due to layering violations in its implementation. > Thanks. > From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 14:09:20 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DDEFC16A407 for ; Thu, 14 Dec 2006 14:09:19 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 358B143F00 for ; Thu, 14 Dec 2006 14:03:52 +0000 (GMT) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (localhost [127.0.0.1]) by lath.rinet.ru (8.13.8/8.13.8) with ESMTP id kBEE5FTd026694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Dec 2006 17:05:15 +0300 (MSK) (envelope-from oleg@lath.rinet.ru) Received: (from oleg@localhost) by lath.rinet.ru (8.13.8/8.13.8/Submit) id kBEE5Dkb026693; Thu, 14 Dec 2006 17:05:13 +0300 (MSK) (envelope-from oleg) Date: Thu, 14 Dec 2006 17:05:13 +0300 From: Oleg Bulyzhin To: Spadge Message-ID: <20061214140513.GA25504@lath.rinet.ru> References: <458148C7.5050607@fromley.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <458148C7.5050607@fromley.net> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: net@freebsd.org Subject: Re: Dummynet pipe causing system to lock up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 14:09:20 -0000 On Thu, Dec 14, 2006 at 12:51:19PM +0000, Spadge wrote: > Hi all > > I'm completely baffled by how to work this problem out that I am having > with ipfw/dummynet. > > I have created some ipfw rules to use a pipe which dummynet then shapes. > The problem I appear to be having is that whenever a packet is sent to > the pipe, the entire system locks up and I have to reboot the machine > using the power switch. Which is completely sub-optimal, I know. > > I have looked through dummynet manpages, been to the dummynet website ( > http://info.iet.unipi.it/~luigi/ip_dummynet/ ), tried google; none of it > successfully, other than I found someone who appeared to have had a > similar problem a year or so ago, but it looks like his problem either > just went away on its own or was never resolved, but no mention of which. > > ** Background Information ** > > OS information: > > spadge@tobermory$ uname -a > FreeBSD tobermory.home 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #14: Mon > Dec 11 15:08:53 GMT 2006 > root@tobermory.home:/usr/obj/usr/src/sys/TOBERMORY i386 > > The kernconf has the following bits for the ipfw/dummynet stuff: > > # For ipfw/natd > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > # For DUMMYNET packet shaping > options DUMMYNET > options HZ=1000 > > And the following rules are what cause the problem I'm having: > > /sbin/ipfw add pipe 101 ip from any to any uid 1101 via $WAN in > /sbin/ipfw add pipe 102 ip from any to any uid 1101 via $WAN out > /sbin/ipfw pipe 101 config bw 4096kbit/s delay 200ms > /sbin/ipfw pipe 102 config bw 512kbit/s delay 200ms > > $WAN is a variable set earlier in the /etc/rc.firewall rules: > > WAN="xl0" > LAN="nge0" > > The machine is my internet gateway, running my natd, dhcpd, httpd, > imapd, smtpd, ircd etc. > > What I am trying to achieve with this dummynet exercise is to put a > delay onto everything that UID 1101 (which only runs mldonkey > (multi-network p2p client)) sends/receives so that the rest of my LAN > can do what it wants online (like playing online games and browsing the > interwebs) and have mldonkey step aside gracefully when someone else > wants the bandwidth. I got the idea from the mldonkey wiki page covering > how to do this in linux - nice of them to spare us FreeBSD users an > afterthought and a couple of lines at the end of the lengthy linux > how-to, eh. > > link: http://mldonkey.sourceforge.net/TrafficShaping > > Am I missing something *completely* obvious here? What am I doing wrong? > How can I find out more about how to do this right? > > The system runs fine right up until the user in the rules starts > sending/receiving stuff, then it's goodbye system - and suddenly enough > that I can't find a single error or panic entry in any logs covering it. > > Any hints or help would be great. > > Thanks. > > -- > Spadge > "Intoccabile" > www.fromley.com > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" sysctl debug.mpsafenet value? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 15:53:24 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2362816A492; Thu, 14 Dec 2006 15:53:24 +0000 (UTC) (envelope-from spadge@fromley.net) Received: from mtaout03-winn.ispmail.ntl.com (mtaout03-winn.ispmail.ntl.com [81.103.221.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6444643CA7; Thu, 14 Dec 2006 15:51:40 +0000 (GMT) (envelope-from spadge@fromley.net) Received: from aamtaout01-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout03-winn.ispmail.ntl.com with ESMTP id <20061214155306.JQEG1865.mtaout03-winn.ispmail.ntl.com@aamtaout01-winn.ispmail.ntl.com>; Thu, 14 Dec 2006 15:53:06 +0000 Received: from tobermory.home ([86.0.166.176]) by aamtaout01-winn.ispmail.ntl.com with ESMTP id <20061214155306.VJXG219.aamtaout01-winn.ispmail.ntl.com@tobermory.home>; Thu, 14 Dec 2006 15:53:06 +0000 Received: from [192.168.124.185] (jupiter.home [192.168.124.185]) by tobermory.home (Postfix) with ESMTP id 1DC5FA7780; Thu, 14 Dec 2006 15:53:03 +0000 (GMT) Message-ID: <4581735E.90408@fromley.net> Date: Thu, 14 Dec 2006 15:53:02 +0000 From: Spadge User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: net@freebsd.org References: <458148C7.5050607@fromley.net> <200612141604.02106.nvass@teledomenet.gr> In-Reply-To: <200612141604.02106.nvass@teledomenet.gr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Oleg Bulyzhin , Nikos Vassiliadis Subject: Re: Dummynet pipe causing system to lock up X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 15:53:24 -0000 Nikos Vassiliadis wrote: > for ipfw man, BUGS section: > Rules which use uid, gid or jail based matching should be used only if > debug.mpsafenet=0 to avoid possible deadlocks due to layering violations > in its implementation. Oleg Bulyzhin wrote: > sysctl debug.mpsafenet value? > Thanks to you both, you were both spot-on absolutely correct. spadge@tobermory$ cat /boot/loader.conf debug.mpsafenet=0 That fixed it. -- Spadge "Intoccabile" www.fromley.com From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 17:44:13 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 921FB16A538 for ; Thu, 14 Dec 2006 17:44:13 +0000 (UTC) (envelope-from freebsdworld@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CF8E43E00 for ; Thu, 14 Dec 2006 17:40:09 +0000 (GMT) (envelope-from freebsdworld@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so514309uge for ; Thu, 14 Dec 2006 09:41:42 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=s98kS0or9QUFs0K5vxWeDDm/Bdp2JkDImQ0vKR/w5aUabixjSvCu8riUD3cQdVlY5DSJNbnRuGz6a6tHOwa8WXxHC81mXOjZ8HvNWZq+g3DTdaFMqoJRGHaon13W9JXniwXjazY2gG5jIZ8NctjnAmgXDOJZng6X7GffGLytPiU= Received: by 10.82.165.1 with SMTP id n1mr306042bue.1166118101590; Thu, 14 Dec 2006 09:41:41 -0800 (PST) Received: by 10.82.105.5 with HTTP; Thu, 14 Dec 2006 09:41:41 -0800 (PST) Message-ID: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> Date: Thu, 14 Dec 2006 12:41:41 -0500 From: "Benjamin Adams" To: freebsd-net MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 17:44:13 -0000 employees are killing the network with torrents. anyone know a company where I can get a box to monitor traffic and kill torrents. Thanks PS Not looking to build a firewall this time. From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 18:23:44 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2E1B16A513 for ; Thu, 14 Dec 2006 18:23:44 +0000 (UTC) (envelope-from baldur@foo.is) Received: from gremlin.foo.is (gremlin.foo.is [194.105.250.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 118544401A for ; Thu, 14 Dec 2006 18:10:55 +0000 (GMT) (envelope-from baldur@foo.is) Received: from 127.0.0.1 (localhost.foo.is [127.0.0.1]) by injector.foo.is (Postfix) with SMTP id 95063DA913; Thu, 14 Dec 2006 18:12:18 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on gremlin.foo.is X-Spam-Level: X-Spam-Status: No, score=-2.6 required=6.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.7 Received: by gremlin.foo.is (Postfix, from userid 1000) id AF657DA917; Thu, 14 Dec 2006 18:12:12 +0000 (GMT) Date: Thu, 14 Dec 2006 18:12:12 +0000 From: Baldur Gislason To: Benjamin Adams Message-ID: <20061214181212.GE1038@gremlin.foo.is> References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> In-Reply-To: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> User-Agent: Mutt/1.4.2.1i X-Sanitizer: Foo MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Cc: freebsd-net Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 18:23:45 -0000 Get a faster network. Baldur On Thu, Dec 14, 2006 at 12:41:41PM -0500, Benjamin Adams wrote: > employees are killing the network with torrents. anyone know a company where > I can get a box to monitor traffic and kill torrents. Thanks > > PS Not looking to build a firewall this time. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 18:30:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6FDB516A47C for ; Thu, 14 Dec 2006 18:30:40 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4046D44055 for ; Thu, 14 Dec 2006 18:13:14 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin05-en2 [10.13.10.150]) by smtpout.mac.com (Xserve/8.12.11/smtpout03/MantshX 4.0) with ESMTP id kBEIFV6c027536; Thu, 14 Dec 2006 10:15:31 -0800 (PST) Received: from [17.214.13.96] (a17-214-13-96.apple.com [17.214.13.96]) (authenticated bits=0) by mac.com (Xserve/smtpin05/MantshX 4.0) with ESMTP id kBEIEdZp025580; Thu, 14 Dec 2006 10:14:40 -0800 (PST) In-Reply-To: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Thu, 14 Dec 2006 10:14:39 -0800 To: Benjamin Adams X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== X-Brightmail-scanned: yes Cc: freebsd-net Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 18:30:40 -0000 On Dec 14, 2006, at 9:41 AM, Benjamin Adams wrote: > employees are killing the network with torrents. anyone know a > company where > I can get a box to monitor traffic and kill torrents. Thanks > > PS Not looking to build a firewall this time. If you plan to restrict network traffic, then you're looking to use a firewall. If you don't want to build one, there are lots of companies that will sell them, but aside from Monowall and maybe the Nokia IP firewalls which use FreeBSD, the rest (ie, Cisco PIX/ASA, Sonicwall, etc) use other platforms and are off-topic. You could also start with enforcing your companies' policies on computer & network usage. If you fire people who are using torrents after they've been warned not to, you'll solve the problem at the source. -- -Chuck From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 18:37:50 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 997DC16A527 for ; Thu, 14 Dec 2006 18:37:50 +0000 (UTC) (envelope-from jhs@flat.berklix.net) Received: from thin.berklix.org (thin.berklix.org [194.246.123.