From owner-freebsd-net@freebsd.org Sun Jan 7 04:38:30 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 743CAE67851 for ; Sun, 7 Jan 2018 04:38:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B8D975CEB for ; Sun, 7 Jan 2018 04:38:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 50CE218BE0 for ; Sun, 7 Jan 2018 04:38:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w074cU0N016829 for ; Sun, 7 Jan 2018 04:38:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w074cU2F016827 for freebsd-net@FreeBSD.org; Sun, 7 Jan 2018 04:38:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 224961] VLAN ID 0 Not Supported Date: Sun, 07 Jan 2018 04:38:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 04:38:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 7 05:25:42 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 004DCE69B46 for ; Sun, 7 Jan 2018 05:25:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD25277312 for ; Sun, 7 Jan 2018 05:25:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8AB0B192BD for ; Sun, 7 Jan 2018 05:25:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w075Pf9E034457 for ; Sun, 7 Jan 2018 05:25:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w075Pf35034456 for freebsd-net@FreeBSD.org; Sun, 7 Jan 2018 05:25:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 224961] VLAN ID 0 Not Supported Date: Sun, 07 Jan 2018 05:25:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: reshadpatuck1@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 05:25:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961 Reshad Patuck changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |reshadpatuck1@gmail.com --- Comment #1 from Reshad Patuck --- (In reply to johnllyon from comment #0) I believe netgraph with ng_vlan can do this. I have not tested with vlan id 0 but I do remember it giving me finer contr= ol of VLANs than the if_vlan implementation. I used it when I had to separate vlan traffic in such a way that tagged tra= ffic could no longer be seen on the physical interface. You can use the example on the ng_vlan man page and set up with vlan id 0. This creates a virtual interface named ngeth which should have the traffic = you want. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 7 14:31:01 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2EDDE6FBDB for ; Sun, 7 Jan 2018 14:31:01 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1E5687C8 for ; Sun, 7 Jan 2018 14:30:59 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39907587 for freebsd-net@freebsd.org; Sun, 07 Jan 2018 20:26:09 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w07EUtXK045380 for ; Sun, 7 Jan 2018 21:30:57 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w07EUpoZ045377 for freebsd-net@freebsd.org; Sun, 7 Jan 2018 21:30:51 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Sun, 7 Jan 2018 21:30:51 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Quasi-enterprise WiFi network Message-ID: <20180107143051.GA44962@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 14:31:01 -0000 Colleagues, I'm trying to setup a quasi-enterprise WiFi network for mobile devices. This will be a solution for a public library with the only requirement that guest users should get personal credentials for WiFi access from a librarian (not a shared PSK for everyone). The library has a FreeBSD router with FreeRADIUS3, and several TP-Link APs which support "Enterprise WiFi" and can be RADIUS clients. The point is I don't want to require customers to install X.509 certificates on their mobile devices, the network setup should be simple and transparent for the customer. I don't care if some Evil Hacker impersonates my quasi-enterprise network and collects all the passwords, so I really need no certificates to authenticate the network to customers. The only condition is that each customer has a personal login/password which expires daily (any RADIUS server can expire accounts, I'm sure FreeRADIUS is no exception). I would also consider a variant with FreeBSD+hostapd as AP (instead of the TP-Link routers) if it's more feasible. Could you please point me in the right direction. Maybe I'm totally wrong and I should use a different approach altogether? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Sun Jan 7 16:58:47 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18618E75F86 for ; Sun, 7 Jan 2018 16:58:47 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 823E16E2C0 for ; Sun, 7 Jan 2018 16:58:46 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x231.google.com with SMTP id h137so9806885lfe.8 for ; Sun, 07 Jan 2018 08:58:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=8NG4NqQ+qddwvmEAL2855CbpRwxejXZIe1CJHgVJF3c=; b=dCnK+XpckcJbs4MEfRnCD0BvNImLpTgonqgXdkNs9QQITX6TZ2NaXWIICxJlbG0VE5 VCOfkNNKUE9oBveyWFh0uLPAsdNEeKcp+EEALZnEXd/bARAxHM7ojiBEHTFG0bSBlDZ+ P1RXaFoMTr7agl4P2NUJoFYGYrli8XcanTINrYpF0mQVz0HKGSvZ5j10doMzsuHUr1fM mpKZybjL0ajRV1YbM1UsLv7Zob13IIntQLvERGCj3c/FvPJKk2VL2T7qLNYb9yWiDgWj sFp3JPfoq8vzfx+ePXXZ9YEwEHx2qeO0ope96P56Elpm1ctQ0DFGVK0pnKW4xYax9wBJ kU8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=8NG4NqQ+qddwvmEAL2855CbpRwxejXZIe1CJHgVJF3c=; b=QyxWD+7ZQcbVPR/TQV7Lz7cIkM2sMBKju1PTnpkuW5ba6t8RGeEe/PCMDzQoaP5clq wYpJMRvkYbmoG06owVWp8mCRYpkGiZsRC+wtG+28JmjQbhT3kAzPK+7Lulku58BYAbEj JVuGoa/hq3xstIMeUOUmtSYXtf7UlPx/M3/8xtFxdhmCbWKrYuzHbI3JT8iA2uAqvWdj 5A8BqPwDZhy/935zz9kcs1+2MtupwUUgzrUcZR1kjBXvBHsllVsAipOz+nbEiW9aqjrc T3mFpfSDfRAPWjJ7fZeR2K5EBzbXxb33jxmyd+tIuPdgU5fKZMJpgXtvGAeyeBkgTCnJ m41w== X-Gm-Message-State: AKwxytd+xNiMcNjZXWFCv/Fuvxb/ARVOB0nUw5XMaEL9SHzIvgFMfI1N AlQnpc7BT2Xf9HA6C553C+/I1S101I4mTs8sdm2Ehw== X-Google-Smtp-Source: ACJfBov6trlTw8BFu0s5NG2DObBMSfGvL6MwusIzL0mXx6TC5fwVBLgnKg7Xy+KnjRPofldijxERqDo9TgS2DbrkiVY= X-Received: by 10.46.126.3 with SMTP id z3mr3022357ljc.59.1515344323167; Sun, 07 Jan 2018 08:58:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 08:58:41 -0800 (PST) Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 08:58:41 -0800 (PST) From: Freddie Cash Date: Sun, 7 Jan 2018 08:58:41 -0800 Message-ID: Subject: Fwd: Re: Quasi-enterprise WiFi network To: freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 16:58:47 -0000 Dammit, forgot to include the list again. Resending ---------- Forwarded message ---------- From: fjwcash@gmail.com Date: Jan 7, 2018 8:58 AM Subject: Re: Quasi-enterprise WiFi network To: Victor Sudakov Cc: On Jan 7, 2018 6:31 AM, "Victor Sudakov" wrote: Colleagues, I'm trying to setup a quasi-enterprise WiFi network for mobile devices. This will be a solution for a public library with the only requirement that guest users should get personal credentials for WiFi access from a librarian (not a shared PSK for everyone). The library has a FreeBSD router with FreeRADIUS3, and several TP-Link APs which support "Enterprise WiFi" and can be RADIUS clients. The point is I don't want to require customers to install X.509 certificates on their mobile devices, the network setup should be simple and transparent for the customer. I don't care if some Evil Hacker impersonates my quasi-enterprise network and collects all the passwords, so I really need no certificates to authenticate the network to customers. The only condition is that each customer has a personal login/password which expires daily (any RADIUS server can expire accounts, I'm sure FreeRADIUS is no exception). I would also consider a variant with FreeBSD+hostapd as AP (instead of the TP-Link routers) if it's more feasible. Could you please point me in the right direction. Maybe I'm totally wrong and I should use a different approach altogether? You don't *need* RADIUS for this, although it may make some things easier in some setups. All you need is a separate vlan for the "guest" wireless clients to connect to, at the default gateway for that vlan to the FreeBSD machine, and use firewall rules to redirect all "new" devices to a local Apache setup (new meaning you don't know the MAC address). In Apache, you use mod_rewrite rules to change the requested URL to a local webpage where you display your rules and whatnot, along with the login page. Write this in PHP or Ruby or Python or whatever your preferred web scripting language is, connecting to whatever authentication database you want to use. Upon successful login, add the MAC address to the firewall rules (tables work well for this) to allow internet traffic. At midnight, empty that table. That's the setup we use at work (although with Linux on the wireless firewalls, using iptables and upset) to provide wireless access to guests in the schools. With this, you can even create an encrypted wireless setup, and just provide the PSK to the patrons on the same card as you provide their login info. The mod_rewrite rules are the magic that provide the captive portal detection for mobile devices so that the login page appears automatically as soon as they connect to the wireless network. I can provide those tomorrow if you want, as I can't access them from home. Cheers, Freddie From owner-freebsd-net@freebsd.org Sun Jan 7 18:04:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 963FDE78BB8 for ; Sun, 7 Jan 2018 18:04:32 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 0CA9170D8C for ; Sun, 7 Jan 2018 18:04:30 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39907671; Sun, 07 Jan 2018 23:59:40 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w07I4QMT046863; Mon, 8 Jan 2018 01:04:28 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w07I4M14046862; Mon, 8 Jan 2018 01:04:22 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 8 Jan 2018 01:04:22 +0700 From: Victor Sudakov To: Freddie Cash Cc: freebsd-net Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180107180422.GA46756@admin.sibptus.transneft.ru> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 18:04:32 -0000 Freddie Cash wrote: > > > > I'm trying to setup a quasi-enterprise WiFi network for mobile > > devices. This will be a solution for a public library with the only > > requirement that guest users should get personal credentials for WiFi > > access from a librarian (not a shared PSK for everyone). > > You don't *need* RADIUS for this, although it may make some things easier > in some setups. > > All you need is a separate vlan for the "guest" wireless clients to connect > to, at the default gateway for that vlan to the FreeBSD machine, and use > firewall rules to redirect all "new" devices to a local Apache setup (new > meaning you don't know the MAC address). > > In Apache, you use mod_rewrite rules to change the requested URL to a local > webpage where you display your rules and whatnot, along with the login What you are suggesting is essentially a hand-made captive portal. I would be grateful for your mod_rewrite rules, but this will be a last resort. AFAIK there are implementations of a captive portal in M0n0wall and pfSense. I've also seen howtos like https://www.unixmen.com/freebsd-10-1-x64-wifi-captive-portal/ But if I can, I'd try a pure WiFi solution first, of course if it exists. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Sun Jan 7 18:33:36 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2D47E7A177 for ; Sun, 7 Jan 2018 18:33:36 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 67B507283A for ; Sun, 7 Jan 2018 18:33:36 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x230.google.com with SMTP id f3so9970545lfe.4 for ; Sun, 07 Jan 2018 10:33:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jNXPiUD4W0C2I4P5sRL3ubHnWLLvsJWMCDBnF4qiKNI=; b=LSmg5dJ9ANdMngeB5GLaddNsOaMCW1b7nyFMzZoquVaNdAOZVMFoslpLnGBpTUejsq z8RA5rB2nZPdhVr6Iaru7NrbZwd0XVaUWS54O/6SQpk4/bCM5abPe02uG/rM3L1m+wAM 1LwiIYHkd/bdcP0kVkoZ92u4RvDQTaQOAEILijIJe7i6xCYobSwPzNwVrgZqSEbZfbFV 6S23AUgbYyt4c03YQzY6Rp0+jC1w7diNABsBf7sKFZZfx3XRjAq+5BrtqFzWgWSkKvCD cVVsAncemUb8dn0NPPDaal9Ws3vi7uI0E+rdQWyHv2Q4O+yZKk/Y8z9zkGgUMzZgEODB Lqbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jNXPiUD4W0C2I4P5sRL3ubHnWLLvsJWMCDBnF4qiKNI=; b=No1PGLcfKo7+xPvHOSXbrn0nTNCtXe98PrKezgCZBudSA9waRxMLgxEMlcnbfdWJOg nRWLWxQneJ6qR6hQLSMGbIK7luHEoALjnGVgqvojpC3/dQQWTwo/cEMTW5OF2DNXW7xD VTmkdzAeXQ09H73MXNMOr4r3HdACuhEf68KSMTKf4heo6Q0ldQ00krBGv/VKuyLDk3RB zrqUxHhIPAW1Zxj75CzVwttau4L1rSlja/+gLC5vWnwoh+AKvInEwHQ4BmGSGa8jdco9 hkKV8IwNcvxD/T4SVdtUvEwhV7oMyhSndVYNkfduMVZuUsPvVziMcxJs0SC4UblfDuvB IcBg== X-Gm-Message-State: AKwxytcVCM9mgYEjbZBfWCZsfBq/3vnWe4GnaKc54vWWsDTWRPAwxhLi CiW1Sjuor5LlOWvUaCZ+J+nPnIjF++SoWn1Kgz9hLw== X-Google-Smtp-Source: ACJfBouaUwPj6eWzi7+x5MerVCjXA3Lm0JZnlNufVN8QWyhx1NCVecwHsfOBgeKXFDN54DJgFRHd+B8Iz/t0A4j+bO8= X-Received: by 10.46.126.3 with SMTP id z3mr3118749ljc.59.1515350014067; Sun, 07 Jan 2018 10:33:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 10:33:33 -0800 (PST) Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 10:33:33 -0800 (PST) In-Reply-To: References: <20180107180422.GA46756@admin.sibptus.transneft.ru> From: Freddie Cash Date: Sun, 7 Jan 2018 10:33:33 -0800 Message-ID: Subject: Re: Fwd: Re: Quasi-enterprise WiFi network To: Victor Sudakov Cc: freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 18:33:37 -0000 On Jan 7, 2018 10:04 AM, "Victor Sudakov" wrote: Freddie Cash wrote: > > > > I'm trying to setup a quasi-enterprise WiFi network for mobile > > devices. This will be a solution for a public library with the only > > requirement that guest users should get personal credentials for WiFi > > access from a librarian (not a shared PSK for everyone). > > You don't *need* RADIUS for this, although it may make some things easier > in some setups. > > All you need is a separate vlan for the "guest" wireless clients to connect > to, at the default gateway for that vlan to the FreeBSD machine, and use > firewall rules to redirect all "new" devices to a local Apache setup (new > meaning you don't know the MAC address). > > In Apache, you use mod_rewrite rules to change the requested URL to a local > webpage where you display your rules and whatnot, along with the login What you are suggesting is essentially a hand-made captive portal. I would be grateful for your mod_rewrite rules, but this will be a last resort. AFAIK there are implementations of a captive portal in M0n0wall and pfSense. I've also seen howtos like https://www.unixmen.com/ freebsd-10-1-x64-wifi-captive-portal/ But if I can, I'd try a pure WiFi solution first, of course if it exists. Ah, ok, now I see what you mean by "quasi-enterprise WiFi). You are looking for a way to create an encrypted wireless connection where a username/password combo is used instead of a PSK, using something like (but not as heavy as) 802.1x. Can't help with that. We stayed down the 802.1x path, had a working RADIUS setup, but balked at all the setup that would be required on the end-user devices and abandoned it. There may be a way to do it automatically nowadays, without requiring client certs and 802.1x clients, but we haven't looked into it in over 5 years. Good luck. Hopefully someone else has more insight. :D Cheers, Freddie From owner-freebsd-net@freebsd.org Sun Jan 7 18:53:44 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6632FE7AE2B for ; Sun, 7 Jan 2018 18:53:44 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DD2ED73477 for ; Sun, 7 Jan 2018 18:53:43 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x22d.google.com with SMTP id h5so9993393lfj.2 for ; Sun, 07 Jan 2018 10:53:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=c/HqMSGxqwfA2YfVVGGiNn+YFxjArKBOkU339+7QXSc=; b=krmn8zn++hJRUYVkFf8HVSBdIySmaZAsk0HUkYWD/Q2WZu8MSDX/3OOY2bEWSeGpwB VRfxyfR369uJ8wQNatB33BIfyU1BIN/1vl4Mgtj8C8ZHS1VWigVhdAXP7Md3RX8bgMrC +X/veI6rG2BLHkpUuB99DOaydL3+MS3I2LR1tUcmFW0I5VA+rJJi5NbyFq0U5Xb9zNCU ZAuZyczCkFUkQahTR8FEYAIBRZ67mwAOS6jRJGKxuI9OrTh2WBnrMQFJnd4zq58If1QE gTnRaH+hq7WmgGv65ByIiLq9sRVqMq9D3SfOxiqqTFvQDiP32c5t5qEfTZ1J0eD1yIGS YYtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=c/HqMSGxqwfA2YfVVGGiNn+YFxjArKBOkU339+7QXSc=; b=cUrgq3GgOqH1xk1LstGf5yuBhxYP0o+NXP3OZ8BU51l+o7hjAaUvVBUCcPbEq07fR6 /DKXB7EgDn31l7ymuiRhMUGJ4lP9dynu2vjUja2j2XnCFqbweV3VW5L43W+25EB8PGyo +UBzS6p/DWgckXCqFilEy+EcayAtMGYPm24A6WREJJ9Qh2+CG7FG3TxuuzoyiA5knt9y gII0tksU7f+g8tyLuv19IiKPCQMpjboynkmJz4hmo+5qJVcYep8Yu4NkMUt5pmrd3Bnj K2kQgU5/BactFU8fxFBt2ojH4hz+7E52hhNWc7/k9ukbOqroJ96uZlGTtSxdylA2imsQ tQWw== X-Gm-Message-State: AKwxytcFXv7JsXe8nztUOzAk5ECkEdWIo2MMljolc1wI+Kn9R9Kq+xXT 7OF+yVZqL1ykVx5VFdywVATpGJ2XROPdACqcXZeZXg== X-Google-Smtp-Source: ACJfBosIjOQaBjfB5MENRr9Ani0RtIcgPmLE/q+IoqOBGENofJxLRdRfAkA1a64H9ilguzUEOkpCg2+Rh6IjA4rVUSA= X-Received: by 10.25.212.83 with SMTP id l80mr4264738lfg.83.1515351221952; Sun, 07 Jan 2018 10:53:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 10:53:41 -0800 (PST) Received: by 10.25.163.207 with HTTP; Sun, 7 Jan 2018 10:53:41 -0800 (PST) In-Reply-To: <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> From: Freddie Cash Date: Sun, 7 Jan 2018 10:53:41 -0800 Message-ID: Subject: Re: Fwd: Re: Quasi-enterprise WiFi network To: galtsev@kicp.uchicago.edu Cc: Victor Sudakov , freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 18:53:44 -0000 On Jan 7, 2018 10:40 AM, "Valeri Galtsev" wrote: On Sun, January 7, 2018 12:04 pm, Victor Sudakov wrote: > Freddie Cash wrote: >> > >> > I'm trying to setup a quasi-enterprise WiFi network for mobile >> > devices. This will be a solution for a public library with the only >> > requirement that guest users should get personal credentials for WiFi >> > access from a librarian (not a shared PSK for everyone). > >> >> You don't *need* RADIUS for this, although it may make some things >> easier >> in some setups. >> >> All you need is a separate vlan for the "guest" wireless clients to >> connect >> to, at the default gateway for that vlan to the FreeBSD machine, and use >> firewall rules to redirect all "new" devices to a local Apache setup >> (new >> meaning you don't know the MAC address). >> >> In Apache, you use mod_rewrite rules to change the requested URL to a >> local >> webpage where you display your rules and whatnot, along with the login One trouble I expect here is: if the client goes to https destination, it will complain about your local apache certificate, as the client expects next packet (SSL negotiation) to come from host it was going originally to. I've seen quite a few of similar things. "Home brew" words come to my mind, no offense intended. Even older or two WiFi setups central IT folks at big university I work for did this setup that brakes when client goes to SSL-ed URL. Next, what if client does not use web browser at all, and just attempts to ssh to external host... Of course, your mod_rewrite rules, Freddie, may help. That was an issue with our original setup that only used firewall redirect rules, without the mod_rewrite stuff. It only worked if we walked people through visiting a non-encrypted website, in order to bring up our login page. As more and more sites started defaulting to HTTPS, it became cumbersome. All mobile