From owner-freebsd-net@FreeBSD.ORG Sun May 9 04:45:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3738316A4CE for ; Sun, 9 May 2004 04:45:03 -0700 (PDT) Received: from rincewind.c4inet.net (rincewind.c4inet.net [193.120.144.209]) by mx1.FreeBSD.org (Postfix) with SMTP id 3615043D46 for ; Sun, 9 May 2004 04:45:02 -0700 (PDT) (envelope-from lists@rincewind.c4inet.net) Received: (qmail 47747 invoked from network); 9 May 2004 11:45:00 -0000 Received: from localhost.c4inet.net (HELO rincewind.c4inet.net) (127.0.0.1) by rincewind.c4inet.net with SMTP; 9 May 2004 11:45:00 -0000 Received: (from lists@localhost) by rincewind.c4inet.net (8.12.10/8.12.10/Submit) id i49Bj0VT047745 for freebsd-net@freebsd.org; Sun, 9 May 2004 12:45:00 +0100 (IST) (envelope-from lists) Date: Sun, 9 May 2004 12:45:00 +0100 From: C4I Networks To: freebsd-net@freebsd.org Message-ID: <20040509114500.GA47717@rincewind.c4inet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 5.2.1-RELEASE X-Crypto: GnuPG/1.24 http://www.gnupg.org X-Uptime: 12:39PM up 73 days, 5:47, 3 users, load averages: 0.00, 0.00, 0.00 Subject: iSCSI support? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 11:45:03 -0000 Hi all, I am looking at shared storage options for FBSD based systems. Does anyone know the status of iSCSI support (as far as extant) in FreeBSD? Cheers, Sascha From owner-freebsd-net@FreeBSD.ORG Sun May 9 07:02:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833BD16A4CF for ; Sun, 9 May 2004 07:02:20 -0700 (PDT) Received: from mta04-svc.ntlworld.com (mta04-svc.ntlworld.com [62.253.162.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB87F43D31 for ; Sun, 9 May 2004 07:02:19 -0700 (PDT) (envelope-from jon@witchspace.com) Received: from witchspace.com ([81.110.67.239]) by mta04-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20040509140143.UJCY26823.mta04-svc.ntlworld.com@witchspace.com> for ; Sun, 9 May 2004 15:01:43 +0100 Received: (qmail 8921 invoked from network); 9 May 2004 14:02:17 -0000 Received: from unknown (HELO webmail.local) (127.0.0.1) by localhost.witchspace.com with SMTP; 9 May 2004 14:02:17 -0000 Received: from 192.168.0.1 (SquirrelMail authenticated user jon) by webmail.local with HTTP; Sun, 9 May 2004 15:02:17 +0100 (BST) Message-ID: <3099.192.168.0.1.1084111337.squirrel@webmail.local> Date: Sun, 9 May 2004 15:02:17 +0100 (BST) From: "Jonathan Belson" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Outstanding issues with ipsec under 5.2.1? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 14:02:20 -0000 Hiya I've just spent a few hours trying to set up a working ipsec tunnel between a wireless laptop and my server. As a first step, I set up a tunnel between two machines on the same (wired) subnet, one running -STABLE and the other 4.8-RELEASE. Apart from haivng to fix a couple of typos, it work pretty much first time. When I tried using the same config between the laptop and server (having changed the appropriate IPs), the connection always timed out in phase 1 of the negotiation. I can only thing of two differences between the set ups: a. The wireless link has a wireless access point in between the two machines, ie. laptop (192.168.1.10) <-> AP (192.168.1.5) <-> server (192.168.1.100). The default route is set to 0.0.0.0. Without ipsec the connection works fine. b. The laptop is running 5.2.1-RELEASE. I remember reading there were some outstanding issues with ipsec under 5.x, could they be responsible for this problem? Cheers, -- Jon From owner-freebsd-net@FreeBSD.ORG Sun May 9 09:55:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D7F316A4CE for ; Sun, 9 May 2004 09:55:12 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA5143D49 for ; Sun, 9 May 2004 09:55:11 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (24-161-166-146.san.rr.com [24.161.166.146]) by smtp-relay.omnis.com (Postfix) with ESMTP id EF09F1880A1F; Sun, 9 May 2004 09:55:10 -0700 (PDT) From: Wes Peters Organization: Softweyr.COM To: freebsd-net@freebsd.org Date: Sun, 9 May 2004 09:55:10 -0700 User-Agent: KMail/1.6.1 References: <006f01c43206$eb5f4b20$3200a8c0@cbcoffice> <4097E60D.7090102@mac.com> In-Reply-To: <4097E60D.7090102@mac.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405090955.10566.wes@softweyr.com> cc: The Jetman Subject: Re: [4.9-R]Can I Make My DSL Connect Go Faster ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 16:55:12 -0000 On Tuesday 04 May 2004 11:50, Chuck Swiger wrote: > The Jetman wrote: > [ ... ] > > > Wes: I've used a couple of Internet speed tests, at different > > times, but always w/ the same configs. Neither config has been > > modified. All of the results are the same. I use ADSLGuide and > > DLSReports as my speed tests, which are in different continents, but > > both report the same speeds. I use different browsers, but Java is > > what does the deal. > > If you're using a DSL provider like Verizon which uses PPPoE, you might > try adjusting your MTU down to 1490 or so, or else you will fragment > large data packets and encounter quite a slowdown. > > Use something like this in your /etc/rc.conf file: > > ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.0 mtu 1490" > > ...or run ifconfig directly and see whether this helps. And then try downloading something from a real server instead of running the stupid benchmark. Really! Burn up some bits getting something real, not running somebody's artifical browser toy. -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com From owner-freebsd-net@FreeBSD.ORG Sun May 9 11:20:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B61716A4CE for ; Sun, 9 May 2004 11:20:11 -0700 (PDT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id F08DB43D3F for ; Sun, 9 May 2004 11:20:10 -0700 (PDT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 594A91FFDD9; Sun, 9 May 2004 20:20:09 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 46DC71FFDD7; Sun, 9 May 2004 20:20:07 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id D5DAC154F8; Sun, 9 May 2004 18:18:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id CB157154E2; Sun, 9 May 2004 18:18:34 +0000 (UTC) Date: Sun, 9 May 2004 18:18:34 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Jonathan Belson In-Reply-To: <3099.192.168.0.1.1084111337.squirrel@webmail.local> Message-ID: References: <3099.192.168.0.1.1084111337.squirrel@webmail.local> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re: Outstanding issues with ipsec under 5.2.1? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 18:20:11 -0000 On Sun, 9 May 2004, Jonathan Belson wrote: > b. The laptop is running 5.2.1-RELEASE. > > I remember reading there were some outstanding issues with ipsec under > 5.x, could they be responsible for this problem? yes; please read following thread: http://lists.freebsd.org/pipermail/freebsd-net/2004-March/thread.html#3514 -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ From owner-freebsd-net@FreeBSD.ORG Sun May 9 12:18:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB00416A4CE for ; Sun, 9 May 2004 12:18:08 -0700 (PDT) Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31AF443D1F for ; Sun, 9 May 2004 12:18:08 -0700 (PDT) (envelope-from jon@witchspace.com) Received: from witchspace.com ([81.110.67.239]) by mta11-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20040509142408.XZUA2033.mta11-svc.ntlworld.com@witchspace.com> for ; Sun, 9 May 2004 15:24:08 +0100 Received: (qmail 9058 invoked from network); 9 May 2004 14:24:07 -0000 Received: from unknown (HELO webmail.local) (127.0.0.1) by localhost.witchspace.com with SMTP; 9 May 2004 14:24:07 -0000 Received: from 192.168.0.1 (SquirrelMail authenticated user jon) by webmail.local with HTTP; Sun, 9 May 2004 15:24:07 +0100 (BST) Message-ID: <3511.192.168.0.1.1084112647.squirrel@webmail.local> In-Reply-To: <3099.192.168.0.1.1084111337.squirrel@webmail.local> References: <3099.192.168.0.1.1084111337.squirrel@webmail.local> Date: Sun, 9 May 2004 15:24:07 +0100 (BST) From: "Jonathan Belson" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: Outstanding issues with ipsec under 5.2.1? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 19:18:08 -0000 Hiya > I've just spent a few hours trying to set up a working ipsec tunnel > between a wireless laptop and my server. I found an e-mail from someone who was having a similar problem with 5.2-RELEASE http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2858147+0+/usr/local/www/db/text/2004/freebsd-current/20040208.freebsd-current so it looks like the problem still exists. I've worked around it in the meantime by replacing 'require' with 'use'. Is the FAST_IPSEC option only for machines with crypto-hardware? Cheers, -- Jon From owner-freebsd-net@FreeBSD.ORG Sun May 9 12:50:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 571FA16A4CE for ; Sun, 9 May 2004 12:50:11 -0700 (PDT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B17243D39 for ; Sun, 9 May 2004 12:50:10 -0700 (PDT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id F0F761FFDD6; Sun, 9 May 2004 21:50:08 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 149411FFDD4; Sun, 9 May 2004 21:50:07 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 9FF8B154F8; Sun, 9 May 2004 19:45:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 953CD154E2; Sun, 9 May 2004 19:45:14 +0000 (UTC) Date: Sun, 9 May 2004 19:45:14 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Jonathan Belson In-Reply-To: <3511.192.168.0.1.1084112647.squirrel@webmail.local> Message-ID: References: <3099.192.168.0.1.1084111337.squirrel@webmail.local> <3511.192.168.0.1.1084112647.squirrel@webmail.local> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re: Outstanding issues with ipsec under 5.2.1? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 19:50:11 -0000 On Sun, 9 May 2004, Jonathan Belson wrote: > > I've just spent a few hours trying to set up a working ipsec tunnel > > between a wireless laptop and my server. > > I found an e-mail from someone who was having a similar problem with > 5.2-RELEASE > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2858147+0+/usr/local/www/db/text/2004/freebsd-current/20040208.freebsd-current > > so it looks like the problem still exists. > > I've worked around it in the meantime by replacing 'require' with 'use'. you need to do this for IKE traffic only; see http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003541.html and http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003542.html > Is the FAST_IPSEC option only for machines with crypto-hardware? no. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ From owner-freebsd-net@FreeBSD.ORG Sun May 9 15:03:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9934516A4CE; Sun, 9 May 2004 15:03:59 -0700 (PDT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBC9043D2D; Sun, 9 May 2004 15:03:58 -0700 (PDT) (envelope-from garycor@comcast.net) Received: from comcast.net (pcp09118143pcs.union01.nj.comcast.net[69.142.234.88]) by comcast.net (sccrmhc12) with SMTP id <2004050922035801200rq26qe> (Authid: garycor); Sun, 9 May 2004 22:03:58 +0000 Message-ID: <409EAB10.8000303@comcast.net> Date: Sun, 09 May 2004 18:05:04 -0400 From: Gary Corcoran User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Can't compile Intel gigabit "em" driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 22:03:59 -0000 Quick background: I'm running FreeBSD 4.8-Release and have a new Intel Pro/1000 MT NIC I want to install. While there is a man page for the "em" driver which should be usable, there is no "em" listed in LINT or GENERIC. Nor is the source code for if_em.c anywhere on my system. So I downloaded the FreeeBSD driver source from Intel, which is listed as being for FreeBSD 4.7. It's their latest code. But trying to compile it as a kernel module doesn't work. I have searched google and freebsd.org, but can't find an answer to this problem. When I run make (as root or user), I just instantly get the error: "/usr/share/mk/bsd.man.mk", line 53: bsd.man.mk cannot be included directly. This is their makefile. As you can see, it just includes , which seems to be perfectly legitimate (i.e. what other kernel modules makefiles do): ------------------------------------- #$FreeBSD$ .PATH: ${.CURDIR} KMOD = if_em SRCS = device_if.h bus_if.h pci_if.h opt_bdg.h SRCS += if_em_hw.c if_em.c CFLAGS += -DLM clean: rm -f opt_bdg.h device_if.h bus_if.h pci_if.h setdef* rm -f *.o *.kld *.ko rm -f @ machine .include ------------------------------------ Any ideas on what the problem is? Thanks, Gary P.S. Not subscribed to these two lists, so please keep me in the To: or Cc: list. From owner-freebsd-net@FreeBSD.ORG Sun May 9 15:22:13 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 555CF16A4CF; Sun, 9 May 2004 15:22:13 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1FE543D4C; Sun, 9 May 2004 15:22:12 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Sun, 9 May 2004 18:22:11 -0400 Message-ID: From: Don Bowman To: 'Gary Corcoran' , freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Date: Sun, 9 May 2004 18:22:08 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Can't compile Intel gigabit "em" driver X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 22:22:13 -0000 From: Gary Corcoran [mailto:garycor@comcast.net] > > Quick background: > I'm running FreeBSD 4.8-Release and have a new Intel Pro/1000 MT > NIC I want to install. While there is a man page for the "em" > driver which should be usable, there is no "em" listed in LINT > or GENERIC. Nor is the source code for if_em.c anywhere on my > system. So I downloaded the FreeeBSD driver source from Intel, > which is listed as being for FreeBSD 4.7. It's their latest code. em is in the standard source tree for 4.8 src/sys/dev/em you add 'device em' to your kernel config to compile it in, or you can load the module by adding 'load_if_em=YES' to loader.conf if you installed from the 4.8 CD, you will have the module present in /modules/if_em.ko you can type 'kldload if_em' to try that theory, it will load the driver, and it should now show in 'ifconfig'. --don From owner-freebsd-net@FreeBSD.ORG Mon May 10 00:26:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE3EB16A4CF; Mon, 10 May 2004 00:26:34 -0700 (PDT) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1980C43D31; Mon, 10 May 2004 00:26:34 -0700 (PDT) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i4A7PCch022658; Mon, 10 May 2004 17:26:33 +1000 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i478YoHn024117; Fri, 7 May 2004 18:34:50 +1000 (EST) From: Darren Reed Message-Id: <200405070834.i478YoHn024117@caligula.anu.edu.au> To: andre@freebsd.org Date: Fri, 7 May 2004 18:34:50 +1000 (Australia/ACT) X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Default behaviour of IP Options processing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 07:26:34 -0000 I think this is getting absurd/stupid. What do we have 3 firewalls for in FreeBSD if people are going to add knobs like this that just duplicate that behaviour ? Is there something lacking in all of those firewalls that make this necessary ? Are they all too hard to use ? Do they all impact performance so badly that people want hacks in IP in preference ? Who lets packets through their firewall with IP options, anyway ? Or is this for defence against the "evil insider" ? If the only people who are likely to use them are the security concious, ie the type of people who will use firewall rules, anyway, then this further suggests that it is just bloat and unwarranted bloat. Personally, if I want to block IP options, I won't be using these sysctl's - ever. By the time you add enough usability to them in order to make them do the equivalent of any of the firewalls, you will have added more complexity and code than is worth it. If all you're doing is trying to streamline ip_input(), then IMHO it fits into the category of "gross hack" - and there are probably other ways to better achieve this than what's being done here. Write a whole new ip_input_options() or something, just to deal with it (and start duplicating code). Same with the issue of packet copies due to the size of the packet with options. Is a matching set of ioctls going to be added for IPv6 ? Oh what, you hadn't heard of extension headers for IPv6 ? Start reading... Then again, if the rationale for having these sysctl's is because we don't trust those code paths then: a) why don't we audit or do walk throughs or code inspections to fix this; b) why don't we add sysctl's to disable all code paths that we have similar doubts about elsewhere in the kernel. Doing (b) is just stupid but if there are real concerns then there is a lot more to gain by doing (a) than adding these sysctl's as a defence mechanism. Darren From owner-freebsd-net@FreeBSD.ORG Mon May 10 02:24:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8960016A4CF; Mon, 10 May 2004 02:24:26 -0700 (PDT) Received: from shiva.openaccess.org (shiva.openaccess.org [216.57.214.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1189543D5A; Mon, 10 May 2004 02:24:26 -0700 (PDT) (envelope-from michael@staff.openaccess.org) Received: from [216.57.214.90] ([216.57.214.90]) by shiva.openaccess.org (8.12.9/8.12.3) with ESMTP id i4A9OElC033301; Mon, 10 May 2004 02:24:14 -0700 (PDT) (envelope-from michael@staff.openaccess.org) User-Agent: Microsoft-Entourage/10.1.4.030702.0 Date: Mon, 10 May 2004 02:24:14 -0700 From: Michael DeMan To: Darren Reed , Message-ID: In-Reply-To: <200405070834.i478YoHn024117@caligula.anu.edu.au> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Default behaviour of IP Options processing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 09:24:26 -0000 I agree with the 3 firewalls being a problem. I would like to point out however that having the 3 firewalls is a classic political issue. >From a purely technical perspective we have IPFW and IPF/PF. Really, only two firewalls. For our company, as an end user that occasionally has to do build/port hacks to provide products to service our customers, ipfw needs to go and the political issues between IPF/PF need to be solved. Currently we use IPF for firewalls and IPFW+DummyNet for bandwidth limiting. Using two different administrative tools and syntax sucks. Ideally for us an IPF/Alt-Q solution is the best. However, egos seem to prevail, and IPFW links with experience makes it a forimidable solution to switch away from. Given the statements above, I am grateful for all the code and work people have done. - Mike Michael F. DeMan Director of Technology OpenAccess Internet Services 1305 11th St., 3rd Floor Bellingham, WA 98225 Tel 360-647-0785 x204 Fax 360-738-9785 michael@staff.openaccess.org P.S. - Thanks for cleaning up the code Darren. We can finally do IPSEC+IPNAT for our WiFi customers. Yes, there are potential security holes but we can run IPSEC 0.0.0.0/0 plus IPNAT which is far better than WEP. On 5/7/04 1:34 AM, "Darren Reed" wrote: > > I think this is getting absurd/stupid. > > What do we have 3 firewalls for in FreeBSD if people are going to > add knobs like this that just duplicate that behaviour ? > > Is there something lacking in all of those firewalls that make > this necessary ? > > Are they all too hard to use ? > Do they all impact performance so badly that people want hacks > in IP in preference ? > Who lets packets through their firewall with IP options, anyway ? > Or is this for defence against the "evil insider" ? > > If the only people who are likely to use them are the security > concious, ie the type of people who will use firewall rules, > anyway, then this further suggests that it is just bloat and > unwarranted bloat. > > Personally, if I want to block IP options, I won't be using these > sysctl's - ever. By the time you add enough usability to them in > order to make them do the equivalent of any of the firewalls, you > will have added more complexity and code than is worth it. > > If all you're doing is trying to streamline ip_input(), then IMHO > it fits into the category of "gross hack" - and there are probably > other ways to better achieve this than what's being done here. > Write a whole new ip_input_options() or something, just to deal > with it (and start duplicating code). > > Same with the issue of packet copies due to the size of the packet > with options. > > Is a matching set of ioctls going to be added for IPv6 ? > Oh what, you hadn't heard of extension headers for IPv6 ? > Start reading... > > Then again, if the rationale for having these sysctl's is because > we don't trust those code paths then: > a) why don't we audit or do walk throughs or code inspections > to fix this; > b) why don't we add sysctl's to disable all code paths that we > have similar doubts about elsewhere in the kernel. > > Doing (b) is just stupid but if there are real concerns then there > is a lot more to gain by doing (a) than adding these sysctl's as a > defence mechanism. > > Darren > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Mon May 10 03:51:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C8E316A4CE for ; Mon, 10 May 2004 03:51:52 -0700 (PDT) Received: from deliver.epitech.net (deliver.epitech.net [163.5.0.25]) by mx1.FreeBSD.org (Postfix) with SMTP id 6737143D31 for ; Mon, 10 May 2004 03:51:51 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from epita.fr ([10.42.1.60]) by deliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004051012474320063 ; Mon, 10 May 2004 12:47:43 +0200 Received: from rocco (rocco.epita.fr [10.42.14.9]) by epita.fr id i4AApnJ03952 Mon, 10 May 2004 12:51:49 +0200 (CEST) Date: Mon, 10 May 2004 12:51:47 +0200 From: Jeremie LE HEN To: Richard Coleman Message-ID: <20040510105147.GA6402@rocco.epita.fr> References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <20040506185854.GB1777@madman.celabo.org> <20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org> <20040508101459.A98855@xorpc.icir.org> <409D20C8.6090105@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <409D20C8.6090105@mindspring.com> User-Agent: Mutt/1.4i cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 10:51:52 -0000 > A quick glance raises this question about net.inet.tcp.blackhole, > net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN. I'm sure there > are others. I agree for the IPSTEALTH and TCP_DROP_SYNFIN options, but *.blackhole options are quite useful if you want to open a range of port (for example FTP passive port range) without appearing as non-firewalled. This feature cannot be achieved using one of the available packet filters on FreeBSD. Regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr ttz@epita.fr Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! From owner-freebsd-net@FreeBSD.ORG Mon May 10 09:32:14 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 283BC16A4CE for ; Mon, 10 May 2004 09:32:14 -0700 (PDT) Received: from smtp1.completel.net (smtp1-out.completel.net [195.167.192.