From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 06:51:48 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A99B8106564A for ; Sun, 5 Feb 2012 06:51:48 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 5E0F88FC12 for ; Sun, 5 Feb 2012 06:51:48 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q156pi74032659 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 4 Feb 2012 22:51:47 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F2E274F.6000601@freebsd.org> Date: Sat, 04 Feb 2012 22:53:03 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.25) Gecko/20111213 Thunderbird/3.1.17 MIME-Version: 1.0 To: =?windows-1251?Q?=CA=EE=ED=FC=EA=EE=E2_=C5=E2=E3=E5=ED=E8=E9?= References: <67410574.20120202113314@yandex.ru> In-Reply-To: <67410574.20120202113314@yandex.ru> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 06:51:48 -0000 On 2/2/12 1:33 AM, Коньков Евгений wrote: > this is the mine script which helps me keep my firewall very clean and safe. > > It is easy to understand even if you have a thousands rules, I think =) > > please comment. > > PS. If anybody may, please put into ports tree. thank you. it would probably be get more response if it was in a file format we had heard of.. like tar.. WTF is a ".rar" file? > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 07:11:58 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 730B4106566C for ; Sun, 5 Feb 2012 07:11:58 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 08A868FC13 for ; Sun, 5 Feb 2012 07:11:57 +0000 (UTC) Received: by wgbdq11 with SMTP id dq11so5261635wgb.31 for ; Sat, 04 Feb 2012 23:11:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=THY4H03XvMXBKl3BpvfQmRnAXqjBR+muNVoNkrblyXw=; b=LI9dLwhSuHiGspVIZlW8kJKGNLizBsr0ht7wqGAhALLNkSmLpD+atagw/A9t5XiYf1 Ub5SsdkiQSVu4YLNUMAFxfl4SfRr8w+68uI+tau9KAiPO37/SPHPjkwGxmGkytdzpvz9 h5iA+q0xImn6LQ6LBzopo+SNKZX568d68sJ6M= MIME-Version: 1.0 Received: by 10.181.12.106 with SMTP id ep10mr6263923wid.8.1328425916589; Sat, 04 Feb 2012 23:11:56 -0800 (PST) Received: by 10.223.62.135 with HTTP; Sat, 4 Feb 2012 23:11:56 -0800 (PST) In-Reply-To: <4F2E274F.6000601@freebsd.org> References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> Date: Sat, 4 Feb 2012 23:11:56 -0800 Message-ID: From: Kevin Oberman To: Julian Elischer Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org, =?KOI8-R?B?68/O2MvP1yDl18fFzsnK?= , freebsd-questions@freebsd.org Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 07:11:58 -0000 2012/2/4 Julian Elischer : > On 2/2/12 1:33 AM, =EB=CF=CE=D8=CB=CF=D7 =E5=D7=C7=C5=CE=C9=CA wrote: >> >> this is the mine script which helps me keep my firewall very clean and >> safe. >> >> It is easy to understand even if you have a thousands rules, I think =3D= ) >> >> please comment. >> >> PS. If anybody may, please put into ports tree. thank you. > > > it would probably be get more response if it was in a file format we had > heard of.. like tar.. > > WTF is a ".rar" =9Afile? rar is a compression and archiving tool used commonly for bittorrent. The tool to extract files is in port archivers/rar, but it's commercial and a proprietary format. The free tool is only capable of extracting, not compressing. It is reported that its compression is very good, better than bzip2, xz and can even do a reasonable job of compressing things like already compressed video formats. (Probably why it became popular for bittorrent.) R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 07:14:19 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C0953106566B; Sun, 5 Feb 2012 07:14:19 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 9229A8FC12; Sun, 5 Feb 2012 07:14:19 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q157EH0B032730 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 4 Feb 2012 23:14:18 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F2E2C97.7000400@freebsd.org> Date: Sat, 04 Feb 2012 23:15:35 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.25) Gecko/20111213 Thunderbird/3.1.17 MIME-Version: 1.0 To: =?windows-1251?Q?=CA=EE=ED=FC=EA=EE=E2_=C5=E2=E3=E5=ED=E8=E9?= References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> In-Reply-To: <4F2E274F.6000601@freebsd.org> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 07:14:19 -0000 On 2/4/12 10:53 PM, Julian Elischer wrote: > On 2/2/12 1:33 AM, Коньков Евгений wrote: >> this is the mine script which helps me keep my firewall very clean >> and safe. >> >> It is easy to understand even if you have a thousands ruBTWles, I >> think =) >> >> please comment. >> >> PS. If anybody may, please put into ports tree. thank you. > > it would probably be get more response if it was in a file format we > had heard of.. like tar.. > > WTF is a ".rar" file? BTW the "stuffit" expander on a Mac seems to be able to handle it.. I can see that this would allow you to manage very complex rule sets while keeping errors under control. I find the syntax hard to follow however I guess that comes from it being a relatively simple perl script doing the work. it would be nice to get rid of the line numbers entirely in the specifications and allow the program to completely specify them using symbolic definitions instead. > >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 09:48:11 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 291EB1065674; Sun, 5 Feb 2012 09:48:11 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward7.mail.yandex.net (forward7.mail.yandex.net [IPv6:2a02:6b8:0:202::2]) by mx1.freebsd.org (Postfix) with ESMTP id 084828FC17; Sun, 5 Feb 2012 09:48:09 +0000 (UTC) Received: from smtp6.mail.yandex.net (smtp6.mail.yandex.net [77.88.61.56]) by forward7.mail.yandex.net (Yandex) with ESMTP id 4DE0F1C10D1; Sun, 5 Feb 2012 13:48:07 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328435287; bh=xKvRvSVjZbtpkUI6+2YQ8T11u8z+5wiColiZrU0o/HI=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type; b=kAQmGMy3EzzAMlWL51mmwjvOzS0zd19nKgHIbocgj7WIAfq53DJcC/3l/f8QPCy1p UrSyc6Hqz8+W2UlUZ69Nkcj60ybcLsKVrL9EW7V0h0p9mcG94h/7MZk1ieUFenuyLs Mg53D44vFhKrDm1ahEKBdXa85O3JpyFN9bqHqBUA= Received: from smtp6.mail.yandex.net (localhost [127.0.0.1]) by smtp6.mail.yandex.net (Yandex) with ESMTP id 1AFCB1640481; Sun, 5 Feb 2012 13:48:07 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328435287; bh=xKvRvSVjZbtpkUI6+2YQ8T11u8z+5wiColiZrU0o/HI=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type; b=kAQmGMy3EzzAMlWL51mmwjvOzS0zd19nKgHIbocgj7WIAfq53DJcC/3l/f8QPCy1p UrSyc6Hqz8+W2UlUZ69Nkcj60ybcLsKVrL9EW7V0h0p9mcG94h/7MZk1ieUFenuyLs Mg53D44vFhKrDm1ahEKBdXa85O3JpyFN9bqHqBUA= Received: from unknown (unknown [77.93.52.20]) by smtp6.mail.yandex.net (nwsmtp/Yandex) with ESMTP id m5GOkfm2-m5GCxR5c; Sun, 5 Feb 2012 13:48:05 +0400 X-Yandex-Spam: 1 Date: Sun, 5 Feb 2012 11:48:03 +0200 From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?windows-1251?B?188gyu7t/Oru4iwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <332302285.20120205114803@yandex.ru> To: Julian Elischer In-Reply-To: <4F2E2C97.7000400@freebsd.org> References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> <4F2E2C97.7000400@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------ADB6AC35B07843" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 09:48:11 -0000 ------------ADB6AC35B07843 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Здравствуйте, Julian. Вы писали 5 февраля 2012 г., 9:15:35: JE> On 2/4/12 10:53 PM, Julian Elischer wrote: >> On 2/2/12 1:33 AM, Коньков Евгений wrote: >>> this is the mine script which helps me keep my firewall very clean >>> and safe. >>> >>> It is easy to understand even if you have a thousands ruBTWles, I >>> think =) >>> >>> please comment. >>> >>> PS. If anybody may, please put into ports tree. thank you. >> >> it would probably be get more response if it was in a file format we >> had heard of.. like tar.. >> >> WTF is a ".rar" file? JE> BTW the "stuffit" expander on a Mac seems to be able to handle it.. JE> I can see that this would allow you to manage very complex rule sets JE> while keeping errors under control. JE> I find the syntax hard to follow however JE> I guess that comes from it being a relatively simple perl script JE> doing the work. JE> it would be nice to get rid of the line numbers entirely in the JE> specifications JE> and allow the program to completely specify them using symbolic JE> definitions instead. can you give an example how it whould be better? a documentation is weak a bit, if you have question be free to ask. I will clear that. In tar format as you ask. -- С уважением, Коньков mailto:kes-kes@yandex.ru ------------ADB6AC35B07843-- From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 12:18:17 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 84115106566B for ; Sun, 5 Feb 2012 12:18:17 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm36-vm2.bullet.mail.ne1.yahoo.com (nm36-vm2.bullet.mail.ne1.yahoo.com [98.138.229.114]) by mx1.freebsd.org (Postfix) with SMTP id 4334B8FC0A for ; Sun, 5 Feb 2012 12:18:17 +0000 (UTC) Received: from [98.138.90.51] by nm36.bullet.mail.ne1.yahoo.com with NNFMP; 05 Feb 2012 12:05:14 -0000 Received: from [98.138.89.246] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 05 Feb 2012 12:05:14 -0000 Received: from [127.0.0.1] by omp1060.mail.ne1.yahoo.com with NNFMP; 05 Feb 2012 12:05:14 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 307951.26888.bm@omp1060.mail.ne1.yahoo.com Received: (qmail 42442 invoked by uid 60001); 5 Feb 2012 12:05:13 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1328443513; bh=5O0Z+BW/bT6oDsPGN3I4vK5TAYSWn1pGrCW3mJmaSQs=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=j77ErpiQzDghgDB5RDzcnysVStCaFUMwkYjw4uiMHlyuwyOno/U+L4m/7U279dDZvLUPVaB4PvkFk+UtUeg/gooY9tjrnRNRWeYKTk4t8tcbfflp+pyRW5jj14d0Ww3n/gl/JzOpRt2msvf7pePM3pZXEKAOv6Q1FxrjXSm9oBk= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=0dAz7fjbMLZ2GS5vyTdKghxer7NahS4qqb3nrA5ZVBQz4bfARdch0d5VuOEOsZTpx3BSOuYaj13DEcNbxBARiRfzNcebwfBuNDMCuO3VyoD6p1r8p5EdJr4PMuSu8jdcmJ+Ngn2GzhtiZBdgIkPwXDur5XeQBKAtD5zSERgTEGo=; X-YMail-OSG: c9TAR0IVM1kRXHXqL43VzvX0XHDJ8ayr2qCzwUVDFekiL67 p6IYJfXdV62JpBbhTS6FaZZ7.QXLG9Wrc95anVvwp45ni3T1f3Urn9kL2C.m Sw1LysW6smnP6GmoMSG3s.j3QKQ.5NXfwZL7K4HmiQTT81EBrBdkMwbUCpOG mn4UUKWW8qyxgukiaBVdhjrvMBAE0waod9kBXu1sWl5MgsZ7WX6pMvy8d3N4 MuY_ie_N3zzSEDuFFvIKUJl2NhdM0TlC3ewGzCU7UrH2GnIYACkbzSC.m7cP SkkKTmUZk8ftDR4096BORC.TKLbAWtlASJmCqRxIy8eXzKA3UWkLtlG72_9P zaQYJuZUZtEY5amUFahwPLJUDCklCNvd7Br.gzaMq6RSYXoDc7zNgtbFCmZz S23tMFKb2pq4LjiQ7JJgwB0Ovlqs7Pnr2_3iR5SQg8JKRH0EBJ8knGRjuPEt lUx6Ql23urMBVz8QEdQeryQ-- Received: from [98.203.44.66] by web36505.mail.mud.yahoo.com via HTTP; Sun, 05 Feb 2012 04:05:13 PST X-Mailer: YahooMailWebService/0.8.116.331537 References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> <4F2E2C97.7000400@freebsd.org> Message-ID: <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> Date: Sun, 5 Feb 2012 04:05:13 -0800 (PST) From: Bill Tillman To: "freebsd-net@freebsd.org" In-Reply-To: <4F2E2C97.7000400@freebsd.org> MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 05 Feb 2012 12:49:16 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bill Tillman List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 12:18:17 -0000 =0A=0A=0AFrom: Julian Elischer =0ATo: =D0=9A=D0=BE=D0= =BD=D1=8C=D0=BA=D0=BE=D0=B2 =D0=95=D0=B2=D0=B3=D0=B5=D0=BD=D0=B8=D0=B9 =0ACc: freebsd-net@freebsd.org; freebsd-questions@freebsd.o= rg =0ASent: Sunday, February 5, 2012 2:15 AM=0ASubject: Re: HowTo easy use = IPFW=0A=0AOn 2/4/12 10:53 PM, Julian Elischer wrote:=0A> On 2/2/12 1:33 AM,= =D0=9A=D0=BE=D0=BD=D1=8C=D0=BA=D0=BE=D0=B2 =D0=95=D0=B2=D0=B3=D0=B5=D0=BD= =D0=B8=D0=B9 wrote:=0A>> this is the mine script which helps me keep my fir= ewall very clean and safe.=0A>> =0A>> It is easy to understand even if you = have a thousands ruBTWles, I think =3D)=0A>> =0A>> please comment.=0A>> =0A= >> PS. If anybody may, please put into ports tree. thank you.=0A> =0A> it w= ould probably be get more response if it was in a file format we had heard = of.. like tar..=0A> =0A> WTF is a ".rar"=C2=A0 file?=0ABTW the=C2=A0 "stuff= it" expander on a Mac seems to be able to handle it..=0A=0AI can see that t= his would allow you to manage very complex rule sets while keeping errors u= nder control.=0A=0AI find the syntax hard to follow however=0AI guess that = comes from it being a relatively simple perl script doing the work.=0A=0Ait= would be nice to get rid of the line numbers entirely in the specification= s=0Aand allow the program to completely specify them using symbolic definit= ions instead.=0A=0A=0A=0A> =0A>> =0A>> ____________________________________= ___________=0A>> freebsd-net@freebsd.org mailing list=0A>> http://lists.fre= ebsd.org/mailman/listinfo/freebsd-net=0A>> To unsubscribe, send any mail to= "freebsd-net-unsubscribe@freebsd.org"=0A> =0A> ___________________________= ____________________=0A> freebsd-net@freebsd.org mailing list=0A> http://li= sts.freebsd.org/mailman/listinfo/freebsd-net=0A> To unsubscribe, send any m= ail to "freebsd-net-unsubscribe@freebsd.org"=0A> =0A> =0A=0A_______________= ________________________________=0Afreebsd-questions@freebsd.org mailing li= st=0Ahttp://lists.freebsd.org/mailman/listinfo/freebsd-questions=0ATo unsub= scribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"=0A=0A= =0A*.rar files have been aroung a long time. They are created by a program = call Winrar. I never understood the need for this because every since M$ st= arted including support for zip files built right into Windows Explorer the= re's no need for additional compression utility. There are some studies whi= ch show Winrar is a little more efficient with it's compression but with to= day's 2 TB hard drive prices, disk space is not such a premium anymore. Fre= eBSD actually has a port for it /"usr/ports/archivers/rar". I have found th= at this program is mostly used by hackers on the bittorent sites who steal = and distribute copyrighted software and transmit trojans and viruses so it'= s been my habbit to avoid rar files. If someone I trust sends it I will ope= n it but I don't plan on opening up this guy's ipfw rule set for that very = reason. The other reason is that any rule set with 1,000 lines in it has go= t to be over kill. The simplest advice I could offer here is this:=0A=0AThe= only truly safe firewall ruleset consists of one rule and that is:=0A=0A= =C2=A0deny all from any to any=0A=0AIf you must have Internet access, and w= e all do then the next simplest rule set would be:=0A=0ABuild your kernel t= o have IPFW deny all traffic by default=0AAllow only the ports you deem nec= essary for your needs=0ADeny all other traffic=0A=0AAfter you've examined y= our log files for a few weeks, turn off logging because it's usually just a= bunch or crap from IP addresses in China, Amsterdam, or maybe an odd one h= ere and there coming from another source, trying to hack into your computer= . I have found over many years that it doesn't pay anything to know about a= ll the attempted attacks. It only pays to stop them cold and the above simp= le rule set will do just that. From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 15:14:35 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FB78106566B for ; Sun, 5 Feb 2012 15:14:35 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward4.mail.yandex.net (forward4.mail.yandex.net [IPv6:2a02:6b8:0:602::4]) by mx1.freebsd.org (Postfix) with ESMTP id E7B288FC14 for ; Sun, 5 Feb 2012 15:14:23 +0000 (UTC) Received: from smtp1.mail.yandex.net (smtp1.mail.yandex.net [77.88.46.101]) by forward4.mail.yandex.net (Yandex) with ESMTP id EF3C4501A35; Sun, 5 Feb 2012 19:14:21 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328454862; bh=gFEiFmqDjktwx7xVte+4y+FPPE2092+m/5WdovZS6CY=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type; b=SweMmM5vZ3LugYQxTcreu4igi2/b35LfF5Jc+cS08he+HvCVPsomx6m+5yM4ahysh FaAZJKyoYVy2IbMXdFRwgOP/tVaZ6huKT+vh2QbLwMVuWVegf4up0tm/HcZG4iGtTZ jCXVb4+AP3OS9zAMBRtmUsgfAWu3kpOF+cdxG/Mw= Received: from smtp1.mail.yandex.net (localhost [127.0.0.1]) by smtp1.mail.yandex.net (Yandex) with ESMTP id BB97EAA0400; Sun, 5 Feb 2012 19:14:21 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328454861; bh=gFEiFmqDjktwx7xVte+4y+FPPE2092+m/5WdovZS6CY=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type; b=qS1zB+FhvYOcBq3fhBtIMMHeUeMYh9YXHIT+XkeVYG4JfmsRGBdzrmGKOsl5TorfH 2w5YxBJpU+DVyCznN9cHz2alpBkGlInAxVjByyGDLGVPnrpyfna0Qwa4TTvIaUf7TU cG5/5DTF6AufsEFqRbjemWQdq34muW60Vh2LYJ48= Received: from unknown (unknown [77.93.52.19]) by smtp1.mail.yandex.net (nwsmtp/Yandex) with ESMTP id EFUaRkLj-EFU4cu8i; Sun, 5 Feb 2012 19:14:15 +0400 X-Yandex-Spam: 1 Date: Sun, 5 Feb 2012 17:14:13 +0200 From: =?utf-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?utf-8?B?0KfQnyDQmtC+0L3RjNC60L7QsiwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <675283668.20120205171413@yandex.ru> To: Bill Tillman In-Reply-To: <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> <4F2E2C97.7000400@freebsd.org> <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------DC1E214C1A41B231" X-Mailman-Approved-At: Sun, 05 Feb 2012 17:20:29 +0000 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-net@freebsd.org" Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?utf-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 15:14:35 -0000 ------------DC1E214C1A41B231 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Здравствуйте, Bill. Р’С‹ писали 5 февраля 2012 Рі., 14:05:13: BT> From: Julian Elischer BT> To: РљРѕРЅСЊРєРѕРІ Евгений BT> Cc: freebsd-net@freebsd.org; freebsd-questions@freebsd.org BT> Sent: Sunday, February 5, 2012 2:15 AM BT> Subject: Re: HowTo easy use IPFW BT> On 2/4/12 10:53 PM, Julian Elischer wrote: >> On 2/2/12 1:33 AM, РљРѕРЅСЊРєРѕРІ Евгений wrote: >>> this is the mine script which helps me keep my firewall very clean and safe. >>> >>> It is easy to understand even if you have a thousands ruBTWles, I think >>> >>> please comment. >>> >>> PS. If anybody may, please put into ports tree. thank you. >> >> it would probably be get more response if it was in a file format we had heard of.. like tar.. >> >> is a ".rar" file? BT> BTW the "stuffit" expander on a Mac seems to be able to handle it.. BT> I can see that this would allow you to manage very complex rule BT> sets while keeping errors under control. BT> I find the syntax hard to follow however BT> I guess that comes from it being a relatively simple perl script doing the work. BT> it would be nice to get rid of the line numbers entirely in the specifications BT> and allow the program to completely specify them using symbolic definitions instead. >> >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> BT> _______________________________________________ BT> freebsd-questions@freebsd.org mailing list BT> http://lists.freebsd.org/mailman/listinfo/freebsd-questions BT> To unsubscribe, send any mail to BT> "freebsd-questions-unsubscribe@freebsd.org" BT> *.rar files have been aroung a long time. They are created by a BT> program call Winrar. I never understood the need for this because BT> every since M$ started including support for zip files built right