devices, including Windows/MacOS devices, include captive portal detection these days, where they attempt to connect to a specific set of HTTP sites after connecting to a network. The mod_rewrite rules intercept only these requests, and redirect them to the login page. The original process was: - connect to wireless network - enter wireless key - open browser and access website - get redirected to login page - login With the mod_rewrite rules, the process is just: - connect to wireless network - enter wireless key - login page appears automatically - login Cheers, Freddie From owner-freebsd-net@freebsd.org Sun Jan 7 19:12:21 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1644E7BC37 for ; Sun, 7 Jan 2018 19:12:21 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id B5F97742F7 for ; Sun, 7 Jan 2018 19:12:21 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id B599ACB8D22; Sun, 7 Jan 2018 12:40:30 -0600 (CST) Received: from 108.68.171.12 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sun, 7 Jan 2018 12:40:30 -0600 (CST) Message-ID: <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> In-Reply-To: <20180107180422.GA46756@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> Date: Sun, 7 Jan 2018 12:40:30 -0600 (CST) Subject: Re: Fwd: Re: Quasi-enterprise WiFi network From: "Valeri Galtsev" To: "Victor Sudakov" Cc: "Freddie Cash" , "freebsd-net" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 19:12:21 -0000 On Sun, January 7, 2018 12:04 pm, Victor Sudakov wrote: > Freddie Cash wrote: >> > >> > I'm trying to setup a quasi-enterprise WiFi network for mobile >> > devices. This will be a solution for a public library with the only >> > requirement that guest users should get personal credentials for WiFi >> > access from a librarian (not a shared PSK for everyone). > >> >> You don't *need* RADIUS for this, although it may make some things >> easier >> in some setups. >> >> All you need is a separate vlan for the "guest" wireless clients to >> connect >> to, at the default gateway for that vlan to the FreeBSD machine, and use >> firewall rules to redirect all "new" devices to a local Apache setup >> (new >> meaning you don't know the MAC address). >> >> In Apache, you use mod_rewrite rules to change the requested URL to a >> local >> webpage where you display your rules and whatnot, along with the login One trouble I expect here is: if the client goes to https destination, it will complain about your local apache certificate, as the client expects next packet (SSL negotiation) to come from host it was going originally to. I've seen quite a few of similar things. "Home brew" words come to my mind, no offense intended. Even older or two WiFi setups central IT folks at big university I work for did this setup that brakes when client goes to SSL-ed URL. Next, what if client does not use web browser at all, and just attempts to ssh to external host... Of course, your mod_rewrite rules, Freddie, may help. > > What you are suggesting is essentially a hand-made captive portal. I > would be grateful for your mod_rewrite rules, but this will be a last > resort. AFAIK there are implementations of a captive portal in > M0n0wall and pfSense. Thanks, Victor! Valeri > I've also seen howtos like > https://www.unixmen.com/freebsd-10-1-x64-wifi-captive-portal/ > > But if I can, I'd try a pure WiFi solution first, of course if it > exists. > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > AS43859 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-net@freebsd.org Mon Jan 8 07:13:25 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F30BE7C731 for ; Mon, 8 Jan 2018 07:13:25 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id B75A16D506 for ; Mon, 8 Jan 2018 07:13:23 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39907964; Mon, 08 Jan 2018 13:08:34 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w087DK1V052537; Mon, 8 Jan 2018 14:13:22 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w087DGtR052534; Mon, 8 Jan 2018 14:13:16 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 8 Jan 2018 14:13:16 +0700 From: Victor Sudakov To: Freddie Cash Cc: freebsd-net Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180108071316.GA52442@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 07:13:25 -0000 Freddie Cash wrote: > > > Ah, ok, now I see what you mean by "quasi-enterprise WiFi). You are looking > for a way to create an encrypted wireless connection where a > username/password combo is used instead of a PSK, using something like (but > not as heavy as) 802.1x. I don't even need an *encrypted* wireless connection, these username/login pairs are not precious, and the traffic is just Internet. Yet another problem with captive portals is that not all client applications are web browsers. I personally get very annoyed when my mobile RSS reader or some other app does not work until I visit some stupid web page. > > Can't help with that. We stayed down the 802.1x path, had a working RADIUS > setup, but balked at all the setup that would be required on the end-user > devices and abandoned it. > > There may be a way to do it automatically nowadays, without requiring > client certs and 802.1x clients, but we haven't looked into it in over 5 > years. Yes, that's what I'm looking for, without requiring client certs and 802.1x clients. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Mon Jan 8 07:20:44 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6199E7CC2F for ; Mon, 8 Jan 2018 07:20:44 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 170966D7E1 for ; Mon, 8 Jan 2018 07:20:43 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39907968; Mon, 08 Jan 2018 13:15:53 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w087Kd1X052604; Mon, 8 Jan 2018 14:20:41 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w087KZnY052603; Mon, 8 Jan 2018 14:20:35 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 8 Jan 2018 14:20:35 +0700 From: Victor Sudakov To: Freddie Cash Cc: galtsev@kicp.uchicago.edu, freebsd-net Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180108072035.GB52442@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 07:20:44 -0000 Freddie Cash wrote: > > > One trouble I expect here is: if the client goes to https destination, it > > will complain about your local apache certificate, as the client expects > > next packet (SSL negotiation) to come from host it was going originally > > to. I've seen quite a few of similar things. "Home brew" words come to my > > mind, no offense intended. Even older or two WiFi setups central IT folks > > at big university I work for did this setup that brakes when client goes > > to SSL-ed URL. Next, what if client does not use web browser at all, and > > just attempts to ssh to external host... > > > > That was an issue with our original setup that only used firewall redirect > rules, without the mod_rewrite stuff. It only worked if we walked people > through visiting a non-encrypted website, in order to bring up our login > page. As more and more sites started defaulting to HTTPS, it became > cumbersome. > > All mobile devices, including Windows/MacOS devices, include captive portal > detection these days, where they attempt to connect to a specific set of > HTTP sites after connecting to a network. The mod_rewrite rules intercept > only these requests, and redirect them to the login page. Your mod_rewrite rules are becoming more and more interesting. Please do post them. There is one more drawback however I have just thought about. If I go for a WiFi solution, I can deploy just an AP at some remote branch as a RADIUS client of the central FreeRADIUS server. If I go for a captive portal solution, I would need to install captive portals at every branch, or tunnel Internet traffic via the central hub. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Mon Jan 8 17:00:44 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE7E3E77A2B for ; Mon, 8 Jan 2018 17:00:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46BC425AA for ; Mon, 8 Jan 2018 17:00:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id D092E2BD08 for ; Mon, 8 Jan 2018 17:00:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w08H0hJ8056130 for ; Mon, 8 Jan 2018 17:00:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w08H0hch056128 for freebsd-net@FreeBSD.org; Mon, 8 Jan 2018 17:00:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 224961] VLAN ID 0 Not Supported Date: Mon, 08 Jan 2018 17:00:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: johnllyon@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 17:00:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961 --- Comment #2 from johnllyon@gmail.com --- (In reply to Reshad Patuck from comment #1) Netgraph -- I love it's power, but the documentation is frustratingly sparse regarding certain fundamental concepts. I will give ng_vlan a brief try later this week when I have some free time = to experiment. Do you know if I can attach services and assign an IP to the virtual interface created by ng_vlan? For some context, my server is recei= ving traffic tagged with VLAN 0. Services on that interface (e.g., dhcp client) don't appear to recognize the traffic because it is tagged as vlan 0 (versus being not tagged at all). So I'm trying to create an interface assigned to vlan 0 so that I my services on that interface will work. Think ng_vlan can help me do that? For some context these links describe my problem and a Linux solution to it: http://blog.0xpebbles.org/Bypassing-At-t-U-verse-hardware-NAT-table-limits https://strscrm.io/bypassing-gigapowers-provided-modem.html https://www.reddit.com/r/Ubiquiti/comments/60rfdr/transparent_proxy_for_802= 1xeap/dfcba6o/ I'm trying to create a FreeBSD equivalent solution. I've already successfu= lly duplicated the functionality of ebtables using Netgraph. I'm just stuck at= the last part because I can't assign vlan 0 to an interface (or create a virtual interface on vlan 0) to which I can move my services (e.g., DHCP client). Thanks. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 8 18:42:59 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C427E7DCD2 for ; Mon, 8 Jan 2018 18:42:59 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ECC126C377 for ; Mon, 8 Jan 2018 18:42:58 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x22b.google.com with SMTP id h137so13157362lfe.8 for ; Mon, 08 Jan 2018 10:42:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0WRkVjeOxfZ7RcQwBbcTvLx2dR6N5rxTEB2Uu7T80SE=; b=egL6AECe1uhYeJkiVWjO8CbHjckudxARs38fIihEY1zr29EUAmUkwHa+ZDRtumlaN6 xf3ZJC/53HQiTP5N5jJvduNttWnl3psiY7/CBUMJMR2kHHgusFju9Q7qE1XgyZCxsIke 7PwGOW66eMItfPLXEZbtg3IOfM5vaEbTKlQRUPCUlqi9kuEM7xlLGsRWL8aN9fwoEkSz QESKNcpHkYKzyjOgDqp8wQXRB78j1AfZ+QsR9ngMaBiSp4Ksz+cUXDYUDvfuyD9Ghq1h rL/ue2SfRResZ2MeCdmobp9DGs+GU1EsDmpilJeA3uZ5bMqGyLn5nI9hClps95kFjnga TgZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0WRkVjeOxfZ7RcQwBbcTvLx2dR6N5rxTEB2Uu7T80SE=; b=CT4uXr07Hvx7CMqr6x4Sh+cmUVAe5Qvk7yykF7MQwsZT3ClABtlsbUXd4VreiuxZiG iAAjZgT+U7FNcDQhf9dw4jst8vJbto7XQrWtVUufSBmqY8UvYhrs07OfxOLmp6mFGkvF /r7TST5VLRxDcS3jzkHKTdfsuuUX2gLiaX/JjdqeND3R3aMutz2KF9STyeHnSvrTKOXo 08HK1JCTlDxPyIEF9HCZCUwQ84xb/9DK+axJcFMKqQdBXFrDlX7CDgXCLjdbYDdKA60H mjf2sB8iXz8ueVIEI6+XFz5eCormqCpjnSDkBHWEq8kSI3K6StcB6k4Xn229Wtm6DMGu LIxg== X-Gm-Message-State: AKGB3mLyrkBL1S1y/lrkAwajxJk8ssJaxmSqFpHSk86zE+uJYGSh3mGz MjpTSRWARTmAbKbdyhHDlYLnl8q+csgLIL3Y/dS5Brpo X-Google-Smtp-Source: ACJfBos9RNZfg0VzR2HJKCz8hDmbXiPxeyvnmU11StW/PQWuk5E+UJb8b8KJd6r0OO8OKHKGlvQlhT6tRvj7UotjJfM= X-Received: by 10.25.42.68 with SMTP id f65mr5887571lfl.25.1515436976358; Mon, 08 Jan 2018 10:42:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.163.207 with HTTP; Mon, 8 Jan 2018 10:42:54 -0800 (PST) In-Reply-To: <20180108072035.GB52442@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> From: Freddie Cash Date: Mon, 8 Jan 2018 10:42:54 -0800 Message-ID: Subject: Re: Fwd: Re: Quasi-enterprise WiFi network To: Victor Sudakov Cc: galtsev@kicp.uchicago.edu, freebsd-net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 18:42:59 -0000 On Sun, Jan 7, 2018 at 11:20 PM, Victor Sudakov wrote: > Freddie Cash wrote: > > > > > One trouble I expect here is: if the client goes to https destination= , > it > > > will complain about your local apache certificate, as the client > expects > > > next packet (SSL negotiation) to come from host it was going original= ly > > > to. I've seen quite a few of similar things. "Home brew" words come t= o > my > > > mind, no offense intended. Even older or two WiFi setups central IT > folks > > > at big university I work for did this setup that brakes when client > goes > > > to SSL-ed URL. Next, what if client does not use web browser at all, > and > > > just attempts to ssh to external host... > > > > That was an issue with our original setup that only used firewall > redirect > > rules, without the mod_rewrite stuff. It only worked if we walked peopl= e > > through visiting a non-encrypted website, in order to bring up our logi= n > > page. As more and more sites started defaulting to HTTPS, it became > > cumbersome. > > > > All mobile devices, including Windows/MacOS devices, include captive > portal > > detection these days, where they attempt to connect to a specific set o= f > > HTTP sites after connecting to a network. The mod_rewrite rules interce= pt > > only these requests, and redirect them to the login page. > > Your mod_rewrite rules are becoming more and more interesting. Please > do post them. > > There is one more drawback however I have just thought about. If I go > for a WiFi solution, I can deploy just an AP at some remote branch as > a RADIUS client of the central FreeRADIUS server. > > If I go for a captive portal solution, I would need to install captive > portals at every branch, or tunnel Internet traffic via the central > hub. =E2=80=8BCorrect. As we are a school district where each school has their = own Internet connection, we try to do as much traffic blocking/shaping locally, so we have a separate wireless firewall in each school (and we use Colubris/HPe/Aruba access points as they don't tunnel traffic back to a central controller like Cisco and other gear does). That handles the captive portal, DHCP for wireless devices, etc for each school. The nice thing is that since it's all done with private addressing, the wireless firewalls are virtually identical and easy to image/replace. :) But it is one more server to manage at each site. Our setup uses the MAC address of the device simply because our public guest network setup is derived from our BYOD =E2=80=8Bnetwork setup. Our B= YOD network uses the MAC address as it's unique to the device and gets shared out to all the schools such that once a device is enabled on our BYOD network, it will work in any school. Since we had that infrastructure already in place, we just extended it to create a public guest network that grabbed the MAC from the device via the login page. It can easily be done using the IP of the device instead, to make the firewall rules easier to write on FreeBSD (MAC address rules in IPFW are ... interesting ... to write). Our firewall rules go something like: - allow all the local traffic to the wireless firewall (DHCP, DNS, NTP, HTTP) - allow Internet traffic if the MAC is in the allowed table - redirect all other traffic to Apache running on the wireless firewall - block everything else In the Apache configuration, the following mod_rewrite rules are enabled: # Captive portal stuff RewriteEngine on # Apple devices RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC] RewriteCond %{HTTP_HOST} !^10.40.0.1$ RewriteCond %{REQUEST_URI} !^/login.php [NC] RewriteRule ^(.*)$ http://10.40.0.1/index.php [L,R=3D302] # Android devices RewriteCond %{HTTP_HOST} !^10.40.0.1$ RewriteCond %{REQUEST_URI} !^/login.php [NC] RedirectMatch 302 /generate_204 http://10.40.0.1/index.php # Windows devices RewriteCond %{HTTP_HOST} !^10.40.0.1$ RewriteCond %{REQUEST_URI} !^/login.php [NC] RedirectMatch 302 /ncsi.txt http://10.40.0.1/index.php # Catch-all for everything else RewriteCond %{REQUEST_URI} !^/captive/ [NC] RewriteCond %{HTTP_HOST} !^10.40.0.1$ RewriteRule ^(.*)$ http://10.40.0.1/index.php [L] If the HTTP traffic matches the RewriteCond expression, then the destination URL is rewritten to the RewriteRule location. We exclude the server IP (!^10.40.0.1) as the login page POSTs to the server for processing. And we exclude the login page itself (!