From owner-freebsd-net@FreeBSD.ORG Sun May 17 01:07:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B18911065676 for ; Sun, 17 May 2009 01:07:07 +0000 (UTC) (envelope-from irix@ukr.net) Received: from storage.ukr.net (storage.ukr.net [195.214.192.39]) by mx1.freebsd.org (Postfix) with ESMTP id 72EFA8FC16 for ; Sun, 17 May 2009 01:07:07 +0000 (UTC) (envelope-from irix@ukr.net) Received: from [80.73.6.130] (helo=ZHUAZI) by storage.ukr.net with esmtpsa ID 1M5UaG-000AYV-JD for freebsd-net@freebsd.org; Sun, 17 May 2009 03:50:32 +0300 Date: Sun, 17 May 2009 03:51:15 +0300 From: irix X-Priority: 3 (Normal) Message-ID: <224894604.20090517035115@ukr.net> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: altq X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: irix@ukr.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 01:07:08 -0000 Hello Freebsd-pf, Sorry for my english. OpenBSD team is abandon the altq project. Maybe FreeBSD team does not come as OpenBSD team. In Kernel is present "options ALTQ_CDNR # Traffic conditioner", that is may be used for simple ingress traffic shaping (like dummynet). Maybe you may add this function to pfctl to make use it. Maybe after this OpenBSD team is backport this function to base. Also lacking in pf/altq dynamic queues like in dummynet with dst-masks (src-masks)(ipfw pipe 10 config mask dst-ip 0x000000ff bw 1024bit/s queue; ipfw add pipe 10 tcp from any to 1.1.1.0/24 via fxp0), when with one rule may create many dynamic queues for per ip shaping from subnet. This maybe useful for many people, because pf is most popular firewall. Thank you. -- Best regards, irix mailto:irix@ukr.net From owner-freebsd-net@FreeBSD.ORG Sun May 17 01:57:34 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E49421065670 for ; Sun, 17 May 2009 01:57:34 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from mail-pz0-f105.google.com (mail-pz0-f105.google.com [209.85.222.105]) by mx1.freebsd.org (Postfix) with ESMTP id BCDCF8FC08 for ; Sun, 17 May 2009 01:57:34 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by pzk3 with SMTP id 3so1720899pzk.3 for ; Sat, 16 May 2009 18:57:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=DUwKx0Yck+VEh9dqGW6TMcWx3Rhh5WPtVs+gIBoDLkA=; b=Ay1zYFSs9X+VP6WGGTT135Gcv957tDrqcpNxOqA0NWu5s+ZIEBxjYla8UhLne8eHcG +PANSgAiBcNLjFdisqniDxp883RlU1A200Dpji+cMKUoV8x1+PWUAoHW6tJY9ipXc9yz 4L1+buiGg6uGwUDeS0JLnWxR2CJxoGrTXc19E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=j5x2P/uvzvJ7jN1kbKlfovi5ZQRUqtK3pH6nDQ5keoXZUyu7hGf7jIwitkIzB4Krwx zO9eTjGA4qln9QBaTozthVivujSAeLU4/4pLU17z3nYLcGEbtHfDey7XKlnptd54Vj0U 1c3nEY1Had3l/Y4VxvVcvMITJhKzh7iGgJ9K8= MIME-Version: 1.0 Received: by 10.143.17.6 with SMTP id u6mr1480658wfi.336.1242525454439; Sat, 16 May 2009 18:57:34 -0700 (PDT) Date: Sun, 17 May 2009 11:57:34 +1000 Message-ID: <736c47cb0905161857m220450b7uad5c7cf70ff58a48@mail.gmail.com> From: Sam Wun To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: net.ipv4.ip_nonlocal_bind for FreeBSD 7.2? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 01:57:35 -0000 Hi, With regarding to net.ipv4.ip_nonlocal_bind for FreeBSD 7.2, Is there any equivalent parameters I I have to tune or has it been *built-in* to the freebsd 7.2 kernel? Thanks From owner-freebsd-net@FreeBSD.ORG Sun May 17 18:46:28 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD0F21065676; Sun, 17 May 2009 18:46:28 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.freebsd.org (Postfix) with ESMTP id 149338FC15; Sun, 17 May 2009 18:46:27 +0000 (UTC) (envelope-from bra@fsn.hu) Message-ID: <4A1057D2.5090800@fsn.hu> Date: Sun, 17 May 2009 20:30:42 +0200 From: Attila Nagy User-Agent: Thunderbird 2.0.0.21 (X11/20090318) MIME-Version: 1.0 To: current@FreeBSD.org, net@freebsd.org X-Stationery: 0.4.8.14 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (people.fsn.hu [0.0.0.0]); Sun, 17 May 2009 20:30:43 +0200 (CEST) Cc: Xin LI Subject: Routing related crash in -CURRENT, introduced between 5th May and yesterday X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 18:46:29 -0000 Hello, Somewhere between 5th May and yesterday there was a (routing related?) change, which causes this machine crash at boot: http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859077575768514 http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859069031814370 The machine itself is an HP DL380G4 with bge interfaces and netbooted via PXE. A build, compiled on 5th May works fine, but this (compiled today, but with a yesterday build this is also the same) isn't. 7-STABLE also works fine on these kind of machines and this setup. Another interesting thing is while 7-STABLE (and from 5.x to 7-STABLE as of the start of May (that's the latest build we use, if there were bge related changes MFC-ed since that, I don't know)) can boot on this kind of machines with the default hw.bge.allow_asf=1, -CURRENT can't. It stops right after recognizing disk devices, even with verbose boot. That is the point, where DHCP (still netbooting) kicks in... I think these kind of machines are not rare (I admit that not everybody uses netbooting with them, but -CURRENT freezes even when installing from CD, when the installer tries to configure the interfaces), so it would be good to correct (and not MFC what is on HEAD until that) this regression. If I can do any debugging or give more information, please let me know! Thanks, From owner-freebsd-net@FreeBSD.ORG Sun May 17 19:03:21 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 057D21065672; Sun, 17 May 2009 19:03:21 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.freebsd.org (Postfix) with ESMTP id B9EF08FC16; Sun, 17 May 2009 19:03:19 +0000 (UTC) (envelope-from bra@fsn.hu) Message-ID: <4A105F75.1000904@fsn.hu> Date: Sun, 17 May 2009 21:03:17 +0200 From: Attila Nagy User-Agent: Thunderbird 2.0.0.21 (X11/20090318) MIME-Version: 1.0 To: current@FreeBSD.org, net@freebsd.org References: <4A1057D2.5090800@fsn.hu> In-Reply-To: <4A1057D2.5090800@fsn.hu> X-Stationery: 0.4.8.14 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (people.fsn.hu [0.0.0.0]); Sun, 17 May 2009 21:03:18 +0200 (CEST) Cc: Xin LI Subject: Re: Routing related crash in -CURRENT, introduced between 5th May and yesterday X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 19:03:21 -0000 Attila Nagy wrote: > Hello, > > Somewhere between 5th May and yesterday there was a (routing related?) > change, which causes this machine crash at boot: > http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859077575768514 > > http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859069031814370 > > > The machine itself is an HP DL380G4 with bge interfaces and netbooted > via PXE. > > A build, compiled on 5th May works fine, but this (compiled today, but > with a yesterday build this is also the same) isn't. > > 7-STABLE also works fine on these kind of machines and this setup. > > Another interesting thing is while 7-STABLE (and from 5.x to 7-STABLE > as of the start of May (that's the latest build we use, if there were > bge related changes MFC-ed since that, I don't know)) can boot on this > kind of machines with the default hw.bge.allow_asf=1, -CURRENT can't. > It stops right after recognizing disk devices, even with verbose boot. > That is the point, where DHCP (still netbooting) kicks in... > > I think these kind of machines are not rare (I admit that not > everybody uses netbooting with them, but -CURRENT freezes even when > installing from CD, when the installer tries to configure the > interfaces), so it would be good to correct (and not MFC what is on > HEAD until that) this regression. > > If I can do any debugging or give more information, please let me know! I've found this: http://lists.freebsd.org/pipermail/svn-src-all/2009-May/008730.html which seems to be the place where the kernel dies according to the bt. I hope qingli will take care of it. And for the bge stuff, I've just noticed that allow_asf is off in 7-STABLE, so it's probably not a regression in code, but in behaviour. (which can be more easily fixed, but I don't know whether it worths to be on) From owner-freebsd-net@FreeBSD.ORG Sun May 17 19:14:18 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54F8A106564A; Sun, 17 May 2009 19:14:18 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0BF1D8FC08; Sun, 17 May 2009 19:14:17 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id C02FD41C6EA; Sun, 17 May 2009 20:55:07 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id eZ+LHDCXj6x0; Sun, 17 May 2009 20:55:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 60DA941C6BB; Sun, 17 May 2009 20:55:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id B211A4448E6; Sun, 17 May 2009 18:52:55 +0000 (UTC) Date: Sun, 17 May 2009 18:52:55 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Attila Nagy In-Reply-To: <4A1057D2.5090800@fsn.hu> Message-ID: <20090517185206.S72053@maildrop.int.zabbadoz.net> References: <4A1057D2.5090800@fsn.hu> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Xin LI , FreeBSD current mailing list , net@freebsd.org Subject: Re: Routing related crash in -CURRENT, introduced between 5th May and yesterday X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 19:14:18 -0000 On Sun, 17 May 2009, Attila Nagy wrote: Hi, > Somewhere between 5th May and yesterday there was a (routing related?) > change, which causes this machine crash at boot: > http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859077575768514 > http://picasaweb.google.com/nagy.attila/20090517Fbsd8Crash#5336859069031814370 > > The machine itself is an HP DL380G4 with bge interfaces and netbooted via > PXE. > > A build, compiled on 5th May works fine, but this (compiled today, but with a > yesterday build this is also the same) isn't. This one is known. People are working on it. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-net@FreeBSD.ORG Sun May 17 20:25:40 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71F18106564A for ; Sun, 17 May 2009 20:25:40 +0000 (UTC) (envelope-from freebsd@chrisbuechler.com) Received: from mail.pfsense.org (mail.pfsense.org [69.64.6.29]) by mx1.freebsd.org (Postfix) with ESMTP id 4ADDD8FC1D for ; Sun, 17 May 2009 20:25:39 +0000 (UTC) (envelope-from freebsd@chrisbuechler.com) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.pfsense.org (Postfix) with ESMTP id 3C513200C5 for ; Sun, 17 May 2009 15:08:21 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.pfsense.org Received: from mail.pfsense.org ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V0XFuyAk-Nk7 for ; Sun, 17 May 2009 15:08:18 -0500 (EST) Received: from [10.0.64.15] (96-28-38-25.dhcp.insightbb.com [96.28.38.25]) by mail.pfsense.org (Postfix) with ESMTP id 22F421FC1E for ; Sun, 17 May 2009 15:08:17 -0500 (EST) Message-ID: <4A106EB1.1070709@chrisbuechler.com> Date: Sun, 17 May 2009 16:08:17 -0400 From: Chris Buechler User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: multi-homed systems stop answering ARP on local addresses w/ifconfig aliases X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 20:25:40 -0000 There seems to be a regression between 6.x and 7.0 and 7.1 related to ifconfig aliases on multi-homed hosts. Not sure on anything newer than 7.1 (this is pfSense, we're just starting to test 7.2 builds). For periods of time, the system will stop answering ARP on some of its own addresses and hence anything on that network completely stops functioning. The same setup worked fine on 6.2. The particular system illustrated here is a router on part of an ISP's network. IPs are all public, in the info provided here they've been replaced with 10. IPs. The subnets on the inside interfaces are routed to the outside interface. When this problem occurs, the IPs assigned locally on the system will still respond from the Internet, but the system itself loses all connectivity with that subnet and nothing on that subnet can communicate with the host due to the lack of ARP. That makes some sense, I presume when routing to a locally assigned address via another interface, the system doesn't need ARP on the address to respond. But while it still responds from the Internet, even the host itself can't initiate a ping to that IP. It behaves the same whether pf is enabled or disabled. I see two similar issues in the past, one with a PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=121437&cat= that's exactly the same issue, it's not limited to VLANs, any multi-homed host is affected. And another: http://thread.gmane.org/gmane.os.freebsd.stable/57125 fxp0 is the outside interface. It doesn't make any difference whether the ifconfig aliases are on the em0 or fxp1 interfaces, they both behave the same if they have any ifconfig aliases assigned. # ifconfig fxp0: flags=8843 metric 0 mtu 1500 options=8 ether 00:90:27:86:8b:9d inet6 fe80::290:27ff:fe86:8b9d%fxp0 prefixlen 64 scopeid 0x1 inet 10.11.185.146 netmask 0xfffffff8 broadcast 10.11.185.151 media: Ethernet 100baseTX status: active em0: flags=8843 metric 0 mtu 1500 options=9b ether 00:11:43:2c:62:03 inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255 inet6 fe80::211:43ff:fe2c:6203%em0 prefixlen 64 scopeid 0x2 inet 10.13.40.1 