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BA7443D41 for ; Mon, 10 May 2004 09:32:13 -0700 (PDT) (envelope-from fabien.thomas@netasq.com) Received: from smtp.netasq.com (unknown [213.30.137.178]) by smtp1.completel.net (Postfix) with ESMTP id 5BAED25C088 for ; Mon, 10 May 2004 18:32:13 +0200 (CEST) Message-ID: <409FAE8C.1030706@netasq.com> Date: Mon, 10 May 2004 18:32:12 +0200 From: Fabien THOMAS User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms020803050609020101010107" Subject: em driver problem (system lock) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 16:32:14 -0000 This is a cryptographically signed message in MIME format. --------------ms020803050609020101010107 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, We use a lot of intel gigabit card and since the first time we use it we experience some strange hard lock of the system (4.9|FreeBSD-stable). We have tried several driver version (it is not related to a version). We use the card in polling mode but it seems that the problem can be fired even in interrupt mode. What i found during the debugging on a fiber card: 1) original driver did not lock but when the other end is rebooted i've around 10 linkup/linkdown 2) removing linkup/linkdown printf: driver lock each time the other end system is rebooted! 3) removing the E1000_IMC_RXSEQ in disable_intr correct the lock but i do not understand why: a) E1000_IMC_RXSEQ need to be left when disabling intr? b) the system completly lock (even under debugger) for just an interrupt source enabled? static void em_disable_intr(struct adapter *adapter) { E1000_WRITE_REG(&adapter->hw, IMC, (0xffffffff));/* & ~E1000_IMC_RXSEQ));*/ return; } What do you think of that ? fabien --------------ms020803050609020101010107 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII5DCC BG4wggNWoAMCAQICAgCAMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYDVQQGEwJGUjENMAsGA1UE CBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAt IFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTAeFw0wMzA2MDQxMjQ4MDdaFw0wNDA2MDMxMjQ4MDdaMIHSMQsw CQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3Ex LjAsBgNVBAoTJU5ldEFzcSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNV BAsTHk5ldEFzcSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEWMBQGA1UEAxMNRmFiaWVuIFRI T01BUzEnMCUGCSqGSIb3DQEJARYYZmFiaWVuLnRob21hc0BuZXRhc3EuY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDnmO6Hh5Nm3OOE7+k3zSP3/cWDBGbxVh5PInSwQeKW43cK KE0MH8Y5erHIhVVchaMRsvxBfJrB6T8s2vGNl+ZRnFVP2Ug8+xLYFFJONlkY1YnHTZJ/VGx/ lsf2ZDR7ZKqgcnuvbrLra4Np062oED1xwEpzbJnTemmbOGTqscUvcwIDAQABo4IBDzCCAQsw CQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFLJEqzTrOFxg8EONNUey1yGm2kWj MIG+BgNVHSMEgbYwgbOAFCcq6x3ZRNo6F3NqCSAgySWo+X+yoYGXpIGUMIGRMQswCQYDVQQG EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADARBglghkgBhvhCAQEEBAMCBaAwDQYJ KoZIhvcNAQEFBQADggEBAIvHoFpS3V+RmELk5XOcxU7fSfIPBnpGi0NQbw1P8BGKk86NAp5v sVyc13sz9knwlebXuDF7Qdso6SnakcJwMS/rut8rSxqhFCFIlEd7pa47hMdMLDbr/ZeQDs4h 81h919ipv4j4iA12YjAS6t1FJrO6EJMFGf/YwIQ5Ou/iSECN90MRQvRmQYQgYDruOZf/KEad Wd4kksoNQMnDwH5BTh8HbZ9DbN2l1s/GHP5U66l/Ik0I/Ghx7Rhv7S/aCZPAr7Q+QYcGcv7C 4lUjVFh0rlDC0aYQ0SEiykplA75W2qRklZZTinIb23BJZ9wugKooAFUYAORo3jv522SJyNe+ 9MwwggRuMIIDVqADAgECAgIAgDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCRlIxDTAL BgNVBAgTBE5vcmQxGjAYBgNVBAcTEVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRB U1EgLSBTZWN1cmUgSW50ZXJuZXQgQ29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDMwNjA0MTI0ODA3WhcNMDQwNjAzMTI0ODA3WjCB 0jELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcTEVZpbGxlbmV1dmUgZCdB c2NxMS4wLAYDVQQKEyVOZXRBc3EgLSBTZWN1cmUgSW50ZXJuZXQgQ29ubmVjdGl2aXR5MScw JQYDVQQLEx5OZXRBc3EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUZhYmll biBUSE9NQVMxJzAlBgkqhkiG9w0BCQEWGGZhYmllbi50aG9tYXNAbmV0YXNxLmNvbTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA55juh4eTZtzjhO/pN80j9/3FgwRm8VYeTyJ0sEHi luN3CihNDB/GOXqxyIVVXIWjEbL8QXyawek/LNrxjZfmUZxVT9lIPPsS2BRSTjZZGNWJx02S f1Rsf5bH9mQ0e2SqoHJ7r26y62uDadOtqBA9ccBKc2yZ03ppmzhk6rHFL3MCAwEAAaOCAQ8w ggELMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSyRKs06zhcYPBDjTVHstch ptpFozCBvgYDVR0jBIG2MIGzgBQnKusd2UTaOhdzagkgIMklqPl/sqGBl6SBlDCBkTELMAkG A1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcTEVZpbGxlbmV1dmUgZCdBc2NxMS4w LAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQgQ29ubmVjdGl2aXR5MScwJQYDVQQL Ex5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwEQYJYIZIAYb4QgEBBAQDAgWg MA0GCSqGSIb3DQEBBQUAA4IBAQCLx6BaUt1fkZhC5OVznMVO30nyDwZ6RotDUG8NT/ARipPO jQKeb7FcnNd7M/ZJ8JXm17gxe0HbKOkp2pHCcDEv67rfK0saoRQhSJRHe6WuO4THTCw26/2X kA7OIfNYfdfYqb+I+IgNdmIwEurdRSazuhCTBRn/2MCEOTrv4khAjfdDEUL0ZkGEIGA67jmX /yhGnVneJJLKDUDJw8B+QU4fB22fQ2zdpdbPxhz+VOupfyJNCPxoce0Yb+0v2gmTwK+0PkGH BnL+wuJVI1RYdK5QwtGmENEhIspKZQO+VtqkZJWWU4pyG9twSWfcLoCqKABVGADkaN47+dtk icjXvvTMMYIDTjCCA0oCAQEwgZgwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5AgIAgDAJBgUrDgMCGgUAoIICCzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG CSqGSIb3DQEJBTEPFw0wNDA1MTAxNjMyMTJaMCMGCSqGSIb3DQEJBDEWBBR1AwVuiF311gjV iJGcPVffRBRoMzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBqQYJKwYBBAGCNxAE MYGbMIGYMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVu ZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0 aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQICAIAwgasG CyqGSIb3DQEJEAILMYGboIGYMIGRMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEaMBgG A1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNVBAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRl cm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5FVEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eQICAIAwDQYJKoZIhvcNAQEBBQAEgYBWb2gNPOmuYVdqyX8TKEN+4YQ/CIB4/0zsM+r1 pTYIjA7XZ0W3AeIPVsQ/y84GMN9igMibraEzpgwO48KQhjZQ2I86DPr+7EVkP6CwSFbs5/tE T3JzPnY9cwPHOXmd/GB4hbVm4AJJ19j1lLwiB6qQ2rkQw5GoxPbAfZBlnVi35AAAAAAAAA== --------------ms020803050609020101010107-- From owner-freebsd-net@FreeBSD.ORG Mon May 10 11:01:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2139D16A4CE for ; Mon, 10 May 2004 11:01:37 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id F07BA43D3F for ; Mon, 10 May 2004 11:01:36 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i4AI1adQ095793 for ; Mon, 10 May 2004 11:01:36 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i4AI1asB095787 for freebsd-net@freebsd.org; Mon, 10 May 2004 11:01:36 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 10 May 2004 11:01:36 -0700 (PDT) Message-Id: <200405101801.i4AI1asB095787@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-net@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 18:01:37 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/07/11] kern/54383 net NFS root configurations without dynamic p 1 problem total. From owner-freebsd-net@FreeBSD.ORG Mon May 10 11:30:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80C0116A4CE for ; Mon, 10 May 2004 11:30:22 -0700 (PDT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15B2C43D41 for ; Mon, 10 May 2004 11:30:22 -0700 (PDT) (envelope-from erob@videotron.ca) Received: from videotron.ca ([24.202.95.92]) by VL-MO-MR010.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HXI00236JIOI5@VL-MO-MR010.ip.videotron.ca> for freebsd-net@freebsd.org; Mon, 10 May 2004 14:30:24 -0500 (EST) Date: Mon, 10 May 2004 14:32:05 -0400 From: Etienne Robillard To: freebsd-net@freebsd.org Message-id: <409FCAA5.5000504@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.5 (X11/20040406) X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Subject: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 18:30:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I am quite new to this list :) Context: There's a bridge that does one logical net for two nics (vr0,rl0) on the same box (freebsd-4.10-prerelease). vr0 = outsite net (isp connected with dhclient) rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. The module in use is bridge.ko and ipfw is in use by the bridge. Moreover, there's two servers (dhcpd/dnscache) that do dhcp and name-resolution on 192.168.1.1 (rl0). Question: Why promiscuous-mode enabled interfaces routes packets outbound successfully but not inbound ?? That is, why the private host can lookup addresses, but fails to receive back tcp packets from the internet ? any ideas ? I would really much appreciate any kinds of comments or hints concerning this scenario... Thanks Etienne -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAn8qlfhO/J4JSDfYRAkdFAJ0SgLdUw4YIp2fUcfirDnhg+C2nkQCePaSW NlICsDs/Rj2vySR3ikJjmvs= =5O1W -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon May 10 11:38:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C2F316A4CE for ; Mon, 10 May 2004 11:38:57 -0700 (PDT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id D910843D1F for ; Mon, 10 May 2004 11:38:56 -0700 (PDT) (envelope-from erob@videotron.ca) Received: from videotron.ca ([24.202.95.92]) by VL-MO-MR010.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HXI003CSJWZCC@VL-MO-MR010.ip.videotron.ca> for freebsd-net@freebsd.org; Mon, 10 May 2004 14:38:59 -0500 (EST) Date: Mon, 10 May 2004 14:40:40 -0400 From: Etienne Robillard In-reply-to: <409FCAA5.5000504@videotron.ca> To: freebsd-net@freebsd.org Message-id: <409FCCA8.9000306@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.5 (X11/20040406) X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <409FCAA5.5000504@videotron.ca> Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 18:38:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne Robillard wrote: | Hi | | I am quite new to this list :) | | Context: | There's a bridge that does one logical net for two nics (vr0,rl0) on the | same box (freebsd-4.10-prerelease). | | vr0 = outsite net (isp connected with dhclient) | rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. | | The module in use is bridge.ko and ipfw is in use by the bridge. actually, ipfw is _not_ in use by the bridge... net.link.ether.bridge_ipfw: 0 and thus the firewall: |sudo ipfw show 00100 756 40656 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 4926 1068643 allow ip from any to any 65535 44 13776 deny ip from any to any Thanks, Etienne -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAn8ynfhO/J4JSDfYRAik6AJ9fAeAMwnowrVEv3Dp5azMWYDsTKgCfdbcp lxTD9gRx0nCOQxTmvcPSyWY= =gRlh -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon May 10 12:03:02 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F084716A4CE for ; Mon, 10 May 2004 12:03:02 -0700 (PDT) Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.136.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73ECD43D5A for ; Mon, 10 May 2004 12:03:02 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 141D4383E6 for ; Mon, 10 May 2004 21:03:01 +0200 (CEST) Received: from [163.117.139.95] (cimborrio.it.uc3m.es [163.117.139.95]) by smtp01.uc3m.es (Postfix) with ESMTP id 0018237FC5 for ; Mon, 10 May 2004 21:03:00 +0200 (CEST) From: Juan Rodriguez Hervella Organization: UC3M To: freebsd-net@freebsd.org Date: Mon, 10 May 2004 21:02:51 +0200 User-Agent: KMail/1.6 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200405102102.51399.jrh@it.uc3m.es> Subject: How to use the RTM_IFINFO message of a Routing Socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 19:03:03 -0000 Hello, I dont understand, looking at "man 4 route", how to use the RTM_IFINFO message of a Routing Socket. I mean, do I have to make a "write" on the socket with a "struct if_msghdr" of type = RTM_IFINFO and later on a "read" with the same data structure ? Or can I just open the PF_ROUTE socket and then make a "read" with a "struct if_msghdr" data structure, w/out doing a "write" ? I'm really lost, and I haven't found documentation about this topic, so please if somebody can give me an example or pointing me to somewhere to learn to use this, I'd be delighted. Looking at "usr/src/bin/route.c" is simple another big mess for me. I'm looking forward to your answers, net-people ! -- ****** JFRH ****** From owner-freebsd-net@FreeBSD.ORG Mon May 10 12:14:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCD8716A4CE for ; Mon, 10 May 2004 12:14:45 -0700 (PDT) Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.136.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1ACCA43D1D for ; Mon, 10 May 2004 12:14:45 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp02.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id BD4302707C; Mon, 10 May 2004 21:14:43 +0200 (CEST) Received: from [163.117.139.95] (cimborrio.it.uc3m.es [163.117.139.95]) by smtp02.uc3m.es (Postfix) with ESMTP id A0EEA27040; Mon, 10 May 2004 21:14:43 +0200 (CEST) From: Juan Rodriguez Hervella Organization: UC3M To: freebsd-net@freebsd.org Date: Mon, 10 May 2004 21:14:34 +0200 User-Agent: KMail/1.6 References: <409FCAA5.5000504@videotron.ca> In-Reply-To: <409FCAA5.5000504@videotron.ca> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405102114.34437.jrh@it.uc3m.es> cc: Etienne Robillard Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 19:14:45 -0000 On Monday 10 May 2004 20:32, Etienne Robillard wrote: > Hi > > I am quite new to this list :) > > Context: > There's a bridge that does one logical net for two nics (vr0,rl0) on the > same box (freebsd-4.10-prerelease). > > vr0 = outsite net (isp connected with dhclient) > rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. > > The module in use is bridge.ko and ipfw is in use by the bridge. > Moreover, there's two servers (dhcpd/dnscache) that do dhcp and > name-resolution on 192.168.1.1 (rl0). > > Question: Why promiscuous-mode enabled interfaces routes packets > outbound successfully but not inbound ?? That is, why the private host > can lookup addresses, but fails to receive back tcp packets from the > internet ? > > any ideas ? > > I would really much appreciate any kinds of comments or hints concerning > this scenario... > > Thanks > Hello Etienne, I think that you dont have to make bridging, I think you need to make NAT. As far as I know, if you bridge both interfaces, you are joining the networks at the link layer (L2), but the IP layer (L3) is what it is used to route your packets in the internet. so If your packets are sent with a private IP address as source address, (192.168.X.X) you won't get any response back (private addressing is not globally routable) I've got dial-up access at home and I use "ppp" with the NAT option to deal with the same situation your are describing here, I think. Hope this helps. -- ****** JFRH ****** User n.: A programmer who will believe anything you tell him. From owner-freebsd-net@FreeBSD.ORG Mon May 10 12:18:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4FB216A4CF for ; Mon, 10 May 2004 12:18:38 -0700 (PDT) Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FB2643D5A for ; Mon, 10 May 2004 12:18:37 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Received: (qmail 19747 invoked from network); 10 May 2004 15:07:55 -0000 Received: from dsl027-160-063.atl1.dsl.speakeasy.net (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) encrypted SMTP for ; 10 May 2004 15:07:55 -0000 Received: from 10.50.40.205 (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.12.11/8.12.11) with ESMTP id i4AF7ilA097722; Mon, 10 May 2004 11:07:44 -0400 (EDT) (envelope-from jhb@FreeBSD.org) From: John Baldwin To: Scott Long Date: Mon, 10 May 2004 11:08:09 -0400 User-Agent: KMail/1.6 References: <200405071401.17296.jhb@FreeBSD.org> <409BDE98.9080200@freebsd.org> In-Reply-To: <409BDE98.9080200@freebsd.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <200405101108.09701.jhb@FreeBSD.org> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server.baldwin.cx cc: freebsd-net@FreeBSD.org cc: freebsd-current@FreeBSD.org cc: =?iso-8859-1?q?S=F8ren_Schmidt?= cc: John Polstra Subject: Re: em(4) problems. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 19:18:38 -0000 On Friday 07 May 2004 03:08 pm, Scott Long wrote: > John Baldwin wrote: > > On Thursday 06 May 2004 04:47 pm, Scott Long wrote: > >>S=F8ren Schmidt wrote: > >>>Petri Helenius wrote: > >>>>I=B4m highly confident that this is a case of integrated "CSA" ethern= et > >>>>with broken BIOS. I suspect you get an message about that when bootin= g. > >>> > >>>Nope. no messages to that effect, oh and it works in windows(tm)... > >>> > >>>The last thing I see if I try to use em0 is: > >>>em0: Link is up 100 Mbps Full Duplex > >>>and then the system locks up hard. > >> > >>I'm looking a t a similar system right now and it definitely looks like > >>an interrupt routing problem, not a driver problem. The interesting > >>thing is that (with 5.2-current as of two days ago) disabling neither > >>ACPI nor APIC helps. I guess that we might want to get John Baldwin > >>involved. > > > > Ugh, does the interrupt storm stuff in -current help at all? > > The interrupt storm code does indeed get triggered. What info do you > need in order to track down the routing? Well, the MADT (if using ACPI) or MPtable (if not using ACPI) as well as th= e=20 IRQ that storms (since that is the IRQ it is supposed to be getting) and th= e=20 IRQ it was assigned. =2D-=20 John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" =3D http://www.FreeBSD.org From owner-freebsd-net@FreeBSD.ORG Mon May 10 14:05:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3373416A4CE for ; Mon, 10 May 2004 14:05:03 -0700 (PDT) Received: from hanoi.cronyx.ru (hanoi.cronyx.ru [144.206.181.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1414A43D49 for ; Mon, 10 May 2004 14:05:01 -0700 (PDT) (envelope-from rik@cronyx.ru) Received: (from root@localhost) by hanoi.cronyx.ru id i4AL22Jj048319 for freebsd-net@freebsd.org.checked; (8.12.8/vak/2.1) Tue, 11 May 2004 01:02:02 +0400 (MSD) (envelope-from rik@cronyx.ru) Received: from cronyx.ru (rik.cronyx.ru [172.22.4.1]) by hanoi.cronyx.ru with ESMTP id i4AKsHEI048048; (8.12.8/vak/2.1) Tue, 11 May 2004 00:54:24 +0400 (MSD) (envelope-from rik@cronyx.ru) Message-ID: <409FEAB5.3050608@cronyx.ru> Date: Tue, 11 May 2004 00:48:53 +0400 From: Roman Kurakin User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.2.1) Gecko/20030426 X-Accept-Language: ru-ru, en MIME-Version: 1.0 To: Dmitry Morozovsky References: <20040507160253.B61288@woozle.rinet.ru> <20040507121738.GA97302@cell.sick.ru> <20040507162633.G61288@woozle.rinet.ru> In-Reply-To: <20040507162633.G61288@woozle.rinet.