From owner-freebsd-net@freebsd.org Sun Dec 27 15:03:03 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B418A5273C;
Sun, 27 Dec 2015 15:03:03 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "vps1.elischer.org",
Issuer "CA Cert Signing Authority" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 438B61E29;
Sun, 27 Dec 2015 15:03:02 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local
(ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125])
(authenticated bits=0)
by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBRF2l0F020269
(version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Sun, 27 Dec 2015 07:02:50 -0800 (PST)
(envelope-from julian@freebsd.org)
Subject: Re: ipsec tunnel and vnet jails: routing, howto?
To: Michael Grimm <trashcan@ellael.org>, freebsd-jail@freebsd.org,
freebsd-net@freebsd.org
References: <E105CD2A-042C-42E6-9AD0-A24C22F6C37E@ellael.org>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <567FFD92.2050909@freebsd.org>
Date: Sun, 27 Dec 2015 23:02:42 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <E105CD2A-042C-42E6-9AD0-A24C22F6C37E@ellael.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2015 15:03:03 -0000
On 27/12/2015 4:24 AM, Michael Grimm wrote:
> Hi,
>
> I am currently stuck, somehow, and I do need your input. Thus, let me explain, what I do want to achieve:
>
> I do have two servers connected via an ipsec/tunnel ...
> [A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B]
> … which is sending all traffic destined for dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the tunnel, and vice versa.
>
> That did run perfectly well during the last years until I decided to give VNET jails a try. Previously, some of my old fashioned jails got an IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach that address from the remote server without any routing/re-directing or alike, necessary. Now, after having moved those jails to VNET jails (having those addresses bound to their epairXXb interfaces), I cannot reach those addresses within those jails any longer.
>
> >From my point of view and understanding this must have to do with lack of proper routing, but I am not sure, if that is correct, thus my questions to the experts:
>
> 1) Is my assumption correct, that my tunnel is "ending" after having passed my firewalls at each server, *bevor* decrypting its ESP traffic into its final destination (yes, I do have pf rules to allow for esp traffic to pass my outer internet facing interface)?
>
> 2) If that is true, racoon has to decide where to deliver those packets, finally?
>
> 3) If that is true, I do have an issue with routing that *cannot* be solved by pf firewall rules, right?
>
> 4) If that is true, what do I have to look for? What am I missing? How can I route incoming and finally decrypted traffic to its final destination within a VNET jail?
>
> 5) Do I need to look for a completely different approach? Every hint is highly welcome.
basically you have to treat the jails as if they are totally separate
machines that are reached through the vpn endpoints instead of being
the endpoints themselves.
This will require a different setup. for example your tunnel will
need to be exactly that a tunnel and not just an encapsulation. And
you will need full routing information for the other end at each end.
>
> Thanks in advance and with kind regards,
> Michael
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>
From owner-freebsd-net@freebsd.org Sun Dec 27 15:19:01 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id D15A8A52B9A
for <freebsd-net@mailman.ysv.freebsd.org>;
Sun, 27 Dec 2015 15:19:01 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id C176915E1
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:19:01 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFJ1Pt058175
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:19:01 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with
some multiport card and mother board combinations
Date: Sun, 27 Dec 2015 15:19:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: DUPLICATE
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields:
Message-ID: <bug-188899-2472-BliHzjRoKT@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2015 15:19:01 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899
--- Comment #14 from commit-hook@freebsd.org ---
A commit references this bug:
Author: marius
Date: Sun Dec 27 15:18:01 UTC 2015
New revision: 292775
URL: https://svnweb.freebsd.org/changeset/base/292775
Log:
MFC: r286785, r291088, r291120
- Reformat x86 bounce buffer synchronization code to reduce indentation.
No functional change.
- Avoid a NULL pointer dereference in bounce_bus_dmamap_sync() when the
map has been created via bounce_bus_dmamem_alloc(). Even for coherent
DMA - which bus_dmamem_alloc(9) typically is used for -, calling of
bus_dmamap_sync(9) isn't optional. [1]
- Avoid a NULL pointer dereference in bounce_bus_dmamap_unload() when
the map has been created via bounce_bus_dmamem_alloc(). In that case
bus_dmamap_unload(9) typically isn't called during normal operation
but still should be during detach, cleanup from failed attach etc. [2]
PR: 188899 (non-original problem) [1]
Submitted by: yongari [2]
Changes:
_U stable/10/
stable/10/sys/x86/x86/busdma_bounce.c
--=20
You are receiving this mail because:
You are the assignee for the bug.=
From owner-freebsd-net@freebsd.org Sun Dec 27 15:20:28 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76560A52C55
for <freebsd-net@mailman.ysv.freebsd.org>;
Sun, 27 Dec 2015 15:20:28 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 6667D1759
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:20:28 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFKSZx060255
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:20:28 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with
some multiport card and mother board combinations
Date: Sun, 27 Dec 2015 15:20:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: koobs@FreeBSD.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: DUPLICATE
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10+
X-Bugzilla-Changed-Fields: flagtypes.name
Message-ID: <bug-188899-2472-r2fzRnhKMt@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2015 15:20:28 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899
Kubilay Kocak <koobs@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |mfc-stable10+
--=20
You are receiving this mail because:
You are the assignee for the bug.=
From owner-freebsd-net@freebsd.org Sun Dec 27 15:56:09 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EBDEA53A84
for <freebsd-net@mailman.ysv.freebsd.org>;
Sun, 27 Dec 2015 15:56:09 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id F26501D35
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:56:08 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBRFu8Hh034080
for <freebsd-net@FreeBSD.org>; Sun, 27 Dec 2015 15:56:08 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 188899] [cas] cas ethernet driver seems to have issues with
some multiport card and mother board combinations
Date: Sun, 27 Dec 2015 15:56:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.0-RELEASE
X-Bugzilla-Keywords:
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: Closed
X-Bugzilla-Resolution: DUPLICATE
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: mfc-stable10+
X-Bugzilla-Changed-Fields:
Message-ID: <bug-188899-2472-9GFGzOqa9P@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-188899-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2015 15:56:09 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D188899
--- Comment #15 from commit-hook@freebsd.org ---
A commit references this bug:
Author: marius
Date: Sun Dec 27 15:55:15 UTC 2015
New revision: 292778
URL: https://svnweb.freebsd.org/changeset/base/292778
Log:
MFC: r286785, r291088, r291120
- Reformat x86 bounce buffer synchronization code to reduce indentation.