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04A1C43F9E for ; Thu, 14 Dec 2006 18:20:24 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (p549A6A98.dip.t-dialin.net [84.154.106.152]) (authenticated bits=128) by thin.berklix.org (8.12.11/8.12.11) with ESMTP id kBEILpJ5058761; Thu, 14 Dec 2006 19:21:52 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.13.6/8.13.6) with ESMTP id kBEILiXs009606; Thu, 14 Dec 2006 19:21:45 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.6/8.13.6) with ESMTP id kBEILi97090287; Thu, 14 Dec 2006 19:21:44 +0100 (CET) (envelope-from jhs@fire.jhs.private) Message-Id: <200612141821.kBEILi97090287@fire.jhs.private> To: "Benjamin Adams" In-reply-to: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> Comments: In-reply-to "Benjamin Adams" message dated "Thu, 14 Dec 2006 12:41:41 -0500." Date: Thu, 14 Dec 2006 19:21:44 +0100 From: "Julian H. Stacey" Cc: freebsd-net Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 18:37:50 -0000 "Benjamin Adams" wrote: > employees are killing the network with torrents. anyone know a company where > I can get a box to monitor traffic and kill torrents. Thanks > > PS Not looking to build a firewall this time. Instead of paying money for a box (More space, heat, electricity bill & fault liability for ever after) you could offer the same money to hire a consultant to put in a few ipfw rules for you on your existing gateway. Thus you'd still achieve your ideal of avoiding spending money rather than your time on it :-) Here's a table of BSD consultants world wide, geographicaly indexed: http://berklix.com/consultants/ -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. http://berklix.org/free-software From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:00:55 2006 Return-Path: X-Original-To: freebsd-net@hub.freebsd.org Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7F46716A40F; Thu, 14 Dec 2006 19:00:55 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13B8C43E9D; Thu, 14 Dec 2006 18:54:48 +0000 (GMT) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBEIuLxD016290; Thu, 14 Dec 2006 18:56:21 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBEIuL0a016286; Thu, 14 Dec 2006 18:56:21 GMT (envelope-from linimon) Date: Thu, 14 Dec 2006 18:56:21 GMT From: Mark Linimon Message-Id: <200612141856.kBEIuL0a016286@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-net@FreeBSD.org Cc: Subject: Re: kern/106722: [net] [patch] ifconfig may not connect an interface to known network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:00:55 -0000 Synopsis: [net] [patch] ifconfig may not connect an interface to known network Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Thu Dec 14 18:56:16 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=106722 From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:05:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BE94A16A403 for ; Thu, 14 Dec 2006 19:05:25 +0000 (UTC) (envelope-from mav@mavhome.dp.ua) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D5BC43D66 for ; Thu, 14 Dec 2006 19:03:22 +0000 (GMT) (envelope-from mav@mavhome.dp.ua) X-Spam-Level: 64 [XX] (100%) BAYESIAN TRAINING: 100 Received: from [195.248.178.122] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.0.11) with ESMTPA id 18994293 for freebsd-net@freebsd.org; Thu, 14 Dec 2006 21:04:57 +0200 Message-ID: <4581A058.60500@mavhome.dp.ua> Date: Thu, 14 Dec 2006 21:04:56 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: MPPC compression implementations legal status? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:05:25 -0000 Hi. Can anybody explain me for sure current license status of Microsoft Point-to-Point Compression (MPPC) Protocol? It is not implemented in FreeBSD for years and I think it would be good to change this. In RFC 2118 told that "Source and object licenses are available on a non-discriminatory basis from Stac Electronics". Does it means requirement to get license to use HIFN implementation of this protocol or also denies any other free implementation? How does it coexist with Microsoft's "ROYALTY FREE PROTOCOL LICENSE AGREEMENT", http://msdn2.microsoft.com/en-us/library/ms818807.aspx. Doesn't this agreement allows free implementation of server side protocols for cooperation with Windows client systems? -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:06:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2D9D016A403 for ; Thu, 14 Dec 2006 19:06:32 +0000 (UTC) (envelope-from jhs@flat.berklix.net) Received: from thin.berklix.org (thin.berklix.org [194.246.123.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D195F43CBE for ; Thu, 14 Dec 2006 19:04:54 +0000 (GMT) (envelope-from jhs@flat.berklix.net) Received: from js.berklix.net (p549A7064.dip.t-dialin.net [84.154.112.100]) (authenticated bits=128) by thin.berklix.org (8.12.11/8.12.11) with ESMTP id kBEJ6Sqp058838; Thu, 14 Dec 2006 20:06:29 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.net (8.13.6/8.13.6) with ESMTP id kBEJ6MsY009741; Thu, 14 Dec 2006 20:06:23 +0100 (CET) (envelope-from jhs@flat.berklix.net) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.6/8.13.6) with ESMTP id kBEJ6Mta090540; Thu, 14 Dec 2006 20:06:22 +0100 (CET) (envelope-from jhs@fire.jhs.private) Message-Id: <200612141906.kBEJ6Mta090540@fire.jhs.private> In-reply-to: <200612141821.kBEILi97090287@fire.jhs.private> References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <200612141821.kBEILi97090287@fire.jhs.private> Comments: In-reply-to "Julian H. Stacey" message dated "Thu, 14 Dec 2006 19:21:44 +0100." Date: Thu, 14 Dec 2006 20:06:22 +0100 From: "Julian H. Stacey" Cc: freebsd-net , Benjamin Adams Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:06:32 -0000 > Thus you'd still achieve your ideal of > avoiding spending money rather than your time on it :-) Sorry, I wrote that wrongly, I meant: Thus you'd still spend money & still save spending your own work time on it. -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. http://berklix.org/free-software From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:32:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DFF8416A506 for ; Thu, 14 Dec 2006 19:32:32 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outL.internet-mail-service.net [216.240.47.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DF0243DBF for ; Thu, 14 Dec 2006 19:29:10 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Thu, 14 Dec 2006 11:15:28 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBEJTuIn068779; Thu, 14 Dec 2006 11:29:57 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4581A628.1070909@elischer.org> Date: Thu, 14 Dec 2006 11:29:44 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Andre Oppermann References: <458094E7.1060806@elischer.org> <45812E01.9060200@freebsd.org> In-Reply-To: <45812E01.9060200@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:32:33 -0000 Andre Oppermann wrote: >> or >> 2/ instead of ACKing all the data in the packet we are resetting, >> how about just ACKing the sequence number it starts with >> and saving ourselves from doing the work of ACKing all the data >> up to the current packet end. (which is the packet we are rejecting >> anyhow) (It takes some calculation to work out the new ack value >> which seems pointless as we are rejecting it..) > > Section 3 of this document describes the situation and requirements > quite accurately: > > http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt So it sounds like, if the sequence number is in the window but not exact, the receiver sends an ACK which should force the sender to generate another RST that exactly matches. (is that correct?) From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:33:38 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 041B916A4FE for ; Thu, 14 Dec 2006 19:33:38 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outD.internet-mail-service.net (outD.internet-mail-service.net [216.240.47.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 423ED43DA4 for ; Thu, 14 Dec 2006 19:30:00 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Thu, 14 Dec 2006 11:16:28 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBEJVYVt071400; Thu, 14 Dec 2006 11:31:35 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4581A68F.5010208@elischer.org> Date: Thu, 14 Dec 2006 11:31:27 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Alexander Motin References: <1166066689.00653827.1166055601@10.7.7.3> <4581566C.5070600@alkar.net> In-Reply-To: <4581566C.5070600@alkar.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:33:38 -0000 Alexander Motin wrote: > Julian Elischer wrote: >> could we do either of: >> 1/ not set the ACK bit and just not do the extra work. Just send a >> reset? > > Reset packet MUST have valid sequence number. Else it will be rejected > as protection from DoS atack. Andre's reference explains it very well... thanks.. From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 19:44:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D3B2D16A416 for ; Thu, 14 Dec 2006 19:44:14 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outJ.internet-mail-service.net (outJ.internet-mail-service.net [216.240.47.