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Frame-Relay support for sppp (Was: FrameRelay support for cx/ctau adapters) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 21:05:03 -0000 Hi, Cronyx has it own version of sppp. One of the main difference from FreeBSD's one that it has support of FrameRelay. We have tryied to get this code commited several times but due to some reasons it wasn't commited (if you grep CVS you may see that it was commited on vendor branch, see if_spppsubr.c 1.1.1.2 15 May 1997 14:48:46). Since cx(4) driver (Cronyx Sigma) was updated, ct(4) (Cronyx Tau) driver was commited and cp(4) driver going to be commited, users of Cronyx adapterts started to ask us about fr support in FreeBSD's sppp since they do not need to use our patches for adapters any more. They need these patches only for sppp, to get fr support. Since I able to add this support to FreeBSD's support I want to get some more opinions from various sides. Now I have one "yes" and one "no" opinions. My own voice "yes", but I belive, I should not count it. ;-) PS. Some FAQ : 1. This is not a new code. It is an old code. More over it is not a new driver, it is only extension of sppp (4). 2. This code is already maintained, thus it doesn't need any additional efforts. 3. Yes, netgraph could be used instead, but many of users of Cronyx adapters prefer to use sppp (not only for fr). Best regards, Roman Kurakin >On Fri, 7 May 2004, Gleb Smirnoff wrote: > >GS> D> we're using Cronyx adapters, some of them in FremaRelay mode, which has been >GS> D> supported by cronyx-made drivers available from vendor site for most of FreeBSD >GS> D> versions. FR support involves modifications to sppp kernel routines. >GS> D> >GS> D> Main driver maintainer is now FreeBSD committer (rik@). >GS> D> However, during merging cx/ctau into the tree, FR suppport has not been >GS> D> incorporated. Roman told me there are some objections to these modifications. >GS> D> >GS> D> Can I ask for more complete cx/ctau support including FR? >GS> D> >GS> D> Please keep me CC'd, as I'm not subscribed to -net. >GS> >GS> FreeBSD has support for FR with help of nodes ng_frame_relay and ng_lmi. This >GS> support is hardware independent. And it works perfectly with cronyx adapters. >GS> What is a reason for merging hardware specific support from old cronyx driver into >GS> base system? > >Short answer: keep POLA. > >Longer answer: to keep 4.x systems with _existing_ fr setup up to date, >non-intuitive and non-atomic patches are now required. > >BTW: we have more than one perfectly (for particular meaning of 'perfect', os >course ;-) working firewall systems, more than on (3) ppp inplementations, and >more than one software raid implementation. I do not see any harm in existing >another (working!) implementation for fr then, especially when it does so >little bloat to the code base. > >Sincerely, >D.Marck [DM5020, MCK-RIPE, DM3-RIPN] >------------------------------------------------------------------------ >*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** >------------------------------------------------------------------------ >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > From owner-freebsd-net@FreeBSD.ORG Mon May 10 15:28:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C93216A4CE for ; Mon, 10 May 2004 15:28:51 -0700 (PDT) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF44843D2F for ; Mon, 10 May 2004 15:28:50 -0700 (PDT) (envelope-from erob@videotron.ca) Received: from videotron.ca ([24.202.95.92]) by VL-MO-MR011.ip.videotron.ca (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HXI00IPARS2CM@VL-MO-MR011.ip.videotron.ca> for freebsd-net@freebsd.org; Mon, 10 May 2004 18:28:50 -0400 (EDT) Date: Mon, 10 May 2004 18:30:39 -0400 From: Etienne Robillard In-reply-to: <200405102114.34437.jrh@it.uc3m.es> To: Juan Rodriguez Hervella , freebsd-net@freebsd.org Message-id: <40A0028F.2050409@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.5 (X11/20040406) X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <409FCAA5.5000504@videotron.ca> <200405102114.34437.jrh@it.uc3m.es> Subject: Re: bridging and promiscuous mode... works but can"t get packets back X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 22:28:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juan Rodriguez Hervella wrote: | On Monday 10 May 2004 20:32, Etienne Robillard wrote: | |>Hi |> |>I am quite new to this list :) |> |>Context: |>There's a bridge that does one logical net for two nics (vr0,rl0) on the |>same box (freebsd-4.10-prerelease). |> |>vr0 = outsite net (isp connected with dhclient) |>rl0 = inside net (192.168.1.1) connected with a 10BaseT/UTP cable. |> |>The module in use is bridge.ko and ipfw is in use by the bridge. |>Moreover, there's two servers (dhcpd/dnscache) that do dhcp and |>name-resolution on 192.168.1.1 (rl0). |> |>Question: Why promiscuous-mode enabled interfaces routes packets |>outbound successfully but not inbound ?? That is, why the private host |>can lookup addresses, but fails to receive back tcp packets from the |>internet ? |> |>any ideas ? |> |>I would really much appreciate any kinds of comments or hints concerning |>this scenario... |> |>Thanks |> | | | Hello Etienne, | | I think that you dont have to make bridging, I think you need to make NAT. | | As far as I know, if you bridge both interfaces, you are joining the | networks at the link layer (L2), but the IP layer (L3) | is what it is used to route your packets in the internet. so | If your packets are sent with a private IP address as source address, | (192.168.X.X) you won't get any response back (private addressing is | not globally routable) | | I've got dial-up access at home and I use | "ppp" with the NAT option to deal with the | same situation your are describing here, I think. | | Hope this helps. | Solved :) Thanks, Juan, for pointing this out in the ether :) Apparently, natd seem's like working with promiscuous-kind-of nics... Still strange, however, that the internal interface needs to be in promisc-mode, so that packets from the dhcpd daemon goes in/out. Guess there's plenty of homeworks for me to do in ifconfig(8) :P erob -----BEGIN PGP SIGNATURE----- Comment: quork teht! iD8DBQFAoAKOfhO/J4JSDfYRAt/vAKCE/gSUJzYp3gyugs/6d0C9+OwbxACgmg1W lzGByZaHREflf/ggsgJFlRY= =HJIC -----END PGP SIGNATURE----- From owner-freebsd-net@FreeBSD.ORG Mon May 10 20:06:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D92A16A4CE; Mon, 10 May 2004 20:06:48 -0700 (PDT) Received: from ioskeha.hittite.isp.9tel.net (ioskeha.hittite.isp.9tel.net [62.62.156.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01B8F43D46; Mon, 10 May 2004 20:06:47 -0700 (PDT) (envelope-from clefevre-lists@9online.fr) Received: from pc2k (unknown [81.185.52.50]) by ioskeha.hittite.isp.9tel.net (Postfix) with SMTP id 292CA17B4ED; Tue, 11 May 2004 05:07:30 +0200 (CEST) Message-ID: <0cc701c43704$fe189fc0$7890a8c0@dyndns.org> From: "Cyrille Lefevre" To: "current @FreeBSD.org" Date: Tue, 11 May 2004 05:06:44 +0200 Organization: ACME MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 cc: "net @FreeBSD.org" Subject: bind timeouts X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 03:06:48 -0000 Hi, for some times, I have some troubles to send e-mails, they are returned w/ a host unknown error message (the relay)... I spent a whole day to track down the problem w/o success. however, it seems to be located around bind, but I don't know if it's the client side or the server side which is broken, maybe the TCP stack ! I'm running -current last updated around 18 April 2004. # uname -a FreeBSD gits 5.2-CURRENT FreeBSD 5.2-CURRENT #26: Tue Apr 27 03:51:12 CEST 2004 # nslookup -q=txt -class=CHAOS version.bind. 0 Server: localhost Address: 127.0.0.1 VERSION.BIND text = "8.3.7-REL" here are some outputs of the host command : # time host smarthost smarthost.gits.fr.invalid has address 62.62.156.27 smarthost.gits.fr.invalid has address 62.62.156.28 0.05s real 0.00s user 0.04s system # time host smarthost smarthost.gits.fr.invalid has address 62.62.156.28 smarthost.gits.fr.invalid has address 62.62.156.27 5.08s real 0.00s user 0.03s system # time host smarthost 5.08s real 0.00s user 0.04s system # time host smarthost 8.14s real 0.00s user 0.04s system so, sometimes, I got a rapid answer, sometimes a slow answer and sometimes no answer ! here are some other outputs regarding localhost : # time host localhost localhost.gits.fr.invalid has address 127.0.0.1 0.06s real 0.00s user 0.03s system # time host localhost localhost.gits.fr.invalid has address 127.0.0.1 5.19s real 0.01s user 0.03s system # time host localhost localhost.gits.fr.invalid has address 127.0.0.1 10.14s real 0.01s user 0.01s system # time host localhost Host not found. 30.38s real 0.00s user 0.04s system any hints ? Cyrille Lefevre. -- home: mailto:cyrille.lefevre@laposte.net From owner-freebsd-net@FreeBSD.ORG Tue May 11 01:21:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A0C616A4CE for ; Tue, 11 May 2004 01:21:05 -0700 (PDT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B16143D45 for ; Tue, 11 May 2004 01:21:04 -0700 (PDT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i4B8PrLI001587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 May 2004 11:25:54 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i4B8LLr4065831; Tue, 11 May 2004 11:21:21 +0300 (EEST) (envelope-from ru) Date: Tue, 11 May 2004 11:21:21 +0300 From: Ruslan Ermilov To: Juan Rodriguez Hervella Message-ID: <20040511082121.GA64972@ip.net.ua> References: <200405102102.51399.jrh@it.uc3m.es> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: <200405102102.51399.jrh@it.uc3m.es> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-net@freebsd.org Subject: Re: How to use the RTM_IFINFO message of a Routing Socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 08:21:05 -0000 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 10, 2004 at 09:02:51PM +0200, Juan Rodriguez Hervella wrote: > Hello, >=20 > I dont understand, looking at "man 4 route", how to use the RTM_IFINFO > message of a Routing Socket. >=20 > I mean, do I have to make a "write" on the socket with a=20 > "struct if_msghdr" of type =3D RTM_IFINFO and later on a "read" with > the same data structure ? >=20 > Or can I just open the PF_ROUTE socket and then make a "read" with=20 > a "struct if_msghdr" data structure, w/out doing a "write" ? >=20 > I'm really lost, and I haven't found documentation about this topic, so= =20 > please if somebody can give me an example or pointing me to > somewhere to learn to use this, I'd be delighted. Looking at=20 > "usr/src/bin/route.c" is simple another big mess for me. >=20 > I'm looking forward to your answers, net-people ! >=20 A kernel emits the RTM_IFINFO message on a routing socket by ether reacting to the NET_RT_IFLIST sysctl(3), or when the interface's status changes (see "route monitor" for one such example). Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAoI0BUkv4P6juNwoRAsH7AJsF+1HA1f4a1xGZ59pFUTCtbtENVgCfVLIA HQqyiytW9qP/sKP4WzKcM00= =Xxy3 -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND-- From owner-freebsd-net@FreeBSD.ORG Tue May 11 03:01:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F272216A4CE for ; Tue, 11 May 2004 03:01:05 -0700 (PDT) Received: from cheer.mahoroba.org (flets19-146.kamome.or.jp [218.45.19.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D77B43D31 for ; Tue, 11 May 2004 03:01:04 -0700 (PDT) (envelope-from ume@FreeBSD.org) Received: from localhost (IDENT:MBsLNkYsubKmJhyWBiA+jJq4IytPq2xq8AdX/Qp5AceZ/5mFs16oQ20utACZbF17@localhost [IPv6:::1]) (user=ume mech=CRAM-MD5 bits=0)i4B9xV2t044093 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 May 2004 18:59:36 +0900 (JST) (envelope-from ume@FreeBSD.org) Date: Tue, 11 May 2004 18:59:31 +0900 Message-ID: From: Hajimu UMEMOTO To: Lukasz Stelmach In-Reply-To: <20040506082113.GA15255@tygrys.k.telmark.waw.pl> References: <20040504181620.GB9699@tygrys.k.telmark.waw.pl> <20040506082113.GA15255@tygrys.k.telmark.waw.pl> User-Agent: xcite1.38> Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 4.10-BETA MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on cheer.mahoroba.org cc: freebsd-net@freebsd.org cc: SUZUKI Shinsuke Subject: Re: if_stf bug/feature X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 10:01:06 -0000 Hi, >>>>> On Thu, 6 May 2004 10:21:13 +0200 >>>>> Lukasz Stelmach said: Lukasz> Well i *have*got* one v4ADDR that is assigned to my nat/router-box. I Lukasz> have also configured that it should pass all packets that are not part Lukasz> of some known connections (from M1 M2 .. Mn) (including but not limited Lukasz> to proto 41) to one specified machine (name it TIGGER) that acts as the Lukasz> end of 6to4 tunnel for all other computers in the LAN. Now, for i Lukasz> controll both the nat and TIGGER i can do such manglig without any Lukasz> harm. Let's say taht to the rest of the world the nat+TIGGER act like Lukasz> a single machine. Yes, current if_stf is too restrictive against NAT, and skipping certain checks enablea us to use 6to4 even behind NAT. I believe it doesn't break RFC3056. Once, I made a patch to do so for a friend of mine. But, it was based on old source and somewhat redundant. I've just made a patch against recent 5-CURRENT. But, I've not estimated if there are side effects. I don't have testing environment for 6to4, now. Could you test it? Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ From owner-freebsd-net@FreeBSD.ORG Tue May 11 08:18:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A995D16A4CF; Tue, 11 May 2004 08:18:09 -0700 (PDT) Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.136.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 910B943D54; Tue, 11 May 2004 08:18:08 -0700 (PDT) (envelope-from jrh@it.uc3m.es) Received: from smtp03.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 4090129447; Tue, 11 May 2004 17:18:07 +0200 (CEST) Received: from [163.117.139.95] (cimborrio.it.uc3m.es [163.117.139.95]) by smtp03.uc3m.es (Postfix) with ESMTP id 2C7892942D; Tue, 11 May 2004 17:18:07 +0200 (CEST) From: Juan Rodriguez Hervella Organization: UC3M To: freebsd-net@freebsd.org Date: Tue, 11 May 2004 17:17:46 +0200 User-Agent: KMail/1.6 References: <200405102102.51399.jrh@it.uc3m.es> <20040511082121.GA64972@ip.net.ua> In-Reply-To: <20040511082121.GA64972@ip.net.ua> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405111717.47794.jrh@it.uc3m.es> Subject: Re: How to use the RTM_IFINFO message of a Routing Socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 15:18:09 -0000 Hello, I've made several things: 1. Add a simple "rt_ifmsg(ifp)" function call inside /dev/wi/if_wi.c, at function: wi_update_stats (FreeBSD-4.9) 2. Then I try to get those notifications with the small program that follows, but I can not get anything. Where could the problem be ? Thanks a lot! #include #include #include #include #include #include #include #include #include #include #include #include struct if_msghdr msg; int main () { int len, s, i, wi_index; struct if_nameindex *ifnames; time_t t; s = socket(PF_ROUTE, SOCK_RAW, 0); start: msg.ifm_type = RTM_IFINFO; msg.ifm_version = RTM_VERSION; ifnames = if_nameindex(); i=0; while( ifnames[i].if_index != NULL ) { printf("index: %d, name %s\n", ifnames[i].if_index, ifnames[i].if_name ); if( strcmp("wi0", ifnames[i].if_name ) == 0 ) wi_index = ifnames[i].if_index; i++; } if_freenameindex( ifnames ); do { if( (len = read(s, (char *)&msg, sizeof(msg))) < 0 ) { err(1, "reading from routing socket"); return -1; } } while ( (msg.ifm_type != RTM_IFINFO) || (msg.ifm_index != wi_index) ); t= time( NULL ); printf("notification time: %s", ctime(&t) ); goto start; /* never reached */ return 0; } On Tuesday 11 May 2004 10:21, Ruslan Ermilov wrote: > On Mon, May 10, 2004 at 09:02:51PM +0200, Juan Rodriguez Hervella wrote: > > Hello, > > > > I dont understand, looking at "man 4 route", how to use the RTM_IFINFO > > message of a Routing Socket. > > > > I mean, do I have to make a "write" on the socket with a > > "struct if_msghdr" of type = RTM_IFINFO and later on a "read" with > > the same data structure ? > > > > Or can I just open the PF_ROUTE socket and then make a "read" with > > a "struct if_msghdr" data structure, w/out doing a "write" ? > > > > I'm really lost, and I haven't found documentation about this topic, so > > please if somebody can give me an example or pointing me to > > somewhere to learn to use this, I'd be delighted. Looking at > > "usr/src/bin/route.c" is simple another big mess for me. > > > > I'm looking forward to your answers, net-people ! > > A kernel emits the RTM_IFINFO message on a routing socket by ether > reacting to the NET_RT_IFLIST sysctl(3), or when the interface's > status changes (see "route monitor" for one such example). > > > Cheers, -- ****** JFRH ****** Avoid Quiet and Placid persons unless you are in Need of Sleep. -- National Lampoon, "Deteriorata" From owner-freebsd-net@FreeBSD.ORG Tue May 11 09:07:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6586016A4CE for ; Tue, 11 May 2004 09:07:38 -0700 (PDT) Received: from 153-bem-1.acn.waw.pl (153-bem-1.acn.waw.pl [62.121.80.153]) by mx1.FreeBSD.org (Postfix) with SMTP id 53F8643D53 for ; Tue, 11 May 2004 09:07:36 -0700 (PDT) (envelope-from steelman@tygrys.k.telmark.waw.pl) Received: (qmail 66550 invoked by uid 1000); 11 May 2004 16:07:34 -0000 Date: Tue, 11 May 2004 18:07:34 +0200 From: Lukasz Stelmach To: Hajimu UMEMOTO Message-ID: <20040511160734.GA66419@tygrys.k.telmark.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Mail-Editor: nvi X-GPG-Fingerprint: 68B8 6D4F 0C5E 291F C4E0 BBF4 35DC D8F2 C9BD 2BDC X-GPG-Key: http://www.ee.pw.edu.pl/~stelmacl/gpg_key.txt cc: freebsd-net@freebsd.org cc: SUZUKI Shinsuke Subject: Re: if_stf bug/feature X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Lukasz Stelmach List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 16:07:38 -0000 --FCuugMFkClbJLl1L Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, 11 May 2004 18:59:31 +0900 Ume wrote: >>>>> On Thu, 6 May 2004 10:21:13 +0200 >>>>> Lukasz Stelmach said: Lukasz>> Well i *have*got* one v4ADDR that is assigned to my nat/router-box= . I [...] Lukasz>> harm. Let's say taht to the rest of the world the nat+TIGGER act l= ike Lukasz>> a single machine. > Yes, current if_stf is too restrictive against NAT, and skipping > certain checks enablea us to use 6to4 even behind NAT. I believe it > doesn't break RFC3056. IMHO it does not if everything is going to be corect after the packets go touring out of nat. > Once, I made a patch to do so for a friend of mine. But, it was based > on old source and somewhat redundant. I've just made a patch against > recent 5-CURRENT. But, I've not estimated if there are side effects. > I don't have testing environment for 6to4, now. Could you test it? In one of my previous letters I have mentioned that i use 4.9-RCsomething and unfortunately this is my only FreeBSD. I am also afraid :-( that i don't have enough spare time neither. But please send the patch and I will *try* to look at it if you don't mind. Bye. --=20 |/ |_, _ .- --, Ju=BF z ka=BFdej strony pe=B3zn=B1, potworne =BF= =B1dze |__ |_|. | \ |_|. ._' /_. B=EAd=EA uprawia=B3 nierz=B1d, za pieni= =B1ze --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAoPpGNdzY8sm9K9wRAgGUAJ44bQ+bMnUHpn1H2uDys40QfZtdawCgmBIu 60NF5iK7hp1+Ku9gPB9jkwU= =Oj3k -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L-- From owner-freebsd-net@FreeBSD.ORG Tue May 11 10:30:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2D8B16A4CE for ; Tue, 11 May 2004 10:30:32 -0700 (PDT) Received: from proton.hexanet.fr (proton.hexanet.fr [81.23.32.