netmask 0xffffff00 broadcast 10.13.40.255 inet 10.13.41.1 netmask 0xffffff00 broadcast 10.13.41.255 inet 10.13.42.1 netmask 0xffffff00 broadcast 10.13.42.255 inet 10.13.43.1 netmask 0xffffff00 broadcast 10.13.43.255 inet 10.13.44.1 netmask 0xffffff00 broadcast 10.13.44.255 inet 10.13.45.1 netmask 0xffffff00 broadcast 10.13.45.255 inet 10.13.46.1 netmask 0xffffff00 broadcast 10.13.46.255 inet 10.13.47.1 netmask 0xffffff00 broadcast 10.13.47.255 media: Ethernet autoselect (100baseTX ) status: active fxp1: flags=8843 metric 0 mtu 1500 options=8 ether 00:d0:b7:5d:25:9f inet 10.1.242.1 netmask 0xffffff00 broadcast 10.1.242.255 inet6 fe80::2d0:b7ff:fe5d:259f%fxp1 prefixlen 64 scopeid 0x3 inet 10.1.243.1 netmask 0xffffff00 broadcast 10.1.243.255 media: Ethernet autoselect (100baseTX ) status: active When the problem is occurring, you can't even ping the affected locally assigned addresses from the box itself: # ping 10.10.0.1 PING 10.10.0.1 (10.10.0.1): 56 data bytes ping: sendto: Network is unreachable ping: sendto: Network is unreachable ping: sendto: Network is unreachable And when trying to ping something on one of the affected attached subnets, you get: # ping 10.10.0.30 PING 10.10.0.30 (10.10.0.30): 56 data bytes ping: sendto: Invalid argument ping: sendto: Invalid argument In the logs, you get a flood of these messages: May 14 02:55:12 kernel: arpresolve: can't allocate route for 10.10.0.1 May 14 02:55:12 kernel: arplookup 10.10.0.1 failed: host is not on local network May 14 02:55:12 kernel: arpresolve: can't allocate route for 10.10.0.1 May 14 02:55:12 kernel: arplookup 10.10.0.1 failed: host is not on local network It happens both with the primary IP assigned to the interface, and the aliases assigned, but not all at once. Some of the addresses will continue to work when others are failing. Somehow it thinks IPs that are locally assigned are not on a local network... after a couple minutes, it just starts working again without making any changes or even touching the system. If I can provide any additional information, please let me know. thanks, Chris From owner-freebsd-net@FreeBSD.ORG Sun May 17 20:46:32 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4A7D1065670 for ; Sun, 17 May 2009 20:46:32 +0000 (UTC) (envelope-from prvs=1388f28069=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (core6.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id 40E778FC12 for ; Sun, 17 May 2009 20:46:32 +0000 (UTC) (envelope-from prvs=1388f28069=killing@multiplay.co.uk) DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=multiplay.co.uk; s=Multiplay; t=1242592536; x=1243197336; q=dns/txt; h=Received: Message-ID:From:To:References:Subject:Date:MIME-Version: Content-Type:Content-Transfer-Encoding; bh=Fx8Oqdwzn2Pe8klQaqkik v43xhWn6o58R+Eojr7HbvE=; b=RoOctAJpqjdaYCDFOwkQVwBWaaJLqbcwVr9mW 0u7G0cJW1oaYJPfWOAsxtBfCxd8Uh4L8sbz8cxC07LCnBIwDTRFwpIitq6DAXX4t 718bAAzCutMOcGSPVe6jxyyxW229VtW36iHoMfVlrzKAFoSfW1jqnJJIdTm8Km9R TUq/FE= X-MDAV-Processed: mail1.multiplay.co.uk, Sun, 17 May 2009 21:35:36 +0100 Received: from r2d2 by mail1.multiplay.co.uk (MDaemon PRO v10.0.4) with ESMTP id md50007532907.msg for ; Sun, 17 May 2009 21:35:34 +0100 X-Spam-Processed: mail1.multiplay.co.uk, Sun, 17 May 2009 21:35:34 +0100 (not processed: message from trusted or authenticated source) X-Authenticated-Sender: Killing@multiplay.co.uk X-MDRemoteIP: 85.236.106.102 X-Return-Path: prvs=1388f28069=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk X-MDaemon-Deliver-To: net@freebsd.org Message-ID: From: "Steven Hartland" To: "Chris Buechler" , References: <4A106EB1.1070709@chrisbuechler.com> Date: Sun, 17 May 2009 21:35:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Cc: Subject: Re: multi-homed systems stop answering ARP on local addresses w/ifconfig aliases X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 20:46:32 -0000 Silly question but something else on the network isn't doing a arp spoof attack is it? Regards Steve ----- Original Message ----- From: "Chris Buechler" To: Sent: Sunday, May 17, 2009 9:08 PM Subject: multi-homed systems stop answering ARP on local addresses w/ifconfig aliases > There seems to be a regression between 6.x and 7.0 and 7.1 related to > ifconfig aliases on multi-homed hosts. Not sure on anything newer than > 7.1 (this is pfSense, we're just starting to test 7.2 builds). For > periods of time, the system will stop answering ARP on some of its own > addresses and hence anything on that network completely stops > functioning. The same setup worked fine on 6.2. > > The particular system illustrated here is a router on part of an ISP's > network. IPs are all public, in the info provided here they've been > replaced with 10. IPs. The subnets on the inside interfaces are routed > to the outside interface. When this problem occurs, the IPs assigned > locally on the system will still respond from the Internet, but the > system itself loses all connectivity with that subnet and nothing on > that subnet can communicate with the host due to the lack of ARP. That > makes some sense, I presume when routing to a locally assigned address > via another interface, the system doesn't need ARP on the address to > respond. But while it still responds from the Internet, even the host > itself can't initiate a ping to that IP. It behaves the same whether pf > is enabled or disabled. > > I see two similar issues in the past, one with a PR: > http://www.freebsd.org/cgi/query-pr.cgi?pr=121437&cat= > that's exactly the same issue, it's not limited to VLANs, any > multi-homed host is affected. > > And another: > http://thread.gmane.org/gmane.os.freebsd.stable/57125 > > fxp0 is the outside interface. It doesn't make any difference whether > the ifconfig aliases are on the em0 or fxp1 interfaces, they both behave > the same if they have any ifconfig aliases assigned. > > # ifconfig > fxp0: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:90:27:86:8b:9d > inet6 fe80::290:27ff:fe86:8b9d%fxp0 prefixlen 64 scopeid 0x1 > inet 10.11.185.146 netmask 0xfffffff8 broadcast 10.11.185.151 > media: Ethernet 100baseTX > status: active > em0: flags=8843 metric 0 mtu 1500 > options=9b > ether 00:11:43:2c:62:03 > inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255 > inet6 fe80::211:43ff:fe2c:6203%em0 prefixlen 64 scopeid 0x2 > inet 10.13.40.1 netmask 0xffffff00 broadcast 10.13.40.255 > inet 10.13.41.1 netmask 0xffffff00 broadcast 10.13.41.255 > inet 10.13.42.1 netmask 0xffffff00 broadcast 10.13.42.255 > inet 10.13.43.1 netmask 0xffffff00 broadcast 10.13.43.255 > inet 10.13.44.1 netmask 0xffffff00 broadcast 10.13.44.255 > inet 10.13.45.1 netmask 0xffffff00 broadcast 10.13.45.255 > inet 10.13.46.1 netmask 0xffffff00 broadcast 10.13.46.255 > inet 10.13.47.1 netmask 0xffffff00 broadcast 10.13.47.255 > media: Ethernet autoselect (100baseTX ) > status: active > fxp1: flags=8843 metric 0 mtu 1500 > options=8 > ether 00:d0:b7:5d:25:9f > inet 10.1.242.1 netmask 0xffffff00 broadcast 10.1.242.255 > inet6 fe80::2d0:b7ff:fe5d:259f%fxp1 prefixlen 64 scopeid 0x3 > inet 10.1.243.1 netmask 0xffffff00 broadcast 10.1.243.255 > media: Ethernet autoselect (100baseTX ) > status: active > > > > When the problem is occurring, you can't even ping the affected locally > assigned addresses from the box itself: > # ping 10.10.0.1 > PING 10.10.0.1 (10.10.0.1): 56 data bytes > ping: sendto: Network is unreachable > ping: sendto: Network is unreachable > ping: sendto: Network is unreachable > > And when trying to ping something on one of the affected attached > subnets, you get: > # ping 10.10.0.30 > PING 10.10.0.30 (10.10.0.30): 56 data bytes > ping: sendto: Invalid argument > ping: sendto: Invalid argument > > > In the logs, you get a flood of these messages: > May 14 02:55:12 kernel: arpresolve: can't allocate route for 10.10.0.1 > May 14 02:55:12 kernel: arplookup 10.10.0.1 failed: host is not on > local network > May 14 02:55:12 kernel: arpresolve: can't allocate route for 10.10.0.1 > May 14 02:55:12 kernel: arplookup 10.10.0.1 failed: host is not on > local network > > > It happens both with the primary IP assigned to the interface, and the > aliases assigned, but not all at once. Some of the addresses will > continue to work when others are failing. Somehow it thinks IPs that are > locally assigned are not on a local network... after a couple minutes, > it just starts working again without making any changes or even touching > the system. > > If I can provide any additional information, please let me know. > > thanks, > Chris > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Sun May 17 21:04:02 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 82076106566B for ; Sun, 17 May 2009 21:04:02 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id 3D5718FC1E for ; Sun, 17 May 2009 21:04:02 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so1756994ywe.13 for ; Sun, 17 May 2009 14:04:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Zklvi7f3Dmt2j9QFVO5b5689D5+KNqjUR7PNclqQOIw=; b=rh0Di5Ss9qsm1JeUDo5vHkgL1CwsdL59BthrJmAs2jH7xPfJ1m458RAvi7NAktQHQ4 Meo4eC0LgEtTxRTg7BoZcsMO69cxpJGVETgURix1pBssMc9lamIOmE6eZ06OPgdbXGM7 RvpfzthR85TUFV/cQhMbK/eEy7XP5oxNsfKj8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=RJwsHOhqd2PsXkZJHlrcT+DOcTAjsGVZ4G5aZChF6uUi0ZJ4iYaQBnj66ci8z6PUrg ONmERb25Hirpl2uMOPMNADcDWCX7aIIATkwA/RoK5GgjAl8rBuF1urPba6MKeDnTOOTs uR+TeinSAu48IWM7rmDsN6+VzJdwJhFa5XrYQ= MIME-Version: 1.0 Received: by 10.150.136.15 with SMTP id j15mr10927189ybd.257.1242592851331; Sun, 17 May 2009 13:40:51 -0700 (PDT) In-Reply-To: References: <4A106EB1.1070709@chrisbuechler.com> Date: Sun, 17 May 2009 16:40:51 -0400 Message-ID: From: Chris Buechler To: Steven Hartland Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: net@freebsd.org Subject: Re: multi-homed systems stop answering ARP on local addresses w/ifconfig aliases X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 21:04:02 -0000 On Sun, May 17, 2009 at 4:35 PM, Steven Hartland wrote: > Silly question but something else on the network isn't doing a arp spoof > attack is it? > No, there isn't any ARP at all on that address on the network when this is a problem, verified with tcpdump. That also shouldn't impact the system's ability to talk to its own IPs. thanks for the response though! > ----- Original Message ----- From: "Chris Buechler" > > To: > Sent: Sunday, May 17, 2009 9:08 PM > Subject: multi-homed systems stop answering ARP on local addresses > w/ifconfig aliases > > >> There seems to be a regression between 6.x and 7.0 and 7.1 related to >> ifconfig aliases on multi-homed hosts. Not sure on anything newer than 7= .1 >> (this is pfSense, we're just starting to test 7.2 builds). For periods o= f >> time, the system will stop answering ARP on some of its own addresses an= d >> hence anything on that network completely stops functioning. The same se= tup >> worked fine on 6.2. >> >> The particular system illustrated here is a router on part of an ISP's >> network. IPs are all public, in the info provided here they've been repl= aced >> with 10. IPs. The subnets on the inside interfaces are routed to the out= side >> interface. When this problem occurs, the IPs assigned locally on the sys= tem >> will still respond from the Internet, but the system itself loses all >> connectivity with that subnet and nothing on that subnet can communicate >> with the host due to the lack of ARP. That makes some sense, I presume w= hen >> routing to a locally assigned address via another interface, the system >> doesn't need ARP on the address to respond. But while it still responds = from >> the Internet, even the host itself can't initiate a ping to that IP. It >> behaves the same whether pf is enabled or disabled. >> >> I see two similar issues in the past, one with a PR: >> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D121437&cat=3D >> that's exactly the same issue, it's not limited to VLANs, any multi-home= d >> host is affected. >> >> And another: >> http://thread.gmane.org/gmane.os.freebsd.stable/57125 >> >> fxp0 is the outside interface. It doesn't make any difference whether th= e >> ifconfig aliases are on the em0 or fxp1 interfaces, they both behave the >> same if they have any ifconfig aliases assigned. >> >> # ifconfig >> fxp0: flags=3D8843 metric 0 mtu = 1500 >> =A0 =A0 =A0 options=3D8 >> =A0 =A0 =A0 ether 00:90:27:86:8b:9d >> =A0 =A0 =A0 inet6 fe80::290:27ff:fe86:8b9d%fxp0 prefixlen 64 scopeid 0x1 >> =A0 =A0 =A0 inet 10.11.185.146 netmask 0xfffffff8 broadcast 10.11.185.15= 1 >> =A0 =A0 =A0 media: Ethernet 100baseTX >> =A0 =A0 =A0 status: active >> em0: flags=3D8843 metric 0 mtu 1= 500 >> =A0 =A0 =A0 options=3D9b >> =A0 =A0 =A0 ether 00:11:43:2c:62:03 >> =A0 =A0 =A0 inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255 >> =A0 =A0 =A0 inet6 fe80::211:43ff:fe2c:6203%em0 prefixlen 64 scopeid 0x2 >> =A0 =A0 =A0 inet 10.13.40.1 netmask 0xffffff00 broadcast 10.13.40.255 >> =A0 =A0 =A0 inet 10.13.41.1 netmask 0xffffff00 broadcast 10.13.41.255 >> =A0 =A0 =A0 inet 10.13.42.1 netmask 0xffffff00 broadcast 10.13.42.255 >> =A0 =A0 =A0 inet 10.13.43.1 netmask 0xffffff00 broadcast 10.13.43.255 >> =A0 =A0 =A0 inet 10.13.44.1 netmask 