BT> into Windows Explorer there's no need for additional compression BT> utility. There are some studies which show Winrar is a little more BT> efficient with it's compression but with today's 2 TB hard drive BT> prices, disk space is not such a premium anymore. FreeBSD actually BT> has a port for it /"usr/ports/archivers/rar". I have found that BT> this program is mostly used by hackers on the bittorent sites who BT> steal and distribute copyrighted software and transmit trojans and BT> viruses so it's been my habbit to avoid rar files. If someone I BT> trust sends it I will open it but I don't plan on opening up this BT> guy's ipfw rule set for that very reason. The other reason is that BT> any rule set with 1,000 lines in it has got to be over kill. The BT> simplest advice I could offer here is this: BT> The only truly safe firewall ruleset consists of one rule and that is: BT> deny all from any to any BT> If you must have Internet access, and we all do then the next simplest rule set would be: BT> Build your kernel to have IPFW deny all traffic by default BT> Allow only the ports you deem necessary for your needs BT> Deny all other traffic BT> After you've examined your log files for a few weeks, turn off BT> logging because it's usually just a bunch or crap from IP BT> addresses in China, Amsterdam, or maybe an odd one here and there BT> coming from another source, trying to hack into your computer. I BT> have found over many years that it doesn't pay anything to know BT> about all the attempted attacks. It only pays to stop them cold BT> and the above simple rule set will do just that. yes, and I suggest same thing: first deny all and then allow only that packets you want to pass. so I have next default rules: 65500 deny log ip from any to any 65535 deny ip from any to any but for the router which has many interfaces and which has flat firewall rules it is hard to keep it clean. Mine script allow to separate rules for each interface to its own file Simple example: allow any trafic through vlan153 cat f_vlan153 ################# GOSUB 099 SPLIT ################# #IN TRAFIC (100-499) 490 allow in recv $iface ################# #out TRAFIC (500-899) 890 allow out xmit $iface ################# # >=900 rules are reserved for other stuff will be expanded as: 00999 skipto 8000 ip from any to any via vlan153 08099 skipto 8100 ip from any to any in recv vlan153 08099 skipto 8500 ip from any to any out xmit vlan153 08099 deny log ip from any to any via vlan153 08099 skipto 65000 ip from any to any 08490 allow ip from any to any in recv vlan153 08499 deny log ip from any to any via vlan153 08499 skipto 65000 ip from any to any 08890 allow ip from any to any out xmit vlan153 08899 deny log ip from any to any via vlan153 08899 skipto 65000 ip from any to any and more complex: nat packets that are going through vlan407, queue incoming trafic so each host in lan will be shaped to 2Mbit/s for example. allow some subnet and host from lan to access internet: 10.12.50.0/24 and 10.11.43.58 I.N.E.T - your external IP like '155.7.43.16' cat f_pipes c pipe 52 config bw 2097152bit/s mask dst-ip 0xffffffff gred 0.002/10/30/0.1 c queue 52 config pipe 12 queue 50 mask dst-ip 0xffffffff gred 0.002/10/30/0.1 cat f_vlan407 NAT ip I.N.E.T unreg_only reset ################# GOSUB 099 SPLIT ################# #IN TRAFIC (100-499) 256 NAT all from any to I.N.E.T in recv $iface 275 queue 52 all from any to any in recv $iface 490 allow in recv $iface ################# #out TRAFIC (500-899) 757 NAT 101 all from 10.12.50.0/24 to any out xmit $iface 758 NAT 101 all from 10.11.8.12 to any out xmit $iface 890 allow out xmit $iface ################# # >=900 rules are reserved for other stuff will be expanded as: 00999 skipto 23000 ip from any to any via vlan407 23099 skipto 23100 ip from any to any in recv vlan407 23099 skipto 23500 ip from any to any out xmit vlan407 23099 deny log ip from any to any via vlan407 23099 skipto 65000 ip from any to any 23256 nat 101 ip from any to I.N.E.T in recv vlan407 23275 queue 52 ip from any to any in recv vlan407 23490 allow ip from any to any in recv vlan407 23499 deny log ip from any to any via vlan407 23499 skipto 65000 ip from any to any 23757 nat 101 ip from 10.12.50.0/24 to any out xmit vlan407 23758 nat 101 ip from 10.11.8.12 to any out xmit vlan407 23890 allow ip from any to any out xmit vlan407 23899 deny log ip from any to any via vlan407 23899 skipto 65000 ip from any to any # ipfw nat show config ipfw nat 101 config ip I.N.E.T unreg_only reset -- РЎ уважением, РљРѕРЅСЊРєРѕРІ mailto:kes-kes@yandex.ru ------------DC1E214C1A41B231-- From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 18:47:02 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34ADE106566C for ; Sun, 5 Feb 2012 18:47:02 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id C01FC8FC0A for ; Sun, 5 Feb 2012 18:47:01 +0000 (UTC) Received: by eaan10 with SMTP id n10so2611566eaa.13 for ; Sun, 05 Feb 2012 10:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=BHE2V4GK77kI/6Uxt7wMCDODJEN0oT7uKkFI9qk1mzQ=; b=G7TPHewGCcgZDcIC2nEOUPrxbo/DZidBxYWRcIzt6qsi6uY3Pk2V5D0HUb9nks6lqX nAw3ABUAGwLuFBhxqHcyX+lpG2d9Xn11pbznV+T2HvkLaO4T4L0VUEtjTniF6IWQhg+X t3wikpZxmdXmrFajCB+ItfrzuUGWxLZOYz3cg= Received: by 10.213.16.199 with SMTP id p7mr2345674eba.141.1328465825233; Sun, 05 Feb 2012 10:17:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.14.28.1 with HTTP; Sun, 5 Feb 2012 10:16:35 -0800 (PST) In-Reply-To: <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> <4F2E2C97.7000400@freebsd.org> <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> From: Eitan Adler Date: Sun, 5 Feb 2012 13:16:35 -0500 Message-ID: To: Bill Tillman Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-net@freebsd.org" Subject: Re: HowTo easy use IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 18:47:02 -0000 On Sun, Feb 5, 2012 at 7:05 AM, Bill Tillman wrote: > The only truly safe firewall ruleset consists of one rule and that is: > > =C2=A0deny all from any to any This ruleset is potentially a denial of service attack if the system is intended to do certain useful things. You can't talk about "only truly safe firewall ruleset" without also talking about your threat model (and intended functionality). --=20 Eitan Adler From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 18:50:08 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54BD3106566B for ; Sun, 5 Feb 2012 18:50:08 +0000 (UTC) (envelope-from mkurpel@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id D3CF08FC0C for ; Sun, 5 Feb 2012 18:50:07 +0000 (UTC) Received: by eaan10 with SMTP id n10so2612579eaa.13 for ; Sun, 05 Feb 2012 10:50:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=fJsl5sO7uAs6NBWasn4uJfkElRwVyoJ0iyVdrtOIRGc=; b=s1kwZYiw9ZD8N9GefUTxWWZ6csoGYSczhPacaQRZ6z8Hp2FZeFeOgencyKC8X2I0pE DRB8n83mn5yKrID34M/cyHFaKt/1w5SzXcKmmQ6ED5GyaMmNrq9AYhBdsADukXDJ3Uq0 u4Iy3gfny6kMzGgMbzuQ3Kjfh64RGBPiY69NE= Received: by 10.213.4.148 with SMTP id 20mr877498ebr.143.1328465945140; Sun, 05 Feb 2012 10:19:05 -0800 (PST) Received: from [172.17.17.17] (dial-95-105-196-185-orange.orange.sk. [95.105.196.185]) by mx.google.com with ESMTPS id a58sm51092047eeb.8.2012.02.05.10.19.03 (version=SSLv3 cipher=OTHER); Sun, 05 Feb 2012 10:19:04 -0800 (PST) Message-ID: <4F2EC816.6080102@gmail.com> Date: Sun, 05 Feb 2012 19:19:02 +0100 From: Matej Kurpel User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Multicast BIND error in jail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 18:50:08 -0000 Hello all, I have problems running programs that need to receive multicast traffic from the network in a jailed environment. For example, a program udpxy I wanted to use, says: "setup_mcast_listener: bind: Can't assign requested address". This looks like jail restriction. Unfortunately, I have no access to the jail host but I know people who have it. They also don't know how to solve this problem so I can tell them the solution if you provide me with any :) - please, does somebody know how to lift this restriction? Uname -a inside jail says (if it helps): FreeBSD mek 8.2-RELEASE-p1 FreeBSD 8.2-RELEASE-p1 #4: Thu May 12 06:36:55 CEST 2011 (removed)@(removed).sk:/usr/obj/usr/src/sys/GENERIC i386 If any other information is needed, just ask. Thanks in advance for all responses, M. Kurpel From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 19:38:27 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D38721065776; Sun, 5 Feb 2012 19:38:27 +0000 (UTC) (envelope-from andrey@zonov.org) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7C4268FC19; Sun, 5 Feb 2012 19:38:26 +0000 (UTC) Received: by bkbzx1 with SMTP id zx1so5829045bkb.13 for ; Sun, 05 Feb 2012 11:38:25 -0800 (PST) Received: by 10.204.145.155 with SMTP id d27mr6729477bkv.36.1328469304406; Sun, 05 Feb 2012 11:15:04 -0800 (PST) Received: from [10.254.254.77] (ppp95-165-159-250.pppoe.spdop.ru. [95.165.159.250]) by mx.google.com with ESMTPS id e17sm34493830bkz.13.2012.02.05.11.15.03 (version=SSLv3 cipher=OTHER); Sun, 05 Feb 2012 11:15:04 -0800 (PST) Message-ID: <4F2ED535.40606@zonov.org> Date: Sun, 05 Feb 2012 23:15:01 +0400 From: Andrey Zonov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.0 MIME-Version: 1.0 To: Hiroki Sato References: <20120205.033532.381149506660559829.hrs@allbsd.org> In-Reply-To: <20120205.033532.381149506660559829.hrs@allbsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: sem@FreeBSD.org, mark@mivok.net, net@FreeBSD.org Subject: Re: [CFT] multiple FIB support in route(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 19:38:27 -0000 Hi, What do you think about adding fib support for rc.subr like we got one for nice? On 04.02.2012 22:35, Hiroki Sato wrote: > Hello, > > Can anyone review/test the attached patch to add "-fib number" option > to route(8)? This should simplify static route configuration across > multiple FIBs in rc.conf. Just adding an -fib option like the > following will do the trick without changing rc.d/routing: > > static_routes="foo bar" > route_foo="10.1.1.1/24 192.168.2.1 -fib 2" > route_bar="10.1.1.1/24 192.168.2.1 -fib 3" > > The -fib option is supported in all subcommands but monitor. > > -- Hiroki -- Andrey Zonov From owner-freebsd-net@FreeBSD.ORG Sun Feb 5 20:05:09 2012 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A82A106566B; Sun, 5 Feb 2012 20:05:09 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3E11F8FC1C; Sun, 5 Feb 2012 20:05:08 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 554C52842E; Sun, 5 Feb 2012 20:49:33 +0100 (CET) Received: from [192.168.1.2] (ip-86-49-61-235.net.upcbroadband.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 2CADD28424; Sun, 5 Feb 2012 20:49:32 +0100 (CET) Message-ID: <4F2EDD4B.3010307@quip.cz> Date: Sun, 05 Feb 2012 20:49:31 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14 MIME-Version: 1.0 To: Andrey Zonov References: <20120205.033532.381149506660559829.hrs@allbsd.org> <4F2ED535.40606@zonov.org> In-Reply-To: <4F2ED535.40606@zonov.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Hiroki Sato , mark@mivok.net, net@FreeBSD.org, sem@FreeBSD.org Subject: Re: [CFT] multiple FIB support in route(8) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 20:05:09 -0000 Andrey Zonov wrote: > Hi, > > What do you think about adding fib support for rc.subr like we got one > for nice? There are PRs with patches for rc.subr for a long time without attention. Same as with PR's adding suport for cpuset. I don't understand why we are having some really useful tools in base without support in rc.conf > On 04.02.2012 22:35, Hiroki Sato wrote: >> Hello, >> >> Can anyone review/test the attached patch to add "-fib number" option >> to route(8)? This should simplify static route configuration across >> multiple FIBs in rc.conf. Just adding an -fib option like the >> following will do the trick without changing rc.d/routing: >> >> static_routes="foo bar" >> route_foo="10.1.1.1/24 192.168.2.1 -fib 2" >> route_bar="10.1.1.1/24 192.168.2.1 -fib 3" >> >> The -fib option is supported in all subcommands but monitor. >> >> -- Hiroki From owner-freebsd-net@FreeBSD.ORG Mon Feb 6 11:07:08 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B0E7106567A for ; Mon, 6 Feb 2012 11:07:08 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 47ED18FC2A for ; Mon, 6 Feb 2012 11:07:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q16B782c007891 for ; Mon, 6 Feb 2012 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q16B77lb007889 for freebsd-net@FreeBSD.org; Mon, 6 Feb 2012 11:07:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 6 Feb 2012 11:07:07 GMT Message-Id: <201202061107.q16B77lb007889@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-net@FreeBSD.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 11:07:08 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/164696 net [netinet] [patch] [panic] VIMAGE + carp panics the ker o kern/164569 net [msk] [hang] msk network driver cause freeze in FreeBS o kern/164495 net [igb] connect double head igb to switch cause system t o kern/164490 net [pfil] Incorrect IP checksum on pfil pass from ip_outp o kern/164475 net [gre] gre misses RUNNING flag after a reboot o kern/164400 net [ipsec] immediate crash after the start of ipsec proce o kern/164265 net [netinet] [patch] tcp_lro_rx computes wrong checksum i o kern/163903 net [igb] "igb0:tx(0)","bpf interface lock" v2.2.5 9-STABL o kern/163481 net freebsd do not add itself to ping route packet o kern/162927 net [tun] Modem-PPP error ppp[1538]: tun0: Phase: Clearing o kern/162926 net [ipfilter] Infinite loop in ipfilter with fragmented I o kern/162558 net [dummynet] [panic] seldom dummynet panics o kern/162509 net [re] [panic] Kernel panic may be related to if_re.c (r o kern/162352 net [patch] Enhancement: add SO_PROTO to socket.h o kern/162153 net [em] intel em driver 7.2.4 don't compile o kern/162110 net [igb] [panic] RELENG_9 panics on boot in IGB driver - o kern/162028 net [ixgbe] [patch] misplaced #endif in ixgbe.c o kern/161899 net [route] ntpd(8): Repeating RTM_MISS packets causing hi o kern/161381 net [re] RTL8169SC - re0: PHY write failed o kern/161277 net [em] [patch] BMC cannot receive IPMI traffic after loa o kern/160873 net [igb] igb(4) from HEAD fails to build on 7-STABLE o kern/160750 net Intel PRO/1000 connection breaks under load until rebo o kern/160693 net [gif] [em] Multicast packet are not passed from GIF0 t o kern/160420 net [msk] phy write timeout on HP 5310m o kern/160293 net [ieee80211] ppanic] kernel panic during network setup o kern/160206 net [gif] gifX stops working after a while (IPv6 tunnel) o kern/159817 net [udp] write UDPv4: No buffer space available (code=55) o kern/159795 net [tcp] excessive duplicate ACKs and TCP session freezes o kern/159629 net [ipsec] [panic] kernel panic with IPsec in transport m o kern/159621 net [tcp] [panic] panic: soabort: so_count o kern/159603 net [netinet] [patch] in_ifscrubprefix() - network route c o kern/159601 net [netinet] [patch] in_scrubprefix() - loopback route re o kern/159294 net [em] em watchdog timeouts o kern/159203 net [wpi] Intel 3945ABG Wireless LAN not support IBSS o kern/158930 net [bpf] BPF element leak in ifp->bpf_if->bif_dlist o kern/158726 net [ip6] [patch] ICMPv6 Router Announcement flooding limi o kern/158694 net [ix] [lagg] ix0 is not working within lagg(4) o kern/158665 net [ip6] [panic] kernel pagefault in in6_setscope() o kern/158635 net [em] TSO breaks BPF packet captures with em driver f kern/157802 net [dummynet] [panic] kernel panic in dummynet o kern/157785 net amd64 + jail + ipfw + natd = very slow outbound traffi o kern/157429 net [re] Realtek RTL8169 doesn't work with re(4) o kern/157418 net [em] em driver lockup during boot on Supermicro X9SCM- o kern/157410 net [ip6] IPv6 Router Advertisements Cause Excessive CPU U o kern/157287 net [re] [panic] INVARIANTS panic (Memory modified after f o kern/157209 net [ip6] [patch] locking error in rip6_input() (sys/netin o kern/157200 net [network.subr] [patch] stf(4) can not communicate betw o kern/157182 net [lagg] lagg interface not working together with epair o kern/156877 net [dummynet] [panic] dummynet move_pkt() null ptr derefe o kern/156667 net [em] em0 fails to init on CURRENT after March 17 o kern/156408 net [vlan] Routing failure when using VLANs vs. Physical e o kern/156328 net [icmp]: host can ping other subnet but no have IP from o kern/156317 net [ip6] Wrong order of IPv6 NS DAD/MLD Report o kern/156283 net [ip6] [patch] nd6_ns_input - rtalloc_mpath does not re o kern/156279 net [if_bridge][divert][ipfw] unable to correctly re-injec o kern/156226 net [lagg]: failover does not announce the failover to swi o kern/156030 net [ip6] [panic] Crash in nd6_dad_start() due to null ptr o kern/155772 net ifconfig(8): ioctl (SIOCAIFADDR): File exists on direc o kern/155680 net [multicast] problems with multicast s kern/155642 net [request] Add driver for Realtek RTL8191SE/RTL8192SE W o kern/155597 net [panic] Kernel panics with "sbdrop" message o kern/155420 net [vlan] adding vlan break existent vlan o kern/155177 net [route] [panic] Panic when inject routes in kernel o kern/155030 net [igb] igb(4) DEVICE_POLLING does not work with carp(4) o kern/155010 net [msk] ntfs-3g via iscsi using msk driver cause kernel o kern/154943 net [gif] ifconfig gifX create on existing gifX clears IP s kern/154851 net [request]: Port brcm80211 driver from Linux to FreeBSD o kern/154850 net [netgraph] [patch] ng_ether fails to name nodes when t o kern/154679 net [em] Fatal trap 12: "em1 taskq" only at startup (8.1-R o kern/154600 net [tcp] [panic] Random kernel panics on tcp_output o kern/154557 net [tcp] Freeze tcp-session of the clients, if in the gat o kern/154443 net [if_bridge] Kernel module bridgestp.ko missing after u o kern/154286 net [netgraph] [panic] 8.2-PRERELEASE panic in netgraph o kern/154255 net [nfs] NFS not responding o kern/154214 net [stf] [panic] Panic when creating stf interface o kern/154185 net race condition in mb_dupcl o kern/154169 net [multicast] [ip6] Node Information Query multicast add o kern/154134 net [ip6] stuck kernel state in LISTEN on ipv6 daemon whic o kern/154091 net [netgraph] [panic] netgraph, unaligned mbuf? o conf/154062 net [vlan] [patch] change to way of auto-generatation of v o kern/153937 net [ral] ralink panics the system (amd64 freeBSDD 8.X) wh o kern/153936 net [ixgbe] [patch] MPRC workaround incorrectly applied to o kern/153816 net [ixgbe] ixgbe doesn't work properly with the Intel 10g o kern/153772 net [ixgbe] [patch] sysctls reference wrong XON/XOFF varia o kern/153497 net [netgraph] netgraph panic due to race conditions o kern/153454 net [patch] [wlan] [urtw] Support ad-hoc and hostap modes o kern/153308 net [em] em interface use 100% cpu o kern/153244 net [em] em(4) fails to send UDP to port 0xffff o kern/152893 net [netgraph] [panic] 8.2-PRERELEASE panic in netgraph o kern/152853 net [em] tftpd (and likely other udp traffic) fails over e o kern/152828 net [em] poor performance on 8.1, 8.2-PRE o kern/152569 net [net]: Multiple ppp connections and routing table prob o kern/152235 net [arp] Permanent local ARP entries are not properly upd o kern/152141 net [vlan] [patch] encapsulate vlan in ng_ether before out o kern/152036 net [libc] getifaddrs(3) returns truncated sockaddrs for n o kern/151690 net [ep] network connectivity won't work until dhclient is o kern/151681 net [nfs] NFS mount via IPv6 leads to hang on client with o kern/151593 net [igb] [panic] Kernel panic when bringing up igb networ o kern/150920 net [ixgbe][igb] Panic when packets are dropped with heade o kern/150557 net [igb] igb0: Watchdog timeout -- resetting o kern/150251 net [patch] [ixgbe] Late cable insertion broken o kern/150249 net [ixgbe] Media type detection broken o bin/150224 net ppp(8) does not reassign static IP after kill -KILL co f kern/149969 net [wlan] [ral] ralink rt2661 fails to maintain connectio o kern/149937 net [ipfilter] [patch] kernel panic in ipfilter IP fragmen o kern/149643 net [rum] device not sending proper beacon frames in ap mo o kern/149609 net [panic] reboot after adding second default route o kern/149117 net [inet] [patch] in_pcbbind: redundant test o kern/149086 net [multicast] Generic multicast join failure in 8.1 o kern/148018 net [flowtable] flowtable crashes on ia64 o kern/147912 net [boot] FreeBSD 8 Beta won't boot on Thinkpad i1300 11 o kern/147894 net [ipsec] IPv6-in-IPv4 does not work inside an ESP-only o kern/147155 net [ip6] setfb not work with ipv6 o kern/146845 net [libc] close(2) returns error 54 (connection reset by f kern/146792 net [flowtable] flowcleaner 100% cpu's core load o kern/146719 net [pf] [panic] PF or dumynet kernel panic o kern/146534 net [icmp6] wrong source address in echo reply o kern/146427 net [mwl] Additional virtual access points don't work on m o kern/146426 net [mwl] 802.11n rates not possible on mwl o kern/146425 net [mwl] mwl dropping all packets during and after high u f kern/146394 net [vlan] IP source address for outgoing connections o bin/146377 net [ppp] [tun] Interface doesn't clear addresses when PPP o kern/146358 net [vlan] wrong destination MAC address o kern/146165 net [wlan] [panic] Setting bssid in adhoc mode causes pani o kern/146082 net [ng_l2tp] a false invaliant check was performed in ng_ o kern/146037 net [panic] mpd + CoA = kernel panic o kern/145825 net [panic] panic: soabort: so_count o kern/145728 net [lagg] Stops working lagg between two servers. p kern/145600 net TCP/ECN behaves different to CE/CWR than ns2 reference f kern/144917 net [flowtable] [panic] flowtable crashes system [regressi o kern/144882 net MacBookPro =>4.1 does not connect to BSD in hostap wit o kern/144874 net [if_bridge] [patch] if_bridge frees mbuf after pfil ho o conf/144700 net [rc.d] async dhclient breaks stuff for too many people o kern/144616 net [nat] [panic] ip_nat panic FreeBSD 7.2 f kern/144315 net [ipfw] [panic] freebsd 8-stable reboot after add ipfw o kern/144231 net bind/connect/sendto too strict about sockaddr length o kern/143846 net [gif] bringing gif3 tunnel down causes gif0 tunnel to s kern/143673 net [stf] [request] there should be a way to support multi s kern/143666 net [ip6] [request] PMTU black hole detection not implemen o kern/143622 net [pfil] [patch] unlock pfil lock while calling firewall o kern/143593 net [ipsec] When using IPSec, tcpdump doesn't show outgoin o kern/143591 net [ral] RT2561C-based DLink card (DWL-510) fails to work o kern/143208 net [ipsec] [gif] IPSec over gif interface not working o kern/143034 net [panic] system reboots itself in tcp code [regression] o kern/142877 net [hang] network-related repeatable 8.0-STABLE hard hang o kern/142774 net Problem with outgoing connections on interface with mu o kern/142772 net [libc] lla_lookup: new lle malloc failed o kern/142018 net [iwi] [patch] Possibly wrong interpretation of beacon- o kern/141861 net [wi] data garbled with WEP and wi(4) with Prism 2.5 f kern/141741 net Etherlink III NIC won't work after upgrade to FBSD 8, o kern/140742 net rum(4) Two asus-WL167G adapters cannot talk to each ot o kern/140682 net [netgraph] [panic] random panic in netgraph o kern/140634 net [vlan] destroying if_lagg interface with if_vlan membe o kern/140619 net [ifnet] [patch] refine obsolete if_var.h comments desc o kern/140346 net [wlan] High bandwidth use causes loss of wlan connecti o kern/140142 net [ip6] [panic] FreeBSD 7.2-amd64 panic w/IPv6 o kern/140066 net [bwi] install report for 8.0 RC 2 (multiple problems) o kern/139565 net [ipfilter] ipfilter ioctl SIOCDELST broken o kern/139387 net [ipsec] Wrong lenth of PF_KEY messages in promiscuous o bin/139346 net [patch] arp(8) add option to remove static entries lis o kern/139268 net [if_bridge] [patch] allow if_bridge to forward just VL p kern/139204 net [arp] DHCP server replies rejected, ARP entry lost bef o kern/139117 net [lagg] + wlan boot timing (EBUSY) o kern/139058 net [ipfilter] mbuf cluster leak on FreeBSD 7.2 o kern/138850 net [dummynet] dummynet doesn't work correctly on a bridge o kern/138782 net [panic] sbflush_internal: cc 0 || mb 0xffffff004127b00 o kern/138688 net [rum] possibly broken on 8 Beta 4 amd64: able to wpa a o kern/138678 net [lo] FreeBSD does not assign linklocal address to loop o kern/138620 net [lagg] [patch] lagg port bpf-writes blocked o kern/138407 net [gre] gre(4) interface does not come up after reboot o kern/138332 net [tun] [lor] ifconfig tun0 destroy causes LOR if_adata/ o kern/138266 net [panic] kernel panic when udp benchmark test used as r o kern/138177 net [ipfilter] FreeBSD crashing repeatedly in ip_nat.c:257 f kern/138029 net [bpf] [panic] periodically kernel panic and reboot o kern/137881 net [netgraph] [panic] ng_pppoe fatal trap 12 p bin/137841 net [patch] wpa_supplicant(8) cannot verify SHA256 signed p kern/137776 net [rum] panic in rum(4) driver on 8.0-BETA2 o bin/137641 net ifconfig(8): various problems with "vlan_device.vlan_i o kern/137392 net [ip] [panic] crash in ip_nat.c line 2577 o kern/137372 net [ral] FreeBSD doesn't support wireless interface from o kern/137089 net [lagg] lagg falsely triggers IPv6 duplicate address de o bin/136994 net [patch] ifconfig(8) print carp mac address o kern/136911 net [netgraph] [panic] system panic on kldload ng_bpf.ko t o kern/136618 net [pf][stf] panic on cloning interface without unit numb o kern/135502 net [periodic] Warning message raised by rtfree function i o kern/134583 net [hang] Machine with jail freezes after random amount o o kern/134531 net [route] [panic] kernel crash related to routes/zebra o kern/134157 net [dummynet] dummynet loads cpu for 100% and make a syst o kern/133969 net [dummynet] [panic] Fatal trap 12: page fault while in o kern/133968 net [dummynet] [panic] dummynet kernel panic o kern/133736 net [udp] ip_id not protected ... o kern/133595 net [panic] Kernel Panic at pcpu.h:195 o kern/133572 net [ppp] [hang] incoming PPTP connection hangs the system o kern/133490 net [bpf] [panic] 'kmem_map too small' panic on Dell r900 o kern/133235 net [netinet] [patch] Process SIOCDLIFADDR command incorre f kern/133213 net arp and sshd errors on 7.1-PRERELEASE o kern/133060 net [ipsec] [pfsync] [panic] Kernel panic with ipsec + pfs o kern/132889 net [ndis] [panic] NDIS kernel crash on load BCM4321 AGN d o conf/132851 net [patch] rc.conf(5): allow to setfib(1) for service run o kern/132734 net [ifmib] [panic] panic in net/if_mib.c o kern/132705 net [libwrap] [patch] libwrap - infinite loop if hosts.all o kern/132672 net [ndis] [panic] ndis with rt2860.sys causes kernel pani o kern/132554 net [ipl] There is no ippool start script/ipfilter magic t o kern/132354 net [nat] Getting some packages to ipnat(8) causes crash o kern/132277 net [crypto] [ipsec] poor performance using cryptodevice f o kern/131781 net [ndis] ndis keeps dropping the link o kern/131776 net [wi] driver fails to init o kern/131753 net [altq] [panic] kernel panic in hfsc_dequeue o kern/131601 net [ipfilter] [panic] 7-STABLE panic in nat_finalise (tcp o bin/131567 net [socket] [patch] Update for regression/sockets/unix_cm o bin/131365 net route(8): route add changes interpretation of network f kern/130820 net [ndis] wpa_supplicant(8) returns 'no space on device' o kern/130628 net [nfs] NFS / rpc.lockd deadlock on 7.1-R o conf/130555 net [rc.d] [patch] No good way to set ipfilter variables a o kern/130525 net [ndis] [panic] 64 bit ar5008 ndisgen-erated driver cau o kern/130311 net [wlan_xauth] [panic] hostapd restart causing kernel pa o kern/130109 net [ipfw] Can not set fib for packets originated from loc f kern/130059 net [panic] Leaking 50k mbufs/hour f kern/129719 net [nfs] [panic] Panic during shutdown, tcp_ctloutput: in o kern/129517 net [ipsec] [panic] double fault / stack overflow f kern/129508 net [carp] [panic] Kernel panic with EtherIP (may be relat o kern/129219 net [ppp] Kernel panic when using kernel mode ppp o kern/129197 net [panic] 7.0 IP stack related panic o bin/128954 net ifconfig(8) deletes valid routes o bin/128602 net [an] wpa_supplicant(8) crashes with an(4) o kern/128448 net [nfs] 6.4-RC1 Boot Fails if NFS Hostname cannot be res o bin/128295 net [patch] ifconfig(8) does not print TOE4 or TOE6 capabi o bin/128001 net wpa_supplicant(8), wlan(4), and wi(4) issues o kern/127826 net [iwi] iwi0 driver has reduced performance and connecti o kern/127815 net [gif] [patch] if_gif does not set vlan attributes from o kern/127724 net [rtalloc] rtfree: 0xc5a8f870 has 1 refs f bin/127719 net [arp] arp: Segmentation fault (core dumped) f kern/127528 net [icmp]: icmp socket receives icmp replies not owned by p kern/127360 net [socket] TOE socket options missing from sosetopt() o bin/127192 net routed(8) removes the secondary alias IP of interface f kern/127145 net [wi]: prism (wi) driver crash at bigger traffic o kern/126895 net [patch] [ral] Add antenna selection (marked as TBD) o kern/126874 net [vlan]: Zebra problem if ifconfig vlanX destroy o kern/126695 net rtfree messages and network disruption upon use of if_ o kern/126339 net [ipw] ipw driver drops the connection o kern/126075 net [inet] [patch] internet control accesses beyond end of o bin/125922 net [patch] Deadlock in arp(8) o kern/125920 net [arp] Kernel Routing Table loses Ethernet Link status o kern/125845 net [netinet] [patch] tcp_lro_rx() should make use of hard o kern/125258 net [socket] socket's SO_REUSEADDR option does not work o kern/125239 net [gre] kernel crash when using gre o kern/124341 net [ral] promiscuous mode for wireless device ral0 looses o kern/124225 net [ndis] [patch] ndis network driver sometimes loses net o kern/124160 net [libc] connect(2) function loops indefinitely o kern/124021 net [ip6] [panic] page fault in nd6_output() o kern/123968 net [rum] [panic] rum driver causes kernel panic with WPA. o kern/123892 net [tap] [patch] No buffer space available o kern/123890 net [ppp] [panic] crash & reboot on work with PPP low-spee o kern/123858 net [stf] [patch] stf not usable behind a NAT o kern/123796 net [ipf] FreeBSD 6.1+VPN+ipnat+ipf: port mapping does not o kern/123758 net [panic] panic while restarting net/freenet6 o bin/123633 net ifconfig(8) doesn't set inet and ether address in one o kern/123559 net [iwi] iwi periodically disassociates/associates [regre o bin/123465 net [ip6] route(8): route add -inet6 -interfac o kern/123463 net [ipsec] [panic] repeatable crash related to ipsec-tool o conf/123330 net [nsswitch.conf] Enabling samba wins in nsswitch.conf c o kern/123160 net [ip] Panic and reboot at sysctl kern.polling.enable=0 o kern/122989 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/122954 net [lagg] IPv6 EUI64 incorrectly chosen for lagg devices f kern/122780 net [lagg] tcpdump on lagg interface during high pps wedge o kern/122685 net It is not visible passing packets in tcpdump(1) o kern/122319 net [wi] imposible to enable ad-hoc demo mode with Orinoco o kern/122290 net [netgraph] [panic] Netgraph related "kmem_map too smal o kern/122033 net [ral] [lor] Lock order reversal in ral0 at bootup ieee o bin/121895 net [patch] rtsol(8)/rtsold(8) doesn't handle managed netw s kern/121774 net [swi] [panic] 6.3 kernel panic in swi1: net o kern/121555 net [panic] Fatal trap 12: current process = 12 (swi1: net o kern/121443 net [gif] [lor] icmp6_input/nd6_lookup o kern/121437 net [vlan] Routing to layer-2 address does not work on VLA o bin/121359 net [patch] [security] ppp(8): fix local stack overflow in o kern/121257 net [tcp] TSO + natd -> slow outgoing tcp traffic o kern/121181 net [panic] Fatal trap 3: breakpoint instruction fault whi o kern/120966 net [rum] kernel panic with if_rum and WPA encryption o kern/120566 net [request]: ifconfig(8) make order of arguments more fr o kern/120304 net [netgraph] [patch] netgraph source assumes 32-bit time o kern/120266 net [udp] [panic] gnugk causes kernel panic when closing U o bin/120060 net routed(8) deletes link-level routes in the presence of o kern/119945 net [rum] [panic] rum device in hostap mode, cause kernel o kern/119791 net [nfs] UDP NFS mount of aliased IP addresses from a Sol o kern/119617 net [nfs] nfs error on wpa network when reseting/shutdown f kern/119516 net [ip6] [panic] _mtx_lock_sleep: recursed on non-recursi o kern/119432 net [arp] route add -host -iface causes arp e o kern/119225 net [wi] 7.0-RC1 no carrier with Prism 2.5 wifi card [regr o kern/118727 net [netgraph] [patch] [request] add new ng_pf module o kern/117423 net [vlan] Duplicate IP on different interfaces o bin/117339 net [patch] route(8): loading routing management commands o kern/117271 net [tap] OpenVPN TAP uses 99% CPU on releng_6 when if_tap o bin/116643 net [patch] [request] fstat(1): add INET/INET6 socket deta o kern/116185 net [iwi] if_iwi driver leads system to reboot o kern/115239 net [ipnat] panic with 'kmem_map too small' using ipnat o kern/115019 net [netgraph] ng_ether upper hook packet flow stops on ad o kern/115002 net [wi] if_wi timeout. failed allocation (busy bit). ifco o kern/114915 net [patch] [pcn] pcn (sys/pci/if_pcn.c) ethernet driver f o kern/113432 net [ucom] WARNING: attempt to net_add_domain(netgraph) af o kern/112722 net [ipsec] [udp] IP v4 udp fragmented packet reject o kern/112686 net [patm] patm driver freezes System (FreeBSD 6.2-p4) i38 o bin/112557 net [patch] ppp(8) lock file should not use symlink name o kern/112528 net [nfs] NFS over TCP under load hangs with "impossible p o kern/111537 net [inet6] [patch] ip6_input() treats mbuf cluster wrong o kern/111457 net [ral] ral(4) freeze o kern/110284 net [if_ethersubr] Invalid Assumption in SIOCSIFADDR in et o kern/110249 net [kernel] [regression] [patch] setsockopt() error regre o kern/109470 net [wi] Orinoco Classic Gold PC Card Can't Channel Hop o bin/108895 net pppd(8): PPPoE dead connections on 6.2 [regression] o kern/107944 net [wi] [patch] Forget to unlock mutex-locks o conf/107035 net [patch] bridge(8): bridge interface given in rc.conf n o kern/106444 net [netgraph] [panic] Kernel Panic on Binding to an ip to o kern/106438 net [ipf] ipfilter: keep state does not seem to allow repl o kern/106316 net [dummynet] dummynet with multipass ipfw drops packets o kern/105945 net Address can disappear from network interface s kern/105943 net Network stack may modify read-only mbuf chain copies o bin/105925 net problems with ifconfig(8) and vlan(4) [regression] o kern/104851 net [inet6] [patch] On link routes not configured when usi o kern/104751 net [netgraph] kernel panic, when getting info about my tr o kern/103191 net Unpredictable reboot o kern/103135 net [ipsec] ipsec with ipfw divert (not NAT) encodes a pac o kern/102540 net [netgraph] [patch] supporting vlan(4) by ng_fec(4) o conf/102502 net [netgraph] [patch] ifconfig name does't rename netgrap o kern/102035 net [plip] plip networking disables parallel port printing o kern/101948 net [ipf] [panic] Kernel Panic Trap No 12 Page Fault - cau o kern/100709 net [libc] getaddrinfo(3) should return TTL info o kern/100519 net [netisr] suggestion to fix suboptimal network polling o kern/98978 net [ipf] [patch] ipfilter drops OOW packets under 6.1-Rel o kern/98597 net [inet6] Bug in FreeBSD 6.1 IPv6 link-local DAD procedu o bin/98218 net wpa_supplicant(8) blacklist not working o kern/97306 net [netgraph] NG_L2TP locks after connection with failed o conf/97014 net [gif] gifconfig_gif? in rc.conf does not recognize IPv f kern/96268 net [socket] TCP socket performance drops by 3000% if pack o kern/95519 net [ral] ral0 could not map mbuf o kern/95288 net [pppd] [tty] [panic] if_ppp panic in sys/kern/tty_subr o kern/95277 net [netinet] [patch] IP Encapsulation mask_match() return o kern/95267 net packet drops periodically appear f kern/93378 net [tcp] Slow data transfer in Postfix and Cyrus IMAP (wo o kern/93019 net [ppp] ppp and tunX problems: no traffic after restarti o kern/92880 net [libc] [patch] almost rewritten inet_network(3) functi s kern/92279 net [dc] Core faults everytime I reboot, possible NIC issu o kern/91859 net [ndis] if_ndis does not work with Asus WL-138 s kern/91777 net [ipf] [patch] wrong behaviour with skip rule inside an o kern/91364 net [ral] [wep] WF-511 RT2500 Card PCI and WEP o kern/91311 net [aue] aue interface hanging s kern/90086 net [hang] 5.4p8 on supermicro P8SCT hangs during boot if o kern/87521 net [ipf] [panic] using ipfilter "auth" keyword leads to k o kern/87421 net [netgraph] [panic]: ng_ether + ng_eiface + if_bridge s kern/86920 net [ndis] ifconfig: SIOCS80211: Invalid argument [regress o kern/86871 net [tcp] [patch] allocation logic for PCBs in TIME_WAIT s o kern/86427 net [lor] Deadlock with FASTIPSEC and nat o kern/86103 net [ipf] Illegal NAT Traversal in IPFilter o kern/85780 net 'panic: bogus refcnt 0' in routing/ipv6 o bin/85445 net ifconfig(8): deprecated keyword to ifconfig inoperativ p kern/85320 net [gre] [patch] possible depletion of kernel stack in ip o bin/82975 net route change does not parse classfull network as given o kern/82881 net [netgraph] [panic] ng_fec(4) causes kernel panic after o kern/82468 net Using 64MB tcp send/recv buffers, trafficflow stops, i o bin/82185 net [patch] ndp(8) can delete the incorrect entry o kern/81095 net IPsec connection stops working if associated network i o kern/78968 net FreeBSD freezes on mbufs exhaustion (network interface o kern/78090 net [ipf] ipf filtering on bridged packets doesn't work if o kern/77341 net [ip6] problems with IPV6 implementation o kern/77273 net [ipf] ipfilter breaks ipv6 statefull filtering on 5.3 s kern/77195 net [ipf] [patch] ipfilter ioctl SIOCGNATL does not match o kern/75873 net Usability problem with non-RFC-compliant IP spoof prot s kern/75407 net [an] an(4): no carrier after short time a kern/71474 net [route] route lookup does not skip interfaces marked d o kern/71469 net default route to internet magically disappears with mu o kern/70904 net [ipf] ipfilter ipnat problem with h323 proxy support o kern/68889 net [panic] m_copym, length > size of mbuf chain o kern/66225 net [netgraph] [patch] extend ng_eiface(4) control message o kern/65616 net IPSEC can't detunnel GRE packets after real ESP encryp s kern/60293 net [patch] FreeBSD arp poison patch a kern/56233 net IPsec tunnel (ESP) over IPv6: MTU computation is