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE11C43D5D for ; Tue, 11 May 2004 10:30:31 -0700 (PDT) (envelope-from c.prevotaux@hexanet.fr) Received: from hexanet.fr (localhost [127.0.0.1]) by proton.hexanet.fr (Postfix) with SMTP id 50B534C968 for ; Tue, 11 May 2004 19:30:30 +0200 (CEST) Date: Tue, 11 May 2004 19:30:30 +0200 From: Christophe Prevotaux To: net@freebsd.org Message-Id: <20040511193030.25a7462f.c.prevotaux@hexanet.fr> Organization: HEXANET Sarl X-Mailer: Sylpheed version 0.9.6 (GTK+ 1.2.10; i386-portbld-freebsd4.9) X-NCC-RegID: fr.hexanet Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Liberouter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 17:30:32 -0000 Hi, I thought this might be of interest to some of you even though I am sure many of you already know about this http://www.liberouter.org/ Would be good to have standard support within FreeBSD tree for these :) -- =============================================================== Chris =============================================================== From owner-freebsd-net@FreeBSD.ORG Tue May 11 10:54:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B87E816A4CE for ; Tue, 11 May 2004 10:54:38 -0700 (PDT) Received: from cheer.mahoroba.org (flets19-146.kamome.or.jp [218.45.19.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6959043D45 for ; Tue, 11 May 2004 10:54:36 -0700 (PDT) (envelope-from ume@FreeBSD.org) Received: from lyrics.mahoroba.org (IDENT:yYPuMMLHJ+df/Cy/4JfCVGBI9cKl2kaUyXJhGzpzkHW3AnfZQDkQ3iAgznXcj24g@lyrics.mahoroba.org [IPv6:3ffe:501:185b:8010:280:88ff:fe03:4841]) (user=ume mech=CRAM-MD5 bits=0)i4BHr2hD084893 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 12 May 2004 02:53:06 +0900 (JST) (envelope-from ume@FreeBSD.org) Date: Wed, 12 May 2004 02:53:02 +0900 Message-ID: From: Hajimu UMEMOTO To: Lukasz Stelmach In-Reply-To: <20040511160734.GA66419@tygrys.k.telmark.waw.pl> References: <20040511160734.GA66419@tygrys.k.telmark.waw.pl> User-Agent: xcite1.38> Wanderlust/2.11.3 (Wonderwall) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) X-Operating-System: FreeBSD 5.2-CURRENT MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: multipart/mixed; boundary="Multipart_Wed_May_12_02:53:02_2004-1" X-Virus-Scanned: by amavisd-new X-Virus-Status: Clean X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on cheer.mahoroba.org cc: freebsd-net@freebsd.org cc: SUZUKI Shinsuke Subject: Re: if_stf bug/feature X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 17:54:38 -0000 --Multipart_Wed_May_12_02:53:02_2004-1 Content-Type: text/plain; charset=US-ASCII Hi, >>>>> On Tue, 11 May 2004 18:07:34 +0200 >>>>> Lukasz Stelmach said: Lukasz> In one of my previous letters I have mentioned that i use 4.9-RCsomething Lukasz> and unfortunately this is my only FreeBSD. I am also afraid :-( that Lukasz> i don't have enough spare time neither. But please send the patch and Lukasz> I will *try* to look at it if you don't mind. I knew that you are using 4.X from your post to stable@. I attach my candidate patch for 4-STABLE into this mail. Suzuki-san mentioned RFC3056. However, though 5-CURRENT checks if an address is not RFC1918 address, 4-STABLE version of if_stf doesn't check RFC1918 address. I included this check into my patch. It makes NAT thing more difficult, though. A friend of mine tested this patch on his 4-STABLE box. Sincerely, --Multipart_Wed_May_12_02:53:02_2004-1 Content-Type: application/octet-stream; type=patch Content-Disposition: attachment; filename="if_stf.c-nat-4s.diff" Content-Transfer-Encoding: 7bit Index: share/man/man4/stf.4 diff -u share/man/man4/stf.4.orig share/man/man4/stf.4 --- share/man/man4/stf.4.orig Wed Sep 18 01:53:04 2002 +++ share/man/man4/stf.4 Wed May 12 00:39:09 2004 @@ -175,6 +175,16 @@ Note, however, there are other security risks exist. If you wish to use the configuration, you must not advertise your 6to4 address to others. +.Pp +You can configure to use 6to4 from behind NAT by setting the +.Xr sysctl 8 +variable +.Va net.link.stf.no_addr4check +to 1 with support of your NAT box. +If you are directly connected to the Internet, you shouldn't +chenge the value of +.Va net.link.stf.no_addr4check . +This is only hack to use 6to4 from within a NAT. .\" .Sh EXAMPLES Note that Index: sys/net/if_stf.c diff -u -p sys/net/if_stf.c.orig sys/net/if_stf.c --- sys/net/if_stf.c.orig Tue Feb 4 03:55:47 2003 +++ sys/net/if_stf.c Wed May 12 02:43:17 2004 @@ -85,6 +85,7 @@ #include #include #include +#include #include #include @@ -147,6 +148,7 @@ static int stf_encapcheck __P((const str static struct in6_ifaddr *stf_getsrcifa6 __P((struct ifnet *)); static int stf_output __P((struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *)); +static int isrfc1918addr __P((struct in_addr *)); static int stf_checkaddr4 __P((struct stf_softc *, struct in_addr *, struct ifnet *)); static int stf_checkaddr6 __P((struct stf_softc *, struct in6_addr *, @@ -154,6 +156,13 @@ static int stf_checkaddr6 __P((struct st static void stf_rtrequest __P((int, struct rtentry *, struct rt_addrinfo *)); static int stf_ioctl __P((struct ifnet *, u_long, caddr_t)); +SYSCTL_DECL(_net_link); +SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); + +static int no_addr4check = 0; +SYSCTL_INT(_net_link_stf, OID_AUTO, no_addr4check, CTLFLAG_RW, + &no_addr4check, 0, "Skip outer IPv4 address"); + static int stfmodevent(mod, type, data) module_t mod; @@ -261,9 +270,17 @@ stf_encapcheck(m, off, proto, arg) * local 6to4 address. * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... */ - if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, - sizeof(ip.ip_dst)) != 0) - return 0; + if (no_addr4check) { + struct ifnet *tif; + + INADDR_TO_IFP(ip.ip_dst, tif); + if (!tif) + return 0; + } else { + if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, + sizeof(ip.ip_dst)) != 0) + return 0; + } /* * check if IPv4 src matches the IPv4 address derived from the @@ -301,12 +318,14 @@ stf_getsrcifa6(ifp) if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) continue; - bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); - LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) - if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) - break; - if (ia4 == NULL) - continue; + if (!no_addr4check) { + bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); + LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) + if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) + break; + if (ia4 == NULL) + continue; + } return (struct in6_ifaddr *)ia; } @@ -404,8 +423,9 @@ stf_output(ifp, m, dst, rt) bzero(ip, sizeof(*ip)); - bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), - &ip->ip_src, sizeof(ip->ip_src)); + if (!no_addr4check) + bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), + &ip->ip_src, sizeof(ip->ip_src)); bcopy(in4, &ip->ip_dst, sizeof(ip->ip_dst)); ip->ip_p = IPPROTO_IPV6; ip->ip_ttl = ip_stf_ttl; @@ -440,6 +460,22 @@ stf_output(ifp, m, dst, rt) } static int +isrfc1918addr(in) + struct in_addr *in; +{ + /* + * returns 1 if private address range: + * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 + */ + if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || + (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || + (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) + return 1; + + return 0; +} + +static int stf_checkaddr4(sc, in, inifp) struct stf_softc *sc; struct in_addr *in; @@ -508,8 +544,20 @@ stf_checkaddr6(sc, in6, inifp) /* * check 6to4 addresses */ - if (IN6_IS_ADDR_6TO4(in6)) - return stf_checkaddr4(sc, GET_V4(in6), inifp); + if (IN6_IS_ADDR_6TO4(in6)) { + struct in_addr in4; + + bcopy(GET_V4(in6), &in4, sizeof(in4)); + + /* + * reject packets with private address range. + * (requirement from RFC3056 section 2 1st paragraph) + */ + if (isrfc1918addr(&in4)) + return -1; + + return stf_checkaddr4(sc, &in4, inifp); + } /* * reject anything that look suspicious. the test is implemented @@ -572,6 +620,18 @@ in_stf_input(m, va_alist) return; } + /* + * Skip RFC1918 check against dest address to allow incoming + * packets with private address for dest. Though it may + * breasks the requirement from RFC3056 section 2 1st + * paragraph, it helps for 6to4 over NAT. + */ + if ((!no_addr4check && isrfc1918addr(&ip->ip_dst)) || + isrfc1918addr(&ip->ip_src)) { + m_freem(m); + return; + } + otos = ip->ip_tos; m_adj(m, off); @@ -668,6 +728,7 @@ stf_ioctl(ifp, cmd, data) struct ifaddr *ifa; struct ifreq *ifr; struct sockaddr_in6 *sin6; + struct in_addr addr; int error; error = 0; @@ -679,11 +740,18 @@ stf_ioctl(ifp, cmd, data) break; } sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; - if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { - ifa->ifa_rtrequest = stf_rtrequest; - ifp->if_flags |= IFF_UP; - } else + if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { + error = EINVAL; + break; + } + bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); + if (isrfc1918addr(&addr)) { error = EINVAL; + break; + } + + ifa->ifa_rtrequest = stf_rtrequest; + ifp->if_flags |= IFF_UP; break; case SIOCADDMULTI: --Multipart_Wed_May_12_02:53:02_2004-1 Content-Type: text/plain; charset=US-ASCII -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ --Multipart_Wed_May_12_02:53:02_2004-1-- From owner-freebsd-net@FreeBSD.ORG Tue May 11 11:03:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4802D16A4CE for ; Tue, 11 May 2004 11:03:06 -0700 (PDT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CAAF43D54 for ; Tue, 11 May 2004 11:03:05 -0700 (PDT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id D47816546C; Tue, 11 May 2004 19:03:03 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 90369-01-11; Tue, 11 May 2004 19:03:03 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 3D2F06545E; Tue, 11 May 2004 19:03:03 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 2E4F760FF; Tue, 11 May 2004 19:03:02 +0100 (BST) Date: Tue, 11 May 2004 19:03:02 +0100 From: Bruce M Simpson To: Christophe Prevotaux Message-ID: <20040511180301.GA18524@empiric.dek.spc.org> References: <20040511193030.25a7462f.c.prevotaux@hexanet.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040511193030.25a7462f.c.prevotaux@hexanet.fr> cc: net@freebsd.org Subject: Re: Liberouter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 18:03:06 -0000 On Tue, May 11, 2004 at 07:30:30PM +0200, Christophe Prevotaux wrote: > I thought this might be of interest to some of you > even though I am sure many of you already know about this > > http://www.liberouter.org/ > > Would be good to have standard support within FreeBSD tree > for these :) This is a worthy project, but I don't think it offers anything for use in mainline FreeBSD yet or for quite some time, if at all. They seem to have focused on building an open source hardware solution rather than on architecture, but this is just based on a few minutes' skim. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Tue May 11 18:08:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E367B16A4CE for ; Tue, 11 May 2004 18:08:53 -0700 (PDT) Received: from beelzebubba.sysabend.org (alcatraz.inna.net [209.201.74.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7569743D3F for ; Tue, 11 May 2004 18:08:53 -0700 (PDT) (envelope-from xyzzy@moo.sysabend.org) Received: from moo.sysabend.org (moo.sysabend.org [66.111.41.70]) by beelzebubba.sysabend.org (Postfix) with SMTP id AC41414EAD for ; Tue, 11 May 2004 21:09:07 -0400 (EDT) Received: (nullmailer pid 91749 invoked by uid 14); Wed, 12 May 2004 01:08:52 -0000 Date: Tue, 11 May 2004 18:08:52 -0700 From: Tom Arnold To: freebsd-net@freebsd.org Message-ID: <20040512010852.GV92927@moo.sysabend.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Organization: The Sysabend Dump X-Operating-System: CPM2.2 X-8-Bit-Samples-And-Analog-Filters: Rah! X-Bucket-Brigade-Devices: Rah! Subject: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: xyzzy@sysabend.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 01:08:54 -0000 Having a problem with a very simple freevrrp config. This is FreeBSD 5.2.1p5 /usr/local/etc/freevrrpd.conf : [VRID] serverid = 1 interface = em0 priority = 255 addr = 192.168.13.209/32 password = dlvip #masterscript = "/usr/local/bin/master_script.sh" #backupscript = "/usr/local/bin/backup_script.sh" If I start freevrrpd I get : May 11 17:35:40 downloads1-new freevrrpd[61294]: launching daemon in background mode May 11 17:35:40 downloads1-new freevrrpd[61295]: initializing threads and all VRID May 11 17:35:40 downloads1-new freevrrpd[61295]: reading configuration file /usr/local/etc/freevrrpd.conf May 11 17:35:41 downloads1-new freevrrpd[61295]: send ip = 192.168.13.210, eth = 0:0:5e:0:1:1 May 11 17:35:41 downloads1-new freevrrpd[61295]: send ip = 192.168.13.209, eth = 0:0:5e:0:1:1 May 11 17:35:41 downloads1-new freevrrpd[61295]: server state vrid 1: master May 11 17:35:41 downloads1-new freevrrpd[61295]: interface em0 is faulty, deactivated from VRRP VRIDs May 11 17:35:42 downloads1-new freevrrpd[61295]: send ip = 192.168.13.210, eth = 0:4:23:9a:97:a4 May 11 17:35:42 downloads1-new freevrrpd[61295]: server state vrid 1: backup Hardware is a Dell 650 with, of course, onboard Intel Pro/1000. Also using freevrrp on other Dell650's, but they came with Pro/100's ( fxp ) and work fine, so I'm leaning towards hardware or driver quirks, but any ideas appreciated. Thanks. -- ------------------------------------------------------------------------ - Tom Arnold - When I was small, I was in love, - - Sysabend - In love with everything. - - CareTaker - And now there's only you... - -------------- -- Thomas Dolby, "Cloudburst At Shingle Street" - From owner-freebsd-net@FreeBSD.ORG Tue May 11 18:38:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6999C16A4CE for ; Tue, 11 May 2004 18:38:34 -0700 (PDT) Received: from beelzebubba.sysabend.org (alcatraz.inna.net [209.201.74.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B34043D31 for ; Tue, 11 May 2004 18:38:34 -0700 (PDT) (envelope-from xyzzy@moo.sysabend.org) Received: from moo.sysabend.org (moo.sysabend.org [66.111.41.70]) by beelzebubba.sysabend.org (Postfix) with SMTP id 82E8814EAD; Tue, 11 May 2004 21:38:48 -0400 (EDT) Received: (nullmailer pid 92757 invoked by uid 14); Wed, 12 May 2004 01:38:32 -0000 Date: Tue, 11 May 2004 18:38:32 -0700 From: Tom Arnold To: Tom Arnold Message-ID: <20040512013832.GW92927@moo.sysabend.org> References: <20040512010852.GV92927@moo.sysabend.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040512010852.GV92927@moo.sysabend.org> User-Agent: Mutt/1.4i Organization: The Sysabend Dump X-Operating-System: CPM2.2 X-8-Bit-Samples-And-Analog-Filters: Rah! X-Bucket-Brigade-Devices: Rah! cc: freebsd-net@freebsd.org Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: xyzzy@sysabend.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 01:38:34 -0000 On Tue, May 11, 2004 at 06:08:52PM -0700, Tom Arnold wrote: > Having a problem with a very simple freevrrp config. > This is FreeBSD 5.2.1p5 A bit more digging and I found that there was an em0 fix, so I cvsup'd and got it working. Failover is painfully slow ( read : not usable ) so I think my solution is to put fxp cards in these machines. Sorry for the wasted bandwidth. -- ------------------------------------------------------------------------ - Tom Arnold - When I was small, I was in love, - - Sysabend - In love with everything. - - CareTaker - And now there's only you... - -------------- -- Thomas Dolby, "Cloudburst At Shingle Street" - From owner-freebsd-net@FreeBSD.ORG Tue May 11 21:50:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0665C16A4D5 for ; Tue, 11 May 2004 21:50:37 -0700 (PDT) Received: from terror.hungry.com (terror.hungry.com [199.181.107.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD2D143D1F for ; Tue, 11 May 2004 21:50:36 -0700 (PDT) (envelope-from tspencer@hungry.com) Received: from [172.16.1.6] (adsl-64-174-135-251.dsl.sntc01.pacbell.net [64.174.135.251]) (AUTH: LOGIN tspencer, TLS: TLSv1/SSLv3,128bits,RC4-SHA) by terror.hungry.com with esmtp; Tue, 11 May 2004 21:50:29 -0700 In-Reply-To: <20040512010852.GV92927@moo.sysabend.org> References: <20040512010852.GV92927@moo.sysabend.org> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Tim Spencer Date: Tue, 11 May 2004 21:50:19 -0700 To: xyzzy@sysabend.org X-Mailer: Apple Mail (2.613) cc: freebsd-net@freebsd.org Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 04:50:37 -0000 On May 11, 2004, at 6:08 PM, Tom Arnold wrote: > Hardware is a Dell 650 with, of course, onboard Intel Pro/1000. > Also using freevrrp on other Dell650's, but they came with Pro/100's ( > fxp ) > and work fine, so I'm leaning towards hardware or driver quirks, but > any > ideas appreciated. > Do you have filtering turned on/are you allowing multicast out to the VRRP address? I'm a bit perplexed with "interface em0 is faulty". I don't believe I've seen that before. Hrm. I'd be willing to bet it's a driver issue too. Let me know what you find out. That config looks fine to me. Have fun! -tspencer From owner-freebsd-net@FreeBSD.ORG Tue May 11 21:52:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7676416A4CE for ; Tue, 11 May 2004 21:52:37 -0700 (PDT) Received: from terror.hungry.com (terror.hungry.com [199.181.107.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32D5E43D31 for ; Tue, 11 May 2004 21:52:37 -0700 (PDT) (envelope-from tspencer@hungry.com) Received: from [172.16.1.6] (adsl-64-174-135-251.dsl.sntc01.pacbell.net [64.174.135.251]) (AUTH: LOGIN tspencer, TLS: TLSv1/SSLv3,128bits,RC4-SHA) by terror.hungry.com with esmtp; Tue, 11 May 2004 21:52:31 -0700 In-Reply-To: <20040512013832.GW92927@moo.sysabend.org> References: <20040512010852.GV92927@moo.sysabend.org> <20040512013832.GW92927@moo.sysabend.org> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <278E1C24-A3D0-11D8-8133-000A95C4EC66@hungry.com> Content-Transfer-Encoding: 7bit From: Tim Spencer Date: Tue, 11 May 2004 21:52:21 -0700 To: xyzzy@sysabend.org X-Mailer: Apple Mail (2.613) cc: freebsd-net@freebsd.org Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 04:52:37 -0000 On May 11, 2004, at 6:38 PM, Tom Arnold wrote: > A bit more digging and I found that there was an em0 fix, so I cvsup'd > and > got it working. Failover is painfully slow ( read : not usable ) so I > think > my solution is to put fxp cards in these machines. > Interesting. Can you see why it's slow? And what was the fix? Some sort of multicast thing? I may be doing some VRRP on some emX cards here shortly too, and would love to hear what you come up with. :-) > Sorry for the wasted bandwidth. > Never wasted!! I always love to hear from you!! -tspencer From owner-freebsd-net@FreeBSD.ORG Wed May 12 03:56:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E22D16A4CE for ; Wed, 12 May 2004 03:56:16 -0700 (PDT) Received: from ACSV14.aimccf.net (mail22.aimccf.net [212.11.24.