No functional change.
- Avoid a NULL pointer dereference in bounce_bus_dmamap_sync() when the
map has been created via bounce_bus_dmamem_alloc(). Even for coherent
DMA - which bus_dmamem_alloc(9) typically is used for -, calling of
bus_dmamap_sync(9) isn't optional. [1]
- Avoid a NULL pointer dereference in bounce_bus_dmamap_unload() when
the map has been created via bounce_bus_dmamem_alloc(). In that case
bus_dmamap_unload(9) typically isn't called during normal operation
but still should be during detach, cleanup from failed attach etc. [2]
PR: 188899 (non-original problem) [1]
Submitted by: yongari [2]
Changes:
_U stable/9/sys/
stable/9/sys/x86/x86/busdma_machdep.c
--=20
You are receiving this mail because:
You are the assignee for the bug.=
From owner-freebsd-net@freebsd.org Sun Dec 27 18:14:59 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 025B3A5220F;
Sun, 27 Dec 2015 18:14:59 +0000 (UTC)
(envelope-from trashcan@ellael.org)
Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net
[IPv6:2001:41d0:d:3049:1:1:0:1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id C5B3F1F29;
Sun, 27 Dec 2015 18:14:58 +0000 (UTC)
(envelope-from trashcan@ellael.org)
Received: from [IPv6:2003:45:486d:1001:7955:a47e:6e0f:8a19]
(p20030045486D10017955A47E6E0F8A19.dip0.t-ipconnect.de
[IPv6:2003:45:486d:1001:7955:a47e:6e0f:8a19])
by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 3pT9CC6YCVz9W0;
Sun, 27 Dec 2015 19:14:47 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Re: ipsec tunnel and vnet jails: routing, howto?
From: Michael Grimm <trashcan@ellael.org>
In-Reply-To: <567FFD92.2050909@freebsd.org>
Date: Sun, 27 Dec 2015 19:14:44 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <6BC88EA5-D440-418B-88D8-3C90EFF177E5@ellael.org>
References: <E105CD2A-042C-42E6-9AD0-A24C22F6C37E@ellael.org>
<567FFD92.2050909@freebsd.org>
To: freebsd-jail@freebsd.org,
freebsd-net@freebsd.org
X-Virus-Scanned: clamav-milter 0.99 at mail
X-Virus-Status: Clean
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2015 18:14:59 -0000
Julian Elischer <julian@freebsd.org> wrote:
>=20
> On 27/12/2015 4:24 AM, Michael Grimm wrote:
>> I am currently stuck, somehow, and I do need your input. Thus, let me =
explain, what I do want to achieve:
>>=20
>> I do have two servers connected via an ipsec/tunnel ...
>> [A] dead:beef:1234:abcd::1 <=E2=80=94> dead:feed:abcd:1234::1 =
[B]
>> =E2=80=A6 which is sending all traffic destined for =
dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the =
tunnel, and vice versa.
>>=20
>> That did run perfectly well during the last years until I decided to =
give VNET jails a try. Previously, some of my old fashioned jails got an =
IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach =
that address from the remote server without any routing/re-directing or =
alike, necessary. Now, after having moved those jails to VNET jails =
(having those addresses bound to their epairXXb interfaces), I cannot =
reach those addresses within those jails any longer.
>>=20
>> >=46rom my point of view and understanding this must have to do with =
lack of proper routing, but I am not sure, if that is correct, thus my =
questions to the experts:
>>=20
>> 1) Is my assumption correct, that my tunnel is "ending" after having =
passed my firewalls at each server, *bevor* decrypting its ESP traffic =
into its final destination (yes, I do have pf rules to allow for esp =
traffic to pass my outer internet facing interface)?
>>=20
>> 2) If that is true, racoon has to decide where to deliver those =
packets, finally?
>>=20
>> 3) If that is true, I do have an issue with routing that *cannot* be =
solved by pf firewall rules, right?
>>=20
>> 4) If that is true, what do I have to look for? What am I missing? =
How can I route incoming and finally decrypted traffic to its final =
destination within a VNET jail?
>>=20
>> 5) Do I need to look for a completely different approach? Every hint =
is highly welcome.
>=20
> basically you have to treat the jails as if they are totally separate =
machines that are reached through the vpn endpoints instead of being the =
endpoints themselves.
> This will require a different setup. for example your tunnel will =
need to be exactly that a tunnel and not just an encapsulation. And you =
will need full routing information for the other end at each end.
Thanks for your input. In the meantime I got it running, somehow. The =
"somehow" refers to: I am not sure if that's the way its supposed to be.