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9ACE443D95 for ; Thu, 14 Dec 2006 19:41:53 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Thu, 14 Dec 2006 11:28:11 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBEJhIot089973; Thu, 14 Dec 2006 11:43:19 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4581A94F.7030301@elischer.org> Date: Thu, 14 Dec 2006 11:43:11 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Andre Oppermann References: <458094E7.1060806@elischer.org> <45812E01.9060200@freebsd.org> In-Reply-To: <45812E01.9060200@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: question for TCP gurus (in ipfw) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 19:44:14 -0000 Andre Oppermann wrote: > Julian Elischer wrote: >> in the ipfw function send_reject6() we go to great length to calculate >> the sequence number to put into the ack field of the reject packet.. >> >> but it's a RESET we are generating.. >> >> do we need to go to all the work of setting the ACK value etc? > > Yes, at least some of it. > >> could we do either of: >> 1/ not set the ACK bit and just not do the extra work. Just send a >> reset? > > Doesn't work. > >> or >> 2/ instead of ACKing all the data in the packet we are resetting, >> how about just ACKing the sequence number it starts with >> and saving ourselves from doing the work of ACKing all the data >> up to the current packet end. (which is the packet we are rejecting >> anyhow) (It takes some calculation to work out the new ack value >> which seems pointless as we are rejecting it..) > > Section 3 of this document describes the situation and requirements > quite accurately: > > http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt it sounds to me from this document that the SEQUENCE NUMBER of the RST needs to be the expected value but the calculations seem to be calculating the ACK value.. ie it is taking the sequence number, adding the amount of data to find the new sequence number, and sending that back in the ACK field..This seems un-needed. (?) i.e shouldn't the RST have a sequence number that is the value of the received ACK (minus 1?) and an ACK value of the received data is only checked (if at all) to be in the window. (It doesn't talk about the ACK value at all in the section you referenced. in fact it says: A legitimate peer, after restart, would not have a TCB in the synchronized state. Thus when the ACK arrives the peer should send a RST segment back with the sequence number derived from the ACK field that caused the RST. however in the code I an pointing to in send_reject6() in ip_fw2.c it seems that it is the ACK that is being calculated, and not the SEQUENCE number. From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 21:58:15 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 09A5B16A4B3 for ; Thu, 14 Dec 2006 21:58:15 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from pipa.vshosting.cz (pipa.vshosting.cz [81.0.201.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 460B843D79 for ; Thu, 14 Dec 2006 21:53:15 +0000 (GMT) (envelope-from dandee@hellteam.net) Received: from localhost (localhost [127.0.0.1]) by pipa.vshosting.cz (Postfix) with ESMTP id E87FA4E72F; Thu, 14 Dec 2006 22:54:52 +0100 (CET) Received: from pipa.vshosting.cz ([127.0.0.1]) by localhost (pipa [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20003-02; Thu, 14 Dec 2006 22:54:45 +0100 (CET) Received: from gandalf (unknown [81.0.245.205]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pipa.vshosting.cz (Postfix) with ESMTP id 2E12E4E732; Thu, 14 Dec 2006 22:54:45 +0100 (CET) From: =?utf-8?Q?Daniel_Dvo=C5=99=C3=A1k?= To: Date: Thu, 14 Dec 2006 22:54:43 +0100 Organization: Projekt HELL Message-ID: <002601c71fca$76959d80$6508280a@tocnet28.jspoj.czf> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 Thread-Index: AccfynYlGdzmbJboSySvKcJiL+QQlA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-Virus-Scanned: by amavisd-new at pipa.vshosting.cz Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsdworld@gmail.com Subject: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dandee@hellteam.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 21:58:15 -0000 Hi Benjamin, =20 I recommend you not monowall, but pfsense for its pf and altq framework. =20 If you want effectively erase bittorents from your network you have to = use snort_inline plus snort on FreeBSD platform with ipfw. =20 It exists more effectively platform, unfortunaly not for BSD, it is = really big pity. =20 L7-fillter patch for horible iptables on Linux platform. :( =20 But it really simply work, it ereases all bittorrents. =20 It is the best platform for nowadays, because it does not filter by port = but by content. It is elementary for successful filtering unwanted = traffic. Of course you can filter not only bittorents, but almost whole = p2p traffic. Big pitty it is not for BSD. :(=20 =20 Of course get faster network as somebody advise you, is not solution but = workaround only. :( =20 Bye =20 Dan From owner-freebsd-net@FreeBSD.ORG Thu Dec 14 22:31:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1482D16A5CE for ; Thu, 14 Dec 2006 22:31:07 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from pipa.vshosting.cz (pipa.vshosting.cz [81.0.201.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id D690743F1E for ; Thu, 14 Dec 2006 22:26:29 +0000 (GMT) (envelope-from dandee@hellteam.net) Received: from localhost (localhost [127.0.0.1]) by pipa.vshosting.cz (Postfix) with ESMTP id A08624E732 for ; Thu, 14 Dec 2006 23:28:01 +0100 (CET) Received: from pipa.vshosting.cz ([127.0.0.1]) by localhost (pipa [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15438-05 for ; Thu, 14 Dec 2006 23:27:55 +0100 (CET) Received: from gandalf (unknown [81.0.245.205]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pipa.vshosting.cz (Postfix) with ESMTP id 586CD4E70E for ; Thu, 14 Dec 2006 23:27:55 +0100 (CET) From: =?utf-8?Q?Daniel_Dvo=C5=99=C3=A1k?= To: Date: Thu, 14 Dec 2006 23:27:53 +0100 Organization: Projekt HELL Message-ID: <002b01c71fcf$18c78a10$6508280a@tocnet28.jspoj.czf> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 11 Thread-Index: Accfzxh2xIsVU/CkSYKiz6WV35o+Sw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-Virus-Scanned: by amavisd-new at pipa.vshosting.cz Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dandee@hellteam.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 22:31:07 -0000 Hi all, =20 I want back ipv6 link-local routes back, do you know how to do that ? I = hope this significant change will be in release document for 6.2. I did = not change rc.conf since release FreeBSD 6.1 in May06. =20 This is STABLE RELENG_6, kernel from 28.8.2006 and it is OKAY: =20 server1# uname -a FreeBSD 6.1-STABLE FreeBSD 6.1-STABLE #1: Mon Aug 28 02:48:17 CEST 2006 =20 server1# netstat -rn =20 Internet6: Destination Gateway Flags = Netif Expire ::1 ::1 UH = lo0 fe80::%ath0/64 link#1 UC = ath0 fe80::20b:6bff:fe2b:79f%ath0 00:0b:6b:2b:07:9f UHL = lo0 fe80::%sis0/64 link#2 UC = sis0 fe80::20d:b9ff:fe04:cf8c%sis0 00:0d:b9:04:cf:8c UHL = lo0 fe80::%sis1/64 link#3 UC = sis1 fe80::20d:b9ff:fe04:cf8d%sis1 00:0d:b9:04:cf:8d UHL = lo0 fe80::%ath1/64 link#4 UC = ath1 fe80::20b:6bff:fe2b:874%ath1 00:0b:6b:2b:08:74 UHL = lo0 fe80::%lo0/64 fe80::1%lo0 U = lo0 fe80::1%lo0 fe80::1%lo0 UHL = lo0 ff01:1::/32 link#1 UC = ath0 ff01:2::/32 link#2 UC = sis0 ff01:3::/32 link#3 UC = sis1 ff01:4::/32 link#4 UC = ath1 ff01:6::/32 ::1 UC = lo0 ff02::%ath0/32 link#1 UC = ath0 ff02::%sis0/32 link#2 UC = sis0 ff02::%sis1/32 link#3 UC = sis1 ff02::%ath1/32 link#4 UC = ath1 ff02::%lo0/32 ::1 UC = lo0 =20 This is still STABLE RELENG_6, but it shows as 6.2-PRERELEASE, kernel = from 2.10.2006 and it is still OKAY: =20 server2# uname -a FreeBSD 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #1: Mon Oct 2 11:43:39 = CEST 2006 =20 Internet6: Destination Gateway Flags = Netif Expire ::1 ::1 UHL = lo0 fe80::%ath0/64 link#1 UC = ath0 fe80::20b:6bff:fe35:509a%ath0 00:0b:6b:35:50:9a UHL = lo0 fe80::%ath1/64 link#2 UC = ath1 fe80::20b:6bff:fe2a:b8d5%ath1 00:0b:6b:2a:b8:d5 UHL = lo0 fe80::%rl0/64 link#3 UC = rl0 fe80::250:fcff:fee4:c4b6%rl0 00:50:fc:e4:c4:b6 UHL = lo0 fe80::%vr0/64 link#4 UC = vr0 fe80::20c:76ff:fe1c:aab7%vr0 00:0c:76:1c:aa:b7 UHL = lo0 fe80::%lo0/64 fe80::1%lo0 U = lo0 fe80::1%lo0 link#5 UHL = lo0 ff01:1::/32 link#1 UC = ath0 ff01:2::/32 link#2 UC = ath1 ff01:3::/32 link#3 UC = rl0 ff01:4::/32 link#4 UC = vr0 ff01:5::/32 ::1 UC = lo0 ff02::%ath0/32 link#1 UC = ath0 ff02::%ath1/32 link#2 UC = ath1 ff02::%rl0/32 link#3 UC = rl0 ff02::%vr0/32 link#4 UC = vr0 ff02::%lo0/32 ::1 UC = lo0 =20 This is STABLE RELENG_6_2, 6.2-RC1, kernel from 18.11.2006 and it is NOT = okay: =20 server3# uname -a FreeBSD 6.2-RC1 FreeBSD 6.2-RC1 #0: Sat Nov 18 15:04:59 CET 2006 =20 Internet6: Destination Gateway Flags = Netif Expire ::1 ::1 UHL = lo0 ff01:8::/32 ::1 UC = lo0 ff02::%lo0/32 ::1 UC = lo0 =20 How can I get backs link-local routes in RELENG_6_2 and which changes in = code it causes or brings about. =20 I appeal our documentation maintenaner to write some lines about this = strange from my point of view change. =20 Bye =20 Dan From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 00:17:57 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A09A216A4A7 for ; Fri, 15 Dec 2006 00:17:57 +0000 (UTC) (envelope-from ivo.vachkov@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75A5343EE9 for ; Fri, 15 Dec 2006 00:07:04 +0000 (GMT) (envelope-from ivo.vachkov@gmail.com) Received: by wr-out-0506.google.com with SMTP id i28so332209wra for ; Thu, 14 Dec 2006 16:08:42 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=MXoExrdEgWbFzOETL0/WNJC2pT/1xSeS09g67AF2yg6/pSdUDIu8gCzKtJNoN5PjoRl/3cOr9ZvhHaVtXswMTJM8zcg6eiR4It/7lj7fRH7neSSwWD7IbJUMI3Q1IFc3bSTVmdt7pH7Vb5ti0+cfdNNPQ8JNtubeYf18ca+gdQ0= Received: by 10.90.56.14 with SMTP id e14mr134131aga.1166141321875; Thu, 14 Dec 2006 16:08:41 -0800 (PST) Received: by 10.70.23.4 with HTTP; Thu, 14 Dec 2006 16:08:41 -0800 (PST) Message-ID: Date: Fri, 15 Dec 2006 02:08:41 +0200 From: "Ivo Vachkov" To: "Benjamin Adams" In-Reply-To: <200612141906.kBEJ6Mta090540@fire.jhs.private> MIME-Version: 1.0 References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <200612141821.kBEILi97090287@fire.jhs.private> <200612141906.kBEJ6Mta090540@fire.jhs.private> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 00:17:57 -0000 I'm not familiar with bittorrent protocol but I guess you can always implement simple L7 filter using ipfw rules to divert packets to a custom daemon that can parse the data and drop torrent packets. I did something similar for ICQ several years ago. On 12/14/06, Julian H. Stacey wrote: > > > Thus you'd still achieve your ideal of > > avoiding spending money rather than your time on it :-) > > Sorry, I wrote that wrongly, I meant: > Thus you'd still spend money & still save spending your own work time on > it. > > -- > Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen > http://berklix.com > Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. > http://berklix.org/free-software > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." Dennis Ritchie From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 00:55:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B66E16A403 for ; Fri, 15 Dec 2006 00:55:21 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E1D243C9D for ; Fri, 15 Dec 2006 00:53:36 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so609863uge for ; Thu, 14 Dec 2006 16:55:14 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IgZhTrhEMQgre6lM7qKiq1vg9GPuAWR+cVhlsmYlNsuy3QB4NsOkIVuoY3imkQ0sbcFjjGR+woV2167uDbmlpobQFEMn+EKMFfOZV1XH0Yzs3IP/3AGFyHyqXhE++csi/mk0pSfsA4rA6EvM9kBXpQ93WTQGkcazI73eEglkHl0= Received: by 10.82.138.6 with SMTP id l6mr29568bud.1166144114109; Thu, 14 Dec 2006 16:55:14 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 14 Dec 2006 16:55:13 -0800 (PST) Message-ID: <3aaaa3a0612141655x72c1905cw7fc8f415e08d70b8@mail.gmail.com> Date: Fri, 15 Dec 2006 00:55:13 +0000 From: Chris To: "Andre Oppermann" In-Reply-To: <45812CDE.7000103@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <3aaaa3a0612131706w5ae75edcvadd7958274a1e2e2@mail.gmail.com> <45812CDE.7000103@freebsd.org> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 00:55:21 -0000 On 14/12/06, Andre Oppermann wrote: > Chris wrote: > > On 12/12/06, Andre Oppermann wrote: > >> This is a patch adding automatic TCP send and receive socket buffer > >> sizing. > >> Normally the socket buffers are static (either derived from global > >> defaults > >> or set with setsockopt) and do not adapt to real network conditions. Two > >> things happen: a) your socket buffers are too small and you can't > >> reach the > >> full potential of the network between both hosts; b) your socket > >> buffers are > >> too big and you waste a lot of kernel memory for data just sitting > >> around. > >> > >> With automatic TCP send and receive socket buffers we can start with a > >> small > >> buffer and quickly grow it in parallel with the TCP congestion window > >> to match > >> real network conditions. > >> > >> FreeBSD has a default 32K send socket buffer. This supports a maximal > >> transfer rate of only slightly more than 2Mbit/s on a 100ms RTT trans- > >> continental link. Or at 200ms just above 1Mbit/s. With TCP send buffer > >> auto scaling and the default values below it supports 20Mbit/s at 100ms > >> and 10Mbit/s at 200ms. That's an improvement of factor 10, or 1000%. > >> For the receive side it looks slightly better with a default of 64K > >> buffer > >> size. > >> > >> The automatic send buffer sizing patch is currently running on one > >> half of > >> the FTP.FreeBSD.ORG cluster w/o any problems so far. Against this > >> machine > >> with the automatic receive buffer sizing patch I can download at > >> 5.7MBytes > >> per second. Without patch it maxed out at 1.6MBytes per second as the > >> delay > >> bandwidth product became equal to the static socket buffer size > >> without hitting > >> the limits of the physical link between the machines. My test machine > >> is about > >> 35ms from that FTP.FreeBSD.ORG and connected through a moderately > >> loaded 100Mbit > >> Internet link. > >> > >> New sysctl's are: > >> > >> net.inet.tcp.sendbuf_auto=1 (enabled) > >> net.inet.tcp.sendbuf_inc=8192 (8K, step size) > >> net.inet.tcp.sendbuf_max=262144 (256K, growth limit) > >> net.inet.tcp.recvbuf_auto=1 (enabled) > >> net.inet.tcp.recvbuf_inc=16384 (16K, step size) > >> net.inet.tcp.recvbuf_max=262144 (256K, growth limit) > >> > >> The patch is available here (it may apply with some fuzz): > >> > >> http://people.freebsd.org/~andre/tcp_auto_buf-20061212.diff > >> > >> Any tests and test reports are very welcome. > >> > >> -- > >> Andre > > > > Hi does this patch work on 6.x? I used the send patch on 6.x and works > > great please make a 6.x patch thank you and I will happily test. > > No, this patch doesn't work on 6.x. It makes changes to struct tcpcb > to add two additional fields. This requires netstat(1) to be recompiled > and is a ABI change. However I've got a number of requests for 6.x > patch so I may make one anyway. > > -- > Andre > > Please that would be great, the send patch works on 6.x flawlessly and has improved performance enormously it would be a shame to have to wait for 7.x to be production ready before I use it. Thanks Chris From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 02:25:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A229216A40F for ; Fri, 15 Dec 2006 02:25:36 +0000 (UTC) (envelope-from baldur@foo.is) Received: from gremlin.foo.is (gremlin.foo.is [194.105.250.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CA8943CB6 for ; Fri, 15 Dec 2006 02:23:57 +0000 (GMT) (envelope-from baldur@foo.is) Received: from 127.0.0.1 (localhost.foo.is [127.0.0.1]) by injector.foo.is (Postfix) with SMTP id 932DCDA885; Fri, 15 Dec 2006 02:25:35 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on gremlin.foo.is X-Spam-Level: X-Spam-Status: No, score=-2.6 required=6.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.7 Received: by gremlin.foo.is (Postfix, from userid 1000) id B60B1DA878; Fri, 15 Dec 2006 02:25:32 +0000 (GMT) Date: Fri, 15 Dec 2006 02:25:32 +0000 From: Baldur Gislason To: Ivo Vachkov Message-ID: <20061215022532.GJ1038@gremlin.foo.is> References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <200612141821.kBEILi97090287@fire.jhs.private> <200612141906.kBEJ6Mta090540@fire.jhs.private> In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Sanitizer: Foo MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Cc: freebsd-net , Benjamin Adams Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 02:25:36 -0000 Most of the torrent clients do encrypted sessions nowadays so they really are impossible to detect by simply parsing the packets. Baldur On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote: > I'm not familiar with bittorrent protocol but I guess you can always > implement simple L7 filter using ipfw rules to divert packets to a custom > daemon that can parse the data and drop torrent packets. I did something > similar for ICQ several years ago. > > On 12/14/06, Julian H. Stacey wrote: > > > >> Thus you'd still achieve your ideal of > >> avoiding spending money rather than your time on it :-) > > > >Sorry, I wrote that wrongly, I meant: > > Thus you'd still spend money & still save spending your own work time on > >it. > > > >-- > >Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen > >http://berklix.com > >Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. > > http://berklix.org/free-software > >_______________________________________________ > >freebsd-net@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-net > >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > > -- > "UNIX is basically a simple operating system, but you have to be a genius to > understand the simplicity." Dennis Ritchie > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 03:06:00 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3450C16A501 for ; Fri, 15 Dec 2006 03:06:00 +0000 (UTC) (envelope-from ask@develooper.com) Received: from x8.develooper.com (x8.develooper.com [216.52.237.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43ABB43ED8 for ; Fri, 15 Dec 2006 03:03:32 +0000 (GMT) (envelope-from ask@develooper.com) Received: (qmail 18032 invoked from network); 15 Dec 2006 03:05:08 -0000 Received: from dsl081-039-130.lax1.dsl.speakeasy.net (HELO ?10.50.10.20?) (ask@cleverpeople.org@64.81.39.130) by smtp.develooper.com with (AES128-SHA encrypted) SMTP; 15 Dec 2006 03:05:08 -0000 Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: =?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?= Date: Thu, 14 Dec 2006 19:05:04 -0800 To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.752.3) Cc: freebsd-stable@freebsd.org Subject: CARP + VLAN = kernel dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 03:06:00 -0000 Hi, If I enable carp on a vlan interface in rc.conf the kernel goes boom. This is 6.2-RC from a couple of weeks ago. (IIRC then I had the same problem setting up carp on a bridge'd interface). I'm configuring it like this: ifconfig_vlan2="inet 10.50.0.3/24 vlan 202 vlandev sis2" ifconfig_carp2="vhid 3 advskew 200 pass awe4jkfha4jkfha4f 10.50.0.1" cloned_interfaces="... carp2 ... vlan2" However, if I do the carp2 setup "manually" after the system is booted, it is working fine. ifconfig carp2 vhid 3 advskew 200 pass hjarefhakjewfha 10.50.0.1 Any ideas? (kernel dump below) - ask fault virtual address = 0x100005c fault code = supervisor read, page not present instruction pointer = 0x20:0xc05ba533 stack pointer = 0x28:0xc7975c30 frame pointer = 0x28:0xc7975c90 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13 (swi1: net) trap number = 12 panic: page fault Uptime: 17s Cannot dump. No dump device defined. -- http://develooper.com/ - http://askask.com/ From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 03:52:25 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1615216A403 for ; Fri, 15 Dec 2006 03:52:25 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout1-b.corp.dcn.yahoo.com (mrout1-b.corp.dcn.yahoo.com [216.109.112.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E8A043C9E for ; Fri, 15 Dec 2006 03:50:45 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy8.corp.yahoo.com [216.145.48.13]) by mrout1-b.corp.dcn.yahoo.com (8.13.8/8.13.6/y.out) with ESMTP id kBF3qDW2038621; Thu, 14 Dec 2006 19:52:16 -0800 (PST) Date: Fri, 15 Dec 2006 12:52:11 +0900 Message-ID: From: gnn@freebsd.org To: Daniel =?UTF-8?B?RHZvxZnDoWs=?= In-Reply-To: <002b01c71fcf$18c78a10$6508280a@tocnet28.jspoj.czf> References: <002b01c71fcf$18c78a10$6508280a@tocnet28.jspoj.czf> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 03:52:25 -0000 At Thu, 14 Dec 2006 23:27:53 +0100, Daniel Dvo=C5=99=C3=A1k wrote: >=20 > Hi all, >=20 > =20 >=20 > I want back ipv6 link-local routes back, do you know how to do that > ? I hope this significant change will be in release document for > 6.2. I did not change rc.conf since release FreeBSD 6.1 in May06. >=20 You need to set auto_linklocal=3D"YES" in rc.conf Best, George From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 15:27:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CEE9216A4D8 for ; Fri, 15 Dec 2006 15:27:53 +0000 (UTC) (envelope-from josh@tcbug.org) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.200.