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 305A743D45 for ; Wed, 12 May 2004 03:56:14 -0700 (PDT) (envelope-from spetit@selectbourse.com) Received: from sdef-dsi-117.bum.sub.fr.hsbc (unverified [10.79.10.67]) by ACSV14.aimccf.net (Content Technologies SMTPRS 4.3.12) with SMTP id for ; Wed, 12 May 2004 12:33:11 +0200 Received: from fr0010090585 ([10.39.10.188]) by sdef-dsi-117.bum.sub.fr.hsbc; Wed, 12 May 2004 12:24:16 +0200 Message-ID: <001f01c4380c$24158690$bc0a270a@bum.sub.fr.hsbc> From: "Sebastien Petit" To: , References: <20040512010852.GV92927@moo.sysabend.org> Date: Wed, 12 May 2004 12:30:26 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 10:56:16 -0000 Hi Tom, There is a problem with freevrrpd and em drivers. em driver go down,wait 2 seconds, and become up again when an SIOCIFLLADDR is used. So a flapping problem will appear. The last revision in CVS resolve this problem and a new parameter called carrier_timeout (see the man with the new revision) can be used to precise the number of seconds for waiting interface to be up. New parameters for spanning tree latency and vlan has been added because when a switch port will be down and up, the port switch became in learning state and a flapping problem will result from that. Try to disable spanning tree or set the spanning tree parameter with the duration of the learning state. You can disable monitored circuits too if you want. Is you have any problems about freevrrpd, let me know with logs/conf. Regards, Sebastien. -- spe@selectbourse.net ----- Original Message ----- From: "Tom Arnold" To: Sent: Wednesday, May 12, 2004 3:08 AM Subject: freevrrp problem > Having a problem with a very simple freevrrp config. > This is FreeBSD 5.2.1p5 > > /usr/local/etc/freevrrpd.conf : > [VRID] > serverid = 1 > interface = em0 > priority = 255 > addr = 192.168.13.209/32 > password = dlvip > #masterscript = "/usr/local/bin/master_script.sh" > #backupscript = "/usr/local/bin/backup_script.sh" > > If I start freevrrpd I get : > May 11 17:35:40 downloads1-new freevrrpd[61294]: launching daemon in > background mode > May 11 17:35:40 downloads1-new freevrrpd[61295]: initializing threads and > all VRID > May 11 17:35:40 downloads1-new freevrrpd[61295]: reading configuration file > /usr/local/etc/freevrrpd.conf > May 11 17:35:41 downloads1-new freevrrpd[61295]: send ip = 192.168.13.210, > eth = 0:0:5e:0:1:1 > May 11 17:35:41 downloads1-new freevrrpd[61295]: send ip = 192.168.13.209, > eth = 0:0:5e:0:1:1 > May 11 17:35:41 downloads1-new freevrrpd[61295]: server state vrid 1: master > May 11 17:35:41 downloads1-new freevrrpd[61295]: interface em0 is faulty, > deactivated from VRRP VRIDs > May 11 17:35:42 downloads1-new freevrrpd[61295]: send ip = 192.168.13.210, > eth = 0:4:23:9a:97:a4 > May 11 17:35:42 downloads1-new freevrrpd[61295]: server state vrid 1: backup > > > Hardware is a Dell 650 with, of course, onboard Intel Pro/1000. > Also using freevrrp on other Dell650's, but they came with Pro/100's ( fxp ) > and work fine, so I'm leaning towards hardware or driver quirks, but any > ideas appreciated. > > Thanks. > > -- > ------------------------------------------------------------------------ > - Tom Arnold - When I was small, I was in love, - > - Sysabend - In love with everything. - > - CareTaker - And now there's only you... - > -------------- -- Thomas Dolby, "Cloudburst At Shingle Street" - > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > Les informations contenues dans ce message sont confidentielles et peuvent constituer des informations privilegiees. Si vous n etes pas le destinataire de ce message, il vous est interdit de le copier, de le faire suivre, de le divulguer ou d en utiliser tout ou partie. Si vous avez recu ce message par erreur, merci de le supprimer de votre systeme, ainsi que toutes ses copies, et d en avertir immediatement l expediteur par message de retour.... Il est impossible de garantir que les communications par messagerie electronique arrivent en temps utile, sont securisees ou denuees de toute erreur ou virus. En consequence, l expediteur n accepte aucune responsabilite du fait des erreurs ou omissions qui pourraient en resulter. --- ----------------------------------------------------- --- The information contained in this e-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. E-mail communications cannot be guaranteed to be timely secure, error or virus-free. The sender does not accept liability for any errors or omissions which arise as a result. From owner-freebsd-net@FreeBSD.ORG Wed May 12 05:20:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2752416A4CE for ; Wed, 12 May 2004 05:20:34 -0700 (PDT) Received: from grosbein.pp.ru (grgw.svzserv.kemerovo.su [213.184.64.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C14443D53 for ; Wed, 12 May 2004 05:20:33 -0700 (PDT) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (eugen@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.11/8.12.11) with ESMTP id i4CCKUVU000617; Wed, 12 May 2004 20:20:30 +0800 (KRAST) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.11/8.12.11/Submit) id i4CCKUPB000616; Wed, 12 May 2004 20:20:30 +0800 (KRAST) (envelope-from eugen) Date: Wed, 12 May 2004 20:20:30 +0800 From: Eugene Grosbein To: Tim Spencer Message-ID: <20040512122029.GA582@grosbein.pp.ru> References: <20040512010852.GV92927@moo.sysabend.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org cc: xyzzy@sysabend.org Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 12:20:34 -0000 > Do you have filtering turned on/are you allowing multicast out to > the VRRP address? I'm a bit perplexed with "interface em0 is faulty". I What do you mean speaking abount 'allowing multicast out'? I'm having troubles with em0 and multicasts too (this time with RIPv2), can't make them go out all of my emX intefcases simultaneously. Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Wed May 12 08:45:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA25216A4CE; Wed, 12 May 2004 08:45:28 -0700 (PDT) Received: from grosbein.pp.ru (grgw.svzserv.kemerovo.su [213.184.64.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A89E743D53; Wed, 12 May 2004 08:45:27 -0700 (PDT) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (eugen@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.11/8.12.11) with ESMTP id i4CFjDBH001681; Wed, 12 May 2004 23:45:13 +0800 (KRAST) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.11/8.12.11/Submit) id i4CFjDf5001680; Wed, 12 May 2004 23:45:13 +0800 (KRAST) (envelope-from eugen) Date: Wed, 12 May 2004 23:45:13 +0800 From: Eugene Grosbein To: Roman Kurakin Message-ID: <20040512154513.GB1612@grosbein.pp.ru> References: <408CDD45.4EFA2085@kuzbass.ru> <408CFC60.4040708@cronyx.ru> <20040426124632.GA685@grosbein.pp.ru> <408D0C19.2040409@cronyx.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <408D0C19.2040409@cronyx.ru> User-Agent: Mutt/1.4.1i cc: tackerman@freebsd.org cc: net@freebsd.org Subject: [SOLVED] Re: em(4) link flapping X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 15:45:28 -0000 > >>>I tried to replace a cable, to reset the switch, to reboot this > >>>4.9-STABLE > >>>box - nothing helps. What should I try next? > >>Did you tried another port on a switch? > >Yes, I tried several. No change. All other ports of switch > >carry 100Mbit links fine. > Try to plug it to another hardware, other switch or other computer to be > sure. > I think this hardware problem, not software one. And I hope you have a > warranty. You are right. The card is dead - it is detected but not initialized after reboot. Eugene From owner-freebsd-net@FreeBSD.ORG Wed May 12 09:23:55 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10D4816A4CE for ; Wed, 12 May 2004 09:23:55 -0700 (PDT) Received: from mail2.dbitech.ca (radius.wavefire.com [64.141.13.252]) by mx1.FreeBSD.org (Postfix) with SMTP id 6B33743D54 for ; Wed, 12 May 2004 09:23:54 -0700 (PDT) (envelope-from darcy@wavefire.com) Received: (qmail 24642 invoked from network); 12 May 2004 16:42:19 -0000 Received: from dbitech.wavefire.com (HELO ?64.141.15.253?) (darcy@64.141.15.253) by radius.wavefire.com with SMTP; 12 May 2004 16:42:19 -0000 From: Darcy Buskermolen Organization: Wavefire Technologies Corp. To: freebsd-net@freebsd.org Date: Wed, 12 May 2004 09:23:53 -0700 User-Agent: KMail/1.6.2 References: <006f01c43206$eb5f4b20$3200a8c0@cbcoffice> <4097E60D.7090102@mac.com> In-Reply-To: <4097E60D.7090102@mac.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <200405120923.53664.darcy@wavefire.com> Subject: Re: [4.9-R]Can I Make My DSL Connect Go Faster ? (OSX nat hint) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 16:23:55 -0000 On May 4, 2004 11:50 am, Chuck Swiger wrote: > The Jetman wrote: > [ ... ] > > > Wes: I've used a couple of Internet speed tests, at different time= s, > > but always w/ the same configs. Neither config has been modified. All > > of the results are the same. I use ADSLGuide and DLSReports as my speed > > tests, which are in different continents, but both report the same > > speeds. I use different browsers, but Java is what does the deal. > > If you're using a DSL provider like Verizon which uses PPPoE, you might t= ry > adjusting your MTU down to 1490 or so, or else you will fragment large da= ta > packets and encounter quite a slowdown. > > Use something like this in your /etc/rc.conf file: > > ifconfig_fxp0=3D"inet 192.168.1.2 netmask 255.255.255.0 mtu 1490" > > ...or run ifconfig directly and see whether this helps. On this exact note (and for sake of saveing hours for someone else...) , I= =20 recently turned a Macintosh G3 box running OSX 10.3 into a firewall/nat bo= x=20 without using their brain dead "internet shareing" tool. What I found was= =20 their natd sucked wind unless you had the apple vender extention of=20 "clamp_mss yes" in your natd.conf =46rom the natd man page: -clamp_mss This option enables MSS clamping. The MSS value is derived from the MTU of the interface specified in the -interface option. I know this option isn't valid in FreeBSD's natd and I'm not sure if perhap= s=20 it is handleded transparently. But with out this option under OSX I saw=20 simular problems as to what you are describing when natting packets, even=20 though the same download form the gateway were AOK (Perhaps soemone a bit more versed on the internals of nat can comment on t= his=20 under FreeBSD) =2D- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com From owner-freebsd-net@FreeBSD.ORG Wed May 12 14:28:11 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73A1116A4CE for ; Wed, 12 May 2004 14:28:11 -0700 (PDT) Received: from cube.gelatinous.com (rdns.106.161.62.64.fre.communitycolo.net [64.62.161.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0413743D41 for ; Wed, 12 May 2004 14:28:11 -0700 (PDT) (envelope-from scott@gelatinous.com) Received: (qmail 49120 invoked from network); 12 May 2004 21:28:10 -0000 Received: from dsl093-129-198.sfo4.dsl.speakeasy.net (HELO ?192.168.1.183?) (66.93.129.198)SMTP; 12 May 2004 21:28:10 -0000 From: "Scott T. Smith" To: freebsd-net@freebsd.org Content-Type: text/plain Message-Id: <1084397289.8017.30.camel@tinny.home.foo> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 12 May 2004 14:28:09 -0700 Content-Transfer-Encoding: 7bit Subject: em driver losing packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 21:28:11 -0000 I have a Sun 1U server with 2 built in Intel Pro/1000 "LOMs" (though I had the exact same problem with a previous machine using a standalone Intel NIC). I notice that after the machine has been up for 12-20 hours, the network card starts dropping packets. Here is the relevant dmesg info: em0: port 0x2040-0x207f mem 0xfe680000-0xfe69ffff irq 30 at device 7.0 on pci3 em0: Speed:N/A Duplex:N/A em1: port 0x2000-0x203f mem 0xfe6a0000-0xfe6bffff irq 31 at device 7.1 on pci3 em1: Speed:N/A Duplex:N/A .... em0: Link is up 100 Mbps Full Duplex em1: Link is up 1000 Mbps Full Duplex .... Limiting icmp unreach response from 1770 to 200 packets/sec ^^^ Not sure what this is, but I received a bunch of them after everything was working and before everything stopped working .... em1: Excessive collisions = 0 em1: Symbol errors = 0 em1: Sequence errors = 0 em1: Defer count = 0 em1: Missed Packets = 1682 em1: Receive No Buffers = 75 em1: Receive length errors = 0 em1: Receive errors = 0 em1: Crc errors = 0 em1: Alignment errors = 0 em1: Carrier extension errors = 0 em1: XON Rcvd = 0 em1: XON Xmtd = 0 em1: XOFF Rcvd = 0 em1: XOFF Xmtd = 0 em1: Good Packets Rcvd = 119975570 em1: Good Packets Xmtd = 164 em1: Adapter hardware address = 0xc76262ec em1:tx_int_delay = 66, tx_abs_int_delay = 66 em1:rx_int_delay = 488, rx_abs_int_delay = 977 em1: fifo workaround = 0, fifo_reset = 0 em1: hw tdh = 170, hw tdt = 170 em1: Num Tx descriptors avail = 256 em1: Tx Descriptors not avail1 = 0 em1: Tx Descriptors not avail2 = 0 em1: Std mbuf failed = 0 em1: Std mbuf cluster failed = 0 em1: Driver dropped packets = 0 I was running 5.2.1-RELEASE with em driver version 1.7.19 or 1.7.17 (I forget what it comes with). I had the problems so I backported 1.7.25 from 5.2.1-STABLE as of May 10. Same issue. Notice the "missed packets" and "receive no buffers". I assume that means the network card ran out of memory? How much memory does it have? If it uses the mainboard memory, can I make that amount any bigger? The odd thing (which is why I think this is a driver issue) is that it works just fine when the machine is first booted. I am driving approximately 680 mbits/sec of UDP traffic; 1316 byte packets. The only other traffic is arp traffic (em1 has a netmask of 255.255.255.255). I have this problem whether I use kernel polling (HZ=1000) or with rx_abs_int_delay=1000, or with rx_abs_int_delay=500. If I shut off the rx_*int_delay, then CPU load goes to 100% and I still have the same problem. With the abs delay at 1000, cpu load is 90% (about split evenly between user and system). If you have any ideas I'd really appreciate it. Thanks! I'm thinking of trying to backport 1.7.31. Scott From owner-freebsd-net@FreeBSD.ORG Wed May 12 15:03:40 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95D8916A4CE for ; Wed, 12 May 2004 15:03:40 -0700 (PDT) Received: from beelzebubba.sysabend.org (alcatraz.inna.net [209.201.74.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF1F243D3F for ; Wed, 12 May 2004 15:03:39 -0700 (PDT) (envelope-from xyzzy@moo.sysabend.org) Received: from moo.sysabend.org (moo.sysabend.org [66.111.41.70]) by beelzebubba.sysabend.org (Postfix) with SMTP id E51BA14F1B; Wed, 12 May 2004 18:03:50 -0400 (EDT) Received: (nullmailer pid 28151 invoked by uid 14); Wed, 12 May 2004 22:03:37 -0000 Date: Wed, 12 May 2004 15:03:37 -0700 From: Tom Arnold To: Sebastien Petit Message-ID: <20040512220337.GB92927@moo.sysabend.org> References: <20040512010852.GV92927@moo.sysabend.org> <001f01c4380c$24158690$bc0a270a@bum.sub.fr.hsbc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001f01c4380c$24158690$bc0a270a@bum.sub.fr.hsbc> User-Agent: Mutt/1.4i Organization: The Sysabend Dump X-Operating-System: CPM2.2 X-8-Bit-Samples-And-Analog-Filters: Rah! X-Bucket-Brigade-Devices: Rah! cc: freebsd-net@freebsd.org cc: xyzzy@sysabend.org Subject: Re: freevrrp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: xyzzy@sysabend.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 22:03:40 -0000 On Wed, May 12, 2004 at 12:30:26PM +0200, Sebastien Petit wrote: > There is a problem with freevrrpd and em drivers. em driver go down,wait 2 > seconds, and become up again when an SIOCIFLLADDR is used. So a flapping > problem will appear. The last revision in CVS resolve this problem and a new > parameter called carrier_timeout (see the man with the new revision) can be > used to precise the number of seconds for waiting interface to be up. > New parameters for spanning tree latency and vlan has been added because > when a switch port will be down and up, the port switch became in learning > state and a flapping problem will result from that. Try to disable spanning > tree or set the spanning tree parameter with the duration of the learning > state. I grabbed the latest version of CVS yesterday which is how I got it to work at all. Spanning tree is not enabled in the switch. Here's my freevrrpd config from the primary machine. secondary is the same but with 200 for priority. serverid = 1 interface = em0 priority = 255 addr = 192.168.13.209/32 password = dlvip useVMAC = yes carriertimeout = 3 spanningtreelatency = 0 sendgratuitousarp = yes monitoredcircuits = yes AHencryption = no #masterscript = "/usr/local/bin/master_script.sh" #backupscript = "/usr/local/bin/backup_script.sh" Now I can start freevrrpd and within a few seconds the machine is reachable again. if I shut down freevrrpd the machine becomes unreachable for some period of time greater then my ssh timeout. If I start up freevrrpd on the secondary server I get : freevrrpd[64090]: authentification incorrect in a received vrrp packet. Packet is discarded ! And of course at this stage network to both machines becomes flakey as they fight over the vip. Is there a simple patch for .8.7 that makes em0 work? Unfortunatly I was expecting this to be as plug and play as it is on fxp cards, so I'm short on time before my decision point of wasting a few hours on a colo trip to swap the cards out. Thanks! -- ------------------------------------------------------------------------ - Tom Arnold - When I was small, I was in love, - - Sysabend - In love with everything. - - CareTaker - And now there's only you... - -------------- -- Thomas Dolby, "Cloudburst At Shingle Street" - From owner-freebsd-net@FreeBSD.ORG Wed May 12 18:50:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D44F316A4D0 for ; Wed, 12 May 2004 18:50:06 -0700 (PDT) Received: from mx3.mra.co.id (mx3.mra.co.id [202.138.254.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8950F43D1F for ; Wed, 12 May 2004 18:50:05 -0700 (PDT) (envelope-from reza@mra.co.id) Received: from localhost (unknown [127.0.0.1]) by mx3.mra.co.id (Postfix) with ESMTP id 9D8B02E151 for ; Thu, 13 May 2004 09:01:41 +0700 (WIT) Received: from mx3.mra.co.id ([127.0.0.1]) by localhost (mx3.mra.co.id [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73714-24 for ; Thu, 13 May 2004 09:00:26 +0700 (WIT) Received: from mail.mra.co.id (unknown [172.16.0.25]) by mx3.mra.co.id (Postfix) with ESMTP id 3A4842E0E7 for ; Thu, 13 May 2004 09:00:00 +0700 (WIT) Received: from mra.co.id ([172.16.0.228]) by mail.mra.co.id with Microsoft SMTPSVC(5.0.2195.3779); Thu, 13 May 2004 08:46:51 +0700 Message-ID: <40A2D5C8.3040308@mra.co.id> Date: Thu, 13 May 2004 08:56:24 +0700 From: Muhammad Reza User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031008 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 13 May 2004 01:46:51.0050 (UTC) FILETIME=[292B58A0:01C4388C] X-Virus-Scanned: by amavisd-new at mra.co.id Subject: multiple conection to internet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 01:50:06 -0000 Dear BSD'ers Can freebsd routing kernel handle multiple provider (multipath gateway) ? without BGP ? Now I have a (new ) ADSL, and T1 connection to different provider, my LAN is nat-ing behind freebsd router, I want some people in my network to connect to internet via ADSL and some people via T1, based on their IP. They said , i can do that with linux iproute tools, but i dont want to replace my FreeBSD-4.9Stable router with Linux. Please help me, any suggestion is appriciate. regards reza From owner-freebsd-net@FreeBSD.ORG Wed May 12 19:17:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCF2316A4CE for ; Wed, 12 May 2004 19:17:47 -0700 (PDT) Received: from mail.sharmannetworks.com (mail.sharmannetworks.com [210.8.93.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 989CE43D1D for ; Wed, 12 May 2004 19:17:46 -0700 (PDT) (envelope-from devnull@sharmannetworks.com) Received: from sharmannetworks.com ([192.168.1.151]) by mail.sharmannetworks.com over TLS secured channel with Microsoft SMTPSVC(5.0.2195.5329); Thu, 13 May 2004 12:17:44 +1000 Message-ID: <40A2DAC8.2080101@sharmannetworks.com> Date: Thu, 13 May 2004 12:17:44 +1000 From: kazaa-remove Organization: Sharman License Holdings Ltd. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-au, en, es, es-ar MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <006f01c43206$eb5f4b20$3200a8c0@cbcoffice> <4097E60D.7090102@mac.com> <200405120923.53664.darcy@wavefire.com> In-Reply-To: <200405120923.53664.darcy@wavefire.