^login.php) where all the authentication is done. The index.php displays information about the network, shows the login fields, and POSTs to login.php. Let me know if you need any other information. --=20 Freddie Cash fjwcash@gmail.com From owner-freebsd-net@freebsd.org Mon Jan 8 18:46:31 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5770EE7E103 for ; Mon, 8 Jan 2018 18:46:31 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B79226C854 for ; Mon, 8 Jan 2018 18:46:30 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-lf0-x236.google.com with SMTP id h137so13168675lfe.8 for ; Mon, 08 Jan 2018 10:46:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6iOElqGwechRKv+Uh7FRTJjglfbbMPPfoNoPs3l5jkQ=; b=XvnOW7enr6p3JS2TpKLC8caFPWNw8cZP8RU9VmK9qRQV/U9YbKZfic/JQmImT3Wqmt 7Cp3tj4KW8BKPAyPZhkHmzoIkRRuZ48kyoncxB1g8w8xnxj+2l/pKhw69eX2SLLSddD9 00aG1aXwfatxMiv6ASXGWmuJuoBg7X1B8siXJau0tpS2C56EnuXdmESCgyIntIHW3zVe We75WNUFhM9iTXPWtOiEN+AVSSnNV+1U/u+oT5s0b4LQVvOtzOj0XXvUG/8IoKi7CY6v Bu6bxww/MPk75e1cUq8aZrHf5ofWb8/s0LfDp1vm0XZaOvlTRWmLEtCW8OnqWNsxKKrJ fAEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6iOElqGwechRKv+Uh7FRTJjglfbbMPPfoNoPs3l5jkQ=; b=suCrmBLgQq5VnvcqdKz2y4ePW+8gr1nQSQVcNE2D102GD6XGre8N2bS3vteD7Gj0WC gdLdhMSkaTKcHAXYQnQT28fdFskw62MqnMIabqnMyeKhfRXrIuN0RouFkSKN+5eZnqfy J1byy/9Ewp5t75hY5MAsarsQqM+BP18LcEyyp8GXAfvmcZFe4rNbSk1jfOLRIFVJLrwI UmYocVLC6Rgx8SdMyB5dR/PgLM7yAmNKLNZhhy78Y0VkdxlXGg82PLtgJtS8fVUSCFLk fhTnaUM6QXQbfQnIBncmQLwsCL0y/zg2o2UdhdOl4ExeEOGainMQuHtHAkwR9rX/yi+7 FbSg== X-Gm-Message-State: AKwxyteY546vvgfItUZvtbDDXMopuvxsB5gGJ2YddUvJjHO+3o7SC6dh dXLjMdU7TH7xA8Zx2WpGFOs8YuVnjdO2n6CLkUk= X-Google-Smtp-Source: ACJfBos4+Jln+chVKieTiLUdXPVFtUVER76sjAnV+1saC3Xb5deaI6TBny/QQ9Pza+JfdJZSszTp6dZQFbqP9pDaxYI= X-Received: by 10.25.86.17 with SMTP id k17mr6634871lfb.67.1515437188601; Mon, 08 Jan 2018 10:46:28 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.163.207 with HTTP; Mon, 8 Jan 2018 10:46:28 -0800 (PST) In-Reply-To: References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> From: Freddie Cash Date: Mon, 8 Jan 2018 10:46:28 -0800 Message-ID: Subject: Re: Fwd: Re: Quasi-enterprise WiFi network To: Victor Sudakov Cc: galtsev@kicp.uchicago.edu, freebsd-net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 18:46:31 -0000 On Mon, Jan 8, 2018 at 10:42 AM, Freddie Cash wrote: > On Sun, Jan 7, 2018 at 11:20 PM, Victor Sudakov > wrote: > >> Freddie Cash wrote: >> > >> > > One trouble I expect here is: if the client goes to https >> destination, it >> > > will complain about your local apache certificate, as the client >> expects >> > > next packet (SSL negotiation) to come from host it was going >> originally >> > > to. I've seen quite a few of similar things. "Home brew" words come >> to my >> > > mind, no offense intended. Even older or two WiFi setups central IT >> folks >> > > at big university I work for did this setup that brakes when client >> goes >> > > to SSL-ed URL. Next, what if client does not use web browser at all, >> and >> > > just attempts to ssh to external host... >> > >> > That was an issue with our original setup that only used firewall >> redirect >> > rules, without the mod_rewrite stuff. It only worked if we walked peop= le >> > through visiting a non-encrypted website, in order to bring up our log= in >> > page. As more and more sites started defaulting to HTTPS, it became >> > cumbersome. >> > >> > All mobile devices, including Windows/MacOS devices, include captive >> portal >> > detection these days, where they attempt to connect to a specific set = of >> > HTTP sites after connecting to a network. The mod_rewrite rules >> intercept >> > only these requests, and redirect them to the login page. >> >> Your mod_rewrite rules are becoming more and more interesting. Please >> do post them. >> >> There is one more drawback however I have just thought about. If I go >> for a WiFi solution, I can deploy just an AP at some remote branch as >> a RADIUS client of the central FreeRADIUS server. >> >> If I go for a captive portal solution, I would need to install captive >> portals at every branch, or tunnel Internet traffic via the central >> hub. > > > =E2=80=8BCorrect. As we are a school district where each school has thei= r own > Internet connection, we try to do as much traffic blocking/shaping locall= y, > so we have a separate wireless firewall in each school (and we use > Colubris/HPe/Aruba access points as they don't tunnel traffic back to a > central controller like Cisco and other gear does). That handles the > captive portal, DHCP for wireless devices, etc for each school. The nice > thing is that since it's all done with private addressing, the wireless > firewalls are virtually identical and easy to image/replace. :) But it = is > one more server to manage at each site. > > Our setup uses the MAC address of the device simply because our public > guest network setup is derived from our BYOD =E2=80=8Bnetwork setup. Our= BYOD > network uses the MAC address as it's unique to the device and gets shared > out to all the schools such that once a device is enabled on our BYOD > network, it will work in any school. Since we had that infrastructure > already in place, we just extended it to create a public guest network th= at > grabbed the MAC from the device via the login page. It can easily be don= e > using the IP of the device instead, to make the firewall rules easier to > write on FreeBSD (MAC address rules in IPFW are ... interesting ... to > write). > > Our firewall rules go something like: > - allow all the local traffic to the wireless firewall (DHCP, DNS, NTP, > HTTP) > - allow Internet traffic if the MAC is in the allowed table > - redirect all other traffic to Apache running on the wireless firewall > - block everything else > > In the Apache configuration, the following mod_rewrite rules are enabled: > # Captive portal stuff > RewriteEngine on > > # Apple devices > RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC] > RewriteCond %{HTTP_HOST} !^10.40.0.1$ > RewriteCond %{REQUEST_URI} !^/login.php [NC] > RewriteRule ^(.*)$ http://10.40.0.1/index.php [L,R=3D302] > > # Android devices > RewriteCond %{HTTP_HOST} !^10.40.0.1$ > RewriteCond %{REQUEST_URI} !^/login.php [NC] > RedirectMatch 302 /generate_204 http://10.40.0.1/index.php > > # Windows devices > RewriteCond %{HTTP_HOST} !^10.40.0.1$ > RewriteCond %{REQUEST_URI} !^/login.php [NC] > RedirectMatch 302 /ncsi.txt http://10.40.0.1/index.php > > # Catch-all for everything else > RewriteCond %{REQUEST_URI} !^/captive/ [NC] > RewriteCond %{HTTP_HOST} !^10.40.0.1$ > RewriteRule ^(.*)$ http://10.40.0.1/index.php [L] > > If the HTTP traffic matches the RewriteCond expression, then the > destination URL is rewritten to the RewriteRule location. We exclude the > server IP (!^10.40.0.1) as the login page POSTs to the server for > processing. And we exclude the login page itself (!^login.php) where all > the authentication is done. The index.php displays information about the > network, shows the login fields, and POSTs to login.php. > > Let me know if you need any other information. > =E2=80=8BForgot to mention that a successful login adds the MAC address of = the device to the table of allowed MACs (that way, no reloading of the firewall rules is needed and no traffic is dropped during the reload). And we have a separate cronjob that runs at midnight to clear out that table (so no devices are allowed in the morning). --=20 Freddie Cash fjwcash@gmail.com From owner-freebsd-net@freebsd.org Mon Jan 8 18:47:44 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AACCCE7E2A0 for ; Mon, 8 Jan 2018 18:47:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 443B46C9B2 for ; Mon, 8 Jan 2018 18:47:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 2006D2CC78 for ; Mon, 8 Jan 2018 18:47:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w08Ilhpp078145 for ; Mon, 8 Jan 2018 18:47:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w08IlhoN078144 for freebsd-net@FreeBSD.org; Mon, 8 Jan 2018 18:47:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 224961] VLAN ID 0 Not Supported Date: Mon, 08 Jan 2018 18:47:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 18:47:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eugen@freebsd.org --- Comment #3 from Eugene Grosbein --- (In reply to johnllyon from comment #2) Incoming ethernet frames tagged with zero vlan tag are not correct, so first operation should be conversion of such frames to standard untagged frames. ng_vlan should perform this flawlessly if configured with command like "ngc= tl msg vlan: addfilter '{ vlan=3D0 hook=3D"untagged" }' and hook "untagged" co= nnected to ng_eiface node that creates ngeth0 interface. Also, ng_vlan's "downstream" hook should be connected to ng_ether node corresponding "real" interface like em0 and its hook "lower". Then real interface passes incoming packets to ng_vlan instead of normal delivery. ng_vlan strips incorrect vlan tag and result is delivered normally as recei= ved from ngeth0. Ethernet frames received without vlan tag will be dropped by this comple sc= hema but it is possible to process them too by inserting ng_tee node into the gr= aph. ng_tee is capable of combining two streams of data into single one and pass= ing it to arbitrary next node. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 8 19:07:45 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7D17E5975F for ; Mon, 8 Jan 2018 19:07:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF6886DD36 for ; Mon, 8 Jan 2018 19:07:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C446C2CF4D for ; Mon, 8 Jan 2018 19:07:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w08J7j5J029757 for ; Mon, 8 Jan 2018 19:07:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w08J7jfu029754 for freebsd-net@FreeBSD.org; Mon, 8 Jan 2018 19:07:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 224961] VLAN ID 0 Not Supported Date: Mon, 08 Jan 2018 19:07:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: rgrimes@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 19:07:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961 Rodney W. Grimes changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rgrimes@FreeBSD.org --- Comment #4 from Rodney W. Grimes --- Be aware that vlan tag of 0 is special, it is reserved, and it is reserved = for: The reserved value 0x000 indicates that the frame does not carry a VLAN ID;= in this case, the 802.1Q tag specifies only a priority (in PCP and DEI fields)= and is referred to as a priority tag. We should be able to match and process these frames, they are standard. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 8 19:12:20 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 388EBE5A488 for ; Mon, 8 Jan 2018 19:12:20 +0000 (UTC) (envelope-from alena@salesllp.net) Received: from IND01-MA1-obe.outbound.protection.outlook.com (mail-ma1ind01on0068.outbound.protection.outlook.com [104.47.100.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 575BD6E6A9 for ; Mon, 8 Jan 2018 19:12:18 +0000 (UTC) (envelope-from alena@salesllp.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT2831389.onmicrosoft.com; s=selector1-salesllp-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wlNNryj124hphC+g3lF/844BuDddyJpML1U7nsKg7r0=; b=Mdb8linPgiC4zWyWOo00tygvncySArFPLrli6qSSQi5f1Jdvv4bVf8IUbx6I5St1IlIXDNva6j1wzPsuVf3cAUKSBEYzOtaGjZrP8ea12Ql1tG/vWeWR48L6U0wOEhfaEu6sTHE2Tqsp1Y5Hq1tNzJpIe/Qqt/eHHvSKtByCxmk= Received: from MA1PR01MB0040.INDPRD01.PROD.OUTLOOK.COM (10.164.118.144) by MA1PR01MB0038.INDPRD01.PROD.OUTLOOK.COM (10.164.118.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.386.5; Mon, 8 Jan 2018 19:12:15 +0000 Received: from MA1PR01MB0040.INDPRD01.PROD.OUTLOOK.COM ([10.164.118.144]) by MA1PR01MB0040.INDPRD01.PROD.OUTLOOK.COM ([10.164.118.144]) with mapi id 15.20.0386.009; Mon, 8 Jan 2018 19:12:15 +0000 From: Alena Seth To: "freebsd-net@freebsd.org" Subject: RE: Compliance and Risk Management Thread-Topic: Compliance and Risk Management Thread-Index: AdOEoGwLOoQgs51GR/ael7qSv0uapgEE8izA Date: Mon, 8 Jan 2018 19:11:38 +0000 Deferred-Delivery: Mon, 8 Jan 2018 19:10:00 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=alena@salesllp.net; x-originating-ip: [49.205.219.202] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MA1PR01MB0038; 7:EuQRB56PPkSc/JIP1Ic3kWuxLpqCCCoXOyHHKGsjXnuTQ4yubZRGX1QATfCgoRPvoYpZgs7iG1Lgy/7LQrSRP7lAWQ8yi4NDzC+ra9GqoqdLUHozElfrwG2ibZeIVC6sDxfkOg6StL2irtPEldeQTENQ4vNlI5mTewhUAzTxa7NfT9TMRmgqPpqWIaHDenduG+zmXJ0rZfCgdnJ+lVfq59D9YnoH3Of+8ZghAayizma6h/xpZr6HsV1Ulnp567Lj x-ms-office365-filtering-correlation-id: 88d3621d-7684-4bb0-278f-08d556cbbaed x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:MA1PR01MB0038; x-ms-traffictypediagnostic: MA1PR01MB0038: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231023)(944501075)(6041268)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(2016111802025)(6072148)(6043046)(201708071742011); SRVR:MA1PR01MB0038; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MA1PR01MB0038; x-forefront-prvs: 054642504A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39850400004)(366004)(376002)(39380400002)(396003)(189003)(199004)(51414003)(84964002)(9686003)(2351001)(105586002)(106356001)(2501003)(5660300001)(8936002)(2900100001)(3846002)(6116002)(99286004)(6666003)(3480700004)(9476002)(66066001)(5640700003)(6916009)(55016002)(478600001)(3660700001)(53946003)(77096006)(229853002)(53936002)(316002)(68736007)(97736004)(33656002)(25786009)(4743002)(14454004)(7736002)(3280700002)(7696005)(74316002)(6246003)(59450400001)(54896002)(2906002)(6506007)(81156014)(102836004)(6436002)(81166006)(6306002)(8676002)(86362001)(53546011)(202454002)(559001)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:MA1PR01MB0038; H:MA1PR01MB0040.INDPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: salesllp.net does not designate permitted sender hosts) x-microsoft-antispam-message-info: MkLbgDVdH31Ik68wHHvUVamh1jGotXj5zMKFinE/jioTHTOg+TurKIAlit7E+6t6O1nAbdPEra+2Qe/qzvmNYQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: salesllp.net X-MS-Exchange-CrossTenant-Network-Message-Id: 88d3621d-7684-4bb0-278f-08d556cbbaed X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2018 19:11:55.9426 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 13090198-6af4-4804-8825-6b1638c24a01 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA1PR01MB0038 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2018 19:12:20 -0000 Did you get a chance to review my previous mail? Please let me know when yo= u get a chance Thank you and I look forward to hearing from you Regards, Alena From: Alena Seth Sent: Wednesday, January 03, 2018 3:18 PM To: 'freebsd-net@freebsd.org' Subject: Compliance and Risk Management Hi, Would you be interested in an email leads of Compliance and Risk Management= Executives? We can help you reach out to. Title includes: ? Chief Compliance Officer ? VP Compliance ? Compliance Manager ? Compliance Officer ? Chief Risk Officer ? VP of Risk Management ? Director of Risk Management ? Risk Manager The list comes with complete contact information like Contact name, Email a= ddress, Title, Company name, Phone number, Mailing address, etc. I'd be happy to send over few sample records on your request, and set up a = time to discuss in detail. If this is not relevant to you, please reply back with your Target Market, = we have all types of target markets available. If there is someone else in your organization that I need to speak with, I'= d be grateful if you would forward this email to the appropriate contact an= d help me with the introduction. Have a great day! Regards, Alena Seth / Info Solutions If you don't wish to receive emails from us reply back with "Unsubscribe". From owner-freebsd-net@freebsd.org Tue Jan 9 07:26:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40156E69575 for ; Tue, 9 Jan 2018 07:26:53 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0558B6E097 for ; Tue, 9 Jan 2018 07:26:52 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv196.fwdcdn.com ([212.42.77.196]) by frv189.fwdcdn.com with esmtp ID 1eYo4Q-000Pc8-KG for freebsd-net@freebsd.org; Tue, 09 Jan 2018 09:11:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-Id:To: Subject:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=M6r9ZRE1fikr2ymh4Q/dBpQrwyGmHIteLDuvC13j+vQ=; b=q6bLMnjGMO47i8c6r/gsBTB6Oc UqffJB2TfoJy+5UbKofzZl12nOXGcf0OM+DtpgxNCtktKgF/f1IvM0Q77sKOLlebWfjREJH1NzOL3 yaJaZAi/UN5/vE0QTyYHt8AxIC70ShXR295oVStT7LrTnHonTf7vHur6Z8sIjnyHPH00=; Received: from [10.10.10.52] (helo=frv52.fwdcdn.com) by frv196.fwdcdn.com with smtp ID 1eYo4I-000PSM-RI for freebsd-net@freebsd.org; Tue, 09 Jan 2018 09:11:30 +0200 Date: Tue, 09 Jan 2018 09:11:30 +0200 From: wishmaster Subject: swap_pager_getswapspace(32) Error To: freebsd-net@freebsd.org, freebsd-stable X-Mailer: mail.ukr.net 5.0 Message-Id: <1515479672.203020608.2hyrh1bv@frv52.fwdcdn.com> Received: from artemrts@ukr.net by frv52.fwdcdn.com; Tue, 09 Jan 2018 09:11:30 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 07:26:53 -0000 Hi, colleagues. In December 2017 I wrote to freebsd-net@ about tons of errors in log-file Jan 5 09:49:40 server kernel: swap_pager_getswapspace(32): failed Jan 5 09:49:40 server kernel: swap_pager_getswapspace(24): failed Jan 5 09:49:40 server kernel: swap_pager_getswapspace(18): failed This errors had happened after I add netgraph rule for my IPFW ruleset. This was just ng_patch for setting TTL on OUTGOING interface. /usr/sbin/ngctl -f- <<-SEQ mkpeer ipfw: patch 100 in name ipfw:100 ttl_set msg ttl_set: setconfig { count=1 csum_flags=1 ops=[ \ { mode=1 value=128 length=1 offset=8 } ] } SEQ /sbin/ipfw add 15002 netgraph 100 ip from me to any { recv re2 or recv epair* } And I did not established the reason for this error, just netgraph rule was removed. After that, after playing with ipfw/fq_codel in VirtualBox I wanted setup it in the production. But after some hours of the work, the old error was occurred. I have 2 identical servers (ZFS mirror, VNET'ed Jails, IPFW ruleset and so on). The difference is only in CPU, amount of RAM and connection to Internet. This server uses pppoe via built-in ppp client. The second server works fine without any errors. I do not understand, is this problem is due to incorrect IPFW ruleset or something else? Without netgraph/dummynet rules I see in top -HSP a lot of processes of MySQL. But innodb_buffer_pool_size is just 2GB. Server has 16GB RAM. PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11570 106 20 0 570M 516M select 3 0:38 0.00% clamd{clamd} 11570 106 20 0 570M 516M select 1 0:00 0.00% clamd{clamd} 10612 88 20 0 2909M 451M uwait 3 0:07 0.01% mysqld{mysqld} 10612 88 20 0 2909M 451M uwait 3 0:04 0.01% mysqld{mysqld} ..... uname -a FreeBSD server 11.1-STABLE FreeBSD 11.1-STABLE #0 r325503: Tue Nov 7 13:38:44 EET 2017 wishmaster@servers:/usr/obj/usr/src/sys/MY amd64 Please help. -- Vitaly From owner-freebsd-net@freebsd.org Tue Jan 9 08:45:03 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4411DE6E696; Tue, 9 Jan 2018 08:45:03 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CCD4E71446; Tue, 9 Jan 2018 08:45:02 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w098iltu079188 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 9 Jan 2018 09:44:48 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: artemrts@ukr.net Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w098ietK023611 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 9 Jan 2018 15:44:40 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: swap_pager_getswapspace(32) Error To: wishmaster , freebsd-net@freebsd.org, freebsd-stable References: <1515479672.203020608.2hyrh1bv@frv52.fwdcdn.com> From: Eugene Grosbein Message-ID: <5A5480F4.3080404@grosbein.net> Date: Tue, 9 Jan 2018 15:44:36 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <1515479672.203020608.2hyrh1bv@frv52.fwdcdn.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 08:45:03 -0000 09.01.2018 14:11, wishmaster wrote: > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(32): failed > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(24): failed > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(18): failed [skip] This has nothing to do with netgraph, dummynet or ipfw. > Without netgraph/dummynet rules I see in top -HSP a lot of processes of MySQL. But innodb_buffer_pool_size is just 2GB. Server has 16GB RAM. > > PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND > > 11570 106 20 0 570M 516M select 3 0:38 0.00% clamd{clamd} > 11570 106 20 0 570M 516M select 1 0:00 0.00% clamd{clamd} > 10612 88 20 0 2909M 451M uwait 3 0:07 0.01% mysqld{mysqld} > 10612 88 20 0 2909M 451M uwait 3 0:04 0.01% mysqld{mysqld} > ..... > > uname -a > FreeBSD server 11.1-STABLE FreeBSD 11.1-STABLE #0 r325503: Tue Nov 7 13:38:44 EET 2017 wishmaster@servers:/usr/obj/usr/src/sys/MY amd64 Have you configured any swap partitions for the server? From owner-freebsd-net@freebsd.org Tue Jan 9 09:55:17 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60189E72D05 for ; Tue, 9 Jan 2018 09:55:17 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv191.fwdcdn.com (frv191.fwdcdn.com [212.42.77.