0xffffff00 broadcast 10.13.44.255 >> =A0 =A0 =A0 inet 10.13.45.1 netmask 0xffffff00 broadcast 10.13.45.255 >> =A0 =A0 =A0 inet 10.13.46.1 netmask 0xffffff00 broadcast 10.13.46.255 >> =A0 =A0 =A0 inet 10.13.47.1 netmask 0xffffff00 broadcast 10.13.47.255 >> =A0 =A0 =A0 media: Ethernet autoselect (100baseTX ) >> =A0 =A0 =A0 status: active >> fxp1: flags=3D8843 metric 0 mtu = 1500 >> =A0 =A0 =A0 options=3D8 >> =A0 =A0 =A0 ether 00:d0:b7:5d:25:9f >> =A0 =A0 =A0 inet 10.1.242.1 netmask 0xffffff00 broadcast 10.1.242.255 >> =A0 =A0 =A0 inet6 fe80::2d0:b7ff:fe5d:259f%fxp1 prefixlen 64 scopeid 0x3 >> =A0 =A0 =A0 inet 10.1.243.1 netmask 0xffffff00 broadcast 10.1.243.255 >> =A0 =A0 =A0 media: Ethernet autoselect (100baseTX ) >> =A0 =A0 =A0 status: active >> >> >> >> When the problem is occurring, you can't even ping the affected locally >> assigned addresses from the box itself: >> # ping 10.10.0.1 >> PING 10.10.0.1 (10.10.0.1): 56 data bytes >> ping: sendto: Network is unreachable >> ping: sendto: Network is unreachable >> ping: sendto: Network is unreachable >> >> And when trying to ping something on one of the affected attached subnet= s, >> you get: >> # ping 10.10.0.30 >> PING 10.10.0.30 (10.10.0.30): 56 data bytes >> ping: sendto: Invalid argument >> ping: sendto: Invalid argument >> >> >> In the logs, you get a flood of these messages: >> May 14 02:55:12 =A0 =A0kernel: arpresolve: can't allocate route for 10.1= 0.0.1 >> May 14 02:55:12 =A0 =A0kernel: arplookup 10.10.0.1 failed: host is not o= n >> local network >> May 14 02:55:12 =A0 =A0kernel: arpresolve: can't allocate route for 10.1= 0.0.1 >> May 14 02:55:12 =A0 =A0kernel: arplookup 10.10.0.1 failed: host is not o= n >> local network >> >> >> It happens both with the primary IP assigned to the interface, and the >> aliases assigned, but not all at once. Some of the addresses will contin= ue >> to work when others are failing. Somehow it thinks IPs that are locally >> assigned are not on a local network... after a couple minutes, it just >> starts working again without making any changes or even touching the sys= tem. >> >> If I can provide any additional information, please let me know. >> >> thanks, >> Chris >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > This e.mail is private and confidential between Multiplay (UK) Ltd. and t= he > person or entity to whom it is addressed. In the event of misdirection, t= he > recipient is prohibited from using, copying, printing or otherwise > disseminating it or any information contained in it. > In the event of misdirection, illegible or incomplete transmission please > telephone +44 845 868 1337 > or return the E.mail to postmaster@multiplay.co.uk. > > From owner-freebsd-net@FreeBSD.ORG Sun May 17 23:48:43 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BDB9B1065670 for ; Sun, 17 May 2009 23:48:43 +0000 (UTC) (envelope-from irix@ukr.net) Received: from storage.ukr.net (storage.ukr.net [195.214.192.39]) by mx1.freebsd.org (Postfix) with ESMTP id 7E54C8FC14 for ; Sun, 17 May 2009 23:48:43 +0000 (UTC) (envelope-from irix@ukr.net) Received: from [80.73.6.130] (helo=ZHUAZI) by storage.ukr.net with esmtpsa ID 1M5q5y-000CxJ-KW for freebsd-net@freebsd.org; Mon, 18 May 2009 02:48:42 +0300 Date: Mon, 18 May 2009 02:49:26 +0300 From: irix X-Priority: 3 (Normal) Message-ID: <609243039.20090518024926@ukr.net> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: Re:altq X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: irix@ukr.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2009 23:48:44 -0000 Hello , First of all,person who is responsible for this answer for my question about dynamics queues and finely complete to merge cdnr into pf, that altq nothing else, and complete does not this function. You need and you do. We are not interested in this. But altq is not complete solution. From altqd make any abnormality. The idea of merging with pf excellent, but the realization of an unfinished, even at 30%. Removed 70% of traffic disciplince's (like blue, JoBBs), did not finish cdnr, nothing new added. How can this be called complete project? In DfBSD in altq add fairq, is one new option in altq for last six years. No development, the project is dead. I can understand, when project is complete, more it did not need to add. But altq in pf have almost nothing. And developers say it does not concern us. So I wrote up in maillist freebsd, as in most advanced bsd system. Developers who think for a few years in advance. > On Sat, May 16, 2009 21:45, irix wrote: > Hello Freebsd-pf, > > Sorry for my english. > > OpenBSD team is abandon the altq project. > >I just got curious about this: where you heard that OpenBSD is abandoning >altq ? > >thanks, > >matheus > >-- >We will call you cygnus, >The God of balance you shall be > >A: Because it messes up the order in which people normally read text. >Q: Why is top-posting such a bad thing? > >http://en.wikipedia.org/wiki/Posting_style -- Best regards, irix mailto:irix@ukr.net From owner-freebsd-net@FreeBSD.ORG Mon May 18 08:44:58 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDE3F106564A for ; Mon, 18 May 2009 08:44:58 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 29ECC8FC16 for ; Mon, 18 May 2009 08:44:57 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: (qmail invoked by alias); 18 May 2009 08:44:56 -0000 Received: from ipa140.95.91.tellas.gr (EHLO [192.168.254.1]) [91.140.95.140] by mail.gmx.com (mp-eu005) with SMTP; 18 May 2009 10:44:56 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX1+N3Nxzh62NPAvnzvYJ+1TBIRr9635gMI/7c4v8Lk ha5XmW7L2nxLvC Message-ID: <4A111FDC.5030400@gmx.com> Date: Mon, 18 May 2009 11:44:12 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.6 Subject: arp fails to clear mapping for deleted network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 08:44:59 -0000 Hello, It seems that: 1) if I assign an IP address to an interface 2) get an arp mapping via this interface 3) remove the IP address from the interface arp fails to remove this arp entry when arp -d is used > lab# ifconfig rl0 192.168.254.30 > lab# ping 192.168.254.254 > PING 192.168.254.254 (192.168.254.254): 56 data bytes > 64 bytes from 192.168.254.254: icmp_seq=0 ttl=64 time=0.427 ms > 64 bytes from 192.168.254.254: icmp_seq=1 ttl=64 time=0.434 ms > 64 bytes from 192.168.254.254: icmp_seq=2 ttl=64 time=0.442 ms > 64 bytes from 192.168.254.254: icmp_seq=3 ttl=64 time=0.467 ms > 64 bytes from 192.168.254.254: icmp_seq=4 ttl=64 time=0.445 ms > ^C > --- 192.168.254.254 ping statistics --- > 5 packets transmitted, 5 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 0.427/0.443/0.467/0.014 ms > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# ifconfig rl0 delete > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# arp -d 192.168.254.254 > arp: writing to routing socket: No such process > arp: 192.168.254.254: No such process > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# This is from a few days old -current. I just noticed this somehow strange behavior, but I don't really know if it's old or new. Nikos From owner-freebsd-net@FreeBSD.ORG Mon May 18 08:51:11 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9315610656CE for ; Mon, 18 May 2009 08:51:11 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.freebsd.org (Postfix) with ESMTP id 5D9AC8FC2F for ; Mon, 18 May 2009 08:51:11 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from bcs-mail03.internal.cacheflow.com ([10.2.2.95]) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id n4I8pAGF023014; Mon, 18 May 2009 01:51:10 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Mon, 18 May 2009 01:49:39 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: arp fails to clear mapping for deleted network Thread-Index: AcnXlQ7Oob8mWboxRJubx10YTNCxNAAAIVHI References: <4A111FDC.5030400@gmx.com> From: "Li, Qing" To: "Nikos Vassiliadis" , Cc: Subject: RE: arp fails to clear mapping for deleted network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 08:51:14 -0000 Hmm... that's odd. This was an issue but I fixed this bug months ago. Let me see if I can recreate what you've described with the latest -current and get back to you later today. -- Qing -----Original Message----- From: owner-freebsd-net@freebsd.org on behalf of Nikos Vassiliadis Sent: Mon 5/18/2009 1:44 AM To: freebsd-net@freebsd.org Subject: arp fails to clear mapping for deleted network =20 Hello, It seems that: 1) if I assign an IP address to an interface 2) get an arp mapping via this interface 3) remove the IP address from the interface arp fails to remove this arp entry when arp -d is used > lab# ifconfig rl0 192.168.254.30 > lab# ping 192.168.254.254 > PING 192.168.254.254 (192.168.254.254): 56 data bytes > 64 bytes from 192.168.254.254: icmp_seq=3D0 ttl=3D64 time=3D0.427 ms > 64 bytes from 192.168.254.254: icmp_seq=3D1 ttl=3D64 time=3D0.434 ms > 64 bytes from 192.168.254.254: icmp_seq=3D2 ttl=3D64 time=3D0.442 ms > 64 bytes from 192.168.254.254: icmp_seq=3D3 ttl=3D64 time=3D0.467 ms > 64 bytes from 192.168.254.254: icmp_seq=3D4 ttl=3D64 time=3D0.445 ms > ^C > --- 192.168.254.254 ping statistics --- > 5 packets transmitted, 5 packets received, 0.0% packet loss > round-trip min/avg/max/stddev =3D 0.427/0.443/0.467/0.014 ms > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# ifconfig rl0 delete > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# arp -d 192.168.254.254 > arp: writing to routing socket: No such process > arp: 192.168.254.254: No such process > lab# arp 192.168.254.254 > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > lab# This is from a few days old -current. I just noticed this somehow strange behavior, but I don't really know if it's old or new. Nikos _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Mon May 18 09:26:10 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7C8E106564A for ; Mon, 18 May 2009 09:26:10 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 456F98FC12 for ; Mon, 18 May 2009 09:26:10 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from [130.149.220.166] (python.net.t-labs.tu-berlin.de [130.149.220.166]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 73CF7705A749 for ; Mon, 18 May 2009 11:02:46 +0200 (CEST) From: Sebastian Mellmann To: freebsd-net@freebsd.org Content-Type: text/plain Date: Mon, 18 May 2009 11:02:45 +0200 Message-Id: <1242637365.31782.4.camel@python.net.t-labs.tu-berlin.de> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit Subject: Not able to set 'bridge' mode X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 09:26:11 -0000 Hello everyone! I'm trying to set up a FreeBSD 7.2 machine with ipfw dummynet working as a bridge. I've tried this tutorial: http://www.scalabledesign.com/articles/dummynet.html But it seems that the 'BRIDGE' option for the kernel is deprecated (see http://lists.freebsd.org/pipermail/freebsd-questions/2008-May/175704.html) So my kernel config now looks like this: device if_bridge options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT options DUMMYNET options HZ=1000 I've compiled the kernel successfully, but I'm not able to set any bridge options. I've tried to enable bridge mode in ipfw with: sysctl net.link.ether.bridge_ipfw=1 and got sysctl: unknown oid 'net.link.ether.bridge_ipfw' Am I missing something? Regards, Sebastian From owner-freebsd-net@FreeBSD.ORG Mon May 18 09:33:33 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13315106564A for ; Mon, 18 May 2009 09:33:33 +0000 (UTC) (envelope-from virgos83@yahoo.com) Received: from web95207.mail.in2.yahoo.com (web95207.mail.in2.yahoo.com [203.104.18.183]) by mx1.freebsd.org (Postfix) with SMTP id 37E638FC0C for ; Mon, 18 May 2009 09:33:31 +0000 (UTC) (envelope-from virgos83@yahoo.com) Received: (qmail 39023 invoked by uid 60001); 18 May 2009 09:06:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1242637610; bh=0tiURHA9tTIJ8EZf19483/yOfN73RaQXuZd9Z+m+a9o=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=XVmZsjJ1MX42XPsMGcS3yh5q1zDml7UyqiIQnoktu4UHRcAIDyQzX02o2Yj7fZTk1OF1tvYi11rMl+p9ERSnKUW87QKIY0lgW1l0MqnQugR32ZBdKkrCSmNYCcJMKREJzzTyje4QePwJaDuneodVBYQF/Ie1mntBqC6WHyfvBl4= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=WhzcPmiYU+B7G9aHjnG0yjiUCsgn3NsjxhuoCh2jVY6o6wpFicjiiMFne2gErorLzS/Inzbbb51HDK+paffbMPJGSXUxib6aawKCkayL19tmZ4o8ySVDSDEZj7dzApEQ5df13BbV4Lrzcqo6eBYRVocLHUQGfeHeylgsX4QDql0=; Message-ID: <77376.38545.qm@web95207.mail.in2.yahoo.com> X-YMail-OSG: DAgagqQVM1n5WHRR7PNE3dgcVAK_A2.oYWnKWbn.SuLWTQMmYnlUrztjlNPG_69wnwFF5UeElljHhC5EO_Fcp2ZJRIpLSQQIZj.F4D9pDgDytH1_I8BdG_5Yam4mtz4yv7W.1BccRwqFnvfHztEXiaShFj.aZrLZqOFmsLKz6gfeJ6zyHta0F0q8qQ4UrSDCgTGCERHcBd2zlw6q.NvLM.tquyxHlbgs3i_hvoM4iJousakr6l8.bUyQ Received: from [203.126.245.198] by web95207.mail.in2.yahoo.com via HTTP; Mon, 18 May 2009 14:36:50 IST X-Mailer: YahooMailClassic/5.3.9 YahooMailWebService/0.7.289.10 Date: Mon, 18 May 2009 14:36:50 +0530 (IST) From: srinidhi gopal To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Route entry not updated - ICMPv6 Redirect X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 09:33:33 -0000 Hi, I have query regarding the behavior of FreeBSD machine upon receiving ICMPv= 6 Redirect msg.