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 13 May 2004 02:17:44.0297 (UTC) FILETIME=[79CA6590:01C43890] Subject: Re: [4.9-R]Can I Make My DSL Connect Go Faster ? (OSX nat hint) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 02:17:47 -0000 Darcy Buskermolen wrote: >I know this option isn't valid in FreeBSD's natd and I'm not sure if perhaps >it is handleded transparently. But with out this option under OSX I saw >simular problems as to what you are describing when natting packets, even >though the same download form the gateway were AOK > >(Perhaps soemone a bit more versed on the internals of nat can comment on this >under FreeBSD) > > with ipnat you can use the option mssclamp [VALUE] Else, you can use tcpmssd (from /usr/ports/net/tcpmssd) to change your MSS on the fly. Cheers, Beto From owner-freebsd-net@FreeBSD.ORG Wed May 12 20:22:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A44E16A4CE for ; Wed, 12 May 2004 20:22:32 -0700 (PDT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AEB343D48 for ; Wed, 12 May 2004 20:22:31 -0700 (PDT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 1F08A652FE; Thu, 13 May 2004 04:22:29 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 07741-04-3; Thu, 13 May 2004 04:22:28 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 97074652EC; Thu, 13 May 2004 04:22:23 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 8E76060FF; Thu, 13 May 2004 04:22:22 +0100 (BST) Date: Thu, 13 May 2004 04:22:22 +0100 From: Bruce M Simpson To: Muhammad Reza Message-ID: <20040513032222.GC20186@empiric.dek.spc.org> Mail-Followup-To: Muhammad Reza , freebsd-net@freebsd.org References: <40A2D5C8.3040308@mra.co.id> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40A2D5C8.3040308@mra.co.id> cc: freebsd-net@freebsd.org Subject: Re: multiple conection to internet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 03:22:32 -0000 On Thu, May 13, 2004 at 08:56:24AM +0700, Muhammad Reza wrote: > I want some people in my network to connect to internet via ADSL and some > people via T1, based on their IP. > They said , i can do that with linux iproute tools, but i dont want to > replace my FreeBSD-4.9Stable router with Linux. Yes, using ipfw, ipfilter and pf firewall 'forwarding' rules. Regards, BMS From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:01:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CBF916A4CE; Thu, 13 May 2004 01:01:12 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19A3143D1D; Thu, 13 May 2004 01:01:10 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])i4D8127s095990; Thu, 13 May 2004 16:01:02 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <40A3393F.1391943E@kuzbass.ru> Date: Thu, 13 May 2004 17:00:47 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: net@freebsd.org Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: ipfw@freebsd.org Subject: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:01:12 -0000 Hi! When a rule 'reset tcp' matches, a kernel generates new TCP packet. Will it have to go through ipfw list (from the beginning or not)? Eugene Grosbein From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:23:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 846D816A4CE; Thu, 13 May 2004 01:23:45 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4309A43D53; Thu, 13 May 2004 01:23:45 -0700 (PDT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i4D8Nigd015420; Thu, 13 May 2004 01:23:44 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i4D8Nie5015419; Thu, 13 May 2004 01:23:44 -0700 (PDT) (envelope-from rizzo) Date: Thu, 13 May 2004 01:23:44 -0700 From: Luigi Rizzo To: Eugene Grosbein Message-ID: <20040513012344.A12373@xorpc.icir.org> References: <40A3393F.1391943E@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <40A3393F.1391943E@kuzbass.ru>; from eugen@kuzbass.ru on Thu, May 13, 2004 at 05:00:47PM +0800 cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:23:45 -0000 On Thu, May 13, 2004 at 05:00:47PM +0800, Eugene Grosbein wrote: > Hi! > > When a rule 'reset tcp' matches, a kernel generates new TCP packet. > Will it have to go through ipfw list (from the beginning or not)? ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i only used it for the keepalives or also for TCP reset packets cheers luigi From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:32:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BF9316A4CE; Thu, 13 May 2004 01:32:05 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9E3443D45; Thu, 13 May 2004 01:32:03 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])i4D8W1A9098468; Thu, 13 May 2004 16:32:01 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <40A34082.F0182B31@kuzbass.ru> Date: Thu, 13 May 2004 17:31:46 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: Luigi Rizzo References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:32:05 -0000 Luigi Rizzo wrote: > > When a rule 'reset tcp' matches, a kernel generates new TCP packet. > > Will it have to go through ipfw list (from the beginning or not)? > > ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i > only used it for the keepalives or also for TCP reset packets Please check. I suspect it does not enter ipfw itself, it is not processed by my natd and bad things happen here. Eugene From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:35:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88C2216A4CE; Thu, 13 May 2004 01:35:45 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9207443D2D; Thu, 13 May 2004 01:35:44 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i4D8Zgvw031414 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 May 2004 12:35:43 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i4D8Zg0S031413; Thu, 13 May 2004 12:35:42 +0400 (MSD) Date: Thu, 13 May 2004 12:35:42 +0400 From: Gleb Smirnoff To: Eugene Grosbein Message-ID: <20040513083542.GD31159@cell.sick.ru> References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <40A34082.F0182B31@kuzbass.ru> User-Agent: Mutt/1.5.6i cc: Luigi Rizzo cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:35:45 -0000 On Thu, May 13, 2004 at 05:31:46PM +0800, Eugene Grosbein wrote: E> > > When a rule 'reset tcp' matches, a kernel generates new TCP packet. E> > > Will it have to go through ipfw list (from the beginning or not)? E> > E> > ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i E> > only used it for the keepalives or also for TCP reset packets E> E> Please check. I suspect it does not enter ipfw itself, E> it is not processed by my natd and bad things happen here. According to send_pkt() in ip_fw2.c it does not pass firewall, since M_SKIP_FIREWALL is set. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:37:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E144316A4CE; Thu, 13 May 2004 01:37:17 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3FF443D45; Thu, 13 May 2004 01:37:17 -0700 (PDT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i4D8bHgd016823; Thu, 13 May 2004 01:37:17 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i4D8bHqH016822; Thu, 13 May 2004 01:37:17 -0700 (PDT) (envelope-from rizzo) Date: Thu, 13 May 2004 01:37:17 -0700 From: Luigi Rizzo To: Eugene Grosbein Message-ID: <20040513013717.A16394@xorpc.icir.org> References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <40A34082.F0182B31@kuzbass.ru>; from eugen@kuzbass.ru on Thu, May 13, 2004 at 05:31:46PM +0800 cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:37:18 -0000 On Thu, May 13, 2004 at 05:31:46PM +0800, Eugene Grosbein wrote: > Luigi Rizzo wrote: > > > > When a rule 'reset tcp' matches, a kernel generates new TCP packet. > > > Will it have to go through ipfw list (from the beginning or not)? > > > > ipfw2 uses an mbuf flag to bypass the firewall - I am not sure if i > > only used it for the keepalives or also for TCP reset packets > > Please check. I suspect it does not enter ipfw itself, yes it does skip the firewall, see ip_fw2.c:send_pkt() near the end: ip_rtaddr(ip->ip_dst, &sro); ---> m->m_flags |= M_SKIP_FIREWALL; ip_output(m, NULL, &sro, 0, NULL, NULL); removing the M_SKIP_FIREWALL would let ipfw process the packet too. HOWEVER: i think it is a bug in the general case to reprocess internally-generated packet, because you would rely on a correct ipfw configuration to avoid loops (which might not be the case). I have no idea how ipfw1 used to do (and i am not goin to check!) but i don't think the generated packet did reenter the firewall. cheers luigi > it is not processed by my natd and bad things happen here. > > Eugene From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:55:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D9BF16A4F9; Thu, 13 May 2004 01:55:23 -0700 (PDT) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08A3343D2F; Thu, 13 May 2004 01:55:22 -0700 (PDT) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82])i4D8tKIE000179; Thu, 13 May 2004 16:55:20 +0800 (KRAST) (envelope-from eugen@kuzbass.ru) Message-ID: <40A345F9.1460F5C4@kuzbass.ru> Date: Thu, 13 May 2004 17:55:05 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.8 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: Luigi Rizzo References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> <20040513013717.A16394@xorpc.icir.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:55:23 -0000 Luigi Rizzo wrote: > > Please check. I suspect it does not enter ipfw itself, > > yes it does skip the firewall, see ip_fw2.c:send_pkt() near the > end: > > ip_rtaddr(ip->ip_dst, &sro); > ---> m->m_flags |= M_SKIP_FIREWALL; > ip_output(m, NULL, &sro, 0, NULL, NULL); > > removing the M_SKIP_FIREWALL would let ipfw process the > packet too. HOWEVER: i think it is a bug in the general case > to reprocess internally-generated packet, because you would rely > on a correct ipfw configuration to avoid loops (which might not > be the case). > > I have no idea how ipfw1 used to do (and i am not goin to check!) > but i don't think the generated packet did reenter the firewall. I use ipfw2. Please make it possible (using sysctl or any other mean) to disable M_SKIP_FIREWALL for such packets (I suppose 'unreach' rules are affected too). I DO need to process ALL outgoing packets. For exapmle, I must use 'ipfw fwd' (to implement policy routing) for the packets with source IP like this. Eugene From owner-freebsd-net@FreeBSD.ORG Thu May 13 01:58:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B479816A4CF; Thu, 13 May 2004 01:58:32 -0700 (PDT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBD8243D1F; Thu, 13 May 2004 01:58:31 -0700 (PDT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i4D93JSJ033354 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 May 2004 12:03:21 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i4D8wPWV072197; Thu, 13 May 2004 11:58:25 +0300 (EEST) (envelope-from ru) Date: Thu, 13 May 2004 11:58:25 +0300 From: Ruslan Ermilov To: net@FreeBSD.org Message-ID: <20040513085825.GA72152@ip.net.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HlL+5n6rz5pIUxbD" Content-Disposition: inline User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: Bill Paul Subject: Looking for a Broadcom BCM5704 datasheet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 08:58:32 -0000 --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear networkers, I'm looking for a Broadcom BCM5704[S] technical datasheet. If anyone has such a beast, or knows how one could obtain it, please let me know. Thanks in advance, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAozixUkv4P6juNwoRAoPrAJ99fi7m5I/JoaLwRV0bswJXlaGoqACeLMeB CiLcOaUePXBAObnHSdp9Kps= =tZbl -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD-- From owner-freebsd-net@FreeBSD.ORG Thu May 13 02:11:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F10C16A4CE; Thu, 13 May 2004 02:11:38 -0700 (PDT) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B69ED43D5A; Thu, 13 May 2004 02:11:36 -0700 (PDT) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i4D9BYvw031677 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 May 2004 13:11:35 +0400 (MSD) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i4D9BYhw031676; Thu, 13 May 2004 13:11:34 +0400 (MSD) Date: Thu, 13 May 2004 13:11:34 +0400 From: Gleb Smirnoff To: Eugene Grosbein Message-ID: <20040513091134.GA31609@cell.sick.ru> References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> <20040513013717.A16394@xorpc.icir.org> <40A345F9.1460F5C4@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <40A345F9.1460F5C4@kuzbass.ru> User-Agent: Mutt/1.5.6i cc: Luigi Rizzo cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 09:11:38 -0000 On Thu, May 13, 2004 at 05:55:05PM +0800, Eugene Grosbein wrote: E> Please make it possible (using sysctl or any other mean) to E> disable M_SKIP_FIREWALL for such packets (I suppose 'unreach' rules E> are affected too). I DO need to process ALL outgoing packets. E> For exapmle, I must use 'ipfw fwd' (to implement policy routing) E> for the packets with source IP like this. Better idea is to separate policy routing decisions from packet filter. However, implementing this is much more difficult, than just removing one string from send_pkt(). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-net@FreeBSD.ORG Thu May 13 06:48:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2349516A4CE; Thu, 13 May 2004 06:48:58 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE6DB43D2D; Thu, 13 May 2004 06:48:57 -0700 (PDT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i4DDmvgd045189; Thu, 13 May 2004 06:48:57 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i4DDmucg045188; Thu, 13 May 2004 06:48:56 -0700 (PDT) (envelope-from rizzo) Date: Thu, 13 May 2004 06:48:56 -0700 From: Luigi Rizzo To: Eugene Grosbein Message-ID: <20040513064856.B42908@xorpc.icir.org> References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> <20040513013717.A16394@xorpc.icir.org> <40A345F9.1460F5C4@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <40A345F9.1460F5C4@kuzbass.ru>; from eugen@kuzbass.ru on Thu, May 13, 2004 at 05:55:05PM +0800 cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 13:48:58 -0000 On Thu, May 13, 2004 at 05:55:05PM +0800, Eugene Grosbein wrote: ... > > removing the M_SKIP_FIREWALL would let ipfw process the > > packet too. HOWEVER: i think it is a bug in the general case > > to reprocess internally-generated packet, because you would rely > > on a correct ipfw configuration to avoid loops (which might not > > be the case). > > > > I have no idea how ipfw1 used to do (and i am not goin to check!) > > but i don't think the generated packet did reenter the firewall. > > I use ipfw2. > > Please make it possible (using sysctl or any other mean) to > disable M_SKIP_FIREWALL for such packets (I suppose 'unreach' rules > are affected too). I DO need to process ALL outgoing packets. > For exapmle, I must use 'ipfw fwd' (to implement policy routing) > for the packets with source IP like this. ok the situation is the following: 1.- unreach rules send packets through send_reject() which in turn calls icmp_error() which in turn goes through the firewall; This is safe because ipfw2 will not generate an ICMP reject in response to an ICMP packets so loops are avoided; 2.- all other firewall-generated TCP packets (rst and keepalives) go through send_pkt() and then bypass the firewall. The only way we could safely go through the firewall again is to make sure that we never send a RST in response to a RST (need to add an additional check in O_REJECT). Give me a few days (i.e. ping me again on monday!) to come up with a safe patch to do this, which does not rely on the programmer to DTRT and avoid loops. cheers luigi From owner-freebsd-net@FreeBSD.ORG Thu May 13 06:55:44 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4667C16A4CE; Thu, 13 May 2004 06:55:44 -0700 (PDT) Received: from grosbein.pp.ru (grgw.svzserv.kemerovo.su [213.184.64.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5781643D55; Thu, 13 May 2004 06:55:42 -0700 (PDT) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (eugen@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.11/8.12.11) with ESMTP id i4DDtdZh013245; Thu, 13 May 2004 21:55:39 +0800 (KRAST) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.11/8.12.11/Submit) id i4DDtdsT013244; Thu, 13 May 2004 21:55:39 +0800 (KRAST) (envelope-from eugen) Date: Thu, 13 May 2004 21:55:39 +0800 From: Eugene Grosbein To: Luigi Rizzo Message-ID: <20040513135539.GA13211@grosbein.pp.ru> References: <40A3393F.1391943E@kuzbass.ru> <20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru> <20040513013717.A16394@xorpc.icir.org> <40A345F9.1460F5C4@kuzbass.ru> <20040513064856.B42908@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040513064856.B42908@xorpc.icir.org> User-Agent: Mutt/1.4.1i cc: ipfw@freebsd.org cc: net@freebsd.org Subject: Re: ipfw: reset tcp X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 13:55:44 -0000 On Thu, May 13, 2004 at 06:48:56AM -0700, Luigi Rizzo wrote: > 2.- all other firewall-generated TCP packets (rst and keepalives) > go through send_pkt() and then bypass the firewall. > The only way we could safely go through the firewall again is > to make sure that we never send a RST in response to a RST (need > to add an additional check in O_REJECT). > > Give me a few days (i.e. ping me again on monday!) to come up with > a safe patch to do this, which does not rely on the programmer to > DTRT and avoid loops. Thanks a lot! Eugene From owner-freebsd-net@FreeBSD.ORG Thu May 13 08:48:08 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D625F16A4CE for ; Thu, 13 May 2004 08:48:08 -0700 (PDT) Received: from mxsf12.cluster1.charter.net (mxsf12.cluster1.charter.net [209.225.28.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id B620743D5A for ; Thu, 13 May 2004 08:48:07 -0700 (PDT) (envelope-from archie@dellroad.org) Received: from InterJet.dellroad.org (public.cpe.mvllo.al.charter.com [24.196.20.72])i4DFU4qE053669 for ; Thu, 13 May 2004 11:30:04 -0400 (EDT) Received: from arch20m.dellroad.org ([10.104.180.64]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA52929 for ; Thu, 13 May 2004 10:23:25 -0500 (CDT) Received: from arch20m.dellroad.org (localhost [127.0.0.1]) by arch20m.dellroad.org (8.12.9p2/8.12.9) with ESMTP id i4DFNJnk000625 for ; Thu, 13 May 2004 10:23:20 -0500 (CDT) (envelope-from archie@arch20m.dellroad.org) Received: (from archie@localhost) by arch20m.dellroad.org (8.12.9p2/8.12.9/Submit) id i4DFNIW5000624 for freebsd-net@freebsd.org; Thu, 13 May 2004 10:23:18 -0500 (CDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200405131523.i4DFNIW5000624@arch20m.dellroad.org> To: freebsd-net@freebsd.org Date: Thu, 13 May 2004 10:23:18 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM1084461798-608-0_ Content-Transfer-Encoding: 7bit Subject: ng_ether patch: need testers X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 15:48:09 -0000 --ELM1084461798-608-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Could somebody test out the attached patch on a -current machine? I don't have one handy. This patch allows the ng_ether(4) "lower" and "orphans" hooks to be used simultaneously (see also PR kern/63317). Thanks, -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com --ELM1084461798-608-0_ Content-Transfer-Encoding: 7bit Content-Type: text/x-patch Content-Disposition: attachment; filename=ng_ether.patch Content-Description: Index: share/man/man4/ng_ether.4 =================================================================== RCS file: /home/ncvs/src/share/man/man4/ng_ether.4,v retrieving revision 1.20 diff -u -r1.20 ng_ether.4 --- share/man/man4/ng_ether.4 21 Apr 2004 19:47:33 -0000 1.20 +++ share/man/man4/ng_ether.4 10 May 2004 14:24:51 -0000 @@ -97,12 +97,12 @@ hook is equivalent to .Va lower , except that only unrecognized packets (that would otherwise be discarded) -are written to the hook, and normal incoming traffic is unaffected. -At most one of +are written to the hook, while other normal incoming traffic is unaffected. +Unrecognized packets written to +.Va upper +will be forwarded back out to .Va orphans -and -.Va lower -may be connected at any time. +if connected. .Pp In all cases, frames are raw Ethernet frames with the standard 14 byte Ethernet header (but no checksum). Index: sys/netgraph/ng_ether.