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 22F5B7450D for ; Tue, 9 Jan 2018 09:55:16 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from [10.10.80.11] (helo=frv197.fwdcdn.com) by frv191.fwdcdn.com with esmtp ID 1eYqEd-000P9x-MJ for freebsd-net@freebsd.org; Tue, 09 Jan 2018 11:30:19 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-Id:Cc:To:Subject:From:Date:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=/zTYoDBmMfvg04Mt/QwWlvQtdeMZUmrJIuwhXz0Um68=; b=LLX8o5r3vvsIrdMT2iZ5Mo/SiU d6JkblB9tKfGq+BVs9YXJ1O1dfX/aq96oT96pqccLqp7VYJw/yrnaXnfhGQ30p9PqeDCVDj2ldUpp rUNd4rOh4Bj5MB469Eh0hZEuhc+MD+zmNw3Vsa9ENj23Fm7/I5+9XrtwTtaKJCkWcSZM=; Received: from [10.10.10.52] (helo=frv52.fwdcdn.com) by frv197.fwdcdn.com with smtp ID 1eYqEV-0006TH-If for freebsd-net@freebsd.org; Tue, 09 Jan 2018 11:30:11 +0200 Date: Tue, 09 Jan 2018 11:30:11 +0200 From: wishmaster Subject: Re[2]: swap_pager_getswapspace(32) Error To: Eugene Grosbein Cc: freebsd-net@freebsd.org, freebsd-stable X-Mailer: mail.ukr.net 5.0 Message-Id: <1515489509.866388124.tjhm60c8@frv52.fwdcdn.com> In-Reply-To: <5A5480F4.3080404@grosbein.net> References: <1515479672.203020608.2hyrh1bv@frv52.fwdcdn.com> <5A5480F4.3080404@grosbein.net> X-Reply-Action: reply Received: from artemrts@ukr.net by frv52.fwdcdn.com; Tue, 09 Jan 2018 11:30:11 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 09:55:17 -0000 Hi, Eugene. --- Original message --- From: "Eugene Grosbein" Date: 9 January 2018, 10:45:13 > 09.01.2018 14:11, wishmaster wrote: > > > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(32): failed > > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(24): failed > > Jan 5 09:49:40 server kernel: swap_pager_getswapspace(18): failed > > [skip] > > This has nothing to do with netgraph, dummynet or ipfw. Yes, you right, I think. > > > Without netgraph/dummynet rules I see in top -HSP a lot of processes of MySQL. But innodb_buffer_pool_size is just 2GB. Server has 16GB RAM. > > > > PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND > > > > 11570 106 20 0 570M 516M select 3 0:38 0.00% clamd{clamd} > > 11570 106 20 0 570M 516M select 1 0:00 0.00% clamd{clamd} > > 10612 88 20 0 2909M 451M uwait 3 0:07 0.01% mysqld{mysqld} > > 10612 88 20 0 2909M 451M uwait 3 0:04 0.01% mysqld{mysqld} > > ..... > > > > uname -a > > FreeBSD server 11.1-STABLE FreeBSD 11.1-STABLE #0 r325503: Tue Nov 7 13:38:44 EET 2017 wishmaster@servers:/usr/obj/usr/src/sys/MY amd64 > > Have you configured any swap partitions for the server? This problematic server has two HDD in mirror. Swap is about 32GB and located on each HDD. The second almost identical server has only one HDD. >From dmesg: avail memory = 16527147008 (15761 MB) GEOM_MIRROR: Device mirror/swap launched (2/2). # zpool status pool: my_zroot state: ONLINE scan: resilvered 2,19M in 0h0m with 0 errors on Wed May 17 13:14:09 2017 config: NAME STATE READ WRITE CKSUM my_zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 ada1p4 ONLINE 0 0 0 ada0p4 ONLINE 0 0 0 errors: No known data errors # swapinfo Device 1K-blocks Used Avail Capacity /dev/mirror/swap 33554428 0 33554428 0% The Capacity parameter of swapinfo is <= 2...3% even though swap_pager_getswapspace(32) is occurred. -- Vitaliy From owner-freebsd-net@freebsd.org Tue Jan 9 10:31:44 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3E01E74BFC; Tue, 9 Jan 2018 10:31:44 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A2F075B11; Tue, 9 Jan 2018 10:31:43 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w09AVYOl079989 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 9 Jan 2018 11:31:35 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: artemrts@ukr.net Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w09AVUMx054853 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 9 Jan 2018 17:31:30 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: swap_pager_getswapspace(32) Error To: wishmaster References: <1515479672.203020608.2hyrh1bv@frv52.fwdcdn.com> <5A5480F4.3080404@grosbein.net> <1515489509.866388124.tjhm60c8@frv52.fwdcdn.com> Cc: freebsd-net@freebsd.org, freebsd-stable From: Eugene Grosbein Message-ID: <5A549A03.9060906@grosbein.net> Date: Tue, 9 Jan 2018 17:31:31 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <1515489509.866388124.tjhm60c8@frv52.fwdcdn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 10:31:44 -0000 09.01.2018 16:30, wishmaster wrote: >>> Jan 5 09:49:40 server kernel: swap_pager_getswapspace(32): failed >>> Jan 5 09:49:40 server kernel: swap_pager_getswapspace(24): failed >>> Jan 5 09:49:40 server kernel: swap_pager_getswapspace(18): failed [skip] > # swapinfo > Device 1K-blocks Used Avail Capacity > /dev/mirror/swap 33554428 0 33554428 0% > > The Capacity parameter of swapinfo is <= 2...3% even though swap_pager_getswapspace(32) is occurred. Do you have any real problem with some running service like crashing/restarting processes? From owner-freebsd-net@freebsd.org Tue Jan 9 18:08:09 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72D4BE67BE2 for ; Tue, 9 Jan 2018 18:08:09 +0000 (UTC) (envelope-from David.Somayajulu@cavium.com) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0085.outbound.protection.outlook.com [104.47.34.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3517A68CFE for ; Tue, 9 Jan 2018 18:08:08 +0000 (UTC) (envelope-from David.Somayajulu@cavium.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wsaO6npT3kZU4DQFjfPtWQ1NLDnN5GW3iBbgNuBGgWU=; b=mKqXeGly/7NVEMzJj7lAX6E64ApwwE2GIJ4C5l+bFdM7Vwi6Oy0p5xvGkuUyIs8NwezDeK0x5IajFcneV/rEbGpz+6+2JCVdAvmdIQJhLeSsZVj7T0SRRpq7/Y/0pvLwE+jwbmqMtjdDqQzNpimpiQg18kG3k7rKPJ0bOjnKu6A= Received: from BY2PR07MB1474.namprd07.prod.outlook.com (10.162.76.152) by BY2PR07MB1476.namprd07.prod.outlook.com (10.162.76.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.386.5; Tue, 9 Jan 2018 18:08:06 +0000 Received: from BY2PR07MB1474.namprd07.prod.outlook.com ([10.162.76.152]) by BY2PR07MB1474.namprd07.prod.outlook.com ([10.162.76.152]) with mapi id 15.20.0386.008; Tue, 9 Jan 2018 18:08:06 +0000 From: "Somayajulu, David" To: "freebsd-net@freebsd.org" Subject: Questions on OFED in FreeBSD Thread-Topic: Questions on OFED in FreeBSD Thread-Index: AdOJc7a+98khuLNQTECXfqqy4dh8zA== Date: Tue, 9 Jan 2018 18:08:06 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=David.Somayajulu@cavium.com; x-originating-ip: [198.186.0.2] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BY2PR07MB1476; 7:I1xiTVBQHPahlRcqFcZTKkLOTvWy/NtC/G7nV5MCP5rEOeCu6ztznF7RK4qgjPC/JUK97+/1+1KIC08AD6jvOTo1KT9EbcVwdkS0jiTLA8gBkNyV7vG8LuR8jLqwjlpWdMHOvU6ZApASWFvfK9XM46hnCRlFQKe5Dxp52+7e6WvUUc53QODXhYDnCGF9Nhd4XRM78qrPRL1OwuHKKkPwd9foUNOeS/XYWZMrT9V7lp8DlsdLjQRv2TUAeADqR7f/ x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: b41d9fa5-7c64-44e6-f6a1-08d5578bef38 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:BY2PR07MB1476; x-ms-traffictypediagnostic: BY2PR07MB1476: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(8121501046)(5005006)(3231023)(944501075)(3002001)(10201501046)(93006095)(93001095)(6041268)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR07MB1476; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BY2PR07MB1476; x-forefront-prvs: 0547116B72 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(376002)(366004)(39380400002)(39860400002)(199004)(189003)(86362001)(66066001)(5660300001)(53936002)(3846002)(790700001)(6116002)(74316002)(97736004)(2900100001)(14454004)(7736002)(102836004)(2501003)(6916009)(77096006)(2906002)(6436002)(3660700001)(3280700002)(72206003)(478600001)(105586002)(8936002)(316002)(9326002)(5640700003)(7696005)(33656002)(106356001)(68736007)(9686003)(54896002)(81166006)(81156014)(6506007)(25786009)(2351001)(55016002)(8676002)(6306002)(99286004)(5630700001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR07MB1476; H:BY2PR07MB1474.namprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: joaw2CTn5R23CFfhCcP5kgS5egSJcwE+J1zPqJdo9Mj1AVctrPJ2w9I1UBKiJFB0WYMrDIbbZhZiB0Wd5TNGWA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cavium.com X-MS-Exchange-CrossTenant-Network-Message-Id: b41d9fa5-7c64-44e6-f6a1-08d5578bef38 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2018 18:08:06.6320 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR07MB1476 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 18:08:09 -0000 Hi, 1. Is RoCE v2 supported of FreeBSD 11 release or 11_stable ? 2. How does one figure out the OFED version in a FreeBSD kernel? 3. Since OFED on HEAD is synced to Linux 4.9 in kernel.org, I presume th= at it is OFED version 4.8. Am I correct ? 4. Am I correct that the OFED version on FreeBSD 11 is 1.5.3 ? 5. Are there any plans to backport OFED from HEAD to Stable_11? Thanks David S. (davidcs@freebsd.org) From owner-freebsd-net@freebsd.org Wed Jan 10 12:44:33 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BBFBE7E54F for ; Wed, 10 Jan 2018 12:44:33 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2a01:4f8:201:2327:144:76:253:226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 058AC72CD0 for ; Wed, 10 Jan 2018 12:44:32 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from [10.137.3.13] (nat2.hq.bornfiber.dk [185.96.91.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id 3553EBB145A for ; Wed, 10 Jan 2018 12:44:07 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.tyknet.dk 3553EBB145A DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1515588247; bh=9S4pqCBu2CliNtCwUsYQAkICkeT2BVq5ppSMoaCkies=; h=To:From:Subject:Date; b=PPN9mRBaerGoc/Szpaf5ZJODWmpN9RcHoUyoaUlHLCMmnby3VkP5UEdzsOEWyP0gy JaN0acWBDwX9Mc8172LpG0mXn9ci/2Ke+BQCGkqxBcLAKrwUOA7EP7hq+SL8mvJ+Ek 13puT5iNKFO6JZdl8v3Hk92eD0QvIWAiEdBBQBVELWUwddOtaXUvYG4ex+LYaBlmze 7XeDabQMWYrwJsXxdKImy5KA0Ztn8CqGg1Z99SHNGZGquGY+ky+IVFmD+74vkPc0Ip zSQdDqqcUo/0mTjayr2aSETMK/2uKR1EteEUgIxbEfp9QMRy9YU2JruUtRin29E78l 5Y9voq1trzr4g== To: freebsd-net@freebsd.org From: Thomas Steen Rasmussen Subject: Help finding a pcb id Message-ID: <84c785a2-cf14-3921-797b-6e4157566f3b@gibfest.dk> Date: Wed, 10 Jan 2018 13:43:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 12:44:33 -0000 Hello list, I have a jailhost with a busy TCP service which sometimes cannot keep up, triggering the usual "listen queue overflow" messages most of you will have seen at some point: kernel: sonewconn: pcb 0xfffff803f327a1d0: Listen queue overflow: 193 already in queue awaiting acceptance (1169 occurrences) kernel: sonewconn: pcb 0xfffff8031b131740: Listen queue overflow: 193 already in queue awaiting acceptance (1068 occurrences) These two pcb id's are repeating warnings: $ cat /var/log/messages | cut -w -f 8 | sort | uniq -c  142 0xfffff8031b131740:  483 0xfffff803f327a1d0: Through elimination I know which two listening TCP ports/services are causing the warnings. But I can't get the pcb id to match. Usually I would find the listening socket with netstat -Aan but the listening sockets causing these warnings have different pcb ids in the netstat output: fffff80319ff5000 tcp4       0      0 185.96.180.29.9091 *.*                LISTEN fffff80319e19410 tcp4       0      0 185.96.180.29.9090 *.*                LISTEN What am I missing? What is the correct way to match the pcb id from messages to a process/listening socket? Could this be because of these pf rdr rules? Does a pf rdr create a new pcb id which is "invisible" to netstat? rdr on $if inet proto tcp from any to $tor6v4 port 443 -> $tor6v4 port 9090 rdr on $if inet proto tcp from any to $tor6v4 port 80 -> $tor6v4 port 9091 On a more general note I am wondering is if it would be possible to log some more info from the socket around line 600 of sys/kern/uipc_socket.c? Local (and remote where relevant) address/port/or whatever relevant for the protocol, and perhaps also pid and jid? More info would make things a lot easier on busy jailhosts :) The cause of "listen queue overflow" messages can be almost impossible to find if the process/socket is short-lived. Thank you in advance for any input! Best regards, Thomas Steen Rasmussen From owner-freebsd-net@freebsd.org Wed Jan 10 20:50:11 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A711E76248 for ; Wed, 10 Jan 2018 20:50:11 +0000 (UTC) (envelope-from srs0=wdwo=ef=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA8C66BD19 for ; Wed, 10 Jan 2018 20:50:10 +0000 (UTC) (envelope-from srs0=wdwo=ef=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (ptr-8ripyyfv497qq1u48uq.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:2419:4e02:606a:b5aa:e4a3:a7d2]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id B25AC1715F; Wed, 10 Jan 2018 21:50:07 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1515617407; bh=vjvc1feCv4TVL7wmxefH6C7rdR/+lJA3ZnH2EN2blFg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=f07GQO4L4cfyMNfwKxZ4WTwdZMA6duVo145Cc3mjEKW3M2eT9DT5YSjkL95NJdhRi q1tZ5dGUua3lFmTj7SIKwiZchwNBi8gw5F5yhiJFo734B/VvT3htVTxvxIOpqp2Mdb G/A1NvCvkOsjDSvv5WUJOyCZMhULnKs08vu6pe1s= From: "Kristof Provost" To: "Reshad Patuck" Cc: freebsd-net@freebsd.org Subject: Re: [vnet] [epair] epair interface stops working after some time Date: Wed, 10 Jan 2018 21:50:06 +0100 X-Mailer: MailMate (2.0BETAr6102) Message-ID: <71B1A1BD-6FCF-47BB-9523-CCAAC03799A5@sigsegv.be> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2018 20:50:11 -0000 On 5 Jan 2018, at 20:54, Reshad Patuck wrote: > I have done the following on both servers to test what happens: > - Created a new epair interface epair3a and epair3b > - upped both interfaces > - given epair3a IP address 10.20.30.40/24 (I don't have this subnet > anywhere in my network) > - attempted to ping 10.20.30.50 > - checked for any packets on epair3b > On the server where epairs are working, I can see APR packets for > 10.20.30.50, but on the server where epairs are not working I cant see > any > packets on epair3b. > I can however see the arp packets on epair3a on both servers. > So epair3a was not added to the bridge and epair3b was not added to a jail? That’s interesting, because it should mean the problem is not with the bridge or jail. As it affects ARP packets it also shouldn’t be a pf problem. It might be worth unloading the pf module, just to re-confirm, but I wouldn’t expect it to make a difference. > Please let me know if there is anything I can do the debug this issue > or if > you need any other information. > Are you creating/destroying vnet jails at any point? Is there a correlation with that and the start of the epair issues? Are there any errors in `netstat -s` or `netstat -i epair3a` ? Regards, Kristof From owner-freebsd-net@freebsd.org Fri Jan 12 09:23:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58BF0E7D13F; Fri, 12 Jan 2018 09:23:32 +0000 (UTC) (envelope-from bhughes@freebsd.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 316917FAA7; Fri, 12 Jan 2018 09:23:31 +0000 (UTC) (envelope-from bhughes@freebsd.org) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id EFA7D20BB8; Fri, 12 Jan 2018 04:23:29 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Fri, 12 Jan 2018 04:23:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=t70e03tqjyV1mIKE82t/0hVNERQtS fR/GmghQQtRWCI=; b=Z1xs8mNiKIvIFaSx0T4iXjGE9ziOjE3PUaxx1/HCoNEBp 2n19epn3ZjBgCxbm5nQp3oEOVoAdIX/aHNsTObVkgPWNVVEDhxfAa18E+msOEyNw rj6eNIo0LOOeA5Q5N/L34xsAAFb4DrKujinOtCt5YOUIQXNRY7zvII5gtTZx7/o8 A1lGJVBYZRtAteuTPChyIM+qyX8d/LVFOp/zRRBaCUvI6lRSlrH4MvBH403EJcc8 IwGnI7S8MWrwuJeG/6tmuNWy4LXVzsFeji6/nAwPj5PRMqroxoHjEnW1VQx/CH1R FKg0oQ+Le8pfhCs4MVlCg0j2iGAu6Znrr/fEmH7EQ== X-ME-Sender: Received: from hayseed.lan (90.89-11-136.nextgentel.com [89.11.136.90]) by mail.messagingengine.com (Postfix) with ESMTPA id 594DE7E51F; Fri, 12 Jan 2018 04:23:29 -0500 (EST) From: "Bradley T. Hughes" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Panic with recent -CURRENT kernel in EC2 Message-Id: Date: Fri, 12 Jan 2018 10:23:27 +0100 Cc: freebsd-net@freebsd.org To: freebsd-cloud@freebsd.org X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 09:23:32 -0000 (Cross-posting to -net, but I'm not subscribed there... yet) I was wondering if anyone else has experienced this panic when dhclient = tries to get an IP address after booting a recent 12.0-CURRENT kernel? = Using the 12.0-CURRENT AMI from early November works, but with the = latest snapshot or when using a kernel built from source I get this: ixv0: mem = 0xf3000000-0xf3003fff,0xf3004000-0xf3007fff at device 3.0 on pci0 ixv0: using 2048 tx descriptors and 2048 rx descriptors ixv0: msix_init qsets capped at 1 ixv0: pxm cpus: 2 queue msgs: 2 admincnt: 1 ixv0: using 1 rx queues 1 tx queues=20 ixv0: Using MSIX interrupts with 2 vectors ixv0: allocated for 1 queues ixv0: allocated for 1 rx queues taskqgroup_attach_cpu: setaffinity failed: 22 taskqgroup_attach_cpu: setaffinity failed: 22 ixv0: Ethernet address: 0a:ad:68:70:ea:78 ixv0: netmap queues/slots: TX 1/2048, RX 1/2048 ... panic: Assertion if_getdrvflags(ifp) =3D=3D i failed at = /usr/src/sys/net/iflib.c:2199 cpuid =3D 3 time =3D 1515673176 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame = 0xfffffe008a8ee600 vpanic() at vpanic+0x19c/frame 0xfffffe008a8ee680 kassert_panic() at kassert_panic+0x126/frame 0xfffffe008a8ee6f0 iflib_init_locked() at iflib_init_locked+0x75f/frame 0xfffffe008a8ee750 iflib_if_ioctl() at iflib_if_ioctl+0x744/frame 0xfffffe008a8ee7b0 ifioctl() at ifioctl+0x1903/frame 0xfffffe008a8ee850 kern_ioctl() at kern_ioctl+0x2c4/frame 0xfffffe008a8ee8b0 sys_ioctl() at sys_ioctl+0x15c/frame 0xfffffe008a8ee980 amd64_syscall() at amd64_syscall+0x79b/frame 0xfffffe008a8eeab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe008a8eeab0 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip =3D 0x80100a4fa, rsp =3D = 0x7fffffffe408, rbp =3D 0x7fffffffe460 --- Thanks in advance :) -- Bradley T. Hughes bhughes@freebsd.org From owner-freebsd-net@freebsd.org Fri Jan 12 10:43:39 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FCA2EA4C7D for ; Fri, 12 Jan 2018 10:43:39 +0000 (UTC) (envelope-from 01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@amazonses.com) Received: from a8-26.smtp-out.amazonses.com (a8-26.smtp-out.amazonses.com [54.240.8.26]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6694B82A53 for ; Fri, 12 Jan 2018 10:43:38 +0000 (UTC) (envelope-from 01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1515753811; h=Subject:To:References:Cc:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=UzDhRL672GFAaBZr9f2/SNYeJ2+9AAa6DUIxQa6FVIk=; b=jC1sbTUI9rleiug4jDkUjGf7OixgsWFk0DXiiUcdHpwCI5hQgLmh68rOMo0Obn5Z m/wP84pH1ezzlp4KVVHZQ5K9Ula6F7Vu8RoaVabYqNqEJUMRk57LuQGsAe2/qT3riNC 5Mw831GdhoWd6klbr4HnlfoPwRxSqx5J9TPHBheU= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1515753811; h=Subject:To:References:Cc:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=UzDhRL672GFAaBZr9f2/SNYeJ2+9AAa6DUIxQa6FVIk=; b=pMjSMSqDSD7N+T8u1e88OQghP4OiJvOSn9wWIdOQw84r+o3y3k90KwX9oDgsLZ1n Sr7o8Oe35Mr+9mx4fUU8JdDuSruhtA4El3fh90pCWI2psviGPkKh1e+csddLA7wqOsl 6FN+zzf0FMocI5n8Kgha1Wuldy/LAWfnaqi3SEQA= Subject: Re: Panic with recent -CURRENT kernel in EC2 To: "Bradley T. Hughes" , freebsd-cloud@freebsd.org