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D5C043CA6 for ; Fri, 15 Dec 2006 15:26:10 +0000 (GMT) (envelope-from josh@tcbug.org) Received: from gimpy (c-24-118-186-172.hsd1.mn.comcast.net[24.118.186.172]) by comcast.net (sccrmhc12) with ESMTP id <20061215152750012004i3fte>; Fri, 15 Dec 2006 15:27:51 +0000 From: Josh Paetzel To: freebsd-net@freebsd.org Date: Fri, 15 Dec 2006 09:27:43 -0600 User-Agent: KMail/1.9.4 References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <20061215022532.GJ1038@gremlin.foo.is> In-Reply-To: <20061215022532.GJ1038@gremlin.foo.is> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612150927.43706.josh@tcbug.org> Cc: Benjamin Adams Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 15:27:53 -0000 On Thursday 14 December 2006 20:25, Baldur Gislason wrote: > Most of the torrent clients do encrypted sessions nowadays so they > really are impossible to detect by simply parsing the packets. > > Baldur > > On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote: > > I'm not familiar with bittorrent protocol but I guess you can > > always implement simple L7 filter using ipfw rules to divert > > packets to a custom daemon that can parse the data and drop > > torrent packets. I did something similar for ICQ several years > > ago. > > > > On 12/14/06, Julian H. Stacey wrote: > > >> Thus you'd still achieve your ideal of > > >> avoiding spending money rather than your time on it :-) > > > > > >Sorry, I wrote that wrongly, I meant: > > > Thus you'd still spend money & still save spending your own > > > work time on it. > > > > > >-- Probably the simplest pain free solution I can think of is to get a linksys WRT54G-L and flash it with DD-WRT firmware. Comes with a nifty drop-down menu in the access control page that allows you to block things by service. Not entirely sure *how* it works, but it seems to be very effective at blocking at the application layer....including bt and even skype. -- Thanks, Josh Paetzel From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 17:10:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E88B16A553; Fri, 15 Dec 2006 17:10:17 +0000 (UTC) (envelope-from bmah@freebsd.org) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B3C543FC6; Fri, 15 Dec 2006 17:01:42 +0000 (GMT) (envelope-from bmah@freebsd.org) Received: from [64.142.31.109] (phantom.kitchenlab.org [64.142.31.109]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id kBFH31xq030431 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Dec 2006 09:03:01 -0800 Message-ID: <4582D544.60000@freebsd.org> Date: Fri, 15 Dec 2006 09:03:00 -0800 From: "Bruce A. Mah" User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: gnn@freebsd.org References: <002b01c71fcf$18c78a10$6508280a@tocnet28.jspoj.czf> In-Reply-To: X-Enigmail-Version: 0.94.0.0 OpenPGP: id=5ba052c3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig83D3A0853D41DA6CDD7C4D73" Cc: =?UTF-8?B?RGFuaWVsIER2b8WZw6Fr?= , freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 17:10:17 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig83D3A0853D41DA6CDD7C4D73 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable If memory serves me right, gnn@freebsd.org wrote: > At Thu, 14 Dec 2006 23:27:53 +0100, > Daniel Dvo=C5=99=C3=A1k wrote: >> Hi all, >> >> =20 >> >> I want back ipv6 link-local routes back, do you know how to do that >> ? I hope this significant change will be in release document for >> 6.2. I did not change rc.conf since release FreeBSD 6.1 in May06. >> >=20 > You need to set >=20 > auto_linklocal=3D"YES" >=20 > in rc.conf Um, are you sure? I thought the idea was that the auto_linklocal script checked ipv6_enable. To the OP: You don't appear to have any other IPv6 interface addresses configured...do you have this line in /etc/rc.conf? ipv6_enable=3D"YES" If not, I'd try adding *that*. Bruce. --------------enig83D3A0853D41DA6CDD7C4D73 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgtVE2MoxcVugUsMRAgpdAJ4xunVH/o5eehGXqjXignQOHvYdbACguiZ1 xKRNL1npGKQ9eZI99QxEPgM= =YcTz -----END PGP SIGNATURE----- --------------enig83D3A0853D41DA6CDD7C4D73-- From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 18:58:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 26AD716A40F; Fri, 15 Dec 2006 18:58:41 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from webmail9.mail.yandex.net (webmail9.mail.yandex.net [213.180.223.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id E93AB43C9D; Fri, 15 Dec 2006 18:56:04 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from YAMAIL (webmail9.yandex.ru) by mail.yandex.ru id ; Fri, 15 Dec 2006 21:57:38 +0300 Received: from [82.211.152.12] ([82.211.152.12]) by mail.yandex.ru with HTTP; Fri, 15 Dec 2006 21:57:37 +0300 (MSK) Date: Fri, 15 Dec 2006 21:57:37 +0300 (MSK) From: "Andrey V. Elsukov" Sender: bu7cher@yandex.ru Message-Id: <4582F021.000015.13046@webmail9.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] Errors-To: bu7cher@yandex.ru To: freebsd-net@freebsd.org X-Source-Ip: 82.211.152.12 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Cc: freebsd-arch@freebsd.org Subject: Runtime control for the IPFIREWALL_FORWARD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bu7cher@yandex.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 18:58:41 -0000 Hi, All! I want get the IPFIREWALL_FORWARD feature without a kernel rebuild. And use forwarding with the ipfw kld. It's possible to have this functional in the base system? If yes, then which is preferred way: sysctl or kld? -- WBR, Andrey V. Elsukov From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 20:27:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 535F016A407 for ; Fri, 15 Dec 2006 20:27:22 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outP.internet-mail-service.net (outP.internet-mail-service.net [216.240.47.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id C41AA43C9F for ; Fri, 15 Dec 2006 20:25:33 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 15 Dec 2006 12:11:59 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBFKNldg098400; Fri, 15 Dec 2006 12:23:48 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4583044B.4000006@elischer.org> Date: Fri, 15 Dec 2006 12:23:39 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: bu7cher@yandex.ru References: <4582F021.000015.13046@webmail9.yandex.ru> In-Reply-To: <4582F021.000015.13046@webmail9.yandex.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-arch@freebsd.org Subject: Re: Runtime control for the IPFIREWALL_FORWARD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 20:27:22 -0000 Andrey V. Elsukov wrote: > Hi, All! > > I want get the IPFIREWALL_FORWARD feature without a kernel rebuild. > And use forwarding with the ipfw kld. It's possible to have this > functional in the base system? If yes, then which is preferred way: > sysctl or kld? > This introduces quite a bit of extra code into the path of IP packets. Some people are very sensitive about anything that slows down that path. From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 21:20:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 07E2116A412 for ; Fri, 15 Dec 2006 21:20:47 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outH.internet-mail-service.net (outH.internet-mail-service.net [216.240.47.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8FFC43CB3 for ; Fri, 15 Dec 2006 21:18:55 +0000 (GMT) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 15 Dec 2006 13:05:21 -0800 Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100]) by idiom.com (8.12.11/8.12.11) with ESMTP id kBFLKZhm081496; Fri, 15 Dec 2006 13:20:37 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <4583119B.20608@elischer.org> Date: Fri, 15 Dec 2006 13:20:27 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Max Laier References: <457DCD47.5090004@elischer.org> <457DD658.7010707@freebsd.org> <457DE28D.1010106@elischer.org> <200612120045.41425.max@love2party.net> In-Reply-To: <200612120045.41425.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 21:20:47 -0000 Max, further to your comment.. Max Laier wrote: > On Monday 11 December 2006 23:58, Julian Elischer wrote: >> Andre Oppermann wrote: >>> Julian Elischer wrote: >>>> in ipfw layer 2 processing, the packet is passed to the firewall >>>> as if it was a layer 3 IP packet but the ether header is also made >>>> available. >>>> >>>> I would like to add something similar in the case where a vlan tag >>>> is also on the packet.. >>>> >>>> basically I have a change where: >>>> >>>> If we are processing layer 2 packets (in ether or bridge code) >>>> AND a sysctl says to do it, >>>> and it is a vlan packet, >>>> >>>> Then the vlan header is also held back so that the packet can be >>>> processed and examined as an IP packet. It is >>>> (in the same way the ether header is) reattached when the packet is >>>> accepted. >>>> >>>> This allows me to filter packets that are traversing my bridge, >>>> even though they are encapsulated in a vlan. >>>> >>>> I have patches to allow this. I need this function. does anyone >>>> else? >>> Please have the ipfw code examine the vlan tag in the mbuf instead of >>> fiddling with the mbuf contents. >> The ipfw will be ignoring the vlan contents.. the patch is to move the >> 'start of ip header' pointer past the vlan header.. (if asked) so that >> it can identifu the IP packet. >> >> part of the patch is to make sure all the code uses this pointer >> instead of the case now where some code uses it and some uses mtod(). >> >> This could be used in conjunction with vlan keyword that would look at >> the vlan header, but that is a different feature.. > > I understand you do have a patch? Let's see it, so we are clear what we > are talking about. I think that w/o a ipfw feature to identify the vlan > number, it is pretty useless. Of course, it would enable you to do some > basic sanity checks, but real filtering needs to know the vlan it is > concerned with. BTW, what speaks against plugging the bridge into the > vlan on either side and bridge the vlan interfaces together? I have placed the following patch files: http://www.freebsd.org/~julian/vlstrip-7.diff http://www.freebsd.org/~julian/vlstrip-6.diff which implement the ability to look within vlans when being used on a bridge. I have done SOME testing with this but would certainly appreciate another set of eyes.. the next change would be lyered on top of this change and would be the addition of a rule: ipfw add 100 {operation} ip from any to any vlan {vlan_id}[-{vlan_id}] e.g. ipfw add 1000 skipto 4000 ip from any to any vlan 100-200 This, as it is will probably not work for the cases where vlans are decoded by the hardware. I'm guessing that at some stage we need to add the ability to cope with that too.. I remember that someone added some capacity to do that to bpf recently.. (?) I think.. I hope I've found all the places where the old code cared that the ip header was teh first thing in the mbuf.. if you see any places where that is stil assumed, let me know. It's working for my testing here but I'm only using it to monitor traffic on a tap, so the packets are discarded anyhow. > From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 23:24:21 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F060516A417 for ; Fri, 15 Dec 2006 23:24:21 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout3.cac.washington.edu (mxout3.cac.washington.edu [140.142.32.