=20 I am using FreeBSD 7 as Host and Linux as Router. The Router send a ICMPv6 Redirect msg, but the BSD Host doesn't update the = routing table. I have verified all the sysctl values related to redirect : net.inet.ip.redirect: 1 net.inet.icmp.log_redirect: 0 net.inet.icmp.drop_redirect: 0 net.inet6.ip6.redirect: 1 Kindly help me in resolving this issue. Thanks in advance. Regards, Srinidhi =0A=0A=0A Explore and discover exciting holidays and getaways with Yah= oo! India Travel http://in.travel.yahoo.com/ From owner-freebsd-net@FreeBSD.ORG Mon May 18 09:38:23 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA6C71065677 for ; Mon, 18 May 2009 09:38:23 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 8AA2F8FC1B for ; Mon, 18 May 2009 09:38:23 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=BkDYR/AWsFmbjtKpWWswROtqQgKGjn+TDQb05BDW7LQAwrrWsyaQaWWogJgU4g06aDKOOxWYZs2j/C80syJsbgNu9ok+gmXUn/WvmwHhvL6MDvjkxHTD2u8iGgH+0GjqH58JTlUxLTA/g3AQvrpdAShezjhiT1Upu7/7PrMnPS8=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1M5zIc-0000Eh-Et; Mon, 18 May 2009 13:38:22 +0400 Date: Mon, 18 May 2009 13:38:20 +0400 From: Eygene Ryabinkin To: Sebastian Mellmann Message-ID: References: <1242637365.31782.4.camel@python.net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1242637365.31782.4.camel@python.net.t-labs.tu-berlin.de> Sender: rea-fbsd@codelabs.ru Cc: freebsd-net@freebsd.org Subject: Re: Not able to set 'bridge' mode X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 09:38:24 -0000 Sebastian, good day. Mon, May 18, 2009 at 11:02:45AM +0200, Sebastian Mellmann wrote: > I'm trying to set up a FreeBSD 7.2 machine with ipfw dummynet working as > a bridge. > > I've tried this tutorial: > > http://www.scalabledesign.com/articles/dummynet.html > > But it seems that the 'BRIDGE' option for the kernel is deprecated (see > http://lists.freebsd.org/pipermail/freebsd-questions/2008-May/175704.html) Yeah, BRIDGE is obsoleted now. > So my kernel config now looks like this: > > device if_bridge > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT > options DUMMYNET > options HZ=1000 > > I've compiled the kernel successfully, but I'm not able to set any > bridge options. > > I've tried to enable bridge mode in ipfw with: > > sysctl net.link.ether.bridge_ipfw=1 > > and got > > sysctl: unknown oid 'net.link.ether.bridge_ipfw' > > Am I missing something? Yeah, seems like you hadn't yet read "man if_bridge" -- it has the collection of relevant sysctl variables in section "PACKET FILTERING". Moreover, man page has instructions on how to get bridge interfaces up and running. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # From owner-freebsd-net@FreeBSD.ORG Mon May 18 09:38:32 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E272B10656CD for ; Mon, 18 May 2009 09:38:32 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: from mail-fx0-f216.google.com (mail-fx0-f216.google.com [209.85.220.216]) by mx1.freebsd.org (Postfix) with ESMTP id 715798FC14 for ; Mon, 18 May 2009 09:38:32 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: by fxm12 with SMTP id 12so3110679fxm.43 for ; Mon, 18 May 2009 02:38:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Mj3DfQgQNftGPIZyuyxfDT9gRrqmy7/G52NP5INS6XU=; b=PWpD7C4zKRi3YC+kxCfGwd0T7xRTMMC+pqAR8uStb4Bv6miOpL9ZZZjMABvcWI6GRu vTsS+t7YBaeWQTWY3ssWnuu5cfY3vWmzOeeDKInNpA0sDXEi6mwRhXsvm+kjxBb3aA9x Odw2XbiFzKias2RnX0eA+7LpBeVM80aDFNwe0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Z2kTw8FO0gh43sM9UuZ21Vw+89s2jt9+Mm61fWUAIpSj34NzkzzRXlamSe+IN0QX9B XuYAx/dlEZAnLom1TWFWvbo1g2XypN+wxR497SfACiErSuVH4bpH9bRDjA1bWNh/FXVh AuISl/0Gyhm5KgRh54A8/Q4rgAf7AoUq8+xvM= MIME-Version: 1.0 Received: by 10.103.6.10 with SMTP id j10mr853350mui.121.1242639509733; Mon, 18 May 2009 02:38:29 -0700 (PDT) In-Reply-To: <1242637365.31782.4.camel@python.net.t-labs.tu-berlin.de> References: <1242637365.31782.4.camel@python.net.t-labs.tu-berlin.de> Date: Mon, 18 May 2009 13:38:29 +0400 Message-ID: From: pluknet To: Sebastian Mellmann Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: Not able to set 'bridge' mode X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 09:38:33 -0000 2009/5/18 Sebastian Mellmann : > Hello everyone! > > I'm trying to set up a FreeBSD 7.2 machine with ipfw dummynet working as > a bridge. > > I've tried this tutorial: > > http://www.scalabledesign.com/articles/dummynet.html > > But it seems that the 'BRIDGE' option for the kernel is deprecated (see > http://lists.freebsd.org/pipermail/freebsd-questions/2008-May/175704.html= ) > bridge(4) was superseded by if_bridge(4) since 6.x (in 6 it was for transitional period). Check up man if_bridge. There are sysctl:s described. > So my kernel config now looks like this: > > device =A0 =A0 =A0 =A0 =A0if_bridge > options =A0 =A0 =A0 =A0 IPFIREWALL > options =A0 =A0 =A0 =A0 IPFIREWALL_VERBOSE > options =A0 =A0 =A0 =A0 IPFIREWALL_VERBOSE_LIMIT > options =A0 =A0 =A0 =A0 DUMMYNET > options =A0 =A0 =A0 =A0 HZ=3D1000 > > I've compiled the kernel successfully, but I'm not able to set any > bridge options. > > I've tried to enable bridge mode in ipfw with: > > sysctl net.link.ether.bridge_ipfw=3D1 It should be now sysctl net.link.bridge.ipfw apparently. --=20 wbr, pluknet From owner-freebsd-net@FreeBSD.ORG Mon May 18 11:06:57 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E2761065672 for ; Mon, 18 May 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 373CB8FC16 for ; Mon, 18 May 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4IB6v50075740 for ; Mon, 18 May 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4IB6uuL075736 for freebsd-net@FreeBSD.org; Mon, 18 May 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 May 2009 11:06:56 GMT Message-Id: <200905181106.n4IB6uuL075736@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-net@FreeBSD.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/134557 net [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp o kern/134531 net [route] [panic] kernel crash related to routes/zebra o kern/134401 net [msk] [panic] Kernel Fatal trap 12: page fault while i o kern/134369 net [route] [ip6] IPV6 in Head broken for routing table up p kern/134220 net [ng_netflow] [patch]: incorrect comparison in ng_netfl o kern/134168 net [ral] ral driver problem on RT2525 2.4GHz transceiver o kern/134157 net [dummynet] dummynet loads cpu for 100% and make a syst o kern/134079 net [em] "em0: Invalid MAC address" in FreeBSD-Current ( 8 o kern/133969 net [dummynet] [panic] Fatal trap 12: page fault while in o kern/133968 net [dummynet] [panic] dummynet kernel panic o kern/133902 net [tun] Killing tun0 iface ssh tunnel causes Panic Strin o kern/133736 net [udp] ip_id not protected ... o kern/133613 net [wpi] [panic] kernel panic in wpi(4) o kern/133595 net [panic] Kernel Panic at pcpu.h:195 o kern/133572 net [ppp] [hang] incoming PPTP connection hangs the system o kern/133490 net [bpf] [panic] 'kmem_map too small' panic on Dell r900 o kern/133328 net [bge] [panic] Kernel panics with Windows7 client o kern/133235 net [netinet] [patch] Process SIOCDLIFADDR command incorre o kern/133218 net [carp] [hang] use of carp(4) causes system to freeze o kern/133204 net [msk] msk driver timeouts o kern/133060 net [ipsec] [pfsync] [panic] Kernel panic with ipsec + pfs o kern/132991 net [bge] if_bge low performance problem o kern/132984 net [netgraph] swi1: net 100% cpu usage f bin/132911 net ip6fw(8): argument type of fill_icmptypes is wrong and o kern/132889 net [ndis] [panic] NDIS kernel crash on load BCM4321 AGN d o kern/132885 net [wlan] 802.1x broken after SVN rev 189592 o conf/132851 net [fib] [patch] allow to setup fib for service running f o kern/132832 net [netinet] [patch] tcp_output() might generate invalid o bin/132798 net [patch] ggatec(8): ggated/ggatec connection slowdown p o kern/132734 net [ifmib] [panic] panic in net/if_mib.c o kern/132722 net [ath] Wifi ath0 associates fine with AP, but DHCP or I o kern/132715 net [lagg] [panic] Panic when creating vlan's on lagg inte o kern/132705 net [libwrap] [patch] libwrap - infinite loop if hosts.all o kern/132672 net [ndis] [panic] ndis with rt2860.sys causes kernel pani o kern/132669 net [xl] 3c905-TX send DUP! in reply on ping (sometime) o kern/132625 net [iwn] iwn drivers don't support setting country o kern/132554 net [ipl] There is no ippool start script/ipfilter magic t o kern/132354 net [nat] Getting some packages to ipnat(8) causes crash o kern/132285 net [carp] alias gives incorrect hash in dmesg o kern/132277 net [crypto] [ipsec] poor performance using cryptodevice f o conf/132179 net [patch] /etc/network.subr: ipv6 rtsol on incorrect wla o kern/132107 net [carp] carp(4) advskew setting ignored when carp IP us o kern/131781 net [ndis] ndis keeps dropping the link o kern/131776 net [wi] driver fails to init o kern/131753 net [altq] [panic] kernel panic in hfsc_dequeue o bin/131567 net [socket] [patch] Update for regression/sockets/unix_cm o kern/131549 net ifconfig(8) can't clear 'monitor' mode on the wireless o kern/131536 net [netinet] [patch] kernel does allow manipulation of su o bin/131365 net route(8): route add changes interpretation of network o kern/131162 net [ath] Atheros driver bugginess and kernel crashes o kern/131153 net [iwi] iwi doesn't see a wireless network f kern/131087 net [ipw] [panic] ipw / iwi - no sent/received packets; iw f kern/130820 net [ndis] wpa_supplicant(8) returns 'no space on device' o kern/130628 net [nfs] NFS / rpc.lockd deadlock on 7.1-R o conf/130555 net [rc.d] [patch] No good way to set ipfilter variables a o kern/130525 net [ndis] [panic] 64 bit ar5008 ndisgen-erated driver cau o kern/130311 net [wlan_xauth] [panic] hostapd restart causing kernel pa o kern/130109 net [ipfw] Can not set fib for packets originated from loc f kern/130059 net [panic] Leaking 50k mbufs/hour o kern/129750 net [ath] Atheros AR5006 exits on "cannot map register spa f kern/129719 net [nfs] [panic] Panic during shutdown, tcp_ctloutput: in o kern/129580 net [ndis] Netgear WG311v3 (ndis) causes kenel trap at boo o kern/129517 net [ipsec] [panic] double fault / stack overflow o kern/129508 net [carp] [panic] Kernel panic with EtherIP (may be relat o kern/129352 net [xl] [patch] xl0 watchdog timeout o kern/129219 net [ppp] Kernel panic when using kernel mode ppp o kern/129197 net [panic] 7.0 IP stack related panic o kern/129135 net [vge] vge driver on a VIA mini-ITX not working o bin/128954 net ifconfig(8) deletes valid routes o kern/128917 net [wpi] [panic] if_wpi and wpa+tkip causing kernel panic o kern/128884 net [msk] if_msk page fault while in kernel mode o kern/128840 net [igb] page fault under load with igb/LRO o bin/128602 net [an] wpa_supplicant(8) crashes with an(4) o kern/128598 net [bluetooth] WARNING: attempt to net_add_domain(bluetoo o kern/128448 net [nfs] 6.4-RC1 Boot Fails if NFS Hostname cannot be res o conf/128334 net [request] use wpa_cli in the "WPA DHCP" situation o bin/128295 net [patch] ifconfig(8) does not print TOE4 or TOE6 capabi o bin/128001 net wpa_supplicant(8), wlan(4), and wi(4) issues o kern/127928 net [tcp] [patch] TCP bandwidth gets squeezed every time t o kern/127834 net [ixgbe] [patch] wrong error counting o kern/127826 net [iwi] iwi0 driver has reduced performance and connecti o kern/127815 net [gif] [patch] if_gif does not set vlan attributes from o kern/127724 net [rtalloc] rtfree: 0xc5a8f870 has 1 refs f bin/127719 net [arp] arp: Segmentation fault (core dumped) s kern/127587 net [bge] [request] if_bge(4) doesn't support BCM576X fami f kern/127528 net [icmp]: icmp socket receives icmp replies not owned by o bin/127192 net routed(8) removes the secondary alias IP of interface f kern/127145 net [wi]: prism (wi) driver crash at bigger traffic o kern/127102 net [wpi] Intel 3945ABG low throughput o kern/127057 net [udp] Unable to send UDP packet via IPv6 socket to IPv o kern/127050 net [carp] ipv6 does not work on carp interfaces [regressi o kern/126945 net [carp] CARP interface destruction with ifconfig destro o kern/126924 net [an] [patch] printf -> device_printf and simplify prob o kern/126895 net [patch] [ral] Add antenna selection (marked as TBD) o kern/126874 net [vlan]: Zebra problem if ifconfig vlanX destroy o bin/126822 net wpa_supplicant(8): WPA PSK does not work in adhoc mode o kern/126714 net [carp] CARP interface renaming makes system no longer o kern/126695 net rtfree messages and network disruption upon use of if_ o kern/126688 net [ixgbe] [patch] 1.4.7 ixgbe driver panic with 4GB and o kern/126475 net [ath] [panic] ath pcmcia card inevitably panics under o kern/126339 net [ipw] ipw driver drops the connection o kern/126214 net [ath] txpower problem with Atheros wifi card o kern/126075 net [inet] [patch] internet control accesses beyond end of o bin/125922 net [patch] Deadlock in arp(8) o kern/125920 net [arp] Kernel Routing Table loses Ethernet Link status o kern/125845 net [netinet] [patch] tcp_lro_rx() should make use of hard o kern/125816 net [carp] [if_bridge] carp stuck in init when using bridg f kern/125502 net [ral] ifconfig ral0 scan produces no output unless in o kern/125258 net [socket] socket's