What I did (I do only show the part of host [A], the other host is =
configured accordingly):
1. ipsec/tunnel between [A] dead:beef:1234:abcd::1 <=E2=80=94> =
dead:feed:abcd:1234::1 [B]
/path-to-racoon/setkey.conf:
spdadd dead:beef:1234:abcd::/56 dead:feed:abcd:1234:1:2::3 any =
-P out ipsec =
esp/tunnel/dead:beef:1234:abcd::1-dead:feed:abcd:1234::1/require;=20
spdadd dead:feed:abcd:1234::/56 dead:beef:1234:abcd:1:2::3 any =
-P in ipsec =
esp/tunnel/dead:feed:abcd:1234::1-dead:beef:1234:abcd::1/require;
2. routing at [A]:
/etc/rc.conf:
ipv6_static_routes=3D"jail1"=20
# that's for the route from host system [A] into jail1 with IPv6 =
address of fd00:ffff:ffff:ffff:aaaa::1
=E2=80=94> ipv6_route_mail=3D"-host dead:beef:1234:abcd:1:2::3 =
-host fd00:ffff:ffff:ffff:aaaa::1"
=20
/etc/jail.conf:
#
# host dependent global settings
#
$ip6prefix =3D "dead:beef:1234:abcd";
$ip6prefix_remote_host =3D "dead:feed:abcd:1234";
#
# global jail settings
#
host.hostname =3D "${name}";
path =3D "/usr/home/jails/${name}";
mount.fstab =3D "/etc/fstab.${name}";
exec.consolelog =3D =
"/var/log/jail_${name}_console.log";
vnet =3D "new";
vnet.interface =3D "epair${jailID}b";
exec.clean;
mount.devfs;
persist;
#
# network settings to apply/destroy during start/stop of every =
jail
#
exec.prestart =3D "sleep 2";
exec.prestart +=3D "ifconfig epair${jailID} create =
up";
exec.prestart +=3D "ifconfig bridge0 addm =
epair${jailID}a";
exec.start =3D "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start +=3D "/sbin/ifconfig epair${jailID}b =
inet ${ip4_addr}";
exec.start +=3D "/sbin/ifconfig epair${jailID}b =
inet6 ${ip6_addr}";
exec.start +=3D "/sbin/route add default -gateway =
10.x.x.254";
exec.start +=3D "/sbin/route add -inet6 default =
-gateway fd00:ffff:ffff:ffff:aaaa::254";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.poststop =3D "ifconfig epair${jailID}a destroy";
#
# individual jail settings
#
mail {
$jailID =3D 1;
$ip4_addr =3D 10.x.x.1;
$ip6_addr =3D fd00:ffff:ffff:ffff:aaaa::1/64;
exec.start +=3D "/sbin/ifconfig epair${jailID}b =
inet6 ${ip6prefix}:1:2::3/56 alias";
=E2=80=94> # that's for the route to remote host =
dead:feed:abcd:1234:1:2::3 at tunnel end point [B] out of jail1
exec.start +=3D "/sbin/route add -6 =
${ip6prefix_remote_host}:1:2::3 fd00:ffff:ffff:ffff:aaaa::254";
exec.start +=3D "/bin/sh /etc/rc";
}
That is working well, after racoon has established the tunnel.=20
*But* unlikely what I have observed before, the very first contact to =
the remote server's [B] jail out of a jail at [A] doesn't trigger racoon =
to establish the tunnel. Before, that happened instantaneously, but now =
I do need to to some "tricks" with ping6s and/or restarting racoon at =
the host system. I haven't found out yet what the cause is =E2=80=A6 I =
am sure that I need to learn much more regarding routing. Every feedback =
is highly welcome.
Thanks and regards,
Michael
From owner-freebsd-net@freebsd.org Mon Dec 28 17:17:43 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68C1DA53D12
for <freebsd-net@mailman.ysv.freebsd.org>;
Mon, 28 Dec 2015 17:17:43 +0000 (UTC)
(envelope-from bugzilla-noreply@FreeBSD.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 60C4B1E4A
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 17:17:43 +0000 (UTC)
(envelope-from bugzilla-noreply@FreeBSD.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBSHHDFA000173
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 17:17:43 GMT
(envelope-from bugzilla-noreply@FreeBSD.org)
Message-Id: <201512281717.tBSHHDFA000173@kenobi.freebsd.org>
From: bugzilla-noreply@FreeBSD.org
To: freebsd-net@FreeBSD.org
Subject: Problem reports for freebsd-net@FreeBSD.org that need special
attention
Date: Mon, 28 Dec 2015 17:17:43 +0000
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 17:17:43 -0000
To view an individual PR, use:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.
Status | Bug Id | Description
------------+-----------+---------------------------------------------------
In Progress | 203422 | mpd/ppoe not working with re(4) with revision 285
New | 203175 | Daily kernel crashes in tcp_twclose <Address 0x1
New | 203922 | The kern.ipc.acceptqueue limit is too low
New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi
New | 205169 | 10.2-RELEASE panic on boot if autobridge with wla
Open | 194515 | Fatal Trap 12 Kernel with vimage
Open | 199136 | [if_tap] Added down_on_close sysctl variable to t
Open | 201694 | 10.2-BETA2 crashing when killing VIMAGE/VNET jail
8 problems total for which you should take action.
From owner-freebsd-net@freebsd.org Mon Dec 28 18:31:11 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6250A52808
for <freebsd-net@mailman.ysv.freebsd.org>;
Mon, 28 Dec 2015 18:31:11 +0000 (UTC)
(envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9537D1D96
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 18:31:11 +0000 (UTC)
(envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from amavis-ori.ijs.si (localhost [IPv6:::1])
by mail.ijs.si (Postfix) with ESMTP id 3pTnWb1bBXz1H2
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 19:31:07 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h=
user-agent:message-id:organization:subject:subject:from:from
:date:date:content-transfer-encoding:content-type:content-type
:mime-version:received:received:received:received; s=jakla4; t=
1451327464; x=1453919465; bh=F2R36cm3B5p50ixNEO2x+6YBJvVodfTeMeO
QGLh+fsQ=; b=lkUzSUZR4xChydkynqPNOgi9as2lGlk0leKU37tmhHd7XjO8Xum
v87rbImtTj2j69MLeJb0K7BETb6/S+Axg7qx1m0aW8qMfDPnbaNjApiT3WTLfU4+
MvidWJEceCgSl/sbGynbTV2WZg+31VsfClWUsx+Ov/Ey9oSaVdquMx1I=
X-Virus-Scanned: amavisd-new at ijs.si
Received: from mail.ijs.si ([IPv6:::1])
by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026)
with LMTP id 7BTBmxYvSPxA for <freebsd-net@freebsd.org>;
Mon, 28 Dec 2015 19:31:04 +0100 (CET)
Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
by mail.ijs.si (Postfix) with ESMTP id 3pTnWX5PKzz1H1
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 19:31:04 +0100 (CET)
Received: from nabiralnik.ijs.si (nabiralnik.ijs.si
[IPv6:2001:1470:ff80::80:16])
by mildred.ijs.si (Postfix) with ESMTP id 3pTnWX3C3Pzh4
for <freebsd-net@FreeBSD.org>; Mon, 28 Dec 2015 19:31:04 +0100 (CET)
Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91)
by nabiralnik.ijs.si
with HTTP (HTTP/1.1 POST); Mon, 28 Dec 2015 19:31:04 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 28 Dec 2015 19:31:04 +0100
From: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To: freebsd-net@FreeBSD.org
Subject: CARP IP address and jails
Organization: Jozef Stefan Institute
Message-ID: <67f945a70d620ea4ce0c29d0a297545d@mailbox.ijs.si>
X-Sender: Mark.Martinec+freebsd@ijs.si
User-Agent: Roundcube Webmail/1.1.3
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2015 18:31:11 -0000
Trying to set up a jail with an IP address on a VHID of an interface,
using FreeBSD 10.2.