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2BF543CA3 for ; Fri, 15 Dec 2006 23:22:36 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.7]) by mxout3.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBFNOKZv016522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 15 Dec 2006 15:24:20 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kBFNOJb3003606 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 15 Dec 2006 15:24:20 -0800 Message-ID: <45832E9E.3040002@u.washington.edu> Date: Fri, 15 Dec 2006 15:24:14 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.8 (X11/20061116) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.94.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.12.15.150433 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: ipf : Does RPC port auto-adding interface exist? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 23:24:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I hate sort of cross-posting like this, but I haven't received any word back from anyone on the -questions list yet.. Anyhow, I was wondering if some sort of interface existed with ipf already where ipf would automatically add bound/listening RPC ports to an ipf firewall's rules, or if I would have to manhandle a bourne shell script to add this functionality in some way. I have essentially done this to a large extent already, but reinventing the wheel and ensuring that something works properly is more time consuming than its probably worth. Also, if anyone had any working firewall rules for ipf with samba filesharing, I'd be really grateful if you could share them with me! TIA, - -Garrett PS Please CC me as I'm not subscribed to this list. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgy6dEnKyINQw/HARAiiqAJ99cdT2QBMWNLJWVfBQv/1yF20/UwCfU5MW bvQgr+aw48g8b7CW5m9mDzQ= =W56i -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 23:40:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4F48816A4D1; Fri, 15 Dec 2006 23:40:33 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from pipa.vshosting.cz (pipa.vshosting.cz [81.0.201.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0163A43CE9; Fri, 15 Dec 2006 23:38:25 +0000 (GMT) (envelope-from dandee@hellteam.net) Received: from localhost (localhost [127.0.0.1]) by pipa.vshosting.cz (Postfix) with ESMTP id C8BA14E70E; Sat, 16 Dec 2006 00:40:09 +0100 (CET) Received: from pipa.vshosting.cz ([127.0.0.1]) by localhost (pipa [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10108-08; Sat, 16 Dec 2006 00:40:04 +0100 (CET) Received: from gandalf (unknown [81.0.245.205]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pipa.vshosting.cz (Postfix) with ESMTP id 257F74E71C; Sat, 16 Dec 2006 00:40:04 +0100 (CET) From: =?UTF-8?Q?Daniel_Dvo=C5=99=C3=A1k?= To: "'Bruce A. Mah'" , Date: Sat, 16 Dec 2006 00:40:02 +0100 Organization: Projekt HELL Message-ID: <005c01c720a2$573f8580$6508280a@tocnet28.jspoj.czf> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Thread-Index: Accgav79T70h0gZjSie7256tsZ5YBAANxOiQ In-Reply-To: <4582D544.60000@freebsd.org> X-Virus-Scanned: by amavisd-new at pipa.vshosting.cz Cc: freebsd-net@freebsd.org Subject: RE: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dandee@hellteam.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 23:40:33 -0000 Of course not, because in May and before may and before RC1 it was not = needed at all to have ipv6_enable=3D"YES" to have link-local routes. So what needed ? I do not understand. auto_linklocal or ipv6_enable ? -----Original Message----- From: Bruce A. Mah [mailto:bmah@freebsd.org]=20 Sent: Friday, December 15, 2006 6:03 PM To: gnn@freebsd.org Cc: Daniel Dvo=C5=99=C3=A1k; freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 If memory serves me right, gnn@freebsd.org wrote: > At Thu, 14 Dec 2006 23:27:53 +0100, > Daniel Dvo=C5=99=C3=A1k wrote: >> Hi all, >> >> =20 >> >> I want back ipv6 link-local routes back, do you know how to do that >> ? I hope this significant change will be in release document for >> 6.2. I did not change rc.conf since release FreeBSD 6.1 in May06. >> >=20 > You need to set >=20 > auto_linklocal=3D"YES" >=20 > in rc.conf Um, are you sure? I thought the idea was that the auto_linklocal script checked ipv6_enable. To the OP: You don't appear to have any other IPv6 interface addresses configured...do you have this line in /etc/rc.conf? ipv6_enable=3D"YES" If not, I'd try adding *that*. Bruce. From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 00:02:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 566FB16A412; Sat, 16 Dec 2006 00:02:01 +0000 (UTC) (envelope-from bmah@freebsd.org) Received: from b.mail.sonic.net (b.mail.sonic.net [64.142.19.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D213A43C9F; Sat, 16 Dec 2006 00:00:16 +0000 (GMT) (envelope-from bmah@freebsd.org) Received: from [64.142.31.109] (phantom.kitchenlab.org [64.142.31.109]) (authenticated bits=0) by b.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id kBG020Zl000868 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Dec 2006 16:02:00 -0800 Message-ID: <45833777.5050706@freebsd.org> Date: Fri, 15 Dec 2006 16:01:59 -0800 From: "Bruce A. Mah" User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: dandee@hellteam.net References: <005c01c720a2$573f8580$6508280a@tocnet28.jspoj.czf> In-Reply-To: <005c01c720a2$573f8580$6508280a@tocnet28.jspoj.czf> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=5ba052c3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig504DCF85517C77F2466DA7AE" Cc: gnn@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 00:02:01 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig504DCF85517C77F2466DA7AE Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable If memory serves me right, Daniel Dvo=C5=99=C3=A1k wrote: > Of course not, because in May and before may and before RC1 it was not = needed at all to have ipv6_enable=3D"YES" to have link-local routes. >=20 > So what needed ? I do not understand. >=20 > auto_linklocal or ipv6_enable ? ipv6_enable=3D"YES" This is documented in the 6.2 release notes. Bruce. --------------enig504DCF85517C77F2466DA7AE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgzd32MoxcVugUsMRAhv/AJ4qqAenCaNlsbSBjGjVt4yHumZLjACfSY/D jJJonZ8cvgGBTaH56hoTWx0= =ySdc -----END PGP SIGNATURE----- --------------enig504DCF85517C77F2466DA7AE-- From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 01:40:33 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25A1516A40F; Sat, 16 Dec 2006 01:40:33 +0000 (UTC) (envelope-from dandee@hellteam.net) Received: from pipa.vshosting.cz (pipa.vshosting.cz [81.0.201.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 934F143CA6; Sat, 16 Dec 2006 01:38:47 +0000 (GMT) (envelope-from dandee@hellteam.net) Received: from localhost (localhost [127.0.0.1]) by pipa.vshosting.cz (Postfix) with ESMTP id 3D46B4E71C; Sat, 16 Dec 2006 02:40:33 +0100 (CET) Received: from pipa.vshosting.cz ([127.0.0.1]) by localhost (pipa [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09079-01; Sat, 16 Dec 2006 02:40:27 +0100 (CET) Received: from gandalf (unknown [81.0.245.205]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by pipa.vshosting.cz (Postfix) with ESMTP id 980D54E70E; Sat, 16 Dec 2006 02:40:27 +0100 (CET) From: =?UTF-8?Q?Daniel_Dvo=C5=99=C3=A1k?= To: "'Bruce A. Mah'" Date: Sat, 16 Dec 2006 02:40:25 +0100 Organization: Projekt HELL Message-ID: <002401c720b3$28b16e20$6508280a@tocnet28.jspoj.czf> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 In-Reply-To: <45833777.5050706@freebsd.org> Thread-Index: AccgpW/B2M869s+JQZWIcxh5YAyZxQADW6gw X-Virus-Scanned: by amavisd-new at pipa.vshosting.cz Cc: gnn@freebsd.org, freebsd-net@freebsd.org Subject: RE: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dandee@hellteam.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 01:40:33 -0000 Okay thanks I see it now. I would like to note that 6.2 release notes = officially does not exist yet in nowadays.=20 -----Original Message----- From: Bruce A. Mah [mailto:bmah@freebsd.org]=20 Sent: Saturday, December 16, 2006 1:02 AM To: dandee@hellteam.net Cc: gnn@freebsd.org; freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 If memory serves me right, Daniel Dvo=C5=99=C3=A1k wrote: > Of course not, because in May and before may and before RC1 it was not = needed at all to have ipv6_enable=3D"YES" to have link-local routes. >=20 > So what needed ? I do not understand. >=20 > auto_linklocal or ipv6_enable ? ipv6_enable=3D"YES" This is documented in the 6.2 release notes. Bruce. From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 03:46:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0716416A504; Sat, 16 Dec 2006 03:46:17 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A22043C9F; Sat, 16 Dec 2006 03:44:31 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.66.9.214] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1GvQUt38Oh-0006ti; Sat, 16 Dec 2006 04:46:04 +0100 From: Max Laier Organization: FreeBSD To: Julian Elischer Date: Sat, 16 Dec 2006 04:45:56 +0100 User-Agent: KMail/1.9.4 References: <457DCD47.5090004@elischer.org> <200612120045.41425.max@love2party.net> <4583119B.20608@elischer.org> In-Reply-To: <4583119B.20608@elischer.org> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart14406339.KWBK0YeLvI"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200612160446.02644.