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ether.c,v retrieving revision 1.33 diff -u -r1.33 ng_ether.c --- sys/netgraph/ng_ether.c 18 Apr 2004 01:15:32 -0000 1.33 +++ sys/netgraph/ng_ether.c 10 May 2004 14:24:51 -0000 @@ -70,8 +70,8 @@ struct private { struct ifnet *ifp; /* associated interface */ hook_p upper; /* upper hook connection */ - hook_p lower; /* lower OR orphan hook connection */ - u_char lowerOrphan; /* whether lower is lower or orphan */ + hook_p lower; /* lower hook connection */ + hook_p orphan; /* orphan hook connection */ u_char autoSrcAddr; /* always overwrite source address */ u_char promisc; /* promiscuous mode enabled */ u_long hwassist; /* hardware checksum capabilities */ @@ -94,7 +94,6 @@ static void ng_ether_detach(struct ifnet *ifp); /* Other functions */ -static void ng_ether_input2(node_p node, struct mbuf **mp); static int ng_ether_rcv_lower(node_p node, struct mbuf *m, meta_p meta); static int ng_ether_rcv_upper(node_p node, struct mbuf *m, meta_p meta); @@ -201,11 +200,12 @@ { const node_p node = IFP2NG(ifp); const priv_p priv = NG_NODE_PRIVATE(node); + int error; /* If "lower" hook not connected, let packet continue */ - if (priv->lower == NULL || priv->lowerOrphan) + if (priv->lower == NULL) return; - ng_ether_input2(node, mp); + NG_SEND_DATA_ONLY(error, priv->lower, *mp); /* sets *mp = NULL */ } /* @@ -219,33 +219,14 @@ { const node_p node = IFP2NG(ifp); const priv_p priv = NG_NODE_PRIVATE(node); + int error; - /* If "orphan" hook not connected, let packet continue */ - if (priv->lower == NULL || !priv->lowerOrphan) { + /* If "orphan" hook not connected, discard packet */ + if (priv->orphan == NULL) { m_freem(m); return; } - ng_ether_input2(node, &m); - if (m != NULL) - m_freem(m); -} - -/* - * Handle a packet that has come in on an ethernet interface. - * The Ethernet header has already been detached from the mbuf, - * so we have to put it back. - * - * NOTE: this function will get called at splimp() - */ -static void -ng_ether_input2(node_p node, struct mbuf **mp) -{ - const priv_p priv = NG_NODE_PRIVATE(node); - int error; - - /* Send out lower/orphan hook */ - NG_SEND_DATA_ONLY(error, priv->lower, *mp); - *mp = NULL; + NG_SEND_DATA_ONLY(error, priv->orphan, m); } /* @@ -352,7 +333,6 @@ ng_ether_newhook(node_p node, hook_p hook, const char *name) { const priv_p priv = NG_NODE_PRIVATE(node); - u_char orphan = priv->lowerOrphan; hook_p *hookptr; /* Divert hook is an alias for lower */ @@ -362,13 +342,11 @@ /* Which hook? */ if (strcmp(name, NG_ETHER_HOOK_UPPER) == 0) hookptr = &priv->upper; - else if (strcmp(name, NG_ETHER_HOOK_LOWER) == 0) { - hookptr = &priv->lower; - orphan = 0; - } else if (strcmp(name, NG_ETHER_HOOK_ORPHAN) == 0) { + else if (strcmp(name, NG_ETHER_HOOK_LOWER) == 0) hookptr = &priv->lower; - orphan = 1; - } else + else if (strcmp(name, NG_ETHER_HOOK_ORPHAN) == 0) + hookptr = &priv->orphan; + else return (EINVAL); /* Check if already connected (shouldn't be, but doesn't hurt) */ @@ -381,7 +359,6 @@ /* OK */ *hookptr = hook; - priv->lowerOrphan = orphan; return (0); } @@ -514,18 +491,18 @@ NGI_GET_M(item, m); NGI_GET_META(item, meta); NG_FREE_ITEM(item); - if (hook == priv->lower) + if (hook == priv->lower || hook == priv->orphan) return ng_ether_rcv_lower(node, m, meta); if (hook == priv->upper) return ng_ether_rcv_upper(node, m, meta); panic("%s: weird hook", __func__); -#ifdef RESTARTABLE_PANICS /* so we don;t get an error msg in LINT */ +#ifdef RESTARTABLE_PANICS /* so we don't get an error msg in LINT */ return NULL; #endif } /* - * Handle an mbuf received on the "lower" hook. + * Handle an mbuf received on the "lower" or "orphan" hook. */ static int ng_ether_rcv_lower(node_p node, struct mbuf *m, meta_p meta) @@ -629,10 +606,11 @@ priv->upper = NULL; if (priv->ifp != NULL) /* restore h/w csum */ priv->ifp->if_hwassist = priv->hwassist; - } else if (hook == priv->lower) { + } else if (hook == priv->lower) priv->lower = NULL; - priv->lowerOrphan = 0; - } else + else if (hook == priv->orphan) + priv->orphan = NULL; + else panic("%s: weird hook", __func__); if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0) && (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))) --ELM1084461798-608-0_-- From owner-freebsd-net@FreeBSD.ORG Thu May 13 18:44:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 482A616A4CE for ; Thu, 13 May 2004 18:44:05 -0700 (PDT) Received: from mail.sharmannetworks.com (mail.sharmannetworks.com [210.8.93.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB3A243D53 for ; Thu, 13 May 2004 18:44:03 -0700 (PDT) (envelope-from freebsd@meijome.net) Received: from meijome.net ([192.168.1.137]) by mail.sharmannetworks.com over TLS secured channel with Microsoft SMTPSVC(5.0.2195.5329); Fri, 14 May 2004 11:43:58 +1000 Message-ID: <40A4245E.5030409@meijome.net> Date: Fri, 14 May 2004 11:43:58 +1000 From: Norberto Meijome User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-au, en, es, es-ar MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 14 May 2004 01:43:58.0665 (UTC) FILETIME=[ECD53B90:01C43954] Subject: divert with ipnat instead of ipfw? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 01:44:05 -0000 Hi all, My setup : -- FreeBSD hostname 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #2: Wed Apr 28 09:40:43 EST 2004 fxp0 : link to the outside world fxp1 : link to LAN fxp2 : link to DMZ ipf firewall ipnat for LAN and rdr for services. -- I'm running tcpmssd to fix MSS: /usr/local/bin/tcpmssd -p 1000 -i fxp2 and I have the ipfw line that redirects all the traffic from fxp2 into tcpmssd: ipfw add divert 1000 tcp from x.x.x.x/y to any out via fxp0 setup (where x.x.x.x/y is the subnet behind fxp2). This works fine, but I was wondering how to do this with ipnat's rdr configuration line (rather keep ipfw for bwlimiting). I haven't managed to figure out how to redirect ALL traffic from fxp2 to that port. I can do it on a port by part basis, but I need all traffic to go through it. I tried : rdr fxp2 0.0.0.0/0 port 0-65535 -> 127.0.0.1 port 1000 but tcpmssd with -v showed no made. ipfw not used for anything else right now. Any hints? Thanks!! Beto From owner-freebsd-net@FreeBSD.ORG Thu May 13 22:34:16 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1C7416A4CE for ; Thu, 13 May 2004 22:34:16 -0700 (PDT) Received: from hotmail.com (bay13-dav48.bay13.hotmail.com [64.4.31.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74BF343D4C for ; Thu, 13 May 2004 22:34:16 -0700 (PDT) (envelope-from naga_raju_@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 May 2004 22:34:18 -0700 Received: from 203.200.20.226 by bay13-dav48.bay13.hotmail.com with DAV; Fri, 14 May 2004 05:34:18 +0000 X-Originating-IP: [203.200.20.226] X-Originating-Email: [naga_raju_@hotmail.com] X-Sender: naga_raju_@hotmail.com From: "Nagaraju" To: References: <20040513190100.7034D16A4D1@hub.freebsd.org> Date: Fri, 14 May 2004 11:07:16 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-ID: X-OriginalArrivalTime: 14 May 2004 05:34:18.0699 (UTC) FILETIME=[1A3711B0:01C43975] Subject: ttcp problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 05:34:16 -0000 I started a T/TCP connection and started sending packets. Client sent first packet with SYN,data1,PSH,FIN. But server is sending SYN-ACK and igonring the data which is sent because of SYN-flood attack DOS protection. Client had to send the data1 packet again. After this time, server is able to send FIN,data2,ACK at one time. How to have, protection from SYN-flood attack and minimal T/TCP transactions both at the same time. I am using FreeBSD4.9 release with minor modifications. Thanks in advance, Nagaraju. From owner-freebsd-net@FreeBSD.ORG Fri May 14 02:38:19 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7605716A4CE for ; Fri, 14 May 2004 02:38:19 -0700 (PDT) Received: from fbsd.lv (fbsd.lv [159.148.95.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id D759D43D45 for ; Fri, 14 May 2004 02:38:18 -0700 (PDT) (envelope-from artis@fbsd.lv) Received: by fbsd.lv (Postfix, from userid 10000) id 44D71C129; Fri, 14 May 2004 12:38:17 +0300 (EEST) Date: Fri, 14 May 2004 12:38:17 +0300 From: Artis Caune To: freebsd-net@freebsd.org Message-ID: <20040514093817.GA54302@fbsd.lv> References: <200404291422.56670.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <200404291422.56670.max@love2party.net> Subject: Re: 'struct ifnet' question! X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 09:38:19 -0000 Thanks, event handlers looks very trivial to implement. My thoughts was: userland read rules and check if interface exist with: 'if_nametoindex(interface)' call. kernel stores rules without any knowledge about interface name or direction, because I use seperate decision tree for every interface + direction pair. When module got departure event, all rules are flushed from in/out decision tree: flush_rules(decision_tree[ifp->if_index]->out); flush_rules(decision_tree[ifp->if_index]->in); because if interface is gone, rules are not valid: # ifconfig vlan0 create if_findindex() returns index 6 # load rules with '... in on vlan0 ...' kernel store rules in 'decision_tree[6]->in' # ifconfig vlan0 destory here we must flush all vlan0 rules # ifconfig gif0 create gif0 got index 6 if we don't flush old rules, gif0 will use vlan0 rules because index is reused... And here is the problem: If i watch departure events, interface renaming feature will flush walid rules: case SIOCSIFNAME: ... EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); ... change if_xname ... EVENTHANDLER_INVOKE(ifnet_arrival_event, ifp); how about another event? ;) EVENTHANDLER_INVOKE(ifnet_rename_event, ifp->ifx_name, new_name); strlcpy(ifp->if_xname, new_name, sizeof(ifp->if_xname)); > The other (big) problem in this field is, how to handle yet unknown interfaces > (e.g. USB/Cardbus/ppp/tun/...). What is about usb/cardbus/... interfaces? Don't they also call ether_ifattach()/if_attach()? -- Artis On Thu, Apr 29, 2004 at 02:22:47PM +0200, Max Laier wrote: > Yes there is, in -current you will find some eventhandlers (in if_var.h and > if_clone.h) which allow you to get a notification when an interface arrives > or leaves. Pf (from OpenBSD 3.5) will use them to do exactly what you are > planning, to have O(1) interface look-ups. > > Attached is my WIP version of the pf interface handling, which might be a bit > too complex for your purpose, but should give you the idea. > > -- > Best regards, | mlaier@freebsd.org > Max Laier | ICQ #67774661 > http://pf4freebsd.love2party.net/ | mlaier@EFnet From owner-freebsd-net@FreeBSD.ORG Fri May 14 04:02:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E070216A4CE; Fri, 14 May 2004 04:02:56 -0700 (PDT) Received: from webmail.tiscali.de (relay1.tiscali.de [62.26.116.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CE9A43D41; Fri, 14 May 2004 04:02:55 -0700 (PDT) (envelope-from walter@pelissero.de) Received: from daemon.home.loc (62.246.4.95) by webmail.tiscali.de (6.7.019) id 40A26E8A0009CD13; Fri, 14 May 2004 13:02:46 +0200 Received: from hyde.home.loc (hyde.home.loc [10.0.0.2]) by daemon.home.loc (8.12.11/8.12.8) with ESMTP id i4EB1sKx000842; Fri, 14 May 2004 13:01:54 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: from hyde.home.loc (localhost [127.0.0.1]) by hyde.home.loc (8.12.10/8.12.8) with ESMTP id i4EB2Nbo002099; Fri, 14 May 2004 13:02:23 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: (from wcp@localhost) by hyde.home.loc (8.12.10/8.12.6/Submit) id i4EB2MP8002096; Fri, 14 May 2004 13:02:22 +0200 (CEST) (envelope-from wcp) Message-ID: <16548.42814.515842.247302@hyde.home.loc> Date: Fri, 14 May 2004 13:02:22 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: "Walter C. Pelissero" To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org X-Mailer: VM 7.16 under Emacs 21.3.50.1 X-Attribution: WP X-For-Spammers: blacklistme@pelissero.de Subject: Dlink DSL router doesn't like FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: walter@pelissero.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 11:02:57 -0000 I'm trying to make work a D-Link 504T DSL router/switch with FreeBSD 5.2.1-RELEASE-p6. I've already realised that IPv6 is not supported by the router so I compiled an IPv4-only kernel and got to work DNS, HTTP, and FTP. My problem is that ssh and telnet don't work. I get as far as the Password prompt, I type it in, and then ssh freezes for a couple of minutes until it probably goes in timeout and gives up. The D-Link help desk is useless; the only thing they suggested was to return the router to where I bought it. I've anyhow the impression that the problem might not completely be the router's fault. In fact I plugged a Windoze machine, installed PuTTY, and ssh seems to work flawlessly. What am I missing here? Thanks in advance, -- walter pelissero http://www.pelissero.de From owner-freebsd-net@FreeBSD.ORG Fri May 14 04:12:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68E6F16A4CE; Fri, 14 May 2004 04:12:36 -0700 (PDT) Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.8.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3978D43D48; Fri, 14 May 2004 04:12:35 -0700 (PDT) (envelope-from kheuer2@gwdg.de) Received: from gwdu60.gwdg.de (localhost [127.0.0.1]) by gwdu60.gwdg.de (8.12.9p2/8.12.8) with ESMTP id i4EBCYrB071828; Fri, 14 May 2004 13:12:34 +0200 (CEST) (envelope-from kheuer2@gwdg.de) Received: from localhost (kheuer2@localhost)i4EBCXga071825; Fri, 14 May 2004 13:12:33 +0200 (CEST) X-Authentication-Warning: gwdu60.gwdg.de: kheuer2 owned process doing -bs Date: Fri, 14 May 2004 13:12:33 +0200 (CEST) From: Konrad Heuer To: "Walter C. Pelissero" In-Reply-To: <16548.42814.515842.247302@hyde.home.loc> Message-ID: <20040514130804.H66551@gwdu60.gwdg.de> References: <16548.42814.515842.247302@hyde.home.loc> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Dlink DSL router doesn't like FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 11:12:36 -0000 On Fri, 14 May 2004, Walter C. Pelissero wrote: > I'm trying to make work a D-Link 504T DSL router/switch with FreeBSD > 5.2.1-RELEASE-p6. > > I've already realised that IPv6 is not supported by the router so I > compiled an IPv4-only kernel and got to work DNS, HTTP, and FTP. > > My problem is that ssh and telnet don't work. I get as far as the > Password prompt, I type it in, and then ssh freezes for a couple of > minutes until it probably goes in timeout and gives up. > > The D-Link help desk is useless; the only thing they suggested was to > return the router to where I bought it. I've anyhow the impression > that the problem might not completely be the router's fault. In fact > I plugged a Windoze machine, installed PuTTY, and ssh seems to work > flawlessly. > > What am I missing here? I'd try two things: 1) ssh -vvv user@hostname 2) tcpdump -vv (while trying to connect by telnet or ssh) You might have a chance to see where problems occur. Or to repost your question with relevant sections of the output included. Best regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ Germany From owner-freebsd-net@FreeBSD.ORG Fri May 14 04:18:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB52816A4D1; Fri, 14 May 2004 04:18:36 -0700 (PDT) Received: from sun-fish.com (blah.sun-fish.com [62.176.125.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id C770943D62; Fri, 14 May 2004 04:18:35 -0700 (PDT) (envelope-from vladimir.terziev@sun-fish.com) Received: by sun-fish.com (Postfix, from userid 1008) id 9FAD514A92; Fri, 14 May 2004 13:18:33 +0200 (CEST) Received: from daemon.cmotd.com (daemon.cmotd.com [192.168.3.104]) by sun-fish.com (Postfix) with SMTP id 4426B14A91; Fri, 14 May 2004 13:18:33 +0200 (CEST) Date: Fri, 14 May 2004 14:18:33 +0300 From: Vladimir Terziev To: Konrad Heuer Message-Id: <20040514141833.13116eef@daemon.cmotd.com> In-Reply-To: <20040514130804.H66551@gwdu60.gwdg.de> References: <16548.42814.515842.247302@hyde.home.loc> <20040514130804.H66551@gwdu60.gwdg.de> Organization: SunFish Ltd. X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-unknown-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: "Walter C. Pelissero" cc: freebsd-questions@freebsd.org Subject: Re: Dlink DSL router doesn't like FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 11:18:37 -0000 Try connection to the router via SSHv1 protocol and without X11 forwarding. I had similar problems with Cisco routers with old Cisco IOS. They liked only SSH connections via SSHv1 and without X11 forwarding. Best regards, Vladimir On Fri, 14 May 2004 13:12:33 +0200 (CEST) Konrad Heuer wrote: > > On Fri, 14 May 2004, Walter C. Pelissero wrote: > > > I'm trying to make work a D-Link 504T DSL router/switch with FreeBSD > > 5.2.1-RELEASE-p6. > > > > I've already realised that IPv6 is not supported by the router so I > > compiled an IPv4-only kernel and got to work DNS, HTTP, and FTP. > > > > My problem is that ssh and telnet don't work. I get as far as the > > Password prompt, I type it in, and then ssh freezes for a couple of > > minutes until it probably goes in timeout and gives up. > > > > The D-Link help desk is useless; the only thing they suggested was to > > return the router to where I bought it. I've anyhow the impression > > that the problem might not completely be the router's fault. In fact > > I plugged a Windoze machine, installed PuTTY, and ssh seems to work > > flawlessly. > > > > What am I missing here? > > I'd try two things: > > 1) ssh -vvv user@hostname > 2) tcpdump -vv (while trying to connect by telnet or ssh) > > You might have a chance to see where problems occur. Or to repost your > question with relevant sections of the output included. > > Best regards > > Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ > GWDG / __/______ ___ / _ )/ __/ _ \ > Am Fassberg / _// __/ -_) -_) _ |\ \/ // / > 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ > Germany > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Fri May 14 09:20:34 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21F0916A4CE; Fri, 14 May 2004 09:20:34 -0700 (PDT) Received: from blake.polstra.com (blake.polstra.com [64.81.189.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99CAB43D3F; Fri, 14 May 2004 09:20:33 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from strings.polstra.com (dsl081-189-067.sea1.dsl.speakeasy.net [64.81.189.67]) by blake.polstra.com (8.12.11/8.12.11) with ESMTP id i4EGKX5m099192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 May 2004 09:20:33 -0700 (PDT) (envelope-from jdp@strings.polstra.com) Received: (from jdp@localhost) by strings.polstra.com (8.12.11/8.12.11/Submit) id i4EGKWgr090888; Fri, 14 May 2004 09:20:32 -0700 (PDT) (envelope-from jdp) Message-ID: X-Mailer: XFMail 1.5.5 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20040513085825.GA72152@ip.net.ua> Date: Fri, 14 May 2004 09:20:32 -0700 (PDT) From: John Polstra To: Ruslan Ermilov X-Bogosity: No, tests=bogofilter, spamicity=0.191596, version=0.14.5 cc: net@freebsd.org Subject: RE: Looking for a Broadcom BCM5704 datasheet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 16:20:34 -0000 On 13-May-2004 Ruslan Ermilov wrote: > > I'm looking for a Broadcom BCM5704[S] technical datasheet. If anyone has > such a beast, or knows how one could obtain it, please let me know. Broadcom only provides them under NDA. John From owner-freebsd-net@FreeBSD.ORG Fri May 14 09:38:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58DB416A4CF; Fri, 14 May 2004 09:38:10 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EC4543D53; Fri, 14 May 2004 09:38:10 -0700 (PDT) (envelope-from ps@mu.org) Received: from [192.168.1.100] (adsl-67-119-10-254.dsl.snfc21.pacbell.net [67.119.10.254]) by elvis.mu.org (Postfix) with ESMTP id 082275C849; Fri, 14 May 2004 09:38:10 -0700 (PDT) Message-ID: <40A4F667.10705@mu.org> Date: Fri, 14 May 2004 09:40:07 -0700 From: Paul Saab User-Agent: Mozilla Thunderbird 0.6+ (Windows/20040430) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ruslan Ermilov References: <20040513085825.GA72152@ip.net.ua> In-Reply-To: <20040513085825.GA72152@ip.net.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: net@FreeBSD.org Subject: Re: Looking for a Broadcom BCM5704 datasheet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 16:38:10 -0000 Ruslan Ermilov wrote: >Dear networkers, > >I'm looking for a Broadcom BCM5704[S] technical datasheet. If anyone has >such a beast, or knows how one could obtain it, please let me know. > > > As john pointed out, you can only get this under NDA from broadcom. What exactly are you trying to solve? I have the latest documentation so I may be able to help you, but I can't give you the docs. From owner-freebsd-net@FreeBSD.ORG Fri May 14 10:12:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20C1C16A4CE for ; Fri, 14 May 2004 10:12:57 -0700 (PDT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC8D643D49 for ; Fri, 14 May 2004 10:12:55 -0700 (PDT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i4EHHoxl035428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 May 2004 20:17:52 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i4EHCmX9058909; Fri, 14 May 2004 20:12:48 +0300 (EEST) (envelope-from ru) Date: Fri, 14 May 2004 20:12:47 +0300 From: Ruslan Ermilov To: Paul Saab Message-ID: <20040514171247.GA58871@ip.net.ua> References: <20040513085825.GA72152@ip.net.ua> <40A4F667.10705@mu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline In-Reply-To: <40A4F667.10705@mu.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: net@freebsd.org Subject: Re: Looking for a Broadcom BCM5704 datasheet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 17:12:57 -0000 --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 14, 2004 at 09:40:07AM -0700, Paul Saab wrote: > Ruslan Ermilov wrote: >=20 > >Dear networkers, > > > >I'm looking for a Broadcom BCM5704[S] technical datasheet. If anyone has > >such a beast, or knows how one could obtain it, please let me know. > > > >=20 > > > As john pointed out, you can only get this under NDA from broadcom. =20 > What exactly are you trying to solve? I have the latest documentation=20 > so I may be able to help you, but I can't give you the docs. >=20 We hoped that with dual-channel NIC we could be able to just move the received frame from one port for TX on another port, to overcome the 32-bit PCI bus speed limitation, to get better thoroughput with GigE. Bill Paul already explained in private that they are actually two distinct SRAMs, and the operation we needed is not supported (without PCI involved). Thanks to everyone who replied! Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFApP4PUkv4P6juNwoRAsIRAJ904rP2xUdV1nHwfVW02sQZJv3XgQCggtH/ 71Um7vkhlVQ7QDgc/kPCon0= =wpw3 -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+-- From owner-freebsd-net@FreeBSD.ORG Fri May 14 10:25:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7381C16A4CE for ; Fri, 14 May 2004 10:25:36 -0700 (PDT) Received: from europa.lunarpages.com (europa.lunarpages.com [64.235.234.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id A983A43D5F for ; Fri, 14 May 2004 10:25:35 -0700 (PDT) (envelope-from russ@500records.com) Received: from cpanel by europa.lunarpages.com with local (Exim 4.34) id 1BOgUS-0005hN-Rt for freebsd-net@freebsd.org; Fri, 14 May 2004 10:28:56 -0700 Received: from 64.1.168.26 ([64.1.168.26]) by 500records.com (IMP) with HTTP for ; Fri, 14 May 2004 10:28:56 -0700 Message-ID: <1084555736.40a501d8c3528@500records.com> Date: Fri, 14 May 2004 10:28:56 -0700 From: russ@500records.com To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 64.1.168.26 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - europa.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [32001 502] / [47 12] X-AntiAbuse: Sender Address Domain - 500records.com X-Source: X-Source-Args: X-Source-Dir: Subject: Transparent Bridging Admin Interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 17:25:36 -0000 Hi folks, I was searching the through the archives and found this question which seams to be describing a similar problem I am having, I did not find a reply or answer to it though. So I would like to ask the question again as it seams to very close to mine and I would imagine it must be resolveable, probably through a simple configuration or patch… See the link below for the original post. http://lists.freebsd.org/pipermail/freebsd-net/2003-December/002109.html I have set up Transparent Bridging and IPFW on a server by compiling support into the Kernel as described in the FreeBSD handbook and other FreeBSD tutorials, no frills just the basics… 2 interfaces, no IPs, passing traffic with the firewall wide open by default. I configured the machine over ssh before I stuck it on the network via a third interface that has an IP from the LAN the machine is bridging. When I put the bridge onto the network, it works perfectly, passing all packets both ways through the open firewall, but the third interface, the admin one with an ip on my network stops working… just like describe in the original post… Oh yea... FreeBSD 5.2.1 P4 1.4ghz 512Ram 2x3com (bridge) nics 1xrealtek (admin interface w/ ip) It must be some sort of logical loop bug!!! Anybody have any ideas, thanks, Russ From owner-freebsd-net@FreeBSD.ORG Fri May 14 12:22:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C01716A4CE; Fri, 14 May 2004 12:22:10 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id C31E443D31; Fri, 14 May 2004 12:22:08 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Fri, 14 May 2004 15:22:07 -0400 Message-ID: From: Don Bowman To: 'Ruslan Ermilov' , Paul Saab Date: Fri, 14 May 2004 15:22:06 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" cc: net@freebsd.org Subject: RE: Looking for a Broadcom BCM5704 datasheet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2004 19:22:10 -0000 From: Ruslan Ermilov [mailto:ru@freebsd.org] > On Fri, May 14, 2004 at 09:40:07AM -0700, Paul Saab wrote: > > Ruslan Ermilov wrote: > > > > >Dear networkers, > > > > > >I'm looking for a Broadcom BCM5704[S] technical datasheet. > If anyone has > > >such a beast, or knows how one could obtain it, please let me know. > > > > > > > > > > > As john pointed out, you can only get this under NDA from > broadcom. > > What exactly are you trying to solve? I have the latest > documentation > > so I may be able to help you, but I can't give you the docs. > > > We hoped that with dual-channel NIC we could be able to just move > the received frame from one port for TX on another port, to overcome > the 32-bit PCI bus speed limitation, to get better thoroughput with > GigE. Bill Paul already explained in private that they are actually > two distinct SRAMs, and the operation we needed is not supported > (without PCI involved). > I believe it is 64-bit 133MHz PCI-X. From owner-freebsd-net@FreeBSD.ORG Sat May 15 06:43:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B86C916A4CE; Sat, 15 May 2004 06:43:54 -0700 (PDT) Received: from webmail.tiscali.de (relay1.tiscali.de [62.26.116.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id C342143D48; Sat, 15 May 2004 06:43:49 -0700 (PDT) (envelope-from walter@pelissero.de) Received: from daemon.home.loc (62.246.21.235) by webmail.tiscali.de (6.7.019) id 40A272C2001331B6; Sat, 15 May 2004 15:43:48 +0200 Received: from hyde.home.loc (hyde.home.loc [10.0.0.2]) by daemon.home.loc (8.12.11/8.12.8) with ESMTP id i4FDgmTe000434; Sat, 15 May 2004 15:42:49 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: from hyde.home.loc (localhost [127.0.0.1]) by hyde.home.loc (8.12.10/8.12.8) with ESMTP id i4FDhIbo018090; Sat, 15 May 2004 15:43:18 +0200 (CEST) (envelope-from wcp@hyde.home.loc) Received: (from wcp@localhost) by hyde.home.loc (8.12.10/8.12.6/Submit) id i4FDhIeM018087; Sat, 15 May 2004 15:43:18 +0200 (CEST) (envelope-from wcp) From: "Walter C. Pelissero" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16550.7798.333149.997514@hyde.home.loc> Date: Sat, 15 May 2004 15:43:18 +0200 To: John Mills In-Reply-To: References: <16548.42814.515842.247302@hyde.home.loc> X-Mailer: VM 7.16 under Emacs 21.3.50.1 X-Attribution: WP X-For-Spammers: blacklistme@pelissero.de cc: freebsd-net@freebsd.org cc: FreeBSD-questions Subject: Re: Dlink DSL router doesn't like FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: walter@pelissero.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 May 2004 13:43:55 -0000 John Mills writes: > First, are you coming into your LAN from outside, or going outwards? Either ways. > If it's an outgoing-connection problem, I would look into the > firewall setting of the FBSD box. Maybe you set didn't set it up to > pass the ports for outgoing telnet and ssh, or maybe you shut off > the replies on those same ports. Not as far as I know. I personally took care of the installation. *Intra*net traffic works seamlessly, between the two FreeBSD boxes, though. > Try plugging the WindowBox into another of the router's ports, then > use PuTTY to telnet and ssh into your FBSD box (using it's LAN > address, naturally). If that works, the problem is definitely the > router, but possibly a setup issue. Especially since telnet is > also involved. (Many people disable incoming telnet, for security > reasons.) I haven't tried PuTTY internally (from Windoze to FreeBSD). I won't be able to do that test during the weekend as I'm currently about 500 miles away from that LAN. I'll keep you posted, though. > When you have intra-LAN access working, look into port forwarding in the > router's setup: you want incoming traffic from the ports used by ssh and > (if you enable it) telnet to be sent to the LAN address of your FBSD box. Did it. If I didn't, I suppose ssh wouldn't go that far in the login process. As suggested by Konrad Heuer I gathered further data with -v options of ssh and tcpdump. As suggested by Vladimir Terziev i ran ssh using protocol 1 only and disabling X11 forwarding. Here is the command line: ssh -vvv -x -1 -4 that.bloody.address from my machine at home to the dynamic IP address of that router which is configured to forward port 22 to the FreeBSD box. Here is the log: OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to that.bloody.address [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /usr/home/wcp/.ssh/identity type 0 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p1 FreeBSD-20030924 debug1: match: OpenSSH_3.6.1p1 FreeBSD-20030924 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.6.1p1 FreeBSD-20030924 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts2 debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2 debug3: check_host_in_hostfile: filename /usr/home/wcp/.ssh/known_hosts debug3: check_host_in_hostfile: match line 31 debug1: Host 'that.bloody.address' is known and matches the RSA1 host key. debug1: Found key in /usr/home/wcp/.ssh/known_hosts:31 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug2: cipher_init: set keylen (16 -> 32) debug2: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying RSA authentication with key '/usr/home/wcp/.ssh/identity' debug1: Server refused our key. debug1: Doing challenge response authentication. Password: Response: [I just type return] debug1: Doing password authentication. me@that.bloody.address's password: [I type the password] debug1: Requesting pty. debug3: tty_make_modes: ospeed 38400 debug3: tty_make_modes: ispeed 38400 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 127 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 255 debug3: tty_make_modes: 7 255 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 17 8 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 1 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 1 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug2: fd 3 setting TCP_NODELAY debug1: Requesting shell. debug1: Entering interactive session. [Hung. No input or output and no way to kill the process with a simple ^C, but if a type something this blinks my modem Tx led.] Killed by signal 15. [I gave up and killed the process from another tty. ] debug1: Calling cleanup 0x804c7a4(0x0) Looks to me that all the handshaking has been carried as expected, but once the interactive session is established the traffic doesn't get through. The output of tcpdump -vv of that session (which I'm not able to decipher) has been: 23:52:20.510104 hyde.home.loc.50315 > daemon.home.loc.domain: [udp sum ok] 48558+ A? that.bloody.address. (33) (ttl 64, id 3105, len 61) 23:52:20.825634 daemon.home.loc.domain > hyde.home.loc.50315: 48558 q: A? that.bloody.address. 1/3/3 that.bloody.address.[|domain] (ttl 64, id 24735, len 194) 23:52:20.826508 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: S [tcp sum ok] 439582340:439582340(0) win 65535 (DF) (ttl 64, id 3106, len 60) 23:52:21.054747 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: S [tcp sum ok] 4223415736:4223415736(0) ack 439582341 win 65535 (DF) (ttl 54, id 884, len 60) 23:52:21.054919 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: . [tcp sum ok] 1:1(0) ack 1 win 32947 (DF) (ttl 64, id 3107, len 52) 23:52:21.234712 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P 1:43(42) ack 1 win 32947 (DF) (ttl 54, id 885, len 94) 23:52:21.235617 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 1:42(41) ack 43 win 32947 (DF) (ttl 64, id 3108, len 93) 23:52:21.449716 hyde.home.loc.50316 > daemon.home.loc.domain: [udp sum ok] 41402+ PTR? 1.0.0.10.in-addr.arpa. (39) (ttl 64, id 3109, len 67) 23:52:21.450467 daemon.home.loc.domain > hyde.home.loc.50316: 41402* q: PTR? 1.0.0.10.in-addr.arpa. 1/1/0 1.0.0.10.in-addr.arpa. PTR[|domain] (ttl 64, id 24736, len 114) 23:52:21.451106 hyde.home.loc.50317 > daemon.home.loc.domain: [udp sum ok] 41403+ PTR? 2.0.0.10.in-addr.arpa. (39) (ttl 64, id 3110, len 67) 23:52:21.451736 daemon.home.loc.domain > hyde.home.loc.50317: 41403* q: PTR? 2.0.0.10.in-addr.arpa. 1/1/0 2.0.0.10.in-addr.arpa. PTR[|domain] (ttl 64, id 24737, len 112) 23:52:21.452417 hyde.home.loc.50318 > daemon.home.loc.domain: [udp sum ok] 41404+ PTR? 76.182.42.151.in-addr.arpa. (44) (ttl 64, id 3111, len 72) 23:52:21.455887 daemon.home.loc.domain > hyde.home.loc.50318: 41404 q: PTR? 76.182.42.151.in-addr.arpa. 1/13/13 76.182.42.151.in-addr.arpa.[|domain] (ttl 64, id 24740, len 536) 23:52:21.515011 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P 43:319(276) ack 42 win 32947 (DF) (ttl 54, id 886, len 328) 23:52:21.521659 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 42:198(156) ack 319 win 32947 (DF) (ttl 64, id 3112, len 208) 23:52:21.784724 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 319:331(12) ack 198 win 32947 (DF) (ttl 54, id 887, len 64) 23:52:21.785512 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 198:218(20) ack 331 win 32947 (DF) (ttl 64, id 3113, len 72) 23:52:21.974680 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 331:343(12) ack 218 win 32947 (DF) (ttl 54, id 889, len 64) 23:52:21.975378 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 218:358(140) ack 343 win 32947 (DF) (ttl 64, id 3114, len 192) 23:52:22.184705 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 343:355(12) ack 358 win 32947 (DF) (ttl 54, id 890, len 64) 23:52:22.185295 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 358:370(12) ack 355 win 32947 (DF) (ttl 64, id 3115, len 64) 23:52:22.374759 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 355:383(28) ack 370 win 32947 (DF) (ttl 54, id 891, len 80) 23:52:22.467999 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: . [tcp sum ok] 370:370(0) ack 383 win 32947 (DF) (ttl 64, id 3116, len 52) 23:52:27.963242 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 370:422(52) ack 383 win 32947 (DF) (ttl 64, id 3117, len 104) 23:52:28.144856 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 383:395(12) ack 422 win 32947 (DF) (ttl 54, id 892, len 64) 23:52:28.149515 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P 422:570(148) ack 395 win 32947 (DF) (ttl 64, id 3118, len 200) 23:52:28.374885 adsl-ull-76-182.42-151.net24.it.ssh > hyde.home.loc.49531: P [tcp sum ok] 395:407(12) ack 570 win 32947 (DF) (ttl 54, id 893, len 64) 23:52:28.375581 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3119, len 64) 23:52:28.958093 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3120, len 64) 23:52:29.938112 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3121, len 64) 23:52:31.698130 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3122, len 64) 23:52:35.018187 hyde.home.loc.49531 > adsl-ull-76-182.42-151.net24.it.ssh: P [tcp sum ok] 570:582(12) ack 407 win 32947 (DF) [tos 0x10] (ttl 64, id 3123, len 64) > Tschuess. Charming, but I'm not German. :-) Cheers, -- walter pelissero http://www.pelissero.de From owner-freebsd-net@FreeBSD.ORG Sat May 15 11:22:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F43116A4CE; Sat, 15 May 2004 11:22:01 -0700 (PDT) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36B9E43D45; Sat, 15 May 2004 11:22:00 -0700 (PDT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.12.9p2/8.12.9) with ESMTP id i4FILw3F092103; Sat, 15 May 2004 22:21:58 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.12.9p2/8.12.9/Submit) id i4FILvqB092102; Sat, 15 May 2004 22:21:57 +0400 (MSD) (envelope-from yar) Date: Sat, 15 May 2004 22:21:57 +0400 From: Yar Tikhiy To: arch@freebsd.org, net@freebsd.org Message-ID: <20040515182157.GB89625@comp.chem.msu.su> References: <20040508034514.GA937@grosbein.pp.ru> <20040508132354.GB44214@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040508132354.GB44214@comp.chem.msu.su> User-Agent: Mutt/1.5.6i cc: Eugene Grosbein Subject: Re: bin/65928: [PATCH] stock ftpd uses superuser credentials for active mode sockets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 May 2004 18:22:01 -0000 Hi folks, Attached below is a patch addressing the issue of the inability to reuse a local IP:port couple occupied by an established TCP connection from another user, but by no listeners. Could anybody with fair understanding of our TCP/IP stack review it please? Thanks. -- Yar Index: in_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.146 diff -u -p -r1.146 in_pcb.c --- in_pcb.c 23 Apr 2004 23:29:49 -0000 1.146 +++ in_pcb.c 15 May 2004 17:37:18 -0000 @@ -340,6 +340,8 @@ in_pcbbind_setup(inp, nam, laddrp, lport return (EADDRINUSE); } else if (t && + (so->so_type != SOCK_STREAM || + ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || ntohl(t->inp_laddr.s_addr) != INADDR_ANY || (t->inp_socket->so_options & From owner-freebsd-net@FreeBSD.ORG Sat May 15 22:15:05 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6D6216A4CE for ; Sat, 15 May 2004 22:15:05 -0700 (PDT) Received: from hotmail.com (bay9-f16.bay9.hotmail.com [64.4.47.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D04E43D1D for ; Sat, 15 May 2004 22:15:05 -0700 (PDT) (envelope-from bn_me@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 15 May 2004 22:15:04 -0700 Received: from 24.201.17.137 by by9fd.bay9.hotmail.msn.com with HTTP; Sun, 16 May 2004 05:15:04 GMT X-Originating-IP: [24.201.17.137] X-Originating-Email: [bn_me@hotmail.com] X-Sender: bn_me@hotmail.com From: "Brian Nguyen" To: freebsd-net@freebsd.org Date: Sun, 16 May 2004 01:15:04 -0400 Message-ID: X-OriginalArrivalTime: 16 May 2004 05:15:04.0373 (UTC) FILETIME=[BF026650:01C43B04] MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: WPA-PSK and FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 May 2004 05:15:05 -0000 I'm wondering if anyone has a Wi-Fi working with WPA-PSK (using TKIP)? My current setup is a basic x86 setup, etc, with a D-Link 802.11g router and a DWL-G650 802.11 Cardbus Adapter. WPA-PSK works fine in Windows. Anyone have any information regarding FreeBSD's support for WPA-PSK, links, etc., would be helpful... Just even a general answer of "Yes, FreeBSD supports WPA-PSK, and for that adapter" would be great. Currently, the only thing I'm googling are 1 year old about the developers trying to get it to work. How's the progress? Linux isn't doing too well either with it... Thanks! Any other BSD's support WPA-PSK (TKIP)? Brian _________________________________________________________________ Open your e-mail without having to worry about viruses [1]With MSN Premium Get 2 Months FREE* References 1. http://g.msn.com/8HMBENCA/2737??PS=47575 From owner-freebsd-net@FreeBSD.ORG Sat May 15 22:27:15 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AA3416A4CE for ; Sat, 15 May 2004 22:27:15 -0700 (PDT) Received: from mail.dragondata.com (server2-b.dragondata.com [64.202.113.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49A4243D46 for ; Sat, 15 May 2004 22:27:14 -0700 (PDT) (envelope-from toasty@dragondata.com) Received: (qmail 75027 invoked by uid 1092); 16 May 2004 05:29:49 -0000 Received: from toasty@dragondata.com by server2.dragondata.com by uid 82 with qmail-scanner-1.20rc3 (uvscan: v4.2.40/v4296. spamassassin: 2.60-cvs. Clear:RC:1:. Processed in 2.971648 secs); 16 May 2004 05:29:49 -0000 Received: from ppp045.dhcp.your.org (HELO ?199.165.179.45?) (199.165.179.45) by mail.dragondata.com with RC4-SHA encrypted SMTP; 16 May 2004 05:29:46 -0000 Mime-Version: 1.0 (Apple Message framework v613) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-net@freebsd.org From: Kevin Day Date: Sun, 16 May 2004 00:27:48 -0500 X-Mailer: Apple Mail (2.613) Subject: Sendfile performance regression from 4.x to 5.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 May 2004 05:27:15 -0000 We've got two nearly identically configured servers, serving the exact same load. Quick config: Dual P4 2.8Ghz with HTT enabled, 2GB RAM ahc SCSI adapter, with 4 drives in a vinum RAID5 config Dual bge gigabit network cards Server 1 is running 4.8 Server 2 is running 5.2.1 Other than OS version, everything is identical for all practical purposes. I'm running thttpd with USE_SENDFILE enabled. Both servers are receiving approximately equal numbers of requests to download some large files. (5MB to 200MB) Server 1 can easily push 300-500mbps. I'm pretty sure it could go higher, we just run into bandwidth limits at that point. With the caps removed, we've hit 800mbps for a short while. Server 2 seems to cap out around 80mbps, with thttpd spending most of it's time in "Giant" or "kqueue" according to top, the CPU around 90% idle. What's really strange is that right when thttpd starts up on 5.2, it will start sending 200mbps or higher for the first 10-15 minutes, and then start tapering off back down to 80mbps. It doesn't look like a thttpd bug, since it seems to work flawlessly on 4.x. I know a lot of work is being done on locking, sendfile and kqueue fun, so I'm not complaining. I just wanted someone to know this was happening, and hopefully have someone point out something obvious I'm missing that could be causing this... Anyone run into this before? -- Kevin