wrong s bin/41647 net ifconfig(8) doesn't accept lladdr along with inet addr s kern/39937 net ipstealth issue a kern/38554 net [patch] changing interface ipaddress doesn't seem to w o kern/34665 net [ipf] [hang] ipfilter rcmd proxy "hangs". o kern/31940 net ip queue length too short for >500kpps o kern/31647 net [libc] socket calls can return undocumented EINVAL o kern/30186 net [libc] getaddrinfo(3) does not handle incorrect servna o kern/27474 net [ipf] [ppp] Interactive use of user PPP and ipfilter c f kern/24959 net [patch] proper TCP_NOPUSH/TCP_CORK compatibility o conf/23063 net [arp] [patch] for static ARP tables in rc.network o kern/21998 net [socket] [patch] ident only for outgoing connections o kern/5877 net [socket] sb_cc counts control data as well as data dat 387 problems total. From owner-freebsd-net@FreeBSD.ORG Mon Feb 6 11:50:09 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF264106566B for ; Mon, 6 Feb 2012 11:50:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AE47A8FC08 for ; Mon, 6 Feb 2012 11:50:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q16Bo9tP051684 for ; Mon, 6 Feb 2012 11:50:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q16Bo9Op051683; Mon, 6 Feb 2012 11:50:09 GMT (envelope-from gnats) Date: Mon, 6 Feb 2012 11:50:09 GMT Message-Id: <201202061150.q16Bo9Op051683@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Gleb Smirnoff Cc: Subject: Re: kern/164696: VIMAGE + carp panics the kernel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gleb Smirnoff List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2012 11:50:09 -0000 The following reply was made to PR kern/164696; it has been noted by GNATS. From: Gleb Smirnoff To: Nikos Vassiliadis Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/164696: VIMAGE + carp panics the kernel Date: Mon, 6 Feb 2012 15:47:41 +0400 --TakKZr9L6Hm6aLOc Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Hi, Nikos! On Wed, Feb 01, 2012 at 10:40:35PM +0000, Nikos Vassiliadis wrote: N> >Description: N> Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel. Can you please test another patch, that is attached? -- Totus tuus, Glebius. --TakKZr9L6Hm6aLOc Content-Type: text/x-diff; charset=koi8-r Content-Disposition: attachment; filename="164696.diff" Index: ip_carp.c =================================================================== --- ip_carp.c (revision 231067) +++ ip_carp.c (working copy) @@ -707,19 +707,24 @@ LIST_FOREACH(sc, &carp_list, sc_next) if (sc->sc_state == MASTER) { CARP_LOCK(sc); + CURVNET_SET(sc->sc_carpdev->if_vnet); carp_send_ad_locked(sc); + CURVNET_RESTORE(); CARP_UNLOCK(sc); } mtx_unlock(&carp_mtx); } +/* Send a periodic advertisement, executed in callout context. */ static void carp_send_ad(void *v) { struct carp_softc *sc = v; CARP_LOCK_ASSERT(sc); + CURVNET_SET(sc->sc_carpdev->if_vnet); carp_send_ad_locked(sc); + CURVNET_RESTORE(); CARP_UNLOCK(sc); } @@ -1090,6 +1095,7 @@ return (0); } +/* Master down timeout event, executed in callout context. */ static void carp_master_down(void *v) { @@ -1097,12 +1103,14 @@ CARP_LOCK_ASSERT(sc); + CURVNET_SET(sc->sc_carpdev->if_vnet); if (sc->sc_state == BACKUP) { CARP_LOG("VHID %u@%s: BACKUP -> MASTER (master down)\n", sc->sc_vhid, sc->sc_carpdev->if_xname); carp_master_down_locked(sc); } + CURVNET_RESTORE(); CARP_UNLOCK(sc); } --TakKZr9L6Hm6aLOc-- From owner-freebsd-net@FreeBSD.ORG Tue Feb 7 08:50:11 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D52D6106564A for ; Tue, 7 Feb 2012 08:50:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A2CFF8FC15 for ; Tue, 7 Feb 2012 08:50:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q178oBDB051459 for ; Tue, 7 Feb 2012 08:50:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q178oBpN051457; Tue, 7 Feb 2012 08:50:11 GMT (envelope-from gnats) Date: Tue, 7 Feb 2012 08:50:11 GMT Message-Id: <201202070850.q178oBpN051457@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Nikos Vassiliadis Cc: Subject: Re: kern/164696: VIMAGE + carp panics the kernel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Nikos Vassiliadis List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 08:50:11 -0000 The following reply was made to PR kern/164696; it has been noted by GNATS. From: Nikos Vassiliadis To: Gleb Smirnoff Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/164696: VIMAGE + carp panics the kernel Date: Tue, 07 Feb 2012 10:46:57 +0200 On 2/6/2012 1:47 PM, Gleb Smirnoff wrote: > Hi, Nikos! > > On Wed, Feb 01, 2012 at 10:40:35PM +0000, Nikos Vassiliadis wrote: > N> >Description: > N> Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel. > > Can you please test another patch, that is attached? > Yes, it works. Please, commit it. Thanks! From owner-freebsd-net@FreeBSD.ORG Tue Feb 7 14:41:00 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8E79106566C for ; Tue, 7 Feb 2012 14:41:00 +0000 (UTC) (envelope-from tmulkar@sandvine.com) Received: from mail1.sandvine.com (Mail1.sandvine.com [64.7.137.134]) by mx1.freebsd.org (Postfix) with ESMTP id 8EF148FC19 for ; Tue, 7 Feb 2012 14:41:00 +0000 (UTC) Received: from blr-exch-1.sandvine.com (10.30.4.60) by WTL-EXCH-1.sandvine.com (192.168.196.31) with Microsoft SMTP Server (TLS) id 14.1.339.1; Tue, 7 Feb 2012 09:30:11 -0500 Received: from BLR-EXCH-1.sandvine.com ([fe80::b896:bd62:3a8d:e51d]) by blr-exch-1.sandvine.com ([fe80::b896:bd62:3a8d:e51d%16]) with mapi id 14.01.0289.001; Tue, 7 Feb 2012 20:00:09 +0530 From: Tushar Mulkar To: "freebsd-net@freebsd.org" Thread-Topic: [PATCH] if_lagg driver enhancements. Thread-Index: AczlpP1OgZtGvpS8Rw6M7AAnxRmPvA== Date: Tue, 7 Feb 2012 14:30:08 +0000 Message-ID: <26E6BFB8942F2949A1501D4878FAEA152CD50451@blr-exch-1.sandvine.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.30.10.51] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [PATCH] if_lagg driver enhancements. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 14:41:01 -0000 Hello, A patch is developed that has following enhancements in lagg driver - Sending a gratuitous ARP when link state changes on primary port of=20 lag (kern/156226) - Support of new ioctl command to change primary port of the lag These enhancements are quite handy and useful. Please check if it can=20 be added to FreeBSD ------------------------------------------------------------------ --- /vobs/fw-bsd/src/sys/net/if_lagg.c 2012-01-24 05:28:25.000000000 -0= 500 +++ /vobs/fw-bsd/src/sys/net/if_lagg.c 2012-02-03 09:11:50.000000000 -0= 500 @@ -54,13 +54,19 @@ #ifdef INET #include +#include #include #include #include #endif #ifdef INET6 +#include #include +#include +#include +#include +#include #endif #include @@ -746,6 +752,7 @@ switch (dst->sa_family) { case pseudo_AF_HDRCMPLT: + return ((*lp->lp_output)(ifp, m, dst, ro)); case AF_UNSPEC: eh =3D (struct ether_header *)dst->sa_data; type =3D eh->ether_type; @@ -1053,7 +1060,38 @@ error =3D EINVAL; break; - default: + case SIOCSPLAGGPORT: + + if (rp->rp_portname[0] =3D=3D '\0' || + (tpif =3D ifunit(rp->rp_portname)) =3D=3D NULL) { + error =3D EINVAL; + break; + } + + LAGG_WLOCK(sc); + if ((lp =3D (struct lagg_port *)tpif->if_lagg) =3D=3D NULL= || + lp->lp_softc !=3D sc) { + error =3D ENOENT; + LAGG_WUNLOCK(sc); + break; + } + /* This port is already primary port no need to do any thi= ng */=20 + if(SLIST_FIRST(&sc->sc_ports)=3D=3D lp){ + LAGG_WUNLOCK(sc); + return (error); + } + else{ + SLIST_REMOVE(&sc->sc_ports, lp, lagg_port, lp_entries); + SLIST_INSERT_HEAD(&sc->sc_ports, lp, lp_entries); + sc->sc_primary =3D lp;=20 + lagg_lladdr(sc, lp->lp_lladdr); + sc->sc_ifp->if_mtu =3D tpif->if_mtu; + SLIST_FOREACH(lp, &sc->sc_ports, lp_entries) + lagg_port_lladdr(lp, IF_LLADDR(ifp)); + LAGG_WUNLOCK(sc); + }=20 + break; =20 + default: error =3D ether_ioctl(ifp, cmd, data); break; } @@ -1309,17 +1347,47 @@ { struct lagg_port *lp =3D (struct lagg_port *)ifp->if_lagg; struct lagg_softc *sc =3D NULL; + struct ifaddr *ifa ;=20 + struct in6_ifaddr *ia =3D NULL;=20 + struct in6_addr *in6 =3D NULL;=20 + struct ifaddrhead ifaddrh; + struct in_ifaddr *laddr =3D NULL;=20 =20 if (lp !=3D NULL) sc =3D lp->lp_softc; if (sc =3D=3D NULL) return; - + =20 LAGG_WLOCK(sc); lagg_linkstate(sc); + =20 if (sc->sc_linkstate !=3D NULL) (*sc->sc_linkstate)(lp); + =20 LAGG_WUNLOCK(sc); + =20 + /* If status changed on primary port send gratuitous ARP */ + + if(sc->sc_primary =3D=3D lp){ + IFP_TO_IA(sc->sc_ifp, laddr); + if (laddr =3D=3D NULL) + return; + ifaddrh =3D sc->sc_ifp->if_addrhead; + TAILQ_FOREACH(ifa, &ifaddrh, ifa_link) { +#ifdef INET + if(ifa->ifa_addr->sa_family =3D=3D AF_INET) + arp_ifinit(sc->sc_ifp,(struct ifaddr *) laddr); +#endif + +#ifdef INET6 + if (ifa->ifa_addr->sa_family =3D=3D AF_INET6){ + ia =3D in6ifa_ifpforlinklocal(sc->sc_ifp, 0); + in6 =3D &ifatoia6(ifa)->ia_addr.sin6_addr; + nd6_ns_output(sc->sc_ifp, NULL,in6, 0, 1); + } =20 +#endif + } + } } struct lagg_port * --- /vobs/fw-bsd/src/sys/net/if_lagg.h 2012-02-03 03:45:32.000000000 -0= 500 +++ /vobs/fw-bsd/src/sys/net/if_lagg.h 2012-02-03 03:53:18.000000000 -0= 500 @@ -119,6 +119,7 @@ #define SIOCGLAGG _IOWR('i', 143, struct lagg_reqall) #define SIOCSLAGG _IOW('i', 144, struct lagg_reqall) +#define SIOCSPLAGGPORT _IOWR('i', 145, struct lagg_reqport) #ifdef _KERNEL /* --- /vobs/fw-bsd/src/sbin/ifconfig/iflagg.c 2012-02-03 00:48:38.0000000= 00 -0500 +++ /vobs/fw-bsd/src/sbin/ifconfig/iflagg.c 2012-02-03 01:41:34.0000000= 00 -0500 @@ -43,6 +43,18 @@ if (ioctl(s, SIOCSLAGGPORT, &rp)) err(1, "SIOCSLAGGPORT"); } +static void=20 +setlaggpport(const char *val, int d, int s, const struct afswtch *afp) +{ + struct lagg_reqport rp; + + bzero(&rp, sizeof(rp)); + strlcpy(rp.rp_ifname, name, sizeof(rp.rp_ifname)); + strlcpy(rp.rp_portname, val, sizeof(rp.rp_portname)); + + if (ioctl(s, SIOCSLAGGPPORT, &rp)) + err(1, "SIOCSLAGPPORT"); +} static void unsetlaggport(const char *val, int d, int s, const struct afswtch *afp) @@ -174,6 +186,7 @@ DEF_CMD_ARG("laggport", setlaggport), DEF_CMD_ARG("-laggport", unsetlaggport), DEF_CMD_ARG("laggproto", setlaggproto), + DEF_CMD_ARG("laggpport", setlaggpport), }; static struct afswtch af_lagg =3D { .af_name =3D "af_lagg", ---------------------------------------------------------------------------= ----------------------------- Tushar Mulkar Senior Software Engineer , Sandvine India Mobile: +91-9845146601 Skype: tushar.mulkar www.sandvine.com From owner-freebsd-net@FreeBSD.ORG Tue Feb 7 20:30:18 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FFFF106568B for ; Tue, 7 Feb 2012 20:30:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 31DDA8FC13 for ; Tue, 7 Feb 2012 20:30:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q17KUIXU002955 for ; Tue, 7 Feb 2012 20:30:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q17KUIZk002951; Tue, 7 Feb 2012 20:30:18 GMT (envelope-from gnats) Date: Tue, 7 Feb 2012 20:30:18 GMT Message-Id: <201202072030.q17KUIZk002951@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: "Steven Hartland" Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Steven Hartland List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 20:30:18 -0000 The following reply was made to PR kern/161899; it has been noted by GNATS. From: "Steven Hartland" To: Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd Date: Tue, 7 Feb 2012 09:24:47 -0000 Any update on this, would have been nice to see a fix hit before 9.0. If you need any more information please let me know. From owner-freebsd-net@FreeBSD.ORG Tue Feb 7 23:27:12 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C20E106567A for ; Tue, 7 Feb 2012 23:27:12 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id CCC838FC16 for ; Tue, 7 Feb 2012 23:27:11 +0000 (UTC) Received: by werm13 with SMTP id m13so8610779wer.13 for ; Tue, 07 Feb 2012 15:27:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=ScnBwPefZs5kj5GrExJWONjAFoHhERww9iz6A66z1fw=; b=jYyiFPPputNwblH2lXRWpq2Hzfpwx0+6tQiB55pEOCLIU4SHd+JHNHlae1nuY6LG7O igUQmkASVVkQwVy2N/OYycSB4kmCa5T4kikLiHNLn3l9ki1vecBuIQDi0nIWjtwGmgb2 NeUdt3VTKbxxqhL6pLyNzGQ6dphF+cntGW/6k= MIME-Version: 1.0 Received: by 10.181.11.227 with SMTP id el3mr37089297wid.18.1328657230766; Tue, 07 Feb 2012 15:27:10 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.216.175.136 with HTTP; Tue, 7 Feb 2012 15:27:10 -0800 (PST) Date: Tue, 7 Feb 2012 15:27:10 -0800 X-Google-Sender-Auth: ypk7U1RfRyZN9yX5PbuRQ3xfPQY Message-ID: From: Adrian Chadd To: FreeBSD Net , "rozhuk.im" Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: call for review: 802.11q QinQ netgraph support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 23:27:12 -0000 Hi, I've been working with the patch author on this and although I haven't yet had time to test it out myself, he's taken my suggestions on board and continued improving things. The patch can be found in the PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=161908 In summary, he's added the ability to support q-in-q tags, as well as maintaining backwards compatibility for existing users. I'd like to commit this at the end of the week. He's indicated that he will take care of any issues it may break. I'll back it out if it breaks things and isn't fixed. Ivan - thank you for being so patient! I would appreciate further review from network/netgraph related people. I'm going to borrow a term from gnn and say "Silence implies consent." :-) Adrian From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 01:01:53 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11CA41065690; Wed, 8 Feb 2012 01:01:53 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id D805A8FC15; Wed, 8 Feb 2012 01:01:52 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q1811o0o050463 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 7 Feb 2012 17:01:51 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F31C9D0.6030904@freebsd.org> Date: Tue, 07 Feb 2012 17:03:12 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.26) Gecko/20120129 Thunderbird/3.1.18 MIME-Version: 1.0 To: Adrian Chadd References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net Subject: Re: call for review: 802.11q QinQ netgraph support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 01:01:53 -0000 On 2/7/12 3:27 PM, Adrian Chadd wrote: > Hi, > > I've been working with the patch author on this and although I haven't > yet had time to test it out myself, he's taken my suggestions on board > and continued improving things. > > The patch can be found in the PR: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=161908 > > In summary, he's added the ability to support q-in-q tags, as well as > maintaining backwards compatibility for existing users. > > I'd like to commit this at the end of the week. > > He's indicated that he will take care of any issues it may break. I'll > back it out if it breaks things and isn't fixed. > > Ivan - thank you for being so patient! > > I would appreciate further review from network/netgraph related > people. I'm going to borrow a term from gnn and say "Silence implies > consent." :-) > looks good though s/2011/2012/ > Adrian > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 09:13:29 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BCD79106564A; Wed, 8 Feb 2012 09:13:29 +0000 (UTC) (envelope-from egrosbein@rdtc.ru) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5]) by mx1.freebsd.org (Postfix) with ESMTP id 241C88FC0A; Wed, 8 Feb 2012 09:13:28 +0000 (UTC) Received: from eg.sd.rdtc.ru (localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q189DRit099782; Wed, 8 Feb 2012 16:13:27 +0700 (NOVT) (envelope-from egrosbein@rdtc.ru) Message-ID: <4F323CB7.3000609@rdtc.ru> Date: Wed, 08 Feb 2012 16:13:27 +0700 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7 MIME-Version: 1.0 To: Steven Hartland References: <201202072030.q17KUIZk002951@freefall.freebsd.org> In-Reply-To: <201202072030.q17KUIZk002951@freefall.freebsd.org> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org, bug-followup@freebsd.org Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 09:13:29 -0000 08.02.2012 03:30, Steven Hartland РЙЫЕФ: > The following reply was made to PR kern/161899; it has been noted by GNATS. > > From: "Steven Hartland" > To: > Cc: > Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd > Date: Tue, 7 Feb 2012 09:24:47 -0000 > > Any update on this, would have been nice to see a fix hit before > 9.0. If you need any more information please let me know. This is known problem. You should remove "options FLOWTABLE" from your kernel configuration, as it was removed from GENERIC for such misbehaviours. That had fixed same problem for me. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 09:20:06 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72F2C1065670 for ; Wed, 8 Feb 2012 09:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5892C8FC0C for ; Wed, 8 Feb 2012 09:20:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q189K5O6058681 for ; Wed, 8 Feb 2012 09:20:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q189K5Bq058680; Wed, 8 Feb 2012 09:20:05 GMT (envelope-from gnats) Date: Wed, 8 Feb 2012 09:20:05 GMT Message-Id: <201202080920.q189K5Bq058680@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Eugene Grosbein Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eugene Grosbein List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 09:20:06 -0000 The following reply was made to PR kern/161899; it has been noted by GNATS. From: Eugene Grosbein To: Steven Hartland Cc: freebsd-net@freebsd.org, bug-followup@freebsd.org Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd Date: Wed, 08 Feb 2012 16:13:27 +0700 08.02.2012 03:30, Steven Hartland РЙЫЕФ: > The following reply was made to PR kern/161899; it has been noted by GNATS. > > From: "Steven Hartland" > To: > Cc: > Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd > Date: Tue, 7 Feb 2012 09:24:47 -0000 > > Any update on this, would have been nice to see a fix hit before > 9.0. If you need any more information please let me know. This is known problem. You should remove "options FLOWTABLE" from your kernel configuration, as it was removed from GENERIC for such misbehaviours. That had fixed same problem for me. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 10:03:37 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFC881065673; Wed, 8 Feb 2012 10:03:37 +0000 (UTC) (envelope-from prvs=1385245108=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id 12AED8FC16; Wed, 8 Feb 2012 10:03:36 +0000 (UTC) X-Spam-Processed: mail1.multiplay.co.uk, Wed, 08 Feb 2012 09:52:05 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-5.0 required=6.0 tests=USER_IN_WHITELIST shortcircuit=ham autolearn=disabled version=3.2.5 Received: from r2d2 ([188.220.16.49]) by mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) (MDaemon PRO v10.0.4) with ESMTP id md50017940128.msg; Wed, 08 Feb 2012 09:52:04 +0000 X-MDRemoteIP: 188.220.16.49 X-Return-Path: prvs=1385245108=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk Message-ID: <81B748092F3A413D84F6262C4B9AB146@multiplay.co.uk> From: "Steven Hartland" To: "Eugene Grosbein" References: <201202072030.q17KUIZk002951@freefall.freebsd.org> <4F323CB7.3000609@rdtc.ru> Date: Wed, 8 Feb 2012 09:53:03 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="KOI8-R"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Cc: freebsd-net@freebsd.org, bug-followup@freebsd.org Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 10:03:37 -0000 ----- Original Message ----- From: "Eugene Grosbein" > This is known problem. You should remove "options FLOWTABLE" > from your kernel configuration, as it was removed from GENERIC > for such misbehaviours. That had fixed same problem for me. We already have this removed due to the issues it causes with IP changes, unfortunately it has no impact on this behaviour here. Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 10:10:10 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30CE21065676 for ; Wed, 8 Feb 2012 10:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1B2C18FC08 for ; Wed, 8 Feb 2012 10:10:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q18AA90d004386 for ; Wed, 8 Feb 2012 10:10:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q18AA9Tt004385; Wed, 8 Feb 2012 10:10:09 GMT (envelope-from gnats) Date: Wed, 8 Feb 2012 10:10:09 GMT Message-Id: <201202081010.q18AA9Tt004385@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: "Steven Hartland" Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Steven Hartland List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 10:10:10 -0000 The following reply was made to PR kern/161899; it has been noted by GNATS. From: "Steven Hartland" To: "Eugene Grosbein" Cc: , Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd Date: Wed, 8 Feb 2012 09:53:03 -0000 ----- Original Message ----- From: "Eugene Grosbein" > This is known problem. You should remove "options FLOWTABLE" > from your kernel configuration, as it was removed from GENERIC > for such misbehaviours. That had fixed same problem for me. We already have this removed due to the issues it causes with IP changes, unfortunately it has no impact on this behaviour here. Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 10:42:15 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6AB71065675; Wed, 8 Feb 2012 10:42:15 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 28A978FC0C; Wed, 8 Feb 2012 10:42:14 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18AgDMx021393; Wed, 8 Feb 2012 14:42:13 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18AgDwc021392; Wed, 8 Feb 2012 14:42:13 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 14:42:13 +0400 From: Gleb Smirnoff To: Adrian Chadd , "rozhuk.im" Message-ID: <20120208104213.GD13554@FreeBSD.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: FreeBSD Net Subject: Re: call for review: 802.11q QinQ netgraph support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 10:42:15 -0000 On Tue, Feb 07, 2012 at 03:27:10PM -0800, Adrian Chadd wrote: A> I've been working with the patch author on this and although I haven't A> yet had time to test it out myself, he's taken my suggestions on board A> and continued improving things. A> A> The patch can be found in the PR: A> A> http://www.freebsd.org/cgi/query-pr.cgi?pr=161908 A> A> In summary, he's added the ability to support q-in-q tags, as well as A> maintaining backwards compatibility for existing users. A> A> I'd like to commit this at the end of the week. A> A> He's indicated that he will take care of any issues it may break. I'll A> back it out if it breaks things and isn't fixed. A> A> Ivan - thank you for being so patient! A> A> I would appreciate further review from network/netgraph related A> people. I'm going to borrow a term from gnn and say "Silence implies A> consent." :-) I have only minor comments: 1.1) According to style(9) new code should use uintXX_t instead of u_intXX_t. 1.2) Some lines are really loooong, they need to be broken into shorter ones accoording to style(9). 1.3) Operators at beginning of a line - also style(9) violation. 2) NETGRAPH_DEBUG wasn't designed for the things the patch is doing. But the KASSERT was. So it'll be better to change the code under NETGRAPH_DEBUG to KASSERTs. For example in the chunk '@@ -262,35 +322,143 @@': KASSERT(priv->vlan_hook[EVL_VLANOFTAG(hook_data)] == hook, ("%s: NGM_VLAN_DEL_FILTER: Invalid VID for Hook = %s\n", __func__, (char *)msg->data)); and KASSERT(EVL_VLANOFTAG(hook_data) == vid, ("%s: NGM_VLAN_DEL_VID_FLT: Invalid VID Hook = %us, must be: %us\n", __func__, (uint16_t )EVL_VLANOFTAG(hook_data), vid)); -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 10:50:11 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EF91106566C for ; Wed, 8 Feb 2012 10:50:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8A16D8FC08 for ; Wed, 8 Feb 2012 10:50:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q18AoBIR042113 for ; Wed, 8 Feb 2012 10:50:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q18AoBwY042112; Wed, 8 Feb 2012 10:50:11 GMT (envelope-from gnats) Date: Wed, 8 Feb 2012 10:50:11 GMT Message-Id: <201202081050.q18AoBwY042112@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Dmitrij Tejblum Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitrij Tejblum List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 10:50:11 -0000 The following reply was made to PR kern/161899; it has been noted by GNATS. From: Dmitrij Tejblum To: bug-followup@freebsd.org Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd Date: Wed, 08 Feb 2012 14:30:51 +0400 I would suggest to remove RTM_MISS messages at all. I believe that there is no sofware that actually use it. OTOH, in some cases RTM_MISS messages are really disturbing. E.g., a router without default route (e.g. runnung BGP) will always generate some amount of RTM_MISS messages. They have no use, but require daemons to parse them, and could result in overflow on routing socket queue and, in turn, cause some important routing messages to be dropped. I have a patch that add a sysctl to turn off RTM_MISS messages, but since no one use them, it would be easier to just remove them entirely. -- Dmitry From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:00:32 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D7201065672 for ; Wed, 8 Feb 2012 13:00:32 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 68D5F8FC13 for ; Wed, 8 Feb 2012 13:00:32 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q18D0Wmi067565 for ; Wed, 8 Feb 2012 13:00:32 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q18D0Wnc067564; Wed, 8 Feb 2012 13:00:32 GMT (envelope-from gnats) Date: Wed, 8 Feb 2012 13:00:32 GMT Message-Id: <201202081300.q18D0Wnc067564@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Gleb Smirnoff Cc: Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gleb Smirnoff List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:00:32 -0000 The following reply was made to PR kern/161899; it has been noted by GNATS. From: Gleb Smirnoff To: Steven Hartland Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd Date: Wed, 8 Feb 2012 16:59:44 +0400 > Any update on this, would have been nice to see a fix hit before > 9.0. If you need any more information please let me know. AFAIK, this is no longer a problem in 9.0-RELEASE or in HEAD. The cause for this number of misses is absense of a route for IPv4 mapped block in IPv6 routing table. Here it is: # netstat -rn -f inet6 Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 Some rc.d script installs this prefix in 9.0 and 10.0. If it hasn't been merged to stable/8, then it needs to be found and merged. -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:01:48 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13543106566B for ; Wed, 8 Feb 2012 13:01:48 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 8BF4B8FC14 for ; Wed, 8 Feb 2012 13:01:47 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18D1klP022747; Wed, 8 Feb 2012 17:01:46 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18D1kIs022746; Wed, 8 Feb 2012 17:01:46 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 17:01:46 +0400 From: Gleb Smirnoff To: Dmitrij Tejblum Message-ID: <20120208130146.GH13554@FreeBSD.org> References: <201202081050.q18AoBwY042112@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <201202081050.q18AoBwY042112@freefall.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-net@FreeBSD.org Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:01:48 -0000 Dmitrij, On Wed, Feb 08, 2012 at 10:50:11AM +0000, Dmitrij Tejblum wrote: D> I would suggest to remove RTM_MISS messages at all. I believe that there D> is no sofware that actually use it. OTOH, in some cases RTM_MISS D> messages are really disturbing. D> D> E.g., a router without default route (e.g. runnung BGP) will always D> generate some amount of RTM_MISS messages. They have no use, but require D> daemons to parse them, and could result in overflow on routing socket D> queue and, in turn, cause some important routing messages to be dropped. D> D> I have a patch that add a sysctl to turn off RTM_MISS messages, but D> since no one use them, it would be easier to just remove them entirely. Sounds reasonable. A patch that adds a sysctl is definitely a commit candidate. But we can't be sure that no one uses these messages, so we can't remove them entirely. -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:26:50 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF2A3106564A for ; Wed, 8 Feb 2012 13:26:50 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 5225F8FC13 for ; Wed, 8 Feb 2012 13:26:50 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18DQnhX022986; Wed, 8 Feb 2012 17:26:49 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18DQmQI022985; Wed, 8 Feb 2012 17:26:48 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 17:26:48 +0400 From: Gleb Smirnoff To: Tushar Mulkar Message-ID: <20120208132648.GI13554@FreeBSD.org> References: <26E6BFB8942F2949A1501D4878FAEA152CD50451@blr-exch-1.sandvine.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <26E6BFB8942F2949A1501D4878FAEA152CD50451@blr-exch-1.sandvine.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "freebsd-net@freebsd.org" Subject: Re: [PATCH] if_lagg driver enhancements. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:26:50 -0000 On Tue, Feb 07, 2012 at 02:30:08PM +0000, Tushar Mulkar wrote: T> Hello, T> A patch is developed that has following enhancements in lagg driver T> T> - Sending a gratuitous ARP when link state changes on primary port of T> lag (kern/156226) T> - Support of new ioctl command to change primary port of the lag T> T> These enhancements are quite handy and useful. Please check if it can T> be added to FreeBSD IMHO, the patch introduces a layering violation, which is bad. This would lead to problems in future. From a quick look I don't see any right now, and patch is compatible with carp(4) just accidentially :) I would suggest the following approach: 1) Network protocols should register theirselves on the ifnet_link_event EVENTHANDLER(9). 2) The inet4 should send gratutious ARP on this event. 3) The inet6 should send NA. As you see the patch would be entirely not about lagg(4) :) We've got some minor obstacles on the suggested way: - The if_link_state_change() function suppresses any processing if the link hasn't changed, for example UP -> UP event. We can overcome this by adding a new pseudo state LINK_STATE_UPAGAIN (or LINK_STATE_UPCHANGED or LINK_STATE_UPANOTHER or any better name you can imagine). This pseudo state can't be stored in the ifp->if_link_state, but it can be used to keep the state LINK_STATE_UP, but force triggering link state hooks. I think this approach is more clean and error prone. It can lead only to extraneous gratutious ARP sent in some cases, which is not critical. -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:32:00 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE05F106564A; Wed, 8 Feb 2012 13:32:00 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 4152A8FC13; Wed, 8 Feb 2012 13:32:00 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18DVw1K023042; Wed, 8 Feb 2012 17:31:58 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18DVwOL023041; Wed, 8 Feb 2012 17:31:58 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 17:31:58 +0400 From: Gleb Smirnoff To: rozhuk.im@gmail.com Message-ID: <20120208133158.GJ13554@FreeBSD.org> References: <4f298d95.82b7cc0a.49b2.5d24@mx.google.com> <4F2A2C1F.1060609@freebsd.org> <4f2b0826.10cbcc0a.5660.ffff8aa9@mx.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4f2b0826.10cbcc0a.5660.ffff8aa9@mx.google.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-net@FreeBSD.org, 'Julian Elischer' Subject: Re: m_pullup - fail X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:32:00 -0000 On Fri, Feb 03, 2012 at 07:03:11AM +0900, rozhuk.im@gmail.com wrote: r> I am writing a netgraph node for processing UDP packets passing through the r> router / bridge. r> Node must fully inspect the entire contents of the package, in some cases, r> change them. In this case you need something like m_megapullup() that can be found in sys/netinet/libalias/alias.c -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:36:01 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A421C106564A; Wed, 8 Feb 2012 13:36:01 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 2161C8FC0C; Wed, 8 Feb 2012 13:36:00 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18Da0G3023112; Wed, 8 Feb 2012 17:36:00 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18DZx4R023109; Wed, 8 Feb 2012 17:35:59 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 17:35:59 +0400 From: Gleb Smirnoff To: Luigi Rizzo Message-ID: <20120208133559.GK13554@FreeBSD.org> References: <20120131110204.GA95472@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20120131110204.GA95472@onelab2.iet.unipi.it> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Ermal Lu?i , freebsd-net , freebsd-hackers@FreeBSD.org Subject: Re: [PATCH] multiple instances of ipfw(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:36:01 -0000 On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: L> if i understand what the patch does, i think it makes sense to be L> able to hook ipfw instances to specific interfaces/sets of interfaces, L> as it permits the writing of more readable rulesets. Right now the L> workaround is start the ruleset with skipto rules matching on L> interface names, and then use some discipline in "reserving" a range L> of rule numbers to each interface. This is definitely a desired feature, but it should be implemented on level of pfil(9). However, that would still require multiple instances of ipfw(4). -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:39:46 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D33910657A2; Wed, 8 Feb 2012 13:39:46 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 52B488FC13; Wed, 8 Feb 2012 13:39:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q18DdkNl005750; Wed, 8 Feb 2012 13:39:46 GMT (envelope-from glebius@freefall.freebsd.org) Received: (from glebius@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q18DdjmA005746; Wed, 8 Feb 2012 13:39:45 GMT (envelope-from glebius) Date: Wed, 8 Feb 2012 13:39:45 GMT Message-Id: <201202081339.q18DdjmA005746@freefall.freebsd.org> To: nvass@gmx.com, glebius@FreeBSD.org, freebsd-net@FreeBSD.org, glebius@FreeBSD.org From: glebius@FreeBSD.org Cc: Subject: Re: kern/164696: [netinet] [patch] [panic] VIMAGE + carp panics the kernel X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:39:46 -0000 Synopsis: [netinet] [patch] [panic] VIMAGE + carp panics the kernel State-Changed-From-To: open->closed State-Changed-By: glebius State-Changed-When: Wed Feb 8 13:38:23 UTC 2012 State-Changed-Why: Fixed. Responsible-Changed-From-To: freebsd-net->glebius Responsible-Changed-By: glebius Responsible-Changed-When: Wed Feb 8 13:38:23 UTC 2012 Responsible-Changed-Why: Fixed. http://www.freebsd.org/cgi/query-pr.cgi?pr=164696 From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:44:34 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A78FB106566B for ; Wed, 8 Feb 2012 13:44:34 +0000 (UTC) (envelope-from prvs=1385245108=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id ED8868FC1A for ; Wed, 8 Feb 2012 13:44:33 +0000 (UTC) X-Spam-Processed: mail1.multiplay.co.uk, Wed, 08 Feb 2012 13:44:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-5.0 required=6.0 tests=USER_IN_WHITELIST shortcircuit=ham autolearn=disabled version=3.2.5 Received: from r2d2 ([188.220.16.49]) by mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) (MDaemon PRO v10.0.4) with ESMTP id md50017942426.msg; Wed, 08 Feb 2012 13:44:03 +0000 X-MDRemoteIP: 188.220.16.49 X-Return-Path: prvs=1385245108=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk Message-ID: From: "Steven Hartland" To: "Gleb Smirnoff" , References: <201202081300.q18D0Wnc067564@freefall.freebsd.org> Date: Wed, 8 Feb 2012 13:44:56 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Cc: Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:44:34 -0000 ----- Original Message ----- From: "Gleb Smirnoff" > > Any update on this, would have been nice to see a fix hit before > > 9.0. If you need any more information please let me know. > > AFAIK, this is no longer a problem in 9.0-RELEASE or in HEAD. > > The cause for this number of misses is absense of a route for > IPv4 mapped block in IPv6 routing table. > > Here it is: > > # netstat -rn -f inet6 > Routing tables > > Internet6: > Destination Gateway Flags Netif Expire > ::/96 ::1 UGRS lo0 > > Some rc.d script installs this prefix in 9.0 and 10.0. If it hasn't > been merged to stable/8, then it needs to be found and merged. Thanks Gleb! Running the following commands does indeed stop this route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject I found these in /etc/rc.d/network_ipv6 but I can't see why these wouldnt be run on a machine that doesn't have an IPv6 address, they seem to be added correctly on machines that do. So any pointers are to how to get this fix setup correctly in 8.2 would appreciated. Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:55:02 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CC9A106564A for ; Wed, 8 Feb 2012 13:55:02 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 0C7438FC15 for ; Wed, 8 Feb 2012 13:55:01 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18Dt0UN023315; Wed, 8 Feb 2012 17:55:00 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18Dt0GH023314; Wed, 8 Feb 2012 17:55:00 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 17:55:00 +0400 From: Gleb Smirnoff To: Steven Hartland Message-ID: <20120208135500.GL13554@FreeBSD.org> References: <201202081300.q18D0Wnc067564@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-net@FreeBSD.org Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:55:02 -0000 On Wed, Feb 08, 2012 at 01:44:56PM -0000, Steven Hartland wrote: S> ----- Original Message ----- S> From: "Gleb Smirnoff" S> > > Any update on this, would have been nice to see a fix hit before S> > > 9.0. If you need any more information please let me know. S> > S> > AFAIK, this is no longer a problem in 9.0-RELEASE or in HEAD. S> > S> > The cause for this number of misses is absense of a route for S> > IPv4 mapped block in IPv6 routing table. S> > S> > Here it is: S> > S> > # netstat -rn -f inet6 S> > Routing tables S> > S> > Internet6: S> > Destination Gateway Flags Netif Expire S> > ::/96 ::1 UGRS lo0 S> > S> > Some rc.d script installs this prefix in 9.0 and 10.0. If it hasn't S> > been merged to stable/8, then it needs to be found and merged. S> S> Thanks Gleb! S> S> Running the following commands does indeed stop this S> route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject S> route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject S> S> I found these in /etc/rc.d/network_ipv6 but I can't see why S> these wouldnt be run on a machine that doesn't have an IPv6 S> address, they seem to be added correctly on machines that do. S> S> So any pointers are to how to get this fix setup correctly in S> 8.2 would appreciated. I don't have any 8.2 where I can play already :) All test boxes are either head or 9.0. So it'll be easier to you than to me, to find the exact revision that is already in stable/9, but not yet in stable/8, that adds these routes to kernel in startup. Once found, I can do merging. Meanwhile, I can bounce the PR to freebsd-rc@, and may be someone from there can find out what needs to be merged. -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 13:55:34 2012 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0587106566B; Wed, 8 Feb 2012 13:55:34 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B31378FC1B; Wed, 8 Feb 2012 13:55:34 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q18DtY9m022790; Wed, 8 Feb 2012 13:55:34 GMT (envelope-from glebius@freefall.freebsd.org) Received: (from glebius@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q18DtYJ7022786; Wed, 8 Feb 2012 13:55:34 GMT (envelope-from glebius) Date: Wed, 8 Feb 2012 13:55:34 GMT Message-Id: <201202081355.q18DtYJ7022786@freefall.freebsd.org> To: glebius@FreeBSD.org, freebsd-net@FreeBSD.org, freebsd-rc@FreeBSD.org From: glebius@FreeBSD.org Cc: Subject: Re: kern/161899: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 13:55:35 -0000 Synopsis: [route] ntpd(8): Repeating RTM_MISS packets causing high CPU load for ntpd Responsible-Changed-From-To: freebsd-net->freebsd-rc Responsible-Changed-By: glebius Responsible-Changed-When: Wed Feb 8 13:55:07 UTC 2012 Responsible-Changed-Why: I think, that solution to the problem lives somewhere in th rc-land. http://www.freebsd.org/cgi/query-pr.cgi?pr=161899 From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 14:04:10 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CE33106564A; Wed, 8 Feb 2012 14:04:10 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id C23928FC1D; Wed, 8 Feb 2012 14:04:09 +0000 (UTC) Received: by iaeo4 with SMTP id o4so1256087iae.13 for ; Wed, 08 Feb 2012 06:04:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=+J0xlP6I1mhPtm6JmLkzX/MN5IuuYy8GGNP+ZtNP1Kg=; b=IcivfqBr1JdiPJTEbuhNzxbMoy0aPAGOXDihScdkTJl+EJJe4gSjJAyxiQ4Lwiphbx 4PKQM9TNS56QNSlMr89Ra2KehIAr3kf+Mih1iJn2pmFz+a7nkgW66YsVf1y0kHuqWO3H OxAXXJz5HETWCSfWxVMZwtxrYIBGs7vRRP0b0= MIME-Version: 1.0 Received: by 10.42.144.69 with SMTP id a5mr27139143icv.45.1328709849420; Wed, 08 Feb 2012 06:04:09 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.231.134.198 with HTTP; Wed, 8 Feb 2012 06:04:09 -0800 (PST) In-Reply-To: <20120208133559.GK13554@FreeBSD.org> References: <20120131110204.GA95472@onelab2.iet.unipi.it> <20120208133559.GK13554@FreeBSD.org> Date: Wed, 8 Feb 2012 15:04:09 +0100 X-Google-Sender-Auth: 0aFIRkQDzHRwTd5nBZ_gaj2_wVQ Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Gleb Smirnoff Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-net , Luigi Rizzo , freebsd-hackers@freebsd.org Subject: Re: [PATCH] multiple instances of ipfw(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 14:04:10 -0000 2012/2/8 Gleb Smirnoff : > On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: > L> if i understand what the patch does, i think it makes sense to be > L> able to hook ipfw instances to specific interfaces/sets of interfaces, > L> as it permits the writing of more readable rulesets. Right now the > L> workaround is start the ruleset with skipto rules matching on > L> interface names, and then use some discipline in "reserving" a range > L> of rule numbers to each interface. > > This is definitely a desired feature, but it should be implemented > on level of pfil(9). However, that would still require multiple > instances of ipfw(4). > This opens a discussion of architecture design. I do not think presently pfil(9) is designed to handle such thing! Regards, Ermal From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 14:09:23 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AD3D1065781; Wed, 8 Feb 2012 14:09:23 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id E54448FC14; Wed, 8 Feb 2012 14:09:22 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q18E9Lil023577; Wed, 8 Feb 2012 18:09:21 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q18E9Lfq023576; Wed, 8 Feb 2012 18:09:21 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Wed, 8 Feb 2012 18:09:21 +0400 From: Gleb Smirnoff To: Ermal Lu?i Message-ID: <20120208140921.GM13554@glebius.int.ru> References: <20120131110204.GA95472@onelab2.iet.unipi.it> <20120208133559.GK13554@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-net , Luigi Rizzo , freebsd-hackers@FreeBSD.org Subject: Re: [PATCH] multiple instances of ipfw(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 14:09:23 -0000 On Wed, Feb 08, 2012 at 03:04:09PM +0100, Ermal Lu?i wrote: E> 2012/2/8 Gleb Smirnoff : E> > On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: E> > L> if i understand what the patch does, i think it makes sense to be E> > L> able to hook ipfw instances to specific interfaces/sets of interfaces, E> > L> as it permits the writing of more readable rulesets. Right now the E> > L> workaround is start the ruleset with skipto rules matching on E> > L> interface names, and then use some discipline in "reserving" a range E> > L> of rule numbers to each interface. E> > E> > This is definitely a desired feature, but it should be implemented E> > on level of pfil(9). However, that would still require multiple E> > instances of ipfw(4). E> > E> This opens a discussion of architecture design. E> I do not think presently pfil(9) is designed to handle such thing! Several years ago, I guess around 2005, a discussion on a per-interface packet filtering was taken on the net@ mailing list. In that time, it lead to nothing, several people were against the idea. Recently on IRC I had raised the discussion again. Today more people liked the idea and found it a desired feature. Many kinds of high end networking equipment have per-interface ACLs. I know that networking sysadmins would be happy if FreeBSD packet filters would get this feature, since maintaing such ACLs is much easier on a router with dozens of interfaces. -- Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 16:53:48 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E41A0106564A; Wed, 8 Feb 2012 16:53:48 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id 495EC8FC14; Wed, 8 Feb 2012 16:53:47 +0000 (UTC) Received: by wgbgn7 with SMTP id gn7so5445121wgb.1 for ; Wed, 08 Feb 2012 08:53:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3Bt1p2WgEfVCw+a9p2HRYww/5ShIpfbtlPkn3tFIoFI=; b=HUJyNFAP7h64bx0V2gdlNo2kgILoS6bklRZ2wFWlxJ066t/U0Wb0hXJ6izTW9RNw9F goBHTfw28wwpfYCHNXZ7gwHs9zKbU7dg0G0xT4n6jRfA3xkjdjLRJXVf0YR11MkuRSLr ESrTISnHiFHN74s1uAx+t1oO9HQ6AXHyHNe0w= MIME-Version: 1.0 Received: by 10.216.135.76 with SMTP id t54mr11003490wei.14.1328720027188; Wed, 08 Feb 2012 08:53:47 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.216.175.136 with HTTP; Wed, 8 Feb 2012 08:53:47 -0800 (PST) In-Reply-To: <20120208104213.GD13554@FreeBSD.org> References: <20120208104213.GD13554@FreeBSD.org> Date: Wed, 8 Feb 2012 08:53:47 -0800 X-Google-Sender-Auth: bnglK4tXeo4hK85xl1tgke5FUwM Message-ID: From: Adrian Chadd To: Gleb Smirnoff Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Net Subject: Re: call for review: 802.11q QinQ netgraph support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 16:53:49 -0000 2012/2/8 Gleb Smirnoff : > A> I would appreciate further review from network/netgraph related > A> people. I'm going to borrow a term from gnn and say "Silence implies > A> consent." :-) > > I have only minor comments: Thanks for your feedback! Ivan, can you please review these? Adrian > > 1.1) According to style(9) new code should use uintXX_t instead of u_intX= X_t. > 1.2) Some lines are really loooong, they need to be broken into shorter o= nes > =A0 =A0 accoording to style(9). > 1.3) Operators at beginning of a line - also style(9) violation. > > 2) NETGRAPH_DEBUG wasn't designed for the things the patch is doing. But > =A0 the KASSERT was. So it'll be better to change the code under NETGRAPH= _DEBUG > =A0 to KASSERTs. For example in the chunk '@@ -262,35 +322,143 @@': > > =A0 =A0 =A0 =A0KASSERT(priv->vlan_hook[EVL_VLANOFTAG(hook_data)] =3D=3D h= ook, > =A0 =A0 =A0 =A0 =A0 =A0("%s: NGM_VLAN_DEL_FILTER: Invalid VID for Hook = =3D %s\n", > =A0 =A0 =A0 =A0 =A0 =A0__func__, (char *)msg->data)); > > =A0 =A0 =A0 =A0and > > =A0 =A0 =A0 =A0KASSERT(EVL_VLANOFTAG(hook_data) =3D=3D vid, > =A0 =A0 =A0 =A0 =A0 =A0("%s: NGM_VLAN_DEL_VID_FLT: Invalid VID Hook =3D %= us, must be: %us\n", > =A0 =A0 =A0 =A0 =A0 =A0__func__, (uint16_t )EVL_VLANOFTAG(hook_data), vid= )); > > -- > Totus tuus, Glebius. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 18:23:45 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 054D3106564A; Wed, 8 Feb 2012 18:23:45 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id CB48B8FC0C; Wed, 8 Feb 2012 18:23:44 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RvCAz-000G2v-ID; Wed, 08 Feb 2012 13:23:29 -0500 Date: Wed, 8 Feb 2012 13:23:29 -0500 From: Gary Palmer To: Steven Hartland Message-ID: <20120208182329.GC10082@in-addr.com> References: <201202081300.q18D0Wnc067564@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-net@FreeBSD.org, Gleb Smirnoff Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 18:23:45 -0000 On Wed, Feb 08, 2012 at 01:44:56PM -0000, Steven Hartland wrote: > ----- Original Message ----- > From: "Gleb Smirnoff" > >> Any update on this, would have been nice to see a fix hit before > >> 9.0. If you need any more information please let me know. > > > >AFAIK, this is no longer a problem in 9.0-RELEASE or in HEAD. > > > >The cause for this number of misses is absense of a route for > >IPv4 mapped block in IPv6 routing table. > > > >Here it is: > > > ># netstat -rn -f inet6 > >Routing tables > > > >Internet6: > >Destination Gateway Flags > >Netif Expire > >::/96 ::1 UGRS > >lo0 > > > >Some rc.d script installs this prefix in 9.0 and 10.0. If it hasn't > >been merged to stable/8, then it needs to be found and merged. > > Thanks Gleb! > > Running the following commands does indeed stop this > route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > > I found these in /etc/rc.d/network_ipv6 but I can't see why > these wouldnt be run on a machine that doesn't have an IPv6 > address, they seem to be added correctly on machines that do. Speculation: the machine(s) which didn't have the routes maybe didn't have ipv6_enable="YES" in /etc/rc.conf? Gary From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 19:13:05 2012 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E4731065673; Wed, 8 Feb 2012 19:13:05 +0000 (UTC) (envelope-from prvs=1385245108=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id 63E188FC1D; Wed, 8 Feb 2012 19:13:03 +0000 (UTC) X-Spam-Processed: mail1.multiplay.co.uk, Wed, 08 Feb 2012 19:13:00 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-5.0 required=6.0 tests=USER_IN_WHITELIST shortcircuit=ham autolearn=disabled version=3.2.5 Received: from r2d2 ([188.220.16.49]) by mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) (MDaemon PRO v10.0.4) with ESMTP id md50017949032.msg; Wed, 08 Feb 2012 19:13:00 +0000 X-MDRemoteIP: 188.220.16.49 X-Return-Path: prvs=1385245108=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk Message-ID: <7033DB091C8A46E0A14C7C2F52929C95@multiplay.co.uk> From: "Steven Hartland" To: "Gary Palmer" References: <201202081300.q18D0Wnc067564@freefall.freebsd.org> <20120208182329.GC10082@in-addr.com> Date: Wed, 8 Feb 2012 19:12:38 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Cc: freebsd-net@FreeBSD.org, Gleb Smirnoff Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 19:13:05 -0000 ----- Original Message ----- From: "Gary Palmer" >> Running the following commands does indeed stop this >> route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject >> route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject >> >> I found these in /etc/rc.d/network_ipv6 but I can't see why >> these wouldnt be run on a machine that doesn't have an IPv6 >> address, they seem to be added correctly on machines that do. > > Speculation: the machine(s) which didn't have the routes maybe > didn't have > > ipv6_enable="YES" > > in /etc/rc.conf? Doh! Indeed they don't so of course /etc/rc.d/network_ipv6 doesnt start but IPv6 is in the kernel and ipv6 is configured on lo0 via /etc/rc.d/auto_linklocal so it looks like ipv6 is enabled even though it isnt. Given this would a reasonable patch be to move the internal routing to auto_linklocal i.e. these lines:- # disallow "internal" addresses to appear on the wire route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject Seems the relavent fix was part of a much bigger commit:- http://svnweb.freebsd.org/base?view=revision&revision=197139 So it may not be easy to patch this into 8.x Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 21:08:51 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51C0F106566B for ; Wed, 8 Feb 2012 21:08:51 +0000 (UTC) (envelope-from lists@rewt.org.uk) Received: from abby.lhr1.as41113.net (unknown [IPv6:2001:b70:201:2::20]) by mx1.freebsd.org (Postfix) with ESMTP id 1609B8FC16 for ; Wed, 8 Feb 2012 21:08:51 +0000 (UTC) Received: from jasmine.internethq (unknown [91.208.177.192]) by abby.lhr1.as41113.net (Postfix) with ESMTP id E1B3B22853 for ; Wed, 8 Feb 2012 21:08:49 +0000 (UTC) Received: from [172.16.11.44] (jwh-laptop.internethq [172.16.11.44]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jasmine.internethq (Postfix) with ESMTPS id BD9FE10751240 for ; Wed, 8 Feb 2012 21:08:24 +0000 (GMT) Message-ID: <4F32E45F.9030504@rewt.org.uk> Date: Wed, 08 Feb 2012 21:08:47 +0000 From: Joe Holden User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Max FIBS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 21:08:51 -0000 Hey guys, The maximum fibs is currently 16 due to an mbuf limitation I believe? Is there any scope for the number being increased? Ta, J From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 21:25:56 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC09D1065674 for ; Wed, 8 Feb 2012 21:25:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id C05DE8FC12 for ; Wed, 8 Feb 2012 21:25:56 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q18LPtSR057498 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 8 Feb 2012 13:25:55 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F32E8B6.8050409@freebsd.org> Date: Wed, 08 Feb 2012 13:27:18 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.26) Gecko/20120129 Thunderbird/3.1.18 MIME-Version: 1.0 To: Joe Holden References: <4F32E45F.9030504@rewt.org.uk> In-Reply-To: <4F32E45F.9030504@rewt.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" Subject: Re: Max FIBS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 21:25:57 -0000 On 2/8/12 1:08 PM, Joe Holden wrote: > Hey guys, > > The maximum fibs is currently 16 due to an mbuf limitation I > believe? Is there any scope for the number being increased? it was designed to be able to be expanable... there is only the one place. there are upcoming FIB changes and it may be a good oportunity to change this in 10.. > > Ta, > J > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 21:28:16 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2315E1065676 for ; Wed, 8 Feb 2012 21:28:16 +0000 (UTC) (envelope-from lists@rewt.org.uk) Received: from abby.lhr1.as41113.net (unknown [IPv6:2001:b70:201:2::20]) by mx1.freebsd.org (Postfix) with ESMTP id B35BD8FC1D for ; Wed, 8 Feb 2012 21:28:15 +0000 (UTC) Received: from jasmine.internethq (unknown [91.208.177.192]) by abby.lhr1.as41113.net (Postfix) with ESMTP id 1AF4F22853 for ; Wed, 8 Feb 2012 21:28:15 +0000 (UTC) Received: from [172.16.11.44] (jwh-laptop.internethq [172.16.11.44]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jasmine.internethq (Postfix) with ESMTPS id C451A1019F9E5; Wed, 8 Feb 2012 21:27:49 +0000 (GMT) Message-ID: <4F32E8EC.4070206@rewt.org.uk> Date: Wed, 08 Feb 2012 21:28:12 +0000 From: Joe Holden User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Julian Elischer References: <4F32E45F.9030504@rewt.org.uk> <4F32E8B6.8050409@freebsd.org> In-Reply-To: <4F32E8B6.8050409@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" Subject: Re: Max FIBS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 21:28:16 -0000 Julian Elischer wrote: > On 2/8/12 1:08 PM, Joe Holden wrote: >> Hey guys, >> >> The maximum fibs is currently 16 due to an mbuf limitation I believe? >> Is there any scope for the number being increased? > it was designed to be able to be expanable... there is only the one place. > > there are upcoming FIB changes and it may be a good oportunity to change > this in 10.. > aha, I was under the impression that it was limited due to mbuf size, not sure where I read that - think it was a commit from a while back. >> >> Ta, >> J >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 21:53:12 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 169B01065670 for ; Wed, 8 Feb 2012 21:53:12 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward10.mail.yandex.net (forward10.mail.yandex.net [IPv6:2a02:6b8:0:202::5]) by mx1.freebsd.org (Postfix) with ESMTP id 81E148FC13 for ; Wed, 8 Feb 2012 21:53:11 +0000 (UTC) Received: from smtp9.mail.yandex.net (smtp9.mail.yandex.net [77.88.61.35]) by forward10.mail.yandex.net (Yandex) with ESMTP id A2E501021936 for ; Thu, 9 Feb 2012 01:53:09 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328737989; bh=17KfxzQtBmSqhBRSwzx3YFckLQ0WAlZV8u5JW9mYa/8=; h=Date:From:Reply-To:Message-ID:To:Subject:MIME-Version: Content-Type:Content-Transfer-Encoding; b=sF57xrGMPfH1tRxNyCm8uNZtXWMpp5mTa4kGaZJyNWWAuv28crmfg7lBlRlpPiIpV 0nHxoT8Lmpm+4zqhVYVVc0epyI7f1e5sI1g7AGujCq1bVNyGDWOYn2fxuUYQlNcTq6 otfisGOe/MPc8Ciau0qCGY9Bmd43xDdsiaXrQs24= Received: from smtp9.mail.yandex.net (localhost [127.0.0.1]) by smtp9.mail.yandex.net (Yandex) with ESMTP id 896FA15201CC for ; Thu, 9 Feb 2012 01:53:09 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1328737989; bh=17KfxzQtBmSqhBRSwzx3YFckLQ0WAlZV8u5JW9mYa/8=; h=Date:From:Reply-To:Message-ID:To:Subject:MIME-Version: Content-Type:Content-Transfer-Encoding; b=sF57xrGMPfH1tRxNyCm8uNZtXWMpp5mTa4kGaZJyNWWAuv28crmfg7lBlRlpPiIpV 0nHxoT8Lmpm+4zqhVYVVc0epyI7f1e5sI1g7AGujCq1bVNyGDWOYn2fxuUYQlNcTq6 otfisGOe/MPc8Ciau0qCGY9Bmd43xDdsiaXrQs24= Received: from unknown (unknown [77.93.52.20]) by smtp9.mail.yandex.net (nwsmtp/Yandex) with ESMTP id r8EaS4qs-r9Eix3sv; Thu, 9 Feb 2012 01:53:09 +0400 X-Yandex-Spam: 1 Date: Wed, 8 Feb 2012 23:53:07 +0200 From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?windows-1251?B?188gyu7t/Oru4iwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <15210117711.20120208235307@yandex.ru> To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Subject: security issue!! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 21:53:12 -0000 some host on LAN can send packets to MAC address of FreeBSD server and server accept packets even if frame is not in its subnet and pass them further %-) details here http://www.freebsd.org/cgi/query-pr.cgi?pr=164914 From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 22:06:02 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74A5B1065674 for ; Wed, 8 Feb 2012 22:06:02 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105]) by mx1.freebsd.org (Postfix) with ESMTP id 5B4F68FC1F for ; Wed, 8 Feb 2012 22:06:02 +0000 (UTC) MIME-version: 1.0 Content-type: text/plain; charset=koi8-r Received: from cswiger1.apple.com (unknown [17.209.4.71]) by asmtp030.mac.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTPSA id <0LZ300MU8HDEVD80@asmtp030.mac.com> for freebsd-net@freebsd.org; Wed, 08 Feb 2012 14:05:39 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.6.7361,1.0.260,0.0.0000 definitions=2012-02-08_08:2012-02-08, 2012-02-08, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000 definitions=main-1202080239 From: Chuck Swiger X-Priority: 3 (Normal) In-reply-to: <15210117711.20120208235307@yandex.ru> Date: Wed, 08 Feb 2012 14:05:38 -0800 Content-transfer-encoding: quoted-printable Message-id: <2BF9EFDB-C52E-4842-9754-66357AD3EBA5@mac.com> References: <15210117711.20120208235307@yandex.ru> To: =?utf-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= X-Mailer: Apple Mail (2.1084) Cc: freebsd-net@freebsd.org Subject: Re: security issue!! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 22:06:02 -0000 On Feb 8, 2012, at 1:53 PM, =EB=CF=CE=D8=CB=CF=D7 =E5=D7=C7=C5=CE=C9=CA = wrote: > some host on LAN can send packets to MAC address of FreeBSD server >=20 > and server accept packets even if frame is not in its subnet and pass = them further %-) >=20 > details here > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D164914 Um, what were you expecting to have happen? It's not that unusual for someone to setup a bridge or VPN/proxy-arp = configuration where an interface doesn't have an IP, but still receives = and forwards (or otherwise processes) the traffic which it sees, because = the traffic is addressed to the MAC address of that interface.... Regards, --=20 -Chuck From owner-freebsd-net@FreeBSD.ORG Wed Feb 8 23:24:46 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 97632106566B for ; Wed, 8 Feb 2012 23:24:46 +0000 (UTC) (envelope-from lacombar@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 2B71D8FC12 for ; Wed, 8 Feb 2012 23:24:45 +0000 (UTC) Received: by wgbdq11 with SMTP id dq11so1187843wgb.31 for ; Wed, 08 Feb 2012 15:24:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=TbbUesCmA0JRe1ToH2a27VCv1BPv0YeJUQrapi9kcuw=; b=LaWAzMivG3mCm75Ihx+T9vaKK5+TiUnmqprB+utGjuKp/iERKcTCNO5ryDj4qvGA2a Z6/pjsztJZetjdTmHmSTNjN+MVIQqn19iw+BrEvHcfOkyIKtZf14Wo5YbN9/c3T+pfaC i4LnP4oXjJ1JWo31exaOF1gKzu9hNYuYriidg= MIME-Version: 1.0 Received: by 10.180.103.68 with SMTP id fu4mr40603665wib.7.1328743485100; Wed, 08 Feb 2012 15:24:45 -0800 (PST) Received: by 10.216.58.201 with HTTP; Wed, 8 Feb 2012 15:24:45 -0800 (PST) Date: Wed, 8 Feb 2012 18:24:45 -0500 Message-ID: From: Arnaud Lacombe To: Jack Vogel Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-net@freebsd.org Subject: Missed packet on recent em(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2012 23:24:46 -0000 Hi Jack, For the record, on the following hardware: em3@pci0:5:0:0: class=0x020000 card=0x150415bb chip=0x150c8086 rev=0x00 hdr=0x00 and the following version of em(4): em3: port 0xec00-0xec1f mem 0xfebe0000-0xfebfffff,0xfebdc000-0xfebdffff irq 19 at device 0.0 on pci5 em3: Using an MSI interrupt em3: [FILTER] em3: Ethernet address: 00:90:fb:35:18:b1 backported to 7-STABLE, I am still getting `missed_packets' increment, without any obvious mbuf allocation denial. These increments do not translate into complete hang of the driver, just crazy frame loss. # sysctl dev.em.3 dev.em.3.%desc: Intel(R) PRO/1000 Network Connection 7.2.3 dev.em.3.%driver: em dev.em.3.%location: slot=0 function=0 dev.em.3.%pnpinfo: vendor=0x8086 device=0x150c subvendor=0x15bb subdevice=0x1504 class=0x020000 dev.em.3.%parent: pci5 dev.em.3.rx_int_delay: 0 dev.em.3.tx_int_delay: 66 dev.em.3.rx_abs_int_delay: 66 dev.em.3.tx_abs_int_delay: 66 dev.em.3.rx_processing_limit: 100 dev.em.3.flow_control: 3 dev.em.3.eee_control: 0 dev.em.3.link_irq: 0 dev.em.3.mbuf_alloc_fail: 0 dev.em.3.cluster_alloc_fail: 0 dev.em.3.dropped: 0 dev.em.3.tx_dma_fail: 0 dev.em.3.rx_overruns: 78 dev.em.3.watchdog_timeouts: 0 dev.em.3.device_control: 1477444168 dev.em.3.rx_control: 67141634 dev.em.3.fc_high_water: 18432 dev.em.3.fc_low_water: 16932 dev.em.3.queue0.txd_head: 703 dev.em.3.queue0.txd_tail: 703 dev.em.3.queue0.tx_irq: 0 dev.em.3.queue0.no_desc_avail: 0 dev.em.3.queue0.rxd_head: 692 dev.em.3.queue0.rxd_tail: 691 dev.em.3.queue0.rx_irq: 0 dev.em.3.mac_stats.excess_coll: 0 dev.em.3.mac_stats.single_coll: 0 dev.em.3.mac_stats.multiple_coll: 0 dev.em.3.mac_stats.late_coll: 0 dev.em.3.mac_stats.collision_count: 0 dev.em.3.mac_stats.symbol_errors: 0 dev.em.3.mac_stats.sequence_errors: 0 dev.em.3.mac_stats.defer_count: 0 dev.em.3.mac_stats.missed_packets: 1135790 dev.em.3.mac_stats.recv_no_buff: 555763 dev.em.3.mac_stats.recv_undersize: 0 dev.em.3.mac_stats.recv_fragmented: 0 dev.em.3.mac_stats.recv_oversize: 0 dev.em.3.mac_stats.recv_jabber: 0 dev.em.3.mac_stats.recv_errs: 0 dev.em.3.mac_stats.crc_errs: 0 dev.em.3.mac_stats.alignment_errs: 0 dev.em.3.mac_stats.coll_ext_errs: 0 dev.em.3.mac_stats.xon_recvd: 6806 dev.em.3.mac_stats.xon_txd: 253 dev.em.3.mac_stats.xoff_recvd: 7583 dev.em.3.mac_stats.xoff_txd: 742908 dev.em.3.mac_stats.total_pkts_recvd: 3904354 dev.em.3.mac_stats.good_pkts_recvd: 2761900 [...] This happened with about 1000 short-lived TCP connection filling about 100Mbps of traffic. I saw you made updates to the driver recently. I'll attempt a backport and let you know. This might not be trivial given the netmap mess which appeared in -current... - Arnaud From owner-freebsd-net@FreeBSD.ORG Thu Feb 9 00:43:52 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 52D0A106566C for ; Thu, 9 Feb 2012 00:43:52 +0000 (UTC) (envelope-from jack.vogel@intel.com) Received: from mga03.intel.com (mga03.intel.com [143.182.124.21]) by mx1.freebsd.org (Postfix) with ESMTP id 249F98FC0C for ; Thu, 9 Feb 2012 00:43:51 +0000 (UTC) Received: from azsmga001.ch.intel.com ([10.2.17.19]) by azsmga101.ch.intel.com with ESMTP; 08 Feb 2012 16:15:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.71,315,1320652800"; d="scan'208";a="104711010" Received: from orsmsx603.amr.corp.intel.com ([10.22.226.49]) by azsmga001.ch.intel.com with ESMTP; 08 Feb 2012 16:15:27 -0800 Received: from orsmsx102.amr.corp.intel.com (10.22.225.129) by orsmsx603.amr.corp.intel.com (10.22.226.49) with Microsoft SMTP Server (TLS) id 8.2.255.0; Wed, 8 Feb 2012 16:15:19 -0800 Received: from orsmsx104.amr.corp.intel.com ([169.254.3.48]) by ORSMSX102.amr.corp.intel.com ([169.254.1.143]) with mapi id 14.01.0355.002; Wed, 8 Feb 2012 16:15:19 -0800 From: "Vogel, Jack" To: Arnaud Lacombe Thread-Topic: Missed packet on recent em(4) Thread-Index: AQHM5rjg46GNePr+F0CWTzh5R+6cFZYzsi+w Date: Thu, 9 Feb 2012 00:15:18 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.22.254.138] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "freebsd-net@freebsd.org" Subject: RE: Missed packet on recent em(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 00:43:52 -0000 The NETMAP code is all self-contained, just delete what's inside the ifdef'= s=20 Jack -----Original Message----- From: Arnaud Lacombe [mailto:lacombar@gmail.com]=20 Sent: Wednesday, February 08, 2012 3:25 PM To: Vogel, Jack Cc: freebsd-net@freebsd.org Subject: Missed packet on recent em(4) Hi Jack, For the record, on the following hardware: em3@pci0:5:0:0: class=3D0x020000 card=3D0x150415bb chip=3D0x150c8086 rev=3D= 0x00 hdr=3D0x00 and the following version of em(4): em3: port 0xec00-0xec1f mem 0xfebe0000-0xfebfffff,0xfebdc000-0xfebdffff irq 19 at device 0.0 on pci5 em3: Using an MSI interrupt em3: [FILTER] em3: Ethernet address: 00:90:fb:35:18:b1 backported to 7-STABLE, I am still getting `missed_packets' increment, without any obvious mbuf allocation denial. These increments do not translate into complete hang of the driver, just crazy frame loss. # sysctl dev.em.3 dev.em.3.%desc: Intel(R) PRO/1000 Network Connection 7.2.3 dev.em.3.%driver: em dev.em.3.%location: slot=3D0 function=3D0 dev.em.3.%pnpinfo: vendor=3D0x8086 device=3D0x150c subvendor=3D0x15bb subdevice=3D0x1504 class=3D0x020000 dev.em.3.%parent: pci5 dev.em.3.rx_int_delay: 0 dev.em.3.tx_int_delay: 66 dev.em.3.rx_abs_int_delay: 66 dev.em.3.tx_abs_int_delay: 66 dev.em.3.rx_processing_limit: 100 dev.em.3.flow_control: 3 dev.em.3.eee_control: 0 dev.em.3.link_irq: 0 dev.em.3.mbuf_alloc_fail: 0 dev.em.3.cluster_alloc_fail: 0 dev.em.3.dropped: 0 dev.em.3.tx_dma_fail: 0 dev.em.3.rx_overruns: 78 dev.em.3.watchdog_timeouts: 0 dev.em.3.device_control: 1477444168 dev.em.3.rx_control: 67141634 dev.em.3.fc_high_water: 18432 dev.em.3.fc_low_water: 16932 dev.em.3.queue0.txd_head: 703 dev.em.3.queue0.txd_tail: 703 dev.em.3.queue0.tx_irq: 0 dev.em.3.queue0.no_desc_avail: 0 dev.em.3.queue0.rxd_head: 692 dev.em.3.queue0.rxd_tail: 691 dev.em.3.queue0.rx_irq: 0 dev.em.3.mac_stats.excess_coll: 0 dev.em.3.mac_stats.single_coll: 0 dev.em.3.mac_stats.multiple_coll: 0 dev.em.3.mac_stats.late_coll: 0 dev.em.3.mac_stats.collision_count: 0 dev.em.3.mac_stats.symbol_errors: 0 dev.em.3.mac_stats.sequence_errors: 0 dev.em.3.mac_stats.defer_count: 0 dev.em.3.mac_stats.missed_packets: 1135790 dev.em.3.mac_stats.recv_no_buff: 555763 dev.em.3.mac_stats.recv_undersize: 0 dev.em.3.mac_stats.recv_fragmented: 0 dev.em.3.mac_stats.recv_oversize: 0 dev.em.3.mac_stats.recv_jabber: 0 dev.em.3.mac_stats.recv_errs: 0 dev.em.3.mac_stats.crc_errs: 0 dev.em.3.mac_stats.alignment_errs: 0 dev.em.3.mac_stats.coll_ext_errs: 0 dev.em.3.mac_stats.xon_recvd: 6806 dev.em.3.mac_stats.xon_txd: 253 dev.em.3.mac_stats.xoff_recvd: 7583 dev.em.3.mac_stats.xoff_txd: 742908 dev.em.3.mac_stats.total_pkts_recvd: 3904354 dev.em.3.mac_stats.good_pkts_recvd: 2761900 [...] This happened with about 1000 short-lived TCP connection filling about 100Mbps of traffic. I saw you made updates to the driver recently. I'll attempt a backport and let you know. This might not be trivial given the netmap mess which appeared in -current... - Arnaud From owner-freebsd-net@FreeBSD.ORG Thu Feb 9 16:14:19 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BEC51065678; Thu, 9 Feb 2012 16:14:19 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.freebsd.org (Postfix) with ESMTP id 077C78FC0A; Thu, 9 Feb 2012 16:14:18 +0000 (UTC) Received: from PWSVL-EXCHTS-02.internal.cacheflow.com (sai-rp.bluecoat.com [10.2.2.126] (may be forged)) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id q19G42Oa011312 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 9 Feb 2012 08:04:03 -0800 (PST) Received: from PWSVL-EXCMBX-01.internal.cacheflow.com ([fe80::15bc:12e2:4676:340f]) by PWSVL-EXCHTS-02.internal.cacheflow.com ([fe80::4910:317f:407:6ecc%14]) with mapi id 14.01.0289.001; Thu, 9 Feb 2012 08:04:08 -0800 From: "Li, Qing" To: Steven Hartland , Gary Palmer Thread-Topic: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd Thread-Index: AQHM5pWffl/Cu3mx7EyaNXcGWApqBZY0u4gg Date: Thu, 9 Feb 2012 16:04:07 +0000 Message-ID: References: <201202081300.q18D0Wnc067564@freefall.freebsd.org> <20120208182329.GC10082@in-addr.com> <7033DB091C8A46E0A14C7C2F52929C95@multiplay.co.uk> In-Reply-To: <7033DB091C8A46E0A14C7C2F52929C95@multiplay.co.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [216.52.23.68] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "freebsd-net@freebsd.org" Subject: RE: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 16:14:19 -0000 Hmm... I don't see this problem until multiple FIBs are enabled. --Qing > -----Original Message----- > From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd- > net@freebsd.org] On Behalf Of Steven Hartland > Sent: Wednesday, February 08, 2012 11:13 AM > To: Gary Palmer > Cc: freebsd-net@freebsd.org; Gleb Smirnoff > Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU > load for ntpd >=20 > ----- Original Message ----- > From: "Gary Palmer" > >> Running the following commands does indeed stop this > >> route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > >> route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > >> > >> I found these in /etc/rc.d/network_ipv6 but I can't see why > >> these wouldnt be run on a machine that doesn't have an IPv6 > >> address, they seem to be added correctly on machines that do. > > > > Speculation: the machine(s) which didn't have the routes maybe > > didn't have > > > > ipv6_enable=3D"YES" > > > > in /etc/rc.conf? >=20 > Doh! >=20 > Indeed they don't so of course /etc/rc.d/network_ipv6 doesnt > start but IPv6 is in the kernel and ipv6 is configured on lo0 via > /etc/rc.d/auto_linklocal so it looks like ipv6 is enabled even > though it isnt. >=20 > Given this would a reasonable patch be to move the internal routing > to auto_linklocal i.e. these lines:- > # disallow "internal" addresses to appear on the wire > route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject >=20 > Seems the relavent fix was part of a much bigger commit:- > http://svnweb.freebsd.org/base?view=3Drevision&revision=3D197139 >=20 > So it may not be easy to patch this into 8.x >=20 > Regards > Steve >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > This e.mail is private and confidential between Multiplay (UK) Ltd. and > the person or entity to whom it is addressed. In the event of > misdirection, the recipient is prohibited from using, copying, printing > or otherwise disseminating it or any information contained in it. >=20 > In the event of misdirection, illegible or incomplete transmission > please telephone +44 845 868 1337 > or return the E.mail to postmaster@multiplay.co.uk. >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@FreeBSD.ORG Thu Feb 9 16:55:04 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB920106566B for ; Thu, 9 Feb 2012 16:55:04 +0000 (UTC) (envelope-from lacombar@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 628FA8FC0A for ; Thu, 9 Feb 2012 16:55:03 +0000 (UTC) Received: by wgbdq11 with SMTP id dq11so2037603wgb.31 for ; Thu, 09 Feb 2012 08:55:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=NTTSvwemYmLCIAYQhSbh+U6MSoYi5pn40+ULmBBGiw8=; b=lbfqBn2Fz79+rxZVr3QTHn5EK59Aqg5DEBG+zBdKs8XR7IzP/3NK6YdFi7br/N2VhI S1tLOyDZQNmmQNUFewv4LxcNpvmAFdj/LqsblzkSonwv6kBshuyJA3YoqD/XkNGiR0bN WVkyA4DCky+JrBgZWY0PM/C0W6vA//DqXFd48= MIME-Version: 1.0 Received: by 10.180.101.165 with SMTP id fh5mr4021787wib.10.1328806502445; Thu, 09 Feb 2012 08:55:02 -0800 (PST) Received: by 10.216.58.201 with HTTP; Thu, 9 Feb 2012 08:55:02 -0800 (PST) In-Reply-To: References: Date: Thu, 9 Feb 2012 11:55:02 -0500 Message-ID: From: Arnaud Lacombe To: "Vogel, Jack" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-net@freebsd.org" Subject: Re: Missed packet on recent em(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 16:55:05 -0000 Hi, On Wed, Feb 8, 2012 at 7:15 PM, Vogel, Jack wrote: > The NETMAP code is all self-contained, just delete what's inside the ifde= f's > not exactly, the allocator stuff from r229939 is not that self contained, but beside that my problem is more to get the patches to apply to our internal 7-STABLE tree. My generic workflow is to mindlessly use git-format-patch to generate the set of patches, slightly reformat commit log to our internal standard, and apply that on top of the target tree. I then let git figures out eventual conflicts and fix them. I do not want to have to think about all the things we changed internally which might conflict, but also want to keep record of who made what change in which commit/revision. To some extend, I want to avoid the mess which happened in `sys/dev/e1000/' where you blew luigi@ and other committers changes by blindly committing stuff and letting them fix the damage afterward. These few commits were just wonderful, I must admit you made my day a little less sad ;-) - Arnaud > Jack > > > -----Original Message----- > From: Arnaud Lacombe [mailto:lacombar@gmail.com] > Sent: Wednesday, February 08, 2012 3:25 PM > To: Vogel, Jack > Cc: freebsd-net@freebsd.org > Subject: Missed packet on recent em(4) > > Hi Jack, > > For the record, on the following hardware: > > em3@pci0:5:0:0: class=3D0x020000 card=3D0x150415bb chip=3D0x150c8086 rev= =3D0x00 hdr=3D0x00 > > and the following version of em(4): > > em3: port 0xec00-0xec1f > mem 0xfebe0000-0xfebfffff,0xfebdc000-0xfebdffff irq 19 at device 0.0 > on pci5 > em3: Using an MSI interrupt > em3: [FILTER] > em3: Ethernet address: 00:90:fb:35:18:b1 > > backported to 7-STABLE, I am still getting `missed_packets' increment, > without any obvious mbuf allocation denial. These increments do not > translate into complete hang of the driver, just crazy frame loss. > > # sysctl dev.em.3 > dev.em.3.%desc: Intel(R) PRO/1000 Network Connection 7.2.3 > dev.em.3.%driver: em > dev.em.3.%location: slot=3D0 function=3D0 > dev.em.3.%pnpinfo: vendor=3D0x8086 device=3D0x150c subvendor=3D0x15bb > subdevice=3D0x1504 class=3D0x020000 > dev.em.3.