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org, Andre Oppermann Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 03:46:17 -0000 --nextPart14406339.KWBK0YeLvI Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 15 December 2006 22:20, Julian Elischer wrote: > Max, further to your comment.. > > Max Laier wrote: > > On Monday 11 December 2006 23:58, Julian Elischer wrote: > >> Andre Oppermann wrote: > >>> Julian Elischer wrote: > >>>> in ipfw layer 2 processing, the packet is passed to the firewall > >>>> as if it was a layer 3 IP packet but the ether header is also made > >>>> available. > >>>> > >>>> I would like to add something similar in the case where a vlan > >>>> tag is also on the packet.. > >>>> > >>>> basically I have a change where: > >>>> > >>>> If we are processing layer 2 packets (in ether or bridge code) > >>>> AND a sysctl says to do it, > >>>> and it is a vlan packet, > >>>> > >>>> Then the vlan header is also held back so that the packet can be > >>>> processed and examined as an IP packet. It is > >>>> (in the same way the ether header is) reattached when the packet > >>>> is accepted. > >>>> > >>>> This allows me to filter packets that are traversing my bridge, > >>>> even though they are encapsulated in a vlan. > >>>> > >>>> I have patches to allow this. I need this function. does anyone > >>>> else? > >>> > >>> Please have the ipfw code examine the vlan tag in the mbuf instead > >>> of fiddling with the mbuf contents. > >> > >> The ipfw will be ignoring the vlan contents.. the patch is to move > >> the 'start of ip header' pointer past the vlan header.. (if asked) > >> so that it can identifu the IP packet. > >> > >> part of the patch is to make sure all the code uses this pointer > >> instead of the case now where some code uses it and some uses > >> mtod(). > >> > >> This could be used in conjunction with vlan keyword that would look > >> at the vlan header, but that is a different feature.. > > > > I understand you do have a patch? Let's see it, so we are clear what > > we are talking about. I think that w/o a ipfw feature to identify > > the vlan number, it is pretty useless. Of course, it would enable > > you to do some basic sanity checks, but real filtering needs to know > > the vlan it is concerned with. BTW, what speaks against plugging the > > bridge into the vlan on either side and bridge the vlan interfaces > > together? > > I have placed the following patch files: > http://www.freebsd.org/~julian/vlstrip-7.diff > http://www.freebsd.org/~julian/vlstrip-6.diff > > which implement the ability to look within vlans when being used > on a bridge. > > I have done SOME testing with this but would certainly appreciate > another set of eyes.. > the next change would be lyered on top of this change and would be the > addition of a rule: > > ipfw add 100 {operation} ip from any to any vlan {vlan_id}[-{vlan_id}] > > e.g. > ipfw add 1000 skipto 4000 ip from any to any vlan 100-200 > > This, as it is will probably not work for the cases where vlans are > decoded by the hardware. I'm guessing that at some stage we need to > add the ability to cope with that too.. I remember that someone added > some capacity to do that to bpf recently.. (?) I think.. There is M_VLANTAG and m_pkthdr.ether_vtag for hardware support. You=20 could even reuse those for this. i.e. emulate hardware support for ipfw=20 in the pfil hook. If you want to look at the vlan tag later, you can=20 always use those then. > I hope I've found all the places where the old code cared that the ip > header was teh first thing in the mbuf.. > if you see any places where that is stil assumed, let me know. I don't like the implementation for this reason. It feels hackish to me. = =20 What is the reason that you didn't duplicate the ethernet header approach=20 in ip_fw_pfil.c? Speed? Did you measure? It is certainly easier to=20 properly strip off the vlan header in the pfil hook code and reattach it=20 when done (or trust the hardware to do it - if M_VLANTAG was set in the=20 first place). As an aside, I agree that the mtod mania isn't that great either and we=20 should probably do away with it. But that's orthogonal to the vlan=20 handling - I just don't like that to be pulled into *IP*fw. This might=20 just be me, however. > It's working for my testing here but I'm only using it to monitor > traffic on a tap, so the packets are discarded anyhow. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart14406339.KWBK0YeLvI Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFg2v6XyyEoT62BG0RAhhYAJ9AIeGQR9Q/3H23XC4su0OnKGpkqwCfajp3 ExotDwOPO5Qz9GTcITEjae4= =pObz -----END PGP SIGNATURE----- --nextPart14406339.KWBK0YeLvI-- From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 07:27:30 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4861A16A403; Sat, 16 Dec 2006 07:27:30 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id C518143C9F; Sat, 16 Dec 2006 07:27:29 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout2-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id kBG7RGO2043022; Fri, 15 Dec 2006 23:27:17 -0800 (PST) Date: Sat, 16 Dec 2006 13:40:37 +0900 Message-ID: From: gnn@freebsd.org To: "Bruce A. Mah" In-Reply-To: <4582D544.60000@freebsd.org> References: <002b01c71fcf$18c78a10$6508280a@tocnet28.jspoj.czf> <4582D544.60000@freebsd.org> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Daniel =?UTF-8?B?RHZvxZnDoWs=?= , freebsd-net@freebsd.org Subject: Re: IPv6 link-local routes disappear in 6.2-RC1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 07:27:30 -0000 At Fri, 15 Dec 2006 09:03:00 -0800, Bruce A. Mah wrote: >=20 > [1 ] > If memory serves me right, gnn@freebsd.org wrote: > > At Thu, 14 Dec 2006 23:27:53 +0100, > > Daniel Dvo=C5=99=C3=A1k wrote: > >> Hi all, > >> > >> =20 > >> > >> I want back ipv6 link-local routes back, do you know how to do that > >> ? I hope this significant change will be in release document for > >> 6.2. I did not change rc.conf since release FreeBSD 6.1 in May06. > >> > >=20 > > You need to set > >=20 > > auto_linklocal=3D"YES" > >=20 > > in rc.conf >=20 > Um, are you sure? I thought the idea was that the auto_linklocal script > checked ipv6_enable. >=20 > To the OP: You don't appear to have any other IPv6 interface addresses > configured...do you have this line in /etc/rc.conf? >=20 > ipv6_enable=3D"YES" >=20 > If not, I'd try adding *that*. >=20 Uh, I thought that ipv6_enable was already "YES" in this case, but there you go. Sorry about that. Later, George From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 07:27:49 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 35CB116A417; Sat, 16 Dec 2006 07:27:49 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mrout2-b.corp.dcn.yahoo.com (mrout2-b.corp.dcn.yahoo.com [216.109.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A70E43CA4; Sat, 16 Dec 2006 07:27:47 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98]) by mrout2-b.corp.dcn.yahoo.com (8.13.6/8.13.6/y.out) with ESMTP id kBG7RNBm043039; Fri, 15 Dec 2006 23:27:23 -0800 (PST) Date: Sat, 16 Dec 2006 13:45:22 +0900 Message-ID: From: gnn@freebsd.org To: Ask =?ISO-8859-1?Q?Bj=F8rn?= Hansen In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/22.0.90 (i386-apple-darwin8.8.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: CARP + VLAN = kernel dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 07:27:49 -0000 At Thu, 14 Dec 2006 19:05:04 -0800, Ask Bj=F8rn Hansen wrote: >=20 > Hi, >=20 > If I enable carp on a vlan interface in rc.conf the kernel goes =20 > boom. This is 6.2-RC from a couple of weeks ago. (IIRC then I had =20 > the same problem setting up carp on a bridge'd interface). >=20 > I'm configuring it like this: >=20 > ifconfig_vlan2=3D"inet 10.50.0.3/24 vlan 202 vlandev sis2" > ifconfig_carp2=3D"vhid 3 advskew 200 pass awe4jkfha4jkfha4f 10.50.0.1" >=20 > cloned_interfaces=3D"... carp2 ... vlan2" >=20 > However, if I do the carp2 setup "manually" after the system is =20 > booted, it is working fine. >=20 > ifconfig carp2 vhid 3 advskew 200 pass hjarefhakjewfha 10.50.0.1 >=20 > Any ideas? >=20 > (kernel dump below) >=20 > - ask >=20 >=20 > fault virtual address =3D 0x100005c > fault code =3D supervisor read, page not present > instruction pointer =3D 0x20:0xc05ba533 > stack pointer =3D 0x28:0xc7975c30 > frame pointer =3D 0x28:0xc7975c90 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 13 (swi1: net) > trap number =3D 12 > panic: page fault > Uptime: 17s > Cannot dump. No dump device defined. >=20 A bit more information would really help. What is needed is a backtrace, and, if you can set up to dump core (I see by the output that that's not done) that would be great. A backtrace can be gotten with=20 bt [enter] at the console after the panic. Thanks, George From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 09:15:22 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 547AB16A5C6 for ; Sat, 16 Dec 2006 09:15:21 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B13743CAB for ; Sat, 16 Dec 2006 09:15:02 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 2894 invoked from network); 16 Dec 2006 09:01:47 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 16 Dec 2006 09:01:47 -0000 Message-ID: <4583B919.8030008@freebsd.org> Date: Sat, 16 Dec 2006 10:15:05 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Max Laier References: <457DCD47.5090004@elischer.org> <200612120045.41425.max@love2party.net> <4583119B.20608@elischer.org> <200612160446.02644.max@love2party.net> In-Reply-To: <200612160446.02644.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Julian Elischer Subject: Re: addition to ipfw.