Back in the 9.x days when CARP (Common Address Redundancy Protocol)
was implemented as a separate cloned interface, I suppose one could
create such interface in a host and delegate it to jail(8), which
could then automatically assign a jail's IP address alias to it.
Now with FreeBSD 10 I cannot see how jail(8) could assign a
jail's configured IP address alias to an interface under a
given VHID. As far as I can tell the ip4.addr and ip6.addr
jail options can only take an interface name and an IP address,
but there is no provision to specify a VHID.
Is the jail's ip4=inherit (and ip6=inherit) now the only option
of running a jail on a CARPed IP address, allowing a jail to
have unrestricted access to all system addresses ?
Mark
From owner-freebsd-net@freebsd.org Tue Dec 29 19:24:48 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 218BDA552BD
for <freebsd-net@mailman.ysv.freebsd.org>;
Tue, 29 Dec 2015 19:24:48 +0000 (UTC)
(envelope-from chris@stankevitz.com)
Received: from mango.stankevitz.com (mango.stankevitz.com [208.79.93.194])
by mx1.freebsd.org (Postfix) with ESMTP id 1438D1D5F
for <freebsd-net@freebsd.org>; Tue, 29 Dec 2015 19:24:47 +0000 (UTC)
(envelope-from chris@stankevitz.com)
Received: from Chriss-MacBook-Pro.local (209-203-101-124.static.twtelecom.net
[209.203.101.124])
(using TLSv1.2 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mango.stankevitz.com (Postfix) with ESMTPSA id 4DDA16EBE
for <freebsd-net@freebsd.org>; Tue, 29 Dec 2015 11:16:39 -0800 (PST)
From: Chris Stankevitz <chris@stankevitz.com>
Subject: getsockopt(SO_SNDBUF) and openssh/HPN
To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Message-ID: <5682DC16.9030504@stankevitz.com>
Date: Tue, 29 Dec 2015 11:16:38 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 19:24:48 -0000
Hello,
Please identify any false statements (particularly statement 7 which
accuses FreeBSD 10.1 of having a bug):
1. openssh limits the size of "the outgoing buffer" to 65KB
2. (1) limits bandwidth on high BDP links.
3. FreeBSD 10.1 supplied openssh/HPN tries to fix (2) by increasing the
size of "the outgoing buffer" to match the SO_SNDBUF capacity
4. openssh/HPN accomplishes (3) by periodically calling
getsockopt(SO_SNDBUF)
5. In FreeBSD 10.1, getsockopt(SO_SNDBUF) does not return the value set
by setsockopt(SO_SNDBUF). Instead it reports the high watermark of the
outgoing buffer.
6. (3) does nothing because of (4) and (5)
7. There is a bug in FreeBSD 10.1 networking or FreeBSD 10.1 supplied
openssh/HPN:
7a. FreeBSD bug: getsockopt(SO_SNDBUF) does not return value set by
setsockopt(SO_SNDBUF)
7b. openssh/HPN bug: do not use getsockopt(SO_SNDBUF) to get the value
set by setsockopt(SO_SNDBUF) -- use something else
Original thread from August 2015:
https://www.mail-archive.com/freebsd-net@freebsd.org/msg49793.html
Thank you,
Chris
From owner-freebsd-net@freebsd.org Tue Dec 29 22:26:11 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13760A53010
for <freebsd-net@mailman.ysv.freebsd.org>;
Tue, 29 Dec 2015 22:26:11 +0000 (UTC)
(envelope-from mybsdmailing@gmail.com)
Received: from mail-ob0-x242.google.com (mail-ob0-x242.google.com
[IPv6:2607:f8b0:4003:c01::242])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id D06D41E52
for <freebsd-net@freebsd.org>; Tue, 29 Dec 2015 22:26:10 +0000 (UTC)
(envelope-from mybsdmailing@gmail.com)
Received: by mail-ob0-x242.google.com with SMTP id or18so13435901obb.3
for <freebsd-net@freebsd.org>; Tue, 29 Dec 2015 14:26:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=cKLs8tC5QSrJd7/usomjafwpKirEx3++9hU4VfM8JdY=;
b=jOZ+e5wwHaNozuEkb4O9BFJwijQwtPqG5iPr8nM8jgwhagjgLOQEhoKbu1521l41EI
uu3qz15U5SuVbErTJM5NUz9DB/Xfn3zvKlzrIsX8+xALz3EqQRxoEJWYPOmOsnHqg9Vy
qjDDeBiGdc6wn5J49KvKU9q7pWipGG0DAU82squV9AEisRDmt9CgB6AjjWhqwcdWbFog
xghxRhIUIp/w7p4rEeAJ4C5ALNTXapu98VBFbrrXgrWWBGb63C/6NiIMQE/ZvSRWyXYL
0haTfDLgGiWKWwYoJ2KHFQhbwjt8Fn4BCljrOIZXs3epVKi3ePWEY2Z5zoXxY5RKBaI6
e99Q==
MIME-Version: 1.0
X-Received: by 10.60.159.72 with SMTP id xa8mr37883539oeb.25.1451427970094;
Tue, 29 Dec 2015 14:26:10 -0800 (PST)
Received: by 10.202.177.69 with HTTP; Tue, 29 Dec 2015 14:26:10 -0800 (PST)
Date: Tue, 29 Dec 2015 16:26:10 -0600
Message-ID: <CAAN2wCD6Bdzzy=sHSww5QLR94bi52R=cDvq-sk+mo3sViFGjUQ@mail.gmail.com>
Subject: BPF Berkeley Packet Filter
From: Juan Herrera <mybsdmailing@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 22:26:11 -0000
Hello,
I have a question regarding Berkeley Packet filter, which is Can I read an
incoming packet length with BPF, I am working on a project that requires to
filter the receiving packets in the kernel before they get to userspace,
but I need to be able to read the packet length when applying BPF because I
(previously) encapsulated the packet with my own metadata before sending it
to the machine with BPF so I want to read packet length to decapsulate as I
know the value for the metadata at the end of the packet?