References: Cc: freebsd-net@freebsd.org, Eric Joyner From: Colin Percival Message-ID: <01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@email.amazonses.com> Date: Fri, 12 Jan 2018 10:43:31 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2018.01.12-54.240.8.26 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 10:43:39 -0000 This sounds like it may be related to r327031, which make ixgbe (and thus ixv) use iflib... maybe erj@ will have some ideas here? In case it helps, dhclient sets the MTU, which in the past has caused problems due to drivers resetting -- the fact that sys_ioctl is ending up in iflib_init_locked makes me wonder if this is a similar issue. (If it is, there's a locking problem somewhere...) Colin Percival On 01/12/18 01:23, Bradley T. Hughes wrote: > (Cross-posting to -net, but I'm not subscribed there... yet) > > I was wondering if anyone else has experienced this panic when dhclient tries to get an IP address after booting a recent 12.0-CURRENT kernel? Using the 12.0-CURRENT AMI from early November works, but with the latest snapshot or when using a kernel built from source I get this: > > ixv0: mem 0xf3000000-0xf3003fff,0xf3004000-0xf3007fff at device 3.0 on pci0 > ixv0: using 2048 tx descriptors and 2048 rx descriptors > ixv0: msix_init qsets capped at 1 > ixv0: pxm cpus: 2 queue msgs: 2 admincnt: 1 > ixv0: using 1 rx queues 1 tx queues > ixv0: Using MSIX interrupts with 2 vectors > ixv0: allocated for 1 queues > ixv0: allocated for 1 rx queues > taskqgroup_attach_cpu: setaffinity failed: 22 > taskqgroup_attach_cpu: setaffinity failed: 22 > ixv0: Ethernet address: 0a:ad:68:70:ea:78 > ixv0: netmap queues/slots: TX 1/2048, RX 1/2048 > ... > panic: Assertion if_getdrvflags(ifp) == i failed at /usr/src/sys/net/iflib.c:2199 > cpuid = 3 > time = 1515673176 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008a8ee600 > vpanic() at vpanic+0x19c/frame 0xfffffe008a8ee680 > kassert_panic() at kassert_panic+0x126/frame 0xfffffe008a8ee6f0 > iflib_init_locked() at iflib_init_locked+0x75f/frame 0xfffffe008a8ee750 > iflib_if_ioctl() at iflib_if_ioctl+0x744/frame 0xfffffe008a8ee7b0 > ifioctl() at ifioctl+0x1903/frame 0xfffffe008a8ee850 > kern_ioctl() at kern_ioctl+0x2c4/frame 0xfffffe008a8ee8b0 > sys_ioctl() at sys_ioctl+0x15c/frame 0xfffffe008a8ee980 > amd64_syscall() at amd64_syscall+0x79b/frame 0xfffffe008a8eeab0 > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe008a8eeab0 > --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x80100a4fa, rsp = 0x7fffffffe408, rbp = 0x7fffffffe460 --- > > Thanks in advance :) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-net@freebsd.org Fri Jan 12 13:06:25 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79715E63896 for ; Fri, 12 Jan 2018 13:06:25 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C07068B47 for ; Fri, 12 Jan 2018 13:06:24 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 31CCD20E9C for ; Fri, 12 Jan 2018 08:06:23 -0500 (EST) Received: from web1 ([10.202.2.211]) by compute7.internal (MEProxy); Fri, 12 Jan 2018 08:06:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lden.org; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=0WCCWJw2NtMYEw7gHXsXAjyA55PY1XBYR+rC4STS3Zg=; b=dREgGEjo fzVWyjC0PXptPEvB+AQ1fFa9iYiRNp8gCkmpumBjpzFa3li477ks0OZWIa7zbfDS 41TwiebL97nz7EVbui1l6Nx5RSidkg6GMVjcsDDn8n0f4n+93ajGjqRT6+UZ31Cl 1da2pUK13VUJC6gi1DK93tCsS33TfioAXTL9ll9W/ziuVPxi2EeWA0aFSc8wBnEQ ohmgu03Nzm2cRFYORtk1EfjZDVIL7EPkyiAJ6ONoKEPF5hjhIYafpXvOLAoltLlb Fvu6GSnIt7uUJOSuwiBeXhM7NBaqZw4EHBxrsLQUcIy3vZ99EGJ4GkzxHBTCy66A NzM4Nu3tZN3b1Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=0WCCWJw2NtMYEw7gHXsXAjyA55PY1 XBYR+rC4STS3Zg=; b=gqzB2T+YmlAzPPzmO8L6NKtX5eXRP1dnSDsN1BSXgAZap keKserivnrXAcpIze+c8Fh8VV6rFOijz3Myj5SbVbOoqMmmJJhh5pmXlIV6kocS7 FBd10KnsDOdr2TMnJ23xHMrkhgb3S+22VFEkjkz4a8blevxBAGmnKK5GZNZe12TP uFeOrVGvDqq891CFMHcGpUTLyAbxpOOSAwRWrero4jNs72nZuh04StUnvTsJoWK6 3r1kAgZ2r9Vr8qwl67iA9PuR7eq2RyatZZV8hoWejcX6ZA/ixsxQpbHmwI9QxgyA nDuti2VAZh5Wm8F6z7QUq2r9kHLmJ7eRAwu3N6MVQ== X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 175BD94208; Fri, 12 Jan 2018 08:06:23 -0500 (EST) Message-Id: <1515762383.1811431.1233094904.5F13453A@webmail.messagingengine.com> From: Marius Halden To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-75de3051 Subject: SFPs not working with bxe nic Date: Fri, 12 Jan 2018 14:06:23 +0100 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 13:06:25 -0000 Hi, We are having some issues with getting some CWDM optics to work with a BCM57840 (Supermicro AOC-STG-B4S) NIC. All the SFPs we have are 1000Base-lx, but we are only able to get the 1310nm ones to work. When we connect the 1310nm SFPs dmesg says they are connected with 1G speed, but ifconfig says 10Gbase-SR. When we connect any of the other SFPs we get no info in dmesg and ifconfig says no carrier if we try to bring up the interface. Do you have any suggestions for how we can try to figure out this does not work? -- Marius Halden From owner-freebsd-net@freebsd.org Fri Jan 12 16:16:21 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62BF5E6DC33; Fri, 12 Jan 2018 16:16:21 +0000 (UTC) (envelope-from jeffrey.e.pieper@intel.com) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fmsmga102.fm.intel.com", Issuer "COMODO RSA Organization Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 414E271C73; Fri, 12 Jan 2018 16:16:20 +0000 (UTC) (envelope-from jeffrey.e.pieper@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Jan 2018 08:16:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,349,1511856000"; d="scan'208";a="10755483" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga006.jf.intel.com with ESMTP; 12 Jan 2018 08:16:13 -0800 Received: from orsmsx111.amr.corp.intel.com ([169.254.12.174]) by ORSMSX109.amr.corp.intel.com ([169.254.11.160]) with mapi id 14.03.0319.002; Fri, 12 Jan 2018 08:16:12 -0800 From: "Pieper, Jeffrey E" To: Colin Percival , "Bradley T. Hughes" , "freebsd-cloud@freebsd.org" CC: "freebsd-net@freebsd.org" , Eric Joyner Subject: Re: Panic with recent -CURRENT kernel in EC2 Thread-Topic: Panic with recent -CURRENT kernel in EC2 Thread-Index: AQHTi4caKgDIaBWA90C4d85+u0sUrqNwk22A///W1QA= Date: Fri, 12 Jan 2018 16:16:12 +0000 Message-ID: <191060CB-F1F8-4E34-8191-99EB7B28597C@intel.com> References: <01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@email.amazonses.com> In-Reply-To: <01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.29.0.171205 x-originating-ip: [134.134.172.139] Content-Type: text/plain; charset="utf-8" Content-ID: <0DAB4051CA743F44984DA395EC2DA288@intel.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 16:16:21 -0000 SHJt4oCmDQoNCj4gdGFza3Fncm91cF9hdHRhY2hfY3B1OiBzZXRhZmZpbml0eSBmYWlsZWQ6IDIy DQo+IHRhc2txZ3JvdXBfYXR0YWNoX2NwdTogc2V0YWZmaW5pdHkgZmFpbGVkOiAyMg0KDQpJcyB0 aGlzIGEgZnJlc2ggc25hcHNob3Q/IFRoYXQgc2hvdWxkIGhhdmUgYmVlbiBmaXhlZCBpbiBodHRw czovL3N2bndlYi5mcmVlYnNkLm9yZy9iYXNlP3ZpZXc9cmV2aXNpb24mcmV2aXNpb249MzI3MDEz IC4gQ2FuIHlvdSBwbGVhc2UgZmlsZSBhIGJ1ZyBvbiB0aGlzPyBUaGlzIGxvb2tzIGxpa2UgYW4g aWZsaWIgaXNzdWUuIA0KDQpUaGFua3MsDQpKZWZmDQoNCk9uIDEvMTIvMTgsIDI6NDMgQU0sICJv d25lci1mcmVlYnNkLW5ldEBmcmVlYnNkLm9yZyBvbiBiZWhhbGYgb2YgQ29saW4gUGVyY2l2YWwi IDxvd25lci1mcmVlYnNkLW5ldEBmcmVlYnNkLm9yZyBvbiBiZWhhbGYgb2YgY3BlcmNpdmFAdGFy c25hcC5jb20+IHdyb3RlOg0KDQogICAgVGhpcyBzb3VuZHMgbGlrZSBpdCBtYXkgYmUgcmVsYXRl ZCB0byByMzI3MDMxLCB3aGljaCBtYWtlIGl4Z2JlIChhbmQgdGh1cyBpeHYpDQogICAgdXNlIGlm bGliLi4uIG1heWJlIGVyakAgd2lsbCBoYXZlIHNvbWUgaWRlYXMgaGVyZT8NCiAgICANCiAgICBJ biBjYXNlIGl0IGhlbHBzLCBkaGNsaWVudCBzZXRzIHRoZSBNVFUsIHdoaWNoIGluIHRoZSBwYXN0 IGhhcyBjYXVzZWQNCiAgICBwcm9ibGVtcyBkdWUgdG8gZHJpdmVycyByZXNldHRpbmcgLS0gdGhl IGZhY3QgdGhhdCBzeXNfaW9jdGwgaXMgZW5kaW5nDQogICAgdXAgaW4gaWZsaWJfaW5pdF9sb2Nr ZWQgbWFrZXMgbWUgd29uZGVyIGlmIHRoaXMgaXMgYSBzaW1pbGFyIGlzc3VlLiAgKElmDQogICAg aXQgaXMsIHRoZXJlJ3MgYSBsb2NraW5nIHByb2JsZW0gc29tZXdoZXJlLi4uKQ0KICAgIA0KICAg IENvbGluIFBlcmNpdmFsDQogICAgDQogICAgT24gMDEvMTIvMTggMDE6MjMsIEJyYWRsZXkgVC4g SHVnaGVzIHdyb3RlOg0KICAgID4gKENyb3NzLXBvc3RpbmcgdG8gLW5ldCwgYnV0IEknbSBub3Qg c3Vic2NyaWJlZCB0aGVyZS4uLiB5ZXQpDQogICAgPiANCiAgICA+IEkgd2FzIHdvbmRlcmluZyBp ZiBhbnlvbmUgZWxzZSBoYXMgZXhwZXJpZW5jZWQgdGhpcyBwYW5pYyB3aGVuIGRoY2xpZW50DQog ICAgdHJpZXMgdG8gZ2V0IGFuIElQIGFkZHJlc3MgYWZ0ZXIgYm9vdGluZyBhIHJlY2VudCAxMi4w LUNVUlJFTlQga2VybmVsPyBVc2luZw0KICAgIHRoZSAxMi4wLUNVUlJFTlQgQU1JIGZyb20gZWFy bHkgTm92ZW1iZXIgd29ya3MsIGJ1dCB3aXRoIHRoZSBsYXRlc3Qgc25hcHNob3QNCiAgICBvciB3 aGVuIHVzaW5nIGEga2VybmVsIGJ1aWx0IGZyb20gc291cmNlIEkgZ2V0IHRoaXM6DQogICAgPiAN CiAgICA+IGl4djA6IDxJbnRlbChSKSBQUk8vMTBHYkUgVmlydHVhbCBGdW5jdGlvbiBOZXR3b3Jr IERyaXZlcj4gbWVtIDB4ZjMwMDAwMDAtMHhmMzAwM2ZmZiwweGYzMDA0MDAwLTB4ZjMwMDdmZmYg YXQgZGV2aWNlIDMuMCBvbiBwY2kwDQogICAgPiBpeHYwOiB1c2luZyAyMDQ4IHR4IGRlc2NyaXB0 b3JzIGFuZCAyMDQ4IHJ4IGRlc2NyaXB0b3JzDQogICAgPiBpeHYwOiBtc2l4X2luaXQgcXNldHMg Y2FwcGVkIGF0IDENCiAgICA+IGl4djA6IHB4bSBjcHVzOiAyIHF1ZXVlIG1zZ3M6IDIgYWRtaW5j bnQ6IDENCiAgICA+IGl4djA6IHVzaW5nIDEgcnggcXVldWVzIDEgdHggcXVldWVzIA0KICAgID4g aXh2MDogVXNpbmcgTVNJWCBpbnRlcnJ1cHRzIHdpdGggMiB2ZWN0b3JzDQogICAgPiBpeHYwOiBh bGxvY2F0ZWQgZm9yIDEgcXVldWVzDQogICAgPiBpeHYwOiBhbGxvY2F0ZWQgZm9yIDEgcnggcXVl dWVzDQogICAgPiB0YXNrcWdyb3VwX2F0dGFjaF9jcHU6IHNldGFmZmluaXR5IGZhaWxlZDogMjIN CiAgICA+IHRhc2txZ3JvdXBfYXR0YWNoX2NwdTogc2V0YWZmaW5pdHkgZmFpbGVkOiAyMg0KICAg ID4gaXh2MDogRXRoZXJuZXQgYWRkcmVzczogMGE6YWQ6Njg6NzA6ZWE6NzgNCiAgICA+IGl4djA6 IG5ldG1hcCBxdWV1ZXMvc2xvdHM6IFRYIDEvMjA0OCwgUlggMS8yMDQ4DQogICAgPiAuLi4NCiAg ICA+IHBhbmljOiBBc3NlcnRpb24gaWZfZ2V0ZHJ2ZmxhZ3MoaWZwKSA9PSBpIGZhaWxlZCBhdCAv dXNyL3NyYy9zeXMvbmV0L2lmbGliLmM6MjE5OQ0KICAgID4gY3B1aWQgPSAzDQogICAgPiB0aW1l ID0gMTUxNTY3MzE3Ng0KICAgID4gS0RCOiBzdGFjayBiYWNrdHJhY2U6DQogICAgPiBkYl90cmFj ZV9zZWxmX3dyYXBwZXIoKSBhdCBkYl90cmFjZV9zZWxmX3dyYXBwZXIrMHgyYi9mcmFtZSAweGZm ZmZmZTAwOGE4ZWU2MDANCiAgICA+IHZwYW5pYygpIGF0IHZwYW5pYysweDE5Yy9mcmFtZSAweGZm ZmZmZTAwOGE4ZWU2ODANCiAgICA+IGthc3NlcnRfcGFuaWMoKSBhdCBrYXNzZXJ0X3BhbmljKzB4 MTI2L2ZyYW1lIDB4ZmZmZmZlMDA4YThlZTZmMA0KICAgID4gaWZsaWJfaW5pdF9sb2NrZWQoKSBh dCBpZmxpYl9pbml0X2xvY2tlZCsweDc1Zi9mcmFtZSAweGZmZmZmZTAwOGE4ZWU3NTANCiAgICA+ IGlmbGliX2lmX2lvY3RsKCkgYXQgaWZsaWJfaWZfaW9jdGwrMHg3NDQvZnJhbWUgMHhmZmZmZmUw MDhhOGVlN2IwDQogICAgPiBpZmlvY3RsKCkgYXQgaWZpb2N0bCsweDE5MDMvZnJhbWUgMHhmZmZm ZmUwMDhhOGVlODUwDQogICAgPiBrZXJuX2lvY3RsKCkgYXQga2Vybl9pb2N0bCsweDJjNC9mcmFt ZSAweGZmZmZmZTAwOGE4ZWU4YjANCiAgICA+IHN5c19pb2N0bCgpIGF0IHN5c19pb2N0bCsweDE1 Yy9mcmFtZSAweGZmZmZmZTAwOGE4ZWU5ODANCiAgICA+IGFtZDY0X3N5c2NhbGwoKSBhdCBhbWQ2 NF9zeXNjYWxsKzB4NzliL2ZyYW1lIDB4ZmZmZmZlMDA4YThlZWFiMA0KICAgID4gWGZhc3Rfc3lz Y2FsbCgpIGF0IFhmYXN0X3N5c2NhbGwrMHhmYi9mcmFtZSAweGZmZmZmZTAwOGE4ZWVhYjANCiAg ICA+IC0tLSBzeXNjYWxsICg1NCwgRnJlZUJTRCBFTEY2NCwgc3lzX2lvY3RsKSwgcmlwID0gMHg4 MDEwMGE0ZmEsIHJzcCA9IDB4N2ZmZmZmZmZlNDA4LCByYnAgPSAweDdmZmZmZmZmZTQ2MCAtLS0N CiAgICA+IA0KICAgID4gVGhhbmtzIGluIGFkdmFuY2UgOikNCiAgICANCiAgICAtLSANCiAgICBD b2xpbiBQZXJjaXZhbA0KICAgIFNlY3VyaXR5IE9mZmljZXIgRW1lcml0dXMsIEZyZWVCU0QgfCBU aGUgcG93ZXIgdG8gc2VydmUNCiAgICBGb3VuZGVyLCBUYXJzbmFwIHwgd3d3LnRhcnNuYXAuY29t IHwgT25saW5lIGJhY2t1cHMgZm9yIHRoZSB0cnVseSBwYXJhbm9pZA0KICAgIF9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgZnJlZWJzZC1uZXRAZnJl ZWJzZC5vcmcgbWFpbGluZyBsaXN0DQogICAgaHR0cHM6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWls bWFuL2xpc3RpbmZvL2ZyZWVic2QtbmV0DQogICAgVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1h aWwgdG8gImZyZWVic2QtbmV0LXVuc3Vic2NyaWJlQGZyZWVic2Qub3JnIg0KICAgIA0KDQo= From owner-freebsd-net@freebsd.org Fri Jan 12 17:55:03 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6E33E73008 for ; Fri, 12 Jan 2018 17:55:03 +0000 (UTC) (envelope-from michelle.stern@corporatedigiworld.com) Received: from IND01-MA1-obe.outbound.protection.outlook.com (mail-ma1ind01on0061.outbound.protection.outlook.com [104.47.100.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DE01776E5 for ; Fri, 12 Jan 2018 17:55:03 +0000 (UTC) (envelope-from michelle.stern@corporatedigiworld.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT2800955.onmicrosoft.com; s=selector1-corporatedigiworld-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dydy48QMx9QcT5d/zvr/Szn9OFEsH/AZrul3eEOaQKk=; b=jenF38drpqXEkhncZlihj6+xgH74DjK0jq9sgnU8GAt6cO4I8Rdb++Mg87nHnITYSysY26JqueW9Kif+ZXm6Pud1prLp3TPAVeNHFvMrJety/ydW0sbtSOjtsdPWODG3mM7Zx81SJ0CfljTXrkxsHE13jBXuvUHYtuXcB9z5Cww= Received: from MA1PR0101MB1927.INDPRD01.PROD.OUTLOOK.COM (52.134.143.138) by MA1PR0101MB1926.INDPRD01.PROD.OUTLOOK.COM (52.134.143.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.386.5; Fri, 12 Jan 2018 17:54:59 +0000 Received: from MA1PR0101MB1927.INDPRD01.PROD.OUTLOOK.COM ([fe80::f0a7:bcf2:ccba:2696]) by MA1PR0101MB1927.INDPRD01.PROD.OUTLOOK.COM ([fe80::f0a7:bcf2:ccba:2696%18]) with mapi id 15.20.0386.009; Fri, 12 Jan 2018 17:54:59 +0000 From: Michelle Stern To: "freebsd-net@freebsd.org" Subject: Cisco IOS Users List Thread-Topic: Cisco IOS Users List Thread-Index: AdOLzErqcBdMk5mJTvO9t7QkgFI5aw== Date: Fri, 12 Jan 2018 17:39:31 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=michelle.stern@corporatedigiworld.com; x-originating-ip: [183.82.22.5] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MA1PR0101MB1926; 7:Mb0oHHUxcP3sdPQDnQc2YUq5II26yKpYAGtqENlX9leP5VnVDaNgL3cXWpYda8FJf6ncnK+E2ZZND1u7F8p4ZCI2O0bo+iHpP65H4IMrw3S9OqNdcYCG7EHtKDN5HaR5DurmV8xXWdQ7tY1VCnWcQNOAMSHdHhxB57dZ3bQQgdCkzw03BoAUYxNEHGzXl0wzS8XHFUZtedGNXBlXxvKP9VhcnrE8hYVvo+wcYkJzMbg6+rjuFZrvvMPajZaBggG7 x-ms-office365-filtering-correlation-id: db123b0f-6e88-4f36-9bc7-08d559e598fb x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020085)(4652020)(7021115)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:MA1PR0101MB1926; x-ms-traffictypediagnostic: MA1PR0101MB1926: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231023)(944501146)(10201501046)(6041268)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:MA1PR0101MB1926; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MA1PR0101MB1926; x-forefront-prvs: 0550778858 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(366004)(346002)(376002)(39380400002)(396003)(39860400002)(199004)(189003)(790700001)(6116002)(2906002)(3846002)(3480700004)(7696005)(86362001)(236005)(54896002)(9686003)(14454004)(7520500002)(3280700002)(6506007)(6666003)(99286004)(478600001)(97736004)(66066001)(5660300001)(68736007)(53936002)(33656002)(5250100002)(316002)(4743002)(3660700001)(606006)(2351001)(6436002)(2900100001)(2501003)(6916009)(102836004)(106356001)(5630700001)(8936002)(105586002)(74316002)(9326002)(7736002)(81156014)(8676002)(25786009)(6306002)(81166006)(55016002)(5640700003)(19870200002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:MA1PR0101MB1926; H:MA1PR0101MB1927.INDPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: corporatedigiworld.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: pFvfiPfS19PCGTI+rNyJ/Jjs/USnm1l3mYk4y9tL8wrKiVbOsd+fP20f48oIHBjU6+VSo+u+WzFE3a70Qovk3g== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: corporatedigiworld.com X-MS-Exchange-CrossTenant-Network-Message-Id: db123b0f-6e88-4f36-9bc7-08d559e598fb X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2018 17:39:31.0828 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: c7204af0-2c8f-42ca-b117-921e6e07b230 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA1PR0101MB1926 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 17:55:04 -0000 Hi, I would like to know if you are interested in acquiring Cisco IOS Users List for your marketing campaigns. These are the information fields that we provide for each contacts: Names, = Title, Email, Phone, Company Name, Company URL, and Company physical addres= s, SIC Code, Industry and Company Size (Revenue and Employee). Let me know if you are interested and I will get back to you with the count= s and pricing. Regards, Michelle Stern Marketing Executive to opt out, please reply with Leave Out in the Subject Line. From owner-freebsd-net@freebsd.org Fri Jan 12 22:19:41 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA9BFE7FEAD for ; Fri, 12 Jan 2018 22:19:41 +0000 (UTC) (envelope-from 01000160ec74ed80-b5c71214-1727-4769-ab34-4fd4fe118f5a-000000@amazonses.com) Received: from a8-60.smtp-out.amazonses.com (a8-60.smtp-out.amazonses.com [54.240.8.60]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F10C83D4B for ; Fri, 12 Jan 2018 22:19:40 +0000 (UTC) (envelope-from 01000160ec74ed80-b5c71214-1727-4769-ab34-4fd4fe118f5a-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1515795574; h=Subject:To:References:Cc:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=d2FriLlhqd5YfajjPU09n+miRpyovmpCRGMWKiyIhbA=; b=Y6Q02BS7I/sOPs6aaqro1U9nQmWU+4SCGrjCHBypKxYRCsT6zZxn5NMWH3aDcKHY LsDG+UaFrF5I/Isrd5/lJbQo+7PG7vg0OhRfOsrTgqS4kh0rtKFpaqvYrSBPpcQ/ht5 iciW7oTnv9YtbRkrdJX6FHl4PtE/TLlxdilT8L94= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1515795574; h=Subject:To:References:Cc:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=d2FriLlhqd5YfajjPU09n+miRpyovmpCRGMWKiyIhbA=; b=Ec9gr+CwZZGlXituzaiJ2VW2ScLySTpb5MrXBY1J01a5E1fIPjDsPulWasdE5mmk 2p1O6gXJzNB9EfRlkhG8nc9VFJG30AGu5RX0aN/VvZ1HtdDKn1cmQFC5e4dLzPJ92mX 7uC+ESA0ZrlaaxspbDULw++b6WM6Q4M/m1+FQXz0= Subject: Re: Panic with recent -CURRENT kernel in EC2 To: "Pieper, Jeffrey E" , "Bradley T. Hughes" , "freebsd-cloud@freebsd.org" References: <01000160e9f7ae62-92937548-d46c-4687-87c0-2205119d5132-000000@email.amazonses.com> <191060CB-F1F8-4E34-8191-99EB7B28597C@intel.com> Cc: "freebsd-net@freebsd.org" , Eric Joyner From: Colin Percival Message-ID: <01000160ec74ed80-b5c71214-1727-4769-ab34-4fd4fe118f5a-000000@email.amazonses.com> Date: Fri, 12 Jan 2018 22:19:34 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <191060CB-F1F8-4E34-8191-99EB7B28597C@intel.