SO_REUSEADDR option does not work o kern/125239 net [gre] kernel crash when using gre o kern/125195 net [fxp] fxp(4) driver failed to initialize device Intel o kern/124904 net [fxp] EEPROM corruption with Compaq NC3163 NIC o kern/124767 net [iwi] Wireless connection using iwi0 driver (Intel 220 o kern/124753 net [ieee80211] net80211 discards power-save queue packets o kern/124341 net [ral] promiscuous mode for wireless device ral0 looses o kern/124160 net [libc] connect(2) function loops indefinitely o kern/124127 net [msk] watchdog timeout (missed Tx interrupts) -- recov o kern/124021 net [ip6] [panic] page fault in nd6_output() o kern/123968 net [rum] [panic] rum driver causes kernel panic with WPA. p kern/123961 net [vr] [patch] Allow vr interface to handle vlans o kern/123892 net [tap] [patch] No buffer space available o kern/123890 net [ppp] [panic] crash & reboot on work with PPP low-spee o kern/123858 net [stf] [patch] stf not usable behind a NAT o kern/123796 net [ipf] FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not o bin/123633 net ifconfig(8) doesn't set inet and ether address in one f kern/123617 net [tcp] breaking connection when client downloading file o kern/123603 net [tcp] tcp_do_segment and Received duplicate SYN o kern/123559 net [iwi] iwi periodically disassociates/associates [regre o bin/123465 net [ip6] route(8): route add -inet6 -interfac o kern/123463 net [ipsec] [panic] repeatable crash related to ipsec-tool o kern/123429 net [nfe] [hang] "ifconfig nfe up" causes a hard system lo o kern/123347 net [bge] bge1: watchdog timeout -- linkstate changed to D o conf/123330 net [nsswitch.conf] Enabling samba wins in nsswitch.conf c o kern/123256 net [wpi] panic: blockable sleep lock with wpi(4) f kern/123172 net [bce] Watchdog timeout problems with if_bce o kern/123160 net [ip] Panic and reboot at sysctl kern.polling.enable=0 o kern/122989 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/122954 net [lagg] IPv6 EUI64 incorrectly chosen for lagg devices o kern/122928 net [em] interface watchdog timeouts and stops receiving p f kern/122839 net [multicast] FreeBSD 7 multicast routing problem p kern/122794 net [lagg] Kernel panic after brings lagg(8) up if NICs ar o kern/122780 net [lagg] tcpdump on lagg interface during high pps wedge o kern/122772 net [em] em0 taskq panic, tcp reassembly bug causes radix o kern/122743 net [mbuf] [panic] vm_page_unwire: invalid wire count: 0 o kern/122697 net [ath] Atheros card is not well supported o kern/122685 net It is not visible passing packets in tcpdump(1) o kern/122551 net [bge] Broadcom 5715S no carrier on HP BL460c blade usi o kern/122319 net [wi] imposible to enable ad-hoc demo mode with Orinoco o kern/122290 net [netgraph] [panic] Netgraph related "kmem_map too smal f kern/122252 net [ipmi] [bge] IPMI problem with BCM5704 (does not work o kern/122195 net [ed] Alignment problems in if_ed o kern/122058 net [em] [panic] Panic on em1: taskq o kern/122033 net [ral] [lor] Lock order reversal in ral0 at bootup [reg o kern/121983 net [fxp] fxp0 MBUF and PAE o bin/121895 net [patch] rtsol(8)/rtsold(8) doesn't handle managed netw o kern/121872 net [wpi] driver fails to attach on a fujitsu-siemens s711 s kern/121774 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/121706 net [netinet] [patch] "rtfree: 0xc4383870 has 1 refs" emit o kern/121624 net [em] [regression] Intel em WOL fails after upgrade to o kern/121555 net [panic] Fatal trap 12: current process = 12 (swi1: net o kern/121443 net [gif] [lor] icmp6_input/nd6_lookup o kern/121437 net [vlan] Routing to layer-2 address does not work on VLA o bin/121359 net [patch] ppp(8): fix local stack overflow in ppp o kern/121298 net [em] [panic] Fatal trap 12: page fault while in kernel o kern/121257 net [tcp] TSO + natd -> slow outgoing tcp traffic o kern/121181 net [panic] Fatal trap 3: breakpoint instruction fault whi o kern/121080 net [bge] IPv6 NUD problem on multi address config on bge0 o kern/120966 net [rum] kernel panic with if_rum and WPA encryption p docs/120945 net [patch] ip6(4) man page lacks documentation for TCLASS o kern/120566 net [request]: ifconfig(8) make order of arguments more fr o kern/120304 net [netgraph] [patch] netgraph source assumes 32-bit time o kern/120266 net [udp] [panic] gnugk causes kernel panic when closing U o kern/120232 net [nfe] [patch] Bring in nfe(4) to RELENG_6 o kern/120130 net [carp] [panic] carp causes kernel panics in any conste o bin/120060 net routed(8) deletes link-level routes in the presence of o kern/119945 net [rum] [panic] rum device in hostap mode, cause kernel o kern/119791 net [nfs] UDP NFS mount of aliased IP addresses from a Sol o kern/119617 net [nfs] nfs error on wpa network when reseting/shutdown f kern/119516 net [ip6] [panic] _mtx_lock_sleep: recursed on non-recursi o kern/119432 net [arp] route add -host -iface causes arp e o kern/119225 net [wi] 7.0-RC1 no carrier with Prism 2.5 wifi card [regr a bin/118987 net ifconfig(8): ifconfig -l (address_family) does not wor o sparc/118932 net [panic] 7.0-BETA4/sparc-64 kernel panic in rip_output a kern/118879 net [bge] [patch] bge has checksum problems on the 5703 ch o kern/118727 net [netgraph] [patch] [request] add new ng_pf module a kern/118238 net [bce] [patch] bce driver shows "no carrier" on Intel S s kern/117717 net [panic] Kernel panic with Bittorrent client. o kern/117448 net [carp] 6.2 kernel crash [regression] o kern/117423 net [vlan] Duplicate IP on different interfaces o bin/117339 net [patch] route(8): loading routing management commands o kern/117271 net [tap] OpenVPN TAP uses 99% CPU on releng_6 when if_tap o kern/117043 net [em] Intel PWLA8492MT Dual-Port Network adapter EEPROM o kern/116837 net [tun] [panic] [patch] ifconfig tunX destroy: panic o kern/116747 net [ndis] FreeBSD 7.0-CURRENT crash with Dell TrueMobile o bin/116643 net [patch] [request] fstat(1): add INET/INET6 socket deta o kern/116328 net [bge]: Solid hang with bge interface o kern/116185 net [iwi] if_iwi driver leads system to reboot o kern/115239 net [ipnat] panic with 'kmem_map too small' using ipnat o kern/115019 net [netgraph] ng_ether upper hook packet flow stops on ad o kern/115002 net [wi] if_wi timeout. failed allocation (busy bit). ifco o kern/114915 net [patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f o kern/114839 net [fxp] fxp looses ability to speak with traffic o kern/113895 net [xl] xl0 fails on 6.2-RELEASE but worked fine on 5.5-R o kern/112722 net [ipsec] [udp] IP v4 udp fragmented packet reject o kern/112686 net [patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o kern/112570 net [bge] packet loss with bge driver on BCM5704 chipset o bin/112557 net [patch] ppp(8) lock file should not use symlink name o kern/112528 net [nfs] NFS over TCP under load hangs with "impossible p o kern/111457 net [ral] ral(4) freeze o kern/110140 net [ipw] ipw fails under load o kern/109733 net [bge] bge link state issues [regression] o kern/109470 net [wi] Orinoco Classic Gold PC Card Can't Channel Hop o kern/109308 net [pppd] [panic] Multiple panics kernel ppp suspected [r o kern/109251 net [re] [patch] if_re cardbus card won't attach o bin/108895 net pppd(8): PPPoE dead connections on 6.2 [regression] o kern/108542 net [bce] Huge network latencies with 6.2-RELEASE / STABLE o kern/107944 net [wi] [patch] Forget to unlock mutex-locks o kern/107850 net [bce] bce driver link negotiation is faulty o conf/107035 net [patch] bridge(8): bridge interface given in rc.conf n o kern/106438 net [ipf] ipfilter: keep state does not seem to allow repl o kern/106316 net [dummynet] dummynet with multipass ipfw drops packets o kern/106243 net [nve] double fault panic in if_nve.c on high loads o kern/105945 net Address can disappear from network interface s kern/105943 net Network stack may modify read-only mbuf chain copies o bin/105925 net problems with ifconfig(8) and vlan(4) [regression] o kern/105348 net [ath] ath device stopps TX o kern/104851 net [inet6] [patch] On link routes not configured when usi o kern/104751 net [netgraph] kernel panic, when getting info about my tr o kern/104485 net [bge] Broadcom BCM5704C: Intermittent on newer chip ve o kern/103191 net Unpredictable reboot o kern/103135 net [ipsec] ipsec with ipfw divert (not NAT) encodes a pac o conf/102502 net [netgraph] [patch] ifconfig name does't rename netgrap o kern/102035 net [plip] plip networking disables parallel port printing o kern/101948 net [ipf] [panic] Kernel Panic Trap No 12 Page Fault - cau o kern/100709 net [libc] getaddrinfo(3) should return TTL info o kern/100519 net [netisr] suggestion to fix suboptimal network polling o kern/98978 net [ipf] [patch] ipfilter drops OOW packets under 6.1-Rel o kern/98597 net [inet6] Bug in FreeBSD 6.1 IPv6 link-local DAD procedu o bin/98218 net wpa_supplicant(8) blacklist not working f bin/97392 net ppp(8) hangs instead terminating o kern/97306 net [netgraph] NG_L2TP locks after connection with failed f kern/96268 net [socket] TCP socket performance drops by 3000% if pack o kern/96030 net [bfe] [patch] Install hangs with Broadcomm 440x NIC in o kern/95519 net [ral] ral0 could not map mbuf o kern/95288 net [pppd] [tty] [panic] if_ppp panic in sys/kern/tty_subr o kern/95277 net [netinet] [patch] IP Encapsulation mask_match() return o kern/95267 net packet drops periodically appear s kern/94863 net [bge] [patch] hack to get bge(4) working on IBM e326m o kern/94162 net [bge] 6.x kenel stale with bge(4) o kern/93886 net [ath] Atheros/D-Link DWL-G650 long delay to associate f kern/93378 net [tcp] Slow data transfer in Postfix and Cyrus IMAP (wo o kern/93019 net [ppp] ppp and tunX problems: no traffic after restarti o kern/92880 net [libc] [patch] almost rewritten inet_network(3) functi f kern/92552 net A serious bug in most network drivers from 5.X to 6.X s kern/92279 net [dc] Core faults everytime I reboot, possible NIC issu o kern/92090 net [bge] bge0: watchdog timeout -- resetting o kern/91859 net [ndis] if_ndis does not work with Asus WL-138 s kern/91777 net [ipf] [patch] wrong behaviour with skip rule inside an o kern/91594 net [em] FreeBSD > 5.4 w/ACPI fails to detect Intel Pro/10 o kern/91364 net [ral] [wep] WF-511 RT2500 Card PCI and WEP o kern/91311 net [aue] aue interface hanging o kern/90890 net [vr] Problems with network: vr0: tx shutdown timeout s kern/90086 net [hang] 5.4p8 on supermicro P8SCT hangs during boot if f kern/88082 net [ath] [panic] cts protection for ath0 causes panic o kern/87521 net [ipf] [panic] using ipfilter "auth" keyword leads to k o kern/87506 net [vr] [patch] Fix alias support on vr interfaces o kern/87194 net [fxp] fxp(4) promiscuous mode seems to corrupt hw-csum s kern/86920 net [ndis] ifconfig: SIOCS80211: Invalid argument [regress o kern/86103 net [ipf] Illegal NAT Traversal in IPFilter o kern/85780 net 'panic: bogus refcnt 0' in routing/ipv6 o bin/85445 net ifconfig(8): deprecated keyword to ifconfig inoperativ o kern/85266 net [xe] [patch] xe(4) driver does not recognise Xircom XE o kern/84202 net [ed] [patch] Holtek HT80232 PCI NIC recognition on Fre o bin/82975 net route change does not parse classfull network as given o kern/82497 net [vge] vge(4) on AMD64 only works when loaded late, not f kern/81644 net [vge] vge(4) does not work properly when loaded as a K s kern/81147 net [net] [patch] em0 reinitialization while adding aliase o kern/80853 net [ed] [patch] add support for Compex RL2000/ISA in PnP o kern/79895 net [ipf] 5.4-RC2 breaks ipfilter NAT when using netgraph f kern/79262 net [dc] Adaptec ANA-6922 not fully supported o bin/79228 net [patch] extend arp(8) to be able to create blackhole r o kern/78090 net [ipf] ipf filtering on bridged packets doesn't work if p kern/77913 net [wi] [patch] Add the APDL-325 WLAN pccard to wi(4) o kern/77341 net [ip6] problems with IPV6 implementation o kern/77273 net [ipf] ipfilter breaks ipv6 statefull filtering on 5.3 s kern/77195 net [ipf] [patch] ipfilter ioctl SIOCGNATL does not match o kern/75873 net Usability problem with non-RFC-compliant IP spoof prot s kern/75407 net [an] an(4): no carrier after short time f kern/73538 net [bge] problem with the Broadcom BCM5788 Gigabit Ethern o kern/71469 net default route to internet magically disappears with mu o kern/70904 net [ipf] ipfilter ipnat problem with h323 proxy support o kern/64556 net [sis] if_sis short cable fix problems with NetGear FA3 s kern/60293 net [patch] FreeBSD arp poison patch o kern/54383 net [nfs] [patch] NFS root configurations without dynamic f i386/45773 net [bge] Softboot causes autoconf failure on Broadcom 570 s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr s kern/39937 net ipstealth issue a kern/38554 net [patch] changing interface ipaddress doesn't seem to w o kern/35442 net [sis] [patch] Problem transmitting runts in if_sis dri o kern/34665 net [ipf] [hang] ipfilter rcmd proxy "hangs". o kern/31647 net [libc] socket calls can return undocumented EINVAL o kern/30186 net [libc] getaddrinfo(3) does not handle incorrect servna o kern/27474 net [ipf] [ppp] Interactive use of user PPP and ipfilter c o conf/23063 net [arp] [patch] for static ARP tables in rc.network 304 problems