Thank you in advance!
From owner-freebsd-net@freebsd.org Wed Dec 30 01:53:16 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFEF7A56CC7
for <freebsd-net@mailman.ysv.freebsd.org>;
Wed, 30 Dec 2015 01:53:16 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id B15AC1D43
for <freebsd-net@FreeBSD.org>; Wed, 30 Dec 2015 01:53:16 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBU1rGLf042748
for <freebsd-net@FreeBSD.org>; Wed, 30 Dec 2015 01:53:16 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 205706] Watchdog timeout on em driver under heavy traffic on a
bridge configuration
Date: Wed, 30 Dec 2015 01:53:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: IntelNetworking
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution:
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: assigned_to keywords
Message-ID: <bug-205706-2472-In1VzJ7Vul@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-205706-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-205706-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 01:53:16 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205706
Mark Linimon <linimon@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org
Keywords| |IntelNetworking
--=20
You are receiving this mail because:
You are the assignee for the bug.=
From owner-freebsd-net@freebsd.org Wed Dec 30 04:22:22 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79CEBA55B1F
for <freebsd-net@mailman.ysv.freebsd.org>;
Wed, 30 Dec 2015 04:22:22 +0000 (UTC)
(envelope-from mybsdmailing@gmail.com)
Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com
[IPv6:2607:f8b0:4003:c06::244])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(Client CN "smtp.gmail.com",
Issuer "Google Internet Authority G2" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 497E31AC6
for <freebsd-net@freebsd.org>; Wed, 30 Dec 2015 04:22:22 +0000 (UTC)
(envelope-from mybsdmailing@gmail.com)
Received: by mail-oi0-x244.google.com with SMTP id o124so18565226oia.3
for <freebsd-net@freebsd.org>; Tue, 29 Dec 2015 20:22:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=FoMiyz2agraBNPq/Gaw4VCA2b5MNwZ4nrPvY2HNhaQ4=;
b=UXnsfM8jJQMi2hwOQHNmc+OG/+30d5nMYu4hcA7Sfwh6gwj11QScl/3lT8CNcc8rwG
vx/TZsuYTFLysXH1SiXpvQMBtgOPcwmGcFAisvME9EkVRWIFF77wlGEhEFKt7K/vlded
urcp91cL2JaRDR5Vc4pIdX8dghEHc8gHU3+lcwoS3dejPNf1P5FqV2F5L+pEJueexRTq
F/reyvUfJrFhSifjFVmqhDEHF5yp0HrER1MgzJK04qv0/+MLfl7iholPB81kpLJP8anE
gdl8GPHa3W52Orc8+oE/2MO7NXofBygbvAcPlgBP3i/AuYA3PZiyXaAbAFxM0Mbm4HqL
oIGA==
MIME-Version: 1.0
X-Received: by 10.202.79.5 with SMTP id d5mr33689855oib.121.1451449341504;
Tue, 29 Dec 2015 20:22:21 -0800 (PST)
Received: by 10.202.177.69 with HTTP; Tue, 29 Dec 2015 20:22:21 -0800 (PST)
Date: Tue, 29 Dec 2015 22:22:21 -0600
Message-ID: <CAAN2wCCpbivX6B3xCt4wFCw_6eOQ40nquVJf+z-8RRVyUFa7mA@mail.gmail.com>
Subject: BPF Berkeley Packet Filter
From: Juan Herrera <mybsdmailing@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 04:22:22 -0000
Hello BSD folks,
I am developing a networking application in C and I have a question
regarding BPF (Berkeley Packet Filters),
I will give you an idea of the app first, I need to send a packet from
machine A to machine B (any kind of packet) so for this I wrote a packet
generator application which will send a packet to machine B, but before
sending the packet I need to append some metadata values at the end of the
packet, already done, so in machine B I have a raw socket listener app
ready to receive incoming packets from machine A, however I want to
implement filtering with BPF on machine B, but as my metadata was appended
at the end of the packet (have to be at the end), I need to read the packet
length with(using) Berkeley Packet Filter to match a specific field to
filter one of the bytes at the end of my packet (metadata appended), in
other words I need to know the incoming packet length to filtered against
one of the metadatas fields and be able to drop the packet before reaching
user space applications(drop it in kernel space).
So my question is, Can I use BPF to read the packet length to do what I
want?
Thank you in advance!
Happy Holidays!
From owner-freebsd-net@freebsd.org Wed Dec 30 08:43:33 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F634A55477
for <freebsd-net@mailman.ysv.freebsd.org>;
Wed, 30 Dec 2015 08:43:33 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "vps1.elischer.org",
Issuer "CA Cert Signing Authority" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id F32171E9F
for <freebsd-net@freebsd.org>; Wed, 30 Dec 2015 08:43:32 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local
(ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125])
(authenticated bits=0)
by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBU8hMUH033256
(version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Wed, 30 Dec 2015 00:43:25 -0800 (PST)
(envelope-from julian@freebsd.org)
Subject: Re: BPF Berkeley Packet Filter
To: Juan Herrera <mybsdmailing@gmail.com>, freebsd-net@freebsd.org
References: <CAAN2wCD6Bdzzy=sHSww5QLR94bi52R=cDvq-sk+mo3sViFGjUQ@mail.gmail.com>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <56839925.5030907@freebsd.org>
Date: Wed, 30 Dec 2015 16:43:17 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <CAAN2wCD6Bdzzy=sHSww5QLR94bi52R=cDvq-sk+mo3sViFGjUQ@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 08:43:33 -0000
On 30/12/2015 6:26 AM, Juan Herrera wrote:
> Hello,
>
> I have a question regarding Berkeley Packet filter, which is Can I read an
> incoming packet length with BPF, I am working on a project that requires to
> filter the receiving packets in the kernel before they get to userspace,
> but I need to be able to read the packet length when applying BPF because I
> (previously) encapsulated the packet with my own metadata before sending it
> to the machine with BPF so I want to read packet length to decapsulate as I
> know the value for the metadata at the end of the packet?
https://www.freebsd.org/cgi/man.cgi?bpf%284%29
should show you what you need.
there is a structure prepended to the packet that includes the
original length.
or do you want to know the length BEFORE reading it?
or do you want your filter to know the length?
what do you mean by "applying BPF"?