%parent: pci5 > dev.em.3.rx_int_delay: 0 > dev.em.3.tx_int_delay: 66 > dev.em.3.rx_abs_int_delay: 66 > dev.em.3.tx_abs_int_delay: 66 > dev.em.3.rx_processing_limit: 100 > dev.em.3.flow_control: 3 > dev.em.3.eee_control: 0 > dev.em.3.link_irq: 0 > dev.em.3.mbuf_alloc_fail: 0 > dev.em.3.cluster_alloc_fail: 0 > dev.em.3.dropped: 0 > dev.em.3.tx_dma_fail: 0 > dev.em.3.rx_overruns: 78 > dev.em.3.watchdog_timeouts: 0 > dev.em.3.device_control: 1477444168 > dev.em.3.rx_control: 67141634 > dev.em.3.fc_high_water: 18432 > dev.em.3.fc_low_water: 16932 > dev.em.3.queue0.txd_head: 703 > dev.em.3.queue0.txd_tail: 703 > dev.em.3.queue0.tx_irq: 0 > dev.em.3.queue0.no_desc_avail: 0 > dev.em.3.queue0.rxd_head: 692 > dev.em.3.queue0.rxd_tail: 691 > dev.em.3.queue0.rx_irq: 0 > dev.em.3.mac_stats.excess_coll: 0 > dev.em.3.mac_stats.single_coll: 0 > dev.em.3.mac_stats.multiple_coll: 0 > dev.em.3.mac_stats.late_coll: 0 > dev.em.3.mac_stats.collision_count: 0 > dev.em.3.mac_stats.symbol_errors: 0 > dev.em.3.mac_stats.sequence_errors: 0 > dev.em.3.mac_stats.defer_count: 0 > dev.em.3.mac_stats.missed_packets: 1135790 > dev.em.3.mac_stats.recv_no_buff: 555763 > dev.em.3.mac_stats.recv_undersize: 0 > dev.em.3.mac_stats.recv_fragmented: 0 > dev.em.3.mac_stats.recv_oversize: 0 > dev.em.3.mac_stats.recv_jabber: 0 > dev.em.3.mac_stats.recv_errs: 0 > dev.em.3.mac_stats.crc_errs: 0 > dev.em.3.mac_stats.alignment_errs: 0 > dev.em.3.mac_stats.coll_ext_errs: 0 > dev.em.3.mac_stats.xon_recvd: 6806 > dev.em.3.mac_stats.xon_txd: 253 > dev.em.3.mac_stats.xoff_recvd: 7583 > dev.em.3.mac_stats.xoff_txd: 742908 > dev.em.3.mac_stats.total_pkts_recvd: 3904354 > dev.em.3.mac_stats.good_pkts_recvd: 2761900 > [...] > > This happened with about 1000 short-lived TCP connection filling about > 100Mbps of traffic. > > I saw you made updates to the driver recently. I'll attempt a backport > and let you know. This might not be trivial given the netmap mess > which appeared in -current... > > =A0- Arnaud From owner-freebsd-net@FreeBSD.ORG Thu Feb 9 22:45:39 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7A8E106566C; Thu, 9 Feb 2012 22:45:39 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 5A29B8FC08; Thu, 9 Feb 2012 22:45:38 +0000 (UTC) Received: from julian-mac.elischer.org (64.1.209.194.ptr.us.xo.net [64.1.209.194]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q19MjZmu063692 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 9 Feb 2012 14:45:36 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F344CE4.301@freebsd.org> Date: Thu, 09 Feb 2012 14:47:00 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.26) Gecko/20120129 Thunderbird/3.1.18 MIME-Version: 1.0 To: Gleb Smirnoff References: <20120131110204.GA95472@onelab2.iet.unipi.it> <20120208133559.GK13554@FreeBSD.org> <20120208140921.GM13554@glebius.int.ru> In-Reply-To: <20120208140921.GM13554@glebius.int.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: Ermal Lu?i , freebsd-net , Luigi Rizzo , freebsd-hackers@freebsd.org Subject: Re: [PATCH] multiple instances of ipfw(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 22:45:39 -0000 On 2/8/12 6:09 AM, Gleb Smirnoff wrote: > On Wed, Feb 08, 2012 at 03:04:09PM +0100, Ermal Lu?i wrote: > E> 2012/2/8 Gleb Smirnoff: > E> > On Tue, Jan 31, 2012 at 12:02:04PM +0100, Luigi Rizzo wrote: > E> > L> if i understand what the patch does, i think it makes sense to be > E> > L> able to hook ipfw instances to specific interfaces/sets of interfaces, > E> > L> as it permits the writing of more readable rulesets. Right now the > E> > L> workaround is start the ruleset with skipto rules matching on > E> > L> interface names, and then use some discipline in "reserving" a range > E> > L> of rule numbers to each interface. > E> > > E> > This is definitely a desired feature, but it should be implemented > E> > on level of pfil(9). However, that would still require multiple > E> > instances of ipfw(4). > E> > > E> This opens a discussion of architecture design. > E> I do not think presently pfil(9) is designed to handle such thing! > > Several years ago, I guess around 2005, a discussion on a per-interface > packet filtering was taken on the net@ mailing list. In that time, it lead > to nothing, several people were against the idea. > > Recently on IRC I had raised the discussion again. Today more people liked > the idea and found it a desired feature. > > Many kinds of high end networking equipment have per-interface ACLs. I know > that networking sysadmins would be happy if FreeBSD packet filters would > get this feature, since maintaing such ACLs is much easier on a router with > dozens of interfaces. I think it is a good idea. not only for interfaces but certain routing and bridging paths too. From owner-freebsd-net@FreeBSD.ORG Fri Feb 10 00:43:28 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 745381065676; Fri, 10 Feb 2012 00:43:28 +0000 (UTC) (envelope-from prvs=1387bf0264=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id 903148FC1C; Fri, 10 Feb 2012 00:43:27 +0000 (UTC) X-Spam-Processed: mail1.multiplay.co.uk, Fri, 10 Feb 2012 00:31:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-5.0 required=6.0 tests=USER_IN_WHITELIST shortcircuit=ham autolearn=disabled version=3.2.5 Received: from r2d2 ([188.220.16.49]) by mail1.multiplay.co.uk (mail1.multiplay.co.uk [85.236.96.23]) (MDaemon PRO v10.0.4) with ESMTP id md50017980317.msg; Fri, 10 Feb 2012 00:31:37 +0000 X-MDRemoteIP: 188.220.16.49 X-Return-Path: prvs=1387bf0264=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk Message-ID: <926CBEDBBCCE44E998B05C11D2C0C621@multiplay.co.uk> From: "Steven Hartland" To: "Li, Qing" , "Gary Palmer" References: <201202081300.q18D0Wnc067564@freefall.freebsd.org><20120208182329.GC10082@in-addr.com> <7033DB091C8A46E0A14C7C2F52929C95@multiplay.co.uk> Date: Fri, 10 Feb 2012 00:30:46 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Cc: freebsd-net@freebsd.org Subject: Re: kern/161899: Repeating RTM_MISS packets causing high CPU load for ntpd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2012 00:43:28 -0000 ----- Original Message ----- From: "Li, Qing" > Hmm... I don't see this problem until multiple FIBs are enabled. I have a bog standard box here one default route and one active nic, which exhibits this issue so there shouldn't be multiple FIB's unless the fact that IPv6 is compiled in and active on lo0 making this so? Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk. From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 08:34:21 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A5A8106566B for ; Sat, 11 Feb 2012 08:34:21 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 4D1D48FC0C for ; Sat, 11 Feb 2012 08:34:21 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q1B8YJNW072001 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 11 Feb 2012 00:34:20 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4F362861.7090801@freebsd.org> Date: Sat, 11 Feb 2012 00:35:45 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.26) Gecko/20120129 Thunderbird/3.1.18 MIME-Version: 1.0 To: Joe Holden References: <4F32E45F.9030504@rewt.org.uk> <4F32E8B6.8050409@freebsd.org> <4F32E8EC.4070206@rewt.org.uk> In-Reply-To: <4F32E8EC.4070206@rewt.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" Subject: Re: Max FIBS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 08:34:21 -0000 On 2/8/12 1:28 PM, Joe Holden wrote: > Julian Elischer wrote: >> On 2/8/12 1:08 PM, Joe Holden wrote: >>> Hey guys, >>> >>> The maximum fibs is currently 16 due to an mbuf limitation I >>> believe? Is there any scope for the number being increased? >> it was designed to be able to be expanable... there is only the one >> place. >> >> there are upcoming FIB changes and it may be a good oportunity to >> change this in 10.. >> > aha, I was under the impression that it was limited due to mbuf > size, not sure where I read that - think it was a commit from a > while back. you are correct.. the one limitation is the mbufs but we can maybe change the mbuf layout a little in 10 which will allow for more FIBs > >>> >>> Ta, >>> J >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to >>> "freebsd-net-unsubscribe@freebsd.org" >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 08:41:04 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0A4B1065672; Sat, 11 Feb 2012 08:41:04 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 862158FC0C; Sat, 11 Feb 2012 08:41:04 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 47FA025D37C0; Sat, 11 Feb 2012 08:41:03 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 674E6BDB1D3; Sat, 11 Feb 2012 08:41:02 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id wmG5g06cSfVr; Sat, 11 Feb 2012 08:41:01 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 18C9DBDB1D2; Sat, 11 Feb 2012 08:41:00 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <4F362861.7090801@freebsd.org> Date: Sat, 11 Feb 2012 08:41:00 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4F32E45F.9030504@rewt.org.uk> <4F32E8B6.8050409@freebsd.org> <4F32E8EC.4070206@rewt.org.uk> <4F362861.7090801@freebsd.org> To: Julian Elischer X-Mailer: Apple Mail (2.1084) Cc: "freebsd-net@freebsd.org" , Joe Holden Subject: Re: Max FIBS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 08:41:04 -0000 On 11. Feb 2012, at 08:35 , Julian Elischer wrote: > On 2/8/12 1:28 PM, Joe Holden wrote: >> Julian Elischer wrote: >>> On 2/8/12 1:08 PM, Joe Holden wrote: >>>> Hey guys, >>>>=20 >>>> The maximum fibs is currently 16 due to an mbuf limitation I = believe? Is there any scope for the number being increased? >>> it was designed to be able to be expanable... there is only the one = place. >>>=20 >>> there are upcoming FIB changes and it may be a good oportunity to = change this in 10.. >>>=20 >> aha, I was under the impression that it was limited due to mbuf size, = not sure where I read that - think it was a commit from a while back. >=20 > you are correct.. the one limitation is the mbufs > but we can maybe change the mbuf layout a little in 10 > which will allow for more FIBs We are basically waiting for someone to touch mbufs for real and to be = able to do the full performance re-evaluation but I guess we'd also like to = have the secondary zone to die etc all in the same go... Meanwhile updating the limit locally isn't too hard; it's a couple of = line change. /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 15:38:28 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B96D106566B for ; Sat, 11 Feb 2012 15:38:28 +0000 (UTC) (envelope-from stalker2174@yandex.ru) Received: from me10436d0.tmodns.net (me10436d0.tmodns.net [208.54.4.225]) by mx1.freebsd.org (Postfix) with SMTP id 4978B8FC14 for ; Sat, 11 Feb 2012 15:38:26 +0000 (UTC) Received: from unknown (HELO 7jvin1) ([27.29.33.113]) by me10436d0.tmodns.net with ESMTP; Sat, 11 Feb 2012 08:32:25 -0700 Message-ID: <001c01cce8d1$c756dfb0$1b1d2171@OwnerPC7jvin1> From: "Rolf Rangel" To: Date: Sat, 11 Feb 2012 08:22:46 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158 Subject: Microsoft OEM Software X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 15:38:28 -0000 We sell industry leading software at the lowest prices(90% discount), with free fast shipping! Windows Pro 7 SP1 Full oem 64-Bit DVD version - 15.99$ Office 2010 Home and Business for 1 PC Full - 19.99$ Adobe Acrobat X Professional - 21.99$ and more... Mail to order: stalker2174@yandex.ru or just click Reply. From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 18:19:40 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86E16106564A; Sat, 11 Feb 2012 18:19:40 +0000 (UTC) (envelope-from alexey@kouznetsov.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id DF3788FC08; Sat, 11 Feb 2012 18:19:39 +0000 (UTC) Received: by bkcjg1 with SMTP id jg1so3333233bkc.13 for ; Sat, 11 Feb 2012 10:19:38 -0800 (PST) Received: by 10.204.154.14 with SMTP id m14mr2866675bkw.38.1328984378389; Sat, 11 Feb 2012 10:19:38 -0800 (PST) Received: from your89ebba6db9 ([77.41.97.165]) by mx.google.com with ESMTPS id o26sm28924945bko.14.2012.02.11.10.19.36 (version=SSLv3 cipher=OTHER); Sat, 11 Feb 2012 10:19:37 -0800 (PST) From: "Alexey Kouznetsov" To: , Date: Sat, 11 Feb 2012 22:19:33 +0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Aczo6TDC5mkYPw7sTNOizM7GCkH49QAACwgg X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-Gm-Message-State: ALoCoQkYpeOBBJBoF8A20cJPrx/V9Vr6zmKX0J4r7I2TKavlRygJ9d+5fdhc9/O/Z58l+xJyKPzd Cc: Subject: FW: [ net-snmp-Bugs-3480541 ] Wrong index of disk (dskIndex) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 18:19:40 -0000 Hello! Could you, please look at this also? Explanation bellow at SF bug track --- work/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c.orig 2011-09-@@ +++ work/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c 2012-02-11 21:55:16.000000000 +0400-322,7 +321,7 @@ switch (vp->magic) { case MIBINDEX: + long_ret = disknum + 1; - long_ret = disknum; return ((u_char *) (&long_ret)); case ERRORNAME: /* DISKPATH */ *var_len = strlen(entry->path); Thank you! -----Original Message----- From: SourceForge.net [mailto:noreply@sourceforge.net] Sent: Saturday, February 11, 2012 10:16 PM To: SourceForge.net Subject: [ net-snmp-Bugs-3480541 ] Wrong index of disk (dskIndex) Bugs item #3480541, was opened at 2012-01-27 05:47 Message generated for change (Comment added) made by st-da You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3480541&group_i d=12694 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: agent Group: freeBSD Status: Open Resolution: None Priority: 5 Private: No Submitted By: Alexey (st-da) Assigned to: Nobody/Anonymous (nobody) Summary: Wrong index of disk (dskIndex) Initial Comment: # snmpwalk -c public 127.0.0.1 dskIndex UCD-SNMP-MIB::dskIndex.1 = INTEGER: 0 UCD-SNMP-MIB::dskIndex.2 = INTEGER: 1 UCD-SNMP-MIB::dskIndex.3 = INTEGER: 2 UCD-SNMP-MIB::dskIndex.4 = INTEGER: 3 UCD-SNMP-MIB::dskIndex.5 = INTEGER: 4 UCD-SNMP-MIB::dskIndex.6 = INTEGER: 5 UCD-SNMP-MIB::dskIndex.7 = INTEGER: 6 In my mind it have to be same mumbers in OID and in index UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1 UCD-SNMP-MIB::dskIndex.2 = INTEGER: 2 UCD-SNMP-MIB::dskIndex.3 = INTEGER: 3 UCD-SNMP-MIB::dskIndex.4 = INTEGER: 4 UCD-SNMP-MIB::dskIndex.5 = INTEGER: 5 UCD-SNMP-MIB::dskIndex.6 = INTEGER: 6 UCD-SNMP-MIB::dskIndex.7 = INTEGER: 7 # /usr/local/sbin/snmpd -v NET-SNMP version: 5.7.1 Web: http://www.net-snmp.org/ Email: net-snmp-coders@lists.sourceforge.net recenly built from ports on FreeBSD 8.2 stable. Looks lite it started from 5.7 and was correctly before. ---------------------------------------------------------------------- >Comment By: Alexey (st-da) Date: 2012-02-11 10:15 Message: ops reverse + and - at last patch... ---------------------------------------------------------------------- Comment By: Alexey (st-da) Date: 2012-02-11 10:07 Message: disk index fixed for me by small path: --- work/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c 2012-02-11 21:55:16.000000000 +0400 +++ work/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c.orig 2011-09-@@ -322,7 +321,7 @@ switch (vp->magic) { case MIBINDEX: - long_ret = disknum + 1; + long_ret = disknum; return ((u_char *) (&long_ret)); case ERRORNAME: /* DISKPATH */ *var_len = strlen(entry->path); ---------------------------------------------------------------------- Comment By: Alexey (st-da) Date: 2012-02-02 06:09 Message: there are same requets sfter we clean up the disk UCD-SNMP-MIB::dskTotal.4 = INTEGER: 50777034 UCD-SNMP-MIB::dskAvail.4 = INTEGER: 36894232 UCD-SNMP-MIB::dskUsed.4 = INTEGER: 9820640 ---------------------------------------------------------------------- Comment By: Alexey (st-da) Date: 2012-02-02 05:53 Message: There are some more problem: df -k | egrep logs /dev/aacd0s1g 50777034 46745456 -30584 100% /logs /usr/local/bin/snmpwalk -c public xxxxxx dsk| egrep '\.4 = ' UCD-SNMP-MIB::dskIndex.4 = INTEGER: 3 UCD-SNMP-MIB::dskPath.4 = STRING: /logs UCD-SNMP-MIB::dskDevice.4 = STRING: /dev/aacd0s1g UCD-SNMP-MIB::dskMinimum.4 = INTEGER: 524288 UCD-SNMP-MIB::dskMinPercent.4 = INTEGER: -1 UCD-SNMP-MIB::dskTotal.4 = INTEGER: 50777034 UCD-SNMP-MIB::dskAvail.4 = INTEGER: 2147483647 UCD-SNMP-MIB::dskUsed.4 = INTEGER: 46745264 UCD-SNMP-MIB::dskPercent.4 = INTEGER: 92 UCD-SNMP-MIB::dskPercentNode.4 = INTEGER: 1 UCD-SNMP-MIB::dskTotalLow.4 = Gauge32: 50777034 UCD-SNMP-MIB::dskTotalHigh.4 = Gauge32: 0 UCD-SNMP-MIB::dskAvailLow.4 = Gauge32: 4294936904 UCD-SNMP-MIB::dskAvailHigh.4 = Gauge32: 4294967295 UCD-SNMP-MIB::dskUsedLow.4 = Gauge32: 46745264 UCD-SNMP-MIB::dskUsedHigh.4 = Gauge32: 0 UCD-SNMP-MIB::dskErrorFlag.4 = INTEGER: noError(0) UCD-SNMP-MIB::dskErrorMsg.4 = STRING: some unrealistic unavailable value dskAvail.4 = INTEGER: 2147483647 Somethiong like unsigned where we save negative value ? FreeBSD 8.2-STABLE #9: Tue Oct 11 07:07:46 UTC 2011 pkg_info -aI | egrep snmp net-snmp-5.7_4 An extendable SNMP implementation ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3480541&group_i d=12694 From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 19:41:55 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E698B106566B for ; Sat, 11 Feb 2012 19:41:55 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id B80B28FC13 for ; Sat, 11 Feb 2012 19:41:54 +0000 (UTC) Received: by obcwo16 with SMTP id wo16so6850256obc.13 for ; Sat, 11 Feb 2012 11:41:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.60.29.228 with SMTP id n4mr2110387oeh.32.1328987925559; Sat, 11 Feb 2012 11:18:45 -0800 (PST) Received: by 10.60.25.99 with HTTP; Sat, 11 Feb 2012 11:18:45 -0800 (PST) Date: Sat, 11 Feb 2012 11:18:45 -0800 Message-ID: From: Michael Sierchio To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: MPD5 L2TP question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 19:41:56 -0000 [if there's a more appropriate place to pose this, please direct me] I'm trying to use mpd5 to build an L2TP server. It generally works as expected, except I cannot figure out how to push the route to an attached network to the PPP client. If I manually add a route on the client (to the ppp0 interface), things work as expected. This won't work for deploying this to users, though. I should point out that for OS X users of the L2TP client, we generally discourage routing all traffic over the tunnel - if we told them to put the L2TP pseudo-interface above the Ethernet interface, this would probably work. However, I'd like to push a route to my local net. A sample config would be most welcome. Thanks. - M From owner-freebsd-net@FreeBSD.ORG Sat Feb 11 20:36:43 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58EB2106566B for ; Sat, 11 Feb 2012 20:36:43 +0000 (UTC) (envelope-from adrian.minta@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id D4B608FC1A for ; Sat, 11 Feb 2012 20:36:42 +0000 (UTC) Received: by eaan10 with SMTP id n10so1498301eaa.13 for ; Sat, 11 Feb 2012 12:36:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=75YPT17GQymOyK2oH/q9OJAUzzAzlZE75wiKOl4YHwU=; b=YZcg6Ab/e8joJ3kdQE5MhP5NOAF34tkBsUKsx7p1xXHrXFLzUwf3M5Yy9xIDiEkM26 9EoVFQcMfyIBluy+OHwNTSoaDk5urTP5IN5mJrrg3gF7gcUORDu2B6IMRGAfPCNsznZs vojqX1v9uB9lpLe+4H5tCeWBPbRLkpgHJC2Z0= Received: by 10.14.120.74 with SMTP id o50mr706834eeh.18.1328992601910; Sat, 11 Feb 2012 12:36:41 -0800 (PST) Received: from [192.168.10.10] ([86.120.82.165]) by mx.google.com with ESMTPS id o49sm39630710eeb.7.2012.02.11.12.36.40 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 11 Feb 2012 12:36:41 -0800 (PST) Message-ID: <4F36D157.3060908@gmail.com> Date: Sat, 11 Feb 2012 22:36:39 +0200 From: Adrian Minta User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 MIME-Version: 1.0 To: freebsd-net@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: MPD5 L2TP question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2012 20:36:43 -0000 On 02/11/12 21:18, Michael Sierchio wrote: > I'm trying to use mpd5 to build an L2TP server. It generally works as > expected, except I cannot figure out how to push the route to an > attached network to the PPP client. If I manually add a route on the > client (to the ppp0 interface), things work as expected. This won't > work for deploying this to users, though. Make a nice app with a big colorful icon, that brings up the session and then add the route.