total. From owner-freebsd-net@FreeBSD.ORG Mon May 18 12:04:52 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B96BB10656BB for ; Mon, 18 May 2009 12:04:52 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 74A288FC13 for ; Mon, 18 May 2009 12:04:52 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from [130.149.220.166] (python.net.t-labs.tu-berlin.de [130.149.220.166]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 6CB93702501A for ; Mon, 18 May 2009 14:04:51 +0200 (CEST) From: Sebastian Mellmann To: freebsd-net@freebsd.org Content-Type: text/plain Date: Mon, 18 May 2009 14:04:50 +0200 Message-Id: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit Subject: ipfw firewall_type 'OPEN' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 12:04:57 -0000 Hi everyone! I've set the following parameters in rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" firewall_logging="YES" When I took a look at the ruleset I see: 00010 allow ip from any to any via lo0 65000 allow ip from any to any 65535 deny ip from any to any The problem is, if I execute my own ipfw script and flush the rules via 'ipfw -q -f flush' and 'ipfw -q -f pipe flush' I'm loosing my ssh connection to that machine. Is there any chance to remove the rule 65535 or change it to allow instead of deny? I've got another FreeBSD machine here (7.0) where the default setting is '65535 allow ip from any to any', when using firwall_type OPEN. Both rc.conf files are the same! Regards, Sebastian From owner-freebsd-net@FreeBSD.ORG Mon May 18 12:45:22 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E7DD1065678 for ; Mon, 18 May 2009 12:45:22 +0000 (UTC) (envelope-from marius@nuenneri.ch) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id 563F98FC22 for ; Mon, 18 May 2009 12:45:22 +0000 (UTC) (envelope-from marius@nuenneri.ch) Received: by yx-out-2324.google.com with SMTP id 8so1967209yxb.13 for ; Mon, 18 May 2009 05:45:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.151.68.9 with SMTP id v9mr12477102ybk.201.1242648829352; Mon, 18 May 2009 05:13:49 -0700 (PDT) In-Reply-To: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> References: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> Date: Mon, 18 May 2009 14:13:49 +0200 Message-ID: From: =?ISO-8859-1?Q?Marius_N=FCnnerich?= To: Sebastian Mellmann Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: ipfw firewall_type 'OPEN' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 12:45:23 -0000 On Mon, May 18, 2009 at 14:04, Sebastian Mellmann wrote: > Hi everyone! > > I've set the following parameters in rc.conf: > > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" > firewall_logging="YES" > > When I took a look at the ruleset I see: > > 00010 allow ip from any to any via lo0 > 65000 allow ip from any to any > 65535 deny ip from any to any > > > The problem is, if I execute my own ipfw script and flush the rules via > 'ipfw -q -f flush' > and > 'ipfw -q -f pipe flush' > I'm loosing my ssh connection to that machine. > Is there any chance to remove the rule 65535 or change it to allow > instead of deny? > > I've got another FreeBSD machine here (7.0) where the default setting is > '65535 allow ip from any to any', when using firwall_type OPEN. > Both rc.conf files are the same! > There is a kernel option to do, see ipfw(4). From owner-freebsd-net@FreeBSD.ORG Mon May 18 13:15:17 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22C3E1065672 for ; Mon, 18 May 2009 13:15:17 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id CD54C8FC0A for ; Mon, 18 May 2009 13:15:16 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:Reply-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=fSc0+kSRP0Nll4D6DDW94liOCuo38YxjV+Iw9N0EBu7Ixs+o4u2JlVGsQBnwnXL7/dfwFpZpv5/6nVPBVq6t1ixdPGFJrNdLGrMSs+E32fFeAwSkEddzp9K3MtTQReJEJMCbrspeUDEgRaVlPEir755uhorr1TEau5MI7iGU5fs=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1M62gV-000MCh-OZ; Mon, 18 May 2009 17:15:15 +0400 Date: Mon, 18 May 2009 17:15:13 +0400 From: Eygene Ryabinkin To: Sebastian Mellmann Message-ID: References: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1242648290.31782.9.camel@python.net.t-labs.tu-berlin.de> Sender: rea-fbsd@codelabs.ru Cc: freebsd-net@freebsd.org Subject: Re: ipfw firewall_type 'OPEN' X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 13:15:17 -0000 Sebastian, Mon, May 18, 2009 at 02:04:50PM +0200, Sebastian Mellmann wrote: > 00010 allow ip from any to any via lo0 > 65000 allow ip from any to any > 65535 deny ip from any to any > > > The problem is, if I execute my own ipfw script and flush the rules via > 'ipfw -q -f flush' > and > 'ipfw -q -f pipe flush' > I'm loosing my ssh connection to that machine. > Is there any chance to remove the rule 65535 or change it to allow > instead of deny? Yes, insert ----- options IPFIREWALL_DEFAULT_TO_ACCEPT ----- to your kernel configuration, rebuild, install and use new kernel. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # From owner-freebsd-net@FreeBSD.ORG Mon May 18 23:12:26 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 321F01065675; Mon, 18 May 2009 23:12:26 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 077538FC14; Mon, 18 May 2009 23:12:26 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4INCPFW080398; Mon, 18 May 2009 23:12:25 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4INCP2t080394; Mon, 18 May 2009 23:12:25 GMT (envelope-from linimon) Date: Mon, 18 May 2009 23:12:25 GMT Message-Id: <200905182312.n4INCP2t080394@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-net@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/134658: [bce] bce driver fails on PowerEdge m610 blade. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 23:12:26 -0000 Old Synopsis: bce driver fails on PowerEdge m610 blade. New Synopsis: [bce] bce driver fails on PowerEdge m610 blade. Responsible-Changed-From-To: freebsd-amd64->freebsd-net Responsible-Changed-By: linimon Responsible-Changed-When: Mon May 18 23:11:45 UTC 2009 Responsible-Changed-Why: Take a guess that this is not amd64-specific. http://www.freebsd.org/cgi/query-pr.cgi?pr=134658 From owner-freebsd-net@FreeBSD.ORG Tue May 19 06:30:06 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 082621065687 for ; Tue, 19 May 2009 06:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CFADC8FC1B for ; Tue, 19 May 2009 06:30:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4J6U5FZ065410 for ; Tue, 19 May 2009 06:30:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4J6U51W065407; Tue, 19 May 2009 06:30:05 GMT (envelope-from gnats) Date: Tue, 19 May 2009 06:30:05 GMT Message-Id: <200905190630.n4J6U51W065407@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Sergei Cherveni Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sergei Cherveni List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 06:30:06 -0000 The following reply was made to PR kern/134557; it has been noted by GNATS. From: Sergei Cherveni To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem Date: Tue, 19 May 2009 08:53:53 +0300 FreeBSD 7.1-R does not hang with pptp-clients connected to server via pppoe link. From owner-freebsd-net@FreeBSD.ORG Tue May 19 10:27:03 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7699A10656A8 for ; Tue, 19 May 2009 10:27:03 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.172]) by mx1.freebsd.org (Postfix) with ESMTP id 4ED098FC12 for ; Tue, 19 May 2009 10:27:03 +0000 (UTC) (envelope-from swun2010@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so1792836wfg.7 for ; Tue, 19 May 2009 03:27:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=huoNDEmFTTFgCu/TMxHd8bM5DFQ5Sy7awN/bfd1Dp/E=; b=buk47ohDw3fGWTU5L+xXLNevQLos6PL0BYaILyiofgbcAxfIsO7do9JQuKelxf5EMN mOYJiIFeeqWMs9NWa1No8OdH/xWmVYLPLxOC0tuGYrXKQDgMKfCOwZRdCvCwy80VFeCV kSy9EInwM9+tAUrkCyQ4H5UN4DNDdLnWtpFjU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=rHUGhCyuLwvx2BYPCevAv+HHLC4uNcrRBEcOBgGN0OpKkNo/cid5ClSWcoqqP8uO9K a9lsEmvZKu3OJ+FTz+bmt3Blsknl1F7DhEQn1zprgXRQAvprdYDfnCSgD0monMPjJJAM EAUctkx9cUT5AuDJxoCTW+JTP4FDKh1TADmow= MIME-Version: 1.0 Received: by 10.142.77.11 with SMTP id z11mr2229641wfa.277.1242728823027; Tue, 19 May 2009 03:27:03 -0700 (PDT) Date: Tue, 19 May 2009 20:27:03 +1000 Message-ID: <736c47cb0905190327n75507247r497ea8f284297659@mail.gmail.com> From: Sam Wun To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: tcp/udp base Heartbeat for http loadbalancer? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 10:27:03 -0000 Hi, Is there any tcp/udp base heartbeat for http loadbalancer for FreeBSD 7? Thanks From owner-freebsd-net@FreeBSD.ORG Tue May 19 20:20:07 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E566106564A for ; Tue, 19 May 2009 20:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 129238FC1C for ; Tue, 19 May 2009 20:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4JKK67e023383 for ; Tue, 19 May 2009 20:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4JKK6UI023382; Tue, 19 May 2009 20:20:06 GMT (envelope-from gnats) Date: Tue, 19 May 2009 20:20:06 GMT Message-Id: <200905192020.n4JKK6UI023382@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Alexander Motin Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexander Motin List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 20:20:07 -0000 The following reply was made to PR kern/134557; it has been noted by GNATS. From: Alexander Motin To: bug-followup@FreeBSD.org, sergei.cherveni@gmail.com Cc: Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem Date: Tue, 19 May 2009 23:16:13 +0300 Are you sure, that you haven't made routing or some other kind traffic loop in kernel? There was added some protection against it recently, but may be you have found some new way to do it? It was quite popular. -- Alexander Motin From owner-freebsd-net@FreeBSD.ORG Tue May 19 21:26:10 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95C7D106566B for ; Tue, 19 May 2009 21:26:10 +0000 (UTC) (envelope-from zachary.loafman@isilon.com) Received: from seaxch10.isilon.com (seaxch10.isilon.com [74.85.160.26]) by mx1.freebsd.org (Postfix) with ESMTP id 75EA98FC17 for ; Tue, 19 May 2009 21:26:09 +0000 (UTC) (envelope-from zachary.loafman@isilon.com) Received: from famine.isilon.com ([10.54.190.95]) by seaxch10.isilon.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 May 2009 14:13:49 -0700 Received: from zloafman by famine.isilon.com with local (Exim 4.69) (envelope-from ) id 1M6Wd8-0000uK-Gj for net@freebsd.org; Tue, 19 May 2009 14:13:46 -0700 Date: Tue, 19 May 2009 14:13:46 -0700 From: Zachary Loafman To: net@freebsd.org Message-ID: <20090519211346.GC675@isilon.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="LwW0XdcUbUexiWVK" Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 19 May 2009 21:13:49.0709 (UTC) FILETIME=[B450D3D0:01C9D8C6] Cc: Subject: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 21:26:11 -0000 --LwW0XdcUbUexiWVK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline net@ - A short patch attached that requires 3 paragraphs of explanation. We found an issue in TCP when the a client connects to our server, establishes a connection, reboots and chooses the same source port to re-establish the connection. This isn't hard from other vendors' clients. On Solaris, the same NFS mount order at boot time will frequently result in source port re-use for the NFS connections. In this case, the customer was seeing mounts hang until the keepalive on our side would kick the established connection. The problem in the code is probably best explained using the patch itself: --- Index: sys/netinet/tcp_input.c =================================================================== --- sys/netinet/tcp_input.c (revision xxxx) +++ sys/netinet/tcp_input.c (working copy) @@ -1818,7 +1818,11 @@ tcp_do_segment(struct mbuf *m, struct tc todrop = tp->rcv_nxt - th->th_seq; if (todrop > 0) { - if (thflags & TH_SYN) { + /* + * If this is a duplicate SYN for our current connection, + * advance over it and pretend and it's not a SYN. + */ + if (thflags & TH_SYN && th->th_seq == tp->irs) { thflags &= ~TH_SYN; th->th_seq++; if (th->th_urp > 1) --- The problem is that when our TCP stack gets a SYN packet for a connection that's already in ESTABLISHED state, it runs through the above code. The above code is basically noticing that the packet is coming in left of the receive window and then saying "Ah, a SYN! This must be a duplicate SYN for our existing connect." After that, it just turns off SYN and treats it as a normal packet (after advancing past the SYN seq number). The code is broken, though: the only condition under which this is a duplicate SYN is if the th_seq matches the irs, the initial receive sequence. After correcting the above, any SYN that doesn't exactly match the initial sequence number results in a RST|ACK response and the ESTABLISHED connection being dropped. Before this change, this is also what happened if a SYN arrived within or past the window, so I'm basically making the before-window behavior match the other behavior. I tested this using telnet to establish a TCP connection and raw packet injection to throw SYNs at it. Comments? -- Zach Loafman | Staff Engineer | Isilon Systems --LwW0XdcUbUexiWVK Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="syn.patch" --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1818,7 +1818,11 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, todrop = tp->rcv_nxt - th->th_seq; if (todrop > 0) { - if (thflags & TH_SYN) { + /* + * If this is a duplicate SYN for our current connection, + * advance over it and pretend and it's not a SYN. + */ + if (thflags & TH_SYN && th->th_seq == tp->irs) { thflags &= ~TH_SYN; th->th_seq++; if (th->th_urp > 1) --LwW0XdcUbUexiWVK-- From owner-freebsd-net@FreeBSD.ORG Wed May 20 01:10:15 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8D3F106566B for ; Wed, 20 May 2009 01:10:15 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.freebsd.org (Postfix) with ESMTP id A6B0A8FC22 for ; Wed, 20 May 2009 01:10:15 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from bcs-mail03.internal.cacheflow.com ([10.2.2.95]) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id n4K1AEdT021750; Tue, 19 May 2009 18:10:14 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 19 May 2009 18:05:15 -0700 Message-ID: In-Reply-To: <4A111FDC.5030400@gmx.