>
>
> Thank you in advance!
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
From owner-freebsd-net@freebsd.org Wed Dec 30 08:46:49 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF180A55692
for <freebsd-net@mailman.ysv.freebsd.org>;
Wed, 30 Dec 2015 08:46:49 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "vps1.elischer.org",
Issuer "CA Cert Signing Authority" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id AEF011F93
for <freebsd-net@freebsd.org>; Wed, 30 Dec 2015 08:46:49 +0000 (UTC)
(envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local
(ppp121-45-250-125.lns20.per4.internode.on.net [121.45.250.125])
(authenticated bits=0)
by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBU8kjbG033279
(version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Wed, 30 Dec 2015 00:46:47 -0800 (PST)
(envelope-from julian@freebsd.org)
Subject: Re: BPF Berkeley Packet Filter
To: Juan Herrera <mybsdmailing@gmail.com>, freebsd-net@freebsd.org
References: <CAAN2wCCpbivX6B3xCt4wFCw_6eOQ40nquVJf+z-8RRVyUFa7mA@mail.gmail.com>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <568399EF.2090409@freebsd.org>
Date: Wed, 30 Dec 2015 16:46:39 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <CAAN2wCCpbivX6B3xCt4wFCw_6eOQ40nquVJf+z-8RRVyUFa7mA@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 08:46:49 -0000
On 30/12/2015 12:22 PM, Juan Herrera wrote:
> Hello BSD folks,
>
> I am developing a networking application in C and I have a question
> regarding BPF (Berkeley Packet Filters),
> I will give you an idea of the app first, I need to send a packet from
> machine A to machine B (any kind of packet) so for this I wrote a packet
> generator application which will send a packet to machine B, but before
> sending the packet I need to append some metadata values at the end of the
> packet, already done, so in machine B I have a raw socket listener app
> ready to receive incoming packets from machine A, however I want to
> implement filtering with BPF on machine B, but as my metadata was appended
> at the end of the packet (have to be at the end), I need to read the packet
> length with(using) Berkeley Packet Filter to match a specific field to
> filter one of the bytes at the end of my packet (metadata appended), in
> other words I need to know the incoming packet length to filtered against
> one of the metadatas fields and be able to drop the packet before reaching
> user space applications(drop it in kernel space).
>
> So my question is, Can I use BPF to read the packet length to do what I
> want?
you mean can you use a bpf filter to act upon a trailer?
yes you can
look at the man page for BPF_LD and BPF_LEN
>
> Thank you in advance!
>
> Happy Holidays!
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
From owner-freebsd-net@freebsd.org Wed Dec 30 23:27:28 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9441A564C1;
Wed, 30 Dec 2015 23:27:28 +0000 (UTC)
(envelope-from trashcan@ellael.org)
Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [91.121.41.56])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 9B35E1646;
Wed, 30 Dec 2015 23:27:28 +0000 (UTC)
(envelope-from trashcan@ellael.org)
From: Michael Grimm <trashcan@ellael.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: How to define outgoing IP address? Needed to route local traffic
through IPSEC tunnel.
Message-Id: <D40A24B1-3B04-4F7D-BE30-B590B08C7E5D@ellael.org>
Date: Thu, 31 Dec 2015 00:27:18 +0100
To: freebsd-net@FreeBSD.org, freebsd-questions <freebsd-questions@freebsd.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
X-Virus-Scanned: clamav-milter 0.99 at mail
X-Virus-Status: Clean
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 23:27:28 -0000
Hi =E2=80=94
Is there a way to set the default outgoing IPv6 address of a network =
interface? To my understanding the IPv6 address is used that is bound to =
the interface by ifconfig_IFNAME_ipv6, right?
I need to route all my traffic to a remote server via an IPSEC tunnel =
(racoon) that has a setkey.conf as follows:
spdadd fd00:1234:1234:1234::/64 fd00:abcd:abcd:abcd::/64 any -P =
out ipsec =
esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd fd00:abcd:abcd:abcd::/64 fd00:1234:1234:1234::/64 any -P =
in ipsec =
esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
I can use that tunnel from my jails because they have addresses from the =
fd00:1234:1234:1234::/64 or fd00:abcd:abcd:abcd::/64 address space bound =
to their epairXb interfaces. But, my hosts have addresses from =
2001:dead:beaf:aaaa::/56 or 2001:dead:beaf:bbbb::/56 respectively. And, =
here my tunnel won't work.
I did try to set a local address to ifconfig_IFNAME_ipv6, though. But =
then the host is working, but the jails are failing to route through the =
tunnel.
I did try to add to my setkey.conf:
spdadd 2001:dead:beaf:aaaa::/56 fd00:abcd:abcd:abcd::/64 any -P =
out ipsec =
esp/tunnel/2001:dead:beaf:aaaa::a-2001:dead:beaf:bbbb::a/require;
spdadd 2001:dead:beaf:bbbb::/56 fd00:1234:1234:1234::/64 any -P =
in ipsec =
esp/tunnel/2001:dead:beaf:bbbb::a-2001:dead:beaf:aaaa::a/require;
But that doesn't work either.
Every help is highly welcome and thanks in advance.