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 09:15:22 -0000 Max Laier wrote: > I don't like the implementation for this reason. It feels hackish to me. > What is the reason that you didn't duplicate the ethernet header approach > in ip_fw_pfil.c? Speed? Did you measure? It is certainly easier to > properly strip off the vlan header in the pfil hook code and reattach it > when done (or trust the hardware to do it - if M_VLANTAG was set in the > first place). > > As an aside, I agree that the mtod mania isn't that great either and we > should probably do away with it. But that's orthogonal to the vlan > handling - I just don't like that to be pulled into *IP*fw. This might > just be me, however. IMO we should split IPFW into two parts (at least logically), one for *IP* firewalling, as you say, and one for Ethernet firewalling. With different not-intermixed rulesets. /sbin/ipfw could get a hardlink to /sbin/efw to do the ethernet rules display and manipulation. Note that this is a different thing from the etherbridge stuff where a layer 2 frame is inspected and turned temporarily into a layer 3 IP packet for inspection on the IP layer. -- Andre From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 09:40:08 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F121316A40F for ; Sat, 16 Dec 2006 09:40:07 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id E359A43CA0 for ; Sat, 16 Dec 2006 09:40:06 +0000 (GMT) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id B72BF7BFF14 for ; Sat, 16 Dec 2006 10:40:05 +0100 (CET) X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id l-93rCvD-XH7 for ; Sat, 16 Dec 2006 10:40:04 +0100 (CET) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id D0DA57BFF11 for ; Sat, 16 Dec 2006 10:40:04 +0100 (CET) Date: Sat, 16 Dec 2006 10:40:04 +0100 From: Gergely CZUCZY To: freebsd-net@freebsd.org Message-ID: <20061216094004.GA24480@harmless.hu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline User-Agent: mutt-ng/devel-r804 (FreeBSD) Subject: jail addresses and default bindings X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 09:40:08 -0000 --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hello today i've meet a behaviour, that can be an issue. i have an lo1 interface with 7 jail addresses as 192.168.0.0/24, where jails have addresses =66rom .1-.7 and there is an address for the host system, that's .14 whenever i try to connect to a port of a jail from the host system, the kernel automaticly assigns the jail's IP address as the source address to the socket. I'd assume that this is not a so welcomed behaviour, because this way it's hard to distingvish in a packet filter(let's say pf), among connections originating from within the jail itself or =66rom the host system to the jail. my question is, are there any work in progress around this? if it's going to be reviewed/fixed/etc, when will it going to happen, and into which stable/release branch is it planned? Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owFNVE9r3FYQd5yYwGt7CKTkOjf3z0reXW/Xmw3GpaljcjENNeTg01tpJL1Yek95 M9q1fHWhPRRaCj31kE8QMDS3Qj5CP0BvyTcIlJwzT+vdFhahHf008/szT79+cnNj 887fV69Ov/z5tz9uvLy1PfuiaphtHlXaz42NBv3+IBqORpN+tBvtjSbjyW7y1WA2 HO7p3cPL1/8+dJbRcnTS1jgFxnPeqUtt7ANICu0Jeb/hLJqoFe5bQ7Ujw8bZKRhb GovrZydeW8rQR4c2camx+RSeN44xjWpvLOtZiUoVWJZOKXapbsFszxEqRAYNMyz0 3LjG94ALzZBoKzWQqyFqMFYGBNAVSjeQ2Yw+0wnCwnABe/BMmxJ0mnokQlKaYHB/ GA/Gk7gf93eGox4sCvTY4ei61Rq9Px57V0E8iOI9mZAKhYA1FMZdwyBzPtShcMSK WmKslly3Sd4cKSUDLM7RgwH2LbCDxFmLCYdbDbXzDC6Tu45rFiZKPxX6wX/9EM7Q WxQxDbtKs0nKFjSRyS11+PC2jHz83ZqZ7h4AiXvJWlYYuqwmZ8ixUo+309CnqXDp MBeiT37WBf/JwQLLxFWY/j+LGSa6IVQdeBEyC3JlN9LQPzXEEvTcUCGJBI06DIPM lBLPZyUGMMlbdfZ5T+nK2XzliWwQgfMmN1aHHks/QpjSKPDuTDJMWGaCW0W0CuDa sJXIABaJVSsrhxSai7IeaI/XUWrbwsL5s0Cz9i5f+uZd04Vt6ECZbKktd4GN9JXt 8zg3uMB0JzPnckVOujWywrMM5NZgVei6Rtvrlkd2U8wsTFIAdWu/47FETQgzOSJS Db4zyEETJ9IDpb5psafUEfocJeuHF01y0apKJLGbQr4sx0lX/lqsr0ohHxeNUlG0 P+yrp4jWoAQuymM4kj+SmPjuSllyESsMKlpmrr0hOUs/Hdzc2gjnf/XtuLP5z6ON F8c/nF69m356//LH2wfv+fe/7n386s3Gi8M/j19/lP7yZLKbHY/Pv3+7dfzs7gc= =aIq7 -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 09:41:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 073BF16A412; Sat, 16 Dec 2006 09:41:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from pantene.mail.yandex.net (pantene.mail.yandex.net [213.180.223.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92DE643CA0; Sat, 16 Dec 2006 09:41:03 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from YAMAIL (pantene.yandex.ru) by mail.yandex.ru id ; Sat, 16 Dec 2006 12:40:44 +0300 Received: from [82.211.152.12] ([82.211.152.12]) by mail.yandex.ru with HTTP; Sat, 16 Dec 2006 12:40:44 +0300 (MSK) Date: Sat, 16 Dec 2006 12:40:44 +0300 (MSK) From: "Andrey V. Elsukov" Sender: bu7cher@yandex.ru Message-Id: <4583BF1C.000006.25221@pantene.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] Errors-To: bu7cher@yandex.ru To: julian@elischer.org In-Reply-To: <4583044B.4000006@elischer.org> References: <4582F021.000015.13046@webmail9.yandex.ru> <4583044B.4000006@elischer.org> X-Source-Ip: 82.211.152.12 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, bu7cher@yandex.ru, freebsd-arch@freebsd.org Subject: Re: Runtime control for the IPFIREWALL_FORWARD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bu7cher@yandex.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 09:41:04 -0000 >Andrey V. Elsukov wrote: >This introduces quite a bit of extra code into the path of IP packets. Yes, it will add a few extra checks like a "if (pfil_forward_enabled) {...}" >Some people are very sensitive about anything that slows down that path. I can introduce a new kernel option - NO_PFIL_FORWARD, which will remove an extra code from the CUSTOM kernel. But the GENERIC kernel will be more universal with a new feature. -- WBR, Andrey V. Elsukov From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 10:15:16 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1399916A412 for ; Sat, 16 Dec 2006 10:15:16 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 046F543CB4 for ; Sat, 16 Dec 2006 10:15:13 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id CB9B9200266; Sat, 16 Dec 2006 11:15:11 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 41BDD20025F; Sat, 16 Dec 2006 11:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7409F444889; Sat, 16 Dec 2006 10:13:01 +0000 (UTC) Date: Sat, 16 Dec 2006 10:13:00 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Gergely CZUCZY In-Reply-To: <20061216094004.GA24480@harmless.hu> Message-ID: <20061216100556.T91892@maildrop.int.zabbadoz.net> References: <20061216094004.GA24480@harmless.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-net@freebsd.org Subject: Re: jail addresses and default bindings X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 10:15:16 -0000 On Sat, 16 Dec 2006, Gergely CZUCZY wrote: Hi, > whenever i try to connect to a port of a jail from the > host system, the kernel automaticly assigns the > jail's IP address as the source address to the socket. > > I'd assume that this is not a so welcomed behaviour, because it is because that's the way it always works with inet socket communitcation. Connect to the looback address and the source address will be the looback address; connect to any of the other "host addresses" and the source will be the same address (unless told to be a different one; see further down). > this way it's hard to distingvish in a packet filter(let's say pf), > among connections originating from within the jail itself or > from the host system to the jail. I won't ask why you would want to do that if you control it from the "host" system anyway... > my question is, are there any work in progress around this? > if it's going to be reviewed/fixed/etc, when will it going to > happen, and into which stable/release branch is it planned? No if you want that make sure your connections comes from the "host system" bind to the IP of the "host system" (or one of them). telnet -s, BindAddress of ssh, ... are your friends. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 12:52:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8918016A40F for ; Sat, 16 Dec 2006 12:52:14 +0000 (UTC) (envelope-from s.dave.jones@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B5D943CA2 for ; Sat, 16 Dec 2006 12:52:13 +0000 (GMT) (envelope-from s.dave.jones@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so968148uge for ; Sat, 16 Dec 2006 04:52:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=J/IGSm90ViZV8EnAf/sG8bKRyDVrmfihYfzdN2pjW3uS7Bl24Hii0XfnXV3FJEs/9zL2ueXBrrnR3PWs8uPildiiXvS1vad6ufxlxJ4uzB2pDz3xMxir1we3KOaYWedkiabuYC68L8bEG74kXJ1kX/VfQzzVZJVFZcCZJ9qNd/8= Received: by 10.67.22.2 with SMTP id z2mr1620616ugi.1166273530610; Sat, 16 Dec 2006 04:52:10 -0800 (PST) Received: by 10.66.236.20 with HTTP; Sat, 16 Dec 2006 04:52:10 -0800 (PST) Message-ID: <5628d8010612160452y5c562757h8ef8ed0776c5525d@mail.gmail.com> Date: Sat, 16 Dec 2006 20:52:10 +0800 From: "dave jones" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: UDP lite for FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 12:52:14 -0000 Hi, Is anyone working on implementing UDP lite in FreeBSD? If not, I'd like to work on it. BR, Dave. From owner-freebsd-net@FreeBSD.ORG Sat Dec 16 19:06:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6179216A4A0 for ; Sat, 16 Dec 2006 19:06:07 +0000 (UTC) (envelope-from lfvoluntary@mindsync.com) Received: from mindsync.com (dfd234.neoplus.adsl.tpnet.pl [83.23.133.234]) by mx1.FreeBSD.org (Postfix) with SMTP id 4541343CC5 for ; Sat, 16 Dec 2006 19:06:05 +0000 (GMT) (envelope-from lfvoluntary@mindsync.com) Message-ID: <001a01c7214c$c14ae2d0$001907ac@staleczka> From: "Susanne Henson" To: "freebsd-net" Date: Sat, 16 Dec 2006 19:59:54 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.1106 Subject: Will this Stock be a "Super Nova?" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 19:06:07 -0000 Are You a Savvy Investor? The SmallCap Journal Presents: Under the Radar Equity _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ investor break Apparel Manufacturing Associates, Inc. OTC Platinum Report Symbol OTC : APPM Current Price : $0.06 hey traders dont miss this one Huge news expected out on APPM, get in before the wire, We're taking it all the way to $1.00 Access Wall Street Watch it like a hawk and get in before the rush Smart Money Equities About the Company We are a multifaceted management/development company concentrating on the world of Fashion and Music. Our affiliates and partners offer 4 decades of experience and recognized success in their respective fields. With offices in New York City, Miami and Zurich, we are in touch with the pulse of the "fashion forward". _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ build a good position while price is low America's Microcaps USA Smallcap Review