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2018.01.12-54.240.8.60 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2018 22:19:41 -0000 On 01/12/18 08:16, Pieper, Jeffrey E wrote: > Hrm… > >> taskqgroup_attach_cpu: setaffinity failed: 22 >> taskqgroup_attach_cpu: setaffinity failed: 22 > > Is this a fresh snapshot? That should have been fixed in > https://svnweb.freebsd.org/base?view=revision&revision=327013 . Can you > please file a bug on this? This looks like an iflib issue. I can confirm that this happens with the 12.0-CURRENT r327524 snasphot (on a c4.8xlarge EC2 instance, in case it matters). Colin Percival > On 1/12/18, 2:43 AM, "owner-freebsd-net@freebsd.org on behalf of Colin Percival" wrote: > > This sounds like it may be related to r327031, which make ixgbe (and thus ixv) > use iflib... maybe erj@ will have some ideas here? > > In case it helps, dhclient sets the MTU, which in the past has caused > problems due to drivers resetting -- the fact that sys_ioctl is ending > up in iflib_init_locked makes me wonder if this is a similar issue. (If > it is, there's a locking problem somewhere...) > > Colin Percival > > On 01/12/18 01:23, Bradley T. Hughes wrote: > > (Cross-posting to -net, but I'm not subscribed there... yet) > > > > I was wondering if anyone else has experienced this panic when dhclient > tries to get an IP address after booting a recent 12.0-CURRENT kernel? Using > the 12.0-CURRENT AMI from early November works, but with the latest snapshot > or when using a kernel built from source I get this: > > > > ixv0: mem 0xf3000000-0xf3003fff,0xf3004000-0xf3007fff at device 3.0 on pci0 > > ixv0: using 2048 tx descriptors and 2048 rx descriptors > > ixv0: msix_init qsets capped at 1 > > ixv0: pxm cpus: 2 queue msgs: 2 admincnt: 1 > > ixv0: using 1 rx queues 1 tx queues > > ixv0: Using MSIX interrupts with 2 vectors > > ixv0: allocated for 1 queues > > ixv0: allocated for 1 rx queues > > taskqgroup_attach_cpu: setaffinity failed: 22 > > taskqgroup_attach_cpu: setaffinity failed: 22 > > ixv0: Ethernet address: 0a:ad:68:70:ea:78 > > ixv0: netmap queues/slots: TX 1/2048, RX 1/2048 > > ... > > panic: Assertion if_getdrvflags(ifp) == i failed at /usr/src/sys/net/iflib.c:2199 > > cpuid = 3 > > time = 1515673176 > > KDB: stack backtrace: > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008a8ee600 > > vpanic() at vpanic+0x19c/frame 0xfffffe008a8ee680 > > kassert_panic() at kassert_panic+0x126/frame 0xfffffe008a8ee6f0 > > iflib_init_locked() at iflib_init_locked+0x75f/frame 0xfffffe008a8ee750 > > iflib_if_ioctl() at iflib_if_ioctl+0x744/frame 0xfffffe008a8ee7b0 > > ifioctl() at ifioctl+0x1903/frame 0xfffffe008a8ee850 > > kern_ioctl() at kern_ioctl+0x2c4/frame 0xfffffe008a8ee8b0 > > sys_ioctl() at sys_ioctl+0x15c/frame 0xfffffe008a8ee980 > > amd64_syscall() at amd64_syscall+0x79b/frame 0xfffffe008a8eeab0 > > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe008a8eeab0 > > --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x80100a4fa, rsp = 0x7fffffffe408, rbp = 0x7fffffffe460 --- > > > > Thanks in advance :) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-net@freebsd.org Sat Jan 13 09:56:01 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2722EA63E6 for ; Sat, 13 Jan 2018 09:56:01 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 5C80B7EE5A for ; Sat, 13 Jan 2018 09:56:00 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39911818 for freebsd-net@freebsd.org; Sat, 13 Jan 2018 15:51:10 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w0D9tubS020033 for ; Sat, 13 Jan 2018 16:55:58 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w0D9tr0u020032 for freebsd-net@freebsd.org; Sat, 13 Jan 2018 16:55:53 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Sat, 13 Jan 2018 16:55:53 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180113095553.GA19901@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 09:56:02 -0000 Freddie Cash wrote: > > Let me know if you need any other information. Dear Freddie, Thanks for the rewrite rules, I've saved them for future reference. However, I went in a different direction and set up a test quasi-enterprise network with a TP-Link AP and FreeRADIUS server (net/freeradius3). I was surprised to find out that with the almost default FreeRADIUS configuration, it does work as I wanted, without installing any X.509 certificates on client devices. At least this works for Android devices: you just provide the login/password pair and you are connected. Are there any network experts willing to look at the dump of RADIUS traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? I'd like to understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc) is actually being used (and why the Android devices are readily trusting FreeRADIUS's test server certificate, I'm a bit uneasy about it). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Sat Jan 13 10:18:24 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87E52EA7539 for ; Sat, 13 Jan 2018 10:18:24 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B5AE7F9CC for ; Sat, 13 Jan 2018 10:18:24 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: by mail-yb0-x233.google.com with SMTP id a82so3801235ybg.1 for ; Sat, 13 Jan 2018 02:18:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GDOEtZ8ArVvWKr24t9HjFHokmps/xNG1NyMeTGnIQFs=; b=Ja3FIf7zasSUmmk+7tTy0oX8PB11oLThu1OK1sWDOot1Nnj/GxSLRC4vulPg9HOmKQ cFmlIfycqFGmTSKmlVd1JF5JbYebRuEiTcpyANBcrOucwVf3JSuBBv7rHK/yHfahDshG 2w0FCdNAhSmB2T8+NcXVBLA+i1GiUfC0PYXxY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GDOEtZ8ArVvWKr24t9HjFHokmps/xNG1NyMeTGnIQFs=; b=m9WDTp9YFmqrdgmX8QvVWE9eNDZFkvShQarcHsX446n2yRc2SiVZV+eOBRkCSfDrff 1yoWhBxCeolvWJRD6c4SMzf5JzAaXUijKCLcKx9uUcxHO44q+DH13T92yCVPwf2AREWT 56icmi95ZDkULUOruCw6IiKtxhrm3HVbnsFI09+FuRezM0AaWpbEEtD+0GxoOynnMZee V3aAE67kYZMPX/jVNYSdtciAIoJXjs7ZUr9eS14FtaODhnLWVBQxyA5ynPdsJp1aACne qWSS4MN2Wdw2tYVYuYEBE/mfUZHxg+b+QhT1OFoYTHCOnKQ50t/NbthP1bGjg67SrgxI nC1Q== X-Gm-Message-State: AKwxytfoYMfkLIYDVpWrgJdSB/57/NdcPT6/BNXlI8GypUI759Z36HZc MeikRpCLwgL7lgohTyFs+7yhY49iQ1fLSAAqgcA6Dms+ X-Google-Smtp-Source: ACJfBovhdi/VqEO5K7Vaf4g7c3+J3Mv0T1vQZgdK9s1uUm6gmiqHe4Oq1oetTOpcO7E9mn+/SbbF+E6yk00QiCHCjSE= X-Received: by 10.37.72.200 with SMTP id v191mr14784885yba.18.1515838702868; Sat, 13 Jan 2018 02:18:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.37.46.79 with HTTP; Sat, 13 Jan 2018 02:17:52 -0800 (PST) In-Reply-To: <20180113095553.GA19901@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> <20180113095553.GA19901@admin.sibptus.transneft.ru> From: Eitan Adler Date: Sat, 13 Jan 2018 02:17:52 -0800 Message-ID: Subject: Re: Fwd: Re: Quasi-enterprise WiFi network To: Victor Sudakov Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 10:18:24 -0000 On 13 January 2018 at 01:55, Victor Sudakov wrote: > > > Are there any network experts willing to look at the dump of RADIUS > traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? >From wireshark: PEAP / EAP-MD5-CHALLENGE Extensible Authentication Protocol Code: Request (1) Id: 2 Length: 6 Type: Protected EAP (EAP-PEAP) (25) EAP-TLS Flags: 0x20 Frame 2: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) Ethernet II, Src: D-LinkIn_33:c9:7c (c4:12:f5:33:c9:7c), Dst: Tp-LinkT_80:65:0d (98:de:d0:80:65:0d) Internet Protocol Version 4, Src: 192.168.4.1, Dst: 192.168.4.15 User Datagram Protocol, Src Port: 1812, Dst Port: 49565 RADIUS Protocol Code: Access-Challenge (11) Packet identifier: 0x1f (31) Length: 80 Authenticator: 3ee26ab2364064973ef2ce988915ca8b [This is a response to a request in frame 1] [Time from request: 0.000410000 seconds] Attribute Value Pairs AVP: l=24 t=EAP-Message(79) Last Segment[1] Type: 79 Length: 24 EAP fragment: 0101001604106e9f4093168606ff0e9d7d965c20a895 Extensible Authentication Protocol Code: Request (1) Id: 1 Length: 22 Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4) [Expert Info (Warning/Security): Vulnerable to MITM attacks. If possible, change EAP type.] [Vulnerable to MITM attacks. If possible, change EAP type.] [Severity level: Warning] [Group: Security] EAP-MD5 Value-Size: 16 EAP-MD5 Value: 6e9f4093168606ff0e9d7d965c20a895 AVP: l=18 t=Message-Authenticator(80): dff9594bbb81d39e12716aae961454e0 Type: 80 Length: 18 Message-Authenticator: dff9594bbb81d39e12716aae961454e0 AVP: l=18 t=State(24): 6bf59ce96bf4982c16a18f64a0068706 Type: 24 Length: 18 State: 6bf59ce96bf4982c16a18f64a0068706 > I'd like to > understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc) > is actually being used (and why the Android devices are readily > trusting FreeRADIUS's test server certificate, I'm a bit uneasy about > it). > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > AS43859 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Eitan Adler From owner-freebsd-net@freebsd.org Sat Jan 13 11:07:47 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF806EB3653 for ; Sat, 13 Jan 2018 11:07:47 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 58DD080DFF for ; Sat, 13 Jan 2018 11:07:46 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39911842; Sat, 13 Jan 2018 17:02:56 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w0DB7geW020535; Sat, 13 Jan 2018 18:07:44 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w0DB7dPc020534; Sat, 13 Jan 2018 18:07:39 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Sat, 13 Jan 2018 18:07:39 +0700 From: Victor Sudakov To: Eitan Adler Cc: "freebsd-net@freebsd.org" Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180113110739.GA20415@admin.sibptus.transneft.ru> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> <20180113095553.GA19901@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 11:07:48 -0000 Eitan Adler wrote: > On 13 January 2018 at 01:55, Victor Sudakov wrote: > > > > > > Are there any network experts willing to look at the dump of RADIUS > > traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? > > > >From wireshark: PEAP / EAP-MD5-CHALLENGE Eitan, do you mean it's EAP-MD5 encapsulated in PEAP (TLS tunnel)? Why is the client not checking the server's certificate authenticity and how do I make the client check it against a CA (if I need to)? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Sat Jan 13 12:55:42 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8250AE6361B for ; Sat, 13 Jan 2018 12:55:42 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (mail.unix.io [IPv6:2001:470:1f0b:97d::2]) by mx1.freebsd.org (Postfix) with ESMTP id 323C4B35 for ; Sat, 13 Jan 2018 12:55:41 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (localhost [127.0.0.1]) by mail.unix.io (Postfix) with ESMTP id AB8A52EB006 for ; Sat, 13 Jan 2018 13:55:32 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bege.email; h=reply-to:to :from:subject:message-id:date:mime-version:content-type; s= mail141202; bh=p22Y8+5VBcv53sbIynXLC9j1vIA=; b=612S8Awmk+CWsh0Hg WnUJnvRtR2KhpgpixA0iyW0XSgVG0ygH6i34OiKnPLiKbHuJL9AlJekpoMS72Wdp Rp7KXyRmnnTq/+s58ZZz2RGMdnn2M2CEFKvffl3LctyYpjWd4r/uC0ZwVub3/PQo dKPslS2pB9T42WakdHCIn+tg+Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=bege.email; h=reply-to:to :from:subject:message-id:date:mime-version:content-type; q=dns; s=mail141202; b=zaBeozq5WLWhO8csvzvdstqrf26lff8X1hG2kTp5Lcen3oX XRYK5CYiPXS5/GB2dRj8+pcDjtNzrztDP2uhmNvLnyBnsknNYYPJni/H3hXqN+1e GBqfScIBcWgeUU3sXjGIK7UKIOujOfT1PKJgb23Qbnp4UDQz2D1rXJ/C5Wis= Received: from [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c] (lazarus.int.ninth-art.de [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.unix.io (Postfix) with ESMTPSA id 5F0CA2EB005 for ; Sat, 13 Jan 2018 13:55:31 +0100 (CET) Reply-To: georg@bege.email To: freebsd-net@freebsd.org From: Georg Bege Subject: Support for ATM bridging (RFC1483/2684) in FreeBSD? Message-ID: <00595957-f846-de5d-cb74-f15744f85813@bege.email> Date: Sat, 13 Jan 2018 13:55:28 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Z75WSA0NZzjtCTlkOwvPSDPyfDeAloUG6" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 12:55:42 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Z75WSA0NZzjtCTlkOwvPSDPyfDeAloUG6 Content-Type: multipart/mixed; boundary="3LJLwyAc8Y7qXiHzHbLyGKQgmOuGcPW3Y"; protected-headers="v1" From: Georg Bege Reply-To: georg@bege.email To: freebsd-net@freebsd.org Message-ID: <00595957-f846-de5d-cb74-f15744f85813@bege.email> Subject: Support for ATM bridging (RFC1483/2684) in FreeBSD? --3LJLwyAc8Y7qXiHzHbLyGKQgmOuGcPW3Y Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello list, Im looking for information if ATM bridging is (or was?) possible with FreeBSD. Basically its the same which is available in Linux for a long time now: https://www.systutorials.com/docs/linux/man/8-br2684ctl/ https://home.regit.org/technical-articles/atm-bridging/ I'd like to use FBSD as an gateway/router however, I've a strange kind of IPTV+Internet over ADSL (no VDSL available). I've found natmip(4) so far, but Im uncertain if this is truly the right thing... best regards, --=20 Georg Bege Mail: georg@bege.email XMPP: therion@ninth-art.de IRC: megaTherion @ Freenode --3LJLwyAc8Y7qXiHzHbLyGKQgmOuGcPW3Y-- --Z75WSA0NZzjtCTlkOwvPSDPyfDeAloUG6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEJdJ9breeFh2CnEOSXOBJMQYP8oMFAlpaAcURHGdlb3JnQGJl Z2UuZW1haWwACgkQXOBJMQYP8oMsmQ/8C+g9gqTJJ1DAN9wyNw61l+s5J1pLrPZB vB+RKDDWNltNCkxf10XH4duack7tFGSiP8NXkzVvAyny/0LhAdTaz94AlfKnmuLQ bu/JEghuRtXVyGsXWQjCkGBytRZQsqmHU1GJ9MHKiiI1PVY3nyhyLrjne5nJ+1WS XeTtXDzugdO26seSZUPbgIB+ZJfm1dcD3XWzrWtV4nzlGkQUilXDQEcQtlyrA4Wr Y/tN/WFOE63R0mI7TroJNIXyYMfkTrc2QmfoanTvejcPjOwaWlAGykZmafOgBpU0 VQJvGI2ds61uJu3IBg359Dd1wmK80bCs+10MPIAHfsa4tAZL78FVNtgzXAuVhtzI AOU6zPmPxIOChx3f4DgVyYn6ykIXDfo9zv79oee3fj2NgEpSlYNuvo3HjtXNTbBG FEQurTEsjLzwIJpyD0Pjt2ry0LmUPSXGYA8mFtGDm4yVV94FCkqylJEdf/cZfze0 sxsEmvEIOT0WAbBaHhIlxdtQsn6hAdeQcf8YZIxPK5z/nWT5Sa8cpPn4YX30Hwvz Uom6y4HZr5/0UzMjI/7wSzZ33Cj1pdcHRsgkDsyuLVF+H6BWX+ejj1SHJ1w/Ge2o oumK7FTLW1Ua7k/WZwcWvn0NvSfBSMLeKzk8NHy/onAm1wOC0Aw8lzkNQ/2NNopX uwbVGGpah3w= =/+sv -----END PGP SIGNATURE----- --Z75WSA0NZzjtCTlkOwvPSDPyfDeAloUG6-- From owner-freebsd-net@freebsd.org Sat Jan 13 14:57:12 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E645E6CED9 for ; Sat, 13 Jan 2018 14:57:12 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [89.188.221.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "plan-b.pwste.edu.pl" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DE0AE68905 for ; Sat, 13 Jan 2018 14:57:10 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w0DEfvYx034403 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 13 Jan 2018 15:41:57 +0100 (CET) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w0DEfvoR034400; Sat, 13 Jan 2018 15:41:57 +0100 (CET) (envelope-from zarychtam) Date: Sat, 13 Jan 2018 15:41:57 +0100 From: Marek Zarychta To: Victor Sudakov Cc: freebsd-net@freebsd.org Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <20180113144157.GA33988@plan-b.pwste.edu.pl> References: <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <20180108072035.GB52442@admin.sibptus.transneft.ru> <20180113095553.GA19901@admin.sibptus.transneft.ru> <20180113110739.GA20415@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HlL+5n6rz5pIUxbD" Content-Disposition: inline In-Reply-To: <20180113110739.GA20415@admin.sibptus.transneft.ru> User-Agent: Mutt/1.9.2 (2017-12-15) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 14:57:12 -0000 --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 13, 2018 at 06:07:39PM +0700, Victor Sudakov wrote: > Eitan Adler wrote: > > On 13 January 2018 at 01:55, Victor Sudakov wrote: > > > > > > > > > Are there any network experts willing to look at the dump of RADIUS > > > traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? > >=20 > >=20 > > >From wireshark: PEAP / EAP-MD5-CHALLENGE >=20 > Eitan, do you mean it's EAP-MD5 encapsulated in PEAP (TLS tunnel)? >=20 > Why is the client not checking the server's certificate authenticity > and how do I make the client check it against a CA (if I need to)? =20 Dear =D0=92=D0=B8=D0=BA=D1=82=D0=BE=D1=80, Android client doesn't care for server certificate authenticity, so you don't have to install CA certificate, which was probably automatically generated by radius and written to file: /usr/local/etc/raddb/certs/ca.der=20 Windows and Mac clients do care for it, so the CA cert should be installed as a Trusted Root Certificate Authority for these clients. If you want to have 0 problems with Windows clients, I recommend building simple captive portal based on PF redirection and simple login page. The page could be written as a CGI script in Perl or PHP. I also recommend incorporating net-mgmt/pftabled to manage the PF table directly from this portal without any risk of privilege escalation. Bear also in mind, that all initial client request should be redirected by HTTP server with "Status: 302 Moved" response, otherwise the portal will not be properly discovered by clients, as it was pointed before.=20 --=20 Marek Zarychta --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlpaGrIACgkQdZ/s//1S jSz+QggAwmr8irWMcEM7Xh5X4CmksoG+aYeTiiLIGk5UjC+r61+l5gnc2aD28Dr6 6vYqzyk1GwUne5mQnN8ypfbfIq4mgYaPwSgvkE/sytl4WWM5b6Wm8YogE2j/KWO3 7pkbmTowdG5oykTv4nIQ0lYQHbKUMtk1GhgpfN1xBZW3C+GzSe5fLpRmrpo6rw4V 62oEafA8sh0EUO/oW+6LGsM9PxHzlF6J+MWUqd2aJPokeSfL8A3XjviUOZ+Gl+zM MFr3Eg9Xq4DYu2oC1NnOIvYsw28f2pfrZOR2SXYw02R6ZZZKbwsw1kMn4dlbXVDP UWWl9dTmpuE0DYEnLx81WBNydcgjiw== =ezbZ -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD-- From owner-freebsd-net@freebsd.org Sat Jan 13 15:43:14 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3AE2E6F2E7 for ; Sat, 13 Jan 2018 15:43:14 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7F3876A2E0 for ; Sat, 13 Jan 2018 15:43:13 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w0DFgWux015184 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 13 Jan 2018 16:42:33 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: georg@bege.email Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w0DFgK2n078623 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 13 Jan 2018 22:42:20 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? To: georg@bege.email, freebsd-net@freebsd.org References: <00595957-f846-de5d-cb74-f15744f85813@bege.email> From: Eugene Grosbein Message-ID: <5A5A28D1.5020705@grosbein.net> Date: Sat, 13 Jan 2018 22:42:09 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <00595957-f846-de5d-cb74-f15744f85813@bege.email> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="45K03mntphJIWRV8G0rmkdJBo5MogKHN7" X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 15:43:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --45K03mntphJIWRV8G0rmkdJBo5MogKHN7 Content-Type: multipart/mixed; boundary="53Bg40TD2R7p4Kg0F3DC1kBPAjdvArrRd"; protected-headers="v1" From: Eugene Grosbein To: georg@bege.email, freebsd-net@freebsd.org Message-ID: <5A5A28D1.5020705@grosbein.net> Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? References: <00595957-f846-de5d-cb74-f15744f85813@bege.email> In-Reply-To: <00595957-f846-de5d-cb74-f15744f85813@bege.email> --53Bg40TD2R7p4Kg0F3DC1kBPAjdvArrRd Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable 13.01.2018 19:55, Georg Bege wrote: > Im looking for information if ATM bridging is (or was?) possible with > FreeBSD. > Basically its the same which is available in Linux for a long time now:= > https://www.systutorials.com/docs/linux/man/8-br2684ctl/ > https://home.regit.org/technical-articles/atm-bridging/ >=20 > I'd like to use FBSD as an gateway/router however, I've a strange kind > of IPTV+Internet over ADSL (no VDSL available). >=20 > I've found natmip(4) so far, but Im uncertain if this is truly the righ= t > thing... It depends on hardware you have. Do you have some internal PCI ATM adapte= r or external device? --53Bg40TD2R7p4Kg0F3DC1kBPAjdvArrRd-- --45K03mntphJIWRV8G0rmkdJBo5MogKHN7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJaWijXAAoJELDNGvImmIsoziUH/RZty9IYJcRCQfprRtk9+/Rq u4GXsv2SAnJOYtJqXvvuqZDPgKMBN42V4R4vt+FgOVUKVrMQkeix4XvdJ2R8kqx+ MA7+w/Mitrhss+OP0TVO31M+ZvQGiWBJuvj9h6iuePGWgnE5zQAilDq7ksGDGnpv EcPiyaj/3FyB+8pbyGyv6aXlfuu9IgU7PRb6vxG0K4WCebDkqsdNtIFJKGW6f4Qu mPMxzQ1v4QKXPPYaoSRvwEgr9wfPc+y/VOM41RYxQ99wxSahdBJ4C9CcuJUi0gIn 6uldSH3veXhVJNMV2aC5JRaqVp069ZVif3GO2tT8GDYm+S1Qu2IvKf02knQtbbA= =/Yg8 -----END