Regards,
Michael
From owner-freebsd-net@freebsd.org Thu Dec 31 02:07:36 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CF84A56ED7
for <freebsd-net@mailman.ysv.freebsd.org>;
Thu, 31 Dec 2015 02:07:36 +0000 (UTC)
(envelope-from richard@ifservices.org)
Received: from vps80.socalwebsites.com (vps80.socalwebsites.com
[216.121.71.185])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id B163D1C18
for <freebsd-net@freebsd.org>; Thu, 31 Dec 2015 02:07:34 +0000 (UTC)
(envelope-from richard@ifservices.org)
Received: from [37.139.50.116] (port=2166 helo=xiiovquig)
by vps80.socalwebsites.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.86) (envelope-from <richard@ifservices.org>)
id 1aESe7-0005FU-VG; Wed, 30 Dec 2015 18:07:20 -0800
Message-ID: <8287316269BD87A4787D3480B4F3BF99@ifservices.org>
From: "LUXURY WATCHES" <richard@ifservices.org>
To: <freebsd-net@freebsd.org>, <boatbuilder@avanthon.com>,
<registration@ekc2013.org>, <hurds@citadel.edu>, <mgibson@trotwood.org>,
<bpataky2@lhup.edu>, <ieralcordoba@ieral.org>
Subject: Best watches in the world. Super present. Christmas sale!
Date: Thu, 31 Dec 2015 04:59:32 +0400
MIME-Version: 1.0
X-SoCal-Websites-MailScanner-Information: Please contact the ISP for more
information
X-SoCal-Websites-MailScanner-ID: 1aESe7-0005FU-VG
X-SoCal-Websites-MailScanner: Not scanned: please contact your Internet E-Mail
Service Provider for details
X-SoCal-Websites-MailScanner-SpamCheck:
X-SoCal-Websites-MailScanner-From: richard@ifservices.org
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps80.socalwebsites.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ifservices.org
X-Get-Message-Sender-Via: vps80.socalwebsites.com: authenticated_id:
richard@ifservices.org
X-Authenticated-Sender: vps80.socalwebsites.com: richard@ifservices.org
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 02:07:36 -0000
=A0Order watches, bags, jewelry- http://goo.gl/k2jqkR
lzln mz dbc dme a b
hzz kjtdh mirh cer nr cv
bbg lgylc re lsxvq erksd wcf
hj mwghq vnkq ws pg pe
do wpw seupy d bms xbtwj
jp cfqtw iucs jpt z kara
gn n xfo hwi el migt
fts jddfa mnqno oeniv g myda
dad f eqap nmko g h
uc jj cvkhm dfkrz rp y
ty woro gts tgdux lkl f
k pv f za qdjdn zyyvw
srp uft oa d eabkd vawu
bbtio zy eo ik uwuh urep
wf rfudw kvtr hnqlr l xkbth
poo fdlgf o am d gso
ddc wof co lofs zp qrs
zaw urcnz lee sxdkm xxn lm
zy khxr kpqy smwek m bithd
zlsk im pbqo whdke e xnrcl
caeid bgnqb oh p urr ggl
rdsd dfotn b i ux dlsf
bssp x j j yhoo ejgg
apf o rbf f rjhfm g
wzxmp wvfsx wlbs ff h f
oddmq gu zbpd tejvl bk pdg
clyo uzwzh gvu zo lw dihw
q szjf jpw x y glo
kr sjchl qq mm hsjs cbhmy
jse rsx q sima mmk pnkrw
ffnx bzpe blz i fql uahkq
zaiwr ru t qfr jkykr deov
bo i a ct tdyhu fdj
g q msf k ux yaxev
aq ikunr cek p e ddwg
jncgb ch lgh u xss gm
aoyyj ixz egiv i djt ist
emvon ibnth jmwb x s b
jakmw bzun ygsq ugh e ih
c hdsmy x koua vxc wirmj
ej ug u f hrun hwtec
pjmcg ulmj bbde lv vnq r
lfzgn bpxj a hjsza gv el
onpiw qwjnz rbdw mudx a lioun
r afxjr h zcoy hctbi dm
a v cv ft kih cwb
vdb zwkcq xfsry lniw yo kr
cla ojyy kkjj cjndp mguh xq
d lnpz ahntf s kd wez
a j dilo x idxxq al
qftvg y vsewi pcj fcx kb
jxjlu l wgyd ibv pjw wvdv
qfwk tpcti j p orc yo
s lhw gak r ruxsd itbfx
From owner-freebsd-net@freebsd.org Thu Dec 31 15:34:48 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 865D5A5767B
for <freebsd-net@mailman.ysv.freebsd.org>;
Thu, 31 Dec 2015 15:34:48 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 76A66178B
for <freebsd-net@FreeBSD.org>; Thu, 31 Dec 2015 15:34:48 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBVFYgjF081360
for <freebsd-net@FreeBSD.org>; Thu, 31 Dec 2015 15:34:48 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration
Date: Thu, 31 Dec 2015 15:34:43 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: conf
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: feature, patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: feld@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution:
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: gnn@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields:
Message-ID: <bug-128030-2472-7wmI7x1sGm@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-128030-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-128030-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 15:34:48 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030
--- Comment #17 from Mark Felder <feld@FreeBSD.org> ---
(In reply to Nick B from comment #16)
I suspect we won't see it MFC to 10.x unless the performance impact is deem=
ed
acceptable. It's supposedly minor, but the further improvements to make IPS=
EC
have a negligible penalty likely cannot be MFC'd to 10.x.
gnn should have more details as he was involved in the actual analysis of t=
he
impact.
--=20
You are receiving this mail because:
You are on the CC list for the bug.=
From owner-freebsd-net@freebsd.org Thu Dec 31 19:59:03 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEB2DA57A62
for <freebsd-net@mailman.ysv.freebsd.org>;
Thu, 31 Dec 2015 19:59:03 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
[IPv6:2001:1900:2254:206a::16:76])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id CF19113D8
for <freebsd-net@FreeBSD.org>; Thu, 31 Dec 2015 19:59:03 +0000 (UTC)
(envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBVJwwSq041946
for <freebsd-net@FreeBSD.org>; Thu, 31 Dec 2015 19:59:03 GMT
(envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration
Date: Thu, 31 Dec 2015 19:58:58 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: conf
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: feature, patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: nicblais@clkroot.net
X-Bugzilla-Status: Open
X-Bugzilla-Resolution:
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: gnn@FreeBSD.org
X-Bugzilla-Flags: mfc-stable9? mfc-stable10?