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: arp fails to clear mapping for deleted network Thread-Index: AcnXlQ7Oob8mWboxRJubx10YTNCxNABUbQng References: <4A111FDC.5030400@gmx.com> From: "Li, Qing" To: "Nikos Vassiliadis" , Cc: Subject: RE: arp fails to clear mapping for deleted network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 01:10:16 -0000 Please apply the patch at "http://people.freebsd.org/~qingli/patch" and that should fix your problem. I found another issue while testing the patch. I am working on it and hope to have a fix soon. -- Qing > -----Original Message----- > From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd- > net@freebsd.org] On Behalf Of Nikos Vassiliadis > Sent: Monday, May 18, 2009 1:44 AM > To: freebsd-net@freebsd.org > Subject: arp fails to clear mapping for deleted network >=20 > Hello, >=20 > It seems that: > 1) if I assign an IP address to an interface > 2) get an arp mapping via this interface > 3) remove the IP address from the interface >=20 > arp fails to remove this arp entry when > arp -d is used >=20 > > lab# ifconfig rl0 192.168.254.30 > > lab# ping 192.168.254.254 > > PING 192.168.254.254 (192.168.254.254): 56 data bytes > > 64 bytes from 192.168.254.254: icmp_seq=3D0 ttl=3D64 time=3D0.427 ms > > 64 bytes from 192.168.254.254: icmp_seq=3D1 ttl=3D64 time=3D0.434 ms > > 64 bytes from 192.168.254.254: icmp_seq=3D2 ttl=3D64 time=3D0.442 ms > > 64 bytes from 192.168.254.254: icmp_seq=3D3 ttl=3D64 time=3D0.467 ms > > 64 bytes from 192.168.254.254: icmp_seq=3D4 ttl=3D64 time=3D0.445 ms > > ^C > > --- 192.168.254.254 ping statistics --- > > 5 packets transmitted, 5 packets received, 0.0% packet loss > > round-trip min/avg/max/stddev =3D 0.427/0.443/0.467/0.014 ms > > lab# arp 192.168.254.254 > > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > > lab# ifconfig rl0 delete > > lab# arp 192.168.254.254 > > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > > lab# arp -d 192.168.254.254 > > arp: writing to routing socket: No such process > > arp: 192.168.254.254: No such process > > lab# arp 192.168.254.254 > > ? (192.168.254.254) at 00:18:d1:e4:ee:29 on rl0 [ethernet] > > lab# >=20 > This is from a few days old -current. I just noticed > this somehow strange behavior, but I don't really know > if it's old or new. >=20 > Nikos > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed May 20 02:50:05 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 667A01065670 for ; Wed, 20 May 2009 02:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 550B08FC1B for ; Wed, 20 May 2009 02:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4K2o5va048126 for ; Wed, 20 May 2009 02:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4K2o5rA048125; Wed, 20 May 2009 02:50:05 GMT (envelope-from gnats) Date: Wed, 20 May 2009 02:50:05 GMT Message-Id: <200905200250.n4K2o5rA048125@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/134220: commit references a PR X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 02:50:05 -0000 The following reply was made to PR kern/134220; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/134220: commit references a PR Date: Wed, 20 May 2009 02:49:09 +0000 (UTC) Author: mav Date: Wed May 20 02:48:53 2009 New Revision: 192415 URL: http://svn.freebsd.org/changeset/base/192415 Log: MFC rev. 192032 Fix copy-paste bug in NGM_NETFLOW_SETCONFIG argument size verification. PR: kern/134220 Submitted by: Eugene Mychlo Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/ath/ath_hal/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/netgraph/netflow/ng_netflow.c Modified: stable/7/sys/netgraph/netflow/ng_netflow.c ============================================================================== --- stable/7/sys/netgraph/netflow/ng_netflow.c Wed May 20 02:24:09 2009 (r192414) +++ stable/7/sys/netgraph/netflow/ng_netflow.c Wed May 20 02:48:53 2009 (r192415) @@ -422,7 +422,7 @@ ng_netflow_rcvmsg (node_p node, item_p i { struct ng_netflow_setconfig *set; - if (msg->header.arglen != sizeof(struct ng_netflow_settimeouts)) + if (msg->header.arglen != sizeof(struct ng_netflow_setconfig)) ERROUT(EINVAL); set = (struct ng_netflow_setconfig *)msg->data; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed May 20 02:57:06 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15E9B1065675; Wed, 20 May 2009 02:57:06 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DF77A8FC1E; Wed, 20 May 2009 02:57:05 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from freefall.freebsd.org (mav@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4K2v5QE060936; Wed, 20 May 2009 02:57:05 GMT (envelope-from mav@freefall.freebsd.org) Received: (from mav@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4K2v5bc060932; Wed, 20 May 2009 02:57:05 GMT (envelope-from mav) Date: Wed, 20 May 2009 02:57:05 GMT Message-Id: <200905200257.n4K2v5bc060932@freefall.freebsd.org> To: myc@barev.net, mav@FreeBSD.org, freebsd-net@FreeBSD.org From: mav@FreeBSD.org Cc: Subject: Re: kern/134220: [ng_netflow] [patch]: incorrect comparison in ng_netflow_rcvmsg() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 02:57:06 -0000 Synopsis: [ng_netflow] [patch]: incorrect comparison in ng_netflow_rcvmsg() State-Changed-From-To: patched->closed State-Changed-By: mav State-Changed-When: Wed May 20 02:56:31 UTC 2009 State-Changed-Why: Patch merged to 7-STABLE. http://www.freebsd.org/cgi/query-pr.cgi?pr=134220 From owner-freebsd-net@FreeBSD.ORG Wed May 20 12:23:48 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D82B7106566C for ; Wed, 20 May 2009 12:23:48 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 2B0638FC14 for ; Wed, 20 May 2009 12:23:48 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: (qmail invoked by alias); 20 May 2009 12:23:46 -0000 Received: from unknown (EHLO [192.168.254.1]) [79.107.178.55] by mail.gmx.com (mp-eu004) with SMTP; 20 May 2009 14:23:46 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX18PdpBP2YcP9lwjFQrMz/hSMnwJcvSOX9vI6SITlq v1DMLjK0seuENd Message-ID: <4A13F63D.5000800@gmx.com> Date: Wed, 20 May 2009 15:23:25 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Li, Qing" References: <4A111FDC.5030400@gmx.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.58 Cc: freebsd-net@freebsd.org Subject: Re: arp fails to clear mapping for deleted network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 12:23:49 -0000 Li, Qing wrote: > Please apply the patch at "http://people.freebsd.org/~qingli/patch" and > that should fix your problem. Yes, your patch fixes the problem. > I found another issue while testing the patch. I am working on it and > hope to have a fix soon. While you're at it and if it's not too much to ask, could you also check proxy-arp? For example: arp -s 192.168.254.250 auto pub > 15:16:56.497270 08:00:27:49:d9:5e > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.254.250 tell 192.168.254.250, length 28 But, when a request for 192.168.254.250 comes in, it doesn't reply > 15:17:04.902291 00:18:d1:e4:ee:29 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.254.250 tell 192.168.254.254, length 46 Thanks, Nikos From owner-freebsd-net@FreeBSD.ORG Wed May 20 16:52:01 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BA53106566C for ; Wed, 20 May 2009 16:52:01 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.freebsd.org (Postfix) with ESMTP id 1167A8FC1A for ; Wed, 20 May 2009 16:52:00 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from bcs-mail03.internal.cacheflow.com ([10.2.2.95]) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id n4KGpxME005347; Wed, 20 May 2009 09:52:00 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 20 May 2009 09:50:56 -0700 Message-ID: In-Reply-To: <4A13F63D.5000800@gmx.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: arp fails to clear mapping for deleted network Thread-Index: AcnZRdRQ5+awPFJzROqR1Vd7w2O+AwAJStOw References: <4A111FDC.5030400@gmx.com> <4A13F63D.5000800@gmx.com> From: "Li, Qing" To: "Nikos Vassiliadis" Cc: freebsd-net@freebsd.org Subject: RE: arp fails to clear mapping for deleted network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 16:52:01 -0000 >=20 > Yes, your patch fixes the problem. >=20 Okay, I will commit the patch.=20 >=20 > While you're at it and if it's not too much to ask, could you > also check proxy-arp? >=20 Could you please email me your netstat output, privately ? Thanks, -- Qing > For example: > arp -s 192.168.254.250 auto pub > > 15:16:56.497270 08:00:27:49:d9:5e > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), length 42: Request who-has 192.168.254.250 tell > 192.168.254.250, length 28 > But, when a request for 192.168.254.250 comes in, it doesn't > reply > > 15:17:04.902291 00:18:d1:e4:ee:29 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), length 60: Request who-has 192.168.254.250 tell > 192.168.254.254, length 46 >=20 > Thanks, Nikos From owner-freebsd-net@FreeBSD.ORG Wed May 20 19:55:38 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EA45106566B for ; Wed, 20 May 2009 19:55:38 +0000 (UTC) (envelope-from ajadav@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by mx1.freebsd.org (Postfix) with ESMTP id CE4B08FC13 for ; Wed, 20 May 2009 19:55:37 +0000 (UTC) (envelope-from ajadav@gmail.com) Received: by qw-out-2122.google.com with SMTP id 3so405327qwe.7 for ; Wed, 20 May 2009 12:55:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=SHkXjvNElhM6mlBTySQlFhl+waYURcCaqJ/g+R6cikI=; b=Sgf+t2Z2Ix24U3fywqwPw/fEneg5M80ZmRgeMeA6DCm0N8YES/5YotbVaMwFviwu0K bemhyeH1aJk3wfGqGNGuXfGI+bf9LGAJz7PItrjU/W1NC8vCHUfuBaX8YstrpqkRBJ9t zfvp0ZSgG/1hBgtWFw1ZQJvuZneBRg+hUZAFg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=BLAm5xq3vTrWuNkiVy45bCJgXpwN/z61gJwhYne/Qxy3aMzQLEGzUdQpHw24YZ/8NS OzkIkKeFTkXtU7ork7WIBhFheNj08JFbkdB3sXmHtcuegCMG9ioTOUuUaetAKhD5e0LM LhFxA+nz6kt5A5A9HE4OWOspepKL9RD4Uhfck= MIME-Version: 1.0 Received: by 10.224.74.84 with SMTP id t20mr1718040qaj.328.1242847625236; Wed, 20 May 2009 12:27:05 -0700 (PDT) Date: Wed, 20 May 2009 12:27:05 -0700 Message-ID: From: Asheesh Jadav To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Deleting a TAP interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 19:55:38 -0000 Hi, I'm able to create the TAP interface, lets say with name 'test', and bring it up, but when I try deleting it using ioctl(fd, TUNSETPERSIST, 0) I can see that on my system I still have an interafce with name eth0 (the original name was test). How can I completely delete the interface that I created and restore the system to the state it was before I created the TAP interface? Thanks. From owner-freebsd-net@FreeBSD.ORG Wed May 20 23:37:06 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8634E106566B for ; Wed, 20 May 2009 23:37:06 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 5D7E08FC28 for ; Wed, 20 May 2009 23:37:06 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id BD51E3451E1; Wed, 20 May 2009 19:37:05 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 20 May 2009 19:37:05 -0400 X-Sasl-enc: Op48KXlJTNT9YL2Y1Qg5Hcy0KJSGHR2pOL3gXr2xSnPj 1242862625 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTPSA id 4CFEC374FD; Wed, 20 May 2009 19:37:05 -0400 (EDT) Message-ID: <4A14941F.3090402@incunabulum.net> Date: Thu, 21 May 2009 00:37:03 +0100 From: Bruce Simpson User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Asheesh Jadav References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Deleting a TAP interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 23:37:06 -0000 Asheesh Jadav wrote: > Hi, > > I'm able to create the TAP interface, lets say with name 'test', and bring > it up, but when I try deleting it using > > ioctl(fd, TUNSETPERSIST, 0) > It sounds from your interface name as though you are using a Linux system, and I can't find this ioctl documented anywhere on FreeBSD: %%% tack:/usr/src/sys/net % grep -Hr TUNSETPERSIST . Exit 1 tack:/usr/src/sys/compat % grep -Hr TUNSETPERSIST . Exit 1 %%% Perhaps try a Linux development forum who will be better able to assist you? In FreeBSD, tap/tun interfaces are cloners, and can be created/destroyed using the usual cloneable interface mechanisms. thanks, BMS From owner-freebsd-net@FreeBSD.ORG Thu May 21 01:00:10 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA662106564A for ; Thu, 21 May 2009 01:00:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 98C678FC17 for ; Thu, 21 May 2009 01:00:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4L10AGi098373 for ; Thu, 21 May 2009 01:00:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4L10A1E098372; Thu, 21 May 2009 01:00:10 GMT (envelope-from gnats) Date: Thu, 21 May 2009 01:00:10 GMT Message-Id: <200905210100.n4L10A1E098372@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: "David Christensen" Cc: Subject: Re: kern/134658: [bce] bce driver fails on PowerEdge m610 blade. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: David Christensen List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2009 01:00:11 -0000 The following reply was made to PR kern/134658; it has been noted by GNATS. From: "David Christensen" To: "bug-followup@FreeBSD.org" , "harald_jensas@dell.com" Cc: Subject: Re: kern/134658: [bce] bce driver fails on PowerEdge m610 blade. Date: Wed, 20 May 2009 17:38:48 -0700 This is the expected behavior as the mii(4) SerDes support=20 for the 5709 was removed from immediately prior to the 7.2=20 release. The PHY's ID is not present in miidevs.c. Dave= From owner-freebsd-net@FreeBSD.ORG Thu May 21 14:51:16 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECCC61065670 for ; Thu, 21 May 2009 14:51:16 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from proxy.meer.net (proxy.meer.net [64.13.141.13]) by mx1.freebsd.org (Postfix) with ESMTP id C5E048FC1D for ; Thu, 21 May 2009 14:51:16 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [64.13.141.3]) by proxy.meer.net (8.14.3/8.14.3) with ESMTP id n4LENFl3088793 for ; Thu, 21 May 2009 07:23:42 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from mail2.meer.net (mail2.meer.net [64.13.141.16]) by mail.meer.net (8.13.3/8.13.3/meer) with ESMTP id n4LEL9L6075683; Thu, 21 May 2009 07:21:09 -0700 (PDT) (envelope-from gnn@neville-neil.com) Received: from [10.2.204.104] (209.249.190.8.available.above.net [209.249.190.8] (may be forged)) (authenticated bits=0) by mail2.meer.net (8.14.1/8.14.3) with ESMTP id n4LEL8q8065610 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 21 May 2009 07:21:09 -0700 (PDT) (envelope-from gnn@neville-neil.com) Message-Id: <43B043BD-4D7B-414B-91AB-3C8DBA0EC078@neville-neil.com> From: George Neville-Neil To: Zachary Loafman In-Reply-To: <20090519211346.GC675@isilon.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Thu, 21 May 2009 10:21:07 -0400 References: <20090519211346.GC675@isilon.com> X-Mailer: Apple Mail (2.935.3) X-Spam-Score: undef - spam scanning disabled X-CanIt-Geo: ip=64.13.141.3; country=US; region=CA; city=Mountain View; latitude=37.3974; longitude=-122.0732; metrocode=807; areacode=650; http://maps.google.com/maps?q=37.3974,-122.0732&z=6 X-CanItPRO-Stream: default X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 64.13.141.13 Cc: net@freebsd.org Subject: Re: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2009 14:51:17 -0000 On May 19, 2009, at 17:13 , Zachary Loafman wrote: > net@ - > > A short patch attached that requires 3 paragraphs of explanation. > > We found an issue in TCP when the a client connects to our server, > establishes a connection, reboots and chooses the same source port to > re-establish the connection. This isn't hard from other vendors' > clients. On Solaris, the same NFS mount order at boot time will > frequently result in source port re-use for the NFS connections. In > this case, the customer was seeing mounts hang until the keepalive on > our side would kick the established connection. > > The problem in the code is probably best explained using the patch > itself: > > --- > Index: sys/netinet/tcp_input.c > =================================================================== > --- sys/netinet/tcp_input.c (revision xxxx) > +++ sys/netinet/tcp_input.c (working copy) > @@ -1818,7 +1818,11 @@ tcp_do_segment(struct mbuf *m, struct tc > > todrop = tp->rcv_nxt - th->th_seq; > if (todrop > 0) { > - if (thflags & TH_SYN) { > + /* > + * If this is a duplicate SYN for our current > connection, > + * advance over it and pretend and it's not a SYN. > + */ > + if (thflags & TH_SYN && th->th_seq == tp->irs) { > thflags &= ~TH_SYN; > th->th_seq++; > if (th->th_urp > 1) > --- > > The problem is that when our TCP stack gets a SYN packet for a > connection that's already in ESTABLISHED state, it runs through the > above code. The above code is basically noticing that the packet is > coming in left of the receive window and then saying "Ah, a SYN! This > must be a duplicate SYN for our existing connect." After that, it just > turns off SYN and treats it as a normal packet (after advancing past > the SYN seq number). The code is broken, though: the only condition > under which this is a duplicate SYN is if the th_seq matches the irs, > the initial receive sequence. > > After correcting the above, any SYN that doesn't exactly match the > initial sequence number results in a RST|ACK response and the > ESTABLISHED connection being dropped. Before this change, this is also > what happened if a SYN arrived within or past the window, so I'm > basically making the before-window behavior match the other > behavior. I tested this using telnet to establish a TCP connection and > raw packet injection to throw SYNs at it. > > Comments? > Yes, nice catch. Best, George From owner-freebsd-net@FreeBSD.ORG Thu May 21 17:37:28 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF860106564A for ; Thu, 21 May 2009 17:37:28 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay1-bcrtfl2.verio.net (relay1-bcrtfl2.verio.net [131.103.218.142]) by mx1.freebsd.org (Postfix) with ESMTP id BDECB8FC12 for ; Thu, 21 May 2009 17:37:28 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (iad-wprd-xchw01.corp.verio.net [198.87.7.164]) by relay1-bcrtfl2.verio.net (Postfix) with ESMTP id E0EA2B0380AC for ; Thu, 21 May 2009 13:37:27 -0400 (EDT) thread-index: AcnaOs8yJxzvtlfwTpOKChcrVx49ww== Received: from dllstx1-8sst9f1.corp.verio.net ([10.144.0.59]) by iad-wprd-xchw01.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Thu, 21 May 2009 13:37:26 -0400 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Thu, 21 May 2009 12:37:25 +0000 Date: Thu, 21 May 2009 12:37:25 -0500 Content-Transfer-Encoding: 7bit From: "David DeSimone" To: Importance: normal Priority: normal Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Message-ID: <20090521173725.GB3992@verio.net> Mail-Followup-To: freebsd-net@freebsd.org References: <20090519211346.GC675@isilon.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20090519211346.GC675@isilon.com> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 21 May 2009 17:37:26.0514 (UTC) FILETIME=[CE8DFD20:01C9DA3A] Subject: Re: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2009 17:37:29 -0000 Zachary Loafman wrote: > > After correcting the above, any SYN that doesn't exactly match > the initial sequence number results in a RST|ACK response and the > ESTABLISHED connection being dropped. Maybe I am jumping to conclusions here, but does this mean that someone can spoof a SYN from your IP and source port and force your connection to be torn down? -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. From owner-freebsd-net@FreeBSD.ORG Fri May 22 00:08:05 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A021106566C for ; Fri, 22 May 2009 00:08:05 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: from mail-ew0-f159.google.com (mail-ew0-f159.google.com [209.85.219.159]) by mx1.freebsd.org (Postfix) with ESMTP id 0E0D88FC24 for ; Fri, 22 May 2009 00:08:04 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: by ewy3 with SMTP id 3so1604994ewy.43 for ; Thu, 21 May 2009 17:08:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-pgp-agent:x-mailer; bh=WSn0HZzQJIeyZOF24TGDDwYgtGa77y5Fhi7OmD5Vvt4=; b=L3WnigloPPPpeyGp3g8/julUY4tp0Y+jrYz7KnHYYhuaNxVa6gVTDhUaR88U5LIeKq TeQZ6qDS8U7EWzLPxTEbpyOhOSpTx0ggTm8h+1emz2iRwVVJLfcvkSB63fNknU8tcgxt L1+MTN/YZA2lhHt/8V5crDsVYIJLw4N1fZwrM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-pgp-agent:x-mailer; b=Ommt52+1BPx12yGzicpfcUHyFegrzCs2dOOlShyWJMqpcEjurraW1qpdmZQAIvegVS 4RSZC7sP6rfqb7XnyR7NiMSYJ17O2Ri7cdoVi8ZhOEUpw77LT/YwlUcRZ++/l5wEIWcM wU3/QO1jCNq9+LxzUNdRPHPXJDWOzbmkNMnpU= Received: by 10.210.56.7 with SMTP id e7mr3973679eba.24.1242949076040; Thu, 21 May 2009 16:37:56 -0700 (PDT) Received: from epsilon.lan (bl6-150-156.dsl.telepac.pt [82.155.150.156]) by mx.google.com with ESMTPS id 28sm489144eyg.44.2009.05.21.16.37.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 21 May 2009 16:37:55 -0700 (PDT) Sender: Rui Paulo Message-Id: <7B86B602-BE19-4AD7-9B70-CCC3BFC933A8@freebsd.org> From: Rui Paulo To: David DeSimone In-Reply-To: <20090521173725.GB3992@verio.net> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-7-501382208" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Fri, 22 May 2009 00:37:50 +0100 References: <20090519211346.GC675@isilon.com> <20090521173725.GB3992@verio.net> X-Pgp-Agent: GPGMail 1.2.0 (v56) X-Mailer: Apple Mail (2.935.3) Cc: freebsd-net@freebsd.org Subject: Re: [PATCH] SYN issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 00:08:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-7-501382208 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On 21 May 2009, at 18:37, David DeSimone wrote: > Zachary Loafman wrote: >> >> After correcting the above, any SYN that doesn't exactly match >> the initial sequence number results in a RST|ACK response and the >> ESTABLISHED connection being dropped. > > Maybe I am jumping to conclusions here, but does this mean that > someone > can spoof a SYN from your IP and source port and force your connection > to be torn down? I don't think so. First of all the seq must be on the left of the recv window, and second, we already do this for the right of the recv window. I believe this is how the standard defined it to be. -- Rui Paulo --Apple-Mail-7-501382208 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkoV5c4ACgkQfD8M/ASTygJ48ACgql9XLk/tZUb+0A41aebG35bw oVsAoMII3TUNwNKzeaX0hg1neqS6XXdo =vZSB -----END PGP SIGNATURE----- --Apple-Mail-7-501382208-- From owner-freebsd-net@FreeBSD.ORG Fri May 22 20:41:26 2009 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ECA7106566C; Fri, 22 May 2009 20:41:26 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 536668FC12; Fri, 22 May 2009 20:41:26 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4MKfQCZ049401; Fri, 22 May 2009 20:41:26 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4MKfQii049397; Fri, 22 May 2009 20:41:26 GMT (envelope-from gavin) Date: Fri, 22 May 2009 20:41:26 GMT Message-Id: <200905222041.n4MKfQii049397@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-net@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: amd64/134788: [bce] failure to set ip address in amd64 if_bce.c, i386 seems OK X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 20:41:26 -0000 Old Synopsis: failure to set ip address in amd64 if_bce.c, i386 seems OK New Synopsis: [bce] failure to set ip address in amd64 if_bce.c, i386 seems OK Responsible-Changed-From-To: freebsd-amd64->freebsd-net Responsible-Changed-By: gavin Responsible-Changed-When: Fri May 22 20:40:10 UTC 2009 Responsible-Changed-Why: I'm guessing this is a bug in bce(4) rather than in the amd-specific code http://www.freebsd.org/cgi/query-pr.cgi?pr=134788 From owner-freebsd-net@FreeBSD.ORG Fri May 22 23:20:06 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC924106566C; Fri, 22 May 2009 23:20:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 8605A8FC1B; Fri, 22 May 2009 23:20:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id DA54041C7A3; Sat, 23 May 2009 01:20:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 8NfQzGWwy9ut; Sat, 23 May 2009 01:20:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 7F16E41C7A6; Sat, 23 May 2009 01:20:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D7F9B4448E6; Fri, 22 May 2009 23:16:27 +0000 (UTC) Date: Fri, 22 May 2009 23:16:27 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Attila Nagy In-Reply-To: <4A1057D2.5090800@fsn.hu> Message-ID: <20090522231449.K72053@maildrop.int.zabbadoz.net> References: <4A1057D2.5090800@fsn.hu> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD current mailing list , net@freebsd.org Subject: Re: Routing related crash in -CURRENT, introduced between 5th May and yesterday X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 23:20:07 -0000 On Sun, 17 May 2009, Attila Nagy wrote: Hi, > Somewhere between 5th May and yesterday there was a (routing related?) > change, which causes this machine crash at boot: SVN r192612 [1] ishould fix the problems. Let us know if it does not. /bz [1] http://svn.freebsd.org/viewvc/base?view=revision&revision=192612 -- Bjoern A. Zeeb The greatest risk is not taking one.