PGP SIGNATURE----- --45K03mntphJIWRV8G0rmkdJBo5MogKHN7-- From owner-freebsd-net@freebsd.org Sat Jan 13 16:06:36 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED5C6E706D1 for ; Sat, 13 Jan 2018 16:06:36 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C81DE6AE7B for ; Sat, 13 Jan 2018 16:06:36 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w0DG6LEs045650; Sat, 13 Jan 2018 08:06:21 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w0DG6LEb045649; Sat, 13 Jan 2018 08:06:21 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201801131606.w0DG6LEb045649@pdx.rh.CN85.dnsmgr.net> Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? In-Reply-To: <5A5A28D1.5020705@grosbein.net> To: Eugene Grosbein Date: Sat, 13 Jan 2018 08:06:21 -0800 (PST) CC: georg@bege.email, freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 16:06:37 -0000 > 13.01.2018 19:55, Georg Bege wrote: > > > Im looking for information if ATM bridging is (or was?) possible with > > FreeBSD. > > Basically its the same which is available in Linux for a long time now: > > https://www.systutorials.com/docs/linux/man/8-br2684ctl/ > > https://home.regit.org/technical-articles/atm-bridging/ > > > > I'd like to use FBSD as an gateway/router however, I've a strange kind > > of IPTV+Internet over ADSL (no VDSL available). > > > > I've found natmip(4) so far, but Im uncertain if this is truly the right > > thing... > > It depends on hardware you have. Do you have some internal PCI ATM adapter or external device? FreeBSD has/had atm code in several places, there is netgraph support for atm in netgraph, ng_atm(4), ng_atmllc(4), and ng_ccatm(4). There is also natm(4), and the natmip(4) you found supported by drivers such as fatm(4), hatm(4), patm(4) and utopia(4), I have probably missed many other bits, but this should give you a larger set of reading than just the natmip(4) you had found. I believe some of this code has or is about to come under the "unmaintained" axe and being removed from the system under the claim that ATM is an obsolete technology. So if you find this usefull you need to chim in on -current and let the project know your using it. Thanks, -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Sat Jan 13 16:14:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27233E70DE3 for ; Sat, 13 Jan 2018 16:14:32 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AA8DB6B4B0 for ; Sat, 13 Jan 2018 16:14:31 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w0DGE1c6015422 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 13 Jan 2018 17:14:02 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-rwg@pdx.rh.CN85.dnsmgr.net Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w0DGDvMT087354 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 13 Jan 2018 23:13:57 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? To: "Rodney W. Grimes" References: <201801131606.w0DG6LEb045649@pdx.rh.CN85.dnsmgr.net> Cc: georg@bege.email, freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A5A3040.4050903@grosbein.net> Date: Sat, 13 Jan 2018 23:13:52 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <201801131606.w0DG6LEb045649@pdx.rh.CN85.dnsmgr.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 16:14:32 -0000 13.01.2018 23:06, Rodney W. Grimes wrote: > I believe some of this code has or is about to come under the > "unmaintained" axe and being removed from the system under > the claim that ATM is an obsolete technology. So if you find > this usefull you need to chim in on -current and let the > project know your using it. Anyway, this support is present in FreeBSD 11.x series and should be present until 11.x EOL for 5 years at least, according to plans at https://www.freebsd.org/security/security.html#sup From owner-freebsd-net@freebsd.org Sat Jan 13 16:48:52 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EB1E1E727C9 for ; Sat, 13 Jan 2018 16:48:52 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CB1D26C81C for ; Sat, 13 Jan 2018 16:48:52 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w0DGmZqP045841; Sat, 13 Jan 2018 08:48:35 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w0DGmXxD045840; Sat, 13 Jan 2018 08:48:33 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201801131648.w0DGmXxD045840@pdx.rh.CN85.dnsmgr.net> Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? In-Reply-To: <5A5A3040.4050903@grosbein.net> To: Eugene Grosbein Date: Sat, 13 Jan 2018 08:48:33 -0800 (PST) CC: freebsd-net@freebsd.org, georg@bege.email X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 16:48:53 -0000 > 13.01.2018 23:06, Rodney W. Grimes wrote: > > > I believe some of this code has or is about to come under the > > "unmaintained" axe and being removed from the system under > > the claim that ATM is an obsolete technology. So if you find > > this usefull you need to chim in on -current and let the > > project know your using it. > > Anyway, this support is present in FreeBSD 11.x series and > should be present until 11.x EOL > for 5 years at least, according to plans at > https://www.freebsd.org/security/security.html#sup That presentation is about as clear as mud, most are going to stop reading at "11.2 + 3 months" and not relaize that there is also the July 26, 2017 + 5 year clause in the text 3 paragrphas later in the next section that talks about the support model. -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Sat Jan 13 17:27:33 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AAA5AE74842 for ; Sat, 13 Jan 2018 17:27:33 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (mail.unix.io [IPv6:2001:470:1f0b:97d::2]) by mx1.freebsd.org (Postfix) with ESMTP id 473A96E078 for ; Sat, 13 Jan 2018 17:27:33 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (localhost [127.0.0.1]) by mail.unix.io (Postfix) with ESMTP id C9F522EB00D for ; Sat, 13 Jan 2018 18:27:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bege.email; h=subject :reply-to:references:to:from:message-id:date:mime-version :in-reply-to:content-type; s=mail141202; bh=ruq/6uAwfJgWtvLE6tXk q6pZUtQ=; b=Yr0KTph9xkuzl06KXlSLirNi8MIOZZZ/zi3W6njl5C8kMkftPo1A 7HuD3X2hWWo0ZEK+XnFRUAewJtbaaltvKkrWt3oUK/mDwZlaIUy79mmrzTB5LFHX ZkgahX8WMObaXUNVwROV6JClN13iOMVw09dO3w0CK3pO65CZi4K7JZA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=bege.email; h=subject :reply-to:references:to:from:message-id:date:mime-version :in-reply-to:content-type; q=dns; s=mail141202; b=S7GtyiCImXQTxi 75oR2XGw2hyDkOJVM9a2bd9AFzwd+0/Hzq57oUjhMZFFXtCb9/K7+yOW5nzSeD8g 6NWoJyIb3GsaHRhjqJNhUcozifkEWhKI4coDHDVWA3jbxcHrtt4gMaglFwrhEwUb LW++d3M9sVU4cFjaoX2GlsXuKqlf0= Received: from [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c] (lazarus.int.ninth-art.de [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.unix.io (Postfix) with ESMTPSA id 9F9692EB005 for ; Sat, 13 Jan 2018 18:27:31 +0100 (CET) Subject: Fwd: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? Reply-To: georg@bege.email References: To: freebsd-net@freebsd.org From: Georg Bege X-Forwarded-Message-Id: Message-ID: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> Date: Sat, 13 Jan 2018 18:27:33 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="k3qfEkjxBAfFrdG2nTzjb3cCDbGT52Zuq" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 17:27:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --k3qfEkjxBAfFrdG2nTzjb3cCDbGT52Zuq Content-Type: multipart/mixed; boundary="LfUIl0anDhmMft4fW6VgIHfYiveYhGEI8"; protected-headers="v1" From: Georg Bege Reply-To: georg@bege.email To: freebsd-net@freebsd.org Message-ID: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> Subject: Fwd: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? References: In-Reply-To: --LfUIl0anDhmMft4fW6VgIHfYiveYhGEI8 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable -------- Weitergeleitete Nachricht -------- Betreff: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? Datum: Sat, 13 Jan 2018 18:26:30 +0100 Von: Georg Bege Antwort an: georg@bege.email An: Eugene Grosbein Hello Thanks for your response. Well I have come to the believe that no special hardware is required for this, basically they somehow seem to route this via PPPoE (or at least that's what I think). Basically you establish an PPPoE connection and then you somehow must acquire an virtual ATM device (which carries VCR/VCI.. and encapsulates this) much like VDSL does with vlan tagging.... Im not sure if Im 100% correct, but for example I can establish the internet connection with just an normal ADSL2+ Annex J compatible Modem and PPPoE works too. What I dont get without this bridging stuff is the IPTV stream, it seems that on this bridged device an dhcp query is necessary in order to get access to the multicast net. regards, Georg Am 13.01.2018 um 16:42 schrieb Eugene Grosbein: > 13.01.2018 19:55, Georg Bege wrote: >=20 >> Im looking for information if ATM bridging is (or was?) possible with >> FreeBSD. >> Basically its the same which is available in Linux for a long time now= : >> https://www.systutorials.com/docs/linux/man/8-br2684ctl/ >> https://home.regit.org/technical-articles/atm-bridging/ >> >> I'd like to use FBSD as an gateway/router however, I've a strange kind= >> of IPTV+Internet over ADSL (no VDSL available). >> >> I've found natmip(4) so far, but Im uncertain if this is truly the rig= ht >> thing... >=20 > It depends on hardware you have. Do you have some internal PCI ATM adap= ter or external device? >=20 >=20 --=20 Georg Bege Mail: georg@bege.email XMPP: therion@ninth-art.de IRC: megaTherion @ Freenode --LfUIl0anDhmMft4fW6VgIHfYiveYhGEI8-- --k3qfEkjxBAfFrdG2nTzjb3cCDbGT52Zuq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEJdJ9breeFh2CnEOSXOBJMQYP8oMFAlpaQYURHGdlb3JnQGJl Z2UuZW1haWwACgkQXOBJMQYP8oNJJBAAkoAFdkGjForz0/XlOllko2KxfTQCotOR 0lIE8QY1esgxd+KPgwIoeuvXq+X4cfLDuNohBmCQKeQ+H2izO/goRnFpqg+1qZFB sfJfF5+CsE9RVAs4dKZvWblFdmPJh8CJNGUEJtTuu//kRLPFwJYHsLOC64SFtoZy NPxKgqZcoPUG72kkf8T2usFlvgMWJ5AlOQTSYuYhrJc+4rj91b6mG1vMMk2n88qZ ZCnmVBpw49yX1eKdK50nTNM11oIY0M9UHVnVQrL6E9HBebny9A3QKB6XhQgSF8gD vZIheSD4EKAxMjEYhhF3RC1PZN+Po6hVb7dahuDsXE9y/av/WvkyCZTQJnt6tKVM 6r4NaV+S83TspvPQ9je5028vqqcKrjnNjS6OfmGVL5VqZGFxMttCemaJppwuOm7u s7LfF5wXRN9nsjcNx936PlRMR83AKukfIGdZuT7T6YnR8LLEzq0hYDF86+XGxdyq tfSMHJ7zvXBo30IS0L4PiyjqpEj4gX3gFAdkKlux+mciBvcYlnY2Se0jVSqzNyAz /cRy20eNcNe+syTma5p9kVodf6p6k+qqiVcCVgTO3+p0Nl+4pb1NoHKaXhzw/BS1 S0xzDLdrTHN+bVyCrd8bxbx7AmO8EElY5cj8J9qQucEdVlGjaiyPuIFHJdLSZqhS h+wJeq3Vs3Y= =jhkM -----END PGP SIGNATURE----- --k3qfEkjxBAfFrdG2nTzjb3cCDbGT52Zuq-- From owner-freebsd-net@freebsd.org Sat Jan 13 17:38:08 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49AEAE7520B for ; Sat, 13 Jan 2018 17:38:08 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D397A6E840 for ; Sat, 13 Jan 2018 17:38:07 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w0DHbjo8016004 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 13 Jan 2018 18:37:46 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: georg@bege.email Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w0DHbfD8010979 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 14 Jan 2018 00:37:41 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? To: georg@bege.email, freebsd-net@freebsd.org References: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> From: Eugene Grosbein Message-ID: <5A5A43E5.50902@grosbein.net> Date: Sun, 14 Jan 2018 00:37:41 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=4.2 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_24_48, LOCAL_FROM,RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 2.0 DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 17:38:08 -0000 14.01.2018 0:27, Georg Bege wrote: >> It depends on hardware you have. Do you have some internal PCI ATM adapter or external device? > Thanks for your response. > Well I have come to the believe that no special hardware is required for > this, basically they somehow seem to route this via PPPoE (or at least > that's what I think). > Basically you establish an PPPoE connection and then you somehow must > acquire an virtual ATM device (which carries VCR/VCI.. and encapsulates > this) much like VDSL does with vlan tagging.... > > Im not sure if Im 100% correct, but for example I can establish the > internet connection with just an normal ADSL2+ Annex J compatible Modem > and PPPoE works too. > What I dont get without this bridging stuff is the IPTV stream, it seems > that on this bridged device an dhcp query is necessary in order to get > access to the multicast net. So, you already have ADSL2+ modem with ethernet interface acting as bridge for PPPoE traffic and you use FreeBSD to establish PPPoE session, right? And what is "IPTV stream" exactly? Is it just IP multicast somehow encapsulated into VCI or something else? From owner-freebsd-net@freebsd.org Sat Jan 13 17:38:58 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6209E75326 for ; Sat, 13 Jan 2018 17:38:58 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (coruscant.unix.io [78.46.226.58]) by mx1.freebsd.org (Postfix) with ESMTP id 369136E921 for ; Sat, 13 Jan 2018 17:38:57 +0000 (UTC) (envelope-from georg@bege.email) Received: from mail.unix.io (localhost [127.0.0.1]) by mail.unix.io (Postfix) with ESMTP id 71AA72EB00D; Sat, 13 Jan 2018 18:38:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bege.email; h=reply-to :subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type; s=mail141202; bh=84TcEGDPo35rwSrY7b2w 1A7prqs=; b=27dQ8PlsaOyoFKb6vQe4wOZG0skDnCMp+mNyswP0PIm7tclKeGX3 jyBTw+Ob7DuoPQ/6TpRrFkTSOkHrGdSDs/ZEcVqC4p/yBUqe0Qr56RuWjXmHDQN8 LSLm9gAyBSLF1NI9euAxQY86Zcnu5rDHP8R9o6Krcgr38NcxSkEQRog= DomainKey-Signature: a=rsa-sha1; c=nofws; d=bege.email; h=reply-to :subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type; q=dns; s=mail141202; b=XuVs4Ybdm5UeLx H6DvV64zwHUxW4n9GErVJBdWWwpPelYB5WI4Pp661ytPgUmHwSBiQYRrZNq8nw5w lhjNBCA1QwPK+zerU5VUgZPAnozjtJaXmnw9nqB9vv0uH84rK0rOhLfWdGmFxOmU 9zYKgIDJIjw7xm3D8hnkrWukyhHSI= Received: from [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c] (lazarus.int.ninth-art.de [IPv6:2001:470:1f0b:518:2ba5:98a2:18a2:c01c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.unix.io (Postfix) with ESMTPSA id 3EB202EB005; Sat, 13 Jan 2018 18:38:55 +0100 (CET) Reply-To: georg@bege.email Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? To: Eugene Grosbein , freebsd-net@freebsd.org References: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> <5A5A43E5.50902@grosbein.net> From: Georg Bege Message-ID: <765d5e8a-1d3f-385b-442e-e5fd51876f08@bege.email> Date: Sat, 13 Jan 2018 18:38:55 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <5A5A43E5.50902@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xZOgOO2zHOf9KBwcFHFQGhEdh4vCERu3f" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 17:38:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xZOgOO2zHOf9KBwcFHFQGhEdh4vCERu3f Content-Type: multipart/mixed; boundary="JoxlbANbUmtQAZNjtKA8krbocDXDDTZYY"; protected-headers="v1" From: Georg Bege Reply-To: georg@bege.email To: Eugene Grosbein , freebsd-net@freebsd.org Message-ID: <765d5e8a-1d3f-385b-442e-e5fd51876f08@bege.email> Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? References: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> <5A5A43E5.50902@grosbein.net> In-Reply-To: <5A5A43E5.50902@grosbein.net> --JoxlbANbUmtQAZNjtKA8krbocDXDDTZYY Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Exacly, yes its IP multicast encapsulated into VCI - I just dont know how to archive this via FreeBSD. regards, Georg Am 13.01.2018 um 18:37 schrieb Eugene Grosbein: > So, you already have ADSL2+ modem with ethernet interface acting as bri= dge > for PPPoE traffic and you use FreeBSD to establish PPPoE session, right= ? >=20 > And what is "IPTV stream" exactly? Is it just IP multicast somehow enca= psulated > into VCI or something else? --=20 Georg Bege Mail: georg@bege.email XMPP: therion@ninth-art.de IRC: megaTherion @ Freenode --JoxlbANbUmtQAZNjtKA8krbocDXDDTZYY-- --xZOgOO2zHOf9KBwcFHFQGhEdh4vCERu3f Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEJdJ9breeFh2CnEOSXOBJMQYP8oMFAlpaRC8RHGdlb3JnQGJl Z2UuZW1haWwACgkQXOBJMQYP8oPpfw//e4ROAXfVMJvn25hY1hepMJrcX9UXO5ZM v298oUbWjvqy8ObwbjgI8HPe/sySx/nVqAlItuhWQERU8PquNIA7gKLar/gkzV9Q qtbBFq5FSlxz1Gh3RwrOyS7nQuu4AkXAaWu8aJm+8EYRyVgC+csfrrqrbH5N7FNL gh+L+AVofdn4jyIiELf9DGoJHCe8sfdSEztO8wTfzrG8pcvjw8vA5VVsx0p3Mxr2 ChDWST/aSsEgRroHtw2BkXGdQGhKRgysCFtohZmlhGpFthXIqW1VeccSIicOgmDi Z4fy4pckwjBrheEw/qZGb10KT/p4grjULrAh+bU/HkM0LVBabnvTIOF0TnvFXlIF bG0CWTJXvD2A7uZTgVSOWUCxVmPtJ3zogt0vUluoi+R2raKsWcf0DSdgLLgt0rYY f31mcThONA8e2JpxIj3cQJvNqypgHbXQkRNvLdmdYVC1OdT2k+PSQAuTajDXJNW9 Fz0aKZDpJpDaEuRW3iDYI/gN3Mp7Y8xS98xRaa9OJtZf2873zev89uryRZUQYUTu 7nQIGq93o+AUWTX0691rQDjMQNfXZWWfQcTcA+0I4H3idyaaOM0Wy9b0HSDcNbca JO0mUtQrVrCjIh5zNlWXTDZ3TFu682X+DKug1+2haRw5A0r6vzTVCQvQRGcGtC3A U48jk9ENO+I= =Aohp -----END PGP SIGNATURE----- --xZOgOO2zHOf9KBwcFHFQGhEdh4vCERu3f-- From owner-freebsd-net@freebsd.org Sat Jan 13 17:43:26 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34205E75756 for ; Sat, 13 Jan 2018 17:43:26 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D0C626ECDC for ; Sat, 13 Jan 2018 17:43:25 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w0DHh7kS046066; Sat, 13 Jan 2018 09:43:07 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w0DHh7Jd046065; Sat, 13 Jan 2018 09:43:07 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201801131743.w0DHh7Jd046065@pdx.rh.CN85.dnsmgr.net> Subject: Re: Fwd: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? In-Reply-To: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> To: georg@bege.email Date: Sat, 13 Jan 2018 09:43:07 -0800 (PST) CC: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 17:43:26 -0000 -- Start of PGP signed section. [ Charset UTF-8 unsupported, converting... ] > > > > -------- Weitergeleitete Nachricht -------- > Betreff: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? > Datum: Sat, 13 Jan 2018 18:26:30 +0100 > Von: Georg Bege > Antwort an: georg@bege.email > An: Eugene Grosbein > > Hello > > Thanks for your response. > Well I have come to the believe that no special hardware is required for > this, basically they somehow seem to route this via PPPoE (or at least > that's what I think). It is called PPPPoA. > Basically you establish an PPPoE connection and then you somehow must > acquire an virtual ATM device (which carries VCR/VCI.. and encapsulates > this) much like VDSL does with vlan tagging.... > > Im not sure if Im 100% correct, but for example I can establish the > internet connection with just an normal ADSL2+ Annex J compatible Modem > and PPPoE works too. The ISP's equipment may be supporting both PPPoE and PPPoA. They may be running them in different VCI/VPI's also. > What I dont get without this bridging stuff is the IPTV stream, it seems > that on this bridged device an dhcp query is necessary in order to get > access to the multicast net. It may also be that