X-Bugzilla-Changed-Fields:
Message-ID: <bug-128030-2472-CED4BFY1uu@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-128030-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-128030-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 19:59:04 -0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030
--- Comment #18 from Nick B <nicblais@clkroot.net> ---
(In reply to Mark Felder from comment #17)
Mark, appreciate your response on this. That said, it is very impractical =
to
have to compile a new kernel in order to have IPSEC support, a feature Free=
BSD
in 2015 (and now 2016) should support natively without hassle.=20=20
Is there no way to have it enabled in kernel, but disabled by default in a
sysctl OID of some kind if there is a performance hit? That way, the user
could just turn on the IPSEC network code via sysctl. Also, what kind of h=
it
are we talking on a modern server?
--=20
You are receiving this mail because:
You are on the CC list for the bug.=
From owner-freebsd-net@freebsd.org Thu Dec 31 21:01:17 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA220A570F8
for <freebsd-net@mailman.ysv.freebsd.org>;
Thu, 31 Dec 2015 21:01:17 +0000 (UTC)
(envelope-from daemon-user@freebsd.org)
Received: from phabric-backend.rbsd.freebsd.org (unknown
[IPv6:2607:fc50:2000:101::1bb:73])
by mx1.freebsd.org (Postfix) with ESMTP id D5F7C1A37
for <freebsd-net@freebsd.org>; Thu, 31 Dec 2015 21:01:17 +0000 (UTC)
(envelope-from daemon-user@freebsd.org)
Received: by phabric-backend.rbsd.freebsd.org (Postfix, from userid 1346)
id D2D8F331E0FF; Thu, 31 Dec 2015 21:01:17 +0000 (UTC)
Date: Thu, 31 Dec 2015 21:01:17 +0000
To: freebsd-net@freebsd.org
From: "mmoll (Michael Moll)" <phabric-noreply@FreeBSD.org>
Reply-to: D1944+325+8925873bdc96dfc2@reviews.freebsd.org
Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes
Message-ID: <7edf9d19ab50ddd44c140cee57185686@localhost.localdomain>
X-Priority: 3
X-Phabricator-Sent-This-Message: Yes
X-Mail-Transport-Agent: MetaMTA
X-Auto-Response-Suppress: All
X-Phabricator-Mail-Tags: <differential-comment>
Thread-Topic: D1944: PF and VIMAGE fixes
X-Herald-Rules: none
X-Phabricator-To: <PHID-USER-cc3fb6vejhnh7xhqtpkr>
X-Phabricator-To: <PHID-USER-ug3kdqciycpghwfscl6v>
X-Phabricator-To: <PHID-USER-d4twv4w2hsoq7prc6boa>
X-Phabricator-To: <PHID-USER-ejqqvwsrqxen3vd3xete>
X-Phabricator-To: <PHID-USER-sfbxp2cksgub2ywlvupr>
X-Phabricator-To: <PHID-USER-wsgmn2xibp2yi52xz6fn>
X-Phabricator-To: <PHID-USER-2q5asccazp7ohcpzdm6o>
X-Phabricator-To: <PHID-USER-ogl2udicsobdviqdulu3>
X-Phabricator-To: <PHID-USER-fap6rlbm354nurn2trrm>
X-Phabricator-Cc: <PHID-USER-mn3yvl63s5htra6shaq6>
X-Phabricator-Cc: <PHID-USER-4o7cgpdmpw4gs3l6mool>
X-Phabricator-Cc: <PHID-USER-odydowamvpays7n7qddl>
X-Phabricator-Cc: <PHID-USER-mhzsgq7klbzjcspjzvus>
X-Phabricator-Cc: <PHID-USER-hvftay72cq6umfijkhnv>
X-Phabricator-Cc: <PHID-USER-6ps3unnxvniqcn5kdjn5>
X-Phabricator-Cc: <PHID-USER-nq3ekgbv4mp4q2raw2n7>
X-Phabricator-Cc: <PHID-USER-dyyyzfp34mimhzvg33tk>
Precedence: bulk
In-Reply-To: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
References: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFaFl50=
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 21:01:18 -0000
mmoll added a comment.
Nikos, could you have a look into PR 205743?
REVISION DETAIL
https://reviews.freebsd.org/D1944
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri
Cc: mmoll, javier_ovi_yahoo.com, farrokhi, julian, robak, freebsd-virtualization-list, freebsd-pf-list, freebsd-net-list
From owner-freebsd-net@freebsd.org Fri Jan 1 11:42:56 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5126A54177
for <freebsd-net@mailman.ysv.freebsd.org>;
Fri, 1 Jan 2016 11:42:56 +0000 (UTC)
(envelope-from h.rezaee@ideatech.io)
Received: from mail.ideatech.io (mail.ideatech.io [104.131.120.36])
by mx1.freebsd.org (Postfix) with ESMTP id C19551118
for <freebsd-net@freebsd.org>; Fri, 1 Jan 2016 11:42:56 +0000 (UTC)
(envelope-from h.rezaee@ideatech.io)
Received: from hadi-pc.my.domain (unknown [83.121.0.83])
by mail.ideatech.io (Postfix) with ESMTPSA id 2AD21112815
for <freebsd-net@freebsd.org>; Fri, 1 Jan 2016 06:33:47 -0500 (EST)
To: freebsd-net@freebsd.org
From: Hadi Rezaee <h.rezaee@ideatech.io>
Subject: pcap and processing packets
X-Enigmail-Draft-Status: N1110
Message-ID: <56866415.6080303@ideatech.io>
Date: Fri, 1 Jan 2016 15:03:41 +0330
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101
Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2016 11:42:57 -0000
Hello everybody,
I'm about writing a packet filter using libpcap .. I just have two
theoretical question that I hope to get them answered here.
1)
Let say, I've initialed pcap on my ethernet nic using "pcap_open_live"
(in non-blocking-mode) and "pcap_dispatch". lets assume that the user
callback function (for dispatch) is implemented in not optimal manner
that takes for example 5 seconds to finish processing each packet. I
want to know what will happen to ongoing incoming packets ?! are they
getting buffered or queued somewhere in OS ? or they just get simply
dropped ?
2)
When i initial pcap with pcap_open_live, and I set "to_ms"
(read-timeout) parameter to zero .. I cannot catch a thing ! it has to
be more than zero to work .. Is it normal behavior ?
Thanks,
--
Hadi Rezaee
+98 912 1403571
IdeaTech.io