you need to send a IGMP join to get them to send the IPTV multicast stream, and somehow that is happinging with you do the DHCP. There are very few details here to know much about any of what is actually going on. > > regards, > Georg > > Am 13.01.2018 um 16:42 schrieb Eugene Grosbein: > > 13.01.2018 19:55, Georg Bege wrote: > > > >> Im looking for information if ATM bridging is (or was?) possible with > >> FreeBSD. > >> Basically its the same which is available in Linux for a long time now: > >> https://www.systutorials.com/docs/linux/man/8-br2684ctl/ > >> https://home.regit.org/technical-articles/atm-bridging/ > >> > >> I'd like to use FBSD as an gateway/router however, I've a strange kind > >> of IPTV+Internet over ADSL (no VDSL available). > >> > >> I've found natmip(4) so far, but Im uncertain if this is truly the right > >> thing... > > > > It depends on hardware you have. Do you have some internal PCI ATM adapter or external device? > > > > > > -- > Georg Bege > Mail: georg@bege.email > XMPP: therion@ninth-art.de > IRC: megaTherion @ Freenode > > -- End of PGP section, PGP failed! -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Sat Jan 13 17:47:02 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FBF4E759D7 for ; Sat, 13 Jan 2018 17:47:02 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 975416EE5C for ; Sat, 13 Jan 2018 17:47:00 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w0DHkrlq016092 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 13 Jan 2018 18:46:53 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: georg@bege.email Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w0DHkjS2013515 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 14 Jan 2018 00:46:45 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Support for ATM bridging (RFC1483/2684) in FreeBSD? To: georg@bege.email, freebsd-net@freebsd.org References: <3032eab4-8c07-b701-83ca-d07ffd17ee11@bege.email> <5A5A43E5.50902@grosbein.net> <765d5e8a-1d3f-385b-442e-e5fd51876f08@bege.email> From: Eugene Grosbein Message-ID: <5A5A4600.10505@grosbein.net> Date: Sun, 14 Jan 2018 00:46:40 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <765d5e8a-1d3f-385b-442e-e5fd51876f08@bege.email> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 17:47:02 -0000 14.01.2018 0:38, Georg Bege wrote: >> So, you already have ADSL2+ modem with ethernet interface acting as bridge >> for PPPoE traffic and you use FreeBSD to establish PPPoE session, right? >> >> And what is "IPTV stream" exactly? Is it just IP multicast somehow encapsulated >> into VCI or something else? > Exacly, yes its IP multicast encapsulated into VCI - I just dont know > how to archive this via FreeBSD. > Are you sure your ADSL2+ modem is able to pass this multicast stream to FreeBSD box via Ethernet? Eugene P.S. Please do not top-post. Thanks. From owner-freebsd-net@freebsd.org Sat Jan 13 19:13:34 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14321E7A50A for ; Sat, 13 Jan 2018 19:13:34 +0000 (UTC) (envelope-from smtp@smart-data.xyz) Received: from smart-data.xyz (smart-data.xyz [93.84.114.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 301CA73358 for ; Sat, 13 Jan 2018 19:13:32 +0000 (UTC) (envelope-from smtp@smart-data.xyz) Reply-To: Message-ID: <20180114031330644584@smart-data.xyz> From: "inbox smtp/cpanel/admin RDP" To: Subject: Re:inbox SMTP/bullet proof cpanel/admin RDP/webmail/2018 fresh leads hot selling Date: Sun, 14 Jan 2018 03:13:16 +0800 MIME-Version: 1.0 X-Priority: 1 X-mailer: Dduw 2 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 19:13:34 -0000 SGVsbG8gbXkgZnJpZW5kLA0KR3JlZXRpbmdzDQpXZSBwcm92aWRlIFNNVFAgc2VydmVyL1JEUC9j cGFuZWwvMjAxOCBmcmVzaCBsZWFkcyBhbmQgZXRjIHRvb2xzIGZvciBidWxrIG1haWxpbmcgbWFy a2V0aW5nLCBwbGVhc2UgY2hlY2sgYmVsb3cgYXZhaWFibGUgdG9vbHMgbGlzdCwgcGxlYXNlIGRv IG5vdCBoZXNpdGF0ZSBhZGQgbXkgY29udGFjdHMgZm9yIHByb2Zlc3Npb25hbCBhZHZpY2UuDQpT a3lwZSBJRCBMSlNBTklUQVJZMTk5OCANCllhaG9vIE1lc3NlbmdlciBJRCArODYxMzg1NzcwNzg3 MQ0KSUNRIFVJTiA3MjcxMzM0MjkNCiANClBsYW4gMTogVW5saW1pdGVkIFNNVFAgc2VydmVyICsg bGljZW5zZWQgVHVyYm8gTWFpbGVyICsgYWRtaW4gUkRQL1ByaWNlOiAkMTU1L01vbnRobHkgDQpQ bGFuIDI6IGxpY2Vuc2VkIGxpY2Vuc2VkIFN1cG1lciBtYWlsZXIgKyBhZG1pbiBSRFAgKyA1IFNN VFAgcm90YXRlL3ByaWNlOiAkMjM1L01vbnRobHkNClBsYW4gMzogVW5saW1pdGVkIFNNVFAgc2Vy dmVyL1ByaWNlOiAkOTkvTW9udGhseQ0KKHBsYW4gMyBpbmNsdWRlIHNlbmRlciBhZGRyZXNzL3Vz ZXJuYW1lL3Bhc3N3b3JkL3NtdHAgc2VydmVyLCBuZWVkIHdvcmsgd2l0aCB0dXJibyBtYWlsZXIv QU1TL1NlbmRibGFzdGVyIGV0Yy4uLikNClBsYW4gNDogVW5saW1pdGVkIHdlYi1tYWlsIA0KUm91 bmRjdWJlIHdlYm1haWwgKGJjYyB1cCB0byAxMDAwIGVtYWlscylwcmljZTogJDEzNS9Nb250aGx5 DQpaaW1icmEgd2VibWFpbCAoYmNjIHVwIHRvIDEwMDAgZW1haWxzKXByaWNlOiAkMTU1L01vbnRo bHkNClBsYW41OmFkbWluIFJEUA0KMS1iZWxvdyBsb2NhdGlvbiBhZG1pbiBSRFAgcHJpY2U6ICQz NS9Nb250aGx5DQpDYW5hZGEvVVNBL0F1c3RyaWEvQnVsZ2FyaWEvQ3plY2gvRGVubWFyay9Fc3Rv bmlhL0ZpbmxhbmQvRnJhbmNlL0dlcm1hbnkvSXJlbGFuZC9JdGFseS9MaXRodWFuaWEvTHV4ZW1i b3VyZy9OZXRoZXJsYW5kcy9Ob3J3YXkvUG9sYW5kL1JvbWFuaWEvUnVzc2lhL1NlcmJpYS9TcGFp bi9Td2VkZW4vU3dpdHplci9Va3JhaW5lL1VLDQoyLWJlbG93IGxvY2F0aW9ucyBhZG1pbiBSRFAg cHJpY2U6ICQ0NS9Nb250aGx5DQpIb25nS29uZy9DaGluYS9JbmRpYW4vSmFwYW4vU2luZ2Fwb3Jl L1NvdXRoIEtvcmVhL0JyYXppbC9Db2xvbWJpYS9NZXhpY28vSW5kb25lc2lhL0lzcmFlbC9NYWxh eXNpYS9QYWtpc3Rhbi9UYWl3YW4vVGhhaWxhbmQvVHVyZWt5L1UuQS5FL1ZpZXRuYW0vQXVzdHJh bGlhL0VneXB0L05ldyBaZWFsYW5kL05pZ2VyaWEvU291dGggQWZyaWNhDQpQbGFuIDY6IGJ1c2lu ZXNzL0NFTyAmIENGTy9wcml2YXRlIGVtYWlsIGxlYWQNCjEtIGJ1c2luZXNzIGNvbXBhbnkgZW1h aWwgbGVhZHM6ICQzNSBwZXIgMTAwaw0KMi0gQ0VPICYgQ0ZPIGVtYWlsIGxlYWRzOiAkNTAgcGVy IDEwMGsgDQpQbGFuIDcgaHR0cHMgY3BhbmVsDQoxLWJ1bGxldHByb29mIFdITSArIGh0dHBzIGNw YW5lbC9wcmljZTogJDU1L01vbnRobHkgDQpkZWRpY2F0ZWQgaXAvaG9zdCBhbnkgcGFnZS9pZ25v cmUgYW55IGNvbXBsYWludHMvY2xpZW50IGNhbiBjcmVhdGUgdW5saW1pdGVkIGNwYW5lbCB1c2Vy IGFjY291bnRzIA0KMi1ub3JtYWwgaHR0cHMgY3BhbmVsL3ByaWNlOiAkMzUvTW9udGhseQ0KZm9y IG5vcm1hbCB1c2FnZS9ob3N0IGxlZ2FsIHBhZ2Ugb25seS9vbmUgY3BhbmVsIHVzZXIgYWNjb3Vu dA0KMlBsYW4gODogZW1haWwgYmxhc3Qgc2VuZGVyIHNvZnR3YXJlDQoxLVR1cmJvIG1haWxlci9w cmljZTogJDIwIHdpdGggbGlmZXRpbWUgbGljZW5zZQ0KMi1TZW5kYmxhc3Rlci9QcmljZTogJDE1 NSB3aXRoIGxpZmV0aW1lIGxpY2Vuc2UNCjMtQkJtYWlsIGVtYWlsIG1hcmtldGluZyBzb2Z0d2Fy ZS9wcmljZTogJDE1NSB3aXRoIGxpZmV0aW1lIGxpY2Vuc2UNCkJCbWFpbCBlbWFpbCBtYXJrZXRp bmcgc29mdHdhcmUgY2FuIHJlYWxpemUgbXVsdGlwbGUgU01UUCByb3RhdGUsIGdldCBiZXR0ZXIg ZGVsaXZlcnkNClBsYW4gOTogZW1haWwgZXh0cmFjdG9yL3ByaWNlOiAkMTU1IHdpdGggbGlmZXRp bWUgbGljZW5zZQ0KMS0gbGlmZXRpbWUgbGljZW5zZS91cGRhdGUgdG8gbGF0ZXN0IHZlcnNpb24g YW55IHRpbWUNCjItIGV4dHJhY3QgZW1haWwgYnkga2V5d29yZHMgb3IgVVJMDQozLSBleHRyYWN0 IGVtYWlsIGZyb20gdGFyZ2V0ZWQgY291bnRyeQ0KUGxhbiAxMDogZW1haWwgdmVyaWZpZXIvcHJp Y2UgJDEzNSB3aXRoIGxpZmV0aW1lIGxpY2Vuc2UNCjEtIHJlbW92ZSBpbnZhbGlkIGVtYWlscy9n ZXQgYmV0dGVyIGVtYWlsIHBlcmZvcm1hbmNlDQogDQpQYXltZW50IHdlIGFjY2VwdDoNCjEtIFBl cmZlY3QgTW9uZXkNCjItIENyZWRpdCBDYXJkDQozLSBCaXRjb2luDQo0LSBXZXN0ZXJuIFVuaW9u DQo1LSBNb25leSBHcmFtDQo2LSBCYW5rIFQvVA0KIA0KU21hcnQgbWFya2V0aW5nIGluZm8gJiB0 ZWNoIHNvbHV0aW9ucyBsdGQuDQpBZGQ6IE5vIDM1NCBIb25neGlhbmcgUm9hZCwgTHVjaGVuZyBk aXN0cmljdCwgV2VuemhvdSBjaXR5LCBaaGVqaWFuZyBQcm92aW5jZSwgQ2hpbmENClNreXBlIGlk OiBMSlNBTklUQVJZMTk5OA0KWWFob28gTWVzc2VuZ2VyIGlkOis4NjEzODU3NzA3ODcxDQpJQ1Eg VUlOOiA3MjcxMzM0MjkNCkVtYWlsOnRvb2xzQHNtdHAtc2VydmljZS5jb20= From owner-freebsd-net@freebsd.org Sat Jan 13 22:06:49 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7DC5EA7EF8 for ; Sat, 13 Jan 2018 22:06:49 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gilb.zs64.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8AA857A586 for ; Sat, 13 Jan 2018 22:06:49 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id 97FE0196EA8; Sat, 13 Jan 2018 22:06:38 +0000 (UTC) From: Stefan Bethke Content-Type: multipart/signed; boundary="Apple-Mail=_3A8344FF-B41D-49B3-A27D-71D615AC6953"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: IPv6 NDP triggering QuaggaLinux problem? Message-Id: <2D00C83A-5A25-4A69-9D31-BD1E9F61BD49@lassitu.de> Date: Sat, 13 Jan 2018 23:06:36 +0100 Cc: Thomas Wieske , Andreas Sons To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 22:06:49 -0000 --Apple-Mail=_3A8344FF-B41D-49B3-A27D-71D615AC6953 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hey guys, I=E2=80=99m a bit stumped and are hoping for some helpful pointers. I have two machines both running a recent 11-stable (SuperMicro X11SSH-F = with a E3-1240v6); each one is connected to one Ethernet switch through = igb0, and back-to-back connected to the other box through igb1. igb1 = only has IPv4 RFC 1918 addresses configured. To make it easier to give bhyve VMs a public IP, igb0 is added as a = member to brigde0, and all addresses are configured on bridge0. The = hosts run a small number of jails with addresses on bridge0 as well. Whenever IPv6 is active on bridge0, my ISPs router (which is some = version of Quagga running on Linux) keeps filling up it=E2=80=99s = routing table within minutes; then traffic stops, the routing table is = cleared and the normal set of entries is installed, and traffic resumes. = This pattern then repeats. The router apparent has has full table with = ~46000 routes normally, but within minutes, the Linux kernel routing = table gets filled up with multiple copies of that. I believe that is is = likely a problem with Quagga on Linux, and ultimately has to be resolved = there, but the question lingers what my two systems could be sending = that could trigger this. The ISP and I have looked at NDP config, tcpdumps of NDP, and general = IPv6 config, but we cannot identify why Quagga or the Linux kernel would = behave that way. Other FreeBSD boxes connected to the same router (but = different IPv6 /64s) do not trigger this behaviour. My systems are not really loaded, and traffic is light. One box gets = about 50 packet/s, the other about 400 (this one is in the NTP pool, and = running a DNS server). I=E2=80=99ve tried switching off NUD, but that doesn=E2=80=99t change = the behaviour of the Quagga system. Here=E2=80=99s some output of the current configuration: # ifconfig igb0; ifconfig bridge0 igb0: flags=3D8943 = metric 0 mtu 1500 = options=3D6403bb ether ac:1f:6b:18:xx:6e hwaddr ac:1f:6b:18:xx:6e inet6 fe80::ae1f:6bff:fexx:66e%igb0 prefixlen 64 tentative = scopeid 0x1 nd6 options=3D8 media: Ethernet autoselect (1000baseT ) status: active bridge0: flags=3D8843 metric 0 = mtu 1500 description: vm-bridge0 ether 02:3c:9f:37:xx:00 inet 212.12.xx.225 netmask 0xffffffe0 broadcast 212.12.xx.255 inet 212.12.xx.226 netmask 0xffffffff broadcast 212.12.xx.226 inet 212.12.xx.253 netmask 0xffffffff broadcast 212.12.xx.253 inet 212.12.xx.229 netmask 0xffffffff broadcast 212.12.xx.229 inet6 fe80::3c:9fff:fe37:xx00%bridge0 prefixlen 64 scopeid 0x7 inet6 2a00:14b0:4200:32xx::1e1 prefixlen 64 inet6 2a00:14b0:4200:32xx::1e2 prefixlen 128 inet6 2a00:14b0:4200:32xx::1fd prefixlen 128 inet6 2a00:14b0:4200:32xx::1e5 prefixlen 128 nd6 options=3D8020 groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: igb0 flags=3D143 ifmaxaddr 0 port 1 priority 128 path cost 2000000 # ndp -an Neighbor Linklayer Address Netif Expire = S Flags 2a00:14b0:4200:32xx::1e1 02:3c:9f:37:xx:00 bridge0 permanent = R 2a00:14b0:4200:32xx::1 00:50:56:a1:xx:b5 bridge0 23h59m58s = S R 2a00:14b0:4200:32xx::1e2 02:3c:9f:37:xx:00 bridge0 permanent = R 2a00:14b0:4200:32xx::1e5 02:3c:9f:37:xx:00 bridge0 permanent = R 2a00:14b0:4200:32xx::1e7 02:5a:1d:92:xx:00 bridge0 23h59m16s = S 2a00:14b0:4200:32xx::1e8 02:5a:1d:92:xx:00 bridge0 23h59m2s = S 2a00:14b0:4200:32xx::1eb 02:5a:1d:92:xx:00 bridge0 23h55m7s = S 2a00:14b0:4200:32xx::1ea 02:5a:1d:92:xx:00 bridge0 23h2m24s = S fe80::3c:9fff:fe37:2500%bridge0 02:3c:9f:37:xx:00 bridge0 permanent = R fe80::250:56ff:fea1:dfb5%bridge0 00:50:56:a1:xx:b5 bridge0 23h59m57s = S R 2a00:14b0:4200:32e0::1fd 02:3c:9f:37:xx:00 bridge0 permanent = R fe80::ae1f:6bff:fe18:xx6f%igb1 ac:1f:6b:18:xx:6f igb1 permanent = R fe80::ae1f:6bff:fe18:xx6e%igb0 ac:1f:6b:18:xx:6e igb0 permanent = R # ndp -i bridge0 linkmtu=3D0, maxmtu=3D0, curhlim=3D64, basereachable=3D30s0ms, = reachable=3D32s, retrans=3D1s0ms Flags: auto_linklocal Stefan -- Stefan Bethke Fon +49 151 14070811 --Apple-Mail=_3A8344FF-B41D-49B3-A27D-71D615AC6953 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAlpaguwACgkQD885WK4W 4sGhEQf/aSTQYoGrh0vD2vY8ThhvcJNHmKLezgH/MUhPjAzCWs7R7dSEBlkvdznG mXAPdwHIfPkNe+vNfazIIb1rKPjw5I5cm6zt7N9igFmDcJPytj5AVMSQEOELukzM 4Fk9K0Go6OgWAKISPBxSi9RfVitFLpgNBTOFMWnGLOeB6uhz1624TCZ8KWnaVbv5 Knphs3jU4OTYc7/EbE1fe//67fej9HzMAGPgN+hKAg6UA6utEQuWUoYPDkSiE/xv L4Y0o60pzc8rsi5BWaNL6doAUNcdGSjcxrq0DVwZz/WpGnZMbouqY8c+D01dvePR fJNT79BcOOiffnkwTdC0XueDHVkWDg== =8VC3 -----END PGP SIGNATURE----- --Apple-Mail=_3A8344FF-B41D-49B3-A27D-71D615AC6953-- From owner-freebsd-net@freebsd.org Sat Jan 13 22:49:34 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75B20EB424F for ; Sat, 13 Jan 2018 22:49:34 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gilb.zs64.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 299AE7C1EC for ; Sat, 13 Jan 2018 22:49:34 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id B738A1974CB; Sat, 13 Jan 2018 22:49:32 +0000 (UTC) From: Stefan Bethke Message-Id: <8AD8F511-9BA7-4A51-9F30-483432F605AA@lassitu.de> Content-Type: multipart/signed; boundary="Apple-Mail=_9F391E84-9692-4450-ABAC-E3BD74BAF297"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: IPv6 NDP triggering QuaggaLinux problem? Date: Sat, 13 Jan 2018 23:49:31 +0100 In-Reply-To: <2D00C83A-5A25-4A69-9D31-BD1E9F61BD49@lassitu.de> Cc: Thomas Wieske , Andreas Sons To: freebsd-net@freebsd.org References: <2D00C83A-5A25-4A69-9D31-BD1E9F61BD49@lassitu.de> X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jan 2018 22:49:34 -0000 --Apple-Mail=_9F391E84-9692-4450-ABAC-E3BD74BAF297 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Am 13.01.2018 um 23:06 schrieb Stefan Bethke : >=20 > Hey guys, >=20 > I=E2=80=99m a bit stumped and are hoping for some helpful pointers. >=20 > I have two machines both running a recent 11-stable (SuperMicro = X11SSH-F with a E3-1240v6); each one is connected to one Ethernet switch = through igb0, and back-to-back connected to the other box through igb1. = igb1 only has IPv4 RFC 1918 addresses configured. >=20 > To make it easier to give bhyve VMs a public IP, igb0 is added as a = member to brigde0, and all addresses are configured on bridge0. The = hosts run a small number of jails with addresses on bridge0 as well. >=20 > Whenever IPv6 is active on bridge0, my ISPs router (which is some = version of Quagga running on Linux) keeps filling up it=E2=80=99s = routing table within minutes; then traffic stops, the routing table is = cleared and the normal set of entries is installed, and traffic resumes. = This pattern then repeats. The router apparent has has full table with = ~46000 routes normally, but within minutes, the Linux kernel routing = table gets filled up with multiple copies of that. I believe that is is = likely a problem with Quagga on Linux, and ultimately has to be resolved = there, but the question lingers what my two systems could be sending = that could trigger this. >=20 > The ISP and I have looked at NDP config, tcpdumps of NDP, and general = IPv6 config, but we cannot identify why Quagga or the Linux kernel would = behave that way. Other FreeBSD boxes connected to the same router (but = different IPv6 /64s) do not trigger this behaviour. >=20 > My systems are not really loaded, and traffic is light. One box gets = about 50 packet/s, the other about 400 (this one is in the NTP pool, and = running a DNS server). >=20 > I=E2=80=99ve tried switching off NUD, but that doesn=E2=80=99t change = the behaviour of the Quagga system. >=20 > Here=E2=80=99s some output of the current configuration: > # ifconfig igb0; ifconfig bridge0 > igb0: flags=3D8943 = metric 0 mtu 1500 > = options=3D6403bb > ether ac:1f:6b:18:xx:6e > hwaddr ac:1f:6b:18:xx:6e > inet6 fe80::ae1f:6bff:fexx:66e%igb0 prefixlen 64 tentative = scopeid 0x1 > nd6 options=3D8 > media: Ethernet autoselect (1000baseT ) > status: active > bridge0: flags=3D8843 metric 0 = mtu 1500 > description: vm-bridge0 > ether 02:3c:9f:37:xx:00 > inet 212.12.xx.225 netmask 0xffffffe0 broadcast 212.12.xx.255 > inet 212.12.xx.226 netmask 0xffffffff broadcast 212.12.xx.226 > inet 212.12.xx.253 netmask 0xffffffff broadcast 212.12.xx.253 > inet 212.12.xx.229 netmask 0xffffffff broadcast 212.12.xx.229 > inet6 fe80::3c:9fff:fe37:xx00%bridge0 prefixlen 64 scopeid 0x7 > inet6 2a00:14b0:4200:32xx::1e1 prefixlen 64 > inet6 2a00:14b0:4200:32xx::1e2 prefixlen 128 > inet6 2a00:14b0:4200:32xx::1fd prefixlen 128 > inet6 2a00:14b0:4200:32xx::1e5 prefixlen 128 > nd6 options=3D8020 > groups: bridge > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: igb0 flags=3D143 > ifmaxaddr 0 port 1 priority 128 path cost 2000000 > # ndp -an > Neighbor Linklayer Address Netif Expire = S Flags > 2a00:14b0:4200:32xx::1e1 02:3c:9f:37:xx:00 bridge0 = permanent R > 2a00:14b0:4200:32xx::1 00:50:56:a1:xx:b5 bridge0 = 23h59m58s S R > 2a00:14b0:4200:32xx::1e2 02:3c:9f:37:xx:00 bridge0 = permanent R > 2a00:14b0:4200:32xx::1e5 02:3c:9f:37:xx:00 bridge0 = permanent R > 2a00:14b0:4200:32xx::1e7 02:5a:1d:92:xx:00 bridge0 = 23h59m16s S > 2a00:14b0:4200:32xx::1e8 02:5a:1d:92:xx:00 bridge0 = 23h59m2s S > 2a00:14b0:4200:32xx::1eb 02:5a:1d:92:xx:00 bridge0 = 23h55m7s S > 2a00:14b0:4200:32xx::1ea 02:5a:1d:92:xx:00 bridge0 = 23h2m24s S > fe80::3c:9fff:fe37:2500%bridge0 02:3c:9f:37:xx:00 bridge0 = permanent R > fe80::250:56ff:fea1:dfb5%bridge0 00:50:56:a1:xx:b5 bridge0 = 23h59m57s S R > 2a00:14b0:4200:32e0::1fd 02:3c:9f:37:xx:00 bridge0 = permanent R > fe80::ae1f:6bff:fe18:xx6f%igb1 ac:1f:6b:18:xx:6f igb1 = permanent R > fe80::ae1f:6bff:fe18:xx6e%igb0 ac:1f:6b:18:xx:6e igb0 = permanent R > # ndp -i bridge0 > linkmtu=3D0, maxmtu=3D0, curhlim=3D64, basereachable=3D30s0ms, = reachable=3D32s, retrans=3D1s0ms > Flags: auto_linklocal One more data point: on the Quagga machine, my ISP is seeing this: # ip -6 route show | grep 2a00:14b0:4200:32xx 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 2a00:14b0:4200:32xx::/64 dev vlan503 proto kernel metric 256 ^C This make no sense, does it? My machines don=E2=80=99t run rtadvd; I = believe the bridge is not actively using (R)STP, nor is there any active = routing protocol. Why Quagga would try to (and succeed) install tens of = copies of seemingly identical routes is beyond me. Stefan -- Stefan Bethke Fon +49 151 14070811 --Apple-Mail=_9F391E84-9692-4450-ABAC-E3BD74BAF297 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAlpajPsACgkQD885WK4W 4sFkUQgArfHiuX/Zh/RO4m5Nh01T3BGaGqzS4qMrx51hFdrzkbg5w0aQBZxz3y+a F62py++6tpbqgk1Bs3Pz1i4JXxemcobS5PhRZVrvCpkq4ZbGG/5xywgIiVhwpZ8f 1bt51RibekQIhRz4zEh9hapn1EWy+EYyhtKamc8UawBFPRN7B1q7mQVnznOgKE+r 6yS8RJtvjTu0wuuto5ntSi58/ugpa92ACUSxNh0qLNKFi0viLmfdhDBC5eKCeOYJ /+NvtkzpTuFw7mE+XH2zq7Z+It8WgXliOXylXFXGJqllMJqU/lKmC6TQYUNfJsZN UuyEKiVz1lsa06z+Kxz3BGJVbUVS7g== =pRaW -----END PGP SIGNATURE----- --Apple-Mail=_9F391E84-9692-4450-ABAC-E3BD74BAF297--